PyPI - arkclaw-webchat-cli - Versions diffs - 0.5.1__tar.gz → 0.5.3__tar.gz - Mend

arkclaw-webchat-cli 0.5.1tar.gz → 0.5.3tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

{arkclaw_webchat_cli-0.5.1 → arkclaw_webchat_cli-0.5.3}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: arkclaw-webchat-cli
-Version: 0.5.1
+Version: 0.5.3
 Summary: CLI to chat with an ArkClaw EE space's Claw over enterprise SSO — zero permanent AK/SK.
 Author: ArkClaw Team
 Keywords: arkclaw,cli,ee,openclaw,sso,sts

{arkclaw_webchat_cli-0.5.1 → arkclaw_webchat_cli-0.5.3}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 [project]
 name = "arkclaw-webchat-cli"
-version = "0.5.1"
+version = "0.5.3"
 description = "CLI to chat with an ArkClaw EE space's Claw over enterprise SSO — zero permanent AK/SK."
 readme = "README.md"
 requires-python = ">=3.10"

{arkclaw_webchat_cli-0.5.1 → arkclaw_webchat_cli-0.5.3}/src/ee_claw/config.py RENAMED Viewed

@@ -126,6 +126,24 @@ def get_session(space: str, claw: str, session: str) -> dict[str, object] | None
     return entry if isinstance(entry, dict) else None
+def forget_claw(space: str, claw: str) -> bool:
+    """Drop ALL recorded sessions for a (space, claw) — used to self-heal the
+    `agents` list when a claw turns out to be inaccessible. Returns True if any
+    entry was removed."""
+    data = _load_sessions()
+    prefix = f"{space}|{claw}|"
+    doomed = [k for k in data if k.startswith(prefix)]
+    if not doomed:
+        return False
+    for k in doomed:
+        del data[k]
+    _dir()
+    fd = os.open(_sessions_path(), os.O_WRONLY | os.O_CREAT | os.O_TRUNC, 0o600)
+    with os.fdopen(fd, "w") as f:
+        f.write(json.dumps(data, ensure_ascii=False))
+    return True
 # --- Named-agent registry ------------------------------------------------------
 # Maps a human-friendly agent name (the a2a agent-card name, an openclaw claw
 # Name) → a non-secret connection snapshot, so `arkclaw chat <name>` works.

{arkclaw_webchat_cli-0.5.1 → arkclaw_webchat_cli-0.5.3}/src/ee_claw/errors.py RENAMED Viewed

@@ -83,6 +83,13 @@ class StsError(AuthError):
     code = "ARKCLAW_E_STS"
+class ClawAccessDeniedError(StsError):
+    """The user is not authorized for this specific claw (server per-user gate).
+    Distinct so callers can prune it from local history (self-healing)."""
+    code = "ARKCLAW_E_FORBIDDEN"
 # --- Secret redaction -------------------------------------------------------
 # Never let a full token reach the terminal, a log, or an error message.
 #

{arkclaw_webchat_cli-0.5.1 → arkclaw_webchat_cli-0.5.3}/src/ee_claw/flows.py RENAMED Viewed

