diff --git a/.agents/skills/parallels-discord-roundtrip/SKILL.md b/.agents/skills/parallels-discord-roundtrip/SKILL.md index 8fda0da1a23..cbfffc21446 100644 --- a/.agents/skills/parallels-discord-roundtrip/SKILL.md +++ b/.agents/skills/parallels-discord-roundtrip/SKILL.md @@ -42,10 +42,13 @@ pnpm test:parallels:macos \ ## Notes - Snapshot target: closest to `macOS 26.3.1 fresh`. +- Snapshot resolver now prefers matching `*-poweroff*` clones when the base hint also matches. That lets the harness reuse disk-only recovery snapshots without passing a longer hint. +- If Windows/Linux snapshot restore logs show `PET_QUESTION_SNAPSHOT_STATE_INCOMPATIBLE_CPU`, drop the suspended state once, create a `*-poweroff*` replacement snapshot, and rerun. The smoke scripts now auto-start restored power-off snapshots. - Harness configures Discord inside the guest; no checked-in token/config. - Use the `openclaw` wrapper for guest `message send/read`; `node openclaw.mjs message ...` does not expose the lazy message subcommands the same way. - Write `channels.discord.guilds` in one JSON object (`--strict-json`), not dotted `config set channels.discord.guilds....` paths; numeric snowflakes get treated like array indexes. - Avoid `prlctl enter` / expect for long Discord setup scripts; it line-wraps/corrupts long commands. Use `prlctl exec --current-user /bin/sh -lc ...` for the Discord config phase. +- Full 3-OS sweeps: the shared build lock is safe in parallel, but snapshot restore is still a Parallels bottleneck. Prefer serialized Windows/Linux restore-heavy reruns if the host is already under load. - Harness cleanup deletes the temporary Discord smoke messages at exit. - Per-phase logs: `/tmp/openclaw-parallels-smoke.*` - Machine summary: pass `--json` diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f82dea2f230..6dc68d2275a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -206,6 +206,9 @@ jobs: - runtime: node task: channels command: pnpm test:channels + - runtime: node + task: contracts + command: pnpm test:contracts - runtime: node task: protocol command: pnpm protocol:check @@ -270,7 +273,9 @@ jobs: use-sticky-disk: "false" - name: Run changed extension tests - run: pnpm test:extension ${{ matrix.extension }} + env: + OPENCLAW_CHANGED_EXTENSION: ${{ matrix.extension }} + run: pnpm test:extension "$OPENCLAW_CHANGED_EXTENSION" # Types, lint, and format check. check: @@ -299,8 +304,8 @@ jobs: - name: Enforce safe external URL opening policy run: pnpm lint:ui:no-raw-window-open - startup-memory: - name: "startup-memory" + build-smoke: + name: "build-smoke" needs: [docs-scope, changed-scope] if: needs.docs-scope.outputs.docs_only != 'true' && needs.changed-scope.outputs.run_node == 'true' runs-on: blacksmith-16vcpu-ubuntu-2404 @@ -319,9 +324,43 @@ jobs: - name: Build dist run: pnpm build + - name: Smoke test CLI launcher help + run: node openclaw.mjs --help + + - name: Smoke test CLI launcher status json + run: node openclaw.mjs status --json --timeout 1 + - name: Check CLI startup memory run: pnpm test:startup:memory + gateway-watch-regression: + name: "gateway-watch-regression" + needs: [docs-scope, changed-scope] + if: needs.docs-scope.outputs.docs_only != 'true' && needs.changed-scope.outputs.run_node == 'true' + runs-on: blacksmith-16vcpu-ubuntu-2404 + steps: + - name: Checkout + uses: actions/checkout@v6 + with: + submodules: false + + - name: Setup Node environment + uses: ./.github/actions/setup-node-env + with: + install-bun: "false" + use-sticky-disk: "false" + + - name: Run gateway watch regression harness + run: pnpm test:gateway:watch-regression + + - name: Upload gateway watch regression artifacts + if: always() + uses: actions/upload-artifact@v7 + with: + name: gateway-watch-regression + path: .local/gateway-watch-regression/ + retention-days: 7 + # Validate docs (format, lint, broken links) only when docs files changed. check-docs: needs: [docs-scope] @@ -449,21 +488,30 @@ jobs: run: pre-commit run --all-files detect-private-key - name: Audit changed GitHub workflows with zizmor + env: + BASE_SHA: ${{ github.event_name == 'push' && github.event.before || github.event.pull_request.base.sha }} run: | set -euo pipefail - if [ "${{ github.event_name }}" = "push" ]; then - BASE="${{ github.event.before }}" - else - BASE="${{ github.event.pull_request.base.sha }}" + if [ -z "${BASE_SHA:-}" ] || [ "${BASE_SHA}" = "0000000000000000000000000000000000000000" ]; then + echo "No usable base SHA detected; skipping zizmor." + exit 0 fi - mapfile -t workflow_files < <(git diff --name-only "$BASE" HEAD -- '.github/workflows/*.yml' '.github/workflows/*.yaml') + if ! git cat-file -e "${BASE_SHA}^{commit}" 2>/dev/null; then + echo "Base SHA ${BASE_SHA} is unavailable; skipping zizmor." + exit 0 + fi + + mapfile -t workflow_files < <( + git diff --name-only "${BASE_SHA}" HEAD -- '.github/workflows/*.yml' '.github/workflows/*.yaml' + ) if [ "${#workflow_files[@]}" -eq 0 ]; then echo "No workflow changes detected; skipping zizmor." exit 0 fi + printf 'Auditing workflow files:\n%s\n' "${workflow_files[@]}" pre-commit run zizmor --files "${workflow_files[@]}" - name: Audit production dependencies diff --git a/.gitignore b/.gitignore index a0da79d14ef..c46954af2ef 100644 --- a/.gitignore +++ b/.gitignore @@ -9,6 +9,7 @@ pnpm-lock.yaml bun.lock bun.lockb coverage +__openclaw_vitest__/ __pycache__/ *.pyc .tsbuildinfo diff --git a/CHANGELOG.md b/CHANGELOG.md index 5673d2dd5f5..8930840332c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ Docs: https://docs.openclaw.ai ### Changes - Commands/btw: add `/btw` side questions for quick tool-less answers about the current session without changing future session context, with dismissible in-session TUI answers and explicit BTW replies on external channels. (#45444) Thanks @ngutman. +- Gateway/docs: clarify that empty URL input allowlists are treated as unset, document `allowUrl: false` as the deny-all switch, and add regression coverage for the normalization path. - Sandbox/runtime: add pluggable sandbox backends, ship an OpenShell backend with `mirror` and `remote` workspace modes, and make sandbox list/recreate/prune backend-aware instead of Docker-only. - Sandbox/SSH: add a core SSH sandbox backend with secret-backed key, certificate, and known_hosts inputs, move shared remote exec/filesystem tooling into core, and keep OpenShell focused on sandbox lifecycle plus optional `mirror` mode. - Web tools/Firecrawl: add Firecrawl as an `onboard`/configure search provider via a bundled plugin, expose explicit `firecrawl_search` and `firecrawl_scrape` tools, and align core `web_fetch` fallback behavior with Firecrawl base-URL/env fallback plus guarded endpoint fetches. @@ -18,6 +19,7 @@ Docs: https://docs.openclaw.ai - Android/mobile: add a system-aware dark theme across onboarding and post-onboarding screens so the app follows the device theme through setup, chat, and voice flows. (#46249) Thanks @sibbl. - Feishu/ACP: add current-conversation ACP and subagent session binding for supported DMs and topic conversations, including completion delivery back to the originating Feishu conversation. (#46819) Thanks @Takhoffman. - Plugins/marketplaces: add Claude marketplace registry resolution, `plugin@marketplace` installs, marketplace listing, and update support, plus Docker E2E coverage for local and official marketplace flows. (#48058) Thanks @vincentkoc. +- Commands/plugins: add owner-gated `/plugins` and `/plugin` chat commands for plugin list/show and enable/disable flows, alongside explicit `commands.plugins` config gating. Thanks @vincentkoc. - Feishu/cards: add structured interactive approval and quick-action launcher cards, preserve callback user and conversation context through routing, and keep legacy card-action fallback behavior so common actions can run without typing raw commands. (#47873) Thanks @Takhoffman. - Feishu/streaming: add `onReasoningStream` and `onReasoningEnd` support to streaming cards, so `/reasoning stream` renders thinking tokens as markdown blockquotes in the same card — matching the Telegram channel's reasoning lane behavior. (#46029) Thanks @day253. - Feishu/cards: add identity-aware structured card headers and note footers for Feishu replies and direct sends, while keeping that presentation wired through the shared outbound identity path. (#29938) Thanks @nszhsl. @@ -30,10 +32,17 @@ Docs: https://docs.openclaw.ai - secrets: harden read-only SecretRef command paths and diagnostics. (#47794) Thanks @joshavant. - Browser/existing-session: support `browser.profiles..userDataDir` so Chrome DevTools MCP can attach to Brave, Edge, and other Chromium-based browsers through their own user data directories. (#48170) Thanks @velvet-shark. - Skills/prompt budget: preserve all registered skills via a compact catalog fallback before dropping entries when the full prompt format exceeds `maxSkillsPromptChars`. (#47553) Thanks @snese. +- Plugins/bundles: make enabled bundle MCP servers expose runnable tools in embedded Pi, and default relative bundle MCP launches to the bundle root so marketplace bundles like Context7 work through Pi instead of stopping at config import. +- Scope message SecretRef resolution and harden doctor/status paths. (#48728) Thanks @joshavant. +- Plugins/testing: add a public `openclaw/plugin-sdk/testing` seam for plugin-author test helpers, and move bundled-extension-only test bridges out of `extensions/` into private repo test helpers. +- Plugins/Chutes: add a bundled Chutes provider with plugin-owned OAuth/API-key auth, dynamic model discovery, and default-on extension wiring. (#41416) Thanks @Veightor. +- Plugins/binding: add `onConversationBindingResolved(...)` so plugins can react immediately after bind approvals or denies without blocking channel interaction acknowledgements. (#48678) Thanks @huntharo. ### Breaking - Browser/Chrome MCP: remove the legacy Chrome extension relay path, bundled extension assets, `driver: "extension"`, and `browser.relayBindHost`. Run `openclaw doctor --fix` to migrate host-local browser config to `existing-session` / `user`; Docker, headless, sandbox, and remote browser flows still use raw CDP. (#47893) Thanks @vincentkoc. +- Plugins/runtime: remove the public `openclaw/extension-api` surface with no compatibility shim. Bundled plugins must use injected runtime for host-side operations (for example `api.runtime.agent.runEmbeddedPiAgent`) and any remaining direct imports must come from narrow `openclaw/plugin-sdk/*` subpaths instead of the monolithic SDK root. +- Tools/image generation: standardize the stock image create/edit path on the core `image_generate` tool. The old `nano-banana-pro` docs/examples are gone; if you previously copied that sample-skill config, switch to `agents.defaults.imageGenerationModel` for built-in image generation or install a separate third-party skill explicitly. ### Fixes @@ -69,6 +78,7 @@ Docs: https://docs.openclaw.ai - Feishu/actions: expand the runtime action surface with message read/edit, explicit thread replies, pinning, and operator-facing chat/member inspection so Feishu can operate more of the workspace directly. (#47968) Thanks @Takhoffman. - Feishu/topic threads: fetch full thread context, including prior bot replies, when starting a topic-thread session so follow-up turns in Feishu topics keep the right conversation state. (#45254) Thanks @Coobiw. - Feishu/media: keep native image, file, audio, and video/media handling aligned across outbound sends, inbound downloads, thread replies, directory/action aliases, and capability docs so unsupported areas are explicit instead of implied. (#47968) Thanks @Takhoffman. +- Feishu/webhooks: harden signed webhook verification to use constant-time signature comparison and keep malformed short signatures fail-closed in webhook E2E coverage. - WhatsApp/reconnect: restore the append recency filter in the extension inbox monitor and handle protobuf `Long` timestamps correctly, so fresh post-reconnect append messages are processed while stale history sync stays suppressed. (#42588) Thanks @MonkeyLeeT. - WhatsApp/login: wait for pending creds writes before reopening after Baileys `515` pairing restarts in both QR login and `channels login` flows, and keep the restart coverage pinned to the real wrapped error shape plus per-account creds queues. (#27910) Thanks @asyncjason. - Telegram/message send: forward `--force-document` through the `sendPayload` path as well as `sendMedia`, so Telegram payload sends with `channelData` keep uploading images as documents instead of silently falling back to compressed photo sends. (#47119) Thanks @thepagent. @@ -77,7 +87,9 @@ Docs: https://docs.openclaw.ai - Z.AI/onboarding: add `glm-5-turbo` to the default Z.AI provider catalog so onboarding-generated configs expose the new model alongside the existing GLM defaults. (#46670) Thanks @tomsun28. - Zalo Personal/group gating: stop reapplying `dmPolicy.allowFrom` as a sender gate for already-allowlisted groups when `groupAllowFrom` is unset, so any member of an allowed group can trigger replies while DMs stay restricted. (#46663) Fixes #40146. Thanks @Takhoffman. - Zalo/plugin runtime: export `resolveClientIp` from `openclaw/plugin-sdk/zalo` so installed builds no longer crash on startup when the webhook monitor loads from the packaged extension instead of the monorepo source tree. (#46549) Thanks @No898. +- Docker/live tests: mount external CLI auth homes into writable container copies, derive Codex OAuth expiry from JWT `exp`, refresh synced CLI creds instead of trusting stale cached expiry, and make gateway live probes wait on transcript output so `pnpm test:docker:all` stays green in Linux. - Plugins/install precedence: keep bundled plugins ahead of auto-discovered globals by default, but let an explicitly installed plugin record win its own duplicate-id tie so installed channel plugins load from `~/.openclaw/extensions` after `openclaw plugins install`. (#46722) Thanks @Takhoffman. +- Control UI/logging: make browser-safe logger imports avoid eager temp-dir resolution so the bundled Control UI no longer crashes to a blank screen when logging reaches `tmp-openclaw-dir`. (#48469) Fixes #48062. Thanks @7inspire. - Plugins/scoped ids: preserve scoped plugin ids during install and config keying, and keep bundled plugins ahead of discovered duplicate ids by default so `@scope/name` plugins no longer collide with unscoped installs. (#47413) Thanks @vincentkoc. - Gateway/watch mode: restart on bundled-plugin package and manifest metadata changes, rebuild `dist` for extension source and `tsdown.config.ts` changes, and still ignore extension docs. (#47571) Thanks @gumadeiras. - Gateway/watch mode: recreate bundled plugin runtime metadata after clean or stale `dist` states, so `pnpm gateway:watch` no longer fails on missing `dist/extensions/*/openclaw.plugin.json` manifests after a rebuild. Thanks @gumadeiras. @@ -91,6 +103,9 @@ Docs: https://docs.openclaw.ai - Docs/Mintlify: fix MDX marker syntax on Perplexity, Model Providers, Moonshot, and exec approvals pages so local docs preview no longer breaks rendering or leaves stale pages unpublished. (#46695) Thanks @velvet-shark. - Gateway/config validation: stop treating the implicit default memory slot as a required explicit plugin config, so startup no longer fails with `plugins.slots.memory: plugin not found: memory-core` when `memory-core` was only inferred. (#47494) Thanks @ngutman. - Tlon: honor explicit empty allowlists and defer cite expansion. (#46788) Thanks @zpbrent and @vincentkoc. +- Tlon/DM auth: defer cited-message expansion until after DM authorization and owner command handling, so unauthorized DMs and owner approval/admin commands no longer trigger cross-channel cite fetches before the deny or command path. +- Docs/security audit: spell out that `gateway.controlUi.allowedOrigins: ["*"]` is an explicit allow-all browser-origin policy and should be avoided outside tightly controlled local testing. +- Gateway/auth: clear self-declared scopes for device-less trusted-proxy Control UI sessions so proxy-authenticated connects cannot claim admin or secrets scopes without a bound device identity. - Nodes/pending actions: re-check queued foreground actions against the current node command policy before returning them to the node. (#46815) Thanks @zpbrent and @vincentkoc. - Node/startup: remove leftover debug `console.log("node host PATH: ...")` that printed the resolved PATH on every `openclaw node run` invocation. (#46515) Fixes #46411. Thanks @ademczuk. - CLI/completion: reduce recursive completion-script string churn and fix nested PowerShell command-path matching so generated nested completions resolve on PowerShell too. (#45537) Thanks @yiShanXin and @vincentkoc. @@ -101,6 +116,27 @@ Docs: https://docs.openclaw.ai - Control UI/model switching: preserve the selected provider prefix when switching models from the chat dropdown, so multi-provider setups no longer send `anthropic/gpt-5.2`-style mismatches when the user picked `openai/gpt-5.2`. (#47581) Thanks @chrishham. - Control UI/storage: scope persisted settings keys by gateway base path, with migration from the legacy shared key, so multiple gateways under one domain stop overwriting each other's dashboard preferences. (#47932) Thanks @bobBot-claw. - Agents/usage tracking: stop forcing `supportsUsageInStreaming: false` on non-native OpenAI-completions providers so compatible backends report token usage and cost again instead of showing all zeros. (#46500) Fixes #46142. Thanks @ademczuk. +- ACP/acpx: keep plugin-local backend installs under `extensions/acpx` in live repo checkouts so rebuilds no longer delete the runtime binary, and avoid package-lock churn during runtime repair. +- Plugins/subagents: preserve gateway-owned plugin subagent access across runtime, tool, and embedded-runner load paths so gateway plugin tools and context engines can still spawn and manage subagents after the loader cache split. (#46648) Thanks @jalehman. +- Control UI/overview: keep the language dropdown aligned with the persisted locale during dashboard startup so refreshing the page does not fall back to English before locale hydration completes. (#48019) Thanks @git-jxj. +- Agents/compaction: rerun transcript repair after `session.compact()` so orphaned `tool_result` blocks cannot survive compaction and break later Anthropic requests. (#16095) thanks @claw-sylphx. +- Agents/compaction: trigger overflow recovery from the tool-result guard once post-compaction context still exceeds the safe threshold, so long tool loops compact before the next model call hard-fails. (#29371) thanks @keshav55. +- macOS/exec approvals: harden exec-host request HMAC verification to use a timing-safe compare and keep malformed or truncated signatures fail-closed in focused IPC auth coverage. +- Gateway/exec approvals: surface requested env override keys in gateway-host approval prompts so operators can review surviving env context without inheriting noisy base host env. +- Telegram/network: preserve sticky IPv4 fallback state across polling restarts so hosts with unstable IPv6 to `api.telegram.org` stop re-triggering repeated Telegram timeouts after each restart. (#48282) Thanks @yassinebkr. +- Plugins/subagents: forward per-run provider and model overrides through gateway plugin subagent dispatch so plugin-launched agent delegations honor explicit model selection again. (#48277) Thanks @jalehman. +- Agents/compaction: write minimal boundary summaries for empty preparations while keeping split-turn prefixes on the normal path, so no-summarizable-message sessions stop retriggering the safeguard loop. (#42215) thanks @lml2468. + +### Fixes + +- Agents/bootstrap warnings: move bootstrap truncation warnings out of the system prompt and into the per-turn prompt body so prompt-cache reuse stays stable when truncation warnings appear or disappear. (#48753) Thanks @scoootscooob and @obviyus. +- Telegram/DM topic session keys: route named-account DM topics through the same per-account base session key across inbound messages, native commands, and session-state lookups so `/status` and thread recovery stop creating phantom `agent:main:main:thread:...` sessions. (#48204) Thanks @vincentkoc. +- macOS/node service startup: use `openclaw node start/stop --json` from the Mac app instead of the removed `openclaw service node ...` command shape, so current CLI installs expose the full node exec surface again. (#46843) Fixes #43171. Thanks @Br1an67. +- macOS/launch at login: stop emitting `KeepAlive` for the desktop app launch agent so OpenClaw no longer relaunches immediately after a manual quit while launch at login remains enabled. (#40213) Thanks @stablegenius49. +- ACP/gateway startup: use direct Telegram and Discord startup/status helpers instead of routing probes through the plugin runtime, and prepend the selected daemon Node bin dir to service PATH so plugin-local installs can still find `npm` and `pnpm`. +- ACP/configured bindings: reinitialize configured ACP sessions that are stuck in `error` state instead of reusing the failed runtime. +- Mattermost/DM send: retry transient direct-channel creation failures for DM deliveries, with configurable backoff and per-request timeout. (#42398) Thanks @JonathanJing. +- Telegram/network: unify API and media fetches under the same sticky IPv4 and pinned-IP fallback chain, and re-validate pinned override addresses against SSRF policy. (#49148) Thanks @obviyus. ## 2026.3.13 @@ -179,6 +215,7 @@ Docs: https://docs.openclaw.ai - Auth/login lockout recovery: clear stale `auth_permanent` and `billing` disabled state for all profiles matching the target provider when `openclaw models auth login` is invoked, so users locked out by expired or revoked OAuth tokens can recover by re-authenticating instead of waiting for the cooldown timer to expire. (#43057) - Auto-reply/context-engine compaction: persist the exact embedded-run metadata compaction count for main and followup runner session accounting, so metadata-only auto-compactions no longer undercount multi-compaction runs. (#42629) thanks @uf-hy. - Auth/Codex CLI reuse: sync reused Codex CLI credentials into the supported `openai-codex:default` OAuth profile instead of reviving the deprecated `openai-codex:codex-cli` slot, so doctor cleanup no longer loops. (#45353) thanks @Gugu-sugar. +- Hooks/after_compaction: forward `sessionFile` for direct/manual compaction events and add `sessionFile` plus `sessionKey` to wired auto-compaction hook context so plugins receive the session metadata already declared in the hook types. (#40781) Thanks @jarimustonen. ## 2026.3.12 @@ -270,6 +307,13 @@ Docs: https://docs.openclaw.ai - Agents/Anthropic replay: drop replayed assistant thinking blocks for native Anthropic and Bedrock Claude providers so persisted follow-up turns no longer fail on stored thinking blocks. (#44843) Thanks @jmcte. - Docs/Brave pricing: escape literal dollar signs in Brave Search cost text so the docs render the free credit and per-request pricing correctly. (#44989) Thanks @keelanfh. - Feishu/file uploads: preserve literal UTF-8 filenames in `im.file.create` so Chinese and other non-ASCII filenames no longer appear percent-encoded in chat. (#34262) Thanks @fabiaodemianyang and @KangShuaiFu. +- Agents/compaction safeguard: trim large kept `toolResult` payloads consistently for budgeting, pruning, and identifier seeding, then restore preserved payloads after prune so oversized safeguard summaries stay stable. (#44133) thanks @SayrWolfridge. +- Agents/compaction: compare post-compaction token sanity checks against full-session pre-compaction totals and skip the check when token estimation fails, so sessions with large bootstrap context keep real token counts instead of falling back to unknown. (#28347) thanks @efe-arv. +- Discord/gateway startup: treat plain-text and transient `/gateway/bot` metadata fetch failures as transient startup errors so Discord gateway boot no longer crashes on unhandled rejections. (#44397) Thanks @jalehman. +- Agents/Ollama overflow: rewrite Ollama `prompt too long` API payloads through the normal context-overflow sanitizer so embedded sessions keep the friendly overflow copy and auto-compaction trigger. (#34019) thanks @lishuaigit. + +- Control UI/auth: restore one-time legacy `?token=` imports for shared Control UI links while keeping `#token=` preferred, and carry pending query tokens through gateway URL confirmation so compatibility links still authenticate after confirmation. (#43979) Thanks @stim64045-spec. +- Plugins/context engines: retry legacy lifecycle calls once without `sessionKey` when older plugins reject that field, memoize legacy mode after the first strict-schema fallback, and preserve non-compat runtime errors without retry. (#44779) thanks @hhhhao28. ## 2026.3.11 @@ -412,6 +456,7 @@ Docs: https://docs.openclaw.ai - Memory/QMD Windows: fail closed when `qmd.cmd` or `mcporter.cmd` wrappers cannot be resolved to a direct entrypoint, so memory search no longer falls back to shell execution on Windows. - macOS/remote gateway: stop PortGuardian from killing Docker Desktop and other external listeners on the gateway port in remote mode, so containerized and tunneled gateway setups no longer lose their port-forward owner on app startup. (#6755) Thanks @teslamint. - Feishu/streaming recovery: clear stale `streamingStartPromise` when card creation fails (HTTP 400) so subsequent messages can retry streaming instead of silently dropping all future replies. Fixes #43322. +- Exec/env sandbox: block JVM agent injection (`JAVA_TOOL_OPTIONS`, `_JAVA_OPTIONS`, `JDK_JAVA_OPTIONS`), Python breakpoint hijack (`PYTHONBREAKPOINT`), and .NET startup hooks (`DOTNET_STARTUP_HOOKS`) from the host exec environment. (#49025) ## 2026.3.8 @@ -1200,7 +1245,7 @@ Docs: https://docs.openclaw.ai - Signal/Sync message null-handling: treat `syncMessage` presence (including `null`) as sync envelope traffic so replayed sentTranscript payloads cannot bypass loop guards after daemon restart. Landed from contributor PR #31138 by @Sid-Qin. Thanks @Sid-Qin. - Infra/fs-safe: sanitize directory-read failures so raw `EISDIR` text never leaks to messaging surfaces, with regression tests for both root-scoped and direct safe reads. Landed from contributor PR #31205 by @polooooo. Thanks @polooooo. -## Unreleased +## 2026.2.27 ### Changes diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 9b1fa35d6a3..14a9b3c8bcd 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -91,7 +91,10 @@ Welcome to the lobster tank! 🦞 - Run tests: `pnpm build && pnpm check && pnpm test` - For extension/plugin changes, run the fast local lane first: - `pnpm test:extension ` - - If you changed shared plugin or channel surfaces, still run the broader relevant lanes (`pnpm test:extensions`, `pnpm test:channels`, or `pnpm test`) before asking for review + - `pnpm test:extension --list` to see valid extension ids + - If you changed shared plugin or channel surfaces, run `pnpm test:contracts` + - For targeted shared-surface work, use `pnpm test:contracts:channels` or `pnpm test:contracts:plugins` + - If you changed broader runtime behavior, still run the relevant wider lanes (`pnpm test:extensions`, `pnpm test:channels`, or `pnpm test`) before asking for review - If you have access to Codex, run `codex review --base origin/main` locally before opening or updating your PR. Treat this as the current highest standard of AI review, even if GitHub Codex review also runs. - Ensure CI checks pass - Keep PRs focused (one thing per PR; do not mix unrelated concerns) diff --git a/README.md b/README.md index fee53d83065..418e2a070af 100644 --- a/README.md +++ b/README.md @@ -23,10 +23,10 @@ It answers you on the channels you already use (WhatsApp, Telegram, Slack, Disco If you want a personal, single-user assistant that feels local, fast, and always-on, this is it. -[Website](https://openclaw.ai) · [Docs](https://docs.openclaw.ai) · [Vision](VISION.md) · [DeepWiki](https://deepwiki.com/openclaw/openclaw) · [Getting Started](https://docs.openclaw.ai/start/getting-started) · [Updating](https://docs.openclaw.ai/install/updating) · [Showcase](https://docs.openclaw.ai/start/showcase) · [FAQ](https://docs.openclaw.ai/help/faq) · [Wizard](https://docs.openclaw.ai/start/wizard) · [Nix](https://github.com/openclaw/nix-openclaw) · [Docker](https://docs.openclaw.ai/install/docker) · [Discord](https://discord.gg/clawd) +[Website](https://openclaw.ai) · [Docs](https://docs.openclaw.ai) · [Vision](VISION.md) · [DeepWiki](https://deepwiki.com/openclaw/openclaw) · [Getting Started](https://docs.openclaw.ai/start/getting-started) · [Updating](https://docs.openclaw.ai/install/updating) · [Showcase](https://docs.openclaw.ai/start/showcase) · [FAQ](https://docs.openclaw.ai/help/faq) · [Onboarding](https://docs.openclaw.ai/start/wizard) · [Nix](https://github.com/openclaw/nix-openclaw) · [Docker](https://docs.openclaw.ai/install/docker) · [Discord](https://discord.gg/clawd) -Preferred setup: run the onboarding wizard (`openclaw onboard`) in your terminal. -The wizard guides you step by step through setting up the gateway, workspace, channels, and skills. The CLI wizard is the recommended path and works on **macOS, Linux, and Windows (via WSL2; strongly recommended)**. +Preferred setup: run `openclaw onboard` in your terminal. +OpenClaw Onboard guides you step by step through setting up the gateway, workspace, channels, and skills. It is the recommended CLI setup path and works on **macOS, Linux, and Windows (via WSL2; strongly recommended)**. Works with npm, pnpm, or bun. New install? Start here: [Getting started](https://docs.openclaw.ai/start/getting-started) @@ -58,7 +58,7 @@ npm install -g openclaw@latest openclaw onboard --install-daemon ``` -The wizard installs the Gateway daemon (launchd/systemd user service) so it stays running. +OpenClaw Onboard installs the Gateway daemon (launchd/systemd user service) so it stays running. ## Quick start (TL;DR) @@ -132,7 +132,7 @@ Run `openclaw doctor` to surface risky/misconfigured DM policies. - **[Live Canvas](https://docs.openclaw.ai/platforms/mac/canvas)** — agent-driven visual workspace with [A2UI](https://docs.openclaw.ai/platforms/mac/canvas#canvas-a2ui). - **[First-class tools](https://docs.openclaw.ai/tools)** — browser, canvas, nodes, cron, sessions, and Discord/Slack actions. - **[Companion apps](https://docs.openclaw.ai/platforms/macos)** — macOS menu bar app + iOS/Android [nodes](https://docs.openclaw.ai/nodes). -- **[Onboarding](https://docs.openclaw.ai/start/wizard) + [skills](https://docs.openclaw.ai/tools/skills)** — wizard-driven setup with bundled/managed/workspace skills. +- **[Onboarding](https://docs.openclaw.ai/start/wizard) + [skills](https://docs.openclaw.ai/tools/skills)** — onboarding-driven setup with bundled/managed/workspace skills. ## Star History @@ -143,7 +143,7 @@ Run `openclaw doctor` to surface risky/misconfigured DM policies. ### Core platform - [Gateway WS control plane](https://docs.openclaw.ai/gateway) with sessions, presence, config, cron, webhooks, [Control UI](https://docs.openclaw.ai/web), and [Canvas host](https://docs.openclaw.ai/platforms/mac/canvas#canvas-a2ui). -- [CLI surface](https://docs.openclaw.ai/tools/agent-send): gateway, agent, send, [wizard](https://docs.openclaw.ai/start/wizard), and [doctor](https://docs.openclaw.ai/gateway/doctor). +- [CLI surface](https://docs.openclaw.ai/tools/agent-send): gateway, agent, send, [onboarding](https://docs.openclaw.ai/start/wizard), and [doctor](https://docs.openclaw.ai/gateway/doctor). - [Pi agent runtime](https://docs.openclaw.ai/concepts/agent) in RPC mode with tool streaming and block streaming. - [Session model](https://docs.openclaw.ai/concepts/session): `main` for direct chats, group isolation, activation modes, queue modes, reply-back. Group rules: [Groups](https://docs.openclaw.ai/channels/groups). - [Media pipeline](https://docs.openclaw.ai/nodes/images): images/audio/video, transcription hooks, size caps, temp file lifecycle. Audio details: [Audio](https://docs.openclaw.ai/nodes/audio). @@ -422,7 +422,7 @@ Use these when you’re past the onboarding flow and want the deeper reference. - [Run the Gateway by the book with the operational runbook.](https://docs.openclaw.ai/gateway) - [Learn how the Control UI/Web surfaces work and how to expose them safely.](https://docs.openclaw.ai/web) - [Understand remote access over SSH tunnels or tailnets.](https://docs.openclaw.ai/gateway/remote) -- [Follow the onboarding wizard flow for a guided setup.](https://docs.openclaw.ai/start/wizard) +- [Follow OpenClaw Onboard for a guided setup.](https://docs.openclaw.ai/start/wizard) - [Wire external triggers via the webhook surface.](https://docs.openclaw.ai/automation/webhook) - [Set up Gmail Pub/Sub triggers.](https://docs.openclaw.ai/automation/gmail-pubsub) - [Learn the macOS menu bar companion details.](https://docs.openclaw.ai/platforms/mac/menu-bar) diff --git a/apps/macos/Sources/OpenClaw/CanvasSchemeHandler.swift b/apps/macos/Sources/OpenClaw/CanvasSchemeHandler.swift index 6905af50014..9b4c8e5ebad 100644 --- a/apps/macos/Sources/OpenClaw/CanvasSchemeHandler.swift +++ b/apps/macos/Sources/OpenClaw/CanvasSchemeHandler.swift @@ -81,22 +81,23 @@ final class CanvasSchemeHandler: NSObject, WKURLSchemeHandler { return self.html("Not Found", title: "Canvas: 404") } - // Directory traversal guard: served files must live under the session root. - let standardizedRoot = sessionRoot.standardizedFileURL - let standardizedFile = fileURL.standardizedFileURL - guard standardizedFile.path.hasPrefix(standardizedRoot.path) else { + // Resolve symlinks before enforcing the session-root boundary so links inside + // the canvas tree cannot escape to arbitrary host files. + let resolvedRoot = sessionRoot.resolvingSymlinksInPath().standardizedFileURL + let resolvedFile = fileURL.resolvingSymlinksInPath().standardizedFileURL + guard self.isFileURL(resolvedFile, withinDirectory: resolvedRoot) else { return self.html("Forbidden", title: "Canvas: 403") } do { - let data = try Data(contentsOf: standardizedFile) - let mime = CanvasScheme.mimeType(forExtension: standardizedFile.pathExtension) - let servedPath = standardizedFile.path + let data = try Data(contentsOf: resolvedFile) + let mime = CanvasScheme.mimeType(forExtension: resolvedFile.pathExtension) + let servedPath = resolvedFile.path canvasLogger.debug( "served \(session, privacy: .public)/\(path, privacy: .public) -> \(servedPath, privacy: .public)") return CanvasResponse(mime: mime, data: data) } catch { - let failedPath = standardizedFile.path + let failedPath = resolvedFile.path let errorText = error.localizedDescription canvasLogger .error( @@ -145,6 +146,11 @@ final class CanvasSchemeHandler: NSObject, WKURLSchemeHandler { return nil } + private func isFileURL(_ fileURL: URL, withinDirectory rootURL: URL) -> Bool { + let rootPath = rootURL.path.hasSuffix("/") ? rootURL.path : rootURL.path + "/" + return fileURL.path == rootURL.path || fileURL.path.hasPrefix(rootPath) + } + private func html(_ body: String, title: String = "Canvas") -> CanvasResponse { let html = """ diff --git a/apps/macos/Sources/OpenClaw/ExecApprovalsSocket.swift b/apps/macos/Sources/OpenClaw/ExecApprovalsSocket.swift index a2cc9d53390..19336f4f7b1 100644 --- a/apps/macos/Sources/OpenClaw/ExecApprovalsSocket.swift +++ b/apps/macos/Sources/OpenClaw/ExecApprovalsSocket.swift @@ -89,6 +89,20 @@ private func readLineFromHandle(_ handle: FileHandle, maxBytes: Int) throws -> S return String(data: lineData, encoding: .utf8) } +func timingSafeHexStringEquals(_ lhs: String, _ rhs: String) -> Bool { + let lhsBytes = Array(lhs.utf8) + let rhsBytes = Array(rhs.utf8) + guard lhsBytes.count == rhsBytes.count else { + return false + } + + var diff: UInt8 = 0 + for index in lhsBytes.indices { + diff |= lhsBytes[index] ^ rhsBytes[index] + } + return diff == 0 +} + enum ExecApprovalsSocketClient { private struct TimeoutError: LocalizedError { var message: String @@ -854,7 +868,7 @@ private final class ExecApprovalsSocketServer: @unchecked Sendable { error: ExecHostError(code: "INVALID_REQUEST", message: "expired request", reason: "ttl")) } let expected = self.hmacHex(nonce: request.nonce, ts: request.ts, requestJson: request.requestJson) - if expected != request.hmac { + if !timingSafeHexStringEquals(expected, request.hmac) { return ExecHostResponse( type: "exec-res", id: request.id, diff --git a/apps/macos/Sources/OpenClaw/HostEnvSecurityPolicy.generated.swift b/apps/macos/Sources/OpenClaw/HostEnvSecurityPolicy.generated.swift index 932c9fc5e61..ecdbdd0d77c 100644 --- a/apps/macos/Sources/OpenClaw/HostEnvSecurityPolicy.generated.swift +++ b/apps/macos/Sources/OpenClaw/HostEnvSecurityPolicy.generated.swift @@ -23,7 +23,12 @@ enum HostEnvSecurityPolicy { "PS4", "GCONV_PATH", "IFS", - "SSLKEYLOGFILE" + "SSLKEYLOGFILE", + "JAVA_TOOL_OPTIONS", + "_JAVA_OPTIONS", + "JDK_JAVA_OPTIONS", + "PYTHONBREAKPOINT", + "DOTNET_STARTUP_HOOKS" ] static let blockedOverrideKeys: Set = [ diff --git a/apps/macos/Sources/OpenClaw/LaunchAgentManager.swift b/apps/macos/Sources/OpenClaw/LaunchAgentManager.swift index af318b330d4..004d575d5d5 100644 --- a/apps/macos/Sources/OpenClaw/LaunchAgentManager.swift +++ b/apps/macos/Sources/OpenClaw/LaunchAgentManager.swift @@ -26,7 +26,12 @@ enum LaunchAgentManager { } private static func writePlist(bundlePath: String) { - let plist = """ + let plist = self.plistContents(bundlePath: bundlePath) + try? plist.write(to: self.plistURL, atomically: true, encoding: .utf8) + } + + static func plistContents(bundlePath: String) -> String { + """ @@ -41,8 +46,6 @@ enum LaunchAgentManager { \(FileManager().homeDirectoryForCurrentUser.path) RunAtLoad - KeepAlive - EnvironmentVariables PATH @@ -55,7 +58,6 @@ enum LaunchAgentManager { """ - try? plist.write(to: self.plistURL, atomically: true, encoding: .utf8) } @discardableResult diff --git a/apps/macos/Sources/OpenClaw/NodeServiceManager.swift b/apps/macos/Sources/OpenClaw/NodeServiceManager.swift index 7a9da5925f8..18f500bd359 100644 --- a/apps/macos/Sources/OpenClaw/NodeServiceManager.swift +++ b/apps/macos/Sources/OpenClaw/NodeServiceManager.swift @@ -6,7 +6,7 @@ enum NodeServiceManager { static func start() async -> String? { let result = await self.runServiceCommandResult( - ["node", "start"], + ["start"], timeout: 20, quiet: false) if let error = self.errorMessage(from: result, treatNotLoadedAsError: true) { @@ -18,7 +18,7 @@ enum NodeServiceManager { static func stop() async -> String? { let result = await self.runServiceCommandResult( - ["node", "stop"], + ["stop"], timeout: 15, quiet: false) if let error = self.errorMessage(from: result, treatNotLoadedAsError: false) { @@ -30,6 +30,14 @@ enum NodeServiceManager { } extension NodeServiceManager { + private static func serviceCommand(_ args: [String]) -> [String] { + CommandResolver.openclawCommand( + subcommand: "node", + extraArgs: self.withJsonFlag(args), + // Service management must always run locally, even if remote mode is configured. + configRoot: ["gateway": ["mode": "local"]]) + } + private struct CommandResult { let success: Bool let payload: Data? @@ -52,11 +60,7 @@ extension NodeServiceManager { timeout: Double, quiet: Bool) async -> CommandResult { - let command = CommandResolver.openclawCommand( - subcommand: "service", - extraArgs: self.withJsonFlag(args), - // Service management must always run locally, even if remote mode is configured. - configRoot: ["gateway": ["mode": "local"]]) + let command = self.serviceCommand(args) var env = ProcessInfo.processInfo.environment env["PATH"] = CommandResolver.preferredPaths().joined(separator: ":") let response = await ShellExecutor.runDetailed(command: command, cwd: nil, env: env, timeout: timeout) @@ -136,3 +140,11 @@ extension NodeServiceManager { TextSummarySupport.summarizeLastLine(text) } } + +#if DEBUG +extension NodeServiceManager { + static func _testServiceCommand(_ args: [String]) -> [String] { + self.serviceCommand(args) + } +} +#endif diff --git a/apps/macos/Sources/OpenClawProtocol/GatewayModels.swift b/apps/macos/Sources/OpenClawProtocol/GatewayModels.swift index 3003ae79f7b..fcd04955e8c 100644 --- a/apps/macos/Sources/OpenClawProtocol/GatewayModels.swift +++ b/apps/macos/Sources/OpenClawProtocol/GatewayModels.swift @@ -515,6 +515,8 @@ public struct PollParams: Codable, Sendable { public struct AgentParams: Codable, Sendable { public let message: String public let agentid: String? + public let provider: String? + public let model: String? public let to: String? public let replyto: String? public let sessionid: String? @@ -542,6 +544,8 @@ public struct AgentParams: Codable, Sendable { public init( message: String, agentid: String?, + provider: String?, + model: String?, to: String?, replyto: String?, sessionid: String?, @@ -568,6 +572,8 @@ public struct AgentParams: Codable, Sendable { { self.message = message self.agentid = agentid + self.provider = provider + self.model = model self.to = to self.replyto = replyto self.sessionid = sessionid @@ -596,6 +602,8 @@ public struct AgentParams: Codable, Sendable { private enum CodingKeys: String, CodingKey { case message case agentid = "agentId" + case provider + case model case to case replyto = "replyTo" case sessionid = "sessionId" diff --git a/apps/macos/Tests/OpenClawIPCTests/ExecApprovalsSocketAuthTests.swift b/apps/macos/Tests/OpenClawIPCTests/ExecApprovalsSocketAuthTests.swift new file mode 100644 index 00000000000..ee0ead1f902 --- /dev/null +++ b/apps/macos/Tests/OpenClawIPCTests/ExecApprovalsSocketAuthTests.swift @@ -0,0 +1,21 @@ +import Testing +@testable import OpenClaw + +struct ExecApprovalsSocketAuthTests { + @Test + func `timing safe hex compare matches equal strings`() { + #expect(timingSafeHexStringEquals(String(repeating: "a", count: 64), String(repeating: "a", count: 64))) + } + + @Test + func `timing safe hex compare rejects mismatched strings`() { + let expected = String(repeating: "a", count: 63) + "b" + let provided = String(repeating: "a", count: 63) + "c" + #expect(!timingSafeHexStringEquals(expected, provided)) + } + + @Test + func `timing safe hex compare rejects different length strings`() { + #expect(!timingSafeHexStringEquals(String(repeating: "a", count: 64), "deadbeef")) + } +} diff --git a/apps/macos/Tests/OpenClawIPCTests/LaunchAgentManagerTests.swift b/apps/macos/Tests/OpenClawIPCTests/LaunchAgentManagerTests.swift new file mode 100644 index 00000000000..c9a17d57577 --- /dev/null +++ b/apps/macos/Tests/OpenClawIPCTests/LaunchAgentManagerTests.swift @@ -0,0 +1,19 @@ +import Foundation +import Testing +@testable import OpenClaw + +struct LaunchAgentManagerTests { + @Test func `launch at login plist does not keep app alive after manual quit`() throws { + let plist = LaunchAgentManager.plistContents(bundlePath: "/Applications/OpenClaw.app") + let data = try #require(plist.data(using: .utf8)) + let object = try #require( + PropertyListSerialization.propertyList(from: data, format: nil) as? [String: Any] + ) + + #expect(object["RunAtLoad"] as? Bool == true) + #expect(object["KeepAlive"] == nil) + + let args = try #require(object["ProgramArguments"] as? [String]) + #expect(args == ["/Applications/OpenClaw.app/Contents/MacOS/OpenClaw"]) + } +} diff --git a/apps/macos/Tests/OpenClawIPCTests/LowCoverageHelperTests.swift b/apps/macos/Tests/OpenClawIPCTests/LowCoverageHelperTests.swift index a37135ff490..b47dd70c3ff 100644 --- a/apps/macos/Tests/OpenClawIPCTests/LowCoverageHelperTests.swift +++ b/apps/macos/Tests/OpenClawIPCTests/LowCoverageHelperTests.swift @@ -216,6 +216,32 @@ struct LowCoverageHelperTests { #expect(handler._testTextEncodingName(for: "application/octet-stream") == nil) } + @Test @MainActor func `canvas scheme handler blocks symlink escapes`() throws { + let root = FileManager().temporaryDirectory + .appendingPathComponent("canvas-\(UUID().uuidString)", isDirectory: true) + defer { try? FileManager().removeItem(at: root) } + try FileManager().createDirectory(at: root, withIntermediateDirectories: true) + + let session = root.appendingPathComponent("main", isDirectory: true) + try FileManager().createDirectory(at: session, withIntermediateDirectories: true) + + let outside = root.deletingLastPathComponent().appendingPathComponent("canvas-secret-\(UUID().uuidString).txt") + defer { try? FileManager().removeItem(at: outside) } + try "top-secret".write(to: outside, atomically: true, encoding: .utf8) + + let symlink = session.appendingPathComponent("index.html") + try FileManager().createSymbolicLink(at: symlink, withDestinationURL: outside) + + let handler = CanvasSchemeHandler(root: root) + let url = try #require(CanvasScheme.makeURL(session: "main", path: "index.html")) + let response = handler._testResponse(for: url) + let body = String(data: response.data, encoding: .utf8) ?? "" + + #expect(response.mime == "text/html") + #expect(body.contains("Forbidden")) + #expect(!body.contains("top-secret")) + } + @Test @MainActor func `menu context card injector inserts and finds index`() { let injector = MenuContextCardInjector() let menu = NSMenu() diff --git a/apps/macos/Tests/OpenClawIPCTests/NodeServiceManagerTests.swift b/apps/macos/Tests/OpenClawIPCTests/NodeServiceManagerTests.swift new file mode 100644 index 00000000000..df49a82e223 --- /dev/null +++ b/apps/macos/Tests/OpenClawIPCTests/NodeServiceManagerTests.swift @@ -0,0 +1,19 @@ +import Foundation +import Testing +@testable import OpenClaw + +@Suite(.serialized) struct NodeServiceManagerTests { + @Test func `builds node service commands with current CLI shape`() throws { + let tmp = try makeTempDirForTests() + CommandResolver.setProjectRoot(tmp.path) + + let openclawPath = tmp.appendingPathComponent("node_modules/.bin/openclaw") + try makeExecutableForTests(at: openclawPath) + + let start = NodeServiceManager._testServiceCommand(["start"]) + #expect(start == [openclawPath.path, "node", "start", "--json"]) + + let stop = NodeServiceManager._testServiceCommand(["stop"]) + #expect(stop == [openclawPath.path, "node", "stop", "--json"]) + } +} diff --git a/apps/shared/OpenClawKit/Sources/OpenClawProtocol/GatewayModels.swift b/apps/shared/OpenClawKit/Sources/OpenClawProtocol/GatewayModels.swift index 3003ae79f7b..fcd04955e8c 100644 --- a/apps/shared/OpenClawKit/Sources/OpenClawProtocol/GatewayModels.swift +++ b/apps/shared/OpenClawKit/Sources/OpenClawProtocol/GatewayModels.swift @@ -515,6 +515,8 @@ public struct PollParams: Codable, Sendable { public struct AgentParams: Codable, Sendable { public let message: String public let agentid: String? + public let provider: String? + public let model: String? public let to: String? public let replyto: String? public let sessionid: String? @@ -542,6 +544,8 @@ public struct AgentParams: Codable, Sendable { public init( message: String, agentid: String?, + provider: String?, + model: String?, to: String?, replyto: String?, sessionid: String?, @@ -568,6 +572,8 @@ public struct AgentParams: Codable, Sendable { { self.message = message self.agentid = agentid + self.provider = provider + self.model = model self.to = to self.replyto = replyto self.sessionid = sessionid @@ -596,6 +602,8 @@ public struct AgentParams: Codable, Sendable { private enum CodingKeys: String, CodingKey { case message case agentid = "agentId" + case provider + case model case to case replyto = "replyTo" case sessionid = "sessionId" diff --git a/docs/.generated/config-baseline.json b/docs/.generated/config-baseline.json index 65688a7fc7a..dabe2cf9837 100644 --- a/docs/.generated/config-baseline.json +++ b/docs/.generated/config-baseline.json @@ -1754,6 +1754,58 @@ "help": "Delay style for block replies (\"off\", \"natural\", \"custom\").", "hasChildren": false }, + { + "path": "agents.defaults.imageGenerationModel", + "kind": "core", + "type": [ + "object", + "string" + ], + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "agents.defaults.imageGenerationModel.fallbacks", + "kind": "core", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "media", + "reliability" + ], + "label": "Image Generation Model Fallbacks", + "help": "Ordered fallback image-generation models (provider/model).", + "hasChildren": true + }, + { + "path": "agents.defaults.imageGenerationModel.fallbacks.*", + "kind": "core", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "agents.defaults.imageGenerationModel.primary", + "kind": "core", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "media" + ], + "label": "Image Generation Model", + "help": "Optional image-generation model (provider/model) used by the shared image generation capability.", + "hasChildren": false + }, { "path": "agents.defaults.imageMaxDimensionPx", "kind": "core", @@ -11733,6 +11785,116 @@ "tags": [], "hasChildren": false }, + { + "path": "channels.discord.accounts.*.voice.tts.microsoft", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.discord.accounts.*.voice.tts.microsoft.enabled", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.discord.accounts.*.voice.tts.microsoft.lang", + "kind": "channel", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.discord.accounts.*.voice.tts.microsoft.outputFormat", + "kind": "channel", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.discord.accounts.*.voice.tts.microsoft.pitch", + "kind": "channel", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.discord.accounts.*.voice.tts.microsoft.proxy", + "kind": "channel", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.discord.accounts.*.voice.tts.microsoft.rate", + "kind": "channel", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.discord.accounts.*.voice.tts.microsoft.saveSubtitles", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.discord.accounts.*.voice.tts.microsoft.timeoutMs", + "kind": "channel", + "type": "integer", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.discord.accounts.*.voice.tts.microsoft.voice", + "kind": "channel", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.discord.accounts.*.voice.tts.microsoft.volume", + "kind": "channel", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, { "path": "channels.discord.accounts.*.voice.tts.mode", "kind": "channel", @@ -11961,11 +12123,6 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": [ - "elevenlabs", - "openai", - "edge" - ], "deprecated": false, "sensitive": false, "tags": [], @@ -14698,6 +14855,116 @@ "tags": [], "hasChildren": false }, + { + "path": "channels.discord.voice.tts.microsoft", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.discord.voice.tts.microsoft.enabled", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.discord.voice.tts.microsoft.lang", + "kind": "channel", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.discord.voice.tts.microsoft.outputFormat", + "kind": "channel", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.discord.voice.tts.microsoft.pitch", + "kind": "channel", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.discord.voice.tts.microsoft.proxy", + "kind": "channel", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.discord.voice.tts.microsoft.rate", + "kind": "channel", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.discord.voice.tts.microsoft.saveSubtitles", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.discord.voice.tts.microsoft.timeoutMs", + "kind": "channel", + "type": "integer", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.discord.voice.tts.microsoft.voice", + "kind": "channel", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.discord.voice.tts.microsoft.volume", + "kind": "channel", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, { "path": "channels.discord.voice.tts.mode", "kind": "channel", @@ -14926,11 +15193,6 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": [ - "elevenlabs", - "openai", - "edge" - ], "deprecated": false, "sensitive": false, "tags": [], @@ -38002,6 +38264,20 @@ "help": "Allow /debug chat command for runtime-only overrides (default: false).", "hasChildren": false }, + { + "path": "commands.mcp", + "kind": "core", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Allow /mcp", + "help": "Allow /mcp chat command to manage OpenClaw MCP server config under mcp.servers (default: false).", + "hasChildren": false + }, { "path": "commands.native", "kind": "core", @@ -38098,6 +38374,20 @@ "help": "Optional secret used to HMAC hash owner IDs when ownerDisplay=hash. Prefer env substitution.", "hasChildren": false }, + { + "path": "commands.plugins", + "kind": "core", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Allow /plugins", + "help": "Allow /plugins chat command to list discovered plugins and toggle plugin enablement in config (default: false).", + "hasChildren": false + }, { "path": "commands.restart", "kind": "core", @@ -39636,7 +39926,7 @@ "network" ], "label": "OpenAI Chat Completions Allow Image URLs", - "help": "Allow server-side URL fetches for `image_url` parts (default: false; data URIs remain supported).", + "help": "Allow server-side URL fetches for `image_url` parts (default: false; data URIs remain supported). Set this to `false` to disable URL fetching entirely.", "hasChildren": false }, { @@ -39701,7 +39991,7 @@ "network" ], "label": "OpenAI Chat Completions Image URL Allowlist", - "help": "Optional hostname allowlist for `image_url` URL fetches; supports exact hosts and `*.example.com` wildcards.", + "help": "Optional hostname allowlist for `image_url` URL fetches; supports exact hosts and `*.example.com` wildcards. Empty or omitted lists mean no hostname allowlist restriction.", "hasChildren": true }, { @@ -42004,6 +42294,137 @@ "help": "Sensitive redaction mode: \"off\" disables built-in masking, while \"tools\" redacts sensitive tool/config payload fields. Keep \"tools\" in shared logs unless you have isolated secure log sinks.", "hasChildren": false }, + { + "path": "mcp", + "kind": "core", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "MCP", + "help": "Global MCP server definitions managed by OpenClaw. Embedded Pi and other runtime adapters can consume these servers without storing them inside Pi-owned project settings.", + "hasChildren": true + }, + { + "path": "mcp.servers", + "kind": "core", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "MCP Servers", + "help": "Named MCP server definitions. OpenClaw stores them in its own config and runtime adapters decide which transports are supported at execution time.", + "hasChildren": true + }, + { + "path": "mcp.servers.*", + "kind": "core", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "mcp.servers.*.*", + "kind": "core", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "mcp.servers.*.args", + "kind": "core", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "mcp.servers.*.args.*", + "kind": "core", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "mcp.servers.*.command", + "kind": "core", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "mcp.servers.*.cwd", + "kind": "core", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "mcp.servers.*.env", + "kind": "core", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "mcp.servers.*.env.*", + "kind": "core", + "type": [ + "boolean", + "number", + "string" + ], + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "mcp.servers.*.url", + "kind": "core", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "mcp.servers.*.workingDirectory", + "kind": "core", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, { "path": "media", "kind": "core", @@ -43560,6 +43981,116 @@ "tags": [], "hasChildren": false }, + { + "path": "messages.tts.microsoft", + "kind": "core", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "messages.tts.microsoft.enabled", + "kind": "core", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "messages.tts.microsoft.lang", + "kind": "core", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "messages.tts.microsoft.outputFormat", + "kind": "core", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "messages.tts.microsoft.pitch", + "kind": "core", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "messages.tts.microsoft.proxy", + "kind": "core", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "messages.tts.microsoft.rate", + "kind": "core", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "messages.tts.microsoft.saveSubtitles", + "kind": "core", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "messages.tts.microsoft.timeoutMs", + "kind": "core", + "type": "integer", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "messages.tts.microsoft.voice", + "kind": "core", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "messages.tts.microsoft.volume", + "kind": "core", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, { "path": "messages.tts.mode", "kind": "core", @@ -43786,11 +44317,6 @@ "kind": "core", "type": "string", "required": false, - "enumValues": [ - "elevenlabs", - "openai", - "edge" - ], "deprecated": false, "sensitive": false, "tags": [], @@ -44768,6 +45294,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.*.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.*.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.*.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.*.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.acpx", "kind": "plugin", @@ -45034,6 +45612,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.acpx.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.acpx.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.acpx.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.acpx.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.amazon-bedrock", "kind": "plugin", @@ -45103,6 +45733,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.amazon-bedrock.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.amazon-bedrock.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.amazon-bedrock.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.amazon-bedrock.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.anthropic", "kind": "plugin", @@ -45172,6 +45854,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.anthropic.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.anthropic.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.anthropic.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.anthropic.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.bluebubbles", "kind": "plugin", @@ -45241,6 +45975,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.bluebubbles.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.bluebubbles.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.bluebubbles.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.bluebubbles.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.brave", "kind": "plugin", @@ -45310,6 +46096,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.brave.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.brave.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.brave.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.brave.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.byteplus", "kind": "plugin", @@ -45379,6 +46217,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.byteplus.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.byteplus.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.byteplus.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.byteplus.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.cloudflare-ai-gateway", "kind": "plugin", @@ -45448,6 +46338,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.cloudflare-ai-gateway.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.cloudflare-ai-gateway.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.cloudflare-ai-gateway.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.cloudflare-ai-gateway.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.copilot-proxy", "kind": "plugin", @@ -45517,6 +46459,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.copilot-proxy.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.copilot-proxy.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.copilot-proxy.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.copilot-proxy.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.device-pair", "kind": "plugin", @@ -45600,6 +46594,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.device-pair.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.device-pair.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.device-pair.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.device-pair.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.diagnostics-otel", "kind": "plugin", @@ -45669,6 +46715,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.diagnostics-otel.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.diagnostics-otel.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.diagnostics-otel.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.diagnostics-otel.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.diffs", "kind": "plugin", @@ -46075,6 +47173,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.diffs.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.diffs.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.diffs.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.diffs.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.discord", "kind": "plugin", @@ -46144,6 +47294,179 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.discord.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.discord.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.discord.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.discord.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, + { + "path": "plugins.entries.elevenlabs", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "@openclaw/elevenlabs-speech", + "help": "OpenClaw ElevenLabs speech plugin (plugin: elevenlabs)", + "hasChildren": true + }, + { + "path": "plugins.entries.elevenlabs.config", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "@openclaw/elevenlabs-speech Config", + "help": "Plugin-defined config payload for elevenlabs.", + "hasChildren": false + }, + { + "path": "plugins.entries.elevenlabs.enabled", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Enable @openclaw/elevenlabs-speech", + "hasChildren": false + }, + { + "path": "plugins.entries.elevenlabs.hooks", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Hook Policy", + "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", + "hasChildren": true + }, + { + "path": "plugins.entries.elevenlabs.hooks.allowPromptInjection", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Prompt Injection Hooks", + "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", + "hasChildren": false + }, + { + "path": "plugins.entries.elevenlabs.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.elevenlabs.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.elevenlabs.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.elevenlabs.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.feishu", "kind": "plugin", @@ -46213,6 +47536,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.feishu.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.feishu.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.feishu.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.feishu.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.firecrawl", "kind": "plugin", @@ -46282,6 +47657,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.firecrawl.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.firecrawl.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.firecrawl.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.firecrawl.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.github-copilot", "kind": "plugin", @@ -46351,6 +47778,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.github-copilot.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.github-copilot.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.github-copilot.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.github-copilot.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.google", "kind": "plugin", @@ -46420,6 +47899,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.google.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.google.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.google.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.google.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.googlechat", "kind": "plugin", @@ -46489,6 +48020,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.googlechat.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.googlechat.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.googlechat.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.googlechat.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.huggingface", "kind": "plugin", @@ -46558,6 +48141,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.huggingface.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.huggingface.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.huggingface.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.huggingface.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.imessage", "kind": "plugin", @@ -46627,6 +48262,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.imessage.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.imessage.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.imessage.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.imessage.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.irc", "kind": "plugin", @@ -46696,6 +48383,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.irc.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.irc.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.irc.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.irc.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.kilocode", "kind": "plugin", @@ -46766,7 +48505,7 @@ "hasChildren": false }, { - "path": "plugins.entries.kimi-coding", + "path": "plugins.entries.kilocode.subagent", "kind": "plugin", "type": "object", "required": false, @@ -46775,12 +48514,50 @@ "tags": [ "advanced" ], - "label": "@openclaw/kimi-coding-provider", - "help": "OpenClaw Kimi Coding provider plugin (plugin: kimi-coding)", + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", "hasChildren": true }, { - "path": "plugins.entries.kimi-coding.config", + "path": "plugins.entries.kilocode.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.kilocode.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.kilocode.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, + { + "path": "plugins.entries.kimi", "kind": "plugin", "type": "object", "required": false, @@ -46789,12 +48566,26 @@ "tags": [ "advanced" ], - "label": "@openclaw/kimi-coding-provider Config", - "help": "Plugin-defined config payload for kimi-coding.", + "label": "@openclaw/kimi-provider", + "help": "OpenClaw Kimi provider plugin (plugin: kimi)", + "hasChildren": true + }, + { + "path": "plugins.entries.kimi.config", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "@openclaw/kimi-provider Config", + "help": "Plugin-defined config payload for kimi.", "hasChildren": false }, { - "path": "plugins.entries.kimi-coding.enabled", + "path": "plugins.entries.kimi.enabled", "kind": "plugin", "type": "boolean", "required": false, @@ -46803,11 +48594,11 @@ "tags": [ "advanced" ], - "label": "Enable @openclaw/kimi-coding-provider", + "label": "Enable @openclaw/kimi-provider", "hasChildren": false }, { - "path": "plugins.entries.kimi-coding.hooks", + "path": "plugins.entries.kimi.hooks", "kind": "plugin", "type": "object", "required": false, @@ -46821,7 +48612,7 @@ "hasChildren": true }, { - "path": "plugins.entries.kimi-coding.hooks.allowPromptInjection", + "path": "plugins.entries.kimi.hooks.allowPromptInjection", "kind": "plugin", "type": "boolean", "required": false, @@ -46834,6 +48625,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.kimi.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.kimi.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.kimi.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.kimi.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.line", "kind": "plugin", @@ -46903,6 +48746,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.line.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.line.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.line.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.line.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.llm-task", "kind": "plugin", @@ -47042,6 +48937,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.llm-task.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.llm-task.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.llm-task.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.llm-task.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.lobster", "kind": "plugin", @@ -47111,6 +49058,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.lobster.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.lobster.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.lobster.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.lobster.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.matrix", "kind": "plugin", @@ -47180,6 +49179,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.matrix.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.matrix.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.matrix.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.matrix.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.mattermost", "kind": "plugin", @@ -47249,6 +49300,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.mattermost.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.mattermost.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.mattermost.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.mattermost.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.memory-core", "kind": "plugin", @@ -47318,6 +49421,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.memory-core.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.memory-core.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.memory-core.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.memory-core.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.memory-lancedb", "kind": "plugin", @@ -47516,6 +49671,179 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.memory-lancedb.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.memory-lancedb.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.memory-lancedb.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.memory-lancedb.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, + { + "path": "plugins.entries.microsoft", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "@openclaw/microsoft-speech", + "help": "OpenClaw Microsoft speech plugin (plugin: microsoft)", + "hasChildren": true + }, + { + "path": "plugins.entries.microsoft.config", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "@openclaw/microsoft-speech Config", + "help": "Plugin-defined config payload for microsoft.", + "hasChildren": false + }, + { + "path": "plugins.entries.microsoft.enabled", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Enable @openclaw/microsoft-speech", + "hasChildren": false + }, + { + "path": "plugins.entries.microsoft.hooks", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Hook Policy", + "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", + "hasChildren": true + }, + { + "path": "plugins.entries.microsoft.hooks.allowPromptInjection", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Prompt Injection Hooks", + "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", + "hasChildren": false + }, + { + "path": "plugins.entries.microsoft.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.microsoft.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.microsoft.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.microsoft.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.minimax", "kind": "plugin", @@ -47585,6 +49913,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.minimax.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.minimax.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.minimax.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.minimax.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.mistral", "kind": "plugin", @@ -47654,6 +50034,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.mistral.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.mistral.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.mistral.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.mistral.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.modelstudio", "kind": "plugin", @@ -47723,6 +50155,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.modelstudio.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.modelstudio.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.modelstudio.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.modelstudio.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.moonshot", "kind": "plugin", @@ -47792,6 +50276,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.moonshot.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.moonshot.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.moonshot.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.moonshot.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.msteams", "kind": "plugin", @@ -47861,6 +50397,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.msteams.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.msteams.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.msteams.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.msteams.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.nextcloud-talk", "kind": "plugin", @@ -47930,6 +50518,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.nextcloud-talk.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.nextcloud-talk.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.nextcloud-talk.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.nextcloud-talk.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.nostr", "kind": "plugin", @@ -47999,6 +50639,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.nostr.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.nostr.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.nostr.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.nostr.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.nvidia", "kind": "plugin", @@ -48068,6 +50760,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.nvidia.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.nvidia.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.nvidia.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.nvidia.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.ollama", "kind": "plugin", @@ -48137,6 +50881,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.ollama.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.ollama.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.ollama.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.ollama.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.open-prose", "kind": "plugin", @@ -48206,6 +51002,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.open-prose.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.open-prose.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.open-prose.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.open-prose.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.openai", "kind": "plugin", @@ -48275,6 +51123,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.openai.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.openai.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.openai.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.openai.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.opencode", "kind": "plugin", @@ -48358,6 +51258,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.opencode-go.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.opencode-go.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.opencode-go.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.opencode-go.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.opencode.config", "kind": "plugin", @@ -48413,6 +51365,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.opencode.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.opencode.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.opencode.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.opencode.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.openrouter", "kind": "plugin", @@ -48482,6 +51486,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.openrouter.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.openrouter.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.openrouter.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.openrouter.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.openshell", "kind": "plugin", @@ -48718,6 +51774,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.openshell.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.openshell.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.openshell.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.openshell.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.perplexity", "kind": "plugin", @@ -48787,6 +51895,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.perplexity.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.perplexity.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.perplexity.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.perplexity.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.phone-control", "kind": "plugin", @@ -48856,6 +52016,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.phone-control.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.phone-control.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.phone-control.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.phone-control.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.qianfan", "kind": "plugin", @@ -48925,6 +52137,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.qianfan.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.qianfan.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.qianfan.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.qianfan.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.qwen-portal-auth", "kind": "plugin", @@ -48994,6 +52258,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.qwen-portal-auth.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.qwen-portal-auth.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.qwen-portal-auth.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.qwen-portal-auth.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.sglang", "kind": "plugin", @@ -49063,6 +52379,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.sglang.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.sglang.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.sglang.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.sglang.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.signal", "kind": "plugin", @@ -49132,6 +52500,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.signal.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.signal.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.signal.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.signal.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.slack", "kind": "plugin", @@ -49201,6 +52621,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.slack.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.slack.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.slack.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.slack.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.synology-chat", "kind": "plugin", @@ -49270,6 +52742,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.synology-chat.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.synology-chat.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.synology-chat.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.synology-chat.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.synthetic", "kind": "plugin", @@ -49339,6 +52863,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.synthetic.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.synthetic.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.synthetic.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.synthetic.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.talk-voice", "kind": "plugin", @@ -49408,6 +52984,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.talk-voice.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.talk-voice.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.talk-voice.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.talk-voice.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.telegram", "kind": "plugin", @@ -49477,6 +53105,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.telegram.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.telegram.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.telegram.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.telegram.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.thread-ownership", "kind": "plugin", @@ -49584,6 +53264,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.thread-ownership.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.thread-ownership.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.thread-ownership.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.thread-ownership.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.tlon", "kind": "plugin", @@ -49653,6 +53385,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.tlon.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.tlon.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.tlon.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.tlon.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.together", "kind": "plugin", @@ -49722,6 +53506,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.together.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.together.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.together.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.together.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.twitch", "kind": "plugin", @@ -49791,6 +53627,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.twitch.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.twitch.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.twitch.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.twitch.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.venice", "kind": "plugin", @@ -49860,6 +53748,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.venice.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.venice.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.venice.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.venice.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.vercel-ai-gateway", "kind": "plugin", @@ -49929,6 +53869,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.vercel-ai-gateway.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.vercel-ai-gateway.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.vercel-ai-gateway.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.vercel-ai-gateway.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.vllm", "kind": "plugin", @@ -49998,6 +53990,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.vllm.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.vllm.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.vllm.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.vllm.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.voice-call", "kind": "plugin", @@ -51184,11 +55228,6 @@ "kind": "plugin", "type": "string", "required": false, - "enumValues": [ - "openai", - "elevenlabs", - "edge" - ], "deprecated": false, "sensitive": false, "tags": [ @@ -51196,7 +55235,7 @@ "media" ], "label": "TTS Provider Override", - "help": "Deep-merges with messages.tts (Edge is ignored for calls).", + "help": "Deep-merges with messages.tts (Microsoft is ignored for calls).", "hasChildren": false }, { @@ -51428,6 +55467,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.voice-call.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.voice-call.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.voice-call.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.voice-call.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.volcengine", "kind": "plugin", @@ -51497,6 +55588,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.volcengine.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.volcengine.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.volcengine.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.volcengine.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.whatsapp", "kind": "plugin", @@ -51566,6 +55709,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.whatsapp.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.whatsapp.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.whatsapp.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.whatsapp.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.xai", "kind": "plugin", @@ -51635,6 +55830,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.xai.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.xai.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.xai.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.xai.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.xiaomi", "kind": "plugin", @@ -51704,6 +55951,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.xiaomi.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.xiaomi.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.xiaomi.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.xiaomi.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.zai", "kind": "plugin", @@ -51773,6 +56072,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.zai.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.zai.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.zai.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.zai.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.zalo", "kind": "plugin", @@ -51842,6 +56193,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.zalo.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.zalo.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.zalo.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.zalo.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.entries.zalouser", "kind": "plugin", @@ -51911,6 +56314,58 @@ "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false }, + { + "path": "plugins.entries.zalouser.subagent", + "kind": "plugin", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "advanced" + ], + "label": "Plugin Subagent Policy", + "help": "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "hasChildren": true + }, + { + "path": "plugins.entries.zalouser.subagent.allowedModels", + "kind": "plugin", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Plugin Subagent Allowed Models", + "help": "Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.", + "hasChildren": true + }, + { + "path": "plugins.entries.zalouser.subagent.allowedModels.*", + "kind": "plugin", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "plugins.entries.zalouser.subagent.allowModelOverride", + "kind": "plugin", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "access" + ], + "label": "Allow Plugin Subagent Model Override", + "help": "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "hasChildren": false + }, { "path": "plugins.installs", "kind": "core", diff --git a/docs/.generated/config-baseline.jsonl b/docs/.generated/config-baseline.jsonl index d8d82d7bb7a..7e76ecdcd3a 100644 --- a/docs/.generated/config-baseline.jsonl +++ b/docs/.generated/config-baseline.jsonl @@ -1,4 +1,4 @@ -{"generatedBy":"scripts/generate-config-doc-baseline.ts","recordType":"meta","totalPaths":5104} +{"generatedBy":"scripts/generate-config-doc-baseline.ts","recordType":"meta","totalPaths":5457} {"recordType":"path","path":"acp","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"ACP","help":"ACP runtime controls for enabling dispatch, selecting backends, constraining allowed agent targets, and tuning streamed turn projection behavior.","hasChildren":true} {"recordType":"path","path":"acp.allowedAgents","kind":"core","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"ACP Allowed Agents","help":"Allowlist of ACP target agent ids permitted for ACP runtime sessions. Empty means no additional allowlist restriction.","hasChildren":true} {"recordType":"path","path":"acp.allowedAgents.*","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} @@ -150,6 +150,10 @@ {"recordType":"path","path":"agents.defaults.humanDelay.maxMs","kind":"core","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":["performance"],"label":"Human Delay Max (ms)","help":"Maximum delay in ms for custom humanDelay (default: 2500).","hasChildren":false} {"recordType":"path","path":"agents.defaults.humanDelay.minMs","kind":"core","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Human Delay Min (ms)","help":"Minimum delay in ms for custom humanDelay (default: 800).","hasChildren":false} {"recordType":"path","path":"agents.defaults.humanDelay.mode","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Human Delay Mode","help":"Delay style for block replies (\"off\", \"natural\", \"custom\").","hasChildren":false} +{"recordType":"path","path":"agents.defaults.imageGenerationModel","kind":"core","type":["object","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"agents.defaults.imageGenerationModel.fallbacks","kind":"core","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["media","reliability"],"label":"Image Generation Model Fallbacks","help":"Ordered fallback image-generation models (provider/model).","hasChildren":true} +{"recordType":"path","path":"agents.defaults.imageGenerationModel.fallbacks.*","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"agents.defaults.imageGenerationModel.primary","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["media"],"label":"Image Generation Model","help":"Optional image-generation model (provider/model) used by the shared image generation capability.","hasChildren":false} {"recordType":"path","path":"agents.defaults.imageMaxDimensionPx","kind":"core","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":["media","performance"],"label":"Image Max Dimension (px)","help":"Max image side length in pixels when sanitizing transcript/tool-result image payloads (default: 1200).","hasChildren":false} {"recordType":"path","path":"agents.defaults.imageModel","kind":"core","type":["object","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"agents.defaults.imageModel.fallbacks","kind":"core","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["media","models","reliability"],"label":"Image Model Fallbacks","help":"Ordered fallback image models (provider/model).","hasChildren":true} @@ -1047,6 +1051,17 @@ {"recordType":"path","path":"channels.discord.accounts.*.voice.tts.elevenlabs.voiceSettings.useSpeakerBoost","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.discord.accounts.*.voice.tts.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.discord.accounts.*.voice.tts.maxTextLength","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.discord.accounts.*.voice.tts.microsoft","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.discord.accounts.*.voice.tts.microsoft.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.discord.accounts.*.voice.tts.microsoft.lang","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.discord.accounts.*.voice.tts.microsoft.outputFormat","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.discord.accounts.*.voice.tts.microsoft.pitch","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.discord.accounts.*.voice.tts.microsoft.proxy","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.discord.accounts.*.voice.tts.microsoft.rate","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.discord.accounts.*.voice.tts.microsoft.saveSubtitles","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.discord.accounts.*.voice.tts.microsoft.timeoutMs","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.discord.accounts.*.voice.tts.microsoft.voice","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.discord.accounts.*.voice.tts.microsoft.volume","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.discord.accounts.*.voice.tts.mode","kind":"channel","type":"string","required":false,"enumValues":["final","all"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.discord.accounts.*.voice.tts.modelOverrides","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.discord.accounts.*.voice.tts.modelOverrides.allowModelId","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} @@ -1068,7 +1083,7 @@ {"recordType":"path","path":"channels.discord.accounts.*.voice.tts.openai.speed","kind":"channel","type":"number","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.discord.accounts.*.voice.tts.openai.voice","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.discord.accounts.*.voice.tts.prefsPath","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} -{"recordType":"path","path":"channels.discord.accounts.*.voice.tts.provider","kind":"channel","type":"string","required":false,"enumValues":["elevenlabs","openai","edge"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.discord.accounts.*.voice.tts.provider","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.discord.accounts.*.voice.tts.summaryModel","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.discord.accounts.*.voice.tts.timeoutMs","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.discord.ackReaction","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} @@ -1302,6 +1317,17 @@ {"recordType":"path","path":"channels.discord.voice.tts.elevenlabs.voiceSettings.useSpeakerBoost","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.discord.voice.tts.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.discord.voice.tts.maxTextLength","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.discord.voice.tts.microsoft","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.discord.voice.tts.microsoft.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.discord.voice.tts.microsoft.lang","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.discord.voice.tts.microsoft.outputFormat","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.discord.voice.tts.microsoft.pitch","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.discord.voice.tts.microsoft.proxy","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.discord.voice.tts.microsoft.rate","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.discord.voice.tts.microsoft.saveSubtitles","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.discord.voice.tts.microsoft.timeoutMs","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.discord.voice.tts.microsoft.voice","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.discord.voice.tts.microsoft.volume","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.discord.voice.tts.mode","kind":"channel","type":"string","required":false,"enumValues":["final","all"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.discord.voice.tts.modelOverrides","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.discord.voice.tts.modelOverrides.allowModelId","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} @@ -1323,7 +1349,7 @@ {"recordType":"path","path":"channels.discord.voice.tts.openai.speed","kind":"channel","type":"number","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.discord.voice.tts.openai.voice","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.discord.voice.tts.prefsPath","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} -{"recordType":"path","path":"channels.discord.voice.tts.provider","kind":"channel","type":"string","required":false,"enumValues":["elevenlabs","openai","edge"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.discord.voice.tts.provider","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.discord.voice.tts.summaryModel","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.discord.voice.tts.timeoutMs","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["channels","network"],"label":"Feishu","help":"飞书/Lark enterprise messaging.","hasChildren":true} @@ -3431,12 +3457,14 @@ {"recordType":"path","path":"commands.bashForegroundMs","kind":"core","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Bash Foreground Window (ms)","help":"How long bash waits before backgrounding (default: 2000; 0 backgrounds immediately).","hasChildren":false} {"recordType":"path","path":"commands.config","kind":"core","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Allow /config","help":"Allow /config chat command to read/write config on disk (default: false).","hasChildren":false} {"recordType":"path","path":"commands.debug","kind":"core","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Allow /debug","help":"Allow /debug chat command for runtime-only overrides (default: false).","hasChildren":false} +{"recordType":"path","path":"commands.mcp","kind":"core","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Allow /mcp","help":"Allow /mcp chat command to manage OpenClaw MCP server config under mcp.servers (default: false).","hasChildren":false} {"recordType":"path","path":"commands.native","kind":"core","type":["boolean","string"],"required":true,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Native Commands","help":"Registers native slash/menu commands with channels that support command registration (Discord, Slack, Telegram). Keep enabled for discoverability unless you intentionally run text-only command workflows.","hasChildren":false} {"recordType":"path","path":"commands.nativeSkills","kind":"core","type":["boolean","string"],"required":true,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Native Skill Commands","help":"Registers native skill commands so users can invoke skills directly from provider command menus where supported. Keep aligned with your skill policy so exposed commands match what operators expect.","hasChildren":false} {"recordType":"path","path":"commands.ownerAllowFrom","kind":"core","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Command Owners","help":"Explicit owner allowlist for owner-only tools/commands. Use channel-native IDs (optionally prefixed like \"whatsapp:+15551234567\"). '*' is ignored.","hasChildren":true} {"recordType":"path","path":"commands.ownerAllowFrom.*","kind":"core","type":["number","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"commands.ownerDisplay","kind":"core","type":"string","required":true,"enumValues":["raw","hash"],"defaultValue":"raw","deprecated":false,"sensitive":false,"tags":["access"],"label":"Owner ID Display","help":"Controls how owner IDs are rendered in the system prompt. Allowed values: raw, hash. Default: raw.","hasChildren":false} {"recordType":"path","path":"commands.ownerDisplaySecret","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":true,"tags":["access","auth","security"],"label":"Owner ID Hash Secret","help":"Optional secret used to HMAC hash owner IDs when ownerDisplay=hash. Prefer env substitution.","hasChildren":false} +{"recordType":"path","path":"commands.plugins","kind":"core","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Allow /plugins","help":"Allow /plugins chat command to list discovered plugins and toggle plugin enablement in config (default: false).","hasChildren":false} {"recordType":"path","path":"commands.restart","kind":"core","type":"boolean","required":true,"defaultValue":true,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Allow Restart","help":"Allow /restart and gateway restart tool actions (default: true).","hasChildren":false} {"recordType":"path","path":"commands.text","kind":"core","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Text Commands","help":"Enables text-command parsing in chat input in addition to native command surfaces where available. Keep this enabled for compatibility across channels that do not support native command registration.","hasChildren":false} {"recordType":"path","path":"commands.useAccessGroups","kind":"core","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Use Access Groups","help":"Enforce access-group allowlists/policies for commands.","hasChildren":false} @@ -3551,11 +3579,11 @@ {"recordType":"path","path":"gateway.http.endpoints.chatCompletions.images","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["media","network"],"label":"OpenAI Chat Completions Image Limits","help":"Image fetch/validation controls for OpenAI-compatible `image_url` parts.","hasChildren":true} {"recordType":"path","path":"gateway.http.endpoints.chatCompletions.images.allowedMimes","kind":"core","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access","media","network"],"label":"OpenAI Chat Completions Image MIME Allowlist","help":"Allowed MIME types for `image_url` parts (case-insensitive list).","hasChildren":true} {"recordType":"path","path":"gateway.http.endpoints.chatCompletions.images.allowedMimes.*","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} -{"recordType":"path","path":"gateway.http.endpoints.chatCompletions.images.allowUrl","kind":"core","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access","media","network"],"label":"OpenAI Chat Completions Allow Image URLs","help":"Allow server-side URL fetches for `image_url` parts (default: false; data URIs remain supported).","hasChildren":false} +{"recordType":"path","path":"gateway.http.endpoints.chatCompletions.images.allowUrl","kind":"core","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access","media","network"],"label":"OpenAI Chat Completions Allow Image URLs","help":"Allow server-side URL fetches for `image_url` parts (default: false; data URIs remain supported). Set this to `false` to disable URL fetching entirely.","hasChildren":false} {"recordType":"path","path":"gateway.http.endpoints.chatCompletions.images.maxBytes","kind":"core","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":["media","network","performance"],"label":"OpenAI Chat Completions Image Max Bytes","help":"Max bytes per fetched/decoded `image_url` image (default: 10MB).","hasChildren":false} {"recordType":"path","path":"gateway.http.endpoints.chatCompletions.images.maxRedirects","kind":"core","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":["media","network","performance","storage"],"label":"OpenAI Chat Completions Image Max Redirects","help":"Max HTTP redirects allowed when fetching `image_url` URLs (default: 3).","hasChildren":false} {"recordType":"path","path":"gateway.http.endpoints.chatCompletions.images.timeoutMs","kind":"core","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":["media","network","performance"],"label":"OpenAI Chat Completions Image Timeout (ms)","help":"Timeout in milliseconds for `image_url` URL fetches (default: 10000).","hasChildren":false} -{"recordType":"path","path":"gateway.http.endpoints.chatCompletions.images.urlAllowlist","kind":"core","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access","media","network"],"label":"OpenAI Chat Completions Image URL Allowlist","help":"Optional hostname allowlist for `image_url` URL fetches; supports exact hosts and `*.example.com` wildcards.","hasChildren":true} +{"recordType":"path","path":"gateway.http.endpoints.chatCompletions.images.urlAllowlist","kind":"core","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access","media","network"],"label":"OpenAI Chat Completions Image URL Allowlist","help":"Optional hostname allowlist for `image_url` URL fetches; supports exact hosts and `*.example.com` wildcards. Empty or omitted lists mean no hostname allowlist restriction.","hasChildren":true} {"recordType":"path","path":"gateway.http.endpoints.chatCompletions.images.urlAllowlist.*","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"gateway.http.endpoints.chatCompletions.maxBodyBytes","kind":"core","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":["network","performance"],"label":"OpenAI Chat Completions Max Body Bytes","help":"Max request body size in bytes for `/v1/chat/completions` (default: 20MB).","hasChildren":false} {"recordType":"path","path":"gateway.http.endpoints.chatCompletions.maxImageParts","kind":"core","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":["media","network","performance"],"label":"OpenAI Chat Completions Max Image Parts","help":"Max number of `image_url` parts accepted from the latest user message (default: 8).","hasChildren":false} @@ -3737,6 +3765,18 @@ {"recordType":"path","path":"logging.redactPatterns","kind":"core","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["observability","privacy"],"label":"Custom Redaction Patterns","help":"Additional custom redact regex patterns applied to log output before emission/storage. Use this to mask org-specific tokens and identifiers not covered by built-in redaction rules.","hasChildren":true} {"recordType":"path","path":"logging.redactPatterns.*","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"logging.redactSensitive","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["observability","privacy"],"label":"Sensitive Data Redaction Mode","help":"Sensitive redaction mode: \"off\" disables built-in masking, while \"tools\" redacts sensitive tool/config payload fields. Keep \"tools\" in shared logs unless you have isolated secure log sinks.","hasChildren":false} +{"recordType":"path","path":"mcp","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"MCP","help":"Global MCP server definitions managed by OpenClaw. Embedded Pi and other runtime adapters can consume these servers without storing them inside Pi-owned project settings.","hasChildren":true} +{"recordType":"path","path":"mcp.servers","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"MCP Servers","help":"Named MCP server definitions. OpenClaw stores them in its own config and runtime adapters decide which transports are supported at execution time.","hasChildren":true} +{"recordType":"path","path":"mcp.servers.*","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"mcp.servers.*.*","kind":"core","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"mcp.servers.*.args","kind":"core","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"mcp.servers.*.args.*","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"mcp.servers.*.command","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"mcp.servers.*.cwd","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"mcp.servers.*.env","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"mcp.servers.*.env.*","kind":"core","type":["boolean","number","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"mcp.servers.*.url","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"mcp.servers.*.workingDirectory","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"media","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Media","help":"Top-level media behavior shared across providers and tools that handle inbound files. Keep defaults unless you need stable filenames for external processing pipelines or longer-lived inbound media retention.","hasChildren":true} {"recordType":"path","path":"media.preserveFilenames","kind":"core","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["storage"],"label":"Preserve Media Filenames","help":"When enabled, uploaded media keeps its original filename instead of a generated temp-safe name. Turn this on when downstream automations depend on stable names, and leave off to reduce accidental filename leakage.","hasChildren":false} {"recordType":"path","path":"media.ttlHours","kind":"core","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Media Retention TTL (hours)","help":"Optional retention window in hours for persisted inbound media cleanup across the full media tree. Leave unset to preserve legacy behavior, or set values like 24 (1 day) or 168 (7 days) when you want automatic cleanup.","hasChildren":false} @@ -3867,6 +3907,17 @@ {"recordType":"path","path":"messages.tts.elevenlabs.voiceSettings.useSpeakerBoost","kind":"core","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"messages.tts.enabled","kind":"core","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"messages.tts.maxTextLength","kind":"core","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"messages.tts.microsoft","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"messages.tts.microsoft.enabled","kind":"core","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"messages.tts.microsoft.lang","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"messages.tts.microsoft.outputFormat","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"messages.tts.microsoft.pitch","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"messages.tts.microsoft.proxy","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"messages.tts.microsoft.rate","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"messages.tts.microsoft.saveSubtitles","kind":"core","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"messages.tts.microsoft.timeoutMs","kind":"core","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"messages.tts.microsoft.voice","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"messages.tts.microsoft.volume","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"messages.tts.mode","kind":"core","type":"string","required":false,"enumValues":["final","all"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"messages.tts.modelOverrides","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"messages.tts.modelOverrides.allowModelId","kind":"core","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} @@ -3888,7 +3939,7 @@ {"recordType":"path","path":"messages.tts.openai.speed","kind":"core","type":"number","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"messages.tts.openai.voice","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"messages.tts.prefsPath","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} -{"recordType":"path","path":"messages.tts.provider","kind":"core","type":"string","required":false,"enumValues":["elevenlabs","openai","edge"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"messages.tts.provider","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"messages.tts.summaryModel","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"messages.tts.timeoutMs","kind":"core","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"meta","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Metadata","help":"Metadata fields automatically maintained by OpenClaw to record write/version history for this config file. Keep these values system-managed and avoid manual edits unless debugging migration history.","hasChildren":true} @@ -3969,6 +4020,10 @@ {"recordType":"path","path":"plugins.entries.*.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Enabled","help":"Per-plugin enablement override for a specific entry, applied on top of global plugin policy (restart required). Use this to stage plugin rollout gradually across environments.","hasChildren":false} {"recordType":"path","path":"plugins.entries.*.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.*.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.*.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.*.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.*.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.*.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.acpx","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"ACPX Runtime","help":"ACP runtime backend powered by acpx with configurable command path and version policy. (plugin: acpx)","hasChildren":true} {"recordType":"path","path":"plugins.entries.acpx.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"ACPX Runtime Config","help":"Plugin-defined config payload for acpx.","hasChildren":true} {"recordType":"path","path":"plugins.entries.acpx.config.command","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"acpx Command","help":"Optional path/command override for acpx (for example /home/user/repos/acpx/dist/cli.js). Leave unset to use plugin-local bundled acpx.","hasChildren":false} @@ -3989,52 +4044,92 @@ {"recordType":"path","path":"plugins.entries.acpx.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable ACPX Runtime","hasChildren":false} {"recordType":"path","path":"plugins.entries.acpx.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.acpx.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.acpx.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.acpx.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.acpx.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.acpx.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.amazon-bedrock","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/amazon-bedrock-provider","help":"OpenClaw Amazon Bedrock provider plugin (plugin: amazon-bedrock)","hasChildren":true} {"recordType":"path","path":"plugins.entries.amazon-bedrock.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/amazon-bedrock-provider Config","help":"Plugin-defined config payload for amazon-bedrock.","hasChildren":false} {"recordType":"path","path":"plugins.entries.amazon-bedrock.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/amazon-bedrock-provider","hasChildren":false} {"recordType":"path","path":"plugins.entries.amazon-bedrock.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.amazon-bedrock.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.amazon-bedrock.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.amazon-bedrock.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.amazon-bedrock.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.amazon-bedrock.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.anthropic","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/anthropic-provider","help":"OpenClaw Anthropic provider plugin (plugin: anthropic)","hasChildren":true} {"recordType":"path","path":"plugins.entries.anthropic.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/anthropic-provider Config","help":"Plugin-defined config payload for anthropic.","hasChildren":false} {"recordType":"path","path":"plugins.entries.anthropic.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/anthropic-provider","hasChildren":false} {"recordType":"path","path":"plugins.entries.anthropic.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.anthropic.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.anthropic.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.anthropic.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.anthropic.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.anthropic.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.bluebubbles","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/bluebubbles","help":"OpenClaw BlueBubbles channel plugin (plugin: bluebubbles)","hasChildren":true} {"recordType":"path","path":"plugins.entries.bluebubbles.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/bluebubbles Config","help":"Plugin-defined config payload for bluebubbles.","hasChildren":false} {"recordType":"path","path":"plugins.entries.bluebubbles.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/bluebubbles","hasChildren":false} {"recordType":"path","path":"plugins.entries.bluebubbles.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.bluebubbles.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.bluebubbles.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.bluebubbles.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.bluebubbles.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.bluebubbles.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.brave","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/brave-plugin","help":"OpenClaw Brave plugin (plugin: brave)","hasChildren":true} {"recordType":"path","path":"plugins.entries.brave.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/brave-plugin Config","help":"Plugin-defined config payload for brave.","hasChildren":false} {"recordType":"path","path":"plugins.entries.brave.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/brave-plugin","hasChildren":false} {"recordType":"path","path":"plugins.entries.brave.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.brave.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.brave.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.brave.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.brave.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.brave.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.byteplus","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/byteplus-provider","help":"OpenClaw BytePlus provider plugin (plugin: byteplus)","hasChildren":true} {"recordType":"path","path":"plugins.entries.byteplus.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/byteplus-provider Config","help":"Plugin-defined config payload for byteplus.","hasChildren":false} {"recordType":"path","path":"plugins.entries.byteplus.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/byteplus-provider","hasChildren":false} {"recordType":"path","path":"plugins.entries.byteplus.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.byteplus.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.byteplus.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.byteplus.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.byteplus.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.byteplus.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.cloudflare-ai-gateway","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/cloudflare-ai-gateway-provider","help":"OpenClaw Cloudflare AI Gateway provider plugin (plugin: cloudflare-ai-gateway)","hasChildren":true} {"recordType":"path","path":"plugins.entries.cloudflare-ai-gateway.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/cloudflare-ai-gateway-provider Config","help":"Plugin-defined config payload for cloudflare-ai-gateway.","hasChildren":false} {"recordType":"path","path":"plugins.entries.cloudflare-ai-gateway.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/cloudflare-ai-gateway-provider","hasChildren":false} {"recordType":"path","path":"plugins.entries.cloudflare-ai-gateway.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.cloudflare-ai-gateway.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.cloudflare-ai-gateway.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.cloudflare-ai-gateway.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.cloudflare-ai-gateway.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.cloudflare-ai-gateway.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.copilot-proxy","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/copilot-proxy","help":"OpenClaw Copilot Proxy provider plugin (plugin: copilot-proxy)","hasChildren":true} {"recordType":"path","path":"plugins.entries.copilot-proxy.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/copilot-proxy Config","help":"Plugin-defined config payload for copilot-proxy.","hasChildren":false} {"recordType":"path","path":"plugins.entries.copilot-proxy.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/copilot-proxy","hasChildren":false} {"recordType":"path","path":"plugins.entries.copilot-proxy.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.copilot-proxy.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.copilot-proxy.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.copilot-proxy.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.copilot-proxy.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.copilot-proxy.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.device-pair","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Device Pairing","help":"Generate setup codes and approve device pairing requests. (plugin: device-pair)","hasChildren":true} {"recordType":"path","path":"plugins.entries.device-pair.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Device Pairing Config","help":"Plugin-defined config payload for device-pair.","hasChildren":true} {"recordType":"path","path":"plugins.entries.device-pair.config.publicUrl","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Gateway URL","help":"Public WebSocket URL used for /pair setup codes (ws/wss or http/https).","hasChildren":false} {"recordType":"path","path":"plugins.entries.device-pair.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable Device Pairing","hasChildren":false} {"recordType":"path","path":"plugins.entries.device-pair.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.device-pair.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.device-pair.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.device-pair.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.device-pair.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.device-pair.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.diagnostics-otel","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["observability"],"label":"@openclaw/diagnostics-otel","help":"OpenClaw diagnostics OpenTelemetry exporter (plugin: diagnostics-otel)","hasChildren":true} {"recordType":"path","path":"plugins.entries.diagnostics-otel.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["observability"],"label":"@openclaw/diagnostics-otel Config","help":"Plugin-defined config payload for diagnostics-otel.","hasChildren":false} {"recordType":"path","path":"plugins.entries.diagnostics-otel.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["observability"],"label":"Enable @openclaw/diagnostics-otel","hasChildren":false} {"recordType":"path","path":"plugins.entries.diagnostics-otel.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.diagnostics-otel.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.diagnostics-otel.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.diagnostics-otel.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.diagnostics-otel.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.diagnostics-otel.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.diffs","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Diffs","help":"Read-only diff viewer and file renderer for agents. (plugin: diffs)","hasChildren":true} {"recordType":"path","path":"plugins.entries.diffs.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Diffs Config","help":"Plugin-defined config payload for diffs.","hasChildren":true} {"recordType":"path","path":"plugins.entries.diffs.config.defaults","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} @@ -4062,66 +4157,127 @@ {"recordType":"path","path":"plugins.entries.diffs.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable Diffs","hasChildren":false} {"recordType":"path","path":"plugins.entries.diffs.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.diffs.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.diffs.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.diffs.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.diffs.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.diffs.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.discord","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/discord","help":"OpenClaw Discord channel plugin (plugin: discord)","hasChildren":true} {"recordType":"path","path":"plugins.entries.discord.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/discord Config","help":"Plugin-defined config payload for discord.","hasChildren":false} {"recordType":"path","path":"plugins.entries.discord.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/discord","hasChildren":false} {"recordType":"path","path":"plugins.entries.discord.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.discord.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.discord.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.discord.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.discord.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.discord.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.elevenlabs","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/elevenlabs-speech","help":"OpenClaw ElevenLabs speech plugin (plugin: elevenlabs)","hasChildren":true} +{"recordType":"path","path":"plugins.entries.elevenlabs.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/elevenlabs-speech Config","help":"Plugin-defined config payload for elevenlabs.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.elevenlabs.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/elevenlabs-speech","hasChildren":false} +{"recordType":"path","path":"plugins.entries.elevenlabs.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.elevenlabs.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.elevenlabs.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.elevenlabs.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.elevenlabs.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.elevenlabs.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.feishu","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/feishu","help":"OpenClaw Feishu/Lark channel plugin (community maintained by @m1heng) (plugin: feishu)","hasChildren":true} {"recordType":"path","path":"plugins.entries.feishu.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/feishu Config","help":"Plugin-defined config payload for feishu.","hasChildren":false} {"recordType":"path","path":"plugins.entries.feishu.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/feishu","hasChildren":false} {"recordType":"path","path":"plugins.entries.feishu.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.feishu.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.feishu.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.feishu.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.feishu.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.feishu.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.firecrawl","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/firecrawl-plugin","help":"OpenClaw Firecrawl plugin (plugin: firecrawl)","hasChildren":true} {"recordType":"path","path":"plugins.entries.firecrawl.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/firecrawl-plugin Config","help":"Plugin-defined config payload for firecrawl.","hasChildren":false} {"recordType":"path","path":"plugins.entries.firecrawl.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/firecrawl-plugin","hasChildren":false} {"recordType":"path","path":"plugins.entries.firecrawl.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.firecrawl.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.firecrawl.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.firecrawl.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.firecrawl.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.firecrawl.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.github-copilot","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/github-copilot-provider","help":"OpenClaw GitHub Copilot provider plugin (plugin: github-copilot)","hasChildren":true} {"recordType":"path","path":"plugins.entries.github-copilot.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/github-copilot-provider Config","help":"Plugin-defined config payload for github-copilot.","hasChildren":false} {"recordType":"path","path":"plugins.entries.github-copilot.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/github-copilot-provider","hasChildren":false} {"recordType":"path","path":"plugins.entries.github-copilot.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.github-copilot.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.github-copilot.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.github-copilot.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.github-copilot.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.github-copilot.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.google","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/google-plugin","help":"OpenClaw Google plugin (plugin: google)","hasChildren":true} {"recordType":"path","path":"plugins.entries.google.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/google-plugin Config","help":"Plugin-defined config payload for google.","hasChildren":false} {"recordType":"path","path":"plugins.entries.google.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/google-plugin","hasChildren":false} {"recordType":"path","path":"plugins.entries.google.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.google.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.google.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.google.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.google.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.google.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.googlechat","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/googlechat","help":"OpenClaw Google Chat channel plugin (plugin: googlechat)","hasChildren":true} {"recordType":"path","path":"plugins.entries.googlechat.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/googlechat Config","help":"Plugin-defined config payload for googlechat.","hasChildren":false} {"recordType":"path","path":"plugins.entries.googlechat.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/googlechat","hasChildren":false} {"recordType":"path","path":"plugins.entries.googlechat.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.googlechat.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.googlechat.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.googlechat.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.googlechat.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.googlechat.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.huggingface","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/huggingface-provider","help":"OpenClaw Hugging Face provider plugin (plugin: huggingface)","hasChildren":true} {"recordType":"path","path":"plugins.entries.huggingface.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/huggingface-provider Config","help":"Plugin-defined config payload for huggingface.","hasChildren":false} {"recordType":"path","path":"plugins.entries.huggingface.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/huggingface-provider","hasChildren":false} {"recordType":"path","path":"plugins.entries.huggingface.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.huggingface.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.huggingface.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.huggingface.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.huggingface.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.huggingface.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.imessage","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/imessage","help":"OpenClaw iMessage channel plugin (plugin: imessage)","hasChildren":true} {"recordType":"path","path":"plugins.entries.imessage.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/imessage Config","help":"Plugin-defined config payload for imessage.","hasChildren":false} {"recordType":"path","path":"plugins.entries.imessage.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/imessage","hasChildren":false} {"recordType":"path","path":"plugins.entries.imessage.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.imessage.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.imessage.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.imessage.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.imessage.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.imessage.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.irc","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/irc","help":"OpenClaw IRC channel plugin (plugin: irc)","hasChildren":true} {"recordType":"path","path":"plugins.entries.irc.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/irc Config","help":"Plugin-defined config payload for irc.","hasChildren":false} {"recordType":"path","path":"plugins.entries.irc.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/irc","hasChildren":false} {"recordType":"path","path":"plugins.entries.irc.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.irc.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.irc.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.irc.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.irc.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.irc.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.kilocode","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/kilocode-provider","help":"OpenClaw Kilo Gateway provider plugin (plugin: kilocode)","hasChildren":true} {"recordType":"path","path":"plugins.entries.kilocode.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/kilocode-provider Config","help":"Plugin-defined config payload for kilocode.","hasChildren":false} {"recordType":"path","path":"plugins.entries.kilocode.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/kilocode-provider","hasChildren":false} {"recordType":"path","path":"plugins.entries.kilocode.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.kilocode.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} -{"recordType":"path","path":"plugins.entries.kimi-coding","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/kimi-coding-provider","help":"OpenClaw Kimi Coding provider plugin (plugin: kimi-coding)","hasChildren":true} -{"recordType":"path","path":"plugins.entries.kimi-coding.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/kimi-coding-provider Config","help":"Plugin-defined config payload for kimi-coding.","hasChildren":false} -{"recordType":"path","path":"plugins.entries.kimi-coding.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/kimi-coding-provider","hasChildren":false} -{"recordType":"path","path":"plugins.entries.kimi-coding.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} -{"recordType":"path","path":"plugins.entries.kimi-coding.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.kilocode.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.kilocode.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.kilocode.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.kilocode.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.kimi","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/kimi-provider","help":"OpenClaw Kimi provider plugin (plugin: kimi)","hasChildren":true} +{"recordType":"path","path":"plugins.entries.kimi.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/kimi-provider Config","help":"Plugin-defined config payload for kimi.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.kimi.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/kimi-provider","hasChildren":false} +{"recordType":"path","path":"plugins.entries.kimi.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.kimi.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.kimi.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.kimi.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.kimi.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.kimi.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.line","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/line","help":"OpenClaw LINE channel plugin (plugin: line)","hasChildren":true} {"recordType":"path","path":"plugins.entries.line.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/line Config","help":"Plugin-defined config payload for line.","hasChildren":false} {"recordType":"path","path":"plugins.entries.line.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/line","hasChildren":false} {"recordType":"path","path":"plugins.entries.line.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.line.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.line.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.line.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.line.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.line.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.llm-task","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"LLM Task","help":"Generic JSON-only LLM tool for structured tasks callable from workflows. (plugin: llm-task)","hasChildren":true} {"recordType":"path","path":"plugins.entries.llm-task.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"LLM Task Config","help":"Plugin-defined config payload for llm-task.","hasChildren":true} {"recordType":"path","path":"plugins.entries.llm-task.config.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} @@ -4134,26 +4290,46 @@ {"recordType":"path","path":"plugins.entries.llm-task.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable LLM Task","hasChildren":false} {"recordType":"path","path":"plugins.entries.llm-task.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.llm-task.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.llm-task.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.llm-task.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.llm-task.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.llm-task.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.lobster","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Lobster","help":"Typed workflow tool with resumable approvals. (plugin: lobster)","hasChildren":true} {"recordType":"path","path":"plugins.entries.lobster.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Lobster Config","help":"Plugin-defined config payload for lobster.","hasChildren":false} {"recordType":"path","path":"plugins.entries.lobster.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable Lobster","hasChildren":false} {"recordType":"path","path":"plugins.entries.lobster.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.lobster.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.lobster.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.lobster.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.lobster.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.lobster.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.matrix","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/matrix","help":"OpenClaw Matrix channel plugin (plugin: matrix)","hasChildren":true} {"recordType":"path","path":"plugins.entries.matrix.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/matrix Config","help":"Plugin-defined config payload for matrix.","hasChildren":false} {"recordType":"path","path":"plugins.entries.matrix.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/matrix","hasChildren":false} {"recordType":"path","path":"plugins.entries.matrix.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.matrix.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.matrix.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.matrix.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.matrix.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.matrix.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.mattermost","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/mattermost","help":"OpenClaw Mattermost channel plugin (plugin: mattermost)","hasChildren":true} {"recordType":"path","path":"plugins.entries.mattermost.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/mattermost Config","help":"Plugin-defined config payload for mattermost.","hasChildren":false} {"recordType":"path","path":"plugins.entries.mattermost.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/mattermost","hasChildren":false} {"recordType":"path","path":"plugins.entries.mattermost.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.mattermost.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.mattermost.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.mattermost.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.mattermost.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.mattermost.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.memory-core","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/memory-core","help":"OpenClaw core memory search plugin (plugin: memory-core)","hasChildren":true} {"recordType":"path","path":"plugins.entries.memory-core.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/memory-core Config","help":"Plugin-defined config payload for memory-core.","hasChildren":false} {"recordType":"path","path":"plugins.entries.memory-core.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/memory-core","hasChildren":false} {"recordType":"path","path":"plugins.entries.memory-core.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.memory-core.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.memory-core.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.memory-core.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.memory-core.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.memory-core.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.memory-lancedb","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["storage"],"label":"@openclaw/memory-lancedb","help":"OpenClaw LanceDB-backed long-term memory plugin with auto-recall/capture (plugin: memory-lancedb)","hasChildren":true} {"recordType":"path","path":"plugins.entries.memory-lancedb.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["storage"],"label":"@openclaw/memory-lancedb Config","help":"Plugin-defined config payload for memory-lancedb.","hasChildren":true} {"recordType":"path","path":"plugins.entries.memory-lancedb.config.autoCapture","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["storage"],"label":"Auto-Capture","help":"Automatically capture important information from conversations","hasChildren":false} @@ -4168,76 +4344,145 @@ {"recordType":"path","path":"plugins.entries.memory-lancedb.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["storage"],"label":"Enable @openclaw/memory-lancedb","hasChildren":false} {"recordType":"path","path":"plugins.entries.memory-lancedb.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.memory-lancedb.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.memory-lancedb.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.memory-lancedb.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.memory-lancedb.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.memory-lancedb.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.microsoft","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/microsoft-speech","help":"OpenClaw Microsoft speech plugin (plugin: microsoft)","hasChildren":true} +{"recordType":"path","path":"plugins.entries.microsoft.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/microsoft-speech Config","help":"Plugin-defined config payload for microsoft.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.microsoft.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/microsoft-speech","hasChildren":false} +{"recordType":"path","path":"plugins.entries.microsoft.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.microsoft.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.microsoft.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.microsoft.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.microsoft.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.microsoft.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.minimax","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["performance"],"label":"@openclaw/minimax-provider","help":"OpenClaw MiniMax provider and OAuth plugin (plugin: minimax)","hasChildren":true} {"recordType":"path","path":"plugins.entries.minimax.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["performance"],"label":"@openclaw/minimax-provider Config","help":"Plugin-defined config payload for minimax.","hasChildren":false} {"recordType":"path","path":"plugins.entries.minimax.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["performance"],"label":"Enable @openclaw/minimax-provider","hasChildren":false} {"recordType":"path","path":"plugins.entries.minimax.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.minimax.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.minimax.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.minimax.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.minimax.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.minimax.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.mistral","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/mistral-provider","help":"OpenClaw Mistral provider plugin (plugin: mistral)","hasChildren":true} {"recordType":"path","path":"plugins.entries.mistral.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/mistral-provider Config","help":"Plugin-defined config payload for mistral.","hasChildren":false} {"recordType":"path","path":"plugins.entries.mistral.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/mistral-provider","hasChildren":false} {"recordType":"path","path":"plugins.entries.mistral.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.mistral.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.mistral.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.mistral.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.mistral.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.mistral.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.modelstudio","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/modelstudio-provider","help":"OpenClaw Model Studio provider plugin (plugin: modelstudio)","hasChildren":true} {"recordType":"path","path":"plugins.entries.modelstudio.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/modelstudio-provider Config","help":"Plugin-defined config payload for modelstudio.","hasChildren":false} {"recordType":"path","path":"plugins.entries.modelstudio.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/modelstudio-provider","hasChildren":false} {"recordType":"path","path":"plugins.entries.modelstudio.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.modelstudio.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.modelstudio.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.modelstudio.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.modelstudio.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.modelstudio.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.moonshot","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/moonshot-provider","help":"OpenClaw Moonshot provider plugin (plugin: moonshot)","hasChildren":true} {"recordType":"path","path":"plugins.entries.moonshot.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/moonshot-provider Config","help":"Plugin-defined config payload for moonshot.","hasChildren":false} {"recordType":"path","path":"plugins.entries.moonshot.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/moonshot-provider","hasChildren":false} {"recordType":"path","path":"plugins.entries.moonshot.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.moonshot.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.moonshot.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.moonshot.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.moonshot.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.moonshot.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.msteams","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/msteams","help":"OpenClaw Microsoft Teams channel plugin (plugin: msteams)","hasChildren":true} {"recordType":"path","path":"plugins.entries.msteams.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/msteams Config","help":"Plugin-defined config payload for msteams.","hasChildren":false} {"recordType":"path","path":"plugins.entries.msteams.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/msteams","hasChildren":false} {"recordType":"path","path":"plugins.entries.msteams.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.msteams.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.msteams.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.msteams.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.msteams.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.msteams.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.nextcloud-talk","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/nextcloud-talk","help":"OpenClaw Nextcloud Talk channel plugin (plugin: nextcloud-talk)","hasChildren":true} {"recordType":"path","path":"plugins.entries.nextcloud-talk.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/nextcloud-talk Config","help":"Plugin-defined config payload for nextcloud-talk.","hasChildren":false} {"recordType":"path","path":"plugins.entries.nextcloud-talk.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/nextcloud-talk","hasChildren":false} {"recordType":"path","path":"plugins.entries.nextcloud-talk.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.nextcloud-talk.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.nextcloud-talk.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.nextcloud-talk.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.nextcloud-talk.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.nextcloud-talk.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.nostr","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/nostr","help":"OpenClaw Nostr channel plugin for NIP-04 encrypted DMs (plugin: nostr)","hasChildren":true} {"recordType":"path","path":"plugins.entries.nostr.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/nostr Config","help":"Plugin-defined config payload for nostr.","hasChildren":false} {"recordType":"path","path":"plugins.entries.nostr.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/nostr","hasChildren":false} {"recordType":"path","path":"plugins.entries.nostr.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.nostr.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.nostr.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.nostr.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.nostr.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.nostr.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.nvidia","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/nvidia-provider","help":"OpenClaw NVIDIA provider plugin (plugin: nvidia)","hasChildren":true} {"recordType":"path","path":"plugins.entries.nvidia.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/nvidia-provider Config","help":"Plugin-defined config payload for nvidia.","hasChildren":false} {"recordType":"path","path":"plugins.entries.nvidia.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/nvidia-provider","hasChildren":false} {"recordType":"path","path":"plugins.entries.nvidia.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.nvidia.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.nvidia.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.nvidia.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.nvidia.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.nvidia.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.ollama","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/ollama-provider","help":"OpenClaw Ollama provider plugin (plugin: ollama)","hasChildren":true} {"recordType":"path","path":"plugins.entries.ollama.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/ollama-provider Config","help":"Plugin-defined config payload for ollama.","hasChildren":false} {"recordType":"path","path":"plugins.entries.ollama.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/ollama-provider","hasChildren":false} {"recordType":"path","path":"plugins.entries.ollama.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.ollama.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.ollama.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.ollama.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.ollama.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.ollama.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.open-prose","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"OpenProse","help":"OpenProse VM skill pack with a /prose slash command. (plugin: open-prose)","hasChildren":true} {"recordType":"path","path":"plugins.entries.open-prose.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"OpenProse Config","help":"Plugin-defined config payload for open-prose.","hasChildren":false} {"recordType":"path","path":"plugins.entries.open-prose.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable OpenProse","hasChildren":false} {"recordType":"path","path":"plugins.entries.open-prose.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.open-prose.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.open-prose.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.open-prose.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.open-prose.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.open-prose.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.openai","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/openai-provider","help":"OpenClaw OpenAI provider plugins (plugin: openai)","hasChildren":true} {"recordType":"path","path":"plugins.entries.openai.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/openai-provider Config","help":"Plugin-defined config payload for openai.","hasChildren":false} {"recordType":"path","path":"plugins.entries.openai.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/openai-provider","hasChildren":false} {"recordType":"path","path":"plugins.entries.openai.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.openai.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.openai.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.openai.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.openai.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.openai.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.opencode","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/opencode-provider","help":"OpenClaw OpenCode Zen provider plugin (plugin: opencode)","hasChildren":true} {"recordType":"path","path":"plugins.entries.opencode-go","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/opencode-go-provider","help":"OpenClaw OpenCode Go provider plugin (plugin: opencode-go)","hasChildren":true} {"recordType":"path","path":"plugins.entries.opencode-go.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/opencode-go-provider Config","help":"Plugin-defined config payload for opencode-go.","hasChildren":false} {"recordType":"path","path":"plugins.entries.opencode-go.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/opencode-go-provider","hasChildren":false} {"recordType":"path","path":"plugins.entries.opencode-go.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.opencode-go.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.opencode-go.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.opencode-go.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.opencode-go.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.opencode-go.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.opencode.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/opencode-provider Config","help":"Plugin-defined config payload for opencode.","hasChildren":false} {"recordType":"path","path":"plugins.entries.opencode.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/opencode-provider","hasChildren":false} {"recordType":"path","path":"plugins.entries.opencode.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.opencode.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.opencode.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.opencode.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.opencode.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.opencode.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.openrouter","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/openrouter-provider","help":"OpenClaw OpenRouter provider plugin (plugin: openrouter)","hasChildren":true} {"recordType":"path","path":"plugins.entries.openrouter.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/openrouter-provider Config","help":"Plugin-defined config payload for openrouter.","hasChildren":false} {"recordType":"path","path":"plugins.entries.openrouter.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/openrouter-provider","hasChildren":false} {"recordType":"path","path":"plugins.entries.openrouter.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.openrouter.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.openrouter.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.openrouter.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.openrouter.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.openrouter.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.openshell","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"OpenShell Sandbox","help":"Sandbox backend powered by OpenShell with mirrored local workspaces and SSH-based command execution. (plugin: openshell)","hasChildren":true} {"recordType":"path","path":"plugins.entries.openshell.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"OpenShell Sandbox Config","help":"Plugin-defined config payload for openshell.","hasChildren":true} {"recordType":"path","path":"plugins.entries.openshell.config.autoProviders","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Auto-create Providers","help":"When enabled, pass --auto-providers during sandbox create.","hasChildren":false} @@ -4255,61 +4500,109 @@ {"recordType":"path","path":"plugins.entries.openshell.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable OpenShell Sandbox","hasChildren":false} {"recordType":"path","path":"plugins.entries.openshell.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.openshell.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.openshell.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.openshell.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.openshell.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.openshell.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.perplexity","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/perplexity-plugin","help":"OpenClaw Perplexity plugin (plugin: perplexity)","hasChildren":true} {"recordType":"path","path":"plugins.entries.perplexity.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/perplexity-plugin Config","help":"Plugin-defined config payload for perplexity.","hasChildren":false} {"recordType":"path","path":"plugins.entries.perplexity.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/perplexity-plugin","hasChildren":false} {"recordType":"path","path":"plugins.entries.perplexity.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.perplexity.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.perplexity.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.perplexity.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.perplexity.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.perplexity.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.phone-control","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Phone Control","help":"Arm/disarm high-risk phone node commands (camera/screen/writes) with an optional auto-expiry. (plugin: phone-control)","hasChildren":true} {"recordType":"path","path":"plugins.entries.phone-control.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Phone Control Config","help":"Plugin-defined config payload for phone-control.","hasChildren":false} {"recordType":"path","path":"plugins.entries.phone-control.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable Phone Control","hasChildren":false} {"recordType":"path","path":"plugins.entries.phone-control.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.phone-control.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.phone-control.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.phone-control.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.phone-control.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.phone-control.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.qianfan","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/qianfan-provider","help":"OpenClaw Qianfan provider plugin (plugin: qianfan)","hasChildren":true} {"recordType":"path","path":"plugins.entries.qianfan.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/qianfan-provider Config","help":"Plugin-defined config payload for qianfan.","hasChildren":false} {"recordType":"path","path":"plugins.entries.qianfan.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/qianfan-provider","hasChildren":false} {"recordType":"path","path":"plugins.entries.qianfan.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.qianfan.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.qianfan.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.qianfan.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.qianfan.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.qianfan.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.qwen-portal-auth","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"qwen-portal-auth","help":"Plugin entry for qwen-portal-auth.","hasChildren":true} {"recordType":"path","path":"plugins.entries.qwen-portal-auth.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"qwen-portal-auth Config","help":"Plugin-defined config payload for qwen-portal-auth.","hasChildren":false} {"recordType":"path","path":"plugins.entries.qwen-portal-auth.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable qwen-portal-auth","hasChildren":false} {"recordType":"path","path":"plugins.entries.qwen-portal-auth.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.qwen-portal-auth.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.qwen-portal-auth.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.qwen-portal-auth.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.qwen-portal-auth.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.qwen-portal-auth.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.sglang","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/sglang-provider","help":"OpenClaw SGLang provider plugin (plugin: sglang)","hasChildren":true} {"recordType":"path","path":"plugins.entries.sglang.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/sglang-provider Config","help":"Plugin-defined config payload for sglang.","hasChildren":false} {"recordType":"path","path":"plugins.entries.sglang.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/sglang-provider","hasChildren":false} {"recordType":"path","path":"plugins.entries.sglang.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.sglang.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.sglang.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.sglang.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.sglang.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.sglang.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.signal","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/signal","help":"OpenClaw Signal channel plugin (plugin: signal)","hasChildren":true} {"recordType":"path","path":"plugins.entries.signal.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/signal Config","help":"Plugin-defined config payload for signal.","hasChildren":false} {"recordType":"path","path":"plugins.entries.signal.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/signal","hasChildren":false} {"recordType":"path","path":"plugins.entries.signal.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.signal.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.signal.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.signal.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.signal.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.signal.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.slack","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/slack","help":"OpenClaw Slack channel plugin (plugin: slack)","hasChildren":true} {"recordType":"path","path":"plugins.entries.slack.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/slack Config","help":"Plugin-defined config payload for slack.","hasChildren":false} {"recordType":"path","path":"plugins.entries.slack.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/slack","hasChildren":false} {"recordType":"path","path":"plugins.entries.slack.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.slack.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.slack.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.slack.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.slack.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.slack.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.synology-chat","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/synology-chat","help":"Synology Chat channel plugin for OpenClaw (plugin: synology-chat)","hasChildren":true} {"recordType":"path","path":"plugins.entries.synology-chat.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/synology-chat Config","help":"Plugin-defined config payload for synology-chat.","hasChildren":false} {"recordType":"path","path":"plugins.entries.synology-chat.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/synology-chat","hasChildren":false} {"recordType":"path","path":"plugins.entries.synology-chat.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.synology-chat.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.synology-chat.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.synology-chat.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.synology-chat.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.synology-chat.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.synthetic","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/synthetic-provider","help":"OpenClaw Synthetic provider plugin (plugin: synthetic)","hasChildren":true} {"recordType":"path","path":"plugins.entries.synthetic.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/synthetic-provider Config","help":"Plugin-defined config payload for synthetic.","hasChildren":false} {"recordType":"path","path":"plugins.entries.synthetic.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/synthetic-provider","hasChildren":false} {"recordType":"path","path":"plugins.entries.synthetic.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.synthetic.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.synthetic.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.synthetic.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.synthetic.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.synthetic.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.talk-voice","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Talk Voice","help":"Manage Talk voice selection (list/set). (plugin: talk-voice)","hasChildren":true} {"recordType":"path","path":"plugins.entries.talk-voice.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Talk Voice Config","help":"Plugin-defined config payload for talk-voice.","hasChildren":false} {"recordType":"path","path":"plugins.entries.talk-voice.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable Talk Voice","hasChildren":false} {"recordType":"path","path":"plugins.entries.talk-voice.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.talk-voice.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.talk-voice.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.talk-voice.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.talk-voice.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.talk-voice.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.telegram","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/telegram","help":"OpenClaw Telegram channel plugin (plugin: telegram)","hasChildren":true} {"recordType":"path","path":"plugins.entries.telegram.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/telegram Config","help":"Plugin-defined config payload for telegram.","hasChildren":false} {"recordType":"path","path":"plugins.entries.telegram.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/telegram","hasChildren":false} {"recordType":"path","path":"plugins.entries.telegram.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.telegram.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.telegram.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.telegram.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.telegram.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.telegram.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.thread-ownership","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Thread Ownership","help":"Prevents multiple agents from responding in the same Slack thread. Uses HTTP calls to the slack-forwarder ownership API. (plugin: thread-ownership)","hasChildren":true} {"recordType":"path","path":"plugins.entries.thread-ownership.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Thread Ownership Config","help":"Plugin-defined config payload for thread-ownership.","hasChildren":true} {"recordType":"path","path":"plugins.entries.thread-ownership.config.abTestChannels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"A/B Test Channels","help":"Slack channel IDs where thread ownership is enforced","hasChildren":true} @@ -4318,36 +4611,64 @@ {"recordType":"path","path":"plugins.entries.thread-ownership.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Enable Thread Ownership","hasChildren":false} {"recordType":"path","path":"plugins.entries.thread-ownership.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.thread-ownership.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.thread-ownership.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.thread-ownership.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.thread-ownership.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.thread-ownership.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.tlon","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/tlon","help":"OpenClaw Tlon/Urbit channel plugin (plugin: tlon)","hasChildren":true} {"recordType":"path","path":"plugins.entries.tlon.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/tlon Config","help":"Plugin-defined config payload for tlon.","hasChildren":false} {"recordType":"path","path":"plugins.entries.tlon.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/tlon","hasChildren":false} {"recordType":"path","path":"plugins.entries.tlon.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.tlon.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.tlon.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.tlon.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.tlon.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.tlon.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.together","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/together-provider","help":"OpenClaw Together provider plugin (plugin: together)","hasChildren":true} {"recordType":"path","path":"plugins.entries.together.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/together-provider Config","help":"Plugin-defined config payload for together.","hasChildren":false} {"recordType":"path","path":"plugins.entries.together.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/together-provider","hasChildren":false} {"recordType":"path","path":"plugins.entries.together.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.together.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.together.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.together.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.together.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.together.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.twitch","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/twitch","help":"OpenClaw Twitch channel plugin (plugin: twitch)","hasChildren":true} {"recordType":"path","path":"plugins.entries.twitch.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/twitch Config","help":"Plugin-defined config payload for twitch.","hasChildren":false} {"recordType":"path","path":"plugins.entries.twitch.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/twitch","hasChildren":false} {"recordType":"path","path":"plugins.entries.twitch.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.twitch.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.twitch.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.twitch.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.twitch.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.twitch.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.venice","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/venice-provider","help":"OpenClaw Venice provider plugin (plugin: venice)","hasChildren":true} {"recordType":"path","path":"plugins.entries.venice.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/venice-provider Config","help":"Plugin-defined config payload for venice.","hasChildren":false} {"recordType":"path","path":"plugins.entries.venice.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/venice-provider","hasChildren":false} {"recordType":"path","path":"plugins.entries.venice.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.venice.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.venice.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.venice.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.venice.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.venice.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.vercel-ai-gateway","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/vercel-ai-gateway-provider","help":"OpenClaw Vercel AI Gateway provider plugin (plugin: vercel-ai-gateway)","hasChildren":true} {"recordType":"path","path":"plugins.entries.vercel-ai-gateway.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/vercel-ai-gateway-provider Config","help":"Plugin-defined config payload for vercel-ai-gateway.","hasChildren":false} {"recordType":"path","path":"plugins.entries.vercel-ai-gateway.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/vercel-ai-gateway-provider","hasChildren":false} {"recordType":"path","path":"plugins.entries.vercel-ai-gateway.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.vercel-ai-gateway.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.vercel-ai-gateway.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.vercel-ai-gateway.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.vercel-ai-gateway.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.vercel-ai-gateway.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.vllm","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/vllm-provider","help":"OpenClaw vLLM provider plugin (plugin: vllm)","hasChildren":true} {"recordType":"path","path":"plugins.entries.vllm.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/vllm-provider Config","help":"Plugin-defined config payload for vllm.","hasChildren":false} {"recordType":"path","path":"plugins.entries.vllm.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/vllm-provider","hasChildren":false} {"recordType":"path","path":"plugins.entries.vllm.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.vllm.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.vllm.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.vllm.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.vllm.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.vllm.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.voice-call","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/voice-call","help":"OpenClaw voice-call plugin (plugin: voice-call)","hasChildren":true} {"recordType":"path","path":"plugins.entries.voice-call.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/voice-call Config","help":"Plugin-defined config payload for voice-call.","hasChildren":true} {"recordType":"path","path":"plugins.entries.voice-call.config.allowFrom","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Inbound Allowlist","hasChildren":true} @@ -4449,7 +4770,7 @@ {"recordType":"path","path":"plugins.entries.voice-call.config.tts.openai.speed","kind":"plugin","type":"number","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"plugins.entries.voice-call.config.tts.openai.voice","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["advanced","media"],"label":"OpenAI TTS Voice","hasChildren":false} {"recordType":"path","path":"plugins.entries.voice-call.config.tts.prefsPath","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} -{"recordType":"path","path":"plugins.entries.voice-call.config.tts.provider","kind":"plugin","type":"string","required":false,"enumValues":["openai","elevenlabs","edge"],"deprecated":false,"sensitive":false,"tags":["advanced","media"],"label":"TTS Provider Override","help":"Deep-merges with messages.tts (Edge is ignored for calls).","hasChildren":false} +{"recordType":"path","path":"plugins.entries.voice-call.config.tts.provider","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["advanced","media"],"label":"TTS Provider Override","help":"Deep-merges with messages.tts (Microsoft is ignored for calls).","hasChildren":false} {"recordType":"path","path":"plugins.entries.voice-call.config.tts.summaryModel","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"plugins.entries.voice-call.config.tts.timeoutMs","kind":"plugin","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"plugins.entries.voice-call.config.tunnel","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} @@ -4469,41 +4790,73 @@ {"recordType":"path","path":"plugins.entries.voice-call.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/voice-call","hasChildren":false} {"recordType":"path","path":"plugins.entries.voice-call.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.voice-call.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.voice-call.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.voice-call.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.voice-call.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.voice-call.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.volcengine","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/volcengine-provider","help":"OpenClaw Volcengine provider plugin (plugin: volcengine)","hasChildren":true} {"recordType":"path","path":"plugins.entries.volcengine.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/volcengine-provider Config","help":"Plugin-defined config payload for volcengine.","hasChildren":false} {"recordType":"path","path":"plugins.entries.volcengine.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/volcengine-provider","hasChildren":false} {"recordType":"path","path":"plugins.entries.volcengine.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.volcengine.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.volcengine.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.volcengine.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.volcengine.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.volcengine.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.whatsapp","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/whatsapp","help":"OpenClaw WhatsApp channel plugin (plugin: whatsapp)","hasChildren":true} {"recordType":"path","path":"plugins.entries.whatsapp.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/whatsapp Config","help":"Plugin-defined config payload for whatsapp.","hasChildren":false} {"recordType":"path","path":"plugins.entries.whatsapp.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/whatsapp","hasChildren":false} {"recordType":"path","path":"plugins.entries.whatsapp.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.whatsapp.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.whatsapp.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.whatsapp.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.whatsapp.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.whatsapp.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.xai","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/xai-plugin","help":"OpenClaw xAI plugin (plugin: xai)","hasChildren":true} {"recordType":"path","path":"plugins.entries.xai.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/xai-plugin Config","help":"Plugin-defined config payload for xai.","hasChildren":false} {"recordType":"path","path":"plugins.entries.xai.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/xai-plugin","hasChildren":false} {"recordType":"path","path":"plugins.entries.xai.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.xai.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.xai.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.xai.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.xai.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.xai.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.xiaomi","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/xiaomi-provider","help":"OpenClaw Xiaomi provider plugin (plugin: xiaomi)","hasChildren":true} {"recordType":"path","path":"plugins.entries.xiaomi.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/xiaomi-provider Config","help":"Plugin-defined config payload for xiaomi.","hasChildren":false} {"recordType":"path","path":"plugins.entries.xiaomi.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/xiaomi-provider","hasChildren":false} {"recordType":"path","path":"plugins.entries.xiaomi.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.xiaomi.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.xiaomi.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.xiaomi.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.xiaomi.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.xiaomi.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.zai","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/zai-provider","help":"OpenClaw Z.AI provider plugin (plugin: zai)","hasChildren":true} {"recordType":"path","path":"plugins.entries.zai.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/zai-provider Config","help":"Plugin-defined config payload for zai.","hasChildren":false} {"recordType":"path","path":"plugins.entries.zai.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/zai-provider","hasChildren":false} {"recordType":"path","path":"plugins.entries.zai.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.zai.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.zai.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.zai.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.zai.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.zai.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.zalo","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/zalo","help":"OpenClaw Zalo channel plugin (plugin: zalo)","hasChildren":true} {"recordType":"path","path":"plugins.entries.zalo.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/zalo Config","help":"Plugin-defined config payload for zalo.","hasChildren":false} {"recordType":"path","path":"plugins.entries.zalo.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/zalo","hasChildren":false} {"recordType":"path","path":"plugins.entries.zalo.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.zalo.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.zalo.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.zalo.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.zalo.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.zalo.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.entries.zalouser","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/zalouser","help":"OpenClaw Zalo Personal Account plugin via native zca-js integration (plugin: zalouser)","hasChildren":true} {"recordType":"path","path":"plugins.entries.zalouser.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/zalouser Config","help":"Plugin-defined config payload for zalouser.","hasChildren":false} {"recordType":"path","path":"plugins.entries.zalouser.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/zalouser","hasChildren":false} {"recordType":"path","path":"plugins.entries.zalouser.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true} {"recordType":"path","path":"plugins.entries.zalouser.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false} +{"recordType":"path","path":"plugins.entries.zalouser.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.zalouser.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true} +{"recordType":"path","path":"plugins.entries.zalouser.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"plugins.entries.zalouser.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false} {"recordType":"path","path":"plugins.installs","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Install Records","help":"CLI-managed install metadata (used by `openclaw plugins update` to locate install sources).","hasChildren":true} {"recordType":"path","path":"plugins.installs.*","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"plugins.installs.*.installedAt","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Install Time","help":"ISO timestamp of last install/update.","hasChildren":false} diff --git a/docs/.i18n/glossary.zh-CN.json b/docs/.i18n/glossary.zh-CN.json index 36e44b6d909..d1b1f3f3058 100644 --- a/docs/.i18n/glossary.zh-CN.json +++ b/docs/.i18n/glossary.zh-CN.json @@ -47,6 +47,10 @@ "source": "Quick Start", "target": "快速开始" }, + { + "source": "Capability Cookbook", + "target": "能力扩展手册" + }, { "source": "Setup Wizard Reference", "target": "设置向导参考" diff --git a/docs/automation/webhook.md b/docs/automation/webhook.md index b35ee9d4469..38676a8fdbe 100644 --- a/docs/automation/webhook.md +++ b/docs/automation/webhook.md @@ -38,6 +38,7 @@ Every request must include the hook token. Prefer headers: - `Authorization: Bearer ` (recommended) - `x-openclaw-token: ` - Query-string tokens are rejected (`?token=...` returns `400`). +- Treat `hooks.token` holders as full-trust callers for the hook ingress surface on that gateway. Hook payload content is still untrusted, but this is not a separate non-owner auth boundary. ## Endpoints @@ -205,6 +206,7 @@ curl -X POST http://127.0.0.1:18789/hooks/gmail \ - Keep hook endpoints behind loopback, tailnet, or trusted reverse proxy. - Use a dedicated hook token; do not reuse gateway auth tokens. +- Prefer a dedicated hook agent with strict `tools.profile` and sandboxing so hook ingress has a narrower blast radius. - Repeated auth failures are rate-limited per client address to slow brute-force attempts. - If you use multi-agent routing, set `hooks.allowedAgentIds` to limit explicit `agentId` selection. - Keep `hooks.allowRequestSessionKey=false` unless you require caller-selected sessions. diff --git a/docs/channels/bluebubbles.md b/docs/channels/bluebubbles.md index 9c2f0eb6de4..bf328656ff3 100644 --- a/docs/channels/bluebubbles.md +++ b/docs/channels/bluebubbles.md @@ -126,7 +126,7 @@ launchctl load ~/Library/LaunchAgents/com.user.poke-messages.plist ## Onboarding -BlueBubbles is available in the interactive setup wizard: +BlueBubbles is available in interactive onboarding: ``` openclaw onboard diff --git a/docs/channels/discord.md b/docs/channels/discord.md index e179417e9b8..2b2266c4c83 100644 --- a/docs/channels/discord.md +++ b/docs/channels/discord.md @@ -168,7 +168,7 @@ openclaw pairing approve discord Token resolution is account-aware. Config token values win over env fallback. `DISCORD_BOT_TOKEN` is only used for the default account. -For advanced outbound calls (message tool/channel actions), an explicit per-call `token` is used for that call. Account policy/retry settings still come from the selected account in the active runtime snapshot. +For advanced outbound calls (message tool/channel actions), an explicit per-call `token` is used for that call. This applies to send and read/probe-style actions (for example read/search/fetch/thread/pins/permissions). Account policy/retry settings still come from the selected account in the active runtime snapshot. ## Recommended: Set up a guild workspace diff --git a/docs/channels/feishu.md b/docs/channels/feishu.md index 41882e78264..ad018aa4d03 100644 --- a/docs/channels/feishu.md +++ b/docs/channels/feishu.md @@ -30,9 +30,9 @@ openclaw plugins install @openclaw/feishu There are two ways to add the Feishu channel: -### Method 1: setup wizard (recommended) +### Method 1: onboarding (recommended) -If you just installed OpenClaw, run the setup wizard: +If you just installed OpenClaw, run onboarding: ```bash openclaw onboard diff --git a/docs/channels/mattermost.md b/docs/channels/mattermost.md index 2ceb6c17626..41f6ffa19a0 100644 --- a/docs/channels/mattermost.md +++ b/docs/channels/mattermost.md @@ -191,6 +191,35 @@ OpenClaw resolves them **user-first**: If you need deterministic behavior, always use the explicit prefixes (`user:` / `channel:`). +## DM channel retry + +When OpenClaw sends to a Mattermost DM target and needs to resolve the direct channel first, it +retries transient direct-channel creation failures by default. + +Use `channels.mattermost.dmChannelRetry` to tune that behavior globally for the Mattermost plugin, +or `channels.mattermost.accounts..dmChannelRetry` for one account. + +```json5 +{ + channels: { + mattermost: { + dmChannelRetry: { + maxRetries: 3, + initialDelayMs: 1000, + maxDelayMs: 10000, + timeoutMs: 30000, + }, + }, + }, +} +``` + +Notes: + +- This applies only to DM channel creation (`/api/v4/channels/direct`), not every Mattermost API call. +- Retries apply to transient failures such as rate limits, 5xx responses, and network or timeout errors. +- 4xx client errors other than `429` are treated as permanent and are not retried. + ## Reactions (message tool) - Use `message action=react` with `channel=mattermost`. diff --git a/docs/channels/nostr.md b/docs/channels/nostr.md index 46888da0352..c8d5d69753b 100644 --- a/docs/channels/nostr.md +++ b/docs/channels/nostr.md @@ -16,7 +16,7 @@ Nostr is a decentralized protocol for social networking. This channel enables Op ### Onboarding (recommended) -- The setup wizard (`openclaw onboard`) and `openclaw channels add` list optional channel plugins. +- Onboarding (`openclaw onboard`) and `openclaw channels add` list optional channel plugins. - Selecting Nostr prompts you to install the plugin on demand. Install defaults: diff --git a/docs/channels/telegram.md b/docs/channels/telegram.md index b5700213830..2758982b8d7 100644 --- a/docs/channels/telegram.md +++ b/docs/channels/telegram.md @@ -115,7 +115,7 @@ Token resolution order is account-aware. In practice, config values win over env `channels.telegram.allowFrom` accepts numeric Telegram user IDs. `telegram:` / `tg:` prefixes are accepted and normalized. `dmPolicy: "allowlist"` with empty `allowFrom` blocks all DMs and is rejected by config validation. - The setup wizard accepts `@username` input and resolves it to numeric IDs. + Onboarding accepts `@username` input and resolves it to numeric IDs. If you upgraded and your config contains `@username` allowlist entries, run `openclaw doctor --fix` to resolve them (best-effort; requires a Telegram bot token). If you previously relied on pairing-store allowlist files, `openclaw doctor --fix` can recover entries into `channels.telegram.allowFrom` in allowlist flows (for example when `dmPolicy: "allowlist"` has no explicit IDs yet). diff --git a/docs/cli/doctor.md b/docs/cli/doctor.md index 4718135ee68..d5429b5b01c 100644 --- a/docs/cli/doctor.md +++ b/docs/cli/doctor.md @@ -32,6 +32,8 @@ Notes: - Doctor includes a memory-search readiness check and can recommend `openclaw configure --section model` when embedding credentials are missing. - If sandbox mode is enabled but Docker is unavailable, doctor reports a high-signal warning with remediation (`install Docker` or `openclaw config set agents.defaults.sandbox.mode off`). - If `gateway.auth.token`/`gateway.auth.password` are SecretRef-managed and unavailable in the current command path, doctor reports a read-only warning and does not write plaintext fallback credentials. +- If channel SecretRef inspection fails in a fix path, doctor continues and reports a warning instead of exiting early. +- Telegram `allowFrom` username auto-resolution (`doctor --fix`) requires a resolvable Telegram token in the current command path. If token inspection is unavailable, doctor reports a warning and skips auto-resolution for that pass. ## macOS: `launchctl` env overrides diff --git a/docs/cli/index.md b/docs/cli/index.md index 9c4b58d1c35..8700655c766 100644 --- a/docs/cli/index.md +++ b/docs/cli/index.md @@ -318,22 +318,22 @@ Initialize config + workspace. Options: - `--workspace `: agent workspace path (default `~/.openclaw/workspace`). -- `--wizard`: run the setup wizard. -- `--non-interactive`: run wizard without prompts. -- `--mode `: wizard mode. +- `--wizard`: run onboarding. +- `--non-interactive`: run onboarding without prompts. +- `--mode `: onboard mode. - `--remote-url `: remote Gateway URL. - `--remote-token `: remote Gateway token. -Wizard auto-runs when any wizard flags are present (`--non-interactive`, `--mode`, `--remote-url`, `--remote-token`). +Onboarding auto-runs when any onboarding flags are present (`--non-interactive`, `--mode`, `--remote-url`, `--remote-token`). ### `onboard` -Interactive wizard to set up gateway, workspace, and skills. +Interactive onboarding for gateway, workspace, and skills. Options: - `--workspace ` -- `--reset` (reset config + credentials + sessions before wizard) +- `--reset` (reset config + credentials + sessions before onboarding) - `--reset-scope ` (default `config+creds+sessions`; use `full` to also remove workspace) - `--non-interactive` - `--mode ` diff --git a/docs/cli/message.md b/docs/cli/message.md index 1633554f316..665d0e74bd2 100644 --- a/docs/cli/message.md +++ b/docs/cli/message.md @@ -50,6 +50,16 @@ Name lookup: - `--dry-run` - `--verbose` +## SecretRef behavior + +- `openclaw message` resolves supported channel SecretRefs before running the selected action. +- Resolution is scoped to the active action target when possible: + - channel-scoped when `--channel` is set (or inferred from prefixed targets like `discord:...`) + - account-scoped when `--account` is set (channel globals + selected account surfaces) + - when `--account` is omitted, OpenClaw does not force a `default` account SecretRef scope +- Unresolved SecretRefs on unrelated channels do not block a targeted message action. +- If the selected channel/account SecretRef is unresolved, the command fails closed for that action. + ## Actions ### Core diff --git a/docs/cli/onboard.md b/docs/cli/onboard.md index 899ccd82713..0b0e9c78beb 100644 --- a/docs/cli/onboard.md +++ b/docs/cli/onboard.md @@ -1,5 +1,5 @@ --- -summary: "CLI reference for `openclaw onboard` (interactive setup wizard)" +summary: "CLI reference for `openclaw onboard` (interactive onboarding)" read_when: - You want guided setup for gateway, workspace, auth, channels, and skills title: "onboard" @@ -7,11 +7,11 @@ title: "onboard" # `openclaw onboard` -Interactive setup wizard (local or remote Gateway setup). +Interactive onboarding for local or remote Gateway setup. ## Related guides -- CLI onboarding hub: [Setup Wizard (CLI)](/start/wizard) +- CLI onboarding hub: [Onboarding (CLI)](/start/wizard) - Onboarding overview: [Onboarding Overview](/start/onboarding-overview) - CLI onboarding reference: [CLI Setup Reference](/start/wizard-cli-reference) - CLI automation: [CLI Automation](/start/wizard-cli-automation) diff --git a/docs/cli/plugins.md b/docs/cli/plugins.md index 5e551a9c64f..6a137137af1 100644 --- a/docs/cli/plugins.md +++ b/docs/cli/plugins.md @@ -21,7 +21,7 @@ Related: ```bash openclaw plugins list -openclaw plugins info +openclaw plugins inspect openclaw plugins enable openclaw plugins disable openclaw plugins uninstall @@ -31,6 +31,8 @@ openclaw plugins update --all openclaw plugins marketplace list ``` +`info` is an alias for `inspect`. + Bundled plugins ship with OpenClaw but start disabled. Use `plugins enable` to activate them. @@ -148,3 +150,26 @@ marketplace installs. When a stored integrity hash exists and the fetched artifact hash changes, OpenClaw prints a warning and asks for confirmation before proceeding. Use global `--yes` to bypass prompts in CI/non-interactive runs. + +### Inspect + +```bash +openclaw plugins inspect +openclaw plugins inspect --json +``` + +Deep introspection for a single plugin. Shows identity, load status, source, +plugin shape, registered capabilities, hooks, tools, commands, services, +gateway methods, HTTP routes, policy flags, diagnostics, and install metadata. + +Plugin shape is derived from actual registration behavior: + +- **plain-capability** — one capability type registered +- **hybrid-capability** — multiple capability types registered +- **hook-only** — only hooks, no capabilities or surfaces +- **non-capability** — tools/commands/services but no capabilities + +The `--json` flag outputs a machine-readable report suitable for scripting and +auditing. + +`info` is an alias for `inspect`. diff --git a/docs/cli/security.md b/docs/cli/security.md index 76a7ae75976..28b65f3629b 100644 --- a/docs/cli/security.md +++ b/docs/cli/security.md @@ -30,7 +30,7 @@ This is for cooperative/shared inbox hardening. A single Gateway shared by mutua It also emits `security.trust_model.multi_user_heuristic` when config suggests likely shared-user ingress (for example open DM/group policy, configured group targets, or wildcard sender rules), and reminds you that OpenClaw is a personal-assistant trust model by default. For intentional shared-user setups, the audit guidance is to sandbox all sessions, keep filesystem access workspace-scoped, and keep personal/private identities or credentials off that runtime. It also warns when small models (`<=300B`) are used without sandboxing and with web/browser tools enabled. -For webhook ingress, it warns when `hooks.defaultSessionKey` is unset, when request `sessionKey` overrides are enabled, and when overrides are enabled without `hooks.allowedSessionKeyPrefixes`. +For webhook ingress, it warns when `hooks.token` reuses the Gateway token, when `hooks.defaultSessionKey` is unset, when `hooks.allowedAgentIds` is unrestricted, when request `sessionKey` overrides are enabled, and when overrides are enabled without `hooks.allowedSessionKeyPrefixes`. It also warns when sandbox Docker settings are configured while sandbox mode is off, when `gateway.nodes.denyCommands` uses ineffective pattern-like/unknown entries (exact node command-name matching only, not shell-text filtering), when `gateway.nodes.allowCommands` explicitly enables dangerous node commands, when global `tools.profile="minimal"` is overridden by agent tool profiles, when open groups expose runtime/filesystem tools without sandbox/workspace guards, and when installed extension plugin tools may be reachable under permissive tool policy. It also flags `gateway.allowRealIpFallback=true` (header-spoofing risk if proxies are misconfigured) and `discovery.mdns.mode="full"` (metadata leakage via mDNS TXT records). It also warns when sandbox browser uses Docker `bridge` network without `sandbox.browser.cdpSourceRange`. diff --git a/docs/cli/setup.md b/docs/cli/setup.md index d8992ba8a43..e13cd89e5b2 100644 --- a/docs/cli/setup.md +++ b/docs/cli/setup.md @@ -1,7 +1,7 @@ --- summary: "CLI reference for `openclaw setup` (initialize config + workspace)" read_when: - - You’re doing first-run setup without the full setup wizard + - You’re doing first-run setup without full CLI onboarding - You want to set the default workspace path title: "setup" --- @@ -13,7 +13,7 @@ Initialize `~/.openclaw/openclaw.json` and the agent workspace. Related: - Getting started: [Getting started](/start/getting-started) -- Wizard: [Onboarding](/start/onboarding) +- CLI onboarding: [Onboarding (CLI)](/start/wizard) ## Examples @@ -22,7 +22,7 @@ openclaw setup openclaw setup --workspace ~/.openclaw/workspace ``` -To run the wizard via setup: +To run onboarding via setup: ```bash openclaw setup --wizard diff --git a/docs/cli/status.md b/docs/cli/status.md index 770bf6ab50d..3f0f5bb5bf8 100644 --- a/docs/cli/status.md +++ b/docs/cli/status.md @@ -27,3 +27,4 @@ Notes: - Read-only status surfaces (`status`, `status --json`, `status --all`) resolve supported SecretRefs for their targeted config paths when possible. - If a supported channel SecretRef is configured but unavailable in the current command path, status stays read-only and reports degraded output instead of crashing. Human output shows warnings such as “configured token unavailable in this command path”, and JSON output includes `secretDiagnostics`. - When command-local SecretRef resolution succeeds, status prefers the resolved snapshot and clears transient “secret unavailable” channel markers from the final output. +- `status --all` includes a Secrets overview row and a diagnosis section that summarizes secret diagnostics (truncated for readability) without stopping report generation. diff --git a/docs/concepts/compaction.md b/docs/concepts/compaction.md index 73f6372c3f7..5640fa51a35 100644 --- a/docs/concepts/compaction.md +++ b/docs/concepts/compaction.md @@ -97,6 +97,17 @@ compaction and can run alongside it. See [OpenAI provider](/providers/openai) for model params and overrides. +## Custom context engines + +Compaction behavior is owned by the active +[context engine](/concepts/context-engine). The legacy engine uses the built-in +summarization described above. Plugin engines (selected via +`plugins.slots.contextEngine`) can implement any compaction strategy — DAG +summaries, vector retrieval, incremental condensation, etc. + +When a plugin engine sets `ownsCompaction: true`, OpenClaw delegates all +compaction decisions to the engine and does not run built-in auto-compaction. + ## Tips - Use `/compact` when sessions feel stale or context is bloated. diff --git a/docs/concepts/context-engine.md b/docs/concepts/context-engine.md new file mode 100644 index 00000000000..87d5e87d85b --- /dev/null +++ b/docs/concepts/context-engine.md @@ -0,0 +1,250 @@ +--- +summary: "Context engine: pluggable context assembly, compaction, and subagent lifecycle" +read_when: + - You want to understand how OpenClaw assembles model context + - You are switching between the legacy engine and a plugin engine + - You are building a context engine plugin +title: "Context Engine" +--- + +# Context Engine + +A **context engine** controls how OpenClaw builds model context for each run. +It decides which messages to include, how to summarize older history, and how +to manage context across subagent boundaries. + +OpenClaw ships with a built-in `legacy` engine. Plugins can register +alternative engines that replace the entire context pipeline. + +## Quick start + +Check which engine is active: + +```bash +openclaw doctor +# or inspect config directly: +cat ~/.openclaw/openclaw.json | jq '.plugins.slots.contextEngine' +``` + +### Installing a context engine plugin + +Context engine plugins are installed like any other OpenClaw plugin. Install +first, then select the engine in the slot: + +```bash +# Install from npm +openclaw plugins install @martian-engineering/lossless-claw + +# Or install from a local path (for development) +openclaw plugins install -l ./my-context-engine +``` + +Then enable the plugin and select it as the active engine in your config: + +```json5 +// openclaw.json +{ + plugins: { + slots: { + contextEngine: "lossless-claw", // must match the plugin's registered engine id + }, + entries: { + "lossless-claw": { + enabled: true, + // Plugin-specific config goes here (see the plugin's docs) + }, + }, + }, +} +``` + +Restart the gateway after installing and configuring. + +To switch back to the built-in engine, set `contextEngine` to `"legacy"` (or +remove the key entirely — `"legacy"` is the default). + +## How it works + +Every time OpenClaw runs a model prompt, the context engine participates at +four lifecycle points: + +1. **Ingest** — called when a new message is added to the session. The engine + can store or index the message in its own data store. +2. **Assemble** — called before each model run. The engine returns an ordered + set of messages (and an optional `systemPromptAddition`) that fit within + the token budget. +3. **Compact** — called when the context window is full, or when the user runs + `/compact`. The engine summarizes older history to free space. +4. **After turn** — called after a run completes. The engine can persist state, + trigger background compaction, or update indexes. + +### Subagent lifecycle (optional) + +OpenClaw currently calls one subagent lifecycle hook: + +- **onSubagentEnded** — clean up when a subagent session completes or is swept. + +The `prepareSubagentSpawn` hook is part of the interface for future use, but +the runtime does not invoke it yet. + +### System prompt addition + +The `assemble` method can return a `systemPromptAddition` string. OpenClaw +prepends this to the system prompt for the run. This lets engines inject +dynamic recall guidance, retrieval instructions, or context-aware hints +without requiring static workspace files. + +## The legacy engine + +The built-in `legacy` engine preserves OpenClaw's original behavior: + +- **Ingest**: no-op (the session manager handles message persistence directly). +- **Assemble**: pass-through (the existing sanitize → validate → limit pipeline + in the runtime handles context assembly). +- **Compact**: delegates to the built-in summarization compaction, which creates + a single summary of older messages and keeps recent messages intact. +- **After turn**: no-op. + +The legacy engine does not register tools or provide a `systemPromptAddition`. + +When no `plugins.slots.contextEngine` is set (or it's set to `"legacy"`), this +engine is used automatically. + +## Plugin engines + +A plugin can register a context engine using the plugin API: + +```ts +export default function register(api) { + api.registerContextEngine("my-engine", () => ({ + info: { + id: "my-engine", + name: "My Context Engine", + ownsCompaction: true, + }, + + async ingest({ sessionId, message, isHeartbeat }) { + // Store the message in your data store + return { ingested: true }; + }, + + async assemble({ sessionId, messages, tokenBudget }) { + // Return messages that fit the budget + return { + messages: buildContext(messages, tokenBudget), + estimatedTokens: countTokens(messages), + systemPromptAddition: "Use lcm_grep to search history...", + }; + }, + + async compact({ sessionId, force }) { + // Summarize older context + return { ok: true, compacted: true }; + }, + })); +} +``` + +Then enable it in config: + +```json5 +{ + plugins: { + slots: { + contextEngine: "my-engine", + }, + entries: { + "my-engine": { + enabled: true, + }, + }, + }, +} +``` + +### The ContextEngine interface + +Required members: + +| Member | Kind | Purpose | +| ------------------ | -------- | -------------------------------------------------------- | +| `info` | Property | Engine id, name, version, and whether it owns compaction | +| `ingest(params)` | Method | Store a single message | +| `assemble(params)` | Method | Build context for a model run (returns `AssembleResult`) | +| `compact(params)` | Method | Summarize/reduce context | + +`assemble` returns an `AssembleResult` with: + +- `messages` — the ordered messages to send to the model. +- `estimatedTokens` (required, `number`) — the engine's estimate of total + tokens in the assembled context. OpenClaw uses this for compaction threshold + decisions and diagnostic reporting. +- `systemPromptAddition` (optional, `string`) — prepended to the system prompt. + +Optional members: + +| Member | Kind | Purpose | +| ------------------------------ | ------ | --------------------------------------------------------------------------------------------------------------- | +| `bootstrap(params)` | Method | Initialize engine state for a session. Called once when the engine first sees a session (e.g., import history). | +| `ingestBatch(params)` | Method | Ingest a completed turn as a batch. Called after a run completes, with all messages from that turn at once. | +| `afterTurn(params)` | Method | Post-run lifecycle work (persist state, trigger background compaction). | +| `prepareSubagentSpawn(params)` | Method | Set up shared state for a child session. | +| `onSubagentEnded(params)` | Method | Clean up after a subagent ends. | +| `dispose()` | Method | Release resources. Called during gateway shutdown or plugin reload — not per-session. | + +### ownsCompaction + +When `info.ownsCompaction` is `true`, the engine manages its own compaction +lifecycle. OpenClaw will not trigger the built-in auto-compaction; instead it +delegates entirely to the engine's `compact()` method. The engine may also +run compaction proactively in `afterTurn()`. + +When `false` or unset, OpenClaw's built-in auto-compaction logic runs +alongside the engine. + +## Configuration reference + +```json5 +{ + plugins: { + slots: { + // Select the active context engine. Default: "legacy". + // Set to a plugin id to use a plugin engine. + contextEngine: "legacy", + }, + }, +} +``` + +The slot is exclusive at run time — only one registered context engine is +resolved for a given run or compaction operation. Other enabled +`kind: "context-engine"` plugins can still load and run their registration +code; `plugins.slots.contextEngine` only selects which registered engine id +OpenClaw resolves when it needs a context engine. + +## Relationship to compaction and memory + +- **Compaction** is one responsibility of the context engine. The legacy engine + delegates to OpenClaw's built-in summarization. Plugin engines can implement + any compaction strategy (DAG summaries, vector retrieval, etc.). +- **Memory plugins** (`plugins.slots.memory`) are separate from context engines. + Memory plugins provide search/retrieval; context engines control what the + model sees. They can work together — a context engine might use memory + plugin data during assembly. +- **Session pruning** (trimming old tool results in-memory) still runs + regardless of which context engine is active. + +## Tips + +- Use `openclaw doctor` to verify your engine is loading correctly. +- If switching engines, existing sessions continue with their current history. + The new engine takes over for future runs. +- Engine errors are logged and surfaced in diagnostics. If a plugin engine + fails to register or the selected engine id cannot be resolved, OpenClaw + does not fall back automatically; runs fail until you fix the plugin or + switch `plugins.slots.contextEngine` back to `"legacy"`. +- For development, use `openclaw plugins install -l ./my-engine` to link a + local plugin directory without copying. + +See also: [Compaction](/concepts/compaction), [Context](/concepts/context), +[Plugins](/tools/plugin), [Plugin manifest](/plugins/manifest). diff --git a/docs/concepts/context.md b/docs/concepts/context.md index abc5e5af47c..d5316ea8bf8 100644 --- a/docs/concepts/context.md +++ b/docs/concepts/context.md @@ -157,7 +157,8 @@ By default, OpenClaw uses the built-in `legacy` context engine for assembly and compaction. If you install a plugin that provides `kind: "context-engine"` and select it with `plugins.slots.contextEngine`, OpenClaw delegates context assembly, `/compact`, and related subagent context lifecycle hooks to that -engine instead. +engine instead. See [Context Engine](/concepts/context-engine) for the full +pluggable interface, lifecycle hooks, and configuration. ## What `/context` actually reports diff --git a/docs/concepts/model-providers.md b/docs/concepts/model-providers.md index 6adbb5d0f26..f5a73d7256e 100644 --- a/docs/concepts/model-providers.md +++ b/docs/concepts/model-providers.md @@ -32,6 +32,10 @@ For model selection rules, see [/concepts/models](/concepts/models). `supportsXHighThinking`, `resolveDefaultThinkingLevel`, `isModernModelRef`, `prepareRuntimeAuth`, `resolveUsageAuth`, and `fetchUsageSnapshot`. +- Note: provider runtime `capabilities` is shared runner metadata (provider + family, transcript/tooling quirks, transport/cache hints). It is not the + same as the [public capability model](/tools/plugin#public-capability-model) + which describes what a plugin registers (text inference, speech, etc.). ## Plugin-owned provider behavior diff --git a/docs/concepts/models.md b/docs/concepts/models.md index e85e605456f..6ed1d1de3ab 100644 --- a/docs/concepts/models.md +++ b/docs/concepts/models.md @@ -26,6 +26,7 @@ Related: - `agents.defaults.models` is the allowlist/catalog of models OpenClaw can use (plus aliases). - `agents.defaults.imageModel` is used **only when** the primary model can’t accept images. +- `agents.defaults.imageGenerationModel` is used by the shared image-generation capability. If omitted, `image_generate` can still infer a provider default from compatible auth-backed image-generation plugins. - Per-agent defaults can override `agents.defaults.model` via `agents.list[].model` plus bindings (see [/concepts/multi-agent](/concepts/multi-agent)). ## Quick model policy @@ -34,9 +35,9 @@ Related: - Use fallbacks for cost/latency-sensitive tasks and lower-stakes chat. - For tool-enabled agents or untrusted inputs, avoid older/weaker model tiers. -## Setup wizard (recommended) +## Onboarding (recommended) -If you don’t want to hand-edit config, run the setup wizard: +If you don’t want to hand-edit config, run onboarding: ```bash openclaw onboard @@ -49,6 +50,7 @@ subscription** (OAuth) and **Anthropic** (API key or `claude setup-token`). - `agents.defaults.model.primary` and `agents.defaults.model.fallbacks` - `agents.defaults.imageModel.primary` and `agents.defaults.imageModel.fallbacks` +- `agents.defaults.imageGenerationModel.primary` and `agents.defaults.imageGenerationModel.fallbacks` - `agents.defaults.models` (allowlist + aliases + provider params) - `models.providers` (custom providers written into `models.json`) diff --git a/docs/docs.json b/docs/docs.json index 80409046397..31dfee49c2f 100644 --- a/docs/docs.json +++ b/docs/docs.json @@ -59,6 +59,10 @@ "source": "/compaction", "destination": "/concepts/compaction" }, + { + "source": "/context-engine", + "destination": "/concepts/context-engine" + }, { "source": "/cron", "destination": "/cron-jobs" @@ -952,6 +956,7 @@ "concepts/agent-loop", "concepts/system-prompt", "concepts/context", + "concepts/context-engine", "concepts/agent-workspace", "concepts/oauth" ] diff --git a/docs/gateway/authentication.md b/docs/gateway/authentication.md index c25501e6cdd..8a7eae00194 100644 --- a/docs/gateway/authentication.md +++ b/docs/gateway/authentication.md @@ -49,7 +49,7 @@ openclaw models status openclaw doctor ``` -If you’d rather not manage env vars yourself, the setup wizard can store +If you’d rather not manage env vars yourself, onboarding can store API keys for daemon use: `openclaw onboard`. See [Help](/help) for details on env inheritance (`env.shellEnv`, diff --git a/docs/gateway/configuration-examples.md b/docs/gateway/configuration-examples.md index 9767f2db674..5627f93395d 100644 --- a/docs/gateway/configuration-examples.md +++ b/docs/gateway/configuration-examples.md @@ -434,7 +434,7 @@ Save to `~/.openclaw/openclaw.json` and you can DM the bot from that number. nodeManager: "npm", }, entries: { - "nano-banana-pro": { + "image-lab": { enabled: true, apiKey: "GEMINI_KEY_HERE", env: { GEMINI_API_KEY: "GEMINI_KEY_HERE" }, diff --git a/docs/gateway/configuration-reference.md b/docs/gateway/configuration-reference.md index 170c0a94219..6cf6272483e 100644 --- a/docs/gateway/configuration-reference.md +++ b/docs/gateway/configuration-reference.md @@ -875,6 +875,10 @@ Time format in system prompt. Default: `auto` (OS preference). primary: "openrouter/qwen/qwen-2.5-vl-72b-instruct:free", fallbacks: ["openrouter/google/gemini-2.0-flash-vision:free"], }, + imageGenerationModel: { + primary: "openai/gpt-image-1", + fallbacks: ["google/gemini-3.1-flash-image-preview"], + }, pdfModel: { primary: "anthropic/claude-opus-4-6", fallbacks: ["openai/gpt-5-mini"], @@ -899,6 +903,9 @@ Time format in system prompt. Default: `auto` (OS preference). - `imageModel`: accepts either a string (`"provider/model"`) or an object (`{ primary, fallbacks }`). - Used by the `image` tool path as its vision-model config. - Also used as fallback routing when the selected/default model cannot accept image input. +- `imageGenerationModel`: accepts either a string (`"provider/model"`) or an object (`{ primary, fallbacks }`). + - Used by the shared image-generation capability and any future tool/plugin surface that generates images. + - If omitted, `image_generate` can still infer a best-effort provider default from compatible auth-backed image-generation providers. - `pdfModel`: accepts either a string (`"provider/model"`) or an object (`{ primary, fallbacks }`). - Used by the `pdf` tool for model routing. - If omitted, the PDF tool falls back to `imageModel`, then to best-effort provider defaults. @@ -2365,7 +2372,7 @@ See [Local Models](/gateway/local-models). TL;DR: run MiniMax M2.5 via LM Studio nodeManager: "npm", // npm | pnpm | yarn }, entries: { - "nano-banana-pro": { + "image-lab": { apiKey: { source: "env", provider: "default", id: "GEMINI_API_KEY" }, // or plaintext string env: { GEMINI_API_KEY: "GEMINI_KEY_HERE" }, }, @@ -2413,6 +2420,8 @@ See [Local Models](/gateway/local-models). TL;DR: run MiniMax M2.5 via LM Studio - `plugins.entries..apiKey`: plugin-level API key convenience field (when supported by the plugin). - `plugins.entries..env`: plugin-scoped env var map. - `plugins.entries..hooks.allowPromptInjection`: when `false`, core blocks `before_prompt_build` and ignores prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride`. Applies to native plugin hooks and supported bundle-provided hook directories. +- `plugins.entries..subagent.allowModelOverride`: explicitly trust this plugin to request per-run `provider` and `model` overrides for background subagent runs. +- `plugins.entries..subagent.allowedModels`: optional allowlist of canonical `provider/model` targets for trusted subagent overrides. Use `"*"` only when you intentionally want to allow any model. - `plugins.entries..config`: plugin-defined config object (validated by native OpenClaw plugin schema when available). - Enabled Claude bundle plugins can also contribute embedded Pi defaults from `settings.json`; OpenClaw applies those as sanitized agent settings, not as raw OpenClaw config patches. - `plugins.slots.memory`: pick the active memory plugin id, or `"none"` to disable memory plugins. @@ -2606,6 +2615,8 @@ See [Plugins](/tools/plugin). - `gateway.http.endpoints.responses.maxUrlParts` - `gateway.http.endpoints.responses.files.urlAllowlist` - `gateway.http.endpoints.responses.images.urlAllowlist` + Empty allowlists are treated as unset; use `gateway.http.endpoints.responses.files.allowUrl=false` + and/or `gateway.http.endpoints.responses.images.allowUrl=false` to disable URL fetching. - Optional response hardening header: - `gateway.http.securityHeaders.strictTransportSecurity` (set only for HTTPS origins you control; see [Trusted Proxy Auth](/gateway/trusted-proxy-auth#tls-termination-and-hsts)) @@ -2950,7 +2961,7 @@ Notes: ## Wizard -Metadata written by CLI wizards (`onboard`, `configure`, `doctor`): +Metadata written by CLI guided setup flows (`onboard`, `configure`, `doctor`): ```json5 { diff --git a/docs/gateway/configuration.md b/docs/gateway/configuration.md index a699e74652f..d15efb3384b 100644 --- a/docs/gateway/configuration.md +++ b/docs/gateway/configuration.md @@ -38,7 +38,7 @@ See the [full reference](/gateway/configuration-reference) for every available f ```bash - openclaw onboard # full setup wizard + openclaw onboard # full onboarding flow openclaw configure # config wizard ``` @@ -597,11 +597,11 @@ Rules: }, skills: { entries: { - "nano-banana-pro": { + "image-lab": { apiKey: { source: "file", provider: "filemain", - id: "/skills/entries/nano-banana-pro/apiKey", + id: "/skills/entries/image-lab/apiKey", }, }, }, diff --git a/docs/gateway/openresponses-http-api.md b/docs/gateway/openresponses-http-api.md index fa86f912ef5..8305da62ee5 100644 --- a/docs/gateway/openresponses-http-api.md +++ b/docs/gateway/openresponses-http-api.md @@ -144,6 +144,8 @@ URL fetch defaults: - Optional hostname allowlists are supported per input type (`files.urlAllowlist`, `images.urlAllowlist`). - Exact host: `"cdn.example.com"` - Wildcard subdomains: `"*.assets.example.com"` (does not match apex) + - Empty or omitted allowlists mean no hostname allowlist restriction. +- To disable URL-based fetches entirely, set `files.allowUrl: false` and/or `images.allowUrl: false`. ## File + image limits (config) diff --git a/docs/gateway/security/index.md b/docs/gateway/security/index.md index 68be08fbed5..5fbd26a826e 100644 --- a/docs/gateway/security/index.md +++ b/docs/gateway/security/index.md @@ -243,7 +243,10 @@ High-signal `checkId` values you will most likely see in real deployments (not e | `gateway.real_ip_fallback_enabled` | warn/critical | Trusting `X-Real-IP` fallback can enable source-IP spoofing via proxy misconfig | `gateway.allowRealIpFallback`, `gateway.trustedProxies` | no | | `discovery.mdns_full_mode` | warn/critical | mDNS full mode advertises `cliPath`/`sshPort` metadata on local network | `discovery.mdns.mode`, `gateway.bind` | no | | `config.insecure_or_dangerous_flags` | warn | Any insecure/dangerous debug flags enabled | multiple keys (see finding detail) | no | +| `hooks.token_reuse_gateway_token` | critical | Hook ingress token also unlocks Gateway auth | `hooks.token`, `gateway.auth.token` | no | | `hooks.token_too_short` | warn | Easier brute force on hook ingress | `hooks.token` | no | +| `hooks.default_session_key_unset` | warn | Hook agent runs fan out into generated per-request sessions | `hooks.defaultSessionKey` | no | +| `hooks.allowed_agent_ids_unrestricted` | warn/critical | Authenticated hook callers may route to any configured agent | `hooks.allowedAgentIds` | no | | `hooks.request_session_key_enabled` | warn/critical | External caller can choose sessionKey | `hooks.allowRequestSessionKey` | no | | `hooks.request_session_key_prefixes_missing` | warn/critical | No bound on external session key shapes | `hooks.allowedSessionKeyPrefixes` | no | | `logging.redact_off` | warn | Sensitive values leak to logs/status | `logging.redactSensitive` | yes | @@ -355,6 +358,7 @@ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - If the gateway itself terminates HTTPS, you can set `gateway.http.securityHeaders.strictTransportSecurity` to emit the HSTS header from OpenClaw responses. - Detailed deployment guidance is in [Trusted Proxy Auth](/gateway/trusted-proxy-auth#tls-termination-and-hsts). - For non-loopback Control UI deployments, `gateway.controlUi.allowedOrigins` is required by default. +- `gateway.controlUi.allowedOrigins: ["*"]` is an explicit allow-all browser-origin policy, not a hardened default. Avoid it outside tightly controlled local testing. - `gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback=true` enables Host-header origin fallback mode; treat it as a dangerous operator-selected policy. - Treat DNS rebinding and proxy-host header behavior as deployment hardening concerns; keep `trustedProxies` tight and avoid exposing the gateway directly to the public internet. @@ -568,6 +572,8 @@ tool calls. Reduce the blast radius by: - For OpenResponses URL inputs (`input_file` / `input_image`), set tight `gateway.http.endpoints.responses.files.urlAllowlist` and `gateway.http.endpoints.responses.images.urlAllowlist`, and keep `maxUrlParts` low. + Empty allowlists are treated as unset; use `files.allowUrl: false` / `images.allowUrl: false` + if you want to disable URL fetching entirely. - Enabling sandboxing and strict tool allowlists for any agent that touches untrusted input. - Keeping secrets out of prompts; pass them via env/config on the gateway host instead. @@ -738,7 +744,7 @@ In minimal mode, the Gateway still broadcasts enough for device discovery (`role Gateway auth is **required by default**. If no token/password is configured, the Gateway refuses WebSocket connections (fail‑closed). -The setup wizard generates a token by default (even for loopback) so +Onboarding generates a token by default (even for loopback) so local clients must authenticate. Set a token so **all** WS clients must authenticate: diff --git a/docs/help/faq.md b/docs/help/faq.md index b32b1aac8c5..cc52aafd604 100644 --- a/docs/help/faq.md +++ b/docs/help/faq.md @@ -36,7 +36,7 @@ Quick answers plus deeper troubleshooting for real-world setups (local dev, VPS, - [How do I install OpenClaw on a VPS?](#how-do-i-install-openclaw-on-a-vps) - [Where are the cloud/VPS install guides?](#where-are-the-cloudvps-install-guides) - [Can I ask OpenClaw to update itself?](#can-i-ask-openclaw-to-update-itself) - - [What does the setup wizard actually do?](#what-does-the-setup-wizard-actually-do) + - [What does onboarding actually do?](#what-does-onboarding-actually-do) - [Do I need a Claude or OpenAI subscription to run this?](#do-i-need-a-claude-or-openai-subscription-to-run-this) - [Can I use Claude Max subscription without an API key](#can-i-use-claude-max-subscription-without-an-api-key) - [How does Anthropic "setup-token" auth work?](#how-does-anthropic-setuptoken-auth-work) @@ -317,7 +317,7 @@ Install docs: [Install](/install), [Installer flags](/install/installer), [Updat ### What's the recommended way to install and set up OpenClaw -The repo recommends running from source and using the setup wizard: +The repo recommends running from source and using onboarding: ```bash curl -fsSL https://openclaw.ai/install.sh | bash @@ -627,7 +627,7 @@ More detail: [Install](/install) and [Installer flags](/install/installer). ### How do I install OpenClaw on Linux -Short answer: follow the Linux guide, then run the setup wizard. +Short answer: follow the Linux guide, then run onboarding. - Linux quick path + service install: [Linux](/platforms/linux). - Full walkthrough: [Getting Started](/start/getting-started). @@ -685,7 +685,7 @@ openclaw gateway restart Docs: [Update](/cli/update), [Updating](/install/updating). -### What does the setup wizard actually do +### What does onboarding actually do `openclaw onboard` is the recommended setup path. In **local mode** it walks you through: @@ -723,7 +723,7 @@ If you want the clearest and safest supported path for production, use an Anthro ### How does Anthropic setuptoken auth work -`claude setup-token` generates a **token string** via the Claude Code CLI (it is not available in the web console). You can run it on **any machine**. Choose **Anthropic token (paste setup-token)** in the wizard or paste it with `openclaw models auth paste-token --provider anthropic`. The token is stored as an auth profile for the **anthropic** provider and used like an API key (no auto-refresh). More detail: [OAuth](/concepts/oauth). +`claude setup-token` generates a **token string** via the Claude Code CLI (it is not available in the web console). You can run it on **any machine**. Choose **Anthropic token (paste setup-token)** in onboarding or paste it with `openclaw models auth paste-token --provider anthropic`. The token is stored as an auth profile for the **anthropic** provider and used like an API key (no auto-refresh). More detail: [OAuth](/concepts/oauth). ### Where do I find an Anthropic setuptoken @@ -733,7 +733,7 @@ It is **not** in the Anthropic Console. The setup-token is generated by the **Cl claude setup-token ``` -Copy the token it prints, then choose **Anthropic token (paste setup-token)** in the wizard. If you want to run it on the gateway host, use `openclaw models auth setup-token --provider anthropic`. If you ran `claude setup-token` elsewhere, paste it on the gateway host with `openclaw models auth paste-token --provider anthropic`. See [Anthropic](/providers/anthropic). +Copy the token it prints, then choose **Anthropic token (paste setup-token)** in onboarding. If you want to run it on the gateway host, use `openclaw models auth setup-token --provider anthropic`. If you ran `claude setup-token` elsewhere, paste it on the gateway host with `openclaw models auth paste-token --provider anthropic`. See [Anthropic](/providers/anthropic). ### Do you support Claude subscription auth (Claude Pro or Max) @@ -767,15 +767,15 @@ Yes - via pi-ai's **Amazon Bedrock (Converse)** provider with **manual config**. ### How does Codex auth work -OpenClaw supports **OpenAI Code (Codex)** via OAuth (ChatGPT sign-in). The wizard can run the OAuth flow and will set the default model to `openai-codex/gpt-5.4` when appropriate. See [Model providers](/concepts/model-providers) and [Wizard](/start/wizard). +OpenClaw supports **OpenAI Code (Codex)** via OAuth (ChatGPT sign-in). Onboarding can run the OAuth flow and will set the default model to `openai-codex/gpt-5.4` when appropriate. See [Model providers](/concepts/model-providers) and [Onboarding (CLI)](/start/wizard). ### Do you support OpenAI subscription auth Codex OAuth Yes. OpenClaw fully supports **OpenAI Code (Codex) subscription OAuth**. OpenAI explicitly allows subscription OAuth usage in external tools/workflows -like OpenClaw. The setup wizard can run the OAuth flow for you. +like OpenClaw. Onboarding can run the OAuth flow for you. -See [OAuth](/concepts/oauth), [Model providers](/concepts/model-providers), and [Wizard](/start/wizard). +See [OAuth](/concepts/oauth), [Model providers](/concepts/model-providers), and [Onboarding (CLI)](/start/wizard). ### How do I set up Gemini CLI OAuth @@ -844,7 +844,7 @@ without WhatsApp/Telegram. `channels.telegram.allowFrom` is **the human sender's Telegram user ID** (numeric). It is not the bot username. -The setup wizard accepts `@username` input and resolves it to a numeric ID, but OpenClaw authorization uses numeric IDs only. +Onboarding accepts `@username` input and resolves it to a numeric ID, but OpenClaw authorization uses numeric IDs only. Safer (no third-party bot): @@ -1909,7 +1909,7 @@ openclaw onboard --install-daemon Notes: -- The setup wizard also offers **Reset** if it sees an existing config. See [Wizard](/start/wizard). +- Onboarding also offers **Reset** if it sees an existing config. See [Onboarding (CLI)](/start/wizard). - If you used profiles (`--profile` / `OPENCLAW_PROFILE`), reset each state dir (defaults are `~/.openclaw-`). - Dev reset: `openclaw gateway --dev --reset` (dev-only; wipes dev config + credentials + sessions + workspace). diff --git a/docs/help/testing.md b/docs/help/testing.md index 09388dd769e..2055db4373f 100644 --- a/docs/help/testing.md +++ b/docs/help/testing.md @@ -360,9 +360,33 @@ If you want to rely on env keys (e.g. exported in your `~/.profile`), run local - Enable: `BYTEPLUS_API_KEY=... BYTEPLUS_LIVE_TEST=1 pnpm test:live src/agents/byteplus.live.test.ts` - Optional model override: `BYTEPLUS_CODING_MODEL=ark-code-latest` +## Image generation live + +- Test: `src/image-generation/runtime.live.test.ts` +- Command: `pnpm test:live src/image-generation/runtime.live.test.ts` +- Scope: + - Enumerates every registered image-generation provider plugin + - Loads missing provider env vars from your login shell (`~/.profile`) before probing + - Uses live/env API keys ahead of stored auth profiles by default, so stale test keys in `auth-profiles.json` do not mask real shell credentials + - Skips providers with no usable auth/profile/model + - Runs the stock image-generation variants through the shared runtime capability: + - `google:flash-generate` + - `google:pro-generate` + - `google:pro-edit` + - `openai:default-generate` +- Current bundled providers covered: + - `openai` + - `google` +- Optional narrowing: + - `OPENCLAW_LIVE_IMAGE_GENERATION_PROVIDERS="openai,google"` + - `OPENCLAW_LIVE_IMAGE_GENERATION_MODELS="openai/gpt-image-1,google/gemini-3.1-flash-image-preview"` + - `OPENCLAW_LIVE_IMAGE_GENERATION_CASES="google:flash-generate,google:pro-edit"` +- Optional auth behavior: + - `OPENCLAW_LIVE_REQUIRE_PROFILE_KEYS=1` to force profile-store auth and ignore env-only overrides + ## Docker runners (optional “works in Linux” checks) -These run `pnpm test:live` inside the repo Docker image, mounting your local config dir and workspace (and sourcing `~/.profile` if mounted). They also bind-mount CLI auth homes like `~/.codex`, `~/.claude`, `~/.qwen`, and `~/.minimax` when present so external-CLI OAuth stays available in-container: +These run `pnpm test:live` inside the repo Docker image, mounting your local config dir and workspace (and sourcing `~/.profile` if mounted). They also bind-mount CLI auth homes like `~/.codex`, `~/.claude`, `~/.qwen`, and `~/.minimax` when present, then copy them into the container home before the run so external-CLI OAuth can refresh tokens without mutating the host auth store: - Direct models: `pnpm test:docker:live-models` (script: `scripts/test-live-models-docker.sh`) - Gateway + dev agent: `pnpm test:docker:live-gateway` (script: `scripts/test-live-gateway-models-docker.sh`) @@ -373,6 +397,9 @@ These run `pnpm test:live` inside the repo Docker image, mounting your local con The live-model Docker runners also bind-mount the current checkout read-only and stage it into a temporary workdir inside the container. This keeps the runtime image slim while still running Vitest against your exact local source/config. +`test:docker:live-models` still runs `pnpm test:live`, so pass through +`OPENCLAW_LIVE_GATEWAY_*` as well when you need to narrow or exclude gateway +live coverage from that Docker lane. Manual ACP plain-language thread smoke (not CI): @@ -384,8 +411,9 @@ Useful env vars: - `OPENCLAW_CONFIG_DIR=...` (default: `~/.openclaw`) mounted to `/home/node/.openclaw` - `OPENCLAW_WORKSPACE_DIR=...` (default: `~/.openclaw/workspace`) mounted to `/home/node/.openclaw/workspace` - `OPENCLAW_PROFILE_FILE=...` (default: `~/.profile`) mounted to `/home/node/.profile` and sourced before running tests -- External CLI auth dirs under `$HOME` (`.codex`, `.claude`, `.qwen`, `.minimax`) are mounted read-only to the matching `/home/node/...` paths when present +- External CLI auth dirs under `$HOME` (`.codex`, `.claude`, `.qwen`, `.minimax`) are mounted read-only under `/host-auth/...`, then copied into `/home/node/...` before tests start - `OPENCLAW_LIVE_GATEWAY_MODELS=...` / `OPENCLAW_LIVE_MODELS=...` to narrow the run +- `OPENCLAW_LIVE_GATEWAY_PROVIDERS=...` / `OPENCLAW_LIVE_PROVIDERS=...` to filter providers in-container - `OPENCLAW_LIVE_REQUIRE_PROFILE_KEYS=1` to ensure creds come from the profile store (not env) ## Docs sanity diff --git a/docs/index.md b/docs/index.md index 7c69600f55d..25162bc9676 100644 --- a/docs/index.md +++ b/docs/index.md @@ -33,7 +33,7 @@ title: "OpenClaw" Install OpenClaw and bring up the Gateway in minutes. - + Guided setup with `openclaw onboard` and pairing flows. diff --git a/docs/install/docker.md b/docs/install/docker.md index a9f6b578bd0..f4913a5138a 100644 --- a/docs/install/docker.md +++ b/docs/install/docker.md @@ -51,7 +51,7 @@ From repo root: This script: - builds the gateway image locally (or pulls a remote image if `OPENCLAW_IMAGE` is set) -- runs the setup wizard +- runs onboarding - prints optional provider setup hints - starts the gateway via Docker Compose - generates a gateway token and writes it to `.env` diff --git a/docs/install/index.md b/docs/install/index.md index 21adfdaa592..7130cf9faac 100644 --- a/docs/install/index.md +++ b/docs/install/index.md @@ -33,7 +33,7 @@ For VPS/cloud hosts, avoid third-party "1-click" marketplace images when possibl - Downloads the CLI, installs it globally via npm, and launches the setup wizard. + Downloads the CLI, installs it globally via npm, and launches onboarding. diff --git a/docs/install/northflank.mdx b/docs/install/northflank.mdx index d3157d72e74..03a41d1013b 100644 --- a/docs/install/northflank.mdx +++ b/docs/install/northflank.mdx @@ -21,7 +21,7 @@ and you configure everything via the `/setup` web wizard. ## What you get - Hosted OpenClaw Gateway + Control UI -- Web setup wizard at `/setup` (no terminal commands) +- Web setup at `/setup` (no terminal commands) - Persistent storage via Northflank Volume (`/data`) so config/credentials/workspace survive redeploys ## Setup flow @@ -32,7 +32,7 @@ and you configure everything via the `/setup` web wizard. 4. Click **Run setup**. 5. Open the Control UI at `https:///openclaw` -If Telegram DMs are set to pairing, the setup wizard can approve the pairing code. +If Telegram DMs are set to pairing, web setup can approve the pairing code. ## Getting chat tokens diff --git a/docs/install/railway.mdx b/docs/install/railway.mdx index 73f23fbe48a..1548069b4fd 100644 --- a/docs/install/railway.mdx +++ b/docs/install/railway.mdx @@ -29,13 +29,13 @@ Railway will either: Then open: -- `https:///setup` — setup wizard (password protected) +- `https:///setup` — web setup (password protected) - `https:///openclaw` — Control UI ## What you get - Hosted OpenClaw Gateway + Control UI -- Web setup wizard at `/setup` (no terminal commands) +- Web setup at `/setup` (no terminal commands) - Persistent storage via Railway Volume (`/data`) so config/credentials/workspace survive redeploys - Backup export at `/setup/export` to migrate off Railway later @@ -70,7 +70,7 @@ Set these variables on the service: 3. (Optional) Add Telegram/Discord/Slack tokens. 4. Click **Run setup**. -If Telegram DMs are set to pairing, the setup wizard can approve the pairing code. +If Telegram DMs are set to pairing, web setup can approve the pairing code. ## Getting chat tokens diff --git a/docs/install/render.mdx b/docs/install/render.mdx index ae945687025..7e43bfca012 100644 --- a/docs/install/render.mdx +++ b/docs/install/render.mdx @@ -73,7 +73,7 @@ The Blueprint defaults to `starter`. To use free tier, change `plan: free` in yo ## After deployment -### Complete the setup wizard +### Complete web setup 1. Navigate to `https://.onrender.com/setup` 2. Enter your `SETUP_PASSWORD` diff --git a/docs/install/updating.md b/docs/install/updating.md index a8161cc07f0..dd3128c553e 100644 --- a/docs/install/updating.md +++ b/docs/install/updating.md @@ -22,7 +22,7 @@ curl -fsSL https://openclaw.ai/install.sh | bash Notes: -- Add `--no-onboard` if you don’t want the setup wizard to run again. +- Add `--no-onboard` if you don’t want onboarding to run again. - For **source installs**, use: ```bash diff --git a/docs/nodes/media-understanding.md b/docs/nodes/media-understanding.md index dae748633bd..ab3701387be 100644 --- a/docs/nodes/media-understanding.md +++ b/docs/nodes/media-understanding.md @@ -10,6 +10,10 @@ title: "Media Understanding" OpenClaw can **summarize inbound media** (image/audio/video) before the reply pipeline runs. It auto‑detects when local tools or provider keys are available, and can be disabled or customized. If understanding is off, models still receive the original files/URLs as usual. +Vendor-specific media behavior is registered by vendor plugins, while OpenClaw +core owns the shared `tools.media` config, fallback order, and reply-pipeline +integration. + ## Goals - Optional: pre‑digest inbound media into short text for faster routing + better command parsing. @@ -184,7 +188,10 @@ If you set `capabilities`, the entry only runs for those media types. For shared lists, OpenClaw can infer defaults: - `openai`, `anthropic`, `minimax`: **image** +- `moonshot`: **image + video** - `google` (Gemini API): **image + audio + video** +- `mistral`: **audio** +- `zai`: **image** - `groq`: **audio** - `deepgram`: **audio** @@ -193,11 +200,11 @@ If you omit `capabilities`, the entry is eligible for the list it appears in. ## Provider support matrix (OpenClaw integrations) -| Capability | Provider integration | Notes | -| ---------- | ------------------------------------------------ | --------------------------------------------------------- | -| Image | OpenAI / Anthropic / Google / others via `pi-ai` | Any image-capable model in the registry works. | -| Audio | OpenAI, Groq, Deepgram, Google, Mistral | Provider transcription (Whisper/Deepgram/Gemini/Voxtral). | -| Video | Google (Gemini API) | Provider video understanding. | +| Capability | Provider integration | Notes | +| ---------- | -------------------------------------------------- | ----------------------------------------------------------------------- | +| Image | OpenAI, Anthropic, Google, MiniMax, Moonshot, Z.AI | Vendor plugins register image support against core media understanding. | +| Audio | OpenAI, Groq, Deepgram, Google, Mistral | Provider transcription (Whisper/Deepgram/Gemini/Voxtral). | +| Video | Google, Moonshot | Provider video understanding via vendor plugins. | ## Model selection guidance diff --git a/docs/platforms/raspberry-pi.md b/docs/platforms/raspberry-pi.md index 2050b6395b4..7b5e22f89c6 100644 --- a/docs/platforms/raspberry-pi.md +++ b/docs/platforms/raspberry-pi.md @@ -321,7 +321,7 @@ Since the Pi is just the Gateway (models run in the cloud), use API-based models ## Auto-Start on Boot -The setup wizard sets this up, but to verify: +Onboarding sets this up, but to verify: ```bash # Check service is enabled diff --git a/docs/plugins/bundles.md b/docs/plugins/bundles.md index 2fad626ccfe..bc6bc49e5a0 100644 --- a/docs/plugins/bundles.md +++ b/docs/plugins/bundles.md @@ -104,11 +104,15 @@ loader. Cursor command markdown works through the same path. - `HOOK.md` - `handler.ts` or `handler.js` -#### MCP for CLI backends +#### MCP for Pi - enabled bundles can contribute MCP server config -- current runtime wiring is used by the `claude-cli` backend -- OpenClaw merges bundle MCP config into the backend `--mcp-config` file +- OpenClaw merges bundle MCP config into the effective embedded Pi settings as + `mcpServers` +- OpenClaw also exposes supported bundle MCP tools during embedded Pi agent + turns by launching supported stdio MCP servers as subprocesses +- project-local Pi settings still apply after bundle defaults, so workspace + settings can override bundle MCP entries when needed #### Embedded Pi settings @@ -133,7 +137,6 @@ diagnostics/info output, but OpenClaw does not run them yet: - Cursor `.cursor/agents` - Cursor `.cursor/hooks.json` - Cursor `.cursor/rules` -- Cursor `mcpServers` outside the current mapped runtime paths - Codex inline/app metadata beyond capability reporting ## Capability reporting @@ -153,7 +156,8 @@ Current exceptions: - Claude `commands` is considered supported because it maps to skills - Claude `settings` is considered supported because it maps to embedded Pi settings - Cursor `commands` is considered supported because it maps to skills -- bundle MCP is considered supported where OpenClaw actually imports it +- bundle MCP is considered supported because it maps into embedded Pi settings + and exposes supported stdio tools to embedded Pi - Codex `hooks` is considered supported only for OpenClaw hook-pack layouts ## Format differences @@ -195,6 +199,8 @@ Claude-specific notes: - `commands/` is treated like skill content - `settings.json` is imported into embedded Pi settings +- `.mcp.json` and manifest `mcpServers` can expose supported stdio tools to + embedded Pi - `hooks/hooks.json` is detected, but not executed as Claude automation ### Cursor @@ -246,7 +252,9 @@ Current behavior: - bundle discovery reads files inside the plugin root with boundary checks - skills and hook-pack paths must stay inside the plugin root - bundle settings files are read with the same boundary checks -- OpenClaw does not execute arbitrary bundle runtime code in-process +- supported stdio bundle MCP servers may be launched as subprocesses for + embedded Pi tool calls +- OpenClaw does not load arbitrary bundle runtime modules in-process This makes bundle support safer by default than native plugin modules, but you should still treat third-party bundles as trusted content for the features they diff --git a/docs/plugins/voice-call.md b/docs/plugins/voice-call.md index 14198fdba36..531b6c48595 100644 --- a/docs/plugins/voice-call.md +++ b/docs/plugins/voice-call.md @@ -204,7 +204,7 @@ Example with a stable public host: ## TTS for calls -Voice Call uses the core `messages.tts` configuration (OpenAI or ElevenLabs) for +Voice Call uses the core `messages.tts` configuration for streaming speech on calls. You can override it under the plugin config with the **same shape** — it deep‑merges with `messages.tts`. @@ -222,7 +222,7 @@ streaming speech on calls. You can override it under the plugin config with the Notes: -- **Edge TTS is ignored for voice calls** (telephony audio needs PCM; Edge output is unreliable). +- **Microsoft speech is ignored for voice calls** (telephony audio needs PCM; the current Microsoft transport does not expose telephony PCM output). - Core TTS is used when Twilio media streaming is enabled; otherwise calls fall back to provider native voices. ### More examples diff --git a/docs/providers/ollama.md b/docs/providers/ollama.md index 5a1eb2bd27e..c3ea5aa7d3c 100644 --- a/docs/providers/ollama.md +++ b/docs/providers/ollama.md @@ -16,15 +16,15 @@ Ollama is a local LLM runtime that makes it easy to run open-source models on yo ## Quick start -### Onboarding wizard (recommended) +### Onboarding (recommended) -The fastest way to set up Ollama is through the setup wizard: +The fastest way to set up Ollama is through onboarding: ```bash openclaw onboard ``` -Select **Ollama** from the provider list. The wizard will: +Select **Ollama** from the provider list. Onboarding will: 1. Ask for the Ollama base URL where your instance can be reached (default `http://127.0.0.1:11434`). 2. Let you choose **Cloud + Local** (cloud models and local models) or **Local** (local models only). diff --git a/docs/refactor/plugin-sdk.md b/docs/refactor/plugin-sdk.md index 5a630982a97..edf79de266d 100644 --- a/docs/refactor/plugin-sdk.md +++ b/docs/refactor/plugin-sdk.md @@ -213,7 +213,33 @@ Notes: Related docs: [Plugins](/tools/plugin), [Channels](/channels/index), [Configuration](/gateway/configuration). -## Implemented channel-owned seams +## Capability plan alignment + +The plugin SDK refactor now aligns with the public capability model documented +in [Plugins](/tools/plugin#public-capability-model). + +Key decisions: + +- Capabilities are the public plugin model. Registration is explicit and typed. +- Legacy hook-only plugins remain supported without migration. +- Plugin shapes (plain-capability, hybrid-capability, hook-only, non-capability) + are classified from actual registration behavior. +- `openclaw plugins inspect` provides canonical deep introspection for any + loaded plugin, showing shape, capabilities, hooks, tools, and diagnostics. +- Export boundary: export capabilities, not implementation convenience. Trim + non-contract helper exports. + +Required test matrix for the capability model: + +- hook-only legacy plugin fixture +- plain capability plugin fixture +- hybrid capability plugin fixture +- real-world legacy hook-style plugin fixture +- `before_agent_start` still works +- typed hooks remain additive +- capability usage and plugin shape are inspectable + +## Implemented channel-owned capabilities Recent refactor work widened the channel plugin contract so core can stop owning channel-specific UX and routing behavior: @@ -234,5 +260,5 @@ channel-specific UX and routing behavior: config mutation/removal - `allowlist.supportsScope`: channel-owned allowlist scope advertisement -These hooks should be preferred over new `channel === "discord"` / `telegram` -branches in shared core flows. +These capabilities should be preferred over new `channel === "discord"` / +`telegram` branches in shared core flows. diff --git a/docs/reference/wizard.md b/docs/reference/wizard.md index 5bfa3da7f9f..fce13301ea9 100644 --- a/docs/reference/wizard.md +++ b/docs/reference/wizard.md @@ -1,24 +1,24 @@ --- -summary: "Full reference for the CLI setup wizard: every step, flag, and config field" +summary: "Full reference for CLI onboarding: every step, flag, and config field" read_when: - - Looking up a specific wizard step or flag + - Looking up a specific onboarding step or flag - Automating onboarding with non-interactive mode - - Debugging wizard behavior -title: "Setup Wizard Reference" -sidebarTitle: "Wizard Reference" + - Debugging onboarding behavior +title: "Onboarding Reference" +sidebarTitle: "Onboarding Reference" --- -# Setup Wizard Reference +# Onboarding Reference -This is the full reference for the `openclaw onboard` CLI wizard. -For a high-level overview, see [Setup Wizard](/start/wizard). +This is the full reference for `openclaw onboard`. +For a high-level overview, see [Onboarding (CLI)](/start/wizard). ## Flow details (local mode) - If `~/.openclaw/openclaw.json` exists, choose **Keep / Modify / Reset**. - - Re-running the wizard does **not** wipe anything unless you explicitly choose **Reset** + - Re-running onboarding does **not** wipe anything unless you explicitly choose **Reset** (or pass `--reset`). - CLI `--reset` defaults to `config+creds+sessions`; use `--reset-scope full` to also remove workspace. @@ -31,9 +31,9 @@ For a high-level overview, see [Setup Wizard](/start/wizard). - **Anthropic API key**: uses `ANTHROPIC_API_KEY` if present or prompts for a key, then saves it for daemon use. - - **Anthropic OAuth (Claude Code CLI)**: on macOS the wizard checks Keychain item "Claude Code-credentials" (choose "Always Allow" so launchd starts don't block); on Linux/Windows it reuses `~/.claude/.credentials.json` if present. + - **Anthropic OAuth (Claude Code CLI)**: on macOS onboarding checks Keychain item "Claude Code-credentials" (choose "Always Allow" so launchd starts don't block); on Linux/Windows it reuses `~/.claude/.credentials.json` if present. - **Anthropic token (paste setup-token)**: run `claude setup-token` on any machine, then paste the token (you can name it; blank = default). - - **OpenAI Code (Codex) subscription (Codex CLI)**: if `~/.codex/auth.json` exists, the wizard can reuse it. + - **OpenAI Code (Codex) subscription (Codex CLI)**: if `~/.codex/auth.json` exists, onboarding can reuse it. - **OpenAI Code (Codex) subscription (OAuth)**: browser flow; paste the `code#state`. - Sets `agents.defaults.model` to `openai-codex/gpt-5.2` when model is unset or `openai/*`. - **OpenAI API key**: uses `OPENAI_API_KEY` if present or prompts for a key, then stores it in auth profiles. @@ -55,7 +55,7 @@ For a high-level overview, see [Setup Wizard](/start/wizard). - More detail: [Moonshot AI (Kimi + Kimi Coding)](/providers/moonshot) - **Skip**: no auth configured yet. - Pick a default model from detected options (or enter provider/model manually). For best quality and lower prompt-injection risk, choose the strongest latest-generation model available in your provider stack. - - Wizard runs a model check and warns if the configured model is unknown or missing auth. + - Onboarding runs a model check and warns if the configured model is unknown or missing auth. - API key storage mode defaults to plaintext auth-profile values. Use `--secret-input-mode ref` to store env-backed refs instead (for example `keyRef: { source: "env", provider: "default", id: "OPENAI_API_KEY" }`). - OAuth credentials live in `~/.openclaw/credentials/oauth.json`; auth profiles live in `~/.openclaw/agents//agent/auth-profiles.json` (API keys + OAuth). - More detail: [/concepts/oauth](/concepts/oauth) @@ -106,7 +106,7 @@ For a high-level overview, see [Setup Wizard](/start/wizard). - macOS: LaunchAgent - Requires a logged-in user session; for headless, use a custom LaunchDaemon (not shipped). - Linux (and Windows via WSL2): systemd user unit - - Wizard attempts to enable lingering via `loginctl enable-linger ` so the Gateway stays up after logout. + - Onboarding attempts to enable lingering via `loginctl enable-linger ` so the Gateway stays up after logout. - May prompt for sudo (writes `/var/lib/systemd/linger`); it tries without sudo first. - **Runtime selection:** Node (recommended; required for WhatsApp/Telegram). Bun is **not recommended**. - If token auth requires a token and `gateway.auth.token` is SecretRef-managed, daemon install validates it but does not persist resolved plaintext token values into supervisor service environment metadata. @@ -128,8 +128,8 @@ For a high-level overview, see [Setup Wizard](/start/wizard). -If no GUI is detected, the wizard prints SSH port-forward instructions for the Control UI instead of opening a browser. -If the Control UI assets are missing, the wizard attempts to build them; fallback is `pnpm ui:build` (auto-installs UI deps). +If no GUI is detected, onboarding prints SSH port-forward instructions for the Control UI instead of opening a browser. +If the Control UI assets are missing, onboarding attempts to build them; fallback is `pnpm ui:build` (auto-installs UI deps). ## Non-interactive mode @@ -183,12 +183,12 @@ openclaw agents add work \ ## Gateway wizard RPC -The Gateway exposes the wizard flow over RPC (`wizard.start`, `wizard.next`, `wizard.cancel`, `wizard.status`). +The Gateway exposes the onboarding flow over RPC (`wizard.start`, `wizard.next`, `wizard.cancel`, `wizard.status`). Clients (macOS app, Control UI) can render steps without re‑implementing onboarding logic. ## Signal setup (signal-cli) -The wizard can install `signal-cli` from GitHub releases: +Onboarding can install `signal-cli` from GitHub releases: - Downloads the appropriate release asset. - Stores it under `~/.openclaw/tools/signal-cli//`. @@ -223,12 +223,12 @@ Typical fields in `~/.openclaw/openclaw.json`: WhatsApp credentials go under `~/.openclaw/credentials/whatsapp//`. Sessions are stored under `~/.openclaw/agents//sessions/`. -Some channels are delivered as plugins. When you pick one during setup, the wizard +Some channels are delivered as plugins. When you pick one during setup, onboarding will prompt to install it (npm or a local path) before it can be configured. ## Related docs -- Wizard overview: [Setup Wizard](/start/wizard) +- Onboarding overview: [Onboarding (CLI)](/start/wizard) - macOS app onboarding: [Onboarding](/start/onboarding) - Config reference: [Gateway configuration](/gateway/configuration) - Providers: [WhatsApp](/channels/whatsapp), [Telegram](/channels/telegram), [Discord](/channels/discord), [Google Chat](/channels/googlechat), [Signal](/channels/signal), [BlueBubbles](/channels/bluebubbles) (iMessage), [iMessage](/channels/imessage) (legacy) diff --git a/docs/start/getting-started.md b/docs/start/getting-started.md index 3fc64e5087d..bd3f554cdc4 100644 --- a/docs/start/getting-started.md +++ b/docs/start/getting-started.md @@ -52,13 +52,13 @@ Check your Node version with `node --version` if you are unsure. - + ```bash openclaw onboard --install-daemon ``` - The wizard configures auth, gateway settings, and optional channels. - See [Setup Wizard](/start/wizard) for details. + Onboarding configures auth, gateway settings, and optional channels. + See [Onboarding (CLI)](/start/wizard) for details. @@ -114,8 +114,8 @@ Full environment variable reference: [Environment vars](/help/environment). ## Go deeper - - Full CLI wizard reference and advanced options. + + Full CLI onboarding reference and advanced options. First run flow for the macOS app. diff --git a/docs/start/hubs.md b/docs/start/hubs.md index 9833b467378..882f547f65a 100644 --- a/docs/start/hubs.md +++ b/docs/start/hubs.md @@ -19,7 +19,7 @@ Use these hubs to discover every page, including deep dives and reference docs t - [Getting Started](/start/getting-started) - [Quick start](/start/quickstart) - [Onboarding](/start/onboarding) -- [Wizard](/start/wizard) +- [Onboarding (CLI)](/start/wizard) - [Setup](/start/setup) - [Dashboard (local Gateway)](http://127.0.0.1:18789/) - [Help](/help) diff --git a/docs/start/onboarding-overview.md b/docs/start/onboarding-overview.md index 1e94a4db64a..1e60ce9cef5 100644 --- a/docs/start/onboarding-overview.md +++ b/docs/start/onboarding-overview.md @@ -14,21 +14,21 @@ and how you prefer to configure providers. ## Choose your onboarding path -- **CLI wizard** for macOS, Linux, and Windows (via WSL2). +- **CLI onboarding** for macOS, Linux, and Windows (via WSL2). - **macOS app** for a guided first run on Apple silicon or Intel Macs. -## CLI setup wizard +## CLI onboarding -Run the wizard in a terminal: +Run onboarding in a terminal: ```bash openclaw onboard ``` -Use the CLI wizard when you want full control of the Gateway, workspace, +Use CLI onboarding when you want full control of the Gateway, workspace, channels, and skills. Docs: -- [Setup Wizard (CLI)](/start/wizard) +- [Onboarding (CLI)](/start/wizard) - [`openclaw onboard` command](/cli/onboard) ## macOS app onboarding @@ -41,7 +41,7 @@ Use the OpenClaw app when you want a fully guided setup on macOS. Docs: If you need an endpoint that is not listed, including hosted providers that expose standard OpenAI or Anthropic APIs, choose **Custom Provider** in the -CLI wizard. You will be asked to: +CLI onboarding. You will be asked to: - Pick OpenAI-compatible, Anthropic-compatible, or **Unknown** (auto-detect). - Enter a base URL and API key (if required by the provider). diff --git a/docs/start/quickstart.md b/docs/start/quickstart.md index 238af2881e3..f4b96893fe6 100644 --- a/docs/start/quickstart.md +++ b/docs/start/quickstart.md @@ -16,7 +16,7 @@ Quick start is now part of [Getting Started](/start/getting-started). Install OpenClaw and run your first chat in minutes. - - Full CLI wizard reference and advanced options. + + Full CLI onboarding reference and advanced options. diff --git a/docs/start/setup.md b/docs/start/setup.md index bf127cc0ad0..7e3ec6dfc2d 100644 --- a/docs/start/setup.md +++ b/docs/start/setup.md @@ -10,7 +10,7 @@ title: "Setup" If you are setting up for the first time, start with [Getting Started](/start/getting-started). -For wizard details, see [Onboarding Wizard](/start/wizard). +For onboarding details, see [Onboarding (CLI)](/start/wizard). Last updated: 2026-01-01 diff --git a/docs/start/wizard-cli-automation.md b/docs/start/wizard-cli-automation.md index 884d49e143b..f373f3d4bc6 100644 --- a/docs/start/wizard-cli-automation.md +++ b/docs/start/wizard-cli-automation.md @@ -33,7 +33,7 @@ openclaw onboard --non-interactive \ Add `--json` for a machine-readable summary. Use `--secret-input-mode ref` to store env-backed refs in auth profiles instead of plaintext values. -Interactive selection between env refs and configured provider refs (`file` or `exec`) is available in the setup wizard flow. +Interactive selection between env refs and configured provider refs (`file` or `exec`) is available in the onboarding flow. In non-interactive `ref` mode, provider env vars must be set in the process environment. Passing inline key flags without the matching env var now fails fast. @@ -210,6 +210,6 @@ Notes: ## Related docs -- Onboarding hub: [Setup Wizard (CLI)](/start/wizard) +- Onboarding hub: [Onboarding (CLI)](/start/wizard) - Full reference: [CLI Setup Reference](/start/wizard-cli-reference) - Command reference: [`openclaw onboard`](/cli/onboard) diff --git a/docs/start/wizard-cli-reference.md b/docs/start/wizard-cli-reference.md index 36bd836a13f..a08204c0f20 100644 --- a/docs/start/wizard-cli-reference.md +++ b/docs/start/wizard-cli-reference.md @@ -10,7 +10,7 @@ sidebarTitle: "CLI reference" # CLI Setup Reference This page is the full reference for `openclaw onboard`. -For the short guide, see [Setup Wizard (CLI)](/start/wizard). +For the short guide, see [Onboarding (CLI)](/start/wizard). ## What the wizard does @@ -294,6 +294,6 @@ Signal setup behavior: ## Related docs -- Onboarding hub: [Setup Wizard (CLI)](/start/wizard) +- Onboarding hub: [Onboarding (CLI)](/start/wizard) - Automation and scripts: [CLI Automation](/start/wizard-cli-automation) - Command reference: [`openclaw onboard`](/cli/onboard) diff --git a/docs/start/wizard.md b/docs/start/wizard.md index 7bbe9df64cf..3ea6ff55255 100644 --- a/docs/start/wizard.md +++ b/docs/start/wizard.md @@ -1,15 +1,15 @@ --- -summary: "CLI setup wizard: guided setup for gateway, workspace, channels, and skills" +summary: "CLI onboarding: guided setup for gateway, workspace, channels, and skills" read_when: - - Running or configuring the setup wizard + - Running or configuring CLI onboarding - Setting up a new machine -title: "Setup Wizard (CLI)" +title: "Onboarding (CLI)" sidebarTitle: "Onboarding: CLI" --- -# Setup Wizard (CLI) +# Onboarding (CLI) -The setup wizard is the **recommended** way to set up OpenClaw on macOS, +CLI onboarding is the **recommended** way to set up OpenClaw on macOS, Linux, or Windows (via WSL2; strongly recommended). It configures a local Gateway or a remote Gateway connection, plus channels, skills, and workspace defaults in one guided flow. @@ -35,7 +35,7 @@ openclaw agents add -The setup wizard includes a web search step where you can pick a provider +CLI onboarding includes a web search step where you can pick a provider (Perplexity, Brave, Gemini, Grok, or Kimi) and paste your API key so the agent can use `web_search`. You can also configure this later with `openclaw configure --section web`. Docs: [Web tools](/tools/web). @@ -43,7 +43,7 @@ can use `web_search`. You can also configure this later with ## QuickStart vs Advanced -The wizard starts with **QuickStart** (defaults) vs **Advanced** (full control). +Onboarding starts with **QuickStart** (defaults) vs **Advanced** (full control). @@ -61,7 +61,7 @@ The wizard starts with **QuickStart** (defaults) vs **Advanced** (full control). -## What the wizard configures +## What onboarding configures **Local mode (default)** walks you through these steps: @@ -84,9 +84,9 @@ The wizard starts with **QuickStart** (defaults) vs **Advanced** (full control). 7. **Skills** — Installs recommended skills and optional dependencies. -Re-running the wizard does **not** wipe anything unless you explicitly choose **Reset** (or pass `--reset`). +Re-running onboarding does **not** wipe anything unless you explicitly choose **Reset** (or pass `--reset`). CLI `--reset` defaults to config, credentials, and sessions; use `--reset-scope full` to include workspace. -If the config is invalid or contains legacy keys, the wizard asks you to run `openclaw doctor` first. +If the config is invalid or contains legacy keys, onboarding asks you to run `openclaw doctor` first. **Remote mode** only configures the local client to connect to a Gateway elsewhere. @@ -95,7 +95,7 @@ It does **not** install or change anything on the remote host. ## Add another agent Use `openclaw agents add ` to create a separate agent with its own workspace, -sessions, and auth profiles. Running without `--workspace` launches the wizard. +sessions, and auth profiles. Running without `--workspace` launches onboarding. What it sets: @@ -106,7 +106,7 @@ What it sets: Notes: - Default workspaces follow `~/.openclaw/workspace-`. -- Add `bindings` to route inbound messages (the wizard can do this). +- Add `bindings` to route inbound messages (onboarding can do this). - Non-interactive flags: `--model`, `--agent-dir`, `--bind`, `--non-interactive`. ## Full reference @@ -115,7 +115,7 @@ For detailed step-by-step breakdowns and config outputs, see [CLI Setup Reference](/start/wizard-cli-reference). For non-interactive examples, see [CLI Automation](/start/wizard-cli-automation). For the deeper technical reference, including RPC details, see -[Wizard Reference](/reference/wizard). +[Onboarding Reference](/reference/wizard). ## Related docs diff --git a/docs/tools/capability-cookbook.md b/docs/tools/capability-cookbook.md new file mode 100644 index 00000000000..5cfc94ef3c0 --- /dev/null +++ b/docs/tools/capability-cookbook.md @@ -0,0 +1,112 @@ +--- +summary: "Cookbook for adding a new shared capability to OpenClaw" +read_when: + - Adding a new core capability and plugin seam + - Deciding whether code belongs in core, a vendor plugin, or a feature plugin + - Wiring a new runtime helper for channels or tools +title: "Capability Cookbook" +--- + +# Capability Cookbook + +Use this when OpenClaw needs a new domain such as image generation, video +generation, or some future vendor-backed feature area. + +The rule: + +- plugin = ownership boundary +- capability = shared core contract + +That means you should not start by wiring a vendor directly into a channel or a +tool. Start by defining the capability. + +## When to create a capability + +Create a new capability when all of these are true: + +1. more than one vendor could plausibly implement it +2. channels, tools, or feature plugins should consume it without caring about + the vendor +3. core needs to own fallback, policy, config, or delivery behavior + +If the work is vendor-only and no shared contract exists yet, stop and define +the contract first. + +## The standard sequence + +1. Define the typed core contract. +2. Add plugin registration for that contract. +3. Add a shared runtime helper. +4. Wire one real vendor plugin as proof. +5. Move feature/channel consumers onto the runtime helper. +6. Add contract tests. +7. Document the operator-facing config and ownership model. + +## What goes where + +Core: + +- request/response types +- provider registry + resolution +- fallback behavior +- config schema and labels/help +- runtime helper surface + +Vendor plugin: + +- vendor API calls +- vendor auth handling +- vendor-specific request normalization +- registration of the capability implementation + +Feature/channel plugin: + +- calls `api.runtime.*` or the matching `plugin-sdk/*-runtime` helper +- never calls a vendor implementation directly + +## File checklist + +For a new capability, expect to touch these areas: + +- `src//types.ts` +- `src//...registry/runtime.ts` +- `src/plugins/types.ts` +- `src/plugins/registry.ts` +- `src/plugins/captured-registration.ts` +- `src/plugins/contracts/registry.ts` +- `src/plugins/runtime/types-core.ts` +- `src/plugins/runtime/index.ts` +- `src/plugin-sdk/.ts` +- `src/plugin-sdk/-runtime.ts` +- one or more `extensions//...` +- config/docs/tests + +## Example: image generation + +Image generation follows the standard shape: + +1. core defines `ImageGenerationProvider` +2. core exposes `registerImageGenerationProvider(...)` +3. core exposes `runtime.imageGeneration.generate(...)` +4. the `openai` and `google` plugins register vendor-backed implementations +5. future vendors can register the same contract without changing channels/tools + +The config key is separate from vision-analysis routing: + +- `agents.defaults.imageModel` = analyze images +- `agents.defaults.imageGenerationModel` = generate images + +Keep those separate so fallback and policy remain explicit. + +## Review checklist + +Before shipping a new capability, verify: + +- no channel/tool imports vendor code directly +- the runtime helper is the shared path +- at least one contract test asserts bundled ownership +- config docs name the new model/config key +- plugin docs explain the ownership boundary + +If a PR skips the capability layer and hardcodes vendor behavior into a +channel/tool, send it back and define the contract first. diff --git a/docs/tools/index.md b/docs/tools/index.md index deb42b0d76a..f5eb956f13e 100644 --- a/docs/tools/index.md +++ b/docs/tools/index.md @@ -400,6 +400,31 @@ Notes: - Only available when `agents.defaults.imageModel` is configured (primary or fallbacks), or when an implicit image model can be inferred from your default model + configured auth (best-effort pairing). - Uses the image model directly (independent of the main chat model). +### `image_generate` + +Generate one or more images with the configured or inferred image-generation model. + +Core parameters: + +- `action` (optional: `generate` or `list`; default `generate`) +- `prompt` (required) +- `image` or `images` (optional reference image path/URL for edit mode) +- `model` (optional provider/model override) +- `size` (optional size hint) +- `resolution` (optional `1K|2K|4K` hint) +- `count` (optional, `1-4`, default `1`) + +Notes: + +- Available when `agents.defaults.imageGenerationModel` is configured, or when OpenClaw can infer a compatible image-generation default from your enabled providers plus available auth. +- Explicit `agents.defaults.imageGenerationModel` still wins over any inferred default. +- Use `action: "list"` to inspect registered providers, default models, supported model ids, sizes, resolutions, and edit support. +- Returns local `MEDIA:` lines so channels can deliver the generated files directly. +- Uses the image-generation model directly (independent of the main chat model). +- Google-backed flows support reference-image edits plus explicit `1K|2K|4K` resolution hints. +- When editing and `resolution` is omitted, OpenClaw infers a draft/final resolution from the input image size. +- This is the built-in replacement for the old sample `nano-banana-pro` skill workflow. Use `agents.defaults.imageGenerationModel`, not `skills.entries`, for stock image generation. + ### `pdf` Analyze one or more PDF documents. diff --git a/docs/tools/plugin.md b/docs/tools/plugin.md index ec0247c8d72..be14f5cfb99 100644 --- a/docs/tools/plugin.md +++ b/docs/tools/plugin.md @@ -69,6 +69,97 @@ OpenClaw resolves known Claude marketplace names from `~/.claude/plugins/known_marketplaces.json`. You can also pass an explicit marketplace source with `--marketplace`. +## Conversation binding callbacks + +Plugins that bind a conversation can now react when an approval is resolved. + +Use `api.onConversationBindingResolved(...)` to receive a callback after a bind +request is approved or denied: + +```ts +export default { + id: "my-plugin", + register(api) { + api.onConversationBindingResolved(async (event) => { + if (event.status === "approved") { + // A binding now exists for this plugin + conversation. + console.log(event.binding?.conversationId); + return; + } + + // The request was denied; clear any local pending state. + console.log(event.request.conversation.conversationId); + }); + }, +}; +``` + +Callback payload fields: + +- `status`: `"approved"` or `"denied"` +- `decision`: `"allow-once"`, `"allow-always"`, or `"deny"` +- `binding`: the resolved binding for approved requests +- `request`: the original request summary, detach hint, sender id, and + conversation metadata + +This callback is notification-only. It does not change who is allowed to bind a +conversation, and it runs after core approval handling finishes. + +## Public capability model + +Capabilities are the public plugin model. Every native OpenClaw plugin +registers against one or more capability types: + +| Capability | Registration method | Example plugins | +|---|---|---| +| Text inference | `api.registerProvider(...)` | `openai`, `anthropic` | +| Speech | `api.registerSpeechProvider(...)` | `elevenlabs`, `microsoft` | +| Media understanding | `api.registerMediaUnderstandingProvider(...)` | `openai`, `google` | +| Image generation | `api.registerImageGenerationProvider(...)` | `openai`, `google` | +| Web search | `api.registerWebSearchProvider(...)` | `google` | +| Channel / messaging | `api.registerChannel(...)` | `msteams`, `matrix` | + +A plugin that registers zero capabilities but provides hooks, tools, or +services is a **legacy hook-only** plugin. That shape is still fully supported. + +### Plugin shapes + +OpenClaw classifies every loaded plugin into a shape based on its actual +registration behavior (not just static metadata): + +- **plain-capability** — registers exactly one capability type (for example a + provider-only plugin like `mistral`) +- **hybrid-capability** — registers multiple capability types (for example + `openai` owns text inference, speech, media understanding, and image + generation) +- **hook-only** — registers only hooks (typed or custom), no capabilities, + tools, commands, or services +- **non-capability** — registers tools, commands, services, or routes but no + capabilities + +Use `openclaw plugins inspect ` to see a plugin's shape and capability +breakdown. See [CLI reference](/cli/plugins#inspect) for details. + +### Capability labels + +Plugin capabilities use two stability labels: + +- `public` — stable, documented, and safe to depend on +- `experimental` — may change between releases + +### Legacy hooks + +The `before_agent_start` hook remains supported as a compatibility path for +hook-only plugins. Legacy real-world plugins still depend on it. + +Direction: + +- keep it working +- document it as legacy +- prefer `before_model_resolve` for model/provider override work +- prefer `before_prompt_build` for prompt mutation work +- remove only after real usage drops and fixture coverage proves migration safety + ## Architecture OpenClaw's plugin system has four layers: @@ -97,6 +188,171 @@ The important design boundary: That split lets OpenClaw validate config, explain missing/disabled plugins, and build UI/schema hints before the full runtime is active. +## Capability ownership model + +OpenClaw treats a native plugin as the ownership boundary for a **company** or a +**feature**, not as a grab bag of unrelated integrations. + +That means: + +- a company plugin should usually own all of that company's OpenClaw-facing + surfaces +- a feature plugin should usually own the full feature surface it introduces +- channels should consume shared core capabilities instead of re-implementing + provider behavior ad hoc + +Examples: + +- the bundled `openai` plugin owns OpenAI model-provider behavior and OpenAI + speech + media-understanding + image-generation behavior +- the bundled `elevenlabs` plugin owns ElevenLabs speech behavior +- the bundled `microsoft` plugin owns Microsoft speech behavior +- the bundled `google` plugin owns Google model-provider behavior plus Google + media-understanding + image-generation + web-search behavior +- the bundled `minimax`, `mistral`, `moonshot`, and `zai` plugins own their + media-understanding backends +- the `voice-call` plugin is a feature plugin: it owns call transport, tools, + CLI, routes, and runtime, but it consumes core TTS/STT capability instead of + inventing a second speech stack + +The intended end state is: + +- OpenAI lives in one plugin even if it spans text models, speech, images, and + future video +- another vendor can do the same for its own surface area +- channels do not care which vendor plugin owns the provider; they consume the + shared capability contract exposed by core + +This is the key distinction: + +- **plugin** = ownership boundary +- **capability** = core contract that multiple plugins can implement or consume + +So if OpenClaw adds a new domain such as video, the first question is not +"which provider should hardcode video handling?" The first question is "what is +the core video capability contract?" Once that contract exists, vendor plugins +can register against it and channel/feature plugins can consume it. + +If the capability does not exist yet, the right move is usually: + +1. define the missing capability in core +2. expose it through the plugin API/runtime in a typed way +3. wire channels/features against that capability +4. let vendor plugins register implementations + +This keeps ownership explicit while avoiding core behavior that depends on a +single vendor or a one-off plugin-specific code path. + +### Capability layering + +Use this mental model when deciding where code belongs: + +- **core capability layer**: shared orchestration, policy, fallback, config + merge rules, delivery semantics, and typed contracts +- **vendor plugin layer**: vendor-specific APIs, auth, model catalogs, speech + synthesis, image generation, future video backends, usage endpoints +- **channel/feature plugin layer**: Slack/Discord/voice-call/etc. integration + that consumes core capabilities and presents them on a surface + +For example, TTS follows this shape: + +- core owns reply-time TTS policy, fallback order, prefs, and channel delivery +- `openai`, `elevenlabs`, and `microsoft` own synthesis implementations +- `voice-call` consumes the telephony TTS runtime helper + +That same pattern should be preferred for future capabilities. + +### Multi-capability company plugin example + +A company plugin should feel cohesive from the outside. If OpenClaw has shared +contracts for models, speech, media understanding, and web search, a vendor can +own all of its surfaces in one place: + +```ts +import type { OpenClawPluginDefinition } from "openclaw/plugin-sdk"; +import { + buildOpenAISpeechProvider, + createPluginBackedWebSearchProvider, + describeImageWithModel, + transcribeOpenAiCompatibleAudio, +} from "openclaw/plugin-sdk"; + +const plugin: OpenClawPluginDefinition = { + id: "exampleai", + name: "ExampleAI", + register(api) { + api.registerProvider({ + id: "exampleai", + // auth/model catalog/runtime hooks + }); + + api.registerSpeechProvider( + buildOpenAISpeechProvider({ + id: "exampleai", + // vendor speech config + }), + ); + + api.registerMediaUnderstandingProvider({ + id: "exampleai", + capabilities: ["image", "audio", "video"], + async describeImage(req) { + return describeImageWithModel({ + provider: "exampleai", + model: req.model, + input: req.input, + }); + }, + async transcribeAudio(req) { + return transcribeOpenAiCompatibleAudio({ + provider: "exampleai", + model: req.model, + input: req.input, + }); + }, + }); + + api.registerWebSearchProvider( + createPluginBackedWebSearchProvider({ + id: "exampleai-search", + // credential + fetch logic + }), + ); + }, +}; + +export default plugin; +``` + +What matters is not the exact helper names. The shape matters: + +- one plugin owns the vendor surface +- core still owns the capability contracts +- channels and feature plugins consume `api.runtime.*` helpers, not vendor code +- contract tests can assert that the plugin registered the capabilities it + claims to own + +### Capability example: video understanding + +OpenClaw already treats image/audio/video understanding as one shared +capability. The same ownership model applies there: + +1. core defines the media-understanding contract +2. vendor plugins register `describeImage`, `transcribeAudio`, and + `describeVideo` as applicable +3. channels and feature plugins consume the shared core behavior instead of + wiring directly to vendor code + +That avoids baking one provider's video assumptions into core. The plugin owns +the vendor surface; core owns the capability contract and fallback behavior. + +If OpenClaw adds a new domain later, such as video generation, use the same +sequence again: define the core capability first, then let vendor plugins +register implementations against it. + +Need a concrete rollout checklist? See +[Capability Cookbook](/tools/capability-cookbook). + ## Compatible bundles OpenClaw also recognizes two compatible external bundle layouts: @@ -124,18 +380,23 @@ plugins: OpenClaw skill loader - supported now: Claude bundle `settings.json` defaults for embedded Pi agent settings (with shell override keys sanitized) +- supported now: bundle MCP config, merged into embedded Pi agent settings as + `mcpServers`, with supported stdio bundle MCP tools exposed during embedded + Pi agent turns - supported now: Cursor `.cursor/commands/*.md` roots, mapped into the normal OpenClaw skill loader - supported now: Codex bundle hook directories that use the OpenClaw hook-pack layout (`HOOK.md` + `handler.ts`/`handler.js`) - detected but not wired yet: other declared bundle capabilities such as - agents, Claude hook automation, Cursor rules/hooks/MCP metadata, MCP/app/LSP + agents, Claude hook automation, Cursor rules/hooks metadata, app/LSP metadata, output styles That means bundle install/discovery/list/info/enablement all work, and bundle skills, Claude command-skills, Claude bundle settings defaults, and compatible -Codex hook directories load when the bundle is enabled, but bundle runtime code -is not executed in-process. +Codex hook directories load when the bundle is enabled. Supported bundle MCP +servers may also run as subprocesses for embedded Pi tool calls when they use +supported stdio transport, but bundle runtime modules are not loaded +in-process. Bundle hook support is limited to the normal OpenClaw hook directory format (`HOOK.md` plus `handler.ts`/`handler.js` under the declared hook roots). @@ -193,6 +454,8 @@ Important trust note: - Model Studio provider catalog — bundled as `modelstudio` (enabled by default) - Moonshot provider runtime — bundled as `moonshot` (enabled by default) - NVIDIA provider catalog — bundled as `nvidia` (enabled by default) +- ElevenLabs speech provider — bundled as `elevenlabs` (enabled by default) +- Microsoft speech provider — bundled as `microsoft` (enabled by default; legacy `edge` input maps here) - OpenAI provider runtime — bundled as `openai` (enabled by default; owns both `openai` and `openai-codex`) - OpenCode Go provider capabilities — bundled as `opencode-go` (enabled by default) - OpenCode Zen provider capabilities — bundled as `opencode` (enabled by default) @@ -212,16 +475,24 @@ Native OpenClaw plugins are **TypeScript modules** loaded at runtime via jiti. **Config validation does not execute plugin code**; it uses the plugin manifest and JSON Schema instead. See [Plugin manifest](/plugins/manifest). -Native OpenClaw plugins can register: +Native OpenClaw plugins can register capabilities and surfaces: -- Gateway RPC methods -- Gateway HTTP routes +**Capabilities** (public plugin model): + +- Text inference providers (model catalogs, auth, runtime hooks) +- Speech providers +- Media understanding providers +- Image generation providers +- Web search providers +- Channel / messaging connectors + +**Surfaces** (supporting infrastructure): + +- Gateway RPC methods and HTTP routes - Agent tools - CLI commands - Background services - Context engines -- Provider auth flows and model catalogs -- Provider runtime hooks for dynamic model ids, transport normalization, capability metadata, stream wrapping, cache TTL policy, missing-auth hints, built-in model suppression, catalog augmentation, runtime auth exchange, and usage/billing auth + snapshot resolution - Optional config validation - **Skills** (by listing `skills` directories in the plugin manifest) - **Auto-reply commands** (execute without invoking the AI agent) @@ -229,6 +500,106 @@ Native OpenClaw plugins can register: Native OpenClaw plugins run **in‑process** with the Gateway, so treat them as trusted code. Tool authoring guide: [Plugin agent tools](/plugins/agent-tools). +Think of these registrations as **capability claims**. A plugin is not supposed +to reach into random internals and "just make it work." It should register +against explicit surfaces that OpenClaw understands, validates, and can expose +consistently across config, onboarding, status, docs, and runtime behavior. + +## Contracts and enforcement + +The plugin API surface is intentionally typed and centralized in +`OpenClawPluginApi`. That contract defines the supported registration points and +the runtime helpers a plugin may rely on. + +Why this matters: + +- plugin authors get one stable internal standard +- core can reject duplicate ownership such as two plugins registering the same + provider id +- startup can surface actionable diagnostics for malformed registration +- contract tests can enforce bundled-plugin ownership and prevent silent drift + +There are two layers of enforcement: + +1. **runtime registration enforcement** + The plugin registry validates registrations as plugins load. Examples: + duplicate provider ids, duplicate speech provider ids, and malformed + registrations produce plugin diagnostics instead of undefined behavior. +2. **contract tests** + Bundled plugins are captured in contract registries during test runs so + OpenClaw can assert ownership explicitly. Today this is used for model + providers, speech providers, web search providers, and bundled registration + ownership. + +The practical effect is that OpenClaw knows, up front, which plugin owns which +surface. That lets core and channels compose seamlessly because ownership is +declared, typed, and testable rather than implicit. + +### What belongs in a contract + +Good plugin contracts are: + +- typed +- small +- capability-specific +- owned by core +- reusable by multiple plugins +- consumable by channels/features without vendor knowledge + +Bad plugin contracts are: + +- vendor-specific policy hidden in core +- one-off plugin escape hatches that bypass the registry +- channel code reaching straight into a vendor implementation +- ad hoc runtime objects that are not part of `OpenClawPluginApi` or + `api.runtime` + +When in doubt, raise the abstraction level: define the capability first, then +let plugins plug into it. + +## Export boundary + +OpenClaw exports capabilities, not implementation convenience. + +Keep capability registration public. Trim non-contract helper exports: + +- bundled-plugin-specific helper subpaths +- runtime plumbing subpaths not intended as public API +- vendor-specific convenience helpers +- setup/onboarding helpers that are implementation details + +## Plugin inspection + +Use `openclaw plugins inspect ` for deep plugin introspection. This is the +canonical command for understanding a plugin's shape and registration behavior. + +```bash +openclaw plugins inspect openai +openclaw plugins inspect openai --json +``` + +The inspect report shows: + +- identity, load status, source, and root +- plugin shape (plain-capability, hybrid-capability, hook-only, non-capability) +- capability mode and registered capabilities +- hooks (typed and custom), tools, commands, services +- channel registration +- config policy flags +- diagnostics +- whether the plugin uses the legacy `before_agent_start` hook +- install metadata + +Classification comes from actual registration behavior, not just static +metadata. + +Summary commands remain summary-focused: + +- `plugins list` — compact inventory +- `plugins status` — operational summary +- `doctor` — issue-focused diagnostics +- `plugins inspect` — deep detail + ## Provider runtime hooks Provider plugins now have two layers: @@ -519,25 +890,103 @@ to think of as short-lived performance caches, not persistence. ## Runtime helpers -Plugins can access selected core helpers via `api.runtime`. For telephony TTS: +Plugins can access selected core helpers via `api.runtime`. For TTS: ```ts +const clip = await api.runtime.tts.textToSpeech({ + text: "Hello from OpenClaw", + cfg: api.config, +}); + const result = await api.runtime.tts.textToSpeechTelephony({ text: "Hello from OpenClaw", cfg: api.config, }); + +const voices = await api.runtime.tts.listVoices({ + provider: "elevenlabs", + cfg: api.config, +}); ``` Notes: -- Uses core `messages.tts` configuration (OpenAI or ElevenLabs). +- `textToSpeech` returns the normal core TTS output payload for file/voice-note surfaces. +- Uses core `messages.tts` configuration and provider selection. - Returns PCM audio buffer + sample rate. Plugins must resample/encode for providers. -- Edge TTS is not supported for telephony. +- `listVoices` is optional per provider. Use it for vendor-owned voice pickers or setup flows. +- Voice listings can include richer metadata such as locale, gender, and personality tags for provider-aware pickers. +- OpenAI and ElevenLabs support telephony today. Microsoft does not. -For STT/transcription, plugins can call: +Plugins can also register speech providers via `api.registerSpeechProvider(...)`. ```ts -const { text } = await api.runtime.stt.transcribeAudioFile({ +api.registerSpeechProvider({ + id: "acme-speech", + label: "Acme Speech", + isConfigured: ({ config }) => Boolean(config.messages?.tts), + synthesize: async (req) => { + return { + audioBuffer: Buffer.from([]), + outputFormat: "mp3", + fileExtension: ".mp3", + voiceCompatible: false, + }; + }, +}); +``` + +Notes: + +- Keep TTS policy, fallback, and reply delivery in core. +- Use speech providers for vendor-owned synthesis behavior. +- Legacy Microsoft `edge` input is normalized to the `microsoft` provider id. +- The preferred ownership model is company-oriented: one vendor plugin can own + text, speech, image, and future media providers as OpenClaw adds those + capability contracts. + +For image/audio/video understanding, plugins register one typed +media-understanding provider instead of a generic key/value bag: + +```ts +api.registerMediaUnderstandingProvider({ + id: "google", + capabilities: ["image", "audio", "video"], + describeImage: async (req) => ({ text: "..." }), + transcribeAudio: async (req) => ({ text: "..." }), + describeVideo: async (req) => ({ text: "..." }), +}); +``` + +Notes: + +- Keep orchestration, fallback, config, and channel wiring in core. +- Keep vendor behavior in the provider plugin. +- Additive expansion should stay typed: new optional methods, new optional + result fields, new optional capabilities. +- If OpenClaw adds a new capability such as video generation later, define the + core capability contract first, then let vendor plugins register against it. + +For media-understanding runtime helpers, plugins can call: + +```ts +const image = await api.runtime.mediaUnderstanding.describeImageFile({ + filePath: "/tmp/inbound-photo.jpg", + cfg: api.config, + agentDir: "/tmp/agent", +}); + +const video = await api.runtime.mediaUnderstanding.describeVideoFile({ + filePath: "/tmp/inbound-video.mp4", + cfg: api.config, +}); +``` + +For audio transcription, plugins can use either the media-understanding runtime +or the older STT alias: + +```ts +const { text } = await api.runtime.mediaUnderstanding.transcribeAudioFile({ filePath: "/tmp/inbound-audio.ogg", cfg: api.config, // Optional when MIME cannot be inferred reliably: @@ -547,8 +996,57 @@ const { text } = await api.runtime.stt.transcribeAudioFile({ Notes: +- `api.runtime.mediaUnderstanding.*` is the preferred shared surface for + image/audio/video understanding. - Uses core media-understanding audio configuration (`tools.media.audio`) and provider fallback order. - Returns `{ text: undefined }` when no transcription output is produced (for example skipped/unsupported input). +- `api.runtime.stt.transcribeAudioFile(...)` remains as a compatibility alias. + +Plugins can also launch background subagent runs through `api.runtime.subagent`: + +```ts +const result = await api.runtime.subagent.run({ + sessionKey: "agent:main:subagent:search-helper", + message: "Expand this query into focused follow-up searches.", + provider: "openai", + model: "gpt-4.1-mini", + deliver: false, +}); +``` + +Notes: + +- `provider` and `model` are optional per-run overrides, not persistent session changes. +- OpenClaw only honors those override fields for trusted callers. +- For plugin-owned fallback runs, operators must opt in with `plugins.entries..subagent.allowModelOverride: true`. +- Use `plugins.entries..subagent.allowedModels` to restrict trusted plugins to specific canonical `provider/model` targets, or `"*"` to allow any target explicitly. +- Untrusted plugin subagent runs still work, but override requests are rejected instead of silently falling back. + +For web search, plugins can consume the shared runtime helper instead of +reaching into the agent tool wiring: + +```ts +const providers = api.runtime.webSearch.listProviders({ + config: api.config, +}); + +const result = await api.runtime.webSearch.search({ + config: api.config, + args: { + query: "OpenClaw plugin runtime helpers", + count: 5, + }, +}); +``` + +Plugins can also register web-search providers via +`api.registerWebSearchProvider(...)`. + +Notes: + +- Keep provider selection, credential resolution, and shared request semantics in core. +- Use web-search providers for vendor-specific search transports. +- `api.runtime.webSearch.*` is the preferred shared surface for feature/channel plugins that need search behavior without depending on the agent tool wrapper. ## Gateway HTTP routes @@ -587,8 +1085,28 @@ Notes: Use SDK subpaths instead of the monolithic `openclaw/plugin-sdk` import when authoring plugins: -- `openclaw/plugin-sdk/core` for generic plugin APIs, provider auth types, and shared helpers such as routing/session utilities and logger-backed runtimes. -- `openclaw/plugin-sdk/compat` for bundled/internal plugin code that needs broader shared runtime helpers than `core`. +- `openclaw/plugin-sdk/core` for the smallest generic plugin-facing contract. +- Domain subpaths such as `openclaw/plugin-sdk/channel-config-helpers`, + `openclaw/plugin-sdk/channel-config-schema`, + `openclaw/plugin-sdk/channel-policy`, + `openclaw/plugin-sdk/lazy-runtime`, + `openclaw/plugin-sdk/reply-history`, + `openclaw/plugin-sdk/routing`, + `openclaw/plugin-sdk/runtime-store`, and + `openclaw/plugin-sdk/directory-runtime` for shared runtime/config helpers. +- `openclaw/plugin-sdk/compat` remains as a legacy migration surface for older + external plugins. Bundled plugins should not use it, and non-test imports emit + a one-time deprecation warning outside test environments. +- Bundled extension internals remain private. External plugins should use only + `openclaw/plugin-sdk/*` subpaths. OpenClaw core/test code may use the repo + public seams under `extensions//index.js`, `api.js`, `runtime-api.js`, + `setup-entry.js`, and narrowly scoped files such as `login-qr-api.js`. Never + import `extensions//src/*` from core or from another extension. +- Repo seam split: + `extensions//api.js` is the helper/types barrel, + `extensions//runtime-api.js` is the runtime-only barrel, + `extensions//index.js` is the bundled plugin entry, + and `extensions//setup-entry.js` is the setup plugin entry. - `openclaw/plugin-sdk/telegram` for Telegram channel plugin types and shared channel-facing helpers. Built-in Telegram implementation internals stay private to the bundled extension. - `openclaw/plugin-sdk/discord` for Discord channel plugin types and shared channel-facing helpers. Built-in Discord implementation internals stay private to the bundled extension. - `openclaw/plugin-sdk/slack` for Slack channel plugin types and shared channel-facing helpers. Built-in Slack implementation internals stay private to the bundled extension. @@ -649,8 +1167,8 @@ Compatibility note: - `openclaw/plugin-sdk` remains supported for existing external plugins. - New and migrated bundled plugins should use channel or extension-specific - subpaths; use `core` for generic surfaces and `compat` only when broader - shared helpers are required. + subpaths; use `core` plus explicit domain subpaths for generic surfaces, and + treat `compat` as migration-only. ## Read-only channel inspection @@ -1110,12 +1628,109 @@ Plugins export either: - `on(...)` for typed lifecycle hooks - `registerChannel` - `registerProvider` +- `registerSpeechProvider` +- `registerMediaUnderstandingProvider` +- `registerWebSearchProvider` - `registerHttpRoute` - `registerCommand` - `registerCli` - `registerContextEngine` - `registerService` +In practice, `register(api)` is also where a plugin declares **ownership**. +That ownership should map cleanly to either: + +- a vendor surface such as OpenAI, ElevenLabs, or Microsoft +- a feature surface such as Voice Call + +Avoid splitting one vendor's capabilities across unrelated plugins unless there +is a strong product reason to do so. The default should be one plugin per +vendor/feature, with core capability contracts separating shared orchestration +from vendor-specific behavior. + +## Adding a new capability + +When a plugin needs behavior that does not fit the current API, do not bypass +the plugin system with a private reach-in. Add the missing capability. + +Recommended sequence: + +1. define the core contract + Decide what shared behavior core should own: policy, fallback, config merge, + lifecycle, channel-facing semantics, and runtime helper shape. +2. add typed plugin registration/runtime surfaces + Extend `OpenClawPluginApi` and/or `api.runtime` with the smallest useful + typed seam. +3. wire core + channel/feature consumers + Channels and feature plugins should consume the new capability through core, + not by importing a vendor implementation directly. +4. register vendor implementations + Vendor plugins then register their backends against the capability. +5. add contract coverage + Add tests so ownership and registration shape stay explicit over time. + +This is how OpenClaw stays opinionated without becoming hardcoded to one +provider's worldview. + +### Capability checklist + +When you add a new capability, the implementation should usually touch these +surfaces together: + +- core contract types in `src//types.ts` +- core runner/runtime helper in `src//runtime.ts` +- plugin API registration surface in `src/plugins/types.ts` +- plugin registry wiring in `src/plugins/registry.ts` +- plugin runtime exposure in `src/plugins/runtime/*` when feature/channel + plugins need to consume it +- capture/test helpers in `src/test-utils/plugin-registration.ts` +- ownership/contract assertions in `src/plugins/contracts/registry.ts` +- operator/plugin docs in `docs/` + +If one of those surfaces is missing, that is usually a sign the capability is +not fully integrated yet. + +### Capability template + +Minimal pattern: + +```ts +// core contract +export type VideoGenerationProviderPlugin = { + id: string; + label: string; + generateVideo: (req: VideoGenerationRequest) => Promise; +}; + +// plugin API +api.registerVideoGenerationProvider({ + id: "openai", + label: "OpenAI", + async generateVideo(req) { + return await generateOpenAiVideo(req); + }, +}); + +// shared runtime helper for feature/channel plugins +const clip = await api.runtime.videoGeneration.generateFile({ + prompt: "Show the robot walking through the lab.", + cfg, +}); +``` + +Contract test pattern: + +```ts +expect(findVideoGenerationProviderIdsForPlugin("openai")).toEqual(["openai"]); +``` + +That keeps the rule simple: + +- core owns the capability contract + orchestration +- vendor plugins own vendor implementations +- feature/channel plugins consume runtime helpers +- contract tests keep ownership explicit + Context engine plugins can also register a runtime-owned context manager: ```ts diff --git a/docs/tools/skills-config.md b/docs/tools/skills-config.md index 589d464bb13..697cb46dad6 100644 --- a/docs/tools/skills-config.md +++ b/docs/tools/skills-config.md @@ -24,7 +24,7 @@ All skills-related configuration lives under `skills` in `~/.openclaw/openclaw.j nodeManager: "npm", // npm | pnpm | yarn | bun (Gateway runtime still Node; bun not recommended) }, entries: { - "nano-banana-pro": { + "image-lab": { enabled: true, apiKey: { source: "env", provider: "default", id: "GEMINI_API_KEY" }, // or plaintext string env: { @@ -38,6 +38,10 @@ All skills-related configuration lives under `skills` in `~/.openclaw/openclaw.j } ``` +For built-in image generation/editing, prefer `agents.defaults.imageGenerationModel` +plus the core `image_generate` tool. `skills.entries.*` is only for custom or +third-party skill workflows. + ## Fields - `allowBundled`: optional allowlist for **bundled** skills only. When set, only diff --git a/docs/tools/skills.md b/docs/tools/skills.md index 05369677b89..5b91d79af59 100644 --- a/docs/tools/skills.md +++ b/docs/tools/skills.md @@ -81,8 +81,8 @@ that up as `/skills` on the next session. ```markdown --- -name: nano-banana-pro -description: Generate or edit images via Gemini 3 Pro Image +name: image-lab +description: Generate or edit images via a provider-backed image workflow --- ``` @@ -109,8 +109,8 @@ OpenClaw **filters skills at load time** using `metadata` (single-line JSON): ```markdown --- -name: nano-banana-pro -description: Generate or edit images via Gemini 3 Pro Image +name: image-lab +description: Generate or edit images via a provider-backed image workflow metadata: { "openclaw": @@ -194,7 +194,7 @@ Bundled/managed skills can be toggled and supplied with env values: { skills: { entries: { - "nano-banana-pro": { + "image-lab": { enabled: true, apiKey: { source: "env", provider: "default", id: "GEMINI_API_KEY" }, // or plaintext string env: { @@ -214,6 +214,10 @@ Bundled/managed skills can be toggled and supplied with env values: Note: if the skill name contains hyphens, quote the key (JSON5 allows quoted keys). +If you want stock image generation/editing inside OpenClaw itself, use the core +`image_generate` tool with `agents.defaults.imageGenerationModel` instead of a +bundled skill. Skill examples here are for custom or third-party workflows. + Config keys match the **skill name** by default. If a skill defines `metadata.openclaw.skillKey`, use that key under `skills.entries`. diff --git a/docs/tools/slash-commands.md b/docs/tools/slash-commands.md index 19072342b20..c62612d312b 100644 --- a/docs/tools/slash-commands.md +++ b/docs/tools/slash-commands.md @@ -36,6 +36,8 @@ They run immediately, are stripped before the model sees the message, and the re bash: false, bashForegroundMs: 2000, config: false, + mcp: false, + plugins: false, debug: false, restart: false, allowFrom: { @@ -59,6 +61,8 @@ They run immediately, are stripped before the model sees the message, and the re - `commands.bash` (default `false`) enables `! ` to run host shell commands (`/bash ` is an alias; requires `tools.elevated` allowlists). - `commands.bashForegroundMs` (default `2000`) controls how long bash waits before switching to background mode (`0` backgrounds immediately). - `commands.config` (default `false`) enables `/config` (reads/writes `openclaw.json`). +- `commands.mcp` (default `false`) enables `/mcp` (reads/writes OpenClaw-managed MCP config under `mcp.servers`). +- `commands.plugins` (default `false`) enables `/plugins` (plugin discovery/status plus enable/disable toggles). - `commands.debug` (default `false`) enables `/debug` (runtime-only overrides). - `commands.allowFrom` (optional) sets a per-provider allowlist for command authorization. When configured, it is the only authorization source for commands and directives (channel allowlists/pairing and `commands.useAccessGroups` @@ -90,6 +94,8 @@ Text + native (when enabled): - `/steer ` (steer a running sub-agent immediately: in-run when possible, otherwise abort current work and restart on the steer message) - `/tell ` (alias for `/steer`) - `/config show|get|set|unset` (persist config to disk, owner-only; requires `commands.config: true`) +- `/mcp show|get|set|unset` (manage OpenClaw MCP server config, owner-only; requires `commands.mcp: true`) +- `/plugins list|show|get|enable|disable` (inspect discovered plugins and toggle enablement, owner-only for writes; requires `commands.plugins: true`) - `/debug show|set|unset|reset` (runtime overrides, owner-only; requires `commands.debug: true`) - `/usage off|tokens|full|cost` (per-response usage footer or local cost summary) - `/tts off|always|inbound|tagged|status|provider|limit|summary|audio` (control TTS; see [/tts](/tts)) @@ -214,6 +220,44 @@ Notes: - Config is validated before write; invalid changes are rejected. - `/config` updates persist across restarts. +## MCP updates + +`/mcp` writes OpenClaw-managed MCP server definitions under `mcp.servers`. Owner-only. Disabled by default; enable with `commands.mcp: true`. + +Examples: + +```text +/mcp show +/mcp show context7 +/mcp set context7={"command":"uvx","args":["context7-mcp"]} +/mcp unset context7 +``` + +Notes: + +- `/mcp` stores config in OpenClaw config, not Pi-owned project settings. +- Runtime adapters decide which transports are actually executable. + +## Plugin updates + +`/plugins` lets operators inspect discovered plugins and toggle enablement in config. Read-only flows can use `/plugin` as an alias. Disabled by default; enable with `commands.plugins: true`. + +Examples: + +```text +/plugins +/plugins list +/plugin show context7 +/plugins enable context7 +/plugins disable context7 +``` + +Notes: + +- `/plugins list` and `/plugins show` use real plugin discovery against the current workspace plus on-disk config. +- `/plugins enable|disable` updates plugin config only; it does not install or uninstall plugins. +- After enable/disable changes, restart the gateway to apply them. + ## Surface notes - **Text commands** run in the normal chat session (DMs share `main`, groups have their own session). diff --git a/docs/tts.md b/docs/tts.md index 682bbfbd53a..4fe0da77e0a 100644 --- a/docs/tts.md +++ b/docs/tts.md @@ -9,26 +9,27 @@ title: "Text-to-Speech" # Text-to-speech (TTS) -OpenClaw can convert outbound replies into audio using ElevenLabs, OpenAI, or Edge TTS. +OpenClaw can convert outbound replies into audio using ElevenLabs, Microsoft, or OpenAI. It works anywhere OpenClaw can send audio; Telegram gets a round voice-note bubble. ## Supported services - **ElevenLabs** (primary or fallback provider) +- **Microsoft** (primary or fallback provider; current bundled implementation uses `node-edge-tts`, default when no API keys) - **OpenAI** (primary or fallback provider; also used for summaries) -- **Edge TTS** (primary or fallback provider; uses `node-edge-tts`, default when no API keys) -### Edge TTS notes +### Microsoft speech notes -Edge TTS uses Microsoft Edge's online neural TTS service via the `node-edge-tts` -library. It's a hosted service (not local), uses Microsoft’s endpoints, and does -not require an API key. `node-edge-tts` exposes speech configuration options and -output formats, but not all options are supported by the Edge service. citeturn2search0 +The bundled Microsoft speech provider currently uses Microsoft Edge's online +neural TTS service via the `node-edge-tts` library. It's a hosted service (not +local), uses Microsoft endpoints, and does not require an API key. +`node-edge-tts` exposes speech configuration options and output formats, but +not all options are supported by the service. Legacy config and directive input +using `edge` still works and is normalized to `microsoft`. -Because Edge TTS is a public web service without a published SLA or quota, treat it -as best-effort. If you need guaranteed limits and support, use OpenAI or ElevenLabs. -Microsoft's Speech REST API documents a 10‑minute audio limit per request; Edge TTS -does not publish limits, so assume similar or lower limits. citeturn0search3 +Because this path is a public web service without a published SLA or quota, +treat it as best-effort. If you need guaranteed limits and support, use OpenAI +or ElevenLabs. ## Optional keys @@ -37,8 +38,9 @@ If you want OpenAI or ElevenLabs: - `ELEVENLABS_API_KEY` (or `XI_API_KEY`) - `OPENAI_API_KEY` -Edge TTS does **not** require an API key. If no API keys are found, OpenClaw defaults -to Edge TTS (unless disabled via `messages.tts.edge.enabled=false`). +Microsoft speech does **not** require an API key. If no API keys are found, +OpenClaw defaults to Microsoft (unless disabled via +`messages.tts.microsoft.enabled=false` or `messages.tts.edge.enabled=false`). If multiple providers are configured, the selected provider is used first and the others are fallback options. Auto-summary uses the configured `summaryModel` (or `agents.defaults.model.primary`), @@ -58,7 +60,7 @@ so that provider must also be authenticated if you enable summaries. No. Auto‑TTS is **off** by default. Enable it in config with `messages.tts.auto` or per session with `/tts always` (alias: `/tts on`). -Edge TTS **is** enabled by default once TTS is on, and is used automatically +Microsoft speech **is** enabled by default once TTS is on, and is used automatically when no OpenAI or ElevenLabs API keys are available. ## Config @@ -118,15 +120,15 @@ Full schema is in [Gateway configuration](/gateway/configuration). } ``` -### Edge TTS primary (no API key) +### Microsoft primary (no API key) ```json5 { messages: { tts: { auto: "always", - provider: "edge", - edge: { + provider: "microsoft", + microsoft: { enabled: true, voice: "en-US-MichelleNeural", lang: "en-US", @@ -139,13 +141,13 @@ Full schema is in [Gateway configuration](/gateway/configuration). } ``` -### Disable Edge TTS +### Disable Microsoft speech ```json5 { messages: { tts: { - edge: { + microsoft: { enabled: false, }, }, @@ -205,9 +207,10 @@ Then run: - `tagged` only sends audio when the reply includes `[[tts]]` tags. - `enabled`: legacy toggle (doctor migrates this to `auto`). - `mode`: `"final"` (default) or `"all"` (includes tool/block replies). -- `provider`: `"elevenlabs"`, `"openai"`, or `"edge"` (fallback is automatic). +- `provider`: speech provider id such as `"elevenlabs"`, `"microsoft"`, or `"openai"` (fallback is automatic). - If `provider` is **unset**, OpenClaw prefers `openai` (if key), then `elevenlabs` (if key), - otherwise `edge`. + otherwise `microsoft`. +- Legacy `provider: "edge"` still works and is normalized to `microsoft`. - `summaryModel`: optional cheap model for auto-summary; defaults to `agents.defaults.model.primary`. - Accepts `provider/model` or a configured model alias. - `modelOverrides`: allow the model to emit TTS directives (on by default). @@ -227,15 +230,16 @@ Then run: - `elevenlabs.applyTextNormalization`: `auto|on|off` - `elevenlabs.languageCode`: 2-letter ISO 639-1 (e.g. `en`, `de`) - `elevenlabs.seed`: integer `0..4294967295` (best-effort determinism) -- `edge.enabled`: allow Edge TTS usage (default `true`; no API key). -- `edge.voice`: Edge neural voice name (e.g. `en-US-MichelleNeural`). -- `edge.lang`: language code (e.g. `en-US`). -- `edge.outputFormat`: Edge output format (e.g. `audio-24khz-48kbitrate-mono-mp3`). - - See Microsoft Speech output formats for valid values; not all formats are supported by Edge. -- `edge.rate` / `edge.pitch` / `edge.volume`: percent strings (e.g. `+10%`, `-5%`). -- `edge.saveSubtitles`: write JSON subtitles alongside the audio file. -- `edge.proxy`: proxy URL for Edge TTS requests. -- `edge.timeoutMs`: request timeout override (ms). +- `microsoft.enabled`: allow Microsoft speech usage (default `true`; no API key). +- `microsoft.voice`: Microsoft neural voice name (e.g. `en-US-MichelleNeural`). +- `microsoft.lang`: language code (e.g. `en-US`). +- `microsoft.outputFormat`: Microsoft output format (e.g. `audio-24khz-48kbitrate-mono-mp3`). + - See Microsoft Speech output formats for valid values; not all formats are supported by the bundled Edge-backed transport. +- `microsoft.rate` / `microsoft.pitch` / `microsoft.volume`: percent strings (e.g. `+10%`, `-5%`). +- `microsoft.saveSubtitles`: write JSON subtitles alongside the audio file. +- `microsoft.proxy`: proxy URL for Microsoft speech requests. +- `microsoft.timeoutMs`: request timeout override (ms). +- `edge.*`: legacy alias for the same Microsoft settings. ## Model-driven overrides (default on) @@ -260,7 +264,7 @@ Here you go. Available directive keys (when enabled): -- `provider` (`openai` | `elevenlabs` | `edge`, requires `allowProvider: true`) +- `provider` (registered speech provider id, for example `openai`, `elevenlabs`, or `microsoft`; requires `allowProvider: true`) - `voice` (OpenAI voice) or `voiceId` (ElevenLabs) - `model` (OpenAI TTS model or ElevenLabs model id) - `stability`, `similarityBoost`, `style`, `speed`, `useSpeakerBoost` @@ -319,13 +323,12 @@ These override `messages.tts.*` for that host. - 48kHz / 64kbps is a good voice-note tradeoff and required for the round bubble. - **Other channels**: MP3 (`mp3_44100_128` from ElevenLabs, `mp3` from OpenAI). - 44.1kHz / 128kbps is the default balance for speech clarity. -- **Edge TTS**: uses `edge.outputFormat` (default `audio-24khz-48kbitrate-mono-mp3`). - - `node-edge-tts` accepts an `outputFormat`, but not all formats are available - from the Edge service. citeturn2search0 - - Output format values follow Microsoft Speech output formats (including Ogg/WebM Opus). citeturn1search0 +- **Microsoft**: uses `microsoft.outputFormat` (default `audio-24khz-48kbitrate-mono-mp3`). + - The bundled transport accepts an `outputFormat`, but not all formats are available from the service. + - Output format values follow Microsoft Speech output formats (including Ogg/WebM Opus). - Telegram `sendVoice` accepts OGG/MP3/M4A; use OpenAI/ElevenLabs if you need guaranteed Opus voice notes. citeturn1search1 - - If the configured Edge output format fails, OpenClaw retries with MP3. + - If the configured Microsoft output format fails, OpenClaw retries with MP3. OpenAI/ElevenLabs formats are fixed; Telegram expects Opus for voice-note UX. diff --git a/docs/web/control-ui.md b/docs/web/control-ui.md index 204d68605d2..9e156bb339a 100644 --- a/docs/web/control-ui.md +++ b/docs/web/control-ui.md @@ -28,7 +28,7 @@ Auth is supplied during the WebSocket handshake via: - `connect.params.auth.token` - `connect.params.auth.password` The dashboard settings panel keeps a token for the current browser tab session and selected gateway URL; passwords are not persisted. - The setup wizard generates a gateway token by default, so paste it here on first connect. + Onboarding generates a gateway token by default, so paste it here on first connect. ## Device pairing (first connection) @@ -242,7 +242,7 @@ http://localhost:5173/?gatewayUrl=wss://:18789#token=] 选项: - `--workspace `:智能体工作区路径(默认 `~/.openclaw/workspace`)。 -- `--wizard`:运行设置向导。 -- `--non-interactive`:无提示运行向导。 -- `--mode `:向导模式。 +- `--wizard`:运行新手引导。 +- `--non-interactive`:无提示运行新手引导。 +- `--mode `:新手引导模式。 - `--remote-url `:远程 Gateway 网关 URL。 - `--remote-token `:远程 Gateway 网关 token。 -只要存在任意向导标志(`--non-interactive`, `--mode`, `--remote-url`, `--remote-token`),就会自动运行向导。 +只要存在任意新手引导标志(`--non-interactive`, `--mode`, `--remote-url`, `--remote-token`),就会自动运行新手引导。 ### `onboard` -用于设置 gateway、工作区和 Skills 的交互式向导。 +用于设置 gateway、工作区和 Skills 的交互式新手引导。 选项: - `--workspace ` -- `--reset`(在运行向导前重置配置 + 凭据 + 会话) +- `--reset`(在运行新手引导前重置配置 + 凭据 + 会话) - `--reset-scope `(默认 `config+creds+sessions`;使用 `full` 还会删除工作区) - `--non-interactive` - `--mode ` diff --git a/docs/zh-CN/cli/onboard.md b/docs/zh-CN/cli/onboard.md index 66588b9d795..1cee84571c9 100644 --- a/docs/zh-CN/cli/onboard.md +++ b/docs/zh-CN/cli/onboard.md @@ -1,7 +1,7 @@ --- read_when: - 你想通过引导式设置来配置 Gateway 网关、工作区、身份验证、渠道和 Skills -summary: "`openclaw onboard` 的 CLI 参考(交互式设置向导)" +summary: "`openclaw onboard` 的 CLI 参考(交互式新手引导)" title: onboard x-i18n: generated_at: "2026-03-16T06:21:32Z" @@ -14,11 +14,11 @@ x-i18n: # `openclaw onboard` -交互式设置向导(本地或远程 Gateway 网关设置)。 +交互式新手引导(本地或远程 Gateway 网关设置)。 ## 相关指南 -- CLI 新手引导中心:[设置向导(CLI)](/start/wizard) +- CLI 新手引导中心:[CLI 新手引导](/start/wizard) - 新手引导概览:[新手引导概览](/start/onboarding-overview) - CLI 新手引导参考:[CLI 设置参考](/start/wizard-cli-reference) - CLI 自动化:[CLI 自动化](/start/wizard-cli-automation) diff --git a/docs/zh-CN/cli/setup.md b/docs/zh-CN/cli/setup.md index 18936b3bd24..6aa0fe99c3a 100644 --- a/docs/zh-CN/cli/setup.md +++ b/docs/zh-CN/cli/setup.md @@ -1,6 +1,6 @@ --- read_when: - - 你正在进行首次运行设置,但不使用完整的设置向导 + - 你正在进行首次运行设置,但不使用完整的 CLI 新手引导 - 你想设置默认工作区路径 summary: "`openclaw setup` 的 CLI 参考(初始化配置 + 工作区)" title: setup @@ -20,7 +20,7 @@ x-i18n: 相关内容: - 入门指南:[入门指南](/start/getting-started) -- 向导:[新手引导](/start/onboarding) +- CLI 新手引导:[CLI 新手引导](/start/wizard) ## 示例 @@ -29,7 +29,7 @@ openclaw setup openclaw setup --workspace ~/.openclaw/workspace ``` -通过 setup 运行向导: +通过 setup 运行新手引导: ```bash openclaw setup --wizard diff --git a/docs/zh-CN/help/faq.md b/docs/zh-CN/help/faq.md index 8543ea01f22..18b936e2cc8 100644 --- a/docs/zh-CN/help/faq.md +++ b/docs/zh-CN/help/faq.md @@ -39,7 +39,7 @@ x-i18n: - [如何在 VPS 上安装 OpenClaw?](#how-do-i-install-openclaw-on-a-vps) - [云/VPS 安装指南在哪里?](#where-are-the-cloudvps-install-guides) - [可以让 OpenClaw 自行更新吗?](#can-i-ask-openclaw-to-update-itself) - - [新手引导向导具体做了什么?](#what-does-the-onboarding-wizard-actually-do) + - [新手引导具体做了什么?](#新手引导具体做了什么) - [运行 OpenClaw 需要 Claude 或 OpenAI 订阅吗?](#do-i-need-a-claude-or-openai-subscription-to-run-this) - [能否使用 Claude Max 订阅而不需要 API 密钥?](#can-i-use-claude-max-subscription-without-an-api-key) - [Anthropic "setup-token" 认证如何工作?](#how-does-anthropic-setuptoken-auth-work) @@ -310,14 +310,14 @@ openclaw doctor ### 安装和设置 OpenClaw 的推荐方式是什么 -仓库推荐从源码运行并使用新手引导向导: +仓库推荐从源码运行并使用新手引导: ```bash curl -fsSL https://openclaw.ai/install.sh | bash openclaw onboard --install-daemon ``` -向导还可以自动构建 UI 资源。新手引导后,通常在端口 **18789** 上运行 Gateway 网关。 +新手引导还可以自动构建 UI 资源。新手引导后,通常在端口 **18789** 上运行 Gateway 网关。 从源码安装(贡献者/开发者): @@ -334,7 +334,7 @@ openclaw onboard ### 新手引导后如何打开仪表板 -向导现在会在新手引导完成后立即使用带令牌的仪表板 URL 打开浏览器,并在摘要中打印完整链接(带令牌)。保持该标签页打开;如果没有自动启动,请在同一台机器上复制/粘贴打印的 URL。令牌保持在本地主机上——不会从浏览器获取任何内容。 +新手引导现在会在完成后立即使用带令牌的仪表板 URL 打开浏览器,并在摘要中打印完整链接(带令牌)。保持该标签页打开;如果没有自动启动,请在同一台机器上复制/粘贴打印的 URL。令牌保持在本地主机上,不会从浏览器获取任何内容。 ### 如何在本地和远程环境中验证仪表板令牌 @@ -562,7 +562,7 @@ curl -fsSL https://openclaw.ai/install.sh | bash -s -- --install-method git ### 如何在 Linux 上安装 OpenClaw -简短回答:按照 Linux 指南操作,然后运行新手引导向导。 +简短回答:按照 Linux 指南操作,然后运行新手引导。 - Linux 快速路径 + 服务安装:[Linux](/platforms/linux)。 - 完整指南:[入门](/start/getting-started)。 @@ -614,7 +614,7 @@ openclaw gateway restart 文档:[更新](/cli/update)、[更新指南](/install/updating)。 -### 新手引导向导具体做了什么 +### 新手引导具体做了什么 `openclaw onboard` 是推荐的设置路径。在**本地模式**下,它引导你完成: @@ -642,7 +642,7 @@ Claude Pro/Max 订阅**不包含 API 密钥**,因此这是订阅账户的正 ### Anthropic setup-token 认证如何工作 -`claude setup-token` 通过 Claude Code CLI 生成一个**令牌字符串**(在 Web 控制台中不可用)。你可以在**任何机器**上运行它。在向导中选择 **Anthropic token (paste setup-token)** 或使用 `openclaw models auth paste-token --provider anthropic` 粘贴。令牌作为 **anthropic** 提供商的认证配置文件存储,像 API 密钥一样使用(无自动刷新)。更多详情:[OAuth](/concepts/oauth)。 +`claude setup-token` 通过 Claude Code CLI 生成一个**令牌字符串**(在 Web 控制台中不可用)。你可以在**任何机器**上运行它。在新手引导中选择 **Anthropic token (paste setup-token)** 或使用 `openclaw models auth paste-token --provider anthropic` 粘贴。令牌作为 **anthropic** 提供商的认证配置文件存储,像 API 密钥一样使用(无自动刷新)。更多详情:[OAuth](/concepts/oauth)。 ### 在哪里获取 Anthropic setup-token @@ -652,7 +652,7 @@ Claude Pro/Max 订阅**不包含 API 密钥**,因此这是订阅账户的正 claude setup-token ``` -复制它打印的令牌,然后在向导中选择 **Anthropic token (paste setup-token)**。如果你想在 Gateway 网关主机上运行,使用 `openclaw models auth setup-token --provider anthropic`。如果你在其他地方运行了 `claude setup-token`,在 Gateway 网关主机上使用 `openclaw models auth paste-token --provider anthropic` 粘贴。参阅 [Anthropic](/providers/anthropic)。 +复制它打印的令牌,然后在新手引导中选择 **Anthropic token (paste setup-token)**。如果你想在 Gateway 网关主机上运行,使用 `openclaw models auth setup-token --provider anthropic`。如果你在其他地方运行了 `claude setup-token`,在 Gateway 网关主机上使用 `openclaw models auth paste-token --provider anthropic` 粘贴。参阅 [Anthropic](/providers/anthropic)。 ### 是否支持 Claude 订阅认证(Claude Pro/Max) @@ -673,13 +673,13 @@ claude setup-token ### Codex 认证如何工作 -OpenClaw 通过 OAuth(ChatGPT 登录)支持 **OpenAI Code (Codex)**。向导可以运行 OAuth 流程,并在适当时将默认模型设置为 `openai-codex/gpt-5.2`。参阅[模型提供商](/concepts/model-providers)和[向导](/start/wizard)。 +OpenClaw 通过 OAuth(ChatGPT 登录)支持 **OpenAI Code (Codex)**。新手引导可以运行 OAuth 流程,并在适当时将默认模型设置为 `openai-codex/gpt-5.2`。参阅[模型提供商](/concepts/model-providers)和[CLI 新手引导](/start/wizard)。 ### 是否支持 OpenAI 订阅认证(Codex OAuth) -是的。OpenClaw 完全支持 **OpenAI Code (Codex) 订阅 OAuth**。新手引导向导可以为你运行 OAuth 流程。 +是的。OpenClaw 完全支持 **OpenAI Code (Codex) 订阅 OAuth**。新手引导可以为你运行 OAuth 流程。 -参阅 [OAuth](/concepts/oauth)、[模型提供商](/concepts/model-providers)和[向导](/start/wizard)。 +参阅 [OAuth](/concepts/oauth)、[模型提供商](/concepts/model-providers)和[CLI 新手引导](/start/wizard)。 ### 如何设置 Gemini CLI OAuth @@ -1632,7 +1632,7 @@ openclaw onboard --install-daemon 注意: -- 新手引导向导在看到现有配置时也提供**重置**选项。参阅[向导](/start/wizard)。 +- 新手引导在看到现有配置时也提供**重置**选项。参阅[CLI 新手引导](/start/wizard)。 - 如果你使用了配置文件(`--profile` / `OPENCLAW_PROFILE`),重置每个状态目录(默认为 `~/.openclaw-`)。 - 开发重置:`openclaw gateway --dev --reset`(仅限开发;清除开发配置 + 凭据 + 会话 + 工作区)。 diff --git a/docs/zh-CN/index.md b/docs/zh-CN/index.md index 3999dc6fda4..1444fd2f3da 100644 --- a/docs/zh-CN/index.md +++ b/docs/zh-CN/index.md @@ -40,7 +40,7 @@ x-i18n: 安装 OpenClaw 并在几分钟内启动 Gateway 网关。 - + 通过 `openclaw onboard` 和配对流程进行引导式设置。 diff --git a/docs/zh-CN/start/getting-started.md b/docs/zh-CN/start/getting-started.md index 39e3fb3829f..0707dd7b1d0 100644 --- a/docs/zh-CN/start/getting-started.md +++ b/docs/zh-CN/start/getting-started.md @@ -60,13 +60,13 @@ x-i18n: - + ```bash openclaw onboard --install-daemon ``` - 向导会配置认证、Gateway 网关设置和可选渠道。 - 详情请参见 [Setup Wizard](/start/wizard)。 + 新手引导会配置认证、Gateway 网关设置和可选渠道。 + 详情请参见 [CLI 新手引导](/start/wizard)。 @@ -122,8 +122,8 @@ x-i18n: ## 深入了解 - - 完整的 CLI 向导参考和高级选项。 + + 完整的 CLI 新手引导参考和高级选项。 macOS 应用的首次运行流程。 diff --git a/docs/zh-CN/start/hubs.md b/docs/zh-CN/start/hubs.md index b303102dcc0..c5dce882420 100644 --- a/docs/zh-CN/start/hubs.md +++ b/docs/zh-CN/start/hubs.md @@ -26,7 +26,7 @@ x-i18n: - [入门指南](/start/getting-started) - [快速开始](/start/quickstart) - [新手引导](/start/onboarding) -- [向导](/start/wizard) +- [CLI 新手引导](/start/wizard) - [安装配置](/start/setup) - [仪表盘(本地 Gateway 网关)](http://127.0.0.1:18789/) - [帮助](/help) diff --git a/docs/zh-CN/start/onboarding-overview.md b/docs/zh-CN/start/onboarding-overview.md index 524bd8b33f5..ed301f41f5f 100644 --- a/docs/zh-CN/start/onboarding-overview.md +++ b/docs/zh-CN/start/onboarding-overview.md @@ -21,21 +21,21 @@ OpenClaw 支持多种新手引导路径,具体取决于 Gateway 网关运行 ## 选择你的新手引导路径 -- 适用于 macOS、Linux 和 Windows(通过 WSL2)的 **CLI 向导**。 +- 适用于 macOS、Linux 和 Windows(通过 WSL2)的 **CLI 新手引导**。 - 适用于 Apple silicon 或 Intel Mac 的 **macOS 应用**,提供引导式首次运行体验。 -## CLI 设置向导 +## CLI 新手引导 -在终端中运行向导: +在终端中运行新手引导: ```bash openclaw onboard ``` 当你希望完全控制 Gateway 网关、工作区、 -渠道和 Skills 时,请使用 CLI 向导。文档: +渠道和 Skills 时,请使用 CLI 新手引导。文档: -- [设置向导(CLI)](/start/wizard) +- [CLI 新手引导](/start/wizard) - [`openclaw onboard` 命令](/cli/onboard) ## macOS 应用新手引导 @@ -48,7 +48,7 @@ openclaw onboard 如果你需要一个未列出的端点,包括那些 公开标准 OpenAI 或 Anthropic API 的托管提供商,请在 -CLI 向导中选择 **Custom Provider**。系统会要求你: +在 CLI 新手引导中选择 **Custom Provider**。系统会要求你: - 选择兼容 OpenAI、兼容 Anthropic,或 **Unknown**(自动检测)。 - 输入基础 URL 和 API 密钥(如果提供商需要)。 diff --git a/docs/zh-CN/start/wizard.md b/docs/zh-CN/start/wizard.md index 0be36f3cdfb..b168e580b62 100644 --- a/docs/zh-CN/start/wizard.md +++ b/docs/zh-CN/start/wizard.md @@ -1,10 +1,10 @@ --- read_when: - - 运行或配置设置向导 + - 运行或配置 CLI 新手引导 - 设置一台新机器 sidebarTitle: "Onboarding: CLI" -summary: CLI 设置向导:用于 Gateway 网关、工作区、渠道和 Skills 的引导式设置 -title: 设置向导(CLI) +summary: CLI 新手引导:用于 Gateway 网关、工作区、渠道和 Skills 的引导式设置 +title: CLI 新手引导 x-i18n: generated_at: "2026-03-16T06:28:38Z" model: gpt-5.4 @@ -14,9 +14,9 @@ x-i18n: workflow: 15 --- -# 设置向导(CLI) +# CLI 新手引导 -设置向导是在 macOS、 +CLI 新手引导是在 macOS、 Linux 或 Windows(通过 WSL2;强烈推荐)上设置 OpenClaw 的**推荐**方式。 它可在一次引导式流程中配置本地 Gateway 网关或远程 Gateway 网关连接,以及渠道、Skills 和工作区默认值。 @@ -42,7 +42,7 @@ openclaw agents add -设置向导包含一个 web search 步骤,你可以选择一个提供商 +CLI 新手引导包含一个 web search 步骤,你可以选择一个提供商 (Perplexity、Brave、Gemini、Grok 或 Kimi),并粘贴你的 API 密钥,以便智能体 可以使用 `web_search`。