typeclaw 0.37.4 → 0.37.6

package/src/hostd/paths.ts

@@ -1,6 +1,9 @@
+import { createHash } from 'node:crypto'
 import { chmod, mkdir } from 'node:fs/promises'
-import { homedir } from 'node:os'
-import { join } from 'node:path'
+import { homedir, userInfo } from 'node:os'
+import { join, resolve } from 'node:path'
+
+import { isWindows } from '@/shared'
 
 // Fixed in-container path where the host daemon's run dir is bind-mounted.
 // The agent uses this to reach the host daemon (e.g. for the `restart` tool).
@@ -33,9 +36,26 @@ export function logDir(): string {
 }
 
 export function socketPath(): string {
+  if (isWindows()) return windowsPipePath()
   return join(runDir(), SOCKET_FILE)
 }
 
+function windowsPipePath(): string {
+  const uid =
+    typeof process.getuid === 'function'
+      ? `uid:${process.getuid()}`
+      : `user:${process.env.USERDOMAIN ?? ''}\\${userInfo().username}`
+  // Locale-invariant lowercasing: toLocaleLowerCase under e.g. tr-TR would map
+  // 'I' to a dotless 'ı', hashing the same path differently per process locale.
+  const scopedHome = resolve(homeRoot()).toLowerCase()
+  const hash = createHash('sha256').update(`${uid}\0${scopedHome}`).digest('hex').slice(0, 32)
+
+  // Node's net named-pipe API has no portable ACL hook. TypeClaw accepts that
+  // under the single-tenant dev-box model; the per-user/per-home pipe name keeps
+  // the pipe scoped, while the separate HTTP leg remains restart/secrets-only.
+  return `\\\\.\\pipe\\typeclaw-hostd-${hash}`
+}
+
 export function pidfilePath(): string {
   return join(runDir(), 'hostd.pid')
 }

package/src/hostd/spawn.ts

@@ -1,6 +1,8 @@
 import { existsSync } from 'node:fs'
 import { open, readFile, unlink, writeFile } from 'node:fs/promises'
 
+import { isWindows } from '@/shared'
+
 import { isDaemonReachable, send } from './client'
 import { ensureDirs, lockfilePath, logfilePath, pidfilePath, socketPath } from './paths'
 import type { HttpInfoResult, VersionResult } from './protocol'
@@ -75,6 +77,11 @@ async function requestShutdownAndWait(): Promise<boolean> {
   if (!reply.ok) return false
   const deadline = Date.now() + SHUTDOWN_TIMEOUT_MS
   while (Date.now() < deadline) {
+    if (isWindows()) {
+      if (!(await isDaemonReachable(POLL_INTERVAL_MS))) return true
+      await sleep(POLL_INTERVAL_MS)
+      continue
+    }
     if (!existsSync(socketPath())) return true
     await sleep(POLL_INTERVAL_MS)
   }

package/src/init/dockerfile.ts

@@ -358,9 +358,9 @@ set -eu
 # The persist root lives under /agent/.typeclaw/home/ (bind-mounted
 # from the agent folder via the -v <cwd>:/agent flag in start.ts).
 # Namespacing under .typeclaw/ keeps the agent's top-level layout clean and reserves
-# a system-owned subtree we can extend later (e.g. ~/.gemini/,
-# ~/.config/<tool>/) without colliding with user files. The directory
-# is gitignored by buildGitignore() so credentials never enter history.
+# a system-owned subtree we can extend later (e.g. ~/.gemini/) without
+# colliding with user files. The directory is gitignored by buildGitignore()
+# so credentials never enter history.
 #
 # Three invariants this function enforces:
 #
@@ -372,11 +372,11 @@ set -eu
 #    if a previous container life happened to write a real ~/.codex/
 #    dir before this code shipped.
 #
-# 2. We symlink the FILE, not the directory. Codex writes other state
-#    to ~/.codex/ over time (history.jsonl, log/, config.toml). Linking
-#    only auth.json keeps the persistence scope tight to credentials;
-#    history/logs stay ephemeral by design. Future credentials get
-#    added file-by-file here, not by widening to a directory link.
+# 2. We symlink credential FILES for tools whose config dirs are mostly
+#    scratch/history (Codex, Claude). We do not redirect global config
+#    locations such as XDG_CONFIG_HOME or ~/.config here because tools like
+#    git also read config from those paths; first-party bundles that need
+#    persistence should set their own app-specific env vars instead.
 #
 # 3. We mkdir -p the target's parent on every boot. /agent is bind-
 #    mounted, so the host-side path may exist or not depending on
@@ -1264,6 +1264,9 @@ ${fromAndHeavyLayers}
 
 ENV NODE_ENV=production
 
+# Persist first-party GWS config without changing global XDG/git config lookup.
+ENV GWS_CONFIG_HOME=/agent/workspace/.config/gws
+
 # Keep agent-messenger's fallback config dir inside workspace/ for any future
 # SDK fallback paths. TypeClaw's KakaoTalk adapter does not write there:
 # credentials live in secrets.json#channels.kakaotalk and container writes go

package/src/init/kakaotalk-auth.ts

@@ -1,4 +1,4 @@
-import { join, resolve } from 'node:path'
+import { join, posix, resolve } from 'node:path'
 
 import { loginFlow as upstreamLoginFlow } from 'agent-messenger/kakaotalk'
 