@@ -11,6 +11,7 @@ and every error is a typed :class:`~ee_claw.errors.ArkclawError`.
 from __future__ import annotations
 import asyncio
+import dataclasses
 import json
 import os
 import pathlib
@@ -29,6 +30,7 @@ from ee_claw.attachments import collect_files
 from ee_claw.config import SessionConfig
 from ee_claw.errors import (
     ArkclawError,
+    ClawAccessDeniedError,
     ExpiredError,
     NetworkError,
     NoClawError,
@@ -706,6 +708,15 @@ def _save_session_state(cfg: SessionConfig, target: str, session: str | None, tr
     config_mod.record_session(str(cfg.space), target, session or "main", extra)
+def _forget_inaccessible(cfg: SessionConfig, claw: str) -> None:
+    """A chat to ``claw`` was denied (not the user's, not shared). Drop it from
+    local history so `arkclaw agents` stops listing it, and clear it as the
+    default if it was the default (so a bare `arkclaw chat` won't keep failing)."""
+    config_mod.forget_claw(str(cfg.space), claw)
+    if cfg.claw == claw:
+        config_mod.save_config(dataclasses.replace(cfg, claw=None))
 def _resolve_target(name: str) -> SessionConfig | None:
     """A chat target by name: the agent registry (card/claw names recorded by
     ``login``/``agents``) first, then profile names."""
@@ -782,13 +793,18 @@ def do_chat(
     target, transport = _target_transport(
         cfg, clawid, id_token, session=session, approver=approver
     )
-    config_mod.record_session(str(cfg.space), target, session or "main")
+    # NOTE: do NOT record the session here (before the turn) — a denied claw
+    # would pollute `arkclaw agents`. Recording happens only after a turn
+    # SUCCEEDS, via _save_session_state below.
     if message is not None:
         stdin_text = _stdin_context()
         if stdin_text:
             attachments.insert(0, Attachment(name="<stdin>", content=stdin_text.encode()))
-        result = asyncio.run(_run_turn(transport, message, emitter, files=attachments))
+        try:
+            result = asyncio.run(_run_turn(transport, message, emitter, files=attachments))
+        except ClawAccessDeniedError:
+            _forget_inaccessible(cfg, target)  # self-heal: drop it from `agents`
+            raise
         emitter.line("")
         if result.timed_out:
             emitter.line("⚠ 回合超时结束,回复可能不完整。")
@@ -832,6 +848,8 @@ def do_chat(
         except ArkclawError as e:
             # One bad turn (server failure, network blip) must not kill the
             # REPL — report it and keep the conversation open.
+            if isinstance(e, ClawAccessDeniedError):
+                _forget_inaccessible(cfg, target)  # self-heal: drop it from `agents`
             emitter.line(f"\n✗ {e.code}: {e.message}")
             if e.hint:
                 emitter.line(f"  {e.hint}")

{arkclaw_webchat_cli-0.5.1 → arkclaw_webchat_cli-0.5.3}/src/ee_claw/sts.py RENAMED Viewed

@@ -16,7 +16,7 @@ import urllib.error
 import urllib.parse
 import urllib.request
-from ee_claw.errors import NetworkError, StsError, redact
+from ee_claw.errors import ClawAccessDeniedError, NetworkError, StsError, redact
 STS_HOST = "sts.volcengineapi.com"
 STS_VERSION = "2018-01-01"
@@ -164,7 +164,7 @@ def get_chat_token(
         err_body = e.read().decode(errors="replace")
         code, message = _volc_error(err_body)
         if code == "AccessDenied" or "AccessDenied" in err_body:  # coruscant per-user gate
-            raise StsError(
+            raise ClawAccessDeniedError(
                 "权限不足:当前用户无权访问该 Claw 实例(非所有者且未获授权)。",
                 hint="运行 `arkclaw agents` 查看你有权访问的 Claw 实例,或使用 `--clawid` 指定其它实例。",
             ) from e

{arkclaw_webchat_cli-0.5.1 → arkclaw_webchat_cli-0.5.3}/src/ee_claw/transport/openclaw.py RENAMED Viewed