你也可以稍后通过 `openclaw configure --section web` 进行配置。文档:[Web 工具](/tools/web)。 @@ -50,7 +50,7 @@ openclaw agents add ## 快速开始与高级模式 -向导开始时会让你选择**快速开始**(默认值)或**高级模式**(完全控制)。 +新手引导开始时会让你选择**快速开始**(默认值)或**高级模式**(完全控制)。 @@ -68,7 +68,7 @@ openclaw agents add -## 向导会配置什么 +## 新手引导会配置什么 **本地模式(默认)**会引导你完成以下步骤: @@ -91,9 +91,9 @@ openclaw agents add 7. **Skills** —— 安装推荐的 Skills 和可选依赖项。 -重新运行向导**不会**清除任何内容,除非你显式选择 **Reset**(或传入 `--reset`)。 +重新运行新手引导**不会**清除任何内容,除非你显式选择 **Reset**(或传入 `--reset`)。 CLI `--reset` 默认会重置配置、凭证和会话;如需包含工作区,请使用 `--reset-scope full`。 -如果配置无效或包含旧版键,向导会先要求你运行 `openclaw doctor`。 +如果配置无效或包含旧版键,新手引导会先要求你运行 `openclaw doctor`。 **远程模式**只会配置本地客户端以连接到其他地方的 Gateway 网关。 @@ -102,7 +102,7 @@ CLI `--reset` 默认会重置配置、凭证和会话;如需包含工作区, ## 添加另一个智能体 使用 `openclaw agents add ` 创建一个单独的智能体,它拥有自己的工作区、 -会话和认证配置文件。不带 `--workspace` 运行会启动向导。 +会话和认证配置文件。不带 `--workspace` 运行会启动新手引导。 它会设置: @@ -113,7 +113,7 @@ CLI `--reset` 默认会重置配置、凭证和会话;如需包含工作区, 说明: - 默认工作区遵循 `~/.openclaw/workspace-`。 -- 添加 `bindings` 以路由入站消息(向导可以完成这项操作)。 +- 添加 `bindings` 以路由入站消息(新手引导可以完成这项操作)。 - 非交互式标志:`--model`、`--agent-dir`、`--bind`、`--non-interactive`。 ## 完整参考 @@ -122,7 +122,7 @@ CLI `--reset` 默认会重置配置、凭证和会话;如需包含工作区, [CLI 设置参考](/start/wizard-cli-reference)。 有关非交互式示例,请参见 [CLI 自动化](/start/wizard-cli-automation)。 有关更深入的技术参考(包括 RPC 细节),请参见 -[向导参考](/reference/wizard)。 +[新手引导参考](/reference/wizard)。 ## 相关文档 diff --git a/experiments/acp-pluginification-architecture-plan.md b/experiments/acp-pluginification-architecture-plan.md new file mode 100644 index 00000000000..b055c1800ce --- /dev/null +++ b/experiments/acp-pluginification-architecture-plan.md @@ -0,0 +1,519 @@ +# Bindings Capability Architecture Plan + +Status: in progress + +## Summary + +The goal is not to move all ACP code out of core. + +The goal is to make `bindings` a small core capability, keep the ACP session kernel in core, and move ACP-specific binding policy plus codex app server policy out of core. + +That gives us a lightweight core without hiding core semantics behind plugin indirection. + +## Current Conclusion + +The current architecture should converge on this split: + +- Core owns the generic binding capability. +- Core owns the generic ACP session kernel. +- Channel plugins own channel-specific binding semantics. +- ACP backend plugins own runtime protocol details. +- Product-level consumers like ACP configured bindings and the codex app server sit on top of the binding capability instead of hardcoding their own binding plumbing. + +This is different from "everything becomes a plugin". + +## Why This Changed + +The current codebase already shows that there are really three different layers: + +- binding and conversation ownership +- long-lived session and runtime-handle orchestration +- product-specific turn logic + +Those layers should not all be forced into one runtime engine. + +Today the duplication is mostly in the execution/control-plane shape, not in storage or binding plumbing: + +- the main harness has its own turn engine +- ACP has its own session control plane +- the codex app server plugin path likely owns its own app-level turn engine outside this repo + +The right move is to share the stable control-plane contracts, not to force all three into one giant executor. + +## Verified Current State + +### Generic binding pieces already exist + +- `src/infra/outbound/session-binding-service.ts` already provides a generic binding store and adapter model. +- `src/plugins/conversation-binding.ts` already lets plugins request a conversation binding and stores plugin-owned binding metadata. +- `src/plugins/types.ts` already exposes plugin-facing binding APIs. +- `src/plugins/types.ts` already exposes the generic `inbound_claim` hook. + +### ACP is only partially pluginified + +- `src/channels/plugins/configured-binding-registry.ts` now owns generic configured binding compilation and lookup. +- `src/channels/plugins/binding-routing.ts` and `src/channels/plugins/binding-targets.ts` now own the generic route and target lifecycle seams. +- ACP now plugs into that seam through `src/channels/plugins/acp-configured-binding-consumer.ts` and `src/channels/plugins/acp-stateful-target-driver.ts`. +- `src/acp/persistent-bindings.lifecycle.ts` still owns configured ACP ensure and reset behavior. +- runtime-created plugin conversation bindings still use a separate path in `src/plugins/conversation-binding.ts`. + +### Codex app server is already closer to the desired shape + +From this repo's side, the codex app server path is much thinner: + +- a plugin binds a conversation +- core stores that binding +- inbound dispatch targets the plugin's `inbound_claim` hook + +What core does not provide for the codex app server path is an ACP-like shared session kernel. If the app server needs retries, long-lived runtime handles, cancellation, or session health logic, it must own that itself today. + +## The Durable Split + +### 1. Core Binding Capability + +This should become the primary shared seam. + +Responsibilities: + +- canonical `ConversationRef` +- binding record storage +- configured binding compilation +- runtime-created binding storage +- fast binding lookup on inbound +- binding touch/unbind lifecycle +- generic dispatch handoff to the binding target + +What core binding capability must not own: + +- Discord thread rules +- Telegram topic rules +- Feishu chat rules +- ACP session orchestration +- codex app server business logic + +### 2. Core Stateful Target Kernel + +This is the small generic kernel for long-lived bound targets. + +Responsibilities: + +- ensure target ready +- run turn +- cancel turn +- close target +- reset target +- status and health +- persistence of target metadata +- retries and runtime-handle safety +- per-target serialization and concurrency + +ACP is the first real implementation of this shape. + +This kernel should stay in core because it is mandatory infrastructure and has strict startup, reset, and recovery semantics. + +### 3. Channel Binding Providers + +Each channel plugin should own the meaning of "this channel conversation maps to this binding rule". + +Responsibilities: + +- normalize configured binding targets +- normalize inbound conversations +- match inbound conversations against compiled bindings +- define channel-specific matching priority +- optionally provide binding description text for status and logs + +This is where Discord channel vs thread logic, Telegram topic rules, and Feishu conversation rules belong. + +### 4. Product Consumers + +Bindings are a shared capability. Different products should consume it differently. + +ACP configured bindings: + +- compile config rules +- resolve a target session +- ensure the ACP session is ready through the ACP kernel + +Codex app server: + +- create runtime-requested bindings +- claim inbound messages through plugin hooks +- optionally adopt the shared stateful target contract later if it really needs long-lived session orchestration + +Main harness: + +- does not need to become "a binding product" +- may eventually share small lifecycle contracts, but it should not be forced into the same engine as ACP + +## The Key Architectural Decision + +The shared abstraction should be: + +- `bindings` as the capability +- `stateful target drivers` as an optional lower-level contract + +The shared abstraction should not be: + +- "one runtime engine for main harness, ACP, and codex app server" + +That would overfit very different systems into one executor. + +## Stable Nouns + +Core should understand only stable nouns. + +The stable nouns are: + +- `ConversationRef` +- `BindingRule` +- `CompiledBinding` +- `BindingResolution` +- `BindingTargetDescriptor` +- `StatefulTargetDriver` +- `StatefulTargetHandle` + +ACP, codex app server, and future products should compile down to those nouns instead of leaking product-specific routing rules through core. + +## Proposed Capability Model + +### Binding capability + +The binding capability should support both configured bindings and runtime-created bindings. + +Required operations: + +- compile configured bindings at startup or reload +- resolve a binding from an inbound `ConversationRef` +- create a runtime binding +- touch and unbind an existing binding +- dispatch a resolved binding to its target + +### Binding target descriptor + +A resolved binding should point to a typed target descriptor rather than ad hoc ACP- or plugin-specific metadata blobs. + +The descriptor should be able to represent at least: + +- plugin-owned inbound claim targets +- stateful target drivers + +That means the same binding capability can support both: + +- codex app server plugin-bound conversations +- ACP configured bindings + +without pretending they are the same product. + +### Stateful target driver + +This is the reusable control-plane contract for long-lived bound targets. + +Required operations: + +- `ensureReady` +- `runTurn` +- `cancel` +- `close` +- `reset` +- `status` +- `health` + +ACP should remain the first built-in driver. + +If the codex app server later proves that it also needs durable session handles, it can either: + +- use a driver that consumes this contract, or +- keep its own product-owned runtime if that remains simpler + +That should be a product decision, not something forced by the binding capability. + +## Why ACP Kernel Stays In Core + +ACP's kernel should remain in core because session lifecycle, persistence, retries, cancellation, and runtime-handle safety are generic platform machinery. + +Those concerns are not channel-specific, and they are not codex-app-server-specific. + +If we move that machinery into an ordinary plugin, we create circular bootstrapping: + +- channels need it during startup and inbound routing +- reset and recovery need it when plugins may already be degraded +- failure semantics become special-case core logic anyway + +If we later wrap it in a "built-in capability module", that is still effectively core. + +## What Should Move Out Of Core + +The following should move out of ACP-shaped core code: + +- channel-specific configured binding matching +- channel-specific binding target normalization +- channel-specific recovery UX +- ACP-specific route wrapping helpers as named ACP seams +- codex app server fallback policy beyond generic plugin-bound dispatch behavior + +The following should stay: + +- generic binding storage and dispatch +- generic ACP control plane +- generic stateful target driver contract + +## Current Problems To Remove + +### Residual cleanup is now small + +Most ACP-era compatibility names are gone from the generic seam. + +The remaining cleanup is smaller: + +- `src/acp/persistent-bindings.ts` compatibility barrel can be deleted once tests stop importing it +- ACP-named tests and mocks can be renamed over time for consistency +- docs should stop describing already-removed ACP wrappers as if they still exist + +### Configured binding implementation is still too monolithic + +`src/channels/plugins/configured-binding-registry.ts` still mixes: + +- registry compilation +- cache invalidation +- inbound matching +- materialization of binding targets +- session-key reverse lookup + +That file is now generic, but still too large and too coupled. + +### Runtime-created plugin bindings still use a separate stack + +`src/plugins/conversation-binding.ts` is still a separate implementation path for plugin-created bindings. + +That means configured bindings and runtime-created bindings share storage, but not one consistent capability layer. + +### Generic registries still hardcode ACP as a built-in + +`src/channels/plugins/configured-binding-consumers.ts` and `src/channels/plugins/stateful-target-drivers.ts` still import ACP directly. + +That is acceptable for now, but the clean final shape is to keep ACP built in while registering it from a dedicated bootstrap point instead of wiring it inside the generic registry files. + +## Target Contracts + +### Channel binding provider contract + +Conceptually, each channel plugin should support: + +- `compileConfiguredBinding(binding, cfg) -> CompiledBinding | null` +- `resolveInboundConversation(event) -> ConversationRef | null` +- `matchInboundConversation(compiledBinding, conversation) -> BindingMatch | null` +- `describeBinding(compiledBinding) -> string | undefined` + +### Binding capability contract + +Core should support: + +- `compileConfiguredBindings(cfg, plugins) -> CompiledBindingRegistry` +- `resolveBinding(conversationRef) -> BindingResolution | null` +- `createRuntimeBinding(target, conversationRef, metadata) -> BindingRecord` +- `touchBinding(bindingId)` +- `unbindBinding(bindingId | target)` +- `dispatchResolvedBinding(bindingResolution, inboundEvent)` + +### Stateful target driver contract + +Core should support: + +- `ensureReady(targetRef, cfg)` +- `runTurn(targetRef, input)` +- `cancel(targetRef, reason)` +- `close(targetRef, reason)` +- `reset(targetRef, reason)` +- `status(targetRef)` +- `health(targetRef)` + +## File-Level Transition Plan + +### Keep + +- `src/infra/outbound/session-binding-service.ts` +- `src/acp/control-plane/*` +- `extensions/acpx/*` + +### Generalize + +- `src/plugins/conversation-binding.ts` + - fold runtime-created plugin bindings into the same generic binding capability instead of keeping a separate implementation stack +- `src/channels/plugins/configured-binding-registry.ts` + - split into compiler, matcher, and session-key resolution modules with a thin facade +- `src/channels/plugins/types.adapters.ts` + - finish removing ACP-era aliases after the deprecation window +- `src/plugin-sdk/conversation-runtime.ts` + - export only the generic binding capability surfaces +- `src/acp/persistent-bindings.lifecycle.ts` + - either become a generic stateful target driver consumer or be renamed to ACP driver-specific lifecycle code + +### Shrink Or Delete + +- `src/acp/persistent-bindings.ts` + - delete the compatibility barrel once tests import the real modules directly +- `src/acp/persistent-bindings.resolve.ts` + - keep only while ACP-specific compatibility helpers are still useful to internal callers +- ACP-named test files + - rename over time once the behavior is stable and there is no risk of mixing behavioral and naming churn + +## Recommended Refactor Order + +### Completed groundwork + +The current branch has already completed most of the first migration wave: + +- stable generic binding nouns exist +- configured bindings compile through a generic registry +- inbound routing goes through generic binding resolution +- configured binding lookup no longer performs fallback plugin discovery +- ACP is expressed as a configured-binding consumer plus a built-in stateful target driver + +The remaining work is cleanup and unification, not first-principles redesign. + +### Phase 1: Freeze the nouns + +Introduce and document the stable binding and target types: + +- `ConversationRef` +- `CompiledBinding` +- `BindingResolution` +- `BindingTargetDescriptor` +- `StatefulTargetDriver` + +Do this before more movement so the rest of the refactor has firm vocabulary. + +### Phase 2: Promote bindings to a first-class core capability + +Refactor the existing generic binding store into an explicit capability layer. + +Requirements: + +- runtime-created bindings stay supported +- configured bindings become first-class +- lookup becomes channel-agnostic + +### Phase 3: Compile configured bindings at startup and reload + +Move configured binding compilation off the inbound hot path. + +Requirements: + +- load enabled channel plugins once +- compile configured bindings once +- rebuild on config or plugin reload +- inbound path becomes pure registry lookup + +### Phase 4: Expand the channel provider seam + +Replace the ACP-specific adapter shape with a generic channel binding provider contract. + +Requirements: + +- channel plugins own normalization and matching +- core no longer knows channel-specific configured binding rules + +### Phase 5: Re-express ACP as a binding consumer plus built-in stateful target driver + +Move ACP configured binding policy to the new binding capability while keeping ACP runtime orchestration in core. + +Requirements: + +- ACP configured bindings resolve through the generic binding registry +- ACP target readiness uses the ACP driver contract +- ACP-specific naming disappears from generic binding code + +### Phase 6: Finish residual ACP cleanup + +Remove the last compatibility leftovers and stale naming. + +Requirements: + +- delete `src/acp/persistent-bindings.ts` +- rename ACP-named tests where that improves clarity without changing behavior +- keep docs synchronized with the actual generic seam instead of the earlier transition state + +### Phase 7: Split the configured binding registry by responsibility + +Refactor `src/channels/plugins/configured-binding-registry.ts` into smaller modules. + +Suggested split: + +- compiler module +- inbound matcher module +- session-key reverse lookup module +- thin public facade + +Requirements: + +- caching behavior remains unchanged +- matching behavior remains unchanged +- session-key resolution behavior remains unchanged + +### Phase 8: Keep codex app server on the same binding capability + +Do not force the codex app server into ACP semantics. + +Requirements: + +- codex app server keeps runtime-created bindings through the same binding capability +- inbound claim remains the default delivery path +- only adopt the stateful target driver seam if the app server truly needs long-lived target orchestration +- `src/plugins/conversation-binding.ts` stops being a separate binding stack and becomes a consumer of the generic binding capability + +### Phase 9: Decouple built-in ACP registration from generic registry files + +Keep ACP built in, but stop importing it directly from the generic registry modules. + +Requirements: + +- `src/channels/plugins/configured-binding-consumers.ts` no longer hardcodes ACP imports +- `src/channels/plugins/stateful-target-drivers.ts` no longer hardcodes ACP imports +- ACP still registers by default during normal startup +- generic registry files remain product-agnostic + +### Phase 10: Remove ACP-shaped compatibility facades + +Once all call sites are on the generic capability: + +- delete ACP-shaped routing helpers +- delete hot-path plugin bootstrapping logic +- keep only thin compatibility exports if external plugins still need a deprecation window + +## Success Criteria + +The architecture is done when all of these are true: + +- no inbound configured-binding resolution performs plugin discovery +- no channel-specific binding semantics remain in generic core binding code +- ACP still uses a core session kernel +- codex app server and ACP both sit on top of the same binding capability +- the binding capability can represent both configured and runtime-created bindings +- runtime-created plugin bindings do not use a separate implementation stack +- long-lived target orchestration is shared through a small core driver contract +- generic registry files do not import ACP directly +- ACP-era alias names are gone from the generic/plugin SDK surface +- the main harness is not forced into the ACP engine +- external plugins can use the same capability without internal imports + +## Non-Goals + +These are not goals of the remaining refactor: + +- moving the ACP session kernel into an ordinary plugin +- forcing the main harness, ACP, and codex app server into one executor +- making every channel implement its own retry and session-safety logic +- keeping ACP-shaped naming in the long-term generic binding layer + +## Bottom Line + +The right 20-year split is: + +- bindings are the shared core capability +- ACP session orchestration remains a small built-in core kernel +- channel plugins own binding semantics +- backend plugins own runtime protocol details +- product consumers like ACP configured bindings and codex app server build on the same binding capability without being forced into one runtime engine + +That is the leanest core that still has honest boundaries. diff --git a/extensions/acpx/src/config.test.ts b/extensions/acpx/src/config.test.ts index 5a19d6f43e8..bd75ee1198d 100644 --- a/extensions/acpx/src/config.test.ts +++ b/extensions/acpx/src/config.test.ts @@ -39,6 +39,25 @@ describe("acpx plugin config parsing", () => { } }); + it("prefers the workspace plugin root for dist/extensions/acpx bundles", () => { + const repoRoot = fs.mkdtempSync(path.join(os.tmpdir(), "acpx-root-workspace-")); + const workspacePluginRoot = path.join(repoRoot, "extensions", "acpx"); + const bundledPluginRoot = path.join(repoRoot, "dist", "extensions", "acpx"); + try { + fs.mkdirSync(workspacePluginRoot, { recursive: true }); + fs.mkdirSync(bundledPluginRoot, { recursive: true }); + fs.writeFileSync(path.join(workspacePluginRoot, "package.json"), "{}\n", "utf8"); + fs.writeFileSync(path.join(workspacePluginRoot, "openclaw.plugin.json"), "{}\n", "utf8"); + fs.writeFileSync(path.join(bundledPluginRoot, "package.json"), "{}\n", "utf8"); + fs.writeFileSync(path.join(bundledPluginRoot, "openclaw.plugin.json"), "{}\n", "utf8"); + + const moduleUrl = pathToFileURL(path.join(bundledPluginRoot, "index.js")).href; + expect(resolveAcpxPluginRoot(moduleUrl)).toBe(workspacePluginRoot); + } finally { + fs.rmSync(repoRoot, { recursive: true, force: true }); + } + }); + it("resolves bundled acpx with pinned version by default", () => { const resolved = resolveAcpxPluginConfig({ rawConfig: { diff --git a/extensions/acpx/src/config.ts b/extensions/acpx/src/config.ts index d6bfb3a44db..e604b69db7c 100644 --- a/extensions/acpx/src/config.ts +++ b/extensions/acpx/src/config.ts @@ -13,14 +13,18 @@ export const ACPX_PINNED_VERSION = "0.1.16"; export const ACPX_VERSION_ANY = "any"; const ACPX_BIN_NAME = process.platform === "win32" ? "acpx.cmd" : "acpx"; -export function resolveAcpxPluginRoot(moduleUrl: string = import.meta.url): string { +function isAcpxPluginRoot(dir: string): boolean { + return ( + fs.existsSync(path.join(dir, "openclaw.plugin.json")) && + fs.existsSync(path.join(dir, "package.json")) + ); +} + +function resolveNearestAcpxPluginRoot(moduleUrl: string): string { let cursor = path.dirname(fileURLToPath(moduleUrl)); for (let i = 0; i < 3; i += 1) { // Bundled entries live at the plugin root while source files still live under src/. - if ( - fs.existsSync(path.join(cursor, "openclaw.plugin.json")) && - fs.existsSync(path.join(cursor, "package.json")) - ) { + if (isAcpxPluginRoot(cursor)) { return cursor; } const parent = path.dirname(cursor); @@ -32,10 +36,29 @@ export function resolveAcpxPluginRoot(moduleUrl: string = import.meta.url): stri return path.resolve(path.dirname(fileURLToPath(moduleUrl)), ".."); } +function resolveWorkspaceAcpxPluginRoot(currentRoot: string): string | null { + if ( + path.basename(currentRoot) !== "acpx" || + path.basename(path.dirname(currentRoot)) !== "extensions" || + path.basename(path.dirname(path.dirname(currentRoot))) !== "dist" + ) { + return null; + } + const workspaceRoot = path.resolve(currentRoot, "..", "..", "..", "extensions", "acpx"); + return isAcpxPluginRoot(workspaceRoot) ? workspaceRoot : null; +} + +export function resolveAcpxPluginRoot(moduleUrl: string = import.meta.url): string { + const resolvedRoot = resolveNearestAcpxPluginRoot(moduleUrl); + // In a live repo checkout, dist/ can be rebuilt out from under the running gateway. + // Prefer the stable source plugin root when a built extension is running beside it. + return resolveWorkspaceAcpxPluginRoot(resolvedRoot) ?? resolvedRoot; +} + export const ACPX_PLUGIN_ROOT = resolveAcpxPluginRoot(); export const ACPX_BUNDLED_BIN = path.join(ACPX_PLUGIN_ROOT, "node_modules", ".bin", ACPX_BIN_NAME); export function buildAcpxLocalInstallCommand(version: string = ACPX_PINNED_VERSION): string { - return `npm install --omit=dev --no-save acpx@${version}`; + return `npm install --omit=dev --no-save --package-lock=false acpx@${version}`; } export const ACPX_LOCAL_INSTALL_COMMAND = buildAcpxLocalInstallCommand(); diff --git a/extensions/acpx/src/ensure.test.ts b/extensions/acpx/src/ensure.test.ts index c0bb5469b29..b834a671906 100644 --- a/extensions/acpx/src/ensure.test.ts +++ b/extensions/acpx/src/ensure.test.ts @@ -85,7 +85,13 @@ describe("acpx ensure", () => { }); expect(spawnAndCollectMock.mock.calls[1]?.[0]).toMatchObject({ command: "npm", - args: ["install", "--omit=dev", "--no-save", `acpx@${ACPX_PINNED_VERSION}`], + args: [ + "install", + "--omit=dev", + "--no-save", + "--package-lock=false", + `acpx@${ACPX_PINNED_VERSION}`, + ], cwd: "/plugin", stripProviderAuthEnvVars, }); diff --git a/extensions/acpx/src/ensure.ts b/extensions/acpx/src/ensure.ts index 9b85d53f618..05825b75bc9 100644 --- a/extensions/acpx/src/ensure.ts +++ b/extensions/acpx/src/ensure.ts @@ -233,7 +233,13 @@ export async function ensureAcpx(params: { const install = await spawnAndCollect({ command: "npm", - args: ["install", "--omit=dev", "--no-save", `acpx@${installVersion}`], + args: [ + "install", + "--omit=dev", + "--no-save", + "--package-lock=false", + `acpx@${installVersion}`, + ], cwd: pluginRoot, stripProviderAuthEnvVars: params.stripProviderAuthEnvVars, }); diff --git a/extensions/acpx/src/runtime-internals/process.test.ts b/extensions/acpx/src/runtime-internals/process.test.ts index ef0492308ae..90b7560c47e 100644 --- a/extensions/acpx/src/runtime-internals/process.test.ts +++ b/extensions/acpx/src/runtime-internals/process.test.ts @@ -1,5 +1,5 @@ import { spawn } from "node:child_process"; -import { mkdir, mkdtemp, rm, writeFile } from "node:fs/promises"; +import { chmod, mkdir, mkdtemp, rm, writeFile } from "node:fs/promises"; import { tmpdir } from "node:os"; import path from "node:path"; import { afterEach, describe, expect, it, vi } from "vitest"; @@ -64,6 +64,58 @@ describe("resolveSpawnCommand", () => { }); }); + it("routes node shebang wrappers through the current node runtime on posix", async () => { + const dir = await createTempDir(); + const scriptPath = path.join(dir, "acpx"); + await writeFile(scriptPath, "#!/usr/bin/env node\nconsole.log('ok')\n", "utf8"); + await chmod(scriptPath, 0o755); + + const resolved = resolveSpawnCommand( + { + command: scriptPath, + args: ["--help"], + }, + undefined, + { + platform: "linux", + env: {}, + execPath: "/custom/node", + }, + ); + + expect(resolved).toEqual({ + command: "/custom/node", + args: [scriptPath, "--help"], + }); + }); + + it("routes PATH-resolved node shebang wrappers through the current node runtime on posix", async () => { + const dir = await createTempDir(); + const binDir = path.join(dir, "bin"); + const scriptPath = path.join(binDir, "acpx"); + await mkdir(binDir, { recursive: true }); + await writeFile(scriptPath, "#!/usr/bin/env node\nconsole.log('ok')\n", "utf8"); + await chmod(scriptPath, 0o755); + + const resolved = resolveSpawnCommand( + { + command: "acpx", + args: ["--help"], + }, + undefined, + { + platform: "linux", + env: { PATH: binDir }, + execPath: "/custom/node", + }, + ); + + expect(resolved).toEqual({ + command: "/custom/node", + args: [scriptPath, "--help"], + }); + }); + it("routes .js command execution through node on windows", () => { const resolved = resolveSpawnCommand( { diff --git a/extensions/acpx/src/runtime-internals/process.ts b/extensions/acpx/src/runtime-internals/process.ts index 2724f467ab1..60b85114bcb 100644 --- a/extensions/acpx/src/runtime-internals/process.ts +++ b/extensions/acpx/src/runtime-internals/process.ts @@ -1,5 +1,6 @@ import { spawn, type ChildProcessWithoutNullStreams } from "node:child_process"; -import { existsSync } from "node:fs"; +import { accessSync, constants as fsConstants, existsSync, readFileSync, statSync } from "node:fs"; +import path from "node:path"; import type { WindowsSpawnProgram, WindowsSpawnProgramCandidate, @@ -57,11 +58,76 @@ const DEFAULT_RUNTIME: SpawnRuntime = { execPath: process.execPath, }; +function isExecutableFile(filePath: string, platform: NodeJS.Platform): boolean { + try { + const stat = statSync(filePath); + if (!stat.isFile()) { + return false; + } + if (platform === "win32") { + return true; + } + accessSync(filePath, fsConstants.X_OK); + return true; + } catch { + return false; + } +} + +function resolveExecutableFromPath(command: string, runtime: SpawnRuntime): string | undefined { + const pathEnv = runtime.env.PATH ?? runtime.env.Path; + if (!pathEnv) { + return undefined; + } + for (const entry of pathEnv.split(path.delimiter).filter(Boolean)) { + const candidate = path.join(entry, command); + if (isExecutableFile(candidate, runtime.platform)) { + return candidate; + } + } + return undefined; +} + +function resolveNodeShebangScriptPath(command: string, runtime: SpawnRuntime): string | undefined { + const commandPath = + path.isAbsolute(command) || command.includes(path.sep) + ? command + : resolveExecutableFromPath(command, runtime); + if (!commandPath || !isExecutableFile(commandPath, runtime.platform)) { + return undefined; + } + try { + const firstLine = readFileSync(commandPath, "utf8").split(/\r?\n/, 1)[0] ?? ""; + if (/^#!.*(?:\/usr\/bin\/env\s+node\b|\/node(?:js)?\b)/.test(firstLine)) { + return commandPath; + } + } catch { + return undefined; + } + return undefined; +} + export function resolveSpawnCommand( params: { command: string; args: string[] }, options?: SpawnCommandOptions, runtime: SpawnRuntime = DEFAULT_RUNTIME, ): ResolvedSpawnCommand { + if (runtime.platform !== "win32") { + const nodeShebangScript = resolveNodeShebangScriptPath(params.command, runtime); + if (nodeShebangScript) { + options?.onResolved?.({ + command: params.command, + cacheHit: false, + strictWindowsCmdWrapper: options?.strictWindowsCmdWrapper === true, + resolution: "direct", + }); + return { + command: runtime.execPath, + args: [nodeShebangScript, ...params.args], + }; + } + } + const strictWindowsCmdWrapper = options?.strictWindowsCmdWrapper === true; const cacheKey = params.command; const cachedProgram = options?.cache; diff --git a/extensions/acpx/src/runtime.test.ts b/extensions/acpx/src/runtime.test.ts index 198a0367b59..5c65b032f34 100644 --- a/extensions/acpx/src/runtime.test.ts +++ b/extensions/acpx/src/runtime.test.ts @@ -154,6 +154,90 @@ describe("AcpxRuntime", () => { expect(resumeArgs[resumeFlagIndex + 1]).toBe(resumeSessionId); }); + it("replaces dead named sessions returned by sessions ensure", async () => { + process.env.MOCK_ACPX_STATUS_STATUS = "dead"; + process.env.MOCK_ACPX_STATUS_SUMMARY = "queue owner unavailable"; + try { + const { runtime, logPath } = await createMockRuntimeFixture(); + const sessionKey = "agent:codex:acp:dead-session"; + + const handle = await runtime.ensureSession({ + sessionKey, + agent: "codex", + mode: "persistent", + }); + + expect(handle.backend).toBe("acpx"); + const logs = await readMockRuntimeLogEntries(logPath); + const ensureIndex = logs.findIndex((entry) => entry.kind === "ensure"); + const statusIndex = logs.findIndex((entry) => entry.kind === "status"); + const newIndex = logs.findIndex((entry) => entry.kind === "new"); + expect(ensureIndex).toBeGreaterThanOrEqual(0); + expect(statusIndex).toBeGreaterThan(ensureIndex); + expect(newIndex).toBeGreaterThan(statusIndex); + } finally { + delete process.env.MOCK_ACPX_STATUS_STATUS; + delete process.env.MOCK_ACPX_STATUS_SUMMARY; + } + }); + + it("reuses a live named session when sessions ensure exits before returning identifiers", async () => { + process.env.MOCK_ACPX_ENSURE_EXIT_1 = "1"; + process.env.MOCK_ACPX_STATUS_STATUS = "alive"; + try { + const { runtime, logPath } = await createMockRuntimeFixture(); + const sessionKey = "agent:codex:acp:ensure-fallback-alive"; + + const handle = await runtime.ensureSession({ + sessionKey, + agent: "codex", + mode: "persistent", + }); + + expect(handle.backend).toBe("acpx"); + expect(handle.acpxRecordId).toBe("rec-" + sessionKey); + const logs = await readMockRuntimeLogEntries(logPath); + const ensureIndex = logs.findIndex((entry) => entry.kind === "ensure"); + const statusIndex = logs.findIndex((entry) => entry.kind === "status"); + const newIndex = logs.findIndex((entry) => entry.kind === "new"); + expect(ensureIndex).toBeGreaterThanOrEqual(0); + expect(statusIndex).toBeGreaterThan(ensureIndex); + expect(newIndex).toBe(-1); + } finally { + delete process.env.MOCK_ACPX_ENSURE_EXIT_1; + delete process.env.MOCK_ACPX_STATUS_STATUS; + } + }); + + it("creates a fresh named session when sessions ensure exits and status is dead", async () => { + process.env.MOCK_ACPX_ENSURE_EXIT_1 = "1"; + process.env.MOCK_ACPX_STATUS_STATUS = "dead"; + process.env.MOCK_ACPX_STATUS_SUMMARY = "queue owner unavailable"; + try { + const { runtime, logPath } = await createMockRuntimeFixture(); + const sessionKey = "agent:codex:acp:ensure-fallback-dead"; + + const handle = await runtime.ensureSession({ + sessionKey, + agent: "codex", + mode: "persistent", + }); + + expect(handle.backend).toBe("acpx"); + const logs = await readMockRuntimeLogEntries(logPath); + const ensureIndex = logs.findIndex((entry) => entry.kind === "ensure"); + const statusIndex = logs.findIndex((entry) => entry.kind === "status"); + const newIndex = logs.findIndex((entry) => entry.kind === "new"); + expect(ensureIndex).toBeGreaterThanOrEqual(0); + expect(statusIndex).toBeGreaterThan(ensureIndex); + expect(newIndex).toBeGreaterThan(statusIndex); + } finally { + delete process.env.MOCK_ACPX_ENSURE_EXIT_1; + delete process.env.MOCK_ACPX_STATUS_STATUS; + delete process.env.MOCK_ACPX_STATUS_SUMMARY; + } + }); + it("serializes text plus image attachments into ACP prompt blocks", async () => { const { runtime, logPath } = await createMockRuntimeFixture(); diff --git a/extensions/acpx/src/runtime.ts b/extensions/acpx/src/runtime.ts index e55ef360424..a528de476af 100644 --- a/extensions/acpx/src/runtime.ts +++ b/extensions/acpx/src/runtime.ts @@ -92,6 +92,26 @@ function formatAcpxExitMessage(params: { return stderr || `acpx exited with code ${params.exitCode ?? "unknown"}`; } +function summarizeLogText(text: string, maxChars = 240): string { + const normalized = text.trim().replace(/\s+/g, " "); + if (!normalized) { + return ""; + } + if (normalized.length <= maxChars) { + return normalized; + } + return `${normalized.slice(0, maxChars)}...`; +} + +function findSessionIdentifierEvent(events: AcpxJsonObject[]): AcpxJsonObject | undefined { + return events.find( + (event) => + asOptionalString(event.agentSessionId) || + asOptionalString(event.acpxSessionId) || + asOptionalString(event.acpxRecordId), + ); +} + export function encodeAcpxRuntimeHandleState(state: AcpxHandleState): string { const payload = Buffer.from(JSON.stringify(state), "utf8").toString("base64url"); return `${ACPX_RUNTIME_HANDLE_PREFIX}${payload}`; @@ -252,6 +272,146 @@ export class AcpxRuntime implements AcpRuntime { this.healthy = result.ok; } + private async createNamedSession(params: { + agent: string; + cwd: string; + sessionName: string; + resumeSessionId?: string; + }): Promise { + const command = params.resumeSessionId + ? [ + "sessions", + "new", + "--name", + params.sessionName, + "--resume-session", + params.resumeSessionId, + ] + : ["sessions", "new", "--name", params.sessionName]; + return await this.runControlCommand({ + args: await this.buildVerbArgs({ + agent: params.agent, + cwd: params.cwd, + command, + }), + cwd: params.cwd, + fallbackCode: "ACP_SESSION_INIT_FAILED", + }); + } + + private async shouldReplaceEnsuredSession(params: { + sessionName: string; + agent: string; + cwd: string; + }): Promise { + const args = await this.buildVerbArgs({ + agent: params.agent, + cwd: params.cwd, + command: ["status", "--session", params.sessionName], + }); + let events: AcpxJsonObject[]; + try { + events = await this.runControlCommand({ + args, + cwd: params.cwd, + fallbackCode: "ACP_SESSION_INIT_FAILED", + ignoreNoSession: true, + }); + } catch (error) { + this.logger?.warn?.( + `acpx ensureSession status probe failed: session=${params.sessionName} cwd=${params.cwd} error=${summarizeLogText(error instanceof Error ? error.message : String(error)) || ""}`, + ); + return false; + } + + const noSession = events.some((event) => toAcpxErrorEvent(event)?.code === "NO_SESSION"); + if (noSession) { + this.logger?.warn?.( + `acpx ensureSession replacing missing named session: session=${params.sessionName} cwd=${params.cwd}`, + ); + return true; + } + + const detail = events.find((event) => !toAcpxErrorEvent(event)); + const status = asTrimmedString(detail?.status)?.toLowerCase(); + if (status === "dead") { + const summary = summarizeLogText(asOptionalString(detail?.summary) ?? ""); + this.logger?.warn?.( + `acpx ensureSession replacing dead named session: session=${params.sessionName} cwd=${params.cwd} status=${status} summary=${summary || ""}`, + ); + return true; + } + + return false; + } + + private async recoverEnsureFailure(params: { + sessionName: string; + agent: string; + cwd: string; + error: unknown; + }): Promise { + const errorMessage = summarizeLogText( + params.error instanceof Error ? params.error.message : String(params.error), + ); + this.logger?.warn?.( + `acpx ensureSession probing named session after ensure failure: session=${params.sessionName} cwd=${params.cwd} error=${errorMessage || ""}`, + ); + const args = await this.buildVerbArgs({ + agent: params.agent, + cwd: params.cwd, + command: ["status", "--session", params.sessionName], + }); + let events: AcpxJsonObject[]; + try { + events = await this.runControlCommand({ + args, + cwd: params.cwd, + fallbackCode: "ACP_SESSION_INIT_FAILED", + ignoreNoSession: true, + }); + } catch (statusError) { + this.logger?.warn?.( + `acpx ensureSession status fallback failed: session=${params.sessionName} cwd=${params.cwd} error=${summarizeLogText(statusError instanceof Error ? statusError.message : String(statusError)) || ""}`, + ); + return null; + } + + const noSession = events.some((event) => toAcpxErrorEvent(event)?.code === "NO_SESSION"); + if (noSession) { + this.logger?.warn?.( + `acpx ensureSession creating named session after ensure failure and missing status: session=${params.sessionName} cwd=${params.cwd}`, + ); + return await this.createNamedSession({ + agent: params.agent, + cwd: params.cwd, + sessionName: params.sessionName, + }); + } + + const detail = events.find((event) => !toAcpxErrorEvent(event)); + const status = asTrimmedString(detail?.status)?.toLowerCase(); + if (status === "dead") { + this.logger?.warn?.( + `acpx ensureSession replacing dead named session after ensure failure: session=${params.sessionName} cwd=${params.cwd}`, + ); + return await this.createNamedSession({ + agent: params.agent, + cwd: params.cwd, + sessionName: params.sessionName, + }); + } + + if (status === "alive" || findSessionIdentifierEvent(events)) { + this.logger?.warn?.( + `acpx ensureSession reusing live named session after ensure failure: session=${params.sessionName} cwd=${params.cwd} status=${status || "unknown"}`, + ); + return events; + } + + return null; + } + async ensureSession(input: AcpRuntimeEnsureInput): Promise { const sessionName = asTrimmedString(input.sessionKey); if (!sessionName) { @@ -264,45 +424,80 @@ export class AcpxRuntime implements AcpRuntime { const cwd = asTrimmedString(input.cwd) || this.config.cwd; const mode = input.mode; const resumeSessionId = asTrimmedString(input.resumeSessionId); - const ensureSubcommand = resumeSessionId - ? ["sessions", "new", "--name", sessionName, "--resume-session", resumeSessionId] - : ["sessions", "ensure", "--name", sessionName]; - const ensureCommand = await this.buildVerbArgs({ - agent, - cwd, - command: ensureSubcommand, - }); - - let events = await this.runControlCommand({ - args: ensureCommand, - cwd, - fallbackCode: "ACP_SESSION_INIT_FAILED", - }); - let ensuredEvent = events.find( - (event) => - asOptionalString(event.agentSessionId) || - asOptionalString(event.acpxSessionId) || - asOptionalString(event.acpxRecordId), - ); - - if (!ensuredEvent && !resumeSessionId) { - const newCommand = await this.buildVerbArgs({ + let events: AcpxJsonObject[]; + if (resumeSessionId) { + events = await this.createNamedSession({ agent, cwd, - command: ["sessions", "new", "--name", sessionName], + sessionName, + resumeSessionId, }); - events = await this.runControlCommand({ - args: newCommand, - cwd, - fallbackCode: "ACP_SESSION_INIT_FAILED", - }); - ensuredEvent = events.find( - (event) => - asOptionalString(event.agentSessionId) || - asOptionalString(event.acpxSessionId) || - asOptionalString(event.acpxRecordId), + } else { + try { + events = await this.runControlCommand({ + args: await this.buildVerbArgs({ + agent, + cwd, + command: ["sessions", "ensure", "--name", sessionName], + }), + cwd, + fallbackCode: "ACP_SESSION_INIT_FAILED", + }); + } catch (error) { + const recovered = await this.recoverEnsureFailure({ + sessionName, + agent, + cwd, + error, + }); + if (!recovered) { + throw error; + } + events = recovered; + } + } + if (events.length === 0) { + this.logger?.warn?.( + `acpx ensureSession returned no events after sessions ensure: session=${sessionName} agent=${agent} cwd=${cwd}`, ); } + let ensuredEvent = findSessionIdentifierEvent(events); + + if ( + ensuredEvent && + !resumeSessionId && + (await this.shouldReplaceEnsuredSession({ + sessionName, + agent, + cwd, + })) + ) { + events = await this.createNamedSession({ + agent, + cwd, + sessionName, + }); + if (events.length === 0) { + this.logger?.warn?.( + `acpx ensureSession returned no events after replacing dead session: session=${sessionName} agent=${agent} cwd=${cwd}`, + ); + } + ensuredEvent = findSessionIdentifierEvent(events); + } + + if (!ensuredEvent && !resumeSessionId) { + events = await this.createNamedSession({ + agent, + cwd, + sessionName, + }); + if (events.length === 0) { + this.logger?.warn?.( + `acpx ensureSession returned no events after sessions new: session=${sessionName} agent=${agent} cwd=${cwd}`, + ); + } + ensuredEvent = findSessionIdentifierEvent(events); + } if (!ensuredEvent) { throw new AcpRuntimeError( "ACP_SESSION_INIT_FAILED", diff --git a/extensions/acpx/src/test-utils/runtime-fixtures.ts b/extensions/acpx/src/test-utils/runtime-fixtures.ts index c5cbef83877..4ebe57b3e2a 100644 --- a/extensions/acpx/src/test-utils/runtime-fixtures.ts +++ b/extensions/acpx/src/test-utils/runtime-fixtures.ts @@ -1,7 +1,7 @@ import fs from "node:fs"; import { chmod, mkdtemp, readFile, rm, writeFile } from "node:fs/promises"; import path from "node:path"; -import { resolvePreferredOpenClawTmpDir } from "../../../../src/infra/tmp-openclaw-dir.js"; +import { resolvePreferredOpenClawTmpDir } from "openclaw/plugin-sdk/infra-runtime"; import type { ResolvedAcpxPluginConfig } from "../config.js"; import { ACPX_PINNED_VERSION } from "../config.js"; import { AcpxRuntime } from "../runtime.js"; @@ -76,6 +76,17 @@ const setValue = command === "set" ? String(args[commandIndex + 2] || "") : ""; if (command === "sessions" && args[commandIndex + 1] === "ensure") { writeLog({ kind: "ensure", agent, args, sessionName: ensureName }); + if (process.env.MOCK_ACPX_ENSURE_EXIT_1 === "1") { + emitJson({ + jsonrpc: "2.0", + id: null, + error: { + code: -32603, + message: "mock ensure failure", + }, + }); + process.exit(1); + } if (process.env.MOCK_ACPX_ENSURE_EMPTY === "1") { emitJson({ action: "session_ensured", name: ensureName }); } else { @@ -173,11 +184,14 @@ if (command === "set") { if (command === "status") { writeLog({ kind: "status", agent, args, sessionName: sessionFromOption }); + const status = process.env.MOCK_ACPX_STATUS_STATUS || (sessionFromOption ? "alive" : "no-session"); + const summary = process.env.MOCK_ACPX_STATUS_SUMMARY || ""; emitJson({ acpxRecordId: sessionFromOption ? "rec-" + sessionFromOption : null, acpxSessionId: sessionFromOption ? "sid-" + sessionFromOption : null, agentSessionId: sessionFromOption ? "inner-" + sessionFromOption : null, - status: sessionFromOption ? "alive" : "no-session", + status, + ...(summary ? { summary } : {}), pid: 4242, uptime: 120, }); @@ -382,6 +396,9 @@ export async function readMockRuntimeLogEntries( export async function cleanupMockRuntimeFixtures(): Promise { delete process.env.MOCK_ACPX_LOG; delete process.env.MOCK_ACPX_CONFIG_SHOW_AGENTS; + delete process.env.MOCK_ACPX_ENSURE_EXIT_1; + delete process.env.MOCK_ACPX_STATUS_STATUS; + delete process.env.MOCK_ACPX_STATUS_SUMMARY; sharedMockCliScriptPath = null; logFileSequence = 0; while (tempDirs.length > 0) { diff --git a/extensions/amazon-bedrock/index.test.ts b/extensions/amazon-bedrock/index.test.ts index 641173cd6ce..4afa67e3501 100644 --- a/extensions/amazon-bedrock/index.test.ts +++ b/extensions/amazon-bedrock/index.test.ts @@ -1,5 +1,5 @@ import { describe, expect, it } from "vitest"; -import { registerSingleProviderPlugin } from "../../src/test-utils/plugin-registration.js"; +import { registerSingleProviderPlugin } from "../../test/helpers/extensions/plugin-registration.js"; import amazonBedrockPlugin from "./index.js"; describe("amazon-bedrock provider plugin", () => { diff --git a/extensions/amazon-bedrock/index.ts b/extensions/amazon-bedrock/index.ts index 33fa3a08d32..9158ab158d7 100644 --- a/extensions/amazon-bedrock/index.ts +++ b/extensions/amazon-bedrock/index.ts @@ -1,14 +1,13 @@ -import { emptyPluginConfigSchema, type OpenClawPluginApi } from "openclaw/plugin-sdk/core"; +import { definePluginEntry } from "openclaw/plugin-sdk/core"; const PROVIDER_ID = "amazon-bedrock"; const CLAUDE_46_MODEL_RE = /claude-(?:opus|sonnet)-4(?:\.|-)6(?:$|[-.])/i; -const amazonBedrockPlugin = { +export default definePluginEntry({ id: PROVIDER_ID, name: "Amazon Bedrock Provider", description: "Bundled Amazon Bedrock provider policy plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerProvider({ id: PROVIDER_ID, label: "Amazon Bedrock", @@ -18,6 +17,4 @@ const amazonBedrockPlugin = { CLAUDE_46_MODEL_RE.test(modelId.trim()) ? "adaptive" : undefined, }); }, -}; - -export default amazonBedrockPlugin; +}); diff --git a/extensions/anthropic/index.ts b/extensions/anthropic/index.ts index a2491dfbd87..78f5bf3c17a 100644 --- a/extensions/anthropic/index.ts +++ b/extensions/anthropic/index.ts @@ -1,31 +1,33 @@ +import { formatCliCommand } from "openclaw/plugin-sdk/cli-runtime"; +import { parseDurationMs } from "openclaw/plugin-sdk/cli-runtime"; import { - emptyPluginConfigSchema, - type OpenClawPluginApi, + definePluginEntry, type ProviderAuthContext, type ProviderResolveDynamicModelContext, type ProviderRuntimeModel, } from "openclaw/plugin-sdk/core"; import { CLAUDE_CLI_PROFILE_ID, + applyAuthProfileConfig, + buildTokenProfileId, + createProviderApiKeyAuthMethod, + ensureApiKeyFromOptionEnvOrPrompt, listProfilesForProvider, - upsertAuthProfile, -} from "../../src/agents/auth-profiles.js"; -import { suggestOAuthProfileIdForLegacyDefault } from "../../src/agents/auth-profiles/repair.js"; -import type { AuthProfileStore } from "../../src/agents/auth-profiles/types.js"; -import { normalizeModelCompat } from "../../src/agents/model-compat.js"; -import { formatCliCommand } from "../../src/cli/command-format.js"; -import { parseDurationMs } from "../../src/cli/parse-duration.js"; -import { + normalizeApiKeyInput, + suggestOAuthProfileIdForLegacyDefault, + type AuthProfileStore, + type ProviderAuthResult, + normalizeSecretInput, normalizeSecretInputModeInput, promptSecretRefForSetup, resolveSecretInputModeForEnvSelection, -} from "../../src/commands/auth-choice.apply-helpers.js"; -import { buildTokenProfileId, validateAnthropicSetupToken } from "../../src/commands/auth-token.js"; -import { applyAuthProfileConfig } from "../../src/commands/onboard-auth.js"; -import { fetchClaudeUsage } from "../../src/infra/provider-usage.fetch.js"; -import { createProviderApiKeyAuthMethod } from "../../src/plugins/provider-api-key-auth.js"; -import type { ProviderAuthResult } from "../../src/plugins/types.js"; -import { normalizeSecretInput } from "../../src/utils/normalize-secret-input.js"; + upsertAuthProfile, + validateAnthropicSetupToken, + validateApiKeyInput, +} from "openclaw/plugin-sdk/provider-auth"; +import { normalizeModelCompat } from "openclaw/plugin-sdk/provider-models"; +import { fetchClaudeUsage } from "openclaw/plugin-sdk/provider-usage"; +import { anthropicMediaUnderstandingProvider } from "./media-understanding-provider.js"; const PROVIDER_ID = "anthropic"; const DEFAULT_ANTHROPIC_MODEL = "anthropic/claude-sonnet-4-6"; @@ -309,12 +311,11 @@ async function runAnthropicSetupTokenNonInteractive(ctx: { }); } -const anthropicPlugin = { +export default definePluginEntry({ id: PROVIDER_ID, name: "Anthropic Provider", description: "Bundled Anthropic provider plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerProvider({ id: PROVIDER_ID, label: "Anthropic", @@ -394,7 +395,6 @@ const anthropicPlugin = { profileId: ctx.profileId, }), }); + api.registerMediaUnderstandingProvider(anthropicMediaUnderstandingProvider); }, -}; - -export default anthropicPlugin; +}); diff --git a/extensions/anthropic/media-understanding-provider.ts b/extensions/anthropic/media-understanding-provider.ts new file mode 100644 index 00000000000..68a95c93546 --- /dev/null +++ b/extensions/anthropic/media-understanding-provider.ts @@ -0,0 +1,12 @@ +import { + describeImageWithModel, + describeImagesWithModel, + type MediaUnderstandingProvider, +} from "openclaw/plugin-sdk/media-understanding"; + +export const anthropicMediaUnderstandingProvider: MediaUnderstandingProvider = { + id: "anthropic", + capabilities: ["image"], + describeImage: describeImageWithModel, + describeImages: describeImagesWithModel, +}; diff --git a/extensions/bluebubbles/api.ts b/extensions/bluebubbles/api.ts new file mode 100644 index 00000000000..414efd5531e --- /dev/null +++ b/extensions/bluebubbles/api.ts @@ -0,0 +1 @@ +export { bluebubblesPlugin } from "./src/channel.js"; diff --git a/extensions/bluebubbles/index.ts b/extensions/bluebubbles/index.ts index f04afb40959..3e4ab2b4ff8 100644 --- a/extensions/bluebubbles/index.ts +++ b/extensions/bluebubbles/index.ts @@ -1,17 +1,14 @@ -import type { OpenClawPluginApi } from "openclaw/plugin-sdk/bluebubbles"; -import { emptyPluginConfigSchema } from "openclaw/plugin-sdk/bluebubbles"; +import { defineChannelPluginEntry } from "openclaw/plugin-sdk/core"; import { bluebubblesPlugin } from "./src/channel.js"; import { setBlueBubblesRuntime } from "./src/runtime.js"; -const plugin = { +export { bluebubblesPlugin } from "./src/channel.js"; +export { setBlueBubblesRuntime } from "./src/runtime.js"; + +export default defineChannelPluginEntry({ id: "bluebubbles", name: "BlueBubbles", description: "BlueBubbles channel plugin (macOS app)", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { - setBlueBubblesRuntime(api.runtime); - api.registerChannel({ plugin: bluebubblesPlugin }); - }, -}; - -export default plugin; + plugin: bluebubblesPlugin, + setRuntime: setBlueBubblesRuntime, +}); diff --git a/extensions/bluebubbles/setup-entry.ts b/extensions/bluebubbles/setup-entry.ts index 5e05d9c8bb2..940837c87f6 100644 --- a/extensions/bluebubbles/setup-entry.ts +++ b/extensions/bluebubbles/setup-entry.ts @@ -1,5 +1,4 @@ +import { defineSetupPluginEntry } from "openclaw/plugin-sdk/core"; import { bluebubblesPlugin } from "./src/channel.js"; -export default { - plugin: bluebubblesPlugin, -}; +export default defineSetupPluginEntry(bluebubblesPlugin); diff --git a/extensions/bluebubbles/src/actions.runtime.ts b/extensions/bluebubbles/src/actions.runtime.ts index 53285c19f17..6b4112547d1 100644 --- a/extensions/bluebubbles/src/actions.runtime.ts +++ b/extensions/bluebubbles/src/actions.runtime.ts @@ -1,13 +1,31 @@ -export { sendBlueBubblesAttachment } from "./attachments.js"; -export { - addBlueBubblesParticipant, - editBlueBubblesMessage, - leaveBlueBubblesChat, - removeBlueBubblesParticipant, - renameBlueBubblesChat, - setGroupIconBlueBubbles, - unsendBlueBubblesMessage, +import { sendBlueBubblesAttachment as sendBlueBubblesAttachmentImpl } from "./attachments.js"; +import { + addBlueBubblesParticipant as addBlueBubblesParticipantImpl, + editBlueBubblesMessage as editBlueBubblesMessageImpl, + leaveBlueBubblesChat as leaveBlueBubblesChatImpl, + removeBlueBubblesParticipant as removeBlueBubblesParticipantImpl, + renameBlueBubblesChat as renameBlueBubblesChatImpl, + setGroupIconBlueBubbles as setGroupIconBlueBubblesImpl, + unsendBlueBubblesMessage as unsendBlueBubblesMessageImpl, } from "./chat.js"; -export { resolveBlueBubblesMessageId } from "./monitor.js"; -export { sendBlueBubblesReaction } from "./reactions.js"; -export { resolveChatGuidForTarget, sendMessageBlueBubbles } from "./send.js"; +import { resolveBlueBubblesMessageId as resolveBlueBubblesMessageIdImpl } from "./monitor.js"; +import { sendBlueBubblesReaction as sendBlueBubblesReactionImpl } from "./reactions.js"; +import { + resolveChatGuidForTarget as resolveChatGuidForTargetImpl, + sendMessageBlueBubbles as sendMessageBlueBubblesImpl, +} from "./send.js"; + +export const blueBubblesActionsRuntime = { + sendBlueBubblesAttachment: sendBlueBubblesAttachmentImpl, + addBlueBubblesParticipant: addBlueBubblesParticipantImpl, + editBlueBubblesMessage: editBlueBubblesMessageImpl, + leaveBlueBubblesChat: leaveBlueBubblesChatImpl, + removeBlueBubblesParticipant: removeBlueBubblesParticipantImpl, + renameBlueBubblesChat: renameBlueBubblesChatImpl, + setGroupIconBlueBubbles: setGroupIconBlueBubblesImpl, + unsendBlueBubblesMessage: unsendBlueBubblesMessageImpl, + resolveBlueBubblesMessageId: resolveBlueBubblesMessageIdImpl, + sendBlueBubblesReaction: sendBlueBubblesReactionImpl, + resolveChatGuidForTarget: resolveChatGuidForTargetImpl, + sendMessageBlueBubbles: sendMessageBlueBubblesImpl, +}; diff --git a/extensions/bluebubbles/src/actions.test.ts b/extensions/bluebubbles/src/actions.test.ts index 0560567c5fb..a7a9e549051 100644 --- a/extensions/bluebubbles/src/actions.test.ts +++ b/extensions/bluebubbles/src/actions.test.ts @@ -1,7 +1,12 @@ import type { OpenClawConfig } from "openclaw/plugin-sdk/bluebubbles"; import { describe, expect, it, vi, beforeEach } from "vitest"; import { bluebubblesMessageActions } from "./actions.js"; +import { sendBlueBubblesAttachment } from "./attachments.js"; +import { editBlueBubblesMessage, setGroupIconBlueBubbles } from "./chat.js"; +import { resolveBlueBubblesMessageId } from "./monitor.js"; import { getCachedBlueBubblesPrivateApiStatus } from "./probe.js"; +import { sendBlueBubblesReaction } from "./reactions.js"; +import { resolveChatGuidForTarget, sendMessageBlueBubbles } from "./send.js"; vi.mock("./accounts.js", async () => { const { createBlueBubblesAccountsMockModule } = await import("./test-harness.js"); @@ -277,7 +282,6 @@ describe("bluebubblesMessageActions", () => { }); it("throws when chatGuid cannot be resolved", async () => { - const { resolveChatGuidForTarget } = await import("./send.js"); vi.mocked(resolveChatGuidForTarget).mockResolvedValueOnce(null); const cfg: OpenClawConfig = { @@ -299,8 +303,6 @@ describe("bluebubblesMessageActions", () => { }); it("sends reaction successfully with chatGuid", async () => { - const { sendBlueBubblesReaction } = await import("./reactions.js"); - const result = await runReactAction({ emoji: "❤️", messageId: "msg-123", @@ -321,8 +323,6 @@ describe("bluebubblesMessageActions", () => { }); it("sends reaction removal successfully", async () => { - const { sendBlueBubblesReaction } = await import("./reactions.js"); - const result = await runReactAction({ emoji: "❤️", messageId: "msg-123", @@ -342,8 +342,6 @@ describe("bluebubblesMessageActions", () => { }); it("resolves chatGuid from to parameter", async () => { - const { sendBlueBubblesReaction } = await import("./reactions.js"); - const { resolveChatGuidForTarget } = await import("./send.js"); vi.mocked(resolveChatGuidForTarget).mockResolvedValueOnce("iMessage;-;+15559876543"); const cfg: OpenClawConfig = { @@ -374,8 +372,6 @@ describe("bluebubblesMessageActions", () => { }); it("passes partIndex when provided", async () => { - const { sendBlueBubblesReaction } = await import("./reactions.js"); - const cfg: OpenClawConfig = { channels: { bluebubbles: { @@ -404,8 +400,6 @@ describe("bluebubblesMessageActions", () => { }); it("uses toolContext currentChannelId when no explicit target is provided", async () => { - const { sendBlueBubblesReaction } = await import("./reactions.js"); - const { resolveChatGuidForTarget } = await import("./send.js"); vi.mocked(resolveChatGuidForTarget).mockResolvedValueOnce("iMessage;-;+15550001111"); const cfg: OpenClawConfig = { @@ -442,8 +436,6 @@ describe("bluebubblesMessageActions", () => { }); it("resolves short messageId before reacting", async () => { - const { resolveBlueBubblesMessageId } = await import("./monitor.js"); - const { sendBlueBubblesReaction } = await import("./reactions.js"); vi.mocked(resolveBlueBubblesMessageId).mockReturnValueOnce("resolved-uuid"); const cfg: OpenClawConfig = { @@ -475,7 +467,6 @@ describe("bluebubblesMessageActions", () => { }); it("propagates short-id errors from the resolver", async () => { - const { resolveBlueBubblesMessageId } = await import("./monitor.js"); vi.mocked(resolveBlueBubblesMessageId).mockImplementationOnce(() => { throw new Error("short id expired"); }); @@ -504,8 +495,6 @@ describe("bluebubblesMessageActions", () => { }); it("accepts message param for edit action", async () => { - const { editBlueBubblesMessage } = await import("./chat.js"); - const cfg: OpenClawConfig = { channels: { bluebubbles: { @@ -530,8 +519,6 @@ describe("bluebubblesMessageActions", () => { }); it("accepts message/target aliases for sendWithEffect", async () => { - const { sendMessageBlueBubbles } = await import("./send.js"); - const cfg: OpenClawConfig = { channels: { bluebubbles: { @@ -563,8 +550,6 @@ describe("bluebubblesMessageActions", () => { }); it("passes asVoice through sendAttachment", async () => { - const { sendBlueBubblesAttachment } = await import("./attachments.js"); - const cfg: OpenClawConfig = { channels: { bluebubbles: { @@ -619,8 +604,6 @@ describe("bluebubblesMessageActions", () => { }); it("sets group icon successfully with chatGuid and buffer", async () => { - const { setGroupIconBlueBubbles } = await import("./chat.js"); - const cfg: OpenClawConfig = { channels: { bluebubbles: { @@ -658,8 +641,6 @@ describe("bluebubblesMessageActions", () => { }); it("uses default filename when not provided for setGroupIcon", async () => { - const { setGroupIconBlueBubbles } = await import("./chat.js"); - const cfg: OpenClawConfig = { channels: { bluebubbles: { diff --git a/extensions/bluebubbles/src/actions.ts b/extensions/bluebubbles/src/actions.ts index 4e6476afa3f..c9d96cb29ee 100644 --- a/extensions/bluebubbles/src/actions.ts +++ b/extensions/bluebubbles/src/actions.ts @@ -11,18 +11,17 @@ import { type ChannelMessageActionAdapter, type ChannelMessageActionName, } from "openclaw/plugin-sdk/bluebubbles"; +import { createLazyRuntimeNamedExport } from "openclaw/plugin-sdk/lazy-runtime"; import { resolveBlueBubblesAccount } from "./accounts.js"; import { getCachedBlueBubblesPrivateApiStatus, isMacOS26OrHigher } from "./probe.js"; import { normalizeSecretInputString } from "./secret-input.js"; import { normalizeBlueBubblesHandle, parseBlueBubblesTarget } from "./targets.js"; import type { BlueBubblesSendTarget } from "./types.js"; -let actionsRuntimePromise: Promise | null = null; - -function loadBlueBubblesActionsRuntime() { - actionsRuntimePromise ??= import("./actions.runtime.js"); - return actionsRuntimePromise; -} +const loadBlueBubblesActionsRuntime = createLazyRuntimeNamedExport( + () => import("./actions.runtime.js"), + "blueBubblesActionsRuntime", +); const providerId = "bluebubbles"; diff --git a/extensions/bluebubbles/src/channel.runtime.ts b/extensions/bluebubbles/src/channel.runtime.ts index 32bf567dcf5..b8b4066c4cd 100644 --- a/extensions/bluebubbles/src/channel.runtime.ts +++ b/extensions/bluebubbles/src/channel.runtime.ts @@ -1,6 +1,19 @@ -export { sendBlueBubblesMedia } from "./media-send.js"; -export { resolveBlueBubblesMessageId } from "./monitor.js"; -export { monitorBlueBubblesProvider, resolveWebhookPathFromConfig } from "./monitor.js"; -export { type BlueBubblesProbe, probeBlueBubbles } from "./probe.js"; -export { sendMessageBlueBubbles } from "./send.js"; -export { blueBubblesSetupWizard } from "./setup-surface.js"; +import { sendBlueBubblesMedia as sendBlueBubblesMediaImpl } from "./media-send.js"; +import { + monitorBlueBubblesProvider as monitorBlueBubblesProviderImpl, + resolveBlueBubblesMessageId as resolveBlueBubblesMessageIdImpl, + resolveWebhookPathFromConfig as resolveWebhookPathFromConfigImpl, +} from "./monitor.js"; +import { probeBlueBubbles as probeBlueBubblesImpl } from "./probe.js"; +import { sendMessageBlueBubbles as sendMessageBlueBubblesImpl } from "./send.js"; + +export type { BlueBubblesProbe } from "./probe.js"; + +export const blueBubblesChannelRuntime = { + sendBlueBubblesMedia: sendBlueBubblesMediaImpl, + resolveBlueBubblesMessageId: resolveBlueBubblesMessageIdImpl, + monitorBlueBubblesProvider: monitorBlueBubblesProviderImpl, + resolveWebhookPathFromConfig: resolveWebhookPathFromConfigImpl, + probeBlueBubbles: probeBlueBubblesImpl, + sendMessageBlueBubbles: sendMessageBlueBubblesImpl, +}; diff --git a/extensions/bluebubbles/src/channel.ts b/extensions/bluebubbles/src/channel.ts index 2fe2fc3f3fb..9d9e49e74ab 100644 --- a/extensions/bluebubbles/src/channel.ts +++ b/extensions/bluebubbles/src/channel.ts @@ -1,3 +1,4 @@ +import { formatNormalizedAllowFromEntries } from "openclaw/plugin-sdk/allow-from"; import type { ChannelAccountSnapshot, ChannelPlugin } from "openclaw/plugin-sdk/bluebubbles"; import { buildChannelConfigSchema, @@ -11,13 +12,13 @@ import { resolveBlueBubblesGroupToolPolicy, setAccountEnabledInConfigSection, } from "openclaw/plugin-sdk/bluebubbles"; +import { mapAllowFromEntries } from "openclaw/plugin-sdk/channel-config-helpers"; +import { createAccountStatusSink } from "openclaw/plugin-sdk/channel-lifecycle"; import { buildAccountScopedDmSecurityPolicy, collectOpenGroupPolicyRestrictSendersWarnings, - createAccountStatusSink, - formatNormalizedAllowFromEntries, - mapAllowFromEntries, -} from "openclaw/plugin-sdk/compat"; +} from "openclaw/plugin-sdk/channel-policy"; +import { createLazyRuntimeNamedExport } from "openclaw/plugin-sdk/lazy-runtime"; import { listBlueBubblesAccountIds, type ResolvedBlueBubblesAccount, @@ -37,12 +38,10 @@ import { parseBlueBubblesTarget, } from "./targets.js"; -let blueBubblesChannelRuntimePromise: Promise | null = null; - -function loadBlueBubblesChannelRuntime() { - blueBubblesChannelRuntimePromise ??= import("./channel.runtime.js"); - return blueBubblesChannelRuntimePromise; -} +const loadBlueBubblesChannelRuntime = createLazyRuntimeNamedExport( + () => import("./channel.runtime.js"), + "blueBubblesChannelRuntime", +); const meta = { id: "bluebubbles", diff --git a/extensions/bluebubbles/src/config-schema.ts b/extensions/bluebubbles/src/config-schema.ts index 76fe4523f16..da66869708e 100644 --- a/extensions/bluebubbles/src/config-schema.ts +++ b/extensions/bluebubbles/src/config-schema.ts @@ -4,7 +4,7 @@ import { buildCatchallMultiAccountChannelSchema, DmPolicySchema, GroupPolicySchema, -} from "openclaw/plugin-sdk/compat"; +} from "openclaw/plugin-sdk/channel-config-schema"; import { z } from "zod"; import { buildSecretInputSchema, hasConfiguredSecretInput } from "./secret-input.js"; diff --git a/extensions/bluebubbles/src/monitor.test.ts b/extensions/bluebubbles/src/monitor.test.ts index 1ba2e27f0b6..17467465d82 100644 --- a/extensions/bluebubbles/src/monitor.test.ts +++ b/extensions/bluebubbles/src/monitor.test.ts @@ -2,7 +2,7 @@ import { EventEmitter } from "node:events"; import type { IncomingMessage, ServerResponse } from "node:http"; import type { OpenClawConfig, PluginRuntime } from "openclaw/plugin-sdk/bluebubbles"; import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; -import { createPluginRuntimeMock } from "../../test-utils/plugin-runtime-mock.js"; +import { createPluginRuntimeMock } from "../../../test/helpers/extensions/plugin-runtime-mock.js"; import type { ResolvedBlueBubblesAccount } from "./accounts.js"; import { fetchBlueBubblesHistory } from "./history.js"; import { resetBlueBubblesSelfChatCache } from "./monitor-self-chat-cache.js"; diff --git a/extensions/bluebubbles/src/monitor.webhook-auth.test.ts b/extensions/bluebubbles/src/monitor.webhook-auth.test.ts index f6826ac510b..8d98b0c45eb 100644 --- a/extensions/bluebubbles/src/monitor.webhook-auth.test.ts +++ b/extensions/bluebubbles/src/monitor.webhook-auth.test.ts @@ -2,7 +2,7 @@ import { EventEmitter } from "node:events"; import type { IncomingMessage, ServerResponse } from "node:http"; import type { OpenClawConfig, PluginRuntime } from "openclaw/plugin-sdk/bluebubbles"; import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; -import { createPluginRuntimeMock } from "../../test-utils/plugin-runtime-mock.js"; +import { createPluginRuntimeMock } from "../../../test/helpers/extensions/plugin-runtime-mock.js"; import type { ResolvedBlueBubblesAccount } from "./accounts.js"; import { fetchBlueBubblesHistory } from "./history.js"; import { diff --git a/extensions/bluebubbles/src/runtime.ts b/extensions/bluebubbles/src/runtime.ts index ee91445d69b..eae7bb24a29 100644 --- a/extensions/bluebubbles/src/runtime.ts +++ b/extensions/bluebubbles/src/runtime.ts @@ -1,5 +1,5 @@ import type { PluginRuntime } from "openclaw/plugin-sdk/bluebubbles"; -import { createPluginRuntimeStore } from "openclaw/plugin-sdk/compat"; +import { createPluginRuntimeStore } from "openclaw/plugin-sdk/runtime-store"; const runtimeStore = createPluginRuntimeStore("BlueBubbles runtime not initialized"); type LegacyRuntimeLogShape = { log?: (message: string) => void }; diff --git a/extensions/bluebubbles/src/setup-core.ts b/extensions/bluebubbles/src/setup-core.ts index 83a079dbaab..a8d3261b7ff 100644 --- a/extensions/bluebubbles/src/setup-core.ts +++ b/extensions/bluebubbles/src/setup-core.ts @@ -1,13 +1,12 @@ import { - applyAccountNameToChannelSection, - migrateBaseNameToDefaultAccount, + normalizeAccountId, patchScopedAccountConfig, -} from "../../../src/channels/plugins/setup-helpers.js"; -import { setTopLevelChannelDmPolicyWithAllowFrom } from "../../../src/channels/plugins/setup-wizard-helpers.js"; -import type { ChannelSetupAdapter } from "../../../src/channels/plugins/types.adapters.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import type { DmPolicy } from "../../../src/config/types.js"; -import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js"; + prepareScopedSetupConfig, + setTopLevelChannelDmPolicyWithAllowFrom, + type ChannelSetupAdapter, + type DmPolicy, + type OpenClawConfig, +} from "openclaw/plugin-sdk/setup"; import { applyBlueBubblesConnectionConfig } from "./config-apply.js"; const channel = "bluebubbles" as const; @@ -38,7 +37,7 @@ export function setBlueBubblesAllowFrom( export const blueBubblesSetupAdapter: ChannelSetupAdapter = { resolveAccountId: ({ accountId }) => normalizeAccountId(accountId), applyAccountName: ({ cfg, accountId, name }) => - applyAccountNameToChannelSection({ + prepareScopedSetupConfig({ cfg, channelKey: channel, accountId, @@ -57,19 +56,13 @@ export const blueBubblesSetupAdapter: ChannelSetupAdapter = { return null; }, applyAccountConfig: ({ cfg, accountId, input }) => { - const namedConfig = applyAccountNameToChannelSection({ + const next = prepareScopedSetupConfig({ cfg, channelKey: channel, accountId, name: input.name, + migrateBaseName: true, }); - const next = - accountId !== DEFAULT_ACCOUNT_ID - ? migrateBaseNameToDefaultAccount({ - cfg: namedConfig, - channelKey: channel, - }) - : namedConfig; return applyBlueBubblesConnectionConfig({ cfg: next, accountId, diff --git a/extensions/bluebubbles/src/setup-surface.ts b/extensions/bluebubbles/src/setup-surface.ts index 1a138b8e73d..f6922ed4861 100644 --- a/extensions/bluebubbles/src/setup-surface.ts +++ b/extensions/bluebubbles/src/setup-surface.ts @@ -1,14 +1,14 @@ import { + DEFAULT_ACCOUNT_ID, + formatDocsLink, mergeAllowFromEntries, resolveSetupAccountId, -} from "../../../src/channels/plugins/setup-wizard-helpers.js"; -import type { ChannelSetupDmPolicy } from "../../../src/channels/plugins/setup-wizard-types.js"; -import type { ChannelSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import type { DmPolicy } from "../../../src/config/types.js"; -import { DEFAULT_ACCOUNT_ID } from "../../../src/routing/session-key.js"; -import { formatDocsLink } from "../../../src/terminal/links.js"; -import type { WizardPrompter } from "../../../src/wizard/prompts.js"; + type ChannelSetupDmPolicy, + type ChannelSetupWizard, + type DmPolicy, + type OpenClawConfig, + type WizardPrompter, +} from "openclaw/plugin-sdk/setup"; import { listBlueBubblesAccountIds, resolveBlueBubblesAccount, diff --git a/extensions/brave/index.ts b/extensions/brave/index.ts index 1150dec5d80..1692f2db03f 100644 --- a/extensions/brave/index.ts +++ b/extensions/brave/index.ts @@ -1,17 +1,15 @@ +import { definePluginEntry } from "openclaw/plugin-sdk/core"; import { createPluginBackedWebSearchProvider, getTopLevelCredentialValue, setTopLevelCredentialValue, -} from "../../src/agents/tools/web-search-plugin-factory.js"; -import { emptyPluginConfigSchema } from "../../src/plugins/config-schema.js"; -import type { OpenClawPluginApi } from "../../src/plugins/types.js"; +} from "openclaw/plugin-sdk/provider-web-search"; -const bravePlugin = { +export default definePluginEntry({ id: "brave", name: "Brave Plugin", description: "Bundled Brave plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerWebSearchProvider( createPluginBackedWebSearchProvider({ id: "brave", @@ -27,6 +25,4 @@ const bravePlugin = { }), ); }, -}; - -export default bravePlugin; +}); diff --git a/extensions/byteplus/index.ts b/extensions/byteplus/index.ts index d32263014c6..a89cc87f531 100644 --- a/extensions/byteplus/index.ts +++ b/extensions/byteplus/index.ts @@ -1,20 +1,16 @@ -import { emptyPluginConfigSchema, type OpenClawPluginApi } from "openclaw/plugin-sdk/core"; -import { - buildBytePlusCodingProvider, - buildBytePlusProvider, -} from "../../src/agents/models-config.providers.static.js"; -import { ensureModelAllowlistEntry } from "../../src/commands/model-allowlist.js"; -import { createProviderApiKeyAuthMethod } from "../../src/plugins/provider-api-key-auth.js"; +import { definePluginEntry } from "openclaw/plugin-sdk/core"; +import { createProviderApiKeyAuthMethod } from "openclaw/plugin-sdk/provider-auth"; +import { ensureModelAllowlistEntry } from "openclaw/plugin-sdk/provider-onboard"; +import { buildBytePlusCodingProvider, buildBytePlusProvider } from "./provider-catalog.js"; const PROVIDER_ID = "byteplus"; const BYTEPLUS_DEFAULT_MODEL_REF = "byteplus-plan/ark-code-latest"; -const byteplusPlugin = { +export default definePluginEntry({ id: PROVIDER_ID, name: "BytePlus Provider", description: "Bundled BytePlus provider plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerProvider({ id: PROVIDER_ID, label: "BytePlus", @@ -63,6 +59,4 @@ const byteplusPlugin = { }, }); }, -}; - -export default byteplusPlugin; +}); diff --git a/extensions/byteplus/provider-catalog.ts b/extensions/byteplus/provider-catalog.ts new file mode 100644 index 00000000000..bcb5b153d20 --- /dev/null +++ b/extensions/byteplus/provider-catalog.ts @@ -0,0 +1,24 @@ +import { + buildBytePlusModelDefinition, + BYTEPLUS_BASE_URL, + BYTEPLUS_CODING_BASE_URL, + BYTEPLUS_CODING_MODEL_CATALOG, + BYTEPLUS_MODEL_CATALOG, + type ModelProviderConfig, +} from "openclaw/plugin-sdk/provider-models"; + +export function buildBytePlusProvider(): ModelProviderConfig { + return { + baseUrl: BYTEPLUS_BASE_URL, + api: "openai-completions", + models: BYTEPLUS_MODEL_CATALOG.map(buildBytePlusModelDefinition), + }; +} + +export function buildBytePlusCodingProvider(): ModelProviderConfig { + return { + baseUrl: BYTEPLUS_CODING_BASE_URL, + api: "openai-completions", + models: BYTEPLUS_CODING_MODEL_CATALOG.map(buildBytePlusModelDefinition), + }; +} diff --git a/extensions/chutes/index.ts b/extensions/chutes/index.ts new file mode 100644 index 00000000000..a61cd4ec93f --- /dev/null +++ b/extensions/chutes/index.ts @@ -0,0 +1,184 @@ +import { definePluginEntry } from "openclaw/plugin-sdk/core"; +import { + buildOauthProviderAuthResult, + createProviderApiKeyAuthMethod, + loginChutes, + resolveOAuthApiKeyMarker, + type ProviderAuthContext, + type ProviderAuthResult, +} from "openclaw/plugin-sdk/provider-auth"; +import { + CHUTES_DEFAULT_MODEL_REF, + applyChutesApiKeyConfig, + applyChutesProviderConfig, +} from "./onboard.js"; +import { buildChutesProvider } from "./provider-catalog.js"; + +const PROVIDER_ID = "chutes"; + +async function runChutesOAuth(ctx: ProviderAuthContext): Promise { + const isRemote = ctx.isRemote; + const redirectUri = + process.env.CHUTES_OAUTH_REDIRECT_URI?.trim() || "http://127.0.0.1:1456/oauth-callback"; + const scopes = process.env.CHUTES_OAUTH_SCOPES?.trim() || "openid profile chutes:invoke"; + const clientId = + process.env.CHUTES_CLIENT_ID?.trim() || + String( + await ctx.prompter.text({ + message: "Enter Chutes OAuth client id", + placeholder: "cid_xxx", + validate: (value: string) => (value?.trim() ? undefined : "Required"), + }), + ).trim(); + const clientSecret = process.env.CHUTES_CLIENT_SECRET?.trim() || undefined; + + await ctx.prompter.note( + isRemote + ? [ + "You are running in a remote/VPS environment.", + "A URL will be shown for you to open in your LOCAL browser.", + "After signing in, paste the redirect URL back here.", + "", + `Redirect URI: ${redirectUri}`, + ].join("\n") + : [ + "Browser will open for Chutes authentication.", + "If the callback doesn't auto-complete, paste the redirect URL.", + "", + `Redirect URI: ${redirectUri}`, + ].join("\n"), + "Chutes OAuth", + ); + + const progress = ctx.prompter.progress("Starting Chutes OAuth…"); + try { + const { onAuth, onPrompt } = ctx.oauth.createVpsAwareHandlers({ + isRemote, + prompter: ctx.prompter, + runtime: ctx.runtime, + spin: progress, + openUrl: ctx.openUrl, + localBrowserMessage: "Complete sign-in in browser…", + }); + + const creds = await loginChutes({ + app: { + clientId, + clientSecret, + redirectUri, + scopes: scopes.split(/\s+/).filter(Boolean), + }, + manual: isRemote, + onAuth, + onPrompt, + onProgress: (message) => progress.update(message), + }); + + progress.stop("Chutes OAuth complete"); + + return buildOauthProviderAuthResult({ + providerId: PROVIDER_ID, + defaultModel: CHUTES_DEFAULT_MODEL_REF, + access: creds.access, + refresh: creds.refresh, + expires: creds.expires, + email: typeof creds.email === "string" ? creds.email : undefined, + credentialExtra: { + clientId, + ...("accountId" in creds && typeof creds.accountId === "string" + ? { accountId: creds.accountId } + : {}), + }, + configPatch: applyChutesProviderConfig({}), + notes: [ + "Chutes OAuth tokens auto-refresh. Re-run login if refresh fails or access is revoked.", + `Redirect URI: ${redirectUri}`, + ], + }); + } catch (err) { + progress.stop("Chutes OAuth failed"); + await ctx.prompter.note( + [ + "Trouble with OAuth?", + "Verify CHUTES_CLIENT_ID (and CHUTES_CLIENT_SECRET if required).", + `Verify the OAuth app redirect URI includes: ${redirectUri}`, + "Chutes docs: https://chutes.ai/docs/sign-in-with-chutes/overview", + ].join("\n"), + "OAuth help", + ); + throw err; + } +} + +export default definePluginEntry({ + id: PROVIDER_ID, + name: "Chutes Provider", + description: "Bundled Chutes.ai provider plugin", + register(api) { + api.registerProvider({ + id: PROVIDER_ID, + label: "Chutes", + docsPath: "/providers/chutes", + envVars: ["CHUTES_API_KEY", "CHUTES_OAUTH_TOKEN"], + auth: [ + { + id: "oauth", + label: "Chutes OAuth", + hint: "Browser sign-in", + kind: "oauth", + wizard: { + choiceId: "chutes", + choiceLabel: "Chutes (OAuth)", + choiceHint: "Browser sign-in", + groupId: "chutes", + groupLabel: "Chutes", + groupHint: "OAuth + API key", + }, + run: async (ctx) => await runChutesOAuth(ctx), + }, + createProviderApiKeyAuthMethod({ + providerId: PROVIDER_ID, + methodId: "api-key", + label: "Chutes API key", + hint: "Open-source models including Llama, DeepSeek, and more", + optionKey: "chutesApiKey", + flagName: "--chutes-api-key", + envVar: "CHUTES_API_KEY", + promptMessage: "Enter Chutes API key", + noteTitle: "Chutes", + noteMessage: [ + "Chutes provides access to leading open-source models including Llama, DeepSeek, and more.", + "Get your API key at: https://chutes.ai/settings/api-keys", + ].join("\n"), + defaultModel: CHUTES_DEFAULT_MODEL_REF, + expectedProviders: ["chutes"], + applyConfig: (cfg) => applyChutesApiKeyConfig(cfg), + wizard: { + choiceId: "chutes-api-key", + choiceLabel: "Chutes API key", + groupId: "chutes", + groupLabel: "Chutes", + groupHint: "OAuth + API key", + }, + }), + ], + catalog: { + order: "profile", + run: async (ctx) => { + const { apiKey, discoveryApiKey } = ctx.resolveProviderAuth(PROVIDER_ID, { + oauthMarker: resolveOAuthApiKeyMarker(PROVIDER_ID), + }); + if (!apiKey) { + return null; + } + return { + provider: { + ...(await buildChutesProvider(discoveryApiKey)), + apiKey, + }, + }; + }, + }, + }); + }, +}); diff --git a/extensions/chutes/onboard.ts b/extensions/chutes/onboard.ts new file mode 100644 index 00000000000..f51914c3ca8 --- /dev/null +++ b/extensions/chutes/onboard.ts @@ -0,0 +1,67 @@ +import { + CHUTES_BASE_URL, + CHUTES_DEFAULT_MODEL_REF, + CHUTES_MODEL_CATALOG, + buildChutesModelDefinition, +} from "openclaw/plugin-sdk/provider-models"; +import { + applyAgentDefaultModelPrimary, + applyProviderConfigWithModelCatalog, + type OpenClawConfig, +} from "openclaw/plugin-sdk/provider-onboard"; + +export { CHUTES_DEFAULT_MODEL_REF }; + +/** + * Apply Chutes provider configuration without changing the default model. + * Registers all catalog models and sets provider aliases (chutes-fast, etc.). + */ +export function applyChutesProviderConfig(cfg: OpenClawConfig): OpenClawConfig { + const models = { ...cfg.agents?.defaults?.models }; + for (const m of CHUTES_MODEL_CATALOG) { + models[`chutes/${m.id}`] = { + ...models[`chutes/${m.id}`], + }; + } + + models["chutes-fast"] = { alias: "chutes/zai-org/GLM-4.7-FP8" }; + models["chutes-vision"] = { alias: "chutes/chutesai/Mistral-Small-3.2-24B-Instruct-2506" }; + models["chutes-pro"] = { alias: "chutes/deepseek-ai/DeepSeek-V3.2-TEE" }; + + const chutesModels = CHUTES_MODEL_CATALOG.map(buildChutesModelDefinition); + return applyProviderConfigWithModelCatalog(cfg, { + agentModels: models, + providerId: "chutes", + api: "openai-completions", + baseUrl: CHUTES_BASE_URL, + catalogModels: chutesModels, + }); +} + +/** + * Apply Chutes provider configuration AND set Chutes as the default model. + */ +export function applyChutesConfig(cfg: OpenClawConfig): OpenClawConfig { + const next = applyChutesProviderConfig(cfg); + return { + ...next, + agents: { + ...next.agents, + defaults: { + ...next.agents?.defaults, + model: { + primary: CHUTES_DEFAULT_MODEL_REF, + fallbacks: ["chutes/deepseek-ai/DeepSeek-V3.2-TEE", "chutes/Qwen/Qwen3-32B"], + }, + imageModel: { + primary: "chutes/chutesai/Mistral-Small-3.2-24B-Instruct-2506", + fallbacks: ["chutes/chutesai/Mistral-Small-3.1-24B-Instruct-2503"], + }, + }, + }, + }; +} + +export function applyChutesApiKeyConfig(cfg: OpenClawConfig): OpenClawConfig { + return applyAgentDefaultModelPrimary(applyChutesProviderConfig(cfg), CHUTES_DEFAULT_MODEL_REF); +} diff --git a/extensions/chutes/openclaw.plugin.json b/extensions/chutes/openclaw.plugin.json new file mode 100644 index 00000000000..26174f31b3a --- /dev/null +++ b/extensions/chutes/openclaw.plugin.json @@ -0,0 +1,39 @@ +{ + "id": "chutes", + "enabledByDefault": true, + "providers": ["chutes"], + "providerAuthEnvVars": { + "chutes": ["CHUTES_API_KEY", "CHUTES_OAUTH_TOKEN"] + }, + "providerAuthChoices": [ + { + "provider": "chutes", + "method": "oauth", + "choiceId": "chutes", + "choiceLabel": "Chutes (OAuth)", + "choiceHint": "Browser sign-in", + "groupId": "chutes", + "groupLabel": "Chutes", + "groupHint": "OAuth + API key" + }, + { + "provider": "chutes", + "method": "api-key", + "choiceId": "chutes-api-key", + "choiceLabel": "Chutes API key", + "choiceHint": "Open-source models including Llama, DeepSeek, and more", + "groupId": "chutes", + "groupLabel": "Chutes", + "groupHint": "OAuth + API key", + "optionKey": "chutesApiKey", + "cliFlag": "--chutes-api-key", + "cliOption": "--chutes-api-key ", + "cliDescription": "Chutes API key" + } + ], + "configSchema": { + "type": "object", + "additionalProperties": false, + "properties": {} + } +} diff --git a/extensions/chutes/package.json b/extensions/chutes/package.json new file mode 100644 index 00000000000..be860172a27 --- /dev/null +++ b/extensions/chutes/package.json @@ -0,0 +1,12 @@ +{ + "name": "@openclaw/chutes-provider", + "version": "2026.3.17", + "private": true, + "description": "OpenClaw Chutes.ai provider plugin", + "type": "module", + "openclaw": { + "extensions": [ + "./index.ts" + ] + } +} diff --git a/extensions/chutes/provider-catalog.ts b/extensions/chutes/provider-catalog.ts new file mode 100644 index 00000000000..1467f405dde --- /dev/null +++ b/extensions/chutes/provider-catalog.ts @@ -0,0 +1,21 @@ +import { + CHUTES_BASE_URL, + CHUTES_MODEL_CATALOG, + buildChutesModelDefinition, + discoverChutesModels, + type ModelProviderConfig, +} from "openclaw/plugin-sdk/provider-models"; + +/** + * Build the Chutes provider with dynamic model discovery. + * Falls back to the static catalog on failure. + * Accepts an optional access token (API key or OAuth access token) for authenticated discovery. + */ +export async function buildChutesProvider(accessToken?: string): Promise { + const models = await discoverChutesModels(accessToken); + return { + baseUrl: CHUTES_BASE_URL, + api: "openai-completions", + models: models.length > 0 ? models : CHUTES_MODEL_CATALOG.map(buildChutesModelDefinition), + }; +} diff --git a/extensions/cloudflare-ai-gateway/index.ts b/extensions/cloudflare-ai-gateway/index.ts index ddc0bd7405a..a0307d9d524 100644 --- a/extensions/cloudflare-ai-gateway/index.ts +++ b/extensions/cloudflare-ai-gateway/index.ts @@ -1,25 +1,27 @@ -import { emptyPluginConfigSchema, type OpenClawPluginApi } from "openclaw/plugin-sdk/core"; -import { upsertAuthProfile } from "../../src/agents/auth-profiles.js"; -import { ensureAuthProfileStore, listProfilesForProvider } from "../../src/agents/auth-profiles.js"; +import { definePluginEntry } from "openclaw/plugin-sdk/core"; +import { + applyAuthProfileConfig, + buildApiKeyCredential, + coerceSecretRef, + ensureApiKeyFromOptionEnvOrPrompt, + ensureAuthProfileStore, + listProfilesForProvider, + normalizeApiKeyInput, + normalizeOptionalSecretInput, + resolveNonEnvSecretRefApiKeyMarker, + type SecretInput, + upsertAuthProfile, + validateApiKeyInput, +} from "openclaw/plugin-sdk/provider-auth"; import { buildCloudflareAiGatewayModelDefinition, resolveCloudflareAiGatewayBaseUrl, -} from "../../src/agents/cloudflare-ai-gateway.js"; -import { resolveNonEnvSecretRefApiKeyMarker } from "../../src/agents/model-auth-markers.js"; -import { - normalizeApiKeyInput, - validateApiKeyInput, -} from "../../src/commands/auth-choice.api-key.js"; -import { ensureApiKeyFromOptionEnvOrPrompt } from "../../src/commands/auth-choice.apply-helpers.js"; -import { buildApiKeyCredential } from "../../src/commands/onboard-auth.credentials.js"; +} from "openclaw/plugin-sdk/provider-models"; import { applyCloudflareAiGatewayConfig, - applyAuthProfileConfig, + buildCloudflareAiGatewayConfigPatch, CLOUDFLARE_AI_GATEWAY_DEFAULT_MODEL_REF, -} from "../../src/commands/onboard-auth.js"; -import type { SecretInput } from "../../src/config/types.secrets.js"; -import { coerceSecretRef } from "../../src/config/types.secrets.js"; -import { normalizeOptionalSecretInput } from "../../src/utils/normalize-secret-input.js"; +} from "./onboard.js"; const PROVIDER_ID = "cloudflare-ai-gateway"; const PROVIDER_ENV_VAR = "CLOUDFLARE_AI_GATEWAY_API_KEY"; @@ -53,30 +55,6 @@ function resolveMetadataFromCredential( }; } -function buildCloudflareConfigPatch(params: { accountId: string; gatewayId: string }) { - const baseUrl = resolveCloudflareAiGatewayBaseUrl(params); - return { - models: { - providers: { - [PROVIDER_ID]: { - baseUrl, - api: "anthropic-messages" as const, - models: [buildCloudflareAiGatewayModelDefinition()], - }, - }, - }, - agents: { - defaults: { - models: { - [CLOUDFLARE_AI_GATEWAY_DEFAULT_MODEL_REF]: { - alias: "Cloudflare AI Gateway", - }, - }, - }, - }, - }; -} - async function resolveCloudflareGatewayMetadataInteractive(ctx: { accountId?: string; gatewayId?: string; @@ -106,12 +84,11 @@ async function resolveCloudflareGatewayMetadataInteractive(ctx: { return { accountId, gatewayId }; } -const cloudflareAiGatewayPlugin = { +export default definePluginEntry({ id: PROVIDER_ID, name: "Cloudflare AI Gateway Provider", description: "Bundled Cloudflare AI Gateway provider plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerProvider({ id: PROVIDER_ID, label: "Cloudflare AI Gateway", @@ -180,7 +157,7 @@ const cloudflareAiGatewayPlugin = { ), }, ], - configPatch: buildCloudflareConfigPatch(metadata), + configPatch: buildCloudflareAiGatewayConfigPatch(metadata), defaultModel: CLOUDFLARE_AI_GATEWAY_DEFAULT_MODEL_REF, }; }, @@ -274,6 +251,4 @@ const cloudflareAiGatewayPlugin = { }, }); }, -}; - -export default cloudflareAiGatewayPlugin; +}); diff --git a/extensions/cloudflare-ai-gateway/onboard.ts b/extensions/cloudflare-ai-gateway/onboard.ts new file mode 100644 index 00000000000..5260e1495a8 --- /dev/null +++ b/extensions/cloudflare-ai-gateway/onboard.ts @@ -0,0 +1,93 @@ +import { + buildCloudflareAiGatewayModelDefinition, + CLOUDFLARE_AI_GATEWAY_DEFAULT_MODEL_REF, + resolveCloudflareAiGatewayBaseUrl, +} from "openclaw/plugin-sdk/provider-models"; +import { + applyAgentDefaultModelPrimary, + applyProviderConfigWithDefaultModel, + type OpenClawConfig, +} from "openclaw/plugin-sdk/provider-onboard"; + +export { CLOUDFLARE_AI_GATEWAY_DEFAULT_MODEL_REF }; + +export function buildCloudflareAiGatewayConfigPatch(params: { + accountId: string; + gatewayId: string; +}) { + const baseUrl = resolveCloudflareAiGatewayBaseUrl(params); + return { + models: { + providers: { + "cloudflare-ai-gateway": { + baseUrl, + api: "anthropic-messages" as const, + models: [buildCloudflareAiGatewayModelDefinition()], + }, + }, + }, + agents: { + defaults: { + models: { + [CLOUDFLARE_AI_GATEWAY_DEFAULT_MODEL_REF]: { + alias: "Cloudflare AI Gateway", + }, + }, + }, + }, + }; +} + +export function applyCloudflareAiGatewayProviderConfig( + cfg: OpenClawConfig, + params?: { accountId?: string; gatewayId?: string }, +): OpenClawConfig { + const models = { ...cfg.agents?.defaults?.models }; + models[CLOUDFLARE_AI_GATEWAY_DEFAULT_MODEL_REF] = { + ...models[CLOUDFLARE_AI_GATEWAY_DEFAULT_MODEL_REF], + alias: models[CLOUDFLARE_AI_GATEWAY_DEFAULT_MODEL_REF]?.alias ?? "Cloudflare AI Gateway", + }; + + const existingProvider = cfg.models?.providers?.["cloudflare-ai-gateway"] as + | { baseUrl?: unknown } + | undefined; + const baseUrl = + params?.accountId && params?.gatewayId + ? resolveCloudflareAiGatewayBaseUrl({ + accountId: params.accountId, + gatewayId: params.gatewayId, + }) + : typeof existingProvider?.baseUrl === "string" + ? existingProvider.baseUrl + : undefined; + if (!baseUrl) { + return { + ...cfg, + agents: { + ...cfg.agents, + defaults: { + ...cfg.agents?.defaults, + models, + }, + }, + }; + } + + return applyProviderConfigWithDefaultModel(cfg, { + agentModels: models, + providerId: "cloudflare-ai-gateway", + api: "anthropic-messages", + baseUrl, + defaultModel: buildCloudflareAiGatewayModelDefinition(), + }); +} + +export function applyCloudflareAiGatewayConfig( + cfg: OpenClawConfig, + params?: { accountId?: string; gatewayId?: string }, +): OpenClawConfig { + return applyAgentDefaultModelPrimary( + applyCloudflareAiGatewayProviderConfig(cfg, params), + CLOUDFLARE_AI_GATEWAY_DEFAULT_MODEL_REF, + ); +} diff --git a/extensions/copilot-proxy/index.ts b/extensions/copilot-proxy/index.ts index 2c517d9c26c..cf71710db5c 100644 --- a/extensions/copilot-proxy/index.ts +++ b/extensions/copilot-proxy/index.ts @@ -1,6 +1,5 @@ import { - emptyPluginConfigSchema, - type OpenClawPluginApi, + definePluginEntry, type ProviderAuthContext, type ProviderAuthResult, } from "openclaw/plugin-sdk/copilot-proxy"; @@ -71,12 +70,11 @@ function buildModelDefinition(modelId: string) { }; } -const copilotProxyPlugin = { +export default definePluginEntry({ id: "copilot-proxy", name: "Copilot Proxy", description: "Local Copilot Proxy (VS Code LM) provider plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerProvider({ id: "copilot-proxy", label: "Copilot Proxy", @@ -157,6 +155,4 @@ const copilotProxyPlugin = { }, }); }, -}; - -export default copilotProxyPlugin; +}); diff --git a/extensions/device-pair/api.ts b/extensions/device-pair/api.ts new file mode 100644 index 00000000000..299ad90f05d --- /dev/null +++ b/extensions/device-pair/api.ts @@ -0,0 +1 @@ +export * from "openclaw/plugin-sdk/device-pair"; diff --git a/extensions/device-pair/index.ts b/extensions/device-pair/index.ts index 7ba88842a7a..defd3b5c4c6 100644 --- a/extensions/device-pair/index.ts +++ b/extensions/device-pair/index.ts @@ -1,14 +1,15 @@ import os from "node:os"; -import type { OpenClawPluginApi } from "openclaw/plugin-sdk/device-pair"; +import qrcode from "qrcode-terminal"; import { approveDevicePairing, + definePluginEntry, issueDeviceBootstrapToken, listDevicePairing, resolveGatewayBindUrl, runPluginCommandWithTimeout, resolveTailnetHostWithRunner, -} from "openclaw/plugin-sdk/device-pair"; -import qrcode from "qrcode-terminal"; + type OpenClawPluginApi, +} from "./api.js"; import { armPairNotifyOnce, formatPendingRequests, @@ -325,226 +326,233 @@ function formatSetupInstructions(): string { ].join("\n"); } -export default function register(api: OpenClawPluginApi) { - registerPairingNotifierService(api); +export default definePluginEntry({ + id: "device-pair", + name: "Device Pair", + description: "QR/bootstrap pairing helpers for OpenClaw devices", + register(api: OpenClawPluginApi) { + registerPairingNotifierService(api); - api.registerCommand({ - name: "pair", - description: "Generate setup codes and approve device pairing requests.", - acceptsArgs: true, - handler: async (ctx) => { - const args = ctx.args?.trim() ?? ""; - const tokens = args.split(/\s+/).filter(Boolean); - const action = tokens[0]?.toLowerCase() ?? ""; - api.logger.info?.( - `device-pair: /pair invoked channel=${ctx.channel} sender=${ctx.senderId ?? "unknown"} action=${ - action || "new" - }`, - ); + api.registerCommand({ + name: "pair", + description: "Generate setup codes and approve device pairing requests.", + acceptsArgs: true, + handler: async (ctx) => { + const args = ctx.args?.trim() ?? ""; + const tokens = args.split(/\s+/).filter(Boolean); + const action = tokens[0]?.toLowerCase() ?? ""; + api.logger.info?.( + `device-pair: /pair invoked channel=${ctx.channel} sender=${ctx.senderId ?? "unknown"} action=${ + action || "new" + }`, + ); - if (action === "status" || action === "pending") { - const list = await listDevicePairing(); - return { text: formatPendingRequests(list.pending) }; - } - - if (action === "notify") { - const notifyAction = tokens[1]?.trim().toLowerCase() ?? "status"; - return await handleNotifyCommand({ - api, - ctx, - action: notifyAction, - }); - } - - if (action === "approve") { - const requested = tokens[1]?.trim(); - const list = await listDevicePairing(); - if (list.pending.length === 0) { - return { text: "No pending device pairing requests." }; + if (action === "status" || action === "pending") { + const list = await listDevicePairing(); + return { text: formatPendingRequests(list.pending) }; } - let pending: (typeof list.pending)[number] | undefined; - if (requested) { - if (requested.toLowerCase() === "latest") { - pending = [...list.pending].toSorted((a, b) => (b.ts ?? 0) - (a.ts ?? 0))[0]; - } else { - pending = list.pending.find((entry) => entry.requestId === requested); + if (action === "notify") { + const notifyAction = tokens[1]?.trim().toLowerCase() ?? "status"; + return await handleNotifyCommand({ + api, + ctx, + action: notifyAction, + }); + } + + if (action === "approve") { + const requested = tokens[1]?.trim(); + const list = await listDevicePairing(); + if (list.pending.length === 0) { + return { text: "No pending device pairing requests." }; } - } else if (list.pending.length === 1) { - pending = list.pending[0]; - } else { + + let pending: (typeof list.pending)[number] | undefined; + if (requested) { + if (requested.toLowerCase() === "latest") { + pending = [...list.pending].toSorted((a, b) => (b.ts ?? 0) - (a.ts ?? 0))[0]; + } else { + pending = list.pending.find((entry) => entry.requestId === requested); + } + } else if (list.pending.length === 1) { + pending = list.pending[0]; + } else { + return { + text: + `${formatPendingRequests(list.pending)}\n\n` + + "Multiple pending requests found. Approve one explicitly:\n" + + "/pair approve \n" + + "Or approve the most recent:\n" + + "/pair approve latest", + }; + } + if (!pending) { + return { text: "Pairing request not found." }; + } + const approved = await approveDevicePairing(pending.requestId); + if (!approved) { + return { text: "Pairing request not found." }; + } + const label = approved.device.displayName?.trim() || approved.device.deviceId; + const platform = approved.device.platform?.trim(); + const platformLabel = platform ? ` (${platform})` : ""; + return { text: `✅ Paired ${label}${platformLabel}.` }; + } + + const authLabelResult = resolveAuthLabel(api.config); + if (authLabelResult.error) { + return { text: `Error: ${authLabelResult.error}` }; + } + + const urlResult = await resolveGatewayUrl(api); + if (!urlResult.url) { + return { text: `Error: ${urlResult.error ?? "Gateway URL unavailable."}` }; + } + + const payload: SetupPayload = { + url: urlResult.url, + bootstrapToken: (await issueDeviceBootstrapToken()).token, + }; + + if (action === "qr") { + const setupCode = encodeSetupCode(payload); + const qrAscii = await renderQrAscii(setupCode); + const authLabel = authLabelResult.label ?? "auth"; + + const channel = ctx.channel; + const target = ctx.senderId?.trim() || ctx.from?.trim() || ctx.to?.trim() || ""; + let autoNotifyArmed = false; + + if (channel === "telegram" && target) { + try { + autoNotifyArmed = await armPairNotifyOnce({ api, ctx }); + } catch (err) { + api.logger.warn?.( + `device-pair: failed to arm one-shot pairing notify (${String( + (err as Error)?.message ?? err, + )})`, + ); + } + } + + if (channel === "telegram" && target) { + try { + const send = api.runtime?.channel?.telegram?.sendMessageTelegram; + if (send) { + await send( + target, + ["Scan this QR code with the OpenClaw iOS app:", "", "```", qrAscii, "```"].join( + "\n", + ), + { + ...(ctx.messageThreadId != null + ? { messageThreadId: ctx.messageThreadId } + : {}), + ...(ctx.accountId ? { accountId: ctx.accountId } : {}), + }, + ); + return { + text: [ + `Gateway: ${payload.url}`, + `Auth: ${authLabel}`, + "", + autoNotifyArmed + ? "After scanning, wait here for the pairing request ping." + : "After scanning, come back here and run `/pair approve` to complete pairing.", + ...(autoNotifyArmed + ? [ + "I’ll auto-ping here when the pairing request arrives, then auto-disable.", + "If the ping does not arrive, run `/pair approve latest` manually.", + ] + : []), + ].join("\n"), + }; + } + } catch (err) { + api.logger.warn?.( + `device-pair: telegram QR send failed, falling back (${String( + (err as Error)?.message ?? err, + )})`, + ); + } + } + + // Render based on channel capability + api.logger.info?.(`device-pair: QR fallback channel=${channel} target=${target}`); + const infoLines = [ + `Gateway: ${payload.url}`, + `Auth: ${authLabel}`, + "", + autoNotifyArmed + ? "After scanning, wait here for the pairing request ping." + : "After scanning, run `/pair approve` to complete pairing.", + ...(autoNotifyArmed + ? [ + "I’ll auto-ping here when the pairing request arrives, then auto-disable.", + "If the ping does not arrive, run `/pair approve latest` manually.", + ] + : []), + ]; + + // WebUI + CLI/TUI: ASCII QR return { - text: - `${formatPendingRequests(list.pending)}\n\n` + - "Multiple pending requests found. Approve one explicitly:\n" + - "/pair approve \n" + - "Or approve the most recent:\n" + - "/pair approve latest", + text: [ + "Scan this QR code with the OpenClaw iOS app:", + "", + "```", + qrAscii, + "```", + "", + ...infoLines, + ].join("\n"), }; } - if (!pending) { - return { text: "Pairing request not found." }; - } - const approved = await approveDevicePairing(pending.requestId); - if (!approved) { - return { text: "Pairing request not found." }; - } - const label = approved.device.displayName?.trim() || approved.device.deviceId; - const platform = approved.device.platform?.trim(); - const platformLabel = platform ? ` (${platform})` : ""; - return { text: `✅ Paired ${label}${platformLabel}.` }; - } - - const authLabelResult = resolveAuthLabel(api.config); - if (authLabelResult.error) { - return { text: `Error: ${authLabelResult.error}` }; - } - - const urlResult = await resolveGatewayUrl(api); - if (!urlResult.url) { - return { text: `Error: ${urlResult.error ?? "Gateway URL unavailable."}` }; - } - - const payload: SetupPayload = { - url: urlResult.url, - bootstrapToken: (await issueDeviceBootstrapToken()).token, - }; - - if (action === "qr") { - const setupCode = encodeSetupCode(payload); - const qrAscii = await renderQrAscii(setupCode); - const authLabel = authLabelResult.label ?? "auth"; const channel = ctx.channel; const target = ctx.senderId?.trim() || ctx.from?.trim() || ctx.to?.trim() || ""; - let autoNotifyArmed = false; + const authLabel = authLabelResult.label ?? "auth"; if (channel === "telegram" && target) { try { - autoNotifyArmed = await armPairNotifyOnce({ api, ctx }); - } catch (err) { - api.logger.warn?.( - `device-pair: failed to arm one-shot pairing notify (${String( - (err as Error)?.message ?? err, - )})`, + const runtimeKeys = Object.keys(api.runtime ?? {}); + const channelKeys = Object.keys(api.runtime?.channel ?? {}); + api.logger.debug?.( + `device-pair: runtime keys=${runtimeKeys.join(",") || "none"} channel keys=${ + channelKeys.join(",") || "none" + }`, ); - } - } - - if (channel === "telegram" && target) { - try { const send = api.runtime?.channel?.telegram?.sendMessageTelegram; - if (send) { - await send( - target, - ["Scan this QR code with the OpenClaw iOS app:", "", "```", qrAscii, "```"].join( - "\n", - ), - { - ...(ctx.messageThreadId != null ? { messageThreadId: ctx.messageThreadId } : {}), - ...(ctx.accountId ? { accountId: ctx.accountId } : {}), - }, + if (!send) { + throw new Error( + `telegram runtime unavailable (runtime keys: ${runtimeKeys.join(",")}; channel keys: ${channelKeys.join( + ",", + )})`, ); - return { - text: [ - `Gateway: ${payload.url}`, - `Auth: ${authLabel}`, - "", - autoNotifyArmed - ? "After scanning, wait here for the pairing request ping." - : "After scanning, come back here and run `/pair approve` to complete pairing.", - ...(autoNotifyArmed - ? [ - "I’ll auto-ping here when the pairing request arrives, then auto-disable.", - "If the ping does not arrive, run `/pair approve latest` manually.", - ] - : []), - ].join("\n"), - }; } + await send(target, formatSetupInstructions(), { + ...(ctx.messageThreadId != null ? { messageThreadId: ctx.messageThreadId } : {}), + ...(ctx.accountId ? { accountId: ctx.accountId } : {}), + }); + api.logger.info?.( + `device-pair: telegram split send ok target=${target} account=${ctx.accountId ?? "none"} thread=${ + ctx.messageThreadId ?? "none" + }`, + ); + return { text: encodeSetupCode(payload) }; } catch (err) { api.logger.warn?.( - `device-pair: telegram QR send failed, falling back (${String( + `device-pair: telegram split send failed, falling back to single message (${String( (err as Error)?.message ?? err, )})`, ); } } - // Render based on channel capability - api.logger.info?.(`device-pair: QR fallback channel=${channel} target=${target}`); - const infoLines = [ - `Gateway: ${payload.url}`, - `Auth: ${authLabel}`, - "", - autoNotifyArmed - ? "After scanning, wait here for the pairing request ping." - : "After scanning, run `/pair approve` to complete pairing.", - ...(autoNotifyArmed - ? [ - "I’ll auto-ping here when the pairing request arrives, then auto-disable.", - "If the ping does not arrive, run `/pair approve latest` manually.", - ] - : []), - ]; - - // WebUI + CLI/TUI: ASCII QR return { - text: [ - "Scan this QR code with the OpenClaw iOS app:", - "", - "```", - qrAscii, - "```", - "", - ...infoLines, - ].join("\n"), + text: formatSetupReply(payload, authLabel), }; - } - - const channel = ctx.channel; - const target = ctx.senderId?.trim() || ctx.from?.trim() || ctx.to?.trim() || ""; - const authLabel = authLabelResult.label ?? "auth"; - - if (channel === "telegram" && target) { - try { - const runtimeKeys = Object.keys(api.runtime ?? {}); - const channelKeys = Object.keys(api.runtime?.channel ?? {}); - api.logger.debug?.( - `device-pair: runtime keys=${runtimeKeys.join(",") || "none"} channel keys=${ - channelKeys.join(",") || "none" - }`, - ); - const send = api.runtime?.channel?.telegram?.sendMessageTelegram; - if (!send) { - throw new Error( - `telegram runtime unavailable (runtime keys: ${runtimeKeys.join(",")}; channel keys: ${channelKeys.join( - ",", - )})`, - ); - } - await send(target, formatSetupInstructions(), { - ...(ctx.messageThreadId != null ? { messageThreadId: ctx.messageThreadId } : {}), - ...(ctx.accountId ? { accountId: ctx.accountId } : {}), - }); - api.logger.info?.( - `device-pair: telegram split send ok target=${target} account=${ctx.accountId ?? "none"} thread=${ - ctx.messageThreadId ?? "none" - }`, - ); - return { text: encodeSetupCode(payload) }; - } catch (err) { - api.logger.warn?.( - `device-pair: telegram split send failed, falling back to single message (${String( - (err as Error)?.message ?? err, - )})`, - ); - } - } - - return { - text: formatSetupReply(payload, authLabel), - }; - }, - }); -} + }, + }); + }, +}); diff --git a/extensions/device-pair/notify.ts b/extensions/device-pair/notify.ts index 3ef3005cf73..ba45e856372 100644 --- a/extensions/device-pair/notify.ts +++ b/extensions/device-pair/notify.ts @@ -1,7 +1,7 @@ import { promises as fs } from "node:fs"; import path from "node:path"; -import type { OpenClawPluginApi } from "openclaw/plugin-sdk/device-pair"; -import { listDevicePairing } from "openclaw/plugin-sdk/device-pair"; +import type { OpenClawPluginApi } from "./api.js"; +import { listDevicePairing } from "./api.js"; const NOTIFY_STATE_FILE = "device-pair-notify.json"; const NOTIFY_POLL_INTERVAL_MS = 10_000; diff --git a/extensions/diagnostics-otel/api.ts b/extensions/diagnostics-otel/api.ts new file mode 100644 index 00000000000..01d7aed8989 --- /dev/null +++ b/extensions/diagnostics-otel/api.ts @@ -0,0 +1 @@ +export * from "openclaw/plugin-sdk/diagnostics-otel"; diff --git a/extensions/diagnostics-otel/index.ts b/extensions/diagnostics-otel/index.ts index a6ab6c133b6..15b6aee404e 100644 --- a/extensions/diagnostics-otel/index.ts +++ b/extensions/diagnostics-otel/index.ts @@ -1,15 +1,11 @@ -import type { OpenClawPluginApi } from "openclaw/plugin-sdk/diagnostics-otel"; -import { emptyPluginConfigSchema } from "openclaw/plugin-sdk/diagnostics-otel"; +import { definePluginEntry } from "openclaw/plugin-sdk/core"; import { createDiagnosticsOtelService } from "./src/service.js"; -const plugin = { +export default definePluginEntry({ id: "diagnostics-otel", name: "Diagnostics OpenTelemetry", description: "Export diagnostics events to OpenTelemetry", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerService(createDiagnosticsOtelService()); }, -}; - -export default plugin; +}); diff --git a/extensions/diagnostics-otel/src/service.test.ts b/extensions/diagnostics-otel/src/service.test.ts index d310b227be3..c8d08d07f1b 100644 --- a/extensions/diagnostics-otel/src/service.test.ts +++ b/extensions/diagnostics-otel/src/service.test.ts @@ -98,18 +98,16 @@ vi.mock("@opentelemetry/semantic-conventions", () => ({ ATTR_SERVICE_NAME: "service.name", })); -vi.mock("openclaw/plugin-sdk/diagnostics-otel", async () => { - const actual = await vi.importActual( - "openclaw/plugin-sdk/diagnostics-otel", - ); +vi.mock("../api.js", async () => { + const actual = await vi.importActual("../api.js"); return { ...actual, registerLogTransport: registerLogTransportMock, }; }); -import type { OpenClawPluginServiceContext } from "openclaw/plugin-sdk/diagnostics-otel"; -import { emitDiagnosticEvent } from "openclaw/plugin-sdk/diagnostics-otel"; +import type { OpenClawPluginServiceContext } from "../api.js"; +import { emitDiagnosticEvent } from "../api.js"; import { createDiagnosticsOtelService } from "./service.js"; const OTEL_TEST_STATE_DIR = "/tmp/openclaw-diagnostics-otel-test"; diff --git a/extensions/diagnostics-otel/src/service.ts b/extensions/diagnostics-otel/src/service.ts index b7224d034dd..2516b4c52e3 100644 --- a/extensions/diagnostics-otel/src/service.ts +++ b/extensions/diagnostics-otel/src/service.ts @@ -9,15 +9,8 @@ import { PeriodicExportingMetricReader } from "@opentelemetry/sdk-metrics"; import { NodeSDK } from "@opentelemetry/sdk-node"; import { ParentBasedSampler, TraceIdRatioBasedSampler } from "@opentelemetry/sdk-trace-base"; import { ATTR_SERVICE_NAME } from "@opentelemetry/semantic-conventions"; -import type { - DiagnosticEventPayload, - OpenClawPluginService, -} from "openclaw/plugin-sdk/diagnostics-otel"; -import { - onDiagnosticEvent, - redactSensitiveText, - registerLogTransport, -} from "openclaw/plugin-sdk/diagnostics-otel"; +import type { DiagnosticEventPayload, OpenClawPluginService } from "../api.js"; +import { onDiagnosticEvent, redactSensitiveText, registerLogTransport } from "../api.js"; const DEFAULT_SERVICE_NAME = "openclaw"; diff --git a/extensions/diffs/api.ts b/extensions/diffs/api.ts new file mode 100644 index 00000000000..e6fbaf9022a --- /dev/null +++ b/extensions/diffs/api.ts @@ -0,0 +1 @@ +export * from "openclaw/plugin-sdk/diffs"; diff --git a/extensions/diffs/index.test.ts b/extensions/diffs/index.test.ts index c38da12bfcd..02ce339e47c 100644 --- a/extensions/diffs/index.test.ts +++ b/extensions/diffs/index.test.ts @@ -1,8 +1,8 @@ import type { IncomingMessage } from "node:http"; -import type { OpenClawPluginApi } from "openclaw/plugin-sdk/diffs"; import { describe, expect, it, vi } from "vitest"; -import { createMockServerResponse } from "../../src/test-utils/mock-http-response.js"; -import { createTestPluginApi } from "../test-utils/plugin-api.js"; +import { createMockServerResponse } from "../../test/helpers/extensions/mock-http-response.js"; +import { createTestPluginApi } from "../../test/helpers/extensions/plugin-api.js"; +import type { OpenClawPluginApi } from "./api.js"; import plugin from "./index.js"; describe("diffs plugin registration", () => { diff --git a/extensions/diffs/index.ts b/extensions/diffs/index.ts index b1547b1087d..5ce8c94fabd 100644 --- a/extensions/diffs/index.ts +++ b/extensions/diffs/index.ts @@ -1,6 +1,6 @@ import path from "node:path"; -import type { OpenClawPluginApi } from "openclaw/plugin-sdk/diffs"; -import { resolvePreferredOpenClawTmpDir } from "openclaw/plugin-sdk/diffs"; +import type { OpenClawPluginApi } from "./api.js"; +import { resolvePreferredOpenClawTmpDir } from "./api.js"; import { diffsPluginConfigSchema, resolveDiffsPluginDefaults, diff --git a/extensions/diffs/src/browser.test.ts b/extensions/diffs/src/browser.test.ts index c0b03d62cc0..8c16530ec15 100644 --- a/extensions/diffs/src/browser.test.ts +++ b/extensions/diffs/src/browser.test.ts @@ -1,7 +1,7 @@ import fs from "node:fs/promises"; import path from "node:path"; -import type { OpenClawConfig } from "openclaw/plugin-sdk/diffs"; import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; +import type { OpenClawConfig } from "../api.js"; import { createTempDiffRoot } from "./test-helpers.js"; const { launchMock } = vi.hoisted(() => ({ diff --git a/extensions/diffs/src/browser.ts b/extensions/diffs/src/browser.ts index 904996946b6..53794ef83ee 100644 --- a/extensions/diffs/src/browser.ts +++ b/extensions/diffs/src/browser.ts @@ -1,8 +1,8 @@ import { constants as fsConstants } from "node:fs"; import fs from "node:fs/promises"; import path from "node:path"; -import type { OpenClawConfig } from "openclaw/plugin-sdk/diffs"; import { chromium } from "playwright-core"; +import type { OpenClawConfig } from "../api.js"; import type { DiffRenderOptions, DiffTheme } from "./types.js"; import { VIEWER_ASSET_PREFIX, getServedViewerAsset } from "./viewer-assets.js"; diff --git a/extensions/diffs/src/config.ts b/extensions/diffs/src/config.ts index fbc9a108060..faaa8535bde 100644 --- a/extensions/diffs/src/config.ts +++ b/extensions/diffs/src/config.ts @@ -1,4 +1,4 @@ -import type { OpenClawPluginConfigSchema } from "openclaw/plugin-sdk/diffs"; +import type { OpenClawPluginConfigSchema } from "../api.js"; import { DIFF_IMAGE_QUALITY_PRESETS, DIFF_INDICATORS, diff --git a/extensions/diffs/src/http.test.ts b/extensions/diffs/src/http.test.ts index a1caef018e4..e35d847597b 100644 --- a/extensions/diffs/src/http.test.ts +++ b/extensions/diffs/src/http.test.ts @@ -1,6 +1,6 @@ import type { IncomingMessage } from "node:http"; import { afterEach, beforeEach, describe, expect, it } from "vitest"; -import { createMockServerResponse } from "../../../src/test-utils/mock-http-response.js"; +import { createMockServerResponse } from "../../../test/helpers/extensions/mock-http-response.js"; import { createDiffsHttpHandler } from "./http.js"; import { DiffArtifactStore } from "./store.js"; import { createDiffStoreHarness } from "./test-helpers.js"; diff --git a/extensions/diffs/src/http.ts b/extensions/diffs/src/http.ts index 445500b2340..48d9341bfce 100644 --- a/extensions/diffs/src/http.ts +++ b/extensions/diffs/src/http.ts @@ -1,5 +1,5 @@ import type { IncomingMessage, ServerResponse } from "node:http"; -import type { PluginLogger } from "openclaw/plugin-sdk/diffs"; +import type { PluginLogger } from "../api.js"; import type { DiffArtifactStore } from "./store.js"; import { DIFF_ARTIFACT_ID_PATTERN, DIFF_ARTIFACT_TOKEN_PATTERN } from "./types.js"; import { VIEWER_ASSET_PREFIX, getServedViewerAsset } from "./viewer-assets.js"; diff --git a/extensions/diffs/src/store.ts b/extensions/diffs/src/store.ts index e53a555356c..baab4757384 100644 --- a/extensions/diffs/src/store.ts +++ b/extensions/diffs/src/store.ts @@ -1,7 +1,7 @@ import crypto from "node:crypto"; import fs from "node:fs/promises"; import path from "node:path"; -import type { PluginLogger } from "openclaw/plugin-sdk/diffs"; +import type { PluginLogger } from "../api.js"; import type { DiffArtifactMeta, DiffOutputFormat } from "./types.js"; const DEFAULT_TTL_MS = 30 * 60 * 1000; diff --git a/extensions/diffs/src/tool.test.ts b/extensions/diffs/src/tool.test.ts index 2f845727274..f79098dd907 100644 --- a/extensions/diffs/src/tool.test.ts +++ b/extensions/diffs/src/tool.test.ts @@ -1,8 +1,8 @@ import fs from "node:fs/promises"; import path from "node:path"; -import type { OpenClawPluginApi } from "openclaw/plugin-sdk/diffs"; import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; -import { createTestPluginApi } from "../../test-utils/plugin-api.js"; +import { createTestPluginApi } from "../../../test/helpers/extensions/plugin-api.js"; +import type { OpenClawPluginApi } from "../api.js"; import type { DiffScreenshotter } from "./browser.js"; import { DEFAULT_DIFFS_TOOL_DEFAULTS } from "./config.js"; import { DiffArtifactStore } from "./store.js"; diff --git a/extensions/diffs/src/tool.ts b/extensions/diffs/src/tool.ts index c6eb4b528c4..b20f11fee15 100644 --- a/extensions/diffs/src/tool.ts +++ b/extensions/diffs/src/tool.ts @@ -1,6 +1,6 @@ import fs from "node:fs/promises"; import { Static, Type } from "@sinclair/typebox"; -import type { AnyAgentTool, OpenClawPluginApi } from "openclaw/plugin-sdk/diffs"; +import type { AnyAgentTool, OpenClawPluginApi } from "../api.js"; import { PlaywrightDiffScreenshotter, type DiffScreenshotter } from "./browser.js"; import { resolveDiffImageRenderOptions } from "./config.js"; import { renderDiffDocument } from "./render.js"; diff --git a/extensions/diffs/src/url.ts b/extensions/diffs/src/url.ts index feee5c7af05..e8c40e05753 100644 --- a/extensions/diffs/src/url.ts +++ b/extensions/diffs/src/url.ts @@ -1,4 +1,4 @@ -import type { OpenClawConfig } from "openclaw/plugin-sdk/diffs"; +import type { OpenClawConfig } from "../api.js"; const DEFAULT_GATEWAY_PORT = 18789; diff --git a/extensions/discord/api.ts b/extensions/discord/api.ts new file mode 100644 index 00000000000..858255c0495 --- /dev/null +++ b/extensions/discord/api.ts @@ -0,0 +1,12 @@ +export * from "./src/account-inspect.js"; +export * from "./src/accounts.js"; +export * from "./src/actions/handle-action.guild-admin.js"; +export * from "./src/actions/handle-action.js"; +export * from "./src/components.js"; +export * from "./src/normalize.js"; +export * from "./src/pluralkit.js"; +export * from "./src/session-key-normalization.js"; +export * from "./src/status-issues.js"; +export * from "./src/targets.js"; +export type { DiscordSendComponents, DiscordSendEmbeds } from "./src/send.shared.js"; +export type { DiscordSendResult } from "./src/send.types.js"; diff --git a/extensions/discord/index.ts b/extensions/discord/index.ts index 13b32f08bb1..6d3c754edb4 100644 --- a/extensions/discord/index.ts +++ b/extensions/discord/index.ts @@ -1,22 +1,16 @@ -import type { OpenClawPluginApi } from "openclaw/plugin-sdk/core"; -import { emptyPluginConfigSchema } from "openclaw/plugin-sdk/core"; +import { defineChannelPluginEntry } from "openclaw/plugin-sdk/core"; import { discordPlugin } from "./src/channel.js"; import { setDiscordRuntime } from "./src/runtime.js"; import { registerDiscordSubagentHooks } from "./src/subagent-hooks.js"; -const plugin = { +export { discordPlugin } from "./src/channel.js"; +export { setDiscordRuntime } from "./src/runtime.js"; + +export default defineChannelPluginEntry({ id: "discord", name: "Discord", description: "Discord channel plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { - setDiscordRuntime(api.runtime); - api.registerChannel({ plugin: discordPlugin }); - if (api.registrationMode !== "full") { - return; - } - registerDiscordSubagentHooks(api); - }, -}; - -export default plugin; + plugin: discordPlugin, + setRuntime: setDiscordRuntime, + registerFull: registerDiscordSubagentHooks, +}); diff --git a/extensions/discord/runtime-api.ts b/extensions/discord/runtime-api.ts new file mode 100644 index 00000000000..3850143c4ef --- /dev/null +++ b/extensions/discord/runtime-api.ts @@ -0,0 +1,14 @@ +export * from "./src/audit.js"; +export * from "./src/channel-actions.js"; +export * from "./src/directory-live.js"; +export * from "./src/monitor.js"; +export * from "./src/monitor/gateway-plugin.js"; +export * from "./src/monitor/gateway-registry.js"; +export * from "./src/monitor/presence-cache.js"; +export * from "./src/monitor/thread-bindings.js"; +export * from "./src/monitor/thread-bindings.manager.js"; +export * from "./src/monitor/timeouts.js"; +export * from "./src/probe.js"; +export * from "./src/resolve-channels.js"; +export * from "./src/resolve-users.js"; +export * from "./src/send.js"; diff --git a/extensions/discord/setup-entry.ts b/extensions/discord/setup-entry.ts index 329a9376c9f..e2c4689ed39 100644 --- a/extensions/discord/setup-entry.ts +++ b/extensions/discord/setup-entry.ts @@ -1,3 +1,6 @@ +import { defineSetupPluginEntry } from "openclaw/plugin-sdk/core"; import { discordSetupPlugin } from "./src/channel.setup.js"; -export default { plugin: discordSetupPlugin }; +export { discordSetupPlugin } from "./src/channel.setup.js"; + +export default defineSetupPluginEntry(discordSetupPlugin); diff --git a/extensions/discord/src/account-inspect.ts b/extensions/discord/src/account-inspect.ts index bddea792c14..f42410814b3 100644 --- a/extensions/discord/src/account-inspect.ts +++ b/extensions/discord/src/account-inspect.ts @@ -2,12 +2,12 @@ import { DEFAULT_ACCOUNT_ID, normalizeAccountId, type OpenClawConfig, - type DiscordAccountConfig, -} from "openclaw/plugin-sdk/discord"; +} from "openclaw/plugin-sdk/account-resolution"; import { hasConfiguredSecretInput, normalizeSecretInputString, -} from "../../../src/config/types.secrets.js"; +} from "openclaw/plugin-sdk/config-runtime"; +import type { DiscordAccountConfig } from "openclaw/plugin-sdk/discord"; import { mergeDiscordAccountConfig, resolveDefaultDiscordAccountId, diff --git a/extensions/discord/src/accounts.ts b/extensions/discord/src/accounts.ts index a623e97446f..ad50e2e7aa3 100644 --- a/extensions/discord/src/accounts.ts +++ b/extensions/discord/src/accounts.ts @@ -1,12 +1,11 @@ -import type { - OpenClawConfig, - DiscordAccountConfig, - DiscordActionConfig, -} from "openclaw/plugin-sdk/discord"; -import { createAccountActionGate } from "../../../src/channels/plugins/account-action-gate.js"; -import { createAccountListHelpers } from "../../../src/channels/plugins/account-helpers.js"; -import { resolveAccountEntry } from "../../../src/routing/account-lookup.js"; -import { normalizeAccountId } from "../../../src/routing/session-key.js"; +import { + createAccountActionGate, + createAccountListHelpers, + normalizeAccountId, + resolveAccountEntry, + type OpenClawConfig, +} from "openclaw/plugin-sdk/account-resolution"; +import type { DiscordAccountConfig, DiscordActionConfig } from "openclaw/plugin-sdk/discord"; import { resolveDiscordToken } from "./token.js"; export type ResolvedDiscordAccount = { diff --git a/extensions/discord/src/actions/handle-action.guild-admin.ts b/extensions/discord/src/actions/handle-action.guild-admin.ts index 80cd97217ae..0f6075384a5 100644 --- a/extensions/discord/src/actions/handle-action.guild-admin.ts +++ b/extensions/discord/src/actions/handle-action.guild-admin.ts @@ -4,13 +4,13 @@ import { readNumberParam, readStringArrayParam, readStringParam, -} from "../../../../src/agents/tools/common.js"; +} from "openclaw/plugin-sdk/agent-runtime"; import { isDiscordModerationAction, readDiscordModerationCommand, -} from "../../../../src/agents/tools/discord-actions-moderation-shared.js"; -import { handleDiscordAction } from "../../../../src/agents/tools/discord-actions.js"; -import type { ChannelMessageActionContext } from "../../../../src/channels/plugins/types.js"; +} from "openclaw/plugin-sdk/agent-runtime"; +import { handleDiscordAction } from "openclaw/plugin-sdk/agent-runtime"; +import type { ChannelMessageActionContext } from "openclaw/plugin-sdk/channel-runtime"; type Ctx = Pick< ChannelMessageActionContext, diff --git a/extensions/discord/src/actions/handle-action.ts b/extensions/discord/src/actions/handle-action.ts index 4beb7d76de4..d23b078292a 100644 --- a/extensions/discord/src/actions/handle-action.ts +++ b/extensions/discord/src/actions/handle-action.ts @@ -3,13 +3,13 @@ import { readNumberParam, readStringArrayParam, readStringParam, -} from "../../../../src/agents/tools/common.js"; -import { readDiscordParentIdParam } from "../../../../src/agents/tools/discord-actions-shared.js"; -import { handleDiscordAction } from "../../../../src/agents/tools/discord-actions.js"; -import { resolveReactionMessageId } from "../../../../src/channels/plugins/actions/reaction-message-id.js"; -import type { ChannelMessageActionContext } from "../../../../src/channels/plugins/types.js"; -import { normalizeInteractiveReply } from "../../../../src/interactive/payload.js"; -import { readBooleanParam } from "../../../../src/plugin-sdk/boolean-param.js"; +} from "openclaw/plugin-sdk/agent-runtime"; +import { readDiscordParentIdParam } from "openclaw/plugin-sdk/agent-runtime"; +import { handleDiscordAction } from "openclaw/plugin-sdk/agent-runtime"; +import { readBooleanParam } from "openclaw/plugin-sdk/boolean-param"; +import { resolveReactionMessageId } from "openclaw/plugin-sdk/channel-runtime"; +import type { ChannelMessageActionContext } from "openclaw/plugin-sdk/channel-runtime"; +import { normalizeInteractiveReply } from "openclaw/plugin-sdk/channel-runtime"; import { buildDiscordInteractiveComponents } from "../shared-interactive.js"; import { resolveDiscordChannelId } from "../targets.js"; import { tryHandleDiscordMessageActionGuildAdmin } from "./handle-action.guild-admin.js"; diff --git a/extensions/discord/src/api.test.ts b/extensions/discord/src/api.test.ts index 5b0e648aa1d..11d15d5f59f 100644 --- a/extensions/discord/src/api.test.ts +++ b/extensions/discord/src/api.test.ts @@ -1,5 +1,5 @@ import { describe, expect, it } from "vitest"; -import { withFetchPreconnect } from "../../../src/test-utils/fetch-mock.js"; +import { withFetchPreconnect } from "../../../test/helpers/extensions/fetch-mock.js"; import { fetchDiscord } from "./api.js"; import { jsonResponse } from "./test-http-helpers.js"; diff --git a/extensions/discord/src/api.ts b/extensions/discord/src/api.ts index cead5eb8cea..0352656d21b 100644 --- a/extensions/discord/src/api.ts +++ b/extensions/discord/src/api.ts @@ -1,5 +1,9 @@ -import { resolveFetch } from "../../../src/infra/fetch.js"; -import { resolveRetryConfig, retryAsync, type RetryConfig } from "../../../src/infra/retry.js"; +import { resolveFetch } from "openclaw/plugin-sdk/infra-runtime"; +import { + resolveRetryConfig, + retryAsync, + type RetryConfig, +} from "openclaw/plugin-sdk/infra-runtime"; const DISCORD_API_BASE = "https://discord.com/api/v10"; const DISCORD_API_RETRY_DEFAULTS = { diff --git a/extensions/discord/src/audit.ts b/extensions/discord/src/audit.ts index a5a226c5550..79bc9b5b5fc 100644 --- a/extensions/discord/src/audit.ts +++ b/extensions/discord/src/audit.ts @@ -1,6 +1,9 @@ -import type { OpenClawConfig } from "../../../src/config/config.js"; -import type { DiscordGuildChannelConfig, DiscordGuildEntry } from "../../../src/config/types.js"; -import { isRecord } from "../../../src/utils.js"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import type { + DiscordGuildChannelConfig, + DiscordGuildEntry, +} from "openclaw/plugin-sdk/config-runtime"; +import { isRecord } from "openclaw/plugin-sdk/text-runtime"; import { inspectDiscordAccount } from "./account-inspect.js"; import { fetchChannelPermissionsDiscord } from "./send.js"; diff --git a/extensions/discord/src/channel-actions.ts b/extensions/discord/src/channel-actions.ts index 049eb4a320c..21f24fd9553 100644 --- a/extensions/discord/src/channel-actions.ts +++ b/extensions/discord/src/channel-actions.ts @@ -1,12 +1,12 @@ import { createUnionActionGate, listTokenSourcedAccounts, -} from "../../../src/channels/plugins/actions/shared.js"; +} from "openclaw/plugin-sdk/channel-runtime"; import type { ChannelMessageActionAdapter, ChannelMessageActionName, -} from "../../../src/channels/plugins/types.js"; -import type { DiscordActionConfig } from "../../../src/config/types.discord.js"; +} from "openclaw/plugin-sdk/channel-runtime"; +import type { DiscordActionConfig } from "openclaw/plugin-sdk/config-runtime"; import { createDiscordActionGate, listEnabledDiscordAccounts } from "./accounts.js"; import { handleDiscordMessageAction } from "./actions/handle-action.js"; diff --git a/extensions/discord/src/channel.runtime.ts b/extensions/discord/src/channel.runtime.ts index bc22b64706a..d4da518fdc1 100644 --- a/extensions/discord/src/channel.runtime.ts +++ b/extensions/discord/src/channel.runtime.ts @@ -1 +1,5 @@ -export { discordSetupWizard } from "./setup-surface.js"; +import { discordSetupWizard as discordSetupWizardImpl } from "./setup-surface.js"; + +type DiscordSetupWizard = typeof import("./setup-surface.js").discordSetupWizard; + +export const discordSetupWizard: DiscordSetupWizard = { ...discordSetupWizardImpl }; diff --git a/extensions/discord/src/channel.setup.ts b/extensions/discord/src/channel.setup.ts index ee157e3c9bb..efec8990442 100644 --- a/extensions/discord/src/channel.setup.ts +++ b/extensions/discord/src/channel.setup.ts @@ -1,77 +1,15 @@ -import { createScopedChannelConfigBase } from "openclaw/plugin-sdk/compat"; -import { - createScopedAccountConfigAccessors, - formatAllowFromLowercase, -} from "openclaw/plugin-sdk/compat"; import { buildChannelConfigSchema, DiscordConfigSchema, - getChatChannelMeta, type ChannelPlugin, } from "openclaw/plugin-sdk/discord"; -import { inspectDiscordAccount } from "./account-inspect.js"; -import { - listDiscordAccountIds, - resolveDefaultDiscordAccountId, - resolveDiscordAccount, - type ResolvedDiscordAccount, -} from "./accounts.js"; -import { createDiscordSetupWizardProxy, discordSetupAdapter } from "./setup-core.js"; - -async function loadDiscordChannelRuntime() { - return await import("./channel.runtime.js"); -} - -const discordConfigAccessors = createScopedAccountConfigAccessors({ - resolveAccount: ({ cfg, accountId }) => resolveDiscordAccount({ cfg, accountId }), - resolveAllowFrom: (account: ResolvedDiscordAccount) => account.config.dm?.allowFrom, - formatAllowFrom: (allowFrom) => formatAllowFromLowercase({ allowFrom }), - resolveDefaultTo: (account: ResolvedDiscordAccount) => account.config.defaultTo, -}); - -const discordConfigBase = createScopedChannelConfigBase({ - sectionKey: "discord", - listAccountIds: listDiscordAccountIds, - resolveAccount: (cfg, accountId) => resolveDiscordAccount({ cfg, accountId }), - inspectAccount: (cfg, accountId) => inspectDiscordAccount({ cfg, accountId }), - defaultAccountId: resolveDefaultDiscordAccountId, - clearBaseFields: ["token", "name"], -}); - -const discordSetupWizard = createDiscordSetupWizardProxy(async () => ({ - discordSetupWizard: (await loadDiscordChannelRuntime()).discordSetupWizard, -})); +import { type ResolvedDiscordAccount } from "./accounts.js"; +import { discordSetupAdapter } from "./setup-core.js"; +import { createDiscordPluginBase } from "./shared.js"; export const discordSetupPlugin: ChannelPlugin = { - id: "discord", - meta: { - ...getChatChannelMeta("discord"), - }, - setupWizard: discordSetupWizard, - capabilities: { - chatTypes: ["direct", "channel", "thread"], - polls: true, - reactions: true, - threads: true, - media: true, - nativeCommands: true, - }, - streaming: { - blockStreamingCoalesceDefaults: { minChars: 1500, idleMs: 1000 }, - }, - reload: { configPrefixes: ["channels.discord"] }, - configSchema: buildChannelConfigSchema(DiscordConfigSchema), - config: { - ...discordConfigBase, - isConfigured: (account) => Boolean(account.token?.trim()), - describeAccount: (account) => ({ - accountId: account.accountId, - name: account.name, - enabled: account.enabled, - configured: Boolean(account.token?.trim()), - tokenSource: account.tokenSource, - }), - ...discordConfigAccessors, - }, - setup: discordSetupAdapter, + ...createDiscordPluginBase({ + configSchema: buildChannelConfigSchema(DiscordConfigSchema), + setup: discordSetupAdapter, + }), }; diff --git a/extensions/discord/src/channel.test.ts b/extensions/discord/src/channel.test.ts index 0a4ead6c3fd..5e47dda6334 100644 --- a/extensions/discord/src/channel.test.ts +++ b/extensions/discord/src/channel.test.ts @@ -1,8 +1,87 @@ -import type { OpenClawConfig, PluginRuntime } from "openclaw/plugin-sdk/discord"; -import { describe, expect, it, vi } from "vitest"; +import type { + ChannelAccountSnapshot, + ChannelGatewayContext, + OpenClawConfig, + PluginRuntime, +} from "openclaw/plugin-sdk/discord"; +import { afterEach, describe, expect, it, vi } from "vitest"; +import { createRuntimeEnv } from "../../../test/helpers/extensions/runtime-env.js"; +import type { ResolvedDiscordAccount } from "./accounts.js"; import { discordPlugin } from "./channel.js"; import { setDiscordRuntime } from "./runtime.js"; +const probeDiscordMock = vi.hoisted(() => vi.fn()); +const monitorDiscordProviderMock = vi.hoisted(() => vi.fn()); +const auditDiscordChannelPermissionsMock = vi.hoisted(() => vi.fn()); + +vi.mock("./probe.js", async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + probeDiscord: probeDiscordMock, + }; +}); + +vi.mock("./monitor.js", async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + monitorDiscordProvider: monitorDiscordProviderMock, + }; +}); + +vi.mock("./audit.js", async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + auditDiscordChannelPermissions: auditDiscordChannelPermissionsMock, + }; +}); + +function createCfg(): OpenClawConfig { + return { + channels: { + discord: { + enabled: true, + token: "discord-token", + }, + }, + } as OpenClawConfig; +} + +function createStartAccountCtx(params: { + cfg: OpenClawConfig; + accountId: string; + runtime: ReturnType; +}): ChannelGatewayContext { + const account = discordPlugin.config.resolveAccount( + params.cfg, + params.accountId, + ) as ResolvedDiscordAccount; + const snapshot: ChannelAccountSnapshot = { + accountId: params.accountId, + configured: true, + enabled: true, + running: false, + }; + return { + accountId: params.accountId, + account, + cfg: params.cfg, + runtime: params.runtime, + abortSignal: new AbortController().signal, + log: { info: vi.fn(), warn: vi.fn(), error: vi.fn(), debug: vi.fn() }, + getStatus: () => snapshot, + setStatus: vi.fn(), + }; +} + +afterEach(() => { + probeDiscordMock.mockReset(); + monitorDiscordProviderMock.mockReset(); + auditDiscordChannelPermissionsMock.mockReset(); +}); + describe("discordPlugin outbound", () => { it("forwards mediaLocalRoots to sendMessageDiscord", async () => { const sendMessageDiscord = vi.fn(async () => ({ messageId: "m1" })); @@ -33,4 +112,100 @@ describe("discordPlugin outbound", () => { ); expect(result).toMatchObject({ channel: "discord", messageId: "m1" }); }); + + it("uses direct Discord probe helpers for status probes", async () => { + const runtimeProbeDiscord = vi.fn(async () => { + throw new Error("runtime Discord probe should not be used"); + }); + setDiscordRuntime({ + channel: { + discord: { + probeDiscord: runtimeProbeDiscord, + }, + }, + logging: { + shouldLogVerbose: () => false, + }, + } as unknown as PluginRuntime); + probeDiscordMock.mockResolvedValue({ + ok: true, + bot: { username: "Bob" }, + application: { + intents: { + messageContent: "limited", + guildMembers: "disabled", + presence: "disabled", + }, + }, + elapsedMs: 1, + }); + + const cfg = createCfg(); + const account = discordPlugin.config.resolveAccount(cfg, "default"); + + await discordPlugin.status!.probeAccount!({ + account, + timeoutMs: 5000, + cfg, + }); + + expect(probeDiscordMock).toHaveBeenCalledWith("discord-token", 5000, { + includeApplication: true, + }); + expect(runtimeProbeDiscord).not.toHaveBeenCalled(); + }); + + it("uses direct Discord startup helpers before monitoring", async () => { + const runtimeProbeDiscord = vi.fn(async () => { + throw new Error("runtime Discord probe should not be used"); + }); + const runtimeMonitorDiscordProvider = vi.fn(async () => { + throw new Error("runtime Discord monitor should not be used"); + }); + setDiscordRuntime({ + channel: { + discord: { + probeDiscord: runtimeProbeDiscord, + monitorDiscordProvider: runtimeMonitorDiscordProvider, + }, + }, + logging: { + shouldLogVerbose: () => false, + }, + } as unknown as PluginRuntime); + probeDiscordMock.mockResolvedValue({ + ok: true, + bot: { username: "Bob" }, + application: { + intents: { + messageContent: "limited", + guildMembers: "disabled", + presence: "disabled", + }, + }, + elapsedMs: 1, + }); + monitorDiscordProviderMock.mockResolvedValue(undefined); + + const cfg = createCfg(); + await discordPlugin.gateway!.startAccount!( + createStartAccountCtx({ + cfg, + accountId: "default", + runtime: createRuntimeEnv(), + }), + ); + + expect(probeDiscordMock).toHaveBeenCalledWith("discord-token", 2500, { + includeApplication: true, + }); + expect(monitorDiscordProviderMock).toHaveBeenCalledWith( + expect.objectContaining({ + token: "discord-token", + accountId: "default", + }), + ); + expect(runtimeProbeDiscord).not.toHaveBeenCalled(); + expect(runtimeMonitorDiscordProvider).not.toHaveBeenCalled(); + }); }); diff --git a/extensions/discord/src/channel.ts b/extensions/discord/src/channel.ts index 966a5a1cbcd..c4ff4827038 100644 --- a/extensions/discord/src/channel.ts +++ b/extensions/discord/src/channel.ts @@ -1,18 +1,16 @@ import { Separator, TextDisplay } from "@buape/carbon"; -import { createScopedChannelConfigBase } from "openclaw/plugin-sdk/compat"; import { buildAccountScopedAllowlistConfigEditor, - buildAccountScopedDmSecurityPolicy, - collectOpenProviderGroupPolicyWarnings, - collectOpenGroupPolicyConfiguredRouteWarnings, - createScopedAccountConfigAccessors, - formatAllowFromLowercase, -} from "openclaw/plugin-sdk/compat"; + resolveLegacyDmAllowlistConfigPaths, +} from "openclaw/plugin-sdk/allowlist-config-edit"; import { - buildAgentSessionKey, - resolveThreadSessionKeys, - type RoutePeer, -} from "openclaw/plugin-sdk/core"; + buildAccountScopedDmSecurityPolicy, + collectOpenGroupPolicyConfiguredRouteWarnings, + collectOpenProviderGroupPolicyWarnings, +} from "openclaw/plugin-sdk/channel-config-helpers"; +import { resolveOutboundSendDep } from "openclaw/plugin-sdk/channel-runtime"; +import { normalizeMessageChannel } from "openclaw/plugin-sdk/channel-runtime"; +import { buildOutboundBaseSessionKey, normalizeOutboundThreadId } from "openclaw/plugin-sdk/core"; import { buildComputedAccountStatusSnapshot, buildChannelConfigSchema, @@ -31,30 +29,29 @@ import { type ChannelPlugin, type OpenClawConfig, } from "openclaw/plugin-sdk/discord"; -import { resolveOutboundSendDep } from "../../../src/infra/outbound/send-deps.js"; -import { normalizeMessageChannel } from "../../../src/utils/message-channel.js"; -import { inspectDiscordAccount } from "./account-inspect.js"; +import { resolveThreadSessionKeys, type RoutePeer } from "openclaw/plugin-sdk/routing"; import { listDiscordAccountIds, resolveDiscordAccount, - resolveDefaultDiscordAccountId, type ResolvedDiscordAccount, } from "./accounts.js"; -import { collectDiscordAuditChannelIds } from "./audit.js"; +import { auditDiscordChannelPermissions, collectDiscordAuditChannelIds } from "./audit.js"; import { isDiscordExecApprovalClientEnabled, shouldSuppressLocalDiscordExecApprovalPrompt, } from "./exec-approvals.js"; +import { monitorDiscordProvider } from "./monitor.js"; import { looksLikeDiscordTargetId, normalizeDiscordMessagingTarget, normalizeDiscordOutboundTarget, } from "./normalize.js"; -import type { DiscordProbe } from "./probe.js"; +import { probeDiscord, type DiscordProbe } from "./probe.js"; import { resolveDiscordUserAllowlist } from "./resolve-users.js"; import { getDiscordRuntime } from "./runtime.js"; import { fetchChannelPermissionsDiscord } from "./send.js"; -import { createDiscordSetupWizardProxy, discordSetupAdapter } from "./setup-core.js"; +import { discordSetupAdapter } from "./setup-core.js"; +import { createDiscordPluginBase, discordConfigAccessors } from "./shared.js"; import { collectDiscordStatusIssues } from "./status-issues.js"; import { parseDiscordTarget } from "./targets.js"; import { DiscordUiContainer } from "./ui.js"; @@ -66,10 +63,6 @@ type DiscordSendFn = ReturnType< const meta = getChatChannelMeta("discord"); const REQUIRED_DISCORD_PERMISSIONS = ["ViewChannel", "SendMessages"] as const; -async function loadDiscordChannelRuntime() { - return await import("./channel.runtime.js"); -} - function formatDiscordIntents(intents?: { messageContent?: string; guildMembers?: string; @@ -208,34 +201,13 @@ function parseDiscordExplicitTarget(raw: string) { } } -function normalizeOutboundThreadId(value?: string | number | null): string | undefined { - if (value == null) { - return undefined; - } - if (typeof value === "number") { - if (!Number.isFinite(value)) { - return undefined; - } - return String(Math.trunc(value)); - } - const trimmed = value.trim(); - return trimmed ? trimmed : undefined; -} - function buildDiscordBaseSessionKey(params: { cfg: OpenClawConfig; agentId: string; accountId?: string | null; peer: RoutePeer; }) { - return buildAgentSessionKey({ - agentId: params.agentId, - channel: "discord", - accountId: params.accountId, - peer: params.peer, - dmScope: params.cfg.session?.dmScope ?? "main", - identityLinks: params.cfg.session?.identityLinks, - }); + return buildOutboundBaseSessionKey({ ...params, channel: "discord" }); } function resolveDiscordOutboundTargetKindHint(params: { @@ -304,32 +276,11 @@ function resolveDiscordOutboundSessionRoute(params: { }; } -const discordConfigAccessors = createScopedAccountConfigAccessors({ - resolveAccount: ({ cfg, accountId }) => resolveDiscordAccount({ cfg, accountId }), - resolveAllowFrom: (account: ResolvedDiscordAccount) => account.config.dm?.allowFrom, - formatAllowFrom: (allowFrom) => formatAllowFromLowercase({ allowFrom }), - resolveDefaultTo: (account: ResolvedDiscordAccount) => account.config.defaultTo, -}); - -const discordConfigBase = createScopedChannelConfigBase({ - sectionKey: "discord", - listAccountIds: listDiscordAccountIds, - resolveAccount: (cfg, accountId) => resolveDiscordAccount({ cfg, accountId }), - inspectAccount: (cfg, accountId) => inspectDiscordAccount({ cfg, accountId }), - defaultAccountId: resolveDefaultDiscordAccountId, - clearBaseFields: ["token", "name"], -}); - -const discordSetupWizard = createDiscordSetupWizardProxy(async () => ({ - discordSetupWizard: (await loadDiscordChannelRuntime()).discordSetupWizard, -})); - export const discordPlugin: ChannelPlugin = { - id: "discord", - meta: { - ...meta, - }, - setupWizard: discordSetupWizard, + ...createDiscordPluginBase({ + configSchema: buildChannelConfigSchema(DiscordConfigSchema), + setup: discordSetupAdapter, + }), pairing: { idLabel: "discordUserId", normalizeAllowEntry: (entry) => entry.replace(/^(discord|user):/i, ""), @@ -340,31 +291,6 @@ export const discordPlugin: ChannelPlugin = { ); }, }, - capabilities: { - chatTypes: ["direct", "channel", "thread"], - polls: true, - reactions: true, - threads: true, - media: true, - nativeCommands: true, - }, - streaming: { - blockStreamingCoalesceDefaults: { minChars: 1500, idleMs: 1000 }, - }, - reload: { configPrefixes: ["channels.discord"] }, - configSchema: buildChannelConfigSchema(DiscordConfigSchema), - config: { - ...discordConfigBase, - isConfigured: (account) => Boolean(account.token?.trim()), - describeAccount: (account) => ({ - accountId: account.accountId, - name: account.name, - enabled: account.enabled, - configured: Boolean(account.token?.trim()), - tokenSource: account.tokenSource, - }), - ...discordConfigAccessors, - }, allowlist: { supportsScope: ({ scope }) => scope === "dm", readConfig: ({ cfg, accountId }) => @@ -375,14 +301,7 @@ export const discordPlugin: ChannelPlugin = { channelId: "discord", normalize: ({ cfg, accountId, values }) => discordConfigAccessors.formatAllowFrom!({ cfg, accountId, allowFrom: values }), - resolvePaths: (scope) => - scope === "dm" - ? { - readPaths: [["allowFrom"], ["dm", "allowFrom"]], - writePath: ["allowFrom"], - cleanupPaths: [["dm", "allowFrom"]], - } - : null, + resolvePaths: resolveLegacyDmAllowlistConfigPaths, }), }, security: { @@ -573,11 +492,15 @@ export const discordPlugin: ChannelPlugin = { silent: silent ?? undefined, }), }, - acpBindings: { - normalizeConfiguredBindingTarget: ({ conversationId }) => + bindings: { + compileConfiguredBinding: ({ conversationId }) => normalizeDiscordAcpConversationId(conversationId), - matchConfiguredBinding: ({ bindingConversationId, conversationId, parentConversationId }) => - matchDiscordAcpConversation({ bindingConversationId, conversationId, parentConversationId }), + matchInboundConversation: ({ compiledBinding, conversationId, parentConversationId }) => + matchDiscordAcpConversation({ + bindingConversationId: compiledBinding.conversationId, + conversationId, + parentConversationId, + }), }, status: { defaultRuntime: { @@ -596,7 +519,7 @@ export const discordPlugin: ChannelPlugin = { buildChannelSummary: ({ snapshot }) => buildTokenChannelStatusSummary(snapshot, { includeMode: false }), probeAccount: async ({ account, timeoutMs }) => - getDiscordRuntime().channel.discord.probeDiscord(account.token, timeoutMs, { + probeDiscord(account.token, timeoutMs, { includeApplication: true, }), formatCapabilitiesProbe: ({ probe }) => { @@ -702,7 +625,7 @@ export const discordPlugin: ChannelPlugin = { elapsedMs: 0, }; } - const audit = await getDiscordRuntime().channel.discord.auditChannelPermissions({ + const audit = await auditDiscordChannelPermissions({ token: botToken, accountId: account.accountId, channelIds, @@ -743,7 +666,7 @@ export const discordPlugin: ChannelPlugin = { const token = account.token.trim(); let discordBotLabel = ""; try { - const probe = await getDiscordRuntime().channel.discord.probeDiscord(token, 2500, { + const probe = await probeDiscord(token, 2500, { includeApplication: true, }); const username = probe.ok ? probe.bot?.username?.trim() : null; @@ -771,7 +694,7 @@ export const discordPlugin: ChannelPlugin = { } } ctx.log?.info(`[${account.accountId}] starting provider${discordBotLabel}`); - return getDiscordRuntime().channel.discord.monitorDiscordProvider({ + return monitorDiscordProvider({ token, accountId: account.accountId, config: ctx.cfg, diff --git a/extensions/discord/src/chunk.test.ts b/extensions/discord/src/chunk.test.ts index 3c667c0fc9f..228871fe5d6 100644 --- a/extensions/discord/src/chunk.test.ts +++ b/extensions/discord/src/chunk.test.ts @@ -1,5 +1,8 @@ import { describe, expect, it } from "vitest"; -import { countLines, hasBalancedFences } from "../../../src/test-utils/chunk-test-helpers.js"; +import { + countLines, + hasBalancedFences, +} from "../../../test/helpers/extensions/chunk-test-helpers.js"; import { chunkDiscordText, chunkDiscordTextWithMode } from "./chunk.js"; describe("chunkDiscordText", () => { diff --git a/extensions/discord/src/chunk.ts b/extensions/discord/src/chunk.ts index a814c10d2c8..5efff023152 100644 --- a/extensions/discord/src/chunk.ts +++ b/extensions/discord/src/chunk.ts @@ -1,4 +1,4 @@ -import { chunkMarkdownTextWithMode, type ChunkMode } from "../../../src/auto-reply/chunk.js"; +import { chunkMarkdownTextWithMode, type ChunkMode } from "openclaw/plugin-sdk/reply-runtime"; export type ChunkDiscordTextOpts = { /** Max characters per Discord message. Default: 2000. */ diff --git a/extensions/discord/src/client.ts b/extensions/discord/src/client.ts index 2e8d53799a6..2688add72cd 100644 --- a/extensions/discord/src/client.ts +++ b/extensions/discord/src/client.ts @@ -1,8 +1,8 @@ import { RequestClient } from "@buape/carbon"; -import { loadConfig } from "../../../src/config/config.js"; -import { createDiscordRetryRunner, type RetryRunner } from "../../../src/infra/retry-policy.js"; -import type { RetryConfig } from "../../../src/infra/retry.js"; -import { normalizeAccountId } from "../../../src/routing/session-key.js"; +import { loadConfig } from "openclaw/plugin-sdk/config-runtime"; +import { createDiscordRetryRunner, type RetryRunner } from "openclaw/plugin-sdk/infra-runtime"; +import type { RetryConfig } from "openclaw/plugin-sdk/infra-runtime"; +import { normalizeAccountId } from "openclaw/plugin-sdk/routing"; import { mergeDiscordAccountConfig, resolveDiscordAccount, diff --git a/extensions/discord/src/directory-cache.ts b/extensions/discord/src/directory-cache.ts index d1a85767216..cc8c9d7c546 100644 --- a/extensions/discord/src/directory-cache.ts +++ b/extensions/discord/src/directory-cache.ts @@ -1,4 +1,4 @@ -import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/account-id.js"; +import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "openclaw/plugin-sdk/routing"; const DISCORD_DIRECTORY_CACHE_MAX_ENTRIES = 4000; const DISCORD_DISCRIMINATOR_SUFFIX = /#\d{4}$/; diff --git a/extensions/discord/src/directory-live.ts b/extensions/discord/src/directory-live.ts index af55475a43e..6bd38204a0a 100644 --- a/extensions/discord/src/directory-live.ts +++ b/extensions/discord/src/directory-live.ts @@ -1,5 +1,5 @@ -import type { DirectoryConfigParams } from "../../../src/channels/plugins/directory-config.js"; -import type { ChannelDirectoryEntry } from "../../../src/channels/plugins/types.js"; +import type { DirectoryConfigParams } from "openclaw/plugin-sdk/channel-runtime"; +import type { ChannelDirectoryEntry } from "openclaw/plugin-sdk/channel-runtime"; import { resolveDiscordAccount } from "./accounts.js"; import { fetchDiscord } from "./api.js"; import { rememberDiscordDirectoryUser } from "./directory-cache.js"; diff --git a/extensions/discord/src/draft-chunking.ts b/extensions/discord/src/draft-chunking.ts index 1d56841577a..98cc48a2f9f 100644 --- a/extensions/discord/src/draft-chunking.ts +++ b/extensions/discord/src/draft-chunking.ts @@ -1,7 +1,7 @@ -import { resolveTextChunkLimit } from "../../../src/auto-reply/chunk.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { resolveAccountEntry } from "../../../src/routing/account-lookup.js"; -import { normalizeAccountId } from "../../../src/routing/session-key.js"; +import { type OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { resolveTextChunkLimit } from "openclaw/plugin-sdk/reply-runtime"; +import { resolveAccountEntry } from "openclaw/plugin-sdk/routing"; +import { normalizeAccountId } from "openclaw/plugin-sdk/routing"; import { DISCORD_TEXT_CHUNK_LIMIT } from "./outbound-adapter.js"; const DEFAULT_DISCORD_DRAFT_STREAM_MIN = 200; diff --git a/extensions/discord/src/draft-stream.ts b/extensions/discord/src/draft-stream.ts index db9089f6176..a12348334bc 100644 --- a/extensions/discord/src/draft-stream.ts +++ b/extensions/discord/src/draft-stream.ts @@ -1,6 +1,6 @@ import type { RequestClient } from "@buape/carbon"; import { Routes } from "discord-api-types/v10"; -import { createFinalizableDraftLifecycle } from "../../../src/channels/draft-stream-controls.js"; +import { createFinalizableDraftLifecycle } from "openclaw/plugin-sdk/channel-runtime"; /** Discord messages cap at 2000 characters. */ const DISCORD_STREAM_MAX_CHARS = 2000; diff --git a/extensions/discord/src/exec-approvals.ts b/extensions/discord/src/exec-approvals.ts index 5640805705a..bdafce36713 100644 --- a/extensions/discord/src/exec-approvals.ts +++ b/extensions/discord/src/exec-approvals.ts @@ -1,6 +1,6 @@ -import type { ReplyPayload } from "../../../src/auto-reply/types.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { getExecApprovalReplyMetadata } from "../../../src/infra/exec-approval-reply.js"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { getExecApprovalReplyMetadata } from "openclaw/plugin-sdk/infra-runtime"; +import type { ReplyPayload } from "openclaw/plugin-sdk/reply-runtime"; import { resolveDiscordAccount } from "./accounts.js"; export function isDiscordExecApprovalClientEnabled(params: { diff --git a/extensions/discord/src/gateway-logging.ts b/extensions/discord/src/gateway-logging.ts index 18ce32909ef..3a6802ccaef 100644 --- a/extensions/discord/src/gateway-logging.ts +++ b/extensions/discord/src/gateway-logging.ts @@ -1,6 +1,6 @@ import type { EventEmitter } from "node:events"; -import { logVerbose } from "../../../src/globals.js"; -import type { RuntimeEnv } from "../../../src/runtime.js"; +import { logVerbose } from "openclaw/plugin-sdk/runtime-env"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; type GatewayEmitter = Pick; diff --git a/extensions/discord/src/monitor.test.ts b/extensions/discord/src/monitor.test.ts index 40f14a00551..9836984d555 100644 --- a/extensions/discord/src/monitor.test.ts +++ b/extensions/discord/src/monitor.test.ts @@ -1,6 +1,6 @@ import { ChannelType, type Guild } from "@buape/carbon"; import { beforeEach, describe, expect, it, vi } from "vitest"; -import { typedCases } from "../../../src/test-utils/typed-cases.js"; +import { typedCases } from "../../../test/helpers/extensions/typed-cases.js"; import { allowListMatches, buildDiscordMediaPayload, diff --git a/extensions/discord/src/monitor.tool-result.test-harness.ts b/extensions/discord/src/monitor.tool-result.test-harness.ts index 700e9a63df3..6d0405d756c 100644 --- a/extensions/discord/src/monitor.tool-result.test-harness.ts +++ b/extensions/discord/src/monitor.tool-result.test-harness.ts @@ -1,5 +1,5 @@ +import type { MockFn } from "openclaw/plugin-sdk/testing"; import { vi } from "vitest"; -import type { MockFn } from "../../../src/test-utils/vitest-mock-fn.js"; export const sendMock: MockFn = vi.fn(); export const reactMock: MockFn = vi.fn(); @@ -15,8 +15,8 @@ vi.mock("./send.js", () => ({ }, })); -vi.mock("../../../src/auto-reply/dispatch.js", async (importOriginal) => { - const actual = await importOriginal(); +vi.mock("openclaw/plugin-sdk/reply-runtime", async (importOriginal) => { + const actual = await importOriginal(); return { ...actual, dispatchInboundMessage: (...args: unknown[]) => dispatchMock(...args), @@ -36,10 +36,10 @@ function createPairingStoreMocks() { }; } -vi.mock("../../../src/pairing/pairing-store.js", () => createPairingStoreMocks()); +vi.mock("openclaw/plugin-sdk/conversation-runtime", () => createPairingStoreMocks()); -vi.mock("../../../src/config/sessions.js", async (importOriginal) => { - const actual = await importOriginal(); +vi.mock("openclaw/plugin-sdk/config-runtime", async (importOriginal) => { + const actual = await importOriginal(); return { ...actual, resolveStorePath: vi.fn(() => "/tmp/openclaw-sessions.json"), diff --git a/extensions/discord/src/monitor/agent-components.ts b/extensions/discord/src/monitor/agent-components.ts index e28bd17b70e..5ac63e76d51 100644 --- a/extensions/discord/src/monitor/agent-components.ts +++ b/extensions/discord/src/monitor/agent-components.ts @@ -18,41 +18,41 @@ import { } from "@buape/carbon"; import type { APIStringSelectComponent } from "discord-api-types/v10"; import { ButtonStyle, ChannelType } from "discord-api-types/v10"; -import { resolveHumanDelayConfig } from "../../../../src/agents/identity.js"; -import { resolveChunkMode, resolveTextChunkLimit } from "../../../../src/auto-reply/chunk.js"; -import { - formatInboundEnvelope, - resolveEnvelopeFormatOptions, -} from "../../../../src/auto-reply/envelope.js"; -import { finalizeInboundContext } from "../../../../src/auto-reply/reply/inbound-context.js"; -import { dispatchReplyWithBufferedBlockDispatcher } from "../../../../src/auto-reply/reply/provider-dispatcher.js"; -import { createReplyReferencePlanner } from "../../../../src/auto-reply/reply/reply-reference.js"; -import { resolveCommandAuthorizedFromAuthorizers } from "../../../../src/channels/command-gating.js"; -import { createReplyPrefixOptions } from "../../../../src/channels/reply-prefix.js"; -import { recordInboundSession } from "../../../../src/channels/session.js"; -import type { OpenClawConfig } from "../../../../src/config/config.js"; -import { isDangerousNameMatchingEnabled } from "../../../../src/config/dangerous-name-matching.js"; -import { resolveMarkdownTableMode } from "../../../../src/config/markdown-tables.js"; -import { readSessionUpdatedAt, resolveStorePath } from "../../../../src/config/sessions.js"; -import type { DiscordAccountConfig } from "../../../../src/config/types.discord.js"; -import { logVerbose } from "../../../../src/globals.js"; -import { enqueueSystemEvent } from "../../../../src/infra/system-events.js"; -import { logDebug, logError } from "../../../../src/logger.js"; -import { getAgentScopedMediaLocalRoots } from "../../../../src/media/local-roots.js"; -import { issuePairingChallenge } from "../../../../src/pairing/pairing-challenge.js"; -import { upsertChannelPairingRequest } from "../../../../src/pairing/pairing-store.js"; +import { resolveHumanDelayConfig } from "openclaw/plugin-sdk/agent-runtime"; +import { resolveCommandAuthorizedFromAuthorizers } from "openclaw/plugin-sdk/channel-runtime"; +import { createReplyPrefixOptions } from "openclaw/plugin-sdk/channel-runtime"; +import { recordInboundSession } from "openclaw/plugin-sdk/channel-runtime"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { isDangerousNameMatchingEnabled } from "openclaw/plugin-sdk/config-runtime"; +import { resolveMarkdownTableMode } from "openclaw/plugin-sdk/config-runtime"; +import { readSessionUpdatedAt, resolveStorePath } from "openclaw/plugin-sdk/config-runtime"; +import type { DiscordAccountConfig } from "openclaw/plugin-sdk/config-runtime"; +import { issuePairingChallenge } from "openclaw/plugin-sdk/conversation-runtime"; +import { upsertChannelPairingRequest } from "openclaw/plugin-sdk/conversation-runtime"; import { buildPluginBindingResolvedText, parsePluginBindingApprovalCustomId, resolvePluginConversationBindingApproval, -} from "../../../../src/plugins/conversation-binding.js"; -import { dispatchPluginInteractiveHandler } from "../../../../src/plugins/interactive.js"; -import { resolveAgentRoute } from "../../../../src/routing/resolve-route.js"; -import { createNonExitingRuntime, type RuntimeEnv } from "../../../../src/runtime.js"; +} from "openclaw/plugin-sdk/conversation-runtime"; +import { enqueueSystemEvent } from "openclaw/plugin-sdk/infra-runtime"; +import { getAgentScopedMediaLocalRoots } from "openclaw/plugin-sdk/media-runtime"; +import { dispatchPluginInteractiveHandler } from "openclaw/plugin-sdk/plugin-runtime"; +import { resolveChunkMode, resolveTextChunkLimit } from "openclaw/plugin-sdk/reply-runtime"; +import { + formatInboundEnvelope, + resolveEnvelopeFormatOptions, +} from "openclaw/plugin-sdk/reply-runtime"; +import { finalizeInboundContext } from "openclaw/plugin-sdk/reply-runtime"; +import { dispatchReplyWithBufferedBlockDispatcher } from "openclaw/plugin-sdk/reply-runtime"; +import { createReplyReferencePlanner } from "openclaw/plugin-sdk/reply-runtime"; +import { resolveAgentRoute } from "openclaw/plugin-sdk/routing"; +import { logVerbose } from "openclaw/plugin-sdk/runtime-env"; +import { createNonExitingRuntime, type RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; import { readStoreAllowFromForDmPolicy, resolvePinnedMainDmOwnerFromAllowlist, -} from "../../../../src/security/dm-policy-shared.js"; +} from "openclaw/plugin-sdk/security-runtime"; +import { logDebug, logError } from "openclaw/plugin-sdk/text-runtime"; import { resolveDiscordMaxLinesPerMessage } from "../accounts.js"; import { resolveDiscordComponentEntry, resolveDiscordModalEntry } from "../components-registry.js"; import { diff --git a/extensions/discord/src/monitor/allow-list.ts b/extensions/discord/src/monitor/allow-list.ts index 6391ad5c3a5..31d95f2f45b 100644 --- a/extensions/discord/src/monitor/allow-list.ts +++ b/extensions/discord/src/monitor/allow-list.ts @@ -1,12 +1,12 @@ import type { Guild, User } from "@buape/carbon"; -import type { AllowlistMatch } from "../../../../src/channels/allowlist-match.js"; +import type { AllowlistMatch } from "openclaw/plugin-sdk/channel-runtime"; import { buildChannelKeyCandidates, resolveChannelEntryMatchWithFallback, resolveChannelMatchConfig, type ChannelMatchSource, -} from "../../../../src/channels/channel-config.js"; -import { evaluateGroupRouteAccessForPolicy } from "../../../../src/plugin-sdk/group-access.js"; +} from "openclaw/plugin-sdk/channel-runtime"; +import { evaluateGroupRouteAccessForPolicy } from "openclaw/plugin-sdk/group-access"; import { formatDiscordUserTag } from "./format.js"; export type DiscordAllowList = { diff --git a/extensions/discord/src/monitor/auto-presence.ts b/extensions/discord/src/monitor/auto-presence.ts index 60e5619e348..b76ea6f6d5c 100644 --- a/extensions/discord/src/monitor/auto-presence.ts +++ b/extensions/discord/src/monitor/auto-presence.ts @@ -6,12 +6,12 @@ import { resolveProfilesUnavailableReason, type AuthProfileFailureReason, type AuthProfileStore, -} from "../../../../src/agents/auth-profiles.js"; +} from "openclaw/plugin-sdk/agent-runtime"; import type { DiscordAccountConfig, DiscordAutoPresenceConfig, -} from "../../../../src/config/config.js"; -import { warn } from "../../../../src/globals.js"; +} from "openclaw/plugin-sdk/config-runtime"; +import { warn } from "openclaw/plugin-sdk/runtime-env"; import { resolveDiscordPresenceUpdate } from "./presence.js"; const DEFAULT_CUSTOM_ACTIVITY_TYPE = 4; diff --git a/extensions/discord/src/monitor/commands.ts b/extensions/discord/src/monitor/commands.ts index a9bb9c1548e..43e92ea9122 100644 --- a/extensions/discord/src/monitor/commands.ts +++ b/extensions/discord/src/monitor/commands.ts @@ -1,4 +1,4 @@ -import type { DiscordSlashCommandConfig } from "../../../../src/config/types.discord.js"; +import type { DiscordSlashCommandConfig } from "openclaw/plugin-sdk/config-runtime"; export function resolveDiscordSlashCommandConfig( raw?: DiscordSlashCommandConfig, diff --git a/extensions/discord/src/monitor/dm-command-auth.ts b/extensions/discord/src/monitor/dm-command-auth.ts index 2fa02d9d605..1e8f1afbb4b 100644 --- a/extensions/discord/src/monitor/dm-command-auth.ts +++ b/extensions/discord/src/monitor/dm-command-auth.ts @@ -1,9 +1,9 @@ -import { resolveCommandAuthorizedFromAuthorizers } from "../../../../src/channels/command-gating.js"; +import { resolveCommandAuthorizedFromAuthorizers } from "openclaw/plugin-sdk/channel-runtime"; import { readStoreAllowFromForDmPolicy, resolveDmGroupAccessWithLists, type DmGroupAccessDecision, -} from "../../../../src/security/dm-policy-shared.js"; +} from "openclaw/plugin-sdk/security-runtime"; import { normalizeDiscordAllowList, resolveDiscordAllowListMatch } from "./allow-list.js"; const DISCORD_ALLOW_LIST_PREFIXES = ["discord:", "user:", "pk:"]; diff --git a/extensions/discord/src/monitor/dm-command-decision.ts b/extensions/discord/src/monitor/dm-command-decision.ts index 8c15e7cac11..ec5cb6330e0 100644 --- a/extensions/discord/src/monitor/dm-command-decision.ts +++ b/extensions/discord/src/monitor/dm-command-decision.ts @@ -1,5 +1,5 @@ -import { issuePairingChallenge } from "../../../../src/pairing/pairing-challenge.js"; -import { upsertChannelPairingRequest } from "../../../../src/pairing/pairing-store.js"; +import { issuePairingChallenge } from "openclaw/plugin-sdk/conversation-runtime"; +import { upsertChannelPairingRequest } from "openclaw/plugin-sdk/conversation-runtime"; import type { DiscordDmCommandAccess } from "./dm-command-auth.js"; export async function handleDiscordDmCommandDecision(params: { diff --git a/extensions/discord/src/monitor/exec-approvals.ts b/extensions/discord/src/monitor/exec-approvals.ts index e5fda7682a9..607d5088ad1 100644 --- a/extensions/discord/src/monitor/exec-approvals.ts +++ b/extensions/discord/src/monitor/exec-approvals.ts @@ -10,30 +10,24 @@ import { type TopLevelComponents, } from "@buape/carbon"; import { ButtonStyle, Routes } from "discord-api-types/v10"; -import type { OpenClawConfig } from "../../../../src/config/config.js"; -import { loadSessionStore, resolveStorePath } from "../../../../src/config/sessions.js"; -import type { DiscordExecApprovalConfig } from "../../../../src/config/types.discord.js"; -import { GatewayClient } from "../../../../src/gateway/client.js"; -import { createOperatorApprovalsGatewayClient } from "../../../../src/gateway/operator-approvals-client.js"; -import type { EventFrame } from "../../../../src/gateway/protocol/index.js"; -import { resolveExecApprovalCommandDisplay } from "../../../../src/infra/exec-approval-command-display.js"; -import { getExecApprovalApproverDmNoticeText } from "../../../../src/infra/exec-approval-reply.js"; +import { normalizeMessageChannel } from "openclaw/plugin-sdk/channel-runtime"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { loadSessionStore, resolveStorePath } from "openclaw/plugin-sdk/config-runtime"; +import type { DiscordExecApprovalConfig } from "openclaw/plugin-sdk/config-runtime"; +import { GatewayClient } from "openclaw/plugin-sdk/gateway-runtime"; +import { createOperatorApprovalsGatewayClient } from "openclaw/plugin-sdk/gateway-runtime"; +import type { EventFrame } from "openclaw/plugin-sdk/gateway-runtime"; +import { resolveExecApprovalCommandDisplay } from "openclaw/plugin-sdk/infra-runtime"; +import { getExecApprovalApproverDmNoticeText } from "openclaw/plugin-sdk/infra-runtime"; import type { ExecApprovalDecision, ExecApprovalRequest, ExecApprovalResolved, -} from "../../../../src/infra/exec-approvals.js"; -import { logDebug, logError } from "../../../../src/logger.js"; -import { - normalizeAccountId, - resolveAgentIdFromSessionKey, -} from "../../../../src/routing/session-key.js"; -import type { RuntimeEnv } from "../../../../src/runtime.js"; -import { - compileSafeRegex, - testRegexWithBoundedInput, -} from "../../../../src/security/safe-regex.js"; -import { normalizeMessageChannel } from "../../../../src/utils/message-channel.js"; +} from "openclaw/plugin-sdk/infra-runtime"; +import { normalizeAccountId, resolveAgentIdFromSessionKey } from "openclaw/plugin-sdk/routing"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; +import { compileSafeRegex, testRegexWithBoundedInput } from "openclaw/plugin-sdk/security-runtime"; +import { logDebug, logError } from "openclaw/plugin-sdk/text-runtime"; import { createDiscordClient, stripUndefinedFields } from "../send.shared.js"; import { DiscordUiContainer } from "../ui.js"; diff --git a/extensions/discord/src/monitor/gateway-plugin.ts b/extensions/discord/src/monitor/gateway-plugin.ts index 1799c16d79e..5acab8d5339 100644 --- a/extensions/discord/src/monitor/gateway-plugin.ts +++ b/extensions/discord/src/monitor/gateway-plugin.ts @@ -1,14 +1,15 @@ import { GatewayIntents, GatewayPlugin } from "@buape/carbon/gateway"; import type { APIGatewayBotInfo } from "discord-api-types/v10"; import { HttpsProxyAgent } from "https-proxy-agent"; +import type { DiscordAccountConfig } from "openclaw/plugin-sdk/config-runtime"; +import { danger } from "openclaw/plugin-sdk/runtime-env"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; import { ProxyAgent, fetch as undiciFetch } from "undici"; import WebSocket from "ws"; -import type { DiscordAccountConfig } from "../../../../src/config/types.js"; -import { danger } from "../../../../src/globals.js"; -import type { RuntimeEnv } from "../../../../src/runtime.js"; const DISCORD_GATEWAY_BOT_URL = "https://discord.com/api/v10/gateway/bot"; const DEFAULT_DISCORD_GATEWAY_URL = "wss://gateway.discord.gg/"; +const DISCORD_GATEWAY_INFO_TIMEOUT_MS = 10_000; type DiscordGatewayMetadataResponse = Pick; type DiscordGatewayFetchInit = Record & { @@ -19,8 +20,10 @@ type DiscordGatewayFetch = ( init?: DiscordGatewayFetchInit, ) => Promise; +type DiscordGatewayMetadataError = Error & { transient?: boolean }; + export function resolveDiscordGatewayIntents( - intentsConfig?: import("../../../../src/config/types.discord.js").DiscordIntentsConfig, + intentsConfig?: import("openclaw/plugin-sdk/config-runtime").DiscordIntentsConfig, ): number { let intents = GatewayIntents.Guilds | @@ -64,14 +67,36 @@ function createGatewayMetadataError(params: { transient: boolean; cause?: unknown; }): Error { - if (params.transient) { - return new Error("Failed to get gateway information from Discord: fetch failed", { - cause: params.cause ?? new Error(params.detail), - }); - } - return new Error(`Failed to get gateway information from Discord: ${params.detail}`, { - cause: params.cause, + const error = new Error( + params.transient + ? "Failed to get gateway information from Discord: fetch failed" + : `Failed to get gateway information from Discord: ${params.detail}`, + { + cause: params.cause ?? (params.transient ? new Error(params.detail) : undefined), + }, + ) as DiscordGatewayMetadataError; + Object.defineProperty(error, "transient", { + value: params.transient, + enumerable: false, }); + return error; +} + +function isTransientGatewayMetadataError(error: unknown): boolean { + return Boolean((error as DiscordGatewayMetadataError | undefined)?.transient); +} + +function createDefaultGatewayInfo(): APIGatewayBotInfo { + return { + url: DEFAULT_DISCORD_GATEWAY_URL, + shards: 1, + session_start_limit: { + total: 1, + remaining: 1, + reset_after: 0, + max_concurrency: 1, + }, + }; } async function fetchDiscordGatewayInfo(params: { @@ -134,6 +159,65 @@ async function fetchDiscordGatewayInfo(params: { } } +async function fetchDiscordGatewayInfoWithTimeout(params: { + token: string; + fetchImpl: DiscordGatewayFetch; + fetchInit?: DiscordGatewayFetchInit; + timeoutMs?: number; +}): Promise { + const timeoutMs = Math.max(1, params.timeoutMs ?? DISCORD_GATEWAY_INFO_TIMEOUT_MS); + const abortController = new AbortController(); + let timeoutId: ReturnType | undefined; + const timeoutPromise = new Promise((_, reject) => { + timeoutId = setTimeout(() => { + abortController.abort(); + reject( + createGatewayMetadataError({ + detail: `Discord API /gateway/bot timed out after ${timeoutMs}ms`, + transient: true, + cause: new Error("gateway metadata timeout"), + }), + ); + }, timeoutMs); + timeoutId.unref?.(); + }); + + try { + return await Promise.race([ + fetchDiscordGatewayInfo({ + token: params.token, + fetchImpl: params.fetchImpl, + fetchInit: { + ...params.fetchInit, + signal: abortController.signal, + }, + }), + timeoutPromise, + ]); + } finally { + if (timeoutId) { + clearTimeout(timeoutId); + } + } +} + +function resolveGatewayInfoWithFallback(params: { runtime?: RuntimeEnv; error: unknown }): { + info: APIGatewayBotInfo; + usedFallback: boolean; +} { + if (!isTransientGatewayMetadataError(params.error)) { + throw params.error; + } + const message = params.error instanceof Error ? params.error.message : String(params.error); + params.runtime?.log?.( + `discord: gateway metadata lookup failed transiently; using default gateway url (${message})`, + ); + return { + info: createDefaultGatewayInfo(), + usedFallback: true, + }; +} + function createGatewayPlugin(params: { options: { reconnect: { maxAttempts: number }; @@ -143,19 +227,29 @@ function createGatewayPlugin(params: { fetchImpl: DiscordGatewayFetch; fetchInit?: DiscordGatewayFetchInit; wsAgent?: HttpsProxyAgent; + runtime?: RuntimeEnv; }): GatewayPlugin { class SafeGatewayPlugin extends GatewayPlugin { + private gatewayInfoUsedFallback = false; + constructor() { super(params.options); } override async registerClient(client: Parameters[0]) { - if (!this.gatewayInfo) { - this.gatewayInfo = await fetchDiscordGatewayInfo({ + if (!this.gatewayInfo || this.gatewayInfoUsedFallback) { + const resolved = await fetchDiscordGatewayInfoWithTimeout({ token: client.options.token, fetchImpl: params.fetchImpl, fetchInit: params.fetchInit, - }); + }) + .then((info) => ({ + info, + usedFallback: false, + })) + .catch((error) => resolveGatewayInfoWithFallback({ runtime: params.runtime, error })); + this.gatewayInfo = resolved.info; + this.gatewayInfoUsedFallback = resolved.usedFallback; } return super.registerClient(client); } @@ -187,6 +281,7 @@ export function createDiscordGatewayPlugin(params: { return createGatewayPlugin({ options, fetchImpl: (input, init) => fetch(input, init as RequestInit), + runtime: params.runtime, }); } @@ -201,12 +296,14 @@ export function createDiscordGatewayPlugin(params: { fetchImpl: (input, init) => undiciFetch(input, init), fetchInit: { dispatcher: fetchAgent }, wsAgent, + runtime: params.runtime, }); } catch (err) { params.runtime.error?.(danger(`discord: invalid gateway proxy: ${String(err)}`)); return createGatewayPlugin({ options, fetchImpl: (input, init) => fetch(input, init as RequestInit), + runtime: params.runtime, }); } } diff --git a/extensions/discord/src/monitor/inbound-context.ts b/extensions/discord/src/monitor/inbound-context.ts index 26b2a07f03e..1f0608d3529 100644 --- a/extensions/discord/src/monitor/inbound-context.ts +++ b/extensions/discord/src/monitor/inbound-context.ts @@ -1,4 +1,4 @@ -import { buildUntrustedChannelMetadata } from "../../../../src/security/channel-metadata.js"; +import { buildUntrustedChannelMetadata } from "openclaw/plugin-sdk/security-runtime"; import { resolveDiscordOwnerAllowFrom, type DiscordChannelConfigResolved, diff --git a/extensions/discord/src/monitor/inbound-worker.ts b/extensions/discord/src/monitor/inbound-worker.ts index 214eb6a8020..33986e458a3 100644 --- a/extensions/discord/src/monitor/inbound-worker.ts +++ b/extensions/discord/src/monitor/inbound-worker.ts @@ -1,7 +1,7 @@ -import { createRunStateMachine } from "../../../../src/channels/run-state-machine.js"; -import { danger } from "../../../../src/globals.js"; -import { formatDurationSeconds } from "../../../../src/infra/format-time/format-duration.ts"; -import { KeyedAsyncQueue } from "../../../../src/plugin-sdk/keyed-async-queue.js"; +import { createRunStateMachine } from "openclaw/plugin-sdk/channel-runtime"; +import { formatDurationSeconds } from "openclaw/plugin-sdk/infra-runtime"; +import { KeyedAsyncQueue } from "openclaw/plugin-sdk/keyed-async-queue"; +import { danger } from "openclaw/plugin-sdk/runtime-env"; import { materializeDiscordInboundJob, type DiscordInboundJob } from "./inbound-job.js"; import type { RuntimeEnv } from "./message-handler.preflight.types.js"; import { processDiscordMessage } from "./message-handler.process.js"; diff --git a/extensions/discord/src/monitor/listeners.ts b/extensions/discord/src/monitor/listeners.ts index 318435d5318..9ed94d0a52f 100644 --- a/extensions/discord/src/monitor/listeners.ts +++ b/extensions/discord/src/monitor/listeners.ts @@ -8,16 +8,16 @@ import { ThreadUpdateListener, type User, } from "@buape/carbon"; -import type { OpenClawConfig } from "../../../../src/config/config.js"; -import { danger, logVerbose } from "../../../../src/globals.js"; -import { formatDurationSeconds } from "../../../../src/infra/format-time/format-duration.ts"; -import { enqueueSystemEvent } from "../../../../src/infra/system-events.js"; -import { createSubsystemLogger } from "../../../../src/logging/subsystem.js"; -import { resolveAgentRoute } from "../../../../src/routing/resolve-route.js"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { formatDurationSeconds } from "openclaw/plugin-sdk/infra-runtime"; +import { enqueueSystemEvent } from "openclaw/plugin-sdk/infra-runtime"; +import { resolveAgentRoute } from "openclaw/plugin-sdk/routing"; +import { danger, logVerbose } from "openclaw/plugin-sdk/runtime-env"; +import { createSubsystemLogger } from "openclaw/plugin-sdk/runtime-env"; import { readStoreAllowFromForDmPolicy, resolveDmGroupAccessWithLists, -} from "../../../../src/security/dm-policy-shared.js"; +} from "openclaw/plugin-sdk/security-runtime"; import { isDiscordGroupAllowedByPolicy, normalizeDiscordAllowList, @@ -36,11 +36,9 @@ import { isThreadArchived } from "./thread-bindings.discord-api.js"; import { closeDiscordThreadSessions } from "./thread-session-close.js"; import { normalizeDiscordListenerTimeoutMs, runDiscordTaskWithTimeout } from "./timeouts.js"; -type LoadedConfig = ReturnType; -type RuntimeEnv = import("../../../../src/runtime.js").RuntimeEnv; -type Logger = ReturnType< - typeof import("../../../../src/logging/subsystem.js").createSubsystemLogger ->; +type LoadedConfig = ReturnType; +type RuntimeEnv = import("openclaw/plugin-sdk/runtime-env").RuntimeEnv; +type Logger = ReturnType; export type DiscordMessageEvent = Parameters[0]; diff --git a/extensions/discord/src/monitor/message-handler.inbound-contract.test.ts b/extensions/discord/src/monitor/message-handler.inbound-context.test.ts similarity index 92% rename from extensions/discord/src/monitor/message-handler.inbound-contract.test.ts rename to extensions/discord/src/monitor/message-handler.inbound-context.test.ts index 6421d24a61a..29d49887d36 100644 --- a/extensions/discord/src/monitor/message-handler.inbound-contract.test.ts +++ b/extensions/discord/src/monitor/message-handler.inbound-context.test.ts @@ -1,6 +1,6 @@ import { describe, expect, it } from "vitest"; +import { inboundCtxCapture as capture } from "../../../../src/channels/plugins/contracts/inbound-testkit.js"; import { expectChannelInboundContextContract as expectInboundContextContract } from "../../../../src/channels/plugins/contracts/suites.js"; -import { inboundCtxCapture as capture } from "../../../../test/helpers/inbound-contract-dispatch-mock.js"; import type { DiscordMessagePreflightContext } from "./message-handler.preflight.js"; import { processDiscordMessage } from "./message-handler.process.js"; import { @@ -8,7 +8,7 @@ import { createDiscordDirectMessageContextOverrides, } from "./message-handler.test-harness.js"; -describe("discord processDiscordMessage inbound contract", () => { +describe("discord processDiscordMessage inbound context", () => { it("passes a finalized MsgContext to dispatchInboundMessage", async () => { capture.ctx = undefined; const messageCtx = await createBaseDiscordMessageContext({ diff --git a/extensions/discord/src/monitor/message-handler.module-test-helpers.ts b/extensions/discord/src/monitor/message-handler.module-test-helpers.ts index 83174ad5621..72327dfc608 100644 --- a/extensions/discord/src/monitor/message-handler.module-test-helpers.ts +++ b/extensions/discord/src/monitor/message-handler.module-test-helpers.ts @@ -1,5 +1,5 @@ +import type { MockFn } from "openclaw/plugin-sdk/testing"; import { vi } from "vitest"; -import type { MockFn } from "../../../../src/test-utils/vitest-mock-fn.js"; export const preflightDiscordMessageMock: MockFn = vi.fn(); export const processDiscordMessageMock: MockFn = vi.fn(); diff --git a/extensions/discord/src/monitor/message-handler.preflight.acp-bindings.test.ts b/extensions/discord/src/monitor/message-handler.preflight.acp-bindings.test.ts index 01bac15e856..982b9589b22 100644 --- a/extensions/discord/src/monitor/message-handler.preflight.acp-bindings.test.ts +++ b/extensions/discord/src/monitor/message-handler.preflight.acp-bindings.test.ts @@ -1,14 +1,18 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; -const ensureConfiguredAcpBindingSessionMock = vi.hoisted(() => vi.fn()); -const resolveConfiguredAcpBindingRecordMock = vi.hoisted(() => vi.fn()); +const ensureConfiguredBindingRouteReadyMock = vi.hoisted(() => vi.fn()); +const resolveConfiguredBindingRouteMock = vi.hoisted(() => vi.fn()); -vi.mock("../../../../src/acp/persistent-bindings.js", () => ({ - ensureConfiguredAcpBindingSession: (...args: unknown[]) => - ensureConfiguredAcpBindingSessionMock(...args), - resolveConfiguredAcpBindingRecord: (...args: unknown[]) => - resolveConfiguredAcpBindingRecordMock(...args), -})); +vi.mock("openclaw/plugin-sdk/conversation-runtime", async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + ensureConfiguredBindingRouteReady: (...args: unknown[]) => + ensureConfiguredBindingRouteReadyMock(...args), + resolveConfiguredBindingRoute: (...args: unknown[]) => + resolveConfiguredBindingRouteMock(...args), + }; +}); import { __testing as sessionBindingTesting } from "../../../../src/infra/outbound/session-binding-service.js"; import { preflightDiscordMessage } from "./message-handler.preflight.js"; @@ -52,6 +56,77 @@ function createConfiguredDiscordBinding() { } as const; } +function createConfiguredDiscordRoute() { + const configuredBinding = createConfiguredDiscordBinding(); + return { + bindingResolution: { + conversation: { + channel: "discord", + accountId: "default", + conversationId: CHANNEL_ID, + }, + compiledBinding: { + channel: "discord", + accountPattern: "default", + binding: { + type: "acp", + agentId: "codex", + match: { + channel: "discord", + accountId: "default", + peer: { + kind: "channel", + id: CHANNEL_ID, + }, + }, + }, + bindingConversationId: CHANNEL_ID, + target: { + conversationId: CHANNEL_ID, + }, + agentId: "codex", + provider: { + compileConfiguredBinding: () => ({ conversationId: CHANNEL_ID }), + matchInboundConversation: () => ({ conversationId: CHANNEL_ID }), + }, + targetFactory: { + driverId: "acp", + materialize: () => ({ + record: configuredBinding.record, + statefulTarget: { + kind: "stateful", + driverId: "acp", + sessionKey: configuredBinding.record.targetSessionKey, + agentId: configuredBinding.spec.agentId, + }, + }), + }, + }, + match: { + conversationId: CHANNEL_ID, + }, + record: configuredBinding.record, + statefulTarget: { + kind: "stateful", + driverId: "acp", + sessionKey: configuredBinding.record.targetSessionKey, + agentId: configuredBinding.spec.agentId, + }, + }, + configuredBinding, + boundSessionKey: configuredBinding.record.targetSessionKey, + route: { + agentId: "codex", + accountId: "default", + channel: "discord", + sessionKey: configuredBinding.record.targetSessionKey, + mainSessionKey: "agent:codex:main", + matchedBy: "binding.channel", + lastRoutePolicy: "bound", + }, + } as const; +} + function createBasePreflightParams(overrides?: Record) { const message = createDiscordMessage({ id: "m-1", @@ -94,13 +169,10 @@ function createBasePreflightParams(overrides?: Record) { describe("preflightDiscordMessage configured ACP bindings", () => { beforeEach(() => { sessionBindingTesting.resetSessionBindingAdaptersForTests(); - ensureConfiguredAcpBindingSessionMock.mockReset(); - resolveConfiguredAcpBindingRecordMock.mockReset(); - resolveConfiguredAcpBindingRecordMock.mockReturnValue(createConfiguredDiscordBinding()); - ensureConfiguredAcpBindingSessionMock.mockResolvedValue({ - ok: true, - sessionKey: "agent:codex:acp:binding:discord:default:abc123", - }); + ensureConfiguredBindingRouteReadyMock.mockReset(); + resolveConfiguredBindingRouteMock.mockReset(); + resolveConfiguredBindingRouteMock.mockReturnValue(createConfiguredDiscordRoute()); + ensureConfiguredBindingRouteReadyMock.mockResolvedValue({ ok: true }); }); it("does not initialize configured ACP bindings for rejected messages", async () => { @@ -121,8 +193,8 @@ describe("preflightDiscordMessage configured ACP bindings", () => { ); expect(result).toBeNull(); - expect(resolveConfiguredAcpBindingRecordMock).toHaveBeenCalledTimes(1); - expect(ensureConfiguredAcpBindingSessionMock).not.toHaveBeenCalled(); + expect(resolveConfiguredBindingRouteMock).toHaveBeenCalledTimes(1); + expect(ensureConfiguredBindingRouteReadyMock).not.toHaveBeenCalled(); }); it("initializes configured ACP bindings only after preflight accepts the message", async () => { @@ -144,8 +216,176 @@ describe("preflightDiscordMessage configured ACP bindings", () => { ); expect(result).not.toBeNull(); - expect(resolveConfiguredAcpBindingRecordMock).toHaveBeenCalledTimes(1); - expect(ensureConfiguredAcpBindingSessionMock).toHaveBeenCalledTimes(1); + expect(resolveConfiguredBindingRouteMock).toHaveBeenCalledTimes(1); + expect(ensureConfiguredBindingRouteReadyMock).toHaveBeenCalledTimes(1); expect(result?.boundSessionKey).toBe("agent:codex:acp:binding:discord:default:abc123"); }); + + it("accepts plain messages in configured ACP-bound channels without a mention", async () => { + const message = createDiscordMessage({ + id: "m-no-mention", + channelId: CHANNEL_ID, + content: "hello", + mentionedUsers: [], + author: { + id: "user-1", + bot: false, + username: "alice", + }, + }); + + const result = await preflightDiscordMessage( + createBasePreflightParams({ + data: createGuildEvent({ + channelId: CHANNEL_ID, + guildId: GUILD_ID, + author: message.author, + message, + }), + guildEntries: { + [GUILD_ID]: { + id: GUILD_ID, + channels: { + [CHANNEL_ID]: { + allow: true, + enabled: true, + requireMention: true, + }, + }, + }, + }, + }), + ); + + expect(result).not.toBeNull(); + expect(ensureConfiguredBindingRouteReadyMock).toHaveBeenCalledTimes(1); + expect(result?.boundSessionKey).toBe("agent:codex:acp:binding:discord:default:abc123"); + }); + + it("hydrates empty guild message payloads from REST before ensuring configured ACP bindings", async () => { + const message = createDiscordMessage({ + id: "m-rest", + channelId: CHANNEL_ID, + content: "", + author: { + id: "user-1", + bot: false, + username: "alice", + }, + }); + const restGet = vi.fn(async () => ({ + id: "m-rest", + content: "hello from rest", + attachments: [], + embeds: [], + mentions: [], + mention_roles: [], + mention_everyone: false, + author: { + id: "user-1", + username: "alice", + }, + })); + const client = { + ...createGuildTextClient(CHANNEL_ID), + rest: { + get: restGet, + }, + } as unknown as Parameters[0]["client"]; + + const result = await preflightDiscordMessage( + createBasePreflightParams({ + client, + data: createGuildEvent({ + channelId: CHANNEL_ID, + guildId: GUILD_ID, + author: message.author, + message, + }), + guildEntries: { + [GUILD_ID]: { + id: GUILD_ID, + channels: { + [CHANNEL_ID]: { + allow: true, + enabled: true, + requireMention: false, + }, + }, + }, + }, + }), + ); + + expect(restGet).toHaveBeenCalledTimes(1); + expect(result?.messageText).toBe("hello from rest"); + expect(result?.data.message.content).toBe("hello from rest"); + expect(ensureConfiguredBindingRouteReadyMock).toHaveBeenCalledTimes(1); + }); + + it("hydrates sticker-only guild message payloads from REST before ensuring configured ACP bindings", async () => { + const message = createDiscordMessage({ + id: "m-rest-sticker", + channelId: CHANNEL_ID, + content: "", + author: { + id: "user-1", + bot: false, + username: "alice", + }, + }); + const restGet = vi.fn(async () => ({ + id: "m-rest-sticker", + content: "", + attachments: [], + embeds: [], + mentions: [], + mention_roles: [], + mention_everyone: false, + sticker_items: [ + { + id: "sticker-1", + name: "wave", + }, + ], + author: { + id: "user-1", + username: "alice", + }, + })); + const client = { + ...createGuildTextClient(CHANNEL_ID), + rest: { + get: restGet, + }, + } as unknown as Parameters[0]["client"]; + + const result = await preflightDiscordMessage( + createBasePreflightParams({ + client, + data: createGuildEvent({ + channelId: CHANNEL_ID, + guildId: GUILD_ID, + author: message.author, + message, + }), + guildEntries: { + [GUILD_ID]: { + id: GUILD_ID, + channels: { + [CHANNEL_ID]: { + allow: true, + enabled: true, + requireMention: false, + }, + }, + }, + }, + }), + ); + + expect(restGet).toHaveBeenCalledTimes(1); + expect(result?.messageText).toBe(" (1 sticker)"); + expect(ensureConfiguredBindingRouteReadyMock).toHaveBeenCalledTimes(1); + }); }); diff --git a/extensions/discord/src/monitor/message-handler.preflight.test-helpers.ts b/extensions/discord/src/monitor/message-handler.preflight.test-helpers.ts index 24895d287f7..8c6aa5f3cc1 100644 --- a/extensions/discord/src/monitor/message-handler.preflight.test-helpers.ts +++ b/extensions/discord/src/monitor/message-handler.preflight.test-helpers.ts @@ -1,5 +1,5 @@ import { ChannelType } from "@buape/carbon"; -import type { OpenClawConfig } from "../../../../src/config/config.js"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; import type { preflightDiscordMessage } from "./message-handler.preflight.js"; import { createNoopThreadBindingManager } from "./thread-bindings.js"; @@ -90,7 +90,7 @@ export function createDiscordPreflightArgs(params: { discordConfig: params.discordConfig, accountId: "default", token: "token", - runtime: {} as import("../../../../src/runtime.js").RuntimeEnv, + runtime: {} as import("openclaw/plugin-sdk/runtime-env").RuntimeEnv, botUserId: params.botUserId ?? "openclaw-bot", guildHistories: new Map(), historyLimit: 0, diff --git a/extensions/discord/src/monitor/message-handler.preflight.test.ts b/extensions/discord/src/monitor/message-handler.preflight.test.ts index 2fb14bafe8e..bd55cd2ead2 100644 --- a/extensions/discord/src/monitor/message-handler.preflight.test.ts +++ b/extensions/discord/src/monitor/message-handler.preflight.test.ts @@ -3,7 +3,7 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; const transcribeFirstAudioMock = vi.hoisted(() => vi.fn()); -vi.mock("../../../../src/media-understanding/audio-preflight.js", () => ({ +vi.mock("./preflight-audio.runtime.js", () => ({ transcribeFirstAudio: (...args: unknown[]) => transcribeFirstAudioMock(...args), })); import { @@ -229,16 +229,16 @@ describe("resolvePreflightMentionRequirement", () => { expect( resolvePreflightMentionRequirement({ shouldRequireMention: true, - isBoundThreadSession: false, + bypassMentionRequirement: false, }), ).toBe(true); }); - it("disables mention requirement for bound thread sessions", () => { + it("disables mention requirement when the route explicitly bypasses mentions", () => { expect( resolvePreflightMentionRequirement({ shouldRequireMention: true, - isBoundThreadSession: true, + bypassMentionRequirement: true, }), ).toBe(false); }); @@ -247,7 +247,7 @@ describe("resolvePreflightMentionRequirement", () => { expect( resolvePreflightMentionRequirement({ shouldRequireMention: false, - isBoundThreadSession: false, + bypassMentionRequirement: false, }), ).toBe(false); }); @@ -378,6 +378,68 @@ describe("preflightDiscordMessage", () => { expect(result?.boundSessionKey).toBe(threadBinding.targetSessionKey); }); + it("drops hydrated bound-thread webhook echoes after fetching an empty payload", async () => { + const threadBinding = createThreadBinding({ + targetKind: "session", + targetSessionKey: "agent:main:acp:discord-thread-1", + }); + const threadId = "thread-webhook-hydrated-1"; + const parentId = "channel-parent-webhook-hydrated-1"; + const message = createDiscordMessage({ + id: "m-webhook-hydrated-1", + channelId: threadId, + content: "", + author: { + id: "relay-bot-1", + bot: true, + username: "Relay", + }, + }); + const restGet = vi.fn(async () => ({ + id: message.id, + content: "webhook relay", + webhook_id: "wh-1", + attachments: [], + embeds: [], + mentions: [], + mention_roles: [], + mention_everyone: false, + author: { + id: "relay-bot-1", + username: "Relay", + bot: true, + }, + })); + const client = { + ...createThreadClient({ threadId, parentId }), + rest: { + get: restGet, + }, + } as unknown as DiscordClient; + + const result = await preflightDiscordMessage({ + ...createPreflightArgs({ + cfg: DEFAULT_PREFLIGHT_CFG, + discordConfig: { + allowBots: true, + } as DiscordConfig, + data: createGuildEvent({ + channelId: threadId, + guildId: "guild-1", + author: message.author, + message, + }), + client, + }), + threadBindings: { + getByThreadId: (id: string) => (id === threadId ? threadBinding : undefined), + } as import("./thread-bindings.js").ThreadBindingManager, + }); + + expect(restGet).toHaveBeenCalledTimes(1); + expect(result).toBeNull(); + }); + it("bypasses mention gating in bound threads for allowed bot senders", async () => { const threadBinding = createThreadBinding(); const threadId = "thread-bot-focus"; @@ -655,8 +717,8 @@ describe("preflightDiscordMessage", () => { }, }); - const result = await preflightDiscordMessage( - createPreflightArgs({ + const result = await preflightDiscordMessage({ + ...createPreflightArgs({ cfg: { ...DEFAULT_PREFLIGHT_CFG, messages: { @@ -674,7 +736,17 @@ describe("preflightDiscordMessage", () => { }), client, }), - ); + guildEntries: { + "guild-1": { + channels: { + [channelId]: { + allow: true, + requireMention: true, + }, + }, + }, + }, + }); expect(transcribeFirstAudioMock).toHaveBeenCalledTimes(1); expect(transcribeFirstAudioMock).toHaveBeenCalledWith( diff --git a/extensions/discord/src/monitor/message-handler.preflight.ts b/extensions/discord/src/monitor/message-handler.preflight.ts index 77640784063..9094cabb645 100644 --- a/extensions/discord/src/monitor/message-handler.preflight.ts +++ b/extensions/discord/src/monitor/message-handler.preflight.ts @@ -1,36 +1,34 @@ -import { ChannelType, MessageType, type User } from "@buape/carbon"; +import { ChannelType, MessageType, type Message, type User } from "@buape/carbon"; +import { Routes, type APIMessage } from "discord-api-types/v10"; +import { formatAllowlistMatchMeta } from "openclaw/plugin-sdk/channel-runtime"; +import { resolveControlCommandGate } from "openclaw/plugin-sdk/channel-runtime"; +import { logInboundDrop } from "openclaw/plugin-sdk/channel-runtime"; +import { resolveMentionGatingWithBypass } from "openclaw/plugin-sdk/channel-runtime"; +import { loadConfig } from "openclaw/plugin-sdk/config-runtime"; +import { isDangerousNameMatchingEnabled } from "openclaw/plugin-sdk/config-runtime"; import { - ensureConfiguredAcpRouteReady, - resolveConfiguredAcpRoute, -} from "../../../../src/acp/persistent-bindings.route.js"; -import { hasControlCommand } from "../../../../src/auto-reply/command-detection.js"; -import { shouldHandleTextCommands } from "../../../../src/auto-reply/commands-registry.js"; -import { - recordPendingHistoryEntryIfEnabled, - type HistoryEntry, -} from "../../../../src/auto-reply/reply/history.js"; -import { - buildMentionRegexes, - matchesMentionWithExplicit, -} from "../../../../src/auto-reply/reply/mentions.js"; -import { formatAllowlistMatchMeta } from "../../../../src/channels/allowlist-match.js"; -import { resolveControlCommandGate } from "../../../../src/channels/command-gating.js"; -import { logInboundDrop } from "../../../../src/channels/logging.js"; -import { resolveMentionGatingWithBypass } from "../../../../src/channels/mention-gating.js"; -import { loadConfig } from "../../../../src/config/config.js"; -import { isDangerousNameMatchingEnabled } from "../../../../src/config/dangerous-name-matching.js"; -import { logVerbose, shouldLogVerbose } from "../../../../src/globals.js"; -import { recordChannelActivity } from "../../../../src/infra/channel-activity.js"; + ensureConfiguredBindingRouteReady, + resolveConfiguredBindingRoute, +} from "openclaw/plugin-sdk/conversation-runtime"; import { getSessionBindingService, type SessionBindingRecord, -} from "../../../../src/infra/outbound/session-binding-service.js"; -import { enqueueSystemEvent } from "../../../../src/infra/system-events.js"; -import { logDebug } from "../../../../src/logger.js"; -import { getChildLogger } from "../../../../src/logging.js"; -import { buildPairingReply } from "../../../../src/pairing/pairing-messages.js"; -import { isPluginOwnedSessionBindingRecord } from "../../../../src/plugins/conversation-binding.js"; -import { DEFAULT_ACCOUNT_ID } from "../../../../src/routing/session-key.js"; +} from "openclaw/plugin-sdk/conversation-runtime"; +import { buildPairingReply } from "openclaw/plugin-sdk/conversation-runtime"; +import { isPluginOwnedSessionBindingRecord } from "openclaw/plugin-sdk/conversation-runtime"; +import { recordChannelActivity } from "openclaw/plugin-sdk/infra-runtime"; +import { enqueueSystemEvent } from "openclaw/plugin-sdk/infra-runtime"; +import { hasControlCommand } from "openclaw/plugin-sdk/reply-runtime"; +import { shouldHandleTextCommands } from "openclaw/plugin-sdk/reply-runtime"; +import { + recordPendingHistoryEntryIfEnabled, + type HistoryEntry, +} from "openclaw/plugin-sdk/reply-runtime"; +import { buildMentionRegexes, matchesMentionWithExplicit } from "openclaw/plugin-sdk/reply-runtime"; +import { DEFAULT_ACCOUNT_ID } from "openclaw/plugin-sdk/routing"; +import { logVerbose, shouldLogVerbose } from "openclaw/plugin-sdk/runtime-env"; +import { getChildLogger } from "openclaw/plugin-sdk/runtime-env"; +import { logDebug } from "openclaw/plugin-sdk/text-runtime"; import { fetchPluralKitMessageInfo } from "../pluralkit.js"; import { sendMessageDiscord } from "../send.js"; import { @@ -98,12 +96,12 @@ function isBoundThreadBotSystemMessage(params: { export function resolvePreflightMentionRequirement(params: { shouldRequireMention: boolean; - isBoundThreadSession: boolean; + bypassMentionRequirement: boolean; }): boolean { if (!params.shouldRequireMention) { return false; } - return !params.isBoundThreadSession; + return !params.bypassMentionRequirement; } export function shouldIgnoreBoundThreadWebhookMessage(params: { @@ -134,6 +132,95 @@ export function shouldIgnoreBoundThreadWebhookMessage(params: { return webhookId === boundWebhookId; } +function mergeFetchedDiscordMessage(base: Message, fetched: APIMessage): Message { + const baseReferenced = ( + base as unknown as { + referencedMessage?: { + mentionedUsers?: unknown[]; + mentionedRoles?: unknown[]; + mentionedEveryone?: boolean; + }; + } + ).referencedMessage; + const fetchedMentions = Array.isArray(fetched.mentions) + ? fetched.mentions.map((mention) => ({ + ...mention, + globalName: mention.global_name ?? undefined, + })) + : undefined; + const referencedMessage = fetched.referenced_message + ? ({ + ...((base as { referencedMessage?: object }).referencedMessage ?? {}), + ...fetched.referenced_message, + mentionedUsers: Array.isArray(fetched.referenced_message.mentions) + ? fetched.referenced_message.mentions.map((mention) => ({ + ...mention, + globalName: mention.global_name ?? undefined, + })) + : (baseReferenced?.mentionedUsers ?? []), + mentionedRoles: + fetched.referenced_message.mention_roles ?? baseReferenced?.mentionedRoles ?? [], + mentionedEveryone: + fetched.referenced_message.mention_everyone ?? baseReferenced?.mentionedEveryone ?? false, + } satisfies Record) + : (base as { referencedMessage?: Message }).referencedMessage; + const rawData = { + ...((base as { rawData?: Record }).rawData ?? {}), + message_snapshots: + fetched.message_snapshots ?? + (base as { rawData?: { message_snapshots?: unknown } }).rawData?.message_snapshots, + sticker_items: + (fetched as { sticker_items?: unknown }).sticker_items ?? + (base as { rawData?: { sticker_items?: unknown } }).rawData?.sticker_items, + }; + return { + ...base, + ...fetched, + content: fetched.content ?? base.content, + attachments: fetched.attachments ?? base.attachments, + embeds: fetched.embeds ?? base.embeds, + stickers: + (fetched as { stickers?: unknown }).stickers ?? + (fetched as { sticker_items?: unknown }).sticker_items ?? + base.stickers, + mentionedUsers: fetchedMentions ?? base.mentionedUsers, + mentionedRoles: fetched.mention_roles ?? base.mentionedRoles, + mentionedEveryone: fetched.mention_everyone ?? base.mentionedEveryone, + referencedMessage, + rawData, + } as unknown as Message; +} + +async function hydrateDiscordMessageIfEmpty(params: { + client: DiscordMessagePreflightParams["client"]; + message: Message; + messageChannelId: string; +}): Promise { + const currentText = resolveDiscordMessageText(params.message, { + includeForwarded: true, + }); + if (currentText) { + return params.message; + } + const rest = params.client.rest as { get?: (route: string) => Promise } | undefined; + if (typeof rest?.get !== "function") { + return params.message; + } + try { + const fetched = (await rest.get( + Routes.channelMessage(params.messageChannelId, params.message.id), + )) as APIMessage | null | undefined; + if (!fetched) { + return params.message; + } + logVerbose(`discord: hydrated empty inbound payload via REST for ${params.message.id}`); + return mergeFetchedDiscordMessage(params.message, fetched); + } catch (err) { + logVerbose(`discord: failed to hydrate message ${params.message.id}: ${String(err)}`); + return params.message; + } +} + export async function preflightDiscordMessage( params: DiscordMessagePreflightParams, ): Promise { @@ -141,7 +228,7 @@ export async function preflightDiscordMessage( return null; } const logger = getChildLogger({ module: "discord-auto-reply" }); - const message = params.data.message; + let message = params.data.message; const author = params.data.author; if (!author) { return null; @@ -163,6 +250,15 @@ export async function preflightDiscordMessage( return null; } + message = await hydrateDiscordMessageIfEmpty({ + client: params.client, + message, + messageChannelId, + }); + if (isPreflightAborted(params.abortSignal)) { + return null; + } + const pluralkitConfig = params.discordConfig?.pluralkit; const webhookId = resolveDiscordWebhookId(message); const shouldCheckPluralKit = Boolean(pluralkitConfig?.enabled) && !webhookId; @@ -200,6 +296,7 @@ export async function preflightDiscordMessage( } const isDirectMessage = channelInfo?.type === ChannelType.DM; const isGroupDm = channelInfo?.type === ChannelType.GroupDM; + const data = message === params.data.message ? params.data : { ...params.data, message }; logDebug( `[discord-preflight] channelId=${messageChannelId} guild_id=${params.data.guild_id} channelType=${channelInfo?.type} isGuild=${isGuildMessage} isDM=${isDirectMessage} isGroupDm=${isGroupDm}`, ); @@ -362,16 +459,18 @@ export async function preflightDiscordMessage( }) ?? undefined; const configuredRoute = threadBinding == null - ? resolveConfiguredAcpRoute({ + ? resolveConfiguredBindingRoute({ cfg: freshCfg, route, - channel: "discord", - accountId: params.accountId, - conversationId: messageChannelId, - parentConversationId: earlyThreadParentId, + conversation: { + channel: "discord", + accountId: params.accountId, + conversationId: messageChannelId, + parentConversationId: earlyThreadParentId, + }, }) : null; - const configuredBinding = configuredRoute?.configuredBinding ?? null; + const configuredBinding = configuredRoute?.bindingResolution ?? null; if (!threadBinding && configuredBinding) { threadBinding = configuredBinding.record; } @@ -397,6 +496,7 @@ export async function preflightDiscordMessage( }); const boundAgentId = boundSessionKey ? effectiveRoute.agentId : undefined; const isBoundThreadSession = Boolean(threadBinding && earlyThreadChannel); + const bypassMentionRequirement = isBoundThreadSession || Boolean(configuredBinding); if ( isBoundThreadBotSystemMessage({ isBoundThreadSession, @@ -582,7 +682,7 @@ export async function preflightDiscordMessage( }); const shouldRequireMention = resolvePreflightMentionRequirement({ shouldRequireMention: shouldRequireMentionByConfig, - isBoundThreadSession, + bypassMentionRequirement, }); // Preflight audio transcription for mention detection in guilds. @@ -767,13 +867,13 @@ export async function preflightDiscordMessage( return null; } if (configuredBinding) { - const ensured = await ensureConfiguredAcpRouteReady({ + const ensured = await ensureConfiguredBindingRouteReady({ cfg: freshCfg, - configuredBinding, + bindingResolution: configuredBinding, }); if (!ensured.ok) { logVerbose( - `discord: configured ACP binding unavailable for channel ${configuredBinding.spec.conversationId}: ${ensured.error}`, + `discord: configured ACP binding unavailable for channel ${configuredBinding.record.conversation.conversationId}: ${ensured.error}`, ); return null; } @@ -797,7 +897,7 @@ export async function preflightDiscordMessage( replyToMode: params.replyToMode, ackReactionScope: params.ackReactionScope, groupPolicy: params.groupPolicy, - data: params.data, + data, client: params.client, message, messageChannelId, diff --git a/extensions/discord/src/monitor/message-handler.preflight.types.ts b/extensions/discord/src/monitor/message-handler.preflight.types.ts index a123a22dcaa..368352e1551 100644 --- a/extensions/discord/src/monitor/message-handler.preflight.types.ts +++ b/extensions/discord/src/monitor/message-handler.preflight.types.ts @@ -1,8 +1,8 @@ import type { ChannelType, Client, User } from "@buape/carbon"; -import type { HistoryEntry } from "../../../../src/auto-reply/reply/history.js"; -import type { ReplyToMode } from "../../../../src/config/config.js"; -import type { SessionBindingRecord } from "../../../../src/infra/outbound/session-binding-service.js"; -import type { resolveAgentRoute } from "../../../../src/routing/resolve-route.js"; +import type { ReplyToMode } from "openclaw/plugin-sdk/config-runtime"; +import type { SessionBindingRecord } from "openclaw/plugin-sdk/conversation-runtime"; +import type { HistoryEntry } from "openclaw/plugin-sdk/reply-runtime"; +import type { resolveAgentRoute } from "openclaw/plugin-sdk/routing"; import type { DiscordChannelConfigResolved, DiscordGuildEntryResolved } from "./allow-list.js"; import type { DiscordChannelInfo } from "./message-utils.js"; import type { DiscordThreadBindingLookup } from "./reply-delivery.js"; @@ -11,15 +11,17 @@ import type { DiscordSenderIdentity } from "./sender-identity.js"; export type { DiscordSenderIdentity } from "./sender-identity.js"; import type { DiscordThreadChannel } from "./threading.js"; -export type LoadedConfig = ReturnType; -export type RuntimeEnv = import("../../../../src/runtime.js").RuntimeEnv; +export type LoadedConfig = ReturnType< + typeof import("openclaw/plugin-sdk/config-runtime").loadConfig +>; +export type RuntimeEnv = import("openclaw/plugin-sdk/runtime-env").RuntimeEnv; export type DiscordMessageEvent = import("./listeners.js").DiscordMessageEvent; type DiscordMessagePreflightSharedFields = { cfg: LoadedConfig; discordConfig: NonNullable< - import("../../../../src/config/config.js").OpenClawConfig["channels"] + import("openclaw/plugin-sdk/config-runtime").OpenClawConfig["channels"] >["discord"]; accountId: string; token: string; diff --git a/extensions/discord/src/monitor/message-handler.process.ts b/extensions/discord/src/monitor/message-handler.process.ts index dc86c3720ef..526ca4ecb71 100644 --- a/extensions/discord/src/monitor/message-handler.process.ts +++ b/extensions/discord/src/monitor/message-handler.process.ts @@ -1,40 +1,40 @@ import { ChannelType, type RequestClient } from "@buape/carbon"; -import { resolveAckReaction, resolveHumanDelayConfig } from "../../../../src/agents/identity.js"; -import { EmbeddedBlockChunker } from "../../../../src/agents/pi-embedded-block-chunker.js"; -import { resolveChunkMode } from "../../../../src/auto-reply/chunk.js"; -import { dispatchInboundMessage } from "../../../../src/auto-reply/dispatch.js"; -import { - formatInboundEnvelope, - resolveEnvelopeFormatOptions, -} from "../../../../src/auto-reply/envelope.js"; -import { - buildPendingHistoryContextFromMap, - clearHistoryEntriesIfEnabled, -} from "../../../../src/auto-reply/reply/history.js"; -import { finalizeInboundContext } from "../../../../src/auto-reply/reply/inbound-context.js"; -import { createReplyDispatcherWithTyping } from "../../../../src/auto-reply/reply/reply-dispatcher.js"; -import type { ReplyPayload } from "../../../../src/auto-reply/types.js"; -import { shouldAckReaction as shouldAckReactionGate } from "../../../../src/channels/ack-reactions.js"; -import { logTypingFailure, logAckFailure } from "../../../../src/channels/logging.js"; -import { createReplyPrefixOptions } from "../../../../src/channels/reply-prefix.js"; -import { recordInboundSession } from "../../../../src/channels/session.js"; +import { resolveAckReaction, resolveHumanDelayConfig } from "openclaw/plugin-sdk/agent-runtime"; +import { EmbeddedBlockChunker } from "openclaw/plugin-sdk/agent-runtime"; +import { shouldAckReaction as shouldAckReactionGate } from "openclaw/plugin-sdk/channel-runtime"; +import { logTypingFailure, logAckFailure } from "openclaw/plugin-sdk/channel-runtime"; +import { createReplyPrefixOptions } from "openclaw/plugin-sdk/channel-runtime"; +import { recordInboundSession } from "openclaw/plugin-sdk/channel-runtime"; import { createStatusReactionController, DEFAULT_TIMING, type StatusReactionAdapter, -} from "../../../../src/channels/status-reactions.js"; -import { createTypingCallbacks } from "../../../../src/channels/typing.js"; -import { isDangerousNameMatchingEnabled } from "../../../../src/config/dangerous-name-matching.js"; -import { resolveDiscordPreviewStreamMode } from "../../../../src/config/discord-preview-streaming.js"; -import { resolveMarkdownTableMode } from "../../../../src/config/markdown-tables.js"; -import { readSessionUpdatedAt, resolveStorePath } from "../../../../src/config/sessions.js"; -import { danger, logVerbose, shouldLogVerbose } from "../../../../src/globals.js"; -import { convertMarkdownTables } from "../../../../src/markdown/tables.js"; -import { getAgentScopedMediaLocalRoots } from "../../../../src/media/local-roots.js"; -import { buildAgentSessionKey } from "../../../../src/routing/resolve-route.js"; -import { resolveThreadSessionKeys } from "../../../../src/routing/session-key.js"; -import { stripReasoningTagsFromText } from "../../../../src/shared/text/reasoning-tags.js"; -import { truncateUtf16Safe } from "../../../../src/utils.js"; +} from "openclaw/plugin-sdk/channel-runtime"; +import { createTypingCallbacks } from "openclaw/plugin-sdk/channel-runtime"; +import { isDangerousNameMatchingEnabled } from "openclaw/plugin-sdk/config-runtime"; +import { resolveDiscordPreviewStreamMode } from "openclaw/plugin-sdk/config-runtime"; +import { resolveMarkdownTableMode } from "openclaw/plugin-sdk/config-runtime"; +import { readSessionUpdatedAt, resolveStorePath } from "openclaw/plugin-sdk/config-runtime"; +import { getAgentScopedMediaLocalRoots } from "openclaw/plugin-sdk/media-runtime"; +import { resolveChunkMode } from "openclaw/plugin-sdk/reply-runtime"; +import { dispatchInboundMessage } from "openclaw/plugin-sdk/reply-runtime"; +import { + formatInboundEnvelope, + resolveEnvelopeFormatOptions, +} from "openclaw/plugin-sdk/reply-runtime"; +import { + buildPendingHistoryContextFromMap, + clearHistoryEntriesIfEnabled, +} from "openclaw/plugin-sdk/reply-runtime"; +import { finalizeInboundContext } from "openclaw/plugin-sdk/reply-runtime"; +import { createReplyDispatcherWithTyping } from "openclaw/plugin-sdk/reply-runtime"; +import type { ReplyPayload } from "openclaw/plugin-sdk/reply-runtime"; +import { buildAgentSessionKey } from "openclaw/plugin-sdk/routing"; +import { resolveThreadSessionKeys } from "openclaw/plugin-sdk/routing"; +import { danger, logVerbose, shouldLogVerbose } from "openclaw/plugin-sdk/runtime-env"; +import { convertMarkdownTables } from "openclaw/plugin-sdk/text-runtime"; +import { stripReasoningTagsFromText } from "openclaw/plugin-sdk/text-runtime"; +import { truncateUtf16Safe } from "openclaw/plugin-sdk/text-runtime"; import { resolveDiscordMaxLinesPerMessage } from "../accounts.js"; import { chunkDiscordTextWithMode } from "../chunk.js"; import { resolveDiscordDraftStreamingChunking } from "../draft-chunking.js"; diff --git a/extensions/discord/src/monitor/message-handler.test-helpers.ts b/extensions/discord/src/monitor/message-handler.test-helpers.ts index 04bfb9b603c..ed232ae43fb 100644 --- a/extensions/discord/src/monitor/message-handler.test-helpers.ts +++ b/extensions/discord/src/monitor/message-handler.test-helpers.ts @@ -1,5 +1,5 @@ +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; import { vi } from "vitest"; -import type { OpenClawConfig } from "../../../../src/config/types.js"; import type { createDiscordMessageHandler } from "./message-handler.js"; import { createNoopThreadBindingManager } from "./thread-bindings.js"; diff --git a/extensions/discord/src/monitor/message-handler.ts b/extensions/discord/src/monitor/message-handler.ts index 2c9745a8bf0..400f35a2529 100644 --- a/extensions/discord/src/monitor/message-handler.ts +++ b/extensions/discord/src/monitor/message-handler.ts @@ -2,9 +2,9 @@ import type { Client } from "@buape/carbon"; import { createChannelInboundDebouncer, shouldDebounceTextInbound, -} from "../../../../src/channels/inbound-debounce-policy.js"; -import { resolveOpenProviderRuntimeGroupPolicy } from "../../../../src/config/runtime-group-policy.js"; -import { danger } from "../../../../src/globals.js"; +} from "openclaw/plugin-sdk/channel-runtime"; +import { resolveOpenProviderRuntimeGroupPolicy } from "openclaw/plugin-sdk/config-runtime"; +import { danger } from "openclaw/plugin-sdk/runtime-env"; import { buildDiscordInboundJob } from "./inbound-job.js"; import { createDiscordInboundWorker } from "./inbound-worker.js"; import type { DiscordMessageEvent, DiscordMessageHandler } from "./listeners.js"; diff --git a/extensions/discord/src/monitor/message-utils.ts b/extensions/discord/src/monitor/message-utils.ts index ae37d6615fd..4e84f4b3827 100644 --- a/extensions/discord/src/monitor/message-utils.ts +++ b/extensions/discord/src/monitor/message-utils.ts @@ -1,10 +1,10 @@ import type { ChannelType, Client, Message } from "@buape/carbon"; import { StickerFormatType, type APIAttachment, type APIStickerItem } from "discord-api-types/v10"; -import { buildMediaPayload } from "../../../../src/channels/plugins/media-payload.js"; -import { logVerbose } from "../../../../src/globals.js"; -import type { SsrFPolicy } from "../../../../src/infra/net/ssrf.js"; -import { fetchRemoteMedia, type FetchLike } from "../../../../src/media/fetch.js"; -import { saveMediaBuffer } from "../../../../src/media/store.js"; +import { buildMediaPayload } from "openclaw/plugin-sdk/channel-runtime"; +import type { SsrFPolicy } from "openclaw/plugin-sdk/infra-runtime"; +import { fetchRemoteMedia, type FetchLike } from "openclaw/plugin-sdk/media-runtime"; +import { saveMediaBuffer } from "openclaw/plugin-sdk/media-runtime"; +import { logVerbose } from "openclaw/plugin-sdk/runtime-env"; const DISCORD_CDN_HOSTNAMES = [ "cdn.discordapp.com", diff --git a/extensions/discord/src/monitor/model-picker-preferences.ts b/extensions/discord/src/monitor/model-picker-preferences.ts index e75ce013403..ca3483678af 100644 --- a/extensions/discord/src/monitor/model-picker-preferences.ts +++ b/extensions/discord/src/monitor/model-picker-preferences.ts @@ -1,14 +1,11 @@ import os from "node:os"; import path from "node:path"; -import { normalizeProviderId } from "../../../../src/agents/model-selection.js"; -import { resolveStateDir } from "../../../../src/config/paths.js"; -import { withFileLock } from "../../../../src/infra/file-lock.js"; -import { resolveRequiredHomeDir } from "../../../../src/infra/home-dir.js"; -import { - readJsonFileWithFallback, - writeJsonFileAtomically, -} from "../../../../src/plugin-sdk/json-store.js"; -import { normalizeAccountId as normalizeSharedAccountId } from "../../../../src/routing/account-id.js"; +import { normalizeAccountId as normalizeSharedAccountId } from "openclaw/plugin-sdk/account-id"; +import { normalizeProviderId } from "openclaw/plugin-sdk/agent-runtime"; +import { withFileLock } from "openclaw/plugin-sdk/infra-runtime"; +import { resolveRequiredHomeDir } from "openclaw/plugin-sdk/infra-runtime"; +import { readJsonFileWithFallback, writeJsonFileAtomically } from "openclaw/plugin-sdk/json-store"; +import { resolveStateDir } from "openclaw/plugin-sdk/state-paths"; const MODEL_PICKER_PREFERENCES_LOCK_OPTIONS = { retries: { diff --git a/extensions/discord/src/monitor/model-picker.test-utils.ts b/extensions/discord/src/monitor/model-picker.test-utils.ts index 8d9a9dd3197..56dcd7480c1 100644 --- a/extensions/discord/src/monitor/model-picker.test-utils.ts +++ b/extensions/discord/src/monitor/model-picker.test-utils.ts @@ -1,4 +1,4 @@ -import type { ModelsProviderData } from "../../../../src/auto-reply/reply/commands-models.js"; +import type { ModelsProviderData } from "openclaw/plugin-sdk/reply-runtime"; export function createModelsProviderData( entries: Record, diff --git a/extensions/discord/src/monitor/model-picker.ts b/extensions/discord/src/monitor/model-picker.ts index fb9226ac899..ec067ede2dd 100644 --- a/extensions/discord/src/monitor/model-picker.ts +++ b/extensions/discord/src/monitor/model-picker.ts @@ -11,12 +11,12 @@ import { } from "@buape/carbon"; import type { APISelectMenuOption } from "discord-api-types/v10"; import { ButtonStyle } from "discord-api-types/v10"; -import { normalizeProviderId } from "../../../../src/agents/model-selection.js"; +import { normalizeProviderId } from "openclaw/plugin-sdk/agent-runtime"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; import { buildModelsProviderData, type ModelsProviderData, -} from "../../../../src/auto-reply/reply/commands-models.js"; -import type { OpenClawConfig } from "../../../../src/config/config.js"; +} from "openclaw/plugin-sdk/reply-runtime"; export const DISCORD_MODEL_PICKER_CUSTOM_ID_KEY = "mdlpk"; export const DISCORD_CUSTOM_ID_MAX_CHARS = 100; diff --git a/extensions/discord/src/monitor/native-command-context.ts b/extensions/discord/src/monitor/native-command-context.ts index fc650827d45..07dc0bf0a76 100644 --- a/extensions/discord/src/monitor/native-command-context.ts +++ b/extensions/discord/src/monitor/native-command-context.ts @@ -1,5 +1,5 @@ -import type { CommandArgs } from "../../../../src/auto-reply/commands-registry.js"; -import { finalizeInboundContext } from "../../../../src/auto-reply/reply/inbound-context.js"; +import type { CommandArgs } from "openclaw/plugin-sdk/reply-runtime"; +import { finalizeInboundContext } from "openclaw/plugin-sdk/reply-runtime"; import { type DiscordChannelConfigResolved, type DiscordGuildEntryResolved } from "./allow-list.js"; import { buildDiscordInboundAccessContext } from "./inbound-context.js"; diff --git a/extensions/discord/src/monitor/native-command.plugin-dispatch.test.ts b/extensions/discord/src/monitor/native-command.plugin-dispatch.test.ts index 4ac49c92119..2b49292b037 100644 --- a/extensions/discord/src/monitor/native-command.plugin-dispatch.test.ts +++ b/extensions/discord/src/monitor/native-command.plugin-dispatch.test.ts @@ -2,38 +2,42 @@ import { ChannelType } from "discord-api-types/v10"; import { beforeEach, describe, expect, it, vi } from "vitest"; import type { NativeCommandSpec } from "../../../../src/auto-reply/commands-registry.js"; import * as dispatcherModule from "../../../../src/auto-reply/reply/provider-dispatcher.js"; +import type { ChatType } from "../../../../src/channels/chat-type.js"; import type { OpenClawConfig } from "../../../../src/config/config.js"; import * as pluginCommandsModule from "../../../../src/plugins/commands.js"; -import { createDiscordNativeCommand } from "./native-command.js"; +import { clearPluginCommands, registerPluginCommand } from "../../../../src/plugins/commands.js"; import { createMockCommandInteraction, type MockCommandInteraction, } from "./native-command.test-helpers.js"; import { createNoopThreadBindingManager } from "./thread-bindings.js"; -type ResolveConfiguredAcpBindingRecordFn = - typeof import("../../../../src/acp/persistent-bindings.js").resolveConfiguredAcpBindingRecord; -type EnsureConfiguredAcpBindingSessionFn = - typeof import("../../../../src/acp/persistent-bindings.js").ensureConfiguredAcpBindingSession; +type ResolveConfiguredBindingRouteFn = + typeof import("openclaw/plugin-sdk/conversation-runtime").resolveConfiguredBindingRoute; +type EnsureConfiguredBindingRouteReadyFn = + typeof import("openclaw/plugin-sdk/conversation-runtime").ensureConfiguredBindingRouteReady; const persistentBindingMocks = vi.hoisted(() => ({ - resolveConfiguredAcpBindingRecord: vi.fn(() => null), - ensureConfiguredAcpBindingSession: vi.fn(async () => ({ + resolveConfiguredAcpBindingRecord: vi.fn((params) => ({ + bindingResolution: null, + route: params.route, + })), + ensureConfiguredAcpBindingSession: vi.fn(async () => ({ ok: true, - sessionKey: "agent:codex:acp:binding:discord:default:seed", })), })); -vi.mock("../../../../src/acp/persistent-bindings.js", async (importOriginal) => { - const actual = - await importOriginal(); +vi.mock("openclaw/plugin-sdk/conversation-runtime", async (importOriginal) => { + const actual = await importOriginal(); return { ...actual, - resolveConfiguredAcpBindingRecord: persistentBindingMocks.resolveConfiguredAcpBindingRecord, - ensureConfiguredAcpBindingSession: persistentBindingMocks.ensureConfiguredAcpBindingSession, + resolveConfiguredBindingRoute: persistentBindingMocks.resolveConfiguredAcpBindingRecord, + ensureConfiguredBindingRouteReady: persistentBindingMocks.ensureConfiguredAcpBindingSession, }; }); +import { createDiscordNativeCommand } from "./native-command.js"; + function createInteraction(params?: { channelType?: ChannelType; channelId?: string; @@ -62,12 +66,7 @@ function createConfig(): OpenClawConfig { } as OpenClawConfig; } -function createStatusCommand(cfg: OpenClawConfig) { - const commandSpec: NativeCommandSpec = { - name: "status", - description: "Status", - acceptsArgs: false, - }; +function createNativeCommand(cfg: OpenClawConfig, commandSpec: NativeCommandSpec) { return createDiscordNativeCommand({ command: commandSpec, cfg, @@ -79,31 +78,212 @@ function createStatusCommand(cfg: OpenClawConfig) { }); } -function setConfiguredBinding(channelId: string, boundSessionKey: string) { - persistentBindingMocks.resolveConfiguredAcpBindingRecord.mockReturnValue({ +function createPluginCommand(params: { cfg: OpenClawConfig; name: string }) { + return createDiscordNativeCommand({ + command: { + name: params.name, + description: "Pair", + acceptsArgs: true, + } satisfies NativeCommandSpec, + cfg: params.cfg, + discordConfig: params.cfg.channels?.discord ?? {}, + accountId: "default", + sessionPrefix: "discord:slash", + ephemeralDefault: true, + threadBindings: createNoopThreadBindingManager("default"), + }); +} + +function registerPairPlugin(params?: { discordNativeName?: string }) { + expect( + registerPluginCommand("demo-plugin", { + name: "pair", + ...(params?.discordNativeName + ? { + nativeNames: { + telegram: "pair_device", + discord: params.discordNativeName, + }, + } + : {}), + description: "Pair device", + acceptsArgs: true, + requireAuth: false, + handler: async ({ args }) => ({ text: `paired:${args ?? ""}` }), + }), + ).toEqual({ ok: true }); +} + +async function expectPairCommandReply(params: { + cfg: OpenClawConfig; + commandName: string; + interaction: MockCommandInteraction; +}) { + const command = createPluginCommand({ + cfg: params.cfg, + name: params.commandName, + }); + const dispatchSpy = vi + .spyOn(dispatcherModule, "dispatchReplyWithDispatcher") + .mockResolvedValue({} as never); + + await (command as { run: (interaction: unknown) => Promise }).run( + Object.assign(params.interaction, { + options: { + getString: () => "now", + getBoolean: () => null, + getFocused: () => "", + }, + }) as unknown, + ); + + expect(dispatchSpy).not.toHaveBeenCalled(); + expect(params.interaction.reply).toHaveBeenCalledWith( + expect.objectContaining({ content: "paired:now" }), + ); +} + +function createStatusCommand(cfg: OpenClawConfig) { + return createNativeCommand(cfg, { + name: "status", + description: "Status", + acceptsArgs: false, + }); +} + +function resolveConversationFromParams(params: Parameters[0]) { + if ("conversation" in params) { + return params.conversation; + } + return { + channel: params.channel, + accountId: params.accountId, + conversationId: params.conversationId, + ...(params.parentConversationId ? { parentConversationId: params.parentConversationId } : {}), + }; +} + +function createConfiguredBindingResolution(params: { + conversation: ReturnType; + boundSessionKey: string; +}) { + const peerKind: ChatType = params.conversation.conversationId.startsWith("dm-") + ? "direct" + : "channel"; + const configuredBinding = { spec: { - channel: "discord", - accountId: "default", - conversationId: channelId, + channel: "discord" as const, + accountId: params.conversation.accountId, + conversationId: params.conversation.conversationId, + ...(params.conversation.parentConversationId + ? { parentConversationId: params.conversation.parentConversationId } + : {}), agentId: "codex", - mode: "persistent", + mode: "persistent" as const, }, record: { - bindingId: `config:acp:discord:default:${channelId}`, - targetSessionKey: boundSessionKey, - targetKind: "session", - conversation: { - channel: "discord", - accountId: "default", - conversationId: channelId, - }, - status: "active", + bindingId: `config:acp:discord:${params.conversation.accountId}:${params.conversation.conversationId}`, + targetSessionKey: params.boundSessionKey, + targetKind: "session" as const, + conversation: params.conversation, + status: "active" as const, boundAt: 0, }, + }; + return { + conversation: params.conversation, + compiledBinding: { + channel: "discord" as const, + binding: { + type: "acp" as const, + agentId: "codex", + match: { + channel: "discord", + accountId: params.conversation.accountId, + peer: { + kind: peerKind, + id: params.conversation.conversationId, + }, + }, + acp: { + mode: "persistent" as const, + }, + }, + bindingConversationId: params.conversation.conversationId, + target: { + conversationId: params.conversation.conversationId, + ...(params.conversation.parentConversationId + ? { parentConversationId: params.conversation.parentConversationId } + : {}), + }, + agentId: "codex", + provider: { + compileConfiguredBinding: () => ({ + conversationId: params.conversation.conversationId, + ...(params.conversation.parentConversationId + ? { parentConversationId: params.conversation.parentConversationId } + : {}), + }), + matchInboundConversation: () => ({ + conversationId: params.conversation.conversationId, + ...(params.conversation.parentConversationId + ? { parentConversationId: params.conversation.parentConversationId } + : {}), + }), + }, + targetFactory: { + driverId: "acp" as const, + materialize: () => ({ + record: configuredBinding.record, + statefulTarget: { + kind: "stateful" as const, + driverId: "acp", + sessionKey: params.boundSessionKey, + agentId: "codex", + }, + }), + }, + }, + match: { + conversationId: params.conversation.conversationId, + ...(params.conversation.parentConversationId + ? { parentConversationId: params.conversation.parentConversationId } + : {}), + }, + record: configuredBinding.record, + statefulTarget: { + kind: "stateful" as const, + driverId: "acp", + sessionKey: params.boundSessionKey, + agentId: "codex", + }, + }; +} + +function setConfiguredBinding(channelId: string, boundSessionKey: string) { + persistentBindingMocks.resolveConfiguredAcpBindingRecord.mockImplementation((params) => { + const conversation = resolveConversationFromParams(params); + const bindingResolution = createConfiguredBindingResolution({ + conversation: { + ...conversation, + conversationId: channelId, + }, + boundSessionKey, + }); + return { + bindingResolution, + boundSessionKey, + boundAgentId: "codex", + route: { + ...params.route, + agentId: "codex", + sessionKey: boundSessionKey, + matchedBy: "binding.channel", + }, + }; }); persistentBindingMocks.ensureConfiguredAcpBindingSession.mockResolvedValue({ ok: true, - sessionKey: boundSessionKey, }); } @@ -153,15 +333,115 @@ async function expectBoundStatusCommandDispatch(params: { describe("Discord native plugin command dispatch", () => { beforeEach(() => { vi.restoreAllMocks(); + clearPluginCommands(); persistentBindingMocks.resolveConfiguredAcpBindingRecord.mockReset(); - persistentBindingMocks.resolveConfiguredAcpBindingRecord.mockReturnValue(null); + persistentBindingMocks.resolveConfiguredAcpBindingRecord.mockImplementation((params) => ({ + bindingResolution: null, + route: params.route, + })); persistentBindingMocks.ensureConfiguredAcpBindingSession.mockReset(); persistentBindingMocks.ensureConfiguredAcpBindingSession.mockResolvedValue({ ok: true, - sessionKey: "agent:codex:acp:binding:discord:default:seed", }); }); + it("executes plugin commands from the real registry through the native Discord command path", async () => { + const cfg = createConfig(); + const interaction = createInteraction(); + + registerPairPlugin(); + await expectPairCommandReply({ + cfg, + commandName: "pair", + interaction, + }); + }); + + it("round-trips Discord native aliases through the real plugin registry", async () => { + const cfg = createConfig(); + const interaction = createInteraction(); + + registerPairPlugin({ discordNativeName: "pairdiscord" }); + await expectPairCommandReply({ + cfg, + commandName: "pairdiscord", + interaction, + }); + }); + + it("blocks unauthorized Discord senders before requireAuth:false plugin commands execute", async () => { + const cfg = { + commands: { + allowFrom: { + discord: ["user:123456789012345678"], + }, + }, + channels: { + discord: { + groupPolicy: "allowlist", + guilds: { + "345678901234567890": { + channels: { + "234567890123456789": { + allow: true, + requireMention: false, + }, + }, + }, + }, + }, + }, + } as OpenClawConfig; + const commandSpec: NativeCommandSpec = { + name: "pair", + description: "Pair", + acceptsArgs: true, + }; + const command = createDiscordNativeCommand({ + command: commandSpec, + cfg, + discordConfig: cfg.channels?.discord ?? {}, + accountId: "default", + sessionPrefix: "discord:slash", + ephemeralDefault: true, + threadBindings: createNoopThreadBindingManager("default"), + }); + const interaction = createInteraction({ + channelType: ChannelType.GuildText, + channelId: "234567890123456789", + guildId: "345678901234567890", + guildName: "Test Guild", + }); + interaction.user.id = "999999999999999999"; + interaction.options.getString.mockReturnValue("now"); + + expect( + registerPluginCommand("demo-plugin", { + name: "pair", + description: "Pair device", + acceptsArgs: true, + requireAuth: false, + handler: async ({ args }) => ({ text: `open:${args ?? ""}` }), + }), + ).toEqual({ ok: true }); + + const executeSpy = vi.spyOn(pluginCommandsModule, "executePluginCommand"); + const dispatchSpy = vi + .spyOn(dispatcherModule, "dispatchReplyWithDispatcher") + .mockResolvedValue({} as never); + + await (command as { run: (interaction: unknown) => Promise }).run(interaction as unknown); + + expect(executeSpy).not.toHaveBeenCalled(); + expect(dispatchSpy).not.toHaveBeenCalled(); + expect(interaction.reply).toHaveBeenCalledWith( + expect.objectContaining({ + content: "You are not authorized to use this command.", + ephemeral: true, + }), + ); + }); + it("executes matched plugin commands directly without invoking the agent dispatcher", async () => { const cfg = createConfig(); const commandSpec: NativeCommandSpec = { @@ -341,4 +621,64 @@ describe("Discord native plugin command dispatch", () => { boundSessionKey, }); }); + + it("allows recovery commands through configured ACP bindings even when ensure fails", async () => { + const guildId = "1459246755253325866"; + const channelId = "1479098716916023408"; + const boundSessionKey = "agent:codex:acp:binding:discord:default:feedface"; + const cfg = { + commands: { + useAccessGroups: false, + }, + bindings: [ + { + type: "acp", + agentId: "codex", + match: { + channel: "discord", + accountId: "default", + peer: { kind: "channel", id: channelId }, + }, + acp: { + mode: "persistent", + }, + }, + ], + } as OpenClawConfig; + const interaction = createInteraction({ + channelType: ChannelType.GuildText, + channelId, + guildId, + guildName: "Ops", + }); + const command = createNativeCommand(cfg, { + name: "new", + description: "Start a new session.", + acceptsArgs: true, + }); + + setConfiguredBinding(channelId, boundSessionKey); + persistentBindingMocks.ensureConfiguredAcpBindingSession.mockResolvedValue({ + ok: false, + error: "acpx exited with code 1", + }); + vi.spyOn(pluginCommandsModule, "matchPluginCommand").mockReturnValue(null); + const dispatchSpy = createDispatchSpy(); + + await (command as { run: (interaction: unknown) => Promise }).run(interaction as unknown); + + expect(dispatchSpy).toHaveBeenCalledTimes(1); + const dispatchCall = dispatchSpy.mock.calls[0]?.[0] as { + ctx?: { SessionKey?: string; CommandTargetSessionKey?: string }; + }; + expect(dispatchCall.ctx?.SessionKey).toBe(boundSessionKey); + expect(dispatchCall.ctx?.CommandTargetSessionKey).toBe(boundSessionKey); + expect(persistentBindingMocks.resolveConfiguredAcpBindingRecord).toHaveBeenCalledTimes(1); + expect(persistentBindingMocks.ensureConfiguredAcpBindingSession).not.toHaveBeenCalled(); + expect(interaction.reply).not.toHaveBeenCalledWith( + expect.objectContaining({ + content: "Configured ACP binding is unavailable right now. Please try again.", + }), + ); + }); }); diff --git a/extensions/discord/src/monitor/native-command.ts b/extensions/discord/src/monitor/native-command.ts index e745063d8d0..a292f6d4bfc 100644 --- a/extensions/discord/src/monitor/native-command.ts +++ b/extensions/discord/src/monitor/native-command.ts @@ -15,19 +15,29 @@ import { type StringSelectMenuInteraction, } from "@buape/carbon"; import { ApplicationCommandOptionType, ButtonStyle } from "discord-api-types/v10"; +import { resolveHumanDelayConfig } from "openclaw/plugin-sdk/agent-runtime"; +import { resolveCommandAuthorizedFromAuthorizers } from "openclaw/plugin-sdk/channel-runtime"; +import { resolveNativeCommandSessionTargets } from "openclaw/plugin-sdk/channel-runtime"; +import { createReplyPrefixOptions } from "openclaw/plugin-sdk/channel-runtime"; +import type { OpenClawConfig, loadConfig } from "openclaw/plugin-sdk/config-runtime"; +import { isDangerousNameMatchingEnabled } from "openclaw/plugin-sdk/config-runtime"; +import { resolveOpenProviderRuntimeGroupPolicy } from "openclaw/plugin-sdk/config-runtime"; +import { loadSessionStore, resolveStorePath } from "openclaw/plugin-sdk/config-runtime"; import { - ensureConfiguredAcpRouteReady, - resolveConfiguredAcpRoute, -} from "../../../../src/acp/persistent-bindings.route.js"; -import { resolveHumanDelayConfig } from "../../../../src/agents/identity.js"; -import { resolveChunkMode, resolveTextChunkLimit } from "../../../../src/auto-reply/chunk.js"; + ensureConfiguredBindingRouteReady, + resolveConfiguredBindingRoute, +} from "openclaw/plugin-sdk/conversation-runtime"; +import { buildPairingReply } from "openclaw/plugin-sdk/conversation-runtime"; +import { getAgentScopedMediaLocalRoots } from "openclaw/plugin-sdk/media-runtime"; +import { executePluginCommand, matchPluginCommand } from "openclaw/plugin-sdk/plugin-runtime"; +import { resolveChunkMode, resolveTextChunkLimit } from "openclaw/plugin-sdk/reply-runtime"; import type { ChatCommandDefinition, CommandArgDefinition, CommandArgValues, CommandArgs, NativeCommandSpec, -} from "../../../../src/auto-reply/commands-registry.js"; +} from "openclaw/plugin-sdk/reply-runtime"; import { buildCommandTextFromArgs, findCommandByNativeName, @@ -36,26 +46,16 @@ import { resolveCommandArgChoices, resolveCommandArgMenu, serializeCommandArgs, -} from "../../../../src/auto-reply/commands-registry.js"; -import { resolveStoredModelOverride } from "../../../../src/auto-reply/reply/model-selection.js"; -import { dispatchReplyWithDispatcher } from "../../../../src/auto-reply/reply/provider-dispatcher.js"; -import type { ReplyPayload } from "../../../../src/auto-reply/types.js"; -import { resolveCommandAuthorizedFromAuthorizers } from "../../../../src/channels/command-gating.js"; -import { resolveNativeCommandSessionTargets } from "../../../../src/channels/native-command-session-targets.js"; -import { createReplyPrefixOptions } from "../../../../src/channels/reply-prefix.js"; -import type { OpenClawConfig, loadConfig } from "../../../../src/config/config.js"; -import { isDangerousNameMatchingEnabled } from "../../../../src/config/dangerous-name-matching.js"; -import { resolveOpenProviderRuntimeGroupPolicy } from "../../../../src/config/runtime-group-policy.js"; -import { loadSessionStore, resolveStorePath } from "../../../../src/config/sessions.js"; -import { logVerbose } from "../../../../src/globals.js"; -import { createSubsystemLogger } from "../../../../src/logging/subsystem.js"; -import { getAgentScopedMediaLocalRoots } from "../../../../src/media/local-roots.js"; -import { buildPairingReply } from "../../../../src/pairing/pairing-messages.js"; -import { executePluginCommand, matchPluginCommand } from "../../../../src/plugins/commands.js"; -import type { ResolvedAgentRoute } from "../../../../src/routing/resolve-route.js"; -import { chunkItems } from "../../../../src/utils/chunk-items.js"; -import { withTimeout } from "../../../../src/utils/with-timeout.js"; -import { loadWebMedia } from "../../../whatsapp/src/media.js"; +} from "openclaw/plugin-sdk/reply-runtime"; +import { resolveStoredModelOverride } from "openclaw/plugin-sdk/reply-runtime"; +import { dispatchReplyWithDispatcher } from "openclaw/plugin-sdk/reply-runtime"; +import type { ReplyPayload } from "openclaw/plugin-sdk/reply-runtime"; +import type { ResolvedAgentRoute } from "openclaw/plugin-sdk/routing"; +import { logVerbose } from "openclaw/plugin-sdk/runtime-env"; +import { createSubsystemLogger } from "openclaw/plugin-sdk/runtime-env"; +import { chunkItems } from "openclaw/plugin-sdk/text-runtime"; +import { withTimeout } from "openclaw/plugin-sdk/text-runtime"; +import { loadWebMedia } from "openclaw/plugin-sdk/web-media"; import { resolveDiscordMaxLinesPerMessage } from "../accounts.js"; import { chunkDiscordTextWithMode } from "../chunk.js"; import { @@ -194,6 +194,11 @@ function buildDiscordCommandOptions(params: { }) satisfies CommandOptions; } +function shouldBypassConfiguredAcpEnsure(commandName: string): boolean { + const normalized = commandName.trim().toLowerCase(); + return normalized === "acp" || normalized === "new" || normalized === "reset"; +} + function readDiscordCommandArgs( interaction: CommandInteraction, definitions?: CommandArgDefinition[], @@ -1617,24 +1622,27 @@ async function dispatchDiscordCommandInteraction(params: { const threadBinding = isThreadChannel ? threadBindings.getByThreadId(rawChannelId) : undefined; const configuredRoute = threadBinding == null - ? resolveConfiguredAcpRoute({ + ? resolveConfiguredBindingRoute({ cfg, route, - channel: "discord", - accountId, - conversationId: channelId, - parentConversationId: threadParentId, + conversation: { + channel: "discord", + accountId, + conversationId: channelId, + parentConversationId: threadParentId, + }, }) : null; - const configuredBinding = configuredRoute?.configuredBinding ?? null; - if (configuredBinding) { - const ensured = await ensureConfiguredAcpRouteReady({ + const configuredBinding = configuredRoute?.bindingResolution ?? null; + const commandName = command.nativeName ?? command.key; + if (configuredBinding && !shouldBypassConfiguredAcpEnsure(commandName)) { + const ensured = await ensureConfiguredBindingRouteReady({ cfg, - configuredBinding, + bindingResolution: configuredBinding, }); if (!ensured.ok) { logVerbose( - `discord native command: configured ACP binding unavailable for channel ${configuredBinding.spec.conversationId}: ${ensured.error}`, + `discord native command: configured ACP binding unavailable for channel ${configuredBinding.record.conversation.conversationId}: ${ensured.error}`, ); await respond("Configured ACP binding is unavailable right now. Please try again."); return; diff --git a/extensions/discord/src/monitor/preflight-audio.runtime.ts b/extensions/discord/src/monitor/preflight-audio.runtime.ts new file mode 100644 index 00000000000..7e7f111d104 --- /dev/null +++ b/extensions/discord/src/monitor/preflight-audio.runtime.ts @@ -0,0 +1,9 @@ +import { transcribeFirstAudio as transcribeFirstAudioImpl } from "openclaw/plugin-sdk/media-runtime"; + +type TranscribeFirstAudio = typeof import("openclaw/plugin-sdk/media-runtime").transcribeFirstAudio; + +export async function transcribeFirstAudio( + ...args: Parameters +): ReturnType { + return await transcribeFirstAudioImpl(...args); +} diff --git a/extensions/discord/src/monitor/preflight-audio.ts b/extensions/discord/src/monitor/preflight-audio.ts index f52e2b0df93..97bbbdd273d 100644 --- a/extensions/discord/src/monitor/preflight-audio.ts +++ b/extensions/discord/src/monitor/preflight-audio.ts @@ -1,5 +1,5 @@ -import type { OpenClawConfig } from "../../../../src/config/config.js"; -import { logVerbose } from "../../../../src/globals.js"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { logVerbose } from "openclaw/plugin-sdk/runtime-env"; type DiscordAudioAttachment = { content_type?: string; @@ -50,8 +50,7 @@ export async function resolveDiscordPreflightAudioMentionContext(params: { }; } try { - const { transcribeFirstAudio } = - await import("../../../../src/media-understanding/audio-preflight.js"); + const { transcribeFirstAudio } = await import("./preflight-audio.runtime.js"); if (params.abortSignal?.aborted) { return { hasAudioAttachment, diff --git a/extensions/discord/src/monitor/presence.ts b/extensions/discord/src/monitor/presence.ts index b13a21dc2f1..cfe8125e50e 100644 --- a/extensions/discord/src/monitor/presence.ts +++ b/extensions/discord/src/monitor/presence.ts @@ -1,5 +1,5 @@ import type { Activity, UpdatePresenceData } from "@buape/carbon/gateway"; -import type { DiscordAccountConfig } from "../../../../src/config/config.js"; +import type { DiscordAccountConfig } from "openclaw/plugin-sdk/config-runtime"; const DEFAULT_CUSTOM_ACTIVITY_TYPE = 4; const CUSTOM_STATUS_NAME = "Custom Status"; diff --git a/extensions/discord/src/monitor/provider.allowlist.ts b/extensions/discord/src/monitor/provider.allowlist.ts index 3f108e443ea..ac6c89dd9f8 100644 --- a/extensions/discord/src/monitor/provider.allowlist.ts +++ b/extensions/discord/src/monitor/provider.allowlist.ts @@ -4,11 +4,11 @@ import { canonicalizeAllowlistWithResolvedIds, patchAllowlistUsersInConfigEntries, summarizeMapping, -} from "../../../../src/channels/allowlists/resolve-utils.js"; -import type { DiscordGuildEntry } from "../../../../src/config/types.discord.js"; -import { formatErrorMessage } from "../../../../src/infra/errors.js"; -import type { RuntimeEnv } from "../../../../src/runtime.js"; -import { normalizeStringEntries } from "../../../../src/shared/string-normalization.js"; +} from "openclaw/plugin-sdk/channel-runtime"; +import type { DiscordGuildEntry } from "openclaw/plugin-sdk/config-runtime"; +import { formatErrorMessage } from "openclaw/plugin-sdk/infra-runtime"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; +import { normalizeStringEntries } from "openclaw/plugin-sdk/text-runtime"; import { resolveDiscordChannelAllowlist } from "../resolve-channels.js"; import { resolveDiscordUserAllowlist } from "../resolve-users.js"; diff --git a/extensions/discord/src/monitor/provider.lifecycle.test.ts b/extensions/discord/src/monitor/provider.lifecycle.test.ts index f03dce881c2..9de21e92d0d 100644 --- a/extensions/discord/src/monitor/provider.lifecycle.test.ts +++ b/extensions/discord/src/monitor/provider.lifecycle.test.ts @@ -228,6 +228,65 @@ describe("runDiscordGatewayLifecycle", () => { expect(connectedCall![0].lastConnectedAt).toBeTypeOf("number"); }); + it("forces a fresh reconnect when startup never reaches READY, then recovers", async () => { + vi.useFakeTimers(); + try { + const { runDiscordGatewayLifecycle } = await import("./provider.lifecycle.js"); + const { emitter, gateway } = createGatewayHarness(); + getDiscordGatewayEmitterMock.mockReturnValueOnce(emitter); + gateway.connect.mockImplementation((_resume?: boolean) => { + setTimeout(() => { + gateway.isConnected = true; + }, 1_000); + }); + + const { lifecycleParams, runtimeError } = createLifecycleHarness({ gateway }); + const lifecyclePromise = runDiscordGatewayLifecycle(lifecycleParams); + await vi.advanceTimersByTimeAsync(15_000 + 1_000); + await expect(lifecyclePromise).resolves.toBeUndefined(); + + expect(runtimeError).toHaveBeenCalledWith( + expect.stringContaining("gateway was not ready after 15000ms"), + ); + expect(gateway.disconnect).toHaveBeenCalledTimes(1); + expect(gateway.connect).toHaveBeenCalledTimes(1); + expect(gateway.connect).toHaveBeenCalledWith(false); + } finally { + vi.useRealTimers(); + } + }); + + it("fails fast when startup never reaches READY after a forced reconnect", async () => { + vi.useFakeTimers(); + try { + const { runDiscordGatewayLifecycle } = await import("./provider.lifecycle.js"); + const { emitter, gateway } = createGatewayHarness(); + getDiscordGatewayEmitterMock.mockReturnValueOnce(emitter); + const { lifecycleParams, start, stop, threadStop, releaseEarlyGatewayErrorGuard } = + createLifecycleHarness({ gateway }); + + const lifecyclePromise = runDiscordGatewayLifecycle(lifecycleParams); + lifecyclePromise.catch(() => {}); + await vi.advanceTimersByTimeAsync(15_000 * 2 + 1_000); + await expect(lifecyclePromise).rejects.toThrow( + "discord gateway did not reach READY within 15000ms after a forced reconnect", + ); + + expect(gateway.disconnect).toHaveBeenCalledTimes(1); + expect(gateway.connect).toHaveBeenCalledTimes(1); + expect(gateway.connect).toHaveBeenCalledWith(false); + expectLifecycleCleanup({ + start, + stop, + threadStop, + waitCalls: 0, + releaseEarlyGatewayErrorGuard, + }); + } finally { + vi.useRealTimers(); + } + }); + it("handles queued disallowed intents errors without waiting for gateway events", async () => { const { runDiscordGatewayLifecycle } = await import("./provider.lifecycle.js"); const { @@ -276,6 +335,51 @@ describe("runDiscordGatewayLifecycle", () => { }); }); + it("surfaces fatal startup gateway errors while waiting for READY", async () => { + vi.useFakeTimers(); + try { + const { runDiscordGatewayLifecycle } = await import("./provider.lifecycle.js"); + const pendingGatewayErrors: unknown[] = []; + const { emitter, gateway } = createGatewayHarness(); + getDiscordGatewayEmitterMock.mockReturnValueOnce(emitter); + const { + lifecycleParams, + start, + stop, + threadStop, + runtimeError, + releaseEarlyGatewayErrorGuard, + } = createLifecycleHarness({ + gateway, + pendingGatewayErrors, + }); + + setTimeout(() => { + pendingGatewayErrors.push(new Error("Fatal Gateway error: 4001")); + }, 1_000); + + const lifecyclePromise = runDiscordGatewayLifecycle(lifecycleParams); + lifecyclePromise.catch(() => {}); + await vi.advanceTimersByTimeAsync(1_500); + await expect(lifecyclePromise).rejects.toThrow("Fatal Gateway error: 4001"); + + expect(runtimeError).toHaveBeenCalledWith( + expect.stringContaining("discord gateway error: Error: Fatal Gateway error: 4001"), + ); + expect(gateway.disconnect).not.toHaveBeenCalled(); + expect(gateway.connect).not.toHaveBeenCalled(); + expectLifecycleCleanup({ + start, + stop, + threadStop, + waitCalls: 0, + releaseEarlyGatewayErrorGuard, + }); + } finally { + vi.useRealTimers(); + } + }); + it("retries stalled HELLO with resume before forcing fresh identify", async () => { vi.useFakeTimers(); try { @@ -288,8 +392,11 @@ describe("runDiscordGatewayLifecycle", () => { }, sequence: 123, }); + gateway.isConnected = true; getDiscordGatewayEmitterMock.mockReturnValueOnce(emitter); waitForDiscordGatewayStopMock.mockImplementationOnce(async () => { + emitter.emit("debug", "WebSocket connection closed with code 1006"); + gateway.isConnected = false; await emitGatewayOpenAndWait(emitter); await emitGatewayOpenAndWait(emitter); await emitGatewayOpenAndWait(emitter); @@ -324,8 +431,13 @@ describe("runDiscordGatewayLifecycle", () => { }, sequence: 456, }); + gateway.isConnected = true; getDiscordGatewayEmitterMock.mockReturnValueOnce(emitter); waitForDiscordGatewayStopMock.mockImplementationOnce(async () => { + emitter.emit("debug", "WebSocket connection closed with code 1006"); + gateway.isConnected = false; + await emitGatewayOpenAndWait(emitter); + await emitGatewayOpenAndWait(emitter); // Successful reconnect (READY/RESUMED sets isConnected=true), then @@ -342,10 +454,11 @@ describe("runDiscordGatewayLifecycle", () => { const { lifecycleParams } = createLifecycleHarness({ gateway }); await expect(runDiscordGatewayLifecycle(lifecycleParams)).resolves.toBeUndefined(); - expect(gateway.connect).toHaveBeenCalledTimes(3); + expect(gateway.connect).toHaveBeenCalledTimes(4); expect(gateway.connect).toHaveBeenNthCalledWith(1, true); expect(gateway.connect).toHaveBeenNthCalledWith(2, true); expect(gateway.connect).toHaveBeenNthCalledWith(3, true); + expect(gateway.connect).toHaveBeenNthCalledWith(4, true); expect(gateway.connect).not.toHaveBeenCalledWith(false); } finally { vi.useRealTimers(); @@ -357,6 +470,7 @@ describe("runDiscordGatewayLifecycle", () => { try { const { runDiscordGatewayLifecycle } = await import("./provider.lifecycle.js"); const { emitter, gateway } = createGatewayHarness(); + gateway.isConnected = true; getDiscordGatewayEmitterMock.mockReturnValueOnce(emitter); waitForDiscordGatewayStopMock.mockImplementationOnce( (waitParams: WaitForDiscordGatewayStopParams) => @@ -382,6 +496,7 @@ describe("runDiscordGatewayLifecycle", () => { try { const { runDiscordGatewayLifecycle } = await import("./provider.lifecycle.js"); const { emitter, gateway } = createGatewayHarness(); + gateway.isConnected = true; getDiscordGatewayEmitterMock.mockReturnValueOnce(emitter); let resolveWait: (() => void) | undefined; waitForDiscordGatewayStopMock.mockImplementationOnce( diff --git a/extensions/discord/src/monitor/provider.lifecycle.ts b/extensions/discord/src/monitor/provider.lifecycle.ts index 4d2130c3a5d..b2a9e8a6019 100644 --- a/extensions/discord/src/monitor/provider.lifecycle.ts +++ b/extensions/discord/src/monitor/provider.lifecycle.ts @@ -1,9 +1,9 @@ import type { Client } from "@buape/carbon"; import type { GatewayPlugin } from "@buape/carbon/gateway"; -import { createArmableStallWatchdog } from "../../../../src/channels/transport/stall-watchdog.js"; -import { createConnectedChannelStatusPatch } from "../../../../src/gateway/channel-status-patches.js"; -import { danger } from "../../../../src/globals.js"; -import type { RuntimeEnv } from "../../../../src/runtime.js"; +import { createArmableStallWatchdog } from "openclaw/plugin-sdk/channel-runtime"; +import { createConnectedChannelStatusPatch } from "openclaw/plugin-sdk/gateway-runtime"; +import { danger } from "openclaw/plugin-sdk/runtime-env"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; import { attachDiscordGatewayLogging } from "../gateway-logging.js"; import { getDiscordGatewayEmitter, waitForDiscordGatewayStop } from "../monitor.gateway.js"; import type { DiscordVoiceManager } from "../voice/manager.js"; @@ -15,6 +15,37 @@ type ExecApprovalsHandler = { stop: () => Promise; }; +const DISCORD_GATEWAY_READY_TIMEOUT_MS = 15_000; +const DISCORD_GATEWAY_READY_POLL_MS = 250; + +type GatewayReadyWaitResult = "ready" | "timeout" | "stopped"; + +async function waitForDiscordGatewayReady(params: { + gateway?: Pick; + abortSignal?: AbortSignal; + timeoutMs: number; + beforePoll?: () => Promise<"continue" | "stop"> | "continue" | "stop"; +}): Promise { + const deadlineAt = Date.now() + params.timeoutMs; + while (!params.abortSignal?.aborted) { + const pollDecision = await params.beforePoll?.(); + if (pollDecision === "stop") { + return "stopped"; + } + if (params.gateway?.isConnected) { + return "ready"; + } + if (Date.now() >= deadlineAt) { + return "timeout"; + } + await new Promise((resolve) => { + const timeout = setTimeout(resolve, DISCORD_GATEWAY_READY_POLL_MS); + timeout.unref?.(); + }); + } + return "stopped"; +} + export async function runDiscordGatewayLifecycle(params: { accountId: string; client: Client; @@ -242,20 +273,6 @@ export async function runDiscordGatewayLifecycle(params: { }; gatewayEmitter?.on("debug", onGatewayDebug); - // If the gateway is already connected when the lifecycle starts (the - // "WebSocket connection opened" debug event was emitted before we - // registered the listener above), push the initial connected status now. - // Guard against lifecycleStopping: if the abortSignal was already aborted, - // onAbort() ran synchronously above and pushed connected: false — don't - // contradict it with a spurious connected: true. - if (gateway?.isConnected && !lifecycleStopping) { - const at = Date.now(); - pushStatus({ - ...createConnectedChannelStatusPatch(at), - lastDisconnect: null, - }); - } - let sawDisallowedIntents = false; const logGatewayError = (err: unknown) => { if (params.isDisallowedIntentsError(err)) { @@ -277,28 +294,107 @@ export async function runDiscordGatewayLifecycle(params: { params.isDisallowedIntentsError(err) ); }; + const drainPendingGatewayErrors = (): "continue" | "stop" => { + const pendingGatewayErrors = params.pendingGatewayErrors ?? []; + if (pendingGatewayErrors.length === 0) { + return "continue"; + } + const queuedErrors = [...pendingGatewayErrors]; + pendingGatewayErrors.length = 0; + for (const err of queuedErrors) { + logGatewayError(err); + if (!shouldStopOnGatewayError(err)) { + continue; + } + if (params.isDisallowedIntentsError(err)) { + return "stop"; + } + throw err; + } + return "continue"; + }; try { if (params.execApprovalsHandler) { await params.execApprovalsHandler.start(); } // Drain gateway errors emitted before lifecycle listeners were attached. - const pendingGatewayErrors = params.pendingGatewayErrors ?? []; - if (pendingGatewayErrors.length > 0) { - const queuedErrors = [...pendingGatewayErrors]; - pendingGatewayErrors.length = 0; - for (const err of queuedErrors) { - logGatewayError(err); - if (!shouldStopOnGatewayError(err)) { - continue; - } - if (params.isDisallowedIntentsError(err)) { + if (drainPendingGatewayErrors() === "stop") { + return; + } + + // Carbon starts the gateway during client construction, before OpenClaw can + // attach lifecycle listeners. Require a READY/RESUMED-connected gateway + // before continuing so the monitor does not look healthy while silently + // missing inbound events. + if (gateway && !gateway.isConnected && !lifecycleStopping) { + const initialReady = await waitForDiscordGatewayReady({ + gateway, + abortSignal: params.abortSignal, + timeoutMs: DISCORD_GATEWAY_READY_TIMEOUT_MS, + beforePoll: drainPendingGatewayErrors, + }); + if (initialReady === "stopped" || lifecycleStopping) { + return; + } + if (initialReady === "timeout" && !lifecycleStopping) { + params.runtime.error?.( + danger( + `discord: gateway was not ready after ${DISCORD_GATEWAY_READY_TIMEOUT_MS}ms; forcing a fresh reconnect`, + ), + ); + const startupRetryAt = Date.now(); + pushStatus({ + connected: false, + lastEventAt: startupRetryAt, + lastDisconnect: { + at: startupRetryAt, + error: "startup-not-ready", + }, + }); + gateway?.disconnect(); + gateway?.connect(false); + const reconnected = await waitForDiscordGatewayReady({ + gateway, + abortSignal: params.abortSignal, + timeoutMs: DISCORD_GATEWAY_READY_TIMEOUT_MS, + beforePoll: drainPendingGatewayErrors, + }); + if (reconnected === "stopped" || lifecycleStopping) { return; } - throw err; + if (reconnected === "timeout" && !lifecycleStopping) { + const error = new Error( + `discord gateway did not reach READY within ${DISCORD_GATEWAY_READY_TIMEOUT_MS}ms after a forced reconnect`, + ); + const startupFailureAt = Date.now(); + pushStatus({ + connected: false, + lastEventAt: startupFailureAt, + lastDisconnect: { + at: startupFailureAt, + error: "startup-reconnect-timeout", + }, + lastError: error.message, + }); + throw error; + } } } + // If the gateway is already connected when the lifecycle starts (or becomes + // connected during the startup readiness guard), push the initial connected + // status now. Guard against lifecycleStopping: if the abortSignal was + // already aborted, onAbort() ran synchronously above and pushed connected: + // false, so don't contradict it with a spurious connected: true. + if (gateway?.isConnected && !lifecycleStopping) { + const at = Date.now(); + pushStatus({ + ...createConnectedChannelStatusPatch(at), + lastDisconnect: null, + }); + } + await waitForDiscordGatewayStop({ gateway: gateway ? { diff --git a/extensions/discord/src/monitor/provider.proxy.test.ts b/extensions/discord/src/monitor/provider.proxy.test.ts index 72da5136c7a..f8e9f52c198 100644 --- a/extensions/discord/src/monitor/provider.proxy.test.ts +++ b/extensions/discord/src/monitor/provider.proxy.test.ts @@ -142,11 +142,30 @@ describe("createDiscordGatewayPlugin", () => { }); await expect(registerGatewayClient(plugin)).rejects.toThrow( - "Failed to get gateway information from Discord: fetch failed", + "Failed to get gateway information from Discord", ); expect(baseRegisterClientSpy).not.toHaveBeenCalled(); } + async function expectGatewayRegisterFallback(response: Response) { + const runtime = createRuntime(); + globalFetchMock.mockResolvedValue(response); + const plugin = createDiscordGatewayPlugin({ + discordConfig: {}, + runtime, + }); + + await registerGatewayClient(plugin); + + expect(baseRegisterClientSpy).toHaveBeenCalledTimes(1); + expect((plugin as unknown as { gatewayInfo?: { url?: string } }).gatewayInfo?.url).toBe( + "wss://gateway.discord.gg/", + ); + expect(runtime.log).toHaveBeenCalledWith( + expect.stringContaining("discord: gateway metadata lookup failed transiently"), + ); + } + async function registerGatewayClientWithMetadata(params: { plugin: unknown; fetchMock: typeof globalFetchMock; @@ -161,6 +180,7 @@ describe("createDiscordGatewayPlugin", () => { beforeEach(() => { vi.stubGlobal("fetch", globalFetchMock); + vi.useRealTimers(); baseRegisterClientSpy.mockClear(); globalFetchMock.mockClear(); restProxyAgentSpy.mockClear(); @@ -190,7 +210,7 @@ describe("createDiscordGatewayPlugin", () => { }); it("maps plain-text Discord 503 responses to fetch failed", async () => { - await expectGatewayRegisterFetchFailure({ + await expectGatewayRegisterFallback({ ok: false, status: 503, text: async () => @@ -198,6 +218,14 @@ describe("createDiscordGatewayPlugin", () => { } as Response); }); + it("keeps fatal Discord metadata failures fatal", async () => { + await expectGatewayRegisterFetchFailure({ + ok: false, + status: 401, + text: async () => "401: Unauthorized", + } as Response); + }); + it("uses proxy agent for gateway WebSocket when configured", async () => { const runtime = createRuntime(); @@ -255,7 +283,7 @@ describe("createDiscordGatewayPlugin", () => { }); it("maps body read failures to fetch failed", async () => { - await expectGatewayRegisterFetchFailure({ + await expectGatewayRegisterFallback({ ok: true, status: 200, text: async () => { @@ -263,4 +291,68 @@ describe("createDiscordGatewayPlugin", () => { }, } as unknown as Response); }); + + it("falls back to the default gateway url when metadata lookup times out", async () => { + vi.useFakeTimers(); + const runtime = createRuntime(); + globalFetchMock.mockImplementation(() => new Promise(() => {})); + const plugin = createDiscordGatewayPlugin({ + discordConfig: {}, + runtime, + }); + + const registerPromise = registerGatewayClient(plugin); + await vi.advanceTimersByTimeAsync(10_000); + await registerPromise; + + expect(baseRegisterClientSpy).toHaveBeenCalledTimes(1); + expect((plugin as unknown as { gatewayInfo?: { url?: string } }).gatewayInfo?.url).toBe( + "wss://gateway.discord.gg/", + ); + expect(runtime.log).toHaveBeenCalledWith( + expect.stringContaining("discord: gateway metadata lookup failed transiently"), + ); + }); + + it("refreshes fallback gateway metadata on the next register attempt", async () => { + const runtime = createRuntime(); + globalFetchMock + .mockResolvedValueOnce({ + ok: false, + status: 503, + text: async () => + "upstream connect error or disconnect/reset before headers. reset reason: overflow", + } as Response) + .mockResolvedValueOnce({ + ok: true, + status: 200, + text: async () => + JSON.stringify({ + url: "wss://gateway.discord.gg/?v=10", + shards: 8, + session_start_limit: { + total: 1000, + remaining: 999, + reset_after: 120_000, + max_concurrency: 16, + }, + }), + } as Response); + const plugin = createDiscordGatewayPlugin({ + discordConfig: {}, + runtime, + }); + + await registerGatewayClient(plugin); + await registerGatewayClient(plugin); + + expect(globalFetchMock).toHaveBeenCalledTimes(2); + expect(baseRegisterClientSpy).toHaveBeenCalledTimes(2); + expect( + (plugin as unknown as { gatewayInfo?: { url?: string; shards?: number } }).gatewayInfo, + ).toMatchObject({ + url: "wss://gateway.discord.gg/?v=10", + shards: 8, + }); + }); }); diff --git a/extensions/discord/src/monitor/provider.registry.test.ts b/extensions/discord/src/monitor/provider.registry.test.ts new file mode 100644 index 00000000000..5e092445065 --- /dev/null +++ b/extensions/discord/src/monitor/provider.registry.test.ts @@ -0,0 +1,48 @@ +import { beforeEach, describe, expect, it } from "vitest"; +import { clearPluginCommands, registerPluginCommand } from "../../../../src/plugins/commands.js"; +import { + baseConfig, + baseRuntime, + getProviderMonitorTestMocks, + resetDiscordProviderMonitorMocks, +} from "../../../../test/helpers/extensions/discord-provider.test-support.js"; + +const { createDiscordNativeCommandMock, clientHandleDeployRequestMock, monitorLifecycleMock } = + getProviderMonitorTestMocks(); + +describe("monitorDiscordProvider real plugin registry", () => { + beforeEach(() => { + clearPluginCommands(); + resetDiscordProviderMonitorMocks({ + nativeCommands: [{ name: "status", description: "Status", acceptsArgs: false }], + }); + }); + + it("registers plugin commands from the real registry as native Discord commands", async () => { + expect( + registerPluginCommand("demo-plugin", { + name: "pair", + description: "Pair device", + acceptsArgs: true, + requireAuth: false, + handler: async ({ args }) => ({ text: `paired:${args ?? ""}` }), + }), + ).toEqual({ ok: true }); + + const { monitorDiscordProvider } = await import("./provider.js"); + + await monitorDiscordProvider({ + config: baseConfig(), + runtime: baseRuntime(), + }); + + const commandNames = (createDiscordNativeCommandMock.mock.calls as Array) + .map((call) => (call[0] as { command?: { name?: string } } | undefined)?.command?.name) + .filter((value): value is string => typeof value === "string"); + + expect(commandNames).toContain("status"); + expect(commandNames).toContain("pair"); + expect(clientHandleDeployRequestMock).toHaveBeenCalledTimes(1); + expect(monitorLifecycleMock).toHaveBeenCalledTimes(1); + }); +}); diff --git a/extensions/discord/src/monitor/provider.test.ts b/extensions/discord/src/monitor/provider.test.ts index f00baf73ff8..8cda7cc90b3 100644 --- a/extensions/discord/src/monitor/provider.test.ts +++ b/extensions/discord/src/monitor/provider.test.ts @@ -2,262 +2,51 @@ import { EventEmitter } from "node:events"; import { beforeEach, describe, expect, it, vi } from "vitest"; import { AcpRuntimeError } from "../../../../src/acp/runtime/errors.js"; import type { OpenClawConfig } from "../../../../src/config/config.js"; -import type { RuntimeEnv } from "../../../../src/runtime.js"; - -type NativeCommandSpecMock = { - name: string; - description: string; - acceptsArgs: boolean; -}; - -type PluginCommandSpecMock = { - name: string; - description: string; - acceptsArgs: boolean; -}; - -function baseDiscordAccountConfig() { - return { - commands: { native: true, nativeSkills: false }, - voice: { enabled: false }, - agentComponents: { enabled: false }, - execApprovals: { enabled: false }, - }; -} +import { + baseConfig, + baseRuntime, + getFirstDiscordMessageHandlerParams, + getProviderMonitorTestMocks, + mockResolvedDiscordAccountConfig, + resetDiscordProviderMonitorMocks, +} from "../../../../test/helpers/extensions/discord-provider.test-support.js"; const { - clientHandleDeployRequestMock, + clientConstructorOptionsMock, clientFetchUserMock, clientGetPluginMock, - clientConstructorOptionsMock, + clientHandleDeployRequestMock, createDiscordAutoPresenceControllerMock, - createDiscordNativeCommandMock, createDiscordMessageHandlerMock, + createDiscordNativeCommandMock, + createdBindingManagers, createNoopThreadBindingManagerMock, createThreadBindingManagerMock, - reconcileAcpThreadBindingsOnStartupMock, - createdBindingManagers, getAcpSessionStatusMock, getPluginCommandSpecsMock, + isVerboseMock, listNativeCommandSpecsForConfigMock, listSkillCommandsForAgentsMock, monitorLifecycleMock, - resolveDiscordAccountMock, + reconcileAcpThreadBindingsOnStartupMock, resolveDiscordAllowlistConfigMock, + resolveDiscordAccountMock, resolveNativeCommandsEnabledMock, resolveNativeSkillsEnabledMock, - isVerboseMock, shouldLogVerboseMock, voiceRuntimeModuleLoadedMock, -} = vi.hoisted(() => { - const createdBindingManagers: Array<{ stop: ReturnType }> = []; - const isVerboseMock = vi.fn(() => false); - const shouldLogVerboseMock = vi.fn(() => false); +} = getProviderMonitorTestMocks(); + +vi.mock("openclaw/plugin-sdk/plugin-runtime", async () => { + const actual = await vi.importActual( + "openclaw/plugin-sdk/plugin-runtime", + ); return { - clientHandleDeployRequestMock: vi.fn(async () => undefined), - clientConstructorOptionsMock: vi.fn(), - createDiscordAutoPresenceControllerMock: vi.fn(() => ({ - enabled: false, - start: vi.fn(), - stop: vi.fn(), - refresh: vi.fn(), - runNow: vi.fn(), - })), - clientFetchUserMock: vi.fn(async (_target: string) => ({ id: "bot-1" })), - clientGetPluginMock: vi.fn<(_name: string) => unknown>(() => undefined), - createDiscordNativeCommandMock: vi.fn(() => ({ name: "mock-command" })), - createDiscordMessageHandlerMock: vi.fn(() => - Object.assign( - vi.fn(async () => undefined), - { - deactivate: vi.fn(), - }, - ), - ), - createNoopThreadBindingManagerMock: vi.fn(() => { - const manager = { stop: vi.fn() }; - createdBindingManagers.push(manager); - return manager; - }), - createThreadBindingManagerMock: vi.fn(() => { - const manager = { stop: vi.fn() }; - createdBindingManagers.push(manager); - return manager; - }), - reconcileAcpThreadBindingsOnStartupMock: vi.fn(() => ({ - checked: 0, - removed: 0, - staleSessionKeys: [], - })), - createdBindingManagers, - getAcpSessionStatusMock: vi.fn( - async (_params: { cfg: OpenClawConfig; sessionKey: string; signal?: AbortSignal }) => ({ - state: "idle", - }), - ), - getPluginCommandSpecsMock: vi.fn<() => PluginCommandSpecMock[]>(() => []), - listNativeCommandSpecsForConfigMock: vi.fn<() => NativeCommandSpecMock[]>(() => [ - { name: "cmd", description: "built-in", acceptsArgs: false }, - ]), - listSkillCommandsForAgentsMock: vi.fn(() => []), - monitorLifecycleMock: vi.fn(async (params: { threadBindings: { stop: () => void } }) => { - params.threadBindings.stop(); - }), - resolveDiscordAccountMock: vi.fn(() => ({ - accountId: "default", - token: "cfg-token", - config: baseDiscordAccountConfig(), - })), - resolveDiscordAllowlistConfigMock: vi.fn(async () => ({ - guildEntries: undefined, - allowFrom: undefined, - })), - resolveNativeCommandsEnabledMock: vi.fn(() => true), - resolveNativeSkillsEnabledMock: vi.fn(() => false), - isVerboseMock, - shouldLogVerboseMock, - voiceRuntimeModuleLoadedMock: vi.fn(), + ...actual, + getPluginCommandSpecs: getPluginCommandSpecsMock, }; }); -function mockResolvedDiscordAccountConfig(overrides: Record) { - resolveDiscordAccountMock.mockImplementation(() => ({ - accountId: "default", - token: "cfg-token", - config: { - ...baseDiscordAccountConfig(), - ...overrides, - }, - })); -} - -function getFirstDiscordMessageHandlerParams() { - expect(createDiscordMessageHandlerMock).toHaveBeenCalledTimes(1); - const firstCall = createDiscordMessageHandlerMock.mock.calls.at(0) as [T] | undefined; - return firstCall?.[0]; -} - -vi.mock("@buape/carbon", () => { - class ReadyListener {} - class RateLimitError extends Error { - status = 429; - discordCode?: number; - retryAfter: number; - scope: string | null; - bucket: string | null; - constructor( - response: Response, - body: { message: string; retry_after: number; global: boolean }, - ) { - super(body.message); - this.retryAfter = body.retry_after; - this.scope = body.global ? "global" : response.headers.get("X-RateLimit-Scope"); - this.bucket = response.headers.get("X-RateLimit-Bucket"); - } - } - class Client { - listeners: unknown[]; - rest: { put: ReturnType }; - options: unknown; - constructor(options: unknown, handlers: { listeners?: unknown[] }) { - this.options = options; - this.listeners = handlers.listeners ?? []; - this.rest = { put: vi.fn(async () => undefined) }; - clientConstructorOptionsMock(options); - } - async handleDeployRequest() { - return await clientHandleDeployRequestMock(); - } - async fetchUser(target: string) { - return await clientFetchUserMock(target); - } - getPlugin(name: string) { - return clientGetPluginMock(name); - } - } - return { Client, RateLimitError, ReadyListener }; -}); - -vi.mock("@buape/carbon/gateway", () => ({ - GatewayCloseCodes: { DisallowedIntents: 4014 }, -})); - -vi.mock("@buape/carbon/voice", () => ({ - VoicePlugin: class VoicePlugin {}, -})); - -vi.mock("../../../../src/auto-reply/chunk.js", () => ({ - resolveTextChunkLimit: () => 2000, -})); - -vi.mock("../../../../src/acp/control-plane/manager.js", () => ({ - getAcpSessionManager: () => ({ - getSessionStatus: getAcpSessionStatusMock, - }), -})); - -vi.mock("../../../../src/auto-reply/commands-registry.js", () => ({ - listNativeCommandSpecsForConfig: listNativeCommandSpecsForConfigMock, -})); - -vi.mock("../../../../src/auto-reply/skill-commands.js", () => ({ - listSkillCommandsForAgents: listSkillCommandsForAgentsMock, -})); - -vi.mock("../../../../src/config/commands.js", () => ({ - isNativeCommandsExplicitlyDisabled: () => false, - resolveNativeCommandsEnabled: resolveNativeCommandsEnabledMock, - resolveNativeSkillsEnabled: resolveNativeSkillsEnabledMock, -})); - -vi.mock("../../../../src/config/config.js", () => ({ - loadConfig: () => ({}), -})); - -vi.mock("../../../../src/globals.js", () => ({ - danger: (v: string) => v, - isVerbose: isVerboseMock, - logVerbose: vi.fn(), - shouldLogVerbose: shouldLogVerboseMock, - warn: (v: string) => v, -})); - -vi.mock("../../../../src/infra/errors.js", () => ({ - formatErrorMessage: (err: unknown) => String(err), -})); - -vi.mock("../../../../src/infra/retry-policy.js", () => ({ - createDiscordRetryRunner: () => async (run: () => Promise) => run(), -})); - -vi.mock("../../../../src/logging/subsystem.js", () => ({ - createSubsystemLogger: () => ({ info: vi.fn(), error: vi.fn() }), -})); - -vi.mock("../../../../src/plugins/commands.js", () => ({ - getPluginCommandSpecs: getPluginCommandSpecsMock, -})); - -vi.mock("../../../../src/runtime.js", () => ({ - createNonExitingRuntime: () => ({ log: vi.fn(), error: vi.fn(), exit: vi.fn() }), -})); - -vi.mock("../accounts.js", () => ({ - resolveDiscordAccount: resolveDiscordAccountMock, -})); - -vi.mock("../probe.js", () => ({ - fetchDiscordApplicationId: async () => "app-1", -})); - -vi.mock("../token.js", () => ({ - normalizeDiscordToken: (value?: string) => value, -})); - -vi.mock("../voice/command.js", () => ({ - createDiscordVoiceCommand: () => ({ name: "voice-command" }), -})); - vi.mock("../voice/manager.runtime.js", () => { voiceRuntimeModuleLoadedMock(); return { @@ -266,84 +55,6 @@ vi.mock("../voice/manager.runtime.js", () => { }; }); -vi.mock("./agent-components.js", () => ({ - createAgentComponentButton: () => ({ id: "btn" }), - createAgentSelectMenu: () => ({ id: "menu" }), - createDiscordComponentButton: () => ({ id: "btn2" }), - createDiscordComponentChannelSelect: () => ({ id: "channel" }), - createDiscordComponentMentionableSelect: () => ({ id: "mentionable" }), - createDiscordComponentModal: () => ({ id: "modal" }), - createDiscordComponentRoleSelect: () => ({ id: "role" }), - createDiscordComponentStringSelect: () => ({ id: "string" }), - createDiscordComponentUserSelect: () => ({ id: "user" }), -})); - -vi.mock("./commands.js", () => ({ - resolveDiscordSlashCommandConfig: () => ({ ephemeral: false }), -})); - -vi.mock("./exec-approvals.js", () => ({ - createExecApprovalButton: () => ({ id: "exec-approval" }), - DiscordExecApprovalHandler: class DiscordExecApprovalHandler { - async start() { - return undefined; - } - async stop() { - return undefined; - } - }, -})); - -vi.mock("./gateway-plugin.js", () => ({ - createDiscordGatewayPlugin: () => ({ id: "gateway-plugin" }), -})); - -vi.mock("./listeners.js", () => ({ - DiscordMessageListener: class DiscordMessageListener {}, - DiscordPresenceListener: class DiscordPresenceListener {}, - DiscordReactionListener: class DiscordReactionListener {}, - DiscordReactionRemoveListener: class DiscordReactionRemoveListener {}, - DiscordThreadUpdateListener: class DiscordThreadUpdateListener {}, - registerDiscordListener: vi.fn(), -})); - -vi.mock("./message-handler.js", () => ({ - createDiscordMessageHandler: createDiscordMessageHandlerMock, -})); - -vi.mock("./native-command.js", () => ({ - createDiscordCommandArgFallbackButton: () => ({ id: "arg-fallback" }), - createDiscordModelPickerFallbackButton: () => ({ id: "model-fallback-btn" }), - createDiscordModelPickerFallbackSelect: () => ({ id: "model-fallback-select" }), - createDiscordNativeCommand: createDiscordNativeCommandMock, -})); - -vi.mock("./presence.js", () => ({ - resolveDiscordPresenceUpdate: () => undefined, -})); - -vi.mock("./auto-presence.js", () => ({ - createDiscordAutoPresenceController: createDiscordAutoPresenceControllerMock, -})); - -vi.mock("./provider.allowlist.js", () => ({ - resolveDiscordAllowlistConfig: resolveDiscordAllowlistConfigMock, -})); - -vi.mock("./provider.lifecycle.js", () => ({ - runDiscordGatewayLifecycle: monitorLifecycleMock, -})); - -vi.mock("./rest-fetch.js", () => ({ - resolveDiscordRestFetch: () => async () => undefined, -})); - -vi.mock("./thread-bindings.js", () => ({ - createNoopThreadBindingManager: createNoopThreadBindingManagerMock, - createThreadBindingManager: createThreadBindingManagerMock, - reconcileAcpThreadBindingsOnStartup: reconcileAcpThreadBindingsOnStartupMock, -})); - describe("monitorDiscordProvider", () => { type ReconcileHealthProbeParams = { cfg: OpenClawConfig; @@ -360,25 +71,6 @@ describe("monitorDiscordProvider", () => { ) => Promise<{ status: string; reason?: string }>; }; - const baseRuntime = (): RuntimeEnv => { - return { - log: vi.fn(), - error: vi.fn(), - exit: vi.fn(), - }; - }; - - const baseConfig = (): OpenClawConfig => - ({ - channels: { - discord: { - accounts: { - default: {}, - }, - }, - }, - }) as OpenClawConfig; - const getConstructedEventQueue = (): { listenerTimeout?: number } | undefined => { expect(clientConstructorOptionsMock).toHaveBeenCalledTimes(1); const opts = clientConstructorOptionsMock.mock.calls[0]?.[0] as { @@ -398,53 +90,7 @@ describe("monitorDiscordProvider", () => { }; beforeEach(() => { - clientHandleDeployRequestMock.mockClear().mockResolvedValue(undefined); - clientConstructorOptionsMock.mockClear(); - createDiscordAutoPresenceControllerMock.mockClear().mockImplementation(() => ({ - enabled: false, - start: vi.fn(), - stop: vi.fn(), - refresh: vi.fn(), - runNow: vi.fn(), - })); - createDiscordMessageHandlerMock.mockClear().mockImplementation(() => - Object.assign( - vi.fn(async () => undefined), - { - deactivate: vi.fn(), - }, - ), - ); - clientFetchUserMock.mockClear().mockResolvedValue({ id: "bot-1" }); - clientGetPluginMock.mockClear().mockReturnValue(undefined); - createDiscordNativeCommandMock.mockClear().mockReturnValue({ name: "mock-command" }); - createNoopThreadBindingManagerMock.mockClear(); - createThreadBindingManagerMock.mockClear(); - reconcileAcpThreadBindingsOnStartupMock.mockClear().mockReturnValue({ - checked: 0, - removed: 0, - staleSessionKeys: [], - }); - getAcpSessionStatusMock.mockClear().mockResolvedValue({ state: "idle" }); - createdBindingManagers.length = 0; - getPluginCommandSpecsMock.mockClear().mockReturnValue([]); - listNativeCommandSpecsForConfigMock - .mockClear() - .mockReturnValue([{ name: "cmd", description: "built-in", acceptsArgs: false }]); - listSkillCommandsForAgentsMock.mockClear().mockReturnValue([]); - monitorLifecycleMock.mockClear().mockImplementation(async (params) => { - params.threadBindings.stop(); - }); - resolveDiscordAccountMock.mockClear(); - resolveDiscordAllowlistConfigMock.mockClear().mockResolvedValue({ - guildEntries: undefined, - allowFrom: undefined, - }); - resolveNativeCommandsEnabledMock.mockClear().mockReturnValue(true); - resolveNativeSkillsEnabledMock.mockClear().mockReturnValue(false); - isVerboseMock.mockClear().mockReturnValue(false); - shouldLogVerboseMock.mockClear().mockReturnValue(false); - voiceRuntimeModuleLoadedMock.mockClear(); + resetDiscordProviderMonitorMocks(); }); it("stops thread bindings when startup fails before lifecycle begins", async () => { diff --git a/extensions/discord/src/monitor/provider.ts b/extensions/discord/src/monitor/provider.ts index d4ef01ab0d8..9c766334964 100644 --- a/extensions/discord/src/monitor/provider.ts +++ b/extensions/discord/src/monitor/provider.ts @@ -11,39 +11,45 @@ import { import { GatewayCloseCodes, type GatewayPlugin } from "@buape/carbon/gateway"; import { VoicePlugin } from "@buape/carbon/voice"; import { Routes } from "discord-api-types/v10"; -import { getAcpSessionManager } from "../../../../src/acp/control-plane/manager.js"; -import { isAcpRuntimeError } from "../../../../src/acp/runtime/errors.js"; -import { resolveTextChunkLimit } from "../../../../src/auto-reply/chunk.js"; -import type { NativeCommandSpec } from "../../../../src/auto-reply/commands-registry.js"; -import { listNativeCommandSpecsForConfig } from "../../../../src/auto-reply/commands-registry.js"; -import type { HistoryEntry } from "../../../../src/auto-reply/reply/history.js"; -import { listSkillCommandsForAgents } from "../../../../src/auto-reply/skill-commands.js"; +import { getAcpSessionManager } from "openclaw/plugin-sdk/acp-runtime"; +import { isAcpRuntimeError } from "openclaw/plugin-sdk/acp-runtime"; import { resolveThreadBindingIdleTimeoutMs, resolveThreadBindingMaxAgeMs, resolveThreadBindingsEnabled, -} from "../../../../src/channels/thread-bindings-policy.js"; +} from "openclaw/plugin-sdk/channel-runtime"; import { isNativeCommandsExplicitlyDisabled, resolveNativeCommandsEnabled, resolveNativeSkillsEnabled, -} from "../../../../src/config/commands.js"; -import type { OpenClawConfig, ReplyToMode } from "../../../../src/config/config.js"; -import { loadConfig } from "../../../../src/config/config.js"; -import { isDangerousNameMatchingEnabled } from "../../../../src/config/dangerous-name-matching.js"; +} from "openclaw/plugin-sdk/config-runtime"; +import type { OpenClawConfig, ReplyToMode } from "openclaw/plugin-sdk/config-runtime"; +import { loadConfig } from "openclaw/plugin-sdk/config-runtime"; +import { isDangerousNameMatchingEnabled } from "openclaw/plugin-sdk/config-runtime"; import { GROUP_POLICY_BLOCKED_LABEL, resolveOpenProviderRuntimeGroupPolicy, resolveDefaultGroupPolicy, warnMissingProviderGroupPolicyFallbackOnce, -} from "../../../../src/config/runtime-group-policy.js"; -import { createConnectedChannelStatusPatch } from "../../../../src/gateway/channel-status-patches.js"; -import { danger, isVerbose, logVerbose, shouldLogVerbose, warn } from "../../../../src/globals.js"; -import { formatErrorMessage } from "../../../../src/infra/errors.js"; -import { createSubsystemLogger } from "../../../../src/logging/subsystem.js"; -import { getPluginCommandSpecs } from "../../../../src/plugins/commands.js"; -import { createNonExitingRuntime, type RuntimeEnv } from "../../../../src/runtime.js"; -import { summarizeStringEntries } from "../../../../src/shared/string-sample.js"; +} from "openclaw/plugin-sdk/config-runtime"; +import { createConnectedChannelStatusPatch } from "openclaw/plugin-sdk/gateway-runtime"; +import { formatErrorMessage } from "openclaw/plugin-sdk/infra-runtime"; +import { getPluginCommandSpecs } from "openclaw/plugin-sdk/plugin-runtime"; +import { resolveTextChunkLimit } from "openclaw/plugin-sdk/reply-runtime"; +import type { NativeCommandSpec } from "openclaw/plugin-sdk/reply-runtime"; +import { listNativeCommandSpecsForConfig } from "openclaw/plugin-sdk/reply-runtime"; +import type { HistoryEntry } from "openclaw/plugin-sdk/reply-runtime"; +import { listSkillCommandsForAgents } from "openclaw/plugin-sdk/reply-runtime"; +import { + danger, + isVerbose, + logVerbose, + shouldLogVerbose, + warn, +} from "openclaw/plugin-sdk/runtime-env"; +import { createSubsystemLogger } from "openclaw/plugin-sdk/runtime-env"; +import { createNonExitingRuntime, type RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; +import { summarizeStringEntries } from "openclaw/plugin-sdk/text-runtime"; import { resolveDiscordAccount } from "../accounts.js"; import { getDiscordGatewayEmitter } from "../monitor.gateway.js"; import { fetchDiscordApplicationId } from "../probe.js"; diff --git a/extensions/discord/src/monitor/reply-delivery.ts b/extensions/discord/src/monitor/reply-delivery.ts index 07e5c9e06c5..6e495d420ce 100644 --- a/extensions/discord/src/monitor/reply-delivery.ts +++ b/extensions/discord/src/monitor/reply-delivery.ts @@ -1,13 +1,17 @@ import type { RequestClient } from "@buape/carbon"; -import { resolveAgentAvatar } from "../../../../src/agents/identity-avatar.js"; -import type { ChunkMode } from "../../../../src/auto-reply/chunk.js"; -import type { ReplyPayload } from "../../../../src/auto-reply/types.js"; -import type { OpenClawConfig } from "../../../../src/config/config.js"; -import type { MarkdownTableMode, ReplyToMode } from "../../../../src/config/types.base.js"; -import { createDiscordRetryRunner, type RetryRunner } from "../../../../src/infra/retry-policy.js"; -import { resolveRetryConfig, retryAsync, type RetryConfig } from "../../../../src/infra/retry.js"; -import { convertMarkdownTables } from "../../../../src/markdown/tables.js"; -import type { RuntimeEnv } from "../../../../src/runtime.js"; +import { resolveAgentAvatar } from "openclaw/plugin-sdk/agent-runtime"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import type { MarkdownTableMode, ReplyToMode } from "openclaw/plugin-sdk/config-runtime"; +import { createDiscordRetryRunner, type RetryRunner } from "openclaw/plugin-sdk/infra-runtime"; +import { + resolveRetryConfig, + retryAsync, + type RetryConfig, +} from "openclaw/plugin-sdk/infra-runtime"; +import type { ChunkMode } from "openclaw/plugin-sdk/reply-runtime"; +import type { ReplyPayload } from "openclaw/plugin-sdk/reply-runtime"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; +import { convertMarkdownTables } from "openclaw/plugin-sdk/text-runtime"; import { resolveDiscordAccount } from "../accounts.js"; import { chunkDiscordTextWithMode } from "../chunk.js"; import { sendMessageDiscord, sendVoiceMessageDiscord, sendWebhookMessageDiscord } from "../send.js"; diff --git a/extensions/discord/src/monitor/rest-fetch.ts b/extensions/discord/src/monitor/rest-fetch.ts index 83be5a98325..43b4c768381 100644 --- a/extensions/discord/src/monitor/rest-fetch.ts +++ b/extensions/discord/src/monitor/rest-fetch.ts @@ -1,7 +1,7 @@ +import { wrapFetchWithAbortSignal } from "openclaw/plugin-sdk/infra-runtime"; +import { danger } from "openclaw/plugin-sdk/runtime-env"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; import { ProxyAgent, fetch as undiciFetch } from "undici"; -import { danger } from "../../../../src/globals.js"; -import { wrapFetchWithAbortSignal } from "../../../../src/infra/fetch.js"; -import type { RuntimeEnv } from "../../../../src/runtime.js"; export function resolveDiscordRestFetch( proxyUrl: string | undefined, diff --git a/extensions/discord/src/monitor/route-resolution.ts b/extensions/discord/src/monitor/route-resolution.ts index aacbebbd51e..f76c9b49f65 100644 --- a/extensions/discord/src/monitor/route-resolution.ts +++ b/extensions/discord/src/monitor/route-resolution.ts @@ -1,11 +1,11 @@ -import type { OpenClawConfig } from "../../../../src/config/config.js"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; import { deriveLastRoutePolicy, resolveAgentRoute, type ResolvedAgentRoute, type RoutePeer, -} from "../../../../src/routing/resolve-route.js"; -import { resolveAgentIdFromSessionKey } from "../../../../src/routing/session-key.js"; +} from "openclaw/plugin-sdk/routing"; +import { resolveAgentIdFromSessionKey } from "openclaw/plugin-sdk/routing"; export function buildDiscordRoutePeer(params: { isDirectMessage: boolean; diff --git a/extensions/discord/src/monitor/thread-bindings.config.ts b/extensions/discord/src/monitor/thread-bindings.config.ts index 830d54d0d1b..701defcfbe1 100644 --- a/extensions/discord/src/monitor/thread-bindings.config.ts +++ b/extensions/discord/src/monitor/thread-bindings.config.ts @@ -2,9 +2,9 @@ import { resolveThreadBindingIdleTimeoutMs, resolveThreadBindingMaxAgeMs, resolveThreadBindingsEnabled, -} from "../../../../src/channels/thread-bindings-policy.js"; -import type { OpenClawConfig } from "../../../../src/config/config.js"; -import { normalizeAccountId } from "../../../../src/routing/session-key.js"; +} from "openclaw/plugin-sdk/channel-runtime"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { normalizeAccountId } from "openclaw/plugin-sdk/routing"; export { resolveThreadBindingIdleTimeoutMs, diff --git a/extensions/discord/src/monitor/thread-bindings.discord-api.ts b/extensions/discord/src/monitor/thread-bindings.discord-api.ts index 134eda0f109..d144bb22b72 100644 --- a/extensions/discord/src/monitor/thread-bindings.discord-api.ts +++ b/extensions/discord/src/monitor/thread-bindings.discord-api.ts @@ -1,6 +1,6 @@ import { ChannelType, Routes } from "discord-api-types/v10"; -import type { OpenClawConfig } from "../../../../src/config/config.js"; -import { logVerbose } from "../../../../src/globals.js"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { logVerbose } from "openclaw/plugin-sdk/runtime-env"; import { createDiscordRestClient } from "../client.js"; import { sendMessageDiscord, sendWebhookMessageDiscord } from "../send.js"; import { createThreadDiscord } from "../send.messages.js"; diff --git a/extensions/discord/src/monitor/thread-bindings.lifecycle.test.ts b/extensions/discord/src/monitor/thread-bindings.lifecycle.test.ts index ed221645fcf..237cc6b8081 100644 --- a/extensions/discord/src/monitor/thread-bindings.lifecycle.test.ts +++ b/extensions/discord/src/monitor/thread-bindings.lifecycle.test.ts @@ -1,6 +1,7 @@ import fs from "node:fs"; import os from "node:os"; import path from "node:path"; +import { ChannelType } from "discord-api-types/v10"; import { beforeEach, describe, expect, it, vi } from "vitest"; import { clearRuntimeConfigSnapshot, @@ -12,12 +13,12 @@ import { getSessionBindingService } from "../../../../src/infra/outbound/session const hoisted = vi.hoisted(() => { const sendMessageDiscord = vi.fn(async (_to: string, _text: string, _opts?: unknown) => ({})); const sendWebhookMessageDiscord = vi.fn(async (_text: string, _opts?: unknown) => ({})); - const restGet = vi.fn(async () => ({ + const restGet = vi.fn(async (..._args: unknown[]) => ({ id: "thread-1", type: 11, parent_id: "parent-1", })); - const restPost = vi.fn(async () => ({ + const restPost = vi.fn(async (..._args: unknown[]) => ({ id: "wh-created", token: "tok-created", })); @@ -45,47 +46,151 @@ vi.mock("../send.js", () => ({ sendWebhookMessageDiscord: hoisted.sendWebhookMessageDiscord, })); -vi.mock("../client.js", () => ({ - createDiscordRestClient: hoisted.createDiscordRestClient, -})); - vi.mock("../send.messages.js", () => ({ createThreadDiscord: hoisted.createThreadDiscord, })); -vi.mock("../../../../src/acp/runtime/session-meta.js", async (importOriginal) => { - const actual = - await importOriginal(); - return { - ...actual, - readAcpSessionEntry: hoisted.readAcpSessionEntry, - }; -}); - +const { __testing, createThreadBindingManager } = await import("./thread-bindings.manager.js"); const { - __testing, autoBindSpawnedDiscordSubagent, - createThreadBindingManager, reconcileAcpThreadBindingsOnStartup, - resolveThreadBindingInactivityExpiresAt, - resolveThreadBindingIntroText, - resolveThreadBindingMaxAgeExpiresAt, setThreadBindingIdleTimeoutBySessionKey, setThreadBindingMaxAgeBySessionKey, unbindThreadBindingsBySessionKey, -} = await import("./thread-bindings.js"); +} = await import("./thread-bindings.lifecycle.js"); +const { resolveThreadBindingInactivityExpiresAt, resolveThreadBindingMaxAgeExpiresAt } = + await import("./thread-bindings.state.js"); +const { resolveThreadBindingIntroText } = await import("./thread-bindings.messages.js"); +const discordClientModule = await import("../client.js"); +const discordThreadBindingApi = await import("./thread-bindings.discord-api.js"); +const acpRuntime = await import("openclaw/plugin-sdk/acp-runtime"); describe("thread binding lifecycle", () => { beforeEach(() => { __testing.resetThreadBindingsForTests(); clearRuntimeConfigSnapshot(); - hoisted.sendMessageDiscord.mockClear(); - hoisted.sendWebhookMessageDiscord.mockClear(); - hoisted.restGet.mockClear(); - hoisted.restPost.mockClear(); - hoisted.createDiscordRestClient.mockClear(); - hoisted.createThreadDiscord.mockClear(); + vi.restoreAllMocks(); + hoisted.sendMessageDiscord.mockReset().mockResolvedValue({}); + hoisted.sendWebhookMessageDiscord.mockReset().mockResolvedValue({}); + hoisted.restGet.mockReset().mockResolvedValue({ + id: "thread-1", + type: 11, + parent_id: "parent-1", + }); + hoisted.restPost.mockReset().mockResolvedValue({ + id: "wh-created", + token: "tok-created", + }); + hoisted.createDiscordRestClient.mockReset().mockImplementation((..._args: unknown[]) => ({ + rest: { + get: hoisted.restGet, + post: hoisted.restPost, + }, + })); + hoisted.createThreadDiscord.mockReset().mockResolvedValue({ id: "thread-created" }); hoisted.readAcpSessionEntry.mockReset().mockReturnValue(null); + vi.spyOn(discordClientModule, "createDiscordRestClient").mockImplementation( + (...args) => + hoisted.createDiscordRestClient(...args) as unknown as ReturnType< + typeof discordClientModule.createDiscordRestClient + >, + ); + vi.spyOn(discordThreadBindingApi, "createWebhookForChannel").mockImplementation( + async (params) => { + const rest = hoisted.createDiscordRestClient( + { + accountId: params.accountId, + token: params.token, + }, + params.cfg, + ).rest; + const created = (await rest.post("mock:channel-webhook")) as { + id?: string; + token?: string; + }; + return { + webhookId: typeof created?.id === "string" ? created.id.trim() || undefined : undefined, + webhookToken: + typeof created?.token === "string" ? created.token.trim() || undefined : undefined, + }; + }, + ); + vi.spyOn(discordThreadBindingApi, "resolveChannelIdForBinding").mockImplementation( + async (params) => { + const explicit = params.channelId?.trim(); + if (explicit) { + return explicit; + } + const rest = hoisted.createDiscordRestClient( + { + accountId: params.accountId, + token: params.token, + }, + params.cfg, + ).rest; + const channel = (await rest.get("mock:channel-resolve")) as { + id?: string; + type?: number; + parent_id?: string; + parentId?: string; + }; + const channelId = typeof channel?.id === "string" ? channel.id.trim() : ""; + const parentId = + typeof channel?.parent_id === "string" + ? channel.parent_id.trim() + : typeof channel?.parentId === "string" + ? channel.parentId.trim() + : ""; + const isThreadType = + channel?.type === ChannelType.PublicThread || + channel?.type === ChannelType.PrivateThread || + channel?.type === ChannelType.AnnouncementThread; + if (parentId && isThreadType) { + return parentId; + } + return channelId || null; + }, + ); + vi.spyOn(discordThreadBindingApi, "createThreadForBinding").mockImplementation( + async (params) => { + const created = await hoisted.createThreadDiscord( + params.channelId, + { + name: params.threadName, + autoArchiveMinutes: 60, + }, + { + accountId: params.accountId, + token: params.token, + cfg: params.cfg, + }, + ); + return typeof created?.id === "string" ? created.id.trim() || null : null; + }, + ); + vi.spyOn(discordThreadBindingApi, "maybeSendBindingMessage").mockImplementation( + async (params) => { + if ( + params.preferWebhook !== false && + params.record.webhookId && + params.record.webhookToken + ) { + await hoisted.sendWebhookMessageDiscord(params.text, { + cfg: params.cfg, + webhookId: params.record.webhookId, + webhookToken: params.record.webhookToken, + accountId: params.record.accountId, + threadId: params.record.threadId, + }); + return; + } + await hoisted.sendMessageDiscord(`channel:${params.record.threadId}`, params.text, { + cfg: params.cfg, + accountId: params.record.accountId, + }); + }, + ); + vi.spyOn(acpRuntime, "readAcpSessionEntry").mockImplementation(hoisted.readAcpSessionEntry); vi.useRealTimers(); }); @@ -93,7 +198,7 @@ describe("thread binding lifecycle", () => { createThreadBindingManager({ accountId: "default", persist: false, - enableSweeper: true, + enableSweeper: false, idleTimeoutMs: 24 * 60 * 60 * 1000, maxAgeMs: 0, }); @@ -139,7 +244,7 @@ describe("thread binding lifecycle", () => { const manager = createThreadBindingManager({ accountId: "default", persist: false, - enableSweeper: true, + enableSweeper: false, idleTimeoutMs: 60_000, maxAgeMs: 0, }); @@ -159,6 +264,7 @@ describe("thread binding lifecycle", () => { hoisted.sendWebhookMessageDiscord.mockClear(); await vi.advanceTimersByTimeAsync(120_000); + await __testing.runThreadBindingSweepForAccount("default"); expect(manager.getByThreadId("thread-1")).toBeUndefined(); expect(hoisted.restGet).not.toHaveBeenCalled(); @@ -177,7 +283,7 @@ describe("thread binding lifecycle", () => { const manager = createThreadBindingManager({ accountId: "default", persist: false, - enableSweeper: true, + enableSweeper: false, idleTimeoutMs: 0, maxAgeMs: 60_000, }); @@ -195,6 +301,7 @@ describe("thread binding lifecycle", () => { hoisted.sendMessageDiscord.mockClear(); await vi.advanceTimersByTimeAsync(120_000); + await __testing.runThreadBindingSweepForAccount("default"); expect(manager.getByThreadId("thread-1")).toBeUndefined(); expect(hoisted.sendMessageDiscord).toHaveBeenCalledTimes(1); @@ -214,6 +321,7 @@ describe("thread binding lifecycle", () => { hoisted.restGet.mockRejectedValueOnce(new Error("ECONNRESET")); await vi.advanceTimersByTimeAsync(120_000); + await __testing.runThreadBindingSweepForAccount("default"); expect(manager.getByThreadId("thread-1")).toBeDefined(); expect(hoisted.sendWebhookMessageDiscord).not.toHaveBeenCalled(); @@ -234,6 +342,7 @@ describe("thread binding lifecycle", () => { }); await vi.advanceTimersByTimeAsync(120_000); + await __testing.runThreadBindingSweepForAccount("default"); expect(manager.getByThreadId("thread-1")).toBeUndefined(); expect(hoisted.sendWebhookMessageDiscord).not.toHaveBeenCalled(); @@ -334,7 +443,7 @@ describe("thread binding lifecycle", () => { const manager = createThreadBindingManager({ accountId: "default", persist: false, - enableSweeper: true, + enableSweeper: false, idleTimeoutMs: 60_000, maxAgeMs: 0, }); @@ -358,6 +467,7 @@ describe("thread binding lifecycle", () => { expect(updated[0]?.idleTimeoutMs).toBe(0); await vi.advanceTimersByTimeAsync(240_000); + await __testing.runThreadBindingSweepForAccount("default"); expect(manager.getByThreadId("thread-1")).toBeDefined(); } finally { @@ -371,7 +481,7 @@ describe("thread binding lifecycle", () => { const manager = createThreadBindingManager({ accountId: "default", persist: false, - enableSweeper: true, + enableSweeper: false, idleTimeoutMs: 60_000, maxAgeMs: 0, }); @@ -417,6 +527,7 @@ describe("thread binding lifecycle", () => { hoisted.sendMessageDiscord.mockClear(); await vi.advanceTimersByTimeAsync(120_000); + await __testing.runThreadBindingSweepForAccount("default"); expect(manager.getByThreadId("thread-2")).toBeDefined(); expect(hoisted.sendMessageDiscord).not.toHaveBeenCalled(); diff --git a/extensions/discord/src/monitor/thread-bindings.lifecycle.ts b/extensions/discord/src/monitor/thread-bindings.lifecycle.ts index d7d96857250..230a9cd7273 100644 --- a/extensions/discord/src/monitor/thread-bindings.lifecycle.ts +++ b/extensions/discord/src/monitor/thread-bindings.lifecycle.ts @@ -1,9 +1,6 @@ -import { - readAcpSessionEntry, - type AcpSessionStoreEntry, -} from "../../../../src/acp/runtime/session-meta.js"; -import type { OpenClawConfig } from "../../../../src/config/config.js"; -import { normalizeAccountId } from "../../../../src/routing/session-key.js"; +import { readAcpSessionEntry, type AcpSessionStoreEntry } from "openclaw/plugin-sdk/acp-runtime"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { normalizeAccountId } from "openclaw/plugin-sdk/routing"; import { parseDiscordTarget } from "../targets.js"; import { resolveChannelIdForBinding } from "./thread-bindings.discord-api.js"; import { getThreadBindingManager } from "./thread-bindings.manager.js"; diff --git a/extensions/discord/src/monitor/thread-bindings.manager.ts b/extensions/discord/src/monitor/thread-bindings.manager.ts index efa599cadc2..5c37ac4bbf0 100644 --- a/extensions/discord/src/monitor/thread-bindings.manager.ts +++ b/extensions/discord/src/monitor/thread-bindings.manager.ts @@ -1,17 +1,14 @@ import { Routes } from "discord-api-types/v10"; -import { resolveThreadBindingConversationIdFromBindingId } from "../../../../src/channels/thread-binding-id.js"; -import { getRuntimeConfigSnapshot, type OpenClawConfig } from "../../../../src/config/config.js"; -import { logVerbose } from "../../../../src/globals.js"; +import { resolveThreadBindingConversationIdFromBindingId } from "openclaw/plugin-sdk/channel-runtime"; +import { getRuntimeConfigSnapshot, type OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; import { registerSessionBindingAdapter, unregisterSessionBindingAdapter, type BindingTargetKind, type SessionBindingRecord, -} from "../../../../src/infra/outbound/session-binding-service.js"; -import { - normalizeAccountId, - resolveAgentIdFromSessionKey, -} from "../../../../src/routing/session-key.js"; +} from "openclaw/plugin-sdk/conversation-runtime"; +import { normalizeAccountId, resolveAgentIdFromSessionKey } from "openclaw/plugin-sdk/routing"; +import { logVerbose } from "openclaw/plugin-sdk/runtime-env"; import { createDiscordRestClient } from "../client.js"; import { createThreadForBinding, @@ -72,6 +69,8 @@ function unregisterManager(accountId: string, manager: ThreadBindingManager) { } } +const SWEEPERS_BY_ACCOUNT_ID = new Map Promise>(); + function resolveEffectiveBindingExpiresAt(params: { record: ThreadBindingRecord; defaultIdleTimeoutMs: number; @@ -203,6 +202,111 @@ export function createThreadBindingManager( const resolveCurrentToken = () => getThreadBindingToken(accountId) ?? params.token; let sweepTimer: NodeJS.Timeout | null = null; + const runSweepOnce = async () => { + const bindings = manager.listBindings(); + if (bindings.length === 0) { + return; + } + let rest: ReturnType["rest"] | null = null; + for (const snapshotBinding of bindings) { + // Re-read live state after any awaited work from earlier iterations. + // This avoids unbinding based on stale snapshot data when activity touches + // happen while the sweeper loop is in-flight. + const binding = manager.getByThreadId(snapshotBinding.threadId); + if (!binding) { + continue; + } + const now = Date.now(); + const inactivityExpiresAt = resolveThreadBindingInactivityExpiresAt({ + record: binding, + defaultIdleTimeoutMs: idleTimeoutMs, + }); + const maxAgeExpiresAt = resolveThreadBindingMaxAgeExpiresAt({ + record: binding, + defaultMaxAgeMs: maxAgeMs, + }); + const expirationCandidates: Array<{ + reason: "idle-expired" | "max-age-expired"; + at: number; + }> = []; + if (inactivityExpiresAt != null && now >= inactivityExpiresAt) { + expirationCandidates.push({ reason: "idle-expired", at: inactivityExpiresAt }); + } + if (maxAgeExpiresAt != null && now >= maxAgeExpiresAt) { + expirationCandidates.push({ reason: "max-age-expired", at: maxAgeExpiresAt }); + } + if (expirationCandidates.length > 0) { + expirationCandidates.sort((a, b) => a.at - b.at); + const reason = expirationCandidates[0]?.reason ?? "idle-expired"; + manager.unbindThread({ + threadId: binding.threadId, + reason, + sendFarewell: true, + farewellText: resolveThreadBindingFarewellText({ + reason, + idleTimeoutMs: resolveThreadBindingIdleTimeoutMs({ + record: binding, + defaultIdleTimeoutMs: idleTimeoutMs, + }), + maxAgeMs: resolveThreadBindingMaxAgeMs({ + record: binding, + defaultMaxAgeMs: maxAgeMs, + }), + }), + }); + continue; + } + if (isDirectConversationBindingId(binding.threadId)) { + continue; + } + if (!rest) { + try { + const cfg = resolveCurrentCfg(); + rest = createDiscordRestClient( + { + accountId, + token: resolveCurrentToken(), + }, + cfg, + ).rest; + } catch { + return; + } + } + try { + const channel = await rest.get(Routes.channel(binding.threadId)); + if (!channel || typeof channel !== "object") { + logVerbose( + `discord thread binding sweep probe returned invalid payload for ${binding.threadId}`, + ); + continue; + } + if (isThreadArchived(channel)) { + manager.unbindThread({ + threadId: binding.threadId, + reason: "thread-archived", + sendFarewell: true, + }); + } + } catch (err) { + if (isDiscordThreadGoneError(err)) { + logVerbose( + `discord thread binding sweep removing stale binding ${binding.threadId}: ${summarizeDiscordError(err)}`, + ); + manager.unbindThread({ + threadId: binding.threadId, + reason: "thread-delete", + sendFarewell: false, + }); + continue; + } + logVerbose( + `discord thread binding sweep probe failed for ${binding.threadId}: ${summarizeDiscordError(err)}`, + ); + } + } + }; + SWEEPERS_BY_ACCOUNT_ID.set(accountId, runSweepOnce); const manager: ThreadBindingManager = { accountId, @@ -447,6 +551,7 @@ export function createThreadBindingManager( clearInterval(sweepTimer); sweepTimer = null; } + SWEEPERS_BY_ACCOUNT_ID.delete(accountId); unregisterManager(accountId, manager); unregisterSessionBindingAdapter({ channel: "discord", @@ -458,110 +563,13 @@ export function createThreadBindingManager( if (params.enableSweeper !== false) { sweepTimer = setInterval(() => { - void (async () => { - const bindings = manager.listBindings(); - if (bindings.length === 0) { - return; - } - let rest; - try { - const cfg = resolveCurrentCfg(); - rest = createDiscordRestClient( - { - accountId, - token: resolveCurrentToken(), - }, - cfg, - ).rest; - } catch { - return; - } - for (const snapshotBinding of bindings) { - // Re-read live state after any awaited work from earlier iterations. - // This avoids unbinding based on stale snapshot data when activity touches - // happen while the sweeper loop is in-flight. - const binding = manager.getByThreadId(snapshotBinding.threadId); - if (!binding) { - continue; - } - const now = Date.now(); - const inactivityExpiresAt = resolveThreadBindingInactivityExpiresAt({ - record: binding, - defaultIdleTimeoutMs: idleTimeoutMs, - }); - const maxAgeExpiresAt = resolveThreadBindingMaxAgeExpiresAt({ - record: binding, - defaultMaxAgeMs: maxAgeMs, - }); - const expirationCandidates: Array<{ - reason: "idle-expired" | "max-age-expired"; - at: number; - }> = []; - if (inactivityExpiresAt != null && now >= inactivityExpiresAt) { - expirationCandidates.push({ reason: "idle-expired", at: inactivityExpiresAt }); - } - if (maxAgeExpiresAt != null && now >= maxAgeExpiresAt) { - expirationCandidates.push({ reason: "max-age-expired", at: maxAgeExpiresAt }); - } - if (expirationCandidates.length > 0) { - expirationCandidates.sort((a, b) => a.at - b.at); - const reason = expirationCandidates[0]?.reason ?? "idle-expired"; - manager.unbindThread({ - threadId: binding.threadId, - reason, - sendFarewell: true, - farewellText: resolveThreadBindingFarewellText({ - reason, - idleTimeoutMs: resolveThreadBindingIdleTimeoutMs({ - record: binding, - defaultIdleTimeoutMs: idleTimeoutMs, - }), - maxAgeMs: resolveThreadBindingMaxAgeMs({ - record: binding, - defaultMaxAgeMs: maxAgeMs, - }), - }), - }); - continue; - } - if (isDirectConversationBindingId(binding.threadId)) { - continue; - } - try { - const channel = await rest.get(Routes.channel(binding.threadId)); - if (!channel || typeof channel !== "object") { - logVerbose( - `discord thread binding sweep probe returned invalid payload for ${binding.threadId}`, - ); - continue; - } - if (isThreadArchived(channel)) { - manager.unbindThread({ - threadId: binding.threadId, - reason: "thread-archived", - sendFarewell: true, - }); - } - } catch (err) { - if (isDiscordThreadGoneError(err)) { - logVerbose( - `discord thread binding sweep removing stale binding ${binding.threadId}: ${summarizeDiscordError(err)}`, - ); - manager.unbindThread({ - threadId: binding.threadId, - reason: "thread-delete", - sendFarewell: false, - }); - continue; - } - logVerbose( - `discord thread binding sweep probe failed for ${binding.threadId}: ${summarizeDiscordError(err)}`, - ); - } - } - })(); + void runSweepOnce(); }, THREAD_BINDINGS_SWEEP_INTERVAL_MS); - sweepTimer.unref?.(); + // Keep the production process free to exit, but avoid breaking fake-timer + // sweeper tests where unref'd intervals may never fire. + if (!(process.env.VITEST || process.env.NODE_ENV === "test")) { + sweepTimer.unref?.(); + } } registerSessionBindingAdapter({ @@ -693,4 +701,10 @@ export const __testing = { resolveThreadBindingsPath, resolveThreadBindingThreadName, resetThreadBindingsForTests, + runThreadBindingSweepForAccount: async (accountId?: string) => { + const sweep = SWEEPERS_BY_ACCOUNT_ID.get(normalizeAccountId(accountId)); + if (sweep) { + await sweep(); + } + }, }; diff --git a/extensions/discord/src/monitor/thread-bindings.messages.ts b/extensions/discord/src/monitor/thread-bindings.messages.ts index 3fc122cbe71..043e888b7fc 100644 --- a/extensions/discord/src/monitor/thread-bindings.messages.ts +++ b/extensions/discord/src/monitor/thread-bindings.messages.ts @@ -3,4 +3,4 @@ export { resolveThreadBindingFarewellText, resolveThreadBindingIntroText, resolveThreadBindingThreadName, -} from "../../../../src/channels/thread-bindings-messages.js"; +} from "openclaw/plugin-sdk/channel-runtime"; diff --git a/extensions/discord/src/monitor/thread-bindings.persona.ts b/extensions/discord/src/monitor/thread-bindings.persona.ts index 6798df009e0..2ee38c5f49d 100644 --- a/extensions/discord/src/monitor/thread-bindings.persona.ts +++ b/extensions/discord/src/monitor/thread-bindings.persona.ts @@ -1,4 +1,4 @@ -import { SYSTEM_MARK } from "../../../../src/infra/system-message.js"; +import { SYSTEM_MARK } from "openclaw/plugin-sdk/infra-runtime"; import type { ThreadBindingRecord } from "./thread-bindings.types.js"; const THREAD_BINDING_PERSONA_MAX_CHARS = 80; diff --git a/extensions/discord/src/monitor/thread-bindings.state.ts b/extensions/discord/src/monitor/thread-bindings.state.ts index cfcbc65f3f5..97de19c1dd5 100644 --- a/extensions/discord/src/monitor/thread-bindings.state.ts +++ b/extensions/discord/src/monitor/thread-bindings.state.ts @@ -1,11 +1,8 @@ import fs from "node:fs"; import path from "node:path"; -import { resolveStateDir } from "../../../../src/config/paths.js"; -import { loadJsonFile, saveJsonFile } from "../../../../src/infra/json-file.js"; -import { - normalizeAccountId, - resolveAgentIdFromSessionKey, -} from "../../../../src/routing/session-key.js"; +import { loadJsonFile, saveJsonFile } from "openclaw/plugin-sdk/json-store"; +import { normalizeAccountId, resolveAgentIdFromSessionKey } from "openclaw/plugin-sdk/routing"; +import { resolveStateDir } from "openclaw/plugin-sdk/state-paths"; import { DEFAULT_THREAD_BINDING_IDLE_TIMEOUT_MS, DEFAULT_THREAD_BINDING_MAX_AGE_MS, diff --git a/extensions/discord/src/monitor/thread-session-close.test.ts b/extensions/discord/src/monitor/thread-session-close.test.ts index f2109150c66..a5cca87119c 100644 --- a/extensions/discord/src/monitor/thread-session-close.test.ts +++ b/extensions/discord/src/monitor/thread-session-close.test.ts @@ -6,10 +6,14 @@ const hoisted = vi.hoisted(() => { return { updateSessionStore, resolveStorePath }; }); -vi.mock("../../../../src/config/sessions.js", () => ({ - updateSessionStore: hoisted.updateSessionStore, - resolveStorePath: hoisted.resolveStorePath, -})); +vi.mock("openclaw/plugin-sdk/config-runtime", async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + updateSessionStore: hoisted.updateSessionStore, + resolveStorePath: hoisted.resolveStorePath, + }; +}); const { closeDiscordThreadSessions } = await import("./thread-session-close.js"); diff --git a/extensions/discord/src/monitor/thread-session-close.ts b/extensions/discord/src/monitor/thread-session-close.ts index ca73f623bd0..6a5d6c88c8b 100644 --- a/extensions/discord/src/monitor/thread-session-close.ts +++ b/extensions/discord/src/monitor/thread-session-close.ts @@ -1,5 +1,5 @@ -import type { OpenClawConfig } from "../../../../src/config/config.js"; -import { resolveStorePath, updateSessionStore } from "../../../../src/config/sessions.js"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { resolveStorePath, updateSessionStore } from "openclaw/plugin-sdk/config-runtime"; /** * Marks every session entry in the store whose key contains {@link threadId} diff --git a/extensions/discord/src/monitor/threading.ts b/extensions/discord/src/monitor/threading.ts index 035354b98af..c3bf70d659c 100644 --- a/extensions/discord/src/monitor/threading.ts +++ b/extensions/discord/src/monitor/threading.ts @@ -1,10 +1,10 @@ import { ChannelType, type Client } from "@buape/carbon"; import { Routes } from "discord-api-types/v10"; -import { createReplyReferencePlanner } from "../../../../src/auto-reply/reply/reply-reference.js"; -import type { ReplyToMode } from "../../../../src/config/config.js"; -import { logVerbose } from "../../../../src/globals.js"; -import { buildAgentSessionKey } from "../../../../src/routing/resolve-route.js"; -import { truncateUtf16Safe } from "../../../../src/utils.js"; +import type { ReplyToMode } from "openclaw/plugin-sdk/config-runtime"; +import { createReplyReferencePlanner } from "openclaw/plugin-sdk/reply-runtime"; +import { buildAgentSessionKey } from "openclaw/plugin-sdk/routing"; +import { logVerbose } from "openclaw/plugin-sdk/runtime-env"; +import { truncateUtf16Safe } from "openclaw/plugin-sdk/text-runtime"; import type { DiscordChannelConfigResolved } from "./allow-list.js"; import type { DiscordMessageEvent } from "./listeners.js"; import { diff --git a/extensions/discord/src/outbound-adapter.ts b/extensions/discord/src/outbound-adapter.ts index bc2f5f8c2d1..93fd1cb8bfb 100644 --- a/extensions/discord/src/outbound-adapter.ts +++ b/extensions/discord/src/outbound-adapter.ts @@ -2,11 +2,11 @@ import { resolvePayloadMediaUrls, sendPayloadMediaSequence, sendTextMediaPayload, -} from "../../../src/channels/plugins/outbound/direct-text-media.js"; -import type { ChannelOutboundAdapter } from "../../../src/channels/plugins/types.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import type { OutboundIdentity } from "../../../src/infra/outbound/identity.js"; -import { resolveOutboundSendDep } from "../../../src/infra/outbound/send-deps.js"; +} from "openclaw/plugin-sdk/channel-runtime"; +import type { ChannelOutboundAdapter } from "openclaw/plugin-sdk/channel-runtime"; +import { resolveOutboundSendDep } from "openclaw/plugin-sdk/channel-runtime"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import type { OutboundIdentity } from "openclaw/plugin-sdk/infra-runtime"; import type { DiscordComponentMessageSpec } from "./components.js"; import { getThreadBindingManager, type ThreadBindingRecord } from "./monitor/thread-bindings.js"; import { normalizeDiscordOutboundTarget } from "./normalize.js"; diff --git a/extensions/discord/src/pluralkit.ts b/extensions/discord/src/pluralkit.ts index e328fb27eff..b8e6b30609a 100644 --- a/extensions/discord/src/pluralkit.ts +++ b/extensions/discord/src/pluralkit.ts @@ -1,4 +1,4 @@ -import { resolveFetch } from "../../../src/infra/fetch.js"; +import { resolveFetch } from "openclaw/plugin-sdk/infra-runtime"; const PLURALKIT_API_BASE = "https://api.pluralkit.me/v2"; diff --git a/extensions/discord/src/probe.ts b/extensions/discord/src/probe.ts index b434cd8c78d..f84b4aad10a 100644 --- a/extensions/discord/src/probe.ts +++ b/extensions/discord/src/probe.ts @@ -1,6 +1,6 @@ -import type { BaseProbeResult } from "../../../src/channels/plugins/types.js"; -import { resolveFetch } from "../../../src/infra/fetch.js"; -import { fetchWithTimeout } from "../../../src/utils/fetch-timeout.js"; +import type { BaseProbeResult } from "openclaw/plugin-sdk/channel-runtime"; +import { resolveFetch } from "openclaw/plugin-sdk/infra-runtime"; +import { fetchWithTimeout } from "openclaw/plugin-sdk/text-runtime"; import { normalizeDiscordToken } from "./token.js"; const DISCORD_API_BASE = "https://discord.com/api/v10"; diff --git a/extensions/discord/src/resolve-channels.test.ts b/extensions/discord/src/resolve-channels.test.ts index fb46792aaaa..8fd06593923 100644 --- a/extensions/discord/src/resolve-channels.test.ts +++ b/extensions/discord/src/resolve-channels.test.ts @@ -1,5 +1,5 @@ import { describe, expect, it } from "vitest"; -import { withFetchPreconnect } from "../../../src/test-utils/fetch-mock.js"; +import { withFetchPreconnect } from "../../../test/helpers/extensions/fetch-mock.js"; import { resolveDiscordChannelAllowlist } from "./resolve-channels.js"; import { jsonResponse, urlToString } from "./test-http-helpers.js"; diff --git a/extensions/discord/src/resolve-users.test.ts b/extensions/discord/src/resolve-users.test.ts index d788b77ebe0..080c312b856 100644 --- a/extensions/discord/src/resolve-users.test.ts +++ b/extensions/discord/src/resolve-users.test.ts @@ -1,5 +1,5 @@ import { describe, expect, it } from "vitest"; -import { withFetchPreconnect } from "../../../src/test-utils/fetch-mock.js"; +import { withFetchPreconnect } from "../../../test/helpers/extensions/fetch-mock.js"; import { resolveDiscordUserAllowlist } from "./resolve-users.js"; import { jsonResponse, urlToString } from "./test-http-helpers.js"; diff --git a/extensions/discord/src/runtime.ts b/extensions/discord/src/runtime.ts index 2dc10a295fd..4a07abdc1f7 100644 --- a/extensions/discord/src/runtime.ts +++ b/extensions/discord/src/runtime.ts @@ -1,5 +1,5 @@ -import { createPluginRuntimeStore } from "openclaw/plugin-sdk/compat"; import type { PluginRuntime } from "openclaw/plugin-sdk/core"; +import { createPluginRuntimeStore } from "openclaw/plugin-sdk/runtime-store"; const { setRuntime: setDiscordRuntime, getRuntime: getDiscordRuntime } = createPluginRuntimeStore("Discord runtime not initialized"); diff --git a/extensions/discord/src/send.components.ts b/extensions/discord/src/send.components.ts index 9212e383ed7..de620fc2250 100644 --- a/extensions/discord/src/send.components.ts +++ b/extensions/discord/src/send.components.ts @@ -5,9 +5,9 @@ import { type RequestClient, } from "@buape/carbon"; import { ChannelType, Routes } from "discord-api-types/v10"; -import { loadConfig, type OpenClawConfig } from "../../../src/config/config.js"; -import { recordChannelActivity } from "../../../src/infra/channel-activity.js"; -import { loadWebMedia } from "../../whatsapp/src/media.js"; +import { loadConfig, type OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { recordChannelActivity } from "openclaw/plugin-sdk/infra-runtime"; +import { loadWebMedia } from "openclaw/plugin-sdk/web-media"; import { resolveDiscordAccount } from "./accounts.js"; import { registerDiscordComponentEntries } from "./components-registry.js"; import { diff --git a/extensions/discord/src/send.emojis-stickers.ts b/extensions/discord/src/send.emojis-stickers.ts index 601b8372e74..a1f005c49fb 100644 --- a/extensions/discord/src/send.emojis-stickers.ts +++ b/extensions/discord/src/send.emojis-stickers.ts @@ -1,5 +1,5 @@ import { Routes } from "discord-api-types/v10"; -import { loadWebMediaRaw } from "../../whatsapp/src/media.js"; +import { loadWebMediaRaw } from "openclaw/plugin-sdk/web-media"; import { normalizeEmojiName, resolveDiscordRest } from "./send.shared.js"; import type { DiscordEmojiUpload, DiscordReactOpts, DiscordStickerUpload } from "./send.types.js"; import { DISCORD_MAX_EMOJI_BYTES, DISCORD_MAX_STICKER_BYTES } from "./send.types.js"; diff --git a/extensions/discord/src/send.outbound.ts b/extensions/discord/src/send.outbound.ts index 8f7b743e0d0..e0a674d557e 100644 --- a/extensions/discord/src/send.outbound.ts +++ b/extensions/discord/src/send.outbound.ts @@ -3,18 +3,18 @@ import fs from "node:fs/promises"; import path from "node:path"; import { serializePayload, type MessagePayloadObject, type RequestClient } from "@buape/carbon"; import { ChannelType, Routes } from "discord-api-types/v10"; -import { resolveChunkMode } from "../../../src/auto-reply/chunk.js"; -import { loadConfig, type OpenClawConfig } from "../../../src/config/config.js"; -import { resolveMarkdownTableMode } from "../../../src/config/markdown-tables.js"; -import { recordChannelActivity } from "../../../src/infra/channel-activity.js"; -import type { RetryConfig } from "../../../src/infra/retry.js"; -import { resolvePreferredOpenClawTmpDir } from "../../../src/infra/tmp-openclaw-dir.js"; -import { convertMarkdownTables } from "../../../src/markdown/tables.js"; -import { maxBytesForKind } from "../../../src/media/constants.js"; -import { extensionForMime } from "../../../src/media/mime.js"; -import { unlinkIfExists } from "../../../src/media/temp-files.js"; -import type { PollInput } from "../../../src/polls.js"; -import { loadWebMediaRaw } from "../../whatsapp/src/media.js"; +import { loadConfig, type OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { resolveMarkdownTableMode } from "openclaw/plugin-sdk/config-runtime"; +import { recordChannelActivity } from "openclaw/plugin-sdk/infra-runtime"; +import type { RetryConfig } from "openclaw/plugin-sdk/infra-runtime"; +import { resolvePreferredOpenClawTmpDir } from "openclaw/plugin-sdk/infra-runtime"; +import { maxBytesForKind } from "openclaw/plugin-sdk/media-runtime"; +import { extensionForMime } from "openclaw/plugin-sdk/media-runtime"; +import { unlinkIfExists } from "openclaw/plugin-sdk/media-runtime"; +import type { PollInput } from "openclaw/plugin-sdk/media-runtime"; +import { resolveChunkMode } from "openclaw/plugin-sdk/reply-runtime"; +import { convertMarkdownTables } from "openclaw/plugin-sdk/text-runtime"; +import { loadWebMediaRaw } from "openclaw/plugin-sdk/web-media"; import { resolveDiscordAccount } from "./accounts.js"; import { rewriteDiscordKnownMentions } from "./mentions.js"; import { diff --git a/extensions/discord/src/send.reactions.ts b/extensions/discord/src/send.reactions.ts index 26353a7acb5..be48c85771d 100644 --- a/extensions/discord/src/send.reactions.ts +++ b/extensions/discord/src/send.reactions.ts @@ -1,5 +1,5 @@ import { Routes } from "discord-api-types/v10"; -import { loadConfig } from "../../../src/config/config.js"; +import { loadConfig } from "openclaw/plugin-sdk/config-runtime"; import { buildReactionIdentifier, createDiscordClient, diff --git a/extensions/discord/src/send.shared.ts b/extensions/discord/src/send.shared.ts index f1a7fd4c28e..d3b248a3c6f 100644 --- a/extensions/discord/src/send.shared.ts +++ b/extensions/discord/src/send.shared.ts @@ -9,16 +9,16 @@ import { import { PollLayoutType } from "discord-api-types/payloads/v10"; import type { RESTAPIPoll } from "discord-api-types/rest/v10"; import { Routes, type APIChannel, type APIEmbed } from "discord-api-types/v10"; -import type { ChunkMode } from "../../../src/auto-reply/chunk.js"; -import { loadConfig, type OpenClawConfig } from "../../../src/config/config.js"; -import type { RetryRunner } from "../../../src/infra/retry-policy.js"; -import { buildOutboundMediaLoadOptions } from "../../../src/media/load-options.js"; +import { loadConfig, type OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import type { RetryRunner } from "openclaw/plugin-sdk/infra-runtime"; +import { buildOutboundMediaLoadOptions } from "openclaw/plugin-sdk/media-runtime"; import { normalizePollDurationHours, normalizePollInput, type PollInput, -} from "../../../src/polls.js"; -import { loadWebMedia } from "../../whatsapp/src/media.js"; +} from "openclaw/plugin-sdk/media-runtime"; +import type { ChunkMode } from "openclaw/plugin-sdk/reply-runtime"; +import { loadWebMedia } from "openclaw/plugin-sdk/web-media"; import { resolveDiscordAccount } from "./accounts.js"; import { chunkDiscordTextWithMode } from "./chunk.js"; import { createDiscordClient, resolveDiscordRest } from "./client.js"; diff --git a/extensions/discord/src/send.test-harness.ts b/extensions/discord/src/send.test-harness.ts index f3c5ae36842..c0069f99770 100644 --- a/extensions/discord/src/send.test-harness.ts +++ b/extensions/discord/src/send.test-harness.ts @@ -1,5 +1,5 @@ +import type { MockFn } from "openclaw/plugin-sdk/testing"; import { vi } from "vitest"; -import type { MockFn } from "../../../src/test-utils/vitest-mock-fn.js"; type DiscordWebMediaMockFactoryResult = { loadWebMedia: MockFn; diff --git a/extensions/discord/src/send.types.ts b/extensions/discord/src/send.types.ts index 189c9434d1e..781cb84a435 100644 --- a/extensions/discord/src/send.types.ts +++ b/extensions/discord/src/send.types.ts @@ -1,6 +1,6 @@ import type { RequestClient } from "@buape/carbon"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import type { RetryConfig } from "../../../src/infra/retry.js"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import type { RetryConfig } from "openclaw/plugin-sdk/infra-runtime"; export class DiscordSendError extends Error { kind?: "missing-permissions" | "dm-blocked"; diff --git a/extensions/discord/src/session-key-normalization.ts b/extensions/discord/src/session-key-normalization.ts index 7e47fe012dd..06164d6aba5 100644 --- a/extensions/discord/src/session-key-normalization.ts +++ b/extensions/discord/src/session-key-normalization.ts @@ -1,5 +1,5 @@ -import type { MsgContext } from "../../../src/auto-reply/templating.js"; -import { normalizeChatType } from "../../../src/channels/chat-type.js"; +import { normalizeChatType } from "openclaw/plugin-sdk/channel-runtime"; +import type { MsgContext } from "openclaw/plugin-sdk/reply-runtime"; export function normalizeExplicitDiscordSessionKey( sessionKey: string, diff --git a/extensions/discord/src/setup-core.ts b/extensions/discord/src/setup-core.ts index 3c9ab69059b..a05a9af65b1 100644 --- a/extensions/discord/src/setup-core.ts +++ b/extensions/discord/src/setup-core.ts @@ -1,22 +1,22 @@ +import type { DiscordGuildEntry } from "openclaw/plugin-sdk/config-runtime"; import { - applyAccountNameToChannelSection, - migrateBaseNameToDefaultAccount, -} from "../../../src/channels/plugins/setup-helpers.js"; -import { + DEFAULT_ACCOUNT_ID, + createEnvPatchedAccountSetupAdapter, noteChannelLookupFailure, noteChannelLookupSummary, parseMentionOrPrefixedId, patchChannelConfigForAccount, setLegacyChannelDmPolicyWithAllowFrom, setSetupChannelEnabled, -} from "../../../src/channels/plugins/setup-wizard-helpers.js"; -import type { ChannelSetupDmPolicy } from "../../../src/channels/plugins/setup-wizard-types.js"; -import type { ChannelSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import type { ChannelSetupAdapter } from "../../../src/channels/plugins/types.adapters.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import type { DiscordGuildEntry } from "../../../src/config/types.discord.js"; -import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js"; -import { formatDocsLink } from "../../../src/terminal/links.js"; + type OpenClawConfig, +} from "openclaw/plugin-sdk/setup"; +import { + createAllowlistSetupWizardProxy, + type ChannelSetupAdapter, + type ChannelSetupDmPolicy, + type ChannelSetupWizard, +} from "openclaw/plugin-sdk/setup"; +import { formatDocsLink } from "openclaw/plugin-sdk/setup-tools"; import { inspectDiscordAccount } from "./account-inspect.js"; import { listDiscordAccountIds, resolveDiscordAccount } from "./accounts.js"; @@ -71,75 +71,23 @@ export function parseDiscordAllowFromId(value: string): string | null { }); } -export const discordSetupAdapter: ChannelSetupAdapter = { - resolveAccountId: ({ accountId }) => normalizeAccountId(accountId), - applyAccountName: ({ cfg, accountId, name }) => - applyAccountNameToChannelSection({ - cfg, - channelKey: channel, - accountId, - name, - }), - validateInput: ({ accountId, input }) => { - if (input.useEnv && accountId !== DEFAULT_ACCOUNT_ID) { - return "DISCORD_BOT_TOKEN can only be used for the default account."; - } - if (!input.useEnv && !input.token) { - return "Discord requires token (or --use-env)."; - } - return null; - }, - applyAccountConfig: ({ cfg, accountId, input }) => { - const namedConfig = applyAccountNameToChannelSection({ - cfg, - channelKey: channel, - accountId, - name: input.name, - }); - const next = - accountId !== DEFAULT_ACCOUNT_ID - ? migrateBaseNameToDefaultAccount({ - cfg: namedConfig, - channelKey: channel, - }) - : namedConfig; - if (accountId === DEFAULT_ACCOUNT_ID) { - return { - ...next, - channels: { - ...next.channels, - discord: { - ...next.channels?.discord, - enabled: true, - ...(input.useEnv ? {} : input.token ? { token: input.token } : {}), - }, - }, - }; - } - return { - ...next, - channels: { - ...next.channels, - discord: { - ...next.channels?.discord, - enabled: true, - accounts: { - ...next.channels?.discord?.accounts, - [accountId]: { - ...next.channels?.discord?.accounts?.[accountId], - enabled: true, - ...