arkclaw-webchat-cli 0.3.0__tar.gz → 0.5.0__tar.gz

{arkclaw_webchat_cli-0.3.0 → arkclaw_webchat_cli-0.5.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: arkclaw-webchat-cli
-Version: 0.3.0
+Version: 0.5.0
 Summary: CLI to chat with an ArkClaw EE space's Claw over enterprise SSO — zero permanent AK/SK.
 Author: ArkClaw Team
 Keywords: arkclaw,cli,ee,openclaw,sso,sts
@@ -40,7 +40,7 @@ arkclaw chat ci-xxxxxxxx
 ## What it can do
 
 - **Log in as you** — browser SSO (PKCE), short-lived token, auto-refresh. No AK/SK, no client secret, nothing permanent on disk but a token in your OS keychain.
-- **List your agents** — `arkclaw agents` shows the claws you can chat with.
+- **List your agents** — `arkclaw agents` shows the claws you've chatted with (kept locally; add one with `arkclaw chat ci-...`).
 - **Chat** — interactive REPL or one-shot `-m`, streaming token-by-token, with a live "what's it doing" spinner and tool-event trace.
 - **Talk to a specific claw** — by id (`chat ci-...`) or by name (`chat 答疑助手`).
 - **Manage a claw's files** — read/write its managed workspace files (`AGENTS.md`, `SOUL.md`, `MEMORY.md`, …) with `ls` / `pull` / `push`.
@@ -77,7 +77,7 @@ arkclaw init
 # 1. log in (a browser opens; sign in with SSO)
 arkclaw login
 
-# 2. see which claws you can talk to
+# 2. list the claws you've used (empty at first — you add them by chatting)
 arkclaw agents
 
 # 3. chat — interactive…
@@ -99,7 +99,7 @@ straight to `arkclaw login https://your-space...`. See **[Configuration](#config
 |---|---|
 | `arkclaw init [address]` | One-time interactive setup. Saves the address + (only what isn't auto-discovered) the CLI client and STS role to `~/.arkclaw/defaults.json`, so later commands need no env/flags. |
 | `arkclaw login [space-url]` | Browser SSO login. Uses `init` defaults if you omit the URL. `--transport a2a --endpoint <url>` for an agent endpoint. `--clawid ci-...` sets a default claw. Bare `arkclaw login` re-logs into the previous space. |
-| `arkclaw agents` | List the claws/agents you can chat with. |
+| `arkclaw agents` | List the claws you've used from this machine (local history, newest first) + your default claw. Add a claw by chatting it once (`arkclaw chat ci-...`). Not a space-wide directory. |
 | `arkclaw chat [TARGET] [MSG]` | Chat. `TARGET` = a claw id (`ci-...`), an agent name (from `agents`), or a profile. With `MSG` → one-shot; without → interactive REPL. `-f` attach files, `-o` write the reply, `--session NAME` name the conversation, `--approve-all` auto-approve tool runs. |
 | `arkclaw <name>` | Shortcut: `arkclaw 答疑助手` ≡ `arkclaw chat 答疑助手`. |
 | `arkclaw ls` | List the claw's managed workspace files. |

{arkclaw_webchat_cli-0.3.0 → arkclaw_webchat_cli-0.5.0}/README.md

@@ -16,7 +16,7 @@ arkclaw chat ci-xxxxxxxx
 ## What it can do
 
 - **Log in as you** — browser SSO (PKCE), short-lived token, auto-refresh. No AK/SK, no client secret, nothing permanent on disk but a token in your OS keychain.
-- **List your agents** — `arkclaw agents` shows the claws you can chat with.
+- **List your agents** — `arkclaw agents` shows the claws you've chatted with (kept locally; add one with `arkclaw chat ci-...`).
 - **Chat** — interactive REPL or one-shot `-m`, streaming token-by-token, with a live "what's it doing" spinner and tool-event trace.
 - **Talk to a specific claw** — by id (`chat ci-...`) or by name (`chat 答疑助手`).
 - **Manage a claw's files** — read/write its managed workspace files (`AGENTS.md`, `SOUL.md`, `MEMORY.md`, …) with `ls` / `pull` / `push`.
@@ -53,7 +53,7 @@ arkclaw init
 # 1. log in (a browser opens; sign in with SSO)
 arkclaw login
 