@@ -34,7 +34,7 @@ export type LoginFlowOptions = Parameters<LoginFlowFn>[0]
 export type LoginFlowResult = Awaited<ReturnType<LoginFlowFn>>
 
 export function kakaotalkConfigDir(agentDir: string): string {
-  return join(agentDir, 'workspace', '.agent-messenger')
+  return posix.join(agentDir, 'workspace', '.agent-messenger')
 }
 
 export function kakaotalkSecretsPath(agentDir: string): string {

package/src/init/packagejson.ts

@@ -1,6 +1,6 @@
 import { existsSync } from 'node:fs'
 import { mkdir, readFile, writeFile } from 'node:fs/promises'
-import { join } from 'node:path'
+import { join, posix } from 'node:path'
 
 import { GITKEEP_FILE, PACKAGES_DIR } from './paths'
 
@@ -33,7 +33,7 @@ export async function refreshPackageJson(cwd: string): Promise<PackageJsonRefres
     if (updated) changed.push(PACKAGE_FILE)
   }
 
-  const gitkeepRel = join(PACKAGES_DIR, GITKEEP_FILE)
+  const gitkeepRel = posix.join(PACKAGES_DIR, GITKEEP_FILE)
   const gitkeepPath = join(cwd, gitkeepRel)
   if (!existsSync(gitkeepPath)) {
     await mkdir(join(cwd, PACKAGES_DIR), { recursive: true })

package/src/plugin/loader.ts

@@ -61,8 +61,7 @@ async function loadLocal(entry: string, agentDir: string): Promise<ResolvedPlugi
   if (!existsSync(resolved)) {
     throw new PluginNotFoundError(entry, `plugin path does not exist: ${entry} (resolved to ${resolved})`)
   }
-  const url = pathToFileURL(resolved).href
-  const mod = (await import(url)) as { default?: unknown }
+  const mod = (await import(toModuleSpecifier(resolved))) as { default?: unknown }
   const defined = expectDefined(mod, entry)
   const name = basename(resolved).replace(/\.(ts|tsx|js|mjs|cjs)$/i, '')
   return { name, version: undefined, source: entry, defined }
@@ -108,10 +107,10 @@ async function loadNpm(entry: string, agentDir: string): Promise<ResolvedPlugin>
   // located on disk; the else branch lets Bun's resolver read `exports` maps.
   let importTarget: string
   if (entryPath !== null) {
-    importTarget = pathToFileURL(entryPath).href
+    importTarget = toModuleSpecifier(entryPath)
   } else {
     try {
-      importTarget = Bun.resolveSync(packageName, agentDir)
+      importTarget = toModuleSpecifier(Bun.resolveSync(packageName, agentDir))
     } catch (err) {
       throw new PluginNotFoundError(entry, `cannot resolve plugin "${entry}": ${describeError(err)}`, { cause: err })
     }
@@ -151,6 +150,10 @@ function describeError(err: unknown): string {
   return err instanceof Error ? err.message : String(err)
 }
 
+function toModuleSpecifier(target: string): string {
+  return isAbsolute(target) ? pathToFileURL(target).href : target
+}
+
 function findPackageJson(entry: string, agentDir: string): string | null {
   const PACKAGE_JSON = 'package.json'
   let cur = agentDir

package/src/sandbox/session-tmp.ts

@@ -1,5 +1,10 @@
 import { mkdir } from 'node:fs/promises'
-import { isAbsolute, join, relative, resolve } from 'node:path'
+import { posix } from 'node:path'
+
+// Container-only code over the POSIX `/tmp`; pinned to `path.posix` so the test
+// suite produces the same backing paths on a win32 runner (default `node:path`
+// would yield `\tmp\…` and diverge from the Linux runtime).
+const { isAbsolute, join, relative, resolve } = posix
 
 // Per-session scratch lives on the REAL container /tmp, namespaced by session id.
 // It sits OUTSIDE the agent folder on purpose: the agent folder's `sessions/` is

package/src/secrets/export-claude-credentials-file.ts

@@ -9,7 +9,7 @@ import {
   writeFileSync,
 } from 'node:fs'
 import { homedir } from 'node:os'
-import { dirname, isAbsolute, join, resolve } from 'node:path'
+import { dirname, isAbsolute, join, posix, resolve } from 'node:path'
 
 import { decodeClaudeAccessTokenExpiryMs, emitClaudeCredentialsJson } from './claude-credentials-json'
 import type { ProviderCredential, Providers } from './schema'
@@ -19,7 +19,7 @@ const FILE_MODE = 0o600
 const DIR_MODE = 0o700
 export const CLAUDE_CREDENTIALS_FILE_NAME = '.credentials.json'
 export const CLAUDE_DEFAULT_CONFIG_DIR_NAME = '.claude'
-export const CLAUDE_CREDENTIALS_RELATIVE_PATH = join(CLAUDE_DEFAULT_CONFIG_DIR_NAME, CLAUDE_CREDENTIALS_FILE_NAME)
+export const CLAUDE_CREDENTIALS_RELATIVE_PATH = posix.join(CLAUDE_DEFAULT_CONFIG_DIR_NAME, CLAUDE_CREDENTIALS_FILE_NAME)
 
 export type ExportClaudeCredentialsFileResult =
   | { action: 'skipped'; reason: SkipReason }