(input.token ? { token: input.token } : {}), - }, - }, - }, - }, - }; - }, -}; +export const discordSetupAdapter: ChannelSetupAdapter = createEnvPatchedAccountSetupAdapter({ + channelKey: channel, + defaultAccountOnlyEnvError: "DISCORD_BOT_TOKEN can only be used for the default account.", + missingCredentialError: "Discord requires token (or --use-env).", + hasCredentials: (input) => Boolean(input.token), + buildPatch: (input) => (input.token ? { token: input.token } : {}), +}); -export function createDiscordSetupWizardProxy( - loadWizard: () => Promise<{ discordSetupWizard: ChannelSetupWizard }>, -) { +export function createDiscordSetupWizardBase(handlers: { + promptAllowFrom: NonNullable; + resolveAllowFromEntries: NonNullable< + NonNullable["resolveEntries"] + >; + resolveGroupAllowlist: NonNullable< + NonNullable["resolveAllowlist"]> + >; +}) { const discordDmPolicy: ChannelSetupDmPolicy = { label: "Discord", channel, @@ -153,13 +101,7 @@ export function createDiscordSetupWizardProxy( channel, dmPolicy: policy, }), - promptAllowFrom: async ({ cfg, prompter, accountId }) => { - const wizard = (await loadWizard()).discordSetupWizard; - if (!wizard.dmPolicy?.promptAllowFrom) { - return cfg; - } - return await wizard.dmPolicy.promptAllowFrom({ cfg, prompter, accountId }); - }, + promptAllowFrom: handlers.promptAllowFrom, }; return { @@ -250,12 +192,8 @@ export function createDiscordSetupWizardProxy( entries: string[]; prompter: { note: (message: string, title?: string) => Promise }; }) => { - const wizard = (await loadWizard()).discordSetupWizard; - if (!wizard.groupAccess?.resolveAllowlist) { - return entries.map((input) => ({ input, resolved: false })); - } try { - return await wizard.groupAccess.resolveAllowlist({ + return await handlers.resolveGroupAllowlist({ cfg, accountId, credentialValues, @@ -314,18 +252,7 @@ export function createDiscordSetupWizardProxy( accountId: string; credentialValues: { token?: string }; entries: string[]; - }) => { - const wizard = (await loadWizard()).discordSetupWizard; - if (!wizard.allowFrom) { - return entries.map((input) => ({ input, resolved: false, id: null })); - } - return await wizard.allowFrom.resolveEntries({ - cfg, - accountId, - credentialValues, - entries, - }); - }, + }) => await handlers.resolveAllowFromEntries({ cfg, accountId, credentialValues, entries }), apply: async ({ cfg, accountId, @@ -346,3 +273,13 @@ export function createDiscordSetupWizardProxy( disable: (cfg: OpenClawConfig) => setSetupChannelEnabled(cfg, channel, false), } satisfies ChannelSetupWizard; } +export function createDiscordSetupWizardProxy( + loadWizard: () => Promise<{ discordSetupWizard: ChannelSetupWizard }>, +) { + return createAllowlistSetupWizardProxy({ + loadWizard: async () => (await loadWizard()).discordSetupWizard, + createBase: createDiscordSetupWizardBase, + fallbackResolvedGroupAllowlist: (entries) => + entries.map((input) => ({ input, resolved: false })), + }); +} diff --git a/extensions/discord/src/setup-surface.ts b/extensions/discord/src/setup-surface.ts index ce7c6e789e4..d27c7862c99 100644 --- a/extensions/discord/src/setup-surface.ts +++ b/extensions/discord/src/setup-surface.ts @@ -1,25 +1,12 @@ import { - noteChannelLookupFailure, - noteChannelLookupSummary, - parseMentionOrPrefixedId, - patchChannelConfigForAccount, + type OpenClawConfig, promptLegacyChannelAllowFrom, resolveSetupAccountId, - setLegacyChannelDmPolicyWithAllowFrom, - setSetupChannelEnabled, -} from "../../../src/channels/plugins/setup-wizard-helpers.js"; -import type { ChannelSetupDmPolicy } from "../../../src/channels/plugins/setup-wizard-types.js"; -import type { ChannelSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { DEFAULT_ACCOUNT_ID } from "../../../src/routing/session-key.js"; -import { formatDocsLink } from "../../../src/terminal/links.js"; -import type { WizardPrompter } from "../../../src/wizard/prompts.js"; -import { inspectDiscordAccount } from "./account-inspect.js"; -import { - listDiscordAccountIds, - resolveDefaultDiscordAccountId, - resolveDiscordAccount, -} from "./accounts.js"; + type WizardPrompter, +} from "openclaw/plugin-sdk/setup"; +import { type ChannelSetupWizard } from "openclaw/plugin-sdk/setup"; +import { formatDocsLink } from "openclaw/plugin-sdk/setup-tools"; +import { resolveDefaultDiscordAccountId, resolveDiscordAccount } from "./accounts.js"; import { normalizeDiscordSlug } from "./monitor/allow-list.js"; import { resolveDiscordChannelAllowlist, @@ -27,7 +14,7 @@ import { } from "./resolve-channels.js"; import { resolveDiscordUserAllowlist } from "./resolve-users.js"; import { - discordSetupAdapter, + createDiscordSetupWizardBase, DISCORD_TOKEN_HELP_LINES, parseDiscordAllowFromId, setDiscordGuildChannelAllowlist, @@ -92,186 +79,41 @@ async function promptDiscordAllowFrom(params: { }); } -const discordDmPolicy: ChannelSetupDmPolicy = { - label: "Discord", - channel, - policyKey: "channels.discord.dmPolicy", - allowFromKey: "channels.discord.allowFrom", - getCurrent: (cfg) => - cfg.channels?.discord?.dmPolicy ?? cfg.channels?.discord?.dm?.policy ?? "pairing", - setPolicy: (cfg, policy) => - setLegacyChannelDmPolicyWithAllowFrom({ - cfg, - channel, - dmPolicy: policy, - }), - promptAllowFrom: promptDiscordAllowFrom, -}; +async function resolveDiscordGroupAllowlist(params: { + cfg: OpenClawConfig; + accountId: string; + credentialValues: { token?: string }; + entries: string[]; +}) { + const token = + resolveDiscordAccount({ cfg: params.cfg, accountId: params.accountId }).token || + (typeof params.credentialValues.token === "string" ? params.credentialValues.token : ""); + if (!token || params.entries.length === 0) { + return params.entries.map((input) => ({ + input, + resolved: false, + })); + } + return await resolveDiscordChannelAllowlist({ + token, + entries: params.entries, + }); +} -export const discordSetupWizard: ChannelSetupWizard = { - channel, - status: { - configuredLabel: "configured", - unconfiguredLabel: "needs token", - configuredHint: "configured", - unconfiguredHint: "needs token", - configuredScore: 2, - unconfiguredScore: 1, - resolveConfigured: ({ cfg }) => - listDiscordAccountIds(cfg).some( - (accountId) => inspectDiscordAccount({ cfg, accountId }).configured, - ), - }, - credentials: [ - { - inputKey: "token", - providerHint: channel, - credentialLabel: "Discord bot token", - preferredEnvVar: "DISCORD_BOT_TOKEN", - helpTitle: "Discord bot token", - helpLines: DISCORD_TOKEN_HELP_LINES, - envPrompt: "DISCORD_BOT_TOKEN detected. Use env var?", - keepPrompt: "Discord token already configured. Keep it?", - inputPrompt: "Enter Discord bot token", - allowEnv: ({ accountId }) => accountId === DEFAULT_ACCOUNT_ID, - inspect: ({ cfg, accountId }) => { - const account = inspectDiscordAccount({ cfg, accountId }); - return { - accountConfigured: account.configured, - hasConfiguredValue: account.tokenStatus !== "missing", - resolvedValue: account.token?.trim() || undefined, - envValue: - accountId === DEFAULT_ACCOUNT_ID - ? process.env.DISCORD_BOT_TOKEN?.trim() || undefined - : undefined, - }; - }, - }, - ], - groupAccess: { - label: "Discord channels", - placeholder: "My Server/#general, guildId/channelId, #support", - currentPolicy: ({ cfg, accountId }) => - resolveDiscordAccount({ cfg, accountId }).config.groupPolicy ?? "allowlist", - currentEntries: ({ cfg, accountId }) => - Object.entries(resolveDiscordAccount({ cfg, accountId }).config.guilds ?? {}).flatMap( - ([guildKey, value]) => { - const channels = value?.channels ?? {}; - const channelKeys = Object.keys(channels); - if (channelKeys.length === 0) { - const input = /^\d+$/.test(guildKey) ? `guild:${guildKey}` : guildKey; - return [input]; - } - return channelKeys.map((channelKey) => `${guildKey}/${channelKey}`); - }, - ), - updatePrompt: ({ cfg, accountId }) => - Boolean(resolveDiscordAccount({ cfg, accountId }).config.guilds), - setPolicy: ({ cfg, accountId, policy }) => - patchChannelConfigForAccount({ - cfg, - channel, - accountId, - patch: { groupPolicy: policy }, - }), - resolveAllowlist: async ({ cfg, accountId, credentialValues, entries, prompter }) => { - const token = +export const discordSetupWizard: ChannelSetupWizard = createDiscordSetupWizardBase({ + promptAllowFrom: promptDiscordAllowFrom, + resolveAllowFromEntries: async ({ cfg, accountId, credentialValues, entries }) => + await resolveDiscordAllowFromEntries({ + token: resolveDiscordAccount({ cfg, accountId }).token || - (typeof credentialValues.token === "string" ? credentialValues.token : ""); - let resolved: DiscordChannelResolution[] = entries.map((input) => ({ - input, - resolved: false, - })); - if (!token || entries.length === 0) { - return resolved; - } - try { - resolved = await resolveDiscordChannelAllowlist({ - token, - entries, - }); - const resolvedChannels = resolved.filter((entry) => entry.resolved && entry.channelId); - const resolvedGuilds = resolved.filter( - (entry) => entry.resolved && entry.guildId && !entry.channelId, - ); - const unresolved = resolved.filter((entry) => !entry.resolved).map((entry) => entry.input); - await noteChannelLookupSummary({ - prompter, - label: "Discord channels", - resolvedSections: [ - { - title: "Resolved channels", - values: resolvedChannels - .map((entry) => entry.channelId) - .filter((value): value is string => Boolean(value)), - }, - { - title: "Resolved guilds", - values: resolvedGuilds - .map((entry) => entry.guildId) - .filter((value): value is string => Boolean(value)), - }, - ], - unresolved, - }); - } catch (error) { - await noteChannelLookupFailure({ - prompter, - label: "Discord channels", - error, - }); - } - return resolved; - }, - applyAllowlist: ({ cfg, accountId, resolved }) => { - const allowlistEntries: Array<{ guildKey: string; channelKey?: string }> = []; - for (const entry of resolved as DiscordChannelResolution[]) { - const guildKey = - entry.guildId ?? - (entry.guildName ? normalizeDiscordSlug(entry.guildName) : undefined) ?? - "*"; - const channelKey = - entry.channelId ?? - (entry.channelName ? normalizeDiscordSlug(entry.channelName) : undefined); - if (!channelKey && guildKey === "*") { - continue; - } - allowlistEntries.push({ guildKey, ...(channelKey ? { channelKey } : {}) }); - } - return setDiscordGuildChannelAllowlist(cfg, accountId, allowlistEntries); - }, - }, - allowFrom: { - credentialInputKey: "token", - helpTitle: "Discord allowlist", - helpLines: [ - "Allowlist Discord DMs by username (we resolve to user ids).", - "Examples:", - "- 123456789012345678", - "- @alice", - "- alice#1234", - "Multiple entries: comma-separated.", - `Docs: ${formatDocsLink("/discord", "discord")}`, - ], - message: "Discord allowFrom (usernames or ids)", - placeholder: "@alice, 123456789012345678", - invalidWithoutCredentialNote: "Bot token missing; use numeric user ids (or mention form) only.", - parseId: parseDiscordAllowFromId, - resolveEntries: async ({ cfg, accountId, credentialValues, entries }) => - await resolveDiscordAllowFromEntries({ - token: - resolveDiscordAccount({ cfg, accountId }).token || - (typeof credentialValues.token === "string" ? credentialValues.token : ""), - entries, - }), - apply: async ({ cfg, accountId, allowFrom }) => - patchChannelConfigForAccount({ - cfg, - channel, - accountId, - patch: { dmPolicy: "allowlist", allowFrom }, - }), - }, - dmPolicy: discordDmPolicy, - disable: (cfg) => setSetupChannelEnabled(cfg, channel, false), -}; + (typeof credentialValues.token === "string" ? credentialValues.token : ""), + entries, + }), + resolveGroupAllowlist: async ({ cfg, accountId, credentialValues, entries }) => + await resolveDiscordGroupAllowlist({ + cfg, + accountId, + credentialValues, + entries, + }), +}); diff --git a/extensions/discord/src/shared-interactive.ts b/extensions/discord/src/shared-interactive.ts index d99f964f5c9..bb8bf1dac70 100644 --- a/extensions/discord/src/shared-interactive.ts +++ b/extensions/discord/src/shared-interactive.ts @@ -1,5 +1,5 @@ -import { reduceInteractiveReply } from "../../../src/channels/plugins/outbound/interactive.js"; -import type { InteractiveButtonStyle, InteractiveReply } from "../../../src/interactive/payload.js"; +import { reduceInteractiveReply } from "openclaw/plugin-sdk/channel-runtime"; +import type { InteractiveButtonStyle, InteractiveReply } from "openclaw/plugin-sdk/channel-runtime"; import type { DiscordComponentButtonStyle, DiscordComponentMessageSpec } from "./components.js"; function resolveDiscordInteractiveButtonStyle( diff --git a/extensions/discord/src/shared.ts b/extensions/discord/src/shared.ts new file mode 100644 index 00000000000..7558b27394a --- /dev/null +++ b/extensions/discord/src/shared.ts @@ -0,0 +1,94 @@ +import { formatAllowFromLowercase } from "openclaw/plugin-sdk/allow-from"; +import { + createScopedAccountConfigAccessors, + createScopedChannelConfigBase, +} from "openclaw/plugin-sdk/channel-config-helpers"; +import { + buildChannelConfigSchema, + DiscordConfigSchema, + getChatChannelMeta, + type ChannelPlugin, +} from "openclaw/plugin-sdk/discord-core"; +import { inspectDiscordAccount } from "./account-inspect.js"; +import { + listDiscordAccountIds, + resolveDefaultDiscordAccountId, + resolveDiscordAccount, + type ResolvedDiscordAccount, +} from "./accounts.js"; +import { createDiscordSetupWizardProxy } from "./setup-core.js"; + +export const DISCORD_CHANNEL = "discord" as const; + +async function loadDiscordChannelRuntime() { + return await import("./channel.runtime.js"); +} + +export const discordSetupWizard = createDiscordSetupWizardProxy(async () => ({ + discordSetupWizard: (await loadDiscordChannelRuntime()).discordSetupWizard, +})); + +export const discordConfigAccessors = createScopedAccountConfigAccessors({ + resolveAccount: ({ cfg, accountId }) => resolveDiscordAccount({ cfg, accountId }), + resolveAllowFrom: (account: ResolvedDiscordAccount) => account.config.dm?.allowFrom, + formatAllowFrom: (allowFrom) => formatAllowFromLowercase({ allowFrom }), + resolveDefaultTo: (account: ResolvedDiscordAccount) => account.config.defaultTo, +}); + +export const discordConfigBase = createScopedChannelConfigBase({ + sectionKey: DISCORD_CHANNEL, + listAccountIds: listDiscordAccountIds, + resolveAccount: (cfg, accountId) => resolveDiscordAccount({ cfg, accountId }), + inspectAccount: (cfg, accountId) => inspectDiscordAccount({ cfg, accountId }), + defaultAccountId: resolveDefaultDiscordAccountId, + clearBaseFields: ["token", "name"], +}); + +export function createDiscordPluginBase(params: { + setup: NonNullable["setup"]>; +}): Pick< + ChannelPlugin, + | "id" + | "meta" + | "setupWizard" + | "capabilities" + | "streaming" + | "reload" + | "configSchema" + | "config" + | "setup" +> { + return { + id: DISCORD_CHANNEL, + meta: { + ...getChatChannelMeta(DISCORD_CHANNEL), + }, + setupWizard: discordSetupWizard, + capabilities: { + chatTypes: ["direct", "channel", "thread"], + polls: true, + reactions: true, + threads: true, + media: true, + nativeCommands: true, + }, + streaming: { + blockStreamingCoalesceDefaults: { minChars: 1500, idleMs: 1000 }, + }, + reload: { configPrefixes: ["channels.discord"] }, + configSchema: buildChannelConfigSchema(DiscordConfigSchema), + config: { + ...discordConfigBase, + isConfigured: (account) => Boolean(account.token?.trim()), + describeAccount: (account) => ({ + accountId: account.accountId, + name: account.name, + enabled: account.enabled, + configured: Boolean(account.token?.trim()), + tokenSource: account.tokenSource, + }), + ...discordConfigAccessors, + }, + setup: params.setup, + }; +} diff --git a/extensions/discord/src/status-issues.ts b/extensions/discord/src/status-issues.ts index baf2551c0f8..4fa26fd011b 100644 --- a/extensions/discord/src/status-issues.ts +++ b/extensions/discord/src/status-issues.ts @@ -3,11 +3,11 @@ import { asString, isRecord, resolveEnabledConfiguredAccountId, -} from "../../../src/channels/plugins/status-issues/shared.js"; +} from "openclaw/plugin-sdk/channel-runtime"; import type { ChannelAccountSnapshot, ChannelStatusIssue, -} from "../../../src/channels/plugins/types.js"; +} from "openclaw/plugin-sdk/channel-runtime"; type DiscordIntentSummary = { messageContent?: "enabled" | "limited" | "disabled"; diff --git a/extensions/discord/src/subagent-hooks.test.ts b/extensions/discord/src/subagent-hooks.test.ts index 9ba082144e6..a05db63043a 100644 --- a/extensions/discord/src/subagent-hooks.test.ts +++ b/extensions/discord/src/subagent-hooks.test.ts @@ -1,5 +1,9 @@ import type { OpenClawPluginApi } from "openclaw/plugin-sdk/discord"; import { beforeEach, describe, expect, it, vi } from "vitest"; +import { + getRequiredHookHandler, + registerHookHandlersForTest, +} from "../../../test/helpers/extensions/subagent-hooks.js"; import { registerDiscordSubagentHooks } from "./subagent-hooks.js"; type ThreadBindingRecord = { @@ -55,26 +59,10 @@ function registerHandlersForTest( }, }, ) { - const handlers = new Map unknown>(); - const api = { + return registerHookHandlersForTest({ config, - on: (hookName: string, handler: (event: unknown, ctx: unknown) => unknown) => { - handlers.set(hookName, handler); - }, - } as unknown as OpenClawPluginApi; - registerDiscordSubagentHooks(api); - return handlers; -} - -function getRequiredHandler( - handlers: Map unknown>, - hookName: string, -): (event: unknown, ctx: unknown) => unknown { - const handler = handlers.get(hookName); - if (!handler) { - throw new Error(`expected ${hookName} hook handler`); - } - return handler; + register: registerDiscordSubagentHooks, + }); } function resolveSubagentDeliveryTargetForTest(requesterOrigin: { @@ -84,7 +72,7 @@ function resolveSubagentDeliveryTargetForTest(requesterOrigin: { threadId?: string; }) { const handlers = registerHandlersForTest(); - const handler = getRequiredHandler(handlers, "subagent_delivery_target"); + const handler = getRequiredHookHandler(handlers, "subagent_delivery_target"); return handler( { childSessionKey: "agent:main:subagent:child", @@ -158,7 +146,7 @@ async function runSubagentSpawning( event = createSpawnEventWithoutThread(), ) { const handlers = registerHandlersForTest(config); - const handler = getRequiredHandler(handlers, "subagent_spawning"); + const handler = getRequiredHookHandler(handlers, "subagent_spawning"); return await handler(event, {}); } @@ -202,7 +190,7 @@ describe("discord subagent hook handlers", () => { it("binds thread routing on subagent_spawning", async () => { const handlers = registerHandlersForTest(); - const handler = getRequiredHandler(handlers, "subagent_spawning"); + const handler = getRequiredHookHandler(handlers, "subagent_spawning"); const result = await handler(createSpawnEvent(), {}); @@ -320,7 +308,7 @@ describe("discord subagent hook handlers", () => { it("unbinds thread routing on subagent_ended", () => { const handlers = registerHandlersForTest(); - const handler = getRequiredHandler(handlers, "subagent_ended"); + const handler = getRequiredHookHandler(handlers, "subagent_ended"); handler( { diff --git a/extensions/discord/src/targets.ts b/extensions/discord/src/targets.ts index 198660dceff..3660f75921e 100644 --- a/extensions/discord/src/targets.ts +++ b/extensions/discord/src/targets.ts @@ -1,4 +1,4 @@ -import type { DirectoryConfigParams } from "../../../src/channels/plugins/directory-config.js"; +import type { DirectoryConfigParams } from "openclaw/plugin-sdk/channel-runtime"; import { buildMessagingTarget, parseMentionPrefixOrAtUserTarget, @@ -6,7 +6,7 @@ import { type MessagingTarget, type MessagingTargetKind, type MessagingTargetParseOptions, -} from "../../../src/channels/targets.js"; +} from "openclaw/plugin-sdk/channel-runtime"; import { rememberDiscordDirectoryUser } from "./directory-cache.js"; import { listDiscordDirectoryPeersLive } from "./directory-live.js"; diff --git a/extensions/discord/src/token.ts b/extensions/discord/src/token.ts index 8f942c6920f..2a979ca4b3b 100644 --- a/extensions/discord/src/token.ts +++ b/extensions/discord/src/token.ts @@ -1,7 +1,7 @@ -import type { BaseTokenResolution } from "../../../src/channels/plugins/types.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { normalizeResolvedSecretInputString } from "../../../src/config/types.secrets.js"; -import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js"; +import type { BaseTokenResolution } from "openclaw/plugin-sdk/channel-runtime"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { normalizeResolvedSecretInputString } from "openclaw/plugin-sdk/config-runtime"; +import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "openclaw/plugin-sdk/routing"; export type DiscordTokenSource = "env" | "config" | "none"; diff --git a/extensions/discord/src/ui.ts b/extensions/discord/src/ui.ts index ed4cc9d4fa6..50f818f1471 100644 --- a/extensions/discord/src/ui.ts +++ b/extensions/discord/src/ui.ts @@ -1,5 +1,5 @@ import { Container } from "@buape/carbon"; -import type { OpenClawConfig } from "../../../src/config/config.js"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; import { inspectDiscordAccount } from "./account-inspect.js"; const DEFAULT_DISCORD_ACCENT_COLOR = "#5865F2"; diff --git a/extensions/discord/src/voice-message.ts b/extensions/discord/src/voice-message.ts index 6f77ebc7bd9..ea014f5f59e 100644 --- a/extensions/discord/src/voice-message.ts +++ b/extensions/discord/src/voice-message.ts @@ -14,15 +14,15 @@ import crypto from "node:crypto"; import fs from "node:fs/promises"; import path from "node:path"; import { RateLimitError, type RequestClient } from "@buape/carbon"; -import type { RetryRunner } from "../../../src/infra/retry-policy.js"; -import { resolvePreferredOpenClawTmpDir } from "../../../src/infra/tmp-openclaw-dir.js"; +import type { RetryRunner } from "openclaw/plugin-sdk/infra-runtime"; +import { resolvePreferredOpenClawTmpDir } from "openclaw/plugin-sdk/infra-runtime"; import { parseFfprobeCodecAndSampleRate, runFfmpeg, runFfprobe, -} from "../../../src/media/ffmpeg-exec.js"; -import { MEDIA_FFMPEG_MAX_AUDIO_DURATION_SECS } from "../../../src/media/ffmpeg-limits.js"; -import { unlinkIfExists } from "../../../src/media/temp-files.js"; +} from "openclaw/plugin-sdk/media-runtime"; +import { MEDIA_FFMPEG_MAX_AUDIO_DURATION_SECS } from "openclaw/plugin-sdk/media-runtime"; +import { unlinkIfExists } from "openclaw/plugin-sdk/media-runtime"; const DISCORD_VOICE_MESSAGE_FLAG = 1 << 13; const SUPPRESS_NOTIFICATIONS_FLAG = 1 << 12; diff --git a/extensions/discord/src/voice/command.ts b/extensions/discord/src/voice/command.ts index 26ef7b9bbe5..3ed7aa2ccdb 100644 --- a/extensions/discord/src/voice/command.ts +++ b/extensions/discord/src/voice/command.ts @@ -10,10 +10,10 @@ import { ChannelType as DiscordChannelType, type APIApplicationCommandChannelOption, } from "discord-api-types/v10"; -import { resolveCommandAuthorizedFromAuthorizers } from "../../../../src/channels/command-gating.js"; -import type { OpenClawConfig } from "../../../../src/config/config.js"; -import { isDangerousNameMatchingEnabled } from "../../../../src/config/dangerous-name-matching.js"; -import type { DiscordAccountConfig } from "../../../../src/config/types.js"; +import { resolveCommandAuthorizedFromAuthorizers } from "openclaw/plugin-sdk/channel-runtime"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { isDangerousNameMatchingEnabled } from "openclaw/plugin-sdk/config-runtime"; +import type { DiscordAccountConfig } from "openclaw/plugin-sdk/config-runtime"; import { formatMention } from "../mentions.js"; import { isDiscordGroupAllowedByPolicy, diff --git a/extensions/discord/src/voice/manager.e2e.test.ts b/extensions/discord/src/voice/manager.e2e.test.ts index 17d21ff7414..0889e351bf5 100644 --- a/extensions/discord/src/voice/manager.e2e.test.ts +++ b/extensions/discord/src/voice/manager.e2e.test.ts @@ -8,10 +8,7 @@ const { createAudioPlayerMock, resolveAgentRouteMock, agentCommandMock, - buildProviderRegistryMock, - createMediaAttachmentCacheMock, - normalizeMediaAttachmentsMock, - runCapabilityMock, + transcribeAudioFileMock, } = vi.hoisted(() => { type EventHandler = (...args: unknown[]) => unknown; type MockConnection = { @@ -68,14 +65,7 @@ const { })), resolveAgentRouteMock: vi.fn(() => ({ agentId: "agent-1", sessionKey: "discord:g1:c1" })), agentCommandMock: vi.fn(async (_opts?: unknown, _runtime?: unknown) => ({ payloads: [] })), - buildProviderRegistryMock: vi.fn(() => ({})), - createMediaAttachmentCacheMock: vi.fn(() => ({ - cleanup: vi.fn(async () => undefined), - })), - normalizeMediaAttachmentsMock: vi.fn(() => [{ kind: "audio", path: "/tmp/test.wav" }]), - runCapabilityMock: vi.fn(async () => ({ - outputs: [{ kind: "audio.transcription", text: "hello from voice" }], - })), + transcribeAudioFileMock: vi.fn(async () => ({ text: "hello from voice" })), }; }); @@ -95,19 +85,20 @@ vi.mock("@discordjs/voice", () => ({ joinVoiceChannel: joinVoiceChannelMock, })); -vi.mock("../../../../src/routing/resolve-route.js", () => ({ +vi.mock("openclaw/plugin-sdk/routing", () => ({ resolveAgentRoute: resolveAgentRouteMock, })); -vi.mock("../../../../src/commands/agent.js", () => ({ - agentCommandFromIngress: agentCommandMock, -})); +vi.mock("openclaw/plugin-sdk/agent-runtime", async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + agentCommandFromIngress: agentCommandMock, + }; +}); -vi.mock("../../../../src/media-understanding/runner.js", () => ({ - buildProviderRegistry: buildProviderRegistryMock, - createMediaAttachmentCache: createMediaAttachmentCacheMock, - normalizeMediaAttachments: normalizeMediaAttachmentsMock, - runCapability: runCapabilityMock, +vi.mock("openclaw/plugin-sdk/media-understanding-runtime", () => ({ + transcribeAudioFile: transcribeAudioFileMock, })); let managerModule: typeof import("./manager.js"); @@ -149,15 +140,8 @@ describe("DiscordVoiceManager", () => { resolveAgentRouteMock.mockClear(); agentCommandMock.mockReset(); agentCommandMock.mockResolvedValue({ payloads: [] }); - buildProviderRegistryMock.mockReset(); - buildProviderRegistryMock.mockReturnValue({}); - createMediaAttachmentCacheMock.mockClear(); - normalizeMediaAttachmentsMock.mockReset(); - normalizeMediaAttachmentsMock.mockReturnValue([{ kind: "audio", path: "/tmp/test.wav" }]); - runCapabilityMock.mockReset(); - runCapabilityMock.mockResolvedValue({ - outputs: [{ kind: "audio.transcription", text: "hello from voice" }], - }); + transcribeAudioFileMock.mockReset(); + transcribeAudioFileMock.mockResolvedValue({ text: "hello from voice" }); }); const createManager = ( diff --git a/extensions/discord/src/voice/manager.runtime.ts b/extensions/discord/src/voice/manager.runtime.ts index 77574b166e5..1619d63a27c 100644 --- a/extensions/discord/src/voice/manager.runtime.ts +++ b/extensions/discord/src/voice/manager.runtime.ts @@ -1 +1,8 @@ -export { DiscordVoiceManager, DiscordVoiceReadyListener } from "./manager.js"; +import { + DiscordVoiceManager as DiscordVoiceManagerImpl, + DiscordVoiceReadyListener as DiscordVoiceReadyListenerImpl, +} from "./manager.js"; + +export class DiscordVoiceManager extends DiscordVoiceManagerImpl {} + +export class DiscordVoiceReadyListener extends DiscordVoiceReadyListenerImpl {} diff --git a/extensions/discord/src/voice/manager.ts b/extensions/discord/src/voice/manager.ts index 90c6c3bb1e6..e7d3b099fe4 100644 --- a/extensions/discord/src/voice/manager.ts +++ b/extensions/discord/src/voice/manager.ts @@ -16,26 +16,21 @@ import { type AudioPlayer, type VoiceConnection, } from "@discordjs/voice"; -import { resolveAgentDir } from "../../../../src/agents/agent-scope.js"; -import type { MsgContext } from "../../../../src/auto-reply/templating.js"; -import { agentCommandFromIngress } from "../../../../src/commands/agent.js"; -import type { OpenClawConfig } from "../../../../src/config/config.js"; -import { isDangerousNameMatchingEnabled } from "../../../../src/config/dangerous-name-matching.js"; -import type { DiscordAccountConfig, TtsConfig } from "../../../../src/config/types.js"; -import { logVerbose, shouldLogVerbose } from "../../../../src/globals.js"; -import { formatErrorMessage } from "../../../../src/infra/errors.js"; -import { resolvePreferredOpenClawTmpDir } from "../../../../src/infra/tmp-openclaw-dir.js"; -import { createSubsystemLogger } from "../../../../src/logging/subsystem.js"; -import { - buildProviderRegistry, - createMediaAttachmentCache, - normalizeMediaAttachments, - runCapability, -} from "../../../../src/media-understanding/runner.js"; -import { resolveAgentRoute } from "../../../../src/routing/resolve-route.js"; -import type { RuntimeEnv } from "../../../../src/runtime.js"; -import { parseTtsDirectives } from "../../../../src/tts/tts-core.js"; -import { resolveTtsConfig, textToSpeech, type ResolvedTtsConfig } from "../../../../src/tts/tts.js"; +import { resolveAgentDir } from "openclaw/plugin-sdk/agent-runtime"; +import { agentCommandFromIngress } from "openclaw/plugin-sdk/agent-runtime"; +import { resolveTtsConfig, type ResolvedTtsConfig } from "openclaw/plugin-sdk/agent-runtime"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { isDangerousNameMatchingEnabled } from "openclaw/plugin-sdk/config-runtime"; +import type { DiscordAccountConfig, TtsConfig } from "openclaw/plugin-sdk/config-runtime"; +import { formatErrorMessage } from "openclaw/plugin-sdk/infra-runtime"; +import { resolvePreferredOpenClawTmpDir } from "openclaw/plugin-sdk/infra-runtime"; +import { transcribeAudioFile } from "openclaw/plugin-sdk/media-understanding-runtime"; +import { resolveAgentRoute } from "openclaw/plugin-sdk/routing"; +import { logVerbose, shouldLogVerbose } from "openclaw/plugin-sdk/runtime-env"; +import { createSubsystemLogger } from "openclaw/plugin-sdk/runtime-env"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; +import { parseTtsDirectives } from "openclaw/plugin-sdk/speech"; +import { textToSpeech } from "openclaw/plugin-sdk/speech-runtime"; import { formatMention } from "../mentions.js"; import { resolveDiscordOwnerAccess } from "../monitor/allow-list.js"; import { formatDiscordUserTag } from "../monitor/format.js"; @@ -236,33 +231,13 @@ async function transcribeAudio(params: { agentId: string; filePath: string; }): Promise { - const ctx: MsgContext = { - MediaPath: params.filePath, - MediaType: "audio/wav", - }; - const attachments = normalizeMediaAttachments(ctx); - if (attachments.length === 0) { - return undefined; - } - const cache = createMediaAttachmentCache(attachments); - const providerRegistry = buildProviderRegistry(); - try { - const result = await runCapability({ - capability: "audio", - cfg: params.cfg, - ctx, - attachments: cache, - media: attachments, - agentDir: resolveAgentDir(params.cfg, params.agentId), - providerRegistry, - config: params.cfg.tools?.media?.audio, - }); - const output = result.outputs.find((entry) => entry.kind === "audio.transcription"); - const text = output?.text?.trim(); - return text || undefined; - } finally { - await cache.cleanup(); - } + const result = await transcribeAudioFile({ + filePath: params.filePath, + cfg: params.cfg, + agentDir: resolveAgentDir(params.cfg, params.agentId), + mime: "audio/wav", + }); + return result.text?.trim() || undefined; } export class DiscordVoiceManager { @@ -648,6 +623,7 @@ export class DiscordVoiceManager { agentId: entry.route.agentId, messageChannel: "discord", senderIsOwner: speaker.senderIsOwner, + allowModelOverride: false, deliver: false, }, this.params.runtime, diff --git a/extensions/elevenlabs/index.ts b/extensions/elevenlabs/index.ts new file mode 100644 index 00000000000..4d32eb4c532 --- /dev/null +++ b/extensions/elevenlabs/index.ts @@ -0,0 +1,11 @@ +import { definePluginEntry } from "openclaw/plugin-sdk/core"; +import { buildElevenLabsSpeechProvider } from "openclaw/plugin-sdk/speech"; + +export default definePluginEntry({ + id: "elevenlabs", + name: "ElevenLabs Speech", + description: "Bundled ElevenLabs speech provider", + register(api) { + api.registerSpeechProvider(buildElevenLabsSpeechProvider()); + }, +}); diff --git a/extensions/elevenlabs/openclaw.plugin.json b/extensions/elevenlabs/openclaw.plugin.json new file mode 100644 index 00000000000..3015fa282a2 --- /dev/null +++ b/extensions/elevenlabs/openclaw.plugin.json @@ -0,0 +1,8 @@ +{ + "id": "elevenlabs", + "configSchema": { + "type": "object", + "additionalProperties": false, + "properties": {} + } +} diff --git a/extensions/elevenlabs/package.json b/extensions/elevenlabs/package.json new file mode 100644 index 00000000000..d4b5d32f16c --- /dev/null +++ b/extensions/elevenlabs/package.json @@ -0,0 +1,12 @@ +{ + "name": "@openclaw/elevenlabs-speech", + "version": "2026.3.14", + "private": true, + "description": "OpenClaw ElevenLabs speech plugin", + "type": "module", + "openclaw": { + "extensions": [ + "./index.ts" + ] + } +} diff --git a/extensions/feishu/api.ts b/extensions/feishu/api.ts new file mode 100644 index 00000000000..df5c00a43e3 --- /dev/null +++ b/extensions/feishu/api.ts @@ -0,0 +1,4 @@ +export * from "./src/conversation-id.js"; +export * from "./src/setup-core.js"; +export * from "./src/setup-surface.js"; +export * from "./src/thread-bindings.js"; diff --git a/extensions/feishu/index.ts b/extensions/feishu/index.ts index ba7ac26922b..837ffa28671 100644 --- a/extensions/feishu/index.ts +++ b/extensions/feishu/index.ts @@ -1,5 +1,4 @@ -import type { OpenClawPluginApi } from "openclaw/plugin-sdk/feishu"; -import { emptyPluginConfigSchema } from "openclaw/plugin-sdk/feishu"; +import { defineChannelPluginEntry } from "openclaw/plugin-sdk/core"; import { registerFeishuBitableTools } from "./src/bitable.js"; import { feishuPlugin } from "./src/channel.js"; import { registerFeishuChatTools } from "./src/chat.js"; @@ -10,6 +9,8 @@ import { setFeishuRuntime } from "./src/runtime.js"; import { registerFeishuSubagentHooks } from "./src/subagent-hooks.js"; import { registerFeishuWikiTools } from "./src/wiki.js"; +export { feishuPlugin } from "./src/channel.js"; +export { setFeishuRuntime } from "./src/runtime.js"; export { monitorFeishuProvider } from "./src/monitor.js"; export { sendMessageFeishu, @@ -46,17 +47,13 @@ export { } from "./src/mention.js"; export { feishuPlugin } from "./src/channel.js"; -const plugin = { +export default defineChannelPluginEntry({ id: "feishu", name: "Feishu", description: "Feishu/Lark channel plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { - setFeishuRuntime(api.runtime); - api.registerChannel({ plugin: feishuPlugin }); - if (api.registrationMode !== "full") { - return; - } + plugin: feishuPlugin, + setRuntime: setFeishuRuntime, + registerFull(api) { registerFeishuSubagentHooks(api); registerFeishuDocTools(api); registerFeishuChatTools(api); @@ -65,6 +62,4 @@ const plugin = { registerFeishuPermTools(api); registerFeishuBitableTools(api); }, -}; - -export default plugin; +}); diff --git a/extensions/feishu/setup-entry.ts b/extensions/feishu/setup-entry.ts index 3e4df4faee8..1f16bde8bdd 100644 --- a/extensions/feishu/setup-entry.ts +++ b/extensions/feishu/setup-entry.ts @@ -1,5 +1,4 @@ +import { defineSetupPluginEntry } from "openclaw/plugin-sdk/core"; import { feishuPlugin } from "./src/channel.js"; -export default { - plugin: feishuPlugin, -}; +export default defineSetupPluginEntry(feishuPlugin); diff --git a/extensions/feishu/src/bot.card-action.test.ts b/extensions/feishu/src/bot.card-action.test.ts index 2df1ce361a1..0dd3cf8730c 100644 --- a/extensions/feishu/src/bot.card-action.test.ts +++ b/extensions/feishu/src/bot.card-action.test.ts @@ -35,6 +35,54 @@ describe("Feishu Card Action Handler", () => { const cfg = {} as any; // Minimal mock const runtime = { log: vi.fn(), error: vi.fn() } as any; + function createCardActionEvent(params: { + token: string; + actionValue: Record; + chatId?: string; + openId?: string; + userId?: string; + unionId?: string; + }): FeishuCardActionEvent { + const openId = params.openId ?? "u123"; + const userId = params.userId ?? "uid1"; + return { + operator: { open_id: openId, user_id: userId, union_id: params.unionId ?? "un1" }, + token: params.token, + action: { + value: params.actionValue, + tag: "button", + }, + context: { open_id: openId, user_id: userId, chat_id: params.chatId ?? "chat1" }, + }; + } + + function createStructuredQuickActionEvent(params: { + token: string; + action: string; + command?: string; + chatId?: string; + chatType?: "group" | "p2p"; + operatorOpenId?: string; + actionOpenId?: string; + }): FeishuCardActionEvent { + return createCardActionEvent({ + token: params.token, + chatId: params.chatId, + openId: params.operatorOpenId, + actionValue: createFeishuCardInteractionEnvelope({ + k: "quick", + a: params.action, + ...(params.command ? { q: params.command } : {}), + c: { + u: params.actionOpenId ?? params.operatorOpenId ?? "u123", + h: params.chatId ?? "chat1", + t: params.chatType ?? "group", + e: Date.now() + 60_000, + }, + }), + }); + } + beforeEach(() => { vi.clearAllMocks(); resetProcessedFeishuCardActionTokensForTests(); @@ -85,20 +133,11 @@ describe("Feishu Card Action Handler", () => { }); it("routes quick command actions with operator and conversation context", async () => { - const event: FeishuCardActionEvent = { - operator: { open_id: "u123", user_id: "uid1", union_id: "un1" }, + const event = createStructuredQuickActionEvent({ token: "tok3", - action: { - value: createFeishuCardInteractionEnvelope({ - k: "quick", - a: "feishu.quick_actions.help", - q: "/help", - c: { u: "u123", h: "chat1", t: "group", e: Date.now() + 60_000 }, - }), - tag: "button", - }, - context: { open_id: "u123", user_id: "uid1", chat_id: "chat1" }, - }; + action: "feishu.quick_actions.help", + command: "/help", + }); await handleFeishuCardAction({ cfg, event, runtime }); @@ -182,20 +221,11 @@ describe("Feishu Card Action Handler", () => { }); it("runs approval confirmation through the normal message path", async () => { - const event: FeishuCardActionEvent = { - operator: { open_id: "u123", user_id: "uid1", union_id: "un1" }, + const event = createStructuredQuickActionEvent({ token: "tok5", - action: { - value: createFeishuCardInteractionEnvelope({ - k: "quick", - a: FEISHU_APPROVAL_CONFIRM_ACTION, - q: "/new", - c: { u: "u123", h: "chat1", t: "group", e: Date.now() + 60_000 }, - }), - tag: "button", - }, - context: { open_id: "u123", user_id: "uid1", chat_id: "chat1" }, - }; + action: FEISHU_APPROVAL_CONFIRM_ACTION, + command: "/new", + }); await handleFeishuCardAction({ cfg, event, runtime }); @@ -211,20 +241,15 @@ describe("Feishu Card Action Handler", () => { }); it("safely rejects stale structured actions", async () => { - const event: FeishuCardActionEvent = { - operator: { open_id: "u123", user_id: "uid1", union_id: "un1" }, + const event = createCardActionEvent({ token: "tok6", - action: { - value: createFeishuCardInteractionEnvelope({ - k: "quick", - a: "feishu.quick_actions.help", - q: "/help", - c: { u: "u123", h: "chat1", t: "group", e: Date.now() - 1 }, - }), - tag: "button", - }, - context: { open_id: "u123", user_id: "uid1", chat_id: "chat1" }, - }; + actionValue: createFeishuCardInteractionEnvelope({ + k: "quick", + a: "feishu.quick_actions.help", + q: "/help", + c: { u: "u123", h: "chat1", t: "group", e: Date.now() - 1 }, + }), + }); await handleFeishuCardAction({ cfg, event, runtime }); @@ -238,20 +263,13 @@ describe("Feishu Card Action Handler", () => { }); it("safely rejects wrong-user structured actions", async () => { - const event: FeishuCardActionEvent = { - operator: { open_id: "u999", user_id: "uid1", union_id: "un1" }, + const event = createStructuredQuickActionEvent({ token: "tok7", - action: { - value: createFeishuCardInteractionEnvelope({ - k: "quick", - a: "feishu.quick_actions.help", - q: "/help", - c: { u: "u123", h: "chat1", t: "group", e: Date.now() + 60_000 }, - }), - tag: "button", - }, - context: { open_id: "u999", user_id: "uid1", chat_id: "chat1" }, - }; + action: "feishu.quick_actions.help", + command: "/help", + operatorOpenId: "u999", + actionOpenId: "u123", + }); await handleFeishuCardAction({ cfg, event, runtime }); @@ -289,20 +307,13 @@ describe("Feishu Card Action Handler", () => { }); it("preserves p2p callbacks for DM quick actions", async () => { - const event: FeishuCardActionEvent = { - operator: { open_id: "u123", user_id: "uid1", union_id: "un1" }, + const event = createStructuredQuickActionEvent({ token: "tok9", - action: { - value: createFeishuCardInteractionEnvelope({ - k: "quick", - a: "feishu.quick_actions.help", - q: "/help", - c: { u: "u123", h: "p2p-chat-1", t: "p2p", e: Date.now() + 60_000 }, - }), - tag: "button", - }, - context: { open_id: "u123", user_id: "uid1", chat_id: "p2p-chat-1" }, - }; + action: "feishu.quick_actions.help", + command: "/help", + chatId: "p2p-chat-1", + chatType: "p2p", + }); await handleFeishuCardAction({ cfg, event, runtime }); @@ -319,20 +330,11 @@ describe("Feishu Card Action Handler", () => { }); it("drops duplicate structured callback tokens", async () => { - const event: FeishuCardActionEvent = { - operator: { open_id: "u123", user_id: "uid1", union_id: "un1" }, + const event = createStructuredQuickActionEvent({ token: "tok10", - action: { - value: createFeishuCardInteractionEnvelope({ - k: "quick", - a: "feishu.quick_actions.help", - q: "/help", - c: { u: "u123", h: "chat1", t: "group", e: Date.now() + 60_000 }, - }), - tag: "button", - }, - context: { open_id: "u123", user_id: "uid1", chat_id: "chat1" }, - }; + action: "feishu.quick_actions.help", + command: "/help", + }); await handleFeishuCardAction({ cfg, event, runtime }); await handleFeishuCardAction({ cfg, event, runtime }); @@ -341,20 +343,11 @@ describe("Feishu Card Action Handler", () => { }); it("releases a claimed token when dispatch fails so retries can succeed", async () => { - const event: FeishuCardActionEvent = { - operator: { open_id: "u123", user_id: "uid1", union_id: "un1" }, + const event = createStructuredQuickActionEvent({ token: "tok11", - action: { - value: createFeishuCardInteractionEnvelope({ - k: "quick", - a: "feishu.quick_actions.help", - q: "/help", - c: { u: "u123", h: "chat1", t: "group", e: Date.now() + 60_000 }, - }), - tag: "button", - }, - context: { open_id: "u123", user_id: "uid1", chat_id: "chat1" }, - }; + action: "feishu.quick_actions.help", + command: "/help", + }); vi.mocked(handleFeishuMessage) .mockRejectedValueOnce(new Error("transient")) .mockResolvedValueOnce(undefined as never); diff --git a/extensions/feishu/src/bot.test.ts b/extensions/feishu/src/bot.test.ts index df787b0106a..0995632e3a1 100644 --- a/extensions/feishu/src/bot.test.ts +++ b/extensions/feishu/src/bot.test.ts @@ -1,6 +1,6 @@ import type { ClawdbotConfig, PluginRuntime, RuntimeEnv } from "openclaw/plugin-sdk/feishu"; import { beforeEach, describe, expect, it, vi } from "vitest"; -import { createPluginRuntimeMock } from "../../test-utils/plugin-runtime-mock.js"; +import { createPluginRuntimeMock } from "../../../test/helpers/extensions/plugin-runtime-mock.js"; import type { FeishuMessageEvent } from "./bot.js"; import { buildBroadcastSessionKey, @@ -21,8 +21,8 @@ const { mockResolveAgentRoute, mockReadSessionUpdatedAt, mockResolveStorePath, - mockResolveConfiguredAcpRoute, - mockEnsureConfiguredAcpRouteReady, + mockResolveConfiguredBindingRoute, + mockEnsureConfiguredBindingRouteReady, mockResolveBoundConversation, mockTouchBinding, } = vi.hoisted(() => ({ @@ -50,11 +50,12 @@ const { })), mockReadSessionUpdatedAt: vi.fn(), mockResolveStorePath: vi.fn(() => "/tmp/feishu-sessions.json"), - mockResolveConfiguredAcpRoute: vi.fn(({ route }) => ({ + mockResolveConfiguredBindingRoute: vi.fn(({ route }) => ({ + bindingResolution: null, configuredBinding: null, route, })), - mockEnsureConfiguredAcpRouteReady: vi.fn(async (_params?: unknown) => ({ ok: true })), + mockEnsureConfiguredBindingRouteReady: vi.fn(async (_params?: unknown) => ({ ok: true })), mockResolveBoundConversation: vi.fn(() => null), mockTouchBinding: vi.fn(), })); @@ -77,10 +78,19 @@ vi.mock("./client.js", () => ({ createFeishuClient: mockCreateFeishuClient, })); -vi.mock("../../../src/acp/persistent-bindings.route.js", () => ({ - resolveConfiguredAcpRoute: (params: unknown) => mockResolveConfiguredAcpRoute(params), - ensureConfiguredAcpRouteReady: (params: unknown) => mockEnsureConfiguredAcpRouteReady(params), -})); +vi.mock("openclaw/plugin-sdk/conversation-runtime", async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + resolveConfiguredBindingRoute: (params: unknown) => mockResolveConfiguredBindingRoute(params), + ensureConfiguredBindingRouteReady: (params: unknown) => + mockEnsureConfiguredBindingRouteReady(params), + getSessionBindingService: () => ({ + resolveByConversation: mockResolveBoundConversation, + touch: mockTouchBinding, + }), + }; +}); vi.mock("../../../src/infra/outbound/session-binding-service.js", () => ({ getSessionBindingService: () => ({ @@ -136,14 +146,15 @@ describe("buildFeishuAgentBody", () => { describe("handleFeishuMessage ACP routing", () => { beforeEach(() => { vi.clearAllMocks(); - mockResolveConfiguredAcpRoute.mockReset().mockImplementation( + mockResolveConfiguredBindingRoute.mockReset().mockImplementation( ({ route }) => ({ + bindingResolution: null, configuredBinding: null, route, }) as any, ); - mockEnsureConfiguredAcpRouteReady.mockReset().mockResolvedValue({ ok: true }); + mockEnsureConfiguredBindingRouteReady.mockReset().mockResolvedValue({ ok: true }); mockResolveBoundConversation.mockReset().mockReturnValue(null); mockTouchBinding.mockReset(); mockResolveAgentRoute.mockReset().mockReturnValue({ @@ -216,7 +227,37 @@ describe("handleFeishuMessage ACP routing", () => { }); it("ensures configured ACP routes for Feishu DMs", async () => { - mockResolveConfiguredAcpRoute.mockReturnValue({ + mockResolveConfiguredBindingRoute.mockReturnValue({ + bindingResolution: { + configuredBinding: { + spec: { + channel: "feishu", + accountId: "default", + conversationId: "ou_sender_1", + agentId: "codex", + mode: "persistent", + }, + record: { + bindingId: "config:acp:feishu:default:ou_sender_1", + targetSessionKey: "agent:codex:acp:binding:feishu:default:abc123", + targetKind: "session", + conversation: { + channel: "feishu", + accountId: "default", + conversationId: "ou_sender_1", + }, + status: "active", + boundAt: 0, + metadata: { source: "config" }, + }, + }, + statefulTarget: { + kind: "stateful", + driverId: "acp", + sessionKey: "agent:codex:acp:binding:feishu:default:abc123", + agentId: "codex", + }, + }, configuredBinding: { spec: { channel: "feishu", @@ -266,12 +307,42 @@ describe("handleFeishuMessage ACP routing", () => { }, }); - expect(mockResolveConfiguredAcpRoute).toHaveBeenCalledTimes(1); - expect(mockEnsureConfiguredAcpRouteReady).toHaveBeenCalledTimes(1); + expect(mockResolveConfiguredBindingRoute).toHaveBeenCalledTimes(1); + expect(mockEnsureConfiguredBindingRouteReady).toHaveBeenCalledTimes(1); }); it("surfaces configured ACP initialization failures to the Feishu conversation", async () => { - mockResolveConfiguredAcpRoute.mockReturnValue({ + mockResolveConfiguredBindingRoute.mockReturnValue({ + bindingResolution: { + configuredBinding: { + spec: { + channel: "feishu", + accountId: "default", + conversationId: "ou_sender_1", + agentId: "codex", + mode: "persistent", + }, + record: { + bindingId: "config:acp:feishu:default:ou_sender_1", + targetSessionKey: "agent:codex:acp:binding:feishu:default:abc123", + targetKind: "session", + conversation: { + channel: "feishu", + accountId: "default", + conversationId: "ou_sender_1", + }, + status: "active", + boundAt: 0, + metadata: { source: "config" }, + }, + }, + statefulTarget: { + kind: "stateful", + driverId: "acp", + sessionKey: "agent:codex:acp:binding:feishu:default:abc123", + agentId: "codex", + }, + }, configuredBinding: { spec: { channel: "feishu", @@ -303,7 +374,7 @@ describe("handleFeishuMessage ACP routing", () => { matchedBy: "binding.channel", }, } as any); - mockEnsureConfiguredAcpRouteReady.mockResolvedValue({ + mockEnsureConfiguredBindingRouteReady.mockResolvedValue({ ok: false, error: "runtime unavailable", } as any); @@ -431,14 +502,15 @@ describe("handleFeishuMessage command authorization", () => { mockListFeishuThreadMessages.mockReset().mockResolvedValue([]); mockReadSessionUpdatedAt.mockReturnValue(undefined); mockResolveStorePath.mockReturnValue("/tmp/feishu-sessions.json"); - mockResolveConfiguredAcpRoute.mockReset().mockImplementation( + mockResolveConfiguredBindingRoute.mockReset().mockImplementation( ({ route }) => ({ + bindingResolution: null, configuredBinding: null, route, }) as any, ); - mockEnsureConfiguredAcpRouteReady.mockReset().mockResolvedValue({ ok: true }); + mockEnsureConfiguredBindingRouteReady.mockReset().mockResolvedValue({ ok: true }); mockResolveBoundConversation.mockReset().mockReturnValue(null); mockTouchBinding.mockReset(); mockResolveAgentRoute.mockReturnValue({ diff --git a/extensions/feishu/src/bot.ts b/extensions/feishu/src/bot.ts index 728bb9a8ffc..bc47d6d934f 100644 --- a/extensions/feishu/src/bot.ts +++ b/extensions/feishu/src/bot.ts @@ -1,3 +1,8 @@ +import { + ensureConfiguredBindingRouteReady, + resolveConfiguredBindingRoute, +} from "openclaw/plugin-sdk/conversation-runtime"; +import { getSessionBindingService } from "openclaw/plugin-sdk/conversation-runtime"; import type { ClawdbotConfig, RuntimeEnv } from "openclaw/plugin-sdk/feishu"; import { buildAgentMediaPayload, @@ -14,13 +19,8 @@ import { resolveDefaultGroupPolicy, warnMissingProviderGroupPolicyFallbackOnce, } from "openclaw/plugin-sdk/feishu"; -import { - ensureConfiguredAcpRouteReady, - resolveConfiguredAcpRoute, -} from "../../../src/acp/persistent-bindings.route.js"; -import { getSessionBindingService } from "../../../src/infra/outbound/session-binding-service.js"; -import { deriveLastRoutePolicy } from "../../../src/routing/resolve-route.js"; -import { resolveAgentIdFromSessionKey } from "../../../src/routing/session-key.js"; +import { deriveLastRoutePolicy } from "openclaw/plugin-sdk/routing"; +import { resolveAgentIdFromSessionKey } from "openclaw/plugin-sdk/routing"; import { resolveFeishuAccount } from "./accounts.js"; import { createFeishuClient } from "./client.js"; import { buildFeishuConversationId } from "./conversation-id.js"; @@ -1251,15 +1251,17 @@ export async function handleFeishuMessage(params: { const parentConversationId = isGroup ? (parentPeer?.id ?? ctx.chatId) : undefined; let configuredBinding = null; if (feishuAcpConversationSupported) { - const configuredRoute = resolveConfiguredAcpRoute({ + const configuredRoute = resolveConfiguredBindingRoute({ cfg: effectiveCfg, route, - channel: "feishu", - accountId: account.accountId, - conversationId: currentConversationId, - parentConversationId, + conversation: { + channel: "feishu", + accountId: account.accountId, + conversationId: currentConversationId, + parentConversationId, + }, }); - configuredBinding = configuredRoute.configuredBinding; + configuredBinding = configuredRoute.bindingResolution; route = configuredRoute.route; // Bound Feishu conversations intentionally require an exact live conversation-id match. @@ -1292,9 +1294,9 @@ export async function handleFeishuMessage(params: { } if (configuredBinding) { - const ensured = await ensureConfiguredAcpRouteReady({ + const ensured = await ensureConfiguredBindingRouteReady({ cfg: effectiveCfg, - configuredBinding, + bindingResolution: configuredBinding, }); if (!ensured.ok) { const replyTargetMessageId = diff --git a/extensions/feishu/src/channel.runtime.ts b/extensions/feishu/src/channel.runtime.ts index 0e4d9fc7583..ef13b721a4e 100644 --- a/extensions/feishu/src/channel.runtime.ts +++ b/extensions/feishu/src/channel.runtime.ts @@ -1,7 +1,47 @@ -export { listFeishuDirectoryGroupsLive, listFeishuDirectoryPeersLive } from "./directory.js"; -export { feishuOutbound } from "./outbound.js"; -export { createPinFeishu, listPinsFeishu, removePinFeishu } from "./pins.js"; -export { probeFeishu } from "./probe.js"; -export { addReactionFeishu, listReactionsFeishu, removeReactionFeishu } from "./reactions.js"; -export { getChatInfo, getChatMembers, getFeishuMemberInfo } from "./chat.js"; -export { editMessageFeishu, getMessageFeishu, sendCardFeishu, sendMessageFeishu } from "./send.js"; +import { + getChatInfo as getChatInfoImpl, + getChatMembers as getChatMembersImpl, + getFeishuMemberInfo as getFeishuMemberInfoImpl, +} from "./chat.js"; +import { + listFeishuDirectoryGroupsLive as listFeishuDirectoryGroupsLiveImpl, + listFeishuDirectoryPeersLive as listFeishuDirectoryPeersLiveImpl, +} from "./directory.js"; +import { feishuOutbound as feishuOutboundImpl } from "./outbound.js"; +import { + createPinFeishu as createPinFeishuImpl, + listPinsFeishu as listPinsFeishuImpl, + removePinFeishu as removePinFeishuImpl, +} from "./pins.js"; +import { probeFeishu as probeFeishuImpl } from "./probe.js"; +import { + addReactionFeishu as addReactionFeishuImpl, + listReactionsFeishu as listReactionsFeishuImpl, + removeReactionFeishu as removeReactionFeishuImpl, +} from "./reactions.js"; +import { + editMessageFeishu as editMessageFeishuImpl, + getMessageFeishu as getMessageFeishuImpl, + sendCardFeishu as sendCardFeishuImpl, + sendMessageFeishu as sendMessageFeishuImpl, +} from "./send.js"; + +export const feishuChannelRuntime = { + listFeishuDirectoryGroupsLive: listFeishuDirectoryGroupsLiveImpl, + listFeishuDirectoryPeersLive: listFeishuDirectoryPeersLiveImpl, + feishuOutbound: { ...feishuOutboundImpl }, + createPinFeishu: createPinFeishuImpl, + listPinsFeishu: listPinsFeishuImpl, + removePinFeishu: removePinFeishuImpl, + probeFeishu: probeFeishuImpl, + addReactionFeishu: addReactionFeishuImpl, + listReactionsFeishu: listReactionsFeishuImpl, + removeReactionFeishu: removeReactionFeishuImpl, + getChatInfo: getChatInfoImpl, + getChatMembers: getChatMembersImpl, + getFeishuMemberInfo: getFeishuMemberInfoImpl, + editMessageFeishu: editMessageFeishuImpl, + getMessageFeishu: getMessageFeishuImpl, + sendCardFeishu: sendCardFeishuImpl, + sendMessageFeishu: sendMessageFeishuImpl, +}; diff --git a/extensions/feishu/src/channel.test.ts b/extensions/feishu/src/channel.test.ts index 826ca1c26fb..7c4ae5d877a 100644 --- a/extensions/feishu/src/channel.test.ts +++ b/extensions/feishu/src/channel.test.ts @@ -28,22 +28,28 @@ vi.mock("./client.js", () => ({ })); vi.mock("./channel.runtime.js", () => ({ - addReactionFeishu: addReactionFeishuMock, - createPinFeishu: createPinFeishuMock, - editMessageFeishu: editMessageFeishuMock, - getChatInfo: getChatInfoMock, - getChatMembers: getChatMembersMock, - getFeishuMemberInfo: getFeishuMemberInfoMock, - getMessageFeishu: getMessageFeishuMock, - listFeishuDirectoryGroupsLive: listFeishuDirectoryGroupsLiveMock, - listFeishuDirectoryPeersLive: listFeishuDirectoryPeersLiveMock, - listPinsFeishu: listPinsFeishuMock, - listReactionsFeishu: listReactionsFeishuMock, - probeFeishu: probeFeishuMock, - removePinFeishu: removePinFeishuMock, - removeReactionFeishu: removeReactionFeishuMock, - sendCardFeishu: sendCardFeishuMock, - sendMessageFeishu: sendMessageFeishuMock, + feishuChannelRuntime: { + addReactionFeishu: addReactionFeishuMock, + createPinFeishu: createPinFeishuMock, + editMessageFeishu: editMessageFeishuMock, + getChatInfo: getChatInfoMock, + getChatMembers: getChatMembersMock, + getFeishuMemberInfo: getFeishuMemberInfoMock, + getMessageFeishu: getMessageFeishuMock, + listFeishuDirectoryGroupsLive: listFeishuDirectoryGroupsLiveMock, + listFeishuDirectoryPeersLive: listFeishuDirectoryPeersLiveMock, + listPinsFeishu: listPinsFeishuMock, + listReactionsFeishu: listReactionsFeishuMock, + probeFeishu: probeFeishuMock, + removePinFeishu: removePinFeishuMock, + removeReactionFeishu: removeReactionFeishuMock, + sendCardFeishu: sendCardFeishuMock, + sendMessageFeishu: sendMessageFeishuMock, + feishuOutbound: { + sendText: vi.fn(), + sendMedia: vi.fn(), + }, + }, })); import { feishuPlugin } from "./channel.js"; diff --git a/extensions/feishu/src/channel.ts b/extensions/feishu/src/channel.ts index 5d47c55e16b..6111eeabffa 100644 --- a/extensions/feishu/src/channel.ts +++ b/extensions/feishu/src/channel.ts @@ -1,8 +1,6 @@ -import { - collectAllowlistProviderRestrictSendersWarnings, - formatAllowFromLowercase, - mapAllowFromEntries, -} from "openclaw/plugin-sdk/compat"; +import { formatAllowFromLowercase } from "openclaw/plugin-sdk/allow-from"; +import { mapAllowFromEntries } from "openclaw/plugin-sdk/channel-config-helpers"; +import { collectAllowlistProviderRestrictSendersWarnings } from "openclaw/plugin-sdk/channel-policy"; import type { ChannelMeta, ChannelPlugin, ClawdbotConfig } from "openclaw/plugin-sdk/feishu"; import { buildChannelConfigSchema, @@ -14,6 +12,7 @@ import { PAIRING_APPROVED_MESSAGE, } from "openclaw/plugin-sdk/feishu"; import type { ChannelMessageActionName } from "openclaw/plugin-sdk/feishu"; +import { createLazyRuntimeNamedExport } from "openclaw/plugin-sdk/lazy-runtime"; import { resolveFeishuAccount, resolveFeishuCredentials, @@ -43,9 +42,10 @@ const meta: ChannelMeta = { order: 70, }; -async function loadFeishuChannelRuntime() { - return await import("./channel.runtime.js"); -} +const loadFeishuChannelRuntime = createLazyRuntimeNamedExport( + () => import("./channel.runtime.js"), + "feishuChannelRuntime", +); function setFeishuNamedAccountEnabled( cfg: ClawdbotConfig, @@ -822,11 +822,15 @@ export const feishuPlugin: ChannelPlugin = { }); }, }, - acpBindings: { - normalizeConfiguredBindingTarget: ({ conversationId }) => + bindings: { + compileConfiguredBinding: ({ conversationId }) => normalizeFeishuAcpConversationId(conversationId), - matchConfiguredBinding: ({ bindingConversationId, conversationId, parentConversationId }) => - matchFeishuAcpConversation({ bindingConversationId, conversationId, parentConversationId }), + matchInboundConversation: ({ compiledBinding, conversationId, parentConversationId }) => + matchFeishuAcpConversation({ + bindingConversationId: compiledBinding.conversationId, + conversationId, + parentConversationId, + }), }, setup: feishuSetupAdapter, setupWizard: feishuSetupWizard, diff --git a/extensions/feishu/src/client.test.ts b/extensions/feishu/src/client.test.ts index ccaf6ea6d0d..fe4e04dc310 100644 --- a/extensions/feishu/src/client.test.ts +++ b/extensions/feishu/src/client.test.ts @@ -1,6 +1,16 @@ import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; import type { FeishuConfig, ResolvedFeishuAccount } from "./types.js"; +type CreateFeishuClient = typeof import("./client.js").createFeishuClient; +type CreateFeishuWSClient = typeof import("./client.js").createFeishuWSClient; +type ClearClientCache = typeof import("./client.js").clearClientCache; +type SetFeishuClientRuntimeForTest = typeof import("./client.js").setFeishuClientRuntimeForTest; + +const clientCtorMock = vi.hoisted(() => + vi.fn(function clientCtor() { + return { connected: true }; + }), +); const wsClientCtorMock = vi.hoisted(() => vi.fn(function wsClientCtor() { return { connected: true }; @@ -11,7 +21,6 @@ const httpsProxyAgentCtorMock = vi.hoisted(() => return { proxyUrl }; }), ); - const mockBaseHttpInstance = vi.hoisted(() => ({ request: vi.fn().mockResolvedValue({}), get: vi.fn().mockResolvedValue({}), @@ -22,34 +31,17 @@ const mockBaseHttpInstance = vi.hoisted(() => ({ head: vi.fn().mockResolvedValue({}), options: vi.fn().mockResolvedValue({}), })); - -vi.mock("@larksuiteoapi/node-sdk", () => ({ - AppType: { SelfBuild: "self" }, - Domain: { Feishu: "https://open.feishu.cn", Lark: "https://open.larksuite.com" }, - LoggerLevel: { info: "info" }, - Client: vi.fn(), - WSClient: wsClientCtorMock, - EventDispatcher: vi.fn(), - defaultHttpInstance: mockBaseHttpInstance, -})); - -vi.mock("https-proxy-agent", () => ({ - HttpsProxyAgent: httpsProxyAgentCtorMock, -})); - -import { Client as LarkClient } from "@larksuiteoapi/node-sdk"; -import { - createFeishuClient, - createFeishuWSClient, - clearClientCache, - FEISHU_HTTP_TIMEOUT_MS, - FEISHU_HTTP_TIMEOUT_MAX_MS, - FEISHU_HTTP_TIMEOUT_ENV_VAR, -} from "./client.js"; - const proxyEnvKeys = ["https_proxy", "HTTPS_PROXY", "http_proxy", "HTTP_PROXY"] as const; type ProxyEnvKey = (typeof proxyEnvKeys)[number]; +let createFeishuClient: CreateFeishuClient; +let createFeishuWSClient: CreateFeishuWSClient; +let clearClientCache: ClearClientCache; +let setFeishuClientRuntimeForTest: SetFeishuClientRuntimeForTest; +let FEISHU_HTTP_TIMEOUT_MS: number; +let FEISHU_HTTP_TIMEOUT_MAX_MS: number; +let FEISHU_HTTP_TIMEOUT_ENV_VAR: string; + let priorProxyEnv: Partial> = {}; let priorFeishuTimeoutEnv: string | undefined; @@ -69,7 +61,31 @@ function firstWsClientOptions(): { agent?: unknown } { return calls[0]?.[0] ?? {}; } -beforeEach(() => { +beforeEach(async () => { + vi.resetModules(); + vi.doMock("@larksuiteoapi/node-sdk", () => ({ + AppType: { SelfBuild: "self" }, + Domain: { Feishu: "https://open.feishu.cn", Lark: "https://open.larksuite.com" }, + LoggerLevel: { info: "info" }, + Client: clientCtorMock, + WSClient: wsClientCtorMock, + EventDispatcher: vi.fn(), + defaultHttpInstance: mockBaseHttpInstance, + })); + vi.doMock("https-proxy-agent", () => ({ + HttpsProxyAgent: httpsProxyAgentCtorMock, + })); + + ({ + createFeishuClient, + createFeishuWSClient, + clearClientCache, + setFeishuClientRuntimeForTest, + FEISHU_HTTP_TIMEOUT_MS, + FEISHU_HTTP_TIMEOUT_MAX_MS, + FEISHU_HTTP_TIMEOUT_ENV_VAR, + } = await import("./client.js")); + priorProxyEnv = {}; priorFeishuTimeoutEnv = process.env[FEISHU_HTTP_TIMEOUT_ENV_VAR]; delete process.env[FEISHU_HTTP_TIMEOUT_ENV_VAR]; @@ -78,6 +94,21 @@ beforeEach(() => { delete process.env[key]; } vi.clearAllMocks(); + setFeishuClientRuntimeForTest({ + sdk: { + AppType: { SelfBuild: "self" } as never, + Domain: { + Feishu: "https://open.feishu.cn", + Lark: "https://open.larksuite.com", + } as never, + LoggerLevel: { info: "info" } as never, + Client: clientCtorMock as never, + WSClient: wsClientCtorMock as never, + EventDispatcher: vi.fn() as never, + defaultHttpInstance: mockBaseHttpInstance as never, + }, + HttpsProxyAgent: httpsProxyAgentCtorMock as never, + }); }); afterEach(() => { @@ -94,6 +125,7 @@ afterEach(() => { } else { process.env[FEISHU_HTTP_TIMEOUT_ENV_VAR] = priorFeishuTimeoutEnv; } + setFeishuClientRuntimeForTest(); }); describe("createFeishuClient HTTP timeout", () => { @@ -102,7 +134,7 @@ describe("createFeishuClient HTTP timeout", () => { }); const getLastClientHttpInstance = () => { - const calls = (LarkClient as unknown as ReturnType).mock.calls; + const calls = clientCtorMock.mock.calls as unknown as Array<[options: unknown]>; const lastCall = calls[calls.length - 1]?.[0] as | { httpInstance?: { get: (...args: unknown[]) => Promise } } | undefined; @@ -122,21 +154,22 @@ describe("createFeishuClient HTTP timeout", () => { it("passes a custom httpInstance with default timeout to Lark.Client", () => { createFeishuClient({ appId: "app_1", appSecret: "secret_1", accountId: "timeout-test" }); // pragma: allowlist secret - const calls = (LarkClient as unknown as ReturnType).mock.calls; - const lastCall = calls[calls.length - 1][0] as { httpInstance?: unknown }; - expect(lastCall.httpInstance).toBeDefined(); + const calls = clientCtorMock.mock.calls as unknown as Array<[options: unknown]>; + const lastCall = calls[calls.length - 1]?.[0] as { httpInstance?: unknown } | undefined; + expect(lastCall?.httpInstance).toBeDefined(); }); it("injects default timeout into HTTP request options", async () => { createFeishuClient({ appId: "app_2", appSecret: "secret_2", accountId: "timeout-inject" }); // pragma: allowlist secret - const calls = (LarkClient as unknown as ReturnType).mock.calls; - const lastCall = calls[calls.length - 1][0] as { - httpInstance: { post: (...args: unknown[]) => Promise }; - }; - const httpInstance = lastCall.httpInstance; + const calls = clientCtorMock.mock.calls as unknown as Array<[options: unknown]>; + const lastCall = calls[calls.length - 1]?.[0] as + | { httpInstance: { post: (...args: unknown[]) => Promise } } + | undefined; + const httpInstance = lastCall?.httpInstance; - await httpInstance.post( + expect(httpInstance).toBeDefined(); + await httpInstance?.post( "https://example.com/api", { data: 1 }, { headers: { "X-Custom": "yes" } }, @@ -152,13 +185,14 @@ describe("createFeishuClient HTTP timeout", () => { it("allows explicit timeout override per-request", async () => { createFeishuClient({ appId: "app_3", appSecret: "secret_3", accountId: "timeout-override" }); // pragma: allowlist secret - const calls = (LarkClient as unknown as ReturnType).mock.calls; - const lastCall = calls[calls.length - 1][0] as { - httpInstance: { get: (...args: unknown[]) => Promise }; - }; - const httpInstance = lastCall.httpInstance; + const calls = clientCtorMock.mock.calls as unknown as Array<[options: unknown]>; + const lastCall = calls[calls.length - 1]?.[0] as + | { httpInstance: { get: (...args: unknown[]) => Promise } } + | undefined; + const httpInstance = lastCall?.httpInstance; - await httpInstance.get("https://example.com/api", { timeout: 5_000 }); + expect(httpInstance).toBeDefined(); + await httpInstance?.get("https://example.com/api", { timeout: 5_000 }); expect(mockBaseHttpInstance.get).toHaveBeenCalledWith( "https://example.com/api", @@ -241,13 +275,14 @@ describe("createFeishuClient HTTP timeout", () => { config: { httpTimeoutMs: 45_000 }, }); - const calls = (LarkClient as unknown as ReturnType).mock.calls; + const calls = clientCtorMock.mock.calls as unknown as Array<[options: unknown]>; expect(calls.length).toBe(2); - const lastCall = calls[calls.length - 1][0] as { - httpInstance: { get: (...args: unknown[]) => Promise }; - }; - await lastCall.httpInstance.get("https://example.com/api"); + const lastCall = calls[calls.length - 1]?.[0] as + | { httpInstance: { get: (...args: unknown[]) => Promise } } + | undefined; + expect(lastCall?.httpInstance).toBeDefined(); + await lastCall?.httpInstance.get("https://example.com/api"); expect(mockBaseHttpInstance.get).toHaveBeenCalledWith( "https://example.com/api", @@ -262,7 +297,7 @@ describe("createFeishuWSClient proxy handling", () => { expect(httpsProxyAgentCtorMock).not.toHaveBeenCalled(); const options = firstWsClientOptions(); - expect(options?.agent).toBeUndefined(); + expect(options.agent).toBeUndefined(); }); it("uses proxy env precedence: https_proxy first, then HTTPS_PROXY, then http_proxy/HTTP_PROXY", () => { diff --git a/extensions/feishu/src/client.ts b/extensions/feishu/src/client.ts index d9fdde7f059..c4498dcffc3 100644 --- a/extensions/feishu/src/client.ts +++ b/extensions/feishu/src/client.ts @@ -2,6 +2,30 @@ import * as Lark from "@larksuiteoapi/node-sdk"; import { HttpsProxyAgent } from "https-proxy-agent"; import type { FeishuConfig, FeishuDomain, ResolvedFeishuAccount } from "./types.js"; +type FeishuClientSdk = Pick< + typeof Lark, + | "AppType" + | "Client" + | "defaultHttpInstance" + | "Domain" + | "EventDispatcher" + | "LoggerLevel" + | "WSClient" +>; + +const defaultFeishuClientSdk: FeishuClientSdk = { + AppType: Lark.AppType, + Client: Lark.Client, + defaultHttpInstance: Lark.defaultHttpInstance, + Domain: Lark.Domain, + EventDispatcher: Lark.EventDispatcher, + LoggerLevel: Lark.LoggerLevel, + WSClient: Lark.WSClient, +}; + +let feishuClientSdk: FeishuClientSdk = defaultFeishuClientSdk; +let httpsProxyAgentCtor: typeof HttpsProxyAgent = HttpsProxyAgent; + /** Default HTTP timeout for Feishu API requests (30 seconds). */ export const FEISHU_HTTP_TIMEOUT_MS = 30_000; export const FEISHU_HTTP_TIMEOUT_MAX_MS = 300_000; @@ -14,7 +38,7 @@ function getWsProxyAgent(): HttpsProxyAgent | undefined { process.env.http_proxy || process.env.HTTP_PROXY; if (!proxyUrl) return undefined; - return new HttpsProxyAgent(proxyUrl); + return new httpsProxyAgentCtor(proxyUrl); } // Multi-account client cache @@ -28,10 +52,10 @@ const clientCache = new Map< function resolveDomain(domain: FeishuDomain | undefined): Lark.Domain | string { if (domain === "lark") { - return Lark.Domain.Lark; + return feishuClientSdk.Domain.Lark; } if (domain === "feishu" || !domain) { - return Lark.Domain.Feishu; + return feishuClientSdk.Domain.Feishu; } return domain.replace(/\/+$/, ""); // Custom URL for private deployment } @@ -42,7 +66,8 @@ function resolveDomain(domain: FeishuDomain | undefined): Lark.Domain | string { * (e.g. when the Feishu API is slow, causing per-chat queue deadlocks). */ function createTimeoutHttpInstance(defaultTimeoutMs: number): Lark.HttpInstance { - const base: Lark.HttpInstance = Lark.defaultHttpInstance as unknown as Lark.HttpInstance; + const base: Lark.HttpInstance = + feishuClientSdk.defaultHttpInstance as unknown as Lark.HttpInstance; function injectTimeout(opts?: Lark.HttpRequestOptions): Lark.HttpRequestOptions { return { timeout: defaultTimeoutMs, ...opts } as Lark.HttpRequestOptions; @@ -129,10 +154,10 @@ export function createFeishuClient(creds: FeishuClientCredentials): Lark.Client } // Create new client with timeout-aware HTTP instance - const client = new Lark.Client({ + const client = new feishuClientSdk.Client({ appId, appSecret, - appType: Lark.AppType.SelfBuild, + appType: feishuClientSdk.AppType.SelfBuild, domain: resolveDomain(domain), httpInstance: createTimeoutHttpInstance(defaultHttpTimeoutMs), }); @@ -158,11 +183,11 @@ export function createFeishuWSClient(account: ResolvedFeishuAccount): Lark.WSCli } const agent = getWsProxyAgent(); - return new Lark.WSClient({ + return new feishuClientSdk.WSClient({ appId, appSecret, domain: resolveDomain(domain), - loggerLevel: Lark.LoggerLevel.info, + loggerLevel: feishuClientSdk.LoggerLevel.info, ...(agent ? { agent } : {}), }); } @@ -171,7 +196,7 @@ export function createFeishuWSClient(account: ResolvedFeishuAccount): Lark.WSCli * Create an event dispatcher for an account. */ export function createEventDispatcher(account: ResolvedFeishuAccount): Lark.EventDispatcher { - return new Lark.EventDispatcher({ + return new feishuClientSdk.EventDispatcher({ encryptKey: account.encryptKey, verificationToken: account.verificationToken, }); @@ -194,3 +219,13 @@ export function clearClientCache(accountId?: string): void { clientCache.clear(); } } + +export function setFeishuClientRuntimeForTest(overrides?: { + sdk?: Partial; + HttpsProxyAgent?: typeof HttpsProxyAgent; +}): void { + feishuClientSdk = overrides?.sdk + ? { ...defaultFeishuClientSdk, ...overrides.sdk } + : defaultFeishuClientSdk; + httpsProxyAgentCtor = overrides?.HttpsProxyAgent ?? HttpsProxyAgent; +} diff --git a/extensions/feishu/src/directory.static.ts b/extensions/feishu/src/directory.static.ts index b79e4e94f77..4adefe2ae0f 100644 --- a/extensions/feishu/src/directory.static.ts +++ b/extensions/feishu/src/directory.static.ts @@ -1,7 +1,7 @@ import { listDirectoryGroupEntriesFromMapKeysAndAllowFrom, listDirectoryUserEntriesFromAllowFromAndMapKeys, -} from "openclaw/plugin-sdk/compat"; +} from "openclaw/plugin-sdk/directory-runtime"; import type { ClawdbotConfig } from "openclaw/plugin-sdk/feishu"; import { resolveFeishuAccount } from "./accounts.js"; import { normalizeFeishuTarget } from "./targets.js"; diff --git a/extensions/feishu/src/media.ts b/extensions/feishu/src/media.ts index b7888b7069e..617bc504756 100644 --- a/extensions/feishu/src/media.ts +++ b/extensions/feishu/src/media.ts @@ -2,7 +2,7 @@ import fs from "fs"; import path from "path"; import { Readable } from "stream"; import { withTempDownloadPath, type ClawdbotConfig } from "openclaw/plugin-sdk/feishu"; -import { mediaKindFromMime } from "../../../src/media/constants.js"; +import { mediaKindFromMime } from "openclaw/plugin-sdk/media-runtime"; import { resolveFeishuAccount } from "./accounts.js"; import { createFeishuClient } from "./client.js"; import { normalizeFeishuExternalKey } from "./external-keys.js"; diff --git a/extensions/feishu/src/monitor.bot-menu.test.ts b/extensions/feishu/src/monitor.bot-menu.test.ts index cecb0b0512c..988e04d80ca 100644 --- a/extensions/feishu/src/monitor.bot-menu.test.ts +++ b/extensions/feishu/src/monitor.bot-menu.test.ts @@ -5,7 +5,7 @@ import { createInboundDebouncer, resolveInboundDebounceMs, } from "../../../src/auto-reply/inbound-debounce.js"; -import { createPluginRuntimeMock } from "../../test-utils/plugin-runtime-mock.js"; +import { createPluginRuntimeMock } from "../../../test/helpers/extensions/plugin-runtime-mock.js"; import { monitorSingleAccount } from "./monitor.account.js"; import { setFeishuRuntime } from "./runtime.js"; import type { ResolvedFeishuAccount } from "./types.js"; diff --git a/extensions/feishu/src/monitor.reaction.test.ts b/extensions/feishu/src/monitor.reaction.test.ts index 001b8140f80..048aed2247e 100644 --- a/extensions/feishu/src/monitor.reaction.test.ts +++ b/extensions/feishu/src/monitor.reaction.test.ts @@ -5,7 +5,7 @@ import { createInboundDebouncer, resolveInboundDebounceMs, } from "../../../src/auto-reply/inbound-debounce.js"; -import { createPluginRuntimeMock } from "../../test-utils/plugin-runtime-mock.js"; +import { createPluginRuntimeMock } from "../../../test/helpers/extensions/plugin-runtime-mock.js"; import { parseFeishuMessageEvent, type FeishuMessageEvent } from "./bot.js"; import * as dedup from "./dedup.js"; import { monitorSingleAccount } from "./monitor.account.js"; diff --git a/extensions/feishu/src/monitor.transport.ts b/extensions/feishu/src/monitor.transport.ts index d619f3cddb3..caab5468378 100644 --- a/extensions/feishu/src/monitor.transport.ts +++ b/extensions/feishu/src/monitor.transport.ts @@ -32,6 +32,15 @@ function isFeishuWebhookPayload(value: unknown): value is Record, @@ -63,7 +72,7 @@ function isFeishuWebhookSignatureValid(params: { .createHash("sha256") .update(timestamp + nonce + encryptKey + JSON.stringify(params.payload)) .digest("hex"); - return computedSignature === signature; + return timingSafeEqualString(computedSignature, signature); } function respondText(res: http.ServerResponse, statusCode: number, body: string): void { diff --git a/extensions/feishu/src/monitor.webhook-e2e.test.ts b/extensions/feishu/src/monitor.webhook-e2e.test.ts index a11957e3393..33035a735f6 100644 --- a/extensions/feishu/src/monitor.webhook-e2e.test.ts +++ b/extensions/feishu/src/monitor.webhook-e2e.test.ts @@ -114,6 +114,34 @@ describe("Feishu webhook signed-request e2e", () => { ); }); + it("rejects malformed short signatures with 401", async () => { + probeFeishuMock.mockResolvedValue({ ok: true, botOpenId: "bot_open_id" }); + + await withRunningWebhookMonitor( + { + accountId: "short-signature", + path: "/hook-e2e-short-signature", + verificationToken: "verify_token", + encryptKey: "encrypt_key", + }, + monitorFeishuProvider, + async (url) => { + const payload = { type: "url_verification", challenge: "challenge-token" }; + const headers = signFeishuPayload({ encryptKey: "encrypt_key", payload }); + headers["x-lark-signature"] = headers["x-lark-signature"].slice(0, 12); + + const response = await fetch(url, { + method: "POST", + headers, + body: JSON.stringify(payload), + }); + + expect(response.status).toBe(401); + expect(await response.text()).toBe("Invalid signature"); + }, + ); + }); + it("returns 400 for invalid json before invoking the sdk", async () => { probeFeishuMock.mockResolvedValue({ ok: true, botOpenId: "bot_open_id" }); diff --git a/extensions/feishu/src/probe.test.ts b/extensions/feishu/src/probe.test.ts index bfc270a4459..f394aec8b3e 100644 --- a/extensions/feishu/src/probe.test.ts +++ b/extensions/feishu/src/probe.test.ts @@ -6,7 +6,15 @@ vi.mock("./client.js", () => ({ createFeishuClient: createFeishuClientMock, })); -import { FEISHU_PROBE_REQUEST_TIMEOUT_MS, probeFeishu, clearProbeCache } from "./probe.js"; +async function importProbeModule(scope: string) { + void scope; + vi.resetModules(); + return await import("./probe.js"); +} + +let FEISHU_PROBE_REQUEST_TIMEOUT_MS: typeof import("./probe.js").FEISHU_PROBE_REQUEST_TIMEOUT_MS; +let probeFeishu: typeof import("./probe.js").probeFeishu; +let clearProbeCache: typeof import("./probe.js").clearProbeCache; const DEFAULT_CREDS = { appId: "cli_123", appSecret: "secret" } as const; // pragma: allowlist secret const DEFAULT_SUCCESS_RESPONSE = { @@ -40,7 +48,12 @@ function setupSuccessClient() { async function expectDefaultSuccessResult( creds = DEFAULT_CREDS, - expected: Awaited> = DEFAULT_SUCCESS_RESULT, + expected: { + ok: true; + appId: string; + botName: string; + botOpenId: string; + } = DEFAULT_SUCCESS_RESULT, ) { const result = await probeFeishu(creds); expect(result).toEqual(expected); @@ -93,7 +106,10 @@ async function readSequentialDefaultProbePair() { } describe("probeFeishu", () => { - beforeEach(() => { + beforeEach(async () => { + ({ FEISHU_PROBE_REQUEST_TIMEOUT_MS, probeFeishu, clearProbeCache } = await importProbeModule( + `probe-${Date.now()}-${Math.random()}`, + )); clearProbeCache(); vi.restoreAllMocks(); }); diff --git a/extensions/feishu/src/runtime.ts b/extensions/feishu/src/runtime.ts index 2e174a59320..aad0a41c50a 100644 --- a/extensions/feishu/src/runtime.ts +++ b/extensions/feishu/src/runtime.ts @@ -1,5 +1,5 @@ -import { createPluginRuntimeStore } from "openclaw/plugin-sdk/compat"; import type { PluginRuntime } from "openclaw/plugin-sdk/feishu"; +import { createPluginRuntimeStore } from "openclaw/plugin-sdk/runtime-store"; const { setRuntime: setFeishuRuntime, getRuntime: getFeishuRuntime } = createPluginRuntimeStore("Feishu runtime not initialized"); diff --git a/extensions/feishu/src/setup-core.ts b/extensions/feishu/src/setup-core.ts index ada8ef79933..a9c6639a2f7 100644 --- a/extensions/feishu/src/setup-core.ts +++ b/extensions/feishu/src/setup-core.ts @@ -1,6 +1,8 @@ -import type { ChannelSetupAdapter } from "../../../src/channels/plugins/types.adapters.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { DEFAULT_ACCOUNT_ID } from "../../../src/routing/session-key.js"; +import { + DEFAULT_ACCOUNT_ID, + type ChannelSetupAdapter, + type OpenClawConfig, +} from "openclaw/plugin-sdk/setup"; import type { FeishuConfig } from "./types.js"; export function setFeishuNamedAccountEnabled( diff --git a/extensions/feishu/src/setup-surface.ts b/extensions/feishu/src/setup-surface.ts index 4f92b07a804..e990f308624 100644 --- a/extensions/feishu/src/setup-surface.ts +++ b/extensions/feishu/src/setup-surface.ts @@ -1,20 +1,20 @@ import { buildSingleChannelSecretPromptState, + DEFAULT_ACCOUNT_ID, + formatDocsLink, + hasConfiguredSecretInput, mergeAllowFromEntries, promptSingleChannelSecretInput, setTopLevelChannelAllowFrom, setTopLevelChannelDmPolicyWithAllowFrom, setTopLevelChannelGroupPolicy, splitSetupEntries, -} from "../../../src/channels/plugins/setup-wizard-helpers.js"; -import type { ChannelSetupDmPolicy } from "../../../src/channels/plugins/setup-wizard-types.js"; -import type { ChannelSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import type { DmPolicy } from "../../../src/config/types.js"; -import type { SecretInput } from "../../../src/config/types.secrets.js"; -import { hasConfiguredSecretInput } from "../../../src/config/types.secrets.js"; -import { DEFAULT_ACCOUNT_ID } from "../../../src/routing/session-key.js"; -import { formatDocsLink } from "../../../src/terminal/links.js"; + type ChannelSetupDmPolicy, + type ChannelSetupWizard, + type DmPolicy, + type OpenClawConfig, + type SecretInput, +} from "openclaw/plugin-sdk/setup"; import { listFeishuAccountIds, resolveFeishuCredentials } from "./accounts.js"; import { probeFeishu } from "./probe.js"; import { feishuSetupAdapter } from "./setup-core.js"; diff --git a/extensions/feishu/src/subagent-hooks.test.ts b/extensions/feishu/src/subagent-hooks.test.ts index a86e8996f35..87450b10265 100644 --- a/extensions/feishu/src/subagent-hooks.test.ts +++ b/extensions/feishu/src/subagent-hooks.test.ts @@ -1,5 +1,9 @@ import type { OpenClawPluginApi } from "openclaw/plugin-sdk/feishu"; import { beforeEach, describe, expect, it, vi } from "vitest"; +import { + getRequiredHookHandler, + registerHookHandlersForTest, +} from "../../../test/helpers/extensions/subagent-hooks.js"; import { registerFeishuSubagentHooks } from "./subagent-hooks.js"; import { __testing as threadBindingTesting, @@ -12,26 +16,10 @@ const baseConfig = { }; function registerHandlersForTest(config: Record = baseConfig) { - const handlers = new Map unknown>(); - const api = { + return registerHookHandlersForTest({ config, - on: (hookName: string, handler: (event: unknown, ctx: unknown) => unknown) => { - handlers.set(hookName, handler); - }, - } as unknown as OpenClawPluginApi; - registerFeishuSubagentHooks(api); - return handlers; -} - -function getRequiredHandler( - handlers: Map unknown>, - hookName: string, -): (event: unknown, ctx: unknown) => unknown { - const handler = handlers.get(hookName); - if (!handler) { - throw new Error(`expected ${hookName} hook handler`); - } - return handler; + register: registerFeishuSubagentHooks, + }); } describe("feishu subagent hook handlers", () => { @@ -49,7 +37,7 @@ describe("feishu subagent hook handlers", () => { it("binds a Feishu DM conversation on subagent_spawning", async () => { const handlers = registerHandlersForTest(); - const handler = getRequiredHandler(handlers, "subagent_spawning"); + const handler = getRequiredHookHandler(handlers, "subagent_spawning"); createFeishuThreadBindingManager({ cfg: baseConfig as any, accountId: "work" }); const result = await handler( @@ -70,7 +58,7 @@ describe("feishu subagent hook handlers", () => { expect(result).toEqual({ status: "ok", threadBindingReady: true }); - const deliveryTargetHandler = getRequiredHandler(handlers, "subagent_delivery_target"); + const deliveryTargetHandler = getRequiredHookHandler(handlers, "subagent_delivery_target"); expect( deliveryTargetHandler( { @@ -96,7 +84,7 @@ describe("feishu subagent hook handlers", () => { it("preserves the original Feishu DM delivery target", async () => { const handlers = registerHandlersForTest(); - const deliveryHandler = getRequiredHandler(handlers, "subagent_delivery_target"); + const deliveryHandler = getRequiredHookHandler(handlers, "subagent_delivery_target"); const manager = createFeishuThreadBindingManager({ cfg: baseConfig as any, accountId: "work" }); manager.bindConversation({ @@ -134,8 +122,8 @@ describe("feishu subagent hook handlers", () => { it("binds a Feishu topic conversation and preserves parent context", async () => { const handlers = registerHandlersForTest(); - const spawnHandler = getRequiredHandler(handlers, "subagent_spawning"); - const deliveryHandler = getRequiredHandler(handlers, "subagent_delivery_target"); + const spawnHandler = getRequiredHookHandler(handlers, "subagent_spawning"); + const deliveryHandler = getRequiredHookHandler(handlers, "subagent_delivery_target"); createFeishuThreadBindingManager({ cfg: baseConfig as any, accountId: "work" }); const result = await spawnHandler( @@ -183,8 +171,8 @@ describe("feishu subagent hook handlers", () => { it("uses the requester session binding to preserve sender-scoped topic conversations", async () => { const handlers = registerHandlersForTest(); - const spawnHandler = getRequiredHandler(handlers, "subagent_spawning"); - const deliveryHandler = getRequiredHandler(handlers, "subagent_delivery_target"); + const spawnHandler = getRequiredHookHandler(handlers, "subagent_spawning"); + const deliveryHandler = getRequiredHookHandler(handlers, "subagent_delivery_target"); const manager = createFeishuThreadBindingManager({ cfg: baseConfig as any, accountId: "work" }); manager.bindConversation({ @@ -252,8 +240,8 @@ describe("feishu subagent hook handlers", () => { it("prefers requester-matching bindings when multiple child bindings exist", async () => { const handlers = registerHandlersForTest(); - const spawnHandler = getRequiredHandler(handlers, "subagent_spawning"); - const deliveryHandler = getRequiredHandler(handlers, "subagent_delivery_target"); + const spawnHandler = getRequiredHookHandler(handlers, "subagent_spawning"); + const deliveryHandler = getRequiredHookHandler(handlers, "subagent_delivery_target"); createFeishuThreadBindingManager({ cfg: baseConfig as any, accountId: "work" }); await spawnHandler( @@ -312,8 +300,8 @@ describe("feishu subagent hook handlers", () => { it("fails closed when requester-session bindings remain ambiguous for the same topic", async () => { const handlers = registerHandlersForTest(); - const spawnHandler = getRequiredHandler(handlers, "subagent_spawning"); - const deliveryHandler = getRequiredHandler(handlers, "subagent_delivery_target"); + const spawnHandler = getRequiredHookHandler(handlers, "subagent_spawning"); + const deliveryHandler = getRequiredHookHandler(handlers, "subagent_delivery_target"); const manager = createFeishuThreadBindingManager({ cfg: baseConfig as any, accountId: "work" }); manager.bindConversation({ @@ -375,8 +363,8 @@ describe("feishu subagent hook handlers", () => { it("fails closed when both topic-level and sender-scoped requester bindings exist", async () => { const handlers = registerHandlersForTest(); - const spawnHandler = getRequiredHandler(handlers, "subagent_spawning"); - const deliveryHandler = getRequiredHandler(handlers, "subagent_delivery_target"); + const spawnHandler = getRequiredHookHandler(handlers, "subagent_spawning"); + const deliveryHandler = getRequiredHookHandler(handlers, "subagent_delivery_target"); const manager = createFeishuThreadBindingManager({ cfg: baseConfig as any, accountId: "work" }); manager.bindConversation({ @@ -438,9 +426,9 @@ describe("feishu subagent hook handlers", () => { it("no-ops for non-Feishu channels and non-threaded spawns", async () => { const handlers = registerHandlersForTest(); - const spawnHandler = getRequiredHandler(handlers, "subagent_spawning"); - const deliveryHandler = getRequiredHandler(handlers, "subagent_delivery_target"); - const endedHandler = getRequiredHandler(handlers, "subagent_ended"); + const spawnHandler = getRequiredHookHandler(handlers, "subagent_spawning"); + const deliveryHandler = getRequiredHookHandler(handlers, "subagent_delivery_target"); + const endedHandler = getRequiredHookHandler(handlers, "subagent_ended"); await expect( spawnHandler( @@ -506,7 +494,7 @@ describe("feishu subagent hook handlers", () => { }); it("returns an error for unsupported non-topic Feishu group conversations", async () => { - const handler = getRequiredHandler(registerHandlersForTest(), "subagent_spawning"); + const handler = getRequiredHookHandler(registerHandlersForTest(), "subagent_spawning"); createFeishuThreadBindingManager({ cfg: baseConfig as any, accountId: "work" }); await expect( @@ -532,9 +520,9 @@ describe("feishu subagent hook handlers", () => { it("unbinds Feishu bindings on subagent_ended", async () => { const handlers = registerHandlersForTest(); - const spawnHandler = getRequiredHandler(handlers, "subagent_spawning"); - const deliveryHandler = getRequiredHandler(handlers, "subagent_delivery_target"); - const endedHandler = getRequiredHandler(handlers, "subagent_ended"); + const spawnHandler = getRequiredHookHandler(handlers, "subagent_spawning"); + const deliveryHandler = getRequiredHookHandler(handlers, "subagent_delivery_target"); + const endedHandler = getRequiredHookHandler(handlers, "subagent_ended"); createFeishuThreadBindingManager({ cfg: baseConfig as any, accountId: "work" }); await spawnHandler( @@ -581,8 +569,8 @@ describe("feishu subagent hook handlers", () => { it("fails closed when the Feishu monitor-owned binding manager is unavailable", async () => { const handlers = registerHandlersForTest(); - const spawnHandler = getRequiredHandler(handlers, "subagent_spawning"); - const deliveryHandler = getRequiredHandler(handlers, "subagent_delivery_target"); + const spawnHandler = getRequiredHookHandler(handlers, "subagent_spawning"); + const deliveryHandler = getRequiredHookHandler(handlers, "subagent_delivery_target"); await expect( spawnHandler( diff --git a/extensions/feishu/src/thread-bindings.ts b/extensions/feishu/src/thread-bindings.ts index b2ab72467c3..cfae8fb2058 100644 --- a/extensions/feishu/src/thread-bindings.ts +++ b/extensions/feishu/src/thread-bindings.ts @@ -1,20 +1,17 @@ -import { resolveThreadBindingConversationIdFromBindingId } from "../../../src/channels/thread-binding-id.js"; +import { resolveThreadBindingConversationIdFromBindingId } from "openclaw/plugin-sdk/channel-runtime"; import { resolveThreadBindingIdleTimeoutMsForChannel, resolveThreadBindingMaxAgeMsForChannel, -} from "../../../src/channels/thread-bindings-policy.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; +} from "openclaw/plugin-sdk/channel-runtime"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; import { registerSessionBindingAdapter, unregisterSessionBindingAdapter, type BindingTargetKind, type SessionBindingRecord, -} from "../../../src/infra/outbound/session-binding-service.js"; -import { - normalizeAccountId, - resolveAgentIdFromSessionKey, -} from "../../../src/routing/session-key.js"; -import { resolveGlobalSingleton } from "../../../src/shared/global-singleton.js"; +} from "openclaw/plugin-sdk/conversation-runtime"; +import { normalizeAccountId, resolveAgentIdFromSessionKey } from "openclaw/plugin-sdk/routing"; +import { resolveGlobalSingleton } from "openclaw/plugin-sdk/text-runtime"; type FeishuBindingTargetKind = "subagent" | "acp"; diff --git a/extensions/firecrawl/index.ts b/extensions/firecrawl/index.ts index 42bd1a3252f..aa6e41070be 100644 --- a/extensions/firecrawl/index.ts +++ b/extensions/firecrawl/index.ts @@ -1,20 +1,15 @@ -import type { AnyAgentTool } from "../../src/agents/tools/common.js"; -import { emptyPluginConfigSchema } from "../../src/plugins/config-schema.js"; -import type { OpenClawPluginApi } from "../../src/plugins/types.js"; +import { definePluginEntry, type AnyAgentTool } from "openclaw/plugin-sdk/core"; import { createFirecrawlScrapeTool } from "./src/firecrawl-scrape-tool.js"; import { createFirecrawlWebSearchProvider } from "./src/firecrawl-search-provider.js"; import { createFirecrawlSearchTool } from "./src/firecrawl-search-tool.js"; -const firecrawlPlugin = { +export default definePluginEntry({ id: "firecrawl", name: "Firecrawl Plugin", description: "Bundled Firecrawl search and scrape plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerWebSearchProvider(createFirecrawlWebSearchProvider()); api.registerTool(createFirecrawlSearchTool(api) as AnyAgentTool); api.registerTool(createFirecrawlScrapeTool(api) as AnyAgentTool); }, -}; - -export default firecrawlPlugin; +}); diff --git a/extensions/firecrawl/src/config.ts b/extensions/firecrawl/src/config.ts index 808b81891f1..5558c0dce0a 100644 --- a/extensions/firecrawl/src/config.ts +++ b/extensions/firecrawl/src/config.ts @@ -1,6 +1,6 @@ -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { normalizeResolvedSecretInputString } from "../../../src/config/types.secrets.js"; -import { normalizeSecretInput } from "../../../src/utils/normalize-secret-input.js"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { normalizeResolvedSecretInputString } from "openclaw/plugin-sdk/config-runtime"; +import { normalizeSecretInput } from "openclaw/plugin-sdk/provider-auth"; export const DEFAULT_FIRECRAWL_BASE_URL = "https://api.firecrawl.dev"; export const DEFAULT_FIRECRAWL_SEARCH_TIMEOUT_SECONDS = 30; diff --git a/extensions/firecrawl/src/firecrawl-client.ts b/extensions/firecrawl/src/firecrawl-client.ts index 2929f2f9dde..18500d81c14 100644 --- a/extensions/firecrawl/src/firecrawl-client.ts +++ b/extensions/firecrawl/src/firecrawl-client.ts @@ -1,5 +1,6 @@ -import { markdownToText, truncateText } from "../../../src/agents/tools/web-fetch-utils.js"; -import { withTrustedWebToolsEndpoint } from "../../../src/agents/tools/web-guarded-fetch.js"; +import { markdownToText, truncateText } from "openclaw/plugin-sdk/agent-runtime"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { withTrustedWebToolsEndpoint } from "openclaw/plugin-sdk/provider-web-search"; import { DEFAULT_CACHE_TTL_MINUTES, normalizeCacheKey, @@ -7,9 +8,8 @@ import { readResponseText, resolveCacheTtlMs, writeCache, -} from "../../../src/agents/tools/web-shared.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { wrapExternalContent, wrapWebContent } from "../../../src/security/external-content.js"; +} from "openclaw/plugin-sdk/provider-web-search"; +import { wrapExternalContent, wrapWebContent } from "openclaw/plugin-sdk/security-runtime"; import { resolveFirecrawlApiKey, resolveFirecrawlBaseUrl, diff --git a/extensions/firecrawl/src/firecrawl-scrape-tool.ts b/extensions/firecrawl/src/firecrawl-scrape-tool.ts index 509b3d5fbd6..70f0691d3d7 100644 --- a/extensions/firecrawl/src/firecrawl-scrape-tool.ts +++ b/extensions/firecrawl/src/firecrawl-scrape-tool.ts @@ -1,7 +1,7 @@ import { Type } from "@sinclair/typebox"; -import { optionalStringEnum } from "../../../src/agents/schema/typebox.js"; -import { jsonResult, readNumberParam, readStringParam } from "../../../src/agents/tools/common.js"; -import type { OpenClawPluginApi } from "../../../src/plugins/types.js"; +import { optionalStringEnum } from "openclaw/plugin-sdk/agent-runtime"; +import { jsonResult, readNumberParam, readStringParam } from "openclaw/plugin-sdk/agent-runtime"; +import type { OpenClawPluginApi } from "openclaw/plugin-sdk/plugin-runtime"; import { runFirecrawlScrape } from "./firecrawl-client.js"; const FirecrawlScrapeToolSchema = Type.Object( diff --git a/extensions/firecrawl/src/firecrawl-search-provider.ts b/extensions/firecrawl/src/firecrawl-search-provider.ts index 60489e9618e..0940aedb74d 100644 --- a/extensions/firecrawl/src/firecrawl-search-provider.ts +++ b/extensions/firecrawl/src/firecrawl-search-provider.ts @@ -1,5 +1,5 @@ import { Type } from "@sinclair/typebox"; -import type { WebSearchProviderPlugin } from "../../../src/plugins/types.js"; +import type { WebSearchProviderPlugin } from "openclaw/plugin-sdk/plugin-runtime"; import { runFirecrawlSearch } from "./firecrawl-client.js"; const GenericFirecrawlSearchSchema = Type.Object( diff --git a/extensions/firecrawl/src/firecrawl-search-tool.ts b/extensions/firecrawl/src/firecrawl-search-tool.ts index f2f133fd7ec..9a1201ec6e0 100644 --- a/extensions/firecrawl/src/firecrawl-search-tool.ts +++ b/extensions/firecrawl/src/firecrawl-search-tool.ts @@ -4,8 +4,8 @@ import { readNumberParam, readStringArrayParam, readStringParam, -} from "../../../src/agents/tools/common.js"; -import type { OpenClawPluginApi } from "../../../src/plugins/types.js"; +} from "openclaw/plugin-sdk/agent-runtime"; +import type { OpenClawPluginApi } from "openclaw/plugin-sdk/plugin-runtime"; import { runFirecrawlSearch } from "./firecrawl-client.js"; const FirecrawlSearchToolSchema = Type.Object( diff --git a/extensions/github-copilot/index.ts b/extensions/github-copilot/index.ts index 8dadad31903..ee85f76fd61 100644 --- a/extensions/github-copilot/index.ts +++ b/extensions/github-copilot/index.ts @@ -1,15 +1,16 @@ import { - emptyPluginConfigSchema, - type OpenClawPluginApi, + definePluginEntry, type ProviderAuthContext, type ProviderResolveDynamicModelContext, type ProviderRuntimeModel, } from "openclaw/plugin-sdk/core"; -import { listProfilesForProvider } from "../../src/agents/auth-profiles/profiles.js"; -import { ensureAuthProfileStore } from "../../src/agents/auth-profiles/store.js"; -import { normalizeModelCompat } from "../../src/agents/model-compat.js"; -import { coerceSecretRef } from "../../src/config/types.secrets.js"; -import { githubCopilotLoginCommand } from "../../src/providers/github-copilot-auth.js"; +import { + coerceSecretRef, + ensureAuthProfileStore, + githubCopilotLoginCommand, + listProfilesForProvider, +} from "openclaw/plugin-sdk/provider-auth"; +import { normalizeModelCompat } from "openclaw/plugin-sdk/provider-models"; import { DEFAULT_COPILOT_API_BASE_URL, resolveCopilotApiToken } from "./token.js"; import { fetchCopilotUsage } from "./usage.js"; @@ -114,12 +115,11 @@ async function runGitHubCopilotAuth(ctx: ProviderAuthContext) { }; } -const githubCopilotPlugin = { +export default definePluginEntry({ id: "github-copilot", name: "GitHub Copilot Provider", description: "Bundled GitHub Copilot provider plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerProvider({ id: PROVIDER_ID, label: "GitHub Copilot", @@ -194,6 +194,4 @@ const githubCopilotPlugin = { await fetchCopilotUsage(ctx.token, ctx.timeoutMs, ctx.fetchFn), }); }, -}; - -export default githubCopilotPlugin; +}); diff --git a/extensions/github-copilot/token.ts b/extensions/github-copilot/token.ts index afb1eb03b61..f743cf8bb88 100644 --- a/extensions/github-copilot/token.ts +++ b/extensions/github-copilot/token.ts @@ -1,6 +1,6 @@ import path from "node:path"; -import { resolveStateDir } from "../../src/config/paths.js"; -import { loadJsonFile, saveJsonFile } from "../../src/infra/json-file.js"; +import { loadJsonFile, saveJsonFile } from "openclaw/plugin-sdk/json-store"; +import { resolveStateDir } from "openclaw/plugin-sdk/state-paths"; const COPILOT_TOKEN_URL = "https://api.github.com/copilot_internal/v2/token"; diff --git a/extensions/github-copilot/usage.test.ts b/extensions/github-copilot/usage.test.ts index b4044c7f5f9..f0687c33b0a 100644 --- a/extensions/github-copilot/usage.test.ts +++ b/extensions/github-copilot/usage.test.ts @@ -2,7 +2,7 @@ import { describe, expect, it } from "vitest"; import { createProviderUsageFetch, makeResponse, -} from "../../src/test-utils/provider-usage-fetch.js"; +} from "../../test/helpers/extensions/provider-usage-fetch.js"; import { fetchCopilotUsage } from "./usage.js"; describe("fetchCopilotUsage", () => { diff --git a/extensions/github-copilot/usage.ts b/extensions/github-copilot/usage.ts index 9035027890c..1e13717c9ea 100644 --- a/extensions/github-copilot/usage.ts +++ b/extensions/github-copilot/usage.ts @@ -1,9 +1,11 @@ import { buildUsageHttpErrorSnapshot, fetchJson, -} from "../../src/infra/provider-usage.fetch.shared.js"; -import { clampPercent, PROVIDER_LABELS } from "../../src/infra/provider-usage.shared.js"; -import type { ProviderUsageSnapshot, UsageWindow } from "../../src/infra/provider-usage.types.js"; + clampPercent, + PROVIDER_LABELS, + type ProviderUsageSnapshot, + type UsageWindow, +} from "openclaw/plugin-sdk/provider-usage"; type CopilotUsageResponse = { quota_snapshots?: { diff --git a/extensions/google/gemini-cli-provider.ts b/extensions/google/gemini-cli-provider.ts index 926913f7390..45b00c1be28 100644 --- a/extensions/google/gemini-cli-provider.ts +++ b/extensions/google/gemini-cli-provider.ts @@ -1,10 +1,10 @@ -import { fetchGeminiUsage } from "../../src/infra/provider-usage.fetch.js"; -import { buildOauthProviderAuthResult } from "../../src/plugin-sdk/provider-auth-result.js"; import type { OpenClawPluginApi, ProviderAuthContext, ProviderFetchUsageSnapshotContext, -} from "../../src/plugins/types.js"; +} from "openclaw/plugin-sdk/core"; +import { buildOauthProviderAuthResult } from "openclaw/plugin-sdk/provider-auth"; +import { fetchGeminiUsage } from "openclaw/plugin-sdk/provider-usage"; import { loginGeminiCliOAuth } from "./oauth.js"; import { isModernGoogleModel, resolveGoogle31ForwardCompatModel } from "./provider-models.js"; diff --git a/extensions/google/index.ts b/extensions/google/index.ts index 59d417e9349..f9268cc0aae 100644 --- a/extensions/google/index.ts +++ b/extensions/google/index.ts @@ -1,24 +1,24 @@ +import { definePluginEntry } from "openclaw/plugin-sdk/core"; +import { buildGoogleImageGenerationProvider } from "openclaw/plugin-sdk/image-generation"; +import { createProviderApiKeyAuthMethod } from "openclaw/plugin-sdk/provider-auth"; +import { + GOOGLE_GEMINI_DEFAULT_MODEL, + applyGoogleGeminiModelDefault, +} from "openclaw/plugin-sdk/provider-models"; import { createPluginBackedWebSearchProvider, getScopedCredentialValue, setScopedCredentialValue, -} from "../../src/agents/tools/web-search-plugin-factory.js"; -import { - GOOGLE_GEMINI_DEFAULT_MODEL, - applyGoogleGeminiModelDefault, -} from "../../src/commands/google-gemini-model-default.js"; -import { emptyPluginConfigSchema } from "../../src/plugins/config-schema.js"; -import { createProviderApiKeyAuthMethod } from "../../src/plugins/provider-api-key-auth.js"; -import type { OpenClawPluginApi } from "../../src/plugins/types.js"; +} from "openclaw/plugin-sdk/provider-web-search"; import { registerGoogleGeminiCliProvider } from "./gemini-cli-provider.js"; +import { googleMediaUnderstandingProvider } from "./media-understanding-provider.js"; import { isModernGoogleModel, resolveGoogle31ForwardCompatModel } from "./provider-models.js"; -const googlePlugin = { +export default definePluginEntry({ id: "google", name: "Google Plugin", description: "Bundled Google plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerProvider({ id: "google", label: "Google AI Studio", @@ -51,6 +51,8 @@ const googlePlugin = { isModernModelRef: ({ modelId }) => isModernGoogleModel(modelId), }); registerGoogleGeminiCliProvider(api); + api.registerImageGenerationProvider(buildGoogleImageGenerationProvider()); + api.registerMediaUnderstandingProvider(googleMediaUnderstandingProvider); api.registerWebSearchProvider( createPluginBackedWebSearchProvider({ id: "gemini", @@ -67,6 +69,4 @@ const googlePlugin = { }), ); }, -}; - -export default googlePlugin; +}); diff --git a/extensions/google/media-understanding-provider.ts b/extensions/google/media-understanding-provider.ts new file mode 100644 index 00000000000..97b008ee578 --- /dev/null +++ b/extensions/google/media-understanding-provider.ts @@ -0,0 +1,149 @@ +import { normalizeGoogleModelId, parseGeminiAuth } from "openclaw/plugin-sdk/google"; +import { + assertOkOrThrowHttpError, + describeImageWithModel, + describeImagesWithModel, + normalizeBaseUrl, + postJsonRequest, + type AudioTranscriptionRequest, + type AudioTranscriptionResult, + type MediaUnderstandingProvider, + type VideoDescriptionRequest, + type VideoDescriptionResult, +} from "openclaw/plugin-sdk/media-understanding"; + +export const DEFAULT_GOOGLE_AUDIO_BASE_URL = "https://generativelanguage.googleapis.com/v1beta"; +export const DEFAULT_GOOGLE_VIDEO_BASE_URL = "https://generativelanguage.googleapis.com/v1beta"; +const DEFAULT_GOOGLE_AUDIO_MODEL = "gemini-3-flash-preview"; +const DEFAULT_GOOGLE_VIDEO_MODEL = "gemini-3-flash-preview"; +const DEFAULT_GOOGLE_AUDIO_PROMPT = "Transcribe the audio."; +const DEFAULT_GOOGLE_VIDEO_PROMPT = "Describe the video."; + +async function generateGeminiInlineDataText(params: { + buffer: Buffer; + mime?: string; + apiKey: string; + baseUrl?: string; + headers?: Record; + model?: string; + prompt?: string; + timeoutMs: number; + fetchFn?: typeof fetch; + defaultBaseUrl: string; + defaultModel: string; + defaultPrompt: string; + defaultMime: string; + httpErrorLabel: string; + missingTextError: string; +}): Promise<{ text: string; model: string }> { + const fetchFn = params.fetchFn ?? fetch; + const baseUrl = normalizeBaseUrl(params.baseUrl, params.defaultBaseUrl); + const allowPrivate = Boolean(params.baseUrl?.trim()); + const model = (() => { + const trimmed = params.model?.trim(); + if (!trimmed) { + return params.defaultModel; + } + return normalizeGoogleModelId(trimmed); + })(); + const url = `${baseUrl}/models/${model}:generateContent`; + + const authHeaders = parseGeminiAuth(params.apiKey); + const headers = new Headers(params.headers); + for (const [key, value] of Object.entries(authHeaders.headers)) { + if (!headers.has(key)) { + headers.set(key, value); + } + } + + const prompt = (() => { + const trimmed = params.prompt?.trim(); + return trimmed || params.defaultPrompt; + })(); + + const body = { + contents: [ + { + role: "user", + parts: [ + { text: prompt }, + { + inline_data: { + mime_type: params.mime ?? params.defaultMime, + data: params.buffer.toString("base64"), + }, + }, + ], + }, + ], + }; + + const { response: res, release } = await postJsonRequest({ + url, + headers, + body, + timeoutMs: params.timeoutMs, + fetchFn, + allowPrivateNetwork: allowPrivate, + }); + + try { + await assertOkOrThrowHttpError(res, params.httpErrorLabel); + + const payload = (await res.json()) as { + candidates?: Array<{ + content?: { parts?: Array<{ text?: string }> }; + }>; + }; + const parts = payload.candidates?.[0]?.content?.parts ?? []; + const text = parts + .map((part) => part?.text?.trim()) + .filter(Boolean) + .join("\n"); + if (!text) { + throw new Error(params.missingTextError); + } + return { text, model }; + } finally { + await release(); + } +} + +export async function transcribeGeminiAudio( + params: AudioTranscriptionRequest, +): Promise { + const { text, model } = await generateGeminiInlineDataText({ + ...params, + defaultBaseUrl: DEFAULT_GOOGLE_AUDIO_BASE_URL, + defaultModel: DEFAULT_GOOGLE_AUDIO_MODEL, + defaultPrompt: DEFAULT_GOOGLE_AUDIO_PROMPT, + defaultMime: "audio/wav", + httpErrorLabel: "Audio transcription failed", + missingTextError: "Audio transcription response missing text", + }); + return { text, model }; +} + +export async function describeGeminiVideo( + params: VideoDescriptionRequest, +): Promise { + const { text, model } = await generateGeminiInlineDataText({ + ...params, + defaultBaseUrl: DEFAULT_GOOGLE_VIDEO_BASE_URL, + defaultModel: DEFAULT_GOOGLE_VIDEO_MODEL, + defaultPrompt: DEFAULT_GOOGLE_VIDEO_PROMPT, + defaultMime: "video/mp4", + httpErrorLabel: "Video description failed", + missingTextError: "Video description response missing text", + }); + return { text, model }; +} + +export const googleMediaUnderstandingProvider: MediaUnderstandingProvider = { + id: "google", + capabilities: ["image", "audio", "video"], + describeImage: describeImageWithModel, + describeImages: describeImagesWithModel, + transcribeAudio: transcribeGeminiAudio, + describeVideo: describeGeminiVideo, +}; diff --git a/extensions/google/oauth.credentials.ts b/extensions/google/oauth.credentials.ts index 1c1e88db042..670ae4de943 100644 --- a/extensions/google/oauth.credentials.ts +++ b/extensions/google/oauth.credentials.ts @@ -1,7 +1,27 @@ import { existsSync, readFileSync, readdirSync, realpathSync } from "node:fs"; +import type { Dirent } from "node:fs"; import { delimiter, dirname, join } from "node:path"; import { CLIENT_ID_KEYS, CLIENT_SECRET_KEYS } from "./oauth.shared.js"; +type CredentialFs = { + existsSync: (path: Parameters[0]) => ReturnType; + readFileSync: (path: Parameters[0], encoding: "utf8") => string; + realpathSync: (path: Parameters[0]) => string; + readdirSync: ( + path: Parameters[0], + options: { withFileTypes: true }, + ) => Dirent[]; +}; + +const defaultFs: CredentialFs = { + existsSync, + readFileSync, + realpathSync, + readdirSync, +}; + +let credentialFs: CredentialFs = defaultFs; + function resolveEnv(keys: string[]): string | undefined { for (const key of keys) { const value = process.env[key]?.trim(); @@ -18,6 +38,10 @@ export function clearCredentialsCache(): void { cachedGeminiCliCredentials = null; } +export function setOAuthCredentialsFsForTest(overrides?: Partial): void { + credentialFs = overrides ? { ...defaultFs, ...overrides } : defaultFs; +} + export function extractGeminiCliCredentials(): { clientId: string; clientSecret: string } | null { if (cachedGeminiCliCredentials) { return cachedGeminiCliCredentials; @@ -29,7 +53,7 @@ export function extractGeminiCliCredentials(): { clientId: string; clientSecret: return null; } - const resolvedPath = realpathSync(geminiPath); + const resolvedPath = credentialFs.realpathSync(geminiPath); const geminiCliDirs = resolveGeminiCliDirs(geminiPath, resolvedPath); let content: string | null = null; @@ -55,10 +79,9 @@ export function extractGeminiCliCredentials(): { clientId: string; clientSecret: "oauth2.js", ), ]; - for (const path of searchPaths) { - if (existsSync(path)) { - content = readFileSync(path, "utf8"); + if (credentialFs.existsSync(path)) { + content = credentialFs.readFileSync(path, "utf8"); break; } } @@ -67,7 +90,7 @@ export function extractGeminiCliCredentials(): { clientId: string; clientSecret: } const found = findFile(geminiCliDir, "oauth2.js", 10); if (found) { - content = readFileSync(found, "utf8"); + content = credentialFs.readFileSync(found, "utf8"); break; } } @@ -116,7 +139,7 @@ function findInPath(name: string): string | null { for (const dir of (process.env.PATH ?? "").split(delimiter)) { for (const ext of exts) { const path = join(dir, name + ext); - if (existsSync(path)) { + if (credentialFs.existsSync(path)) { return path; } } @@ -129,7 +152,7 @@ function findFile(dir: string, name: string, depth: number): string | null { return null; } try { - for (const entry of readdirSync(dir, { withFileTypes: true })) { + for (const entry of credentialFs.readdirSync(dir, { withFileTypes: true })) { const path = join(dir, entry.name); if (entry.isFile() && entry.name === name) { return path; diff --git a/extensions/google/oauth.flow.ts b/extensions/google/oauth.flow.ts index 00cab07dc68..1ac7f260723 100644 --- a/extensions/google/oauth.flow.ts +++ b/extensions/google/oauth.flow.ts @@ -1,6 +1,6 @@ import { createHash, randomBytes } from "node:crypto"; import { createServer } from "node:http"; -import { isWSL2Sync } from "../../src/infra/wsl.js"; +import { isWSL2Sync } from "openclaw/plugin-sdk/infra-runtime"; import { resolveOAuthClientConfig } from "./oauth.credentials.js"; import { AUTH_URL, REDIRECT_URI, SCOPES } from "./oauth.shared.js"; diff --git a/extensions/google/oauth.http.ts b/extensions/google/oauth.http.ts index 6c07c447143..3dcbd086b1c 100644 --- a/extensions/google/oauth.http.ts +++ b/extensions/google/oauth.http.ts @@ -1,4 +1,4 @@ -import { fetchWithSsrFGuard } from "../../src/infra/net/fetch-guard.js"; +import { fetchWithSsrFGuard } from "openclaw/plugin-sdk/infra-runtime"; import { DEFAULT_FETCH_TIMEOUT_MS } from "./oauth.shared.js"; export async function fetchWithTimeout( diff --git a/extensions/google/oauth.test.ts b/extensions/google/oauth.test.ts index 8aec64d528d..d37f0751dbe 100644 --- a/extensions/google/oauth.test.ts +++ b/extensions/google/oauth.test.ts @@ -21,23 +21,11 @@ vi.mock("../../src/infra/net/fetch-guard.js", () => ({ }, })); -// Mock fs module before importing the module under test const mockExistsSync = vi.fn(); const mockReadFileSync = vi.fn(); const mockRealpathSync = vi.fn(); const mockReaddirSync = vi.fn(); -vi.mock("node:fs", async (importOriginal) => { - const actual = await importOriginal(); - return { - ...actual, - existsSync: (...args: Parameters) => mockExistsSync(...args), - readFileSync: (...args: Parameters) => mockReadFileSync(...args), - realpathSync: (...args: Parameters) => mockRealpathSync(...args), - readdirSync: (...args: Parameters) => mockReaddirSync(...args), - }; -}); - describe("extractGeminiCliCredentials", () => { const normalizePath = (value: string) => value.replace(/\\/g, "/").replace(/\/+$/, "").toLowerCase(); @@ -51,6 +39,20 @@ describe("extractGeminiCliCredentials", () => { let originalPath: string | undefined; + async function loadCredentialsModule() { + return await import("./oauth.credentials.js"); + } + + async function installMockFs() { + const { setOAuthCredentialsFsForTest } = await loadCredentialsModule(); + setOAuthCredentialsFsForTest({ + existsSync: (...args) => mockExistsSync(...args), + readFileSync: (...args) => mockReadFileSync(...args), + realpathSync: (...args) => mockRealpathSync(...args), + readdirSync: (...args) => mockReaddirSync(...args), + }); + } + function makeFakeLayout() { const binDir = join(rootDir, "fake", "bin"); const geminiPath = join(binDir, "gemini"); @@ -157,17 +159,20 @@ describe("extractGeminiCliCredentials", () => { beforeEach(async () => { vi.clearAllMocks(); originalPath = process.env.PATH; + await installMockFs(); }); - afterEach(() => { + afterEach(async () => { process.env.PATH = originalPath; + const { setOAuthCredentialsFsForTest } = await loadCredentialsModule(); + setOAuthCredentialsFsForTest(); }); it("returns null when gemini binary is not in PATH", async () => { process.env.PATH = "/nonexistent"; mockExistsSync.mockReturnValue(false); - const { extractGeminiCliCredentials, clearCredentialsCache } = await import("./oauth.js"); + const { extractGeminiCliCredentials, clearCredentialsCache } = await loadCredentialsModule(); clearCredentialsCache(); expect(extractGeminiCliCredentials()).toBeNull(); }); @@ -175,7 +180,7 @@ describe("extractGeminiCliCredentials", () => { it("extracts credentials from oauth2.js in known path", async () => { installGeminiLayout({ oauth2Exists: true, oauth2Content: FAKE_OAUTH2_CONTENT }); - const { extractGeminiCliCredentials, clearCredentialsCache } = await import("./oauth.js"); + const { extractGeminiCliCredentials, clearCredentialsCache } = await loadCredentialsModule(); clearCredentialsCache(); const result = extractGeminiCliCredentials(); @@ -185,7 +190,7 @@ describe("extractGeminiCliCredentials", () => { it("extracts credentials when PATH entry is an npm global shim", async () => { installNpmShimLayout({ oauth2Exists: true, oauth2Content: FAKE_OAUTH2_CONTENT }); - const { extractGeminiCliCredentials, clearCredentialsCache } = await import("./oauth.js"); + const { extractGeminiCliCredentials, clearCredentialsCache } = await loadCredentialsModule(); clearCredentialsCache(); const result = extractGeminiCliCredentials(); @@ -195,7 +200,7 @@ describe("extractGeminiCliCredentials", () => { it("returns null when oauth2.js cannot be found", async () => { installGeminiLayout({ oauth2Exists: false, readdir: [] }); - const { extractGeminiCliCredentials, clearCredentialsCache } = await import("./oauth.js"); + const { extractGeminiCliCredentials, clearCredentialsCache } = await loadCredentialsModule(); clearCredentialsCache(); expect(extractGeminiCliCredentials()).toBeNull(); }); @@ -203,7 +208,7 @@ describe("extractGeminiCliCredentials", () => { it("returns null when oauth2.js lacks credentials", async () => { installGeminiLayout({ oauth2Exists: true, oauth2Content: "// no credentials here" }); - const { extractGeminiCliCredentials, clearCredentialsCache } = await import("./oauth.js"); + const { extractGeminiCliCredentials, clearCredentialsCache } = await loadCredentialsModule(); clearCredentialsCache(); expect(extractGeminiCliCredentials()).toBeNull(); }); @@ -211,7 +216,7 @@ describe("extractGeminiCliCredentials", () => { it("caches credentials after first extraction", async () => { installGeminiLayout({ oauth2Exists: true, oauth2Content: FAKE_OAUTH2_CONTENT }); - const { extractGeminiCliCredentials, clearCredentialsCache } = await import("./oauth.js"); + const { extractGeminiCliCredentials, clearCredentialsCache } = await loadCredentialsModule(); clearCredentialsCache(); // First call diff --git a/extensions/google/provider-models.ts b/extensions/google/provider-models.ts index 0a086780b1a..93e6c40619c 100644 --- a/extensions/google/provider-models.ts +++ b/extensions/google/provider-models.ts @@ -1,39 +1,14 @@ -import { normalizeModelCompat } from "../../src/agents/model-compat.js"; import type { ProviderResolveDynamicModelContext, ProviderRuntimeModel, -} from "../../src/plugins/types.js"; +} from "openclaw/plugin-sdk/core"; +import { cloneFirstTemplateModel } from "openclaw/plugin-sdk/provider-models"; const GEMINI_3_1_PRO_PREFIX = "gemini-3.1-pro"; const GEMINI_3_1_FLASH_PREFIX = "gemini-3.1-flash"; const GEMINI_3_1_PRO_TEMPLATE_IDS = ["gemini-3-pro-preview"] as const; const GEMINI_3_1_FLASH_TEMPLATE_IDS = ["gemini-3-flash-preview"] as const; -function cloneFirstTemplateModel(params: { - providerId: string; - modelId: string; - templateIds: readonly string[]; - ctx: ProviderResolveDynamicModelContext; -}): ProviderRuntimeModel | undefined { - const trimmedModelId = params.modelId.trim(); - for (const templateId of [...new Set(params.templateIds)].filter(Boolean)) { - const template = params.ctx.modelRegistry.find( - params.providerId, - templateId, - ) as ProviderRuntimeModel | null; - if (!template) { - continue; - } - return normalizeModelCompat({ - ...template, - id: trimmedModelId, - name: trimmedModelId, - reasoning: true, - } as ProviderRuntimeModel); - } - return undefined; -} - export function resolveGoogle31ForwardCompatModel(params: { providerId: string; ctx: ProviderResolveDynamicModelContext; @@ -55,6 +30,7 @@ export function resolveGoogle31ForwardCompatModel(params: { modelId: trimmed, templateIds, ctx: params.ctx, + patch: { reasoning: true }, }); } diff --git a/extensions/googlechat/api.ts b/extensions/googlechat/api.ts new file mode 100644 index 00000000000..8f7fe4d268b --- /dev/null +++ b/extensions/googlechat/api.ts @@ -0,0 +1,2 @@ +export * from "./src/setup-core.js"; +export * from "./src/setup-surface.js"; diff --git a/extensions/googlechat/index.ts b/extensions/googlechat/index.ts index 892694f93b4..850bd4b6a87 100644 --- a/extensions/googlechat/index.ts +++ b/extensions/googlechat/index.ts @@ -1,17 +1,14 @@ -import type { OpenClawPluginApi } from "openclaw/plugin-sdk/googlechat"; -import { emptyPluginConfigSchema } from "openclaw/plugin-sdk/googlechat"; +import { defineChannelPluginEntry } from "openclaw/plugin-sdk/core"; import { googlechatPlugin } from "./src/channel.js"; import { setGoogleChatRuntime } from "./src/runtime.js"; -const plugin = { +export { googlechatPlugin } from "./src/channel.js"; +export { setGoogleChatRuntime } from "./src/runtime.js"; + +export default defineChannelPluginEntry({ id: "googlechat", name: "Google Chat", description: "OpenClaw Google Chat channel plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { - setGoogleChatRuntime(api.runtime); - api.registerChannel(googlechatPlugin); - }, -}; - -export default plugin; + plugin: googlechatPlugin, + setRuntime: setGoogleChatRuntime, +}); diff --git a/extensions/googlechat/setup-entry.ts b/extensions/googlechat/setup-entry.ts index be33127799f..44fd1f11fb3 100644 --- a/extensions/googlechat/setup-entry.ts +++ b/extensions/googlechat/setup-entry.ts @@ -1,5 +1,4 @@ +import { defineSetupPluginEntry } from "openclaw/plugin-sdk/core"; import { googlechatPlugin } from "./src/channel.js"; -export default { - plugin: googlechatPlugin, -}; +export default defineSetupPluginEntry(googlechatPlugin); diff --git a/extensions/googlechat/src/channel.outbound.test.ts b/extensions/googlechat/src/channel.outbound.test.ts index c9180dd8158..b936a5e3139 100644 --- a/extensions/googlechat/src/channel.outbound.test.ts +++ b/extensions/googlechat/src/channel.outbound.test.ts @@ -4,10 +4,14 @@ import { describe, expect, it, vi } from "vitest"; const uploadGoogleChatAttachmentMock = vi.hoisted(() => vi.fn()); const sendGoogleChatMessageMock = vi.hoisted(() => vi.fn()); -vi.mock("./api.js", () => ({ - sendGoogleChatMessage: sendGoogleChatMessageMock, - uploadGoogleChatAttachment: uploadGoogleChatAttachmentMock, -})); +vi.mock("./api.js", async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + sendGoogleChatMessage: sendGoogleChatMessageMock, + uploadGoogleChatAttachment: uploadGoogleChatAttachmentMock, + }; +}); import { googlechatPlugin } from "./channel.js"; import { setGoogleChatRuntime } from "./runtime.js"; diff --git a/extensions/googlechat/src/channel.runtime.ts b/extensions/googlechat/src/channel.runtime.ts index fdf060f9fd4..81f000f95e7 100644 --- a/extensions/googlechat/src/channel.runtime.ts +++ b/extensions/googlechat/src/channel.runtime.ts @@ -1,2 +1,17 @@ -export { probeGoogleChat, sendGoogleChatMessage, uploadGoogleChatAttachment } from "./api.js"; -export { resolveGoogleChatWebhookPath, startGoogleChatMonitor } from "./monitor.js"; +import { + probeGoogleChat as probeGoogleChatImpl, + sendGoogleChatMessage as sendGoogleChatMessageImpl, + uploadGoogleChatAttachment as uploadGoogleChatAttachmentImpl, +} from "./api.js"; +import { + resolveGoogleChatWebhookPath as resolveGoogleChatWebhookPathImpl, + startGoogleChatMonitor as startGoogleChatMonitorImpl, +} from "./monitor.js"; + +export const googleChatChannelRuntime = { + probeGoogleChat: probeGoogleChatImpl, + sendGoogleChatMessage: sendGoogleChatMessageImpl, + uploadGoogleChatAttachment: uploadGoogleChatAttachmentImpl, + resolveGoogleChatWebhookPath: resolveGoogleChatWebhookPathImpl, + startGoogleChatMonitor: startGoogleChatMonitorImpl, +}; diff --git a/extensions/googlechat/src/channel.startup.test.ts b/extensions/googlechat/src/channel.startup.test.ts index 11c46aa663a..e65aa444314 100644 --- a/extensions/googlechat/src/channel.startup.test.ts +++ b/extensions/googlechat/src/channel.startup.test.ts @@ -4,7 +4,7 @@ import { abortStartedAccount, expectPendingUntilAbort, startAccountAndTrackLifecycle, -} from "../../test-utils/start-account-lifecycle.js"; +} from "../../../test/helpers/extensions/start-account-lifecycle.js"; import type { ResolvedGoogleChatAccount } from "./accounts.js"; const hoisted = vi.hoisted(() => ({ diff --git a/extensions/googlechat/src/channel.ts b/extensions/googlechat/src/channel.ts index bd06b33f8df..95aeccfbac2 100644 --- a/extensions/googlechat/src/channel.ts +++ b/extensions/googlechat/src/channel.ts @@ -1,11 +1,13 @@ -import { createScopedChannelConfigBase } from "openclaw/plugin-sdk/compat"; +import { formatNormalizedAllowFromEntries } from "openclaw/plugin-sdk/allow-from"; +import { + createScopedAccountConfigAccessors, + createScopedChannelConfigBase, + createScopedDmSecurityResolver, +} from "openclaw/plugin-sdk/channel-config-helpers"; import { buildOpenGroupPolicyConfigureRouteAllowlistWarning, collectAllowlistProviderGroupPolicyWarnings, - createScopedAccountConfigAccessors, - createScopedDmSecurityResolver, - formatNormalizedAllowFromEntries, -} from "openclaw/plugin-sdk/compat"; +} from "openclaw/plugin-sdk/channel-policy"; import { buildComputedAccountStatusSnapshot, buildChannelConfigSchema, @@ -25,6 +27,7 @@ import { type OpenClawConfig, } from "openclaw/plugin-sdk/googlechat"; import { GoogleChatConfigSchema } from "openclaw/plugin-sdk/googlechat"; +import { createLazyRuntimeNamedExport } from "openclaw/plugin-sdk/lazy-runtime"; import { buildPassiveProbedChannelStatusSummary } from "../../shared/channel-status-summary.js"; import { listGoogleChatAccountIds, @@ -45,9 +48,10 @@ import { const meta = getChatChannelMeta("googlechat"); -async function loadGoogleChatChannelRuntime() { - return await import("./channel.runtime.js"); -} +const loadGoogleChatChannelRuntime = createLazyRuntimeNamedExport( + () => import("./channel.runtime.js"), + "googleChatChannelRuntime", +); const formatAllowFromEntry = (entry: string) => entry diff --git a/extensions/googlechat/src/monitor.webhook-routing.test.ts b/extensions/googlechat/src/monitor.webhook-routing.test.ts index 9896efce645..f5e7c69ef8a 100644 --- a/extensions/googlechat/src/monitor.webhook-routing.test.ts +++ b/extensions/googlechat/src/monitor.webhook-routing.test.ts @@ -4,7 +4,7 @@ import type { OpenClawConfig, PluginRuntime } from "openclaw/plugin-sdk/googlech import { afterEach, describe, expect, it, vi } from "vitest"; import { createEmptyPluginRegistry } from "../../../src/plugins/registry.js"; import { setActivePluginRegistry } from "../../../src/plugins/runtime.js"; -import { createMockServerResponse } from "../../../src/test-utils/mock-http-response.js"; +import { createMockServerResponse } from "../../../test/helpers/extensions/mock-http-response.js"; import type { ResolvedGoogleChatAccount } from "./accounts.js"; import { verifyGoogleChatRequest } from "./auth.js"; import { handleGoogleChatWebhookRequest, registerGoogleChatWebhookTarget } from "./monitor.js"; diff --git a/extensions/googlechat/src/runtime.ts b/extensions/googlechat/src/runtime.ts index 44731cba8ea..333a8911cbb 100644 --- a/extensions/googlechat/src/runtime.ts +++ b/extensions/googlechat/src/runtime.ts @@ -1,5 +1,5 @@ -import { createPluginRuntimeStore } from "openclaw/plugin-sdk/compat"; import type { PluginRuntime } from "openclaw/plugin-sdk/googlechat"; +import { createPluginRuntimeStore } from "openclaw/plugin-sdk/runtime-store"; const { setRuntime: setGoogleChatRuntime, getRuntime: getGoogleChatRuntime } = createPluginRuntimeStore("Google Chat runtime not initialized"); diff --git a/extensions/googlechat/src/setup-core.ts b/extensions/googlechat/src/setup-core.ts index d4d2de49e06..5643ec4c291 100644 --- a/extensions/googlechat/src/setup-core.ts +++ b/extensions/googlechat/src/setup-core.ts @@ -1,22 +1,9 @@ -import { - applyAccountNameToChannelSection, - applySetupAccountConfigPatch, - migrateBaseNameToDefaultAccount, -} from "../../../src/channels/plugins/setup-helpers.js"; -import type { ChannelSetupAdapter } from "../../../src/channels/plugins/types.adapters.js"; -import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js"; +import { createPatchedAccountSetupAdapter, DEFAULT_ACCOUNT_ID } from "openclaw/plugin-sdk/setup"; const channel = "googlechat" as const; -export const googlechatSetupAdapter: ChannelSetupAdapter = { - resolveAccountId: ({ accountId }) => normalizeAccountId(accountId), - applyAccountName: ({ cfg, accountId, name }) => - applyAccountNameToChannelSection({ - cfg, - channelKey: channel, - accountId, - name, - }), +export const googlechatSetupAdapter = createPatchedAccountSetupAdapter({ + channelKey: channel, validateInput: ({ accountId, input }) => { if (input.useEnv && accountId !== DEFAULT_ACCOUNT_ID) { return "GOOGLE_CHAT_SERVICE_ACCOUNT env vars can only be used for the default account."; @@ -26,20 +13,7 @@ export const googlechatSetupAdapter: ChannelSetupAdapter = { } return null; }, - applyAccountConfig: ({ cfg, accountId, input }) => { - const namedConfig = applyAccountNameToChannelSection({ - cfg, - channelKey: channel, - accountId, - name: input.name, - }); - const next = - accountId !== DEFAULT_ACCOUNT_ID - ? migrateBaseNameToDefaultAccount({ - cfg: namedConfig, - channelKey: channel, - }) - : namedConfig; + buildPatch: (input) => { const patch = input.useEnv ? {} : input.tokenFile @@ -51,17 +25,12 @@ export const googlechatSetupAdapter: ChannelSetupAdapter = { const audience = input.audience?.trim(); const webhookPath = input.webhookPath?.trim(); const webhookUrl = input.webhookUrl?.trim(); - return applySetupAccountConfigPatch({ - cfg: next, - channelKey: channel, - accountId, - patch: { - ...patch, - ...(audienceType ? { audienceType } : {}), - ...(audience ? { audience } : {}), - ...(webhookPath ? { webhookPath } : {}), - ...(webhookUrl ? { webhookUrl } : {}), - }, - }); + return { + ...patch, + ...(audienceType ? { audienceType } : {}), + ...(audience ? { audience } : {}), + ...(webhookPath ? { webhookPath } : {}), + ...(webhookUrl ? { webhookUrl } : {}), + }; }, -}; +}); diff --git a/extensions/googlechat/src/setup-surface.test.ts b/extensions/googlechat/src/setup-surface.test.ts index e8855648c99..15d77a46605 100644 --- a/extensions/googlechat/src/setup-surface.test.ts +++ b/extensions/googlechat/src/setup-surface.test.ts @@ -1,31 +1,13 @@ -import type { OpenClawConfig, WizardPrompter } from "openclaw/plugin-sdk/googlechat"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/googlechat"; import { describe, expect, it, vi } from "vitest"; import { buildChannelSetupWizardAdapterFromSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import { createRuntimeEnv } from "../../test-utils/runtime-env.js"; +import { createRuntimeEnv } from "../../../test/helpers/extensions/runtime-env.js"; +import { + createTestWizardPrompter, + type WizardPrompter, +} from "../../../test/helpers/extensions/setup-wizard.js"; import { googlechatPlugin } from "./channel.js"; -const selectFirstOption = async (params: { options: Array<{ value: T }> }): Promise => { - const first = params.options[0]; - if (!first) { - throw new Error("no options"); - } - return first.value; -}; - -function createPrompter(overrides: Partial): WizardPrompter { - return { - intro: vi.fn(async () => {}), - outro: vi.fn(async () => {}), - note: vi.fn(async () => {}), - select: selectFirstOption as WizardPrompter["select"], - multiselect: vi.fn(async () => []), - text: vi.fn(async () => "") as WizardPrompter["text"], - confirm: vi.fn(async () => false), - progress: vi.fn(() => ({ update: vi.fn(), stop: vi.fn() })), - ...overrides, - }; -} - const googlechatConfigureAdapter = buildChannelSetupWizardAdapterFromSetupWizard({ plugin: googlechatPlugin, wizard: googlechatPlugin.setupWizard!, @@ -33,7 +15,7 @@ const googlechatConfigureAdapter = buildChannelSetupWizardAdapterFromSetupWizard describe("googlechat setup wizard", () => { it("configures service-account auth and webhook audience", async () => { - const prompter = createPrompter({ + const prompter = createTestWizardPrompter({ text: vi.fn(async ({ message }: { message: string }) => { if (message === "Service account JSON path") { return "/tmp/googlechat-service-account.json"; diff --git a/extensions/googlechat/src/setup-surface.ts b/extensions/googlechat/src/setup-surface.ts index 5561989543f..0af6e3d4f54 100644 --- a/extensions/googlechat/src/setup-surface.ts +++ b/extensions/googlechat/src/setup-surface.ts @@ -1,19 +1,17 @@ -import { - applySetupAccountConfigPatch, - migrateBaseNameToDefaultAccount, -} from "../../../src/channels/plugins/setup-helpers.js"; import { addWildcardAllowFrom, + applySetupAccountConfigPatch, + DEFAULT_ACCOUNT_ID, + formatDocsLink, mergeAllowFromEntries, + migrateBaseNameToDefaultAccount, setTopLevelChannelDmPolicyWithAllowFrom, splitSetupEntries, -} from "../../../src/channels/plugins/setup-wizard-helpers.js"; -import type { ChannelSetupDmPolicy } from "../../../src/channels/plugins/setup-wizard-types.js"; -import type { ChannelSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import type { DmPolicy } from "../../../src/config/types.js"; -import { DEFAULT_ACCOUNT_ID } from "../../../src/routing/session-key.js"; -import { formatDocsLink } from "../../../src/terminal/links.js"; + type ChannelSetupDmPolicy, + type ChannelSetupWizard, + type DmPolicy, + type OpenClawConfig, +} from "openclaw/plugin-sdk/setup"; import { listGoogleChatAccountIds, resolveDefaultGoogleChatAccountId, diff --git a/extensions/huggingface/index.ts b/extensions/huggingface/index.ts index c1cea578349..6f50743f43c 100644 --- a/extensions/huggingface/index.ts +++ b/extensions/huggingface/index.ts @@ -1,19 +1,15 @@ -import { emptyPluginConfigSchema, type OpenClawPluginApi } from "openclaw/plugin-sdk/core"; -import { buildHuggingfaceProvider } from "../../src/agents/models-config.providers.discovery.js"; -import { - applyHuggingfaceConfig, - HUGGINGFACE_DEFAULT_MODEL_REF, -} from "../../src/commands/onboard-auth.js"; -import { createProviderApiKeyAuthMethod } from "../../src/plugins/provider-api-key-auth.js"; +import { definePluginEntry } from "openclaw/plugin-sdk/core"; +import { createProviderApiKeyAuthMethod } from "openclaw/plugin-sdk/provider-auth"; +import { applyHuggingfaceConfig, HUGGINGFACE_DEFAULT_MODEL_REF } from "./onboard.js"; +import { buildHuggingfaceProvider } from "./provider-catalog.js"; const PROVIDER_ID = "huggingface"; -const huggingfacePlugin = { +export default definePluginEntry({ id: PROVIDER_ID, name: "Hugging Face Provider", description: "Bundled Hugging Face provider plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerProvider({ id: PROVIDER_ID, label: "Hugging Face", @@ -59,6 +55,4 @@ const huggingfacePlugin = { }, }); }, -}; - -export default huggingfacePlugin; +}); diff --git a/extensions/huggingface/onboard.ts b/extensions/huggingface/onboard.ts new file mode 100644 index 00000000000..40df946abe3 --- /dev/null +++ b/extensions/huggingface/onboard.ts @@ -0,0 +1,35 @@ +import { + buildHuggingfaceModelDefinition, + HUGGINGFACE_BASE_URL, + HUGGINGFACE_MODEL_CATALOG, +} from "openclaw/plugin-sdk/provider-models"; +import { + applyAgentDefaultModelPrimary, + applyProviderConfigWithModelCatalog, + type OpenClawConfig, +} from "openclaw/plugin-sdk/provider-onboard"; + +export const HUGGINGFACE_DEFAULT_MODEL_REF = "huggingface/deepseek-ai/DeepSeek-R1"; + +export function applyHuggingfaceProviderConfig(cfg: OpenClawConfig): OpenClawConfig { + const models = { ...cfg.agents?.defaults?.models }; + models[HUGGINGFACE_DEFAULT_MODEL_REF] = { + ...models[HUGGINGFACE_DEFAULT_MODEL_REF], + alias: models[HUGGINGFACE_DEFAULT_MODEL_REF]?.alias ?? "Hugging Face", + }; + + return applyProviderConfigWithModelCatalog(cfg, { + agentModels: models, + providerId: "huggingface", + api: "openai-completions", + baseUrl: HUGGINGFACE_BASE_URL, + catalogModels: HUGGINGFACE_MODEL_CATALOG.map(buildHuggingfaceModelDefinition), + }); +} + +export function applyHuggingfaceConfig(cfg: OpenClawConfig): OpenClawConfig { + return applyAgentDefaultModelPrimary( + applyHuggingfaceProviderConfig(cfg), + HUGGINGFACE_DEFAULT_MODEL_REF, + ); +} diff --git a/extensions/huggingface/provider-catalog.ts b/extensions/huggingface/provider-catalog.ts new file mode 100644 index 00000000000..502a94f2a9e --- /dev/null +++ b/extensions/huggingface/provider-catalog.ts @@ -0,0 +1,22 @@ +import { + buildHuggingfaceModelDefinition, + discoverHuggingfaceModels, + type ModelProviderConfig, + HUGGINGFACE_BASE_URL, + HUGGINGFACE_MODEL_CATALOG, +} from "openclaw/plugin-sdk/provider-models"; + +export async function buildHuggingfaceProvider( + discoveryApiKey?: string, +): Promise { + const resolvedSecret = discoveryApiKey?.trim() ?? ""; + const models = + resolvedSecret !== "" + ? await discoverHuggingfaceModels(resolvedSecret) + : HUGGINGFACE_MODEL_CATALOG.map(buildHuggingfaceModelDefinition); + return { + baseUrl: HUGGINGFACE_BASE_URL, + api: "openai-completions", + models, + }; +} diff --git a/extensions/imessage/api.ts b/extensions/imessage/api.ts new file mode 100644 index 00000000000..a311d13fec5 --- /dev/null +++ b/extensions/imessage/api.ts @@ -0,0 +1,3 @@ +export * from "./src/accounts.js"; +export * from "./src/target-parsing-helpers.js"; +export * from "./src/targets.js"; diff --git a/extensions/imessage/index.ts b/extensions/imessage/index.ts index e87d421cf2e..6ed01ad9da4 100644 --- a/extensions/imessage/index.ts +++ b/extensions/imessage/index.ts @@ -1,17 +1,14 @@ -import type { OpenClawPluginApi } from "openclaw/plugin-sdk/core"; -import { emptyPluginConfigSchema } from "openclaw/plugin-sdk/core"; +import { defineChannelPluginEntry } from "openclaw/plugin-sdk/core"; import { imessagePlugin } from "./src/channel.js"; import { setIMessageRuntime } from "./src/runtime.js"; -const plugin = { +export { imessagePlugin } from "./src/channel.js"; +export { setIMessageRuntime } from "./src/runtime.js"; + +export default defineChannelPluginEntry({ id: "imessage", name: "iMessage", description: "iMessage channel plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { - setIMessageRuntime(api.runtime); - api.registerChannel({ plugin: imessagePlugin }); - }, -}; - -export default plugin; + plugin: imessagePlugin, + setRuntime: setIMessageRuntime, +}); diff --git a/extensions/imessage/runtime-api.ts b/extensions/imessage/runtime-api.ts new file mode 100644 index 00000000000..4f4acfa3328 --- /dev/null +++ b/extensions/imessage/runtime-api.ts @@ -0,0 +1,3 @@ +export * from "./src/monitor.js"; +export * from "./src/probe.js"; +export * from "./src/send.js"; diff --git a/extensions/imessage/setup-entry.ts b/extensions/imessage/setup-entry.ts index 6b4c642d0ae..7c4c55967a8 100644 --- a/extensions/imessage/setup-entry.ts +++ b/extensions/imessage/setup-entry.ts @@ -1,3 +1,6 @@ +import { defineSetupPluginEntry } from "openclaw/plugin-sdk/core"; import { imessageSetupPlugin } from "./src/channel.setup.js"; -export default { plugin: imessageSetupPlugin }; +export { imessageSetupPlugin } from "./src/channel.setup.js"; + +export default defineSetupPluginEntry(imessageSetupPlugin); diff --git a/extensions/imessage/src/accounts.ts b/extensions/imessage/src/accounts.ts index 1a6ca8bceb9..5ee90339aa8 100644 --- a/extensions/imessage/src/accounts.ts +++ b/extensions/imessage/src/accounts.ts @@ -1,7 +1,10 @@ -import { normalizeAccountId, type IMessageAccountConfig } from "openclaw/plugin-sdk/imessage"; -import { createAccountListHelpers } from "../../../src/channels/plugins/account-helpers.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { resolveAccountEntry } from "../../../src/routing/account-lookup.js"; +import { + createAccountListHelpers, + normalizeAccountId, + resolveAccountEntry, + type OpenClawConfig, +} from "openclaw/plugin-sdk/account-resolution"; +import type { IMessageAccountConfig } from "openclaw/plugin-sdk/imessage"; export type ResolvedIMessageAccount = { accountId: string; diff --git a/extensions/imessage/src/channel.runtime.ts b/extensions/imessage/src/channel.runtime.ts index 81229e49ff9..99ce9f617a2 100644 --- a/extensions/imessage/src/channel.runtime.ts +++ b/extensions/imessage/src/channel.runtime.ts @@ -1 +1,82 @@ -export { imessageSetupWizard } from "./setup-surface.js"; +import { resolveOutboundSendDep } from "openclaw/plugin-sdk/channel-runtime"; +import { + PAIRING_APPROVED_MESSAGE, + resolveChannelMediaMaxBytes, +} from "openclaw/plugin-sdk/imessage"; +import type { ResolvedIMessageAccount } from "./accounts.js"; +import { monitorIMessageProvider } from "./monitor.js"; +import { probeIMessage } from "./probe.js"; +import { getIMessageRuntime } from "./runtime.js"; +import { imessageSetupWizard } from "./setup-surface.js"; + +type IMessageSendFn = ReturnType< + typeof getIMessageRuntime +>["channel"]["imessage"]["sendMessageIMessage"]; + +export async function sendIMessageOutbound(params: { + cfg: Parameters[0]["cfg"]; + to: string; + text: string; + mediaUrl?: string; + mediaLocalRoots?: readonly string[]; + accountId?: string; + deps?: { [channelId: string]: unknown }; + replyToId?: string; +}) { + const send = + resolveOutboundSendDep(params.deps, "imessage") ?? + getIMessageRuntime().channel.imessage.sendMessageIMessage; + const maxBytes = resolveChannelMediaMaxBytes({ + cfg: params.cfg, + resolveChannelLimitMb: ({ cfg, accountId }) => + cfg.channels?.imessage?.accounts?.[accountId]?.mediaMaxMb ?? + cfg.channels?.imessage?.mediaMaxMb, + accountId: params.accountId, + }); + return await send(params.to, params.text, { + config: params.cfg, + ...(params.mediaUrl ? { mediaUrl: params.mediaUrl } : {}), + ...(params.mediaLocalRoots?.length ? { mediaLocalRoots: params.mediaLocalRoots } : {}), + maxBytes, + accountId: params.accountId ?? undefined, + replyToId: params.replyToId ?? undefined, + }); +} + +export async function notifyIMessageApproval(id: string): Promise { + await getIMessageRuntime().channel.imessage.sendMessageIMessage(id, PAIRING_APPROVED_MESSAGE); +} + +export async function probeIMessageAccount(timeoutMs?: number) { + return await probeIMessage(timeoutMs); +} + +export async function startIMessageGatewayAccount( + ctx: Parameters< + NonNullable< + NonNullable< + import("openclaw/plugin-sdk/imessage").ChannelPlugin["gateway"] + >["startAccount"] + > + >[0], +) { + const account = ctx.account; + const cliPath = account.config.cliPath?.trim() || "imsg"; + const dbPath = account.config.dbPath?.trim(); + ctx.setStatus({ + accountId: account.accountId, + cliPath, + dbPath: dbPath ?? null, + }); + ctx.log?.info?.( + `[${account.accountId}] starting provider (${cliPath}${dbPath ? ` db=${dbPath}` : ""})`, + ); + return await monitorIMessageProvider({ + accountId: account.accountId, + config: ctx.cfg, + runtime: ctx.runtime, + abortSignal: ctx.abortSignal, + }); +} + +export { imessageSetupWizard }; diff --git a/extensions/imessage/src/channel.setup.ts b/extensions/imessage/src/channel.setup.ts index a4e58844b3b..a6f2f90d9f0 100644 --- a/extensions/imessage/src/channel.setup.ts +++ b/extensions/imessage/src/channel.setup.ts @@ -1,101 +1,16 @@ -import { - buildAccountScopedDmSecurityPolicy, - collectAllowlistProviderRestrictSendersWarnings, -} from "openclaw/plugin-sdk/compat"; import { buildChannelConfigSchema, - DEFAULT_ACCOUNT_ID, - deleteAccountFromConfigSection, - formatTrimmedAllowFromEntries, - getChatChannelMeta, IMessageConfigSchema, - resolveIMessageConfigAllowFrom, - resolveIMessageConfigDefaultTo, - setAccountEnabledInConfigSection, type ChannelPlugin, } from "openclaw/plugin-sdk/imessage"; -import { - listIMessageAccountIds, - resolveDefaultIMessageAccountId, - resolveIMessageAccount, - type ResolvedIMessageAccount, -} from "./accounts.js"; -import { createIMessageSetupWizardProxy, imessageSetupAdapter } from "./setup-core.js"; - -async function loadIMessageChannelRuntime() { - return await import("./channel.runtime.js"); -} - -const imessageSetupWizard = createIMessageSetupWizardProxy(async () => ({ - imessageSetupWizard: (await loadIMessageChannelRuntime()).imessageSetupWizard, -})); +import { type ResolvedIMessageAccount } from "./accounts.js"; +import { imessageSetupAdapter } from "./setup-core.js"; +import { createIMessagePluginBase, imessageSetupWizard } from "./shared.js"; export const imessageSetupPlugin: ChannelPlugin = { - id: "imessage", - meta: { - ...getChatChannelMeta("imessage"), - aliases: ["imsg"], - showConfigured: false, - }, - setupWizard: imessageSetupWizard, - capabilities: { - chatTypes: ["direct", "group"], - media: true, - }, - reload: { configPrefixes: ["channels.imessage"] }, - configSchema: buildChannelConfigSchema(IMessageConfigSchema), - config: { - listAccountIds: (cfg) => listIMessageAccountIds(cfg), - resolveAccount: (cfg, accountId) => resolveIMessageAccount({ cfg, accountId }), - defaultAccountId: (cfg) => resolveDefaultIMessageAccountId(cfg), - setAccountEnabled: ({ cfg, accountId, enabled }) => - setAccountEnabledInConfigSection({ - cfg, - sectionKey: "imessage", - accountId, - enabled, - allowTopLevel: true, - }), - deleteAccount: ({ cfg, accountId }) => - deleteAccountFromConfigSection({ - cfg, - sectionKey: "imessage", - accountId, - clearBaseFields: ["cliPath", "dbPath", "service", "region", "name"], - }), - isConfigured: (account) => account.configured, - describeAccount: (account) => ({ - accountId: account.accountId, - name: account.name, - enabled: account.enabled, - configured: account.configured, - }), - resolveAllowFrom: ({ cfg, accountId }) => resolveIMessageConfigAllowFrom({ cfg, accountId }), - formatAllowFrom: ({ allowFrom }) => formatTrimmedAllowFromEntries(allowFrom), - resolveDefaultTo: ({ cfg, accountId }) => resolveIMessageConfigDefaultTo({ cfg, accountId }), - }, - security: { - resolveDmPolicy: ({ cfg, accountId, account }) => - buildAccountScopedDmSecurityPolicy({ - cfg, - channelKey: "imessage", - accountId, - fallbackAccountId: account.accountId ?? DEFAULT_ACCOUNT_ID, - policy: account.config.dmPolicy, - allowFrom: account.config.allowFrom ?? [], - policyPathSuffix: "dmPolicy", - }), - collectWarnings: ({ account, cfg }) => - collectAllowlistProviderRestrictSendersWarnings({ - cfg, - providerConfigPresent: cfg.channels?.imessage !== undefined, - configuredGroupPolicy: account.config.groupPolicy, - surface: "iMessage groups", - openScope: "any member", - groupPolicyPath: "channels.imessage.groupPolicy", - groupAllowFromPath: "channels.imessage.groupAllowFrom", - mentionGated: false, - }), - }, - setup: imessageSetupAdapter, + ...createIMessagePluginBase({ + configSchema: buildChannelConfigSchema(IMessageConfigSchema), + setupWizard: imessageSetupWizard, + setup: imessageSetupAdapter, + }), }; diff --git a/extensions/imessage/src/channel.ts b/extensions/imessage/src/channel.ts index b0d94a1a437..fe20327e463 100644 --- a/extensions/imessage/src/channel.ts +++ b/extensions/imessage/src/channel.ts @@ -1,83 +1,32 @@ +import { buildAccountScopedAllowlistConfigEditor } from "openclaw/plugin-sdk/allowlist-config-edit"; import { - buildAccountScopedAllowlistConfigEditor, buildAccountScopedDmSecurityPolicy, collectAllowlistProviderRestrictSendersWarnings, -} from "openclaw/plugin-sdk/compat"; -import { buildAgentSessionKey, type RoutePeer } from "openclaw/plugin-sdk/core"; +} from "openclaw/plugin-sdk/channel-config-helpers"; +import { resolveOutboundSendDep } from "openclaw/plugin-sdk/channel-runtime"; +import { buildOutboundBaseSessionKey } from "openclaw/plugin-sdk/core"; import { buildChannelConfigSchema, collectStatusIssuesFromLastError, DEFAULT_ACCOUNT_ID, - deleteAccountFromConfigSection, formatTrimmedAllowFromEntries, - getChatChannelMeta, IMessageConfigSchema, looksLikeIMessageTargetId, normalizeIMessageMessagingTarget, - PAIRING_APPROVED_MESSAGE, - resolveChannelMediaMaxBytes, - resolveIMessageConfigAllowFrom, - resolveIMessageConfigDefaultTo, resolveIMessageGroupRequireMention, resolveIMessageGroupToolPolicy, - setAccountEnabledInConfigSection, type ChannelPlugin, } from "openclaw/plugin-sdk/imessage"; -import { resolveOutboundSendDep } from "../../../src/infra/outbound/send-deps.js"; +import { createLazyRuntimeModule } from "openclaw/plugin-sdk/lazy-runtime"; +import { type RoutePeer } from "openclaw/plugin-sdk/routing"; import { buildPassiveProbedChannelStatusSummary } from "../../shared/channel-status-summary.js"; -import { - listIMessageAccountIds, - resolveDefaultIMessageAccountId, - resolveIMessageAccount, - type ResolvedIMessageAccount, -} from "./accounts.js"; +import { resolveIMessageAccount, type ResolvedIMessageAccount } from "./accounts.js"; import { getIMessageRuntime } from "./runtime.js"; -import { createIMessageSetupWizardProxy, imessageSetupAdapter } from "./setup-core.js"; +import { imessageSetupAdapter } from "./setup-core.js"; +import { createIMessagePluginBase, imessageSetupWizard } from "./shared.js"; import { normalizeIMessageHandle, parseIMessageTarget } from "./targets.js"; -const meta = getChatChannelMeta("imessage"); - -async function loadIMessageChannelRuntime() { - return await import("./channel.runtime.js"); -} - -const imessageSetupWizard = createIMessageSetupWizardProxy(async () => ({ - imessageSetupWizard: (await loadIMessageChannelRuntime()).imessageSetupWizard, -})); - -type IMessageSendFn = ReturnType< - typeof getIMessageRuntime ->["channel"]["imessage"]["sendMessageIMessage"]; - -async function sendIMessageOutbound(params: { - cfg: Parameters[0]["cfg"]; - to: string; - text: string; - mediaUrl?: string; - mediaLocalRoots?: readonly string[]; - accountId?: string; - deps?: { [channelId: string]: unknown }; - replyToId?: string; -}) { - const send = - resolveOutboundSendDep(params.deps, "imessage") ?? - getIMessageRuntime().channel.imessage.sendMessageIMessage; - const maxBytes = resolveChannelMediaMaxBytes({ - cfg: params.cfg, - resolveChannelLimitMb: ({ cfg, accountId }) => - cfg.channels?.imessage?.accounts?.[accountId]?.mediaMaxMb ?? - cfg.channels?.imessage?.mediaMaxMb, - accountId: params.accountId, - }); - return await send(params.to, params.text, { - config: params.cfg, - ...(params.mediaUrl ? { mediaUrl: params.mediaUrl } : {}), - ...(params.mediaLocalRoots?.length ? { mediaLocalRoots: params.mediaLocalRoots } : {}), - maxBytes, - accountId: params.accountId ?? undefined, - replyToId: params.replyToId ?? undefined, - }); -} +const loadIMessageChannelRuntime = createLazyRuntimeModule(() => import("./channel.runtime.js")); function buildIMessageBaseSessionKey(params: { cfg: Parameters[0]["cfg"]; @@ -85,14 +34,7 @@ function buildIMessageBaseSessionKey(params: { accountId?: string | null; peer: RoutePeer; }) { - return buildAgentSessionKey({ - agentId: params.agentId, - channel: "imessage", - accountId: params.accountId, - peer: params.peer, - dmScope: params.cfg.session?.dmScope ?? "main", - identityLinks: params.cfg.session?.identityLinks, - }); + return buildOutboundBaseSessionKey({ ...params, channel: "imessage" }); } function resolveIMessageOutboundSessionRoute(params: { @@ -157,54 +99,15 @@ function resolveIMessageOutboundSessionRoute(params: { } export const imessagePlugin: ChannelPlugin = { - id: "imessage", - meta: { - ...meta, - aliases: ["imsg"], - showConfigured: false, - }, - setupWizard: imessageSetupWizard, + ...createIMessagePluginBase({ + configSchema: buildChannelConfigSchema(IMessageConfigSchema), + setupWizard: imessageSetupWizard, + setup: imessageSetupAdapter, + }), pairing: { idLabel: "imessageSenderId", - notifyApproval: async ({ id }) => { - await getIMessageRuntime().channel.imessage.sendMessageIMessage(id, PAIRING_APPROVED_MESSAGE); - }, - }, - capabilities: { - chatTypes: ["direct", "group"], - media: true, - }, - reload: { configPrefixes: ["channels.imessage"] }, - configSchema: buildChannelConfigSchema(IMessageConfigSchema), - config: { - listAccountIds: (cfg) => listIMessageAccountIds(cfg), - resolveAccount: (cfg, accountId) => resolveIMessageAccount({ cfg, accountId }), - defaultAccountId: (cfg) => resolveDefaultIMessageAccountId(cfg), - setAccountEnabled: ({ cfg, accountId, enabled }) => - setAccountEnabledInConfigSection({ - cfg, - sectionKey: "imessage", - accountId, - enabled, - allowTopLevel: true, - }), - deleteAccount: ({ cfg, accountId }) => - deleteAccountFromConfigSection({ - cfg, - sectionKey: "imessage", - accountId, - clearBaseFields: ["cliPath", "dbPath", "service", "region", "name"], - }), - isConfigured: (account) => account.configured, - describeAccount: (account) => ({ - accountId: account.accountId, - name: account.name, - enabled: account.enabled, - configured: account.configured, - }), - resolveAllowFrom: ({ cfg, accountId }) => resolveIMessageConfigAllowFrom({ cfg, accountId }), - formatAllowFrom: ({ allowFrom }) => formatTrimmedAllowFromEntries(allowFrom), - resolveDefaultTo: ({ cfg, accountId }) => resolveIMessageConfigDefaultTo({ cfg, accountId }), + notifyApproval: async ({ id }) => + await (await loadIMessageChannelRuntime()).notifyIMessageApproval(id), }, allowlist: { supportsScope: ({ scope }) => scope === "dm" || scope === "group" || scope === "all", @@ -263,14 +166,15 @@ export const imessagePlugin: ChannelPlugin = { hint: "", }, }, - setup: imessageSetupAdapter, outbound: { deliveryMode: "direct", chunker: (text, limit) => getIMessageRuntime().channel.text.chunkText(text, limit), chunkerMode: "text", textChunkLimit: 4000, sendText: async ({ cfg, to, text, accountId, deps, replyToId }) => { - const result = await sendIMessageOutbound({ + const result = await ( + await loadIMessageChannelRuntime() + ).sendIMessageOutbound({ cfg, to, text, @@ -281,7 +185,9 @@ export const imessagePlugin: ChannelPlugin = { return { channel: "imessage", ...result }; }, sendMedia: async ({ cfg, to, text, mediaUrl, mediaLocalRoots, accountId, deps, replyToId }) => { - const result = await sendIMessageOutbound({ + const result = await ( + await loadIMessageChannelRuntime() + ).sendIMessageOutbound({ cfg, to, text, @@ -311,7 +217,7 @@ export const imessagePlugin: ChannelPlugin = { dbPath: snapshot.dbPath ?? null, }), probeAccount: async ({ timeoutMs }) => - getIMessageRuntime().channel.imessage.probeIMessage(timeoutMs), + await (await loadIMessageChannelRuntime()).probeIMessageAccount(timeoutMs), buildAccountSnapshot: ({ account, runtime, probe }) => ({ accountId: account.accountId, name: account.name, @@ -330,24 +236,7 @@ export const imessagePlugin: ChannelPlugin = { resolveAccountState: ({ enabled }) => (enabled ? "enabled" : "disabled"), }, gateway: { - startAccount: async (ctx) => { - const account = ctx.account; - const cliPath = account.config.cliPath?.trim() || "imsg"; - const dbPath = account.config.dbPath?.trim(); - ctx.setStatus({ - accountId: account.accountId, - cliPath, - dbPath: dbPath ?? null, - }); - ctx.log?.info( - `[${account.accountId}] starting provider (${cliPath}${dbPath ? ` db=${dbPath}` : ""})`, - ); - return getIMessageRuntime().channel.imessage.monitorIMessageProvider({ - accountId: account.accountId, - config: ctx.cfg, - runtime: ctx.runtime, - abortSignal: ctx.abortSignal, - }); - }, + startAccount: async (ctx) => + await (await loadIMessageChannelRuntime()).startIMessageGatewayAccount(ctx), }, }; diff --git a/extensions/imessage/src/client.ts b/extensions/imessage/src/client.ts index efe9e5deb3b..4c9dea59c2c 100644 --- a/extensions/imessage/src/client.ts +++ b/extensions/imessage/src/client.ts @@ -1,7 +1,7 @@ import { type ChildProcessWithoutNullStreams, spawn } from "node:child_process"; import { createInterface, type Interface } from "node:readline"; -import type { RuntimeEnv } from "../../../src/runtime.js"; -import { resolveUserPath } from "../../../src/utils.js"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; +import { resolveUserPath } from "openclaw/plugin-sdk/text-runtime"; import { DEFAULT_IMESSAGE_PROBE_TIMEOUT_MS } from "./constants.js"; export type IMessageRpcError = { diff --git a/extensions/imessage/src/monitor/deliver.ts b/extensions/imessage/src/monitor/deliver.ts index e8db8c0cac9..65dc125be68 100644 --- a/extensions/imessage/src/monitor/deliver.ts +++ b/extensions/imessage/src/monitor/deliver.ts @@ -1,9 +1,9 @@ -import { chunkTextWithMode, resolveChunkMode } from "../../../../src/auto-reply/chunk.js"; -import type { ReplyPayload } from "../../../../src/auto-reply/types.js"; -import { loadConfig } from "../../../../src/config/config.js"; -import { resolveMarkdownTableMode } from "../../../../src/config/markdown-tables.js"; -import { convertMarkdownTables } from "../../../../src/markdown/tables.js"; -import type { RuntimeEnv } from "../../../../src/runtime.js"; +import { loadConfig } from "openclaw/plugin-sdk/config-runtime"; +import { resolveMarkdownTableMode } from "openclaw/plugin-sdk/config-runtime"; +import { chunkTextWithMode, resolveChunkMode } from "openclaw/plugin-sdk/reply-runtime"; +import type { ReplyPayload } from "openclaw/plugin-sdk/reply-runtime"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; +import { convertMarkdownTables } from "openclaw/plugin-sdk/text-runtime"; import type { createIMessageRpcClient } from "../client.js"; import { sendMessageIMessage } from "../send.js"; import type { SentMessageCache } from "./echo-cache.js"; diff --git a/extensions/imessage/src/monitor/inbound-processing.ts b/extensions/imessage/src/monitor/inbound-processing.ts index af900e21b40..531a8324dfd 100644 --- a/extensions/imessage/src/monitor/inbound-processing.ts +++ b/extensions/imessage/src/monitor/inbound-processing.ts @@ -1,34 +1,31 @@ -import { hasControlCommand } from "../../../../src/auto-reply/command-detection.js"; +import { resolveDualTextControlCommandGate } from "openclaw/plugin-sdk/channel-runtime"; +import { logInboundDrop } from "openclaw/plugin-sdk/channel-runtime"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { + resolveChannelGroupPolicy, + resolveChannelGroupRequireMention, +} from "openclaw/plugin-sdk/config-runtime"; +import { hasControlCommand } from "openclaw/plugin-sdk/reply-runtime"; import { formatInboundEnvelope, formatInboundFromLabel, resolveEnvelopeFormatOptions, type EnvelopeFormatOptions, -} from "../../../../src/auto-reply/envelope.js"; +} from "openclaw/plugin-sdk/reply-runtime"; import { buildPendingHistoryContextFromMap, recordPendingHistoryEntryIfEnabled, type HistoryEntry, -} from "../../../../src/auto-reply/reply/history.js"; -import { finalizeInboundContext } from "../../../../src/auto-reply/reply/inbound-context.js"; -import { - buildMentionRegexes, - matchesMentionPatterns, -} from "../../../../src/auto-reply/reply/mentions.js"; -import { resolveDualTextControlCommandGate } from "../../../../src/channels/command-gating.js"; -import { logInboundDrop } from "../../../../src/channels/logging.js"; -import type { OpenClawConfig } from "../../../../src/config/config.js"; -import { - resolveChannelGroupPolicy, - resolveChannelGroupRequireMention, -} from "../../../../src/config/group-policy.js"; -import { resolveAgentRoute } from "../../../../src/routing/resolve-route.js"; +} from "openclaw/plugin-sdk/reply-runtime"; +import { finalizeInboundContext } from "openclaw/plugin-sdk/reply-runtime"; +import { buildMentionRegexes, matchesMentionPatterns } from "openclaw/plugin-sdk/reply-runtime"; +import { resolveAgentRoute } from "openclaw/plugin-sdk/routing"; import { DM_GROUP_ACCESS_REASON, resolveDmGroupAccessWithLists, -} from "../../../../src/security/dm-policy-shared.js"; -import { sanitizeTerminalText } from "../../../../src/terminal/safe-text.js"; -import { truncateUtf16Safe } from "../../../../src/utils.js"; +} from "openclaw/plugin-sdk/security-runtime"; +import { sanitizeTerminalText } from "openclaw/plugin-sdk/text-runtime"; +import { truncateUtf16Safe } from "openclaw/plugin-sdk/text-runtime"; import { formatIMessageChatTarget, isAllowedIMessageSender, diff --git a/extensions/imessage/src/monitor/monitor-provider.ts b/extensions/imessage/src/monitor/monitor-provider.ts index e3c062cd814..dc15715d652 100644 --- a/extensions/imessage/src/monitor/monitor-provider.ts +++ b/extensions/imessage/src/monitor/monitor-provider.ts @@ -1,42 +1,42 @@ import fs from "node:fs/promises"; -import { resolveHumanDelayConfig } from "../../../../src/agents/identity.js"; -import { resolveTextChunkLimit } from "../../../../src/auto-reply/chunk.js"; -import { dispatchInboundMessage } from "../../../../src/auto-reply/dispatch.js"; -import { - clearHistoryEntriesIfEnabled, - DEFAULT_GROUP_HISTORY_LIMIT, - type HistoryEntry, -} from "../../../../src/auto-reply/reply/history.js"; -import { createReplyDispatcher } from "../../../../src/auto-reply/reply/reply-dispatcher.js"; +import { resolveHumanDelayConfig } from "openclaw/plugin-sdk/agent-runtime"; import { createChannelInboundDebouncer, shouldDebounceTextInbound, -} from "../../../../src/channels/inbound-debounce-policy.js"; -import { createReplyPrefixOptions } from "../../../../src/channels/reply-prefix.js"; -import { recordInboundSession } from "../../../../src/channels/session.js"; -import { loadConfig } from "../../../../src/config/config.js"; +} from "openclaw/plugin-sdk/channel-runtime"; +import { createReplyPrefixOptions } from "openclaw/plugin-sdk/channel-runtime"; +import { recordInboundSession } from "openclaw/plugin-sdk/channel-runtime"; +import { loadConfig } from "openclaw/plugin-sdk/config-runtime"; import { resolveOpenProviderRuntimeGroupPolicy, resolveDefaultGroupPolicy, warnMissingProviderGroupPolicyFallbackOnce, -} from "../../../../src/config/runtime-group-policy.js"; -import { readSessionUpdatedAt, resolveStorePath } from "../../../../src/config/sessions.js"; -import { danger, logVerbose, shouldLogVerbose, warn } from "../../../../src/globals.js"; -import { normalizeScpRemoteHost } from "../../../../src/infra/scp-host.js"; -import { waitForTransportReady } from "../../../../src/infra/transport-ready.js"; +} from "openclaw/plugin-sdk/config-runtime"; +import { readSessionUpdatedAt, resolveStorePath } from "openclaw/plugin-sdk/config-runtime"; +import { issuePairingChallenge } from "openclaw/plugin-sdk/conversation-runtime"; +import { + readChannelAllowFromStore, + upsertChannelPairingRequest, +} from "openclaw/plugin-sdk/conversation-runtime"; +import { normalizeScpRemoteHost } from "openclaw/plugin-sdk/infra-runtime"; +import { waitForTransportReady } from "openclaw/plugin-sdk/infra-runtime"; import { isInboundPathAllowed, resolveIMessageAttachmentRoots, resolveIMessageRemoteAttachmentRoots, -} from "../../../../src/media/inbound-path-policy.js"; -import { kindFromMime } from "../../../../src/media/mime.js"; -import { issuePairingChallenge } from "../../../../src/pairing/pairing-challenge.js"; +} from "openclaw/plugin-sdk/media-runtime"; +import { kindFromMime } from "openclaw/plugin-sdk/media-runtime"; +import { resolveTextChunkLimit } from "openclaw/plugin-sdk/reply-runtime"; +import { dispatchInboundMessage } from "openclaw/plugin-sdk/reply-runtime"; import { - readChannelAllowFromStore, - upsertChannelPairingRequest, -} from "../../../../src/pairing/pairing-store.js"; -import { resolvePinnedMainDmOwnerFromAllowlist } from "../../../../src/security/dm-policy-shared.js"; -import { truncateUtf16Safe } from "../../../../src/utils.js"; + clearHistoryEntriesIfEnabled, + DEFAULT_GROUP_HISTORY_LIMIT, + type HistoryEntry, +} from "openclaw/plugin-sdk/reply-runtime"; +import { createReplyDispatcher } from "openclaw/plugin-sdk/reply-runtime"; +import { danger, logVerbose, shouldLogVerbose, warn } from "openclaw/plugin-sdk/runtime-env"; +import { resolvePinnedMainDmOwnerFromAllowlist } from "openclaw/plugin-sdk/security-runtime"; +import { truncateUtf16Safe } from "openclaw/plugin-sdk/text-runtime"; import { resolveIMessageAccount } from "../accounts.js"; import { createIMessageRpcClient } from "../client.js"; import { DEFAULT_IMESSAGE_PROBE_TIMEOUT_MS } from "../constants.js"; diff --git a/extensions/imessage/src/monitor/reflection-guard.ts b/extensions/imessage/src/monitor/reflection-guard.ts index 0af95d957cc..9ed38d2a175 100644 --- a/extensions/imessage/src/monitor/reflection-guard.ts +++ b/extensions/imessage/src/monitor/reflection-guard.ts @@ -4,7 +4,7 @@ * bounced back as a new inbound message — creating an echo loop. */ -import { findCodeRegions, isInsideCode } from "../../../../src/shared/text/code-regions.js"; +import { findCodeRegions, isInsideCode } from "openclaw/plugin-sdk/text-runtime"; const INTERNAL_SEPARATOR_RE = /(?:#\+){2,}#?/; const ASSISTANT_ROLE_MARKER_RE = /\bassistant\s+to\s*=\s*\w+/i; diff --git a/extensions/imessage/src/monitor/runtime.ts b/extensions/imessage/src/monitor/runtime.ts index e4fe6ae4336..437224013d4 100644 --- a/extensions/imessage/src/monitor/runtime.ts +++ b/extensions/imessage/src/monitor/runtime.ts @@ -1,5 +1,5 @@ -import { createNonExitingRuntime, type RuntimeEnv } from "../../../../src/runtime.js"; -import { normalizeStringEntries } from "../../../../src/shared/string-normalization.js"; +import { createNonExitingRuntime, type RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; +import { normalizeStringEntries } from "openclaw/plugin-sdk/text-runtime"; import type { MonitorIMessageOpts } from "./types.js"; export function resolveRuntime(opts: MonitorIMessageOpts): RuntimeEnv { diff --git a/extensions/imessage/src/monitor/sanitize-outbound.ts b/extensions/imessage/src/monitor/sanitize-outbound.ts index 83eb75a8da2..533eb7f2176 100644 --- a/extensions/imessage/src/monitor/sanitize-outbound.ts +++ b/extensions/imessage/src/monitor/sanitize-outbound.ts @@ -1,4 +1,4 @@ -import { stripAssistantInternalScaffolding } from "../../../../src/shared/text/assistant-visible-text.js"; +import { stripAssistantInternalScaffolding } from "openclaw/plugin-sdk/text-runtime"; /** * Patterns that indicate assistant-internal metadata leaked into text. diff --git a/extensions/imessage/src/monitor/types.ts b/extensions/imessage/src/monitor/types.ts index 074c7c34c9f..a03ed5faea8 100644 --- a/extensions/imessage/src/monitor/types.ts +++ b/extensions/imessage/src/monitor/types.ts @@ -1,5 +1,5 @@ -import type { OpenClawConfig } from "../../../../src/config/config.js"; -import type { RuntimeEnv } from "../../../../src/runtime.js"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; export type IMessageAttachment = { original_path?: string | null; diff --git a/extensions/imessage/src/outbound-adapter.ts b/extensions/imessage/src/outbound-adapter.ts index ae5e7c2836a..cd961c30bfa 100644 --- a/extensions/imessage/src/outbound-adapter.ts +++ b/extensions/imessage/src/outbound-adapter.ts @@ -1,11 +1,8 @@ import { createScopedChannelMediaMaxBytesResolver, createDirectTextMediaOutbound, -} from "../../../src/channels/plugins/outbound/direct-text-media.js"; -import { - resolveOutboundSendDep, - type OutboundSendDeps, -} from "../../../src/infra/outbound/send-deps.js"; +} from "openclaw/plugin-sdk/channel-runtime"; +import { resolveOutboundSendDep, type OutboundSendDeps } from "openclaw/plugin-sdk/channel-runtime"; import { sendMessageIMessage } from "./send.js"; function resolveIMessageSender(deps: OutboundSendDeps | undefined) { diff --git a/extensions/imessage/src/plugin-shared.ts b/extensions/imessage/src/plugin-shared.ts new file mode 100644 index 00000000000..57e8bc5fc66 --- /dev/null +++ b/extensions/imessage/src/plugin-shared.ts @@ -0,0 +1 @@ +export { imessageSetupWizard } from "./shared.js"; diff --git a/extensions/imessage/src/probe.test.ts b/extensions/imessage/src/probe.test.ts index 5d676327c11..ef69337984b 100644 --- a/extensions/imessage/src/probe.test.ts +++ b/extensions/imessage/src/probe.test.ts @@ -1,36 +1,30 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; +import * as onboardHelpers from "../../../src/commands/onboard-helpers.js"; +import * as execModule from "../../../src/process/exec.js"; +import * as clientModule from "./client.js"; import { probeIMessage } from "./probe.js"; -const detectBinaryMock = vi.hoisted(() => vi.fn()); -const runCommandWithTimeoutMock = vi.hoisted(() => vi.fn()); -const createIMessageRpcClientMock = vi.hoisted(() => vi.fn()); - -vi.mock("../../../src/commands/onboard-helpers.js", () => ({ - detectBinary: (...args: unknown[]) => detectBinaryMock(...args), -})); - -vi.mock("../../../src/process/exec.js", () => ({ - runCommandWithTimeout: (...args: unknown[]) => runCommandWithTimeoutMock(...args), -})); - -vi.mock("./client.js", () => ({ - createIMessageRpcClient: (...args: unknown[]) => createIMessageRpcClientMock(...args), -})); - beforeEach(() => { - detectBinaryMock.mockClear().mockResolvedValue(true); - runCommandWithTimeoutMock.mockClear().mockResolvedValue({ + vi.restoreAllMocks(); + vi.spyOn(onboardHelpers, "detectBinary").mockResolvedValue(true); + vi.spyOn(execModule, "runCommandWithTimeout").mockResolvedValue({ stdout: "", stderr: 'unknown command "rpc" for "imsg"', code: 1, signal: null, killed: false, + termination: "exit", }); - createIMessageRpcClientMock.mockClear(); }); describe("probeIMessage", () => { it("marks unknown rpc subcommand as fatal", async () => { + const createIMessageRpcClientMock = vi + .spyOn(clientModule, "createIMessageRpcClient") + .mockResolvedValue({ + request: vi.fn(), + stop: vi.fn(), + } as unknown as Awaited>); const result = await probeIMessage(1000, { cliPath: "imsg" }); expect(result.ok).toBe(false); expect(result.fatal).toBe(true); diff --git a/extensions/imessage/src/probe.ts b/extensions/imessage/src/probe.ts index 1b6ab665d09..7ae049f02eb 100644 --- a/extensions/imessage/src/probe.ts +++ b/extensions/imessage/src/probe.ts @@ -1,8 +1,8 @@ -import type { BaseProbeResult } from "../../../src/channels/plugins/types.js"; -import { detectBinary } from "../../../src/commands/onboard-helpers.js"; -import { loadConfig } from "../../../src/config/config.js"; -import { runCommandWithTimeout } from "../../../src/process/exec.js"; -import type { RuntimeEnv } from "../../../src/runtime.js"; +import type { BaseProbeResult } from "openclaw/plugin-sdk/channel-runtime"; +import { loadConfig } from "openclaw/plugin-sdk/config-runtime"; +import { runCommandWithTimeout } from "openclaw/plugin-sdk/process-runtime"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; +import { detectBinary } from "openclaw/plugin-sdk/setup"; import { createIMessageRpcClient } from "./client.js"; import { DEFAULT_IMESSAGE_PROBE_TIMEOUT_MS } from "./constants.js"; diff --git a/extensions/imessage/src/runtime.ts b/extensions/imessage/src/runtime.ts index 08c9b6ccbbd..a7ed927b9ab 100644 --- a/extensions/imessage/src/runtime.ts +++ b/extensions/imessage/src/runtime.ts @@ -1,5 +1,5 @@ -import { createPluginRuntimeStore } from "openclaw/plugin-sdk/compat"; import type { PluginRuntime } from "openclaw/plugin-sdk/core"; +import { createPluginRuntimeStore } from "openclaw/plugin-sdk/runtime-store"; const { setRuntime: setIMessageRuntime, getRuntime: getIMessageRuntime } = createPluginRuntimeStore("iMessage runtime not initialized"); diff --git a/extensions/imessage/src/send.ts b/extensions/imessage/src/send.ts index 5bc02b6bb7f..70c996329e1 100644 --- a/extensions/imessage/src/send.ts +++ b/extensions/imessage/src/send.ts @@ -1,8 +1,8 @@ -import { loadConfig } from "../../../src/config/config.js"; -import { resolveMarkdownTableMode } from "../../../src/config/markdown-tables.js"; -import { convertMarkdownTables } from "../../../src/markdown/tables.js"; -import { kindFromMime } from "../../../src/media/mime.js"; -import { resolveOutboundAttachmentFromUrl } from "../../../src/media/outbound-attachment.js"; +import { loadConfig } from "openclaw/plugin-sdk/config-runtime"; +import { resolveMarkdownTableMode } from "openclaw/plugin-sdk/config-runtime"; +import { kindFromMime } from "openclaw/plugin-sdk/media-runtime"; +import { resolveOutboundAttachmentFromUrl } from "openclaw/plugin-sdk/media-runtime"; +import { convertMarkdownTables } from "openclaw/plugin-sdk/text-runtime"; import { resolveIMessageAccount, type ResolvedIMessageAccount } from "./accounts.js"; import { createIMessageRpcClient, type IMessageRpcClient } from "./client.js"; import { formatIMessageChatTarget, type IMessageService, parseIMessageTarget } from "./targets.js"; diff --git a/extensions/imessage/src/setup-core.ts b/extensions/imessage/src/setup-core.ts index 38f280852c0..6ea7382106a 100644 --- a/extensions/imessage/src/setup-core.ts +++ b/extensions/imessage/src/setup-core.ts @@ -1,20 +1,19 @@ import { - applyAccountNameToChannelSection, - migrateBaseNameToDefaultAccount, -} from "../../../src/channels/plugins/setup-helpers.js"; -import { + createPatchedAccountSetupAdapter, parseSetupEntriesAllowingWildcard, promptParsedAllowFromForScopedChannel, setChannelDmPolicyWithAllowFrom, setSetupChannelEnabled, -} from "../../../src/channels/plugins/setup-wizard-helpers.js"; -import type { ChannelSetupDmPolicy } from "../../../src/channels/plugins/setup-wizard-types.js"; -import { type ChannelSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import type { ChannelSetupAdapter } from "../../../src/channels/plugins/types.adapters.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js"; -import { formatDocsLink } from "../../../src/terminal/links.js"; -import type { WizardPrompter } from "../../../src/wizard/prompts.js"; + type OpenClawConfig, + type WizardPrompter, +} from "openclaw/plugin-sdk/setup"; +import type { + ChannelSetupAdapter, + ChannelSetupDmPolicy, + ChannelSetupWizard, + ChannelSetupWizardTextInput, +} from "openclaw/plugin-sdk/setup"; +import { formatDocsLink } from "openclaw/plugin-sdk/setup-tools"; import { listIMessageAccountIds, resolveDefaultIMessageAccountId, @@ -67,7 +66,7 @@ function buildIMessageSetupPatch(input: { }; } -async function promptIMessageAllowFrom(params: { +export async function promptIMessageAllowFrom(params: { cfg: OpenClawConfig; prompter: WizardPrompter; accountId?: string; @@ -97,101 +96,84 @@ async function promptIMessageAllowFrom(params: { }); } -export const imessageSetupAdapter: ChannelSetupAdapter = { - resolveAccountId: ({ accountId }) => normalizeAccountId(accountId), - applyAccountName: ({ cfg, accountId, name }) => - applyAccountNameToChannelSection({ +export const imessageDmPolicy: ChannelSetupDmPolicy = { + label: "iMessage", + channel, + policyKey: "channels.imessage.dmPolicy", + allowFromKey: "channels.imessage.allowFrom", + getCurrent: (cfg: OpenClawConfig) => cfg.channels?.imessage?.dmPolicy ?? "pairing", + setPolicy: (cfg: OpenClawConfig, policy) => + setChannelDmPolicyWithAllowFrom({ cfg, - channelKey: channel, - accountId, - name, + channel, + dmPolicy: policy, + }), + promptAllowFrom: promptIMessageAllowFrom, +}; + +function resolveIMessageCliPath(params: { cfg: OpenClawConfig; accountId: string }) { + return resolveIMessageAccount(params).config.cliPath ?? "imsg"; +} + +export function createIMessageCliPathTextInput( + shouldPrompt: NonNullable, +): ChannelSetupWizardTextInput { + return { + inputKey: "cliPath", + message: "imsg CLI path", + initialValue: ({ cfg, accountId }) => resolveIMessageCliPath({ cfg, accountId }), + currentValue: ({ cfg, accountId }) => resolveIMessageCliPath({ cfg, accountId }), + shouldPrompt, + confirmCurrentValue: false, + applyCurrentValue: true, + helpTitle: "iMessage", + helpLines: ["imsg CLI path required to enable iMessage."], + }; +} + +export const imessageCompletionNote = { + title: "iMessage next steps", + lines: [ + "This is still a work in progress.", + "Ensure OpenClaw has Full Disk Access to Messages DB.", + "Grant Automation permission for Messages when prompted.", + "List chats with: imsg chats --limit 20", + `Docs: ${formatDocsLink("/imessage", "imessage")}`, + ], +}; + +export const imessageSetupAdapter: ChannelSetupAdapter = createPatchedAccountSetupAdapter({ + channelKey: channel, + buildPatch: (input) => buildIMessageSetupPatch(input), +}); + +export const imessageSetupStatusBase = { + configuredLabel: "configured", + unconfiguredLabel: "needs setup", + configuredHint: "imsg found", + unconfiguredHint: "imsg missing", + configuredScore: 1, + unconfiguredScore: 0, + resolveConfigured: ({ cfg }: { cfg: OpenClawConfig }) => + listIMessageAccountIds(cfg).some((accountId) => { + const account = resolveIMessageAccount({ cfg, accountId }); + return Boolean( + account.config.cliPath || + account.config.dbPath || + account.config.allowFrom || + account.config.service || + account.config.region, + ); }), - applyAccountConfig: ({ cfg, accountId, input }) => { - const namedConfig = applyAccountNameToChannelSection({ - cfg, - channelKey: channel, - accountId, - name: input.name, - }); - const next = - accountId !== DEFAULT_ACCOUNT_ID - ? migrateBaseNameToDefaultAccount({ - cfg: namedConfig, - channelKey: channel, - }) - : namedConfig; - if (accountId === DEFAULT_ACCOUNT_ID) { - return { - ...next, - channels: { - ...next.channels, - imessage: { - ...next.channels?.imessage, - enabled: true, - ...buildIMessageSetupPatch(input), - }, - }, - }; - } - return { - ...next, - channels: { - ...next.channels, - imessage: { - ...next.channels?.imessage, - enabled: true, - accounts: { - ...next.channels?.imessage?.accounts, - [accountId]: { - ...next.channels?.imessage?.accounts?.[accountId], - enabled: true, - ...buildIMessageSetupPatch(input), - }, - }, - }, - }, - }; - }, }; export function createIMessageSetupWizardProxy( loadWizard: () => Promise<{ imessageSetupWizard: ChannelSetupWizard }>, ) { - const imessageDmPolicy: ChannelSetupDmPolicy = { - label: "iMessage", - channel, - policyKey: "channels.imessage.dmPolicy", - allowFromKey: "channels.imessage.allowFrom", - getCurrent: (cfg: OpenClawConfig) => cfg.channels?.imessage?.dmPolicy ?? "pairing", - setPolicy: (cfg: OpenClawConfig, policy) => - setChannelDmPolicyWithAllowFrom({ - cfg, - channel, - dmPolicy: policy, - }), - promptAllowFrom: promptIMessageAllowFrom, - }; - return { channel, status: { - configuredLabel: "configured", - unconfiguredLabel: "needs setup", - configuredHint: "imsg found", - unconfiguredHint: "imsg missing", - configuredScore: 1, - unconfiguredScore: 0, - resolveConfigured: ({ cfg }) => - listIMessageAccountIds(cfg).some((accountId) => { - const account = resolveIMessageAccount({ cfg, accountId }); - return Boolean( - account.config.cliPath || - account.config.dbPath || - account.config.allowFrom || - account.config.service || - account.config.region, - ); - }), + ...imessageSetupStatusBase, resolveStatusLines: async (params) => (await loadWizard()).imessageSetupWizard.status.resolveStatusLines?.(params) ?? [], resolveSelectionHint: async (params) => @@ -201,35 +183,14 @@ export function createIMessageSetupWizardProxy( }, credentials: [], textInputs: [ - { - inputKey: "cliPath", - message: "imsg CLI path", - initialValue: ({ cfg, accountId }) => - resolveIMessageAccount({ cfg, accountId }).config.cliPath ?? "imsg", - currentValue: ({ cfg, accountId }) => - resolveIMessageAccount({ cfg, accountId }).config.cliPath ?? "imsg", - shouldPrompt: async (params) => { - const input = (await loadWizard()).imessageSetupWizard.textInputs?.find( - (entry) => entry.inputKey === "cliPath", - ); - return (await input?.shouldPrompt?.(params)) ?? false; - }, - confirmCurrentValue: false, - applyCurrentValue: true, - helpTitle: "iMessage", - helpLines: ["imsg CLI path required to enable iMessage."], - }, + createIMessageCliPathTextInput(async (params) => { + const input = (await loadWizard()).imessageSetupWizard.textInputs?.find( + (entry) => entry.inputKey === "cliPath", + ); + return (await input?.shouldPrompt?.(params)) ?? false; + }), ], - completionNote: { - title: "iMessage next steps", - lines: [ - "This is still a work in progress.", - "Ensure OpenClaw has Full Disk Access to Messages DB.", - "Grant Automation permission for Messages when prompted.", - "List chats with: imsg chats --limit 20", - `Docs: ${formatDocsLink("/imessage", "imessage")}`, - ], - }, + completionNote: imessageCompletionNote, dmPolicy: imessageDmPolicy, disable: (cfg: OpenClawConfig) => setSetupChannelEnabled(cfg, channel, false), } satisfies ChannelSetupWizard; diff --git a/extensions/imessage/src/setup-surface.ts b/extensions/imessage/src/setup-surface.ts index 0d0de246d7b..ae6cdb2fcc1 100644 --- a/extensions/imessage/src/setup-surface.ts +++ b/extensions/imessage/src/setup-surface.ts @@ -1,90 +1,21 @@ +import { setSetupChannelEnabled, type ChannelSetupWizard } from "openclaw/plugin-sdk/setup"; +import { detectBinary } from "openclaw/plugin-sdk/setup-tools"; +import { listIMessageAccountIds, resolveIMessageAccount } from "./accounts.js"; import { - parseSetupEntriesAllowingWildcard, - promptParsedAllowFromForScopedChannel, - setChannelDmPolicyWithAllowFrom, - setSetupChannelEnabled, -} from "../../../src/channels/plugins/setup-wizard-helpers.js"; -import type { ChannelSetupDmPolicy } from "../../../src/channels/plugins/setup-wizard-types.js"; -import { type ChannelSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import { detectBinary } from "../../../src/commands/onboard-helpers.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { DEFAULT_ACCOUNT_ID } from "../../../src/routing/session-key.js"; -import { formatDocsLink } from "../../../src/terminal/links.js"; -import type { WizardPrompter } from "../../../src/wizard/prompts.js"; -import { - listIMessageAccountIds, - resolveDefaultIMessageAccountId, - resolveIMessageAccount, -} from "./accounts.js"; -import { imessageSetupAdapter, parseIMessageAllowFromEntries } from "./setup-core.js"; + createIMessageCliPathTextInput, + imessageCompletionNote, + imessageDmPolicy, + imessageSetupAdapter, + imessageSetupStatusBase, + parseIMessageAllowFromEntries, +} from "./setup-core.js"; const channel = "imessage" as const; -async function promptIMessageAllowFrom(params: { - cfg: OpenClawConfig; - prompter: WizardPrompter; - accountId?: string; -}): Promise { - return promptParsedAllowFromForScopedChannel({ - cfg: params.cfg, - channel, - accountId: params.accountId, - defaultAccountId: resolveDefaultIMessageAccountId(params.cfg), - prompter: params.prompter, - noteTitle: "iMessage allowlist", - noteLines: [ - "Allowlist iMessage DMs by handle or chat target.", - "Examples:", - "- +15555550123", - "- user@example.com", - "- chat_id:123", - "- chat_guid:... or chat_identifier:...", - "Multiple entries: comma-separated.", - `Docs: ${formatDocsLink("/imessage", "imessage")}`, - ], - message: "iMessage allowFrom (handle or chat_id)", - placeholder: "+15555550123, user@example.com, chat_id:123", - parseEntries: parseIMessageAllowFromEntries, - getExistingAllowFrom: ({ cfg, accountId }) => - resolveIMessageAccount({ cfg, accountId }).config.allowFrom ?? [], - }); -} - -const imessageDmPolicy: ChannelSetupDmPolicy = { - label: "iMessage", - channel, - policyKey: "channels.imessage.dmPolicy", - allowFromKey: "channels.imessage.allowFrom", - getCurrent: (cfg) => cfg.channels?.imessage?.dmPolicy ?? "pairing", - setPolicy: (cfg, policy) => - setChannelDmPolicyWithAllowFrom({ - cfg, - channel, - dmPolicy: policy, - }), - promptAllowFrom: promptIMessageAllowFrom, -}; - export const imessageSetupWizard: ChannelSetupWizard = { channel, status: { - configuredLabel: "configured", - unconfiguredLabel: "needs setup", - configuredHint: "imsg found", - unconfiguredHint: "imsg missing", - configuredScore: 1, - unconfiguredScore: 0, - resolveConfigured: ({ cfg }) => - listIMessageAccountIds(cfg).some((accountId) => { - const account = resolveIMessageAccount({ cfg, accountId }); - return Boolean( - account.config.cliPath || - account.config.dbPath || - account.config.allowFrom || - account.config.service || - account.config.region, - ); - }), + ...imessageSetupStatusBase, resolveStatusLines: async ({ cfg, configured }) => { const cliPath = cfg.channels?.imessage?.cliPath ?? "imsg"; const cliDetected = await detectBinary(cliPath); @@ -104,30 +35,11 @@ export const imessageSetupWizard: ChannelSetupWizard = { }, credentials: [], textInputs: [ - { - inputKey: "cliPath", - message: "imsg CLI path", - initialValue: ({ cfg, accountId }) => - resolveIMessageAccount({ cfg, accountId }).config.cliPath ?? "imsg", - currentValue: ({ cfg, accountId }) => - resolveIMessageAccount({ cfg, accountId }).config.cliPath ?? "imsg", - shouldPrompt: async ({ currentValue }) => !(await detectBinary(currentValue ?? "imsg")), - confirmCurrentValue: false, - applyCurrentValue: true, - helpTitle: "iMessage", - helpLines: ["imsg CLI path required to enable iMessage."], - }, + createIMessageCliPathTextInput(async ({ currentValue }) => { + return !(await detectBinary(currentValue ?? "imsg")); + }), ], - completionNote: { - title: "iMessage next steps", - lines: [ - "This is still a work in progress.", - "Ensure OpenClaw has Full Disk Access to Messages DB.", - "Grant Automation permission for Messages when prompted.", - "List chats with: imsg chats --limit 20", - `Docs: ${formatDocsLink("/imessage", "imessage")}`, - ], - }, + completionNote: imessageCompletionNote, dmPolicy: imessageDmPolicy, disable: (cfg) => setSetupChannelEnabled(cfg, channel, false), }; diff --git a/extensions/imessage/src/shared.ts b/extensions/imessage/src/shared.ts new file mode 100644 index 00000000000..301b1848f99 --- /dev/null +++ b/extensions/imessage/src/shared.ts @@ -0,0 +1,119 @@ +import { + buildAccountScopedDmSecurityPolicy, + collectAllowlistProviderRestrictSendersWarnings, +} from "openclaw/plugin-sdk/channel-policy"; +import { + buildChannelConfigSchema, + DEFAULT_ACCOUNT_ID, + deleteAccountFromConfigSection, + formatTrimmedAllowFromEntries, + getChatChannelMeta, + IMessageConfigSchema, + resolveIMessageConfigAllowFrom, + resolveIMessageConfigDefaultTo, + setAccountEnabledInConfigSection, + type ChannelPlugin, +} from "openclaw/plugin-sdk/imessage-core"; +import { + listIMessageAccountIds, + resolveDefaultIMessageAccountId, + resolveIMessageAccount, + type ResolvedIMessageAccount, +} from "./accounts.js"; +import { createIMessageSetupWizardProxy } from "./setup-core.js"; + +export const IMESSAGE_CHANNEL = "imessage" as const; + +async function loadIMessageChannelRuntime() { + return await import("./channel.runtime.js"); +} + +export const imessageSetupWizard = createIMessageSetupWizardProxy(async () => ({ + imessageSetupWizard: (await loadIMessageChannelRuntime()).imessageSetupWizard, +})); + +export function createIMessagePluginBase(params: { + setupWizard?: NonNullable["setupWizard"]>; + setup: NonNullable["setup"]>; +}): Pick< + ChannelPlugin, + | "id" + | "meta" + | "setupWizard" + | "capabilities" + | "reload" + | "configSchema" + | "config" + | "security" + | "setup" +> { + return { + id: IMESSAGE_CHANNEL, + meta: { + ...getChatChannelMeta(IMESSAGE_CHANNEL), + aliases: ["imsg"], + showConfigured: false, + }, + setupWizard: params.setupWizard, + capabilities: { + chatTypes: ["direct", "group"], + media: true, + }, + reload: { configPrefixes: ["channels.imessage"] }, + configSchema: buildChannelConfigSchema(IMessageConfigSchema), + config: { + listAccountIds: (cfg) => listIMessageAccountIds(cfg), + resolveAccount: (cfg, accountId) => resolveIMessageAccount({ cfg, accountId }), + defaultAccountId: (cfg) => resolveDefaultIMessageAccountId(cfg), + setAccountEnabled: ({ cfg, accountId, enabled }) => + setAccountEnabledInConfigSection({ + cfg, + sectionKey: IMESSAGE_CHANNEL, + accountId, + enabled, + allowTopLevel: true, + }), + deleteAccount: ({ cfg, accountId }) => + deleteAccountFromConfigSection({ + cfg, + sectionKey: IMESSAGE_CHANNEL, + accountId, + clearBaseFields: ["cliPath", "dbPath", "service", "region", "name"], + }), + isConfigured: (account) => account.configured, + describeAccount: (account) => ({ + accountId: account.accountId, + name: account.name, + enabled: account.enabled, + configured: account.configured, + }), + resolveAllowFrom: ({ cfg, accountId }) => resolveIMessageConfigAllowFrom({ cfg, accountId }), + formatAllowFrom: ({ allowFrom }) => formatTrimmedAllowFromEntries(allowFrom), + resolveDefaultTo: ({ cfg, accountId }) => resolveIMessageConfigDefaultTo({ cfg, accountId }), + }, + security: { + resolveDmPolicy: ({ cfg, accountId, account }) => + buildAccountScopedDmSecurityPolicy({ + cfg, + channelKey: IMESSAGE_CHANNEL, + accountId, + fallbackAccountId: account.accountId ?? DEFAULT_ACCOUNT_ID, + policy: account.config.dmPolicy, + allowFrom: account.config.allowFrom ?? [], + policyPathSuffix: "dmPolicy", + }), + collectWarnings: ({ account, cfg }) => + collectAllowlistProviderRestrictSendersWarnings({ + cfg, + providerConfigPresent: cfg.channels?.imessage !== undefined, + configuredGroupPolicy: account.config.groupPolicy, + surface: "iMessage groups", + openScope: "any member", + groupPolicyPath: "channels.imessage.groupPolicy", + groupAllowFromPath: "channels.imessage.groupAllowFrom", + mentionGated: false, + }), + }, + setup: params.setup, + }; +} diff --git a/extensions/imessage/src/target-parsing-helpers.ts b/extensions/imessage/src/target-parsing-helpers.ts index 95ccc3682ce..04881fa2131 100644 --- a/extensions/imessage/src/target-parsing-helpers.ts +++ b/extensions/imessage/src/target-parsing-helpers.ts @@ -1,4 +1,4 @@ -import { isAllowedParsedChatSender } from "../../../src/plugin-sdk/allow-from.js"; +import { isAllowedParsedChatSender } from "openclaw/plugin-sdk/allow-from"; export type ServicePrefix = { prefix: string; service: TService }; diff --git a/extensions/imessage/src/targets.ts b/extensions/imessage/src/targets.ts index a376a6e7f45..d6cd6a11f38 100644 --- a/extensions/imessage/src/targets.ts +++ b/extensions/imessage/src/targets.ts @@ -1,4 +1,4 @@ -import { normalizeE164 } from "../../../src/utils.js"; +import { normalizeE164 } from "openclaw/plugin-sdk/text-runtime"; import { createAllowedChatSenderMatcher, type ChatSenderAllowParams, diff --git a/extensions/irc/api.ts b/extensions/irc/api.ts new file mode 100644 index 00000000000..4fae8e966ee --- /dev/null +++ b/extensions/irc/api.ts @@ -0,0 +1,2 @@ +export * from "./src/accounts.js"; +export * from "./src/setup-surface.js"; diff --git a/extensions/irc/index.ts b/extensions/irc/index.ts index 40182558dcb..7a746c551cf 100644 --- a/extensions/irc/index.ts +++ b/extensions/irc/index.ts @@ -1,17 +1,15 @@ -import type { ChannelPlugin, OpenClawPluginApi } from "openclaw/plugin-sdk/irc"; -import { emptyPluginConfigSchema } from "openclaw/plugin-sdk/irc"; +import type { ChannelPlugin } from "openclaw/plugin-sdk/core"; +import { defineChannelPluginEntry } from "openclaw/plugin-sdk/core"; import { ircPlugin } from "./src/channel.js"; import { setIrcRuntime } from "./src/runtime.js"; -const plugin = { +export { ircPlugin } from "./src/channel.js"; +export { setIrcRuntime } from "./src/runtime.js"; + +export default defineChannelPluginEntry({ id: "irc", name: "IRC", description: "IRC channel plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { - setIrcRuntime(api.runtime); - api.registerChannel({ plugin: ircPlugin as ChannelPlugin }); - }, -}; - -export default plugin; + plugin: ircPlugin as ChannelPlugin, + setRuntime: setIrcRuntime, +}); diff --git a/extensions/irc/setup-entry.ts b/extensions/irc/setup-entry.ts index fe8bea1814d..3d3d040990c 100644 --- a/extensions/irc/setup-entry.ts +++ b/extensions/irc/setup-entry.ts @@ -1,5 +1,4 @@ +import { defineSetupPluginEntry } from "openclaw/plugin-sdk/core"; import { ircPlugin } from "./src/channel.js"; -export default { - plugin: ircPlugin, -}; +export default defineSetupPluginEntry(ircPlugin); diff --git a/extensions/irc/src/accounts.ts b/extensions/irc/src/accounts.ts index 9367a7d2123..f1831b02d48 100644 --- a/extensions/irc/src/accounts.ts +++ b/extensions/irc/src/accounts.ts @@ -1,5 +1,5 @@ import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "openclaw/plugin-sdk/account-id"; -import { tryReadSecretFileSync } from "openclaw/plugin-sdk/core"; +import { tryReadSecretFileSync } from "openclaw/plugin-sdk/infra-runtime"; import { createAccountListHelpers, normalizeResolvedSecretInputString, diff --git a/extensions/irc/src/channel.startup.test.ts b/extensions/irc/src/channel.startup.test.ts index 7b4416d1892..de3526a32d2 100644 --- a/extensions/irc/src/channel.startup.test.ts +++ b/extensions/irc/src/channel.startup.test.ts @@ -2,7 +2,7 @@ import { afterEach, describe, expect, it, vi } from "vitest"; import { expectStopPendingUntilAbort, startAccountAndTrackLifecycle, -} from "../../test-utils/start-account-lifecycle.js"; +} from "../../../test/helpers/extensions/start-account-lifecycle.js"; import type { ResolvedIrcAccount } from "./accounts.js"; const hoisted = vi.hoisted(() => ({ diff --git a/extensions/irc/src/channel.ts b/extensions/irc/src/channel.ts index ca53d53a93d..ed754933e68 100644 --- a/extensions/irc/src/channel.ts +++ b/extensions/irc/src/channel.ts @@ -1,10 +1,10 @@ +import { formatNormalizedAllowFromEntries } from "openclaw/plugin-sdk/allow-from"; +import { createScopedAccountConfigAccessors } from "openclaw/plugin-sdk/channel-config-helpers"; import { buildAccountScopedDmSecurityPolicy, buildOpenGroupPolicyWarning, collectAllowlistProviderGroupPolicyWarnings, - createScopedAccountConfigAccessors, - formatNormalizedAllowFromEntries, -} from "openclaw/plugin-sdk/compat"; +} from "openclaw/plugin-sdk/channel-policy"; import { buildBaseAccountStatusSnapshot, buildBaseChannelStatusSummary, diff --git a/extensions/irc/src/runtime.ts b/extensions/irc/src/runtime.ts index e1d60a14652..32d479d13e9 100644 --- a/extensions/irc/src/runtime.ts +++ b/extensions/irc/src/runtime.ts @@ -1,5 +1,5 @@ -import { createPluginRuntimeStore } from "openclaw/plugin-sdk/compat"; import type { PluginRuntime } from "openclaw/plugin-sdk/irc"; +import { createPluginRuntimeStore } from "openclaw/plugin-sdk/runtime-store"; const { setRuntime: setIrcRuntime, getRuntime: getIrcRuntime } = createPluginRuntimeStore("IRC runtime not initialized"); diff --git a/extensions/irc/src/send.test.ts b/extensions/irc/src/send.test.ts index 8fbe58e7f22..7dc064930be 100644 --- a/extensions/irc/src/send.test.ts +++ b/extensions/irc/src/send.test.ts @@ -3,7 +3,7 @@ import { createSendCfgThreadingRuntime, expectProvidedCfgSkipsRuntimeLoad, expectRuntimeCfgFallback, -} from "../../test-utils/send-config.js"; +} from "../../../test/helpers/extensions/send-config.js"; import type { IrcClient } from "./client.js"; import type { CoreConfig } from "./types.js"; diff --git a/extensions/irc/src/setup-core.ts b/extensions/irc/src/setup-core.ts index c793098063b..23422e30ba0 100644 --- a/extensions/irc/src/setup-core.ts +++ b/extensions/irc/src/setup-core.ts @@ -1,15 +1,15 @@ +import type { ChannelSetupAdapter } from "openclaw/plugin-sdk/channel-runtime"; +import type { ChannelSetupInput } from "openclaw/plugin-sdk/channel-runtime"; +import type { DmPolicy } from "openclaw/plugin-sdk/config-runtime"; +import { normalizeAccountId } from "openclaw/plugin-sdk/routing"; import { applyAccountNameToChannelSection, patchScopedAccountConfig, -} from "../../../src/channels/plugins/setup-helpers.js"; +} from "openclaw/plugin-sdk/setup"; import { setTopLevelChannelAllowFrom, setTopLevelChannelDmPolicyWithAllowFrom, -} from "../../../src/channels/plugins/setup-wizard-helpers.js"; -import type { ChannelSetupAdapter } from "../../../src/channels/plugins/types.adapters.js"; -import type { ChannelSetupInput } from "../../../src/channels/plugins/types.core.js"; -import type { DmPolicy } from "../../../src/config/types.js"; -import { normalizeAccountId } from "../../../src/routing/session-key.js"; +} from "openclaw/plugin-sdk/setup"; import type { CoreConfig, IrcAccountConfig, IrcNickServConfig } from "./types.js"; const channel = "irc" as const; diff --git a/extensions/irc/src/setup-surface.test.ts b/extensions/irc/src/setup-surface.test.ts index 147432b6131..5741a90ad96 100644 --- a/extensions/irc/src/setup-surface.test.ts +++ b/extensions/irc/src/setup-surface.test.ts @@ -1,32 +1,14 @@ -import type { RuntimeEnv, WizardPrompter } from "openclaw/plugin-sdk/irc"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/irc"; import { describe, expect, it, vi } from "vitest"; import { buildChannelSetupWizardAdapterFromSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import { createRuntimeEnv } from "../../test-utils/runtime-env.js"; +import { createRuntimeEnv } from "../../../test/helpers/extensions/runtime-env.js"; +import { + createTestWizardPrompter, + type WizardPrompter, +} from "../../../test/helpers/extensions/setup-wizard.js"; import { ircPlugin } from "./channel.js"; import type { CoreConfig } from "./types.js"; -const selectFirstOption = async (params: { options: Array<{ value: T }> }): Promise => { - const first = params.options[0]; - if (!first) { - throw new Error("no options"); - } - return first.value; -}; - -function createPrompter(overrides: Partial): WizardPrompter { - return { - intro: vi.fn(async () => {}), - outro: vi.fn(async () => {}), - note: vi.fn(async () => {}), - select: selectFirstOption as WizardPrompter["select"], - multiselect: vi.fn(async () => []), - text: vi.fn(async () => "") as WizardPrompter["text"], - confirm: vi.fn(async () => false), - progress: vi.fn(() => ({ update: vi.fn(), stop: vi.fn() })), - ...overrides, - }; -} - const ircConfigureAdapter = buildChannelSetupWizardAdapterFromSetupWizard({ plugin: ircPlugin, wizard: ircPlugin.setupWizard!, @@ -34,7 +16,7 @@ const ircConfigureAdapter = buildChannelSetupWizardAdapterFromSetupWizard({ describe("irc setup wizard", () => { it("configures host and nick via setup prompts", async () => { - const prompter = createPrompter({ + const prompter = createTestWizardPrompter({ text: vi.fn(async ({ message }: { message: string }) => { if (message === "IRC server host") { return "irc.libera.chat"; @@ -93,7 +75,7 @@ describe("irc setup wizard", () => { }); it("writes DM allowFrom to top-level config for non-default account prompts", async () => { - const prompter = createPrompter({ + const prompter = createTestWizardPrompter({ text: vi.fn(async ({ message }: { message: string }) => { if (message === "IRC allowFrom (nick or nick!user@host)") { return "Alice, Bob!ident@example.org"; diff --git a/extensions/irc/src/setup-surface.ts b/extensions/irc/src/setup-surface.ts index 1607a9bdd54..cdadcffbaec 100644 --- a/extensions/irc/src/setup-surface.ts +++ b/extensions/irc/src/setup-surface.ts @@ -1,13 +1,10 @@ -import { - resolveSetupAccountId, - setSetupChannelEnabled, -} from "../../../src/channels/plugins/setup-wizard-helpers.js"; -import type { ChannelSetupDmPolicy } from "../../../src/channels/plugins/setup-wizard-types.js"; -import type { ChannelSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import type { DmPolicy } from "../../../src/config/types.js"; -import { DEFAULT_ACCOUNT_ID } from "../../../src/routing/session-key.js"; -import { formatDocsLink } from "../../../src/terminal/links.js"; -import type { WizardPrompter } from "../../../src/wizard/prompts.js"; +import type { DmPolicy } from "openclaw/plugin-sdk/config-runtime"; +import { DEFAULT_ACCOUNT_ID } from "openclaw/plugin-sdk/routing"; +import { resolveSetupAccountId, setSetupChannelEnabled } from "openclaw/plugin-sdk/setup"; +import type { ChannelSetupDmPolicy } from "openclaw/plugin-sdk/setup"; +import type { ChannelSetupWizard } from "openclaw/plugin-sdk/setup"; +import { formatDocsLink } from "openclaw/plugin-sdk/setup"; +import type { WizardPrompter } from "openclaw/plugin-sdk/setup"; import { listIrcAccountIds, resolveDefaultIrcAccountId, resolveIrcAccount } from "./accounts.js"; import { isChannelTarget, diff --git a/extensions/kilocode/index.ts b/extensions/kilocode/index.ts index 5fff1fd061b..edbe5db7cfb 100644 --- a/extensions/kilocode/index.ts +++ b/extensions/kilocode/index.ts @@ -1,23 +1,20 @@ -import { emptyPluginConfigSchema, type OpenClawPluginApi } from "openclaw/plugin-sdk/core"; -import { buildKilocodeProviderWithDiscovery } from "../../src/agents/models-config.providers.discovery.js"; +import { definePluginEntry } from "openclaw/plugin-sdk/core"; +import { createProviderApiKeyAuthMethod } from "openclaw/plugin-sdk/provider-auth"; +import { buildSingleProviderApiKeyCatalog } from "openclaw/plugin-sdk/provider-catalog"; import { createKilocodeWrapper, isProxyReasoningUnsupported, -} from "../../src/agents/pi-embedded-runner/proxy-stream-wrappers.js"; -import { - applyKilocodeConfig, - KILOCODE_DEFAULT_MODEL_REF, -} from "../../src/commands/onboard-auth.js"; -import { createProviderApiKeyAuthMethod } from "../../src/plugins/provider-api-key-auth.js"; +} from "openclaw/plugin-sdk/provider-stream"; +import { applyKilocodeConfig, KILOCODE_DEFAULT_MODEL_REF } from "./onboard.js"; +import { buildKilocodeProviderWithDiscovery } from "./provider-catalog.js"; const PROVIDER_ID = "kilocode"; -const kilocodePlugin = { +export default definePluginEntry({ id: PROVIDER_ID, name: "Kilo Gateway Provider", description: "Bundled Kilo Gateway provider plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerProvider({ id: PROVIDER_ID, label: "Kilo Gateway", @@ -47,18 +44,12 @@ const kilocodePlugin = { ], catalog: { order: "simple", - run: async (ctx) => { - const apiKey = ctx.resolveProviderApiKey(PROVIDER_ID).apiKey; - if (!apiKey) { - return null; - } - return { - provider: { - ...(await buildKilocodeProviderWithDiscovery()), - apiKey, - }, - }; - }, + run: (ctx) => + buildSingleProviderApiKeyCatalog({ + ctx, + providerId: PROVIDER_ID, + buildProvider: buildKilocodeProviderWithDiscovery, + }), }, capabilities: { geminiThoughtSignatureSanitization: true, @@ -74,6 +65,4 @@ const kilocodePlugin = { isCacheTtlEligible: (ctx) => ctx.modelId.startsWith("anthropic/"), }); }, -}; - -export default kilocodePlugin; +}); diff --git a/extensions/kilocode/onboard.ts b/extensions/kilocode/onboard.ts new file mode 100644 index 00000000000..fd285341f52 --- /dev/null +++ b/extensions/kilocode/onboard.ts @@ -0,0 +1,32 @@ +import { KILOCODE_BASE_URL, KILOCODE_DEFAULT_MODEL_REF } from "openclaw/plugin-sdk/provider-models"; +import { + applyAgentDefaultModelPrimary, + applyProviderConfigWithModelCatalog, + type OpenClawConfig, +} from "openclaw/plugin-sdk/provider-onboard"; +import { buildKilocodeProvider } from "./provider-catalog.js"; + +export { KILOCODE_BASE_URL, KILOCODE_DEFAULT_MODEL_REF }; + +export function applyKilocodeProviderConfig(cfg: OpenClawConfig): OpenClawConfig { + const models = { ...cfg.agents?.defaults?.models }; + models[KILOCODE_DEFAULT_MODEL_REF] = { + ...models[KILOCODE_DEFAULT_MODEL_REF], + alias: models[KILOCODE_DEFAULT_MODEL_REF]?.alias ?? "Kilo Gateway", + }; + + return applyProviderConfigWithModelCatalog(cfg, { + agentModels: models, + providerId: "kilocode", + api: "openai-completions", + baseUrl: KILOCODE_BASE_URL, + catalogModels: buildKilocodeProvider().models ?? [], + }); +} + +export function applyKilocodeConfig(cfg: OpenClawConfig): OpenClawConfig { + return applyAgentDefaultModelPrimary( + applyKilocodeProviderConfig(cfg), + KILOCODE_DEFAULT_MODEL_REF, + ); +} diff --git a/extensions/kilocode/provider-catalog.ts b/extensions/kilocode/provider-catalog.ts new file mode 100644 index 00000000000..98e324f4784 --- /dev/null +++ b/extensions/kilocode/provider-catalog.ts @@ -0,0 +1,34 @@ +import { + discoverKilocodeModels, + type ModelProviderConfig, + KILOCODE_BASE_URL, + KILOCODE_DEFAULT_CONTEXT_WINDOW, + KILOCODE_DEFAULT_COST, + KILOCODE_DEFAULT_MAX_TOKENS, + KILOCODE_MODEL_CATALOG, +} from "openclaw/plugin-sdk/provider-models"; + +export function buildKilocodeProvider(): ModelProviderConfig { + return { + baseUrl: KILOCODE_BASE_URL, + api: "openai-completions", + models: KILOCODE_MODEL_CATALOG.map((model) => ({ + id: model.id, + name: model.name, + reasoning: model.reasoning, + input: model.input, + cost: KILOCODE_DEFAULT_COST, + contextWindow: model.contextWindow ?? KILOCODE_DEFAULT_CONTEXT_WINDOW, + maxTokens: model.maxTokens ?? KILOCODE_DEFAULT_MAX_TOKENS, + })), + }; +} + +export async function buildKilocodeProviderWithDiscovery(): Promise { + const models = await discoverKilocodeModels(); + return { + baseUrl: KILOCODE_BASE_URL, + api: "openai-completions", + models, + }; +} diff --git a/extensions/kimi-coding/index.ts b/extensions/kimi-coding/index.ts index 853eee98bef..579f469d595 100644 --- a/extensions/kimi-coding/index.ts +++ b/extensions/kimi-coding/index.ts @@ -1,47 +1,47 @@ -import { emptyPluginConfigSchema, type OpenClawPluginApi } from "openclaw/plugin-sdk/core"; -import { buildKimiCodingProvider } from "../../src/agents/models-config.providers.static.js"; -import { applyKimiCodeConfig, KIMI_CODING_MODEL_REF } from "../../src/commands/onboard-auth.js"; -import { createProviderApiKeyAuthMethod } from "../../src/plugins/provider-api-key-auth.js"; -import { isRecord } from "../../src/utils.js"; +import { definePluginEntry } from "openclaw/plugin-sdk/core"; +import { createProviderApiKeyAuthMethod } from "openclaw/plugin-sdk/provider-auth"; +import { isRecord } from "openclaw/plugin-sdk/text-runtime"; +import { applyKimiCodeConfig, KIMI_CODING_MODEL_REF } from "./onboard.js"; +import { buildKimiCodingProvider } from "./provider-catalog.js"; -const PROVIDER_ID = "kimi-coding"; +const PLUGIN_ID = "kimi"; +const PROVIDER_ID = "kimi"; -const kimiCodingPlugin = { - id: PROVIDER_ID, - name: "Kimi Coding Provider", - description: "Bundled Kimi Coding provider plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { +export default definePluginEntry({ + id: PLUGIN_ID, + name: "Kimi Provider", + description: "Bundled Kimi provider plugin", + register(api) { api.registerProvider({ id: PROVIDER_ID, - label: "Kimi Coding", - aliases: ["kimi-code"], + label: "Kimi", + aliases: ["kimi-code", "kimi-coding"], docsPath: "/providers/moonshot", envVars: ["KIMI_API_KEY", "KIMICODE_API_KEY"], auth: [ createProviderApiKeyAuthMethod({ providerId: PROVIDER_ID, methodId: "api-key", - label: "Kimi Code API key (subscription)", - hint: "Kimi K2.5 + Kimi Coding", + label: "Kimi API key (subscription)", + hint: "Kimi K2.5 + Kimi", optionKey: "kimiCodeApiKey", flagName: "--kimi-code-api-key", envVar: "KIMI_API_KEY", - promptMessage: "Enter Kimi Coding API key", + promptMessage: "Enter Kimi API key", defaultModel: KIMI_CODING_MODEL_REF, - expectedProviders: ["kimi-code", "kimi-coding"], + expectedProviders: ["kimi", "kimi-code", "kimi-coding"], applyConfig: (cfg) => applyKimiCodeConfig(cfg), noteMessage: [ - "Kimi Coding uses a dedicated endpoint and API key.", + "Kimi uses a dedicated coding endpoint and API key.", "Get your API key at: https://www.kimi.com/code/en", ].join("\n"), - noteTitle: "Kimi Coding", + noteTitle: "Kimi", wizard: { choiceId: "kimi-code-api-key", - choiceLabel: "Kimi Code API key (subscription)", + choiceLabel: "Kimi API key (subscription)", groupId: "moonshot", groupLabel: "Moonshot AI (Kimi K2.5)", - groupHint: "Kimi K2.5 + Kimi Coding", + groupHint: "Kimi K2.5 + Kimi", }, }), ], @@ -81,6 +81,4 @@ const kimiCodingPlugin = { }, }); }, -}; - -export default kimiCodingPlugin; +}); diff --git a/extensions/kimi-coding/onboard.ts b/extensions/kimi-coding/onboard.ts new file mode 100644 index 00000000000..60ce12553f1 --- /dev/null +++ b/extensions/kimi-coding/onboard.ts @@ -0,0 +1,39 @@ +import { + applyAgentDefaultModelPrimary, + applyProviderConfigWithDefaultModel, + type OpenClawConfig, +} from "openclaw/plugin-sdk/provider-onboard"; +import { + buildKimiCodingProvider, + KIMI_CODING_BASE_URL, + KIMI_CODING_DEFAULT_MODEL_ID, +} from "./provider-catalog.js"; + +export const KIMI_MODEL_REF = `kimi/${KIMI_CODING_DEFAULT_MODEL_ID}`; +export const KIMI_CODING_MODEL_REF = KIMI_MODEL_REF; + +export function applyKimiCodeProviderConfig(cfg: OpenClawConfig): OpenClawConfig { + const models = { ...cfg.agents?.defaults?.models }; + models[KIMI_MODEL_REF] = { + ...models[KIMI_MODEL_REF], + alias: models[KIMI_MODEL_REF]?.alias ?? "Kimi", + }; + + const defaultModel = buildKimiCodingProvider().models[0]; + if (!defaultModel) { + return cfg; + } + + return applyProviderConfigWithDefaultModel(cfg, { + agentModels: models, + providerId: "kimi", + api: "anthropic-messages", + baseUrl: KIMI_CODING_BASE_URL, + defaultModel, + defaultModelId: KIMI_CODING_DEFAULT_MODEL_ID, + }); +} + +export function applyKimiCodeConfig(cfg: OpenClawConfig): OpenClawConfig { + return applyAgentDefaultModelPrimary(applyKimiCodeProviderConfig(cfg), KIMI_MODEL_REF); +} diff --git a/extensions/kimi-coding/openclaw.plugin.json b/extensions/kimi-coding/openclaw.plugin.json index c86d7211031..9d2ba7f69bb 100644 --- a/extensions/kimi-coding/openclaw.plugin.json +++ b/extensions/kimi-coding/openclaw.plugin.json @@ -1,22 +1,23 @@ { - "id": "kimi-coding", - "providers": ["kimi-coding"], + "id": "kimi", + "providers": ["kimi", "kimi-coding"], "providerAuthEnvVars": { + "kimi": ["KIMI_API_KEY", "KIMICODE_API_KEY"], "kimi-coding": ["KIMI_API_KEY", "KIMICODE_API_KEY"] }, "providerAuthChoices": [ { - "provider": "kimi-coding", + "provider": "kimi", "method": "api-key", "choiceId": "kimi-code-api-key", - "choiceLabel": "Kimi Code API key (subscription)", - "groupId": "moonshot", - "groupLabel": "Moonshot AI (Kimi K2.5)", - "groupHint": "Kimi K2.5 + Kimi Coding", + "choiceLabel": "Kimi Code API key", + "groupId": "kimi-code", + "groupLabel": "Kimi Code", + "groupHint": "Dedicated coding endpoint", "optionKey": "kimiCodeApiKey", "cliFlag": "--kimi-code-api-key", "cliOption": "--kimi-code-api-key ", - "cliDescription": "Kimi Coding API key" + "cliDescription": "Kimi Code API key" } ], "configSchema": { diff --git a/extensions/kimi-coding/package.json b/extensions/kimi-coding/package.json index 738dd1abd1f..9568afa64b4 100644 --- a/extensions/kimi-coding/package.json +++ b/extensions/kimi-coding/package.json @@ -1,8 +1,8 @@ { - "name": "@openclaw/kimi-coding-provider", + "name": "@openclaw/kimi-provider", "version": "2026.3.14", "private": true, - "description": "OpenClaw Kimi Coding provider plugin", + "description": "OpenClaw Kimi provider plugin", "type": "module", "openclaw": { "extensions": [ diff --git a/extensions/kimi-coding/provider-catalog.ts b/extensions/kimi-coding/provider-catalog.ts new file mode 100644 index 00000000000..5fc27495c76 --- /dev/null +++ b/extensions/kimi-coding/provider-catalog.ts @@ -0,0 +1,50 @@ +import type { ModelProviderConfig } from "openclaw/plugin-sdk/provider-models"; + +export const KIMI_BASE_URL = "https://api.kimi.com/coding/"; +const KIMI_CODING_USER_AGENT = "claude-code/0.1.0"; +export const KIMI_DEFAULT_MODEL_ID = "kimi-code"; +export const KIMI_UPSTREAM_MODEL_ID = "kimi-for-coding"; +export const KIMI_LEGACY_MODEL_ID = "k2p5"; +const KIMI_CODING_DEFAULT_CONTEXT_WINDOW = 262144; +const KIMI_CODING_DEFAULT_MAX_TOKENS = 32768; +const KIMI_CODING_DEFAULT_COST = { + input: 0, + output: 0, + cacheRead: 0, + cacheWrite: 0, +}; + +export function buildKimiCodingProvider(): ModelProviderConfig { + return { + baseUrl: KIMI_BASE_URL, + api: "anthropic-messages", + headers: { + "User-Agent": KIMI_CODING_USER_AGENT, + }, + models: [ + { + id: KIMI_DEFAULT_MODEL_ID, + name: "Kimi Code", + reasoning: true, + input: ["text", "image"], + cost: KIMI_CODING_DEFAULT_COST, + contextWindow: KIMI_CODING_DEFAULT_CONTEXT_WINDOW, + maxTokens: KIMI_CODING_DEFAULT_MAX_TOKENS, + }, + { + id: KIMI_LEGACY_MODEL_ID, + name: "Kimi Code (legacy model id)", + reasoning: true, + input: ["text", "image"], + cost: KIMI_CODING_DEFAULT_COST, + contextWindow: KIMI_CODING_DEFAULT_CONTEXT_WINDOW, + maxTokens: KIMI_CODING_DEFAULT_MAX_TOKENS, + }, + ], + }; +} + +export const KIMI_CODING_BASE_URL = KIMI_BASE_URL; +export const KIMI_CODING_DEFAULT_MODEL_ID = KIMI_DEFAULT_MODEL_ID; +export const KIMI_CODING_LEGACY_MODEL_ID = KIMI_LEGACY_MODEL_ID; +export const buildKimiProvider = buildKimiCodingProvider; diff --git a/extensions/line/api.ts b/extensions/line/api.ts new file mode 100644 index 00000000000..8f7fe4d268b --- /dev/null +++ b/extensions/line/api.ts @@ -0,0 +1,2 @@ +export * from "./src/setup-core.js"; +export * from "./src/setup-surface.js"; diff --git a/extensions/line/index.ts b/extensions/line/index.ts index 59b1d97920d..22f2c184e70 100644 --- a/extensions/line/index.ts +++ b/extensions/line/index.ts @@ -1,22 +1,16 @@ -import type { OpenClawPluginApi } from "openclaw/plugin-sdk/line"; -import { emptyPluginConfigSchema } from "openclaw/plugin-sdk/line"; +import { defineChannelPluginEntry } from "openclaw/plugin-sdk/core"; import { registerLineCardCommand } from "./src/card-command.js"; import { linePlugin } from "./src/channel.js"; import { setLineRuntime } from "./src/runtime.js"; -const plugin = { +export { linePlugin } from "./src/channel.js"; +export { setLineRuntime } from "./src/runtime.js"; + +export default defineChannelPluginEntry({ id: "line", name: "LINE", description: "LINE Messaging API channel plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { - setLineRuntime(api.runtime); - api.registerChannel({ plugin: linePlugin }); - if (api.registrationMode !== "full") { - return; - } - registerLineCardCommand(api); - }, -}; - -export default plugin; + plugin: linePlugin, + setRuntime: setLineRuntime, + registerFull: registerLineCardCommand, +}); diff --git a/extensions/line/setup-entry.ts b/extensions/line/setup-entry.ts index ca25d243155..ce23aecd544 100644 --- a/extensions/line/setup-entry.ts +++ b/extensions/line/setup-entry.ts @@ -1,5 +1,6 @@ +import { defineSetupPluginEntry } from "openclaw/plugin-sdk/core"; import { lineSetupPlugin } from "./src/channel.setup.js"; -export default { - plugin: lineSetupPlugin, -}; +export { lineSetupPlugin } from "./src/channel.setup.js"; + +export default defineSetupPluginEntry(lineSetupPlugin); diff --git a/extensions/line/src/channel.logout.test.ts b/extensions/line/src/channel.logout.test.ts index b10d484fbb1..4f474032dc9 100644 --- a/extensions/line/src/channel.logout.test.ts +++ b/extensions/line/src/channel.logout.test.ts @@ -1,6 +1,6 @@ import type { OpenClawConfig, PluginRuntime, ResolvedLineAccount } from "openclaw/plugin-sdk/line"; import { beforeEach, describe, expect, it, vi } from "vitest"; -import { createRuntimeEnv } from "../../test-utils/runtime-env.js"; +import { createRuntimeEnv } from "../../../test/helpers/extensions/runtime-env.js"; import { linePlugin } from "./channel.js"; import { setLineRuntime } from "./runtime.js"; diff --git a/extensions/line/src/channel.setup.ts b/extensions/line/src/channel.setup.ts index 71a1d87c45d..771107dff58 100644 --- a/extensions/line/src/channel.setup.ts +++ b/extensions/line/src/channel.setup.ts @@ -9,7 +9,7 @@ import { listLineAccountIds, resolveDefaultLineAccountId, resolveLineAccount, -} from "../../../src/line/accounts.js"; +} from "openclaw/plugin-sdk/line"; import { lineSetupAdapter } from "./setup-core.js"; import { lineSetupWizard } from "./setup-surface.js"; diff --git a/extensions/line/src/channel.startup.test.ts b/extensions/line/src/channel.startup.test.ts index e4de0f38e3b..9f1e10cd6fc 100644 --- a/extensions/line/src/channel.startup.test.ts +++ b/extensions/line/src/channel.startup.test.ts @@ -6,7 +6,7 @@ import type { ResolvedLineAccount, } from "openclaw/plugin-sdk/line"; import { describe, expect, it, vi } from "vitest"; -import { createRuntimeEnv } from "../../test-utils/runtime-env.js"; +import { createRuntimeEnv } from "../../../test/helpers/extensions/runtime-env.js"; import { linePlugin } from "./channel.js"; import { setLineRuntime } from "./runtime.js"; diff --git a/extensions/line/src/channel.ts b/extensions/line/src/channel.ts index b184ebe8482..ee3c9597eab 100644 --- a/extensions/line/src/channel.ts +++ b/extensions/line/src/channel.ts @@ -1,9 +1,9 @@ import { - collectAllowlistProviderRestrictSendersWarnings, createScopedAccountConfigAccessors, createScopedChannelConfigBase, createScopedDmSecurityResolver, -} from "openclaw/plugin-sdk/compat"; +} from "openclaw/plugin-sdk/channel-config-helpers"; +import { collectAllowlistProviderRestrictSendersWarnings } from "openclaw/plugin-sdk/channel-policy"; import { buildChannelConfigSchema, buildComputedAccountStatusSnapshot, diff --git a/extensions/line/src/runtime.ts b/extensions/line/src/runtime.ts index 57307cbe64e..65dd4d5394b 100644 --- a/extensions/line/src/runtime.ts +++ b/extensions/line/src/runtime.ts @@ -1,5 +1,5 @@ -import { createPluginRuntimeStore } from "openclaw/plugin-sdk/compat"; import type { PluginRuntime } from "openclaw/plugin-sdk/line"; +import { createPluginRuntimeStore } from "openclaw/plugin-sdk/runtime-store"; const { setRuntime: setLineRuntime, getRuntime: getLineRuntime } = createPluginRuntimeStore("LINE runtime not initialized - plugin not registered"); diff --git a/extensions/line/src/setup-core.ts b/extensions/line/src/setup-core.ts index 67c9c674df5..737ba1cc856 100644 --- a/extensions/line/src/setup-core.ts +++ b/extensions/line/src/setup-core.ts @@ -1,12 +1,11 @@ -import type { ChannelSetupAdapter } from "../../../src/channels/plugins/types.adapters.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; import { listLineAccountIds, normalizeAccountId, resolveLineAccount, -} from "../../../src/line/accounts.js"; -import type { LineConfig } from "../../../src/line/types.js"; -import { DEFAULT_ACCOUNT_ID } from "../../../src/routing/session-key.js"; + type LineConfig, +} from "openclaw/plugin-sdk/line"; +import type { ChannelSetupAdapter, OpenClawConfig } from "openclaw/plugin-sdk/setup"; +import { DEFAULT_ACCOUNT_ID } from "openclaw/plugin-sdk/setup"; const channel = "line" as const; diff --git a/extensions/line/src/setup-surface.test.ts b/extensions/line/src/setup-surface.test.ts index 3fd98df4b2e..3c2e6bc05e4 100644 --- a/extensions/line/src/setup-surface.test.ts +++ b/extensions/line/src/setup-surface.test.ts @@ -6,30 +6,13 @@ import { resolveDefaultLineAccountId, resolveLineAccount, } from "../../../src/line/accounts.js"; -import type { WizardPrompter } from "../../../src/wizard/prompts.js"; -import { createRuntimeEnv } from "../../test-utils/runtime-env.js"; +import { createRuntimeEnv } from "../../../test/helpers/extensions/runtime-env.js"; +import { + createTestWizardPrompter, + type WizardPrompter, +} from "../../../test/helpers/extensions/setup-wizard.js"; import { lineSetupAdapter, lineSetupWizard } from "./setup-surface.js"; -function createPrompter(overrides: Partial = {}): WizardPrompter { - return { - intro: vi.fn(async () => {}), - outro: vi.fn(async () => {}), - note: vi.fn(async () => {}), - select: vi.fn(async ({ options }: { options: Array<{ value: string }> }) => { - const first = options[0]; - if (!first) { - throw new Error("no options"); - } - return first.value; - }) as WizardPrompter["select"], - multiselect: vi.fn(async () => []), - text: vi.fn(async () => "") as WizardPrompter["text"], - confirm: vi.fn(async () => false), - progress: vi.fn(() => ({ update: vi.fn(), stop: vi.fn() })), - ...overrides, - }; -} - const lineConfigureAdapter = buildChannelSetupWizardAdapterFromSetupWizard({ plugin: { id: "line", @@ -47,7 +30,7 @@ const lineConfigureAdapter = buildChannelSetupWizardAdapterFromSetupWizard({ describe("line setup wizard", () => { it("configures token and secret for the default account", async () => { - const prompter = createPrompter({ + const prompter = createTestWizardPrompter({ text: vi.fn(async ({ message }: { message: string }) => { if (message === "Enter LINE channel access token") { return "line-token"; diff --git a/extensions/line/src/setup-surface.ts b/extensions/line/src/setup-surface.ts index 9ea7dd4ce68..d548b096434 100644 --- a/extensions/line/src/setup-surface.ts +++ b/extensions/line/src/setup-surface.ts @@ -1,13 +1,13 @@ +import { resolveLineAccount } from "openclaw/plugin-sdk/line"; import { + DEFAULT_ACCOUNT_ID, + formatDocsLink, setSetupChannelEnabled, setTopLevelChannelDmPolicyWithAllowFrom, splitSetupEntries, -} from "../../../src/channels/plugins/setup-wizard-helpers.js"; -import type { ChannelSetupDmPolicy } from "../../../src/channels/plugins/setup-wizard-types.js"; -import type { ChannelSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import { resolveLineAccount } from "../../../src/line/accounts.js"; -import { DEFAULT_ACCOUNT_ID } from "../../../src/routing/session-key.js"; -import { formatDocsLink } from "../../../src/terminal/links.js"; + type ChannelSetupDmPolicy, + type ChannelSetupWizard, +} from "openclaw/plugin-sdk/setup"; import { isLineConfigured, listLineAccountIds, diff --git a/extensions/llm-task/api.ts b/extensions/llm-task/api.ts new file mode 100644 index 00000000000..8eebdd06e0b --- /dev/null +++ b/extensions/llm-task/api.ts @@ -0,0 +1 @@ +export * from "openclaw/plugin-sdk/llm-task"; diff --git a/extensions/llm-task/index.ts b/extensions/llm-task/index.ts index 7d258ab6a39..68dd70503c2 100644 --- a/extensions/llm-task/index.ts +++ b/extensions/llm-task/index.ts @@ -1,6 +1,11 @@ -import type { AnyAgentTool, OpenClawPluginApi } from "openclaw/plugin-sdk/llm-task"; +import { definePluginEntry, type AnyAgentTool, type OpenClawPluginApi } from "./api.js"; import { createLlmTaskTool } from "./src/llm-task-tool.js"; -export default function register(api: OpenClawPluginApi) { - api.registerTool(createLlmTaskTool(api) as unknown as AnyAgentTool, { optional: true }); -} +export default definePluginEntry({ + id: "llm-task", + name: "LLM Task", + description: "Optional tool for structured subtask execution", + register(api: OpenClawPluginApi) { + api.registerTool(createLlmTaskTool(api) as unknown as AnyAgentTool, { optional: true }); + }, +}); diff --git a/extensions/llm-task/src/llm-task-tool.test.ts b/extensions/llm-task/src/llm-task-tool.test.ts index 49feb7929ff..6d21ec69654 100644 --- a/extensions/llm-task/src/llm-task-tool.test.ts +++ b/extensions/llm-task/src/llm-task-tool.test.ts @@ -1,17 +1,11 @@ import { describe, it, expect, vi, beforeEach } from "vitest"; - -vi.mock("openclaw/extension-api", () => { - return { - runEmbeddedPiAgent: vi.fn(async () => ({ - meta: { startedAt: Date.now() }, - payloads: [{ text: "{}" }], - })), - }; -}); - -import { runEmbeddedPiAgent } from "openclaw/extension-api"; import { createLlmTaskTool } from "./llm-task-tool.js"; +const runEmbeddedPiAgent = vi.fn(async () => ({ + meta: { startedAt: Date.now() }, + payloads: [{ text: "{}" }], +})); + // oxlint-disable-next-line typescript/no-explicit-any function fakeApi(overrides: any = {}) { return { @@ -22,7 +16,12 @@ function fakeApi(overrides: any = {}) { agents: { defaults: { workspace: "/tmp", model: { primary: "openai-codex/gpt-5.2" } } }, }, pluginConfig: {}, - runtime: { version: "test" }, + runtime: { + version: "test", + agent: { + runEmbeddedPiAgent, + }, + }, logger: { debug() {}, info() {}, warn() {}, error() {} }, registerTool() {}, ...overrides, diff --git a/extensions/llm-task/src/llm-task-tool.ts b/extensions/llm-task/src/llm-task-tool.ts index d79e0a51130..47c7efbea76 100644 --- a/extensions/llm-task/src/llm-task-tool.ts +++ b/extensions/llm-task/src/llm-task-tool.ts @@ -2,15 +2,14 @@ import fs from "node:fs/promises"; import path from "node:path"; import { Type } from "@sinclair/typebox"; import Ajv from "ajv"; -import { runEmbeddedPiAgent } from "openclaw/extension-api"; import { formatThinkingLevels, formatXHighModelHint, normalizeThinkLevel, resolvePreferredOpenClawTmpDir, supportsXHighThinking, -} from "openclaw/plugin-sdk/llm-task"; -import type { OpenClawPluginApi } from "openclaw/plugin-sdk/llm-task"; +} from "../api.js"; +import type { OpenClawPluginApi } from "../api.js"; function stripCodeFences(s: string): string { const trimmed = s.trim(); @@ -179,7 +178,7 @@ export function createLlmTaskTool(api: OpenClawPluginApi) { const sessionId = `llm-task-${Date.now()}`; const sessionFile = path.join(tmpDir, "session.json"); - const result = await runEmbeddedPiAgent({ + const result = await api.runtime.agent.runEmbeddedPiAgent({ sessionId, sessionFile, workspaceDir: api.config?.agents?.defaults?.workspace ?? process.cwd(), diff --git a/extensions/lobster/index.ts b/extensions/lobster/index.ts index 1d5775c4d74..c70ccc49da0 100644 --- a/extensions/lobster/index.ts +++ b/extensions/lobster/index.ts @@ -1,18 +1,24 @@ -import type { - AnyAgentTool, - OpenClawPluginApi, - OpenClawPluginToolFactory, +import { + definePluginEntry, + type AnyAgentTool, + type OpenClawPluginApi, + type OpenClawPluginToolFactory, } from "openclaw/plugin-sdk/lobster"; import { createLobsterTool } from "./src/lobster-tool.js"; -export default function register(api: OpenClawPluginApi) { - api.registerTool( - ((ctx) => { - if (ctx.sandboxed) { - return null; - } - return createLobsterTool(api) as AnyAgentTool; - }) as OpenClawPluginToolFactory, - { optional: true }, - ); -} +export default definePluginEntry({ + id: "lobster", + name: "Lobster", + description: "Optional local shell helper tools", + register(api: OpenClawPluginApi) { + api.registerTool( + ((ctx) => { + if (ctx.sandboxed) { + return null; + } + return createLobsterTool(api) as AnyAgentTool; + }) as OpenClawPluginToolFactory, + { optional: true }, + ); + }, +}); diff --git a/extensions/lobster/src/lobster-tool.test.ts b/extensions/lobster/src/lobster-tool.test.ts index 21d090846b0..62c0fed6d81 100644 --- a/extensions/lobster/src/lobster-tool.test.ts +++ b/extensions/lobster/src/lobster-tool.test.ts @@ -44,8 +44,12 @@ function fakeApi(overrides: Partial = {}): OpenClawPluginApi registerCli() {}, registerService() {}, registerProvider() {}, + registerSpeechProvider() {}, + registerMediaUnderstandingProvider() {}, + registerImageGenerationProvider() {}, registerWebSearchProvider() {}, registerInteractiveHandler() {}, + onConversationBindingResolved() {}, registerHook() {}, registerHttpRoute() {}, registerCommand() {}, diff --git a/extensions/matrix/api.ts b/extensions/matrix/api.ts new file mode 100644 index 00000000000..8f7fe4d268b --- /dev/null +++ b/extensions/matrix/api.ts @@ -0,0 +1,2 @@ +export * from "./src/setup-core.js"; +export * from "./src/setup-surface.js"; diff --git a/extensions/matrix/index.ts b/extensions/matrix/index.ts index 46a4ba5864f..08e9133197c 100644 --- a/extensions/matrix/index.ts +++ b/extensions/matrix/index.ts @@ -1,17 +1,14 @@ -import type { OpenClawPluginApi } from "openclaw/plugin-sdk/matrix"; -import { emptyPluginConfigSchema } from "openclaw/plugin-sdk/matrix"; +import { defineChannelPluginEntry } from "openclaw/plugin-sdk/core"; import { matrixPlugin } from "./src/channel.js"; import { setMatrixRuntime } from "./src/runtime.js"; -const plugin = { +export { matrixPlugin } from "./src/channel.js"; +export { setMatrixRuntime } from "./src/runtime.js"; + +export default defineChannelPluginEntry({ id: "matrix", name: "Matrix", - description: "Matrix channel plugin (matrix-js-sdk)", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { - setMatrixRuntime(api.runtime); - api.registerChannel({ plugin: matrixPlugin }); - }, -}; - -export default plugin; + description: "Matrix channel plugin", + plugin: matrixPlugin, + setRuntime: setMatrixRuntime, +}); diff --git a/extensions/matrix/setup-entry.ts b/extensions/matrix/setup-entry.ts index 4cbabfe6333..045b3a58917 100644 --- a/extensions/matrix/setup-entry.ts +++ b/extensions/matrix/setup-entry.ts @@ -1,5 +1,4 @@ +import { defineSetupPluginEntry } from "openclaw/plugin-sdk/core"; import { matrixPlugin } from "./src/channel.js"; -export default { - plugin: matrixPlugin, -}; +export default defineSetupPluginEntry(matrixPlugin); diff --git a/extensions/matrix/src/channel.directory.test.ts b/extensions/matrix/src/channel.directory.test.ts index 2c5bc9533f3..ced16d90638 100644 --- a/extensions/matrix/src/channel.directory.test.ts +++ b/extensions/matrix/src/channel.directory.test.ts @@ -1,6 +1,6 @@ import type { PluginRuntime, RuntimeEnv } from "openclaw/plugin-sdk/matrix"; import { beforeEach, describe, expect, it, vi } from "vitest"; -import { createRuntimeEnv } from "../../test-utils/runtime-env.js"; +import { createRuntimeEnv } from "../../../test/helpers/extensions/runtime-env.js"; import { matrixPlugin } from "./channel.js"; import { setMatrixRuntime } from "./runtime.js"; import { createMatrixBotSdkMock } from "./test-mocks.js"; diff --git a/extensions/matrix/src/channel.runtime.ts b/extensions/matrix/src/channel.runtime.ts index bcce71da2d1..475d53629e1 100644 --- a/extensions/matrix/src/channel.runtime.ts +++ b/extensions/matrix/src/channel.runtime.ts @@ -1,6 +1,18 @@ -export { listMatrixDirectoryGroupsLive, listMatrixDirectoryPeersLive } from "./directory-live.js"; -export { resolveMatrixAuth } from "./matrix/client.js"; -export { probeMatrix } from "./matrix/probe.js"; -export { sendMessageMatrix } from "./matrix/send.js"; -export { resolveMatrixTargets } from "./resolve-targets.js"; -export { matrixOutbound } from "./outbound.js"; +import { + listMatrixDirectoryGroupsLive as listMatrixDirectoryGroupsLiveImpl, + listMatrixDirectoryPeersLive as listMatrixDirectoryPeersLiveImpl, +} from "./directory-live.js"; +import { resolveMatrixAuth as resolveMatrixAuthImpl } from "./matrix/client.js"; +import { probeMatrix as probeMatrixImpl } from "./matrix/probe.js"; +import { sendMessageMatrix as sendMessageMatrixImpl } from "./matrix/send.js"; +import { matrixOutbound as matrixOutboundImpl } from "./outbound.js"; +import { resolveMatrixTargets as resolveMatrixTargetsImpl } from "./resolve-targets.js"; +export const matrixChannelRuntime = { + listMatrixDirectoryGroupsLive: listMatrixDirectoryGroupsLiveImpl, + listMatrixDirectoryPeersLive: listMatrixDirectoryPeersLiveImpl, + resolveMatrixAuth: resolveMatrixAuthImpl, + probeMatrix: probeMatrixImpl, + sendMessageMatrix: sendMessageMatrixImpl, + resolveMatrixTargets: resolveMatrixTargetsImpl, + matrixOutbound: { ...matrixOutboundImpl }, +}; diff --git a/extensions/matrix/src/channel.ts b/extensions/matrix/src/channel.ts index 6b0380bc19e..a7cc18208c3 100644 --- a/extensions/matrix/src/channel.ts +++ b/extensions/matrix/src/channel.ts @@ -1,10 +1,13 @@ import { - buildOpenGroupPolicyWarning, - collectAllowlistProviderGroupPolicyWarnings, createScopedAccountConfigAccessors, createScopedChannelConfigBase, createScopedDmSecurityResolver, -} from "openclaw/plugin-sdk/compat"; +} from "openclaw/plugin-sdk/channel-config-helpers"; +import { + buildOpenGroupPolicyWarning, + collectAllowlistProviderGroupPolicyWarnings, +} from "openclaw/plugin-sdk/channel-policy"; +import { createLazyRuntimeNamedExport } from "openclaw/plugin-sdk/lazy-runtime"; import { buildChannelConfigSchema, buildProbeChannelStatusSummary, @@ -36,9 +39,10 @@ import type { CoreConfig } from "./types.js"; // Mutex for serializing account startup (workaround for concurrent dynamic import race condition) let matrixStartupLock: Promise = Promise.resolve(); -async function loadMatrixChannelRuntime() { - return await import("./channel.runtime.js"); -} +const loadMatrixChannelRuntime = createLazyRuntimeNamedExport( + () => import("./channel.runtime.js"), + "matrixChannelRuntime", +); const meta = { id: "matrix", diff --git a/extensions/matrix/src/config-schema.ts b/extensions/matrix/src/config-schema.ts index a95d2fbda96..18d05d69336 100644 --- a/extensions/matrix/src/config-schema.ts +++ b/extensions/matrix/src/config-schema.ts @@ -3,7 +3,7 @@ import { buildNestedDmConfigSchema, DmPolicySchema, GroupPolicySchema, -} from "openclaw/plugin-sdk/compat"; +} from "openclaw/plugin-sdk/channel-config-schema"; import { MarkdownConfigSchema, ToolPolicySchema } from "openclaw/plugin-sdk/matrix"; import { z } from "zod"; import { buildSecretInputSchema } from "./secret-input.js"; diff --git a/extensions/matrix/src/outbound.ts b/extensions/matrix/src/outbound.ts index 072ab2fb8c1..09374b7746e 100644 --- a/extensions/matrix/src/outbound.ts +++ b/extensions/matrix/src/outbound.ts @@ -1,5 +1,5 @@ +import { resolveOutboundSendDep } from "openclaw/plugin-sdk/channel-runtime"; import type { ChannelOutboundAdapter } from "openclaw/plugin-sdk/matrix"; -import { resolveOutboundSendDep } from "../../../src/infra/outbound/send-deps.js"; import { sendMessageMatrix, sendPollMatrix } from "./matrix/send.js"; import { getMatrixRuntime } from "./runtime.js"; diff --git a/extensions/matrix/src/resolve-targets.ts b/extensions/matrix/src/resolve-targets.ts index 2c179492cb0..79b794e1806 100644 --- a/extensions/matrix/src/resolve-targets.ts +++ b/extensions/matrix/src/resolve-targets.ts @@ -1,4 +1,4 @@ -import { mapAllowlistResolutionInputs } from "openclaw/plugin-sdk/compat"; +import { mapAllowlistResolutionInputs } from "openclaw/plugin-sdk/allowlist-resolution"; import type { ChannelDirectoryEntry, ChannelResolveKind, diff --git a/extensions/matrix/src/runtime.ts b/extensions/matrix/src/runtime.ts index eefce7b910a..f57cd92a017 100644 --- a/extensions/matrix/src/runtime.ts +++ b/extensions/matrix/src/runtime.ts @@ -1,5 +1,5 @@ -import { createPluginRuntimeStore } from "openclaw/plugin-sdk/compat"; import type { PluginRuntime } from "openclaw/plugin-sdk/matrix"; +import { createPluginRuntimeStore } from "openclaw/plugin-sdk/runtime-store"; const { setRuntime: setMatrixRuntime, getRuntime: getMatrixRuntime } = createPluginRuntimeStore("Matrix runtime not initialized"); diff --git a/extensions/matrix/src/setup-core.ts b/extensions/matrix/src/setup-core.ts index f0fc395a344..5e5973bd05e 100644 --- a/extensions/matrix/src/setup-core.ts +++ b/extensions/matrix/src/setup-core.ts @@ -1,10 +1,9 @@ import { - applyAccountNameToChannelSection, - migrateBaseNameToDefaultAccount, -} from "../../../src/channels/plugins/setup-helpers.js"; -import type { ChannelSetupAdapter } from "../../../src/channels/plugins/types.adapters.js"; -import { normalizeSecretInputString } from "../../../src/config/types.secrets.js"; -import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js"; + normalizeAccountId, + normalizeSecretInputString, + prepareScopedSetupConfig, + type ChannelSetupAdapter, +} from "openclaw/plugin-sdk/setup"; import type { CoreConfig } from "./types.js"; const channel = "matrix" as const; @@ -44,12 +43,12 @@ export function buildMatrixConfigUpdate( export const matrixSetupAdapter: ChannelSetupAdapter = { resolveAccountId: ({ accountId }) => normalizeAccountId(accountId), applyAccountName: ({ cfg, accountId, name }) => - applyAccountNameToChannelSection({ + prepareScopedSetupConfig({ cfg: cfg as CoreConfig, channelKey: channel, accountId, name, - }), + }) as CoreConfig, validateInput: ({ input }) => { if (input.useEnv) { return null; @@ -74,19 +73,13 @@ export const matrixSetupAdapter: ChannelSetupAdapter = { return null; }, applyAccountConfig: ({ cfg, accountId, input }) => { - const namedConfig = applyAccountNameToChannelSection({ + const next = prepareScopedSetupConfig({ cfg: cfg as CoreConfig, channelKey: channel, accountId, name: input.name, - }); - const next = - accountId !== DEFAULT_ACCOUNT_ID - ? migrateBaseNameToDefaultAccount({ - cfg: namedConfig, - channelKey: channel, - }) - : namedConfig; + migrateBaseName: true, + }) as CoreConfig; if (input.useEnv) { return { ...next, diff --git a/extensions/matrix/src/setup-surface.ts b/extensions/matrix/src/setup-surface.ts index 0f79545358e..09e9438a410 100644 --- a/extensions/matrix/src/setup-surface.ts +++ b/extensions/matrix/src/setup-surface.ts @@ -1,20 +1,20 @@ import { addWildcardAllowFrom, buildSingleChannelSecretPromptState, + DEFAULT_ACCOUNT_ID, + formatDocsLink, + formatResolvedUnresolvedNote, + hasConfiguredSecretInput, mergeAllowFromEntries, promptSingleChannelSecretInput, setTopLevelChannelGroupPolicy, -} from "../../../src/channels/plugins/setup-wizard-helpers.js"; -import type { ChannelSetupDmPolicy } from "../../../src/channels/plugins/setup-wizard-types.js"; -import type { ChannelSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import type { DmPolicy } from "../../../src/config/types.js"; -import type { SecretInput } from "../../../src/config/types.secrets.js"; -import { hasConfiguredSecretInput } from "../../../src/config/types.secrets.js"; -import { formatResolvedUnresolvedNote } from "../../../src/plugin-sdk/resolution-notes.js"; -import { DEFAULT_ACCOUNT_ID } from "../../../src/routing/session-key.js"; -import { formatDocsLink } from "../../../src/terminal/links.js"; -import type { WizardPrompter } from "../../../src/wizard/prompts.js"; + type ChannelSetupDmPolicy, + type ChannelSetupWizard, + type DmPolicy, + type OpenClawConfig, + type SecretInput, + type WizardPrompter, +} from "openclaw/plugin-sdk/setup"; import { listMatrixDirectoryGroupsLive } from "./directory-live.js"; import { resolveMatrixAccount } from "./matrix/accounts.js"; import { ensureMatrixSdkInstalled, isMatrixSdkAvailable } from "./matrix/deps.js"; diff --git a/extensions/mattermost/api.ts b/extensions/mattermost/api.ts new file mode 100644 index 00000000000..4968757a94e --- /dev/null +++ b/extensions/mattermost/api.ts @@ -0,0 +1 @@ +export { mattermostPlugin } from "./src/channel.js"; diff --git a/extensions/mattermost/index.test.ts b/extensions/mattermost/index.test.ts index b2ef565c4d2..d21403111cb 100644 --- a/extensions/mattermost/index.test.ts +++ b/extensions/mattermost/index.test.ts @@ -1,6 +1,6 @@ import type { OpenClawPluginApi } from "openclaw/plugin-sdk/mattermost"; import { describe, expect, it, vi } from "vitest"; -import { createTestPluginApi } from "../test-utils/plugin-api.js"; +import { createTestPluginApi } from "../../test/helpers/extensions/plugin-api.js"; import plugin from "./index.js"; function createApi( diff --git a/extensions/mattermost/index.ts b/extensions/mattermost/index.ts index de6f4e1d8a0..a40971bf850 100644 --- a/extensions/mattermost/index.ts +++ b/extensions/mattermost/index.ts @@ -1,26 +1,20 @@ -import type { OpenClawPluginApi } from "openclaw/plugin-sdk/mattermost"; -import { emptyPluginConfigSchema } from "openclaw/plugin-sdk/mattermost"; +import { defineChannelPluginEntry } from "openclaw/plugin-sdk/core"; import { mattermostPlugin } from "./src/channel.js"; -import { getSlashCommandState, registerSlashCommandRoute } from "./src/mattermost/slash-state.js"; +import { registerSlashCommandRoute } from "./src/mattermost/slash-state.js"; import { setMattermostRuntime } from "./src/runtime.js"; -const plugin = { +export { mattermostPlugin } from "./src/channel.js"; +export { setMattermostRuntime } from "./src/runtime.js"; + +export default defineChannelPluginEntry({ id: "mattermost", name: "Mattermost", description: "Mattermost channel plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { - setMattermostRuntime(api.runtime); - api.registerChannel({ plugin: mattermostPlugin }); - if (api.registrationMode !== "full") { - return; - } - - // Register the HTTP route for slash command callbacks. - // The actual command registration with MM happens in the monitor - // after the bot connects and we know the team ID. + plugin: mattermostPlugin, + setRuntime: setMattermostRuntime, + registerFull(api) { + // Actual slash-command registration happens after the monitor connects and + // knows the team id; the route itself can be wired here. registerSlashCommandRoute(api); }, -}; - -export default plugin; +}); diff --git a/extensions/mattermost/setup-entry.ts b/extensions/mattermost/setup-entry.ts index 64c02fcbe9d..34ce40972e4 100644 --- a/extensions/mattermost/setup-entry.ts +++ b/extensions/mattermost/setup-entry.ts @@ -1,5 +1,4 @@ +import { defineSetupPluginEntry } from "openclaw/plugin-sdk/core"; import { mattermostPlugin } from "./src/channel.js"; -export default { - plugin: mattermostPlugin, -}; +export default defineSetupPluginEntry(mattermostPlugin); diff --git a/extensions/mattermost/src/channel.ts b/extensions/mattermost/src/channel.ts index 4bf52904b3f..887a878c5e8 100644 --- a/extensions/mattermost/src/channel.ts +++ b/extensions/mattermost/src/channel.ts @@ -1,9 +1,9 @@ +import { formatNormalizedAllowFromEntries } from "openclaw/plugin-sdk/allow-from"; +import { createScopedAccountConfigAccessors } from "openclaw/plugin-sdk/channel-config-helpers"; import { buildAccountScopedDmSecurityPolicy, collectAllowlistProviderRestrictSendersWarnings, - createScopedAccountConfigAccessors, - formatNormalizedAllowFromEntries, -} from "openclaw/plugin-sdk/compat"; +} from "openclaw/plugin-sdk/channel-policy"; import { buildComputedAccountStatusSnapshot, buildChannelConfigSchema, diff --git a/extensions/mattermost/src/config-schema.ts b/extensions/mattermost/src/config-schema.ts index 16ee615454c..d578de86e9a 100644 --- a/extensions/mattermost/src/config-schema.ts +++ b/extensions/mattermost/src/config-schema.ts @@ -9,6 +9,32 @@ import { z } from "zod"; import { requireChannelOpenAllowFrom } from "../../shared/config-schema-helpers.js"; import { buildSecretInputSchema } from "./secret-input.js"; +const DmChannelRetrySchema = z + .object({ + /** Maximum number of retry attempts for DM channel creation (default: 3) */ + maxRetries: z.number().int().min(0).max(10).optional(), + /** Initial delay in milliseconds before first retry (default: 1000) */ + initialDelayMs: z.number().int().min(100).max(60000).optional(), + /** Maximum delay in milliseconds between retries (default: 10000) */ + maxDelayMs: z.number().int().min(1000).max(60000).optional(), + /** Timeout for each individual DM channel creation request in milliseconds (default: 30000) */ + timeoutMs: z.number().int().min(5000).max(120000).optional(), + }) + .strict() + .refine( + (data) => { + if (data.initialDelayMs !== undefined && data.maxDelayMs !== undefined) { + return data.initialDelayMs <= data.maxDelayMs; + } + return true; + }, + { + message: "initialDelayMs must be less than or equal to maxDelayMs", + path: ["initialDelayMs"], + }, + ) + .optional(); + const MattermostSlashCommandsSchema = z .object({ /** Enable native slash commands. "auto" resolves to false (opt-in). */ @@ -58,6 +84,8 @@ const MattermostAccountSchemaBase = z allowedSourceIps: z.array(z.string()).optional(), }) .optional(), + /** Retry configuration for DM channel creation */ + dmChannelRetry: DmChannelRetrySchema, }) .strict(); diff --git a/extensions/mattermost/src/group-mentions.ts b/extensions/mattermost/src/group-mentions.ts index 1ab85c15448..153edc2c84c 100644 --- a/extensions/mattermost/src/group-mentions.ts +++ b/extensions/mattermost/src/group-mentions.ts @@ -1,4 +1,4 @@ -import { resolveChannelGroupRequireMention } from "openclaw/plugin-sdk/compat"; +import { resolveChannelGroupRequireMention } from "openclaw/plugin-sdk/channel-policy"; import type { ChannelGroupContext } from "openclaw/plugin-sdk/mattermost"; import { resolveMattermostAccount } from "./mattermost/accounts.js"; diff --git a/extensions/mattermost/src/mattermost/client.retry.test.ts b/extensions/mattermost/src/mattermost/client.retry.test.ts new file mode 100644 index 00000000000..c5f62357fe4 --- /dev/null +++ b/extensions/mattermost/src/mattermost/client.retry.test.ts @@ -0,0 +1,466 @@ +import { describe, expect, it, vi, beforeEach } from "vitest"; +import { createMattermostClient, createMattermostDirectChannelWithRetry } from "./client.js"; + +describe("createMattermostDirectChannelWithRetry", () => { + const mockFetch = vi.fn(); + + beforeEach(() => { + vi.resetAllMocks(); + }); + + function createMockClient() { + return createMattermostClient({ + baseUrl: "https://mattermost.example.com", + botToken: "test-token", + fetchImpl: mockFetch as unknown as typeof fetch, + }); + } + + function createFetchFailedError(params: { message: string; code?: string }): TypeError { + const cause = Object.assign(new Error(params.message), { + code: params.code, + }); + return Object.assign(new TypeError("fetch failed"), { cause }); + } + + it("succeeds on first attempt without retries", async () => { + mockFetch.mockResolvedValueOnce({ + ok: true, + status: 201, + headers: new Headers({ "content-type": "application/json" }), + json: async () => ({ id: "dm-channel-123" }), + } as Response); + + const client = createMockClient(); + const onRetry = vi.fn(); + + const result = await createMattermostDirectChannelWithRetry(client, ["user-1", "user-2"], { + onRetry, + }); + + expect(result.id).toBe("dm-channel-123"); + expect(mockFetch).toHaveBeenCalledTimes(1); + expect(onRetry).not.toHaveBeenCalled(); + }); + + it("retries on 429 rate limit error and succeeds", async () => { + mockFetch + .mockResolvedValueOnce({ + ok: false, + status: 429, + headers: new Headers({ "content-type": "application/json" }), + json: async () => ({ message: "Too many requests" }), + text: async () => "Too many requests", + } as Response) + .mockResolvedValueOnce({ + ok: true, + status: 201, + headers: new Headers({ "content-type": "application/json" }), + json: async () => ({ id: "dm-channel-456" }), + } as Response); + + const client = createMockClient(); + const onRetry = vi.fn(); + + const result = await createMattermostDirectChannelWithRetry(client, ["user-1", "user-2"], { + maxRetries: 3, + initialDelayMs: 10, + onRetry, + }); + + expect(result.id).toBe("dm-channel-456"); + expect(mockFetch).toHaveBeenCalledTimes(2); + expect(onRetry).toHaveBeenCalledTimes(1); + expect(onRetry).toHaveBeenCalledWith( + 1, + expect.any(Number), + expect.objectContaining({ message: expect.stringContaining("429") }), + ); + }); + + it("retries on port 443 connection errors (not misclassified as 4xx)", async () => { + // This tests that port numbers like :443 don't trigger false 4xx classification + mockFetch + .mockRejectedValueOnce(new Error("connect ECONNRESET 104.18.32.10:443")) + .mockResolvedValueOnce({ + ok: true, + status: 201, + headers: new Headers({ "content-type": "application/json" }), + json: async () => ({ id: "dm-channel-port" }), + } as Response); + + const client = createMockClient(); + + const result = await createMattermostDirectChannelWithRetry(client, ["user-1", "user-2"], { + maxRetries: 3, + initialDelayMs: 10, + }); + + // Should retry and succeed on second attempt (port 443 should NOT be treated as 4xx) + expect(mockFetch).toHaveBeenCalledTimes(2); + expect(result.id).toBe("dm-channel-port"); + }); + + it("does not retry on 400 even if error message contains '429' text", async () => { + // This tests that "429" in error detail doesn't trigger false rate-limit retry + // e.g., "Invalid user ID: 4294967295" should NOT be retried + mockFetch.mockResolvedValueOnce({ + ok: false, + status: 400, + headers: new Headers({ "content-type": "application/json" }), + json: async () => ({ message: "Invalid user ID: 4294967295" }), + text: async () => "Invalid user ID: 4294967295", + } as Response); + + const client = createMockClient(); + + await expect( + createMattermostDirectChannelWithRetry(client, ["user-1", "user-2"], { + maxRetries: 3, + initialDelayMs: 10, + }), + ).rejects.toThrow(); + + // Should not retry - only called once (400 is a client error, even though message contains "429") + expect(mockFetch).toHaveBeenCalledTimes(1); + }); + + it("retries on 5xx server errors", async () => { + mockFetch + .mockResolvedValueOnce({ + ok: false, + status: 503, + headers: new Headers({ "content-type": "application/json" }), + json: async () => ({ message: "Service unavailable" }), + text: async () => "Service unavailable", + } as Response) + .mockResolvedValueOnce({ + ok: false, + status: 502, + headers: new Headers({ "content-type": "application/json" }), + json: async () => ({ message: "Bad gateway" }), + text: async () => "Bad gateway", + } as Response) + .mockResolvedValueOnce({ + ok: true, + status: 201, + headers: new Headers({ "content-type": "application/json" }), + json: async () => ({ id: "dm-channel-789" }), + } as Response); + + const client = createMockClient(); + + const result = await createMattermostDirectChannelWithRetry(client, ["user-1", "user-2"], { + maxRetries: 3, + initialDelayMs: 10, + }); + + expect(result.id).toBe("dm-channel-789"); + expect(mockFetch).toHaveBeenCalledTimes(3); + }); + + it("retries on network errors", async () => { + mockFetch + .mockRejectedValueOnce(new Error("Network error: connection refused")) + .mockRejectedValueOnce(new Error("ECONNRESET")) + .mockResolvedValueOnce({ + ok: true, + status: 201, + headers: new Headers({ "content-type": "application/json" }), + json: async () => ({ id: "dm-channel-abc" }), + } as Response); + + const client = createMockClient(); + + const result = await createMattermostDirectChannelWithRetry(client, ["user-1", "user-2"], { + maxRetries: 3, + initialDelayMs: 10, + }); + + expect(result.id).toBe("dm-channel-abc"); + expect(mockFetch).toHaveBeenCalledTimes(3); + }); + + it("retries on fetch failed errors when the cause carries a transient code", async () => { + mockFetch + .mockRejectedValueOnce( + createFetchFailedError({ + message: "connect ECONNREFUSED 127.0.0.1:81", + code: "ECONNREFUSED", + }), + ) + .mockResolvedValueOnce({ + ok: true, + status: 201, + headers: new Headers({ "content-type": "application/json" }), + json: async () => ({ id: "dm-channel-fetch-failed" }), + } as Response); + + const client = createMockClient(); + + const result = await createMattermostDirectChannelWithRetry(client, ["user-1", "user-2"], { + maxRetries: 3, + initialDelayMs: 10, + }); + + expect(result.id).toBe("dm-channel-fetch-failed"); + expect(mockFetch).toHaveBeenCalledTimes(2); + }); + + it("does not retry on 4xx client errors (except 429)", async () => { + mockFetch.mockResolvedValueOnce({ + ok: false, + status: 400, + headers: new Headers({ "content-type": "application/json" }), + json: async () => ({ message: "Bad request" }), + text: async () => "Bad request", + } as Response); + + const client = createMockClient(); + + await expect( + createMattermostDirectChannelWithRetry(client, ["user-1", "user-2"], { + maxRetries: 3, + initialDelayMs: 10, + }), + ).rejects.toThrow("400"); + + expect(mockFetch).toHaveBeenCalledTimes(1); + }); + + it("does not retry on 404 not found", async () => { + mockFetch.mockResolvedValueOnce({ + ok: false, + status: 404, + headers: new Headers({ "content-type": "application/json" }), + json: async () => ({ message: "User not found" }), + text: async () => "User not found", + } as Response); + + const client = createMockClient(); + + await expect( + createMattermostDirectChannelWithRetry(client, ["user-1", "user-2"], { + maxRetries: 3, + initialDelayMs: 10, + }), + ).rejects.toThrow("404"); + + expect(mockFetch).toHaveBeenCalledTimes(1); + }); + + it("throws after exhausting all retries", async () => { + mockFetch.mockResolvedValue({ + ok: false, + status: 503, + headers: new Headers({ "content-type": "application/json" }), + json: async () => ({ message: "Service unavailable" }), + text: async () => "Service unavailable", + } as Response); + + const client = createMockClient(); + + await expect( + createMattermostDirectChannelWithRetry(client, ["user-1", "user-2"], { + maxRetries: 2, + initialDelayMs: 10, + }), + ).rejects.toThrow(); + + expect(mockFetch).toHaveBeenCalledTimes(3); // initial + 2 retries + }); + + it("respects custom timeout option and aborts fetch", async () => { + let abortSignal: AbortSignal | undefined; + let abortListenerCalled = false; + + mockFetch.mockImplementationOnce((url, init) => { + abortSignal = init?.signal; + if (abortSignal) { + abortSignal.addEventListener("abort", () => { + abortListenerCalled = true; + }); + } + // Return a promise that rejects when aborted, otherwise never resolves + return new Promise((_, reject) => { + if (abortSignal) { + const checkAbort = () => { + if (abortSignal?.aborted) { + reject(new Error("AbortError")); + } else { + setTimeout(checkAbort, 10); + } + }; + setTimeout(checkAbort, 10); + } + }); + }); + + const client = createMockClient(); + + await expect( + createMattermostDirectChannelWithRetry(client, ["user-1", "user-2"], { + timeoutMs: 50, + maxRetries: 0, + initialDelayMs: 10, + }), + ).rejects.toThrow(); + + expect(mockFetch).toHaveBeenCalledTimes(1); + expect(abortSignal).toBeDefined(); + expect(abortListenerCalled).toBe(true); + }); + + it("uses exponential backoff with jitter between retries", async () => { + const delays: number[] = []; + mockFetch + .mockRejectedValueOnce(new Error("Mattermost API 503 Service Unavailable")) + .mockRejectedValueOnce(new Error("Mattermost API 503 Service Unavailable")) + .mockResolvedValueOnce({ + ok: true, + status: 201, + headers: new Headers({ "content-type": "application/json" }), + json: async () => ({ id: "dm-channel-delay" }), + } as Response); + + const client = createMockClient(); + + await createMattermostDirectChannelWithRetry(client, ["user-1", "user-2"], { + maxRetries: 3, + initialDelayMs: 100, + maxDelayMs: 1000, + onRetry: (attempt, delayMs) => { + delays.push(delayMs); + }, + }); + + expect(delays).toHaveLength(2); + // First retry: exponentialDelay = 100ms, jitter = 0-100ms, total = 100-200ms + expect(delays[0]).toBeGreaterThanOrEqual(100); + expect(delays[0]).toBeLessThanOrEqual(200); + // Second retry: exponentialDelay = 200ms, jitter = 0-200ms, total = 200-400ms + expect(delays[1]).toBeGreaterThanOrEqual(200); + expect(delays[1]).toBeLessThanOrEqual(400); + }); + + it("respects maxDelayMs cap", async () => { + const delays: number[] = []; + mockFetch + .mockRejectedValueOnce(new Error("Mattermost API 503")) + .mockRejectedValueOnce(new Error("Mattermost API 503")) + .mockRejectedValueOnce(new Error("Mattermost API 503")) + .mockRejectedValueOnce(new Error("Mattermost API 503")) + .mockResolvedValueOnce({ + ok: true, + status: 201, + headers: new Headers({ "content-type": "application/json" }), + json: async () => ({ id: "dm-channel-max" }), + } as Response); + + const client = createMockClient(); + + await createMattermostDirectChannelWithRetry(client, ["user-1", "user-2"], { + maxRetries: 4, + initialDelayMs: 1000, + maxDelayMs: 2500, + onRetry: (attempt, delayMs) => { + delays.push(delayMs); + }, + }); + + expect(delays).toHaveLength(4); + // All delays should be capped at maxDelayMs + delays.forEach((delay) => { + expect(delay).toBeLessThanOrEqual(2500); + }); + }); + + it("does not retry on 4xx errors even if message contains retryable keywords", async () => { + // This tests the fix for false positives where a 400 error with "timeout" in the message + // would incorrectly be retried + mockFetch.mockResolvedValueOnce({ + ok: false, + status: 400, + headers: new Headers({ "content-type": "application/json" }), + json: async () => ({ message: "Request timeout: connection timed out" }), + text: async () => "Request timeout: connection timed out", + } as Response); + + const client = createMockClient(); + + await expect( + createMattermostDirectChannelWithRetry(client, ["user-1", "user-2"], { + maxRetries: 3, + initialDelayMs: 10, + }), + ).rejects.toThrow("400"); + + // Should not retry - only called once + expect(mockFetch).toHaveBeenCalledTimes(1); + }); + + it("does not retry on 403 Forbidden even with 'abort' in message", async () => { + mockFetch.mockResolvedValueOnce({ + ok: false, + status: 403, + headers: new Headers({ "content-type": "application/json" }), + json: async () => ({ message: "Request aborted: forbidden" }), + text: async () => "Request aborted: forbidden", + } as Response); + + const client = createMockClient(); + + await expect( + createMattermostDirectChannelWithRetry(client, ["user-1", "user-2"], { + maxRetries: 3, + initialDelayMs: 10, + }), + ).rejects.toThrow("403"); + + expect(mockFetch).toHaveBeenCalledTimes(1); + }); + + it("passes AbortSignal to fetch for timeout support", async () => { + let capturedSignal: AbortSignal | undefined; + mockFetch.mockImplementationOnce((url, init) => { + capturedSignal = init?.signal; + return Promise.resolve({ + ok: true, + status: 201, + headers: new Headers({ "content-type": "application/json" }), + json: async () => ({ id: "dm-channel-signal" }), + } as Response); + }); + + const client = createMockClient(); + await createMattermostDirectChannelWithRetry(client, ["user-1", "user-2"], { + timeoutMs: 5000, + }); + + expect(capturedSignal).toBeDefined(); + expect(capturedSignal).toBeInstanceOf(AbortSignal); + }); + + it("retries on 5xx even if error message contains 4xx substring", async () => { + // This tests the fix for the ordering bug: 503 with "upstream 404" should be retried + mockFetch + .mockRejectedValueOnce(new Error("Mattermost API 503: upstream returned 404 Not Found")) + .mockResolvedValueOnce({ + ok: true, + status: 201, + headers: new Headers({ "content-type": "application/json" }), + json: async () => ({ id: "dm-channel-5xx-with-404" }), + } as Response); + + const client = createMockClient(); + + const result = await createMattermostDirectChannelWithRetry(client, ["user-1", "user-2"], { + maxRetries: 3, + initialDelayMs: 10, + }); + + // Should retry and succeed on second attempt + expect(mockFetch).toHaveBeenCalledTimes(2); + expect(result.id).toBe("dm-channel-5xx-with-404"); + }); +}); diff --git a/extensions/mattermost/src/mattermost/client.ts b/extensions/mattermost/src/mattermost/client.ts index 1a8219340b9..c514160590f 100644 --- a/extensions/mattermost/src/mattermost/client.ts +++ b/extensions/mattermost/src/mattermost/client.ts @@ -168,13 +168,270 @@ export async function sendMattermostTyping( export async function createMattermostDirectChannel( client: MattermostClient, userIds: string[], + signal?: AbortSignal, ): Promise { return await client.request("/channels/direct", { method: "POST", body: JSON.stringify(userIds), + signal, }); } +export type CreateDmChannelRetryOptions = { + /** Maximum number of retry attempts (default: 3) */ + maxRetries?: number; + /** Initial delay in milliseconds (default: 1000) */ + initialDelayMs?: number; + /** Maximum delay in milliseconds (default: 10000) */ + maxDelayMs?: number; + /** Timeout for each individual request in milliseconds (default: 30000) */ + timeoutMs?: number; + /** Optional logger for retry events */ + onRetry?: (attempt: number, delayMs: number, error: Error) => void; +}; + +const RETRYABLE_NETWORK_ERROR_CODES = new Set([ + "ECONNRESET", + "ECONNREFUSED", + "ETIMEDOUT", + "ESOCKETTIMEDOUT", + "ECONNABORTED", + "ENOTFOUND", + "EAI_AGAIN", + "EHOSTUNREACH", + "ENETUNREACH", + "EPIPE", + "UND_ERR_CONNECT_TIMEOUT", + "UND_ERR_DNS_RESOLVE_FAILED", + "UND_ERR_CONNECT", + "UND_ERR_SOCKET", + "UND_ERR_HEADERS_TIMEOUT", + "UND_ERR_BODY_TIMEOUT", +]); + +const RETRYABLE_NETWORK_ERROR_NAMES = new Set([ + "AbortError", + "TimeoutError", + "ConnectTimeoutError", + "HeadersTimeoutError", + "BodyTimeoutError", +]); + +const RETRYABLE_NETWORK_MESSAGE_SNIPPETS = [ + "network error", + "timeout", + "timed out", + "abort", + "connection refused", + "econnreset", + "econnrefused", + "etimedout", + "enotfound", + "socket hang up", + "getaddrinfo", +]; + +/** + * Creates a Mattermost DM channel with exponential backoff retry logic. + * Retries on transient errors (429, 5xx, network errors) but not on + * client errors (4xx except 429) or permanent failures. + */ +export async function createMattermostDirectChannelWithRetry( + client: MattermostClient, + userIds: string[], + options: CreateDmChannelRetryOptions = {}, +): Promise { + const { + maxRetries = 3, + initialDelayMs = 1000, + maxDelayMs = 10000, + timeoutMs = 30000, + onRetry, + } = options; + + let lastError: Error | undefined; + + for (let attempt = 0; attempt <= maxRetries; attempt++) { + try { + // Use AbortController for per-request timeout + const controller = new AbortController(); + const timeoutId = setTimeout(() => controller.abort(), timeoutMs); + + try { + const result = await createMattermostDirectChannel(client, userIds, controller.signal); + return result; + } finally { + clearTimeout(timeoutId); + } + } catch (err) { + lastError = err instanceof Error ? err : new Error(String(err)); + + // Don't retry on the last attempt + if (attempt >= maxRetries) { + break; + } + + // Check if error is retryable + if (!isRetryableError(lastError)) { + throw lastError; + } + + // Calculate exponential backoff delay with full-jitter + // Jitter is proportional to the exponential delay, not a fixed 1000ms + // This ensures backoff behaves correctly for small delay configurations + const exponentialDelay = initialDelayMs * Math.pow(2, attempt); + const jitter = Math.random() * exponentialDelay; + const delayMs = Math.min(exponentialDelay + jitter, maxDelayMs); + + if (onRetry) { + onRetry(attempt + 1, delayMs, lastError); + } + + // Wait before retrying + await sleep(delayMs); + } + } + + throw lastError ?? new Error("Failed to create DM channel after retries"); +} + +function isRetryableError(error: Error): boolean { + const candidates = collectErrorCandidates(error); + const messages = candidates + .map((candidate) => readErrorMessage(candidate)?.toLowerCase()) + .filter((message): message is string => Boolean(message)); + + // Retry on 5xx server errors FIRST (before checking 4xx) + // Use "mattermost api" prefix to avoid matching port numbers (e.g., :443) or IP octets + // This prevents misclassification when a 5xx error detail contains a 4xx substring + // e.g., "Mattermost API 503: upstream returned 404" + if (messages.some((message) => /mattermost api 5\d{2}\b/.test(message))) { + return true; + } + + // Check for explicit 429 rate limiting FIRST (before generic "429" text match) + // This avoids retrying when error detail contains "429" but it's not the status code + if ( + messages.some( + (message) => /mattermost api 429\b/.test(message) || message.includes("too many requests"), + ) + ) { + return true; + } + + // Check for explicit 4xx status codes - these are client errors and should NOT be retried + // (except 429 which is handled above) + // Use "mattermost api" prefix to avoid matching port numbers like :443 + for (const message of messages) { + const clientErrorMatch = message.match(/mattermost api (4\d{2})\b/); + if (!clientErrorMatch) { + continue; + } + const statusCode = parseInt(clientErrorMatch[1], 10); + if (statusCode >= 400 && statusCode < 500) { + return false; + } + } + + // Retry on network/transient errors only if no explicit Mattermost API status code is present + // This avoids false positives like: + // - "400 Bad Request: connection timed out" (has status code) + // - "connect ECONNRESET 104.18.32.10:443" (has port number, not status) + const hasMattermostApiStatusCode = messages.some((message) => + /mattermost api \d{3}\b/.test(message), + ); + if (hasMattermostApiStatusCode) { + return false; + } + + const codes = candidates + .map((candidate) => readErrorCode(candidate)) + .filter((code): code is string => Boolean(code)); + if (codes.some((code) => RETRYABLE_NETWORK_ERROR_CODES.has(code))) { + return true; + } + + const names = candidates + .map((candidate) => readErrorName(candidate)) + .filter((name): name is string => Boolean(name)); + if (names.some((name) => RETRYABLE_NETWORK_ERROR_NAMES.has(name))) { + return true; + } + + return messages.some((message) => + RETRYABLE_NETWORK_MESSAGE_SNIPPETS.some((pattern) => message.includes(pattern)), + ); +} + +function collectErrorCandidates(error: unknown): unknown[] { + const queue: unknown[] = [error]; + const seen = new Set(); + const candidates: unknown[] = []; + + while (queue.length > 0) { + const current = queue.shift(); + if (!current || seen.has(current)) { + continue; + } + seen.add(current); + candidates.push(current); + + if (typeof current !== "object") { + continue; + } + + const nested = current as { + cause?: unknown; + reason?: unknown; + errors?: unknown; + }; + queue.push(nested.cause, nested.reason); + if (Array.isArray(nested.errors)) { + queue.push(...nested.errors); + } + } + + return candidates; +} + +function readErrorMessage(error: unknown): string | undefined { + if (!error || typeof error !== "object") { + return undefined; + } + const message = (error as { message?: unknown }).message; + return typeof message === "string" && message.trim() ? message : undefined; +} + +function readErrorName(error: unknown): string | undefined { + if (!error || typeof error !== "object") { + return undefined; + } + const name = (error as { name?: unknown }).name; + return typeof name === "string" && name.trim() ? name : undefined; +} + +function readErrorCode(error: unknown): string | undefined { + if (!error || typeof error !== "object") { + return undefined; + } + const { code, errno } = error as { + code?: unknown; + errno?: unknown; + }; + const raw = typeof code === "string" && code.trim() ? code : errno; + if (typeof raw === "string" && raw.trim()) { + return raw.trim().toUpperCase(); + } + if (typeof raw === "number" && Number.isFinite(raw)) { + return String(raw); + } + return undefined; +} + +function sleep(ms: number): Promise { + return new Promise((resolve) => setTimeout(resolve, ms)); +} + export async function createMattermostPost( client: MattermostClient, params: { diff --git a/extensions/mattermost/src/mattermost/send.test.ts b/extensions/mattermost/src/mattermost/send.test.ts index 774f40f99fa..784b27677e6 100644 --- a/extensions/mattermost/src/mattermost/send.test.ts +++ b/extensions/mattermost/src/mattermost/send.test.ts @@ -2,7 +2,7 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; import { expectProvidedCfgSkipsRuntimeLoad, expectRuntimeCfgFallback, -} from "../../../test-utils/send-config.js"; +} from "../../../../test/helpers/extensions/send-config.js"; import { parseMattermostTarget, sendMessageMattermost } from "./send.js"; import { resetMattermostOpaqueTargetCacheForTests } from "./target-resolution.js"; @@ -13,9 +13,11 @@ const mockState = vi.hoisted(() => ({ accountId: "default", botToken: "bot-token", baseUrl: "https://mattermost.example.com", + config: {}, })), createMattermostClient: vi.fn(), createMattermostDirectChannel: vi.fn(), + createMattermostDirectChannelWithRetry: vi.fn(), createMattermostPost: vi.fn(), fetchMattermostChannelByName: vi.fn(), fetchMattermostMe: vi.fn(), @@ -37,6 +39,7 @@ vi.mock("./accounts.js", () => ({ vi.mock("./client.js", () => ({ createMattermostClient: mockState.createMattermostClient, createMattermostDirectChannel: mockState.createMattermostDirectChannel, + createMattermostDirectChannelWithRetry: mockState.createMattermostDirectChannelWithRetry, createMattermostPost: mockState.createMattermostPost, fetchMattermostChannelByName: mockState.fetchMattermostChannelByName, fetchMattermostMe: mockState.fetchMattermostMe, @@ -77,10 +80,12 @@ describe("sendMessageMattermost", () => { accountId: "default", botToken: "bot-token", baseUrl: "https://mattermost.example.com", + config: {}, }); mockState.loadOutboundMediaFromUrl.mockReset(); mockState.createMattermostClient.mockReset(); mockState.createMattermostDirectChannel.mockReset(); + mockState.createMattermostDirectChannelWithRetry.mockReset(); mockState.createMattermostPost.mockReset(); mockState.fetchMattermostChannelByName.mockReset(); mockState.fetchMattermostMe.mockReset(); @@ -91,6 +96,7 @@ describe("sendMessageMattermost", () => { resetMattermostOpaqueTargetCacheForTests(); mockState.createMattermostClient.mockReturnValue({}); mockState.createMattermostPost.mockResolvedValue({ id: "post-1" }); + mockState.createMattermostDirectChannelWithRetry.mockResolvedValue({ id: "dm-channel-1" }); mockState.fetchMattermostMe.mockResolvedValue({ id: "bot-user" }); mockState.fetchMattermostUserTeams.mockResolvedValue([{ id: "team-1" }]); mockState.fetchMattermostChannelByName.mockResolvedValue({ id: "town-square" }); @@ -105,6 +111,12 @@ describe("sendMessageMattermost", () => { }, }, }; + mockState.resolveMattermostAccount.mockReturnValue({ + accountId: "work", + botToken: "provided-token", + baseUrl: "https://mattermost.example.com", + config: {}, + }); await sendMessageMattermost("channel:town-square", "hello", { cfg: providedCfg as any, @@ -128,6 +140,12 @@ describe("sendMessageMattermost", () => { }, }; mockState.loadConfig.mockReturnValueOnce(runtimeCfg); + mockState.resolveMattermostAccount.mockReturnValue({ + accountId: "default", + botToken: "runtime-token", + baseUrl: "https://mattermost.example.com", + config: {}, + }); await sendMessageMattermost("channel:town-square", "hello"); @@ -146,6 +164,12 @@ describe("sendMessageMattermost", () => { contentType: "image/png", kind: "image", }); + mockState.resolveMattermostAccount.mockReturnValue({ + accountId: "default", + botToken: "bot-token", + baseUrl: "https://mattermost.example.com", + config: {}, + }); await sendMessageMattermost("channel:town-square", "hello", { mediaUrl: "file:///tmp/agent-workspace/photo.png", @@ -169,6 +193,13 @@ describe("sendMessageMattermost", () => { }); it("builds interactive button props when buttons are provided", async () => { + mockState.resolveMattermostAccount.mockReturnValue({ + accountId: "default", + botToken: "bot-token", + baseUrl: "https://mattermost.example.com", + config: {}, + }); + await sendMessageMattermost("channel:town-square", "Pick a model", { buttons: [[{ callback_data: "mdlprov", text: "Browse providers" }]], }); @@ -196,8 +227,13 @@ describe("sendMessageMattermost", () => { it("resolves a bare Mattermost user id as a DM target before upload", async () => { const userId = "dthcxgoxhifn3pwh65cut3ud3w"; + mockState.resolveMattermostAccount.mockReturnValue({ + accountId: "default", + botToken: "bot-token", + baseUrl: "https://mattermost.example.com", + config: {}, + }); mockState.fetchMattermostUser.mockResolvedValueOnce({ id: userId }); - mockState.createMattermostDirectChannel.mockResolvedValueOnce({ id: "dm-channel-1" }); mockState.loadOutboundMediaFromUrl.mockResolvedValueOnce({ buffer: Buffer.from("media-bytes"), fileName: "photo.png", @@ -211,7 +247,11 @@ describe("sendMessageMattermost", () => { }); expect(mockState.fetchMattermostUser).toHaveBeenCalledWith({}, userId); - expect(mockState.createMattermostDirectChannel).toHaveBeenCalledWith({}, ["bot-user", userId]); + expect(mockState.createMattermostDirectChannelWithRetry).toHaveBeenCalledWith( + {}, + ["bot-user", userId], + expect.any(Object), + ); expect(mockState.uploadMattermostFile).toHaveBeenCalledWith( {}, expect.objectContaining({ @@ -223,6 +263,12 @@ describe("sendMessageMattermost", () => { it("falls back to a channel target when bare Mattermost id is not a user", async () => { const channelId = "aaaaaaaaaaaaaaaaaaaaaaaaaa"; + mockState.resolveMattermostAccount.mockReturnValue({ + accountId: "default", + botToken: "bot-token", + baseUrl: "https://mattermost.example.com", + config: {}, + }); mockState.fetchMattermostUser.mockRejectedValueOnce( new Error("Mattermost API 404 Not Found: user not found"), ); @@ -239,7 +285,7 @@ describe("sendMessageMattermost", () => { }); expect(mockState.fetchMattermostUser).toHaveBeenCalledWith({}, channelId); - expect(mockState.createMattermostDirectChannel).not.toHaveBeenCalled(); + expect(mockState.createMattermostDirectChannelWithRetry).not.toHaveBeenCalled(); expect(mockState.uploadMattermostFile).toHaveBeenCalledWith( {}, expect.objectContaining({ @@ -337,11 +383,12 @@ describe("parseMattermostTarget", () => { // userIdResolutionCache and dmChannelCache are module singletons that survive across tests. // Using unique cache keys per test ensures full isolation without needing a cache reset API. describe("sendMessageMattermost user-first resolution", () => { - function makeAccount(token: string) { + function makeAccount(token: string, config = {}) { return { accountId: "default", botToken: token, baseUrl: "https://mattermost.example.com", + config, }; } @@ -350,6 +397,7 @@ describe("sendMessageMattermost user-first resolution", () => { mockState.createMattermostClient.mockReturnValue({}); mockState.createMattermostPost.mockResolvedValue({ id: "post-id" }); mockState.createMattermostDirectChannel.mockResolvedValue({ id: "dm-channel-id" }); + mockState.createMattermostDirectChannelWithRetry.mockResolvedValue({ id: "dm-channel-id" }); mockState.fetchMattermostMe.mockResolvedValue({ id: "bot-id" }); }); @@ -362,7 +410,7 @@ describe("sendMessageMattermost user-first resolution", () => { const res = await sendMessageMattermost(userId, "hello"); expect(mockState.fetchMattermostUser).toHaveBeenCalledTimes(1); - expect(mockState.createMattermostDirectChannel).toHaveBeenCalledTimes(1); + expect(mockState.createMattermostDirectChannelWithRetry).toHaveBeenCalledTimes(1); const params = mockState.createMattermostPost.mock.calls[0]?.[1]; expect(params.channelId).toBe("dm-channel-id"); expect(res.channelId).toBe("dm-channel-id"); @@ -379,7 +427,7 @@ describe("sendMessageMattermost user-first resolution", () => { const res = await sendMessageMattermost(channelId, "hello"); expect(mockState.fetchMattermostUser).toHaveBeenCalledTimes(1); - expect(mockState.createMattermostDirectChannel).not.toHaveBeenCalled(); + expect(mockState.createMattermostDirectChannelWithRetry).not.toHaveBeenCalled(); const params = mockState.createMattermostPost.mock.calls[0]?.[1]; expect(params.channelId).toBe(channelId); expect(res.channelId).toBe(channelId); @@ -403,7 +451,7 @@ describe("sendMessageMattermost user-first resolution", () => { vi.clearAllMocks(); mockState.createMattermostClient.mockReturnValue({}); mockState.createMattermostPost.mockResolvedValue({ id: "post-id-2" }); - mockState.createMattermostDirectChannel.mockResolvedValue({ id: "dm-channel-id" }); + mockState.createMattermostDirectChannelWithRetry.mockResolvedValue({ id: "dm-channel-id" }); mockState.fetchMattermostMe.mockResolvedValue({ id: "bot-id" }); mockState.resolveMattermostAccount.mockReturnValue(makeAccount(tokenB)); mockState.fetchMattermostUser.mockResolvedValueOnce({ id: userId }); @@ -417,11 +465,12 @@ describe("sendMessageMattermost user-first resolution", () => { // Unique token + id — explicit user: prefix bypasses probe, goes straight to DM const userId = "dddddd4444444444dddddd4444"; // 26 chars mockState.resolveMattermostAccount.mockReturnValue(makeAccount("token-explicit-user-t4")); + mockState.createMattermostDirectChannelWithRetry.mockResolvedValue({ id: "dm-channel-id" }); const res = await sendMessageMattermost(`user:${userId}`, "hello"); expect(mockState.fetchMattermostUser).not.toHaveBeenCalled(); - expect(mockState.createMattermostDirectChannel).toHaveBeenCalledTimes(1); + expect(mockState.createMattermostDirectChannelWithRetry).toHaveBeenCalledTimes(1); expect(res.channelId).toBe("dm-channel-id"); }); @@ -433,9 +482,101 @@ describe("sendMessageMattermost user-first resolution", () => { const res = await sendMessageMattermost(`channel:${chanId}`, "hello"); expect(mockState.fetchMattermostUser).not.toHaveBeenCalled(); - expect(mockState.createMattermostDirectChannel).not.toHaveBeenCalled(); + expect(mockState.createMattermostDirectChannelWithRetry).not.toHaveBeenCalled(); const params = mockState.createMattermostPost.mock.calls[0]?.[1]; expect(params.channelId).toBe(chanId); expect(res.channelId).toBe(chanId); }); + + it("passes dmRetryOptions from opts to createMattermostDirectChannelWithRetry", async () => { + const userId = "ffffff6666666666ffffff6666"; // 26 chars + mockState.resolveMattermostAccount.mockReturnValue(makeAccount("token-retry-opts-t6")); + mockState.fetchMattermostUser.mockResolvedValueOnce({ id: userId }); + + const retryOptions = { + maxRetries: 5, + initialDelayMs: 500, + maxDelayMs: 5000, + timeoutMs: 10000, + }; + + await sendMessageMattermost(`user:${userId}`, "hello", { + dmRetryOptions: retryOptions, + }); + + expect(mockState.createMattermostDirectChannelWithRetry).toHaveBeenCalledWith( + {}, + ["bot-id", userId], + expect.objectContaining(retryOptions), + ); + }); + + it("uses dmChannelRetry from account config when opts.dmRetryOptions not provided", async () => { + const userId = "gggggg7777777777gggggg7777"; // 26 chars + mockState.resolveMattermostAccount.mockReturnValue({ + accountId: "default", + botToken: "token-retry-config-t7", + baseUrl: "https://mattermost.example.com", + config: { + dmChannelRetry: { + maxRetries: 4, + initialDelayMs: 2000, + maxDelayMs: 8000, + timeoutMs: 15000, + }, + }, + }); + mockState.fetchMattermostUser.mockResolvedValueOnce({ id: userId }); + + await sendMessageMattermost(`user:${userId}`, "hello"); + + expect(mockState.createMattermostDirectChannelWithRetry).toHaveBeenCalledWith( + {}, + ["bot-id", userId], + expect.objectContaining({ + maxRetries: 4, + initialDelayMs: 2000, + maxDelayMs: 8000, + timeoutMs: 15000, + }), + ); + }); + + it("opts.dmRetryOptions overrides provided fields and preserves account defaults", async () => { + const userId = "hhhhhh8888888888hhhhhh8888"; // 26 chars + mockState.resolveMattermostAccount.mockReturnValue({ + accountId: "default", + botToken: "token-retry-override-t8", + baseUrl: "https://mattermost.example.com", + config: { + dmChannelRetry: { + maxRetries: 2, + initialDelayMs: 1000, + }, + }, + }); + mockState.fetchMattermostUser.mockResolvedValueOnce({ id: userId }); + + const overrideOptions = { + maxRetries: 7, + timeoutMs: 20000, + }; + + await sendMessageMattermost(`user:${userId}`, "hello", { + dmRetryOptions: overrideOptions, + }); + + expect(mockState.createMattermostDirectChannelWithRetry).toHaveBeenCalledWith( + {}, + ["bot-id", userId], + expect.objectContaining(overrideOptions), + ); + expect(mockState.createMattermostDirectChannelWithRetry).toHaveBeenCalledWith( + {}, + ["bot-id", userId], + expect.objectContaining({ + initialDelayMs: 1000, + }), + ); + }); }); diff --git a/extensions/mattermost/src/mattermost/send.ts b/extensions/mattermost/src/mattermost/send.ts index 4655dab2f7d..c589c8829a0 100644 --- a/extensions/mattermost/src/mattermost/send.ts +++ b/extensions/mattermost/src/mattermost/send.ts @@ -3,7 +3,7 @@ import { getMattermostRuntime } from "../runtime.js"; import { resolveMattermostAccount } from "./accounts.js"; import { createMattermostClient, - createMattermostDirectChannel, + createMattermostDirectChannelWithRetry, createMattermostPost, fetchMattermostChannelByName, fetchMattermostMe, @@ -12,6 +12,7 @@ import { normalizeMattermostBaseUrl, uploadMattermostFile, type MattermostUser, + type CreateDmChannelRetryOptions, } from "./client.js"; import { buildButtonProps, @@ -32,6 +33,8 @@ export type MattermostSendOpts = { props?: Record; buttons?: Array; attachmentText?: string; + /** Retry options for DM channel creation */ + dmRetryOptions?: CreateDmChannelRetryOptions; }; export type MattermostSendResult = { @@ -182,11 +185,40 @@ async function resolveChannelIdByName(params: { throw new Error(`Mattermost channel "#${name}" not found in any team the bot belongs to`); } -async function resolveTargetChannelId(params: { +type ResolveTargetChannelIdParams = { target: MattermostTarget; baseUrl: string; token: string; -}): Promise { + dmRetryOptions?: CreateDmChannelRetryOptions; + logger?: { debug?: (msg: string) => void; warn?: (msg: string) => void }; +}; + +function mergeDmRetryOptions( + base?: CreateDmChannelRetryOptions, + override?: CreateDmChannelRetryOptions, +): CreateDmChannelRetryOptions | undefined { + const merged: CreateDmChannelRetryOptions = { + maxRetries: override?.maxRetries ?? base?.maxRetries, + initialDelayMs: override?.initialDelayMs ?? base?.initialDelayMs, + maxDelayMs: override?.maxDelayMs ?? base?.maxDelayMs, + timeoutMs: override?.timeoutMs ?? base?.timeoutMs, + onRetry: override?.onRetry, + }; + + if ( + merged.maxRetries === undefined && + merged.initialDelayMs === undefined && + merged.maxDelayMs === undefined && + merged.timeoutMs === undefined && + merged.onRetry === undefined + ) { + return undefined; + } + + return merged; +} + +async function resolveTargetChannelId(params: ResolveTargetChannelIdParams): Promise { if (params.target.kind === "channel") { return params.target.id; } @@ -214,7 +246,20 @@ async function resolveTargetChannelId(params: { baseUrl: params.baseUrl, botToken: params.token, }); - const channel = await createMattermostDirectChannel(client, [botUser.id, userId]); + + const channel = await createMattermostDirectChannelWithRetry(client, [botUser.id, userId], { + ...params.dmRetryOptions, + onRetry: (attempt, delayMs, error) => { + // Call user's onRetry if provided + params.dmRetryOptions?.onRetry?.(attempt, delayMs, error); + // Log if verbose mode is enabled + if (params.logger) { + params.logger.warn?.( + `DM channel creation retry ${attempt} after ${delayMs}ms: ${error.message}`, + ); + } + }, + }); dmChannelCache.set(dmKey, channel.id); return channel.id; } @@ -232,6 +277,7 @@ async function resolveMattermostSendContext( opts: MattermostSendOpts = {}, ): Promise { const core = getCore(); + const logger = core.logging.getChildLogger({ module: "mattermost" }); const cfg = opts.cfg ?? core.config.loadConfig(); const account = resolveMattermostAccount({ cfg, @@ -262,10 +308,23 @@ async function resolveMattermostSendContext( : opaqueTarget?.kind === "channel" ? { kind: "channel" as const, id: opaqueTarget.id } : parseMattermostTarget(trimmedTo); + // Build retry options from account config, allowing opts to override + const accountRetryConfig: CreateDmChannelRetryOptions | undefined = account.config.dmChannelRetry + ? { + maxRetries: account.config.dmChannelRetry.maxRetries, + initialDelayMs: account.config.dmChannelRetry.initialDelayMs, + maxDelayMs: account.config.dmChannelRetry.maxDelayMs, + timeoutMs: account.config.dmChannelRetry.timeoutMs, + } + : undefined; + const dmRetryOptions = mergeDmRetryOptions(accountRetryConfig, opts.dmRetryOptions); + const channelId = await resolveTargetChannelId({ target, baseUrl, token, + dmRetryOptions, + logger: core.logging.shouldLogVerbose() ? logger : undefined, }); return { diff --git a/extensions/mattermost/src/runtime.ts b/extensions/mattermost/src/runtime.ts index 1f112c8361f..b5ec1942973 100644 --- a/extensions/mattermost/src/runtime.ts +++ b/extensions/mattermost/src/runtime.ts @@ -1,5 +1,5 @@ -import { createPluginRuntimeStore } from "openclaw/plugin-sdk/compat"; import type { PluginRuntime } from "openclaw/plugin-sdk/mattermost"; +import { createPluginRuntimeStore } from "openclaw/plugin-sdk/runtime-store"; const { setRuntime: setMattermostRuntime, getRuntime: getMattermostRuntime } = createPluginRuntimeStore("Mattermost runtime not initialized"); diff --git a/extensions/mattermost/src/setup-core.ts b/extensions/mattermost/src/setup-core.ts index 946b1af728e..781967c70a6 100644 --- a/extensions/mattermost/src/setup-core.ts +++ b/extensions/mattermost/src/setup-core.ts @@ -1,3 +1,4 @@ +import type { ChannelSetupAdapter } from "openclaw/plugin-sdk/channel-runtime"; import { applyAccountNameToChannelSection, applySetupAccountConfigPatch, @@ -7,7 +8,6 @@ import { normalizeAccountId, type OpenClawConfig, } from "openclaw/plugin-sdk/mattermost"; -import type { ChannelSetupAdapter } from "../../../src/channels/plugins/types.adapters.js"; import { resolveMattermostAccount, type ResolvedMattermostAccount } from "./mattermost/accounts.js"; import { normalizeMattermostBaseUrl } from "./mattermost/client.js"; diff --git a/extensions/mattermost/src/setup-surface.ts b/extensions/mattermost/src/setup-surface.ts index 13b69542d02..d3b0a66b4c8 100644 --- a/extensions/mattermost/src/setup-surface.ts +++ b/extensions/mattermost/src/setup-surface.ts @@ -4,8 +4,8 @@ import { hasConfiguredSecretInput, type OpenClawConfig, } from "openclaw/plugin-sdk/mattermost"; -import { type ChannelSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import { formatDocsLink } from "../../../src/terminal/links.js"; +import { type ChannelSetupWizard } from "openclaw/plugin-sdk/setup"; +import { formatDocsLink } from "openclaw/plugin-sdk/setup"; import { listMattermostAccountIds } from "./mattermost/accounts.js"; import { normalizeMattermostBaseUrl } from "./mattermost/client.js"; import { diff --git a/extensions/mattermost/src/types.ts b/extensions/mattermost/src/types.ts index f4038ac6920..e6fcc19098c 100644 --- a/extensions/mattermost/src/types.ts +++ b/extensions/mattermost/src/types.ts @@ -90,6 +90,17 @@ export type MattermostAccountConfig = { */ allowedSourceIps?: string[]; }; + /** Retry configuration for DM channel creation */ + dmChannelRetry?: { + /** Maximum number of retry attempts (default: 3) */ + maxRetries?: number; + /** Initial delay in milliseconds before first retry (default: 1000) */ + initialDelayMs?: number; + /** Maximum delay in milliseconds between retries (default: 10000) */ + maxDelayMs?: number; + /** Timeout for each individual request in milliseconds (default: 30000) */ + timeoutMs?: number; + }; }; export type MattermostConfig = { diff --git a/extensions/memory-core/index.ts b/extensions/memory-core/index.ts index 6559485e46a..54c8a5361a7 100644 --- a/extensions/memory-core/index.ts +++ b/extensions/memory-core/index.ts @@ -1,13 +1,11 @@ -import type { OpenClawPluginApi } from "openclaw/plugin-sdk/memory-core"; -import { emptyPluginConfigSchema } from "openclaw/plugin-sdk/memory-core"; +import { definePluginEntry } from "openclaw/plugin-sdk/core"; -const memoryCorePlugin = { +export default definePluginEntry({ id: "memory-core", name: "Memory (Core)", description: "File-backed memory search tools and CLI", kind: "memory", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerTool( (ctx) => { const memorySearchTool = api.runtime.tools.createMemorySearchTool({ @@ -33,6 +31,4 @@ const memoryCorePlugin = { { commands: ["memory"] }, ); }, -}; - -export default memoryCorePlugin; +}); diff --git a/extensions/memory-lancedb/api.ts b/extensions/memory-lancedb/api.ts new file mode 100644 index 00000000000..c1bd12dd4b7 --- /dev/null +++ b/extensions/memory-lancedb/api.ts @@ -0,0 +1 @@ +export * from "openclaw/plugin-sdk/memory-lancedb"; diff --git a/extensions/memory-lancedb/index.test.ts b/extensions/memory-lancedb/index.test.ts index a733c3dffb8..5dabcc9dabf 100644 --- a/extensions/memory-lancedb/index.test.ts +++ b/extensions/memory-lancedb/index.test.ts @@ -18,6 +18,18 @@ const HAS_OPENAI_KEY = Boolean(process.env.OPENAI_API_KEY); const liveEnabled = HAS_OPENAI_KEY && process.env.OPENCLAW_LIVE_TEST === "1"; const describeLive = liveEnabled ? describe : describe.skip; +type MemoryPluginTestConfig = { + embedding?: { + apiKey?: string; + model?: string; + dimensions?: number; + }; + dbPath?: string; + captureMaxChars?: number; + autoCapture?: boolean; + autoRecall?: boolean; +}; + function installTmpDirHarness(params: { prefix: string }) { let tmpDir = ""; let dbPath = ""; @@ -51,7 +63,7 @@ describe("memory plugin e2e", () => { }, dbPath: getDbPath(), ...overrides, - }); + }) as MemoryPluginTestConfig | undefined; } test("memory plugin registers and initializes correctly", async () => { @@ -89,7 +101,7 @@ describe("memory plugin e2e", () => { apiKey: "${TEST_MEMORY_API_KEY}", }, dbPath: getDbPath(), - }); + }) as MemoryPluginTestConfig | undefined; expect(config?.embedding?.apiKey).toBe("test-key-123"); diff --git a/extensions/memory-lancedb/index.ts b/extensions/memory-lancedb/index.ts index 6ae7574aaa8..96f77d0a90b 100644 --- a/extensions/memory-lancedb/index.ts +++ b/extensions/memory-lancedb/index.ts @@ -10,7 +10,7 @@ import { randomUUID } from "node:crypto"; import type * as LanceDB from "@lancedb/lancedb"; import { Type } from "@sinclair/typebox"; import OpenAI from "openai"; -import type { OpenClawPluginApi } from "openclaw/plugin-sdk/memory-lancedb"; +import { definePluginEntry, type OpenClawPluginApi } from "./api.js"; import { DEFAULT_CAPTURE_MAX_CHARS, MEMORY_CATEGORIES, @@ -289,7 +289,7 @@ export function detectCategory(text: string): MemoryCategory { // Plugin Definition // ============================================================================ -const memoryPlugin = { +export default definePluginEntry({ id: "memory-lancedb", name: "Memory (LanceDB)", description: "LanceDB-backed long-term memory with auto-recall/capture", @@ -673,6 +673,4 @@ const memoryPlugin = { }, }); }, -}; - -export default memoryPlugin; +}); diff --git a/extensions/microsoft/index.ts b/extensions/microsoft/index.ts new file mode 100644 index 00000000000..e0e39e3a18f --- /dev/null +++ b/extensions/microsoft/index.ts @@ -0,0 +1,11 @@ +import { definePluginEntry } from "openclaw/plugin-sdk/core"; +import { buildMicrosoftSpeechProvider } from "openclaw/plugin-sdk/speech"; + +export default definePluginEntry({ + id: "microsoft", + name: "Microsoft Speech", + description: "Bundled Microsoft speech provider", + register(api) { + api.registerSpeechProvider(buildMicrosoftSpeechProvider()); + }, +}); diff --git a/extensions/microsoft/openclaw.plugin.json b/extensions/microsoft/openclaw.plugin.json new file mode 100644 index 00000000000..85a130c463a --- /dev/null +++ b/extensions/microsoft/openclaw.plugin.json @@ -0,0 +1,8 @@ +{ + "id": "microsoft", + "configSchema": { + "type": "object", + "additionalProperties": false, + "properties": {} + } +} diff --git a/extensions/microsoft/package.json b/extensions/microsoft/package.json new file mode 100644 index 00000000000..400095cc1f0 --- /dev/null +++ b/extensions/microsoft/package.json @@ -0,0 +1,12 @@ +{ + "name": "@openclaw/microsoft-speech", + "version": "2026.3.14", + "private": true, + "description": "OpenClaw Microsoft speech plugin", + "type": "module", + "openclaw": { + "extensions": [ + "./index.ts" + ] + } +} diff --git a/extensions/minimax/index.ts b/extensions/minimax/index.ts index 604e8627d22..d1a97cb43dc 100644 --- a/extensions/minimax/index.ts +++ b/extensions/minimax/index.ts @@ -1,24 +1,24 @@ import { buildOauthProviderAuthResult, - emptyPluginConfigSchema, - type OpenClawPluginApi, + definePluginEntry, type ProviderAuthContext, type ProviderAuthResult, type ProviderCatalogContext, } from "openclaw/plugin-sdk/minimax-portal-auth"; -import { ensureAuthProfileStore, listProfilesForProvider } from "../../src/agents/auth-profiles.js"; -import { MINIMAX_OAUTH_MARKER } from "../../src/agents/model-auth-markers.js"; import { - buildMinimaxPortalProvider, - buildMinimaxProvider, -} from "../../src/agents/models-config.providers.static.js"; + MINIMAX_OAUTH_MARKER, + createProviderApiKeyAuthMethod, + ensureAuthProfileStore, + listProfilesForProvider, +} from "openclaw/plugin-sdk/provider-auth"; +import { fetchMinimaxUsage } from "openclaw/plugin-sdk/provider-usage"; import { - applyMinimaxApiConfig, - applyMinimaxApiConfigCn, -} from "../../src/commands/onboard-auth.config-minimax.js"; -import { fetchMinimaxUsage } from "../../src/infra/provider-usage.fetch.js"; -import { createProviderApiKeyAuthMethod } from "../../src/plugins/provider-api-key-auth.js"; + minimaxMediaUnderstandingProvider, + minimaxPortalMediaUnderstandingProvider, +} from "./media-understanding-provider.js"; import { loginMiniMaxPortalOAuth, type MiniMaxRegion } from "./oauth.js"; +import { applyMinimaxApiConfig, applyMinimaxApiConfigCn } from "./onboard.js"; +import { buildMinimaxPortalProvider, buildMinimaxProvider } from "./provider-catalog.js"; const API_PROVIDER_ID = "minimax"; const PORTAL_PROVIDER_ID = "minimax-portal"; @@ -158,12 +158,11 @@ function createOAuthHandler(region: MiniMaxRegion) { }; } -const minimaxPlugin = { +export default definePluginEntry({ id: API_PROVIDER_ID, name: "MiniMax", description: "Bundled MiniMax API-key and OAuth provider plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerProvider({ id: API_PROVIDER_ID, label: PROVIDER_LABEL, @@ -276,7 +275,7 @@ const minimaxPlugin = { ], isModernModelRef: ({ modelId }) => isModernMiniMaxModel(modelId), }); + api.registerMediaUnderstandingProvider(minimaxMediaUnderstandingProvider); + api.registerMediaUnderstandingProvider(minimaxPortalMediaUnderstandingProvider); }, -}; - -export default minimaxPlugin; +}); diff --git a/extensions/minimax/media-understanding-provider.ts b/extensions/minimax/media-understanding-provider.ts new file mode 100644 index 00000000000..4501a96dee9 --- /dev/null +++ b/extensions/minimax/media-understanding-provider.ts @@ -0,0 +1,19 @@ +import { + describeImageWithModel, + describeImagesWithModel, + type MediaUnderstandingProvider, +} from "openclaw/plugin-sdk/media-understanding"; + +export const minimaxMediaUnderstandingProvider: MediaUnderstandingProvider = { + id: "minimax", + capabilities: ["image"], + describeImage: describeImageWithModel, + describeImages: describeImagesWithModel, +}; + +export const minimaxPortalMediaUnderstandingProvider: MediaUnderstandingProvider = { + id: "minimax-portal", + capabilities: ["image"], + describeImage: describeImageWithModel, + describeImages: describeImagesWithModel, +}; diff --git a/extensions/minimax/model-definitions.ts b/extensions/minimax/model-definitions.ts new file mode 100644 index 00000000000..48396f21240 --- /dev/null +++ b/extensions/minimax/model-definitions.ts @@ -0,0 +1,64 @@ +import type { ModelDefinitionConfig } from "openclaw/plugin-sdk/provider-models"; + +export const DEFAULT_MINIMAX_BASE_URL = "https://api.minimax.io/v1"; +export const MINIMAX_API_BASE_URL = "https://api.minimax.io/anthropic"; +export const MINIMAX_CN_API_BASE_URL = "https://api.minimaxi.com/anthropic"; +export const MINIMAX_HOSTED_MODEL_ID = "MiniMax-M2.5"; +export const MINIMAX_HOSTED_MODEL_REF = `minimax/${MINIMAX_HOSTED_MODEL_ID}`; +export const DEFAULT_MINIMAX_CONTEXT_WINDOW = 200000; +export const DEFAULT_MINIMAX_MAX_TOKENS = 8192; + +export const MINIMAX_API_COST = { + input: 0.3, + output: 1.2, + cacheRead: 0.03, + cacheWrite: 0.12, +}; +export const MINIMAX_HOSTED_COST = { + input: 0, + output: 0, + cacheRead: 0, + cacheWrite: 0, +}; +export const MINIMAX_LM_STUDIO_COST = { + input: 0, + output: 0, + cacheRead: 0, + cacheWrite: 0, +}; + +const MINIMAX_MODEL_CATALOG = { + "MiniMax-M2.5": { name: "MiniMax M2.5", reasoning: true }, + "MiniMax-M2.5-highspeed": { name: "MiniMax M2.5 Highspeed", reasoning: true }, +} as const; + +type MinimaxCatalogId = keyof typeof MINIMAX_MODEL_CATALOG; + +export function buildMinimaxModelDefinition(params: { + id: string; + name?: string; + reasoning?: boolean; + cost: ModelDefinitionConfig["cost"]; + contextWindow: number; + maxTokens: number; +}): ModelDefinitionConfig { + const catalog = MINIMAX_MODEL_CATALOG[params.id as MinimaxCatalogId]; + return { + id: params.id, + name: params.name ?? catalog?.name ?? `MiniMax ${params.id}`, + reasoning: params.reasoning ?? catalog?.reasoning ?? false, + input: ["text"], + cost: params.cost, + contextWindow: params.contextWindow, + maxTokens: params.maxTokens, + }; +} + +export function buildMinimaxApiModelDefinition(modelId: string): ModelDefinitionConfig { + return buildMinimaxModelDefinition({ + id: modelId, + cost: MINIMAX_API_COST, + contextWindow: DEFAULT_MINIMAX_CONTEXT_WINDOW, + maxTokens: DEFAULT_MINIMAX_MAX_TOKENS, + }); +} diff --git a/src/commands/onboard-auth.config-minimax.ts b/extensions/minimax/onboard.ts similarity index 89% rename from src/commands/onboard-auth.config-minimax.ts rename to extensions/minimax/onboard.ts index 14ec734592b..2edcf9637e4 100644 --- a/src/commands/onboard-auth.config-minimax.ts +++ b/extensions/minimax/onboard.ts @@ -1,14 +1,14 @@ -import type { OpenClawConfig } from "../config/config.js"; -import type { ModelProviderConfig } from "../config/types.models.js"; -import { - applyAgentDefaultModelPrimary, - applyOnboardAuthAgentModelsAndProviders, -} from "./onboard-auth.config-shared.js"; import { buildMinimaxApiModelDefinition, MINIMAX_API_BASE_URL, MINIMAX_CN_API_BASE_URL, -} from "./onboard-auth.models.js"; +} from "openclaw/plugin-sdk/provider-models"; +import { + applyAgentDefaultModelPrimary, + applyOnboardAuthAgentModelsAndProviders, + type ModelProviderConfig, + type OpenClawConfig, +} from "openclaw/plugin-sdk/provider-onboard"; type MinimaxApiProviderConfigParams = { providerId: string; @@ -59,7 +59,6 @@ function applyMinimaxApiConfigWithBaseUrl( return applyAgentDefaultModelPrimary(next, `${params.providerId}/${params.modelId}`); } -// MiniMax Global API (platform.minimax.io/anthropic) export function applyMinimaxApiProviderConfig( cfg: OpenClawConfig, modelId: string = "MiniMax-M2.5", @@ -82,7 +81,6 @@ export function applyMinimaxApiConfig( }); } -// MiniMax CN API (api.minimaxi.com/anthropic) — same provider id, different baseUrl export function applyMinimaxApiProviderConfigCn( cfg: OpenClawConfig, modelId: string = "MiniMax-M2.5", diff --git a/extensions/minimax/provider-catalog.ts b/extensions/minimax/provider-catalog.ts new file mode 100644 index 00000000000..ab8cceb9c53 --- /dev/null +++ b/extensions/minimax/provider-catalog.ts @@ -0,0 +1,80 @@ +import type { + ModelDefinitionConfig, + ModelProviderConfig, +} from "openclaw/plugin-sdk/provider-models"; + +const MINIMAX_PORTAL_BASE_URL = "https://api.minimax.io/anthropic"; +export const MINIMAX_DEFAULT_MODEL_ID = "MiniMax-M2.5"; +const MINIMAX_DEFAULT_VISION_MODEL_ID = "MiniMax-VL-01"; +const MINIMAX_DEFAULT_CONTEXT_WINDOW = 200000; +const MINIMAX_DEFAULT_MAX_TOKENS = 8192; +const MINIMAX_API_COST = { + input: 0.3, + output: 1.2, + cacheRead: 0.03, + cacheWrite: 0.12, +}; + +function buildMinimaxModel(params: { + id: string; + name: string; + reasoning: boolean; + input: ModelDefinitionConfig["input"]; +}): ModelDefinitionConfig { + return { + id: params.id, + name: params.name, + reasoning: params.reasoning, + input: params.input, + cost: MINIMAX_API_COST, + contextWindow: MINIMAX_DEFAULT_CONTEXT_WINDOW, + maxTokens: MINIMAX_DEFAULT_MAX_TOKENS, + }; +} + +function buildMinimaxTextModel(params: { + id: string; + name: string; + reasoning: boolean; +}): ModelDefinitionConfig { + return buildMinimaxModel({ ...params, input: ["text"] }); +} + +function buildMinimaxCatalog(): ModelDefinitionConfig[] { + return [ + buildMinimaxModel({ + id: MINIMAX_DEFAULT_VISION_MODEL_ID, + name: "MiniMax VL 01", + reasoning: false, + input: ["text", "image"], + }), + buildMinimaxTextModel({ + id: MINIMAX_DEFAULT_MODEL_ID, + name: "MiniMax M2.5", + reasoning: true, + }), + buildMinimaxTextModel({ + id: "MiniMax-M2.5-highspeed", + name: "MiniMax M2.5 Highspeed", + reasoning: true, + }), + ]; +} + +export function buildMinimaxProvider(): ModelProviderConfig { + return { + baseUrl: MINIMAX_PORTAL_BASE_URL, + api: "anthropic-messages", + authHeader: true, + models: buildMinimaxCatalog(), + }; +} + +export function buildMinimaxPortalProvider(): ModelProviderConfig { + return { + baseUrl: MINIMAX_PORTAL_BASE_URL, + api: "anthropic-messages", + authHeader: true, + models: buildMinimaxCatalog(), + }; +} diff --git a/extensions/mistral/index.ts b/extensions/mistral/index.ts index 56e24f8560c..cfb77d3a012 100644 --- a/extensions/mistral/index.ts +++ b/extensions/mistral/index.ts @@ -1,15 +1,15 @@ -import { emptyPluginConfigSchema, type OpenClawPluginApi } from "openclaw/plugin-sdk/core"; -import { applyMistralConfig, MISTRAL_DEFAULT_MODEL_REF } from "../../src/commands/onboard-auth.js"; -import { createProviderApiKeyAuthMethod } from "../../src/plugins/provider-api-key-auth.js"; +import { definePluginEntry } from "openclaw/plugin-sdk/core"; +import { createProviderApiKeyAuthMethod } from "openclaw/plugin-sdk/provider-auth"; +import { mistralMediaUnderstandingProvider } from "./media-understanding-provider.js"; +import { applyMistralConfig, MISTRAL_DEFAULT_MODEL_REF } from "./onboard.js"; const PROVIDER_ID = "mistral"; -const mistralPlugin = { +export default definePluginEntry({ id: PROVIDER_ID, name: "Mistral Provider", description: "Bundled Mistral provider plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerProvider({ id: PROVIDER_ID, label: "Mistral", @@ -50,7 +50,6 @@ const mistralPlugin = { ], }, }); + api.registerMediaUnderstandingProvider(mistralMediaUnderstandingProvider); }, -}; - -export default mistralPlugin; +}); diff --git a/extensions/mistral/media-understanding-provider.ts b/extensions/mistral/media-understanding-provider.ts new file mode 100644 index 00000000000..f6ee0f167de --- /dev/null +++ b/extensions/mistral/media-understanding-provider.ts @@ -0,0 +1,19 @@ +import { + transcribeOpenAiCompatibleAudio, + type MediaUnderstandingProvider, +} from "openclaw/plugin-sdk/media-understanding"; + +const DEFAULT_MISTRAL_AUDIO_BASE_URL = "https://api.mistral.ai/v1"; +const DEFAULT_MISTRAL_AUDIO_MODEL = "voxtral-mini-latest"; + +export const mistralMediaUnderstandingProvider: MediaUnderstandingProvider = { + id: "mistral", + capabilities: ["audio"], + transcribeAudio: async (req) => + await transcribeOpenAiCompatibleAudio({ + ...req, + baseUrl: req.baseUrl ?? DEFAULT_MISTRAL_AUDIO_BASE_URL, + defaultBaseUrl: DEFAULT_MISTRAL_AUDIO_BASE_URL, + defaultModel: DEFAULT_MISTRAL_AUDIO_MODEL, + }), +}; diff --git a/extensions/mistral/model-definitions.ts b/extensions/mistral/model-definitions.ts new file mode 100644 index 00000000000..2e915da172a --- /dev/null +++ b/extensions/mistral/model-definitions.ts @@ -0,0 +1,25 @@ +import type { ModelDefinitionConfig } from "openclaw/plugin-sdk/provider-models"; + +export const MISTRAL_BASE_URL = "https://api.mistral.ai/v1"; +export const MISTRAL_DEFAULT_MODEL_ID = "mistral-large-latest"; +export const MISTRAL_DEFAULT_MODEL_REF = `mistral/${MISTRAL_DEFAULT_MODEL_ID}`; +export const MISTRAL_DEFAULT_CONTEXT_WINDOW = 262144; +export const MISTRAL_DEFAULT_MAX_TOKENS = 262144; +export const MISTRAL_DEFAULT_COST = { + input: 0, + output: 0, + cacheRead: 0, + cacheWrite: 0, +}; + +export function buildMistralModelDefinition(): ModelDefinitionConfig { + return { + id: MISTRAL_DEFAULT_MODEL_ID, + name: "Mistral Large", + reasoning: false, + input: ["text", "image"], + cost: MISTRAL_DEFAULT_COST, + contextWindow: MISTRAL_DEFAULT_CONTEXT_WINDOW, + maxTokens: MISTRAL_DEFAULT_MAX_TOKENS, + }; +} diff --git a/extensions/mistral/onboard.ts b/extensions/mistral/onboard.ts new file mode 100644 index 00000000000..cefdeda2d01 --- /dev/null +++ b/extensions/mistral/onboard.ts @@ -0,0 +1,33 @@ +import { + buildMistralModelDefinition, + MISTRAL_BASE_URL, + MISTRAL_DEFAULT_MODEL_ID, +} from "openclaw/plugin-sdk/provider-models"; +import { + applyAgentDefaultModelPrimary, + applyProviderConfigWithDefaultModel, + type OpenClawConfig, +} from "openclaw/plugin-sdk/provider-onboard"; + +export const MISTRAL_DEFAULT_MODEL_REF = `mistral/${MISTRAL_DEFAULT_MODEL_ID}`; + +export function applyMistralProviderConfig(cfg: OpenClawConfig): OpenClawConfig { + const models = { ...cfg.agents?.defaults?.models }; + models[MISTRAL_DEFAULT_MODEL_REF] = { + ...models[MISTRAL_DEFAULT_MODEL_REF], + alias: models[MISTRAL_DEFAULT_MODEL_REF]?.alias ?? "Mistral", + }; + + return applyProviderConfigWithDefaultModel(cfg, { + agentModels: models, + providerId: "mistral", + api: "openai-completions", + baseUrl: MISTRAL_BASE_URL, + defaultModel: buildMistralModelDefinition(), + defaultModelId: MISTRAL_DEFAULT_MODEL_ID, + }); +} + +export function applyMistralConfig(cfg: OpenClawConfig): OpenClawConfig { + return applyAgentDefaultModelPrimary(applyMistralProviderConfig(cfg), MISTRAL_DEFAULT_MODEL_REF); +} diff --git a/extensions/modelstudio/index.ts b/extensions/modelstudio/index.ts index 2e3e7c6b3c8..fc5dab4c4f8 100644 --- a/extensions/modelstudio/index.ts +++ b/extensions/modelstudio/index.ts @@ -1,20 +1,20 @@ -import { emptyPluginConfigSchema, type OpenClawPluginApi } from "openclaw/plugin-sdk/core"; -import { buildModelStudioProvider } from "../../src/agents/models-config.providers.static.js"; +import { definePluginEntry } from "openclaw/plugin-sdk/core"; +import { createProviderApiKeyAuthMethod } from "openclaw/plugin-sdk/provider-auth"; +import { buildSingleProviderApiKeyCatalog } from "openclaw/plugin-sdk/provider-catalog"; import { applyModelStudioConfig, applyModelStudioConfigCn, MODELSTUDIO_DEFAULT_MODEL_REF, -} from "../../src/commands/onboard-auth.js"; -import { createProviderApiKeyAuthMethod } from "../../src/plugins/provider-api-key-auth.js"; +} from "./onboard.js"; +import { buildModelStudioProvider } from "./provider-catalog.js"; const PROVIDER_ID = "modelstudio"; -const modelStudioPlugin = { +export default definePluginEntry({ id: PROVIDER_ID, name: "Model Studio Provider", description: "Bundled Model Studio provider plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerProvider({ id: PROVIDER_ID, label: "Model Studio", @@ -78,25 +78,14 @@ const modelStudioPlugin = { ], catalog: { order: "simple", - run: async (ctx) => { - const apiKey = ctx.resolveProviderApiKey(PROVIDER_ID).apiKey; - if (!apiKey) { - return null; - } - const explicitProvider = ctx.config.models?.providers?.[PROVIDER_ID]; - const explicitBaseUrl = - typeof explicitProvider?.baseUrl === "string" ? explicitProvider.baseUrl.trim() : ""; - return { - provider: { - ...buildModelStudioProvider(), - ...(explicitBaseUrl ? { baseUrl: explicitBaseUrl } : {}), - apiKey, - }, - }; - }, + run: (ctx) => + buildSingleProviderApiKeyCatalog({ + ctx, + providerId: PROVIDER_ID, + buildProvider: buildModelStudioProvider, + allowExplicitBaseUrl: true, + }), }, }); }, -}; - -export default modelStudioPlugin; +}); diff --git a/extensions/modelstudio/model-definitions.ts b/extensions/modelstudio/model-definitions.ts new file mode 100644 index 00000000000..16fcdc6ec8c --- /dev/null +++ b/extensions/modelstudio/model-definitions.ts @@ -0,0 +1,102 @@ +import type { ModelDefinitionConfig } from "openclaw/plugin-sdk/provider-models"; + +export const MODELSTUDIO_CN_BASE_URL = "https://coding.dashscope.aliyuncs.com/v1"; +export const MODELSTUDIO_GLOBAL_BASE_URL = "https://coding-intl.dashscope.aliyuncs.com/v1"; +export const MODELSTUDIO_DEFAULT_MODEL_ID = "qwen3.5-plus"; +export const MODELSTUDIO_DEFAULT_MODEL_REF = `modelstudio/${MODELSTUDIO_DEFAULT_MODEL_ID}`; +export const MODELSTUDIO_DEFAULT_COST = { + input: 0, + output: 0, + cacheRead: 0, + cacheWrite: 0, +}; + +const MODELSTUDIO_MODEL_CATALOG = { + "qwen3.5-plus": { + name: "qwen3.5-plus", + reasoning: false, + input: ["text", "image"], + contextWindow: 1000000, + maxTokens: 65536, + }, + "qwen3-max-2026-01-23": { + name: "qwen3-max-2026-01-23", + reasoning: false, + input: ["text"], + contextWindow: 262144, + maxTokens: 65536, + }, + "qwen3-coder-next": { + name: "qwen3-coder-next", + reasoning: false, + input: ["text"], + contextWindow: 262144, + maxTokens: 65536, + }, + "qwen3-coder-plus": { + name: "qwen3-coder-plus", + reasoning: false, + input: ["text"], + contextWindow: 1000000, + maxTokens: 65536, + }, + "MiniMax-M2.5": { + name: "MiniMax-M2.5", + reasoning: false, + input: ["text"], + contextWindow: 1000000, + maxTokens: 65536, + }, + "glm-5": { + name: "glm-5", + reasoning: false, + input: ["text"], + contextWindow: 202752, + maxTokens: 16384, + }, + "glm-4.7": { + name: "glm-4.7", + reasoning: false, + input: ["text"], + contextWindow: 202752, + maxTokens: 16384, + }, + "kimi-k2.5": { + name: "kimi-k2.5", + reasoning: false, + input: ["text", "image"], + contextWindow: 262144, + maxTokens: 32768, + }, +} as const; + +type ModelStudioCatalogId = keyof typeof MODELSTUDIO_MODEL_CATALOG; + +export function buildModelStudioModelDefinition(params: { + id: string; + name?: string; + reasoning?: boolean; + input?: string[]; + cost?: ModelDefinitionConfig["cost"]; + contextWindow?: number; + maxTokens?: number; +}): ModelDefinitionConfig { + const catalog = MODELSTUDIO_MODEL_CATALOG[params.id as ModelStudioCatalogId]; + return { + id: params.id, + name: params.name ?? catalog?.name ?? params.id, + reasoning: params.reasoning ?? catalog?.reasoning ?? false, + input: + (params.input as ("text" | "image")[]) ?? + ([...(catalog?.input ?? ["text"])] as ("text" | "image")[]), + cost: params.cost ?? MODELSTUDIO_DEFAULT_COST, + contextWindow: params.contextWindow ?? catalog?.contextWindow ?? 262144, + maxTokens: params.maxTokens ?? catalog?.maxTokens ?? 65536, + }; +} + +export function buildModelStudioDefaultModelDefinition(): ModelDefinitionConfig { + return buildModelStudioModelDefinition({ + id: MODELSTUDIO_DEFAULT_MODEL_ID, + }); +} diff --git a/extensions/modelstudio/onboard.ts b/extensions/modelstudio/onboard.ts new file mode 100644 index 00000000000..881b742dde4 --- /dev/null +++ b/extensions/modelstudio/onboard.ts @@ -0,0 +1,61 @@ +import { + MODELSTUDIO_CN_BASE_URL, + MODELSTUDIO_DEFAULT_MODEL_REF, + MODELSTUDIO_GLOBAL_BASE_URL, +} from "openclaw/plugin-sdk/provider-models"; +import { + applyAgentDefaultModelPrimary, + applyProviderConfigWithModelCatalog, + type OpenClawConfig, +} from "openclaw/plugin-sdk/provider-onboard"; +import { buildModelStudioProvider } from "./provider-catalog.js"; + +export { MODELSTUDIO_CN_BASE_URL, MODELSTUDIO_DEFAULT_MODEL_REF, MODELSTUDIO_GLOBAL_BASE_URL }; + +function applyModelStudioProviderConfigWithBaseUrl( + cfg: OpenClawConfig, + baseUrl: string, +): OpenClawConfig { + const models = { ...cfg.agents?.defaults?.models }; + const provider = buildModelStudioProvider(); + for (const model of provider.models ?? []) { + const modelRef = `modelstudio/${model.id}`; + if (!models[modelRef]) { + models[modelRef] = {}; + } + } + models[MODELSTUDIO_DEFAULT_MODEL_REF] = { + ...models[MODELSTUDIO_DEFAULT_MODEL_REF], + alias: models[MODELSTUDIO_DEFAULT_MODEL_REF]?.alias ?? "Qwen", + }; + + return applyProviderConfigWithModelCatalog(cfg, { + agentModels: models, + providerId: "modelstudio", + api: provider.api ?? "openai-completions", + baseUrl, + catalogModels: provider.models ?? [], + }); +} + +export function applyModelStudioProviderConfig(cfg: OpenClawConfig): OpenClawConfig { + return applyModelStudioProviderConfigWithBaseUrl(cfg, MODELSTUDIO_GLOBAL_BASE_URL); +} + +export function applyModelStudioProviderConfigCn(cfg: OpenClawConfig): OpenClawConfig { + return applyModelStudioProviderConfigWithBaseUrl(cfg, MODELSTUDIO_CN_BASE_URL); +} + +export function applyModelStudioConfig(cfg: OpenClawConfig): OpenClawConfig { + return applyAgentDefaultModelPrimary( + applyModelStudioProviderConfig(cfg), + MODELSTUDIO_DEFAULT_MODEL_REF, + ); +} + +export function applyModelStudioConfigCn(cfg: OpenClawConfig): OpenClawConfig { + return applyAgentDefaultModelPrimary( + applyModelStudioProviderConfigCn(cfg), + MODELSTUDIO_DEFAULT_MODEL_REF, + ); +} diff --git a/extensions/modelstudio/provider-catalog.ts b/extensions/modelstudio/provider-catalog.ts new file mode 100644 index 00000000000..0908155a5f8 --- /dev/null +++ b/extensions/modelstudio/provider-catalog.ts @@ -0,0 +1,96 @@ +import type { + ModelDefinitionConfig, + ModelProviderConfig, +} from "openclaw/plugin-sdk/provider-models"; + +export const MODELSTUDIO_BASE_URL = "https://coding-intl.dashscope.aliyuncs.com/v1"; +export const MODELSTUDIO_DEFAULT_MODEL_ID = "qwen3.5-plus"; +const MODELSTUDIO_DEFAULT_COST = { + input: 0, + output: 0, + cacheRead: 0, + cacheWrite: 0, +}; + +const MODELSTUDIO_MODEL_CATALOG: ReadonlyArray = [ + { + id: "qwen3.5-plus", + name: "qwen3.5-plus", + reasoning: false, + input: ["text", "image"], + cost: MODELSTUDIO_DEFAULT_COST, + contextWindow: 1_000_000, + maxTokens: 65_536, + }, + { + id: "qwen3-max-2026-01-23", + name: "qwen3-max-2026-01-23", + reasoning: false, + input: ["text"], + cost: MODELSTUDIO_DEFAULT_COST, + contextWindow: 262_144, + maxTokens: 65_536, + }, + { + id: "qwen3-coder-next", + name: "qwen3-coder-next", + reasoning: false, + input: ["text"], + cost: MODELSTUDIO_DEFAULT_COST, + contextWindow: 262_144, + maxTokens: 65_536, + }, + { + id: "qwen3-coder-plus", + name: "qwen3-coder-plus", + reasoning: false, + input: ["text"], + cost: MODELSTUDIO_DEFAULT_COST, + contextWindow: 1_000_000, + maxTokens: 65_536, + }, + { + id: "MiniMax-M2.5", + name: "MiniMax-M2.5", + reasoning: true, + input: ["text"], + cost: MODELSTUDIO_DEFAULT_COST, + contextWindow: 1_000_000, + maxTokens: 65_536, + }, + { + id: "glm-5", + name: "glm-5", + reasoning: false, + input: ["text"], + cost: MODELSTUDIO_DEFAULT_COST, + contextWindow: 202_752, + maxTokens: 16_384, + }, + { + id: "glm-4.7", + name: "glm-4.7", + reasoning: false, + input: ["text"], + cost: MODELSTUDIO_DEFAULT_COST, + contextWindow: 202_752, + maxTokens: 16_384, + }, + { + id: "kimi-k2.5", + name: "kimi-k2.5", + reasoning: false, + input: ["text", "image"], + cost: MODELSTUDIO_DEFAULT_COST, + contextWindow: 262_144, + maxTokens: 32_768, + }, +]; + +export function buildModelStudioProvider(): ModelProviderConfig { + return { + baseUrl: MODELSTUDIO_BASE_URL, + api: "openai-completions", + models: MODELSTUDIO_MODEL_CATALOG.map((model) => ({ ...model })), + }; +} diff --git a/extensions/moonshot/index.ts b/extensions/moonshot/index.ts index 3b57a5134ba..704b841818c 100644 --- a/extensions/moonshot/index.ts +++ b/extensions/moonshot/index.ts @@ -1,30 +1,30 @@ -import { buildMoonshotProvider } from "../../src/agents/models-config.providers.static.js"; +import { definePluginEntry } from "openclaw/plugin-sdk/core"; +import { createProviderApiKeyAuthMethod } from "openclaw/plugin-sdk/provider-auth"; +import { buildSingleProviderApiKeyCatalog } from "openclaw/plugin-sdk/provider-catalog"; import { createMoonshotThinkingWrapper, resolveMoonshotThinkingType, -} from "../../src/agents/pi-embedded-runner/moonshot-stream-wrappers.js"; +} from "openclaw/plugin-sdk/provider-stream"; import { createPluginBackedWebSearchProvider, getScopedCredentialValue, setScopedCredentialValue, -} from "../../src/agents/tools/web-search-plugin-factory.js"; +} from "openclaw/plugin-sdk/provider-web-search"; +import { moonshotMediaUnderstandingProvider } from "./media-understanding-provider.js"; import { applyMoonshotConfig, applyMoonshotConfigCn, -} from "../../src/commands/onboard-auth.config-core.js"; -import { MOONSHOT_DEFAULT_MODEL_REF } from "../../src/commands/onboard-auth.models.js"; -import { emptyPluginConfigSchema } from "../../src/plugins/config-schema.js"; -import { createProviderApiKeyAuthMethod } from "../../src/plugins/provider-api-key-auth.js"; -import type { OpenClawPluginApi } from "../../src/plugins/types.js"; + MOONSHOT_DEFAULT_MODEL_REF, +} from "./onboard.js"; +import { buildMoonshotProvider } from "./provider-catalog.js"; const PROVIDER_ID = "moonshot"; -const moonshotPlugin = { +export default definePluginEntry({ id: PROVIDER_ID, name: "Moonshot Provider", description: "Bundled Moonshot provider plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerProvider({ id: PROVIDER_ID, label: "Moonshot", @@ -35,7 +35,7 @@ const moonshotPlugin = { providerId: PROVIDER_ID, methodId: "api-key", label: "Kimi API key (.ai)", - hint: "Kimi K2.5 + Kimi Coding", + hint: "Kimi K2.5 + Kimi", optionKey: "moonshotApiKey", flagName: "--moonshot-api-key", envVar: "MOONSHOT_API_KEY", @@ -48,14 +48,14 @@ const moonshotPlugin = { choiceLabel: "Kimi API key (.ai)", groupId: "moonshot", groupLabel: "Moonshot AI (Kimi K2.5)", - groupHint: "Kimi K2.5 + Kimi Coding", + groupHint: "Kimi K2.5 + Kimi", }, }), createProviderApiKeyAuthMethod({ providerId: PROVIDER_ID, methodId: "api-key-cn", label: "Kimi API key (.cn)", - hint: "Kimi K2.5 + Kimi Coding", + hint: "Kimi K2.5 + Kimi", optionKey: "moonshotApiKey", flagName: "--moonshot-api-key", envVar: "MOONSHOT_API_KEY", @@ -68,28 +68,19 @@ const moonshotPlugin = { choiceLabel: "Kimi API key (.cn)", groupId: "moonshot", groupLabel: "Moonshot AI (Kimi K2.5)", - groupHint: "Kimi K2.5 + Kimi Coding", + groupHint: "Kimi K2.5 + Kimi", }, }), ], catalog: { order: "simple", - run: async (ctx) => { - const apiKey = ctx.resolveProviderApiKey(PROVIDER_ID).apiKey; - if (!apiKey) { - return null; - } - const explicitProvider = ctx.config.models?.providers?.[PROVIDER_ID]; - const explicitBaseUrl = - typeof explicitProvider?.baseUrl === "string" ? explicitProvider.baseUrl.trim() : ""; - return { - provider: { - ...buildMoonshotProvider(), - ...(explicitBaseUrl ? { baseUrl: explicitBaseUrl } : {}), - apiKey, - }, - }; - }, + run: (ctx) => + buildSingleProviderApiKeyCatalog({ + ctx, + providerId: PROVIDER_ID, + buildProvider: buildMoonshotProvider, + allowExplicitBaseUrl: true, + }), }, wrapStreamFn: (ctx) => { const thinkingType = resolveMoonshotThinkingType({ @@ -99,6 +90,7 @@ const moonshotPlugin = { return createMoonshotThinkingWrapper(ctx.streamFn, thinkingType); }, }); + api.registerMediaUnderstandingProvider(moonshotMediaUnderstandingProvider); api.registerWebSearchProvider( createPluginBackedWebSearchProvider({ id: "kimi", @@ -115,6 +107,4 @@ const moonshotPlugin = { }), ); }, -}; - -export default moonshotPlugin; +}); diff --git a/src/media-understanding/providers/moonshot/video.ts b/extensions/moonshot/media-understanding-provider.ts similarity index 84% rename from src/media-understanding/providers/moonshot/video.ts rename to extensions/moonshot/media-understanding-provider.ts index 0cc6f55a7e3..6c652ae58d3 100644 --- a/src/media-understanding/providers/moonshot/video.ts +++ b/extensions/moonshot/media-understanding-provider.ts @@ -1,5 +1,13 @@ -import type { VideoDescriptionRequest, VideoDescriptionResult } from "../../types.js"; -import { assertOkOrThrowHttpError, normalizeBaseUrl, postJsonRequest } from "../shared.js"; +import { + describeImageWithModel, + describeImagesWithModel, + type MediaUnderstandingProvider, + type VideoDescriptionRequest, + type VideoDescriptionResult, + assertOkOrThrowHttpError, + normalizeBaseUrl, + postJsonRequest, +} from "openclaw/plugin-sdk/media-understanding"; export const DEFAULT_MOONSHOT_VIDEO_BASE_URL = "https://api.moonshot.ai/v1"; const DEFAULT_MOONSHOT_VIDEO_MODEL = "kimi-k2.5"; @@ -104,3 +112,11 @@ export async function describeMoonshotVideo( await release(); } } + +export const moonshotMediaUnderstandingProvider: MediaUnderstandingProvider = { + id: "moonshot", + capabilities: ["image", "video"], + describeImage: describeImageWithModel, + describeImages: describeImagesWithModel, + describeVideo: describeMoonshotVideo, +}; diff --git a/extensions/moonshot/onboard.ts b/extensions/moonshot/onboard.ts new file mode 100644 index 00000000000..61cc537a622 --- /dev/null +++ b/extensions/moonshot/onboard.ts @@ -0,0 +1,60 @@ +import { + applyAgentDefaultModelPrimary, + applyProviderConfigWithDefaultModel, + type OpenClawConfig, +} from "openclaw/plugin-sdk/provider-onboard"; +import { + buildMoonshotProvider, + MOONSHOT_BASE_URL, + MOONSHOT_DEFAULT_MODEL_ID, +} from "./provider-catalog.js"; + +export const MOONSHOT_CN_BASE_URL = "https://api.moonshot.cn/v1"; +export const MOONSHOT_DEFAULT_MODEL_REF = `moonshot/${MOONSHOT_DEFAULT_MODEL_ID}`; + +export function applyMoonshotProviderConfig(cfg: OpenClawConfig): OpenClawConfig { + return applyMoonshotProviderConfigWithBaseUrl(cfg, MOONSHOT_BASE_URL); +} + +export function applyMoonshotProviderConfigCn(cfg: OpenClawConfig): OpenClawConfig { + return applyMoonshotProviderConfigWithBaseUrl(cfg, MOONSHOT_CN_BASE_URL); +} + +function applyMoonshotProviderConfigWithBaseUrl( + cfg: OpenClawConfig, + baseUrl: string, +): OpenClawConfig { + const models = { ...cfg.agents?.defaults?.models }; + models[MOONSHOT_DEFAULT_MODEL_REF] = { + ...models[MOONSHOT_DEFAULT_MODEL_REF], + alias: models[MOONSHOT_DEFAULT_MODEL_REF]?.alias ?? "Kimi", + }; + + const defaultModel = buildMoonshotProvider().models[0]; + if (!defaultModel) { + return cfg; + } + + return applyProviderConfigWithDefaultModel(cfg, { + agentModels: models, + providerId: "moonshot", + api: "openai-completions", + baseUrl, + defaultModel, + defaultModelId: MOONSHOT_DEFAULT_MODEL_ID, + }); +} + +export function applyMoonshotConfig(cfg: OpenClawConfig): OpenClawConfig { + return applyAgentDefaultModelPrimary( + applyMoonshotProviderConfig(cfg), + MOONSHOT_DEFAULT_MODEL_REF, + ); +} + +export function applyMoonshotConfigCn(cfg: OpenClawConfig): OpenClawConfig { + return applyAgentDefaultModelPrimary( + applyMoonshotProviderConfigCn(cfg), + MOONSHOT_DEFAULT_MODEL_REF, + ); +} diff --git a/extensions/moonshot/openclaw.plugin.json b/extensions/moonshot/openclaw.plugin.json index cad9e255a2b..66bbfd2b6c8 100644 --- a/extensions/moonshot/openclaw.plugin.json +++ b/extensions/moonshot/openclaw.plugin.json @@ -9,10 +9,10 @@ "provider": "moonshot", "method": "api-key", "choiceId": "moonshot-api-key", - "choiceLabel": "Kimi API key (.ai)", + "choiceLabel": "Moonshot API key (.ai)", "groupId": "moonshot", "groupLabel": "Moonshot AI (Kimi K2.5)", - "groupHint": "Kimi K2.5 + Kimi Coding", + "groupHint": "Kimi K2.5", "optionKey": "moonshotApiKey", "cliFlag": "--moonshot-api-key", "cliOption": "--moonshot-api-key ", @@ -22,10 +22,10 @@ "provider": "moonshot", "method": "api-key-cn", "choiceId": "moonshot-api-key-cn", - "choiceLabel": "Kimi API key (.cn)", + "choiceLabel": "Moonshot API key (.cn)", "groupId": "moonshot", "groupLabel": "Moonshot AI (Kimi K2.5)", - "groupHint": "Kimi K2.5 + Kimi Coding", + "groupHint": "Kimi K2.5", "optionKey": "moonshotApiKey", "cliFlag": "--moonshot-api-key", "cliOption": "--moonshot-api-key ", diff --git a/extensions/moonshot/provider-catalog.ts b/extensions/moonshot/provider-catalog.ts new file mode 100644 index 00000000000..37f7213701e --- /dev/null +++ b/extensions/moonshot/provider-catalog.ts @@ -0,0 +1,30 @@ +import type { ModelProviderConfig } from "openclaw/plugin-sdk/provider-models"; + +export const MOONSHOT_BASE_URL = "https://api.moonshot.ai/v1"; +export const MOONSHOT_DEFAULT_MODEL_ID = "kimi-k2.5"; +const MOONSHOT_DEFAULT_CONTEXT_WINDOW = 256000; +const MOONSHOT_DEFAULT_MAX_TOKENS = 8192; +const MOONSHOT_DEFAULT_COST = { + input: 0, + output: 0, + cacheRead: 0, + cacheWrite: 0, +}; + +export function buildMoonshotProvider(): ModelProviderConfig { + return { + baseUrl: MOONSHOT_BASE_URL, + api: "openai-completions", + models: [ + { + id: MOONSHOT_DEFAULT_MODEL_ID, + name: "Kimi K2.5", + reasoning: false, + input: ["text", "image"], + cost: MOONSHOT_DEFAULT_COST, + contextWindow: MOONSHOT_DEFAULT_CONTEXT_WINDOW, + maxTokens: MOONSHOT_DEFAULT_MAX_TOKENS, + }, + ], + }; +} diff --git a/extensions/msteams/api.ts b/extensions/msteams/api.ts new file mode 100644 index 00000000000..8f7fe4d268b --- /dev/null +++ b/extensions/msteams/api.ts @@ -0,0 +1,2 @@ +export * from "./src/setup-core.js"; +export * from "./src/setup-surface.js"; diff --git a/extensions/msteams/index.ts b/extensions/msteams/index.ts index 725ad40dfdf..edffd1452f4 100644 --- a/extensions/msteams/index.ts +++ b/extensions/msteams/index.ts @@ -1,17 +1,14 @@ -import type { OpenClawPluginApi } from "openclaw/plugin-sdk/msteams"; -import { emptyPluginConfigSchema } from "openclaw/plugin-sdk/msteams"; +import { defineChannelPluginEntry } from "openclaw/plugin-sdk/core"; import { msteamsPlugin } from "./src/channel.js"; import { setMSTeamsRuntime } from "./src/runtime.js"; -const plugin = { +export { msteamsPlugin } from "./src/channel.js"; +export { setMSTeamsRuntime } from "./src/runtime.js"; + +export default defineChannelPluginEntry({ id: "msteams", name: "Microsoft Teams", description: "Microsoft Teams channel plugin (Bot Framework)", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { - setMSTeamsRuntime(api.runtime); - api.registerChannel({ plugin: msteamsPlugin }); - }, -}; - -export default plugin; + plugin: msteamsPlugin, + setRuntime: setMSTeamsRuntime, +}); diff --git a/extensions/msteams/setup-entry.ts b/extensions/msteams/setup-entry.ts index fb850b60e18..6e29414c82e 100644 --- a/extensions/msteams/setup-entry.ts +++ b/extensions/msteams/setup-entry.ts @@ -1,5 +1,4 @@ +import { defineSetupPluginEntry } from "openclaw/plugin-sdk/core"; import { msteamsPlugin } from "./src/channel.js"; -export default { - plugin: msteamsPlugin, -}; +export default defineSetupPluginEntry(msteamsPlugin); diff --git a/extensions/msteams/src/attachments.test.ts b/extensions/msteams/src/attachments.test.ts index 790dc8bd33f..fa119a2b44a 100644 --- a/extensions/msteams/src/attachments.test.ts +++ b/extensions/msteams/src/attachments.test.ts @@ -1,6 +1,6 @@ import type { PluginRuntime, SsrFPolicy } from "openclaw/plugin-sdk/msteams"; import { beforeEach, describe, expect, it, vi } from "vitest"; -import { createPluginRuntimeMock } from "../../test-utils/plugin-runtime-mock.js"; +import { createPluginRuntimeMock } from "../../../test/helpers/extensions/plugin-runtime-mock.js"; import { buildMSTeamsAttachmentPlaceholder, buildMSTeamsGraphMessageUrls, diff --git a/extensions/msteams/src/channel.directory.test.ts b/extensions/msteams/src/channel.directory.test.ts index be95e6103ea..df3547d012a 100644 --- a/extensions/msteams/src/channel.directory.test.ts +++ b/extensions/msteams/src/channel.directory.test.ts @@ -1,6 +1,9 @@ import type { OpenClawConfig, RuntimeEnv } from "openclaw/plugin-sdk/msteams"; import { describe, expect, it } from "vitest"; -import { createDirectoryTestRuntime, expectDirectorySurface } from "../../test-utils/directory.js"; +import { + createDirectoryTestRuntime, + expectDirectorySurface, +} from "../../../test/helpers/extensions/directory.js"; import { msteamsPlugin } from "./channel.js"; describe("msteams directory", () => { diff --git a/extensions/msteams/src/channel.runtime.ts b/extensions/msteams/src/channel.runtime.ts index 45a0147f46b..bc6c36a101b 100644 --- a/extensions/msteams/src/channel.runtime.ts +++ b/extensions/msteams/src/channel.runtime.ts @@ -1,4 +1,18 @@ -export { listMSTeamsDirectoryGroupsLive, listMSTeamsDirectoryPeersLive } from "./directory-live.js"; -export { msteamsOutbound } from "./outbound.js"; -export { probeMSTeams } from "./probe.js"; -export { sendAdaptiveCardMSTeams, sendMessageMSTeams } from "./send.js"; +import { + listMSTeamsDirectoryGroupsLive as listMSTeamsDirectoryGroupsLiveImpl, + listMSTeamsDirectoryPeersLive as listMSTeamsDirectoryPeersLiveImpl, +} from "./directory-live.js"; +import { msteamsOutbound as msteamsOutboundImpl } from "./outbound.js"; +import { probeMSTeams as probeMSTeamsImpl } from "./probe.js"; +import { + sendAdaptiveCardMSTeams as sendAdaptiveCardMSTeamsImpl, + sendMessageMSTeams as sendMessageMSTeamsImpl, +} from "./send.js"; +export const msTeamsChannelRuntime = { + listMSTeamsDirectoryGroupsLive: listMSTeamsDirectoryGroupsLiveImpl, + listMSTeamsDirectoryPeersLive: listMSTeamsDirectoryPeersLiveImpl, + msteamsOutbound: { ...msteamsOutboundImpl }, + probeMSTeams: probeMSTeamsImpl, + sendAdaptiveCardMSTeams: sendAdaptiveCardMSTeamsImpl, + sendMessageMSTeams: sendMessageMSTeamsImpl, +}; diff --git a/extensions/msteams/src/channel.ts b/extensions/msteams/src/channel.ts index c4d3f41054c..00430996001 100644 --- a/extensions/msteams/src/channel.ts +++ b/extensions/msteams/src/channel.ts @@ -1,7 +1,6 @@ -import { - collectAllowlistProviderRestrictSendersWarnings, - formatAllowFromLowercase, -} from "openclaw/plugin-sdk/compat"; +import { formatAllowFromLowercase } from "openclaw/plugin-sdk/allow-from"; +import { collectAllowlistProviderRestrictSendersWarnings } from "openclaw/plugin-sdk/channel-policy"; +import { createLazyRuntimeNamedExport } from "openclaw/plugin-sdk/lazy-runtime"; import type { ChannelMessageActionName, ChannelPlugin, @@ -58,9 +57,10 @@ const TEAMS_GRAPH_PERMISSION_HINTS: Record = { "Files.Read.All": "files (OneDrive)", }; -async function loadMSTeamsChannelRuntime() { - return await import("./channel.runtime.js"); -} +const loadMSTeamsChannelRuntime = createLazyRuntimeNamedExport( + () => import("./channel.runtime.js"), + "msTeamsChannelRuntime", +); export const msteamsPlugin: ChannelPlugin = { id: "msteams", diff --git a/extensions/msteams/src/graph-upload.test.ts b/extensions/msteams/src/graph-upload.test.ts index b79086f54ca..a41147840ec 100644 --- a/extensions/msteams/src/graph-upload.test.ts +++ b/extensions/msteams/src/graph-upload.test.ts @@ -1,5 +1,5 @@ import { describe, expect, it, vi } from "vitest"; -import { withFetchPreconnect } from "../../../src/test-utils/fetch-mock.js"; +import { withFetchPreconnect } from "../../../test/helpers/extensions/fetch-mock.js"; import { uploadToOneDrive, uploadToSharePoint } from "./graph-upload.js"; describe("graph upload helpers", () => { diff --git a/extensions/msteams/src/messenger.test.ts b/extensions/msteams/src/messenger.test.ts index cc4cf2fb6f0..e67017ed8fc 100644 --- a/extensions/msteams/src/messenger.test.ts +++ b/extensions/msteams/src/messenger.test.ts @@ -3,7 +3,7 @@ import os from "node:os"; import path from "node:path"; import { SILENT_REPLY_TOKEN, type PluginRuntime } from "openclaw/plugin-sdk/msteams"; import { beforeEach, describe, expect, it, vi } from "vitest"; -import { createPluginRuntimeMock } from "../../test-utils/plugin-runtime-mock.js"; +import { createPluginRuntimeMock } from "../../../test/helpers/extensions/plugin-runtime-mock.js"; import type { StoredConversationReference } from "./conversation-store.js"; const graphUploadMockState = vi.hoisted(() => ({ uploadAndShareOneDrive: vi.fn(), diff --git a/extensions/msteams/src/outbound.ts b/extensions/msteams/src/outbound.ts index 60d78a2dac5..8f56ab2ce4c 100644 --- a/extensions/msteams/src/outbound.ts +++ b/extensions/msteams/src/outbound.ts @@ -1,5 +1,5 @@ +import { resolveOutboundSendDep } from "openclaw/plugin-sdk/channel-runtime"; import type { ChannelOutboundAdapter } from "openclaw/plugin-sdk/msteams"; -import { resolveOutboundSendDep } from "../../../src/infra/outbound/send-deps.js"; import { createMSTeamsPollStoreFs } from "./polls.js"; import { getMSTeamsRuntime } from "./runtime.js"; import { sendMessageMSTeams, sendPollMSTeams } from "./send.js"; diff --git a/extensions/msteams/src/resolve-allowlist.ts b/extensions/msteams/src/resolve-allowlist.ts index 374cae2d965..3e28cf8a8cb 100644 --- a/extensions/msteams/src/resolve-allowlist.ts +++ b/extensions/msteams/src/resolve-allowlist.ts @@ -1,4 +1,4 @@ -import { mapAllowlistResolutionInputs } from "openclaw/plugin-sdk/compat"; +import { mapAllowlistResolutionInputs } from "openclaw/plugin-sdk/allowlist-resolution"; import { searchGraphUsers } from "./graph-users.js"; import { listChannelsForTeam, diff --git a/extensions/msteams/src/runtime.ts b/extensions/msteams/src/runtime.ts index f9d1dec5714..016d12e9b29 100644 --- a/extensions/msteams/src/runtime.ts +++ b/extensions/msteams/src/runtime.ts @@ -1,5 +1,5 @@ -import { createPluginRuntimeStore } from "openclaw/plugin-sdk/compat"; import type { PluginRuntime } from "openclaw/plugin-sdk/msteams"; +import { createPluginRuntimeStore } from "openclaw/plugin-sdk/runtime-store"; const { setRuntime: setMSTeamsRuntime, getRuntime: getMSTeamsRuntime } = createPluginRuntimeStore("MSTeams runtime not initialized"); diff --git a/extensions/msteams/src/setup-core.ts b/extensions/msteams/src/setup-core.ts index 74079aaf389..fb4246a8d0a 100644 --- a/extensions/msteams/src/setup-core.ts +++ b/extensions/msteams/src/setup-core.ts @@ -1,5 +1,4 @@ -import type { ChannelSetupAdapter } from "../../../src/channels/plugins/types.adapters.js"; -import { DEFAULT_ACCOUNT_ID } from "../../../src/routing/session-key.js"; +import { DEFAULT_ACCOUNT_ID, type ChannelSetupAdapter } from "openclaw/plugin-sdk/setup"; export const msteamsSetupAdapter: ChannelSetupAdapter = { resolveAccountId: () => DEFAULT_ACCOUNT_ID, diff --git a/extensions/msteams/src/setup-surface.ts b/extensions/msteams/src/setup-surface.ts index e3bc6169f6c..185bf3d7362 100644 --- a/extensions/msteams/src/setup-surface.ts +++ b/extensions/msteams/src/setup-surface.ts @@ -1,17 +1,18 @@ +import type { MSTeamsTeamConfig } from "openclaw/plugin-sdk/msteams"; import { + DEFAULT_ACCOUNT_ID, + formatDocsLink, mergeAllowFromEntries, setTopLevelChannelAllowFrom, setTopLevelChannelDmPolicyWithAllowFrom, setTopLevelChannelGroupPolicy, splitSetupEntries, -} from "../../../src/channels/plugins/setup-wizard-helpers.js"; -import type { ChannelSetupDmPolicy } from "../../../src/channels/plugins/setup-wizard-types.js"; -import type { ChannelSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import type { DmPolicy, MSTeamsTeamConfig } from "../../../src/config/types.js"; -import { DEFAULT_ACCOUNT_ID } from "../../../src/routing/session-key.js"; -import { formatDocsLink } from "../../../src/terminal/links.js"; -import type { WizardPrompter } from "../../../src/wizard/prompts.js"; + type ChannelSetupDmPolicy, + type ChannelSetupWizard, + type DmPolicy, + type OpenClawConfig, + type WizardPrompter, +} from "openclaw/plugin-sdk/setup"; import { parseMSTeamsTeamEntry, resolveMSTeamsChannelAllowlist, diff --git a/extensions/nextcloud-talk/api.ts b/extensions/nextcloud-talk/api.ts new file mode 100644 index 00000000000..05701614b9e --- /dev/null +++ b/extensions/nextcloud-talk/api.ts @@ -0,0 +1 @@ +export { nextcloudTalkPlugin } from "./src/channel.js"; diff --git a/extensions/nextcloud-talk/index.ts b/extensions/nextcloud-talk/index.ts index 697a810009f..56a398d705b 100644 --- a/extensions/nextcloud-talk/index.ts +++ b/extensions/nextcloud-talk/index.ts @@ -1,17 +1,14 @@ -import type { OpenClawPluginApi } from "openclaw/plugin-sdk/nextcloud-talk"; -import { emptyPluginConfigSchema } from "openclaw/plugin-sdk/nextcloud-talk"; +import { defineChannelPluginEntry } from "openclaw/plugin-sdk/core"; import { nextcloudTalkPlugin } from "./src/channel.js"; import { setNextcloudTalkRuntime } from "./src/runtime.js"; -const plugin = { +export { nextcloudTalkPlugin } from "./src/channel.js"; +export { setNextcloudTalkRuntime } from "./src/runtime.js"; + +export default defineChannelPluginEntry({ id: "nextcloud-talk", name: "Nextcloud Talk", description: "Nextcloud Talk channel plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { - setNextcloudTalkRuntime(api.runtime); - api.registerChannel({ plugin: nextcloudTalkPlugin }); - }, -}; - -export default plugin; + plugin: nextcloudTalkPlugin, + setRuntime: setNextcloudTalkRuntime, +}); diff --git a/extensions/nextcloud-talk/setup-entry.ts b/extensions/nextcloud-talk/setup-entry.ts index f33df37c7dc..88aec7d47e9 100644 --- a/extensions/nextcloud-talk/setup-entry.ts +++ b/extensions/nextcloud-talk/setup-entry.ts @@ -1,5 +1,4 @@ +import { defineSetupPluginEntry } from "openclaw/plugin-sdk/core"; import { nextcloudTalkPlugin } from "./src/channel.js"; -export default { - plugin: nextcloudTalkPlugin, -}; +export default defineSetupPluginEntry(nextcloudTalkPlugin); diff --git a/extensions/nextcloud-talk/src/accounts.ts b/extensions/nextcloud-talk/src/accounts.ts index 2cfba6fea44..1b9d2c16f93 100644 --- a/extensions/nextcloud-talk/src/accounts.ts +++ b/extensions/nextcloud-talk/src/accounts.ts @@ -1,4 +1,4 @@ -import { tryReadSecretFileSync } from "openclaw/plugin-sdk/core"; +import { tryReadSecretFileSync } from "openclaw/plugin-sdk/infra-runtime"; import { createAccountListHelpers, DEFAULT_ACCOUNT_ID, diff --git a/extensions/nextcloud-talk/src/channel.startup.test.ts b/extensions/nextcloud-talk/src/channel.startup.test.ts index 5fd0607e753..e0117936f51 100644 --- a/extensions/nextcloud-talk/src/channel.startup.test.ts +++ b/extensions/nextcloud-talk/src/channel.startup.test.ts @@ -1,9 +1,9 @@ import { afterEach, describe, expect, it, vi } from "vitest"; -import { createStartAccountContext } from "../../test-utils/start-account-context.js"; +import { createStartAccountContext } from "../../../test/helpers/extensions/start-account-context.js"; import { expectStopPendingUntilAbort, startAccountAndTrackLifecycle, -} from "../../test-utils/start-account-lifecycle.js"; +} from "../../../test/helpers/extensions/start-account-lifecycle.js"; import type { ResolvedNextcloudTalkAccount } from "./accounts.js"; const hoisted = vi.hoisted(() => ({ diff --git a/extensions/nextcloud-talk/src/channel.ts b/extensions/nextcloud-talk/src/channel.ts index 77ca7ed36f9..6101136a5e3 100644 --- a/extensions/nextcloud-talk/src/channel.ts +++ b/extensions/nextcloud-talk/src/channel.ts @@ -1,11 +1,11 @@ +import { formatAllowFromLowercase } from "openclaw/plugin-sdk/allow-from"; +import { mapAllowFromEntries } from "openclaw/plugin-sdk/channel-config-helpers"; +import { createAccountStatusSink } from "openclaw/plugin-sdk/channel-lifecycle"; import { buildAccountScopedDmSecurityPolicy, collectAllowlistProviderGroupPolicyWarnings, collectOpenGroupPolicyRouteAllowlistWarnings, - createAccountStatusSink, - formatAllowFromLowercase, - mapAllowFromEntries, -} from "openclaw/plugin-sdk/compat"; +} from "openclaw/plugin-sdk/channel-policy"; import { buildBaseChannelStatusSummary, buildChannelConfigSchema, diff --git a/extensions/nextcloud-talk/src/inbound.authz.test.ts b/extensions/nextcloud-talk/src/inbound.authz.test.ts index bde32abdb3c..873b74bc93a 100644 --- a/extensions/nextcloud-talk/src/inbound.authz.test.ts +++ b/extensions/nextcloud-talk/src/inbound.authz.test.ts @@ -5,28 +5,42 @@ import { handleNextcloudTalkInbound } from "./inbound.js"; import { setNextcloudTalkRuntime } from "./runtime.js"; import type { CoreConfig, NextcloudTalkInboundMessage } from "./types.js"; +function installInboundAuthzRuntime(params: { + readAllowFromStore: () => Promise; + buildMentionRegexes: () => RegExp[]; +}) { + setNextcloudTalkRuntime({ + channel: { + pairing: { + readAllowFromStore: params.readAllowFromStore, + }, + commands: { + shouldHandleTextCommands: () => false, + }, + text: { + hasControlCommand: () => false, + }, + mentions: { + buildMentionRegexes: params.buildMentionRegexes, + matchesMentionPatterns: () => false, + }, + }, + } as unknown as PluginRuntime); +} + +function createTestRuntimeEnv(): RuntimeEnv { + return { + log: vi.fn(), + error: vi.fn(), + } as unknown as RuntimeEnv; +} + describe("nextcloud-talk inbound authz", () => { it("does not treat DM pairing-store entries as group allowlist entries", async () => { const readAllowFromStore = vi.fn(async () => ["attacker"]); const buildMentionRegexes = vi.fn(() => [/@openclaw/i]); - setNextcloudTalkRuntime({ - channel: { - pairing: { - readAllowFromStore, - }, - commands: { - shouldHandleTextCommands: () => false, - }, - text: { - hasControlCommand: () => false, - }, - mentions: { - buildMentionRegexes, - matchesMentionPatterns: () => false, - }, - }, - } as unknown as PluginRuntime); + installInboundAuthzRuntime({ readAllowFromStore, buildMentionRegexes }); const message: NextcloudTalkInboundMessage = { messageId: "m-1", @@ -69,10 +83,7 @@ describe("nextcloud-talk inbound authz", () => { message, account, config, - runtime: { - log: vi.fn(), - error: vi.fn(), - } as unknown as RuntimeEnv, + runtime: createTestRuntimeEnv(), }); expect(readAllowFromStore).toHaveBeenCalledWith({ @@ -86,23 +97,7 @@ describe("nextcloud-talk inbound authz", () => { const readAllowFromStore = vi.fn(async () => []); const buildMentionRegexes = vi.fn(() => [/@openclaw/i]); - setNextcloudTalkRuntime({ - channel: { - pairing: { - readAllowFromStore, - }, - commands: { - shouldHandleTextCommands: () => false, - }, - text: { - hasControlCommand: () => false, - }, - mentions: { - buildMentionRegexes, - matchesMentionPatterns: () => false, - }, - }, - } as unknown as PluginRuntime); + installInboundAuthzRuntime({ readAllowFromStore, buildMentionRegexes }); const message: NextcloudTalkInboundMessage = { messageId: "m-2", @@ -146,10 +141,7 @@ describe("nextcloud-talk inbound authz", () => { }, }, }, - runtime: { - log: vi.fn(), - error: vi.fn(), - } as unknown as RuntimeEnv, + runtime: createTestRuntimeEnv(), }); expect(buildMentionRegexes).not.toHaveBeenCalled(); diff --git a/extensions/nextcloud-talk/src/runtime.ts b/extensions/nextcloud-talk/src/runtime.ts index 4e539eb3687..facf3a0cc05 100644 --- a/extensions/nextcloud-talk/src/runtime.ts +++ b/extensions/nextcloud-talk/src/runtime.ts @@ -1,5 +1,5 @@ -import { createPluginRuntimeStore } from "openclaw/plugin-sdk/compat"; import type { PluginRuntime } from "openclaw/plugin-sdk/nextcloud-talk"; +import { createPluginRuntimeStore } from "openclaw/plugin-sdk/runtime-store"; const { setRuntime: setNextcloudTalkRuntime, getRuntime: getNextcloudTalkRuntime } = createPluginRuntimeStore("Nextcloud Talk runtime not initialized"); diff --git a/extensions/nextcloud-talk/src/send.test.ts b/extensions/nextcloud-talk/src/send.test.ts index 3ee178b815d..b82ac1c4309 100644 --- a/extensions/nextcloud-talk/src/send.test.ts +++ b/extensions/nextcloud-talk/src/send.test.ts @@ -3,7 +3,7 @@ import { createSendCfgThreadingRuntime, expectProvidedCfgSkipsRuntimeLoad, expectRuntimeCfgFallback, -} from "../../test-utils/send-config.js"; +} from "../../../test/helpers/extensions/send-config.js"; const hoisted = vi.hoisted(() => ({ loadConfig: vi.fn(), diff --git a/extensions/nextcloud-talk/src/setup-core.ts b/extensions/nextcloud-talk/src/setup-core.ts index 1d45a392fd1..4e976605b85 100644 --- a/extensions/nextcloud-talk/src/setup-core.ts +++ b/extensions/nextcloud-talk/src/setup-core.ts @@ -1,21 +1,21 @@ +import type { ChannelSetupAdapter } from "openclaw/plugin-sdk/channel-runtime"; +import type { ChannelSetupInput } from "openclaw/plugin-sdk/channel-runtime"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "openclaw/plugin-sdk/routing"; import { applyAccountNameToChannelSection, patchScopedAccountConfig, -} from "../../../src/channels/plugins/setup-helpers.js"; +} from "openclaw/plugin-sdk/setup"; import { mergeAllowFromEntries, resolveSetupAccountId, setSetupChannelEnabled, setTopLevelChannelDmPolicyWithAllowFrom, -} from "../../../src/channels/plugins/setup-wizard-helpers.js"; -import type { ChannelSetupDmPolicy } from "../../../src/channels/plugins/setup-wizard-types.js"; -import { type ChannelSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import type { ChannelSetupAdapter } from "../../../src/channels/plugins/types.adapters.js"; -import type { ChannelSetupInput } from "../../../src/channels/plugins/types.core.