-# 2. see which claws you can talk to
+# 2. list the claws you've used (empty at first — you add them by chatting)
 arkclaw agents
 
 # 3. chat — interactive…
@@ -75,7 +75,7 @@ straight to `arkclaw login https://your-space...`. See **[Configuration](#config
 |---|---|
 | `arkclaw init [address]` | One-time interactive setup. Saves the address + (only what isn't auto-discovered) the CLI client and STS role to `~/.arkclaw/defaults.json`, so later commands need no env/flags. |
 | `arkclaw login [space-url]` | Browser SSO login. Uses `init` defaults if you omit the URL. `--transport a2a --endpoint <url>` for an agent endpoint. `--clawid ci-...` sets a default claw. Bare `arkclaw login` re-logs into the previous space. |
-| `arkclaw agents` | List the claws/agents you can chat with. |
+| `arkclaw agents` | List the claws you've used from this machine (local history, newest first) + your default claw. Add a claw by chatting it once (`arkclaw chat ci-...`). Not a space-wide directory. |
 | `arkclaw chat [TARGET] [MSG]` | Chat. `TARGET` = a claw id (`ci-...`), an agent name (from `agents`), or a profile. With `MSG` → one-shot; without → interactive REPL. `-f` attach files, `-o` write the reply, `--session NAME` name the conversation, `--approve-all` auto-approve tool runs. |
 | `arkclaw <name>` | Shortcut: `arkclaw 答疑助手` ≡ `arkclaw chat 答疑助手`. |
 | `arkclaw ls` | List the claw's managed workspace files. |

{arkclaw_webchat_cli-0.3.0 → arkclaw_webchat_cli-0.5.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "arkclaw-webchat-cli"
-version = "0.3.0"
+version = "0.5.0"
 description = "CLI to chat with an ArkClaw EE space's Claw over enterprise SSO — zero permanent AK/SK."
 readme = "README.md"
 requires-python = ">=3.10"

{arkclaw_webchat_cli-0.3.0 → arkclaw_webchat_cli-0.5.0}/src/ee_claw/flows.py

@@ -11,7 +11,6 @@ and every error is a typed :class:`~ee_claw.errors.ArkclawError`.
 from __future__ import annotations
 
 import asyncio
-import dataclasses
 import json
 import os
 import pathlib
@@ -91,6 +90,30 @@ def _openclaw_creds(cfg: SessionConfig, id_token: str | None) -> dict[str, str]:
     return assume_role_with_oidc(str(id_token), str(cfg.role_trn), cfg.provider_trn)
 
 
+def _user_identity(id_token: str | None) -> dict[str, str]:
+    """The SSO user's identity from the *verified* id_token, for per-user authz
+    at GetClawInstanceChatToken. When the CLI's STS role is a space *resource*
+    account, the control plane checks these against the claw's owner and denies
+    a non-owner (fail-closed) — so a leaked claw_id can't chat someone else's
+    claw. Read from the token ONLY (never user input), so it can't impersonate."""
+    if not id_token:
+        return {}
+    try:
+        claims = decode_claims(id_token)
+    except ArkclawError:
+        return {}
+    ident: dict[str, str] = {}
+    if claims.get("sub"):
+        ident["UserPoolUserUid"] = str(claims["sub"])
+    if claims.get("email"):
+        ident["Email"] = str(claims["email"])
+    for c in ("union_id", "uid"):
+        if claims.get(c):
+            ident["UnionId"] = str(claims[c])
+            break
+    return ident
+
+
 def _normalize(url: str) -> tuple[str, str]:
     base = (url if "//" in url else "https://" + url).rstrip("/")
     host = urllib.parse.urlparse(base).hostname or ""
@@ -473,6 +496,7 @@ def make_transport(
     *,
     session: str | None = None,
     approver: Approver | None = None,
+    identity: dict[str, str] | None = None,
 ) -> Transport:
     """The target-plane seam: pick the adapter from config, not code. The
     abstract session name is mapped to transport-specific addressing inside
@@ -484,6 +508,7 @@ def make_transport(
             clawid=clawid,
             region=cfg.region,
             creds=creds,
+            identity=identity,
             session_key=session_key_for(session),
             approver=approver,
         )
@@ -668,7 +693,10 @@ def _target_transport(
             hint="请加 --clawid <ci-...>(或 login 时带 --clawid 设默认)。",
         )
     creds = _openclaw_creds(cfg, id_token)
-    return clawid, make_transport(cfg, clawid, creds, session=session, approver=approver)
+    return clawid, make_transport(
+        cfg, clawid, creds, session=session, approver=approver,
+        identity=_user_identity(id_token),
+    )
 