@@ -1,6 +1,10 @@
-"""OpenClaw WebSocket transport (protocol v3).
+"""OpenClaw WebSocket transport (protocol v3–v4, negotiated).
 Refactored from the live-validated ``core.ws_chat`` (2026-06-05, real EE claw).
+The connect frame negotiates ``minProtocol=3 .. maxProtocol=4`` so it works
+against both older claws (v3) and OpenClaw ≥5.28 (v4); the server picks the
+version. (The post-connect frame shapes below were calibrated on a live v3
+claw; v4 is expected to be compatible for these — verify against a v4 claw.)
 Confirmed protocol details, preserved exactly:
 * The ChatToken from ``GetClawInstanceChatToken`` is **single-use** — a fresh
@@ -9,7 +13,7 @@ Confirmed protocol details, preserved exactly:
   ``connect.challenge`` event (no response required), then expects a
   ``connect`` request whose ``client.id`` MUST be ``openclaw-control-ui``
   (server whitelist; anything else → INVALID_REQUEST), with
-  ``role=operator`` / ``scopes=["operator.admin"]`` / protocol pinned to 3.
+  ``role=operator`` / ``scopes=["operator.admin"]`` / protocol negotiated v3–v4.
 * ``chat.send`` (sessionKey ``agent:main:main``) → ``{ok:true, payload:{runId,
   status:"started"}}``, then ``agent`` events stream assistant text
   (``data.delta`` incremental) and the ``chat`` event with ``state=final``
@@ -31,6 +35,8 @@ from __future__ import annotations
 import asyncio
 import json
+import os
+import sys
 import urllib.parse
 import uuid
 from collections.abc import Sequence
@@ -43,6 +49,11 @@ from ee_claw.transport.base import Approver, Attachment, OnEvent, TurnEvent, Tur
 SESSION_KEY = "agent:main:main"        # OpenClaw default session
 WS_CLIENT_ID = "openclaw-control-ui"   # ONLY this client.id is accepted
+# ws protocol versions this client speaks; the server negotiates the highest
+# mutually-supported one (v3 for older claws, v4 for OpenClaw ≥ 5.28). Pinning a
+# single version makes a newer claw reject the connect with PROTOCOL_MISMATCH.
+MIN_PROTOCOL = 3
+MAX_PROTOCOL = 4
 def session_key_for(name: str | None) -> str:
@@ -61,14 +72,40 @@ class _Ws(Protocol):
     async def recv(self) -> str | bytes: ...
+class _DebugWs:
+    """Frame tracer. With ``ARKCLAW_DEBUG_WS`` set, dump every ws frame (sent
+    and received) to stderr — redacted (no tokens) and length-capped — for
+    diagnosing protocol changes (e.g. OpenClaw v4) against a live claw."""
+    def __init__(self, ws: Any) -> None:
+        self._ws = ws
+    async def send(self, data: str) -> None:
+        sys.stderr.write(f"[ws →] {redact(data)[:2000]}\n")
+        sys.stderr.flush()
+        await self._ws.send(data)
+    async def recv(self) -> str | bytes:
+        data = await self._ws.recv()
+        text = data if isinstance(data, str) else bytes(data).decode("utf-8", "replace")
+        sys.stderr.write(f"[ws ←] {redact(text)[:2000]}\n")
+        sys.stderr.flush()
+        return data
+def _wrap_debug(ws: Any) -> Any:
+    """Wrap ``ws`` in a frame tracer when ARKCLAW_DEBUG_WS is set; else pass through."""
+    return _DebugWs(ws) if os.environ.get("ARKCLAW_DEBUG_WS") else ws
 def connect_frame() -> dict[str, Any]:
     return {
         "type": "req",
         "id": str(uuid.uuid4()),
         "method": "connect",
         "params": {
-            "minProtocol": 3,
-            "maxProtocol": 3,
+            "minProtocol": MIN_PROTOCOL,
+            "maxProtocol": MAX_PROTOCOL,
             "client": {
                 "id": WS_CLIENT_ID,
                 "version": "arkclaw-cli",
@@ -369,6 +406,7 @@ class OpenClawTransport:
             connect = websockets.connect
         try:
             async with connect(url, max_size=None) as ws:
+                ws = _wrap_debug(ws)
                 self._active_ws = ws
                 try:
                     return await drive_chat(
@@ -428,6 +466,7 @@ class OpenClawTransport:
             connect = websockets.connect
         try:
             async with connect(url, max_size=None) as ws:
+                ws = _wrap_debug(ws)
                 await ws.send(json.dumps(connect_frame()))
                 loop = asyncio.get_running_loop()
                 deadline = loop.time() + self.turn_timeout