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js"; -import { formatDocsLink } from "../../../src/terminal/links.js"; -import type { WizardPrompter } from "../../../src/wizard/prompts.js"; +} from "openclaw/plugin-sdk/setup"; +import type { ChannelSetupDmPolicy } from "openclaw/plugin-sdk/setup"; +import { type ChannelSetupWizard } from "openclaw/plugin-sdk/setup"; +import { formatDocsLink } from "openclaw/plugin-sdk/setup"; +import type { WizardPrompter } from "openclaw/plugin-sdk/setup"; import { listNextcloudTalkAccountIds, resolveDefaultNextcloudTalkAccountId, @@ -174,7 +174,7 @@ async function promptNextcloudTalkAllowFromForAccount(params: { }); } -const nextcloudTalkDmPolicy: ChannelSetupDmPolicy = { +export const nextcloudTalkDmPolicy: ChannelSetupDmPolicy = { label: "Nextcloud Talk", channel, policyKey: "channels.nextcloud-talk.dmPolicy", diff --git a/extensions/nextcloud-talk/src/setup-surface.ts b/extensions/nextcloud-talk/src/setup-surface.ts index da839359ff2..776a9a4fe3e 100644 --- a/extensions/nextcloud-talk/src/setup-surface.ts +++ b/extensions/nextcloud-talk/src/setup-surface.ts @@ -1,24 +1,14 @@ -import { - mergeAllowFromEntries, - resolveSetupAccountId, - setSetupChannelEnabled, - setTopLevelChannelDmPolicyWithAllowFrom, -} from "../../../src/channels/plugins/setup-wizard-helpers.js"; -import type { ChannelSetupDmPolicy } from "../../../src/channels/plugins/setup-wizard-types.js"; -import { type ChannelSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import type { ChannelSetupInput } from "../../../src/channels/plugins/types.core.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { hasConfiguredSecretInput } from "../../../src/config/types.secrets.js"; -import { DEFAULT_ACCOUNT_ID } from "../../../src/routing/session-key.js"; -import { formatDocsLink } from "../../../src/terminal/links.js"; -import type { WizardPrompter } from "../../../src/wizard/prompts.js"; -import { - listNextcloudTalkAccountIds, - resolveDefaultNextcloudTalkAccountId, - resolveNextcloudTalkAccount, -} from "./accounts.js"; +import type { ChannelSetupInput } from "openclaw/plugin-sdk/channel-runtime"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { hasConfiguredSecretInput } from "openclaw/plugin-sdk/config-runtime"; +import { DEFAULT_ACCOUNT_ID } from "openclaw/plugin-sdk/routing"; +import { setSetupChannelEnabled } from "openclaw/plugin-sdk/setup"; +import { type ChannelSetupWizard } from "openclaw/plugin-sdk/setup"; +import { formatDocsLink } from "openclaw/plugin-sdk/setup"; +import { listNextcloudTalkAccountIds, resolveNextcloudTalkAccount } from "./accounts.js"; import { clearNextcloudTalkAccountFields, + nextcloudTalkDmPolicy, nextcloudTalkSetupAdapter, normalizeNextcloudTalkBaseUrl, setNextcloudTalkAccountConfig, @@ -29,83 +19,6 @@ import type { CoreConfig, DmPolicy } from "./types.js"; const channel = "nextcloud-talk" as const; const CONFIGURE_API_FLAG = "__nextcloudTalkConfigureApiCredentials"; -function setNextcloudTalkDmPolicy(cfg: CoreConfig, dmPolicy: DmPolicy): CoreConfig { - return setTopLevelChannelDmPolicyWithAllowFrom({ - cfg, - channel, - dmPolicy, - }) as CoreConfig; -} - -async function promptNextcloudTalkAllowFrom(params: { - cfg: CoreConfig; - prompter: WizardPrompter; - accountId: string; -}): Promise { - const resolved = resolveNextcloudTalkAccount({ cfg: params.cfg, accountId: params.accountId }); - const existingAllowFrom = resolved.config.allowFrom ?? []; - await params.prompter.note( - [ - "1) Check the Nextcloud admin panel for user IDs", - "2) Or look at the webhook payload logs when someone messages", - "3) User IDs are typically lowercase usernames in Nextcloud", - `Docs: ${formatDocsLink("/channels/nextcloud-talk", "channels/nextcloud-talk")}`, - ].join("\n"), - "Nextcloud Talk user id", - ); - - let resolvedIds: string[] = []; - while (resolvedIds.length === 0) { - const entry = await params.prompter.text({ - message: "Nextcloud Talk allowFrom (user id)", - placeholder: "username", - initialValue: existingAllowFrom[0] ? String(existingAllowFrom[0]) : undefined, - validate: (value) => (String(value ?? "").trim() ? undefined : "Required"), - }); - resolvedIds = String(entry) - .split(/[\n,;]+/g) - .map((value) => value.trim().toLowerCase()) - .filter(Boolean); - if (resolvedIds.length === 0) { - await params.prompter.note("Please enter at least one valid user ID.", "Nextcloud Talk"); - } - } - - return setNextcloudTalkAccountConfig(params.cfg, params.accountId, { - dmPolicy: "allowlist", - allowFrom: mergeAllowFromEntries( - existingAllowFrom.map((value) => String(value).trim().toLowerCase()), - resolvedIds, - ), - }); -} - -async function promptNextcloudTalkAllowFromForAccount(params: { - cfg: OpenClawConfig; - prompter: WizardPrompter; - accountId?: string; -}): Promise { - const accountId = resolveSetupAccountId({ - accountId: params.accountId, - defaultAccountId: resolveDefaultNextcloudTalkAccountId(params.cfg as CoreConfig), - }); - return await promptNextcloudTalkAllowFrom({ - cfg: params.cfg as CoreConfig, - prompter: params.prompter, - accountId, - }); -} - -const nextcloudTalkDmPolicy: ChannelSetupDmPolicy = { - label: "Nextcloud Talk", - channel, - policyKey: "channels.nextcloud-talk.dmPolicy", - allowFromKey: "channels.nextcloud-talk.allowFrom", - getCurrent: (cfg) => cfg.channels?.["nextcloud-talk"]?.dmPolicy ?? "pairing", - setPolicy: (cfg, policy) => setNextcloudTalkDmPolicy(cfg as CoreConfig, policy as DmPolicy), - promptAllowFrom: promptNextcloudTalkAllowFromForAccount, -}; - export const nextcloudTalkSetupWizard: ChannelSetupWizard = { channel, stepOrder: "text-first", diff --git a/extensions/nostr/api.ts b/extensions/nostr/api.ts new file mode 100644 index 00000000000..7c705aec6e5 --- /dev/null +++ b/extensions/nostr/api.ts @@ -0,0 +1 @@ +export * from "./src/setup-surface.js"; diff --git a/extensions/nostr/index.ts b/extensions/nostr/index.ts index d8fdb203924..2b891c4f0f2 100644 --- a/extensions/nostr/index.ts +++ b/extensions/nostr/index.ts @@ -1,24 +1,20 @@ -import type { OpenClawPluginApi } from "openclaw/plugin-sdk/nostr"; -import { emptyPluginConfigSchema } from "openclaw/plugin-sdk/nostr"; +import { defineChannelPluginEntry } from "openclaw/plugin-sdk/core"; import { nostrPlugin } from "./src/channel.js"; import type { NostrProfile } from "./src/config-schema.js"; import { createNostrProfileHttpHandler } from "./src/nostr-profile-http.js"; -import { setNostrRuntime, getNostrRuntime } from "./src/runtime.js"; +import { getNostrRuntime, setNostrRuntime } from "./src/runtime.js"; import { resolveNostrAccount } from "./src/types.js"; -const plugin = { +export { nostrPlugin } from "./src/channel.js"; +export { setNostrRuntime } from "./src/runtime.js"; + +export default defineChannelPluginEntry({ id: "nostr", name: "Nostr", description: "Nostr DM channel plugin via NIP-04", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { - setNostrRuntime(api.runtime); - api.registerChannel({ plugin: nostrPlugin }); - if (api.registrationMode !== "full") { - return; - } - - // Register HTTP handler for profile management + plugin: nostrPlugin, + setRuntime: setNostrRuntime, + registerFull(api) { const httpHandler = createNostrProfileHttpHandler({ getConfigProfile: (accountId: string) => { const runtime = getNostrRuntime(); @@ -30,23 +26,18 @@ const plugin = { const runtime = getNostrRuntime(); const cfg = runtime.config.loadConfig(); - // Build the config patch for channels.nostr.profile const channels = (cfg.channels ?? {}) as Record; const nostrConfig = (channels.nostr ?? {}) as Record; - const updatedNostrConfig = { - ...nostrConfig, - profile, - }; - - const updatedChannels = { - ...channels, - nostr: updatedNostrConfig, - }; - await runtime.config.writeConfigFile({ ...cfg, - channels: updatedChannels, + channels: { + ...channels, + nostr: { + ...nostrConfig, + profile, + }, + }, }); }, getAccountInfo: (accountId: string) => { @@ -71,6 +62,4 @@ const plugin = { handler: httpHandler, }); }, -}; - -export default plugin; +}); diff --git a/extensions/nostr/setup-entry.ts b/extensions/nostr/setup-entry.ts index 8884a71cc80..f2ac263fd0f 100644 --- a/extensions/nostr/setup-entry.ts +++ b/extensions/nostr/setup-entry.ts @@ -1,5 +1,4 @@ +import { defineSetupPluginEntry } from "openclaw/plugin-sdk/core"; import { nostrPlugin } from "./src/channel.js"; -export default { - plugin: nostrPlugin, -}; +export default defineSetupPluginEntry(nostrPlugin); diff --git a/extensions/nostr/src/channel.outbound.test.ts b/extensions/nostr/src/channel.outbound.test.ts index 0aa63485951..0bbe7f880bf 100644 --- a/extensions/nostr/src/channel.outbound.test.ts +++ b/extensions/nostr/src/channel.outbound.test.ts @@ -1,6 +1,6 @@ import type { PluginRuntime } from "openclaw/plugin-sdk/nostr"; import { afterEach, describe, expect, it, vi } from "vitest"; -import { createStartAccountContext } from "../../test-utils/start-account-context.js"; +import { createStartAccountContext } from "../../../test/helpers/extensions/start-account-context.js"; import { nostrPlugin } from "./channel.js"; import { setNostrRuntime } from "./runtime.js"; diff --git a/extensions/nostr/src/config-schema.ts b/extensions/nostr/src/config-schema.ts index 25d928b4837..53346b0789d 100644 --- a/extensions/nostr/src/config-schema.ts +++ b/extensions/nostr/src/config-schema.ts @@ -1,4 +1,4 @@ -import { AllowFromListSchema, DmPolicySchema } from "openclaw/plugin-sdk/compat"; +import { AllowFromListSchema, DmPolicySchema } from "openclaw/plugin-sdk/channel-config-schema"; import { MarkdownConfigSchema, buildChannelConfigSchema } from "openclaw/plugin-sdk/nostr"; import { z } from "zod"; diff --git a/extensions/nostr/src/runtime.ts b/extensions/nostr/src/runtime.ts index 347079d9750..7c70d903712 100644 --- a/extensions/nostr/src/runtime.ts +++ b/extensions/nostr/src/runtime.ts @@ -1,5 +1,5 @@ -import { createPluginRuntimeStore } from "openclaw/plugin-sdk/compat"; import type { PluginRuntime } from "openclaw/plugin-sdk/nostr"; +import { createPluginRuntimeStore } from "openclaw/plugin-sdk/runtime-store"; const { setRuntime: setNostrRuntime, getRuntime: getNostrRuntime } = createPluginRuntimeStore("Nostr runtime not initialized"); diff --git a/extensions/nostr/src/setup-surface.test.ts b/extensions/nostr/src/setup-surface.test.ts index 0a46946f8f9..98e479842c5 100644 --- a/extensions/nostr/src/setup-surface.test.ts +++ b/extensions/nostr/src/setup-surface.test.ts @@ -1,30 +1,13 @@ import type { OpenClawConfig } from "openclaw/plugin-sdk/nostr"; import { describe, expect, it, vi } from "vitest"; import { buildChannelSetupWizardAdapterFromSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import type { WizardPrompter } from "../../../src/wizard/prompts.js"; -import { createRuntimeEnv } from "../../test-utils/runtime-env.js"; +import { createRuntimeEnv } from "../../../test/helpers/extensions/runtime-env.js"; +import { + createTestWizardPrompter, + type WizardPrompter, +} from "../../../test/helpers/extensions/setup-wizard.js"; import { nostrPlugin } from "./channel.js"; -function createPrompter(overrides: Partial): WizardPrompter { - return { - intro: vi.fn(async () => {}), - outro: vi.fn(async () => {}), - note: vi.fn(async () => {}), - select: vi.fn(async ({ options }: { options: Array<{ value: string }> }) => { - const first = options[0]; - if (!first) { - throw new Error("no options"); - } - return first.value; - }) as WizardPrompter["select"], - multiselect: vi.fn(async () => []), - text: vi.fn(async () => "") as WizardPrompter["text"], - confirm: vi.fn(async () => false), - progress: vi.fn(() => ({ update: vi.fn(), stop: vi.fn() })), - ...overrides, - }; -} - const nostrConfigureAdapter = buildChannelSetupWizardAdapterFromSetupWizard({ plugin: nostrPlugin, wizard: nostrPlugin.setupWizard!, @@ -32,7 +15,7 @@ const nostrConfigureAdapter = buildChannelSetupWizardAdapterFromSetupWizard({ describe("nostr setup wizard", () => { it("configures a private key and relay URLs", async () => { - const prompter = createPrompter({ + const prompter = createTestWizardPrompter({ text: vi.fn(async ({ message }: { message: string }) => { if (message === "Nostr private key (nsec... or hex)") { return "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"; diff --git a/extensions/nostr/src/setup-surface.ts b/extensions/nostr/src/setup-surface.ts index e284d7b68a6..fca302e75fb 100644 --- a/extensions/nostr/src/setup-surface.ts +++ b/extensions/nostr/src/setup-surface.ts @@ -1,18 +1,18 @@ +import type { ChannelSetupAdapter } from "openclaw/plugin-sdk/channel-runtime"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import type { DmPolicy } from "openclaw/plugin-sdk/config-runtime"; +import { DEFAULT_ACCOUNT_ID } from "openclaw/plugin-sdk/routing"; import { mergeAllowFromEntries, parseSetupEntriesWithParser, setTopLevelChannelAllowFrom, setTopLevelChannelDmPolicyWithAllowFrom, splitSetupEntries, -} from "../../../src/channels/plugins/setup-wizard-helpers.js"; -import type { ChannelSetupDmPolicy } from "../../../src/channels/plugins/setup-wizard-types.js"; -import type { ChannelSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import type { ChannelSetupAdapter } from "../../../src/channels/plugins/types.adapters.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import type { DmPolicy } from "../../../src/config/types.js"; -import { DEFAULT_ACCOUNT_ID } from "../../../src/routing/session-key.js"; -import { formatDocsLink } from "../../../src/terminal/links.js"; -import type { WizardPrompter } from "../../../src/wizard/prompts.js"; +} from "openclaw/plugin-sdk/setup"; +import type { ChannelSetupDmPolicy } from "openclaw/plugin-sdk/setup"; +import type { ChannelSetupWizard } from "openclaw/plugin-sdk/setup"; +import { formatDocsLink } from "openclaw/plugin-sdk/setup"; +import type { WizardPrompter } from "openclaw/plugin-sdk/setup"; import { DEFAULT_RELAYS } from "./default-relays.js"; import { getPublicKeyFromPrivate, normalizePubkey } from "./nostr-bus.js"; import { resolveNostrAccount } from "./types.js"; diff --git a/extensions/nvidia/index.ts b/extensions/nvidia/index.ts index afa83c4dff4..a5018e63579 100644 --- a/extensions/nvidia/index.ts +++ b/extensions/nvidia/index.ts @@ -1,14 +1,14 @@ -import { emptyPluginConfigSchema, type OpenClawPluginApi } from "openclaw/plugin-sdk/core"; -import { buildNvidiaProvider } from "../../src/agents/models-config.providers.static.js"; +import { definePluginEntry } from "openclaw/plugin-sdk/core"; +import { buildSingleProviderApiKeyCatalog } from "openclaw/plugin-sdk/provider-catalog"; +import { buildNvidiaProvider } from "./provider-catalog.js"; const PROVIDER_ID = "nvidia"; -const nvidiaPlugin = { +export default definePluginEntry({ id: PROVIDER_ID, name: "NVIDIA Provider", description: "Bundled NVIDIA provider plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerProvider({ id: PROVIDER_ID, label: "NVIDIA", @@ -17,21 +17,13 @@ const nvidiaPlugin = { auth: [], catalog: { order: "simple", - run: async (ctx) => { - const apiKey = ctx.resolveProviderApiKey(PROVIDER_ID).apiKey; - if (!apiKey) { - return null; - } - return { - provider: { - ...buildNvidiaProvider(), - apiKey, - }, - }; - }, + run: (ctx) => + buildSingleProviderApiKeyCatalog({ + ctx, + providerId: PROVIDER_ID, + buildProvider: buildNvidiaProvider, + }), }, }); }, -}; - -export default nvidiaPlugin; +}); diff --git a/extensions/nvidia/provider-catalog.ts b/extensions/nvidia/provider-catalog.ts new file mode 100644 index 00000000000..ce66986e20a --- /dev/null +++ b/extensions/nvidia/provider-catalog.ts @@ -0,0 +1,48 @@ +import type { ModelProviderConfig } from "openclaw/plugin-sdk/provider-models"; + +const NVIDIA_BASE_URL = "https://integrate.api.nvidia.com/v1"; +const NVIDIA_DEFAULT_MODEL_ID = "nvidia/llama-3.1-nemotron-70b-instruct"; +const NVIDIA_DEFAULT_CONTEXT_WINDOW = 131072; +const NVIDIA_DEFAULT_MAX_TOKENS = 4096; +const NVIDIA_DEFAULT_COST = { + input: 0, + output: 0, + cacheRead: 0, + cacheWrite: 0, +}; + +export function buildNvidiaProvider(): ModelProviderConfig { + return { + baseUrl: NVIDIA_BASE_URL, + api: "openai-completions", + models: [ + { + id: NVIDIA_DEFAULT_MODEL_ID, + name: "NVIDIA Llama 3.1 Nemotron 70B Instruct", + reasoning: false, + input: ["text"], + cost: NVIDIA_DEFAULT_COST, + contextWindow: NVIDIA_DEFAULT_CONTEXT_WINDOW, + maxTokens: NVIDIA_DEFAULT_MAX_TOKENS, + }, + { + id: "meta/llama-3.3-70b-instruct", + name: "Meta Llama 3.3 70B Instruct", + reasoning: false, + input: ["text"], + cost: NVIDIA_DEFAULT_COST, + contextWindow: 131072, + maxTokens: 4096, + }, + { + id: "nvidia/mistral-nemo-minitron-8b-8k-instruct", + name: "NVIDIA Mistral NeMo Minitron 8B Instruct", + reasoning: false, + input: ["text"], + cost: NVIDIA_DEFAULT_COST, + contextWindow: 8192, + maxTokens: 2048, + }, + ], + }; +} diff --git a/extensions/ollama/index.ts b/extensions/ollama/index.ts index 9f4e7eef1ea..6f7ec7f2088 100644 --- a/extensions/ollama/index.ts +++ b/extensions/ollama/index.ts @@ -1,13 +1,12 @@ import { - emptyPluginConfigSchema, + definePluginEntry, type OpenClawPluginApi, type ProviderAuthContext, type ProviderAuthMethodNonInteractiveContext, type ProviderAuthResult, type ProviderDiscoveryContext, } from "openclaw/plugin-sdk/core"; -import { resolveOllamaApiBase } from "../../src/agents/models-config.providers.discovery.js"; -import { OLLAMA_DEFAULT_BASE_URL } from "../../src/agents/ollama-defaults.js"; +import { OLLAMA_DEFAULT_BASE_URL, resolveOllamaApiBase } from "openclaw/plugin-sdk/provider-models"; const PROVIDER_ID = "ollama"; const DEFAULT_API_KEY = "ollama-local"; @@ -16,11 +15,10 @@ async function loadProviderSetup() { return await import("openclaw/plugin-sdk/ollama-setup"); } -const ollamaPlugin = { +export default definePluginEntry({ id: "ollama", name: "Ollama Provider", description: "Bundled Ollama provider plugin", - configSchema: emptyPluginConfigSchema(), register(api: OpenClawPluginApi) { api.registerProvider({ id: PROVIDER_ID, @@ -124,6 +122,4 @@ const ollamaPlugin = { }, }); }, -}; - -export default ollamaPlugin; +}); diff --git a/extensions/open-prose/index.ts b/extensions/open-prose/index.ts index 76fa2b18f9e..540148f498c 100644 --- a/extensions/open-prose/index.ts +++ b/extensions/open-prose/index.ts @@ -1,5 +1,10 @@ -import type { OpenClawPluginApi } from "openclaw/plugin-sdk/open-prose"; +import { definePluginEntry, type OpenClawPluginApi } from "openclaw/plugin-sdk/open-prose"; -export default function register(_api: OpenClawPluginApi) { - // OpenProse is delivered via plugin-shipped skills. -} +export default definePluginEntry({ + id: "open-prose", + name: "OpenProse", + description: "Plugin-shipped prose skills bundle", + register(_api: OpenClawPluginApi) { + // OpenProse is delivered via plugin-shipped skills. + }, +}); diff --git a/extensions/openai/index.ts b/extensions/openai/index.ts index 3a01aad8db9..5664d19b82c 100644 --- a/extensions/openai/index.ts +++ b/extensions/openai/index.ts @@ -1,16 +1,19 @@ -import { emptyPluginConfigSchema, type OpenClawPluginApi } from "openclaw/plugin-sdk/core"; +import { definePluginEntry } from "openclaw/plugin-sdk/core"; +import { buildOpenAIImageGenerationProvider } from "openclaw/plugin-sdk/image-generation"; +import { buildOpenAISpeechProvider } from "openclaw/plugin-sdk/speech"; +import { openaiMediaUnderstandingProvider } from "./media-understanding-provider.js"; import { buildOpenAICodexProviderPlugin } from "./openai-codex-provider.js"; import { buildOpenAIProvider } from "./openai-provider.js"; -const openAIPlugin = { +export default definePluginEntry({ id: "openai", name: "OpenAI Provider", description: "Bundled OpenAI provider plugins", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerProvider(buildOpenAIProvider()); api.registerProvider(buildOpenAICodexProviderPlugin()); + api.registerSpeechProvider(buildOpenAISpeechProvider()); + api.registerMediaUnderstandingProvider(openaiMediaUnderstandingProvider); + api.registerImageGenerationProvider(buildOpenAIImageGenerationProvider()); }, -}; - -export default openAIPlugin; +}); diff --git a/extensions/openai/media-understanding-provider.ts b/extensions/openai/media-understanding-provider.ts new file mode 100644 index 00000000000..9fb66df20dc --- /dev/null +++ b/extensions/openai/media-understanding-provider.ts @@ -0,0 +1,26 @@ +import { + describeImageWithModel, + describeImagesWithModel, + transcribeOpenAiCompatibleAudio, + type AudioTranscriptionRequest, + type MediaUnderstandingProvider, +} from "openclaw/plugin-sdk/media-understanding"; + +export const DEFAULT_OPENAI_AUDIO_BASE_URL = "https://api.openai.com/v1"; +const DEFAULT_OPENAI_AUDIO_MODEL = "gpt-4o-mini-transcribe"; + +export async function transcribeOpenAiAudio(params: AudioTranscriptionRequest) { + return await transcribeOpenAiCompatibleAudio({ + ...params, + defaultBaseUrl: DEFAULT_OPENAI_AUDIO_BASE_URL, + defaultModel: DEFAULT_OPENAI_AUDIO_MODEL, + }); +} + +export const openaiMediaUnderstandingProvider: MediaUnderstandingProvider = { + id: "openai", + capabilities: ["image", "audio"], + describeImage: describeImageWithModel, + describeImages: describeImagesWithModel, + transcribeAudio: transcribeOpenAiAudio, +}; diff --git a/extensions/openai/openai-codex-catalog.ts b/extensions/openai/openai-codex-catalog.ts new file mode 100644 index 00000000000..11c1d564986 --- /dev/null +++ b/extensions/openai/openai-codex-catalog.ts @@ -0,0 +1,11 @@ +import type { ModelProviderConfig } from "openclaw/plugin-sdk/provider-models"; + +export const OPENAI_CODEX_BASE_URL = "https://chatgpt.com/backend-api"; + +export function buildOpenAICodexProvider(): ModelProviderConfig { + return { + baseUrl: OPENAI_CODEX_BASE_URL, + api: "openai-codex-responses", + models: [], + }; +} diff --git a/extensions/openai/openai-codex-provider.ts b/extensions/openai/openai-codex-provider.ts index 999c37c6204..02407d3879a 100644 --- a/extensions/openai/openai-codex-provider.ts +++ b/extensions/openai/openai-codex-provider.ts @@ -4,18 +4,22 @@ import type { ProviderResolveDynamicModelContext, ProviderRuntimeModel, } from "openclaw/plugin-sdk/core"; -import { CODEX_CLI_PROFILE_ID } from "../../src/agents/auth-profiles.js"; -import { listProfilesForProvider } from "../../src/agents/auth-profiles/profiles.js"; -import { ensureAuthProfileStore } from "../../src/agents/auth-profiles/store.js"; -import type { OAuthCredential } from "../../src/agents/auth-profiles/types.js"; -import { DEFAULT_CONTEXT_TOKENS } from "../../src/agents/defaults.js"; -import { normalizeModelCompat } from "../../src/agents/model-compat.js"; -import { buildOpenAICodexProvider } from "../../src/agents/models-config.providers.static.js"; -import { normalizeProviderId } from "../../src/agents/provider-id.js"; -import { loginOpenAICodexOAuth } from "../../src/commands/openai-codex-oauth.js"; -import { fetchCodexUsage } from "../../src/infra/provider-usage.fetch.js"; -import { buildOauthProviderAuthResult } from "../../src/plugin-sdk/provider-auth-result.js"; -import type { ProviderPlugin } from "../../src/plugins/types.js"; +import { buildOauthProviderAuthResult } from "openclaw/plugin-sdk/provider-auth"; +import { + CODEX_CLI_PROFILE_ID, + ensureAuthProfileStore, + listProfilesForProvider, + loginOpenAICodexOAuth, + type OAuthCredential, +} from "openclaw/plugin-sdk/provider-auth"; +import { + DEFAULT_CONTEXT_TOKENS, + normalizeModelCompat, + normalizeProviderId, + type ProviderPlugin, +} from "openclaw/plugin-sdk/provider-models"; +import { fetchCodexUsage } from "openclaw/plugin-sdk/provider-usage"; +import { buildOpenAICodexProvider } from "./openai-codex-catalog.js"; import { cloneFirstTemplateModel, findCatalogTemplate, diff --git a/extensions/openai/openai-provider.ts b/extensions/openai/openai-provider.ts index 9c93ec1bd27..8e97b56573f 100644 --- a/extensions/openai/openai-provider.ts +++ b/extensions/openai/openai-provider.ts @@ -2,14 +2,14 @@ import { type ProviderResolveDynamicModelContext, type ProviderRuntimeModel, } from "openclaw/plugin-sdk/core"; -import { normalizeModelCompat } from "../../src/agents/model-compat.js"; -import { normalizeProviderId } from "../../src/agents/provider-id.js"; +import { createProviderApiKeyAuthMethod } from "openclaw/plugin-sdk/provider-auth"; import { applyOpenAIConfig, + normalizeModelCompat, + normalizeProviderId, OPENAI_DEFAULT_MODEL, -} from "../../src/commands/openai-model-default.js"; -import { createProviderApiKeyAuthMethod } from "../../src/plugins/provider-api-key-auth.js"; -import type { ProviderPlugin } from "../../src/plugins/types.js"; + type ProviderPlugin, +} from "openclaw/plugin-sdk/provider-models"; import { cloneFirstTemplateModel, findCatalogTemplate, diff --git a/extensions/openai/shared.ts b/extensions/openai/shared.ts index 4e4c8c2d850..1316accf906 100644 --- a/extensions/openai/shared.ts +++ b/extensions/openai/shared.ts @@ -1,8 +1,5 @@ -import { normalizeModelCompat } from "../../src/agents/model-compat.js"; -import type { - ProviderResolveDynamicModelContext, - ProviderRuntimeModel, -} from "../../src/plugins/types.js"; +import { findCatalogTemplate } from "openclaw/plugin-sdk/provider-catalog"; +import { cloneFirstTemplateModel } from "openclaw/plugin-sdk/provider-models"; export const OPENAI_API_BASE_URL = "https://api.openai.com/v1"; @@ -22,44 +19,5 @@ export function isOpenAIApiBaseUrl(baseUrl?: string): boolean { return /^https?:\/\/api\.openai\.com(?:\/v1)?\/?$/i.test(trimmed); } -export function cloneFirstTemplateModel(params: { - providerId: string; - modelId: string; - templateIds: readonly string[]; - ctx: ProviderResolveDynamicModelContext; - patch?: Partial; -}): ProviderRuntimeModel | undefined { - const trimmedModelId = params.modelId.trim(); - for (const templateId of [...new Set(params.templateIds)].filter(Boolean)) { - const template = params.ctx.modelRegistry.find( - params.providerId, - templateId, - ) as ProviderRuntimeModel | null; - if (!template) { - continue; - } - return normalizeModelCompat({ - ...template, - id: trimmedModelId, - name: trimmedModelId, - ...params.patch, - } as ProviderRuntimeModel); - } - return undefined; -} - -export function findCatalogTemplate(params: { - entries: ReadonlyArray<{ provider: string; id: string }>; - providerId: string; - templateIds: readonly string[]; -}) { - return params.templateIds - .map((templateId) => - params.entries.find( - (entry) => - entry.provider.toLowerCase() === params.providerId.toLowerCase() && - entry.id.toLowerCase() === templateId.toLowerCase(), - ), - ) - .find((entry) => entry !== undefined); -} +export { cloneFirstTemplateModel }; +export { findCatalogTemplate }; diff --git a/extensions/opencode-go/index.ts b/extensions/opencode-go/index.ts index c0a8cea9b91..8ef9b6ea0b4 100644 --- a/extensions/opencode-go/index.ts +++ b/extensions/opencode-go/index.ts @@ -1,16 +1,15 @@ -import { emptyPluginConfigSchema, type OpenClawPluginApi } from "openclaw/plugin-sdk/core"; -import { applyOpencodeGoConfig } from "../../src/commands/onboard-auth.config-opencode-go.js"; -import { OPENCODE_GO_DEFAULT_MODEL_REF } from "../../src/commands/opencode-go-model-default.js"; -import { createProviderApiKeyAuthMethod } from "../../src/plugins/provider-api-key-auth.js"; +import { definePluginEntry } from "openclaw/plugin-sdk/core"; +import { createProviderApiKeyAuthMethod } from "openclaw/plugin-sdk/provider-auth"; +import { OPENCODE_GO_DEFAULT_MODEL_REF } from "openclaw/plugin-sdk/provider-models"; +import { applyOpencodeGoConfig } from "./onboard.js"; const PROVIDER_ID = "opencode-go"; -const opencodeGoPlugin = { +export default definePluginEntry({ id: PROVIDER_ID, name: "OpenCode Go Provider", description: "Bundled OpenCode Go provider plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerProvider({ id: PROVIDER_ID, label: "OpenCode Go", @@ -53,6 +52,4 @@ const opencodeGoPlugin = { isModernModelRef: () => true, }); }, -}; - -export default opencodeGoPlugin; +}); diff --git a/src/commands/onboard-auth.config-opencode-go.ts b/extensions/opencode-go/onboard.ts similarity index 62% rename from src/commands/onboard-auth.config-opencode-go.ts rename to extensions/opencode-go/onboard.ts index 25be5ffa18f..ec5727f9525 100644 --- a/src/commands/onboard-auth.config-opencode-go.ts +++ b/extensions/opencode-go/onboard.ts @@ -1,6 +1,10 @@ -import type { OpenClawConfig } from "../config/config.js"; -import { applyAgentDefaultModelPrimary } from "./onboard-auth.config-shared.js"; -import { OPENCODE_GO_DEFAULT_MODEL_REF } from "./opencode-go-model-default.js"; +import { OPENCODE_GO_DEFAULT_MODEL_REF } from "openclaw/plugin-sdk/provider-models"; +import { + applyAgentDefaultModelPrimary, + type OpenClawConfig, +} from "openclaw/plugin-sdk/provider-onboard"; + +export { OPENCODE_GO_DEFAULT_MODEL_REF }; const OPENCODE_GO_ALIAS_DEFAULTS: Record = { "opencode-go/kimi-k2.5": "Kimi", @@ -9,7 +13,6 @@ const OPENCODE_GO_ALIAS_DEFAULTS: Record = { }; export function applyOpencodeGoProviderConfig(cfg: OpenClawConfig): OpenClawConfig { - // Use the built-in opencode-go provider from pi-ai; only seed allowlist aliases. const models = { ...cfg.agents?.defaults?.models }; for (const [modelRef, alias] of Object.entries(OPENCODE_GO_ALIAS_DEFAULTS)) { models[modelRef] = { @@ -31,6 +34,8 @@ export function applyOpencodeGoProviderConfig(cfg: OpenClawConfig): OpenClawConf } export function applyOpencodeGoConfig(cfg: OpenClawConfig): OpenClawConfig { - const next = applyOpencodeGoProviderConfig(cfg); - return applyAgentDefaultModelPrimary(next, OPENCODE_GO_DEFAULT_MODEL_REF); + return applyAgentDefaultModelPrimary( + applyOpencodeGoProviderConfig(cfg), + OPENCODE_GO_DEFAULT_MODEL_REF, + ); } diff --git a/extensions/opencode/index.ts b/extensions/opencode/index.ts index d00ae301bc5..9649ff6e83b 100644 --- a/extensions/opencode/index.ts +++ b/extensions/opencode/index.ts @@ -1,7 +1,7 @@ -import { emptyPluginConfigSchema, type OpenClawPluginApi } from "openclaw/plugin-sdk/core"; -import { applyOpencodeZenConfig } from "../../src/commands/onboard-auth.config-opencode.js"; -import { OPENCODE_ZEN_DEFAULT_MODEL } from "../../src/commands/opencode-zen-model-default.js"; -import { createProviderApiKeyAuthMethod } from "../../src/plugins/provider-api-key-auth.js"; +import { definePluginEntry } from "openclaw/plugin-sdk/core"; +import { createProviderApiKeyAuthMethod } from "openclaw/plugin-sdk/provider-auth"; +import { OPENCODE_ZEN_DEFAULT_MODEL } from "openclaw/plugin-sdk/provider-models"; +import { applyOpencodeZenConfig } from "./onboard.js"; const PROVIDER_ID = "opencode"; const MINIMAX_PREFIX = "minimax-m2.5"; @@ -14,12 +14,11 @@ function isModernOpencodeModel(modelId: string): boolean { return !lower.startsWith(MINIMAX_PREFIX); } -const opencodePlugin = { +export default definePluginEntry({ id: PROVIDER_ID, name: "OpenCode Zen Provider", description: "Bundled OpenCode Zen provider plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerProvider({ id: PROVIDER_ID, label: "OpenCode Zen", @@ -63,6 +62,4 @@ const opencodePlugin = { isModernModelRef: ({ modelId }) => isModernOpencodeModel(modelId), }); }, -}; - -export default opencodePlugin; +}); diff --git a/src/commands/onboard-auth.config-opencode.ts b/extensions/opencode/onboard.ts similarity index 55% rename from src/commands/onboard-auth.config-opencode.ts rename to extensions/opencode/onboard.ts index c9f1dd4725b..5bccbb34d8a 100644 --- a/src/commands/onboard-auth.config-opencode.ts +++ b/extensions/opencode/onboard.ts @@ -1,9 +1,12 @@ -import { OPENCODE_ZEN_DEFAULT_MODEL_REF } from "../agents/opencode-zen-models.js"; -import type { OpenClawConfig } from "../config/config.js"; -import { applyAgentDefaultModelPrimary } from "./onboard-auth.config-shared.js"; +import { OPENCODE_ZEN_DEFAULT_MODEL_REF } from "openclaw/plugin-sdk/provider-models"; +import { + applyAgentDefaultModelPrimary, + type OpenClawConfig, +} from "openclaw/plugin-sdk/provider-onboard"; + +export { OPENCODE_ZEN_DEFAULT_MODEL_REF }; export function applyOpencodeZenProviderConfig(cfg: OpenClawConfig): OpenClawConfig { - // Use the built-in opencode provider from pi-ai; only seed the allowlist alias. const models = { ...cfg.agents?.defaults?.models }; models[OPENCODE_ZEN_DEFAULT_MODEL_REF] = { ...models[OPENCODE_ZEN_DEFAULT_MODEL_REF], @@ -23,6 +26,8 @@ export function applyOpencodeZenProviderConfig(cfg: OpenClawConfig): OpenClawCon } export function applyOpencodeZenConfig(cfg: OpenClawConfig): OpenClawConfig { - const next = applyOpencodeZenProviderConfig(cfg); - return applyAgentDefaultModelPrimary(next, OPENCODE_ZEN_DEFAULT_MODEL_REF); + return applyAgentDefaultModelPrimary( + applyOpencodeZenProviderConfig(cfg), + OPENCODE_ZEN_DEFAULT_MODEL_REF, + ); } diff --git a/extensions/openrouter/index.ts b/extensions/openrouter/index.ts index ec4afaa873c..3d20250e760 100644 --- a/extensions/openrouter/index.ts +++ b/extensions/openrouter/index.ts @@ -1,26 +1,20 @@ import type { StreamFn } from "@mariozechner/pi-agent-core"; import { - emptyPluginConfigSchema, - type OpenClawPluginApi, + definePluginEntry, type ProviderResolveDynamicModelContext, type ProviderRuntimeModel, } from "openclaw/plugin-sdk/core"; -import { DEFAULT_CONTEXT_TOKENS } from "../../src/agents/defaults.js"; -import { buildOpenrouterProvider } from "../../src/agents/models-config.providers.static.js"; +import { createProviderApiKeyAuthMethod } from "openclaw/plugin-sdk/provider-auth"; +import { DEFAULT_CONTEXT_TOKENS } from "openclaw/plugin-sdk/provider-models"; import { getOpenRouterModelCapabilities, loadOpenRouterModelCapabilities, -} from "../../src/agents/pi-embedded-runner/openrouter-model-capabilities.js"; -import { createOpenRouterSystemCacheWrapper, createOpenRouterWrapper, isProxyReasoningUnsupported, -} from "../../src/agents/pi-embedded-runner/proxy-stream-wrappers.js"; -import { - applyOpenrouterConfig, - OPENROUTER_DEFAULT_MODEL_REF, -} from "../../src/commands/onboard-auth.js"; -import { createProviderApiKeyAuthMethod } from "../../src/plugins/provider-api-key-auth.js"; +} from "openclaw/plugin-sdk/provider-stream"; +import { applyOpenrouterConfig, OPENROUTER_DEFAULT_MODEL_REF } from "./onboard.js"; +import { buildOpenrouterProvider } from "./provider-catalog.js"; const PROVIDER_ID = "openrouter"; const OPENROUTER_BASE_URL = "https://openrouter.ai/api/v1"; @@ -79,12 +73,11 @@ function isOpenRouterCacheTtlModel(modelId: string): boolean { return OPENROUTER_CACHE_TTL_MODEL_PREFIXES.some((prefix) => modelId.startsWith(prefix)); } -const openRouterPlugin = { +export default definePluginEntry({ id: "openrouter", name: "OpenRouter Provider", description: "Bundled OpenRouter provider plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerProvider({ id: PROVIDER_ID, label: "OpenRouter", @@ -156,6 +149,4 @@ const openRouterPlugin = { isCacheTtlEligible: (ctx) => isOpenRouterCacheTtlModel(ctx.modelId), }); }, -}; - -export default openRouterPlugin; +}); diff --git a/extensions/openrouter/onboard.ts b/extensions/openrouter/onboard.ts new file mode 100644 index 00000000000..f5662399192 --- /dev/null +++ b/extensions/openrouter/onboard.ts @@ -0,0 +1,32 @@ +import { + applyAgentDefaultModelPrimary, + type OpenClawConfig, +} from "openclaw/plugin-sdk/provider-onboard"; + +export const OPENROUTER_DEFAULT_MODEL_REF = "openrouter/auto"; + +export function applyOpenrouterProviderConfig(cfg: OpenClawConfig): OpenClawConfig { + const models = { ...cfg.agents?.defaults?.models }; + models[OPENROUTER_DEFAULT_MODEL_REF] = { + ...models[OPENROUTER_DEFAULT_MODEL_REF], + alias: models[OPENROUTER_DEFAULT_MODEL_REF]?.alias ?? "OpenRouter", + }; + + return { + ...cfg, + agents: { + ...cfg.agents, + defaults: { + ...cfg.agents?.defaults, + models, + }, + }, + }; +} + +export function applyOpenrouterConfig(cfg: OpenClawConfig): OpenClawConfig { + return applyAgentDefaultModelPrimary( + applyOpenrouterProviderConfig(cfg), + OPENROUTER_DEFAULT_MODEL_REF, + ); +} diff --git a/extensions/openrouter/provider-catalog.ts b/extensions/openrouter/provider-catalog.ts new file mode 100644 index 00000000000..52be862e34d --- /dev/null +++ b/extensions/openrouter/provider-catalog.ts @@ -0,0 +1,48 @@ +import type { ModelProviderConfig } from "openclaw/plugin-sdk/provider-models"; + +const OPENROUTER_BASE_URL = "https://openrouter.ai/api/v1"; +const OPENROUTER_DEFAULT_MODEL_ID = "auto"; +const OPENROUTER_DEFAULT_CONTEXT_WINDOW = 200000; +const OPENROUTER_DEFAULT_MAX_TOKENS = 8192; +const OPENROUTER_DEFAULT_COST = { + input: 0, + output: 0, + cacheRead: 0, + cacheWrite: 0, +}; + +export function buildOpenrouterProvider(): ModelProviderConfig { + return { + baseUrl: OPENROUTER_BASE_URL, + api: "openai-completions", + models: [ + { + id: OPENROUTER_DEFAULT_MODEL_ID, + name: "OpenRouter Auto", + reasoning: false, + input: ["text", "image"], + cost: OPENROUTER_DEFAULT_COST, + contextWindow: OPENROUTER_DEFAULT_CONTEXT_WINDOW, + maxTokens: OPENROUTER_DEFAULT_MAX_TOKENS, + }, + { + id: "openrouter/hunter-alpha", + name: "Hunter Alpha", + reasoning: true, + input: ["text"], + cost: OPENROUTER_DEFAULT_COST, + contextWindow: 1048576, + maxTokens: 65536, + }, + { + id: "openrouter/healer-alpha", + name: "Healer Alpha", + reasoning: true, + input: ["text", "image"], + cost: OPENROUTER_DEFAULT_COST, + contextWindow: 262144, + maxTokens: 65536, + }, + ], + }; +} diff --git a/extensions/perplexity/index.ts b/extensions/perplexity/index.ts index 513c70d131d..95ae612ed35 100644 --- a/extensions/perplexity/index.ts +++ b/extensions/perplexity/index.ts @@ -1,17 +1,15 @@ +import { definePluginEntry } from "openclaw/plugin-sdk/core"; import { createPluginBackedWebSearchProvider, getScopedCredentialValue, setScopedCredentialValue, -} from "../../src/agents/tools/web-search-plugin-factory.js"; -import { emptyPluginConfigSchema } from "../../src/plugins/config-schema.js"; -import type { OpenClawPluginApi } from "../../src/plugins/types.js"; +} from "openclaw/plugin-sdk/provider-web-search"; -const perplexityPlugin = { +export default definePluginEntry({ id: "perplexity", name: "Perplexity Plugin", description: "Bundled Perplexity plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerWebSearchProvider( createPluginBackedWebSearchProvider({ id: "perplexity", @@ -28,6 +26,4 @@ const perplexityPlugin = { }), ); }, -}; - -export default perplexityPlugin; +}); diff --git a/extensions/phone-control/index.test.ts b/extensions/phone-control/index.test.ts index 1eee0ff9d64..e5fe260463b 100644 --- a/extensions/phone-control/index.test.ts +++ b/extensions/phone-control/index.test.ts @@ -7,7 +7,7 @@ import type { PluginCommandContext, } from "openclaw/plugin-sdk/phone-control"; import { describe, expect, it, vi } from "vitest"; -import { createTestPluginApi } from "../test-utils/plugin-api.js"; +import { createTestPluginApi } from "../../test/helpers/extensions/plugin-api.js"; import registerPhoneControl from "./index.js"; function createApi(params: { @@ -68,7 +68,7 @@ describe("phone-control plugin", () => { }); let command: OpenClawPluginCommandDefinition | undefined; - registerPhoneControl( + registerPhoneControl.register( createApi({ stateDir, getConfig: () => config, diff --git a/extensions/phone-control/index.ts b/extensions/phone-control/index.ts index 7b63b67b10c..88446e4fde7 100644 --- a/extensions/phone-control/index.ts +++ b/extensions/phone-control/index.ts @@ -1,6 +1,10 @@ import fs from "node:fs/promises"; import path from "node:path"; -import type { OpenClawPluginApi, OpenClawPluginService } from "openclaw/plugin-sdk/phone-control"; +import { + definePluginEntry, + type OpenClawPluginApi, + type OpenClawPluginService, +} from "openclaw/plugin-sdk/phone-control"; type ArmGroup = "camera" | "screen" | "writes" | "all"; @@ -283,139 +287,144 @@ function formatStatus(state: ArmStateFile | null): string { return `Phone control: armed (${until}).\nTemporarily allowed: ${cmdLabel}`; } -export default function register(api: OpenClawPluginApi) { - let expiryInterval: ReturnType | null = null; +export default definePluginEntry({ + id: "phone-control", + name: "Phone Control", + description: "Temporary allowlist control for phone automation commands", + register(api: OpenClawPluginApi) { + let expiryInterval: ReturnType | null = null; - const timerService: OpenClawPluginService = { - id: "phone-control-expiry", - start: async (ctx) => { - const statePath = resolveStatePath(ctx.stateDir); - const tick = async () => { - const state = await readArmState(statePath); - if (!state || state.expiresAtMs == null) { - return; - } - if (Date.now() < state.expiresAtMs) { - return; - } - await disarmNow({ - api, - stateDir: ctx.stateDir, - statePath, - reason: "expired", - }); - }; - - // Best effort; don't crash the gateway if state is corrupt. - await tick().catch(() => {}); - - expiryInterval = setInterval(() => { - tick().catch(() => {}); - }, 15_000); - expiryInterval.unref?.(); - - return; - }, - stop: async () => { - if (expiryInterval) { - clearInterval(expiryInterval); - expiryInterval = null; - } - return; - }, - }; - - api.registerService(timerService); - - api.registerCommand({ - name: "phone", - description: "Arm/disarm high-risk phone node commands (camera/screen/writes).", - acceptsArgs: true, - handler: async (ctx) => { - const args = ctx.args?.trim() ?? ""; - const tokens = args.split(/\s+/).filter(Boolean); - const action = tokens[0]?.toLowerCase() ?? ""; - - const stateDir = api.runtime.state.resolveStateDir(); - const statePath = resolveStatePath(stateDir); - - if (!action || action === "help") { - const state = await readArmState(statePath); - return { text: `${formatStatus(state)}\n\n${formatHelp()}` }; - } - - if (action === "status") { - const state = await readArmState(statePath); - return { text: formatStatus(state) }; - } - - if (action === "disarm") { - const res = await disarmNow({ - api, - stateDir, - statePath, - reason: "manual", - }); - if (!res.changed) { - return { text: "Phone control: disarmed." }; - } - const restoredLabel = res.restored.length > 0 ? res.restored.join(", ") : "none"; - const removedLabel = res.removed.length > 0 ? res.removed.join(", ") : "none"; - return { - text: `Phone control: disarmed.\nRemoved allowlist: ${removedLabel}\nRestored denylist: ${restoredLabel}`, - }; - } - - if (action === "arm") { - const group = parseGroup(tokens[1]); - if (!group) { - return { text: `Usage: /phone arm [duration]\nGroups: ${formatGroupList()}` }; - } - const durationMs = parseDurationMs(tokens[2]) ?? 10 * 60_000; - const expiresAtMs = Date.now() + durationMs; - - const commands = resolveCommandsForGroup(group); - const cfg = api.runtime.config.loadConfig(); - const allowSet = new Set(normalizeAllowList(cfg)); - const denySet = new Set(normalizeDenyList(cfg)); - - const addedToAllow: string[] = []; - const removedFromDeny: string[] = []; - for (const cmd of commands) { - if (!allowSet.has(cmd)) { - allowSet.add(cmd); - addedToAllow.push(cmd); + const timerService: OpenClawPluginService = { + id: "phone-control-expiry", + start: async (ctx) => { + const statePath = resolveStatePath(ctx.stateDir); + const tick = async () => { + const state = await readArmState(statePath); + if (!state || state.expiresAtMs == null) { + return; } - if (denySet.delete(cmd)) { - removedFromDeny.push(cmd); + if (Date.now() < state.expiresAtMs) { + return; } - } - const next = patchConfigNodeLists(cfg, { - allowCommands: uniqSorted([...allowSet]), - denyCommands: uniqSorted([...denySet]), - }); - await api.runtime.config.writeConfigFile(next); - - await writeArmState(statePath, { - version: STATE_VERSION, - armedAtMs: Date.now(), - expiresAtMs, - group, - armedCommands: uniqSorted(commands), - addedToAllow: uniqSorted(addedToAllow), - removedFromDeny: uniqSorted(removedFromDeny), - }); - - const allowedLabel = uniqSorted(commands).join(", "); - return { - text: - `Phone control: armed for ${formatDuration(durationMs)}.\n` + - `Temporarily allowed: ${allowedLabel}\n` + - `To disarm early: /phone disarm`, + await disarmNow({ + api, + stateDir: ctx.stateDir, + statePath, + reason: "expired", + }); }; - } - return { text: formatHelp() }; - }, - }); -} + // Best effort; don't crash the gateway if state is corrupt. + await tick().catch(() => {}); + + expiryInterval = setInterval(() => { + tick().catch(() => {}); + }, 15_000); + expiryInterval.unref?.(); + + return; + }, + stop: async () => { + if (expiryInterval) { + clearInterval(expiryInterval); + expiryInterval = null; + } + return; + }, + }; + + api.registerService(timerService); + + api.registerCommand({ + name: "phone", + description: "Arm/disarm high-risk phone node commands (camera/screen/writes).", + acceptsArgs: true, + handler: async (ctx) => { + const args = ctx.args?.trim() ?? ""; + const tokens = args.split(/\s+/).filter(Boolean); + const action = tokens[0]?.toLowerCase() ?? ""; + + const stateDir = api.runtime.state.resolveStateDir(); + const statePath = resolveStatePath(stateDir); + + if (!action || action === "help") { + const state = await readArmState(statePath); + return { text: `${formatStatus(state)}\n\n${formatHelp()}` }; + } + + if (action === "status") { + const state = await readArmState(statePath); + return { text: formatStatus(state) }; + } + + if (action === "disarm") { + const res = await disarmNow({ + api, + stateDir, + statePath, + reason: "manual", + }); + if (!res.changed) { + return { text: "Phone control: disarmed." }; + } + const restoredLabel = res.restored.length > 0 ? res.restored.join(", ") : "none"; + const removedLabel = res.removed.length > 0 ? res.removed.join(", ") : "none"; + return { + text: `Phone control: disarmed.\nRemoved allowlist: ${removedLabel}\nRestored denylist: ${restoredLabel}`, + }; + } + + if (action === "arm") { + const group = parseGroup(tokens[1]); + if (!group) { + return { text: `Usage: /phone arm [duration]\nGroups: ${formatGroupList()}` }; + } + const durationMs = parseDurationMs(tokens[2]) ?? 10 * 60_000; + const expiresAtMs = Date.now() + durationMs; + + const commands = resolveCommandsForGroup(group); + const cfg = api.runtime.config.loadConfig(); + const allowSet = new Set(normalizeAllowList(cfg)); + const denySet = new Set(normalizeDenyList(cfg)); + + const addedToAllow: string[] = []; + const removedFromDeny: string[] = []; + for (const cmd of commands) { + if (!allowSet.has(cmd)) { + allowSet.add(cmd); + addedToAllow.push(cmd); + } + if (denySet.delete(cmd)) { + removedFromDeny.push(cmd); + } + } + const next = patchConfigNodeLists(cfg, { + allowCommands: uniqSorted([...allowSet]), + denyCommands: uniqSorted([...denySet]), + }); + await api.runtime.config.writeConfigFile(next); + + await writeArmState(statePath, { + version: STATE_VERSION, + armedAtMs: Date.now(), + expiresAtMs, + group, + armedCommands: uniqSorted(commands), + addedToAllow: uniqSorted(addedToAllow), + removedFromDeny: uniqSorted(removedFromDeny), + }); + + const allowedLabel = uniqSorted(commands).join(", "); + return { + text: + `Phone control: armed for ${formatDuration(durationMs)}.\n` + + `Temporarily allowed: ${allowedLabel}\n` + + `To disarm early: /phone disarm`, + }; + } + + return { text: formatHelp() }; + }, + }); + }, +}); diff --git a/extensions/qianfan/index.ts b/extensions/qianfan/index.ts index 88b5fee122d..0bb9c7760f6 100644 --- a/extensions/qianfan/index.ts +++ b/extensions/qianfan/index.ts @@ -1,16 +1,16 @@ -import { emptyPluginConfigSchema, type OpenClawPluginApi } from "openclaw/plugin-sdk/core"; -import { buildQianfanProvider } from "../../src/agents/models-config.providers.static.js"; -import { applyQianfanConfig, QIANFAN_DEFAULT_MODEL_REF } from "../../src/commands/onboard-auth.js"; -import { createProviderApiKeyAuthMethod } from "../../src/plugins/provider-api-key-auth.js"; +import { definePluginEntry } from "openclaw/plugin-sdk/core"; +import { createProviderApiKeyAuthMethod } from "openclaw/plugin-sdk/provider-auth"; +import { buildSingleProviderApiKeyCatalog } from "openclaw/plugin-sdk/provider-catalog"; +import { applyQianfanConfig, QIANFAN_DEFAULT_MODEL_REF } from "./onboard.js"; +import { buildQianfanProvider } from "./provider-catalog.js"; const PROVIDER_ID = "qianfan"; -const qianfanPlugin = { +export default definePluginEntry({ id: PROVIDER_ID, name: "Qianfan Provider", description: "Bundled Qianfan provider plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerProvider({ id: PROVIDER_ID, label: "Qianfan", @@ -40,21 +40,13 @@ const qianfanPlugin = { ], catalog: { order: "simple", - run: async (ctx) => { - const apiKey = ctx.resolveProviderApiKey(PROVIDER_ID).apiKey; - if (!apiKey) { - return null; - } - return { - provider: { - ...buildQianfanProvider(), - apiKey, - }, - }; - }, + run: (ctx) => + buildSingleProviderApiKeyCatalog({ + ctx, + providerId: PROVIDER_ID, + buildProvider: buildQianfanProvider, + }), }, }); }, -}; - -export default qianfanPlugin; +}); diff --git a/extensions/qianfan/onboard.ts b/extensions/qianfan/onboard.ts new file mode 100644 index 00000000000..c389868c7d8 --- /dev/null +++ b/extensions/qianfan/onboard.ts @@ -0,0 +1,48 @@ +import { + applyAgentDefaultModelPrimary, + applyProviderConfigWithDefaultModels, + type ModelApi, + type OpenClawConfig, +} from "openclaw/plugin-sdk/provider-onboard"; +import { + buildQianfanProvider, + QIANFAN_BASE_URL, + QIANFAN_DEFAULT_MODEL_ID, +} from "./provider-catalog.js"; + +export const QIANFAN_DEFAULT_MODEL_REF = `qianfan/${QIANFAN_DEFAULT_MODEL_ID}`; + +export function applyQianfanProviderConfig(cfg: OpenClawConfig): OpenClawConfig { + const models = { ...cfg.agents?.defaults?.models }; + models[QIANFAN_DEFAULT_MODEL_REF] = { + ...models[QIANFAN_DEFAULT_MODEL_REF], + alias: models[QIANFAN_DEFAULT_MODEL_REF]?.alias ?? "QIANFAN", + }; + const defaultProvider = buildQianfanProvider(); + const existingProvider = cfg.models?.providers?.qianfan as + | { + baseUrl?: unknown; + api?: unknown; + } + | undefined; + const existingBaseUrl = + typeof existingProvider?.baseUrl === "string" ? existingProvider.baseUrl.trim() : ""; + const resolvedBaseUrl = existingBaseUrl || QIANFAN_BASE_URL; + const resolvedApi = + typeof existingProvider?.api === "string" + ? (existingProvider.api as ModelApi) + : "openai-completions"; + + return applyProviderConfigWithDefaultModels(cfg, { + agentModels: models, + providerId: "qianfan", + api: resolvedApi, + baseUrl: resolvedBaseUrl, + defaultModels: defaultProvider.models ?? [], + defaultModelId: QIANFAN_DEFAULT_MODEL_ID, + }); +} + +export function applyQianfanConfig(cfg: OpenClawConfig): OpenClawConfig { + return applyAgentDefaultModelPrimary(applyQianfanProviderConfig(cfg), QIANFAN_DEFAULT_MODEL_REF); +} diff --git a/extensions/qianfan/provider-catalog.ts b/extensions/qianfan/provider-catalog.ts new file mode 100644 index 00000000000..c8aee208a8e --- /dev/null +++ b/extensions/qianfan/provider-catalog.ts @@ -0,0 +1,39 @@ +import type { ModelProviderConfig } from "openclaw/plugin-sdk/provider-models"; + +export const QIANFAN_BASE_URL = "https://qianfan.baidubce.com/v2"; +export const QIANFAN_DEFAULT_MODEL_ID = "deepseek-v3.2"; +const QIANFAN_DEFAULT_CONTEXT_WINDOW = 98304; +const QIANFAN_DEFAULT_MAX_TOKENS = 32768; +const QIANFAN_DEFAULT_COST = { + input: 0, + output: 0, + cacheRead: 0, + cacheWrite: 0, +}; + +export function buildQianfanProvider(): ModelProviderConfig { + return { + baseUrl: QIANFAN_BASE_URL, + api: "openai-completions", + models: [ + { + id: QIANFAN_DEFAULT_MODEL_ID, + name: "DEEPSEEK V3.2", + reasoning: true, + input: ["text"], + cost: QIANFAN_DEFAULT_COST, + contextWindow: QIANFAN_DEFAULT_CONTEXT_WINDOW, + maxTokens: QIANFAN_DEFAULT_MAX_TOKENS, + }, + { + id: "ernie-5.0-thinking-preview", + name: "ERNIE-5.0-Thinking-Preview", + reasoning: true, + input: ["text", "image"], + cost: QIANFAN_DEFAULT_COST, + contextWindow: 119000, + maxTokens: 64000, + }, + ], + }; +} diff --git a/extensions/qwen-portal-auth/index.ts b/extensions/qwen-portal-auth/index.ts index 774b1329acf..377a4a598af 100644 --- a/extensions/qwen-portal-auth/index.ts +++ b/extensions/qwen-portal-auth/index.ts @@ -1,21 +1,19 @@ +import { ensureAuthProfileStore, listProfilesForProvider } from "openclaw/plugin-sdk/agent-runtime"; +import { QWEN_OAUTH_MARKER } from "openclaw/plugin-sdk/agent-runtime"; import { buildOauthProviderAuthResult, - emptyPluginConfigSchema, - type OpenClawPluginApi, + definePluginEntry, type ProviderAuthContext, type ProviderCatalogContext, } from "openclaw/plugin-sdk/qwen-portal-auth"; -import { ensureAuthProfileStore, listProfilesForProvider } from "../../src/agents/auth-profiles.js"; -import { QWEN_OAUTH_MARKER } from "../../src/agents/model-auth-markers.js"; -import { refreshQwenPortalCredentials } from "../../src/providers/qwen-portal-oauth.js"; +import { refreshQwenPortalCredentials } from "openclaw/plugin-sdk/qwen-portal-auth"; import { loginQwenPortalOAuth } from "./oauth.js"; +import { buildQwenPortalProvider, QWEN_PORTAL_BASE_URL } from "./provider-catalog.js"; const PROVIDER_ID = "qwen-portal"; const PROVIDER_LABEL = "Qwen"; const DEFAULT_MODEL = "qwen-portal/coder-model"; -const DEFAULT_BASE_URL = "https://portal.qwen.ai/v1"; -const DEFAULT_CONTEXT_WINDOW = 128000; -const DEFAULT_MAX_TOKENS = 8192; +const DEFAULT_BASE_URL = QWEN_PORTAL_BASE_URL; function normalizeBaseUrl(value: string | undefined): string { const raw = value?.trim() || DEFAULT_BASE_URL; @@ -23,39 +21,11 @@ function normalizeBaseUrl(value: string | undefined): string { return withProtocol.endsWith("/v1") ? withProtocol : `${withProtocol.replace(/\/+$/, "")}/v1`; } -function buildModelDefinition(params: { - id: string; - name: string; - input: Array<"text" | "image">; -}) { - return { - id: params.id, - name: params.name, - reasoning: false, - input: params.input, - cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 }, - contextWindow: DEFAULT_CONTEXT_WINDOW, - maxTokens: DEFAULT_MAX_TOKENS, - }; -} - function buildProviderCatalog(params: { baseUrl: string; apiKey: string }) { return { + ...buildQwenPortalProvider(), baseUrl: params.baseUrl, apiKey: params.apiKey, - api: "openai-completions" as const, - models: [ - buildModelDefinition({ - id: "coder-model", - name: "Qwen Coder", - input: ["text"], - }), - buildModelDefinition({ - id: "vision-model", - name: "Qwen Vision", - input: ["text", "image"], - }), - ], }; } @@ -84,12 +54,11 @@ function resolveCatalog(ctx: ProviderCatalogContext) { }; } -const qwenPortalPlugin = { +export default definePluginEntry({ id: "qwen-portal-auth", name: "Qwen OAuth", description: "OAuth flow for Qwen (free-tier) models", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerProvider({ id: PROVIDER_ID, label: PROVIDER_LABEL, @@ -175,6 +144,4 @@ const qwenPortalPlugin = { }), }); }, -}; - -export default qwenPortalPlugin; +}); diff --git a/extensions/qwen-portal-auth/provider-catalog.ts b/extensions/qwen-portal-auth/provider-catalog.ts new file mode 100644 index 00000000000..f8d350fc2da --- /dev/null +++ b/extensions/qwen-portal-auth/provider-catalog.ts @@ -0,0 +1,49 @@ +import type { + ModelDefinitionConfig, + ModelProviderConfig, +} from "openclaw/plugin-sdk/provider-models"; + +export const QWEN_PORTAL_BASE_URL = "https://portal.qwen.ai/v1"; +const QWEN_PORTAL_DEFAULT_CONTEXT_WINDOW = 128000; +const QWEN_PORTAL_DEFAULT_MAX_TOKENS = 8192; +const QWEN_PORTAL_DEFAULT_COST = { + input: 0, + output: 0, + cacheRead: 0, + cacheWrite: 0, +}; + +function buildModelDefinition(params: { + id: string; + name: string; + input: ModelDefinitionConfig["input"]; +}): ModelDefinitionConfig { + return { + id: params.id, + name: params.name, + reasoning: false, + input: params.input, + cost: QWEN_PORTAL_DEFAULT_COST, + contextWindow: QWEN_PORTAL_DEFAULT_CONTEXT_WINDOW, + maxTokens: QWEN_PORTAL_DEFAULT_MAX_TOKENS, + }; +} + +export function buildQwenPortalProvider(): ModelProviderConfig { + return { + baseUrl: QWEN_PORTAL_BASE_URL, + api: "openai-completions", + models: [ + buildModelDefinition({ + id: "coder-model", + name: "Qwen Coder", + input: ["text"], + }), + buildModelDefinition({ + id: "vision-model", + name: "Qwen Vision", + input: ["text", "image"], + }), + ], + }; +} diff --git a/extensions/sglang/index.ts b/extensions/sglang/index.ts index fc7522ef15b..eb6b302ee01 100644 --- a/extensions/sglang/index.ts +++ b/extensions/sglang/index.ts @@ -1,14 +1,14 @@ -import { - emptyPluginConfigSchema, - type OpenClawPluginApi, - type ProviderAuthMethodNonInteractiveContext, -} from "openclaw/plugin-sdk/core"; import { SGLANG_DEFAULT_API_KEY_ENV_VAR, SGLANG_DEFAULT_BASE_URL, SGLANG_MODEL_PLACEHOLDER, SGLANG_PROVIDER_LABEL, -} from "../../src/agents/sglang-defaults.js"; +} from "openclaw/plugin-sdk/agent-runtime"; +import { + definePluginEntry, + type OpenClawPluginApi, + type ProviderAuthMethodNonInteractiveContext, +} from "openclaw/plugin-sdk/core"; const PROVIDER_ID = "sglang"; @@ -16,11 +16,10 @@ async function loadProviderSetup() { return await import("openclaw/plugin-sdk/self-hosted-provider-setup"); } -const sglangPlugin = { +export default definePluginEntry({ id: "sglang", name: "SGLang Provider", description: "Bundled SGLang provider plugin", - configSchema: emptyPluginConfigSchema(), register(api: OpenClawPluginApi) { api.registerProvider({ id: PROVIDER_ID, @@ -87,6 +86,4 @@ const sglangPlugin = { }, }); }, -}; - -export default sglangPlugin; +}); diff --git a/extensions/shared/passive-monitor.ts b/extensions/shared/passive-monitor.ts index 0be48afd014..435f934b123 100644 --- a/extensions/shared/passive-monitor.ts +++ b/extensions/shared/passive-monitor.ts @@ -1,4 +1,4 @@ -import { runPassiveAccountLifecycle } from "openclaw/plugin-sdk/core"; +import { runPassiveAccountLifecycle } from "openclaw/plugin-sdk/channel-runtime"; type StoppableMonitor = { stop: () => void; diff --git a/extensions/shared/runtime.ts b/extensions/shared/runtime.ts index 2a75360aa20..a534fc57d4b 100644 --- a/extensions/shared/runtime.ts +++ b/extensions/shared/runtime.ts @@ -1,4 +1,4 @@ -import { createLoggerBackedRuntime } from "openclaw/plugin-sdk/core"; +import { createLoggerBackedRuntime } from "openclaw/plugin-sdk/runtime"; export function resolveLoggerBackedRuntime( runtime: TRuntime | undefined, diff --git a/extensions/signal/api.ts b/extensions/signal/api.ts new file mode 100644 index 00000000000..feaaa1c5835 --- /dev/null +++ b/extensions/signal/api.ts @@ -0,0 +1 @@ +export * from "./src/accounts.js"; diff --git a/extensions/signal/index.ts b/extensions/signal/index.ts index 0a686851120..f18a7041b53 100644 --- a/extensions/signal/index.ts +++ b/extensions/signal/index.ts @@ -1,17 +1,14 @@ -import type { OpenClawPluginApi } from "openclaw/plugin-sdk/core"; -import { emptyPluginConfigSchema } from "openclaw/plugin-sdk/core"; +import { defineChannelPluginEntry } from "openclaw/plugin-sdk/core"; import { signalPlugin } from "./src/channel.js"; import { setSignalRuntime } from "./src/runtime.js"; -const plugin = { +export { signalPlugin } from "./src/channel.js"; +export { setSignalRuntime } from "./src/runtime.js"; + +export default defineChannelPluginEntry({ id: "signal", name: "Signal", description: "Signal channel plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { - setSignalRuntime(api.runtime); - api.registerChannel({ plugin: signalPlugin }); - }, -}; - -export default plugin; + plugin: signalPlugin, + setRuntime: setSignalRuntime, +}); diff --git a/extensions/signal/runtime-api.ts b/extensions/signal/runtime-api.ts new file mode 100644 index 00000000000..e258df15c9c --- /dev/null +++ b/extensions/signal/runtime-api.ts @@ -0,0 +1 @@ +export * from "./src/index.js"; diff --git a/extensions/signal/setup-entry.ts b/extensions/signal/setup-entry.ts index 18c27ec5a16..11930cbba37 100644 --- a/extensions/signal/setup-entry.ts +++ b/extensions/signal/setup-entry.ts @@ -1,3 +1,6 @@ +import { defineSetupPluginEntry } from "openclaw/plugin-sdk/core"; import { signalSetupPlugin } from "./src/channel.setup.js"; -export default { plugin: signalSetupPlugin }; +export { signalSetupPlugin } from "./src/channel.setup.js"; + +export default defineSetupPluginEntry(signalSetupPlugin); diff --git a/extensions/signal/src/accounts.ts b/extensions/signal/src/accounts.ts index 38316955edd..456db907685 100644 --- a/extensions/signal/src/accounts.ts +++ b/extensions/signal/src/accounts.ts @@ -1,7 +1,10 @@ -import { normalizeAccountId, type SignalAccountConfig } from "openclaw/plugin-sdk/signal"; -import { createAccountListHelpers } from "../../../src/channels/plugins/account-helpers.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { resolveAccountEntry } from "../../../src/routing/account-lookup.js"; +import { + createAccountListHelpers, + normalizeAccountId, + resolveAccountEntry, + type OpenClawConfig, +} from "openclaw/plugin-sdk/account-resolution"; +import type { SignalAccountConfig } from "openclaw/plugin-sdk/signal"; export type ResolvedSignalAccount = { accountId: string; diff --git a/extensions/signal/src/channel.runtime.ts b/extensions/signal/src/channel.runtime.ts index 0403246478f..de908d212b7 100644 --- a/extensions/signal/src/channel.runtime.ts +++ b/extensions/signal/src/channel.runtime.ts @@ -1 +1,5 @@ -export { signalSetupWizard } from "./setup-surface.js"; +import { signalSetupWizard as signalSetupWizardImpl } from "./setup-surface.js"; + +type SignalSetupWizard = typeof import("./setup-surface.js").signalSetupWizard; + +export const signalSetupWizard: SignalSetupWizard = { ...signalSetupWizardImpl }; diff --git a/extensions/signal/src/channel.setup.ts b/extensions/signal/src/channel.setup.ts index 88a7035c199..752fcfcc241 100644 --- a/extensions/signal/src/channel.setup.ts +++ b/extensions/signal/src/channel.setup.ts @@ -1,114 +1,16 @@ -import { - createScopedAccountConfigAccessors, - buildAccountScopedDmSecurityPolicy, - collectAllowlistProviderRestrictSendersWarnings, -} from "openclaw/plugin-sdk/compat"; import { buildChannelConfigSchema, - DEFAULT_ACCOUNT_ID, - deleteAccountFromConfigSection, - getChatChannelMeta, - normalizeE164, - setAccountEnabledInConfigSection, SignalConfigSchema, type ChannelPlugin, } from "openclaw/plugin-sdk/signal"; -import { - listSignalAccountIds, - resolveDefaultSignalAccountId, - resolveSignalAccount, - type ResolvedSignalAccount, -} from "./accounts.js"; -import { createSignalSetupWizardProxy, signalSetupAdapter } from "./setup-core.js"; - -async function loadSignalChannelRuntime() { - return await import("./channel.runtime.js"); -} - -const signalSetupWizard = createSignalSetupWizardProxy(async () => ({ - signalSetupWizard: (await loadSignalChannelRuntime()).signalSetupWizard, -})); - -const signalConfigAccessors = createScopedAccountConfigAccessors({ - resolveAccount: ({ cfg, accountId }) => resolveSignalAccount({ cfg, accountId }), - resolveAllowFrom: (account: ResolvedSignalAccount) => account.config.allowFrom, - formatAllowFrom: (allowFrom) => - allowFrom - .map((entry) => String(entry).trim()) - .filter(Boolean) - .map((entry) => (entry === "*" ? "*" : normalizeE164(entry.replace(/^signal:/i, "")))) - .filter(Boolean), - resolveDefaultTo: (account: ResolvedSignalAccount) => account.config.defaultTo, -}); +import { type ResolvedSignalAccount } from "./accounts.js"; +import { signalSetupAdapter } from "./setup-core.js"; +import { createSignalPluginBase, signalSetupWizard } from "./shared.js"; export const signalSetupPlugin: ChannelPlugin = { - id: "signal", - meta: { - ...getChatChannelMeta("signal"), - }, - setupWizard: signalSetupWizard, - capabilities: { - chatTypes: ["direct", "group"], - media: true, - reactions: true, - }, - streaming: { - blockStreamingCoalesceDefaults: { minChars: 1500, idleMs: 1000 }, - }, - reload: { configPrefixes: ["channels.signal"] }, - configSchema: buildChannelConfigSchema(SignalConfigSchema), - config: { - listAccountIds: (cfg) => listSignalAccountIds(cfg), - resolveAccount: (cfg, accountId) => resolveSignalAccount({ cfg, accountId }), - defaultAccountId: (cfg) => resolveDefaultSignalAccountId(cfg), - setAccountEnabled: ({ cfg, accountId, enabled }) => - setAccountEnabledInConfigSection({ - cfg, - sectionKey: "signal", - accountId, - enabled, - allowTopLevel: true, - }), - deleteAccount: ({ cfg, accountId }) => - deleteAccountFromConfigSection({ - cfg, - sectionKey: "signal", - accountId, - clearBaseFields: ["account", "httpUrl", "httpHost", "httpPort", "cliPath", "name"], - }), - isConfigured: (account) => account.configured, - describeAccount: (account) => ({ - accountId: account.accountId, - name: account.name, - enabled: account.enabled, - configured: account.configured, - baseUrl: account.baseUrl, - }), - ...signalConfigAccessors, - }, - security: { - resolveDmPolicy: ({ cfg, accountId, account }) => - buildAccountScopedDmSecurityPolicy({ - cfg, - channelKey: "signal", - accountId, - fallbackAccountId: account.accountId ?? DEFAULT_ACCOUNT_ID, - policy: account.config.dmPolicy, - allowFrom: account.config.allowFrom ?? [], - policyPathSuffix: "dmPolicy", - normalizeEntry: (raw) => normalizeE164(raw.replace(/^signal:/i, "").trim()), - }), - collectWarnings: ({ account, cfg }) => - collectAllowlistProviderRestrictSendersWarnings({ - cfg, - providerConfigPresent: cfg.channels?.signal !== undefined, - configuredGroupPolicy: account.config.groupPolicy, - surface: "Signal groups", - openScope: "any member", - groupPolicyPath: "channels.signal.groupPolicy", - groupAllowFromPath: "channels.signal.groupAllowFrom", - mentionGated: false, - }), - }, - setup: signalSetupAdapter, + ...createSignalPluginBase({ + configSchema: buildChannelConfigSchema(SignalConfigSchema), + setupWizard: signalSetupWizard, + setup: signalSetupAdapter, + }), }; diff --git a/extensions/signal/src/channel.ts b/extensions/signal/src/channel.ts index e1675a019d1..0a58c29bfe7 100644 --- a/extensions/signal/src/channel.ts +++ b/extensions/signal/src/channel.ts @@ -1,10 +1,13 @@ +import { buildAccountScopedAllowlistConfigEditor } from "openclaw/plugin-sdk/allowlist-config-edit"; import { - buildAccountScopedAllowlistConfigEditor, buildAccountScopedDmSecurityPolicy, - createScopedAccountConfigAccessors, collectAllowlistProviderRestrictSendersWarnings, -} from "openclaw/plugin-sdk/compat"; -import { buildAgentSessionKey, type RoutePeer } from "openclaw/plugin-sdk/core"; +} from "openclaw/plugin-sdk/channel-config-helpers"; +import { resolveOutboundSendDep } from "openclaw/plugin-sdk/channel-runtime"; +import { resolveMarkdownTableMode } from "openclaw/plugin-sdk/config-runtime"; +import { buildOutboundBaseSessionKey } from "openclaw/plugin-sdk/core"; +import { resolveTextChunkLimit } from "openclaw/plugin-sdk/reply-runtime"; +import { type RoutePeer } from "openclaw/plugin-sdk/routing"; import { buildBaseAccountStatusSnapshot, buildBaseChannelStatusSummary, @@ -12,27 +15,16 @@ import { collectStatusIssuesFromLastError, createDefaultChannelRuntimeState, DEFAULT_ACCOUNT_ID, - deleteAccountFromConfigSection, - getChatChannelMeta, looksLikeSignalTargetId, normalizeE164, normalizeSignalMessagingTarget, PAIRING_APPROVED_MESSAGE, resolveChannelMediaMaxBytes, - setAccountEnabledInConfigSection, SignalConfigSchema, type ChannelMessageActionAdapter, type ChannelPlugin, } from "openclaw/plugin-sdk/signal"; -import { resolveTextChunkLimit } from "../../../src/auto-reply/chunk.js"; -import { resolveMarkdownTableMode } from "../../../src/config/markdown-tables.js"; -import { resolveOutboundSendDep } from "../../../src/infra/outbound/send-deps.js"; -import { - listSignalAccountIds, - resolveDefaultSignalAccountId, - resolveSignalAccount, - type ResolvedSignalAccount, -} from "./accounts.js"; +import { resolveSignalAccount, type ResolvedSignalAccount } from "./accounts.js"; import { markdownToSignalTextChunks } from "./format.js"; import { looksLikeUuid, @@ -42,15 +34,8 @@ import { } from "./identity.js"; import type { SignalProbe } from "./probe.js"; import { getSignalRuntime } from "./runtime.js"; -import { createSignalSetupWizardProxy, signalSetupAdapter } from "./setup-core.js"; - -async function loadSignalChannelRuntime() { - return await import("./channel.runtime.js"); -} - -const signalSetupWizard = createSignalSetupWizardProxy(async () => ({ - signalSetupWizard: (await loadSignalChannelRuntime()).signalSetupWizard, -})); +import { signalSetupAdapter } from "./setup-core.js"; +import { createSignalPluginBase, signalConfigAccessors, signalSetupWizard } from "./shared.js"; const signalMessageActions: ChannelMessageActionAdapter = { listActions: (ctx) => getSignalRuntime().channel.signal.messageActions?.listActions?.(ctx) ?? [], @@ -65,18 +50,6 @@ const signalMessageActions: ChannelMessageActionAdapter = { }, }; -const signalConfigAccessors = createScopedAccountConfigAccessors({ - resolveAccount: ({ cfg, accountId }) => resolveSignalAccount({ cfg, accountId }), - resolveAllowFrom: (account: ResolvedSignalAccount) => account.config.allowFrom, - formatAllowFrom: (allowFrom) => - allowFrom - .map((entry) => String(entry).trim()) - .filter(Boolean) - .map((entry) => (entry === "*" ? "*" : normalizeE164(entry.replace(/^signal:/i, "")))) - .filter(Boolean), - resolveDefaultTo: (account: ResolvedSignalAccount) => account.config.defaultTo, -}); - type SignalSendFn = ReturnType["channel"]["signal"]["sendMessageSignal"]; function resolveSignalSendContext(params: { @@ -153,14 +126,7 @@ function buildSignalBaseSessionKey(params: { accountId?: string | null; peer: RoutePeer; }) { - return buildAgentSessionKey({ - agentId: params.agentId, - channel: "signal", - accountId: params.accountId, - peer: params.peer, - dmScope: params.cfg.session?.dmScope ?? "main", - identityLinks: params.cfg.session?.identityLinks, - }); + return buildOutboundBaseSessionKey({ ...params, channel: "signal" }); } function resolveSignalOutboundSessionRoute(params: { @@ -312,11 +278,11 @@ async function sendFormattedSignalMedia(ctx: { } export const signalPlugin: ChannelPlugin = { - id: "signal", - meta: { - ...getChatChannelMeta("signal"), - }, - setupWizard: signalSetupWizard, + ...createSignalPluginBase({ + configSchema: buildChannelConfigSchema(SignalConfigSchema), + setupWizard: signalSetupWizard, + setup: signalSetupAdapter, + }), pairing: { idLabel: "signalNumber", normalizeAllowEntry: (entry) => entry.replace(/^signal:/i, ""), @@ -324,46 +290,7 @@ export const signalPlugin: ChannelPlugin = { await getSignalRuntime().channel.signal.sendMessageSignal(id, PAIRING_APPROVED_MESSAGE); }, }, - capabilities: { - chatTypes: ["direct", "group"], - media: true, - reactions: true, - }, actions: signalMessageActions, - streaming: { - blockStreamingCoalesceDefaults: { minChars: 1500, idleMs: 1000 }, - }, - reload: { configPrefixes: ["channels.signal"] }, - configSchema: buildChannelConfigSchema(SignalConfigSchema), - config: { - listAccountIds: (cfg) => listSignalAccountIds(cfg), - resolveAccount: (cfg, accountId) => resolveSignalAccount({ cfg, accountId }), - defaultAccountId: (cfg) => resolveDefaultSignalAccountId(cfg), - setAccountEnabled: ({ cfg, accountId, enabled }) => - setAccountEnabledInConfigSection({ - cfg, - sectionKey: "signal", - accountId, - enabled, - allowTopLevel: true, - }), - deleteAccount: ({ cfg, accountId }) => - deleteAccountFromConfigSection({ - cfg, - sectionKey: "signal", - accountId, - clearBaseFields: ["account", "httpUrl", "httpHost", "httpPort", "cliPath", "name"], - }), - isConfigured: (account) => account.configured, - describeAccount: (account) => ({ - accountId: account.accountId, - name: account.name, - enabled: account.enabled, - configured: account.configured, - baseUrl: account.baseUrl, - }), - ...signalConfigAccessors, - }, allowlist: { supportsScope: ({ scope }) => scope === "dm" || scope === "group" || scope === "all", readConfig: ({ cfg, accountId }) => { diff --git a/extensions/signal/src/client.ts b/extensions/signal/src/client.ts index 394aec4e297..4a6d63bd685 100644 --- a/extensions/signal/src/client.ts +++ b/extensions/signal/src/client.ts @@ -1,6 +1,6 @@ -import { resolveFetch } from "../../../src/infra/fetch.js"; -import { generateSecureUuid } from "../../../src/infra/secure-random.js"; -import { fetchWithTimeout } from "../../../src/utils/fetch-timeout.js"; +import { resolveFetch } from "openclaw/plugin-sdk/infra-runtime"; +import { generateSecureUuid } from "openclaw/plugin-sdk/infra-runtime"; +import { fetchWithTimeout } from "openclaw/plugin-sdk/text-runtime"; export type SignalRpcOptions = { baseUrl: string; diff --git a/extensions/signal/src/daemon.ts b/extensions/signal/src/daemon.ts index d53597a296b..028b9fbe964 100644 --- a/extensions/signal/src/daemon.ts +++ b/extensions/signal/src/daemon.ts @@ -1,5 +1,5 @@ import { spawn } from "node:child_process"; -import type { RuntimeEnv } from "../../../src/runtime.js"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; export type SignalDaemonOpts = { cliPath: string; diff --git a/extensions/signal/src/format.ts b/extensions/signal/src/format.ts index 2180693293e..73574832df8 100644 --- a/extensions/signal/src/format.ts +++ b/extensions/signal/src/format.ts @@ -1,10 +1,10 @@ -import type { MarkdownTableMode } from "../../../src/config/types.base.js"; +import type { MarkdownTableMode } from "openclaw/plugin-sdk/config-runtime"; import { chunkMarkdownIR, markdownToIR, type MarkdownIR, type MarkdownStyle, -} from "../../../src/markdown/ir.js"; +} from "openclaw/plugin-sdk/text-runtime"; type SignalTextStyle = "BOLD" | "ITALIC" | "STRIKETHROUGH" | "MONOSPACE" | "SPOILER"; diff --git a/extensions/signal/src/identity.ts b/extensions/signal/src/identity.ts index c39b0dd5eaa..dbd86ca1584 100644 --- a/extensions/signal/src/identity.ts +++ b/extensions/signal/src/identity.ts @@ -1,5 +1,5 @@ -import { evaluateSenderGroupAccessForPolicy } from "../../../src/plugin-sdk/group-access.js"; -import { normalizeE164 } from "../../../src/utils.js"; +import { evaluateSenderGroupAccessForPolicy } from "openclaw/plugin-sdk/group-access"; +import { normalizeE164 } from "openclaw/plugin-sdk/text-runtime"; export type SignalSender = | { kind: "phone"; raw: string; e164: string } diff --git a/extensions/signal/src/monitor.tool-result.test-harness.ts b/extensions/signal/src/monitor.tool-result.test-harness.ts index 252e039b0fb..bcca049f4d7 100644 --- a/extensions/signal/src/monitor.tool-result.test-harness.ts +++ b/extensions/signal/src/monitor.tool-result.test-harness.ts @@ -1,7 +1,7 @@ +import { resetSystemEventsForTest } from "openclaw/plugin-sdk/infra-runtime"; +import { resetInboundDedupe } from "openclaw/plugin-sdk/reply-runtime"; +import type { MockFn } from "openclaw/plugin-sdk/testing"; import { beforeEach, vi } from "vitest"; -import { resetInboundDedupe } from "../../../src/auto-reply/reply/inbound-dedupe.js"; -import { resetSystemEventsForTest } from "../../../src/infra/system-events.js"; -import type { MockFn } from "../../../src/test-utils/vitest-mock-fn.js"; import type { SignalDaemonExitEvent, SignalDaemonHandle } from "./daemon.js"; type SignalToolResultTestMocks = { @@ -68,15 +68,15 @@ export function createMockSignalDaemonHandle( }; } -vi.mock("../../../src/config/config.js", async (importOriginal) => { - const actual = await importOriginal(); +vi.mock("openclaw/plugin-sdk/config-runtime", async (importOriginal) => { + const actual = await importOriginal(); return { ...actual, loadConfig: () => config, }; }); -vi.mock("../../../src/auto-reply/reply.js", () => ({ +vi.mock("openclaw/plugin-sdk/reply-runtime", () => ({ getReplyFromConfig: (...args: unknown[]) => replyMock(...args), })); @@ -86,13 +86,13 @@ vi.mock("./send.js", () => ({ sendReadReceiptSignal: vi.fn().mockResolvedValue(true), })); -vi.mock("../../../src/pairing/pairing-store.js", () => ({ +vi.mock("openclaw/plugin-sdk/conversation-runtime", () => ({ readChannelAllowFromStore: (...args: unknown[]) => readAllowFromStoreMock(...args), upsertChannelPairingRequest: (...args: unknown[]) => upsertPairingRequestMock(...args), })); -vi.mock("../../../src/config/sessions.js", async (importOriginal) => { - const actual = await importOriginal(); +vi.mock("openclaw/plugin-sdk/config-runtime", async (importOriginal) => { + const actual = await importOriginal(); return { ...actual, resolveStorePath: vi.fn(() => "/tmp/openclaw-sessions.json"), @@ -116,7 +116,7 @@ vi.mock("./daemon.js", async (importOriginal) => { }; }); -vi.mock("../../../src/infra/transport-ready.js", () => ({ +vi.mock("openclaw/plugin-sdk/infra-runtime", () => ({ waitForTransportReady: (...args: unknown[]) => waitForTransportReadyMock(...args), })); diff --git a/extensions/signal/src/monitor.ts b/extensions/signal/src/monitor.ts index 3febfe740d4..02fd94ff8b8 100644 --- a/extensions/signal/src/monitor.ts +++ b/extensions/signal/src/monitor.ts @@ -1,27 +1,24 @@ -import { - chunkTextWithMode, - resolveChunkMode, - resolveTextChunkLimit, -} from "../../../src/auto-reply/chunk.js"; -import { - DEFAULT_GROUP_HISTORY_LIMIT, - type HistoryEntry, -} from "../../../src/auto-reply/reply/history.js"; -import type { ReplyPayload } from "../../../src/auto-reply/types.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { loadConfig } from "../../../src/config/config.js"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { loadConfig } from "openclaw/plugin-sdk/config-runtime"; import { resolveAllowlistProviderRuntimeGroupPolicy, resolveDefaultGroupPolicy, warnMissingProviderGroupPolicyFallbackOnce, -} from "../../../src/config/runtime-group-policy.js"; -import type { SignalReactionNotificationMode } from "../../../src/config/types.js"; -import type { BackoffPolicy } from "../../../src/infra/backoff.js"; -import { waitForTransportReady } from "../../../src/infra/transport-ready.js"; -import { saveMediaBuffer } from "../../../src/media/store.js"; -import { createNonExitingRuntime, type RuntimeEnv } from "../../../src/runtime.js"; -import { normalizeStringEntries } from "../../../src/shared/string-normalization.js"; -import { normalizeE164 } from "../../../src/utils.js"; +} from "openclaw/plugin-sdk/config-runtime"; +import type { SignalReactionNotificationMode } from "openclaw/plugin-sdk/config-runtime"; +import type { BackoffPolicy } from "openclaw/plugin-sdk/infra-runtime"; +import { waitForTransportReady } from "openclaw/plugin-sdk/infra-runtime"; +import { saveMediaBuffer } from "openclaw/plugin-sdk/media-runtime"; +import { + chunkTextWithMode, + resolveChunkMode, + resolveTextChunkLimit, +} from "openclaw/plugin-sdk/reply-runtime"; +import { DEFAULT_GROUP_HISTORY_LIMIT, type HistoryEntry } from "openclaw/plugin-sdk/reply-runtime"; +import type { ReplyPayload } from "openclaw/plugin-sdk/reply-runtime"; +import { createNonExitingRuntime, type RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; +import { normalizeStringEntries } from "openclaw/plugin-sdk/text-runtime"; +import { normalizeE164 } from "openclaw/plugin-sdk/text-runtime"; import { resolveSignalAccount } from "./accounts.js"; import { signalCheck, signalRpcRequest } from "./client.js"; import { formatSignalDaemonExit, spawnSignalDaemon, type SignalDaemonHandle } from "./daemon.js"; diff --git a/extensions/signal/src/monitor/access-policy.ts b/extensions/signal/src/monitor/access-policy.ts index 72555186031..de083efd9fd 100644 --- a/extensions/signal/src/monitor/access-policy.ts +++ b/extensions/signal/src/monitor/access-policy.ts @@ -1,9 +1,9 @@ -import { issuePairingChallenge } from "../../../../src/pairing/pairing-challenge.js"; -import { upsertChannelPairingRequest } from "../../../../src/pairing/pairing-store.js"; +import { issuePairingChallenge } from "openclaw/plugin-sdk/conversation-runtime"; +import { upsertChannelPairingRequest } from "openclaw/plugin-sdk/conversation-runtime"; import { readStoreAllowFromForDmPolicy, resolveDmGroupAccessWithLists, -} from "../../../../src/security/dm-policy-shared.js"; +} from "openclaw/plugin-sdk/security-runtime"; import { isSignalSenderAllowed, type SignalSender } from "../identity.js"; type SignalDmPolicy = "open" | "pairing" | "allowlist" | "disabled"; diff --git a/extensions/signal/src/monitor/event-handler.inbound-contract.test.ts b/extensions/signal/src/monitor/event-handler.inbound-context.test.ts similarity index 99% rename from extensions/signal/src/monitor/event-handler.inbound-contract.test.ts rename to extensions/signal/src/monitor/event-handler.inbound-context.test.ts index 9a6cfc0e90e..3aafda7fe3d 100644 --- a/extensions/signal/src/monitor/event-handler.inbound-contract.test.ts +++ b/extensions/signal/src/monitor/event-handler.inbound-context.test.ts @@ -49,7 +49,7 @@ vi.mock("../../../../src/pairing/pairing-store.js", () => ({ upsertChannelPairingRequest: vi.fn(), })); -describe("signal createSignalEventHandler inbound contract", () => { +describe("signal createSignalEventHandler inbound context", () => { beforeEach(() => { capture.ctx = undefined; sendTypingMock.mockReset().mockResolvedValue(true); diff --git a/extensions/signal/src/monitor/event-handler.mention-gating.test.ts b/extensions/signal/src/monitor/event-handler.mention-gating.test.ts index 05836c43975..ffcdb5baba6 100644 --- a/extensions/signal/src/monitor/event-handler.mention-gating.test.ts +++ b/extensions/signal/src/monitor/event-handler.mention-gating.test.ts @@ -1,7 +1,7 @@ import { describe, expect, it, vi } from "vitest"; import type { MsgContext } from "../../../../src/auto-reply/templating.js"; +import { buildDispatchInboundCaptureMock } from "../../../../src/channels/plugins/contracts/inbound-testkit.js"; import type { OpenClawConfig } from "../../../../src/config/types.js"; -import { buildDispatchInboundCaptureMock } from "../../../../test/helpers/dispatch-inbound-capture.js"; import { createBaseSignalEventHandlerDeps, createSignalReceiveEvent, diff --git a/extensions/signal/src/monitor/event-handler.ts b/extensions/signal/src/monitor/event-handler.ts index 36eb0e8d276..c8f9da661a0 100644 --- a/extensions/signal/src/monitor/event-handler.ts +++ b/extensions/signal/src/monitor/event-handler.ts @@ -1,44 +1,41 @@ -import { resolveHumanDelayConfig } from "../../../../src/agents/identity.js"; -import { hasControlCommand } from "../../../../src/auto-reply/command-detection.js"; -import { dispatchInboundMessage } from "../../../../src/auto-reply/dispatch.js"; +import { resolveHumanDelayConfig } from "openclaw/plugin-sdk/agent-runtime"; +import { resolveControlCommandGate } from "openclaw/plugin-sdk/channel-runtime"; +import { + createChannelInboundDebouncer, + shouldDebounceTextInbound, +} from "openclaw/plugin-sdk/channel-runtime"; +import { logInboundDrop, logTypingFailure } from "openclaw/plugin-sdk/channel-runtime"; +import { resolveMentionGatingWithBypass } from "openclaw/plugin-sdk/channel-runtime"; +import { normalizeSignalMessagingTarget } from "openclaw/plugin-sdk/channel-runtime"; +import { createReplyPrefixOptions } from "openclaw/plugin-sdk/channel-runtime"; +import { recordInboundSession } from "openclaw/plugin-sdk/channel-runtime"; +import { createTypingCallbacks } from "openclaw/plugin-sdk/channel-runtime"; +import { resolveChannelGroupRequireMention } from "openclaw/plugin-sdk/config-runtime"; +import { readSessionUpdatedAt, resolveStorePath } from "openclaw/plugin-sdk/config-runtime"; +import { enqueueSystemEvent } from "openclaw/plugin-sdk/infra-runtime"; +import { kindFromMime } from "openclaw/plugin-sdk/media-runtime"; +import { hasControlCommand } from "openclaw/plugin-sdk/reply-runtime"; +import { dispatchInboundMessage } from "openclaw/plugin-sdk/reply-runtime"; import { formatInboundEnvelope, formatInboundFromLabel, resolveEnvelopeFormatOptions, -} from "../../../../src/auto-reply/envelope.js"; +} from "openclaw/plugin-sdk/reply-runtime"; import { buildPendingHistoryContextFromMap, clearHistoryEntriesIfEnabled, recordPendingHistoryEntryIfEnabled, -} from "../../../../src/auto-reply/reply/history.js"; -import { finalizeInboundContext } from "../../../../src/auto-reply/reply/inbound-context.js"; -import { - buildMentionRegexes, - matchesMentionPatterns, -} from "../../../../src/auto-reply/reply/mentions.js"; -import { createReplyDispatcherWithTyping } from "../../../../src/auto-reply/reply/reply-dispatcher.js"; -import { resolveControlCommandGate } from "../../../../src/channels/command-gating.js"; -import { - createChannelInboundDebouncer, - shouldDebounceTextInbound, -} from "../../../../src/channels/inbound-debounce-policy.js"; -import { logInboundDrop, logTypingFailure } from "../../../../src/channels/logging.js"; -import { resolveMentionGatingWithBypass } from "../../../../src/channels/mention-gating.js"; -import { normalizeSignalMessagingTarget } from "../../../../src/channels/plugins/normalize/signal.js"; -import { createReplyPrefixOptions } from "../../../../src/channels/reply-prefix.js"; -import { recordInboundSession } from "../../../../src/channels/session.js"; -import { createTypingCallbacks } from "../../../../src/channels/typing.js"; -import { resolveChannelGroupRequireMention } from "../../../../src/config/group-policy.js"; -import { readSessionUpdatedAt, resolveStorePath } from "../../../../src/config/sessions.js"; -import { danger, logVerbose, shouldLogVerbose } from "../../../../src/globals.js"; -import { enqueueSystemEvent } from "../../../../src/infra/system-events.js"; -import { kindFromMime } from "../../../../src/media/mime.js"; -import { resolveAgentRoute } from "../../../../src/routing/resolve-route.js"; +} from "openclaw/plugin-sdk/reply-runtime"; +import { finalizeInboundContext } from "openclaw/plugin-sdk/reply-runtime"; +import { buildMentionRegexes, matchesMentionPatterns } from "openclaw/plugin-sdk/reply-runtime"; +import { createReplyDispatcherWithTyping } from "openclaw/plugin-sdk/reply-runtime"; +import { resolveAgentRoute } from "openclaw/plugin-sdk/routing"; +import { danger, logVerbose, shouldLogVerbose } from "openclaw/plugin-sdk/runtime-env"; import { DM_GROUP_ACCESS_REASON, resolvePinnedMainDmOwnerFromAllowlist, -} from "../../../../src/security/dm-policy-shared.js"; -import { normalizeE164 } from "../../../../src/utils.js"; +} from "openclaw/plugin-sdk/security-runtime"; +import { normalizeE164 } from "openclaw/plugin-sdk/text-runtime"; import { formatSignalPairingIdLine, formatSignalSenderDisplay, diff --git a/extensions/signal/src/monitor/event-handler.types.ts b/extensions/signal/src/monitor/event-handler.types.ts index c1d0b0b3881..82a96af73cc 100644 --- a/extensions/signal/src/monitor/event-handler.types.ts +++ b/extensions/signal/src/monitor/event-handler.types.ts @@ -1,12 +1,12 @@ -import type { HistoryEntry } from "../../../../src/auto-reply/reply/history.js"; -import type { ReplyPayload } from "../../../../src/auto-reply/types.js"; -import type { OpenClawConfig } from "../../../../src/config/config.js"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; import type { DmPolicy, GroupPolicy, SignalReactionNotificationMode, -} from "../../../../src/config/types.js"; -import type { RuntimeEnv } from "../../../../src/runtime.js"; +} from "openclaw/plugin-sdk/config-runtime"; +import type { HistoryEntry } from "openclaw/plugin-sdk/reply-runtime"; +import type { ReplyPayload } from "openclaw/plugin-sdk/reply-runtime"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; import type { SignalSender } from "../identity.js"; export type SignalEnvelope = { diff --git a/extensions/signal/src/outbound-adapter.ts b/extensions/signal/src/outbound-adapter.ts index b0d77c12bd0..cd61b825981 100644 --- a/extensions/signal/src/outbound-adapter.ts +++ b/extensions/signal/src/outbound-adapter.ts @@ -1,11 +1,8 @@ -import { resolveTextChunkLimit } from "../../../src/auto-reply/chunk.js"; -import { createScopedChannelMediaMaxBytesResolver } from "../../../src/channels/plugins/outbound/direct-text-media.js"; -import type { ChannelOutboundAdapter } from "../../../src/channels/plugins/types.js"; -import { resolveMarkdownTableMode } from "../../../src/config/markdown-tables.js"; -import { - resolveOutboundSendDep, - type OutboundSendDeps, -} from "../../../src/infra/outbound/send-deps.js"; +import { createScopedChannelMediaMaxBytesResolver } from "openclaw/plugin-sdk/channel-runtime"; +import type { ChannelOutboundAdapter } from "openclaw/plugin-sdk/channel-runtime"; +import { resolveOutboundSendDep, type OutboundSendDeps } from "openclaw/plugin-sdk/channel-runtime"; +import { resolveMarkdownTableMode } from "openclaw/plugin-sdk/config-runtime"; +import { resolveTextChunkLimit } from "openclaw/plugin-sdk/reply-runtime"; import { markdownToSignalTextChunks } from "./format.js"; import { sendMessageSignal } from "./send.js"; diff --git a/extensions/signal/src/plugin-shared.ts b/extensions/signal/src/plugin-shared.ts new file mode 100644 index 00000000000..af9370171dd --- /dev/null +++ b/extensions/signal/src/plugin-shared.ts @@ -0,0 +1 @@ +export { signalSetupWizard } from "./shared.js"; diff --git a/extensions/signal/src/probe.test.ts b/extensions/signal/src/probe.test.ts index 7250c1de744..30816129107 100644 --- a/extensions/signal/src/probe.test.ts +++ b/extensions/signal/src/probe.test.ts @@ -1,27 +1,20 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; +import * as clientModule from "./client.js"; import { classifySignalCliLogLine } from "./daemon.js"; import { probeSignal } from "./probe.js"; -const signalCheckMock = vi.fn(); -const signalRpcRequestMock = vi.fn(); - -vi.mock("./client.js", () => ({ - signalCheck: (...args: unknown[]) => signalCheckMock(...args), - signalRpcRequest: (...args: unknown[]) => signalRpcRequestMock(...args), -})); - describe("probeSignal", () => { beforeEach(() => { - vi.clearAllMocks(); + vi.restoreAllMocks(); }); it("extracts version from {version} result", async () => { - signalCheckMock.mockResolvedValueOnce({ + vi.spyOn(clientModule, "signalCheck").mockResolvedValueOnce({ ok: true, status: 200, error: null, }); - signalRpcRequestMock.mockResolvedValueOnce({ version: "0.13.22" }); + vi.spyOn(clientModule, "signalRpcRequest").mockResolvedValueOnce({ version: "0.13.22" }); const res = await probeSignal("http://127.0.0.1:8080", 1000); @@ -31,7 +24,7 @@ describe("probeSignal", () => { }); it("returns ok=false when /check fails", async () => { - signalCheckMock.mockResolvedValueOnce({ + vi.spyOn(clientModule, "signalCheck").mockResolvedValueOnce({ ok: false, status: 503, error: "HTTP 503", diff --git a/extensions/signal/src/probe.ts b/extensions/signal/src/probe.ts index bf200effd6d..ac7dce428e8 100644 --- a/extensions/signal/src/probe.ts +++ b/extensions/signal/src/probe.ts @@ -1,4 +1,4 @@ -import type { BaseProbeResult } from "../../../src/channels/plugins/types.js"; +import type { BaseProbeResult } from "openclaw/plugin-sdk/channel-runtime"; import { signalCheck, signalRpcRequest } from "./client.js"; export type SignalProbe = BaseProbeResult & { diff --git a/extensions/signal/src/reaction-level.ts b/extensions/signal/src/reaction-level.ts index 884bccec58e..2211b9f261a 100644 --- a/extensions/signal/src/reaction-level.ts +++ b/extensions/signal/src/reaction-level.ts @@ -1,9 +1,9 @@ -import type { OpenClawConfig } from "../../../src/config/config.js"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; import { resolveReactionLevel, type ReactionLevel, type ResolvedReactionLevel, -} from "../../../src/utils/reaction-level.js"; +} from "openclaw/plugin-sdk/text-runtime"; import { resolveSignalAccount } from "./accounts.js"; export type SignalReactionLevel = ReactionLevel; diff --git a/extensions/signal/src/rpc-context.ts b/extensions/signal/src/rpc-context.ts index 54c123cc6be..255338379d4 100644 --- a/extensions/signal/src/rpc-context.ts +++ b/extensions/signal/src/rpc-context.ts @@ -1,4 +1,4 @@ -import { loadConfig } from "../../../src/config/config.js"; +import { loadConfig } from "openclaw/plugin-sdk/config-runtime"; import { resolveSignalAccount } from "./accounts.js"; export function resolveSignalRpcContext( diff --git a/extensions/signal/src/runtime.ts b/extensions/signal/src/runtime.ts index b7cc4160f1c..9790195f0e8 100644 --- a/extensions/signal/src/runtime.ts +++ b/extensions/signal/src/runtime.ts @@ -1,5 +1,5 @@ -import { createPluginRuntimeStore } from "openclaw/plugin-sdk/compat"; import type { PluginRuntime } from "openclaw/plugin-sdk/core"; +import { createPluginRuntimeStore } from "openclaw/plugin-sdk/runtime-store"; const { setRuntime: setSignalRuntime, getRuntime: getSignalRuntime } = createPluginRuntimeStore("Signal runtime not initialized"); diff --git a/extensions/signal/src/send-reactions.ts b/extensions/signal/src/send-reactions.ts index a5000ca9e8f..6b8c3791b2d 100644 --- a/extensions/signal/src/send-reactions.ts +++ b/extensions/signal/src/send-reactions.ts @@ -2,8 +2,8 @@ * Signal reactions via signal-cli JSON-RPC API */ -import { loadConfig } from "../../../src/config/config.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; +import { loadConfig } from "openclaw/plugin-sdk/config-runtime"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; import { resolveSignalAccount } from "./accounts.js"; import { signalRpcRequest } from "./client.js"; import { resolveSignalRpcContext } from "./rpc-context.js"; diff --git a/extensions/signal/src/send.ts b/extensions/signal/src/send.ts index bb953680290..c102624836e 100644 --- a/extensions/signal/src/send.ts +++ b/extensions/signal/src/send.ts @@ -1,7 +1,7 @@ -import { loadConfig, type OpenClawConfig } from "../../../src/config/config.js"; -import { resolveMarkdownTableMode } from "../../../src/config/markdown-tables.js"; -import { kindFromMime } from "../../../src/media/mime.js"; -import { resolveOutboundAttachmentFromUrl } from "../../../src/media/outbound-attachment.js"; +import { loadConfig, type OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { resolveMarkdownTableMode } from "openclaw/plugin-sdk/config-runtime"; +import { kindFromMime } from "openclaw/plugin-sdk/media-runtime"; +import { resolveOutboundAttachmentFromUrl } from "openclaw/plugin-sdk/media-runtime"; import { resolveSignalAccount } from "./accounts.js"; import { signalRpcRequest } from "./client.js"; import { markdownToSignalText, type SignalTextStyleRange } from "./format.js"; diff --git a/extensions/signal/src/setup-allow-from.test.ts b/extensions/signal/src/setup-allow-from.test.ts index 959082a2582..c7532870109 100644 --- a/extensions/signal/src/setup-allow-from.test.ts +++ b/extensions/signal/src/setup-allow-from.test.ts @@ -1,5 +1,5 @@ import { describe, expect, it } from "vitest"; -import { normalizeSignalAccountInput, parseSignalAllowFromEntries } from "./setup-surface.js"; +import { normalizeSignalAccountInput, parseSignalAllowFromEntries } from "./setup-core.js"; describe("normalizeSignalAccountInput", () => { it("normalizes valid E.164 numbers", () => { diff --git a/extensions/signal/src/setup-core.ts b/extensions/signal/src/setup-core.ts index 40cc99add6e..a89f25dc268 100644 --- a/extensions/signal/src/setup-core.ts +++ b/extensions/signal/src/setup-core.ts @@ -1,22 +1,20 @@ import { - applyAccountNameToChannelSection, - migrateBaseNameToDefaultAccount, -} from "../../../src/channels/plugins/setup-helpers.js"; -import { + createPatchedAccountSetupAdapter, + normalizeE164, parseSetupEntriesAllowingWildcard, promptParsedAllowFromForScopedChannel, setChannelDmPolicyWithAllowFrom, setSetupChannelEnabled, -} from "../../../src/channels/plugins/setup-wizard-helpers.js"; -import type { ChannelSetupDmPolicy } from "../../../src/channels/plugins/setup-wizard-types.js"; -import type { ChannelSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import type { ChannelSetupAdapter } from "../../../src/channels/plugins/types.adapters.js"; -import { formatCliCommand } from "../../../src/cli/command-format.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js"; -import { formatDocsLink } from "../../../src/terminal/links.js"; -import { normalizeE164 } from "../../../src/utils.js"; -import type { WizardPrompter } from "../../../src/wizard/prompts.js"; + type OpenClawConfig, + type WizardPrompter, +} from "openclaw/plugin-sdk/setup"; +import type { + ChannelSetupAdapter, + ChannelSetupDmPolicy, + ChannelSetupWizard, + ChannelSetupWizardTextInput, +} from "openclaw/plugin-sdk/setup"; +import { formatCliCommand, formatDocsLink } from "openclaw/plugin-sdk/setup-tools"; import { listSignalAccountIds, resolveDefaultSignalAccountId, @@ -86,7 +84,7 @@ function buildSignalSetupPatch(input: { }; } -async function promptSignalAllowFrom(params: { +export async function promptSignalAllowFrom(params: { cfg: OpenClawConfig; prompter: WizardPrompter; accountId?: string; @@ -114,15 +112,79 @@ async function promptSignalAllowFrom(params: { }); } -export const signalSetupAdapter: ChannelSetupAdapter = { - resolveAccountId: ({ accountId }) => normalizeAccountId(accountId), - applyAccountName: ({ cfg, accountId, name }) => - applyAccountNameToChannelSection({ +export const signalDmPolicy: ChannelSetupDmPolicy = { + label: "Signal", + channel, + policyKey: "channels.signal.dmPolicy", + allowFromKey: "channels.signal.allowFrom", + getCurrent: (cfg: OpenClawConfig) => cfg.channels?.signal?.dmPolicy ?? "pairing", + setPolicy: (cfg: OpenClawConfig, policy) => + setChannelDmPolicyWithAllowFrom({ cfg, - channelKey: channel, - accountId, - name, + channel, + dmPolicy: policy, }), + promptAllowFrom: promptSignalAllowFrom, +}; + +function resolveSignalCliPath(params: { + cfg: OpenClawConfig; + accountId: string; + credentialValues: Record; +}) { + return ( + (typeof params.credentialValues.cliPath === "string" + ? params.credentialValues.cliPath + : undefined) ?? + resolveSignalAccount({ cfg: params.cfg, accountId: params.accountId }).config.cliPath ?? + "signal-cli" + ); +} + +export function createSignalCliPathTextInput( + shouldPrompt: NonNullable, +): ChannelSetupWizardTextInput { + return { + inputKey: "cliPath", + message: "signal-cli path", + currentValue: ({ cfg, accountId, credentialValues }) => + resolveSignalCliPath({ cfg, accountId, credentialValues }), + initialValue: ({ cfg, accountId, credentialValues }) => + resolveSignalCliPath({ cfg, accountId, credentialValues }), + shouldPrompt, + confirmCurrentValue: false, + applyCurrentValue: true, + helpTitle: "Signal", + helpLines: [ + "signal-cli not found. Install it, then rerun this step or set channels.signal.cliPath.", + ], + }; +} + +export const signalNumberTextInput: ChannelSetupWizardTextInput = { + inputKey: "signalNumber", + message: "Signal bot number (E.164)", + currentValue: ({ cfg, accountId }) => + normalizeSignalAccountInput(resolveSignalAccount({ cfg, accountId }).config.account) ?? + undefined, + keepPrompt: (value) => `Signal account set (${value}). Keep it?`, + validate: ({ value }) => + normalizeSignalAccountInput(value) ? undefined : INVALID_SIGNAL_ACCOUNT_ERROR, + normalizeValue: ({ value }) => normalizeSignalAccountInput(value) ?? value, +}; + +export const signalCompletionNote = { + title: "Signal next steps", + lines: [ + 'Link device with: signal-cli link -n "OpenClaw"', + "Scan QR in Signal -> Linked Devices", + `Then run: ${formatCliCommand("openclaw gateway call channels.status --params '{\"probe\":true}'")}`, + `Docs: ${formatDocsLink("/signal", "signal")}`, + ], +}; + +export const signalSetupAdapter: ChannelSetupAdapter = createPatchedAccountSetupAdapter({ + channelKey: channel, validateInput: ({ input }) => { if ( !input.signalNumber && @@ -135,72 +197,12 @@ export const signalSetupAdapter: ChannelSetupAdapter = { } return null; }, - applyAccountConfig: ({ cfg, accountId, input }) => { - const namedConfig = applyAccountNameToChannelSection({ - cfg, - channelKey: channel, - accountId, - name: input.name, - }); - const next = - accountId !== DEFAULT_ACCOUNT_ID - ? migrateBaseNameToDefaultAccount({ - cfg: namedConfig, - channelKey: channel, - }) - : namedConfig; - if (accountId === DEFAULT_ACCOUNT_ID) { - return { - ...next, - channels: { - ...next.channels, - signal: { - ...next.channels?.signal, - enabled: true, - ...buildSignalSetupPatch(input), - }, - }, - }; - } - return { - ...next, - channels: { - ...next.channels, - signal: { - ...next.channels?.signal, - enabled: true, - accounts: { - ...next.channels?.signal?.accounts, - [accountId]: { - ...next.channels?.signal?.accounts?.[accountId], - enabled: true, - ...buildSignalSetupPatch(input), - }, - }, - }, - }, - }; - }, -}; + buildPatch: (input) => buildSignalSetupPatch(input), +}); export function createSignalSetupWizardProxy( loadWizard: () => Promise<{ signalSetupWizard: ChannelSetupWizard }>, ) { - const signalDmPolicy: ChannelSetupDmPolicy = { - label: "Signal", - channel, - policyKey: "channels.signal.dmPolicy", - allowFromKey: "channels.signal.allowFrom", - getCurrent: (cfg: OpenClawConfig) => cfg.channels?.signal?.dmPolicy ?? "pairing", - setPolicy: (cfg: OpenClawConfig, policy) => - setChannelDmPolicyWithAllowFrom({ - cfg, - channel, - dmPolicy: policy, - }), - promptAllowFrom: promptSignalAllowFrom, - }; - return { channel, status: { @@ -224,51 +226,15 @@ export function createSignalSetupWizardProxy( prepare: async (params) => await (await loadWizard()).signalSetupWizard.prepare?.(params), credentials: [], textInputs: [ - { - inputKey: "cliPath", - message: "signal-cli path", - currentValue: ({ cfg, accountId, credentialValues }) => - (typeof credentialValues.cliPath === "string" ? credentialValues.cliPath : undefined) ?? - resolveSignalAccount({ cfg, accountId }).config.cliPath ?? - "signal-cli", - initialValue: ({ cfg, accountId, credentialValues }) => - (typeof credentialValues.cliPath === "string" ? credentialValues.cliPath : undefined) ?? - resolveSignalAccount({ cfg, accountId }).config.cliPath ?? - "signal-cli", - shouldPrompt: async (params) => { - const input = (await loadWizard()).signalSetupWizard.textInputs?.find( - (entry) => entry.inputKey === "cliPath", - ); - return (await input?.shouldPrompt?.(params)) ?? false; - }, - confirmCurrentValue: false, - applyCurrentValue: true, - helpTitle: "Signal", - helpLines: [ - "signal-cli not found. Install it, then rerun this step or set channels.signal.cliPath.", - ], - }, - { - inputKey: "signalNumber", - message: "Signal bot number (E.164)", - currentValue: ({ cfg, accountId }) => - normalizeSignalAccountInput(resolveSignalAccount({ cfg, accountId }).config.account) ?? - undefined, - keepPrompt: (value) => `Signal account set (${value}). Keep it?`, - validate: ({ value }) => - normalizeSignalAccountInput(value) ? undefined : INVALID_SIGNAL_ACCOUNT_ERROR, - normalizeValue: ({ value }) => normalizeSignalAccountInput(value) ?? value, - }, + createSignalCliPathTextInput(async (params) => { + const input = (await loadWizard()).signalSetupWizard.textInputs?.find( + (entry) => entry.inputKey === "cliPath", + ); + return (await input?.shouldPrompt?.(params)) ?? false; + }), + signalNumberTextInput, ], - completionNote: { - title: "Signal next steps", - lines: [ - 'Link device with: signal-cli link -n "OpenClaw"', - "Scan QR in Signal -> Linked Devices", - `Then run: ${formatCliCommand("openclaw gateway call channels.status --params '{\"probe\":true}'")}`, - `Docs: ${formatDocsLink("/signal", "signal")}`, - ], - }, + completionNote: signalCompletionNote, dmPolicy: signalDmPolicy, disable: (cfg: OpenClawConfig) => setSetupChannelEnabled(cfg, channel, false), } satisfies ChannelSetupWizard; diff --git a/extensions/signal/src/setup-surface.ts b/extensions/signal/src/setup-surface.ts index d3bd8e0b6de..88d4d07a212 100644 --- a/extensions/signal/src/setup-surface.ts +++ b/extensions/signal/src/setup-surface.ts @@ -1,75 +1,17 @@ +import { setSetupChannelEnabled, type ChannelSetupWizard } from "openclaw/plugin-sdk/setup"; +import { detectBinary, installSignalCli } from "openclaw/plugin-sdk/setup-tools"; +import { listSignalAccountIds, resolveSignalAccount } from "./accounts.js"; import { - parseSetupEntriesAllowingWildcard, - promptParsedAllowFromForScopedChannel, - setChannelDmPolicyWithAllowFrom, - setSetupChannelEnabled, -} from "../../../src/channels/plugins/setup-wizard-helpers.js"; -import type { ChannelSetupDmPolicy } from "../../../src/channels/plugins/setup-wizard-types.js"; -import { type ChannelSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import { formatCliCommand } from "../../../src/cli/command-format.js"; -import { detectBinary } from "../../../src/commands/onboard-helpers.js"; -import { installSignalCli } from "../../../src/commands/signal-install.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { DEFAULT_ACCOUNT_ID } from "../../../src/routing/session-key.js"; -import { formatDocsLink } from "../../../src/terminal/links.js"; -import type { WizardPrompter } from "../../../src/wizard/prompts.js"; -import { - listSignalAccountIds, - resolveDefaultSignalAccountId, - resolveSignalAccount, -} from "./accounts.js"; -import { + createSignalCliPathTextInput, normalizeSignalAccountInput, parseSignalAllowFromEntries, + signalCompletionNote, + signalDmPolicy, + signalNumberTextInput, signalSetupAdapter, } from "./setup-core.js"; const channel = "signal" as const; -const INVALID_SIGNAL_ACCOUNT_ERROR = - "Invalid E.164 phone number (must start with + and country code, e.g. +15555550123)"; - -async function promptSignalAllowFrom(params: { - cfg: OpenClawConfig; - prompter: WizardPrompter; - accountId?: string; -}): Promise { - return promptParsedAllowFromForScopedChannel({ - cfg: params.cfg, - channel, - accountId: params.accountId, - defaultAccountId: resolveDefaultSignalAccountId(params.cfg), - prompter: params.prompter, - noteTitle: "Signal allowlist", - noteLines: [ - "Allowlist Signal DMs by sender id.", - "Examples:", - "- +15555550123", - "- uuid:123e4567-e89b-12d3-a456-426614174000", - "Multiple entries: comma-separated.", - `Docs: ${formatDocsLink("/signal", "signal")}`, - ], - message: "Signal allowFrom (E.164 or uuid)", - placeholder: "+15555550123, uuid:123e4567-e89b-12d3-a456-426614174000", - parseEntries: parseSignalAllowFromEntries, - getExistingAllowFrom: ({ cfg, accountId }) => - resolveSignalAccount({ cfg, accountId }).config.allowFrom ?? [], - }); -} - -const signalDmPolicy: ChannelSetupDmPolicy = { - label: "Signal", - channel, - policyKey: "channels.signal.dmPolicy", - allowFromKey: "channels.signal.allowFrom", - getCurrent: (cfg) => cfg.channels?.signal?.dmPolicy ?? "pairing", - setPolicy: (cfg, policy) => - setChannelDmPolicyWithAllowFrom({ - cfg, - channel, - dmPolicy: policy, - }), - promptAllowFrom: promptSignalAllowFrom, -}; export const signalSetupWizard: ChannelSetupWizard = { channel, @@ -138,46 +80,12 @@ export const signalSetupWizard: ChannelSetupWizard = { }, credentials: [], textInputs: [ - { - inputKey: "cliPath", - message: "signal-cli path", - currentValue: ({ cfg, accountId, credentialValues }) => - (typeof credentialValues.cliPath === "string" ? credentialValues.cliPath : undefined) ?? - resolveSignalAccount({ cfg, accountId }).config.cliPath ?? - "signal-cli", - initialValue: ({ cfg, accountId, credentialValues }) => - (typeof credentialValues.cliPath === "string" ? credentialValues.cliPath : undefined) ?? - resolveSignalAccount({ cfg, accountId }).config.cliPath ?? - "signal-cli", - shouldPrompt: async ({ currentValue }) => !(await detectBinary(currentValue ?? "signal-cli")), - confirmCurrentValue: false, - applyCurrentValue: true, - helpTitle: "Signal", - helpLines: [ - "signal-cli not found. Install it, then rerun this step or set channels.signal.cliPath.", - ], - }, - { - inputKey: "signalNumber", - message: "Signal bot number (E.164)", - currentValue: ({ cfg, accountId }) => - normalizeSignalAccountInput(resolveSignalAccount({ cfg, accountId }).config.account) ?? - undefined, - keepPrompt: (value) => `Signal account set (${value}). Keep it?`, - validate: ({ value }) => - normalizeSignalAccountInput(value) ? undefined : INVALID_SIGNAL_ACCOUNT_ERROR, - normalizeValue: ({ value }) => normalizeSignalAccountInput(value) ?? value, - }, + createSignalCliPathTextInput(async ({ currentValue }) => { + return !(await detectBinary(currentValue ?? "signal-cli")); + }), + signalNumberTextInput, ], - completionNote: { - title: "Signal next steps", - lines: [ - 'Link device with: signal-cli link -n "OpenClaw"', - "Scan QR in Signal -> Linked Devices", - `Then run: ${formatCliCommand("openclaw gateway call channels.status --params '{\"probe\":true}'")}`, - `Docs: ${formatDocsLink("/signal", "signal")}`, - ], - }, + completionNote: signalCompletionNote, dmPolicy: signalDmPolicy, disable: (cfg) => setSetupChannelEnabled(cfg, channel, false), }; diff --git a/extensions/signal/src/shared.ts b/extensions/signal/src/shared.ts new file mode 100644 index 00000000000..f03ecd847e2 --- /dev/null +++ b/extensions/signal/src/shared.ts @@ -0,0 +1,133 @@ +import { createScopedAccountConfigAccessors } from "openclaw/plugin-sdk/channel-config-helpers"; +import { + buildAccountScopedDmSecurityPolicy, + collectAllowlistProviderRestrictSendersWarnings, +} from "openclaw/plugin-sdk/channel-policy"; +import { + buildChannelConfigSchema, + DEFAULT_ACCOUNT_ID, + deleteAccountFromConfigSection, + getChatChannelMeta, + normalizeE164, + setAccountEnabledInConfigSection, + SignalConfigSchema, + type ChannelPlugin, +} from "openclaw/plugin-sdk/signal-core"; +import { + listSignalAccountIds, + resolveDefaultSignalAccountId, + resolveSignalAccount, + type ResolvedSignalAccount, +} from "./accounts.js"; +import { createSignalSetupWizardProxy } from "./setup-core.js"; + +export const SIGNAL_CHANNEL = "signal" as const; + +async function loadSignalChannelRuntime() { + return await import("./channel.runtime.js"); +} + +export const signalSetupWizard = createSignalSetupWizardProxy(async () => ({ + signalSetupWizard: (await loadSignalChannelRuntime()).signalSetupWizard, +})); + +export const signalConfigAccessors = createScopedAccountConfigAccessors({ + resolveAccount: ({ cfg, accountId }) => resolveSignalAccount({ cfg, accountId }), + resolveAllowFrom: (account: ResolvedSignalAccount) => account.config.allowFrom, + formatAllowFrom: (allowFrom) => + allowFrom + .map((entry) => String(entry).trim()) + .filter(Boolean) + .map((entry) => (entry === "*" ? "*" : normalizeE164(entry.replace(/^signal:/i, "")))) + .filter(Boolean), + resolveDefaultTo: (account: ResolvedSignalAccount) => account.config.defaultTo, +}); + +export function createSignalPluginBase(params: { + setupWizard?: NonNullable["setupWizard"]>; + setup: NonNullable["setup"]>; +}): Pick< + ChannelPlugin, + | "id" + | "meta" + | "setupWizard" + | "capabilities" + | "streaming" + | "reload" + | "configSchema" + | "config" + | "security" + | "setup" +> { + return { + id: SIGNAL_CHANNEL, + meta: { + ...getChatChannelMeta(SIGNAL_CHANNEL), + }, + setupWizard: params.setupWizard, + capabilities: { + chatTypes: ["direct", "group"], + media: true, + reactions: true, + }, + streaming: { + blockStreamingCoalesceDefaults: { minChars: 1500, idleMs: 1000 }, + }, + reload: { configPrefixes: ["channels.signal"] }, + configSchema: buildChannelConfigSchema(SignalConfigSchema), + config: { + listAccountIds: (cfg) => listSignalAccountIds(cfg), + resolveAccount: (cfg, accountId) => resolveSignalAccount({ cfg, accountId }), + defaultAccountId: (cfg) => resolveDefaultSignalAccountId(cfg), + setAccountEnabled: ({ cfg, accountId, enabled }) => + setAccountEnabledInConfigSection({ + cfg, + sectionKey: SIGNAL_CHANNEL, + accountId, + enabled, + allowTopLevel: true, + }), + deleteAccount: ({ cfg, accountId }) => + deleteAccountFromConfigSection({ + cfg, + sectionKey: SIGNAL_CHANNEL, + accountId, + clearBaseFields: ["account", "httpUrl", "httpHost", "httpPort", "cliPath", "name"], + }), + isConfigured: (account) => account.configured, + describeAccount: (account) => ({ + accountId: account.accountId, + name: account.name, + enabled: account.enabled, + configured: account.configured, + baseUrl: account.baseUrl, + }), + ...signalConfigAccessors, + }, + security: { + resolveDmPolicy: ({ cfg, accountId, account }) => + buildAccountScopedDmSecurityPolicy({ + cfg, + channelKey: SIGNAL_CHANNEL, + accountId, + fallbackAccountId: account.accountId ?? DEFAULT_ACCOUNT_ID, + policy: account.config.dmPolicy, + allowFrom: account.config.allowFrom ?? [], + policyPathSuffix: "dmPolicy", + normalizeEntry: (raw) => normalizeE164(raw.replace(/^signal:/i, "").trim()), + }), + collectWarnings: ({ account, cfg }) => + collectAllowlistProviderRestrictSendersWarnings({ + cfg, + providerConfigPresent: cfg.channels?.signal !== undefined, + configuredGroupPolicy: account.config.groupPolicy, + surface: "Signal groups", + openScope: "any member", + groupPolicyPath: "channels.signal.groupPolicy", + groupAllowFromPath: "channels.signal.groupAllowFrom", + mentionGated: false, + }), + }, + setup: params.setup, + }; +} diff --git a/extensions/signal/src/sse-reconnect.ts b/extensions/signal/src/sse-reconnect.ts index 240ec7a4beb..f825a211afb 100644 --- a/extensions/signal/src/sse-reconnect.ts +++ b/extensions/signal/src/sse-reconnect.ts @@ -1,7 +1,7 @@ -import { logVerbose, shouldLogVerbose } from "../../../src/globals.js"; -import type { BackoffPolicy } from "../../../src/infra/backoff.js"; -import { computeBackoff, sleepWithAbort } from "../../../src/infra/backoff.js"; -import type { RuntimeEnv } from "../../../src/runtime.js"; +import type { BackoffPolicy } from "openclaw/plugin-sdk/infra-runtime"; +import { computeBackoff, sleepWithAbort } from "openclaw/plugin-sdk/infra-runtime"; +import { logVerbose, shouldLogVerbose } from "openclaw/plugin-sdk/runtime-env"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; import { type SignalSseEvent, streamSignalEvents } from "./client.js"; const DEFAULT_RECONNECT_POLICY: BackoffPolicy = { diff --git a/extensions/slack/api.ts b/extensions/slack/api.ts new file mode 100644 index 00000000000..37aaf02b027 --- /dev/null +++ b/extensions/slack/api.ts @@ -0,0 +1,11 @@ +export * from "./src/account-inspect.js"; +export * from "./src/accounts.js"; +export * from "./src/actions.js"; +export * from "./src/blocks-input.js"; +export * from "./src/blocks-render.js"; +export * from "./src/http/index.js"; +export * from "./src/interactive-replies.js"; +export * from "./src/message-actions.js"; +export * from "./src/sent-thread-cache.js"; +export * from "./src/targets.js"; +export * from "./src/threading-tool-context.js"; diff --git a/extensions/slack/index.ts b/extensions/slack/index.ts index f1147cb9c91..f59b28f1f94 100644 --- a/extensions/slack/index.ts +++ b/extensions/slack/index.ts @@ -1,17 +1,14 @@ -import type { OpenClawPluginApi } from "openclaw/plugin-sdk/core"; -import { emptyPluginConfigSchema } from "openclaw/plugin-sdk/core"; +import { defineChannelPluginEntry } from "openclaw/plugin-sdk/core"; import { slackPlugin } from "./src/channel.js"; import { setSlackRuntime } from "./src/runtime.js"; -const plugin = { +export { slackPlugin } from "./src/channel.js"; +export { setSlackRuntime } from "./src/runtime.js"; + +export default defineChannelPluginEntry({ id: "slack", name: "Slack", description: "Slack channel plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { - setSlackRuntime(api.runtime); - api.registerChannel({ plugin: slackPlugin }); - }, -}; - -export default plugin; + plugin: slackPlugin, + setRuntime: setSlackRuntime, +}); diff --git a/extensions/slack/runtime-api.ts b/extensions/slack/runtime-api.ts new file mode 100644 index 00000000000..b40f24e4177 --- /dev/null +++ b/extensions/slack/runtime-api.ts @@ -0,0 +1,4 @@ +export * from "./src/directory-live.js"; +export * from "./src/index.js"; +export * from "./src/resolve-channels.js"; +export * from "./src/resolve-users.js"; diff --git a/extensions/slack/setup-entry.ts b/extensions/slack/setup-entry.ts index 1bd6eabde59..2600e593267 100644 --- a/extensions/slack/setup-entry.ts +++ b/extensions/slack/setup-entry.ts @@ -1,3 +1,6 @@ +import { defineSetupPluginEntry } from "openclaw/plugin-sdk/core"; import { slackSetupPlugin } from "./src/channel.setup.js"; -export default { plugin: slackSetupPlugin }; +export { slackSetupPlugin } from "./src/channel.setup.js"; + +export default defineSetupPluginEntry(slackSetupPlugin); diff --git a/extensions/slack/src/account-inspect.ts b/extensions/slack/src/account-inspect.ts index 8ada00e9832..3e5a67203fc 100644 --- a/extensions/slack/src/account-inspect.ts +++ b/extensions/slack/src/account-inspect.ts @@ -2,12 +2,12 @@ import { DEFAULT_ACCOUNT_ID, normalizeAccountId, type OpenClawConfig, - type SlackAccountConfig, -} from "openclaw/plugin-sdk/slack"; +} from "openclaw/plugin-sdk/account-resolution"; import { hasConfiguredSecretInput, normalizeSecretInputString, -} from "../../../src/config/types.secrets.js"; +} from "openclaw/plugin-sdk/config-runtime"; +import type { SlackAccountConfig } from "openclaw/plugin-sdk/slack"; import type { SlackAccountSurfaceFields } from "./account-surface-fields.js"; import { mergeSlackAccountConfig, diff --git a/extensions/slack/src/account-surface-fields.ts b/extensions/slack/src/account-surface-fields.ts index 8913a9859fe..be264d9d369 100644 --- a/extensions/slack/src/account-surface-fields.ts +++ b/extensions/slack/src/account-surface-fields.ts @@ -1,4 +1,4 @@ -import type { SlackAccountConfig } from "../../../src/config/types.js"; +import type { SlackAccountConfig } from "openclaw/plugin-sdk/config-runtime"; export type SlackAccountSurfaceFields = { groupPolicy?: SlackAccountConfig["groupPolicy"]; diff --git a/extensions/slack/src/accounts.ts b/extensions/slack/src/accounts.ts index 294bbf8956b..e453067e485 100644 --- a/extensions/slack/src/accounts.ts +++ b/extensions/slack/src/accounts.ts @@ -1,9 +1,12 @@ -import { normalizeChatType } from "../../../src/channels/chat-type.js"; -import { createAccountListHelpers } from "../../../src/channels/plugins/account-helpers.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import type { SlackAccountConfig } from "../../../src/config/types.js"; -import { resolveAccountEntry } from "../../../src/routing/account-lookup.js"; -import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js"; +import { + createAccountListHelpers, + DEFAULT_ACCOUNT_ID, + normalizeAccountId, + normalizeChatType, + resolveAccountEntry, + type OpenClawConfig, +} from "openclaw/plugin-sdk/account-resolution"; +import type { SlackAccountConfig } from "openclaw/plugin-sdk/slack"; import type { SlackAccountSurfaceFields } from "./account-surface-fields.js"; import { resolveSlackAppToken, resolveSlackBotToken, resolveSlackUserToken } from "./token.js"; diff --git a/extensions/slack/src/actions.ts b/extensions/slack/src/actions.ts index ba422ac50f2..20b32d15726 100644 --- a/extensions/slack/src/actions.ts +++ b/extensions/slack/src/actions.ts @@ -1,6 +1,6 @@ import type { Block, KnownBlock, WebClient } from "@slack/web-api"; -import { loadConfig } from "../../../src/config/config.js"; -import { logVerbose } from "../../../src/globals.js"; +import { loadConfig } from "openclaw/plugin-sdk/config-runtime"; +import { logVerbose } from "openclaw/plugin-sdk/runtime-env"; import { resolveSlackAccount } from "./accounts.js"; import { buildSlackBlocksFallbackText } from "./blocks-fallback.js"; import { validateSlackBlocksArray } from "./blocks-input.js"; diff --git a/extensions/slack/src/blocks-render.ts b/extensions/slack/src/blocks-render.ts index f22b179223d..775b988c521 100644 --- a/extensions/slack/src/blocks-render.ts +++ b/extensions/slack/src/blocks-render.ts @@ -1,6 +1,6 @@ import type { Block, KnownBlock } from "@slack/web-api"; -import { reduceInteractiveReply } from "../../../src/channels/plugins/outbound/interactive.js"; -import type { InteractiveReply } from "../../../src/interactive/payload.js"; +import { reduceInteractiveReply } from "openclaw/plugin-sdk/channel-runtime"; +import type { InteractiveReply } from "openclaw/plugin-sdk/channel-runtime"; import { truncateSlackText } from "./truncate.js"; export const SLACK_REPLY_BUTTON_ACTION_ID = "openclaw:reply_button"; diff --git a/extensions/slack/src/blocks.test-helpers.ts b/extensions/slack/src/blocks.test-helpers.ts index 50f7d66b04d..3ee978a2d81 100644 --- a/extensions/slack/src/blocks.test-helpers.ts +++ b/extensions/slack/src/blocks.test-helpers.ts @@ -17,7 +17,7 @@ export type SlackSendTestClient = WebClient & { }; export function installSlackBlockTestMocks() { - vi.mock("../../../src/config/config.js", () => ({ + vi.mock("openclaw/plugin-sdk/config-runtime", () => ({ loadConfig: () => ({}), })); diff --git a/extensions/slack/src/channel-migration.ts b/extensions/slack/src/channel-migration.ts index e78ade084d4..f6b97eb798a 100644 --- a/extensions/slack/src/channel-migration.ts +++ b/extensions/slack/src/channel-migration.ts @@ -1,6 +1,6 @@ -import type { OpenClawConfig } from "../../../src/config/config.js"; -import type { SlackChannelConfig } from "../../../src/config/types.slack.js"; -import { normalizeAccountId } from "../../../src/routing/session-key.js"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import type { SlackChannelConfig } from "openclaw/plugin-sdk/config-runtime"; +import { normalizeAccountId } from "openclaw/plugin-sdk/routing"; type SlackChannels = Record; diff --git a/extensions/slack/src/channel.runtime.ts b/extensions/slack/src/channel.runtime.ts index eefcc2c6215..6dfe5bed8fe 100644 --- a/extensions/slack/src/channel.runtime.ts +++ b/extensions/slack/src/channel.runtime.ts @@ -1 +1,5 @@ -export { slackSetupWizard } from "./setup-surface.js"; +import { slackSetupWizard as slackSetupWizardImpl } from "./setup-surface.js"; + +type SlackSetupWizard = typeof import("./setup-surface.js").slackSetupWizard; + +export const slackSetupWizard: SlackSetupWizard = { ...slackSetupWizardImpl }; diff --git a/extensions/slack/src/channel.setup.ts b/extensions/slack/src/channel.setup.ts index b5723ea5130..519f6eabe7b 100644 --- a/extensions/slack/src/channel.setup.ts +++ b/extensions/slack/src/channel.setup.ts @@ -1,102 +1,17 @@ -import { createScopedChannelConfigBase } from "openclaw/plugin-sdk/compat"; -import { - createScopedAccountConfigAccessors, - formatAllowFromLowercase, -} from "openclaw/plugin-sdk/compat"; import { buildChannelConfigSchema, - getChatChannelMeta, SlackConfigSchema, type ChannelPlugin, } from "openclaw/plugin-sdk/slack"; -import { inspectSlackAccount } from "./account-inspect.js"; -import { - listSlackAccountIds, - resolveDefaultSlackAccountId, - resolveSlackAccount, - type ResolvedSlackAccount, -} from "./accounts.js"; -import { isSlackInteractiveRepliesEnabled } from "./interactive-replies.js"; -import { createSlackSetupWizardProxy, slackSetupAdapter } from "./setup-core.js"; - -async function loadSlackChannelRuntime() { - return await import("./channel.runtime.js"); -} - -function isSlackAccountConfigured(account: ResolvedSlackAccount): boolean { - const mode = account.config.mode ?? "socket"; - const hasBotToken = Boolean(account.botToken?.trim()); - if (!hasBotToken) { - return false; - } - if (mode === "http") { - return Boolean(account.config.signingSecret?.trim()); - } - return Boolean(account.appToken?.trim()); -} - -const slackConfigAccessors = createScopedAccountConfigAccessors({ - resolveAccount: ({ cfg, accountId }) => resolveSlackAccount({ cfg, accountId }), - resolveAllowFrom: (account: ResolvedSlackAccount) => account.dm?.allowFrom, - formatAllowFrom: (allowFrom) => formatAllowFromLowercase({ allowFrom }), - resolveDefaultTo: (account: ResolvedSlackAccount) => account.config.defaultTo, -}); - -const slackConfigBase = createScopedChannelConfigBase({ - sectionKey: "slack", - listAccountIds: listSlackAccountIds, - resolveAccount: (cfg, accountId) => resolveSlackAccount({ cfg, accountId }), - inspectAccount: (cfg, accountId) => inspectSlackAccount({ cfg, accountId }), - defaultAccountId: resolveDefaultSlackAccountId, - clearBaseFields: ["botToken", "appToken", "name"], -}); - -const slackSetupWizard = createSlackSetupWizardProxy(async () => ({ - slackSetupWizard: (await loadSlackChannelRuntime()).slackSetupWizard, -})); +import { type ResolvedSlackAccount } from "./accounts.js"; +import { slackSetupAdapter } from "./setup-core.js"; +import { slackSetupWizard } from "./setup-surface.js"; +import { createSlackPluginBase } from "./shared.js"; export const slackSetupPlugin: ChannelPlugin = { - id: "slack", - meta: { - ...getChatChannelMeta("slack"), - preferSessionLookupForAnnounceTarget: true, - }, - setupWizard: slackSetupWizard, - capabilities: { - chatTypes: ["direct", "channel", "thread"], - reactions: true, - threads: true, - media: true, - nativeCommands: true, - }, - agentPrompt: { - messageToolHints: ({ cfg, accountId }) => - isSlackInteractiveRepliesEnabled({ cfg, accountId }) - ? [ - "- Slack interactive replies: use `[[slack_buttons: Label:value, Other:other]]` to add action buttons that route clicks back as Slack interaction system events.", - "- Slack selects: use `[[slack_select: Placeholder | Label:value, Other:other]]` to add a static select menu that routes the chosen value back as a Slack interaction system event.", - ] - : [ - "- Slack interactive replies are disabled. If needed, ask to set `channels.slack.capabilities.interactiveReplies=true` (or the same under `channels.slack.accounts..capabilities`).", - ], - }, - streaming: { - blockStreamingCoalesceDefaults: { minChars: 1500, idleMs: 1000 }, - }, - reload: { configPrefixes: ["channels.slack"] }, - configSchema: buildChannelConfigSchema(SlackConfigSchema), - config: { - ...slackConfigBase, - isConfigured: (account) => isSlackAccountConfigured(account), - describeAccount: (account) => ({ - accountId: account.accountId, - name: account.name, - enabled: account.enabled, - configured: isSlackAccountConfigured(account), - botTokenSource: account.botTokenSource, - appTokenSource: account.appTokenSource, - }), - ...slackConfigAccessors, - }, - setup: slackSetupAdapter, + ...createSlackPluginBase({ + configSchema: buildChannelConfigSchema(SlackConfigSchema), + setupWizard: slackSetupWizard, + setup: slackSetupAdapter, + }), }; diff --git a/extensions/slack/src/channel.ts b/extensions/slack/src/channel.ts index a07608d836a..8a82a3577b8 100644 --- a/extensions/slack/src/channel.ts +++ b/extensions/slack/src/channel.ts @@ -1,22 +1,19 @@ -import { createScopedChannelConfigBase } from "openclaw/plugin-sdk/compat"; import { buildAccountScopedAllowlistConfigEditor, + resolveLegacyDmAllowlistConfigPaths, +} from "openclaw/plugin-sdk/allowlist-config-edit"; +import { buildAccountScopedDmSecurityPolicy, - collectOpenProviderGroupPolicyWarnings, collectOpenGroupPolicyConfiguredRouteWarnings, - createScopedAccountConfigAccessors, - formatAllowFromLowercase, -} from "openclaw/plugin-sdk/compat"; + collectOpenProviderGroupPolicyWarnings, +} from "openclaw/plugin-sdk/channel-config-helpers"; +import { resolveOutboundSendDep } from "openclaw/plugin-sdk/channel-runtime"; +import { buildOutboundBaseSessionKey, normalizeOutboundThreadId } from "openclaw/plugin-sdk/core"; +import { resolveThreadSessionKeys, type RoutePeer } from "openclaw/plugin-sdk/routing"; import { - buildAgentSessionKey, - resolveThreadSessionKeys, - type RoutePeer, -} from "openclaw/plugin-sdk/core"; -import { - buildComputedAccountStatusSnapshot, buildChannelConfigSchema, + buildComputedAccountStatusSnapshot, DEFAULT_ACCOUNT_ID, - getChatChannelMeta, listSlackDirectoryGroupsFromConfig, listSlackDirectoryPeersFromConfig, looksLikeSlackTargetId, @@ -27,16 +24,14 @@ import { resolveSlackGroupRequireMention, resolveSlackGroupToolPolicy, SlackConfigSchema, + createSlackActions, type ChannelPlugin, type OpenClawConfig, + type SlackActionContext, } from "openclaw/plugin-sdk/slack"; -import { resolveOutboundSendDep } from "../../../src/infra/outbound/send-deps.js"; import { buildPassiveProbedChannelStatusSummary } from "../../shared/channel-status-summary.js"; -import { inspectSlackAccount } from "./account-inspect.js"; import { listEnabledSlackAccounts, - listSlackAccountIds, - resolveDefaultSlackAccountId, resolveSlackAccount, resolveSlackReplyToMode, type ResolvedSlackAccount, @@ -44,24 +39,24 @@ import { import { parseSlackBlocksInput } from "./blocks-input.js"; import { createSlackWebClient } from "./client.js"; import { isSlackInteractiveRepliesEnabled } from "./interactive-replies.js"; -import { handleSlackMessageAction } from "./message-action-dispatch.js"; -import { extractSlackToolSend, listSlackMessageActions } from "./message-actions.js"; import { normalizeAllowListLower } from "./monitor/allow-list.js"; import type { SlackProbe } from "./probe.js"; import { resolveSlackUserAllowlist } from "./resolve-users.js"; import { getSlackRuntime } from "./runtime.js"; import { fetchSlackScopes } from "./scopes.js"; -import { createSlackSetupWizardProxy, slackSetupAdapter } from "./setup-core.js"; +import { slackSetupAdapter } from "./setup-core.js"; +import { slackSetupWizard } from "./setup-surface.js"; +import { + createSlackPluginBase, + isSlackPluginAccountConfigured, + slackConfigAccessors, + SLACK_CHANNEL, +} from "./shared.js"; import { parseSlackTarget } from "./targets.js"; import { buildSlackThreadingToolContext } from "./threading-tool-context.js"; -const meta = getChatChannelMeta("slack"); const SLACK_CHANNEL_TYPE_CACHE = new Map(); -async function loadSlackChannelRuntime() { - return await import("./channel.runtime.js"); -} - // Select the appropriate Slack token for read/write operations. function getTokenForOperation( account: ResolvedSlackAccount, @@ -79,18 +74,6 @@ function getTokenForOperation( return botToken ?? userToken; } -function isSlackAccountConfigured(account: ResolvedSlackAccount): boolean { - const mode = account.config.mode ?? "socket"; - const hasBotToken = Boolean(account.botToken?.trim()); - if (!hasBotToken) { - return false; - } - if (mode === "http") { - return Boolean(account.config.signingSecret?.trim()); - } - return Boolean(account.appToken?.trim()); -} - type SlackSendFn = ReturnType["channel"]["slack"]["sendMessageSlack"]; function resolveSlackSendContext(params: { @@ -153,34 +136,13 @@ function parseSlackExplicitTarget(raw: string) { }; } -function normalizeOutboundThreadId(value?: string | number | null): string | undefined { - if (value == null) { - return undefined; - } - if (typeof value === "number") { - if (!Number.isFinite(value)) { - return undefined; - } - return String(Math.trunc(value)); - } - const trimmed = value.trim(); - return trimmed ? trimmed : undefined; -} - function buildSlackBaseSessionKey(params: { cfg: OpenClawConfig; agentId: string; accountId?: string | null; peer: RoutePeer; }) { - return buildAgentSessionKey({ - agentId: params.agentId, - channel: "slack", - accountId: params.accountId, - peer: params.peer, - dmScope: params.cfg.session?.dmScope ?? "main", - identityLinks: params.cfg.session?.identityLinks, - }); + return buildOutboundBaseSessionKey({ ...params, channel: "slack" }); } async function resolveSlackChannelType(params: { @@ -345,33 +307,12 @@ async function resolveSlackAllowlistNames(params: { return await resolveSlackUserAllowlist({ token, entries: params.entries }); } -const slackConfigAccessors = createScopedAccountConfigAccessors({ - resolveAccount: ({ cfg, accountId }) => resolveSlackAccount({ cfg, accountId }), - resolveAllowFrom: (account: ResolvedSlackAccount) => account.dm?.allowFrom, - formatAllowFrom: (allowFrom) => formatAllowFromLowercase({ allowFrom }), - resolveDefaultTo: (account: ResolvedSlackAccount) => account.config.defaultTo, -}); - -const slackConfigBase = createScopedChannelConfigBase({ - sectionKey: "slack", - listAccountIds: listSlackAccountIds, - resolveAccount: (cfg, accountId) => resolveSlackAccount({ cfg, accountId }), - inspectAccount: (cfg, accountId) => inspectSlackAccount({ cfg, accountId }), - defaultAccountId: resolveDefaultSlackAccountId, - clearBaseFields: ["botToken", "appToken", "name"], -}); - -const slackSetupWizard = createSlackSetupWizardProxy(async () => ({ - slackSetupWizard: (await loadSlackChannelRuntime()).slackSetupWizard, -})); - export const slackPlugin: ChannelPlugin = { - id: "slack", - meta: { - ...meta, - preferSessionLookupForAnnounceTarget: true, - }, - setupWizard: slackSetupWizard, + ...createSlackPluginBase({ + configSchema: buildChannelConfigSchema(SlackConfigSchema), + setupWizard: slackSetupWizard, + setup: slackSetupAdapter, + }), pairing: { idLabel: "slackUserId", normalizeAllowEntry: (entry) => entry.replace(/^(slack|user):/i, ""), @@ -400,42 +341,6 @@ export const slackPlugin: ChannelPlugin = { } }, }, - capabilities: { - chatTypes: ["direct", "channel", "thread"], - reactions: true, - threads: true, - media: true, - nativeCommands: true, - }, - agentPrompt: { - messageToolHints: ({ cfg, accountId }) => - isSlackInteractiveRepliesEnabled({ cfg, accountId }) - ? [ - "- Slack interactive replies: use `[[slack_buttons: Label:value, Other:other]]` to add action buttons that route clicks back as Slack interaction system events.", - "- Slack selects: use `[[slack_select: Placeholder | Label:value, Other:other]]` to add a static select menu that routes the chosen value back as a Slack interaction system event.", - ] - : [ - "- Slack interactive replies are disabled. If needed, ask to set `channels.slack.capabilities.interactiveReplies=true` (or the same under `channels.slack.accounts..capabilities`).", - ], - }, - streaming: { - blockStreamingCoalesceDefaults: { minChars: 1500, idleMs: 1000 }, - }, - reload: { configPrefixes: ["channels.slack"] }, - configSchema: buildChannelConfigSchema(SlackConfigSchema), - config: { - ...slackConfigBase, - isConfigured: (account) => isSlackAccountConfigured(account), - describeAccount: (account) => ({ - accountId: account.accountId, - name: account.name, - enabled: account.enabled, - configured: isSlackAccountConfigured(account), - botTokenSource: account.botTokenSource, - appTokenSource: account.appTokenSource, - }), - ...slackConfigAccessors, - }, allowlist: { supportsScope: ({ scope }) => scope === "dm", readConfig: ({ cfg, accountId }) => @@ -446,14 +351,7 @@ export const slackPlugin: ChannelPlugin = { channelId: "slack", normalize: ({ cfg, accountId, values }) => slackConfigAccessors.formatAllowFrom!({ cfg, accountId, allowFrom: values }), - resolvePaths: (scope) => - scope === "dm" - ? { - readPaths: [["allowFrom"], ["dm", "allowFrom"]], - writePath: ["allowFrom"], - cleanupPaths: [["dm", "allowFrom"]], - } - : null, + resolvePaths: resolveLegacyDmAllowlistConfigPaths, }), }, security: { @@ -590,28 +488,14 @@ export const slackPlugin: ChannelPlugin = { return resolved.map((entry) => toResolvedTarget(entry, entry.note)); }, }, - actions: { - listActions: ({ cfg }) => listSlackMessageActions(cfg), - getCapabilities: ({ cfg }) => { - const capabilities = new Set<"interactive" | "blocks">(); - if (listSlackMessageActions(cfg).includes("send")) { - capabilities.add("blocks"); - } - if (isSlackInteractiveRepliesEnabled({ cfg })) { - capabilities.add("interactive"); - } - return Array.from(capabilities); - }, - extractToolSend: ({ args }) => extractSlackToolSend(args), - handleAction: async (ctx) => - await handleSlackMessageAction({ - providerId: meta.id, - ctx, - includeReadThreadId: true, - invoke: async (action, cfg, toolContext) => - await getSlackRuntime().channel.slack.handleSlackAction(action, cfg, toolContext), - }), - }, + actions: createSlackActions(SLACK_CHANNEL, { + invoke: async (action, cfg, toolContext) => + await getSlackRuntime().channel.slack.handleSlackAction( + action, + cfg as OpenClawConfig, + toolContext as SlackActionContext | undefined, + ), + }), setup: slackSetupAdapter, outbound: { deliveryMode: "direct", @@ -722,7 +606,7 @@ export const slackPlugin: ChannelPlugin = { : resolveConfiguredFromRequiredCredentialStatuses(account, [ "botTokenStatus", "appTokenStatus", - ])) ?? isSlackAccountConfigured(account); + ])) ?? isSlackPluginAccountConfigured(account); const base = buildComputedAccountStatusSnapshot({ accountId: account.accountId, name: account.name, diff --git a/extensions/slack/src/directory-live.ts b/extensions/slack/src/directory-live.ts index 225548c646d..0a8bd04af22 100644 --- a/extensions/slack/src/directory-live.ts +++ b/extensions/slack/src/directory-live.ts @@ -1,5 +1,5 @@ -import type { DirectoryConfigParams } from "../../../src/channels/plugins/directory-config.js"; -import type { ChannelDirectoryEntry } from "../../../src/channels/plugins/types.js"; +import type { DirectoryConfigParams } from "openclaw/plugin-sdk/channel-runtime"; +import type { ChannelDirectoryEntry } from "openclaw/plugin-sdk/channel-runtime"; import { resolveSlackAccount } from "./accounts.js"; import { createSlackWebClient } from "./client.js"; diff --git a/extensions/slack/src/draft-stream.ts b/extensions/slack/src/draft-stream.ts index bb80ff8d536..f122e2664c5 100644 --- a/extensions/slack/src/draft-stream.ts +++ b/extensions/slack/src/draft-stream.ts @@ -1,4 +1,4 @@ -import { createDraftStreamLoop } from "../../../src/channels/draft-stream-loop.js"; +import { createDraftStreamLoop } from "openclaw/plugin-sdk/channel-runtime"; import { deleteSlackMessage, editSlackMessage } from "./actions.js"; import { sendMessageSlack } from "./send.js"; diff --git a/extensions/slack/src/format.ts b/extensions/slack/src/format.ts index 69aeaa6b3b9..e5ab385fc6b 100644 --- a/extensions/slack/src/format.ts +++ b/extensions/slack/src/format.ts @@ -1,6 +1,10 @@ -import type { MarkdownTableMode } from "../../../src/config/types.base.js"; -import { chunkMarkdownIR, markdownToIR, type MarkdownLinkSpan } from "../../../src/markdown/ir.js"; -import { renderMarkdownWithMarkers } from "../../../src/markdown/render.js"; +import type { MarkdownTableMode } from "openclaw/plugin-sdk/config-runtime"; +import { + chunkMarkdownIR, + markdownToIR, + type MarkdownLinkSpan, +} from "openclaw/plugin-sdk/text-runtime"; +import { renderMarkdownWithMarkers } from "openclaw/plugin-sdk/text-runtime"; // Escape special characters for Slack mrkdwn format. // Preserve Slack's angle-bracket tokens so mentions and links stay intact. diff --git a/extensions/slack/src/interactive-replies.ts b/extensions/slack/src/interactive-replies.ts index 31784bd3b40..2a9703872c4 100644 --- a/extensions/slack/src/interactive-replies.ts +++ b/extensions/slack/src/interactive-replies.ts @@ -1,4 +1,4 @@ -import type { OpenClawConfig } from "../../../src/config/config.js"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; import { listSlackAccountIds, resolveSlackAccount } from "./accounts.js"; function resolveInteractiveRepliesFromCapabilities(capabilities: unknown): boolean { diff --git a/extensions/slack/src/message-action-dispatch.ts b/extensions/slack/src/message-action-dispatch.ts index fc902f49558..fc04c122ac7 100644 --- a/extensions/slack/src/message-action-dispatch.ts +++ b/extensions/slack/src/message-action-dispatch.ts @@ -1,334 +1,9 @@ -import type { AgentToolResult } from "@mariozechner/pi-agent-core"; -import type { ChannelMessageActionContext } from "openclaw/plugin-sdk/core"; -import { parseSlackBlocksInput } from "./blocks-input.js"; -import { buildSlackInteractiveBlocks } from "./blocks-render.js"; +import { handleSlackMessageAction as handleSlackMessageActionImpl } from "openclaw/plugin-sdk/slack"; -type SlackActionInvoke = ( - action: Record, - cfg: ChannelMessageActionContext["cfg"], - toolContext?: ChannelMessageActionContext["toolContext"], -) => Promise>; +type HandleSlackMessageAction = typeof import("openclaw/plugin-sdk/slack").handleSlackMessageAction; -type InteractiveButtonStyle = "primary" | "secondary" | "success" | "danger"; - -type InteractiveReplyButton = { - label: string; - value: string; - style?: InteractiveButtonStyle; -}; - -type InteractiveReplyOption = { - label: string; - value: string; -}; - -type InteractiveReplyBlock = - | { type: "text"; text: string } - | { type: "buttons"; buttons: InteractiveReplyButton[] } - | { type: "select"; placeholder?: string; options: InteractiveReplyOption[] }; - -type InteractiveReply = { - blocks: InteractiveReplyBlock[]; -}; - -function readTrimmedString(value: unknown): string | undefined { - if (typeof value !== "string") { - return undefined; - } - const trimmed = value.trim(); - return trimmed || undefined; -} - -function normalizeButtonStyle(value: unknown): InteractiveButtonStyle | undefined { - const style = readTrimmedString(value)?.toLowerCase(); - return style === "primary" || style === "secondary" || style === "success" || style === "danger" - ? style - : undefined; -} - -function normalizeInteractiveButton(raw: unknown): InteractiveReplyButton | undefined { - if (!raw || typeof raw !== "object" || Array.isArray(raw)) { - return undefined; - } - const record = raw as Record; - const label = readTrimmedString(record.label) ?? readTrimmedString(record.text); - const value = - readTrimmedString(record.value) ?? - readTrimmedString(record.callbackData) ?? - readTrimmedString(record.callback_data); - if (!label || !value) { - return undefined; - } - return { label, value, style: normalizeButtonStyle(record.style) }; -} - -function normalizeInteractiveOption(raw: unknown): InteractiveReplyOption | undefined { - if (!raw || typeof raw !== "object" || Array.isArray(raw)) { - return undefined; - } - const record = raw as Record; - const label = readTrimmedString(record.label) ?? readTrimmedString(record.text); - const value = readTrimmedString(record.value); - return label && value ? { label, value } : undefined; -} - -function normalizeInteractiveReply(raw: unknown): InteractiveReply | undefined { - if (!raw || typeof raw !== "object" || Array.isArray(raw)) { - return undefined; - } - const record = raw as Record; - const blocks = Array.isArray(record.blocks) - ? record.blocks - .map((entry) => { - if (!entry || typeof entry !== "object" || Array.isArray(entry)) { - return undefined; - } - const block = entry as Record; - const type = readTrimmedString(block.type)?.toLowerCase(); - if (type === "text") { - const text = readTrimmedString(block.text); - return text ? ({ type: "text", text } as const) : undefined; - } - if (type === "buttons") { - const buttons = Array.isArray(block.buttons) - ? block.buttons - .map((button) => normalizeInteractiveButton(button)) - .filter((button): button is InteractiveReplyButton => Boolean(button)) - : []; - return buttons.length > 0 ? ({ type: "buttons", buttons } as const) : undefined; - } - if (type === "select") { - const options = Array.isArray(block.options) - ? block.options - .map((option) => normalizeInteractiveOption(option)) - .filter((option): option is InteractiveReplyOption => Boolean(option)) - : []; - return options.length > 0 - ? ({ - type: "select", - placeholder: readTrimmedString(block.placeholder), - options, - } as const) - : undefined; - } - return undefined; - }) - .filter((entry): entry is InteractiveReplyBlock => Boolean(entry)) - : []; - return blocks.length > 0 ? { blocks } : undefined; -} - -function readStringParam( - params: Record, - key: string, - options: { required?: boolean; trim?: boolean; label?: string; allowEmpty?: boolean } = {}, -): string | undefined { - const { required = false, trim = true, label = key, allowEmpty = false } = options; - const raw = params[key]; - if (typeof raw !== "string") { - if (required) { - throw new Error(`${label} required`); - } - return undefined; - } - const value = trim ? raw.trim() : raw; - if (!value && !allowEmpty) { - if (required) { - throw new Error(`${label} required`); - } - return undefined; - } - return value; -} - -function readNumberParam( - params: Record, - key: string, - options: { required?: boolean; label?: string; integer?: boolean; strict?: boolean } = {}, -): number | undefined { - const { required = false, label = key, integer = false, strict = false } = options; - const raw = params[key]; - let value: number | undefined; - if (typeof raw === "number" && Number.isFinite(raw)) { - value = raw; - } else if (typeof raw === "string") { - const trimmed = raw.trim(); - if (trimmed) { - const parsed = strict ? Number(trimmed) : Number.parseFloat(trimmed); - if (Number.isFinite(parsed)) { - value = parsed; - } - } - } - if (value === undefined) { - if (required) { - throw new Error(`${label} required`); - } - return undefined; - } - return integer ? Math.trunc(value) : value; -} - -function readSlackBlocksParam(actionParams: Record) { - return parseSlackBlocksInput(actionParams.blocks) as Record[] | undefined; -} - -export async function handleSlackMessageAction(params: { - providerId: string; - ctx: ChannelMessageActionContext; - invoke: SlackActionInvoke; - normalizeChannelId?: (channelId: string) => string; - includeReadThreadId?: boolean; -}): Promise> { - const { providerId, ctx, invoke, normalizeChannelId, includeReadThreadId = false } = params; - const { action, cfg, params: actionParams } = ctx; - const accountId = ctx.accountId ?? undefined; - const resolveChannelId = () => { - const channelId = - readStringParam(actionParams, "channelId") ?? - readStringParam(actionParams, "to", { required: true }); - if (!channelId) { - throw new Error("channelId required"); - } - return normalizeChannelId ? normalizeChannelId(channelId) : channelId; - }; - - if (action === "send") { - const to = readStringParam(actionParams, "to", { required: true }); - const content = readStringParam(actionParams, "message", { allowEmpty: true }); - const mediaUrl = readStringParam(actionParams, "media", { trim: false }); - const interactive = normalizeInteractiveReply(actionParams.interactive); - const interactiveBlocks = interactive ? buildSlackInteractiveBlocks(interactive) : undefined; - const blocks = readSlackBlocksParam(actionParams) ?? interactiveBlocks; - if (!content && !mediaUrl && !blocks) { - throw new Error("Slack send requires message, blocks, or media."); - } - if (mediaUrl && blocks) { - throw new Error("Slack send does not support blocks with media."); - } - const threadId = readStringParam(actionParams, "threadId"); - const replyTo = readStringParam(actionParams, "replyTo"); - return await invoke( - { - action: "sendMessage", - to, - content: content ?? "", - mediaUrl: mediaUrl ?? undefined, - accountId, - threadTs: threadId ?? replyTo ?? undefined, - ...(blocks ? { blocks } : {}), - }, - cfg, - ctx.toolContext, - ); - } - - if (action === "react") { - const messageId = readStringParam(actionParams, "messageId", { required: true }); - const emoji = readStringParam(actionParams, "emoji", { allowEmpty: true }); - const remove = typeof actionParams.remove === "boolean" ? actionParams.remove : undefined; - return await invoke( - { action: "react", channelId: resolveChannelId(), messageId, emoji, remove, accountId }, - cfg, - ); - } - - if (action === "reactions") { - const messageId = readStringParam(actionParams, "messageId", { required: true }); - const limit = readNumberParam(actionParams, "limit", { integer: true }); - return await invoke( - { action: "reactions", channelId: resolveChannelId(), messageId, limit, accountId }, - cfg, - ); - } - - if (action === "read") { - const limit = readNumberParam(actionParams, "limit", { integer: true }); - const readAction: Record = { - action: "readMessages", - channelId: resolveChannelId(), - limit, - before: readStringParam(actionParams, "before"), - after: readStringParam(actionParams, "after"), - accountId, - }; - if (includeReadThreadId) { - readAction.threadId = readStringParam(actionParams, "threadId"); - } - return await invoke(readAction, cfg); - } - - if (action === "edit") { - const messageId = readStringParam(actionParams, "messageId", { required: true }); - const content = readStringParam(actionParams, "message", { allowEmpty: true }); - const blocks = readSlackBlocksParam(actionParams); - if (!content && !blocks) { - throw new Error("Slack edit requires message or blocks."); - } - return await invoke( - { - action: "editMessage", - channelId: resolveChannelId(), - messageId, - content: content ?? "", - blocks, - accountId, - }, - cfg, - ); - } - - if (action === "delete") { - const messageId = readStringParam(actionParams, "messageId", { required: true }); - return await invoke( - { action: "deleteMessage", channelId: resolveChannelId(), messageId, accountId }, - cfg, - ); - } - - if (action === "pin" || action === "unpin" || action === "list-pins") { - const messageId = - action === "list-pins" - ? undefined - : readStringParam(actionParams, "messageId", { required: true }); - return await invoke( - { - action: action === "pin" ? "pinMessage" : action === "unpin" ? "unpinMessage" : "listPins", - channelId: resolveChannelId(), - messageId, - accountId, - }, - cfg, - ); - } - - if (action === "member-info") { - const userId = readStringParam(actionParams, "userId", { required: true }); - return await invoke({ action: "memberInfo", userId, accountId }, cfg); - } - - if (action === "emoji-list") { - const limit = readNumberParam(actionParams, "limit", { integer: true }); - return await invoke({ action: "emojiList", limit, accountId }, cfg); - } - - if (action === "download-file") { - const fileId = readStringParam(actionParams, "fileId", { required: true }); - const channelId = - readStringParam(actionParams, "channelId") ?? readStringParam(actionParams, "to"); - const threadId = - readStringParam(actionParams, "threadId") ?? readStringParam(actionParams, "replyTo"); - return await invoke( - { - action: "downloadFile", - fileId, - channelId: channelId ?? undefined, - threadId: threadId ?? undefined, - accountId, - }, - cfg, - ); - } - - throw new Error(`Action ${action} is not supported for provider ${providerId}.`); +export async function handleSlackMessageAction( + ...args: Parameters +): ReturnType { + return await handleSlackMessageActionImpl(...args); } diff --git a/extensions/slack/src/message-actions.ts b/extensions/slack/src/message-actions.ts index 8e2a293f166..938659c9354 100644 --- a/extensions/slack/src/message-actions.ts +++ b/extensions/slack/src/message-actions.ts @@ -1,9 +1,9 @@ -import { createActionGate } from "../../../src/agents/tools/common.js"; +import { createActionGate } from "openclaw/plugin-sdk/agent-runtime"; import type { ChannelMessageActionName, ChannelToolSend, -} from "../../../src/channels/plugins/types.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; +} from "openclaw/plugin-sdk/channel-runtime"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; import { listEnabledSlackAccounts } from "./accounts.js"; export function listSlackMessageActions(cfg: OpenClawConfig): ChannelMessageActionName[] { diff --git a/extensions/slack/src/monitor.test-helpers.ts b/extensions/slack/src/monitor.test-helpers.ts index c62147dd4a4..08cf5810345 100644 --- a/extensions/slack/src/monitor.test-helpers.ts +++ b/extensions/slack/src/monitor.test-helpers.ts @@ -187,15 +187,15 @@ export function resetSlackTestState(config: Record = defaultSla getSlackHandlers()?.clear(); } -vi.mock("../../../src/config/config.js", async (importOriginal) => { - const actual = await importOriginal(); +vi.mock("openclaw/plugin-sdk/config-runtime", async (importOriginal) => { + const actual = await importOriginal(); return { ...actual, loadConfig: () => slackTestState.config, }; }); -vi.mock("../../../src/auto-reply/reply.js", () => ({ +vi.mock("openclaw/plugin-sdk/reply-runtime", () => ({ getReplyFromConfig: (...args: unknown[]) => slackTestState.replyMock(...args), })); @@ -213,14 +213,14 @@ vi.mock("./send.js", () => ({ sendMessageSlack: (...args: unknown[]) => slackTestState.sendMock(...args), })); -vi.mock("../../../src/pairing/pairing-store.js", () => ({ +vi.mock("openclaw/plugin-sdk/conversation-runtime", () => ({ readChannelAllowFromStore: (...args: unknown[]) => slackTestState.readAllowFromStoreMock(...args), upsertChannelPairingRequest: (...args: unknown[]) => slackTestState.upsertPairingRequestMock(...args), })); -vi.mock("../../../src/config/sessions.js", async (importOriginal) => { - const actual = await importOriginal(); +vi.mock("openclaw/plugin-sdk/config-runtime", async (importOriginal) => { + const actual = await importOriginal(); return { ...actual, resolveStorePath: vi.fn(() => "/tmp/openclaw-sessions.json"), diff --git a/extensions/slack/src/monitor/allow-list.ts b/extensions/slack/src/monitor/allow-list.ts index 0e800047502..32fb7f40530 100644 --- a/extensions/slack/src/monitor/allow-list.ts +++ b/extensions/slack/src/monitor/allow-list.ts @@ -2,12 +2,12 @@ import { compileAllowlist, resolveCompiledAllowlistMatch, type AllowlistMatch, -} from "../../../../src/channels/allowlist-match.js"; +} from "openclaw/plugin-sdk/channel-runtime"; import { normalizeHyphenSlug, normalizeStringEntries, normalizeStringEntriesLower, -} from "../../../../src/shared/string-normalization.js"; +} from "openclaw/plugin-sdk/text-runtime"; const SLACK_SLUG_CACHE_MAX = 512; const slackSlugCache = new Map(); diff --git a/extensions/slack/src/monitor/auth.ts b/extensions/slack/src/monitor/auth.ts index 5022a94ad18..df8946a01c0 100644 --- a/extensions/slack/src/monitor/auth.ts +++ b/extensions/slack/src/monitor/auth.ts @@ -1,4 +1,4 @@ -import { readStoreAllowFromForDmPolicy } from "../../../../src/security/dm-policy-shared.js"; +import { readStoreAllowFromForDmPolicy } from "openclaw/plugin-sdk/security-runtime"; import { allowListMatches, normalizeAllowList, diff --git a/extensions/slack/src/monitor/channel-config.ts b/extensions/slack/src/monitor/channel-config.ts index e5f380a7102..32ad0e6f022 100644 --- a/extensions/slack/src/monitor/channel-config.ts +++ b/extensions/slack/src/monitor/channel-config.ts @@ -3,8 +3,8 @@ import { buildChannelKeyCandidates, resolveChannelEntryMatchWithFallback, type ChannelMatchSource, -} from "../../../../src/channels/channel-config.js"; -import type { SlackReactionNotificationMode } from "../../../../src/config/config.js"; +} from "openclaw/plugin-sdk/channel-runtime"; +import type { SlackReactionNotificationMode } from "openclaw/plugin-sdk/config-runtime"; import type { SlackMessageEvent } from "../types.js"; import { allowListMatches, normalizeAllowListLower, normalizeSlackSlug } from "./allow-list.js"; diff --git a/extensions/slack/src/monitor/commands.ts b/extensions/slack/src/monitor/commands.ts index 25fbaeb1007..1d83d9f74d1 100644 --- a/extensions/slack/src/monitor/commands.ts +++ b/extensions/slack/src/monitor/commands.ts @@ -1,4 +1,4 @@ -import type { SlackSlashCommandConfig } from "../../../../src/config/config.js"; +import type { SlackSlashCommandConfig } from "openclaw/plugin-sdk/config-runtime"; /** * Strip Slack mentions (<@U123>, <@U123|name>) so command detection works on diff --git a/extensions/slack/src/monitor/context.ts b/extensions/slack/src/monitor/context.ts index ad485a5c202..f39a92ce207 100644 --- a/extensions/slack/src/monitor/context.ts +++ b/extensions/slack/src/monitor/context.ts @@ -1,17 +1,17 @@ import type { App } from "@slack/bolt"; -import type { HistoryEntry } from "../../../../src/auto-reply/reply/history.js"; -import { formatAllowlistMatchMeta } from "../../../../src/channels/allowlist-match.js"; +import { formatAllowlistMatchMeta } from "openclaw/plugin-sdk/channel-runtime"; import type { OpenClawConfig, SlackReactionNotificationMode, -} from "../../../../src/config/config.js"; -import { resolveSessionKey, type SessionScope } from "../../../../src/config/sessions.js"; -import type { DmPolicy, GroupPolicy } from "../../../../src/config/types.js"; -import { logVerbose } from "../../../../src/globals.js"; -import { createDedupeCache } from "../../../../src/infra/dedupe.js"; -import { getChildLogger } from "../../../../src/logging.js"; -import { resolveAgentRoute } from "../../../../src/routing/resolve-route.js"; -import type { RuntimeEnv } from "../../../../src/runtime.js"; +} from "openclaw/plugin-sdk/config-runtime"; +import { resolveSessionKey, type SessionScope } from "openclaw/plugin-sdk/config-runtime"; +import type { DmPolicy, GroupPolicy } from "openclaw/plugin-sdk/config-runtime"; +import { createDedupeCache } from "openclaw/plugin-sdk/infra-runtime"; +import type { HistoryEntry } from "openclaw/plugin-sdk/reply-runtime"; +import { resolveAgentRoute } from "openclaw/plugin-sdk/routing"; +import { logVerbose } from "openclaw/plugin-sdk/runtime-env"; +import { getChildLogger } from "openclaw/plugin-sdk/runtime-env"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; import type { SlackMessageEvent } from "../types.js"; import { normalizeAllowList, normalizeAllowListLower, normalizeSlackSlug } from "./allow-list.js"; import type { SlackChannelConfigEntries } from "./channel-config.js"; @@ -53,7 +53,7 @@ export type SlackMonitorContext = { replyToMode: "off" | "first" | "all"; threadHistoryScope: "thread" | "channel"; threadInheritParent: boolean; - slashCommand: Required; + slashCommand: Required; textLimit: number; ackReactionScope: string; typingReaction: string; diff --git a/extensions/slack/src/monitor/dm-auth.ts b/extensions/slack/src/monitor/dm-auth.ts index 20d850d869a..930d31efdc5 100644 --- a/extensions/slack/src/monitor/dm-auth.ts +++ b/extensions/slack/src/monitor/dm-auth.ts @@ -1,6 +1,6 @@ -import { formatAllowlistMatchMeta } from "../../../../src/channels/allowlist-match.js"; -import { issuePairingChallenge } from "../../../../src/pairing/pairing-challenge.js"; -import { upsertChannelPairingRequest } from "../../../../src/pairing/pairing-store.js"; +import { formatAllowlistMatchMeta } from "openclaw/plugin-sdk/channel-runtime"; +import { issuePairingChallenge } from "openclaw/plugin-sdk/conversation-runtime"; +import { upsertChannelPairingRequest } from "openclaw/plugin-sdk/conversation-runtime"; import { resolveSlackAllowListMatch } from "./allow-list.js"; import type { SlackMonitorContext } from "./context.js"; diff --git a/extensions/slack/src/monitor/events/channels.ts b/extensions/slack/src/monitor/events/channels.ts index 283b6648cf9..e4940f80d9f 100644 --- a/extensions/slack/src/monitor/events/channels.ts +++ b/extensions/slack/src/monitor/events/channels.ts @@ -1,8 +1,8 @@ import type { SlackEventMiddlewareArgs } from "@slack/bolt"; -import { resolveChannelConfigWrites } from "../../../../../src/channels/plugins/config-writes.js"; -import { loadConfig, writeConfigFile } from "../../../../../src/config/config.js"; -import { danger, warn } from "../../../../../src/globals.js"; -import { enqueueSystemEvent } from "../../../../../src/infra/system-events.js"; +import { resolveChannelConfigWrites } from "openclaw/plugin-sdk/channel-runtime"; +import { loadConfig, writeConfigFile } from "openclaw/plugin-sdk/config-runtime"; +import { enqueueSystemEvent } from "openclaw/plugin-sdk/infra-runtime"; +import { danger, warn } from "openclaw/plugin-sdk/runtime-env"; import { migrateSlackChannelConfig } from "../../channel-migration.js"; import { resolveSlackChannelLabel } from "../channel-config.js"; import type { SlackMonitorContext } from "../context.js"; diff --git a/extensions/slack/src/monitor/events/interactions.block-actions.ts b/extensions/slack/src/monitor/events/interactions.block-actions.ts index 1f54df45a5d..f8a18720933 100644 --- a/extensions/slack/src/monitor/events/interactions.block-actions.ts +++ b/extensions/slack/src/monitor/events/interactions.block-actions.ts @@ -1,12 +1,12 @@ import type { SlackActionMiddlewareArgs } from "@slack/bolt"; import type { Block, KnownBlock } from "@slack/web-api"; -import { enqueueSystemEvent } from "../../../../../src/infra/system-events.js"; import { buildPluginBindingResolvedText, parsePluginBindingApprovalCustomId, resolvePluginConversationBindingApproval, -} from "../../../../../src/plugins/conversation-binding.js"; -import { dispatchPluginInteractiveHandler } from "../../../../../src/plugins/interactive.js"; +} from "openclaw/plugin-sdk/conversation-runtime"; +import { enqueueSystemEvent } from "openclaw/plugin-sdk/infra-runtime"; +import { dispatchPluginInteractiveHandler } from "openclaw/plugin-sdk/plugin-runtime"; import { SLACK_REPLY_BUTTON_ACTION_ID, SLACK_REPLY_SELECT_ACTION_ID } from "../../blocks-render.js"; import { authorizeSlackSystemEventSender } from "../auth.js"; import type { SlackMonitorContext } from "../context.js"; diff --git a/extensions/slack/src/monitor/events/interactions.modal.ts b/extensions/slack/src/monitor/events/interactions.modal.ts index 48e163c317f..14f7a0af0cd 100644 --- a/extensions/slack/src/monitor/events/interactions.modal.ts +++ b/extensions/slack/src/monitor/events/interactions.modal.ts @@ -1,4 +1,4 @@ -import { enqueueSystemEvent } from "../../../../../src/infra/system-events.js"; +import { enqueueSystemEvent } from "openclaw/plugin-sdk/infra-runtime"; import { parseSlackModalPrivateMetadata } from "../../modal-metadata.js"; import { authorizeSlackSystemEventSender } from "../auth.js"; import type { SlackMonitorContext } from "../context.js"; diff --git a/extensions/slack/src/monitor/events/members.ts b/extensions/slack/src/monitor/events/members.ts index 490c0bf6f04..26d02f11613 100644 --- a/extensions/slack/src/monitor/events/members.ts +++ b/extensions/slack/src/monitor/events/members.ts @@ -1,6 +1,6 @@ import type { SlackEventMiddlewareArgs } from "@slack/bolt"; -import { danger } from "../../../../../src/globals.js"; -import { enqueueSystemEvent } from "../../../../../src/infra/system-events.js"; +import { enqueueSystemEvent } from "openclaw/plugin-sdk/infra-runtime"; +import { danger } from "openclaw/plugin-sdk/runtime-env"; import type { SlackMonitorContext } from "../context.js"; import type { SlackMemberChannelEvent } from "../types.js"; import { authorizeAndResolveSlackSystemEventContext } from "./system-event-context.js"; diff --git a/extensions/slack/src/monitor/events/messages.ts b/extensions/slack/src/monitor/events/messages.ts index b950d5d19ea..309308caa57 100644 --- a/extensions/slack/src/monitor/events/messages.ts +++ b/extensions/slack/src/monitor/events/messages.ts @@ -1,6 +1,6 @@ import type { SlackEventMiddlewareArgs } from "@slack/bolt"; -import { danger } from "../../../../../src/globals.js"; -import { enqueueSystemEvent } from "../../../../../src/infra/system-events.js"; +import { enqueueSystemEvent } from "openclaw/plugin-sdk/infra-runtime"; +import { danger } from "openclaw/plugin-sdk/runtime-env"; import type { SlackAppMentionEvent, SlackMessageEvent } from "../../types.js"; import { normalizeSlackChannelType } from "../channel-type.js"; import type { SlackMonitorContext } from "../context.js"; diff --git a/extensions/slack/src/monitor/events/pins.ts b/extensions/slack/src/monitor/events/pins.ts index f051270624c..ba95f515810 100644 --- a/extensions/slack/src/monitor/events/pins.ts +++ b/extensions/slack/src/monitor/events/pins.ts @@ -1,6 +1,6 @@ import type { SlackEventMiddlewareArgs } from "@slack/bolt"; -import { danger } from "../../../../../src/globals.js"; -import { enqueueSystemEvent } from "../../../../../src/infra/system-events.js"; +import { enqueueSystemEvent } from "openclaw/plugin-sdk/infra-runtime"; +import { danger } from "openclaw/plugin-sdk/runtime-env"; import type { SlackMonitorContext } from "../context.js"; import type { SlackPinEvent } from "../types.js"; import { authorizeAndResolveSlackSystemEventContext } from "./system-event-context.js"; diff --git a/extensions/slack/src/monitor/events/reactions.ts b/extensions/slack/src/monitor/events/reactions.ts index 439c15e6d12..f439168dfde 100644 --- a/extensions/slack/src/monitor/events/reactions.ts +++ b/extensions/slack/src/monitor/events/reactions.ts @@ -1,6 +1,6 @@ import type { SlackEventMiddlewareArgs } from "@slack/bolt"; -import { danger } from "../../../../../src/globals.js"; -import { enqueueSystemEvent } from "../../../../../src/infra/system-events.js"; +import { enqueueSystemEvent } from "openclaw/plugin-sdk/infra-runtime"; +import { danger } from "openclaw/plugin-sdk/runtime-env"; import type { SlackMonitorContext } from "../context.js"; import type { SlackReactionEvent } from "../types.js"; import { authorizeAndResolveSlackSystemEventContext } from "./system-event-context.js"; diff --git a/extensions/slack/src/monitor/events/system-event-context.ts b/extensions/slack/src/monitor/events/system-event-context.ts index 278dd2324d7..544a889df5f 100644 --- a/extensions/slack/src/monitor/events/system-event-context.ts +++ b/extensions/slack/src/monitor/events/system-event-context.ts @@ -1,4 +1,4 @@ -import { logVerbose } from "../../../../../src/globals.js"; +import { logVerbose } from "openclaw/plugin-sdk/runtime-env"; import { authorizeSlackSystemEventSender } from "../auth.js"; import { resolveSlackChannelLabel } from "../channel-config.js"; import type { SlackMonitorContext } from "../context.js"; diff --git a/extensions/slack/src/monitor/external-arg-menu-store.ts b/extensions/slack/src/monitor/external-arg-menu-store.ts index e2cbf68479d..c3327ee88c6 100644 --- a/extensions/slack/src/monitor/external-arg-menu-store.ts +++ b/extensions/slack/src/monitor/external-arg-menu-store.ts @@ -1,4 +1,4 @@ -import { generateSecureToken } from "../../../../src/infra/secure-random.js"; +import { generateSecureToken } from "openclaw/plugin-sdk/infra-runtime"; const SLACK_EXTERNAL_ARG_MENU_TOKEN_BYTES = 18; const SLACK_EXTERNAL_ARG_MENU_TOKEN_LENGTH = Math.ceil( diff --git a/extensions/slack/src/monitor/media.test.ts b/extensions/slack/src/monitor/media.test.ts index f745f205950..9ac0bc0eeb1 100644 --- a/extensions/slack/src/monitor/media.test.ts +++ b/extensions/slack/src/monitor/media.test.ts @@ -4,7 +4,10 @@ import * as mediaFetch from "../../../../src/media/fetch.js"; import type { SavedMedia } from "../../../../src/media/store.js"; import * as mediaStore from "../../../../src/media/store.js"; import { mockPinnedHostnameResolution } from "../../../../src/test-helpers/ssrf.js"; -import { type FetchMock, withFetchPreconnect } from "../../../../src/test-utils/fetch-mock.js"; +import { + type FetchMock, + withFetchPreconnect, +} from "../../../../test/helpers/extensions/fetch-mock.js"; import { fetchWithSlackAuth, resolveSlackAttachmentContent, diff --git a/extensions/slack/src/monitor/media.ts b/extensions/slack/src/monitor/media.ts index 7c5a619129f..ef574a7381c 100644 --- a/extensions/slack/src/monitor/media.ts +++ b/extensions/slack/src/monitor/media.ts @@ -1,9 +1,9 @@ import type { WebClient as SlackWebClient } from "@slack/web-api"; -import { normalizeHostname } from "../../../../src/infra/net/hostname.js"; -import type { FetchLike } from "../../../../src/media/fetch.js"; -import { fetchRemoteMedia } from "../../../../src/media/fetch.js"; -import { saveMediaBuffer } from "../../../../src/media/store.js"; -import { resolveRequestUrl } from "../../../../src/plugin-sdk/request-url.js"; +import { normalizeHostname } from "openclaw/plugin-sdk/infra-runtime"; +import type { FetchLike } from "openclaw/plugin-sdk/media-runtime"; +import { fetchRemoteMedia } from "openclaw/plugin-sdk/media-runtime"; +import { saveMediaBuffer } from "openclaw/plugin-sdk/media-runtime"; +import { resolveRequestUrl } from "openclaw/plugin-sdk/request-url"; import type { SlackAttachment, SlackFile } from "../types.js"; function isSlackHostname(hostname: string): boolean { diff --git a/extensions/slack/src/monitor/message-handler.ts b/extensions/slack/src/monitor/message-handler.ts index 37e0eb23bd3..feaddff98df 100644 --- a/extensions/slack/src/monitor/message-handler.ts +++ b/extensions/slack/src/monitor/message-handler.ts @@ -1,7 +1,7 @@ import { createChannelInboundDebouncer, shouldDebounceTextInbound, -} from "../../../../src/channels/inbound-debounce-policy.js"; +} from "openclaw/plugin-sdk/channel-runtime"; import type { ResolvedSlackAccount } from "../accounts.js"; import type { SlackMessageEvent } from "../types.js"; import { stripSlackMentionsForCommandDetection } from "./commands.js"; diff --git a/extensions/slack/src/monitor/message-handler/dispatch.ts b/extensions/slack/src/monitor/message-handler/dispatch.ts index 43ee958bdda..569ca8f60a7 100644 --- a/extensions/slack/src/monitor/message-handler/dispatch.ts +++ b/extensions/slack/src/monitor/message-handler/dispatch.ts @@ -1,16 +1,16 @@ -import { resolveHumanDelayConfig } from "../../../../../src/agents/identity.js"; -import { dispatchInboundMessage } from "../../../../../src/auto-reply/dispatch.js"; -import { clearHistoryEntriesIfEnabled } from "../../../../../src/auto-reply/reply/history.js"; -import { createReplyDispatcherWithTyping } from "../../../../../src/auto-reply/reply/reply-dispatcher.js"; -import type { ReplyPayload } from "../../../../../src/auto-reply/types.js"; -import { removeAckReactionAfterReply } from "../../../../../src/channels/ack-reactions.js"; -import { logAckFailure, logTypingFailure } from "../../../../../src/channels/logging.js"; -import { createReplyPrefixOptions } from "../../../../../src/channels/reply-prefix.js"; -import { createTypingCallbacks } from "../../../../../src/channels/typing.js"; -import { resolveStorePath, updateLastRoute } from "../../../../../src/config/sessions.js"; -import { danger, logVerbose, shouldLogVerbose } from "../../../../../src/globals.js"; -import { resolveAgentOutboundIdentity } from "../../../../../src/infra/outbound/identity.js"; -import { resolvePinnedMainDmOwnerFromAllowlist } from "../../../../../src/security/dm-policy-shared.js"; +import { resolveHumanDelayConfig } from "openclaw/plugin-sdk/agent-runtime"; +import { removeAckReactionAfterReply } from "openclaw/plugin-sdk/channel-runtime"; +import { logAckFailure, logTypingFailure } from "openclaw/plugin-sdk/channel-runtime"; +import { createReplyPrefixOptions } from "openclaw/plugin-sdk/channel-runtime"; +import { createTypingCallbacks } from "openclaw/plugin-sdk/channel-runtime"; +import { resolveStorePath, updateLastRoute } from "openclaw/plugin-sdk/config-runtime"; +import { resolveAgentOutboundIdentity } from "openclaw/plugin-sdk/infra-runtime"; +import { dispatchInboundMessage } from "openclaw/plugin-sdk/reply-runtime"; +import { clearHistoryEntriesIfEnabled } from "openclaw/plugin-sdk/reply-runtime"; +import { createReplyDispatcherWithTyping } from "openclaw/plugin-sdk/reply-runtime"; +import type { ReplyPayload } from "openclaw/plugin-sdk/reply-runtime"; +import { danger, logVerbose, shouldLogVerbose } from "openclaw/plugin-sdk/runtime-env"; +import { resolvePinnedMainDmOwnerFromAllowlist } from "openclaw/plugin-sdk/security-runtime"; import { editSlackMessage, reactSlackMessage, removeSlackReaction } from "../../actions.js"; import { createSlackDraftStream } from "../../draft-stream.js"; import { normalizeSlackOutboundText } from "../../format.js"; diff --git a/extensions/slack/src/monitor/message-handler/prepare-content.ts b/extensions/slack/src/monitor/message-handler/prepare-content.ts index e1db426ad7e..54a5183bfb0 100644 --- a/extensions/slack/src/monitor/message-handler/prepare-content.ts +++ b/extensions/slack/src/monitor/message-handler/prepare-content.ts @@ -1,4 +1,4 @@ -import { logVerbose } from "../../../../../src/globals.js"; +import { logVerbose } from "openclaw/plugin-sdk/runtime-env"; import type { SlackFile, SlackMessageEvent } from "../../types.js"; import { MAX_SLACK_MEDIA_FILES, diff --git a/extensions/slack/src/monitor/message-handler/prepare-thread-context.ts b/extensions/slack/src/monitor/message-handler/prepare-thread-context.ts index 9673e8d72cc..5d4020f1b46 100644 --- a/extensions/slack/src/monitor/message-handler/prepare-thread-context.ts +++ b/extensions/slack/src/monitor/message-handler/prepare-thread-context.ts @@ -1,6 +1,6 @@ -import { formatInboundEnvelope } from "../../../../../src/auto-reply/envelope.js"; -import { readSessionUpdatedAt } from "../../../../../src/config/sessions.js"; -import { logVerbose } from "../../../../../src/globals.js"; +import { readSessionUpdatedAt } from "openclaw/plugin-sdk/config-runtime"; +import { formatInboundEnvelope } from "openclaw/plugin-sdk/reply-runtime"; +import { logVerbose } from "openclaw/plugin-sdk/runtime-env"; import type { ResolvedSlackAccount } from "../../accounts.js"; import type { SlackMessageEvent } from "../../types.js"; import type { SlackMonitorContext } from "../context.js"; @@ -30,7 +30,7 @@ export async function resolveSlackThreadContextData(params: { storePath: string; sessionKey: string; envelopeOptions: ReturnType< - typeof import("../../../../../src/auto-reply/envelope.js").resolveEnvelopeFormatOptions + typeof import("openclaw/plugin-sdk/reply-runtime").resolveEnvelopeFormatOptions >; effectiveDirectMedia: SlackMediaResult[] | null; }): Promise { diff --git a/extensions/slack/src/monitor/message-handler/prepare.test-helpers.ts b/extensions/slack/src/monitor/message-handler/prepare.test-helpers.ts index cdc7a3bc411..f6d3ab21ce9 100644 --- a/extensions/slack/src/monitor/message-handler/prepare.test-helpers.ts +++ b/extensions/slack/src/monitor/message-handler/prepare.test-helpers.ts @@ -1,6 +1,6 @@ import type { App } from "@slack/bolt"; -import type { OpenClawConfig } from "../../../../../src/config/config.js"; -import type { RuntimeEnv } from "../../../../../src/runtime.js"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; import type { ResolvedSlackAccount } from "../../accounts.js"; import { createSlackMonitorContext } from "../context.js"; diff --git a/extensions/slack/src/monitor/message-handler/prepare.ts b/extensions/slack/src/monitor/message-handler/prepare.ts index ba18b008d37..e6bc3a23446 100644 --- a/extensions/slack/src/monitor/message-handler/prepare.ts +++ b/extensions/slack/src/monitor/message-handler/prepare.ts @@ -1,35 +1,32 @@ -import { resolveAckReaction } from "../../../../../src/agents/identity.js"; -import { hasControlCommand } from "../../../../../src/auto-reply/command-detection.js"; -import { shouldHandleTextCommands } from "../../../../../src/auto-reply/commands-registry.js"; -import { - formatInboundEnvelope, - resolveEnvelopeFormatOptions, -} from "../../../../../src/auto-reply/envelope.js"; -import { - buildPendingHistoryContextFromMap, - recordPendingHistoryEntryIfEnabled, -} from "../../../../../src/auto-reply/reply/history.js"; -import { finalizeInboundContext } from "../../../../../src/auto-reply/reply/inbound-context.js"; -import { - buildMentionRegexes, - matchesMentionWithExplicit, -} from "../../../../../src/auto-reply/reply/mentions.js"; -import type { FinalizedMsgContext } from "../../../../../src/auto-reply/templating.js"; +import { resolveAckReaction } from "openclaw/plugin-sdk/agent-runtime"; import { shouldAckReaction as shouldAckReactionGate, type AckReactionScope, -} from "../../../../../src/channels/ack-reactions.js"; -import { resolveControlCommandGate } from "../../../../../src/channels/command-gating.js"; -import { resolveConversationLabel } from "../../../../../src/channels/conversation-label.js"; -import { logInboundDrop } from "../../../../../src/channels/logging.js"; -import { resolveMentionGatingWithBypass } from "../../../../../src/channels/mention-gating.js"; -import { recordInboundSession } from "../../../../../src/channels/session.js"; -import { readSessionUpdatedAt, resolveStorePath } from "../../../../../src/config/sessions.js"; -import { logVerbose, shouldLogVerbose } from "../../../../../src/globals.js"; -import { enqueueSystemEvent } from "../../../../../src/infra/system-events.js"; -import { resolveAgentRoute } from "../../../../../src/routing/resolve-route.js"; -import { resolveThreadSessionKeys } from "../../../../../src/routing/session-key.js"; -import { resolvePinnedMainDmOwnerFromAllowlist } from "../../../../../src/security/dm-policy-shared.js"; +} from "openclaw/plugin-sdk/channel-runtime"; +import { resolveControlCommandGate } from "openclaw/plugin-sdk/channel-runtime"; +import { resolveConversationLabel } from "openclaw/plugin-sdk/channel-runtime"; +import { logInboundDrop } from "openclaw/plugin-sdk/channel-runtime"; +import { resolveMentionGatingWithBypass } from "openclaw/plugin-sdk/channel-runtime"; +import { recordInboundSession } from "openclaw/plugin-sdk/channel-runtime"; +import { readSessionUpdatedAt, resolveStorePath } from "openclaw/plugin-sdk/config-runtime"; +import { enqueueSystemEvent } from "openclaw/plugin-sdk/infra-runtime"; +import { hasControlCommand } from "openclaw/plugin-sdk/reply-runtime"; +import { shouldHandleTextCommands } from "openclaw/plugin-sdk/reply-runtime"; +import { + formatInboundEnvelope, + resolveEnvelopeFormatOptions, +} from "openclaw/plugin-sdk/reply-runtime"; +import { + buildPendingHistoryContextFromMap, + recordPendingHistoryEntryIfEnabled, +} from "openclaw/plugin-sdk/reply-runtime"; +import { finalizeInboundContext } from "openclaw/plugin-sdk/reply-runtime"; +import { buildMentionRegexes, matchesMentionWithExplicit } from "openclaw/plugin-sdk/reply-runtime"; +import type { FinalizedMsgContext } from "openclaw/plugin-sdk/reply-runtime"; +import { resolveAgentRoute } from "openclaw/plugin-sdk/routing"; +import { resolveThreadSessionKeys } from "openclaw/plugin-sdk/routing"; +import { logVerbose, shouldLogVerbose } from "openclaw/plugin-sdk/runtime-env"; +import { resolvePinnedMainDmOwnerFromAllowlist } from "openclaw/plugin-sdk/security-runtime"; import { resolveSlackReplyToMode, type ResolvedSlackAccount } from "../../accounts.js"; import { reactSlackMessage } from "../../actions.js"; import { sendMessageSlack } from "../../send.js"; diff --git a/extensions/slack/src/monitor/message-handler/types.ts b/extensions/slack/src/monitor/message-handler/types.ts index cd1e2bdc40c..bcff64cc470 100644 --- a/extensions/slack/src/monitor/message-handler/types.ts +++ b/extensions/slack/src/monitor/message-handler/types.ts @@ -1,5 +1,5 @@ -import type { FinalizedMsgContext } from "../../../../../src/auto-reply/templating.js"; -import type { ResolvedAgentRoute } from "../../../../../src/routing/resolve-route.js"; +import type { FinalizedMsgContext } from "openclaw/plugin-sdk/reply-runtime"; +import type { ResolvedAgentRoute } from "openclaw/plugin-sdk/routing"; import type { ResolvedSlackAccount } from "../../accounts.js"; import type { SlackMessageEvent } from "../../types.js"; import type { SlackChannelConfigResolved } from "../channel-config.js"; diff --git a/extensions/slack/src/monitor/policy.ts b/extensions/slack/src/monitor/policy.ts index ab5d9230a62..9f58c758c51 100644 --- a/extensions/slack/src/monitor/policy.ts +++ b/extensions/slack/src/monitor/policy.ts @@ -1,4 +1,4 @@ -import { evaluateGroupRouteAccessForPolicy } from "../../../../src/plugin-sdk/group-access.js"; +import { evaluateGroupRouteAccessForPolicy } from "openclaw/plugin-sdk/group-access"; export function isSlackChannelAllowedByPolicy(params: { groupPolicy: "open" | "disabled" | "allowlist"; diff --git a/extensions/slack/src/monitor/provider.ts b/extensions/slack/src/monitor/provider.ts index 2104a5355cf..5a382551b47 100644 --- a/extensions/slack/src/monitor/provider.ts +++ b/extensions/slack/src/monitor/provider.ts @@ -1,30 +1,30 @@ import type { IncomingMessage, ServerResponse } from "node:http"; import SlackBolt, * as SlackBoltNamespace from "@slack/bolt"; -import { resolveTextChunkLimit } from "../../../../src/auto-reply/chunk.js"; -import { DEFAULT_GROUP_HISTORY_LIMIT } from "../../../../src/auto-reply/reply/history.js"; import { addAllowlistUserEntriesFromConfigEntry, buildAllowlistResolutionSummary, mergeAllowlist, patchAllowlistUsersInConfigEntries, summarizeMapping, -} from "../../../../src/channels/allowlists/resolve-utils.js"; -import { loadConfig } from "../../../../src/config/config.js"; -import { isDangerousNameMatchingEnabled } from "../../../../src/config/dangerous-name-matching.js"; +} from "openclaw/plugin-sdk/channel-runtime"; +import { loadConfig } from "openclaw/plugin-sdk/config-runtime"; +import { isDangerousNameMatchingEnabled } from "openclaw/plugin-sdk/config-runtime"; import { resolveOpenProviderRuntimeGroupPolicy, resolveDefaultGroupPolicy, warnMissingProviderGroupPolicyFallbackOnce, -} from "../../../../src/config/runtime-group-policy.js"; -import type { SessionScope } from "../../../../src/config/sessions.js"; -import { normalizeResolvedSecretInputString } from "../../../../src/config/types.secrets.js"; -import { createConnectedChannelStatusPatch } from "../../../../src/gateway/channel-status-patches.js"; -import { warn } from "../../../../src/globals.js"; -import { computeBackoff, sleepWithAbort } from "../../../../src/infra/backoff.js"; -import { installRequestBodyLimitGuard } from "../../../../src/infra/http-body.js"; -import { normalizeMainKey } from "../../../../src/routing/session-key.js"; -import { createNonExitingRuntime, type RuntimeEnv } from "../../../../src/runtime.js"; -import { normalizeStringEntries } from "../../../../src/shared/string-normalization.js"; +} from "openclaw/plugin-sdk/config-runtime"; +import type { SessionScope } from "openclaw/plugin-sdk/config-runtime"; +import { normalizeResolvedSecretInputString } from "openclaw/plugin-sdk/config-runtime"; +import { createConnectedChannelStatusPatch } from "openclaw/plugin-sdk/gateway-runtime"; +import { computeBackoff, sleepWithAbort } from "openclaw/plugin-sdk/infra-runtime"; +import { installRequestBodyLimitGuard } from "openclaw/plugin-sdk/infra-runtime"; +import { resolveTextChunkLimit } from "openclaw/plugin-sdk/reply-runtime"; +import { DEFAULT_GROUP_HISTORY_LIMIT } from "openclaw/plugin-sdk/reply-runtime"; +import { normalizeMainKey } from "openclaw/plugin-sdk/routing"; +import { warn } from "openclaw/plugin-sdk/runtime-env"; +import { createNonExitingRuntime, type RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; +import { normalizeStringEntries } from "openclaw/plugin-sdk/text-runtime"; import { resolveSlackAccount } from "../accounts.js"; import { resolveSlackWebClientOptions } from "../client.js"; import { normalizeSlackWebhookPath, registerSlackHttpHandler } from "../http/index.js"; diff --git a/extensions/slack/src/monitor/replies.ts b/extensions/slack/src/monitor/replies.ts index 885e71b7818..a8ef26510f0 100644 --- a/extensions/slack/src/monitor/replies.ts +++ b/extensions/slack/src/monitor/replies.ts @@ -1,10 +1,10 @@ -import type { ChunkMode } from "../../../../src/auto-reply/chunk.js"; -import { chunkMarkdownTextWithMode } from "../../../../src/auto-reply/chunk.js"; -import { createReplyReferencePlanner } from "../../../../src/auto-reply/reply/reply-reference.js"; -import { isSilentReplyText, SILENT_REPLY_TOKEN } from "../../../../src/auto-reply/tokens.js"; -import type { ReplyPayload } from "../../../../src/auto-reply/types.js"; -import type { MarkdownTableMode } from "../../../../src/config/types.base.js"; -import type { RuntimeEnv } from "../../../../src/runtime.js"; +import type { MarkdownTableMode } from "openclaw/plugin-sdk/config-runtime"; +import type { ChunkMode } from "openclaw/plugin-sdk/reply-runtime"; +import { chunkMarkdownTextWithMode } from "openclaw/plugin-sdk/reply-runtime"; +import { createReplyReferencePlanner } from "openclaw/plugin-sdk/reply-runtime"; +import { isSilentReplyText, SILENT_REPLY_TOKEN } from "openclaw/plugin-sdk/reply-runtime"; +import type { ReplyPayload } from "openclaw/plugin-sdk/reply-runtime"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; import { parseSlackBlocksInput } from "../blocks-input.js"; import { markdownToSlackMrkdwnChunks } from "../format.js"; import { sendMessageSlack, type SlackSendIdentity } from "../send.js"; diff --git a/extensions/slack/src/monitor/room-context.ts b/extensions/slack/src/monitor/room-context.ts index 3cdf584566a..955f9f3c855 100644 --- a/extensions/slack/src/monitor/room-context.ts +++ b/extensions/slack/src/monitor/room-context.ts @@ -1,4 +1,4 @@ -import { buildUntrustedChannelMetadata } from "../../../../src/security/channel-metadata.js"; +import { buildUntrustedChannelMetadata } from "openclaw/plugin-sdk/security-runtime"; export function resolveSlackRoomContextHints(params: { isRoomish: boolean; diff --git a/extensions/slack/src/monitor/slash-commands.runtime.ts b/extensions/slack/src/monitor/slash-commands.runtime.ts index a87490f43bc..aaae82a0602 100644 --- a/extensions/slack/src/monitor/slash-commands.runtime.ts +++ b/extensions/slack/src/monitor/slash-commands.runtime.ts @@ -1,7 +1,47 @@ -export { - buildCommandTextFromArgs, - findCommandByNativeName, - listNativeCommandSpecsForConfig, - parseCommandArgs, - resolveCommandArgMenu, -} from "../../../../src/auto-reply/commands-registry.js"; +import { + buildCommandTextFromArgs as buildCommandTextFromArgsImpl, + findCommandByNativeName as findCommandByNativeNameImpl, + listNativeCommandSpecsForConfig as listNativeCommandSpecsForConfigImpl, + parseCommandArgs as parseCommandArgsImpl, + resolveCommandArgMenu as resolveCommandArgMenuImpl, +} from "openclaw/plugin-sdk/reply-runtime"; + +type BuildCommandTextFromArgs = + typeof import("openclaw/plugin-sdk/reply-runtime").buildCommandTextFromArgs; +type FindCommandByNativeName = + typeof import("openclaw/plugin-sdk/reply-runtime").findCommandByNativeName; +type ListNativeCommandSpecsForConfig = + typeof import("openclaw/plugin-sdk/reply-runtime").listNativeCommandSpecsForConfig; +type ParseCommandArgs = typeof import("openclaw/plugin-sdk/reply-runtime").parseCommandArgs; +type ResolveCommandArgMenu = + typeof import("openclaw/plugin-sdk/reply-runtime").resolveCommandArgMenu; + +export function buildCommandTextFromArgs( + ...args: Parameters +): ReturnType { + return buildCommandTextFromArgsImpl(...args); +} + +export function findCommandByNativeName( + ...args: Parameters +): ReturnType { + return findCommandByNativeNameImpl(...args); +} + +export function listNativeCommandSpecsForConfig( + ...args: Parameters +): ReturnType { + return listNativeCommandSpecsForConfigImpl(...args); +} + +export function parseCommandArgs( + ...args: Parameters +): ReturnType { + return parseCommandArgsImpl(...args); +} + +export function resolveCommandArgMenu( + ...args: Parameters +): ReturnType { + return resolveCommandArgMenuImpl(...args); +} diff --git a/extensions/slack/src/monitor/slash-dispatch.runtime.ts b/extensions/slack/src/monitor/slash-dispatch.runtime.ts index 01e47782467..3c94004c7b1 100644 --- a/extensions/slack/src/monitor/slash-dispatch.runtime.ts +++ b/extensions/slack/src/monitor/slash-dispatch.runtime.ts @@ -1,9 +1,83 @@ -export { resolveChunkMode } from "../../../../src/auto-reply/chunk.js"; -export { finalizeInboundContext } from "../../../../src/auto-reply/reply/inbound-context.js"; -export { dispatchReplyWithDispatcher } from "../../../../src/auto-reply/reply/provider-dispatcher.js"; -export { resolveConversationLabel } from "../../../../src/channels/conversation-label.js"; -export { createReplyPrefixOptions } from "../../../../src/channels/reply-prefix.js"; -export { recordInboundSessionMetaSafe } from "../../../../src/channels/session-meta.js"; -export { resolveMarkdownTableMode } from "../../../../src/config/markdown-tables.js"; -export { resolveAgentRoute } from "../../../../src/routing/resolve-route.js"; -export { deliverSlackSlashReplies } from "./replies.js"; +import { + createReplyPrefixOptions as createReplyPrefixOptionsImpl, + recordInboundSessionMetaSafe as recordInboundSessionMetaSafeImpl, + resolveConversationLabel as resolveConversationLabelImpl, +} from "openclaw/plugin-sdk/channel-runtime"; +import { resolveMarkdownTableMode as resolveMarkdownTableModeImpl } from "openclaw/plugin-sdk/config-runtime"; +import { + dispatchReplyWithDispatcher as dispatchReplyWithDispatcherImpl, + finalizeInboundContext as finalizeInboundContextImpl, + resolveChunkMode as resolveChunkModeImpl, +} from "openclaw/plugin-sdk/reply-runtime"; +import { resolveAgentRoute as resolveAgentRouteImpl } from "openclaw/plugin-sdk/routing"; +import { deliverSlackSlashReplies as deliverSlackSlashRepliesImpl } from "./replies.js"; + +type ResolveChunkMode = typeof import("openclaw/plugin-sdk/reply-runtime").resolveChunkMode; +type FinalizeInboundContext = + typeof import("openclaw/plugin-sdk/reply-runtime").finalizeInboundContext; +type DispatchReplyWithDispatcher = + typeof import("openclaw/plugin-sdk/reply-runtime").dispatchReplyWithDispatcher; +type ResolveConversationLabel = + typeof import("openclaw/plugin-sdk/channel-runtime").resolveConversationLabel; +type CreateReplyPrefixOptions = + typeof import("openclaw/plugin-sdk/channel-runtime").createReplyPrefixOptions; +type RecordInboundSessionMetaSafe = + typeof import("openclaw/plugin-sdk/channel-runtime").recordInboundSessionMetaSafe; +type ResolveMarkdownTableMode = + typeof import("openclaw/plugin-sdk/config-runtime").resolveMarkdownTableMode; +type ResolveAgentRoute = typeof import("openclaw/plugin-sdk/routing").resolveAgentRoute; +type DeliverSlackSlashReplies = typeof import("./replies.js").deliverSlackSlashReplies; + +export function resolveChunkMode( + ...args: Parameters +): ReturnType { + return resolveChunkModeImpl(...args); +} + +export function finalizeInboundContext( + ...args: Parameters +): ReturnType { + return finalizeInboundContextImpl(...args); +} + +export function dispatchReplyWithDispatcher( + ...args: Parameters +): ReturnType { + return dispatchReplyWithDispatcherImpl(...args); +} + +export function resolveConversationLabel( + ...args: Parameters +): ReturnType { + return resolveConversationLabelImpl(...args); +} + +export function createReplyPrefixOptions( + ...args: Parameters +): ReturnType { + return createReplyPrefixOptionsImpl(...args); +} + +export function recordInboundSessionMetaSafe( + ...args: Parameters +): ReturnType { + return recordInboundSessionMetaSafeImpl(...args); +} + +export function resolveMarkdownTableMode( + ...args: Parameters +): ReturnType { + return resolveMarkdownTableModeImpl(...args); +} + +export function resolveAgentRoute( + ...args: Parameters +): ReturnType { + return resolveAgentRouteImpl(...args); +} + +export function deliverSlackSlashReplies( + ...args: Parameters +): ReturnType { + return deliverSlackSlashRepliesImpl(...args); +} diff --git a/extensions/slack/src/monitor/slash-skill-commands.runtime.ts b/extensions/slack/src/monitor/slash-skill-commands.runtime.ts index 20da07b3ec5..ec25e104fec 100644 --- a/extensions/slack/src/monitor/slash-skill-commands.runtime.ts +++ b/extensions/slack/src/monitor/slash-skill-commands.runtime.ts @@ -1 +1,10 @@ -export { listSkillCommandsForAgents } from "../../../../src/auto-reply/skill-commands.js"; +import { listSkillCommandsForAgents as listSkillCommandsForAgentsImpl } from "openclaw/plugin-sdk/reply-runtime"; + +type ListSkillCommandsForAgents = + typeof import("openclaw/plugin-sdk/reply-runtime").listSkillCommandsForAgents; + +export function listSkillCommandsForAgents( + ...args: Parameters +): ReturnType { + return listSkillCommandsForAgentsImpl(...args); +} diff --git a/extensions/slack/src/monitor/slash.test-harness.ts b/extensions/slack/src/monitor/slash.test-harness.ts index 4b6f5a4ea27..3172154739e 100644 --- a/extensions/slack/src/monitor/slash.test-harness.ts +++ b/extensions/slack/src/monitor/slash.test-harness.ts @@ -12,32 +12,32 @@ const mocks = vi.hoisted(() => ({ resolveStorePathMock: vi.fn(), })); -vi.mock("../../../../src/auto-reply/reply/provider-dispatcher.js", () => ({ +vi.mock("openclaw/plugin-sdk/reply-runtime", () => ({ dispatchReplyWithDispatcher: (...args: unknown[]) => mocks.dispatchMock(...args), })); -vi.mock("../../../../src/pairing/pairing-store.js", () => ({ +vi.mock("openclaw/plugin-sdk/conversation-runtime", () => ({ readChannelAllowFromStore: (...args: unknown[]) => mocks.readAllowFromStoreMock(...args), upsertChannelPairingRequest: (...args: unknown[]) => mocks.upsertPairingRequestMock(...args), })); -vi.mock("../../../../src/routing/resolve-route.js", () => ({ +vi.mock("openclaw/plugin-sdk/routing", () => ({ resolveAgentRoute: (...args: unknown[]) => mocks.resolveAgentRouteMock(...args), })); -vi.mock("../../../../src/auto-reply/reply/inbound-context.js", () => ({ +vi.mock("openclaw/plugin-sdk/reply-runtime", () => ({ finalizeInboundContext: (...args: unknown[]) => mocks.finalizeInboundContextMock(...args), })); -vi.mock("../../../../src/channels/conversation-label.js", () => ({ +vi.mock("openclaw/plugin-sdk/channel-runtime", () => ({ resolveConversationLabel: (...args: unknown[]) => mocks.resolveConversationLabelMock(...args), })); -vi.mock("../../../../src/channels/reply-prefix.js", () => ({ +vi.mock("openclaw/plugin-sdk/channel-runtime", () => ({ createReplyPrefixOptions: (...args: unknown[]) => mocks.createReplyPrefixOptionsMock(...args), })); -vi.mock("../../../../src/config/sessions.js", () => ({ +vi.mock("openclaw/plugin-sdk/config-runtime", () => ({ recordSessionMetaFromInbound: (...args: unknown[]) => mocks.recordSessionMetaFromInboundMock(...args), resolveStorePath: (...args: unknown[]) => mocks.resolveStorePathMock(...args), diff --git a/extensions/slack/src/monitor/slash.ts b/extensions/slack/src/monitor/slash.ts index adf173a0961..a1c0bfa13a4 100644 --- a/extensions/slack/src/monitor/slash.ts +++ b/extensions/slack/src/monitor/slash.ts @@ -1,17 +1,14 @@ import type { SlackActionMiddlewareArgs, SlackCommandMiddlewareArgs } from "@slack/bolt"; -import { - type ChatCommandDefinition, - type CommandArgs, -} from "../../../../src/auto-reply/commands-registry.js"; -import type { ReplyPayload } from "../../../../src/auto-reply/types.js"; -import { resolveCommandAuthorizedFromAuthorizers } from "../../../../src/channels/command-gating.js"; -import { resolveNativeCommandSessionTargets } from "../../../../src/channels/native-command-session-targets.js"; +import { resolveCommandAuthorizedFromAuthorizers } from "openclaw/plugin-sdk/channel-runtime"; +import { resolveNativeCommandSessionTargets } from "openclaw/plugin-sdk/channel-runtime"; import { resolveNativeCommandsEnabled, resolveNativeSkillsEnabled, -} from "../../../../src/config/commands.js"; -import { danger, logVerbose } from "../../../../src/globals.js"; -import { chunkItems } from "../../../../src/utils/chunk-items.js"; +} from "openclaw/plugin-sdk/config-runtime"; +import { type ChatCommandDefinition, type CommandArgs } from "openclaw/plugin-sdk/reply-runtime"; +import type { ReplyPayload } from "openclaw/plugin-sdk/reply-runtime"; +import { danger, logVerbose } from "openclaw/plugin-sdk/runtime-env"; +import { chunkItems } from "openclaw/plugin-sdk/text-runtime"; import type { ResolvedSlackAccount } from "../accounts.js"; import { truncateSlackText } from "../truncate.js"; import { resolveSlackAllowListMatch, resolveSlackUserAllowed } from "./allow-list.js"; diff --git a/extensions/slack/src/monitor/thread-resolution.ts b/extensions/slack/src/monitor/thread-resolution.ts index 4230d5fc50f..11d54cd1ea6 100644 --- a/extensions/slack/src/monitor/thread-resolution.ts +++ b/extensions/slack/src/monitor/thread-resolution.ts @@ -1,6 +1,6 @@ import type { WebClient as SlackWebClient } from "@slack/web-api"; -import { logVerbose, shouldLogVerbose } from "../../../../src/globals.js"; -import { pruneMapToMaxSize } from "../../../../src/infra/map-size.js"; +import { pruneMapToMaxSize } from "openclaw/plugin-sdk/infra-runtime"; +import { logVerbose, shouldLogVerbose } from "openclaw/plugin-sdk/runtime-env"; import type { SlackMessageEvent } from "../types.js"; type ThreadTsCacheEntry = { diff --git a/extensions/slack/src/monitor/types.ts b/extensions/slack/src/monitor/types.ts index 1239ab771f5..5543697dcfa 100644 --- a/extensions/slack/src/monitor/types.ts +++ b/extensions/slack/src/monitor/types.ts @@ -1,5 +1,5 @@ -import type { OpenClawConfig, SlackSlashCommandConfig } from "../../../../src/config/config.js"; -import type { RuntimeEnv } from "../../../../src/runtime.js"; +import type { OpenClawConfig, SlackSlashCommandConfig } from "openclaw/plugin-sdk/config-runtime"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; import type { SlackFile, SlackMessageEvent } from "../types.js"; export type MonitorSlackOpts = { diff --git a/extensions/slack/src/outbound-adapter.ts b/extensions/slack/src/outbound-adapter.ts index 1c851c8f69e..56a5c995e40 100644 --- a/extensions/slack/src/outbound-adapter.ts +++ b/extensions/slack/src/outbound-adapter.ts @@ -2,15 +2,15 @@ import { resolvePayloadMediaUrls, sendPayloadMediaSequence, sendTextMediaPayload, -} from "../../../src/channels/plugins/outbound/direct-text-media.js"; -import type { ChannelOutboundAdapter } from "../../../src/channels/plugins/types.js"; -import type { OutboundIdentity } from "../../../src/infra/outbound/identity.js"; -import { resolveOutboundSendDep } from "../../../src/infra/outbound/send-deps.js"; +} from "openclaw/plugin-sdk/channel-runtime"; +import type { ChannelOutboundAdapter } from "openclaw/plugin-sdk/channel-runtime"; +import { resolveOutboundSendDep } from "openclaw/plugin-sdk/channel-runtime"; import { resolveInteractiveTextFallback, type InteractiveReply, -} from "../../../src/interactive/payload.js"; -import { getGlobalHookRunner } from "../../../src/plugins/hook-runner-global.js"; +} from "openclaw/plugin-sdk/channel-runtime"; +import type { OutboundIdentity } from "openclaw/plugin-sdk/infra-runtime"; +import { getGlobalHookRunner } from "openclaw/plugin-sdk/plugin-runtime"; import { parseSlackBlocksInput } from "./blocks-input.js"; import { buildSlackInteractiveBlocks, type SlackBlock } from "./blocks-render.js"; import { sendMessageSlack, type SlackSendIdentity } from "./send.js"; diff --git a/extensions/slack/src/plugin-shared.ts b/extensions/slack/src/plugin-shared.ts new file mode 100644 index 00000000000..eefcc2c6215 --- /dev/null +++ b/extensions/slack/src/plugin-shared.ts @@ -0,0 +1 @@ +export { slackSetupWizard } from "./setup-surface.js"; diff --git a/extensions/slack/src/probe.ts b/extensions/slack/src/probe.ts index dba8744a18c..c370b11be9b 100644 --- a/extensions/slack/src/probe.ts +++ b/extensions/slack/src/probe.ts @@ -1,5 +1,5 @@ -import type { BaseProbeResult } from "../../../src/channels/plugins/types.js"; -import { withTimeout } from "../../../src/utils/with-timeout.js"; +import type { BaseProbeResult } from "openclaw/plugin-sdk/channel-runtime"; +import { withTimeout } from "openclaw/plugin-sdk/text-runtime"; import { createSlackWebClient } from "./client.js"; export type SlackProbe = BaseProbeResult & { diff --git a/extensions/slack/src/runtime.ts b/extensions/slack/src/runtime.ts index 313f472eec4..2121ee9f902 100644 --- a/extensions/slack/src/runtime.ts +++ b/extensions/slack/src/runtime.ts @@ -1,5 +1,5 @@ -import { createPluginRuntimeStore } from "openclaw/plugin-sdk/compat"; import type { PluginRuntime } from "openclaw/plugin-sdk/core"; +import { createPluginRuntimeStore } from "openclaw/plugin-sdk/runtime-store"; const { setRuntime: setSlackRuntime, getRuntime: getSlackRuntime } = createPluginRuntimeStore("Slack runtime not initialized"); diff --git a/extensions/slack/src/scopes.ts b/extensions/slack/src/scopes.ts index e0fe58161f3..fc7e14d741b 100644 --- a/extensions/slack/src/scopes.ts +++ b/extensions/slack/src/scopes.ts @@ -1,5 +1,5 @@ import type { WebClient } from "@slack/web-api"; -import { isRecord } from "../../../src/utils.js"; +import { isRecord } from "openclaw/plugin-sdk/text-runtime"; import { createSlackWebClient } from "./client.js"; export type SlackScopesResult = { diff --git a/extensions/slack/src/send.ts b/extensions/slack/src/send.ts index 293affe0218..65f6203a57e 100644 --- a/extensions/slack/src/send.ts +++ b/extensions/slack/src/send.ts @@ -1,18 +1,18 @@ import { type Block, type KnownBlock, type WebClient } from "@slack/web-api"; +import { loadConfig, type OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { resolveMarkdownTableMode } from "openclaw/plugin-sdk/config-runtime"; +import { + fetchWithSsrFGuard, + withTrustedEnvProxyGuardedFetchMode, +} from "openclaw/plugin-sdk/infra-runtime"; import { chunkMarkdownTextWithMode, resolveChunkMode, resolveTextChunkLimit, -} from "../../../src/auto-reply/chunk.js"; -import { isSilentReplyText } from "../../../src/auto-reply/tokens.js"; -import { loadConfig, type OpenClawConfig } from "../../../src/config/config.js"; -import { resolveMarkdownTableMode } from "../../../src/config/markdown-tables.js"; -import { logVerbose } from "../../../src/globals.js"; -import { - fetchWithSsrFGuard, - withTrustedEnvProxyGuardedFetchMode, -} from "../../../src/infra/net/fetch-guard.js"; -import { loadWebMedia } from "../../whatsapp/src/media.js"; +} from "openclaw/plugin-sdk/reply-runtime"; +import { isSilentReplyText } from "openclaw/plugin-sdk/reply-runtime"; +import { logVerbose } from "openclaw/plugin-sdk/runtime-env"; +import { loadWebMedia } from "openclaw/plugin-sdk/web-media"; import type { SlackTokenSource } from "./accounts.js"; import { resolveSlackAccount } from "./accounts.js"; import { buildSlackBlocksFallbackText } from "./blocks-fallback.js"; diff --git a/extensions/slack/src/sent-thread-cache.ts b/extensions/slack/src/sent-thread-cache.ts index 37cf8155472..f155571a1b4 100644 --- a/extensions/slack/src/sent-thread-cache.ts +++ b/extensions/slack/src/sent-thread-cache.ts @@ -1,4 +1,4 @@ -import { resolveGlobalMap } from "../../../src/shared/global-singleton.js"; +import { resolveGlobalMap } from "openclaw/plugin-sdk/text-runtime"; /** * In-memory cache of Slack threads the bot has participated in. diff --git a/extensions/slack/src/setup-core.ts b/extensions/slack/src/setup-core.ts index 6b32f206d2e..5a8fe1feab4 100644 --- a/extensions/slack/src/setup-core.ts +++ b/extensions/slack/src/setup-core.ts @@ -1,8 +1,9 @@ import { - applyAccountNameToChannelSection, - migrateBaseNameToDefaultAccount, -} from "../../../src/channels/plugins/setup-helpers.js"; -import { + createAllowlistSetupWizardProxy, + DEFAULT_ACCOUNT_ID, + createEnvPatchedAccountSetupAdapter, + hasConfiguredSecretInput, + type OpenClawConfig, noteChannelLookupFailure, noteChannelLookupSummary, parseMentionOrPrefixedId, @@ -10,105 +11,22 @@ import { setAccountGroupPolicyForChannel, setLegacyChannelDmPolicyWithAllowFrom, setSetupChannelEnabled, -} from "../../../src/channels/plugins/setup-wizard-helpers.js"; -import type { ChannelSetupDmPolicy } from "../../../src/channels/plugins/setup-wizard-types.js"; -import type { - ChannelSetupWizard, - ChannelSetupWizardAllowFromEntry, -} from "../../../src/channels/plugins/setup-wizard.js"; -import type { ChannelSetupAdapter } from "../../../src/channels/plugins/types.adapters.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { hasConfiguredSecretInput } from "../../../src/config/types.secrets.js"; -import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js"; -import { formatDocsLink } from "../../../src/terminal/links.js"; +} from "openclaw/plugin-sdk/setup"; +import { + type ChannelSetupAdapter, + type ChannelSetupDmPolicy, + type ChannelSetupWizard, + type ChannelSetupWizardAllowFromEntry, +} from "openclaw/plugin-sdk/setup"; +import { formatDocsLink } from "openclaw/plugin-sdk/setup-tools"; import { inspectSlackAccount } from "./account-inspect.js"; import { listSlackAccountIds, resolveSlackAccount, type ResolvedSlackAccount } from "./accounts.js"; - -const channel = "slack" as const; - -function buildSlackManifest(botName: string) { - const safeName = botName.trim() || "OpenClaw"; - const manifest = { - display_information: { - name: safeName, - description: `${safeName} connector for OpenClaw`, - }, - features: { - bot_user: { - display_name: safeName, - always_online: false, - }, - app_home: { - messages_tab_enabled: true, - messages_tab_read_only_enabled: false, - }, - slash_commands: [ - { - command: "/openclaw", - description: "Send a message to OpenClaw", - should_escape: false, - }, - ], - }, - oauth_config: { - scopes: { - bot: [ - "chat:write", - "channels:history", - "channels:read", - "groups:history", - "im:history", - "mpim:history", - "users:read", - "app_mentions:read", - "reactions:read", - "reactions:write", - "pins:read", - "pins:write", - "emoji:read", - "commands", - "files:read", - "files:write", - ], - }, - }, - settings: { - socket_mode_enabled: true, - event_subscriptions: { - bot_events: [ - "app_mention", - "message.channels", - "message.groups", - "message.im", - "message.mpim", - "reaction_added", - "reaction_removed", - "member_joined_channel", - "member_left_channel", - "channel_rename", - "pin_added", - "pin_removed", - ], - }, - }, - }; - return JSON.stringify(manifest, null, 2); -} - -function buildSlackSetupLines(botName = "OpenClaw"): string[] { - return [ - "1) Slack API -> Create App -> From scratch or From manifest (with the JSON below)", - "2) Add Socket Mode + enable it to get the app-level token (xapp-...)", - "3) Install App to workspace to get the xoxb- bot token", - "4) Enable Event Subscriptions (socket) for message events", - "5) App Home -> enable the Messages tab for DMs", - "Tip: set SLACK_BOT_TOKEN + SLACK_APP_TOKEN in your env.", - `Docs: ${formatDocsLink("/slack", "slack")}`, - "", - "Manifest (JSON):", - buildSlackManifest(botName), - ]; -} +import { + buildSlackSetupLines, + isSlackSetupAccountConfigured, + setSlackChannelAllowlist, + SLACK_CHANNEL as channel, +} from "./shared.js"; function enableSlackAccount(cfg: OpenClawConfig, accountId: string): OpenClawConfig { return patchChannelConfigForAccount({ @@ -119,103 +37,81 @@ function enableSlackAccount(cfg: OpenClawConfig, accountId: string): OpenClawCon }); } -function setSlackChannelAllowlist( - cfg: OpenClawConfig, - accountId: string, - channelKeys: string[], -): OpenClawConfig { - const channels = Object.fromEntries(channelKeys.map((key) => [key, { allow: true }])); - return patchChannelConfigForAccount({ - cfg, - channel, - accountId, - patch: { channels }, - }); -} - -function isSlackAccountConfigured(account: ResolvedSlackAccount): boolean { - const hasConfiguredBotToken = - Boolean(account.botToken?.trim()) || hasConfiguredSecretInput(account.config.botToken); - const hasConfiguredAppToken = - Boolean(account.appToken?.trim()) || hasConfiguredSecretInput(account.config.appToken); - return hasConfiguredBotToken && hasConfiguredAppToken; -} - -export const slackSetupAdapter: ChannelSetupAdapter = { - resolveAccountId: ({ accountId }) => normalizeAccountId(accountId), - applyAccountName: ({ cfg, accountId, name }) => - applyAccountNameToChannelSection({ - cfg, - channelKey: channel, - accountId, - name, - }), - validateInput: ({ accountId, input }) => { - if (input.useEnv && accountId !== DEFAULT_ACCOUNT_ID) { - return "Slack env tokens can only be used for the default account."; - } - if (!input.useEnv && (!input.botToken || !input.appToken)) { - return "Slack requires --bot-token and --app-token (or --use-env)."; - } - return null; - }, - applyAccountConfig: ({ cfg, accountId, input }) => { - const namedConfig = applyAccountNameToChannelSection({ - cfg, - channelKey: channel, - accountId, - name: input.name, - }); - const next = - accountId !== DEFAULT_ACCOUNT_ID - ? migrateBaseNameToDefaultAccount({ - cfg: namedConfig, - channelKey: channel, - }) - : namedConfig; - if (accountId === DEFAULT_ACCOUNT_ID) { +function createSlackTokenCredential(params: { + inputKey: "botToken" | "appToken"; + providerHint: "slack-bot" | "slack-app"; + credentialLabel: string; + preferredEnvVar: "SLACK_BOT_TOKEN" | "SLACK_APP_TOKEN"; + keepPrompt: string; + inputPrompt: string; +}) { + return { + inputKey: params.inputKey, + providerHint: params.providerHint, + credentialLabel: params.credentialLabel, + preferredEnvVar: params.preferredEnvVar, + envPrompt: `${params.preferredEnvVar} detected. Use env var?`, + keepPrompt: params.keepPrompt, + inputPrompt: params.inputPrompt, + allowEnv: ({ accountId }: { accountId: string }) => accountId === DEFAULT_ACCOUNT_ID, + inspect: ({ cfg, accountId }: { cfg: OpenClawConfig; accountId: string }) => { + const resolved = resolveSlackAccount({ cfg, accountId }); + const configuredValue = + params.inputKey === "botToken" ? resolved.config.botToken : resolved.config.appToken; + const resolvedValue = params.inputKey === "botToken" ? resolved.botToken : resolved.appToken; return { - ...next, - channels: { - ...next.channels, - slack: { - ...next.channels?.slack, - enabled: true, - ...(input.useEnv - ? {} - : { - ...(input.botToken ? { botToken: input.botToken } : {}), - ...(input.appToken ? { appToken: input.appToken } : {}), - }), - }, - }, + accountConfigured: Boolean(resolvedValue) || hasConfiguredSecretInput(configuredValue), + hasConfiguredValue: hasConfiguredSecretInput(configuredValue), + resolvedValue: resolvedValue?.trim() || undefined, + envValue: + accountId === DEFAULT_ACCOUNT_ID + ? process.env[params.preferredEnvVar]?.trim() + : undefined, }; - } - return { - ...next, - channels: { - ...next.channels, - slack: { - ...next.channels?.slack, + }, + applyUseEnv: ({ cfg, accountId }: { cfg: OpenClawConfig; accountId: string }) => + enableSlackAccount(cfg, accountId), + applySet: ({ + cfg, + accountId, + value, + }: { + cfg: OpenClawConfig; + accountId: string; + value: unknown; + }) => + patchChannelConfigForAccount({ + cfg, + channel, + accountId, + patch: { enabled: true, - accounts: { - ...next.channels?.slack?.accounts, - [accountId]: { - ...next.channels?.slack?.accounts?.[accountId], - enabled: true, - ...(input.botToken ? { botToken: input.botToken } : {}), - ...(input.appToken ? { appToken: input.appToken } : {}), - }, - }, + [params.inputKey]: value, }, - }, - }; - }, -}; + }), + }; +} -export function createSlackSetupWizardProxy( - loadWizard: () => Promise<{ slackSetupWizard: ChannelSetupWizard }>, -) { +export const slackSetupAdapter: ChannelSetupAdapter = createEnvPatchedAccountSetupAdapter({ + channelKey: channel, + defaultAccountOnlyEnvError: "Slack env tokens can only be used for the default account.", + missingCredentialError: "Slack requires --bot-token and --app-token (or --use-env).", + hasCredentials: (input) => Boolean(input.botToken && input.appToken), + buildPatch: (input) => ({ + ...(input.botToken ? { botToken: input.botToken } : {}), + ...(input.appToken ? { appToken: input.appToken } : {}), + }), +}); + +export function createSlackSetupWizardBase(handlers: { + promptAllowFrom: NonNullable; + resolveAllowFromEntries: NonNullable< + NonNullable["resolveEntries"] + >; + resolveGroupAllowlist: NonNullable< + NonNullable["resolveAllowlist"]> + >; +}) { const slackDmPolicy: ChannelSetupDmPolicy = { label: "Slack", channel, @@ -229,13 +125,7 @@ export function createSlackSetupWizardProxy( channel, dmPolicy: policy, }), - promptAllowFrom: async ({ cfg, prompter, accountId }) => { - const wizard = (await loadWizard()).slackSetupWizard; - if (!wizard.dmPolicy?.promptAllowFrom) { - return cfg; - } - return await wizard.dmPolicy.promptAllowFrom({ cfg, prompter, accountId }); - }, + promptAllowFrom: handlers.promptAllowFrom, }; return { @@ -257,7 +147,7 @@ export function createSlackSetupWizardProxy( title: "Slack socket mode tokens", lines: buildSlackSetupLines(), shouldShow: ({ cfg, accountId }) => - !isSlackAccountConfigured(resolveSlackAccount({ cfg, accountId })), + !isSlackSetupAccountConfigured(resolveSlackAccount({ cfg, accountId })), }, envShortcut: { prompt: "SLACK_BOT_TOKEN + SLACK_APP_TOKEN detected. Use env vars?", @@ -266,92 +156,26 @@ export function createSlackSetupWizardProxy( accountId === DEFAULT_ACCOUNT_ID && Boolean(process.env.SLACK_BOT_TOKEN?.trim()) && Boolean(process.env.SLACK_APP_TOKEN?.trim()) && - !isSlackAccountConfigured(resolveSlackAccount({ cfg, accountId })), + !isSlackSetupAccountConfigured(resolveSlackAccount({ cfg, accountId })), apply: ({ cfg, accountId }) => enableSlackAccount(cfg, accountId), }, credentials: [ - { + createSlackTokenCredential({ inputKey: "botToken", providerHint: "slack-bot", credentialLabel: "Slack bot token", preferredEnvVar: "SLACK_BOT_TOKEN", - envPrompt: "SLACK_BOT_TOKEN detected. Use env var?", keepPrompt: "Slack bot token already configured. Keep it?", inputPrompt: "Enter Slack bot token (xoxb-...)", - allowEnv: ({ accountId }: { accountId: string }) => accountId === DEFAULT_ACCOUNT_ID, - inspect: ({ cfg, accountId }: { cfg: OpenClawConfig; accountId: string }) => { - const resolved = resolveSlackAccount({ cfg, accountId }); - return { - accountConfigured: - Boolean(resolved.botToken) || hasConfiguredSecretInput(resolved.config.botToken), - hasConfiguredValue: hasConfiguredSecretInput(resolved.config.botToken), - resolvedValue: resolved.botToken?.trim() || undefined, - envValue: - accountId === DEFAULT_ACCOUNT_ID ? process.env.SLACK_BOT_TOKEN?.trim() : undefined, - }; - }, - applyUseEnv: ({ cfg, accountId }: { cfg: OpenClawConfig; accountId: string }) => - enableSlackAccount(cfg, accountId), - applySet: ({ - cfg, - accountId, - value, - }: { - cfg: OpenClawConfig; - accountId: string; - value: unknown; - }) => - patchChannelConfigForAccount({ - cfg, - channel, - accountId, - patch: { - enabled: true, - botToken: value, - }, - }), - }, - { + }), + createSlackTokenCredential({ inputKey: "appToken", providerHint: "slack-app", credentialLabel: "Slack app token", preferredEnvVar: "SLACK_APP_TOKEN", - envPrompt: "SLACK_APP_TOKEN detected. Use env var?", keepPrompt: "Slack app token already configured. Keep it?", inputPrompt: "Enter Slack app token (xapp-...)", - allowEnv: ({ accountId }: { accountId: string }) => accountId === DEFAULT_ACCOUNT_ID, - inspect: ({ cfg, accountId }: { cfg: OpenClawConfig; accountId: string }) => { - const resolved = resolveSlackAccount({ cfg, accountId }); - return { - accountConfigured: - Boolean(resolved.appToken) || hasConfiguredSecretInput(resolved.config.appToken), - hasConfiguredValue: hasConfiguredSecretInput(resolved.config.appToken), - resolvedValue: resolved.appToken?.trim() || undefined, - envValue: - accountId === DEFAULT_ACCOUNT_ID ? process.env.SLACK_APP_TOKEN?.trim() : undefined, - }; - }, - applyUseEnv: ({ cfg, accountId }: { cfg: OpenClawConfig; accountId: string }) => - enableSlackAccount(cfg, accountId), - applySet: ({ - cfg, - accountId, - value, - }: { - cfg: OpenClawConfig; - accountId: string; - value: unknown; - }) => - patchChannelConfigForAccount({ - cfg, - channel, - accountId, - patch: { - enabled: true, - appToken: value, - }, - }), - }, + }), ], dmPolicy: slackDmPolicy, allowFrom: { @@ -386,18 +210,7 @@ export function createSlackSetupWizardProxy( accountId: string; credentialValues: { botToken?: string }; entries: string[]; - }) => { - const wizard = (await loadWizard()).slackSetupWizard; - if (!wizard.allowFrom) { - return entries.map((input) => ({ input, resolved: false, id: null })); - } - return await wizard.allowFrom.resolveEntries({ - cfg, - accountId, - credentialValues, - entries, - }); - }, + }) => await handlers.resolveAllowFromEntries({ cfg, accountId, credentialValues, entries }), apply: ({ cfg, accountId, @@ -454,11 +267,7 @@ export function createSlackSetupWizardProxy( prompter: { note: (message: string, title?: string) => Promise }; }) => { try { - const wizard = (await loadWizard()).slackSetupWizard; - if (!wizard.groupAccess?.resolveAllowlist) { - return entries; - } - return await wizard.groupAccess.resolveAllowlist({ + return await handlers.resolveGroupAllowlist({ cfg, accountId, credentialValues, @@ -493,3 +302,12 @@ export function createSlackSetupWizardProxy( disable: (cfg: OpenClawConfig) => setSetupChannelEnabled(cfg, channel, false), } satisfies ChannelSetupWizard; } +export function createSlackSetupWizardProxy( + loadWizard: () => Promise<{ slackSetupWizard: ChannelSetupWizard }>, +) { + return createAllowlistSetupWizardProxy({ + loadWizard: async () => (await loadWizard()).slackSetupWizard, + createBase: createSlackSetupWizardBase, + fallbackResolvedGroupAllowlist: (entries) => entries, + }); +} diff --git a/extensions/slack/src/setup-surface.ts b/extensions/slack/src/setup-surface.ts index 5769c4c6d77..6731ddff84b 100644 --- a/extensions/slack/src/setup-surface.ts +++ b/extensions/slack/src/setup-surface.ts @@ -1,143 +1,22 @@ import { noteChannelLookupFailure, noteChannelLookupSummary, + type OpenClawConfig, parseMentionOrPrefixedId, - patchChannelConfigForAccount, promptLegacyChannelAllowFrom, resolveSetupAccountId, - setAccountGroupPolicyForChannel, - setLegacyChannelDmPolicyWithAllowFrom, - setSetupChannelEnabled, -} from "../../../src/channels/plugins/setup-wizard-helpers.js"; -import type { ChannelSetupDmPolicy } from "../../../src/channels/plugins/setup-wizard-types.js"; + type WizardPrompter, +} from "openclaw/plugin-sdk/setup"; import type { ChannelSetupWizard, ChannelSetupWizardAllowFromEntry, -} from "../../../src/channels/plugins/setup-wizard.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { hasConfiguredSecretInput } from "../../../src/config/types.secrets.js"; -import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js"; -import { formatDocsLink } from "../../../src/terminal/links.js"; -import type { WizardPrompter } from "../../../src/wizard/prompts.js"; -import { inspectSlackAccount } from "./account-inspect.js"; -import { - listSlackAccountIds, - resolveDefaultSlackAccountId, - resolveSlackAccount, - type ResolvedSlackAccount, -} from "./accounts.js"; +} from "openclaw/plugin-sdk/setup"; +import { formatDocsLink } from "openclaw/plugin-sdk/setup-tools"; +import { resolveDefaultSlackAccountId, resolveSlackAccount } from "./accounts.js"; import { resolveSlackChannelAllowlist } from "./resolve-channels.js"; import { resolveSlackUserAllowlist } from "./resolve-users.js"; -import { slackSetupAdapter } from "./setup-core.js"; - -const channel = "slack" as const; - -function buildSlackManifest(botName: string) { - const safeName = botName.trim() || "OpenClaw"; - const manifest = { - display_information: { - name: safeName, - description: `${safeName} connector for OpenClaw`, - }, - features: { - bot_user: { - display_name: safeName, - always_online: false, - }, - app_home: { - messages_tab_enabled: true, - messages_tab_read_only_enabled: false, - }, - slash_commands: [ - { - command: "/openclaw", - description: "Send a message to OpenClaw", - should_escape: false, - }, - ], - }, - oauth_config: { - scopes: { - bot: [ - "chat:write", - "channels:history", - "channels:read", - "groups:history", - "im:history", - "mpim:history", - "users:read", - "app_mentions:read", - "reactions:read", - "reactions:write", - "pins:read", - "pins:write", - "emoji:read", - "commands", - "files:read", - "files:write", - ], - }, - }, - settings: { - socket_mode_enabled: true, - event_subscriptions: { - bot_events: [ - "app_mention", - "message.channels", - "message.groups", - "message.im", - "message.mpim", - "reaction_added", - "reaction_removed", - "member_joined_channel", - "member_left_channel", - "channel_rename", - "pin_added", - "pin_removed", - ], - }, - }, - }; - return JSON.stringify(manifest, null, 2); -} - -function buildSlackSetupLines(botName = "OpenClaw"): string[] { - return [ - "1) Slack API -> Create App -> From scratch or From manifest (with the JSON below)", - "2) Add Socket Mode + enable it to get the app-level token (xapp-...)", - "3) Install App to workspace to get the xoxb- bot token", - "4) Enable Event Subscriptions (socket) for message events", - "5) App Home -> enable the Messages tab for DMs", - "Tip: set SLACK_BOT_TOKEN + SLACK_APP_TOKEN in your env.", - `Docs: ${formatDocsLink("/slack", "slack")}`, - "", - "Manifest (JSON):", - buildSlackManifest(botName), - ]; -} - -function setSlackChannelAllowlist( - cfg: OpenClawConfig, - accountId: string, - channelKeys: string[], -): OpenClawConfig { - const channels = Object.fromEntries(channelKeys.map((key) => [key, { allow: true }])); - return patchChannelConfigForAccount({ - cfg, - channel, - accountId, - patch: { channels }, - }); -} - -function enableSlackAccount(cfg: OpenClawConfig, accountId: string): OpenClawConfig { - return patchChannelConfigForAccount({ - cfg, - channel, - accountId, - patch: { enabled: true }, - }); -} +import { createSlackSetupWizardBase } from "./setup-core.js"; +import { SLACK_CHANNEL as channel } from "./shared.js"; async function resolveSlackAllowFromEntries(params: { token?: string; @@ -210,219 +89,60 @@ async function promptSlackAllowFrom(params: { }); } -const slackDmPolicy: ChannelSetupDmPolicy = { - label: "Slack", - channel, - policyKey: "channels.slack.dmPolicy", - allowFromKey: "channels.slack.allowFrom", - getCurrent: (cfg) => - cfg.channels?.slack?.dmPolicy ?? cfg.channels?.slack?.dm?.policy ?? "pairing", - setPolicy: (cfg, policy) => - setLegacyChannelDmPolicyWithAllowFrom({ - cfg, - channel, - dmPolicy: policy, - }), - promptAllowFrom: promptSlackAllowFrom, -}; - -function isSlackAccountConfigured(account: ResolvedSlackAccount): boolean { - const hasConfiguredBotToken = - Boolean(account.botToken?.trim()) || hasConfiguredSecretInput(account.config.botToken); - const hasConfiguredAppToken = - Boolean(account.appToken?.trim()) || hasConfiguredSecretInput(account.config.appToken); - return hasConfiguredBotToken && hasConfiguredAppToken; +async function resolveSlackGroupAllowlist(params: { + cfg: OpenClawConfig; + accountId: string; + credentialValues: { botToken?: string }; + entries: string[]; + prompter: { note: (message: string, title?: string) => Promise }; +}) { + let keys = params.entries; + const accountWithTokens = resolveSlackAccount({ + cfg: params.cfg, + accountId: params.accountId, + }); + const activeBotToken = accountWithTokens.botToken || params.credentialValues.botToken || ""; + if (activeBotToken && params.entries.length > 0) { + try { + const resolved = await resolveSlackChannelAllowlist({ + token: activeBotToken, + entries: params.entries, + }); + const resolvedKeys = resolved + .filter((entry) => entry.resolved && entry.id) + .map((entry) => entry.id as string); + const unresolved = resolved.filter((entry) => !entry.resolved).map((entry) => entry.input); + keys = [...resolvedKeys, ...unresolved.map((entry) => entry.trim()).filter(Boolean)]; + await noteChannelLookupSummary({ + prompter: params.prompter, + label: "Slack channels", + resolvedSections: [{ title: "Resolved", values: resolvedKeys }], + unresolved, + }); + } catch (error) { + await noteChannelLookupFailure({ + prompter: params.prompter, + label: "Slack channels", + error, + }); + } + } + return keys; } -export const slackSetupWizard: ChannelSetupWizard = { - channel, - status: { - configuredLabel: "configured", - unconfiguredLabel: "needs tokens", - configuredHint: "configured", - unconfiguredHint: "needs tokens", - configuredScore: 2, - unconfiguredScore: 1, - resolveConfigured: ({ cfg }) => - listSlackAccountIds(cfg).some((accountId) => { - const account = inspectSlackAccount({ cfg, accountId }); - return account.configured; - }), - }, - introNote: { - title: "Slack socket mode tokens", - lines: buildSlackSetupLines(), - shouldShow: ({ cfg, accountId }) => - !isSlackAccountConfigured(resolveSlackAccount({ cfg, accountId })), - }, - envShortcut: { - prompt: "SLACK_BOT_TOKEN + SLACK_APP_TOKEN detected. Use env vars?", - preferredEnvVar: "SLACK_BOT_TOKEN", - isAvailable: ({ cfg, accountId }) => - accountId === DEFAULT_ACCOUNT_ID && - Boolean(process.env.SLACK_BOT_TOKEN?.trim()) && - Boolean(process.env.SLACK_APP_TOKEN?.trim()) && - !isSlackAccountConfigured(resolveSlackAccount({ cfg, accountId })), - apply: ({ cfg, accountId }) => enableSlackAccount(cfg, accountId), - }, - credentials: [ - { - inputKey: "botToken", - providerHint: "slack-bot", - credentialLabel: "Slack bot token", - preferredEnvVar: "SLACK_BOT_TOKEN", - envPrompt: "SLACK_BOT_TOKEN detected. Use env var?", - keepPrompt: "Slack bot token already configured. Keep it?", - inputPrompt: "Enter Slack bot token (xoxb-...)", - allowEnv: ({ accountId }) => accountId === DEFAULT_ACCOUNT_ID, - inspect: ({ cfg, accountId }) => { - const resolved = resolveSlackAccount({ cfg, accountId }); - return { - accountConfigured: - Boolean(resolved.botToken) || hasConfiguredSecretInput(resolved.config.botToken), - hasConfiguredValue: hasConfiguredSecretInput(resolved.config.botToken), - resolvedValue: resolved.botToken?.trim() || undefined, - envValue: - accountId === DEFAULT_ACCOUNT_ID ? process.env.SLACK_BOT_TOKEN?.trim() : undefined, - }; - }, - applyUseEnv: ({ cfg, accountId }) => enableSlackAccount(cfg, accountId), - applySet: ({ cfg, accountId, value }) => - patchChannelConfigForAccount({ - cfg, - channel, - accountId, - patch: { - enabled: true, - botToken: value, - }, - }), - }, - { - inputKey: "appToken", - providerHint: "slack-app", - credentialLabel: "Slack app token", - preferredEnvVar: "SLACK_APP_TOKEN", - envPrompt: "SLACK_APP_TOKEN detected. Use env var?", - keepPrompt: "Slack app token already configured. Keep it?", - inputPrompt: "Enter Slack app token (xapp-...)", - allowEnv: ({ accountId }) => accountId === DEFAULT_ACCOUNT_ID, - inspect: ({ cfg, accountId }) => { - const resolved = resolveSlackAccount({ cfg, accountId }); - return { - accountConfigured: - Boolean(resolved.appToken) || hasConfiguredSecretInput(resolved.config.appToken), - hasConfiguredValue: hasConfiguredSecretInput(resolved.config.appToken), - resolvedValue: resolved.appToken?.trim() || undefined, - envValue: - accountId === DEFAULT_ACCOUNT_ID ? process.env.SLACK_APP_TOKEN?.trim() : undefined, - }; - }, - applyUseEnv: ({ cfg, accountId }) => enableSlackAccount(cfg, accountId), - applySet: ({ cfg, accountId, value }) => - patchChannelConfigForAccount({ - cfg, - channel, - accountId, - patch: { - enabled: true, - appToken: value, - }, - }), - }, - ], - dmPolicy: slackDmPolicy, - allowFrom: { - helpTitle: "Slack allowlist", - helpLines: [ - "Allowlist Slack DMs by username (we resolve to user ids).", - "Examples:", - "- U12345678", - "- @alice", - "Multiple entries: comma-separated.", - `Docs: ${formatDocsLink("/slack", "slack")}`, - ], - credentialInputKey: "botToken", - message: "Slack allowFrom (usernames or ids)", - placeholder: "@alice, U12345678", - invalidWithoutCredentialNote: "Slack token missing; use user ids (or mention form) only.", - parseId: (value) => - parseMentionOrPrefixedId({ - value, - mentionPattern: /^<@([A-Z0-9]+)>$/i, - prefixPattern: /^(slack:|user:)/i, - idPattern: /^[A-Z][A-Z0-9]+$/i, - normalizeId: (id) => id.toUpperCase(), - }), - resolveEntries: async ({ credentialValues, entries }) => - await resolveSlackAllowFromEntries({ - token: credentialValues.botToken, - entries, - }), - apply: ({ cfg, accountId, allowFrom }) => - patchChannelConfigForAccount({ - cfg, - channel, - accountId, - patch: { dmPolicy: "allowlist", allowFrom }, - }), - }, - groupAccess: { - label: "Slack channels", - placeholder: "#general, #private, C123", - currentPolicy: ({ cfg, accountId }) => - resolveSlackAccount({ cfg, accountId }).config.groupPolicy ?? "allowlist", - currentEntries: ({ cfg, accountId }) => - Object.entries(resolveSlackAccount({ cfg, accountId }).config.channels ?? {}) - .filter(([, value]) => value?.allow !== false && value?.enabled !== false) - .map(([key]) => key), - updatePrompt: ({ cfg, accountId }) => - Boolean(resolveSlackAccount({ cfg, accountId }).config.channels), - setPolicy: ({ cfg, accountId, policy }) => - setAccountGroupPolicyForChannel({ - cfg, - channel, - accountId, - groupPolicy: policy, - }), - resolveAllowlist: async ({ cfg, accountId, credentialValues, entries, prompter }) => { - let keys = entries; - const accountWithTokens = resolveSlackAccount({ - cfg, - accountId, - }); - const activeBotToken = accountWithTokens.botToken || credentialValues.botToken || ""; - if (activeBotToken && entries.length > 0) { - try { - const resolved = await resolveSlackChannelAllowlist({ - token: activeBotToken, - entries, - }); - const resolvedKeys = resolved - .filter((entry) => entry.resolved && entry.id) - .map((entry) => entry.id as string); - const unresolved = resolved - .filter((entry) => !entry.resolved) - .map((entry) => entry.input); - keys = [...resolvedKeys, ...unresolved.map((entry) => entry.trim()).filter(Boolean)]; - await noteChannelLookupSummary({ - prompter, - label: "Slack channels", - resolvedSections: [{ title: "Resolved", values: resolvedKeys }], - unresolved, - }); - } catch (error) { - await noteChannelLookupFailure({ - prompter, - label: "Slack channels", - error, - }); - } - } - return keys; - }, - applyAllowlist: ({ cfg, accountId, resolved }) => - setSlackChannelAllowlist(cfg, accountId, resolved as string[]), - }, - disable: (cfg) => setSetupChannelEnabled(cfg, channel, false), -}; +export const slackSetupWizard: ChannelSetupWizard = createSlackSetupWizardBase({ + promptAllowFrom: promptSlackAllowFrom, + resolveAllowFromEntries: async ({ credentialValues, entries }) => + await resolveSlackAllowFromEntries({ + token: credentialValues.botToken, + entries, + }), + resolveGroupAllowlist: async ({ cfg, accountId, credentialValues, entries, prompter }) => + await resolveSlackGroupAllowlist({ + cfg, + accountId, + credentialValues, + entries, + prompter, + }), +}); diff --git a/extensions/slack/src/shared.ts b/extensions/slack/src/shared.ts new file mode 100644 index 00000000000..0d4fd0a3481 --- /dev/null +++ b/extensions/slack/src/shared.ts @@ -0,0 +1,224 @@ +import { formatAllowFromLowercase } from "openclaw/plugin-sdk/allow-from"; +import { + createScopedAccountConfigAccessors, + createScopedChannelConfigBase, +} from "openclaw/plugin-sdk/channel-config-helpers"; +import { + formatDocsLink, + hasConfiguredSecretInput, + patchChannelConfigForAccount, +} from "openclaw/plugin-sdk/setup"; +import { + buildChannelConfigSchema, + getChatChannelMeta, + SlackConfigSchema, + type ChannelPlugin, + type OpenClawConfig, +} from "openclaw/plugin-sdk/slack-core"; +import { inspectSlackAccount } from "./account-inspect.js"; +import { + listSlackAccountIds, + resolveDefaultSlackAccountId, + resolveSlackAccount, + type ResolvedSlackAccount, +} from "./accounts.js"; +import { isSlackInteractiveRepliesEnabled } from "./interactive-replies.js"; + +export const SLACK_CHANNEL = "slack" as const; + +function buildSlackManifest(botName: string) { + const safeName = botName.trim() || "OpenClaw"; + const manifest = { + display_information: { + name: safeName, + description: `${safeName} connector for OpenClaw`, + }, + features: { + bot_user: { + display_name: safeName, + always_online: false, + }, + app_home: { + messages_tab_enabled: true, + messages_tab_read_only_enabled: false, + }, + slash_commands: [ + { + command: "/openclaw", + description: "Send a message to OpenClaw", + should_escape: false, + }, + ], + }, + oauth_config: { + scopes: { + bot: [ + "chat:write", + "channels:history", + "channels:read", + "groups:history", + "im:history", + "mpim:history", + "users:read", + "app_mentions:read", + "reactions:read", + "reactions:write", + "pins:read", + "pins:write", + "emoji:read", + "commands", + "files:read", + "files:write", + ], + }, + }, + settings: { + socket_mode_enabled: true, + event_subscriptions: { + bot_events: [ + "app_mention", + "message.channels", + "message.groups", + "message.im", + "message.mpim", + "reaction_added", + "reaction_removed", + "member_joined_channel", + "member_left_channel", + "channel_rename", + "pin_added", + "pin_removed", + ], + }, + }, + }; + return JSON.stringify(manifest, null, 2); +} + +export function buildSlackSetupLines(botName = "OpenClaw"): string[] { + return [ + "1) Slack API -> Create App -> From scratch or From manifest (with the JSON below)", + "2) Add Socket Mode + enable it to get the app-level token (xapp-...)", + "3) Install App to workspace to get the xoxb- bot token", + "4) Enable Event Subscriptions (socket) for message events", + "5) App Home -> enable the Messages tab for DMs", + "Tip: set SLACK_BOT_TOKEN + SLACK_APP_TOKEN in your env.", + `Docs: ${formatDocsLink("/slack", "slack")}`, + "", + "Manifest (JSON):", + buildSlackManifest(botName), + ]; +} + +export function setSlackChannelAllowlist( + cfg: OpenClawConfig, + accountId: string, + channelKeys: string[], +): OpenClawConfig { + const channels = Object.fromEntries(channelKeys.map((key) => [key, { allow: true }])); + return patchChannelConfigForAccount({ + cfg, + channel: SLACK_CHANNEL, + accountId, + patch: { channels }, + }); +} + +export function isSlackPluginAccountConfigured(account: ResolvedSlackAccount): boolean { + const mode = account.config.mode ?? "socket"; + const hasBotToken = Boolean(account.botToken?.trim()); + if (!hasBotToken) { + return false; + } + if (mode === "http") { + return Boolean(account.config.signingSecret?.trim()); + } + return Boolean(account.appToken?.trim()); +} + +export function isSlackSetupAccountConfigured(account: ResolvedSlackAccount): boolean { + const hasConfiguredBotToken = + Boolean(account.botToken?.trim()) || hasConfiguredSecretInput(account.config.botToken); + const hasConfiguredAppToken = + Boolean(account.appToken?.trim()) || hasConfiguredSecretInput(account.config.appToken); + return hasConfiguredBotToken && hasConfiguredAppToken; +} + +export const slackConfigAccessors = createScopedAccountConfigAccessors({ + resolveAccount: ({ cfg, accountId }) => resolveSlackAccount({ cfg, accountId }), + resolveAllowFrom: (account: ResolvedSlackAccount) => account.dm?.allowFrom, + formatAllowFrom: (allowFrom) => formatAllowFromLowercase({ allowFrom }), + resolveDefaultTo: (account: ResolvedSlackAccount) => account.config.defaultTo, +}); + +export const slackConfigBase = createScopedChannelConfigBase({ + sectionKey: SLACK_CHANNEL, + listAccountIds: listSlackAccountIds, + resolveAccount: (cfg, accountId) => resolveSlackAccount({ cfg, accountId }), + inspectAccount: (cfg, accountId) => inspectSlackAccount({ cfg, accountId }), + defaultAccountId: resolveDefaultSlackAccountId, + clearBaseFields: ["botToken", "appToken", "name"], +}); + +export function createSlackPluginBase(params: { + setupWizard: NonNullable["setupWizard"]>; + setup: NonNullable["setup"]>; +}): Pick< + ChannelPlugin, + | "id" + | "meta" + | "setupWizard" + | "capabilities" + | "agentPrompt" + | "streaming" + | "reload" + | "configSchema" + | "config" + | "setup" +> { + return { + id: SLACK_CHANNEL, + meta: { + ...getChatChannelMeta(SLACK_CHANNEL), + preferSessionLookupForAnnounceTarget: true, + }, + setupWizard: params.setupWizard, + capabilities: { + chatTypes: ["direct", "channel", "thread"], + reactions: true, + threads: true, + media: true, + nativeCommands: true, + }, + agentPrompt: { + messageToolHints: ({ cfg, accountId }) => + isSlackInteractiveRepliesEnabled({ cfg, accountId }) + ? [ + "- Slack interactive replies: use `[[slack_buttons: Label:value, Other:other]]` to add action buttons that route clicks back as Slack interaction system events.", + "- Slack selects: use `[[slack_select: Placeholder | Label:value, Other:other]]` to add a static select menu that routes the chosen value back as a Slack interaction system event.", + ] + : [ + "- Slack interactive replies are disabled. If needed, ask to set `channels.slack.capabilities.interactiveReplies=true` (or the same under `channels.slack.accounts..capabilities`).", + ], + }, + streaming: { + blockStreamingCoalesceDefaults: { minChars: 1500, idleMs: 1000 }, + }, + reload: { configPrefixes: ["channels.slack"] }, + configSchema: buildChannelConfigSchema(SlackConfigSchema), + config: { + ...slackConfigBase, + isConfigured: (account) => isSlackPluginAccountConfigured(account), + describeAccount: (account) => ({ + accountId: account.accountId, + name: account.name, + enabled: account.enabled, + configured: isSlackPluginAccountConfigured(account), + botTokenSource: account.botTokenSource, + appTokenSource: account.appTokenSource, + }), + ...slackConfigAccessors, + }, + setup: params.setup, + }; +} diff --git a/extensions/slack/src/stream-mode.ts b/extensions/slack/src/stream-mode.ts index 819eb4fa722..f341c0a5304 100644 --- a/extensions/slack/src/stream-mode.ts +++ b/extensions/slack/src/stream-mode.ts @@ -4,7 +4,7 @@ import { resolveSlackStreamingMode, type SlackLegacyDraftStreamMode, type StreamingMode, -} from "../../../src/config/discord-preview-streaming.js"; +} from "openclaw/plugin-sdk/config-runtime"; export type SlackStreamMode = SlackLegacyDraftStreamMode; export type SlackStreamingMode = StreamingMode; diff --git a/extensions/slack/src/streaming.ts b/extensions/slack/src/streaming.ts index b6269412c9d..1685e378f61 100644 --- a/extensions/slack/src/streaming.ts +++ b/extensions/slack/src/streaming.ts @@ -13,7 +13,7 @@ import type { WebClient } from "@slack/web-api"; import type { ChatStreamer } from "@slack/web-api/dist/chat-stream.js"; -import { logVerbose } from "../../../src/globals.js"; +import { logVerbose } from "openclaw/plugin-sdk/runtime-env"; // --------------------------------------------------------------------------- // Types diff --git a/extensions/slack/src/targets.ts b/extensions/slack/src/targets.ts index 5d80650daff..43162a447d5 100644 --- a/extensions/slack/src/targets.ts +++ b/extensions/slack/src/targets.ts @@ -6,7 +6,7 @@ import { type MessagingTarget, type MessagingTargetKind, type MessagingTargetParseOptions, -} from "../../../src/channels/targets.js"; +} from "openclaw/plugin-sdk/channel-runtime"; export type SlackTargetKind = MessagingTargetKind; diff --git a/extensions/slack/src/threading-tool-context.ts b/extensions/slack/src/threading-tool-context.ts index 206ce98b42f..30451be5b6b 100644 --- a/extensions/slack/src/threading-tool-context.ts +++ b/extensions/slack/src/threading-tool-context.ts @@ -1,8 +1,8 @@ import type { ChannelThreadingContext, ChannelThreadingToolContext, -} from "../../../src/channels/plugins/types.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; +} from "openclaw/plugin-sdk/channel-runtime"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; import { resolveSlackAccount, resolveSlackReplyToMode } from "./accounts.js"; export function buildSlackThreadingToolContext(params: { diff --git a/extensions/slack/src/threading.ts b/extensions/slack/src/threading.ts index ccef2e5e081..d072ab796c0 100644 --- a/extensions/slack/src/threading.ts +++ b/extensions/slack/src/threading.ts @@ -1,4 +1,4 @@ -import type { ReplyToMode } from "../../../src/config/types.js"; +import type { ReplyToMode } from "openclaw/plugin-sdk/config-runtime"; import type { SlackAppMentionEvent, SlackMessageEvent } from "./types.js"; export type SlackThreadContext = { diff --git a/extensions/slack/src/token.ts b/extensions/slack/src/token.ts index cebda65e335..36f31c89383 100644 --- a/extensions/slack/src/token.ts +++ b/extensions/slack/src/token.ts @@ -1,4 +1,4 @@ -import { normalizeResolvedSecretInputString } from "../../../src/config/types.secrets.js"; +import { normalizeResolvedSecretInputString } from "openclaw/plugin-sdk/config-runtime"; export function normalizeSlackToken(raw?: unknown): string | undefined { return normalizeResolvedSecretInputString({ diff --git a/extensions/synology-chat/api.ts b/extensions/synology-chat/api.ts new file mode 100644 index 00000000000..7c705aec6e5 --- /dev/null +++ b/extensions/synology-chat/api.ts @@ -0,0 +1 @@ +export * from "./src/setup-surface.js"; diff --git a/extensions/synology-chat/index.ts b/extensions/synology-chat/index.ts index 9078b9f86c7..1e51c8f68aa 100644 --- a/extensions/synology-chat/index.ts +++ b/extensions/synology-chat/index.ts @@ -1,17 +1,14 @@ -import type { OpenClawPluginApi } from "openclaw/plugin-sdk/synology-chat"; -import { emptyPluginConfigSchema } from "openclaw/plugin-sdk/synology-chat"; +import { defineChannelPluginEntry } from "openclaw/plugin-sdk/core"; import { synologyChatPlugin } from "./src/channel.js"; import { setSynologyRuntime } from "./src/runtime.js"; -const plugin = { +export { synologyChatPlugin } from "./src/channel.js"; +export { setSynologyRuntime } from "./src/runtime.js"; + +export default defineChannelPluginEntry({ id: "synology-chat", name: "Synology Chat", description: "Native Synology Chat channel plugin for OpenClaw", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { - setSynologyRuntime(api.runtime); - api.registerChannel({ plugin: synologyChatPlugin }); - }, -}; - -export default plugin; + plugin: synologyChatPlugin, + setRuntime: setSynologyRuntime, +}); diff --git a/extensions/synology-chat/setup-entry.ts b/extensions/synology-chat/setup-entry.ts index 45cc966e082..858696710a8 100644 --- a/extensions/synology-chat/setup-entry.ts +++ b/extensions/synology-chat/setup-entry.ts @@ -1,5 +1,4 @@ +import { defineSetupPluginEntry } from "openclaw/plugin-sdk/core"; import { synologyChatPlugin } from "./src/channel.js"; -export default { - plugin: synologyChatPlugin, -}; +export default defineSetupPluginEntry(synologyChatPlugin); diff --git a/extensions/synology-chat/src/runtime.ts b/extensions/synology-chat/src/runtime.ts index 2f9b401192c..68df66decc7 100644 --- a/extensions/synology-chat/src/runtime.ts +++ b/extensions/synology-chat/src/runtime.ts @@ -1,4 +1,4 @@ -import { createPluginRuntimeStore } from "openclaw/plugin-sdk/compat"; +import { createPluginRuntimeStore } from "openclaw/plugin-sdk/runtime-store"; import type { PluginRuntime } from "openclaw/plugin-sdk/synology-chat"; const { setRuntime: setSynologyRuntime, getRuntime: getSynologyRuntime } = diff --git a/extensions/synology-chat/src/setup-surface.test.ts b/extensions/synology-chat/src/setup-surface.test.ts index 6c1289a8a84..5b30c747813 100644 --- a/extensions/synology-chat/src/setup-surface.test.ts +++ b/extensions/synology-chat/src/setup-surface.test.ts @@ -1,31 +1,14 @@ import { describe, expect, it, vi } from "vitest"; import { buildChannelSetupWizardAdapterFromSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; import type { OpenClawConfig } from "../../../src/config/config.js"; -import type { WizardPrompter } from "../../../src/wizard/prompts.js"; -import { createRuntimeEnv } from "../../test-utils/runtime-env.js"; +import { createRuntimeEnv } from "../../../test/helpers/extensions/runtime-env.js"; +import { + createTestWizardPrompter, + type WizardPrompter, +} from "../../../test/helpers/extensions/setup-wizard.js"; import { synologyChatPlugin } from "./channel.js"; import { synologyChatSetupWizard } from "./setup-surface.js"; -function createPrompter(overrides: Partial = {}): WizardPrompter { - return { - intro: vi.fn(async () => {}), - outro: vi.fn(async () => {}), - note: vi.fn(async () => {}), - select: vi.fn(async ({ options }: { options: Array<{ value: string }> }) => { - const first = options[0]; - if (!first) { - throw new Error("no options"); - } - return first.value; - }) as WizardPrompter["select"], - multiselect: vi.fn(async () => []), - text: vi.fn(async () => "") as WizardPrompter["text"], - confirm: vi.fn(async () => false), - progress: vi.fn(() => ({ update: vi.fn(), stop: vi.fn() })), - ...overrides, - }; -} - const synologyChatConfigureAdapter = buildChannelSetupWizardAdapterFromSetupWizard({ plugin: synologyChatPlugin, wizard: synologyChatSetupWizard, @@ -33,7 +16,7 @@ const synologyChatConfigureAdapter = buildChannelSetupWizardAdapterFromSetupWiza describe("synology-chat setup wizard", () => { it("configures token and incoming webhook for the default account", async () => { - const prompter = createPrompter({ + const prompter = createTestWizardPrompter({ text: vi.fn(async ({ message }: { message: string }) => { if (message === "Enter Synology Chat outgoing webhook token") { return "synology-token"; @@ -67,7 +50,7 @@ describe("synology-chat setup wizard", () => { }); it("records allowed user ids when setup forces allowFrom", async () => { - const prompter = createPrompter({ + const prompter = createTestWizardPrompter({ text: vi.fn(async ({ message }: { message: string }) => { if (message === "Enter Synology Chat outgoing webhook token") { return "synology-token"; diff --git a/extensions/synology-chat/src/setup-surface.ts b/extensions/synology-chat/src/setup-surface.ts index d998022365b..7985199eda6 100644 --- a/extensions/synology-chat/src/setup-surface.ts +++ b/extensions/synology-chat/src/setup-surface.ts @@ -1,13 +1,14 @@ import { + DEFAULT_ACCOUNT_ID, + formatDocsLink, mergeAllowFromEntries, + normalizeAccountId, setSetupChannelEnabled, splitSetupEntries, -} from "../../../src/channels/plugins/setup-wizard-helpers.js"; -import type { ChannelSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import type { ChannelSetupAdapter } from "../../../src/channels/plugins/types.adapters.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js"; -import { formatDocsLink } from "../../../src/terminal/links.js"; + type ChannelSetupAdapter, + type ChannelSetupWizard, + type OpenClawConfig, +} from "openclaw/plugin-sdk/setup"; import { listAccountIds, resolveAccount } from "./accounts.js"; import type { SynologyChatAccountRaw, SynologyChatChannelConfig } from "./types.js"; diff --git a/extensions/synthetic/index.ts b/extensions/synthetic/index.ts index 080245606da..360e4124cdd 100644 --- a/extensions/synthetic/index.ts +++ b/extensions/synthetic/index.ts @@ -1,19 +1,16 @@ -import { emptyPluginConfigSchema, type OpenClawPluginApi } from "openclaw/plugin-sdk/core"; -import { buildSyntheticProvider } from "../../src/agents/models-config.providers.static.js"; -import { - applySyntheticConfig, - SYNTHETIC_DEFAULT_MODEL_REF, -} from "../../src/commands/onboard-auth.js"; -import { createProviderApiKeyAuthMethod } from "../../src/plugins/provider-api-key-auth.js"; +import { definePluginEntry } from "openclaw/plugin-sdk/core"; +import { createProviderApiKeyAuthMethod } from "openclaw/plugin-sdk/provider-auth"; +import { buildSingleProviderApiKeyCatalog } from "openclaw/plugin-sdk/provider-catalog"; +import { applySyntheticConfig, SYNTHETIC_DEFAULT_MODEL_REF } from "./onboard.js"; +import { buildSyntheticProvider } from "./provider-catalog.js"; const PROVIDER_ID = "synthetic"; -const syntheticPlugin = { +export default definePluginEntry({ id: PROVIDER_ID, name: "Synthetic Provider", description: "Bundled Synthetic provider plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerProvider({ id: PROVIDER_ID, label: "Synthetic", @@ -43,21 +40,13 @@ const syntheticPlugin = { ], catalog: { order: "simple", - run: async (ctx) => { - const apiKey = ctx.resolveProviderApiKey(PROVIDER_ID).apiKey; - if (!apiKey) { - return null; - } - return { - provider: { - ...buildSyntheticProvider(), - apiKey, - }, - }; - }, + run: (ctx) => + buildSingleProviderApiKeyCatalog({ + ctx, + providerId: PROVIDER_ID, + buildProvider: buildSyntheticProvider, + }), }, }); }, -}; - -export default syntheticPlugin; +}); diff --git a/extensions/synthetic/onboard.ts b/extensions/synthetic/onboard.ts new file mode 100644 index 00000000000..d11f2cb0e9b --- /dev/null +++ b/extensions/synthetic/onboard.ts @@ -0,0 +1,36 @@ +import { + buildSyntheticModelDefinition, + SYNTHETIC_BASE_URL, + SYNTHETIC_DEFAULT_MODEL_REF, + SYNTHETIC_MODEL_CATALOG, +} from "openclaw/plugin-sdk/provider-models"; +import { + applyAgentDefaultModelPrimary, + applyProviderConfigWithModelCatalog, + type OpenClawConfig, +} from "openclaw/plugin-sdk/provider-onboard"; + +export { SYNTHETIC_DEFAULT_MODEL_REF }; + +export function applySyntheticProviderConfig(cfg: OpenClawConfig): OpenClawConfig { + const models = { ...cfg.agents?.defaults?.models }; + models[SYNTHETIC_DEFAULT_MODEL_REF] = { + ...models[SYNTHETIC_DEFAULT_MODEL_REF], + alias: models[SYNTHETIC_DEFAULT_MODEL_REF]?.alias ?? "MiniMax M2.5", + }; + + return applyProviderConfigWithModelCatalog(cfg, { + agentModels: models, + providerId: "synthetic", + api: "anthropic-messages", + baseUrl: SYNTHETIC_BASE_URL, + catalogModels: SYNTHETIC_MODEL_CATALOG.map(buildSyntheticModelDefinition), + }); +} + +export function applySyntheticConfig(cfg: OpenClawConfig): OpenClawConfig { + return applyAgentDefaultModelPrimary( + applySyntheticProviderConfig(cfg), + SYNTHETIC_DEFAULT_MODEL_REF, + ); +} diff --git a/extensions/synthetic/provider-catalog.ts b/extensions/synthetic/provider-catalog.ts new file mode 100644 index 00000000000..e46b08682c2 --- /dev/null +++ b/extensions/synthetic/provider-catalog.ts @@ -0,0 +1,14 @@ +import { + buildSyntheticModelDefinition, + type ModelProviderConfig, + SYNTHETIC_BASE_URL, + SYNTHETIC_MODEL_CATALOG, +} from "openclaw/plugin-sdk/provider-models"; + +export function buildSyntheticProvider(): ModelProviderConfig { + return { + baseUrl: SYNTHETIC_BASE_URL, + api: "anthropic-messages", + models: SYNTHETIC_MODEL_CATALOG.map(buildSyntheticModelDefinition), + }; +} diff --git a/extensions/talk-voice/api.ts b/extensions/talk-voice/api.ts new file mode 100644 index 00000000000..a5ae821e944 --- /dev/null +++ b/extensions/talk-voice/api.ts @@ -0,0 +1 @@ +export * from "openclaw/plugin-sdk/talk-voice"; diff --git a/extensions/talk-voice/index.test.ts b/extensions/talk-voice/index.test.ts new file mode 100644 index 00000000000..487df4a2d7a --- /dev/null +++ b/extensions/talk-voice/index.test.ts @@ -0,0 +1,222 @@ +import { describe, expect, it, vi } from "vitest"; +import type { OpenClawPluginCommandDefinition } from "../../test/helpers/extensions/plugin-command.js"; +import { createPluginRuntimeMock } from "../../test/helpers/extensions/plugin-runtime-mock.js"; +import register from "./index.js"; + +function createHarness(config: Record) { + let command: OpenClawPluginCommandDefinition | undefined; + const runtime = createPluginRuntimeMock({ + config: { + loadConfig: vi.fn(() => config), + writeConfigFile: vi.fn().mockResolvedValue(undefined), + }, + tts: { + listVoices: vi.fn(), + }, + }); + const api = { + runtime, + registerCommand: vi.fn((definition: OpenClawPluginCommandDefinition) => { + command = definition; + }), + }; + register.register(api as never); + if (!command) { + throw new Error("talk-voice command not registered"); + } + return { command, runtime }; +} + +function createCommandContext(args: string, channel: string = "discord") { + return { + args, + channel, + channelId: channel, + isAuthorizedSender: true, + commandBody: args ? `/voice ${args}` : "/voice", + config: {}, + requestConversationBinding: vi.fn(), + detachConversationBinding: vi.fn(), + getCurrentConversationBinding: vi.fn(), + }; +} + +describe("talk-voice plugin", () => { + it("reports active provider status", async () => { + const { command } = createHarness({ + talk: { + provider: "microsoft", + providers: { + microsoft: { + voiceId: "en-US-AvaNeural", + apiKey: "secret-token", + }, + }, + }, + }); + + const result = await command.handler(createCommandContext("")); + + expect(result).toEqual({ + text: + "Talk voice status:\n" + + "- provider: microsoft\n" + + "- talk.voiceId: en-US-AvaNeural\n" + + "- microsoft.apiKey: secret…", + }); + }); + + it("lists voices from the active provider", async () => { + const { command, runtime } = createHarness({ + talk: { + provider: "elevenlabs", + providers: { + elevenlabs: { + apiKey: "sk-eleven", + baseUrl: "https://voices.example.test", + }, + }, + }, + }); + vi.mocked(runtime.tts.listVoices).mockResolvedValue([ + { id: "voice-a", name: "Claudia", category: "general" }, + { id: "voice-b", name: "Bert" }, + ]); + + const result = await command.handler(createCommandContext("list 1")); + + expect(runtime.tts.listVoices).toHaveBeenCalledWith({ + provider: "elevenlabs", + cfg: { + talk: { + provider: "elevenlabs", + providers: { + elevenlabs: { + apiKey: "sk-eleven", + baseUrl: "https://voices.example.test", + }, + }, + }, + }, + apiKey: "sk-eleven", + baseUrl: "https://voices.example.test", + }); + expect(result).toEqual({ + text: + "ElevenLabs voices: 2\n\n" + + "- Claudia · general\n" + + " id: voice-a\n\n" + + "(showing first 1)", + }); + }); + + it("surfaces richer provider voice metadata when available", async () => { + const { command, runtime } = createHarness({ + talk: { + provider: "microsoft", + providers: { + microsoft: {}, + }, + }, + }); + vi.mocked(runtime.tts.listVoices).mockResolvedValue([ + { + id: "en-US-AvaNeural", + name: "Ava", + category: "General", + locale: "en-US", + gender: "Female", + personalities: ["Friendly", "Positive"], + description: "Friendly, Positive", + }, + ]); + + const result = await command.handler(createCommandContext("list")); + + expect(result).toEqual({ + text: + "Microsoft voices: 1\n\n" + + "- Ava · General\n" + + " id: en-US-AvaNeural\n" + + " meta: en-US · Female · Friendly, Positive\n" + + " note: Friendly, Positive", + }); + }); + + it("writes canonical talk provider config and legacy elevenlabs voice id", async () => { + const { command, runtime } = createHarness({ + talk: { + provider: "elevenlabs", + providers: { + elevenlabs: { + apiKey: "sk-eleven", + }, + }, + }, + }); + vi.mocked(runtime.tts.listVoices).mockResolvedValue([{ id: "voice-a", name: "Claudia" }]); + + const result = await command.handler(createCommandContext("set Claudia")); + + expect(runtime.config.writeConfigFile).toHaveBeenCalledWith({ + talk: { + provider: "elevenlabs", + providers: { + elevenlabs: { + apiKey: "sk-eleven", + voiceId: "voice-a", + }, + }, + voiceId: "voice-a", + }, + }); + expect(result).toEqual({ + text: "✅ ElevenLabs Talk voice set to Claudia\nvoice-a", + }); + }); + + it("writes provider voice id without legacy top-level field for microsoft", async () => { + const { command, runtime } = createHarness({ + talk: { + provider: "microsoft", + providers: { + microsoft: {}, + }, + }, + }); + vi.mocked(runtime.tts.listVoices).mockResolvedValue([{ id: "en-US-AvaNeural", name: "Ava" }]); + + await command.handler(createCommandContext("set Ava")); + + expect(runtime.config.writeConfigFile).toHaveBeenCalledWith({ + talk: { + provider: "microsoft", + providers: { + microsoft: { + voiceId: "en-US-AvaNeural", + }, + }, + }, + }); + }); + + it("returns provider lookup errors cleanly", async () => { + const { command, runtime } = createHarness({ + talk: { + provider: "microsoft", + providers: { + microsoft: {}, + }, + }, + }); + vi.mocked(runtime.tts.listVoices).mockRejectedValue( + new Error("speech provider microsoft does not support voice listing"), + ); + + const result = await command.handler(createCommandContext("list")); + + expect(result).toEqual({ + text: "Microsoft voice list failed: speech provider microsoft does not support voice listing", + }); + }); +}); diff --git a/extensions/talk-voice/index.ts b/extensions/talk-voice/index.ts index 3445e91e81f..d0916ea6b99 100644 --- a/extensions/talk-voice/index.ts +++ b/extensions/talk-voice/index.ts @@ -1,11 +1,6 @@ -import type { OpenClawPluginApi } from "openclaw/plugin-sdk/talk-voice"; - -type ElevenLabsVoice = { - voice_id: string; - name?: string; - category?: string; - description?: string; -}; +import { resolveActiveTalkProviderConfig } from "openclaw/plugin-sdk/config-runtime"; +import type { SpeechVoiceOption } from "openclaw/plugin-sdk/speech"; +import { definePluginEntry, type OpenClawPluginApi } from "./api.js"; function mask(s: string, keep: number = 6): string { const trimmed = s.trim(); @@ -23,30 +18,48 @@ function isLikelyVoiceId(value: string): boolean { return /^[a-zA-Z0-9_-]+$/.test(v); } -async function listVoices(apiKey: string): Promise { - const res = await fetch("https://api.elevenlabs.io/v1/voices", { - headers: { - "xi-api-key": apiKey, - }, - }); - if (!res.ok) { - throw new Error(`ElevenLabs voices API error (${res.status})`); +function resolveProviderLabel(providerId: string): string { + switch (providerId) { + case "openai": + return "OpenAI"; + case "microsoft": + return "Microsoft"; + case "elevenlabs": + return "ElevenLabs"; + default: + return providerId; } - const json = (await res.json()) as { voices?: ElevenLabsVoice[] }; - return Array.isArray(json.voices) ? json.voices : []; } -function formatVoiceList(voices: ElevenLabsVoice[], limit: number): string { +function formatVoiceMeta(voice: SpeechVoiceOption): string | undefined { + const parts = [voice.locale, voice.gender]; + const personalities = voice.personalities?.filter((value) => value.trim().length > 0) ?? []; + if (personalities.length > 0) { + parts.push(personalities.join(", ")); + } + const filtered = parts.filter((part): part is string => Boolean(part?.trim())); + return filtered.length > 0 ? filtered.join(" · ") : undefined; +} + +function formatVoiceList(voices: SpeechVoiceOption[], limit: number, providerId: string): string { const sliced = voices.slice(0, Math.max(1, Math.min(limit, 50))); const lines: string[] = []; - lines.push(`Voices: ${voices.length}`); + lines.push(`${resolveProviderLabel(providerId)} voices: ${voices.length}`); lines.push(""); for (const v of sliced) { const name = (v.name ?? "").trim() || "(unnamed)"; const category = (v.category ?? "").trim(); const meta = category ? ` · ${category}` : ""; lines.push(`- ${name}${meta}`); - lines.push(` id: ${v.voice_id}`); + lines.push(` id: ${v.id}`); + const details = formatVoiceMeta(v); + if (details) { + lines.push(` meta: ${details}`); + } + const description = (v.description ?? "").trim(); + if (description) { + lines.push(` note: ${description}`); + } } if (voices.length > sliced.length) { lines.push(""); @@ -55,13 +68,13 @@ function formatVoiceList(voices: ElevenLabsVoice[], limit: number): string { return lines.join("\n"); } -function findVoice(voices: ElevenLabsVoice[], query: string): ElevenLabsVoice | null { +function findVoice(voices: SpeechVoiceOption[], query: string): SpeechVoiceOption | null { const q = query.trim(); if (!q) { return null; } const lower = q.toLowerCase(); - const byId = voices.find((v) => v.voice_id === q); + const byId = voices.find((v) => v.id === q); if (byId) { return byId; } @@ -81,82 +94,129 @@ function resolveCommandLabel(channel: string): string { return channel === "discord" ? "/talkvoice" : "/voice"; } -export default function register(api: OpenClawPluginApi) { - api.registerCommand({ - name: "voice", - nativeNames: { - discord: "talkvoice", - }, - description: "List/set ElevenLabs Talk voice (affects iOS Talk playback).", - acceptsArgs: true, - handler: async (ctx) => { - const commandLabel = resolveCommandLabel(ctx.channel); - const args = ctx.args?.trim() ?? ""; - const tokens = args.split(/\s+/).filter(Boolean); - const action = (tokens[0] ?? "status").toLowerCase(); - - const cfg = api.runtime.config.loadConfig(); - const apiKey = asTrimmedString(cfg.talk?.apiKey); - if (!apiKey) { - return { - text: - "Talk voice is not configured.\n\n" + - "Missing: talk.apiKey (ElevenLabs API key).\n" + - "Set it on the gateway, then retry.", - }; - } - - const currentVoiceId = (cfg.talk?.voiceId ?? "").trim(); - - if (action === "status") { - return { - text: - "Talk voice status:\n" + - `- talk.voiceId: ${currentVoiceId ? currentVoiceId : "(unset)"}\n` + - `- talk.apiKey: ${mask(apiKey)}`, - }; - } - - if (action === "list") { - const limit = Number.parseInt(tokens[1] ?? "12", 10); - const voices = await listVoices(apiKey); - return { text: formatVoiceList(voices, Number.isFinite(limit) ? limit : 12) }; - } - - if (action === "set") { - const query = tokens.slice(1).join(" ").trim(); - if (!query) { - return { text: `Usage: ${commandLabel} set ` }; - } - const voices = await listVoices(apiKey); - const chosen = findVoice(voices, query); - if (!chosen) { - const hint = isLikelyVoiceId(query) ? query : `"${query}"`; - return { text: `No voice found for ${hint}. Try: ${commandLabel} list` }; - } - - const nextConfig = { - ...cfg, - talk: { - ...cfg.talk, - voiceId: chosen.voice_id, - }, - }; - await api.runtime.config.writeConfigFile(nextConfig); - - const name = (chosen.name ?? "").trim() || "(unnamed)"; - return { text: `✅ Talk voice set to ${name}\n${chosen.voice_id}` }; - } - - return { - text: [ - "Voice commands:", - "", - `${commandLabel} status`, - `${commandLabel} list [limit]`, - `${commandLabel} set `, - ].join("\n"), - }; - }, - }); +function asProviderBaseUrl(value: unknown): string | undefined { + const trimmed = asTrimmedString(value); + return trimmed || undefined; } + +export default definePluginEntry({ + id: "talk-voice", + name: "Talk Voice", + description: "Command helpers for managing Talk voice configuration", + register(api: OpenClawPluginApi) { + api.registerCommand({ + name: "voice", + nativeNames: { + discord: "talkvoice", + }, + description: "List/set Talk provider voices (affects iOS Talk playback).", + acceptsArgs: true, + handler: async (ctx) => { + const commandLabel = resolveCommandLabel(ctx.channel); + const args = ctx.args?.trim() ?? ""; + const tokens = args.split(/\s+/).filter(Boolean); + const action = (tokens[0] ?? "status").toLowerCase(); + + const cfg = api.runtime.config.loadConfig(); + const active = resolveActiveTalkProviderConfig(cfg.talk); + if (!active) { + return { + text: + "Talk voice is not configured.\n\n" + + "Missing: talk.provider and talk.providers..\n" + + "Set it on the gateway, then retry.", + }; + } + const providerId = active.provider; + const providerLabel = resolveProviderLabel(providerId); + const apiKey = asTrimmedString(active.config.apiKey); + const baseUrl = asProviderBaseUrl(active.config.baseUrl); + + const currentVoiceId = + asTrimmedString(active.config.voiceId) || asTrimmedString(cfg.talk?.voiceId); + + if (action === "status") { + return { + text: + "Talk voice status:\n" + + `- provider: ${providerId}\n` + + `- talk.voiceId: ${currentVoiceId ? currentVoiceId : "(unset)"}\n` + + `- ${providerId}.apiKey: ${apiKey ? mask(apiKey) : "(unset)"}`, + }; + } + + if (action === "list") { + const limit = Number.parseInt(tokens[1] ?? "12", 10); + try { + const voices = await api.runtime.tts.listVoices({ + provider: providerId, + cfg, + apiKey: apiKey || undefined, + baseUrl, + }); + return { + text: formatVoiceList(voices, Number.isFinite(limit) ? limit : 12, providerId), + }; + } catch (error) { + const message = error instanceof Error ? error.message : String(error); + return { text: `${providerLabel} voice list failed: ${message}` }; + } + } + + if (action === "set") { + const query = tokens.slice(1).join(" ").trim(); + if (!query) { + return { text: `Usage: ${commandLabel} set ` }; + } + let voices: SpeechVoiceOption[]; + try { + voices = await api.runtime.tts.listVoices({ + provider: providerId, + cfg, + apiKey: apiKey || undefined, + baseUrl, + }); + } catch (error) { + const message = error instanceof Error ? error.message : String(error); + return { text: `${providerLabel} voice lookup failed: ${message}` }; + } + const chosen = findVoice(voices, query); + if (!chosen) { + const hint = isLikelyVoiceId(query) ? query : `"${query}"`; + return { text: `No voice found for ${hint}. Try: ${commandLabel} list` }; + } + + const nextConfig = { + ...cfg, + talk: { + ...cfg.talk, + provider: providerId, + providers: { + ...(cfg.talk?.providers ?? {}), + [providerId]: { + ...(cfg.talk?.providers?.[providerId] ?? {}), + voiceId: chosen.id, + }, + }, + ...(providerId === "elevenlabs" ? { voiceId: chosen.id } : {}), + }, + }; + await api.runtime.config.writeConfigFile(nextConfig); + + const name = (chosen.name ?? "").trim() || "(unnamed)"; + return { text: `✅ ${providerLabel} Talk voice set to ${name}\n${chosen.id}` }; + } + + return { + text: [ + "Voice commands:", + "", + `${commandLabel} status`, + `${commandLabel} list [limit]`, + `${commandLabel} set `, + ].join("\n"), + }; + }, + }); + }, +}); diff --git a/extensions/telegram/api.ts b/extensions/telegram/api.ts new file mode 100644 index 00000000000..d5960350c39 --- /dev/null +++ b/extensions/telegram/api.ts @@ -0,0 +1,17 @@ +export * from "./src/account-inspect.js"; +export * from "./src/accounts.js"; +export * from "./src/allow-from.js"; +export * from "./src/api-fetch.js"; +export * from "./src/exec-approvals.js"; +export * from "./src/inline-buttons.js"; +export * from "./src/model-buttons.js"; +export * from "./src/normalize.js"; +export * from "./src/outbound-adapter.js"; +export * from "./src/outbound-params.js"; +export * from "./src/reaction-level.js"; +export * from "./src/sticker-cache.js"; +export * from "./src/status-issues.js"; +export * from "./src/targets.js"; +export * from "./src/update-offset-store.js"; +export type { TelegramButtonStyle, TelegramInlineButtons } from "./src/button-types.js"; +export type { StickerMetadata } from "./src/bot/types.js"; diff --git a/extensions/telegram/index.ts b/extensions/telegram/index.ts index d47ae46b6ce..ec6290914fe 100644 --- a/extensions/telegram/index.ts +++ b/extensions/telegram/index.ts @@ -1,17 +1,15 @@ -import type { ChannelPlugin, OpenClawPluginApi } from "openclaw/plugin-sdk/core"; -import { emptyPluginConfigSchema } from "openclaw/plugin-sdk/core"; +import type { ChannelPlugin } from "openclaw/plugin-sdk/core"; +import { defineChannelPluginEntry } from "openclaw/plugin-sdk/core"; import { telegramPlugin } from "./src/channel.js"; import { setTelegramRuntime } from "./src/runtime.js"; -const plugin = { +export { telegramPlugin } from "./src/channel.js"; +export { setTelegramRuntime } from "./src/runtime.js"; + +export default defineChannelPluginEntry({ id: "telegram", name: "Telegram", description: "Telegram channel plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { - setTelegramRuntime(api.runtime); - api.registerChannel({ plugin: telegramPlugin as ChannelPlugin }); - }, -}; - -export default plugin; + plugin: telegramPlugin as ChannelPlugin, + setRuntime: setTelegramRuntime, +}); diff --git a/extensions/telegram/runtime-api.ts b/extensions/telegram/runtime-api.ts new file mode 100644 index 00000000000..e704dc007a3 --- /dev/null +++ b/extensions/telegram/runtime-api.ts @@ -0,0 +1,7 @@ +export * from "./src/audit.js"; +export * from "./src/channel-actions.js"; +export * from "./src/monitor.js"; +export * from "./src/probe.js"; +export * from "./src/send.js"; +export * from "./src/thread-bindings.js"; +export * from "./src/token.js"; diff --git a/extensions/telegram/setup-entry.ts b/extensions/telegram/setup-entry.ts index 030f4bb3295..7b2c02399fa 100644 --- a/extensions/telegram/setup-entry.ts +++ b/extensions/telegram/setup-entry.ts @@ -1,3 +1,6 @@ +import { defineSetupPluginEntry } from "openclaw/plugin-sdk/core"; import { telegramSetupPlugin } from "./src/channel.setup.js"; -export default { plugin: telegramSetupPlugin }; +export { telegramSetupPlugin } from "./src/channel.setup.js"; + +export default defineSetupPluginEntry(telegramSetupPlugin); diff --git a/extensions/telegram/src/account-inspect.test.ts b/extensions/telegram/src/account-inspect.test.ts index 5e58626ba03..735cf4e53bb 100644 --- a/extensions/telegram/src/account-inspect.test.ts +++ b/extensions/telegram/src/account-inspect.test.ts @@ -3,7 +3,7 @@ import os from "node:os"; import path from "node:path"; import { describe, expect, it } from "vitest"; import type { OpenClawConfig } from "../../../src/config/config.js"; -import { withEnv } from "../../../src/test-utils/env.js"; +import { withEnv } from "../../../test/helpers/extensions/env.js"; import { inspectTelegramAccount } from "./account-inspect.js"; describe("inspectTelegramAccount SecretRef resolution", () => { diff --git a/extensions/telegram/src/account-inspect.ts b/extensions/telegram/src/account-inspect.ts index 6aca9122b43..6295a231451 100644 --- a/extensions/telegram/src/account-inspect.ts +++ b/extensions/telegram/src/account-inspect.ts @@ -1,14 +1,14 @@ -import type { TelegramAccountConfig } from "openclaw/plugin-sdk/telegram"; -import type { OpenClawConfig } from "../../../src/config/config.js"; +import { resolveAccountWithDefaultFallback } from "openclaw/plugin-sdk/account-resolution"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; import { coerceSecretRef, hasConfiguredSecretInput, normalizeSecretInputString, -} from "../../../src/config/types.secrets.js"; -import { tryReadSecretFileSync } from "../../../src/infra/secret-file.js"; -import { resolveAccountWithDefaultFallback } from "../../../src/plugin-sdk/account-resolution.js"; -import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js"; -import { resolveDefaultSecretProviderAlias } from "../../../src/secrets/ref-contract.js"; +} from "openclaw/plugin-sdk/config-runtime"; +import { tryReadSecretFileSync } from "openclaw/plugin-sdk/infra-runtime"; +import { resolveDefaultSecretProviderAlias } from "openclaw/plugin-sdk/provider-auth"; +import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "openclaw/plugin-sdk/routing"; +import type { TelegramAccountConfig } from "openclaw/plugin-sdk/telegram"; import { mergeTelegramAccountConfig, resolveDefaultTelegramAccountId, diff --git a/extensions/telegram/src/accounts.test.ts b/extensions/telegram/src/accounts.test.ts index 28af65a5d8a..ae8a56c66cf 100644 --- a/extensions/telegram/src/accounts.test.ts +++ b/extensions/telegram/src/accounts.test.ts @@ -1,6 +1,7 @@ import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; import type { OpenClawConfig } from "../../../src/config/config.js"; -import { withEnv } from "../../../src/test-utils/env.js"; +import * as subsystemModule from "../../../src/logging/subsystem.js"; +import { withEnv } from "../../../test/helpers/extensions/env.js"; import { listTelegramAccountIds, resetMissingDefaultWarnFlag, @@ -29,15 +30,16 @@ function resolveAccountWithEnv( return withEnv(env, () => resolveTelegramAccount({ cfg, ...(accountId ? { accountId } : {}) })); } -vi.mock("../../../src/logging/subsystem.js", () => ({ - createSubsystemLogger: () => { +beforeEach(() => { + vi.restoreAllMocks(); + vi.spyOn(subsystemModule, "createSubsystemLogger").mockImplementation(() => { const logger = { warn: warnMock, child: () => logger, }; - return logger; - }, -})); + return logger as unknown as ReturnType; + }); +}); describe("resolveTelegramAccount", () => { afterEach(() => { diff --git a/extensions/telegram/src/accounts.ts b/extensions/telegram/src/accounts.ts index cff6853a5b1..2e0c053d0d4 100644 --- a/extensions/telegram/src/accounts.ts +++ b/extensions/telegram/src/accounts.ts @@ -1,27 +1,32 @@ import util from "node:util"; -import type { TelegramAccountConfig, TelegramActionConfig } from "openclaw/plugin-sdk/telegram"; -import { createAccountActionGate } from "../../../src/channels/plugins/account-action-gate.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { isTruthyEnvValue } from "../../../src/infra/env.js"; -import { createSubsystemLogger } from "../../../src/logging/subsystem.js"; import { + createAccountActionGate, + DEFAULT_ACCOUNT_ID, listConfiguredAccountIds as listConfiguredAccountIdsFromSection, + normalizeAccountId, + normalizeOptionalAccountId, + resolveAccountEntry, resolveAccountWithDefaultFallback, -} from "../../../src/plugin-sdk/account-resolution.js"; -import { resolveAccountEntry } from "../../../src/routing/account-lookup.js"; + type OpenClawConfig, +} from "openclaw/plugin-sdk/account-resolution"; +import { isTruthyEnvValue } from "openclaw/plugin-sdk/infra-runtime"; import { listBoundAccountIds, resolveDefaultAgentBoundAccountId, -} from "../../../src/routing/bindings.js"; -import { formatSetExplicitDefaultInstruction } from "../../../src/routing/default-account-warnings.js"; -import { - DEFAULT_ACCOUNT_ID, - normalizeAccountId, - normalizeOptionalAccountId, -} from "../../../src/routing/session-key.js"; +} from "openclaw/plugin-sdk/routing"; +import { formatSetExplicitDefaultInstruction } from "openclaw/plugin-sdk/routing"; +import { createSubsystemLogger } from "openclaw/plugin-sdk/runtime-env"; +import type { TelegramAccountConfig, TelegramActionConfig } from "openclaw/plugin-sdk/telegram"; import { resolveTelegramToken } from "./token.js"; -const log = createSubsystemLogger("telegram/accounts"); +let log: ReturnType | null = null; + +function getLog() { + if (!log) { + log = createSubsystemLogger("telegram/accounts"); + } + return log; +} function formatDebugArg(value: unknown): string { if (typeof value === "string") { @@ -36,7 +41,7 @@ function formatDebugArg(value: unknown): string { const debugAccounts = (...args: unknown[]) => { if (isTruthyEnvValue(process.env.OPENCLAW_DEBUG_TELEGRAM_ACCOUNTS)) { const parts = args.map((arg) => formatDebugArg(arg)); - log.warn(parts.join(" ").trim()); + getLog().warn(parts.join(" ").trim()); } }; @@ -92,7 +97,7 @@ export function resolveDefaultTelegramAccountId(cfg: OpenClawConfig): string { } if (ids.length > 1 && !emittedMissingDefaultWarn) { emittedMissingDefaultWarn = true; - log.warn( + getLog().warn( `channels.telegram: accounts.default is missing; falling back to "${ids[0]}". ` + `${formatSetExplicitDefaultInstruction("telegram")} to avoid routing surprises in multi-account setups.`, ); diff --git a/extensions/telegram/src/api-logging.ts b/extensions/telegram/src/api-logging.ts index 6af9d7ae5a3..2abc74f0894 100644 --- a/extensions/telegram/src/api-logging.ts +++ b/extensions/telegram/src/api-logging.ts @@ -1,7 +1,7 @@ -import { danger } from "../../../src/globals.js"; -import { formatErrorMessage } from "../../../src/infra/errors.js"; -import { createSubsystemLogger } from "../../../src/logging/subsystem.js"; -import type { RuntimeEnv } from "../../../src/runtime.js"; +import { formatErrorMessage } from "openclaw/plugin-sdk/infra-runtime"; +import { danger } from "openclaw/plugin-sdk/runtime-env"; +import { createSubsystemLogger } from "openclaw/plugin-sdk/runtime-env"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; export type TelegramApiLogger = (message: string) => void; diff --git a/extensions/telegram/src/approval-buttons.ts b/extensions/telegram/src/approval-buttons.ts index a996ed3adf3..8ce836c754b 100644 --- a/extensions/telegram/src/approval-buttons.ts +++ b/extensions/telegram/src/approval-buttons.ts @@ -1,4 +1,4 @@ -import type { ExecApprovalReplyDecision } from "../../../src/infra/exec-approval-reply.js"; +import type { ExecApprovalReplyDecision } from "openclaw/plugin-sdk/infra-runtime"; import type { TelegramInlineButtons } from "./button-types.js"; const MAX_CALLBACK_DATA_BYTES = 64; diff --git a/extensions/telegram/src/audit-membership-runtime.ts b/extensions/telegram/src/audit-membership-runtime.ts index 694ad338c5b..930d768778e 100644 --- a/extensions/telegram/src/audit-membership-runtime.ts +++ b/extensions/telegram/src/audit-membership-runtime.ts @@ -1,5 +1,5 @@ -import { isRecord } from "../../../src/utils.js"; -import { fetchWithTimeout } from "../../../src/utils/fetch-timeout.js"; +import { isRecord } from "openclaw/plugin-sdk/text-runtime"; +import { fetchWithTimeout } from "openclaw/plugin-sdk/text-runtime"; import type { AuditTelegramGroupMembershipParams, TelegramGroupMembershipAudit, diff --git a/extensions/telegram/src/audit.ts b/extensions/telegram/src/audit.ts index 507f161edca..f7fb0969090 100644 --- a/extensions/telegram/src/audit.ts +++ b/extensions/telegram/src/audit.ts @@ -1,5 +1,5 @@ -import type { TelegramGroupConfig } from "../../../src/config/types.js"; -import type { TelegramNetworkConfig } from "../../../src/config/types.telegram.js"; +import type { TelegramGroupConfig } from "openclaw/plugin-sdk/config-runtime"; +import type { TelegramNetworkConfig } from "openclaw/plugin-sdk/config-runtime"; export type TelegramGroupMembershipAuditEntry = { chatId: string; diff --git a/extensions/telegram/src/bot-access.ts b/extensions/telegram/src/bot-access.ts index bee8392e686..c89a8fe6f48 100644 --- a/extensions/telegram/src/bot-access.ts +++ b/extensions/telegram/src/bot-access.ts @@ -2,9 +2,9 @@ import { firstDefined, isSenderIdAllowed, mergeDmAllowFromSources, -} from "../../../src/channels/allow-from.js"; -import type { AllowlistMatch } from "../../../src/channels/allowlist-match.js"; -import { createSubsystemLogger } from "../../../src/logging/subsystem.js"; +} from "openclaw/plugin-sdk/channel-runtime"; +import type { AllowlistMatch } from "openclaw/plugin-sdk/channel-runtime"; +import { createSubsystemLogger } from "openclaw/plugin-sdk/runtime-env"; export type NormalizedAllowFrom = { entries: string[]; diff --git a/extensions/telegram/src/bot-handlers.ts b/extensions/telegram/src/bot-handlers.ts index 88e61e1c567..92d584b8ea9 100644 --- a/extensions/telegram/src/bot-handlers.ts +++ b/extensions/telegram/src/bot-handlers.ts @@ -1,47 +1,47 @@ import type { Message, ReactionTypeEmoji } from "@grammyjs/types"; -import { resolveAgentDir, resolveDefaultAgentId } from "../../../src/agents/agent-scope.js"; -import { resolveDefaultModelForAgent } from "../../../src/agents/model-selection.js"; -import { - createInboundDebouncer, - resolveInboundDebounceMs, -} from "../../../src/auto-reply/inbound-debounce.js"; -import { buildCommandsPaginationKeyboard } from "../../../src/auto-reply/reply/commands-info.js"; -import { - buildModelsProviderData, - formatModelsAvailableHeader, -} from "../../../src/auto-reply/reply/commands-models.js"; -import { resolveStoredModelOverride } from "../../../src/auto-reply/reply/model-selection.js"; -import { listSkillCommandsForAgents } from "../../../src/auto-reply/skill-commands.js"; -import { buildCommandsMessagePaginated } from "../../../src/auto-reply/status.js"; -import { shouldDebounceTextInbound } from "../../../src/channels/inbound-debounce-policy.js"; -import { resolveChannelConfigWrites } from "../../../src/channels/plugins/config-writes.js"; -import { loadConfig } from "../../../src/config/config.js"; -import { writeConfigFile } from "../../../src/config/io.js"; +import { resolveAgentDir, resolveDefaultAgentId } from "openclaw/plugin-sdk/agent-runtime"; +import { resolveDefaultModelForAgent } from "openclaw/plugin-sdk/agent-runtime"; +import { shouldDebounceTextInbound } from "openclaw/plugin-sdk/channel-runtime"; +import { resolveChannelConfigWrites } from "openclaw/plugin-sdk/channel-runtime"; +import { loadConfig } from "openclaw/plugin-sdk/config-runtime"; +import { writeConfigFile } from "openclaw/plugin-sdk/config-runtime"; import { loadSessionStore, resolveSessionStoreEntry, resolveStorePath, updateSessionStore, -} from "../../../src/config/sessions.js"; -import type { DmPolicy } from "../../../src/config/types.base.js"; +} from "openclaw/plugin-sdk/config-runtime"; +import type { DmPolicy } from "openclaw/plugin-sdk/config-runtime"; import type { TelegramDirectConfig, TelegramGroupConfig, TelegramTopicConfig, -} from "../../../src/config/types.js"; -import { danger, logVerbose, warn } from "../../../src/globals.js"; -import { enqueueSystemEvent } from "../../../src/infra/system-events.js"; -import { MediaFetchError } from "../../../src/media/fetch.js"; -import { readChannelAllowFromStore } from "../../../src/pairing/pairing-store.js"; +} from "openclaw/plugin-sdk/config-runtime"; +import { applyModelOverrideToSessionEntry } from "openclaw/plugin-sdk/config-runtime"; +import { readChannelAllowFromStore } from "openclaw/plugin-sdk/conversation-runtime"; import { buildPluginBindingResolvedText, parsePluginBindingApprovalCustomId, resolvePluginConversationBindingApproval, -} from "../../../src/plugins/conversation-binding.js"; -import { dispatchPluginInteractiveHandler } from "../../../src/plugins/interactive.js"; -import { resolveAgentRoute } from "../../../src/routing/resolve-route.js"; -import { resolveThreadSessionKeys } from "../../../src/routing/session-key.js"; -import { applyModelOverrideToSessionEntry } from "../../../src/sessions/model-overrides.js"; +} from "openclaw/plugin-sdk/conversation-runtime"; +import { enqueueSystemEvent } from "openclaw/plugin-sdk/infra-runtime"; +import { MediaFetchError } from "openclaw/plugin-sdk/media-runtime"; +import { dispatchPluginInteractiveHandler } from "openclaw/plugin-sdk/plugin-runtime"; +import { + createInboundDebouncer, + resolveInboundDebounceMs, +} from "openclaw/plugin-sdk/reply-runtime"; +import { buildCommandsPaginationKeyboard } from "openclaw/plugin-sdk/reply-runtime"; +import { + buildModelsProviderData, + formatModelsAvailableHeader, +} from "openclaw/plugin-sdk/reply-runtime"; +import { resolveStoredModelOverride } from "openclaw/plugin-sdk/reply-runtime"; +import { listSkillCommandsForAgents } from "openclaw/plugin-sdk/reply-runtime"; +import { buildCommandsMessagePaginated } from "openclaw/plugin-sdk/reply-runtime"; +import { resolveAgentRoute } from "openclaw/plugin-sdk/routing"; +import { resolveThreadSessionKeys } from "openclaw/plugin-sdk/routing"; +import { danger, logVerbose, warn } from "openclaw/plugin-sdk/runtime-env"; import { withTelegramApiErrorLogging } from "./api-logging.js"; import { isSenderAllowed, @@ -64,7 +64,10 @@ import { resolveTelegramGroupAllowFromContext, } from "./bot/helpers.js"; import type { TelegramContext } from "./bot/types.js"; -import { resolveTelegramConversationRoute } from "./conversation-route.js"; +import { + resolveTelegramConversationBaseSessionKey, + resolveTelegramConversationRoute, +} from "./conversation-route.js"; import { enforceTelegramDmAccess } from "./dm-access.js"; import { isTelegramExecApprovalApprover, @@ -331,7 +334,13 @@ export const registerTelegramHandlers = ({ senderId: params.senderId, topicAgentId: topicConfig?.agentId, }); - const baseSessionKey = route.sessionKey; + const baseSessionKey = resolveTelegramConversationBaseSessionKey({ + cfg, + route, + chatId: params.chatId, + isGroup: params.isGroup, + senderId: params.senderId, + }); const threadKeys = dmThreadId != null ? resolveThreadSessionKeys({ baseSessionKey, threadId: `${params.chatId}:${dmThreadId}` }) diff --git a/extensions/telegram/src/bot-message-context.acp-bindings.test.ts b/extensions/telegram/src/bot-message-context.acp-bindings.test.ts index 1f9adb41a72..44aa89a7623 100644 --- a/extensions/telegram/src/bot-message-context.acp-bindings.test.ts +++ b/extensions/telegram/src/bot-message-context.acp-bindings.test.ts @@ -1,14 +1,18 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; -const ensureConfiguredAcpBindingSessionMock = vi.hoisted(() => vi.fn()); -const resolveConfiguredAcpBindingRecordMock = vi.hoisted(() => vi.fn()); +const ensureConfiguredBindingRouteReadyMock = vi.hoisted(() => vi.fn()); +const resolveConfiguredBindingRouteMock = vi.hoisted(() => vi.fn()); -vi.mock("../../../src/acp/persistent-bindings.js", () => ({ - ensureConfiguredAcpBindingSession: (...args: unknown[]) => - ensureConfiguredAcpBindingSessionMock(...args), - resolveConfiguredAcpBindingRecord: (...args: unknown[]) => - resolveConfiguredAcpBindingRecordMock(...args), -})); +vi.mock("openclaw/plugin-sdk/conversation-runtime", async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + ensureConfiguredBindingRouteReady: (...args: unknown[]) => + ensureConfiguredBindingRouteReadyMock(...args), + resolveConfiguredBindingRoute: (...args: unknown[]) => + resolveConfiguredBindingRouteMock(...args), + }; +}); import { buildTelegramMessageContextForTest } from "./bot-message-context.test-harness.js"; @@ -43,15 +47,92 @@ function createConfiguredTelegramBinding() { } as const; } +function createConfiguredTelegramRoute() { + const configuredBinding = createConfiguredTelegramBinding(); + return { + bindingResolution: { + conversation: { + channel: "telegram", + accountId: "work", + conversationId: "-1001234567890:topic:42", + parentConversationId: "-1001234567890", + }, + compiledBinding: { + channel: "telegram", + accountPattern: "work", + binding: { + type: "acp", + agentId: "codex", + match: { + channel: "telegram", + accountId: "work", + peer: { + kind: "group", + id: "-1001234567890:topic:42", + }, + }, + }, + bindingConversationId: "-1001234567890:topic:42", + target: { + conversationId: "-1001234567890:topic:42", + parentConversationId: "-1001234567890", + }, + agentId: "codex", + provider: { + compileConfiguredBinding: () => ({ + conversationId: "-1001234567890:topic:42", + parentConversationId: "-1001234567890", + }), + matchInboundConversation: () => ({ + conversationId: "-1001234567890:topic:42", + parentConversationId: "-1001234567890", + }), + }, + targetFactory: { + driverId: "acp", + materialize: () => ({ + record: configuredBinding.record, + statefulTarget: { + kind: "stateful", + driverId: "acp", + sessionKey: configuredBinding.record.targetSessionKey, + agentId: configuredBinding.spec.agentId, + }, + }), + }, + }, + match: { + conversationId: "-1001234567890:topic:42", + parentConversationId: "-1001234567890", + }, + record: configuredBinding.record, + statefulTarget: { + kind: "stateful", + driverId: "acp", + sessionKey: configuredBinding.record.targetSessionKey, + agentId: configuredBinding.spec.agentId, + }, + }, + configuredBinding, + boundSessionKey: configuredBinding.record.targetSessionKey, + route: { + agentId: "codex", + accountId: "work", + channel: "telegram", + sessionKey: configuredBinding.record.targetSessionKey, + mainSessionKey: "agent:codex:main", + matchedBy: "binding.channel", + lastRoutePolicy: "bound", + }, + } as const; +} + describe("buildTelegramMessageContext ACP configured bindings", () => { beforeEach(() => { - ensureConfiguredAcpBindingSessionMock.mockReset(); - resolveConfiguredAcpBindingRecordMock.mockReset(); - resolveConfiguredAcpBindingRecordMock.mockReturnValue(createConfiguredTelegramBinding()); - ensureConfiguredAcpBindingSessionMock.mockResolvedValue({ - ok: true, - sessionKey: "agent:codex:acp:binding:telegram:work:abc123", - }); + ensureConfiguredBindingRouteReadyMock.mockReset(); + resolveConfiguredBindingRouteMock.mockReset(); + resolveConfiguredBindingRouteMock.mockReturnValue(createConfiguredTelegramRoute()); + ensureConfiguredBindingRouteReadyMock.mockResolvedValue({ ok: true }); }); it("treats configured topic bindings as explicit route matches on non-default accounts", async () => { @@ -68,7 +149,7 @@ describe("buildTelegramMessageContext ACP configured bindings", () => { expect(ctx?.route.accountId).toBe("work"); expect(ctx?.route.matchedBy).toBe("binding.channel"); expect(ctx?.route.sessionKey).toBe("agent:codex:acp:binding:telegram:work:abc123"); - expect(ensureConfiguredAcpBindingSessionMock).toHaveBeenCalledTimes(1); + expect(ensureConfiguredBindingRouteReadyMock).toHaveBeenCalledTimes(1); }); it("skips ACP session initialization when topic access is denied", async () => { @@ -86,8 +167,8 @@ describe("buildTelegramMessageContext ACP configured bindings", () => { }); expect(ctx).toBeNull(); - expect(resolveConfiguredAcpBindingRecordMock).toHaveBeenCalledTimes(1); - expect(ensureConfiguredAcpBindingSessionMock).not.toHaveBeenCalled(); + expect(resolveConfiguredBindingRouteMock).toHaveBeenCalledTimes(1); + expect(ensureConfiguredBindingRouteReadyMock).not.toHaveBeenCalled(); }); it("defers ACP session initialization for unauthorized control commands", async () => { @@ -109,14 +190,13 @@ describe("buildTelegramMessageContext ACP configured bindings", () => { }); expect(ctx).toBeNull(); - expect(resolveConfiguredAcpBindingRecordMock).toHaveBeenCalledTimes(1); - expect(ensureConfiguredAcpBindingSessionMock).not.toHaveBeenCalled(); + expect(resolveConfiguredBindingRouteMock).toHaveBeenCalledTimes(1); + expect(ensureConfiguredBindingRouteReadyMock).not.toHaveBeenCalled(); }); it("drops inbound processing when configured ACP binding initialization fails", async () => { - ensureConfiguredAcpBindingSessionMock.mockResolvedValue({ + ensureConfiguredBindingRouteReadyMock.mockResolvedValue({ ok: false, - sessionKey: "agent:codex:acp:binding:telegram:work:abc123", error: "gateway unavailable", }); @@ -130,7 +210,7 @@ describe("buildTelegramMessageContext ACP configured bindings", () => { }); expect(ctx).toBeNull(); - expect(resolveConfiguredAcpBindingRecordMock).toHaveBeenCalledTimes(1); - expect(ensureConfiguredAcpBindingSessionMock).toHaveBeenCalledTimes(1); + expect(resolveConfiguredBindingRouteMock).toHaveBeenCalledTimes(1); + expect(ensureConfiguredBindingRouteReadyMock).toHaveBeenCalledTimes(1); }); }); diff --git a/extensions/telegram/src/bot-message-context.body.ts b/extensions/telegram/src/bot-message-context.body.ts index 8290b02169d..63e6aaa12dd 100644 --- a/extensions/telegram/src/bot-message-context.body.ts +++ b/extensions/telegram/src/bot-message-context.body.ts @@ -2,29 +2,26 @@ import { findModelInCatalog, loadModelCatalog, modelSupportsVision, -} from "../../../src/agents/model-catalog.js"; -import { resolveDefaultModelForAgent } from "../../../src/agents/model-selection.js"; -import { hasControlCommand } from "../../../src/auto-reply/command-detection.js"; -import { - recordPendingHistoryEntryIfEnabled, - type HistoryEntry, -} from "../../../src/auto-reply/reply/history.js"; -import { - buildMentionRegexes, - matchesMentionWithExplicit, -} from "../../../src/auto-reply/reply/mentions.js"; -import type { MsgContext } from "../../../src/auto-reply/templating.js"; -import { resolveControlCommandGate } from "../../../src/channels/command-gating.js"; -import { formatLocationText, type NormalizedLocation } from "../../../src/channels/location.js"; -import { logInboundDrop } from "../../../src/channels/logging.js"; -import { resolveMentionGatingWithBypass } from "../../../src/channels/mention-gating.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; +} from "openclaw/plugin-sdk/agent-runtime"; +import { resolveDefaultModelForAgent } from "openclaw/plugin-sdk/agent-runtime"; +import { resolveControlCommandGate } from "openclaw/plugin-sdk/channel-runtime"; +import { formatLocationText, type NormalizedLocation } from "openclaw/plugin-sdk/channel-runtime"; +import { logInboundDrop } from "openclaw/plugin-sdk/channel-runtime"; +import { resolveMentionGatingWithBypass } from "openclaw/plugin-sdk/channel-runtime"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; import type { TelegramDirectConfig, TelegramGroupConfig, TelegramTopicConfig, -} from "../../../src/config/types.js"; -import { logVerbose } from "../../../src/globals.js"; +} from "openclaw/plugin-sdk/config-runtime"; +import { hasControlCommand } from "openclaw/plugin-sdk/reply-runtime"; +import { + recordPendingHistoryEntryIfEnabled, + type HistoryEntry, +} from "openclaw/plugin-sdk/reply-runtime"; +import { buildMentionRegexes, matchesMentionWithExplicit } from "openclaw/plugin-sdk/reply-runtime"; +import type { MsgContext } from "openclaw/plugin-sdk/reply-runtime"; +import { logVerbose } from "openclaw/plugin-sdk/runtime-env"; import type { NormalizedAllowFrom } from "./bot-access.js"; import { isSenderAllowed } from "./bot-access.js"; import type { @@ -182,8 +179,7 @@ export async function resolveTelegramInboundBody(params: { if (needsPreflightTranscription) { try { - const { transcribeFirstAudio } = - await import("../../../src/media-understanding/audio-preflight.js"); + const { transcribeFirstAudio } = await import("./media-understanding.runtime.js"); const tempCtx: MsgContext = { MediaPaths: allMedia.length > 0 ? allMedia.map((m) => m.path) : undefined, MediaTypes: diff --git a/extensions/telegram/src/bot-message-context.named-account-dm.test.ts b/extensions/telegram/src/bot-message-context.named-account-dm.test.ts index a60904514ba..e51c7920ae7 100644 --- a/extensions/telegram/src/bot-message-context.named-account-dm.test.ts +++ b/extensions/telegram/src/bot-message-context.named-account-dm.test.ts @@ -6,9 +6,13 @@ import { import { buildTelegramMessageContextForTest } from "./bot-message-context.test-harness.js"; const recordInboundSessionMock = vi.fn().mockResolvedValue(undefined); -vi.mock("../../../src/channels/session.js", () => ({ - recordInboundSession: (...args: unknown[]) => recordInboundSessionMock(...args), -})); +vi.mock("openclaw/plugin-sdk/channel-runtime", async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + recordInboundSession: (...args: unknown[]) => recordInboundSessionMock(...args), + }; +}); describe("buildTelegramMessageContext named-account DM fallback", () => { const baseCfg = { diff --git a/extensions/telegram/src/bot-message-context.session.ts b/extensions/telegram/src/bot-message-context.session.ts index 1a2f54cf22f..47bcda8592f 100644 --- a/extensions/telegram/src/bot-message-context.session.ts +++ b/extensions/telegram/src/bot-message-context.session.ts @@ -1,26 +1,26 @@ -import { normalizeCommandBody } from "../../../src/auto-reply/commands-registry.js"; -import { - formatInboundEnvelope, - resolveEnvelopeFormatOptions, -} from "../../../src/auto-reply/envelope.js"; -import { - buildPendingHistoryContextFromMap, - type HistoryEntry, -} from "../../../src/auto-reply/reply/history.js"; -import { finalizeInboundContext } from "../../../src/auto-reply/reply/inbound-context.js"; -import { toLocationContext } from "../../../src/channels/location.js"; -import { recordInboundSession } from "../../../src/channels/session.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { readSessionUpdatedAt, resolveStorePath } from "../../../src/config/sessions.js"; +import { toLocationContext } from "openclaw/plugin-sdk/channel-runtime"; +import { recordInboundSession } from "openclaw/plugin-sdk/channel-runtime"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { readSessionUpdatedAt, resolveStorePath } from "openclaw/plugin-sdk/config-runtime"; import type { TelegramDirectConfig, TelegramGroupConfig, TelegramTopicConfig, -} from "../../../src/config/types.js"; -import { logVerbose, shouldLogVerbose } from "../../../src/globals.js"; -import type { ResolvedAgentRoute } from "../../../src/routing/resolve-route.js"; -import { resolveInboundLastRouteSessionKey } from "../../../src/routing/resolve-route.js"; -import { resolvePinnedMainDmOwnerFromAllowlist } from "../../../src/security/dm-policy-shared.js"; +} from "openclaw/plugin-sdk/config-runtime"; +import { normalizeCommandBody } from "openclaw/plugin-sdk/reply-runtime"; +import { + formatInboundEnvelope, + resolveEnvelopeFormatOptions, +} from "openclaw/plugin-sdk/reply-runtime"; +import { + buildPendingHistoryContextFromMap, + type HistoryEntry, +} from "openclaw/plugin-sdk/reply-runtime"; +import { finalizeInboundContext } from "openclaw/plugin-sdk/reply-runtime"; +import type { ResolvedAgentRoute } from "openclaw/plugin-sdk/routing"; +import { resolveInboundLastRouteSessionKey } from "openclaw/plugin-sdk/routing"; +import { logVerbose, shouldLogVerbose } from "openclaw/plugin-sdk/runtime-env"; +import { resolvePinnedMainDmOwnerFromAllowlist } from "openclaw/plugin-sdk/security-runtime"; import { normalizeAllowFrom } from "./bot-access.js"; import type { TelegramMediaRef, @@ -63,7 +63,7 @@ export async function buildTelegramInboundContextPayload(params: { stickerCacheHit: boolean; effectiveWasMentioned: boolean; commandAuthorized: boolean; - locationData?: import("../../../src/channels/location.js").NormalizedLocation; + locationData?: import("openclaw/plugin-sdk/channel-runtime").NormalizedLocation; options?: TelegramMessageContextOptions; dmAllowFrom?: Array; }): Promise<{ diff --git a/extensions/telegram/src/bot-message-context.ts b/extensions/telegram/src/bot-message-context.ts index 03bcd429018..78ba9f02492 100644 --- a/extensions/telegram/src/bot-message-context.ts +++ b/extensions/telegram/src/bot-message-context.ts @@ -1,28 +1,27 @@ -import { ensureConfiguredAcpRouteReady } from "../../../src/acp/persistent-bindings.route.js"; -import { resolveAckReaction } from "../../../src/agents/identity.js"; -import { shouldAckReaction as shouldAckReactionGate } from "../../../src/channels/ack-reactions.js"; -import { logInboundDrop } from "../../../src/channels/logging.js"; +import { resolveAckReaction } from "openclaw/plugin-sdk/agent-runtime"; +import { shouldAckReaction as shouldAckReactionGate } from "openclaw/plugin-sdk/channel-runtime"; +import { logInboundDrop } from "openclaw/plugin-sdk/channel-runtime"; import { createStatusReactionController, type StatusReactionController, -} from "../../../src/channels/status-reactions.js"; -import { loadConfig } from "../../../src/config/config.js"; -import type { TelegramDirectConfig, TelegramGroupConfig } from "../../../src/config/types.js"; -import { logVerbose } from "../../../src/globals.js"; -import { recordChannelActivity } from "../../../src/infra/channel-activity.js"; -import { buildAgentSessionKey, deriveLastRoutePolicy } from "../../../src/routing/resolve-route.js"; -import { DEFAULT_ACCOUNT_ID, resolveThreadSessionKeys } from "../../../src/routing/session-key.js"; +} from "openclaw/plugin-sdk/channel-runtime"; +import { loadConfig } from "openclaw/plugin-sdk/config-runtime"; +import type { TelegramDirectConfig, TelegramGroupConfig } from "openclaw/plugin-sdk/config-runtime"; +import { ensureConfiguredBindingRouteReady } from "openclaw/plugin-sdk/conversation-runtime"; +import { recordChannelActivity } from "openclaw/plugin-sdk/infra-runtime"; +import { deriveLastRoutePolicy } from "openclaw/plugin-sdk/routing"; +import { DEFAULT_ACCOUNT_ID, resolveThreadSessionKeys } from "openclaw/plugin-sdk/routing"; +import { logVerbose } from "openclaw/plugin-sdk/runtime-env"; import { withTelegramApiErrorLogging } from "./api-logging.js"; import { firstDefined, normalizeAllowFrom, normalizeDmAllowFromWithStore } from "./bot-access.js"; import { resolveTelegramInboundBody } from "./bot-message-context.body.js"; import { buildTelegramInboundContextPayload } from "./bot-message-context.session.js"; import type { BuildTelegramMessageContextParams } from "./bot-message-context.types.js"; +import { buildTypingThreadParams, resolveTelegramThreadSpec } from "./bot/helpers.js"; import { - buildTypingThreadParams, - resolveTelegramDirectPeerId, - resolveTelegramThreadSpec, -} from "./bot/helpers.js"; -import { resolveTelegramConversationRoute } from "./conversation-route.js"; + resolveTelegramConversationBaseSessionKey, + resolveTelegramConversationRoute, +} from "./conversation-route.js"; import { enforceTelegramDmAccess } from "./dm-access.js"; import { evaluateTelegramGroupBaseAccess } from "./group-access.js"; import { @@ -202,44 +201,35 @@ export const buildTelegramMessageContext = async ({ if (!configuredBinding) { return true; } - const ensured = await ensureConfiguredAcpRouteReady({ + const ensured = await ensureConfiguredBindingRouteReady({ cfg: freshCfg, - configuredBinding, + bindingResolution: configuredBinding, }); if (ensured.ok) { logVerbose( - `telegram: using configured ACP binding for ${configuredBinding.spec.conversationId} -> ${configuredBindingSessionKey}`, + `telegram: using configured ACP binding for ${configuredBinding.record.conversation.conversationId} -> ${configuredBindingSessionKey}`, ); return true; } logVerbose( - `telegram: configured ACP binding unavailable for ${configuredBinding.spec.conversationId}: ${ensured.error}`, + `telegram: configured ACP binding unavailable for ${configuredBinding.record.conversation.conversationId}: ${ensured.error}`, ); logInboundDrop({ log: logVerbose, channel: "telegram", reason: "configured ACP binding unavailable", - target: configuredBinding.spec.conversationId, + target: configuredBinding.record.conversation.conversationId, }); return false; }; - const baseSessionKey = isNamedAccountFallback - ? buildAgentSessionKey({ - agentId: route.agentId, - channel: "telegram", - accountId: route.accountId, - peer: { - kind: "direct", - id: resolveTelegramDirectPeerId({ - chatId, - senderId, - }), - }, - dmScope: "per-account-channel-peer", - identityLinks: freshCfg.session?.identityLinks, - }).toLowerCase() - : route.sessionKey; + const baseSessionKey = resolveTelegramConversationBaseSessionKey({ + cfg: freshCfg, + route, + chatId, + isGroup, + senderId, + }); // DMs: use thread suffix for session isolation (works regardless of dmScope) const threadKeys = dmThreadId != null diff --git a/extensions/telegram/src/bot-message-context.types.ts b/extensions/telegram/src/bot-message-context.types.ts index 2853c1a8e34..ca0fbbf3376 100644 --- a/extensions/telegram/src/bot-message-context.types.ts +++ b/extensions/telegram/src/bot-message-context.types.ts @@ -1,12 +1,12 @@ import type { Bot } from "grammy"; -import type { HistoryEntry } from "../../../src/auto-reply/reply/history.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; import type { DmPolicy, TelegramDirectConfig, TelegramGroupConfig, TelegramTopicConfig, -} from "../../../src/config/types.js"; +} from "openclaw/plugin-sdk/config-runtime"; +import type { HistoryEntry } from "openclaw/plugin-sdk/reply-runtime"; import type { StickerMetadata, TelegramContext } from "./bot/types.js"; export type TelegramMediaRef = { diff --git a/extensions/telegram/src/bot-message-dispatch.ts b/extensions/telegram/src/bot-message-dispatch.ts index 9b603393450..a8a4c376b0b 100644 --- a/extensions/telegram/src/bot-message-dispatch.ts +++ b/extensions/telegram/src/bot-message-dispatch.ts @@ -1,33 +1,33 @@ import type { Bot } from "grammy"; -import { resolveAgentDir } from "../../../src/agents/agent-scope.js"; +import { resolveAgentDir } from "openclaw/plugin-sdk/agent-runtime"; import { findModelInCatalog, loadModelCatalog, modelSupportsVision, -} from "../../../src/agents/model-catalog.js"; -import { resolveDefaultModelForAgent } from "../../../src/agents/model-selection.js"; -import { resolveChunkMode } from "../../../src/auto-reply/chunk.js"; -import { clearHistoryEntriesIfEnabled } from "../../../src/auto-reply/reply/history.js"; -import { dispatchReplyWithBufferedBlockDispatcher } from "../../../src/auto-reply/reply/provider-dispatcher.js"; -import type { ReplyPayload } from "../../../src/auto-reply/types.js"; -import { removeAckReactionAfterReply } from "../../../src/channels/ack-reactions.js"; -import { logAckFailure, logTypingFailure } from "../../../src/channels/logging.js"; -import { createReplyPrefixOptions } from "../../../src/channels/reply-prefix.js"; -import { createTypingCallbacks } from "../../../src/channels/typing.js"; -import { resolveMarkdownTableMode } from "../../../src/config/markdown-tables.js"; +} from "openclaw/plugin-sdk/agent-runtime"; +import { resolveDefaultModelForAgent } from "openclaw/plugin-sdk/agent-runtime"; +import { removeAckReactionAfterReply } from "openclaw/plugin-sdk/channel-runtime"; +import { logAckFailure, logTypingFailure } from "openclaw/plugin-sdk/channel-runtime"; +import { createReplyPrefixOptions } from "openclaw/plugin-sdk/channel-runtime"; +import { createTypingCallbacks } from "openclaw/plugin-sdk/channel-runtime"; +import { resolveMarkdownTableMode } from "openclaw/plugin-sdk/config-runtime"; import { loadSessionStore, resolveSessionStoreEntry, resolveStorePath, -} from "../../../src/config/sessions.js"; +} from "openclaw/plugin-sdk/config-runtime"; import type { OpenClawConfig, ReplyToMode, TelegramAccountConfig, -} from "../../../src/config/types.js"; -import { danger, logVerbose } from "../../../src/globals.js"; -import { getAgentScopedMediaLocalRoots } from "../../../src/media/local-roots.js"; -import type { RuntimeEnv } from "../../../src/runtime.js"; +} from "openclaw/plugin-sdk/config-runtime"; +import { getAgentScopedMediaLocalRoots } from "openclaw/plugin-sdk/media-runtime"; +import { resolveChunkMode } from "openclaw/plugin-sdk/reply-runtime"; +import { clearHistoryEntriesIfEnabled } from "openclaw/plugin-sdk/reply-runtime"; +import { dispatchReplyWithBufferedBlockDispatcher } from "openclaw/plugin-sdk/reply-runtime"; +import type { ReplyPayload } from "openclaw/plugin-sdk/reply-runtime"; +import { danger, logVerbose } from "openclaw/plugin-sdk/runtime-env"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; import type { TelegramMessageContext } from "./bot-message-context.js"; import type { TelegramBotOptions } from "./bot.js"; import { deliverReplies } from "./bot/delivery.js"; diff --git a/extensions/telegram/src/bot-message.ts b/extensions/telegram/src/bot-message.ts index 0a5d44c65db..cb625c7b965 100644 --- a/extensions/telegram/src/bot-message.ts +++ b/extensions/telegram/src/bot-message.ts @@ -1,7 +1,7 @@ -import type { ReplyToMode } from "../../../src/config/config.js"; -import type { TelegramAccountConfig } from "../../../src/config/types.telegram.js"; -import { danger } from "../../../src/globals.js"; -import type { RuntimeEnv } from "../../../src/runtime.js"; +import type { ReplyToMode } from "openclaw/plugin-sdk/config-runtime"; +import type { TelegramAccountConfig } from "openclaw/plugin-sdk/config-runtime"; +import { danger } from "openclaw/plugin-sdk/runtime-env"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; import { buildTelegramMessageContext, type BuildTelegramMessageContextParams, diff --git a/extensions/telegram/src/bot-native-command-menu.ts b/extensions/telegram/src/bot-native-command-menu.ts index 73fa2d2345a..091a6e52c1b 100644 --- a/extensions/telegram/src/bot-native-command-menu.ts +++ b/extensions/telegram/src/bot-native-command-menu.ts @@ -3,13 +3,13 @@ import fs from "node:fs/promises"; import os from "node:os"; import path from "node:path"; import type { Bot } from "grammy"; -import { resolveStateDir } from "../../../src/config/paths.js"; import { normalizeTelegramCommandName, TELEGRAM_COMMAND_NAME_PATTERN, -} from "../../../src/config/telegram-custom-commands.js"; -import { logVerbose } from "../../../src/globals.js"; -import type { RuntimeEnv } from "../../../src/runtime.js"; +} from "openclaw/plugin-sdk/config-runtime"; +import { logVerbose } from "openclaw/plugin-sdk/runtime-env"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; +import { resolveStateDir } from "openclaw/plugin-sdk/state-paths"; import { withTelegramApiErrorLogging } from "./api-logging.js"; export const TELEGRAM_MAX_COMMANDS = 100; diff --git a/extensions/telegram/src/bot-native-commands.fixture-test-support.ts b/extensions/telegram/src/bot-native-commands.fixture-test-support.ts new file mode 100644 index 00000000000..f26ac028db3 --- /dev/null +++ b/extensions/telegram/src/bot-native-commands.fixture-test-support.ts @@ -0,0 +1,107 @@ +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; +import type { OpenClawConfig, TelegramAccountConfig } from "openclaw/plugin-sdk/telegram"; +import { vi } from "vitest"; +import type { RegisterTelegramNativeCommandsParams } from "./bot-native-commands.js"; + +export type NativeCommandTestParams = RegisterTelegramNativeCommandsParams; + +export function createDeferred() { + let resolve!: (value: T | PromiseLike) => void; + const promise = new Promise((res) => { + resolve = res; + }); + return { promise, resolve }; +} + +export function createNativeCommandTestParams( + params: Partial = {}, +): NativeCommandTestParams { + const log = vi.fn(); + return { + bot: + params.bot ?? + ({ + api: { + setMyCommands: vi.fn().mockResolvedValue(undefined), + sendMessage: vi.fn().mockResolvedValue(undefined), + }, + command: vi.fn(), + } as unknown as NativeCommandTestParams["bot"]), + cfg: params.cfg ?? ({} as OpenClawConfig), + runtime: + params.runtime ?? + ({ + log, + error: vi.fn(), + exit: vi.fn(), + } as unknown as RuntimeEnv), + accountId: params.accountId ?? "default", + telegramCfg: params.telegramCfg ?? ({} as TelegramAccountConfig), + allowFrom: params.allowFrom ?? [], + groupAllowFrom: params.groupAllowFrom ?? [], + replyToMode: params.replyToMode ?? "off", + textLimit: params.textLimit ?? 4000, + useAccessGroups: params.useAccessGroups ?? false, + nativeEnabled: params.nativeEnabled ?? true, + nativeSkillsEnabled: params.nativeSkillsEnabled ?? false, + nativeDisabledExplicit: params.nativeDisabledExplicit ?? false, + resolveGroupPolicy: + params.resolveGroupPolicy ?? + (() => + ({ + allowlistEnabled: false, + allowed: true, + }) as ReturnType), + resolveTelegramGroupConfig: + params.resolveTelegramGroupConfig ?? + ((_chatId, _messageThreadId) => ({ groupConfig: undefined, topicConfig: undefined })), + shouldSkipUpdate: params.shouldSkipUpdate ?? (() => false), + opts: params.opts ?? { token: "token" }, + }; +} + +export function createTelegramPrivateCommandContext(params?: { + match?: string; + messageId?: number; + date?: number; + chatId?: number; + userId?: number; + username?: string; +}) { + return { + match: params?.match ?? "", + message: { + message_id: params?.messageId ?? 1, + date: params?.date ?? Math.floor(Date.now() / 1000), + chat: { id: params?.chatId ?? 100, type: "private" as const }, + from: { id: params?.userId ?? 200, username: params?.username ?? "bob" }, + }, + }; +} + +export function createTelegramTopicCommandContext(params?: { + match?: string; + messageId?: number; + date?: number; + chatId?: number; + title?: string; + threadId?: number; + userId?: number; + username?: string; +}) { + return { + match: params?.match ?? "", + message: { + message_id: params?.messageId ?? 2, + date: params?.date ?? Math.floor(Date.now() / 1000), + chat: { + id: params?.chatId ?? -1001234567890, + type: "supergroup" as const, + title: params?.title ?? "OpenClaw", + is_forum: true, + }, + message_thread_id: params?.threadId ?? 42, + from: { id: params?.userId ?? 200, username: params?.username ?? "bob" }, + }, + }; +} diff --git a/extensions/telegram/src/bot-native-commands.menu-test-support.ts b/extensions/telegram/src/bot-native-commands.menu-test-support.ts new file mode 100644 index 00000000000..e37634e7d55 --- /dev/null +++ b/extensions/telegram/src/bot-native-commands.menu-test-support.ts @@ -0,0 +1,93 @@ +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/telegram"; +import { expect, vi } from "vitest"; +import { + createNativeCommandTestParams as createBaseNativeCommandTestParams, + createTelegramPrivateCommandContext, + type NativeCommandTestParams as RegisterTelegramNativeCommandsParams, +} from "./bot-native-commands.fixture-test-support.js"; + +type RegisteredCommand = { + command: string; + description: string; +}; + +type CreateCommandBotResult = { + bot: RegisterTelegramNativeCommandsParams["bot"]; + commandHandlers: Map Promise>; + sendMessage: ReturnType; + setMyCommands: ReturnType; +}; + +const skillCommandMocks = vi.hoisted(() => ({ + listSkillCommandsForAgents: vi.fn(() => []), +})); + +const deliveryMocks = vi.hoisted(() => ({ + deliverReplies: vi.fn(async () => ({ delivered: true })), +})); + +export const listSkillCommandsForAgents = skillCommandMocks.listSkillCommandsForAgents; +export const deliverReplies = deliveryMocks.deliverReplies; + +vi.mock("openclaw/plugin-sdk/reply-runtime", async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + listSkillCommandsForAgents, + }; +}); + +vi.mock("./bot/delivery.js", () => ({ + deliverReplies, +})); + +export async function waitForRegisteredCommands( + setMyCommands: ReturnType, +): Promise { + await vi.waitFor(() => { + expect(setMyCommands).toHaveBeenCalled(); + }); + return setMyCommands.mock.calls[0]?.[0] as RegisteredCommand[]; +} + +export function resetNativeCommandMenuMocks() { + listSkillCommandsForAgents.mockClear(); + listSkillCommandsForAgents.mockReturnValue([]); + deliverReplies.mockClear(); + deliverReplies.mockResolvedValue({ delivered: true }); +} + +export function createCommandBot(): CreateCommandBotResult { + const commandHandlers = new Map Promise>(); + const sendMessage = vi.fn().mockResolvedValue(undefined); + const setMyCommands = vi.fn().mockResolvedValue(undefined); + const bot = { + api: { + setMyCommands, + sendMessage, + }, + command: vi.fn((name: string, cb: (ctx: unknown) => Promise) => { + commandHandlers.set(name, cb); + }), + } as unknown as RegisterTelegramNativeCommandsParams["bot"]; + return { bot, commandHandlers, sendMessage, setMyCommands }; +} + +export function createNativeCommandTestParams( + cfg: OpenClawConfig, + params: Partial = {}, +): RegisterTelegramNativeCommandsParams { + return createBaseNativeCommandTestParams({ + cfg, + runtime: params.runtime ?? ({} as RuntimeEnv), + nativeSkillsEnabled: true, + ...params, + }); +} + +export function createPrivateCommandContext( + params?: Parameters[0], +) { + return createTelegramPrivateCommandContext(params); +} diff --git a/extensions/telegram/src/bot-native-commands.registry.test.ts b/extensions/telegram/src/bot-native-commands.registry.test.ts new file mode 100644 index 00000000000..d671be06609 --- /dev/null +++ b/extensions/telegram/src/bot-native-commands.registry.test.ts @@ -0,0 +1,163 @@ +import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; +import type { OpenClawConfig } from "../../../src/config/config.js"; +import { clearPluginCommands, registerPluginCommand } from "../../../src/plugins/commands.js"; +const deliveryMocks = vi.hoisted(() => ({ + deliverReplies: vi.fn(async () => ({ delivered: true })), +})); + +vi.mock("./bot/delivery.js", () => ({ + deliverReplies: deliveryMocks.deliverReplies, +})); + +import { registerTelegramNativeCommands } from "./bot-native-commands.js"; +import { + createCommandBot, + createNativeCommandTestParams, + createPrivateCommandContext, + waitForRegisteredCommands, +} from "./bot-native-commands.menu-test-support.js"; + +function registerPairPluginCommand(params?: { + nativeNames?: { telegram?: string; discord?: string }; +}) { + expect( + registerPluginCommand("demo-plugin", { + name: "pair", + ...