 
 def _save_session_state(cfg: SessionConfig, target: str, session: str | None, transport: Transport) -> None:
@@ -870,11 +898,16 @@ def _ago(ts: object) -> str:
 
 
 def do_agents(emitter: Emitter) -> dict[str, Any]:
-    """``arkclaw agents``: the agents/claws you can chat with — nothing else.
-    openclaw → the claws across your space(s) (space auto-discovered if login
-    didn't pin one); a2a → the agent at the endpoint (its card). Each is
-    recorded so ``chat <name>`` works. Profiles live under ``arkclaw profile``,
-    recent sessions under ``arkclaw sessions``. Human view is tabular."""
+    """``arkclaw agents``: the agents/claws you can chat with.
+
+    openclaw → the claws YOU have used from this machine (kept locally, newest
+    first), plus your default claw. This is deliberately NOT a server-side
+    enumeration of the space — that API returns every member's claws to anyone
+    (no per-user scoping is reachable by the CLI's role), so we don't call it.
+    You add a claw to this list by chatting it once: ``arkclaw chat ci-...``.
+
+    a2a → the agent at the endpoint (its card). Profiles live under ``arkclaw
+    profile``, full conversation history under ``arkclaw sessions``."""
     cfg = config_mod.load_config()
     if not cfg or not cfg.space:
         raise NoLoginError("尚未登录。", hint="先运行: arkclaw login <空间地址>")
@@ -931,73 +964,40 @@ def do_agents(emitter: Emitter) -> dict[str, Any]:
             )
     elif cfg.transport == "openclaw":
         emitter.line(f"★ 当前登录(openclaw)· 空间 {cfg.space}")
-        _, id_token = _load_session()
-        try:
-            creds: dict[str, str] | None = _openclaw_creds(cfg, id_token)
-        except ArkclawError as e:
-            creds = None
-            current["claws_error"] = {"code": e.code, "message": e.message}
-        claws: list[dict[str, Any]] = []
-        if creds is not None:
-            # Which space(s) to list? If login didn't pin a space_id, discover
-            # the user's spaces — so `agents` lists the chat-able claws from the
-            # address alone. Listing may be denied by a least-privilege role.
-            space_ids: list[str] = [str(cfg.space_id)] if cfg.space_id else []
-            if not space_ids:
-                try:
-                    spaces = control.call_action(
-                        "ListClawSpaces", {"ProjectName": "default", "MaxResults": 50},
-                        region=str(cfg.region), creds=creds,
-                    )
-                    assert isinstance(spaces, dict)
-                    space_ids = [
-                        str(s["SpaceId"]) for s in (spaces.get("Spaces") or [])
-                        if isinstance(s, dict) and s.get("SpaceId")
-                    ]
-                    if len(space_ids) == 1:  # cache it so later calls skip discovery
-                        config_mod.save_config(dataclasses.replace(cfg, space_id=space_ids[0]))
-                except ArkclawError as e:
-                    current["claws_error"] = {"code": e.code, "message": e.message}
-            for sid in space_ids:
-                try:
-                    result = redact_obj(control.call_action(
-                        "ListClawInstances",
-                        {"SpaceId": sid, "ProjectName": "default", "MaxResults": 100},
-                        region=str(cfg.region), creds=creds,
-                    ))
-                    assert isinstance(result, dict)
-                    items = result.get("Items") or result.get("ClawInstances") or []
-                    claws += [it for it in items if isinstance(it, dict)]
-                except ArkclawError as e:
-                    current["claws_error"] = {"code": e.code, "message": e.message}
+        # The claws you can chat = the ones YOU have used from this machine,
+        # remembered locally — NOT a server enumeration of the space. The
+        # space-wide ListClawInstances returns every member's claws to anyone
+        # (no per-user scoping reachable by the CLI's role), so we don't call it.
+        # New claws enter via `arkclaw chat ci-...`; each chat is recorded
+        # (record_session) and shows up here next time.
+        seen: dict[str, float] = {}
+        for s in config_mod.list_sessions():
+            cid = s.get("claw")
+            if s.get("space") == cfg.space and cid:
+                ts = s.get("last_used")
+                seen[str(cid)] = max(seen.get(str(cid), 0.0), float(ts) if isinstance(ts, (int, float)) else 0.0)
+        if cfg.claw and str(cfg.claw) not in seen:
+            seen[str(cfg.claw)] = 0.0  # the default claw, even if not chatted yet
+        claws = [
+            {"ClawInstanceId": cid, "last_used": ts}
+            for cid, ts in sorted(seen.items(), key=lambda kv: kv[1], reverse=True)
+        ]
         current["claws"] = claws
-        for it in claws:  # claw Name → chat <名字>
-            cid = it.get("ClawInstanceId") or it.get("Id")
-            if it.get("Name") and cid:
-                config_mod.record_agent(str(it["Name"]), dataclasses.replace(cfg, claw=str(cid)))
+        current["source"] = "local-history"
         if claws:
             emitter.table(
-                ["Claw(可 chat)", "名称", "状态", "默认"],
+                ["Claw(可 chat)", "上次使用", "默认"],
                 [
                     [
-                        it.get("ClawInstanceId") or it.get("Id") or "—",
-                        it.get("Name", ""),
-                        it.get("Status", ""),
-                        "★" if (it.get("ClawInstanceId") or it.get("Id")) == cfg.claw else "",
+                        str(c["ClawInstanceId"]),
+                        _ago(c["last_used"]) if c["last_used"] else "—",
+                        "★" if c["ClawInstanceId"] == cfg.claw else "",
                     ]
-                    for it in claws
+                    for c in claws
                 ],
             )
         else:
-            err = current.get("claws_error")
-            emitter.table(
-                ["Claw(可 chat)", "状态", "说明"],
-                [[
-                    cfg.claw or "(用 --clawid 直连)",
-                    "默认目标" if cfg.claw else "—",
-                    f"列表不可用: {err['code']}" if isinstance(err, dict) else "没有可用 claw",
-                ]],
-            )
+            emitter.line("  还没用过任何 claw。用 `arkclaw chat ci-xxxx` 开始,之后这里会记住它。")
 