(params?.nativeNames ? { nativeNames: params.nativeNames } : {}), + description: "Pair device", + acceptsArgs: true, + requireAuth: false, + handler: async ({ args }) => ({ text: `paired:${args ?? ""}` }), + }), + ).toEqual({ ok: true }); +} + +async function registerPairMenu(params: { + bot: ReturnType["bot"]; + setMyCommands: ReturnType["setMyCommands"]; + nativeNames?: { telegram?: string; discord?: string }; +}) { + registerPairPluginCommand({ + ...(params.nativeNames ? { nativeNames: params.nativeNames } : {}), + }); + + registerTelegramNativeCommands({ + ...createNativeCommandTestParams({}), + bot: params.bot, + }); + + return await waitForRegisteredCommands(params.setMyCommands); +} + +describe("registerTelegramNativeCommands real plugin registry", () => { + beforeEach(() => { + clearPluginCommands(); + deliveryMocks.deliverReplies.mockClear(); + deliveryMocks.deliverReplies.mockResolvedValue({ delivered: true }); + }); + + afterEach(() => { + clearPluginCommands(); + }); + + it("registers and executes plugin commands through the real plugin registry", async () => { + const { bot, commandHandlers, sendMessage, setMyCommands } = createCommandBot(); + + const registeredCommands = await registerPairMenu({ bot, setMyCommands }); + expect(registeredCommands).toEqual( + expect.arrayContaining([{ command: "pair", description: "Pair device" }]), + ); + + const handler = commandHandlers.get("pair"); + expect(handler).toBeTruthy(); + + await handler?.(createPrivateCommandContext({ match: "now" })); + + expect(deliveryMocks.deliverReplies).toHaveBeenCalledWith( + expect.objectContaining({ + replies: [expect.objectContaining({ text: "paired:now" })], + }), + ); + expect(sendMessage).not.toHaveBeenCalledWith(123, "Command not found."); + }); + + it("round-trips Telegram native aliases through the real plugin registry", async () => { + const { bot, commandHandlers, sendMessage, setMyCommands } = createCommandBot(); + + const registeredCommands = await registerPairMenu({ + bot, + setMyCommands, + nativeNames: { + telegram: "pair_device", + discord: "pairdiscord", + }, + }); + expect(registeredCommands).toEqual( + expect.arrayContaining([{ command: "pair_device", description: "Pair device" }]), + ); + + const handler = commandHandlers.get("pair_device"); + expect(handler).toBeTruthy(); + + await handler?.(createPrivateCommandContext({ match: "now", messageId: 2 })); + + expect(deliveryMocks.deliverReplies).toHaveBeenCalledWith( + expect.objectContaining({ + replies: [expect.objectContaining({ text: "paired:now" })], + }), + ); + expect(sendMessage).not.toHaveBeenCalledWith(123, "Command not found."); + }); + + it("keeps real plugin command handlers available when native menu registration is disabled", () => { + const { bot, commandHandlers, setMyCommands } = createCommandBot(); + + registerPairPluginCommand(); + + registerTelegramNativeCommands({ + ...createNativeCommandTestParams({}, { accountId: "default" }), + bot, + nativeEnabled: false, + }); + + expect(setMyCommands).not.toHaveBeenCalled(); + expect(commandHandlers.has("pair")).toBe(true); + }); + + it("allows requireAuth:false plugin commands for unauthorized senders through the real registry", async () => { + const { bot, commandHandlers, sendMessage, setMyCommands } = createCommandBot(); + + registerPairPluginCommand(); + + registerTelegramNativeCommands({ + ...createNativeCommandTestParams({ + commands: { allowFrom: { telegram: ["999"] } } as OpenClawConfig["commands"], + }), + bot, + allowFrom: ["999"], + nativeEnabled: false, + }); + + expect(setMyCommands).not.toHaveBeenCalled(); + + const handler = commandHandlers.get("pair"); + expect(handler).toBeTruthy(); + + await handler?.( + createPrivateCommandContext({ + match: "now", + messageId: 10, + date: 123456, + userId: 111, + username: "nope", + }), + ); + + expect(deliveryMocks.deliverReplies).toHaveBeenCalledWith( + expect.objectContaining({ + replies: [expect.objectContaining({ text: "paired:now" })], + }), + ); + expect(sendMessage).not.toHaveBeenCalled(); + }); +}); diff --git a/extensions/telegram/src/bot-native-commands.session-meta.test.ts b/extensions/telegram/src/bot-native-commands.session-meta.test.ts index 6160afccf01..7540f22b1ac 100644 --- a/extensions/telegram/src/bot-native-commands.session-meta.test.ts +++ b/extensions/telegram/src/bot-native-commands.session-meta.test.ts @@ -1,18 +1,24 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; import type { OpenClawConfig } from "../../../src/config/config.js"; +import type { ResolvedAgentRoute } from "../../../src/routing/resolve-route.js"; +import { + createDeferred, + createNativeCommandTestParams, + createTelegramPrivateCommandContext, + createTelegramTopicCommandContext, + type NativeCommandTestParams, +} from "./bot-native-commands.fixture-test-support.js"; import { registerTelegramNativeCommands, type RegisterTelegramHandlerParams, } from "./bot-native-commands.js"; -type RegisterTelegramNativeCommandsParams = Parameters[0]; - // All mocks scoped to this file only — does not affect bot-native-commands.test.ts -type ResolveConfiguredAcpBindingRecordFn = - typeof import("../../../src/acp/persistent-bindings.js").resolveConfiguredAcpBindingRecord; -type EnsureConfiguredAcpBindingSessionFn = - typeof import("../../../src/acp/persistent-bindings.js").ensureConfiguredAcpBindingSession; +type ResolveConfiguredBindingRouteFn = + typeof import("openclaw/plugin-sdk/conversation-runtime").resolveConfiguredBindingRoute; +type EnsureConfiguredBindingRouteReadyFn = + typeof import("openclaw/plugin-sdk/conversation-runtime").ensureConfiguredBindingRouteReady; type DispatchReplyWithBufferedBlockDispatcherFn = typeof import("../../../src/auto-reply/reply/provider-dispatcher.js").dispatchReplyWithBufferedBlockDispatcher; type DispatchReplyWithBufferedBlockDispatcherParams = @@ -29,10 +35,12 @@ const dispatchReplyResult: DispatchReplyWithBufferedBlockDispatcherResult = { }; const persistentBindingMocks = vi.hoisted(() => ({ - resolveConfiguredAcpBindingRecord: vi.fn(() => null), - ensureConfiguredAcpBindingSession: vi.fn(async () => ({ + resolveConfiguredBindingRoute: vi.fn(({ route }) => ({ + bindingResolution: null, + route, + })), + ensureConfiguredBindingRouteReady: vi.fn(async () => ({ ok: true, - sessionKey: "agent:codex:acp:binding:telegram:default:seed", })), })); const sessionMocks = vi.hoisted(() => ({ @@ -54,12 +62,58 @@ const sessionBindingMocks = vi.hoisted(() => ({ touch: vi.fn(), })); -vi.mock("../../../src/acp/persistent-bindings.js", async (importOriginal) => { - const actual = await importOriginal(); +vi.mock("openclaw/plugin-sdk/conversation-runtime", async (importOriginal) => { + const actual = await importOriginal(); return { ...actual, - resolveConfiguredAcpBindingRecord: persistentBindingMocks.resolveConfiguredAcpBindingRecord, - ensureConfiguredAcpBindingSession: persistentBindingMocks.ensureConfiguredAcpBindingSession, + resolveConfiguredBindingRoute: persistentBindingMocks.resolveConfiguredBindingRoute, + ensureConfiguredBindingRouteReady: persistentBindingMocks.ensureConfiguredBindingRouteReady, + getSessionBindingService: () => ({ + bind: vi.fn(), + getCapabilities: vi.fn(), + listBySession: vi.fn(), + resolveByConversation: (ref: unknown) => sessionBindingMocks.resolveByConversation(ref), + touch: (bindingId: string, at?: number) => sessionBindingMocks.touch(bindingId, at), + unbind: vi.fn(), + }), + }; +}); +vi.mock("openclaw/plugin-sdk/channel-runtime", async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + createReplyPrefixOptions: vi.fn(() => ({ onModelSelected: () => {} })), + recordInboundSessionMetaSafe: vi.fn( + async (params: { + cfg: OpenClawConfig; + agentId: string; + sessionKey: string; + ctx: unknown; + onError?: (error: unknown) => void; + }) => { + const storePath = sessionMocks.resolveStorePath(params.cfg.session?.store, { + agentId: params.agentId, + }); + try { + await sessionMocks.recordSessionMetaFromInbound({ + storePath, + sessionKey: params.sessionKey, + ctx: params.ctx, + }); + } catch (error) { + params.onError?.(error); + } + }, + ), + }; +}); +vi.mock("openclaw/plugin-sdk/reply-runtime", async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + finalizeInboundContext: vi.fn((ctx: unknown) => ctx), + dispatchReplyWithBufferedBlockDispatcher: replyMocks.dispatchReplyWithBufferedBlockDispatcher, + listSkillCommandsForAgents: vi.fn(() => []), }; }); vi.mock("../../../src/config/sessions.js", () => ({ @@ -69,15 +123,6 @@ vi.mock("../../../src/config/sessions.js", () => ({ vi.mock("../../../src/pairing/pairing-store.js", () => ({ readChannelAllowFromStore: vi.fn(async () => []), })); -vi.mock("../../../src/auto-reply/reply/inbound-context.js", () => ({ - finalizeInboundContext: vi.fn((ctx: unknown) => ctx), -})); -vi.mock("../../../src/auto-reply/reply/provider-dispatcher.js", () => ({ - dispatchReplyWithBufferedBlockDispatcher: replyMocks.dispatchReplyWithBufferedBlockDispatcher, -})); -vi.mock("../../../src/channels/reply-prefix.js", () => ({ - createReplyPrefixOptions: vi.fn(() => ({ onModelSelected: () => {} })), -})); vi.mock("../../../src/infra/outbound/session-binding-service.js", () => ({ getSessionBindingService: () => ({ bind: vi.fn(), @@ -88,10 +133,6 @@ vi.mock("../../../src/infra/outbound/session-binding-service.js", () => ({ unbind: vi.fn(), }), })); -vi.mock("../../../src/auto-reply/skill-commands.js", async (importOriginal) => { - const actual = await importOriginal(); - return { ...actual, listSkillCommandsForAgents: vi.fn(() => []) }; -}); vi.mock("../../../src/plugins/commands.js", () => ({ getPluginCommandSpecs: vi.fn(() => []), matchPluginCommand: vi.fn(() => null), @@ -101,93 +142,13 @@ vi.mock("./bot/delivery.js", () => ({ deliverReplies: deliveryMocks.deliverReplies, })); -function createDeferred() { - let resolve!: (value: T | PromiseLike) => void; - const promise = new Promise((res) => { - resolve = res; - }); - return { promise, resolve }; -} - -function createNativeCommandTestParams( - params: Partial = {}, -): RegisterTelegramNativeCommandsParams { - const log = vi.fn(); - return { - bot: - params.bot ?? - ({ - api: { - setMyCommands: vi.fn().mockResolvedValue(undefined), - sendMessage: vi.fn().mockResolvedValue(undefined), - }, - command: vi.fn(), - } as unknown as RegisterTelegramNativeCommandsParams["bot"]), - cfg: params.cfg ?? ({} as OpenClawConfig), - runtime: - params.runtime ?? ({ log } as unknown as RegisterTelegramNativeCommandsParams["runtime"]), - accountId: params.accountId ?? "default", - telegramCfg: params.telegramCfg ?? ({} as RegisterTelegramNativeCommandsParams["telegramCfg"]), - allowFrom: params.allowFrom ?? [], - groupAllowFrom: params.groupAllowFrom ?? [], - replyToMode: params.replyToMode ?? "off", - textLimit: params.textLimit ?? 4000, - useAccessGroups: params.useAccessGroups ?? false, - nativeEnabled: params.nativeEnabled ?? true, - nativeSkillsEnabled: params.nativeSkillsEnabled ?? false, - nativeDisabledExplicit: params.nativeDisabledExplicit ?? false, - resolveGroupPolicy: - params.resolveGroupPolicy ?? - (() => - ({ - allowlistEnabled: false, - allowed: true, - }) as ReturnType), - resolveTelegramGroupConfig: - params.resolveTelegramGroupConfig ?? - (() => ({ groupConfig: undefined, topicConfig: undefined })), - shouldSkipUpdate: params.shouldSkipUpdate ?? (() => false), - opts: params.opts ?? { token: "token" }, - }; -} - type TelegramCommandHandler = (ctx: unknown) => Promise; -function buildStatusCommandContext() { - return { - match: "", - message: { - message_id: 1, - date: Math.floor(Date.now() / 1000), - chat: { id: 100, type: "private" as const }, - from: { id: 200, username: "bob" }, - }, - }; -} - -function buildStatusTopicCommandContext() { - return { - match: "", - message: { - message_id: 2, - date: Math.floor(Date.now() / 1000), - chat: { - id: -1001234567890, - type: "supergroup" as const, - title: "OpenClaw", - is_forum: true, - }, - message_thread_id: 42, - from: { id: 200, username: "bob" }, - }, - }; -} - function registerAndResolveStatusHandler(params: { cfg: OpenClawConfig; allowFrom?: string[]; groupAllowFrom?: string[]; - telegramCfg?: RegisterTelegramNativeCommandsParams["telegramCfg"]; + telegramCfg?: NativeCommandTestParams["telegramCfg"]; resolveTelegramGroupConfig?: RegisterTelegramHandlerParams["resolveTelegramGroupConfig"]; }): { handler: TelegramCommandHandler; @@ -211,7 +172,7 @@ function registerAndResolveCommandHandlerBase(params: { allowFrom: string[]; groupAllowFrom: string[]; useAccessGroups: boolean; - telegramCfg?: RegisterTelegramNativeCommandsParams["telegramCfg"]; + telegramCfg?: NativeCommandTestParams["telegramCfg"]; resolveTelegramGroupConfig?: RegisterTelegramHandlerParams["resolveTelegramGroupConfig"]; }): { handler: TelegramCommandHandler; @@ -238,7 +199,7 @@ function registerAndResolveCommandHandlerBase(params: { command: vi.fn((name: string, cb: TelegramCommandHandler) => { commandHandlers.set(name, cb); }), - } as unknown as Parameters[0]["bot"], + } as unknown as NativeCommandTestParams["bot"], cfg, allowFrom, groupAllowFrom, @@ -259,7 +220,7 @@ function registerAndResolveCommandHandler(params: { allowFrom?: string[]; groupAllowFrom?: string[]; useAccessGroups?: boolean; - telegramCfg?: RegisterTelegramNativeCommandsParams["telegramCfg"]; + telegramCfg?: NativeCommandTestParams["telegramCfg"]; resolveTelegramGroupConfig?: RegisterTelegramHandlerParams["resolveTelegramGroupConfig"]; }): { handler: TelegramCommandHandler; @@ -308,13 +269,93 @@ function createConfiguredAcpTopicBinding(boundSessionKey: string) { status: "active", boundAt: 0, }, - } satisfies import("../../../src/acp/persistent-bindings.js").ResolvedConfiguredAcpBinding; + } as const; +} + +function createConfiguredBindingRoute( + route: ResolvedAgentRoute, + binding: ReturnType | null, +) { + return { + bindingResolution: binding + ? { + conversation: binding.record.conversation, + compiledBinding: { + channel: "telegram" as const, + binding: { + type: "acp" as const, + agentId: binding.spec.agentId, + match: { + channel: "telegram", + accountId: binding.spec.accountId, + peer: { + kind: "group" as const, + id: binding.spec.conversationId, + }, + }, + acp: { + mode: binding.spec.mode, + }, + }, + bindingConversationId: binding.spec.conversationId, + target: { + conversationId: binding.spec.conversationId, + ...(binding.spec.parentConversationId + ? { parentConversationId: binding.spec.parentConversationId } + : {}), + }, + agentId: binding.spec.agentId, + provider: { + compileConfiguredBinding: () => ({ + conversationId: binding.spec.conversationId, + ...(binding.spec.parentConversationId + ? { parentConversationId: binding.spec.parentConversationId } + : {}), + }), + matchInboundConversation: () => ({ + conversationId: binding.spec.conversationId, + ...(binding.spec.parentConversationId + ? { parentConversationId: binding.spec.parentConversationId } + : {}), + }), + }, + targetFactory: { + driverId: "acp" as const, + materialize: () => ({ + record: binding.record, + statefulTarget: { + kind: "stateful" as const, + driverId: "acp" as const, + sessionKey: binding.record.targetSessionKey, + agentId: binding.spec.agentId, + }, + }), + }, + }, + match: { + conversationId: binding.spec.conversationId, + ...(binding.spec.parentConversationId + ? { parentConversationId: binding.spec.parentConversationId } + : {}), + }, + record: binding.record, + statefulTarget: { + kind: "stateful" as const, + driverId: "acp" as const, + sessionKey: binding.record.targetSessionKey, + agentId: binding.spec.agentId, + }, + } + : null, + ...(binding ? { boundSessionKey: binding.record.targetSessionKey } : {}), + route, + }; } function expectUnauthorizedNewCommandBlocked(sendMessage: ReturnType) { expect(replyMocks.dispatchReplyWithBufferedBlockDispatcher).not.toHaveBeenCalled(); - expect(persistentBindingMocks.resolveConfiguredAcpBindingRecord).not.toHaveBeenCalled(); - expect(persistentBindingMocks.ensureConfiguredAcpBindingSession).not.toHaveBeenCalled(); + expect(persistentBindingMocks.resolveConfiguredBindingRoute).not.toHaveBeenCalled(); + expect(persistentBindingMocks.ensureConfiguredBindingRouteReady).not.toHaveBeenCalled(); expect(sendMessage).toHaveBeenCalledWith( -1001234567890, "You are not authorized to use this command.", @@ -324,13 +365,12 @@ function expectUnauthorizedNewCommandBlocked(sendMessage: ReturnType { beforeEach(() => { - persistentBindingMocks.resolveConfiguredAcpBindingRecord.mockClear(); - persistentBindingMocks.resolveConfiguredAcpBindingRecord.mockReturnValue(null); - persistentBindingMocks.ensureConfiguredAcpBindingSession.mockClear(); - persistentBindingMocks.ensureConfiguredAcpBindingSession.mockResolvedValue({ - ok: true, - sessionKey: "agent:codex:acp:binding:telegram:default:seed", - }); + persistentBindingMocks.resolveConfiguredBindingRoute.mockClear(); + persistentBindingMocks.resolveConfiguredBindingRoute.mockImplementation(({ route }) => + createConfiguredBindingRoute(route, null), + ); + persistentBindingMocks.ensureConfiguredBindingRouteReady.mockClear(); + persistentBindingMocks.ensureConfiguredBindingRouteReady.mockResolvedValue({ ok: true }); sessionMocks.recordSessionMetaFromInbound.mockClear().mockResolvedValue(undefined); sessionMocks.resolveStorePath.mockClear().mockReturnValue("/tmp/openclaw-sessions.json"); replyMocks.dispatchReplyWithBufferedBlockDispatcher @@ -344,7 +384,7 @@ describe("registerTelegramNativeCommands — session metadata", () => { it("calls recordSessionMetaFromInbound after a native slash command", async () => { const cfg: OpenClawConfig = {}; const { handler } = registerAndResolveStatusHandler({ cfg }); - await handler(buildStatusCommandContext()); + await handler(createTelegramPrivateCommandContext()); expect(sessionMocks.recordSessionMetaFromInbound).toHaveBeenCalledTimes(1); const call = ( @@ -363,7 +403,7 @@ describe("registerTelegramNativeCommands — session metadata", () => { const cfg: OpenClawConfig = {}; const { handler } = registerAndResolveStatusHandler({ cfg }); - const runPromise = handler(buildStatusCommandContext()); + const runPromise = handler(createTelegramPrivateCommandContext()); await vi.waitFor(() => { expect(sessionMocks.recordSessionMetaFromInbound).toHaveBeenCalledTimes(1); @@ -402,7 +442,7 @@ describe("registerTelegramNativeCommands — session metadata", () => { }, }, }); - await handler(buildStatusCommandContext()); + await handler(createTelegramPrivateCommandContext()); const deliveredCall = deliveryMocks.deliverReplies.mock.calls[0]?.[0] as | DeliverRepliesParams @@ -446,7 +486,7 @@ describe("registerTelegramNativeCommands — session metadata", () => { }, }, }); - await handler(buildStatusCommandContext()); + await handler(createTelegramPrivateCommandContext()); expect(deliveryMocks.deliverReplies).not.toHaveBeenCalled(); }); @@ -463,7 +503,7 @@ describe("registerTelegramNativeCommands — session metadata", () => { cfg: {}, telegramCfg: { silentErrorReplies: true }, }); - await handler(buildStatusCommandContext()); + await handler(createTelegramPrivateCommandContext()); const deliveredCall = deliveryMocks.deliverReplies.mock.calls[0]?.[0] as | DeliverRepliesParams @@ -478,23 +518,28 @@ describe("registerTelegramNativeCommands — session metadata", () => { it("routes Telegram native commands through configured ACP topic bindings", async () => { const boundSessionKey = "agent:codex:acp:binding:telegram:default:feedface"; - persistentBindingMocks.resolveConfiguredAcpBindingRecord.mockReturnValue( - createConfiguredAcpTopicBinding(boundSessionKey), + persistentBindingMocks.resolveConfiguredBindingRoute.mockImplementation(({ route }) => + createConfiguredBindingRoute( + { + ...route, + sessionKey: boundSessionKey, + agentId: "codex", + matchedBy: "binding.channel", + }, + createConfiguredAcpTopicBinding(boundSessionKey), + ), ); - persistentBindingMocks.ensureConfiguredAcpBindingSession.mockResolvedValue({ - ok: true, - sessionKey: boundSessionKey, - }); + persistentBindingMocks.ensureConfiguredBindingRouteReady.mockResolvedValue({ ok: true }); const { handler } = registerAndResolveStatusHandler({ cfg: {}, allowFrom: ["200"], groupAllowFrom: ["200"], }); - await handler(buildStatusTopicCommandContext()); + await handler(createTelegramTopicCommandContext()); - expect(persistentBindingMocks.resolveConfiguredAcpBindingRecord).toHaveBeenCalledTimes(1); - expect(persistentBindingMocks.ensureConfiguredAcpBindingSession).toHaveBeenCalledTimes(1); + expect(persistentBindingMocks.resolveConfiguredBindingRoute).toHaveBeenCalledTimes(1); + expect(persistentBindingMocks.ensureConfiguredBindingRouteReady).toHaveBeenCalledTimes(1); const dispatchCall = ( replyMocks.dispatchReplyWithBufferedBlockDispatcher.mock.calls as unknown as Array< [{ ctx?: { CommandTargetSessionKey?: string } }] @@ -519,7 +564,7 @@ describe("registerTelegramNativeCommands — session metadata", () => { topicConfig: { agentId: "zu" }, }), }); - await handler(buildStatusTopicCommandContext()); + await handler(createTelegramTopicCommandContext()); const dispatchCall = ( replyMocks.dispatchReplyWithBufferedBlockDispatcher.mock.calls as unknown as Array< @@ -542,7 +587,7 @@ describe("registerTelegramNativeCommands — session metadata", () => { allowFrom: ["200"], groupAllowFrom: ["200"], }); - await handler(buildStatusTopicCommandContext()); + await handler(createTelegramTopicCommandContext()); expect(sessionBindingMocks.resolveByConversation).toHaveBeenCalledWith({ channel: "telegram", @@ -563,12 +608,19 @@ describe("registerTelegramNativeCommands — session metadata", () => { it("aborts native command dispatch when configured ACP topic binding cannot initialize", async () => { const boundSessionKey = "agent:codex:acp:binding:telegram:default:feedface"; - persistentBindingMocks.resolveConfiguredAcpBindingRecord.mockReturnValue( - createConfiguredAcpTopicBinding(boundSessionKey), + persistentBindingMocks.resolveConfiguredBindingRoute.mockImplementation(({ route }) => + createConfiguredBindingRoute( + { + ...route, + sessionKey: boundSessionKey, + agentId: "codex", + matchedBy: "binding.channel", + }, + createConfiguredAcpTopicBinding(boundSessionKey), + ), ); - persistentBindingMocks.ensureConfiguredAcpBindingSession.mockResolvedValue({ + persistentBindingMocks.ensureConfiguredBindingRouteReady.mockResolvedValue({ ok: false, - sessionKey: boundSessionKey, error: "gateway unavailable", }); @@ -577,7 +629,7 @@ describe("registerTelegramNativeCommands — session metadata", () => { allowFrom: ["200"], groupAllowFrom: ["200"], }); - await handler(buildStatusTopicCommandContext()); + await handler(createTelegramTopicCommandContext()); expect(replyMocks.dispatchReplyWithBufferedBlockDispatcher).not.toHaveBeenCalled(); expect(sendMessage).toHaveBeenCalledWith( @@ -589,13 +641,18 @@ describe("registerTelegramNativeCommands — session metadata", () => { it("keeps /new blocked in ACP-bound Telegram topics when sender is unauthorized", async () => { const boundSessionKey = "agent:codex:acp:binding:telegram:default:feedface"; - persistentBindingMocks.resolveConfiguredAcpBindingRecord.mockReturnValue( - createConfiguredAcpTopicBinding(boundSessionKey), + persistentBindingMocks.resolveConfiguredBindingRoute.mockImplementation(({ route }) => + createConfiguredBindingRoute( + { + ...route, + sessionKey: boundSessionKey, + agentId: "codex", + matchedBy: "binding.channel", + }, + createConfiguredAcpTopicBinding(boundSessionKey), + ), ); - persistentBindingMocks.ensureConfiguredAcpBindingSession.mockResolvedValue({ - ok: true, - sessionKey: boundSessionKey, - }); + persistentBindingMocks.ensureConfiguredBindingRouteReady.mockResolvedValue({ ok: true }); const { handler, sendMessage } = registerAndResolveCommandHandler({ commandName: "new", @@ -604,13 +661,15 @@ describe("registerTelegramNativeCommands — session metadata", () => { groupAllowFrom: [], useAccessGroups: true, }); - await handler(buildStatusTopicCommandContext()); + await handler(createTelegramTopicCommandContext()); expectUnauthorizedNewCommandBlocked(sendMessage); }); it("keeps /new blocked for unbound Telegram topics when sender is unauthorized", async () => { - persistentBindingMocks.resolveConfiguredAcpBindingRecord.mockReturnValue(null); + persistentBindingMocks.resolveConfiguredBindingRoute.mockImplementation(({ route }) => + createConfiguredBindingRoute(route, null), + ); const { handler, sendMessage } = registerAndResolveCommandHandler({ commandName: "new", @@ -619,7 +678,7 @@ describe("registerTelegramNativeCommands — session metadata", () => { groupAllowFrom: [], useAccessGroups: true, }); - await handler(buildStatusTopicCommandContext()); + await handler(createTelegramTopicCommandContext()); expectUnauthorizedNewCommandBlocked(sendMessage); }); diff --git a/extensions/telegram/src/bot-native-commands.skills-allowlist.test.ts b/extensions/telegram/src/bot-native-commands.skills-allowlist.test.ts index c026392f9f9..5a2b2552739 100644 --- a/extensions/telegram/src/bot-native-commands.skills-allowlist.test.ts +++ b/extensions/telegram/src/bot-native-commands.skills-allowlist.test.ts @@ -4,26 +4,16 @@ import path from "node:path"; import { afterEach, describe, expect, it, vi } from "vitest"; import { writeSkill } from "../../../src/agents/skills.e2e-test-helpers.js"; import type { OpenClawConfig } from "../../../src/config/config.js"; -import type { TelegramAccountConfig } from "../../../src/config/types.js"; +import { + pluginCommandMocks, + resetPluginCommandMocks, +} from "../../../test/helpers/extensions/telegram-plugin-command.js"; import { registerTelegramNativeCommands } from "./bot-native-commands.js"; - -const pluginCommandMocks = vi.hoisted(() => ({ - getPluginCommandSpecs: vi.fn(() => []), - matchPluginCommand: vi.fn(() => null), - executePluginCommand: vi.fn(async () => ({ text: "ok" })), -})); -const deliveryMocks = vi.hoisted(() => ({ - deliverReplies: vi.fn(async () => ({ delivered: true })), -})); - -vi.mock("../../../src/plugins/commands.js", () => ({ - getPluginCommandSpecs: pluginCommandMocks.getPluginCommandSpecs, - matchPluginCommand: pluginCommandMocks.matchPluginCommand, - executePluginCommand: pluginCommandMocks.executePluginCommand, -})); -vi.mock("./bot/delivery.js", () => ({ - deliverReplies: deliveryMocks.deliverReplies, -})); +import { + createNativeCommandTestParams, + resetNativeCommandMenuMocks, + waitForRegisteredCommands, +} from "./bot-native-commands.menu-test-support.js"; const tempDirs: string[] = []; @@ -35,10 +25,8 @@ async function makeWorkspace(prefix: string) { describe("registerTelegramNativeCommands skill allowlist integration", () => { afterEach(async () => { - pluginCommandMocks.getPluginCommandSpecs.mockClear().mockReturnValue([]); - pluginCommandMocks.matchPluginCommand.mockClear().mockReturnValue(null); - pluginCommandMocks.executePluginCommand.mockClear().mockResolvedValue({ text: "ok" }); - deliveryMocks.deliverReplies.mockClear().mockResolvedValue({ delivered: true }); + resetNativeCommandMenuMocks(); + resetPluginCommandMocks(); await Promise.all( tempDirs .splice(0, tempDirs.length) @@ -76,49 +64,22 @@ describe("registerTelegramNativeCommands skill allowlist integration", () => { }; registerTelegramNativeCommands({ - bot: { - api: { - setMyCommands, - sendMessage: vi.fn().mockResolvedValue(undefined), - }, - command: vi.fn(), - } as unknown as Parameters[0]["bot"], - cfg, - runtime: { log: vi.fn() } as unknown as Parameters< - typeof registerTelegramNativeCommands - >[0]["runtime"], - accountId: "bot-a", - telegramCfg: {} as TelegramAccountConfig, - allowFrom: [], - groupAllowFrom: [], - replyToMode: "off", - textLimit: 4000, - useAccessGroups: false, - nativeEnabled: true, - nativeSkillsEnabled: true, - nativeDisabledExplicit: false, - resolveGroupPolicy: () => - ({ - allowlistEnabled: false, - allowed: true, - }) as ReturnType< - Parameters[0]["resolveGroupPolicy"] - >, - resolveTelegramGroupConfig: () => ({ - groupConfig: undefined, - topicConfig: undefined, + ...createNativeCommandTestParams(cfg, { + bot: { + api: { + setMyCommands, + sendMessage: vi.fn().mockResolvedValue(undefined), + }, + command: vi.fn(), + } as unknown as Parameters[0]["bot"], + runtime: { log: vi.fn() } as unknown as Parameters< + typeof registerTelegramNativeCommands + >[0]["runtime"], + accountId: "bot-a", }), - shouldSkipUpdate: () => false, - opts: { token: "token" }, }); - await vi.waitFor(() => { - expect(setMyCommands).toHaveBeenCalled(); - }); - const registeredCommands = setMyCommands.mock.calls[0]?.[0] as Array<{ - command: string; - description: string; - }>; + const registeredCommands = await waitForRegisteredCommands(setMyCommands); expect(registeredCommands.some((entry) => entry.command === "alpha_skill")).toBe(true); expect(registeredCommands.some((entry) => entry.command === "beta_skill")).toBe(false); diff --git a/extensions/telegram/src/bot-native-commands.test-helpers.ts b/extensions/telegram/src/bot-native-commands.test-helpers.ts index 33c3f04f904..3afeb63fbb2 100644 --- a/extensions/telegram/src/bot-native-commands.test-helpers.ts +++ b/extensions/telegram/src/bot-native-commands.test-helpers.ts @@ -1,24 +1,28 @@ +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import type { ChannelGroupPolicy } from "openclaw/plugin-sdk/config-runtime"; +import type { TelegramAccountConfig } from "openclaw/plugin-sdk/config-runtime"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; +import type { MockFn } from "openclaw/plugin-sdk/testing"; import { vi } from "vitest"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import type { ChannelGroupPolicy } from "../../../src/config/group-policy.js"; -import type { TelegramAccountConfig } from "../../../src/config/types.js"; -import type { RuntimeEnv } from "../../../src/runtime.js"; -import type { MockFn } from "../../../src/test-utils/vitest-mock-fn.js"; +import { + createNativeCommandTestParams, + type NativeCommandTestParams, +} from "./bot-native-commands.fixture-test-support.js"; +import type { RegisterTelegramNativeCommandsParams } from "./bot-native-commands.js"; import { registerTelegramNativeCommands } from "./bot-native-commands.js"; -type RegisterTelegramNativeCommandsParams = Parameters[0]; type GetPluginCommandSpecsFn = - typeof import("../../../src/plugins/commands.js").getPluginCommandSpecs; -type MatchPluginCommandFn = typeof import("../../../src/plugins/commands.js").matchPluginCommand; + typeof import("openclaw/plugin-sdk/plugin-runtime").getPluginCommandSpecs; +type MatchPluginCommandFn = typeof import("openclaw/plugin-sdk/plugin-runtime").matchPluginCommand; type ExecutePluginCommandFn = - typeof import("../../../src/plugins/commands.js").executePluginCommand; + typeof import("openclaw/plugin-sdk/plugin-runtime").executePluginCommand; type DispatchReplyWithBufferedBlockDispatcherFn = - typeof import("../../../src/auto-reply/reply/provider-dispatcher.js").dispatchReplyWithBufferedBlockDispatcher; + typeof import("openclaw/plugin-sdk/reply-runtime").dispatchReplyWithBufferedBlockDispatcher; type DispatchReplyWithBufferedBlockDispatcherResult = Awaited< ReturnType >; type RecordInboundSessionMetaSafeFn = - typeof import("../../../src/channels/session-meta.js").recordInboundSessionMetaSafe; + typeof import("openclaw/plugin-sdk/channel-runtime").recordInboundSessionMetaSafe; type AnyMock = MockFn<(...args: unknown[]) => unknown>; type AnyAsyncMock = MockFn<(...args: unknown[]) => Promise>; type NativeCommandHarness = { @@ -26,13 +30,7 @@ type NativeCommandHarness = { sendMessage: AnyAsyncMock; setMyCommands: AnyAsyncMock; log: AnyMock; - bot: { - api: { - setMyCommands: AnyAsyncMock; - sendMessage: AnyAsyncMock; - }; - command: (name: string, handler: (ctx: unknown) => Promise) => void; - }; + bot: RegisterTelegramNativeCommandsParams["bot"]; }; const pluginCommandMocks = vi.hoisted(() => ({ @@ -44,7 +42,7 @@ export const getPluginCommandSpecs = pluginCommandMocks.getPluginCommandSpecs; export const matchPluginCommand = pluginCommandMocks.matchPluginCommand; export const executePluginCommand = pluginCommandMocks.executePluginCommand; -vi.mock("../../../src/plugins/commands.js", () => ({ +vi.mock("openclaw/plugin-sdk/plugin-runtime", () => ({ getPluginCommandSpecs: pluginCommandMocks.getPluginCommandSpecs, matchPluginCommand: pluginCommandMocks.matchPluginCommand, executePluginCommand: pluginCommandMocks.executePluginCommand, @@ -67,17 +65,17 @@ const replyPipelineMocks = vi.hoisted(() => { export const dispatchReplyWithBufferedBlockDispatcher = replyPipelineMocks.dispatchReplyWithBufferedBlockDispatcher; -vi.mock("../../../src/auto-reply/reply/inbound-context.js", () => ({ +vi.mock("openclaw/plugin-sdk/reply-runtime", () => ({ finalizeInboundContext: replyPipelineMocks.finalizeInboundContext, })); -vi.mock("../../../src/auto-reply/reply/provider-dispatcher.js", () => ({ +vi.mock("openclaw/plugin-sdk/reply-runtime", () => ({ dispatchReplyWithBufferedBlockDispatcher: replyPipelineMocks.dispatchReplyWithBufferedBlockDispatcher, })); -vi.mock("../../../src/channels/reply-prefix.js", () => ({ +vi.mock("openclaw/plugin-sdk/channel-runtime", () => ({ createReplyPrefixOptions: replyPipelineMocks.createReplyPrefixOptions, })); -vi.mock("../../../src/channels/session-meta.js", () => ({ +vi.mock("openclaw/plugin-sdk/channel-runtime", () => ({ recordInboundSessionMetaSafe: replyPipelineMocks.recordInboundSessionMetaSafe, })); @@ -86,51 +84,10 @@ const deliveryMocks = vi.hoisted(() => ({ })); export const deliverReplies = deliveryMocks.deliverReplies; vi.mock("./bot/delivery.js", () => ({ deliverReplies: deliveryMocks.deliverReplies })); -vi.mock("../../../src/pairing/pairing-store.js", () => ({ +vi.mock("openclaw/plugin-sdk/conversation-runtime", () => ({ readChannelAllowFromStore: vi.fn(async () => []), })); - -export function createNativeCommandTestParams( - params: Partial = {}, -): RegisterTelegramNativeCommandsParams { - const log = vi.fn(); - return { - bot: - params.bot ?? - ({ - api: { - setMyCommands: vi.fn().mockResolvedValue(undefined), - sendMessage: vi.fn().mockResolvedValue(undefined), - }, - command: vi.fn(), - } as unknown as RegisterTelegramNativeCommandsParams["bot"]), - cfg: params.cfg ?? ({} as OpenClawConfig), - runtime: - params.runtime ?? ({ log } as unknown as RegisterTelegramNativeCommandsParams["runtime"]), - accountId: params.accountId ?? "default", - telegramCfg: params.telegramCfg ?? ({} as RegisterTelegramNativeCommandsParams["telegramCfg"]), - allowFrom: params.allowFrom ?? [], - groupAllowFrom: params.groupAllowFrom ?? [], - replyToMode: params.replyToMode ?? "off", - textLimit: params.textLimit ?? 4000, - useAccessGroups: params.useAccessGroups ?? false, - nativeEnabled: params.nativeEnabled ?? true, - nativeSkillsEnabled: params.nativeSkillsEnabled ?? false, - nativeDisabledExplicit: params.nativeDisabledExplicit ?? false, - resolveGroupPolicy: - params.resolveGroupPolicy ?? - (() => - ({ - allowlistEnabled: false, - allowed: true, - }) as ReturnType), - resolveTelegramGroupConfig: - params.resolveTelegramGroupConfig ?? - (() => ({ groupConfig: undefined, topicConfig: undefined })), - shouldSkipUpdate: params.shouldSkipUpdate ?? (() => false), - opts: params.opts ?? { token: "token" }, - }; -} +export { createNativeCommandTestParams }; export function createNativeCommandsHarness(params?: { cfg?: OpenClawConfig; @@ -147,7 +104,7 @@ export function createNativeCommandsHarness(params?: { const sendMessage: AnyAsyncMock = vi.fn(async () => undefined); const setMyCommands: AnyAsyncMock = vi.fn(async () => undefined); const log: AnyMock = vi.fn(); - const bot: NativeCommandHarness["bot"] = { + const bot = { api: { setMyCommands, sendMessage, @@ -155,10 +112,10 @@ export function createNativeCommandsHarness(params?: { command: (name: string, handler: (ctx: unknown) => Promise) => { handlers[name] = handler; }, - } as const; + } as unknown as RegisterTelegramNativeCommandsParams["bot"]; registerTelegramNativeCommands({ - bot: bot as unknown as Parameters[0]["bot"], + bot, cfg: params?.cfg ?? ({} as OpenClawConfig), runtime: params?.runtime ?? ({ log } as unknown as RuntimeEnv), accountId: "default", diff --git a/extensions/telegram/src/bot-native-commands.test.ts b/extensions/telegram/src/bot-native-commands.test.ts index bc843293fc5..e20806b11e4 100644 --- a/extensions/telegram/src/bot-native-commands.test.ts +++ b/extensions/telegram/src/bot-native-commands.test.ts @@ -5,100 +5,46 @@ import { STATE_DIR } from "../../../src/config/paths.js"; import { TELEGRAM_COMMAND_NAME_PATTERN } from "../../../src/config/telegram-custom-commands.js"; import type { TelegramAccountConfig } from "../../../src/config/types.js"; import type { RuntimeEnv } from "../../../src/runtime.js"; -import { registerTelegramNativeCommands } from "./bot-native-commands.js"; - -const { listSkillCommandsForAgents } = vi.hoisted(() => ({ +import { + pluginCommandMocks, + resetPluginCommandMocks, +} from "../../../test/helpers/extensions/telegram-plugin-command.js"; +const skillCommandMocks = vi.hoisted(() => ({ listSkillCommandsForAgents: vi.fn(() => []), })); -const pluginCommandMocks = vi.hoisted(() => ({ - getPluginCommandSpecs: vi.fn(() => []), - matchPluginCommand: vi.fn(() => null), - executePluginCommand: vi.fn(async () => ({ text: "ok" })), -})); const deliveryMocks = vi.hoisted(() => ({ deliverReplies: vi.fn(async () => ({ delivered: true })), })); -vi.mock("../../../src/auto-reply/skill-commands.js", async (importOriginal) => { - const actual = await importOriginal(); +vi.mock("openclaw/plugin-sdk/reply-runtime", async (importOriginal) => { + const actual = await importOriginal(); return { ...actual, - listSkillCommandsForAgents, + listSkillCommandsForAgents: skillCommandMocks.listSkillCommandsForAgents, }; }); -vi.mock("../../../src/plugins/commands.js", () => ({ - getPluginCommandSpecs: pluginCommandMocks.getPluginCommandSpecs, - matchPluginCommand: pluginCommandMocks.matchPluginCommand, - executePluginCommand: pluginCommandMocks.executePluginCommand, -})); + vi.mock("./bot/delivery.js", () => ({ deliverReplies: deliveryMocks.deliverReplies, })); +import { registerTelegramNativeCommands } from "./bot-native-commands.js"; +import { + createCommandBot, + createNativeCommandTestParams, + createPrivateCommandContext, + waitForRegisteredCommands, +} from "./bot-native-commands.menu-test-support.js"; + describe("registerTelegramNativeCommands", () => { - type RegisteredCommand = { - command: string; - description: string; - }; - - async function waitForRegisteredCommands( - setMyCommands: ReturnType, - ): Promise { - await vi.waitFor(() => { - expect(setMyCommands).toHaveBeenCalled(); - }); - return setMyCommands.mock.calls[0]?.[0] as RegisteredCommand[]; - } - beforeEach(() => { - listSkillCommandsForAgents.mockClear(); - listSkillCommandsForAgents.mockReturnValue([]); - pluginCommandMocks.getPluginCommandSpecs.mockClear(); - pluginCommandMocks.getPluginCommandSpecs.mockReturnValue([]); - pluginCommandMocks.matchPluginCommand.mockClear(); - pluginCommandMocks.matchPluginCommand.mockReturnValue(null); - pluginCommandMocks.executePluginCommand.mockClear(); - pluginCommandMocks.executePluginCommand.mockResolvedValue({ text: "ok" }); + skillCommandMocks.listSkillCommandsForAgents.mockClear(); + skillCommandMocks.listSkillCommandsForAgents.mockReturnValue([]); deliveryMocks.deliverReplies.mockClear(); deliveryMocks.deliverReplies.mockResolvedValue({ delivered: true }); + resetPluginCommandMocks(); }); - const buildParams = (cfg: OpenClawConfig, accountId = "default") => - ({ - bot: { - api: { - setMyCommands: vi.fn().mockResolvedValue(undefined), - sendMessage: vi.fn().mockResolvedValue(undefined), - }, - command: vi.fn(), - } as unknown as Parameters[0]["bot"], - cfg, - runtime: {} as RuntimeEnv, - accountId, - telegramCfg: {} as TelegramAccountConfig, - allowFrom: [], - groupAllowFrom: [], - replyToMode: "off", - textLimit: 4000, - useAccessGroups: false, - nativeEnabled: true, - nativeSkillsEnabled: true, - nativeDisabledExplicit: false, - resolveGroupPolicy: () => - ({ - allowlistEnabled: false, - allowed: true, - }) as ReturnType< - Parameters[0]["resolveGroupPolicy"] - >, - resolveTelegramGroupConfig: () => ({ - groupConfig: undefined, - topicConfig: undefined, - }), - shouldSkipUpdate: () => false, - opts: { token: "token" }, - }) satisfies Parameters[0]; - it("scopes skill commands when account binding exists", () => { const cfg: OpenClawConfig = { agents: { @@ -112,9 +58,9 @@ describe("registerTelegramNativeCommands", () => { ], }; - registerTelegramNativeCommands(buildParams(cfg, "bot-a")); + registerTelegramNativeCommands(createNativeCommandTestParams(cfg, { accountId: "bot-a" })); - expect(listSkillCommandsForAgents).toHaveBeenCalledWith({ + expect(skillCommandMocks.listSkillCommandsForAgents).toHaveBeenCalledWith({ cfg, agentIds: ["butler"], }); @@ -127,9 +73,9 @@ describe("registerTelegramNativeCommands", () => { }, }; - registerTelegramNativeCommands(buildParams(cfg, "bot-a")); + registerTelegramNativeCommands(createNativeCommandTestParams(cfg, { accountId: "bot-a" })); - expect(listSkillCommandsForAgents).toHaveBeenCalledWith({ + expect(skillCommandMocks.listSkillCommandsForAgents).toHaveBeenCalledWith({ cfg, agentIds: ["main"], }); @@ -147,7 +93,7 @@ describe("registerTelegramNativeCommands", () => { const runtimeLog = vi.fn(); registerTelegramNativeCommands({ - ...buildParams(cfg), + ...createNativeCommandTestParams(cfg), bot: { api: { setMyCommands, @@ -174,7 +120,7 @@ describe("registerTelegramNativeCommands", () => { const command = vi.fn(); registerTelegramNativeCommands({ - ...buildParams({}), + ...createNativeCommandTestParams({}), bot: { api: { setMyCommands, @@ -202,7 +148,7 @@ describe("registerTelegramNativeCommands", () => { ] as never); registerTelegramNativeCommands({ - ...buildParams({}), + ...createNativeCommandTestParams({}), bot: { api: { setMyCommands, @@ -259,29 +205,22 @@ describe("registerTelegramNativeCommands", () => { } as never); registerTelegramNativeCommands({ - ...buildParams(cfg), - bot: { - api: { - setMyCommands: vi.fn().mockResolvedValue(undefined), - sendMessage, - }, - command: vi.fn((name: string, cb: (ctx: unknown) => Promise) => { - commandHandlers.set(name, cb); - }), - } as unknown as Parameters[0]["bot"], + ...createNativeCommandTestParams(cfg, { + bot: { + api: { + setMyCommands: vi.fn().mockResolvedValue(undefined), + sendMessage, + }, + command: vi.fn((name: string, cb: (ctx: unknown) => Promise) => { + commandHandlers.set(name, cb); + }), + } as unknown as Parameters[0]["bot"], + }), }); const handler = commandHandlers.get("plug"); expect(handler).toBeTruthy(); - await handler?.({ - match: "", - message: { - message_id: 1, - date: Math.floor(Date.now() / 1000), - chat: { id: 123, type: "private" }, - from: { id: 456, username: "alice" }, - }, - }); + await handler?.(createPrivateCommandContext()); expect(deliveryMocks.deliverReplies).toHaveBeenCalledWith( expect.objectContaining({ @@ -310,30 +249,26 @@ describe("registerTelegramNativeCommands", () => { } as never); registerTelegramNativeCommands({ - ...buildParams({}), - bot: { - api: { - setMyCommands: vi.fn().mockResolvedValue(undefined), - sendMessage: vi.fn().mockResolvedValue(undefined), + ...createNativeCommandTestParams( + {}, + { + bot: { + api: { + setMyCommands: vi.fn().mockResolvedValue(undefined), + sendMessage: vi.fn().mockResolvedValue(undefined), + }, + command: vi.fn((name: string, cb: (ctx: unknown) => Promise) => { + commandHandlers.set(name, cb); + }), + } as unknown as Parameters[0]["bot"], }, - command: vi.fn((name: string, cb: (ctx: unknown) => Promise) => { - commandHandlers.set(name, cb); - }), - } as unknown as Parameters[0]["bot"], + ), telegramCfg: { silentErrorReplies: true } as TelegramAccountConfig, }); const handler = commandHandlers.get("plug"); expect(handler).toBeTruthy(); - await handler?.({ - match: "", - message: { - message_id: 1, - date: Math.floor(Date.now() / 1000), - chat: { id: 123, type: "private" }, - from: { id: 456, username: "alice" }, - }, - }); + await handler?.(createPrivateCommandContext()); expect(deliveryMocks.deliverReplies).toHaveBeenCalledWith( expect.objectContaining({ diff --git a/extensions/telegram/src/bot-native-commands.ts b/extensions/telegram/src/bot-native-commands.ts index 64874d1f8eb..0e513131133 100644 --- a/extensions/telegram/src/bot-native-commands.ts +++ b/extensions/telegram/src/bot-native-commands.ts @@ -1,8 +1,33 @@ import type { Bot, Context } from "grammy"; -import { ensureConfiguredAcpRouteReady } from "../../../src/acp/persistent-bindings.route.js"; -import { resolveChunkMode } from "../../../src/auto-reply/chunk.js"; -import { resolveCommandAuthorization } from "../../../src/auto-reply/command-auth.js"; -import type { CommandArgs } from "../../../src/auto-reply/commands-registry.js"; +import { resolveCommandAuthorizedFromAuthorizers } from "openclaw/plugin-sdk/channel-runtime"; +import { resolveNativeCommandSessionTargets } from "openclaw/plugin-sdk/channel-runtime"; +import { createReplyPrefixOptions } from "openclaw/plugin-sdk/channel-runtime"; +import { recordInboundSessionMetaSafe } from "openclaw/plugin-sdk/channel-runtime"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import type { ChannelGroupPolicy } from "openclaw/plugin-sdk/config-runtime"; +import { resolveMarkdownTableMode } from "openclaw/plugin-sdk/config-runtime"; +import { + normalizeTelegramCommandName, + resolveTelegramCustomCommands, + TELEGRAM_COMMAND_NAME_PATTERN, +} from "openclaw/plugin-sdk/config-runtime"; +import type { + ReplyToMode, + TelegramAccountConfig, + TelegramDirectConfig, + TelegramGroupConfig, + TelegramTopicConfig, +} from "openclaw/plugin-sdk/config-runtime"; +import { ensureConfiguredBindingRouteReady } from "openclaw/plugin-sdk/conversation-runtime"; +import { getAgentScopedMediaLocalRoots } from "openclaw/plugin-sdk/media-runtime"; +import { + executePluginCommand, + getPluginCommandSpecs, + matchPluginCommand, +} from "openclaw/plugin-sdk/plugin-runtime"; +import { resolveChunkMode } from "openclaw/plugin-sdk/reply-runtime"; +import { resolveCommandAuthorization } from "openclaw/plugin-sdk/reply-runtime"; +import type { CommandArgs } from "openclaw/plugin-sdk/reply-runtime"; import { buildCommandTextFromArgs, findCommandByNativeName, @@ -10,40 +35,15 @@ import { listNativeCommandSpecsForConfig, parseCommandArgs, resolveCommandArgMenu, -} from "../../../src/auto-reply/commands-registry.js"; -import { finalizeInboundContext } from "../../../src/auto-reply/reply/inbound-context.js"; -import { dispatchReplyWithBufferedBlockDispatcher } from "../../../src/auto-reply/reply/provider-dispatcher.js"; -import { listSkillCommandsForAgents } from "../../../src/auto-reply/skill-commands.js"; -import { resolveCommandAuthorizedFromAuthorizers } from "../../../src/channels/command-gating.js"; -import { resolveNativeCommandSessionTargets } from "../../../src/channels/native-command-session-targets.js"; -import { createReplyPrefixOptions } from "../../../src/channels/reply-prefix.js"; -import { recordInboundSessionMetaSafe } from "../../../src/channels/session-meta.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import type { ChannelGroupPolicy } from "../../../src/config/group-policy.js"; -import { resolveMarkdownTableMode } from "../../../src/config/markdown-tables.js"; -import { - normalizeTelegramCommandName, - resolveTelegramCustomCommands, - TELEGRAM_COMMAND_NAME_PATTERN, -} from "../../../src/config/telegram-custom-commands.js"; -import type { - ReplyToMode, - TelegramAccountConfig, - TelegramDirectConfig, - TelegramGroupConfig, - TelegramTopicConfig, -} from "../../../src/config/types.js"; -import { danger, logVerbose } from "../../../src/globals.js"; -import { getChildLogger } from "../../../src/logging.js"; -import { getAgentScopedMediaLocalRoots } from "../../../src/media/local-roots.js"; -import { - executePluginCommand, - getPluginCommandSpecs, - matchPluginCommand, -} from "../../../src/plugins/commands.js"; -import { resolveAgentRoute } from "../../../src/routing/resolve-route.js"; -import { resolveThreadSessionKeys } from "../../../src/routing/session-key.js"; -import type { RuntimeEnv } from "../../../src/runtime.js"; +} from "openclaw/plugin-sdk/reply-runtime"; +import { finalizeInboundContext } from "openclaw/plugin-sdk/reply-runtime"; +import { dispatchReplyWithBufferedBlockDispatcher } from "openclaw/plugin-sdk/reply-runtime"; +import { listSkillCommandsForAgents } from "openclaw/plugin-sdk/reply-runtime"; +import { resolveAgentRoute } from "openclaw/plugin-sdk/routing"; +import { resolveThreadSessionKeys } from "openclaw/plugin-sdk/routing"; +import { danger, logVerbose } from "openclaw/plugin-sdk/runtime-env"; +import { getChildLogger } from "openclaw/plugin-sdk/runtime-env"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; import { withTelegramApiErrorLogging } from "./api-logging.js"; import { isSenderAllowed, normalizeDmAllowFromWithStore } from "./bot-access.js"; import type { TelegramMediaRef } from "./bot-message-context.js"; @@ -63,7 +63,10 @@ import { resolveTelegramThreadSpec, } from "./bot/helpers.js"; import type { TelegramContext } from "./bot/types.js"; -import { resolveTelegramConversationRoute } from "./conversation-route.js"; +import { + resolveTelegramConversationBaseSessionKey, + resolveTelegramConversationRoute, +} from "./conversation-route.js"; import { shouldSuppressLocalTelegramExecApprovalPrompt } from "./exec-approvals.js"; import type { TelegramTransport } from "./fetch.js"; import { @@ -119,7 +122,7 @@ export type RegisterTelegramHandlerParams = { logger: ReturnType; }; -type RegisterTelegramNativeCommandsParams = { +export type RegisterTelegramNativeCommandsParams = { bot: Bot; cfg: OpenClawConfig; runtime: RuntimeEnv; @@ -487,13 +490,13 @@ export const registerTelegramNativeCommands = ({ topicAgentId, }); if (configuredBinding) { - const ensured = await ensureConfiguredAcpRouteReady({ + const ensured = await ensureConfiguredBindingRouteReady({ cfg, - configuredBinding, + bindingResolution: configuredBinding, }); if (!ensured.ok) { logVerbose( - `telegram native command: configured ACP binding unavailable for topic ${configuredBinding.spec.conversationId}: ${ensured.error}`, + `telegram native command: configured ACP binding unavailable for topic ${configuredBinding.record.conversation.conversationId}: ${ensured.error}`, ); await withTelegramApiErrorLogging({ operation: "sendMessage", @@ -650,7 +653,13 @@ export const registerTelegramNativeCommands = ({ }); return; } - const baseSessionKey = route.sessionKey; + const baseSessionKey = resolveTelegramConversationBaseSessionKey({ + cfg, + route, + chatId, + isGroup, + senderId, + }); // DMs: use raw messageThreadId for thread sessions (not resolvedThreadId which is for forums) const dmThreadId = threadSpec.scope === "dm" ? threadSpec.id : undefined; const threadKeys = diff --git a/extensions/telegram/src/bot-updates.ts b/extensions/telegram/src/bot-updates.ts index 3121f1a487e..4b08c747f8f 100644 --- a/extensions/telegram/src/bot-updates.ts +++ b/extensions/telegram/src/bot-updates.ts @@ -1,5 +1,5 @@ import type { Message } from "@grammyjs/types"; -import { createDedupeCache } from "../../../src/infra/dedupe.js"; +import { createDedupeCache } from "openclaw/plugin-sdk/infra-runtime"; import type { TelegramContext } from "./bot/types.js"; const MEDIA_GROUP_TIMEOUT_MS = 500; diff --git a/extensions/telegram/src/bot.create-telegram-bot.test-harness.ts b/extensions/telegram/src/bot.create-telegram-bot.test-harness.ts index 2f151066910..f8573fecadd 100644 --- a/extensions/telegram/src/bot.create-telegram-bot.test-harness.ts +++ b/extensions/telegram/src/bot.create-telegram-bot.test-harness.ts @@ -1,9 +1,9 @@ +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { resetInboundDedupe } from "openclaw/plugin-sdk/reply-runtime"; +import type { MsgContext } from "openclaw/plugin-sdk/reply-runtime"; +import type { GetReplyOptions, ReplyPayload } from "openclaw/plugin-sdk/reply-runtime"; +import type { MockFn } from "openclaw/plugin-sdk/testing"; import { beforeEach, vi } from "vitest"; -import { resetInboundDedupe } from "../../../src/auto-reply/reply/inbound-dedupe.js"; -import type { MsgContext } from "../../../src/auto-reply/templating.js"; -import type { GetReplyOptions, ReplyPayload } from "../../../src/auto-reply/types.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import type { MockFn } from "../../../src/test-utils/vitest-mock-fn.js"; type AnyMock = MockFn<(...args: unknown[]) => unknown>; type AnyAsyncMock = MockFn<(...args: unknown[]) => Promise>; @@ -20,7 +20,7 @@ export function getLoadWebMediaMock(): AnyMock { return loadWebMedia; } -vi.mock("../../whatsapp/src/media.js", () => ({ +vi.mock("openclaw/plugin-sdk/web-media", () => ({ loadWebMedia, })); @@ -31,16 +31,16 @@ const { loadConfig } = vi.hoisted((): { loadConfig: AnyMock } => ({ export function getLoadConfigMock(): AnyMock { return loadConfig; } -vi.mock("../../../src/config/config.js", async (importOriginal) => { - const actual = await importOriginal(); +vi.mock("openclaw/plugin-sdk/config-runtime", async (importOriginal) => { + const actual = await importOriginal(); return { ...actual, loadConfig, }; }); -vi.mock("../../../src/config/sessions.js", async (importOriginal) => { - const actual = await importOriginal(); +vi.mock("openclaw/plugin-sdk/config-runtime", async (importOriginal) => { + const actual = await importOriginal(); return { ...actual, resolveStorePath: vi.fn((storePath) => storePath ?? sessionStorePath), @@ -68,28 +68,59 @@ export function getUpsertChannelPairingRequestMock(): AnyAsyncMock { return upsertChannelPairingRequest; } -vi.mock("../../../src/pairing/pairing-store.js", () => ({ - readChannelAllowFromStore, - upsertChannelPairingRequest, -})); +vi.mock("openclaw/plugin-sdk/conversation-runtime", async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + readChannelAllowFromStore, + upsertChannelPairingRequest, + }; +}); const skillCommandsHoisted = vi.hoisted(() => ({ listSkillCommandsForAgents: vi.fn(() => []), + replySpy: vi.fn(async (_ctx: MsgContext, opts?: GetReplyOptions) => { + await opts?.onReplyStart?.(); + return undefined; + }) as MockFn< + ( + ctx: MsgContext, + opts?: GetReplyOptions, + configOverride?: OpenClawConfig, + ) => Promise + >, })); export const listSkillCommandsForAgents = skillCommandsHoisted.listSkillCommandsForAgents; +export const replySpy = skillCommandsHoisted.replySpy; -vi.mock("../../../src/auto-reply/skill-commands.js", () => ({ - listSkillCommandsForAgents, -})); +vi.mock("openclaw/plugin-sdk/reply-runtime", async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + listSkillCommandsForAgents: skillCommandsHoisted.listSkillCommandsForAgents, + getReplyFromConfig: skillCommandsHoisted.replySpy, + __replySpy: skillCommandsHoisted.replySpy, + dispatchReplyWithBufferedBlockDispatcher: vi.fn( + async ({ ctx, replyOptions }: { ctx: MsgContext; replyOptions?: GetReplyOptions }) => { + await skillCommandsHoisted.replySpy(ctx, replyOptions); + return { queuedFinal: false }; + }, + ), + }; +}); const systemEventsHoisted = vi.hoisted(() => ({ enqueueSystemEventSpy: vi.fn(), })); export const enqueueSystemEventSpy: AnyMock = systemEventsHoisted.enqueueSystemEventSpy; -vi.mock("../../../src/infra/system-events.js", () => ({ - enqueueSystemEvent: enqueueSystemEventSpy, -})); +vi.mock("openclaw/plugin-sdk/infra-runtime", async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + enqueueSystemEvent: systemEventsHoisted.enqueueSystemEventSpy, + }; +}); const sentMessageCacheHoisted = vi.hoisted(() => ({ wasSentByBot: vi.fn(() => false), @@ -97,7 +128,7 @@ const sentMessageCacheHoisted = vi.hoisted(() => ({ export const wasSentByBot = sentMessageCacheHoisted.wasSentByBot; vi.mock("./sent-message-cache.js", () => ({ - wasSentByBot, + wasSentByBot: sentMessageCacheHoisted.wasSentByBot, recordSentMessage: vi.fn(), clearSentMessageCache: vi.fn(), })); @@ -182,36 +213,28 @@ vi.mock("grammy", () => ({ InputFile: class {}, })); -const sequentializeMiddleware = vi.fn(); -export const sequentializeSpy: AnyMock = vi.fn(() => sequentializeMiddleware); +const runnerHoisted = vi.hoisted(() => ({ + sequentializeMiddleware: vi.fn(async (_ctx: unknown, next?: () => Promise) => { + if (typeof next === "function") { + await next(); + } + }), + sequentializeSpy: vi.fn(() => runnerHoisted.sequentializeMiddleware), + throttlerSpy: vi.fn(() => "throttler"), +})); +export const sequentializeSpy: AnyMock = runnerHoisted.sequentializeSpy; export let sequentializeKey: ((ctx: unknown) => string) | undefined; vi.mock("@grammyjs/runner", () => ({ sequentialize: (keyFn: (ctx: unknown) => string) => { sequentializeKey = keyFn; - return sequentializeSpy(); + return runnerHoisted.sequentializeSpy(); }, })); -export const throttlerSpy: AnyMock = vi.fn(() => "throttler"); +export const throttlerSpy: AnyMock = runnerHoisted.throttlerSpy; vi.mock("@grammyjs/transformer-throttler", () => ({ - apiThrottler: () => throttlerSpy(), -})); - -export const replySpy: MockFn< - ( - ctx: MsgContext, - opts?: GetReplyOptions, - configOverride?: OpenClawConfig, - ) => Promise -> = vi.fn(async (_ctx, opts) => { - await opts?.onReplyStart?.(); - return undefined; -}); - -vi.mock("../../../src/auto-reply/reply.js", () => ({ - getReplyFromConfig: replySpy, - __replySpy: replySpy, + apiThrottler: () => runnerHoisted.throttlerSpy(), })); export const getOnHandler = (event: string) => { @@ -336,7 +359,14 @@ beforeEach(() => { listSkillCommandsForAgents.mockReset(); listSkillCommandsForAgents.mockReturnValue([]); middlewareUseSpy.mockReset(); + runnerHoisted.sequentializeMiddleware.mockReset(); + runnerHoisted.sequentializeMiddleware.mockImplementation(async (_ctx, next) => { + if (typeof next === "function") { + await next(); + } + }); sequentializeSpy.mockReset(); + sequentializeSpy.mockImplementation(() => runnerHoisted.sequentializeMiddleware); botCtorSpy.mockReset(); sequentializeKey = undefined; }); diff --git a/extensions/telegram/src/bot.create-telegram-bot.test.ts b/extensions/telegram/src/bot.create-telegram-bot.test.ts index d3854849b10..1cb0fd98512 100644 --- a/extensions/telegram/src/bot.create-telegram-bot.test.ts +++ b/extensions/telegram/src/bot.create-telegram-bot.test.ts @@ -2,9 +2,9 @@ import fs from "node:fs"; import os from "node:os"; import path from "node:path"; import { afterAll, beforeAll, describe, expect, it, vi } from "vitest"; -import { withEnvAsync } from "../../../src/test-utils/env.js"; -import { useFrozenTime, useRealTime } from "../../../src/test-utils/frozen-time.js"; import { escapeRegExp, formatEnvelopeTimestamp } from "../../../test/helpers/envelope-timestamp.js"; +import { withEnvAsync } from "../../../test/helpers/extensions/env.js"; +import { useFrozenTime, useRealTime } from "../../../test/helpers/extensions/frozen-time.js"; import { answerCallbackQuerySpy, botCtorSpy, diff --git a/extensions/telegram/src/bot.media.e2e-harness.ts b/extensions/telegram/src/bot.media.e2e-harness.ts index a91362702dd..54ae862ce87 100644 --- a/extensions/telegram/src/bot.media.e2e-harness.ts +++ b/extensions/telegram/src/bot.media.e2e-harness.ts @@ -1,5 +1,5 @@ +import { resetInboundDedupe } from "openclaw/plugin-sdk/reply-runtime"; import { beforeEach, vi, type Mock } from "vitest"; -import { resetInboundDedupe } from "../../../src/auto-reply/reply/inbound-dedupe.js"; export const useSpy: Mock = vi.fn(); export const middlewareUseSpy: Mock = vi.fn(); @@ -92,8 +92,8 @@ vi.mock("undici", async (importOriginal) => { }; }); -vi.mock("../../../src/media/store.js", async (importOriginal) => { - const actual = await importOriginal(); +vi.mock("openclaw/plugin-sdk/media-runtime", async (importOriginal) => { + const actual = await importOriginal(); const mockModule = Object.create(null) as Record; Object.defineProperties(mockModule, Object.getOwnPropertyDescriptors(actual)); Object.defineProperty(mockModule, "saveMediaBuffer", { @@ -105,8 +105,8 @@ vi.mock("../../../src/media/store.js", async (importOriginal) => { return mockModule; }); -vi.mock("../../../src/config/config.js", async (importOriginal) => { - const actual = await importOriginal(); +vi.mock("openclaw/plugin-sdk/config-runtime", async (importOriginal) => { + const actual = await importOriginal(); return { ...actual, loadConfig: () => ({ @@ -115,15 +115,15 @@ vi.mock("../../../src/config/config.js", async (importOriginal) => { }; }); -vi.mock("../../../src/config/sessions.js", async (importOriginal) => { - const actual = await importOriginal(); +vi.mock("openclaw/plugin-sdk/config-runtime", async (importOriginal) => { + const actual = await importOriginal(); return { ...actual, updateLastRoute: vi.fn(async () => undefined), }; }); -vi.mock("../../../src/pairing/pairing-store.js", () => ({ +vi.mock("openclaw/plugin-sdk/conversation-runtime", () => ({ readChannelAllowFromStore: vi.fn(async () => [] as string[]), upsertChannelPairingRequest: vi.fn(async () => ({ code: "PAIRCODE", @@ -131,7 +131,7 @@ vi.mock("../../../src/pairing/pairing-store.js", () => ({ })), })); -vi.mock("../../../src/auto-reply/reply.js", () => { +vi.mock("openclaw/plugin-sdk/reply-runtime", () => { const replySpy = vi.fn(async (_ctx, opts) => { await opts?.onReplyStart?.(); return undefined; diff --git a/extensions/telegram/src/bot.media.test-utils.ts b/extensions/telegram/src/bot.media.test-utils.ts index fde76f34e23..3fee9271e3e 100644 --- a/extensions/telegram/src/bot.media.test-utils.ts +++ b/extensions/telegram/src/bot.media.test-utils.ts @@ -1,5 +1,5 @@ +import * as ssrf from "openclaw/plugin-sdk/infra-runtime"; import { afterEach, beforeAll, beforeEach, expect, vi, type Mock } from "vitest"; -import * as ssrf from "../../../src/infra/net/ssrf.js"; import { onSpy, sendChatActionSpy } from "./bot.media.e2e-harness.js"; type StickerSpy = Mock<(...args: unknown[]) => unknown>; @@ -103,7 +103,7 @@ afterEach(() => { beforeAll(async () => { ({ createTelegramBot: createTelegramBotRef } = await import("./bot.js")); - const replyModule = await import("../../../src/auto-reply/reply.js"); + const replyModule = await import("openclaw/plugin-sdk/reply-runtime"); replySpyRef = (replyModule as unknown as { __replySpy: ReturnType }).__replySpy; }, TELEGRAM_BOT_IMPORT_TIMEOUT_MS); diff --git a/extensions/telegram/src/bot.test.ts b/extensions/telegram/src/bot.test.ts index 17f6870a964..3266c080254 100644 --- a/extensions/telegram/src/bot.test.ts +++ b/extensions/telegram/src/bot.test.ts @@ -1,11 +1,11 @@ import { rm } from "node:fs/promises"; +import type { PluginInteractiveTelegramHandlerContext } from "openclaw/plugin-sdk/core"; import { afterAll, beforeAll, beforeEach, describe, expect, it, vi } from "vitest"; import { expectChannelInboundContextContract as expectInboundContextContract } from "../../../src/channels/plugins/contracts/suites.js"; import { clearPluginInteractiveHandlers, registerPluginInteractiveHandler, } from "../../../src/plugins/interactive.js"; -import type { PluginInteractiveTelegramHandlerContext } from "../../../src/plugins/types.js"; import { escapeRegExp, formatEnvelopeTimestamp } from "../../../test/helpers/envelope-timestamp.js"; import { answerCallbackQuerySpy, diff --git a/extensions/telegram/src/bot.ts b/extensions/telegram/src/bot.ts index a817e10cbac..450c68b4aad 100644 --- a/extensions/telegram/src/bot.ts +++ b/extensions/telegram/src/bot.ts @@ -2,34 +2,31 @@ import { sequentialize } from "@grammyjs/runner"; import { apiThrottler } from "@grammyjs/transformer-throttler"; import type { ApiClientOptions } from "grammy"; import { Bot } from "grammy"; -import { resolveDefaultAgentId } from "../../../src/agents/agent-scope.js"; -import { resolveTextChunkLimit } from "../../../src/auto-reply/chunk.js"; -import { - DEFAULT_GROUP_HISTORY_LIMIT, - type HistoryEntry, -} from "../../../src/auto-reply/reply/history.js"; +import { resolveDefaultAgentId } from "openclaw/plugin-sdk/agent-runtime"; import { resolveThreadBindingIdleTimeoutMsForChannel, resolveThreadBindingMaxAgeMsForChannel, resolveThreadBindingSpawnPolicy, -} from "../../../src/channels/thread-bindings-policy.js"; +} from "openclaw/plugin-sdk/channel-runtime"; import { isNativeCommandsExplicitlyDisabled, resolveNativeCommandsEnabled, resolveNativeSkillsEnabled, -} from "../../../src/config/commands.js"; -import type { OpenClawConfig, ReplyToMode } from "../../../src/config/config.js"; -import { loadConfig } from "../../../src/config/config.js"; +} from "openclaw/plugin-sdk/config-runtime"; +import type { OpenClawConfig, ReplyToMode } from "openclaw/plugin-sdk/config-runtime"; +import { loadConfig } from "openclaw/plugin-sdk/config-runtime"; import { resolveChannelGroupPolicy, resolveChannelGroupRequireMention, -} from "../../../src/config/group-policy.js"; -import { loadSessionStore, resolveStorePath } from "../../../src/config/sessions.js"; -import { danger, logVerbose, shouldLogVerbose } from "../../../src/globals.js"; -import { formatUncaughtError } from "../../../src/infra/errors.js"; -import { getChildLogger } from "../../../src/logging.js"; -import { createSubsystemLogger } from "../../../src/logging/subsystem.js"; -import { createNonExitingRuntime, type RuntimeEnv } from "../../../src/runtime.js"; +} from "openclaw/plugin-sdk/config-runtime"; +import { loadSessionStore, resolveStorePath } from "openclaw/plugin-sdk/config-runtime"; +import { formatUncaughtError } from "openclaw/plugin-sdk/infra-runtime"; +import { resolveTextChunkLimit } from "openclaw/plugin-sdk/reply-runtime"; +import { DEFAULT_GROUP_HISTORY_LIMIT, type HistoryEntry } from "openclaw/plugin-sdk/reply-runtime"; +import { danger, logVerbose, shouldLogVerbose } from "openclaw/plugin-sdk/runtime-env"; +import { getChildLogger } from "openclaw/plugin-sdk/runtime-env"; +import { createSubsystemLogger } from "openclaw/plugin-sdk/runtime-env"; +import { createNonExitingRuntime, type RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; import { resolveTelegramAccount } from "./accounts.js"; import { registerTelegramHandlers } from "./bot-handlers.js"; import { createTelegramMessageProcessor } from "./bot-message.js"; @@ -41,7 +38,7 @@ import { type TelegramUpdateKeyContext, } from "./bot-updates.js"; import { buildTelegramGroupPeerId, resolveTelegramStreamMode } from "./bot/helpers.js"; -import { resolveTelegramTransport } from "./fetch.js"; +import { resolveTelegramTransport, type TelegramTransport } from "./fetch.js"; import { tagTelegramNetworkError } from "./network-errors.js"; import { createTelegramSendChatActionHandler } from "./sendchataction-401-backoff.js"; import { getTelegramSequentialKey } from "./sequential-key.js"; @@ -68,6 +65,8 @@ export type TelegramBotOptions = { mediaGroupFlushMs?: number; textFragmentGapMs?: number; }; + /** Pre-resolved Telegram transport to reuse across bot instances. If not provided, creates a new one. */ + telegramTransport?: TelegramTransport; }; export { getTelegramSequentialKey }; @@ -135,9 +134,11 @@ export function createTelegramBot(opts: TelegramBotOptions) { : null; const telegramCfg = account.config; - const telegramTransport = resolveTelegramTransport(opts.proxyFetch, { - network: telegramCfg.network, - }); + const telegramTransport = + opts.telegramTransport ?? + resolveTelegramTransport(opts.proxyFetch, { + network: telegramCfg.network, + }); const shouldProvideFetch = Boolean(telegramTransport.fetch); // grammY's ApiClientOptions types still track `node-fetch` types; Node 22+ global fetch // (undici) is structurally compatible at runtime but not assignable in TS. diff --git a/extensions/telegram/src/bot/delivery.replies.ts b/extensions/telegram/src/bot/delivery.replies.ts index 2dfc1c8e956..41dec78c70d 100644 --- a/extensions/telegram/src/bot/delivery.replies.ts +++ b/extensions/telegram/src/bot/delivery.replies.ts @@ -1,26 +1,23 @@ import { type Bot, GrammyError, InputFile } from "grammy"; -import { chunkMarkdownTextWithMode, type ChunkMode } from "../../../../src/auto-reply/chunk.js"; -import type { ReplyPayload } from "../../../../src/auto-reply/types.js"; -import type { ReplyToMode } from "../../../../src/config/config.js"; -import type { MarkdownTableMode } from "../../../../src/config/types.base.js"; -import { danger, logVerbose } from "../../../../src/globals.js"; -import { fireAndForgetHook } from "../../../../src/hooks/fire-and-forget.js"; -import { - createInternalHookEvent, - triggerInternalHook, -} from "../../../../src/hooks/internal-hooks.js"; +import type { ReplyToMode } from "openclaw/plugin-sdk/config-runtime"; +import type { MarkdownTableMode } from "openclaw/plugin-sdk/config-runtime"; +import { fireAndForgetHook } from "openclaw/plugin-sdk/hook-runtime"; +import { createInternalHookEvent, triggerInternalHook } from "openclaw/plugin-sdk/hook-runtime"; import { buildCanonicalSentMessageHookContext, toInternalMessageSentContext, toPluginMessageContext, toPluginMessageSentEvent, -} from "../../../../src/hooks/message-hook-mappers.js"; -import { formatErrorMessage } from "../../../../src/infra/errors.js"; -import { buildOutboundMediaLoadOptions } from "../../../../src/media/load-options.js"; -import { isGifMedia, kindFromMime } from "../../../../src/media/mime.js"; -import { getGlobalHookRunner } from "../../../../src/plugins/hook-runner-global.js"; -import type { RuntimeEnv } from "../../../../src/runtime.js"; -import { loadWebMedia } from "../../../whatsapp/src/media.js"; +} from "openclaw/plugin-sdk/hook-runtime"; +import { formatErrorMessage } from "openclaw/plugin-sdk/infra-runtime"; +import { buildOutboundMediaLoadOptions } from "openclaw/plugin-sdk/media-runtime"; +import { isGifMedia, kindFromMime } from "openclaw/plugin-sdk/media-runtime"; +import { getGlobalHookRunner } from "openclaw/plugin-sdk/plugin-runtime"; +import { chunkMarkdownTextWithMode, type ChunkMode } from "openclaw/plugin-sdk/reply-runtime"; +import type { ReplyPayload } from "openclaw/plugin-sdk/reply-runtime"; +import { danger, logVerbose } from "openclaw/plugin-sdk/runtime-env"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; +import { loadWebMedia } from "openclaw/plugin-sdk/web-media"; import type { TelegramInlineButtons } from "../button-types.js"; import { splitTelegramCaption } from "../caption.js"; import { diff --git a/extensions/telegram/src/bot/delivery.resolve-media-retry.test.ts b/extensions/telegram/src/bot/delivery.resolve-media-retry.test.ts index 55fec660a82..54dcf963997 100644 --- a/extensions/telegram/src/bot/delivery.resolve-media-retry.test.ts +++ b/extensions/telegram/src/bot/delivery.resolve-media-retry.test.ts @@ -6,31 +6,32 @@ import type { TelegramContext } from "./types.js"; const saveMediaBuffer = vi.fn(); const fetchRemoteMedia = vi.fn(); -vi.mock("../../../../src/media/store.js", async (importOriginal) => { - const actual = await importOriginal(); +vi.mock("openclaw/plugin-sdk/media-runtime", async (importOriginal) => { + const actual = await importOriginal(); return { ...actual, saveMediaBuffer: (...args: unknown[]) => saveMediaBuffer(...args), + fetchRemoteMedia: (...args: unknown[]) => fetchRemoteMedia(...args), }; }); -vi.mock("../../../../src/media/fetch.js", () => ({ - fetchRemoteMedia: (...args: unknown[]) => fetchRemoteMedia(...args), -})); - -vi.mock("../../../../src/globals.js", () => ({ - danger: (s: string) => s, - warn: (s: string) => s, - logVerbose: () => {}, -})); +vi.mock("openclaw/plugin-sdk/runtime-env", async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + logVerbose: () => {}, + warn: (s: string) => s, + danger: (s: string) => s, + }; +}); vi.mock("../sticker-cache.js", () => ({ cacheSticker: () => {}, getCachedSticker: () => null, })); -// eslint-disable-next-line @typescript-eslint/consistent-type-imports -const { resolveMedia } = await import("./delivery.js"); +let resolveMedia: typeof import("./delivery.js").resolveMedia; + const MAX_MEDIA_BYTES = 10_000_000; const BOT_TOKEN = "tok123"; @@ -164,10 +165,12 @@ async function flushRetryTimers() { } describe("resolveMedia getFile retry", () => { - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); + ({ resolveMedia } = await import("./delivery.js")); vi.useFakeTimers(); - fetchRemoteMedia.mockClear(); - saveMediaBuffer.mockClear(); + fetchRemoteMedia.mockReset(); + saveMediaBuffer.mockReset(); }); afterEach(() => { diff --git a/extensions/telegram/src/bot/delivery.resolve-media.ts b/extensions/telegram/src/bot/delivery.resolve-media.ts index e42dd11aa1b..52f6eef966c 100644 --- a/extensions/telegram/src/bot/delivery.resolve-media.ts +++ b/extensions/telegram/src/bot/delivery.resolve-media.ts @@ -1,10 +1,10 @@ import { GrammyError } from "grammy"; -import { logVerbose, warn } from "../../../../src/globals.js"; -import { formatErrorMessage } from "../../../../src/infra/errors.js"; -import { retryAsync } from "../../../../src/infra/retry.js"; -import { fetchRemoteMedia } from "../../../../src/media/fetch.js"; -import { saveMediaBuffer } from "../../../../src/media/store.js"; -import { shouldRetryTelegramIpv4Fallback, type TelegramTransport } from "../fetch.js"; +import { formatErrorMessage } from "openclaw/plugin-sdk/infra-runtime"; +import { retryAsync } from "openclaw/plugin-sdk/infra-runtime"; +import { fetchRemoteMedia } from "openclaw/plugin-sdk/media-runtime"; +import { saveMediaBuffer } from "openclaw/plugin-sdk/media-runtime"; +import { logVerbose, warn } from "openclaw/plugin-sdk/runtime-env"; +import { shouldRetryTelegramTransportFallback, type TelegramTransport } from "../fetch.js"; import { cacheSticker, getCachedSticker } from "../sticker-cache.js"; import { resolveTelegramMediaPlaceholder } from "./helpers.js"; import type { StickerMetadata, TelegramContext } from "./types.js"; @@ -129,9 +129,8 @@ async function downloadAndSaveTelegramFile(params: { const fetched = await fetchRemoteMedia({ url, fetchImpl: params.transport.sourceFetch, - dispatcherPolicy: params.transport.pinnedDispatcherPolicy, - fallbackDispatcherPolicy: params.transport.fallbackPinnedDispatcherPolicy, - shouldRetryFetchError: shouldRetryTelegramIpv4Fallback, + dispatcherAttempts: params.transport.dispatcherAttempts, + shouldRetryFetchError: shouldRetryTelegramTransportFallback, filePathHint: params.filePath, maxBytes: params.maxBytes, readIdleTimeoutMs: TELEGRAM_DOWNLOAD_IDLE_TIMEOUT_MS, diff --git a/extensions/telegram/src/bot/delivery.send.ts b/extensions/telegram/src/bot/delivery.send.ts index d8768899c28..9c0c6a77e10 100644 --- a/extensions/telegram/src/bot/delivery.send.ts +++ b/extensions/telegram/src/bot/delivery.send.ts @@ -1,6 +1,6 @@ import { type Bot, GrammyError } from "grammy"; -import { formatErrorMessage } from "../../../../src/infra/errors.js"; -import type { RuntimeEnv } from "../../../../src/runtime.js"; +import { formatErrorMessage } from "openclaw/plugin-sdk/infra-runtime"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; import { withTelegramApiErrorLogging } from "../api-logging.js"; import { markdownToTelegramHtml } from "../format.js"; import { buildInlineKeyboard } from "../send.js"; diff --git a/extensions/telegram/src/bot/helpers.test.ts b/extensions/telegram/src/bot/helpers.test.ts index fe30465b40c..5777216f2ac 100644 --- a/extensions/telegram/src/bot/helpers.test.ts +++ b/extensions/telegram/src/bot/helpers.test.ts @@ -1,3 +1,4 @@ +import type { Message } from "grammy/types"; import { describe, expect, it } from "vitest"; import { buildTelegramThreadParams, @@ -404,8 +405,59 @@ describe("hasBotMention", () => { ), ).toBe(true); }); -}); + it("matches mention followed by punctuation", () => { + expect( + hasBotMention( + { + text: "@gaian, what's up?", + chat: { id: 1, type: "supergroup" }, + // oxlint-disable-next-line typescript/no-explicit-any + } as any, + "gaian", + ), + ).toBe(true); + }); + + it("matches mention followed by space", () => { + expect( + hasBotMention( + { + text: "@gaian how are you", + chat: { id: 1, type: "supergroup" }, + // oxlint-disable-next-line typescript/no-explicit-any + } as any, + "gaian", + ), + ).toBe(true); + }); + + it("does not match substring of a longer username", () => { + expect( + hasBotMention( + { + text: "@gaianchat_bot hello", + chat: { id: 1, type: "supergroup" }, + // oxlint-disable-next-line typescript/no-explicit-any + } as any, + "gaian", + ), + ).toBe(false); + }); + + it("does not match when mention is a prefix of another word", () => { + expect( + hasBotMention( + { + text: "@gaianbot do something", + chat: { id: 1, type: "supergroup" }, + // oxlint-disable-next-line typescript/no-explicit-any + } as any, + "gaian", + ), + ).toBe(false); + }); +}); describe("expandTextLinks", () => { it("returns text unchanged when no entities are provided", () => { expect(expandTextLinks("Hello world")).toBe("Hello world"); diff --git a/extensions/telegram/src/bot/helpers.ts b/extensions/telegram/src/bot/helpers.ts index 3575da81efb..921cdf74e86 100644 --- a/extensions/telegram/src/bot/helpers.ts +++ b/extensions/telegram/src/bot/helpers.ts @@ -1,13 +1,13 @@ import type { Chat, Message, MessageOrigin, User } from "@grammyjs/types"; -import { formatLocationText, type NormalizedLocation } from "../../../../src/channels/location.js"; -import { resolveTelegramPreviewStreamMode } from "../../../../src/config/discord-preview-streaming.js"; +import { formatLocationText, type NormalizedLocation } from "openclaw/plugin-sdk/channel-runtime"; +import { resolveTelegramPreviewStreamMode } from "openclaw/plugin-sdk/config-runtime"; import type { TelegramDirectConfig, TelegramGroupConfig, TelegramTopicConfig, -} from "../../../../src/config/types.js"; -import { readChannelAllowFromStore } from "../../../../src/pairing/pairing-store.js"; -import { normalizeAccountId } from "../../../../src/routing/session-key.js"; +} from "openclaw/plugin-sdk/config-runtime"; +import { readChannelAllowFromStore } from "openclaw/plugin-sdk/conversation-runtime"; +import { normalizeAccountId } from "openclaw/plugin-sdk/routing"; import { firstDefined, normalizeAllowFrom, type NormalizedAllowFrom } from "../bot-access.js"; import type { TelegramStreamMode } from "./types.js"; diff --git a/extensions/telegram/src/bot/reply-threading.ts b/extensions/telegram/src/bot/reply-threading.ts index cdeeba7151b..11f4f099688 100644 --- a/extensions/telegram/src/bot/reply-threading.ts +++ b/extensions/telegram/src/bot/reply-threading.ts @@ -1,4 +1,4 @@ -import type { ReplyToMode } from "../../../../src/config/config.js"; +import type { ReplyToMode } from "openclaw/plugin-sdk/config-runtime"; export type DeliveryProgress = { hasReplied: boolean; diff --git a/extensions/telegram/src/button-types.ts b/extensions/telegram/src/button-types.ts index a6eae71995b..15c307ca8c0 100644 --- a/extensions/telegram/src/button-types.ts +++ b/extensions/telegram/src/button-types.ts @@ -1,9 +1,9 @@ -import { reduceInteractiveReply } from "../../../src/channels/plugins/outbound/interactive.js"; +import { reduceInteractiveReply } from "openclaw/plugin-sdk/channel-runtime"; import { normalizeInteractiveReply, type InteractiveReply, type InteractiveReplyButton, -} from "../../../src/interactive/payload.js"; +} from "openclaw/plugin-sdk/channel-runtime"; export type TelegramButtonStyle = "danger" | "success" | "primary"; diff --git a/extensions/telegram/src/channel-actions.ts b/extensions/telegram/src/channel-actions.ts index 84548374f05..50c472ea600 100644 --- a/extensions/telegram/src/channel-actions.ts +++ b/extensions/telegram/src/channel-actions.ts @@ -3,21 +3,21 @@ import { readStringArrayParam, readStringOrNumberParam, readStringParam, -} from "../../../src/agents/tools/common.js"; -import { handleTelegramAction } from "../../../src/agents/tools/telegram-actions.js"; -import { resolveReactionMessageId } from "../../../src/channels/plugins/actions/reaction-message-id.js"; +} from "openclaw/plugin-sdk/agent-runtime"; +import { handleTelegramAction } from "openclaw/plugin-sdk/agent-runtime"; +import { readBooleanParam } from "openclaw/plugin-sdk/boolean-param"; +import { resolveReactionMessageId } from "openclaw/plugin-sdk/channel-runtime"; import { createUnionActionGate, listTokenSourcedAccounts, -} from "../../../src/channels/plugins/actions/shared.js"; +} from "openclaw/plugin-sdk/channel-runtime"; import type { ChannelMessageActionAdapter, ChannelMessageActionName, -} from "../../../src/channels/plugins/types.js"; -import type { TelegramActionConfig } from "../../../src/config/types.telegram.js"; -import { readBooleanParam } from "../../../src/plugin-sdk/boolean-param.js"; -import { extractToolSend } from "../../../src/plugin-sdk/tool-send.js"; -import { resolveTelegramPollVisibility } from "../../../src/poll-params.js"; +} from "openclaw/plugin-sdk/channel-runtime"; +import type { TelegramActionConfig } from "openclaw/plugin-sdk/config-runtime"; +import { resolveTelegramPollVisibility } from "openclaw/plugin-sdk/telegram"; +import { extractToolSend } from "openclaw/plugin-sdk/tool-send"; import { createTelegramActionGate, listEnabledTelegramAccounts, diff --git a/extensions/telegram/src/channel.setup.ts b/extensions/telegram/src/channel.setup.ts index f28a96afff7..bdee67aa41d 100644 --- a/extensions/telegram/src/channel.setup.ts +++ b/extensions/telegram/src/channel.setup.ts @@ -1,127 +1,18 @@ -import { createScopedChannelConfigBase } from "openclaw/plugin-sdk/compat"; -import { - createScopedAccountConfigAccessors, - formatAllowFromLowercase, -} from "openclaw/plugin-sdk/compat"; import { buildChannelConfigSchema, - getChatChannelMeta, - normalizeAccountId, TelegramConfigSchema, type ChannelPlugin, - type OpenClawConfig, } from "openclaw/plugin-sdk/telegram"; -import { inspectTelegramAccount } from "./account-inspect.js"; -import { - listTelegramAccountIds, - resolveDefaultTelegramAccountId, - resolveTelegramAccount, - type ResolvedTelegramAccount, -} from "./accounts.js"; +import { type ResolvedTelegramAccount } from "./accounts.js"; import type { TelegramProbe } from "./probe.js"; import { telegramSetupAdapter } from "./setup-core.js"; import { telegramSetupWizard } from "./setup-surface.js"; - -function findTelegramTokenOwnerAccountId(params: { - cfg: OpenClawConfig; - accountId: string; -}): string | null { - const normalizedAccountId = normalizeAccountId(params.accountId); - const tokenOwners = new Map(); - for (const id of listTelegramAccountIds(params.cfg)) { - const account = inspectTelegramAccount({ cfg: params.cfg, accountId: id }); - const token = (account.token ?? "").trim(); - if (!token) { - continue; - } - const ownerAccountId = tokenOwners.get(token); - if (!ownerAccountId) { - tokenOwners.set(token, account.accountId); - continue; - } - if (account.accountId === normalizedAccountId) { - return ownerAccountId; - } - } - return null; -} - -function formatDuplicateTelegramTokenReason(params: { - accountId: string; - ownerAccountId: string; -}): string { - return ( - `Duplicate Telegram bot token: account "${params.accountId}" shares a token with ` + - `account "${params.ownerAccountId}". Keep one owner account per bot token.` - ); -} - -const telegramConfigAccessors = createScopedAccountConfigAccessors({ - resolveAccount: ({ cfg, accountId }) => resolveTelegramAccount({ cfg, accountId }), - resolveAllowFrom: (account: ResolvedTelegramAccount) => account.config.allowFrom, - formatAllowFrom: (allowFrom) => - formatAllowFromLowercase({ allowFrom, stripPrefixRe: /^(telegram|tg):/i }), - resolveDefaultTo: (account: ResolvedTelegramAccount) => account.config.defaultTo, -}); - -const telegramConfigBase = createScopedChannelConfigBase({ - sectionKey: "telegram", - listAccountIds: listTelegramAccountIds, - resolveAccount: (cfg, accountId) => resolveTelegramAccount({ cfg, accountId }), - inspectAccount: (cfg, accountId) => inspectTelegramAccount({ cfg, accountId }), - defaultAccountId: resolveDefaultTelegramAccountId, - clearBaseFields: ["botToken", "tokenFile", "name"], -}); +import { createTelegramPluginBase } from "./shared.js"; export const telegramSetupPlugin: ChannelPlugin = { - id: "telegram", - meta: { - ...getChatChannelMeta("telegram"), - quickstartAllowFrom: true, - }, - setupWizard: telegramSetupWizard, - capabilities: { - chatTypes: ["direct", "group", "channel", "thread"], - reactions: true, - threads: true, - media: true, - polls: true, - nativeCommands: true, - blockStreaming: true, - }, - reload: { configPrefixes: ["channels.telegram"] }, - configSchema: buildChannelConfigSchema(TelegramConfigSchema), - config: { - ...telegramConfigBase, - isConfigured: (account, cfg) => { - if (!account.token?.trim()) { - return false; - } - return !findTelegramTokenOwnerAccountId({ cfg, accountId: account.accountId }); - }, - unconfiguredReason: (account, cfg) => { - if (!account.token?.trim()) { - return "not configured"; - } - const ownerAccountId = findTelegramTokenOwnerAccountId({ cfg, accountId: account.accountId }); - if (!ownerAccountId) { - return "not configured"; - } - return formatDuplicateTelegramTokenReason({ - accountId: account.accountId, - ownerAccountId, - }); - }, - describeAccount: (account, cfg) => ({ - accountId: account.accountId, - name: account.name, - enabled: account.enabled, - configured: - Boolean(account.token?.trim()) && - !findTelegramTokenOwnerAccountId({ cfg, accountId: account.accountId }), - tokenSource: account.tokenSource, - }), - ...telegramConfigAccessors, - }, - setup: telegramSetupAdapter, + ...createTelegramPluginBase({ + configSchema: buildChannelConfigSchema(TelegramConfigSchema), + setupWizard: telegramSetupWizard, + setup: telegramSetupAdapter, + }), }; diff --git a/extensions/telegram/src/channel.test.ts b/extensions/telegram/src/channel.test.ts index 48d16361b1a..6c1f4da5e73 100644 --- a/extensions/telegram/src/channel.test.ts +++ b/extensions/telegram/src/channel.test.ts @@ -5,7 +5,7 @@ import type { PluginRuntime, } from "openclaw/plugin-sdk/telegram"; import { afterEach, describe, expect, it, vi } from "vitest"; -import { createRuntimeEnv } from "../../test-utils/runtime-env.js"; +import { createRuntimeEnv } from "../../../test/helpers/extensions/runtime-env.js"; import type { ResolvedTelegramAccount } from "./accounts.js"; import * as auditModule from "./audit.js"; import { telegramPlugin } from "./channel.js"; @@ -13,6 +13,36 @@ import * as monitorModule from "./monitor.js"; import * as probeModule from "./probe.js"; import { setTelegramRuntime } from "./runtime.js"; +const probeTelegramMock = vi.hoisted(() => vi.fn()); +const collectTelegramUnmentionedGroupIdsMock = vi.hoisted(() => vi.fn()); +const auditTelegramGroupMembershipMock = vi.hoisted(() => vi.fn()); +const monitorTelegramProviderMock = vi.hoisted(() => vi.fn()); + +vi.mock("./probe.js", async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + probeTelegram: probeTelegramMock, + }; +}); + +vi.mock("./audit.js", async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + collectTelegramUnmentionedGroupIds: collectTelegramUnmentionedGroupIdsMock, + auditTelegramGroupMembership: auditTelegramGroupMembershipMock, + }; +}); + +vi.mock("./monitor.js", async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + monitorTelegramProvider: monitorTelegramProviderMock, + }; +}); + function createCfg(): OpenClawConfig { return { channels: { @@ -156,7 +186,9 @@ describe("telegramPlugin duplicate token guard", () => { }); it("blocks startup for duplicate token accounts before polling starts", async () => { - const { monitorTelegramProvider, probeTelegram } = installGatewayRuntime({ probeOk: true }); + const { monitorTelegramProvider, probeTelegram } = installGatewayRuntime({ + probeOk: true, + }); await expect( telegramPlugin.gateway!.startAccount!( @@ -168,15 +200,23 @@ describe("telegramPlugin duplicate token guard", () => { ), ).rejects.toThrow("Duplicate Telegram bot token"); + expect(probeTelegramMock).not.toHaveBeenCalled(); + expect(monitorTelegramProviderMock).not.toHaveBeenCalled(); expect(probeTelegram).not.toHaveBeenCalled(); expect(monitorTelegramProvider).not.toHaveBeenCalled(); }); it("passes webhookPort through to monitor startup options", async () => { - const { monitorTelegramProvider } = installGatewayRuntime({ + const { monitorTelegramProvider, probeTelegram } = installGatewayRuntime({ probeOk: true, botUsername: "opsbot", }); + probeTelegramMock.mockResolvedValue({ + ok: true, + bot: { username: "opsbot" }, + elapsedMs: 1, + }); + monitorTelegramProviderMock.mockResolvedValue(undefined); const cfg = createCfg(); cfg.channels!.telegram!.accounts!.ops = { @@ -194,18 +234,39 @@ describe("telegramPlugin duplicate token guard", () => { }), ); - expect(monitorTelegramProvider).toHaveBeenCalledWith( + expect(probeTelegramMock).toHaveBeenCalledWith("token-ops", 2500, { + accountId: "ops", + proxyUrl: undefined, + network: undefined, + }); + expect(monitorTelegramProviderMock).toHaveBeenCalledWith( expect.objectContaining({ useWebhook: true, webhookPort: 9876, }), ); + expect(probeTelegram).toHaveBeenCalled(); + expect(monitorTelegramProvider).toHaveBeenCalled(); }); it("passes account proxy and network settings into Telegram probes", async () => { - const { probeTelegram } = installGatewayRuntime({ - probeOk: true, - botUsername: "opsbot", + const runtimeProbeTelegram = vi.fn(async () => { + throw new Error("runtime probe should not be used"); + }); + setTelegramRuntime({ + channel: { + telegram: { + probeTelegram: runtimeProbeTelegram, + }, + }, + logging: { + shouldLogVerbose: () => false, + }, + } as unknown as PluginRuntime); + probeTelegramMock.mockResolvedValue({ + ok: true, + bot: { username: "opsbot" }, + elapsedMs: 1, }); const cfg = createCfg(); @@ -218,7 +279,7 @@ describe("telegramPlugin duplicate token guard", () => { cfg, }); - expect(probeTelegram).toHaveBeenCalledWith("token-ops", 5000, { + expect(probeTelegramMock).toHaveBeenCalledWith("token-ops", 5000, { accountId: "ops", proxyUrl: "http://127.0.0.1:8888", network: { @@ -226,19 +287,40 @@ describe("telegramPlugin duplicate token guard", () => { dnsResultOrder: "ipv4first", }, }); + expect(runtimeProbeTelegram).not.toHaveBeenCalled(); }); it("passes account proxy and network settings into Telegram membership audits", async () => { - const { collectUnmentionedGroupIds, auditGroupMembership } = installGatewayRuntime({ - probeOk: true, - botUsername: "opsbot", + const runtimeCollectUnmentionedGroupIds = vi.fn(() => { + throw new Error("runtime audit helper should not be used"); }); - - collectUnmentionedGroupIds.mockReturnValue({ + const runtimeAuditGroupMembership = vi.fn(async () => { + throw new Error("runtime audit helper should not be used"); + }); + setTelegramRuntime({ + channel: { + telegram: { + collectUnmentionedGroupIds: runtimeCollectUnmentionedGroupIds, + auditGroupMembership: runtimeAuditGroupMembership, + }, + }, + logging: { + shouldLogVerbose: () => false, + }, + } as unknown as PluginRuntime); + collectTelegramUnmentionedGroupIdsMock.mockReturnValue({ groupIds: ["-100123"], unresolvedGroups: 0, hasWildcardUnmentionedGroups: false, }); + auditTelegramGroupMembershipMock.mockResolvedValue({ + ok: true, + checkedGroups: 1, + unresolvedGroups: 0, + hasWildcardUnmentionedGroups: false, + groups: [], + elapsedMs: 1, + }); const cfg = createCfg(); configureOpsProxyNetwork(cfg); @@ -257,7 +339,10 @@ describe("telegramPlugin duplicate token guard", () => { cfg, }); - expect(auditGroupMembership).toHaveBeenCalledWith({ + expect(collectTelegramUnmentionedGroupIdsMock).toHaveBeenCalledWith({ + "-100123": { requireMention: false }, + }); + expect(auditTelegramGroupMembershipMock).toHaveBeenCalledWith({ token: "token-ops", botId: 123, groupIds: ["-100123"], @@ -268,6 +353,8 @@ describe("telegramPlugin duplicate token guard", () => { }, timeoutMs: 5000, }); + expect(runtimeCollectUnmentionedGroupIds).not.toHaveBeenCalled(); + expect(runtimeAuditGroupMembership).not.toHaveBeenCalled(); }); it("forwards mediaLocalRoots to sendMessageTelegram for outbound media sends", async () => { @@ -391,7 +478,11 @@ describe("telegramPlugin duplicate token guard", () => { }); it("does not crash startup when a resolved account token is undefined", async () => { - const { monitorTelegramProvider } = installGatewayRuntime({ probeOk: false }); + const { monitorTelegramProvider, probeTelegram } = installGatewayRuntime({ + probeOk: false, + }); + probeTelegramMock.mockResolvedValue({ ok: false, elapsedMs: 1 }); + monitorTelegramProviderMock.mockResolvedValue(undefined); const cfg = createCfg(); const ctx = createStartAccountCtx({ @@ -405,11 +496,18 @@ describe("telegramPlugin duplicate token guard", () => { } as ResolvedTelegramAccount; await expect(telegramPlugin.gateway!.startAccount!(ctx)).resolves.toBeUndefined(); - expect(monitorTelegramProvider).toHaveBeenCalledWith( + expect(probeTelegramMock).toHaveBeenCalledWith("", 2500, { + accountId: "ops", + proxyUrl: undefined, + network: undefined, + }); + expect(monitorTelegramProviderMock).toHaveBeenCalledWith( expect.objectContaining({ token: "", }), ); + expect(probeTelegram).toHaveBeenCalled(); + expect(monitorTelegramProvider).toHaveBeenCalled(); }); }); diff --git a/extensions/telegram/src/channel.ts b/extensions/telegram/src/channel.ts index 5b3ce7279c6..0e2ce964b95 100644 --- a/extensions/telegram/src/channel.ts +++ b/extensions/telegram/src/channel.ts @@ -1,48 +1,35 @@ -import { createScopedChannelConfigBase } from "openclaw/plugin-sdk/compat"; +import { buildAccountScopedAllowlistConfigEditor } from "openclaw/plugin-sdk/allowlist-config-edit"; import { - buildAccountScopedAllowlistConfigEditor, collectAllowlistProviderGroupPolicyWarnings, collectOpenGroupPolicyRouteAllowlistWarnings, - createScopedAccountConfigAccessors, createScopedDmSecurityResolver, - formatAllowFromLowercase, -} from "openclaw/plugin-sdk/compat"; -import { - buildAgentSessionKey, - resolveThreadSessionKeys, - type RoutePeer, -} from "openclaw/plugin-sdk/core"; +} from "openclaw/plugin-sdk/channel-config-helpers"; +import { type OutboundSendDeps, resolveOutboundSendDep } from "openclaw/plugin-sdk/channel-runtime"; +import { normalizeMessageChannel } from "openclaw/plugin-sdk/channel-runtime"; +import { buildOutboundBaseSessionKey, normalizeOutboundThreadId } from "openclaw/plugin-sdk/core"; +import { resolveExecApprovalCommandDisplay } from "openclaw/plugin-sdk/infra-runtime"; +import { buildExecApprovalPendingReplyPayload } from "openclaw/plugin-sdk/infra-runtime"; +import { resolveThreadSessionKeys, type RoutePeer } from "openclaw/plugin-sdk/routing"; +import { parseTelegramTopicConversation } from "openclaw/plugin-sdk/telegram"; import { buildChannelConfigSchema, buildTokenChannelStatusSummary, clearAccountEntryFields, DEFAULT_ACCOUNT_ID, - getChatChannelMeta, listTelegramDirectoryGroupsFromConfig, listTelegramDirectoryPeersFromConfig, - normalizeAccountId, PAIRING_APPROVED_MESSAGE, projectCredentialSnapshotFields, resolveConfiguredFromCredentialStatuses, + TelegramConfigSchema, resolveTelegramGroupRequireMention, resolveTelegramGroupToolPolicy, - TelegramConfigSchema, - type ChannelMessageActionAdapter, type ChannelPlugin, + type ChannelMessageActionAdapter, type OpenClawConfig, } from "openclaw/plugin-sdk/telegram"; -import { parseTelegramTopicConversation } from "../../../src/acp/conversation-id.js"; -import { resolveExecApprovalCommandDisplay } from "../../../src/infra/exec-approval-command-display.js"; -import { buildExecApprovalPendingReplyPayload } from "../../../src/infra/exec-approval-reply.js"; -import { - type OutboundSendDeps, - resolveOutboundSendDep, -} from "../../../src/infra/outbound/send-deps.js"; -import { normalizeMessageChannel } from "../../../src/utils/message-channel.js"; -import { inspectTelegramAccount } from "./account-inspect.js"; import { listTelegramAccountIds, - resolveDefaultTelegramAccountId, resolveTelegramAccount, type ResolvedTelegramAccount, } from "./accounts.js"; @@ -62,6 +49,12 @@ import { getTelegramRuntime } from "./runtime.js"; import { sendTypingTelegram } from "./send.js"; import { telegramSetupAdapter } from "./setup-core.js"; import { telegramSetupWizard } from "./setup-surface.js"; +import { + createTelegramPluginBase, + findTelegramTokenOwnerAccountId, + formatDuplicateTelegramTokenReason, + telegramConfigAccessors, +} from "./shared.js"; import { collectTelegramStatusIssues } from "./status-issues.js"; import { parseTelegramTarget } from "./targets.js"; @@ -69,42 +62,6 @@ type TelegramSendFn = ReturnType< typeof getTelegramRuntime >["channel"]["telegram"]["sendMessageTelegram"]; -const meta = getChatChannelMeta("telegram"); - -function findTelegramTokenOwnerAccountId(params: { - cfg: OpenClawConfig; - accountId: string; -}): string | null { - const normalizedAccountId = normalizeAccountId(params.accountId); - const tokenOwners = new Map(); - for (const id of listTelegramAccountIds(params.cfg)) { - const account = inspectTelegramAccount({ cfg: params.cfg, accountId: id }); - const token = (account.token ?? "").trim(); - if (!token) { - continue; - } - const ownerAccountId = tokenOwners.get(token); - if (!ownerAccountId) { - tokenOwners.set(token, account.accountId); - continue; - } - if (account.accountId === normalizedAccountId) { - return ownerAccountId; - } - } - return null; -} - -function formatDuplicateTelegramTokenReason(params: { - accountId: string; - ownerAccountId: string; -}): string { - return ( - `Duplicate Telegram bot token: account "${params.accountId}" shares a token with ` + - `account "${params.ownerAccountId}". Keep one owner account per bot token.` - ); -} - type TelegramSendOptions = NonNullable[2]>; function buildTelegramSendOptions(params: { @@ -222,34 +179,13 @@ function parseTelegramExplicitTarget(raw: string) { }; } -function normalizeOutboundThreadId(value?: string | number | null): string | undefined { - if (value == null) { - return undefined; - } - if (typeof value === "number") { - if (!Number.isFinite(value)) { - return undefined; - } - return String(Math.trunc(value)); - } - const trimmed = value.trim(); - return trimmed ? trimmed : undefined; -} - function buildTelegramBaseSessionKey(params: { cfg: OpenClawConfig; agentId: string; accountId?: string | null; peer: RoutePeer; }) { - return buildAgentSessionKey({ - agentId: params.agentId, - channel: "telegram", - accountId: params.accountId, - peer: params.peer, - dmScope: params.cfg.session?.dmScope ?? "main", - identityLinks: params.cfg.session?.identityLinks, - }); + return buildOutboundBaseSessionKey({ ...params, channel: "telegram" }); } function resolveTelegramOutboundSessionRoute(params: { @@ -329,23 +265,6 @@ const telegramMessageActions: ChannelMessageActionAdapter = { }, }; -const telegramConfigAccessors = createScopedAccountConfigAccessors({ - resolveAccount: ({ cfg, accountId }) => resolveTelegramAccount({ cfg, accountId }), - resolveAllowFrom: (account: ResolvedTelegramAccount) => account.config.allowFrom, - formatAllowFrom: (allowFrom) => - formatAllowFromLowercase({ allowFrom, stripPrefixRe: /^(telegram|tg):/i }), - resolveDefaultTo: (account: ResolvedTelegramAccount) => account.config.defaultTo, -}); - -const telegramConfigBase = createScopedChannelConfigBase({ - sectionKey: "telegram", - listAccountIds: listTelegramAccountIds, - resolveAccount: (cfg, accountId) => resolveTelegramAccount({ cfg, accountId }), - inspectAccount: (cfg, accountId) => inspectTelegramAccount({ cfg, accountId }), - defaultAccountId: resolveDefaultTelegramAccountId, - clearBaseFields: ["botToken", "tokenFile", "name"], -}); - const resolveTelegramDmPolicy = createScopedDmSecurityResolver({ channelKey: "telegram", resolvePolicy: (account) => account.config.dmPolicy, @@ -378,12 +297,11 @@ function readTelegramAllowlistConfig(account: ResolvedTelegramAccount) { } export const telegramPlugin: ChannelPlugin = { - id: "telegram", - meta: { - ...meta, - quickstartAllowFrom: true, - }, - setupWizard: telegramSetupWizard, + ...createTelegramPluginBase({ + configSchema: buildChannelConfigSchema(TelegramConfigSchema), + setupWizard: telegramSetupWizard, + setup: telegramSetupAdapter, + }), pairing: { idLabel: "telegramUserId", normalizeAllowEntry: (entry) => entry.replace(/^(telegram|tg):/i, ""), @@ -401,49 +319,6 @@ export const telegramPlugin: ChannelPlugin { - if (!account.token?.trim()) { - return false; - } - return !findTelegramTokenOwnerAccountId({ cfg, accountId: account.accountId }); - }, - unconfiguredReason: (account, cfg) => { - if (!account.token?.trim()) { - return "not configured"; - } - const ownerAccountId = findTelegramTokenOwnerAccountId({ cfg, accountId: account.accountId }); - if (!ownerAccountId) { - return "not configured"; - } - return formatDuplicateTelegramTokenReason({ - accountId: account.accountId, - ownerAccountId, - }); - }, - describeAccount: (account, cfg) => ({ - accountId: account.accountId, - name: account.name, - enabled: account.enabled, - configured: - Boolean(account.token?.trim()) && - !findTelegramTokenOwnerAccountId({ cfg, accountId: account.accountId }), - tokenSource: account.tokenSource, - }), - ...telegramConfigAccessors, - }, allowlist: { supportsScope: ({ scope }) => scope === "dm" || scope === "group" || scope === "all", readConfig: ({ cfg, accountId }) => @@ -458,11 +333,15 @@ export const telegramPlugin: ChannelPlugin + bindings: { + compileConfiguredBinding: ({ conversationId }) => normalizeTelegramAcpConversationId(conversationId), - matchConfiguredBinding: ({ bindingConversationId, conversationId, parentConversationId }) => - matchTelegramAcpConversation({ bindingConversationId, conversationId, parentConversationId }), + matchInboundConversation: ({ compiledBinding, conversationId, parentConversationId }) => + matchTelegramAcpConversation({ + bindingConversationId: compiledBinding.conversationId, + conversationId, + parentConversationId, + }), }, security: { resolveDmPolicy: resolveTelegramDmPolicy, diff --git a/extensions/telegram/src/conversation-route.base-session-key.test.ts b/extensions/telegram/src/conversation-route.base-session-key.test.ts new file mode 100644 index 00000000000..baebab3470c --- /dev/null +++ b/extensions/telegram/src/conversation-route.base-session-key.test.ts @@ -0,0 +1,64 @@ +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { resolveThreadSessionKeys } from "openclaw/plugin-sdk/routing"; +import { describe, expect, it } from "vitest"; +import { resolveTelegramConversationBaseSessionKey } from "./conversation-route.js"; + +describe("resolveTelegramConversationBaseSessionKey", () => { + const cfg: OpenClawConfig = {}; + + it("keeps the routed session key for the default account", () => { + expect( + resolveTelegramConversationBaseSessionKey({ + cfg, + route: { + agentId: "main", + accountId: "default", + matchedBy: "default", + sessionKey: "agent:main:main", + }, + chatId: 12345, + isGroup: false, + senderId: 12345, + }), + ).toBe("agent:main:main"); + }); + + it("uses the per-account fallback key for named-account DMs without an explicit binding", () => { + expect( + resolveTelegramConversationBaseSessionKey({ + cfg, + route: { + agentId: "main", + accountId: "personal", + matchedBy: "default", + sessionKey: "agent:main:main", + }, + chatId: 12345, + isGroup: false, + senderId: 12345, + }), + ).toBe("agent:main:telegram:personal:direct:12345"); + }); + + it("keeps DM topic isolation on the named-account fallback key", () => { + const baseSessionKey = resolveTelegramConversationBaseSessionKey({ + cfg, + route: { + agentId: "main", + accountId: "personal", + matchedBy: "default", + sessionKey: "agent:main:main", + }, + chatId: 12345, + isGroup: false, + senderId: 12345, + }); + + expect( + resolveThreadSessionKeys({ + baseSessionKey, + threadId: "12345:99", + }).sessionKey, + ).toBe("agent:main:telegram:personal:direct:12345:thread:12345:99"); + }); +}); diff --git a/extensions/telegram/src/conversation-route.ts b/extensions/telegram/src/conversation-route.ts index f12c896d0ca..5d777763cde 100644 --- a/extensions/telegram/src/conversation-route.ts +++ b/extensions/telegram/src/conversation-route.ts @@ -1,18 +1,22 @@ -import { resolveConfiguredAcpRoute } from "../../../src/acp/persistent-bindings.route.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { logVerbose } from "../../../src/globals.js"; -import { getSessionBindingService } from "../../../src/infra/outbound/session-binding-service.js"; -import { isPluginOwnedSessionBindingRecord } from "../../../src/plugins/conversation-binding.js"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { + resolveConfiguredBindingRoute, + type ConfiguredBindingRouteResult, +} from "openclaw/plugin-sdk/conversation-runtime"; +import { getSessionBindingService } from "openclaw/plugin-sdk/conversation-runtime"; +import { isPluginOwnedSessionBindingRecord } from "openclaw/plugin-sdk/conversation-runtime"; import { buildAgentSessionKey, deriveLastRoutePolicy, resolveAgentRoute, -} from "../../../src/routing/resolve-route.js"; +} from "openclaw/plugin-sdk/routing"; import { buildAgentMainSessionKey, + DEFAULT_ACCOUNT_ID, resolveAgentIdFromSessionKey, sanitizeAgentId, -} from "../../../src/routing/session-key.js"; +} from "openclaw/plugin-sdk/routing"; +import { logVerbose } from "openclaw/plugin-sdk/runtime-env"; import { buildTelegramGroupPeerId, buildTelegramParentPeer, @@ -30,7 +34,7 @@ export function resolveTelegramConversationRoute(params: { topicAgentId?: string | null; }): { route: ReturnType; - configuredBinding: ReturnType["configuredBinding"]; + configuredBinding: ConfiguredBindingRouteResult["bindingResolution"]; configuredBindingSessionKey: string; } { const peerId = params.isGroup @@ -93,15 +97,17 @@ export function resolveTelegramConversationRoute(params: { ); } - const configuredRoute = resolveConfiguredAcpRoute({ + const configuredRoute = resolveConfiguredBindingRoute({ cfg: params.cfg, route, - channel: "telegram", - accountId: params.accountId, - conversationId: peerId, - parentConversationId: params.isGroup ? String(params.chatId) : undefined, + conversation: { + channel: "telegram", + accountId: params.accountId, + conversationId: peerId, + parentConversationId: params.isGroup ? String(params.chatId) : undefined, + }, }); - let configuredBinding = configuredRoute.configuredBinding; + let configuredBinding = configuredRoute.bindingResolution; let configuredBindingSessionKey = configuredRoute.boundSessionKey ?? ""; route = configuredRoute.route; @@ -148,3 +154,34 @@ export function resolveTelegramConversationRoute(params: { configuredBindingSessionKey, }; } + +export function resolveTelegramConversationBaseSessionKey(params: { + cfg: OpenClawConfig; + route: Pick< + ReturnType["route"], + "agentId" | "accountId" | "matchedBy" | "sessionKey" + >; + chatId: number | string; + isGroup: boolean; + senderId?: string | number | null; +}): string { + const isNamedAccountFallback = + params.route.accountId !== DEFAULT_ACCOUNT_ID && params.route.matchedBy === "default"; + if (!isNamedAccountFallback || params.isGroup) { + return params.route.sessionKey; + } + return buildAgentSessionKey({ + agentId: params.route.agentId, + channel: "telegram", + accountId: params.route.accountId, + peer: { + kind: "direct", + id: resolveTelegramDirectPeerId({ + chatId: params.chatId, + senderId: params.senderId, + }), + }, + dmScope: "per-account-channel-peer", + identityLinks: params.cfg.session?.identityLinks, + }).toLowerCase(); +} diff --git a/extensions/telegram/src/dm-access.ts b/extensions/telegram/src/dm-access.ts index db8cc419c6a..5bcacf95567 100644 --- a/extensions/telegram/src/dm-access.ts +++ b/extensions/telegram/src/dm-access.ts @@ -1,9 +1,9 @@ import type { Message } from "@grammyjs/types"; import type { Bot } from "grammy"; -import type { DmPolicy } from "../../../src/config/types.js"; -import { logVerbose } from "../../../src/globals.js"; -import { issuePairingChallenge } from "../../../src/pairing/pairing-challenge.js"; -import { upsertChannelPairingRequest } from "../../../src/pairing/pairing-store.js"; +import type { DmPolicy } from "openclaw/plugin-sdk/config-runtime"; +import { issuePairingChallenge } from "openclaw/plugin-sdk/conversation-runtime"; +import { upsertChannelPairingRequest } from "openclaw/plugin-sdk/conversation-runtime"; +import { logVerbose } from "openclaw/plugin-sdk/runtime-env"; import { withTelegramApiErrorLogging } from "./api-logging.js"; import { resolveSenderAllowMatch, type NormalizedAllowFrom } from "./bot-access.js"; diff --git a/extensions/telegram/src/draft-chunking.ts b/extensions/telegram/src/draft-chunking.ts index 951fbb41951..42911f4fd0e 100644 --- a/extensions/telegram/src/draft-chunking.ts +++ b/extensions/telegram/src/draft-chunking.ts @@ -1,7 +1,7 @@ -import { resolveTextChunkLimit } from "../../../src/auto-reply/chunk.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { resolveAccountEntry } from "../../../src/routing/account-lookup.js"; -import { normalizeAccountId } from "../../../src/routing/session-key.js"; +import { type OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { resolveTextChunkLimit } from "openclaw/plugin-sdk/reply-runtime"; +import { resolveAccountEntry } from "openclaw/plugin-sdk/routing"; +import { normalizeAccountId } from "openclaw/plugin-sdk/routing"; import { TELEGRAM_TEXT_CHUNK_LIMIT } from "./outbound-adapter.js"; const DEFAULT_TELEGRAM_DRAFT_STREAM_MIN = 200; diff --git a/extensions/telegram/src/draft-stream.ts b/extensions/telegram/src/draft-stream.ts index 5641b042d30..baebe687c50 100644 --- a/extensions/telegram/src/draft-stream.ts +++ b/extensions/telegram/src/draft-stream.ts @@ -1,6 +1,6 @@ import type { Bot } from "grammy"; -import { createFinalizableDraftLifecycle } from "../../../src/channels/draft-stream-controls.js"; -import { resolveGlobalSingleton } from "../../../src/shared/global-singleton.js"; +import { createFinalizableDraftLifecycle } from "openclaw/plugin-sdk/channel-runtime"; +import { resolveGlobalSingleton } from "openclaw/plugin-sdk/text-runtime"; import { buildTelegramThreadParams, type TelegramThreadSpec } from "./bot/helpers.js"; import { isSafeToRetrySendError, isTelegramClientRejection } from "./network-errors.js"; diff --git a/extensions/telegram/src/exec-approvals-handler.ts b/extensions/telegram/src/exec-approvals-handler.ts index a9d32d0887d..97cc2228b98 100644 --- a/extensions/telegram/src/exec-approvals-handler.ts +++ b/extensions/telegram/src/exec-approvals-handler.ts @@ -1,21 +1,18 @@ -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { GatewayClient } from "../../../src/gateway/client.js"; -import { createOperatorApprovalsGatewayClient } from "../../../src/gateway/operator-approvals-client.js"; -import type { EventFrame } from "../../../src/gateway/protocol/index.js"; -import { resolveExecApprovalCommandDisplay } from "../../../src/infra/exec-approval-command-display.js"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { GatewayClient } from "openclaw/plugin-sdk/gateway-runtime"; +import { createOperatorApprovalsGatewayClient } from "openclaw/plugin-sdk/gateway-runtime"; +import type { EventFrame } from "openclaw/plugin-sdk/gateway-runtime"; +import { resolveExecApprovalCommandDisplay } from "openclaw/plugin-sdk/infra-runtime"; import { buildExecApprovalPendingReplyPayload, type ExecApprovalPendingReplyParams, -} from "../../../src/infra/exec-approval-reply.js"; -import { resolveExecApprovalSessionTarget } from "../../../src/infra/exec-approval-session-target.js"; -import type { - ExecApprovalRequest, - ExecApprovalResolved, -} from "../../../src/infra/exec-approvals.js"; -import { createSubsystemLogger } from "../../../src/logging/subsystem.js"; -import { normalizeAccountId, parseAgentSessionKey } from "../../../src/routing/session-key.js"; -import type { RuntimeEnv } from "../../../src/runtime.js"; -import { compileSafeRegex, testRegexWithBoundedInput } from "../../../src/security/safe-regex.js"; +} from "openclaw/plugin-sdk/infra-runtime"; +import { resolveExecApprovalSessionTarget } from "openclaw/plugin-sdk/infra-runtime"; +import type { ExecApprovalRequest, ExecApprovalResolved } from "openclaw/plugin-sdk/infra-runtime"; +import { normalizeAccountId, parseAgentSessionKey } from "openclaw/plugin-sdk/routing"; +import { createSubsystemLogger } from "openclaw/plugin-sdk/runtime-env"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; +import { compileSafeRegex, testRegexWithBoundedInput } from "openclaw/plugin-sdk/security-runtime"; import { buildTelegramExecApprovalButtons } from "./approval-buttons.js"; import { getTelegramExecApprovalApprovers, diff --git a/extensions/telegram/src/exec-approvals.ts b/extensions/telegram/src/exec-approvals.ts index b1b0eed8d4f..10ae8dd35a0 100644 --- a/extensions/telegram/src/exec-approvals.ts +++ b/extensions/telegram/src/exec-approvals.ts @@ -1,7 +1,7 @@ -import type { ReplyPayload } from "../../../src/auto-reply/types.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import type { TelegramExecApprovalConfig } from "../../../src/config/types.telegram.js"; -import { getExecApprovalReplyMetadata } from "../../../src/infra/exec-approval-reply.js"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import type { TelegramExecApprovalConfig } from "openclaw/plugin-sdk/config-runtime"; +import { getExecApprovalReplyMetadata } from "openclaw/plugin-sdk/infra-runtime"; +import type { ReplyPayload } from "openclaw/plugin-sdk/reply-runtime"; import { resolveTelegramAccount } from "./accounts.js"; import { resolveTelegramTargetChatType } from "./targets.js"; diff --git a/extensions/telegram/src/fetch.test.ts b/extensions/telegram/src/fetch.test.ts index 7681d0c8701..4afdacf0568 100644 --- a/extensions/telegram/src/fetch.test.ts +++ b/extensions/telegram/src/fetch.test.ts @@ -1,6 +1,4 @@ -import { afterEach, describe, expect, it, vi } from "vitest"; -import { resolveFetch } from "../../../src/infra/fetch.js"; -import { resolveTelegramFetch, resolveTelegramTransport } from "./fetch.js"; +import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; const setDefaultResultOrder = vi.hoisted(() => vi.fn()); const setDefaultAutoSelectFamily = vi.hoisted(() => vi.fn()); @@ -56,6 +54,16 @@ vi.mock("undici", () => ({ setGlobalDispatcher, })); +let resolveFetch: typeof import("../../../src/infra/fetch.js").resolveFetch; +let resolveTelegramFetch: typeof import("./fetch.js").resolveTelegramFetch; +let resolveTelegramTransport: typeof import("./fetch.js").resolveTelegramTransport; + +beforeEach(async () => { + vi.resetModules(); + ({ resolveFetch } = await import("../../../src/infra/fetch.js")); + ({ resolveTelegramFetch, resolveTelegramTransport } = await import("./fetch.js")); +}); + function resolveTelegramFetchOrThrow( proxyFetch?: typeof fetch, options?: { network?: { autoSelectFamily?: boolean; dnsResultOrder?: "ipv4first" | "verbatim" } }, @@ -152,6 +160,24 @@ function expectPinnedIpv4ConnectDispatcher(args: { } } +function expectPinnedFallbackIpDispatcher(callIndex: number) { + const dispatcher = getDispatcherFromUndiciCall(callIndex); + expect(dispatcher?.options?.connect).toEqual( + expect.objectContaining({ + family: 4, + autoSelectFamily: false, + lookup: expect.any(Function), + }), + ); + const callback = vi.fn(); + ( + dispatcher?.options?.connect?.lookup as + | ((hostname: string, callback: (err: null, address: string, family: number) => void) => void) + | undefined + )?.("api.telegram.org", callback); + expect(callback).toHaveBeenCalledWith(null, "149.154.167.220", 4); +} + function expectCallerDispatcherPreserved(callIndexes: number[], dispatcher: unknown) { for (const callIndex of callIndexes) { const callInit = undiciFetch.mock.calls[callIndex - 1]?.[1] as @@ -395,7 +421,7 @@ describe("resolveTelegramFetch", () => { pinnedCall: 2, followupCall: 3, }); - expect(transport.pinnedDispatcherPolicy).toEqual( + expect(transport.dispatcherAttempts?.[0]?.dispatcherPolicy).toEqual( expect.objectContaining({ mode: "direct", }), @@ -533,6 +559,34 @@ describe("resolveTelegramFetch", () => { ); }); + it("escalates from IPv4 fallback to pinned Telegram IP and keeps it sticky", async () => { + undiciFetch + .mockRejectedValueOnce(buildFetchFallbackError("ETIMEDOUT")) + .mockRejectedValueOnce(buildFetchFallbackError("EHOSTUNREACH")) + .mockResolvedValueOnce({ ok: true } as Response) + .mockResolvedValueOnce({ ok: true } as Response); + + const resolved = resolveTelegramFetchOrThrow(undefined, { + network: { + autoSelectFamily: true, + dnsResultOrder: "ipv4first", + }, + }); + + await resolved("https://api.telegram.org/botx/sendMessage"); + await resolved("https://api.telegram.org/botx/sendChatAction"); + + expect(undiciFetch).toHaveBeenCalledTimes(4); + + const secondDispatcher = getDispatcherFromUndiciCall(2); + const thirdDispatcher = getDispatcherFromUndiciCall(3); + const fourthDispatcher = getDispatcherFromUndiciCall(4); + + expect(secondDispatcher).not.toBe(thirdDispatcher); + expect(thirdDispatcher).toBe(fourthDispatcher); + expectPinnedFallbackIpDispatcher(3); + }); + it("preserves caller-provided dispatcher across fallback retry", async () => { const fetchError = buildFetchFallbackError("EHOSTUNREACH"); undiciFetch.mockRejectedValueOnce(fetchError).mockResolvedValueOnce({ ok: true } as Response); diff --git a/extensions/telegram/src/fetch.ts b/extensions/telegram/src/fetch.ts index 4b234c8d107..ad60faab13b 100644 --- a/extensions/telegram/src/fetch.ts +++ b/extensions/telegram/src/fetch.ts @@ -1,10 +1,13 @@ import * as dns from "node:dns"; +import type { TelegramNetworkConfig } from "openclaw/plugin-sdk/config-runtime"; +import { + createPinnedLookup, + hasEnvHttpProxyConfigured, + resolveFetch, + type PinnedDispatcherPolicy, +} from "openclaw/plugin-sdk/infra-runtime"; +import { createSubsystemLogger } from "openclaw/plugin-sdk/runtime-env"; import { Agent, EnvHttpProxyAgent, ProxyAgent, fetch as undiciFetch } from "undici"; -import type { TelegramNetworkConfig } from "../../../src/config/types.telegram.js"; -import { resolveFetch } from "../../../src/infra/fetch.js"; -import { hasEnvHttpProxyConfigured } from "../../../src/infra/net/proxy-env.js"; -import type { PinnedDispatcherPolicy } from "../../../src/infra/net/ssrf.js"; -import { createSubsystemLogger } from "../../../src/logging/subsystem.js"; import { resolveTelegramAutoSelectFamilyDecision, resolveTelegramDnsResultOrderDecision, @@ -15,6 +18,7 @@ const log = createSubsystemLogger("telegram/network"); const TELEGRAM_AUTO_SELECT_FAMILY_ATTEMPT_TIMEOUT_MS = 300; const TELEGRAM_API_HOSTNAME = "api.telegram.org"; +const TELEGRAM_FALLBACK_IPS: readonly string[] = ["149.154.167.220"]; type RequestInitWithDispatcher = RequestInit & { dispatcher?: unknown; @@ -24,6 +28,16 @@ type TelegramDispatcher = Agent | EnvHttpProxyAgent | ProxyAgent; type TelegramDispatcherMode = "direct" | "env-proxy" | "explicit-proxy"; +type TelegramDispatcherAttempt = { + dispatcherPolicy?: PinnedDispatcherPolicy; +}; + +type TelegramTransportAttempt = { + createDispatcher: () => TelegramDispatcher; + exportAttempt: TelegramDispatcherAttempt; + logMessage?: string; +}; + type TelegramDnsResultOrder = "ipv4first" | "verbatim"; type LookupCallback = @@ -49,17 +63,17 @@ const FALLBACK_RETRY_ERROR_CODES = [ "UND_ERR_SOCKET", ] as const; -type Ipv4FallbackContext = { +type TelegramTransportFallbackContext = { message: string; codes: Set; }; -type Ipv4FallbackRule = { +type TelegramTransportFallbackRule = { name: string; - matches: (ctx: Ipv4FallbackContext) => boolean; + matches: (ctx: TelegramTransportFallbackContext) => boolean; }; -const IPV4_FALLBACK_RULES: readonly Ipv4FallbackRule[] = [ +const TELEGRAM_TRANSPORT_FALLBACK_RULES: readonly TelegramTransportFallbackRule[] = [ { name: "fetch-failed-envelope", matches: ({ message }) => message.includes("fetch failed"), @@ -98,7 +112,6 @@ function createDnsResultOrderLookup( const lookupOptions: LookupOptions = { ...baseOptions, order, - // Keep `verbatim` for compatibility with Node runtimes that ignore `order`. verbatim: order === "verbatim", }; lookup(hostname, lookupOptions, callback); @@ -139,14 +152,6 @@ function buildTelegramConnectOptions(params: { } function shouldBypassEnvProxyForTelegramApi(env: NodeJS.ProcessEnv = process.env): boolean { - // We need this classification before dispatch to decide whether sticky IPv4 fallback - // can safely arm. EnvHttpProxyAgent does not expose route decisions (proxy vs direct - // NO_PROXY bypass), so we mirror undici's parsing/matching behavior for this host. - // Match EnvHttpProxyAgent behavior (undici): - // - lower-case no_proxy takes precedence over NO_PROXY - // - entries split by comma or whitespace - // - wildcard handling is exact-string "*" only - // - leading "." and "*." are normalized the same way const noProxyValue = env.no_proxy ?? env.NO_PROXY ?? ""; if (!noProxyValue) { return false; @@ -228,16 +233,32 @@ function resolveTelegramDispatcherPolicy(params: { }; } +function withPinnedLookup( + options: Record | undefined, + pinnedHostname: PinnedDispatcherPolicy["pinnedHostname"], +): Record | undefined { + if (!pinnedHostname) { + return options ? { ...options } : undefined; + } + const lookup = createPinnedLookup({ + hostname: pinnedHostname.hostname, + addresses: [...pinnedHostname.addresses], + fallback: dns.lookup, + }); + return options ? { ...options, lookup } : { lookup }; +} + function createTelegramDispatcher(policy: PinnedDispatcherPolicy): { dispatcher: TelegramDispatcher; mode: TelegramDispatcherMode; effectivePolicy: PinnedDispatcherPolicy; } { if (policy.mode === "explicit-proxy") { - const proxyOptions = policy.proxyTls + const proxyTlsOptions = withPinnedLookup(policy.proxyTls, policy.pinnedHostname); + const proxyOptions = proxyTlsOptions ? ({ uri: policy.proxyUrl, - proxyTls: { ...policy.proxyTls }, + proxyTls: proxyTlsOptions, } satisfies ConstructorParameters[0]) : policy.proxyUrl; try { @@ -253,13 +274,13 @@ function createTelegramDispatcher(policy: PinnedDispatcherPolicy): { } if (policy.mode === "env-proxy") { + const connectOptions = withPinnedLookup(policy.connect, policy.pinnedHostname); + const proxyTlsOptions = withPinnedLookup(policy.proxyTls, policy.pinnedHostname); const proxyOptions = - policy.connect || policy.proxyTls + connectOptions || proxyTlsOptions ? ({ - ...(policy.connect ? { connect: { ...policy.connect } } : {}), - // undici's EnvHttpProxyAgent passes `connect` only to the no-proxy Agent. - // Real proxied HTTPS traffic reads transport settings from ProxyAgent.proxyTls. - ...(policy.proxyTls ? { proxyTls: { ...policy.proxyTls } } : {}), + ...(connectOptions ? { connect: connectOptions } : {}), + ...(proxyTlsOptions ? { proxyTls: proxyTlsOptions } : {}), } satisfies ConstructorParameters[0]) : undefined; try { @@ -276,14 +297,12 @@ function createTelegramDispatcher(policy: PinnedDispatcherPolicy): { ); const directPolicy: PinnedDispatcherPolicy = { mode: "direct", - ...(policy.connect ? { connect: { ...policy.connect } } : {}), + ...(connectOptions ? { connect: connectOptions } : {}), }; return { dispatcher: new Agent( directPolicy.connect - ? ({ - connect: { ...directPolicy.connect }, - } satisfies ConstructorParameters[0]) + ? ({ connect: directPolicy.connect } satisfies ConstructorParameters[0]) : undefined, ), mode: "direct", @@ -292,11 +311,12 @@ function createTelegramDispatcher(policy: PinnedDispatcherPolicy): { } } + const connectOptions = withPinnedLookup(policy.connect, policy.pinnedHostname); return { dispatcher: new Agent( - policy.connect + connectOptions ? ({ - connect: { ...policy.connect }, + connect: connectOptions, } satisfies ConstructorParameters[0]) : undefined, ), @@ -375,13 +395,13 @@ function formatErrorCodes(err: unknown): string { return codes.length > 0 ? codes.join(",") : "none"; } -function shouldRetryWithIpv4Fallback(err: unknown): boolean { - const ctx: Ipv4FallbackContext = { +function shouldUseTelegramTransportFallback(err: unknown): boolean { + const ctx: TelegramTransportFallbackContext = { message: err && typeof err === "object" && "message" in err ? String(err.message).toLowerCase() : "", codes: collectErrorCodes(err), }; - for (const rule of IPV4_FALLBACK_RULES) { + for (const rule of TELEGRAM_TRANSPORT_FALLBACK_RULES) { if (!rule.matches(ctx)) { return false; } @@ -389,18 +409,71 @@ function shouldRetryWithIpv4Fallback(err: unknown): boolean { return true; } -export function shouldRetryTelegramIpv4Fallback(err: unknown): boolean { - return shouldRetryWithIpv4Fallback(err); +export function shouldRetryTelegramTransportFallback(err: unknown): boolean { + return shouldUseTelegramTransportFallback(err); } -// Prefer wrapped fetch when available to normalize AbortSignal across runtimes. export type TelegramTransport = { fetch: typeof fetch; sourceFetch: typeof fetch; - pinnedDispatcherPolicy?: PinnedDispatcherPolicy; - fallbackPinnedDispatcherPolicy?: PinnedDispatcherPolicy; + dispatcherAttempts?: TelegramDispatcherAttempt[]; }; +function createTelegramTransportAttempts(params: { + defaultDispatcher: ReturnType; + allowFallback: boolean; + fallbackPolicy?: PinnedDispatcherPolicy; +}): TelegramTransportAttempt[] { + const attempts: TelegramTransportAttempt[] = [ + { + createDispatcher: () => params.defaultDispatcher.dispatcher, + exportAttempt: { dispatcherPolicy: params.defaultDispatcher.effectivePolicy }, + }, + ]; + + if (!params.allowFallback || !params.fallbackPolicy) { + return attempts; + } + const fallbackPolicy = params.fallbackPolicy; + + let ipv4Dispatcher: TelegramDispatcher | null = null; + attempts.push({ + createDispatcher: () => { + if (!ipv4Dispatcher) { + ipv4Dispatcher = createTelegramDispatcher(fallbackPolicy).dispatcher; + } + return ipv4Dispatcher; + }, + exportAttempt: { dispatcherPolicy: fallbackPolicy }, + logMessage: "fetch fallback: enabling sticky IPv4-only dispatcher", + }); + + if (TELEGRAM_FALLBACK_IPS.length === 0) { + return attempts; + } + + const fallbackIpPolicy: PinnedDispatcherPolicy = { + ...fallbackPolicy, + pinnedHostname: { + hostname: TELEGRAM_API_HOSTNAME, + addresses: [...TELEGRAM_FALLBACK_IPS], + }, + }; + let fallbackIpDispatcher: TelegramDispatcher | null = null; + attempts.push({ + createDispatcher: () => { + if (!fallbackIpDispatcher) { + fallbackIpDispatcher = createTelegramDispatcher(fallbackIpPolicy).dispatcher; + } + return fallbackIpDispatcher; + }, + exportAttempt: { dispatcherPolicy: fallbackIpPolicy }, + logMessage: "fetch fallback: DNS-resolved IP unreachable; trying alternative Telegram API IP", + }); + + return attempts; +} + export function resolveTelegramTransport( proxyFetch?: typeof fetch, options?: { network?: TelegramNetworkConfig }, @@ -424,7 +497,6 @@ export function resolveTelegramTransport( ? resolveWrappedFetch(proxyFetch) : undiciSourceFetch; const dnsResultOrder = normalizeDnsResultOrder(dnsDecision.value); - // Preserve fully caller-owned custom fetch implementations. if (proxyFetch && !explicitProxyUrl) { return { fetch: sourceFetch, sourceFetch }; } @@ -439,70 +511,75 @@ export function resolveTelegramTransport( }); const defaultDispatcher = createTelegramDispatcher(defaultDispatcherResolution.policy); const shouldBypassEnvProxy = shouldBypassEnvProxyForTelegramApi(); - const allowStickyIpv4Fallback = + const allowStickyFallback = defaultDispatcher.mode === "direct" || (defaultDispatcher.mode === "env-proxy" && shouldBypassEnvProxy); - const stickyShouldUseEnvProxy = defaultDispatcher.mode === "env-proxy"; - const fallbackPinnedDispatcherPolicy = allowStickyIpv4Fallback + const fallbackDispatcherPolicy = allowStickyFallback ? resolveTelegramDispatcherPolicy({ autoSelectFamily: false, dnsResultOrder: "ipv4first", - useEnvProxy: stickyShouldUseEnvProxy, + useEnvProxy: defaultDispatcher.mode === "env-proxy", forceIpv4: true, proxyUrl: explicitProxyUrl, }).policy : undefined; + const transportAttempts = createTelegramTransportAttempts({ + defaultDispatcher, + allowFallback: allowStickyFallback, + fallbackPolicy: fallbackDispatcherPolicy, + }); - let stickyIpv4FallbackEnabled = false; - let stickyIpv4Dispatcher: TelegramDispatcher | null = null; - const resolveStickyIpv4Dispatcher = () => { - if (!stickyIpv4Dispatcher) { - if (!fallbackPinnedDispatcherPolicy) { - return defaultDispatcher.dispatcher; - } - stickyIpv4Dispatcher = createTelegramDispatcher(fallbackPinnedDispatcherPolicy).dispatcher; - } - return stickyIpv4Dispatcher; - }; - + let stickyAttemptIndex = 0; const resolvedFetch = (async (input: RequestInfo | URL, init?: RequestInit) => { const callerProvidedDispatcher = Boolean( (init as RequestInitWithDispatcher | undefined)?.dispatcher, ); - const initialInit = withDispatcherIfMissing( - init, - stickyIpv4FallbackEnabled ? resolveStickyIpv4Dispatcher() : defaultDispatcher.dispatcher, - ); + const startIndex = Math.min(stickyAttemptIndex, transportAttempts.length - 1); + let err: unknown; + try { - return await sourceFetch(input, initialInit); - } catch (err) { - if (shouldRetryWithIpv4Fallback(err)) { - // Preserve caller-owned dispatchers on retry. - if (callerProvidedDispatcher) { - return sourceFetch(input, init ?? {}); - } - // Proxy routes should not arm sticky IPv4 mode; `family=4` would constrain - // proxy-connect behavior instead of Telegram endpoint selection. - if (!allowStickyIpv4Fallback) { - throw err; - } - if (!stickyIpv4FallbackEnabled) { - stickyIpv4FallbackEnabled = true; - log.warn( - `fetch fallback: enabling sticky IPv4-only dispatcher (codes=${formatErrorCodes(err)})`, - ); - } - return sourceFetch(input, withDispatcherIfMissing(init, resolveStickyIpv4Dispatcher())); - } + return await sourceFetch( + input, + withDispatcherIfMissing(init, transportAttempts[startIndex].createDispatcher()), + ); + } catch (caught) { + err = caught; + } + + if (!shouldUseTelegramTransportFallback(err)) { throw err; } + if (callerProvidedDispatcher) { + return sourceFetch(input, init ?? {}); + } + + for (let nextIndex = startIndex + 1; nextIndex < transportAttempts.length; nextIndex += 1) { + const nextAttempt = transportAttempts[nextIndex]; + if (nextAttempt.logMessage) { + log.warn(`${nextAttempt.logMessage} (codes=${formatErrorCodes(err)})`); + } + try { + const response = await sourceFetch( + input, + withDispatcherIfMissing(init, nextAttempt.createDispatcher()), + ); + stickyAttemptIndex = nextIndex; + return response; + } catch (caught) { + err = caught; + if (!shouldUseTelegramTransportFallback(err)) { + throw err; + } + } + } + + throw err; }) as typeof fetch; return { fetch: resolvedFetch, sourceFetch, - pinnedDispatcherPolicy: defaultDispatcher.effectivePolicy, - fallbackPinnedDispatcherPolicy, + dispatcherAttempts: transportAttempts.map((attempt) => attempt.exportAttempt), }; } diff --git a/extensions/telegram/src/format.ts b/extensions/telegram/src/format.ts index 0c1bec2a62a..a9a10965243 100644 --- a/extensions/telegram/src/format.ts +++ b/extensions/telegram/src/format.ts @@ -1,11 +1,11 @@ -import type { MarkdownTableMode } from "../../../src/config/types.base.js"; +import type { MarkdownTableMode } from "openclaw/plugin-sdk/config-runtime"; import { chunkMarkdownIR, markdownToIR, type MarkdownLinkSpan, type MarkdownIR, -} from "../../../src/markdown/ir.js"; -import { renderMarkdownWithMarkers } from "../../../src/markdown/render.js"; +} from "openclaw/plugin-sdk/text-runtime"; +import { renderMarkdownWithMarkers } from "openclaw/plugin-sdk/text-runtime"; export type TelegramFormattedChunk = { html: string; diff --git a/extensions/telegram/src/group-access.ts b/extensions/telegram/src/group-access.ts index b5c30979dbb..d4802a9f0cf 100644 --- a/extensions/telegram/src/group-access.ts +++ b/extensions/telegram/src/group-access.ts @@ -1,13 +1,13 @@ -import type { OpenClawConfig } from "../../../src/config/config.js"; -import type { ChannelGroupPolicy } from "../../../src/config/group-policy.js"; -import { resolveOpenProviderRuntimeGroupPolicy } from "../../../src/config/runtime-group-policy.js"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import type { ChannelGroupPolicy } from "openclaw/plugin-sdk/config-runtime"; +import { resolveOpenProviderRuntimeGroupPolicy } from "openclaw/plugin-sdk/config-runtime"; import type { TelegramAccountConfig, TelegramDirectConfig, TelegramGroupConfig, TelegramTopicConfig, -} from "../../../src/config/types.js"; -import { evaluateMatchedGroupAccessForPolicy } from "../../../src/plugin-sdk/group-access.js"; +} from "openclaw/plugin-sdk/config-runtime"; +import { evaluateMatchedGroupAccessForPolicy } from "openclaw/plugin-sdk/group-access"; import { isSenderAllowed, type NormalizedAllowFrom } from "./bot-access.js"; import { firstDefined } from "./bot-access.js"; diff --git a/extensions/telegram/src/group-config-helpers.ts b/extensions/telegram/src/group-config-helpers.ts index 5a60d116dd3..8c0f4652282 100644 --- a/extensions/telegram/src/group-config-helpers.ts +++ b/extensions/telegram/src/group-config-helpers.ts @@ -2,7 +2,7 @@ import type { TelegramDirectConfig, TelegramGroupConfig, TelegramTopicConfig, -} from "../../../src/config/types.js"; +} from "openclaw/plugin-sdk/config-runtime"; import { firstDefined } from "./bot-access.js"; export function resolveTelegramGroupPromptSettings(params: { diff --git a/extensions/telegram/src/group-migration.ts b/extensions/telegram/src/group-migration.ts index 0609fcf4b5a..95b4529e51f 100644 --- a/extensions/telegram/src/group-migration.ts +++ b/extensions/telegram/src/group-migration.ts @@ -1,6 +1,6 @@ -import type { OpenClawConfig } from "../../../src/config/config.js"; -import type { TelegramGroupConfig } from "../../../src/config/types.telegram.js"; -import { normalizeAccountId } from "../../../src/routing/session-key.js"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import type { TelegramGroupConfig } from "openclaw/plugin-sdk/config-runtime"; +import { normalizeAccountId } from "openclaw/plugin-sdk/routing"; type TelegramGroups = Record; diff --git a/extensions/telegram/src/inline-buttons.ts b/extensions/telegram/src/inline-buttons.ts index ead8068feba..5341f2d09f1 100644 --- a/extensions/telegram/src/inline-buttons.ts +++ b/extensions/telegram/src/inline-buttons.ts @@ -1,5 +1,5 @@ -import type { OpenClawConfig } from "../../../src/config/config.js"; -import type { TelegramInlineButtonsScope } from "../../../src/config/types.telegram.js"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import type { TelegramInlineButtonsScope } from "openclaw/plugin-sdk/config-runtime"; import { listTelegramAccountIds, resolveTelegramAccount } from "./accounts.js"; const DEFAULT_INLINE_BUTTONS_SCOPE: TelegramInlineButtonsScope = "allowlist"; diff --git a/extensions/telegram/src/lane-delivery-text-deliverer.ts b/extensions/telegram/src/lane-delivery-text-deliverer.ts index 08875329649..c99dc52661a 100644 --- a/extensions/telegram/src/lane-delivery-text-deliverer.ts +++ b/extensions/telegram/src/lane-delivery-text-deliverer.ts @@ -1,4 +1,4 @@ -import type { ReplyPayload } from "../../../src/auto-reply/types.js"; +import type { ReplyPayload } from "openclaw/plugin-sdk/reply-runtime"; import type { TelegramInlineButtons } from "./button-types.js"; import type { TelegramDraftStream } from "./draft-stream.js"; import { diff --git a/extensions/telegram/src/media-understanding.runtime.ts b/extensions/telegram/src/media-understanding.runtime.ts new file mode 100644 index 00000000000..3048178f06d --- /dev/null +++ b/extensions/telegram/src/media-understanding.runtime.ts @@ -0,0 +1,20 @@ +import { + describeImageWithModel as describeImageWithModelImpl, + transcribeFirstAudio as transcribeFirstAudioImpl, +} from "openclaw/plugin-sdk/media-runtime"; + +type DescribeImageWithModel = + typeof import("openclaw/plugin-sdk/media-runtime").describeImageWithModel; +type TranscribeFirstAudio = typeof import("openclaw/plugin-sdk/media-runtime").transcribeFirstAudio; + +export async function describeImageWithModel( + ...args: Parameters +): ReturnType { + return await describeImageWithModelImpl(...args); +} + +export async function transcribeFirstAudio( + ...args: Parameters +): ReturnType { + return await transcribeFirstAudioImpl(...args); +} diff --git a/extensions/telegram/src/monitor.test.ts b/extensions/telegram/src/monitor.test.ts index c4a898c5a6d..d75b01c4608 100644 --- a/extensions/telegram/src/monitor.test.ts +++ b/extensions/telegram/src/monitor.test.ts @@ -82,6 +82,12 @@ const { readTelegramUpdateOffsetSpy } = vi.hoisted(() => ({ const { startTelegramWebhookSpy } = vi.hoisted(() => ({ startTelegramWebhookSpy: vi.fn(async () => ({ server: { close: vi.fn() }, stop: vi.fn() })), })); +const { resolveTelegramTransportSpy } = vi.hoisted(() => ({ + resolveTelegramTransportSpy: vi.fn(() => ({ + fetch: globalThis.fetch, + sourceFetch: globalThis.fetch, + })), +})); type RunnerStub = { task: () => Promise; @@ -267,6 +273,10 @@ vi.mock("./webhook.js", () => ({ startTelegramWebhook: startTelegramWebhookSpy, })); +vi.mock("./fetch.js", () => ({ + resolveTelegramTransport: resolveTelegramTransportSpy, +})); + vi.mock("./update-offset-store.js", () => ({ readTelegramUpdateOffset: readTelegramUpdateOffsetSpy, writeTelegramUpdateOffset: vi.fn(async () => undefined), @@ -298,6 +308,10 @@ describe("monitorTelegramProvider (grammY)", () => { computeBackoff.mockClear(); sleepWithAbort.mockClear(); startTelegramWebhookSpy.mockClear(); + resolveTelegramTransportSpy.mockReset().mockImplementation(() => ({ + fetch: globalThis.fetch, + sourceFetch: globalThis.fetch, + })); registerUnhandledRejectionHandlerMock.mockClear(); resetUnhandledRejection(); createTelegramBotErrors.length = 0; @@ -499,6 +513,34 @@ describe("monitorTelegramProvider (grammY)", () => { expect(runSpy).toHaveBeenCalledTimes(2); }); + it("reuses the resolved transport across polling restarts", async () => { + vi.useFakeTimers({ shouldAdvanceTime: true }); + try { + const telegramTransport = { + fetch: globalThis.fetch, + sourceFetch: globalThis.fetch, + }; + resolveTelegramTransportSpy.mockReturnValueOnce(telegramTransport); + + const abort = new AbortController(); + mockRunOnceWithStalledPollingRunner(); + mockRunOnceAndAbort(abort); + + const monitor = monitorTelegramProvider({ token: "tok", abortSignal: abort.signal }); + await vi.waitFor(() => expect(createTelegramBotCalls.length).toBeGreaterThanOrEqual(1)); + + vi.advanceTimersByTime(120_000); + await monitor; + + expect(resolveTelegramTransportSpy).toHaveBeenCalledTimes(1); + expect(createTelegramBotCalls).toHaveLength(2); + expect(createTelegramBotCalls[0]?.telegramTransport).toBe(telegramTransport); + expect(createTelegramBotCalls[1]?.telegramTransport).toBe(telegramTransport); + } finally { + vi.useRealTimers(); + } + }); + it("aborts the active Telegram fetch when unhandled network rejection forces restart", async () => { const abort = new AbortController(); const { stop } = mockRunOnceWithStalledPollingRunner(); diff --git a/extensions/telegram/src/monitor.ts b/extensions/telegram/src/monitor.ts index 8620fb01c2b..e703266f0f0 100644 --- a/extensions/telegram/src/monitor.ts +++ b/extensions/telegram/src/monitor.ts @@ -1,14 +1,15 @@ import type { RunOptions } from "@grammyjs/runner"; -import { resolveAgentMaxConcurrent } from "../../../src/config/agent-limits.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { loadConfig } from "../../../src/config/config.js"; -import { waitForAbortSignal } from "../../../src/infra/abort-signal.js"; -import { formatErrorMessage } from "../../../src/infra/errors.js"; -import { registerUnhandledRejectionHandler } from "../../../src/infra/unhandled-rejections.js"; -import type { RuntimeEnv } from "../../../src/runtime.js"; +import { resolveAgentMaxConcurrent } from "openclaw/plugin-sdk/config-runtime"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { loadConfig } from "openclaw/plugin-sdk/config-runtime"; +import { formatErrorMessage } from "openclaw/plugin-sdk/infra-runtime"; +import { waitForAbortSignal } from "openclaw/plugin-sdk/runtime-env"; +import { registerUnhandledRejectionHandler } from "openclaw/plugin-sdk/runtime-env"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; import { resolveTelegramAccount } from "./accounts.js"; import { resolveTelegramAllowedUpdates } from "./allowed-updates.js"; import { TelegramExecApprovalHandler } from "./exec-approvals-handler.js"; +import { resolveTelegramTransport } from "./fetch.js"; import { isRecoverableTelegramNetworkError, isTelegramPollingNetworkError, @@ -178,6 +179,11 @@ export async function monitorTelegramProvider(opts: MonitorTelegramOpts = {}) { return; } + // Create transport once to preserve sticky IPv4 fallback state across polling restarts + const telegramTransport = resolveTelegramTransport(proxyFetch, { + network: account.config.network, + }); + pollingSession = new TelegramPollingSession({ token, config: cfg, @@ -189,6 +195,7 @@ export async function monitorTelegramProvider(opts: MonitorTelegramOpts = {}) { getLastUpdateId: () => lastUpdateId, persistUpdateId, log, + telegramTransport, }); await pollingSession.runUntilAbort(); } finally { diff --git a/extensions/telegram/src/network-config.ts b/extensions/telegram/src/network-config.ts index 81156ce67ac..a37a8656203 100644 --- a/extensions/telegram/src/network-config.ts +++ b/extensions/telegram/src/network-config.ts @@ -1,7 +1,7 @@ import process from "node:process"; -import type { TelegramNetworkConfig } from "../../../src/config/types.telegram.js"; -import { isTruthyEnvValue } from "../../../src/infra/env.js"; -import { isWSL2Sync } from "../../../src/infra/wsl.js"; +import type { TelegramNetworkConfig } from "openclaw/plugin-sdk/config-runtime"; +import { isTruthyEnvValue } from "openclaw/plugin-sdk/infra-runtime"; +import { isWSL2Sync } from "openclaw/plugin-sdk/infra-runtime"; export const TELEGRAM_DISABLE_AUTO_SELECT_FAMILY_ENV = "OPENCLAW_TELEGRAM_DISABLE_AUTO_SELECT_FAMILY"; diff --git a/extensions/telegram/src/network-errors.ts b/extensions/telegram/src/network-errors.ts index 59753f9d8c1..1e7c8523767 100644 --- a/extensions/telegram/src/network-errors.ts +++ b/extensions/telegram/src/network-errors.ts @@ -3,7 +3,7 @@ import { extractErrorCode, formatErrorMessage, readErrorName, -} from "../../../src/infra/errors.js"; +} from "openclaw/plugin-sdk/infra-runtime"; const TELEGRAM_NETWORK_ORIGIN = Symbol("openclaw.telegram.network-origin"); diff --git a/extensions/telegram/src/outbound-adapter.ts b/extensions/telegram/src/outbound-adapter.ts index 25bd2329ed7..1b12c5203a1 100644 --- a/extensions/telegram/src/outbound-adapter.ts +++ b/extensions/telegram/src/outbound-adapter.ts @@ -1,14 +1,11 @@ -import type { ReplyPayload } from "../../../src/auto-reply/types.js"; import { resolvePayloadMediaUrls, sendPayloadMediaSequence, -} from "../../../src/channels/plugins/outbound/direct-text-media.js"; -import type { ChannelOutboundAdapter } from "../../../src/channels/plugins/types.js"; -import { - resolveOutboundSendDep, - type OutboundSendDeps, -} from "../../../src/infra/outbound/send-deps.js"; -import { resolveInteractiveTextFallback } from "../../../src/interactive/payload.js"; +} from "openclaw/plugin-sdk/channel-runtime"; +import type { ChannelOutboundAdapter } from "openclaw/plugin-sdk/channel-runtime"; +import { resolveOutboundSendDep, type OutboundSendDeps } from "openclaw/plugin-sdk/channel-runtime"; +import { resolveInteractiveTextFallback } from "openclaw/plugin-sdk/channel-runtime"; +import type { ReplyPayload } from "openclaw/plugin-sdk/reply-runtime"; import type { TelegramInlineButtons } from "./button-types.js"; import { resolveTelegramInlineButtons } from "./button-types.js"; import { markdownToTelegramHtmlChunks } from "./format.js"; diff --git a/extensions/telegram/src/polling-session.ts b/extensions/telegram/src/polling-session.ts index 5506ce4e434..59cbec7d589 100644 --- a/extensions/telegram/src/polling-session.ts +++ b/extensions/telegram/src/polling-session.ts @@ -1,9 +1,10 @@ import { type RunOptions, run } from "@grammyjs/runner"; -import { computeBackoff, sleepWithAbort } from "../../../src/infra/backoff.js"; -import { formatErrorMessage } from "../../../src/infra/errors.js"; -import { formatDurationPrecise } from "../../../src/infra/format-time/format-duration.ts"; +import { computeBackoff, sleepWithAbort } from "openclaw/plugin-sdk/infra-runtime"; +import { formatErrorMessage } from "openclaw/plugin-sdk/infra-runtime"; +import { formatDurationPrecise } from "openclaw/plugin-sdk/infra-runtime"; import { withTelegramApiErrorLogging } from "./api-logging.js"; import { createTelegramBot } from "./bot.js"; +import { type TelegramTransport } from "./fetch.js"; import { isRecoverableTelegramNetworkError } from "./network-errors.js"; const TELEGRAM_POLL_RESTART_POLICY = { @@ -47,6 +48,8 @@ type TelegramPollingSessionOpts = { getLastUpdateId: () => number | null; persistUpdateId: (updateId: number) => Promise; log: (line: string) => void; + /** Pre-resolved Telegram transport to reuse across bot instances */ + telegramTransport?: TelegramTransport; }; export class TelegramPollingSession { @@ -135,6 +138,7 @@ export class TelegramPollingSession { lastUpdateId: this.opts.getLastUpdateId(), onUpdateId: this.opts.persistUpdateId, }, + telegramTransport: this.opts.telegramTransport, }); } catch (err) { await this.#waitBeforeRetryOnRecoverableSetupError(err, "Telegram setup network error"); diff --git a/extensions/telegram/src/probe.test.ts b/extensions/telegram/src/probe.test.ts index 23a2051cfa0..da6f86f9b80 100644 --- a/extensions/telegram/src/probe.test.ts +++ b/extensions/telegram/src/probe.test.ts @@ -1,5 +1,5 @@ import { afterEach, type Mock, describe, expect, it, vi } from "vitest"; -import { withFetchPreconnect } from "../../../src/test-utils/fetch-mock.js"; +import { withFetchPreconnect } from "../../../test/helpers/extensions/fetch-mock.js"; import { probeTelegram, resetTelegramProbeFetcherCacheForTests } from "./probe.js"; const resolveTelegramFetch = vi.hoisted(() => vi.fn()); diff --git a/extensions/telegram/src/probe.ts b/extensions/telegram/src/probe.ts index 8a12161470a..660b9c9fb62 100644 --- a/extensions/telegram/src/probe.ts +++ b/extensions/telegram/src/probe.ts @@ -1,6 +1,6 @@ -import type { BaseProbeResult } from "../../../src/channels/plugins/types.js"; -import type { TelegramNetworkConfig } from "../../../src/config/types.telegram.js"; -import { fetchWithTimeout } from "../../../src/utils/fetch-timeout.js"; +import type { BaseProbeResult } from "openclaw/plugin-sdk/channel-runtime"; +import type { TelegramNetworkConfig } from "openclaw/plugin-sdk/telegram"; +import { fetchWithTimeout } from "openclaw/plugin-sdk/text-runtime"; import { resolveTelegramFetch } from "./fetch.js"; import { makeProxyFetch } from "./proxy.js"; diff --git a/extensions/telegram/src/proxy.ts b/extensions/telegram/src/proxy.ts index d74710c9cbd..1a06877b90f 100644 --- a/extensions/telegram/src/proxy.ts +++ b/extensions/telegram/src/proxy.ts @@ -1 +1 @@ -export { getProxyUrlFromFetch, makeProxyFetch } from "../../../src/infra/net/proxy-fetch.js"; +export { getProxyUrlFromFetch, makeProxyFetch } from "openclaw/plugin-sdk/infra-runtime"; diff --git a/extensions/telegram/src/reaction-level.ts b/extensions/telegram/src/reaction-level.ts index 4597ce0602e..3f33277d19a 100644 --- a/extensions/telegram/src/reaction-level.ts +++ b/extensions/telegram/src/reaction-level.ts @@ -1,9 +1,9 @@ -import type { OpenClawConfig } from "../../../src/config/config.js"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; import { resolveReactionLevel, type ReactionLevel, type ResolvedReactionLevel as BaseResolvedReactionLevel, -} from "../../../src/utils/reaction-level.js"; +} from "openclaw/plugin-sdk/text-runtime"; import { resolveTelegramAccount } from "./accounts.js"; export type TelegramReactionLevel = ReactionLevel; diff --git a/extensions/telegram/src/reasoning-lane-coordinator.ts b/extensions/telegram/src/reasoning-lane-coordinator.ts index 4bc0da94dfe..a4e414a6727 100644 --- a/extensions/telegram/src/reasoning-lane-coordinator.ts +++ b/extensions/telegram/src/reasoning-lane-coordinator.ts @@ -1,7 +1,7 @@ -import { formatReasoningMessage } from "../../../src/agents/pi-embedded-utils.js"; -import type { ReplyPayload } from "../../../src/auto-reply/types.js"; -import { findCodeRegions, isInsideCode } from "../../../src/shared/text/code-regions.js"; -import { stripReasoningTagsFromText } from "../../../src/shared/text/reasoning-tags.js"; +import { formatReasoningMessage } from "openclaw/plugin-sdk/agent-runtime"; +import type { ReplyPayload } from "openclaw/plugin-sdk/reply-runtime"; +import { findCodeRegions, isInsideCode } from "openclaw/plugin-sdk/text-runtime"; +import { stripReasoningTagsFromText } from "openclaw/plugin-sdk/text-runtime"; const REASONING_MESSAGE_PREFIX = "Reasoning:\n"; const REASONING_TAG_PREFIXES = [ diff --git a/extensions/telegram/src/runtime.ts b/extensions/telegram/src/runtime.ts index d4e15f463d9..1cc0c75b5dc 100644 --- a/extensions/telegram/src/runtime.ts +++ b/extensions/telegram/src/runtime.ts @@ -1,5 +1,5 @@ -import { createPluginRuntimeStore } from "openclaw/plugin-sdk/compat"; import type { PluginRuntime } from "openclaw/plugin-sdk/core"; +import { createPluginRuntimeStore } from "openclaw/plugin-sdk/runtime-store"; const { setRuntime: setTelegramRuntime, getRuntime: getTelegramRuntime } = createPluginRuntimeStore("Telegram runtime not initialized"); diff --git a/extensions/telegram/src/send.test-harness.ts b/extensions/telegram/src/send.test-harness.ts index 604a7d27dd1..28ad1e6bb0a 100644 --- a/extensions/telegram/src/send.test-harness.ts +++ b/extensions/telegram/src/send.test-harness.ts @@ -1,5 +1,5 @@ +import type { MockFn } from "openclaw/plugin-sdk/testing"; import { beforeEach, vi } from "vitest"; -import type { MockFn } from "../../../src/test-utils/vitest-mock-fn.js"; const { botApi, botCtorSpy } = vi.hoisted(() => ({ botApi: { @@ -44,7 +44,7 @@ type TelegramSendTestMocks = { maybePersistResolvedTelegramTarget: MockFn; }; -vi.mock("../../whatsapp/src/media.js", () => ({ +vi.mock("openclaw/plugin-sdk/web-media", () => ({ loadWebMedia, })); @@ -61,11 +61,19 @@ vi.mock("grammy", () => ({ botCtorSpy(token, options); } }, + HttpError: class HttpError extends Error { + constructor( + message = "HttpError", + public error?: unknown, + ) { + super(message); + } + }, InputFile: class {}, })); -vi.mock("../../../src/config/config.js", async (importOriginal) => { - const actual = await importOriginal(); +vi.mock("openclaw/plugin-sdk/config-runtime", async (importOriginal) => { + const actual = await importOriginal(); return { ...actual, loadConfig, @@ -94,5 +102,6 @@ export function installTelegramSendTestHooks() { } export async function importTelegramSendModule() { + vi.resetModules(); return await import("./send.js"); } diff --git a/extensions/telegram/src/send.ts b/extensions/telegram/src/send.ts index b215be835e8..ec824d88ec7 100644 --- a/extensions/telegram/src/send.ts +++ b/extensions/telegram/src/send.ts @@ -5,21 +5,21 @@ import type { ReactionTypeEmoji, } from "@grammyjs/types"; import { type ApiClientOptions, Bot, HttpError, InputFile } from "grammy"; -import { loadConfig } from "../../../src/config/config.js"; -import { resolveMarkdownTableMode } from "../../../src/config/markdown-tables.js"; -import { logVerbose } from "../../../src/globals.js"; -import { recordChannelActivity } from "../../../src/infra/channel-activity.js"; -import { isDiagnosticFlagEnabled } from "../../../src/infra/diagnostic-flags.js"; -import { formatErrorMessage, formatUncaughtError } from "../../../src/infra/errors.js"; -import { createTelegramRetryRunner } from "../../../src/infra/retry-policy.js"; -import type { RetryConfig } from "../../../src/infra/retry.js"; -import { redactSensitiveText } from "../../../src/logging/redact.js"; -import { createSubsystemLogger } from "../../../src/logging/subsystem.js"; -import type { MediaKind } from "../../../src/media/constants.js"; -import { buildOutboundMediaLoadOptions } from "../../../src/media/load-options.js"; -import { isGifMedia, kindFromMime } from "../../../src/media/mime.js"; -import { normalizePollInput, type PollInput } from "../../../src/polls.js"; -import { loadWebMedia } from "../../whatsapp/src/media.js"; +import { loadConfig } from "openclaw/plugin-sdk/config-runtime"; +import { resolveMarkdownTableMode } from "openclaw/plugin-sdk/config-runtime"; +import { recordChannelActivity } from "openclaw/plugin-sdk/infra-runtime"; +import { isDiagnosticFlagEnabled } from "openclaw/plugin-sdk/infra-runtime"; +import { formatErrorMessage, formatUncaughtError } from "openclaw/plugin-sdk/infra-runtime"; +import { createTelegramRetryRunner } from "openclaw/plugin-sdk/infra-runtime"; +import type { RetryConfig } from "openclaw/plugin-sdk/infra-runtime"; +import type { MediaKind } from "openclaw/plugin-sdk/media-runtime"; +import { buildOutboundMediaLoadOptions } from "openclaw/plugin-sdk/media-runtime"; +import { isGifMedia, kindFromMime } from "openclaw/plugin-sdk/media-runtime"; +import { normalizePollInput, type PollInput } from "openclaw/plugin-sdk/media-runtime"; +import { logVerbose } from "openclaw/plugin-sdk/runtime-env"; +import { createSubsystemLogger } from "openclaw/plugin-sdk/runtime-env"; +import { redactSensitiveText } from "openclaw/plugin-sdk/text-runtime"; +import { loadWebMedia } from "openclaw/plugin-sdk/web-media"; import { type ResolvedTelegramAccount, resolveTelegramAccount } from "./accounts.js"; import { withTelegramApiErrorLogging } from "./api-logging.js"; import { buildTelegramThreadParams, buildTypingThreadParams } from "./bot/helpers.js"; diff --git a/extensions/telegram/src/sendchataction-401-backoff.ts b/extensions/telegram/src/sendchataction-401-backoff.ts index 72ac8690403..0c9865eb2b3 100644 --- a/extensions/telegram/src/sendchataction-401-backoff.ts +++ b/extensions/telegram/src/sendchataction-401-backoff.ts @@ -1,4 +1,8 @@ -import { computeBackoff, sleepWithAbort, type BackoffPolicy } from "../../../src/infra/backoff.js"; +import { + computeBackoff, + sleepWithAbort, + type BackoffPolicy, +} from "openclaw/plugin-sdk/infra-runtime"; export type TelegramSendChatActionLogger = (message: string) => void; diff --git a/extensions/telegram/src/sent-message-cache.ts b/extensions/telegram/src/sent-message-cache.ts index 49a6ab4c3d9..bb48bce3c0f 100644 --- a/extensions/telegram/src/sent-message-cache.ts +++ b/extensions/telegram/src/sent-message-cache.ts @@ -1,4 +1,4 @@ -import { resolveGlobalMap } from "../../../src/shared/global-singleton.js"; +import { resolveGlobalMap } from "openclaw/plugin-sdk/text-runtime"; /** * In-memory cache of sent message IDs per chat. diff --git a/extensions/telegram/src/sequential-key.ts b/extensions/telegram/src/sequential-key.ts index 334c18dc485..5309a88a32c 100644 --- a/extensions/telegram/src/sequential-key.ts +++ b/extensions/telegram/src/sequential-key.ts @@ -1,6 +1,6 @@ import { type Message, type UserFromGetMe } from "@grammyjs/types"; -import { isAbortRequestText } from "../../../src/auto-reply/reply/abort.js"; -import { isBtwRequestText } from "../../../src/auto-reply/reply/btw-command.js"; +import { isAbortRequestText } from "openclaw/plugin-sdk/reply-runtime"; +import { isBtwRequestText } from "openclaw/plugin-sdk/reply-runtime"; import { resolveTelegramForumThreadId } from "./bot/helpers.js"; export type TelegramSequentialKeyContext = { diff --git a/extensions/telegram/src/setup-core.ts b/extensions/telegram/src/setup-core.ts index dedf2ca8527..afc302500bf 100644 --- a/extensions/telegram/src/setup-core.ts +++ b/extensions/telegram/src/setup-core.ts @@ -1,16 +1,14 @@ import { - applyAccountNameToChannelSection, - migrateBaseNameToDefaultAccount, -} from "../../../src/channels/plugins/setup-helpers.js"; -import { + createEnvPatchedAccountSetupAdapter, + DEFAULT_ACCOUNT_ID, patchChannelConfigForAccount, + promptResolvedAllowFrom, splitSetupEntries, -} from "../../../src/channels/plugins/setup-wizard-helpers.js"; -import type { ChannelSetupAdapter } from "../../../src/channels/plugins/types.adapters.js"; -import { formatCliCommand } from "../../../src/cli/command-format.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js"; -import { formatDocsLink } from "../../../src/terminal/links.js"; + type OpenClawConfig, + type WizardPrompter, +} from "openclaw/plugin-sdk/setup"; +import type { ChannelSetupAdapter, ChannelSetupDmPolicy } from "openclaw/plugin-sdk/setup"; +import { formatCliCommand, formatDocsLink } from "openclaw/plugin-sdk/setup-tools"; import { resolveDefaultTelegramAccountId, resolveTelegramAccount } from "./accounts.js"; import { fetchTelegramChatId } from "./api-fetch.js"; @@ -71,11 +69,7 @@ export async function resolveTelegramAllowFromEntries(params: { export async function promptTelegramAllowFromForAccount(params: { cfg: OpenClawConfig; - prompter: Parameters< - NonNullable< - import("../../../src/channels/plugins/setup-wizard-types.js").ChannelSetupDmPolicy["promptAllowFrom"] - > - >[0]["prompter"]; + prompter: WizardPrompter; accountId?: string; }) { const accountId = params.accountId ?? resolveDefaultTelegramAccountId(params.cfg); @@ -87,8 +81,6 @@ export async function promptTelegramAllowFromForAccount(params: { "Telegram", ); } - const { promptResolvedAllowFrom } = - await import("../../../src/channels/plugins/setup-wizard-helpers.runtime.js"); const unique = await promptResolvedAllowFrom({ prompter: params.prompter, existing: resolved.config.allowFrom ?? [], @@ -114,78 +106,11 @@ export async function promptTelegramAllowFromForAccount(params: { }); } -export const telegramSetupAdapter: ChannelSetupAdapter = { - resolveAccountId: ({ accountId }) => normalizeAccountId(accountId), - applyAccountName: ({ cfg, accountId, name }) => - applyAccountNameToChannelSection({ - cfg, - channelKey: channel, - accountId, - name, - }), - validateInput: ({ accountId, input }) => { - if (input.useEnv && accountId !== DEFAULT_ACCOUNT_ID) { - return "TELEGRAM_BOT_TOKEN can only be used for the default account."; - } - if (!input.useEnv && !input.token && !input.tokenFile) { - return "Telegram requires token or --token-file (or --use-env)."; - } - return null; - }, - applyAccountConfig: ({ cfg, accountId, input }) => { - const namedConfig = applyAccountNameToChannelSection({ - cfg, - channelKey: channel, - accountId, - name: input.name, - }); - const next = - accountId !== DEFAULT_ACCOUNT_ID - ? migrateBaseNameToDefaultAccount({ - cfg: namedConfig, - channelKey: channel, - }) - : namedConfig; - if (accountId === DEFAULT_ACCOUNT_ID) { - return { - ...next, - channels: { - ...next.channels, - telegram: { - ...next.channels?.telegram, - enabled: true, - ...(input.useEnv - ? {} - : input.tokenFile - ? { tokenFile: input.tokenFile } - : input.token - ? { botToken: input.token } - : {}), - }, - }, - }; - } - return { - ...next, - channels: { - ...next.channels, - telegram: { - ...next.channels?.telegram, - enabled: true, - accounts: { - ...next.channels?.telegram?.accounts, - [accountId]: { - ...next.channels?.telegram?.accounts?.[accountId], - enabled: true, - ...(input.tokenFile - ? { tokenFile: input.tokenFile } - : input.token - ? { botToken: input.token } - : {}), - }, - }, - }, - }, - }; - }, -}; +export const telegramSetupAdapter: ChannelSetupAdapter = createEnvPatchedAccountSetupAdapter({ + channelKey: channel, + defaultAccountOnlyEnvError: "TELEGRAM_BOT_TOKEN can only be used for the default account.", + missingCredentialError: "Telegram requires token or --token-file (or --use-env).", + hasCredentials: (input) => Boolean(input.token || input.tokenFile), + buildPatch: (input) => + input.tokenFile ? { tokenFile: input.tokenFile } : input.token ? { botToken: input.token } : {}, +}); diff --git a/extensions/telegram/src/setup-surface.ts b/extensions/telegram/src/setup-surface.ts index d0f122af174..934fa0688e9 100644 --- a/extensions/telegram/src/setup-surface.ts +++ b/extensions/telegram/src/setup-surface.ts @@ -1,14 +1,13 @@ import { + DEFAULT_ACCOUNT_ID, + hasConfiguredSecretInput, + type OpenClawConfig, patchChannelConfigForAccount, setChannelDmPolicyWithAllowFrom, setSetupChannelEnabled, splitSetupEntries, -} from "../../../src/channels/plugins/setup-wizard-helpers.js"; -import { type ChannelSetupDmPolicy } from "../../../src/channels/plugins/setup-wizard-types.js"; -import { type ChannelSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { hasConfiguredSecretInput } from "../../../src/config/types.secrets.js"; -import { DEFAULT_ACCOUNT_ID } from "../../../src/routing/session-key.js"; +} from "openclaw/plugin-sdk/setup"; +import type { ChannelSetupDmPolicy, ChannelSetupWizard } from "openclaw/plugin-sdk/setup"; import { inspectTelegramAccount } from "./account-inspect.js"; import { listTelegramAccountIds, resolveTelegramAccount } from "./accounts.js"; import { diff --git a/extensions/telegram/src/shared.ts b/extensions/telegram/src/shared.ts new file mode 100644 index 00000000000..2a6fbf41d0b --- /dev/null +++ b/extensions/telegram/src/shared.ts @@ -0,0 +1,137 @@ +import { formatAllowFromLowercase } from "openclaw/plugin-sdk/allow-from"; +import { + createScopedAccountConfigAccessors, + createScopedChannelConfigBase, +} from "openclaw/plugin-sdk/channel-config-helpers"; +import { + buildChannelConfigSchema, + getChatChannelMeta, + normalizeAccountId, + TelegramConfigSchema, + type ChannelPlugin, + type OpenClawConfig, +} from "openclaw/plugin-sdk/telegram-core"; +import { inspectTelegramAccount } from "./account-inspect.js"; +import { + listTelegramAccountIds, + resolveDefaultTelegramAccountId, + resolveTelegramAccount, + type ResolvedTelegramAccount, +} from "./accounts.js"; + +export const TELEGRAM_CHANNEL = "telegram" as const; + +export function findTelegramTokenOwnerAccountId(params: { + cfg: OpenClawConfig; + accountId: string; +}): string | null { + const normalizedAccountId = normalizeAccountId(params.accountId); + const tokenOwners = new Map(); + for (const id of listTelegramAccountIds(params.cfg)) { + const account = inspectTelegramAccount({ cfg: params.cfg, accountId: id }); + const token = (account.token ?? "").trim(); + if (!token) { + continue; + } + const ownerAccountId = tokenOwners.get(token); + if (!ownerAccountId) { + tokenOwners.set(token, account.accountId); + continue; + } + if (account.accountId === normalizedAccountId) { + return ownerAccountId; + } + } + return null; +} + +export function formatDuplicateTelegramTokenReason(params: { + accountId: string; + ownerAccountId: string; +}): string { + return ( + `Duplicate Telegram bot token: account "${params.accountId}" shares a token with ` + + `account "${params.ownerAccountId}". Keep one owner account per bot token.` + ); +} + +export const telegramConfigAccessors = createScopedAccountConfigAccessors({ + resolveAccount: ({ cfg, accountId }) => resolveTelegramAccount({ cfg, accountId }), + resolveAllowFrom: (account: ResolvedTelegramAccount) => account.config.allowFrom, + formatAllowFrom: (allowFrom) => + formatAllowFromLowercase({ allowFrom, stripPrefixRe: /^(telegram|tg):/i }), + resolveDefaultTo: (account: ResolvedTelegramAccount) => account.config.defaultTo, +}); + +export const telegramConfigBase = createScopedChannelConfigBase({ + sectionKey: TELEGRAM_CHANNEL, + listAccountIds: listTelegramAccountIds, + resolveAccount: (cfg, accountId) => resolveTelegramAccount({ cfg, accountId }), + inspectAccount: (cfg, accountId) => inspectTelegramAccount({ cfg, accountId }), + defaultAccountId: resolveDefaultTelegramAccountId, + clearBaseFields: ["botToken", "tokenFile", "name"], +}); + +export function createTelegramPluginBase(params: { + setupWizard: NonNullable["setupWizard"]>; + setup: NonNullable["setup"]>; +}): Pick< + ChannelPlugin, + "id" | "meta" | "setupWizard" | "capabilities" | "reload" | "configSchema" | "config" | "setup" +> { + return { + id: TELEGRAM_CHANNEL, + meta: { + ...getChatChannelMeta(TELEGRAM_CHANNEL), + quickstartAllowFrom: true, + }, + setupWizard: params.setupWizard, + capabilities: { + chatTypes: ["direct", "group", "channel", "thread"], + reactions: true, + threads: true, + media: true, + polls: true, + nativeCommands: true, + blockStreaming: true, + }, + reload: { configPrefixes: ["channels.telegram"] }, + configSchema: buildChannelConfigSchema(TelegramConfigSchema), + config: { + ...telegramConfigBase, + isConfigured: (account, cfg) => { + if (!account.token?.trim()) { + return false; + } + return !findTelegramTokenOwnerAccountId({ cfg, accountId: account.accountId }); + }, + unconfiguredReason: (account, cfg) => { + if (!account.token?.trim()) { + return "not configured"; + } + const ownerAccountId = findTelegramTokenOwnerAccountId({ + cfg, + accountId: account.accountId, + }); + if (!ownerAccountId) { + return "not configured"; + } + return formatDuplicateTelegramTokenReason({ + accountId: account.accountId, + ownerAccountId, + }); + }, + describeAccount: (account, cfg) => ({ + accountId: account.accountId, + name: account.name, + enabled: account.enabled, + configured: + Boolean(account.token?.trim()) && + !findTelegramTokenOwnerAccountId({ cfg, accountId: account.accountId }), + tokenSource: account.tokenSource, + }), + ...telegramConfigAccessors, + }, + setup: params.setup, + }; +} diff --git a/extensions/telegram/src/status-issues.ts b/extensions/telegram/src/status-issues.ts index b970f533dd0..0178c0c7346 100644 --- a/extensions/telegram/src/status-issues.ts +++ b/extensions/telegram/src/status-issues.ts @@ -3,11 +3,11 @@ import { asString, isRecord, resolveEnabledConfiguredAccountId, -} from "../../../src/channels/plugins/status-issues/shared.js"; +} from "openclaw/plugin-sdk/channel-runtime"; import type { ChannelAccountSnapshot, ChannelStatusIssue, -} from "../../../src/channels/plugins/types.js"; +} from "openclaw/plugin-sdk/channel-runtime"; type TelegramAccountStatus = { accountId?: unknown; diff --git a/extensions/telegram/src/status-reaction-variants.ts b/extensions/telegram/src/status-reaction-variants.ts index 6c5c80e9fd8..8c04a87554e 100644 --- a/extensions/telegram/src/status-reaction-variants.ts +++ b/extensions/telegram/src/status-reaction-variants.ts @@ -1,7 +1,4 @@ -import { - DEFAULT_EMOJIS, - type StatusReactionEmojis, -} from "../../../src/channels/status-reactions.js"; +import { DEFAULT_EMOJIS, type StatusReactionEmojis } from "openclaw/plugin-sdk/channel-runtime"; type StatusReactionEmojiKey = keyof Required; diff --git a/extensions/telegram/src/sticker-cache.test.ts b/extensions/telegram/src/sticker-cache.test.ts index 219ce421e62..75a1db8725d 100644 --- a/extensions/telegram/src/sticker-cache.test.ts +++ b/extensions/telegram/src/sticker-cache.test.ts @@ -1,44 +1,49 @@ import fs from "node:fs"; import path from "node:path"; import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; -import { - cacheSticker, - getAllCachedStickers, - getCachedSticker, - getCacheStats, - searchStickers, -} from "./sticker-cache.js"; -// Mock the state directory to use a temp location -vi.mock("../../../src/config/paths.js", async (importOriginal) => { - const actual = await importOriginal(); - return { - ...actual, - STATE_DIR: "/tmp/openclaw-test-sticker-cache", - }; -}); +vi.mock("openclaw/plugin-sdk/agent-runtime", () => ({ + resolveApiKeyForProvider: vi.fn(), + findModelInCatalog: vi.fn(), + loadModelCatalog: vi.fn(async () => []), + modelSupportsVision: vi.fn(() => false), + resolveDefaultModelForAgent: vi.fn(() => ({ provider: "openai", model: "gpt-5.2" })), +})); + +vi.mock("openclaw/plugin-sdk/media-runtime", () => ({ + AUTO_IMAGE_KEY_PROVIDERS: ["openai"], + DEFAULT_IMAGE_MODELS: { openai: "gpt-4.1-mini" }, + resolveAutoImageModel: vi.fn(async () => null), +})); + +vi.mock("openclaw/plugin-sdk/media-understanding-runtime", () => ({ + describeImageFileWithModel: vi.fn(), +})); const TEST_CACHE_DIR = "/tmp/openclaw-test-sticker-cache/telegram"; const TEST_CACHE_FILE = path.join(TEST_CACHE_DIR, "sticker-cache.json"); +type StickerCacheModule = typeof import("./sticker-cache.js"); + +let stickerCache: StickerCacheModule; + describe("sticker-cache", () => { - beforeEach(() => { - // Clean up before each test - if (fs.existsSync(TEST_CACHE_FILE)) { - fs.unlinkSync(TEST_CACHE_FILE); - } + beforeEach(async () => { + process.env.OPENCLAW_STATE_DIR = "/tmp/openclaw-test-sticker-cache"; + fs.rmSync("/tmp/openclaw-test-sticker-cache", { recursive: true, force: true }); + fs.mkdirSync(TEST_CACHE_DIR, { recursive: true }); + vi.resetModules(); + stickerCache = await import("./sticker-cache.js"); }); afterEach(() => { - // Clean up after each test - if (fs.existsSync(TEST_CACHE_FILE)) { - fs.unlinkSync(TEST_CACHE_FILE); - } + fs.rmSync("/tmp/openclaw-test-sticker-cache", { recursive: true, force: true }); + delete process.env.OPENCLAW_STATE_DIR; }); describe("getCachedSticker", () => { it("returns null for unknown ID", () => { - const result = getCachedSticker("unknown-id"); + const result = stickerCache.getCachedSticker("unknown-id"); expect(result).toBeNull(); }); @@ -52,8 +57,8 @@ describe("sticker-cache", () => { cachedAt: "2026-01-26T12:00:00.000Z", }; - cacheSticker(sticker); - const result = getCachedSticker("unique123"); + stickerCache.cacheSticker(sticker); + const result = stickerCache.getCachedSticker("unique123"); expect(result).toEqual(sticker); }); @@ -66,13 +71,13 @@ describe("sticker-cache", () => { cachedAt: "2026-01-26T12:00:00.000Z", }; - cacheSticker(sticker); - expect(getCachedSticker("unique123")).not.toBeNull(); + stickerCache.cacheSticker(sticker); + expect(stickerCache.getCachedSticker("unique123")).not.toBeNull(); // Manually clear the cache file - fs.unlinkSync(TEST_CACHE_FILE); + fs.rmSync(TEST_CACHE_FILE, { force: true }); - expect(getCachedSticker("unique123")).toBeNull(); + expect(stickerCache.getCachedSticker("unique123")).toBeNull(); }); }); @@ -85,9 +90,9 @@ describe("sticker-cache", () => { cachedAt: "2026-01-26T12:00:00.000Z", }; - cacheSticker(sticker); + stickerCache.cacheSticker(sticker); - const all = getAllCachedStickers(); + const all = stickerCache.getAllCachedStickers(); expect(all).toHaveLength(1); expect(all[0]).toEqual(sticker); }); @@ -106,10 +111,10 @@ describe("sticker-cache", () => { cachedAt: "2026-01-26T13:00:00.000Z", }; - cacheSticker(original); - cacheSticker(updated); + stickerCache.cacheSticker(original); + stickerCache.cacheSticker(updated); - const result = getCachedSticker("unique789"); + const result = stickerCache.getCachedSticker("unique789"); expect(result?.description).toBe("Updated description"); expect(result?.fileId).toBe("file789-new"); }); @@ -118,7 +123,7 @@ describe("sticker-cache", () => { describe("searchStickers", () => { beforeEach(() => { // Seed cache with test stickers - cacheSticker({ + stickerCache.cacheSticker({ fileId: "fox1", fileUniqueId: "fox-unique-1", emoji: "🦊", @@ -126,7 +131,7 @@ describe("sticker-cache", () => { description: "A cute orange fox waving hello", cachedAt: "2026-01-26T10:00:00.000Z", }); - cacheSticker({ + stickerCache.cacheSticker({ fileId: "fox2", fileUniqueId: "fox-unique-2", emoji: "🦊", @@ -134,7 +139,7 @@ describe("sticker-cache", () => { description: "A fox sleeping peacefully", cachedAt: "2026-01-26T11:00:00.000Z", }); - cacheSticker({ + stickerCache.cacheSticker({ fileId: "cat1", fileUniqueId: "cat-unique-1", emoji: "🐱", @@ -142,7 +147,7 @@ describe("sticker-cache", () => { description: "A cat sitting on a keyboard", cachedAt: "2026-01-26T12:00:00.000Z", }); - cacheSticker({ + stickerCache.cacheSticker({ fileId: "dog1", fileUniqueId: "dog-unique-1", emoji: "🐶", @@ -153,47 +158,47 @@ describe("sticker-cache", () => { }); it("finds stickers by description substring", () => { - const results = searchStickers("fox"); + const results = stickerCache.searchStickers("fox"); expect(results).toHaveLength(2); expect(results.every((s) => s.description.toLowerCase().includes("fox"))).toBe(true); }); it("finds stickers by emoji", () => { - const results = searchStickers("🦊"); + const results = stickerCache.searchStickers("🦊"); expect(results).toHaveLength(2); expect(results.every((s) => s.emoji === "🦊")).toBe(true); }); it("finds stickers by set name", () => { - const results = searchStickers("CuteFoxes"); + const results = stickerCache.searchStickers("CuteFoxes"); expect(results).toHaveLength(2); expect(results.every((s) => s.setName === "CuteFoxes")).toBe(true); }); it("respects limit parameter", () => { - const results = searchStickers("fox", 1); + const results = stickerCache.searchStickers("fox", 1); expect(results).toHaveLength(1); }); it("ranks exact matches higher", () => { // "waving" appears in "fox waving hello" - should be ranked first - const results = searchStickers("waving"); + const results = stickerCache.searchStickers("waving"); expect(results).toHaveLength(1); expect(results[0]?.fileUniqueId).toBe("fox-unique-1"); }); it("returns empty array for no matches", () => { - const results = searchStickers("elephant"); + const results = stickerCache.searchStickers("elephant"); expect(results).toHaveLength(0); }); it("is case insensitive", () => { - const results = searchStickers("FOX"); + const results = stickerCache.searchStickers("FOX"); expect(results).toHaveLength(2); }); it("matches multiple words", () => { - const results = searchStickers("cat keyboard"); + const results = stickerCache.searchStickers("cat keyboard"); expect(results).toHaveLength(1); expect(results[0]?.fileUniqueId).toBe("cat-unique-1"); }); @@ -201,58 +206,58 @@ describe("sticker-cache", () => { describe("getAllCachedStickers", () => { it("returns empty array when cache is empty", () => { - const result = getAllCachedStickers(); + const result = stickerCache.getAllCachedStickers(); expect(result).toEqual([]); }); it("returns all cached stickers", () => { - cacheSticker({ + stickerCache.cacheSticker({ fileId: "a", fileUniqueId: "a-unique", description: "Sticker A", cachedAt: "2026-01-26T10:00:00.000Z", }); - cacheSticker({ + stickerCache.cacheSticker({ fileId: "b", fileUniqueId: "b-unique", description: "Sticker B", cachedAt: "2026-01-26T11:00:00.000Z", }); - const result = getAllCachedStickers(); + const result = stickerCache.getAllCachedStickers(); expect(result).toHaveLength(2); }); }); describe("getCacheStats", () => { it("returns count 0 when cache is empty", () => { - const stats = getCacheStats(); + const stats = stickerCache.getCacheStats(); expect(stats.count).toBe(0); expect(stats.oldestAt).toBeUndefined(); expect(stats.newestAt).toBeUndefined(); }); it("returns correct stats with cached stickers", () => { - cacheSticker({ + stickerCache.cacheSticker({ fileId: "old", fileUniqueId: "old-unique", description: "Old sticker", cachedAt: "2026-01-20T10:00:00.000Z", }); - cacheSticker({ + stickerCache.cacheSticker({ fileId: "new", fileUniqueId: "new-unique", description: "New sticker", cachedAt: "2026-01-26T10:00:00.000Z", }); - cacheSticker({ + stickerCache.cacheSticker({ fileId: "mid", fileUniqueId: "mid-unique", description: "Middle sticker", cachedAt: "2026-01-23T10:00:00.000Z", }); - const stats = getCacheStats(); + const stats = stickerCache.getCacheStats(); expect(stats.count).toBe(3); expect(stats.oldestAt).toBe("2026-01-20T10:00:00.000Z"); expect(stats.newestAt).toBe("2026-01-26T10:00:00.000Z"); diff --git a/extensions/telegram/src/sticker-cache.ts b/extensions/telegram/src/sticker-cache.ts index e6cdfbd9015..e6fd3398f16 100644 --- a/extensions/telegram/src/sticker-cache.ts +++ b/extensions/telegram/src/sticker-cache.ts @@ -1,22 +1,19 @@ -import fs from "node:fs/promises"; import path from "node:path"; -import { resolveApiKeyForProvider } from "../../../src/agents/model-auth.js"; -import type { ModelCatalogEntry } from "../../../src/agents/model-catalog.js"; +import { resolveApiKeyForProvider } from "openclaw/plugin-sdk/agent-runtime"; +import type { ModelCatalogEntry } from "openclaw/plugin-sdk/agent-runtime"; import { findModelInCatalog, loadModelCatalog, modelSupportsVision, -} from "../../../src/agents/model-catalog.js"; -import { resolveDefaultModelForAgent } from "../../../src/agents/model-selection.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { STATE_DIR } from "../../../src/config/paths.js"; -import { logVerbose } from "../../../src/globals.js"; -import { loadJsonFile, saveJsonFile } from "../../../src/infra/json-file.js"; -import { - AUTO_IMAGE_KEY_PROVIDERS, - DEFAULT_IMAGE_MODELS, -} from "../../../src/media-understanding/defaults.js"; -import { resolveAutoImageModel } from "../../../src/media-understanding/runner.js"; +} from "openclaw/plugin-sdk/agent-runtime"; +import { resolveDefaultModelForAgent } from "openclaw/plugin-sdk/agent-runtime"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { loadJsonFile, saveJsonFile } from "openclaw/plugin-sdk/json-store"; +import { AUTO_IMAGE_KEY_PROVIDERS, DEFAULT_IMAGE_MODELS } from "openclaw/plugin-sdk/media-runtime"; +import { resolveAutoImageModel } from "openclaw/plugin-sdk/media-runtime"; +import { describeImageFileWithModel } from "openclaw/plugin-sdk/media-understanding-runtime"; +import { logVerbose } from "openclaw/plugin-sdk/runtime-env"; +import { STATE_DIR } from "openclaw/plugin-sdk/state-paths"; const CACHE_FILE = path.join(STATE_DIR, "telegram", "sticker-cache.json"); const CACHE_VERSION = 1; @@ -146,14 +143,6 @@ export function getCacheStats(): { count: number; oldestAt?: string; newestAt?: const STICKER_DESCRIPTION_PROMPT = "Describe this sticker image in 1-2 sentences. Focus on what the sticker depicts (character, object, action, emotion). Be concise and objective."; -let imageRuntimePromise: Promise< - typeof import("../../../src/media-understanding/providers/image-runtime.js") -> | null = null; - -function loadImageRuntime() { - imageRuntimePromise ??= import("../../../src/media-understanding/providers/image-runtime.js"); - return imageRuntimePromise; -} export interface DescribeStickerParams { imagePath: string; @@ -247,22 +236,18 @@ export async function describeStickerImage(params: DescribeStickerParams): Promi logVerbose(`telegram: describing sticker with ${provider}/${model}`); try { - const buffer = await fs.readFile(imagePath); - // Lazy import to avoid circular dependency - const { describeImageWithModel } = await loadImageRuntime(); - const result = await describeImageWithModel({ - buffer, - fileName: "sticker.webp", + const result = await describeImageFileWithModel({ + filePath: imagePath, mime: "image/webp", - prompt: STICKER_DESCRIPTION_PROMPT, cfg, - agentDir: agentDir ?? "", + agentDir, provider, model, + prompt: STICKER_DESCRIPTION_PROMPT, maxTokens: 150, - timeoutMs: 30000, + timeoutMs: 30_000, }); - return result.text; + return result.text ?? null; } catch (err) { logVerbose(`telegram: failed to describe sticker: ${String(err)}`); return null; diff --git a/extensions/telegram/src/target-writeback.test.ts b/extensions/telegram/src/target-writeback.test.ts index bb8b2129924..8403f7e1b0f 100644 --- a/extensions/telegram/src/target-writeback.test.ts +++ b/extensions/telegram/src/target-writeback.test.ts @@ -7,29 +7,24 @@ const loadCronStore = vi.fn(); const resolveCronStorePath = vi.fn(); const saveCronStore = vi.fn(); -vi.mock("../../../src/config/config.js", async (importOriginal) => { - const actual = await importOriginal(); +vi.mock("openclaw/plugin-sdk/config-runtime", async (importOriginal) => { + const actual = await importOriginal(); return { ...actual, readConfigFileSnapshotForWrite, writeConfigFile, - }; -}); - -vi.mock("../../../src/cron/store.js", async (importOriginal) => { - const actual = await importOriginal(); - return { - ...actual, loadCronStore, resolveCronStorePath, saveCronStore, }; }); -const { maybePersistResolvedTelegramTarget } = await import("./target-writeback.js"); - describe("maybePersistResolvedTelegramTarget", () => { - beforeEach(() => { + let maybePersistResolvedTelegramTarget: typeof import("./target-writeback.js").maybePersistResolvedTelegramTarget; + + beforeEach(async () => { + vi.resetModules(); + ({ maybePersistResolvedTelegramTarget } = await import("./target-writeback.js")); readConfigFileSnapshotForWrite.mockReset(); writeConfigFile.mockReset(); loadCronStore.mockReset(); diff --git a/extensions/telegram/src/target-writeback.ts b/extensions/telegram/src/target-writeback.ts index 6423215ffa2..8e5bf197a23 100644 --- a/extensions/telegram/src/target-writeback.ts +++ b/extensions/telegram/src/target-writeback.ts @@ -1,7 +1,14 @@ -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { readConfigFileSnapshotForWrite, writeConfigFile } from "../../../src/config/config.js"; -import { loadCronStore, resolveCronStorePath, saveCronStore } from "../../../src/cron/store.js"; -import { createSubsystemLogger } from "../../../src/logging/subsystem.js"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { + readConfigFileSnapshotForWrite, + writeConfigFile, +} from "openclaw/plugin-sdk/config-runtime"; +import { + loadCronStore, + resolveCronStorePath, + saveCronStore, +} from "openclaw/plugin-sdk/config-runtime"; +import { createSubsystemLogger } from "openclaw/plugin-sdk/runtime-env"; import { normalizeTelegramChatId, normalizeTelegramLookupTarget, diff --git a/extensions/telegram/src/thread-bindings.ts b/extensions/telegram/src/thread-bindings.ts index d10fef7f72c..aaf13e15561 100644 --- a/extensions/telegram/src/thread-bindings.ts +++ b/extensions/telegram/src/thread-bindings.ts @@ -1,19 +1,19 @@ import fs from "node:fs"; import os from "node:os"; import path from "node:path"; -import { resolveThreadBindingConversationIdFromBindingId } from "../../../src/channels/thread-binding-id.js"; -import { formatThreadBindingDurationLabel } from "../../../src/channels/thread-bindings-messages.js"; -import { resolveStateDir } from "../../../src/config/paths.js"; -import { logVerbose } from "../../../src/globals.js"; -import { writeJsonAtomic } from "../../../src/infra/json-files.js"; +import { resolveThreadBindingConversationIdFromBindingId } from "openclaw/plugin-sdk/channel-runtime"; +import { formatThreadBindingDurationLabel } from "openclaw/plugin-sdk/channel-runtime"; import { registerSessionBindingAdapter, unregisterSessionBindingAdapter, type BindingTargetKind, type SessionBindingRecord, -} from "../../../src/infra/outbound/session-binding-service.js"; -import { normalizeAccountId } from "../../../src/routing/session-key.js"; -import { resolveGlobalSingleton } from "../../../src/shared/global-singleton.js"; +} from "openclaw/plugin-sdk/conversation-runtime"; +import { writeJsonAtomic } from "openclaw/plugin-sdk/infra-runtime"; +import { normalizeAccountId } from "openclaw/plugin-sdk/routing"; +import { logVerbose } from "openclaw/plugin-sdk/runtime-env"; +import { resolveStateDir } from "openclaw/plugin-sdk/state-paths"; +import { resolveGlobalSingleton } from "openclaw/plugin-sdk/text-runtime"; const DEFAULT_THREAD_BINDING_IDLE_TIMEOUT_MS = 24 * 60 * 60 * 1000; const DEFAULT_THREAD_BINDING_MAX_AGE_MS = 0; diff --git a/extensions/telegram/src/token.ts b/extensions/telegram/src/token.ts index 827b4899e21..7a23a34ab12 100644 --- a/extensions/telegram/src/token.ts +++ b/extensions/telegram/src/token.ts @@ -1,9 +1,9 @@ -import type { BaseTokenResolution } from "../../../src/channels/plugins/types.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { normalizeResolvedSecretInputString } from "../../../src/config/types.secrets.js"; -import type { TelegramAccountConfig } from "../../../src/config/types.telegram.js"; -import { tryReadSecretFileSync } from "../../../src/infra/secret-file.js"; -import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js"; +import type { BaseTokenResolution } from "openclaw/plugin-sdk/channel-runtime"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { normalizeResolvedSecretInputString } from "openclaw/plugin-sdk/config-runtime"; +import { tryReadSecretFileSync } from "openclaw/plugin-sdk/infra-runtime"; +import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "openclaw/plugin-sdk/routing"; +import type { TelegramAccountConfig } from "openclaw/plugin-sdk/telegram"; export type TelegramTokenSource = "env" | "tokenFile" | "config" | "none"; diff --git a/extensions/telegram/src/update-offset-store.ts b/extensions/telegram/src/update-offset-store.ts index 55b4e96ae23..395b5c1e450 100644 --- a/extensions/telegram/src/update-offset-store.ts +++ b/extensions/telegram/src/update-offset-store.ts @@ -1,8 +1,8 @@ import fs from "node:fs/promises"; import os from "node:os"; import path from "node:path"; -import { resolveStateDir } from "../../../src/config/paths.js"; -import { writeJsonAtomic } from "../../../src/infra/json-files.js"; +import { writeJsonAtomic } from "openclaw/plugin-sdk/infra-runtime"; +import { resolveStateDir } from "openclaw/plugin-sdk/state-paths"; const STORE_VERSION = 2; diff --git a/extensions/telegram/src/voice.ts b/extensions/telegram/src/voice.ts index 865bd82d72e..8a452471603 100644 --- a/extensions/telegram/src/voice.ts +++ b/extensions/telegram/src/voice.ts @@ -1,4 +1,4 @@ -import { isTelegramVoiceCompatibleAudio } from "../../../src/media/audio.js"; +import { isTelegramVoiceCompatibleAudio } from "openclaw/plugin-sdk/media-runtime"; export function resolveTelegramVoiceDecision(opts: { wantsVoice: boolean; diff --git a/extensions/telegram/src/webhook.test.ts b/extensions/telegram/src/webhook.test.ts index 0f2736a30b9..549e73f9ba3 100644 --- a/extensions/telegram/src/webhook.test.ts +++ b/extensions/telegram/src/webhook.test.ts @@ -40,6 +40,35 @@ function collectResponseBody( }); } +function createSingleSettlement(params: { + resolve: (value: T) => void; + reject: (error: unknown) => void; + clear: () => void; +}) { + let settled = false; + return { + isSettled() { + return settled; + }, + resolve(value: T) { + if (settled) { + return; + } + settled = true; + params.clear(); + params.resolve(value); + }, + reject(error: unknown) { + if (settled) { + return; + } + settled = true; + params.clear(); + params.reject(error); + }, + }; +} + vi.mock("grammy", async (importOriginal) => { const actual = await importOriginal(); return { @@ -96,23 +125,11 @@ async function postWebhookHeadersOnly(params: { timeoutMs?: number; }): Promise<{ statusCode: number; body: string }> { return await new Promise((resolve, reject) => { - let settled = false; - const finishResolve = (value: { statusCode: number; body: string }) => { - if (settled) { - return; - } - settled = true; - clearTimeout(timeout); - resolve(value); - }; - const finishReject = (error: unknown) => { - if (settled) { - return; - } - settled = true; - clearTimeout(timeout); - reject(error); - }; + const settle = createSingleSettlement({ + resolve, + reject, + clear: () => clearTimeout(timeout), + }); const req = request( { @@ -128,7 +145,7 @@ async function postWebhookHeadersOnly(params: { }, (res) => { collectResponseBody(res, (payload) => { - finishResolve(payload); + settle.resolve(payload); req.destroy(); }); }, @@ -138,14 +155,14 @@ async function postWebhookHeadersOnly(params: { req.destroy( new Error(`webhook header-only post timed out after ${params.timeoutMs ?? 5_000}ms`), ); - finishReject(new Error("timed out waiting for webhook response")); + settle.reject(new Error("timed out waiting for webhook response")); }, params.timeoutMs ?? 5_000); req.on("error", (error) => { - if (settled && (error as NodeJS.ErrnoException).code === "ECONNRESET") { + if (settle.isSettled() && (error as NodeJS.ErrnoException).code === "ECONNRESET") { return; } - finishReject(error); + settle.reject(error); }); req.flushHeaders(); @@ -173,23 +190,11 @@ async function postWebhookPayloadWithChunkPlan(params: { let bytesQueued = 0; let chunksQueued = 0; let phase: "writing" | "awaiting-response" = "writing"; - let settled = false; - const finishResolve = (value: { statusCode: number; body: string }) => { - if (settled) { - return; - } - settled = true; - clearTimeout(timeout); - resolve(value); - }; - const finishReject = (error: unknown) => { - if (settled) { - return; - } - settled = true; - clearTimeout(timeout); - reject(error); - }; + const settle = createSingleSettlement({ + resolve, + reject, + clear: () => clearTimeout(timeout), + }); const req = request( { @@ -204,12 +209,12 @@ async function postWebhookPayloadWithChunkPlan(params: { }, }, (res) => { - collectResponseBody(res, finishResolve); + collectResponseBody(res, settle.resolve); }, ); const timeout = setTimeout(() => { - finishReject( + settle.reject( new Error( `webhook post timed out after ${params.timeoutMs ?? 15_000}ms (phase=${phase}, bytesQueued=${bytesQueued}, chunksQueued=${chunksQueued}, totalBytes=${payloadBuffer.length})`, ), @@ -218,7 +223,7 @@ async function postWebhookPayloadWithChunkPlan(params: { }, params.timeoutMs ?? 15_000); req.on("error", (error) => { - finishReject(error); + settle.reject(error); }); const writeAll = async () => { @@ -251,7 +256,7 @@ async function postWebhookPayloadWithChunkPlan(params: { }; void writeAll().catch((error) => { - finishReject(error); + settle.reject(error); }); }); } diff --git a/extensions/telegram/src/webhook.ts b/extensions/telegram/src/webhook.ts index 39458ae036a..076bd12b279 100644 --- a/extensions/telegram/src/webhook.ts +++ b/extensions/telegram/src/webhook.ts @@ -1,19 +1,19 @@ import { timingSafeEqual } from "node:crypto"; import { createServer } from "node:http"; import { InputFile, webhookCallback } from "grammy"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { isDiagnosticsEnabled } from "../../../src/infra/diagnostic-events.js"; -import { formatErrorMessage } from "../../../src/infra/errors.js"; -import { readJsonBodyWithLimit } from "../../../src/infra/http-body.js"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { isDiagnosticsEnabled } from "openclaw/plugin-sdk/infra-runtime"; +import { formatErrorMessage } from "openclaw/plugin-sdk/infra-runtime"; +import { readJsonBodyWithLimit } from "openclaw/plugin-sdk/infra-runtime"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; +import { defaultRuntime } from "openclaw/plugin-sdk/runtime-env"; import { logWebhookError, logWebhookProcessed, logWebhookReceived, startDiagnosticHeartbeat, stopDiagnosticHeartbeat, -} from "../../../src/logging/diagnostic.js"; -import type { RuntimeEnv } from "../../../src/runtime.js"; -import { defaultRuntime } from "../../../src/runtime.js"; +} from "openclaw/plugin-sdk/text-runtime"; import { resolveTelegramAllowedUpdates } from "./allowed-updates.js"; import { withTelegramApiErrorLogging } from "./api-logging.js"; import { createTelegramBot } from "./bot.js"; diff --git a/extensions/thread-ownership/api.ts b/extensions/thread-ownership/api.ts new file mode 100644 index 00000000000..d94a5fd68e1 --- /dev/null +++ b/extensions/thread-ownership/api.ts @@ -0,0 +1 @@ +export * from "openclaw/plugin-sdk/thread-ownership"; diff --git a/extensions/thread-ownership/index.test.ts b/extensions/thread-ownership/index.test.ts index 3d98d8f9735..44bdf51b312 100644 --- a/extensions/thread-ownership/index.test.ts +++ b/extensions/thread-ownership/index.test.ts @@ -39,7 +39,7 @@ describe("thread-ownership plugin", () => { }); it("registers message_received and message_sending hooks", () => { - register(api as any); + register.register(api as any); expect(api.on).toHaveBeenCalledTimes(2); expect(api.on).toHaveBeenCalledWith("message_received", expect.any(Function)); @@ -48,7 +48,7 @@ describe("thread-ownership plugin", () => { describe("message_sending", () => { beforeEach(() => { - register(api as any); + register.register(api as any); }); async function sendSlackThreadMessage() { @@ -120,7 +120,7 @@ describe("thread-ownership plugin", () => { describe("message_received @-mention tracking", () => { beforeEach(() => { - register(api as any); + register.register(api as any); }); it("tracks @-mentions and skips ownership check for mentioned threads", async () => { diff --git a/extensions/thread-ownership/index.ts b/extensions/thread-ownership/index.ts index f0d2cb6291b..603b064bc68 100644 --- a/extensions/thread-ownership/index.ts +++ b/extensions/thread-ownership/index.ts @@ -1,4 +1,4 @@ -import type { OpenClawConfig, OpenClawPluginApi } from "openclaw/plugin-sdk/thread-ownership"; +import { definePluginEntry, type OpenClawConfig, type OpenClawPluginApi } from "./api.js"; type ThreadOwnershipConfig = { forwarderUrl?: string; @@ -39,95 +39,79 @@ function resolveOwnershipAgent(config: OpenClawConfig): { id: string; name: stri return { id, name }; } -export default function register(api: OpenClawPluginApi) { - const pluginCfg = (api.pluginConfig ?? {}) as ThreadOwnershipConfig; - const forwarderUrl = ( - pluginCfg.forwarderUrl ?? - process.env.SLACK_FORWARDER_URL ?? - "http://slack-forwarder:8750" - ).replace(/\/$/, ""); +export default definePluginEntry({ + id: "thread-ownership", + name: "Thread Ownership", + description: "Slack thread claim coordination for multi-agent setups", + register(api: OpenClawPluginApi) { + const pluginCfg = (api.pluginConfig ?? {}) as ThreadOwnershipConfig; + const forwarderUrl = ( + pluginCfg.forwarderUrl ?? + process.env.SLACK_FORWARDER_URL ?? + "http://slack-forwarder:8750" + ).replace(/\/$/, ""); - const abTestChannels = new Set( - pluginCfg.abTestChannels ?? - process.env.THREAD_OWNERSHIP_CHANNELS?.split(",").filter(Boolean) ?? - [], - ); + const abTestChannels = new Set( + pluginCfg.abTestChannels ?? + process.env.THREAD_OWNERSHIP_CHANNELS?.split(",").filter(Boolean) ?? + [], + ); - const { id: agentId, name: agentName } = resolveOwnershipAgent(api.config); - const botUserId = process.env.SLACK_BOT_USER_ID ?? ""; + const { id: agentId, name: agentName } = resolveOwnershipAgent(api.config); + const botUserId = process.env.SLACK_BOT_USER_ID ?? ""; - // --------------------------------------------------------------------------- - // message_received: track @-mentions so the agent can reply even if it - // doesn't own the thread. - // --------------------------------------------------------------------------- - api.on("message_received", async (event, ctx) => { - if (ctx.channelId !== "slack") return; + api.on("message_received", async (event, ctx) => { + if (ctx.channelId !== "slack") return; - const text = event.content ?? ""; - const threadTs = (event.metadata?.threadTs as string) ?? ""; - const channelId = (event.metadata?.channelId as string) ?? ctx.conversationId ?? ""; + const text = event.content ?? ""; + const threadTs = (event.metadata?.threadTs as string) ?? ""; + const channelId = (event.metadata?.channelId as string) ?? ctx.conversationId ?? ""; + if (!threadTs || !channelId) return; - if (!threadTs || !channelId) return; + const mentioned = + (agentName && text.includes(`@${agentName}`)) || + (botUserId && text.includes(`<@${botUserId}>`)); + if (mentioned) { + cleanExpiredMentions(); + mentionedThreads.set(`${channelId}:${threadTs}`, Date.now()); + } + }); - // Check if this agent was @-mentioned. - const mentioned = - (agentName && text.includes(`@${agentName}`)) || - (botUserId && text.includes(`<@${botUserId}>`)); + api.on("message_sending", async (event, ctx) => { + if (ctx.channelId !== "slack") return; + + const threadTs = (event.metadata?.threadTs as string) ?? ""; + const channelId = (event.metadata?.channelId as string) ?? event.to; + if (!threadTs) return; + if (abTestChannels.size > 0 && !abTestChannels.has(channelId)) return; - if (mentioned) { cleanExpiredMentions(); - mentionedThreads.set(`${channelId}:${threadTs}`, Date.now()); - } - }); + if (mentionedThreads.has(`${channelId}:${threadTs}`)) return; - // --------------------------------------------------------------------------- - // message_sending: check thread ownership before sending to Slack. - // Returns { cancel: true } if another agent owns the thread. - // --------------------------------------------------------------------------- - api.on("message_sending", async (event, ctx) => { - if (ctx.channelId !== "slack") return; + try { + const resp = await fetch(`${forwarderUrl}/api/v1/ownership/${channelId}/${threadTs}`, { + method: "POST", + headers: { "Content-Type": "application/json" }, + body: JSON.stringify({ agent_id: agentId }), + signal: AbortSignal.timeout(3000), + }); - const threadTs = (event.metadata?.threadTs as string) ?? ""; - const channelId = (event.metadata?.channelId as string) ?? event.to; - - // Top-level messages (no thread) are always allowed. - if (!threadTs) return; - - // Only enforce in A/B test channels (if set is empty, skip entirely). - if (abTestChannels.size > 0 && !abTestChannels.has(channelId)) return; - - // If this agent was @-mentioned in this thread recently, skip ownership check. - cleanExpiredMentions(); - if (mentionedThreads.has(`${channelId}:${threadTs}`)) return; - - // Try to claim ownership via the forwarder HTTP API. - try { - const resp = await fetch(`${forwarderUrl}/api/v1/ownership/${channelId}/${threadTs}`, { - method: "POST", - headers: { "Content-Type": "application/json" }, - body: JSON.stringify({ agent_id: agentId }), - signal: AbortSignal.timeout(3000), - }); - - if (resp.ok) { - // We own it (or just claimed it), proceed. - return; - } - - if (resp.status === 409) { - // Another agent owns this thread — cancel the send. - const body = (await resp.json()) as { owner?: string }; - api.logger.info?.( - `thread-ownership: cancelled send to ${channelId}:${threadTs} — owned by ${body.owner}`, + if (resp.ok) { + return; + } + if (resp.status === 409) { + const body = (await resp.json()) as { owner?: string }; + api.logger.info?.( + `thread-ownership: cancelled send to ${channelId}:${threadTs} — owned by ${body.owner}`, + ); + return { cancel: true }; + } + api.logger.warn?.(`thread-ownership: unexpected status ${resp.status}, allowing send`); + } catch (err) { + api.logger.warn?.( + `thread-ownership: ownership check failed (${String(err)}), allowing send`, ); - return { cancel: true }; } - - // Unexpected status — fail open. - api.logger.warn?.(`thread-ownership: unexpected status ${resp.status}, allowing send`); - } catch (err) { - // Network error — fail open. - api.logger.warn?.(`thread-ownership: ownership check failed (${String(err)}), allowing send`); - } - }); -} + }); + }, +}); diff --git a/extensions/tlon/api.ts b/extensions/tlon/api.ts new file mode 100644 index 00000000000..8f7fe4d268b --- /dev/null +++ b/extensions/tlon/api.ts @@ -0,0 +1,2 @@ +export * from "./src/setup-core.js"; +export * from "./src/setup-surface.js"; diff --git a/extensions/tlon/index.ts b/extensions/tlon/index.ts index 2927a9a4b53..a59c7bcb9f2 100644 --- a/extensions/tlon/index.ts +++ b/extensions/tlon/index.ts @@ -2,14 +2,15 @@ import { spawn } from "node:child_process"; import { existsSync } from "node:fs"; import { dirname, join } from "node:path"; import { fileURLToPath } from "node:url"; -import type { OpenClawPluginApi } from "openclaw/plugin-sdk/tlon"; -import { emptyPluginConfigSchema } from "openclaw/plugin-sdk/tlon"; +import { defineChannelPluginEntry } from "openclaw/plugin-sdk/core"; import { tlonPlugin } from "./src/channel.js"; import { setTlonRuntime } from "./src/runtime.js"; +export { tlonPlugin } from "./src/channel.js"; +export { setTlonRuntime } from "./src/runtime.js"; + const __dirname = dirname(fileURLToPath(import.meta.url)); -// Whitelist of allowed tlon subcommands const ALLOWED_TLON_COMMANDS = new Set([ "activity", "channels", @@ -24,40 +25,29 @@ const ALLOWED_TLON_COMMANDS = new Set([ "version", ]); -/** - * Find the tlon binary from the skill package - */ let cachedTlonBinary: string | undefined; function findTlonBinary(): string { if (cachedTlonBinary) { return cachedTlonBinary; } - // Check in node_modules/.bin const skillBin = join(__dirname, "node_modules", ".bin", "tlon"); if (existsSync(skillBin)) { cachedTlonBinary = skillBin; return skillBin; } - // Check for platform-specific binary directly - const platform = process.platform; - const arch = process.arch; - const platformPkg = `@tloncorp/tlon-skill-${platform}-${arch}`; + const platformPkg = `@tloncorp/tlon-skill-${process.platform}-${process.arch}`; const platformBin = join(__dirname, "node_modules", platformPkg, "tlon"); if (existsSync(platformBin)) { cachedTlonBinary = platformBin; return platformBin; } - // Fallback to PATH cachedTlonBinary = "tlon"; return cachedTlonBinary; } -/** - * Shell-like argument splitter that respects quotes - */ function shellSplit(str: string): string[] { const args: string[] = []; let cur = ""; @@ -92,18 +82,15 @@ function shellSplit(str: string): string[] { } cur += ch; } - if (cur) args.push(cur); + if (cur) { + args.push(cur); + } return args; } -/** - * Run the tlon command and return the result - */ function runTlonCommand(binary: string, args: string[]): Promise { return new Promise((resolve, reject) => { - const child = spawn(binary, args, { - env: process.env, - }); + const child = spawn(binary, args, { env: process.env }); let stdout = ""; let stderr = ""; @@ -123,25 +110,20 @@ function runTlonCommand(binary: string, args: string[]): Promise { child.on("close", (code) => { if (code !== 0) { reject(new Error(stderr || `tlon exited with code ${code}`)); - } else { - resolve(stdout); + return; } + resolve(stdout); }); }); } -const plugin = { +export default defineChannelPluginEntry({ id: "tlon", name: "Tlon", description: "Tlon/Urbit channel plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { - setTlonRuntime(api.runtime); - api.registerChannel({ plugin: tlonPlugin }); - if (api.registrationMode !== "full") { - return; - } - + plugin: tlonPlugin, + setRuntime: setTlonRuntime, + registerFull(api) { api.logger.debug?.("[tlon] Registering tlon tool"); api.registerTool({ name: "tlon", @@ -164,9 +146,6 @@ const plugin = { async execute(_id: string, params: { command: string }) { try { const args = shellSplit(params.command); - const tlonBinary = findTlonBinary(); - - // Validate first argument is a whitelisted tlon subcommand const subcommand = args[0]; if (!ALLOWED_TLON_COMMANDS.has(subcommand)) { return { @@ -180,7 +159,7 @@ const plugin = { }; } - const output = await runTlonCommand(tlonBinary, args); + const output = await runTlonCommand(findTlonBinary(), args); return { content: [{ type: "text" as const, text: output }], details: undefined, @@ -194,6 +173,4 @@ const plugin = { }, }); }, -}; - -export default plugin; +}); diff --git a/extensions/tlon/setup-entry.ts b/extensions/tlon/setup-entry.ts index 667e917c8da..6a14ba3bade 100644 --- a/extensions/tlon/setup-entry.ts +++ b/extensions/tlon/setup-entry.ts @@ -1,5 +1,4 @@ +import { defineSetupPluginEntry } from "openclaw/plugin-sdk/core"; import { tlonPlugin } from "./src/channel.js"; -export default { - plugin: tlonPlugin, -}; +export default defineSetupPluginEntry(tlonPlugin); diff --git a/extensions/tlon/src/channel.runtime.ts b/extensions/tlon/src/channel.runtime.ts new file mode 100644 index 00000000000..525359a2a4e --- /dev/null +++ b/extensions/tlon/src/channel.runtime.ts @@ -0,0 +1,242 @@ +import crypto from "node:crypto"; +import { configureClient } from "@tloncorp/api"; +import type { + ChannelOutboundAdapter, + ChannelPlugin, + OpenClawConfig, +} from "openclaw/plugin-sdk/tlon"; +import { monitorTlonProvider } from "./monitor/index.js"; +import { tlonSetupWizard } from "./setup-surface.js"; +import { + formatTargetHint, + normalizeShip, + parseTlonTarget, + resolveTlonOutboundTarget, +} from "./targets.js"; +import { resolveTlonAccount } from "./types.js"; +import { authenticate } from "./urbit/auth.js"; +import { ssrfPolicyFromAllowPrivateNetwork } from "./urbit/context.js"; +import { urbitFetch } from "./urbit/fetch.js"; +import { + buildMediaStory, + sendDm, + sendDmWithStory, + sendGroupMessage, + sendGroupMessageWithStory, +} from "./urbit/send.js"; +import { uploadImageFromUrl } from "./urbit/upload.js"; + +type ResolvedTlonAccount = ReturnType; +type ConfiguredTlonAccount = ResolvedTlonAccount & { + ship: string; + url: string; + code: string; +}; + +async function createHttpPokeApi(params: { + url: string; + code: string; + ship: string; + allowPrivateNetwork?: boolean; +}) { + const ssrfPolicy = ssrfPolicyFromAllowPrivateNetwork(params.allowPrivateNetwork); + const cookie = await authenticate(params.url, params.code, { ssrfPolicy }); + const channelId = `${Math.floor(Date.now() / 1000)}-${crypto.randomUUID()}`; + const channelPath = `/~/channel/${channelId}`; + const shipName = params.ship.replace(/^~/, ""); + + return { + poke: async (pokeParams: { app: string; mark: string; json: unknown }) => { + const pokeId = Date.now(); + const pokeData = { + id: pokeId, + action: "poke", + ship: shipName, + app: pokeParams.app, + mark: pokeParams.mark, + json: pokeParams.json, + }; + + const { response, release } = await urbitFetch({ + baseUrl: params.url, + path: channelPath, + init: { + method: "PUT", + headers: { + "Content-Type": "application/json", + Cookie: cookie.split(";")[0], + }, + body: JSON.stringify([pokeData]), + }, + ssrfPolicy, + auditContext: "tlon-poke", + }); + + try { + if (!response.ok && response.status !== 204) { + const errorText = await response.text(); + throw new Error(`Poke failed: ${response.status} - ${errorText}`); + } + + return pokeId; + } finally { + await release(); + } + }, + delete: async () => { + // No-op for HTTP-only client + }, + }; +} + +function resolveOutboundContext(params: { + cfg: OpenClawConfig; + accountId?: string | null; + to: string; +}) { + const account = resolveTlonAccount(params.cfg, params.accountId ?? undefined); + if (!account.configured || !account.ship || !account.url || !account.code) { + throw new Error("Tlon account not configured"); + } + + const parsed = parseTlonTarget(params.to); + if (!parsed) { + throw new Error(`Invalid Tlon target. Use ${formatTargetHint()}`); + } + + return { account: account as ConfiguredTlonAccount, parsed }; +} + +function resolveReplyId(replyToId?: string | null, threadId?: string | number | null) { + return (replyToId ?? threadId) ? String(replyToId ?? threadId) : undefined; +} + +async function withHttpPokeAccountApi( + account: ConfiguredTlonAccount, + run: (api: Awaited>) => Promise, +) { + const api = await createHttpPokeApi({ + url: account.url, + ship: account.ship, + code: account.code, + allowPrivateNetwork: account.allowPrivateNetwork ?? undefined, + }); + + try { + return await run(api); + } finally { + try { + await api.delete(); + } catch { + // ignore cleanup errors + } + } +} + +export const tlonRuntimeOutbound: ChannelOutboundAdapter = { + deliveryMode: "direct", + textChunkLimit: 10000, + resolveTarget: ({ to }) => resolveTlonOutboundTarget(to), + sendText: async ({ cfg, to, text, accountId, replyToId, threadId }) => { + const { account, parsed } = resolveOutboundContext({ cfg, accountId, to }); + return withHttpPokeAccountApi(account, async (api) => { + const fromShip = normalizeShip(account.ship); + if (parsed.kind === "dm") { + return await sendDm({ + api, + fromShip, + toShip: parsed.ship, + text, + }); + } + return await sendGroupMessage({ + api, + fromShip, + hostShip: parsed.hostShip, + channelName: parsed.channelName, + text, + replyToId: resolveReplyId(replyToId, threadId), + }); + }); + }, + sendMedia: async ({ cfg, to, text, mediaUrl, accountId, replyToId, threadId }) => { + const { account, parsed } = resolveOutboundContext({ cfg, accountId, to }); + + configureClient({ + shipUrl: account.url, + shipName: account.ship.replace(/^~/, ""), + verbose: false, + getCode: async () => account.code, + }); + + const uploadedUrl = mediaUrl ? await uploadImageFromUrl(mediaUrl) : undefined; + return withHttpPokeAccountApi(account, async (api) => { + const fromShip = normalizeShip(account.ship); + const story = buildMediaStory(text, uploadedUrl); + + if (parsed.kind === "dm") { + return await sendDmWithStory({ + api, + fromShip, + toShip: parsed.ship, + story, + }); + } + return await sendGroupMessageWithStory({ + api, + fromShip, + hostShip: parsed.hostShip, + channelName: parsed.channelName, + story, + replyToId: resolveReplyId(replyToId, threadId), + }); + }); + }, +}; + +export async function probeTlonAccount(account: ConfiguredTlonAccount) { + try { + const ssrfPolicy = ssrfPolicyFromAllowPrivateNetwork(account.allowPrivateNetwork); + const cookie = await authenticate(account.url, account.code, { ssrfPolicy }); + const { response, release } = await urbitFetch({ + baseUrl: account.url, + path: "/~/name", + init: { + method: "GET", + headers: { Cookie: cookie }, + }, + ssrfPolicy, + timeoutMs: 30_000, + auditContext: "tlon-probe-account", + }); + try { + if (!response.ok) { + return { ok: false, error: `Name request failed: ${response.status}` }; + } + return { ok: true }; + } finally { + await release(); + } + } catch (error) { + return { ok: false, error: (error as { message?: string })?.message ?? String(error) }; + } +} + +export async function startTlonGatewayAccount( + ctx: Parameters["startAccount"]>>[0], +) { + const account = ctx.account; + ctx.setStatus({ + accountId: account.accountId, + ship: account.ship, + url: account.url, + } as import("openclaw/plugin-sdk/tlon").ChannelAccountSnapshot); + ctx.log?.info(`[${account.accountId}] starting Tlon provider for ${account.ship ?? "tlon"}`); + return monitorTlonProvider({ + runtime: ctx.runtime, + abortSignal: ctx.abortSignal, + accountId: account.accountId, + }); +} + +export { tlonSetupWizard }; diff --git a/extensions/tlon/src/channel.ts b/extensions/tlon/src/channel.ts index 9282fcf92f9..daea0d8a52e 100644 --- a/extensions/tlon/src/channel.ts +++ b/extensions/tlon/src/channel.ts @@ -1,212 +1,40 @@ -import crypto from "node:crypto"; -import { configureClient } from "@tloncorp/api"; -import type { - ChannelOutboundAdapter, - ChannelPlugin, - OpenClawConfig, -} from "openclaw/plugin-sdk/tlon"; +import { createLazyRuntimeModule } from "openclaw/plugin-sdk/lazy-runtime"; +import type { ChannelPlugin, OpenClawConfig } from "openclaw/plugin-sdk/tlon"; import { tlonChannelConfigSchema } from "./config-schema.js"; -import { monitorTlonProvider } from "./monitor/index.js"; -import { tlonSetupAdapter } from "./setup-core.js"; -import { tlonSetupWizard } from "./setup-surface.js"; -import { formatTargetHint, normalizeShip, parseTlonTarget } from "./targets.js"; -import { resolveTlonAccount, listTlonAccountIds } from "./types.js"; -import { authenticate } from "./urbit/auth.js"; -import { ssrfPolicyFromAllowPrivateNetwork } from "./urbit/context.js"; -import { urbitFetch } from "./urbit/fetch.js"; import { - buildMediaStory, - sendDm, - sendGroupMessage, - sendDmWithStory, - sendGroupMessageWithStory, -} from "./urbit/send.js"; -import { uploadImageFromUrl } from "./urbit/upload.js"; - -// Simple HTTP-only poke that doesn't open an EventSource (avoids conflict with monitor's SSE) -async function createHttpPokeApi(params: { - url: string; - code: string; - ship: string; - allowPrivateNetwork?: boolean; -}) { - const ssrfPolicy = ssrfPolicyFromAllowPrivateNetwork(params.allowPrivateNetwork); - const cookie = await authenticate(params.url, params.code, { ssrfPolicy }); - const channelId = `${Math.floor(Date.now() / 1000)}-${crypto.randomUUID()}`; - const channelPath = `/~/channel/${channelId}`; - const shipName = params.ship.replace(/^~/, ""); - - return { - poke: async (pokeParams: { app: string; mark: string; json: unknown }) => { - const pokeId = Date.now(); - const pokeData = { - id: pokeId, - action: "poke", - ship: shipName, - app: pokeParams.app, - mark: pokeParams.mark, - json: pokeParams.json, - }; - - // Use urbitFetch for consistent SSRF protection (DNS pinning + redirect handling) - const { response, release } = await urbitFetch({ - baseUrl: params.url, - path: channelPath, - init: { - method: "PUT", - headers: { - "Content-Type": "application/json", - Cookie: cookie.split(";")[0], - }, - body: JSON.stringify([pokeData]), - }, - ssrfPolicy, - auditContext: "tlon-poke", - }); - - try { - if (!response.ok && response.status !== 204) { - const errorText = await response.text(); - throw new Error(`Poke failed: ${response.status} - ${errorText}`); - } - - return pokeId; - } finally { - await release(); - } - }, - delete: async () => { - // No-op for HTTP-only client - }, - }; -} + applyTlonSetupConfig, + createTlonSetupWizardBase, + resolveTlonSetupConfigured, + tlonSetupAdapter, +} from "./setup-core.js"; +import { + formatTargetHint, + normalizeShip, + parseTlonTarget, + resolveTlonOutboundTarget, +} from "./targets.js"; +import { resolveTlonAccount, listTlonAccountIds } from "./types.js"; +import { validateUrbitBaseUrl } from "./urbit/base-url.js"; const TLON_CHANNEL_ID = "tlon" as const; -type ResolvedTlonAccount = ReturnType; -type ConfiguredTlonAccount = ResolvedTlonAccount & { - ship: string; - url: string; - code: string; -}; +const loadTlonChannelRuntime = createLazyRuntimeModule(() => import("./channel.runtime.js")); -function resolveOutboundContext(params: { - cfg: OpenClawConfig; - accountId?: string | null; - to: string; -}) { - const account = resolveTlonAccount(params.cfg, params.accountId ?? undefined); - if (!account.configured || !account.ship || !account.url || !account.code) { - throw new Error("Tlon account not configured"); - } - - const parsed = parseTlonTarget(params.to); - if (!parsed) { - throw new Error(`Invalid Tlon target. Use ${formatTargetHint()}`); - } - - return { account: account as ConfiguredTlonAccount, parsed }; -} - -function resolveReplyId(replyToId?: string | null, threadId?: string | number | null) { - return (replyToId ?? threadId) ? String(replyToId ?? threadId) : undefined; -} - -async function withHttpPokeAccountApi( - account: ConfiguredTlonAccount, - run: (api: Awaited>) => Promise, -) { - const api = await createHttpPokeApi({ - url: account.url, - ship: account.ship, - code: account.code, - allowPrivateNetwork: account.allowPrivateNetwork ?? undefined, - }); - - try { - return await run(api); - } finally { - try { - await api.delete(); - } catch { - // ignore cleanup errors - } - } -} - -const tlonOutbound: ChannelOutboundAdapter = { - deliveryMode: "direct", - textChunkLimit: 10000, - resolveTarget: ({ to }) => { - const parsed = parseTlonTarget(to ?? ""); - if (!parsed) { - return { - ok: false, - error: new Error(`Invalid Tlon target. Use ${formatTargetHint()}`), - }; - } - if (parsed.kind === "dm") { - return { ok: true, to: parsed.ship }; - } - return { ok: true, to: parsed.nest }; - }, - sendText: async ({ cfg, to, text, accountId, replyToId, threadId }) => { - const { account, parsed } = resolveOutboundContext({ cfg, accountId, to }); - return withHttpPokeAccountApi(account, async (api) => { - const fromShip = normalizeShip(account.ship); - if (parsed.kind === "dm") { - return await sendDm({ - api, - fromShip, - toShip: parsed.ship, - text, - }); - } - return await sendGroupMessage({ - api, - fromShip, - hostShip: parsed.hostShip, - channelName: parsed.channelName, - text, - replyToId: resolveReplyId(replyToId, threadId), - }); - }); - }, - sendMedia: async ({ cfg, to, text, mediaUrl, accountId, replyToId, threadId }) => { - const { account, parsed } = resolveOutboundContext({ cfg, accountId, to }); - - // Configure the API client for uploads - configureClient({ - shipUrl: account.url, - shipName: account.ship.replace(/^~/, ""), - verbose: false, - getCode: async () => account.code, - }); - - const uploadedUrl = mediaUrl ? await uploadImageFromUrl(mediaUrl) : undefined; - return withHttpPokeAccountApi(account, async (api) => { - const fromShip = normalizeShip(account.ship); - const story = buildMediaStory(text, uploadedUrl); - - if (parsed.kind === "dm") { - return await sendDmWithStory({ - api, - fromShip, - toShip: parsed.ship, - story, - }); - } - return await sendGroupMessageWithStory({ - api, - fromShip, - hostShip: parsed.hostShip, - channelName: parsed.channelName, - story, - replyToId: resolveReplyId(replyToId, threadId), - }); - }); - }, -}; +const tlonSetupWizardProxy = createTlonSetupWizardBase({ + resolveConfigured: async ({ cfg }) => + await (await loadTlonChannelRuntime()).tlonSetupWizard.status.resolveConfigured({ cfg }), + resolveStatusLines: async ({ cfg, configured }) => + (await ( + await loadTlonChannelRuntime() + ).tlonSetupWizard.status.resolveStatusLines?.({ + cfg, + configured, + })) ?? [], + finalize: async (params) => + await ( + await loadTlonChannelRuntime() + ).tlonSetupWizard.finalize!(params), +}) satisfies NonNullable; export const tlonPlugin: ChannelPlugin = { id: TLON_CHANNEL_ID, @@ -227,7 +55,7 @@ export const tlonPlugin: ChannelPlugin = { threads: true, }, setup: tlonSetupAdapter, - setupWizard: tlonSetupWizard, + setupWizard: tlonSetupWizardProxy, reload: { configPrefixes: ["channels.tlon"] }, configSchema: tlonChannelConfigSchema, config: { @@ -321,7 +149,19 @@ export const tlonPlugin: ChannelPlugin = { hint: formatTargetHint(), }, }, - outbound: tlonOutbound, + outbound: { + deliveryMode: "direct", + textChunkLimit: 10000, + resolveTarget: ({ to }) => resolveTlonOutboundTarget(to), + sendText: async (params) => + await ( + await loadTlonChannelRuntime() + ).tlonRuntimeOutbound.sendText!(params), + sendMedia: async (params) => + await ( + await loadTlonChannelRuntime() + ).tlonRuntimeOutbound.sendMedia!(params), + }, status: { defaultRuntime: { accountId: "default", @@ -357,32 +197,7 @@ export const tlonPlugin: ChannelPlugin = { if (!account.configured || !account.ship || !account.url || !account.code) { return { ok: false, error: "Not configured" }; } - try { - const ssrfPolicy = ssrfPolicyFromAllowPrivateNetwork(account.allowPrivateNetwork); - const cookie = await authenticate(account.url, account.code, { ssrfPolicy }); - // Simple probe - just verify we can reach /~/name - const { response, release } = await urbitFetch({ - baseUrl: account.url, - path: "/~/name", - init: { - method: "GET", - headers: { Cookie: cookie }, - }, - ssrfPolicy, - timeoutMs: 30_000, - auditContext: "tlon-probe-account", - }); - try { - if (!response.ok) { - return { ok: false, error: `Name request failed: ${response.status}` }; - } - return { ok: true }; - } finally { - await release(); - } - } catch (error) { - return { ok: false, error: (error as { message?: string })?.message ?? String(error) }; - } + return await (await loadTlonChannelRuntime()).probeTlonAccount(account as never); }, buildAccountSnapshot: ({ account, runtime, probe }) => { // Tlon-specific snapshot with ship/url for status display @@ -403,19 +218,7 @@ export const tlonPlugin: ChannelPlugin = { }, }, gateway: { - startAccount: async (ctx) => { - const account = ctx.account; - ctx.setStatus({ - accountId: account.accountId, - ship: account.ship, - url: account.url, - } as import("openclaw/plugin-sdk/tlon").ChannelAccountSnapshot); - ctx.log?.info(`[${account.accountId}] starting Tlon provider for ${account.ship ?? "tlon"}`); - return monitorTlonProvider({ - runtime: ctx.runtime, - abortSignal: ctx.abortSignal, - accountId: account.accountId, - }); - }, + startAccount: async (ctx) => + await (await loadTlonChannelRuntime()).startTlonGatewayAccount(ctx), }, }; diff --git a/extensions/tlon/src/monitor/index.ts b/extensions/tlon/src/monitor/index.ts index 1ea42902aaf..19c9ec5b841 100644 --- a/extensions/tlon/src/monitor/index.ts +++ b/extensions/tlon/src/monitor/index.ts @@ -36,6 +36,7 @@ import { stripBotMention, isDmAllowed, isSummarizationRequest, + resolveAuthorizedMessageText, type ParsedCite, } from "./utils.js"; @@ -1245,9 +1246,12 @@ export async function monitorTlonProvider(opts: MonitorTlonOpts = {}): Promise normalizeShip(ship)).some((ship) => ship === normalizedInviter); } +/** + * Resolve quoted/cited content only after the caller has passed authorization. + * Unauthorized paths must keep raw text and must not trigger cross-channel cite fetches. + */ +export async function resolveAuthorizedMessageText(params: { + rawText: string; + content: unknown; + authorizedForCites: boolean; + resolveAllCites: (content: unknown) => Promise; +}): Promise { + const { rawText, content, authorizedForCites, resolveAllCites } = params; + if (!authorizedForCites) { + return rawText; + } + const citedContent = await resolveAllCites(content); + return citedContent + rawText; +} + // Helper to recursively extract text from inline content function renderInlineItem( item: any, diff --git a/extensions/tlon/src/runtime.ts b/extensions/tlon/src/runtime.ts index 8df35088912..a07eb5cf648 100644 --- a/extensions/tlon/src/runtime.ts +++ b/extensions/tlon/src/runtime.ts @@ -1,4 +1,4 @@ -import { createPluginRuntimeStore } from "openclaw/plugin-sdk/compat"; +import { createPluginRuntimeStore } from "openclaw/plugin-sdk/runtime-store"; import type { PluginRuntime } from "openclaw/plugin-sdk/tlon"; const { setRuntime: setTlonRuntime, getRuntime: getTlonRuntime } = diff --git a/extensions/tlon/src/security.test.ts b/extensions/tlon/src/security.test.ts index 04fad337b14..2733f2e3780 100644 --- a/extensions/tlon/src/security.test.ts +++ b/extensions/tlon/src/security.test.ts @@ -8,12 +8,14 @@ * - Bot mention detection boundaries */ -import { describe, expect, it } from "vitest"; +import { describe, expect, it, vi } from "vitest"; import { + extractCites, isDmAllowed, isGroupInviteAllowed, isBotMentioned, extractMessageText, + resolveAuthorizedMessageText, } from "./monitor/utils.js"; import { normalizeShip } from "./targets.js"; @@ -340,6 +342,186 @@ describe("Security: Authorization Edge Cases", () => { }); }); +describe("Security: Cite Resolution Authorization Ordering", () => { + async function resolveAllCitesForPoC( + content: unknown, + api: { scry: (path: string) => Promise }, + ): Promise { + const cites = extractCites(content); + if (cites.length === 0) { + return ""; + } + + const resolved: string[] = []; + for (const cite of cites) { + if (cite.type !== "chan" || !cite.nest || !cite.postId) { + continue; + } + const data = (await api.scry(`/channels/v4/${cite.nest}/posts/post/${cite.postId}.json`)) as { + essay?: { content?: unknown }; + }; + const text = data?.essay?.content ? extractMessageText(data.essay.content) : ""; + if (text) { + resolved.push(`> ${cite.author || "unknown"} wrote: ${text}`); + } + } + + return resolved.length > 0 ? resolved.join("\n") + "\n\n" : ""; + } + + function buildCitedMessage( + secretNest = "chat/~private-ship/ops", + postId = "1701411845077995094", + ) { + return [ + { + block: { + cite: { + chan: { + nest: secretNest, + where: `/msg/~victim-ship/${postId}`, + }, + }, + }, + }, + { inline: ["~bot-ship please summarize this"] }, + ]; + } + + it("does not resolve channel cites for unauthorized senders", async () => { + const content = buildCitedMessage(); + const rawText = extractMessageText(content); + const api = { + scry: vi.fn(async () => ({ + essay: { content: [{ inline: ["TOP-SECRET"] }] }, + })), + }; + + const messageText = await resolveAuthorizedMessageText({ + rawText, + content, + authorizedForCites: false, + resolveAllCites: (nextContent) => resolveAllCitesForPoC(nextContent, api), + }); + + expect(messageText).toBe(rawText); + expect(api.scry).not.toHaveBeenCalled(); + }); + + it("resolves channel cites after sender authorization passes", async () => { + const secretNest = "chat/~private-ship/ops"; + const postId = "170141184507799509469114119040828178432"; + const content = buildCitedMessage(secretNest, postId); + const rawText = extractMessageText(content); + const api = { + scry: vi.fn(async (path: string) => { + expect(path).toBe(`/channels/v4/${secretNest}/posts/post/${postId}.json`); + return { + essay: { content: [{ inline: ["TOP-SECRET: migration key is rotate-me"] }] }, + }; + }), + }; + + const messageText = await resolveAuthorizedMessageText({ + rawText, + content, + authorizedForCites: true, + resolveAllCites: (nextContent) => resolveAllCitesForPoC(nextContent, api), + }); + + expect(api.scry).toHaveBeenCalledTimes(1); + expect(messageText).toContain("TOP-SECRET: migration key is rotate-me"); + expect(messageText).toContain("> ~victim-ship wrote: TOP-SECRET: migration key is rotate-me"); + }); + + it("does not resolve DM cites before a deny path", async () => { + const content = buildCitedMessage("chat/~secret-dm/ops", "1701411845077995095"); + const rawText = extractMessageText(content); + const senderShip = "~attacker-ship"; + const allowlist = ["~trusted-ship"]; + const api = { + scry: vi.fn(async () => ({ + essay: { content: [{ inline: ["DM-SECRET"] }] }, + })), + }; + + const senderAllowed = allowlist + .map((ship) => normalizeShip(ship)) + .includes(normalizeShip(senderShip)); + expect(senderAllowed).toBe(false); + + const messageText = await resolveAuthorizedMessageText({ + rawText, + content, + authorizedForCites: senderAllowed, + resolveAllCites: (nextContent) => resolveAllCitesForPoC(nextContent, api), + }); + + expect(messageText).toBe(rawText); + expect(api.scry).not.toHaveBeenCalled(); + }); + + it("does not resolve DM cites before owner approval command handling", async () => { + const content = [ + { + block: { + cite: { + chan: { + nest: "chat/~private-ship/admin", + where: "/msg/~victim-ship/1701411845077995096", + }, + }, + }, + }, + { inline: ["/approve 1"] }, + ]; + const rawText = extractMessageText(content); + const api = { + scry: vi.fn(async () => ({ + essay: { content: [{ inline: ["ADMIN-SECRET"] }] }, + })), + }; + + const messageText = await resolveAuthorizedMessageText({ + rawText, + content, + authorizedForCites: false, + resolveAllCites: (nextContent) => resolveAllCitesForPoC(nextContent, api), + }); + + expect(rawText).toContain("/approve 1"); + expect(messageText).toBe(rawText); + expect(messageText).not.toContain("ADMIN-SECRET"); + expect(api.scry).not.toHaveBeenCalled(); + }); + + it("resolves DM cites for allowed senders after authorization passes", async () => { + const secretNest = "chat/~private-ship/dm"; + const postId = "1701411845077995097"; + const content = buildCitedMessage(secretNest, postId); + const rawText = extractMessageText(content); + const api = { + scry: vi.fn(async (path: string) => { + expect(path).toBe(`/channels/v4/${secretNest}/posts/post/${postId}.json`); + return { + essay: { content: [{ inline: ["ALLOWED-DM-SECRET"] }] }, + }; + }), + }; + + const messageText = await resolveAuthorizedMessageText({ + rawText, + content, + authorizedForCites: true, + resolveAllCites: (nextContent) => resolveAllCitesForPoC(nextContent, api), + }); + + expect(api.scry).toHaveBeenCalledTimes(1); + expect(messageText).toContain("ALLOWED-DM-SECRET"); + expect(messageText).toContain("> ~victim-ship wrote: ALLOWED-DM-SECRET"); + }); +}); + describe("Security: Sender Role Identification", () => { /** * Tests for sender role identification (owner vs user). diff --git a/extensions/tlon/src/setup-core.ts b/extensions/tlon/src/setup-core.ts index a237a813edf..e08bcc02498 100644 --- a/extensions/tlon/src/setup-core.ts +++ b/extensions/tlon/src/setup-core.ts @@ -1,13 +1,18 @@ import { - applyAccountNameToChannelSection, + DEFAULT_ACCOUNT_ID, + formatDocsLink, + normalizeAccountId, patchScopedAccountConfig, -} from "../../../src/channels/plugins/setup-helpers.js"; -import type { ChannelSetupAdapter } from "../../../src/channels/plugins/types.adapters.js"; -import type { ChannelSetupInput } from "../../../src/channels/plugins/types.core.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js"; + prepareScopedSetupConfig, + type ChannelSetupAdapter, + type ChannelSetupInput, + type ChannelSetupWizard, + type OpenClawConfig, +} from "openclaw/plugin-sdk/setup"; import { buildTlonAccountFields } from "./account-fields.js"; -import { resolveTlonAccount } from "./types.js"; +import { normalizeShip } from "./targets.js"; +import { listTlonAccountIds, resolveTlonAccount, type TlonResolvedAccount } from "./types.js"; +import { validateUrbitBaseUrl } from "./urbit/base-url.js"; const channel = "tlon" as const; @@ -22,6 +27,110 @@ export type TlonSetupInput = ChannelSetupInput & { ownerShip?: string; }; +function isConfigured(account: TlonResolvedAccount): boolean { + return Boolean(account.ship && account.url && account.code); +} + +type TlonSetupWizardBaseParams = { + resolveConfigured: (params: { cfg: OpenClawConfig }) => boolean | Promise; + resolveStatusLines?: (params: { + cfg: OpenClawConfig; + configured: boolean; + }) => string[] | Promise; + finalize: NonNullable; +}; + +export function createTlonSetupWizardBase(params: TlonSetupWizardBaseParams): ChannelSetupWizard { + return { + channel, + status: { + configuredLabel: "configured", + unconfiguredLabel: "needs setup", + configuredHint: "configured", + unconfiguredHint: "urbit messenger", + configuredScore: 1, + unconfiguredScore: 4, + resolveConfigured: ({ cfg }) => params.resolveConfigured({ cfg }), + resolveStatusLines: ({ cfg, configured }) => + params.resolveStatusLines?.({ cfg, configured }) ?? [], + }, + introNote: { + title: "Tlon setup", + lines: [ + "You need your Urbit ship URL and login code.", + "Example URL: https://your-ship-host", + "Example ship: ~sampel-palnet", + "If your ship URL is on a private network (LAN/localhost), you must explicitly allow it during setup.", + `Docs: ${formatDocsLink("/channels/tlon", "channels/tlon")}`, + ], + }, + credentials: [], + textInputs: [ + { + inputKey: "ship", + message: "Ship name", + placeholder: "~sampel-palnet", + currentValue: ({ cfg, accountId }) => resolveTlonAccount(cfg, accountId).ship ?? undefined, + validate: ({ value }) => (String(value ?? "").trim() ? undefined : "Required"), + normalizeValue: ({ value }) => normalizeShip(String(value).trim()), + applySet: async ({ cfg, accountId, value }) => + applyTlonSetupConfig({ + cfg, + accountId, + input: { ship: value }, + }), + }, + { + inputKey: "url", + message: "Ship URL", + placeholder: "https://your-ship-host", + currentValue: ({ cfg, accountId }) => resolveTlonAccount(cfg, accountId).url ?? undefined, + validate: ({ value }) => { + const next = validateUrbitBaseUrl(String(value ?? "")); + if (!next.ok) { + return next.error; + } + return undefined; + }, + normalizeValue: ({ value }) => String(value).trim(), + applySet: async ({ cfg, accountId, value }) => + applyTlonSetupConfig({ + cfg, + accountId, + input: { url: value }, + }), + }, + { + inputKey: "code", + message: "Login code", + placeholder: "lidlut-tabwed-pillex-ridrup", + currentValue: ({ cfg, accountId }) => resolveTlonAccount(cfg, accountId).code ?? undefined, + validate: ({ value }) => (String(value ?? "").trim() ? undefined : "Required"), + normalizeValue: ({ value }) => String(value).trim(), + applySet: async ({ cfg, accountId, value }) => + applyTlonSetupConfig({ + cfg, + accountId, + input: { code: value }, + }), + }, + ], + finalize: params.finalize, + }; +} + +export async function resolveTlonSetupConfigured(cfg: OpenClawConfig): Promise { + const accountIds = listTlonAccountIds(cfg); + return accountIds.length > 0 + ? accountIds.some((accountId) => isConfigured(resolveTlonAccount(cfg, accountId))) + : isConfigured(resolveTlonAccount(cfg, DEFAULT_ACCOUNT_ID)); +} + +export async function resolveTlonSetupStatusLines(cfg: OpenClawConfig): Promise { + const configured = await resolveTlonSetupConfigured(cfg); + return [`Tlon: ${configured ? "configured" : "needs setup"}`]; +} + export function applyTlonSetupConfig(params: { cfg: OpenClawConfig; accountId: string; @@ -29,7 +138,7 @@ export function applyTlonSetupConfig(params: { }): OpenClawConfig { const { cfg, accountId, input } = params; const useDefault = accountId === DEFAULT_ACCOUNT_ID; - const namedConfig = applyAccountNameToChannelSection({ + const namedConfig = prepareScopedSetupConfig({ cfg, channelKey: channel, accountId, @@ -69,7 +178,7 @@ export function applyTlonSetupConfig(params: { export const tlonSetupAdapter: ChannelSetupAdapter = { resolveAccountId: ({ accountId }) => normalizeAccountId(accountId), applyAccountName: ({ cfg, accountId, name }) => - applyAccountNameToChannelSection({ + prepareScopedSetupConfig({ cfg, channelKey: channel, accountId, diff --git a/extensions/tlon/src/setup-surface.test.ts b/extensions/tlon/src/setup-surface.test.ts index d54db2c75a1..e88fd15a89e 100644 --- a/extensions/tlon/src/setup-surface.test.ts +++ b/extensions/tlon/src/setup-surface.test.ts @@ -1,31 +1,13 @@ -import type { OpenClawConfig, RuntimeEnv, WizardPrompter } from "openclaw/plugin-sdk/tlon"; +import type { OpenClawConfig, RuntimeEnv } from "openclaw/plugin-sdk/tlon"; import { describe, expect, it, vi } from "vitest"; import { buildChannelSetupWizardAdapterFromSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import { createRuntimeEnv } from "../../test-utils/runtime-env.js"; +import { createRuntimeEnv } from "../../../test/helpers/extensions/runtime-env.js"; +import { + createTestWizardPrompter, + type WizardPrompter, +} from "../../../test/helpers/extensions/setup-wizard.js"; import { tlonPlugin } from "./channel.js"; -const selectFirstOption = async (params: { options: Array<{ value: T }> }): Promise => { - const first = params.options[0]; - if (!first) { - throw new Error("no options"); - } - return first.value; -}; - -function createPrompter(overrides: Partial): WizardPrompter { - return { - intro: vi.fn(async () => {}), - outro: vi.fn(async () => {}), - note: vi.fn(async () => {}), - select: selectFirstOption as WizardPrompter["select"], - multiselect: vi.fn(async () => []), - text: vi.fn(async () => "") as WizardPrompter["text"], - confirm: vi.fn(async () => false), - progress: vi.fn(() => ({ update: vi.fn(), stop: vi.fn() })), - ...overrides, - }; -} - const tlonConfigureAdapter = buildChannelSetupWizardAdapterFromSetupWizard({ plugin: tlonPlugin, wizard: tlonPlugin.setupWizard!, @@ -33,7 +15,7 @@ const tlonConfigureAdapter = buildChannelSetupWizardAdapterFromSetupWizard({ describe("tlon setup wizard", () => { it("configures ship, auth, and discovery settings", async () => { - const prompter = createPrompter({ + const prompter = createTestWizardPrompter({ text: vi.fn(async ({ message }: { message: string }) => { if (message === "Ship name") { return "sampel-palnet"; diff --git a/extensions/tlon/src/setup-surface.ts b/extensions/tlon/src/setup-surface.ts index ec6258277bd..bf4ce6fbf2e 100644 --- a/extensions/tlon/src/setup-surface.ts +++ b/extensions/tlon/src/setup-surface.ts @@ -1,7 +1,12 @@ -import type { ChannelSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import { DEFAULT_ACCOUNT_ID } from "../../../src/routing/session-key.js"; -import { formatDocsLink } from "../../../src/terminal/links.js"; -import { applyTlonSetupConfig, type TlonSetupInput, tlonSetupAdapter } from "./setup-core.js"; +import { DEFAULT_ACCOUNT_ID } from "openclaw/plugin-sdk/setup"; +import { + applyTlonSetupConfig, + createTlonSetupWizardBase, + resolveTlonSetupConfigured, + resolveTlonSetupStatusLines, + type TlonSetupInput, + tlonSetupAdapter, +} from "./setup-core.js"; import { normalizeShip } from "./targets.js"; import { listTlonAccountIds, resolveTlonAccount, type TlonResolvedAccount } from "./types.js"; import { isBlockedUrbitHostname, validateUrbitBaseUrl } from "./urbit/base-url.js"; @@ -21,91 +26,9 @@ function parseList(value: string): string[] { export { tlonSetupAdapter } from "./setup-core.js"; -export const tlonSetupWizard: ChannelSetupWizard = { - channel, - status: { - configuredLabel: "configured", - unconfiguredLabel: "needs setup", - configuredHint: "configured", - unconfiguredHint: "urbit messenger", - configuredScore: 1, - unconfiguredScore: 4, - resolveConfigured: ({ cfg }) => { - const accountIds = listTlonAccountIds(cfg); - return accountIds.length > 0 - ? accountIds.some((accountId) => isConfigured(resolveTlonAccount(cfg, accountId))) - : isConfigured(resolveTlonAccount(cfg, DEFAULT_ACCOUNT_ID)); - }, - resolveStatusLines: ({ cfg }) => { - const accountIds = listTlonAccountIds(cfg); - const configured = - accountIds.length > 0 - ? accountIds.some((accountId) => isConfigured(resolveTlonAccount(cfg, accountId))) - : isConfigured(resolveTlonAccount(cfg, DEFAULT_ACCOUNT_ID)); - return [`Tlon: ${configured ? "configured" : "needs setup"}`]; - }, - }, - introNote: { - title: "Tlon setup", - lines: [ - "You need your Urbit ship URL and login code.", - "Example URL: https://your-ship-host", - "Example ship: ~sampel-palnet", - "If your ship URL is on a private network (LAN/localhost), you must explicitly allow it during setup.", - `Docs: ${formatDocsLink("/channels/tlon", "channels/tlon")}`, - ], - }, - credentials: [], - textInputs: [ - { - inputKey: "ship", - message: "Ship name", - placeholder: "~sampel-palnet", - currentValue: ({ cfg, accountId }) => resolveTlonAccount(cfg, accountId).ship ?? undefined, - validate: ({ value }) => (String(value ?? "").trim() ? undefined : "Required"), - normalizeValue: ({ value }) => normalizeShip(String(value).trim()), - applySet: async ({ cfg, accountId, value }) => - applyTlonSetupConfig({ - cfg, - accountId, - input: { ship: value }, - }), - }, - { - inputKey: "url", - message: "Ship URL", - placeholder: "https://your-ship-host", - currentValue: ({ cfg, accountId }) => resolveTlonAccount(cfg, accountId).url ?? undefined, - validate: ({ value }) => { - const next = validateUrbitBaseUrl(String(value ?? "")); - if (!next.ok) { - return next.error; - } - return undefined; - }, - normalizeValue: ({ value }) => String(value).trim(), - applySet: async ({ cfg, accountId, value }) => - applyTlonSetupConfig({ - cfg, - accountId, - input: { url: value }, - }), - }, - { - inputKey: "code", - message: "Login code", - placeholder: "lidlut-tabwed-pillex-ridrup", - currentValue: ({ cfg, accountId }) => resolveTlonAccount(cfg, accountId).code ?? undefined, - validate: ({ value }) => (String(value ?? "").trim() ? undefined : "Required"), - normalizeValue: ({ value }) => String(value).trim(), - applySet: async ({ cfg, accountId, value }) => - applyTlonSetupConfig({ - cfg, - accountId, - input: { code: value }, - }), - }, - ], +export const tlonSetupWizard = createTlonSetupWizardBase({ + resolveConfigured: async ({ cfg }) => await resolveTlonSetupConfigured(cfg), + resolveStatusLines: async ({ cfg }) => await resolveTlonSetupStatusLines(cfg), finalize: async ({ cfg, accountId, prompter }) => { let next = cfg; const resolved = resolveTlonAccount(next, accountId); @@ -181,4 +104,4 @@ export const tlonSetupWizard: ChannelSetupWizard = { return { cfg: next }; }, -}; +}); diff --git a/extensions/tlon/src/targets.test.ts b/extensions/tlon/src/targets.test.ts new file mode 100644 index 00000000000..3ac4d010f38 --- /dev/null +++ b/extensions/tlon/src/targets.test.ts @@ -0,0 +1,27 @@ +import { describe, expect, it } from "vitest"; +import { resolveTlonOutboundTarget } from "./targets.js"; + +describe("resolveTlonOutboundTarget", () => { + it("resolves dm targets to normalized ships", () => { + expect(resolveTlonOutboundTarget("dm/sampel-palnet")).toEqual({ + ok: true, + to: "~sampel-palnet", + }); + }); + + it("resolves group targets to canonical chat nests", () => { + expect(resolveTlonOutboundTarget("group:host-ship/general")).toEqual({ + ok: true, + to: "chat/~host-ship/general", + }); + }); + + it("returns a helpful error for invalid targets", () => { + const resolved = resolveTlonOutboundTarget("group:bad-target"); + expect(resolved.ok).toBe(false); + if (resolved.ok) { + throw new Error("expected invalid target"); + } + expect(resolved.error.message).toMatch(/invalid tlon target/i); + }); +}); diff --git a/extensions/tlon/src/targets.ts b/extensions/tlon/src/targets.ts index bacc6d576c0..b8aa17e5e8c 100644 --- a/extensions/tlon/src/targets.ts +++ b/extensions/tlon/src/targets.ts @@ -84,6 +84,20 @@ export function parseTlonTarget(raw?: string | null): TlonTarget | null { return null; } +export function resolveTlonOutboundTarget(to?: string | null) { + const parsed = parseTlonTarget(to ?? ""); + if (!parsed) { + return { + ok: false as const, + error: new Error(`Invalid Tlon target. Use ${formatTargetHint()}`), + }; + } + if (parsed.kind === "dm") { + return { ok: true as const, to: parsed.ship }; + } + return { ok: true as const, to: parsed.nest }; +} + export function formatTargetHint(): string { return "dm/~sampel-palnet | ~sampel-palnet | chat/~host-ship/channel | group:~host-ship/channel"; } diff --git a/extensions/together/index.ts b/extensions/together/index.ts index 7408fbea140..d4ae42bba82 100644 --- a/extensions/together/index.ts +++ b/extensions/together/index.ts @@ -1,19 +1,16 @@ -import { emptyPluginConfigSchema, type OpenClawPluginApi } from "openclaw/plugin-sdk/core"; -import { buildTogetherProvider } from "../../src/agents/models-config.providers.static.js"; -import { - applyTogetherConfig, - TOGETHER_DEFAULT_MODEL_REF, -} from "../../src/commands/onboard-auth.js"; -import { createProviderApiKeyAuthMethod } from "../../src/plugins/provider-api-key-auth.js"; +import { definePluginEntry } from "openclaw/plugin-sdk/core"; +import { createProviderApiKeyAuthMethod } from "openclaw/plugin-sdk/provider-auth"; +import { buildSingleProviderApiKeyCatalog } from "openclaw/plugin-sdk/provider-catalog"; +import { applyTogetherConfig, TOGETHER_DEFAULT_MODEL_REF } from "./onboard.js"; +import { buildTogetherProvider } from "./provider-catalog.js"; const PROVIDER_ID = "together"; -const togetherPlugin = { +export default definePluginEntry({ id: PROVIDER_ID, name: "Together Provider", description: "Bundled Together provider plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerProvider({ id: PROVIDER_ID, label: "Together", @@ -43,21 +40,13 @@ const togetherPlugin = { ], catalog: { order: "simple", - run: async (ctx) => { - const apiKey = ctx.resolveProviderApiKey(PROVIDER_ID).apiKey; - if (!apiKey) { - return null; - } - return { - provider: { - ...buildTogetherProvider(), - apiKey, - }, - }; - }, + run: (ctx) => + buildSingleProviderApiKeyCatalog({ + ctx, + providerId: PROVIDER_ID, + buildProvider: buildTogetherProvider, + }), }, }); }, -}; - -export default togetherPlugin; +}); diff --git a/extensions/together/onboard.ts b/extensions/together/onboard.ts new file mode 100644 index 00000000000..e18595ab21e --- /dev/null +++ b/extensions/together/onboard.ts @@ -0,0 +1,35 @@ +import { + buildTogetherModelDefinition, + TOGETHER_BASE_URL, + TOGETHER_MODEL_CATALOG, +} from "openclaw/plugin-sdk/provider-models"; +import { + applyAgentDefaultModelPrimary, + applyProviderConfigWithModelCatalog, + type OpenClawConfig, +} from "openclaw/plugin-sdk/provider-onboard"; + +export const TOGETHER_DEFAULT_MODEL_REF = "together/moonshotai/Kimi-K2.5"; + +export function applyTogetherProviderConfig(cfg: OpenClawConfig): OpenClawConfig { + const models = { ...cfg.agents?.defaults?.models }; + models[TOGETHER_DEFAULT_MODEL_REF] = { + ...models[TOGETHER_DEFAULT_MODEL_REF], + alias: models[TOGETHER_DEFAULT_MODEL_REF]?.alias ?? "Together AI", + }; + + return applyProviderConfigWithModelCatalog(cfg, { + agentModels: models, + providerId: "together", + api: "openai-completions", + baseUrl: TOGETHER_BASE_URL, + catalogModels: TOGETHER_MODEL_CATALOG.map(buildTogetherModelDefinition), + }); +} + +export function applyTogetherConfig(cfg: OpenClawConfig): OpenClawConfig { + return applyAgentDefaultModelPrimary( + applyTogetherProviderConfig(cfg), + TOGETHER_DEFAULT_MODEL_REF, + ); +} diff --git a/extensions/together/provider-catalog.ts b/extensions/together/provider-catalog.ts new file mode 100644 index 00000000000..45d3b5de130 --- /dev/null +++ b/extensions/together/provider-catalog.ts @@ -0,0 +1,14 @@ +import { + buildTogetherModelDefinition, + type ModelProviderConfig, + TOGETHER_BASE_URL, + TOGETHER_MODEL_CATALOG, +} from "openclaw/plugin-sdk/provider-models"; + +export function buildTogetherProvider(): ModelProviderConfig { + return { + baseUrl: TOGETHER_BASE_URL, + api: "openai-completions", + models: TOGETHER_MODEL_CATALOG.map(buildTogetherModelDefinition), + }; +} diff --git a/extensions/twitch/api.ts b/extensions/twitch/api.ts new file mode 100644 index 00000000000..7c705aec6e5 --- /dev/null +++ b/extensions/twitch/api.ts @@ -0,0 +1 @@ +export * from "./src/setup-surface.js"; diff --git a/extensions/twitch/index.ts b/extensions/twitch/index.ts index cbdb20bff4d..1a4ea89185c 100644 --- a/extensions/twitch/index.ts +++ b/extensions/twitch/index.ts @@ -1,20 +1,13 @@ -import type { OpenClawPluginApi } from "openclaw/plugin-sdk/twitch"; -import { emptyPluginConfigSchema } from "openclaw/plugin-sdk/twitch"; +import { defineChannelPluginEntry } from "openclaw/plugin-sdk/core"; import { twitchPlugin } from "./src/plugin.js"; import { setTwitchRuntime } from "./src/runtime.js"; export { monitorTwitchProvider } from "./src/monitor.js"; -const plugin = { +export default defineChannelPluginEntry({ id: "twitch", name: "Twitch", - description: "Twitch channel plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { - setTwitchRuntime(api.runtime); - // oxlint-disable-next-line typescript/no-explicit-any - api.registerChannel({ plugin: twitchPlugin as any }); - }, -}; - -export default plugin; + description: "Twitch chat channel plugin", + plugin: twitchPlugin, + setRuntime: setTwitchRuntime, +}); diff --git a/extensions/twitch/src/plugin.ts b/extensions/twitch/src/plugin.ts index 3958a05fd8b..490b741d989 100644 --- a/extensions/twitch/src/plugin.ts +++ b/extensions/twitch/src/plugin.ts @@ -136,7 +136,7 @@ export const twitchPlugin: ChannelPlugin = { accountId?: string | null; inputs: string[]; kind: ChannelResolveKind; - runtime: import("../../../src/runtime.js").RuntimeEnv; + runtime: import("openclaw/plugin-sdk/runtime-env").RuntimeEnv; }): Promise => { const account = getAccountConfig(cfg, accountId ?? DEFAULT_ACCOUNT_ID); diff --git a/extensions/twitch/src/runtime.ts b/extensions/twitch/src/runtime.ts index 18deeb40c07..2b2806cfdb3 100644 --- a/extensions/twitch/src/runtime.ts +++ b/extensions/twitch/src/runtime.ts @@ -1,4 +1,4 @@ -import { createPluginRuntimeStore } from "openclaw/plugin-sdk/compat"; +import { createPluginRuntimeStore } from "openclaw/plugin-sdk/runtime-store"; import type { PluginRuntime } from "openclaw/plugin-sdk/twitch"; const { setRuntime: setTwitchRuntime, getRuntime: getTwitchRuntime } = diff --git a/extensions/twitch/src/send.test.ts b/extensions/twitch/src/send.test.ts index b45321229a4..4607670e3bf 100644 --- a/extensions/twitch/src/send.test.ts +++ b/extensions/twitch/src/send.test.ts @@ -11,12 +11,16 @@ */ import { describe, expect, it, vi } from "vitest"; +import { getClientManager } from "./client-manager-registry.js"; +import { getAccountConfig } from "./config.js"; import { sendMessageTwitchInternal } from "./send.js"; import { BASE_TWITCH_TEST_ACCOUNT, installTwitchTestHooks, makeTwitchTestConfig, } from "./test-fixtures.js"; +import { stripMarkdownForTwitch } from "./utils/markdown.js"; +import { isAccountConfigured } from "./utils/twitch.js"; // Mock dependencies vi.mock("./config.js", () => ({ @@ -55,15 +59,16 @@ describe("send", () => { installTwitchTestHooks(); describe("sendMessageTwitchInternal", () => { + function setupBaseAccount(params?: { configured?: boolean }) { + vi.mocked(getAccountConfig).mockReturnValue(mockAccount); + vi.mocked(isAccountConfigured).mockReturnValue(params?.configured ?? true); + } + async function mockSuccessfulSend(params: { messageId: string; stripMarkdown?: (text: string) => string; }) { - const { getAccountConfig } = await import("./config.js"); - const { getClientManager } = await import("./client-manager-registry.js"); - const { stripMarkdownForTwitch } = await import("./utils/markdown.js"); - - vi.mocked(getAccountConfig).mockReturnValue(mockAccount); + setupBaseAccount(); vi.mocked(getClientManager).mockReturnValue({ sendMessage: vi.fn().mockResolvedValue({ ok: true, @@ -112,8 +117,6 @@ describe("send", () => { }); it("should return error when account not found", async () => { - const { getAccountConfig } = await import("./config.js"); - vi.mocked(getAccountConfig).mockReturnValue(null); const result = await sendMessageTwitchInternal( @@ -130,11 +133,7 @@ describe("send", () => { }); it("should return error when account not configured", async () => { - const { getAccountConfig } = await import("./config.js"); - const { isAccountConfigured } = await import("./utils/twitch.js"); - - vi.mocked(getAccountConfig).mockReturnValue(mockAccount); - vi.mocked(isAccountConfigured).mockReturnValue(false); + setupBaseAccount({ configured: false }); const result = await sendMessageTwitchInternal( "#testchannel", @@ -150,9 +149,6 @@ describe("send", () => { }); it("should return error when no channel specified", async () => { - const { getAccountConfig } = await import("./config.js"); - const { isAccountConfigured } = await import("./utils/twitch.js"); - // Set channel to undefined to trigger the error (bypassing type check) const accountWithoutChannel = { ...mockAccount, @@ -175,12 +171,7 @@ describe("send", () => { }); it("should skip sending empty message after markdown stripping", async () => { - const { getAccountConfig } = await import("./config.js"); - const { isAccountConfigured } = await import("./utils/twitch.js"); - const { stripMarkdownForTwitch } = await import("./utils/markdown.js"); - - vi.mocked(getAccountConfig).mockReturnValue(mockAccount); - vi.mocked(isAccountConfigured).mockReturnValue(true); + setupBaseAccount(); vi.mocked(stripMarkdownForTwitch).mockReturnValue(""); const result = await sendMessageTwitchInternal( @@ -197,12 +188,7 @@ describe("send", () => { }); it("should return error when client manager not found", async () => { - const { getAccountConfig } = await import("./config.js"); - const { isAccountConfigured } = await import("./utils/twitch.js"); - const { getClientManager } = await import("./client-manager-registry.js"); - - vi.mocked(getAccountConfig).mockReturnValue(mockAccount); - vi.mocked(isAccountConfigured).mockReturnValue(true); + setupBaseAccount(); vi.mocked(getClientManager).mockReturnValue(undefined); const result = await sendMessageTwitchInternal( @@ -219,12 +205,7 @@ describe("send", () => { }); it("should handle send errors gracefully", async () => { - const { getAccountConfig } = await import("./config.js"); - const { isAccountConfigured } = await import("./utils/twitch.js"); - const { getClientManager } = await import("./client-manager-registry.js"); - - vi.mocked(getAccountConfig).mockReturnValue(mockAccount); - vi.mocked(isAccountConfigured).mockReturnValue(true); + setupBaseAccount(); vi.mocked(getClientManager).mockReturnValue({ sendMessage: vi.fn().mockRejectedValue(new Error("Connection lost")), } as unknown as ReturnType); @@ -244,12 +225,7 @@ describe("send", () => { }); it("should use account channel when channel parameter is empty", async () => { - const { getAccountConfig } = await import("./config.js"); - const { isAccountConfigured } = await import("./utils/twitch.js"); - const { getClientManager } = await import("./client-manager-registry.js"); - - vi.mocked(getAccountConfig).mockReturnValue(mockAccount); - vi.mocked(isAccountConfigured).mockReturnValue(true); + setupBaseAccount(); const mockSend = vi.fn().mockResolvedValue({ ok: true, messageId: "twitch-msg-789", diff --git a/extensions/twitch/src/setup-surface.ts b/extensions/twitch/src/setup-surface.ts index 3113bfd9e3b..ec8a7e741b4 100644 --- a/extensions/twitch/src/setup-surface.ts +++ b/extensions/twitch/src/setup-surface.ts @@ -2,12 +2,14 @@ * Twitch setup wizard surface for CLI setup. */ -import type { ChannelSetupDmPolicy } from "../../../src/channels/plugins/setup-wizard-types.js"; -import type { ChannelSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import type { ChannelSetupAdapter } from "../../../src/channels/plugins/types.adapters.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { formatDocsLink } from "../../../src/terminal/links.js"; -import type { WizardPrompter } from "../../../src/wizard/prompts.js"; +import { + formatDocsLink, + type ChannelSetupAdapter, + type ChannelSetupDmPolicy, + type ChannelSetupWizard, + type OpenClawConfig, + type WizardPrompter, +} from "openclaw/plugin-sdk/setup"; import { DEFAULT_ACCOUNT_ID, getAccountConfig } from "./config.js"; import type { TwitchAccountConfig, TwitchRole } from "./types.js"; import { isAccountConfigured } from "./utils/twitch.js"; diff --git a/extensions/venice/index.ts b/extensions/venice/index.ts index 12714fc2666..2565049647e 100644 --- a/extensions/venice/index.ts +++ b/extensions/venice/index.ts @@ -1,16 +1,16 @@ -import { emptyPluginConfigSchema, type OpenClawPluginApi } from "openclaw/plugin-sdk/core"; -import { buildVeniceProvider } from "../../src/agents/models-config.providers.discovery.js"; -import { applyVeniceConfig, VENICE_DEFAULT_MODEL_REF } from "../../src/commands/onboard-auth.js"; -import { createProviderApiKeyAuthMethod } from "../../src/plugins/provider-api-key-auth.js"; +import { definePluginEntry } from "openclaw/plugin-sdk/core"; +import { createProviderApiKeyAuthMethod } from "openclaw/plugin-sdk/provider-auth"; +import { buildSingleProviderApiKeyCatalog } from "openclaw/plugin-sdk/provider-catalog"; +import { applyVeniceConfig, VENICE_DEFAULT_MODEL_REF } from "./onboard.js"; +import { buildVeniceProvider } from "./provider-catalog.js"; const PROVIDER_ID = "venice"; -const venicePlugin = { +export default definePluginEntry({ id: PROVIDER_ID, name: "Venice Provider", description: "Bundled Venice provider plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerProvider({ id: PROVIDER_ID, label: "Venice", @@ -46,21 +46,13 @@ const venicePlugin = { ], catalog: { order: "simple", - run: async (ctx) => { - const apiKey = ctx.resolveProviderApiKey(PROVIDER_ID).apiKey; - if (!apiKey) { - return null; - } - return { - provider: { - ...(await buildVeniceProvider()), - apiKey, - }, - }; - }, + run: (ctx) => + buildSingleProviderApiKeyCatalog({ + ctx, + providerId: PROVIDER_ID, + buildProvider: buildVeniceProvider, + }), }, }); }, -}; - -export default venicePlugin; +}); diff --git a/extensions/venice/onboard.ts b/extensions/venice/onboard.ts new file mode 100644 index 00000000000..23634a18540 --- /dev/null +++ b/extensions/venice/onboard.ts @@ -0,0 +1,33 @@ +import { + buildVeniceModelDefinition, + VENICE_BASE_URL, + VENICE_DEFAULT_MODEL_REF, + VENICE_MODEL_CATALOG, +} from "openclaw/plugin-sdk/provider-models"; +import { + applyAgentDefaultModelPrimary, + applyProviderConfigWithModelCatalog, + type OpenClawConfig, +} from "openclaw/plugin-sdk/provider-onboard"; + +export { VENICE_DEFAULT_MODEL_REF }; + +export function applyVeniceProviderConfig(cfg: OpenClawConfig): OpenClawConfig { + const models = { ...cfg.agents?.defaults?.models }; + models[VENICE_DEFAULT_MODEL_REF] = { + ...models[VENICE_DEFAULT_MODEL_REF], + alias: models[VENICE_DEFAULT_MODEL_REF]?.alias ?? "Kimi K2.5", + }; + + return applyProviderConfigWithModelCatalog(cfg, { + agentModels: models, + providerId: "venice", + api: "openai-completions", + baseUrl: VENICE_BASE_URL, + catalogModels: VENICE_MODEL_CATALOG.map(buildVeniceModelDefinition), + }); +} + +export function applyVeniceConfig(cfg: OpenClawConfig): OpenClawConfig { + return applyAgentDefaultModelPrimary(applyVeniceProviderConfig(cfg), VENICE_DEFAULT_MODEL_REF); +} diff --git a/extensions/venice/provider-catalog.ts b/extensions/venice/provider-catalog.ts new file mode 100644 index 00000000000..d207ab581b1 --- /dev/null +++ b/extensions/venice/provider-catalog.ts @@ -0,0 +1,14 @@ +import { + discoverVeniceModels, + type ModelProviderConfig, + VENICE_BASE_URL, +} from "openclaw/plugin-sdk/provider-models"; + +export async function buildVeniceProvider(): Promise { + const models = await discoverVeniceModels(); + return { + baseUrl: VENICE_BASE_URL, + api: "openai-completions", + models, + }; +} diff --git a/extensions/vercel-ai-gateway/index.ts b/extensions/vercel-ai-gateway/index.ts index a656cf400a7..ecaa6d96d33 100644 --- a/extensions/vercel-ai-gateway/index.ts +++ b/extensions/vercel-ai-gateway/index.ts @@ -1,19 +1,16 @@ -import { emptyPluginConfigSchema, type OpenClawPluginApi } from "openclaw/plugin-sdk/core"; -import { buildVercelAiGatewayProvider } from "../../src/agents/models-config.providers.discovery.js"; -import { - applyVercelAiGatewayConfig, - VERCEL_AI_GATEWAY_DEFAULT_MODEL_REF, -} from "../../src/commands/onboard-auth.js"; -import { createProviderApiKeyAuthMethod } from "../../src/plugins/provider-api-key-auth.js"; +import { definePluginEntry } from "openclaw/plugin-sdk/core"; +import { createProviderApiKeyAuthMethod } from "openclaw/plugin-sdk/provider-auth"; +import { buildSingleProviderApiKeyCatalog } from "openclaw/plugin-sdk/provider-catalog"; +import { applyVercelAiGatewayConfig, VERCEL_AI_GATEWAY_DEFAULT_MODEL_REF } from "./onboard.js"; +import { buildVercelAiGatewayProvider } from "./provider-catalog.js"; const PROVIDER_ID = "vercel-ai-gateway"; -const vercelAiGatewayPlugin = { +export default definePluginEntry({ id: PROVIDER_ID, name: "Vercel AI Gateway Provider", description: "Bundled Vercel AI Gateway provider plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerProvider({ id: PROVIDER_ID, label: "Vercel AI Gateway", @@ -43,21 +40,13 @@ const vercelAiGatewayPlugin = { ], catalog: { order: "simple", - run: async (ctx) => { - const apiKey = ctx.resolveProviderApiKey(PROVIDER_ID).apiKey; - if (!apiKey) { - return null; - } - return { - provider: { - ...(await buildVercelAiGatewayProvider()), - apiKey, - }, - }; - }, + run: (ctx) => + buildSingleProviderApiKeyCatalog({ + ctx, + providerId: PROVIDER_ID, + buildProvider: buildVercelAiGatewayProvider, + }), }, }); }, -}; - -export default vercelAiGatewayPlugin; +}); diff --git a/extensions/vercel-ai-gateway/onboard.ts b/extensions/vercel-ai-gateway/onboard.ts new file mode 100644 index 00000000000..5ca89c8ad33 --- /dev/null +++ b/extensions/vercel-ai-gateway/onboard.ts @@ -0,0 +1,32 @@ +import { + applyAgentDefaultModelPrimary, + type OpenClawConfig, +} from "openclaw/plugin-sdk/provider-onboard"; + +export const VERCEL_AI_GATEWAY_DEFAULT_MODEL_REF = "vercel-ai-gateway/anthropic/claude-opus-4.6"; + +export function applyVercelAiGatewayProviderConfig(cfg: OpenClawConfig): OpenClawConfig { + const models = { ...cfg.agents?.defaults?.models }; + models[VERCEL_AI_GATEWAY_DEFAULT_MODEL_REF] = { + ...models[VERCEL_AI_GATEWAY_DEFAULT_MODEL_REF], + alias: models[VERCEL_AI_GATEWAY_DEFAULT_MODEL_REF]?.alias ?? "Vercel AI Gateway", + }; + + return { + ...cfg, + agents: { + ...cfg.agents, + defaults: { + ...cfg.agents?.defaults, + models, + }, + }, + }; +} + +export function applyVercelAiGatewayConfig(cfg: OpenClawConfig): OpenClawConfig { + return applyAgentDefaultModelPrimary( + applyVercelAiGatewayProviderConfig(cfg), + VERCEL_AI_GATEWAY_DEFAULT_MODEL_REF, + ); +} diff --git a/extensions/vercel-ai-gateway/provider-catalog.ts b/extensions/vercel-ai-gateway/provider-catalog.ts new file mode 100644 index 00000000000..d3475efe9b9 --- /dev/null +++ b/extensions/vercel-ai-gateway/provider-catalog.ts @@ -0,0 +1,13 @@ +import { + discoverVercelAiGatewayModels, + VERCEL_AI_GATEWAY_BASE_URL, + type ModelProviderConfig, +} from "openclaw/plugin-sdk/provider-models"; + +export async function buildVercelAiGatewayProvider(): Promise { + return { + baseUrl: VERCEL_AI_GATEWAY_BASE_URL, + api: "anthropic-messages", + models: await discoverVercelAiGatewayModels(), + }; +} diff --git a/extensions/vllm/index.ts b/extensions/vllm/index.ts index 938fb78c9bd..7017977861c 100644 --- a/extensions/vllm/index.ts +++ b/extensions/vllm/index.ts @@ -1,14 +1,14 @@ -import { - emptyPluginConfigSchema, - type OpenClawPluginApi, - type ProviderAuthMethodNonInteractiveContext, -} from "openclaw/plugin-sdk/core"; import { VLLM_DEFAULT_API_KEY_ENV_VAR, VLLM_DEFAULT_BASE_URL, VLLM_MODEL_PLACEHOLDER, VLLM_PROVIDER_LABEL, -} from "../../src/agents/vllm-defaults.js"; +} from "openclaw/plugin-sdk/agent-runtime"; +import { + definePluginEntry, + type OpenClawPluginApi, + type ProviderAuthMethodNonInteractiveContext, +} from "openclaw/plugin-sdk/core"; const PROVIDER_ID = "vllm"; @@ -16,11 +16,10 @@ async function loadProviderSetup() { return await import("openclaw/plugin-sdk/self-hosted-provider-setup"); } -const vllmPlugin = { +export default definePluginEntry({ id: "vllm", name: "vLLM Provider", description: "Bundled vLLM provider plugin", - configSchema: emptyPluginConfigSchema(), register(api: OpenClawPluginApi) { api.registerProvider({ id: PROVIDER_ID, @@ -87,6 +86,4 @@ const vllmPlugin = { }, }); }, -}; - -export default vllmPlugin; +}); diff --git a/extensions/voice-call/README.md b/extensions/voice-call/README.md index fe228537ee8..36ab127875e 100644 --- a/extensions/voice-call/README.md +++ b/extensions/voice-call/README.md @@ -98,7 +98,7 @@ See the plugin docs for recommended ranges and production examples: ## TTS for calls -Voice Call uses the core `messages.tts` configuration (OpenAI or ElevenLabs) for +Voice Call uses the core `messages.tts` configuration for streaming speech on calls. Override examples and provider caveats live here: `https://docs.openclaw.ai/plugins/voice-call#tts-for-calls` diff --git a/extensions/voice-call/api.ts b/extensions/voice-call/api.ts new file mode 100644 index 00000000000..ef9f7d7a3c0 --- /dev/null +++ b/extensions/voice-call/api.ts @@ -0,0 +1 @@ +export * from "openclaw/plugin-sdk/voice-call"; diff --git a/extensions/voice-call/index.ts b/extensions/voice-call/index.ts index 7393fb03c9b..ad63cf1f52a 100644 --- a/extensions/voice-call/index.ts +++ b/extensions/voice-call/index.ts @@ -1,8 +1,9 @@ import { Type } from "@sinclair/typebox"; -import type { - GatewayRequestHandlerOptions, - OpenClawPluginApi, -} from "openclaw/plugin-sdk/voice-call"; +import { + definePluginEntry, + type GatewayRequestHandlerOptions, + type OpenClawPluginApi, +} from "./api.js"; import { registerVoiceCallCli } from "./src/cli.js"; import { VoiceCallConfigSchema, @@ -80,7 +81,7 @@ const voiceCallConfigSchema = { "streaming.streamPath": { label: "Media Stream Path", advanced: true }, "tts.provider": { label: "TTS Provider Override", - help: "Deep-merges with messages.tts (Edge is ignored for calls).", + help: "Deep-merges with messages.tts (Microsoft is ignored for calls).", advanced: true, }, "tts.openai.model": { label: "OpenAI TTS Model", advanced: true }, @@ -143,7 +144,7 @@ const VoiceCallToolSchema = Type.Union([ }), ]); -const voiceCallPlugin = { +export default definePluginEntry({ id: "voice-call", name: "Voice Call", description: "Voice-call plugin with Telnyx/Twilio/Plivo providers", @@ -180,6 +181,7 @@ const voiceCallPlugin = { runtimePromise = createVoiceCallRuntime({ config, coreConfig: api.config as CoreConfig, + agentRuntime: api.runtime.agent, ttsRuntime: api.runtime.tts, logger: api.logger, }); @@ -559,6 +561,4 @@ const voiceCallPlugin = { }, }); }, -}; - -export default voiceCallPlugin; +}); diff --git a/extensions/voice-call/openclaw.plugin.json b/extensions/voice-call/openclaw.plugin.json index fef3ccc6ad9..ff85a30a947 100644 --- a/extensions/voice-call/openclaw.plugin.json +++ b/extensions/voice-call/openclaw.plugin.json @@ -101,7 +101,7 @@ }, "tts.provider": { "label": "TTS Provider Override", - "help": "Deep-merges with messages.tts (Edge is ignored for calls).", + "help": "Deep-merges with messages.tts (Microsoft is ignored for calls).", "advanced": true }, "tts.openai.model": { @@ -420,8 +420,7 @@ "enum": ["final", "all"] }, "provider": { - "type": "string", - "enum": ["openai", "elevenlabs", "edge"] + "type": "string" }, "summaryModel": { "type": "string" diff --git a/extensions/voice-call/src/cli.ts b/extensions/voice-call/src/cli.ts index c1abc9a1f0e..322a9dae355 100644 --- a/extensions/voice-call/src/cli.ts +++ b/extensions/voice-call/src/cli.ts @@ -2,7 +2,7 @@ import fs from "node:fs"; import os from "node:os"; import path from "node:path"; import type { Command } from "commander"; -import { sleep } from "openclaw/plugin-sdk/voice-call"; +import { sleep } from "../api.js"; import type { VoiceCallConfig } from "./config.js"; import type { VoiceCallRuntime } from "./runtime.js"; import { resolveUserPath } from "./utils.js"; diff --git a/extensions/voice-call/src/config.ts b/extensions/voice-call/src/config.ts index 2d1494c7876..5ecd4f01bd3 100644 --- a/extensions/voice-call/src/config.ts +++ b/extensions/voice-call/src/config.ts @@ -1,10 +1,5 @@ -import { - TtsAutoSchema, - TtsConfigSchema, - TtsModeSchema, - TtsProviderSchema, -} from "openclaw/plugin-sdk/voice-call"; import { z } from "zod"; +import { TtsAutoSchema, TtsConfigSchema, TtsModeSchema, TtsProviderSchema } from "../api.js"; import { deepMergeDefined } from "./deep-merge.js"; // ----------------------------------------------------------------------------- diff --git a/extensions/voice-call/src/core-bridge.ts b/extensions/voice-call/src/core-bridge.ts index 0425eef9dbd..8c3981db346 100644 --- a/extensions/voice-call/src/core-bridge.ts +++ b/extensions/voice-call/src/core-bridge.ts @@ -1,6 +1,4 @@ -import fs from "node:fs"; -import path from "node:path"; -import { fileURLToPath, pathToFileURL } from "node:url"; +import type { OpenClawPluginApi } from "../api.js"; import type { VoiceCallTtsConfig } from "./config.js"; export type CoreConfig = { @@ -13,147 +11,4 @@ export type CoreConfig = { [key: string]: unknown; }; -type CoreAgentDeps = { - resolveAgentDir: (cfg: CoreConfig, agentId: string) => string; - resolveAgentWorkspaceDir: (cfg: CoreConfig, agentId: string) => string; - resolveAgentIdentity: ( - cfg: CoreConfig, - agentId: string, - ) => { name?: string | null } | null | undefined; - resolveThinkingDefault: (params: { - cfg: CoreConfig; - provider?: string; - model?: string; - }) => string; - runEmbeddedPiAgent: (params: { - sessionId: string; - sessionKey?: string; - messageProvider?: string; - sessionFile: string; - workspaceDir: string; - config?: CoreConfig; - prompt: string; - provider?: string; - model?: string; - thinkLevel?: string; - verboseLevel?: string; - timeoutMs: number; - runId: string; - lane?: string; - extraSystemPrompt?: string; - agentDir?: string; - }) => Promise<{ - payloads?: Array<{ text?: string; isError?: boolean }>; - meta?: { aborted?: boolean }; - }>; - resolveAgentTimeoutMs: (opts: { cfg: CoreConfig }) => number; - ensureAgentWorkspace: (params?: { dir: string }) => Promise; - resolveStorePath: (store?: string, opts?: { agentId?: string }) => string; - loadSessionStore: (storePath: string) => Record; - saveSessionStore: (storePath: string, store: Record) => Promise; - resolveSessionFilePath: ( - sessionId: string, - entry: unknown, - opts?: { agentId?: string }, - ) => string; - DEFAULT_MODEL: string; - DEFAULT_PROVIDER: string; -}; - -let coreRootCache: string | null = null; -let coreDepsPromise: Promise | null = null; - -function findPackageRoot(startDir: string, name: string): string | null { - let dir = startDir; - for (;;) { - const pkgPath = path.join(dir, "package.json"); - try { - if (fs.existsSync(pkgPath)) { - const raw = fs.readFileSync(pkgPath, "utf8"); - const pkg = JSON.parse(raw) as { name?: string }; - if (pkg.name === name) { - return dir; - } - } - } catch { - // ignore parse errors and keep walking - } - const parent = path.dirname(dir); - if (parent === dir) { - return null; - } - dir = parent; - } -} - -function resolveOpenClawRoot(): string { - if (coreRootCache) { - return coreRootCache; - } - const override = process.env.OPENCLAW_ROOT?.trim(); - if (override) { - coreRootCache = override; - return override; - } - - const candidates = new Set(); - if (process.argv[1]) { - candidates.add(path.dirname(process.argv[1])); - } - candidates.add(process.cwd()); - try { - const urlPath = fileURLToPath(import.meta.url); - candidates.add(path.dirname(urlPath)); - } catch { - // ignore - } - - for (const start of candidates) { - for (const name of ["openclaw"]) { - const found = findPackageRoot(start, name); - if (found) { - coreRootCache = found; - return found; - } - } - } - - throw new Error("Unable to resolve core root. Set OPENCLAW_ROOT to the package root."); -} - -async function importCoreExtensionAPI(): Promise<{ - resolveAgentDir: CoreAgentDeps["resolveAgentDir"]; - resolveAgentWorkspaceDir: CoreAgentDeps["resolveAgentWorkspaceDir"]; - DEFAULT_MODEL: string; - DEFAULT_PROVIDER: string; - resolveAgentIdentity: CoreAgentDeps["resolveAgentIdentity"]; - resolveThinkingDefault: CoreAgentDeps["resolveThinkingDefault"]; - runEmbeddedPiAgent: CoreAgentDeps["runEmbeddedPiAgent"]; - resolveAgentTimeoutMs: CoreAgentDeps["resolveAgentTimeoutMs"]; - ensureAgentWorkspace: CoreAgentDeps["ensureAgentWorkspace"]; - resolveStorePath: CoreAgentDeps["resolveStorePath"]; - loadSessionStore: CoreAgentDeps["loadSessionStore"]; - saveSessionStore: CoreAgentDeps["saveSessionStore"]; - resolveSessionFilePath: CoreAgentDeps["resolveSessionFilePath"]; -}> { - // Do not import any other module. You can't touch this or you will be fired. - const distPath = path.join(resolveOpenClawRoot(), "dist", "extensionAPI.js"); - if (!fs.existsSync(distPath)) { - throw new Error( - `Missing core module at ${distPath}. Run \`pnpm build\` or install the official package.`, - ); - } - return await import(pathToFileURL(distPath).href); -} - -export async function loadCoreAgentDeps(): Promise { - if (coreDepsPromise) { - return coreDepsPromise; - } - - coreDepsPromise = (async () => { - return await importCoreExtensionAPI(); - })(); - - return coreDepsPromise; -} +export type CoreAgentDeps = OpenClawPluginApi["runtime"]["agent"]; diff --git a/extensions/voice-call/src/providers/shared/guarded-json-api.ts b/extensions/voice-call/src/providers/shared/guarded-json-api.ts index cc8d1f33e03..625ad0f833a 100644 --- a/extensions/voice-call/src/providers/shared/guarded-json-api.ts +++ b/extensions/voice-call/src/providers/shared/guarded-json-api.ts @@ -1,4 +1,4 @@ -import { fetchWithSsrFGuard } from "openclaw/plugin-sdk/voice-call"; +import { fetchWithSsrFGuard } from "../../../api.js"; type GuardedJsonApiRequestParams = { url: string; diff --git a/extensions/voice-call/src/providers/tts-openai.ts b/extensions/voice-call/src/providers/tts-openai.ts index 0a7c74d90ac..c16b20c0a66 100644 --- a/extensions/voice-call/src/providers/tts-openai.ts +++ b/extensions/voice-call/src/providers/tts-openai.ts @@ -1,4 +1,4 @@ -import { resolveOpenAITtsInstructions } from "openclaw/plugin-sdk/voice-call"; +import { resolveOpenAITtsInstructions } from "../../api.js"; import { pcmToMulaw } from "../telephony-audio.js"; /** diff --git a/extensions/voice-call/src/response-generator.ts b/extensions/voice-call/src/response-generator.ts index abb02cb7b1d..d1903410f86 100644 --- a/extensions/voice-call/src/response-generator.ts +++ b/extensions/voice-call/src/response-generator.ts @@ -4,14 +4,17 @@ */ import crypto from "node:crypto"; +import type { SessionEntry } from "../api.js"; import type { VoiceCallConfig } from "./config.js"; -import { loadCoreAgentDeps, type CoreConfig } from "./core-bridge.js"; +import type { CoreAgentDeps, CoreConfig } from "./core-bridge.js"; export type VoiceResponseParams = { /** Voice call config */ voiceConfig: VoiceCallConfig; /** Core OpenClaw config */ coreConfig: CoreConfig; + /** Injected host agent runtime */ + agentRuntime: CoreAgentDeps; /** Call ID for session tracking */ callId: string; /** Caller's phone number */ @@ -27,11 +30,6 @@ export type VoiceResponseResult = { error?: string; }; -type SessionEntry = { - sessionId: string; - updatedAt: number; -}; - /** * Generate a voice response using the embedded Pi agent with full tool support. * Uses the same agent infrastructure as messaging for consistent behavior. @@ -39,21 +37,11 @@ type SessionEntry = { export async function generateVoiceResponse( params: VoiceResponseParams, ): Promise { - const { voiceConfig, callId, from, transcript, userMessage, coreConfig } = params; + const { voiceConfig, callId, from, transcript, userMessage, coreConfig, agentRuntime } = params; if (!coreConfig) { return { text: null, error: "Core config unavailable for voice response" }; } - - let deps: Awaited>; - try { - deps = await loadCoreAgentDeps(); - } catch (err) { - return { - text: null, - error: err instanceof Error ? err.message : "Unable to load core agent dependencies", - }; - } const cfg = coreConfig; // Build voice-specific session key based on phone number @@ -62,15 +50,15 @@ export async function generateVoiceResponse( const agentId = "main"; // Resolve paths - const storePath = deps.resolveStorePath(cfg.session?.store, { agentId }); - const agentDir = deps.resolveAgentDir(cfg, agentId); - const workspaceDir = deps.resolveAgentWorkspaceDir(cfg, agentId); + const storePath = agentRuntime.session.resolveStorePath(cfg.session?.store, { agentId }); + const agentDir = agentRuntime.resolveAgentDir(cfg, agentId); + const workspaceDir = agentRuntime.resolveAgentWorkspaceDir(cfg, agentId); // Ensure workspace exists - await deps.ensureAgentWorkspace({ dir: workspaceDir }); + await agentRuntime.ensureAgentWorkspace({ dir: workspaceDir }); // Load or create session entry - const sessionStore = deps.loadSessionStore(storePath); + const sessionStore = agentRuntime.session.loadSessionStore(storePath); const now = Date.now(); let sessionEntry = sessionStore[sessionKey] as SessionEntry | undefined; @@ -80,25 +68,27 @@ export async function generateVoiceResponse( updatedAt: now, }; sessionStore[sessionKey] = sessionEntry; - await deps.saveSessionStore(storePath, sessionStore); + await agentRuntime.session.saveSessionStore(storePath, sessionStore); } const sessionId = sessionEntry.sessionId; - const sessionFile = deps.resolveSessionFilePath(sessionId, sessionEntry, { + const sessionFile = agentRuntime.session.resolveSessionFilePath(sessionId, sessionEntry, { agentId, }); // Resolve model from config - const modelRef = voiceConfig.responseModel || `${deps.DEFAULT_PROVIDER}/${deps.DEFAULT_MODEL}`; + const modelRef = + voiceConfig.responseModel || `${agentRuntime.defaults.provider}/${agentRuntime.defaults.model}`; const slashIndex = modelRef.indexOf("/"); - const provider = slashIndex === -1 ? deps.DEFAULT_PROVIDER : modelRef.slice(0, slashIndex); + const provider = + slashIndex === -1 ? agentRuntime.defaults.provider : modelRef.slice(0, slashIndex); const model = slashIndex === -1 ? modelRef : modelRef.slice(slashIndex + 1); // Resolve thinking level - const thinkLevel = deps.resolveThinkingDefault({ cfg, provider, model }); + const thinkLevel = agentRuntime.resolveThinkingDefault({ cfg, provider, model }); // Resolve agent identity for personalized prompt - const identity = deps.resolveAgentIdentity(cfg, agentId); + const identity = agentRuntime.resolveAgentIdentity(cfg, agentId); const agentName = identity?.name?.trim() || "assistant"; // Build system prompt with conversation history @@ -115,11 +105,11 @@ export async function generateVoiceResponse( } // Resolve timeout - const timeoutMs = voiceConfig.responseTimeoutMs ?? deps.resolveAgentTimeoutMs({ cfg }); + const timeoutMs = voiceConfig.responseTimeoutMs ?? agentRuntime.resolveAgentTimeoutMs({ cfg }); const runId = `voice:${callId}:${Date.now()}`; try { - const result = await deps.runEmbeddedPiAgent({ + const result = await agentRuntime.runEmbeddedPiAgent({ sessionId, sessionKey, messageProvider: "voice", diff --git a/extensions/voice-call/src/runtime.test.ts b/extensions/voice-call/src/runtime.test.ts index dcb8fa2a158..ffe9093c4e2 100644 --- a/extensions/voice-call/src/runtime.test.ts +++ b/extensions/voice-call/src/runtime.test.ts @@ -76,6 +76,7 @@ describe("createVoiceCallRuntime lifecycle", () => { createVoiceCallRuntime({ config: createBaseConfig(), coreConfig: {}, + agentRuntime: {} as never, }), ).rejects.toThrow("init failed"); @@ -95,6 +96,7 @@ describe("createVoiceCallRuntime lifecycle", () => { const runtime = await createVoiceCallRuntime({ config: createBaseConfig(), coreConfig: {} as CoreConfig, + agentRuntime: {} as never, }); await runtime.stop(); diff --git a/extensions/voice-call/src/runtime.ts b/extensions/voice-call/src/runtime.ts index d725e44bf06..384ac209a76 100644 --- a/extensions/voice-call/src/runtime.ts +++ b/extensions/voice-call/src/runtime.ts @@ -1,6 +1,6 @@ import type { VoiceCallConfig } from "./config.js"; import { resolveVoiceCallConfig, validateProviderConfig } from "./config.js"; -import type { CoreConfig } from "./core-bridge.js"; +import type { CoreAgentDeps, CoreConfig } from "./core-bridge.js"; import { CallManager } from "./manager.js"; import type { VoiceCallProvider } from "./providers/base.js"; import { MockProvider } from "./providers/mock.js"; @@ -135,10 +135,11 @@ function resolveProvider(config: VoiceCallConfig): VoiceCallProvider { export async function createVoiceCallRuntime(params: { config: VoiceCallConfig; coreConfig: CoreConfig; + agentRuntime: CoreAgentDeps; ttsRuntime?: TelephonyTtsRuntime; logger?: Logger; }): Promise { - const { config: rawConfig, coreConfig, ttsRuntime, logger } = params; + const { config: rawConfig, coreConfig, agentRuntime, ttsRuntime, logger } = params; const log = logger ?? { info: console.log, warn: console.warn, @@ -165,7 +166,13 @@ export async function createVoiceCallRuntime(params: { const provider = resolveProvider(config); const manager = new CallManager(config); - const webhookServer = new VoiceCallWebhookServer(config, manager, provider, coreConfig); + const webhookServer = new VoiceCallWebhookServer( + config, + manager, + provider, + coreConfig, + agentRuntime, + ); const lifecycle = createRuntimeResourceLifecycle({ config, webhookServer }); const localUrl = await webhookServer.start(); diff --git a/extensions/voice-call/src/webhook.ts b/extensions/voice-call/src/webhook.ts index 1258229735e..fe015727e73 100644 --- a/extensions/voice-call/src/webhook.ts +++ b/extensions/voice-call/src/webhook.ts @@ -4,9 +4,9 @@ import { isRequestBodyLimitError, readRequestBodyWithLimit, requestBodyErrorToText, -} from "openclaw/plugin-sdk/voice-call"; +} from "../api.js"; import { normalizeVoiceCallConfig, type VoiceCallConfig } from "./config.js"; -import type { CoreConfig } from "./core-bridge.js"; +import type { CoreAgentDeps, CoreConfig } from "./core-bridge.js"; import type { CallManager } from "./manager.js"; import type { MediaStreamConfig } from "./media-stream.js"; import { MediaStreamHandler } from "./media-stream.js"; @@ -55,6 +55,7 @@ export class VoiceCallWebhookServer { private manager: CallManager; private provider: VoiceCallProvider; private coreConfig: CoreConfig | null; + private agentRuntime: CoreAgentDeps | null; private stopStaleCallReaper: (() => void) | null = null; /** Media stream handler for bidirectional audio (when streaming enabled) */ @@ -65,11 +66,13 @@ export class VoiceCallWebhookServer { manager: CallManager, provider: VoiceCallProvider, coreConfig?: CoreConfig, + agentRuntime?: CoreAgentDeps, ) { this.config = normalizeVoiceCallConfig(config); this.manager = manager; this.provider = provider; this.coreConfig = coreConfig ?? null; + this.agentRuntime = agentRuntime ?? null; // Initialize media stream handler if streaming is enabled if (this.config.streaming.enabled) { @@ -458,6 +461,10 @@ export class VoiceCallWebhookServer { console.warn("[voice-call] Core config missing; skipping auto-response"); return; } + if (!this.agentRuntime) { + console.warn("[voice-call] Agent runtime missing; skipping auto-response"); + return; + } try { const { generateVoiceResponse } = await import("./response-generator.js"); @@ -465,6 +472,7 @@ export class VoiceCallWebhookServer { const result = await generateVoiceResponse({ voiceConfig: this.config, coreConfig: this.coreConfig, + agentRuntime: this.agentRuntime, callId, from: call.from, transcript: call.transcript, diff --git a/extensions/volcengine/index.ts b/extensions/volcengine/index.ts index 2e6063365df..f6b4b020746 100644 --- a/extensions/volcengine/index.ts +++ b/extensions/volcengine/index.ts @@ -1,20 +1,16 @@ -import { emptyPluginConfigSchema, type OpenClawPluginApi } from "openclaw/plugin-sdk/core"; -import { - buildDoubaoCodingProvider, - buildDoubaoProvider, -} from "../../src/agents/models-config.providers.static.js"; -import { ensureModelAllowlistEntry } from "../../src/commands/model-allowlist.js"; -import { createProviderApiKeyAuthMethod } from "../../src/plugins/provider-api-key-auth.js"; +import { definePluginEntry } from "openclaw/plugin-sdk/core"; +import { createProviderApiKeyAuthMethod } from "openclaw/plugin-sdk/provider-auth"; +import { ensureModelAllowlistEntry } from "openclaw/plugin-sdk/provider-onboard"; +import { buildDoubaoCodingProvider, buildDoubaoProvider } from "./provider-catalog.js"; const PROVIDER_ID = "volcengine"; const VOLCENGINE_DEFAULT_MODEL_REF = "volcengine-plan/ark-code-latest"; -const volcenginePlugin = { +export default definePluginEntry({ id: PROVIDER_ID, name: "Volcengine Provider", description: "Bundled Volcengine provider plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerProvider({ id: PROVIDER_ID, label: "Volcengine", @@ -63,6 +59,4 @@ const volcenginePlugin = { }, }); }, -}; - -export default volcenginePlugin; +}); diff --git a/extensions/volcengine/provider-catalog.ts b/extensions/volcengine/provider-catalog.ts new file mode 100644 index 00000000000..f01a3079bcc --- /dev/null +++ b/extensions/volcengine/provider-catalog.ts @@ -0,0 +1,24 @@ +import { + buildDoubaoModelDefinition, + DOUBAO_BASE_URL, + DOUBAO_CODING_BASE_URL, + DOUBAO_CODING_MODEL_CATALOG, + DOUBAO_MODEL_CATALOG, + type ModelProviderConfig, +} from "openclaw/plugin-sdk/provider-models"; + +export function buildDoubaoProvider(): ModelProviderConfig { + return { + baseUrl: DOUBAO_BASE_URL, + api: "openai-completions", + models: DOUBAO_MODEL_CATALOG.map(buildDoubaoModelDefinition), + }; +} + +export function buildDoubaoCodingProvider(): ModelProviderConfig { + return { + baseUrl: DOUBAO_CODING_BASE_URL, + api: "openai-completions", + models: DOUBAO_CODING_MODEL_CATALOG.map(buildDoubaoModelDefinition), + }; +} diff --git a/extensions/whatsapp/api.ts b/extensions/whatsapp/api.ts new file mode 100644 index 00000000000..feaaa1c5835 --- /dev/null +++ b/extensions/whatsapp/api.ts @@ -0,0 +1 @@ +export * from "./src/accounts.js"; diff --git a/extensions/whatsapp/index.ts b/extensions/whatsapp/index.ts index c0f097ddf7d..de3e6c92706 100644 --- a/extensions/whatsapp/index.ts +++ b/extensions/whatsapp/index.ts @@ -1,17 +1,14 @@ -import type { OpenClawPluginApi } from "openclaw/plugin-sdk/core"; -import { emptyPluginConfigSchema } from "openclaw/plugin-sdk/core"; +import { defineChannelPluginEntry } from "openclaw/plugin-sdk/core"; import { whatsappPlugin } from "./src/channel.js"; import { setWhatsAppRuntime } from "./src/runtime.js"; -const plugin = { +export { whatsappPlugin } from "./src/channel.js"; +export { setWhatsAppRuntime } from "./src/runtime.js"; + +export default defineChannelPluginEntry({ id: "whatsapp", name: "WhatsApp", description: "WhatsApp channel plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { - setWhatsAppRuntime(api.runtime); - api.registerChannel({ plugin: whatsappPlugin }); - }, -}; - -export default plugin; + plugin: whatsappPlugin, + setRuntime: setWhatsAppRuntime, +}); diff --git a/extensions/whatsapp/login-qr-api.ts b/extensions/whatsapp/login-qr-api.ts new file mode 100644 index 00000000000..a8af0fc64b2 --- /dev/null +++ b/extensions/whatsapp/login-qr-api.ts @@ -0,0 +1 @@ +export * from "./src/login-qr.js"; diff --git a/extensions/whatsapp/runtime-api.ts b/extensions/whatsapp/runtime-api.ts new file mode 100644 index 00000000000..24e269ad62f --- /dev/null +++ b/extensions/whatsapp/runtime-api.ts @@ -0,0 +1,9 @@ +export * from "./src/active-listener.js"; +export * from "./src/agent-tools-login.js"; +export * from "./src/auth-store.js"; +export * from "./src/auto-reply.js"; +export * from "./src/inbound.js"; +export * from "./src/login.js"; +export * from "./src/media.js"; +export * from "./src/send.js"; +export * from "./src/session.js"; diff --git a/extensions/whatsapp/setup-entry.ts b/extensions/whatsapp/setup-entry.ts index 5b18e10073b..16471e34e0f 100644 --- a/extensions/whatsapp/setup-entry.ts +++ b/extensions/whatsapp/setup-entry.ts @@ -1,3 +1,6 @@ +import { defineSetupPluginEntry } from "openclaw/plugin-sdk/core"; import { whatsappSetupPlugin } from "./src/channel.setup.js"; -export default { plugin: whatsappSetupPlugin }; +export { whatsappSetupPlugin } from "./src/channel.setup.js"; + +export default defineSetupPluginEntry(whatsappSetupPlugin); diff --git a/extensions/whatsapp/src/accounts.ts b/extensions/whatsapp/src/accounts.ts index 53e73128894..d2a4e277846 100644 --- a/extensions/whatsapp/src/accounts.ts +++ b/extensions/whatsapp/src/accounts.ts @@ -1,16 +1,15 @@ import fs from "node:fs"; import path from "node:path"; -import type { - DmPolicy, - GroupPolicy, - OpenClawConfig, - WhatsAppAccountConfig, -} from "openclaw/plugin-sdk/whatsapp"; -import { createAccountListHelpers } from "../../../src/channels/plugins/account-helpers.js"; -import { resolveOAuthDir } from "../../../src/config/paths.js"; -import { resolveAccountEntry } from "../../../src/routing/account-lookup.js"; -import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js"; -import { resolveUserPath } from "../../../src/utils.js"; +import { + createAccountListHelpers, + DEFAULT_ACCOUNT_ID, + normalizeAccountId, + resolveAccountEntry, + resolveUserPath, + type OpenClawConfig, +} from "openclaw/plugin-sdk/account-resolution"; +import { resolveOAuthDir } from "openclaw/plugin-sdk/state-paths"; +import type { DmPolicy, GroupPolicy, WhatsAppAccountConfig } from "openclaw/plugin-sdk/whatsapp"; import { hasWebCredsSync } from "./auth-store.js"; export type ResolvedWhatsAppAccount = { diff --git a/extensions/whatsapp/src/accounts.whatsapp-auth.test.ts b/extensions/whatsapp/src/accounts.whatsapp-auth.test.ts index 349bccc65e5..9926b3c5324 100644 --- a/extensions/whatsapp/src/accounts.whatsapp-auth.test.ts +++ b/extensions/whatsapp/src/accounts.whatsapp-auth.test.ts @@ -2,7 +2,7 @@ import fs from "node:fs"; import os from "node:os"; import path from "node:path"; import { afterEach, beforeEach, describe, expect, it } from "vitest"; -import { captureEnv } from "../../../src/test-utils/env.js"; +import { captureEnv } from "../../../test/helpers/extensions/env.js"; import { hasAnyWhatsAppAuth, listWhatsAppAuthDirs } from "./accounts.js"; describe("hasAnyWhatsAppAuth", () => { diff --git a/extensions/whatsapp/src/active-listener.ts b/extensions/whatsapp/src/active-listener.ts index fc8f11fe20e..71b6086f3a0 100644 --- a/extensions/whatsapp/src/active-listener.ts +++ b/extensions/whatsapp/src/active-listener.ts @@ -1,6 +1,6 @@ -import { formatCliCommand } from "../../../src/cli/command-format.js"; -import type { PollInput } from "../../../src/polls.js"; -import { DEFAULT_ACCOUNT_ID } from "../../../src/routing/session-key.js"; +import { formatCliCommand } from "openclaw/plugin-sdk/cli-runtime"; +import type { PollInput } from "openclaw/plugin-sdk/media-runtime"; +import { DEFAULT_ACCOUNT_ID } from "openclaw/plugin-sdk/routing"; export type ActiveWebSendOptions = { gifPlayback?: boolean; diff --git a/extensions/whatsapp/src/agent-tools-login.ts b/extensions/whatsapp/src/agent-tools-login.ts index a1ac87a3976..9343e83d21a 100644 --- a/extensions/whatsapp/src/agent-tools-login.ts +++ b/extensions/whatsapp/src/agent-tools-login.ts @@ -1,5 +1,5 @@ import { Type } from "@sinclair/typebox"; -import type { ChannelAgentTool } from "../../../src/channels/plugins/types.js"; +import type { ChannelAgentTool } from "openclaw/plugin-sdk/channel-runtime"; export function createWhatsAppLoginTool(): ChannelAgentTool { return { diff --git a/extensions/whatsapp/src/auth-store.ts b/extensions/whatsapp/src/auth-store.ts index 636c114676f..991be6dff7d 100644 --- a/extensions/whatsapp/src/auth-store.ts +++ b/extensions/whatsapp/src/auth-store.ts @@ -1,14 +1,14 @@ import fsSync from "node:fs"; import fs from "node:fs/promises"; import path from "node:path"; -import { formatCliCommand } from "../../../src/cli/command-format.js"; -import { resolveOAuthDir } from "../../../src/config/paths.js"; -import { info, success } from "../../../src/globals.js"; -import { getChildLogger } from "../../../src/logging.js"; -import { DEFAULT_ACCOUNT_ID } from "../../../src/routing/session-key.js"; -import { defaultRuntime, type RuntimeEnv } from "../../../src/runtime.js"; -import type { WebChannel } from "../../../src/utils.js"; -import { jidToE164, resolveUserPath } from "../../../src/utils.js"; +import { formatCliCommand } from "openclaw/plugin-sdk/cli-runtime"; +import { DEFAULT_ACCOUNT_ID } from "openclaw/plugin-sdk/routing"; +import { info, success } from "openclaw/plugin-sdk/runtime-env"; +import { getChildLogger } from "openclaw/plugin-sdk/runtime-env"; +import { defaultRuntime, type RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; +import { resolveOAuthDir } from "openclaw/plugin-sdk/state-paths"; +import type { WebChannel } from "openclaw/plugin-sdk/text-runtime"; +import { jidToE164, resolveUserPath } from "openclaw/plugin-sdk/text-runtime"; export function resolveDefaultWebAuthDir(): string { return path.join(resolveOAuthDir(), "whatsapp", DEFAULT_ACCOUNT_ID); diff --git a/extensions/whatsapp/src/auto-reply.impl.ts b/extensions/whatsapp/src/auto-reply.impl.ts index 57feff1ab4d..e936c63e732 100644 --- a/extensions/whatsapp/src/auto-reply.impl.ts +++ b/extensions/whatsapp/src/auto-reply.impl.ts @@ -1,5 +1,5 @@ -export { HEARTBEAT_PROMPT, stripHeartbeatToken } from "../../../src/auto-reply/heartbeat.js"; -export { HEARTBEAT_TOKEN, SILENT_REPLY_TOKEN } from "../../../src/auto-reply/tokens.js"; +export { HEARTBEAT_PROMPT, stripHeartbeatToken } from "openclaw/plugin-sdk/reply-runtime"; +export { HEARTBEAT_TOKEN, SILENT_REPLY_TOKEN } from "openclaw/plugin-sdk/reply-runtime"; export { DEFAULT_WEB_MEDIA_BYTES } from "./auto-reply/constants.js"; export { resolveHeartbeatRecipients, runWebHeartbeatOnce } from "./auto-reply/heartbeat-runner.js"; diff --git a/extensions/whatsapp/src/auto-reply.test-harness.ts b/extensions/whatsapp/src/auto-reply.test-harness.ts index dfbcf447fa9..f3707f87679 100644 --- a/extensions/whatsapp/src/auto-reply.test-harness.ts +++ b/extensions/whatsapp/src/auto-reply.test-harness.ts @@ -2,10 +2,10 @@ import "./test-helpers.js"; import fs from "node:fs/promises"; import os from "node:os"; import path from "node:path"; +import * as ssrf from "openclaw/plugin-sdk/infra-runtime"; +import { resetInboundDedupe } from "openclaw/plugin-sdk/reply-runtime"; +import { resetLogger, setLoggerOverride } from "openclaw/plugin-sdk/runtime-env"; import { afterAll, afterEach, beforeAll, beforeEach, vi } from "vitest"; -import { resetInboundDedupe } from "../../../src/auto-reply/reply/inbound-dedupe.js"; -import * as ssrf from "../../../src/infra/net/ssrf.js"; -import { resetLogger, setLoggerOverride } from "../../../src/logging.js"; import type { WebInboundMessage, WebListenerCloseReason } from "./inbound.js"; import { resetBaileysMocks as _resetBaileysMocks, @@ -29,7 +29,7 @@ type MockWebListener = { export const TEST_NET_IP = "203.0.113.10"; -vi.mock("../../../src/agents/pi-embedded.js", () => ({ +vi.mock("openclaw/plugin-sdk/agent-runtime", () => ({ abortEmbeddedPiRun: vi.fn().mockReturnValue(false), isEmbeddedPiRunActive: vi.fn().mockReturnValue(false), isEmbeddedPiRunStreaming: vi.fn().mockReturnValue(false), diff --git a/extensions/whatsapp/src/auto-reply.web-auto-reply.connection-and-logging.e2e.test.ts b/extensions/whatsapp/src/auto-reply.web-auto-reply.connection-and-logging.e2e.test.ts index dd324f47351..235942663a8 100644 --- a/extensions/whatsapp/src/auto-reply.web-auto-reply.connection-and-logging.e2e.test.ts +++ b/extensions/whatsapp/src/auto-reply.web-auto-reply.connection-and-logging.e2e.test.ts @@ -4,8 +4,8 @@ import fs from "node:fs/promises"; import { beforeAll, describe, expect, it, vi } from "vitest"; import type { OpenClawConfig } from "../../../src/config/config.js"; import { setLoggerOverride } from "../../../src/logging.js"; -import { withEnvAsync } from "../../../src/test-utils/env.js"; import { escapeRegExp, formatEnvelopeTimestamp } from "../../../test/helpers/envelope-timestamp.js"; +import { withEnvAsync } from "../../../test/helpers/extensions/env.js"; import { createMockWebListener, createWebListenerFactoryCapture, diff --git a/extensions/whatsapp/src/auto-reply/deliver-reply.ts b/extensions/whatsapp/src/auto-reply/deliver-reply.ts index 6fb4ce39143..6d9d8b541ae 100644 --- a/extensions/whatsapp/src/auto-reply/deliver-reply.ts +++ b/extensions/whatsapp/src/auto-reply/deliver-reply.ts @@ -1,10 +1,10 @@ -import { chunkMarkdownTextWithMode, type ChunkMode } from "../../../../src/auto-reply/chunk.js"; -import type { ReplyPayload } from "../../../../src/auto-reply/types.js"; -import type { MarkdownTableMode } from "../../../../src/config/types.base.js"; -import { logVerbose, shouldLogVerbose } from "../../../../src/globals.js"; -import { convertMarkdownTables } from "../../../../src/markdown/tables.js"; -import { markdownToWhatsApp } from "../../../../src/markdown/whatsapp.js"; -import { sleep } from "../../../../src/utils.js"; +import type { MarkdownTableMode } from "openclaw/plugin-sdk/config-runtime"; +import { chunkMarkdownTextWithMode, type ChunkMode } from "openclaw/plugin-sdk/reply-runtime"; +import type { ReplyPayload } from "openclaw/plugin-sdk/reply-runtime"; +import { logVerbose, shouldLogVerbose } from "openclaw/plugin-sdk/runtime-env"; +import { convertMarkdownTables } from "openclaw/plugin-sdk/text-runtime"; +import { markdownToWhatsApp } from "openclaw/plugin-sdk/text-runtime"; +import { sleep } from "openclaw/plugin-sdk/text-runtime"; import { loadWebMedia } from "../media.js"; import { newConnectionId } from "../reconnect.js"; import { formatError } from "../session.js"; diff --git a/extensions/whatsapp/src/auto-reply/heartbeat-runner.ts b/extensions/whatsapp/src/auto-reply/heartbeat-runner.ts index 0b423a3f116..7aa35705f43 100644 --- a/extensions/whatsapp/src/auto-reply/heartbeat-runner.ts +++ b/extensions/whatsapp/src/auto-reply/heartbeat-runner.ts @@ -1,28 +1,25 @@ -import { appendCronStyleCurrentTimeLine } from "../../../../src/agents/current-time.js"; -import { resolveHeartbeatReplyPayload } from "../../../../src/auto-reply/heartbeat-reply-payload.js"; -import { - DEFAULT_HEARTBEAT_ACK_MAX_CHARS, - resolveHeartbeatPrompt, - stripHeartbeatToken, -} from "../../../../src/auto-reply/heartbeat.js"; -import { getReplyFromConfig } from "../../../../src/auto-reply/reply.js"; -import { HEARTBEAT_TOKEN } from "../../../../src/auto-reply/tokens.js"; -import { resolveWhatsAppHeartbeatRecipients } from "../../../../src/channels/plugins/whatsapp-heartbeat.js"; -import { loadConfig } from "../../../../src/config/config.js"; +import { appendCronStyleCurrentTimeLine } from "openclaw/plugin-sdk/agent-runtime"; +import { resolveWhatsAppHeartbeatRecipients } from "openclaw/plugin-sdk/channel-runtime"; +import { loadConfig } from "openclaw/plugin-sdk/config-runtime"; import { loadSessionStore, resolveSessionKey, resolveStorePath, updateSessionStore, -} from "../../../../src/config/sessions.js"; +} from "openclaw/plugin-sdk/config-runtime"; +import { emitHeartbeatEvent, resolveIndicatorType } from "openclaw/plugin-sdk/infra-runtime"; +import { resolveHeartbeatVisibility } from "openclaw/plugin-sdk/infra-runtime"; +import { resolveHeartbeatReplyPayload } from "openclaw/plugin-sdk/reply-runtime"; import { - emitHeartbeatEvent, - resolveIndicatorType, -} from "../../../../src/infra/heartbeat-events.js"; -import { resolveHeartbeatVisibility } from "../../../../src/infra/heartbeat-visibility.js"; -import { getChildLogger } from "../../../../src/logging.js"; -import { redactIdentifier } from "../../../../src/logging/redact-identifier.js"; -import { normalizeMainKey } from "../../../../src/routing/session-key.js"; + DEFAULT_HEARTBEAT_ACK_MAX_CHARS, + resolveHeartbeatPrompt, + stripHeartbeatToken, +} from "openclaw/plugin-sdk/reply-runtime"; +import { getReplyFromConfig } from "openclaw/plugin-sdk/reply-runtime"; +import { HEARTBEAT_TOKEN } from "openclaw/plugin-sdk/reply-runtime"; +import { normalizeMainKey } from "openclaw/plugin-sdk/routing"; +import { getChildLogger } from "openclaw/plugin-sdk/runtime-env"; +import { redactIdentifier } from "openclaw/plugin-sdk/text-runtime"; import { newConnectionId } from "../reconnect.js"; import { sendMessageWhatsApp } from "../send.js"; import { formatError } from "../session.js"; diff --git a/extensions/whatsapp/src/auto-reply/loggers.ts b/extensions/whatsapp/src/auto-reply/loggers.ts index 71575671b2e..1201a412a59 100644 --- a/extensions/whatsapp/src/auto-reply/loggers.ts +++ b/extensions/whatsapp/src/auto-reply/loggers.ts @@ -1,4 +1,4 @@ -import { createSubsystemLogger } from "../../../../src/logging/subsystem.js"; +import { createSubsystemLogger } from "openclaw/plugin-sdk/runtime-env"; export const whatsappLog = createSubsystemLogger("gateway/channels/whatsapp"); export const whatsappInboundLog = whatsappLog.child("inbound"); diff --git a/extensions/whatsapp/src/auto-reply/mentions.ts b/extensions/whatsapp/src/auto-reply/mentions.ts index 3891810c617..ad42c814c26 100644 --- a/extensions/whatsapp/src/auto-reply/mentions.ts +++ b/extensions/whatsapp/src/auto-reply/mentions.ts @@ -1,9 +1,6 @@ -import { - buildMentionRegexes, - normalizeMentionText, -} from "../../../../src/auto-reply/reply/mentions.js"; -import type { loadConfig } from "../../../../src/config/config.js"; -import { isSelfChatMode, jidToE164, normalizeE164 } from "../../../../src/utils.js"; +import type { loadConfig } from "openclaw/plugin-sdk/config-runtime"; +import { buildMentionRegexes, normalizeMentionText } from "openclaw/plugin-sdk/reply-runtime"; +import { isSelfChatMode, jidToE164, normalizeE164 } from "openclaw/plugin-sdk/text-runtime"; import type { WebInboundMsg } from "./types.js"; export type MentionConfig = { diff --git a/extensions/whatsapp/src/auto-reply/monitor.ts b/extensions/whatsapp/src/auto-reply/monitor.ts index 1222c69b71a..2f83e65079a 100644 --- a/extensions/whatsapp/src/auto-reply/monitor.ts +++ b/extensions/whatsapp/src/auto-reply/monitor.ts @@ -1,18 +1,18 @@ -import { hasControlCommand } from "../../../../src/auto-reply/command-detection.js"; -import { resolveInboundDebounceMs } from "../../../../src/auto-reply/inbound-debounce.js"; -import { getReplyFromConfig } from "../../../../src/auto-reply/reply.js"; -import { DEFAULT_GROUP_HISTORY_LIMIT } from "../../../../src/auto-reply/reply/history.js"; -import { formatCliCommand } from "../../../../src/cli/command-format.js"; -import { waitForever } from "../../../../src/cli/wait.js"; -import { loadConfig } from "../../../../src/config/config.js"; -import { createConnectedChannelStatusPatch } from "../../../../src/gateway/channel-status-patches.js"; -import { logVerbose } from "../../../../src/globals.js"; -import { formatDurationPrecise } from "../../../../src/infra/format-time/format-duration.ts"; -import { enqueueSystemEvent } from "../../../../src/infra/system-events.js"; -import { registerUnhandledRejectionHandler } from "../../../../src/infra/unhandled-rejections.js"; -import { getChildLogger } from "../../../../src/logging.js"; -import { resolveAgentRoute } from "../../../../src/routing/resolve-route.js"; -import { defaultRuntime, type RuntimeEnv } from "../../../../src/runtime.js"; +import { formatCliCommand } from "openclaw/plugin-sdk/cli-runtime"; +import { waitForever } from "openclaw/plugin-sdk/cli-runtime"; +import { loadConfig } from "openclaw/plugin-sdk/config-runtime"; +import { createConnectedChannelStatusPatch } from "openclaw/plugin-sdk/gateway-runtime"; +import { formatDurationPrecise } from "openclaw/plugin-sdk/infra-runtime"; +import { enqueueSystemEvent } from "openclaw/plugin-sdk/infra-runtime"; +import { hasControlCommand } from "openclaw/plugin-sdk/reply-runtime"; +import { resolveInboundDebounceMs } from "openclaw/plugin-sdk/reply-runtime"; +import { getReplyFromConfig } from "openclaw/plugin-sdk/reply-runtime"; +import { DEFAULT_GROUP_HISTORY_LIMIT } from "openclaw/plugin-sdk/reply-runtime"; +import { resolveAgentRoute } from "openclaw/plugin-sdk/routing"; +import { logVerbose } from "openclaw/plugin-sdk/runtime-env"; +import { registerUnhandledRejectionHandler } from "openclaw/plugin-sdk/runtime-env"; +import { getChildLogger } from "openclaw/plugin-sdk/runtime-env"; +import { defaultRuntime, type RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; import { resolveWhatsAppAccount, resolveWhatsAppMediaMaxBytes } from "../accounts.js"; import { setActiveWebListener } from "../active-listener.js"; import { monitorWebInbox } from "../inbound.js"; diff --git a/extensions/whatsapp/src/auto-reply/monitor/ack-reaction.ts b/extensions/whatsapp/src/auto-reply/monitor/ack-reaction.ts index c5a5d149ab7..126c485ec6f 100644 --- a/extensions/whatsapp/src/auto-reply/monitor/ack-reaction.ts +++ b/extensions/whatsapp/src/auto-reply/monitor/ack-reaction.ts @@ -1,6 +1,6 @@ -import { shouldAckReactionForWhatsApp } from "../../../../../src/channels/ack-reactions.js"; -import type { loadConfig } from "../../../../../src/config/config.js"; -import { logVerbose } from "../../../../../src/globals.js"; +import { shouldAckReactionForWhatsApp } from "openclaw/plugin-sdk/channel-runtime"; +import type { loadConfig } from "openclaw/plugin-sdk/config-runtime"; +import { logVerbose } from "openclaw/plugin-sdk/runtime-env"; import { sendReactionWhatsApp } from "../../send.js"; import { formatError } from "../../session.js"; import type { WebInboundMsg } from "../types.js"; diff --git a/extensions/whatsapp/src/auto-reply/monitor/broadcast.ts b/extensions/whatsapp/src/auto-reply/monitor/broadcast.ts index b00ba7aff9b..b2dc74cffe5 100644 --- a/extensions/whatsapp/src/auto-reply/monitor/broadcast.ts +++ b/extensions/whatsapp/src/auto-reply/monitor/broadcast.ts @@ -1,14 +1,11 @@ -import type { loadConfig } from "../../../../../src/config/config.js"; -import type { resolveAgentRoute } from "../../../../../src/routing/resolve-route.js"; -import { - buildAgentSessionKey, - deriveLastRoutePolicy, -} from "../../../../../src/routing/resolve-route.js"; +import type { loadConfig } from "openclaw/plugin-sdk/config-runtime"; +import type { resolveAgentRoute } from "openclaw/plugin-sdk/routing"; +import { buildAgentSessionKey, deriveLastRoutePolicy } from "openclaw/plugin-sdk/routing"; import { buildAgentMainSessionKey, DEFAULT_MAIN_KEY, normalizeAgentId, -} from "../../../../../src/routing/session-key.js"; +} from "openclaw/plugin-sdk/routing"; import { formatError } from "../../session.js"; import { whatsappInboundLog } from "../loggers.js"; import type { WebInboundMsg } from "../types.js"; diff --git a/extensions/whatsapp/src/auto-reply/monitor/group-activation.ts b/extensions/whatsapp/src/auto-reply/monitor/group-activation.ts index 60b15f5b3c6..745e62fa17a 100644 --- a/extensions/whatsapp/src/auto-reply/monitor/group-activation.ts +++ b/extensions/whatsapp/src/auto-reply/monitor/group-activation.ts @@ -1,14 +1,14 @@ -import { normalizeGroupActivation } from "../../../../../src/auto-reply/group-activation.js"; -import type { loadConfig } from "../../../../../src/config/config.js"; +import type { loadConfig } from "openclaw/plugin-sdk/config-runtime"; import { resolveChannelGroupPolicy, resolveChannelGroupRequireMention, -} from "../../../../../src/config/group-policy.js"; +} from "openclaw/plugin-sdk/config-runtime"; import { loadSessionStore, resolveGroupSessionKey, resolveStorePath, -} from "../../../../../src/config/sessions.js"; +} from "openclaw/plugin-sdk/config-runtime"; +import { normalizeGroupActivation } from "openclaw/plugin-sdk/reply-runtime"; export function resolveGroupPolicyFor(cfg: ReturnType, conversationId: string) { const groupId = resolveGroupSessionKey({ diff --git a/extensions/whatsapp/src/auto-reply/monitor/group-gating.ts b/extensions/whatsapp/src/auto-reply/monitor/group-gating.ts index 418d5ebee83..847e5e3182f 100644 --- a/extensions/whatsapp/src/auto-reply/monitor/group-gating.ts +++ b/extensions/whatsapp/src/auto-reply/monitor/group-gating.ts @@ -1,9 +1,9 @@ -import { hasControlCommand } from "../../../../../src/auto-reply/command-detection.js"; -import { parseActivationCommand } from "../../../../../src/auto-reply/group-activation.js"; -import { recordPendingHistoryEntryIfEnabled } from "../../../../../src/auto-reply/reply/history.js"; -import { resolveMentionGating } from "../../../../../src/channels/mention-gating.js"; -import type { loadConfig } from "../../../../../src/config/config.js"; -import { normalizeE164 } from "../../../../../src/utils.js"; +import { resolveMentionGating } from "openclaw/plugin-sdk/channel-runtime"; +import type { loadConfig } from "openclaw/plugin-sdk/config-runtime"; +import { hasControlCommand } from "openclaw/plugin-sdk/reply-runtime"; +import { parseActivationCommand } from "openclaw/plugin-sdk/reply-runtime"; +import { recordPendingHistoryEntryIfEnabled } from "openclaw/plugin-sdk/reply-runtime"; +import { normalizeE164 } from "openclaw/plugin-sdk/text-runtime"; import type { MentionConfig } from "../mentions.js"; import { buildMentionConfig, debugMention, resolveOwnerList } from "../mentions.js"; import type { WebInboundMsg } from "../types.js"; diff --git a/extensions/whatsapp/src/auto-reply/monitor/group-members.ts b/extensions/whatsapp/src/auto-reply/monitor/group-members.ts index fc2d541bcf5..a037dcfb38b 100644 --- a/extensions/whatsapp/src/auto-reply/monitor/group-members.ts +++ b/extensions/whatsapp/src/auto-reply/monitor/group-members.ts @@ -1,4 +1,4 @@ -import { normalizeE164 } from "../../../../../src/utils.js"; +import { normalizeE164 } from "openclaw/plugin-sdk/text-runtime"; function appendNormalizedUnique(entries: Iterable, seen: Set, ordered: string[]) { for (const entry of entries) { diff --git a/extensions/whatsapp/src/auto-reply/monitor/last-route.ts b/extensions/whatsapp/src/auto-reply/monitor/last-route.ts index 9fbe17d104d..915db0ba761 100644 --- a/extensions/whatsapp/src/auto-reply/monitor/last-route.ts +++ b/extensions/whatsapp/src/auto-reply/monitor/last-route.ts @@ -1,6 +1,6 @@ -import type { MsgContext } from "../../../../../src/auto-reply/templating.js"; -import type { loadConfig } from "../../../../../src/config/config.js"; -import { resolveStorePath, updateLastRoute } from "../../../../../src/config/sessions.js"; +import type { loadConfig } from "openclaw/plugin-sdk/config-runtime"; +import { resolveStorePath, updateLastRoute } from "openclaw/plugin-sdk/config-runtime"; +import type { MsgContext } from "openclaw/plugin-sdk/reply-runtime"; import { formatError } from "../../session.js"; export function trackBackgroundTask( diff --git a/extensions/whatsapp/src/auto-reply/monitor/message-line.ts b/extensions/whatsapp/src/auto-reply/monitor/message-line.ts index 299d5868bf8..b9494f0325c 100644 --- a/extensions/whatsapp/src/auto-reply/monitor/message-line.ts +++ b/extensions/whatsapp/src/auto-reply/monitor/message-line.ts @@ -1,9 +1,9 @@ -import { resolveMessagePrefix } from "../../../../../src/agents/identity.js"; +import { resolveMessagePrefix } from "openclaw/plugin-sdk/agent-runtime"; +import type { loadConfig } from "openclaw/plugin-sdk/config-runtime"; import { formatInboundEnvelope, type EnvelopeFormatOptions, -} from "../../../../../src/auto-reply/envelope.js"; -import type { loadConfig } from "../../../../../src/config/config.js"; +} from "openclaw/plugin-sdk/reply-runtime"; import type { WebInboundMsg } from "../types.js"; export function formatReplyContext(msg: WebInboundMsg) { diff --git a/extensions/whatsapp/src/auto-reply/monitor/on-message.ts b/extensions/whatsapp/src/auto-reply/monitor/on-message.ts index caa519f5cf0..fe91ffff547 100644 --- a/extensions/whatsapp/src/auto-reply/monitor/on-message.ts +++ b/extensions/whatsapp/src/auto-reply/monitor/on-message.ts @@ -1,10 +1,10 @@ -import type { getReplyFromConfig } from "../../../../../src/auto-reply/reply.js"; -import type { MsgContext } from "../../../../../src/auto-reply/templating.js"; -import { loadConfig } from "../../../../../src/config/config.js"; -import { logVerbose } from "../../../../../src/globals.js"; -import { resolveAgentRoute } from "../../../../../src/routing/resolve-route.js"; -import { buildGroupHistoryKey } from "../../../../../src/routing/session-key.js"; -import { normalizeE164 } from "../../../../../src/utils.js"; +import { loadConfig } from "openclaw/plugin-sdk/config-runtime"; +import type { getReplyFromConfig } from "openclaw/plugin-sdk/reply-runtime"; +import type { MsgContext } from "openclaw/plugin-sdk/reply-runtime"; +import { resolveAgentRoute } from "openclaw/plugin-sdk/routing"; +import { buildGroupHistoryKey } from "openclaw/plugin-sdk/routing"; +import { logVerbose } from "openclaw/plugin-sdk/runtime-env"; +import { normalizeE164 } from "openclaw/plugin-sdk/text-runtime"; import type { MentionConfig } from "../mentions.js"; import type { WebInboundMsg } from "../types.js"; import { maybeBroadcastMessage } from "./broadcast.js"; @@ -26,7 +26,7 @@ export function createWebOnMessageHandler(params: { echoTracker: EchoTracker; backgroundTasks: Set>; replyResolver: typeof getReplyFromConfig; - replyLogger: ReturnType<(typeof import("../../../../../src/logging.js"))["getChildLogger"]>; + replyLogger: ReturnType<(typeof import("openclaw/plugin-sdk/runtime-env"))["getChildLogger"]>; baseMentionConfig: MentionConfig; account: { authDir?: string; accountId?: string }; }) { diff --git a/extensions/whatsapp/src/auto-reply/monitor/peer.ts b/extensions/whatsapp/src/auto-reply/monitor/peer.ts index 7795ac7c4d1..daaa5a50f01 100644 --- a/extensions/whatsapp/src/auto-reply/monitor/peer.ts +++ b/extensions/whatsapp/src/auto-reply/monitor/peer.ts @@ -1,4 +1,4 @@ -import { jidToE164, normalizeE164 } from "../../../../../src/utils.js"; +import { jidToE164, normalizeE164 } from "openclaw/plugin-sdk/text-runtime"; import type { WebInboundMsg } from "../types.js"; export function resolvePeerId(msg: WebInboundMsg) { diff --git a/extensions/whatsapp/src/auto-reply/monitor/process-message.inbound-contract.test.ts b/extensions/whatsapp/src/auto-reply/monitor/process-message.inbound-context.test.ts similarity index 99% rename from extensions/whatsapp/src/auto-reply/monitor/process-message.inbound-contract.test.ts rename to extensions/whatsapp/src/auto-reply/monitor/process-message.inbound-context.test.ts index 566c8a76e1e..c6db2affda3 100644 --- a/extensions/whatsapp/src/auto-reply/monitor/process-message.inbound-contract.test.ts +++ b/extensions/whatsapp/src/auto-reply/monitor/process-message.inbound-context.test.ts @@ -109,7 +109,7 @@ vi.mock("../deliver-reply.js", () => ({ import { updateLastRouteInBackground } from "./last-route.js"; import { processMessage } from "./process-message.js"; -describe("web processMessage inbound contract", () => { +describe("web processMessage inbound context", () => { beforeEach(async () => { capturedCtx = undefined; capturedDispatchParams = undefined; diff --git a/extensions/whatsapp/src/auto-reply/monitor/process-message.ts b/extensions/whatsapp/src/auto-reply/monitor/process-message.ts index 094e4570bdb..beaa564fe28 100644 --- a/extensions/whatsapp/src/auto-reply/monitor/process-message.ts +++ b/extensions/whatsapp/src/auto-reply/monitor/process-message.ts @@ -1,34 +1,34 @@ -import { resolveIdentityNamePrefix } from "../../../../../src/agents/identity.js"; -import { resolveChunkMode, resolveTextChunkLimit } from "../../../../../src/auto-reply/chunk.js"; -import { shouldComputeCommandAuthorized } from "../../../../../src/auto-reply/command-detection.js"; -import { formatInboundEnvelope } from "../../../../../src/auto-reply/envelope.js"; -import type { getReplyFromConfig } from "../../../../../src/auto-reply/reply.js"; +import { resolveIdentityNamePrefix } from "openclaw/plugin-sdk/agent-runtime"; +import { toLocationContext } from "openclaw/plugin-sdk/channel-runtime"; +import { createReplyPrefixOptions } from "openclaw/plugin-sdk/channel-runtime"; +import { resolveInboundSessionEnvelopeContext } from "openclaw/plugin-sdk/channel-runtime"; +import type { loadConfig } from "openclaw/plugin-sdk/config-runtime"; +import { resolveMarkdownTableMode } from "openclaw/plugin-sdk/config-runtime"; +import { recordSessionMetaFromInbound } from "openclaw/plugin-sdk/config-runtime"; +import { getAgentScopedMediaLocalRoots } from "openclaw/plugin-sdk/media-runtime"; +import { resolveChunkMode, resolveTextChunkLimit } from "openclaw/plugin-sdk/reply-runtime"; +import { shouldComputeCommandAuthorized } from "openclaw/plugin-sdk/reply-runtime"; +import { formatInboundEnvelope } from "openclaw/plugin-sdk/reply-runtime"; +import type { getReplyFromConfig } from "openclaw/plugin-sdk/reply-runtime"; import { buildHistoryContextFromEntries, type HistoryEntry, -} from "../../../../../src/auto-reply/reply/history.js"; -import { finalizeInboundContext } from "../../../../../src/auto-reply/reply/inbound-context.js"; -import { dispatchReplyWithBufferedBlockDispatcher } from "../../../../../src/auto-reply/reply/provider-dispatcher.js"; -import type { ReplyPayload } from "../../../../../src/auto-reply/types.js"; -import { toLocationContext } from "../../../../../src/channels/location.js"; -import { createReplyPrefixOptions } from "../../../../../src/channels/reply-prefix.js"; -import { resolveInboundSessionEnvelopeContext } from "../../../../../src/channels/session-envelope.js"; -import type { loadConfig } from "../../../../../src/config/config.js"; -import { resolveMarkdownTableMode } from "../../../../../src/config/markdown-tables.js"; -import { recordSessionMetaFromInbound } from "../../../../../src/config/sessions.js"; -import { logVerbose, shouldLogVerbose } from "../../../../../src/globals.js"; -import type { getChildLogger } from "../../../../../src/logging.js"; -import { getAgentScopedMediaLocalRoots } from "../../../../../src/media/local-roots.js"; +} from "openclaw/plugin-sdk/reply-runtime"; +import { finalizeInboundContext } from "openclaw/plugin-sdk/reply-runtime"; +import { dispatchReplyWithBufferedBlockDispatcher } from "openclaw/plugin-sdk/reply-runtime"; +import type { ReplyPayload } from "openclaw/plugin-sdk/reply-runtime"; import { resolveInboundLastRouteSessionKey, type resolveAgentRoute, -} from "../../../../../src/routing/resolve-route.js"; +} from "openclaw/plugin-sdk/routing"; +import { logVerbose, shouldLogVerbose } from "openclaw/plugin-sdk/runtime-env"; +import type { getChildLogger } from "openclaw/plugin-sdk/runtime-env"; import { readStoreAllowFromForDmPolicy, resolvePinnedMainDmOwnerFromAllowlist, resolveDmGroupAccessWithCommandGate, -} from "../../../../../src/security/dm-policy-shared.js"; -import { jidToE164, normalizeE164 } from "../../../../../src/utils.js"; +} from "openclaw/plugin-sdk/security-runtime"; +import { jidToE164, normalizeE164 } from "openclaw/plugin-sdk/text-runtime"; import { resolveWhatsAppAccount } from "../../accounts.js"; import { newConnectionId } from "../../reconnect.js"; import { formatError } from "../../session.js"; diff --git a/extensions/whatsapp/src/auto-reply/session-snapshot.ts b/extensions/whatsapp/src/auto-reply/session-snapshot.ts index 53b7e3ae615..ff4899d0d52 100644 --- a/extensions/whatsapp/src/auto-reply/session-snapshot.ts +++ b/extensions/whatsapp/src/auto-reply/session-snapshot.ts @@ -1,4 +1,4 @@ -import type { loadConfig } from "../../../../src/config/config.js"; +import type { loadConfig } from "openclaw/plugin-sdk/config-runtime"; import { evaluateSessionFreshness, loadSessionStore, @@ -8,8 +8,8 @@ import { resolveSessionResetType, resolveSessionKey, resolveStorePath, -} from "../../../../src/config/sessions.js"; -import { normalizeMainKey } from "../../../../src/routing/session-key.js"; +} from "openclaw/plugin-sdk/config-runtime"; +import { normalizeMainKey } from "openclaw/plugin-sdk/routing"; export function getSessionSnapshot( cfg: ReturnType, diff --git a/extensions/whatsapp/src/auto-reply/web-auto-reply-utils.test.ts b/extensions/whatsapp/src/auto-reply/web-auto-reply-utils.test.ts index 0107fa126d7..eb733d14e0e 100644 --- a/extensions/whatsapp/src/auto-reply/web-auto-reply-utils.test.ts +++ b/extensions/whatsapp/src/auto-reply/web-auto-reply-utils.test.ts @@ -2,7 +2,7 @@ import fs from "node:fs/promises"; import path from "node:path"; import { describe, expect, it, vi } from "vitest"; import { saveSessionStore } from "../../../../src/config/sessions.js"; -import { withTempDir } from "../../../../src/test-utils/temp-dir.js"; +import { withTempDir } from "../../../../test/helpers/extensions/temp-dir.js"; import { debugMention, isBotMentionedFromTargets, diff --git a/extensions/whatsapp/src/channel.runtime.ts b/extensions/whatsapp/src/channel.runtime.ts index ff67d34ee10..0d944b3cb17 100644 --- a/extensions/whatsapp/src/channel.runtime.ts +++ b/extensions/whatsapp/src/channel.runtime.ts @@ -1 +1,82 @@ -export { whatsappSetupWizard } from "./setup-surface.js"; +import { monitorWebChannel as monitorWebChannelImpl } from "openclaw/plugin-sdk/whatsapp"; +import { getActiveWebListener as getActiveWebListenerImpl } from "./active-listener.js"; +import { + getWebAuthAgeMs as getWebAuthAgeMsImpl, + logWebSelfId as logWebSelfIdImpl, + logoutWeb as logoutWebImpl, + readWebSelfId as readWebSelfIdImpl, + webAuthExists as webAuthExistsImpl, +} from "./auth-store.js"; +import { loginWeb as loginWebImpl } from "./login.js"; +import { whatsappSetupWizard as whatsappSetupWizardImpl } from "./setup-surface.js"; + +type GetActiveWebListener = typeof import("./active-listener.js").getActiveWebListener; +type GetWebAuthAgeMs = typeof import("./auth-store.js").getWebAuthAgeMs; +type LogWebSelfId = typeof import("./auth-store.js").logWebSelfId; +type LogoutWeb = typeof import("./auth-store.js").logoutWeb; +type ReadWebSelfId = typeof import("./auth-store.js").readWebSelfId; +type WebAuthExists = typeof import("./auth-store.js").webAuthExists; +type LoginWeb = typeof import("./login.js").loginWeb; +type StartWebLoginWithQr = typeof import("./login-qr.js").startWebLoginWithQr; +type WaitForWebLogin = typeof import("./login-qr.js").waitForWebLogin; +type WhatsAppSetupWizard = typeof import("./setup-surface.js").whatsappSetupWizard; +type MonitorWebChannel = typeof import("openclaw/plugin-sdk/whatsapp").monitorWebChannel; + +let loginQrPromise: Promise | null = null; + +function loadWhatsAppLoginQr() { + loginQrPromise ??= import("./login-qr.js"); + return loginQrPromise; +} + +export function getActiveWebListener( + ...args: Parameters +): ReturnType { + return getActiveWebListenerImpl(...args); +} + +export function getWebAuthAgeMs(...args: Parameters): ReturnType { + return getWebAuthAgeMsImpl(...args); +} + +export function logWebSelfId(...args: Parameters): ReturnType { + return logWebSelfIdImpl(...args); +} + +export function logoutWeb(...args: Parameters): ReturnType { + return logoutWebImpl(...args); +} + +export function readWebSelfId(...args: Parameters): ReturnType { + return readWebSelfIdImpl(...args); +} + +export function webAuthExists(...args: Parameters): ReturnType { + return webAuthExistsImpl(...args); +} + +export function loginWeb(...args: Parameters): ReturnType { + return loginWebImpl(...args); +} + +export async function startWebLoginWithQr( + ...args: Parameters +): ReturnType { + const { startWebLoginWithQr } = await loadWhatsAppLoginQr(); + return await startWebLoginWithQr(...args); +} + +export async function waitForWebLogin( + ...args: Parameters +): ReturnType { + const { waitForWebLogin } = await loadWhatsAppLoginQr(); + return await waitForWebLogin(...args); +} + +export const whatsappSetupWizard: WhatsAppSetupWizard = { ...whatsappSetupWizardImpl }; + +export async function monitorWebChannel( + ...args: Parameters +): ReturnType { + return await monitorWebChannelImpl(...args); +} diff --git a/extensions/whatsapp/src/channel.setup.ts b/extensions/whatsapp/src/channel.setup.ts index b352bd2ed73..3b4ecacce26 100644 --- a/extensions/whatsapp/src/channel.setup.ts +++ b/extensions/whatsapp/src/channel.setup.ts @@ -1,198 +1,26 @@ import { - buildAccountScopedDmSecurityPolicy, buildChannelConfigSchema, - collectAllowlistProviderGroupPolicyWarnings, - collectOpenGroupPolicyRouteAllowlistWarnings, - DEFAULT_ACCOUNT_ID, - formatWhatsAppConfigAllowFromEntries, - getChatChannelMeta, - normalizeE164, - resolveWhatsAppConfigAllowFrom, - resolveWhatsAppConfigDefaultTo, resolveWhatsAppGroupIntroHint, resolveWhatsAppGroupRequireMention, resolveWhatsAppGroupToolPolicy, WhatsAppConfigSchema, type ChannelPlugin, } from "openclaw/plugin-sdk/whatsapp"; -import { - listWhatsAppAccountIds, - resolveDefaultWhatsAppAccountId, - resolveWhatsAppAccount, - type ResolvedWhatsAppAccount, -} from "./accounts.js"; +import { type ResolvedWhatsAppAccount } from "./accounts.js"; import { webAuthExists } from "./auth-store.js"; import { whatsappSetupAdapter } from "./setup-core.js"; - -async function loadWhatsAppChannelRuntime() { - return await import("./channel.runtime.js"); -} - -const whatsappSetupWizardProxy = { - channel: "whatsapp", - status: { - configuredLabel: "linked", - unconfiguredLabel: "not linked", - configuredHint: "linked", - unconfiguredHint: "not linked", - configuredScore: 5, - unconfiguredScore: 4, - resolveConfigured: async ({ cfg }) => - await ( - await loadWhatsAppChannelRuntime() - ).whatsappSetupWizard.status.resolveConfigured({ - cfg, - }), - resolveStatusLines: async ({ cfg, configured }) => - (await ( - await loadWhatsAppChannelRuntime() - ).whatsappSetupWizard.status.resolveStatusLines?.({ - cfg, - configured, - })) ?? [], - }, - resolveShouldPromptAccountIds: (params) => - (params.shouldPromptAccountIds || params.options?.promptWhatsAppAccountId) ?? false, - credentials: [], - finalize: async (params) => - await ( - await loadWhatsAppChannelRuntime() - ).whatsappSetupWizard.finalize!(params), - disable: (cfg) => ({ - ...cfg, - channels: { - ...cfg.channels, - whatsapp: { - ...cfg.channels?.whatsapp, - enabled: false, - }, - }, - }), - onAccountRecorded: (accountId, options) => { - options?.onWhatsAppAccountId?.(accountId); - }, -} satisfies NonNullable["setupWizard"]>; +import { createWhatsAppPluginBase, whatsappSetupWizardProxy } from "./shared.js"; export const whatsappSetupPlugin: ChannelPlugin = { - id: "whatsapp", - meta: { - ...getChatChannelMeta("whatsapp"), - showConfigured: false, - quickstartAllowFrom: true, - forceAccountBinding: true, - preferSessionLookupForAnnounceTarget: true, - }, - setupWizard: whatsappSetupWizardProxy, - capabilities: { - chatTypes: ["direct", "group"], - polls: true, - reactions: true, - media: true, - }, - reload: { configPrefixes: ["web"], noopPrefixes: ["channels.whatsapp"] }, - gatewayMethods: ["web.login.start", "web.login.wait"], - configSchema: buildChannelConfigSchema(WhatsAppConfigSchema), - config: { - listAccountIds: (cfg) => listWhatsAppAccountIds(cfg), - resolveAccount: (cfg, accountId) => resolveWhatsAppAccount({ cfg, accountId }), - defaultAccountId: (cfg) => resolveDefaultWhatsAppAccountId(cfg), - setAccountEnabled: ({ cfg, accountId, enabled }) => { - const accountKey = accountId || DEFAULT_ACCOUNT_ID; - const accounts = { ...cfg.channels?.whatsapp?.accounts }; - const existing = accounts[accountKey] ?? {}; - return { - ...cfg, - channels: { - ...cfg.channels, - whatsapp: { - ...cfg.channels?.whatsapp, - accounts: { - ...accounts, - [accountKey]: { - ...existing, - enabled, - }, - }, - }, - }, - }; + ...createWhatsAppPluginBase({ + configSchema: buildChannelConfigSchema(WhatsAppConfigSchema), + groups: { + resolveRequireMention: resolveWhatsAppGroupRequireMention, + resolveToolPolicy: resolveWhatsAppGroupToolPolicy, + resolveGroupIntroHint: resolveWhatsAppGroupIntroHint, }, - deleteAccount: ({ cfg, accountId }) => { - const accountKey = accountId || DEFAULT_ACCOUNT_ID; - const accounts = { ...cfg.channels?.whatsapp?.accounts }; - delete accounts[accountKey]; - return { - ...cfg, - channels: { - ...cfg.channels, - whatsapp: { - ...cfg.channels?.whatsapp, - accounts: Object.keys(accounts).length ? accounts : undefined, - }, - }, - }; - }, - isEnabled: (account, cfg) => account.enabled && cfg.web?.enabled !== false, - disabledReason: () => "disabled", + setupWizard: whatsappSetupWizardProxy, + setup: whatsappSetupAdapter, isConfigured: async (account) => await webAuthExists(account.authDir), - unconfiguredReason: () => "not linked", - describeAccount: (account) => ({ - accountId: account.accountId, - name: account.name, - enabled: account.enabled, - configured: Boolean(account.authDir), - linked: Boolean(account.authDir), - dmPolicy: account.dmPolicy, - allowFrom: account.allowFrom, - }), - resolveAllowFrom: ({ cfg, accountId }) => resolveWhatsAppConfigAllowFrom({ cfg, accountId }), - formatAllowFrom: ({ allowFrom }) => formatWhatsAppConfigAllowFromEntries(allowFrom), - resolveDefaultTo: ({ cfg, accountId }) => resolveWhatsAppConfigDefaultTo({ cfg, accountId }), - }, - security: { - resolveDmPolicy: ({ cfg, accountId, account }) => - buildAccountScopedDmSecurityPolicy({ - cfg, - channelKey: "whatsapp", - accountId, - fallbackAccountId: account.accountId ?? DEFAULT_ACCOUNT_ID, - policy: account.dmPolicy, - allowFrom: account.allowFrom ?? [], - policyPathSuffix: "dmPolicy", - normalizeEntry: (raw) => normalizeE164(raw), - }), - collectWarnings: ({ account, cfg }) => { - const groupAllowlistConfigured = - Boolean(account.groups) && Object.keys(account.groups ?? {}).length > 0; - return collectAllowlistProviderGroupPolicyWarnings({ - cfg, - providerConfigPresent: cfg.channels?.whatsapp !== undefined, - configuredGroupPolicy: account.groupPolicy, - collect: (groupPolicy) => - collectOpenGroupPolicyRouteAllowlistWarnings({ - groupPolicy, - routeAllowlistConfigured: groupAllowlistConfigured, - restrictSenders: { - surface: "WhatsApp groups", - openScope: "any member in allowed groups", - groupPolicyPath: "channels.whatsapp.groupPolicy", - groupAllowFromPath: "channels.whatsapp.groupAllowFrom", - }, - noRouteAllowlist: { - surface: "WhatsApp groups", - routeAllowlistPath: "channels.whatsapp.groups", - routeScope: "group", - groupPolicyPath: "channels.whatsapp.groupPolicy", - groupAllowFromPath: "channels.whatsapp.groupAllowFrom", - }, - }), - }); - }, - }, - setup: whatsappSetupAdapter, - groups: { - resolveRequireMention: resolveWhatsAppGroupRequireMention, - resolveToolPolicy: resolveWhatsAppGroupToolPolicy, - resolveGroupIntroHint: resolveWhatsAppGroupIntroHint, - }, + }), }; diff --git a/extensions/whatsapp/src/channel.ts b/extensions/whatsapp/src/channel.ts index d7f437d3204..d69dd480a4a 100644 --- a/extensions/whatsapp/src/channel.ts +++ b/extensions/whatsapp/src/channel.ts @@ -1,49 +1,37 @@ -import { buildAccountScopedAllowlistConfigEditor } from "openclaw/plugin-sdk/compat"; +import { buildAccountScopedAllowlistConfigEditor } from "openclaw/plugin-sdk/allowlist-config-edit"; import { buildChannelConfigSchema, - buildAccountScopedDmSecurityPolicy, - collectAllowlistProviderGroupPolicyWarnings, - collectOpenGroupPolicyRouteAllowlistWarnings, createActionGate, createWhatsAppOutboundBase, DEFAULT_ACCOUNT_ID, - getChatChannelMeta, + formatWhatsAppConfigAllowFromEntries, listWhatsAppDirectoryGroupsFromConfig, listWhatsAppDirectoryPeersFromConfig, - normalizeE164, - formatWhatsAppConfigAllowFromEntries, readStringParam, - resolveWhatsAppOutboundTarget, - resolveWhatsAppConfigAllowFrom, - resolveWhatsAppConfigDefaultTo, - resolveWhatsAppGroupRequireMention, resolveWhatsAppGroupIntroHint, + resolveWhatsAppGroupRequireMention, resolveWhatsAppGroupToolPolicy, + resolveWhatsAppOutboundTarget, resolveWhatsAppHeartbeatRecipients, resolveWhatsAppMentionStripRegexes, WhatsAppConfigSchema, type ChannelMessageActionName, type ChannelPlugin, } from "openclaw/plugin-sdk/whatsapp"; -import { isWhatsAppGroupJid, normalizeWhatsAppTarget } from "../../../src/whatsapp/normalize.js"; +import { isWhatsAppGroupJid, normalizeWhatsAppTarget } from "openclaw/plugin-sdk/whatsapp"; // WhatsApp-specific imports from local extension code (moved from src/web/ and src/channels/plugins/) -import { - listWhatsAppAccountIds, - resolveDefaultWhatsAppAccountId, - resolveWhatsAppAccount, - type ResolvedWhatsAppAccount, -} from "./accounts.js"; +import { resolveWhatsAppAccount, type ResolvedWhatsAppAccount } from "./accounts.js"; import { looksLikeWhatsAppTargetId, normalizeWhatsAppMessagingTarget } from "./normalize.js"; import { getWhatsAppRuntime } from "./runtime.js"; import { whatsappSetupAdapter } from "./setup-core.js"; +import { + createWhatsAppPluginBase, + loadWhatsAppChannelRuntime, + whatsappSetupWizardProxy, + WHATSAPP_CHANNEL, +} from "./shared.js"; import { collectWhatsAppStatusIssues } from "./status-issues.js"; -const meta = getChatChannelMeta("whatsapp"); - -async function loadWhatsAppChannelRuntime() { - return await import("./channel.runtime.js"); -} - function normalizeWhatsAppPayloadText(text: string | undefined): string { return (text ?? "").replace(/^(?:[ \t]*\r?\n)+/, ""); } @@ -59,132 +47,23 @@ function parseWhatsAppExplicitTarget(raw: string) { }; } -const whatsappSetupWizardProxy = { - channel: "whatsapp", - status: { - configuredLabel: "linked", - unconfiguredLabel: "not linked", - configuredHint: "linked", - unconfiguredHint: "not linked", - configuredScore: 5, - unconfiguredScore: 4, - resolveConfigured: async ({ cfg }) => - await ( - await loadWhatsAppChannelRuntime() - ).whatsappSetupWizard.status.resolveConfigured({ - cfg, - }), - resolveStatusLines: async ({ cfg, configured }) => - (await ( - await loadWhatsAppChannelRuntime() - ).whatsappSetupWizard.status.resolveStatusLines?.({ - cfg, - configured, - })) ?? [], - }, - resolveShouldPromptAccountIds: (params) => - (params.shouldPromptAccountIds || params.options?.promptWhatsAppAccountId) ?? false, - credentials: [], - finalize: async (params) => - await ( - await loadWhatsAppChannelRuntime() - ).whatsappSetupWizard.finalize!(params), - disable: (cfg) => ({ - ...cfg, - channels: { - ...cfg.channels, - whatsapp: { - ...cfg.channels?.whatsapp, - enabled: false, - }, - }, - }), - onAccountRecorded: (accountId, options) => { - options?.onWhatsAppAccountId?.(accountId); - }, -} satisfies NonNullable["setupWizard"]>; - export const whatsappPlugin: ChannelPlugin = { - id: "whatsapp", - meta: { - ...meta, - showConfigured: false, - quickstartAllowFrom: true, - forceAccountBinding: true, - preferSessionLookupForAnnounceTarget: true, - }, - setupWizard: whatsappSetupWizardProxy, + ...createWhatsAppPluginBase({ + configSchema: buildChannelConfigSchema(WhatsAppConfigSchema), + groups: { + resolveRequireMention: resolveWhatsAppGroupRequireMention, + resolveToolPolicy: resolveWhatsAppGroupToolPolicy, + resolveGroupIntroHint: resolveWhatsAppGroupIntroHint, + }, + setupWizard: whatsappSetupWizardProxy, + setup: whatsappSetupAdapter, + isConfigured: async (account) => + await getWhatsAppRuntime().channel.whatsapp.webAuthExists(account.authDir), + }), agentTools: () => [getWhatsAppRuntime().channel.whatsapp.createLoginTool()], pairing: { idLabel: "whatsappSenderId", }, - capabilities: { - chatTypes: ["direct", "group"], - polls: true, - reactions: true, - media: true, - }, - reload: { configPrefixes: ["web"], noopPrefixes: ["channels.whatsapp"] }, - gatewayMethods: ["web.login.start", "web.login.wait"], - configSchema: buildChannelConfigSchema(WhatsAppConfigSchema), - config: { - listAccountIds: (cfg) => listWhatsAppAccountIds(cfg), - resolveAccount: (cfg, accountId) => resolveWhatsAppAccount({ cfg, accountId }), - defaultAccountId: (cfg) => resolveDefaultWhatsAppAccountId(cfg), - setAccountEnabled: ({ cfg, accountId, enabled }) => { - const accountKey = accountId || DEFAULT_ACCOUNT_ID; - const accounts = { ...cfg.channels?.whatsapp?.accounts }; - const existing = accounts[accountKey] ?? {}; - return { - ...cfg, - channels: { - ...cfg.channels, - whatsapp: { - ...cfg.channels?.whatsapp, - accounts: { - ...accounts, - [accountKey]: { - ...existing, - enabled, - }, - }, - }, - }, - }; - }, - deleteAccount: ({ cfg, accountId }) => { - const accountKey = accountId || DEFAULT_ACCOUNT_ID; - const accounts = { ...cfg.channels?.whatsapp?.accounts }; - delete accounts[accountKey]; - return { - ...cfg, - channels: { - ...cfg.channels, - whatsapp: { - ...cfg.channels?.whatsapp, - accounts: Object.keys(accounts).length ? accounts : undefined, - }, - }, - }; - }, - isEnabled: (account, cfg) => account.enabled && cfg.web?.enabled !== false, - disabledReason: () => "disabled", - isConfigured: async (account) => - await getWhatsAppRuntime().channel.whatsapp.webAuthExists(account.authDir), - unconfiguredReason: () => "not linked", - describeAccount: (account) => ({ - accountId: account.accountId, - name: account.name, - enabled: account.enabled, - configured: Boolean(account.authDir), - linked: Boolean(account.authDir), - dmPolicy: account.dmPolicy, - allowFrom: account.allowFrom, - }), - resolveAllowFrom: ({ cfg, accountId }) => resolveWhatsAppConfigAllowFrom({ cfg, accountId }), - formatAllowFrom: ({ allowFrom }) => formatWhatsAppConfigAllowFromEntries(allowFrom), - resolveDefaultTo: ({ cfg, accountId }) => resolveWhatsAppConfigDefaultTo({ cfg, accountId }), - }, allowlist: { supportsScope: ({ scope }) => scope === "dm" || scope === "group" || scope === "all", readConfig: ({ cfg, accountId }) => { @@ -205,53 +84,6 @@ export const whatsappPlugin: ChannelPlugin = { }), }), }, - security: { - resolveDmPolicy: ({ cfg, accountId, account }) => { - return buildAccountScopedDmSecurityPolicy({ - cfg, - channelKey: "whatsapp", - accountId, - fallbackAccountId: account.accountId ?? DEFAULT_ACCOUNT_ID, - policy: account.dmPolicy, - allowFrom: account.allowFrom ?? [], - policyPathSuffix: "dmPolicy", - normalizeEntry: (raw) => normalizeE164(raw), - }); - }, - collectWarnings: ({ account, cfg }) => { - const groupAllowlistConfigured = - Boolean(account.groups) && Object.keys(account.groups ?? {}).length > 0; - return collectAllowlistProviderGroupPolicyWarnings({ - cfg, - providerConfigPresent: cfg.channels?.whatsapp !== undefined, - configuredGroupPolicy: account.groupPolicy, - collect: (groupPolicy) => - collectOpenGroupPolicyRouteAllowlistWarnings({ - groupPolicy, - routeAllowlistConfigured: groupAllowlistConfigured, - restrictSenders: { - surface: "WhatsApp groups", - openScope: "any member in allowed groups", - groupPolicyPath: "channels.whatsapp.groupPolicy", - groupAllowFromPath: "channels.whatsapp.groupAllowFrom", - }, - noRouteAllowlist: { - surface: "WhatsApp groups", - routeAllowlistPath: "channels.whatsapp.groups", - routeScope: "group", - groupPolicyPath: "channels.whatsapp.groupPolicy", - groupAllowFromPath: "channels.whatsapp.groupAllowFrom", - }, - }), - }); - }, - }, - setup: whatsappSetupAdapter, - groups: { - resolveRequireMention: resolveWhatsAppGroupRequireMention, - resolveToolPolicy: resolveWhatsAppGroupToolPolicy, - resolveGroupIntroHint: resolveWhatsAppGroupIntroHint, - }, mentions: { stripRegexes: ({ ctx }) => resolveWhatsAppMentionStripRegexes(ctx), }, @@ -271,7 +103,7 @@ export const whatsappPlugin: ChannelPlugin = { directory: { self: async ({ cfg, accountId }) => { const account = resolveWhatsAppAccount({ cfg, accountId }); - const { e164, jid } = getWhatsAppRuntime().channel.whatsapp.readWebSelfId(account.authDir); + const { e164, jid } = (await loadWhatsAppChannelRuntime()).readWebSelfId(account.authDir); const id = e164 ?? jid; if (!id) { return null; @@ -304,7 +136,7 @@ export const whatsappPlugin: ChannelPlugin = { supportsAction: ({ action }) => action === "react", handleAction: async ({ action, params, cfg, accountId }) => { if (action !== "react") { - throw new Error(`Action ${action} is not supported for provider ${meta.id}.`); + throw new Error(`Action ${action} is not supported for provider ${WHATSAPP_CHANNEL}.`); } const messageId = readStringParam(params, "messageId", { required: true, @@ -345,13 +177,11 @@ export const whatsappPlugin: ChannelPlugin = { }, auth: { login: async ({ cfg, accountId, runtime, verbose }) => { - const resolvedAccountId = accountId?.trim() || resolveDefaultWhatsAppAccountId(cfg); - await getWhatsAppRuntime().channel.whatsapp.loginWeb( - Boolean(verbose), - undefined, - runtime, - resolvedAccountId, - ); + const resolvedAccountId = + accountId?.trim() || whatsappPlugin.config.defaultAccountId?.(cfg) || DEFAULT_ACCOUNT_ID; + await ( + await loadWhatsAppChannelRuntime() + ).loginWeb(Boolean(verbose), undefined, runtime, resolvedAccountId); }, }, heartbeat: { @@ -361,14 +191,14 @@ export const whatsappPlugin: ChannelPlugin = { } const account = resolveWhatsAppAccount({ cfg, accountId }); const authExists = await ( - deps?.webAuthExists ?? getWhatsAppRuntime().channel.whatsapp.webAuthExists + deps?.webAuthExists ?? (await loadWhatsAppChannelRuntime()).webAuthExists )(account.authDir); if (!authExists) { return { ok: false, reason: "whatsapp-not-linked" }; } const listenerActive = deps?.hasActiveWebListener ? deps.hasActiveWebListener() - : Boolean(getWhatsAppRuntime().channel.whatsapp.getActiveWebListener()); + : Boolean((await loadWhatsAppChannelRuntime()).getActiveWebListener()); if (!listenerActive) { return { ok: false, reason: "whatsapp-not-running" }; } @@ -395,13 +225,13 @@ export const whatsappPlugin: ChannelPlugin = { typeof snapshot.linked === "boolean" ? snapshot.linked : authDir - ? await getWhatsAppRuntime().channel.whatsapp.webAuthExists(authDir) + ? await (await loadWhatsAppChannelRuntime()).webAuthExists(authDir) : false; const authAgeMs = - linked && authDir ? getWhatsAppRuntime().channel.whatsapp.getWebAuthAgeMs(authDir) : null; + linked && authDir ? (await loadWhatsAppChannelRuntime()).getWebAuthAgeMs(authDir) : null; const self = linked && authDir - ? getWhatsAppRuntime().channel.whatsapp.readWebSelfId(authDir) + ? (await loadWhatsAppChannelRuntime()).readWebSelfId(authDir) : { e164: null, jid: null }; return { configured: linked, @@ -419,7 +249,7 @@ export const whatsappPlugin: ChannelPlugin = { }; }, buildAccountSnapshot: async ({ account, runtime }) => { - const linked = await getWhatsAppRuntime().channel.whatsapp.webAuthExists(account.authDir); + const linked = await (await loadWhatsAppChannelRuntime()).webAuthExists(account.authDir); return { accountId: account.accountId, name: account.name, @@ -440,20 +270,18 @@ export const whatsappPlugin: ChannelPlugin = { }, resolveAccountState: ({ configured }) => (configured ? "linked" : "not linked"), logSelfId: ({ account, runtime, includeChannelPrefix }) => { - getWhatsAppRuntime().channel.whatsapp.logWebSelfId( - account.authDir, - runtime, - includeChannelPrefix, + void loadWhatsAppChannelRuntime().then((runtimeExports) => + runtimeExports.logWebSelfId(account.authDir, runtime, includeChannelPrefix), ); }, }, gateway: { startAccount: async (ctx) => { const account = ctx.account; - const { e164, jid } = getWhatsAppRuntime().channel.whatsapp.readWebSelfId(account.authDir); + const { e164, jid } = (await loadWhatsAppChannelRuntime()).readWebSelfId(account.authDir); const identity = e164 ? e164 : jid ? `jid ${jid}` : "unknown"; ctx.log?.info(`[${account.accountId}] starting provider (${identity})`); - return getWhatsAppRuntime().channel.whatsapp.monitorWebChannel( + return (await loadWhatsAppChannelRuntime()).monitorWebChannel( getWhatsAppRuntime().logging.shouldLogVerbose(), undefined, true, @@ -467,16 +295,20 @@ export const whatsappPlugin: ChannelPlugin = { ); }, loginWithQrStart: async ({ accountId, force, timeoutMs, verbose }) => - await getWhatsAppRuntime().channel.whatsapp.startWebLoginWithQr({ + await ( + await loadWhatsAppChannelRuntime() + ).startWebLoginWithQr({ accountId, force, timeoutMs, verbose, }), loginWithQrWait: async ({ accountId, timeoutMs }) => - await getWhatsAppRuntime().channel.whatsapp.waitForWebLogin({ accountId, timeoutMs }), + await (await loadWhatsAppChannelRuntime()).waitForWebLogin({ accountId, timeoutMs }), logoutAccount: async ({ account, runtime }) => { - const cleared = await getWhatsAppRuntime().channel.whatsapp.logoutWeb({ + const cleared = await ( + await loadWhatsAppChannelRuntime() + ).logoutWeb({ authDir: account.authDir, isLegacyAuthDir: account.isLegacyAuthDir, runtime, diff --git a/extensions/whatsapp/src/inbound/access-control.test-harness.ts b/extensions/whatsapp/src/inbound/access-control.test-harness.ts index a8bf7a9df19..495615a3cbb 100644 --- a/extensions/whatsapp/src/inbound/access-control.test-harness.ts +++ b/extensions/whatsapp/src/inbound/access-control.test-harness.ts @@ -33,15 +33,15 @@ export function setupAccessControlTestHarness(): void { }); } -vi.mock("../../../../src/config/config.js", async (importOriginal) => { - const actual = await importOriginal(); +vi.mock("openclaw/plugin-sdk/config-runtime", async (importOriginal) => { + const actual = await importOriginal(); return { ...actual, loadConfig: () => config, }; }); -vi.mock("../../../../src/pairing/pairing-store.js", () => ({ +vi.mock("openclaw/plugin-sdk/conversation-runtime", () => ({ readChannelAllowFromStore: (...args: unknown[]) => readAllowFromStoreMock(...args), upsertChannelPairingRequest: (...args: unknown[]) => upsertPairingRequestMock(...args), })); diff --git a/extensions/whatsapp/src/inbound/access-control.ts b/extensions/whatsapp/src/inbound/access-control.ts index ee81e119392..2c57abe8bbf 100644 --- a/extensions/whatsapp/src/inbound/access-control.ts +++ b/extensions/whatsapp/src/inbound/access-control.ts @@ -1,17 +1,17 @@ -import { loadConfig } from "../../../../src/config/config.js"; +import { loadConfig } from "openclaw/plugin-sdk/config-runtime"; import { resolveOpenProviderRuntimeGroupPolicy, resolveDefaultGroupPolicy, warnMissingProviderGroupPolicyFallbackOnce, -} from "../../../../src/config/runtime-group-policy.js"; -import { logVerbose } from "../../../../src/globals.js"; -import { issuePairingChallenge } from "../../../../src/pairing/pairing-challenge.js"; -import { upsertChannelPairingRequest } from "../../../../src/pairing/pairing-store.js"; +} from "openclaw/plugin-sdk/config-runtime"; +import { issuePairingChallenge } from "openclaw/plugin-sdk/conversation-runtime"; +import { upsertChannelPairingRequest } from "openclaw/plugin-sdk/conversation-runtime"; +import { logVerbose } from "openclaw/plugin-sdk/runtime-env"; import { readStoreAllowFromForDmPolicy, resolveDmGroupAccessWithLists, -} from "../../../../src/security/dm-policy-shared.js"; -import { isSelfChatMode, normalizeE164 } from "../../../../src/utils.js"; +} from "openclaw/plugin-sdk/security-runtime"; +import { isSelfChatMode, normalizeE164 } from "openclaw/plugin-sdk/text-runtime"; import { resolveWhatsAppAccount } from "../accounts.js"; export type InboundAccessControlResult = { diff --git a/extensions/whatsapp/src/inbound/dedupe.ts b/extensions/whatsapp/src/inbound/dedupe.ts index 9d20a25b8c4..cfc74185519 100644 --- a/extensions/whatsapp/src/inbound/dedupe.ts +++ b/extensions/whatsapp/src/inbound/dedupe.ts @@ -1,4 +1,4 @@ -import { createDedupeCache } from "../../../../src/infra/dedupe.js"; +import { createDedupeCache } from "openclaw/plugin-sdk/infra-runtime"; const RECENT_WEB_MESSAGE_TTL_MS = 20 * 60_000; const RECENT_WEB_MESSAGE_MAX = 5000; diff --git a/extensions/whatsapp/src/inbound/extract.ts b/extensions/whatsapp/src/inbound/extract.ts index a34937c9793..9fa663847a6 100644 --- a/extensions/whatsapp/src/inbound/extract.ts +++ b/extensions/whatsapp/src/inbound/extract.ts @@ -4,9 +4,9 @@ import { getContentType, normalizeMessageContent, } from "@whiskeysockets/baileys"; -import { formatLocationText, type NormalizedLocation } from "../../../../src/channels/location.js"; -import { logVerbose } from "../../../../src/globals.js"; -import { jidToE164 } from "../../../../src/utils.js"; +import { formatLocationText, type NormalizedLocation } from "openclaw/plugin-sdk/channel-runtime"; +import { logVerbose } from "openclaw/plugin-sdk/runtime-env"; +import { jidToE164 } from "openclaw/plugin-sdk/text-runtime"; import { parseVcard } from "../vcard.js"; function unwrapMessage(message: proto.IMessage | undefined): proto.IMessage | undefined { diff --git a/extensions/whatsapp/src/inbound/media.ts b/extensions/whatsapp/src/inbound/media.ts index 9f2fe70698a..128b4d945d5 100644 --- a/extensions/whatsapp/src/inbound/media.ts +++ b/extensions/whatsapp/src/inbound/media.ts @@ -1,6 +1,6 @@ import type { proto, WAMessage } from "@whiskeysockets/baileys"; import { downloadMediaMessage, normalizeMessageContent } from "@whiskeysockets/baileys"; -import { logVerbose } from "../../../../src/globals.js"; +import { logVerbose } from "openclaw/plugin-sdk/runtime-env"; import type { createWaSocket } from "../session.js"; function unwrapMessage(message: proto.IMessage | undefined): proto.IMessage | undefined { diff --git a/extensions/whatsapp/src/inbound/monitor.ts b/extensions/whatsapp/src/inbound/monitor.ts index 5337c5d6a43..35669bc1b49 100644 --- a/extensions/whatsapp/src/inbound/monitor.ts +++ b/extensions/whatsapp/src/inbound/monitor.ts @@ -1,13 +1,13 @@ import type { AnyMessageContent, proto, WAMessage } from "@whiskeysockets/baileys"; import { DisconnectReason, isJidGroup } from "@whiskeysockets/baileys"; -import { createInboundDebouncer } from "../../../../src/auto-reply/inbound-debounce.js"; -import { formatLocationText } from "../../../../src/channels/location.js"; -import { logVerbose, shouldLogVerbose } from "../../../../src/globals.js"; -import { recordChannelActivity } from "../../../../src/infra/channel-activity.js"; -import { getChildLogger } from "../../../../src/logging/logger.js"; -import { createSubsystemLogger } from "../../../../src/logging/subsystem.js"; -import { saveMediaBuffer } from "../../../../src/media/store.js"; -import { jidToE164, resolveJidToE164 } from "../../../../src/utils.js"; +import { formatLocationText } from "openclaw/plugin-sdk/channel-runtime"; +import { recordChannelActivity } from "openclaw/plugin-sdk/infra-runtime"; +import { saveMediaBuffer } from "openclaw/plugin-sdk/media-runtime"; +import { createInboundDebouncer } from "openclaw/plugin-sdk/reply-runtime"; +import { logVerbose, shouldLogVerbose } from "openclaw/plugin-sdk/runtime-env"; +import { createSubsystemLogger } from "openclaw/plugin-sdk/runtime-env"; +import { getChildLogger } from "openclaw/plugin-sdk/text-runtime"; +import { jidToE164, resolveJidToE164 } from "openclaw/plugin-sdk/text-runtime"; import { createWaSocket, getStatusCode, waitForWaConnection } from "../session.js"; import { checkInboundAccessControl } from "./access-control.js"; import { isRecentInboundMessage } from "./dedupe.js"; diff --git a/extensions/whatsapp/src/inbound/send-api.ts b/extensions/whatsapp/src/inbound/send-api.ts index a5619383415..bb0761431f7 100644 --- a/extensions/whatsapp/src/inbound/send-api.ts +++ b/extensions/whatsapp/src/inbound/send-api.ts @@ -1,6 +1,6 @@ import type { AnyMessageContent, WAPresence } from "@whiskeysockets/baileys"; -import { recordChannelActivity } from "../../../../src/infra/channel-activity.js"; -import { toWhatsappJid } from "../../../../src/utils.js"; +import { recordChannelActivity } from "openclaw/plugin-sdk/infra-runtime"; +import { toWhatsappJid } from "openclaw/plugin-sdk/text-runtime"; import type { ActiveWebSendOptions } from "../active-listener.js"; function recordWhatsAppOutbound(accountId: string) { diff --git a/extensions/whatsapp/src/inbound/types.ts b/extensions/whatsapp/src/inbound/types.ts index c9c97810bad..42e4b5121d1 100644 --- a/extensions/whatsapp/src/inbound/types.ts +++ b/extensions/whatsapp/src/inbound/types.ts @@ -1,5 +1,5 @@ import type { AnyMessageContent } from "@whiskeysockets/baileys"; -import type { NormalizedLocation } from "../../../../src/channels/location.js"; +import type { NormalizedLocation } from "openclaw/plugin-sdk/channel-runtime"; export type WebListenerCloseReason = { status?: number; diff --git a/extensions/whatsapp/src/login-qr.ts b/extensions/whatsapp/src/login-qr.ts index 3681d646252..352cf6e86b6 100644 --- a/extensions/whatsapp/src/login-qr.ts +++ b/extensions/whatsapp/src/login-qr.ts @@ -1,9 +1,9 @@ import { randomUUID } from "node:crypto"; import { DisconnectReason } from "@whiskeysockets/baileys"; -import { loadConfig } from "../../../src/config/config.js"; -import { danger, info, success } from "../../../src/globals.js"; -import { logInfo } from "../../../src/logger.js"; -import { defaultRuntime, type RuntimeEnv } from "../../../src/runtime.js"; +import { loadConfig } from "openclaw/plugin-sdk/config-runtime"; +import { danger, info, success } from "openclaw/plugin-sdk/runtime-env"; +import { defaultRuntime, type RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; +import { logInfo } from "openclaw/plugin-sdk/text-runtime"; import { resolveWhatsAppAccount } from "./accounts.js"; import { renderQrPngBase64 } from "./qr-image.js"; import { diff --git a/extensions/whatsapp/src/login.ts b/extensions/whatsapp/src/login.ts index 0923a38a122..43c16e1d298 100644 --- a/extensions/whatsapp/src/login.ts +++ b/extensions/whatsapp/src/login.ts @@ -1,9 +1,9 @@ import { DisconnectReason } from "@whiskeysockets/baileys"; -import { formatCliCommand } from "../../../src/cli/command-format.js"; -import { loadConfig } from "../../../src/config/config.js"; -import { danger, info, success } from "../../../src/globals.js"; -import { logInfo } from "../../../src/logger.js"; -import { defaultRuntime, type RuntimeEnv } from "../../../src/runtime.js"; +import { formatCliCommand } from "openclaw/plugin-sdk/cli-runtime"; +import { loadConfig } from "openclaw/plugin-sdk/config-runtime"; +import { danger, info, success } from "openclaw/plugin-sdk/runtime-env"; +import { defaultRuntime, type RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; +import { logInfo } from "openclaw/plugin-sdk/text-runtime"; import { resolveWhatsAppAccount } from "./accounts.js"; import { createWaSocket, diff --git a/extensions/whatsapp/src/media.test.ts b/extensions/whatsapp/src/media.test.ts index e21d58b4bb7..ce3e98c549c 100644 --- a/extensions/whatsapp/src/media.test.ts +++ b/extensions/whatsapp/src/media.test.ts @@ -7,7 +7,7 @@ import { resolveStateDir } from "../../../src/config/paths.js"; import { resolvePreferredOpenClawTmpDir } from "../../../src/infra/tmp-openclaw-dir.js"; import { optimizeImageToPng } from "../../../src/media/image-ops.js"; import { mockPinnedHostnameResolution } from "../../../src/test-helpers/ssrf.js"; -import { captureEnv } from "../../../src/test-utils/env.js"; +import { captureEnv } from "../../../test/helpers/extensions/env.js"; import { sendVoiceMessageDiscord } from "../../discord/src/send.js"; import { LocalMediaAccessError, diff --git a/extensions/whatsapp/src/media.ts b/extensions/whatsapp/src/media.ts index 2b297ef8907..33339451ec8 100644 --- a/extensions/whatsapp/src/media.ts +++ b/extensions/whatsapp/src/media.ts @@ -1,20 +1,20 @@ import fs from "node:fs/promises"; import path from "node:path"; import { fileURLToPath } from "node:url"; -import { logVerbose, shouldLogVerbose } from "../../../src/globals.js"; -import { SafeOpenError, readLocalFileSafely } from "../../../src/infra/fs-safe.js"; -import type { SsrFPolicy } from "../../../src/infra/net/ssrf.js"; -import { type MediaKind, maxBytesForKind } from "../../../src/media/constants.js"; -import { fetchRemoteMedia } from "../../../src/media/fetch.js"; +import { SafeOpenError, readLocalFileSafely } from "openclaw/plugin-sdk/infra-runtime"; +import type { SsrFPolicy } from "openclaw/plugin-sdk/infra-runtime"; +import { type MediaKind, maxBytesForKind } from "openclaw/plugin-sdk/media-runtime"; +import { fetchRemoteMedia } from "openclaw/plugin-sdk/media-runtime"; import { convertHeicToJpeg, hasAlphaChannel, optimizeImageToPng, resizeToJpeg, -} from "../../../src/media/image-ops.js"; -import { getDefaultMediaLocalRoots } from "../../../src/media/local-roots.js"; -import { detectMime, extensionForMime, kindFromMime } from "../../../src/media/mime.js"; -import { resolveUserPath } from "../../../src/utils.js"; +} from "openclaw/plugin-sdk/media-runtime"; +import { getDefaultMediaLocalRoots } from "openclaw/plugin-sdk/media-runtime"; +import { detectMime, extensionForMime, kindFromMime } from "openclaw/plugin-sdk/media-runtime"; +import { logVerbose, shouldLogVerbose } from "openclaw/plugin-sdk/runtime-env"; +import { resolveUserPath } from "openclaw/plugin-sdk/text-runtime"; export type WebMediaResult = { buffer: Buffer; diff --git a/extensions/whatsapp/src/monitor-inbox.test-harness.ts b/extensions/whatsapp/src/monitor-inbox.test-harness.ts index 43bc731c459..3aefaf7a4f1 100644 --- a/extensions/whatsapp/src/monitor-inbox.test-harness.ts +++ b/extensions/whatsapp/src/monitor-inbox.test-harness.ts @@ -2,8 +2,8 @@ import { EventEmitter } from "node:events"; import fsSync from "node:fs"; import os from "node:os"; import path from "node:path"; +import { resetLogger, setLoggerOverride } from "openclaw/plugin-sdk/runtime-env"; import { afterEach, beforeEach, expect, vi } from "vitest"; -import { resetLogger, setLoggerOverride } from "../../../src/logging.js"; // Avoid exporting vitest mock types (TS2742 under pnpm + d.ts emit). // oxlint-disable-next-line typescript/no-explicit-any @@ -81,8 +81,8 @@ function getPairingStoreMocks() { const sock: MockSock = createMockSock(); -vi.mock("../../../src/media/store.js", async (importOriginal) => { - const actual = await importOriginal(); +vi.mock("openclaw/plugin-sdk/media-runtime", async (importOriginal) => { + const actual = await importOriginal(); return { ...actual, saveMediaBuffer: vi.fn().mockResolvedValue({ @@ -94,15 +94,15 @@ vi.mock("../../../src/media/store.js", async (importOriginal) => { }; }); -vi.mock("../../../src/config/config.js", async (importOriginal) => { - const actual = await importOriginal(); +vi.mock("openclaw/plugin-sdk/config-runtime", async (importOriginal) => { + const actual = await importOriginal(); return { ...actual, loadConfig: () => mockLoadConfig(), }; }); -vi.mock("../../../src/pairing/pairing-store.js", () => getPairingStoreMocks()); +vi.mock("openclaw/plugin-sdk/conversation-runtime", () => getPairingStoreMocks()); vi.mock("./session.js", () => ({ createWaSocket: vi.fn().mockResolvedValue(sock), diff --git a/extensions/whatsapp/src/normalize.ts b/extensions/whatsapp/src/normalize.ts index 319dabe25bd..bfecb31e4a5 100644 --- a/extensions/whatsapp/src/normalize.ts +++ b/extensions/whatsapp/src/normalize.ts @@ -1,28 +1,5 @@ -import { - looksLikeHandleOrPhoneTarget, - trimMessagingTarget, -} from "../../../src/channels/plugins/normalize/shared.js"; -import { normalizeWhatsAppTarget } from "../../../src/whatsapp/normalize.js"; - -export function normalizeWhatsAppMessagingTarget(raw: string): string | undefined { - const trimmed = trimMessagingTarget(raw); - if (!trimmed) { - return undefined; - } - return normalizeWhatsAppTarget(trimmed) ?? undefined; -} - -export function normalizeWhatsAppAllowFromEntries(allowFrom: Array): string[] { - return allowFrom - .map((entry) => String(entry).trim()) - .filter((entry): entry is string => Boolean(entry)) - .map((entry) => (entry === "*" ? entry : normalizeWhatsAppTarget(entry))) - .filter((entry): entry is string => Boolean(entry)); -} - -export function looksLikeWhatsAppTargetId(raw: string): boolean { - return looksLikeHandleOrPhoneTarget({ - raw, - prefixPattern: /^whatsapp:/i, - }); -} +export { + looksLikeWhatsAppTargetId, + normalizeWhatsAppAllowFromEntries, + normalizeWhatsAppMessagingTarget, +} from "openclaw/plugin-sdk/channel-runtime"; diff --git a/extensions/whatsapp/src/outbound-adapter.ts b/extensions/whatsapp/src/outbound-adapter.ts index ba84e336d0e..0cd0290e913 100644 --- a/extensions/whatsapp/src/outbound-adapter.ts +++ b/extensions/whatsapp/src/outbound-adapter.ts @@ -1,9 +1,9 @@ -import { chunkText } from "../../../src/auto-reply/chunk.js"; -import { sendTextMediaPayload } from "../../../src/channels/plugins/outbound/direct-text-media.js"; -import type { ChannelOutboundAdapter } from "../../../src/channels/plugins/types.js"; -import { shouldLogVerbose } from "../../../src/globals.js"; -import { resolveOutboundSendDep } from "../../../src/infra/outbound/send-deps.js"; -import { resolveWhatsAppOutboundTarget } from "../../../src/whatsapp/resolve-outbound-target.js"; +import { sendTextMediaPayload } from "openclaw/plugin-sdk/channel-runtime"; +import type { ChannelOutboundAdapter } from "openclaw/plugin-sdk/channel-runtime"; +import { resolveOutboundSendDep } from "openclaw/plugin-sdk/channel-runtime"; +import { chunkText } from "openclaw/plugin-sdk/reply-runtime"; +import { shouldLogVerbose } from "openclaw/plugin-sdk/runtime-env"; +import { resolveWhatsAppOutboundTarget } from "openclaw/plugin-sdk/whatsapp"; import { sendMessageWhatsApp, sendPollWhatsApp } from "./send.js"; function trimLeadingWhitespace(text: string | undefined): string { diff --git a/extensions/whatsapp/src/qr-image.ts b/extensions/whatsapp/src/qr-image.ts index d4d8b9c7b2f..be6b10f5b0e 100644 --- a/extensions/whatsapp/src/qr-image.ts +++ b/extensions/whatsapp/src/qr-image.ts @@ -1,6 +1,6 @@ +import { encodePngRgba, fillPixel } from "openclaw/plugin-sdk/media-runtime"; import QRCodeModule from "qrcode-terminal/vendor/QRCode/index.js"; import QRErrorCorrectLevelModule from "qrcode-terminal/vendor/QRCode/QRErrorCorrectLevel.js"; -import { encodePngRgba, fillPixel } from "../../../src/media/png-encode.js"; type QRCodeConstructor = new ( typeNumber: number, diff --git a/extensions/whatsapp/src/reconnect.ts b/extensions/whatsapp/src/reconnect.ts index d99ddf98ad6..e5e34888cef 100644 --- a/extensions/whatsapp/src/reconnect.ts +++ b/extensions/whatsapp/src/reconnect.ts @@ -1,8 +1,8 @@ import { randomUUID } from "node:crypto"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import type { BackoffPolicy } from "../../../src/infra/backoff.js"; -import { computeBackoff, sleepWithAbort } from "../../../src/infra/backoff.js"; -import { clamp } from "../../../src/utils.js"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import type { BackoffPolicy } from "openclaw/plugin-sdk/infra-runtime"; +import { computeBackoff, sleepWithAbort } from "openclaw/plugin-sdk/infra-runtime"; +import { clamp } from "openclaw/plugin-sdk/text-runtime"; export type ReconnectPolicy = BackoffPolicy & { maxAttempts: number; diff --git a/extensions/whatsapp/src/runtime.ts b/extensions/whatsapp/src/runtime.ts index 07dd4e3d688..8fc8b9e7ed9 100644 --- a/extensions/whatsapp/src/runtime.ts +++ b/extensions/whatsapp/src/runtime.ts @@ -1,5 +1,5 @@ -import { createPluginRuntimeStore } from "openclaw/plugin-sdk/compat"; import type { PluginRuntime } from "openclaw/plugin-sdk/core"; +import { createPluginRuntimeStore } from "openclaw/plugin-sdk/runtime-store"; const { setRuntime: setWhatsAppRuntime, getRuntime: getWhatsAppRuntime } = createPluginRuntimeStore("WhatsApp runtime not initialized"); diff --git a/extensions/whatsapp/src/send.ts b/extensions/whatsapp/src/send.ts index 4ac9c03faf4..c59c5dd2008 100644 --- a/extensions/whatsapp/src/send.ts +++ b/extensions/whatsapp/src/send.ts @@ -1,13 +1,13 @@ -import { loadConfig, type OpenClawConfig } from "../../../src/config/config.js"; -import { resolveMarkdownTableMode } from "../../../src/config/markdown-tables.js"; -import { generateSecureUuid } from "../../../src/infra/secure-random.js"; -import { getChildLogger } from "../../../src/logging/logger.js"; -import { redactIdentifier } from "../../../src/logging/redact-identifier.js"; -import { createSubsystemLogger } from "../../../src/logging/subsystem.js"; -import { convertMarkdownTables } from "../../../src/markdown/tables.js"; -import { markdownToWhatsApp } from "../../../src/markdown/whatsapp.js"; -import { normalizePollInput, type PollInput } from "../../../src/polls.js"; -import { toWhatsappJid } from "../../../src/utils.js"; +import { loadConfig, type OpenClawConfig } from "openclaw/plugin-sdk/config-runtime"; +import { resolveMarkdownTableMode } from "openclaw/plugin-sdk/config-runtime"; +import { generateSecureUuid } from "openclaw/plugin-sdk/infra-runtime"; +import { normalizePollInput, type PollInput } from "openclaw/plugin-sdk/media-runtime"; +import { createSubsystemLogger } from "openclaw/plugin-sdk/runtime-env"; +import { getChildLogger } from "openclaw/plugin-sdk/text-runtime"; +import { redactIdentifier } from "openclaw/plugin-sdk/text-runtime"; +import { convertMarkdownTables } from "openclaw/plugin-sdk/text-runtime"; +import { markdownToWhatsApp } from "openclaw/plugin-sdk/text-runtime"; +import { toWhatsappJid } from "openclaw/plugin-sdk/text-runtime"; import { resolveWhatsAppAccount, resolveWhatsAppMediaMaxBytes } from "./accounts.js"; import { type ActiveWebSendOptions, requireActiveWebListener } from "./active-listener.js"; import { loadWebMedia } from "./media.js"; diff --git a/extensions/whatsapp/src/session.ts b/extensions/whatsapp/src/session.ts index 8fc7f9fd1fc..80690b110eb 100644 --- a/extensions/whatsapp/src/session.ts +++ b/extensions/whatsapp/src/session.ts @@ -7,12 +7,12 @@ import { makeWASocket, useMultiFileAuthState, } from "@whiskeysockets/baileys"; +import { formatCliCommand } from "openclaw/plugin-sdk/cli-runtime"; +import { VERSION } from "openclaw/plugin-sdk/cli-runtime"; +import { danger, success } from "openclaw/plugin-sdk/runtime-env"; +import { getChildLogger, toPinoLikeLogger } from "openclaw/plugin-sdk/runtime-env"; +import { ensureDir, resolveUserPath } from "openclaw/plugin-sdk/text-runtime"; import qrcode from "qrcode-terminal"; -import { formatCliCommand } from "../../../src/cli/command-format.js"; -import { danger, success } from "../../../src/globals.js"; -import { getChildLogger, toPinoLikeLogger } from "../../../src/logging.js"; -import { ensureDir, resolveUserPath } from "../../../src/utils.js"; -import { VERSION } from "../../../src/version.js"; import { maybeRestoreCredsFromBackup, readCredsJsonRaw, diff --git a/extensions/whatsapp/src/setup-core.ts b/extensions/whatsapp/src/setup-core.ts index 2b243743076..e7a11eedbf6 100644 --- a/extensions/whatsapp/src/setup-core.ts +++ b/extensions/whatsapp/src/setup-core.ts @@ -1,9 +1,9 @@ import { applyAccountNameToChannelSection, + type ChannelSetupAdapter, migrateBaseNameToDefaultAccount, -} from "../../../src/channels/plugins/setup-helpers.js"; -import type { ChannelSetupAdapter } from "../../../src/channels/plugins/types.adapters.js"; -import { normalizeAccountId } from "../../../src/routing/session-key.js"; + normalizeAccountId, +} from "openclaw/plugin-sdk/setup"; const channel = "whatsapp" as const; diff --git a/extensions/whatsapp/src/setup-surface.ts b/extensions/whatsapp/src/setup-surface.ts index 4210b5772af..e836362bca5 100644 --- a/extensions/whatsapp/src/setup-surface.ts +++ b/extensions/whatsapp/src/setup-surface.ts @@ -1,23 +1,47 @@ import path from "node:path"; -import { loginWeb } from "../../../src/channel-web.js"; import { + DEFAULT_ACCOUNT_ID, + normalizeAccountId, normalizeAllowFromEntries, + normalizeE164, + pathExists, splitSetupEntries, -} from "../../../src/channels/plugins/setup-wizard-helpers.js"; -import { setSetupChannelEnabled } from "../../../src/channels/plugins/setup-wizard-helpers.js"; -import type { ChannelSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import { formatCliCommand } from "../../../src/cli/command-format.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { mergeWhatsAppConfig } from "../../../src/config/merge-config.js"; -import type { DmPolicy } from "../../../src/config/types.js"; -import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js"; -import { formatDocsLink } from "../../../src/terminal/links.js"; -import { normalizeE164, pathExists } from "../../../src/utils.js"; + setSetupChannelEnabled, + type DmPolicy, + type OpenClawConfig, +} from "openclaw/plugin-sdk/setup"; +import type { ChannelSetupWizard } from "openclaw/plugin-sdk/setup"; +import { formatCliCommand, formatDocsLink } from "openclaw/plugin-sdk/setup-tools"; import { listWhatsAppAccountIds, resolveWhatsAppAuthDir } from "./accounts.js"; +import { loginWeb } from "./login.js"; import { whatsappSetupAdapter } from "./setup-core.js"; const channel = "whatsapp" as const; +function mergeWhatsAppConfig( + cfg: OpenClawConfig, + patch: Partial["whatsapp"]>>, + options?: { unsetOnUndefined?: string[] }, +): OpenClawConfig { + const base = { ...(cfg.channels?.whatsapp ?? {}) } as Record; + for (const [key, value] of Object.entries(patch)) { + if (value === undefined) { + if (options?.unsetOnUndefined?.includes(key)) { + delete base[key]; + } + continue; + } + base[key] = value; + } + return { + ...cfg, + channels: { + ...cfg.channels, + whatsapp: base, + }, + }; +} + function setWhatsAppDmPolicy(cfg: OpenClawConfig, dmPolicy: DmPolicy): OpenClawConfig { return mergeWhatsAppConfig(cfg, { dmPolicy }); } diff --git a/extensions/whatsapp/src/shared.ts b/extensions/whatsapp/src/shared.ts new file mode 100644 index 00000000000..1777de07736 --- /dev/null +++ b/extensions/whatsapp/src/shared.ts @@ -0,0 +1,222 @@ +import { + buildAccountScopedDmSecurityPolicy, + collectAllowlistProviderGroupPolicyWarnings, + collectOpenGroupPolicyRouteAllowlistWarnings, +} from "openclaw/plugin-sdk/channel-policy"; +import { + buildChannelConfigSchema, + DEFAULT_ACCOUNT_ID, + formatWhatsAppConfigAllowFromEntries, + getChatChannelMeta, + normalizeE164, + resolveWhatsAppConfigAllowFrom, + resolveWhatsAppConfigDefaultTo, + resolveWhatsAppGroupIntroHint, + resolveWhatsAppGroupRequireMention, + resolveWhatsAppGroupToolPolicy, + WhatsAppConfigSchema, + type ChannelPlugin, +} from "openclaw/plugin-sdk/whatsapp-core"; +import { + listWhatsAppAccountIds, + resolveDefaultWhatsAppAccountId, + resolveWhatsAppAccount, + type ResolvedWhatsAppAccount, +} from "./accounts.js"; + +export const WHATSAPP_CHANNEL = "whatsapp" as const; + +export async function loadWhatsAppChannelRuntime() { + return await import("./channel.runtime.js"); +} + +export const whatsappSetupWizardProxy = createWhatsAppSetupWizardProxy(async () => ({ + whatsappSetupWizard: (await loadWhatsAppChannelRuntime()).whatsappSetupWizard, +})); + +export function createWhatsAppSetupWizardProxy( + loadWizard: () => Promise<{ + whatsappSetupWizard: NonNullable["setupWizard"]>; + }>, +): NonNullable["setupWizard"]> { + return { + channel: WHATSAPP_CHANNEL, + status: { + configuredLabel: "linked", + unconfiguredLabel: "not linked", + configuredHint: "linked", + unconfiguredHint: "not linked", + configuredScore: 5, + unconfiguredScore: 4, + resolveConfigured: async ({ cfg }) => + await (await loadWizard()).whatsappSetupWizard.status.resolveConfigured({ cfg }), + resolveStatusLines: async ({ cfg, configured }) => + (await ( + await loadWizard() + ).whatsappSetupWizard.status.resolveStatusLines?.({ + cfg, + configured, + })) ?? [], + }, + resolveShouldPromptAccountIds: (params) => + (params.shouldPromptAccountIds || params.options?.promptWhatsAppAccountId) ?? false, + credentials: [], + finalize: async (params) => await (await loadWizard()).whatsappSetupWizard.finalize!(params), + disable: (cfg) => ({ + ...cfg, + channels: { + ...cfg.channels, + whatsapp: { + ...cfg.channels?.whatsapp, + enabled: false, + }, + }, + }), + onAccountRecorded: (accountId, options) => { + options?.onWhatsAppAccountId?.(accountId); + }, + }; +} + +export function createWhatsAppPluginBase(params: { + setupWizard: NonNullable["setupWizard"]>; + setup: NonNullable["setup"]>; + isConfigured: NonNullable["config"]>["isConfigured"]; +}): Pick< + ChannelPlugin, + | "id" + | "meta" + | "setupWizard" + | "capabilities" + | "reload" + | "gatewayMethods" + | "configSchema" + | "config" + | "security" + | "setup" + | "groups" +> { + return { + id: WHATSAPP_CHANNEL, + meta: { + ...getChatChannelMeta(WHATSAPP_CHANNEL), + showConfigured: false, + quickstartAllowFrom: true, + forceAccountBinding: true, + preferSessionLookupForAnnounceTarget: true, + }, + setupWizard: params.setupWizard, + capabilities: { + chatTypes: ["direct", "group"], + polls: true, + reactions: true, + media: true, + }, + reload: { configPrefixes: ["web"], noopPrefixes: ["channels.whatsapp"] }, + gatewayMethods: ["web.login.start", "web.login.wait"], + configSchema: buildChannelConfigSchema(WhatsAppConfigSchema), + config: { + listAccountIds: (cfg) => listWhatsAppAccountIds(cfg), + resolveAccount: (cfg, accountId) => resolveWhatsAppAccount({ cfg, accountId }), + defaultAccountId: (cfg) => resolveDefaultWhatsAppAccountId(cfg), + setAccountEnabled: ({ cfg, accountId, enabled }) => { + const accountKey = accountId || DEFAULT_ACCOUNT_ID; + const accounts = { ...cfg.channels?.whatsapp?.accounts }; + const existing = accounts[accountKey] ?? {}; + return { + ...cfg, + channels: { + ...cfg.channels, + whatsapp: { + ...cfg.channels?.whatsapp, + accounts: { + ...accounts, + [accountKey]: { + ...existing, + enabled, + }, + }, + }, + }, + }; + }, + deleteAccount: ({ cfg, accountId }) => { + const accountKey = accountId || DEFAULT_ACCOUNT_ID; + const accounts = { ...cfg.channels?.whatsapp?.accounts }; + delete accounts[accountKey]; + return { + ...cfg, + channels: { + ...cfg.channels, + whatsapp: { + ...cfg.channels?.whatsapp, + accounts: Object.keys(accounts).length ? accounts : undefined, + }, + }, + }; + }, + isEnabled: (account, cfg) => account.enabled && cfg.web?.enabled !== false, + disabledReason: () => "disabled", + isConfigured: params.isConfigured, + unconfiguredReason: () => "not linked", + describeAccount: (account) => ({ + accountId: account.accountId, + name: account.name, + enabled: account.enabled, + configured: Boolean(account.authDir), + linked: Boolean(account.authDir), + dmPolicy: account.dmPolicy, + allowFrom: account.allowFrom, + }), + resolveAllowFrom: ({ cfg, accountId }) => resolveWhatsAppConfigAllowFrom({ cfg, accountId }), + formatAllowFrom: ({ allowFrom }) => formatWhatsAppConfigAllowFromEntries(allowFrom), + resolveDefaultTo: ({ cfg, accountId }) => resolveWhatsAppConfigDefaultTo({ cfg, accountId }), + }, + security: { + resolveDmPolicy: ({ cfg, accountId, account }) => + buildAccountScopedDmSecurityPolicy({ + cfg, + channelKey: WHATSAPP_CHANNEL, + accountId, + fallbackAccountId: account.accountId ?? DEFAULT_ACCOUNT_ID, + policy: account.dmPolicy, + allowFrom: account.allowFrom ?? [], + policyPathSuffix: "dmPolicy", + normalizeEntry: (raw) => normalizeE164(raw), + }), + collectWarnings: ({ account, cfg }) => { + const groupAllowlistConfigured = + Boolean(account.groups) && Object.keys(account.groups ?? {}).length > 0; + return collectAllowlistProviderGroupPolicyWarnings({ + cfg, + providerConfigPresent: cfg.channels?.whatsapp !== undefined, + configuredGroupPolicy: account.groupPolicy, + collect: (groupPolicy) => + collectOpenGroupPolicyRouteAllowlistWarnings({ + groupPolicy, + routeAllowlistConfigured: groupAllowlistConfigured, + restrictSenders: { + surface: "WhatsApp groups", + openScope: "any member in allowed groups", + groupPolicyPath: "channels.whatsapp.groupPolicy", + groupAllowFromPath: "channels.whatsapp.groupAllowFrom", + }, + noRouteAllowlist: { + surface: "WhatsApp groups", + routeAllowlistPath: "channels.whatsapp.groups", + routeScope: "group", + groupPolicyPath: "channels.whatsapp.groupPolicy", + groupAllowFromPath: "channels.whatsapp.groupAllowFrom", + }, + }), + }); + }, + }, + setup: params.setup, + groups: { + resolveRequireMention: resolveWhatsAppGroupRequireMention, + resolveToolPolicy: resolveWhatsAppGroupToolPolicy, + resolveGroupIntroHint: resolveWhatsAppGroupIntroHint, + }, + }; +} diff --git a/extensions/whatsapp/src/status-issues.ts b/extensions/whatsapp/src/status-issues.ts index bddd6dd7d9d..f369ba29cda 100644 --- a/extensions/whatsapp/src/status-issues.ts +++ b/extensions/whatsapp/src/status-issues.ts @@ -2,12 +2,12 @@ import { asString, collectIssuesForEnabledAccounts, isRecord, -} from "../../../src/channels/plugins/status-issues/shared.js"; +} from "openclaw/plugin-sdk/channel-runtime"; import type { ChannelAccountSnapshot, ChannelStatusIssue, -} from "../../../src/channels/plugins/types.js"; -import { formatCliCommand } from "../../../src/cli/command-format.js"; +} from "openclaw/plugin-sdk/channel-runtime"; +import { formatCliCommand } from "openclaw/plugin-sdk/cli-runtime"; type WhatsAppAccountStatus = { accountId?: unknown; diff --git a/extensions/whatsapp/src/test-helpers.ts b/extensions/whatsapp/src/test-helpers.ts index b3289164463..bb2cd3d6fa0 100644 --- a/extensions/whatsapp/src/test-helpers.ts +++ b/extensions/whatsapp/src/test-helpers.ts @@ -30,8 +30,8 @@ export function resetLoadConfigMock() { (globalThis as Record)[CONFIG_KEY] = () => DEFAULT_CONFIG; } -vi.mock("../../../src/config/config.js", async (importOriginal) => { - const actual = await importOriginal(); +vi.mock("openclaw/plugin-sdk/config-runtime", async (importOriginal) => { + const actual = await importOriginal(); return { ...actual, loadConfig: () => { @@ -51,7 +51,7 @@ vi.mock("../../config/config.js", async (importOriginal) => { // `../../config/config.js` is correct for modules under `src/web/auto-reply/*`. // For typing in this file (which lives in `src/web/*`), refer to the same module // via the local relative path. - const actual = await importOriginal(); + const actual = await importOriginal(); return { ...actual, loadConfig: () => { @@ -64,8 +64,8 @@ vi.mock("../../config/config.js", async (importOriginal) => { }; }); -vi.mock("../../../src/media/store.js", async (importOriginal) => { - const actual = await importOriginal(); +vi.mock("openclaw/plugin-sdk/media-runtime", async (importOriginal) => { + const actual = await importOriginal(); const mockModule = Object.create(null) as Record; Object.defineProperties(mockModule, Object.getOwnPropertyDescriptors(actual)); Object.defineProperty(mockModule, "saveMediaBuffer", { diff --git a/extensions/xai/index.ts b/extensions/xai/index.ts index c9f3bcdf4de..485b7ec6461 100644 --- a/extensions/xai/index.ts +++ b/extensions/xai/index.ts @@ -1,13 +1,12 @@ -import { normalizeProviderId } from "../../src/agents/provider-id.js"; +import { definePluginEntry } from "openclaw/plugin-sdk/core"; +import { createProviderApiKeyAuthMethod } from "openclaw/plugin-sdk/provider-auth"; +import { normalizeProviderId } from "openclaw/plugin-sdk/provider-models"; import { createPluginBackedWebSearchProvider, getScopedCredentialValue, setScopedCredentialValue, -} from "../../src/agents/tools/web-search-plugin-factory.js"; -import { applyXaiConfig, XAI_DEFAULT_MODEL_REF } from "../../src/commands/onboard-auth.js"; -import { emptyPluginConfigSchema } from "../../src/plugins/config-schema.js"; -import { createProviderApiKeyAuthMethod } from "../../src/plugins/provider-api-key-auth.js"; -import type { OpenClawPluginApi } from "../../src/plugins/types.js"; +} from "openclaw/plugin-sdk/provider-web-search"; +import { applyXaiConfig, XAI_DEFAULT_MODEL_REF } from "./onboard.js"; const PROVIDER_ID = "xai"; const XAI_MODERN_MODEL_PREFIXES = ["grok-4"] as const; @@ -17,12 +16,11 @@ function matchesModernXaiModel(modelId: string): boolean { return XAI_MODERN_MODEL_PREFIXES.some((prefix) => normalized.startsWith(prefix)); } -const xaiPlugin = { +export default definePluginEntry({ id: "xai", name: "xAI Plugin", description: "Bundled xAI plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerProvider({ id: PROVIDER_ID, label: "xAI", @@ -69,6 +67,4 @@ const xaiPlugin = { }), ); }, -}; - -export default xaiPlugin; +}); diff --git a/extensions/xai/model-definitions.ts b/extensions/xai/model-definitions.ts new file mode 100644 index 00000000000..ff3a892500e --- /dev/null +++ b/extensions/xai/model-definitions.ts @@ -0,0 +1,25 @@ +import type { ModelDefinitionConfig } from "openclaw/plugin-sdk/provider-models"; + +export const XAI_BASE_URL = "https://api.x.ai/v1"; +export const XAI_DEFAULT_MODEL_ID = "grok-4"; +export const XAI_DEFAULT_MODEL_REF = `xai/${XAI_DEFAULT_MODEL_ID}`; +export const XAI_DEFAULT_CONTEXT_WINDOW = 131072; +export const XAI_DEFAULT_MAX_TOKENS = 8192; +export const XAI_DEFAULT_COST = { + input: 0, + output: 0, + cacheRead: 0, + cacheWrite: 0, +}; + +export function buildXaiModelDefinition(): ModelDefinitionConfig { + return { + id: XAI_DEFAULT_MODEL_ID, + name: "Grok 4", + reasoning: false, + input: ["text"], + cost: XAI_DEFAULT_COST, + contextWindow: XAI_DEFAULT_CONTEXT_WINDOW, + maxTokens: XAI_DEFAULT_MAX_TOKENS, + }; +} diff --git a/extensions/xai/onboard.ts b/extensions/xai/onboard.ts new file mode 100644 index 00000000000..6abc7477e6c --- /dev/null +++ b/extensions/xai/onboard.ts @@ -0,0 +1,33 @@ +import { + buildXaiModelDefinition, + XAI_BASE_URL, + XAI_DEFAULT_MODEL_ID, +} from "openclaw/plugin-sdk/provider-models"; +import { + applyAgentDefaultModelPrimary, + applyProviderConfigWithDefaultModel, + type OpenClawConfig, +} from "openclaw/plugin-sdk/provider-onboard"; + +export const XAI_DEFAULT_MODEL_REF = `xai/${XAI_DEFAULT_MODEL_ID}`; + +export function applyXaiProviderConfig(cfg: OpenClawConfig): OpenClawConfig { + const models = { ...cfg.agents?.defaults?.models }; + models[XAI_DEFAULT_MODEL_REF] = { + ...models[XAI_DEFAULT_MODEL_REF], + alias: models[XAI_DEFAULT_MODEL_REF]?.alias ?? "Grok", + }; + + return applyProviderConfigWithDefaultModel(cfg, { + agentModels: models, + providerId: "xai", + api: "openai-completions", + baseUrl: XAI_BASE_URL, + defaultModel: buildXaiModelDefinition(), + defaultModelId: XAI_DEFAULT_MODEL_ID, + }); +} + +export function applyXaiConfig(cfg: OpenClawConfig): OpenClawConfig { + return applyAgentDefaultModelPrimary(applyXaiProviderConfig(cfg), XAI_DEFAULT_MODEL_REF); +} diff --git a/extensions/xiaomi/index.ts b/extensions/xiaomi/index.ts index 4987b18c8fd..def263b1cda 100644 --- a/extensions/xiaomi/index.ts +++ b/extensions/xiaomi/index.ts @@ -1,17 +1,17 @@ -import { emptyPluginConfigSchema, type OpenClawPluginApi } from "openclaw/plugin-sdk/core"; -import { buildXiaomiProvider } from "../../src/agents/models-config.providers.static.js"; -import { applyXiaomiConfig, XIAOMI_DEFAULT_MODEL_REF } from "../../src/commands/onboard-auth.js"; -import { PROVIDER_LABELS } from "../../src/infra/provider-usage.shared.js"; -import { createProviderApiKeyAuthMethod } from "../../src/plugins/provider-api-key-auth.js"; +import { definePluginEntry } from "openclaw/plugin-sdk/core"; +import { createProviderApiKeyAuthMethod } from "openclaw/plugin-sdk/provider-auth"; +import { buildSingleProviderApiKeyCatalog } from "openclaw/plugin-sdk/provider-catalog"; +import { PROVIDER_LABELS } from "openclaw/plugin-sdk/provider-usage"; +import { applyXiaomiConfig, XIAOMI_DEFAULT_MODEL_REF } from "./onboard.js"; +import { buildXiaomiProvider } from "./provider-catalog.js"; const PROVIDER_ID = "xiaomi"; -const xiaomiPlugin = { +export default definePluginEntry({ id: PROVIDER_ID, name: "Xiaomi Provider", description: "Bundled Xiaomi provider plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerProvider({ id: PROVIDER_ID, label: "Xiaomi", @@ -41,18 +41,12 @@ const xiaomiPlugin = { ], catalog: { order: "simple", - run: async (ctx) => { - const apiKey = ctx.resolveProviderApiKey(PROVIDER_ID).apiKey; - if (!apiKey) { - return null; - } - return { - provider: { - ...buildXiaomiProvider(), - apiKey, - }, - }; - }, + run: (ctx) => + buildSingleProviderApiKeyCatalog({ + ctx, + providerId: PROVIDER_ID, + buildProvider: buildXiaomiProvider, + }), }, resolveUsageAuth: async (ctx) => { const apiKey = ctx.resolveApiKeyFromConfigAndStore({ @@ -67,6 +61,4 @@ const xiaomiPlugin = { }), }); }, -}; - -export default xiaomiPlugin; +}); diff --git a/extensions/xiaomi/onboard.ts b/extensions/xiaomi/onboard.ts new file mode 100644 index 00000000000..80d0ad1cd16 --- /dev/null +++ b/extensions/xiaomi/onboard.ts @@ -0,0 +1,30 @@ +import { + applyAgentDefaultModelPrimary, + applyProviderConfigWithDefaultModels, + type OpenClawConfig, +} from "openclaw/plugin-sdk/provider-onboard"; +import { buildXiaomiProvider, XIAOMI_DEFAULT_MODEL_ID } from "./provider-catalog.js"; + +export const XIAOMI_DEFAULT_MODEL_REF = `xiaomi/${XIAOMI_DEFAULT_MODEL_ID}`; + +export function applyXiaomiProviderConfig(cfg: OpenClawConfig): OpenClawConfig { + const models = { ...cfg.agents?.defaults?.models }; + models[XIAOMI_DEFAULT_MODEL_REF] = { + ...models[XIAOMI_DEFAULT_MODEL_REF], + alias: models[XIAOMI_DEFAULT_MODEL_REF]?.alias ?? "Xiaomi", + }; + const defaultProvider = buildXiaomiProvider(); + const resolvedApi = defaultProvider.api ?? "openai-completions"; + return applyProviderConfigWithDefaultModels(cfg, { + agentModels: models, + providerId: "xiaomi", + api: resolvedApi, + baseUrl: defaultProvider.baseUrl, + defaultModels: defaultProvider.models ?? [], + defaultModelId: XIAOMI_DEFAULT_MODEL_ID, + }); +} + +export function applyXiaomiConfig(cfg: OpenClawConfig): OpenClawConfig { + return applyAgentDefaultModelPrimary(applyXiaomiProviderConfig(cfg), XIAOMI_DEFAULT_MODEL_REF); +} diff --git a/extensions/xiaomi/provider-catalog.ts b/extensions/xiaomi/provider-catalog.ts new file mode 100644 index 00000000000..91329eeb87d --- /dev/null +++ b/extensions/xiaomi/provider-catalog.ts @@ -0,0 +1,30 @@ +import type { ModelProviderConfig } from "openclaw/plugin-sdk/provider-models"; + +const XIAOMI_BASE_URL = "https://api.xiaomimimo.com/anthropic"; +export const XIAOMI_DEFAULT_MODEL_ID = "mimo-v2-flash"; +const XIAOMI_DEFAULT_CONTEXT_WINDOW = 262144; +const XIAOMI_DEFAULT_MAX_TOKENS = 8192; +const XIAOMI_DEFAULT_COST = { + input: 0, + output: 0, + cacheRead: 0, + cacheWrite: 0, +}; + +export function buildXiaomiProvider(): ModelProviderConfig { + return { + baseUrl: XIAOMI_BASE_URL, + api: "anthropic-messages", + models: [ + { + id: XIAOMI_DEFAULT_MODEL_ID, + name: "Xiaomi MiMo V2 Flash", + reasoning: false, + input: ["text"], + cost: XIAOMI_DEFAULT_COST, + contextWindow: XIAOMI_DEFAULT_CONTEXT_WINDOW, + maxTokens: XIAOMI_DEFAULT_MAX_TOKENS, + }, + ], + }; +} diff --git a/extensions/zai/detect.ts b/extensions/zai/detect.ts index 07f06a9f052..9bd1f25f50a 100644 --- a/extensions/zai/detect.ts +++ b/extensions/zai/detect.ts @@ -2,7 +2,7 @@ import { detectZaiEndpoint as detectZaiEndpointCore, type ZaiDetectedEndpoint, type ZaiEndpointId, -} from "../../src/commands/zai-endpoint-detect.js"; +} from "openclaw/plugin-sdk/zai"; type DetectZaiEndpointFn = typeof detectZaiEndpointCore; diff --git a/extensions/zai/index.ts b/extensions/zai/index.ts index 16f1c311ea3..79ae3a9d8aa 100644 --- a/extensions/zai/index.ts +++ b/extensions/zai/index.ts @@ -1,36 +1,27 @@ -import fs from "node:fs"; -import os from "node:os"; -import path from "node:path"; import { - emptyPluginConfigSchema, - type OpenClawPluginApi, + definePluginEntry, type ProviderAuthContext, type ProviderAuthMethod, type ProviderAuthMethodNonInteractiveContext, type ProviderResolveDynamicModelContext, type ProviderRuntimeModel, } from "openclaw/plugin-sdk/core"; -import { upsertAuthProfile } from "../../src/agents/auth-profiles.js"; -import { DEFAULT_CONTEXT_TOKENS } from "../../src/agents/defaults.js"; -import { normalizeModelCompat } from "../../src/agents/model-compat.js"; -import { createZaiToolStreamWrapper } from "../../src/agents/pi-embedded-runner/zai-stream-wrappers.js"; -import { - normalizeApiKeyInput, - validateApiKeyInput, -} from "../../src/commands/auth-choice.api-key.js"; -import { ensureApiKeyFromOptionEnvOrPrompt } from "../../src/commands/auth-choice.apply-helpers.js"; -import { buildApiKeyCredential } from "../../src/commands/onboard-auth.credentials.js"; import { applyAuthProfileConfig, - applyZaiConfig, - applyZaiProviderConfig, - ZAI_DEFAULT_MODEL_REF, -} from "../../src/commands/onboard-auth.js"; -import type { SecretInput } from "../../src/config/types.secrets.js"; -import { resolveRequiredHomeDir } from "../../src/infra/home-dir.js"; -import { fetchZaiUsage } from "../../src/infra/provider-usage.fetch.js"; -import { normalizeOptionalSecretInput } from "../../src/utils/normalize-secret-input.js"; + buildApiKeyCredential, + ensureApiKeyFromOptionEnvOrPrompt, + normalizeApiKeyInput, + normalizeOptionalSecretInput, + type SecretInput, + upsertAuthProfile, + validateApiKeyInput, +} from "openclaw/plugin-sdk/provider-auth"; +import { DEFAULT_CONTEXT_TOKENS, normalizeModelCompat } from "openclaw/plugin-sdk/provider-models"; +import { createZaiToolStreamWrapper } from "openclaw/plugin-sdk/provider-stream"; +import { fetchZaiUsage, resolveLegacyPiAgentAccessToken } from "openclaw/plugin-sdk/provider-usage"; import { detectZaiEndpoint, type ZaiEndpointId } from "./detect.js"; +import { zaiMediaUnderstandingProvider } from "./media-understanding-provider.js"; +import { applyZaiConfig, applyZaiProviderConfig, ZAI_DEFAULT_MODEL_REF } from "./onboard.js"; const PROVIDER_ID = "zai"; const GLM5_MODEL_ID = "glm-5"; @@ -72,27 +63,6 @@ function resolveGlm5ForwardCompatModel( } as ProviderRuntimeModel); } -function resolveLegacyZaiUsageToken(env: NodeJS.ProcessEnv): string | undefined { - try { - const authPath = path.join( - resolveRequiredHomeDir(env, os.homedir), - ".pi", - "agent", - "auth.json", - ); - if (!fs.existsSync(authPath)) { - return undefined; - } - const parsed = JSON.parse(fs.readFileSync(authPath, "utf8")) as Record< - string, - { access?: string } - >; - return parsed["z-ai"]?.access || parsed.zai?.access; - } catch { - return undefined; - } -} - function resolveZaiDefaultModel(modelIdOverride?: string): string { return modelIdOverride ? `zai/${modelIdOverride}` : ZAI_DEFAULT_MODEL_REF; } @@ -255,12 +225,11 @@ function buildZaiApiKeyMethod(params: { }; } -const zaiPlugin = { +export default definePluginEntry({ id: PROVIDER_ID, name: "Z.AI Provider", description: "Bundled Z.AI provider plugin", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { + register(api) { api.registerProvider({ id: PROVIDER_ID, label: "Z.AI", @@ -332,13 +301,12 @@ const zaiPlugin = { if (apiKey) { return { token: apiKey }; } - const legacyToken = resolveLegacyZaiUsageToken(ctx.env); + const legacyToken = resolveLegacyPiAgentAccessToken(ctx.env, ["z-ai", "zai"]); return legacyToken ? { token: legacyToken } : null; }, fetchUsageSnapshot: async (ctx) => await fetchZaiUsage(ctx.token, ctx.timeoutMs, ctx.fetchFn), isCacheTtlEligible: () => true, }); + api.registerMediaUnderstandingProvider(zaiMediaUnderstandingProvider); }, -}; - -export default zaiPlugin; +}); diff --git a/extensions/zai/media-understanding-provider.ts b/extensions/zai/media-understanding-provider.ts new file mode 100644 index 00000000000..bd571230b2d --- /dev/null +++ b/extensions/zai/media-understanding-provider.ts @@ -0,0 +1,12 @@ +import { + describeImageWithModel, + describeImagesWithModel, + type MediaUnderstandingProvider, +} from "openclaw/plugin-sdk/media-understanding"; + +export const zaiMediaUnderstandingProvider: MediaUnderstandingProvider = { + id: "zai", + capabilities: ["image"], + describeImage: describeImageWithModel, + describeImages: describeImagesWithModel, +}; diff --git a/extensions/zai/model-definitions.ts b/extensions/zai/model-definitions.ts new file mode 100644 index 00000000000..778d7602f73 --- /dev/null +++ b/extensions/zai/model-definitions.ts @@ -0,0 +1,60 @@ +import type { ModelDefinitionConfig } from "openclaw/plugin-sdk/provider-models"; + +export const ZAI_CODING_GLOBAL_BASE_URL = "https://api.z.ai/api/coding/paas/v4"; +export const ZAI_CODING_CN_BASE_URL = "https://open.bigmodel.cn/api/coding/paas/v4"; +export const ZAI_GLOBAL_BASE_URL = "https://api.z.ai/api/paas/v4"; +export const ZAI_CN_BASE_URL = "https://open.bigmodel.cn/api/paas/v4"; +export const ZAI_DEFAULT_MODEL_ID = "glm-5"; +export const ZAI_DEFAULT_MODEL_REF = `zai/${ZAI_DEFAULT_MODEL_ID}`; + +export const ZAI_DEFAULT_COST = { + input: 0, + output: 0, + cacheRead: 0, + cacheWrite: 0, +}; + +const ZAI_MODEL_CATALOG = { + "glm-5": { name: "GLM-5", reasoning: true }, + "glm-5-turbo": { name: "GLM-5 Turbo", reasoning: true }, + "glm-4.7": { name: "GLM-4.7", reasoning: true }, + "glm-4.7-flash": { name: "GLM-4.7 Flash", reasoning: true }, + "glm-4.7-flashx": { name: "GLM-4.7 FlashX", reasoning: true }, +} as const; + +type ZaiCatalogId = keyof typeof ZAI_MODEL_CATALOG; + +export function resolveZaiBaseUrl(endpoint?: string): string { + switch (endpoint) { + case "coding-cn": + return ZAI_CODING_CN_BASE_URL; + case "global": + return ZAI_GLOBAL_BASE_URL; + case "cn": + return ZAI_CN_BASE_URL; + case "coding-global": + return ZAI_CODING_GLOBAL_BASE_URL; + default: + return ZAI_GLOBAL_BASE_URL; + } +} + +export function buildZaiModelDefinition(params: { + id: string; + name?: string; + reasoning?: boolean; + cost?: ModelDefinitionConfig["cost"]; + contextWindow?: number; + maxTokens?: number; +}): ModelDefinitionConfig { + const catalog = ZAI_MODEL_CATALOG[params.id as ZaiCatalogId]; + return { + id: params.id, + name: params.name ?? catalog?.name ?? `GLM ${params.id}`, + reasoning: params.reasoning ?? catalog?.reasoning ?? true, + input: ["text"], + cost: params.cost ?? ZAI_DEFAULT_COST, + contextWindow: params.contextWindow ?? 204800, + maxTokens: params.maxTokens ?? 131072, + }; +} diff --git a/extensions/zai/onboard.ts b/extensions/zai/onboard.ts new file mode 100644 index 00000000000..f293e0f7632 --- /dev/null +++ b/extensions/zai/onboard.ts @@ -0,0 +1,57 @@ +import { + buildZaiModelDefinition, + resolveZaiBaseUrl, + ZAI_DEFAULT_MODEL_ID, +} from "openclaw/plugin-sdk/provider-models"; +import { + applyAgentDefaultModelPrimary, + applyProviderConfigWithModelCatalog, + type OpenClawConfig, +} from "openclaw/plugin-sdk/provider-onboard"; + +export const ZAI_DEFAULT_MODEL_REF = `zai/${ZAI_DEFAULT_MODEL_ID}`; + +const ZAI_DEFAULT_MODELS = [ + buildZaiModelDefinition({ id: "glm-5" }), + buildZaiModelDefinition({ id: "glm-5-turbo" }), + buildZaiModelDefinition({ id: "glm-4.7" }), + buildZaiModelDefinition({ id: "glm-4.7-flash" }), + buildZaiModelDefinition({ id: "glm-4.7-flashx" }), +]; + +export function applyZaiProviderConfig( + cfg: OpenClawConfig, + params?: { endpoint?: string; modelId?: string }, +): OpenClawConfig { + const modelId = params?.modelId?.trim() || ZAI_DEFAULT_MODEL_ID; + const modelRef = `zai/${modelId}`; + const existingProvider = cfg.models?.providers?.zai; + const models = { ...cfg.agents?.defaults?.models }; + models[modelRef] = { + ...models[modelRef], + alias: models[modelRef]?.alias ?? "GLM", + }; + + const existingBaseUrl = + typeof existingProvider?.baseUrl === "string" ? existingProvider.baseUrl.trim() : ""; + const baseUrl = params?.endpoint + ? resolveZaiBaseUrl(params.endpoint) + : existingBaseUrl || resolveZaiBaseUrl(); + + return applyProviderConfigWithModelCatalog(cfg, { + agentModels: models, + providerId: "zai", + api: "openai-completions", + baseUrl, + catalogModels: ZAI_DEFAULT_MODELS, + }); +} + +export function applyZaiConfig( + cfg: OpenClawConfig, + params?: { endpoint?: string; modelId?: string }, +): OpenClawConfig { + const modelId = params?.modelId?.trim() || ZAI_DEFAULT_MODEL_ID; + const modelRef = modelId === ZAI_DEFAULT_MODEL_ID ? ZAI_DEFAULT_MODEL_REF : `zai/${modelId}`; + return applyAgentDefaultModelPrimary(applyZaiProviderConfig(cfg, params), modelRef); +} diff --git a/extensions/zalo/api.ts b/extensions/zalo/api.ts new file mode 100644 index 00000000000..8f7fe4d268b --- /dev/null +++ b/extensions/zalo/api.ts @@ -0,0 +1,2 @@ +export * from "./src/setup-core.js"; +export * from "./src/setup-surface.js"; diff --git a/extensions/zalo/index.ts b/extensions/zalo/index.ts index ef62ee6e560..b1391b68c01 100644 --- a/extensions/zalo/index.ts +++ b/extensions/zalo/index.ts @@ -1,17 +1,14 @@ -import type { OpenClawPluginApi } from "openclaw/plugin-sdk/zalo"; -import { emptyPluginConfigSchema } from "openclaw/plugin-sdk/zalo"; +import { defineChannelPluginEntry } from "openclaw/plugin-sdk/core"; import { zaloPlugin } from "./src/channel.js"; import { setZaloRuntime } from "./src/runtime.js"; -const plugin = { +export { zaloPlugin } from "./src/channel.js"; +export { setZaloRuntime } from "./src/runtime.js"; + +export default defineChannelPluginEntry({ id: "zalo", name: "Zalo", - description: "Zalo channel plugin (Bot API)", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { - setZaloRuntime(api.runtime); - api.registerChannel(zaloPlugin); - }, -}; - -export default plugin; + description: "Zalo channel plugin", + plugin: zaloPlugin, + setRuntime: setZaloRuntime, +}); diff --git a/extensions/zalo/setup-entry.ts b/extensions/zalo/setup-entry.ts index dd8ca1b70f8..d26b0f93fe0 100644 --- a/extensions/zalo/setup-entry.ts +++ b/extensions/zalo/setup-entry.ts @@ -1,5 +1,4 @@ +import { defineSetupPluginEntry } from "openclaw/plugin-sdk/core"; import { zaloPlugin } from "./src/channel.js"; -export default { - plugin: zaloPlugin, -}; +export default defineSetupPluginEntry(zaloPlugin); diff --git a/extensions/zalo/src/actions.runtime.ts b/extensions/zalo/src/actions.runtime.ts new file mode 100644 index 00000000000..0fd0a2c6f58 --- /dev/null +++ b/extensions/zalo/src/actions.runtime.ts @@ -0,0 +1,5 @@ +import { sendMessageZalo as sendMessageZaloImpl } from "./send.js"; + +export const zaloActionsRuntime = { + sendMessageZalo: sendMessageZaloImpl, +}; diff --git a/extensions/zalo/src/actions.ts b/extensions/zalo/src/actions.ts index 4f6108fa892..201838f0b04 100644 --- a/extensions/zalo/src/actions.ts +++ b/extensions/zalo/src/actions.ts @@ -1,3 +1,4 @@ +import { createLazyRuntimeNamedExport } from "openclaw/plugin-sdk/lazy-runtime"; import type { ChannelMessageActionAdapter, ChannelMessageActionName, @@ -5,7 +6,11 @@ import type { } from "openclaw/plugin-sdk/zalo"; import { extractToolSend, jsonResult, readStringParam } from "openclaw/plugin-sdk/zalo"; import { listEnabledZaloAccounts } from "./accounts.js"; -import { sendMessageZalo } from "./send.js"; + +const loadZaloActionsRuntime = createLazyRuntimeNamedExport( + () => import("./actions.runtime.js"), + "zaloActionsRuntime", +); const providerId = "zalo"; @@ -35,6 +40,7 @@ export const zaloMessageActions: ChannelMessageActionAdapter = { }); const mediaUrl = readStringParam(params, "media", { trim: false }); + const { sendMessageZalo } = await loadZaloActionsRuntime(); const result = await sendMessageZalo(to ?? "", content ?? "", { accountId: accountId ?? undefined, mediaUrl: mediaUrl ?? undefined, diff --git a/extensions/zalo/src/channel.directory.test.ts b/extensions/zalo/src/channel.directory.test.ts index 8a303e72a97..ac079109736 100644 --- a/extensions/zalo/src/channel.directory.test.ts +++ b/extensions/zalo/src/channel.directory.test.ts @@ -1,6 +1,9 @@ import type { OpenClawConfig, RuntimeEnv } from "openclaw/plugin-sdk/zalo"; import { describe, expect, it } from "vitest"; -import { createDirectoryTestRuntime, expectDirectorySurface } from "../../test-utils/directory.js"; +import { + createDirectoryTestRuntime, + expectDirectorySurface, +} from "../../../test/helpers/extensions/directory.js"; import { zaloPlugin } from "./channel.js"; describe("zalo directory", () => { diff --git a/extensions/zalo/src/channel.runtime.ts b/extensions/zalo/src/channel.runtime.ts new file mode 100644 index 00000000000..86ddc97dcf3 --- /dev/null +++ b/extensions/zalo/src/channel.runtime.ts @@ -0,0 +1,93 @@ +import { createAccountStatusSink } from "openclaw/plugin-sdk/channel-lifecycle"; +import { PAIRING_APPROVED_MESSAGE } from "openclaw/plugin-sdk/zalo"; +import { probeZalo } from "./probe.js"; +import { resolveZaloProxyFetch } from "./proxy.js"; +import { normalizeSecretInputString } from "./secret-input.js"; +import { sendMessageZalo } from "./send.js"; + +export async function notifyZaloPairingApproval(params: { + cfg: import("openclaw/plugin-sdk/zalo").OpenClawConfig; + id: string; +}) { + const { resolveZaloAccount } = await import("./accounts.js"); + const account = resolveZaloAccount({ cfg: params.cfg }); + if (!account.token) { + throw new Error("Zalo token not configured"); + } + await sendMessageZalo(params.id, PAIRING_APPROVED_MESSAGE, { + token: account.token, + }); +} + +export async function sendZaloText( + params: Parameters[2] & { + to: string; + text: string; + }, +) { + return await sendMessageZalo(params.to, params.text, params); +} + +export async function probeZaloAccount(params: { + account: import("./accounts.js").ResolvedZaloAccount; + timeoutMs?: number; +}) { + return await probeZalo( + params.account.token, + params.timeoutMs, + resolveZaloProxyFetch(params.account.config.proxy), + ); +} + +export async function startZaloGatewayAccount( + ctx: Parameters< + NonNullable< + NonNullable["startAccount"] + > + >[0], +) { + const account = ctx.account; + const token = account.token.trim(); + const mode = account.config.webhookUrl ? "webhook" : "polling"; + let zaloBotLabel = ""; + const fetcher = resolveZaloProxyFetch(account.config.proxy); + try { + const probe = await probeZalo(token, 2500, fetcher); + const name = probe.ok ? probe.bot?.name?.trim() : null; + if (name) { + zaloBotLabel = ` (${name})`; + } + if (!probe.ok) { + ctx.log?.warn?.( + `[${account.accountId}] Zalo probe failed before provider start (${String(probe.elapsedMs)}ms): ${probe.error}`, + ); + } + ctx.setStatus({ + accountId: account.accountId, + bot: probe.bot, + }); + } catch (err) { + ctx.log?.warn?.( + `[${account.accountId}] Zalo probe threw before provider start: ${err instanceof Error ? (err.stack ?? err.message) : String(err)}`, + ); + } + const statusSink = createAccountStatusSink({ + accountId: ctx.accountId, + setStatus: ctx.setStatus, + }); + ctx.log?.info(`[${account.accountId}] starting provider${zaloBotLabel} mode=${mode}`); + const { monitorZaloProvider } = await import("./monitor.js"); + return monitorZaloProvider({ + token, + account, + config: ctx.cfg, + runtime: ctx.runtime, + abortSignal: ctx.abortSignal, + useWebhook: Boolean(account.config.webhookUrl), + webhookUrl: account.config.webhookUrl, + webhookSecret: normalizeSecretInputString(account.config.webhookSecret), + webhookPath: account.config.webhookPath, + fetcher, + statusSink, + }); +} diff --git a/extensions/zalo/src/channel.startup.test.ts b/extensions/zalo/src/channel.startup.test.ts index ea0718d29a2..d99f2397438 100644 --- a/extensions/zalo/src/channel.startup.test.ts +++ b/extensions/zalo/src/channel.startup.test.ts @@ -3,7 +3,7 @@ import { afterEach, describe, expect, it, vi } from "vitest"; import { expectPendingUntilAbort, startAccountAndTrackLifecycle, -} from "../../test-utils/start-account-lifecycle.js"; +} from "../../../test/helpers/extensions/start-account-lifecycle.js"; import type { ResolvedZaloAccount } from "./accounts.js"; const hoisted = vi.hoisted(() => ({ diff --git a/extensions/zalo/src/channel.ts b/extensions/zalo/src/channel.ts index 32ceeeff110..80b03ea00c5 100644 --- a/extensions/zalo/src/channel.ts +++ b/extensions/zalo/src/channel.ts @@ -1,11 +1,11 @@ +import { mapAllowFromEntries } from "openclaw/plugin-sdk/channel-config-helpers"; import { buildAccountScopedDmSecurityPolicy, buildOpenGroupPolicyRestrictSendersWarning, buildOpenGroupPolicyWarning, collectOpenProviderGroupPolicyWarnings, - createAccountStatusSink, - mapAllowFromEntries, -} from "openclaw/plugin-sdk/compat"; +} from "openclaw/plugin-sdk/channel-policy"; +import { createLazyRuntimeModule } from "openclaw/plugin-sdk/lazy-runtime"; import type { ChannelAccountSnapshot, ChannelPlugin, @@ -22,8 +22,6 @@ import { formatAllowFromLowercase, listDirectoryUserEntriesFromAllowFrom, isNumericTargetId, - PAIRING_APPROVED_MESSAGE, - resolveOutboundMediaUrls, sendPayloadWithChunkedTextAndMedia, setAccountEnabledInConfigSection, } from "openclaw/plugin-sdk/zalo"; @@ -35,10 +33,6 @@ import { } from "./accounts.js"; import { zaloMessageActions } from "./actions.js"; import { ZaloConfigSchema } from "./config-schema.js"; -import { probeZalo } from "./probe.js"; -import { resolveZaloProxyFetch } from "./proxy.js"; -import { normalizeSecretInputString } from "./secret-input.js"; -import { sendMessageZalo } from "./send.js"; import { zaloSetupAdapter } from "./setup-core.js"; import { zaloSetupWizard } from "./setup-surface.js"; import { collectZaloStatusIssues } from "./status-issues.js"; @@ -63,6 +57,8 @@ function normalizeZaloMessagingTarget(raw: string): string | undefined { return trimmed.replace(/^(zalo|zl):/i, ""); } +const loadZaloChannelRuntime = createLazyRuntimeModule(() => import("./channel.runtime.js")); + export const zaloPlugin: ChannelPlugin = { id: "zalo", meta, @@ -190,13 +186,8 @@ export const zaloPlugin: ChannelPlugin = { pairing: { idLabel: "zaloUserId", normalizeAllowEntry: (entry) => entry.replace(/^(zalo|zl):/i, ""), - notifyApproval: async ({ cfg, id }) => { - const account = resolveZaloAccount({ cfg: cfg }); - if (!account.token) { - throw new Error("Zalo token not configured"); - } - await sendMessageZalo(id, PAIRING_APPROVED_MESSAGE, { token: account.token }); - }, + notifyApproval: async (params) => + await (await loadZaloChannelRuntime()).notifyZaloPairingApproval(params), }, outbound: { deliveryMode: "direct", @@ -213,14 +204,22 @@ export const zaloPlugin: ChannelPlugin = { emptyResult: { channel: "zalo", messageId: "" }, }), sendText: async ({ to, text, accountId, cfg }) => { - const result = await sendMessageZalo(to, text, { + const result = await ( + await loadZaloChannelRuntime() + ).sendZaloText({ + to, + text, accountId: accountId ?? undefined, cfg: cfg, }); return buildChannelSendResult("zalo", result); }, sendMedia: async ({ to, text, mediaUrl, accountId, cfg }) => { - const result = await sendMessageZalo(to, text, { + const result = await ( + await loadZaloChannelRuntime() + ).sendZaloText({ + to, + text, accountId: accountId ?? undefined, mediaUrl, cfg: cfg, @@ -239,7 +238,7 @@ export const zaloPlugin: ChannelPlugin = { collectStatusIssues: collectZaloStatusIssues, buildChannelSummary: ({ snapshot }) => buildTokenChannelStatusSummary(snapshot), probeAccount: async ({ account, timeoutMs }) => - probeZalo(account.token, timeoutMs, resolveZaloProxyFetch(account.config.proxy)), + await (await loadZaloChannelRuntime()).probeZaloAccount({ account, timeoutMs }), buildAccountSnapshot: ({ account, runtime }) => { const configured = Boolean(account.token?.trim()); const base = buildBaseAccountStatusSnapshot({ @@ -260,51 +259,7 @@ export const zaloPlugin: ChannelPlugin = { }, }, gateway: { - startAccount: async (ctx) => { - const account = ctx.account; - const token = account.token.trim(); - const mode = account.config.webhookUrl ? "webhook" : "polling"; - let zaloBotLabel = ""; - const fetcher = resolveZaloProxyFetch(account.config.proxy); - try { - const probe = await probeZalo(token, 2500, fetcher); - const name = probe.ok ? probe.bot?.name?.trim() : null; - if (name) { - zaloBotLabel = ` (${name})`; - } - if (!probe.ok) { - ctx.log?.warn?.( - `[${account.accountId}] Zalo probe failed before provider start (${String(probe.elapsedMs)}ms): ${probe.error}`, - ); - } - ctx.setStatus({ - accountId: account.accountId, - bot: probe.bot, - }); - } catch (err) { - ctx.log?.warn?.( - `[${account.accountId}] Zalo probe threw before provider start: ${err instanceof Error ? (err.stack ?? err.message) : String(err)}`, - ); - } - const statusSink = createAccountStatusSink({ - accountId: ctx.accountId, - setStatus: ctx.setStatus, - }); - ctx.log?.info(`[${account.accountId}] starting provider${zaloBotLabel} mode=${mode}`); - const { monitorZaloProvider } = await import("./monitor.js"); - return monitorZaloProvider({ - token, - account, - config: ctx.cfg, - runtime: ctx.runtime, - abortSignal: ctx.abortSignal, - useWebhook: Boolean(account.config.webhookUrl), - webhookUrl: account.config.webhookUrl, - webhookSecret: normalizeSecretInputString(account.config.webhookSecret), - webhookPath: account.config.webhookPath, - fetcher, - statusSink, - }); - }, + startAccount: async (ctx) => + await (await loadZaloChannelRuntime()).startZaloGatewayAccount(ctx), }, }; diff --git a/extensions/zalo/src/config-schema.ts b/extensions/zalo/src/config-schema.ts index 253830eb858..d70e1441d9b 100644 --- a/extensions/zalo/src/config-schema.ts +++ b/extensions/zalo/src/config-schema.ts @@ -3,7 +3,7 @@ import { buildCatchallMultiAccountChannelSchema, DmPolicySchema, GroupPolicySchema, -} from "openclaw/plugin-sdk/compat"; +} from "openclaw/plugin-sdk/channel-config-schema"; import { MarkdownConfigSchema } from "openclaw/plugin-sdk/zalo"; import { z } from "zod"; import { buildSecretInputSchema } from "./secret-input.js"; diff --git a/extensions/zalo/src/runtime.ts b/extensions/zalo/src/runtime.ts index 10f417b3c7f..f36309db5c5 100644 --- a/extensions/zalo/src/runtime.ts +++ b/extensions/zalo/src/runtime.ts @@ -1,4 +1,4 @@ -import { createPluginRuntimeStore } from "openclaw/plugin-sdk/compat"; +import { createPluginRuntimeStore } from "openclaw/plugin-sdk/runtime-store"; import type { PluginRuntime } from "openclaw/plugin-sdk/zalo"; const { setRuntime: setZaloRuntime, getRuntime: getZaloRuntime } = diff --git a/extensions/zalo/src/setup-core.ts b/extensions/zalo/src/setup-core.ts index 6e194a41652..218ff32cf19 100644 --- a/extensions/zalo/src/setup-core.ts +++ b/extensions/zalo/src/setup-core.ts @@ -1,22 +1,9 @@ -import { - applyAccountNameToChannelSection, - applySetupAccountConfigPatch, - migrateBaseNameToDefaultAccount, -} from "../../../src/channels/plugins/setup-helpers.js"; -import type { ChannelSetupAdapter } from "../../../src/channels/plugins/types.adapters.js"; -import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js"; +import { createPatchedAccountSetupAdapter, DEFAULT_ACCOUNT_ID } from "openclaw/plugin-sdk/setup"; const channel = "zalo" as const; -export const zaloSetupAdapter: ChannelSetupAdapter = { - resolveAccountId: ({ accountId }) => normalizeAccountId(accountId), - applyAccountName: ({ cfg, accountId, name }) => - applyAccountNameToChannelSection({ - cfg, - channelKey: channel, - accountId, - name, - }), +export const zaloSetupAdapter = createPatchedAccountSetupAdapter({ + channelKey: channel, validateInput: ({ accountId, input }) => { if (input.useEnv && accountId !== DEFAULT_ACCOUNT_ID) { return "ZALO_BOT_TOKEN can only be used for the default account."; @@ -26,32 +13,12 @@ export const zaloSetupAdapter: ChannelSetupAdapter = { } return null; }, - applyAccountConfig: ({ cfg, accountId, input }) => { - const namedConfig = applyAccountNameToChannelSection({ - cfg, - channelKey: channel, - accountId, - name: input.name, - }); - const next = - accountId !== DEFAULT_ACCOUNT_ID - ? migrateBaseNameToDefaultAccount({ - cfg: namedConfig, - channelKey: channel, - }) - : namedConfig; - const patch = input.useEnv + buildPatch: (input) => + input.useEnv ? {} : input.tokenFile ? { tokenFile: input.tokenFile } : input.token ? { botToken: input.token } - : {}; - return applySetupAccountConfigPatch({ - cfg: next, - channelKey: channel, - accountId, - patch, - }); - }, -}; + : {}, +}); diff --git a/extensions/zalo/src/setup-surface.test.ts b/extensions/zalo/src/setup-surface.test.ts index f00060b50c6..8470a3bce66 100644 --- a/extensions/zalo/src/setup-surface.test.ts +++ b/extensions/zalo/src/setup-surface.test.ts @@ -1,23 +1,13 @@ -import type { OpenClawConfig, RuntimeEnv, WizardPrompter } from "openclaw/plugin-sdk/zalo"; +import type { OpenClawConfig, RuntimeEnv } from "openclaw/plugin-sdk/zalo"; import { describe, expect, it, vi } from "vitest"; import { buildChannelSetupWizardAdapterFromSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import { createRuntimeEnv } from "../../test-utils/runtime-env.js"; +import { createRuntimeEnv } from "../../../test/helpers/extensions/runtime-env.js"; +import { + createTestWizardPrompter, + type WizardPrompter, +} from "../../../test/helpers/extensions/setup-wizard.js"; import { zaloPlugin } from "./channel.js"; -function createPrompter(overrides: Partial): WizardPrompter { - return { - intro: vi.fn(async () => {}), - outro: vi.fn(async () => {}), - note: vi.fn(async () => {}), - select: vi.fn(async () => "plaintext") as WizardPrompter["select"], - multiselect: vi.fn(async () => []), - text: vi.fn(async () => "") as WizardPrompter["text"], - confirm: vi.fn(async () => false), - progress: vi.fn(() => ({ update: vi.fn(), stop: vi.fn() })), - ...overrides, - }; -} - const zaloConfigureAdapter = buildChannelSetupWizardAdapterFromSetupWizard({ plugin: zaloPlugin, wizard: zaloPlugin.setupWizard!, @@ -25,7 +15,8 @@ const zaloConfigureAdapter = buildChannelSetupWizardAdapterFromSetupWizard({ describe("zalo setup wizard", () => { it("configures a polling token flow", async () => { - const prompter = createPrompter({ + const prompter = createTestWizardPrompter({ + select: vi.fn(async () => "plaintext") as WizardPrompter["select"], text: vi.fn(async ({ message }: { message: string }) => { if (message === "Enter Zalo bot token") { return "12345689:abc-xyz"; diff --git a/extensions/zalo/src/setup-surface.ts b/extensions/zalo/src/setup-surface.ts index 6ae6a78be0f..50e6761b35a 100644 --- a/extensions/zalo/src/setup-surface.ts +++ b/extensions/zalo/src/setup-surface.ts @@ -1,17 +1,18 @@ import { buildSingleChannelSecretPromptState, + DEFAULT_ACCOUNT_ID, + formatDocsLink, + hasConfiguredSecretInput, mergeAllowFromEntries, + normalizeAccountId, promptSingleChannelSecretInput, runSingleChannelSecretStep, setTopLevelChannelDmPolicyWithAllowFrom, -} from "../../../src/channels/plugins/setup-wizard-helpers.js"; -import type { ChannelSetupDmPolicy } from "../../../src/channels/plugins/setup-wizard-types.js"; -import type { ChannelSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import type { SecretInput } from "../../../src/config/types.secrets.js"; -import { hasConfiguredSecretInput } from "../../../src/config/types.secrets.js"; -import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js"; -import { formatDocsLink } from "../../../src/terminal/links.js"; + type ChannelSetupDmPolicy, + type ChannelSetupWizard, + type OpenClawConfig, + type SecretInput, +} from "openclaw/plugin-sdk/setup"; import { listZaloAccountIds, resolveDefaultZaloAccountId, resolveZaloAccount } from "./accounts.js"; import { zaloSetupAdapter } from "./setup-core.js"; diff --git a/extensions/zalo/src/status-issues.test.ts b/extensions/zalo/src/status-issues.test.ts index 581a0dfe916..1187d45a298 100644 --- a/extensions/zalo/src/status-issues.test.ts +++ b/extensions/zalo/src/status-issues.test.ts @@ -1,5 +1,5 @@ import { describe, expect, it } from "vitest"; -import { expectOpenDmPolicyConfigIssue } from "../../test-utils/status-issues.js"; +import { expectOpenDmPolicyConfigIssue } from "../../../test/helpers/extensions/status-issues.js"; import { collectZaloStatusIssues } from "./status-issues.js"; describe("collectZaloStatusIssues", () => { diff --git a/extensions/zalo/src/token.ts b/extensions/zalo/src/token.ts index 10a4aca6cd1..9e8eec34caa 100644 --- a/extensions/zalo/src/token.ts +++ b/extensions/zalo/src/token.ts @@ -1,5 +1,5 @@ import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "openclaw/plugin-sdk/account-id"; -import { tryReadSecretFileSync } from "openclaw/plugin-sdk/core"; +import { tryReadSecretFileSync } from "openclaw/plugin-sdk/infra-runtime"; import type { BaseTokenResolution } from "openclaw/plugin-sdk/zalo"; import { normalizeResolvedSecretInputString, normalizeSecretInputString } from "./secret-input.js"; import type { ZaloConfig } from "./types.js"; diff --git a/extensions/zalouser/api.ts b/extensions/zalouser/api.ts new file mode 100644 index 00000000000..8f7fe4d268b --- /dev/null +++ b/extensions/zalouser/api.ts @@ -0,0 +1,2 @@ +export * from "./src/setup-core.js"; +export * from "./src/setup-surface.js"; diff --git a/extensions/zalouser/index.ts b/extensions/zalouser/index.ts index 8d470b043e3..c5d4cc2ba24 100644 --- a/extensions/zalouser/index.ts +++ b/extensions/zalouser/index.ts @@ -1,21 +1,19 @@ -import type { AnyAgentTool, OpenClawPluginApi } from "openclaw/plugin-sdk/zalouser"; -import { emptyPluginConfigSchema } from "openclaw/plugin-sdk/zalouser"; +import { defineChannelPluginEntry } from "openclaw/plugin-sdk/core"; +import type { AnyAgentTool } from "openclaw/plugin-sdk/zalouser"; import { zalouserPlugin } from "./src/channel.js"; import { setZalouserRuntime } from "./src/runtime.js"; import { ZalouserToolSchema, executeZalouserTool } from "./src/tool.js"; -const plugin = { +export { zalouserPlugin } from "./src/channel.js"; +export { setZalouserRuntime } from "./src/runtime.js"; + +export default defineChannelPluginEntry({ id: "zalouser", name: "Zalo Personal", description: "Zalo personal account messaging via native zca-js integration", - configSchema: emptyPluginConfigSchema(), - register(api: OpenClawPluginApi) { - setZalouserRuntime(api.runtime); - api.registerChannel(zalouserPlugin); - if (api.registrationMode !== "full") { - return; - } - + plugin: zalouserPlugin, + setRuntime: setZalouserRuntime, + registerFull(api) { api.registerTool({ name: "zalouser", label: "Zalo Personal", @@ -27,6 +25,4 @@ const plugin = { execute: executeZalouserTool, } as AnyAgentTool); }, -}; - -export default plugin; +}); diff --git a/extensions/zalouser/setup-entry.ts b/extensions/zalouser/setup-entry.ts index f983cad8f80..0320d3cf945 100644 --- a/extensions/zalouser/setup-entry.ts +++ b/extensions/zalouser/setup-entry.ts @@ -1,5 +1,4 @@ +import { defineSetupPluginEntry } from "openclaw/plugin-sdk/core"; import { zalouserPlugin } from "./src/channel.js"; -export default { - plugin: zalouserPlugin, -}; +export default defineSetupPluginEntry(zalouserPlugin); diff --git a/extensions/zalouser/src/channel.ts b/extensions/zalouser/src/channel.ts index 7e79b186c3d..1fee83709ef 100644 --- a/extensions/zalouser/src/channel.ts +++ b/extensions/zalouser/src/channel.ts @@ -1,8 +1,6 @@ -import { - buildAccountScopedDmSecurityPolicy, - createAccountStatusSink, - mapAllowFromEntries, -} from "openclaw/plugin-sdk/compat"; +import { mapAllowFromEntries } from "openclaw/plugin-sdk/channel-config-helpers"; +import { createAccountStatusSink } from "openclaw/plugin-sdk/channel-lifecycle"; +import { buildAccountScopedDmSecurityPolicy } from "openclaw/plugin-sdk/channel-policy"; import type { ChannelAccountSnapshot, ChannelDirectoryEntry, diff --git a/extensions/zalouser/src/config-schema.ts b/extensions/zalouser/src/config-schema.ts index 1ff115876c4..475ba16bca2 100644 --- a/extensions/zalouser/src/config-schema.ts +++ b/extensions/zalouser/src/config-schema.ts @@ -3,7 +3,7 @@ import { buildCatchallMultiAccountChannelSchema, DmPolicySchema, GroupPolicySchema, -} from "openclaw/plugin-sdk/compat"; +} from "openclaw/plugin-sdk/channel-config-schema"; import { MarkdownConfigSchema, ToolPolicySchema } from "openclaw/plugin-sdk/zalouser"; import { z } from "zod"; diff --git a/extensions/zalouser/src/monitor.ts b/extensions/zalouser/src/monitor.ts index b96ff8cdf0d..e4acdd61cb9 100644 --- a/extensions/zalouser/src/monitor.ts +++ b/extensions/zalouser/src/monitor.ts @@ -1,13 +1,15 @@ import { DM_GROUP_ACCESS_REASON, + resolveDmGroupAccessWithLists, +} from "openclaw/plugin-sdk/channel-policy"; +import { KeyedAsyncQueue } from "openclaw/plugin-sdk/keyed-async-queue"; +import { DEFAULT_GROUP_HISTORY_LIMIT, type HistoryEntry, - KeyedAsyncQueue, buildPendingHistoryContextFromMap, clearHistoryEntriesIfEnabled, recordPendingHistoryEntryIfEnabled, - resolveDmGroupAccessWithLists, -} from "openclaw/plugin-sdk/compat"; +} from "openclaw/plugin-sdk/reply-history"; import type { MarkdownTableMode, OpenClawConfig, diff --git a/extensions/zalouser/src/runtime.ts b/extensions/zalouser/src/runtime.ts index 44cf09edbc7..eaa93ec1b20 100644 --- a/extensions/zalouser/src/runtime.ts +++ b/extensions/zalouser/src/runtime.ts @@ -1,4 +1,4 @@ -import { createPluginRuntimeStore } from "openclaw/plugin-sdk/compat"; +import { createPluginRuntimeStore } from "openclaw/plugin-sdk/runtime-store"; import type { PluginRuntime } from "openclaw/plugin-sdk/zalouser"; const { setRuntime: setZalouserRuntime, getRuntime: getZalouserRuntime } = diff --git a/extensions/zalouser/src/setup-core.ts b/extensions/zalouser/src/setup-core.ts index 45f412ed9f6..e1f9e9fd27c 100644 --- a/extensions/zalouser/src/setup-core.ts +++ b/extensions/zalouser/src/setup-core.ts @@ -1,42 +1,9 @@ -import { - applyAccountNameToChannelSection, - applySetupAccountConfigPatch, - migrateBaseNameToDefaultAccount, -} from "../../../src/channels/plugins/setup-helpers.js"; -import type { ChannelSetupAdapter } from "../../../src/channels/plugins/types.adapters.js"; -import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js"; +import { createPatchedAccountSetupAdapter } from "openclaw/plugin-sdk/setup"; const channel = "zalouser" as const; -export const zalouserSetupAdapter: ChannelSetupAdapter = { - resolveAccountId: ({ accountId }) => normalizeAccountId(accountId), - applyAccountName: ({ cfg, accountId, name }) => - applyAccountNameToChannelSection({ - cfg, - channelKey: channel, - accountId, - name, - }), +export const zalouserSetupAdapter = createPatchedAccountSetupAdapter({ + channelKey: channel, validateInput: () => null, - applyAccountConfig: ({ cfg, accountId, input }) => { - const namedConfig = applyAccountNameToChannelSection({ - cfg, - channelKey: channel, - accountId, - name: input.name, - }); - const next = - accountId !== DEFAULT_ACCOUNT_ID - ? migrateBaseNameToDefaultAccount({ - cfg: namedConfig, - channelKey: channel, - }) - : namedConfig; - return applySetupAccountConfigPatch({ - cfg: next, - channelKey: channel, - accountId, - patch: {}, - }); - }, -}; + buildPatch: () => ({}), +}); diff --git a/extensions/zalouser/src/setup-surface.test.ts b/extensions/zalouser/src/setup-surface.test.ts index fc95b90ab8d..af95c35465b 100644 --- a/extensions/zalouser/src/setup-surface.test.ts +++ b/extensions/zalouser/src/setup-surface.test.ts @@ -1,7 +1,8 @@ -import type { OpenClawConfig, WizardPrompter } from "openclaw/plugin-sdk/zalouser"; +import type { OpenClawConfig } from "openclaw/plugin-sdk/zalouser"; import { describe, expect, it, vi } from "vitest"; import { buildChannelSetupWizardAdapterFromSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import { createRuntimeEnv } from "../../test-utils/runtime-env.js"; +import { createRuntimeEnv } from "../../../test/helpers/extensions/runtime-env.js"; +import { createTestWizardPrompter } from "../../../test/helpers/extensions/setup-wizard.js"; vi.mock("./zalo-js.js", async (importOriginal) => { const actual = await importOriginal(); @@ -28,28 +29,6 @@ vi.mock("./zalo-js.js", async (importOriginal) => { import { zalouserPlugin } from "./channel.js"; -const selectFirstOption = async (params: { options: Array<{ value: T }> }): Promise => { - const first = params.options[0]; - if (!first) { - throw new Error("no options"); - } - return first.value; -}; - -function createPrompter(overrides: Partial): WizardPrompter { - return { - intro: vi.fn(async () => {}), - outro: vi.fn(async () => {}), - note: vi.fn(async () => {}), - select: selectFirstOption as WizardPrompter["select"], - multiselect: vi.fn(async () => []), - text: vi.fn(async () => "") as WizardPrompter["text"], - confirm: vi.fn(async () => false), - progress: vi.fn(() => ({ update: vi.fn(), stop: vi.fn() })), - ...overrides, - }; -} - const zalouserConfigureAdapter = buildChannelSetupWizardAdapterFromSetupWizard({ plugin: zalouserPlugin, wizard: zalouserPlugin.setupWizard!, @@ -58,7 +37,7 @@ const zalouserConfigureAdapter = buildChannelSetupWizardAdapterFromSetupWizard({ describe("zalouser setup wizard", () => { it("enables the account without forcing QR login", async () => { const runtime = createRuntimeEnv(); - const prompter = createPrompter({ + const prompter = createTestWizardPrompter({ confirm: vi.fn(async ({ message }: { message: string }) => { if (message === "Login via QR code now?") { return false; diff --git a/extensions/zalouser/src/setup-surface.ts b/extensions/zalouser/src/setup-surface.ts index 74f940e5077..f51b55ff068 100644 --- a/extensions/zalouser/src/setup-surface.ts +++ b/extensions/zalouser/src/setup-surface.ts @@ -1,14 +1,15 @@ -import { patchScopedAccountConfig } from "../../../src/channels/plugins/setup-helpers.js"; import { + DEFAULT_ACCOUNT_ID, + formatDocsLink, + formatResolvedUnresolvedNote, mergeAllowFromEntries, + normalizeAccountId, + patchScopedAccountConfig, setTopLevelChannelDmPolicyWithAllowFrom, -} from "../../../src/channels/plugins/setup-wizard-helpers.js"; -import type { ChannelSetupDmPolicy } from "../../../src/channels/plugins/setup-wizard-types.js"; -import type { ChannelSetupWizard } from "../../../src/channels/plugins/setup-wizard.js"; -import type { OpenClawConfig } from "../../../src/config/config.js"; -import { formatResolvedUnresolvedNote } from "../../../src/plugin-sdk/resolution-notes.js"; -import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js"; -import { formatDocsLink } from "../../../src/terminal/links.js"; + type ChannelSetupDmPolicy, + type ChannelSetupWizard, + type OpenClawConfig, +} from "openclaw/plugin-sdk/setup"; import { listZalouserAccountIds, resolveDefaultZalouserAccountId, diff --git a/extensions/zalouser/src/status-issues.test.ts b/extensions/zalouser/src/status-issues.test.ts index c1e142c88e8..bd1ae4d4cd4 100644 --- a/extensions/zalouser/src/status-issues.test.ts +++ b/extensions/zalouser/src/status-issues.test.ts @@ -1,5 +1,5 @@ import { describe, expect, it } from "vitest"; -import { expectOpenDmPolicyConfigIssue } from "../../test-utils/status-issues.js"; +import { expectOpenDmPolicyConfigIssue } from "../../../test/helpers/extensions/status-issues.js"; import { collectZalouserStatusIssues } from "./status-issues.js"; describe("collectZalouserStatusIssues", () => { diff --git a/knip.config.ts b/knip.config.ts index 6a76a8238b7..9ceda2575d8 100644 --- a/knip.config.ts +++ b/knip.config.ts @@ -3,7 +3,6 @@ const rootEntries = [ "src/index.ts!", "src/entry.ts!", "src/cli/daemon-cli.ts!", - "src/extensionAPI.ts!", "src/infra/warning-filter.ts!", "src/channels/plugins/agent-tools/whatsapp-login.ts!", "src/channels/plugins/actions/discord.ts!", diff --git a/package.json b/package.json index a0b5e9581df..473a4fcfefe 100644 --- a/package.json +++ b/package.json @@ -70,30 +70,142 @@ "types": "./dist/plugin-sdk/routing.d.ts", "default": "./dist/plugin-sdk/routing.js" }, + "./plugin-sdk/runtime": { + "types": "./dist/plugin-sdk/runtime.d.ts", + "default": "./dist/plugin-sdk/runtime.js" + }, + "./plugin-sdk/runtime-env": { + "types": "./dist/plugin-sdk/runtime-env.d.ts", + "default": "./dist/plugin-sdk/runtime-env.js" + }, + "./plugin-sdk/setup": { + "types": "./dist/plugin-sdk/setup.d.ts", + "default": "./dist/plugin-sdk/setup.js" + }, + "./plugin-sdk/setup-tools": { + "types": "./dist/plugin-sdk/setup-tools.d.ts", + "default": "./dist/plugin-sdk/setup-tools.js" + }, + "./plugin-sdk/config-runtime": { + "types": "./dist/plugin-sdk/config-runtime.d.ts", + "default": "./dist/plugin-sdk/config-runtime.js" + }, + "./plugin-sdk/reply-runtime": { + "types": "./dist/plugin-sdk/reply-runtime.d.ts", + "default": "./dist/plugin-sdk/reply-runtime.js" + }, + "./plugin-sdk/channel-runtime": { + "types": "./dist/plugin-sdk/channel-runtime.d.ts", + "default": "./dist/plugin-sdk/channel-runtime.js" + }, + "./plugin-sdk/infra-runtime": { + "types": "./dist/plugin-sdk/infra-runtime.d.ts", + "default": "./dist/plugin-sdk/infra-runtime.js" + }, + "./plugin-sdk/media-runtime": { + "types": "./dist/plugin-sdk/media-runtime.d.ts", + "default": "./dist/plugin-sdk/media-runtime.js" + }, + "./plugin-sdk/media-understanding-runtime": { + "types": "./dist/plugin-sdk/media-understanding-runtime.d.ts", + "default": "./dist/plugin-sdk/media-understanding-runtime.js" + }, + "./plugin-sdk/conversation-runtime": { + "types": "./dist/plugin-sdk/conversation-runtime.d.ts", + "default": "./dist/plugin-sdk/conversation-runtime.js" + }, + "./plugin-sdk/text-runtime": { + "types": "./dist/plugin-sdk/text-runtime.d.ts", + "default": "./dist/plugin-sdk/text-runtime.js" + }, + "./plugin-sdk/agent-runtime": { + "types": "./dist/plugin-sdk/agent-runtime.d.ts", + "default": "./dist/plugin-sdk/agent-runtime.js" + }, + "./plugin-sdk/speech-runtime": { + "types": "./dist/plugin-sdk/speech-runtime.d.ts", + "default": "./dist/plugin-sdk/speech-runtime.js" + }, + "./plugin-sdk/plugin-runtime": { + "types": "./dist/plugin-sdk/plugin-runtime.d.ts", + "default": "./dist/plugin-sdk/plugin-runtime.js" + }, + "./plugin-sdk/security-runtime": { + "types": "./dist/plugin-sdk/security-runtime.d.ts", + "default": "./dist/plugin-sdk/security-runtime.js" + }, + "./plugin-sdk/gateway-runtime": { + "types": "./dist/plugin-sdk/gateway-runtime.d.ts", + "default": "./dist/plugin-sdk/gateway-runtime.js" + }, + "./plugin-sdk/cli-runtime": { + "types": "./dist/plugin-sdk/cli-runtime.d.ts", + "default": "./dist/plugin-sdk/cli-runtime.js" + }, + "./plugin-sdk/hook-runtime": { + "types": "./dist/plugin-sdk/hook-runtime.d.ts", + "default": "./dist/plugin-sdk/hook-runtime.js" + }, + "./plugin-sdk/process-runtime": { + "types": "./dist/plugin-sdk/process-runtime.d.ts", + "default": "./dist/plugin-sdk/process-runtime.js" + }, + "./plugin-sdk/acp-runtime": { + "types": "./dist/plugin-sdk/acp-runtime.d.ts", + "default": "./dist/plugin-sdk/acp-runtime.js" + }, + "./plugin-sdk/zai": { + "types": "./dist/plugin-sdk/zai.d.ts", + "default": "./dist/plugin-sdk/zai.js" + }, "./plugin-sdk/telegram": { "types": "./dist/plugin-sdk/telegram.d.ts", "default": "./dist/plugin-sdk/telegram.js" }, + "./plugin-sdk/telegram-core": { + "types": "./dist/plugin-sdk/telegram-core.d.ts", + "default": "./dist/plugin-sdk/telegram-core.js" + }, "./plugin-sdk/discord": { "types": "./dist/plugin-sdk/discord.d.ts", "default": "./dist/plugin-sdk/discord.js" }, + "./plugin-sdk/discord-core": { + "types": "./dist/plugin-sdk/discord-core.d.ts", + "default": "./dist/plugin-sdk/discord-core.js" + }, "./plugin-sdk/slack": { "types": "./dist/plugin-sdk/slack.d.ts", "default": "./dist/plugin-sdk/slack.js" }, + "./plugin-sdk/slack-core": { + "types": "./dist/plugin-sdk/slack-core.d.ts", + "default": "./dist/plugin-sdk/slack-core.js" + }, "./plugin-sdk/signal": { "types": "./dist/plugin-sdk/signal.d.ts", "default": "./dist/plugin-sdk/signal.js" }, + "./plugin-sdk/signal-core": { + "types": "./dist/plugin-sdk/signal-core.d.ts", + "default": "./dist/plugin-sdk/signal-core.js" + }, "./plugin-sdk/imessage": { "types": "./dist/plugin-sdk/imessage.d.ts", "default": "./dist/plugin-sdk/imessage.js" }, + "./plugin-sdk/imessage-core": { + "types": "./dist/plugin-sdk/imessage-core.d.ts", + "default": "./dist/plugin-sdk/imessage-core.js" + }, "./plugin-sdk/whatsapp": { "types": "./dist/plugin-sdk/whatsapp.d.ts", "default": "./dist/plugin-sdk/whatsapp.js" }, + "./plugin-sdk/whatsapp-core": { + "types": "./dist/plugin-sdk/whatsapp-core.d.ts", + "default": "./dist/plugin-sdk/whatsapp-core.js" + }, "./plugin-sdk/line": { "types": "./dist/plugin-sdk/line.d.ts", "default": "./dist/plugin-sdk/line.js" @@ -146,6 +258,10 @@ "types": "./dist/plugin-sdk/lobster.d.ts", "default": "./dist/plugin-sdk/lobster.js" }, + "./plugin-sdk/lazy-runtime": { + "types": "./dist/plugin-sdk/lazy-runtime.d.ts", + "default": "./dist/plugin-sdk/lazy-runtime.js" + }, "./plugin-sdk/matrix": { "types": "./dist/plugin-sdk/matrix.d.ts", "default": "./dist/plugin-sdk/matrix.js" @@ -194,6 +310,10 @@ "types": "./dist/plugin-sdk/talk-voice.d.ts", "default": "./dist/plugin-sdk/talk-voice.js" }, + "./plugin-sdk/testing": { + "types": "./dist/plugin-sdk/testing.d.ts", + "default": "./dist/plugin-sdk/testing.js" + }, "./plugin-sdk/test-utils": { "types": "./dist/plugin-sdk/test-utils.d.ts", "default": "./dist/plugin-sdk/test-utils.js" @@ -226,11 +346,126 @@ "types": "./dist/plugin-sdk/account-id.d.ts", "default": "./dist/plugin-sdk/account-id.js" }, + "./plugin-sdk/account-resolution": { + "types": "./dist/plugin-sdk/account-resolution.d.ts", + "default": "./dist/plugin-sdk/account-resolution.js" + }, + "./plugin-sdk/allow-from": { + "types": "./dist/plugin-sdk/allow-from.d.ts", + "default": "./dist/plugin-sdk/allow-from.js" + }, + "./plugin-sdk/allowlist-resolution": { + "types": "./dist/plugin-sdk/allowlist-resolution.d.ts", + "default": "./dist/plugin-sdk/allowlist-resolution.js" + }, + "./plugin-sdk/allowlist-config-edit": { + "types": "./dist/plugin-sdk/allowlist-config-edit.d.ts", + "default": "./dist/plugin-sdk/allowlist-config-edit.js" + }, + "./plugin-sdk/boolean-param": { + "types": "./dist/plugin-sdk/boolean-param.d.ts", + "default": "./dist/plugin-sdk/boolean-param.js" + }, + "./plugin-sdk/channel-config-helpers": { + "types": "./dist/plugin-sdk/channel-config-helpers.d.ts", + "default": "./dist/plugin-sdk/channel-config-helpers.js" + }, + "./plugin-sdk/channel-config-schema": { + "types": "./dist/plugin-sdk/channel-config-schema.d.ts", + "default": "./dist/plugin-sdk/channel-config-schema.js" + }, + "./plugin-sdk/channel-lifecycle": { + "types": "./dist/plugin-sdk/channel-lifecycle.d.ts", + "default": "./dist/plugin-sdk/channel-lifecycle.js" + }, + "./plugin-sdk/channel-policy": { + "types": "./dist/plugin-sdk/channel-policy.d.ts", + "default": "./dist/plugin-sdk/channel-policy.js" + }, + "./plugin-sdk/group-access": { + "types": "./dist/plugin-sdk/group-access.d.ts", + "default": "./dist/plugin-sdk/group-access.js" + }, + "./plugin-sdk/directory-runtime": { + "types": "./dist/plugin-sdk/directory-runtime.d.ts", + "default": "./dist/plugin-sdk/directory-runtime.js" + }, + "./plugin-sdk/json-store": { + "types": "./dist/plugin-sdk/json-store.d.ts", + "default": "./dist/plugin-sdk/json-store.js" + }, "./plugin-sdk/keyed-async-queue": { "types": "./dist/plugin-sdk/keyed-async-queue.d.ts", "default": "./dist/plugin-sdk/keyed-async-queue.js" }, - "./extension-api": "./dist/extensionAPI.js", + "./plugin-sdk/provider-auth": { + "types": "./dist/plugin-sdk/provider-auth.d.ts", + "default": "./dist/plugin-sdk/provider-auth.js" + }, + "./plugin-sdk/provider-catalog": { + "types": "./dist/plugin-sdk/provider-catalog.d.ts", + "default": "./dist/plugin-sdk/provider-catalog.js" + }, + "./plugin-sdk/provider-models": { + "types": "./dist/plugin-sdk/provider-models.d.ts", + "default": "./dist/plugin-sdk/provider-models.js" + }, + "./plugin-sdk/provider-onboard": { + "types": "./dist/plugin-sdk/provider-onboard.d.ts", + "default": "./dist/plugin-sdk/provider-onboard.js" + }, + "./plugin-sdk/provider-stream": { + "types": "./dist/plugin-sdk/provider-stream.d.ts", + "default": "./dist/plugin-sdk/provider-stream.js" + }, + "./plugin-sdk/provider-usage": { + "types": "./dist/plugin-sdk/provider-usage.d.ts", + "default": "./dist/plugin-sdk/provider-usage.js" + }, + "./plugin-sdk/provider-web-search": { + "types": "./dist/plugin-sdk/provider-web-search.d.ts", + "default": "./dist/plugin-sdk/provider-web-search.js" + }, + "./plugin-sdk/image-generation": { + "types": "./dist/plugin-sdk/image-generation.d.ts", + "default": "./dist/plugin-sdk/image-generation.js" + }, + "./plugin-sdk/reply-history": { + "types": "./dist/plugin-sdk/reply-history.d.ts", + "default": "./dist/plugin-sdk/reply-history.js" + }, + "./plugin-sdk/media-understanding": { + "types": "./dist/plugin-sdk/media-understanding.d.ts", + "default": "./dist/plugin-sdk/media-understanding.js" + }, + "./plugin-sdk/google": { + "types": "./dist/plugin-sdk/google.d.ts", + "default": "./dist/plugin-sdk/google.js" + }, + "./plugin-sdk/request-url": { + "types": "./dist/plugin-sdk/request-url.d.ts", + "default": "./dist/plugin-sdk/request-url.js" + }, + "./plugin-sdk/runtime-store": { + "types": "./dist/plugin-sdk/runtime-store.d.ts", + "default": "./dist/plugin-sdk/runtime-store.js" + }, + "./plugin-sdk/web-media": { + "types": "./dist/plugin-sdk/web-media.d.ts", + "default": "./dist/plugin-sdk/web-media.js" + }, + "./plugin-sdk/speech": { + "types": "./dist/plugin-sdk/speech.d.ts", + "default": "./dist/plugin-sdk/speech.js" + }, + "./plugin-sdk/state-paths": { + "types": "./dist/plugin-sdk/state-paths.d.ts", + "default": "./dist/plugin-sdk/state-paths.js" + }, + "./plugin-sdk/tool-send": { + "types": "./dist/plugin-sdk/tool-send.d.ts", + "default": "./dist/plugin-sdk/tool-send.js" + }, "./cli-entry": "./openclaw.mjs" }, "scripts": { @@ -248,7 +483,7 @@ "build:plugin-sdk:dts": "tsc -p tsconfig.plugin-sdk.dts.json || true", "build:strict-smoke": "pnpm canvas:a2ui:bundle && node scripts/tsdown-build.mjs && node scripts/runtime-postbuild.mjs && pnpm build:plugin-sdk:dts", "canvas:a2ui:bundle": "bash scripts/bundle-a2ui.sh", - "check": "pnpm check:host-env-policy:swift && pnpm format:check && pnpm tsgo && pnpm plugin-sdk:check-exports && pnpm lint && pnpm lint:tmp:no-random-messaging && pnpm lint:tmp:channel-agnostic-boundaries && pnpm lint:tmp:no-raw-channel-fetch && pnpm lint:agent:ingress-owner && pnpm lint:plugins:no-register-http-handler && pnpm lint:plugins:no-monolithic-plugin-sdk-entry-imports && pnpm lint:webhook:no-low-level-body-read && pnpm lint:auth:no-pairing-store-group && pnpm lint:auth:pairing-account-scope", + "check": "pnpm check:host-env-policy:swift && pnpm format:check && pnpm tsgo && pnpm plugin-sdk:check-exports && pnpm lint && pnpm lint:tmp:no-random-messaging && pnpm lint:tmp:channel-agnostic-boundaries && pnpm lint:tmp:no-raw-channel-fetch && pnpm lint:agent:ingress-owner && pnpm lint:plugins:no-register-http-handler && pnpm lint:plugins:no-monolithic-plugin-sdk-entry-imports && pnpm lint:plugins:no-extension-test-core-imports && pnpm lint:webhook:no-low-level-body-read && pnpm lint:auth:no-pairing-store-group && pnpm lint:auth:pairing-account-scope", "check:docs": "pnpm format:docs:check && pnpm lint:docs && pnpm docs:check-i18n-glossary && pnpm docs:check-links", "check:host-env-policy:swift": "node scripts/generate-host-env-security-policy-swift.mjs --check", "check:loc": "node --import tsx scripts/check-ts-max-loc.ts --max 500", @@ -300,6 +535,7 @@ "lint:docs": "pnpm dlx markdownlint-cli2", "lint:docs:fix": "pnpm dlx markdownlint-cli2 --fix", "lint:fix": "oxlint --type-aware --fix && pnpm format", + "lint:plugins:no-extension-test-core-imports": "node --import tsx scripts/check-no-extension-test-core-imports.ts", "lint:plugins:no-monolithic-plugin-sdk-entry-imports": "node --import tsx scripts/check-no-monolithic-plugin-sdk-entry-imports.ts", "lint:plugins:no-register-http-handler": "node scripts/check-no-register-http-handler.mjs", "lint:swift": "swiftlint lint --config .swiftlint.yml && (cd apps/ios && swiftlint lint --config .swiftlint.yml)", @@ -329,7 +565,9 @@ "test:all": "pnpm lint && pnpm build && pnpm test && pnpm test:e2e && pnpm test:live && pnpm test:docker:all", "test:auth:compat": "vitest run --config vitest.gateway.config.ts src/gateway/server.auth.compat-baseline.test.ts src/gateway/client.test.ts src/gateway/reconnect-gating.test.ts src/gateway/protocol/connect-error-details.test.ts", "test:channels": "vitest run --config vitest.channels.config.ts", - "test:contracts": "pnpm test -- src/channels/plugins/contracts src/plugins/contracts", + "test:contracts": "pnpm test:contracts:channels && pnpm test:contracts:plugins", + "test:contracts:channels": "OPENCLAW_TEST_PROFILE=low pnpm test -- src/channels/plugins/contracts", + "test:contracts:plugins": "OPENCLAW_TEST_PROFILE=low pnpm test -- src/plugins/contracts", "test:coverage": "vitest run --config vitest.unit.config.ts --coverage", "test:docker:all": "pnpm test:docker:live-models && pnpm test:docker:live-gateway && pnpm test:docker:onboard && pnpm test:docker:gateway-network && pnpm test:docker:qr && pnpm test:docker:doctor-switch && pnpm test:docker:plugins && pnpm test:docker:cleanup", "test:docker:cleanup": "bash scripts/test-cleanup-docker.sh", @@ -347,6 +585,7 @@ "test:fast": "vitest run --config vitest.unit.config.ts", "test:force": "node --import tsx scripts/test-force.ts", "test:gateway": "vitest run --config vitest.gateway.config.ts --pool=forks", + "test:gateway:watch-regression": "node scripts/check-gateway-watch-regression.mjs", "test:install:e2e": "bash scripts/test-install-sh-e2e-docker.sh", "test:install:e2e:anthropic": "OPENCLAW_E2E_MODELS=anthropic CLAWDBOT_E2E_MODELS=anthropic bash scripts/test-install-sh-e2e-docker.sh", "test:install:e2e:openai": "OPENCLAW_E2E_MODELS=openai CLAWDBOT_E2E_MODELS=openai bash scripts/test-install-sh-e2e-docker.sh", @@ -402,7 +641,7 @@ "dotenv": "^17.3.1", "express": "^5.2.1", "file-type": "^21.3.2", - "gaxios": "^7.1.3", + "gaxios": "7.1.3", "grammy": "^1.41.1", "hono": "4.12.7", "https-proxy-agent": "^8.0.0", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 90ebda912b0..bde6311c766 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -126,7 +126,7 @@ importers: specifier: 21.3.2 version: 21.3.2 gaxios: - specifier: ^7.1.3 + specifier: 7.1.3 version: 7.1.3 grammy: specifier: ^1.41.1 @@ -342,6 +342,8 @@ importers: extensions/discord: {} + extensions/elevenlabs: {} + extensions/feishu: dependencies: '@larksuiteoapi/node-sdk': @@ -451,6 +453,8 @@ importers: specifier: ^6.29.0 version: 6.29.0(ws@8.19.0)(zod@4.3.6) + extensions/microsoft: {} + extensions/minimax: {} extensions/mistral: {} diff --git a/scripts/check-cli-startup-memory.mjs b/scripts/check-cli-startup-memory.mjs index ce452d1a7ab..f2e8521961e 100644 --- a/scripts/check-cli-startup-memory.mjs +++ b/scripts/check-cli-startup-memory.mjs @@ -62,6 +62,32 @@ const cases = [ }, ]; +function formatFixGuidance(testCase, details) { + const command = `node ${testCase.args.join(" ")}`; + const guidance = [ + "[startup-memory] Fix guidance", + `Case: ${testCase.label}`, + `Command: ${command}`, + "Next steps:", + `1. Run \`${command}\` locally on the built tree.`, + "2. If this is an RSS overage, compare the startup import graph against the last passing commit and look for newly eager imports, bootstrap side effects, or plugin loading on the command path.", + "3. If this is a non-zero exit, inspect the first transitive import/config error in stderr and fix that root cause before re-checking memory.", + "LLM prompt:", + `"OpenClaw startup-memory CI failed for '${testCase.label}'. Analyze this failure, identify the first runtime/import side effect that makes startup heavier or broken, and propose the smallest safe patch. Failure output:\n${details}"`, + ]; + return `${guidance.join("\n")}\n`; +} + +function formatFailure(testCase, message, details = "") { + const trimmedDetails = details.trim(); + const sections = [message]; + if (trimmedDetails) { + sections.push(trimmedDetails); + } + sections.push(formatFixGuidance(testCase, trimmedDetails || message)); + return sections.join("\n\n"); +} + function parseMaxRssMb(stderr) { const matches = [...stderr.matchAll(new RegExp(`^${MAX_RSS_MARKER}(\\d+)\\s*$`, "gm"))]; const lastMatch = matches.at(-1); @@ -120,18 +146,27 @@ function runCase(testCase) { if (result.status !== 0) { throw new Error( - `${testCase.label} exited with ${String(result.status)}\n${stderr.trim() || result.stdout || ""}`, + formatFailure( + testCase, + `${testCase.label} exited with ${String(result.status)}`, + stderr.trim() || result.stdout || "", + ), ); } if (maxRssMb == null) { - throw new Error(`${testCase.label} did not report max RSS\n${stderr.trim()}`); + throw new Error(formatFailure(testCase, `${testCase.label} did not report max RSS`, stderr)); } if (matrixBootstrapWarning) { - throw new Error(`${testCase.label} triggered Matrix crypto bootstrap during startup`); + throw new Error( + formatFailure(testCase, `${testCase.label} triggered Matrix crypto bootstrap during startup`), + ); } if (maxRssMb > testCase.limitMb) { throw new Error( - `${testCase.label} used ${maxRssMb.toFixed(1)} MB RSS (limit ${testCase.limitMb} MB)`, + formatFailure( + testCase, + `${testCase.label} used ${maxRssMb.toFixed(1)} MB RSS (limit ${testCase.limitMb} MB)`, + ), ); } diff --git a/scripts/check-gateway-watch-regression.mjs b/scripts/check-gateway-watch-regression.mjs new file mode 100644 index 00000000000..238bc68e742 --- /dev/null +++ b/scripts/check-gateway-watch-regression.mjs @@ -0,0 +1,464 @@ +#!/usr/bin/env node + +import { spawn, spawnSync } from "node:child_process"; +import fs from "node:fs"; +import os from "node:os"; +import path from "node:path"; +import process from "node:process"; + +const DEFAULTS = { + outputDir: path.join(process.cwd(), ".local", "gateway-watch-regression"), + windowMs: 10_000, + sigkillGraceMs: 10_000, + cpuWarnMs: 1_000, + cpuFailMs: 8_000, + distRuntimeFileGrowthMax: 200, + distRuntimeByteGrowthMax: 2 * 1024 * 1024, + keepLogs: true, + skipBuild: false, +}; + +function parseArgs(argv) { + const options = { ...DEFAULTS }; + for (let i = 0; i < argv.length; i += 1) { + const arg = argv[i]; + const next = argv[i + 1]; + const readValue = () => { + if (!next) { + throw new Error(`Missing value for ${arg}`); + } + i += 1; + return next; + }; + switch (arg) { + case "--output-dir": + options.outputDir = path.resolve(readValue()); + break; + case "--window-ms": + options.windowMs = Number(readValue()); + break; + case "--sigkill-grace-ms": + options.sigkillGraceMs = Number(readValue()); + break; + case "--cpu-warn-ms": + options.cpuWarnMs = Number(readValue()); + break; + case "--cpu-fail-ms": + options.cpuFailMs = Number(readValue()); + break; + case "--dist-runtime-file-growth-max": + options.distRuntimeFileGrowthMax = Number(readValue()); + break; + case "--dist-runtime-byte-growth-max": + options.distRuntimeByteGrowthMax = Number(readValue()); + break; + case "--skip-build": + options.skipBuild = true; + break; + default: + throw new Error(`Unknown argument: ${arg}`); + } + } + return options; +} + +function ensureDir(dirPath) { + fs.mkdirSync(dirPath, { recursive: true }); +} + +function normalizePath(filePath) { + return filePath.replaceAll("\\", "/"); +} + +function listTreeEntries(rootName) { + const rootPath = path.join(process.cwd(), rootName); + if (!fs.existsSync(rootPath)) { + return [`${rootName} (missing)`]; + } + + const entries = [rootName]; + const queue = [rootPath]; + while (queue.length > 0) { + const current = queue.pop(); + if (!current) { + continue; + } + const dirents = fs.readdirSync(current, { withFileTypes: true }); + for (const dirent of dirents) { + const fullPath = path.join(current, dirent.name); + const relativePath = normalizePath(path.relative(process.cwd(), fullPath)); + entries.push(relativePath); + if (dirent.isDirectory()) { + queue.push(fullPath); + } + } + } + return entries.toSorted((a, b) => a.localeCompare(b)); +} + +function humanBytes(bytes) { + if (bytes < 1024) { + return `${bytes}B`; + } + if (bytes < 1024 * 1024) { + return `${(bytes / 1024).toFixed(1)}K`; + } + if (bytes < 1024 * 1024 * 1024) { + return `${(bytes / (1024 * 1024)).toFixed(1)}M`; + } + return `${(bytes / (1024 * 1024 * 1024)).toFixed(1)}G`; +} + +function snapshotTree(rootName) { + const rootPath = path.join(process.cwd(), rootName); + const stats = { + exists: fs.existsSync(rootPath), + files: 0, + directories: 0, + symlinks: 0, + entries: 0, + apparentBytes: 0, + }; + + if (!stats.exists) { + return stats; + } + + const queue = [rootPath]; + while (queue.length > 0) { + const current = queue.pop(); + if (!current) { + continue; + } + const currentStats = fs.lstatSync(current); + stats.entries += 1; + if (currentStats.isDirectory()) { + stats.directories += 1; + for (const dirent of fs.readdirSync(current, { withFileTypes: true })) { + queue.push(path.join(current, dirent.name)); + } + continue; + } + if (currentStats.isSymbolicLink()) { + stats.symlinks += 1; + continue; + } + if (currentStats.isFile()) { + stats.files += 1; + stats.apparentBytes += currentStats.size; + } + } + + return stats; +} + +function writeSnapshot(snapshotDir) { + ensureDir(snapshotDir); + const pathEntries = [...listTreeEntries("dist"), ...listTreeEntries("dist-runtime")]; + fs.writeFileSync(path.join(snapshotDir, "paths.txt"), `${pathEntries.join("\n")}\n`, "utf8"); + + const dist = snapshotTree("dist"); + const distRuntime = snapshotTree("dist-runtime"); + const snapshot = { + generatedAt: new Date().toISOString(), + dist, + distRuntime, + }; + fs.writeFileSync( + path.join(snapshotDir, "snapshot.json"), + `${JSON.stringify(snapshot, null, 2)}\n`, + ); + fs.writeFileSync( + path.join(snapshotDir, "stats.txt"), + [ + `generated_at: ${snapshot.generatedAt}`, + "", + "[dist]", + `files: ${dist.files}`, + `directories: ${dist.directories}`, + `symlinks: ${dist.symlinks}`, + `entries: ${dist.entries}`, + `apparent_bytes: ${dist.apparentBytes}`, + `apparent_human: ${humanBytes(dist.apparentBytes)}`, + "", + "[dist-runtime]", + `files: ${distRuntime.files}`, + `directories: ${distRuntime.directories}`, + `symlinks: ${distRuntime.symlinks}`, + `entries: ${distRuntime.entries}`, + `apparent_bytes: ${distRuntime.apparentBytes}`, + `apparent_human: ${humanBytes(distRuntime.apparentBytes)}`, + "", + ].join("\n"), + "utf8", + ); + return snapshot; +} + +function runCheckedCommand(command, args) { + const result = spawnSync(command, args, { + cwd: process.cwd(), + stdio: "inherit", + env: process.env, + }); + if (typeof result.status === "number" && result.status === 0) { + return; + } + throw new Error(`${command} ${args.join(" ")} failed with status ${result.status ?? "unknown"}`); +} + +function sleep(ms) { + return new Promise((resolve) => setTimeout(resolve, ms)); +} + +function buildTimedWatchCommand(pidFilePath, timeFilePath, isolatedHomeDir) { + const shellSource = [ + 'echo "$$" > "$OPENCLAW_WATCH_PID_FILE"', + "exec node scripts/watch-node.mjs gateway --force --allow-unconfigured", + ].join("\n"); + const env = { + OPENCLAW_WATCH_PID_FILE: pidFilePath, + HOME: isolatedHomeDir, + OPENCLAW_HOME: isolatedHomeDir, + }; + + if (process.platform === "darwin") { + return { + command: "/usr/bin/time", + args: ["-lp", "-o", timeFilePath, "/bin/sh", "-lc", shellSource], + env, + }; + } + + return { + command: "/usr/bin/time", + args: [ + "-f", + "__TIMING__ user=%U sys=%S elapsed=%e", + "-o", + timeFilePath, + "/bin/sh", + "-lc", + shellSource, + ], + env, + }; +} + +function parseTimingFile(timeFilePath) { + const text = fs.readFileSync(timeFilePath, "utf8"); + if (process.platform === "darwin") { + const user = Number(text.match(/^user\s+([0-9.]+)/m)?.[1] ?? "NaN"); + const sys = Number(text.match(/^sys\s+([0-9.]+)/m)?.[1] ?? "NaN"); + const elapsed = Number(text.match(/^real\s+([0-9.]+)/m)?.[1] ?? "NaN"); + return { + userSeconds: user, + sysSeconds: sys, + elapsedSeconds: elapsed, + }; + } + + const match = text.match(/__TIMING__ user=([0-9.]+) sys=([0-9.]+) elapsed=([0-9.]+)/); + return { + userSeconds: Number(match?.[1] ?? "NaN"), + sysSeconds: Number(match?.[2] ?? "NaN"), + elapsedSeconds: Number(match?.[3] ?? "NaN"), + }; +} + +async function runTimedWatch(options, outputDir) { + const pidFilePath = path.join(outputDir, "watch.pid"); + const timeFilePath = path.join(outputDir, "watch.time.log"); + const isolatedHomeDir = fs.mkdtempSync(path.join(os.tmpdir(), "openclaw-gateway-watch-")); + fs.writeFileSync(path.join(outputDir, "watch.home.txt"), `${isolatedHomeDir}\n`, "utf8"); + const stdoutPath = path.join(outputDir, "watch.stdout.log"); + const stderrPath = path.join(outputDir, "watch.stderr.log"); + const { command, args, env } = buildTimedWatchCommand(pidFilePath, timeFilePath, isolatedHomeDir); + const child = spawn(command, args, { + cwd: process.cwd(), + env: { ...process.env, ...env }, + stdio: ["ignore", "pipe", "pipe"], + }); + + let stdout = ""; + let stderr = ""; + child.stdout?.on("data", (chunk) => { + stdout += String(chunk); + }); + child.stderr?.on("data", (chunk) => { + stderr += String(chunk); + }); + + const exitPromise = new Promise((resolve) => { + child.on("exit", (code, signal) => resolve({ code, signal })); + }); + + let watchPid = null; + for (let attempt = 0; attempt < 50; attempt += 1) { + if (fs.existsSync(pidFilePath)) { + watchPid = Number(fs.readFileSync(pidFilePath, "utf8").trim()); + break; + } + await sleep(100); + } + + await sleep(options.windowMs); + + if (watchPid) { + try { + process.kill(watchPid, "SIGTERM"); + } catch { + // ignore + } + } + + const gracefulExit = await Promise.race([ + exitPromise, + sleep(options.sigkillGraceMs).then(() => null), + ]); + + if (gracefulExit === null) { + if (watchPid) { + try { + process.kill(watchPid, "SIGKILL"); + } catch { + // ignore + } + } + } + + const exit = (await exitPromise) ?? { code: null, signal: null }; + fs.writeFileSync(stdoutPath, stdout, "utf8"); + fs.writeFileSync(stderrPath, stderr, "utf8"); + const timing = fs.existsSync(timeFilePath) + ? parseTimingFile(timeFilePath) + : { userSeconds: Number.NaN, sysSeconds: Number.NaN, elapsedSeconds: Number.NaN }; + + return { + exit, + timing, + stdoutPath, + stderrPath, + timeFilePath, + }; +} + +function parsePathFile(filePath) { + return fs + .readFileSync(filePath, "utf8") + .split("\n") + .map((line) => line.trimEnd()) + .filter(Boolean); +} + +function writeDiffArtifacts(outputDir, preDir, postDir) { + const diffDir = path.join(outputDir, "diff"); + ensureDir(diffDir); + const prePaths = parsePathFile(path.join(preDir, "paths.txt")); + const postPaths = parsePathFile(path.join(postDir, "paths.txt")); + const preSet = new Set(prePaths); + const postSet = new Set(postPaths); + const added = postPaths.filter((entry) => !preSet.has(entry)); + const removed = prePaths.filter((entry) => !postSet.has(entry)); + + fs.writeFileSync(path.join(diffDir, "added-paths.txt"), `${added.join("\n")}\n`, "utf8"); + fs.writeFileSync(path.join(diffDir, "removed-paths.txt"), `${removed.join("\n")}\n`, "utf8"); + return { added, removed }; +} + +function fail(message) { + console.error(`FAIL: ${message}`); +} + +async function main() { + const options = parseArgs(process.argv.slice(2)); + ensureDir(options.outputDir); + if (!options.skipBuild) { + runCheckedCommand("pnpm", ["build"]); + } + + const preDir = path.join(options.outputDir, "pre"); + const pre = writeSnapshot(preDir); + + const watchDir = path.join(options.outputDir, "watch"); + ensureDir(watchDir); + const watchResult = await runTimedWatch(options, watchDir); + + const postDir = path.join(options.outputDir, "post"); + const post = writeSnapshot(postDir); + const diff = writeDiffArtifacts(options.outputDir, preDir, postDir); + + const distRuntimeFileGrowth = post.distRuntime.files - pre.distRuntime.files; + const distRuntimeByteGrowth = post.distRuntime.apparentBytes - pre.distRuntime.apparentBytes; + const distRuntimeAddedPaths = diff.added.filter((entry) => + entry.startsWith("dist-runtime/"), + ).length; + const cpuMs = Math.round((watchResult.timing.userSeconds + watchResult.timing.sysSeconds) * 1000); + const watchTriggeredBuild = + fs + .readFileSync(watchResult.stderrPath, "utf8") + .includes("Building TypeScript (dist is stale).") || + fs + .readFileSync(watchResult.stdoutPath, "utf8") + .includes("Building TypeScript (dist is stale)."); + + const summary = { + windowMs: options.windowMs, + watchTriggeredBuild, + cpuMs, + cpuWarnMs: options.cpuWarnMs, + cpuFailMs: options.cpuFailMs, + distRuntimeFileGrowth, + distRuntimeFileGrowthMax: options.distRuntimeFileGrowthMax, + distRuntimeByteGrowth, + distRuntimeByteGrowthMax: options.distRuntimeByteGrowthMax, + distRuntimeAddedPaths, + addedPaths: diff.added.length, + removedPaths: diff.removed.length, + watchExit: watchResult.exit, + timing: watchResult.timing, + }; + fs.writeFileSync( + path.join(options.outputDir, "summary.json"), + `${JSON.stringify(summary, null, 2)}\n`, + ); + + console.log(JSON.stringify(summary, null, 2)); + + const failures = []; + if (distRuntimeFileGrowth > options.distRuntimeFileGrowthMax) { + failures.push( + `dist-runtime file growth ${distRuntimeFileGrowth} exceeded max ${options.distRuntimeFileGrowthMax}`, + ); + } + if (distRuntimeByteGrowth > options.distRuntimeByteGrowthMax) { + failures.push( + `dist-runtime apparent byte growth ${distRuntimeByteGrowth} exceeded max ${options.distRuntimeByteGrowthMax}`, + ); + } + if (!Number.isFinite(cpuMs)) { + failures.push("failed to parse CPU timing from the bounded gateway:watch run"); + } else if (cpuMs > options.cpuFailMs) { + failures.push( + `LOUD ALARM: gateway:watch used ${cpuMs}ms CPU in ${options.windowMs}ms window, above loud-alarm threshold ${options.cpuFailMs}ms`, + ); + } else if (cpuMs > options.cpuWarnMs) { + failures.push( + `gateway:watch used ${cpuMs}ms CPU in ${options.windowMs}ms window, above target ${options.cpuWarnMs}ms`, + ); + } + + if (failures.length > 0) { + for (const message of failures) { + fail(message); + } + fail( + "Possible duplicate dist-runtime graph regression: this can reintroduce split runtime personalities where plugins and core observe different global state, including Telegram missing /voice, /phone, or /pair.", + ); + process.exit(1); + } + + process.exit(0); +} + +await main(); diff --git a/scripts/check-no-extension-test-core-imports.ts b/scripts/check-no-extension-test-core-imports.ts new file mode 100644 index 00000000000..01d6639df1e --- /dev/null +++ b/scripts/check-no-extension-test-core-imports.ts @@ -0,0 +1,98 @@ +import fs from "node:fs"; +import path from "node:path"; + +const FORBIDDEN_PATTERNS: Array<{ pattern: RegExp; hint: string }> = [ + { + pattern: /["']openclaw\/plugin-sdk["']/, + hint: "Use openclaw/plugin-sdk/ instead of the monolithic root entry.", + }, + { + pattern: /["']openclaw\/plugin-sdk\/test-utils["']/, + hint: "Use openclaw/plugin-sdk/testing for the public extension test seam.", + }, + { + pattern: /["']openclaw\/plugin-sdk\/compat["']/, + hint: "Use a focused public plugin-sdk subpath instead of compat.", + }, + { + pattern: /["'](?:\.\.\/)+(?:test-utils\/)[^"']+["']/, + hint: "Use test/helpers/extensions/* for repo-only bundled extension test helpers.", + }, + { + pattern: /["'](?:\.\.\/)+(?:src\/test-utils\/)[^"']+["']/, + hint: "Use test/helpers/extensions/* for repo-only helpers, or openclaw/plugin-sdk/testing for public seams.", + }, + { + pattern: /["'](?:\.\.\/)+(?:src\/plugins\/types\.js)["']/, + hint: "Use public plugin-sdk/core types or test/helpers/extensions/* instead.", + }, +]; + +function isExtensionTestFile(filePath: string): boolean { + return /\.test\.[cm]?[jt]sx?$/u.test(filePath) || /\.e2e\.test\.[cm]?[jt]sx?$/u.test(filePath); +} + +function collectExtensionTestFiles(rootDir: string): string[] { + const files: string[] = []; + const stack = [rootDir]; + while (stack.length > 0) { + const current = stack.pop(); + if (!current) { + continue; + } + let entries: fs.Dirent[] = []; + try { + entries = fs.readdirSync(current, { withFileTypes: true }); + } catch { + continue; + } + for (const entry of entries) { + const fullPath = path.join(current, entry.name); + if (entry.isDirectory()) { + if (entry.name === "node_modules" || entry.name === "dist" || entry.name === "coverage") { + continue; + } + stack.push(fullPath); + continue; + } + if (entry.isFile() && isExtensionTestFile(fullPath)) { + files.push(fullPath); + } + } + } + return files; +} + +function main() { + const extensionsDir = path.join(process.cwd(), "extensions"); + const files = collectExtensionTestFiles(extensionsDir); + const offenders: Array<{ file: string; hint: string }> = []; + + for (const file of files) { + const content = fs.readFileSync(file, "utf8"); + for (const rule of FORBIDDEN_PATTERNS) { + if (!rule.pattern.test(content)) { + continue; + } + offenders.push({ file, hint: rule.hint }); + break; + } + } + + if (offenders.length > 0) { + console.error( + "Extension test files must stay on extension test bridges or public plugin-sdk seams.", + ); + for (const offender of offenders.toSorted((a, b) => a.file.localeCompare(b.file))) { + const relative = path.relative(process.cwd(), offender.file) || offender.file; + console.error(`- ${relative}: ${offender.hint}`); + } + process.exit(1); + } + + console.log( + `OK: extension test files avoid direct core test/internal imports (${files.length} checked).`, + ); +} + +main(); diff --git a/scripts/check-no-monolithic-plugin-sdk-entry-imports.ts b/scripts/check-no-monolithic-plugin-sdk-entry-imports.ts index dacf30b5623..bc24087ace3 100644 --- a/scripts/check-no-monolithic-plugin-sdk-entry-imports.ts +++ b/scripts/check-no-monolithic-plugin-sdk-entry-imports.ts @@ -5,14 +5,14 @@ import { discoverOpenClawPlugins } from "../src/plugins/discovery.js"; // Match exact monolithic-root specifier in any code path: // imports/exports, require/dynamic import, and test mocks (vi.mock/jest.mock). const ROOT_IMPORT_PATTERN = /["']openclaw\/plugin-sdk["']/; -const LEGACY_ROUTING_IMPORT_PATTERN = /["']openclaw\/plugin-sdk\/routing["']/; +const LEGACY_COMPAT_IMPORT_PATTERN = /["']openclaw\/plugin-sdk\/compat["']/; function hasMonolithicRootImport(content: string): boolean { return ROOT_IMPORT_PATTERN.test(content); } -function hasLegacyRoutingImport(content: string): boolean { - return LEGACY_ROUTING_IMPORT_PATTERN.test(content); +function hasLegacyCompatImport(content: string): boolean { + return LEGACY_COMPAT_IMPORT_PATTERN.test(content); } function isSourceFile(filePath: string): boolean { @@ -68,6 +68,27 @@ function collectSharedExtensionSourceFiles(): string[] { return collectPluginSourceFiles(path.join(process.cwd(), "extensions", "shared")); } +function collectBundledExtensionSourceFiles(): string[] { + const extensionsDir = path.join(process.cwd(), "extensions"); + let entries: fs.Dirent[] = []; + try { + entries = fs.readdirSync(extensionsDir, { withFileTypes: true }); + } catch { + return []; + } + + const files: string[] = []; + for (const entry of entries) { + if (!entry.isDirectory() || entry.name === "shared") { + continue; + } + for (const srcFile of collectPluginSourceFiles(path.join(extensionsDir, entry.name))) { + files.push(srcFile); + } + } + return files; +} + function main() { const discovery = discoverOpenClawPlugins({}); const bundledCandidates = discovery.candidates.filter((c) => c.origin === "bundled"); @@ -81,9 +102,12 @@ function main() { for (const sharedFile of collectSharedExtensionSourceFiles()) { filesToCheck.add(sharedFile); } + for (const extensionFile of collectBundledExtensionSourceFiles()) { + filesToCheck.add(extensionFile); + } const monolithicOffenders: string[] = []; - const legacyRoutingOffenders: string[] = []; + const legacyCompatOffenders: string[] = []; for (const entryFile of filesToCheck) { let content = ""; try { @@ -94,12 +118,12 @@ function main() { if (hasMonolithicRootImport(content)) { monolithicOffenders.push(entryFile); } - if (hasLegacyRoutingImport(content)) { - legacyRoutingOffenders.push(entryFile); + if (hasLegacyCompatImport(content)) { + legacyCompatOffenders.push(entryFile); } } - if (monolithicOffenders.length > 0 || legacyRoutingOffenders.length > 0) { + if (monolithicOffenders.length > 0 || legacyCompatOffenders.length > 0) { if (monolithicOffenders.length > 0) { console.error("Bundled plugin source files must not import monolithic openclaw/plugin-sdk."); for (const file of monolithicOffenders.toSorted()) { @@ -107,18 +131,18 @@ function main() { console.error(`- ${relative}`); } } - if (legacyRoutingOffenders.length > 0) { + if (legacyCompatOffenders.length > 0) { console.error( - "Bundled plugin source files must not import legacy openclaw/plugin-sdk/routing.", + "Bundled plugin source files must not import legacy openclaw/plugin-sdk/compat.", ); - for (const file of legacyRoutingOffenders.toSorted()) { + for (const file of legacyCompatOffenders.toSorted()) { const relative = path.relative(process.cwd(), file) || file; console.error(`- ${relative}`); } } - if (monolithicOffenders.length > 0 || legacyRoutingOffenders.length > 0) { + if (monolithicOffenders.length > 0 || legacyCompatOffenders.length > 0) { console.error( - "Use openclaw/plugin-sdk/ for channel plugins, /core for shared routing and startup surfaces, or /compat for broader internals.", + "Use openclaw/plugin-sdk/ or openclaw/plugin-sdk/ subpaths for bundled plugins; root and compat are legacy surfaces only.", ); } process.exit(1); diff --git a/scripts/docker/cleanup-smoke/Dockerfile b/scripts/docker/cleanup-smoke/Dockerfile index 07a2334aa41..f214ffbabf4 100644 --- a/scripts/docker/cleanup-smoke/Dockerfile +++ b/scripts/docker/cleanup-smoke/Dockerfile @@ -2,6 +2,8 @@ FROM node:24-bookworm-slim@sha256:b4687aef2571c632a1953695ce4d61d6462a7eda471fe6e272eebf0418f276ba +ENV COREPACK_ENABLE_DOWNLOAD_PROMPT=0 + RUN --mount=type=cache,id=openclaw-cleanup-smoke-apt-cache,target=/var/cache/apt,sharing=locked \ --mount=type=cache,id=openclaw-cleanup-smoke-apt-lists,target=/var/lib/apt,sharing=locked \ apt-get update \ diff --git a/scripts/docs-i18n/util_test.go b/scripts/docs-i18n/util_test.go index 77b5ca82a73..30dcb14a07d 100644 --- a/scripts/docs-i18n/util_test.go +++ b/scripts/docs-i18n/util_test.go @@ -31,6 +31,15 @@ func TestDocsPiModelUsesProviderDefault(t *testing.T) { } } +func TestDocsPiModelKeepsOpenAIDefaultAtGPT54(t *testing.T) { + t.Setenv(envDocsI18nProvider, "openai") + t.Setenv(envDocsI18nModel, "") + + if got := docsPiModel(); got != defaultOpenAIModel { + t.Fatalf("expected OpenAI default model %q, got %q", defaultOpenAIModel, got) + } +} + func TestDocsPiModelPrefersExplicitOverride(t *testing.T) { t.Setenv(envDocsI18nProvider, "openai") t.Setenv(envDocsI18nModel, "gpt-5.2") diff --git a/scripts/e2e/Dockerfile b/scripts/e2e/Dockerfile index 4669e762c4a..2c23c9ef1b8 100644 --- a/scripts/e2e/Dockerfile +++ b/scripts/e2e/Dockerfile @@ -20,7 +20,7 @@ WORKDIR /app COPY --chown=appuser:appuser package.json pnpm-lock.yaml pnpm-workspace.yaml ./ COPY --chown=appuser:appuser ui/package.json ./ui/package.json -COPY --chown=appuser:appuser extensions/memory-core/package.json ./extensions/memory-core/package.json +COPY --chown=appuser:appuser extensions ./extensions COPY --chown=appuser:appuser patches ./patches RUN --mount=type=cache,id=openclaw-pnpm-store,target=/home/appuser/.local/share/pnpm/store,sharing=locked \ @@ -39,6 +39,9 @@ COPY --chown=appuser:appuser apps/shared/OpenClawKit/Sources/OpenClawKit/Resourc COPY --chown=appuser:appuser apps/shared/OpenClawKit/Tools/CanvasA2UI ./apps/shared/OpenClawKit/Tools/CanvasA2UI RUN pnpm build -RUN pnpm ui:build +# Onboard Docker E2E does not exercise the Control UI itself; it only needs the +# asset-existence check to pass so configure/onboard can continue. +RUN mkdir -p dist/control-ui \ + && printf '%s\n' 'OpenClaw Control UI' > dist/control-ui/index.html CMD ["bash"] diff --git a/scripts/e2e/doctor-install-switch-docker.sh b/scripts/e2e/doctor-install-switch-docker.sh index ca91619ef5a..4ca742a362b 100755 --- a/scripts/e2e/doctor-install-switch-docker.sh +++ b/scripts/e2e/doctor-install-switch-docker.sh @@ -75,7 +75,7 @@ LOGINCTL # Install the npm-global variant from the local /app source. # `npm pack` can emit script output; keep only the tarball name. - pkg_tgz="$(npm pack --silent /app | tail -n 1 | tr -d '\r')" + pkg_tgz="$(npm pack --ignore-scripts --silent /app | tail -n 1 | tr -d '\r')" if [ ! -f "/app/$pkg_tgz" ]; then echo "npm pack failed (expected /app/$pkg_tgz)" exit 1 diff --git a/scripts/e2e/onboard-docker.sh b/scripts/e2e/onboard-docker.sh index 49b08dcc2ca..70cbd6f0c51 100755 --- a/scripts/e2e/onboard-docker.sh +++ b/scripts/e2e/onboard-docker.sh @@ -74,8 +74,14 @@ TRASH try { text = fs.readFileSync(file, \"utf8\"); } catch { process.exit(1); } // Clack/script output can include lots of control sequences; keep a larger tail and strip ANSI more robustly. if (text.length > 120000) text = text.slice(-120000); - const stripAnsi = (value) => + const normalizeScriptOutput = (value) => value + // util-linux script can emit each byte on its own CRLF-delimited line. + // Collapse those first so ANSI/control stripping works on real sequences. + .replace(/\\r?\\n/g, \"\") + .replace(/\\r/g, \"\"); + const stripAnsi = (value) => + normalizeScriptOutput(value) // OSC: ESC ] ... BEL or ESC \\ .replace(/\\x1b\\][^\\x07]*(?:\\x07|\\x1b\\\\)/g, \"\") // CSI: ESC [ ... cmd @@ -269,23 +275,24 @@ TRASH } send_channels_flow() { - # Configure channels via configure wizard. - # Prompts are interactive; notes are not. Use conservative delays to stay in sync. - # Where will the Gateway run? -> Local (default) - send $'"'"'\r'"'"' 1.2 - # Channels mode -> Configure/link (default) - send $'"'"'\r'"'"' 1.5 + # Configure channels via configure wizard. Sync on prompt text so + # keystrokes do not drift into the wrong screen when render timing changes. + wait_for_log "Where will the Gateway run?" 120 + send $'"'"'\r'"'"' 0.6 + wait_for_log "Channels" 120 + send $'"'"'\r'"'"' 0.6 # Select a channel -> Finished (last option; clack wraps on Up) - send $'"'"'\e[A\r'"'"' 2.0 + wait_for_log "Select a channel" 120 + send $'"'"'\e[A\r'"'"' 0.8 # Keep stdin open until wizard exits. - send "" 2.5 + send "" 2.0 } send_skills_flow() { - # configure --section skills still runs the configure wizard; the first prompt is gateway location. - # Avoid log-based synchronization here; clack output can fragment ANSI sequences and break matching. - send $'"'"'\r'"'"' 3.0 - wait_for_log "Configure skills now?" 120 true || true + # configure --section skills still runs the configure wizard. + wait_for_log "Where will the Gateway run?" 120 + send $'"'"'\r'"'"' 0.6 + wait_for_log "Configure skills now?" 120 send $'"'"'n\r'"'"' 0.8 send "" 2.0 } diff --git a/scripts/e2e/parallels-linux-smoke.sh b/scripts/e2e/parallels-linux-smoke.sh index a3e3f96bb56..f857dddcf55 100644 --- a/scripts/e2e/parallels-linux-smoke.sh +++ b/scripts/e2e/parallels-linux-smoke.sh @@ -14,6 +14,9 @@ INSTALL_VERSION="" TARGET_PACKAGE_SPEC="" JSON_OUTPUT=0 KEEP_SERVER=0 +SNAPSHOT_ID="" +SNAPSHOT_STATE="" +SNAPSHOT_NAME="" MAIN_TGZ_DIR="$(mktemp -d)" MAIN_TGZ_PATH="" @@ -163,7 +166,7 @@ esac OPENAI_API_KEY_VALUE="${!OPENAI_API_KEY_ENV:-}" [[ -n "$OPENAI_API_KEY_VALUE" ]] || die "$OPENAI_API_KEY_ENV is required" -resolve_snapshot_id() { +resolve_snapshot_info() { local json hint json="$(prlctl snapshot-list "$VM_NAME" --json)" hint="$SNAPSHOT_HINT" @@ -171,28 +174,54 @@ resolve_snapshot_id() { import difflib import json import os +import re import sys payload = json.loads(os.environ["SNAPSHOT_JSON"]) hint = os.environ["SNAPSHOT_HINT"].strip().lower() best_id = None +best_meta = None best_score = -1.0 + +def aliases(name: str) -> list[str]: + values = [name] + for pattern in ( + r"^(.*)-poweroff$", + r"^(.*)-poweroff-\d{4}-\d{2}-\d{2}$", + ): + match = re.match(pattern, name) + if match: + values.append(match.group(1)) + return values + for snapshot_id, meta in payload.items(): name = str(meta.get("name", "")).strip() lowered = name.lower() score = 0.0 - if lowered == hint: - score = 10.0 - elif hint and hint in lowered: - score = 5.0 + len(hint) / max(len(lowered), 1) - else: - score = difflib.SequenceMatcher(None, hint, lowered).ratio() + for alias in aliases(lowered): + if alias == hint: + score = max(score, 10.0) + elif hint and hint in alias: + score = max(score, 5.0 + len(hint) / max(len(alias), 1)) + else: + score = max(score, difflib.SequenceMatcher(None, hint, alias).ratio()) + if str(meta.get("state", "")).lower() == "poweroff": + score += 0.5 if score > best_score: best_score = score best_id = snapshot_id + best_meta = meta if not best_id: sys.exit("no snapshot matched") -print(best_id) +print( + "\t".join( + [ + best_id, + str(best_meta.get("state", "")).strip(), + str(best_meta.get("name", "")).strip(), + ] + ) +) PY } @@ -251,10 +280,42 @@ guest_exec() { prlctl exec "$VM_NAME" "$@" } +wait_for_vm_status() { + local expected="$1" + local deadline status + deadline=$((SECONDS + TIMEOUT_SNAPSHOT_S)) + while (( SECONDS < deadline )); do + status="$(prlctl status "$VM_NAME" 2>/dev/null || true)" + if [[ "$status" == *" $expected" ]]; then + return 0 + fi + sleep 1 + done + return 1 +} + +wait_for_guest_ready() { + local deadline + deadline=$((SECONDS + TIMEOUT_SNAPSHOT_S)) + while (( SECONDS < deadline )); do + if guest_exec /bin/true >/dev/null 2>&1; then + return 0 + fi + sleep 2 + done + return 1 +} + restore_snapshot() { local snapshot_id="$1" say "Restore snapshot $SNAPSHOT_HINT ($snapshot_id)" prlctl snapshot-switch "$VM_NAME" --id "$snapshot_id" >/dev/null + if [[ "$SNAPSHOT_STATE" == "poweroff" ]]; then + wait_for_vm_status "stopped" || die "restored poweroff snapshot did not reach stopped state in $VM_NAME" + say "Start restored poweroff snapshot $SNAPSHOT_NAME" + prlctl start "$VM_NAME" >/dev/null + fi + wait_for_guest_ready || die "guest did not become ready in $VM_NAME" } bootstrap_guest() { @@ -585,13 +646,16 @@ run_upgrade_lane() { UPGRADE_AGENT_STATUS="pass" } -SNAPSHOT_ID="$(resolve_snapshot_id)" +IFS=$'\t' read -r SNAPSHOT_ID SNAPSHOT_STATE SNAPSHOT_NAME <<<"$(resolve_snapshot_info)" +[[ -n "$SNAPSHOT_ID" ]] || die "failed to resolve snapshot id" +[[ -n "$SNAPSHOT_NAME" ]] || SNAPSHOT_NAME="$SNAPSHOT_HINT" LATEST_VERSION="$(resolve_latest_version)" HOST_IP="$(resolve_host_ip)" HOST_PORT="$(resolve_host_port)" say "VM: $VM_NAME" say "Snapshot hint: $SNAPSHOT_HINT" +say "Resolved snapshot: $SNAPSHOT_NAME [$SNAPSHOT_STATE]" say "Latest npm version: $LATEST_VERSION" say "Current head: $(git rev-parse --short HEAD)" say "Run logs: $RUN_DIR" diff --git a/scripts/e2e/parallels-macos-smoke.sh b/scripts/e2e/parallels-macos-smoke.sh index fcdb940161f..5c95235f798 100644 --- a/scripts/e2e/parallels-macos-smoke.sh +++ b/scripts/e2e/parallels-macos-smoke.sh @@ -21,6 +21,9 @@ DISCORD_TOKEN_ENV="" DISCORD_TOKEN_VALUE="" DISCORD_GUILD_ID="" DISCORD_CHANNEL_ID="" +SNAPSHOT_ID="" +SNAPSHOT_STATE="" +SNAPSHOT_NAME="" GUEST_OPENCLAW_BIN="/opt/homebrew/bin/openclaw" GUEST_OPENCLAW_ENTRY="/opt/homebrew/lib/node_modules/openclaw/openclaw.mjs" GUEST_NODE_BIN="/opt/homebrew/bin/node" @@ -291,7 +294,7 @@ cleanup_discord_smoke_messages() { discord_delete_message_id_file "$RUN_DIR/upgrade.discord-host-message-id" } -resolve_snapshot_id() { +resolve_snapshot_info() { local json hint json="$(prlctl snapshot-list "$VM_NAME" --json)" hint="$SNAPSHOT_HINT" @@ -299,28 +302,54 @@ resolve_snapshot_id() { import difflib import json import os +import re import sys payload = json.loads(os.environ["SNAPSHOT_JSON"]) hint = os.environ["SNAPSHOT_HINT"].strip().lower() best_id = None +best_meta = None best_score = -1.0 + +def aliases(name: str) -> list[str]: + values = [name] + for pattern in ( + r"^(.*)-poweroff$", + r"^(.*)-poweroff-\d{4}-\d{2}-\d{2}$", + ): + match = re.match(pattern, name) + if match: + values.append(match.group(1)) + return values + for snapshot_id, meta in payload.items(): name = str(meta.get("name", "")).strip() lowered = name.lower() score = 0.0 - if lowered == hint: - score = 10.0 - elif hint and hint in lowered: - score = 5.0 + len(hint) / max(len(lowered), 1) - else: - score = difflib.SequenceMatcher(None, hint, lowered).ratio() + for alias in aliases(lowered): + if alias == hint: + score = max(score, 10.0) + elif hint and hint in alias: + score = max(score, 5.0 + len(hint) / max(len(alias), 1)) + else: + score = max(score, difflib.SequenceMatcher(None, hint, alias).ratio()) + if str(meta.get("state", "")).lower() == "poweroff": + score += 0.5 if score > best_score: best_score = score best_id = snapshot_id + best_meta = meta if not best_id: sys.exit("no snapshot matched") -print(best_id) +print( + "\t".join( + [ + best_id, + str(best_meta.get("state", "")).strip(), + str(best_meta.get("name", "")).strip(), + ] + ) +) PY } @@ -377,6 +406,20 @@ resolve_host_port() { printf '%s\n' "$HOST_PORT" } +wait_for_vm_status() { + local expected="$1" + local deadline status + deadline=$((SECONDS + TIMEOUT_SNAPSHOT_S)) + while (( SECONDS < deadline )); do + status="$(prlctl status "$VM_NAME" 2>/dev/null || true)" + if [[ "$status" == *" $expected" ]]; then + return 0 + fi + sleep 1 + done + return 1 +} + wait_for_current_user() { local deadline deadline=$((SECONDS + TIMEOUT_SNAPSHOT_S)) @@ -458,6 +501,11 @@ restore_snapshot() { local snapshot_id="$1" say "Restore snapshot $SNAPSHOT_HINT ($snapshot_id)" prlctl snapshot-switch "$VM_NAME" --id "$snapshot_id" >/dev/null + if [[ "$SNAPSHOT_STATE" == "poweroff" ]]; then + wait_for_vm_status "stopped" || die "restored poweroff snapshot did not reach stopped state in $VM_NAME" + say "Start restored poweroff snapshot $SNAPSHOT_NAME" + prlctl start "$VM_NAME" >/dev/null + fi wait_for_current_user || die "desktop user did not become ready in $VM_NAME" } @@ -1017,13 +1065,16 @@ FRESH_MAIN_STATUS="skip" UPGRADE_STATUS="skip" UPGRADE_PRECHECK_STATUS="skip" -SNAPSHOT_ID="$(resolve_snapshot_id)" +IFS=$'\t' read -r SNAPSHOT_ID SNAPSHOT_STATE SNAPSHOT_NAME <<<"$(resolve_snapshot_info)" +[[ -n "$SNAPSHOT_ID" ]] || die "failed to resolve snapshot id" +[[ -n "$SNAPSHOT_NAME" ]] || SNAPSHOT_NAME="$SNAPSHOT_HINT" LATEST_VERSION="$(resolve_latest_version)" HOST_IP="$(resolve_host_ip)" HOST_PORT="$(resolve_host_port)" say "VM: $VM_NAME" say "Snapshot hint: $SNAPSHOT_HINT" +say "Resolved snapshot: $SNAPSHOT_NAME [$SNAPSHOT_STATE]" say "Latest npm version: $LATEST_VERSION" say "Current head: $(git rev-parse --short HEAD)" if discord_smoke_enabled; then diff --git a/scripts/e2e/parallels-windows-smoke.sh b/scripts/e2e/parallels-windows-smoke.sh index e7016d22062..615dae29fe1 100644 --- a/scripts/e2e/parallels-windows-smoke.sh +++ b/scripts/e2e/parallels-windows-smoke.sh @@ -15,6 +15,9 @@ TARGET_PACKAGE_SPEC="" JSON_OUTPUT=0 KEEP_SERVER=0 CHECK_LATEST_REF=1 +SNAPSHOT_ID="" +SNAPSHOT_STATE="" +SNAPSHOT_NAME="" MAIN_TGZ_DIR="$(mktemp -d)" MAIN_TGZ_PATH="" @@ -194,7 +197,7 @@ ps_array_literal() { printf '@(%s)' "$joined" } -resolve_snapshot_id() { +resolve_snapshot_info() { local json hint json="$(prlctl snapshot-list "$VM_NAME" --json)" hint="$SNAPSHOT_HINT" @@ -202,28 +205,54 @@ resolve_snapshot_id() { import difflib import json import os +import re import sys payload = json.loads(os.environ["SNAPSHOT_JSON"]) hint = os.environ["SNAPSHOT_HINT"].strip().lower() best_id = None +best_meta = None best_score = -1.0 + +def aliases(name: str) -> list[str]: + values = [name] + for pattern in ( + r"^(.*)-poweroff$", + r"^(.*)-poweroff-\d{4}-\d{2}-\d{2}$", + ): + match = re.match(pattern, name) + if match: + values.append(match.group(1)) + return values + for snapshot_id, meta in payload.items(): name = str(meta.get("name", "")).strip() lowered = name.lower() score = 0.0 - if lowered == hint: - score = 10.0 - elif hint and hint in lowered: - score = 5.0 + len(hint) / max(len(lowered), 1) - else: - score = difflib.SequenceMatcher(None, hint, lowered).ratio() + for alias in aliases(lowered): + if alias == hint: + score = max(score, 10.0) + elif hint and hint in alias: + score = max(score, 5.0 + len(hint) / max(len(alias), 1)) + else: + score = max(score, difflib.SequenceMatcher(None, hint, alias).ratio()) + if str(meta.get("state", "")).lower() == "poweroff": + score += 0.5 if score > best_score: best_score = score best_id = snapshot_id + best_meta = meta if not best_id: sys.exit("no snapshot matched") -print(best_id) +print( + "\t".join( + [ + best_id, + str(best_meta.get("state", "")).strip(), + str(best_meta.get("name", "")).strip(), + ] + ) +) PY } @@ -338,12 +367,31 @@ restore_snapshot() { local snapshot_id="$1" say "Restore snapshot $SNAPSHOT_HINT ($snapshot_id)" prlctl snapshot-switch "$VM_NAME" --id "$snapshot_id" >/dev/null + if [[ "$SNAPSHOT_STATE" == "poweroff" ]]; then + wait_for_vm_status "stopped" || die "restored poweroff snapshot did not reach stopped state in $VM_NAME" + say "Start restored poweroff snapshot $SNAPSHOT_NAME" + prlctl start "$VM_NAME" >/dev/null + fi } verify_windows_user_ready() { guest_exec cmd.exe /d /s /c "echo ready" } +wait_for_vm_status() { + local expected="$1" + local deadline status + deadline=$((SECONDS + TIMEOUT_SNAPSHOT_S)) + while (( SECONDS < deadline )); do + status="$(prlctl status "$VM_NAME" 2>/dev/null || true)" + if [[ "$status" == *" $expected" ]]; then + return 0 + fi + sleep 1 + done + return 1 +} + wait_for_guest_ready() { local deadline deadline=$((SECONDS + TIMEOUT_SNAPSHOT_S)) @@ -830,13 +878,16 @@ run_upgrade_lane() { UPGRADE_AGENT_STATUS="pass" } -SNAPSHOT_ID="$(resolve_snapshot_id)" +IFS=$'\t' read -r SNAPSHOT_ID SNAPSHOT_STATE SNAPSHOT_NAME <<<"$(resolve_snapshot_info)" +[[ -n "$SNAPSHOT_ID" ]] || die "failed to resolve snapshot id" +[[ -n "$SNAPSHOT_NAME" ]] || SNAPSHOT_NAME="$SNAPSHOT_HINT" LATEST_VERSION="$(resolve_latest_version)" HOST_IP="$(resolve_host_ip)" HOST_PORT="$(resolve_host_port)" say "VM: $VM_NAME" say "Snapshot hint: $SNAPSHOT_HINT" +say "Resolved snapshot: $SNAPSHOT_NAME [$SNAPSHOT_STATE]" say "Latest npm version: $LATEST_VERSION" say "Current head: $(git rev-parse --short HEAD)" say "Run logs: $RUN_DIR" diff --git a/scripts/e2e/plugins-docker.sh b/scripts/e2e/plugins-docker.sh index 587840ec93a..632d6924099 100755 --- a/scripts/e2e/plugins-docker.sh +++ b/scripts/e2e/plugins-docker.sh @@ -8,7 +8,7 @@ echo "Building Docker image..." docker build -t "$IMAGE_NAME" -f "$ROOT_DIR/scripts/e2e/Dockerfile" "$ROOT_DIR" echo "Running plugins Docker E2E..." -docker run --rm -i "$IMAGE_NAME" bash -s <<'EOF' +docker run --rm -e COREPACK_ENABLE_DOWNLOAD_PROMPT=0 -i "$IMAGE_NAME" bash -s <<'EOF' set -euo pipefail if [ -f dist/index.mjs ]; then diff --git a/scripts/lib/plugin-sdk-entrypoints.json b/scripts/lib/plugin-sdk-entrypoints.json index a6de3f4e24e..72de88ed3ca 100644 --- a/scripts/lib/plugin-sdk-entrypoints.json +++ b/scripts/lib/plugin-sdk-entrypoints.json @@ -7,12 +7,40 @@ "sandbox", "self-hosted-provider-setup", "routing", + "runtime", + "runtime-env", + "setup", + "setup-tools", + "config-runtime", + "reply-runtime", + "channel-runtime", + "infra-runtime", + "media-runtime", + "media-understanding-runtime", + "conversation-runtime", + "text-runtime", + "agent-runtime", + "speech-runtime", + "plugin-runtime", + "security-runtime", + "gateway-runtime", + "cli-runtime", + "hook-runtime", + "process-runtime", + "acp-runtime", + "zai", "telegram", + "telegram-core", "discord", + "discord-core", "slack", + "slack-core", "signal", + "signal-core", "imessage", + "imessage-core", "whatsapp", + "whatsapp-core", "line", "msteams", "acpx", @@ -26,6 +54,7 @@ "irc", "llm-task", "lobster", + "lazy-runtime", "matrix", "mattermost", "memory-core", @@ -38,6 +67,7 @@ "qwen-portal-auth", "synology-chat", "talk-voice", + "testing", "test-utils", "thread-ownership", "tlon", @@ -46,5 +76,34 @@ "zalo", "zalouser", "account-id", - "keyed-async-queue" + "account-resolution", + "allow-from", + "allowlist-resolution", + "allowlist-config-edit", + "boolean-param", + "channel-config-helpers", + "channel-config-schema", + "channel-lifecycle", + "channel-policy", + "group-access", + "directory-runtime", + "json-store", + "keyed-async-queue", + "provider-auth", + "provider-catalog", + "provider-models", + "provider-onboard", + "provider-stream", + "provider-usage", + "provider-web-search", + "image-generation", + "reply-history", + "media-understanding", + "google", + "request-url", + "runtime-store", + "web-media", + "speech", + "state-paths", + "tool-send" ] diff --git a/scripts/release-check.ts b/scripts/release-check.ts index 9b67303b4a6..fba6d197357 100755 --- a/scripts/release-check.ts +++ b/scripts/release-check.ts @@ -341,31 +341,47 @@ const requiredPluginSdkExports = [ "DEFAULT_GROUP_HISTORY_LIMIT", ]; -function checkPluginSdkExports() { - const distPath = resolve("dist", "plugin-sdk", "index.js"); - let content: string; +async function collectDistPluginSdkExports(): Promise> { + const pluginSdkDir = resolve("dist", "plugin-sdk"); + let entries: string[]; try { - content = readFileSync(distPath, "utf8"); + entries = readdirSync(pluginSdkDir) + .filter((entry) => entry.endsWith(".js")) + .toSorted(); } catch { - console.error("release-check: dist/plugin-sdk/index.js not found (build missing?)."); + console.error("release-check: dist/plugin-sdk directory not found (build missing?)."); process.exit(1); - return; + return new Set(); } - const exportMatch = content.match(/export\s*\{([^}]+)\}\s*;?\s*$/); - if (!exportMatch) { - console.error("release-check: could not find export statement in dist/plugin-sdk/index.js."); - process.exit(1); - return; + const exportedNames = new Set(); + for (const entry of entries) { + const content = readFileSync(join(pluginSdkDir, entry), "utf8"); + for (const match of content.matchAll(/export\s*\{([^}]+)\}(?:\s*from\s*["'][^"']+["'])?/g)) { + const names = match[1]?.split(",") ?? []; + for (const name of names) { + const parts = name.trim().split(/\s+as\s+/); + const exportName = (parts[parts.length - 1] || "").trim(); + if (exportName) { + exportedNames.add(exportName); + } + } + } + for (const match of content.matchAll( + /export\s+(?:const|function|class|let|var)\s+([A-Za-z0-9_$]+)/g, + )) { + const exportName = match[1]?.trim(); + if (exportName) { + exportedNames.add(exportName); + } + } } - const exportedNames = new Set( - exportMatch[1].split(",").map((s) => { - const parts = s.trim().split(/\s+as\s+/); - return (parts[parts.length - 1] || "").trim(); - }), - ); + return exportedNames; +} +async function checkPluginSdkExports() { + const exportedNames = await collectDistPluginSdkExports(); const missingExports = requiredPluginSdkExports.filter((name) => !exportedNames.has(name)); if (missingExports.length > 0) { console.error("release-check: missing critical plugin-sdk exports (#27569):"); @@ -376,10 +392,10 @@ function checkPluginSdkExports() { } } -function main() { +async function main() { checkPluginVersions(); checkAppcastSparkleVersions(); - checkPluginSdkExports(); + await checkPluginSdkExports(); checkBundledExtensionRootDependencyMirrors(); const results = runPackDry(); @@ -423,5 +439,8 @@ function main() { } if (import.meta.url === pathToFileURL(process.argv[1] ?? "").href) { - main(); + void main().catch((error: unknown) => { + console.error(error); + process.exit(1); + }); } diff --git a/scripts/stage-bundled-plugin-runtime.mjs b/scripts/stage-bundled-plugin-runtime.mjs index 134c76699c9..d6585d3191a 100644 --- a/scripts/stage-bundled-plugin-runtime.mjs +++ b/scripts/stage-bundled-plugin-runtime.mjs @@ -3,57 +3,86 @@ import path from "node:path"; import { pathToFileURL } from "node:url"; import { removePathIfExists } from "./runtime-postbuild-shared.mjs"; -function linkOrCopyFile(sourcePath, targetPath) { - try { - fs.linkSync(sourcePath, targetPath); - } catch (error) { - if (error && typeof error === "object" && "code" in error) { - const code = error.code; - if (code === "EXDEV" || code === "EPERM" || code === "EMLINK") { - fs.copyFileSync(sourcePath, targetPath); - return; - } - } - throw error; - } +function symlinkType() { + return process.platform === "win32" ? "junction" : "dir"; } -function mirrorTreeWithHardlinks(sourceRoot, targetRoot) { - fs.mkdirSync(targetRoot, { recursive: true }); - const queue = [{ sourceDir: sourceRoot, targetDir: targetRoot }]; +function relativeSymlinkTarget(sourcePath, targetPath) { + const relativeTarget = path.relative(path.dirname(targetPath), sourcePath); + return relativeTarget || "."; +} - while (queue.length > 0) { - const current = queue.pop(); - if (!current) { +function symlinkPath(sourcePath, targetPath, type) { + fs.symlinkSync(relativeSymlinkTarget(sourcePath, targetPath), targetPath, type); +} + +function shouldWrapRuntimeJsFile(sourcePath) { + return path.extname(sourcePath) === ".js"; +} + +function shouldCopyRuntimeFile(sourcePath) { + const relativePath = sourcePath.replace(/\\/g, "/"); + return ( + relativePath.endsWith("/package.json") || + relativePath.endsWith("/openclaw.plugin.json") || + relativePath.endsWith("/.codex-plugin/plugin.json") || + relativePath.endsWith("/.claude-plugin/plugin.json") || + relativePath.endsWith("/.cursor-plugin/plugin.json") + ); +} + +function writeRuntimeModuleWrapper(sourcePath, targetPath) { + const specifier = relativeSymlinkTarget(sourcePath, targetPath).replace(/\\/g, "/"); + const normalizedSpecifier = specifier.startsWith(".") ? specifier : `./${specifier}`; + fs.writeFileSync( + targetPath, + [ + `export * from ${JSON.stringify(normalizedSpecifier)};`, + `import * as module from ${JSON.stringify(normalizedSpecifier)};`, + "export default module.default;", + "", + ].join("\n"), + "utf8", + ); +} + +function stagePluginRuntimeOverlay(sourceDir, targetDir) { + fs.mkdirSync(targetDir, { recursive: true }); + + for (const dirent of fs.readdirSync(sourceDir, { withFileTypes: true })) { + if (dirent.name === "node_modules") { continue; } - for (const dirent of fs.readdirSync(current.sourceDir, { withFileTypes: true })) { - const sourcePath = path.join(current.sourceDir, dirent.name); - const targetPath = path.join(current.targetDir, dirent.name); + const sourcePath = path.join(sourceDir, dirent.name); + const targetPath = path.join(targetDir, dirent.name); - if (dirent.isDirectory()) { - fs.mkdirSync(targetPath, { recursive: true }); - queue.push({ sourceDir: sourcePath, targetDir: targetPath }); - continue; - } - - if (dirent.isSymbolicLink()) { - fs.symlinkSync(fs.readlinkSync(sourcePath), targetPath); - continue; - } - - if (!dirent.isFile()) { - continue; - } - - linkOrCopyFile(sourcePath, targetPath); + if (dirent.isDirectory()) { + stagePluginRuntimeOverlay(sourcePath, targetPath); + continue; } - } -} -function symlinkType() { - return process.platform === "win32" ? "junction" : "dir"; + if (dirent.isSymbolicLink()) { + fs.symlinkSync(fs.readlinkSync(sourcePath), targetPath); + continue; + } + + if (!dirent.isFile()) { + continue; + } + + if (shouldWrapRuntimeJsFile(sourcePath)) { + writeRuntimeModuleWrapper(sourcePath, targetPath); + continue; + } + + if (shouldCopyRuntimeFile(sourcePath)) { + fs.copyFileSync(sourcePath, targetPath); + continue; + } + + symlinkPath(sourcePath, targetPath); + } } function linkPluginNodeModules(params) { @@ -79,15 +108,17 @@ export function stageBundledPluginRuntime(params = {}) { } removePathIfExists(runtimeRoot); - mirrorTreeWithHardlinks(distRoot, runtimeRoot); + fs.mkdirSync(runtimeExtensionsRoot, { recursive: true }); for (const dirent of fs.readdirSync(distExtensionsRoot, { withFileTypes: true })) { if (!dirent.isDirectory()) { continue; } + const distPluginDir = path.join(distExtensionsRoot, dirent.name); const runtimePluginDir = path.join(runtimeExtensionsRoot, dirent.name); const sourcePluginNodeModulesDir = path.join(sourceExtensionsRoot, dirent.name, "node_modules"); + stagePluginRuntimeOverlay(distPluginDir, runtimePluginDir); linkPluginNodeModules({ runtimePluginDir, sourcePluginNodeModulesDir, diff --git a/scripts/test-extension.mjs b/scripts/test-extension.mjs index 84fd91b0436..6442556c778 100644 --- a/scripts/test-extension.mjs +++ b/scripts/test-extension.mjs @@ -65,6 +65,20 @@ function hasExtensionPackage(extensionId) { return fs.existsSync(path.join(repoRoot, "extensions", extensionId, "package.json")); } +export function listAvailableExtensionIds() { + const extensionsDir = path.join(repoRoot, "extensions"); + if (!fs.existsSync(extensionsDir)) { + return []; + } + + return fs + .readdirSync(extensionsDir, { withFileTypes: true }) + .filter((entry) => entry.isDirectory()) + .map((entry) => entry.name) + .filter((extensionId) => hasExtensionPackage(extensionId)) + .toSorted((left, right) => left.localeCompare(right)); +} + export function detectChangedExtensionIds(changedPaths) { const extensionIds = new Set(); @@ -76,7 +90,10 @@ export function detectChangedExtensionIds(changedPaths) { const extensionMatch = relativePath.match(/^extensions\/([^/]+)(?:\/|$)/); if (extensionMatch) { - extensionIds.add(extensionMatch[1]); + const extensionId = extensionMatch[1]; + if (hasExtensionPackage(extensionId)) { + extensionIds.add(extensionId); + } continue; } @@ -164,6 +181,7 @@ export function resolveExtensionTestPlan(params = {}) { function printUsage() { console.error("Usage: pnpm test:extension [vitest args...]"); console.error(" node scripts/test-extension.mjs [extension-name|path] [vitest args...]"); + console.error(" node scripts/test-extension.mjs --list"); console.error( " node scripts/test-extension.mjs --list-changed --base [--head ]", ); @@ -173,9 +191,15 @@ async function run() { const rawArgs = process.argv.slice(2); const dryRun = rawArgs.includes("--dry-run"); const json = rawArgs.includes("--json"); + const list = rawArgs.includes("--list"); const listChanged = rawArgs.includes("--list-changed"); const args = rawArgs.filter( - (arg) => arg !== "--" && arg !== "--dry-run" && arg !== "--json" && arg !== "--list-changed", + (arg) => + arg !== "--" && + arg !== "--dry-run" && + arg !== "--json" && + arg !== "--list" && + arg !== "--list-changed", ); let base = ""; @@ -201,6 +225,18 @@ async function run() { passthroughArgs.push(...args); } + if (list) { + const extensionIds = listAvailableExtensionIds(); + if (json) { + process.stdout.write(`${JSON.stringify({ extensionIds }, null, 2)}\n`); + } else { + for (const extensionId of extensionIds) { + console.log(extensionId); + } + } + return; + } + if (listChanged) { let extensionIds; try { @@ -236,7 +272,9 @@ async function run() { } if (plan.testFiles.length === 0) { - console.error(`No tests found for ${plan.extensionDir}.`); + console.error( + `No tests found for ${plan.extensionDir}. Run "pnpm test:extension ${plan.extensionId} -- --dry-run" to inspect the resolved roots.`, + ); process.exit(1); } diff --git a/scripts/test-live-gateway-models-docker.sh b/scripts/test-live-gateway-models-docker.sh index f40e064910b..a3e1036171f 100755 --- a/scripts/test-live-gateway-models-docker.sh +++ b/scripts/test-live-gateway-models-docker.sh @@ -17,13 +17,20 @@ EXTERNAL_AUTH_MOUNTS=() for auth_dir in .claude .codex .minimax .qwen; do host_path="$HOME/$auth_dir" if [[ -d "$host_path" ]]; then - EXTERNAL_AUTH_MOUNTS+=(-v "$host_path":/home/node/"$auth_dir":ro) + EXTERNAL_AUTH_MOUNTS+=(-v "$host_path":/host-auth/"$auth_dir":ro) fi done read -r -d '' LIVE_TEST_CMD <<'EOF' || true set -euo pipefail [ -f "$HOME/.profile" ] && source "$HOME/.profile" || true +for auth_dir in .claude .codex .minimax .qwen; do + if [ -d "/host-auth/$auth_dir" ]; then + mkdir -p "$HOME/$auth_dir" + cp -R "/host-auth/$auth_dir/." "$HOME/$auth_dir" + chmod -R u+rwX "$HOME/$auth_dir" || true + fi +done tmp_dir="$(mktemp -d)" cleanup() { rm -rf "$tmp_dir" diff --git a/scripts/test-live-models-docker.sh b/scripts/test-live-models-docker.sh index 52257cd3230..c1cec5b2740 100755 --- a/scripts/test-live-models-docker.sh +++ b/scripts/test-live-models-docker.sh @@ -17,13 +17,20 @@ EXTERNAL_AUTH_MOUNTS=() for auth_dir in .claude .codex .minimax .qwen; do host_path="$HOME/$auth_dir" if [[ -d "$host_path" ]]; then - EXTERNAL_AUTH_MOUNTS+=(-v "$host_path":/home/node/"$auth_dir":ro) + EXTERNAL_AUTH_MOUNTS+=(-v "$host_path":/host-auth/"$auth_dir":ro) fi done read -r -d '' LIVE_TEST_CMD <<'EOF' || true set -euo pipefail [ -f "$HOME/.profile" ] && source "$HOME/.profile" || true +for auth_dir in .claude .codex .minimax .qwen; do + if [ -d "/host-auth/$auth_dir" ]; then + mkdir -p "$HOME/$auth_dir" + cp -R "/host-auth/$auth_dir/." "$HOME/$auth_dir" + chmod -R u+rwX "$HOME/$auth_dir" || true + fi +done tmp_dir="$(mktemp -d)" cleanup() { rm -rf "$tmp_dir" @@ -57,6 +64,9 @@ docker run --rm -t \ -e OPENCLAW_LIVE_MAX_MODELS="${OPENCLAW_LIVE_MAX_MODELS:-${CLAWDBOT_LIVE_MAX_MODELS:-48}}" \ -e OPENCLAW_LIVE_MODEL_TIMEOUT_MS="${OPENCLAW_LIVE_MODEL_TIMEOUT_MS:-${CLAWDBOT_LIVE_MODEL_TIMEOUT_MS:-}}" \ -e OPENCLAW_LIVE_REQUIRE_PROFILE_KEYS="${OPENCLAW_LIVE_REQUIRE_PROFILE_KEYS:-${CLAWDBOT_LIVE_REQUIRE_PROFILE_KEYS:-}}" \ + -e OPENCLAW_LIVE_GATEWAY_MODELS="${OPENCLAW_LIVE_GATEWAY_MODELS:-${CLAWDBOT_LIVE_GATEWAY_MODELS:-}}" \ + -e OPENCLAW_LIVE_GATEWAY_PROVIDERS="${OPENCLAW_LIVE_GATEWAY_PROVIDERS:-${CLAWDBOT_LIVE_GATEWAY_PROVIDERS:-}}" \ + -e OPENCLAW_LIVE_GATEWAY_MAX_MODELS="${OPENCLAW_LIVE_GATEWAY_MAX_MODELS:-${CLAWDBOT_LIVE_GATEWAY_MAX_MODELS:-}}" \ -v "$ROOT_DIR":/src:ro \ -v "$CONFIG_DIR":/home/node/.openclaw \ -v "$WORKSPACE_DIR":/home/node/.openclaw/workspace \ diff --git a/scripts/test-parallel.mjs b/scripts/test-parallel.mjs index 76a0be3b466..dd933b4e4ae 100644 --- a/scripts/test-parallel.mjs +++ b/scripts/test-parallel.mjs @@ -93,6 +93,19 @@ const unitIsolatedFilesRaw = [ "src/infra/git-commit.test.ts", ]; const unitIsolatedFiles = unitIsolatedFilesRaw.filter((file) => fs.existsSync(file)); +const unitSingletonIsolatedFilesRaw = []; +const unitSingletonIsolatedFiles = unitSingletonIsolatedFilesRaw.filter((file) => + fs.existsSync(file), +); +const unitVmForkSingletonFilesRaw = [ + "src/channels/plugins/contracts/inbound.telegram.contract.test.ts", +]; +const unitVmForkSingletonFiles = unitVmForkSingletonFilesRaw.filter((file) => fs.existsSync(file)); +const groupedUnitIsolatedFiles = unitIsolatedFiles.filter( + (file) => !unitSingletonIsolatedFiles.includes(file), +); +const channelSingletonFilesRaw = []; +const channelSingletonFiles = channelSingletonFilesRaw.filter((file) => fs.existsSync(file)); const children = new Set(); const isCI = process.env.CI === "true" || process.env.GITHUB_ACTIONS === "true"; @@ -139,20 +152,55 @@ const runs = [ "vitest.unit.config.ts", `--pool=${useVmForks ? "vmForks" : "forks"}`, ...(disableIsolation ? ["--isolate=false"] : []), - ...unitIsolatedFiles.flatMap((file) => ["--exclude", file]), + ...[ + ...unitIsolatedFiles, + ...unitSingletonIsolatedFiles, + ...unitVmForkSingletonFiles, + ].flatMap((file) => ["--exclude", file]), ], }, - { - name: "unit-isolated", + ...(groupedUnitIsolatedFiles.length > 0 + ? [ + { + name: "unit-isolated", + args: [ + "vitest", + "run", + "--config", + "vitest.unit.config.ts", + "--pool=forks", + ...groupedUnitIsolatedFiles, + ], + }, + ] + : []), + ...unitSingletonIsolatedFiles.map((file) => ({ + name: `${path.basename(file, ".test.ts")}-isolated`, args: [ "vitest", "run", "--config", "vitest.unit.config.ts", - "--pool=forks", - ...unitIsolatedFiles, + `--pool=${useVmForks ? "vmForks" : "forks"}`, + file, ], - }, + })), + ...unitVmForkSingletonFiles.map((file) => ({ + name: `${path.basename(file, ".test.ts")}-vmforks`, + args: [ + "vitest", + "run", + "--config", + "vitest.unit.config.ts", + `--pool=${useVmForks ? "vmForks" : "forks"}`, + ...(disableIsolation ? ["--isolate=false"] : []), + file, + ], + })), + ...channelSingletonFiles.map((file) => ({ + name: `${path.basename(file, ".test.ts")}-channels-isolated`, + args: ["vitest", "run", "--config", "vitest.channels.config.ts", "--pool=forks", file], + })), ] : [ { @@ -380,9 +428,24 @@ const resolveFilterMatches = (fileFilter) => { } return allKnownTestFiles.filter((file) => file.includes(normalizedFilter)); }; +const isVmForkSingletonUnitFile = (fileFilter) => unitVmForkSingletonFiles.includes(fileFilter); const createTargetedEntry = (owner, isolated, filters) => { const name = isolated ? `${owner}-isolated` : owner; const forceForks = isolated; + if (owner === "unit-vmforks") { + return { + name, + args: [ + "vitest", + "run", + "--config", + "vitest.unit.config.ts", + `--pool=${useVmForks ? "vmForks" : "forks"}`, + ...(disableIsolation ? ["--isolate=false"] : []), + ...filters, + ], + }; + } if (owner === "unit") { return { name, @@ -460,16 +523,19 @@ const targetedEntries = (() => { const groups = passthroughFileFilters.reduce((acc, fileFilter) => { const matchedFiles = resolveFilterMatches(fileFilter); if (matchedFiles.length === 0) { - const target = inferTarget(normalizeRepoPath(fileFilter)); - const key = `${target.owner}:${target.isolated ? "isolated" : "default"}`; + const normalizedFile = normalizeRepoPath(fileFilter); + const target = inferTarget(normalizedFile); + const owner = isVmForkSingletonUnitFile(normalizedFile) ? "unit-vmforks" : target.owner; + const key = `${owner}:${target.isolated ? "isolated" : "default"}`; const files = acc.get(key) ?? []; - files.push(normalizeRepoPath(fileFilter)); + files.push(normalizedFile); acc.set(key, files); return acc; } for (const matchedFile of matchedFiles) { const target = inferTarget(matchedFile); - const key = `${target.owner}:${target.isolated ? "isolated" : "default"}`; + const owner = isVmForkSingletonUnitFile(matchedFile) ? "unit-vmforks" : target.owner; + const key = `${owner}:${target.isolated ? "isolated" : "default"}`; const files = acc.get(key) ?? []; files.push(matchedFile); acc.set(key, files); diff --git a/scripts/tsdown-build.mjs b/scripts/tsdown-build.mjs index 1c346b54a78..09978543bdd 100644 --- a/scripts/tsdown-build.mjs +++ b/scripts/tsdown-build.mjs @@ -4,15 +4,33 @@ import { spawnSync } from "node:child_process"; const logLevel = process.env.OPENCLAW_BUILD_VERBOSE ? "info" : "warn"; const extraArgs = process.argv.slice(2); +const INEFFECTIVE_DYNAMIC_IMPORT_RE = /\[INEFFECTIVE_DYNAMIC_IMPORT\]/; const result = spawnSync( "pnpm", ["exec", "tsdown", "--config-loader", "unrun", "--logLevel", logLevel, ...extraArgs], { - stdio: "inherit", + encoding: "utf8", + stdio: "pipe", shell: process.platform === "win32", }, ); +const stdout = result.stdout ?? ""; +const stderr = result.stderr ?? ""; +if (stdout) { + process.stdout.write(stdout); +} +if (stderr) { + process.stderr.write(stderr); +} + +if (result.status === 0 && INEFFECTIVE_DYNAMIC_IMPORT_RE.test(`${stdout}\n${stderr}`)) { + console.error( + "Build emitted [INEFFECTIVE_DYNAMIC_IMPORT]. Replace transparent runtime re-export facades with real runtime boundaries.", + ); + process.exit(1); +} + if (typeof result.status === "number") { process.exit(result.status); } diff --git a/src/acp/control-plane/manager.core.ts b/src/acp/control-plane/manager.core.ts index b15aa3bd72e..58f74b72918 100644 --- a/src/acp/control-plane/manager.core.ts +++ b/src/acp/control-plane/manager.core.ts @@ -603,137 +603,164 @@ export class AcpSessionManager { } await this.evictIdleRuntimeHandles({ cfg: input.cfg }); await this.withSessionActor(sessionKey, async () => { - const resolution = this.resolveSession({ - cfg: input.cfg, - sessionKey, - }); - const resolvedMeta = requireReadySessionMeta(resolution); - - const { - runtime, - handle: ensuredHandle, - meta: ensuredMeta, - } = await this.ensureRuntimeHandle({ - cfg: input.cfg, - sessionKey, - meta: resolvedMeta, - }); - let handle = ensuredHandle; - const meta = ensuredMeta; - await this.applyRuntimeControls({ - sessionKey, - runtime, - handle, - meta, - }); const turnStartedAt = Date.now(); const actorKey = normalizeActorKey(sessionKey); - - await this.setSessionState({ - cfg: input.cfg, - sessionKey, - state: "running", - clearLastError: true, - }); - - const internalAbortController = new AbortController(); - const onCallerAbort = () => { - internalAbortController.abort(); - }; - if (input.signal?.aborted) { - internalAbortController.abort(); - } else if (input.signal) { - input.signal.addEventListener("abort", onCallerAbort, { once: true }); - } - - const activeTurn: ActiveTurnState = { - runtime, - handle, - abortController: internalAbortController, - }; - this.activeTurnBySession.set(actorKey, activeTurn); - - let streamError: AcpRuntimeError | null = null; - try { - const combinedSignal = - input.signal && typeof AbortSignal.any === "function" - ? AbortSignal.any([input.signal, internalAbortController.signal]) - : internalAbortController.signal; - for await (const event of runtime.runTurn({ - handle, - text: input.text, - attachments: input.attachments, - mode: input.mode, - requestId: input.requestId, - signal: combinedSignal, - })) { - if (event.type === "error") { - streamError = new AcpRuntimeError( - normalizeAcpErrorCode(event.code), - event.message?.trim() || "ACP turn failed before completion.", - ); - } - if (input.onEvent) { - await input.onEvent(event); - } - } - if (streamError) { - throw streamError; - } - this.recordTurnCompletion({ - startedAt: turnStartedAt, - }); - await this.setSessionState({ + for (let attempt = 0; attempt < 2; attempt += 1) { + const resolution = this.resolveSession({ cfg: input.cfg, sessionKey, - state: "idle", - clearLastError: true, }); - } catch (error) { - const acpError = toAcpRuntimeError({ - error, - fallbackCode: "ACP_TURN_FAILED", - fallbackMessage: "ACP turn failed before completion.", - }); - this.recordTurnCompletion({ - startedAt: turnStartedAt, - errorCode: acpError.code, - }); - await this.setSessionState({ - cfg: input.cfg, - sessionKey, - state: "error", - lastError: acpError.message, - }); - throw acpError; - } finally { - if (input.signal) { - input.signal.removeEventListener("abort", onCallerAbort); - } - if (this.activeTurnBySession.get(actorKey) === activeTurn) { - this.activeTurnBySession.delete(actorKey); - } - if (meta.mode !== "oneshot") { - ({ handle } = await this.reconcileRuntimeSessionIdentifiers({ + const resolvedMeta = requireReadySessionMeta(resolution); + let runtime: AcpRuntime | undefined; + let handle: AcpRuntimeHandle | undefined; + let meta: SessionAcpMeta | undefined; + let activeTurn: ActiveTurnState | undefined; + let internalAbortController: AbortController | undefined; + let onCallerAbort: (() => void) | undefined; + let activeTurnStarted = false; + let sawTurnOutput = false; + let retryFreshHandle = false; + try { + const ensured = await this.ensureRuntimeHandle({ cfg: input.cfg, + sessionKey, + meta: resolvedMeta, + }); + runtime = ensured.runtime; + handle = ensured.handle; + meta = ensured.meta; + await this.applyRuntimeControls({ sessionKey, runtime, handle, meta, - failOnStatusError: false, - })); - } - if (meta.mode === "oneshot") { - try { - await runtime.close({ - handle, - reason: "oneshot-complete", - }); - } catch (error) { - logVerbose(`acp-manager: ACP oneshot close failed for ${sessionKey}: ${String(error)}`); - } finally { - this.clearCachedRuntimeState(sessionKey); + }); + + await this.setSessionState({ + cfg: input.cfg, + sessionKey, + state: "running", + clearLastError: true, + }); + + internalAbortController = new AbortController(); + onCallerAbort = () => { + internalAbortController?.abort(); + }; + if (input.signal?.aborted) { + internalAbortController.abort(); + } else if (input.signal) { + input.signal.addEventListener("abort", onCallerAbort, { once: true }); } + + activeTurn = { + runtime, + handle, + abortController: internalAbortController, + }; + this.activeTurnBySession.set(actorKey, activeTurn); + activeTurnStarted = true; + + let streamError: AcpRuntimeError | null = null; + const combinedSignal = + input.signal && typeof AbortSignal.any === "function" + ? AbortSignal.any([input.signal, internalAbortController.signal]) + : internalAbortController.signal; + for await (const event of runtime.runTurn({ + handle, + text: input.text, + attachments: input.attachments, + mode: input.mode, + requestId: input.requestId, + signal: combinedSignal, + })) { + if (event.type === "error") { + streamError = new AcpRuntimeError( + normalizeAcpErrorCode(event.code), + event.message?.trim() || "ACP turn failed before completion.", + ); + } else if (event.type === "text_delta" || event.type === "tool_call") { + sawTurnOutput = true; + } + if (input.onEvent) { + await input.onEvent(event); + } + } + if (streamError) { + throw streamError; + } + this.recordTurnCompletion({ + startedAt: turnStartedAt, + }); + await this.setSessionState({ + cfg: input.cfg, + sessionKey, + state: "idle", + clearLastError: true, + }); + return; + } catch (error) { + const acpError = toAcpRuntimeError({ + error, + fallbackCode: activeTurnStarted ? "ACP_TURN_FAILED" : "ACP_SESSION_INIT_FAILED", + fallbackMessage: activeTurnStarted + ? "ACP turn failed before completion." + : "Could not initialize ACP session runtime.", + }); + retryFreshHandle = this.shouldRetryTurnWithFreshHandle({ + attempt, + sessionKey, + error: acpError, + sawTurnOutput, + }); + if (retryFreshHandle) { + continue; + } + this.recordTurnCompletion({ + startedAt: turnStartedAt, + errorCode: acpError.code, + }); + await this.setSessionState({ + cfg: input.cfg, + sessionKey, + state: "error", + lastError: acpError.message, + }); + throw acpError; + } finally { + if (input.signal && onCallerAbort) { + input.signal.removeEventListener("abort", onCallerAbort); + } + if (activeTurn && this.activeTurnBySession.get(actorKey) === activeTurn) { + this.activeTurnBySession.delete(actorKey); + } + if (!retryFreshHandle && runtime && handle && meta && meta.mode !== "oneshot") { + ({ handle } = await this.reconcileRuntimeSessionIdentifiers({ + cfg: input.cfg, + sessionKey, + runtime, + handle, + meta, + failOnStatusError: false, + })); + } + if (!retryFreshHandle && runtime && handle && meta && meta.mode === "oneshot") { + try { + await runtime.close({ + handle, + reason: "oneshot-complete", + }); + } catch (error) { + logVerbose( + `acp-manager: ACP oneshot close failed for ${sessionKey}: ${String(error)}`, + ); + } finally { + this.clearCachedRuntimeState(sessionKey); + } + } + } + if (retryFreshHandle) { + continue; } } }); @@ -864,7 +891,9 @@ export class AcpSessionManager { }); if ( input.allowBackendUnavailable && - (acpError.code === "ACP_BACKEND_MISSING" || acpError.code === "ACP_BACKEND_UNAVAILABLE") + (acpError.code === "ACP_BACKEND_MISSING" || + acpError.code === "ACP_BACKEND_UNAVAILABLE" || + this.isRecoverableAcpxExitError(acpError.message)) ) { // Treat unavailable backends as terminal for this cached handle so it // cannot continue counting against maxConcurrentSessions. @@ -916,7 +945,17 @@ export class AcpSessionManager { const agentMatches = cached.agent === agent; const modeMatches = cached.mode === mode; const cwdMatches = (cached.cwd ?? "") === (cwd ?? ""); - if (backendMatches && agentMatches && modeMatches && cwdMatches) { + if ( + backendMatches && + agentMatches && + modeMatches && + cwdMatches && + (await this.isCachedRuntimeHandleReusable({ + sessionKey: params.sessionKey, + runtime: cached.runtime, + handle: cached.handle, + })) + ) { return { runtime: cached.runtime, handle: cached.handle, @@ -1020,6 +1059,49 @@ export class AcpSessionManager { }; } + private async isCachedRuntimeHandleReusable(params: { + sessionKey: string; + runtime: AcpRuntime; + handle: AcpRuntimeHandle; + }): Promise { + if (!params.runtime.getStatus) { + return true; + } + try { + const status = await params.runtime.getStatus({ + handle: params.handle, + }); + if (this.isRuntimeStatusUnavailable(status)) { + this.clearCachedRuntimeState(params.sessionKey); + logVerbose( + `acp-manager: evicting cached runtime handle for ${params.sessionKey} after unhealthy status probe: ${status.summary ?? "status unavailable"}`, + ); + return false; + } + return true; + } catch (error) { + this.clearCachedRuntimeState(params.sessionKey); + logVerbose( + `acp-manager: evicting cached runtime handle for ${params.sessionKey} after status probe failed: ${String(error)}`, + ); + return false; + } + } + + private isRuntimeStatusUnavailable(status: AcpRuntimeStatus | undefined): boolean { + if (!status) { + return false; + } + const detailsStatus = + typeof status.details?.status === "string" ? status.details.status.trim().toLowerCase() : ""; + if (detailsStatus === "dead" || detailsStatus === "no-session") { + return true; + } + const summaryMatch = status.summary?.match(/\bstatus=([^\s]+)/i); + const summaryStatus = summaryMatch?.[1]?.trim().toLowerCase() ?? ""; + return summaryStatus === "dead" || summaryStatus === "no-session"; + } + private async persistRuntimeOptions(params: { cfg: OpenClawConfig; sessionKey: string; @@ -1103,6 +1185,29 @@ export class AcpSessionManager { this.errorCountsByCode.set(normalized, (this.errorCountsByCode.get(normalized) ?? 0) + 1); } + private shouldRetryTurnWithFreshHandle(params: { + attempt: number; + sessionKey: string; + error: AcpRuntimeError; + sawTurnOutput: boolean; + }): boolean { + if (params.attempt > 0 || params.sawTurnOutput) { + return false; + } + if (!this.isRecoverableAcpxExitError(params.error.message)) { + return false; + } + this.clearCachedRuntimeState(params.sessionKey); + logVerbose( + `acp-manager: retrying ${params.sessionKey} with a fresh runtime handle after early turn failure: ${params.error.message}`, + ); + return true; + } + + private isRecoverableAcpxExitError(message: string): boolean { + return /^acpx exited with code \d+/i.test(message.trim()); + } + private async evictIdleRuntimeHandles(params: { cfg: OpenClawConfig }): Promise { const idleTtlMs = resolveRuntimeIdleTtlMs(params.cfg); if (idleTtlMs <= 0 || this.runtimeCache.size() === 0) { diff --git a/src/acp/control-plane/manager.test.ts b/src/acp/control-plane/manager.test.ts index 8152944834c..7229e34914d 100644 --- a/src/acp/control-plane/manager.test.ts +++ b/src/acp/control-plane/manager.test.ts @@ -1,7 +1,6 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; import type { OpenClawConfig } from "../../config/config.js"; import type { AcpSessionRuntimeOptions, SessionAcpMeta } from "../../config/sessions/types.js"; -import { AcpRuntimeError } from "../runtime/errors.js"; import type { AcpRuntime, AcpRuntimeCapabilities } from "../runtime/types.js"; const hoisted = vi.hoisted(() => { @@ -32,7 +31,8 @@ vi.mock("../runtime/registry.js", async (importOriginal) => { }; }); -const { AcpSessionManager } = await import("./manager.js"); +let AcpSessionManager: typeof import("./manager.js").AcpSessionManager; +let AcpRuntimeError: typeof import("../runtime/errors.js").AcpRuntimeError; const baseCfg = { acp: { @@ -146,7 +146,10 @@ function extractRuntimeOptionsFromUpserts(): Array { - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); + ({ AcpSessionManager } = await import("./manager.js")); + ({ AcpRuntimeError } = await import("../runtime/errors.js")); hoisted.listAcpSessionEntriesMock.mockReset().mockResolvedValue([]); hoisted.readAcpSessionEntryMock.mockReset(); hoisted.upsertAcpSessionMetaMock.mockReset().mockResolvedValue(null); @@ -351,6 +354,52 @@ describe("AcpSessionManager", () => { expect(runtimeState.runTurn).toHaveBeenCalledTimes(2); }); + it("re-ensures cached runtime handles when the backend reports the session is dead", async () => { + const runtimeState = createRuntime(); + runtimeState.getStatus + .mockResolvedValueOnce({ + summary: "status=alive", + details: { status: "alive" }, + }) + .mockResolvedValueOnce({ + summary: "status=dead", + details: { status: "dead" }, + }) + .mockResolvedValueOnce({ + summary: "status=alive", + details: { status: "alive" }, + }); + hoisted.requireAcpRuntimeBackendMock.mockReturnValue({ + id: "acpx", + runtime: runtimeState.runtime, + }); + hoisted.readAcpSessionEntryMock.mockReturnValue({ + sessionKey: "agent:codex:acp:session-1", + storeSessionKey: "agent:codex:acp:session-1", + acp: readySessionMeta(), + }); + + const manager = new AcpSessionManager(); + await manager.runTurn({ + cfg: baseCfg, + sessionKey: "agent:codex:acp:session-1", + text: "first", + mode: "prompt", + requestId: "r1", + }); + await manager.runTurn({ + cfg: baseCfg, + sessionKey: "agent:codex:acp:session-1", + text: "second", + mode: "prompt", + requestId: "r2", + }); + + expect(runtimeState.ensureSession).toHaveBeenCalledTimes(2); + expect(runtimeState.getStatus).toHaveBeenCalledTimes(3); + expect(runtimeState.runTurn).toHaveBeenCalledTimes(2); + }); + it("rehydrates runtime handles after a manager restart", async () => { const runtimeState = createRuntime(); hoisted.requireAcpRuntimeBackendMock.mockReturnValue({ @@ -528,6 +577,61 @@ describe("AcpSessionManager", () => { expect(runtimeState.ensureSession).toHaveBeenCalledTimes(2); }); + it("drops cached runtime handles when close sees a stale acpx process-exit error", async () => { + const runtimeState = createRuntime(); + runtimeState.close.mockRejectedValueOnce(new Error("acpx exited with code 1")); + hoisted.requireAcpRuntimeBackendMock.mockReturnValue({ + id: "acpx", + runtime: runtimeState.runtime, + }); + hoisted.readAcpSessionEntryMock.mockImplementation((paramsUnknown: unknown) => { + const sessionKey = (paramsUnknown as { sessionKey?: string }).sessionKey ?? ""; + return { + sessionKey, + storeSessionKey: sessionKey, + acp: { + ...readySessionMeta(), + runtimeSessionName: `runtime:${sessionKey}`, + }, + }; + }); + const limitedCfg = { + acp: { + ...baseCfg.acp, + maxConcurrentSessions: 1, + }, + } as OpenClawConfig; + + const manager = new AcpSessionManager(); + await manager.runTurn({ + cfg: limitedCfg, + sessionKey: "agent:codex:acp:session-a", + text: "first", + mode: "prompt", + requestId: "r1", + }); + + const closeResult = await manager.closeSession({ + cfg: limitedCfg, + sessionKey: "agent:codex:acp:session-a", + reason: "manual-close", + allowBackendUnavailable: true, + }); + expect(closeResult.runtimeClosed).toBe(false); + expect(closeResult.runtimeNotice).toBe("acpx exited with code 1"); + + await expect( + manager.runTurn({ + cfg: limitedCfg, + sessionKey: "agent:codex:acp:session-b", + text: "second", + mode: "prompt", + requestId: "r2", + }), + ).resolves.toBeUndefined(); + expect(runtimeState.ensureSession).toHaveBeenCalledTimes(2); + }); + it("evicts idle cached runtimes before enforcing max concurrent limits", async () => { vi.useFakeTimers(); try { @@ -804,6 +908,82 @@ describe("AcpSessionManager", () => { expect(states.at(-1)).toBe("error"); }); + it("marks the session as errored when runtime ensure fails before turn start", async () => { + const runtimeState = createRuntime(); + runtimeState.ensureSession.mockRejectedValue(new Error("acpx exited with code 1")); + hoisted.requireAcpRuntimeBackendMock.mockReturnValue({ + id: "acpx", + runtime: runtimeState.runtime, + }); + hoisted.readAcpSessionEntryMock.mockReturnValue({ + sessionKey: "agent:codex:acp:session-1", + storeSessionKey: "agent:codex:acp:session-1", + acp: { + ...readySessionMeta(), + state: "running", + }, + }); + + const manager = new AcpSessionManager(); + await expect( + manager.runTurn({ + cfg: baseCfg, + sessionKey: "agent:codex:acp:session-1", + text: "do work", + mode: "prompt", + requestId: "run-1", + }), + ).rejects.toMatchObject({ + code: "ACP_SESSION_INIT_FAILED", + message: "acpx exited with code 1", + }); + + const states = extractStatesFromUpserts(); + expect(states).not.toContain("running"); + expect(states.at(-1)).toBe("error"); + }); + + it("retries once with a fresh runtime handle after an early acpx exit", async () => { + const runtimeState = createRuntime(); + hoisted.requireAcpRuntimeBackendMock.mockReturnValue({ + id: "acpx", + runtime: runtimeState.runtime, + }); + hoisted.readAcpSessionEntryMock.mockReturnValue({ + sessionKey: "agent:codex:acp:session-1", + storeSessionKey: "agent:codex:acp:session-1", + acp: readySessionMeta(), + }); + runtimeState.runTurn + .mockImplementationOnce(async function* () { + yield { + type: "error" as const, + message: "acpx exited with code 1", + }; + }) + .mockImplementationOnce(async function* () { + yield { type: "done" as const }; + }); + + const manager = new AcpSessionManager(); + await expect( + manager.runTurn({ + cfg: baseCfg, + sessionKey: "agent:codex:acp:session-1", + text: "do work", + mode: "prompt", + requestId: "run-1", + }), + ).resolves.toBeUndefined(); + + expect(runtimeState.ensureSession).toHaveBeenCalledTimes(2); + expect(runtimeState.runTurn).toHaveBeenCalledTimes(2); + const states = extractStatesFromUpserts(); + expect(states).toContain("running"); + expect(states).toContain("idle"); + expect(states).not.toContain("error"); + }); + it("persists runtime mode changes through setSessionRuntimeMode", async () => { const runtimeState = createRuntime(); hoisted.requireAcpRuntimeBackendMock.mockReturnValue({ diff --git a/src/acp/persistent-bindings.lifecycle.test.ts b/src/acp/persistent-bindings.lifecycle.test.ts new file mode 100644 index 00000000000..44e159d887f --- /dev/null +++ b/src/acp/persistent-bindings.lifecycle.test.ts @@ -0,0 +1,100 @@ +import { beforeEach, describe, expect, it, vi } from "vitest"; +import { importFreshModule } from "../../test/helpers/import-fresh.js"; +import type { OpenClawConfig } from "../config/config.js"; + +const managerMocks = vi.hoisted(() => ({ + closeSession: vi.fn(), + initializeSession: vi.fn(), + updateSessionRuntimeOptions: vi.fn(), +})); + +const sessionMetaMocks = vi.hoisted(() => ({ + readAcpSessionEntry: vi.fn(), +})); + +const resolveMocks = vi.hoisted(() => ({ + resolveConfiguredAcpBindingSpecBySessionKey: vi.fn(), +})); + +vi.mock("./control-plane/manager.js", () => ({ + getAcpSessionManager: () => ({ + closeSession: managerMocks.closeSession, + initializeSession: managerMocks.initializeSession, + updateSessionRuntimeOptions: managerMocks.updateSessionRuntimeOptions, + }), +})); + +vi.mock("./runtime/session-meta.js", () => ({ + readAcpSessionEntry: sessionMetaMocks.readAcpSessionEntry, +})); + +vi.mock("./persistent-bindings.resolve.js", () => ({ + resolveConfiguredAcpBindingSpecBySessionKey: + resolveMocks.resolveConfiguredAcpBindingSpecBySessionKey, +})); +type BindingTargetsModule = typeof import("../channels/plugins/binding-targets.js"); +let bindingTargets: BindingTargetsModule; +let bindingTargetsImportScope = 0; + +const baseCfg = { + session: { mainKey: "main", scope: "per-sender" }, + agents: { + list: [{ id: "codex" }, { id: "claude" }], + }, +} satisfies OpenClawConfig; + +beforeEach(async () => { + vi.resetModules(); + bindingTargetsImportScope += 1; + bindingTargets = await importFreshModule( + import.meta.url, + `../channels/plugins/binding-targets.js?scope=${bindingTargetsImportScope}`, + ); + managerMocks.closeSession.mockReset().mockResolvedValue({ + runtimeClosed: true, + metaCleared: false, + }); + managerMocks.initializeSession.mockReset().mockResolvedValue(undefined); + managerMocks.updateSessionRuntimeOptions.mockReset().mockResolvedValue(undefined); + sessionMetaMocks.readAcpSessionEntry.mockReset().mockReturnValue(undefined); + resolveMocks.resolveConfiguredAcpBindingSpecBySessionKey.mockReset().mockReturnValue(null); +}); + +describe("resetConfiguredBindingTargetInPlace", () => { + it("does not resolve configured bindings when ACP metadata already exists", async () => { + const sessionKey = "agent:claude:acp:binding:discord:default:9373ab192b2317f4"; + sessionMetaMocks.readAcpSessionEntry.mockReturnValue({ + acp: { + agent: "claude", + mode: "persistent", + backend: "acpx", + runtimeOptions: { cwd: "/home/bob/clawd" }, + }, + }); + resolveMocks.resolveConfiguredAcpBindingSpecBySessionKey.mockImplementation(() => { + throw new Error("configured binding resolution should be skipped"); + }); + + const result = await bindingTargets.resetConfiguredBindingTargetInPlace({ + cfg: baseCfg, + sessionKey, + reason: "reset", + }); + + expect(result).toEqual({ ok: true }); + expect(resolveMocks.resolveConfiguredAcpBindingSpecBySessionKey).not.toHaveBeenCalled(); + expect(managerMocks.closeSession).toHaveBeenCalledWith( + expect.objectContaining({ + sessionKey, + clearMeta: false, + }), + ); + expect(managerMocks.initializeSession).toHaveBeenCalledWith( + expect.objectContaining({ + sessionKey, + agent: "claude", + backendId: "acpx", + }), + ); + }); +}); diff --git a/src/acp/persistent-bindings.lifecycle.ts b/src/acp/persistent-bindings.lifecycle.ts index 2a2cf6b9c20..9f43b584da3 100644 --- a/src/acp/persistent-bindings.lifecycle.ts +++ b/src/acp/persistent-bindings.lifecycle.ts @@ -8,6 +8,7 @@ import { buildConfiguredAcpSessionKey, normalizeText, type ConfiguredAcpBindingSpec, + type ResolvedConfiguredAcpBinding, } from "./persistent-bindings.types.js"; import { readAcpSessionEntry } from "./runtime/session-meta.js"; @@ -96,7 +97,7 @@ export async function ensureConfiguredAcpBindingSession(params: { } catch (error) { const message = error instanceof Error ? error.message : String(error); logVerbose( - `acp-persistent-binding: failed ensuring ${params.spec.channel}:${params.spec.accountId}:${params.spec.conversationId} -> ${sessionKey}: ${message}`, + `acp-configured-binding: failed ensuring ${params.spec.channel}:${params.spec.accountId}:${params.spec.conversationId} -> ${sessionKey}: ${message}`, ); return { ok: false, @@ -106,6 +107,26 @@ export async function ensureConfiguredAcpBindingSession(params: { } } +export async function ensureConfiguredAcpBindingReady(params: { + cfg: OpenClawConfig; + configuredBinding: ResolvedConfiguredAcpBinding | null; +}): Promise<{ ok: true } | { ok: false; error: string }> { + if (!params.configuredBinding) { + return { ok: true }; + } + const ensured = await ensureConfiguredAcpBindingSession({ + cfg: params.cfg, + spec: params.configuredBinding.spec, + }); + if (ensured.ok) { + return { ok: true }; + } + return { + ok: false, + error: ensured.error ?? "unknown error", + }; +} + export async function resetAcpSessionInPlace(params: { cfg: OpenClawConfig; sessionKey: string; @@ -119,14 +140,17 @@ export async function resetAcpSessionInPlace(params: { }; } - const configuredBinding = resolveConfiguredAcpBindingSpecBySessionKey({ - cfg: params.cfg, - sessionKey, - }); const meta = readAcpSessionEntry({ cfg: params.cfg, sessionKey, })?.acp; + const configuredBinding = + !meta || !normalizeText(meta.agent) + ? resolveConfiguredAcpBindingSpecBySessionKey({ + cfg: params.cfg, + sessionKey, + }) + : null; if (!meta) { if (configuredBinding) { const ensured = await ensureConfiguredAcpBindingSession({ @@ -189,7 +213,7 @@ export async function resetAcpSessionInPlace(params: { return { ok: true }; } catch (error) { const message = error instanceof Error ? error.message : String(error); - logVerbose(`acp-persistent-binding: failed reset for ${sessionKey}: ${message}`); + logVerbose(`acp-configured-binding: failed reset for ${sessionKey}: ${message}`); return { ok: false, error: message, diff --git a/src/acp/persistent-bindings.resolve.ts b/src/acp/persistent-bindings.resolve.ts index d0039078378..068b89f8891 100644 --- a/src/acp/persistent-bindings.resolve.ts +++ b/src/acp/persistent-bindings.resolve.ts @@ -1,275 +1,17 @@ -import { getChannelPlugin } from "../channels/plugins/index.js"; -import { listAcpBindings } from "../config/bindings.js"; +import { + resolveConfiguredBindingRecord, + resolveConfiguredBindingRecordBySessionKey, + resolveConfiguredBindingRecordForConversation, +} from "../channels/plugins/binding-registry.js"; import type { OpenClawConfig } from "../config/config.js"; -import type { AgentAcpBinding } from "../config/types.js"; -import { pickFirstExistingAgentId } from "../routing/resolve-route.js"; +import type { ConversationRef } from "../infra/outbound/session-binding-service.js"; import { - DEFAULT_ACCOUNT_ID, - normalizeAccountId, - parseAgentSessionKey, -} from "../routing/session-key.js"; -import { - buildConfiguredAcpSessionKey, - normalizeBindingConfig, - normalizeMode, - normalizeText, - toConfiguredAcpBindingRecord, - type ConfiguredAcpBindingChannel, + resolveConfiguredAcpBindingSpecFromRecord, + toResolvedConfiguredAcpBinding, type ConfiguredAcpBindingSpec, type ResolvedConfiguredAcpBinding, } from "./persistent-bindings.types.js"; -function normalizeBindingChannel(value: string | undefined): ConfiguredAcpBindingChannel | null { - const normalized = (value ?? "").trim().toLowerCase(); - if (!normalized) { - return null; - } - const plugin = getChannelPlugin(normalized); - return plugin?.acpBindings ? plugin.id : null; -} - -function resolveAccountMatchPriority(match: string | undefined, actual: string): 0 | 1 | 2 { - const trimmed = (match ?? "").trim(); - if (!trimmed) { - return actual === DEFAULT_ACCOUNT_ID ? 2 : 0; - } - if (trimmed === "*") { - return 1; - } - return normalizeAccountId(trimmed) === actual ? 2 : 0; -} - -function resolveBindingConversationId(binding: AgentAcpBinding): string | null { - const id = binding.match.peer?.id?.trim(); - return id ? id : null; -} - -function parseConfiguredBindingSessionKey(params: { - sessionKey: string; -}): { channel: ConfiguredAcpBindingChannel; accountId: string } | null { - const parsed = parseAgentSessionKey(params.sessionKey); - const rest = parsed?.rest?.trim().toLowerCase() ?? ""; - if (!rest) { - return null; - } - const tokens = rest.split(":"); - if (tokens.length !== 5 || tokens[0] !== "acp" || tokens[1] !== "binding") { - return null; - } - const channel = normalizeBindingChannel(tokens[2]); - if (!channel) { - return null; - } - return { - channel, - accountId: normalizeAccountId(tokens[3]), - }; -} - -function resolveAgentRuntimeAcpDefaults(params: { cfg: OpenClawConfig; ownerAgentId: string }): { - acpAgentId?: string; - mode?: string; - cwd?: string; - backend?: string; -} { - const agent = params.cfg.agents?.list?.find( - (entry) => entry.id?.trim().toLowerCase() === params.ownerAgentId.toLowerCase(), - ); - if (!agent || agent.runtime?.type !== "acp") { - return {}; - } - return { - acpAgentId: normalizeText(agent.runtime.acp?.agent), - mode: normalizeText(agent.runtime.acp?.mode), - cwd: normalizeText(agent.runtime.acp?.cwd), - backend: normalizeText(agent.runtime.acp?.backend), - }; -} - -function toConfiguredBindingSpec(params: { - cfg: OpenClawConfig; - channel: ConfiguredAcpBindingChannel; - accountId: string; - conversationId: string; - parentConversationId?: string; - binding: AgentAcpBinding; -}): ConfiguredAcpBindingSpec { - const accountId = normalizeAccountId(params.accountId); - const agentId = pickFirstExistingAgentId(params.cfg, params.binding.agentId ?? "main"); - const runtimeDefaults = resolveAgentRuntimeAcpDefaults({ - cfg: params.cfg, - ownerAgentId: agentId, - }); - const bindingOverrides = normalizeBindingConfig(params.binding.acp); - const acpAgentId = normalizeText(runtimeDefaults.acpAgentId); - const mode = normalizeMode(bindingOverrides.mode ?? runtimeDefaults.mode); - return { - channel: params.channel, - accountId, - conversationId: params.conversationId, - parentConversationId: params.parentConversationId, - agentId, - acpAgentId, - mode, - cwd: bindingOverrides.cwd ?? runtimeDefaults.cwd, - backend: bindingOverrides.backend ?? runtimeDefaults.backend, - label: bindingOverrides.label, - }; -} - -function resolveConfiguredBindingRecord(params: { - cfg: OpenClawConfig; - bindings: AgentAcpBinding[]; - channel: ConfiguredAcpBindingChannel; - accountId: string; - selectConversation: (binding: AgentAcpBinding) => { - conversationId: string; - parentConversationId?: string; - matchPriority?: number; - } | null; -}): ResolvedConfiguredAcpBinding | null { - let wildcardMatch: { - binding: AgentAcpBinding; - conversationId: string; - parentConversationId?: string; - matchPriority: number; - } | null = null; - let exactMatch: { - binding: AgentAcpBinding; - conversationId: string; - parentConversationId?: string; - matchPriority: number; - } | null = null; - for (const binding of params.bindings) { - if (normalizeBindingChannel(binding.match.channel) !== params.channel) { - continue; - } - const accountMatchPriority = resolveAccountMatchPriority( - binding.match.accountId, - params.accountId, - ); - if (accountMatchPriority === 0) { - continue; - } - const conversation = params.selectConversation(binding); - if (!conversation) { - continue; - } - const matchPriority = conversation.matchPriority ?? 0; - if (accountMatchPriority === 2) { - if (!exactMatch || matchPriority > exactMatch.matchPriority) { - exactMatch = { - binding, - conversationId: conversation.conversationId, - parentConversationId: conversation.parentConversationId, - matchPriority, - }; - } - continue; - } - if (!wildcardMatch || matchPriority > wildcardMatch.matchPriority) { - wildcardMatch = { - binding, - conversationId: conversation.conversationId, - parentConversationId: conversation.parentConversationId, - matchPriority, - }; - } - } - if (exactMatch) { - const spec = toConfiguredBindingSpec({ - cfg: params.cfg, - channel: params.channel, - accountId: params.accountId, - conversationId: exactMatch.conversationId, - parentConversationId: exactMatch.parentConversationId, - binding: exactMatch.binding, - }); - return { - spec, - record: toConfiguredAcpBindingRecord(spec), - }; - } - if (!wildcardMatch) { - return null; - } - const spec = toConfiguredBindingSpec({ - cfg: params.cfg, - channel: params.channel, - accountId: params.accountId, - conversationId: wildcardMatch.conversationId, - parentConversationId: wildcardMatch.parentConversationId, - binding: wildcardMatch.binding, - }); - return { - spec, - record: toConfiguredAcpBindingRecord(spec), - }; -} - -export function resolveConfiguredAcpBindingSpecBySessionKey(params: { - cfg: OpenClawConfig; - sessionKey: string; -}): ConfiguredAcpBindingSpec | null { - const sessionKey = params.sessionKey.trim(); - if (!sessionKey) { - return null; - } - const parsedSessionKey = parseConfiguredBindingSessionKey({ sessionKey }); - if (!parsedSessionKey) { - return null; - } - const plugin = getChannelPlugin(parsedSessionKey.channel); - const acpBindings = plugin?.acpBindings; - if (!acpBindings?.normalizeConfiguredBindingTarget) { - return null; - } - - let wildcardMatch: ConfiguredAcpBindingSpec | null = null; - for (const binding of listAcpBindings(params.cfg)) { - const channel = normalizeBindingChannel(binding.match.channel); - if (!channel || channel !== parsedSessionKey.channel) { - continue; - } - const accountMatchPriority = resolveAccountMatchPriority( - binding.match.accountId, - parsedSessionKey.accountId, - ); - if (accountMatchPriority === 0) { - continue; - } - const targetConversationId = resolveBindingConversationId(binding); - if (!targetConversationId) { - continue; - } - const target = acpBindings.normalizeConfiguredBindingTarget({ - binding, - conversationId: targetConversationId, - }); - if (!target) { - continue; - } - const spec = toConfiguredBindingSpec({ - cfg: params.cfg, - channel, - accountId: parsedSessionKey.accountId, - conversationId: target.conversationId, - parentConversationId: target.parentConversationId, - binding, - }); - if (buildConfiguredAcpSessionKey(spec) !== sessionKey) { - continue; - } - if (accountMatchPriority === 2) { - return spec; - } - if (!wildcardMatch) { - wildcardMatch = spec; - } - } - return wildcardMatch; -} - export function resolveConfiguredAcpBindingRecord(params: { cfg: OpenClawConfig; channel: string; @@ -277,36 +19,22 @@ export function resolveConfiguredAcpBindingRecord(params: { conversationId: string; parentConversationId?: string; }): ResolvedConfiguredAcpBinding | null { - const channel = normalizeBindingChannel(params.channel); - const accountId = normalizeAccountId(params.accountId); - const conversationId = params.conversationId.trim(); - const parentConversationId = params.parentConversationId?.trim() || undefined; - if (!channel || !conversationId) { - return null; - } - const plugin = getChannelPlugin(channel); - const acpBindings = plugin?.acpBindings; - if (!acpBindings?.matchConfiguredBinding) { - return null; - } - const matchConfiguredBinding = acpBindings.matchConfiguredBinding; - - return resolveConfiguredBindingRecord({ - cfg: params.cfg, - bindings: listAcpBindings(params.cfg), - channel, - accountId, - selectConversation: (binding) => { - const bindingConversationId = resolveBindingConversationId(binding); - if (!bindingConversationId) { - return null; - } - return matchConfiguredBinding({ - binding, - bindingConversationId, - conversationId, - parentConversationId, - }); - }, - }); + const resolved = resolveConfiguredBindingRecord(params); + return resolved ? toResolvedConfiguredAcpBinding(resolved.record) : null; +} + +export function resolveConfiguredAcpBindingRecordForConversation(params: { + cfg: OpenClawConfig; + conversation: ConversationRef; +}): ResolvedConfiguredAcpBinding | null { + const resolved = resolveConfiguredBindingRecordForConversation(params); + return resolved ? toResolvedConfiguredAcpBinding(resolved.record) : null; +} + +export function resolveConfiguredAcpBindingSpecBySessionKey(params: { + cfg: OpenClawConfig; + sessionKey: string; +}): ConfiguredAcpBindingSpec | null { + const resolved = resolveConfiguredBindingRecordBySessionKey(params); + return resolved ? resolveConfiguredAcpBindingSpecFromRecord(resolved.record) : null; } diff --git a/src/acp/persistent-bindings.route.ts b/src/acp/persistent-bindings.route.ts deleted file mode 100644 index d11d46d423d..00000000000 --- a/src/acp/persistent-bindings.route.ts +++ /dev/null @@ -1,81 +0,0 @@ -import type { OpenClawConfig } from "../config/config.js"; -import type { ResolvedAgentRoute } from "../routing/resolve-route.js"; -import { deriveLastRoutePolicy } from "../routing/resolve-route.js"; -import { resolveAgentIdFromSessionKey } from "../routing/session-key.js"; -import { - ensureConfiguredAcpBindingSession, - resolveConfiguredAcpBindingRecord, - type ConfiguredAcpBindingChannel, - type ResolvedConfiguredAcpBinding, -} from "./persistent-bindings.js"; - -export function resolveConfiguredAcpRoute(params: { - cfg: OpenClawConfig; - route: ResolvedAgentRoute; - channel: ConfiguredAcpBindingChannel; - accountId: string; - conversationId: string; - parentConversationId?: string; -}): { - configuredBinding: ResolvedConfiguredAcpBinding | null; - route: ResolvedAgentRoute; - boundSessionKey?: string; - boundAgentId?: string; -} { - const configuredBinding = resolveConfiguredAcpBindingRecord({ - cfg: params.cfg, - channel: params.channel, - accountId: params.accountId, - conversationId: params.conversationId, - parentConversationId: params.parentConversationId, - }); - if (!configuredBinding) { - return { - configuredBinding: null, - route: params.route, - }; - } - const boundSessionKey = configuredBinding.record.targetSessionKey?.trim() ?? ""; - if (!boundSessionKey) { - return { - configuredBinding, - route: params.route, - }; - } - const boundAgentId = resolveAgentIdFromSessionKey(boundSessionKey) || params.route.agentId; - return { - configuredBinding, - boundSessionKey, - boundAgentId, - route: { - ...params.route, - sessionKey: boundSessionKey, - agentId: boundAgentId, - lastRoutePolicy: deriveLastRoutePolicy({ - sessionKey: boundSessionKey, - mainSessionKey: params.route.mainSessionKey, - }), - matchedBy: "binding.channel", - }, - }; -} - -export async function ensureConfiguredAcpRouteReady(params: { - cfg: OpenClawConfig; - configuredBinding: ResolvedConfiguredAcpBinding | null; -}): Promise<{ ok: true } | { ok: false; error: string }> { - if (!params.configuredBinding) { - return { ok: true }; - } - const ensured = await ensureConfiguredAcpBindingSession({ - cfg: params.cfg, - spec: params.configuredBinding.spec, - }); - if (ensured.ok) { - return { ok: true }; - } - return { - ok: false, - error: ensured.error ?? "unknown error", - }; -} diff --git a/src/acp/persistent-bindings.test.ts b/src/acp/persistent-bindings.test.ts index 147c4a455c9..27b0e59733c 100644 --- a/src/acp/persistent-bindings.test.ts +++ b/src/acp/persistent-bindings.test.ts @@ -2,9 +2,12 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; import { discordPlugin } from "../../extensions/discord/src/channel.js"; import { feishuPlugin } from "../../extensions/feishu/src/channel.js"; import { telegramPlugin } from "../../extensions/telegram/src/channel.js"; +import { importFreshModule } from "../../test/helpers/import-fresh.js"; +import { resolveAgentWorkspaceDir } from "../agents/agent-scope.js"; import type { OpenClawConfig } from "../config/config.js"; import { setActivePluginRegistry } from "../plugins/runtime.js"; import { createTestRegistry } from "../test-utils/channel-plugins.js"; +import { buildConfiguredAcpSessionKey } from "./persistent-bindings.types.js"; const managerMocks = vi.hoisted(() => ({ resolveSession: vi.fn(), closeSession: vi.fn(), @@ -27,17 +30,24 @@ vi.mock("./runtime/session-meta.js", () => ({ readAcpSessionEntry: sessionMetaMocks.readAcpSessionEntry, })); -import { - buildConfiguredAcpSessionKey, - ensureConfiguredAcpBindingSession, - resetAcpSessionInPlace, - resolveConfiguredAcpBindingRecord, - resolveConfiguredAcpBindingSpecBySessionKey, -} from "./persistent-bindings.js"; +type PersistentBindingsModule = Pick< + typeof import("./persistent-bindings.resolve.js"), + "resolveConfiguredAcpBindingRecord" | "resolveConfiguredAcpBindingSpecBySessionKey" +> & + Pick< + typeof import("./persistent-bindings.lifecycle.js"), + "ensureConfiguredAcpBindingSession" | "resetAcpSessionInPlace" + >; +let persistentBindings: PersistentBindingsModule; +let persistentBindingsImportScope = 0; type ConfiguredBinding = NonNullable[number]; -type BindingRecordInput = Parameters[0]; -type BindingSpec = Parameters[0]["spec"]; +type BindingRecordInput = Parameters< + PersistentBindingsModule["resolveConfiguredAcpBindingRecord"] +>[0]; +type BindingSpec = Parameters< + PersistentBindingsModule["ensureConfiguredAcpBindingSession"] +>[0]["spec"]; const baseCfg = { session: { mainKey: "main", scope: "per-sender" }, @@ -117,7 +127,7 @@ function createFeishuBinding(params: { } function resolveBindingRecord(cfg: OpenClawConfig, overrides: Partial = {}) { - return resolveConfiguredAcpBindingRecord({ + return persistentBindings.resolveConfiguredAcpBindingRecord({ cfg, channel: "discord", accountId: defaultDiscordAccountId, @@ -131,7 +141,7 @@ function resolveDiscordBindingSpecBySession( conversationId = defaultDiscordConversationId, ) { const resolved = resolveBindingRecord(cfg, { conversationId }); - return resolveConfiguredAcpBindingSpecBySessionKey({ + return persistentBindings.resolveConfiguredAcpBindingSpecBySessionKey({ cfg, sessionKey: resolved?.record.targetSessionKey ?? "", }); @@ -148,7 +158,11 @@ function createDiscordPersistentSpec(overrides: Partial = {}): Bind } as BindingSpec; } -function mockReadySession(params: { spec: BindingSpec; cwd: string }) { +function mockReadySession(params: { + spec: BindingSpec; + cwd: string; + state?: "idle" | "running" | "error"; +}) { const sessionKey = buildConfiguredAcpSessionKey(params.spec); managerMocks.resolveSession.mockReturnValue({ kind: "ready", @@ -159,14 +173,33 @@ function mockReadySession(params: { spec: BindingSpec; cwd: string }) { runtimeSessionName: "existing", mode: params.spec.mode, runtimeOptions: { cwd: params.cwd }, - state: "idle", + state: params.state ?? "idle", lastActivityAt: Date.now(), }, }); return sessionKey; } -beforeEach(() => { +beforeEach(async () => { + vi.resetModules(); + persistentBindingsImportScope += 1; + const [resolveModule, lifecycleModule] = await Promise.all([ + importFreshModule( + import.meta.url, + `./persistent-bindings.resolve.js?scope=${persistentBindingsImportScope}`, + ), + importFreshModule( + import.meta.url, + `./persistent-bindings.lifecycle.js?scope=${persistentBindingsImportScope}`, + ), + ]); + persistentBindings = { + resolveConfiguredAcpBindingRecord: resolveModule.resolveConfiguredAcpBindingRecord, + resolveConfiguredAcpBindingSpecBySessionKey: + resolveModule.resolveConfiguredAcpBindingSpecBySessionKey, + ensureConfiguredAcpBindingSession: lifecycleModule.ensureConfiguredAcpBindingSession, + resetAcpSessionInPlace: lifecycleModule.resetAcpSessionInPlace, + }; setActivePluginRegistry( createTestRegistry([ { pluginId: "discord", plugin: discordPlugin, source: "test" }, @@ -252,7 +285,7 @@ describe("resolveConfiguredAcpBindingRecord", () => { }), ]); - const resolved = resolveConfiguredAcpBindingRecord({ + const resolved = persistentBindings.resolveConfiguredAcpBindingRecord({ cfg, channel: "feishu", accountId: "work", @@ -307,13 +340,13 @@ describe("resolveConfiguredAcpBindingRecord", () => { }), ]); - const canonical = resolveConfiguredAcpBindingRecord({ + const canonical = persistentBindings.resolveConfiguredAcpBindingRecord({ cfg, channel: "telegram", accountId: "default", conversationId: "-1001234567890:topic:42", }); - const splitIds = resolveConfiguredAcpBindingRecord({ + const splitIds = persistentBindings.resolveConfiguredAcpBindingRecord({ cfg, channel: "telegram", accountId: "default", @@ -336,7 +369,7 @@ describe("resolveConfiguredAcpBindingRecord", () => { }), ]); - const resolved = resolveConfiguredAcpBindingRecord({ + const resolved = persistentBindings.resolveConfiguredAcpBindingRecord({ cfg, channel: "telegram", accountId: "default", @@ -353,7 +386,7 @@ describe("resolveConfiguredAcpBindingRecord", () => { }), ]); - const resolved = resolveConfiguredAcpBindingRecord({ + const resolved = persistentBindings.resolveConfiguredAcpBindingRecord({ cfg, channel: "feishu", accountId: "default", @@ -373,7 +406,7 @@ describe("resolveConfiguredAcpBindingRecord", () => { }), ]); - const resolved = resolveConfiguredAcpBindingRecord({ + const resolved = persistentBindings.resolveConfiguredAcpBindingRecord({ cfg, channel: "feishu", accountId: "default", @@ -394,7 +427,7 @@ describe("resolveConfiguredAcpBindingRecord", () => { }), ]); - const resolved = resolveConfiguredAcpBindingRecord({ + const resolved = persistentBindings.resolveConfiguredAcpBindingRecord({ cfg, channel: "feishu", accountId: "default", @@ -416,7 +449,7 @@ describe("resolveConfiguredAcpBindingRecord", () => { }), ]); - const resolved = resolveConfiguredAcpBindingRecord({ + const resolved = persistentBindings.resolveConfiguredAcpBindingRecord({ cfg, channel: "feishu", accountId: "default", @@ -438,7 +471,7 @@ describe("resolveConfiguredAcpBindingRecord", () => { }), ]); - const resolved = resolveConfiguredAcpBindingRecord({ + const resolved = persistentBindings.resolveConfiguredAcpBindingRecord({ cfg, channel: "feishu", accountId: "default", @@ -457,7 +490,7 @@ describe("resolveConfiguredAcpBindingRecord", () => { }), ]); - const resolved = resolveConfiguredAcpBindingRecord({ + const resolved = persistentBindings.resolveConfiguredAcpBindingRecord({ cfg, channel: "feishu", accountId: "default", @@ -503,6 +536,25 @@ describe("resolveConfiguredAcpBindingRecord", () => { expect(resolved?.spec.cwd).toBe("/workspace/repo-a"); expect(resolved?.spec.backend).toBe("acpx"); }); + + it("derives configured binding cwd from an explicit agent workspace", () => { + const cfg = createCfgWithBindings( + [ + createDiscordBinding({ + agentId: "codex", + conversationId: defaultDiscordConversationId, + }), + ], + { + agents: { + list: [{ id: "codex", workspace: "/workspace/openclaw" }, { id: "claude" }], + }, + }, + ); + const resolved = resolveBindingRecord(cfg); + + expect(resolved?.spec.cwd).toBe(resolveAgentWorkspaceDir(cfg, "codex")); + }); }); describe("resolveConfiguredAcpBindingSpecBySessionKey", () => { @@ -523,7 +575,7 @@ describe("resolveConfiguredAcpBindingSpecBySessionKey", () => { }); it("returns null for unknown session keys", () => { - const spec = resolveConfiguredAcpBindingSpecBySessionKey({ + const spec = persistentBindings.resolveConfiguredAcpBindingSpecBySessionKey({ cfg: baseCfg, sessionKey: "agent:main:acp:binding:discord:default:notfound", }); @@ -557,13 +609,13 @@ describe("resolveConfiguredAcpBindingSpecBySessionKey", () => { acp: { backend: "acpx" }, }), ]); - const resolved = resolveConfiguredAcpBindingRecord({ + const resolved = persistentBindings.resolveConfiguredAcpBindingRecord({ cfg, channel: "feishu", accountId: "default", conversationId: "user_123", }); - const spec = resolveConfiguredAcpBindingSpecBySessionKey({ + const spec = persistentBindings.resolveConfiguredAcpBindingSpecBySessionKey({ cfg, sessionKey: resolved?.record.targetSessionKey ?? "", }); @@ -603,7 +655,7 @@ describe("ensureConfiguredAcpBindingSession", () => { cwd: "/workspace/openclaw", }); - const ensured = await ensureConfiguredAcpBindingSession({ + const ensured = await persistentBindings.ensureConfiguredAcpBindingSession({ cfg: baseCfg, spec, }); @@ -622,7 +674,7 @@ describe("ensureConfiguredAcpBindingSession", () => { cwd: "/workspace/other-repo", }); - const ensured = await ensureConfiguredAcpBindingSession({ + const ensured = await persistentBindings.ensureConfiguredAcpBindingSession({ cfg: baseCfg, spec, }); @@ -638,6 +690,26 @@ describe("ensureConfiguredAcpBindingSession", () => { expect(managerMocks.initializeSession).toHaveBeenCalledTimes(1); }); + it("keeps a matching ready session even when the stored ACP session is in error state", async () => { + const spec = createDiscordPersistentSpec({ + cwd: "/home/bob/clawd", + }); + const sessionKey = mockReadySession({ + spec, + cwd: "/home/bob/clawd", + state: "error", + }); + + const ensured = await persistentBindings.ensureConfiguredAcpBindingSession({ + cfg: baseCfg, + spec, + }); + + expect(ensured).toEqual({ ok: true, sessionKey }); + expect(managerMocks.closeSession).not.toHaveBeenCalled(); + expect(managerMocks.initializeSession).not.toHaveBeenCalled(); + }); + it("initializes ACP session with runtime agent override when provided", async () => { const spec = createDiscordPersistentSpec({ agentId: "coding", @@ -645,7 +717,7 @@ describe("ensureConfiguredAcpBindingSession", () => { }); managerMocks.resolveSession.mockReturnValue({ kind: "none" }); - const ensured = await ensureConfiguredAcpBindingSession({ + const ensured = await persistentBindings.ensureConfiguredAcpBindingSession({ cfg: baseCfg, spec, }); @@ -681,7 +753,7 @@ describe("resetAcpSessionInPlace", () => { }); managerMocks.resolveSession.mockReturnValue({ kind: "none" }); - const result = await resetAcpSessionInPlace({ + const result = await persistentBindings.resetAcpSessionInPlace({ cfg, sessionKey, reason: "new", @@ -710,7 +782,7 @@ describe("resetAcpSessionInPlace", () => { }); managerMocks.initializeSession.mockRejectedValueOnce(new Error("backend unavailable")); - const result = await resetAcpSessionInPlace({ + const result = await persistentBindings.resetAcpSessionInPlace({ cfg: baseCfg, sessionKey, reason: "reset", @@ -741,7 +813,7 @@ describe("resetAcpSessionInPlace", () => { }, }); - const result = await resetAcpSessionInPlace({ + const result = await persistentBindings.resetAcpSessionInPlace({ cfg, sessionKey, reason: "reset", @@ -755,4 +827,64 @@ describe("resetAcpSessionInPlace", () => { }), ); }); + + it("preserves configured ACP agent overrides during in-place reset when metadata omits the agent", async () => { + const cfg = createCfgWithBindings( + [ + createDiscordBinding({ + agentId: "coding", + conversationId: "1478844424791396446", + }), + ], + { + agents: { + list: [ + { id: "main" }, + { + id: "coding", + runtime: { + type: "acp", + acp: { + agent: "codex", + backend: "acpx", + mode: "persistent", + }, + }, + }, + { id: "claude" }, + ], + }, + }, + ); + const sessionKey = buildConfiguredAcpSessionKey({ + channel: "discord", + accountId: "default", + conversationId: "1478844424791396446", + agentId: "coding", + acpAgentId: "codex", + mode: "persistent", + backend: "acpx", + }); + sessionMetaMocks.readAcpSessionEntry.mockReturnValue({ + acp: { + mode: "persistent", + backend: "acpx", + }, + }); + + const result = await persistentBindings.resetAcpSessionInPlace({ + cfg, + sessionKey, + reason: "reset", + }); + + expect(result).toEqual({ ok: true }); + expect(managerMocks.initializeSession).toHaveBeenCalledWith( + expect.objectContaining({ + sessionKey, + agent: "codex", + backendId: "acpx", + }), + ); + }); }); diff --git a/src/acp/persistent-bindings.ts b/src/acp/persistent-bindings.ts deleted file mode 100644 index d5b1f4ce729..00000000000 --- a/src/acp/persistent-bindings.ts +++ /dev/null @@ -1,19 +0,0 @@ -export { - buildConfiguredAcpSessionKey, - normalizeBindingConfig, - normalizeMode, - normalizeText, - toConfiguredAcpBindingRecord, - type AcpBindingConfigShape, - type ConfiguredAcpBindingChannel, - type ConfiguredAcpBindingSpec, - type ResolvedConfiguredAcpBinding, -} from "./persistent-bindings.types.js"; -export { - ensureConfiguredAcpBindingSession, - resetAcpSessionInPlace, -} from "./persistent-bindings.lifecycle.js"; -export { - resolveConfiguredAcpBindingRecord, - resolveConfiguredAcpBindingSpecBySessionKey, -} from "./persistent-bindings.resolve.js"; diff --git a/src/acp/persistent-bindings.types.ts b/src/acp/persistent-bindings.types.ts index 3583fc4cd9f..3b5a0335a59 100644 --- a/src/acp/persistent-bindings.types.ts +++ b/src/acp/persistent-bindings.types.ts @@ -1,6 +1,7 @@ import { createHash } from "node:crypto"; import type { ChannelId } from "../channels/plugins/types.js"; import type { SessionBindingRecord } from "../infra/outbound/session-binding-service.js"; +import { normalizeAccountId, resolveAgentIdFromSessionKey } from "../routing/session-key.js"; import { sanitizeAgentId } from "../routing/session-key.js"; import type { AcpRuntimeSessionMode } from "./runtime/types.js"; @@ -104,3 +105,72 @@ export function toConfiguredAcpBindingRecord(spec: ConfiguredAcpBindingSpec): Se }, }; } + +export function parseConfiguredAcpSessionKey( + sessionKey: string, +): { channel: ConfiguredAcpBindingChannel; accountId: string } | null { + const trimmed = sessionKey.trim(); + if (!trimmed.startsWith("agent:")) { + return null; + } + const rest = trimmed.slice(trimmed.indexOf(":") + 1); + const nextSeparator = rest.indexOf(":"); + if (nextSeparator === -1) { + return null; + } + const tokens = rest.slice(nextSeparator + 1).split(":"); + if (tokens.length !== 5 || tokens[0] !== "acp" || tokens[1] !== "binding") { + return null; + } + const channel = tokens[2]?.trim().toLowerCase(); + if (!channel) { + return null; + } + return { + channel: channel as ConfiguredAcpBindingChannel, + accountId: normalizeAccountId(tokens[3] ?? "default"), + }; +} + +export function resolveConfiguredAcpBindingSpecFromRecord( + record: SessionBindingRecord, +): ConfiguredAcpBindingSpec | null { + if (record.targetKind !== "session") { + return null; + } + const conversationId = record.conversation.conversationId.trim(); + if (!conversationId) { + return null; + } + const agentId = + normalizeText(record.metadata?.agentId) ?? + resolveAgentIdFromSessionKey(record.targetSessionKey); + if (!agentId) { + return null; + } + return { + channel: record.conversation.channel as ConfiguredAcpBindingChannel, + accountId: normalizeAccountId(record.conversation.accountId), + conversationId, + parentConversationId: normalizeText(record.conversation.parentConversationId), + agentId, + acpAgentId: normalizeText(record.metadata?.acpAgentId), + mode: normalizeMode(record.metadata?.mode), + cwd: normalizeText(record.metadata?.cwd), + backend: normalizeText(record.metadata?.backend), + label: normalizeText(record.metadata?.label), + }; +} + +export function toResolvedConfiguredAcpBinding( + record: SessionBindingRecord, +): ResolvedConfiguredAcpBinding | null { + const spec = resolveConfiguredAcpBindingSpecFromRecord(record); + if (!spec) { + return null; + } + return { + spec, + record, + }; +} diff --git a/src/acp/runtime/session-meta.test.ts b/src/acp/runtime/session-meta.test.ts index f9a0f399f81..b5279d6f0ac 100644 --- a/src/acp/runtime/session-meta.test.ts +++ b/src/acp/runtime/session-meta.test.ts @@ -22,10 +22,14 @@ vi.mock("../../config/sessions.js", async () => { }; }); -const { listAcpSessionEntries } = await import("./session-meta.js"); +type SessionMetaModule = typeof import("./session-meta.js"); + +let listAcpSessionEntries: SessionMetaModule["listAcpSessionEntries"]; describe("listAcpSessionEntries", () => { - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); + ({ listAcpSessionEntries } = await import("./session-meta.js")); vi.clearAllMocks(); }); diff --git a/src/acp/runtime/session-meta.ts b/src/acp/runtime/session-meta.ts index ff48d1e1ce6..fc94a1f0c05 100644 --- a/src/acp/runtime/session-meta.ts +++ b/src/acp/runtime/session-meta.ts @@ -165,6 +165,7 @@ export async function upsertAcpSessionMeta(params: { }, { activeSessionKey: sessionKey.toLowerCase(), + allowDropAcpMetaSessionKeys: [sessionKey], }, ); } diff --git a/src/acp/translator.session-rate-limit.test.ts b/src/acp/translator.session-rate-limit.test.ts index 3e3f254d0ee..162afe6160c 100644 --- a/src/acp/translator.session-rate-limit.test.ts +++ b/src/acp/translator.session-rate-limit.test.ts @@ -5,9 +5,10 @@ import type { SetSessionConfigOptionRequest, SetSessionModeRequest, } from "@agentclientprotocol/sdk"; -import { describe, expect, it, vi } from "vitest"; +import { beforeEach, describe, expect, it, vi } from "vitest"; import type { GatewayClient } from "../gateway/client.js"; import type { EventFrame } from "../gateway/protocol/index.js"; +import { resetProviderRuntimeHookCacheForTest } from "../plugins/provider-runtime.js"; import { createInMemorySessionStore } from "./session.js"; import { AcpGatewayAgent } from "./translator.js"; import { createAcpConnection, createAcpGateway } from "./translator.test-helpers.js"; @@ -119,6 +120,10 @@ async function expectOversizedPromptRejected(params: { sessionId: string; text: sessionStore.clearAllSessionsForTest(); } +beforeEach(() => { + resetProviderRuntimeHookCacheForTest(); +}); + describe("acp session creation rate limit", () => { it("rate limits excessive newSession bursts", async () => { const sessionStore = createInMemorySessionStore(); @@ -297,7 +302,15 @@ describe("acp session UX bridge behavior", () => { const result = await agent.loadSession(createLoadSessionRequest("agent:main:work")); expect(result.modes?.currentModeId).toBe("high"); - expect(result.modes?.availableModes.map((mode) => mode.id)).toContain("xhigh"); + expect(result.modes?.availableModes.map((mode) => mode.id)).toEqual([ + "off", + "minimal", + "low", + "medium", + "high", + "xhigh", + "adaptive", + ]); expect(result.configOptions).toEqual( expect.arrayContaining([ expect.objectContaining({ diff --git a/src/agents/agent-command.ts b/src/agents/agent-command.ts new file mode 100644 index 00000000000..5db40b13a27 --- /dev/null +++ b/src/agents/agent-command.ts @@ -0,0 +1,1333 @@ +import fs from "node:fs/promises"; +import { SessionManager } from "@mariozechner/pi-coding-agent"; +import { getAcpSessionManager } from "../acp/control-plane/manager.js"; +import { resolveAcpAgentPolicyError, resolveAcpDispatchPolicyError } from "../acp/policy.js"; +import { toAcpRuntimeError } from "../acp/runtime/errors.js"; +import { resolveAcpSessionCwd } from "../acp/runtime/session-identifiers.js"; +import { createSubsystemLogger } from "../logging/subsystem.js"; + +const log = createSubsystemLogger("agents/agent-command"); +import { normalizeReplyPayload } from "../auto-reply/reply/normalize-reply.js"; +import { + formatThinkingLevels, + formatXHighModelHint, + normalizeThinkLevel, + normalizeVerboseLevel, + supportsXHighThinking, + type ThinkLevel, + type VerboseLevel, +} from "../auto-reply/thinking.js"; +import { + isSilentReplyPrefixText, + isSilentReplyText, + SILENT_REPLY_TOKEN, +} from "../auto-reply/tokens.js"; +import { formatCliCommand } from "../cli/command-format.js"; +import { resolveCommandSecretRefsViaGateway } from "../cli/command-secret-gateway.js"; +import { getAgentRuntimeCommandSecretTargetIds } from "../cli/command-secret-targets.js"; +import { type CliDeps, createDefaultDeps } from "../cli/deps.js"; +import { + loadConfig, + readConfigFileSnapshotForWrite, + setRuntimeConfigSnapshot, +} from "../config/config.js"; +import { + mergeSessionEntry, + resolveAgentIdFromSessionKey, + type SessionEntry, + updateSessionStore, +} from "../config/sessions.js"; +import { resolveSessionTranscriptFile } from "../config/sessions/transcript.js"; +import { + clearAgentRunContext, + emitAgentEvent, + registerAgentRunContext, +} from "../infra/agent-events.js"; +import { buildOutboundSessionContext } from "../infra/outbound/session-context.js"; +import { getRemoteSkillEligibility } from "../infra/skills-remote.js"; +import { normalizeAgentId } from "../routing/session-key.js"; +import { defaultRuntime, type RuntimeEnv } from "../runtime.js"; +import { applyVerboseOverride } from "../sessions/level-overrides.js"; +import { applyModelOverrideToSessionEntry } from "../sessions/model-overrides.js"; +import { resolveSendPolicy } from "../sessions/send-policy.js"; +import { emitSessionTranscriptUpdate } from "../sessions/transcript-events.js"; +import { sanitizeForLog } from "../terminal/ansi.js"; +import { resolveMessageChannel } from "../utils/message-channel.js"; +import { + listAgentIds, + resolveAgentDir, + resolveEffectiveModelFallbacks, + resolveSessionAgentId, + resolveAgentSkillsFilter, + resolveAgentWorkspaceDir, +} from "./agent-scope.js"; +import { ensureAuthProfileStore } from "./auth-profiles.js"; +import { clearSessionAuthProfileOverride } from "./auth-profiles/session-override.js"; +import { resolveBootstrapWarningSignaturesSeen } from "./bootstrap-budget.js"; +import { runCliAgent } from "./cli-runner.js"; +import { getCliSessionId, setCliSessionId } from "./cli-session.js"; +import { deliverAgentCommandResult } from "./command/delivery.js"; +import { resolveAgentRunContext } from "./command/run-context.js"; +import { updateSessionStoreAfterAgentRun } from "./command/session-store.js"; +import { resolveSession } from "./command/session.js"; +import type { AgentCommandIngressOpts, AgentCommandOpts } from "./command/types.js"; +import { DEFAULT_MODEL, DEFAULT_PROVIDER } from "./defaults.js"; +import { FailoverError } from "./failover-error.js"; +import { formatAgentInternalEventsForPrompt } from "./internal-events.js"; +import { AGENT_LANE_SUBAGENT } from "./lanes.js"; +import { loadModelCatalog } from "./model-catalog.js"; +import { runWithModelFallback } from "./model-fallback.js"; +import { + buildAllowedModelSet, + isCliProvider, + modelKey, + normalizeModelRef, + normalizeProviderId, + parseModelRef, + resolveConfiguredModelRef, + resolveDefaultModelForAgent, + resolveThinkingDefault, +} from "./model-selection.js"; +import { prepareSessionManagerForRun } from "./pi-embedded-runner/session-manager-init.js"; +import { runEmbeddedPiAgent } from "./pi-embedded.js"; +import { buildWorkspaceSkillSnapshot } from "./skills.js"; +import { getSkillsSnapshotVersion } from "./skills/refresh.js"; +import { normalizeSpawnedRunMetadata } from "./spawned-context.js"; +import { resolveAgentTimeoutMs } from "./timeout.js"; +import { ensureAgentWorkspace } from "./workspace.js"; + +type PersistSessionEntryParams = { + sessionStore: Record; + sessionKey: string; + storePath: string; + entry: SessionEntry; +}; + +type OverrideFieldClearedByDelete = + | "providerOverride" + | "modelOverride" + | "authProfileOverride" + | "authProfileOverrideSource" + | "authProfileOverrideCompactionCount" + | "fallbackNoticeSelectedModel" + | "fallbackNoticeActiveModel" + | "fallbackNoticeReason" + | "claudeCliSessionId"; + +const OVERRIDE_FIELDS_CLEARED_BY_DELETE: OverrideFieldClearedByDelete[] = [ + "providerOverride", + "modelOverride", + "authProfileOverride", + "authProfileOverrideSource", + "authProfileOverrideCompactionCount", + "fallbackNoticeSelectedModel", + "fallbackNoticeActiveModel", + "fallbackNoticeReason", + "claudeCliSessionId", +]; + +const OVERRIDE_VALUE_MAX_LENGTH = 256; + +function containsControlCharacters(value: string): boolean { + for (const char of value) { + const code = char.codePointAt(0); + if (code === undefined) { + continue; + } + if (code <= 0x1f || (code >= 0x7f && code <= 0x9f)) { + return true; + } + } + return false; +} + +function normalizeExplicitOverrideInput(raw: string, kind: "provider" | "model"): string { + const trimmed = raw.trim(); + const label = kind === "provider" ? "Provider" : "Model"; + if (!trimmed) { + throw new Error(`${label} override must be non-empty.`); + } + if (trimmed.length > OVERRIDE_VALUE_MAX_LENGTH) { + throw new Error(`${label} override exceeds ${String(OVERRIDE_VALUE_MAX_LENGTH)} characters.`); + } + if (containsControlCharacters(trimmed)) { + throw new Error(`${label} override contains invalid control characters.`); + } + return trimmed; +} + +async function persistSessionEntry(params: PersistSessionEntryParams): Promise { + const persisted = await updateSessionStore(params.storePath, (store) => { + const merged = mergeSessionEntry(store[params.sessionKey], params.entry); + // Preserve explicit `delete` clears done by session override helpers. + for (const field of OVERRIDE_FIELDS_CLEARED_BY_DELETE) { + if (!Object.hasOwn(params.entry, field)) { + Reflect.deleteProperty(merged, field); + } + } + store[params.sessionKey] = merged; + return merged; + }); + params.sessionStore[params.sessionKey] = persisted; +} + +function resolveFallbackRetryPrompt(params: { body: string; isFallbackRetry: boolean }): string { + if (!params.isFallbackRetry) { + return params.body; + } + return "Continue where you left off. The previous model attempt failed or timed out."; +} + +function prependInternalEventContext( + body: string, + events: AgentCommandOpts["internalEvents"], +): string { + if (body.includes("OpenClaw runtime context (internal):")) { + return body; + } + const renderedEvents = formatAgentInternalEventsForPrompt(events); + if (!renderedEvents) { + return body; + } + return [renderedEvents, body].filter(Boolean).join("\n\n"); +} + +function createAcpVisibleTextAccumulator() { + let pendingSilentPrefix = ""; + let visibleText = ""; + const startsWithWordChar = (chunk: string): boolean => /^[\p{L}\p{N}]/u.test(chunk); + + const resolveNextCandidate = (base: string, chunk: string): string => { + if (!base) { + return chunk; + } + if ( + isSilentReplyText(base, SILENT_REPLY_TOKEN) && + !chunk.startsWith(base) && + startsWithWordChar(chunk) + ) { + return chunk; + } + // Some ACP backends emit cumulative snapshots even on text_delta-style hooks. + // Accept those only when they strictly extend the buffered text. + if (chunk.startsWith(base) && chunk.length > base.length) { + return chunk; + } + return `${base}${chunk}`; + }; + + const mergeVisibleChunk = (base: string, chunk: string): { text: string; delta: string } => { + if (!base) { + return { text: chunk, delta: chunk }; + } + if (chunk.startsWith(base) && chunk.length > base.length) { + const delta = chunk.slice(base.length); + return { text: chunk, delta }; + } + return { + text: `${base}${chunk}`, + delta: chunk, + }; + }; + + return { + consume(chunk: string): { text: string; delta: string } | null { + if (!chunk) { + return null; + } + + if (!visibleText) { + const leadCandidate = resolveNextCandidate(pendingSilentPrefix, chunk); + const trimmedLeadCandidate = leadCandidate.trim(); + if ( + isSilentReplyText(trimmedLeadCandidate, SILENT_REPLY_TOKEN) || + isSilentReplyPrefixText(trimmedLeadCandidate, SILENT_REPLY_TOKEN) + ) { + pendingSilentPrefix = leadCandidate; + return null; + } + if (pendingSilentPrefix) { + pendingSilentPrefix = ""; + visibleText = leadCandidate; + return { + text: visibleText, + delta: leadCandidate, + }; + } + } + + const nextVisible = mergeVisibleChunk(visibleText, chunk); + visibleText = nextVisible.text; + return nextVisible.delta ? nextVisible : null; + }, + finalize(): string { + return visibleText.trim(); + }, + finalizeRaw(): string { + return visibleText; + }, + }; +} + +const ACP_TRANSCRIPT_USAGE = { + input: 0, + output: 0, + cacheRead: 0, + cacheWrite: 0, + totalTokens: 0, + cost: { + input: 0, + output: 0, + cacheRead: 0, + cacheWrite: 0, + total: 0, + }, +} as const; + +async function persistAcpTurnTranscript(params: { + body: string; + finalText: string; + sessionId: string; + sessionKey: string; + sessionEntry: SessionEntry | undefined; + sessionStore?: Record; + storePath?: string; + sessionAgentId: string; + threadId?: string | number; + sessionCwd: string; +}): Promise { + const promptText = params.body; + const replyText = params.finalText; + if (!promptText && !replyText) { + return params.sessionEntry; + } + + const { sessionFile, sessionEntry } = await resolveSessionTranscriptFile({ + sessionId: params.sessionId, + sessionKey: params.sessionKey, + sessionEntry: params.sessionEntry, + sessionStore: params.sessionStore, + storePath: params.storePath, + agentId: params.sessionAgentId, + threadId: params.threadId, + }); + const hadSessionFile = await fs + .access(sessionFile) + .then(() => true) + .catch(() => false); + const sessionManager = SessionManager.open(sessionFile); + await prepareSessionManagerForRun({ + sessionManager, + sessionFile, + hadSessionFile, + sessionId: params.sessionId, + cwd: params.sessionCwd, + }); + + if (promptText) { + sessionManager.appendMessage({ + role: "user", + content: promptText, + timestamp: Date.now(), + }); + } + + if (replyText) { + sessionManager.appendMessage({ + role: "assistant", + content: [{ type: "text", text: replyText }], + api: "openai-responses", + provider: "openclaw", + model: "acp-runtime", + usage: ACP_TRANSCRIPT_USAGE, + stopReason: "stop", + timestamp: Date.now(), + }); + } + + emitSessionTranscriptUpdate(sessionFile); + return sessionEntry; +} + +function runAgentAttempt(params: { + providerOverride: string; + modelOverride: string; + cfg: ReturnType; + sessionEntry: SessionEntry | undefined; + sessionId: string; + sessionKey: string | undefined; + sessionAgentId: string; + sessionFile: string; + workspaceDir: string; + body: string; + isFallbackRetry: boolean; + resolvedThinkLevel: ThinkLevel; + timeoutMs: number; + runId: string; + opts: AgentCommandOpts & { senderIsOwner: boolean }; + runContext: ReturnType; + spawnedBy: string | undefined; + messageChannel: ReturnType; + skillsSnapshot: ReturnType | undefined; + resolvedVerboseLevel: VerboseLevel | undefined; + agentDir: string; + onAgentEvent: (evt: { stream: string; data?: Record }) => void; + authProfileProvider: string; + sessionStore?: Record; + storePath?: string; + allowTransientCooldownProbe?: boolean; +}) { + const effectivePrompt = resolveFallbackRetryPrompt({ + body: params.body, + isFallbackRetry: params.isFallbackRetry, + }); + const bootstrapPromptWarningSignaturesSeen = resolveBootstrapWarningSignaturesSeen( + params.sessionEntry?.systemPromptReport, + ); + const bootstrapPromptWarningSignature = + bootstrapPromptWarningSignaturesSeen[bootstrapPromptWarningSignaturesSeen.length - 1]; + if (isCliProvider(params.providerOverride, params.cfg)) { + const cliSessionId = getCliSessionId(params.sessionEntry, params.providerOverride); + const runCliWithSession = (nextCliSessionId: string | undefined) => + runCliAgent({ + sessionId: params.sessionId, + sessionKey: params.sessionKey, + agentId: params.sessionAgentId, + sessionFile: params.sessionFile, + workspaceDir: params.workspaceDir, + config: params.cfg, + prompt: effectivePrompt, + provider: params.providerOverride, + model: params.modelOverride, + thinkLevel: params.resolvedThinkLevel, + timeoutMs: params.timeoutMs, + runId: params.runId, + extraSystemPrompt: params.opts.extraSystemPrompt, + cliSessionId: nextCliSessionId, + bootstrapPromptWarningSignaturesSeen, + bootstrapPromptWarningSignature, + images: params.isFallbackRetry ? undefined : params.opts.images, + streamParams: params.opts.streamParams, + }); + return runCliWithSession(cliSessionId).catch(async (err) => { + // Handle CLI session expired error + if ( + err instanceof FailoverError && + err.reason === "session_expired" && + cliSessionId && + params.sessionKey && + params.sessionStore && + params.storePath + ) { + log.warn( + `CLI session expired, clearing from session store: provider=${sanitizeForLog(params.providerOverride)} sessionKey=${params.sessionKey}`, + ); + + // Clear the expired session ID from the session store + const entry = params.sessionStore[params.sessionKey]; + if (entry) { + const updatedEntry = { ...entry }; + if (params.providerOverride === "claude-cli") { + delete updatedEntry.claudeCliSessionId; + } + if (updatedEntry.cliSessionIds) { + const normalizedProvider = normalizeProviderId(params.providerOverride); + const newCliSessionIds = { ...updatedEntry.cliSessionIds }; + delete newCliSessionIds[normalizedProvider]; + updatedEntry.cliSessionIds = newCliSessionIds; + } + updatedEntry.updatedAt = Date.now(); + + await persistSessionEntry({ + sessionStore: params.sessionStore, + sessionKey: params.sessionKey, + storePath: params.storePath, + entry: updatedEntry, + }); + + // Update the session entry reference + params.sessionEntry = updatedEntry; + } + + // Retry with no session ID (will create a new session) + return runCliWithSession(undefined).then(async (result) => { + // Update session store with new CLI session ID if available + if ( + result.meta.agentMeta?.sessionId && + params.sessionKey && + params.sessionStore && + params.storePath + ) { + const entry = params.sessionStore[params.sessionKey]; + if (entry) { + const updatedEntry = { ...entry }; + setCliSessionId( + updatedEntry, + params.providerOverride, + result.meta.agentMeta.sessionId, + ); + updatedEntry.updatedAt = Date.now(); + + await persistSessionEntry({ + sessionStore: params.sessionStore, + sessionKey: params.sessionKey, + storePath: params.storePath, + entry: updatedEntry, + }); + } + } + return result; + }); + } + throw err; + }); + } + + const authProfileId = + params.providerOverride === params.authProfileProvider + ? params.sessionEntry?.authProfileOverride + : undefined; + return runEmbeddedPiAgent({ + sessionId: params.sessionId, + sessionKey: params.sessionKey, + agentId: params.sessionAgentId, + trigger: "user", + messageChannel: params.messageChannel, + agentAccountId: params.runContext.accountId, + messageTo: params.opts.replyTo ?? params.opts.to, + messageThreadId: params.opts.threadId, + groupId: params.runContext.groupId, + groupChannel: params.runContext.groupChannel, + groupSpace: params.runContext.groupSpace, + spawnedBy: params.spawnedBy, + currentChannelId: params.runContext.currentChannelId, + currentThreadTs: params.runContext.currentThreadTs, + replyToMode: params.runContext.replyToMode, + hasRepliedRef: params.runContext.hasRepliedRef, + senderIsOwner: params.opts.senderIsOwner, + sessionFile: params.sessionFile, + workspaceDir: params.workspaceDir, + config: params.cfg, + skillsSnapshot: params.skillsSnapshot, + prompt: effectivePrompt, + images: params.isFallbackRetry ? undefined : params.opts.images, + clientTools: params.opts.clientTools, + provider: params.providerOverride, + model: params.modelOverride, + authProfileId, + authProfileIdSource: authProfileId ? params.sessionEntry?.authProfileOverrideSource : undefined, + thinkLevel: params.resolvedThinkLevel, + verboseLevel: params.resolvedVerboseLevel, + timeoutMs: params.timeoutMs, + runId: params.runId, + lane: params.opts.lane, + abortSignal: params.opts.abortSignal, + extraSystemPrompt: params.opts.extraSystemPrompt, + inputProvenance: params.opts.inputProvenance, + streamParams: params.opts.streamParams, + agentDir: params.agentDir, + allowTransientCooldownProbe: params.allowTransientCooldownProbe, + onAgentEvent: params.onAgentEvent, + bootstrapPromptWarningSignaturesSeen, + bootstrapPromptWarningSignature, + }); +} + +async function prepareAgentCommandExecution( + opts: AgentCommandOpts & { senderIsOwner: boolean }, + runtime: RuntimeEnv, +) { + const message = opts.message ?? ""; + if (!message.trim()) { + throw new Error("Message (--message) is required"); + } + const body = prependInternalEventContext(message, opts.internalEvents); + if (!opts.to && !opts.sessionId && !opts.sessionKey && !opts.agentId) { + throw new Error("Pass --to , --session-id, or --agent to choose a session"); + } + + const loadedRaw = loadConfig(); + const sourceConfig = await (async () => { + try { + const { snapshot } = await readConfigFileSnapshotForWrite(); + if (snapshot.valid) { + return snapshot.resolved; + } + } catch { + // Fall back to runtime-loaded config when source snapshot is unavailable. + } + return loadedRaw; + })(); + const { resolvedConfig: cfg, diagnostics } = await resolveCommandSecretRefsViaGateway({ + config: loadedRaw, + commandName: "agent", + targetIds: getAgentRuntimeCommandSecretTargetIds(), + }); + setRuntimeConfigSnapshot(cfg, sourceConfig); + const normalizedSpawned = normalizeSpawnedRunMetadata({ + spawnedBy: opts.spawnedBy, + groupId: opts.groupId, + groupChannel: opts.groupChannel, + groupSpace: opts.groupSpace, + workspaceDir: opts.workspaceDir, + }); + for (const entry of diagnostics) { + runtime.log(`[secrets] ${entry}`); + } + const agentIdOverrideRaw = opts.agentId?.trim(); + const agentIdOverride = agentIdOverrideRaw ? normalizeAgentId(agentIdOverrideRaw) : undefined; + if (agentIdOverride) { + const knownAgents = listAgentIds(cfg); + if (!knownAgents.includes(agentIdOverride)) { + throw new Error( + `Unknown agent id "${agentIdOverrideRaw}". Use "${formatCliCommand("openclaw agents list")}" to see configured agents.`, + ); + } + } + if (agentIdOverride && opts.sessionKey) { + const sessionAgentId = resolveAgentIdFromSessionKey(opts.sessionKey); + if (sessionAgentId !== agentIdOverride) { + throw new Error( + `Agent id "${agentIdOverrideRaw}" does not match session key agent "${sessionAgentId}".`, + ); + } + } + const agentCfg = cfg.agents?.defaults; + const configuredModel = resolveConfiguredModelRef({ + cfg, + defaultProvider: DEFAULT_PROVIDER, + defaultModel: DEFAULT_MODEL, + }); + const thinkingLevelsHint = formatThinkingLevels(configuredModel.provider, configuredModel.model); + + const thinkOverride = normalizeThinkLevel(opts.thinking); + const thinkOnce = normalizeThinkLevel(opts.thinkingOnce); + if (opts.thinking && !thinkOverride) { + throw new Error(`Invalid thinking level. Use one of: ${thinkingLevelsHint}.`); + } + if (opts.thinkingOnce && !thinkOnce) { + throw new Error(`Invalid one-shot thinking level. Use one of: ${thinkingLevelsHint}.`); + } + + const verboseOverride = normalizeVerboseLevel(opts.verbose); + if (opts.verbose && !verboseOverride) { + throw new Error('Invalid verbose level. Use "on", "full", or "off".'); + } + + const laneRaw = typeof opts.lane === "string" ? opts.lane.trim() : ""; + const isSubagentLane = laneRaw === String(AGENT_LANE_SUBAGENT); + const timeoutSecondsRaw = + opts.timeout !== undefined + ? Number.parseInt(String(opts.timeout), 10) + : isSubagentLane + ? 0 + : undefined; + if ( + timeoutSecondsRaw !== undefined && + (Number.isNaN(timeoutSecondsRaw) || timeoutSecondsRaw < 0) + ) { + throw new Error("--timeout must be a non-negative integer (seconds; 0 means no timeout)"); + } + const timeoutMs = resolveAgentTimeoutMs({ + cfg, + overrideSeconds: timeoutSecondsRaw, + }); + + const sessionResolution = resolveSession({ + cfg, + to: opts.to, + sessionId: opts.sessionId, + sessionKey: opts.sessionKey, + agentId: agentIdOverride, + }); + + const { + sessionId, + sessionKey, + sessionEntry: sessionEntryRaw, + sessionStore, + storePath, + isNewSession, + persistedThinking, + persistedVerbose, + } = sessionResolution; + const sessionAgentId = + agentIdOverride ?? + resolveSessionAgentId({ + sessionKey: sessionKey ?? opts.sessionKey?.trim(), + config: cfg, + }); + const outboundSession = buildOutboundSessionContext({ + cfg, + agentId: sessionAgentId, + sessionKey, + }); + // Internal callers (for example subagent spawns) may pin workspace inheritance. + const workspaceDirRaw = + normalizedSpawned.workspaceDir ?? resolveAgentWorkspaceDir(cfg, sessionAgentId); + const agentDir = resolveAgentDir(cfg, sessionAgentId); + const workspace = await ensureAgentWorkspace({ + dir: workspaceDirRaw, + ensureBootstrapFiles: !agentCfg?.skipBootstrap, + }); + const workspaceDir = workspace.dir; + const runId = opts.runId?.trim() || sessionId; + const acpManager = getAcpSessionManager(); + const acpResolution = sessionKey + ? acpManager.resolveSession({ + cfg, + sessionKey, + }) + : null; + + return { + body, + cfg, + normalizedSpawned, + agentCfg, + thinkOverride, + thinkOnce, + verboseOverride, + timeoutMs, + sessionId, + sessionKey, + sessionEntry: sessionEntryRaw, + sessionStore, + storePath, + isNewSession, + persistedThinking, + persistedVerbose, + sessionAgentId, + outboundSession, + workspaceDir, + agentDir, + runId, + acpManager, + acpResolution, + }; +} + +async function agentCommandInternal( + opts: AgentCommandOpts & { senderIsOwner: boolean }, + runtime: RuntimeEnv = defaultRuntime, + deps: CliDeps = createDefaultDeps(), +) { + const prepared = await prepareAgentCommandExecution(opts, runtime); + const { + body, + cfg, + normalizedSpawned, + agentCfg, + thinkOverride, + thinkOnce, + verboseOverride, + timeoutMs, + sessionId, + sessionKey, + sessionStore, + storePath, + isNewSession, + persistedThinking, + persistedVerbose, + sessionAgentId, + outboundSession, + workspaceDir, + agentDir, + runId, + acpManager, + acpResolution, + } = prepared; + let sessionEntry = prepared.sessionEntry; + + try { + if (opts.deliver === true) { + const sendPolicy = resolveSendPolicy({ + cfg, + entry: sessionEntry, + sessionKey, + channel: sessionEntry?.channel, + chatType: sessionEntry?.chatType, + }); + if (sendPolicy === "deny") { + throw new Error("send blocked by session policy"); + } + } + + if (acpResolution?.kind === "stale") { + throw acpResolution.error; + } + + if (acpResolution?.kind === "ready" && sessionKey) { + const startedAt = Date.now(); + registerAgentRunContext(runId, { + sessionKey, + }); + emitAgentEvent({ + runId, + stream: "lifecycle", + data: { + phase: "start", + startedAt, + }, + }); + + const visibleTextAccumulator = createAcpVisibleTextAccumulator(); + let stopReason: string | undefined; + try { + const dispatchPolicyError = resolveAcpDispatchPolicyError(cfg); + if (dispatchPolicyError) { + throw dispatchPolicyError; + } + const acpAgent = normalizeAgentId( + acpResolution.meta.agent || resolveAgentIdFromSessionKey(sessionKey), + ); + const agentPolicyError = resolveAcpAgentPolicyError(cfg, acpAgent); + if (agentPolicyError) { + throw agentPolicyError; + } + + await acpManager.runTurn({ + cfg, + sessionKey, + text: body, + mode: "prompt", + requestId: runId, + signal: opts.abortSignal, + onEvent: (event) => { + if (event.type === "done") { + stopReason = event.stopReason; + return; + } + if (event.type !== "text_delta") { + return; + } + if (event.stream && event.stream !== "output") { + return; + } + if (!event.text) { + return; + } + const visibleUpdate = visibleTextAccumulator.consume(event.text); + if (!visibleUpdate) { + return; + } + emitAgentEvent({ + runId, + stream: "assistant", + data: { + text: visibleUpdate.text, + delta: visibleUpdate.delta, + }, + }); + }, + }); + } catch (error) { + const acpError = toAcpRuntimeError({ + error, + fallbackCode: "ACP_TURN_FAILED", + fallbackMessage: "ACP turn failed before completion.", + }); + emitAgentEvent({ + runId, + stream: "lifecycle", + data: { + phase: "error", + error: acpError.message, + endedAt: Date.now(), + }, + }); + throw acpError; + } + + emitAgentEvent({ + runId, + stream: "lifecycle", + data: { + phase: "end", + endedAt: Date.now(), + }, + }); + + const finalTextRaw = visibleTextAccumulator.finalizeRaw(); + const finalText = visibleTextAccumulator.finalize(); + try { + sessionEntry = await persistAcpTurnTranscript({ + body, + finalText: finalTextRaw, + sessionId, + sessionKey, + sessionEntry, + sessionStore, + storePath, + sessionAgentId, + threadId: opts.threadId, + sessionCwd: resolveAcpSessionCwd(acpResolution.meta) ?? workspaceDir, + }); + } catch (error) { + log.warn( + `ACP transcript persistence failed for ${sessionKey}: ${error instanceof Error ? error.message : String(error)}`, + ); + } + + const normalizedFinalPayload = normalizeReplyPayload({ + text: finalText, + }); + const payloads = normalizedFinalPayload ? [normalizedFinalPayload] : []; + const result = { + payloads, + meta: { + durationMs: Date.now() - startedAt, + aborted: opts.abortSignal?.aborted === true, + stopReason, + }, + }; + + return await deliverAgentCommandResult({ + cfg, + deps, + runtime, + opts, + outboundSession, + sessionEntry, + result, + payloads, + }); + } + + let resolvedThinkLevel = thinkOnce ?? thinkOverride ?? persistedThinking; + const resolvedVerboseLevel = + verboseOverride ?? persistedVerbose ?? (agentCfg?.verboseDefault as VerboseLevel | undefined); + + if (sessionKey) { + registerAgentRunContext(runId, { + sessionKey, + verboseLevel: resolvedVerboseLevel, + }); + } + + const needsSkillsSnapshot = isNewSession || !sessionEntry?.skillsSnapshot; + const skillsSnapshotVersion = getSkillsSnapshotVersion(workspaceDir); + const skillFilter = resolveAgentSkillsFilter(cfg, sessionAgentId); + const skillsSnapshot = needsSkillsSnapshot + ? buildWorkspaceSkillSnapshot(workspaceDir, { + config: cfg, + eligibility: { remote: getRemoteSkillEligibility() }, + snapshotVersion: skillsSnapshotVersion, + skillFilter, + }) + : sessionEntry?.skillsSnapshot; + + if (skillsSnapshot && sessionStore && sessionKey && needsSkillsSnapshot) { + const current = sessionEntry ?? { + sessionId, + updatedAt: Date.now(), + }; + const next: SessionEntry = { + ...current, + sessionId, + updatedAt: Date.now(), + skillsSnapshot, + }; + await persistSessionEntry({ + sessionStore, + sessionKey, + storePath, + entry: next, + }); + sessionEntry = next; + } + + // Persist explicit /command overrides to the session store when we have a key. + if (sessionStore && sessionKey) { + const entry = sessionStore[sessionKey] ?? + sessionEntry ?? { sessionId, updatedAt: Date.now() }; + const next: SessionEntry = { ...entry, sessionId, updatedAt: Date.now() }; + if (thinkOverride) { + next.thinkingLevel = thinkOverride; + } + applyVerboseOverride(next, verboseOverride); + await persistSessionEntry({ + sessionStore, + sessionKey, + storePath, + entry: next, + }); + sessionEntry = next; + } + + const configuredDefaultRef = resolveDefaultModelForAgent({ + cfg, + agentId: sessionAgentId, + }); + const { provider: defaultProvider, model: defaultModel } = normalizeModelRef( + configuredDefaultRef.provider, + configuredDefaultRef.model, + ); + let provider = defaultProvider; + let model = defaultModel; + const hasAllowlist = agentCfg?.models && Object.keys(agentCfg.models).length > 0; + const hasStoredOverride = Boolean( + sessionEntry?.modelOverride || sessionEntry?.providerOverride, + ); + const explicitProviderOverride = + typeof opts.provider === "string" + ? normalizeExplicitOverrideInput(opts.provider, "provider") + : undefined; + const explicitModelOverride = + typeof opts.model === "string" + ? normalizeExplicitOverrideInput(opts.model, "model") + : undefined; + const hasExplicitRunOverride = Boolean(explicitProviderOverride || explicitModelOverride); + if (hasExplicitRunOverride && opts.allowModelOverride !== true) { + throw new Error("Model override is not authorized for this caller."); + } + const needsModelCatalog = hasAllowlist || hasStoredOverride || hasExplicitRunOverride; + let allowedModelKeys = new Set(); + let allowedModelCatalog: Awaited> = []; + let modelCatalog: Awaited> | null = null; + let allowAnyModel = false; + + if (needsModelCatalog) { + modelCatalog = await loadModelCatalog({ config: cfg }); + const allowed = buildAllowedModelSet({ + cfg, + catalog: modelCatalog, + defaultProvider, + defaultModel, + agentId: sessionAgentId, + }); + allowedModelKeys = allowed.allowedKeys; + allowedModelCatalog = allowed.allowedCatalog; + allowAnyModel = allowed.allowAny ?? false; + } + + if (sessionEntry && sessionStore && sessionKey && hasStoredOverride) { + const entry = sessionEntry; + const overrideProvider = sessionEntry.providerOverride?.trim() || defaultProvider; + const overrideModel = sessionEntry.modelOverride?.trim(); + if (overrideModel) { + const normalizedOverride = normalizeModelRef(overrideProvider, overrideModel); + const key = modelKey(normalizedOverride.provider, normalizedOverride.model); + if ( + !isCliProvider(normalizedOverride.provider, cfg) && + !allowAnyModel && + !allowedModelKeys.has(key) + ) { + const { updated } = applyModelOverrideToSessionEntry({ + entry, + selection: { provider: defaultProvider, model: defaultModel, isDefault: true }, + }); + if (updated) { + await persistSessionEntry({ + sessionStore, + sessionKey, + storePath, + entry, + }); + } + } + } + } + + const storedProviderOverride = sessionEntry?.providerOverride?.trim(); + const storedModelOverride = sessionEntry?.modelOverride?.trim(); + if (storedModelOverride) { + const candidateProvider = storedProviderOverride || defaultProvider; + const normalizedStored = normalizeModelRef(candidateProvider, storedModelOverride); + const key = modelKey(normalizedStored.provider, normalizedStored.model); + if ( + isCliProvider(normalizedStored.provider, cfg) || + allowAnyModel || + allowedModelKeys.has(key) + ) { + provider = normalizedStored.provider; + model = normalizedStored.model; + } + } + const providerForAuthProfileValidation = provider; + if (hasExplicitRunOverride) { + const explicitRef = explicitModelOverride + ? explicitProviderOverride + ? normalizeModelRef(explicitProviderOverride, explicitModelOverride) + : parseModelRef(explicitModelOverride, provider) + : explicitProviderOverride + ? normalizeModelRef(explicitProviderOverride, model) + : null; + if (!explicitRef) { + throw new Error("Invalid model override."); + } + const explicitKey = modelKey(explicitRef.provider, explicitRef.model); + if ( + !isCliProvider(explicitRef.provider, cfg) && + !allowAnyModel && + !allowedModelKeys.has(explicitKey) + ) { + throw new Error( + `Model override "${sanitizeForLog(explicitRef.provider)}/${sanitizeForLog(explicitRef.model)}" is not allowed for agent "${sessionAgentId}".`, + ); + } + provider = explicitRef.provider; + model = explicitRef.model; + } + if (sessionEntry) { + const authProfileId = sessionEntry.authProfileOverride; + if (authProfileId) { + const entry = sessionEntry; + const store = ensureAuthProfileStore(); + const profile = store.profiles[authProfileId]; + if (!profile || profile.provider !== providerForAuthProfileValidation) { + if (sessionStore && sessionKey) { + await clearSessionAuthProfileOverride({ + sessionEntry: entry, + sessionStore, + sessionKey, + storePath, + }); + } + } + } + } + + if (!resolvedThinkLevel) { + let catalogForThinking = modelCatalog ?? allowedModelCatalog; + if (!catalogForThinking || catalogForThinking.length === 0) { + modelCatalog = await loadModelCatalog({ config: cfg }); + catalogForThinking = modelCatalog; + } + resolvedThinkLevel = resolveThinkingDefault({ + cfg, + provider, + model, + catalog: catalogForThinking, + }); + } + if (resolvedThinkLevel === "xhigh" && !supportsXHighThinking(provider, model)) { + const explicitThink = Boolean(thinkOnce || thinkOverride); + if (explicitThink) { + throw new Error(`Thinking level "xhigh" is only supported for ${formatXHighModelHint()}.`); + } + resolvedThinkLevel = "high"; + if (sessionEntry && sessionStore && sessionKey && sessionEntry.thinkingLevel === "xhigh") { + const entry = sessionEntry; + entry.thinkingLevel = "high"; + entry.updatedAt = Date.now(); + await persistSessionEntry({ + sessionStore, + sessionKey, + storePath, + entry, + }); + } + } + let sessionFile: string | undefined; + if (sessionStore && sessionKey) { + const resolvedSessionFile = await resolveSessionTranscriptFile({ + sessionId, + sessionKey, + sessionStore, + storePath, + sessionEntry, + agentId: sessionAgentId, + threadId: opts.threadId, + }); + sessionFile = resolvedSessionFile.sessionFile; + sessionEntry = resolvedSessionFile.sessionEntry; + } + if (!sessionFile) { + const resolvedSessionFile = await resolveSessionTranscriptFile({ + sessionId, + sessionKey: sessionKey ?? sessionId, + storePath, + sessionEntry, + agentId: sessionAgentId, + threadId: opts.threadId, + }); + sessionFile = resolvedSessionFile.sessionFile; + sessionEntry = resolvedSessionFile.sessionEntry; + } + + const startedAt = Date.now(); + let lifecycleEnded = false; + + let result: Awaited>; + let fallbackProvider = provider; + let fallbackModel = model; + try { + const runContext = resolveAgentRunContext(opts); + const messageChannel = resolveMessageChannel( + runContext.messageChannel, + opts.replyChannel ?? opts.channel, + ); + const spawnedBy = normalizedSpawned.spawnedBy ?? sessionEntry?.spawnedBy; + // Keep fallback candidate resolution centralized so session model overrides, + // per-agent overrides, and default fallbacks stay consistent across callers. + const effectiveFallbacksOverride = resolveEffectiveModelFallbacks({ + cfg, + agentId: sessionAgentId, + hasSessionModelOverride: Boolean(storedModelOverride), + }); + + // Track model fallback attempts so retries on an existing session don't + // re-inject the original prompt as a duplicate user message. + let fallbackAttemptIndex = 0; + const fallbackResult = await runWithModelFallback({ + cfg, + provider, + model, + runId, + agentDir, + fallbacksOverride: effectiveFallbacksOverride, + run: (providerOverride, modelOverride, runOptions) => { + const isFallbackRetry = fallbackAttemptIndex > 0; + fallbackAttemptIndex += 1; + return runAgentAttempt({ + providerOverride, + modelOverride, + cfg, + sessionEntry, + sessionId, + sessionKey, + sessionAgentId, + sessionFile, + workspaceDir, + body, + isFallbackRetry, + resolvedThinkLevel, + timeoutMs, + runId, + opts, + runContext, + spawnedBy, + messageChannel, + skillsSnapshot, + resolvedVerboseLevel, + agentDir, + authProfileProvider: providerForAuthProfileValidation, + sessionStore, + storePath, + allowTransientCooldownProbe: runOptions?.allowTransientCooldownProbe, + onAgentEvent: (evt) => { + // Track lifecycle end for fallback emission below. + if ( + evt.stream === "lifecycle" && + typeof evt.data?.phase === "string" && + (evt.data.phase === "end" || evt.data.phase === "error") + ) { + lifecycleEnded = true; + } + }, + }); + }, + }); + result = fallbackResult.result; + fallbackProvider = fallbackResult.provider; + fallbackModel = fallbackResult.model; + if (!lifecycleEnded) { + const stopReason = result.meta.stopReason; + if (stopReason && stopReason !== "end_turn") { + console.error(`[agent] run ${runId} ended with stopReason=${stopReason}`); + } + emitAgentEvent({ + runId, + stream: "lifecycle", + data: { + phase: "end", + startedAt, + endedAt: Date.now(), + aborted: result.meta.aborted ?? false, + stopReason, + }, + }); + } + } catch (err) { + if (!lifecycleEnded) { + emitAgentEvent({ + runId, + stream: "lifecycle", + data: { + phase: "error", + startedAt, + endedAt: Date.now(), + error: String(err), + }, + }); + } + throw err; + } + + // Update token+model fields in the session store. + if (sessionStore && sessionKey) { + await updateSessionStoreAfterAgentRun({ + cfg, + contextTokensOverride: agentCfg?.contextTokens, + sessionId, + sessionKey, + storePath, + sessionStore, + defaultProvider: provider, + defaultModel: model, + fallbackProvider, + fallbackModel, + result, + }); + } + + const payloads = result.payloads ?? []; + return await deliverAgentCommandResult({ + cfg, + deps, + runtime, + opts, + outboundSession, + sessionEntry, + result, + payloads, + }); + } finally { + clearAgentRunContext(runId); + } +} + +export async function agentCommand( + opts: AgentCommandOpts, + runtime: RuntimeEnv = defaultRuntime, + deps: CliDeps = createDefaultDeps(), +) { + return await agentCommandInternal( + { + ...opts, + // agentCommand is the trusted-operator entrypoint used by CLI/local flows. + // Ingress callers must opt into owner semantics explicitly via + // agentCommandFromIngress so network-facing paths cannot inherit this default by accident. + senderIsOwner: opts.senderIsOwner ?? true, + // Local/CLI callers are trusted by default for per-run model overrides. + allowModelOverride: opts.allowModelOverride ?? true, + }, + runtime, + deps, + ); +} + +export async function agentCommandFromIngress( + opts: AgentCommandIngressOpts, + runtime: RuntimeEnv = defaultRuntime, + deps: CliDeps = createDefaultDeps(), +) { + if (typeof opts.senderIsOwner !== "boolean") { + // HTTP/WS ingress must declare the trust level explicitly at the boundary. + // This keeps network-facing callers from silently picking up the local trusted default. + throw new Error("senderIsOwner must be explicitly set for ingress agent runs."); + } + if (typeof opts.allowModelOverride !== "boolean") { + throw new Error("allowModelOverride must be explicitly set for ingress agent runs."); + } + return await agentCommandInternal( + { + ...opts, + senderIsOwner: opts.senderIsOwner, + allowModelOverride: opts.allowModelOverride, + }, + runtime, + deps, + ); +} diff --git a/src/agents/auth-profiles.external-cli-sync.test.ts b/src/agents/auth-profiles.external-cli-sync.test.ts index 303b85b72d2..eae0fab70af 100644 --- a/src/agents/auth-profiles.external-cli-sync.test.ts +++ b/src/agents/auth-profiles.external-cli-sync.test.ts @@ -51,4 +51,40 @@ describe("syncExternalCliCredentials", () => { }); expect(store.profiles[CODEX_CLI_PROFILE_ID]).toBeUndefined(); }); + + it("refreshes stored Codex expiry from external CLI even when the cached profile looks fresh", () => { + const staleExpiry = Date.now() + 30 * 60_000; + const freshExpiry = Date.now() + 5 * 24 * 60 * 60_000; + mocks.readCodexCliCredentialsCached.mockReturnValue({ + type: "oauth", + provider: "openai-codex", + access: "new-access-token", + refresh: "new-refresh-token", + expires: freshExpiry, + accountId: "acct_456", + }); + + const store: AuthProfileStore = { + version: 1, + profiles: { + [OPENAI_CODEX_DEFAULT_PROFILE_ID]: { + type: "oauth", + provider: "openai-codex", + access: "old-access-token", + refresh: "old-refresh-token", + expires: staleExpiry, + accountId: "acct_456", + }, + }, + }; + + const mutated = syncExternalCliCredentials(store); + + expect(mutated).toBe(true); + expect(store.profiles[OPENAI_CODEX_DEFAULT_PROFILE_ID]).toMatchObject({ + access: "new-access-token", + refresh: "new-refresh-token", + expires: freshExpiry, + }); + }); }); diff --git a/src/agents/auth-profiles.runtime.ts b/src/agents/auth-profiles.runtime.ts index 5c25bb97c84..7e2da31c058 100644 --- a/src/agents/auth-profiles.runtime.ts +++ b/src/agents/auth-profiles.runtime.ts @@ -1 +1,9 @@ -export { ensureAuthProfileStore } from "./auth-profiles.js"; +import { ensureAuthProfileStore as ensureAuthProfileStoreImpl } from "./auth-profiles.js"; + +type EnsureAuthProfileStore = typeof import("./auth-profiles.js").ensureAuthProfileStore; + +export function ensureAuthProfileStore( + ...args: Parameters +): ReturnType { + return ensureAuthProfileStoreImpl(...args); +} diff --git a/src/agents/auth-profiles/external-cli-sync.ts b/src/agents/auth-profiles/external-cli-sync.ts index 7e490c97c94..ff43b586b48 100644 --- a/src/agents/auth-profiles/external-cli-sync.ts +++ b/src/agents/auth-profiles/external-cli-sync.ts @@ -4,13 +4,12 @@ import { readMiniMaxCliCredentialsCached, } from "../cli-credentials.js"; import { - EXTERNAL_CLI_NEAR_EXPIRY_MS, EXTERNAL_CLI_SYNC_TTL_MS, QWEN_CLI_PROFILE_ID, MINIMAX_CLI_PROFILE_ID, log, } from "./constants.js"; -import type { AuthProfileCredential, AuthProfileStore, OAuthCredential } from "./types.js"; +import type { AuthProfileStore, OAuthCredential } from "./types.js"; const OPENAI_CODEX_DEFAULT_PROFILE_ID = "openai-codex:default"; @@ -37,62 +36,33 @@ function shallowEqualOAuthCredentials(a: OAuthCredential | undefined, b: OAuthCr ); } -function isExternalProfileFresh(cred: AuthProfileCredential | undefined, now: number): boolean { - if (!cred) { - return false; - } - if (cred.type !== "oauth" && cred.type !== "token") { - return false; - } - if ( - cred.provider !== "qwen-portal" && - cred.provider !== "minimax-portal" && - cred.provider !== "openai-codex" - ) { - return false; - } - if (typeof cred.expires !== "number") { - return true; - } - return cred.expires > now + EXTERNAL_CLI_NEAR_EXPIRY_MS; -} - /** Sync external CLI credentials into the store for a given provider. */ function syncExternalCliCredentialsForProvider( store: AuthProfileStore, profileId: string, provider: string, readCredentials: () => OAuthCredential | null, - now: number, options: ExternalCliSyncOptions, ): boolean { const existing = store.profiles[profileId]; - const shouldSync = - !existing || existing.provider !== provider || !isExternalProfileFresh(existing, now); - const creds = shouldSync ? readCredentials() : null; + const creds = readCredentials(); if (!creds) { return false; } const existingOAuth = existing?.type === "oauth" ? existing : undefined; - const shouldUpdate = - !existingOAuth || - existingOAuth.provider !== provider || - existingOAuth.expires <= now || - creds.expires > existingOAuth.expires; - - if (shouldUpdate && !shallowEqualOAuthCredentials(existingOAuth, creds)) { - store.profiles[profileId] = creds; - if (options.log !== false) { - log.info(`synced ${provider} credentials from external cli`, { - profileId, - expires: new Date(creds.expires).toISOString(), - }); - } - return true; + if (shallowEqualOAuthCredentials(existingOAuth, creds)) { + return false; } - return false; + store.profiles[profileId] = creds; + if (options.log !== false) { + log.info(`synced ${provider} credentials from external cli`, { + profileId, + expires: new Date(creds.expires).toISOString(), + }); + } + return true; } /** @@ -106,46 +76,24 @@ export function syncExternalCliCredentials( options: ExternalCliSyncOptions = {}, ): boolean { let mutated = false; - const now = Date.now(); - // Sync from Qwen Code CLI - const existingQwen = store.profiles[QWEN_CLI_PROFILE_ID]; - const shouldSyncQwen = - !existingQwen || - existingQwen.provider !== "qwen-portal" || - !isExternalProfileFresh(existingQwen, now); - const qwenCreds = shouldSyncQwen - ? readQwenCliCredentialsCached({ ttlMs: EXTERNAL_CLI_SYNC_TTL_MS }) - : null; - if (qwenCreds) { - const existing = store.profiles[QWEN_CLI_PROFILE_ID]; - const existingOAuth = existing?.type === "oauth" ? existing : undefined; - const shouldUpdate = - !existingOAuth || - existingOAuth.provider !== "qwen-portal" || - existingOAuth.expires <= now || - qwenCreds.expires > existingOAuth.expires; - - if (shouldUpdate && !shallowEqualOAuthCredentials(existingOAuth, qwenCreds)) { - store.profiles[QWEN_CLI_PROFILE_ID] = qwenCreds; - mutated = true; - if (options.log !== false) { - log.info("synced qwen credentials from qwen cli", { - profileId: QWEN_CLI_PROFILE_ID, - expires: new Date(qwenCreds.expires).toISOString(), - }); - } - } + if ( + syncExternalCliCredentialsForProvider( + store, + QWEN_CLI_PROFILE_ID, + "qwen-portal", + () => readQwenCliCredentialsCached({ ttlMs: EXTERNAL_CLI_SYNC_TTL_MS }), + options, + ) + ) { + mutated = true; } - - // Sync from MiniMax Portal CLI if ( syncExternalCliCredentialsForProvider( store, MINIMAX_CLI_PROFILE_ID, "minimax-portal", () => readMiniMaxCliCredentialsCached({ ttlMs: EXTERNAL_CLI_SYNC_TTL_MS }), - now, options, ) ) { @@ -157,7 +105,6 @@ export function syncExternalCliCredentials( OPENAI_CODEX_DEFAULT_PROFILE_ID, "openai-codex", () => readCodexCliCredentialsCached({ ttlMs: EXTERNAL_CLI_SYNC_TTL_MS }), - now, options, ) ) { diff --git a/src/agents/bash-tools.exec-host-gateway.ts b/src/agents/bash-tools.exec-host-gateway.ts index 149a4785dd5..4a0223af7a4 100644 --- a/src/agents/bash-tools.exec-host-gateway.ts +++ b/src/agents/bash-tools.exec-host-gateway.ts @@ -40,6 +40,7 @@ export type ProcessGatewayAllowlistParams = { command: string; workdir: string; env: Record; + requestedEnv?: Record; pty: boolean; timeoutSec?: number; defaultTimeoutSec: number; @@ -152,6 +153,7 @@ export async function processGatewayAllowlist( await registerExecApprovalRequestForHostOrThrow({ approvalId, command: params.command, + env: params.requestedEnv, workdir: params.workdir, host: "gateway", security: hostSecurity, diff --git a/src/agents/bash-tools.exec.ts b/src/agents/bash-tools.exec.ts index 8a0bd30907a..5fe0f7deac4 100644 --- a/src/agents/bash-tools.exec.ts +++ b/src/agents/bash-tools.exec.ts @@ -429,6 +429,7 @@ export function createExecTool( command: params.command, workdir, env, + requestedEnv: params.env, pty: params.pty === true && !sandbox, timeoutSec: params.timeout, defaultTimeoutSec, diff --git a/src/agents/bootstrap-budget.test.ts b/src/agents/bootstrap-budget.test.ts index bee7a2d9036..a4d65cc964c 100644 --- a/src/agents/bootstrap-budget.test.ts +++ b/src/agents/bootstrap-budget.test.ts @@ -6,8 +6,10 @@ import { buildBootstrapTruncationReportMeta, buildBootstrapTruncationSignature, formatBootstrapTruncationWarningLines, + prependBootstrapPromptWarning, resolveBootstrapWarningSignaturesSeen, } from "./bootstrap-budget.js"; +import { buildAgentSystemPrompt } from "./system-prompt.js"; import type { WorkspaceBootstrapFile } from "./workspace.js"; describe("buildBootstrapInjectionStats", () => { @@ -104,6 +106,34 @@ describe("analyzeBootstrapBudget", () => { }); describe("bootstrap prompt warnings", () => { + it("prepends warning details to the turn prompt instead of mutating the system prompt", () => { + const prompt = prependBootstrapPromptWarning("Please continue.", [ + "AGENTS.md: 200 raw -> 0 injected", + ]); + expect(prompt).toContain("[Bootstrap truncation warning]"); + expect(prompt).toContain("Treat Project Context as partial"); + expect(prompt).toContain("- AGENTS.md: 200 raw -> 0 injected"); + expect(prompt).toContain("Please continue."); + }); + + it("preserves raw prompt whitespace when prepending warning details", () => { + const prompt = prependBootstrapPromptWarning(" indented\nkeep tail ", [ + "AGENTS.md: 200 raw -> 0 injected", + ]); + + expect(prompt.endsWith(" indented\nkeep tail ")).toBe(true); + }); + + it("preserves exact heartbeat prompts without warning prefixes", () => { + const heartbeatPrompt = "Read HEARTBEAT.md. Reply HEARTBEAT_OK."; + + expect( + prependBootstrapPromptWarning(heartbeatPrompt, ["AGENTS.md: 200 raw -> 0 injected"], { + preserveExactPrompt: heartbeatPrompt, + }), + ).toBe(heartbeatPrompt); + }); + it("resolves seen signatures from report history or legacy single signature", () => { expect( resolveBootstrapWarningSignaturesSeen({ @@ -394,4 +424,35 @@ describe("bootstrap prompt warnings", () => { expect(meta.promptWarningSignature).toBeTruthy(); expect(meta.warningSignaturesSeen?.length).toBeGreaterThan(0); }); + + it("improves cache-relevant system prompt stability versus legacy warning injection", () => { + const contextFiles = [{ path: "AGENTS.md", content: "Follow AGENTS guidance." }]; + const warningLines = ["AGENTS.md: 200 raw -> 0 injected"]; + const stableSystemPrompt = buildAgentSystemPrompt({ + workspaceDir: "/tmp/openclaw", + contextFiles, + }); + const optimizedTurns = [stableSystemPrompt, stableSystemPrompt, stableSystemPrompt]; + const injectLegacyWarning = (prompt: string, lines: string[]) => { + const warningBlock = [ + "⚠ Bootstrap truncation warning:", + ...lines.map((line) => `- ${line}`), + "", + ].join("\n"); + return prompt.replace("## AGENTS.md", `${warningBlock}## AGENTS.md`); + }; + const legacyTurns = [ + injectLegacyWarning(optimizedTurns[0] ?? "", warningLines), + optimizedTurns[1] ?? "", + injectLegacyWarning(optimizedTurns[2] ?? "", warningLines), + ]; + const cacheHitRate = (turns: string[]) => { + const hits = turns.slice(1).filter((turn, index) => turn === turns[index]).length; + return hits / Math.max(1, turns.length - 1); + }; + + expect(cacheHitRate(legacyTurns)).toBe(0); + expect(cacheHitRate(optimizedTurns)).toBe(1); + expect(optimizedTurns[0]).not.toContain("⚠ Bootstrap truncation warning:"); + }); }); diff --git a/src/agents/bootstrap-budget.ts b/src/agents/bootstrap-budget.ts index ddfd4fb5d06..4d5c3ff6f58 100644 --- a/src/agents/bootstrap-budget.ts +++ b/src/agents/bootstrap-budget.ts @@ -330,6 +330,29 @@ export function buildBootstrapPromptWarning(params: { }; } +export function prependBootstrapPromptWarning( + prompt: string, + warningLines?: string[], + options?: { + preserveExactPrompt?: string; + }, +): string { + const normalizedLines = (warningLines ?? []).map((line) => line.trim()).filter(Boolean); + if (normalizedLines.length === 0) { + return prompt; + } + if (options?.preserveExactPrompt && prompt === options.preserveExactPrompt) { + return prompt; + } + const warningBlock = [ + "[Bootstrap truncation warning]", + "Some workspace bootstrap files were truncated before injection.", + "Treat Project Context as partial and read the relevant files directly if details seem missing.", + ...normalizedLines.map((line) => `- ${line}`), + ].join("\n"); + return prompt ? `${warningBlock}\n\n${prompt}` : warningBlock; +} + export function buildBootstrapTruncationReportMeta(params: { analysis: BootstrapBudgetAnalysis; warningMode: BootstrapPromptWarningMode; diff --git a/src/agents/chutes-models.test.ts b/src/agents/chutes-models.test.ts new file mode 100644 index 00000000000..66bafde50ad --- /dev/null +++ b/src/agents/chutes-models.test.ts @@ -0,0 +1,320 @@ +import { describe, expect, it, vi, beforeEach } from "vitest"; +import { + buildChutesModelDefinition, + CHUTES_MODEL_CATALOG, + discoverChutesModels, + clearChutesModelCache, +} from "./chutes-models.js"; + +describe("chutes-models", () => { + beforeEach(() => { + clearChutesModelCache(); + }); + + it("buildChutesModelDefinition returns config with required fields", () => { + const entry = CHUTES_MODEL_CATALOG[0]; + const def = buildChutesModelDefinition(entry); + expect(def.id).toBe(entry.id); + expect(def.name).toBe(entry.name); + expect(def.reasoning).toBe(entry.reasoning); + expect(def.input).toEqual(entry.input); + expect(def.cost).toEqual(entry.cost); + expect(def.contextWindow).toBe(entry.contextWindow); + expect(def.maxTokens).toBe(entry.maxTokens); + expect(def.compat?.supportsUsageInStreaming).toBe(false); + }); + + it("discoverChutesModels returns static catalog when accessToken is empty", async () => { + const models = await discoverChutesModels(""); + expect(models).toHaveLength(CHUTES_MODEL_CATALOG.length); + expect(models.map((m) => m.id)).toEqual(CHUTES_MODEL_CATALOG.map((m) => m.id)); + }); + + it("discoverChutesModels returns static catalog in test env by default", async () => { + const models = await discoverChutesModels("test-token"); + expect(models).toHaveLength(CHUTES_MODEL_CATALOG.length); + expect(models[0]?.id).toBe("Qwen/Qwen3-32B"); + }); + + it("discoverChutesModels correctly maps API response when not in test env", async () => { + const oldNodeEnv = process.env.NODE_ENV; + const oldVitest = process.env.VITEST; + delete process.env.NODE_ENV; + delete process.env.VITEST; + + const mockFetch = vi.fn().mockResolvedValue({ + ok: true, + json: async () => ({ + data: [ + { id: "zai-org/GLM-4.7-TEE" }, + { + id: "new-provider/new-model-r1", + supported_features: ["reasoning"], + input_modalities: ["text", "image"], + context_length: 200000, + max_output_length: 16384, + pricing: { prompt: 0.1, completion: 0.2 }, + }, + { id: "new-provider/simple-model" }, + ], + }), + }); + vi.stubGlobal("fetch", mockFetch); + + try { + const models = await discoverChutesModels("test-token-real-fetch"); + expect(models.length).toBeGreaterThan(0); + if (models.length === 3) { + expect(models[0]?.id).toBe("zai-org/GLM-4.7-TEE"); + expect(models[1]?.reasoning).toBe(true); + expect(models[1]?.compat?.supportsUsageInStreaming).toBe(false); + } + } finally { + process.env.NODE_ENV = oldNodeEnv; + process.env.VITEST = oldVitest; + vi.unstubAllGlobals(); + } + }); + + it("discoverChutesModels retries without auth on 401", async () => { + const oldNodeEnv = process.env.NODE_ENV; + const oldVitest = process.env.VITEST; + delete process.env.NODE_ENV; + delete process.env.VITEST; + + const mockFetch = vi.fn().mockImplementation((url, init) => { + if (init?.headers?.Authorization === "Bearer test-token-error") { + // pragma: allowlist secret + return Promise.resolve({ + ok: false, + status: 401, + }); + } + return Promise.resolve({ + ok: true, + json: async () => ({ + data: [ + { + id: "Qwen/Qwen3-32B", + name: "Qwen/Qwen3-32B", + supported_features: ["reasoning"], + input_modalities: ["text"], + context_length: 40960, + max_output_length: 40960, + pricing: { prompt: 0.08, completion: 0.24 }, + }, + { + id: "unsloth/Mistral-Nemo-Instruct-2407", + name: "unsloth/Mistral-Nemo-Instruct-2407", + input_modalities: ["text"], + context_length: 131072, + max_output_length: 131072, + pricing: { prompt: 0.02, completion: 0.04 }, + }, + { + id: "deepseek-ai/DeepSeek-V3-0324-TEE", + name: "deepseek-ai/DeepSeek-V3-0324-TEE", + supported_features: ["reasoning"], + input_modalities: ["text"], + context_length: 131072, + max_output_length: 65536, + pricing: { prompt: 0.28, completion: 0.42 }, + }, + ], + }), + }); + }); + vi.stubGlobal("fetch", mockFetch); + + try { + const models = await discoverChutesModels("test-token-error"); + expect(models.length).toBeGreaterThan(0); + expect(mockFetch).toHaveBeenCalled(); + } finally { + process.env.NODE_ENV = oldNodeEnv; + process.env.VITEST = oldVitest; + vi.unstubAllGlobals(); + } + }); + + it("caches fallback static catalog for non-OK responses", async () => { + const oldNodeEnv = process.env.NODE_ENV; + const oldVitest = process.env.VITEST; + delete process.env.NODE_ENV; + delete process.env.VITEST; + + const mockFetch = vi.fn().mockResolvedValue({ + ok: false, + status: 503, + }); + vi.stubGlobal("fetch", mockFetch); + + try { + const first = await discoverChutesModels("chutes-fallback-token"); + const second = await discoverChutesModels("chutes-fallback-token"); + expect(first.map((m) => m.id)).toEqual(CHUTES_MODEL_CATALOG.map((m) => m.id)); + expect(second.map((m) => m.id)).toEqual(CHUTES_MODEL_CATALOG.map((m) => m.id)); + expect(mockFetch).toHaveBeenCalledTimes(1); + } finally { + process.env.NODE_ENV = oldNodeEnv; + process.env.VITEST = oldVitest; + vi.unstubAllGlobals(); + } + }); + + it("scopes discovery cache by access token", async () => { + const oldNodeEnv = process.env.NODE_ENV; + const oldVitest = process.env.VITEST; + delete process.env.NODE_ENV; + delete process.env.VITEST; + + const mockFetch = vi + .fn() + .mockImplementation((_url, init?: { headers?: Record }) => { + const auth = init?.headers?.Authorization; + if (auth === "Bearer chutes-token-a") { + return Promise.resolve({ + ok: true, + json: async () => ({ + data: [{ id: "private/model-a" }], + }), + }); + } + if (auth === "Bearer chutes-token-b") { + return Promise.resolve({ + ok: true, + json: async () => ({ + data: [{ id: "private/model-b" }], + }), + }); + } + return Promise.resolve({ + ok: true, + json: async () => ({ + data: [{ id: "public/model" }], + }), + }); + }); + vi.stubGlobal("fetch", mockFetch); + + try { + const modelsA = await discoverChutesModels("chutes-token-a"); + const modelsB = await discoverChutesModels("chutes-token-b"); + const modelsASecond = await discoverChutesModels("chutes-token-a"); + expect(modelsA[0]?.id).toBe("private/model-a"); + expect(modelsB[0]?.id).toBe("private/model-b"); + expect(modelsASecond[0]?.id).toBe("private/model-a"); + // One request per token, then cache hit for the repeated token-a call. + expect(mockFetch).toHaveBeenCalledTimes(2); + } finally { + process.env.NODE_ENV = oldNodeEnv; + process.env.VITEST = oldVitest; + vi.unstubAllGlobals(); + } + }); + + it("evicts oldest token entries when cache reaches max size", async () => { + const oldNodeEnv = process.env.NODE_ENV; + const oldVitest = process.env.VITEST; + delete process.env.NODE_ENV; + delete process.env.VITEST; + + const mockFetch = vi + .fn() + .mockImplementation((_url, init?: { headers?: Record }) => { + const auth = init?.headers?.Authorization ?? ""; + return Promise.resolve({ + ok: true, + json: async () => ({ + data: [{ id: auth ? `${auth}-model` : "public-model" }], + }), + }); + }); + vi.stubGlobal("fetch", mockFetch); + + try { + for (let i = 0; i < 150; i += 1) { + await discoverChutesModels(`cache-token-${i}`); + } + + // The oldest key should have been evicted once we exceed the cap. + await discoverChutesModels("cache-token-0"); + expect(mockFetch).toHaveBeenCalledTimes(151); + } finally { + process.env.NODE_ENV = oldNodeEnv; + process.env.VITEST = oldVitest; + vi.unstubAllGlobals(); + } + }); + + it("prunes expired token cache entries during subsequent discovery", async () => { + const oldNodeEnv = process.env.NODE_ENV; + const oldVitest = process.env.VITEST; + delete process.env.NODE_ENV; + delete process.env.VITEST; + vi.useFakeTimers(); + vi.setSystemTime(new Date("2026-03-01T00:00:00.000Z")); + + const mockFetch = vi + .fn() + .mockImplementation((_url, init?: { headers?: Record }) => { + const auth = init?.headers?.Authorization ?? ""; + return Promise.resolve({ + ok: true, + json: async () => ({ + data: [{ id: auth ? `${auth}-model` : "public-model" }], + }), + }); + }); + vi.stubGlobal("fetch", mockFetch); + + try { + await discoverChutesModels("token-a"); + vi.advanceTimersByTime(5 * 60 * 1000 + 1); + await discoverChutesModels("token-b"); + await discoverChutesModels("token-a"); + expect(mockFetch).toHaveBeenCalledTimes(3); + } finally { + process.env.NODE_ENV = oldNodeEnv; + process.env.VITEST = oldVitest; + vi.unstubAllGlobals(); + vi.useRealTimers(); + } + }); + + it("does not cache 401 fallback under the failed token key", async () => { + const oldNodeEnv = process.env.NODE_ENV; + const oldVitest = process.env.VITEST; + delete process.env.NODE_ENV; + delete process.env.VITEST; + + const mockFetch = vi + .fn() + .mockImplementation((_url, init?: { headers?: Record }) => { + if (init?.headers?.Authorization === "Bearer failed-token") { + return Promise.resolve({ + ok: false, + status: 401, + }); + } + return Promise.resolve({ + ok: true, + json: async () => ({ + data: [{ id: "public/model" }], + }), + }); + }); + vi.stubGlobal("fetch", mockFetch); + + try { + await discoverChutesModels("failed-token"); + await discoverChutesModels("failed-token"); + // Two calls each perform: authenticated attempt (401) + public fallback. + expect(mockFetch).toHaveBeenCalledTimes(4); + } finally { + process.env.NODE_ENV = oldNodeEnv; + process.env.VITEST = oldVitest; + vi.unstubAllGlobals(); + } + }); +}); diff --git a/src/agents/chutes-models.ts b/src/agents/chutes-models.ts new file mode 100644 index 00000000000..585723e3adc --- /dev/null +++ b/src/agents/chutes-models.ts @@ -0,0 +1,639 @@ +import type { ModelDefinitionConfig } from "../config/types.models.js"; +import { createSubsystemLogger } from "../logging/subsystem.js"; + +const log = createSubsystemLogger("chutes-models"); + +/** Chutes.ai OpenAI-compatible API base URL. */ +export const CHUTES_BASE_URL = "https://llm.chutes.ai/v1"; + +export const CHUTES_DEFAULT_MODEL_ID = "zai-org/GLM-4.7-TEE"; +export const CHUTES_DEFAULT_MODEL_REF = `chutes/${CHUTES_DEFAULT_MODEL_ID}`; + +/** Default cost for Chutes models (actual cost varies by model and compute). */ +export const CHUTES_DEFAULT_COST = { + input: 0, + output: 0, + cacheRead: 0, + cacheWrite: 0, +}; + +/** Default context window and max tokens for discovered models. */ +const CHUTES_DEFAULT_CONTEXT_WINDOW = 128000; +const CHUTES_DEFAULT_MAX_TOKENS = 4096; + +/** + * Static catalog of popular Chutes models. + * Used as a fallback and for initial onboarding allowlisting. + */ +export const CHUTES_MODEL_CATALOG: ModelDefinitionConfig[] = [ + { + id: "Qwen/Qwen3-32B", + name: "Qwen/Qwen3-32B", + reasoning: true, + input: ["text"], + contextWindow: 40960, + maxTokens: 40960, + cost: { input: 0.08, output: 0.24, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "unsloth/Mistral-Nemo-Instruct-2407", + name: "unsloth/Mistral-Nemo-Instruct-2407", + reasoning: false, + input: ["text"], + contextWindow: 131072, + maxTokens: 131072, + cost: { input: 0.02, output: 0.04, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "deepseek-ai/DeepSeek-V3-0324-TEE", + name: "deepseek-ai/DeepSeek-V3-0324-TEE", + reasoning: true, + input: ["text"], + contextWindow: 163840, + maxTokens: 65536, + cost: { input: 0.25, output: 1, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "Qwen/Qwen3-235B-A22B-Instruct-2507-TEE", + name: "Qwen/Qwen3-235B-A22B-Instruct-2507-TEE", + reasoning: true, + input: ["text"], + contextWindow: 262144, + maxTokens: 65536, + cost: { input: 0.08, output: 0.55, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "openai/gpt-oss-120b-TEE", + name: "openai/gpt-oss-120b-TEE", + reasoning: true, + input: ["text"], + contextWindow: 131072, + maxTokens: 65536, + cost: { input: 0.05, output: 0.45, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "chutesai/Mistral-Small-3.1-24B-Instruct-2503", + name: "chutesai/Mistral-Small-3.1-24B-Instruct-2503", + reasoning: false, + input: ["text", "image"], + contextWindow: 131072, + maxTokens: 131072, + cost: { input: 0.03, output: 0.11, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "deepseek-ai/DeepSeek-V3.2-TEE", + name: "deepseek-ai/DeepSeek-V3.2-TEE", + reasoning: true, + input: ["text"], + contextWindow: 131072, + maxTokens: 65536, + cost: { input: 0.28, output: 0.42, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "zai-org/GLM-4.7-TEE", + name: "zai-org/GLM-4.7-TEE", + reasoning: true, + input: ["text"], + contextWindow: 202752, + maxTokens: 65535, + cost: { input: 0.4, output: 2, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "moonshotai/Kimi-K2.5-TEE", + name: "moonshotai/Kimi-K2.5-TEE", + reasoning: true, + input: ["text", "image"], + contextWindow: 262144, + maxTokens: 65535, + cost: { input: 0.45, output: 2.2, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "unsloth/gemma-3-27b-it", + name: "unsloth/gemma-3-27b-it", + reasoning: false, + input: ["text", "image"], + contextWindow: 128000, + maxTokens: 65536, + cost: { input: 0.04, output: 0.15, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "XiaomiMiMo/MiMo-V2-Flash-TEE", + name: "XiaomiMiMo/MiMo-V2-Flash-TEE", + reasoning: true, + input: ["text"], + contextWindow: 262144, + maxTokens: 65536, + cost: { input: 0.09, output: 0.29, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "chutesai/Mistral-Small-3.2-24B-Instruct-2506", + name: "chutesai/Mistral-Small-3.2-24B-Instruct-2506", + reasoning: false, + input: ["text", "image"], + contextWindow: 131072, + maxTokens: 131072, + cost: { input: 0.06, output: 0.18, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "deepseek-ai/DeepSeek-R1-0528-TEE", + name: "deepseek-ai/DeepSeek-R1-0528-TEE", + reasoning: true, + input: ["text"], + contextWindow: 163840, + maxTokens: 65536, + cost: { input: 0.45, output: 2.15, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "zai-org/GLM-5-TEE", + name: "zai-org/GLM-5-TEE", + reasoning: true, + input: ["text"], + contextWindow: 202752, + maxTokens: 65535, + cost: { input: 0.95, output: 3.15, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "deepseek-ai/DeepSeek-V3.1-TEE", + name: "deepseek-ai/DeepSeek-V3.1-TEE", + reasoning: true, + input: ["text"], + contextWindow: 163840, + maxTokens: 65536, + cost: { input: 0.2, output: 0.8, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "deepseek-ai/DeepSeek-V3.1-Terminus-TEE", + name: "deepseek-ai/DeepSeek-V3.1-Terminus-TEE", + reasoning: true, + input: ["text"], + contextWindow: 163840, + maxTokens: 65536, + cost: { input: 0.23, output: 0.9, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "unsloth/gemma-3-4b-it", + name: "unsloth/gemma-3-4b-it", + reasoning: false, + input: ["text", "image"], + contextWindow: 96000, + maxTokens: 96000, + cost: { input: 0.01, output: 0.03, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "MiniMaxAI/MiniMax-M2.5-TEE", + name: "MiniMaxAI/MiniMax-M2.5-TEE", + reasoning: true, + input: ["text"], + contextWindow: 196608, + maxTokens: 65536, + cost: { input: 0.3, output: 1.1, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "tngtech/DeepSeek-TNG-R1T2-Chimera", + name: "tngtech/DeepSeek-TNG-R1T2-Chimera", + reasoning: true, + input: ["text"], + contextWindow: 163840, + maxTokens: 163840, + cost: { input: 0.25, output: 0.85, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "Qwen/Qwen3-Coder-Next-TEE", + name: "Qwen/Qwen3-Coder-Next-TEE", + reasoning: true, + input: ["text"], + contextWindow: 262144, + maxTokens: 65536, + cost: { input: 0.12, output: 0.75, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "NousResearch/Hermes-4-405B-FP8-TEE", + name: "NousResearch/Hermes-4-405B-FP8-TEE", + reasoning: true, + input: ["text"], + contextWindow: 131072, + maxTokens: 65536, + cost: { input: 0.3, output: 1.2, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "deepseek-ai/DeepSeek-V3", + name: "deepseek-ai/DeepSeek-V3", + reasoning: false, + input: ["text"], + contextWindow: 163840, + maxTokens: 163840, + cost: { input: 0.3, output: 1.2, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "openai/gpt-oss-20b", + name: "openai/gpt-oss-20b", + reasoning: true, + input: ["text"], + contextWindow: 131072, + maxTokens: 131072, + cost: { input: 0.04, output: 0.15, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "unsloth/Llama-3.2-3B-Instruct", + name: "unsloth/Llama-3.2-3B-Instruct", + reasoning: false, + input: ["text"], + contextWindow: 128000, + maxTokens: 4096, + cost: { input: 0.01, output: 0.01, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "unsloth/Mistral-Small-24B-Instruct-2501", + name: "unsloth/Mistral-Small-24B-Instruct-2501", + reasoning: false, + input: ["text", "image"], + contextWindow: 32768, + maxTokens: 32768, + cost: { input: 0.07, output: 0.3, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "zai-org/GLM-4.7-FP8", + name: "zai-org/GLM-4.7-FP8", + reasoning: true, + input: ["text"], + contextWindow: 202752, + maxTokens: 65535, + cost: { input: 0.3, output: 1.2, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "zai-org/GLM-4.6-TEE", + name: "zai-org/GLM-4.6-TEE", + reasoning: true, + input: ["text"], + contextWindow: 202752, + maxTokens: 65536, + cost: { input: 0.4, output: 1.7, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "Qwen/Qwen3.5-397B-A17B-TEE", + name: "Qwen/Qwen3.5-397B-A17B-TEE", + reasoning: true, + input: ["text", "image"], + contextWindow: 262144, + maxTokens: 65536, + cost: { input: 0.55, output: 3.5, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "Qwen/Qwen2.5-72B-Instruct", + name: "Qwen/Qwen2.5-72B-Instruct", + reasoning: false, + input: ["text"], + contextWindow: 32768, + maxTokens: 32768, + cost: { input: 0.3, output: 1.2, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "NousResearch/DeepHermes-3-Mistral-24B-Preview", + name: "NousResearch/DeepHermes-3-Mistral-24B-Preview", + reasoning: false, + input: ["text"], + contextWindow: 32768, + maxTokens: 32768, + cost: { input: 0.02, output: 0.1, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "Qwen/Qwen3-Next-80B-A3B-Instruct", + name: "Qwen/Qwen3-Next-80B-A3B-Instruct", + reasoning: false, + input: ["text"], + contextWindow: 262144, + maxTokens: 262144, + cost: { input: 0.1, output: 0.8, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "zai-org/GLM-4.6-FP8", + name: "zai-org/GLM-4.6-FP8", + reasoning: true, + input: ["text"], + contextWindow: 202752, + maxTokens: 65535, + cost: { input: 0.3, output: 1.2, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "Qwen/Qwen3-235B-A22B-Thinking-2507", + name: "Qwen/Qwen3-235B-A22B-Thinking-2507", + reasoning: true, + input: ["text"], + contextWindow: 262144, + maxTokens: 262144, + cost: { input: 0.11, output: 0.6, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "deepseek-ai/DeepSeek-R1-Distill-Llama-70B", + name: "deepseek-ai/DeepSeek-R1-Distill-Llama-70B", + reasoning: true, + input: ["text"], + contextWindow: 131072, + maxTokens: 131072, + cost: { input: 0.03, output: 0.11, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "tngtech/R1T2-Chimera-Speed", + name: "tngtech/R1T2-Chimera-Speed", + reasoning: true, + input: ["text"], + contextWindow: 131072, + maxTokens: 65536, + cost: { input: 0.22, output: 0.6, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "zai-org/GLM-4.6V", + name: "zai-org/GLM-4.6V", + reasoning: true, + input: ["text", "image"], + contextWindow: 131072, + maxTokens: 65536, + cost: { input: 0.3, output: 0.9, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "Qwen/Qwen2.5-VL-32B-Instruct", + name: "Qwen/Qwen2.5-VL-32B-Instruct", + reasoning: false, + input: ["text", "image"], + contextWindow: 16384, + maxTokens: 16384, + cost: { input: 0.05, output: 0.22, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "Qwen/Qwen3-VL-235B-A22B-Instruct", + name: "Qwen/Qwen3-VL-235B-A22B-Instruct", + reasoning: false, + input: ["text", "image"], + contextWindow: 262144, + maxTokens: 262144, + cost: { input: 0.3, output: 1.2, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "Qwen/Qwen3-14B", + name: "Qwen/Qwen3-14B", + reasoning: true, + input: ["text"], + contextWindow: 40960, + maxTokens: 40960, + cost: { input: 0.05, output: 0.22, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "Qwen/Qwen2.5-Coder-32B-Instruct", + name: "Qwen/Qwen2.5-Coder-32B-Instruct", + reasoning: false, + input: ["text"], + contextWindow: 32768, + maxTokens: 32768, + cost: { input: 0.03, output: 0.11, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "Qwen/Qwen3-30B-A3B", + name: "Qwen/Qwen3-30B-A3B", + reasoning: true, + input: ["text"], + contextWindow: 40960, + maxTokens: 40960, + cost: { input: 0.06, output: 0.22, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "unsloth/gemma-3-12b-it", + name: "unsloth/gemma-3-12b-it", + reasoning: false, + input: ["text", "image"], + contextWindow: 131072, + maxTokens: 131072, + cost: { input: 0.03, output: 0.1, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "unsloth/Llama-3.2-1B-Instruct", + name: "unsloth/Llama-3.2-1B-Instruct", + reasoning: false, + input: ["text"], + contextWindow: 128000, + maxTokens: 4096, + cost: { input: 0.01, output: 0.01, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "nvidia/NVIDIA-Nemotron-3-Nano-30B-A3B-BF16-TEE", + name: "nvidia/NVIDIA-Nemotron-3-Nano-30B-A3B-BF16-TEE", + reasoning: true, + input: ["text"], + contextWindow: 128000, + maxTokens: 4096, + cost: { input: 0.3, output: 1.2, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "NousResearch/Hermes-4-14B", + name: "NousResearch/Hermes-4-14B", + reasoning: true, + input: ["text"], + contextWindow: 40960, + maxTokens: 40960, + cost: { input: 0.01, output: 0.05, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "Qwen/Qwen3Guard-Gen-0.6B", + name: "Qwen/Qwen3Guard-Gen-0.6B", + reasoning: false, + input: ["text"], + contextWindow: 128000, + maxTokens: 4096, + cost: { input: 0.01, output: 0.01, cacheRead: 0, cacheWrite: 0 }, + }, + { + id: "rednote-hilab/dots.ocr", + name: "rednote-hilab/dots.ocr", + reasoning: false, + input: ["text", "image"], + contextWindow: 131072, + maxTokens: 131072, + cost: { input: 0.01, output: 0.01, cacheRead: 0, cacheWrite: 0 }, + }, +]; + +export function buildChutesModelDefinition( + model: (typeof CHUTES_MODEL_CATALOG)[number], +): ModelDefinitionConfig { + return { + ...model, + // Avoid usage-only streaming chunks that can break OpenAI-compatible parsers. + compat: { + supportsUsageInStreaming: false, + }, + }; +} + +interface ChutesModelEntry { + id: string; + name?: string; + supported_features?: string[]; + input_modalities?: string[]; + context_length?: number; + max_output_length?: number; + pricing?: { + prompt?: number; + completion?: number; + }; + [key: string]: unknown; +} + +interface OpenAIListModelsResponse { + data?: ChutesModelEntry[]; +} + +const CACHE_TTL = 5 * 60 * 1000; // 5 minutes +const CACHE_MAX_ENTRIES = 100; + +interface CacheEntry { + models: ModelDefinitionConfig[]; + time: number; +} + +// Keyed by trimmed access token (empty string = unauthenticated). +// Prevents a public unauthenticated result from suppressing authenticated +// discovery for users with token-scoped private models. +const modelCache = new Map(); + +/** @internal - For testing only */ +export function clearChutesModelCache() { + modelCache.clear(); +} + +function pruneExpiredCacheEntries(now: number = Date.now()): void { + for (const [key, entry] of modelCache.entries()) { + if (now - entry.time >= CACHE_TTL) { + modelCache.delete(key); + } + } +} + +/** Cache the result for the given token key and return it. */ +function cacheAndReturn( + tokenKey: string, + models: ModelDefinitionConfig[], +): ModelDefinitionConfig[] { + const now = Date.now(); + pruneExpiredCacheEntries(now); + + if (!modelCache.has(tokenKey) && modelCache.size >= CACHE_MAX_ENTRIES) { + const oldest = modelCache.keys().next(); + if (!oldest.done) { + modelCache.delete(oldest.value); + } + } + + modelCache.set(tokenKey, { models, time: now }); + return models; +} + +/** + * Discover models from Chutes.ai API with fallback to static catalog. + * Mimics the logic in Chutes init script. + */ +export async function discoverChutesModels(accessToken?: string): Promise { + const trimmedKey = accessToken?.trim() ?? ""; + + // Return cached result for this token if still within TTL + const now = Date.now(); + pruneExpiredCacheEntries(now); + const cached = modelCache.get(trimmedKey); + if (cached) { + return cached.models; + } + + // Skip API discovery in test environment + if (process.env.NODE_ENV === "test" || process.env.VITEST === "true") { + return CHUTES_MODEL_CATALOG.map(buildChutesModelDefinition); + } + + // If auth fails the result comes from the public endpoint — cache it under "" + // so the original token key stays uncached and retries cleanly next TTL window. + let effectiveKey = trimmedKey; + const staticCatalog = () => + cacheAndReturn(effectiveKey, CHUTES_MODEL_CATALOG.map(buildChutesModelDefinition)); + + const headers: Record = {}; + if (trimmedKey) { + headers.Authorization = `Bearer ${trimmedKey}`; + } + + try { + let response = await fetch(`${CHUTES_BASE_URL}/models`, { + signal: AbortSignal.timeout(10_000), + headers, + }); + + if (response.status === 401 && trimmedKey) { + // Auth failed — fall back to the public (unauthenticated) endpoint. + // Cache the result under "" so the bad token stays uncached and can + // be retried with a refreshed credential after the TTL expires. + effectiveKey = ""; + response = await fetch(`${CHUTES_BASE_URL}/models`, { + signal: AbortSignal.timeout(10_000), + }); + } + + if (!response.ok) { + // Only log if it's not a common auth/overload error that we have a fallback for + if (response.status !== 401 && response.status !== 503) { + log.warn(`GET /v1/models failed: HTTP ${response.status}, using static catalog`); + } + return staticCatalog(); + } + + const body = (await response.json()) as OpenAIListModelsResponse; + const data = body?.data; + if (!Array.isArray(data) || data.length === 0) { + log.warn("No models in response, using static catalog"); + return staticCatalog(); + } + + const seen = new Set(); + const models: ModelDefinitionConfig[] = []; + + for (const entry of data) { + const id = typeof entry?.id === "string" ? entry.id.trim() : ""; + if (!id || seen.has(id)) { + continue; + } + seen.add(id); + + const isReasoning = + entry.supported_features?.includes("reasoning") || + id.toLowerCase().includes("r1") || + id.toLowerCase().includes("thinking") || + id.toLowerCase().includes("reason") || + id.toLowerCase().includes("tee"); + + const input: Array<"text" | "image"> = (entry.input_modalities || ["text"]).filter( + (i): i is "text" | "image" => i === "text" || i === "image", + ); + + models.push({ + id, + name: id, // Mirror init.sh: uses id for name + reasoning: isReasoning, + input, + cost: { + input: entry.pricing?.prompt || 0, + output: entry.pricing?.completion || 0, + cacheRead: 0, + cacheWrite: 0, + }, + contextWindow: entry.context_length || CHUTES_DEFAULT_CONTEXT_WINDOW, + maxTokens: entry.max_output_length || CHUTES_DEFAULT_MAX_TOKENS, + compat: { + supportsUsageInStreaming: false, + }, + }); + } + + return cacheAndReturn( + effectiveKey, + models.length > 0 ? models : CHUTES_MODEL_CATALOG.map(buildChutesModelDefinition), + ); + } catch (error) { + log.warn(`Discovery failed: ${String(error)}, using static catalog`); + return staticCatalog(); + } +} diff --git a/src/agents/cli-credentials.test.ts b/src/agents/cli-credentials.test.ts index fcfaf21450d..53be1581b13 100644 --- a/src/agents/cli-credentials.test.ts +++ b/src/agents/cli-credentials.test.ts @@ -46,6 +46,12 @@ async function readCachedClaudeCliCredentials(allowKeychainPrompt: boolean) { }); } +function createJwtWithExp(expSeconds: number): string { + const encode = (value: Record) => + Buffer.from(JSON.stringify(value)).toString("base64url"); + return `${encode({ alg: "RS256", typ: "JWT" })}.${encode({ exp: expSeconds })}.signature`; +} + describe("cli credentials", () => { beforeAll(async () => { ({ @@ -229,6 +235,7 @@ describe("cli credentials", () => { it("reads Codex credentials from keychain when available", async () => { const tempHome = fs.mkdtempSync(path.join(os.tmpdir(), "openclaw-codex-")); process.env.CODEX_HOME = tempHome; + const expSeconds = Math.floor(Date.parse("2026-03-23T00:48:49Z") / 1000); const accountHash = "cli|"; @@ -238,7 +245,7 @@ describe("cli credentials", () => { expect(cmd).toContain(accountHash); return JSON.stringify({ tokens: { - access_token: "keychain-access", + access_token: createJwtWithExp(expSeconds), refresh_token: "keychain-refresh", }, last_refresh: "2026-01-01T00:00:00Z", @@ -248,15 +255,17 @@ describe("cli credentials", () => { const creds = readCodexCliCredentials({ platform: "darwin", execSync: execSyncMock }); expect(creds).toMatchObject({ - access: "keychain-access", + access: createJwtWithExp(expSeconds), refresh: "keychain-refresh", provider: "openai-codex", + expires: expSeconds * 1000, }); }); it("falls back to Codex auth.json when keychain is unavailable", async () => { const tempHome = fs.mkdtempSync(path.join(os.tmpdir(), "openclaw-codex-")); process.env.CODEX_HOME = tempHome; + const expSeconds = Math.floor(Date.parse("2026-03-24T12:34:56Z") / 1000); execSyncMock.mockImplementation(() => { throw new Error("not found"); }); @@ -267,7 +276,7 @@ describe("cli credentials", () => { authPath, JSON.stringify({ tokens: { - access_token: "file-access", + access_token: createJwtWithExp(expSeconds), refresh_token: "file-refresh", }, }), @@ -277,9 +286,10 @@ describe("cli credentials", () => { const creds = readCodexCliCredentials({ execSync: execSyncMock }); expect(creds).toMatchObject({ - access: "file-access", + access: createJwtWithExp(expSeconds), refresh: "file-refresh", provider: "openai-codex", + expires: expSeconds * 1000, }); }); }); diff --git a/src/agents/cli-credentials.ts b/src/agents/cli-credentials.ts index 0d6d7c28c84..8ded765346a 100644 --- a/src/agents/cli-credentials.ts +++ b/src/agents/cli-credentials.ts @@ -153,6 +153,22 @@ function computeCodexKeychainAccount(codexHome: string) { return `cli|${hash.slice(0, 16)}`; } +function decodeJwtExpiryMs(token: string): number | null { + const parts = token.split("."); + if (parts.length < 2) { + return null; + } + try { + const payloadRaw = Buffer.from(parts[1], "base64url").toString("utf8"); + const payload = JSON.parse(payloadRaw) as { exp?: unknown }; + return typeof payload.exp === "number" && Number.isFinite(payload.exp) && payload.exp > 0 + ? payload.exp * 1000 + : null; + } catch { + return null; + } +} + function readCodexKeychainCredentials(options?: { platform?: NodeJS.Platform; execSync?: ExecSyncFn; @@ -193,9 +209,10 @@ function readCodexKeychainCredentials(options?: { typeof lastRefreshRaw === "string" || typeof lastRefreshRaw === "number" ? new Date(lastRefreshRaw).getTime() : Date.now(); - const expires = Number.isFinite(lastRefresh) + const fallbackExpiry = Number.isFinite(lastRefresh) ? lastRefresh + 60 * 60 * 1000 : Date.now() + 60 * 60 * 1000; + const expires = decodeJwtExpiryMs(accessToken) ?? fallbackExpiry; const accountId = typeof tokens?.account_id === "string" ? tokens.account_id : undefined; log.info("read codex credentials from keychain", { @@ -483,13 +500,14 @@ export function readCodexCliCredentials(options?: { return null; } - let expires: number; + let fallbackExpiry: number; try { const stat = fs.statSync(authPath); - expires = stat.mtimeMs + 60 * 60 * 1000; + fallbackExpiry = stat.mtimeMs + 60 * 60 * 1000; } catch { - expires = Date.now() + 60 * 60 * 1000; + fallbackExpiry = Date.now() + 60 * 60 * 1000; } + const expires = decodeJwtExpiryMs(accessToken) ?? fallbackExpiry; return { type: "oauth", diff --git a/src/agents/cli-runner.test.ts b/src/agents/cli-runner.test.ts index ec1b0b09ac8..e77ac021fd7 100644 --- a/src/agents/cli-runner.test.ts +++ b/src/agents/cli-runner.test.ts @@ -5,10 +5,25 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; import type { OpenClawConfig } from "../config/config.js"; import { runCliAgent } from "./cli-runner.js"; import { resolveCliNoOutputTimeoutMs } from "./cli-runner/helpers.js"; +import type { EmbeddedContextFile } from "./pi-embedded-helpers.js"; +import type { WorkspaceBootstrapFile } from "./workspace.js"; const supervisorSpawnMock = vi.fn(); const enqueueSystemEventMock = vi.fn(); const requestHeartbeatNowMock = vi.fn(); +const hoisted = vi.hoisted(() => { + type BootstrapContext = { + bootstrapFiles: WorkspaceBootstrapFile[]; + contextFiles: EmbeddedContextFile[]; + }; + + return { + resolveBootstrapContextForRunMock: vi.fn<() => Promise>(async () => ({ + bootstrapFiles: [], + contextFiles: [], + })), + }; +}); vi.mock("../process/supervisor/index.js", () => ({ getProcessSupervisor: () => ({ @@ -28,6 +43,11 @@ vi.mock("../infra/heartbeat-wake.js", () => ({ requestHeartbeatNow: (...args: unknown[]) => requestHeartbeatNowMock(...args), })); +vi.mock("./bootstrap-files.js", () => ({ + makeBootstrapWarn: () => () => {}, + resolveBootstrapContextForRun: hoisted.resolveBootstrapContextForRunMock, +})); + type MockRunExit = { reason: | "manual-cancel" @@ -61,6 +81,10 @@ describe("runCliAgent with process supervisor", () => { supervisorSpawnMock.mockClear(); enqueueSystemEventMock.mockClear(); requestHeartbeatNowMock.mockClear(); + hoisted.resolveBootstrapContextForRunMock.mockReset().mockResolvedValue({ + bootstrapFiles: [], + contextFiles: [], + }); }); it("runs CLI through supervisor and returns payload", async () => { @@ -107,6 +131,62 @@ describe("runCliAgent with process supervisor", () => { expect(input.scopeKey).toContain("thread-123"); }); + it("prepends bootstrap warnings to the CLI prompt body", async () => { + supervisorSpawnMock.mockResolvedValueOnce( + createManagedRun({ + reason: "exit", + exitCode: 0, + exitSignal: null, + durationMs: 50, + stdout: "ok", + stderr: "", + timedOut: false, + noOutputTimedOut: false, + }), + ); + hoisted.resolveBootstrapContextForRunMock.mockResolvedValueOnce({ + bootstrapFiles: [ + { + name: "AGENTS.md", + path: "/tmp/AGENTS.md", + content: "A".repeat(200), + missing: false, + }, + ], + contextFiles: [{ path: "AGENTS.md", content: "A".repeat(20) }], + }); + + await runCliAgent({ + sessionId: "s1", + sessionFile: "/tmp/session.jsonl", + workspaceDir: "/tmp", + config: { + agents: { + defaults: { + bootstrapMaxChars: 50, + bootstrapTotalMaxChars: 50, + }, + }, + } satisfies OpenClawConfig, + prompt: "hi", + provider: "codex-cli", + model: "gpt-5.2-codex", + timeoutMs: 1_000, + runId: "run-warning", + cliSessionId: "thread-123", + }); + + const input = supervisorSpawnMock.mock.calls[0]?.[0] as { + argv?: string[]; + input?: string; + }; + const promptCarrier = [input.input ?? "", ...(input.argv ?? [])].join("\n"); + + expect(promptCarrier).toContain("[Bootstrap truncation warning]"); + expect(promptCarrier).toContain("- AGENTS.md: 200 raw -> 20 injected"); + expect(promptCarrier).toContain("hi"); + }); + it("fails with timeout when no-output watchdog trips", async () => { supervisorSpawnMock.mockResolvedValueOnce( createManagedRun({ diff --git a/src/agents/cli-runner.ts b/src/agents/cli-runner.ts index f9b0f5542c5..9056668e087 100644 --- a/src/agents/cli-runner.ts +++ b/src/agents/cli-runner.ts @@ -15,6 +15,7 @@ import { buildBootstrapInjectionStats, buildBootstrapPromptWarning, buildBootstrapTruncationReportMeta, + prependBootstrapPromptWarning, } from "./bootstrap-budget.js"; import { makeBootstrapWarn, resolveBootstrapContextForRun } from "./bootstrap-files.js"; import { resolveCliBackendConfig } from "./cli-backends.js"; @@ -63,7 +64,7 @@ export async function runCliAgent(params: { timeoutMs: number; runId: string; extraSystemPrompt?: string; - streamParams?: import("../commands/agent/types.js").AgentStreamParams; + streamParams?: import("./command/types.js").AgentStreamParams; ownerNumbers?: string[]; cliSessionId?: string; bootstrapPromptWarningSignaturesSeen?: string[]; @@ -162,7 +163,6 @@ export async function runCliAgent(params: { docsPath: docsPath ?? undefined, tools: [], contextFiles, - bootstrapTruncationWarningLines: bootstrapPromptWarning.lines, modelDisplay, agentId: sessionAgentId, }); @@ -218,7 +218,9 @@ export async function runCliAgent(params: { let imagePaths: string[] | undefined; let cleanupImages: (() => Promise) | undefined; - let prompt = params.prompt; + let prompt = prependBootstrapPromptWarning(params.prompt, bootstrapPromptWarning.lines, { + preserveExactPrompt: heartbeatPrompt, + }); if (params.images && params.images.length > 0) { const imagePayload = await writeCliImages(params.images); imagePaths = imagePayload.paths; diff --git a/src/agents/cli-runner/bundle-mcp.test.ts b/src/agents/cli-runner/bundle-mcp.test.ts index ec345f960a2..fae294ab951 100644 --- a/src/agents/cli-runner/bundle-mcp.test.ts +++ b/src/agents/cli-runner/bundle-mcp.test.ts @@ -1,61 +1,28 @@ import fs from "node:fs/promises"; -import os from "node:os"; -import path from "node:path"; import { afterEach, describe, expect, it } from "vitest"; import type { OpenClawConfig } from "../../config/config.js"; -import { clearPluginManifestRegistryCache } from "../../plugins/manifest-registry.js"; +import { + createBundleMcpTempHarness, + createBundleProbePlugin, +} from "../../plugins/bundle-mcp.test-support.js"; import { captureEnv } from "../../test-utils/env.js"; import { prepareCliBundleMcpConfig } from "./bundle-mcp.js"; -const tempDirs: string[] = []; - -async function createTempDir(prefix: string): Promise { - const dir = await fs.mkdtemp(path.join(os.tmpdir(), prefix)); - tempDirs.push(dir); - return dir; -} +const tempHarness = createBundleMcpTempHarness(); afterEach(async () => { - clearPluginManifestRegistryCache(); - await Promise.all( - tempDirs.splice(0, tempDirs.length).map((dir) => fs.rm(dir, { recursive: true, force: true })), - ); + await tempHarness.cleanup(); }); describe("prepareCliBundleMcpConfig", () => { it("injects a merged --mcp-config overlay for claude-cli", async () => { const env = captureEnv(["HOME"]); try { - const homeDir = await createTempDir("openclaw-cli-bundle-mcp-home-"); - const workspaceDir = await createTempDir("openclaw-cli-bundle-mcp-workspace-"); + const homeDir = await tempHarness.createTempDir("openclaw-cli-bundle-mcp-home-"); + const workspaceDir = await tempHarness.createTempDir("openclaw-cli-bundle-mcp-workspace-"); process.env.HOME = homeDir; - const pluginRoot = path.join(homeDir, ".openclaw", "extensions", "bundle-probe"); - const serverPath = path.join(pluginRoot, "servers", "probe.mjs"); - await fs.mkdir(path.join(pluginRoot, ".claude-plugin"), { recursive: true }); - await fs.mkdir(path.dirname(serverPath), { recursive: true }); - await fs.writeFile(serverPath, "export {};\n", "utf-8"); - await fs.writeFile( - path.join(pluginRoot, ".claude-plugin", "plugin.json"), - `${JSON.stringify({ name: "bundle-probe" }, null, 2)}\n`, - "utf-8", - ); - await fs.writeFile( - path.join(pluginRoot, ".mcp.json"), - `${JSON.stringify( - { - mcpServers: { - bundleProbe: { - command: "node", - args: ["./servers/probe.mjs"], - }, - }, - }, - null, - 2, - )}\n`, - "utf-8", - ); + const { serverPath } = await createBundleProbePlugin(homeDir); const config: OpenClawConfig = { plugins: { diff --git a/src/agents/cli-runner/bundle-mcp.ts b/src/agents/cli-runner/bundle-mcp.ts index 60e6149519c..96aeb867869 100644 --- a/src/agents/cli-runner/bundle-mcp.ts +++ b/src/agents/cli-runner/bundle-mcp.ts @@ -5,43 +5,20 @@ import type { OpenClawConfig } from "../../config/config.js"; import { applyMergePatch } from "../../config/merge-patch.js"; import type { CliBackendConfig } from "../../config/types.js"; import { + extractMcpServerMap, loadEnabledBundleMcpConfig, type BundleMcpConfig, - type BundleMcpServerConfig, } from "../../plugins/bundle-mcp.js"; -import { isRecord } from "../../utils.js"; type PreparedCliBundleMcpConfig = { backend: CliBackendConfig; cleanup?: () => Promise; }; -function extractServerMap(raw: unknown): Record { - if (!isRecord(raw)) { - return {}; - } - const nested = isRecord(raw.mcpServers) - ? raw.mcpServers - : isRecord(raw.servers) - ? raw.servers - : raw; - if (!isRecord(nested)) { - return {}; - } - const result: Record = {}; - for (const [serverName, serverRaw] of Object.entries(nested)) { - if (!isRecord(serverRaw)) { - continue; - } - result[serverName] = { ...serverRaw }; - } - return result; -} - async function readExternalMcpConfig(configPath: string): Promise { try { const raw = JSON.parse(await fs.readFile(configPath, "utf-8")) as unknown; - return { mcpServers: extractServerMap(raw) }; + return { mcpServers: extractMcpServerMap(raw) }; } catch { return { mcpServers: {} }; } diff --git a/src/agents/cli-runner/helpers.ts b/src/agents/cli-runner/helpers.ts index 7f0598cfaab..96ec35540be 100644 --- a/src/agents/cli-runner/helpers.ts +++ b/src/agents/cli-runner/helpers.ts @@ -48,7 +48,6 @@ export function buildSystemPrompt(params: { docsPath?: string; tools: AgentTool[]; contextFiles?: EmbeddedContextFile[]; - bootstrapTruncationWarningLines?: string[]; modelDisplay: string; agentId?: string; }) { @@ -92,7 +91,6 @@ export function buildSystemPrompt(params: { userTime, userTimeFormat, contextFiles: params.contextFiles, - bootstrapTruncationWarningLines: params.bootstrapTruncationWarningLines, ttsHint, memoryCitationsMode: params.config?.memory?.citations, }); diff --git a/src/agents/command-poll-backoff.runtime.ts b/src/agents/command-poll-backoff.runtime.ts index 1667abba083..87494f4013f 100644 --- a/src/agents/command-poll-backoff.runtime.ts +++ b/src/agents/command-poll-backoff.runtime.ts @@ -1 +1,9 @@ -export { pruneStaleCommandPolls } from "./command-poll-backoff.js"; +import { pruneStaleCommandPolls as pruneStaleCommandPollsImpl } from "./command-poll-backoff.js"; + +type PruneStaleCommandPolls = typeof import("./command-poll-backoff.js").pruneStaleCommandPolls; + +export function pruneStaleCommandPolls( + ...args: Parameters +): ReturnType { + return pruneStaleCommandPollsImpl(...args); +} diff --git a/src/agents/command/delivery.ts b/src/agents/command/delivery.ts new file mode 100644 index 00000000000..d3a011017fb --- /dev/null +++ b/src/agents/command/delivery.ts @@ -0,0 +1,238 @@ +import { getChannelPlugin, normalizeChannelId } from "../../channels/plugins/index.js"; +import { createOutboundSendDeps, type CliDeps } from "../../cli/outbound-send-deps.js"; +import type { OpenClawConfig } from "../../config/config.js"; +import type { SessionEntry } from "../../config/sessions.js"; +import { + resolveAgentDeliveryPlan, + resolveAgentOutboundTarget, +} from "../../infra/outbound/agent-delivery.js"; +import { resolveMessageChannelSelection } from "../../infra/outbound/channel-selection.js"; +import { deliverOutboundPayloads } from "../../infra/outbound/deliver.js"; +import { buildOutboundResultEnvelope } from "../../infra/outbound/envelope.js"; +import { + formatOutboundPayloadLog, + type NormalizedOutboundPayload, + normalizeOutboundPayloads, + normalizeOutboundPayloadsForJson, +} from "../../infra/outbound/payloads.js"; +import type { OutboundSessionContext } from "../../infra/outbound/session-context.js"; +import type { RuntimeEnv } from "../../runtime.js"; +import { isInternalMessageChannel } from "../../utils/message-channel.js"; +import { AGENT_LANE_NESTED } from "../lanes.js"; +import type { AgentCommandOpts } from "./types.js"; + +type RunResult = Awaited>; + +const NESTED_LOG_PREFIX = "[agent:nested]"; + +function formatNestedLogPrefix(opts: AgentCommandOpts, sessionKey?: string): string { + const parts = [NESTED_LOG_PREFIX]; + const session = sessionKey ?? opts.sessionKey ?? opts.sessionId; + if (session) { + parts.push(`session=${session}`); + } + if (opts.runId) { + parts.push(`run=${opts.runId}`); + } + const channel = opts.messageChannel ?? opts.channel; + if (channel) { + parts.push(`channel=${channel}`); + } + if (opts.to) { + parts.push(`to=${opts.to}`); + } + if (opts.accountId) { + parts.push(`account=${opts.accountId}`); + } + return parts.join(" "); +} + +function logNestedOutput( + runtime: RuntimeEnv, + opts: AgentCommandOpts, + output: string, + sessionKey?: string, +) { + const prefix = formatNestedLogPrefix(opts, sessionKey); + for (const line of output.split(/\r?