     # `agents` is the list of agents you can chat — nothing else. Saved
     # profiles live under `arkclaw profile`, recent sessions under
@@ -1020,7 +1020,9 @@ def _openclaw_file_transport(clawid: str | None) -> tuple[OpenClawTransport, str
     if not cfg.region:
         raise RegionError("登录信息缺少区域。", hint="重新 login 并加 --region。")
     creds = _openclaw_creds(cfg, id_token)
-    return OpenClawTransport(clawid=clawid, region=str(cfg.region), creds=creds), clawid
+    return OpenClawTransport(
+        clawid=clawid, region=str(cfg.region), creds=creds, identity=_user_identity(id_token)
+    ), clawid
 
 
 def do_ls(emitter: Emitter, *, clawid: str | None = None) -> dict[str, Any]:

{arkclaw_webchat_cli-0.3.0 → arkclaw_webchat_cli-0.5.0}/src/ee_claw/sts.py

@@ -121,11 +121,34 @@ def assume_role_with_oidc(
     return creds
 
 
-def get_chat_token(clawid: str, region: str, creds: dict[str, str]) -> tuple[str, str]:
-    """GetClawInstanceChatToken with temp creds → (ChatToken, Endpoint)."""
+def _volc_error(body: str) -> tuple[str, str]:
+    """Extract ``(Code, Message)`` from a Volcengine error envelope
+    (``ResponseMetadata.Error``); ``('', '')`` if it can't be parsed. Lets the
+    CLI surface a clean message instead of dumping the raw JSON envelope."""
+    try:
+        err = json.loads(body)["ResponseMetadata"]["Error"]
+        return str(err.get("Code") or ""), str(err.get("Message") or "")
+    except (ValueError, KeyError, TypeError):
+        return "", ""
+
+
+def get_chat_token(
+    clawid: str, region: str, creds: dict[str, str], *, identity: dict[str, str] | None = None
+) -> tuple[str, str]:
+    """GetClawInstanceChatToken with temp creds → (ChatToken, Endpoint).
+
+    ``identity`` carries the SSO user's identity (``UserPoolUserUid``/``Email``/
+    ``UnionId``) taken from the *verified* id_token. The control plane's
+    resource-account branch authorizes the user against the claw's owner with
+    these fields and denies a non-owner (fail-closed) — so a leaked claw_id is
+    not enough to chat someone else's claw. (Sent always; the owning-tenant
+    branch ignores it.)"""
     host = f"arkclaw.{region}.volcengineapi.com"
     query = {"Action": "GetClawInstanceChatToken", "Version": ARKCLAW_API_VERSION}
-    body = json.dumps({"ClawInstanceId": clawid, "ProjectName": "default"}).encode()
+    payload: dict[str, str] = {"ClawInstanceId": clawid, "ProjectName": "default"}
+    if identity:
+        payload.update({k: v for k, v in identity.items() if v})
+    body = json.dumps(payload).encode()
     headers = sign_headers(
         "POST", host, query, body,
         ak=creds["AccessKeyId"], sk=creds["SecretAccessKey"],
@@ -138,9 +161,23 @@ def get_chat_token(clawid: str, region: str, creds: dict[str, str]) -> tuple[str
             urllib.request.Request(url, data=body, headers=headers), timeout=30
         ).read()