\n/)) { + if (!line) { + continue; + } + runtime.log(`${prefix} ${line}`); + } +} + +export async function deliverAgentCommandResult(params: { + cfg: OpenClawConfig; + deps: CliDeps; + runtime: RuntimeEnv; + opts: AgentCommandOpts; + outboundSession: OutboundSessionContext | undefined; + sessionEntry: SessionEntry | undefined; + result: RunResult; + payloads: RunResult["payloads"]; +}) { + const { cfg, deps, runtime, opts, outboundSession, sessionEntry, payloads, result } = params; + const effectiveSessionKey = outboundSession?.key ?? opts.sessionKey; + const deliver = opts.deliver === true; + const bestEffortDeliver = opts.bestEffortDeliver === true; + const turnSourceChannel = opts.runContext?.messageChannel ?? opts.messageChannel; + const turnSourceTo = opts.runContext?.currentChannelId ?? opts.to; + const turnSourceAccountId = opts.runContext?.accountId ?? opts.accountId; + const turnSourceThreadId = opts.runContext?.currentThreadTs ?? opts.threadId; + const deliveryPlan = resolveAgentDeliveryPlan({ + sessionEntry, + requestedChannel: opts.replyChannel ?? opts.channel, + explicitTo: opts.replyTo ?? opts.to, + explicitThreadId: opts.threadId, + accountId: opts.replyAccountId ?? opts.accountId, + wantsDelivery: deliver, + turnSourceChannel, + turnSourceTo, + turnSourceAccountId, + turnSourceThreadId, + }); + let deliveryChannel = deliveryPlan.resolvedChannel; + const explicitChannelHint = (opts.replyChannel ?? opts.channel)?.trim(); + if (deliver && isInternalMessageChannel(deliveryChannel) && !explicitChannelHint) { + try { + const selection = await resolveMessageChannelSelection({ cfg }); + deliveryChannel = selection.channel; + } catch { + // Keep the internal channel marker; error handling below reports the failure. + } + } + const effectiveDeliveryPlan = + deliveryChannel === deliveryPlan.resolvedChannel + ? deliveryPlan + : { + ...deliveryPlan, + resolvedChannel: deliveryChannel, + }; + // Channel docking: delivery channels are resolved via plugin registry. + const deliveryPlugin = !isInternalMessageChannel(deliveryChannel) + ? getChannelPlugin(normalizeChannelId(deliveryChannel) ?? deliveryChannel) + : undefined; + + const isDeliveryChannelKnown = + isInternalMessageChannel(deliveryChannel) || Boolean(deliveryPlugin); + + const targetMode = + opts.deliveryTargetMode ?? + effectiveDeliveryPlan.deliveryTargetMode ?? + (opts.to ? "explicit" : "implicit"); + const resolvedAccountId = effectiveDeliveryPlan.resolvedAccountId; + const resolved = + deliver && isDeliveryChannelKnown && deliveryChannel + ? resolveAgentOutboundTarget({ + cfg, + plan: effectiveDeliveryPlan, + targetMode, + validateExplicitTarget: true, + }) + : { + resolvedTarget: null, + resolvedTo: effectiveDeliveryPlan.resolvedTo, + targetMode, + }; + const resolvedTarget = resolved.resolvedTarget; + const deliveryTarget = resolved.resolvedTo; + const resolvedThreadId = deliveryPlan.resolvedThreadId ?? opts.threadId; + const resolvedReplyToId = + deliveryChannel === "slack" && resolvedThreadId != null ? String(resolvedThreadId) : undefined; + const resolvedThreadTarget = deliveryChannel === "slack" ? undefined : resolvedThreadId; + + const logDeliveryError = (err: unknown) => { + const message = `Delivery failed (${deliveryChannel}${deliveryTarget ? ` to ${deliveryTarget}` : ""}): ${String(err)}`; + runtime.error?.(message); + if (!runtime.error) { + runtime.log(message); + } + }; + + if (deliver) { + if (isInternalMessageChannel(deliveryChannel)) { + const err = new Error( + "delivery channel is required: pass --channel/--reply-channel or use a main session with a previous channel", + ); + if (!bestEffortDeliver) { + throw err; + } + logDeliveryError(err); + } else if (!isDeliveryChannelKnown) { + const err = new Error(`Unknown channel: ${deliveryChannel}`); + if (!bestEffortDeliver) { + throw err; + } + logDeliveryError(err); + } else if (resolvedTarget && !resolvedTarget.ok) { + if (!bestEffortDeliver) { + throw resolvedTarget.error; + } + logDeliveryError(resolvedTarget.error); + } + } + + const normalizedPayloads = normalizeOutboundPayloadsForJson(payloads ?? []); + if (opts.json) { + runtime.log( + JSON.stringify( + buildOutboundResultEnvelope({ + payloads: normalizedPayloads, + meta: result.meta, + }), + null, + 2, + ), + ); + if (!deliver) { + return { payloads: normalizedPayloads, meta: result.meta }; + } + } + + if (!payloads || payloads.length === 0) { + runtime.log("No reply from agent."); + return { payloads: [], meta: result.meta }; + } + + const deliveryPayloads = normalizeOutboundPayloads(payloads); + const logPayload = (payload: NormalizedOutboundPayload) => { + if (opts.json) { + return; + } + const output = formatOutboundPayloadLog(payload); + if (!output) { + return; + } + if (opts.lane === AGENT_LANE_NESTED) { + logNestedOutput(runtime, opts, output, effectiveSessionKey); + return; + } + runtime.log(output); + }; + if (!deliver) { + for (const payload of deliveryPayloads) { + logPayload(payload); + } + } + if (deliver && deliveryChannel && !isInternalMessageChannel(deliveryChannel)) { + if (deliveryTarget) { + await deliverOutboundPayloads({ + cfg, + channel: deliveryChannel, + to: deliveryTarget, + accountId: resolvedAccountId, + payloads: deliveryPayloads, + session: outboundSession, + replyToId: resolvedReplyToId ?? null, + threadId: resolvedThreadTarget ?? null, + bestEffort: bestEffortDeliver, + onError: (err) => logDeliveryError(err), + onPayload: logPayload, + deps: createOutboundSendDeps(deps), + }); + } + } + + return { payloads: normalizedPayloads, meta: result.meta }; +} diff --git a/src/agents/command/run-context.ts b/src/agents/command/run-context.ts new file mode 100644 index 00000000000..b6c121a6c0a --- /dev/null +++ b/src/agents/command/run-context.ts @@ -0,0 +1,55 @@ +import { normalizeAccountId } from "../../utils/account-id.js"; +import { resolveMessageChannel } from "../../utils/message-channel.js"; +import type { AgentCommandOpts, AgentRunContext } from "./types.js"; + +export function resolveAgentRunContext(opts: AgentCommandOpts): AgentRunContext { + const merged: AgentRunContext = opts.runContext ? { ...opts.runContext } : {}; + + const normalizedChannel = resolveMessageChannel( + merged.messageChannel ?? opts.messageChannel, + opts.replyChannel ?? opts.channel, + ); + if (normalizedChannel) { + merged.messageChannel = normalizedChannel; + } + + const normalizedAccountId = normalizeAccountId(merged.accountId ?? opts.accountId); + if (normalizedAccountId) { + merged.accountId = normalizedAccountId; + } + + const groupId = (merged.groupId ?? opts.groupId)?.toString().trim(); + if (groupId) { + merged.groupId = groupId; + } + + const groupChannel = (merged.groupChannel ?? opts.groupChannel)?.toString().trim(); + if (groupChannel) { + merged.groupChannel = groupChannel; + } + + const groupSpace = (merged.groupSpace ?? opts.groupSpace)?.toString().trim(); + if (groupSpace) { + merged.groupSpace = groupSpace; + } + + if ( + merged.currentThreadTs == null && + opts.threadId != null && + opts.threadId !== "" && + opts.threadId !== null + ) { + merged.currentThreadTs = String(opts.threadId); + } + + // Populate currentChannelId from the outbound target so channel threading + // adapters can detect same-conversation auto-threading. + if (!merged.currentChannelId && opts.to) { + const trimmedTo = opts.to.trim(); + if (trimmedTo) { + merged.currentChannelId = trimmedTo; + } + } + + return merged; +} diff --git a/src/agents/command/session-store.ts b/src/agents/command/session-store.ts new file mode 100644 index 00000000000..e4746845ed7 --- /dev/null +++ b/src/agents/command/session-store.ts @@ -0,0 +1,109 @@ +import type { OpenClawConfig } from "../../config/config.js"; +import { + mergeSessionEntry, + setSessionRuntimeModel, + type SessionEntry, + updateSessionStore, +} from "../../config/sessions.js"; +import { setCliSessionId } from "../cli-session.js"; +import { resolveContextTokensForModel } from "../context.js"; +import { DEFAULT_CONTEXT_TOKENS } from "../defaults.js"; +import { isCliProvider } from "../model-selection.js"; +import { deriveSessionTotalTokens, hasNonzeroUsage } from "../usage.js"; + +type RunResult = Awaited>; + +export async function updateSessionStoreAfterAgentRun(params: { + cfg: OpenClawConfig; + contextTokensOverride?: number; + sessionId: string; + sessionKey: string; + storePath: string; + sessionStore: Record; + defaultProvider: string; + defaultModel: string; + fallbackProvider?: string; + fallbackModel?: string; + result: RunResult; +}) { + const { + cfg, + sessionId, + sessionKey, + storePath, + sessionStore, + defaultProvider, + defaultModel, + fallbackProvider, + fallbackModel, + result, + } = params; + + const usage = result.meta.agentMeta?.usage; + const promptTokens = result.meta.agentMeta?.promptTokens; + const compactionsThisRun = Math.max(0, result.meta.agentMeta?.compactionCount ?? 0); + const modelUsed = result.meta.agentMeta?.model ?? fallbackModel ?? defaultModel; + const providerUsed = result.meta.agentMeta?.provider ?? fallbackProvider ?? defaultProvider; + const contextTokens = + resolveContextTokensForModel({ + cfg, + provider: providerUsed, + model: modelUsed, + contextTokensOverride: params.contextTokensOverride, + fallbackContextTokens: DEFAULT_CONTEXT_TOKENS, + }) ?? DEFAULT_CONTEXT_TOKENS; + + const entry = sessionStore[sessionKey] ?? { + sessionId, + updatedAt: Date.now(), + }; + const next: SessionEntry = { + ...entry, + sessionId, + updatedAt: Date.now(), + contextTokens, + }; + setSessionRuntimeModel(next, { + provider: providerUsed, + model: modelUsed, + }); + if (isCliProvider(providerUsed, cfg)) { + const cliSessionId = result.meta.agentMeta?.sessionId?.trim(); + if (cliSessionId) { + setCliSessionId(next, providerUsed, cliSessionId); + } + } + next.abortedLastRun = result.meta.aborted ?? false; + if (result.meta.systemPromptReport) { + next.systemPromptReport = result.meta.systemPromptReport; + } + if (hasNonzeroUsage(usage)) { + const input = usage.input ?? 0; + const output = usage.output ?? 0; + const totalTokens = deriveSessionTotalTokens({ + usage, + contextTokens, + promptTokens, + }); + next.inputTokens = input; + next.outputTokens = output; + if (typeof totalTokens === "number" && Number.isFinite(totalTokens) && totalTokens > 0) { + next.totalTokens = totalTokens; + next.totalTokensFresh = true; + } else { + next.totalTokens = undefined; + next.totalTokensFresh = false; + } + next.cacheRead = usage.cacheRead ?? 0; + next.cacheWrite = usage.cacheWrite ?? 0; + } + if (compactionsThisRun > 0) { + next.compactionCount = (entry.compactionCount ?? 0) + compactionsThisRun; + } + const persisted = await updateSessionStore(storePath, (store) => { + const merged = mergeSessionEntry(store[sessionKey], next); + store[sessionKey] = merged; + return merged; + }); + sessionStore[sessionKey] = persisted; +} diff --git a/src/agents/command/session.ts b/src/agents/command/session.ts new file mode 100644 index 00000000000..2b04e21e406 --- /dev/null +++ b/src/agents/command/session.ts @@ -0,0 +1,172 @@ +import crypto from "node:crypto"; +import type { MsgContext } from "../../auto-reply/templating.js"; +import { + normalizeThinkLevel, + normalizeVerboseLevel, + type ThinkLevel, + type VerboseLevel, +} from "../../auto-reply/thinking.js"; +import type { OpenClawConfig } from "../../config/config.js"; +import { + evaluateSessionFreshness, + loadSessionStore, + resolveAgentIdFromSessionKey, + resolveChannelResetConfig, + resolveExplicitAgentSessionKey, + resolveSessionResetPolicy, + resolveSessionResetType, + resolveSessionKey, + resolveStorePath, + type SessionEntry, +} from "../../config/sessions.js"; +import { normalizeMainKey } from "../../routing/session-key.js"; +import { listAgentIds } from "../agent-scope.js"; +import { clearBootstrapSnapshotOnSessionRollover } from "../bootstrap-cache.js"; + +export type SessionResolution = { + sessionId: string; + sessionKey?: string; + sessionEntry?: SessionEntry; + sessionStore?: Record; + storePath: string; + isNewSession: boolean; + persistedThinking?: ThinkLevel; + persistedVerbose?: VerboseLevel; +}; + +type SessionKeyResolution = { + sessionKey?: string; + sessionStore: Record; + storePath: string; +}; + +export function resolveSessionKeyForRequest(opts: { + cfg: OpenClawConfig; + to?: string; + sessionId?: string; + sessionKey?: string; + agentId?: string; +}): SessionKeyResolution { + const sessionCfg = opts.cfg.session; + const scope = sessionCfg?.scope ?? "per-sender"; + const mainKey = normalizeMainKey(sessionCfg?.mainKey); + const explicitSessionKey = + opts.sessionKey?.trim() || + resolveExplicitAgentSessionKey({ + cfg: opts.cfg, + agentId: opts.agentId, + }); + const storeAgentId = resolveAgentIdFromSessionKey(explicitSessionKey); + const storePath = resolveStorePath(sessionCfg?.store, { + agentId: storeAgentId, + }); + const sessionStore = loadSessionStore(storePath); + + const ctx: MsgContext | undefined = opts.to?.trim() ? { From: opts.to } : undefined; + let sessionKey: string | undefined = + explicitSessionKey ?? (ctx ? resolveSessionKey(scope, ctx, mainKey) : undefined); + + // If a session id was provided, prefer to re-use its entry (by id) even when no key was derived. + if ( + !explicitSessionKey && + opts.sessionId && + (!sessionKey || sessionStore[sessionKey]?.sessionId !== opts.sessionId) + ) { + const foundKey = Object.keys(sessionStore).find( + (key) => sessionStore[key]?.sessionId === opts.sessionId, + ); + if (foundKey) { + sessionKey = foundKey; + } + } + + // When sessionId was provided but not found in the primary store, search all agent stores. + // Sessions created under a specific agent live in that agent's store file; the primary + // store (derived from the default agent) won't contain them. + // Also covers the case where --to derived a sessionKey that doesn't match the requested sessionId. + if ( + opts.sessionId && + !explicitSessionKey && + (!sessionKey || sessionStore[sessionKey]?.sessionId !== opts.sessionId) + ) { + const allAgentIds = listAgentIds(opts.cfg); + for (const agentId of allAgentIds) { + if (agentId === storeAgentId) { + continue; + } + const altStorePath = resolveStorePath(sessionCfg?.store, { agentId }); + const altStore = loadSessionStore(altStorePath); + const foundKey = Object.keys(altStore).find( + (key) => altStore[key]?.sessionId === opts.sessionId, + ); + if (foundKey) { + return { sessionKey: foundKey, sessionStore: altStore, storePath: altStorePath }; + } + } + } + + return { sessionKey, sessionStore, storePath }; +} + +export function resolveSession(opts: { + cfg: OpenClawConfig; + to?: string; + sessionId?: string; + sessionKey?: string; + agentId?: string; +}): SessionResolution { + const sessionCfg = opts.cfg.session; + const { sessionKey, sessionStore, storePath } = resolveSessionKeyForRequest({ + cfg: opts.cfg, + to: opts.to, + sessionId: opts.sessionId, + sessionKey: opts.sessionKey, + agentId: opts.agentId, + }); + const now = Date.now(); + + const sessionEntry = sessionKey ? sessionStore[sessionKey] : undefined; + + const resetType = resolveSessionResetType({ sessionKey }); + const channelReset = resolveChannelResetConfig({ + sessionCfg, + channel: sessionEntry?.lastChannel ?? sessionEntry?.channel, + }); + const resetPolicy = resolveSessionResetPolicy({ + sessionCfg, + resetType, + resetOverride: channelReset, + }); + const fresh = sessionEntry + ? evaluateSessionFreshness({ updatedAt: sessionEntry.updatedAt, now, policy: resetPolicy }) + .fresh + : false; + const sessionId = + opts.sessionId?.trim() || (fresh ? sessionEntry?.sessionId : undefined) || crypto.randomUUID(); + const isNewSession = !fresh && !opts.sessionId; + + clearBootstrapSnapshotOnSessionRollover({ + sessionKey, + previousSessionId: isNewSession ? sessionEntry?.sessionId : undefined, + }); + + const persistedThinking = + fresh && sessionEntry?.thinkingLevel + ? normalizeThinkLevel(sessionEntry.thinkingLevel) + : undefined; + const persistedVerbose = + fresh && sessionEntry?.verboseLevel + ? normalizeVerboseLevel(sessionEntry.verboseLevel) + : undefined; + + return { + sessionId, + sessionKey, + sessionEntry, + sessionStore, + storePath, + isNewSession, + persistedThinking, + persistedVerbose, + }; +} diff --git a/src/agents/command/types.ts b/src/agents/command/types.ts new file mode 100644 index 00000000000..a85157bb191 --- /dev/null +++ b/src/agents/command/types.ts @@ -0,0 +1,101 @@ +import type { AgentInternalEvent } from "../../agents/internal-events.js"; +import type { ClientToolDefinition } from "../../agents/pi-embedded-runner/run/params.js"; +import type { SpawnedRunMetadata } from "../../agents/spawned-context.js"; +import type { ChannelOutboundTargetMode } from "../../channels/plugins/types.js"; +import type { InputProvenance } from "../../sessions/input-provenance.js"; + +/** Image content block for Claude API multimodal messages. */ +export type ImageContent = { + type: "image"; + data: string; + mimeType: string; +}; + +export type AgentStreamParams = { + /** Provider stream params override (best-effort). */ + temperature?: number; + maxTokens?: number; + /** Provider fast-mode override (best-effort). */ + fastMode?: boolean; +}; + +export type AgentRunContext = { + messageChannel?: string; + accountId?: string; + groupId?: string | null; + groupChannel?: string | null; + groupSpace?: string | null; + currentChannelId?: string; + currentThreadTs?: string; + replyToMode?: "off" | "first" | "all"; + hasRepliedRef?: { value: boolean }; +}; + +export type AgentCommandOpts = { + message: string; + /** Optional image attachments for multimodal messages. */ + images?: ImageContent[]; + /** Optional client-provided tools (OpenResponses hosted tools). */ + clientTools?: ClientToolDefinition[]; + /** Agent id override (must exist in config). */ + agentId?: string; + /** Per-run provider override. */ + provider?: string; + /** Per-run model override. */ + model?: string; + to?: string; + sessionId?: string; + sessionKey?: string; + thinking?: string; + thinkingOnce?: string; + verbose?: string; + json?: boolean; + timeout?: string; + deliver?: boolean; + /** Override delivery target (separate from session routing). */ + replyTo?: string; + /** Override delivery channel (separate from session routing). */ + replyChannel?: string; + /** Override delivery account id (separate from session routing). */ + replyAccountId?: string; + /** Override delivery thread/topic id (separate from session routing). */ + threadId?: string | number; + /** Message channel context (webchat|voicewake|whatsapp|...). */ + messageChannel?: string; + channel?: string; // delivery channel (whatsapp|telegram|...) + /** Account ID for multi-account channel routing (e.g., WhatsApp account). */ + accountId?: string; + /** Context for embedded run routing (channel/account/thread). */ + runContext?: AgentRunContext; + /** Whether this caller is authorized for owner-only tools (defaults true for local CLI calls). */ + senderIsOwner?: boolean; + /** Whether this caller is authorized to use provider/model per-run overrides. */ + allowModelOverride?: boolean; + /** Group/spawn metadata for subagent policy inheritance and routing context. */ + groupId?: SpawnedRunMetadata["groupId"]; + groupChannel?: SpawnedRunMetadata["groupChannel"]; + groupSpace?: SpawnedRunMetadata["groupSpace"]; + spawnedBy?: SpawnedRunMetadata["spawnedBy"]; + deliveryTargetMode?: ChannelOutboundTargetMode; + bestEffortDeliver?: boolean; + abortSignal?: AbortSignal; + lane?: string; + runId?: string; + extraSystemPrompt?: string; + internalEvents?: AgentInternalEvent[]; + inputProvenance?: InputProvenance; + /** Per-call stream param overrides (best-effort). */ + streamParams?: AgentStreamParams; + /** Explicit workspace directory override (for subagents to inherit parent workspace). */ + workspaceDir?: SpawnedRunMetadata["workspaceDir"]; +}; + +export type AgentCommandIngressOpts = Omit< + AgentCommandOpts, + "senderIsOwner" | "allowModelOverride" +> & { + /** Ingress callsites must always pass explicit owner-tool authorization state. */ + senderIsOwner: boolean; + /** Ingress callsites must always pass explicit model-override authorization state. */ + allowModelOverride: boolean; +}; diff --git a/src/agents/context.lookup.test.ts b/src/agents/context.lookup.test.ts index 0f33ada0d1b..df0e67e6c68 100644 --- a/src/agents/context.lookup.test.ts +++ b/src/agents/context.lookup.test.ts @@ -50,9 +50,13 @@ function createContextOverrideConfig(provider: string, model: string, contextWin }; } +async function flushAsyncWarmup() { + await new Promise((r) => setTimeout(r, 0)); +} + async function importResolveContextTokensForModel() { const { resolveContextTokensForModel } = await import("./context.js"); - await new Promise((r) => setTimeout(r, 0)); + await flushAsyncWarmup(); return resolveContextTokensForModel; } @@ -76,57 +80,34 @@ describe("lookupContextTokens", () => { expect(lookupContextTokens("openrouter/claude-sonnet")).toBe(321_000); }); - it("does not skip eager warmup when --profile is followed by -- terminator", async () => { - const loadConfigMock = vi.fn(() => ({ models: {} })); - mockContextModuleDeps(loadConfigMock); - + it("only warms eagerly for startup commands that need model metadata", async () => { const argvSnapshot = process.argv; - process.argv = ["node", "openclaw", "--profile", "--", "config", "validate"]; try { - await import("./context.js"); - expect(loadConfigMock).toHaveBeenCalledTimes(1); - } finally { - process.argv = argvSnapshot; - } - }); - - it("skips eager warmup for logs commands that do not need model metadata at startup", async () => { - const loadConfigMock = vi.fn(() => ({ models: {} })); - mockContextModuleDeps(loadConfigMock); - - const argvSnapshot = process.argv; - process.argv = ["node", "openclaw", "logs", "--limit", "5"]; - try { - await import("./context.js"); - expect(loadConfigMock).not.toHaveBeenCalled(); - } finally { - process.argv = argvSnapshot; - } - }); - - it("skips eager warmup for status commands that only read model metadata opportunistically", async () => { - const loadConfigMock = vi.fn(() => ({ models: {} })); - mockContextModuleDeps(loadConfigMock); - - const argvSnapshot = process.argv; - process.argv = ["node", "openclaw", "status", "--json"]; - try { - await import("./context.js"); - expect(loadConfigMock).not.toHaveBeenCalled(); - } finally { - process.argv = argvSnapshot; - } - }); - - it("skips eager warmup for gateway commands that do not need model metadata at startup", async () => { - const loadConfigMock = vi.fn(() => ({ models: {} })); - mockContextModuleDeps(loadConfigMock); - - const argvSnapshot = process.argv; - process.argv = ["node", "openclaw", "gateway", "status", "--json"]; - try { - await import("./context.js"); - expect(loadConfigMock).not.toHaveBeenCalled(); + for (const scenario of [ + { + argv: ["node", "openclaw", "--profile", "--", "config", "validate"], + expectedCalls: 1, + }, + { + argv: ["node", "openclaw", "logs", "--limit", "5"], + expectedCalls: 0, + }, + { + argv: ["node", "openclaw", "status", "--json"], + expectedCalls: 0, + }, + { + argv: ["node", "openclaw", "gateway", "status", "--json"], + expectedCalls: 0, + }, + ]) { + vi.resetModules(); + const loadConfigMock = vi.fn(() => ({ models: {} })); + mockContextModuleDeps(loadConfigMock); + process.argv = scenario.argv; + await import("./context.js"); + expect(loadConfigMock).toHaveBeenCalledTimes(scenario.expectedCalls); + } } finally { process.argv = argvSnapshot; } @@ -176,7 +157,7 @@ describe("lookupContextTokens", () => { const { lookupContextTokens } = await import("./context.js"); // Trigger async cache population. - await new Promise((r) => setTimeout(r, 0)); + await flushAsyncWarmup(); // Conservative minimum: bare-id cache feeds runtime flush/compaction paths. expect(lookupContextTokens("gemini-3.1-pro-preview")).toBe(128_000); }); @@ -191,7 +172,7 @@ describe("lookupContextTokens", () => { ]); const { resolveContextTokensForModel } = await import("./context.js"); - await new Promise((r) => setTimeout(r, 0)); + await flushAsyncWarmup(); // With provider specified and no config override, bare lookup finds the // provider-qualified discovery entry. @@ -277,7 +258,7 @@ describe("lookupContextTokens", () => { }; const { resolveContextTokensForModel } = await import("./context.js"); - await new Promise((r) => setTimeout(r, 0)); + await flushAsyncWarmup(); // Exact key "qwen" wins over the alias-normalized match "qwen-portal". const qwenResult = resolveContextTokensForModel({ diff --git a/src/agents/embedded-pi-mcp.ts b/src/agents/embedded-pi-mcp.ts new file mode 100644 index 00000000000..82d4d0e486c --- /dev/null +++ b/src/agents/embedded-pi-mcp.ts @@ -0,0 +1,29 @@ +import type { OpenClawConfig } from "../config/config.js"; +import { normalizeConfiguredMcpServers } from "../config/mcp-config.js"; +import type { BundleMcpDiagnostic, BundleMcpServerConfig } from "../plugins/bundle-mcp.js"; +import { loadEnabledBundleMcpConfig } from "../plugins/bundle-mcp.js"; + +export type EmbeddedPiMcpConfig = { + mcpServers: Record; + diagnostics: BundleMcpDiagnostic[]; +}; + +export function loadEmbeddedPiMcpConfig(params: { + workspaceDir: string; + cfg?: OpenClawConfig; +}): EmbeddedPiMcpConfig { + const bundleMcp = loadEnabledBundleMcpConfig({ + workspaceDir: params.workspaceDir, + cfg: params.cfg, + }); + const configuredMcp = normalizeConfiguredMcpServers(params.cfg?.mcp?.servers); + + return { + // OpenClaw config is the owner-managed layer, so it overrides bundle defaults. + mcpServers: { + ...bundleMcp.config.mcpServers, + ...configuredMcp, + }, + diagnostics: bundleMcp.diagnostics, + }; +} diff --git a/src/agents/mcp-stdio.ts b/src/agents/mcp-stdio.ts new file mode 100644 index 00000000000..77ab6171ca7 --- /dev/null +++ b/src/agents/mcp-stdio.ts @@ -0,0 +1,79 @@ +type StdioMcpServerLaunchConfig = { + command: string; + args?: string[]; + env?: Record; + cwd?: string; +}; + +type StdioMcpServerLaunchResult = + | { ok: true; config: StdioMcpServerLaunchConfig } + | { ok: false; reason: string }; + +function isRecord(value: unknown): value is Record { + return value !== null && typeof value === "object" && !Array.isArray(value); +} + +function toStringRecord(value: unknown): Record | undefined { + if (!isRecord(value)) { + return undefined; + } + const entries = Object.entries(value) + .map(([key, entry]) => { + if (typeof entry === "string") { + return [key, entry] as const; + } + if (typeof entry === "number" || typeof entry === "boolean") { + return [key, String(entry)] as const; + } + return null; + }) + .filter((entry): entry is readonly [string, string] => entry !== null); + return entries.length > 0 ? Object.fromEntries(entries) : undefined; +} + +function toStringArray(value: unknown): string[] | undefined { + if (!Array.isArray(value)) { + return undefined; + } + const entries = value.filter((entry): entry is string => typeof entry === "string"); + return entries.length > 0 ? entries : []; +} + +export function resolveStdioMcpServerLaunchConfig(raw: unknown): StdioMcpServerLaunchResult { + if (!isRecord(raw)) { + return { ok: false, reason: "server config must be an object" }; + } + if (typeof raw.command !== "string" || raw.command.trim().length === 0) { + if (typeof raw.url === "string" && raw.url.trim().length > 0) { + return { + ok: false, + reason: "only stdio MCP servers are supported right now", + }; + } + return { ok: false, reason: "its command is missing" }; + } + const cwd = + typeof raw.cwd === "string" && raw.cwd.trim().length > 0 + ? raw.cwd + : typeof raw.workingDirectory === "string" && raw.workingDirectory.trim().length > 0 + ? raw.workingDirectory + : undefined; + return { + ok: true, + config: { + command: raw.command, + args: toStringArray(raw.args), + env: toStringRecord(raw.env), + cwd, + }, + }; +} + +export function describeStdioMcpServerLaunchConfig(config: StdioMcpServerLaunchConfig): string { + const args = + Array.isArray(config.args) && config.args.length > 0 ? ` ${config.args.join(" ")}` : ""; + const cwd = config.cwd ? ` (cwd=${config.cwd})` : ""; + return `${config.command}${args}${cwd}`; +} + +export type { StdioMcpServerLaunchConfig, StdioMcpServerLaunchResult }; diff --git a/src/agents/model-auth-markers.test.ts b/src/agents/model-auth-markers.test.ts index b90f1fd9ffa..960a648675b 100644 --- a/src/agents/model-auth-markers.test.ts +++ b/src/agents/model-auth-markers.test.ts @@ -4,12 +4,14 @@ import { isKnownEnvApiKeyMarker, isNonSecretApiKeyMarker, NON_ENV_SECRETREF_MARKER, + resolveOAuthApiKeyMarker, } from "./model-auth-markers.js"; describe("model auth markers", () => { it("recognizes explicit non-secret markers", () => { expect(isNonSecretApiKeyMarker(NON_ENV_SECRETREF_MARKER)).toBe(true); expect(isNonSecretApiKeyMarker("qwen-oauth")).toBe(true); + expect(isNonSecretApiKeyMarker(resolveOAuthApiKeyMarker("chutes"))).toBe(true); expect(isNonSecretApiKeyMarker("ollama-local")).toBe(true); }); diff --git a/src/agents/model-auth-markers.ts b/src/agents/model-auth-markers.ts index 8a890d3a694..37ec67ba2c0 100644 --- a/src/agents/model-auth-markers.ts +++ b/src/agents/model-auth-markers.ts @@ -2,6 +2,7 @@ import type { SecretRefSource } from "../config/types.secrets.js"; import { listKnownProviderEnvApiKeyNames } from "./model-auth-env-vars.js"; export const MINIMAX_OAUTH_MARKER = "minimax-oauth"; +export const OAUTH_API_KEY_MARKER_PREFIX = "oauth:"; export const QWEN_OAUTH_MARKER = "qwen-oauth"; export const OLLAMA_LOCAL_AUTH_MARKER = "ollama-local"; export const CUSTOM_LOCAL_AUTH_MARKER = "custom-local"; @@ -41,6 +42,14 @@ export function isKnownEnvApiKeyMarker(value: string): boolean { return KNOWN_ENV_API_KEY_MARKERS.has(trimmed) && !isAwsSdkAuthMarker(trimmed); } +export function resolveOAuthApiKeyMarker(providerId: string): string { + return `${OAUTH_API_KEY_MARKER_PREFIX}${providerId.trim()}`; +} + +export function isOAuthApiKeyMarker(value: string): boolean { + return value.trim().startsWith(OAUTH_API_KEY_MARKER_PREFIX); +} + export function resolveNonEnvSecretRefApiKeyMarker(_source: SecretRefSource): string { return NON_ENV_SECRETREF_MARKER; } @@ -71,6 +80,7 @@ export function isNonSecretApiKeyMarker( const isKnownMarker = trimmed === MINIMAX_OAUTH_MARKER || trimmed === QWEN_OAUTH_MARKER || + isOAuthApiKeyMarker(trimmed) || trimmed === OLLAMA_LOCAL_AUTH_MARKER || trimmed === CUSTOM_LOCAL_AUTH_MARKER || trimmed === NON_ENV_SECRETREF_MARKER || diff --git a/src/agents/model-selection.test.ts b/src/agents/model-selection.test.ts index 7fa8832e0e7..e7d583d106f 100644 --- a/src/agents/model-selection.test.ts +++ b/src/agents/model-selection.test.ts @@ -112,7 +112,8 @@ describe("model-selection", () => { expect(normalizeProviderId("z-ai")).toBe("zai"); expect(normalizeProviderId("OpenCode-Zen")).toBe("opencode"); expect(normalizeProviderId("qwen")).toBe("qwen-portal"); - expect(normalizeProviderId("kimi-code")).toBe("kimi-coding"); + expect(normalizeProviderId("kimi-code")).toBe("kimi"); + expect(normalizeProviderId("kimi-coding")).toBe("kimi"); expect(normalizeProviderId("bedrock")).toBe("amazon-bedrock"); expect(normalizeProviderId("aws-bedrock")).toBe("amazon-bedrock"); expect(normalizeProviderId("amazon-bedrock")).toBe("amazon-bedrock"); diff --git a/src/agents/model-selection.ts b/src/agents/model-selection.ts index 7cdc52e641c..acc29a32bf9 100644 --- a/src/agents/model-selection.ts +++ b/src/agents/model-selection.ts @@ -1,4 +1,4 @@ -import { resolveThinkingDefaultForModel } from "../auto-reply/thinking.js"; +import { resolveThinkingDefaultForModel } from "../auto-reply/thinking.shared.js"; import type { OpenClawConfig } from "../config/config.js"; import { resolveAgentModelFallbackValues, diff --git a/src/agents/model-suppression.runtime.ts b/src/agents/model-suppression.runtime.ts index 472a662b810..7d39bf2b8a3 100644 --- a/src/agents/model-suppression.runtime.ts +++ b/src/agents/model-suppression.runtime.ts @@ -1 +1,10 @@ -export { shouldSuppressBuiltInModel } from "./model-suppression.js"; +import { shouldSuppressBuiltInModel as shouldSuppressBuiltInModelImpl } from "./model-suppression.js"; + +type ShouldSuppressBuiltInModel = + typeof import("./model-suppression.js").shouldSuppressBuiltInModel; + +export function shouldSuppressBuiltInModel( + ...args: Parameters +): ReturnType { + return shouldSuppressBuiltInModelImpl(...args); +} diff --git a/src/agents/models-config.merge.test.ts b/src/agents/models-config.merge.test.ts index b84d4e363d6..17d2f9033fe 100644 --- a/src/agents/models-config.merge.test.ts +++ b/src/agents/models-config.merge.test.ts @@ -74,8 +74,8 @@ describe("models-config merge helpers", () => { headers: { "User-Agent": "claude-code/0.1.0" }, models: [ { - id: "k2p5", - name: "Kimi for Coding", + id: "kimi-code", + name: "Kimi Code", input: ["text", "image"], reasoning: true, }, @@ -87,8 +87,8 @@ describe("models-config merge helpers", () => { headers: { "X-Kimi-Tenant": "tenant-a" }, models: [ { - id: "k2p5", - name: "Kimi for Coding", + id: "kimi-code", + name: "Kimi Code", input: ["text", "image"], reasoning: true, }, diff --git a/src/agents/models-config.providers.chutes.test.ts b/src/agents/models-config.providers.chutes.test.ts new file mode 100644 index 00000000000..a47ee57fcb3 --- /dev/null +++ b/src/agents/models-config.providers.chutes.test.ts @@ -0,0 +1,212 @@ +import { mkdtempSync } from "node:fs"; +import { writeFile } from "node:fs/promises"; +import { tmpdir } from "node:os"; +import { join } from "node:path"; +import { afterAll, beforeEach, describe, expect, it, vi } from "vitest"; +import { CHUTES_BASE_URL } from "./chutes-models.js"; +import { resolveOAuthApiKeyMarker } from "./model-auth-markers.js"; +import { resolveImplicitProvidersForTest } from "./models-config.e2e-harness.js"; +import { resolveImplicitProviders } from "./models-config.providers.js"; + +const CHUTES_OAUTH_MARKER = resolveOAuthApiKeyMarker("chutes"); +const ORIGINAL_VITEST_ENV = process.env.VITEST; +const ORIGINAL_NODE_ENV = process.env.NODE_ENV; + +describe("chutes implicit provider auth mode", () => { + beforeEach(() => { + process.env.VITEST = "true"; + process.env.NODE_ENV = "test"; + }); + + afterAll(() => { + process.env.VITEST = ORIGINAL_VITEST_ENV; + process.env.NODE_ENV = ORIGINAL_NODE_ENV; + }); + + it("auto-loads bundled chutes discovery for env api keys", async () => { + const agentDir = mkdtempSync(join(tmpdir(), "openclaw-test-")); + const providers = await resolveImplicitProviders({ + agentDir, + env: { + CHUTES_API_KEY: "env-chutes-api-key", + } as NodeJS.ProcessEnv, + }); + + expect(providers?.chutes?.baseUrl).toBe(CHUTES_BASE_URL); + expect(providers?.chutes?.apiKey).toBe("CHUTES_API_KEY"); + }); + + it("keeps api_key-backed chutes profiles on the api-key loader path", async () => { + const agentDir = mkdtempSync(join(tmpdir(), "openclaw-test-")); + await writeFile( + join(agentDir, "auth-profiles.json"), + JSON.stringify( + { + version: 1, + profiles: { + "chutes:default": { + type: "api_key", + provider: "chutes", + key: "chutes-live-api-key", // pragma: allowlist secret + }, + }, + }, + null, + 2, + ), + "utf8", + ); + + const providers = await resolveImplicitProvidersForTest({ agentDir, env: {} }); + expect(providers?.chutes?.baseUrl).toBe(CHUTES_BASE_URL); + expect(providers?.chutes?.apiKey).toBe("chutes-live-api-key"); + expect(providers?.chutes?.apiKey).not.toBe(CHUTES_OAUTH_MARKER); + }); + + it("keeps api_key precedence when oauth profile is inserted first", async () => { + const agentDir = mkdtempSync(join(tmpdir(), "openclaw-test-")); + await writeFile( + join(agentDir, "auth-profiles.json"), + JSON.stringify( + { + version: 1, + profiles: { + "chutes:oauth": { + type: "oauth", + provider: "chutes", + access: "oauth-access-token", + refresh: "oauth-refresh-token", + expires: Date.now() + 60_000, + }, + "chutes:default": { + type: "api_key", + provider: "chutes", + key: "chutes-live-api-key", // pragma: allowlist secret + }, + }, + }, + null, + 2, + ), + "utf8", + ); + + const providers = await resolveImplicitProvidersForTest({ agentDir, env: {} }); + expect(providers?.chutes?.baseUrl).toBe(CHUTES_BASE_URL); + expect(providers?.chutes?.apiKey).toBe("chutes-live-api-key"); + expect(providers?.chutes?.apiKey).not.toBe(CHUTES_OAUTH_MARKER); + }); + + it("keeps api_key precedence when api_key profile is inserted first", async () => { + const agentDir = mkdtempSync(join(tmpdir(), "openclaw-test-")); + await writeFile( + join(agentDir, "auth-profiles.json"), + JSON.stringify( + { + version: 1, + profiles: { + "chutes:default": { + type: "api_key", + provider: "chutes", + key: "chutes-live-api-key", // pragma: allowlist secret + }, + "chutes:oauth": { + type: "oauth", + provider: "chutes", + access: "oauth-access-token", + refresh: "oauth-refresh-token", + expires: Date.now() + 60_000, + }, + }, + }, + null, + 2, + ), + "utf8", + ); + + const providers = await resolveImplicitProvidersForTest({ agentDir, env: {} }); + expect(providers?.chutes?.baseUrl).toBe(CHUTES_BASE_URL); + expect(providers?.chutes?.apiKey).toBe("chutes-live-api-key"); + expect(providers?.chutes?.apiKey).not.toBe(CHUTES_OAUTH_MARKER); + }); + + it("forwards oauth access token to chutes model discovery", async () => { + // Enable real discovery so fetch is actually called. + const originalVitest = process.env.VITEST; + const originalNodeEnv = process.env.NODE_ENV; + const originalFetch = globalThis.fetch; + delete process.env.VITEST; + delete process.env.NODE_ENV; + + const fetchMock = vi.fn().mockResolvedValue({ + ok: true, + json: async () => ({ data: [{ id: "chutes/private-model" }] }), + }); + globalThis.fetch = fetchMock as unknown as typeof fetch; + + try { + const agentDir = mkdtempSync(join(tmpdir(), "openclaw-test-")); + await writeFile( + join(agentDir, "auth-profiles.json"), + JSON.stringify( + { + version: 1, + profiles: { + "chutes:default": { + type: "oauth", + provider: "chutes", + access: "my-chutes-access-token", + refresh: "oauth-refresh-token", + expires: Date.now() + 60_000, + }, + }, + }, + null, + 2, + ), + "utf8", + ); + + const providers = await resolveImplicitProvidersForTest({ agentDir, env: {} }); + expect(providers?.chutes?.apiKey).toBe(CHUTES_OAUTH_MARKER); + + const chutesCalls = fetchMock.mock.calls.filter(([url]) => String(url).includes("chutes.ai")); + expect(chutesCalls.length).toBeGreaterThan(0); + const request = chutesCalls[0]?.[1] as { headers?: Record } | undefined; + expect(request?.headers?.Authorization).toBe("Bearer my-chutes-access-token"); + } finally { + process.env.VITEST = originalVitest; + process.env.NODE_ENV = originalNodeEnv; + globalThis.fetch = originalFetch; + } + }); + + it("uses CHUTES_OAUTH_MARKER only for oauth-backed chutes profiles", async () => { + const agentDir = mkdtempSync(join(tmpdir(), "openclaw-test-")); + await writeFile( + join(agentDir, "auth-profiles.json"), + JSON.stringify( + { + version: 1, + profiles: { + "chutes:default": { + type: "oauth", + provider: "chutes", + access: "oauth-access-token", + refresh: "oauth-refresh-token", + expires: Date.now() + 60_000, + }, + }, + }, + null, + 2, + ), + "utf8", + ); + + const providers = await resolveImplicitProvidersForTest({ agentDir, env: {} }); + expect(providers?.chutes?.baseUrl).toBe(CHUTES_BASE_URL); + expect(providers?.chutes?.apiKey).toBe(CHUTES_OAUTH_MARKER); + }); +}); diff --git a/src/agents/models-config.providers.discovery.ts b/src/agents/models-config.providers.discovery.ts index 01dfb28e469..b138c4853d1 100644 --- a/src/agents/models-config.providers.discovery.ts +++ b/src/agents/models-config.providers.discovery.ts @@ -1,14 +1,6 @@ import type { OpenClawConfig } from "../config/config.js"; import type { ModelDefinitionConfig } from "../config/types.models.js"; import { createSubsystemLogger } from "../logging/subsystem.js"; -import { KILOCODE_BASE_URL } from "../providers/kilocode-shared.js"; -import { - discoverHuggingfaceModels, - HUGGINGFACE_BASE_URL, - HUGGINGFACE_MODEL_CATALOG, - buildHuggingfaceModelDefinition, -} from "./huggingface-models.js"; -import { discoverKilocodeModels } from "./kilocode-models.js"; import { enrichOllamaModelsWithContext, OLLAMA_DEFAULT_CONTEXT_WINDOW, @@ -24,9 +16,11 @@ import { SELF_HOSTED_DEFAULT_MAX_TOKENS, } from "./self-hosted-provider-defaults.js"; import { SGLANG_DEFAULT_BASE_URL, SGLANG_PROVIDER_LABEL } from "./sglang-defaults.js"; -import { discoverVeniceModels, VENICE_BASE_URL } from "./venice-models.js"; -import { discoverVercelAiGatewayModels, VERCEL_AI_GATEWAY_BASE_URL } from "./vercel-ai-gateway.js"; import { VLLM_DEFAULT_BASE_URL, VLLM_PROVIDER_LABEL } from "./vllm-defaults.js"; +export { buildHuggingfaceProvider } from "../../extensions/huggingface/provider-catalog.js"; +export { buildKilocodeProviderWithDiscovery } from "../../extensions/kilocode/provider-catalog.js"; +export { buildVeniceProvider } from "../../extensions/venice/provider-catalog.js"; +export { buildVercelAiGatewayProvider } from "../../extensions/vercel-ai-gateway/provider-catalog.js"; export { resolveOllamaApiBase } from "./ollama-models.js"; @@ -145,15 +139,6 @@ async function discoverOpenAICompatibleLocalModels(params: { } } -export async function buildVeniceProvider(): Promise { - const models = await discoverVeniceModels(); - return { - baseUrl: VENICE_BASE_URL, - api: "openai-completions", - models, - }; -} - export async function buildOllamaProvider( configuredBaseUrl?: string, opts?: { quiet?: boolean }, @@ -166,27 +151,6 @@ export async function buildOllamaProvider( }; } -export async function buildHuggingfaceProvider(discoveryApiKey?: string): Promise { - const resolvedSecret = discoveryApiKey?.trim() ?? ""; - const models = - resolvedSecret !== "" - ? await discoverHuggingfaceModels(resolvedSecret) - : HUGGINGFACE_MODEL_CATALOG.map(buildHuggingfaceModelDefinition); - return { - baseUrl: HUGGINGFACE_BASE_URL, - api: "openai-completions", - models, - }; -} - -export async function buildVercelAiGatewayProvider(): Promise { - return { - baseUrl: VERCEL_AI_GATEWAY_BASE_URL, - api: "anthropic-messages", - models: await discoverVercelAiGatewayModels(), - }; -} - export async function buildVllmProvider(params?: { baseUrl?: string; apiKey?: string; @@ -220,16 +184,3 @@ export async function buildSglangProvider(params?: { models, }; } - -/** - * Build the Kilocode provider with dynamic model discovery from the gateway - * API. Falls back to the static catalog on failure. - */ -export async function buildKilocodeProviderWithDiscovery(): Promise { - const models = await discoverKilocodeModels(); - return { - baseUrl: KILOCODE_BASE_URL, - api: "openai-completions", - models, - }; -} diff --git a/src/agents/models-config.providers.kimi-coding.test.ts b/src/agents/models-config.providers.kimi-coding.test.ts index 91ca62f34e2..3da4986961a 100644 --- a/src/agents/models-config.providers.kimi-coding.test.ts +++ b/src/agents/models-config.providers.kimi-coding.test.ts @@ -6,46 +6,47 @@ import { captureEnv } from "../test-utils/env.js"; import { resolveImplicitProvidersForTest } from "./models-config.e2e-harness.js"; import { buildKimiCodingProvider } from "./models-config.providers.js"; -describe("kimi-coding implicit provider (#22409)", () => { - it("should include kimi-coding when KIMI_API_KEY is configured", async () => { +describe("Kimi implicit provider (#22409)", () => { + it("should include Kimi when KIMI_API_KEY is configured", async () => { const agentDir = mkdtempSync(join(tmpdir(), "openclaw-test-")); const envSnapshot = captureEnv(["KIMI_API_KEY"]); process.env.KIMI_API_KEY = "test-key"; // pragma: allowlist secret try { const providers = await resolveImplicitProvidersForTest({ agentDir }); - expect(providers?.["kimi-coding"]).toBeDefined(); - expect(providers?.["kimi-coding"]?.api).toBe("anthropic-messages"); - expect(providers?.["kimi-coding"]?.baseUrl).toBe("https://api.kimi.com/coding/"); + expect(providers?.kimi).toBeDefined(); + expect(providers?.kimi?.api).toBe("anthropic-messages"); + expect(providers?.kimi?.baseUrl).toBe("https://api.kimi.com/coding/"); } finally { envSnapshot.restore(); } }); - it("should build kimi-coding provider with anthropic-messages API", () => { + it("should build Kimi provider with anthropic-messages API", () => { const provider = buildKimiCodingProvider(); expect(provider.api).toBe("anthropic-messages"); expect(provider.baseUrl).toBe("https://api.kimi.com/coding/"); expect(provider.headers).toEqual({ "User-Agent": "claude-code/0.1.0" }); expect(provider.models).toBeDefined(); expect(provider.models.length).toBeGreaterThan(0); - expect(provider.models[0].id).toBe("k2p5"); + expect(provider.models[0].id).toBe("kimi-code"); + expect(provider.models.some((model) => model.id === "k2p5")).toBe(true); }); - it("should not include kimi-coding when no API key is configured", async () => { + it("should not include Kimi when no API key is configured", async () => { const agentDir = mkdtempSync(join(tmpdir(), "openclaw-test-")); const envSnapshot = captureEnv(["KIMI_API_KEY"]); delete process.env.KIMI_API_KEY; try { const providers = await resolveImplicitProvidersForTest({ agentDir }); - expect(providers?.["kimi-coding"]).toBeUndefined(); + expect(providers?.kimi).toBeUndefined(); } finally { envSnapshot.restore(); } }); - it("uses explicit kimi-coding baseUrl when provided", async () => { + it("uses explicit legacy kimi-coding baseUrl when provided", async () => { const agentDir = mkdtempSync(join(tmpdir(), "openclaw-test-")); const envSnapshot = captureEnv(["KIMI_API_KEY"]); process.env.KIMI_API_KEY = "test-key"; @@ -61,13 +62,13 @@ describe("kimi-coding implicit provider (#22409)", () => { }, }, }); - expect(providers?.["kimi-coding"]?.baseUrl).toBe("https://kimi.example.test/coding/"); + expect(providers?.kimi?.baseUrl).toBe("https://kimi.example.test/coding/"); } finally { envSnapshot.restore(); } }); - it("merges explicit kimi-coding headers on top of the built-in user agent", async () => { + it("merges explicit legacy kimi-coding headers on top of the built-in user agent", async () => { const agentDir = mkdtempSync(join(tmpdir(), "openclaw-test-")); const envSnapshot = captureEnv(["KIMI_API_KEY"]); process.env.KIMI_API_KEY = "test-key"; @@ -87,7 +88,7 @@ describe("kimi-coding implicit provider (#22409)", () => { }, }, }); - expect(providers?.["kimi-coding"]?.headers).toEqual({ + expect(providers?.kimi?.headers).toEqual({ "User-Agent": "custom-kimi-client/1.0", "X-Kimi-Tenant": "tenant-a", }); diff --git a/src/agents/models-config.providers.moonshot.test.ts b/src/agents/models-config.providers.moonshot.test.ts index 1d0d29d1b30..9a84439ff6f 100644 --- a/src/agents/models-config.providers.moonshot.test.ts +++ b/src/agents/models-config.providers.moonshot.test.ts @@ -5,7 +5,7 @@ import { describe, expect, it } from "vitest"; import { MOONSHOT_BASE_URL as MOONSHOT_AI_BASE_URL, MOONSHOT_CN_BASE_URL, -} from "../commands/onboard-auth.models.js"; +} from "../plugin-sdk/provider-models.js"; import { captureEnv } from "../test-utils/env.js"; import { resolveImplicitProvidersForTest } from "./models-config.e2e-harness.js"; import { applyNativeStreamingUsageCompat } from "./models-config.providers.js"; diff --git a/src/agents/models-config.providers.static.ts b/src/agents/models-config.providers.static.ts index a0aa879c727..71184e12286 100644 --- a/src/agents/models-config.providers.static.ts +++ b/src/agents/models-config.providers.static.ts @@ -1,551 +1,35 @@ -import type { OpenClawConfig } from "../config/config.js"; -import { - KILOCODE_BASE_URL, - KILOCODE_DEFAULT_CONTEXT_WINDOW, - KILOCODE_DEFAULT_COST, - KILOCODE_DEFAULT_MAX_TOKENS, - KILOCODE_MODEL_CATALOG, -} from "../providers/kilocode-shared.js"; -import { - buildBytePlusModelDefinition, - BYTEPLUS_BASE_URL, - BYTEPLUS_MODEL_CATALOG, - BYTEPLUS_CODING_BASE_URL, - BYTEPLUS_CODING_MODEL_CATALOG, -} from "./byteplus-models.js"; -import { - buildDoubaoModelDefinition, - DOUBAO_BASE_URL, - DOUBAO_MODEL_CATALOG, - DOUBAO_CODING_BASE_URL, - DOUBAO_CODING_MODEL_CATALOG, -} from "./doubao-models.js"; -import { - buildSyntheticModelDefinition, - SYNTHETIC_BASE_URL, - SYNTHETIC_MODEL_CATALOG, -} from "./synthetic-models.js"; -import { - TOGETHER_BASE_URL, - TOGETHER_MODEL_CATALOG, - buildTogetherModelDefinition, -} from "./together-models.js"; - -type ModelsConfig = NonNullable; -type ProviderConfig = NonNullable[string]; -type ProviderModelConfig = NonNullable[number]; - -const MINIMAX_PORTAL_BASE_URL = "https://api.minimax.io/anthropic"; -const MINIMAX_DEFAULT_MODEL_ID = "MiniMax-M2.5"; -const MINIMAX_DEFAULT_VISION_MODEL_ID = "MiniMax-VL-01"; -const MINIMAX_DEFAULT_CONTEXT_WINDOW = 200000; -const MINIMAX_DEFAULT_MAX_TOKENS = 8192; -const MINIMAX_API_COST = { - input: 0.3, - output: 1.2, - cacheRead: 0.03, - cacheWrite: 0.12, -}; - -function buildMinimaxModel(params: { - id: string; - name: string; - reasoning: boolean; - input: ProviderModelConfig["input"]; -}): ProviderModelConfig { - return { - id: params.id, - name: params.name, - reasoning: params.reasoning, - input: params.input, - cost: MINIMAX_API_COST, - contextWindow: MINIMAX_DEFAULT_CONTEXT_WINDOW, - maxTokens: MINIMAX_DEFAULT_MAX_TOKENS, - }; -} - -function buildMinimaxTextModel(params: { - id: string; - name: string; - reasoning: boolean; -}): ProviderModelConfig { - return buildMinimaxModel({ ...params, input: ["text"] }); -} - -const XIAOMI_BASE_URL = "https://api.xiaomimimo.com/anthropic"; -export const XIAOMI_DEFAULT_MODEL_ID = "mimo-v2-flash"; -const XIAOMI_DEFAULT_CONTEXT_WINDOW = 262144; -const XIAOMI_DEFAULT_MAX_TOKENS = 8192; -const XIAOMI_DEFAULT_COST = { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, -}; - -const MOONSHOT_BASE_URL = "https://api.moonshot.ai/v1"; -const MOONSHOT_DEFAULT_MODEL_ID = "kimi-k2.5"; -const MOONSHOT_DEFAULT_CONTEXT_WINDOW = 256000; -const MOONSHOT_DEFAULT_MAX_TOKENS = 8192; -const MOONSHOT_DEFAULT_COST = { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, -}; - -const KIMI_CODING_BASE_URL = "https://api.kimi.com/coding/"; -const KIMI_CODING_USER_AGENT = "claude-code/0.1.0"; -const KIMI_CODING_DEFAULT_MODEL_ID = "k2p5"; -const KIMI_CODING_DEFAULT_CONTEXT_WINDOW = 262144; -const KIMI_CODING_DEFAULT_MAX_TOKENS = 32768; -const KIMI_CODING_DEFAULT_COST = { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, -}; - -const QWEN_PORTAL_BASE_URL = "https://portal.qwen.ai/v1"; -const QWEN_PORTAL_DEFAULT_CONTEXT_WINDOW = 128000; -const QWEN_PORTAL_DEFAULT_MAX_TOKENS = 8192; -const QWEN_PORTAL_DEFAULT_COST = { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, -}; - -const OPENROUTER_BASE_URL = "https://openrouter.ai/api/v1"; -const OPENROUTER_DEFAULT_MODEL_ID = "auto"; -const OPENROUTER_DEFAULT_CONTEXT_WINDOW = 200000; -const OPENROUTER_DEFAULT_MAX_TOKENS = 8192; -const OPENROUTER_DEFAULT_COST = { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, -}; - -export const QIANFAN_BASE_URL = "https://qianfan.baidubce.com/v2"; -export const QIANFAN_DEFAULT_MODEL_ID = "deepseek-v3.2"; -const QIANFAN_DEFAULT_CONTEXT_WINDOW = 98304; -const QIANFAN_DEFAULT_MAX_TOKENS = 32768; -const QIANFAN_DEFAULT_COST = { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, -}; - -export const MODELSTUDIO_BASE_URL = "https://coding-intl.dashscope.aliyuncs.com/v1"; -export const MODELSTUDIO_DEFAULT_MODEL_ID = "qwen3.5-plus"; -const MODELSTUDIO_DEFAULT_COST = { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, -}; - -const MODELSTUDIO_MODEL_CATALOG: ReadonlyArray = [ - { - id: "qwen3.5-plus", - name: "qwen3.5-plus", - reasoning: false, - input: ["text", "image"], - cost: MODELSTUDIO_DEFAULT_COST, - contextWindow: 1_000_000, - maxTokens: 65_536, - }, - { - id: "qwen3-max-2026-01-23", - name: "qwen3-max-2026-01-23", - reasoning: false, - input: ["text"], - cost: MODELSTUDIO_DEFAULT_COST, - contextWindow: 262_144, - maxTokens: 65_536, - }, - { - id: "qwen3-coder-next", - name: "qwen3-coder-next", - reasoning: false, - input: ["text"], - cost: MODELSTUDIO_DEFAULT_COST, - contextWindow: 262_144, - maxTokens: 65_536, - }, - { - id: "qwen3-coder-plus", - name: "qwen3-coder-plus", - reasoning: false, - input: ["text"], - cost: MODELSTUDIO_DEFAULT_COST, - contextWindow: 1_000_000, - maxTokens: 65_536, - }, - { - id: "MiniMax-M2.5", - name: "MiniMax-M2.5", - reasoning: true, - input: ["text"], - cost: MODELSTUDIO_DEFAULT_COST, - contextWindow: 1_000_000, - maxTokens: 65_536, - }, - { - id: "glm-5", - name: "glm-5", - reasoning: false, - input: ["text"], - cost: MODELSTUDIO_DEFAULT_COST, - contextWindow: 202_752, - maxTokens: 16_384, - }, - { - id: "glm-4.7", - name: "glm-4.7", - reasoning: false, - input: ["text"], - cost: MODELSTUDIO_DEFAULT_COST, - contextWindow: 202_752, - maxTokens: 16_384, - }, - { - id: "kimi-k2.5", - name: "kimi-k2.5", - reasoning: false, - input: ["text", "image"], - cost: MODELSTUDIO_DEFAULT_COST, - contextWindow: 262_144, - maxTokens: 32_768, - }, -]; - -const NVIDIA_BASE_URL = "https://integrate.api.nvidia.com/v1"; -const NVIDIA_DEFAULT_MODEL_ID = "nvidia/llama-3.1-nemotron-70b-instruct"; -const NVIDIA_DEFAULT_CONTEXT_WINDOW = 131072; -const NVIDIA_DEFAULT_MAX_TOKENS = 4096; -const NVIDIA_DEFAULT_COST = { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, -}; - -const OPENAI_CODEX_BASE_URL = "https://chatgpt.com/backend-api"; - -export function buildMinimaxProvider(): ProviderConfig { - return { - baseUrl: MINIMAX_PORTAL_BASE_URL, - api: "anthropic-messages", - authHeader: true, - models: [ - buildMinimaxModel({ - id: MINIMAX_DEFAULT_VISION_MODEL_ID, - name: "MiniMax VL 01", - reasoning: false, - input: ["text", "image"], - }), - buildMinimaxTextModel({ - id: "MiniMax-M2.5", - name: "MiniMax M2.5", - reasoning: true, - }), - buildMinimaxTextModel({ - id: "MiniMax-M2.5-highspeed", - name: "MiniMax M2.5 Highspeed", - reasoning: true, - }), - ], - }; -} - -export function buildMinimaxPortalProvider(): ProviderConfig { - return { - baseUrl: MINIMAX_PORTAL_BASE_URL, - api: "anthropic-messages", - authHeader: true, - models: [ - buildMinimaxModel({ - id: MINIMAX_DEFAULT_VISION_MODEL_ID, - name: "MiniMax VL 01", - reasoning: false, - input: ["text", "image"], - }), - buildMinimaxTextModel({ - id: MINIMAX_DEFAULT_MODEL_ID, - name: "MiniMax M2.5", - reasoning: true, - }), - buildMinimaxTextModel({ - id: "MiniMax-M2.5-highspeed", - name: "MiniMax M2.5 Highspeed", - reasoning: true, - }), - ], - }; -} - -export function buildMoonshotProvider(): ProviderConfig { - return { - baseUrl: MOONSHOT_BASE_URL, - api: "openai-completions", - models: [ - { - id: MOONSHOT_DEFAULT_MODEL_ID, - name: "Kimi K2.5", - reasoning: false, - input: ["text", "image"], - cost: MOONSHOT_DEFAULT_COST, - contextWindow: MOONSHOT_DEFAULT_CONTEXT_WINDOW, - maxTokens: MOONSHOT_DEFAULT_MAX_TOKENS, - }, - ], - }; -} - -export function buildKimiCodingProvider(): ProviderConfig { - return { - baseUrl: KIMI_CODING_BASE_URL, - api: "anthropic-messages", - headers: { - "User-Agent": KIMI_CODING_USER_AGENT, - }, - models: [ - { - id: KIMI_CODING_DEFAULT_MODEL_ID, - name: "Kimi for Coding", - reasoning: true, - input: ["text", "image"], - cost: KIMI_CODING_DEFAULT_COST, - contextWindow: KIMI_CODING_DEFAULT_CONTEXT_WINDOW, - maxTokens: KIMI_CODING_DEFAULT_MAX_TOKENS, - }, - ], - }; -} - -export function buildQwenPortalProvider(): ProviderConfig { - return { - baseUrl: QWEN_PORTAL_BASE_URL, - api: "openai-completions", - models: [ - { - id: "coder-model", - name: "Qwen Coder", - reasoning: false, - input: ["text"], - cost: QWEN_PORTAL_DEFAULT_COST, - contextWindow: QWEN_PORTAL_DEFAULT_CONTEXT_WINDOW, - maxTokens: QWEN_PORTAL_DEFAULT_MAX_TOKENS, - }, - { - id: "vision-model", - name: "Qwen Vision", - reasoning: false, - input: ["text", "image"], - cost: QWEN_PORTAL_DEFAULT_COST, - contextWindow: QWEN_PORTAL_DEFAULT_CONTEXT_WINDOW, - maxTokens: QWEN_PORTAL_DEFAULT_MAX_TOKENS, - }, - ], - }; -} - -export function buildSyntheticProvider(): ProviderConfig { - return { - baseUrl: SYNTHETIC_BASE_URL, - api: "anthropic-messages", - models: SYNTHETIC_MODEL_CATALOG.map(buildSyntheticModelDefinition), - }; -} - -export function buildDoubaoProvider(): ProviderConfig { - return { - baseUrl: DOUBAO_BASE_URL, - api: "openai-completions", - models: DOUBAO_MODEL_CATALOG.map(buildDoubaoModelDefinition), - }; -} - -export function buildDoubaoCodingProvider(): ProviderConfig { - return { - baseUrl: DOUBAO_CODING_BASE_URL, - api: "openai-completions", - models: DOUBAO_CODING_MODEL_CATALOG.map(buildDoubaoModelDefinition), - }; -} - -export function buildBytePlusProvider(): ProviderConfig { - return { - baseUrl: BYTEPLUS_BASE_URL, - api: "openai-completions", - models: BYTEPLUS_MODEL_CATALOG.map(buildBytePlusModelDefinition), - }; -} - -export function buildBytePlusCodingProvider(): ProviderConfig { - return { - baseUrl: BYTEPLUS_CODING_BASE_URL, - api: "openai-completions", - models: BYTEPLUS_CODING_MODEL_CATALOG.map(buildBytePlusModelDefinition), - }; -} - -export function buildXiaomiProvider(): ProviderConfig { - return { - baseUrl: XIAOMI_BASE_URL, - api: "anthropic-messages", - models: [ - { - id: XIAOMI_DEFAULT_MODEL_ID, - name: "Xiaomi MiMo V2 Flash", - reasoning: false, - input: ["text"], - cost: XIAOMI_DEFAULT_COST, - contextWindow: XIAOMI_DEFAULT_CONTEXT_WINDOW, - maxTokens: XIAOMI_DEFAULT_MAX_TOKENS, - }, - ], - }; -} - -export function buildTogetherProvider(): ProviderConfig { - return { - baseUrl: TOGETHER_BASE_URL, - api: "openai-completions", - models: TOGETHER_MODEL_CATALOG.map(buildTogetherModelDefinition), - }; -} - -export function buildOpenrouterProvider(): ProviderConfig { - return { - baseUrl: OPENROUTER_BASE_URL, - api: "openai-completions", - models: [ - { - id: OPENROUTER_DEFAULT_MODEL_ID, - name: "OpenRouter Auto", - reasoning: false, - input: ["text", "image"], - cost: OPENROUTER_DEFAULT_COST, - contextWindow: OPENROUTER_DEFAULT_CONTEXT_WINDOW, - maxTokens: OPENROUTER_DEFAULT_MAX_TOKENS, - }, - { - id: "openrouter/hunter-alpha", - name: "Hunter Alpha", - reasoning: true, - input: ["text"], - cost: OPENROUTER_DEFAULT_COST, - contextWindow: 1048576, - maxTokens: 65536, - }, - { - id: "openrouter/healer-alpha", - name: "Healer Alpha", - reasoning: true, - input: ["text", "image"], - cost: OPENROUTER_DEFAULT_COST, - contextWindow: 262144, - maxTokens: 65536, - }, - ], - }; -} - -export function buildOpenAICodexProvider(): ProviderConfig { - return { - baseUrl: OPENAI_CODEX_BASE_URL, - api: "openai-codex-responses", - models: [], - }; -} - -export function buildQianfanProvider(): ProviderConfig { - return { - baseUrl: QIANFAN_BASE_URL, - api: "openai-completions", - models: [ - { - id: QIANFAN_DEFAULT_MODEL_ID, - name: "DEEPSEEK V3.2", - reasoning: true, - input: ["text"], - cost: QIANFAN_DEFAULT_COST, - contextWindow: QIANFAN_DEFAULT_CONTEXT_WINDOW, - maxTokens: QIANFAN_DEFAULT_MAX_TOKENS, - }, - { - id: "ernie-5.0-thinking-preview", - name: "ERNIE-5.0-Thinking-Preview", - reasoning: true, - input: ["text", "image"], - cost: QIANFAN_DEFAULT_COST, - contextWindow: 119000, - maxTokens: 64000, - }, - ], - }; -} - -export function buildModelStudioProvider(): ProviderConfig { - return { - baseUrl: MODELSTUDIO_BASE_URL, - api: "openai-completions", - models: MODELSTUDIO_MODEL_CATALOG.map((model) => ({ ...model })), - }; -} - -export function buildNvidiaProvider(): ProviderConfig { - return { - baseUrl: NVIDIA_BASE_URL, - api: "openai-completions", - models: [ - { - id: NVIDIA_DEFAULT_MODEL_ID, - name: "NVIDIA Llama 3.1 Nemotron 70B Instruct", - reasoning: false, - input: ["text"], - cost: NVIDIA_DEFAULT_COST, - contextWindow: NVIDIA_DEFAULT_CONTEXT_WINDOW, - maxTokens: NVIDIA_DEFAULT_MAX_TOKENS, - }, - { - id: "meta/llama-3.3-70b-instruct", - name: "Meta Llama 3.3 70B Instruct", - reasoning: false, - input: ["text"], - cost: NVIDIA_DEFAULT_COST, - contextWindow: 131072, - maxTokens: 4096, - }, - { - id: "nvidia/mistral-nemo-minitron-8b-8k-instruct", - name: "NVIDIA Mistral NeMo Minitron 8B Instruct", - reasoning: false, - input: ["text"], - cost: NVIDIA_DEFAULT_COST, - contextWindow: 8192, - maxTokens: 2048, - }, - ], - }; -} - -export function buildKilocodeProvider(): ProviderConfig { - return { - baseUrl: KILOCODE_BASE_URL, - api: "openai-completions", - models: KILOCODE_MODEL_CATALOG.map((model) => ({ - id: model.id, - name: model.name, - reasoning: model.reasoning, - input: model.input, - cost: KILOCODE_DEFAULT_COST, - contextWindow: model.contextWindow ?? KILOCODE_DEFAULT_CONTEXT_WINDOW, - maxTokens: model.maxTokens ?? KILOCODE_DEFAULT_MAX_TOKENS, - })), - }; -} +export { + buildBytePlusCodingProvider, + buildBytePlusProvider, +} from "../../extensions/byteplus/provider-catalog.js"; +export { buildKimiCodingProvider } from "../../extensions/kimi-coding/provider-catalog.js"; +export { buildKilocodeProvider } from "../../extensions/kilocode/provider-catalog.js"; +export { + buildMinimaxPortalProvider, + buildMinimaxProvider, +} from "../../extensions/minimax/provider-catalog.js"; +export { + MODELSTUDIO_BASE_URL, + MODELSTUDIO_DEFAULT_MODEL_ID, + buildModelStudioProvider, +} from "../../extensions/modelstudio/provider-catalog.js"; +export { buildMoonshotProvider } from "../../extensions/moonshot/provider-catalog.js"; +export { buildNvidiaProvider } from "../../extensions/nvidia/provider-catalog.js"; +export { buildOpenAICodexProvider } from "../../extensions/openai/openai-codex-catalog.js"; +export { buildOpenrouterProvider } from "../../extensions/openrouter/provider-catalog.js"; +export { + QIANFAN_BASE_URL, + QIANFAN_DEFAULT_MODEL_ID, + buildQianfanProvider, +} from "../../extensions/qianfan/provider-catalog.js"; +export { buildQwenPortalProvider } from "../../extensions/qwen-portal-auth/provider-catalog.js"; +export { buildSyntheticProvider } from "../../extensions/synthetic/provider-catalog.js"; +export { buildTogetherProvider } from "../../extensions/together/provider-catalog.js"; +export { + buildDoubaoCodingProvider, + buildDoubaoProvider, +} from "../../extensions/volcengine/provider-catalog.js"; +export { + XIAOMI_DEFAULT_MODEL_ID, + buildXiaomiProvider, +} from "../../extensions/xiaomi/provider-catalog.js"; diff --git a/src/agents/models-config.providers.ts b/src/agents/models-config.providers.ts index 264cb402b47..af9c3d6e34a 100644 --- a/src/agents/models-config.providers.ts +++ b/src/agents/models-config.providers.ts @@ -1,3 +1,8 @@ +import { + QIANFAN_BASE_URL, + QIANFAN_DEFAULT_MODEL_ID, +} from "../../extensions/qianfan/provider-catalog.js"; +import { XIAOMI_DEFAULT_MODEL_ID } from "../../extensions/xiaomi/provider-catalog.js"; import type { OpenClawConfig } from "../config/config.js"; import { coerceSecretRef, resolveSecretInputRef } from "../config/types.secrets.js"; import { isRecord } from "../utils.js"; @@ -6,24 +11,23 @@ import { ensureAuthProfileStore, listProfilesForProvider } from "./auth-profiles import { discoverBedrockModels } from "./bedrock-discovery.js"; import { normalizeGoogleModelId } from "./model-id-normalization.js"; import { resolveOllamaApiBase } from "./models-config.providers.discovery.js"; -import { - QIANFAN_BASE_URL, - QIANFAN_DEFAULT_MODEL_ID, - XIAOMI_DEFAULT_MODEL_ID, -} from "./models-config.providers.static.js"; +export { buildKimiCodingProvider } from "../../extensions/kimi-coding/provider-catalog.js"; +export { buildKilocodeProvider } from "../../extensions/kilocode/provider-catalog.js"; export { - buildKimiCodingProvider, - buildKilocodeProvider, - buildNvidiaProvider, - buildModelStudioProvider, - buildQianfanProvider, - buildXiaomiProvider, MODELSTUDIO_BASE_URL, MODELSTUDIO_DEFAULT_MODEL_ID, + buildModelStudioProvider, +} from "../../extensions/modelstudio/provider-catalog.js"; +export { buildNvidiaProvider } from "../../extensions/nvidia/provider-catalog.js"; +export { QIANFAN_BASE_URL, QIANFAN_DEFAULT_MODEL_ID, + buildQianfanProvider, +} from "../../extensions/qianfan/provider-catalog.js"; +export { XIAOMI_DEFAULT_MODEL_ID, -} from "./models-config.providers.static.js"; + buildXiaomiProvider, +} from "../../extensions/xiaomi/provider-catalog.js"; import { groupPluginDiscoveryProvidersByOrder, normalizePluginDiscoveryResult, @@ -613,10 +617,22 @@ type ProviderApiKeyResolver = (provider: string) => { discoveryApiKey?: string; }; +type ProviderAuthResolver = ( + provider: string, + options?: { oauthMarker?: string }, +) => { + apiKey: string | undefined; + discoveryApiKey?: string; + mode: "api_key" | "oauth" | "token" | "none"; + source: "env" | "profile" | "none"; + profileId?: string; +}; + type ImplicitProviderContext = ImplicitProviderParams & { authStore: ReturnType; env: NodeJS.ProcessEnv; resolveProviderApiKey: ProviderApiKeyResolver; + resolveProviderAuth: ProviderAuthResolver; }; function mergeImplicitProviderSet( @@ -664,6 +680,8 @@ async function resolvePluginImplicitProviders( env: ctx.env, resolveProviderApiKey: (providerId) => ctx.resolveProviderApiKey(providerId?.trim() || provider.id), + resolveProviderAuth: (providerId, options) => + ctx.resolveProviderAuth(providerId?.trim() || provider.id, options), }); mergeImplicitProviderSet( discovered, @@ -700,11 +718,74 @@ export async function resolveImplicitProviders( discoveryApiKey: fromProfiles?.discoveryApiKey, }; }; + const resolveProviderAuth: ProviderAuthResolver = ( + provider: string, + options?: { oauthMarker?: string }, + ) => { + const envVar = resolveEnvApiKeyVarName(provider, env); + if (envVar) { + return { + apiKey: envVar, + discoveryApiKey: toDiscoveryApiKey(env[envVar]), + mode: "api_key", + source: "env", + }; + } + + const ids = listProfilesForProvider(authStore, provider); + let oauthCandidate: + | { + apiKey: string | undefined; + discoveryApiKey?: string; + mode: "oauth"; + source: "profile"; + profileId: string; + } + | undefined; + for (const id of ids) { + const cred = authStore.profiles[id]; + if (!cred) { + continue; + } + if (cred.type === "oauth") { + oauthCandidate ??= { + apiKey: options?.oauthMarker, + discoveryApiKey: toDiscoveryApiKey(cred.access), + mode: "oauth", + source: "profile", + profileId: id, + }; + continue; + } + const resolved = resolveApiKeyFromCredential(cred, env); + if (!resolved) { + continue; + } + return { + apiKey: resolved.apiKey, + discoveryApiKey: resolved.discoveryApiKey, + mode: cred.type, + source: "profile", + profileId: id, + }; + } + if (oauthCandidate) { + return oauthCandidate; + } + + return { + apiKey: undefined, + discoveryApiKey: undefined, + mode: "none", + source: "none", + }; + }; const context: ImplicitProviderContext = { ...params, authStore, env, resolveProviderApiKey, + resolveProviderAuth, }; mergeImplicitProviderSet(providers, await resolvePluginImplicitProviders(context, "simple")); diff --git a/src/agents/models.profiles.live.test.ts b/src/agents/models.profiles.live.test.ts index 515d2b48ce6..87cbbb6a203 100644 --- a/src/agents/models.profiles.live.test.ts +++ b/src/agents/models.profiles.live.test.ts @@ -117,6 +117,10 @@ function isChatGPTUsageLimitErrorMessage(raw: string): boolean { return msg.includes("hit your chatgpt usage limit") && msg.includes("try again in"); } +function isRefreshTokenReused(raw: string): boolean { + return /refresh_token_reused/i.test(raw); +} + function isInstructionsRequiredError(raw: string): boolean { return /instructions are required/i.test(raw); } @@ -643,6 +647,15 @@ describeLive("live models (profile keys)", () => { logProgress(`${progressLabel}: skip (rate limit)`); break; } + if ( + allowNotFoundSkip && + model.provider === "openai-codex" && + isRefreshTokenReused(message) + ) { + skipped.push({ model: id, reason: message }); + logProgress(`${progressLabel}: skip (codex refresh token reused)`); + break; + } if ( allowNotFoundSkip && model.provider === "openai-codex" && diff --git a/src/agents/openai-ws-connection.test.ts b/src/agents/openai-ws-connection.test.ts index 2a7b95f7eb9..c1f6c077184 100644 --- a/src/agents/openai-ws-connection.test.ts +++ b/src/agents/openai-ws-connection.test.ts @@ -6,6 +6,7 @@ */ import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; +import type { ClientOptions } from "ws"; import type { ClientEvent, OpenAIWebSocketEvent, @@ -34,12 +35,12 @@ const { MockWebSocket } = vi.hoisted(() => { readyState: number = MockWebSocket.CONNECTING; url: string; - options: Record; + options: ClientOptions | undefined; sentMessages: string[] = []; private _listeners: Map = new Map(); - constructor(url: string, options?: Record) { + constructor(url: string, options?: ClientOptions) { this.url = url; this.options = options ?? {}; MockWebSocket.lastInstance = this; @@ -167,6 +168,7 @@ function buildManager(opts?: ConstructorParameters new MockWebSocket(url, options) as never, ...opts, }); } @@ -232,6 +234,22 @@ describe("OpenAIWebSocketManager", () => { await connectPromise; }); + it("adds OpenClaw attribution headers on the native OpenAI websocket", async () => { + const manager = buildManager(); + const connectPromise = manager.connect("sk-test-key"); + + const sock = lastSocket(); + expect(sock.options).toMatchObject({ + headers: expect.objectContaining({ + originator: "openclaw", + "User-Agent": expect.stringMatching(/^openclaw\//), + }), + }); + + sock.simulateOpen(); + await connectPromise; + }); + it("resolves when the connection opens", async () => { const manager = buildManager(); const connectPromise = manager.connect("sk-test"); diff --git a/src/agents/openai-ws-connection.ts b/src/agents/openai-ws-connection.ts index 2d9c6ffe7e6..028311ddacb 100644 --- a/src/agents/openai-ws-connection.ts +++ b/src/agents/openai-ws-connection.ts @@ -14,7 +14,8 @@ */ import { EventEmitter } from "node:events"; -import WebSocket from "ws"; +import WebSocket, { type ClientOptions } from "ws"; +import { resolveProviderAttributionHeaders } from "./provider-attribution.js"; // ───────────────────────────────────────────────────────────────────────────── // WebSocket Event Types (Server → Client) @@ -251,6 +252,14 @@ const MAX_RETRIES = 5; /** Backoff delays in ms: 1s, 2s, 4s, 8s, 16s */ const BACKOFF_DELAYS_MS = [1000, 2000, 4000, 8000, 16000] as const; +function isOpenAIPublicWebSocketUrl(url: string): boolean { + try { + return new URL(url).hostname.toLowerCase() === "api.openai.com"; + } catch { + return url.toLowerCase().includes("api.openai.com"); + } +} + export interface OpenAIWebSocketManagerOptions { /** Override the default WebSocket URL (useful for testing) */ url?: string; @@ -258,6 +267,8 @@ export interface OpenAIWebSocketManagerOptions { maxRetries?: number; /** Custom backoff delays in ms (default: [1000, 2000, 4000, 8000, 16000]) */ backoffDelaysMs?: readonly number[]; + /** Custom socket factory for tests. */ + socketFactory?: (url: string, options: ClientOptions) => WebSocket; } type InternalEvents = { @@ -297,12 +308,15 @@ export class OpenAIWebSocketManager extends EventEmitter { private readonly wsUrl: string; private readonly maxRetries: number; private readonly backoffDelaysMs: readonly number[]; + private readonly socketFactory: (url: string, options: ClientOptions) => WebSocket; constructor(options: OpenAIWebSocketManagerOptions = {}) { super(); this.wsUrl = options.url ?? OPENAI_WS_URL; this.maxRetries = options.maxRetries ?? MAX_RETRIES; this.backoffDelaysMs = options.backoffDelaysMs ?? BACKOFF_DELAYS_MS; + this.socketFactory = + options.socketFactory ?? ((url, socketOptions) => new WebSocket(url, socketOptions)); } // ─── Public API ──────────────────────────────────────────────────────────── @@ -382,10 +396,13 @@ export class OpenAIWebSocketManager extends EventEmitter { return; } - const socket = new WebSocket(this.wsUrl, { + const socket = this.socketFactory(this.wsUrl, { headers: { Authorization: `Bearer ${this.apiKey}`, "OpenAI-Beta": "responses-websocket=v1", + ...(isOpenAIPublicWebSocketUrl(this.wsUrl) + ? resolveProviderAttributionHeaders("openai") + : undefined), }, }); diff --git a/src/agents/openclaw-tools.image-generation.test.ts b/src/agents/openclaw-tools.image-generation.test.ts new file mode 100644 index 00000000000..9ad49f66371 --- /dev/null +++ b/src/agents/openclaw-tools.image-generation.test.ts @@ -0,0 +1,80 @@ +import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; +import type { OpenClawConfig } from "../config/config.js"; +import * as imageGenerationRuntime from "../image-generation/runtime.js"; +import { createOpenClawTools } from "./openclaw-tools.js"; + +vi.mock("../plugins/tools.js", () => ({ + resolvePluginTools: () => [], +})); + +function asConfig(value: unknown): OpenClawConfig { + return value as OpenClawConfig; +} + +function stubImageGenerationProviders() { + vi.spyOn(imageGenerationRuntime, "listRuntimeImageGenerationProviders").mockReturnValue([ + { + id: "openai", + defaultModel: "gpt-image-1", + models: ["gpt-image-1"], + supportedSizes: ["1024x1024"], + generateImage: vi.fn(async () => { + throw new Error("not used"); + }), + }, + ]); +} + +describe("openclaw tools image generation registration", () => { + beforeEach(() => { + vi.stubEnv("OPENAI_API_KEY", ""); + vi.stubEnv("OPENAI_API_KEYS", ""); + vi.stubEnv("GEMINI_API_KEY", ""); + vi.stubEnv("GEMINI_API_KEYS", ""); + }); + + afterEach(() => { + vi.restoreAllMocks(); + vi.unstubAllEnvs(); + }); + + it("registers image_generate when image-generation config is present", () => { + const tools = createOpenClawTools({ + config: asConfig({ + agents: { + defaults: { + imageGenerationModel: { + primary: "openai/gpt-image-1", + }, + }, + }, + }), + agentDir: "/tmp/openclaw-agent-main", + }); + + expect(tools.map((tool) => tool.name)).toContain("image_generate"); + }); + + it("registers image_generate when a compatible provider has env-backed auth", () => { + stubImageGenerationProviders(); + vi.stubEnv("OPENAI_API_KEY", "openai-test"); + + const tools = createOpenClawTools({ + config: asConfig({}), + agentDir: "/tmp/openclaw-agent-main", + }); + + expect(tools.map((tool) => tool.name)).toContain("image_generate"); + }); + + it("omits image_generate when config is absent and no compatible provider auth exists", () => { + stubImageGenerationProviders(); + + const tools = createOpenClawTools({ + config: asConfig({}), + agentDir: "/tmp/openclaw-agent-main", + }); + + expect(tools.map((tool) => tool.name)).not.toContain("image_generate"); + }); +}); diff --git a/src/agents/openclaw-tools.plugin-context.test.ts b/src/agents/openclaw-tools.plugin-context.test.ts index 1cf9116a98e..6a20a127898 100644 --- a/src/agents/openclaw-tools.plugin-context.test.ts +++ b/src/agents/openclaw-tools.plugin-context.test.ts @@ -1,4 +1,4 @@ -import { describe, expect, it, vi } from "vitest"; +import { beforeEach, describe, expect, it, vi } from "vitest"; const { resolvePluginToolsMock } = vi.hoisted(() => ({ resolvePluginToolsMock: vi.fn((params?: unknown) => { @@ -9,11 +9,17 @@ const { resolvePluginToolsMock } = vi.hoisted(() => ({ vi.mock("../plugins/tools.js", () => ({ resolvePluginTools: resolvePluginToolsMock, + getPluginToolMeta: vi.fn(() => undefined), })); import { createOpenClawTools } from "./openclaw-tools.js"; +import { createOpenClawCodingTools } from "./pi-tools.js"; describe("createOpenClawTools plugin context", () => { + beforeEach(() => { + resolvePluginToolsMock.mockClear(); + }); + it("forwards trusted requester sender identity to plugin tool context", () => { createOpenClawTools({ config: {} as never, @@ -47,4 +53,30 @@ describe("createOpenClawTools plugin context", () => { }), ); }); + + it("forwards gateway subagent binding for plugin tools", () => { + createOpenClawTools({ + config: {} as never, + allowGatewaySubagentBinding: true, + }); + + expect(resolvePluginToolsMock).toHaveBeenCalledWith( + expect.objectContaining({ + allowGatewaySubagentBinding: true, + }), + ); + }); + + it("forwards gateway subagent binding through coding tools", () => { + createOpenClawCodingTools({ + config: {} as never, + allowGatewaySubagentBinding: true, + }); + + expect(resolvePluginToolsMock).toHaveBeenCalledWith( + expect.objectContaining({ + allowGatewaySubagentBinding: true, + }), + ); + }); }); diff --git a/src/agents/openclaw-tools.ts b/src/agents/openclaw-tools.ts index 25b5cae0f59..6f4929d288a 100644 --- a/src/agents/openclaw-tools.ts +++ b/src/agents/openclaw-tools.ts @@ -12,6 +12,7 @@ import { createCanvasTool } from "./tools/canvas-tool.js"; import type { AnyAgentTool } from "./tools/common.js"; import { createCronTool } from "./tools/cron-tool.js"; import { createGatewayTool } from "./tools/gateway-tool.js"; +import { createImageGenerateTool } from "./tools/image-generate-tool.js"; import { createImageTool } from "./tools/image-tool.js"; import { createMessageTool } from "./tools/message-tool.js"; import { createNodesTool } from "./tools/nodes-tool.js"; @@ -80,6 +81,8 @@ export function createOpenClawTools( spawnWorkspaceDir?: string; /** Callback invoked when sessions_yield tool is called. */ onYield?: (message: string) => Promise | void; + /** Allow plugin tools for this tool set to late-bind the gateway subagent. */ + allowGatewaySubagentBinding?: boolean; } & SpawnedToolContext, ): AnyAgentTool[] { const workspaceDir = resolveWorkspaceRoot(options?.workspaceDir); @@ -101,6 +104,13 @@ export function createOpenClawTools( modelHasVision: options?.modelHasVision, }) : null; + const imageGenerateTool = createImageGenerateTool({ + config: options?.config, + agentDir: options?.agentDir, + workspaceDir, + sandbox, + fsPolicy: options?.fsPolicy, + }); const pdfTool = options?.agentDir?.trim() ? createPdfTool({ config: options?.config, @@ -161,6 +171,7 @@ export function createOpenClawTools( agentChannel: options?.agentChannel, config: options?.config, }), + ...(imageGenerateTool ? [imageGenerateTool] : []), createGatewayTool({ agentSessionKey: options?.agentSessionKey, config: options?.config, @@ -235,6 +246,7 @@ export function createOpenClawTools( }, existingToolNames: new Set(tools.map((tool) => tool.name)), toolAllowlist: options?.pluginToolAllowlist, + allowGatewaySubagentBinding: options?.allowGatewaySubagentBinding, }); return [...tools, ...pluginTools]; diff --git a/src/agents/pi-bundle-mcp-tools.test.ts b/src/agents/pi-bundle-mcp-tools.test.ts new file mode 100644 index 00000000000..69b2839eb94 --- /dev/null +++ b/src/agents/pi-bundle-mcp-tools.test.ts @@ -0,0 +1,184 @@ +import fs from "node:fs/promises"; +import { createRequire } from "node:module"; +import os from "node:os"; +import path from "node:path"; +import { afterEach, describe, expect, it } from "vitest"; +import { createBundleMcpToolRuntime } from "./pi-bundle-mcp-tools.js"; + +const require = createRequire(import.meta.url); +const SDK_SERVER_MCP_PATH = require.resolve("@modelcontextprotocol/sdk/server/mcp.js"); +const SDK_SERVER_STDIO_PATH = require.resolve("@modelcontextprotocol/sdk/server/stdio.js"); + +const tempDirs: string[] = []; + +async function makeTempDir(prefix: string): Promise { + const dir = await fs.mkdtemp(path.join(os.tmpdir(), prefix)); + tempDirs.push(dir); + return dir; +} + +async function writeExecutable(filePath: string, content: string): Promise { + await fs.mkdir(path.dirname(filePath), { recursive: true }); + await fs.writeFile(filePath, content, { encoding: "utf-8", mode: 0o755 }); +} + +async function writeBundleProbeMcpServer(filePath: string): Promise { + await writeExecutable( + filePath, + `#!/usr/bin/env node +import { McpServer } from ${JSON.stringify(SDK_SERVER_MCP_PATH)}; +import { StdioServerTransport } from ${JSON.stringify(SDK_SERVER_STDIO_PATH)}; + +const server = new McpServer({ name: "bundle-probe", version: "1.0.0" }); +server.tool("bundle_probe", "Bundle MCP probe", async () => { + return { + content: [{ type: "text", text: process.env.BUNDLE_PROBE_TEXT ?? "missing-probe-text" }], + }; +}); + +await server.connect(new StdioServerTransport()); +`, + ); +} + +async function writeClaudeBundle(params: { + pluginRoot: string; + serverScriptPath: string; +}): Promise { + await fs.mkdir(path.join(params.pluginRoot, ".claude-plugin"), { recursive: true }); + await fs.writeFile( + path.join(params.pluginRoot, ".claude-plugin", "plugin.json"), + `${JSON.stringify({ name: "bundle-probe" }, null, 2)}\n`, + "utf-8", + ); + await fs.writeFile( + path.join(params.pluginRoot, ".mcp.json"), + `${JSON.stringify( + { + mcpServers: { + bundleProbe: { + command: "node", + args: [path.relative(params.pluginRoot, params.serverScriptPath)], + env: { + BUNDLE_PROBE_TEXT: "FROM-BUNDLE", + }, + }, + }, + }, + null, + 2, + )}\n`, + "utf-8", + ); +} + +afterEach(async () => { + await Promise.all( + tempDirs.splice(0, tempDirs.length).map((dir) => fs.rm(dir, { recursive: true, force: true })), + ); +}); + +describe("createBundleMcpToolRuntime", () => { + it("loads bundle MCP tools and executes them", async () => { + const workspaceDir = await makeTempDir("openclaw-bundle-mcp-tools-"); + const pluginRoot = path.join(workspaceDir, ".openclaw", "extensions", "bundle-probe"); + const serverScriptPath = path.join(pluginRoot, "servers", "bundle-probe.mjs"); + await writeBundleProbeMcpServer(serverScriptPath); + await writeClaudeBundle({ pluginRoot, serverScriptPath }); + + const runtime = await createBundleMcpToolRuntime({ + workspaceDir, + cfg: { + plugins: { + entries: { + "bundle-probe": { enabled: true }, + }, + }, + }, + }); + + try { + expect(runtime.tools.map((tool) => tool.name)).toEqual(["bundle_probe"]); + const result = await runtime.tools[0].execute("call-bundle-probe", {}, undefined, undefined); + expect(result.content[0]).toMatchObject({ + type: "text", + text: "FROM-BUNDLE", + }); + expect(result.details).toEqual({ + mcpServer: "bundleProbe", + mcpTool: "bundle_probe", + }); + } finally { + await runtime.dispose(); + } + }); + + it("skips bundle MCP tools that collide with existing tool names", async () => { + const workspaceDir = await makeTempDir("openclaw-bundle-mcp-tools-"); + const pluginRoot = path.join(workspaceDir, ".openclaw", "extensions", "bundle-probe"); + const serverScriptPath = path.join(pluginRoot, "servers", "bundle-probe.mjs"); + await writeBundleProbeMcpServer(serverScriptPath); + await writeClaudeBundle({ pluginRoot, serverScriptPath }); + + const runtime = await createBundleMcpToolRuntime({ + workspaceDir, + cfg: { + plugins: { + entries: { + "bundle-probe": { enabled: true }, + }, + }, + }, + reservedToolNames: ["bundle_probe"], + }); + + try { + expect(runtime.tools).toEqual([]); + } finally { + await runtime.dispose(); + } + }); + + it("loads configured stdio MCP tools without a bundle", async () => { + const workspaceDir = await makeTempDir("openclaw-bundle-mcp-tools-"); + const serverScriptPath = path.join(workspaceDir, "servers", "configured-probe.mjs"); + await writeBundleProbeMcpServer(serverScriptPath); + + const runtime = await createBundleMcpToolRuntime({ + workspaceDir, + cfg: { + mcp: { + servers: { + configuredProbe: { + command: "node", + args: [serverScriptPath], + env: { + BUNDLE_PROBE_TEXT: "FROM-CONFIG", + }, + }, + }, + }, + }, + }); + + try { + expect(runtime.tools.map((tool) => tool.name)).toEqual(["bundle_probe"]); + const result = await runtime.tools[0].execute( + "call-configured-probe", + {}, + undefined, + undefined, + ); + expect(result.content[0]).toMatchObject({ + type: "text", + text: "FROM-CONFIG", + }); + expect(result.details).toEqual({ + mcpServer: "configuredProbe", + mcpTool: "bundle_probe", + }); + } finally { + await runtime.dispose(); + } + }); +}); diff --git a/src/agents/pi-bundle-mcp-tools.ts b/src/agents/pi-bundle-mcp-tools.ts new file mode 100644 index 00000000000..159cd8bfe12 --- /dev/null +++ b/src/agents/pi-bundle-mcp-tools.ts @@ -0,0 +1,225 @@ +import type { AgentToolResult } from "@mariozechner/pi-agent-core"; +import { Client } from "@modelcontextprotocol/sdk/client/index.js"; +import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js"; +import type { CallToolResult } from "@modelcontextprotocol/sdk/types.js"; +import type { OpenClawConfig } from "../config/config.js"; +import { logDebug, logWarn } from "../logger.js"; +import { loadEmbeddedPiMcpConfig } from "./embedded-pi-mcp.js"; +import { + describeStdioMcpServerLaunchConfig, + resolveStdioMcpServerLaunchConfig, +} from "./mcp-stdio.js"; +import type { AnyAgentTool } from "./tools/common.js"; + +type BundleMcpToolRuntime = { + tools: AnyAgentTool[]; + dispose: () => Promise; +}; + +type BundleMcpSession = { + serverName: string; + client: Client; + transport: StdioClientTransport; + detachStderr?: () => void; +}; + +function isRecord(value: unknown): value is Record { + return value !== null && typeof value === "object" && !Array.isArray(value); +} + +async function listAllTools(client: Client) { + const tools: Awaited>["tools"] = []; + let cursor: string | undefined; + do { + const page = await client.listTools(cursor ? { cursor } : undefined); + tools.push(...page.tools); + cursor = page.nextCursor; + } while (cursor); + return tools; +} + +function toAgentToolResult(params: { + serverName: string; + toolName: string; + result: CallToolResult; +}): AgentToolResult { + const content = Array.isArray(params.result.content) + ? (params.result.content as AgentToolResult["content"]) + : []; + const normalizedContent: AgentToolResult["content"] = + content.length > 0 + ? content + : params.result.structuredContent !== undefined + ? [ + { + type: "text", + text: JSON.stringify(params.result.structuredContent, null, 2), + }, + ] + : ([ + { + type: "text", + text: JSON.stringify( + { + status: params.result.isError === true ? "error" : "ok", + server: params.serverName, + tool: params.toolName, + }, + null, + 2, + ), + }, + ] as AgentToolResult["content"]); + const details: Record = { + mcpServer: params.serverName, + mcpTool: params.toolName, + }; + if (params.result.structuredContent !== undefined) { + details.structuredContent = params.result.structuredContent; + } + if (params.result.isError === true) { + details.status = "error"; + } + return { + content: normalizedContent, + details, + }; +} + +function attachStderrLogging(serverName: string, transport: StdioClientTransport) { + const stderr = transport.stderr; + if (!stderr || typeof stderr.on !== "function") { + return undefined; + } + const onData = (chunk: Buffer | string) => { + const message = String(chunk).trim(); + if (!message) { + return; + } + for (const line of message.split(/\r?\n/)) { + const trimmed = line.trim(); + if (trimmed) { + logDebug(`bundle-mcp:${serverName}: ${trimmed}`); + } + } + }; + stderr.on("data", onData); + return () => { + if (typeof stderr.off === "function") { + stderr.off("data", onData); + } else if (typeof stderr.removeListener === "function") { + stderr.removeListener("data", onData); + } + }; +} + +async function disposeSession(session: BundleMcpSession) { + session.detachStderr?.(); + await session.client.close().catch(() => {}); + await session.transport.close().catch(() => {}); +} + +export async function createBundleMcpToolRuntime(params: { + workspaceDir: string; + cfg?: OpenClawConfig; + reservedToolNames?: Iterable; +}): Promise { + const loaded = loadEmbeddedPiMcpConfig({ + workspaceDir: params.workspaceDir, + cfg: params.cfg, + }); + for (const diagnostic of loaded.diagnostics) { + logWarn(`bundle-mcp: ${diagnostic.pluginId}: ${diagnostic.message}`); + } + + const reservedNames = new Set( + Array.from(params.reservedToolNames ?? [], (name) => name.trim().toLowerCase()).filter(Boolean), + ); + const sessions: BundleMcpSession[] = []; + const tools: AnyAgentTool[] = []; + + try { + for (const [serverName, rawServer] of Object.entries(loaded.mcpServers)) { + const launch = resolveStdioMcpServerLaunchConfig(rawServer); + if (!launch.ok) { + logWarn(`bundle-mcp: skipped server "${serverName}" because ${launch.reason}.`); + continue; + } + const launchConfig = launch.config; + + const transport = new StdioClientTransport({ + command: launchConfig.command, + args: launchConfig.args, + env: launchConfig.env, + cwd: launchConfig.cwd, + stderr: "pipe", + }); + const client = new Client( + { + name: "openclaw-bundle-mcp", + version: "0.0.0", + }, + {}, + ); + const session: BundleMcpSession = { + serverName, + client, + transport, + detachStderr: attachStderrLogging(serverName, transport), + }; + + try { + await client.connect(transport); + const listedTools = await listAllTools(client); + sessions.push(session); + for (const tool of listedTools) { + const normalizedName = tool.name.trim().toLowerCase(); + if (!normalizedName) { + continue; + } + if (reservedNames.has(normalizedName)) { + logWarn( + `bundle-mcp: skipped tool "${tool.name}" from server "${serverName}" because the name already exists.`, + ); + continue; + } + reservedNames.add(normalizedName); + tools.push({ + name: tool.name, + label: tool.title ?? tool.name, + description: + tool.description?.trim() || + `Provided by bundle MCP server "${serverName}" (${describeStdioMcpServerLaunchConfig(launchConfig)}).`, + parameters: tool.inputSchema, + execute: async (_toolCallId, input) => { + const result = (await client.callTool({ + name: tool.name, + arguments: isRecord(input) ? input : {}, + })) as CallToolResult; + return toAgentToolResult({ + serverName, + toolName: tool.name, + result, + }); + }, + }); + } + } catch (error) { + logWarn( + `bundle-mcp: failed to start server "${serverName}" (${describeStdioMcpServerLaunchConfig(launchConfig)}): ${String(error)}`, + ); + await disposeSession(session); + } + } + + return { + tools, + dispose: async () => { + await Promise.allSettled(sessions.map((session) => disposeSession(session))); + }, + }; + } catch (error) { + await Promise.allSettled(sessions.map((session) => disposeSession(session))); + throw error; + } +} diff --git a/src/agents/pi-embedded-helpers.formatassistanterrortext.test.ts b/src/agents/pi-embedded-helpers.formatassistanterrortext.test.ts index 397445067c1..8fc8ac1fddc 100644 --- a/src/agents/pi-embedded-helpers.formatassistanterrortext.test.ts +++ b/src/agents/pi-embedded-helpers.formatassistanterrortext.test.ts @@ -35,6 +35,12 @@ describe("formatAssistantErrorText", () => { ); expect(formatAssistantErrorText(msg)).toContain("Context overflow"); }); + it("returns context overflow for Ollama 'prompt too long' errors (#34005)", () => { + const msg = makeAssistantError( + 'Ollama API error 400: {"StatusCode":400,"Status":"400 Bad Request","error":"prompt too long; exceeded max context length by 4 tokens"}', + ); + expect(formatAssistantErrorText(msg)).toContain("Context overflow"); + }); it("returns a reasoning-required message for mandatory reasoning endpoint errors", () => { const msg = makeAssistantError( "400 Reasoning is mandatory for this endpoint and cannot be disabled.", diff --git a/src/agents/pi-embedded-helpers.sanitizeuserfacingtext.test.ts b/src/agents/pi-embedded-helpers.sanitizeuserfacingtext.test.ts index 33c85b832e5..2808d320cc5 100644 --- a/src/agents/pi-embedded-helpers.sanitizeuserfacingtext.test.ts +++ b/src/agents/pi-embedded-helpers.sanitizeuserfacingtext.test.ts @@ -42,6 +42,14 @@ describe("sanitizeUserFacingText", () => { ); }); + it("sanitizes Ollama prompt-too-long payloads through the context-overflow path", () => { + const text = + 'Ollama API error 400: {"StatusCode":400,"Status":"400 Bad Request","error":"prompt too long; exceeded max context length by 4 tokens"}'; + expect(sanitizeUserFacingText(text, { errorContext: true })).toContain( + "Context overflow: prompt too large for the model.", + ); + }); + it.each([ "Changelog note: we fixed false positives for `Context overflow: prompt too large for the model. Try /reset (or /new) to start a fresh session, or use a larger-context model.` in 2026.2.9", "nah it failed, hit a context overflow. the prompt was too large for the model. want me to retry it with a different approach?", diff --git a/src/agents/pi-embedded-helpers/errors.ts b/src/agents/pi-embedded-helpers/errors.ts index 6e38d831ad9..605cdd22118 100644 --- a/src/agents/pi-embedded-helpers/errors.ts +++ b/src/agents/pi-embedded-helpers/errors.ts @@ -97,6 +97,7 @@ export function isContextOverflowError(errorMessage?: string): boolean { lower.includes("context length exceeded") || lower.includes("maximum context length") || lower.includes("prompt is too long") || + lower.includes("prompt too long") || lower.includes("exceeds model context window") || lower.includes("model token limit") || (hasRequestSizeExceeds && hasContextWindow) || @@ -211,11 +212,12 @@ export function extractObservedOverflowTokenCount(errorMessage?: string): number return undefined; } +// Allow provider-wrapped API payloads such as "Ollama API error 400: {...}". const ERROR_PAYLOAD_PREFIX_RE = - /^(?:error|api\s*error|apierror|openai\s*error|anthropic\s*error|gateway\s*error)[:\s-]+/i; + /^(?:error|(?:[a-z][\w-]*\s+)?api\s*error|apierror|openai\s*error|anthropic\s*error|gateway\s*error)(?:\s+\d{3})?[:\s-]+/i; const FINAL_TAG_RE = /<\s*\/?\s*final\s*>/gi; const ERROR_PREFIX_RE = - /^(?:error|api\s*error|openai\s*error|anthropic\s*error|gateway\s*error|request failed|failed|exception)[:\s-]+/i; + /^(?:error|(?:[a-z][\w-]*\s+)?api\s*error|openai\s*error|anthropic\s*error|gateway\s*error|request failed|failed|exception)(?:\s+\d{3})?[:\s-]+/i; const CONTEXT_OVERFLOW_ERROR_HEAD_RE = /^(?:context overflow:|request_too_large\b|request size exceeds\b|request exceeds the maximum size\b|context length exceeded\b|maximum context length\b|prompt is too long\b|exceeds model context window\b)/i; const HTTP_STATUS_PREFIX_RE = /^(?:http\s*)?(\d{3})\s+(.+)$/i; diff --git a/src/agents/pi-embedded-runner-extraparams.test.ts b/src/agents/pi-embedded-runner-extraparams.test.ts index c4790e37dba..9b22c59b594 100644 --- a/src/agents/pi-embedded-runner-extraparams.test.ts +++ b/src/agents/pi-embedded-runner-extraparams.test.ts @@ -908,7 +908,7 @@ describe("applyExtraParamsToAgent", () => { }); }); - it("does not rewrite tool schema for kimi-coding (native Anthropic format)", () => { + it("does not rewrite tool schema for Kimi (native Anthropic format)", () => { const payloads: Record[] = []; const baseStreamFn: StreamFn = (_model, _context, options) => { const payload: Record = { @@ -931,12 +931,12 @@ describe("applyExtraParamsToAgent", () => { }; const agent = { streamFn: baseStreamFn }; - applyExtraParamsToAgent(agent, undefined, "kimi-coding", "k2p5", undefined, "low"); + applyExtraParamsToAgent(agent, undefined, "kimi", "kimi-code", undefined, "low"); const model = { api: "anthropic-messages", - provider: "kimi-coding", - id: "k2p5", + provider: "kimi", + id: "kimi-code", baseUrl: "https://api.kimi.com/coding/", } as Model<"anthropic-messages">; const context: Context = { messages: [] }; @@ -1160,7 +1160,8 @@ describe("applyExtraParamsToAgent", () => { expect(calls).toHaveLength(1); expect(calls[0]?.headers).toEqual({ "HTTP-Referer": "https://openclaw.ai", - "X-Title": "OpenClaw", + "X-OpenRouter-Title": "OpenClaw", + "X-OpenRouter-Categories": "cli-agent", "X-Custom": "1", }); }); diff --git a/src/agents/pi-embedded-runner.bundle-mcp.e2e.test.ts b/src/agents/pi-embedded-runner.bundle-mcp.e2e.test.ts new file mode 100644 index 00000000000..bd3bd2505a0 --- /dev/null +++ b/src/agents/pi-embedded-runner.bundle-mcp.e2e.test.ts @@ -0,0 +1,241 @@ +import fs from "node:fs/promises"; +import path from "node:path"; +import "./test-helpers/fast-coding-tools.js"; +import { afterAll, beforeAll, describe, expect, it, vi } from "vitest"; +import { + cleanupEmbeddedPiRunnerTestWorkspace, + createEmbeddedPiRunnerOpenAiConfig, + createEmbeddedPiRunnerTestWorkspace, + type EmbeddedPiRunnerTestWorkspace, + immediateEnqueue, +} from "./test-helpers/pi-embedded-runner-e2e-fixtures.js"; + +const E2E_TIMEOUT_MS = 40_000; + +function createMockUsage(input: number, output: number) { + return { + input, + output, + cacheRead: 0, + cacheWrite: 0, + totalTokens: input + output, + cost: { + input: 0, + output: 0, + cacheRead: 0, + cacheWrite: 0, + total: 0, + }, + }; +} + +let streamCallCount = 0; +let observedContexts: Array> = []; + +vi.mock("./pi-bundle-mcp-tools.js", () => ({ + createBundleMcpToolRuntime: async () => ({ + tools: [ + { + name: "bundle_probe", + label: "bundle_probe", + description: "Bundle MCP probe", + parameters: { type: "object", properties: {} }, + execute: async () => ({ + content: [{ type: "text", text: "FROM-BUNDLE" }], + details: { + mcpServer: "bundleProbe", + mcpTool: "bundle_probe", + }, + }), + }, + ], + dispose: async () => {}, + }), +})); + +vi.mock("@mariozechner/pi-coding-agent", async () => { + return await vi.importActual( + "@mariozechner/pi-coding-agent", + ); +}); + +vi.mock("@mariozechner/pi-ai", async () => { + const actual = await vi.importActual("@mariozechner/pi-ai"); + + const buildToolUseMessage = (model: { api: string; provider: string; id: string }) => ({ + role: "assistant" as const, + content: [ + { + type: "toolCall" as const, + id: "tc-bundle-mcp-1", + name: "bundle_probe", + arguments: {}, + }, + ], + stopReason: "toolUse" as const, + api: model.api, + provider: model.provider, + model: model.id, + usage: createMockUsage(1, 1), + timestamp: Date.now(), + }); + + const buildStopMessage = ( + model: { api: string; provider: string; id: string }, + text: string, + ) => ({ + role: "assistant" as const, + content: [{ type: "text" as const, text }], + stopReason: "stop" as const, + api: model.api, + provider: model.provider, + model: model.id, + usage: createMockUsage(1, 1), + timestamp: Date.now(), + }); + + return { + ...actual, + complete: async (model: { api: string; provider: string; id: string }) => { + streamCallCount += 1; + return streamCallCount === 1 + ? buildToolUseMessage(model) + : buildStopMessage(model, "BUNDLE MCP OK FROM-BUNDLE"); + }, + completeSimple: async (model: { api: string; provider: string; id: string }) => { + streamCallCount += 1; + return streamCallCount === 1 + ? buildToolUseMessage(model) + : buildStopMessage(model, "BUNDLE MCP OK FROM-BUNDLE"); + }, + streamSimple: ( + model: { api: string; provider: string; id: string }, + context: { messages?: Array<{ role?: string; content?: unknown }> }, + ) => { + streamCallCount += 1; + const messages = (context.messages ?? []).map((message) => ({ ...message })); + observedContexts.push(messages); + const stream = actual.createAssistantMessageEventStream(); + queueMicrotask(() => { + if (streamCallCount === 1) { + stream.push({ + type: "done", + reason: "toolUse", + message: buildToolUseMessage(model), + }); + stream.end(); + return; + } + + const toolResultText = messages.flatMap((message) => + Array.isArray(message.content) + ? (message.content as Array<{ type?: string; text?: string }>) + .filter((entry) => entry.type === "text" && typeof entry.text === "string") + .map((entry) => entry.text ?? "") + : [], + ); + const sawBundleResult = toolResultText.some((text) => text.includes("FROM-BUNDLE")); + if (!sawBundleResult) { + stream.push({ + type: "done", + reason: "stop", + message: buildStopMessage(model, "bundle MCP tool result missing from context"), + }); + stream.end(); + return; + } + + stream.push({ + type: "done", + reason: "stop", + message: buildStopMessage(model, "BUNDLE MCP OK FROM-BUNDLE"), + }); + stream.end(); + }); + return stream; + }, + }; +}); + +let runEmbeddedPiAgent: typeof import("./pi-embedded-runner/run.js").runEmbeddedPiAgent; +let e2eWorkspace: EmbeddedPiRunnerTestWorkspace | undefined; +let agentDir: string; +let workspaceDir: string; + +beforeAll(async () => { + vi.useRealTimers(); + ({ runEmbeddedPiAgent } = await import("./pi-embedded-runner/run.js")); + e2eWorkspace = await createEmbeddedPiRunnerTestWorkspace("openclaw-bundle-mcp-pi-"); + ({ agentDir, workspaceDir } = e2eWorkspace); +}, 180_000); + +afterAll(async () => { + await cleanupEmbeddedPiRunnerTestWorkspace(e2eWorkspace); + e2eWorkspace = undefined; +}); + +const readSessionMessages = async (sessionFile: string) => { + const raw = await fs.readFile(sessionFile, "utf-8"); + return raw + .split(/\r?\n/) + .filter(Boolean) + .map( + (line) => + JSON.parse(line) as { type?: string; message?: { role?: string; content?: unknown } }, + ) + .filter((entry) => entry.type === "message") + .map((entry) => entry.message) as Array<{ role?: string; content?: unknown }>; +}; + +describe("runEmbeddedPiAgent bundle MCP e2e", () => { + it.skip( + "loads bundle MCP into Pi, executes the MCP tool, and includes the result in the follow-up turn", + { timeout: E2E_TIMEOUT_MS }, + async () => { + streamCallCount = 0; + observedContexts = []; + + const sessionFile = path.join(workspaceDir, "session-bundle-mcp-e2e.jsonl"); + const cfg = createEmbeddedPiRunnerOpenAiConfig(["mock-bundle-mcp"]); + + const result = await runEmbeddedPiAgent({ + sessionId: "bundle-mcp-e2e", + sessionKey: "agent:test:bundle-mcp-e2e", + sessionFile, + workspaceDir, + config: cfg, + prompt: "Use the bundle MCP tool and report its result.", + provider: "openai", + model: "mock-bundle-mcp", + timeoutMs: 30_000, + agentDir, + runId: "run-bundle-mcp-e2e", + enqueue: immediateEnqueue, + }); + + expect(result.payloads?.[0]?.text).toContain("BUNDLE MCP OK FROM-BUNDLE"); + expect(streamCallCount).toBe(2); + + const followUpContext = observedContexts[1] ?? []; + const followUpTexts = followUpContext.flatMap((message) => + Array.isArray(message.content) + ? (message.content as Array<{ type?: string; text?: string }>) + .filter((entry) => entry.type === "text" && typeof entry.text === "string") + .map((entry) => entry.text ?? "") + : [], + ); + expect(followUpTexts.some((text) => text.includes("FROM-BUNDLE"))).toBe(true); + + const messages = await readSessionMessages(sessionFile); + const toolResults = messages.filter((message) => message?.role === "toolResult"); + const toolResultText = toolResults.flatMap((message) => + Array.isArray(message.content) + ? (message.content as Array<{ type?: string; text?: string }>) + .filter((entry) => entry.type === "text" && typeof entry.text === "string") + .map((entry) => entry.text ?? "") + : [], + ); + expect(toolResultText.some((text) => text.includes("FROM-BUNDLE"))).toBe(true); + }, + ); +}); diff --git a/src/agents/pi-embedded-runner/compact.hooks.test.ts b/src/agents/pi-embedded-runner/compact.hooks.test.ts index 0a864236b81..72b16ad003f 100644 --- a/src/agents/pi-embedded-runner/compact.hooks.test.ts +++ b/src/agents/pi-embedded-runner/compact.hooks.test.ts @@ -15,6 +15,7 @@ const { resolveSessionAgentIdMock, estimateTokensMock, sessionAbortCompactionMock, + createOpenClawCodingToolsMock, } = vi.hoisted(() => { const contextEngineCompactMock = vi.fn(async () => ({ ok: true as boolean, @@ -36,12 +37,14 @@ const { info: { ownsCompaction: true }, compact: contextEngineCompactMock, })), - resolveModelMock: vi.fn(() => ({ - model: { provider: "openai", api: "responses", id: "fake", input: [] }, - error: null, - authStorage: { setRuntimeApiKey: vi.fn() }, - modelRegistry: {}, - })), + resolveModelMock: vi.fn( + (_provider?: string, _modelId?: string, _agentDir?: string, _cfg?: unknown) => ({ + model: { provider: "openai", api: "responses", id: "fake", input: [] }, + error: null, + authStorage: { setRuntimeApiKey: vi.fn() }, + modelRegistry: {}, + }), + ), sessionCompactImpl: vi.fn(async () => ({ summary: "summary", firstKeptEntryId: "entry-1", @@ -67,6 +70,7 @@ const { resolveSessionAgentIdMock: vi.fn(() => "main"), estimateTokensMock: vi.fn((_message?: unknown) => 10), sessionAbortCompactionMock: vi.fn(), + createOpenClawCodingToolsMock: vi.fn(() => []), }; }); @@ -205,7 +209,7 @@ vi.mock("../channel-tools.js", () => ({ })); vi.mock("../pi-tools.js", () => ({ - createOpenClawCodingTools: vi.fn(() => []), + createOpenClawCodingTools: createOpenClawCodingToolsMock, })); vi.mock("./google.js", () => ({ @@ -307,6 +311,10 @@ vi.mock("./sandbox-info.js", () => ({ vi.mock("./model.js", () => ({ buildModelAliasLines: vi.fn(() => []), resolveModel: resolveModelMock, + resolveModelAsync: vi.fn( + async (provider: string, modelId: string, agentDir?: string, cfg?: unknown) => + resolveModelMock(provider, modelId, agentDir, cfg), + ), })); vi.mock("./session-manager-cache.js", () => ({ @@ -449,6 +457,26 @@ describe("compactEmbeddedPiSessionDirect hooks", () => { }); }); + it("forwards gateway subagent binding opt-in during compaction bootstrap", async () => { + await compactEmbeddedPiSessionDirect({ + sessionId: "session-1", + sessionFile: "/tmp/session.jsonl", + workspaceDir: "/tmp/workspace", + allowGatewaySubagentBinding: true, + }); + + expect(ensureRuntimePluginsLoaded).toHaveBeenCalledWith({ + config: undefined, + workspaceDir: "/tmp/workspace", + allowGatewaySubagentBinding: true, + }); + expect(createOpenClawCodingToolsMock).toHaveBeenCalledWith( + expect.objectContaining({ + allowGatewaySubagentBinding: true, + }), + ); + }); + it("emits internal + plugin compaction hooks with counts", async () => { hookRunner.hasHooks.mockReturnValue(true); let sanitizedCount = 0; @@ -501,6 +529,7 @@ describe("compactEmbeddedPiSessionDirect hooks", () => { messageCount: 1, tokenCount: 10, compactedCount: 1, + sessionFile: "/tmp/session.jsonl", }, expect.objectContaining({ sessionKey: "agent:main:session-1", messageProvider: "telegram" }), ); diff --git a/src/agents/pi-embedded-runner/compact.runtime.ts b/src/agents/pi-embedded-runner/compact.runtime.ts index 33c4ed7066a..f6230265bac 100644 --- a/src/agents/pi-embedded-runner/compact.runtime.ts +++ b/src/agents/pi-embedded-runner/compact.runtime.ts @@ -1 +1,9 @@ -export { compactEmbeddedPiSessionDirect } from "./compact.js"; +import { compactEmbeddedPiSessionDirect as compactEmbeddedPiSessionDirectImpl } from "./compact.js"; + +type CompactEmbeddedPiSessionDirect = typeof import("./compact.js").compactEmbeddedPiSessionDirect; + +export function compactEmbeddedPiSessionDirect( + ...args: Parameters +): ReturnType { + return compactEmbeddedPiSessionDirectImpl(...args); +} diff --git a/src/agents/pi-embedded-runner/compact.ts b/src/agents/pi-embedded-runner/compact.ts index 67c5b8184b2..4e967730667 100644 --- a/src/agents/pi-embedded-runner/compact.ts +++ b/src/agents/pi-embedded-runner/compact.ts @@ -19,11 +19,11 @@ import { createInternalHookEvent, triggerInternalHook } from "../../hooks/intern import { getMachineDisplayName } from "../../infra/machine-name.js"; import { generateSecureToken } from "../../infra/secure-random.js"; import { getMemorySearchManager } from "../../memory/index.js"; -import { resolveSignalReactionLevel } from "../../plugin-sdk-internal/signal.js"; +import { resolveSignalReactionLevel } from "../../plugin-sdk/signal.js"; import { resolveTelegramInlineButtonsScope, resolveTelegramReactionLevel, -} from "../../plugin-sdk-internal/telegram.js"; +} from "../../plugin-sdk/telegram.js"; import { getGlobalHookRunner } from "../../plugins/hook-runner-global.js"; import { prepareProviderRuntimeAuth } from "../../plugins/provider-runtime.js"; import { type enqueueCommand, enqueueCommandInLane } from "../../process/command-queue.js"; @@ -53,6 +53,7 @@ import { supportsModelTools } from "../model-tool-support.js"; import { ensureOpenClawModelsJson } from "../models-config.js"; import { createConfiguredOllamaStreamFn } from "../ollama-stream.js"; import { resolveOwnerDisplaySetting } from "../owner-display.js"; +import { createBundleMcpToolRuntime } from "../pi-bundle-mcp-tools.js"; import { ensureSessionHeader, validateAnthropicTurns, @@ -147,6 +148,8 @@ export type CompactEmbeddedPiSessionParams = { extraSystemPrompt?: string; ownerNumbers?: string[]; abortSignal?: AbortSignal; + /** Allow runtime plugins for this compaction to late-bind the gateway subagent. */ + allowGatewaySubagentBinding?: boolean; }; type CompactionMessageMetrics = { @@ -384,6 +387,7 @@ export async function compactEmbeddedPiSessionDirect( ensureRuntimePluginsLoaded({ config: params.config, workspaceDir: resolvedWorkspace, + allowGatewaySubagentBinding: params.allowGatewaySubagentBinding, }); const prevCwd = process.cwd(); @@ -570,6 +574,7 @@ export async function compactEmbeddedPiSessionDirect( groupSpace: params.groupSpace, spawnedBy: params.spawnedBy, senderIsOwner: params.senderIsOwner, + allowGatewaySubagentBinding: params.allowGatewaySubagentBinding, agentDir, workspaceDir: effectiveWorkspace, config: params.config, @@ -579,12 +584,24 @@ export async function compactEmbeddedPiSessionDirect( modelContextWindowTokens: ctxInfo.tokens, modelAuthMode: resolveModelAuthMode(model.provider, params.config), }); + const toolsEnabled = supportsModelTools(runtimeModel); const tools = sanitizeToolsForGoogle({ - tools: supportsModelTools(runtimeModel) ? toolsRaw : [], + tools: toolsEnabled ? toolsRaw : [], provider, }); - const allowedToolNames = collectAllowedToolNames({ tools }); - logToolSchemasForGoogle({ tools, provider }); + const bundleMcpRuntime = toolsEnabled + ? await createBundleMcpToolRuntime({ + workspaceDir: effectiveWorkspace, + cfg: params.config, + reservedToolNames: tools.map((tool) => tool.name), + }) + : undefined; + const effectiveTools = + bundleMcpRuntime && bundleMcpRuntime.tools.length > 0 + ? [...tools, ...bundleMcpRuntime.tools] + : tools; + const allowedToolNames = collectAllowedToolNames({ tools: effectiveTools }); + logToolSchemasForGoogle({ tools: effectiveTools, provider }); const machineName = await getMachineDisplayName(); const runtimeChannel = normalizeMessageChannel(params.messageChannel ?? params.messageProvider); let runtimeCapabilities = runtimeChannel @@ -701,7 +718,7 @@ export async function compactEmbeddedPiSessionDirect( reactionGuidance, messageToolHints, sandboxInfo, - tools, + tools: effectiveTools, modelAliasLines: buildModelAliasLines(params.config), userTimezone, userTime, @@ -764,7 +781,7 @@ export async function compactEmbeddedPiSessionDirect( } const { builtInTools, customTools } = splitSdkTools({ - tools, + tools: effectiveTools, sandboxEnabled: !!sandbox?.enabled, }); @@ -1022,6 +1039,7 @@ export async function compactEmbeddedPiSessionDirect( messageCount: messageCountAfter, tokenCount: tokensAfter, compactedCount, + sessionFile: params.sessionFile, }, { sessionId: params.sessionId, @@ -1056,6 +1074,7 @@ export async function compactEmbeddedPiSessionDirect( clearPendingOnTimeout: true, }); session.dispose(); + await bundleMcpRuntime?.dispose(); } } finally { await sessionLock.release(); @@ -1086,6 +1105,7 @@ export async function compactEmbeddedPiSession( ensureRuntimePluginsLoaded({ config: params.config, workspaceDir: params.workspaceDir, + allowGatewaySubagentBinding: params.allowGatewaySubagentBinding, }); ensureContextEnginesInitialized(); const contextEngine = await resolveContextEngine(params.config); diff --git a/src/agents/pi-embedded-runner/extensions.test.ts b/src/agents/pi-embedded-runner/extensions.test.ts index ff95a0b2dee..e3f412cafd0 100644 --- a/src/agents/pi-embedded-runner/extensions.test.ts +++ b/src/agents/pi-embedded-runner/extensions.test.ts @@ -6,13 +6,36 @@ import { getCompactionSafeguardRuntime } from "../pi-extensions/compaction-safeg import compactionSafeguardExtension from "../pi-extensions/compaction-safeguard.js"; import { buildEmbeddedExtensionFactories } from "./extensions.js"; +function buildSafeguardFactories(cfg: OpenClawConfig) { + const sessionManager = {} as SessionManager; + const model = { + id: "claude-sonnet-4-20250514", + contextWindow: 200_000, + } as Model; + + const factories = buildEmbeddedExtensionFactories({ + cfg, + sessionManager, + provider: "anthropic", + modelId: "claude-sonnet-4-20250514", + model, + }); + + return { factories, sessionManager }; +} + +function expectSafeguardRuntime( + cfg: OpenClawConfig, + expectedRuntime: { qualityGuardEnabled: boolean; qualityGuardMaxRetries?: number }, +) { + const { factories, sessionManager } = buildSafeguardFactories(cfg); + + expect(factories).toContain(compactionSafeguardExtension); + expect(getCompactionSafeguardRuntime(sessionManager)).toMatchObject(expectedRuntime); +} + describe("buildEmbeddedExtensionFactories", () => { it("does not opt safeguard mode into quality-guard retries", () => { - const sessionManager = {} as SessionManager; - const model = { - id: "claude-sonnet-4-20250514", - contextWindow: 200_000, - } as Model; const cfg = { agents: { defaults: { @@ -22,27 +45,12 @@ describe("buildEmbeddedExtensionFactories", () => { }, }, } as OpenClawConfig; - - const factories = buildEmbeddedExtensionFactories({ - cfg, - sessionManager, - provider: "anthropic", - modelId: "claude-sonnet-4-20250514", - model, - }); - - expect(factories).toContain(compactionSafeguardExtension); - expect(getCompactionSafeguardRuntime(sessionManager)).toMatchObject({ + expectSafeguardRuntime(cfg, { qualityGuardEnabled: false, }); }); it("wires explicit safeguard quality-guard runtime flags", () => { - const sessionManager = {} as SessionManager; - const model = { - id: "claude-sonnet-4-20250514", - contextWindow: 200_000, - } as Model; const cfg = { agents: { defaults: { @@ -56,17 +64,7 @@ describe("buildEmbeddedExtensionFactories", () => { }, }, } as OpenClawConfig; - - const factories = buildEmbeddedExtensionFactories({ - cfg, - sessionManager, - provider: "anthropic", - modelId: "claude-sonnet-4-20250514", - model, - }); - - expect(factories).toContain(compactionSafeguardExtension); - expect(getCompactionSafeguardRuntime(sessionManager)).toMatchObject({ + expectSafeguardRuntime(cfg, { qualityGuardEnabled: true, qualityGuardMaxRetries: 2, }); diff --git a/src/agents/pi-embedded-runner/extra-params.cache-retention-default.test.ts b/src/agents/pi-embedded-runner/extra-params.cache-retention-default.test.ts index cd093a86e7c..b988a8c3c59 100644 --- a/src/agents/pi-embedded-runner/extra-params.cache-retention-default.test.ts +++ b/src/agents/pi-embedded-runner/extra-params.cache-retention-default.test.ts @@ -2,6 +2,25 @@ import type { StreamFn } from "@mariozechner/pi-agent-core"; import { describe, expect, it, vi } from "vitest"; import { applyExtraParamsToAgent } from "../pi-embedded-runner.js"; +function applyAndExpectWrapped(params: { + cfg?: Parameters[1]; + extraParamsOverride?: Parameters[4]; + modelId: string; + provider: string; +}) { + const agent: { streamFn?: StreamFn } = {}; + + applyExtraParamsToAgent( + agent, + params.cfg, + params.provider, + params.modelId, + params.extraParamsOverride, + ); + + expect(agent.streamFn).toBeDefined(); +} + // Mock the logger to avoid noise in tests vi.mock("./logger.js", () => ({ log: { @@ -12,15 +31,10 @@ vi.mock("./logger.js", () => ({ describe("cacheRetention default behavior", () => { it("returns 'short' for Anthropic when not configured", () => { - const agent: { streamFn?: StreamFn } = {}; - const cfg = undefined; - const provider = "anthropic"; - const modelId = "claude-3-sonnet"; - - applyExtraParamsToAgent(agent, cfg, provider, modelId); - - // Verify streamFn was set (indicating cache retention was applied) - expect(agent.streamFn).toBeDefined(); + applyAndExpectWrapped({ + modelId: "claude-3-sonnet", + provider: "anthropic", + }); // The fact that agent.streamFn was modified indicates that cacheRetention // default "short" was applied. We don't need to call the actual function @@ -28,75 +42,63 @@ describe("cacheRetention default behavior", () => { }); it("respects explicit 'none' config", () => { - const agent: { streamFn?: StreamFn } = {}; - const cfg = { - agents: { - defaults: { - models: { - "anthropic/claude-3-sonnet": { - params: { - cacheRetention: "none" as const, + applyAndExpectWrapped({ + cfg: { + agents: { + defaults: { + models: { + "anthropic/claude-3-sonnet": { + params: { + cacheRetention: "none" as const, + }, }, }, }, }, }, - }; - const provider = "anthropic"; - const modelId = "claude-3-sonnet"; - - applyExtraParamsToAgent(agent, cfg, provider, modelId); - - // Verify streamFn was set (config was applied) - expect(agent.streamFn).toBeDefined(); + modelId: "claude-3-sonnet", + provider: "anthropic", + }); }); it("respects explicit 'long' config", () => { - const agent: { streamFn?: StreamFn } = {}; - const cfg = { - agents: { - defaults: { - models: { - "anthropic/claude-3-opus": { - params: { - cacheRetention: "long" as const, + applyAndExpectWrapped({ + cfg: { + agents: { + defaults: { + models: { + "anthropic/claude-3-opus": { + params: { + cacheRetention: "long" as const, + }, }, }, }, }, }, - }; - const provider = "anthropic"; - const modelId = "claude-3-opus"; - - applyExtraParamsToAgent(agent, cfg, provider, modelId); - - // Verify streamFn was set (config was applied) - expect(agent.streamFn).toBeDefined(); + modelId: "claude-3-opus", + provider: "anthropic", + }); }); it("respects legacy cacheControlTtl config", () => { - const agent: { streamFn?: StreamFn } = {}; - const cfg = { - agents: { - defaults: { - models: { - "anthropic/claude-3-haiku": { - params: { - cacheControlTtl: "1h", + applyAndExpectWrapped({ + cfg: { + agents: { + defaults: { + models: { + "anthropic/claude-3-haiku": { + params: { + cacheControlTtl: "1h", + }, }, }, }, }, }, - }; - const provider = "anthropic"; - const modelId = "claude-3-haiku"; - - applyExtraParamsToAgent(agent, cfg, provider, modelId); - - // Verify streamFn was set (legacy config was applied) - expect(agent.streamFn).toBeDefined(); + modelId: "claude-3-haiku", + provider: "anthropic", + }); }); it("returns undefined for non-Anthropic providers", () => { @@ -113,42 +115,33 @@ describe("cacheRetention default behavior", () => { }); it("prefers explicit cacheRetention over default", () => { - const agent: { streamFn?: StreamFn } = {}; - const cfg = { - agents: { - defaults: { - models: { - "anthropic/claude-3-sonnet": { - params: { - cacheRetention: "long" as const, - temperature: 0.7, + applyAndExpectWrapped({ + cfg: { + agents: { + defaults: { + models: { + "anthropic/claude-3-sonnet": { + params: { + cacheRetention: "long" as const, + temperature: 0.7, + }, }, }, }, }, }, - }; - const provider = "anthropic"; - const modelId = "claude-3-sonnet"; - - applyExtraParamsToAgent(agent, cfg, provider, modelId); - - // Verify streamFn was set with explicit config - expect(agent.streamFn).toBeDefined(); + modelId: "claude-3-sonnet", + provider: "anthropic", + }); }); it("works with extraParamsOverride", () => { - const agent: { streamFn?: StreamFn } = {}; - const cfg = undefined; - const provider = "anthropic"; - const modelId = "claude-3-sonnet"; - const extraParamsOverride = { - cacheRetention: "none" as const, - }; - - applyExtraParamsToAgent(agent, cfg, provider, modelId, extraParamsOverride); - - // Verify streamFn was set (override was applied) - expect(agent.streamFn).toBeDefined(); + applyAndExpectWrapped({ + extraParamsOverride: { + cacheRetention: "none" as const, + }, + modelId: "claude-3-sonnet", + provider: "anthropic", + }); }); }); diff --git a/src/agents/pi-embedded-runner/extra-params.kilocode.test.ts b/src/agents/pi-embedded-runner/extra-params.kilocode.test.ts index c4e81d2d804..4ebd56c5d05 100644 --- a/src/agents/pi-embedded-runner/extra-params.kilocode.test.ts +++ b/src/agents/pi-embedded-runner/extra-params.kilocode.test.ts @@ -1,15 +1,8 @@ -import type { StreamFn } from "@mariozechner/pi-agent-core"; -import type { Context, Model } from "@mariozechner/pi-ai"; -import { createAssistantMessageEventStream } from "@mariozechner/pi-ai"; +import type { Model } from "@mariozechner/pi-ai"; import { afterEach, describe, expect, it } from "vitest"; import type { OpenClawConfig } from "../../config/config.js"; import { captureEnv } from "../../test-utils/env.js"; -import { applyExtraParamsToAgent } from "./extra-params.js"; - -type CapturedCall = { - headers?: Record; - payload?: Record; -}; +import { runExtraParamsCase } from "./extra-params.test-support.js"; const TEST_CFG = { plugins: { @@ -26,30 +19,39 @@ function applyAndCapture(params: { modelId: string; callerHeaders?: Record; cfg?: OpenClawConfig; -}): CapturedCall { - const captured: CapturedCall = {}; - - const baseStreamFn: StreamFn = (model, _context, options) => { - captured.headers = options?.headers; - options?.onPayload?.({}, model); - return createAssistantMessageEventStream(); - }; - const agent = { streamFn: baseStreamFn }; - - applyExtraParamsToAgent(agent, params.cfg ?? TEST_CFG, params.provider, params.modelId); - - const model = { - api: "openai-completions", - provider: params.provider, - id: params.modelId, - } as Model<"openai-completions">; - const context: Context = { messages: [] }; - - void agent.streamFn?.(model, context, { - headers: params.callerHeaders, +}) { + return runExtraParamsCase({ + applyModelId: params.modelId, + applyProvider: params.provider, + callerHeaders: params.callerHeaders, + cfg: params.cfg ?? TEST_CFG, + model: { + api: "openai-completions", + provider: params.provider, + id: params.modelId, + } as Model<"openai-completions">, + payload: {}, }); +} - return captured; +function applyAndCaptureReasoning(params: { + cfg?: OpenClawConfig; + modelId: string; + initialPayload?: Record; + thinkingLevel?: "minimal" | "low" | "medium" | "high"; +}) { + return runExtraParamsCase({ + applyModelId: params.modelId, + applyProvider: "kilocode", + cfg: params.cfg ?? TEST_CFG, + model: { + api: "openai-completions", + provider: "kilocode", + id: params.modelId, + } as Model<"openai-completions">, + payload: { ...params.initialPayload }, + thinkingLevel: params.thinkingLevel ?? "high", + }).payload; } describe("extra-params: Kilocode wrapper", () => { @@ -121,27 +123,10 @@ describe("extra-params: Kilocode wrapper", () => { describe("extra-params: Kilocode kilo/auto reasoning", () => { it("does not inject reasoning.effort for kilo/auto", () => { - let capturedPayload: Record | undefined; - - const baseStreamFn: StreamFn = (model, _context, options) => { - const payload: Record = { reasoning_effort: "high" }; - options?.onPayload?.(payload, model); - capturedPayload = payload; - return createAssistantMessageEventStream(); - }; - const agent = { streamFn: baseStreamFn }; - - // Pass thinking level explicitly (6th parameter) to trigger reasoning injection - applyExtraParamsToAgent(agent, TEST_CFG, "kilocode", "kilo/auto", undefined, "high"); - - const model = { - api: "openai-completions", - provider: "kilocode", - id: "kilo/auto", - } as Model<"openai-completions">; - const context: Context = { messages: [] }; - - void agent.streamFn?.(model, context, {}); + const capturedPayload = applyAndCaptureReasoning({ + modelId: "kilo/auto", + initialPayload: { reasoning_effort: "high" }, + }) as Record; // kilo/auto should not have reasoning injected expect(capturedPayload?.reasoning).toBeUndefined(); @@ -149,95 +134,40 @@ describe("extra-params: Kilocode kilo/auto reasoning", () => { }); it("injects reasoning.effort for non-auto kilocode models", () => { - let capturedPayload: Record | undefined; - - const baseStreamFn: StreamFn = (model, _context, options) => { - const payload: Record = {}; - options?.onPayload?.(payload, model); - capturedPayload = payload; - return createAssistantMessageEventStream(); - }; - const agent = { streamFn: baseStreamFn }; - - applyExtraParamsToAgent( - agent, - TEST_CFG, - "kilocode", - "anthropic/claude-sonnet-4", - undefined, - "high", - ); - - const model = { - api: "openai-completions", - provider: "kilocode", - id: "anthropic/claude-sonnet-4", - } as Model<"openai-completions">; - const context: Context = { messages: [] }; - - void agent.streamFn?.(model, context, {}); + const capturedPayload = applyAndCaptureReasoning({ + modelId: "anthropic/claude-sonnet-4", + }) as Record; // Non-auto models should have reasoning injected expect(capturedPayload?.reasoning).toEqual({ effort: "high" }); }); it("still normalizes reasoning for Kilocode under restrictive plugins.allow", () => { - let capturedPayload: Record | undefined; - - const baseStreamFn: StreamFn = (model, _context, options) => { - const payload: Record = {}; - options?.onPayload?.(payload, model); - capturedPayload = payload; - return createAssistantMessageEventStream(); - }; - const agent = { streamFn: baseStreamFn }; - - applyExtraParamsToAgent( - agent, - { + const capturedPayload = applyAndCaptureReasoning({ + cfg: { plugins: { allow: ["openrouter"], }, }, - "kilocode", - "anthropic/claude-sonnet-4", - undefined, - "high", - ); - - const model = { - api: "openai-completions", - provider: "kilocode", - id: "anthropic/claude-sonnet-4", - } as Model<"openai-completions">; - const context: Context = { messages: [] }; - - void agent.streamFn?.(model, context, {}); + modelId: "anthropic/claude-sonnet-4", + }) as Record; expect(capturedPayload?.reasoning).toEqual({ effort: "high" }); }); it("does not inject reasoning.effort for x-ai models", () => { - let capturedPayload: Record | undefined; - - const baseStreamFn: StreamFn = (model, _context, options) => { - const payload: Record = { reasoning_effort: "high" }; - options?.onPayload?.(payload, model); - capturedPayload = payload; - return createAssistantMessageEventStream(); - }; - const agent = { streamFn: baseStreamFn }; - - applyExtraParamsToAgent(agent, TEST_CFG, "kilocode", "x-ai/grok-3", undefined, "high"); - - const model = { - api: "openai-completions", - provider: "kilocode", - id: "x-ai/grok-3", - } as Model<"openai-completions">; - const context: Context = { messages: [] }; - - void agent.streamFn?.(model, context, {}); + const capturedPayload = runExtraParamsCase({ + applyModelId: "x-ai/grok-3", + applyProvider: "kilocode", + cfg: TEST_CFG, + model: { + api: "openai-completions", + provider: "kilocode", + id: "x-ai/grok-3", + } as Model<"openai-completions">, + payload: { reasoning_effort: "high" }, + thinkingLevel: "high", + }).payload as Record; // x-ai models reject reasoning.effort — should be skipped expect(capturedPayload?.reasoning).toBeUndefined(); diff --git a/src/agents/pi-embedded-runner/extra-params.openai.test.ts b/src/agents/pi-embedded-runner/extra-params.openai.test.ts new file mode 100644 index 00000000000..f7f033f5827 --- /dev/null +++ b/src/agents/pi-embedded-runner/extra-params.openai.test.ts @@ -0,0 +1,95 @@ +import type { Model } from "@mariozechner/pi-ai"; +import { afterEach, describe, expect, it } from "vitest"; +import { captureEnv } from "../../test-utils/env.js"; +import { runExtraParamsCase } from "./extra-params.test-support.js"; + +function applyAndCapture(params: { + provider: string; + modelId: string; + baseUrl?: string; + callerHeaders?: Record; +}) { + return runExtraParamsCase({ + applyModelId: params.modelId, + applyProvider: params.provider, + callerHeaders: params.callerHeaders, + model: { + api: "openai-responses", + provider: params.provider, + id: params.modelId, + baseUrl: params.baseUrl, + } as Model<"openai-responses">, + payload: {}, + }); +} + +describe("extra-params: OpenAI attribution", () => { + const envSnapshot = captureEnv(["OPENCLAW_VERSION"]); + + afterEach(() => { + envSnapshot.restore(); + }); + + it("injects originator and release-based user agent for native OpenAI", () => { + process.env.OPENCLAW_VERSION = "2026.3.14"; + + const { headers } = applyAndCapture({ + provider: "openai", + modelId: "gpt-5.4", + baseUrl: "https://api.openai.com/v1", + }); + + expect(headers).toEqual({ + originator: "openclaw", + "User-Agent": "openclaw/2026.3.14", + }); + }); + + it("overrides caller-supplied OpenAI attribution headers", () => { + process.env.OPENCLAW_VERSION = "2026.3.14"; + + const { headers } = applyAndCapture({ + provider: "openai", + modelId: "gpt-5.4", + baseUrl: "https://api.openai.com/v1", + callerHeaders: { + originator: "spoofed", + "User-Agent": "spoofed/0.0.0", + "X-Custom": "1", + }, + }); + + expect(headers).toEqual({ + originator: "openclaw", + "User-Agent": "openclaw/2026.3.14", + "X-Custom": "1", + }); + }); + + it("does not inject attribution on non-native OpenAI-compatible base URLs", () => { + process.env.OPENCLAW_VERSION = "2026.3.14"; + + const { headers } = applyAndCapture({ + provider: "openai", + modelId: "gpt-5.4", + baseUrl: "https://proxy.example.com/v1", + }); + + expect(headers).toBeUndefined(); + }); + + it("injects attribution for ChatGPT-backed OpenAI Codex traffic", () => { + process.env.OPENCLAW_VERSION = "2026.3.14"; + + const { headers } = applyAndCapture({ + provider: "openai-codex", + modelId: "gpt-5.4", + baseUrl: "https://chatgpt.com/backend-api", + }); + + expect(headers).toEqual({ + originator: "openclaw", + "User-Agent": "openclaw/2026.3.14", + }); + }); +}); diff --git a/src/agents/pi-embedded-runner/extra-params.openrouter-cache-control.test.ts b/src/agents/pi-embedded-runner/extra-params.openrouter-cache-control.test.ts index 8a09d9af547..08010bb0b20 100644 --- a/src/agents/pi-embedded-runner/extra-params.openrouter-cache-control.test.ts +++ b/src/agents/pi-embedded-runner/extra-params.openrouter-cache-control.test.ts @@ -1,9 +1,6 @@ -import type { StreamFn } from "@mariozechner/pi-agent-core"; -import type { Context, Model } from "@mariozechner/pi-ai"; -import { createAssistantMessageEventStream } from "@mariozechner/pi-ai"; +import type { Model } from "@mariozechner/pi-ai"; import { describe, expect, it } from "vitest"; -import type { OpenClawConfig } from "../../config/config.js"; -import { applyExtraParamsToAgent } from "./extra-params.js"; +import { runExtraParamsCase } from "./extra-params.test-support.js"; type StreamPayload = { messages: Array<{ @@ -13,31 +10,23 @@ type StreamPayload = { }; function runOpenRouterPayload(payload: StreamPayload, modelId: string) { - const baseStreamFn: StreamFn = (model, _context, options) => { - options?.onPayload?.(payload, model); - return createAssistantMessageEventStream(); - }; - const agent = { streamFn: baseStreamFn }; - const cfg = { - plugins: { - entries: { - openrouter: { - enabled: true, + runExtraParamsCase({ + cfg: { + plugins: { + entries: { + openrouter: { + enabled: true, + }, }, }, }, - } satisfies OpenClawConfig; - - applyExtraParamsToAgent(agent, cfg, "openrouter", modelId); - - const model = { - api: "openai-completions", - provider: "openrouter", - id: modelId, - } as Model<"openai-completions">; - const context: Context = { messages: [] }; - - void agent.streamFn?.(model, context, {}); + model: { + api: "openai-completions", + provider: "openrouter", + id: modelId, + } as Model<"openai-completions">, + payload, + }); } describe("extra-params: OpenRouter Anthropic cache_control", () => { diff --git a/src/agents/pi-embedded-runner/extra-params.test-support.ts b/src/agents/pi-embedded-runner/extra-params.test-support.ts new file mode 100644 index 00000000000..ae4fdb9edc3 --- /dev/null +++ b/src/agents/pi-embedded-runner/extra-params.test-support.ts @@ -0,0 +1,56 @@ +import type { StreamFn } from "@mariozechner/pi-agent-core"; +import type { Context, Model, SimpleStreamOptions } from "@mariozechner/pi-ai"; +import type { OpenClawConfig } from "../../config/config.js"; +import { applyExtraParamsToAgent } from "./extra-params.js"; + +export type ExtraParamsCapture> = { + headers?: Record; + payload: TPayload; +}; + +type RunExtraParamsCaseParams< + TApi extends "openai-completions" | "openai-responses", + TPayload extends Record, +> = { + applyModelId?: string; + applyProvider?: string; + callerHeaders?: Record; + cfg?: OpenClawConfig; + model: Model; + options?: SimpleStreamOptions; + payload: TPayload; + thinkingLevel?: "minimal" | "low" | "medium" | "high"; +}; + +export function runExtraParamsCase< + TApi extends "openai-completions" | "openai-responses", + TPayload extends Record, +>(params: RunExtraParamsCaseParams): ExtraParamsCapture { + const captured: ExtraParamsCapture = { + payload: params.payload, + }; + + const baseStreamFn: StreamFn = (model, _context, options) => { + captured.headers = options?.headers; + options?.onPayload?.(params.payload, model); + return {} as ReturnType; + }; + const agent = { streamFn: baseStreamFn }; + + applyExtraParamsToAgent( + agent, + params.cfg, + params.applyProvider ?? params.model.provider, + params.applyModelId ?? params.model.id, + undefined, + params.thinkingLevel, + ); + + const context: Context = { messages: [] }; + void agent.streamFn?.(params.model, context, { + ...params.options, + headers: params.callerHeaders ?? params.options?.headers, + }); + + return captured; +} diff --git a/src/agents/pi-embedded-runner/extra-params.ts b/src/agents/pi-embedded-runner/extra-params.ts index 713b193d7e7..e3aa8b1dbcc 100644 --- a/src/agents/pi-embedded-runner/extra-params.ts +++ b/src/agents/pi-embedded-runner/extra-params.ts @@ -26,6 +26,7 @@ import { shouldApplySiliconFlowThinkingOffCompat, } from "./moonshot-stream-wrappers.js"; import { + createOpenAIAttributionHeadersWrapper, createOpenAIDefaultTransportWrapper, createOpenAIFastModeWrapper, createOpenAIResponsesContextManagementWrapper, @@ -264,7 +265,7 @@ function createParallelToolCallsWrapper( /** * Apply extra params (like temperature) to an agent's streamFn. - * Also adds OpenRouter app attribution headers when using the OpenRouter provider. + * Also applies verified provider-specific request wrappers, such as OpenRouter attribution. * * @internal Exported for testing */ @@ -303,9 +304,12 @@ export function applyExtraParamsToAgent( }, }) ?? merged; - if (provider === "openai") { - // Default OpenAI Responses to WebSocket-first with transparent SSE fallback. - agent.streamFn = createOpenAIDefaultTransportWrapper(agent.streamFn); + if (provider === "openai" || provider === "openai-codex") { + if (provider === "openai") { + // Default OpenAI Responses to WebSocket-first with transparent SSE fallback. + agent.streamFn = createOpenAIDefaultTransportWrapper(agent.streamFn); + } + agent.streamFn = createOpenAIAttributionHeadersWrapper(agent.streamFn); } const wrappedStreamFn = createStreamFnWithExtraParams( agent.streamFn, diff --git a/src/agents/pi-embedded-runner/extra-params.zai-tool-stream.test.ts b/src/agents/pi-embedded-runner/extra-params.zai-tool-stream.test.ts index f7262a66798..ca22149990f 100644 --- a/src/agents/pi-embedded-runner/extra-params.zai-tool-stream.test.ts +++ b/src/agents/pi-embedded-runner/extra-params.zai-tool-stream.test.ts @@ -1,7 +1,7 @@ -import type { StreamFn } from "@mariozechner/pi-agent-core"; -import type { Context, Model, SimpleStreamOptions } from "@mariozechner/pi-ai"; +import type { Model, SimpleStreamOptions } from "@mariozechner/pi-ai"; import { describe, expect, it, vi } from "vitest"; -import { applyExtraParamsToAgent } from "./extra-params.js"; +import type { OpenClawConfig } from "../../config/config.js"; +import { runExtraParamsCase } from "./extra-params.test-support.js"; // Mock streamSimple for testing vi.mock("@mariozechner/pi-ai", () => ({ @@ -15,24 +15,19 @@ type ToolStreamCase = { applyProvider: string; applyModelId: string; model: Model<"openai-completions">; - cfg?: Parameters[1]; + cfg?: OpenClawConfig; options?: SimpleStreamOptions; }; function runToolStreamCase(params: ToolStreamCase) { - const payload: Record = { model: params.model.id, messages: [] }; - const baseStreamFn: StreamFn = (model, _context, options) => { - options?.onPayload?.(payload, model); - return {} as ReturnType; - }; - const agent = { streamFn: baseStreamFn }; - - applyExtraParamsToAgent(agent, params.cfg, params.applyProvider, params.applyModelId); - - const context: Context = { messages: [] }; - void agent.streamFn?.(params.model, context, params.options ?? {}); - - return payload; + return runExtraParamsCase({ + applyModelId: params.applyModelId, + applyProvider: params.applyProvider, + cfg: params.cfg, + model: params.model, + options: params.options, + payload: { model: params.model.id, messages: [] }, + }).payload as Record; } describe("extra-params: Z.AI tool_stream support", () => { diff --git a/src/agents/pi-embedded-runner/google.test.ts b/src/agents/pi-embedded-runner/google.test.ts index d0a04665c68..efea86819b2 100644 --- a/src/agents/pi-embedded-runner/google.test.ts +++ b/src/agents/pi-embedded-runner/google.test.ts @@ -11,6 +11,18 @@ describe("sanitizeToolsForGoogle", () => { execute: async () => ({ ok: true, content: [] }), }) as unknown as AgentTool; + const createSchemaToolWithFormat = () => + createTool({ + type: "object", + additionalProperties: false, + properties: { + foo: { + type: "string", + format: "uuid", + }, + }, + }); + const expectFormatRemoved = ( sanitized: AgentTool, key: "additionalProperties" | "patternProperties", @@ -25,16 +37,7 @@ describe("sanitizeToolsForGoogle", () => { }; it("strips unsupported schema keywords for Google providers", () => { - const tool = createTool({ - type: "object", - additionalProperties: false, - properties: { - foo: { - type: "string", - format: "uuid", - }, - }, - }); + const tool = createSchemaToolWithFormat(); const [sanitized] = sanitizeToolsForGoogle({ tools: [tool], provider: "google-gemini-cli", @@ -43,16 +46,7 @@ describe("sanitizeToolsForGoogle", () => { }); it("returns original tools for non-google providers", () => { - const tool = createTool({ - type: "object", - additionalProperties: false, - properties: { - foo: { - type: "string", - format: "uuid", - }, - }, - }); + const tool = createSchemaToolWithFormat(); const sanitized = sanitizeToolsForGoogle({ tools: [tool], provider: "openai", diff --git a/src/agents/pi-embedded-runner/kilocode.test.ts b/src/agents/pi-embedded-runner/kilocode.test.ts index cbb626d8ba7..71b84f06e32 100644 --- a/src/agents/pi-embedded-runner/kilocode.test.ts +++ b/src/agents/pi-embedded-runner/kilocode.test.ts @@ -2,12 +2,10 @@ import { describe, expect, it } from "vitest"; import { isCacheTtlEligibleProvider } from "./cache-ttl.js"; describe("kilocode cache-ttl eligibility", () => { - it("is eligible when model starts with anthropic/", () => { - expect(isCacheTtlEligibleProvider("kilocode", "anthropic/claude-opus-4.6")).toBe(true); - }); - - it("is eligible with other anthropic models", () => { - expect(isCacheTtlEligibleProvider("kilocode", "anthropic/claude-sonnet-4")).toBe(true); + it("allows anthropic models", () => { + for (const modelId of ["anthropic/claude-opus-4.6", "anthropic/claude-sonnet-4"] as const) { + expect(isCacheTtlEligibleProvider("kilocode", modelId)).toBe(true); + } }); it("is not eligible for non-anthropic models on kilocode", () => { @@ -15,7 +13,11 @@ describe("kilocode cache-ttl eligibility", () => { }); it("is case-insensitive for provider name", () => { - expect(isCacheTtlEligibleProvider("Kilocode", "anthropic/claude-opus-4.6")).toBe(true); - expect(isCacheTtlEligibleProvider("KILOCODE", "Anthropic/claude-opus-4.6")).toBe(true); + for (const [provider, modelId] of [ + ["Kilocode", "anthropic/claude-opus-4.6"], + ["KILOCODE", "Anthropic/claude-opus-4.6"], + ] as const) { + expect(isCacheTtlEligibleProvider(provider, modelId)).toBe(true); + } }); }); diff --git a/src/agents/pi-embedded-runner/lanes.test.ts b/src/agents/pi-embedded-runner/lanes.test.ts index f3625ddc6ec..c0294dd5b9d 100644 --- a/src/agents/pi-embedded-runner/lanes.test.ts +++ b/src/agents/pi-embedded-runner/lanes.test.ts @@ -5,40 +5,52 @@ import { resolveGlobalLane, resolveSessionLane } from "./lanes.js"; describe("resolveGlobalLane", () => { it("defaults to main lane when no lane is provided", () => { expect(resolveGlobalLane()).toBe(CommandLane.Main); - expect(resolveGlobalLane("")).toBe(CommandLane.Main); - expect(resolveGlobalLane(" ")).toBe(CommandLane.Main); + for (const lane of ["", " "]) { + expect(resolveGlobalLane(lane)).toBe(CommandLane.Main); + } }); it("maps cron lane to nested lane to prevent deadlocks", () => { // When cron jobs trigger nested agent runs, the outer execution holds // the cron lane slot. Inner work must use a separate lane to avoid // deadlock. See: https://github.com/openclaw/openclaw/issues/44805 - expect(resolveGlobalLane("cron")).toBe(CommandLane.Nested); - expect(resolveGlobalLane(" cron ")).toBe(CommandLane.Nested); + for (const lane of ["cron", " cron "]) { + expect(resolveGlobalLane(lane)).toBe(CommandLane.Nested); + } }); it("preserves other lanes as-is", () => { - expect(resolveGlobalLane("main")).toBe(CommandLane.Main); - expect(resolveGlobalLane("subagent")).toBe(CommandLane.Subagent); - expect(resolveGlobalLane("nested")).toBe(CommandLane.Nested); - expect(resolveGlobalLane("custom-lane")).toBe("custom-lane"); - expect(resolveGlobalLane(" custom ")).toBe("custom"); + for (const [lane, expected] of [ + ["main", CommandLane.Main], + ["subagent", CommandLane.Subagent], + ["nested", CommandLane.Nested], + ["custom-lane", "custom-lane"], + [" custom ", "custom"], + ] as const) { + expect(resolveGlobalLane(lane)).toBe(expected); + } }); }); describe("resolveSessionLane", () => { it("defaults to main lane and prefixes with session:", () => { - expect(resolveSessionLane("")).toBe("session:main"); - expect(resolveSessionLane(" ")).toBe("session:main"); + for (const lane of ["", " "]) { + expect(resolveSessionLane(lane)).toBe("session:main"); + } }); it("adds session: prefix if not present", () => { - expect(resolveSessionLane("abc123")).toBe("session:abc123"); - expect(resolveSessionLane(" xyz ")).toBe("session:xyz"); + for (const [lane, expected] of [ + ["abc123", "session:abc123"], + [" xyz ", "session:xyz"], + ] as const) { + expect(resolveSessionLane(lane)).toBe(expected); + } }); it("preserves existing session: prefix", () => { - expect(resolveSessionLane("session:abc")).toBe("session:abc"); - expect(resolveSessionLane("session:main")).toBe("session:main"); + for (const lane of ["session:abc", "session:main"]) { + expect(resolveSessionLane(lane)).toBe(lane); + } }); }); diff --git a/src/agents/pi-embedded-runner/model.test-harness.ts b/src/agents/pi-embedded-runner/model.test-harness.ts index 21434557c79..b91ca8b8c5f 100644 --- a/src/agents/pi-embedded-runner/model.test-harness.ts +++ b/src/agents/pi-embedded-runner/model.test-harness.ts @@ -25,14 +25,18 @@ export const OPENAI_CODEX_TEMPLATE_MODEL = { maxTokens: 128000, }; -export function mockOpenAICodexTemplateModel(): void { +function mockTemplateModel(provider: string, modelId: string, templateModel: unknown): void { mockDiscoveredModel({ - provider: "openai-codex", - modelId: "gpt-5.2-codex", - templateModel: OPENAI_CODEX_TEMPLATE_MODEL, + provider, + modelId, + templateModel, }); } +export function mockOpenAICodexTemplateModel(): void { + mockTemplateModel("openai-codex", "gpt-5.2-codex", OPENAI_CODEX_TEMPLATE_MODEL); +} + export function buildOpenAICodexForwardCompatExpectation( id: string = "gpt-5.3-codex", ): Partial & { @@ -85,19 +89,19 @@ export const GOOGLE_GEMINI_CLI_FLASH_TEMPLATE_MODEL = { }; export function mockGoogleGeminiCliProTemplateModel(): void { - mockDiscoveredModel({ - provider: "google-gemini-cli", - modelId: "gemini-3-pro-preview", - templateModel: GOOGLE_GEMINI_CLI_PRO_TEMPLATE_MODEL, - }); + mockTemplateModel( + "google-gemini-cli", + "gemini-3-pro-preview", + GOOGLE_GEMINI_CLI_PRO_TEMPLATE_MODEL, + ); } export function mockGoogleGeminiCliFlashTemplateModel(): void { - mockDiscoveredModel({ - provider: "google-gemini-cli", - modelId: "gemini-3-flash-preview", - templateModel: GOOGLE_GEMINI_CLI_FLASH_TEMPLATE_MODEL, - }); + mockTemplateModel( + "google-gemini-cli", + "gemini-3-flash-preview", + GOOGLE_GEMINI_CLI_FLASH_TEMPLATE_MODEL, + ); } export function resetMockDiscoverModels(): void { diff --git a/src/agents/pi-embedded-runner/model.test.ts b/src/agents/pi-embedded-runner/model.test.ts index 47da838cc6a..a66cb697cb4 100644 --- a/src/agents/pi-embedded-runner/model.test.ts +++ b/src/agents/pi-embedded-runner/model.test.ts @@ -1129,13 +1129,13 @@ describe("resolveModel", () => { it("lets provider config override registry-found kimi user agent headers", () => { mockDiscoveredModel({ - provider: "kimi-coding", - modelId: "k2p5", + provider: "kimi", + modelId: "kimi-code", templateModel: { ...buildForwardCompatTemplate({ - id: "k2p5", - name: "Kimi for Coding", - provider: "kimi-coding", + id: "kimi-code", + name: "Kimi Code", + provider: "kimi", api: "anthropic-messages", baseUrl: "https://api.kimi.com/coding/", }), @@ -1146,7 +1146,7 @@ describe("resolveModel", () => { const cfg = { models: { providers: { - "kimi-coding": { + kimi: { headers: { "User-Agent": "custom-kimi-client/1.0", "X-Kimi-Tenant": "tenant-a", @@ -1156,8 +1156,9 @@ describe("resolveModel", () => { }, } as unknown as OpenClawConfig; - const result = resolveModel("kimi-coding", "k2p5", "/tmp/agent", cfg); + const result = resolveModel("kimi", "kimi-code", "/tmp/agent", cfg); expect(result.error).toBeUndefined(); + expect(result.model?.id).toBe("kimi-for-coding"); expect((result.model as unknown as { headers?: Record }).headers).toEqual({ "User-Agent": "custom-kimi-client/1.0", "X-Kimi-Tenant": "tenant-a", diff --git a/src/agents/pi-embedded-runner/openai-stream-wrappers.ts b/src/agents/pi-embedded-runner/openai-stream-wrappers.ts index 8542f329cbe..4131a33f08d 100644 --- a/src/agents/pi-embedded-runner/openai-stream-wrappers.ts +++ b/src/agents/pi-embedded-runner/openai-stream-wrappers.ts @@ -1,6 +1,7 @@ import type { StreamFn } from "@mariozechner/pi-agent-core"; import type { SimpleStreamOptions } from "@mariozechner/pi-ai"; import { streamSimple } from "@mariozechner/pi-ai"; +import { resolveProviderAttributionHeaders } from "../provider-attribution.js"; import { log } from "./logger.js"; import { streamWithPayloadPatch } from "./stream-payload-utils.js"; @@ -42,6 +43,40 @@ function isOpenAIPublicApiBaseUrl(baseUrl: unknown): boolean { } } +function isOpenAICodexBaseUrl(baseUrl: unknown): boolean { + if (typeof baseUrl !== "string" || !baseUrl.trim()) { + return false; + } + + try { + return new URL(baseUrl).hostname.toLowerCase() === "chatgpt.com"; + } catch { + return baseUrl.toLowerCase().includes("chatgpt.com"); + } +} + +function shouldApplyOpenAIAttributionHeaders(model: { + api?: unknown; + provider?: unknown; + baseUrl?: unknown; +}): "openai" | "openai-codex" | undefined { + if ( + model.provider === "openai" && + (model.api === "openai-completions" || model.api === "openai-responses") && + isOpenAIPublicApiBaseUrl(model.baseUrl) + ) { + return "openai"; + } + if ( + model.provider === "openai-codex" && + (model.api === "openai-codex-responses" || model.api === "openai-responses") && + isOpenAICodexBaseUrl(model.baseUrl) + ) { + return "openai-codex"; + } + return undefined; +} + function shouldForceResponsesStore(model: { api?: unknown; provider?: unknown; @@ -357,3 +392,22 @@ export function createOpenAIDefaultTransportWrapper(baseStreamFn: StreamFn | und return underlying(model, context, mergedOptions); }; } + +export function createOpenAIAttributionHeadersWrapper( + baseStreamFn: StreamFn | undefined, +): StreamFn { + const underlying = baseStreamFn ?? streamSimple; + return (model, context, options) => { + const attributionProvider = shouldApplyOpenAIAttributionHeaders(model); + if (!attributionProvider) { + return underlying(model, context, options); + } + return underlying(model, context, { + ...options, + headers: { + ...options?.headers, + ...resolveProviderAttributionHeaders(attributionProvider), + }, + }); + }; +} diff --git a/src/agents/pi-embedded-runner/openrouter-model-capabilities.test.ts b/src/agents/pi-embedded-runner/openrouter-model-capabilities.test.ts index aa830c13d4d..a2bca6a30e4 100644 --- a/src/agents/pi-embedded-runner/openrouter-model-capabilities.test.ts +++ b/src/agents/pi-embedded-runner/openrouter-model-capabilities.test.ts @@ -3,6 +3,16 @@ import { tmpdir } from "node:os"; import { join } from "node:path"; import { afterEach, describe, expect, it, vi } from "vitest"; +async function withOpenRouterStateDir(run: (stateDir: string) => Promise) { + const stateDir = mkdtempSync(join(tmpdir(), "openclaw-openrouter-capabilities-")); + process.env.OPENCLAW_STATE_DIR = stateDir; + try { + await run(stateDir); + } finally { + rmSync(stateDir, { recursive: true, force: true }); + } +} + describe("openrouter-model-capabilities", () => { afterEach(() => { vi.resetModules(); @@ -11,46 +21,42 @@ describe("openrouter-model-capabilities", () => { }); it("uses top-level OpenRouter max token fields when top_provider is absent", async () => { - const stateDir = mkdtempSync(join(tmpdir(), "openclaw-openrouter-capabilities-")); - process.env.OPENCLAW_STATE_DIR = stateDir; + await withOpenRouterStateDir(async () => { + vi.stubGlobal( + "fetch", + vi.fn( + async () => + new Response( + JSON.stringify({ + data: [ + { + id: "acme/top-level-max-completion", + name: "Top Level Max Completion", + architecture: { modality: "text+image->text" }, + supported_parameters: ["reasoning"], + context_length: 65432, + max_completion_tokens: 12345, + pricing: { prompt: "0.000001", completion: "0.000002" }, + }, + { + id: "acme/top-level-max-output", + name: "Top Level Max Output", + modality: "text+image->text", + context_length: 54321, + max_output_tokens: 23456, + pricing: { prompt: "0.000003", completion: "0.000004" }, + }, + ], + }), + { + status: 200, + headers: { "content-type": "application/json" }, + }, + ), + ), + ); - vi.stubGlobal( - "fetch", - vi.fn( - async () => - new Response( - JSON.stringify({ - data: [ - { - id: "acme/top-level-max-completion", - name: "Top Level Max Completion", - architecture: { modality: "text+image->text" }, - supported_parameters: ["reasoning"], - context_length: 65432, - max_completion_tokens: 12345, - pricing: { prompt: "0.000001", completion: "0.000002" }, - }, - { - id: "acme/top-level-max-output", - name: "Top Level Max Output", - modality: "text+image->text", - context_length: 54321, - max_output_tokens: 23456, - pricing: { prompt: "0.000003", completion: "0.000004" }, - }, - ], - }), - { - status: 200, - headers: { "content-type": "application/json" }, - }, - ), - ), - ); - - const module = await import("./openrouter-model-capabilities.js"); - - try { + const module = await import("./openrouter-model-capabilities.js"); await module.loadOpenRouterModelCapabilities("acme/top-level-max-completion"); expect(module.getOpenRouterModelCapabilities("acme/top-level-max-completion")).toMatchObject({ @@ -65,47 +71,39 @@ describe("openrouter-model-capabilities", () => { contextWindow: 54321, maxTokens: 23456, }); - } finally { - rmSync(stateDir, { recursive: true, force: true }); - } + }); }); it("does not refetch immediately after an awaited miss for the same model id", async () => { - const stateDir = mkdtempSync(join(tmpdir(), "openclaw-openrouter-capabilities-")); - process.env.OPENCLAW_STATE_DIR = stateDir; + await withOpenRouterStateDir(async () => { + const fetchSpy = vi.fn( + async () => + new Response( + JSON.stringify({ + data: [ + { + id: "acme/known-model", + name: "Known Model", + architecture: { modality: "text->text" }, + context_length: 1234, + }, + ], + }), + { + status: 200, + headers: { "content-type": "application/json" }, + }, + ), + ); + vi.stubGlobal("fetch", fetchSpy); - const fetchSpy = vi.fn( - async () => - new Response( - JSON.stringify({ - data: [ - { - id: "acme/known-model", - name: "Known Model", - architecture: { modality: "text->text" }, - context_length: 1234, - }, - ], - }), - { - status: 200, - headers: { "content-type": "application/json" }, - }, - ), - ); - vi.stubGlobal("fetch", fetchSpy); - - const module = await import("./openrouter-model-capabilities.js"); - - try { + const module = await import("./openrouter-model-capabilities.js"); await module.loadOpenRouterModelCapabilities("acme/missing-model"); expect(module.getOpenRouterModelCapabilities("acme/missing-model")).toBeUndefined(); expect(fetchSpy).toHaveBeenCalledTimes(1); expect(module.getOpenRouterModelCapabilities("acme/missing-model")).toBeUndefined(); expect(fetchSpy).toHaveBeenCalledTimes(2); - } finally { - rmSync(stateDir, { recursive: true, force: true }); - } + }); }); }); diff --git a/src/agents/pi-embedded-runner/proxy-stream-wrappers.test.ts b/src/agents/pi-embedded-runner/proxy-stream-wrappers.test.ts new file mode 100644 index 00000000000..487d90582ef --- /dev/null +++ b/src/agents/pi-embedded-runner/proxy-stream-wrappers.test.ts @@ -0,0 +1,38 @@ +import type { StreamFn } from "@mariozechner/pi-agent-core"; +import type { Context, Model } from "@mariozechner/pi-ai"; +import { createAssistantMessageEventStream } from "@mariozechner/pi-ai"; +import { describe, expect, it } from "vitest"; +import { createOpenRouterWrapper } from "./proxy-stream-wrappers.js"; + +describe("proxy stream wrappers", () => { + it("adds OpenRouter attribution headers to stream options", () => { + const calls: Array<{ headers?: Record }> = []; + const baseStreamFn: StreamFn = (_model, _context, options) => { + calls.push({ + headers: options?.headers, + }); + return createAssistantMessageEventStream(); + }; + + const wrapped = createOpenRouterWrapper(baseStreamFn); + const model = { + api: "openai-completions", + provider: "openrouter", + id: "openrouter/auto", + } as Model<"openai-completions">; + const context: Context = { messages: [] }; + + void wrapped(model, context, { headers: { "X-Custom": "1" } }); + + expect(calls).toEqual([ + { + headers: { + "HTTP-Referer": "https://openclaw.ai", + "X-OpenRouter-Title": "OpenClaw", + "X-OpenRouter-Categories": "cli-agent", + "X-Custom": "1", + }, + }, + ]); + }); +}); diff --git a/src/agents/pi-embedded-runner/proxy-stream-wrappers.ts b/src/agents/pi-embedded-runner/proxy-stream-wrappers.ts index 4f77c31cfdd..cc5e7596050 100644 --- a/src/agents/pi-embedded-runner/proxy-stream-wrappers.ts +++ b/src/agents/pi-embedded-runner/proxy-stream-wrappers.ts @@ -1,11 +1,7 @@ import type { StreamFn } from "@mariozechner/pi-agent-core"; import { streamSimple } from "@mariozechner/pi-ai"; import type { ThinkLevel } from "../../auto-reply/thinking.js"; - -const OPENROUTER_APP_HEADERS: Record = { - "HTTP-Referer": "https://openclaw.ai", - "X-Title": "OpenClaw", -}; +import { resolveProviderAttributionHeaders } from "../provider-attribution.js"; const KILOCODE_FEATURE_HEADER = "X-KILOCODE-FEATURE"; const KILOCODE_FEATURE_DEFAULT = "openclaw"; const KILOCODE_FEATURE_ENV_VAR = "KILOCODE_FEATURE"; @@ -105,10 +101,11 @@ export function createOpenRouterWrapper( const underlying = baseStreamFn ?? streamSimple; return (model, context, options) => { const onPayload = options?.onPayload; + const attributionHeaders = resolveProviderAttributionHeaders("openrouter"); return underlying(model, context, { ...options, headers: { - ...OPENROUTER_APP_HEADERS, + ...attributionHeaders, ...options?.headers, }, onPayload: (payload) => { diff --git a/src/agents/pi-embedded-runner/run.overflow-compaction.mocks.shared.ts b/src/agents/pi-embedded-runner/run.overflow-compaction.mocks.shared.ts index 53e73e6246d..8451ef54994 100644 --- a/src/agents/pi-embedded-runner/run.overflow-compaction.mocks.shared.ts +++ b/src/agents/pi-embedded-runner/run.overflow-compaction.mocks.shared.ts @@ -156,6 +156,19 @@ vi.mock("./model.js", () => ({ }, modelRegistry: {}, })), + resolveModelAsync: vi.fn(async () => ({ + model: { + id: "test-model", + provider: "anthropic", + contextWindow: 200000, + api: "messages", + }, + error: null, + authStorage: { + setRuntimeApiKey: vi.fn(), + }, + modelRegistry: {}, + })), })); vi.mock("../model-auth.js", () => ({ diff --git a/src/agents/pi-embedded-runner/run.ts b/src/agents/pi-embedded-runner/run.ts index 6ecf34ed93e..3f41357f0e5 100644 --- a/src/agents/pi-embedded-runner/run.ts +++ b/src/agents/pi-embedded-runner/run.ts @@ -302,6 +302,7 @@ export async function runEmbeddedPiAgent( ensureRuntimePluginsLoaded({ config: params.config, workspaceDir: resolvedWorkspace, + allowGatewaySubagentBinding: params.allowGatewaySubagentBinding, }); const prevCwd = process.cwd(); @@ -952,6 +953,7 @@ export async function runEmbeddedPiAgent( workspaceDir: resolvedWorkspace, agentDir, config: params.config, + allowGatewaySubagentBinding: params.allowGatewaySubagentBinding, contextEngine, contextTokenBudget: ctxInfo.tokens, skillsSnapshot: params.skillsSnapshot, diff --git a/src/agents/pi-embedded-runner/run/attempt.spawn-workspace.test.ts b/src/agents/pi-embedded-runner/run/attempt.spawn-workspace.test.ts index e67bb20d88d..fa2bb58fbbc 100644 --- a/src/agents/pi-embedded-runner/run/attempt.spawn-workspace.test.ts +++ b/src/agents/pi-embedded-runner/run/attempt.spawn-workspace.test.ts @@ -18,16 +18,27 @@ import type { IngestBatchResult, IngestResult, } from "../../../context-engine/types.js"; +import type { EmbeddedContextFile } from "../../pi-embedded-helpers.js"; import { createHostSandboxFsBridge } from "../../test-helpers/host-sandbox-fs-bridge.js"; import { createPiToolsSandboxContext } from "../../test-helpers/pi-tools-sandbox-context.js"; +import type { WorkspaceBootstrapFile } from "../../workspace.js"; const hoisted = vi.hoisted(() => { + type BootstrapContext = { + bootstrapFiles: WorkspaceBootstrapFile[]; + contextFiles: EmbeddedContextFile[]; + }; const spawnSubagentDirectMock = vi.fn(); const createAgentSessionMock = vi.fn(); const sessionManagerOpenMock = vi.fn(); const resolveSandboxContextMock = vi.fn(); const subscribeEmbeddedPiSessionMock = vi.fn(); const acquireSessionWriteLockMock = vi.fn(); + const resolveBootstrapContextForRunMock = vi.fn<() => Promise>(async () => ({ + bootstrapFiles: [], + contextFiles: [], + })); + const getGlobalHookRunnerMock = vi.fn<() => unknown>(() => undefined); const sessionManager = { getLeafEntry: vi.fn(() => null), branch: vi.fn(), @@ -42,6 +53,8 @@ const hoisted = vi.hoisted(() => { resolveSandboxContextMock, subscribeEmbeddedPiSessionMock, acquireSessionWriteLockMock, + resolveBootstrapContextForRunMock, + getGlobalHookRunnerMock, sessionManager, }; }); @@ -80,7 +93,7 @@ vi.mock("../../pi-embedded-subscribe.js", () => ({ })); vi.mock("../../../plugins/hook-runner-global.js", () => ({ - getGlobalHookRunner: () => undefined, + getGlobalHookRunner: hoisted.getGlobalHookRunnerMock, })); vi.mock("../../../infra/machine-name.js", () => ({ @@ -94,7 +107,7 @@ vi.mock("../../../infra/net/undici-global-dispatcher.js", () => ({ vi.mock("../../bootstrap-files.js", () => ({ makeBootstrapWarn: () => () => {}, - resolveBootstrapContextForRun: async () => ({ bootstrapFiles: [], contextFiles: [] }), + resolveBootstrapContextForRun: hoisted.resolveBootstrapContextForRunMock, })); vi.mock("../../skills.js", () => ({ @@ -269,6 +282,11 @@ function resetEmbeddedAttemptHarness( hoisted.acquireSessionWriteLockMock.mockReset().mockResolvedValue({ release: async () => {}, }); + hoisted.resolveBootstrapContextForRunMock.mockReset().mockResolvedValue({ + bootstrapFiles: [], + contextFiles: [], + }); + hoisted.getGlobalHookRunnerMock.mockReset().mockReturnValue(undefined); hoisted.sessionManager.getLeafEntry.mockReset().mockReturnValue(null); hoisted.sessionManager.branch.mockReset(); hoisted.sessionManager.resetLeaf.mockReset(); @@ -291,7 +309,11 @@ async function cleanupTempPaths(tempPaths: string[]) { } function createDefaultEmbeddedSession(params?: { - prompt?: (session: MutableSession) => Promise; + prompt?: ( + session: MutableSession, + prompt: string, + options?: { images?: unknown[] }, + ) => Promise; }): MutableSession { const session: MutableSession = { sessionId: "embedded-session", @@ -303,9 +325,9 @@ function createDefaultEmbeddedSession(params?: { session.messages = [...messages]; }, }, - prompt: async () => { + prompt: async (prompt, options) => { if (params?.prompt) { - await params.prompt(session); + await params.prompt(session, prompt, options); return; } session.messages = [ @@ -450,6 +472,90 @@ describe("runEmbeddedAttempt sessions_spawn workspace inheritance", () => { }); }); +describe("runEmbeddedAttempt bootstrap warning prompt assembly", () => { + const tempPaths: string[] = []; + + beforeEach(() => { + resetEmbeddedAttemptHarness({ + subscribeImpl: createSubscriptionMock, + }); + }); + + afterEach(async () => { + await cleanupTempPaths(tempPaths); + }); + + it("keeps bootstrap warnings in the sent prompt after hook prepend context", async () => { + const workspaceDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-warning-workspace-")); + const agentDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-warning-agent-dir-")); + const sessionFile = path.join(workspaceDir, "session.jsonl"); + tempPaths.push(workspaceDir, agentDir); + await fs.writeFile(sessionFile, "", "utf8"); + + hoisted.resolveBootstrapContextForRunMock.mockResolvedValue({ + bootstrapFiles: [ + { + name: "AGENTS.md", + path: path.join(workspaceDir, "AGENTS.md"), + content: "A".repeat(200), + missing: false, + }, + ], + contextFiles: [{ path: "AGENTS.md", content: "A".repeat(20) }], + }); + hoisted.getGlobalHookRunnerMock.mockReturnValue({ + hasHooks: (hookName: string) => hookName === "before_prompt_build", + runBeforePromptBuild: async () => ({ prependContext: "hook context" }), + }); + + let seenPrompt = ""; + hoisted.createAgentSessionMock.mockImplementation(async () => ({ + session: createDefaultEmbeddedSession({ + prompt: async (session, prompt) => { + seenPrompt = prompt; + session.messages = [ + ...session.messages, + { role: "assistant", content: "done", timestamp: 2 }, + ]; + }, + }), + })); + + const result = await runEmbeddedAttempt({ + sessionId: "embedded-session", + sessionKey: "agent:main:main", + sessionFile, + workspaceDir, + agentDir, + config: { + agents: { + defaults: { + bootstrapMaxChars: 50, + bootstrapTotalMaxChars: 50, + }, + }, + }, + prompt: "hello", + timeoutMs: 10_000, + runId: "run-warning", + provider: "openai", + modelId: "gpt-test", + model: testModel, + authStorage: {} as AuthStorage, + modelRegistry: {} as ModelRegistry, + thinkLevel: "off", + senderIsOwner: true, + disableMessageTool: true, + }); + + expect(result.promptError).toBeNull(); + expect(seenPrompt).toContain("hook context"); + expect(seenPrompt).toContain("[Bootstrap truncation warning]"); + expect(seenPrompt).toContain("- AGENTS.md: 200 raw -> 20 injected"); + expect(seenPrompt).toContain("hello"); + }); +}); + describe("runEmbeddedAttempt cache-ttl tracking after compaction", () => { const tempPaths: string[] = []; diff --git a/src/agents/pi-embedded-runner/run/attempt.test.ts b/src/agents/pi-embedded-runner/run/attempt.test.ts index 1953099cf7b..ec85037aefb 100644 --- a/src/agents/pi-embedded-runner/run/attempt.test.ts +++ b/src/agents/pi-embedded-runner/run/attempt.test.ts @@ -17,6 +17,11 @@ import { wrapStreamFnTrimToolCallNames, } from "./attempt.js"; +type FakeWrappedStream = { + result: () => Promise; + [Symbol.asyncIterator]: () => AsyncIterator; +}; + function createOllamaProviderConfig(injectNumCtxForOpenAICompat: boolean): OpenClawConfig { return { models: { @@ -32,6 +37,34 @@ function createOllamaProviderConfig(injectNumCtxForOpenAICompat: boolean): OpenC }; } +function createFakeStream(params: { + events: unknown[]; + resultMessage: unknown; +}): FakeWrappedStream { + return { + async result() { + return params.resultMessage; + }, + [Symbol.asyncIterator]() { + return (async function* () { + for (const event of params.events) { + yield event; + } + })(); + }, + }; +} + +async function invokeWrappedTestStream( + wrap: ( + baseFn: (...args: never[]) => unknown, + ) => (...args: never[]) => FakeWrappedStream | Promise, + baseFn: (...args: never[]) => unknown, +): Promise { + const wrappedFn = wrap(baseFn); + return await Promise.resolve(wrappedFn({} as never, {} as never, {} as never)); +} + describe("resolvePromptBuildHookResult", () => { function createLegacyOnlyHookRunner() { return { @@ -190,30 +223,14 @@ describe("resolveAttemptFsWorkspaceOnly", () => { }); }); describe("wrapStreamFnTrimToolCallNames", () => { - function createFakeStream(params: { events: unknown[]; resultMessage: unknown }): { - result: () => Promise; - [Symbol.asyncIterator]: () => AsyncIterator; - } { - return { - async result() { - return params.resultMessage; - }, - [Symbol.asyncIterator]() { - return (async function* () { - for (const event of params.events) { - yield event; - } - })(); - }, - }; - } - async function invokeWrappedStream( baseFn: (...args: never[]) => unknown, allowedToolNames?: Set, ) { - const wrappedFn = wrapStreamFnTrimToolCallNames(baseFn as never, allowedToolNames); - return await wrappedFn({} as never, {} as never, {} as never); + return await invokeWrappedTestStream( + (innerBaseFn) => wrapStreamFnTrimToolCallNames(innerBaseFn as never, allowedToolNames), + baseFn, + ); } function createEventStream(params: { @@ -725,27 +742,11 @@ describe("wrapStreamFnTrimToolCallNames", () => { }); describe("wrapStreamFnRepairMalformedToolCallArguments", () => { - function createFakeStream(params: { events: unknown[]; resultMessage: unknown }): { - result: () => Promise; - [Symbol.asyncIterator]: () => AsyncIterator; - } { - return { - async result() { - return params.resultMessage; - }, - [Symbol.asyncIterator]() { - return (async function* () { - for (const event of params.events) { - yield event; - } - })(); - }, - }; - } - async function invokeWrappedStream(baseFn: (...args: never[]) => unknown) { - const wrappedFn = wrapStreamFnRepairMalformedToolCallArguments(baseFn as never); - return await wrappedFn({} as never, {} as never, {} as never); + return await invokeWrappedTestStream( + (innerBaseFn) => wrapStreamFnRepairMalformedToolCallArguments(innerBaseFn as never), + baseFn, + ); } it("repairs anthropic-compatible tool arguments when trailing junk follows valid JSON", async () => { diff --git a/src/agents/pi-embedded-runner/run/attempt.ts b/src/agents/pi-embedded-runner/run/attempt.ts index bb2cad960bd..73b7d0fbff6 100644 --- a/src/agents/pi-embedded-runner/run/attempt.ts +++ b/src/agents/pi-embedded-runner/run/attempt.ts @@ -16,11 +16,11 @@ import { ensureGlobalUndiciStreamTimeouts, } from "../../../infra/net/undici-global-dispatcher.js"; import { MAX_IMAGE_BYTES } from "../../../media/constants.js"; -import { resolveSignalReactionLevel } from "../../../plugin-sdk-internal/signal.js"; +import { resolveSignalReactionLevel } from "../../../plugin-sdk/signal.js"; import { resolveTelegramInlineButtonsScope, resolveTelegramReactionLevel, -} from "../../../plugin-sdk-internal/telegram.js"; +} from "../../../plugin-sdk/telegram.js"; import { getGlobalHookRunner } from "../../../plugins/hook-runner-global.js"; import type { PluginHookAgentContext, @@ -41,6 +41,7 @@ import { buildBootstrapPromptWarning, buildBootstrapTruncationReportMeta, buildBootstrapInjectionStats, + prependBootstrapPromptWarning, } from "../../bootstrap-budget.js"; import { makeBootstrapWarn, resolveBootstrapContextForRun } from "../../bootstrap-files.js"; import { createCacheTrace } from "../../cache-trace.js"; @@ -59,6 +60,7 @@ import { supportsModelTools } from "../../model-tool-support.js"; import { createConfiguredOllamaStreamFn } from "../../ollama-stream.js"; import { createOpenAIWebSocketStreamFn, releaseWsSession } from "../../openai-ws-stream.js"; import { resolveOwnerDisplaySetting } from "../../owner-display.js"; +import { createBundleMcpToolRuntime } from "../../pi-bundle-mcp-tools.js"; import { downgradeOpenAIFunctionCallReasoningPairs, isCloudCodeAssistFormatError, @@ -1009,7 +1011,7 @@ function wrapStreamRepairMalformedToolCallArguments( if (!loggedRepairIndices.has(event.contentIndex)) { loggedRepairIndices.add(event.contentIndex); log.warn( - `repairing kimi-coding tool call arguments after ${repair.trailingSuffix.length} trailing chars`, + `repairing Kimi tool call arguments after ${repair.trailingSuffix.length} trailing chars`, ); } } else { @@ -1064,7 +1066,7 @@ export function wrapStreamFnRepairMalformedToolCallArguments(baseFn: StreamFn): } function shouldRepairMalformedAnthropicToolCallArguments(provider?: string): boolean { - return normalizeProviderId(provider ?? "") === "kimi-coding"; + return normalizeProviderId(provider ?? "") === "kimi"; } // --------------------------------------------------------------------------- @@ -1508,6 +1510,7 @@ export async function runEmbeddedAttempt( senderUsername: params.senderUsername, senderE164: params.senderE164, senderIsOwner: params.senderIsOwner, + allowGatewaySubagentBinding: params.allowGatewaySubagentBinding, sessionKey: sandboxSessionKey, sessionId: params.sessionId, runId: params.runId, @@ -1546,11 +1549,25 @@ export async function runEmbeddedAttempt( provider: params.provider, }); const clientTools = toolsEnabled ? params.clientTools : undefined; + const bundleMcpRuntime = toolsEnabled + ? await createBundleMcpToolRuntime({ + workspaceDir: effectiveWorkspace, + cfg: params.config, + reservedToolNames: [ + ...tools.map((tool) => tool.name), + ...(clientTools?.map((tool) => tool.function.name) ?? []), + ], + }) + : undefined; + const effectiveTools = + bundleMcpRuntime && bundleMcpRuntime.tools.length > 0 + ? [...tools, ...bundleMcpRuntime.tools] + : tools; const allowedToolNames = collectAllowedToolNames({ - tools, + tools: effectiveTools, clientTools, }); - logToolSchemasForGoogle({ tools, provider: params.provider }); + logToolSchemasForGoogle({ tools: effectiveTools, provider: params.provider }); const machineName = await getMachineDisplayName(); const runtimeChannel = normalizeMessageChannel(params.messageChannel ?? params.messageProvider); @@ -1649,6 +1666,9 @@ export async function runEmbeddedAttempt( }); const ttsHint = params.config ? buildTtsSystemPromptHint(params.config) : undefined; const ownerDisplay = resolveOwnerDisplaySetting(params.config); + const heartbeatPrompt = isDefaultAgent + ? resolveHeartbeatPrompt(params.config?.agents?.defaults?.heartbeat?.prompt) + : undefined; const appendPrompt = buildEmbeddedSystemPrompt({ workspaceDir: effectiveWorkspace, @@ -1659,9 +1679,7 @@ export async function runEmbeddedAttempt( ownerDisplay: ownerDisplay.ownerDisplay, ownerDisplaySecret: ownerDisplay.ownerDisplaySecret, reasoningTagHint, - heartbeatPrompt: isDefaultAgent - ? resolveHeartbeatPrompt(params.config?.agents?.defaults?.heartbeat?.prompt) - : undefined, + heartbeatPrompt, skillsPrompt, docsPath: docsPath ?? undefined, ttsHint, @@ -1672,13 +1690,12 @@ export async function runEmbeddedAttempt( runtimeInfo, messageToolHints, sandboxInfo, - tools, + tools: effectiveTools, modelAliasLines: buildModelAliasLines(params.config), userTimezone, userTime, userTimeFormat, contextFiles, - bootstrapTruncationWarningLines: bootstrapPromptWarning.lines, memoryCitationsMode: params.config?.memory?.citations, }); const systemPromptReport = buildSystemPromptReport({ @@ -1707,7 +1724,7 @@ export async function runEmbeddedAttempt( bootstrapFiles: hookAdjustedBootstrapFiles, injectedFiles: contextFiles, skillsPrompt, - tools, + tools: effectiveTools, }); const systemPromptOverride = createSystemPromptOverride(appendPrompt); let systemPromptText = systemPromptOverride(); @@ -1807,7 +1824,7 @@ export async function runEmbeddedAttempt( const hookRunner = getGlobalHookRunner(); const { builtInTools, customTools } = splitSdkTools({ - tools, + tools: effectiveTools, sandboxEnabled: !!sandbox?.enabled, }); @@ -2362,7 +2379,13 @@ export async function runEmbeddedAttempt( // Run before_prompt_build hooks to allow plugins to inject prompt context. // Legacy compatibility: before_agent_start is also checked for context fields. - let effectivePrompt = params.prompt; + let effectivePrompt = prependBootstrapPromptWarning( + params.prompt, + bootstrapPromptWarning.lines, + { + preserveExactPrompt: heartbeatPrompt, + }, + ); const hookCtx = { agentId: hookAgentId, sessionKey: params.sessionKey, @@ -2381,7 +2404,7 @@ export async function runEmbeddedAttempt( }); { if (hookResult?.prependContext) { - effectivePrompt = `${hookResult.prependContext}\n\n${params.prompt}`; + effectivePrompt = `${hookResult.prependContext}\n\n${effectivePrompt}`; log.debug( `hooks: prepended context to prompt (${hookResult.prependContext.length} chars)`, ); @@ -2867,6 +2890,7 @@ export async function runEmbeddedAttempt( }); session?.dispose(); releaseWsSession(params.sessionId); + await bundleMcpRuntime?.dispose(); await sessionLock.release(); } } finally { diff --git a/src/agents/pi-embedded-runner/run/compaction-retry-aggregate-timeout.test.ts b/src/agents/pi-embedded-runner/run/compaction-retry-aggregate-timeout.test.ts index 5e1088c3155..e5f02cecf0c 100644 --- a/src/agents/pi-embedded-runner/run/compaction-retry-aggregate-timeout.test.ts +++ b/src/agents/pi-embedded-runner/run/compaction-retry-aggregate-timeout.test.ts @@ -1,6 +1,10 @@ import { describe, expect, it, vi } from "vitest"; import { waitForCompactionRetryWithAggregateTimeout } from "./compaction-retry-aggregate-timeout.js"; +type AggregateTimeoutParams = Parameters[0]; +type TimeoutCallback = NonNullable; +type TimeoutCallbackMock = ReturnType>; + async function withFakeTimers(run: () => Promise) { vi.useFakeTimers(); try { @@ -11,7 +15,7 @@ async function withFakeTimers(run: () => Promise) { } } -function expectClearedTimeoutState(onTimeout: ReturnType, timedOut: boolean) { +function expectClearedTimeoutState(onTimeout: TimeoutCallbackMock, timedOut: boolean) { if (timedOut) { expect(onTimeout).toHaveBeenCalledTimes(1); } else { @@ -20,30 +24,39 @@ function expectClearedTimeoutState(onTimeout: ReturnType, timedOut expect(vi.getTimerCount()).toBe(0); } +function buildAggregateTimeoutParams( + overrides: Partial & + Pick, +): AggregateTimeoutParams & { onTimeout: TimeoutCallbackMock } { + const onTimeout = + (overrides.onTimeout as TimeoutCallbackMock | undefined) ?? vi.fn(); + return { + waitForCompactionRetry: overrides.waitForCompactionRetry, + abortable: overrides.abortable ?? (async (promise) => await promise), + aggregateTimeoutMs: overrides.aggregateTimeoutMs ?? 60_000, + isCompactionStillInFlight: overrides.isCompactionStillInFlight, + onTimeout, + }; +} + describe("waitForCompactionRetryWithAggregateTimeout", () => { it("times out and fires callback when compaction retry never resolves", async () => { await withFakeTimers(async () => { - const onTimeout = vi.fn(); const waitForCompactionRetry = vi.fn(async () => await new Promise(() => {})); + const params = buildAggregateTimeoutParams({ waitForCompactionRetry }); - const resultPromise = waitForCompactionRetryWithAggregateTimeout({ - waitForCompactionRetry, - abortable: async (promise) => await promise, - aggregateTimeoutMs: 60_000, - onTimeout, - }); + const resultPromise = waitForCompactionRetryWithAggregateTimeout(params); await vi.advanceTimersByTimeAsync(60_000); const result = await resultPromise; expect(result.timedOut).toBe(true); - expectClearedTimeoutState(onTimeout, true); + expectClearedTimeoutState(params.onTimeout, true); }); }); it("keeps waiting while compaction remains in flight", async () => { await withFakeTimers(async () => { - const onTimeout = vi.fn(); let compactionInFlight = true; const waitForCompactionRetry = vi.fn( async () => @@ -54,62 +67,52 @@ describe("waitForCompactionRetryWithAggregateTimeout", () => { }, 170_000); }), ); - - const resultPromise = waitForCompactionRetryWithAggregateTimeout({ + const params = buildAggregateTimeoutParams({ waitForCompactionRetry, - abortable: async (promise) => await promise, - aggregateTimeoutMs: 60_000, - onTimeout, isCompactionStillInFlight: () => compactionInFlight, }); + const resultPromise = waitForCompactionRetryWithAggregateTimeout(params); + await vi.advanceTimersByTimeAsync(170_000); const result = await resultPromise; expect(result.timedOut).toBe(false); - expectClearedTimeoutState(onTimeout, false); + expectClearedTimeoutState(params.onTimeout, false); }); }); it("times out after an idle timeout window", async () => { await withFakeTimers(async () => { - const onTimeout = vi.fn(); let compactionInFlight = true; const waitForCompactionRetry = vi.fn(async () => await new Promise(() => {})); setTimeout(() => { compactionInFlight = false; }, 90_000); - - const resultPromise = waitForCompactionRetryWithAggregateTimeout({ + const params = buildAggregateTimeoutParams({ waitForCompactionRetry, - abortable: async (promise) => await promise, - aggregateTimeoutMs: 60_000, - onTimeout, isCompactionStillInFlight: () => compactionInFlight, }); + const resultPromise = waitForCompactionRetryWithAggregateTimeout(params); + await vi.advanceTimersByTimeAsync(120_000); const result = await resultPromise; expect(result.timedOut).toBe(true); - expectClearedTimeoutState(onTimeout, true); + expectClearedTimeoutState(params.onTimeout, true); }); }); it("does not time out when compaction retry resolves", async () => { await withFakeTimers(async () => { - const onTimeout = vi.fn(); const waitForCompactionRetry = vi.fn(async () => {}); + const params = buildAggregateTimeoutParams({ waitForCompactionRetry }); - const result = await waitForCompactionRetryWithAggregateTimeout({ - waitForCompactionRetry, - abortable: async (promise) => await promise, - aggregateTimeoutMs: 60_000, - onTimeout, - }); + const result = await waitForCompactionRetryWithAggregateTimeout(params); expect(result.timedOut).toBe(false); - expectClearedTimeoutState(onTimeout, false); + expectClearedTimeoutState(params.onTimeout, false); }); }); @@ -117,21 +120,17 @@ describe("waitForCompactionRetryWithAggregateTimeout", () => { await withFakeTimers(async () => { const abortError = new Error("aborted"); abortError.name = "AbortError"; - const onTimeout = vi.fn(); const waitForCompactionRetry = vi.fn(async () => await new Promise(() => {})); + const params = buildAggregateTimeoutParams({ + waitForCompactionRetry, + abortable: async () => { + throw abortError; + }, + }); - await expect( - waitForCompactionRetryWithAggregateTimeout({ - waitForCompactionRetry, - abortable: async () => { - throw abortError; - }, - aggregateTimeoutMs: 60_000, - onTimeout, - }), - ).rejects.toThrow("aborted"); + await expect(waitForCompactionRetryWithAggregateTimeout(params)).rejects.toThrow("aborted"); - expectClearedTimeoutState(onTimeout, false); + expectClearedTimeoutState(params.onTimeout, false); }); }); }); diff --git a/src/agents/pi-embedded-runner/run/compaction-timeout.test.ts b/src/agents/pi-embedded-runner/run/compaction-timeout.test.ts index 3853e0ebd25..54d6320297c 100644 --- a/src/agents/pi-embedded-runner/run/compaction-timeout.test.ts +++ b/src/agents/pi-embedded-runner/run/compaction-timeout.test.ts @@ -7,6 +7,30 @@ import { shouldFlagCompactionTimeout, } from "./compaction-timeout.js"; +function expectSelectedSnapshot(params: { + currentSessionId: string; + currentSnapshot: Parameters[0]["currentSnapshot"]; + expectedSessionIdUsed: string; + expectedSnapshot: ReadonlyArray>; + expectedSource: "current" | "pre-compaction"; + preCompactionSessionId: string; + preCompactionSnapshot: Parameters< + typeof selectCompactionTimeoutSnapshot + >[0]["preCompactionSnapshot"]; + timedOutDuringCompaction: boolean; +}) { + const selected = selectCompactionTimeoutSnapshot({ + timedOutDuringCompaction: params.timedOutDuringCompaction, + preCompactionSnapshot: params.preCompactionSnapshot, + preCompactionSessionId: params.preCompactionSessionId, + currentSnapshot: params.currentSnapshot, + currentSessionId: params.currentSessionId, + }); + expect(selected.source).toBe(params.expectedSource); + expect(selected.sessionIdUsed).toBe(params.expectedSessionIdUsed); + expect(selected.messagesSnapshot).toEqual(params.expectedSnapshot); +} + describe("compaction-timeout helpers", () => { it("flags compaction timeout consistently for internal and external timeout sources", () => { const internalTimer = shouldFlagCompactionTimeout({ @@ -75,29 +99,29 @@ describe("compaction-timeout helpers", () => { it("uses pre-compaction snapshot when compaction timeout occurs", () => { const pre = [castAgentMessage({ role: "assistant", content: "pre" })] as const; const current = [castAgentMessage({ role: "assistant", content: "current" })] as const; - const selected = selectCompactionTimeoutSnapshot({ + expectSelectedSnapshot({ timedOutDuringCompaction: true, preCompactionSnapshot: [...pre], preCompactionSessionId: "session-pre", currentSnapshot: [...current], currentSessionId: "session-current", + expectedSource: "pre-compaction", + expectedSessionIdUsed: "session-pre", + expectedSnapshot: pre, }); - expect(selected.source).toBe("pre-compaction"); - expect(selected.sessionIdUsed).toBe("session-pre"); - expect(selected.messagesSnapshot).toEqual(pre); }); it("falls back to current snapshot when pre-compaction snapshot is unavailable", () => { const current = [castAgentMessage({ role: "assistant", content: "current" })] as const; - const selected = selectCompactionTimeoutSnapshot({ + expectSelectedSnapshot({ timedOutDuringCompaction: true, preCompactionSnapshot: null, preCompactionSessionId: "session-pre", currentSnapshot: [...current], currentSessionId: "session-current", + expectedSource: "current", + expectedSessionIdUsed: "session-current", + expectedSnapshot: current, }); - expect(selected.source).toBe("current"); - expect(selected.sessionIdUsed).toBe("session-current"); - expect(selected.messagesSnapshot).toEqual(current); }); }); diff --git a/src/agents/pi-embedded-runner/run/failover-observation.test.ts b/src/agents/pi-embedded-runner/run/failover-observation.test.ts index 763540f9ca7..71363915b46 100644 --- a/src/agents/pi-embedded-runner/run/failover-observation.test.ts +++ b/src/agents/pi-embedded-runner/run/failover-observation.test.ts @@ -1,21 +1,31 @@ import { describe, expect, it } from "vitest"; import { normalizeFailoverDecisionObservationBase } from "./failover-observation.js"; +function normalizeObservation( + overrides: Partial[0]>, +) { + return normalizeFailoverDecisionObservationBase({ + stage: "assistant", + runId: "run:base", + rawError: "", + failoverReason: null, + profileFailureReason: null, + provider: "openai", + model: "mock-1", + profileId: "openai:p1", + fallbackConfigured: false, + timedOut: false, + aborted: false, + ...overrides, + }); +} + describe("normalizeFailoverDecisionObservationBase", () => { it("fills timeout observation reasons for deadline timeouts without provider error text", () => { expect( - normalizeFailoverDecisionObservationBase({ - stage: "assistant", + normalizeObservation({ runId: "run:timeout", - rawError: "", - failoverReason: null, - profileFailureReason: null, - provider: "openai", - model: "mock-1", - profileId: "openai:p1", - fallbackConfigured: false, timedOut: true, - aborted: false, }), ).toMatchObject({ failoverReason: "timeout", @@ -26,18 +36,13 @@ describe("normalizeFailoverDecisionObservationBase", () => { it("preserves explicit failover reasons", () => { expect( - normalizeFailoverDecisionObservationBase({ - stage: "assistant", + normalizeObservation({ runId: "run:overloaded", rawError: '{"error":{"type":"overloaded_error"}}', failoverReason: "overloaded", profileFailureReason: "overloaded", - provider: "openai", - model: "mock-1", - profileId: "openai:p1", fallbackConfigured: true, timedOut: true, - aborted: false, }), ).toMatchObject({ failoverReason: "overloaded", diff --git a/src/agents/pi-embedded-runner/run/history-image-prune.test.ts b/src/agents/pi-embedded-runner/run/history-image-prune.test.ts index dbed0335435..03e532eda2e 100644 --- a/src/agents/pi-embedded-runner/run/history-image-prune.test.ts +++ b/src/agents/pi-embedded-runner/run/history-image-prune.test.ts @@ -4,6 +4,28 @@ import { describe, expect, it } from "vitest"; import { castAgentMessage } from "../../test-helpers/agent-message-fixtures.js"; import { PRUNED_HISTORY_IMAGE_MARKER, pruneProcessedHistoryImages } from "./history-image-prune.js"; +function expectArrayMessageContent( + message: AgentMessage | undefined, + errorMessage: string, +): Array<{ type: string; text?: string; data?: string }> { + if (!message || !("content" in message) || !Array.isArray(message.content)) { + throw new Error(errorMessage); + } + return message.content as Array<{ type: string; text?: string; data?: string }>; +} + +function expectPrunedImageMessage( + messages: AgentMessage[], + errorMessage: string, +): Array<{ type: string; text?: string; data?: string }> { + const didMutate = pruneProcessedHistoryImages(messages); + expect(didMutate).toBe(true); + const content = expectArrayMessageContent(messages[0], errorMessage); + expect(content).toHaveLength(2); + expect(content[1]).toMatchObject({ type: "text", text: PRUNED_HISTORY_IMAGE_MARKER }); + return content; +} + describe("pruneProcessedHistoryImages", () => { const image: ImageContent = { type: "image", data: "abc", mimeType: "image/png" }; @@ -19,15 +41,8 @@ describe("pruneProcessedHistoryImages", () => { }), ]; - const didMutate = pruneProcessedHistoryImages(messages); - - expect(didMutate).toBe(true); - const firstUser = messages[0] as Extract | undefined; - expect(Array.isArray(firstUser?.content)).toBe(true); - const content = firstUser?.content as Array<{ type: string; text?: string; data?: string }>; - expect(content).toHaveLength(2); + const content = expectPrunedImageMessage(messages, "expected user array content"); expect(content[0]?.type).toBe("text"); - expect(content[1]).toMatchObject({ type: "text", text: PRUNED_HISTORY_IMAGE_MARKER }); }); it("does not prune latest user message when no assistant response exists yet", () => { @@ -41,12 +56,9 @@ describe("pruneProcessedHistoryImages", () => { const didMutate = pruneProcessedHistoryImages(messages); expect(didMutate).toBe(false); - const first = messages[0] as Extract | undefined; - if (!first || !Array.isArray(first.content)) { - throw new Error("expected array content"); - } - expect(first.content).toHaveLength(2); - expect(first.content[1]).toMatchObject({ type: "image", data: "abc" }); + const content = expectArrayMessageContent(messages[0], "expected user array content"); + expect(content).toHaveLength(2); + expect(content[1]).toMatchObject({ type: "image", data: "abc" }); }); it("prunes image blocks from toolResult messages that already have assistant replies", () => { @@ -62,15 +74,7 @@ describe("pruneProcessedHistoryImages", () => { }), ]; - const didMutate = pruneProcessedHistoryImages(messages); - - expect(didMutate).toBe(true); - const firstTool = messages[0] as Extract | undefined; - if (!firstTool || !Array.isArray(firstTool.content)) { - throw new Error("expected toolResult array content"); - } - expect(firstTool.content).toHaveLength(2); - expect(firstTool.content[1]).toMatchObject({ type: "text", text: PRUNED_HISTORY_IMAGE_MARKER }); + expectPrunedImageMessage(messages, "expected toolResult array content"); }); it("does not change messages when no assistant turn exists", () => { diff --git a/src/agents/pi-embedded-runner/run/images.test.ts b/src/agents/pi-embedded-runner/run/images.test.ts index 8a879a1bb36..59b3673e90f 100644 --- a/src/agents/pi-embedded-runner/run/images.test.ts +++ b/src/agents/pi-embedded-runner/run/images.test.ts @@ -11,13 +11,34 @@ import { modelSupportsImages, } from "./images.js"; +function expectNoPromptImages(result: { detectedRefs: unknown[]; images: unknown[] }) { + expect(result.detectedRefs).toHaveLength(0); + expect(result.images).toHaveLength(0); +} + +function expectNoImageReferences(prompt: string) { + const refs = detectImageReferences(prompt); + expect(refs).toHaveLength(0); +} + +function expectImageReferenceCount(prompt: string, count: number) { + const refs = detectImageReferences(prompt); + expect(refs).toHaveLength(count); + return refs; +} + +function expectSingleImageReference(prompt: string) { + const refs = expectImageReferenceCount(prompt, 1); + return refs[0]; +} + describe("detectImageReferences", () => { it("detects absolute file paths with common extensions", () => { - const prompt = "Check this image /path/to/screenshot.png and tell me what you see"; - const refs = detectImageReferences(prompt); + const ref = expectSingleImageReference( + "Check this image /path/to/screenshot.png and tell me what you see", + ); - expect(refs).toHaveLength(1); - expect(refs[0]).toEqual({ + expect(ref).toEqual({ raw: "/path/to/screenshot.png", type: "path", resolved: "/path/to/screenshot.png", @@ -25,43 +46,38 @@ describe("detectImageReferences", () => { }); it("detects relative paths starting with ./", () => { - const prompt = "Look at ./images/photo.jpg"; - const refs = detectImageReferences(prompt); + const ref = expectSingleImageReference("Look at ./images/photo.jpg"); - expect(refs).toHaveLength(1); - expect(refs[0]?.raw).toBe("./images/photo.jpg"); - expect(refs[0]?.type).toBe("path"); + expect(ref?.raw).toBe("./images/photo.jpg"); + expect(ref?.type).toBe("path"); }); it("detects relative paths starting with ../", () => { - const prompt = "The file is at ../screenshots/test.jpeg"; - const refs = detectImageReferences(prompt); + const ref = expectSingleImageReference("The file is at ../screenshots/test.jpeg"); - expect(refs).toHaveLength(1); - expect(refs[0]?.raw).toBe("../screenshots/test.jpeg"); - expect(refs[0]?.type).toBe("path"); + expect(ref?.raw).toBe("../screenshots/test.jpeg"); + expect(ref?.type).toBe("path"); }); it("detects home directory paths starting with ~/", () => { - const prompt = "My photo is at ~/Pictures/vacation.png"; - const refs = detectImageReferences(prompt); + const ref = expectSingleImageReference("My photo is at ~/Pictures/vacation.png"); - expect(refs).toHaveLength(1); - expect(refs[0]?.raw).toBe("~/Pictures/vacation.png"); - expect(refs[0]?.type).toBe("path"); + expect(ref?.raw).toBe("~/Pictures/vacation.png"); + expect(ref?.type).toBe("path"); // Resolved path should expand ~ - expect(refs[0]?.resolved?.startsWith("~")).toBe(false); + expect(ref?.resolved?.startsWith("~")).toBe(false); }); it("detects multiple image references in a prompt", () => { - const prompt = ` + const refs = expectImageReferenceCount( + ` Compare these two images: 1. /home/user/photo1.png 2. https://mysite.com/photo2.jpg - `; - const refs = detectImageReferences(prompt); + `, + 1, + ); - expect(refs).toHaveLength(1); expect(refs.some((r) => r.type === "path")).toBe(true); }); @@ -76,121 +92,103 @@ describe("detectImageReferences", () => { }); it("deduplicates repeated image references", () => { - const prompt = "Look at /path/image.png and also /path/image.png again"; - const refs = detectImageReferences(prompt); - - expect(refs).toHaveLength(1); + expectImageReferenceCount("Look at /path/image.png and also /path/image.png again", 1); }); it("dedupe casing follows host filesystem conventions", () => { - const prompt = "Look at /tmp/Image.png and /tmp/image.png"; - const refs = detectImageReferences(prompt); - if (process.platform === "win32") { - expect(refs).toHaveLength(1); + expectImageReferenceCount("Look at /tmp/Image.png and /tmp/image.png", 1); return; } - expect(refs).toHaveLength(2); + expectImageReferenceCount("Look at /tmp/Image.png and /tmp/image.png", 2); }); it("returns empty array when no images found", () => { - const prompt = "Just some text without any image references"; - const refs = detectImageReferences(prompt); - - expect(refs).toHaveLength(0); + expectNoImageReferences("Just some text without any image references"); }); it("ignores non-image file extensions", () => { - const prompt = "Check /path/to/document.pdf and /code/file.ts"; - const refs = detectImageReferences(prompt); - - expect(refs).toHaveLength(0); + expectNoImageReferences("Check /path/to/document.pdf and /code/file.ts"); }); it("handles paths inside quotes (without spaces)", () => { - const prompt = 'The file is at "/path/to/image.png"'; - const refs = detectImageReferences(prompt); + const ref = expectSingleImageReference('The file is at "/path/to/image.png"'); - expect(refs).toHaveLength(1); - expect(refs[0]?.raw).toBe("/path/to/image.png"); + expect(ref?.raw).toBe("/path/to/image.png"); }); it("handles paths in parentheses", () => { - const prompt = "See the image (./screenshot.png) for details"; - const refs = detectImageReferences(prompt); + const ref = expectSingleImageReference("See the image (./screenshot.png) for details"); - expect(refs).toHaveLength(1); - expect(refs[0]?.raw).toBe("./screenshot.png"); + expect(ref?.raw).toBe("./screenshot.png"); }); it("detects [Image: source: ...] format from messaging systems", () => { - const prompt = `What does this image show? -[Image: source: /Users/tyleryust/Library/Messages/Attachments/IMG_0043.jpeg]`; - const refs = detectImageReferences(prompt); + const ref = expectSingleImageReference(`What does this image show? +[Image: source: /Users/tyleryust/Library/Messages/Attachments/IMG_0043.jpeg]`); - expect(refs).toHaveLength(1); - expect(refs[0]?.raw).toBe("/Users/tyleryust/Library/Messages/Attachments/IMG_0043.jpeg"); - expect(refs[0]?.type).toBe("path"); + expect(ref?.raw).toBe("/Users/tyleryust/Library/Messages/Attachments/IMG_0043.jpeg"); + expect(ref?.type).toBe("path"); }); it("handles complex message attachment paths", () => { - const prompt = `[Image: source: /Users/tyleryust/Library/Messages/Attachments/23/03/AA4726EA-DB27-4269-BA56-1436936CC134/5E3E286A-F585-4E5E-9043-5BC2AFAFD81BIMG_0043.jpeg]`; - const refs = detectImageReferences(prompt); + const ref = expectSingleImageReference( + "[Image: source: /Users/tyleryust/Library/Messages/Attachments/23/03/AA4726EA-DB27-4269-BA56-1436936CC134/5E3E286A-F585-4E5E-9043-5BC2AFAFD81BIMG_0043.jpeg]", + ); - expect(refs).toHaveLength(1); - expect(refs[0]?.resolved).toContain("IMG_0043.jpeg"); + expect(ref?.resolved).toContain("IMG_0043.jpeg"); }); it("detects multiple images in [media attached: ...] format", () => { // Multi-file format uses separate brackets on separate lines - const prompt = `[media attached: 2 files] + const refs = expectImageReferenceCount( + `[media attached: 2 files] [media attached 1/2: /Users/tyleryust/.openclaw/media/IMG_6430.jpeg (image/jpeg)] [media attached 2/2: /Users/tyleryust/.openclaw/media/IMG_6431.jpeg (image/jpeg)] -what about these images?`; - const refs = detectImageReferences(prompt); +what about these images?`, + 2, + ); - expect(refs).toHaveLength(2); expect(refs[0]?.resolved).toContain("IMG_6430.jpeg"); expect(refs[1]?.resolved).toContain("IMG_6431.jpeg"); }); it("does not double-count path and url in same bracket", () => { // Single file with URL (| separates path from url, not multiple files) - const prompt = `[media attached: /cache/IMG_6430.jpeg (image/jpeg) | /cache/IMG_6430.jpeg]`; - const refs = detectImageReferences(prompt); + const ref = expectSingleImageReference( + "[media attached: /cache/IMG_6430.jpeg (image/jpeg) | /cache/IMG_6430.jpeg]", + ); - expect(refs).toHaveLength(1); - expect(refs[0]?.resolved).toContain("IMG_6430.jpeg"); + expect(ref?.resolved).toContain("IMG_6430.jpeg"); }); it("ignores remote URLs entirely (local-only)", () => { - const prompt = `To send an image: MEDIA:https://example.com/image.jpg + const refs = expectImageReferenceCount( + `To send an image: MEDIA:https://example.com/image.jpg Here is my actual image: /path/to/real.png -Also https://cdn.mysite.com/img.jpg`; - const refs = detectImageReferences(prompt); +Also https://cdn.mysite.com/img.jpg`, + 1, + ); - expect(refs).toHaveLength(1); expect(refs[0]?.raw).toBe("/path/to/real.png"); }); it("handles single file format with URL (no index)", () => { - const prompt = `[media attached: /cache/photo.jpeg (image/jpeg) | https://example.com/url] -what is this?`; - const refs = detectImageReferences(prompt); + const ref = + expectSingleImageReference(`[media attached: /cache/photo.jpeg (image/jpeg) | https://example.com/url] +what is this?`); - expect(refs).toHaveLength(1); - expect(refs[0]?.resolved).toContain("photo.jpeg"); + expect(ref?.resolved).toContain("photo.jpeg"); }); it("handles paths with spaces in filename", () => { // URL after | is https, not a local path, so only the local path should be detected - const prompt = `[media attached: /Users/test/.openclaw/media/ChatGPT Image Apr 21, 2025.png (image/png) | https://example.com/same.png] -what is this?`; - const refs = detectImageReferences(prompt); + const ref = + expectSingleImageReference(`[media attached: /Users/test/.openclaw/media/ChatGPT Image Apr 21, 2025.png (image/png) | https://example.com/same.png] +what is this?`); // Only 1 ref - the local path (example.com URLs are skipped) - expect(refs).toHaveLength(1); - expect(refs[0]?.resolved).toContain("ChatGPT Image Apr 21, 2025.png"); + expect(ref?.resolved).toContain("ChatGPT Image Apr 21, 2025.png"); }); }); @@ -262,8 +260,7 @@ describe("detectAndLoadPromptImages", () => { existingImages: [{ type: "image", data: "abc", mimeType: "image/png" }], }); - expect(result.images).toHaveLength(0); - expect(result.detectedRefs).toHaveLength(0); + expectNoPromptImages(result); }); it("returns no detected refs when prompt has no image references", async () => { @@ -273,8 +270,7 @@ describe("detectAndLoadPromptImages", () => { model: { input: ["text", "image"] }, }); - expect(result.detectedRefs).toHaveLength(0); - expect(result.images).toHaveLength(0); + expectNoPromptImages(result); }); it("blocks prompt image refs outside workspace when sandbox workspaceOnly is enabled", async () => { diff --git a/src/agents/pi-embedded-runner/run/params.ts b/src/agents/pi-embedded-runner/run/params.ts index ba69d991dd9..f59bb8f27b5 100644 --- a/src/agents/pi-embedded-runner/run/params.ts +++ b/src/agents/pi-embedded-runner/run/params.ts @@ -1,11 +1,11 @@ import type { ImageContent } from "@mariozechner/pi-ai"; import type { ReasoningLevel, ThinkLevel, VerboseLevel } from "../../../auto-reply/thinking.js"; import type { ReplyPayload } from "../../../auto-reply/types.js"; -import type { AgentStreamParams } from "../../../commands/agent/types.js"; import type { OpenClawConfig } from "../../../config/config.js"; import type { enqueueCommand } from "../../../process/command-queue.js"; import type { InputProvenance } from "../../../sessions/input-provenance.js"; import type { ExecElevatedDefaults, ExecToolDefaults } from "../../bash-tools.js"; +import type { AgentStreamParams } from "../../command/types.js"; import type { BlockReplyPayload } from "../../pi-embedded-payloads.js"; import type { BlockReplyChunking, ToolResultFormat } from "../../pi-embedded-subscribe.js"; import type { SkillSnapshot } from "../../skills.js"; @@ -63,6 +63,8 @@ export type RunEmbeddedPiAgentParams = { requireExplicitMessageTarget?: boolean; /** If true, omit the message tool from the tool list. */ disableMessageTool?: boolean; + /** Allow runtime plugins for this run to late-bind the gateway subagent. */ + allowGatewaySubagentBinding?: boolean; sessionFile: string; workspaceDir: string; agentDir?: string; diff --git a/src/agents/pi-embedded-runner/run/payloads.errors.test.ts b/src/agents/pi-embedded-runner/run/payloads.errors.test.ts index a2e7873aedf..5aa8dfe7fd6 100644 --- a/src/agents/pi-embedded-runner/run/payloads.errors.test.ts +++ b/src/agents/pi-embedded-runner/run/payloads.errors.test.ts @@ -40,8 +40,25 @@ describe("buildEmbeddedRunPayloads", () => { expect(payloads[0]?.text).toBe(OVERLOADED_FALLBACK_TEXT); }; + function expectSinglePayloadSummary( + payloads: ReturnType, + expected: { text: string; isError?: boolean }, + ) { + expectSinglePayloadText(payloads, expected.text); + if (expected.isError === undefined) { + expect(payloads[0]?.isError).toBeUndefined(); + return; + } + expect(payloads[0]?.isError).toBe(expected.isError); + } + + function expectNoPayloads(params: Parameters[0]) { + const payloads = buildPayloads(params); + expect(payloads).toHaveLength(0); + } + function expectNoSyntheticCompletionForSession(sessionKey: string) { - const payloads = buildPayloads({ + expectNoPayloads({ sessionKey, toolMetas: [{ toolName: "write", meta: "/tmp/out.md" }], lastAssistant: makeAssistant({ @@ -50,7 +67,6 @@ describe("buildEmbeddedRunPayloads", () => { content: [], }), }); - expect(payloads).toHaveLength(0); } it("suppresses raw API error JSON when the assistant errored", () => { @@ -96,9 +112,10 @@ describe("buildEmbeddedRunPayloads", () => { model: "claude-3-5-sonnet", }); - expect(payloads).toHaveLength(1); - expect(payloads[0]?.text).toBe(formatBillingErrorMessage("Anthropic", "claude-3-5-sonnet")); - expect(payloads[0]?.isError).toBe(true); + expectSinglePayloadSummary(payloads, { + text: formatBillingErrorMessage("Anthropic", "claude-3-5-sonnet"), + isError: true, + }); }); it("does not emit a synthetic billing error for successful turns with stale errorMessage", () => { @@ -155,13 +172,11 @@ describe("buildEmbeddedRunPayloads", () => { }); it("does not add synthetic completion text when tools run without final assistant text", () => { - const payloads = buildPayloads({ + expectNoPayloads({ sessionKey: "agent:main:discord:direct:u123", toolMetas: [{ toolName: "write", meta: "/tmp/out.md" }], lastAssistant: makeStoppedAssistant(), }); - - expect(payloads).toHaveLength(0); }); it("does not add synthetic completion text for channel sessions", () => { @@ -173,7 +188,7 @@ describe("buildEmbeddedRunPayloads", () => { }); it("does not add synthetic completion text when messaging tool already delivered output", () => { - const payloads = buildPayloads({ + expectNoPayloads({ sessionKey: "agent:main:discord:direct:u123", toolMetas: [{ toolName: "message_send", meta: "sent to #ops" }], didSendViaMessagingTool: true, @@ -183,25 +198,19 @@ describe("buildEmbeddedRunPayloads", () => { content: [], }), }); - - expect(payloads).toHaveLength(0); }); it("does not add synthetic completion text when the run still has a tool error", () => { - const payloads = buildPayloads({ + expectNoPayloads({ toolMetas: [{ toolName: "browser", meta: "open https://example.com" }], lastToolError: { toolName: "browser", error: "url required" }, }); - - expect(payloads).toHaveLength(0); }); it("does not add synthetic completion text when no tools ran", () => { - const payloads = buildPayloads({ + expectNoPayloads({ lastAssistant: makeStoppedAssistant(), }); - - expect(payloads).toHaveLength(0); }); it("adds tool error fallback when the assistant only invoked tools and verbose mode is on", () => { @@ -246,52 +255,32 @@ describe("buildEmbeddedRunPayloads", () => { lastToolError: { toolName: "browser", error: "connection timeout" }, }); - expect(payloads).toHaveLength(1); - expect(payloads[0]?.isError).toBeUndefined(); - expect(payloads[0]?.text).toContain("recovered"); - }); - - it("suppresses recoverable tool errors containing 'required' for non-mutating tools", () => { - const payloads = buildPayloads({ - lastToolError: { toolName: "browser", error: "url required" }, + expectSinglePayloadSummary(payloads, { + text: "Checked the page and recovered with final answer.", }); - - // Recoverable errors should not be sent to the user - expect(payloads).toHaveLength(0); }); - it("suppresses recoverable tool errors containing 'missing' for non-mutating tools", () => { - const payloads = buildPayloads({ - lastToolError: { toolName: "browser", error: "url missing" }, - }); - - expect(payloads).toHaveLength(0); - }); - - it("suppresses recoverable tool errors containing 'invalid' for non-mutating tools", () => { - const payloads = buildPayloads({ - lastToolError: { toolName: "browser", error: "invalid parameter: url" }, - }); - - expect(payloads).toHaveLength(0); - }); + it.each(["url required", "url missing", "invalid parameter: url"])( + "suppresses recoverable non-mutating tool error: %s", + (error) => { + expectNoPayloads({ + lastToolError: { toolName: "browser", error }, + }); + }, + ); it("suppresses non-mutating non-recoverable tool errors when messages.suppressToolErrors is enabled", () => { - const payloads = buildPayloads({ + expectNoPayloads({ lastToolError: { toolName: "browser", error: "connection timeout" }, config: { messages: { suppressToolErrors: true } }, }); - - expect(payloads).toHaveLength(0); }); it("suppresses mutating tool errors when suppressToolErrorWarnings is enabled", () => { - const payloads = buildPayloads({ + expectNoPayloads({ lastToolError: { toolName: "exec", error: "command not found" }, suppressToolErrorWarnings: true, }); - - expect(payloads).toHaveLength(0); }); it.each([ @@ -350,8 +339,7 @@ describe("buildEmbeddedRunPayloads", () => { }, }); - expect(payloads).toHaveLength(1); - expect(payloads[0]?.text).toBe("Status loaded."); + expectSinglePayloadSummary(payloads, { text: "Status loaded." }); }); it("dedupes identical tool warning text already present in assistant output", () => { @@ -375,8 +363,7 @@ describe("buildEmbeddedRunPayloads", () => { }, }); - expect(payloads).toHaveLength(1); - expect(payloads[0]?.text).toBe(warningText); + expectSinglePayloadSummary(payloads, { text: warningText ?? "" }); }); it("includes non-recoverable tool error details when verbose mode is on", () => { diff --git a/src/agents/pi-embedded-runner/run/payloads.test.ts b/src/agents/pi-embedded-runner/run/payloads.test.ts index 6c81fb12150..5fa54d5f57c 100644 --- a/src/agents/pi-embedded-runner/run/payloads.test.ts +++ b/src/agents/pi-embedded-runner/run/payloads.test.ts @@ -2,13 +2,16 @@ import { describe, expect, it } from "vitest"; import { buildPayloads, expectSingleToolErrorPayload } from "./payloads.test-helpers.js"; describe("buildEmbeddedRunPayloads tool-error warnings", () => { + function expectNoPayloads(params: Parameters[0]) { + const payloads = buildPayloads(params); + expect(payloads).toHaveLength(0); + } + it("suppresses exec tool errors when verbose mode is off", () => { - const payloads = buildPayloads({ + expectNoPayloads({ lastToolError: { toolName: "exec", error: "command failed" }, verboseLevel: "off", }); - - expect(payloads).toHaveLength(0); }); it("shows exec tool errors when verbose mode is on", () => { @@ -61,34 +64,30 @@ describe("buildEmbeddedRunPayloads tool-error warnings", () => { }); }); - it("suppresses sessions_send errors to avoid leaking transient relay failures", () => { - const payloads = buildPayloads({ + it.each([ + { + name: "default relay failure", lastToolError: { toolName: "sessions_send", error: "delivery timeout" }, - verboseLevel: "on", - }); - - expect(payloads).toHaveLength(0); - }); - - it("suppresses sessions_send errors even when marked mutating", () => { - const payloads = buildPayloads({ + }, + { + name: "mutating relay failure", lastToolError: { toolName: "sessions_send", error: "delivery timeout", mutatingAction: true, }, + }, + ])("suppresses sessions_send errors for $name", ({ lastToolError }) => { + expectNoPayloads({ + lastToolError, verboseLevel: "on", }); - - expect(payloads).toHaveLength(0); }); it("suppresses assistant text when a deterministic exec approval prompt was already delivered", () => { - const payloads = buildPayloads({ + expectNoPayloads({ assistantTexts: ["Approval is needed. Please run /approve abc allow-once"], didSendDeterministicApprovalPrompt: true, }); - - expect(payloads).toHaveLength(0); }); }); diff --git a/src/agents/pi-embedded-runner/runs.test.ts b/src/agents/pi-embedded-runner/runs.test.ts index 3a4eb6d3743..82baac1ca1e 100644 --- a/src/agents/pi-embedded-runner/runs.test.ts +++ b/src/agents/pi-embedded-runner/runs.test.ts @@ -10,6 +10,20 @@ import { waitForActiveEmbeddedRuns, } from "./runs.js"; +type RunHandle = Parameters[1]; + +function createRunHandle( + overrides: { isCompacting?: boolean; abort?: () => void } = {}, +): RunHandle { + const abort = overrides.abort ?? (() => {}); + return { + queueMessage: async () => {}, + isStreaming: () => true, + isCompacting: () => overrides.isCompacting ?? false, + abort, + }; +} + describe("pi-embedded runner run registry", () => { afterEach(() => { __testing.resetActiveEmbeddedRuns(); @@ -20,19 +34,12 @@ describe("pi-embedded runner run registry", () => { const abortCompacting = vi.fn(); const abortNormal = vi.fn(); - setActiveEmbeddedRun("session-compacting", { - queueMessage: async () => {}, - isStreaming: () => true, - isCompacting: () => true, - abort: abortCompacting, - }); + setActiveEmbeddedRun( + "session-compacting", + createRunHandle({ isCompacting: true, abort: abortCompacting }), + ); - setActiveEmbeddedRun("session-normal", { - queueMessage: async () => {}, - isStreaming: () => true, - isCompacting: () => false, - abort: abortNormal, - }); + setActiveEmbeddedRun("session-normal", createRunHandle({ abort: abortNormal })); const aborted = abortEmbeddedPiRun(undefined, { mode: "compacting" }); expect(aborted).toBe(true); @@ -44,19 +51,9 @@ describe("pi-embedded runner run registry", () => { const abortA = vi.fn(); const abortB = vi.fn(); - setActiveEmbeddedRun("session-a", { - queueMessage: async () => {}, - isStreaming: () => true, - isCompacting: () => true, - abort: abortA, - }); + setActiveEmbeddedRun("session-a", createRunHandle({ isCompacting: true, abort: abortA })); - setActiveEmbeddedRun("session-b", { - queueMessage: async () => {}, - isStreaming: () => true, - isCompacting: () => false, - abort: abortB, - }); + setActiveEmbeddedRun("session-b", createRunHandle({ abort: abortB })); const aborted = abortEmbeddedPiRun(undefined, { mode: "all" }); expect(aborted).toBe(true); @@ -67,12 +64,7 @@ describe("pi-embedded runner run registry", () => { it("waits for active runs to drain", async () => { vi.useFakeTimers(); try { - const handle = { - queueMessage: async () => {}, - isStreaming: () => true, - isCompacting: () => false, - abort: vi.fn(), - }; + const handle = createRunHandle(); setActiveEmbeddedRun("session-a", handle); setTimeout(() => { clearActiveEmbeddedRun("session-a", handle); @@ -92,12 +84,7 @@ describe("pi-embedded runner run registry", () => { it("returns drained=false when timeout elapses", async () => { vi.useFakeTimers(); try { - setActiveEmbeddedRun("session-a", { - queueMessage: async () => {}, - isStreaming: () => true, - isCompacting: () => false, - abort: vi.fn(), - }); + setActiveEmbeddedRun("session-a", createRunHandle()); const waitPromise = waitForActiveEmbeddedRuns(1_000, { pollMs: 100 }); await vi.advanceTimersByTimeAsync(1_000); @@ -118,12 +105,7 @@ describe("pi-embedded runner run registry", () => { import.meta.url, "./runs.js?scope=shared-b", ); - const handle = { - queueMessage: async () => {}, - isStreaming: () => true, - isCompacting: () => false, - abort: vi.fn(), - }; + const handle = createRunHandle(); runsA.__testing.resetActiveEmbeddedRuns(); runsB.__testing.resetActiveEmbeddedRuns(); @@ -141,12 +123,7 @@ describe("pi-embedded runner run registry", () => { }); it("tracks and clears per-session transcript snapshots for active runs", () => { - const handle = { - queueMessage: async () => {}, - isStreaming: () => true, - isCompacting: () => false, - abort: vi.fn(), - }; + const handle = createRunHandle(); setActiveEmbeddedRun("session-snapshot", handle); updateActiveEmbeddedRunSnapshot("session-snapshot", { diff --git a/src/agents/pi-embedded-runner/skills-runtime.integration.test.ts b/src/agents/pi-embedded-runner/skills-runtime.integration.test.ts index 8d42b061b81..437b021cdd7 100644 --- a/src/agents/pi-embedded-runner/skills-runtime.integration.test.ts +++ b/src/agents/pi-embedded-runner/skills-runtime.integration.test.ts @@ -31,6 +31,14 @@ async function setupBundledDiffsPlugin() { return { bundledPluginsDir, workspaceDir }; } +async function resolveBundledDiffsSkillEntries(config?: OpenClawConfig) { + const { bundledPluginsDir, workspaceDir } = await setupBundledDiffsPlugin(); + process.env.OPENCLAW_BUNDLED_PLUGINS_DIR = bundledPluginsDir; + clearPluginManifestRegistryCache(); + + return resolveEmbeddedRunSkillEntries({ workspaceDir, ...(config ? { config } : {}) }); +} + afterEach(async () => { process.env.OPENCLAW_BUNDLED_PLUGINS_DIR = originalBundledDir; clearPluginManifestRegistryCache(); @@ -41,10 +49,6 @@ afterEach(async () => { describe("resolveEmbeddedRunSkillEntries (integration)", () => { it("loads bundled diffs skill when explicitly enabled in config", async () => { - const { bundledPluginsDir, workspaceDir } = await setupBundledDiffsPlugin(); - process.env.OPENCLAW_BUNDLED_PLUGINS_DIR = bundledPluginsDir; - clearPluginManifestRegistryCache(); - const config: OpenClawConfig = { plugins: { entries: { @@ -53,23 +57,14 @@ describe("resolveEmbeddedRunSkillEntries (integration)", () => { }, }; - const result = resolveEmbeddedRunSkillEntries({ - workspaceDir, - config, - }); + const result = await resolveBundledDiffsSkillEntries(config); expect(result.shouldLoadSkillEntries).toBe(true); expect(result.skillEntries.map((entry) => entry.skill.name)).toContain("diffs"); }); it("skips bundled diffs skill when config is missing", async () => { - const { bundledPluginsDir, workspaceDir } = await setupBundledDiffsPlugin(); - process.env.OPENCLAW_BUNDLED_PLUGINS_DIR = bundledPluginsDir; - clearPluginManifestRegistryCache(); - - const result = resolveEmbeddedRunSkillEntries({ - workspaceDir, - }); + const result = await resolveBundledDiffsSkillEntries(); expect(result.shouldLoadSkillEntries).toBe(true); expect(result.skillEntries.map((entry) => entry.skill.name)).not.toContain("diffs"); diff --git a/src/agents/pi-embedded-runner/system-prompt.test.ts b/src/agents/pi-embedded-runner/system-prompt.test.ts index 355b2c67ae9..b50565eb738 100644 --- a/src/agents/pi-embedded-runner/system-prompt.test.ts +++ b/src/agents/pi-embedded-runner/system-prompt.test.ts @@ -2,50 +2,63 @@ import type { AgentSession } from "@mariozechner/pi-coding-agent"; import { describe, expect, it, vi } from "vitest"; import { applySystemPromptOverrideToSession, createSystemPromptOverride } from "./system-prompt.js"; -function createMockSession() { - const setSystemPrompt = vi.fn(); +type MutableSession = { + _baseSystemPrompt?: string; + _rebuildSystemPrompt?: (toolNames: string[]) => string; +}; + +type MockSession = MutableSession & { + agent: { + setSystemPrompt: ReturnType; + }; +}; + +function createMockSession(): { + session: MockSession; + setSystemPrompt: ReturnType; +} { + const setSystemPrompt = vi.fn<(prompt: string) => void>(); const session = { agent: { setSystemPrompt }, - } as unknown as AgentSession; + } as MockSession; return { session, setSystemPrompt }; } +function applyAndGetMutableSession( + prompt: Parameters[1], +) { + const { session, setSystemPrompt } = createMockSession(); + applySystemPromptOverrideToSession(session as unknown as AgentSession, prompt); + return { + mutable: session, + setSystemPrompt, + }; +} + describe("applySystemPromptOverrideToSession", () => { it("applies a string override to the session system prompt", () => { - const { session, setSystemPrompt } = createMockSession(); const prompt = "You are a helpful assistant with custom context."; - - applySystemPromptOverrideToSession(session, prompt); + const { mutable, setSystemPrompt } = applyAndGetMutableSession(prompt); expect(setSystemPrompt).toHaveBeenCalledWith(prompt); - const mutable = session as unknown as { _baseSystemPrompt?: string }; expect(mutable._baseSystemPrompt).toBe(prompt); }); it("trims whitespace from string overrides", () => { - const { session, setSystemPrompt } = createMockSession(); - - applySystemPromptOverrideToSession(session, " padded prompt "); + const { setSystemPrompt } = applyAndGetMutableSession(" padded prompt "); expect(setSystemPrompt).toHaveBeenCalledWith("padded prompt"); }); it("applies a function override to the session system prompt", () => { - const { session, setSystemPrompt } = createMockSession(); const override = createSystemPromptOverride("function-based prompt"); - - applySystemPromptOverrideToSession(session, override); + const { setSystemPrompt } = applyAndGetMutableSession(override); expect(setSystemPrompt).toHaveBeenCalledWith("function-based prompt"); }); it("sets _rebuildSystemPrompt that returns the override", () => { - const { session } = createMockSession(); - applySystemPromptOverrideToSession(session, "rebuild test"); - - const mutable = session as unknown as { - _rebuildSystemPrompt?: (toolNames: string[]) => string; - }; + const { mutable } = applyAndGetMutableSession("rebuild test"); expect(mutable._rebuildSystemPrompt?.(["tool1"])).toBe("rebuild test"); }); }); diff --git a/src/agents/pi-embedded-runner/system-prompt.ts b/src/agents/pi-embedded-runner/system-prompt.ts index ac2662f127f..ef246d1af23 100644 --- a/src/agents/pi-embedded-runner/system-prompt.ts +++ b/src/agents/pi-embedded-runner/system-prompt.ts @@ -51,7 +51,6 @@ export function buildEmbeddedSystemPrompt(params: { userTime?: string; userTimeFormat?: ResolvedTimeFormat; contextFiles?: EmbeddedContextFile[]; - bootstrapTruncationWarningLines?: string[]; memoryCitationsMode?: MemoryCitationsMode; }): string { return buildAgentSystemPrompt({ @@ -81,7 +80,6 @@ export function buildEmbeddedSystemPrompt(params: { userTime: params.userTime, userTimeFormat: params.userTimeFormat, contextFiles: params.contextFiles, - bootstrapTruncationWarningLines: params.bootstrapTruncationWarningLines, memoryCitationsMode: params.memoryCitationsMode, }); } diff --git a/src/agents/pi-embedded-runner/thinking.test.ts b/src/agents/pi-embedded-runner/thinking.test.ts index 6a2481748a1..e3d0a8291b6 100644 --- a/src/agents/pi-embedded-runner/thinking.test.ts +++ b/src/agents/pi-embedded-runner/thinking.test.ts @@ -3,6 +3,22 @@ import { describe, expect, it } from "vitest"; import { castAgentMessage } from "../test-helpers/agent-message-fixtures.js"; import { dropThinkingBlocks, isAssistantMessageWithContent } from "./thinking.js"; +function dropSingleAssistantContent(content: Array>) { + const messages: AgentMessage[] = [ + castAgentMessage({ + role: "assistant", + content, + }), + ]; + + const result = dropThinkingBlocks(messages); + return { + assistant: result[0] as Extract, + messages, + result, + }; +} + describe("isAssistantMessageWithContent", () => { it("accepts assistant messages with array content and rejects others", () => { const assistant = castAgentMessage({ @@ -30,32 +46,18 @@ describe("dropThinkingBlocks", () => { }); it("drops thinking blocks while preserving non-thinking assistant content", () => { - const messages: AgentMessage[] = [ - castAgentMessage({ - role: "assistant", - content: [ - { type: "thinking", thinking: "internal" }, - { type: "text", text: "final" }, - ], - }), - ]; - - const result = dropThinkingBlocks(messages); - const assistant = result[0] as Extract; + const { assistant, messages, result } = dropSingleAssistantContent([ + { type: "thinking", thinking: "internal" }, + { type: "text", text: "final" }, + ]); expect(result).not.toBe(messages); expect(assistant.content).toEqual([{ type: "text", text: "final" }]); }); it("keeps assistant turn structure when all content blocks were thinking", () => { - const messages: AgentMessage[] = [ - castAgentMessage({ - role: "assistant", - content: [{ type: "thinking", thinking: "internal-only" }], - }), - ]; - - const result = dropThinkingBlocks(messages); - const assistant = result[0] as Extract; + const { assistant } = dropSingleAssistantContent([ + { type: "thinking", thinking: "internal-only" }, + ]); expect(assistant.content).toEqual([{ type: "text", text: "" }]); }); }); diff --git a/src/agents/pi-embedded-runner/tool-result-context-guard.test.ts b/src/agents/pi-embedded-runner/tool-result-context-guard.test.ts index df50558e951..9f265d3b56e 100644 --- a/src/agents/pi-embedded-runner/tool-result-context-guard.test.ts +++ b/src/agents/pi-embedded-runner/tool-result-context-guard.test.ts @@ -3,6 +3,7 @@ import { describe, expect, it } from "vitest"; import { castAgentMessage } from "../test-helpers/agent-message-fixtures.js"; import { CONTEXT_LIMIT_TRUNCATION_NOTICE, + PREEMPTIVE_CONTEXT_OVERFLOW_MESSAGE, PREEMPTIVE_TOOL_RESULT_COMPACTION_PLACEHOLDER, installToolResultContextGuard, } from "./tool-result-context-guard.js"; @@ -268,4 +269,63 @@ describe("installToolResultContextGuard", () => { expect(oldResult.details).toBeUndefined(); expect(newResult.details).toBeUndefined(); }); + + it("throws preemptive context overflow when context exceeds 90% after tool-result compaction", async () => { + const agent = makeGuardableAgent(); + + installToolResultContextGuard({ + agent, + // contextBudgetChars = 1000 * 4 * 0.75 = 3000 + // preemptiveOverflowChars = 1000 * 4 * 0.9 = 3600 + contextWindowTokens: 1_000, + }); + + // Large user message (non-compactable) pushes context past 90% threshold. + const contextForNextCall = [makeUser("u".repeat(3_700)), makeToolResult("call_1", "small")]; + + await expect( + agent.transformContext?.(contextForNextCall, new AbortController().signal), + ).rejects.toThrow(PREEMPTIVE_CONTEXT_OVERFLOW_MESSAGE); + }); + + it("does not throw when context is under 90% after tool-result compaction", async () => { + const agent = makeGuardableAgent(); + + installToolResultContextGuard({ + agent, + contextWindowTokens: 1_000, + }); + + // Context well under the 3600-char preemptive threshold. + const contextForNextCall = [makeUser("u".repeat(1_000)), makeToolResult("call_1", "small")]; + + await expect( + agent.transformContext?.(contextForNextCall, new AbortController().signal), + ).resolves.not.toThrow(); + }); + + it("compacts tool results before checking the preemptive overflow threshold", async () => { + const agent = makeGuardableAgent(); + + installToolResultContextGuard({ + agent, + contextWindowTokens: 1_000, + }); + + // Large user message + large tool result. The guard should compact the tool + // result first, then check the overflow threshold. Even after compaction the + // user content alone pushes past 90%, so the overflow error fires. + const contextForNextCall = [ + makeUser("u".repeat(3_700)), + makeToolResult("call_old", "x".repeat(2_000)), + ]; + + await expect( + agent.transformContext?.(contextForNextCall, new AbortController().signal), + ).rejects.toThrow(PREEMPTIVE_CONTEXT_OVERFLOW_MESSAGE); + + // Tool result should have been compacted before the overflow check. + const toolResultText = getToolResultText(contextForNextCall[1]); + expect(toolResultText).toBe(PREEMPTIVE_TOOL_RESULT_COMPACTION_PLACEHOLDER); + }); }); diff --git a/src/agents/pi-embedded-runner/tool-result-context-guard.ts b/src/agents/pi-embedded-runner/tool-result-context-guard.ts index 4a3d3482421..1ab23ede3cf 100644 --- a/src/agents/pi-embedded-runner/tool-result-context-guard.ts +++ b/src/agents/pi-embedded-runner/tool-result-context-guard.ts @@ -14,6 +14,9 @@ import { // Keep a conservative input budget to absorb tokenizer variance and provider framing overhead. const CONTEXT_INPUT_HEADROOM_RATIO = 0.75; const SINGLE_TOOL_RESULT_CONTEXT_SHARE = 0.5; +// High-water mark: if context exceeds this ratio after tool-result compaction, +// trigger full session compaction via the existing overflow recovery cascade. +const PREEMPTIVE_OVERFLOW_RATIO = 0.9; export const CONTEXT_LIMIT_TRUNCATION_NOTICE = "[truncated: output exceeded context limit]"; const CONTEXT_LIMIT_TRUNCATION_SUFFIX = `\n${CONTEXT_LIMIT_TRUNCATION_NOTICE}`; @@ -21,6 +24,9 @@ const CONTEXT_LIMIT_TRUNCATION_SUFFIX = `\n${CONTEXT_LIMIT_TRUNCATION_NOTICE}`; export const PREEMPTIVE_TOOL_RESULT_COMPACTION_PLACEHOLDER = "[compacted: tool output removed to free context]"; +export const PREEMPTIVE_CONTEXT_OVERFLOW_MESSAGE = + "Preemptive context overflow: estimated context size exceeds safe threshold during tool loop"; + type GuardableTransformContext = ( messages: AgentMessage[], signal: AbortSignal, @@ -196,6 +202,10 @@ export function installToolResultContextGuard(params: { contextWindowTokens * TOOL_RESULT_CHARS_PER_TOKEN_ESTIMATE * SINGLE_TOOL_RESULT_CONTEXT_SHARE, ), ); + const preemptiveOverflowChars = Math.max( + contextBudgetChars, + Math.floor(contextWindowTokens * CHARS_PER_TOKEN_ESTIMATE * PREEMPTIVE_OVERFLOW_RATIO), + ); // Agent.transformContext is private in pi-coding-agent, so access it via a // narrow runtime view to keep callsites type-safe while preserving behavior. @@ -214,6 +224,18 @@ export function installToolResultContextGuard(params: { maxSingleToolResultChars, }); + // After tool-result compaction, check if context still exceeds the high-water mark. + // If it does, non-tool-result content dominates and only full LLM-based session + // compaction can reduce context size. Throwing a context overflow error triggers + // the existing overflow recovery cascade in run.ts. + const postEnforcementChars = estimateContextChars( + contextMessages, + createMessageCharEstimateCache(), + ); + if (postEnforcementChars > preemptiveOverflowChars) { + throw new Error(PREEMPTIVE_CONTEXT_OVERFLOW_MESSAGE); + } + return contextMessages; }) as GuardableTransformContext; diff --git a/src/agents/pi-embedded-runner/tool-result-truncation.test.ts b/src/agents/pi-embedded-runner/tool-result-truncation.test.ts index 2dce36ed076..b65ed0a65e8 100644 --- a/src/agents/pi-embedded-runner/tool-result-truncation.test.ts +++ b/src/agents/pi-embedded-runner/tool-result-truncation.test.ts @@ -44,6 +44,14 @@ function makeAssistantMessage(text: string): AssistantMessage { }); } +function getFirstToolResultText(message: AgentMessage | ToolResultMessage): string { + if (message.role !== "toolResult") { + return ""; + } + const firstBlock = message.content[0]; + return firstBlock && "text" in firstBlock ? firstBlock.text : ""; +} + describe("truncateToolResultText", () => { it("returns text unchanged when under limit", () => { const text = "hello world"; @@ -134,12 +142,7 @@ describe("truncateToolResultMessage", () => { if (result.role !== "toolResult") { throw new Error("expected toolResult"); } - - const firstBlock = result.content[0]; - expect(firstBlock?.type).toBe("text"); - expect(firstBlock && "text" in firstBlock ? firstBlock.text : "").toContain( - "[persist-truncated]", - ); + expect(getFirstToolResultText(result)).toContain("[persist-truncated]"); }); }); @@ -209,10 +212,7 @@ describe("truncateOversizedToolResultsInMessages", () => { expect(truncatedCount).toBe(1); const toolResult = result[2]; expect(toolResult?.role).toBe("toolResult"); - const firstBlock = - toolResult && toolResult.role === "toolResult" ? toolResult.content[0] : undefined; - expect(firstBlock?.type).toBe("text"); - const text = firstBlock && "text" in firstBlock ? firstBlock.text : ""; + const text = toolResult ? getFirstToolResultText(toolResult) : ""; expect(text.length).toBeLessThan(bigContent.length); expect(text).toContain("truncated"); }); @@ -242,8 +242,7 @@ describe("truncateOversizedToolResultsInMessages", () => { expect(truncatedCount).toBe(2); for (const msg of result.slice(2)) { expect(msg.role).toBe("toolResult"); - const firstBlock = msg.role === "toolResult" ? msg.content[0] : undefined; - const text = firstBlock && "text" in firstBlock ? firstBlock.text : ""; + const text = getFirstToolResultText(msg); expect(text.length).toBeLessThan(500_000); } }); diff --git a/src/agents/pi-embedded-runner/usage-reporting.test.ts b/src/agents/pi-embedded-runner/usage-reporting.test.ts index ebab56a841b..7c29c5f99cf 100644 --- a/src/agents/pi-embedded-runner/usage-reporting.test.ts +++ b/src/agents/pi-embedded-runner/usage-reporting.test.ts @@ -45,6 +45,39 @@ describe("runEmbeddedPiAgent usage reporting", () => { }); }); + it("forwards gateway subagent binding opt-in to runtime plugin bootstrap", async () => { + mockedRunEmbeddedAttempt.mockResolvedValueOnce({ + aborted: false, + promptError: null, + timedOut: false, + sessionIdUsed: "test-session", + assistantTexts: ["Response 1"], + // eslint-disable-next-line @typescript-eslint/no-explicit-any + } as any); + + await runEmbeddedPiAgent({ + sessionId: "test-session", + sessionKey: "test-key", + sessionFile: "/tmp/session.json", + workspaceDir: "/tmp/workspace", + prompt: "hello", + timeoutMs: 30000, + runId: "run-gateway-bind", + allowGatewaySubagentBinding: true, + }); + + expect(runtimePluginMocks.ensureRuntimePluginsLoaded).toHaveBeenCalledWith({ + config: undefined, + workspaceDir: "/tmp/workspace", + allowGatewaySubagentBinding: true, + }); + expect(mockedRunEmbeddedAttempt).toHaveBeenCalledWith( + expect.objectContaining({ + allowGatewaySubagentBinding: true, + }), + ); + }); + it("forwards sender identity fields into embedded attempts", async () => { mockedRunEmbeddedAttempt.mockResolvedValueOnce({ aborted: false, diff --git a/src/agents/pi-embedded-subscribe.handlers.compaction.ts b/src/agents/pi-embedded-subscribe.handlers.compaction.ts index 7b9c4499eff..f0717f140cf 100644 --- a/src/agents/pi-embedded-subscribe.handlers.compaction.ts +++ b/src/agents/pi-embedded-subscribe.handlers.compaction.ts @@ -80,8 +80,9 @@ export function handleAutoCompactionEnd( { messageCount: ctx.params.session.messages?.length ?? 0, compactedCount: ctx.getCompactionCount(), + sessionFile: ctx.params.session.sessionFile, }, - {}, + { sessionKey: ctx.params.sessionKey }, ) .catch((err) => { ctx.log.warn(`after_compaction hook failed: ${String(err)}`); diff --git a/src/agents/pi-embedded-subscribe.tools.media.test.ts b/src/agents/pi-embedded-subscribe.tools.media.test.ts index a07ed71473d..7cf51bb7c1c 100644 --- a/src/agents/pi-embedded-subscribe.tools.media.test.ts +++ b/src/agents/pi-embedded-subscribe.tools.media.test.ts @@ -1,5 +1,8 @@ import { describe, expect, it } from "vitest"; -import { extractToolResultMediaPaths } from "./pi-embedded-subscribe.tools.js"; +import { + extractToolResultMediaPaths, + isToolResultMediaTrusted, +} from "./pi-embedded-subscribe.tools.js"; describe("extractToolResultMediaPaths", () => { it("returns empty array for null/undefined", () => { @@ -229,4 +232,8 @@ describe("extractToolResultMediaPaths", () => { }; expect(extractToolResultMediaPaths(result)).toEqual(["/tmp/page1.png", "/tmp/page2.png"]); }); + + it("trusts image_generate local MEDIA paths", () => { + expect(isToolResultMediaTrusted("image_generate")).toBe(true); + }); }); diff --git a/src/agents/pi-embedded-subscribe.tools.ts b/src/agents/pi-embedded-subscribe.tools.ts index 08a5e5f80c4..925f56fa6ee 100644 --- a/src/agents/pi-embedded-subscribe.tools.ts +++ b/src/agents/pi-embedded-subscribe.tools.ts @@ -142,6 +142,7 @@ const TRUSTED_TOOL_RESULT_MEDIA = new Set([ "exec", "gateway", "image", + "image_generate", "memory_get", "memory_search", "message", diff --git a/src/agents/pi-extensions/compaction-safeguard.test.ts b/src/agents/pi-extensions/compaction-safeguard.test.ts index 882099f3569..509bbdd25b2 100644 --- a/src/agents/pi-extensions/compaction-safeguard.test.ts +++ b/src/agents/pi-extensions/compaction-safeguard.test.ts @@ -138,10 +138,31 @@ async function runCompactionScenario(params: { }); const result = (await compactionHandler(params.event, mockContext)) as { cancel?: boolean; + compaction?: { + summary: string; + firstKeptEntryId: string; + tokensBefore: number; + }; }; return { result, getApiKeyMock }; } +function expectCompactionResult(result: { + cancel?: boolean; + compaction?: { + summary: string; + firstKeptEntryId: string; + tokensBefore: number; + }; +}) { + expect(result.cancel).not.toBe(true); + expect(result.compaction).toBeDefined(); + if (!result.compaction) { + throw new Error("Expected compaction result"); + } + return result.compaction; +} + describe("compaction-safeguard tool failures", () => { it("formats tool failures with meta and summary", () => { const messages: AgentMessage[] = [ @@ -1524,10 +1545,117 @@ describe("compaction-safeguard double-compaction guard", () => { event: mockEvent, apiKey: "sk-test", // pragma: allowlist secret }); - expect(result).toEqual({ cancel: true }); + const compaction = expectCompactionResult(result); + // After fix for #41981: returns a compaction result (not cancel) to write + // a boundary entry and break the re-trigger loop. + // buildStructuredFallbackSummary(undefined) produces a minimal structured summary + expect(compaction.summary).toContain("## Decisions"); + expect(compaction.summary).toContain("No prior history."); + expect(compaction.summary).toContain("## Open TODOs"); + expect(compaction.firstKeptEntryId).toBe("entry-1"); + expect(compaction.tokensBefore).toBe(1500); expect(getApiKeyMock).not.toHaveBeenCalled(); }); + it("returns compaction result with structured fallback summary sections", async () => { + const sessionManager = stubSessionManager(); + const model = createAnthropicModelFixture(); + setCompactionSafeguardRuntime(sessionManager, { model }); + + const mockEvent = { + preparation: { + messagesToSummarize: [] as AgentMessage[], + turnPrefixMessages: [] as AgentMessage[], + firstKeptEntryId: "entry-2", + tokensBefore: 2000, + previousSummary: "## Decisions\nUsed approach A.", + fileOps: { read: [], edited: [], written: [] }, + settings: { reserveTokens: 16384 }, + }, + customInstructions: "", + signal: new AbortController().signal, + }; + const { result } = await runCompactionScenario({ + sessionManager, + event: mockEvent, + apiKey: "sk-test", // pragma: allowlist secret + }); + const compaction = expectCompactionResult(result); + // Fallback preserves previous summary when it has required sections + expect(compaction.summary).toContain("## Decisions"); + expect(compaction.summary).toContain("## Open TODOs"); + expect(compaction.firstKeptEntryId).toBe("entry-2"); + }); + + it("writes boundary again on repeated empty preparation (no cancel loop after new assistant message)", async () => { + const sessionManager = stubSessionManager(); + const model = createAnthropicModelFixture(); + setCompactionSafeguardRuntime(sessionManager, { model }); + + const mockEvent = { + preparation: { + messagesToSummarize: [] as AgentMessage[], + turnPrefixMessages: [] as AgentMessage[], + firstKeptEntryId: "entry-3", + tokensBefore: 1000, + fileOps: { read: [], edited: [], written: [] }, + }, + customInstructions: "", + signal: new AbortController().signal, + }; + + // First call — writes boundary + const { result: result1 } = await runCompactionScenario({ + sessionManager, + event: mockEvent, + apiKey: "sk-test", // pragma: allowlist secret + }); + const compaction1 = expectCompactionResult(result1); + expect(compaction1.summary).toContain("## Decisions"); + + // Simulate: after the boundary, a new assistant message arrives, SDK + // triggers compaction again with another empty preparation. The safeguard + // must write another boundary (not cancel) to avoid re-entering the + // cancel loop described in the maintainer review. + const { result: result2 } = await runCompactionScenario({ + sessionManager, + event: mockEvent, + apiKey: "sk-test", // pragma: allowlist secret + }); + const compaction2 = expectCompactionResult(result2); + expect(compaction2.summary).toContain("## Decisions"); + expect(compaction2.firstKeptEntryId).toBe("entry-3"); + }); + + it("does not write boundary when turnPrefixMessages has real content (split-turn)", async () => { + const sessionManager = stubSessionManager(); + const model = createAnthropicModelFixture(); + setCompactionSafeguardRuntime(sessionManager, { model }); + + const mockEvent = { + preparation: { + messagesToSummarize: [] as AgentMessage[], + turnPrefixMessages: [ + { role: "user" as const, content: "real turn prefix content" }, + ] as AgentMessage[], + firstKeptEntryId: "entry-4", + tokensBefore: 2000, + fileOps: { read: [], edited: [], written: [] }, + isSplitTurn: true, + }, + customInstructions: "", + signal: new AbortController().signal, + }; + const { result } = await runCompactionScenario({ + sessionManager, + event: mockEvent, + apiKey: null, + }); + // Should NOT take the boundary fast-path — falls through to normal compaction + // (which cancels due to no API key, but that's the expected normal path) + expect(result).toEqual({ cancel: true }); + }); + it("continues when messages include real conversation content", async () => { const sessionManager = stubSessionManager(); const model = createAnthropicModelFixture(); diff --git a/src/agents/pi-extensions/compaction-safeguard.ts b/src/agents/pi-extensions/compaction-safeguard.ts index 4461b97d3e0..92332140656 100644 --- a/src/agents/pi-extensions/compaction-safeguard.ts +++ b/src/agents/pi-extensions/compaction-safeguard.ts @@ -702,11 +702,32 @@ async function readWorkspaceContextForSummary(): Promise { export default function compactionSafeguardExtension(api: ExtensionAPI): void { api.on("session_before_compact", async (event, ctx) => { const { preparation, customInstructions: eventInstructions, signal } = event; - if (!preparation.messagesToSummarize.some(isRealConversationMessage)) { - log.warn( - "Compaction safeguard: cancelling compaction with no real conversation messages to summarize.", + const hasRealSummarizable = preparation.messagesToSummarize.some(isRealConversationMessage); + const hasRealTurnPrefix = preparation.turnPrefixMessages.some(isRealConversationMessage); + if (!hasRealSummarizable && !hasRealTurnPrefix) { + // When there are no summarizable messages AND no real turn-prefix content, + // cancelling compaction leaves context unchanged but the SDK re-triggers + // _checkCompaction after every assistant response — creating a cancel loop + // that blocks cron lanes (#41981). + // + // Strategy: always return a minimal compaction result so the SDK writes a + // boundary entry. The SDK's prepareCompaction() returns undefined when the + // last entry is a compaction, which blocks immediate re-triggering within + // the same turn. After a new assistant message arrives, if the SDK triggers + // compaction again with an empty preparation, we write another boundary — + // this is bounded to at most one boundary per LLM round-trip, not a tight + // loop. + log.info( + "Compaction safeguard: no real conversation messages to summarize; writing compaction boundary to suppress re-trigger loop.", ); - return { cancel: true }; + const fallbackSummary = buildStructuredFallbackSummary(preparation.previousSummary); + return { + compaction: { + summary: fallbackSummary, + firstKeptEntryId: preparation.firstKeptEntryId, + tokensBefore: preparation.tokensBefore, + }, + }; } const { readFiles, modifiedFiles } = computeFileLists(preparation.fileOps); const fileOpsSummary = formatFileOperations(readFiles, modifiedFiles); diff --git a/src/agents/pi-project-settings.bundle.test.ts b/src/agents/pi-project-settings.bundle.test.ts index d297b1ef3a1..abac767036f 100644 --- a/src/agents/pi-project-settings.bundle.test.ts +++ b/src/agents/pi-project-settings.bundle.test.ts @@ -1,57 +1,37 @@ import fs from "node:fs/promises"; import path from "node:path"; -import { afterEach, describe, expect, it, vi } from "vitest"; -import type { PluginManifestRegistry } from "../plugins/manifest-registry.js"; +import { afterEach, describe, expect, it } from "vitest"; import { createTrackedTempDirs } from "../test-utils/tracked-temp-dirs.js"; -const hoisted = vi.hoisted(() => ({ - loadPluginManifestRegistry: vi.fn(), -})); - -vi.mock("../plugins/manifest-registry.js", () => ({ - loadPluginManifestRegistry: (...args: unknown[]) => hoisted.loadPluginManifestRegistry(...args), -})); - const { loadEnabledBundlePiSettingsSnapshot } = await import("./pi-project-settings.js"); const tempDirs = createTrackedTempDirs(); -function buildRegistry(params: { - pluginRoot: string; - settingsFiles?: string[]; -}): PluginManifestRegistry { - return { - diagnostics: [], - plugins: [ - { - id: "claude-bundle", - name: "Claude Bundle", - format: "bundle", - bundleFormat: "claude", - bundleCapabilities: ["settings"], - channels: [], - providers: [], - skills: [], - settingsFiles: params.settingsFiles ?? ["settings.json"], - hooks: [], - origin: "workspace", - rootDir: params.pluginRoot, - source: params.pluginRoot, - manifestPath: path.join(params.pluginRoot, ".claude-plugin", "plugin.json"), - }, - ], - }; -} - afterEach(async () => { - hoisted.loadPluginManifestRegistry.mockReset(); await tempDirs.cleanup(); }); +async function createWorkspaceBundle(params: { + workspaceDir: string; + pluginId?: string; +}): Promise { + const pluginId = params.pluginId ?? "claude-bundle"; + const pluginRoot = path.join(params.workspaceDir, ".openclaw", "extensions", pluginId); + await fs.mkdir(path.join(pluginRoot, ".claude-plugin"), { recursive: true }); + await fs.writeFile( + path.join(pluginRoot, ".claude-plugin", "plugin.json"), + JSON.stringify({ + name: pluginId, + }), + "utf-8", + ); + return pluginRoot; +} + describe("loadEnabledBundlePiSettingsSnapshot", () => { it("loads sanitized settings from enabled bundle plugins", async () => { const workspaceDir = await tempDirs.make("openclaw-workspace-"); - const pluginRoot = await tempDirs.make("openclaw-bundle-"); + const pluginRoot = await createWorkspaceBundle({ workspaceDir }); await fs.writeFile( path.join(pluginRoot, "settings.json"), JSON.stringify({ @@ -61,7 +41,6 @@ describe("loadEnabledBundlePiSettingsSnapshot", () => { }), "utf-8", ); - hoisted.loadPluginManifestRegistry.mockReturnValue(buildRegistry({ pluginRoot })); const snapshot = loadEnabledBundlePiSettingsSnapshot({ cwd: workspaceDir, @@ -79,15 +58,94 @@ describe("loadEnabledBundlePiSettingsSnapshot", () => { expect(snapshot.compaction?.keepRecentTokens).toBe(64_000); }); + it("loads enabled bundle MCP servers into the Pi settings snapshot", async () => { + const workspaceDir = await tempDirs.make("openclaw-workspace-"); + const pluginRoot = await createWorkspaceBundle({ workspaceDir }); + const resolvedPluginRoot = await fs.realpath(pluginRoot); + await fs.mkdir(path.join(pluginRoot, "servers"), { recursive: true }); + const resolvedServerPath = await fs.realpath(path.join(pluginRoot, "servers")); + await fs.writeFile( + path.join(pluginRoot, ".mcp.json"), + JSON.stringify({ + mcpServers: { + bundleProbe: { + command: "node", + args: ["./servers/probe.mjs"], + }, + }, + }), + "utf-8", + ); + + const snapshot = loadEnabledBundlePiSettingsSnapshot({ + cwd: workspaceDir, + cfg: { + plugins: { + entries: { + "claude-bundle": { enabled: true }, + }, + }, + }, + }); + + expect((snapshot as Record).mcpServers).toEqual({ + bundleProbe: { + command: "node", + args: [path.join(resolvedServerPath, "probe.mjs")], + cwd: resolvedPluginRoot, + }, + }); + }); + + it("lets top-level MCP config override bundle MCP defaults", async () => { + const workspaceDir = await tempDirs.make("openclaw-workspace-"); + const pluginRoot = await createWorkspaceBundle({ workspaceDir }); + await fs.writeFile( + path.join(pluginRoot, ".mcp.json"), + JSON.stringify({ + mcpServers: { + sharedServer: { + command: "node", + args: ["./servers/bundle.mjs"], + }, + }, + }), + "utf-8", + ); + + const snapshot = loadEnabledBundlePiSettingsSnapshot({ + cwd: workspaceDir, + cfg: { + mcp: { + servers: { + sharedServer: { + url: "https://example.com/mcp", + }, + }, + }, + plugins: { + entries: { + "claude-bundle": { enabled: true }, + }, + }, + }, + }); + + expect((snapshot as Record).mcpServers).toEqual({ + sharedServer: { + url: "https://example.com/mcp", + }, + }); + }); + it("ignores disabled bundle plugins", async () => { const workspaceDir = await tempDirs.make("openclaw-workspace-"); - const pluginRoot = await tempDirs.make("openclaw-bundle-"); + const pluginRoot = await createWorkspaceBundle({ workspaceDir }); await fs.writeFile( path.join(pluginRoot, "settings.json"), JSON.stringify({ hideThinkingBlock: true }), "utf-8", ); - hoisted.loadPluginManifestRegistry.mockReturnValue(buildRegistry({ pluginRoot })); const snapshot = loadEnabledBundlePiSettingsSnapshot({ cwd: workspaceDir, diff --git a/src/agents/pi-project-settings.test.ts b/src/agents/pi-project-settings.test.ts index 92d676b8427..22c0860e017 100644 --- a/src/agents/pi-project-settings.test.ts +++ b/src/agents/pi-project-settings.test.ts @@ -5,6 +5,8 @@ import { resolveEmbeddedPiProjectSettingsPolicy, } from "./pi-project-settings.js"; +type EmbeddedPiSettingsArgs = Parameters[0]; + describe("resolveEmbeddedPiProjectSettingsPolicy", () => { it("defaults to sanitize", () => { expect(resolveEmbeddedPiProjectSettingsPolicy()).toBe( @@ -93,4 +95,34 @@ describe("buildEmbeddedPiSettingsSnapshot", () => { expect(snapshot.compaction?.reserveTokens).toBe(32_000); expect(snapshot.hideThinkingBlock).toBe(true); }); + + it("lets project Pi settings override bundle MCP defaults", () => { + const snapshot = buildEmbeddedPiSettingsSnapshot({ + globalSettings, + pluginSettings: { + mcpServers: { + bundleProbe: { + command: "node", + args: ["/plugins/probe.mjs"], + }, + }, + } as EmbeddedPiSettingsArgs["pluginSettings"], + projectSettings: { + mcpServers: { + bundleProbe: { + command: "deno", + args: ["/workspace/probe.ts"], + }, + }, + } as EmbeddedPiSettingsArgs["projectSettings"], + policy: "sanitize", + }); + + expect((snapshot as Record).mcpServers).toEqual({ + bundleProbe: { + command: "deno", + args: ["/workspace/probe.ts"], + }, + }); + }); }); diff --git a/src/agents/pi-project-settings.ts b/src/agents/pi-project-settings.ts index 8e08d11bca7..9732e8088a9 100644 --- a/src/agents/pi-project-settings.ts +++ b/src/agents/pi-project-settings.ts @@ -5,9 +5,11 @@ import type { OpenClawConfig } from "../config/config.js"; import { applyMergePatch } from "../config/merge-patch.js"; import { openBoundaryFileSync } from "../infra/boundary-file-read.js"; import { createSubsystemLogger } from "../logging/subsystem.js"; +import type { BundleMcpServerConfig } from "../plugins/bundle-mcp.js"; import { normalizePluginsConfig, resolveEffectiveEnableState } from "../plugins/config-state.js"; import { loadPluginManifestRegistry } from "../plugins/manifest-registry.js"; import { isRecord } from "../utils.js"; +import { loadEmbeddedPiMcpConfig } from "./embedded-pi-mcp.js"; import { applyPiCompactionSettingsFromConfig } from "./pi-settings.js"; const log = createSubsystemLogger("embedded-pi-settings"); @@ -17,7 +19,9 @@ export const SANITIZED_PROJECT_PI_KEYS = ["shellPath", "shellCommandPrefix"] as export type EmbeddedPiProjectSettingsPolicy = "trusted" | "sanitize" | "ignore"; -type PiSettingsSnapshot = ReturnType; +type PiSettingsSnapshot = ReturnType & { + mcpServers?: Record; +}; function sanitizePiSettingsSnapshot(settings: PiSettingsSnapshot): PiSettingsSnapshot { const sanitized = { ...settings }; @@ -107,6 +111,19 @@ export function loadEnabledBundlePiSettingsSnapshot(params: { } } + const embeddedPiMcp = loadEmbeddedPiMcpConfig({ + workspaceDir, + cfg: params.cfg, + }); + for (const diagnostic of embeddedPiMcp.diagnostics) { + log.warn(`bundle MCP skipped for ${diagnostic.pluginId}: ${diagnostic.message}`); + } + if (Object.keys(embeddedPiMcp.mcpServers).length > 0) { + snapshot = applyMergePatch(snapshot, { + mcpServers: embeddedPiMcp.mcpServers, + }) as PiSettingsSnapshot; + } + return snapshot; } diff --git a/src/agents/pi-tools.before-tool-call.runtime.ts b/src/agents/pi-tools.before-tool-call.runtime.ts index b78a58231a2..95126670e31 100644 --- a/src/agents/pi-tools.before-tool-call.runtime.ts +++ b/src/agents/pi-tools.before-tool-call.runtime.ts @@ -1,7 +1,15 @@ -export { getDiagnosticSessionState } from "../logging/diagnostic-session-state.js"; -export { logToolLoopAction } from "../logging/diagnostic.js"; -export { +import { getDiagnosticSessionState } from "../logging/diagnostic-session-state.js"; +import { logToolLoopAction } from "../logging/diagnostic.js"; +import { detectToolCallLoop, recordToolCall, recordToolCallOutcome, } from "./tool-loop-detection.js"; + +export const beforeToolCallRuntime = { + getDiagnosticSessionState, + logToolLoopAction, + detectToolCallLoop, + recordToolCall, + recordToolCallOutcome, +}; diff --git a/src/agents/pi-tools.before-tool-call.ts b/src/agents/pi-tools.before-tool-call.ts index 99a470e8bd0..62bf0e0fb59 100644 --- a/src/agents/pi-tools.before-tool-call.ts +++ b/src/agents/pi-tools.before-tool-call.ts @@ -2,6 +2,7 @@ import type { ToolLoopDetectionConfig } from "../config/types.tools.js"; import type { SessionState } from "../logging/diagnostic-session-state.js"; import { createSubsystemLogger } from "../logging/subsystem.js"; import { getGlobalHookRunner } from "../plugins/hook-runner-global.js"; +import { createLazyRuntimeSurface } from "../shared/lazy-runtime.js"; import { isPlainObject } from "../utils.js"; import { normalizeToolName } from "./tool-policy.js"; import type { AnyAgentTool } from "./tools/common.js"; @@ -23,14 +24,11 @@ const adjustedParamsByToolCallId = new Map(); const MAX_TRACKED_ADJUSTED_PARAMS = 1024; const LOOP_WARNING_BUCKET_SIZE = 10; const MAX_LOOP_WARNING_KEYS = 256; -let beforeToolCallRuntimePromise: Promise< - typeof import("./pi-tools.before-tool-call.runtime.js") -> | null = null; -function loadBeforeToolCallRuntime() { - beforeToolCallRuntimePromise ??= import("./pi-tools.before-tool-call.runtime.js"); - return beforeToolCallRuntimePromise; -} +const loadBeforeToolCallRuntime = createLazyRuntimeSurface( + () => import("./pi-tools.before-tool-call.runtime.js"), + ({ beforeToolCallRuntime }) => beforeToolCallRuntime, +); function buildAdjustedParamsKey(params: { runId?: string; toolCallId: string }): string { if (params.runId && params.runId.trim()) { diff --git a/src/agents/pi-tools.ts b/src/agents/pi-tools.ts index 9c7aafbd56e..b8be63f65e5 100644 --- a/src/agents/pi-tools.ts +++ b/src/agents/pi-tools.ts @@ -259,6 +259,8 @@ export function createOpenClawCodingTools(options?: { replyToMode?: "off" | "first" | "all"; /** Mutable ref to track if a reply was sent (for "first" mode). */ hasRepliedRef?: { value: boolean }; + /** Allow plugin tools for this run to late-bind the gateway subagent. */ + allowGatewaySubagentBinding?: boolean; /** If true, the model has native vision capability */ modelHasVision?: boolean; /** Require explicit message targets (no implicit last-route sends). */ @@ -535,6 +537,7 @@ export function createOpenClawCodingTools(options?: { senderIsOwner: options?.senderIsOwner, sessionId: options?.sessionId, onYield: options?.onYield, + allowGatewaySubagentBinding: options?.allowGatewaySubagentBinding, }), ]; const toolsForMemoryFlush = diff --git a/src/agents/provider-attribution.test.ts b/src/agents/provider-attribution.test.ts new file mode 100644 index 00000000000..04c7d040b17 --- /dev/null +++ b/src/agents/provider-attribution.test.ts @@ -0,0 +1,114 @@ +import { describe, expect, it } from "vitest"; +import { + listProviderAttributionPolicies, + resolveProviderAttributionHeaders, + resolveProviderAttributionIdentity, + resolveProviderAttributionPolicy, +} from "./provider-attribution.js"; + +describe("provider attribution", () => { + it("resolves the canonical OpenClaw product and runtime version", () => { + const identity = resolveProviderAttributionIdentity({ + OPENCLAW_VERSION: "2026.3.99", + }); + + expect(identity).toEqual({ + product: "OpenClaw", + version: "2026.3.99", + }); + }); + + it("returns a documented OpenRouter attribution policy", () => { + const policy = resolveProviderAttributionPolicy("openrouter", { + OPENCLAW_VERSION: "2026.3.14", + }); + + expect(policy).toEqual({ + provider: "openrouter", + enabledByDefault: true, + verification: "vendor-documented", + hook: "request-headers", + docsUrl: "https://openrouter.ai/docs/app-attribution", + reviewNote: "Documented app attribution headers. Verified in OpenClaw runtime wrapper.", + product: "OpenClaw", + version: "2026.3.14", + headers: { + "HTTP-Referer": "https://openclaw.ai", + "X-OpenRouter-Title": "OpenClaw", + "X-OpenRouter-Categories": "cli-agent", + }, + }); + }); + + it("normalizes aliases when resolving provider headers", () => { + expect( + resolveProviderAttributionHeaders("OpenRouter", { + OPENCLAW_VERSION: "2026.3.14", + }), + ).toEqual({ + "HTTP-Referer": "https://openclaw.ai", + "X-OpenRouter-Title": "OpenClaw", + "X-OpenRouter-Categories": "cli-agent", + }); + }); + + it("returns a hidden-spec OpenAI attribution policy", () => { + expect(resolveProviderAttributionPolicy("openai", { OPENCLAW_VERSION: "2026.3.14" })).toEqual({ + provider: "openai", + enabledByDefault: true, + verification: "vendor-hidden-api-spec", + hook: "request-headers", + reviewNote: + "OpenAI native traffic supports hidden originator/User-Agent attribution. Verified against the Codex wire contract.", + product: "OpenClaw", + version: "2026.3.14", + headers: { + originator: "openclaw", + "User-Agent": "openclaw/2026.3.14", + }, + }); + expect(resolveProviderAttributionHeaders("openai", { OPENCLAW_VERSION: "2026.3.14" })).toEqual({ + originator: "openclaw", + "User-Agent": "openclaw/2026.3.14", + }); + }); + + it("returns a hidden-spec OpenAI Codex attribution policy", () => { + expect( + resolveProviderAttributionPolicy("openai-codex", { OPENCLAW_VERSION: "2026.3.14" }), + ).toEqual({ + provider: "openai-codex", + enabledByDefault: true, + verification: "vendor-hidden-api-spec", + hook: "request-headers", + reviewNote: + "OpenAI Codex ChatGPT-backed traffic supports the same hidden originator/User-Agent attribution contract.", + product: "OpenClaw", + version: "2026.3.14", + headers: { + originator: "openclaw", + "User-Agent": "openclaw/2026.3.14", + }, + }); + }); + + it("lists the current attribution support matrix", () => { + expect( + listProviderAttributionPolicies({ OPENCLAW_VERSION: "2026.3.14" }).map((policy) => [ + policy.provider, + policy.enabledByDefault, + policy.verification, + policy.hook, + ]), + ).toEqual([ + ["openrouter", true, "vendor-documented", "request-headers"], + ["openai", true, "vendor-hidden-api-spec", "request-headers"], + ["openai-codex", true, "vendor-hidden-api-spec", "request-headers"], + ["anthropic", false, "vendor-sdk-hook-only", "default-headers"], + ["google", false, "vendor-sdk-hook-only", "user-agent-extra"], + ["groq", false, "vendor-sdk-hook-only", "default-headers"], + ["mistral", false, "vendor-sdk-hook-only", "custom-user-agent"], + ["together", false, "vendor-sdk-hook-only", "default-headers"], + ]); + }); +}); diff --git a/src/agents/provider-attribution.ts b/src/agents/provider-attribution.ts new file mode 100644 index 00000000000..f1111a8e5bd --- /dev/null +++ b/src/agents/provider-attribution.ts @@ -0,0 +1,174 @@ +import type { RuntimeVersionEnv } from "../version.js"; +import { resolveRuntimeServiceVersion } from "../version.js"; +import { normalizeProviderId } from "./model-selection.js"; + +export type ProviderAttributionVerification = + | "vendor-documented" + | "vendor-hidden-api-spec" + | "vendor-sdk-hook-only" + | "internal-runtime"; + +export type ProviderAttributionHook = + | "request-headers" + | "default-headers" + | "user-agent-extra" + | "custom-user-agent"; + +export type ProviderAttributionPolicy = { + provider: string; + enabledByDefault: boolean; + verification: ProviderAttributionVerification; + hook?: ProviderAttributionHook; + docsUrl?: string; + reviewNote?: string; + product: string; + version: string; + headers?: Record; +}; + +export type ProviderAttributionIdentity = Pick; + +const OPENCLAW_ATTRIBUTION_PRODUCT = "OpenClaw"; +const OPENCLAW_ATTRIBUTION_ORIGINATOR = "openclaw"; + +export function resolveProviderAttributionIdentity( + env: RuntimeVersionEnv = process.env as RuntimeVersionEnv, +): ProviderAttributionIdentity { + return { + product: OPENCLAW_ATTRIBUTION_PRODUCT, + version: resolveRuntimeServiceVersion(env), + }; +} + +function buildOpenRouterAttributionPolicy( + env: RuntimeVersionEnv = process.env as RuntimeVersionEnv, +): ProviderAttributionPolicy { + const identity = resolveProviderAttributionIdentity(env); + return { + provider: "openrouter", + enabledByDefault: true, + verification: "vendor-documented", + hook: "request-headers", + docsUrl: "https://openrouter.ai/docs/app-attribution", + reviewNote: "Documented app attribution headers. Verified in OpenClaw runtime wrapper.", + ...identity, + headers: { + "HTTP-Referer": "https://openclaw.ai", + "X-OpenRouter-Title": identity.product, + "X-OpenRouter-Categories": "cli-agent", + }, + }; +} + +function buildOpenAIAttributionPolicy( + env: RuntimeVersionEnv = process.env as RuntimeVersionEnv, +): ProviderAttributionPolicy { + const identity = resolveProviderAttributionIdentity(env); + return { + provider: "openai", + enabledByDefault: true, + verification: "vendor-hidden-api-spec", + hook: "request-headers", + reviewNote: + "OpenAI native traffic supports hidden originator/User-Agent attribution. Verified against the Codex wire contract.", + ...identity, + headers: { + originator: OPENCLAW_ATTRIBUTION_ORIGINATOR, + "User-Agent": `${OPENCLAW_ATTRIBUTION_ORIGINATOR}/${identity.version}`, + }, + }; +} + +function buildOpenAICodexAttributionPolicy( + env: RuntimeVersionEnv = process.env as RuntimeVersionEnv, +): ProviderAttributionPolicy { + const identity = resolveProviderAttributionIdentity(env); + return { + provider: "openai-codex", + enabledByDefault: true, + verification: "vendor-hidden-api-spec", + hook: "request-headers", + reviewNote: + "OpenAI Codex ChatGPT-backed traffic supports the same hidden originator/User-Agent attribution contract.", + ...identity, + headers: { + originator: OPENCLAW_ATTRIBUTION_ORIGINATOR, + "User-Agent": `${OPENCLAW_ATTRIBUTION_ORIGINATOR}/${identity.version}`, + }, + }; +} + +function buildSdkHookOnlyPolicy( + provider: string, + hook: ProviderAttributionHook, + reviewNote: string, + env: RuntimeVersionEnv = process.env as RuntimeVersionEnv, +): ProviderAttributionPolicy { + return { + provider, + enabledByDefault: false, + verification: "vendor-sdk-hook-only", + hook, + reviewNote, + ...resolveProviderAttributionIdentity(env), + }; +} + +export function listProviderAttributionPolicies( + env: RuntimeVersionEnv = process.env as RuntimeVersionEnv, +): ProviderAttributionPolicy[] { + return [ + buildOpenRouterAttributionPolicy(env), + buildOpenAIAttributionPolicy(env), + buildOpenAICodexAttributionPolicy(env), + buildSdkHookOnlyPolicy( + "anthropic", + "default-headers", + "Anthropic JS SDK exposes defaultHeaders, but app attribution is not yet verified.", + env, + ), + buildSdkHookOnlyPolicy( + "google", + "user-agent-extra", + "Google GenAI JS SDK exposes userAgentExtra/httpOptions, but provider-side attribution is not yet verified.", + env, + ), + buildSdkHookOnlyPolicy( + "groq", + "default-headers", + "Groq JS SDK exposes defaultHeaders, but app attribution is not yet verified.", + env, + ), + buildSdkHookOnlyPolicy( + "mistral", + "custom-user-agent", + "Mistral JS SDK exposes a custom userAgent option, but app attribution is not yet verified.", + env, + ), + buildSdkHookOnlyPolicy( + "together", + "default-headers", + "Together JS SDK exposes defaultHeaders, but app attribution is not yet verified.", + env, + ), + ]; +} + +export function resolveProviderAttributionPolicy( + provider?: string | null, + env: RuntimeVersionEnv = process.env as RuntimeVersionEnv, +): ProviderAttributionPolicy | undefined { + const normalized = normalizeProviderId(provider ?? ""); + return listProviderAttributionPolicies(env).find((policy) => policy.provider === normalized); +} + +export function resolveProviderAttributionHeaders( + provider?: string | null, + env: RuntimeVersionEnv = process.env as RuntimeVersionEnv, +): Record | undefined { + const policy = resolveProviderAttributionPolicy(provider, env); + if (!policy?.enabledByDefault) { + return undefined; + } + return policy.headers; +} diff --git a/src/agents/provider-capabilities.test.ts b/src/agents/provider-capabilities.test.ts index 699cba9ffe5..fa3b12b8d4d 100644 --- a/src/agents/provider-capabilities.test.ts +++ b/src/agents/provider-capabilities.test.ts @@ -30,7 +30,7 @@ const resolveProviderCapabilitiesWithPluginMock = vi.fn((params: { provider: str geminiThoughtSignatureSanitization: true, geminiThoughtSignatureModelHints: ["gemini"], }; - case "kimi-coding": + case "kimi": return { preserveAnthropicThinkingSignatures: false, }; @@ -84,9 +84,7 @@ describe("resolveProviderCapabilities", () => { }); it("normalizes kimi aliases to the same capability set", () => { - expect(resolveProviderCapabilities("kimi-coding")).toEqual( - resolveProviderCapabilities("kimi-code"), - ); + expect(resolveProviderCapabilities("kimi")).toEqual(resolveProviderCapabilities("kimi-code")); expect(resolveProviderCapabilities("kimi-code")).toEqual({ anthropicToolSchemaMode: "native", anthropicToolChoiceMode: "native", @@ -131,7 +129,7 @@ describe("resolveProviderCapabilities", () => { }); it("treats kimi aliases as native anthropic tool payload providers", () => { - expect(requiresOpenAiCompatibleAnthropicToolPayload("kimi-coding")).toBe(false); + expect(requiresOpenAiCompatibleAnthropicToolPayload("kimi")).toBe(false); expect(requiresOpenAiCompatibleAnthropicToolPayload("kimi-code")).toBe(false); expect(requiresOpenAiCompatibleAnthropicToolPayload("anthropic")).toBe(false); }); diff --git a/src/agents/provider-id.ts b/src/agents/provider-id.ts index 354817e8a96..bd82c3c3edd 100644 --- a/src/agents/provider-id.ts +++ b/src/agents/provider-id.ts @@ -12,8 +12,8 @@ export function normalizeProviderId(provider: string): string { if (normalized === "qwen") { return "qwen-portal"; } - if (normalized === "kimi-code") { - return "kimi-coding"; + if (normalized === "kimi" || normalized === "kimi-code" || normalized === "kimi-coding") { + return "kimi"; } if (normalized === "bedrock" || normalized === "aws-bedrock") { return "amazon-bedrock"; diff --git a/src/agents/runtime-plugins.ts b/src/agents/runtime-plugins.ts index ace53258e0f..0bf395b505c 100644 --- a/src/agents/runtime-plugins.ts +++ b/src/agents/runtime-plugins.ts @@ -5,6 +5,7 @@ import { resolveUserPath } from "../utils.js"; export function ensureRuntimePluginsLoaded(params: { config?: OpenClawConfig; workspaceDir?: string | null; + allowGatewaySubagentBinding?: boolean; }): void { const workspaceDir = typeof params.workspaceDir === "string" && params.workspaceDir.trim() @@ -14,5 +15,10 @@ export function ensureRuntimePluginsLoaded(params: { loadOpenClawPlugins({ config: params.config, workspaceDir, + runtimeOptions: params.allowGatewaySubagentBinding + ? { + allowGatewaySubagentBinding: true, + } + : undefined, }); } diff --git a/src/agents/sandbox/constants.ts b/src/agents/sandbox/constants.ts index 8e906eb9432..80915b3bfce 100644 --- a/src/agents/sandbox/constants.ts +++ b/src/agents/sandbox/constants.ts @@ -1,5 +1,5 @@ import path from "node:path"; -import { CHANNEL_IDS } from "../../channels/registry.js"; +import { CHANNEL_IDS } from "../../channels/ids.js"; import { STATE_DIR } from "../../config/paths.js"; export const DEFAULT_SANDBOX_WORKSPACE_ROOT = path.join(STATE_DIR, "sandboxes"); diff --git a/src/agents/sandbox/remote-fs-bridge.ts b/src/agents/sandbox/remote-fs-bridge.ts index ef70e928eac..878bdacc3c3 100644 --- a/src/agents/sandbox/remote-fs-bridge.ts +++ b/src/agents/sandbox/remote-fs-bridge.ts @@ -1,7 +1,12 @@ import path from "node:path"; +import { isPathInside } from "../../infra/path-guards.js"; import type { SandboxBackendCommandParams, SandboxBackendCommandResult } from "./backend.js"; import { SANDBOX_PINNED_MUTATION_PYTHON } from "./fs-bridge-mutation-helper.js"; import type { SandboxFsBridge, SandboxFsStat, SandboxResolvedPath } from "./fs-bridge.js"; +import { + isPathInsideContainerRoot, + normalizeContainerPath as normalizeSandboxContainerPath, +} from "./path-utils.js"; import type { SandboxContext } from "./types.js"; type ResolvedRemotePath = SandboxResolvedPath & { @@ -496,23 +501,10 @@ class RemoteShellSandboxFsBridge implements SandboxFsBridge { } function normalizeContainerPath(value: string): string { - const normalized = path.posix.normalize(value.trim() || "/"); + const normalized = normalizeSandboxContainerPath(value.trim() || "/"); return normalized.startsWith("/") ? normalized : `/${normalized}`; } -function isPathInsideContainerRoot(root: string, candidate: string): boolean { - const normalizedRoot = normalizeContainerPath(root); - const normalizedCandidate = normalizeContainerPath(candidate); - return ( - normalizedCandidate === normalizedRoot || normalizedCandidate.startsWith(`${normalizedRoot}/`) - ); -} - -function isPathInside(root: string, candidate: string): boolean { - const relative = path.relative(root, candidate); - return relative === "" || (!relative.startsWith("..") && !path.isAbsolute(relative)); -} - function toPosixRelative(root: string, candidate: string): string { return path.relative(root, candidate).split(path.sep).filter(Boolean).join(path.posix.sep); } diff --git a/src/agents/sandbox/ssh.test.ts b/src/agents/sandbox/ssh.test.ts index c2c07a3bf11..09ef1ee75fd 100644 --- a/src/agents/sandbox/ssh.test.ts +++ b/src/agents/sandbox/ssh.test.ts @@ -39,10 +39,52 @@ describe("sandbox ssh helpers", () => { expect(config).toContain("UpdateHostKeys no"); const configDir = session.configPath.slice(0, session.configPath.lastIndexOf("/")); - expect(await fs.readFile(`${configDir}/identity`, "utf8")).toBe("PRIVATE KEY"); - expect(await fs.readFile(`${configDir}/certificate.pub`, "utf8")).toBe("SSH CERT"); + expect(await fs.readFile(`${configDir}/identity`, "utf8")).toBe("PRIVATE KEY\n"); + expect(await fs.readFile(`${configDir}/certificate.pub`, "utf8")).toBe("SSH CERT\n"); expect(await fs.readFile(`${configDir}/known_hosts`, "utf8")).toBe( - "example.com ssh-ed25519 AAAATEST", + "example.com ssh-ed25519 AAAATEST\n", + ); + }); + + it("normalizes CRLF and escaped-newline private keys before writing temp files", async () => { + const session = await createSshSandboxSessionFromSettings({ + command: "ssh", + target: "peter@example.com:2222", + strictHostKeyChecking: true, + updateHostKeys: false, + identityData: + "-----BEGIN OPENSSH PRIVATE KEY-----\\nbGluZTE=\\r\\nbGluZTI=\\r\\n-----END OPENSSH PRIVATE KEY-----", + knownHostsData: "example.com ssh-ed25519 AAAATEST", + }); + sessions.push(session); + + const configDir = session.configPath.slice(0, session.configPath.lastIndexOf("/")); + expect(await fs.readFile(`${configDir}/identity`, "utf8")).toBe( + "-----BEGIN OPENSSH PRIVATE KEY-----\n" + + "bGluZTE=\n" + + "bGluZTI=\n" + + "-----END OPENSSH PRIVATE KEY-----\n", + ); + }); + + it("normalizes mixed real and escaped newlines in private keys", async () => { + const session = await createSshSandboxSessionFromSettings({ + command: "ssh", + target: "peter@example.com:2222", + strictHostKeyChecking: true, + updateHostKeys: false, + identityData: + "-----BEGIN OPENSSH PRIVATE KEY-----\nline-1\\nline-2\n-----END OPENSSH PRIVATE KEY-----", + knownHostsData: "example.com ssh-ed25519 AAAATEST", + }); + sessions.push(session); + + const configDir = session.configPath.slice(0, session.configPath.lastIndexOf("/")); + expect(await fs.readFile(`${configDir}/identity`, "utf8")).toBe( + "-----BEGIN OPENSSH PRIVATE KEY-----\n" + + "line-1\n" + + "line-2\n" + + "-----END OPENSSH PRIVATE KEY-----\n", ); }); diff --git a/src/agents/sandbox/ssh.ts b/src/agents/sandbox/ssh.ts index 1590b515e8f..d4884b44a3a 100644 --- a/src/agents/sandbox/ssh.ts +++ b/src/agents/sandbox/ssh.ts @@ -35,6 +35,35 @@ export type RunSshSandboxCommandParams = { tty?: boolean; }; +function normalizeInlineSshMaterial(contents: string, filename: string): string { + const withoutBom = contents.replace(/^\uFEFF/, ""); + const normalizedNewlines = withoutBom.replace(/\r\n?/g, "\n"); + const normalizedEscapedNewlines = normalizedNewlines + .replace(/\\r\\n/g, "\\n") + .replace(/\\r/g, "\\n"); + const expanded = + filename === "identity" || filename === "certificate.pub" + ? normalizedEscapedNewlines.replace(/\\n/g, "\n") + : normalizedEscapedNewlines; + return expanded.endsWith("\n") ? expanded : `${expanded}\n`; +} + +function buildSshFailureMessage(stderr: string, exitCode?: number): string { + const trimmed = stderr.trim(); + if ( + trimmed.includes("error in libcrypto") && + (trimmed.includes('Load key "') || trimmed.includes("Permission denied (publickey)")) + ) { + return `${trimmed}\nSSH sandbox failed to load the configured identity. The private key contents may be malformed (for example CRLF or escaped newlines). Prefer identityFile when possible.`; + } + return ( + trimmed || + (exitCode !== undefined + ? `ssh exited with code ${exitCode}` + : "ssh exited with a non-zero status") + ); +} + export function shellEscape(value: string): string { return `'${value.replaceAll("'", `'"'"'`)}'`; } @@ -201,14 +230,11 @@ export async function runSshSandboxCommand( const exitCode = code ?? 0; if (exitCode !== 0 && !params.allowFailure) { reject( - Object.assign( - new Error(stderr.toString("utf8").trim() || `ssh exited with code ${exitCode}`), - { - code: exitCode, - stdout, - stderr, - }, - ), + Object.assign(new Error(buildSshFailureMessage(stderr.toString("utf8"), exitCode)), { + code: exitCode, + stdout, + stderr, + }), ); return; } @@ -328,7 +354,10 @@ async function writeSecretMaterial( contents: string, ): Promise { const pathname = path.join(dir, filename); - await fs.writeFile(pathname, contents, { encoding: "utf8", mode: 0o600 }); + await fs.writeFile(pathname, normalizeInlineSshMaterial(contents, filename), { + encoding: "utf8", + mode: 0o600, + }); await fs.chmod(pathname, 0o600); return pathname; } diff --git a/src/agents/skills.build-workspace-skills-prompt.syncs-merged-skills-into-target-workspace.test.ts b/src/agents/skills.build-workspace-skills-prompt.syncs-merged-skills-into-target-workspace.test.ts index 1f4da5163e1..b09571f540f 100644 --- a/src/agents/skills.build-workspace-skills-prompt.syncs-merged-skills-into-target-workspace.test.ts +++ b/src/agents/skills.build-workspace-skills-prompt.syncs-merged-skills-into-target-workspace.test.ts @@ -200,30 +200,30 @@ describe("buildWorkspaceSkillsPrompt", () => { }); it("filters skills based on env/config gates", async () => { const workspaceDir = await createCaseDir("workspace"); - const skillDir = path.join(workspaceDir, "skills", "nano-banana-pro"); + const skillDir = path.join(workspaceDir, "skills", "image-lab"); await writeSkill({ dir: skillDir, - name: "nano-banana-pro", + name: "image-lab", description: "Generates images", metadata: '{"openclaw":{"requires":{"env":["GEMINI_API_KEY"]},"primaryEnv":"GEMINI_API_KEY"}}', - body: "# Nano Banana\n", + body: "# Image Lab\n", }); withEnv({ GEMINI_API_KEY: undefined }, () => { const missingPrompt = buildPrompt(workspaceDir, { managedSkillsDir: path.join(workspaceDir, ".managed"), - config: { skills: { entries: { "nano-banana-pro": { apiKey: "" } } } }, + config: { skills: { entries: { "image-lab": { apiKey: "" } } } }, }); - expect(missingPrompt).not.toContain("nano-banana-pro"); + expect(missingPrompt).not.toContain("image-lab"); const enabledPrompt = buildPrompt(workspaceDir, { managedSkillsDir: path.join(workspaceDir, ".managed"), config: { - skills: { entries: { "nano-banana-pro": { apiKey: "test-key" } } }, // pragma: allowlist secret + skills: { entries: { "image-lab": { apiKey: "test-key" } } }, // pragma: allowlist secret }, }); - expect(enabledPrompt).toContain("nano-banana-pro"); + expect(enabledPrompt).toContain("image-lab"); }); }); it("applies skill filters, including empty lists", async () => { diff --git a/src/agents/skills/env-overrides.runtime.ts b/src/agents/skills/env-overrides.runtime.ts index ab8c4b305fb..6f5ebf3947a 100644 --- a/src/agents/skills/env-overrides.runtime.ts +++ b/src/agents/skills/env-overrides.runtime.ts @@ -1 +1,9 @@ -export { getActiveSkillEnvKeys } from "./env-overrides.js"; +import { getActiveSkillEnvKeys as getActiveSkillEnvKeysImpl } from "./env-overrides.js"; + +type GetActiveSkillEnvKeys = typeof import("./env-overrides.js").getActiveSkillEnvKeys; + +export function getActiveSkillEnvKeys( + ...args: Parameters +): ReturnType { + return getActiveSkillEnvKeysImpl(...args); +} diff --git a/src/agents/subagent-orphan-recovery.test.ts b/src/agents/subagent-orphan-recovery.test.ts index 66b8097154c..287d2c714f3 100644 --- a/src/agents/subagent-orphan-recovery.test.ts +++ b/src/agents/subagent-orphan-recovery.test.ts @@ -1,4 +1,9 @@ import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; +import * as sessions from "../config/sessions.js"; +import * as gateway from "../gateway/call.js"; +import * as sessionUtils from "../gateway/session-utils.fs.js"; +import { recoverOrphanedSubagentSessions } from "./subagent-orphan-recovery.js"; +import * as subagentRegistry from "./subagent-registry.js"; import type { SubagentRunRecord } from "./subagent-registry.types.js"; // Mock dependencies before importing the module under test @@ -51,10 +56,6 @@ describe("subagent-orphan-recovery", () => { }); it("recovers orphaned sessions with abortedLastRun=true", async () => { - const sessions = await import("../config/sessions.js"); - const gateway = await import("../gateway/call.js"); - const subagentRegistry = await import("./subagent-registry.js"); - const sessionEntry = { sessionId: "session-abc", updatedAt: Date.now(), @@ -69,8 +70,6 @@ describe("subagent-orphan-recovery", () => { const activeRuns = new Map(); activeRuns.set("run-1", run); - const { recoverOrphanedSubagentSessions } = await import("./subagent-orphan-recovery.js"); - const result = await recoverOrphanedSubagentSessions({ getActiveRuns: () => activeRuns, }); @@ -98,9 +97,6 @@ describe("subagent-orphan-recovery", () => { }); it("skips sessions that are not aborted", async () => { - const sessions = await import("../config/sessions.js"); - const gateway = await import("../gateway/call.js"); - vi.mocked(sessions.loadSessionStore).mockReturnValue({ "agent:main:subagent:test-session-1": { sessionId: "session-abc", @@ -112,8 +108,6 @@ describe("subagent-orphan-recovery", () => { const activeRuns = new Map(); activeRuns.set("run-1", createTestRunRecord()); - const { recoverOrphanedSubagentSessions } = await import("./subagent-orphan-recovery.js"); - const result = await recoverOrphanedSubagentSessions({ getActiveRuns: () => activeRuns, }); @@ -124,8 +118,6 @@ describe("subagent-orphan-recovery", () => { }); it("skips runs that have already ended", async () => { - const gateway = await import("../gateway/call.js"); - const activeRuns = new Map(); activeRuns.set( "run-1", @@ -134,8 +126,6 @@ describe("subagent-orphan-recovery", () => { }), ); - const { recoverOrphanedSubagentSessions } = await import("./subagent-orphan-recovery.js"); - const result = await recoverOrphanedSubagentSessions({ getActiveRuns: () => activeRuns, }); @@ -145,9 +135,6 @@ describe("subagent-orphan-recovery", () => { }); it("handles multiple orphaned sessions", async () => { - const sessions = await import("../config/sessions.js"); - const gateway = await import("../gateway/call.js"); - vi.mocked(sessions.loadSessionStore).mockReturnValue({ "agent:main:subagent:session-a": { sessionId: "id-a", @@ -192,8 +179,6 @@ describe("subagent-orphan-recovery", () => { }), ); - const { recoverOrphanedSubagentSessions } = await import("./subagent-orphan-recovery.js"); - const result = await recoverOrphanedSubagentSessions({ getActiveRuns: () => activeRuns, }); @@ -204,9 +189,6 @@ describe("subagent-orphan-recovery", () => { }); it("handles callGateway failure gracefully and preserves abortedLastRun flag", async () => { - const sessions = await import("../config/sessions.js"); - const gateway = await import("../gateway/call.js"); - vi.mocked(sessions.loadSessionStore).mockReturnValue({ "agent:main:subagent:test-session-1": { sessionId: "session-abc", @@ -220,8 +202,6 @@ describe("subagent-orphan-recovery", () => { const activeRuns = new Map(); activeRuns.set("run-1", createTestRunRecord()); - const { recoverOrphanedSubagentSessions } = await import("./subagent-orphan-recovery.js"); - const result = await recoverOrphanedSubagentSessions({ getActiveRuns: () => activeRuns, }); @@ -235,8 +215,6 @@ describe("subagent-orphan-recovery", () => { }); it("returns empty results when no active runs exist", async () => { - const { recoverOrphanedSubagentSessions } = await import("./subagent-orphan-recovery.js"); - const result = await recoverOrphanedSubagentSessions({ getActiveRuns: () => new Map(), }); @@ -247,17 +225,12 @@ describe("subagent-orphan-recovery", () => { }); it("skips sessions with missing session entry in store", async () => { - const sessions = await import("../config/sessions.js"); - const gateway = await import("../gateway/call.js"); - // Store has no matching entry vi.mocked(sessions.loadSessionStore).mockReturnValue({}); const activeRuns = new Map(); activeRuns.set("run-1", createTestRunRecord()); - const { recoverOrphanedSubagentSessions } = await import("./subagent-orphan-recovery.js"); - const result = await recoverOrphanedSubagentSessions({ getActiveRuns: () => activeRuns, }); @@ -268,9 +241,6 @@ describe("subagent-orphan-recovery", () => { }); it("clears abortedLastRun flag after successful resume", async () => { - const sessions = await import("../config/sessions.js"); - const gateway = await import("../gateway/call.js"); - // Ensure callGateway succeeds for this test vi.mocked(gateway.callGateway).mockResolvedValue({ runId: "resumed-run" } as never); @@ -285,8 +255,6 @@ describe("subagent-orphan-recovery", () => { const activeRuns = new Map(); activeRuns.set("run-1", createTestRunRecord()); - const { recoverOrphanedSubagentSessions } = await import("./subagent-orphan-recovery.js"); - await recoverOrphanedSubagentSessions({ getActiveRuns: () => activeRuns, }); @@ -309,9 +277,6 @@ describe("subagent-orphan-recovery", () => { }); it("truncates long task descriptions in resume message", async () => { - const sessions = await import("../config/sessions.js"); - const gateway = await import("../gateway/call.js"); - vi.mocked(sessions.loadSessionStore).mockReturnValue({ "agent:main:subagent:test-session-1": { sessionId: "session-abc", @@ -324,8 +289,6 @@ describe("subagent-orphan-recovery", () => { const activeRuns = new Map(); activeRuns.set("run-1", createTestRunRecord({ task: longTask })); - const { recoverOrphanedSubagentSessions } = await import("./subagent-orphan-recovery.js"); - await recoverOrphanedSubagentSessions({ getActiveRuns: () => activeRuns, }); @@ -340,10 +303,6 @@ describe("subagent-orphan-recovery", () => { }); it("includes last human message in resume when available", async () => { - const sessions = await import("../config/sessions.js"); - const gateway = await import("../gateway/call.js"); - const sessionUtils = await import("../gateway/session-utils.fs.js"); - vi.mocked(sessions.loadSessionStore).mockReturnValue({ "agent:main:subagent:test-session-1": { sessionId: "session-abc", @@ -363,7 +322,6 @@ describe("subagent-orphan-recovery", () => { const activeRuns = new Map(); activeRuns.set("run-1", createTestRunRecord()); - const { recoverOrphanedSubagentSessions } = await import("./subagent-orphan-recovery.js"); await recoverOrphanedSubagentSessions({ getActiveRuns: () => activeRuns }); const callArgs = vi.mocked(gateway.callGateway).mock.calls[0]; @@ -374,10 +332,6 @@ describe("subagent-orphan-recovery", () => { }); it("adds config change hint when assistant messages reference config modifications", async () => { - const sessions = await import("../config/sessions.js"); - const gateway = await import("../gateway/call.js"); - const sessionUtils = await import("../gateway/session-utils.fs.js"); - vi.mocked(sessions.loadSessionStore).mockReturnValue({ "agent:main:subagent:test-session-1": { sessionId: "session-abc", @@ -394,7 +348,6 @@ describe("subagent-orphan-recovery", () => { const activeRuns = new Map(); activeRuns.set("run-1", createTestRunRecord()); - const { recoverOrphanedSubagentSessions } = await import("./subagent-orphan-recovery.js"); await recoverOrphanedSubagentSessions({ getActiveRuns: () => activeRuns }); const callArgs = vi.mocked(gateway.callGateway).mock.calls[0]; @@ -404,9 +357,6 @@ describe("subagent-orphan-recovery", () => { }); it("prevents duplicate resume when updateSessionStore fails", async () => { - const sessions = await import("../config/sessions.js"); - const gateway = await import("../gateway/call.js"); - vi.mocked(gateway.callGateway).mockResolvedValue({ runId: "new-run" } as never); vi.mocked(sessions.updateSessionStore).mockRejectedValue(new Error("write failed")); @@ -427,7 +377,6 @@ describe("subagent-orphan-recovery", () => { }), ); - const { recoverOrphanedSubagentSessions } = await import("./subagent-orphan-recovery.js"); const result = await recoverOrphanedSubagentSessions({ getActiveRuns: () => activeRuns }); expect(result.recovered).toBe(1); diff --git a/src/agents/subagent-registry.context-engine.test.ts b/src/agents/subagent-registry.context-engine.test.ts index 59eea1bd4c7..bb9916b7cfd 100644 --- a/src/agents/subagent-registry.context-engine.test.ts +++ b/src/agents/subagent-registry.context-engine.test.ts @@ -79,6 +79,7 @@ describe("subagent-registry context-engine bootstrap", () => { expect(mocks.ensureRuntimePluginsLoaded).toHaveBeenCalledWith({ config: {}, workspaceDir: "/tmp/workspace", + allowGatewaySubagentBinding: true, }); }); expect(mocks.ensureContextEnginesInitialized).toHaveBeenCalledTimes(1); diff --git a/src/agents/subagent-registry.ts b/src/agents/subagent-registry.ts index c1cab60dd82..d36e20bf291 100644 --- a/src/agents/subagent-registry.ts +++ b/src/agents/subagent-registry.ts @@ -322,6 +322,7 @@ async function notifyContextEngineSubagentEnded(params: { ensureRuntimePluginsLoaded({ config: cfg, workspaceDir: params.workspaceDir, + allowGatewaySubagentBinding: true, }); ensureContextEnginesInitialized(); const engine = await resolveContextEngine(cfg); diff --git a/src/agents/system-prompt.test.ts b/src/agents/system-prompt.test.ts index 3877f6fed21..b20a9524941 100644 --- a/src/agents/system-prompt.test.ts +++ b/src/agents/system-prompt.test.ts @@ -534,16 +534,13 @@ describe("buildAgentSystemPrompt", () => { ); }); - it("renders bootstrap truncation warning even when no context files are injected", () => { + it("omits project context when no context files are injected", () => { const prompt = buildAgentSystemPrompt({ workspaceDir: "/tmp/openclaw", - bootstrapTruncationWarningLines: ["AGENTS.md: 200 raw -> 0 injected"], contextFiles: [], }); - expect(prompt).toContain("# Project Context"); - expect(prompt).toContain("⚠ Bootstrap truncation warning:"); - expect(prompt).toContain("- AGENTS.md: 200 raw -> 0 injected"); + expect(prompt).not.toContain("# Project Context"); }); it("summarizes the message tool when available", () => { diff --git a/src/agents/system-prompt.ts b/src/agents/system-prompt.ts index 848222b7880..3ee438db2d4 100644 --- a/src/agents/system-prompt.ts +++ b/src/agents/system-prompt.ts @@ -202,7 +202,6 @@ export function buildAgentSystemPrompt(params: { userTime?: string; userTimeFormat?: ResolvedTimeFormat; contextFiles?: EmbeddedContextFile[]; - bootstrapTruncationWarningLines?: string[]; skillsPrompt?: string; heartbeatPrompt?: string; docsPath?: string; @@ -269,6 +268,7 @@ export function buildAgentSystemPrompt(params: { session_status: "Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override", image: "Analyze an image with the configured image model", + image_generate: "Generate images with the configured image-generation model", }; const toolOrder = [ @@ -296,6 +296,7 @@ export function buildAgentSystemPrompt(params: { "subagents", "session_status", "image", + "image_generate", ]; const rawToolNames = (params.toolNames ?? []).map((tool) => tool.trim()); @@ -614,13 +615,10 @@ export function buildAgentSystemPrompt(params: { } const contextFiles = params.contextFiles ?? []; - const bootstrapTruncationWarningLines = (params.bootstrapTruncationWarningLines ?? []).filter( - (line) => line.trim().length > 0, - ); const validContextFiles = contextFiles.filter( (file) => typeof file.path === "string" && file.path.trim().length > 0, ); - if (validContextFiles.length > 0 || bootstrapTruncationWarningLines.length > 0) { + if (validContextFiles.length > 0) { lines.push("# Project Context", ""); if (validContextFiles.length > 0) { const hasSoulFile = validContextFiles.some((file) => { @@ -636,13 +634,6 @@ export function buildAgentSystemPrompt(params: { } lines.push(""); } - if (bootstrapTruncationWarningLines.length > 0) { - lines.push("⚠ Bootstrap truncation warning:"); - for (const warningLine of bootstrapTruncationWarningLines) { - lines.push(`- ${warningLine}`); - } - lines.push(""); - } for (const file of validContextFiles) { lines.push(`## ${file.path}`, "", file.content, ""); } diff --git a/src/agents/tool-catalog.test.ts b/src/agents/tool-catalog.test.ts index 120a744432c..2f7fa0fc5d6 100644 --- a/src/agents/tool-catalog.test.ts +++ b/src/agents/tool-catalog.test.ts @@ -7,5 +7,6 @@ describe("tool-catalog", () => { expect(policy).toBeDefined(); expect(policy!.allow).toContain("web_search"); expect(policy!.allow).toContain("web_fetch"); + expect(policy!.allow).toContain("image_generate"); }); }); diff --git a/src/agents/tool-catalog.ts b/src/agents/tool-catalog.ts index 445cdc5f10b..0d58c066928 100644 --- a/src/agents/tool-catalog.ts +++ b/src/agents/tool-catalog.ts @@ -233,6 +233,14 @@ const CORE_TOOL_DEFINITIONS: CoreToolDefinition[] = [ profiles: ["coding"], includeInOpenClawGroup: true, }, + { + id: "image_generate", + label: "image_generate", + description: "Image generation", + sectionId: "media", + profiles: ["coding"], + includeInOpenClawGroup: true, + }, { id: "tts", label: "tts", diff --git a/src/agents/tools/discord-actions-guild.ts b/src/agents/tools/discord-actions-guild.ts index 54386ad4267..fa427d87650 100644 --- a/src/agents/tools/discord-actions-guild.ts +++ b/src/agents/tools/discord-actions-guild.ts @@ -19,8 +19,8 @@ import { setChannelPermissionDiscord, uploadEmojiDiscord, uploadStickerDiscord, -} from "../../plugin-sdk-internal/discord.js"; -import { getPresence } from "../../plugin-sdk-internal/discord.js"; +} from "../../plugin-sdk/discord.js"; +import { getPresence } from "../../plugin-sdk/discord.js"; import { type ActionGate, jsonResult, diff --git a/src/agents/tools/discord-actions-messaging.ts b/src/agents/tools/discord-actions-messaging.ts index 8a7f93aacbb..bad969ede80 100644 --- a/src/agents/tools/discord-actions-messaging.ts +++ b/src/agents/tools/discord-actions-messaging.ts @@ -1,6 +1,7 @@ import type { AgentToolResult } from "@mariozechner/pi-agent-core"; import type { DiscordActionConfig } from "../../config/config.js"; import type { OpenClawConfig } from "../../config/config.js"; +import { readBooleanParam } from "../../plugin-sdk/boolean-param.js"; import { createThreadDiscord, deleteMessageDiscord, @@ -22,16 +23,9 @@ import { sendStickerDiscord, sendVoiceMessageDiscord, unpinMessageDiscord, -} from "../../plugin-sdk-internal/discord.js"; -import type { - DiscordSendComponents, - DiscordSendEmbeds, -} from "../../plugin-sdk-internal/discord.js"; -import { - readDiscordComponentSpec, - resolveDiscordChannelId, -} from "../../plugin-sdk-internal/discord.js"; -import { readBooleanParam } from "../../plugin-sdk/boolean-param.js"; +} from "../../plugin-sdk/discord.js"; +import type { DiscordSendComponents, DiscordSendEmbeds } from "../../plugin-sdk/discord.js"; +import { readDiscordComponentSpec, resolveDiscordChannelId } from "../../plugin-sdk/discord.js"; import { resolvePollMaxSelections } from "../../polls.js"; import { withNormalizedTimestamp } from "../date-time.js"; import { assertMediaNotDataUrl } from "../sandbox-paths.js"; @@ -188,8 +182,8 @@ export async function handleDiscordMessagingAction( } const channelId = resolveChannelId(); const permissions = accountId - ? await fetchChannelPermissionsDiscord(channelId, { accountId }) - : await fetchChannelPermissionsDiscord(channelId); + ? await fetchChannelPermissionsDiscord(channelId, { ...cfgOptions, accountId }) + : await fetchChannelPermissionsDiscord(channelId, cfgOptions); return jsonResult({ ok: true, permissions }); } case "fetchMessage": { @@ -212,8 +206,8 @@ export async function handleDiscordMessagingAction( ); } const message = accountId - ? await fetchMessageDiscord(channelId, messageId, { accountId }) - : await fetchMessageDiscord(channelId, messageId); + ? await fetchMessageDiscord(channelId, messageId, { ...cfgOptions, accountId }) + : await fetchMessageDiscord(channelId, messageId, cfgOptions); return jsonResult({ ok: true, message: normalizeMessage(message), @@ -234,8 +228,8 @@ export async function handleDiscordMessagingAction( around: readStringParam(params, "around"), }; const messages = accountId - ? await readMessagesDiscord(channelId, query, { accountId }) - : await readMessagesDiscord(channelId, query); + ? await readMessagesDiscord(channelId, query, { ...cfgOptions, accountId }) + : await readMessagesDiscord(channelId, query, cfgOptions); return jsonResult({ ok: true, messages: messages.map((message) => normalizeMessage(message)), @@ -344,8 +338,8 @@ export async function handleDiscordMessagingAction( required: true, }); const message = accountId - ? await editMessageDiscord(channelId, messageId, { content }, { accountId }) - : await editMessageDiscord(channelId, messageId, { content }); + ? await editMessageDiscord(channelId, messageId, { content }, { ...cfgOptions, accountId }) + : await editMessageDiscord(channelId, messageId, { content }, cfgOptions); return jsonResult({ ok: true, message }); } case "deleteMessage": { @@ -357,9 +351,9 @@ export async function handleDiscordMessagingAction( required: true, }); if (accountId) { - await deleteMessageDiscord(channelId, messageId, { accountId }); + await deleteMessageDiscord(channelId, messageId, { ...cfgOptions, accountId }); } else { - await deleteMessageDiscord(channelId, messageId); + await deleteMessageDiscord(channelId, messageId, cfgOptions); } return jsonResult({ ok: true }); } @@ -381,8 +375,8 @@ export async function handleDiscordMessagingAction( appliedTags: appliedTags ?? undefined, }; const thread = accountId - ? await createThreadDiscord(channelId, payload, { accountId }) - : await createThreadDiscord(channelId, payload); + ? await createThreadDiscord(channelId, payload, { ...cfgOptions, accountId }) + : await createThreadDiscord(channelId, payload, cfgOptions); return jsonResult({ ok: true, thread }); } case "threadList": { @@ -405,15 +399,18 @@ export async function handleDiscordMessagingAction( before, limit, }, - { accountId }, + { ...cfgOptions, accountId }, ) - : await listThreadsDiscord({ - guildId, - channelId, - includeArchived, - before, - limit, - }); + : await listThreadsDiscord( + { + guildId, + channelId, + includeArchived, + before, + limit, + }, + cfgOptions, + ); return jsonResult({ ok: true, threads }); } case "threadReply": { @@ -444,9 +441,9 @@ export async function handleDiscordMessagingAction( required: true, }); if (accountId) { - await pinMessageDiscord(channelId, messageId, { accountId }); + await pinMessageDiscord(channelId, messageId, { ...cfgOptions, accountId }); } else { - await pinMessageDiscord(channelId, messageId); + await pinMessageDiscord(channelId, messageId, cfgOptions); } return jsonResult({ ok: true }); } @@ -459,9 +456,9 @@ export async function handleDiscordMessagingAction( required: true, }); if (accountId) { - await unpinMessageDiscord(channelId, messageId, { accountId }); + await unpinMessageDiscord(channelId, messageId, { ...cfgOptions, accountId }); } else { - await unpinMessageDiscord(channelId, messageId); + await unpinMessageDiscord(channelId, messageId, cfgOptions); } return jsonResult({ ok: true }); } @@ -471,8 +468,8 @@ export async function handleDiscordMessagingAction( } const channelId = resolveChannelId(); const pins = accountId - ? await listPinsDiscord(channelId, { accountId }) - : await listPinsDiscord(channelId); + ? await listPinsDiscord(channelId, { ...cfgOptions, accountId }) + : await listPinsDiscord(channelId, cfgOptions); return jsonResult({ ok: true, pins: pins.map((pin) => normalizeMessage(pin)) }); } case "searchMessages": { @@ -501,15 +498,18 @@ export async function handleDiscordMessagingAction( authorIds: authorIdList.length ? authorIdList : undefined, limit, }, - { accountId }, + { ...cfgOptions, accountId }, ) - : await searchMessagesDiscord({ - guildId, - content, - channelIds: channelIdList.length ? channelIdList : undefined, - authorIds: authorIdList.length ? authorIdList : undefined, - limit, - }); + : await searchMessagesDiscord( + { + guildId, + content, + channelIds: channelIdList.length ? channelIdList : undefined, + authorIds: authorIdList.length ? authorIdList : undefined, + limit, + }, + cfgOptions, + ); if (!results || typeof results !== "object") { return jsonResult({ ok: true, results }); } diff --git a/src/agents/tools/discord-actions-moderation.ts b/src/agents/tools/discord-actions-moderation.ts index 63c3cc601bc..56d7a80d4c9 100644 --- a/src/agents/tools/discord-actions-moderation.ts +++ b/src/agents/tools/discord-actions-moderation.ts @@ -5,7 +5,7 @@ import { hasAnyGuildPermissionDiscord, kickMemberDiscord, timeoutMemberDiscord, -} from "../../plugin-sdk-internal/discord.js"; +} from "../../plugin-sdk/discord.js"; import { type ActionGate, jsonResult, readStringParam } from "./common.js"; import { isDiscordModerationAction, diff --git a/src/agents/tools/discord-actions-presence.ts b/src/agents/tools/discord-actions-presence.ts index fdfa53e2323..53c42829bb0 100644 --- a/src/agents/tools/discord-actions-presence.ts +++ b/src/agents/tools/discord-actions-presence.ts @@ -1,7 +1,7 @@ import type { Activity, UpdatePresenceData } from "@buape/carbon/gateway"; import type { AgentToolResult } from "@mariozechner/pi-agent-core"; import type { DiscordActionConfig } from "../../config/config.js"; -import { getGateway } from "../../plugin-sdk-internal/discord.js"; +import { getGateway } from "../../plugin-sdk/discord.js"; import { type ActionGate, jsonResult, readStringParam } from "./common.js"; const ACTIVITY_TYPE_MAP: Record = { diff --git a/src/agents/tools/discord-actions.test.ts b/src/agents/tools/discord-actions.test.ts index ab2d71caf23..c03cb2fdafa 100644 --- a/src/agents/tools/discord-actions.test.ts +++ b/src/agents/tools/discord-actions.test.ts @@ -211,6 +211,24 @@ describe("handleDiscordMessagingAction", () => { expect(payload.messages[0].timestampUtc).toBe(new Date(expectedMs).toISOString()); }); + it("threads provided cfg into readMessages calls", async () => { + const cfg = { + channels: { + discord: { + token: "token", + }, + }, + } as OpenClawConfig; + await handleDiscordMessagingAction( + "readMessages", + { channelId: "C1" }, + enableAllActions, + {}, + cfg, + ); + expect(readMessagesDiscord).toHaveBeenCalledWith("C1", expect.any(Object), { cfg }); + }); + it("adds normalized timestamps to fetchMessage payloads", async () => { fetchMessageDiscord.mockResolvedValueOnce({ id: "1", @@ -229,6 +247,24 @@ describe("handleDiscordMessagingAction", () => { expect(payload.message?.timestampUtc).toBe(new Date(expectedMs).toISOString()); }); + it("threads provided cfg into fetchMessage calls", async () => { + const cfg = { + channels: { + discord: { + token: "token", + }, + }, + } as OpenClawConfig; + await handleDiscordMessagingAction( + "fetchMessage", + { guildId: "G1", channelId: "C1", messageId: "M1" }, + enableAllActions, + {}, + cfg, + ); + expect(fetchMessageDiscord).toHaveBeenCalledWith("C1", "M1", { cfg }); + }); + it("adds normalized timestamps to listPins payloads", async () => { listPinsDiscord.mockResolvedValueOnce([{ id: "1", timestamp: "2026-01-15T12:00:00.000Z" }]); @@ -338,12 +374,17 @@ describe("handleDiscordMessagingAction", () => { }, enableAllActions, ); - expect(createThreadDiscord).toHaveBeenCalledWith("C1", { - name: "Forum thread", - messageId: undefined, - autoArchiveMinutes: undefined, - content: "Initial forum post body", - }); + expect(createThreadDiscord).toHaveBeenCalledWith( + "C1", + { + name: "Forum thread", + messageId: undefined, + autoArchiveMinutes: undefined, + content: "Initial forum post body", + appliedTags: undefined, + }, + {}, + ); }); }); diff --git a/src/agents/tools/discord-actions.ts b/src/agents/tools/discord-actions.ts index 0e380b8d383..b953e56cffd 100644 --- a/src/agents/tools/discord-actions.ts +++ b/src/agents/tools/discord-actions.ts @@ -1,6 +1,6 @@ import type { AgentToolResult } from "@mariozechner/pi-agent-core"; import type { OpenClawConfig } from "../../config/config.js"; -import { createDiscordActionGate } from "../../plugin-sdk-internal/discord.js"; +import { createDiscordActionGate } from "../../plugin-sdk/discord.js"; import { readStringParam } from "./common.js"; import { handleDiscordGuildAction } from "./discord-actions-guild.js"; import { handleDiscordMessagingAction } from "./discord-actions-messaging.js"; diff --git a/src/agents/tools/image-generate-tool.test.ts b/src/agents/tools/image-generate-tool.test.ts new file mode 100644 index 00000000000..86f5aaf07d9 --- /dev/null +++ b/src/agents/tools/image-generate-tool.test.ts @@ -0,0 +1,329 @@ +import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; +import * as imageGenerationRuntime from "../../image-generation/runtime.js"; +import * as imageOps from "../../media/image-ops.js"; +import * as mediaStore from "../../media/store.js"; +import * as webMedia from "../../plugin-sdk/web-media.js"; +import { + createImageGenerateTool, + resolveImageGenerationModelConfigForTool, +} from "./image-generate-tool.js"; + +function stubImageGenerationProviders() { + vi.spyOn(imageGenerationRuntime, "listRuntimeImageGenerationProviders").mockReturnValue([ + { + id: "google", + defaultModel: "gemini-3.1-flash-image-preview", + models: ["gemini-3.1-flash-image-preview", "gemini-3-pro-image-preview"], + supportedResolutions: ["1K", "2K", "4K"], + supportsImageEditing: true, + generateImage: vi.fn(async () => { + throw new Error("not used"); + }), + }, + { + id: "openai", + defaultModel: "gpt-image-1", + models: ["gpt-image-1"], + supportedSizes: ["1024x1024", "1024x1536", "1536x1024"], + supportsImageEditing: false, + generateImage: vi.fn(async () => { + throw new Error("not used"); + }), + }, + ]); +} + +describe("createImageGenerateTool", () => { + beforeEach(() => { + vi.stubEnv("OPENAI_API_KEY", ""); + vi.stubEnv("OPENAI_API_KEYS", ""); + vi.stubEnv("GEMINI_API_KEY", ""); + vi.stubEnv("GEMINI_API_KEYS", ""); + }); + + afterEach(() => { + vi.restoreAllMocks(); + vi.unstubAllEnvs(); + }); + + it("returns null when no image-generation model can be inferred", () => { + stubImageGenerationProviders(); + expect(createImageGenerateTool({ config: {} })).toBeNull(); + }); + + it("infers an OpenAI image-generation model from env-backed auth", () => { + stubImageGenerationProviders(); + vi.stubEnv("OPENAI_API_KEY", "openai-test"); + + expect(resolveImageGenerationModelConfigForTool({ cfg: {} })).toEqual({ + primary: "openai/gpt-image-1", + }); + expect(createImageGenerateTool({ config: {} })).not.toBeNull(); + }); + + it("prefers the primary model provider when multiple image providers have auth", () => { + stubImageGenerationProviders(); + vi.stubEnv("OPENAI_API_KEY", "openai-test"); + vi.stubEnv("GEMINI_API_KEY", "gemini-test"); + + expect( + resolveImageGenerationModelConfigForTool({ + cfg: { + agents: { + defaults: { + model: { + primary: "google/gemini-3.1-pro-preview", + }, + }, + }, + }, + }), + ).toEqual({ + primary: "google/gemini-3.1-flash-image-preview", + fallbacks: ["openai/gpt-image-1"], + }); + }); + + it("generates images and returns MEDIA paths", async () => { + const generateImage = vi.spyOn(imageGenerationRuntime, "generateImage").mockResolvedValue({ + provider: "openai", + model: "gpt-image-1", + attempts: [], + images: [ + { + buffer: Buffer.from("png-1"), + mimeType: "image/png", + fileName: "cat-one.png", + }, + { + buffer: Buffer.from("png-2"), + mimeType: "image/png", + fileName: "cat-two.png", + revisedPrompt: "A more cinematic cat", + }, + ], + }); + const saveMediaBuffer = vi.spyOn(mediaStore, "saveMediaBuffer"); + saveMediaBuffer.mockResolvedValueOnce({ + path: "/tmp/generated-1.png", + id: "generated-1.png", + size: 5, + contentType: "image/png", + }); + saveMediaBuffer.mockResolvedValueOnce({ + path: "/tmp/generated-2.png", + id: "generated-2.png", + size: 5, + contentType: "image/png", + }); + + const tool = createImageGenerateTool({ + config: { + agents: { + defaults: { + imageGenerationModel: { + primary: "openai/gpt-image-1", + }, + }, + }, + }, + agentDir: "/tmp/agent", + }); + + expect(tool).not.toBeNull(); + if (!tool) { + throw new Error("expected image_generate tool"); + } + + const result = await tool.execute("call-1", { + prompt: "A cat wearing sunglasses", + model: "openai/gpt-image-1", + count: 2, + size: "1024x1024", + }); + + expect(generateImage).toHaveBeenCalledWith( + expect.objectContaining({ + cfg: { + agents: { + defaults: { + imageGenerationModel: { + primary: "openai/gpt-image-1", + }, + }, + }, + }, + prompt: "A cat wearing sunglasses", + agentDir: "/tmp/agent", + modelOverride: "openai/gpt-image-1", + size: "1024x1024", + count: 2, + inputImages: [], + }), + ); + expect(saveMediaBuffer).toHaveBeenNthCalledWith( + 1, + Buffer.from("png-1"), + "image/png", + "tool-image-generation", + undefined, + "cat-one.png", + ); + expect(saveMediaBuffer).toHaveBeenNthCalledWith( + 2, + Buffer.from("png-2"), + "image/png", + "tool-image-generation", + undefined, + "cat-two.png", + ); + expect(result).toMatchObject({ + content: [ + { + type: "text", + text: expect.stringContaining("Generated 2 images with openai/gpt-image-1."), + }, + ], + details: { + provider: "openai", + model: "gpt-image-1", + count: 2, + paths: ["/tmp/generated-1.png", "/tmp/generated-2.png"], + revisedPrompts: ["A more cinematic cat"], + }, + }); + const text = (result.content?.[0] as { text: string } | undefined)?.text ?? ""; + expect(text).toContain("MEDIA:/tmp/generated-1.png"); + expect(text).toContain("MEDIA:/tmp/generated-2.png"); + }); + + it("rejects counts outside the supported range", async () => { + const tool = createImageGenerateTool({ + config: { + agents: { + defaults: { + imageGenerationModel: { + primary: "google/gemini-3.1-flash-image-preview", + }, + }, + }, + }, + }); + expect(tool).not.toBeNull(); + if (!tool) { + throw new Error("expected image_generate tool"); + } + + await expect(tool.execute("call-2", { prompt: "too many cats", count: 5 })).rejects.toThrow( + "count must be between 1 and 4", + ); + }); + + it("forwards reference images and inferred resolution for edit mode", async () => { + const generateImage = vi.spyOn(imageGenerationRuntime, "generateImage").mockResolvedValue({ + provider: "google", + model: "gemini-3-pro-image-preview", + attempts: [], + images: [ + { + buffer: Buffer.from("png-out"), + mimeType: "image/png", + fileName: "edited.png", + }, + ], + }); + vi.spyOn(webMedia, "loadWebMedia").mockResolvedValue({ + kind: "image", + buffer: Buffer.from("input-image"), + contentType: "image/png", + }); + vi.spyOn(imageOps, "getImageMetadata").mockResolvedValue({ + width: 3200, + height: 1800, + }); + vi.spyOn(mediaStore, "saveMediaBuffer").mockResolvedValue({ + path: "/tmp/edited.png", + id: "edited.png", + size: 7, + contentType: "image/png", + }); + + const tool = createImageGenerateTool({ + config: { + agents: { + defaults: { + imageGenerationModel: { + primary: "google/gemini-3-pro-image-preview", + }, + }, + }, + }, + workspaceDir: process.cwd(), + }); + + expect(tool).not.toBeNull(); + if (!tool) { + throw new Error("expected image_generate tool"); + } + + await tool.execute("call-edit", { + prompt: "Add a dramatic stormy sky but keep everything else identical.", + image: "./fixtures/reference.png", + }); + + expect(generateImage).toHaveBeenCalledWith( + expect.objectContaining({ + resolution: "4K", + inputImages: [ + expect.objectContaining({ + buffer: Buffer.from("input-image"), + mimeType: "image/png", + }), + ], + }), + ); + }); + + it("lists registered provider and model options", async () => { + stubImageGenerationProviders(); + + const tool = createImageGenerateTool({ + config: { + agents: { + defaults: { + imageGenerationModel: { + primary: "google/gemini-3.1-flash-image-preview", + }, + }, + }, + }, + }); + + expect(tool).not.toBeNull(); + if (!tool) { + throw new Error("expected image_generate tool"); + } + + const result = await tool.execute("call-list", { action: "list" }); + const text = (result.content?.[0] as { text: string } | undefined)?.text ?? ""; + + expect(text).toContain("google (default gemini-3.1-flash-image-preview)"); + expect(text).toContain("gemini-3.1-flash-image-preview"); + expect(text).toContain("gemini-3-pro-image-preview"); + expect(text).toContain("editing"); + expect(result).toMatchObject({ + details: { + providers: expect.arrayContaining([ + expect.objectContaining({ + id: "google", + defaultModel: "gemini-3.1-flash-image-preview", + models: expect.arrayContaining([ + "gemini-3.1-flash-image-preview", + "gemini-3-pro-image-preview", + ]), + }), + ]), + }, + }); + }); +}); diff --git a/src/agents/tools/image-generate-tool.ts b/src/agents/tools/image-generate-tool.ts new file mode 100644 index 00000000000..057b9013100 --- /dev/null +++ b/src/agents/tools/image-generate-tool.ts @@ -0,0 +1,478 @@ +import { Type } from "@sinclair/typebox"; +import type { OpenClawConfig } from "../../config/config.js"; +import { loadConfig } from "../../config/config.js"; +import { + generateImage, + listRuntimeImageGenerationProviders, +} from "../../image-generation/runtime.js"; +import type { + ImageGenerationResolution, + ImageGenerationSourceImage, +} from "../../image-generation/types.js"; +import { getImageMetadata } from "../../media/image-ops.js"; +import { saveMediaBuffer } from "../../media/store.js"; +import { loadWebMedia } from "../../plugin-sdk/web-media.js"; +import { resolveUserPath } from "../../utils.js"; +import { ToolInputError, readNumberParam, readStringParam } from "./common.js"; +import { decodeDataUrl } from "./image-tool.helpers.js"; +import { + applyImageGenerationModelConfigDefaults, + resolveMediaToolLocalRoots, +} from "./media-tool-shared.js"; +import { + buildToolModelConfigFromCandidates, + coerceToolModelConfig, + hasToolModelConfig, + resolveDefaultModelRef, + type ToolModelConfig, +} from "./model-config.helpers.js"; +import { + createSandboxBridgeReadFile, + resolveSandboxedBridgeMediaPath, + type AnyAgentTool, + type SandboxFsBridge, + type ToolFsPolicy, +} from "./tool-runtime.helpers.js"; + +const DEFAULT_COUNT = 1; +const MAX_COUNT = 4; +const MAX_INPUT_IMAGES = 4; +const DEFAULT_RESOLUTION: ImageGenerationResolution = "1K"; + +const ImageGenerateToolSchema = Type.Object({ + action: Type.Optional( + Type.String({ + description: + 'Optional action: "generate" (default) or "list" to inspect available providers/models.', + }), + ), + prompt: Type.Optional(Type.String({ description: "Image generation prompt." })), + image: Type.Optional( + Type.String({ + description: "Optional reference image path or URL for edit mode.", + }), + ), + images: Type.Optional( + Type.Array(Type.String(), { + description: `Optional reference images for edit mode (up to ${MAX_INPUT_IMAGES}).`, + }), + ), + model: Type.Optional( + Type.String({ description: "Optional provider/model override, e.g. openai/gpt-image-1." }), + ), + size: Type.Optional( + Type.String({ + description: + "Optional size hint like 1024x1024, 1536x1024, 1024x1536, 1024x1792, or 1792x1024.", + }), + ), + resolution: Type.Optional( + Type.String({ + description: + "Optional resolution hint: 1K, 2K, or 4K. Useful for Google edit/generation flows.", + }), + ), + count: Type.Optional( + Type.Number({ + description: `Optional number of images to request (1-${MAX_COUNT}).`, + minimum: 1, + maximum: MAX_COUNT, + }), + ), +}); + +function resolveImageGenerationModelCandidates( + cfg: OpenClawConfig | undefined, +): Array { + const providerDefaults = new Map(); + for (const provider of listRuntimeImageGenerationProviders({ config: cfg })) { + const providerId = provider.id.trim(); + const modelId = provider.defaultModel?.trim(); + if (!providerId || !modelId || providerDefaults.has(providerId)) { + continue; + } + providerDefaults.set(providerId, `${providerId}/${modelId}`); + } + + const orderedProviders = [ + resolveDefaultModelRef(cfg).provider, + "openai", + "google", + ...providerDefaults.keys(), + ]; + const orderedRefs: string[] = []; + const seen = new Set(); + for (const providerId of orderedProviders) { + const ref = providerDefaults.get(providerId); + if (!ref || seen.has(ref)) { + continue; + } + seen.add(ref); + orderedRefs.push(ref); + } + return orderedRefs; +} + +export function resolveImageGenerationModelConfigForTool(params: { + cfg?: OpenClawConfig; + agentDir?: string; +}): ToolModelConfig | null { + const explicit = coerceToolModelConfig(params.cfg?.agents?.defaults?.imageGenerationModel); + if (hasToolModelConfig(explicit)) { + return explicit; + } + return buildToolModelConfigFromCandidates({ + explicit, + agentDir: params.agentDir, + candidates: resolveImageGenerationModelCandidates(params.cfg), + }); +} + +function resolveAction(args: Record): "generate" | "list" { + const raw = readStringParam(args, "action"); + if (!raw) { + return "generate"; + } + const normalized = raw.trim().toLowerCase(); + if (normalized === "generate" || normalized === "list") { + return normalized; + } + throw new ToolInputError('action must be "generate" or "list"'); +} + +function resolveRequestedCount(args: Record): number { + const count = readNumberParam(args, "count", { integer: true }); + if (count === undefined) { + return DEFAULT_COUNT; + } + if (count < 1 || count > MAX_COUNT) { + throw new ToolInputError(`count must be between 1 and ${MAX_COUNT}`); + } + return count; +} + +function normalizeResolution(raw: string | undefined): ImageGenerationResolution | undefined { + const normalized = raw?.trim().toUpperCase(); + if (!normalized) { + return undefined; + } + if (normalized === "1K" || normalized === "2K" || normalized === "4K") { + return normalized; + } + throw new ToolInputError("resolution must be one of 1K, 2K, or 4K"); +} + +function normalizeReferenceImages(args: Record): string[] { + const imageCandidates: string[] = []; + if (typeof args.image === "string") { + imageCandidates.push(args.image); + } + if (Array.isArray(args.images)) { + imageCandidates.push( + ...args.images.filter((value): value is string => typeof value === "string"), + ); + } + + const seen = new Set(); + const normalized: string[] = []; + for (const candidate of imageCandidates) { + const trimmed = candidate.trim(); + const dedupe = trimmed.startsWith("@") ? trimmed.slice(1).trim() : trimmed; + if (!dedupe || seen.has(dedupe)) { + continue; + } + seen.add(dedupe); + normalized.push(trimmed); + } + if (normalized.length > MAX_INPUT_IMAGES) { + throw new ToolInputError( + `Too many reference images: ${normalized.length} provided, maximum is ${MAX_INPUT_IMAGES}.`, + ); + } + return normalized; +} + +type ImageGenerateSandboxConfig = { + root: string; + bridge: SandboxFsBridge; +}; + +async function loadReferenceImages(params: { + imageInputs: string[]; + maxBytes?: number; + localRoots: string[]; + sandboxConfig: { root: string; bridge: SandboxFsBridge; workspaceOnly: boolean } | null; +}): Promise< + Array<{ + sourceImage: ImageGenerationSourceImage; + resolvedImage: string; + rewrittenFrom?: string; + }> +> { + const loaded: Array<{ + sourceImage: ImageGenerationSourceImage; + resolvedImage: string; + rewrittenFrom?: string; + }> = []; + + for (const imageRawInput of params.imageInputs) { + const trimmed = imageRawInput.trim(); + const imageRaw = trimmed.startsWith("@") ? trimmed.slice(1).trim() : trimmed; + if (!imageRaw) { + throw new ToolInputError("image required (empty string in array)"); + } + const looksLikeWindowsDrivePath = /^[a-zA-Z]:[\\/]/.test(imageRaw); + const hasScheme = /^[a-z][a-z0-9+.-]*:/i.test(imageRaw); + const isFileUrl = /^file:/i.test(imageRaw); + const isHttpUrl = /^https?:\/\//i.test(imageRaw); + const isDataUrl = /^data:/i.test(imageRaw); + if (hasScheme && !looksLikeWindowsDrivePath && !isFileUrl && !isHttpUrl && !isDataUrl) { + throw new ToolInputError( + `Unsupported image reference: ${imageRawInput}. Use a file path, a file:// URL, a data: URL, or an http(s) URL.`, + ); + } + if (params.sandboxConfig && isHttpUrl) { + throw new ToolInputError("Sandboxed image_generate does not allow remote URLs."); + } + + const resolvedImage = (() => { + if (params.sandboxConfig) { + return imageRaw; + } + if (imageRaw.startsWith("~")) { + return resolveUserPath(imageRaw); + } + return imageRaw; + })(); + + const resolvedPathInfo: { resolved: string; rewrittenFrom?: string } = isDataUrl + ? { resolved: "" } + : params.sandboxConfig + ? await resolveSandboxedBridgeMediaPath({ + sandbox: params.sandboxConfig, + mediaPath: resolvedImage, + inboundFallbackDir: "media/inbound", + }) + : { + resolved: resolvedImage.startsWith("file://") + ? resolvedImage.slice("file://".length) + : resolvedImage, + }; + const resolvedPath = isDataUrl ? null : resolvedPathInfo.resolved; + + const media = isDataUrl + ? decodeDataUrl(resolvedImage) + : params.sandboxConfig + ? await loadWebMedia(resolvedPath ?? resolvedImage, { + maxBytes: params.maxBytes, + sandboxValidated: true, + readFile: createSandboxBridgeReadFile({ sandbox: params.sandboxConfig }), + }) + : await loadWebMedia(resolvedPath ?? resolvedImage, { + maxBytes: params.maxBytes, + localRoots: params.localRoots, + }); + if (media.kind !== "image") { + throw new ToolInputError(`Unsupported media type: ${media.kind}`); + } + + const mimeType = + ("contentType" in media && media.contentType) || + ("mimeType" in media && media.mimeType) || + "image/png"; + + loaded.push({ + sourceImage: { + buffer: media.buffer, + mimeType, + }, + resolvedImage, + ...(resolvedPathInfo.rewrittenFrom ? { rewrittenFrom: resolvedPathInfo.rewrittenFrom } : {}), + }); + } + + return loaded; +} + +async function inferResolutionFromInputImages( + images: ImageGenerationSourceImage[], +): Promise { + let maxDimension = 0; + for (const image of images) { + const meta = await getImageMetadata(image.buffer); + const dimension = Math.max(meta?.width ?? 0, meta?.height ?? 0); + maxDimension = Math.max(maxDimension, dimension); + } + if (maxDimension >= 3000) { + return "4K"; + } + if (maxDimension >= 1500) { + return "2K"; + } + return DEFAULT_RESOLUTION; +} + +export function createImageGenerateTool(options?: { + config?: OpenClawConfig; + agentDir?: string; + workspaceDir?: string; + sandbox?: ImageGenerateSandboxConfig; + fsPolicy?: ToolFsPolicy; +}): AnyAgentTool | null { + const cfg = options?.config ?? loadConfig(); + const imageGenerationModelConfig = resolveImageGenerationModelConfigForTool({ + cfg, + agentDir: options?.agentDir, + }); + if (!imageGenerationModelConfig) { + return null; + } + const effectiveCfg = + applyImageGenerationModelConfigDefaults(cfg, imageGenerationModelConfig) ?? cfg; + const localRoots = resolveMediaToolLocalRoots(options?.workspaceDir, { + workspaceOnly: options?.fsPolicy?.workspaceOnly === true, + }); + const sandboxConfig = + options?.sandbox && options.sandbox.root.trim() + ? { + root: options.sandbox.root.trim(), + bridge: options.sandbox.bridge, + workspaceOnly: options.fsPolicy?.workspaceOnly === true, + } + : null; + + return { + label: "Image Generation", + name: "image_generate", + description: + 'Generate new images or edit reference images with the configured or inferred image-generation model. Use action="list" to inspect available providers/models. Generated images are delivered automatically from the tool result as MEDIA paths.', + parameters: ImageGenerateToolSchema, + execute: async (_toolCallId, args) => { + const params = args as Record; + const action = resolveAction(params); + if (action === "list") { + const providers = listRuntimeImageGenerationProviders({ config: effectiveCfg }).map( + (provider) => ({ + id: provider.id, + ...(provider.label ? { label: provider.label } : {}), + ...(provider.defaultModel ? { defaultModel: provider.defaultModel } : {}), + models: provider.models ?? (provider.defaultModel ? [provider.defaultModel] : []), + ...(provider.supportedSizes ? { supportedSizes: [...provider.supportedSizes] } : {}), + ...(provider.supportedResolutions + ? { supportedResolutions: [...provider.supportedResolutions] } + : {}), + ...(typeof provider.supportsImageEditing === "boolean" + ? { supportsImageEditing: provider.supportsImageEditing } + : {}), + }), + ); + const lines = providers.flatMap((provider) => { + const caps: string[] = []; + if (provider.supportsImageEditing) { + caps.push("editing"); + } + if ((provider.supportedResolutions?.length ?? 0) > 0) { + caps.push(`resolutions ${provider.supportedResolutions?.join("/")}`); + } + if ((provider.supportedSizes?.length ?? 0) > 0) { + caps.push(`sizes ${provider.supportedSizes?.join(", ")}`); + } + const modelLine = + provider.models.length > 0 + ? `models: ${provider.models.join(", ")}` + : "models: unknown"; + return [ + `${provider.id}${provider.defaultModel ? ` (default ${provider.defaultModel})` : ""}`, + ` ${modelLine}`, + ...(caps.length > 0 ? [` capabilities: ${caps.join("; ")}`] : []), + ]; + }); + return { + content: [{ type: "text", text: lines.join("\n") }], + details: { providers }, + }; + } + + const prompt = readStringParam(params, "prompt", { required: true }); + const imageInputs = normalizeReferenceImages(params); + const model = readStringParam(params, "model"); + const size = readStringParam(params, "size"); + const explicitResolution = normalizeResolution(readStringParam(params, "resolution")); + const count = resolveRequestedCount(params); + const loadedReferenceImages = await loadReferenceImages({ + imageInputs, + localRoots, + sandboxConfig, + }); + const inputImages = loadedReferenceImages.map((entry) => entry.sourceImage); + const resolution = + explicitResolution ?? + (size + ? undefined + : inputImages.length > 0 + ? await inferResolutionFromInputImages(inputImages) + : undefined); + + const result = await generateImage({ + cfg: effectiveCfg, + prompt, + agentDir: options?.agentDir, + modelOverride: model, + size, + resolution, + count, + inputImages, + }); + + const savedImages = await Promise.all( + result.images.map((image) => + saveMediaBuffer( + image.buffer, + image.mimeType, + "tool-image-generation", + undefined, + image.fileName, + ), + ), + ); + + const revisedPrompts = result.images + .map((image) => image.revisedPrompt?.trim()) + .filter((entry): entry is string => Boolean(entry)); + const lines = [ + `Generated ${savedImages.length} image${savedImages.length === 1 ? "" : "s"} with ${result.provider}/${result.model}.`, + ...savedImages.map((image) => `MEDIA:${image.path}`), + ]; + + return { + content: [{ type: "text", text: lines.join("\n") }], + details: { + provider: result.provider, + model: result.model, + count: savedImages.length, + paths: savedImages.map((image) => image.path), + ...(imageInputs.length === 1 + ? { + image: loadedReferenceImages[0]?.resolvedImage, + ...(loadedReferenceImages[0]?.rewrittenFrom + ? { rewrittenFrom: loadedReferenceImages[0].rewrittenFrom } + : {}), + } + : imageInputs.length > 1 + ? { + images: loadedReferenceImages.map((entry) => ({ + image: entry.resolvedImage, + ...(entry.rewrittenFrom ? { rewrittenFrom: entry.rewrittenFrom } : {}), + })), + } + : {}), + ...(resolution ? { resolution } : {}), + ...(size ? { size } : {}), + attempts: result.attempts, + metadata: result.metadata, + ...(revisedPrompts.length > 0 ? { revisedPrompts } : {}), + }, + }; + }, + }; +} diff --git a/src/agents/tools/image-tool.helpers.ts b/src/agents/tools/image-tool.helpers.ts index a1581cb2b94..f0e088b4092 100644 --- a/src/agents/tools/image-tool.helpers.ts +++ b/src/agents/tools/image-tool.helpers.ts @@ -1,12 +1,9 @@ import type { AssistantMessage } from "@mariozechner/pi-ai"; import type { OpenClawConfig } from "../../config/config.js"; -import { - resolveAgentModelFallbackValues, - resolveAgentModelPrimaryValue, -} from "../../config/model-input.js"; import { extractAssistantText } from "../pi-embedded-utils.js"; +import { coerceToolModelConfig, type ToolModelConfig } from "./model-config.helpers.js"; -export type ImageModelConfig = { primary?: string; fallbacks?: string[] }; +export type ImageModelConfig = ToolModelConfig; export function decodeDataUrl(dataUrl: string): { buffer: Buffer; @@ -55,12 +52,7 @@ export function coerceImageAssistantText(params: { } export function coerceImageModelConfig(cfg?: OpenClawConfig): ImageModelConfig { - const primary = resolveAgentModelPrimaryValue(cfg?.agents?.defaults?.imageModel); - const fallbacks = resolveAgentModelFallbackValues(cfg?.agents?.defaults?.imageModel); - return { - ...(primary?.trim() ? { primary: primary.trim() } : {}), - ...