     except urllib.error.HTTPError as e:
-        # Redact BEFORE truncating so a split token can't slip past the regex.
+        err_body = e.read().decode(errors="replace")
+        code, message = _volc_error(err_body)
+        if code == "AccessDenied" or "AccessDenied" in err_body:  # coruscant per-user gate
+            raise StsError(
+                "权限不足:当前用户无权访问该 Claw 实例(非所有者且未获授权)。",
+                hint="运行 `arkclaw agents` 查看你有权访问的 Claw 实例,或使用 `--clawid` 指定其它实例。",
+            ) from e
+        if code == "ErrMissingUserIdentity":  # gate ran but the CLI sent no identity
+            raise StsError(
+                "权限校验失败:请求未包含用户身份信息。",
+                hint="请将 CLI 升级至最新版本(uv tool upgrade arkclaw-webchat-cli),并重新登录(arkclaw login)。",
+            ) from e
+        # Anything else: surface the clean Code/Message — never the raw JSON envelope.
+        # Redact first so a split token can't slip past the regex.
+        clean = redact(message or err_body)[:200]
         raise StsError(
-            f"GetClawInstanceChatToken failed: {redact(e.read().decode(errors='replace'))[:300]}"
+            f"获取会话令牌失败:{clean}", hint=(f"服务端错误码:{code}" if code else None)
         ) from e
     except urllib.error.URLError as e:
         raise NetworkError(f"cannot reach {host}: {e.reason}") from e

{arkclaw_webchat_cli-0.3.0 → arkclaw_webchat_cli-0.5.0}/src/ee_claw/transport/openclaw.py

@@ -334,6 +334,7 @@ class OpenClawTransport:
     clawid: str
     region: str
     creds: dict[str, str]
+    identity: dict[str, str] | None = None  # SSO user identity for per-claw authz
     session_key: str = SESSION_KEY
     approver: Approver | None = None
     idle_timeout: float = 30.0
@@ -355,7 +356,7 @@ class OpenClawTransport:
                     TurnEvent(kind="info", text=f"⚠ 二进制文件无法内联,已跳过: {name}")
                 )
         on_event(TurnEvent(kind="status", text="获取 ChatToken"))
-        chat_token, endpoint = get_chat_token(self.clawid, self.region, self.creds)
+        chat_token, endpoint = get_chat_token(self.clawid, self.region, self.creds, identity=self.identity)
         on_event(TurnEvent(kind="status", text="连接 claw(wss)"))
         url = (
             f"wss://{endpoint}/?chatToken={urllib.parse.quote(chat_token)}"
@@ -415,7 +416,7 @@ class OpenClawTransport:
     async def _request(self, method: str, params: dict[str, Any]) -> dict[str, Any]:
         """connect (hello-ok) → one control request → its res payload. Errors
         are redacted; the token-bearing URL is never echoed."""
-        chat_token, endpoint = get_chat_token(self.clawid, self.region, self.creds)
+        chat_token, endpoint = get_chat_token(self.clawid, self.region, self.creds, identity=self.identity)
         url = (
             f"wss://{endpoint}/?chatToken={urllib.parse.quote(chat_token)}"
             f"&clawInstanceId={urllib.parse.quote(self.clawid)}"