(fallbacks.length > 0 ? { fallbacks } : {}), - }; + return coerceToolModelConfig(cfg?.agents?.defaults?.imageModel); } export function resolveProviderVisionModelFromConfig(params: { diff --git a/src/agents/tools/image-tool.test.ts b/src/agents/tools/image-tool.test.ts index bcec7f32de7..c58a7f9aa1a 100644 --- a/src/agents/tools/image-tool.test.ts +++ b/src/agents/tools/image-tool.test.ts @@ -32,6 +32,7 @@ async function withTempAgentDir(run: (agentDir: string) => Promise): Promi const ONE_PIXEL_PNG_B64 = "iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8/woAAn8B9FD5fHAAAAAASUVORK5CYII="; const ONE_PIXEL_GIF_B64 = "R0lGODlhAQABAIABAP///wAAACwAAAAAAQABAAACAkQBADs="; +const ONE_PIXEL_JPEG_B64 = "QUJDRA=="; async function withTempWorkspacePng( cb: (args: { workspaceDir: string; imagePath: string }) => Promise, @@ -736,10 +737,10 @@ describe("image tool MiniMax VLM routing", () => { const res = await tool.execute("t1", { prompt: "Compare these images.", - images: [`data:image/png;base64,${pngB64}`, `data:image/gif;base64,${ONE_PIXEL_GIF_B64}`], + images: [`data:image/png;base64,${pngB64}`, `data:image/jpeg;base64,${ONE_PIXEL_JPEG_B64}`], }); - expect(fetch).toHaveBeenCalledTimes(1); + expect(fetch).toHaveBeenCalledTimes(2); const details = res.details as | { images?: Array<{ image: string }>; @@ -756,12 +757,12 @@ describe("image tool MiniMax VLM routing", () => { image: `data:image/png;base64,${pngB64}`, images: [ `data:image/png;base64,${pngB64}`, - `data:image/gif;base64,${ONE_PIXEL_GIF_B64}`, - `data:image/gif;base64,${ONE_PIXEL_GIF_B64}`, + `data:image/jpeg;base64,${ONE_PIXEL_JPEG_B64}`, + `data:image/jpeg;base64,${ONE_PIXEL_JPEG_B64}`, ], }); - expect(fetch).toHaveBeenCalledTimes(1); + expect(fetch).toHaveBeenCalledTimes(2); const dedupedDetails = deduped.details as | { images?: Array<{ image: string }>; @@ -776,7 +777,7 @@ describe("image tool MiniMax VLM routing", () => { maxImages: 1, }); - expect(fetch).toHaveBeenCalledTimes(1); + expect(fetch).toHaveBeenCalledTimes(2); expect(tooMany.details).toMatchObject({ error: "too_many_images", count: 2, diff --git a/src/agents/tools/image-tool.ts b/src/agents/tools/image-tool.ts index 402ee0b3eda..39f755fdffd 100644 --- a/src/agents/tools/image-tool.ts +++ b/src/agents/tools/image-tool.ts @@ -1,9 +1,10 @@ -import { type Context, complete } from "@mariozechner/pi-ai"; import { Type } from "@sinclair/typebox"; import type { OpenClawConfig } from "../../config/config.js"; +import { getMediaUnderstandingProvider } from "../../media-understanding/providers/index.js"; +import { buildProviderRegistry } from "../../media-understanding/runner.js"; import { loadWebMedia } from "../../plugin-sdk/web-media.js"; import { resolveUserPath } from "../../utils.js"; -import { isMinimaxVlmModel, isMinimaxVlmProvider, minimaxUnderstandImage } from "../minimax-vlm.js"; +import { isMinimaxVlmProvider } from "../minimax-vlm.js"; import { coerceImageAssistantText, coerceImageModelConfig, @@ -14,17 +15,16 @@ import { import { applyImageModelConfigDefaults, buildTextToolResult, - resolveModelFromRegistry, resolveMediaToolLocalRoots, - resolveModelRuntimeApiKey, resolvePromptAndModelOverride, } from "./media-tool-shared.js"; -import { hasAuthForProvider, resolveDefaultModelRef } from "./model-config.helpers.js"; +import { + buildToolModelConfigFromCandidates, + hasToolModelConfig, + resolveDefaultModelRef, +} from "./model-config.helpers.js"; import { createSandboxBridgeReadFile, - discoverAuthStorage, - discoverModels, - ensureOpenClawModelsJson, resolveSandboxedBridgeMediaPath, runWithImageModelFallback, type AnyAgentTool, @@ -72,89 +72,40 @@ export function resolveImageModelConfigForTool(params: { // because images are auto-injected into prompts (see attempt.ts detectAndLoadPromptImages). // The tool description is adjusted via modelHasVision to discourage redundant usage. const explicit = coerceImageModelConfig(params.cfg); - if (explicit.primary?.trim() || (explicit.fallbacks?.length ?? 0) > 0) { + if (hasToolModelConfig(explicit)) { return explicit; } const primary = resolveDefaultModelRef(params.cfg); - const openaiOk = hasAuthForProvider({ - provider: "openai", - agentDir: params.agentDir, - }); - const anthropicOk = hasAuthForProvider({ - provider: "anthropic", - agentDir: params.agentDir, - }); - - const fallbacks: string[] = []; - const addFallback = (modelRef: string | null) => { - const ref = (modelRef ?? "").trim(); - if (!ref) { - return; - } - if (fallbacks.includes(ref)) { - return; - } - fallbacks.push(ref); - }; const providerVisionFromConfig = resolveProviderVisionModelFromConfig({ cfg: params.cfg, provider: primary.provider, }); - const providerOk = hasAuthForProvider({ - provider: primary.provider, + const primaryCandidates = (() => { + if (isMinimaxVlmProvider(primary.provider)) { + return [`${primary.provider}/MiniMax-VL-01`]; + } + if (providerVisionFromConfig) { + return [providerVisionFromConfig]; + } + if (primary.provider === "zai") { + return ["zai/glm-4.6v"]; + } + if (primary.provider === "openai") { + return ["openai/gpt-5-mini"]; + } + if (primary.provider === "anthropic") { + return [ANTHROPIC_IMAGE_PRIMARY]; + } + return []; + })(); + + return buildToolModelConfigFromCandidates({ + explicit, agentDir: params.agentDir, + candidates: [...primaryCandidates, "openai/gpt-5-mini", ANTHROPIC_IMAGE_FALLBACK], }); - - let preferred: string | null = null; - - // MiniMax users: always try the canonical vision model first when auth exists. - if (isMinimaxVlmProvider(primary.provider) && providerOk) { - preferred = `${primary.provider}/MiniMax-VL-01`; - } else if (providerOk && providerVisionFromConfig) { - preferred = providerVisionFromConfig; - } else if (primary.provider === "zai" && providerOk) { - preferred = "zai/glm-4.6v"; - } else if (primary.provider === "openai" && openaiOk) { - preferred = "openai/gpt-5-mini"; - } else if (primary.provider === "anthropic" && anthropicOk) { - preferred = ANTHROPIC_IMAGE_PRIMARY; - } - - if (preferred?.trim()) { - if (openaiOk) { - addFallback("openai/gpt-5-mini"); - } - if (anthropicOk) { - addFallback(ANTHROPIC_IMAGE_FALLBACK); - } - // Don't duplicate primary in fallbacks. - const pruned = fallbacks.filter((ref) => ref !== preferred); - return { - primary: preferred, - ...(pruned.length > 0 ? { fallbacks: pruned } : {}), - }; - } - - // Cross-provider fallback when we can't pair with the primary provider. - if (openaiOk) { - if (anthropicOk) { - addFallback(ANTHROPIC_IMAGE_FALLBACK); - } - return { - primary: "openai/gpt-5-mini", - ...(fallbacks.length ? { fallbacks } : {}), - }; - } - if (anthropicOk) { - return { - primary: ANTHROPIC_IMAGE_PRIMARY, - fallbacks: [ANTHROPIC_IMAGE_FALLBACK], - }; - } - - return null; } function pickMaxBytes(cfg?: OpenClawConfig, maxBytesMb?: number): number | undefined { @@ -168,27 +119,6 @@ function pickMaxBytes(cfg?: OpenClawConfig, maxBytesMb?: number): number | undef return undefined; } -function buildImageContext( - prompt: string, - images: Array<{ base64: string; mimeType: string }>, -): Context { - const content: Array< - { type: "text"; text: string } | { type: "image"; data: string; mimeType: string } - > = [{ type: "text", text: prompt }]; - for (const img of images) { - content.push({ type: "image", data: img.base64, mimeType: img.mimeType }); - } - return { - messages: [ - { - role: "user", - content, - timestamp: Date.now(), - }, - ], - }; -} - type ImageSandboxConfig = { root: string; bridge: SandboxFsBridge; @@ -200,7 +130,7 @@ async function runImagePrompt(params: { imageModelConfig: ImageModelConfig; modelOverride?: string; prompt: string; - images: Array<{ base64: string; mimeType: string }>; + images: Array<{ buffer: Buffer; mimeType: string }>; }): Promise<{ text: string; provider: string; @@ -208,50 +138,75 @@ async function runImagePrompt(params: { attempts: Array<{ provider: string; model: string; error: string }>; }> { const effectiveCfg = applyImageModelConfigDefaults(params.cfg, params.imageModelConfig); - - await ensureOpenClawModelsJson(effectiveCfg, params.agentDir); - const authStorage = discoverAuthStorage(params.agentDir); - const modelRegistry = discoverModels(authStorage, params.agentDir); + const providerCfg: OpenClawConfig = effectiveCfg ?? {}; + const providerRegistry = buildProviderRegistry(undefined, providerCfg); const result = await runWithImageModelFallback({ cfg: effectiveCfg, modelOverride: params.modelOverride, run: async (provider, modelId) => { - const model = resolveModelFromRegistry({ modelRegistry, provider, modelId }); - if (!model.input?.includes("image")) { - throw new Error(`Model does not support images: ${provider}/${modelId}`); + const imageProvider = getMediaUnderstandingProvider(provider, providerRegistry); + if (!imageProvider) { + throw new Error(`No media-understanding provider registered for ${provider}`); } - const apiKey = await resolveModelRuntimeApiKey({ - model, - cfg: effectiveCfg, - agentDir: params.agentDir, - authStorage, - }); - - // MiniMax VLM only supports a single image; use the first one. - if (isMinimaxVlmModel(model.provider, model.id)) { - const first = params.images[0]; - const imageDataUrl = `data:${first.mimeType};base64,${first.base64}`; - const text = await minimaxUnderstandImage({ - apiKey, + if (params.images.length > 1 && imageProvider.describeImages) { + const described = await imageProvider.describeImages({ + images: params.images.map((image, index) => ({ + buffer: image.buffer, + fileName: `image-${index + 1}`, + mime: image.mimeType, + })), + provider, + model: modelId, prompt: params.prompt, - imageDataUrl, - modelBaseUrl: model.baseUrl, + maxTokens: resolveImageToolMaxTokens(undefined), + timeoutMs: 30_000, + cfg: providerCfg, + agentDir: params.agentDir, }); - return { text, provider: model.provider, model: model.id }; + return { text: described.text, provider, model: described.model ?? modelId }; + } + if (!imageProvider.describeImage) { + throw new Error(`Provider does not support image analysis: ${provider}`); + } + if (params.images.length === 1) { + const image = params.images[0]; + const described = await imageProvider.describeImage({ + buffer: image.buffer, + fileName: "image-1", + mime: image.mimeType, + provider, + model: modelId, + prompt: params.prompt, + maxTokens: resolveImageToolMaxTokens(undefined), + timeoutMs: 30_000, + cfg: providerCfg, + agentDir: params.agentDir, + }); + return { text: described.text, provider, model: described.model ?? modelId }; } - const context = buildImageContext(params.prompt, params.images); - const message = await complete(model, context, { - apiKey, - maxTokens: resolveImageToolMaxTokens(model.maxTokens), - }); - const text = coerceImageAssistantText({ - message, - provider: model.provider, - model: model.id, - }); - return { text, provider: model.provider, model: model.id }; + const parts: string[] = []; + for (const [index, image] of params.images.entries()) { + const described = await imageProvider.describeImage({ + buffer: image.buffer, + fileName: `image-${index + 1}`, + mime: image.mimeType, + provider, + model: modelId, + prompt: `${params.prompt}\n\nDescribe image ${index + 1} of ${params.images.length}.`, + maxTokens: resolveImageToolMaxTokens(undefined), + timeoutMs: 30_000, + cfg: providerCfg, + agentDir: params.agentDir, + }); + parts.push(`Image ${index + 1}:\n${described.text.trim()}`); + } + return { + text: parts.join("\n\n").trim(), + provider, + model: modelId, + }; }, }); @@ -279,7 +234,7 @@ export function createImageTool(options?: { const agentDir = options?.agentDir?.trim(); if (!agentDir) { const explicit = coerceImageModelConfig(options?.config); - if (explicit.primary?.trim() || (explicit.fallbacks?.length ?? 0) > 0) { + if (hasToolModelConfig(explicit)) { throw new Error("createImageTool requires agentDir when enabled"); } return null; @@ -383,7 +338,7 @@ export function createImageTool(options?: { // MARK: - Load and resolve each image const loadedImages: Array<{ - base64: string; + buffer: Buffer; mimeType: string; resolvedImage: string; rewrittenFrom?: string; @@ -469,9 +424,8 @@ export function createImageTool(options?: { ("contentType" in media && media.contentType) || ("mimeType" in media && media.mimeType) || "image/png"; - const base64 = media.buffer.toString("base64"); loadedImages.push({ - base64, + buffer: media.buffer, mimeType, resolvedImage, ...(resolvedPathInfo.rewrittenFrom @@ -487,7 +441,7 @@ export function createImageTool(options?: { imageModelConfig, modelOverride, prompt: promptRaw, - images: loadedImages.map((img) => ({ base64: img.base64, mimeType: img.mimeType })), + images: loadedImages.map((img) => ({ buffer: img.buffer, mimeType: img.mimeType })), }); const imageDetails = diff --git a/src/agents/tools/media-tool-shared.ts b/src/agents/tools/media-tool-shared.ts index 56f4a92ca97..9326935b72f 100644 --- a/src/agents/tools/media-tool-shared.ts +++ b/src/agents/tools/media-tool-shared.ts @@ -2,6 +2,7 @@ import { type Api, type Model } from "@mariozechner/pi-ai"; import type { OpenClawConfig } from "../../config/config.js"; import { getDefaultLocalRoots } from "../../plugin-sdk/web-media.js"; import type { ImageModelConfig } from "./image-tool.helpers.js"; +import type { ToolModelConfig } from "./model-config.helpers.js"; import { getApiKeyForModel, normalizeWorkspaceDir, requireApiKey } from "./tool-runtime.helpers.js"; type TextToolAttempt = { @@ -20,6 +21,21 @@ type TextToolResult = { export function applyImageModelConfigDefaults( cfg: OpenClawConfig | undefined, imageModelConfig: ImageModelConfig, +): OpenClawConfig | undefined { + return applyAgentDefaultModelConfig(cfg, "imageModel", imageModelConfig); +} + +export function applyImageGenerationModelConfigDefaults( + cfg: OpenClawConfig | undefined, + imageGenerationModelConfig: ToolModelConfig, +): OpenClawConfig | undefined { + return applyAgentDefaultModelConfig(cfg, "imageGenerationModel", imageGenerationModelConfig); +} + +function applyAgentDefaultModelConfig( + cfg: OpenClawConfig | undefined, + key: "imageModel" | "imageGenerationModel", + modelConfig: ToolModelConfig, ): OpenClawConfig | undefined { if (!cfg) { return undefined; @@ -30,7 +46,7 @@ export function applyImageModelConfigDefaults( ...cfg.agents, defaults: { ...cfg.agents?.defaults, - imageModel: imageModelConfig, + [key]: modelConfig, }, }, }; diff --git a/src/agents/tools/message-tool.test.ts b/src/agents/tools/message-tool.test.ts index a148494c8de..88062eacaa7 100644 --- a/src/agents/tools/message-tool.test.ts +++ b/src/agents/tools/message-tool.test.ts @@ -1,4 +1,4 @@ -import { afterEach, describe, expect, it, vi } from "vitest"; +import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; import type { ChannelMessageCapability } from "../../channels/plugins/message-capabilities.js"; import type { ChannelMessageActionName, ChannelPlugin } from "../../channels/plugins/types.js"; import type { MessageActionRunResult } from "../../infra/outbound/message-action-runner.js"; @@ -8,6 +8,11 @@ import { createMessageTool } from "./message-tool.js"; const mocks = vi.hoisted(() => ({ runMessageAction: vi.fn(), + loadConfig: vi.fn(() => ({})), + resolveCommandSecretRefsViaGateway: vi.fn(async ({ config }: { config: unknown }) => ({ + resolvedConfig: config, + diagnostics: [], + })), })); vi.mock("../../infra/outbound/message-action-runner.js", async () => { @@ -20,6 +25,18 @@ vi.mock("../../infra/outbound/message-action-runner.js", async () => { }; }); +vi.mock("../../config/config.js", async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + loadConfig: mocks.loadConfig, + }; +}); + +vi.mock("../../cli/command-secret-gateway.js", () => ({ + resolveCommandSecretRefsViaGateway: mocks.resolveCommandSecretRefsViaGateway, +})); + function mockSendResult(overrides: { channel?: string; to?: string } = {}) { mocks.runMessageAction.mockClear(); mocks.runMessageAction.mockResolvedValue({ @@ -41,6 +58,15 @@ function getActionEnum(properties: Record) { return (properties.action as { enum?: string[] } | undefined)?.enum ?? []; } +beforeEach(() => { + mocks.runMessageAction.mockReset(); + mocks.loadConfig.mockReset().mockReturnValue({}); + mocks.resolveCommandSecretRefsViaGateway.mockReset().mockImplementation(async ({ config }) => ({ + resolvedConfig: config, + diagnostics: [], + })); +}); + function createChannelPlugin(params: { id: string; label: string; @@ -101,6 +127,49 @@ async function executeSend(params: { | undefined; } +describe("message tool secret scoping", () => { + it("scopes command-time secret resolution to the selected channel/account", async () => { + mockSendResult({ channel: "discord", to: "discord:123" }); + mocks.loadConfig.mockReturnValue({ + channels: { + discord: { + token: { source: "env", provider: "default", id: "DISCORD_TOKEN" }, + accounts: { + ops: { token: { source: "env", provider: "default", id: "DISCORD_OPS_TOKEN" } }, + chat: { token: { source: "env", provider: "default", id: "DISCORD_CHAT_TOKEN" } }, + }, + }, + slack: { + botToken: { source: "env", provider: "default", id: "SLACK_BOT_TOKEN" }, + }, + }, + }); + + const tool = createMessageTool({ + currentChannelProvider: "discord", + agentAccountId: "ops", + }); + + await tool.execute("1", { + action: "send", + target: "channel:123", + message: "hi", + }); + + const secretResolveCall = mocks.resolveCommandSecretRefsViaGateway.mock.calls[0]?.[0] as { + targetIds?: Set; + allowedPaths?: Set; + }; + expect(secretResolveCall.targetIds).toBeInstanceOf(Set); + expect( + [...(secretResolveCall.targetIds ?? [])].every((id) => id.startsWith("channels.discord.")), + ).toBe(true); + expect(secretResolveCall.allowedPaths).toEqual( + new Set(["channels.discord.token", "channels.discord.accounts.ops.token"]), + ); + }); +}); + describe("message tool agent routing", () => { it("derives agentId from the session key", async () => { mockSendResult(); diff --git a/src/agents/tools/message-tool.ts b/src/agents/tools/message-tool.ts index 0e6c846e75d..1dcaf04e1f0 100644 --- a/src/agents/tools/message-tool.ts +++ b/src/agents/tools/message-tool.ts @@ -12,7 +12,8 @@ import { type ChannelMessageActionName, } from "../../channels/plugins/types.js"; import { resolveCommandSecretRefsViaGateway } from "../../cli/command-secret-gateway.js"; -import { getChannelsCommandSecretTargetIds } from "../../cli/command-secret-targets.js"; +import { getScopedChannelsCommandSecretTargets } from "../../cli/command-secret-targets.js"; +import { resolveMessageSecretScope } from "../../cli/message-secret-scope.js"; import type { OpenClawConfig } from "../../config/config.js"; import { loadConfig } from "../../config/config.js"; import { GATEWAY_CLIENT_IDS, GATEWAY_CLIENT_MODES } from "../../gateway/protocol/client-info.js"; @@ -820,19 +821,35 @@ export function createMessageTool(options?: MessageToolOptions): AnyAgentTool { } } - const cfg = options?.config - ? options.config - : ( - await resolveCommandSecretRefsViaGateway({ - config: loadConfig(), - commandName: "tools.message", - targetIds: getChannelsCommandSecretTargetIds(), - mode: "enforce_resolved", - }) - ).resolvedConfig; const action = readStringParam(params, "action", { required: true, }) as ChannelMessageActionName; + let cfg = options?.config; + if (!cfg) { + const loadedRaw = loadConfig(); + const scope = resolveMessageSecretScope({ + channel: params.channel, + target: params.target, + targets: params.targets, + fallbackChannel: options?.currentChannelProvider, + accountId: params.accountId, + fallbackAccountId: agentAccountId, + }); + const scopedTargets = getScopedChannelsCommandSecretTargets({ + config: loadedRaw, + channel: scope.channel, + accountId: scope.accountId, + }); + cfg = ( + await resolveCommandSecretRefsViaGateway({ + config: loadedRaw, + commandName: "tools.message", + targetIds: scopedTargets.targetIds, + ...(scopedTargets.allowedPaths ? { allowedPaths: scopedTargets.allowedPaths } : {}), + mode: "enforce_resolved", + }) + ).resolvedConfig; + } const requireExplicitTarget = options?.requireExplicitTarget === true; if (requireExplicitTarget && actionNeedsExplicitTarget(action)) { const explicitTarget = diff --git a/src/agents/tools/model-config.helpers.ts b/src/agents/tools/model-config.helpers.ts index 6f002238d88..3d6700c90f7 100644 --- a/src/agents/tools/model-config.helpers.ts +++ b/src/agents/tools/model-config.helpers.ts @@ -1,9 +1,22 @@ import type { OpenClawConfig } from "../../config/config.js"; +import { + resolveAgentModelFallbackValues, + resolveAgentModelPrimaryValue, +} from "../../config/model-input.js"; +import type { AgentModelConfig } from "../../config/types.agents-shared.js"; import { ensureAuthProfileStore, listProfilesForProvider } from "../auth-profiles.js"; import { DEFAULT_MODEL, DEFAULT_PROVIDER } from "../defaults.js"; import { resolveEnvApiKey } from "../model-auth.js"; import { resolveConfiguredModelRef } from "../model-selection.js"; +export type ToolModelConfig = { primary?: string; fallbacks?: string[] }; + +export function hasToolModelConfig(model: ToolModelConfig | undefined): boolean { + return Boolean( + model?.primary?.trim() || (model?.fallbacks ?? []).some((entry) => entry.trim().length > 0), + ); +} + export function resolveDefaultModelRef(cfg?: OpenClawConfig): { provider: string; model: string } { if (cfg) { const resolved = resolveConfiguredModelRef({ @@ -16,12 +29,59 @@ export function resolveDefaultModelRef(cfg?: OpenClawConfig): { provider: string return { provider: DEFAULT_PROVIDER, model: DEFAULT_MODEL }; } -export function hasAuthForProvider(params: { provider: string; agentDir: string }): boolean { +export function hasAuthForProvider(params: { provider: string; agentDir?: string }): boolean { if (resolveEnvApiKey(params.provider)?.apiKey) { return true; } - const store = ensureAuthProfileStore(params.agentDir, { + const agentDir = params.agentDir?.trim(); + if (!agentDir) { + return false; + } + const store = ensureAuthProfileStore(agentDir, { allowKeychainPrompt: false, }); return listProfilesForProvider(store, params.provider).length > 0; } + +export function coerceToolModelConfig(model?: AgentModelConfig): ToolModelConfig { + const primary = resolveAgentModelPrimaryValue(model); + const fallbacks = resolveAgentModelFallbackValues(model); + return { + ...(primary?.trim() ? { primary: primary.trim() } : {}), + ...(fallbacks.length > 0 ? { fallbacks } : {}), + }; +} + +export function buildToolModelConfigFromCandidates(params: { + explicit: ToolModelConfig; + agentDir?: string; + candidates: Array; +}): ToolModelConfig | null { + if (hasToolModelConfig(params.explicit)) { + return params.explicit; + } + + const deduped: string[] = []; + for (const candidate of params.candidates) { + const trimmed = candidate?.trim(); + if (!trimmed || !trimmed.includes("/")) { + continue; + } + const provider = trimmed.slice(0, trimmed.indexOf("/")).trim(); + if (!provider || !hasAuthForProvider({ provider, agentDir: params.agentDir })) { + continue; + } + if (!deduped.includes(trimmed)) { + deduped.push(trimmed); + } + } + + if (deduped.length === 0) { + return null; + } + + return { + primary: deduped[0], + ...(deduped.length > 1 ? { fallbacks: deduped.slice(1) } : {}), + }; +} diff --git a/src/agents/tools/pdf-tool.test.ts b/src/agents/tools/pdf-tool.test.ts index a9c9539d61d..2ff557b3dca 100644 --- a/src/agents/tools/pdf-tool.test.ts +++ b/src/agents/tools/pdf-tool.test.ts @@ -10,15 +10,24 @@ import { providerSupportsNativePdf, resolvePdfToolMaxTokens, } from "./pdf-tool.helpers.js"; -import { createPdfTool, resolvePdfModelConfigForTool } from "./pdf-tool.js"; -vi.mock("@mariozechner/pi-ai", async (importOriginal) => { - const actual = await importOriginal(); - return { - ...actual, - complete: vi.fn(), - }; -}); +const completeMock = vi.hoisted(() => vi.fn()); + +type PdfToolModule = typeof import("./pdf-tool.js"); +let createPdfTool: PdfToolModule["createPdfTool"]; +let resolvePdfModelConfigForTool: PdfToolModule["resolvePdfModelConfigForTool"]; + +async function importPdfToolModule(): Promise { + vi.resetModules(); + vi.doMock("@mariozechner/pi-ai", async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + complete: completeMock, + }; + }); + return import("./pdf-tool.js"); +} async function withTempAgentDir(run: (agentDir: string) => Promise): Promise { const agentDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-pdf-")); @@ -242,8 +251,10 @@ describe("providerSupportsNativePdf", () => { describe("resolvePdfModelConfigForTool", () => { const priorFetch = global.fetch; - beforeEach(() => { + beforeEach(async () => { resetAuthEnv(); + completeMock.mockReset(); + ({ resolvePdfModelConfigForTool } = await importPdfToolModule()); }); afterEach(() => { @@ -321,8 +332,10 @@ describe("resolvePdfModelConfigForTool", () => { describe("createPdfTool", () => { const priorFetch = global.fetch; - beforeEach(() => { + beforeEach(async () => { resetAuthEnv(); + completeMock.mockReset(); + ({ createPdfTool } = await importPdfToolModule()); }); afterEach(() => { @@ -484,8 +497,7 @@ describe("createPdfTool", () => { images: [], }); - const piAi = await import("@mariozechner/pi-ai"); - vi.mocked(piAi.complete).mockResolvedValue({ + completeMock.mockResolvedValue({ role: "assistant", stopReason: "stop", content: [{ type: "text", text: "fallback summary" }], diff --git a/src/agents/tools/slack-actions.ts b/src/agents/tools/slack-actions.ts index c7fc16ed8b1..11283394ec8 100644 --- a/src/agents/tools/slack-actions.ts +++ b/src/agents/tools/slack-actions.ts @@ -1,5 +1,6 @@ import type { AgentToolResult } from "@mariozechner/pi-agent-core"; import type { OpenClawConfig } from "../../config/config.js"; +import { resolveSlackAccount } from "../../plugin-sdk/account-resolution.js"; import { deleteSlackMessage, downloadSlackFile, @@ -15,14 +16,13 @@ import { removeSlackReaction, sendSlackMessage, unpinSlackMessage, -} from "../../plugin-sdk-internal/slack.js"; +} from "../../plugin-sdk/slack.js"; import { parseSlackBlocksInput, parseSlackTarget, recordSlackThreadParticipation, - resolveSlackAccount, resolveSlackChannelId, -} from "../../plugin-sdk-internal/slack.js"; +} from "../../plugin-sdk/slack.js"; import { withNormalizedTimestamp } from "../date-time.js"; import { createActionGate, diff --git a/src/agents/tools/telegram-actions.ts b/src/agents/tools/telegram-actions.ts index 9f2d48831c3..d648b1e5f41 100644 --- a/src/agents/tools/telegram-actions.ts +++ b/src/agents/tools/telegram-actions.ts @@ -1,17 +1,15 @@ import type { AgentToolResult } from "@mariozechner/pi-agent-core"; import type { OpenClawConfig } from "../../config/config.js"; +import { readBooleanParam } from "../../plugin-sdk/boolean-param.js"; import { createTelegramActionGate, resolveTelegramPollActionGateState, -} from "../../plugin-sdk-internal/telegram.js"; -import type { - TelegramButtonStyle, - TelegramInlineButtons, -} from "../../plugin-sdk-internal/telegram.js"; +} from "../../plugin-sdk/telegram.js"; +import type { TelegramButtonStyle, TelegramInlineButtons } from "../../plugin-sdk/telegram.js"; import { resolveTelegramInlineButtonsScope, resolveTelegramTargetChatType, -} from "../../plugin-sdk-internal/telegram.js"; +} from "../../plugin-sdk/telegram.js"; import { createForumTopicTelegram, deleteMessageTelegram, @@ -21,14 +19,13 @@ import { sendMessageTelegram, sendPollTelegram, sendStickerTelegram, -} from "../../plugin-sdk-internal/telegram.js"; +} from "../../plugin-sdk/telegram.js"; import { getCacheStats, resolveTelegramReactionLevel, resolveTelegramToken, searchStickers, -} from "../../plugin-sdk-internal/telegram.js"; -import { readBooleanParam } from "../../plugin-sdk/boolean-param.js"; +} from "../../plugin-sdk/telegram.js"; import { resolvePollMaxSelections } from "../../polls.js"; import { jsonResult, diff --git a/src/agents/tools/web-search.ts b/src/agents/tools/web-search.ts index 869da014d45..62993704377 100644 --- a/src/agents/tools/web-search.ts +++ b/src/agents/tools/web-search.ts @@ -1,148 +1,29 @@ import type { OpenClawConfig } from "../../config/config.js"; -import { normalizeResolvedSecretInputString } from "../../config/types.secrets.js"; -import { logVerbose } from "../../globals.js"; -import { resolvePluginWebSearchProviders } from "../../plugins/web-search-providers.js"; import type { RuntimeWebSearchMetadata } from "../../secrets/runtime-web-tools.types.js"; -import { normalizeSecretInput } from "../../utils/normalize-secret-input.js"; +import { __testing as runtimeTesting } from "../../web-search/runtime.js"; import type { AnyAgentTool } from "./common.js"; -import { jsonResult } from "./common.js"; -import { __testing as coreTesting } from "./web-search-core.js"; - -type WebSearchConfig = NonNullable["web"] extends infer Web - ? Web extends { search?: infer Search } - ? Search - : undefined - : undefined; - -function resolveSearchConfig(cfg?: OpenClawConfig): WebSearchConfig { - const search = cfg?.tools?.web?.search; - if (!search || typeof search !== "object") { - return undefined; - } - return search as WebSearchConfig; -} - -function resolveSearchEnabled(params: { search?: WebSearchConfig; sandboxed?: boolean }): boolean { - if (typeof params.search?.enabled === "boolean") { - return params.search.enabled; - } - if (params.sandboxed) { - return true; - } - return true; -} - -function readProviderEnvValue(envVars: string[]): string | undefined { - for (const envVar of envVars) { - const value = normalizeSecretInput(process.env[envVar]); - if (value) { - return value; - } - } - return undefined; -} - -function hasProviderCredential(providerId: string, search: WebSearchConfig | undefined): boolean { - const providers = resolvePluginWebSearchProviders({ - bundledAllowlistCompat: true, - }); - const provider = providers.find((entry) => entry.id === providerId); - if (!provider) { - return false; - } - const rawValue = provider.getCredentialValue(search as Record | undefined); - const fromConfig = normalizeSecretInput( - normalizeResolvedSecretInputString({ - value: rawValue, - path: - providerId === "brave" - ? "tools.web.search.apiKey" - : `tools.web.search.${providerId}.apiKey`, - }), - ); - return Boolean(fromConfig || readProviderEnvValue(provider.envVars)); -} - -function resolveSearchProvider(search?: WebSearchConfig): string { - const providers = resolvePluginWebSearchProviders({ - bundledAllowlistCompat: true, - }); - const raw = - search && "provider" in search && typeof search.provider === "string" - ? search.provider.trim().toLowerCase() - : ""; - - if (raw) { - const explicit = providers.find((provider) => provider.id === raw); - if (explicit) { - return explicit.id; - } - } - - if (!raw) { - for (const provider of providers) { - if (!hasProviderCredential(provider.id, search)) { - continue; - } - logVerbose( - `web_search: no provider configured, auto-detected "${provider.id}" from available API keys`, - ); - return provider.id; - } - } - - return providers[0]?.id ?? "brave"; -} +import { + __testing as coreTesting, + createWebSearchTool as createWebSearchToolCore, +} from "./web-search-core.js"; export function createWebSearchTool(options?: { config?: OpenClawConfig; sandboxed?: boolean; runtimeWebSearch?: RuntimeWebSearchMetadata; }): AnyAgentTool | null { - const search = resolveSearchConfig(options?.config); - if (!resolveSearchEnabled({ search, sandboxed: options?.sandboxed })) { - return null; - } - - const providers = resolvePluginWebSearchProviders({ - config: options?.config, - bundledAllowlistCompat: true, - }); - if (providers.length === 0) { - return null; - } - - const providerId = - options?.runtimeWebSearch?.selectedProvider ?? - options?.runtimeWebSearch?.providerConfigured ?? - resolveSearchProvider(search); - const provider = - providers.find((entry) => entry.id === providerId) ?? - providers.find((entry) => entry.id === resolveSearchProvider(search)) ?? - providers[0]; - if (!provider) { - return null; - } - - const definition = provider.createTool({ - config: options?.config, - searchConfig: search as Record | undefined, - runtimeMetadata: options?.runtimeWebSearch, - }); - if (!definition) { - return null; - } - - return { - label: "Web Search", - name: "web_search", - description: definition.description, - parameters: definition.parameters, - execute: async (_toolCallId, args) => jsonResult(await definition.execute(args)), - }; + return createWebSearchToolCore(options); } export const __testing = { ...coreTesting, - resolveSearchProvider, + resolveSearchProvider: ( + search?: OpenClawConfig["tools"] extends infer Tools + ? Tools extends { web?: infer Web } + ? Web extends { search?: infer Search } + ? Search + : undefined + : undefined + : undefined, + ) => runtimeTesting.resolveWebSearchProviderId({ search }), }; diff --git a/src/agents/tools/web-tools.enabled-defaults.test.ts b/src/agents/tools/web-tools.enabled-defaults.test.ts index c416804fa11..d06f65e0deb 100644 --- a/src/agents/tools/web-tools.enabled-defaults.test.ts +++ b/src/agents/tools/web-tools.enabled-defaults.test.ts @@ -325,9 +325,16 @@ describe("web_search provider proxy dispatch", () => { describe("web_search perplexity Search API", () => { const priorFetch = global.fetch; + const savedEnv = { ...process.env }; + + beforeEach(() => { + delete process.env.PERPLEXITY_API_KEY; + delete process.env.OPENROUTER_API_KEY; + }); afterEach(() => { vi.unstubAllEnvs(); + process.env = { ...savedEnv }; global.fetch = priorFetch; webSearchTesting.SEARCH_CACHE.clear(); }); @@ -462,9 +469,16 @@ describe("web_search perplexity Search API", () => { describe("web_search perplexity OpenRouter compatibility", () => { const priorFetch = global.fetch; + const savedEnv = { ...process.env }; + + beforeEach(() => { + delete process.env.PERPLEXITY_API_KEY; + delete process.env.OPENROUTER_API_KEY; + }); afterEach(() => { vi.unstubAllEnvs(); + process.env = { ...savedEnv }; global.fetch = priorFetch; webSearchTesting.SEARCH_CACHE.clear(); }); diff --git a/src/agents/tools/whatsapp-actions.ts b/src/agents/tools/whatsapp-actions.ts index 30f36331d18..a84dc0a3d5b 100644 --- a/src/agents/tools/whatsapp-actions.ts +++ b/src/agents/tools/whatsapp-actions.ts @@ -1,6 +1,6 @@ import type { AgentToolResult } from "@mariozechner/pi-agent-core"; import type { OpenClawConfig } from "../../config/config.js"; -import { sendReactionWhatsApp } from "../../plugin-sdk-internal/whatsapp.js"; +import { sendReactionWhatsApp } from "../../plugin-sdk/whatsapp.js"; import { createActionGate, jsonResult, readReactionParams, readStringParam } from "./common.js"; import { resolveAuthorizedWhatsAppOutboundTarget } from "./whatsapp-target-auth.js"; diff --git a/src/agents/tools/whatsapp-target-auth.ts b/src/agents/tools/whatsapp-target-auth.ts index 76e7e15d084..edc0052fbab 100644 --- a/src/agents/tools/whatsapp-target-auth.ts +++ b/src/agents/tools/whatsapp-target-auth.ts @@ -1,5 +1,5 @@ import type { OpenClawConfig } from "../../config/config.js"; -import { resolveWhatsAppAccount } from "../../plugin-sdk-internal/whatsapp.js"; +import { resolveWhatsAppAccount } from "../../plugin-sdk/whatsapp.js"; import { resolveWhatsAppOutboundTarget } from "../../whatsapp/resolve-outbound-target.js"; import { ToolAuthorizationError } from "./common.js"; diff --git a/src/agents/transcript-policy.test.ts b/src/agents/transcript-policy.test.ts index 3534bfad92b..7409e7a4b12 100644 --- a/src/agents/transcript-policy.test.ts +++ b/src/agents/transcript-policy.test.ts @@ -114,16 +114,16 @@ describe("resolveTranscriptPolicy", () => { preserveSignatures: false, }, { - title: "kimi-coding provider", - provider: "kimi-coding", - modelId: "k2p5", + title: "Kimi provider", + provider: "kimi", + modelId: "kimi-code", modelApi: "anthropic-messages" as const, preserveSignatures: false, }, { title: "kimi-code alias", provider: "kimi-code", - modelId: "k2p5", + modelId: "kimi-code", modelApi: "anthropic-messages" as const, preserveSignatures: false, }, diff --git a/src/auto-reply/commands-args.ts b/src/auto-reply/commands-args.ts index ab49b9ea68a..d8cfe73e98f 100644 --- a/src/auto-reply/commands-args.ts +++ b/src/auto-reply/commands-args.ts @@ -51,6 +51,32 @@ const formatConfigArgs: CommandArgsFormatter = (values) => }, }); +const formatMcpArgs: CommandArgsFormatter = (values) => + formatActionArgs(values, { + formatKnownAction: (action, path) => { + if (action === "show" || action === "get") { + return path ? `${action} ${path}` : action; + } + return undefined; + }, + }); + +const formatPluginsArgs: CommandArgsFormatter = (values) => + formatActionArgs(values, { + formatKnownAction: (action, path) => { + if (action === "list") { + return "list"; + } + if (action === "show" || action === "get") { + return path ? `${action} ${path}` : action; + } + if (action === "enable" || action === "disable") { + return path ? `${action} ${path}` : action; + } + return undefined; + }, + }); + const formatDebugArgs: CommandArgsFormatter = (values) => formatActionArgs(values, { formatKnownAction: (action) => { @@ -124,6 +150,8 @@ const formatExecArgs: CommandArgsFormatter = (values) => { export const COMMAND_ARG_FORMATTERS: Record = { config: formatConfigArgs, + mcp: formatMcpArgs, + plugins: formatPluginsArgs, debug: formatDebugArgs, queue: formatQueueArgs, exec: formatExecArgs, diff --git a/src/auto-reply/commands-registry.data.ts b/src/auto-reply/commands-registry.data.ts index 58064473543..0e0c44d7515 100644 --- a/src/auto-reply/commands-registry.data.ts +++ b/src/auto-reply/commands-registry.data.ts @@ -452,6 +452,56 @@ function buildChatCommands(): ChatCommandDefinition[] { argsParsing: "none", formatArgs: COMMAND_ARG_FORMATTERS.config, }), + defineChatCommand({ + key: "mcp", + nativeName: "mcp", + description: "Show or set OpenClaw MCP servers.", + textAlias: "/mcp", + category: "management", + args: [ + { + name: "action", + description: "show | get | set | unset", + type: "string", + choices: ["show", "get", "set", "unset"], + }, + { + name: "path", + description: "MCP server name", + type: "string", + }, + { + name: "value", + description: "JSON config for set", + type: "string", + captureRemaining: true, + }, + ], + argsParsing: "none", + formatArgs: COMMAND_ARG_FORMATTERS.mcp, + }), + defineChatCommand({ + key: "plugins", + nativeName: "plugins", + description: "List, show, enable, or disable plugins.", + textAliases: ["/plugins", "/plugin"], + category: "management", + args: [ + { + name: "action", + description: "list | show | get | enable | disable", + type: "string", + choices: ["list", "show", "get", "enable", "disable"], + }, + { + name: "path", + description: "Plugin id or name", + type: "string", + }, + ], + argsParsing: "none", + formatArgs: COMMAND_ARG_FORMATTERS.plugins, + }), defineChatCommand({ key: "debug", nativeName: "debug", diff --git a/src/auto-reply/commands-registry.test.ts b/src/auto-reply/commands-registry.test.ts index 326211560ee..e7533ecb1b6 100644 --- a/src/auto-reply/commands-registry.test.ts +++ b/src/auto-reply/commands-registry.test.ts @@ -45,27 +45,31 @@ describe("commands registry", () => { it("filters commands based on config flags", () => { const disabled = listChatCommandsForConfig({ - commands: { config: false, debug: false }, + commands: { config: false, plugins: false, debug: false }, }); expect(disabled.find((spec) => spec.key === "config")).toBeFalsy(); + expect(disabled.find((spec) => spec.key === "plugins")).toBeFalsy(); expect(disabled.find((spec) => spec.key === "debug")).toBeFalsy(); const enabled = listChatCommandsForConfig({ - commands: { config: true, debug: true }, + commands: { config: true, plugins: true, debug: true }, }); expect(enabled.find((spec) => spec.key === "config")).toBeTruthy(); + expect(enabled.find((spec) => spec.key === "plugins")).toBeTruthy(); expect(enabled.find((spec) => spec.key === "debug")).toBeTruthy(); const nativeDisabled = listNativeCommandSpecsForConfig({ - commands: { config: false, debug: false, native: true }, + commands: { config: false, plugins: false, debug: false, native: true }, }); expect(nativeDisabled.find((spec) => spec.name === "config")).toBeFalsy(); + expect(nativeDisabled.find((spec) => spec.name === "plugins")).toBeFalsy(); expect(nativeDisabled.find((spec) => spec.name === "debug")).toBeFalsy(); }); it("does not enable restricted commands from inherited flags", () => { const inheritedCommands = Object.create({ config: true, + plugins: true, debug: true, bash: true, }) as Record; @@ -73,6 +77,7 @@ describe("commands registry", () => { commands: inheritedCommands as never, }); expect(commands.find((spec) => spec.key === "config")).toBeFalsy(); + expect(commands.find((spec) => spec.key === "plugins")).toBeFalsy(); expect(commands.find((spec) => spec.key === "debug")).toBeFalsy(); expect(commands.find((spec) => spec.key === "bash")).toBeFalsy(); }); @@ -87,14 +92,14 @@ describe("commands registry", () => { ]; const commands = listChatCommandsForConfig( { - commands: { config: false, debug: false }, + commands: { config: false, plugins: false, debug: false }, }, { skillCommands }, ); expect(commands.find((spec) => spec.nativeName === "demo_skill")).toBeTruthy(); const native = listNativeCommandSpecsForConfig( - { commands: { config: false, debug: false, native: true } }, + { commands: { config: false, plugins: false, debug: false, native: true } }, { skillCommands }, ); expect(native.find((spec) => spec.name === "demo_skill")).toBeTruthy(); diff --git a/src/auto-reply/commands-registry.ts b/src/auto-reply/commands-registry.ts index 93f8872e37b..f271c3bb582 100644 --- a/src/auto-reply/commands-registry.ts +++ b/src/auto-reply/commands-registry.ts @@ -99,6 +99,12 @@ export function isCommandEnabled(cfg: OpenClawConfig, commandKey: string): boole if (commandKey === "config") { return isCommandFlagEnabled(cfg, "config"); } + if (commandKey === "mcp") { + return isCommandFlagEnabled(cfg, "mcp"); + } + if (commandKey === "plugins") { + return isCommandFlagEnabled(cfg, "plugins"); + } if (commandKey === "debug") { return isCommandFlagEnabled(cfg, "debug"); } diff --git a/src/auto-reply/reply.triggers.trigger-handling.test-harness.ts b/src/auto-reply/reply.triggers.trigger-handling.test-harness.ts index 9e0390bc887..9a831dde795 100644 --- a/src/auto-reply/reply.triggers.trigger-handling.test-harness.ts +++ b/src/auto-reply/reply.triggers.trigger-handling.test-harness.ts @@ -101,7 +101,7 @@ export function getWebSessionMocks(): AnyMocks { return webSessionMocks; } -vi.mock("../../extensions/whatsapp/src/session.js", () => webSessionMocks); +vi.mock("../../extensions/whatsapp/runtime-api.js", () => webSessionMocks); export const MAIN_SESSION_KEY = "agent:main:main"; diff --git a/src/auto-reply/reply/acp-reset-target.ts b/src/auto-reply/reply/acp-reset-target.ts index cf8952cdc4a..b77d0f320cc 100644 --- a/src/auto-reply/reply/acp-reset-target.ts +++ b/src/auto-reply/reply/acp-reset-target.ts @@ -1,4 +1,4 @@ -import { resolveConfiguredAcpBindingRecord } from "../../acp/persistent-bindings.js"; +import { resolveConfiguredBindingRecord } from "../../channels/plugins/binding-registry.js"; import type { OpenClawConfig } from "../../config/config.js"; import { getSessionBindingService } from "../../infra/outbound/session-binding-service.js"; import { DEFAULT_ACCOUNT_ID, isAcpSessionKey } from "../../routing/session-key.js"; @@ -51,7 +51,7 @@ export function resolveEffectiveResetTargetSessionKey(params: { return undefined; } - const configuredBinding = resolveConfiguredAcpBindingRecord({ + const configuredBinding = resolveConfiguredBindingRecord({ cfg: params.cfg, channel, accountId, diff --git a/src/auto-reply/reply/agent-runner-execution.ts b/src/auto-reply/reply/agent-runner-execution.ts index c1e5ed90e4e..02215a98d58 100644 --- a/src/auto-reply/reply/agent-runner-execution.ts +++ b/src/auto-reply/reply/agent-runner-execution.ts @@ -326,6 +326,7 @@ export async function runAgentTurnWithFallback(params: { try { const result = await runEmbeddedPiAgent({ ...embeddedContext, + allowGatewaySubagentBinding: true, trigger: params.isHeartbeat ? "heartbeat" : "user", groupId: resolveGroupSessionKey(params.sessionCtx)?.id, groupChannel: diff --git a/src/auto-reply/reply/agent-runner-memory.ts b/src/auto-reply/reply/agent-runner-memory.ts index d52c6d05761..267326a7e20 100644 --- a/src/auto-reply/reply/agent-runner-memory.ts +++ b/src/auto-reply/reply/agent-runner-memory.ts @@ -494,6 +494,7 @@ export async function runMemoryFlushIfNeeded(params: { ...embeddedContext, ...senderContext, ...runBaseParams, + allowGatewaySubagentBinding: true, trigger: "memory", memoryFlushWritePath, prompt: resolveMemoryFlushPromptForRun({ diff --git a/src/auto-reply/reply/commands-approve.ts b/src/auto-reply/reply/commands-approve.ts index 5f259c1b45a..630ea988c05 100644 --- a/src/auto-reply/reply/commands-approve.ts +++ b/src/auto-reply/reply/commands-approve.ts @@ -3,7 +3,7 @@ import { logVerbose } from "../../globals.js"; import { isTelegramExecApprovalApprover, isTelegramExecApprovalClientEnabled, -} from "../../plugin-sdk-internal/telegram.js"; +} from "../../plugin-sdk/telegram.js"; import { GATEWAY_CLIENT_MODES, GATEWAY_CLIENT_NAMES } from "../../utils/message-channel.js"; import { requireGatewayClientScopeForInternalChannel } from "./command-gates.js"; import type { CommandHandler } from "./commands-types.js"; diff --git a/src/auto-reply/reply/commands-compact.ts b/src/auto-reply/reply/commands-compact.ts index 1533bb24393..9c3c9f28c29 100644 --- a/src/auto-reply/reply/commands-compact.ts +++ b/src/auto-reply/reply/commands-compact.ts @@ -78,6 +78,7 @@ export const handleCompactCommand: CommandHandler = async (params) => { const result = await compactEmbeddedPiSession({ sessionId, sessionKey: params.sessionKey, + allowGatewaySubagentBinding: true, messageChannel: params.command.channel, groupId: params.sessionEntry.groupId, groupChannel: params.sessionEntry.groupChannel, diff --git a/src/auto-reply/reply/commands-core.ts b/src/auto-reply/reply/commands-core.ts index 7a6cc36c05e..c3425161773 100644 --- a/src/auto-reply/reply/commands-core.ts +++ b/src/auto-reply/reply/commands-core.ts @@ -1,5 +1,5 @@ import fs from "node:fs/promises"; -import { resetAcpSessionInPlace } from "../../acp/persistent-bindings.js"; +import { resetConfiguredBindingTargetInPlace } from "../../channels/plugins/binding-targets.js"; import { logVerbose } from "../../globals.js"; import { createInternalHookEvent, triggerInternalHook } from "../../hooks/internal-hooks.js"; import { getGlobalHookRunner } from "../../plugins/hook-runner-global.js"; @@ -22,8 +22,10 @@ import { handleStatusCommand, handleWhoamiCommand, } from "./commands-info.js"; +import { handleMcpCommand } from "./commands-mcp.js"; import { handleModelsCommand } from "./commands-models.js"; import { handlePluginCommand } from "./commands-plugin.js"; +import { handlePluginsCommand } from "./commands-plugins.js"; import { handleAbortTrigger, handleActivationCommand, @@ -194,6 +196,8 @@ export async function handleCommands(params: HandleCommandsParams): Promise { + const dir = await fs.mkdtemp(path.join(os.tmpdir(), prefix)); + tempDirs.push(dir); + return dir; + }, + async cleanupWorkspaces() { + await Promise.all( + tempDirs.splice(0).map((dir) => fs.rm(dir, { recursive: true, force: true })), + ); + }, + }; +} diff --git a/src/auto-reply/reply/commands-mcp.test.ts b/src/auto-reply/reply/commands-mcp.test.ts new file mode 100644 index 00000000000..f70f167a80b --- /dev/null +++ b/src/auto-reply/reply/commands-mcp.test.ts @@ -0,0 +1,83 @@ +import { afterEach, describe, expect, it } from "vitest"; +import type { OpenClawConfig } from "../../config/config.js"; +import { withTempHome } from "../../config/home-env.test-harness.js"; +import { handleCommands } from "./commands-core.js"; +import { createCommandWorkspaceHarness } from "./commands-filesystem.test-support.js"; +import { buildCommandTestParams } from "./commands.test-harness.js"; + +const workspaceHarness = createCommandWorkspaceHarness("openclaw-command-mcp-"); + +function buildCfg(): OpenClawConfig { + return { + commands: { + text: true, + mcp: true, + }, + }; +} + +describe("handleCommands /mcp", () => { + afterEach(async () => { + await workspaceHarness.cleanupWorkspaces(); + }); + + it("writes MCP config and shows it back", async () => { + await withTempHome("openclaw-command-mcp-home-", async () => { + const workspaceDir = await workspaceHarness.createWorkspace(); + const setParams = buildCommandTestParams( + '/mcp set context7={"command":"uvx","args":["context7-mcp"]}', + buildCfg(), + undefined, + { workspaceDir }, + ); + setParams.command.senderIsOwner = true; + + const setResult = await handleCommands(setParams); + expect(setResult.reply?.text).toContain('MCP server "context7" saved'); + + const showParams = buildCommandTestParams("/mcp show context7", buildCfg(), undefined, { + workspaceDir, + }); + showParams.command.senderIsOwner = true; + const showResult = await handleCommands(showParams); + expect(showResult.reply?.text).toContain('"command": "uvx"'); + expect(showResult.reply?.text).toContain('"args": ['); + }); + }); + + it("rejects internal writes without operator.admin", async () => { + await withTempHome("openclaw-command-mcp-home-", async () => { + const workspaceDir = await workspaceHarness.createWorkspace(); + const params = buildCommandTestParams( + '/mcp set context7={"command":"uvx","args":["context7-mcp"]}', + buildCfg(), + { + Provider: "webchat", + Surface: "webchat", + GatewayClientScopes: ["operator.write"], + }, + { workspaceDir }, + ); + params.command.senderIsOwner = true; + + const result = await handleCommands(params); + expect(result.reply?.text).toContain("requires operator.admin"); + }); + }); + + it("accepts non-stdio MCP config at the config layer", async () => { + await withTempHome("openclaw-command-mcp-home-", async () => { + const workspaceDir = await workspaceHarness.createWorkspace(); + const params = buildCommandTestParams( + '/mcp set remote={"url":"https://example.com/mcp"}', + buildCfg(), + undefined, + { workspaceDir }, + ); + params.command.senderIsOwner = true; + + const result = await handleCommands(params); + expect(result.reply?.text).toContain('MCP server "remote" saved'); + }); + }); +}); diff --git a/src/auto-reply/reply/commands-mcp.ts b/src/auto-reply/reply/commands-mcp.ts new file mode 100644 index 00000000000..ff805a9b878 --- /dev/null +++ b/src/auto-reply/reply/commands-mcp.ts @@ -0,0 +1,134 @@ +import { + listConfiguredMcpServers, + setConfiguredMcpServer, + unsetConfiguredMcpServer, +} from "../../config/mcp-config.js"; +import { isInternalMessageChannel } from "../../utils/message-channel.js"; +import { + rejectNonOwnerCommand, + rejectUnauthorizedCommand, + requireCommandFlagEnabled, + requireGatewayClientScopeForInternalChannel, +} from "./command-gates.js"; +import type { CommandHandler } from "./commands-types.js"; +import { parseMcpCommand } from "./mcp-commands.js"; + +function renderJsonBlock(label: string, value: unknown): string { + return `${label}\n\`\`\`json\n${JSON.stringify(value, null, 2)}\n\`\`\``; +} + +export const handleMcpCommand: CommandHandler = async (params, allowTextCommands) => { + if (!allowTextCommands) { + return null; + } + const mcpCommand = parseMcpCommand(params.command.commandBodyNormalized); + if (!mcpCommand) { + return null; + } + const unauthorized = rejectUnauthorizedCommand(params, "/mcp"); + if (unauthorized) { + return unauthorized; + } + const allowInternalReadOnlyShow = + mcpCommand.action === "show" && isInternalMessageChannel(params.command.channel); + const nonOwner = allowInternalReadOnlyShow ? null : rejectNonOwnerCommand(params, "/mcp"); + if (nonOwner) { + return nonOwner; + } + const disabled = requireCommandFlagEnabled(params.cfg, { + label: "/mcp", + configKey: "mcp", + }); + if (disabled) { + return disabled; + } + if (mcpCommand.action === "error") { + return { + shouldContinue: false, + reply: { text: `⚠️ ${mcpCommand.message}` }, + }; + } + + if (mcpCommand.action === "show") { + const loaded = await listConfiguredMcpServers(); + if (!loaded.ok) { + return { + shouldContinue: false, + reply: { text: `⚠️ ${loaded.error}` }, + }; + } + if (mcpCommand.name) { + const server = loaded.mcpServers[mcpCommand.name]; + if (!server) { + return { + shouldContinue: false, + reply: { text: `🔌 No MCP server named "${mcpCommand.name}" in ${loaded.path}.` }, + }; + } + return { + shouldContinue: false, + reply: { + text: renderJsonBlock(`🔌 MCP server "${mcpCommand.name}" (${loaded.path})`, server), + }, + }; + } + if (Object.keys(loaded.mcpServers).length === 0) { + return { + shouldContinue: false, + reply: { text: `🔌 No MCP servers configured in ${loaded.path}.` }, + }; + } + return { + shouldContinue: false, + reply: { + text: renderJsonBlock(`🔌 MCP servers (${loaded.path})`, loaded.mcpServers), + }, + }; + } + + const missingAdminScope = requireGatewayClientScopeForInternalChannel(params, { + label: "/mcp write", + allowedScopes: ["operator.admin"], + missingText: "❌ /mcp set|unset requires operator.admin for gateway clients.", + }); + if (missingAdminScope) { + return missingAdminScope; + } + + if (mcpCommand.action === "set") { + const result = await setConfiguredMcpServer({ + name: mcpCommand.name, + server: mcpCommand.value, + }); + if (!result.ok) { + return { + shouldContinue: false, + reply: { text: `⚠️ ${result.error}` }, + }; + } + return { + shouldContinue: false, + reply: { + text: `🔌 MCP server "${mcpCommand.name}" saved to ${result.path}.`, + }, + }; + } + + const result = await unsetConfiguredMcpServer({ name: mcpCommand.name }); + if (!result.ok) { + return { + shouldContinue: false, + reply: { text: `⚠️ ${result.error}` }, + }; + } + if (!result.removed) { + return { + shouldContinue: false, + reply: { text: `🔌 No MCP server named "${mcpCommand.name}" in ${result.path}.` }, + }; + } + return { + shouldContinue: false, + reply: { text: `🔌 MCP server "${mcpCommand.name}" removed from ${result.path}.` }, + }; +}; diff --git a/src/auto-reply/reply/commands-models.ts b/src/auto-reply/reply/commands-models.ts index 99e02cfa81e..25f309361d2 100644 --- a/src/auto-reply/reply/commands-models.ts +++ b/src/auto-reply/reply/commands-models.ts @@ -16,7 +16,7 @@ import { calculateTotalPages, getModelsPageSize, type ProviderInfo, -} from "../../plugin-sdk-internal/telegram.js"; +} from "../../plugin-sdk/telegram.js"; import type { ReplyPayload } from "../types.js"; import { rejectUnauthorizedCommand } from "./command-gates.js"; import type { CommandHandler } from "./commands-types.js"; diff --git a/src/auto-reply/reply/commands-plugins.test.ts b/src/auto-reply/reply/commands-plugins.test.ts new file mode 100644 index 00000000000..1bf3feb772b --- /dev/null +++ b/src/auto-reply/reply/commands-plugins.test.ts @@ -0,0 +1,147 @@ +import fs from "node:fs/promises"; +import path from "node:path"; +import { afterEach, describe, expect, it } from "vitest"; +import type { OpenClawConfig } from "../../config/config.js"; +import { withTempHome } from "../../config/home-env.test-harness.js"; +import { handleCommands } from "./commands-core.js"; +import { createCommandWorkspaceHarness } from "./commands-filesystem.test-support.js"; +import { buildCommandTestParams } from "./commands.test-harness.js"; + +const workspaceHarness = createCommandWorkspaceHarness("openclaw-command-plugins-"); + +async function createClaudeBundlePlugin(params: { workspaceDir: string; pluginId: string }) { + const pluginDir = path.join(params.workspaceDir, ".openclaw", "extensions", params.pluginId); + await fs.mkdir(path.join(pluginDir, ".claude-plugin"), { recursive: true }); + await fs.mkdir(path.join(pluginDir, "commands"), { recursive: true }); + await fs.writeFile( + path.join(pluginDir, ".claude-plugin", "plugin.json"), + JSON.stringify({ name: params.pluginId }, null, 2), + "utf-8", + ); + await fs.writeFile(path.join(pluginDir, "commands", "review.md"), "# Review\n", "utf-8"); +} + +function buildCfg(): OpenClawConfig { + return { + commands: { + text: true, + plugins: true, + }, + }; +} + +describe("handleCommands /plugins", () => { + afterEach(async () => { + await workspaceHarness.cleanupWorkspaces(); + }); + + it("lists discovered plugins and inspects plugin details", async () => { + await withTempHome("openclaw-command-plugins-home-", async () => { + const workspaceDir = await workspaceHarness.createWorkspace(); + await createClaudeBundlePlugin({ workspaceDir, pluginId: "superpowers" }); + + const listParams = buildCommandTestParams("/plugins list", buildCfg(), undefined, { + workspaceDir, + }); + listParams.command.senderIsOwner = true; + const listResult = await handleCommands(listParams); + expect(listResult.reply?.text).toContain("Plugins"); + expect(listResult.reply?.text).toContain("superpowers"); + expect(listResult.reply?.text).toContain("[disabled]"); + + const showParams = buildCommandTestParams( + "/plugins inspect superpowers", + buildCfg(), + undefined, + { + workspaceDir, + }, + ); + showParams.command.senderIsOwner = true; + const showResult = await handleCommands(showParams); + expect(showResult.reply?.text).toContain('"id": "superpowers"'); + expect(showResult.reply?.text).toContain('"bundleFormat": "claude"'); + expect(showResult.reply?.text).toContain('"shape":'); + + const inspectAllParams = buildCommandTestParams( + "/plugins inspect all", + buildCfg(), + undefined, + { + workspaceDir, + }, + ); + inspectAllParams.command.senderIsOwner = true; + const inspectAllResult = await handleCommands(inspectAllParams); + expect(inspectAllResult.reply?.text).toContain("```json"); + expect(inspectAllResult.reply?.text).toContain('"plugin"'); + expect(inspectAllResult.reply?.text).toContain('"superpowers"'); + }); + }); + + it("enables and disables a discovered plugin", async () => { + await withTempHome("openclaw-command-plugins-home-", async () => { + const workspaceDir = await workspaceHarness.createWorkspace(); + await createClaudeBundlePlugin({ workspaceDir, pluginId: "superpowers" }); + + const enableParams = buildCommandTestParams( + "/plugins enable superpowers", + buildCfg(), + undefined, + { + workspaceDir, + }, + ); + enableParams.command.senderIsOwner = true; + const enableResult = await handleCommands(enableParams); + expect(enableResult.reply?.text).toContain('Plugin "superpowers" enabled'); + + const showEnabledParams = buildCommandTestParams( + "/plugins show superpowers", + buildCfg(), + undefined, + { + workspaceDir, + }, + ); + showEnabledParams.command.senderIsOwner = true; + const showEnabledResult = await handleCommands(showEnabledParams); + expect(showEnabledResult.reply?.text).toContain('"status": "loaded"'); + expect(showEnabledResult.reply?.text).toContain('"enabled": true'); + + const disableParams = buildCommandTestParams( + "/plugins disable superpowers", + buildCfg(), + undefined, + { + workspaceDir, + }, + ); + disableParams.command.senderIsOwner = true; + const disableResult = await handleCommands(disableParams); + expect(disableResult.reply?.text).toContain('Plugin "superpowers" disabled'); + }); + }); + + it("rejects internal writes without operator.admin", async () => { + await withTempHome("openclaw-command-plugins-home-", async () => { + const workspaceDir = await workspaceHarness.createWorkspace(); + await createClaudeBundlePlugin({ workspaceDir, pluginId: "superpowers" }); + + const params = buildCommandTestParams( + "/plugins enable superpowers", + buildCfg(), + { + Provider: "webchat", + Surface: "webchat", + GatewayClientScopes: ["operator.write"], + }, + { workspaceDir }, + ); + params.command.senderIsOwner = true; + + const result = await handleCommands(params); + expect(result.reply?.text).toContain("requires operator.admin"); + }); + }); +}); diff --git a/src/auto-reply/reply/commands-plugins.ts b/src/auto-reply/reply/commands-plugins.ts new file mode 100644 index 00000000000..1adbf57e717 --- /dev/null +++ b/src/auto-reply/reply/commands-plugins.ts @@ -0,0 +1,254 @@ +import { + readConfigFileSnapshot, + validateConfigObjectWithPlugins, + writeConfigFile, +} from "../../config/config.js"; +import type { OpenClawConfig } from "../../config/config.js"; +import type { PluginInstallRecord } from "../../config/types.plugins.js"; +import type { PluginRecord } from "../../plugins/registry.js"; +import { + buildAllPluginInspectReports, + buildPluginInspectReport, + buildPluginStatusReport, + type PluginStatusReport, +} from "../../plugins/status.js"; +import { setPluginEnabledInConfig } from "../../plugins/toggle-config.js"; +import { isInternalMessageChannel } from "../../utils/message-channel.js"; +import { + rejectNonOwnerCommand, + rejectUnauthorizedCommand, + requireCommandFlagEnabled, + requireGatewayClientScopeForInternalChannel, +} from "./command-gates.js"; +import type { CommandHandler } from "./commands-types.js"; +import { parsePluginsCommand } from "./plugins-commands.js"; + +function renderJsonBlock(label: string, value: unknown): string { + return `${label}\n\`\`\`json\n${JSON.stringify(value, null, 2)}\n\`\`\``; +} + +function buildPluginInspectJson(params: { + id: string; + config: OpenClawConfig; + report: PluginStatusReport; +}): { + inspect: NonNullable>; + install: PluginInstallRecord | null; +} | null { + const inspect = buildPluginInspectReport({ + id: params.id, + config: params.config, + report: params.report, + }); + if (!inspect) { + return null; + } + return { + inspect, + install: params.config.plugins?.installs?.[inspect.plugin.id] ?? null, + }; +} + +function buildAllPluginInspectJson(params: { + config: OpenClawConfig; + report: PluginStatusReport; +}): Array<{ + inspect: ReturnType[number]; + install: PluginInstallRecord | null; +}> { + return buildAllPluginInspectReports({ + config: params.config, + report: params.report, + }).map((inspect) => ({ + inspect, + install: params.config.plugins?.installs?.[inspect.plugin.id] ?? null, + })); +} + +function formatPluginLabel(plugin: PluginRecord): string { + if (!plugin.name || plugin.name === plugin.id) { + return plugin.id; + } + return `${plugin.name} (${plugin.id})`; +} + +function formatPluginsList(report: PluginStatusReport): string { + if (report.plugins.length === 0) { + return `🔌 No plugins found for workspace ${report.workspaceDir ?? "(unknown workspace)"}.`; + } + + const loaded = report.plugins.filter((plugin) => plugin.status === "loaded").length; + const lines = [ + `🔌 Plugins (${loaded}/${report.plugins.length} loaded)`, + ...report.plugins.map((plugin) => { + const format = plugin.bundleFormat + ? `${plugin.format ?? "openclaw"}/${plugin.bundleFormat}` + : (plugin.format ?? "openclaw"); + return `- ${formatPluginLabel(plugin)} [${plugin.status}] ${format}`; + }), + ]; + return lines.join("\n"); +} + +function findPlugin(report: PluginStatusReport, rawName: string): PluginRecord | undefined { + const target = rawName.trim().toLowerCase(); + if (!target) { + return undefined; + } + return report.plugins.find( + (plugin) => plugin.id.toLowerCase() === target || plugin.name.toLowerCase() === target, + ); +} + +async function loadPluginCommandState(workspaceDir: string): Promise< + | { + ok: true; + path: string; + config: OpenClawConfig; + report: PluginStatusReport; + } + | { ok: false; path: string; error: string } +> { + const snapshot = await readConfigFileSnapshot(); + if (!snapshot.valid) { + return { + ok: false, + path: snapshot.path, + error: "Config file is invalid; fix it before using /plugins.", + }; + } + const config = structuredClone(snapshot.resolved); + return { + ok: true, + path: snapshot.path, + config, + report: buildPluginStatusReport({ config, workspaceDir }), + }; +} + +export const handlePluginsCommand: CommandHandler = async (params, allowTextCommands) => { + if (!allowTextCommands) { + return null; + } + const pluginsCommand = parsePluginsCommand(params.command.commandBodyNormalized); + if (!pluginsCommand) { + return null; + } + const unauthorized = rejectUnauthorizedCommand(params, "/plugins"); + if (unauthorized) { + return unauthorized; + } + const allowInternalReadOnly = + (pluginsCommand.action === "list" || pluginsCommand.action === "inspect") && + isInternalMessageChannel(params.command.channel); + const nonOwner = allowInternalReadOnly ? null : rejectNonOwnerCommand(params, "/plugins"); + if (nonOwner) { + return nonOwner; + } + const disabled = requireCommandFlagEnabled(params.cfg, { + label: "/plugins", + configKey: "plugins", + }); + if (disabled) { + return disabled; + } + if (pluginsCommand.action === "error") { + return { + shouldContinue: false, + reply: { text: `⚠️ ${pluginsCommand.message}` }, + }; + } + + const loaded = await loadPluginCommandState(params.workspaceDir); + if (!loaded.ok) { + return { + shouldContinue: false, + reply: { text: `⚠️ ${loaded.error}` }, + }; + } + + if (pluginsCommand.action === "list") { + return { + shouldContinue: false, + reply: { text: formatPluginsList(loaded.report) }, + }; + } + + if (pluginsCommand.action === "inspect") { + if (!pluginsCommand.name) { + return { + shouldContinue: false, + reply: { text: formatPluginsList(loaded.report) }, + }; + } + if (pluginsCommand.name.toLowerCase() === "all") { + return { + shouldContinue: false, + reply: { + text: renderJsonBlock("🔌 Plugins", buildAllPluginInspectJson(loaded)), + }, + }; + } + const payload = buildPluginInspectJson({ + id: pluginsCommand.name, + config: loaded.config, + report: loaded.report, + }); + if (!payload) { + return { + shouldContinue: false, + reply: { text: `🔌 No plugin named "${pluginsCommand.name}" found.` }, + }; + } + return { + shouldContinue: false, + reply: { + text: renderJsonBlock(`🔌 Plugin "${payload.inspect.plugin.id}"`, { + ...payload.inspect, + install: payload.install, + }), + }, + }; + } + + const missingAdminScope = requireGatewayClientScopeForInternalChannel(params, { + label: "/plugins write", + allowedScopes: ["operator.admin"], + missingText: "❌ /plugins enable|disable requires operator.admin for gateway clients.", + }); + if (missingAdminScope) { + return missingAdminScope; + } + + const plugin = findPlugin(loaded.report, pluginsCommand.name); + if (!plugin) { + return { + shouldContinue: false, + reply: { text: `🔌 No plugin named "${pluginsCommand.name}" found.` }, + }; + } + + const next = setPluginEnabledInConfig( + structuredClone(loaded.config), + plugin.id, + pluginsCommand.action === "enable", + ); + const validated = validateConfigObjectWithPlugins(next); + if (!validated.ok) { + const issue = validated.issues[0]; + return { + shouldContinue: false, + reply: { + text: `⚠️ Config invalid after /plugins ${pluginsCommand.action} (${issue.path}: ${issue.message}).`, + }, + }; + } + await writeConfigFile(validated.config); + + return { + shouldContinue: false, + reply: { + text: `🔌 Plugin "${plugin.id}" ${pluginsCommand.action}d in ${loaded.path}. Restart the gateway to apply.`, + }, + }; +}; diff --git a/src/auto-reply/reply/commands-subagents.test-mocks.ts b/src/auto-reply/reply/commands-subagents.test-mocks.ts index 99c34fbf35c..b9934928372 100644 --- a/src/auto-reply/reply/commands-subagents.test-mocks.ts +++ b/src/auto-reply/reply/commands-subagents.test-mocks.ts @@ -10,7 +10,7 @@ export function installSubagentsCommandCoreMocks() { }); // Prevent transitive import chain from reaching discord/monitor which needs https-proxy-agent. - vi.mock("../../../extensions/discord/src/monitor/gateway-plugin.js", () => ({ + vi.mock("../../../extensions/discord/runtime-api.js", () => ({ createDiscordGatewayPlugin: () => ({}), })); } diff --git a/src/auto-reply/reply/commands-system-prompt.test.ts b/src/auto-reply/reply/commands-system-prompt.test.ts new file mode 100644 index 00000000000..09499fc3181 --- /dev/null +++ b/src/auto-reply/reply/commands-system-prompt.test.ts @@ -0,0 +1,127 @@ +import { beforeEach, describe, expect, it, vi } from "vitest"; +import type { HandleCommandsParams } from "./commands-types.js"; + +const { createOpenClawCodingToolsMock } = vi.hoisted(() => ({ + createOpenClawCodingToolsMock: vi.fn(() => []), +})); + +vi.mock("../../agents/bootstrap-files.js", () => ({ + resolveBootstrapContextForRun: vi.fn(async () => ({ + bootstrapFiles: [], + contextFiles: [], + })), +})); + +vi.mock("../../agents/pi-tools.js", () => ({ + createOpenClawCodingTools: createOpenClawCodingToolsMock, +})); + +vi.mock("../../agents/sandbox.js", () => ({ + resolveSandboxRuntimeStatus: vi.fn(() => ({ sandboxed: false, mode: "off" })), +})); + +vi.mock("../../agents/skills.js", () => ({ + buildWorkspaceSkillSnapshot: vi.fn(() => ({ prompt: "", skills: [], resolvedSkills: [] })), +})); + +vi.mock("../../agents/skills/refresh.js", () => ({ + getSkillsSnapshotVersion: vi.fn(() => "test-snapshot"), +})); + +vi.mock("../../agents/agent-scope.js", () => ({ + resolveSessionAgentIds: vi.fn(() => ({ sessionAgentId: "main" })), +})); + +vi.mock("../../agents/model-selection.js", () => ({ + resolveDefaultModelForAgent: vi.fn(() => ({ provider: "openai", model: "gpt-5" })), +})); + +vi.mock("../../agents/system-prompt-params.js", () => ({ + buildSystemPromptParams: vi.fn(() => ({ + runtimeInfo: { host: "unknown", os: "unknown", arch: "unknown", node: process.version }, + userTimezone: "UTC", + userTime: "12:00 PM", + userTimeFormat: "12h", + })), +})); + +vi.mock("../../agents/system-prompt.js", () => ({ + buildAgentSystemPrompt: vi.fn(() => "system prompt"), +})); + +vi.mock("../../agents/tool-summaries.js", () => ({ + buildToolSummaryMap: vi.fn(() => ({})), +})); + +vi.mock("../../infra/skills-remote.js", () => ({ + getRemoteSkillEligibility: vi.fn(() => false), +})); + +vi.mock("../../tts/tts.js", () => ({ + buildTtsSystemPromptHint: vi.fn(() => undefined), +})); + +import { resolveCommandsSystemPromptBundle } from "./commands-system-prompt.js"; + +function makeParams(): HandleCommandsParams { + return { + ctx: { + SessionKey: "agent:main:default", + }, + cfg: {}, + command: { + surface: "telegram", + channel: "telegram", + ownerList: [], + senderIsOwner: true, + isAuthorizedSender: true, + rawBodyNormalized: "/context", + commandBodyNormalized: "/context", + }, + directives: {}, + elevated: { + enabled: true, + allowed: true, + failures: [], + }, + agentId: "main", + sessionEntry: { + sessionId: "session-1", + groupId: "group-1", + groupChannel: "#general", + space: "guild-1", + spawnedBy: "agent:parent", + }, + sessionKey: "agent:main:default", + workspaceDir: "/tmp/workspace", + defaultGroupActivation: () => "mention", + resolvedVerboseLevel: "off", + resolvedReasoningLevel: "off", + resolvedElevatedLevel: "off", + resolveDefaultThinkingLevel: async () => undefined, + provider: "openai", + model: "gpt-5.4", + contextTokens: 0, + isGroup: false, + } as unknown as HandleCommandsParams; +} + +describe("resolveCommandsSystemPromptBundle", () => { + beforeEach(() => { + createOpenClawCodingToolsMock.mockClear(); + createOpenClawCodingToolsMock.mockReturnValue([]); + }); + + it("opts command tool builds into gateway subagent binding", async () => { + await resolveCommandsSystemPromptBundle(makeParams()); + + expect(createOpenClawCodingToolsMock).toHaveBeenCalledWith( + expect.objectContaining({ + allowGatewaySubagentBinding: true, + sessionKey: "agent:main:default", + workspaceDir: "/tmp/workspace", + messageProvider: "telegram", + }), + ); + }); +}); diff --git a/src/auto-reply/reply/commands-system-prompt.ts b/src/auto-reply/reply/commands-system-prompt.ts index 4197e7b2491..18b2e337d72 100644 --- a/src/auto-reply/reply/commands-system-prompt.ts +++ b/src/auto-reply/reply/commands-system-prompt.ts @@ -57,6 +57,7 @@ export async function resolveCommandsSystemPromptBundle( agentId: params.agentId, workspaceDir, sessionKey: params.sessionKey, + allowGatewaySubagentBinding: true, messageProvider: params.command.channel, groupId: params.sessionEntry?.groupId ?? undefined, groupChannel: params.sessionEntry?.groupChannel ?? undefined, diff --git a/src/auto-reply/reply/commands-tts.ts b/src/auto-reply/reply/commands-tts.ts index a6711d2c643..e635b038831 100644 --- a/src/auto-reply/reply/commands-tts.ts +++ b/src/auto-reply/reply/commands-tts.ts @@ -1,4 +1,5 @@ import { logVerbose } from "../../globals.js"; +import { listSpeechProviders, normalizeSpeechProviderId } from "../../tts/provider-registry.js"; import { getLastTtsAttempt, getTtsMaxLength, @@ -54,7 +55,7 @@ function ttsUsage(): ReplyPayload { `• /tts summary [on|off] — View/change auto-summary\n` + `• /tts audio — Generate audio from text\n\n` + `**Providers:**\n` + - `• edge — Free, fast (default)\n` + + `• microsoft — Microsoft Edge-backed speech (default fallback)\n` + `• openai — High quality (requires API key)\n` + `• elevenlabs — Premium voices (requires API key)\n\n` + `**Text Limit (default: 1500, max: 4096):**\n` + @@ -62,7 +63,7 @@ function ttsUsage(): ReplyPayload { `• Summary ON: AI summarizes, then generates audio\n` + `• Summary OFF: Truncates text, then generates audio\n\n` + `**Examples:**\n` + - `/tts provider edge\n` + + `/tts provider microsoft\n` + `/tts limit 2000\n` + `/tts audio Hello, this is a test!`, }; @@ -161,7 +162,7 @@ export const handleTtsCommands: CommandHandler = async (params, allowTextCommand if (!args.trim()) { const hasOpenAI = Boolean(resolveTtsApiKey(config, "openai")); const hasElevenLabs = Boolean(resolveTtsApiKey(config, "elevenlabs")); - const hasEdge = isTtsProviderConfigured(config, "edge"); + const hasMicrosoft = isTtsProviderConfigured(config, "microsoft", params.cfg); return { shouldContinue: false, reply: { @@ -170,21 +171,23 @@ export const handleTtsCommands: CommandHandler = async (params, allowTextCommand `Primary: ${currentProvider}\n` + `OpenAI key: ${hasOpenAI ? "✅" : "❌"}\n` + `ElevenLabs key: ${hasElevenLabs ? "✅" : "❌"}\n` + - `Edge enabled: ${hasEdge ? "✅" : "❌"}\n` + - `Usage: /tts provider openai | elevenlabs | edge`, + `Microsoft enabled: ${hasMicrosoft ? "✅" : "❌"}\n` + + `Usage: /tts provider openai | elevenlabs | microsoft`, }, }; } const requested = args.trim().toLowerCase(); - if (requested !== "openai" && requested !== "elevenlabs" && requested !== "edge") { + const knownProviders = new Set(listSpeechProviders(params.cfg).map((provider) => provider.id)); + if (requested !== "edge" && !knownProviders.has(requested)) { return { shouldContinue: false, reply: ttsUsage() }; } + const nextProvider = normalizeSpeechProviderId(requested) ?? requested; setTtsProvider(prefsPath, requested); return { shouldContinue: false, - reply: { text: `✅ TTS provider set to ${requested}.` }, + reply: { text: `✅ TTS provider set to ${nextProvider}.` }, }; } @@ -249,7 +252,7 @@ export const handleTtsCommands: CommandHandler = async (params, allowTextCommand if (action === "status") { const enabled = isTtsEnabled(config, prefsPath); const provider = getTtsProvider(config, prefsPath); - const hasKey = isTtsProviderConfigured(config, provider); + const hasKey = isTtsProviderConfigured(config, provider, params.cfg); const maxLength = getTtsMaxLength(prefsPath); const summarize = isSummarizationEnabled(prefsPath); const last = getLastTtsAttempt(); diff --git a/src/auto-reply/reply/commands.test.ts b/src/auto-reply/reply/commands.test.ts index 0f2853aab98..4e0a332910e 100644 --- a/src/auto-reply/reply/commands.test.ts +++ b/src/auto-reply/reply/commands.test.ts @@ -2,28 +2,11 @@ import fs from "node:fs/promises"; import os from "node:os"; import path from "node:path"; import { afterAll, beforeAll, beforeEach, describe, expect, it, vi } from "vitest"; -import { abortEmbeddedPiRun, compactEmbeddedPiSession } from "../../agents/pi-embedded.js"; -import { - addSubagentRunForTests, - listSubagentRunsForRequester, - resetSubagentRegistryForTests, -} from "../../agents/subagent-registry.js"; -import { setDefaultChannelPluginRegistryForTests } from "../../commands/channel-test-helpers.js"; import type { OpenClawConfig } from "../../config/config.js"; import { updateSessionStore, type SessionEntry } from "../../config/sessions.js"; -import * as internalHooks from "../../hooks/internal-hooks.js"; -import { clearPluginCommands, registerPluginCommand } from "../../plugins/commands.js"; import { typedCases } from "../../test-utils/typed-cases.js"; import { INTERNAL_MESSAGE_CHANNEL } from "../../utils/message-channel.js"; import type { MsgContext } from "../templating.js"; -import { resetBashChatCommandForTests } from "./bash-command.js"; -import { handleCompactCommand } from "./commands-compact.js"; -import { buildCommandsPaginationKeyboard } from "./commands-info.js"; -import { extractMessageText } from "./commands-subagents.js"; -import { buildCommandTestParams } from "./commands.test-harness.js"; -import { parseConfigCommand } from "./config-commands.js"; -import { parseDebugCommand } from "./debug-commands.js"; -import { parseInlineDirectives } from "./directive-handling.js"; const readConfigFileSnapshotMock = vi.hoisted(() => vi.fn()); const validateConfigObjectWithPluginsMock = vi.hoisted(() => vi.fn()); @@ -101,13 +84,12 @@ vi.mock("./session-updates.js", () => ({ incrementCompactionCount: vi.fn(), })); -const callGatewayMock = vi.fn(); +const callGatewayMock = vi.hoisted(() => vi.fn()); vi.mock("../../gateway/call.js", () => ({ - callGateway: (opts: unknown) => callGatewayMock(opts), + callGateway: callGatewayMock, })); import type { HandleCommandsParams } from "./commands-types.js"; -import { buildCommandContext, handleCommands } from "./commands.js"; // Avoid expensive workspace scans during /context tests. vi.mock("./commands-context-report.js", () => ({ @@ -123,6 +105,26 @@ vi.mock("./commands-context-report.js", () => ({ }, })); +vi.resetModules(); + +const { addSubagentRunForTests, listSubagentRunsForRequester, resetSubagentRegistryForTests } = + await import("../../agents/subagent-registry.js"); +const { setDefaultChannelPluginRegistryForTests } = + await import("../../commands/channel-test-helpers.js"); +const internalHooks = await import("../../hooks/internal-hooks.js"); +const { clearPluginCommands, registerPluginCommand } = await import("../../plugins/commands.js"); +const { abortEmbeddedPiRun, compactEmbeddedPiSession } = + await import("../../agents/pi-embedded.js"); +const { resetBashChatCommandForTests } = await import("./bash-command.js"); +const { handleCompactCommand } = await import("./commands-compact.js"); +const { buildCommandsPaginationKeyboard } = await import("./commands-info.js"); +const { extractMessageText } = await import("./commands-subagents.js"); +const { buildCommandTestParams } = await import("./commands.test-harness.js"); +const { parseConfigCommand } = await import("./config-commands.js"); +const { parseDebugCommand } = await import("./debug-commands.js"); +const { parseInlineDirectives } = await import("./directive-handling.js"); +const { buildCommandContext, handleCommands } = await import("./commands.js"); + let testWorkspaceDir = os.tmpdir(); beforeAll(async () => { @@ -323,6 +325,24 @@ describe("/approve command", () => { vi.clearAllMocks(); }); + function createTelegramApproveCfg( + execApprovals: { + enabled: true; + approvers: string[]; + target: "dm"; + } | null = { enabled: true, approvers: ["123"], target: "dm" }, + ): OpenClawConfig { + return { + commands: { text: true }, + channels: { + telegram: { + allowFrom: ["*"], + ...(execApprovals ? { execApprovals } : {}), + }, + }, + } as OpenClawConfig; + } + it("rejects invalid usage", async () => { const cfg = { commands: { text: true }, @@ -355,15 +375,7 @@ describe("/approve command", () => { }); it("accepts Telegram command mentions for /approve", async () => { - const cfg = { - commands: { text: true }, - channels: { - telegram: { - allowFrom: ["*"], - execApprovals: { enabled: true, approvers: ["123"], target: "dm" }, - }, - }, - } as OpenClawConfig; + const cfg = createTelegramApproveCfg(); const params = buildParams("/approve@bot abc12345 allow-once", cfg, { BotUsername: "bot", Provider: "telegram", @@ -384,132 +396,117 @@ describe("/approve command", () => { ); }); - it("rejects Telegram /approve mentions targeting a different bot", async () => { - const cfg = { - commands: { text: true }, - channels: { - telegram: { - allowFrom: ["*"], - execApprovals: { enabled: true, approvers: ["123"], target: "dm" }, + it("rejects unauthorized or invalid Telegram /approve variants", async () => { + for (const testCase of [ + { + name: "different bot mention", + cfg: createTelegramApproveCfg(), + commandBody: "/approve@otherbot abc12345 allow-once", + ctx: { + BotUsername: "bot", + Provider: "telegram", + Surface: "telegram", + SenderId: "123", }, + setup: undefined, + expectedText: "targets a different Telegram bot", + expectGatewayCalls: 0, }, - } as OpenClawConfig; - const params = buildParams("/approve@otherbot abc12345 allow-once", cfg, { - BotUsername: "bot", - Provider: "telegram", - Surface: "telegram", - SenderId: "123", - }); - - const result = await handleCommands(params); - - expect(result.shouldContinue).toBe(false); - expect(result.reply?.text).toContain("targets a different Telegram bot"); - expect(callGatewayMock).not.toHaveBeenCalled(); - }); - - it("surfaces unknown or expired approval id errors", async () => { - const cfg = { - commands: { text: true }, - channels: { - telegram: { - allowFrom: ["*"], - execApprovals: { enabled: true, approvers: ["123"], target: "dm" }, + { + name: "unknown approval id", + cfg: createTelegramApproveCfg(), + commandBody: "/approve abc12345 allow-once", + ctx: { + Provider: "telegram", + Surface: "telegram", + SenderId: "123", }, + setup: () => callGatewayMock.mockRejectedValue(new Error("unknown or expired approval id")), + expectedText: "unknown or expired approval id", + expectGatewayCalls: 1, }, - } as OpenClawConfig; - const params = buildParams("/approve abc12345 allow-once", cfg, { - Provider: "telegram", - Surface: "telegram", - SenderId: "123", - }); - - callGatewayMock.mockRejectedValue(new Error("unknown or expired approval id")); - - const result = await handleCommands(params); - expect(result.shouldContinue).toBe(false); - expect(result.reply?.text).toContain("unknown or expired approval id"); - }); - - it("rejects Telegram /approve when telegram exec approvals are disabled", async () => { - const cfg = { - commands: { text: true }, - channels: { telegram: { allowFrom: ["*"] } }, - } as OpenClawConfig; - const params = buildParams("/approve abc12345 allow-once", cfg, { - Provider: "telegram", - Surface: "telegram", - SenderId: "123", - }); - - const result = await handleCommands(params); - expect(result.shouldContinue).toBe(false); - expect(result.reply?.text).toContain("Telegram exec approvals are not enabled"); - expect(callGatewayMock).not.toHaveBeenCalled(); - }); - - it("rejects Telegram /approve from non-approvers", async () => { - const cfg = { - commands: { text: true }, - channels: { - telegram: { - allowFrom: ["*"], - execApprovals: { enabled: true, approvers: ["999"], target: "dm" }, + { + name: "telegram approvals disabled", + cfg: createTelegramApproveCfg(null), + commandBody: "/approve abc12345 allow-once", + ctx: { + Provider: "telegram", + Surface: "telegram", + SenderId: "123", }, + setup: undefined, + expectedText: "Telegram exec approvals are not enabled", + expectGatewayCalls: 0, }, - } as OpenClawConfig; - const params = buildParams("/approve abc12345 allow-once", cfg, { - Provider: "telegram", - Surface: "telegram", - SenderId: "123", - }); + { + name: "non approver", + cfg: createTelegramApproveCfg({ enabled: true, approvers: ["999"], target: "dm" }), + commandBody: "/approve abc12345 allow-once", + ctx: { + Provider: "telegram", + Surface: "telegram", + SenderId: "123", + }, + setup: undefined, + expectedText: "not authorized to approve", + expectGatewayCalls: 0, + }, + ] as const) { + callGatewayMock.mockReset(); + testCase.setup?.(); + const params = buildParams(testCase.commandBody, testCase.cfg, testCase.ctx); - const result = await handleCommands(params); - expect(result.shouldContinue).toBe(false); - expect(result.reply?.text).toContain("not authorized to approve"); - expect(callGatewayMock).not.toHaveBeenCalled(); + const result = await handleCommands(params); + expect(result.shouldContinue, testCase.name).toBe(false); + expect(result.reply?.text, testCase.name).toContain(testCase.expectedText); + expect(callGatewayMock, testCase.name).toHaveBeenCalledTimes(testCase.expectGatewayCalls); + } }); - it("rejects gateway clients without approvals scope", async () => { + it("enforces gateway approval scopes", async () => { const cfg = { commands: { text: true }, } as OpenClawConfig; - const params = buildParams("/approve abc allow-once", cfg, { - Provider: "webchat", - Surface: "webchat", - GatewayClientScopes: ["operator.write"], - }); - - callGatewayMock.mockResolvedValue({ ok: true }); - - const result = await handleCommands(params); - expect(result.shouldContinue).toBe(false); - expect(result.reply?.text).toContain("requires operator.approvals"); - expect(callGatewayMock).not.toHaveBeenCalled(); - }); - - it("allows gateway clients with approvals or admin scopes", async () => { - const cfg = { - commands: { text: true }, - } as OpenClawConfig; - const scopeCases = [["operator.approvals"], ["operator.admin"]]; - for (const scopes of scopeCases) { + const cases = [ + { + scopes: ["operator.write"], + expectedText: "requires operator.approvals", + expectedGatewayCalls: 0, + }, + { + scopes: ["operator.approvals"], + expectedText: "Exec approval allow-once submitted", + expectedGatewayCalls: 1, + }, + { + scopes: ["operator.admin"], + expectedText: "Exec approval allow-once submitted", + expectedGatewayCalls: 1, + }, + ] as const; + for (const testCase of cases) { + callGatewayMock.mockReset(); callGatewayMock.mockResolvedValue({ ok: true }); const params = buildParams("/approve abc allow-once", cfg, { Provider: "webchat", Surface: "webchat", - GatewayClientScopes: scopes, + GatewayClientScopes: [...testCase.scopes], }); const result = await handleCommands(params); - expect(result.shouldContinue).toBe(false); - expect(result.reply?.text).toContain("Exec approval allow-once submitted"); - expect(callGatewayMock).toHaveBeenLastCalledWith( - expect.objectContaining({ - method: "exec.approval.resolve", - params: { id: "abc", decision: "allow-once" }, - }), + expect(result.shouldContinue, String(testCase.scopes)).toBe(false); + expect(result.reply?.text, String(testCase.scopes)).toContain(testCase.expectedText); + expect(callGatewayMock, String(testCase.scopes)).toHaveBeenCalledTimes( + testCase.expectedGatewayCalls, ); + if (testCase.expectedGatewayCalls > 0) { + expect(callGatewayMock, String(testCase.scopes)).toHaveBeenLastCalledWith( + expect.objectContaining({ + method: "exec.approval.resolve", + params: { id: "abc", decision: "allow-once" }, + }), + ); + } } }); }); @@ -599,6 +596,7 @@ describe("/compact command", () => { expect.objectContaining({ sessionId: "session-1", sessionKey: "agent:main:main", + allowGatewaySubagentBinding: true, trigger: "manual", customInstructions: "focus on decisions", messageChannel: "whatsapp", @@ -734,232 +732,274 @@ describe("extractMessageText", () => { }); }); -describe("handleCommands /config owner gating", () => { - it("blocks /config show from authorized non-owner senders", async () => { - const cfg = { - commands: { config: true, text: true }, - channels: { whatsapp: { allowFrom: ["*"] } }, - } as OpenClawConfig; - const params = buildParams("/config show", cfg); - params.command.senderIsOwner = false; - const result = await handleCommands(params); - expect(result.shouldContinue).toBe(false); - expect(result.reply).toBeUndefined(); - }); +describe("handleCommands owner gating for privileged show commands", () => { + it("enforces owner gating for /config show and /debug show", async () => { + const cases = [ + { + name: "/config show blocks authorized non-owner senders", + build: () => { + const params = buildParams("/config show", { + commands: { config: true, text: true }, + channels: { whatsapp: { allowFrom: ["*"] } }, + } as OpenClawConfig); + params.command.senderIsOwner = false; + return params; + }, + assert: (result: Awaited>) => { + expect(result.shouldContinue).toBe(false); + expect(result.reply).toBeUndefined(); + }, + }, + { + name: "/config show stays available for owners", + build: () => { + readConfigFileSnapshotMock.mockResolvedValueOnce({ + valid: true, + parsed: { messages: { ackReaction: ":)" } }, + }); + const params = buildParams("/config show messages.ackReaction", { + commands: { config: true, text: true }, + channels: { whatsapp: { allowFrom: ["*"] } }, + } as OpenClawConfig); + params.command.senderIsOwner = true; + return params; + }, + assert: (result: Awaited>) => { + expect(result.shouldContinue).toBe(false); + expect(result.reply?.text).toContain("Config messages.ackReaction"); + }, + }, + { + name: "/debug show blocks authorized non-owner senders", + build: () => { + const params = buildParams("/debug show", { + commands: { debug: true, text: true }, + channels: { whatsapp: { allowFrom: ["*"] } }, + } as OpenClawConfig); + params.command.senderIsOwner = false; + return params; + }, + assert: (result: Awaited>) => { + expect(result.shouldContinue).toBe(false); + expect(result.reply).toBeUndefined(); + }, + }, + { + name: "/debug show stays available for owners", + build: () => { + const params = buildParams("/debug show", { + commands: { debug: true, text: true }, + channels: { whatsapp: { allowFrom: ["*"] } }, + } as OpenClawConfig); + params.command.senderIsOwner = true; + return params; + }, + assert: (result: Awaited>) => { + expect(result.shouldContinue).toBe(false); + expect(result.reply?.text).toContain("Debug overrides"); + }, + }, + ] as const; - it("keeps /config show working for owners", async () => { - const cfg = { - commands: { config: true, text: true }, - channels: { whatsapp: { allowFrom: ["*"] } }, - } as OpenClawConfig; - readConfigFileSnapshotMock.mockResolvedValueOnce({ - valid: true, - parsed: { messages: { ackReaction: ":)" } }, - }); - const params = buildParams("/config show messages.ackReaction", cfg); - params.command.senderIsOwner = true; - const result = await handleCommands(params); - expect(result.shouldContinue).toBe(false); - expect(result.reply?.text).toContain("Config messages.ackReaction"); + for (const testCase of cases) { + const result = await handleCommands(testCase.build()); + testCase.assert(result); + } }); }); describe("handleCommands /config configWrites gating", () => { - it("blocks /config set when channel config writes are disabled", async () => { - const cfg = { - commands: { config: true, text: true }, - channels: { whatsapp: { allowFrom: ["*"], configWrites: false } }, - } as OpenClawConfig; - const params = buildParams('/config set messages.ackReaction=":)"', cfg); - params.command.senderIsOwner = true; - const result = await handleCommands(params); - expect(result.shouldContinue).toBe(false); - expect(result.reply?.text).toContain("Config writes are disabled"); - }); - - it("blocks /config set when the target account disables writes", async () => { - const previousWriteCount = writeConfigFileMock.mock.calls.length; - const cfg = { - commands: { config: true, text: true }, - channels: { - telegram: { - configWrites: true, - accounts: { - work: { configWrites: false, enabled: true }, - }, - }, - }, - } as OpenClawConfig; - const params = buildPolicyParams( - "/config set channels.telegram.accounts.work.enabled=false", - cfg, + it("blocks disallowed /config set writes", async () => { + const cases = [ { - AccountId: "default", - Provider: "telegram", - Surface: "telegram", + name: "channel config writes disabled", + params: (() => { + const params = buildParams('/config set messages.ackReaction=":)"', { + commands: { config: true, text: true }, + channels: { whatsapp: { allowFrom: ["*"], configWrites: false } }, + } as OpenClawConfig); + params.command.senderIsOwner = true; + return params; + })(), + expectedText: "Config writes are disabled", }, - ); - params.command.senderIsOwner = true; - const result = await handleCommands(params); - expect(result.shouldContinue).toBe(false); - expect(result.reply?.text).toContain("channels.telegram.accounts.work.configWrites=true"); - expect(writeConfigFileMock.mock.calls.length).toBe(previousWriteCount); + { + name: "target account disables writes", + params: (() => { + const params = buildPolicyParams( + "/config set channels.telegram.accounts.work.enabled=false", + { + commands: { config: true, text: true }, + channels: { + telegram: { + configWrites: true, + accounts: { + work: { configWrites: false, enabled: true }, + }, + }, + }, + } as OpenClawConfig, + { + AccountId: "default", + Provider: "telegram", + Surface: "telegram", + }, + ); + params.command.senderIsOwner = true; + return params; + })(), + expectedText: "channels.telegram.accounts.work.configWrites=true", + }, + { + name: "ambiguous channel-root write", + params: (() => { + const params = buildPolicyParams( + '/config set channels.telegram={"enabled":false}', + { + commands: { config: true, text: true }, + channels: { telegram: { configWrites: true } }, + } as OpenClawConfig, + { + Provider: "telegram", + Surface: "telegram", + }, + ); + params.command.senderIsOwner = true; + return params; + })(), + expectedText: "cannot replace channels, channel roots, or accounts collections", + }, + ] as const; + + for (const testCase of cases) { + const previousWriteCount = writeConfigFileMock.mock.calls.length; + const result = await handleCommands(testCase.params); + expect(result.shouldContinue, testCase.name).toBe(false); + expect(result.reply?.text, testCase.name).toContain(testCase.expectedText); + expect(writeConfigFileMock.mock.calls.length, testCase.name).toBe(previousWriteCount); + } }); - it("blocks ambiguous channel-root /config writes from channel commands", async () => { - const previousWriteCount = writeConfigFileMock.mock.calls.length; - const cfg = { - commands: { config: true, text: true }, - channels: { telegram: { configWrites: true } }, - } as OpenClawConfig; - const params = buildPolicyParams('/config set channels.telegram={"enabled":false}', cfg, { - Provider: "telegram", - Surface: "telegram", - }); - params.command.senderIsOwner = true; - const result = await handleCommands(params); - expect(result.shouldContinue).toBe(false); - expect(result.reply?.text).toContain( - "cannot replace channels, channel roots, or accounts collections", - ); - expect(writeConfigFileMock.mock.calls.length).toBe(previousWriteCount); - }); - - it("blocks /config set from gateway clients without operator.admin", async () => { - const cfg = { + it("enforces gateway client permissions for /config commands", async () => { + const baseCfg = { commands: { config: true, text: true }, } as OpenClawConfig; - const params = buildParams('/config set messages.ackReaction=":)"', cfg, { - Provider: INTERNAL_MESSAGE_CHANNEL, - Surface: INTERNAL_MESSAGE_CHANNEL, - GatewayClientScopes: ["operator.write"], - }); - params.command.channel = INTERNAL_MESSAGE_CHANNEL; - params.command.senderIsOwner = true; - const result = await handleCommands(params); - expect(result.shouldContinue).toBe(false); - expect(result.reply?.text).toContain("requires operator.admin"); - }); - - it("keeps /config show available to gateway operator.write clients", async () => { - const cfg = { - commands: { config: true, text: true }, - } as OpenClawConfig; - readConfigFileSnapshotMock.mockResolvedValueOnce({ - valid: true, - parsed: { messages: { ackReaction: ":)" } }, - }); - const params = buildParams("/config show messages.ackReaction", cfg, { - Provider: INTERNAL_MESSAGE_CHANNEL, - Surface: INTERNAL_MESSAGE_CHANNEL, - GatewayClientScopes: ["operator.write"], - }); - params.command.channel = INTERNAL_MESSAGE_CHANNEL; - params.command.senderIsOwner = false; - const result = await handleCommands(params); - expect(result.shouldContinue).toBe(false); - expect(result.reply?.text).toContain("Config messages.ackReaction"); - }); - - it("keeps /config set working for gateway operator.admin clients", async () => { - await withTempConfigPath({ messages: { ackReaction: ":)" } }, async (configPath) => { - const cfg = { - commands: { config: true, text: true }, - } as OpenClawConfig; - readConfigFileSnapshotMock.mockResolvedValueOnce({ - valid: true, - parsed: { messages: { ackReaction: ":)" } }, - }); - validateConfigObjectWithPluginsMock.mockImplementation((config: unknown) => ({ - ok: true, - config, - })); - const params = buildParams('/config set messages.ackReaction=":D"', cfg, { - Provider: INTERNAL_MESSAGE_CHANNEL, - Surface: INTERNAL_MESSAGE_CHANNEL, - GatewayClientScopes: ["operator.write", "operator.admin"], - }); - params.command.channel = INTERNAL_MESSAGE_CHANNEL; - params.command.senderIsOwner = true; - const result = await handleCommands(params); - expect(result.shouldContinue).toBe(false); - expect(result.reply?.text).toContain("Config updated"); - const written = await readJsonFile(configPath); - expect(written.messages?.ackReaction).toBe(":D"); - }); - }); - - it("keeps /config set working for gateway operator.admin on protected account paths", async () => { - const initialConfig = { - channels: { - telegram: { - accounts: { - work: { enabled: true, configWrites: false }, - }, + const cases = [ + { + name: "blocks /config set from gateway clients without operator.admin", + run: async () => { + const params = buildParams('/config set messages.ackReaction=":)"', baseCfg, { + Provider: INTERNAL_MESSAGE_CHANNEL, + Surface: INTERNAL_MESSAGE_CHANNEL, + GatewayClientScopes: ["operator.write"], + }); + params.command.channel = INTERNAL_MESSAGE_CHANNEL; + params.command.senderIsOwner = true; + const result = await handleCommands(params); + expect(result.shouldContinue).toBe(false); + expect(result.reply?.text).toContain("requires operator.admin"); }, }, - }; - await withTempConfigPath(initialConfig, async (configPath) => { - readConfigFileSnapshotMock.mockResolvedValueOnce({ - valid: true, - parsed: structuredClone(initialConfig), - }); - validateConfigObjectWithPluginsMock.mockImplementation((config: unknown) => ({ - ok: true, - config, - })); - const params = buildParams( - "/config set channels.telegram.accounts.work.enabled=false", - { - commands: { config: true, text: true }, - channels: { - telegram: { - accounts: { - work: { enabled: true, configWrites: false }, + { + name: "keeps /config show available to gateway operator.write clients", + run: async () => { + readConfigFileSnapshotMock.mockResolvedValueOnce({ + valid: true, + parsed: { messages: { ackReaction: ":)" } }, + }); + const params = buildParams("/config show messages.ackReaction", baseCfg, { + Provider: INTERNAL_MESSAGE_CHANNEL, + Surface: INTERNAL_MESSAGE_CHANNEL, + GatewayClientScopes: ["operator.write"], + }); + params.command.channel = INTERNAL_MESSAGE_CHANNEL; + params.command.senderIsOwner = false; + const result = await handleCommands(params); + expect(result.shouldContinue).toBe(false); + expect(result.reply?.text).toContain("Config messages.ackReaction"); + }, + }, + { + name: "keeps /config set working for gateway operator.admin clients", + run: async () => { + await withTempConfigPath({ messages: { ackReaction: ":)" } }, async (configPath) => { + readConfigFileSnapshotMock.mockResolvedValueOnce({ + valid: true, + parsed: { messages: { ackReaction: ":)" } }, + }); + validateConfigObjectWithPluginsMock.mockImplementation((config: unknown) => ({ + ok: true, + config, + })); + const params = buildParams('/config set messages.ackReaction=":D"', baseCfg, { + Provider: INTERNAL_MESSAGE_CHANNEL, + Surface: INTERNAL_MESSAGE_CHANNEL, + GatewayClientScopes: ["operator.write", "operator.admin"], + }); + params.command.channel = INTERNAL_MESSAGE_CHANNEL; + params.command.senderIsOwner = true; + const result = await handleCommands(params); + expect(result.shouldContinue).toBe(false); + expect(result.reply?.text).toContain("Config updated"); + const written = await readJsonFile(configPath); + expect(written.messages?.ackReaction).toBe(":D"); + }); + }, + }, + { + name: "keeps /config set working for gateway operator.admin on protected account paths", + run: async () => { + const initialConfig = { + channels: { + telegram: { + accounts: { + work: { enabled: true, configWrites: false }, + }, }, }, - }, - } as OpenClawConfig, - { - Provider: INTERNAL_MESSAGE_CHANNEL, - Surface: INTERNAL_MESSAGE_CHANNEL, - GatewayClientScopes: ["operator.write", "operator.admin"], + }; + await withTempConfigPath(initialConfig, async (configPath) => { + readConfigFileSnapshotMock.mockResolvedValueOnce({ + valid: true, + parsed: structuredClone(initialConfig), + }); + validateConfigObjectWithPluginsMock.mockImplementation((config: unknown) => ({ + ok: true, + config, + })); + const params = buildParams( + "/config set channels.telegram.accounts.work.enabled=false", + { + commands: { config: true, text: true }, + channels: { + telegram: { + accounts: { + work: { enabled: true, configWrites: false }, + }, + }, + }, + } as OpenClawConfig, + { + Provider: INTERNAL_MESSAGE_CHANNEL, + Surface: INTERNAL_MESSAGE_CHANNEL, + GatewayClientScopes: ["operator.write", "operator.admin"], + }, + ); + params.command.channel = INTERNAL_MESSAGE_CHANNEL; + params.command.senderIsOwner = true; + const result = await handleCommands(params); + expect(result.shouldContinue).toBe(false); + expect(result.reply?.text).toContain("Config updated"); + const written = await readJsonFile(configPath); + expect(written.channels?.telegram?.accounts?.work?.enabled).toBe(false); + }); }, - ); - params.command.channel = INTERNAL_MESSAGE_CHANNEL; - params.command.senderIsOwner = true; - const result = await handleCommands(params); - expect(result.shouldContinue).toBe(false); - expect(result.reply?.text).toContain("Config updated"); - const written = await readJsonFile(configPath); - expect(written.channels?.telegram?.accounts?.work?.enabled).toBe(false); - }); - }); -}); + }, + ] as const; -describe("handleCommands /debug owner gating", () => { - it("blocks /debug show from authorized non-owner senders", async () => { - const cfg = { - commands: { debug: true, text: true }, - channels: { whatsapp: { allowFrom: ["*"] } }, - } as OpenClawConfig; - const params = buildParams("/debug show", cfg); - params.command.senderIsOwner = false; - const result = await handleCommands(params); - expect(result.shouldContinue).toBe(false); - expect(result.reply).toBeUndefined(); - }); - - it("keeps /debug show working for owners", async () => { - const cfg = { - commands: { debug: true, text: true }, - channels: { whatsapp: { allowFrom: ["*"] } }, - } as OpenClawConfig; - const params = buildParams("/debug show", cfg); - params.command.senderIsOwner = true; - const result = await handleCommands(params); - expect(result.shouldContinue).toBe(false); - expect(result.reply?.text).toContain("Debug overrides"); + for (const testCase of cases) { + await testCase.run(); + } }); }); @@ -1044,78 +1084,92 @@ describe("handleCommands /allowlist", () => { expect(result.reply?.text).toContain("Paired allowFrom (store): 456"); }); - it("adds entries to config and pairing store", async () => { - await withTempConfigPath( - { - channels: { telegram: { allowFrom: ["123"] } }, - }, - async (configPath) => { - readConfigFileSnapshotMock.mockResolvedValueOnce({ - valid: true, - parsed: { - channels: { telegram: { allowFrom: ["123"] } }, - }, - }); - validateConfigObjectWithPluginsMock.mockImplementation((config: unknown) => ({ - ok: true, - config, - })); - addChannelAllowFromStoreEntryMock.mockResolvedValueOnce({ - changed: true, - allowFrom: ["123", "789"], - }); - - const cfg = { - commands: { text: true, config: true }, - channels: { telegram: { allowFrom: ["123"] } }, - } as OpenClawConfig; - const params = buildPolicyParams("/allowlist add dm 789", cfg); - const result = await handleCommands(params); - - expect(result.shouldContinue).toBe(false); - const written = await readJsonFile(configPath); - expect(written.channels?.telegram?.allowFrom).toEqual(["123", "789"]); - expect(addChannelAllowFromStoreEntryMock).toHaveBeenCalledWith({ - channel: "telegram", - entry: "789", - accountId: "default", - }); - expect(result.reply?.text).toContain("DM allowlist added"); - }, - ); - }); - - it("writes store entries to the selected account scope", async () => { - readConfigFileSnapshotMock.mockResolvedValueOnce({ - valid: true, - parsed: { - channels: { telegram: { accounts: { work: { allowFrom: ["123"] } } } }, - }, - }); + it("adds allowlist entries to config and pairing stores", async () => { validateConfigObjectWithPluginsMock.mockImplementation((config: unknown) => ({ ok: true, config, })); - addChannelAllowFromStoreEntryMock.mockResolvedValueOnce({ - changed: true, - allowFrom: ["123", "789"], - }); + const cases = [ + { + name: "default account", + run: async () => { + await withTempConfigPath( + { + channels: { telegram: { allowFrom: ["123"] } }, + }, + async (configPath) => { + readConfigFileSnapshotMock.mockResolvedValueOnce({ + valid: true, + parsed: { + channels: { telegram: { allowFrom: ["123"] } }, + }, + }); + addChannelAllowFromStoreEntryMock.mockResolvedValueOnce({ + changed: true, + allowFrom: ["123", "789"], + }); - const cfg = { - commands: { text: true, config: true }, - channels: { telegram: { accounts: { work: { allowFrom: ["123"] } } } }, - } as OpenClawConfig; - const params = buildPolicyParams("/allowlist add dm --account work 789", cfg, { - AccountId: "work", - }); - const result = await handleCommands(params); + const params = buildPolicyParams("/allowlist add dm 789", { + commands: { text: true, config: true }, + channels: { telegram: { allowFrom: ["123"] } }, + } as OpenClawConfig); + const result = await handleCommands(params); - expect(result.shouldContinue).toBe(false); - expect(addChannelAllowFromStoreEntryMock).toHaveBeenCalledWith({ - channel: "telegram", - entry: "789", - accountId: "work", - }); + expect(result.shouldContinue).toBe(false); + const written = await readJsonFile(configPath); + expect(written.channels?.telegram?.allowFrom, "default account").toEqual([ + "123", + "789", + ]); + expect(addChannelAllowFromStoreEntryMock, "default account").toHaveBeenCalledWith({ + channel: "telegram", + entry: "789", + accountId: "default", + }); + expect(result.reply?.text, "default account").toContain("DM allowlist added"); + }, + ); + }, + }, + { + name: "selected account scope", + run: async () => { + readConfigFileSnapshotMock.mockResolvedValueOnce({ + valid: true, + parsed: { + channels: { telegram: { accounts: { work: { allowFrom: ["123"] } } } }, + }, + }); + addChannelAllowFromStoreEntryMock.mockResolvedValueOnce({ + changed: true, + allowFrom: ["123", "789"], + }); + + const params = buildPolicyParams( + "/allowlist add dm --account work 789", + { + commands: { text: true, config: true }, + channels: { telegram: { accounts: { work: { allowFrom: ["123"] } } } }, + } as OpenClawConfig, + { + AccountId: "work", + }, + ); + const result = await handleCommands(params); + + expect(result.shouldContinue, "selected account scope").toBe(false); + expect(addChannelAllowFromStoreEntryMock, "selected account scope").toHaveBeenCalledWith({ + channel: "telegram", + entry: "789", + accountId: "work", + }); + }, + }, + ] as const; + + for (const testCase of cases) { + await testCase.run(); + } }); it("blocks config-targeted /allowlist edits when the target account disables writes", async () => { @@ -1445,52 +1499,56 @@ describe("handleCommands identity", () => { }); describe("handleCommands hooks", () => { - it("triggers hooks for /new with arguments", async () => { - const cfg = { - commands: { text: true }, - channels: { whatsapp: { allowFrom: ["*"] } }, - } as OpenClawConfig; - const params = buildParams("/new take notes", cfg); - const spy = vi.spyOn(internalHooks, "triggerInternalHook").mockResolvedValue(); - - await handleCommands(params); - - expect(spy).toHaveBeenCalledWith(expect.objectContaining({ type: "command", action: "new" })); - spy.mockRestore(); - }); - - it("triggers hooks for native /new routed to target sessions", async () => { - const cfg = { - commands: { text: true }, - channels: { telegram: { allowFrom: ["*"] } }, - } as OpenClawConfig; - const params = buildParams("/new", cfg, { - Provider: "telegram", - Surface: "telegram", - CommandSource: "native", - CommandTargetSessionKey: "agent:main:telegram:direct:123", - SessionKey: "telegram:slash:123", - SenderId: "123", - From: "telegram:123", - To: "slash:123", - CommandAuthorized: true, - }); - params.sessionKey = "agent:main:telegram:direct:123"; - const spy = vi.spyOn(internalHooks, "triggerInternalHook").mockResolvedValue(); - - await handleCommands(params); - - expect(spy).toHaveBeenCalledWith( - expect.objectContaining({ - type: "command", - action: "new", - sessionKey: "agent:main:telegram:direct:123", - context: expect.objectContaining({ - workspaceDir: testWorkspaceDir, + it("triggers hooks for /new commands", async () => { + const cases = [ + { + name: "text command with arguments", + params: buildParams("/new take notes", { + commands: { text: true }, + channels: { whatsapp: { allowFrom: ["*"] } }, + } as OpenClawConfig), + expectedCall: expect.objectContaining({ type: "command", action: "new" }), + }, + { + name: "native command routed to target session", + params: (() => { + const params = buildParams( + "/new", + { + commands: { text: true }, + channels: { telegram: { allowFrom: ["*"] } }, + } as OpenClawConfig, + { + Provider: "telegram", + Surface: "telegram", + CommandSource: "native", + CommandTargetSessionKey: "agent:main:telegram:direct:123", + SessionKey: "telegram:slash:123", + SenderId: "123", + From: "telegram:123", + To: "slash:123", + CommandAuthorized: true, + }, + ); + params.sessionKey = "agent:main:telegram:direct:123"; + return params; + })(), + expectedCall: expect.objectContaining({ + type: "command", + action: "new", + sessionKey: "agent:main:telegram:direct:123", + context: expect.objectContaining({ + workspaceDir: testWorkspaceDir, + }), }), - }), - ); - spy.mockRestore(); + }, + ] as const; + for (const testCase of cases) { + const spy = vi.spyOn(internalHooks, "triggerInternalHook").mockResolvedValue(); + await handleCommands(testCase.params); + expect(spy, testCase.name).toHaveBeenCalledWith(testCase.expectedCall); + spy.mockRestore(); + } }); }); diff --git a/src/auto-reply/reply/directive-handling.model.ts b/src/auto-reply/reply/directive-handling.model.ts index d27bdb25d61..521d3bd6fea 100644 --- a/src/auto-reply/reply/directive-handling.model.ts +++ b/src/auto-reply/reply/directive-handling.model.ts @@ -8,7 +8,7 @@ import { } from "../../agents/model-selection.js"; import type { OpenClawConfig } from "../../config/config.js"; import type { SessionEntry } from "../../config/sessions.js"; -import { buildBrowseProvidersButton } from "../../plugin-sdk-internal/telegram.js"; +import { buildBrowseProvidersButton } from "../../plugin-sdk/telegram.js"; import { shortenHomePath } from "../../utils.js"; import { resolveSelectedAndActiveModel } from "../model-runtime.js"; import type { ReplyPayload } from "../types.js"; diff --git a/src/auto-reply/reply/dispatch-from-config.test.ts b/src/auto-reply/reply/dispatch-from-config.test.ts index 6d1604227bd..162f40613d1 100644 --- a/src/auto-reply/reply/dispatch-from-config.test.ts +++ b/src/auto-reply/reply/dispatch-from-config.test.ts @@ -1,11 +1,12 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; -import { discordPlugin } from "../../../extensions/discord/src/channel.js"; -import { AcpRuntimeError } from "../../acp/runtime/errors.js"; import type { OpenClawConfig } from "../../config/config.js"; import type { SessionBindingRecord } from "../../infra/outbound/session-binding-service.js"; import type { PluginTargetedInboundClaimOutcome } from "../../plugins/hooks.js"; import { setActivePluginRegistry } from "../../plugins/runtime.js"; -import { createTestRegistry } from "../../test-utils/channel-plugins.js"; +import { + createChannelTestPluginBase, + createTestRegistry, +} from "../../test-utils/channel-plugins.js"; import { createInternalHookEventPayload } from "../../test-utils/internal-hook-event-payload.js"; import type { MsgContext } from "../templating.js"; import type { GetReplyOptions, ReplyPayload } from "../types.js"; @@ -192,14 +193,16 @@ vi.mock("../../tts/tts.js", () => ({ resolveTtsConfig: (cfg: OpenClawConfig) => ttsMocks.resolveTtsConfig(cfg), })); -const { dispatchReplyFromConfig } = await import("./dispatch-from-config.js"); -const { resetInboundDedupe } = await import("./inbound-dedupe.js"); -const { __testing: acpManagerTesting } = await import("../../acp/control-plane/manager.js"); -const { __testing: pluginBindingTesting } = await import("../../plugins/conversation-binding.js"); - const noAbortResult = { handled: false, aborted: false } as const; const emptyConfig = {} as OpenClawConfig; -type DispatchReplyArgs = Parameters[0]; +let dispatchReplyFromConfig: typeof import("./dispatch-from-config.js").dispatchReplyFromConfig; +let resetInboundDedupe: typeof import("./inbound-dedupe.js").resetInboundDedupe; +let acpManagerTesting: typeof import("../../acp/control-plane/manager.js").__testing; +let pluginBindingTesting: typeof import("../../plugins/conversation-binding.js").__testing; +let AcpRuntimeErrorClass: typeof import("../../acp/runtime/errors.js").AcpRuntimeError; +type DispatchReplyArgs = Parameters< + typeof import("./dispatch-from-config.js").dispatchReplyFromConfig +>[0]; function createDispatcher(): ReplyDispatcher { return { @@ -254,9 +257,39 @@ async function dispatchTwiceWithFreshDispatchers(params: Omit { - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); + ({ dispatchReplyFromConfig } = await import("./dispatch-from-config.js")); + ({ resetInboundDedupe } = await import("./inbound-dedupe.js")); + ({ __testing: acpManagerTesting } = await import("../../acp/control-plane/manager.js")); + ({ __testing: pluginBindingTesting } = await import("../../plugins/conversation-binding.js")); + ({ AcpRuntimeError: AcpRuntimeErrorClass } = await import("../../acp/runtime/errors.js")); + const discordTestPlugin = { + ...createChannelTestPluginBase({ + id: "discord", + capabilities: { + chatTypes: ["direct"], + nativeCommands: true, + }, + }), + execApprovals: { + shouldSuppressLocalPrompt: ({ payload }: { payload: ReplyPayload }) => + Boolean( + payload.channelData && + typeof payload.channelData === "object" && + !Array.isArray(payload.channelData) && + payload.channelData.execApproval, + ), + }, + }; setActivePluginRegistry( - createTestRegistry([{ pluginId: "discord", source: "test", plugin: discordPlugin }]), + createTestRegistry([ + { + pluginId: "discord", + source: "test", + plugin: discordTestPlugin, + }, + ]), ); acpManagerTesting.resetAcpSessionManagerForTests(); resetInboundDedupe(); @@ -1733,7 +1766,7 @@ describe("dispatchReplyFromConfig", () => { }, }); acpMocks.requireAcpRuntimeBackend.mockImplementation(() => { - throw new AcpRuntimeError( + throw new AcpRuntimeErrorClass( "ACP_BACKEND_MISSING", "ACP runtime backend is not configured. Install and enable the acpx runtime plugin.", ); diff --git a/src/auto-reply/reply/dispatch-from-config.ts b/src/auto-reply/reply/dispatch-from-config.ts index 18a7eb7802d..34950c20950 100644 --- a/src/auto-reply/reply/dispatch-from-config.ts +++ b/src/auto-reply/reply/dispatch-from-config.ts @@ -1,4 +1,8 @@ import { resolveSessionAgentId } from "../../agents/agent-scope.js"; +import { + resolveConversationBindingRecord, + touchConversationBindingRecord, +} from "../../bindings/records.js"; import { shouldSuppressLocalExecApprovalPrompt } from "../../channels/plugins/exec-approval-local.js"; import type { OpenClawConfig } from "../../config/config.js"; import { @@ -20,7 +24,6 @@ import { toPluginMessageReceivedEvent, } from "../../hooks/message-hook-mappers.js"; import { isDiagnosticsEnabled } from "../../infra/diagnostic-events.js"; -import { getSessionBindingService } from "../../infra/outbound/session-binding-service.js"; import { logMessageProcessed, logMessageQueued, @@ -303,7 +306,7 @@ export async function dispatchReplyFromConfig(params: { const pluginOwnedBindingRecord = inboundClaimContext.conversationId && inboundClaimContext.channelId - ? getSessionBindingService().resolveByConversation({ + ? resolveConversationBindingRecord({ channel: inboundClaimContext.channelId, accountId: inboundClaimContext.accountId ?? "default", conversationId: inboundClaimContext.conversationId, @@ -320,7 +323,7 @@ export async function dispatchReplyFromConfig(params: { | undefined; if (pluginOwnedBinding) { - getSessionBindingService().touch(pluginOwnedBinding.bindingId); + touchConversationBindingRecord(pluginOwnedBinding.bindingId); logVerbose( `plugin-bound inbound routed to ${pluginOwnedBinding.pluginId} conversation=${pluginOwnedBinding.conversationId}`, ); diff --git a/src/auto-reply/reply/elevated-allowlist-matcher.ts b/src/auto-reply/reply/elevated-allowlist-matcher.ts index 7617b671391..58774b11b80 100644 --- a/src/auto-reply/reply/elevated-allowlist-matcher.ts +++ b/src/auto-reply/reply/elevated-allowlist-matcher.ts @@ -1,8 +1,8 @@ import { CHAT_CHANNEL_ORDER } from "../../channels/registry.js"; import { normalizeAtHashSlug } from "../../shared/string-normalization.js"; -import { INTERNAL_MESSAGE_CHANNEL } from "../../utils/message-channel.js"; export type ExplicitElevatedAllowField = "id" | "from" | "e164" | "name" | "username" | "tag"; +const INTERNAL_ALLOWLIST_CHANNEL = "webchat"; const EXPLICIT_ELEVATED_ALLOW_FIELDS = new Set([ "id", @@ -15,7 +15,7 @@ const EXPLICIT_ELEVATED_ALLOW_FIELDS = new Set([ const SENDER_PREFIXES = [ ...CHAT_CHANNEL_ORDER, - INTERNAL_MESSAGE_CHANNEL, + INTERNAL_ALLOWLIST_CHANNEL, "user", "group", "channel", diff --git a/src/auto-reply/reply/followup-runner.test.ts b/src/auto-reply/reply/followup-runner.test.ts index c8e33397a2a..fa7f0fb8637 100644 --- a/src/auto-reply/reply/followup-runner.test.ts +++ b/src/auto-reply/reply/followup-runner.test.ts @@ -287,10 +287,12 @@ describe("createFollowupRunner bootstrap warning dedupe", () => { const call = runEmbeddedPiAgentMock.mock.calls.at(-1)?.[0] as | { + allowGatewaySubagentBinding?: boolean; bootstrapPromptWarningSignaturesSeen?: string[]; bootstrapPromptWarningSignature?: string; } | undefined; + expect(call?.allowGatewaySubagentBinding).toBe(true); expect(call?.bootstrapPromptWarningSignaturesSeen).toEqual(["sig-a", "sig-b"]); expect(call?.bootstrapPromptWarningSignature).toBe("sig-b"); }); diff --git a/src/auto-reply/reply/followup-runner.ts b/src/auto-reply/reply/followup-runner.ts index fe90d56433c..339883e730b 100644 --- a/src/auto-reply/reply/followup-runner.ts +++ b/src/auto-reply/reply/followup-runner.ts @@ -171,6 +171,7 @@ export function createFollowupRunner(params: { let attemptCompactionCount = 0; try { const result = await runEmbeddedPiAgent({ + allowGatewaySubagentBinding: true, sessionId: queued.run.sessionId, sessionKey: queued.run.sessionKey, agentId: queued.run.agentId, diff --git a/src/auto-reply/reply/get-reply-inline-actions.ts b/src/auto-reply/reply/get-reply-inline-actions.ts index 73983cfdc49..44d006a5ccb 100644 --- a/src/auto-reply/reply/get-reply-inline-actions.ts +++ b/src/auto-reply/reply/get-reply-inline-actions.ts @@ -220,6 +220,7 @@ export async function handleInlineActions(params: { agentDir, workspaceDir, config: cfg, + allowGatewaySubagentBinding: true, }); const authorizedTools = applyOwnerOnlyToolPolicy(tools, command.senderIsOwner); diff --git a/src/auto-reply/reply/mcp-commands.ts b/src/auto-reply/reply/mcp-commands.ts new file mode 100644 index 00000000000..506efe015df --- /dev/null +++ b/src/auto-reply/reply/mcp-commands.ts @@ -0,0 +1,24 @@ +import { parseStandardSetUnsetSlashCommand } from "./commands-setunset-standard.js"; + +export type McpCommand = + | { action: "show"; name?: string } + | { action: "set"; name: string; value: unknown } + | { action: "unset"; name: string } + | { action: "error"; message: string }; + +export function parseMcpCommand(raw: string): McpCommand | null { + return parseStandardSetUnsetSlashCommand({ + raw, + slash: "/mcp", + invalidMessage: "Invalid /mcp syntax.", + usageMessage: "Usage: /mcp show|set|unset", + onKnownAction: (action, args) => { + if (action === "show" || action === "get") { + return { action: "show", name: args || undefined }; + } + return undefined; + }, + onSet: (name, value) => ({ action: "set", name, value }), + onUnset: (name) => ({ action: "unset", name }), + }); +} diff --git a/src/auto-reply/reply/model-selection.test.ts b/src/auto-reply/reply/model-selection.test.ts index 5b90b34d4d5..e20084ed923 100644 --- a/src/auto-reply/reply/model-selection.test.ts +++ b/src/auto-reply/reply/model-selection.test.ts @@ -6,7 +6,7 @@ vi.mock("../../agents/model-catalog.js", () => ({ loadModelCatalog: vi.fn(async () => [ { provider: "anthropic", id: "claude-opus-4-5", name: "Claude Opus 4.5" }, { provider: "inferencer", id: "deepseek-v3-4bit-mlx", name: "DeepSeek V3" }, - { provider: "kimi-coding", id: "k2p5", name: "Kimi K2.5" }, + { provider: "kimi", id: "kimi-code", name: "Kimi Code" }, { provider: "openai", id: "gpt-4o-mini", name: "GPT-4o mini" }, { provider: "openai", id: "gpt-4o", name: "GPT-4o" }, ]), @@ -222,12 +222,12 @@ describe("createModelSelectionState respects session model override", () => { const state = await resolveState( makeEntry({ providerOverride: "kimi-coding", - modelOverride: "k2p5", + modelOverride: "kimi-code", }), ); - expect(state.provider).toBe("kimi-coding"); - expect(state.model).toBe("k2p5"); + expect(state.provider).toBe("kimi"); + expect(state.model).toBe("kimi-code"); }); it("falls back to default when no modelOverride is set", async () => { @@ -241,8 +241,8 @@ describe("createModelSelectionState respects session model override", () => { // From issue #14783: stored override should beat last-used fallback model. const state = await resolveState( makeEntry({ - model: "k2p5", - modelProvider: "kimi-coding", + model: "kimi-code", + modelProvider: "kimi", contextTokens: 262_000, providerOverride: "anthropic", modelOverride: "claude-opus-4-5", diff --git a/src/auto-reply/reply/plugins-commands.ts b/src/auto-reply/reply/plugins-commands.ts new file mode 100644 index 00000000000..95da9d8bc2b --- /dev/null +++ b/src/auto-reply/reply/plugins-commands.ts @@ -0,0 +1,50 @@ +export type PluginsCommand = + | { action: "list" } + | { action: "inspect"; name?: string } + | { action: "enable"; name: string } + | { action: "disable"; name: string } + | { action: "error"; message: string }; + +export function parsePluginsCommand(raw: string): PluginsCommand | null { + const match = raw.match(/^\/plugins?(?:\s+(.*))?$/i); + if (!match) { + return null; + } + + const tail = match[1]?.trim() ?? ""; + if (!tail) { + return { action: "list" }; + } + + const [rawAction, ...rest] = tail.split(/\s+/); + const action = rawAction?.trim().toLowerCase(); + const name = rest.join(" ").trim(); + + if (action === "list") { + return name + ? { + action: "error", + message: "Usage: /plugins list|inspect|show|get|enable|disable [plugin]", + } + : { action: "list" }; + } + + if (action === "inspect" || action === "show" || action === "get") { + return { action: "inspect", name: name || undefined }; + } + + if (action === "enable" || action === "disable") { + if (!name) { + return { + action: "error", + message: `Usage: /plugins ${action} `, + }; + } + return { action, name }; + } + + return { + action: "error", + message: "Usage: /plugins list|inspect|show|get|enable|disable [plugin]", + }; +} diff --git a/src/auto-reply/reply/route-reply.test.ts b/src/auto-reply/reply/route-reply.test.ts index b7b6cd31e9f..515d71726fb 100644 --- a/src/auto-reply/reply/route-reply.test.ts +++ b/src/auto-reply/reply/route-reply.test.ts @@ -91,11 +91,15 @@ const createRegistry = (channels: PluginRegistry["channels"]): PluginRegistry => enabled: true, })), providers: [], + speechProviders: [], + mediaUnderstandingProviders: [], + imageGenerationProviders: [], webSearchProviders: [], gatewayHandlers: {}, httpRoutes: [], cliRegistrars: [], services: [], + conversationBindingResolvedHandlers: [], diagnostics: [], }); @@ -297,7 +301,7 @@ describe("routeReply", () => { }); it("passes thread id to Telegram sends", async () => { - mocks.sendMessageTelegram.mockClear(); + mocks.deliverOutboundPayloads.mockResolvedValue([]); await routeReply({ payload: { text: "hi" }, channel: "telegram", @@ -305,10 +309,12 @@ describe("routeReply", () => { threadId: 42, cfg: {} as never, }); - expect(mocks.sendMessageTelegram).toHaveBeenCalledWith( - "telegram:123", - "hi", - expect.objectContaining({ messageThreadId: 42 }), + expect(mocks.deliverOutboundPayloads).toHaveBeenCalledWith( + expect.objectContaining({ + channel: "telegram", + to: "telegram:123", + threadId: 42, + }), ); }); @@ -343,17 +349,19 @@ describe("routeReply", () => { }); it("passes replyToId to Telegram sends", async () => { - mocks.sendMessageTelegram.mockClear(); + mocks.deliverOutboundPayloads.mockResolvedValue([]); await routeReply({ payload: { text: "hi", replyToId: "123" }, channel: "telegram", to: "telegram:123", cfg: {} as never, }); - expect(mocks.sendMessageTelegram).toHaveBeenCalledWith( - "telegram:123", - "hi", - expect.objectContaining({ replyToMessageId: 123 }), + expect(mocks.deliverOutboundPayloads).toHaveBeenCalledWith( + expect.objectContaining({ + channel: "telegram", + to: "telegram:123", + replyToId: "123", + }), ); }); diff --git a/src/auto-reply/templating.ts b/src/auto-reply/templating.ts index b426b18eab5..a32fdc3ba87 100644 --- a/src/auto-reply/templating.ts +++ b/src/auto-reply/templating.ts @@ -3,7 +3,7 @@ import type { MediaUnderstandingDecision, MediaUnderstandingOutput, } from "../media-understanding/types.js"; -import type { StickerMetadata } from "../plugin-sdk-internal/telegram.js"; +import type { StickerMetadata } from "../plugin-sdk/telegram.js"; import type { InputProvenance } from "../sessions/input-provenance.js"; import type { InternalMessageChannel } from "../utils/message-channel.js"; import type { CommandArgs } from "./commands-registry.types.js"; diff --git a/src/auto-reply/thinking.shared.ts b/src/auto-reply/thinking.shared.ts index bbde5b90ce5..7487928eac3 100644 --- a/src/auto-reply/thinking.shared.ts +++ b/src/auto-reply/thinking.shared.ts @@ -12,6 +12,8 @@ export type ThinkingCatalogEntry = { }; const BASE_THINKING_LEVELS: ThinkLevel[] = ["off", "minimal", "low", "medium", "high", "adaptive"]; +const ANTHROPIC_CLAUDE_46_MODEL_RE = /^claude-(?:opus|sonnet)-4(?:\.|-)6(?:$|[-.])/i; +const AMAZON_BEDROCK_CLAUDE_46_MODEL_RE = /claude-(?:opus|sonnet)-4(?:\.|-)6(?:$|[-.])/i; export function normalizeProviderId(provider?: string | null): string { if (!provider) { @@ -101,6 +103,14 @@ export function resolveThinkingDefaultForModel(params: { model: string; catalog?: ThinkingCatalogEntry[]; }): ThinkLevel { + const normalizedProvider = normalizeProviderId(params.provider); + const modelId = params.model.trim(); + if (normalizedProvider === "anthropic" && ANTHROPIC_CLAUDE_46_MODEL_RE.test(modelId)) { + return "adaptive"; + } + if (normalizedProvider === "amazon-bedrock" && AMAZON_BEDROCK_CLAUDE_46_MODEL_RE.test(modelId)) { + return "adaptive"; + } const candidate = params.catalog?.find( (entry) => entry.provider === params.provider && entry.id === params.model, ); diff --git a/src/bindings/records.ts b/src/bindings/records.ts new file mode 100644 index 00000000000..d4c1909e023 --- /dev/null +++ b/src/bindings/records.ts @@ -0,0 +1,48 @@ +import { + getSessionBindingService, + type ConversationRef, + type SessionBindingBindInput, + type SessionBindingCapabilities, + type SessionBindingRecord, + type SessionBindingUnbindInput, +} from "../infra/outbound/session-binding-service.js"; + +// Shared binding record helpers used by both configured bindings and +// runtime-created plugin conversation bindings. +export async function createConversationBindingRecord( + input: SessionBindingBindInput, +): Promise { + return await getSessionBindingService().bind(input); +} + +export function getConversationBindingCapabilities(params: { + channel: string; + accountId: string; +}): SessionBindingCapabilities { + return getSessionBindingService().getCapabilities(params); +} + +export function listSessionBindingRecords(targetSessionKey: string): SessionBindingRecord[] { + return getSessionBindingService().listBySession(targetSessionKey); +} + +export function resolveConversationBindingRecord( + conversation: ConversationRef, +): SessionBindingRecord | null { + return getSessionBindingService().resolveByConversation(conversation); +} + +export function touchConversationBindingRecord(bindingId: string, at?: number): void { + const service = getSessionBindingService(); + if (typeof at === "number") { + service.touch(bindingId, at); + return; + } + service.touch(bindingId); +} + +export async function unbindConversationBindingRecord( + input: SessionBindingUnbindInput, +): Promise { + return await getSessionBindingService().unbind(input); +} diff --git a/src/channel-web.ts b/src/channel-web.ts index f7e451b142a..e6df4bda0d7 100644 --- a/src/channel-web.ts +++ b/src/channel-web.ts @@ -7,15 +7,11 @@ export { monitorWebChannel, resolveHeartbeatRecipients, runWebHeartbeatOnce, -} from "./plugin-sdk-internal/whatsapp.js"; -export { - extractMediaPlaceholder, - extractText, - monitorWebInbox, -} from "./plugin-sdk-internal/whatsapp.js"; -export { loginWeb } from "./plugin-sdk-internal/whatsapp.js"; -export { loadWebMedia, optimizeImageToJpeg } from "./plugin-sdk-internal/whatsapp.js"; -export { sendMessageWhatsApp } from "./plugin-sdk-internal/whatsapp.js"; +} from "./plugin-sdk/whatsapp.js"; +export { extractMediaPlaceholder, extractText, monitorWebInbox } from "./plugin-sdk/whatsapp.js"; +export { loginWeb } from "./plugin-sdk/whatsapp.js"; +export { loadWebMedia, optimizeImageToJpeg } from "./plugin-sdk/whatsapp.js"; +export { sendMessageWhatsApp } from "./plugin-sdk/whatsapp.js"; export { createWaSocket, formatError, @@ -26,4 +22,4 @@ export { WA_WEB_AUTH_DIR, waitForWaConnection, webAuthExists, -} from "./plugin-sdk-internal/whatsapp.js"; +} from "./plugin-sdk/whatsapp.js"; diff --git a/src/channels/ids.ts b/src/channels/ids.ts new file mode 100644 index 00000000000..cddfe667250 --- /dev/null +++ b/src/channels/ids.ts @@ -0,0 +1,18 @@ +// Keep built-in channel IDs in a leaf module so shared config/sandbox code can +// reference them without importing channel registry helpers that may pull in +// plugin runtime state. +export const CHAT_CHANNEL_ORDER = [ + "telegram", + "whatsapp", + "discord", + "irc", + "googlechat", + "slack", + "signal", + "imessage", + "line", +] as const; + +export type ChatChannelId = (typeof CHAT_CHANNEL_ORDER)[number]; + +export const CHANNEL_IDS = [...CHAT_CHANNEL_ORDER] as const; diff --git a/src/channels/plugins/acp-bindings.test.ts b/src/channels/plugins/acp-bindings.test.ts new file mode 100644 index 00000000000..7d380c665a3 --- /dev/null +++ b/src/channels/plugins/acp-bindings.test.ts @@ -0,0 +1,252 @@ +import { beforeEach, describe, expect, it, vi } from "vitest"; +import { buildConfiguredAcpSessionKey } from "../../acp/persistent-bindings.types.js"; + +const resolveAgentConfigMock = vi.hoisted(() => vi.fn()); +const resolveDefaultAgentIdMock = vi.hoisted(() => vi.fn()); +const resolveAgentWorkspaceDirMock = vi.hoisted(() => vi.fn()); +const getChannelPluginMock = vi.hoisted(() => vi.fn()); +const getActivePluginRegistryMock = vi.hoisted(() => vi.fn()); +const getActivePluginRegistryVersionMock = vi.hoisted(() => vi.fn()); + +vi.mock("../../agents/agent-scope.js", () => ({ + resolveAgentConfig: (...args: unknown[]) => resolveAgentConfigMock(...args), + resolveDefaultAgentId: (...args: unknown[]) => resolveDefaultAgentIdMock(...args), + resolveAgentWorkspaceDir: (...args: unknown[]) => resolveAgentWorkspaceDirMock(...args), +})); + +vi.mock("./index.js", () => ({ + getChannelPlugin: (...args: unknown[]) => getChannelPluginMock(...args), +})); + +vi.mock("../../plugins/runtime.js", () => ({ + getActivePluginRegistry: (...args: unknown[]) => getActivePluginRegistryMock(...args), + getActivePluginRegistryVersion: (...args: unknown[]) => + getActivePluginRegistryVersionMock(...args), +})); + +async function importConfiguredBindings() { + const builtins = await import("./configured-binding-builtins.js"); + builtins.ensureConfiguredBindingBuiltinsRegistered(); + return await import("./configured-binding-registry.js"); +} + +function createConfig(options?: { bindingAgentId?: string; accountId?: string }) { + return { + agents: { + list: [{ id: "main" }, { id: "codex" }], + }, + bindings: [ + { + type: "acp", + agentId: options?.bindingAgentId ?? "codex", + match: { + channel: "discord", + accountId: options?.accountId ?? "default", + peer: { + kind: "channel", + id: "1479098716916023408", + }, + }, + acp: { + backend: "acpx", + }, + }, + ], + }; +} + +function createDiscordAcpPlugin(overrides?: { + compileConfiguredBinding?: ReturnType; + matchInboundConversation?: ReturnType; +}) { + const compileConfiguredBinding = + overrides?.compileConfiguredBinding ?? + vi.fn(({ conversationId }: { conversationId: string }) => ({ + conversationId, + })); + const matchInboundConversation = + overrides?.matchInboundConversation ?? + vi.fn( + ({ + compiledBinding, + conversationId, + parentConversationId, + }: { + compiledBinding: { conversationId: string }; + conversationId: string; + parentConversationId?: string; + }) => { + if (compiledBinding.conversationId === conversationId) { + return { conversationId, matchPriority: 2 }; + } + if (parentConversationId && compiledBinding.conversationId === parentConversationId) { + return { conversationId: parentConversationId, matchPriority: 1 }; + } + return null; + }, + ); + return { + id: "discord", + bindings: { + compileConfiguredBinding, + matchInboundConversation, + }, + }; +} + +describe("configured binding registry", () => { + beforeEach(() => { + vi.resetModules(); + resolveAgentConfigMock.mockReset().mockReturnValue(undefined); + resolveDefaultAgentIdMock.mockReset().mockReturnValue("main"); + resolveAgentWorkspaceDirMock.mockReset().mockReturnValue("/tmp/workspace"); + getChannelPluginMock.mockReset(); + getActivePluginRegistryMock.mockReset().mockReturnValue({ channels: [] }); + getActivePluginRegistryVersionMock.mockReset().mockReturnValue(1); + }); + + it("resolves configured ACP bindings from an already loaded channel plugin", async () => { + const plugin = createDiscordAcpPlugin(); + getChannelPluginMock.mockReturnValue(plugin); + const bindingRegistry = await importConfiguredBindings(); + + const resolved = bindingRegistry.resolveConfiguredBindingRecord({ + cfg: createConfig() as never, + channel: "discord", + accountId: "default", + conversationId: "1479098716916023408", + }); + + expect(resolved?.record.conversation.channel).toBe("discord"); + expect(resolved?.record.metadata?.backend).toBe("acpx"); + expect(plugin.bindings?.compileConfiguredBinding).toHaveBeenCalledTimes(1); + }); + + it("resolves configured ACP bindings from canonical conversation refs", async () => { + const plugin = createDiscordAcpPlugin(); + getChannelPluginMock.mockReturnValue(plugin); + const bindingRegistry = await importConfiguredBindings(); + + const resolved = bindingRegistry.resolveConfiguredBinding({ + cfg: createConfig() as never, + conversation: { + channel: "discord", + accountId: "default", + conversationId: "1479098716916023408", + }, + }); + + expect(resolved?.conversation).toEqual({ + channel: "discord", + accountId: "default", + conversationId: "1479098716916023408", + }); + expect(resolved?.record.conversation.channel).toBe("discord"); + expect(resolved?.statefulTarget).toEqual({ + kind: "stateful", + driverId: "acp", + sessionKey: resolved?.record.targetSessionKey, + agentId: "codex", + label: undefined, + }); + }); + + it("primes compiled ACP bindings from the already loaded active registry once", async () => { + const plugin = createDiscordAcpPlugin(); + const cfg = createConfig({ bindingAgentId: "codex" }); + getChannelPluginMock.mockReturnValue(undefined); + getActivePluginRegistryMock.mockReturnValue({ + channels: [{ plugin }], + }); + const bindingRegistry = await importConfiguredBindings(); + + const primed = bindingRegistry.primeConfiguredBindingRegistry({ + cfg: cfg as never, + }); + const resolved = bindingRegistry.resolveConfiguredBindingRecord({ + cfg: cfg as never, + channel: "discord", + accountId: "default", + conversationId: "1479098716916023408", + }); + + expect(primed).toEqual({ bindingCount: 1, channelCount: 1 }); + expect(resolved?.statefulTarget.agentId).toBe("codex"); + expect(plugin.bindings?.compileConfiguredBinding).toHaveBeenCalledTimes(1); + + const second = bindingRegistry.resolveConfiguredBindingRecord({ + cfg: cfg as never, + channel: "discord", + accountId: "default", + conversationId: "1479098716916023408", + }); + + expect(second?.statefulTarget.agentId).toBe("codex"); + }); + + it("resolves wildcard binding session keys from the compiled registry", async () => { + const plugin = createDiscordAcpPlugin(); + getChannelPluginMock.mockReturnValue(plugin); + const bindingRegistry = await importConfiguredBindings(); + + const resolved = bindingRegistry.resolveConfiguredBindingRecordBySessionKey({ + cfg: createConfig({ accountId: "*" }) as never, + sessionKey: buildConfiguredAcpSessionKey({ + channel: "discord", + accountId: "work", + conversationId: "1479098716916023408", + agentId: "codex", + mode: "persistent", + backend: "acpx", + }), + }); + + expect(resolved?.record.conversation.channel).toBe("discord"); + expect(resolved?.record.conversation.accountId).toBe("work"); + expect(resolved?.record.metadata?.backend).toBe("acpx"); + }); + + it("does not perform late plugin discovery when a channel plugin is unavailable", async () => { + const bindingRegistry = await importConfiguredBindings(); + + const resolved = bindingRegistry.resolveConfiguredBindingRecord({ + cfg: createConfig() as never, + channel: "discord", + accountId: "default", + conversationId: "1479098716916023408", + }); + + expect(resolved).toBeNull(); + }); + + it("rebuilds the compiled registry when the active plugin registry version changes", async () => { + const plugin = createDiscordAcpPlugin(); + getChannelPluginMock.mockReturnValue(plugin); + getActivePluginRegistryVersionMock.mockReturnValue(10); + const cfg = createConfig(); + const bindingRegistry = await importConfiguredBindings(); + + bindingRegistry.resolveConfiguredBindingRecord({ + cfg: cfg as never, + channel: "discord", + accountId: "default", + conversationId: "1479098716916023408", + }); + bindingRegistry.resolveConfiguredBindingRecord({ + cfg: cfg as never, + channel: "discord", + accountId: "default", + conversationId: "1479098716916023408", + }); + + getActivePluginRegistryVersionMock.mockReturnValue(11); + bindingRegistry.resolveConfiguredBindingRecord({ + cfg: cfg as never, + channel: "discord", + accountId: "default", + conversationId: "1479098716916023408", + }); + + expect(plugin.bindings?.compileConfiguredBinding).toHaveBeenCalledTimes(2); + }); +}); diff --git a/src/channels/plugins/acp-configured-binding-consumer.ts b/src/channels/plugins/acp-configured-binding-consumer.ts new file mode 100644 index 00000000000..d453726b357 --- /dev/null +++ b/src/channels/plugins/acp-configured-binding-consumer.ts @@ -0,0 +1,155 @@ +import { + buildConfiguredAcpSessionKey, + normalizeBindingConfig, + normalizeMode, + normalizeText, + parseConfiguredAcpSessionKey, + toConfiguredAcpBindingRecord, + type ConfiguredAcpBindingSpec, +} from "../../acp/persistent-bindings.types.js"; +import { + resolveAgentConfig, + resolveAgentWorkspaceDir, + resolveDefaultAgentId, +} from "../../agents/agent-scope.js"; +import type { OpenClawConfig } from "../../config/config.js"; +import type { + ConfiguredBindingRuleConfig, + ConfiguredBindingTargetFactory, +} from "./binding-types.js"; +import type { ConfiguredBindingConsumer } from "./configured-binding-consumers.js"; +import type { ChannelConfiguredBindingConversationRef } from "./types.adapters.js"; + +function resolveAgentRuntimeAcpDefaults(params: { cfg: OpenClawConfig; ownerAgentId: string }): { + acpAgentId?: string; + mode?: string; + cwd?: string; + backend?: string; +} { + const agent = params.cfg.agents?.list?.find( + (entry) => entry.id?.trim().toLowerCase() === params.ownerAgentId.toLowerCase(), + ); + if (!agent || agent.runtime?.type !== "acp") { + return {}; + } + return { + acpAgentId: normalizeText(agent.runtime.acp?.agent), + mode: normalizeText(agent.runtime.acp?.mode), + cwd: normalizeText(agent.runtime.acp?.cwd), + backend: normalizeText(agent.runtime.acp?.backend), + }; +} + +function resolveConfiguredBindingWorkspaceCwd(params: { + cfg: OpenClawConfig; + agentId: string; +}): string | undefined { + const explicitAgentWorkspace = normalizeText( + resolveAgentConfig(params.cfg, params.agentId)?.workspace, + ); + if (explicitAgentWorkspace) { + return resolveAgentWorkspaceDir(params.cfg, params.agentId); + } + if (params.agentId === resolveDefaultAgentId(params.cfg)) { + const defaultWorkspace = normalizeText(params.cfg.agents?.defaults?.workspace); + if (defaultWorkspace) { + return resolveAgentWorkspaceDir(params.cfg, params.agentId); + } + } + return undefined; +} + +function buildConfiguredAcpSpec(params: { + channel: string; + accountId: string; + conversation: ChannelConfiguredBindingConversationRef; + agentId: string; + acpAgentId?: string; + mode: "persistent" | "oneshot"; + cwd?: string; + backend?: string; + label?: string; +}): ConfiguredAcpBindingSpec { + return { + channel: params.channel as ConfiguredAcpBindingSpec["channel"], + accountId: params.accountId, + conversationId: params.conversation.conversationId, + parentConversationId: params.conversation.parentConversationId, + agentId: params.agentId, + acpAgentId: params.acpAgentId, + mode: params.mode, + cwd: params.cwd, + backend: params.backend, + label: params.label, + }; +} + +function buildAcpTargetFactory(params: { + cfg: OpenClawConfig; + binding: ConfiguredBindingRuleConfig; + channel: string; + agentId: string; +}): ConfiguredBindingTargetFactory | null { + if (params.binding.type !== "acp") { + return null; + } + const runtimeDefaults = resolveAgentRuntimeAcpDefaults({ + cfg: params.cfg, + ownerAgentId: params.agentId, + }); + const bindingOverrides = normalizeBindingConfig(params.binding.acp); + const mode = normalizeMode(bindingOverrides.mode ?? runtimeDefaults.mode); + const cwd = + bindingOverrides.cwd ?? + runtimeDefaults.cwd ?? + resolveConfiguredBindingWorkspaceCwd({ + cfg: params.cfg, + agentId: params.agentId, + }); + const backend = bindingOverrides.backend ?? runtimeDefaults.backend; + const label = bindingOverrides.label; + const acpAgentId = normalizeText(runtimeDefaults.acpAgentId); + + return { + driverId: "acp", + materialize: ({ accountId, conversation }) => { + const spec = buildConfiguredAcpSpec({ + channel: params.channel, + accountId, + conversation, + agentId: params.agentId, + acpAgentId, + mode, + cwd, + backend, + label, + }); + const record = toConfiguredAcpBindingRecord(spec); + return { + record, + statefulTarget: { + kind: "stateful", + driverId: "acp", + sessionKey: buildConfiguredAcpSessionKey(spec), + agentId: params.agentId, + ...(label ? { label } : {}), + }, + }; + }, + }; +} + +export const acpConfiguredBindingConsumer: ConfiguredBindingConsumer = { + id: "acp", + supports: (binding) => binding.type === "acp", + buildTargetFactory: (params) => + buildAcpTargetFactory({ + cfg: params.cfg, + binding: params.binding, + channel: params.channel, + agentId: params.agentId, + }), + parseSessionKey: ({ sessionKey }) => parseConfiguredAcpSessionKey(sessionKey), + matchesSessionKey: ({ sessionKey, materializedTarget }) => + materializedTarget.record.targetSessionKey === sessionKey, +}; diff --git a/src/channels/plugins/acp-stateful-target-driver.ts b/src/channels/plugins/acp-stateful-target-driver.ts new file mode 100644 index 00000000000..787013fc5b0 --- /dev/null +++ b/src/channels/plugins/acp-stateful-target-driver.ts @@ -0,0 +1,102 @@ +import { + ensureConfiguredAcpBindingReady, + ensureConfiguredAcpBindingSession, + resetAcpSessionInPlace, +} from "../../acp/persistent-bindings.lifecycle.js"; +import { resolveConfiguredAcpBindingSpecBySessionKey } from "../../acp/persistent-bindings.resolve.js"; +import { resolveConfiguredAcpBindingSpecFromRecord } from "../../acp/persistent-bindings.types.js"; +import { readAcpSessionEntry } from "../../acp/runtime/session-meta.js"; +import type { OpenClawConfig } from "../../config/config.js"; +import type { + ConfiguredBindingResolution, + StatefulBindingTargetDescriptor, +} from "./binding-types.js"; +import type { + StatefulBindingTargetDriver, + StatefulBindingTargetResetResult, + StatefulBindingTargetReadyResult, + StatefulBindingTargetSessionResult, +} from "./stateful-target-drivers.js"; + +function toAcpStatefulBindingTargetDescriptor(params: { + cfg: OpenClawConfig; + sessionKey: string; +}): StatefulBindingTargetDescriptor | null { + const meta = readAcpSessionEntry(params)?.acp; + const metaAgentId = meta?.agent?.trim(); + if (metaAgentId) { + return { + kind: "stateful", + driverId: "acp", + sessionKey: params.sessionKey, + agentId: metaAgentId, + }; + } + const spec = resolveConfiguredAcpBindingSpecBySessionKey(params); + if (!spec) { + return null; + } + return { + kind: "stateful", + driverId: "acp", + sessionKey: params.sessionKey, + agentId: spec.agentId, + ...(spec.label ? { label: spec.label } : {}), + }; +} + +async function ensureAcpTargetReady(params: { + cfg: OpenClawConfig; + bindingResolution: ConfiguredBindingResolution; +}): Promise { + const configuredBinding = resolveConfiguredAcpBindingSpecFromRecord( + params.bindingResolution.record, + ); + if (!configuredBinding) { + return { + ok: false, + error: "Configured ACP binding unavailable", + }; + } + return await ensureConfiguredAcpBindingReady({ + cfg: params.cfg, + configuredBinding: { + spec: configuredBinding, + record: params.bindingResolution.record, + }, + }); +} + +async function ensureAcpTargetSession(params: { + cfg: OpenClawConfig; + bindingResolution: ConfiguredBindingResolution; +}): Promise { + const spec = resolveConfiguredAcpBindingSpecFromRecord(params.bindingResolution.record); + if (!spec) { + return { + ok: false, + sessionKey: params.bindingResolution.statefulTarget.sessionKey, + error: "Configured ACP binding unavailable", + }; + } + return await ensureConfiguredAcpBindingSession({ + cfg: params.cfg, + spec, + }); +} + +async function resetAcpTargetInPlace(params: { + cfg: OpenClawConfig; + sessionKey: string; + reason: "new" | "reset"; +}): Promise { + return await resetAcpSessionInPlace(params); +} + +export const acpStatefulBindingTargetDriver: StatefulBindingTargetDriver = { + id: "acp", + ensureReady: ensureAcpTargetReady, + ensureSession: ensureAcpTargetSession, + resolveTargetBySessionKey: toAcpStatefulBindingTargetDescriptor, + resetInPlace: resetAcpTargetInPlace, +}; diff --git a/src/channels/plugins/actions/actions.test.ts b/src/channels/plugins/actions/actions.test.ts index cd33be0a3e2..1692e0f0754 100644 --- a/src/channels/plugins/actions/actions.test.ts +++ b/src/channels/plugins/actions/actions.test.ts @@ -24,11 +24,11 @@ vi.mock("../../../agents/tools/slack-actions.js", () => ({ handleSlackAction, })); -const { discordMessageActions } = await import("./discord.js"); -const { handleDiscordMessageAction } = await import("./discord/handle-action.js"); -const { telegramMessageActions } = await import("./telegram.js"); -const { signalMessageActions } = await import("./signal.js"); -const { createSlackActions } = await import("../slack.actions.js"); +let discordMessageActions: typeof import("./discord.js").discordMessageActions; +let handleDiscordMessageAction: typeof import("./discord/handle-action.js").handleDiscordMessageAction; +let telegramMessageActions: typeof import("./telegram.js").telegramMessageActions; +let signalMessageActions: typeof import("./signal.js").signalMessageActions; +let createSlackActions: typeof import("../slack.actions.js").createSlackActions; function telegramCfg(): OpenClawConfig { return { channels: { telegram: { botToken: "tok" } } } as OpenClawConfig; @@ -191,93 +191,114 @@ async function expectSlackSendRejected(params: Record, error: R expect(handleSlackAction).not.toHaveBeenCalled(); } -beforeEach(() => { +beforeEach(async () => { + vi.resetModules(); + ({ discordMessageActions } = await import("./discord.js")); + ({ handleDiscordMessageAction } = await import("./discord/handle-action.js")); + ({ telegramMessageActions } = await import("./telegram.js")); + ({ signalMessageActions } = await import("./signal.js")); + ({ createSlackActions } = await import("../slack.actions.js")); vi.clearAllMocks(); }); describe("discord message actions", () => { - it("lists channel and upload actions by default", async () => { - const cfg = { channels: { discord: { token: "d0" } } } as OpenClawConfig; - const actions = discordMessageActions.listActions?.({ cfg }) ?? []; - - expect(actions).toContain("emoji-upload"); - expect(actions).toContain("sticker-upload"); - expect(actions).toContain("channel-create"); - }); - - it("respects disabled channel actions", async () => { - const cfg = { - channels: { discord: { token: "d0", actions: { channels: false } } }, - } as OpenClawConfig; - const actions = discordMessageActions.listActions?.({ cfg }) ?? []; - - expect(actions).not.toContain("channel-create"); - }); - - it("lists moderation when at least one account enables it", () => { + it("derives discord action listings from channel and moderation gates", () => { const cases = [ { - channels: { - discord: { - accounts: { - vime: { token: "d1", actions: { moderation: true } }, - }, - }, - }, + name: "defaults", + cfg: { channels: { discord: { token: "d0" } } } as OpenClawConfig, + expectUploads: true, + expectChannelCreate: true, + expectModeration: false, }, { - channels: { - discord: { - accounts: { - ops: { token: "d1", actions: { moderation: true } }, - chat: { token: "d2" }, + name: "disabled channel actions", + cfg: { + channels: { discord: { token: "d0", actions: { channels: false } } }, + } as OpenClawConfig, + expectUploads: true, + expectChannelCreate: false, + expectModeration: false, + }, + { + name: "single account enables moderation", + cfg: { + channels: { + discord: { + accounts: { + vime: { token: "d1", actions: { moderation: true } }, + }, }, }, - }, + } as OpenClawConfig, + expectUploads: true, + expectChannelCreate: true, + expectModeration: true, + }, + { + name: "one of many accounts enables moderation", + cfg: { + channels: { + discord: { + accounts: { + ops: { token: "d1", actions: { moderation: true } }, + chat: { token: "d2" }, + }, + }, + }, + } as OpenClawConfig, + expectUploads: true, + expectChannelCreate: true, + expectModeration: true, + }, + { + name: "all accounts omit moderation", + cfg: { + channels: { + discord: { + accounts: { + ops: { token: "d1" }, + chat: { token: "d2" }, + }, + }, + }, + } as OpenClawConfig, + expectUploads: true, + expectChannelCreate: true, + expectModeration: false, + }, + { + name: "account moderation override inherits disabled top-level channels", + cfg: createDiscordModerationOverrideCfg(), + expectUploads: true, + expectChannelCreate: false, + expectModeration: true, + }, + { + name: "account override re-enables top-level disabled channels", + cfg: createDiscordModerationOverrideCfg({ channelsEnabled: true }), + expectUploads: true, + expectChannelCreate: true, + expectModeration: true, }, ] as const; - for (const channelConfig of cases) { - const cfg = channelConfig as unknown as OpenClawConfig; - const actions = discordMessageActions.listActions?.({ cfg }) ?? []; - expectModerationActions(actions); + for (const testCase of cases) { + const actions = discordMessageActions.listActions?.({ cfg: testCase.cfg }) ?? []; + if (testCase.expectUploads) { + expect(actions, testCase.name).toContain("emoji-upload"); + expect(actions, testCase.name).toContain("sticker-upload"); + } + expectChannelCreateAction(actions, testCase.expectChannelCreate); + if (testCase.expectModeration) { + expectModerationActions(actions); + } else { + expect(actions, testCase.name).not.toContain("timeout"); + expect(actions, testCase.name).not.toContain("kick"); + expect(actions, testCase.name).not.toContain("ban"); + } } }); - - it("omits moderation when all accounts omit it", () => { - const cfg = { - channels: { - discord: { - accounts: { - ops: { token: "d1" }, - chat: { token: "d2" }, - }, - }, - }, - } as OpenClawConfig; - const actions = discordMessageActions.listActions?.({ cfg }) ?? []; - - // moderation defaults to false, so without explicit true it stays hidden - expect(actions).not.toContain("timeout"); - expect(actions).not.toContain("kick"); - expect(actions).not.toContain("ban"); - }); - - it("inherits top-level channel gate when account overrides moderation only", () => { - const cfg = createDiscordModerationOverrideCfg(); - const actions = discordMessageActions.listActions?.({ cfg }) ?? []; - - expect(actions).toContain("timeout"); - expectChannelCreateAction(actions, false); - }); - - it("allows account to explicitly re-enable top-level disabled channels", () => { - const cfg = createDiscordModerationOverrideCfg({ channelsEnabled: true }); - const actions = discordMessageActions.listActions?.({ cfg }) ?? []; - - expect(actions).toContain("timeout"); - expectChannelCreateAction(actions, true); - }); }); describe("handleDiscordMessageAction", () => { @@ -477,141 +498,149 @@ describe("handleDiscordMessageAction", () => { expect(call?.[1]).toEqual(expect.any(Object)); }); - it("forwards trusted mediaLocalRoots for send actions", async () => { - await handleDiscordMessageAction({ - action: "send", - params: { to: "channel:123", message: "hi", media: "/tmp/file.png" }, - cfg: {} as OpenClawConfig, - mediaLocalRoots: ["/tmp/agent-root"], - }); - - expect(handleDiscordAction).toHaveBeenCalledWith( - expect.objectContaining({ - action: "sendMessage", - mediaUrl: "/tmp/file.png", - }), - expect.any(Object), - expect.objectContaining({ mediaLocalRoots: ["/tmp/agent-root"] }), - ); - }); - - it("falls back to toolContext.currentMessageId for reactions when messageId is omitted", async () => { - await handleDiscordMessageAction({ - action: "react", - params: { - channelId: "123", - emoji: "ok", - }, - cfg: {} as OpenClawConfig, - toolContext: { currentMessageId: "9001" }, - }); - - const call = handleDiscordAction.mock.calls.at(-1); - expect(call?.[0]).toEqual( - expect.objectContaining({ - action: "react", - channelId: "123", - messageId: "9001", - emoji: "ok", - }), - ); - }); - - it("rejects reactions when neither messageId nor toolContext.currentMessageId is provided", async () => { - await expect( - handleDiscordMessageAction({ - action: "react", - params: { - channelId: "123", - emoji: "ok", + it("handles discord reaction messageId resolution", async () => { + const cases = [ + { + name: "falls back to toolContext.currentMessageId", + run: async () => { + await handleDiscordMessageAction({ + action: "react", + params: { + channelId: "123", + emoji: "ok", + }, + cfg: {} as OpenClawConfig, + toolContext: { currentMessageId: "9001" }, + }); }, - cfg: {} as OpenClawConfig, - }), - ).rejects.toThrow(/messageId required/i); + assert: () => { + const call = handleDiscordAction.mock.calls.at(-1); + expect(call?.[0]).toEqual( + expect.objectContaining({ + action: "react", + channelId: "123", + messageId: "9001", + emoji: "ok", + }), + ); + }, + }, + { + name: "rejects when no message id source is available", + run: async () => { + await expect( + handleDiscordMessageAction({ + action: "react", + params: { + channelId: "123", + emoji: "ok", + }, + cfg: {} as OpenClawConfig, + }), + ).rejects.toThrow(/messageId required/i); + }, + assert: () => { + expect(handleDiscordAction).not.toHaveBeenCalled(); + }, + }, + ] as const; - expect(handleDiscordAction).not.toHaveBeenCalled(); + for (const testCase of cases) { + handleDiscordAction.mockClear(); + await testCase.run(); + testCase.assert(); + } }); }); describe("telegramMessageActions", () => { - it("lists poll when telegram is configured", () => { - const actions = telegramMessageActions.listActions?.({ cfg: telegramCfg() }) ?? []; - - expect(actions).toContain("poll"); - }); - - it("lists topic-edit when telegram topic edits are enabled", () => { - const cfg = { - channels: { - telegram: { - botToken: "tok", - actions: { editForumTopic: true }, - }, + it("computes poll/topic action availability from telegram config gates", () => { + for (const testCase of [ + { + name: "configured telegram enables poll", + cfg: telegramCfg(), + expectPoll: true, + expectTopicEdit: true, }, - } as OpenClawConfig; - - const actions = telegramMessageActions.listActions?.({ cfg }) ?? []; - - expect(actions).toContain("topic-edit"); - }); - - it("omits poll when sendMessage is disabled", () => { - const cfg = { - channels: { - telegram: { - botToken: "tok", - actions: { sendMessage: false }, - }, - }, - } as OpenClawConfig; - - const actions = telegramMessageActions.listActions?.({ cfg }) ?? []; - - expect(actions).not.toContain("poll"); - }); - - it("omits poll when poll actions are disabled", () => { - const cfg = { - channels: { - telegram: { - botToken: "tok", - actions: { poll: false }, - }, - }, - } as OpenClawConfig; - - const actions = telegramMessageActions.listActions?.({ cfg }) ?? []; - - expect(actions).not.toContain("poll"); - }); - - it("omits poll when sendMessage and poll are split across accounts", () => { - const cfg = { - channels: { - telegram: { - accounts: { - senderOnly: { - botToken: "tok-send", - actions: { - sendMessage: true, - poll: false, - }, + { + name: "topic edit gate enables topic-edit", + cfg: { + channels: { + telegram: { + botToken: "tok", + actions: { editForumTopic: true }, }, - pollOnly: { - botToken: "tok-poll", - actions: { - sendMessage: false, - poll: true, + }, + } as OpenClawConfig, + expectPoll: true, + expectTopicEdit: true, + }, + { + name: "sendMessage disabled hides poll", + cfg: { + channels: { + telegram: { + botToken: "tok", + actions: { sendMessage: false }, + }, + }, + } as OpenClawConfig, + expectPoll: false, + expectTopicEdit: true, + }, + { + name: "poll gate disabled hides poll", + cfg: { + channels: { + telegram: { + botToken: "tok", + actions: { poll: false }, + }, + }, + } as OpenClawConfig, + expectPoll: false, + expectTopicEdit: true, + }, + { + name: "split account gates do not expose poll", + cfg: { + channels: { + telegram: { + accounts: { + senderOnly: { + botToken: "tok-send", + actions: { + sendMessage: true, + poll: false, + }, + }, + pollOnly: { + botToken: "tok-poll", + actions: { + sendMessage: false, + poll: true, + }, + }, }, }, }, - }, + } as OpenClawConfig, + expectPoll: false, + expectTopicEdit: true, }, - } as OpenClawConfig; - - const actions = telegramMessageActions.listActions?.({ cfg }) ?? []; - - expect(actions).not.toContain("poll"); + ]) { + const actions = telegramMessageActions.listActions?.({ cfg: testCase.cfg }) ?? []; + if (testCase.expectPoll) { + expect(actions, testCase.name).toContain("poll"); + } else { + expect(actions, testCase.name).not.toContain("poll"); + } + if (testCase.expectTopicEdit) { + expect(actions, testCase.name).toContain("topic-edit"); + } else { + expect(actions, testCase.name).not.toContain("topic-edit"); + } + } }); it("lists sticker actions only when enabled by config", () => { @@ -839,29 +868,6 @@ describe("telegramMessageActions", () => { } }); - it("forwards trusted mediaLocalRoots for send", async () => { - const cfg = telegramCfg(); - await telegramMessageActions.handleAction?.({ - channel: "telegram", - action: "send", - params: { - to: "123", - media: "/tmp/voice.ogg", - }, - cfg, - mediaLocalRoots: ["/tmp/agent-root"], - }); - - expect(handleTelegramAction).toHaveBeenCalledWith( - expect.objectContaining({ - action: "sendMessage", - mediaUrl: "/tmp/voice.ogg", - }), - cfg, - expect.objectContaining({ mediaLocalRoots: ["/tmp/agent-root"] }), - ); - }); - it("rejects non-integer messageId for edit before reaching telegram-actions", async () => { const cfg = telegramCfg(); const handleAction = telegramMessageActions.handleAction; @@ -904,111 +910,141 @@ describe("telegramMessageActions", () => { expect(actions).not.toContain("react"); }); - it("accepts numeric messageId and channelId for reactions", async () => { + it("normalizes telegram reaction message identifiers before dispatch", async () => { const cfg = telegramCfg(); - - await telegramMessageActions.handleAction?.({ - channel: "telegram", - action: "react", - params: { - channelId: 123, - messageId: 456, - emoji: "ok", + for (const testCase of [ + { + name: "numeric channelId/messageId", + params: { + channelId: 123, + messageId: 456, + emoji: "ok", + }, + toolContext: undefined, + expectedChatId: "123", + expectedMessageId: "456", }, - cfg, - accountId: undefined, - }); - - expect(handleTelegramAction).toHaveBeenCalledTimes(1); - const call = handleTelegramAction.mock.calls[0]?.[0]; - if (!call) { - throw new Error("missing telegram action call"); - } - const callPayload = call as Record; - expect(callPayload.action).toBe("react"); - expect(String(callPayload.chatId)).toBe("123"); - expect(String(callPayload.messageId)).toBe("456"); - expect(callPayload.emoji).toBe("ok"); - }); - - it("accepts snake_case message_id for reactions", async () => { - const cfg = telegramCfg(); - - await telegramMessageActions.handleAction?.({ - channel: "telegram", - action: "react", - params: { - channelId: 123, - message_id: "456", - emoji: "ok", + { + name: "snake_case message_id", + params: { + channelId: 123, + message_id: "456", + emoji: "ok", + }, + toolContext: undefined, + expectedChatId: "123", + expectedMessageId: "456", }, - cfg, - accountId: undefined, - }); - - expect(handleTelegramAction).toHaveBeenCalledTimes(1); - const call = handleTelegramAction.mock.calls[0]?.[0]; - if (!call) { - throw new Error("missing telegram action call"); - } - const callPayload = call as Record; - expect(callPayload.action).toBe("react"); - expect(String(callPayload.chatId)).toBe("123"); - expect(String(callPayload.messageId)).toBe("456"); - }); - - it("falls back to toolContext.currentMessageId for reactions when messageId is omitted", async () => { - const cfg = telegramCfg(); - - await telegramMessageActions.handleAction?.({ - channel: "telegram", - action: "react", - params: { - chatId: "123", - emoji: "ok", - }, - cfg, - accountId: undefined, - toolContext: { currentMessageId: "9001" }, - }); - - expect(handleTelegramAction).toHaveBeenCalledTimes(1); - const call = handleTelegramAction.mock.calls[0]?.[0]; - if (!call) { - throw new Error("missing telegram action call"); - } - const callPayload = call as Record; - expect(callPayload.action).toBe("react"); - expect(String(callPayload.messageId)).toBe("9001"); - }); - - it("forwards missing reaction messageId to telegram-actions for soft-fail handling", async () => { - const cfg = telegramCfg(); - - await expect( - telegramMessageActions.handleAction?.({ - channel: "telegram", - action: "react", + { + name: "toolContext fallback", params: { chatId: "123", emoji: "ok", }, - cfg, - accountId: undefined, - }), - ).resolves.toBeDefined(); + toolContext: { currentMessageId: "9001" }, + expectedChatId: "123", + expectedMessageId: "9001", + }, + { + name: "missing messageId soft-falls through to telegram-actions", + params: { + chatId: "123", + emoji: "ok", + }, + toolContext: undefined, + expectedChatId: "123", + expectedMessageId: undefined, + }, + ] as const) { + handleTelegramAction.mockClear(); + await expect( + telegramMessageActions.handleAction?.({ + channel: "telegram", + action: "react", + params: testCase.params, + cfg, + accountId: undefined, + toolContext: testCase.toolContext, + }), + ).resolves.toBeDefined(); - expect(handleTelegramAction).toHaveBeenCalledTimes(1); - const call = handleTelegramAction.mock.calls[0]?.[0]; - if (!call) { - throw new Error("missing telegram action call"); + expect(handleTelegramAction, testCase.name).toHaveBeenCalledTimes(1); + const call = handleTelegramAction.mock.calls[0]?.[0]; + if (!call) { + throw new Error("missing telegram action call"); + } + const callPayload = call as Record; + expect(callPayload.action, testCase.name).toBe("react"); + expect(String(callPayload.chatId), testCase.name).toBe(testCase.expectedChatId); + if (testCase.expectedMessageId === undefined) { + expect(callPayload.messageId, testCase.name).toBeUndefined(); + } else { + expect(String(callPayload.messageId), testCase.name).toBe(testCase.expectedMessageId); + } } - const callPayload = call as Record; - expect(callPayload.action).toBe("react"); - expect(callPayload.messageId).toBeUndefined(); }); }); +it("forwards trusted mediaLocalRoots for send actions", async () => { + const cases = [ + { + name: "discord", + run: async () => { + await handleDiscordMessageAction({ + action: "send", + params: { to: "channel:123", message: "hi", media: "/tmp/file.png" }, + cfg: {} as OpenClawConfig, + mediaLocalRoots: ["/tmp/agent-root"], + }); + }, + assert: () => { + expect(handleDiscordAction).toHaveBeenCalledWith( + expect.objectContaining({ + action: "sendMessage", + mediaUrl: "/tmp/file.png", + }), + expect.any(Object), + expect.objectContaining({ mediaLocalRoots: ["/tmp/agent-root"] }), + ); + }, + clear: () => handleDiscordAction.mockClear(), + }, + { + name: "telegram", + run: async () => { + const cfg = telegramCfg(); + await telegramMessageActions.handleAction?.({ + channel: "telegram", + action: "send", + params: { + to: "123", + media: "/tmp/voice.ogg", + }, + cfg, + mediaLocalRoots: ["/tmp/agent-root"], + }); + }, + assert: () => { + expect(handleTelegramAction).toHaveBeenCalledWith( + expect.objectContaining({ + action: "sendMessage", + mediaUrl: "/tmp/voice.ogg", + }), + expect.any(Object), + expect.objectContaining({ mediaLocalRoots: ["/tmp/agent-root"] }), + ); + }, + clear: () => handleTelegramAction.mockClear(), + }, + ] as const; + + for (const testCase of cases) { + testCase.clear(); + await testCase.run(); + testCase.assert(); + } +}); + describe("signalMessageActions", () => { it("lists actions based on account presence and reaction gates", () => { const cases = [ @@ -1098,6 +1134,18 @@ describe("signalMessageActions", () => { groupId: "group-id", targetAuthor: "uuid:123e4567-e89b-12d3-a456-426614174000", }, + toolContext: undefined, + }, + { + name: "falls back to toolContext.currentMessageId when messageId is omitted", + cfg: { channels: { signal: { account: "+15550001111" } } } as OpenClawConfig, + accountId: undefined, + params: { to: "+15559999999", emoji: "🔥" }, + expectedRecipient: "+15559999999", + expectedTimestamp: 1737630212345, + expectedEmoji: "🔥", + expectedOptions: {}, + toolContext: { currentMessageId: "1737630212345" }, }, ] as const; @@ -1106,6 +1154,7 @@ describe("signalMessageActions", () => { await runSignalAction("react", testCase.params, { cfg: testCase.cfg, accountId: testCase.accountId, + toolContext: "toolContext" in testCase ? testCase.toolContext : undefined, }); expect(sendReactionSignal, testCase.name).toHaveBeenCalledWith( testCase.expectedRecipient, @@ -1119,72 +1168,50 @@ describe("signalMessageActions", () => { } }); - it("falls back to toolContext.currentMessageId for reactions when messageId is omitted", async () => { - sendReactionSignal.mockClear(); - await runSignalAction( - "react", - { to: "+15559999999", emoji: "🔥" }, - { toolContext: { currentMessageId: "1737630212345" } }, - ); - expect(sendReactionSignal).toHaveBeenCalledTimes(1); - expect(sendReactionSignal).toHaveBeenCalledWith( - "+15559999999", - 1737630212345, - "🔥", - expect.objectContaining({}), - ); - }); - - it("rejects reaction when neither messageId nor toolContext.currentMessageId is provided", async () => { + it("rejects invalid signal reaction inputs before dispatch", async () => { const cfg = { channels: { signal: { account: "+15550001111" } }, } as OpenClawConfig; - await expectSignalActionRejected( - { to: "+15559999999", emoji: "✅" }, - /messageId.*required/, - cfg, - ); - }); - - it("requires targetAuthor for group reactions", async () => { - const cfg = { - channels: { signal: { account: "+15550001111" } }, - } as OpenClawConfig; - await expectSignalActionRejected( - { to: "signal:group:group-id", messageId: "123", emoji: "✅" }, - /targetAuthor/, - cfg, - ); + for (const testCase of [ + { + params: { to: "+15559999999", emoji: "✅" }, + error: /messageId.*required/, + }, + { + params: { to: "signal:group:group-id", messageId: "123", emoji: "✅" }, + error: /targetAuthor/, + }, + ] as const) { + await expectSignalActionRejected(testCase.params, testCase.error, cfg); + } }); }); describe("slack actions adapter", () => { - it("forwards threadId for read", async () => { - await runSlackAction("read", { - channelId: "C1", - threadId: "171234.567", - }); - - expectFirstSlackAction({ - action: "readMessages", - channelId: "C1", - threadId: "171234.567", - }); - }); - - it("forwards normalized limit for emoji-list", async () => { - await runSlackAction("emoji-list", { - limit: "2.9", - }); - - expectFirstSlackAction({ - action: "emojiList", - limit: 2, - }); - }); - - it("forwards blocks for send/edit actions", async () => { + it("forwards slack action params", async () => { const cases = [ + { + action: "read" as const, + params: { + channelId: "C1", + threadId: "171234.567", + }, + expected: { + action: "readMessages", + channelId: "C1", + threadId: "171234.567", + }, + }, + { + action: "emoji-list" as const, + params: { + limit: "2.9", + }, + expected: { + action: "emojiList", + limit: 2, + }, + }, { action: "send" as const, params: { @@ -1245,19 +1272,40 @@ describe("slack actions adapter", () => { blocks: [{ type: "section", text: { type: "mrkdwn", text: "updated" } }], }, }, + { + action: "send" as const, + params: { + to: "channel:C1", + message: "", + media: "https://example.com/image.png", + }, + expected: { + action: "sendMessage", + to: "channel:C1", + content: "", + mediaUrl: "https://example.com/image.png", + }, + absentKeys: ["blocks"], + }, ] as const; for (const testCase of cases) { handleSlackAction.mockClear(); await runSlackAction(testCase.action, testCase.params); expectFirstSlackAction(testCase.expected); + const [params] = handleSlackAction.mock.calls[0] ?? []; + const absentKeys = "absentKeys" in testCase ? testCase.absentKeys : undefined; + for (const key of absentKeys ?? []) { + expect(params).not.toHaveProperty(key); + } } }); - it("rejects invalid send block combinations before dispatch", async () => { + it("rejects invalid Slack payloads before dispatch", async () => { const cases = [ { name: "invalid JSON", + action: "send" as const, params: { to: "channel:C1", message: "", @@ -1267,6 +1315,7 @@ describe("slack actions adapter", () => { }, { name: "empty blocks", + action: "send" as const, params: { to: "channel:C1", message: "", @@ -1276,6 +1325,7 @@ describe("slack actions adapter", () => { }, { name: "blocks with media", + action: "send" as const, params: { to: "channel:C1", message: "", @@ -1284,48 +1334,34 @@ describe("slack actions adapter", () => { }, error: /does not support blocks with media/i, }, - ] as const; - - for (const testCase of cases) { - handleSlackAction.mockClear(); - await expectSlackSendRejected(testCase.params, testCase.error); - } - }); - - it("does not attach empty blocks to plain media sends", async () => { - handleSlackAction.mockClear(); - - await runSlackAction("send", { - to: "channel:C1", - message: "", - media: "https://example.com/image.png", - }); - - const [params] = handleSlackAction.mock.calls[0] ?? []; - expect(params).toMatchObject({ - action: "sendMessage", - to: "channel:C1", - content: "", - mediaUrl: "https://example.com/image.png", - }); - expect(params).not.toHaveProperty("blocks"); - }); - - it("rejects edit when both message and blocks are missing", async () => { - const { cfg, actions } = slackHarness(); - - await expect( - actions.handleAction?.({ - channel: "slack", - action: "edit", - cfg, + { + name: "edit missing message and blocks", + action: "edit" as const, params: { channelId: "C1", messageId: "171234.567", message: "", }, - }), - ).rejects.toThrow(/edit requires message or blocks/i); - expect(handleSlackAction).not.toHaveBeenCalled(); + error: /edit requires message or blocks/i, + }, + ] as const; + + for (const testCase of cases) { + handleSlackAction.mockClear(); + if (testCase.action === "send") { + await expectSlackSendRejected(testCase.params, testCase.error); + } else { + const { cfg, actions } = slackHarness(); + await expect( + actions.handleAction?.({ + channel: "slack", + action: "edit", + cfg, + params: testCase.params, + }), + ).rejects.toThrow(testCase.error); + } + expect(handleSlackAction, testCase.name).not.toHaveBeenCalled(); + } }); }); diff --git a/src/channels/plugins/actions/discord.ts b/src/channels/plugins/actions/discord.ts index ec11ca6c970..4615a88f3c5 100644 --- a/src/channels/plugins/actions/discord.ts +++ b/src/channels/plugins/actions/discord.ts @@ -1,2 +1,2 @@ // Public entrypoint for the Discord channel action adapter. -export * from "../../../plugin-sdk-internal/discord.js"; +export * from "../../../plugin-sdk/discord.js"; diff --git a/src/channels/plugins/actions/discord/handle-action.guild-admin.ts b/src/channels/plugins/actions/discord/handle-action.guild-admin.ts index 3ba353b1f6e..c7375b6c1a7 100644 --- a/src/channels/plugins/actions/discord/handle-action.guild-admin.ts +++ b/src/channels/plugins/actions/discord/handle-action.guild-admin.ts @@ -1 +1 @@ -export * from "../../../../../extensions/discord/src/actions/handle-action.guild-admin.js"; +export * from "../../../../../extensions/discord/api.js"; diff --git a/src/channels/plugins/actions/discord/handle-action.ts b/src/channels/plugins/actions/discord/handle-action.ts index 4bd957ec624..c7375b6c1a7 100644 --- a/src/channels/plugins/actions/discord/handle-action.ts +++ b/src/channels/plugins/actions/discord/handle-action.ts @@ -1 +1 @@ -export * from "../../../../../extensions/discord/src/actions/handle-action.js"; +export * from "../../../../../extensions/discord/api.js"; diff --git a/src/channels/plugins/actions/signal.ts b/src/channels/plugins/actions/signal.ts index 7db723f305e..2eacd78857c 100644 --- a/src/channels/plugins/actions/signal.ts +++ b/src/channels/plugins/actions/signal.ts @@ -1,11 +1,11 @@ import { createActionGate, jsonResult, readStringParam } from "../../../agents/tools/common.js"; +import { resolveSignalAccount } from "../../../plugin-sdk/account-resolution.js"; import { listEnabledSignalAccounts, removeReactionSignal, - resolveSignalAccount, resolveSignalReactionLevel, sendReactionSignal, -} from "../../../plugin-sdk-internal/signal.js"; +} from "../../../plugin-sdk/signal.js"; import type { ChannelMessageActionAdapter, ChannelMessageActionName } from "../types.js"; import { resolveReactionMessageId } from "./reaction-message-id.js"; diff --git a/src/channels/plugins/actions/telegram.ts b/src/channels/plugins/actions/telegram.ts index e34c4598ade..e811e757b94 100644 --- a/src/channels/plugins/actions/telegram.ts +++ b/src/channels/plugins/actions/telegram.ts @@ -1,2 +1,2 @@ // Public entrypoint for the Telegram channel action adapter. -export * from "../../../plugin-sdk-internal/telegram.js"; +export * from "../../../plugin-sdk/telegram.js"; diff --git a/src/channels/plugins/agent-tools/whatsapp-login.ts b/src/channels/plugins/agent-tools/whatsapp-login.ts index 661b49e083b..2204225bdda 100644 --- a/src/channels/plugins/agent-tools/whatsapp-login.ts +++ b/src/channels/plugins/agent-tools/whatsapp-login.ts @@ -1,2 +1,2 @@ // Shim: keep legacy import path while the runtime loads the plugin SDK surface. -export * from "../../../plugin-sdk-internal/whatsapp.js"; +export * from "../../../plugin-sdk/whatsapp.js"; diff --git a/src/channels/plugins/binding-provider.ts b/src/channels/plugins/binding-provider.ts new file mode 100644 index 00000000000..27dc5c49951 --- /dev/null +++ b/src/channels/plugins/binding-provider.ts @@ -0,0 +1,14 @@ +import type { ChannelConfiguredBindingProvider } from "./types.adapters.js"; +import type { ChannelPlugin } from "./types.plugin.js"; + +export function resolveChannelConfiguredBindingProvider( + plugin: + | Pick + | { + bindings?: ChannelConfiguredBindingProvider; + } + | null + | undefined, +): ChannelConfiguredBindingProvider | undefined { + return plugin?.bindings; +} diff --git a/src/channels/plugins/binding-registry.ts b/src/channels/plugins/binding-registry.ts new file mode 100644 index 00000000000..f4e95c19eba --- /dev/null +++ b/src/channels/plugins/binding-registry.ts @@ -0,0 +1,46 @@ +import { ensureConfiguredBindingBuiltinsRegistered } from "./configured-binding-builtins.js"; +import { + primeConfiguredBindingRegistry as primeConfiguredBindingRegistryRaw, + resolveConfiguredBinding as resolveConfiguredBindingRaw, + resolveConfiguredBindingRecord as resolveConfiguredBindingRecordRaw, + resolveConfiguredBindingRecordBySessionKey as resolveConfiguredBindingRecordBySessionKeyRaw, + resolveConfiguredBindingRecordForConversation as resolveConfiguredBindingRecordForConversationRaw, +} from "./configured-binding-registry.js"; + +// Thin public wrapper around the configured-binding registry. Runtime plugin +// conversation bindings use a separate approval-driven path in src/plugins/. + +export function primeConfiguredBindingRegistry( + ...args: Parameters +): ReturnType { + ensureConfiguredBindingBuiltinsRegistered(); + return primeConfiguredBindingRegistryRaw(...args); +} + +export function resolveConfiguredBindingRecord( + ...args: Parameters +): ReturnType { + ensureConfiguredBindingBuiltinsRegistered(); + return resolveConfiguredBindingRecordRaw(...args); +} + +export function resolveConfiguredBindingRecordForConversation( + ...args: Parameters +): ReturnType { + ensureConfiguredBindingBuiltinsRegistered(); + return resolveConfiguredBindingRecordForConversationRaw(...args); +} + +export function resolveConfiguredBinding( + ...args: Parameters +): ReturnType { + ensureConfiguredBindingBuiltinsRegistered(); + return resolveConfiguredBindingRaw(...args); +} + +export function resolveConfiguredBindingRecordBySessionKey( + ...args: Parameters +): ReturnType { + ensureConfiguredBindingBuiltinsRegistered(); + return resolveConfiguredBindingRecordBySessionKeyRaw(...args); +} diff --git a/src/channels/plugins/binding-routing.ts b/src/channels/plugins/binding-routing.ts new file mode 100644 index 00000000000..6fe8b0c400b --- /dev/null +++ b/src/channels/plugins/binding-routing.ts @@ -0,0 +1,91 @@ +import type { OpenClawConfig } from "../../config/config.js"; +import type { ConversationRef } from "../../infra/outbound/session-binding-service.js"; +import type { ResolvedAgentRoute } from "../../routing/resolve-route.js"; +import { deriveLastRoutePolicy } from "../../routing/resolve-route.js"; +import { resolveAgentIdFromSessionKey } from "../../routing/session-key.js"; +import { resolveConfiguredBinding } from "./binding-registry.js"; +import { ensureConfiguredBindingTargetReady } from "./binding-targets.js"; +import type { ConfiguredBindingResolution } from "./binding-types.js"; + +export type ConfiguredBindingRouteResult = { + bindingResolution: ConfiguredBindingResolution | null; + route: ResolvedAgentRoute; + boundSessionKey?: string; + boundAgentId?: string; +}; + +type ConfiguredBindingRouteConversationInput = + | { + conversation: ConversationRef; + } + | { + channel: string; + accountId: string; + conversationId: string; + parentConversationId?: string; + }; + +function resolveConfiguredBindingConversationRef( + params: ConfiguredBindingRouteConversationInput, +): ConversationRef { + if ("conversation" in params) { + return params.conversation; + } + return { + channel: params.channel, + accountId: params.accountId, + conversationId: params.conversationId, + parentConversationId: params.parentConversationId, + }; +} + +export function resolveConfiguredBindingRoute( + params: { + cfg: OpenClawConfig; + route: ResolvedAgentRoute; + } & ConfiguredBindingRouteConversationInput, +): ConfiguredBindingRouteResult { + const bindingResolution = + resolveConfiguredBinding({ + cfg: params.cfg, + conversation: resolveConfiguredBindingConversationRef(params), + }) ?? null; + if (!bindingResolution) { + return { + bindingResolution: null, + route: params.route, + }; + } + + const boundSessionKey = bindingResolution.statefulTarget.sessionKey.trim(); + if (!boundSessionKey) { + return { + bindingResolution, + route: params.route, + }; + } + const boundAgentId = + resolveAgentIdFromSessionKey(boundSessionKey) || bindingResolution.statefulTarget.agentId; + return { + bindingResolution, + boundSessionKey, + boundAgentId, + route: { + ...params.route, + sessionKey: boundSessionKey, + agentId: boundAgentId, + lastRoutePolicy: deriveLastRoutePolicy({ + sessionKey: boundSessionKey, + mainSessionKey: params.route.mainSessionKey, + }), + matchedBy: "binding.channel", + }, + }; +} + +export async function ensureConfiguredBindingRouteReady(params: { + cfg: OpenClawConfig; + bindingResolution: ConfiguredBindingResolution | null; +}): Promise<{ ok: true } | { ok: false; error: string }> { + return await ensureConfiguredBindingTargetReady(params); +} diff --git a/src/channels/plugins/binding-targets.test.ts b/src/channels/plugins/binding-targets.test.ts new file mode 100644 index 00000000000..98503052b3f --- /dev/null +++ b/src/channels/plugins/binding-targets.test.ts @@ -0,0 +1,209 @@ +import { afterEach, describe, expect, it, vi } from "vitest"; +import { + ensureConfiguredBindingTargetReady, + ensureConfiguredBindingTargetSession, + resetConfiguredBindingTargetInPlace, +} from "./binding-targets.js"; +import type { ConfiguredBindingResolution } from "./binding-types.js"; +import { + registerStatefulBindingTargetDriver, + unregisterStatefulBindingTargetDriver, + type StatefulBindingTargetDriver, +} from "./stateful-target-drivers.js"; + +function createBindingResolution(driverId: string): ConfiguredBindingResolution { + return { + conversation: { + channel: "discord", + accountId: "default", + conversationId: "123", + }, + compiledBinding: { + channel: "discord", + binding: { + type: "acp" as const, + agentId: "codex", + match: { + channel: "discord", + peer: { + kind: "channel" as const, + id: "123", + }, + }, + acp: { + mode: "persistent", + }, + }, + bindingConversationId: "123", + target: { + conversationId: "123", + }, + agentId: "codex", + provider: { + compileConfiguredBinding: () => ({ + conversationId: "123", + }), + matchInboundConversation: () => ({ + conversationId: "123", + }), + }, + targetFactory: { + driverId, + materialize: () => ({ + record: { + bindingId: "binding:123", + targetSessionKey: `agent:codex:${driverId}`, + targetKind: "session", + conversation: { + channel: "discord", + accountId: "default", + conversationId: "123", + }, + status: "active", + boundAt: 0, + }, + statefulTarget: { + kind: "stateful", + driverId, + sessionKey: `agent:codex:${driverId}`, + agentId: "codex", + }, + }), + }, + }, + match: { + conversationId: "123", + }, + record: { + bindingId: "binding:123", + targetSessionKey: `agent:codex:${driverId}`, + targetKind: "session", + conversation: { + channel: "discord", + accountId: "default", + conversationId: "123", + }, + status: "active", + boundAt: 0, + }, + statefulTarget: { + kind: "stateful", + driverId, + sessionKey: `agent:codex:${driverId}`, + agentId: "codex", + }, + }; +} + +afterEach(() => { + unregisterStatefulBindingTargetDriver("test-driver"); +}); + +describe("binding target drivers", () => { + it("delegates ensureReady and ensureSession to the resolved driver", async () => { + const ensureReady = vi.fn(async () => ({ ok: true as const })); + const ensureSession = vi.fn(async () => ({ + ok: true as const, + sessionKey: "agent:codex:test-driver", + })); + const driver: StatefulBindingTargetDriver = { + id: "test-driver", + ensureReady, + ensureSession, + }; + registerStatefulBindingTargetDriver(driver); + + const bindingResolution = createBindingResolution("test-driver"); + await expect( + ensureConfiguredBindingTargetReady({ + cfg: {} as never, + bindingResolution, + }), + ).resolves.toEqual({ ok: true }); + await expect( + ensureConfiguredBindingTargetSession({ + cfg: {} as never, + bindingResolution, + }), + ).resolves.toEqual({ + ok: true, + sessionKey: "agent:codex:test-driver", + }); + + expect(ensureReady).toHaveBeenCalledTimes(1); + expect(ensureReady).toHaveBeenCalledWith({ + cfg: {} as never, + bindingResolution, + }); + expect(ensureSession).toHaveBeenCalledTimes(1); + expect(ensureSession).toHaveBeenCalledWith({ + cfg: {} as never, + bindingResolution, + }); + }); + + it("resolves resetInPlace through the driver session-key lookup", async () => { + const resetInPlace = vi.fn(async () => ({ ok: true as const })); + const driver: StatefulBindingTargetDriver = { + id: "test-driver", + ensureReady: async () => ({ ok: true }), + ensureSession: async () => ({ + ok: true, + sessionKey: "agent:codex:test-driver", + }), + resolveTargetBySessionKey: ({ sessionKey }) => ({ + kind: "stateful", + driverId: "test-driver", + sessionKey, + agentId: "codex", + }), + resetInPlace, + }; + registerStatefulBindingTargetDriver(driver); + + await expect( + resetConfiguredBindingTargetInPlace({ + cfg: {} as never, + sessionKey: "agent:codex:test-driver", + reason: "reset", + }), + ).resolves.toEqual({ ok: true }); + + expect(resetInPlace).toHaveBeenCalledTimes(1); + expect(resetInPlace).toHaveBeenCalledWith({ + cfg: {} as never, + sessionKey: "agent:codex:test-driver", + reason: "reset", + bindingTarget: { + kind: "stateful", + driverId: "test-driver", + sessionKey: "agent:codex:test-driver", + agentId: "codex", + }, + }); + }); + + it("returns a typed error when no driver is registered", async () => { + const bindingResolution = createBindingResolution("missing-driver"); + + await expect( + ensureConfiguredBindingTargetReady({ + cfg: {} as never, + bindingResolution, + }), + ).resolves.toEqual({ + ok: false, + error: "Configured binding target driver unavailable: missing-driver", + }); + await expect( + ensureConfiguredBindingTargetSession({ + cfg: {} as never, + bindingResolution, + }), + ).resolves.toEqual({ + ok: false, + sessionKey: "agent:codex:missing-driver", + error: "Configured binding target driver unavailable: missing-driver", + }); + }); +}); diff --git a/src/channels/plugins/binding-targets.ts b/src/channels/plugins/binding-targets.ts new file mode 100644 index 00000000000..2ca8fefea22 --- /dev/null +++ b/src/channels/plugins/binding-targets.ts @@ -0,0 +1,69 @@ +import type { OpenClawConfig } from "../../config/config.js"; +import type { ConfiguredBindingResolution } from "./binding-types.js"; +import { ensureStatefulTargetBuiltinsRegistered } from "./stateful-target-builtins.js"; +import { + getStatefulBindingTargetDriver, + resolveStatefulBindingTargetBySessionKey, +} from "./stateful-target-drivers.js"; + +export async function ensureConfiguredBindingTargetReady(params: { + cfg: OpenClawConfig; + bindingResolution: ConfiguredBindingResolution | null; +}): Promise<{ ok: true } | { ok: false; error: string }> { + ensureStatefulTargetBuiltinsRegistered(); + if (!params.bindingResolution) { + return { ok: true }; + } + const driver = getStatefulBindingTargetDriver(params.bindingResolution.statefulTarget.driverId); + if (!driver) { + return { + ok: false, + error: `Configured binding target driver unavailable: ${params.bindingResolution.statefulTarget.driverId}`, + }; + } + return await driver.ensureReady({ + cfg: params.cfg, + bindingResolution: params.bindingResolution, + }); +} + +export async function resetConfiguredBindingTargetInPlace(params: { + cfg: OpenClawConfig; + sessionKey: string; + reason: "new" | "reset"; +}): Promise<{ ok: true } | { ok: false; skipped?: boolean; error?: string }> { + ensureStatefulTargetBuiltinsRegistered(); + const resolved = resolveStatefulBindingTargetBySessionKey({ + cfg: params.cfg, + sessionKey: params.sessionKey, + }); + if (!resolved?.driver.resetInPlace) { + return { + ok: false, + skipped: true, + }; + } + return await resolved.driver.resetInPlace({ + ...params, + bindingTarget: resolved.bindingTarget, + }); +} + +export async function ensureConfiguredBindingTargetSession(params: { + cfg: OpenClawConfig; + bindingResolution: ConfiguredBindingResolution; +}): Promise<{ ok: true; sessionKey: string } | { ok: false; sessionKey: string; error: string }> { + ensureStatefulTargetBuiltinsRegistered(); + const driver = getStatefulBindingTargetDriver(params.bindingResolution.statefulTarget.driverId); + if (!driver) { + return { + ok: false, + sessionKey: params.bindingResolution.statefulTarget.sessionKey, + error: `Configured binding target driver unavailable: ${params.bindingResolution.statefulTarget.driverId}`, + }; + } + return await driver.ensureSession({ + cfg: params.cfg, + bindingResolution: params.bindingResolution, + }); +} diff --git a/src/channels/plugins/binding-types.ts b/src/channels/plugins/binding-types.ts new file mode 100644 index 00000000000..81ca368bc2b --- /dev/null +++ b/src/channels/plugins/binding-types.ts @@ -0,0 +1,53 @@ +import type { AgentBinding } from "../../config/types.js"; +import type { + ConversationRef, + SessionBindingRecord, +} from "../../infra/outbound/session-binding-service.js"; +import type { + ChannelConfiguredBindingConversationRef, + ChannelConfiguredBindingMatch, + ChannelConfiguredBindingProvider, +} from "./types.adapters.js"; +import type { ChannelId } from "./types.js"; + +export type ConfiguredBindingConversation = ConversationRef; +export type ConfiguredBindingChannel = ChannelId; +export type ConfiguredBindingRuleConfig = AgentBinding; + +export type StatefulBindingTargetDescriptor = { + kind: "stateful"; + driverId: string; + sessionKey: string; + agentId: string; + label?: string; +}; + +export type ConfiguredBindingRecordResolution = { + record: SessionBindingRecord; + statefulTarget: StatefulBindingTargetDescriptor; +}; + +export type ConfiguredBindingTargetFactory = { + driverId: string; + materialize: (params: { + accountId: string; + conversation: ChannelConfiguredBindingConversationRef; + }) => ConfiguredBindingRecordResolution; +}; + +export type CompiledConfiguredBinding = { + channel: ConfiguredBindingChannel; + accountPattern?: string; + binding: ConfiguredBindingRuleConfig; + bindingConversationId: string; + target: ChannelConfiguredBindingConversationRef; + agentId: string; + provider: ChannelConfiguredBindingProvider; + targetFactory: ConfiguredBindingTargetFactory; +}; + +export type ConfiguredBindingResolution = ConfiguredBindingRecordResolution & { + conversation: ConfiguredBindingConversation; + compiledBinding: CompiledConfiguredBinding; + match: ChannelConfiguredBindingMatch; +}; diff --git a/src/channels/plugins/bundled.ts b/src/channels/plugins/bundled.ts index c7cae53de20..5579ddfdf65 100644 --- a/src/channels/plugins/bundled.ts +++ b/src/channels/plugins/bundled.ts @@ -1,33 +1,30 @@ -import { bluebubblesPlugin } from "../../../extensions/bluebubbles/src/channel.js"; -import { discordPlugin } from "../../../extensions/discord/src/channel.js"; -import { discordSetupPlugin } from "../../../extensions/discord/src/channel.setup.js"; -import { setDiscordRuntime } from "../../../extensions/discord/src/runtime.js"; -import { feishuPlugin } from "../../../extensions/feishu/src/channel.js"; -import { googlechatPlugin } from "../../../extensions/googlechat/src/channel.js"; -import { imessagePlugin } from "../../../extensions/imessage/src/channel.js"; -import { imessageSetupPlugin } from "../../../extensions/imessage/src/channel.setup.js"; -import { ircPlugin } from "../../../extensions/irc/src/channel.js"; -import { linePlugin } from "../../../extensions/line/src/channel.js"; -import { lineSetupPlugin } from "../../../extensions/line/src/channel.setup.js"; -import { setLineRuntime } from "../../../extensions/line/src/runtime.js"; -import { matrixPlugin } from "../../../extensions/matrix/src/channel.js"; -import { mattermostPlugin } from "../../../extensions/mattermost/src/channel.js"; -import { msteamsPlugin } from "../../../extensions/msteams/src/channel.js"; -import { nextcloudTalkPlugin } from "../../../extensions/nextcloud-talk/src/channel.js"; -import { nostrPlugin } from "../../../extensions/nostr/src/channel.js"; -import { signalPlugin } from "../../../extensions/signal/src/channel.js"; -import { signalSetupPlugin } from "../../../extensions/signal/src/channel.setup.js"; -import { slackPlugin } from "../../../extensions/slack/src/channel.js"; -import { slackSetupPlugin } from "../../../extensions/slack/src/channel.setup.js"; -import { synologyChatPlugin } from "../../../extensions/synology-chat/src/channel.js"; -import { telegramPlugin } from "../../../extensions/telegram/src/channel.js"; -import { telegramSetupPlugin } from "../../../extensions/telegram/src/channel.setup.js"; -import { setTelegramRuntime } from "../../../extensions/telegram/src/runtime.js"; -import { tlonPlugin } from "../../../extensions/tlon/src/channel.js"; -import { whatsappPlugin } from "../../../extensions/whatsapp/src/channel.js"; -import { whatsappSetupPlugin } from "../../../extensions/whatsapp/src/channel.setup.js"; -import { zaloPlugin } from "../../../extensions/zalo/src/channel.js"; -import { zalouserPlugin } from "../../../extensions/zalouser/src/channel.js"; +import { bluebubblesPlugin } from "../../../extensions/bluebubbles/index.js"; +import { discordPlugin, setDiscordRuntime } from "../../../extensions/discord/index.js"; +import { discordSetupPlugin } from "../../../extensions/discord/setup-entry.js"; +import { feishuPlugin } from "../../../extensions/feishu/index.js"; +import { googlechatPlugin } from "../../../extensions/googlechat/index.js"; +import { imessagePlugin } from "../../../extensions/imessage/index.js"; +import { imessageSetupPlugin } from "../../../extensions/imessage/setup-entry.js"; +import { ircPlugin } from "../../../extensions/irc/index.js"; +import { linePlugin, setLineRuntime } from "../../../extensions/line/index.js"; +import { lineSetupPlugin } from "../../../extensions/line/setup-entry.js"; +import { matrixPlugin } from "../../../extensions/matrix/index.js"; +import { mattermostPlugin } from "../../../extensions/mattermost/index.js"; +import { msteamsPlugin } from "../../../extensions/msteams/index.js"; +import { nextcloudTalkPlugin } from "../../../extensions/nextcloud-talk/index.js"; +import { nostrPlugin } from "../../../extensions/nostr/index.js"; +import { signalPlugin } from "../../../extensions/signal/index.js"; +import { signalSetupPlugin } from "../../../extensions/signal/setup-entry.js"; +import { slackPlugin } from "../../../extensions/slack/index.js"; +import { slackSetupPlugin } from "../../../extensions/slack/setup-entry.js"; +import { synologyChatPlugin } from "../../../extensions/synology-chat/index.js"; +import { telegramPlugin, setTelegramRuntime } from "../../../extensions/telegram/index.js"; +import { telegramSetupPlugin } from "../../../extensions/telegram/setup-entry.js"; +import { tlonPlugin } from "../../../extensions/tlon/index.js"; +import { whatsappPlugin } from "../../../extensions/whatsapp/index.js"; +import { whatsappSetupPlugin } from "../../../extensions/whatsapp/setup-entry.js"; +import { zaloPlugin } from "../../../extensions/zalo/index.js"; +import { zalouserPlugin } from "../../../extensions/zalouser/index.js"; import type { ChannelId, ChannelPlugin } from "./types.js"; export const bundledChannelPlugins = [ diff --git a/src/channels/plugins/configured-binding-builtins.ts b/src/channels/plugins/configured-binding-builtins.ts new file mode 100644 index 00000000000..2d27e9b5286 --- /dev/null +++ b/src/channels/plugins/configured-binding-builtins.ts @@ -0,0 +1,13 @@ +import { acpConfiguredBindingConsumer } from "./acp-configured-binding-consumer.js"; +import { + registerConfiguredBindingConsumer, + unregisterConfiguredBindingConsumer, +} from "./configured-binding-consumers.js"; + +export function ensureConfiguredBindingBuiltinsRegistered(): void { + registerConfiguredBindingConsumer(acpConfiguredBindingConsumer); +} + +export function resetConfiguredBindingBuiltinsForTesting(): void { + unregisterConfiguredBindingConsumer(acpConfiguredBindingConsumer.id); +} diff --git a/src/channels/plugins/configured-binding-compiler.ts b/src/channels/plugins/configured-binding-compiler.ts new file mode 100644 index 00000000000..ca5a88022d1 --- /dev/null +++ b/src/channels/plugins/configured-binding-compiler.ts @@ -0,0 +1,240 @@ +import { listConfiguredBindings } from "../../config/bindings.js"; +import type { OpenClawConfig } from "../../config/config.js"; +import { getActivePluginRegistry, getActivePluginRegistryVersion } from "../../plugins/runtime.js"; +import { pickFirstExistingAgentId } from "../../routing/resolve-route.js"; +import { resolveChannelConfiguredBindingProvider } from "./binding-provider.js"; +import type { CompiledConfiguredBinding, ConfiguredBindingChannel } from "./binding-types.js"; +import { resolveConfiguredBindingConsumer } from "./configured-binding-consumers.js"; +import { getChannelPlugin } from "./index.js"; +import type { + ChannelConfiguredBindingConversationRef, + ChannelConfiguredBindingProvider, +} from "./types.adapters.js"; + +// Configured bindings are channel-owned rules compiled from config, separate +// from runtime plugin-owned conversation bindings. + +type ChannelPluginLike = NonNullable>; + +export type CompiledConfiguredBindingRegistry = { + rulesByChannel: Map; +}; + +type CachedCompiledConfiguredBindingRegistry = { + registryVersion: number; + registry: CompiledConfiguredBindingRegistry; +}; + +const compiledRegistryCache = new WeakMap< + OpenClawConfig, + CachedCompiledConfiguredBindingRegistry +>(); + +function findChannelPlugin(params: { + registry: + | { + channels?: Array<{ plugin?: ChannelPluginLike | null } | null> | null; + } + | null + | undefined; + channel: string; +}): ChannelPluginLike | undefined { + return ( + params.registry?.channels?.find((entry) => entry?.plugin?.id === params.channel)?.plugin ?? + undefined + ); +} + +function resolveLoadedChannelPlugin(channel: string) { + const normalized = channel.trim().toLowerCase(); + if (!normalized) { + return undefined; + } + + const current = getChannelPlugin(normalized as ConfiguredBindingChannel); + if (current) { + return current; + } + + return findChannelPlugin({ + registry: getActivePluginRegistry(), + channel: normalized, + }); +} + +function resolveConfiguredBindingAdapter(channel: string): { + channel: ConfiguredBindingChannel; + provider: ChannelConfiguredBindingProvider; +} | null { + const normalized = channel.trim().toLowerCase(); + if (!normalized) { + return null; + } + const plugin = resolveLoadedChannelPlugin(normalized); + const provider = resolveChannelConfiguredBindingProvider(plugin); + if ( + !plugin || + !provider || + !provider.compileConfiguredBinding || + !provider.matchInboundConversation + ) { + return null; + } + return { + channel: plugin.id, + provider, + }; +} + +function resolveBindingConversationId(binding: { + match?: { peer?: { id?: string } }; +}): string | null { + const id = binding.match?.peer?.id?.trim(); + return id ? id : null; +} + +function compileConfiguredBindingTarget(params: { + provider: ChannelConfiguredBindingProvider; + binding: CompiledConfiguredBinding["binding"]; + conversationId: string; +}): ChannelConfiguredBindingConversationRef | null { + return params.provider.compileConfiguredBinding({ + binding: params.binding, + conversationId: params.conversationId, + }); +} + +function compileConfiguredBindingRule(params: { + cfg: OpenClawConfig; + channel: ConfiguredBindingChannel; + binding: CompiledConfiguredBinding["binding"]; + target: ChannelConfiguredBindingConversationRef; + bindingConversationId: string; + provider: ChannelConfiguredBindingProvider; +}): CompiledConfiguredBinding | null { + const agentId = pickFirstExistingAgentId(params.cfg, params.binding.agentId ?? "main"); + const consumer = resolveConfiguredBindingConsumer(params.binding); + if (!consumer) { + return null; + } + const targetFactory = consumer.buildTargetFactory({ + cfg: params.cfg, + binding: params.binding, + channel: params.channel, + agentId, + target: params.target, + bindingConversationId: params.bindingConversationId, + }); + if (!targetFactory) { + return null; + } + return { + channel: params.channel, + accountPattern: params.binding.match.accountId?.trim() || undefined, + binding: params.binding, + bindingConversationId: params.bindingConversationId, + target: params.target, + agentId, + provider: params.provider, + targetFactory, + }; +} + +function pushCompiledRule( + target: Map, + rule: CompiledConfiguredBinding, +) { + const existing = target.get(rule.channel); + if (existing) { + existing.push(rule); + return; + } + target.set(rule.channel, [rule]); +} + +function compileConfiguredBindingRegistry(params: { + cfg: OpenClawConfig; +}): CompiledConfiguredBindingRegistry { + const rulesByChannel = new Map(); + + for (const binding of listConfiguredBindings(params.cfg)) { + const bindingConversationId = resolveBindingConversationId(binding); + if (!bindingConversationId) { + continue; + } + + const resolvedChannel = resolveConfiguredBindingAdapter(binding.match.channel); + if (!resolvedChannel) { + continue; + } + + const target = compileConfiguredBindingTarget({ + provider: resolvedChannel.provider, + binding, + conversationId: bindingConversationId, + }); + if (!target) { + continue; + } + + const rule = compileConfiguredBindingRule({ + cfg: params.cfg, + channel: resolvedChannel.channel, + binding, + target, + bindingConversationId, + provider: resolvedChannel.provider, + }); + if (!rule) { + continue; + } + pushCompiledRule(rulesByChannel, rule); + } + + return { + rulesByChannel, + }; +} + +export function resolveCompiledBindingRegistry( + cfg: OpenClawConfig, +): CompiledConfiguredBindingRegistry { + const registryVersion = getActivePluginRegistryVersion(); + const cached = compiledRegistryCache.get(cfg); + if (cached?.registryVersion === registryVersion) { + return cached.registry; + } + + const registry = compileConfiguredBindingRegistry({ + cfg, + }); + compiledRegistryCache.set(cfg, { + registryVersion, + registry, + }); + return registry; +} + +export function primeCompiledBindingRegistry( + cfg: OpenClawConfig, +): CompiledConfiguredBindingRegistry { + const registry = compileConfiguredBindingRegistry({ cfg }); + compiledRegistryCache.set(cfg, { + registryVersion: getActivePluginRegistryVersion(), + registry, + }); + return registry; +} + +export function countCompiledBindingRegistry(registry: CompiledConfiguredBindingRegistry): { + bindingCount: number; + channelCount: number; +} { + return { + bindingCount: [...registry.rulesByChannel.values()].reduce( + (sum, rules) => sum + rules.length, + 0, + ), + channelCount: registry.rulesByChannel.size, + }; +} diff --git a/src/channels/plugins/configured-binding-consumers.ts b/src/channels/plugins/configured-binding-consumers.ts new file mode 100644 index 00000000000..dbe5dc8791c --- /dev/null +++ b/src/channels/plugins/configured-binding-consumers.ts @@ -0,0 +1,69 @@ +import type { OpenClawConfig } from "../../config/config.js"; +import type { + CompiledConfiguredBinding, + ConfiguredBindingRecordResolution, + ConfiguredBindingRuleConfig, + ConfiguredBindingTargetFactory, +} from "./binding-types.js"; +import type { ChannelConfiguredBindingConversationRef } from "./types.adapters.js"; + +export type ParsedConfiguredBindingSessionKey = { + channel: string; + accountId: string; +}; + +export type ConfiguredBindingConsumer = { + id: string; + supports: (binding: ConfiguredBindingRuleConfig) => boolean; + buildTargetFactory: (params: { + cfg: OpenClawConfig; + binding: ConfiguredBindingRuleConfig; + channel: string; + agentId: string; + target: ChannelConfiguredBindingConversationRef; + bindingConversationId: string; + }) => ConfiguredBindingTargetFactory | null; + parseSessionKey?: (params: { sessionKey: string }) => ParsedConfiguredBindingSessionKey | null; + matchesSessionKey?: (params: { + sessionKey: string; + compiledBinding: CompiledConfiguredBinding; + accountId: string; + materializedTarget: ConfiguredBindingRecordResolution; + }) => boolean; +}; + +const registeredConfiguredBindingConsumers = new Map(); + +export function listConfiguredBindingConsumers(): ConfiguredBindingConsumer[] { + return [...registeredConfiguredBindingConsumers.values()]; +} + +export function resolveConfiguredBindingConsumer( + binding: ConfiguredBindingRuleConfig, +): ConfiguredBindingConsumer | null { + for (const consumer of listConfiguredBindingConsumers()) { + if (consumer.supports(binding)) { + return consumer; + } + } + return null; +} + +export function registerConfiguredBindingConsumer(consumer: ConfiguredBindingConsumer): void { + const id = consumer.id.trim(); + if (!id) { + throw new Error("Configured binding consumer id is required"); + } + const existing = registeredConfiguredBindingConsumers.get(id); + if (existing) { + return; + } + registeredConfiguredBindingConsumers.set(id, { + ...consumer, + id, + }); +} + +export function unregisterConfiguredBindingConsumer(id: string): void { + registeredConfiguredBindingConsumers.delete(id.trim()); +} diff --git a/src/channels/plugins/configured-binding-match.ts b/src/channels/plugins/configured-binding-match.ts new file mode 100644 index 00000000000..7e9ec4f4b09 --- /dev/null +++ b/src/channels/plugins/configured-binding-match.ts @@ -0,0 +1,116 @@ +import type { ConversationRef } from "../../infra/outbound/session-binding-service.js"; +import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../routing/session-key.js"; +import type { + CompiledConfiguredBinding, + ConfiguredBindingChannel, + ConfiguredBindingRecordResolution, +} from "./binding-types.js"; +import type { + ChannelConfiguredBindingConversationRef, + ChannelConfiguredBindingMatch, +} from "./types.adapters.js"; + +export function resolveAccountMatchPriority(match: string | undefined, actual: string): 0 | 1 | 2 { + const trimmed = (match ?? "").trim(); + if (!trimmed) { + return actual === DEFAULT_ACCOUNT_ID ? 2 : 0; + } + if (trimmed === "*") { + return 1; + } + return normalizeAccountId(trimmed) === actual ? 2 : 0; +} + +function matchCompiledBindingConversation(params: { + rule: CompiledConfiguredBinding; + conversationId: string; + parentConversationId?: string; +}): ChannelConfiguredBindingMatch | null { + return params.rule.provider.matchInboundConversation({ + binding: params.rule.binding, + compiledBinding: params.rule.target, + conversationId: params.conversationId, + parentConversationId: params.parentConversationId, + }); +} + +export function resolveCompiledBindingChannel(raw: string): ConfiguredBindingChannel | null { + const normalized = raw.trim().toLowerCase(); + return normalized ? (normalized as ConfiguredBindingChannel) : null; +} + +export function toConfiguredBindingConversationRef(conversation: ConversationRef): { + channel: ConfiguredBindingChannel; + accountId: string; + conversationId: string; + parentConversationId?: string; +} | null { + const channel = resolveCompiledBindingChannel(conversation.channel); + const conversationId = conversation.conversationId.trim(); + if (!channel || !conversationId) { + return null; + } + return { + channel, + accountId: normalizeAccountId(conversation.accountId), + conversationId, + parentConversationId: conversation.parentConversationId?.trim() || undefined, + }; +} + +export function materializeConfiguredBindingRecord(params: { + rule: CompiledConfiguredBinding; + accountId: string; + conversation: ChannelConfiguredBindingConversationRef; +}): ConfiguredBindingRecordResolution { + return params.rule.targetFactory.materialize({ + accountId: normalizeAccountId(params.accountId), + conversation: params.conversation, + }); +} + +export function resolveMatchingConfiguredBinding(params: { + rules: CompiledConfiguredBinding[]; + conversation: ReturnType; +}): { rule: CompiledConfiguredBinding; match: ChannelConfiguredBindingMatch } | null { + if (!params.conversation) { + return null; + } + + let wildcardMatch: { + rule: CompiledConfiguredBinding; + match: ChannelConfiguredBindingMatch; + } | null = null; + let exactMatch: { rule: CompiledConfiguredBinding; match: ChannelConfiguredBindingMatch } | null = + null; + + for (const rule of params.rules) { + const accountMatchPriority = resolveAccountMatchPriority( + rule.accountPattern, + params.conversation.accountId, + ); + if (accountMatchPriority === 0) { + continue; + } + const match = matchCompiledBindingConversation({ + rule, + conversationId: params.conversation.conversationId, + parentConversationId: params.conversation.parentConversationId, + }); + if (!match) { + continue; + } + const matchPriority = match.matchPriority ?? 0; + if (accountMatchPriority === 2) { + if (!exactMatch || matchPriority > (exactMatch.match.matchPriority ?? 0)) { + exactMatch = { rule, match }; + } + continue; + } + if (!wildcardMatch || matchPriority > (wildcardMatch.match.matchPriority ?? 0)) { + wildcardMatch = { rule, match }; + } + } + + return exactMatch ?? wildcardMatch; +} diff --git a/src/channels/plugins/configured-binding-registry.ts b/src/channels/plugins/configured-binding-registry.ts new file mode 100644 index 00000000000..6a7aba3bdfb --- /dev/null +++ b/src/channels/plugins/configured-binding-registry.ts @@ -0,0 +1,116 @@ +import type { OpenClawConfig } from "../../config/config.js"; +import type { ConversationRef } from "../../infra/outbound/session-binding-service.js"; +import type { + ConfiguredBindingRecordResolution, + ConfiguredBindingResolution, +} from "./binding-types.js"; +import { + countCompiledBindingRegistry, + primeCompiledBindingRegistry, + resolveCompiledBindingRegistry, +} from "./configured-binding-compiler.js"; +import { + materializeConfiguredBindingRecord, + resolveMatchingConfiguredBinding, + toConfiguredBindingConversationRef, +} from "./configured-binding-match.js"; +import { resolveConfiguredBindingRecordBySessionKeyFromRegistry } from "./configured-binding-session-lookup.js"; + +export function primeConfiguredBindingRegistry(params: { cfg: OpenClawConfig }): { + bindingCount: number; + channelCount: number; +} { + return countCompiledBindingRegistry(primeCompiledBindingRegistry(params.cfg)); +} + +export function resolveConfiguredBindingRecord(params: { + cfg: OpenClawConfig; + channel: string; + accountId: string; + conversationId: string; + parentConversationId?: string; +}): ConfiguredBindingRecordResolution | null { + const conversation = toConfiguredBindingConversationRef({ + channel: params.channel, + accountId: params.accountId, + conversationId: params.conversationId, + parentConversationId: params.parentConversationId, + }); + if (!conversation) { + return null; + } + return resolveConfiguredBindingRecordForConversation({ + cfg: params.cfg, + conversation, + }); +} + +export function resolveConfiguredBindingRecordForConversation(params: { + cfg: OpenClawConfig; + conversation: ConversationRef; +}): ConfiguredBindingRecordResolution | null { + const conversation = toConfiguredBindingConversationRef(params.conversation); + if (!conversation) { + return null; + } + const registry = resolveCompiledBindingRegistry(params.cfg); + const rules = registry.rulesByChannel.get(conversation.channel); + if (!rules || rules.length === 0) { + return null; + } + const resolved = resolveMatchingConfiguredBinding({ + rules, + conversation, + }); + if (!resolved) { + return null; + } + return materializeConfiguredBindingRecord({ + rule: resolved.rule, + accountId: conversation.accountId, + conversation: resolved.match, + }); +} + +export function resolveConfiguredBinding(params: { + cfg: OpenClawConfig; + conversation: ConversationRef; +}): ConfiguredBindingResolution | null { + const conversation = toConfiguredBindingConversationRef(params.conversation); + if (!conversation) { + return null; + } + const registry = resolveCompiledBindingRegistry(params.cfg); + const rules = registry.rulesByChannel.get(conversation.channel); + if (!rules || rules.length === 0) { + return null; + } + const resolved = resolveMatchingConfiguredBinding({ + rules, + conversation, + }); + if (!resolved) { + return null; + } + const materializedTarget = materializeConfiguredBindingRecord({ + rule: resolved.rule, + accountId: conversation.accountId, + conversation: resolved.match, + }); + return { + conversation, + compiledBinding: resolved.rule, + match: resolved.match, + ...materializedTarget, + }; +} + +export function resolveConfiguredBindingRecordBySessionKey(params: { + cfg: OpenClawConfig; + sessionKey: string; +}): ConfiguredBindingRecordResolution | null { + return resolveConfiguredBindingRecordBySessionKeyFromRegistry({ + registry: resolveCompiledBindingRegistry(params.cfg), + sessionKey: params.sessionKey, + }); +} diff --git a/src/channels/plugins/configured-binding-session-lookup.ts b/src/channels/plugins/configured-binding-session-lookup.ts new file mode 100644 index 00000000000..e4baa4057d8 --- /dev/null +++ b/src/channels/plugins/configured-binding-session-lookup.ts @@ -0,0 +1,74 @@ +import type { ConfiguredBindingRecordResolution } from "./binding-types.js"; +import type { CompiledConfiguredBindingRegistry } from "./configured-binding-compiler.js"; +import { listConfiguredBindingConsumers } from "./configured-binding-consumers.js"; +import { + materializeConfiguredBindingRecord, + resolveAccountMatchPriority, + resolveCompiledBindingChannel, +} from "./configured-binding-match.js"; + +export function resolveConfiguredBindingRecordBySessionKeyFromRegistry(params: { + registry: CompiledConfiguredBindingRegistry; + sessionKey: string; +}): ConfiguredBindingRecordResolution | null { + const sessionKey = params.sessionKey.trim(); + if (!sessionKey) { + return null; + } + + for (const consumer of listConfiguredBindingConsumers()) { + const parsed = consumer.parseSessionKey?.({ sessionKey }); + if (!parsed) { + continue; + } + const channel = resolveCompiledBindingChannel(parsed.channel); + if (!channel) { + continue; + } + const rules = params.registry.rulesByChannel.get(channel); + if (!rules || rules.length === 0) { + continue; + } + let wildcardMatch: ConfiguredBindingRecordResolution | null = null; + let exactMatch: ConfiguredBindingRecordResolution | null = null; + for (const rule of rules) { + if (rule.targetFactory.driverId !== consumer.id) { + continue; + } + const accountMatchPriority = resolveAccountMatchPriority( + rule.accountPattern, + parsed.accountId, + ); + if (accountMatchPriority === 0) { + continue; + } + const materializedTarget = materializeConfiguredBindingRecord({ + rule, + accountId: parsed.accountId, + conversation: rule.target, + }); + const matchesSessionKey = + consumer.matchesSessionKey?.({ + sessionKey, + compiledBinding: rule, + accountId: parsed.accountId, + materializedTarget, + }) ?? materializedTarget.record.targetSessionKey === sessionKey; + if (matchesSessionKey) { + if (accountMatchPriority === 2) { + exactMatch = materializedTarget; + break; + } + wildcardMatch = materializedTarget; + } + } + if (exactMatch) { + return exactMatch; + } + if (wildcardMatch) { + return wildcardMatch; + } + } + + return null; +} diff --git a/src/channels/plugins/contracts/directory.contract.test.ts b/src/channels/plugins/contracts/directory.contract.test.ts new file mode 100644 index 00000000000..d664f003531 --- /dev/null +++ b/src/channels/plugins/contracts/directory.contract.test.ts @@ -0,0 +1,14 @@ +import { describe } from "vitest"; +import { directoryContractRegistry } from "./registry.js"; +import { installChannelDirectoryContractSuite } from "./suites.js"; + +for (const entry of directoryContractRegistry) { + describe(`${entry.id} directory contract`, () => { + installChannelDirectoryContractSuite({ + plugin: entry.plugin, + coverage: entry.coverage, + cfg: entry.cfg, + accountId: entry.accountId, + }); + }); +} diff --git a/src/channels/plugins/contracts/inbound-testkit.ts b/src/channels/plugins/contracts/inbound-testkit.ts new file mode 100644 index 00000000000..b3241572f56 --- /dev/null +++ b/src/channels/plugins/contracts/inbound-testkit.ts @@ -0,0 +1,39 @@ +import { vi } from "vitest"; +import type { MsgContext } from "../../../auto-reply/templating.js"; + +export type InboundContextCapture = { + ctx: MsgContext | undefined; +}; + +export function createInboundContextCapture(): InboundContextCapture { + return { ctx: undefined }; +} + +export function buildDispatchInboundCaptureMock>( + actual: T, + setCtx: (ctx: unknown) => void, +) { + const dispatchInboundMessage = vi.fn(async (params: { ctx: unknown }) => { + setCtx(params.ctx); + return { queuedFinal: false, counts: { tool: 0, block: 0, final: 0 } }; + }); + + return { + ...actual, + dispatchInboundMessage, + dispatchInboundMessageWithDispatcher: dispatchInboundMessage, + dispatchInboundMessageWithBufferedDispatcher: dispatchInboundMessage, + }; +} + +export async function buildDispatchInboundContextCapture( + importOriginal: >() => Promise, + capture: InboundContextCapture, +) { + const actual = await importOriginal(); + return buildDispatchInboundCaptureMock(actual, (ctx) => { + capture.ctx = ctx as MsgContext; + }); +} + +export const inboundCtxCapture = createInboundContextCapture(); diff --git a/src/channels/plugins/contracts/inbound.contract.test.ts b/src/channels/plugins/contracts/inbound.contract.test.ts new file mode 100644 index 00000000000..f4f3ffa0a87 --- /dev/null +++ b/src/channels/plugins/contracts/inbound.contract.test.ts @@ -0,0 +1,229 @@ +import { beforeEach, describe, expect, it, vi } from "vitest"; +import type { ResolvedSlackAccount } from "../../../../extensions/slack/src/accounts.js"; +import type { SlackMessageEvent } from "../../../../extensions/slack/src/types.js"; +import type { MsgContext } from "../../../auto-reply/templating.js"; +import type { OpenClawConfig } from "../../../config/config.js"; +import { inboundCtxCapture } from "./inbound-testkit.js"; +import { expectChannelInboundContextContract } from "./suites.js"; + +const dispatchInboundMessageMock = vi.hoisted(() => + vi.fn( + async (params: { + ctx: MsgContext; + replyOptions?: { onReplyStart?: () => void | Promise }; + }) => { + await Promise.resolve(params.replyOptions?.onReplyStart?.()); + return { queuedFinal: false, counts: { tool: 0, block: 0, final: 0 } }; + }, + ), +); + +vi.mock("openclaw/plugin-sdk/reply-runtime", async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + dispatchInboundMessage: vi.fn(async (params: { ctx: MsgContext }) => { + inboundCtxCapture.ctx = params.ctx; + return await dispatchInboundMessageMock(params); + }), + dispatchInboundMessageWithDispatcher: vi.fn(async (params: { ctx: MsgContext }) => { + inboundCtxCapture.ctx = params.ctx; + return await dispatchInboundMessageMock(params); + }), + dispatchInboundMessageWithBufferedDispatcher: vi.fn(async (params: { ctx: MsgContext }) => { + inboundCtxCapture.ctx = params.ctx; + return await dispatchInboundMessageMock(params); + }), + }; +}); + +vi.mock("../../../../extensions/signal/src/send.js", () => ({ + sendMessageSignal: vi.fn(), + sendTypingSignal: vi.fn(async () => true), + sendReadReceiptSignal: vi.fn(async () => true), +})); + +vi.mock("../../../pairing/pairing-store.js", () => ({ + readChannelAllowFromStore: vi.fn().mockResolvedValue([]), + upsertChannelPairingRequest: vi.fn(), +})); + +vi.mock("../../../../extensions/whatsapp/src/auto-reply/monitor/last-route.js", () => ({ + trackBackgroundTask: (tasks: Set>, task: Promise) => { + tasks.add(task); + void task.finally(() => { + tasks.delete(task); + }); + }, + updateLastRouteInBackground: vi.fn(), +})); + +vi.mock("../../../../extensions/whatsapp/src/auto-reply/deliver-reply.js", () => ({ + deliverWebReply: vi.fn(async () => {}), +})); + +const { processDiscordMessage } = + await import("../../../../extensions/discord/src/monitor/message-handler.process.js"); +const { createBaseDiscordMessageContext, createDiscordDirectMessageContextOverrides } = + await import("../../../../extensions/discord/src/monitor/message-handler.test-harness.js"); +const { finalizeInboundContext } = await import("../../../auto-reply/reply/inbound-context.js"); +const { prepareSlackMessage } = + await import("../../../../extensions/slack/src/monitor/message-handler/prepare.js"); +const { createInboundSlackTestContext } = + await import("../../../../extensions/slack/src/monitor/message-handler/prepare.test-helpers.js"); +const { buildTelegramMessageContextForTest } = + await import("../../../../extensions/telegram/src/bot-message-context.test-harness.js"); + +function createSlackAccount(config: ResolvedSlackAccount["config"] = {}): ResolvedSlackAccount { + return { + accountId: "default", + enabled: true, + botTokenSource: "config", + appTokenSource: "config", + userTokenSource: "none", + config, + replyToMode: config.replyToMode, + replyToModeByChatType: config.replyToModeByChatType, + dm: config.dm, + }; +} + +function createSlackMessage(overrides: Partial): SlackMessageEvent { + return { + channel: "D123", + channel_type: "im", + user: "U1", + text: "hi", + ts: "1.000", + ...overrides, + } as SlackMessageEvent; +} + +describe("channel inbound contract", () => { + beforeEach(() => { + inboundCtxCapture.ctx = undefined; + dispatchInboundMessageMock.mockClear(); + }); + + it("keeps Discord inbound context finalized", async () => { + const messageCtx = await createBaseDiscordMessageContext({ + cfg: { messages: {} }, + ackReactionScope: "direct", + ...createDiscordDirectMessageContextOverrides(), + }); + + await processDiscordMessage(messageCtx); + + expect(inboundCtxCapture.ctx).toBeTruthy(); + expectChannelInboundContextContract(inboundCtxCapture.ctx!); + }); + + it("keeps Signal inbound context finalized", async () => { + const ctx = finalizeInboundContext({ + Body: "Alice: hi", + BodyForAgent: "hi", + RawBody: "hi", + CommandBody: "hi", + BodyForCommands: "hi", + From: "group:g1", + To: "group:g1", + SessionKey: "agent:main:signal:group:g1", + AccountId: "default", + ChatType: "group", + ConversationLabel: "Alice", + GroupSubject: "Test Group", + SenderName: "Alice", + SenderId: "+15550001111", + Provider: "signal", + Surface: "signal", + MessageSid: "1700000000000", + OriginatingChannel: "signal", + OriginatingTo: "group:g1", + CommandAuthorized: true, + }); + + expectChannelInboundContextContract(ctx); + }); + + it("keeps Slack inbound context finalized", async () => { + const ctx = createInboundSlackTestContext({ + cfg: { + channels: { slack: { enabled: true } }, + } as OpenClawConfig, + }); + // oxlint-disable-next-line typescript/no-explicit-any + ctx.resolveUserName = async () => ({ name: "Alice" }) as any; + + const prepared = await prepareSlackMessage({ + ctx, + account: createSlackAccount(), + message: createSlackMessage({}), + opts: { source: "message" }, + }); + + expect(prepared).toBeTruthy(); + expectChannelInboundContextContract(prepared!.ctxPayload); + }); + + it("keeps Telegram inbound context finalized", async () => { + const context = await buildTelegramMessageContextForTest({ + cfg: { + agents: { + defaults: { + envelopeTimezone: "utc", + }, + }, + channels: { + telegram: { + groupPolicy: "open", + groups: { "*": { requireMention: false } }, + }, + }, + } satisfies OpenClawConfig, + message: { + chat: { id: 42, type: "group", title: "Ops" }, + text: "hello", + date: 1736380800, + message_id: 2, + from: { + id: 99, + first_name: "Ada", + last_name: "Lovelace", + username: "ada", + }, + }, + }); + + const payload = context?.ctxPayload; + expect(payload).toBeTruthy(); + expectChannelInboundContextContract(payload!); + }); + + it("keeps WhatsApp inbound context finalized", async () => { + const ctx = finalizeInboundContext({ + Body: "Alice: hi", + BodyForAgent: "hi", + RawBody: "hi", + CommandBody: "hi", + BodyForCommands: "hi", + From: "123@g.us", + To: "+15550001111", + SessionKey: "agent:main:whatsapp:group:123", + AccountId: "default", + ChatType: "group", + ConversationLabel: "123@g.us", + GroupSubject: "Test Group", + SenderName: "Alice", + SenderId: "alice@s.whatsapp.net", + SenderE164: "+15550002222", + Provider: "whatsapp", + Surface: "whatsapp", + MessageSid: "msg1", + OriginatingChannel: "whatsapp", + OriginatingTo: "123@g.us", + CommandAuthorized: true, + }); + + expectChannelInboundContextContract(ctx); + }); +}); diff --git a/src/channels/plugins/contracts/inbound.discord.contract.test.ts b/src/channels/plugins/contracts/inbound.discord.contract.test.ts deleted file mode 100644 index 6b168f7d244..00000000000 --- a/src/channels/plugins/contracts/inbound.discord.contract.test.ts +++ /dev/null @@ -1,24 +0,0 @@ -import { describe, expect, it } from "vitest"; -import { inboundCtxCapture } from "../../../../test/helpers/inbound-contract-dispatch-mock.js"; -import { expectChannelInboundContextContract } from "./suites.js"; - -const { processDiscordMessage } = - await import("../../../../extensions/discord/src/monitor/message-handler.process.js"); -const { createBaseDiscordMessageContext, createDiscordDirectMessageContextOverrides } = - await import("../../../../extensions/discord/src/monitor/message-handler.test-harness.js"); - -describe("discord inbound contract", () => { - it("keeps inbound context finalized", async () => { - inboundCtxCapture.ctx = undefined; - const messageCtx = await createBaseDiscordMessageContext({ - cfg: { messages: {} }, - ackReactionScope: "direct", - ...createDiscordDirectMessageContextOverrides(), - }); - - await processDiscordMessage(messageCtx); - - expect(inboundCtxCapture.ctx).toBeTruthy(); - expectChannelInboundContextContract(inboundCtxCapture.ctx!); - }); -}); diff --git a/src/channels/plugins/contracts/inbound.signal.contract.test.ts b/src/channels/plugins/contracts/inbound.signal.contract.test.ts deleted file mode 100644 index abec31c0174..00000000000 --- a/src/channels/plugins/contracts/inbound.signal.contract.test.ts +++ /dev/null @@ -1,73 +0,0 @@ -import { beforeEach, describe, expect, it, vi } from "vitest"; -import { createSignalEventHandler } from "../../../../extensions/signal/src/monitor/event-handler.js"; -import { - createBaseSignalEventHandlerDeps, - createSignalReceiveEvent, -} from "../../../../extensions/signal/src/monitor/event-handler.test-harness.js"; -import type { MsgContext } from "../../../auto-reply/templating.js"; -import { expectChannelInboundContextContract } from "./suites.js"; - -const capture = vi.hoisted(() => ({ ctx: undefined as MsgContext | undefined })); -const dispatchInboundMessageMock = vi.hoisted(() => - vi.fn( - async (params: { - ctx: MsgContext; - replyOptions?: { onReplyStart?: () => void | Promise }; - }) => { - capture.ctx = params.ctx; - await Promise.resolve(params.replyOptions?.onReplyStart?.()); - return { queuedFinal: false, counts: { tool: 0, block: 0, final: 0 } }; - }, - ), -); - -vi.mock("../../../auto-reply/dispatch.js", async (importOriginal) => { - const actual = await importOriginal(); - return { - ...actual, - dispatchInboundMessage: dispatchInboundMessageMock, - dispatchInboundMessageWithDispatcher: dispatchInboundMessageMock, - dispatchInboundMessageWithBufferedDispatcher: dispatchInboundMessageMock, - }; -}); - -vi.mock("../../../../extensions/signal/src/send.js", () => ({ - sendMessageSignal: vi.fn(), - sendTypingSignal: vi.fn(async () => true), - sendReadReceiptSignal: vi.fn(async () => true), -})); - -vi.mock("../../../pairing/pairing-store.js", () => ({ - readChannelAllowFromStore: vi.fn().mockResolvedValue([]), - upsertChannelPairingRequest: vi.fn(), -})); - -describe("signal inbound contract", () => { - beforeEach(() => { - capture.ctx = undefined; - dispatchInboundMessageMock.mockClear(); - }); - - it("keeps inbound context finalized", async () => { - const handler = createSignalEventHandler( - createBaseSignalEventHandlerDeps({ - // oxlint-disable-next-line typescript/no-explicit-any - cfg: { messages: { inbound: { debounceMs: 0 } } } as any, - historyLimit: 0, - }), - ); - - await handler( - createSignalReceiveEvent({ - dataMessage: { - message: "hi", - attachments: [], - groupInfo: { groupId: "g1", groupName: "Test Group" }, - }, - }), - ); - - expect(capture.ctx).toBeTruthy(); - expectChannelInboundContextContract(capture.ctx!); - }); -}); diff --git a/src/channels/plugins/contracts/inbound.slack.contract.test.ts b/src/channels/plugins/contracts/inbound.slack.contract.test.ts deleted file mode 100644 index e013bed3b4f..00000000000 --- a/src/channels/plugins/contracts/inbound.slack.contract.test.ts +++ /dev/null @@ -1,54 +0,0 @@ -import { describe, expect, it } from "vitest"; -import type { ResolvedSlackAccount } from "../../../../extensions/slack/src/accounts.js"; -import { prepareSlackMessage } from "../../../../extensions/slack/src/monitor/message-handler/prepare.js"; -import { createInboundSlackTestContext } from "../../../../extensions/slack/src/monitor/message-handler/prepare.test-helpers.js"; -import type { SlackMessageEvent } from "../../../../extensions/slack/src/types.js"; -import type { OpenClawConfig } from "../../../config/config.js"; -import { expectChannelInboundContextContract } from "./suites.js"; - -function createSlackAccount(config: ResolvedSlackAccount["config"] = {}): ResolvedSlackAccount { - return { - accountId: "default", - enabled: true, - botTokenSource: "config", - appTokenSource: "config", - userTokenSource: "none", - config, - replyToMode: config.replyToMode, - replyToModeByChatType: config.replyToModeByChatType, - dm: config.dm, - }; -} - -function createSlackMessage(overrides: Partial): SlackMessageEvent { - return { - channel: "D123", - channel_type: "im", - user: "U1", - text: "hi", - ts: "1.000", - ...overrides, - } as SlackMessageEvent; -} - -describe("slack inbound contract", () => { - it("keeps inbound context finalized", async () => { - const ctx = createInboundSlackTestContext({ - cfg: { - channels: { slack: { enabled: true } }, - } as OpenClawConfig, - }); - // oxlint-disable-next-line typescript/no-explicit-any - ctx.resolveUserName = async () => ({ name: "Alice" }) as any; - - const prepared = await prepareSlackMessage({ - ctx, - account: createSlackAccount(), - message: createSlackMessage({}), - opts: { source: "message" }, - }); - - expect(prepared).toBeTruthy(); - expectChannelInboundContextContract(prepared!.ctxPayload); - }); -}); diff --git a/src/channels/plugins/contracts/inbound.telegram.contract.test.ts b/src/channels/plugins/contracts/inbound.telegram.contract.test.ts deleted file mode 100644 index a872964bd53..00000000000 --- a/src/channels/plugins/contracts/inbound.telegram.contract.test.ts +++ /dev/null @@ -1,60 +0,0 @@ -import { beforeEach, describe, expect, it } from "vitest"; -import { - getLoadConfigMock, - getOnHandler, - onSpy, - replySpy, -} from "../../../../extensions/telegram/src/bot.create-telegram-bot.test-harness.js"; -import type { MsgContext } from "../../../auto-reply/templating.js"; -import type { OpenClawConfig } from "../../../config/config.js"; -import { expectChannelInboundContextContract } from "./suites.js"; - -const { createTelegramBot } = await import("../../../../extensions/telegram/src/bot.js"); - -describe("telegram inbound contract", () => { - const loadConfig = getLoadConfigMock(); - - beforeEach(() => { - onSpy.mockClear(); - replySpy.mockClear(); - loadConfig.mockReturnValue({ - agents: { - defaults: { - envelopeTimezone: "utc", - }, - }, - channels: { - telegram: { - groupPolicy: "open", - groups: { "*": { requireMention: false } }, - }, - }, - } satisfies OpenClawConfig); - }); - - it("keeps inbound context finalized", async () => { - createTelegramBot({ token: "tok" }); - const handler = getOnHandler("message") as (ctx: Record) => Promise; - - await handler({ - message: { - chat: { id: 42, type: "group", title: "Ops" }, - text: "hello", - date: 1736380800, - message_id: 2, - from: { - id: 99, - first_name: "Ada", - last_name: "Lovelace", - username: "ada", - }, - }, - me: { username: "openclaw_bot" }, - getFile: async () => ({ download: async () => new Uint8Array() }), - }); - - const payload = replySpy.mock.calls[0]?.[0] as MsgContext | undefined; - expect(payload).toBeTruthy(); - expectChannelInboundContextContract(payload!); - }); -}); diff --git a/src/channels/plugins/contracts/inbound.whatsapp.contract.test.ts b/src/channels/plugins/contracts/inbound.whatsapp.contract.test.ts deleted file mode 100644 index 108131226aa..00000000000 --- a/src/channels/plugins/contracts/inbound.whatsapp.contract.test.ts +++ /dev/null @@ -1,111 +0,0 @@ -import fs from "node:fs/promises"; -import os from "node:os"; -import path from "node:path"; -import { afterEach, describe, expect, it, vi } from "vitest"; -import { processMessage } from "../../../../extensions/whatsapp/src/auto-reply/monitor/process-message.js"; -import type { MsgContext } from "../../../auto-reply/templating.js"; -import { expectChannelInboundContextContract } from "./suites.js"; - -const capture = vi.hoisted(() => ({ - ctx: undefined as MsgContext | undefined, -})); - -vi.mock("../../../auto-reply/reply/provider-dispatcher.js", () => ({ - dispatchReplyWithBufferedBlockDispatcher: vi.fn(async (params: { ctx: MsgContext }) => { - capture.ctx = params.ctx; - return { queuedFinal: false }; - }), -})); - -vi.mock("../../../../extensions/whatsapp/src/auto-reply/monitor/last-route.js", () => ({ - trackBackgroundTask: (tasks: Set>, task: Promise) => { - tasks.add(task); - void task.finally(() => { - tasks.delete(task); - }); - }, - updateLastRouteInBackground: vi.fn(), -})); - -vi.mock("../../../../extensions/whatsapp/src/auto-reply/deliver-reply.js", () => ({ - deliverWebReply: vi.fn(async () => {}), -})); - -function makeProcessArgs(sessionStorePath: string) { - return { - // oxlint-disable-next-line typescript/no-explicit-any - cfg: { messages: {}, session: { store: sessionStorePath } } as any, - // oxlint-disable-next-line typescript/no-explicit-any - msg: { - id: "msg1", - from: "123@g.us", - to: "+15550001111", - chatType: "group", - body: "hi", - senderName: "Alice", - senderJid: "alice@s.whatsapp.net", - senderE164: "+15550002222", - groupSubject: "Test Group", - groupParticipants: [], - } as unknown as Record, - route: { - agentId: "main", - accountId: "default", - sessionKey: "agent:main:whatsapp:group:123", - // oxlint-disable-next-line typescript/no-explicit-any - } as any, - groupHistoryKey: "123@g.us", - groupHistories: new Map(), - groupMemberNames: new Map(), - connectionId: "conn", - verbose: false, - maxMediaBytes: 1, - // oxlint-disable-next-line typescript/no-explicit-any - replyResolver: (async () => undefined) as any, - // oxlint-disable-next-line typescript/no-explicit-any - replyLogger: { info: () => {}, warn: () => {}, error: () => {}, debug: () => {} } as any, - backgroundTasks: new Set>(), - rememberSentText: () => {}, - echoHas: () => false, - echoForget: () => {}, - buildCombinedEchoKey: () => "echo", - groupHistory: [], - // oxlint-disable-next-line typescript/no-explicit-any - } as any; -} - -async function removeDirEventually(dir: string) { - for (let attempt = 0; attempt < 3; attempt += 1) { - try { - await fs.rm(dir, { recursive: true, force: true }); - return; - } catch (error) { - if ((error as NodeJS.ErrnoException).code !== "ENOTEMPTY" || attempt === 2) { - throw error; - } - await new Promise((resolve) => setTimeout(resolve, 25)); - } - } -} - -describe("whatsapp inbound contract", () => { - let sessionDir = ""; - - afterEach(async () => { - capture.ctx = undefined; - if (sessionDir) { - await removeDirEventually(sessionDir); - sessionDir = ""; - } - }); - - it("keeps inbound context finalized", async () => { - sessionDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-whatsapp-contract-")); - const sessionStorePath = path.join(sessionDir, "sessions.json"); - - await processMessage(makeProcessArgs(sessionStorePath)); - - expect(capture.ctx).toBeTruthy(); - expectChannelInboundContextContract(capture.ctx!); - }); -}); diff --git a/src/channels/plugins/contracts/registry.contract.test.ts b/src/channels/plugins/contracts/registry.contract.test.ts index 69ff11d8e68..64b5bc6c369 100644 --- a/src/channels/plugins/contracts/registry.contract.test.ts +++ b/src/channels/plugins/contracts/registry.contract.test.ts @@ -1,23 +1,48 @@ +import fs from "node:fs"; +import path from "node:path"; import { describe, expect, it } from "vitest"; import { actionContractRegistry, + channelPluginSurfaceKeys, + directoryContractRegistry, pluginContractRegistry, + sessionBindingContractRegistry, setupContractRegistry, statusContractRegistry, surfaceContractRegistry, - type ChannelPluginSurface, + threadingContractRegistry, } from "./registry.js"; -const orderedSurfaceKeys = [ - "actions", - "setup", - "status", - "outbound", - "messaging", - "threading", - "directory", - "gateway", -] as const satisfies readonly ChannelPluginSurface[]; +function listFilesRecursively(dir: string): string[] { + const entries = fs.readdirSync(dir, { withFileTypes: true }); + const files: string[] = []; + for (const entry of entries) { + const fullPath = path.join(dir, entry.name); + if (entry.isDirectory()) { + files.push(...listFilesRecursively(fullPath)); + continue; + } + files.push(fullPath); + } + return files; +} + +function discoverSessionBindingChannels() { + const extensionsDir = path.resolve(import.meta.dirname, "../../../../extensions"); + const channels = new Set(); + for (const filePath of listFilesRecursively(extensionsDir)) { + if (!filePath.endsWith(".ts") || filePath.endsWith(".test.ts")) { + continue; + } + const source = fs.readFileSync(filePath, "utf8"); + for (const match of source.matchAll( + /registerSessionBindingAdapter\(\{[\s\S]*?channel:\s*"([^"]+)"/g, + )) { + channels.add(match[1]); + } + } + return [...channels].toSorted(); +} describe("channel contract registry", () => { it("does not duplicate channel plugin ids", () => { @@ -33,7 +58,7 @@ describe("channel contract registry", () => { it("declares the actual owned channel plugin surfaces explicitly", () => { for (const entry of surfaceContractRegistry) { - const actual = orderedSurfaceKeys.filter((surface) => Boolean(entry.plugin[surface])); + const actual = channelPluginSurfaceKeys.filter((surface) => Boolean(entry.plugin[surface])); expect([...entry.surfaces].toSorted()).toEqual(actual.toSorted()); } }); @@ -70,4 +95,48 @@ describe("channel contract registry", () => { expect(statusSurfaceIds.has(entry.id)).toBe(true); } }); + + it("only installs deep threading coverage for plugins that declare threading", () => { + const threadingSurfaceIds = new Set( + surfaceContractRegistry + .filter((entry) => entry.surfaces.includes("threading")) + .map((entry) => entry.id), + ); + for (const entry of threadingContractRegistry) { + expect(threadingSurfaceIds.has(entry.id)).toBe(true); + } + }); + + it("covers every declared directory surface with an explicit contract level", () => { + const directorySurfaceIds = new Set( + surfaceContractRegistry + .filter((entry) => entry.surfaces.includes("directory")) + .map((entry) => entry.id), + ); + for (const entry of directoryContractRegistry) { + expect(directorySurfaceIds.has(entry.id)).toBe(true); + } + expect(directoryContractRegistry.map((entry) => entry.id).toSorted()).toEqual( + [...directorySurfaceIds].toSorted(), + ); + }); + + it("only installs lookup directory coverage for plugins that declare directory", () => { + const directorySurfaceIds = new Set( + surfaceContractRegistry + .filter((entry) => entry.surfaces.includes("directory")) + .map((entry) => entry.id), + ); + for (const entry of directoryContractRegistry.filter( + (candidate) => candidate.coverage === "lookups", + )) { + expect(directorySurfaceIds.has(entry.id)).toBe(true); + } + }); + + it("keeps session binding coverage aligned with registered session binding adapters", () => { + expect(sessionBindingContractRegistry.map((entry) => entry.id).toSorted()).toEqual( + discoverSessionBindingChannels(), + ); + }); }); diff --git a/src/channels/plugins/contracts/registry.ts b/src/channels/plugins/contracts/registry.ts index 2d4569383f8..d651b6ef012 100644 --- a/src/channels/plugins/contracts/registry.ts +++ b/src/channels/plugins/contracts/registry.ts @@ -1,11 +1,27 @@ import { expect, vi } from "vitest"; +import { + __testing as discordThreadBindingTesting, + createThreadBindingManager as createDiscordThreadBindingManager, +} from "../../../../extensions/discord/runtime-api.js"; +import { createFeishuThreadBindingManager } from "../../../../extensions/feishu/api.js"; +import { setMatrixRuntime } from "../../../../extensions/matrix/api.js"; +import { createTelegramThreadBindingManager } from "../../../../extensions/telegram/runtime-api.js"; import type { OpenClawConfig } from "../../../config/config.js"; +import { + getSessionBindingService, + type SessionBindingCapabilities, + type SessionBindingRecord, +} from "../../../infra/outbound/session-binding-service.js"; import { resolveDefaultLineAccountId, resolveLineAccount, listLineAccountIds, } from "../../../line/accounts.js"; -import { bundledChannelRuntimeSetters, requireBundledChannelPlugin } from "../bundled.js"; +import { + bundledChannelPlugins, + bundledChannelRuntimeSetters, + requireBundledChannelPlugin, +} from "../bundled.js"; import type { ChannelPlugin } from "../types.js"; type PluginContractEntry = { @@ -57,6 +73,17 @@ type StatusContractEntry = { }>; }; +export const channelPluginSurfaceKeys = [ + "actions", + "setup", + "status", + "outbound", + "messaging", + "threading", + "directory", + "gateway", +] as const; + export type ChannelPluginSurface = | "actions" | "setup" @@ -84,6 +111,69 @@ type SurfaceContractEntry = { surfaces: readonly ChannelPluginSurface[]; }; +type ThreadingContractEntry = { + id: string; + plugin: Pick; +}; + +type DirectoryContractEntry = { + id: string; + plugin: Pick; + coverage: "lookups" | "presence"; + cfg?: OpenClawConfig; + accountId?: string; +}; + +type SessionBindingContractEntry = { + id: string; + expectedCapabilities: SessionBindingCapabilities; + getCapabilities: () => SessionBindingCapabilities; + bindAndResolve: () => Promise; + unbindAndVerify: (binding: SessionBindingRecord) => Promise; + cleanup: () => Promise | void; +}; + +function expectResolvedSessionBinding(params: { + channel: string; + accountId: string; + conversationId: string; + targetSessionKey: string; +}) { + expect( + getSessionBindingService().resolveByConversation({ + channel: params.channel, + accountId: params.accountId, + conversationId: params.conversationId, + }), + )?.toMatchObject({ + targetSessionKey: params.targetSessionKey, + }); +} + +async function unbindAndExpectClearedSessionBinding(binding: SessionBindingRecord) { + const service = getSessionBindingService(); + const removed = await service.unbind({ + bindingId: binding.bindingId, + reason: "contract-test", + }); + expect(removed.map((entry) => entry.bindingId)).toContain(binding.bindingId); + expect(service.resolveByConversation(binding.conversation)).toBeNull(); +} + +function expectClearedSessionBinding(params: { + channel: string; + accountId: string; + conversationId: string; +}) { + expect( + getSessionBindingService().resolveByConversation({ + channel: params.channel, + accountId: params.accountId, + conversationId: params.conversationId, + }), + ).toBeNull(); +} + const telegramListActionsMock = vi.fn(); const telegramGetCapabilitiesMock = vi.fn(); const discordListActionsMock = vi.fn(); @@ -122,28 +212,18 @@ bundledChannelRuntimeSetters.setLineRuntime({ }, } as never); -export const pluginContractRegistry: PluginContractEntry[] = [ - { id: "bluebubbles", plugin: requireBundledChannelPlugin("bluebubbles") }, - { id: "discord", plugin: requireBundledChannelPlugin("discord") }, - { id: "feishu", plugin: requireBundledChannelPlugin("feishu") }, - { id: "googlechat", plugin: requireBundledChannelPlugin("googlechat") }, - { id: "imessage", plugin: requireBundledChannelPlugin("imessage") }, - { id: "irc", plugin: requireBundledChannelPlugin("irc") }, - { id: "line", plugin: requireBundledChannelPlugin("line") }, - { id: "matrix", plugin: requireBundledChannelPlugin("matrix") }, - { id: "mattermost", plugin: requireBundledChannelPlugin("mattermost") }, - { id: "msteams", plugin: requireBundledChannelPlugin("msteams") }, - { id: "nextcloud-talk", plugin: requireBundledChannelPlugin("nextcloud-talk") }, - { id: "nostr", plugin: requireBundledChannelPlugin("nostr") }, - { id: "signal", plugin: requireBundledChannelPlugin("signal") }, - { id: "slack", plugin: requireBundledChannelPlugin("slack") }, - { id: "synology-chat", plugin: requireBundledChannelPlugin("synology-chat") }, - { id: "telegram", plugin: requireBundledChannelPlugin("telegram") }, - { id: "tlon", plugin: requireBundledChannelPlugin("tlon") }, - { id: "whatsapp", plugin: requireBundledChannelPlugin("whatsapp") }, - { id: "zalo", plugin: requireBundledChannelPlugin("zalo") }, - { id: "zalouser", plugin: requireBundledChannelPlugin("zalouser") }, -]; +setMatrixRuntime({ + state: { + resolveStateDir: (_env: unknown, homeDir?: () => string) => (homeDir ?? (() => "/tmp"))(), + }, +} as never); + +export const pluginContractRegistry: PluginContractEntry[] = bundledChannelPlugins.map( + (plugin) => ({ + id: plugin.id, + plugin, + }), +); export const actionContractRegistry: ActionsContractEntry[] = [ { @@ -489,186 +569,234 @@ export const statusContractRegistry: StatusContractEntry[] = [ }, ]; -export const surfaceContractRegistry: SurfaceContractEntry[] = [ - { - id: "bluebubbles", - plugin: requireBundledChannelPlugin("bluebubbles"), - surfaces: ["actions", "setup", "status", "outbound", "messaging", "threading", "gateway"], +export const surfaceContractRegistry: SurfaceContractEntry[] = bundledChannelPlugins.map( + (plugin) => ({ + id: plugin.id, + plugin, + surfaces: channelPluginSurfaceKeys.filter((surface) => Boolean(plugin[surface])), + }), +); + +export const threadingContractRegistry: ThreadingContractEntry[] = surfaceContractRegistry + .filter((entry) => entry.surfaces.includes("threading")) + .map((entry) => ({ + id: entry.id, + plugin: entry.plugin, + })); + +const directoryPresenceOnlyIds = new Set(["whatsapp", "zalouser"]); +const matrixDirectoryCfg = { + channels: { + matrix: { + enabled: true, + homeserver: "https://matrix.example.com", + userId: "@lobster:example.com", + accessToken: "matrix-access-token", + dm: { + allowFrom: ["matrix:@alice:example.com"], + }, + groupAllowFrom: ["matrix:@team:example.com"], + groups: { + "!room:example.com": { + users: ["matrix:@alice:example.com"], + }, + }, + }, }, +} as OpenClawConfig; + +export const directoryContractRegistry: DirectoryContractEntry[] = surfaceContractRegistry + .filter((entry) => entry.surfaces.includes("directory")) + .map((entry) => ({ + id: entry.id, + plugin: entry.plugin, + coverage: directoryPresenceOnlyIds.has(entry.id) ? "presence" : "lookups", + ...(entry.id === "matrix" ? { cfg: matrixDirectoryCfg } : {}), + })); + +const baseSessionBindingCfg = { + session: { mainKey: "main", scope: "per-sender" }, +} satisfies OpenClawConfig; + +export const sessionBindingContractRegistry: SessionBindingContractEntry[] = [ { id: "discord", - plugin: requireBundledChannelPlugin("discord"), - surfaces: [ - "actions", - "setup", - "status", - "outbound", - "messaging", - "threading", - "directory", - "gateway", - ], + expectedCapabilities: { + adapterAvailable: true, + bindSupported: true, + unbindSupported: true, + placements: ["current", "child"], + }, + getCapabilities: () => { + createDiscordThreadBindingManager({ + accountId: "default", + persist: false, + enableSweeper: false, + }); + return getSessionBindingService().getCapabilities({ + channel: "discord", + accountId: "default", + }); + }, + bindAndResolve: async () => { + createDiscordThreadBindingManager({ + accountId: "default", + persist: false, + enableSweeper: false, + }); + const service = getSessionBindingService(); + const binding = await service.bind({ + targetSessionKey: "agent:discord:child:thread-1", + targetKind: "subagent", + conversation: { + channel: "discord", + accountId: "default", + conversationId: "channel:123456789012345678", + }, + placement: "current", + metadata: { + label: "codex-discord", + }, + }); + expectResolvedSessionBinding({ + channel: "discord", + accountId: "default", + conversationId: "channel:123456789012345678", + targetSessionKey: "agent:discord:child:thread-1", + }); + return binding; + }, + unbindAndVerify: unbindAndExpectClearedSessionBinding, + cleanup: async () => { + const manager = createDiscordThreadBindingManager({ + accountId: "default", + persist: false, + enableSweeper: false, + }); + manager.stop(); + discordThreadBindingTesting.resetThreadBindingsForTests(); + expectClearedSessionBinding({ + channel: "discord", + accountId: "default", + conversationId: "channel:123456789012345678", + }); + }, }, { id: "feishu", - plugin: requireBundledChannelPlugin("feishu"), - surfaces: ["actions", "setup", "status", "outbound", "messaging", "directory", "gateway"], - }, - { - id: "googlechat", - plugin: requireBundledChannelPlugin("googlechat"), - surfaces: [ - "actions", - "setup", - "status", - "outbound", - "messaging", - "threading", - "directory", - "gateway", - ], - }, - { - id: "imessage", - plugin: requireBundledChannelPlugin("imessage"), - surfaces: ["setup", "status", "outbound", "messaging", "gateway"], - }, - { - id: "irc", - plugin: requireBundledChannelPlugin("irc"), - surfaces: ["setup", "status", "outbound", "messaging", "directory", "gateway"], - }, - { - id: "line", - plugin: requireBundledChannelPlugin("line"), - surfaces: ["setup", "status", "outbound", "messaging", "directory", "gateway"], - }, - { - id: "matrix", - plugin: requireBundledChannelPlugin("matrix"), - surfaces: [ - "actions", - "setup", - "status", - "outbound", - "messaging", - "threading", - "directory", - "gateway", - ], - }, - { - id: "mattermost", - plugin: requireBundledChannelPlugin("mattermost"), - surfaces: [ - "actions", - "setup", - "status", - "outbound", - "messaging", - "threading", - "directory", - "gateway", - ], - }, - { - id: "msteams", - plugin: requireBundledChannelPlugin("msteams"), - surfaces: [ - "actions", - "setup", - "status", - "outbound", - "messaging", - "threading", - "directory", - "gateway", - ], - }, - { - id: "nextcloud-talk", - plugin: requireBundledChannelPlugin("nextcloud-talk"), - surfaces: ["setup", "status", "outbound", "messaging", "gateway"], - }, - { - id: "nostr", - plugin: requireBundledChannelPlugin("nostr"), - surfaces: ["setup", "status", "outbound", "messaging", "gateway"], - }, - { - id: "signal", - plugin: requireBundledChannelPlugin("signal"), - surfaces: ["actions", "setup", "status", "outbound", "messaging", "gateway"], - }, - { - id: "slack", - plugin: requireBundledChannelPlugin("slack"), - surfaces: [ - "actions", - "setup", - "status", - "outbound", - "messaging", - "threading", - "directory", - "gateway", - ], - }, - { - id: "synology-chat", - plugin: requireBundledChannelPlugin("synology-chat"), - surfaces: ["setup", "outbound", "messaging", "directory", "gateway"], + expectedCapabilities: { + adapterAvailable: true, + bindSupported: true, + unbindSupported: true, + placements: ["current"], + }, + getCapabilities: () => { + createFeishuThreadBindingManager({ cfg: baseSessionBindingCfg, accountId: "default" }); + return getSessionBindingService().getCapabilities({ + channel: "feishu", + accountId: "default", + }); + }, + bindAndResolve: async () => { + createFeishuThreadBindingManager({ cfg: baseSessionBindingCfg, accountId: "default" }); + const service = getSessionBindingService(); + const binding = await service.bind({ + targetSessionKey: "agent:codex:acp:binding:feishu:default:abc123", + targetKind: "session", + conversation: { + channel: "feishu", + accountId: "default", + conversationId: "oc_group_chat:topic:om_topic_root", + parentConversationId: "oc_group_chat", + }, + placement: "current", + metadata: { + agentId: "codex", + label: "codex-main", + }, + }); + expectResolvedSessionBinding({ + channel: "feishu", + accountId: "default", + conversationId: "oc_group_chat:topic:om_topic_root", + targetSessionKey: "agent:codex:acp:binding:feishu:default:abc123", + }); + return binding; + }, + unbindAndVerify: unbindAndExpectClearedSessionBinding, + cleanup: async () => { + const manager = createFeishuThreadBindingManager({ + cfg: baseSessionBindingCfg, + accountId: "default", + }); + manager.stop(); + expectClearedSessionBinding({ + channel: "feishu", + accountId: "default", + conversationId: "oc_group_chat:topic:om_topic_root", + }); + }, }, { id: "telegram", - plugin: requireBundledChannelPlugin("telegram"), - surfaces: [ - "actions", - "setup", - "status", - "outbound", - "messaging", - "threading", - "directory", - "gateway", - ], - }, - { - id: "tlon", - plugin: requireBundledChannelPlugin("tlon"), - surfaces: ["setup", "status", "outbound", "messaging", "gateway"], - }, - { - id: "whatsapp", - plugin: requireBundledChannelPlugin("whatsapp"), - surfaces: ["actions", "setup", "status", "outbound", "messaging", "directory", "gateway"], - }, - { - id: "zalo", - plugin: requireBundledChannelPlugin("zalo"), - surfaces: [ - "actions", - "setup", - "status", - "outbound", - "messaging", - "threading", - "directory", - "gateway", - ], - }, - { - id: "zalouser", - plugin: requireBundledChannelPlugin("zalouser"), - surfaces: [ - "actions", - "setup", - "status", - "outbound", - "messaging", - "threading", - "directory", - "gateway", - ], + expectedCapabilities: { + adapterAvailable: true, + bindSupported: true, + unbindSupported: true, + placements: ["current"], + }, + getCapabilities: () => { + createTelegramThreadBindingManager({ + accountId: "default", + persist: false, + enableSweeper: false, + }); + return getSessionBindingService().getCapabilities({ + channel: "telegram", + accountId: "default", + }); + }, + bindAndResolve: async () => { + createTelegramThreadBindingManager({ + accountId: "default", + persist: false, + enableSweeper: false, + }); + const service = getSessionBindingService(); + const binding = await service.bind({ + targetSessionKey: "agent:main:subagent:child-1", + targetKind: "subagent", + conversation: { + channel: "telegram", + accountId: "default", + conversationId: "-100200300:topic:77", + }, + placement: "current", + metadata: { + boundBy: "user-1", + }, + }); + expectResolvedSessionBinding({ + channel: "telegram", + accountId: "default", + conversationId: "-100200300:topic:77", + targetSessionKey: "agent:main:subagent:child-1", + }); + return binding; + }, + unbindAndVerify: unbindAndExpectClearedSessionBinding, + cleanup: async () => { + const manager = createTelegramThreadBindingManager({ + accountId: "default", + persist: false, + enableSweeper: false, + }); + manager.stop(); + expectClearedSessionBinding({ + channel: "telegram", + accountId: "default", + conversationId: "-100200300:topic:77", + }); + }, }, ]; diff --git a/src/channels/plugins/contracts/session-binding.contract.test.ts b/src/channels/plugins/contracts/session-binding.contract.test.ts new file mode 100644 index 00000000000..b8201569cde --- /dev/null +++ b/src/channels/plugins/contracts/session-binding.contract.test.ts @@ -0,0 +1,26 @@ +import { beforeEach, describe } from "vitest"; +import { __testing as discordThreadBindingTesting } from "../../../../extensions/discord/src/monitor/thread-bindings.manager.js"; +import { __testing as feishuThreadBindingTesting } from "../../../../extensions/feishu/src/thread-bindings.js"; +import { __testing as telegramThreadBindingTesting } from "../../../../extensions/telegram/src/thread-bindings.js"; +import { __testing as sessionBindingTesting } from "../../../infra/outbound/session-binding-service.js"; +import { sessionBindingContractRegistry } from "./registry.js"; +import { installSessionBindingContractSuite } from "./suites.js"; + +beforeEach(() => { + sessionBindingTesting.resetSessionBindingAdaptersForTests(); + discordThreadBindingTesting.resetThreadBindingsForTests(); + feishuThreadBindingTesting.resetFeishuThreadBindingsForTests(); + telegramThreadBindingTesting.resetTelegramThreadBindingsForTests(); +}); + +for (const entry of sessionBindingContractRegistry) { + describe(`${entry.id} session binding contract`, () => { + installSessionBindingContractSuite({ + expectedCapabilities: entry.expectedCapabilities, + getCapabilities: entry.getCapabilities, + bindAndResolve: entry.bindAndResolve, + unbindAndVerify: entry.unbindAndVerify, + cleanup: entry.cleanup, + }); + }); +} diff --git a/src/channels/plugins/contracts/suites.ts b/src/channels/plugins/contracts/suites.ts index f2c8a8e3b16..cc442b5ef20 100644 --- a/src/channels/plugins/contracts/suites.ts +++ b/src/channels/plugins/contracts/suites.ts @@ -5,13 +5,22 @@ import type { ResolveProviderRuntimeGroupPolicyParams, RuntimeGroupPolicyResolution, } from "../../../config/runtime-group-policy.js"; +import type { + SessionBindingCapabilities, + SessionBindingRecord, +} from "../../../infra/outbound/session-binding-service.js"; +import { createNonExitingRuntime } from "../../../runtime.js"; import { normalizeChatType } from "../../chat-type.js"; import { resolveConversationLabel } from "../../conversation-label.js"; import { validateSenderIdentity } from "../../sender-identity.js"; import type { ChannelAccountSnapshot, ChannelAccountState, + ChannelDirectoryEntry, + ChannelFocusedBindingContext, + ChannelReplyTransport, ChannelSetupInput, + ChannelThreadingToolContext, } from "../types.core.js"; import type { ChannelMessageActionName, @@ -23,6 +32,69 @@ function sortStrings(values: readonly string[]) { return [...values].toSorted((left, right) => left.localeCompare(right)); } +const contractRuntime = createNonExitingRuntime(); +function expectDirectoryEntryShape(entry: ChannelDirectoryEntry) { + expect(["user", "group", "channel"]).toContain(entry.kind); + expect(typeof entry.id).toBe("string"); + expect(entry.id.trim()).not.toBe(""); + if (entry.name !== undefined) { + expect(typeof entry.name).toBe("string"); + } + if (entry.handle !== undefined) { + expect(typeof entry.handle).toBe("string"); + } + if (entry.avatarUrl !== undefined) { + expect(typeof entry.avatarUrl).toBe("string"); + } + if (entry.rank !== undefined) { + expect(typeof entry.rank).toBe("number"); + } +} + +function expectThreadingToolContextShape(context: ChannelThreadingToolContext) { + if (context.currentChannelId !== undefined) { + expect(typeof context.currentChannelId).toBe("string"); + } + if (context.currentChannelProvider !== undefined) { + expect(typeof context.currentChannelProvider).toBe("string"); + } + if (context.currentThreadTs !== undefined) { + expect(typeof context.currentThreadTs).toBe("string"); + } + if (context.currentMessageId !== undefined) { + expect(["string", "number"]).toContain(typeof context.currentMessageId); + } + if (context.replyToMode !== undefined) { + expect(["off", "first", "all"]).toContain(context.replyToMode); + } + if (context.hasRepliedRef !== undefined) { + expect(typeof context.hasRepliedRef).toBe("object"); + } + if (context.skipCrossContextDecoration !== undefined) { + expect(typeof context.skipCrossContextDecoration).toBe("boolean"); + } +} + +function expectReplyTransportShape(transport: ChannelReplyTransport) { + if (transport.replyToId !== undefined && transport.replyToId !== null) { + expect(typeof transport.replyToId).toBe("string"); + } + if (transport.threadId !== undefined && transport.threadId !== null) { + expect(["string", "number"]).toContain(typeof transport.threadId); + } +} + +function expectFocusedBindingShape(binding: ChannelFocusedBindingContext) { + expect(typeof binding.conversationId).toBe("string"); + expect(binding.conversationId.trim()).not.toBe(""); + if (binding.parentConversationId !== undefined) { + expect(typeof binding.parentConversationId).toBe("string"); + } + expect(["current", "child"]).toContain(binding.placement); + expect(typeof binding.labelNoun).toBe("string"); + expect(binding.labelNoun.trim()).not.toBe(""); +} + export function installChannelPluginContractSuite(params: { plugin: Pick; }) { @@ -228,6 +300,196 @@ export function installChannelSurfaceContractSuite(params: { }); } +export function installChannelThreadingContractSuite(params: { + plugin: Pick; +}) { + it("exposes the base threading contract", () => { + expect(params.plugin.threading).toBeDefined(); + }); + + it("keeps threading return values normalized", () => { + const threading = params.plugin.threading; + expect(threading).toBeDefined(); + + if (threading?.resolveReplyToMode) { + expect( + ["off", "first", "all"].includes( + threading.resolveReplyToMode({ + cfg: {} as OpenClawConfig, + accountId: "default", + chatType: "group", + }), + ), + ).toBe(true); + } + + const repliedRef = { value: false }; + const toolContext = threading?.buildToolContext?.({ + cfg: {} as OpenClawConfig, + accountId: "default", + context: { + Channel: "group:test", + From: "user:test", + To: "group:test", + ChatType: "group", + CurrentMessageId: "msg-1", + ReplyToId: "msg-0", + ReplyToIdFull: "thread-0", + MessageThreadId: "thread-0", + NativeChannelId: "native:test", + }, + hasRepliedRef: repliedRef, + }); + + if (toolContext) { + expectThreadingToolContextShape(toolContext); + if (toolContext.hasRepliedRef) { + expect(toolContext.hasRepliedRef).toBe(repliedRef); + } + } + + const autoThreadId = threading?.resolveAutoThreadId?.({ + cfg: {} as OpenClawConfig, + accountId: "default", + to: "group:test", + toolContext, + replyToId: null, + }); + if (autoThreadId !== undefined) { + expect(typeof autoThreadId).toBe("string"); + expect(autoThreadId.trim()).not.toBe(""); + } + + const replyTransport = threading?.resolveReplyTransport?.({ + cfg: {} as OpenClawConfig, + accountId: "default", + threadId: "thread-0", + replyToId: "msg-0", + }); + if (replyTransport) { + expectReplyTransportShape(replyTransport); + } + + const focusedBinding = threading?.resolveFocusedBinding?.({ + cfg: {} as OpenClawConfig, + accountId: "default", + context: { + Channel: "group:test", + From: "user:test", + To: "group:test", + ChatType: "group", + CurrentMessageId: "msg-1", + ReplyToId: "msg-0", + ReplyToIdFull: "thread-0", + MessageThreadId: "thread-0", + NativeChannelId: "native:test", + }, + }); + if (focusedBinding) { + expectFocusedBindingShape(focusedBinding); + } + }); +} + +export function installChannelDirectoryContractSuite(params: { + plugin: Pick; + coverage?: "lookups" | "presence"; + cfg?: OpenClawConfig; + accountId?: string; +}) { + it("exposes the base directory contract", async () => { + const directory = params.plugin.directory; + expect(directory).toBeDefined(); + + if (params.coverage === "presence") { + return; + } + const self = await directory?.self?.({ + cfg: params.cfg ?? ({} as OpenClawConfig), + accountId: params.accountId ?? "default", + runtime: contractRuntime, + }); + if (self) { + expectDirectoryEntryShape(self); + } + + const peers = + (await directory?.listPeers?.({ + cfg: params.cfg ?? ({} as OpenClawConfig), + accountId: params.accountId ?? "default", + query: "", + limit: 5, + runtime: contractRuntime, + })) ?? []; + expect(Array.isArray(peers)).toBe(true); + for (const peer of peers) { + expectDirectoryEntryShape(peer); + } + + const groups = + (await directory?.listGroups?.({ + cfg: params.cfg ?? ({} as OpenClawConfig), + accountId: params.accountId ?? "default", + query: "", + limit: 5, + runtime: contractRuntime, + })) ?? []; + expect(Array.isArray(groups)).toBe(true); + for (const group of groups) { + expectDirectoryEntryShape(group); + } + + if (directory?.listGroupMembers && groups[0]?.id) { + const members = await directory.listGroupMembers({ + cfg: params.cfg ?? ({} as OpenClawConfig), + accountId: params.accountId ?? "default", + groupId: groups[0].id, + limit: 5, + runtime: contractRuntime, + }); + expect(Array.isArray(members)).toBe(true); + for (const member of members) { + expectDirectoryEntryShape(member); + } + } + }); +} + +export function installSessionBindingContractSuite(params: { + getCapabilities: () => SessionBindingCapabilities; + bindAndResolve: () => Promise; + unbindAndVerify: (binding: SessionBindingRecord) => Promise; + cleanup: () => Promise | void; + expectedCapabilities: SessionBindingCapabilities; +}) { + it("registers the expected session binding capabilities", () => { + expect(params.getCapabilities()).toEqual(params.expectedCapabilities); + }); + + it("binds and resolves a session binding through the shared service", async () => { + const binding = await params.bindAndResolve(); + expect(typeof binding.bindingId).toBe("string"); + expect(binding.bindingId.trim()).not.toBe(""); + expect(typeof binding.targetSessionKey).toBe("string"); + expect(binding.targetSessionKey.trim()).not.toBe(""); + expect(["session", "subagent"]).toContain(binding.targetKind); + expect(typeof binding.conversation.channel).toBe("string"); + expect(typeof binding.conversation.accountId).toBe("string"); + expect(typeof binding.conversation.conversationId).toBe("string"); + expect(["active", "ending", "ended"]).toContain(binding.status); + expect(typeof binding.boundAt).toBe("number"); + }); + + it("unbinds a registered binding through the shared service", async () => { + const binding = await params.bindAndResolve(); + await params.unbindAndVerify(binding); + }); + + it("cleans up registered bindings", async () => { + await params.cleanup(); + }); +} + type ChannelSetupContractCase = { name: string; cfg: OpenClawConfig; diff --git a/src/channels/plugins/contracts/threading.contract.test.ts b/src/channels/plugins/contracts/threading.contract.test.ts new file mode 100644 index 00000000000..54799b54c44 --- /dev/null +++ b/src/channels/plugins/contracts/threading.contract.test.ts @@ -0,0 +1,11 @@ +import { describe } from "vitest"; +import { threadingContractRegistry } from "./registry.js"; +import { installChannelThreadingContractSuite } from "./suites.js"; + +for (const entry of threadingContractRegistry) { + describe(`${entry.id} threading contract`, () => { + installChannelThreadingContractSuite({ + plugin: entry.plugin, + }); + }); +} diff --git a/src/channels/plugins/group-mentions.ts b/src/channels/plugins/group-mentions.ts index 94079daed04..f825fc73fe5 100644 --- a/src/channels/plugins/group-mentions.ts +++ b/src/channels/plugins/group-mentions.ts @@ -10,7 +10,7 @@ import type { GroupToolPolicyConfig, } from "../../config/types.tools.js"; import { resolveExactLineGroupConfigKey } from "../../line/group-keys.js"; -import { inspectSlackAccount } from "../../plugin-sdk-internal/slack.js"; +import { inspectSlackAccount } from "../../plugin-sdk/slack.js"; import { normalizeAtHashSlug, normalizeHyphenSlug } from "../../shared/string-normalization.js"; import type { ChannelGroupContext } from "./types.js"; diff --git a/src/channels/plugins/message-actions.test.ts b/src/channels/plugins/message-actions.test.ts index 92af406e2f1..17fdf8fe193 100644 --- a/src/channels/plugins/message-actions.test.ts +++ b/src/channels/plugins/message-actions.test.ts @@ -1,13 +1,16 @@ -import { afterEach, describe, expect, it } from "vitest"; +import { afterEach, describe, expect, it, vi } from "vitest"; import type { OpenClawConfig } from "../../config/config.js"; import { setActivePluginRegistry } from "../../plugins/runtime.js"; +import { defaultRuntime } from "../../runtime.js"; import { createChannelTestPluginBase, createTestRegistry, } from "../../test-utils/channel-plugins.js"; import { + __testing, channelSupportsMessageCapability, channelSupportsMessageCapabilityForChannel, + listChannelMessageActions, listChannelMessageCapabilities, listChannelMessageCapabilitiesForChannel, } from "./message-actions.js"; @@ -56,8 +59,12 @@ function activateMessageActionTestRegistry() { } describe("message action capability checks", () => { + const errorSpy = vi.spyOn(defaultRuntime, "error").mockImplementation(() => undefined); + afterEach(() => { setActivePluginRegistry(emptyRegistry); + __testing.resetLoggedMessageActionErrors(); + errorSpy.mockClear(); }); it("aggregates capabilities across plugins", () => { @@ -122,4 +129,36 @@ describe("message action capability checks", () => { false, ); }); + + it("skips crashing action/capability discovery paths and logs once", () => { + const crashingPlugin: ChannelPlugin = { + ...createChannelTestPluginBase({ + id: "discord", + label: "Discord", + capabilities: { chatTypes: ["direct", "group"] }, + config: { + listAccountIds: () => ["default"], + }, + }), + actions: { + listActions: () => { + throw new Error("boom"); + }, + getCapabilities: () => { + throw new Error("boom"); + }, + }, + }; + setActivePluginRegistry( + createTestRegistry([{ pluginId: "discord", source: "test", plugin: crashingPlugin }]), + ); + + expect(listChannelMessageActions({} as OpenClawConfig)).toEqual(["send", "broadcast"]); + expect(listChannelMessageCapabilities({} as OpenClawConfig)).toEqual([]); + expect(errorSpy).toHaveBeenCalledTimes(2); + + expect(listChannelMessageActions({} as OpenClawConfig)).toEqual(["send", "broadcast"]); + expect(listChannelMessageCapabilities({} as OpenClawConfig)).toEqual([]); + expect(errorSpy).toHaveBeenCalledTimes(2); + }); }); diff --git a/src/channels/plugins/message-actions.ts b/src/channels/plugins/message-actions.ts index 506f2204493..07d08171582 100644 --- a/src/channels/plugins/message-actions.ts +++ b/src/channels/plugins/message-actions.ts @@ -1,5 +1,6 @@ import type { AgentToolResult } from "@mariozechner/pi-agent-core"; import type { OpenClawConfig } from "../../config/config.js"; +import { defaultRuntime } from "../../runtime.js"; import { getChannelPlugin, listChannelPlugins } from "./index.js"; import type { ChannelMessageCapability } from "./message-capabilities.js"; import type { ChannelMessageActionContext, ChannelMessageActionName } from "./types.js"; @@ -16,13 +17,54 @@ function requiresTrustedRequesterSender(ctx: ChannelMessageActionContext): boole ); } +const loggedMessageActionErrors = new Set(); + +function logMessageActionError(params: { + pluginId: string; + operation: "listActions" | "getCapabilities"; + error: unknown; +}) { + const message = params.error instanceof Error ? params.error.message : String(params.error); + const key = `${params.pluginId}:${params.operation}:${message}`; + if (loggedMessageActionErrors.has(key)) { + return; + } + loggedMessageActionErrors.add(key); + const stack = params.error instanceof Error && params.error.stack ? params.error.stack : null; + defaultRuntime.error?.( + `[message-actions] ${params.pluginId}.actions.${params.operation} failed: ${stack ?? message}`, + ); +} + +function runListActionsSafely(params: { + pluginId: string; + cfg: OpenClawConfig; + listActions: NonNullable; +}): ChannelMessageActionName[] { + try { + const listed = params.listActions({ cfg: params.cfg }); + return Array.isArray(listed) ? listed : []; + } catch (error) { + logMessageActionError({ + pluginId: params.pluginId, + operation: "listActions", + error, + }); + return []; + } +} + export function listChannelMessageActions(cfg: OpenClawConfig): ChannelMessageActionName[] { const actions = new Set(["send", "broadcast"]); for (const plugin of listChannelPlugins()) { - const list = plugin.actions?.listActions?.({ cfg }); - if (!list) { + if (!plugin.actions?.listActions) { continue; } + const list = runListActionsSafely({ + pluginId: plugin.id, + cfg, + listActions: plugin.actions.listActions, + }); for (const action of list) { actions.add(action); } @@ -30,11 +72,21 @@ export function listChannelMessageActions(cfg: OpenClawConfig): ChannelMessageAc return Array.from(actions); } -function listCapabilities( - actions: ChannelActions, - cfg: OpenClawConfig, -): readonly ChannelMessageCapability[] { - return actions.getCapabilities?.({ cfg }) ?? []; +function listCapabilities(params: { + pluginId: string; + actions: ChannelActions; + cfg: OpenClawConfig; +}): readonly ChannelMessageCapability[] { + try { + return params.actions.getCapabilities?.({ cfg: params.cfg }) ?? []; + } catch (error) { + logMessageActionError({ + pluginId: params.pluginId, + operation: "getCapabilities", + error, + }); + return []; + } } export function listChannelMessageCapabilities(cfg: OpenClawConfig): ChannelMessageCapability[] { @@ -43,7 +95,11 @@ export function listChannelMessageCapabilities(cfg: OpenClawConfig): ChannelMess if (!plugin.actions) { continue; } - for (const capability of listCapabilities(plugin.actions, cfg)) { + for (const capability of listCapabilities({ + pluginId: plugin.id, + actions: plugin.actions, + cfg, + })) { capabilities.add(capability); } } @@ -58,7 +114,15 @@ export function listChannelMessageCapabilitiesForChannel(params: { return []; } const plugin = getChannelPlugin(params.channel as Parameters[0]); - return plugin?.actions ? Array.from(listCapabilities(plugin.actions, params.cfg)) : []; + return plugin?.actions + ? Array.from( + listCapabilities({ + pluginId: plugin.id, + actions: plugin.actions, + cfg: params.cfg, + }), + ) + : []; } export function channelSupportsMessageCapability( @@ -95,3 +159,9 @@ export async function dispatchChannelMessageAction( } return await plugin.actions.handleAction(ctx); } + +export const __testing = { + resetLoggedMessageActionErrors() { + loggedMessageActionErrors.clear(); + }, +}; diff --git a/src/channels/plugins/message-capability-matrix.test.ts b/src/channels/plugins/message-capability-matrix.test.ts index b8d289aa56b..9ab42ad4c51 100644 --- a/src/channels/plugins/message-capability-matrix.test.ts +++ b/src/channels/plugins/message-capability-matrix.test.ts @@ -75,18 +75,15 @@ describe("channel action capability matrix", () => { expect(result).toEqual(["interactive", "buttons"]); expect(telegramGetCapabilitiesMock).toHaveBeenCalledWith({ cfg: {} }); - }); - - it("forwards Discord action capabilities through the channel wrapper", () => { discordGetCapabilitiesMock.mockReturnValue(["interactive", "components"]); - const result = discordPlugin.actions?.getCapabilities?.({ cfg: {} as OpenClawConfig }); + const discordResult = discordPlugin.actions?.getCapabilities?.({ cfg: {} as OpenClawConfig }); - expect(result).toEqual(["interactive", "components"]); + expect(discordResult).toEqual(["interactive", "components"]); expect(discordGetCapabilitiesMock).toHaveBeenCalledWith({ cfg: {} }); }); - it("exposes Mattermost buttons only when an account is configured", () => { + it("exposes configured channel capabilities only when required credentials are present", () => { const configuredCfg = { channels: { mattermost: { @@ -103,61 +100,57 @@ describe("channel action capability matrix", () => { }, }, } as OpenClawConfig; + const configuredFeishuCfg = { + channels: { + feishu: { + enabled: true, + appId: "cli_a", + appSecret: "secret", + }, + }, + } as OpenClawConfig; + const disabledFeishuCfg = { + channels: { + feishu: { + enabled: false, + appId: "cli_a", + appSecret: "secret", + }, + }, + } as OpenClawConfig; + const configuredMsteamsCfg = { + channels: { + msteams: { + enabled: true, + tenantId: "tenant", + appId: "app", + appPassword: "secret", + }, + }, + } as OpenClawConfig; + const disabledMsteamsCfg = { + channels: { + msteams: { + enabled: false, + tenantId: "tenant", + appId: "app", + appPassword: "secret", + }, + }, + } as OpenClawConfig; expect(mattermostPlugin.actions?.getCapabilities?.({ cfg: configuredCfg })).toEqual([ "buttons", ]); expect(mattermostPlugin.actions?.getCapabilities?.({ cfg: unconfiguredCfg })).toEqual([]); - }); - - it("exposes Feishu cards only when credentials are configured", () => { - const configuredCfg = { - channels: { - feishu: { - enabled: true, - appId: "cli_a", - appSecret: "secret", - }, - }, - } as OpenClawConfig; - const disabledCfg = { - channels: { - feishu: { - enabled: false, - appId: "cli_a", - appSecret: "secret", - }, - }, - } as OpenClawConfig; - - expect(feishuPlugin.actions?.getCapabilities?.({ cfg: configuredCfg })).toEqual(["cards"]); - expect(feishuPlugin.actions?.getCapabilities?.({ cfg: disabledCfg })).toEqual([]); - }); - - it("exposes MSTeams cards only when credentials are configured", () => { - const configuredCfg = { - channels: { - msteams: { - enabled: true, - tenantId: "tenant", - appId: "app", - appPassword: "secret", - }, - }, - } as OpenClawConfig; - const disabledCfg = { - channels: { - msteams: { - enabled: false, - tenantId: "tenant", - appId: "app", - appPassword: "secret", - }, - }, - } as OpenClawConfig; - - expect(msteamsPlugin.actions?.getCapabilities?.({ cfg: configuredCfg })).toEqual(["cards"]); - expect(msteamsPlugin.actions?.getCapabilities?.({ cfg: disabledCfg })).toEqual([]); + expect(feishuPlugin.actions?.getCapabilities?.({ cfg: configuredFeishuCfg })).toEqual([ + "cards", + ]); + expect(feishuPlugin.actions?.getCapabilities?.({ cfg: disabledFeishuCfg })).toEqual([]); + expect(msteamsPlugin.actions?.getCapabilities?.({ cfg: configuredMsteamsCfg })).toEqual([ + "cards", + ]); + expect(msteamsPlugin.actions?.getCapabilities?.({ cfg: disabledMsteamsCfg })).toEqual([]); }); it("keeps Zalo actions on the empty capability set", () => { diff --git a/src/channels/plugins/setup-helpers.test.ts b/src/channels/plugins/setup-helpers.test.ts index 10069c0b9f4..4111986e175 100644 --- a/src/channels/plugins/setup-helpers.test.ts +++ b/src/channels/plugins/setup-helpers.test.ts @@ -1,7 +1,12 @@ import { describe, expect, it } from "vitest"; import type { OpenClawConfig } from "../../config/config.js"; import { DEFAULT_ACCOUNT_ID } from "../../routing/session-key.js"; -import { applySetupAccountConfigPatch } from "./setup-helpers.js"; +import { + applySetupAccountConfigPatch, + createEnvPatchedAccountSetupAdapter, + createPatchedAccountSetupAdapter, + prepareScopedSetupConfig, +} from "./setup-helpers.js"; function asConfig(value: unknown): OpenClawConfig { return value as OpenClawConfig; @@ -79,3 +84,157 @@ describe("applySetupAccountConfigPatch", () => { }); }); }); + +describe("createPatchedAccountSetupAdapter", () => { + it("stores default-account patch at channel root", () => { + const adapter = createPatchedAccountSetupAdapter({ + channelKey: "zalo", + buildPatch: (input) => ({ botToken: input.token }), + }); + + const next = adapter.applyAccountConfig({ + cfg: asConfig({ channels: { zalo: { enabled: false } } }), + accountId: DEFAULT_ACCOUNT_ID, + input: { name: "Personal", token: "tok" }, + }); + + expect(next.channels?.zalo).toMatchObject({ + enabled: true, + name: "Personal", + botToken: "tok", + }); + }); + + it("migrates base name into the default account before patching a named account", () => { + const adapter = createPatchedAccountSetupAdapter({ + channelKey: "zalo", + buildPatch: (input) => ({ botToken: input.token }), + }); + + const next = adapter.applyAccountConfig({ + cfg: asConfig({ + channels: { + zalo: { + name: "Personal", + accounts: { + work: { botToken: "old" }, + }, + }, + }, + }), + accountId: "Work Team", + input: { name: "Work", token: "new" }, + }); + + expect(next.channels?.zalo).toMatchObject({ + accounts: { + default: { name: "Personal" }, + work: { botToken: "old" }, + "work-team": { enabled: true, name: "Work", botToken: "new" }, + }, + }); + expect(next.channels?.zalo).not.toHaveProperty("name"); + }); + + it("can store the default account in accounts.default", () => { + const adapter = createPatchedAccountSetupAdapter({ + channelKey: "whatsapp", + alwaysUseAccounts: true, + buildPatch: (input) => ({ authDir: input.authDir }), + }); + + const next = adapter.applyAccountConfig({ + cfg: asConfig({ channels: { whatsapp: {} } }), + accountId: DEFAULT_ACCOUNT_ID, + input: { name: "Phone", authDir: "/tmp/auth" }, + }); + + expect(next.channels?.whatsapp).toMatchObject({ + accounts: { + default: { + enabled: true, + name: "Phone", + authDir: "/tmp/auth", + }, + }, + }); + expect(next.channels?.whatsapp).not.toHaveProperty("enabled"); + expect(next.channels?.whatsapp).not.toHaveProperty("authDir"); + }); +}); + +describe("createEnvPatchedAccountSetupAdapter", () => { + it("rejects env mode for named accounts and requires credentials otherwise", () => { + const adapter = createEnvPatchedAccountSetupAdapter({ + channelKey: "telegram", + defaultAccountOnlyEnvError: "env only on default", + missingCredentialError: "token required", + hasCredentials: (input) => Boolean(input.token || input.tokenFile), + buildPatch: (input) => ({ token: input.token }), + }); + + expect( + adapter.validateInput?.({ + cfg: asConfig({}), + accountId: "work", + input: { useEnv: true }, + }), + ).toBe("env only on default"); + + expect( + adapter.validateInput?.({ + cfg: asConfig({}), + accountId: DEFAULT_ACCOUNT_ID, + input: {}, + }), + ).toBe("token required"); + + expect( + adapter.validateInput?.({ + cfg: asConfig({}), + accountId: DEFAULT_ACCOUNT_ID, + input: { token: "tok" }, + }), + ).toBeNull(); + }); +}); + +describe("prepareScopedSetupConfig", () => { + it("stores the name and migrates it for named accounts when requested", () => { + const next = prepareScopedSetupConfig({ + cfg: asConfig({ + channels: { + bluebubbles: { + name: "Personal", + }, + }, + }), + channelKey: "bluebubbles", + accountId: "Work Team", + name: "Work", + migrateBaseName: true, + }); + + expect(next.channels?.bluebubbles).toMatchObject({ + accounts: { + default: { name: "Personal" }, + "work-team": { name: "Work" }, + }, + }); + expect(next.channels?.bluebubbles).not.toHaveProperty("name"); + }); + + it("keeps the base shape for the default account when migration is disabled", () => { + const next = prepareScopedSetupConfig({ + cfg: asConfig({ channels: { irc: { enabled: true } } }), + channelKey: "irc", + accountId: DEFAULT_ACCOUNT_ID, + name: "Libera", + }); + + expect(next.channels?.irc).toMatchObject({ + enabled: true, + name: "Libera", + }); + }); +}); diff --git a/src/channels/plugins/setup-helpers.ts b/src/channels/plugins/setup-helpers.ts index d592a56e475..e27f13e383a 100644 --- a/src/channels/plugins/setup-helpers.ts +++ b/src/channels/plugins/setup-helpers.ts @@ -1,5 +1,7 @@ import type { OpenClawConfig } from "../../config/config.js"; import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../routing/session-key.js"; +import type { ChannelSetupAdapter } from "./types.adapters.js"; +import type { ChannelSetupInput } from "./types.core.js"; type ChannelSectionBase = { name?: string; @@ -120,6 +122,31 @@ export function migrateBaseNameToDefaultAccount(params: { } as OpenClawConfig; } +export function prepareScopedSetupConfig(params: { + cfg: OpenClawConfig; + channelKey: string; + accountId: string; + name?: string; + alwaysUseAccounts?: boolean; + migrateBaseName?: boolean; +}): OpenClawConfig { + const namedConfig = applyAccountNameToChannelSection({ + cfg: params.cfg, + channelKey: params.channelKey, + accountId: params.accountId, + name: params.name, + alwaysUseAccounts: params.alwaysUseAccounts, + }); + if (!params.migrateBaseName || normalizeAccountId(params.accountId) === DEFAULT_ACCOUNT_ID) { + return namedConfig; + } + return migrateBaseNameToDefaultAccount({ + cfg: namedConfig, + channelKey: params.channelKey, + alwaysUseAccounts: params.alwaysUseAccounts, + }); +} + export function applySetupAccountConfigPatch(params: { cfg: OpenClawConfig; channelKey: string; @@ -134,6 +161,78 @@ export function applySetupAccountConfigPatch(params: { }); } +export function createPatchedAccountSetupAdapter(params: { + channelKey: string; + alwaysUseAccounts?: boolean; + ensureChannelEnabled?: boolean; + ensureAccountEnabled?: boolean; + validateInput?: ChannelSetupAdapter["validateInput"]; + buildPatch: (input: ChannelSetupInput) => Record; +}): ChannelSetupAdapter { + return { + resolveAccountId: ({ accountId }) => normalizeAccountId(accountId), + applyAccountName: ({ cfg, accountId, name }) => + prepareScopedSetupConfig({ + cfg, + channelKey: params.channelKey, + accountId, + name, + alwaysUseAccounts: params.alwaysUseAccounts, + }), + validateInput: params.validateInput, + applyAccountConfig: ({ cfg, accountId, input }) => { + const next = prepareScopedSetupConfig({ + cfg, + channelKey: params.channelKey, + accountId, + name: input.name, + alwaysUseAccounts: params.alwaysUseAccounts, + migrateBaseName: !params.alwaysUseAccounts, + }); + const patch = params.buildPatch(input); + return patchScopedAccountConfig({ + cfg: next, + channelKey: params.channelKey, + accountId, + patch, + accountPatch: patch, + ensureChannelEnabled: params.ensureChannelEnabled ?? !params.alwaysUseAccounts, + ensureAccountEnabled: params.ensureAccountEnabled ?? true, + scopeDefaultToAccounts: params.alwaysUseAccounts, + }); + }, + }; +} + +export function createEnvPatchedAccountSetupAdapter(params: { + channelKey: string; + alwaysUseAccounts?: boolean; + ensureChannelEnabled?: boolean; + ensureAccountEnabled?: boolean; + defaultAccountOnlyEnvError: string; + missingCredentialError: string; + hasCredentials: (input: ChannelSetupInput) => boolean; + validateInput?: ChannelSetupAdapter["validateInput"]; + buildPatch: (input: ChannelSetupInput) => Record; +}): ChannelSetupAdapter { + return createPatchedAccountSetupAdapter({ + channelKey: params.channelKey, + alwaysUseAccounts: params.alwaysUseAccounts, + ensureChannelEnabled: params.ensureChannelEnabled, + ensureAccountEnabled: params.ensureAccountEnabled, + validateInput: (inputParams) => { + if (inputParams.input.useEnv && inputParams.accountId !== DEFAULT_ACCOUNT_ID) { + return params.defaultAccountOnlyEnvError; + } + if (!inputParams.input.useEnv && !params.hasCredentials(inputParams.input)) { + return params.missingCredentialError; + } + return params.validateInput?.(inputParams) ?? null; + }, + buildPatch: params.buildPatch, + }); +} + export function patchScopedAccountConfig(params: { cfg: OpenClawConfig; channelKey: string; @@ -142,6 +241,7 @@ export function patchScopedAccountConfig(params: { accountPatch?: Record; ensureChannelEnabled?: boolean; ensureAccountEnabled?: boolean; + scopeDefaultToAccounts?: boolean; }): OpenClawConfig { const accountId = normalizeAccountId(params.accountId); const channels = params.cfg.channels as Record | undefined; @@ -156,7 +256,7 @@ export function patchScopedAccountConfig(params: { const ensureAccountEnabled = params.ensureAccountEnabled ?? ensureChannelEnabled; const patch = params.patch; const accountPatch = params.accountPatch ?? patch; - if (accountId === DEFAULT_ACCOUNT_ID) { + if (accountId === DEFAULT_ACCOUNT_ID && !params.scopeDefaultToAccounts) { return { ...params.cfg, channels: { diff --git a/src/channels/plugins/setup-wizard-helpers.runtime.ts b/src/channels/plugins/setup-wizard-helpers.runtime.ts index 8c1808f5d40..9fcdf661643 100644 --- a/src/channels/plugins/setup-wizard-helpers.runtime.ts +++ b/src/channels/plugins/setup-wizard-helpers.runtime.ts @@ -1 +1,8 @@ -export { promptResolvedAllowFrom } from "./setup-wizard-helpers.js"; +import type { promptResolvedAllowFrom as promptResolvedAllowFromType } from "./setup-wizard-helpers.js"; + +export async function promptResolvedAllowFrom( + ...args: Parameters +): ReturnType { + const runtime = await import("./setup-wizard-helpers.js"); + return runtime.promptResolvedAllowFrom(...args); +} diff --git a/src/channels/plugins/setup-wizard-helpers.ts b/src/channels/plugins/setup-wizard-helpers.ts index de513f64d27..c80a00dd324 100644 --- a/src/channels/plugins/setup-wizard-helpers.ts +++ b/src/channels/plugins/setup-wizard-helpers.ts @@ -1,10 +1,10 @@ -import { - promptSecretRefForSetup, - resolveSecretInputModeForEnvSelection, -} from "../../commands/auth-choice.apply-helpers.js"; import type { OpenClawConfig } from "../../config/config.js"; import type { DmPolicy, GroupPolicy } from "../../config/types.js"; import type { SecretInput } from "../../config/types.secrets.js"; +import { + promptSecretRefForSetup, + resolveSecretInputModeForEnvSelection, +} from "../../plugins/provider-auth-input.js"; import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../routing/session-key.js"; import type { WizardPrompter } from "../../wizard/prompts.js"; import { diff --git a/src/channels/plugins/setup-wizard-proxy.ts b/src/channels/plugins/setup-wizard-proxy.ts new file mode 100644 index 00000000000..195254374cb --- /dev/null +++ b/src/channels/plugins/setup-wizard-proxy.ts @@ -0,0 +1,61 @@ +import type { OpenClawConfig } from "../../config/config.js"; +import type { ChannelSetupDmPolicy } from "./setup-wizard-types.js"; +import type { ChannelSetupWizard } from "./setup-wizard.js"; + +type PromptAllowFromParams = Parameters>[0]; +type ResolveAllowFromEntriesParams = Parameters< + NonNullable["resolveEntries"] +>[0]; +type ResolveAllowFromEntriesResult = Awaited< + ReturnType["resolveEntries"]> +>; +type ResolveGroupAllowlistParams = Parameters< + NonNullable["resolveAllowlist"]> +>[0]; + +export function createAllowlistSetupWizardProxy(params: { + loadWizard: () => Promise; + createBase: (handlers: { + promptAllowFrom: (params: PromptAllowFromParams) => Promise; + resolveAllowFromEntries: ( + params: ResolveAllowFromEntriesParams, + ) => Promise; + resolveGroupAllowlist: (params: ResolveGroupAllowlistParams) => Promise; + }) => ChannelSetupWizard; + fallbackResolvedGroupAllowlist: (entries: string[]) => TGroupResolved; +}) { + return params.createBase({ + promptAllowFrom: async ({ cfg, prompter, accountId }) => { + const wizard = await params.loadWizard(); + if (!wizard.dmPolicy?.promptAllowFrom) { + return cfg; + } + return await wizard.dmPolicy.promptAllowFrom({ cfg, prompter, accountId }); + }, + resolveAllowFromEntries: async ({ cfg, accountId, credentialValues, entries }) => { + const wizard = await params.loadWizard(); + if (!wizard.allowFrom) { + return entries.map((input) => ({ input, resolved: false, id: null })); + } + return await wizard.allowFrom.resolveEntries({ + cfg, + accountId, + credentialValues, + entries, + }); + }, + resolveGroupAllowlist: async ({ cfg, accountId, credentialValues, entries, prompter }) => { + const wizard = await params.loadWizard(); + if (!wizard.groupAccess?.resolveAllowlist) { + return params.fallbackResolvedGroupAllowlist(entries); + } + return (await wizard.groupAccess.resolveAllowlist({ + cfg, + accountId, + credentialValues, + entries, + prompter, + })) as TGroupResolved; + }, + }); +} diff --git a/src/channels/plugins/slack.actions.ts b/src/channels/plugins/slack.actions.ts index 7e74af7058d..483b4db7df9 100644 --- a/src/channels/plugins/slack.actions.ts +++ b/src/channels/plugins/slack.actions.ts @@ -1,14 +1,24 @@ +import type { AgentToolResult } from "@mariozechner/pi-agent-core"; import { handleSlackAction, type SlackActionContext } from "../../agents/tools/slack-actions.js"; import { extractSlackToolSend, isSlackInteractiveRepliesEnabled, listSlackMessageActions, resolveSlackChannelId, -} from "../../plugin-sdk-internal/slack.js"; -import { handleSlackMessageAction } from "../../plugin-sdk/slack-message-actions.js"; + handleSlackMessageAction, +} from "../../plugin-sdk/slack.js"; import type { ChannelMessageActionAdapter } from "./types.js"; -export function createSlackActions(providerId: string): ChannelMessageActionAdapter { +type SlackActionInvoke = ( + action: Record, + cfg: unknown, + toolContext: unknown, +) => Promise>; + +export function createSlackActions( + providerId: string, + options?: { invoke?: SlackActionInvoke }, +): ChannelMessageActionAdapter { return { listActions: ({ cfg }) => listSlackMessageActions(cfg), getCapabilities: ({ cfg }) => { @@ -29,10 +39,12 @@ export function createSlackActions(providerId: string): ChannelMessageActionAdap normalizeChannelId: resolveSlackChannelId, includeReadThreadId: true, invoke: async (action, cfg, toolContext) => - await handleSlackAction(action, cfg, { - ...(toolContext as SlackActionContext | undefined), - mediaLocalRoots: ctx.mediaLocalRoots, - }), + await (options?.invoke + ? options.invoke(action, cfg, toolContext) + : handleSlackAction(action, cfg, { + ...(toolContext as SlackActionContext | undefined), + mediaLocalRoots: ctx.mediaLocalRoots, + })), }); }, }; diff --git a/src/channels/plugins/stateful-target-builtins.ts b/src/channels/plugins/stateful-target-builtins.ts new file mode 100644 index 00000000000..0d87ca31d2d --- /dev/null +++ b/src/channels/plugins/stateful-target-builtins.ts @@ -0,0 +1,13 @@ +import { acpStatefulBindingTargetDriver } from "./acp-stateful-target-driver.js"; +import { + registerStatefulBindingTargetDriver, + unregisterStatefulBindingTargetDriver, +} from "./stateful-target-drivers.js"; + +export function ensureStatefulTargetBuiltinsRegistered(): void { + registerStatefulBindingTargetDriver(acpStatefulBindingTargetDriver); +} + +export function resetStatefulTargetBuiltinsForTesting(): void { + unregisterStatefulBindingTargetDriver(acpStatefulBindingTargetDriver.id); +} diff --git a/src/channels/plugins/stateful-target-drivers.ts b/src/channels/plugins/stateful-target-drivers.ts new file mode 100644 index 00000000000..ede52472c57 --- /dev/null +++ b/src/channels/plugins/stateful-target-drivers.ts @@ -0,0 +1,89 @@ +import type { OpenClawConfig } from "../../config/config.js"; +import type { + ConfiguredBindingResolution, + StatefulBindingTargetDescriptor, +} from "./binding-types.js"; + +export type StatefulBindingTargetReadyResult = { ok: true } | { ok: false; error: string }; +export type StatefulBindingTargetSessionResult = + | { ok: true; sessionKey: string } + | { ok: false; sessionKey: string; error: string }; +export type StatefulBindingTargetResetResult = + | { ok: true } + | { ok: false; skipped?: boolean; error?: string }; + +export type StatefulBindingTargetDriver = { + id: string; + ensureReady: (params: { + cfg: OpenClawConfig; + bindingResolution: ConfiguredBindingResolution; + }) => Promise; + ensureSession: (params: { + cfg: OpenClawConfig; + bindingResolution: ConfiguredBindingResolution; + }) => Promise; + resolveTargetBySessionKey?: (params: { + cfg: OpenClawConfig; + sessionKey: string; + }) => StatefulBindingTargetDescriptor | null; + resetInPlace?: (params: { + cfg: OpenClawConfig; + sessionKey: string; + bindingTarget: StatefulBindingTargetDescriptor; + reason: "new" | "reset"; + }) => Promise; +}; + +const registeredStatefulBindingTargetDrivers = new Map(); + +function listStatefulBindingTargetDrivers(): StatefulBindingTargetDriver[] { + return [...registeredStatefulBindingTargetDrivers.values()]; +} + +export function registerStatefulBindingTargetDriver(driver: StatefulBindingTargetDriver): void { + const id = driver.id.trim(); + if (!id) { + throw new Error("Stateful binding target driver id is required"); + } + const normalized = { ...driver, id }; + const existing = registeredStatefulBindingTargetDrivers.get(id); + if (existing) { + return; + } + registeredStatefulBindingTargetDrivers.set(id, normalized); +} + +export function unregisterStatefulBindingTargetDriver(id: string): void { + registeredStatefulBindingTargetDrivers.delete(id.trim()); +} + +export function getStatefulBindingTargetDriver(id: string): StatefulBindingTargetDriver | null { + const normalizedId = id.trim(); + if (!normalizedId) { + return null; + } + return registeredStatefulBindingTargetDrivers.get(normalizedId) ?? null; +} + +export function resolveStatefulBindingTargetBySessionKey(params: { + cfg: OpenClawConfig; + sessionKey: string; +}): { driver: StatefulBindingTargetDriver; bindingTarget: StatefulBindingTargetDescriptor } | null { + const sessionKey = params.sessionKey.trim(); + if (!sessionKey) { + return null; + } + for (const driver of listStatefulBindingTargetDrivers()) { + const bindingTarget = driver.resolveTargetBySessionKey?.({ + cfg: params.cfg, + sessionKey, + }); + if (bindingTarget) { + return { + driver, + bindingTarget, + }; + } + } + return null; +} diff --git a/src/channels/plugins/target-parsing.ts b/src/channels/plugins/target-parsing.ts index beea68adca3..7efa740de37 100644 --- a/src/channels/plugins/target-parsing.ts +++ b/src/channels/plugins/target-parsing.ts @@ -1,5 +1,5 @@ -import { parseDiscordTarget } from "../../../extensions/discord/src/targets.js"; -import { parseTelegramTarget } from "../../../extensions/telegram/src/targets.js"; +import { parseDiscordTarget } from "../../../extensions/discord/api.js"; +import { parseTelegramTarget } from "../../../extensions/telegram/api.js"; import type { ChatType } from "../chat-type.js"; import { normalizeChatChannelId } from "../registry.js"; import { getChannelPlugin, normalizeChannelId } from "./registry.js"; diff --git a/src/channels/plugins/types.adapters.ts b/src/channels/plugins/types.adapters.ts index eff6878e85e..c31d6057223 100644 --- a/src/channels/plugins/types.adapters.ts +++ b/src/channels/plugins/types.adapters.ts @@ -1,6 +1,6 @@ import type { ReplyPayload } from "../../auto-reply/types.js"; +import type { ConfiguredBindingRule } from "../../config/bindings.js"; import type { OpenClawConfig } from "../../config/config.js"; -import type { AgentAcpBinding } from "../../config/types.js"; import type { GroupToolPolicyConfig } from "../../config/types.tools.js"; import type { ExecApprovalRequest, ExecApprovalResolved } from "../../infra/exec-approvals.js"; import type { OutboundDeliveryResult, OutboundSendDeps } from "../../infra/outbound/deliver.js"; @@ -541,24 +541,26 @@ export type ChannelAllowlistAdapter = { supportsScope?: (params: { scope: "dm" | "group" | "all" }) => boolean; }; -export type ChannelAcpBindingAdapter = { - normalizeConfiguredBindingTarget?: (params: { - binding: AgentAcpBinding; +export type ChannelConfiguredBindingConversationRef = { + conversationId: string; + parentConversationId?: string; +}; + +export type ChannelConfiguredBindingMatch = ChannelConfiguredBindingConversationRef & { + matchPriority?: number; +}; + +export type ChannelConfiguredBindingProvider = { + compileConfiguredBinding: (params: { + binding: ConfiguredBindingRule; conversationId: string; - }) => { + }) => ChannelConfiguredBindingConversationRef | null; + matchInboundConversation: (params: { + binding: ConfiguredBindingRule; + compiledBinding: ChannelConfiguredBindingConversationRef; conversationId: string; parentConversationId?: string; - } | null; - matchConfiguredBinding?: (params: { - binding: AgentAcpBinding; - bindingConversationId: string; - conversationId: string; - parentConversationId?: string; - }) => { - conversationId: string; - parentConversationId?: string; - matchPriority?: number; - } | null; + }) => ChannelConfiguredBindingMatch | null; }; export type ChannelSecurityAdapter = { diff --git a/src/channels/plugins/types.plugin.ts b/src/channels/plugins/types.plugin.ts index 6798545d22f..b4405a063de 100644 --- a/src/channels/plugins/types.plugin.ts +++ b/src/channels/plugins/types.plugin.ts @@ -17,7 +17,7 @@ import type { ChannelSetupAdapter, ChannelStatusAdapter, ChannelAllowlistAdapter, - ChannelAcpBindingAdapter, + ChannelConfiguredBindingProvider, } from "./types.adapters.js"; import type { ChannelAgentTool, @@ -78,7 +78,7 @@ export type ChannelPlugin ({ - loadSessionStore: vi.fn(), - resolveStorePath: vi.fn(() => "/tmp/test-sessions.json"), -})); - -vi.mock("../../pairing/pairing-store.js", () => ({ - readChannelAllowFromStoreSync: vi.fn(() => []), -})); - import type { OpenClawConfig } from "../../config/config.js"; -import { loadSessionStore } from "../../config/sessions.js"; -import { readChannelAllowFromStoreSync } from "../../pairing/pairing-store.js"; -import { resolveWhatsAppHeartbeatRecipients } from "./whatsapp-heartbeat.js"; + +const loadSessionStoreMock = vi.hoisted(() => vi.fn()); +const readChannelAllowFromStoreSyncMock = vi.hoisted(() => vi.fn<() => string[]>(() => [])); + +type WhatsAppHeartbeatModule = typeof import("./whatsapp-heartbeat.js"); + +let resolveWhatsAppHeartbeatRecipients: WhatsAppHeartbeatModule["resolveWhatsAppHeartbeatRecipients"]; function makeCfg(overrides?: Partial): OpenClawConfig { return { @@ -23,12 +17,12 @@ function makeCfg(overrides?: Partial): OpenClawConfig { } describe("resolveWhatsAppHeartbeatRecipients", () => { - function setSessionStore(store: ReturnType) { - vi.mocked(loadSessionStore).mockReturnValue(store); + function setSessionStore(store: Record) { + loadSessionStoreMock.mockReturnValue(store); } function setAllowFromStore(entries: string[]) { - vi.mocked(readChannelAllowFromStoreSync).mockReturnValue(entries); + readChannelAllowFromStoreSyncMock.mockReturnValue(entries); } function resolveWith( @@ -45,9 +39,18 @@ describe("resolveWhatsAppHeartbeatRecipients", () => { setAllowFromStore(["+15550000001"]); } - beforeEach(() => { - vi.mocked(loadSessionStore).mockClear(); - vi.mocked(readChannelAllowFromStoreSync).mockClear(); + beforeEach(async () => { + vi.resetModules(); + loadSessionStoreMock.mockReset(); + readChannelAllowFromStoreSyncMock.mockReset(); + vi.doMock("../../config/sessions.js", () => ({ + loadSessionStore: loadSessionStoreMock, + resolveStorePath: vi.fn(() => "/tmp/test-sessions.json"), + })); + vi.doMock("../../pairing/pairing-store.js", () => ({ + readChannelAllowFromStoreSync: readChannelAllowFromStoreSyncMock, + })); + ({ resolveWhatsAppHeartbeatRecipients } = await import("./whatsapp-heartbeat.js")); setAllowFromStore([]); }); diff --git a/src/channels/read-only-account-inspect.discord.runtime.ts b/src/channels/read-only-account-inspect.discord.runtime.ts index 00d0943b1ec..28db6fd4c1e 100644 --- a/src/channels/read-only-account-inspect.discord.runtime.ts +++ b/src/channels/read-only-account-inspect.discord.runtime.ts @@ -1,2 +1,11 @@ -export { inspectDiscordAccount } from "../plugin-sdk-internal/discord.js"; -export type { InspectedDiscordAccount } from "../plugin-sdk-internal/discord.js"; +import { inspectDiscordAccount as inspectDiscordAccountImpl } from "../plugin-sdk/discord.js"; + +export type { InspectedDiscordAccount } from "../plugin-sdk/discord.js"; + +type InspectDiscordAccount = typeof import("../plugin-sdk/discord.js").inspectDiscordAccount; + +export function inspectDiscordAccount( + ...args: Parameters +): ReturnType { + return inspectDiscordAccountImpl(...args); +} diff --git a/src/channels/read-only-account-inspect.slack.runtime.ts b/src/channels/read-only-account-inspect.slack.runtime.ts index c3e2bd5d83c..f2a9260b63e 100644 --- a/src/channels/read-only-account-inspect.slack.runtime.ts +++ b/src/channels/read-only-account-inspect.slack.runtime.ts @@ -1,2 +1,11 @@ -export { inspectSlackAccount } from "../plugin-sdk-internal/slack.js"; -export type { InspectedSlackAccount } from "../plugin-sdk-internal/slack.js"; +import { inspectSlackAccount as inspectSlackAccountImpl } from "../plugin-sdk/slack.js"; + +export type { InspectedSlackAccount } from "../plugin-sdk/slack.js"; + +type InspectSlackAccount = typeof import("../plugin-sdk/slack.js").inspectSlackAccount; + +export function inspectSlackAccount( + ...args: Parameters +): ReturnType { + return inspectSlackAccountImpl(...args); +} diff --git a/src/channels/read-only-account-inspect.telegram.runtime.ts b/src/channels/read-only-account-inspect.telegram.runtime.ts index 1e633a0ff8e..01c492dfffd 100644 --- a/src/channels/read-only-account-inspect.telegram.runtime.ts +++ b/src/channels/read-only-account-inspect.telegram.runtime.ts @@ -1,2 +1,11 @@ -export { inspectTelegramAccount } from "../plugin-sdk-internal/telegram.js"; -export type { InspectedTelegramAccount } from "../plugin-sdk-internal/telegram.js"; +import { inspectTelegramAccount as inspectTelegramAccountImpl } from "../plugin-sdk/telegram.js"; + +export type { InspectedTelegramAccount } from "../plugin-sdk/telegram.js"; + +type InspectTelegramAccount = typeof import("../plugin-sdk/telegram.js").inspectTelegramAccount; + +export function inspectTelegramAccount( + ...args: Parameters +): ReturnType { + return inspectTelegramAccountImpl(...args); +} diff --git a/src/channels/registry.ts b/src/channels/registry.ts index 16ba6514397..035b7f4651a 100644 --- a/src/channels/registry.ts +++ b/src/channels/registry.ts @@ -1,28 +1,27 @@ -import { requireActivePluginRegistry } from "../plugins/runtime.js"; +import { CHANNEL_IDS, CHAT_CHANNEL_ORDER, type ChatChannelId } from "./ids.js"; import type { ChannelMeta } from "./plugins/types.js"; import type { ChannelId } from "./plugins/types.js"; - -// Channel docking: add new core channels here (order + meta + aliases), then -// register the plugin in its extension entrypoint and keep protocol IDs in sync. -export const CHAT_CHANNEL_ORDER = [ - "telegram", - "whatsapp", - "discord", - "irc", - "googlechat", - "slack", - "signal", - "imessage", - "line", -] as const; - -export type ChatChannelId = (typeof CHAT_CHANNEL_ORDER)[number]; - -export const CHANNEL_IDS = [...CHAT_CHANNEL_ORDER] as const; +export { CHANNEL_IDS, CHAT_CHANNEL_ORDER } from "./ids.js"; +export type { ChatChannelId } from "./ids.js"; export type ChatChannelMeta = ChannelMeta; const WEBSITE_URL = "https://openclaw.ai"; +const REGISTRY_STATE = Symbol.for("openclaw.pluginRegistryState"); + +type RegisteredChannelPluginEntry = { + plugin: { + id?: string | null; + meta?: { aliases?: string[] | null } | null; + }; +}; + +function listRegisteredChannelPluginEntries(): RegisteredChannelPluginEntry[] { + const globalState = globalThis as typeof globalThis & { + [REGISTRY_STATE]?: { registry?: { channels?: RegisteredChannelPluginEntry[] | null } | null }; + }; + return globalState[REGISTRY_STATE]?.registry?.channels ?? []; +} const CHAT_CHANNEL_META: Record = { telegram: { @@ -169,15 +168,14 @@ export function normalizeAnyChannelId(raw?: string | null): ChannelId | null { return null; } - const registry = requireActivePluginRegistry(); - const hit = registry.channels.find((entry) => { + const hit = listRegisteredChannelPluginEntries().find((entry) => { const id = String(entry.plugin.id ?? "") .trim() .toLowerCase(); if (id && id === key) { return true; } - return (entry.plugin.meta.aliases ?? []).some((alias) => alias.trim().toLowerCase() === key); + return (entry.plugin.meta?.aliases ?? []).some((alias) => alias.trim().toLowerCase() === key); }); return hit?.plugin.id ?? null; } diff --git a/src/channels/session.test.ts b/src/channels/session.test.ts index b1415bbb53d..530346bddb4 100644 --- a/src/channels/session.test.ts +++ b/src/channels/session.test.ts @@ -9,6 +9,10 @@ vi.mock("../config/sessions.js", () => ({ updateLastRoute: (args: unknown) => updateLastRouteMock(args), })); +type SessionModule = typeof import("./session.js"); + +let recordInboundSession: SessionModule["recordInboundSession"]; + describe("recordInboundSession", () => { const ctx: MsgContext = { Provider: "telegram", @@ -17,14 +21,14 @@ describe("recordInboundSession", () => { OriginatingTo: "telegram:1234", }; - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); + ({ recordInboundSession } = await import("./session.js")); recordSessionMetaFromInboundMock.mockClear(); updateLastRouteMock.mockClear(); }); it("does not pass ctx when updating a different session key", async () => { - const { recordInboundSession } = await import("./session.js"); - await recordInboundSession({ storePath: "/tmp/openclaw-session-store.json", sessionKey: "agent:main:telegram:1234:thread:42", @@ -50,8 +54,6 @@ describe("recordInboundSession", () => { }); it("passes ctx when updating the same session key", async () => { - const { recordInboundSession } = await import("./session.js"); - await recordInboundSession({ storePath: "/tmp/openclaw-session-store.json", sessionKey: "agent:main:telegram:1234:thread:42", @@ -77,8 +79,6 @@ describe("recordInboundSession", () => { }); it("normalizes mixed-case session keys before recording and route updates", async () => { - const { recordInboundSession } = await import("./session.js"); - await recordInboundSession({ storePath: "/tmp/openclaw-session-store.json", sessionKey: "Agent:Main:Telegram:1234:Thread:42", @@ -105,7 +105,6 @@ describe("recordInboundSession", () => { }); it("skips last-route updates when main DM owner pin mismatches sender", async () => { - const { recordInboundSession } = await import("./session.js"); const onSkip = vi.fn(); await recordInboundSession({ diff --git a/src/cli/command-secret-gateway.test.ts b/src/cli/command-secret-gateway.test.ts index c9de91d4257..87e171d7ce4 100644 --- a/src/cli/command-secret-gateway.test.ts +++ b/src/cli/command-secret-gateway.test.ts @@ -1,4 +1,4 @@ -import { describe, expect, it, vi } from "vitest"; +import { beforeEach, describe, expect, it, vi } from "vitest"; import type { OpenClawConfig } from "../config/config.js"; const callGateway = vi.fn(); @@ -7,7 +7,13 @@ vi.mock("../gateway/call.js", () => ({ callGateway, })); -const { resolveCommandSecretRefsViaGateway } = await import("./command-secret-gateway.js"); +let resolveCommandSecretRefsViaGateway: typeof import("./command-secret-gateway.js").resolveCommandSecretRefsViaGateway; + +beforeEach(async () => { + vi.resetModules(); + callGateway.mockReset(); + ({ resolveCommandSecretRefsViaGateway } = await import("./command-secret-gateway.js")); +}); describe("resolveCommandSecretRefsViaGateway", () => { function makeTalkApiKeySecretRefConfig(envKey: string): OpenClawConfig { @@ -155,6 +161,45 @@ describe("resolveCommandSecretRefsViaGateway", () => { expect(result.resolvedConfig.talk?.apiKey).toBe("sk-live"); }); + it("enforces unresolved checks only for allowed paths when provided", async () => { + callGateway.mockResolvedValueOnce({ + assignments: [ + { + path: "channels.discord.accounts.ops.token", + pathSegments: ["channels", "discord", "accounts", "ops", "token"], + value: "ops-token", + }, + ], + diagnostics: [], + }); + + const result = await resolveCommandSecretRefsViaGateway({ + config: { + channels: { + discord: { + accounts: { + ops: { + token: { source: "env", provider: "default", id: "DISCORD_OPS_TOKEN" }, + }, + chat: { + token: { source: "env", provider: "default", id: "DISCORD_CHAT_TOKEN" }, + }, + }, + }, + }, + } as OpenClawConfig, + commandName: "message", + targetIds: new Set(["channels.discord.accounts.*.token"]), + allowedPaths: new Set(["channels.discord.accounts.ops.token"]), + }); + + expect(result.resolvedConfig.channels?.discord?.accounts?.ops?.token).toBe("ops-token"); + expect(result.targetStatesByPath).toEqual({ + "channels.discord.accounts.ops.token": "resolved_gateway", + }); + expect(result.hadUnresolvedTargets).toBe(false); + }); + it("fails fast when gateway-backed resolution is unavailable", async () => { const envKey = "TALK_API_KEY_FAILFAST"; const priorValue = process.env[envKey]; diff --git a/src/cli/command-secret-gateway.ts b/src/cli/command-secret-gateway.ts index 8b2b73c9f0f..bab49155c94 100644 --- a/src/cli/command-secret-gateway.ts +++ b/src/cli/command-secret-gateway.ts @@ -120,10 +120,14 @@ function targetsRuntimeWebResolution(params: { function collectConfiguredTargetRefPaths(params: { config: OpenClawConfig; targetIds: Set; + allowedPaths?: ReadonlySet; }): Set { const defaults = params.config.secrets?.defaults; const configuredTargetRefPaths = new Set(); for (const target of discoverConfigSecretTargetsByIds(params.config, params.targetIds)) { + if (params.allowedPaths && !params.allowedPaths.has(target.path)) { + continue; + } const { ref } = resolveSecretInputRef({ value: target.value, refValue: target.refValue, @@ -449,11 +453,13 @@ export async function resolveCommandSecretRefsViaGateway(params: { commandName: string; targetIds: Set; mode?: CommandSecretResolutionModeInput; + allowedPaths?: ReadonlySet; }): Promise { const mode = normalizeCommandSecretResolutionMode(params.mode); const configuredTargetRefPaths = collectConfiguredTargetRefPaths({ config: params.config, targetIds: params.targetIds, + allowedPaths: params.allowedPaths, }); if (configuredTargetRefPaths.size === 0) { return { @@ -498,6 +504,7 @@ export async function resolveCommandSecretRefsViaGateway(params: { targetIds: params.targetIds, preflightDiagnostics: preflight.diagnostics, mode, + allowedPaths: params.allowedPaths, }); const recoveredLocally = Object.values(fallback.targetStatesByPath).some( (state) => state === "resolved_local", @@ -556,6 +563,7 @@ export async function resolveCommandSecretRefsViaGateway(params: { resolvedConfig, targetIds: params.targetIds, inactiveRefPaths, + allowedPaths: params.allowedPaths, }); let diagnostics = dedupeDiagnostics(parsed.diagnostics); const targetStatesByPath = buildTargetStatesByPath({ diff --git a/src/cli/command-secret-resolution.coverage.test.ts b/src/cli/command-secret-resolution.coverage.test.ts index 5508c39792f..362bd3b0b55 100644 --- a/src/cli/command-secret-resolution.coverage.test.ts +++ b/src/cli/command-secret-resolution.coverage.test.ts @@ -14,14 +14,32 @@ const SECRET_TARGET_CALLSITES = [ "src/commands/status.scan.ts", ] as const; +async function readCommandSource(relativePath: string): Promise { + const absolutePath = path.join(process.cwd(), relativePath); + const source = await fs.readFile(absolutePath, "utf8"); + const reexportMatch = source.match(/^export \* from "(?[^"]+)";$/m)?.groups?.target; + if (!reexportMatch) { + return source; + } + const resolvedTarget = path.join(path.dirname(absolutePath), reexportMatch); + const tsResolvedTarget = resolvedTarget.replace(/\.js$/u, ".ts"); + return await fs.readFile(tsResolvedTarget, "utf8"); +} + +function hasSupportedTargetIdsWiring(source: string): boolean { + return ( + /targetIds:\s*get[A-Za-z0-9_]+\(\)/m.test(source) || + /targetIds:\s*scopedTargets\.targetIds/m.test(source) + ); +} + describe("command secret resolution coverage", () => { it.each(SECRET_TARGET_CALLSITES)( "routes target-id command path through shared gateway resolver: %s", async (relativePath) => { - const absolutePath = path.join(process.cwd(), relativePath); - const source = await fs.readFile(absolutePath, "utf8"); + const source = await readCommandSource(relativePath); expect(source).toContain("resolveCommandSecretRefsViaGateway"); - expect(source).toContain("targetIds: get"); + expect(hasSupportedTargetIdsWiring(source)).toBe(true); expect(source).toContain("resolveCommandSecretRefsViaGateway({"); }, ); diff --git a/src/cli/command-secret-targets.test.ts b/src/cli/command-secret-targets.test.ts index 22a23b36055..5f6a98b70bc 100644 --- a/src/cli/command-secret-targets.test.ts +++ b/src/cli/command-secret-targets.test.ts @@ -2,6 +2,7 @@ import { describe, expect, it } from "vitest"; import { getAgentRuntimeCommandSecretTargetIds, getMemoryCommandSecretTargetIds, + getScopedChannelsCommandSecretTargets, getSecurityAuditCommandSecretTargetIds, } from "./command-secret-targets.js"; @@ -31,4 +32,83 @@ describe("command secret target ids", () => { expect(ids.has("gateway.remote.token")).toBe(true); expect(ids.has("gateway.remote.password")).toBe(true); }); + + it("scopes channel targets to the requested channel", () => { + const scoped = getScopedChannelsCommandSecretTargets({ + config: {} as never, + channel: "discord", + }); + + expect(scoped.targetIds.size).toBeGreaterThan(0); + expect([...scoped.targetIds].every((id) => id.startsWith("channels.discord."))).toBe(true); + expect([...scoped.targetIds].some((id) => id.startsWith("channels.telegram."))).toBe(false); + }); + + it("does not coerce missing accountId to default when channel is scoped", () => { + const scoped = getScopedChannelsCommandSecretTargets({ + config: { + channels: { + discord: { + defaultAccount: "ops", + accounts: { + ops: { + token: { source: "env", provider: "default", id: "DISCORD_OPS" }, + }, + }, + }, + }, + } as never, + channel: "discord", + }); + + expect(scoped.allowedPaths).toBeUndefined(); + expect(scoped.targetIds.size).toBeGreaterThan(0); + expect([...scoped.targetIds].every((id) => id.startsWith("channels.discord."))).toBe(true); + }); + + it("scopes allowed paths to channel globals + selected account", () => { + const scoped = getScopedChannelsCommandSecretTargets({ + config: { + channels: { + discord: { + token: { source: "env", provider: "default", id: "DISCORD_DEFAULT" }, + accounts: { + ops: { + token: { source: "env", provider: "default", id: "DISCORD_OPS" }, + }, + chat: { + token: { source: "env", provider: "default", id: "DISCORD_CHAT" }, + }, + }, + }, + }, + } as never, + channel: "discord", + accountId: "ops", + }); + + expect(scoped.allowedPaths).toBeDefined(); + expect(scoped.allowedPaths?.has("channels.discord.token")).toBe(true); + expect(scoped.allowedPaths?.has("channels.discord.accounts.ops.token")).toBe(true); + expect(scoped.allowedPaths?.has("channels.discord.accounts.chat.token")).toBe(false); + }); + + it("keeps account-scoped allowedPaths as an empty set when scoped target paths are absent", () => { + const scoped = getScopedChannelsCommandSecretTargets({ + config: { + channels: { + discord: { + accounts: { + ops: { enabled: true }, + }, + }, + }, + } as never, + channel: "custom-plugin-channel-without-secret-targets", + accountId: "ops", + }); + + expect(scoped.allowedPaths).toBeDefined(); + expect(scoped.allowedPaths?.size).toBe(0); + }); }); diff --git a/src/cli/command-secret-targets.ts b/src/cli/command-secret-targets.ts index d6dde83cd19..89284892f34 100644 --- a/src/cli/command-secret-targets.ts +++ b/src/cli/command-secret-targets.ts @@ -1,4 +1,9 @@ -import { listSecretTargetRegistryEntries } from "../secrets/target-registry.js"; +import type { OpenClawConfig } from "../config/config.js"; +import { normalizeOptionalAccountId } from "../routing/session-key.js"; +import { + discoverConfigSecretTargetsByIds, + listSecretTargetRegistryEntries, +} from "../secrets/target-registry.js"; function idsByPrefix(prefixes: readonly string[]): string[] { return listSecretTargetRegistryEntries() @@ -37,6 +42,65 @@ function toTargetIdSet(values: readonly string[]): Set { return new Set(values); } +function normalizeScopedChannelId(value?: string | null): string | undefined { + const trimmed = value?.trim(); + return trimmed ? trimmed : undefined; +} + +function selectChannelTargetIds(channel?: string): Set { + if (!channel) { + return toTargetIdSet(COMMAND_SECRET_TARGETS.channels); + } + return toTargetIdSet( + COMMAND_SECRET_TARGETS.channels.filter((id) => id.startsWith(`channels.${channel}.`)), + ); +} + +function pathTargetsScopedChannelAccount(params: { + pathSegments: readonly string[]; + channel: string; + accountId: string; +}): boolean { + const [root, channelId, accountRoot, accountId] = params.pathSegments; + if (root !== "channels" || channelId !== params.channel) { + return false; + } + if (accountRoot !== "accounts") { + return true; + } + return accountId === params.accountId; +} + +export function getScopedChannelsCommandSecretTargets(params: { + config: OpenClawConfig; + channel?: string | null; + accountId?: string | null; +}): { + targetIds: Set; + allowedPaths?: Set; +} { + const channel = normalizeScopedChannelId(params.channel); + const targetIds = selectChannelTargetIds(channel); + const normalizedAccountId = normalizeOptionalAccountId(params.accountId); + if (!channel || !normalizedAccountId) { + return { targetIds }; + } + + const allowedPaths = new Set(); + for (const target of discoverConfigSecretTargetsByIds(params.config, targetIds)) { + if ( + pathTargetsScopedChannelAccount({ + pathSegments: target.pathSegments, + channel, + accountId: normalizedAccountId, + }) + ) { + allowedPaths.add(target.path); + } + } + return { targetIds, allowedPaths }; +} + export function getMemoryCommandSecretTargetIds(): Set { return toTargetIdSet(COMMAND_SECRET_TARGETS.memory); } diff --git a/src/cli/config-cli.ts b/src/cli/config-cli.ts index 0469952d322..5167658040a 100644 --- a/src/cli/config-cli.ts +++ b/src/cli/config-cli.ts @@ -396,7 +396,7 @@ export function registerConfigCli(program: Command) { const cmd = program .command("config") .description( - "Non-interactive config helpers (get/set/unset/file/validate). Run without subcommand for the setup wizard.", + "Non-interactive config helpers (get/set/unset/file/validate). Run without subcommand for guided setup.", ) .addHelpText( "after", @@ -405,7 +405,7 @@ export function registerConfigCli(program: Command) { ) .option( "--section
", - "Configure wizard sections (repeatable). Use with no subcommand.", + "Configuration sections for guided setup (repeatable). Use with no subcommand.", (value: string, previous: string[]) => [...previous, value], [] as string[], ) diff --git a/src/cli/deps.test.ts b/src/cli/deps.test.ts index d13f2998987..dff1a082296 100644 --- a/src/cli/deps.test.ts +++ b/src/cli/deps.test.ts @@ -19,34 +19,34 @@ const sendFns = vi.hoisted(() => ({ imessage: vi.fn(async () => ({ messageId: "i1", chatId: "imessage:1" })), })); -vi.mock("../plugin-sdk-internal/whatsapp.js", () => { +vi.mock("./send-runtime/whatsapp.js", () => { moduleLoads.whatsapp(); - return { sendMessageWhatsApp: sendFns.whatsapp }; + return { runtimeSend: { sendMessage: sendFns.whatsapp } }; }); -vi.mock("../plugin-sdk-internal/telegram.js", () => { +vi.mock("./send-runtime/telegram.js", () => { moduleLoads.telegram(); - return { sendMessageTelegram: sendFns.telegram }; + return { runtimeSend: { sendMessage: sendFns.telegram } }; }); -vi.mock("../plugin-sdk-internal/discord.js", () => { +vi.mock("./send-runtime/discord.js", () => { moduleLoads.discord(); - return { sendMessageDiscord: sendFns.discord }; + return { runtimeSend: { sendMessage: sendFns.discord } }; }); -vi.mock("../plugin-sdk-internal/slack.js", () => { +vi.mock("./send-runtime/slack.js", () => { moduleLoads.slack(); - return { sendMessageSlack: sendFns.slack }; + return { runtimeSend: { sendMessage: sendFns.slack } }; }); -vi.mock("../plugin-sdk-internal/signal.js", () => { +vi.mock("./send-runtime/signal.js", () => { moduleLoads.signal(); - return { sendMessageSignal: sendFns.signal }; + return { runtimeSend: { sendMessage: sendFns.signal } }; }); -vi.mock("../plugin-sdk-internal/imessage.js", () => { +vi.mock("./send-runtime/imessage.js", () => { moduleLoads.imessage(); - return { sendMessageIMessage: sendFns.imessage }; + return { runtimeSend: { sendMessage: sendFns.imessage } }; }); describe("createDefaultDeps", () => { diff --git a/src/cli/deps.ts b/src/cli/deps.ts index 84bb107f97e..1d9d6885fe2 100644 --- a/src/cli/deps.ts +++ b/src/cli/deps.ts @@ -1,4 +1,5 @@ import type { OutboundSendDeps } from "../infra/outbound/send-deps.js"; +import { createLazyRuntimeSurface } from "../shared/lazy-runtime.js"; import { createOutboundSendDepsFromCliSource } from "./outbound-send-mapping.js"; /** @@ -6,9 +7,15 @@ import { createOutboundSendDepsFromCliSource } from "./outbound-send-mapping.js" * Values are proxy functions that dynamically import the real module on first use. */ export type CliDeps = { [channelId: string]: unknown }; +type RuntimeSend = { + sendMessage: (...args: unknown[]) => Promise; +}; +type RuntimeSendModule = { + runtimeSend: RuntimeSend; +}; // Per-channel module caches for lazy loading. -const senderCache = new Map>>(); +const senderCache = new Map>(); /** * Create a lazy-loading send function proxy for a channel. @@ -16,18 +23,17 @@ const senderCache = new Map>>(); */ function createLazySender( channelId: string, - loader: () => Promise>, - exportName: string, + loader: () => Promise, ): (...args: unknown[]) => Promise { + const loadRuntimeSend = createLazyRuntimeSurface(loader, ({ runtimeSend }) => runtimeSend); return async (...args: unknown[]) => { let cached = senderCache.get(channelId); if (!cached) { - cached = loader(); + cached = loadRuntimeSend(); senderCache.set(channelId, cached); } - const mod = await cached; - const fn = mod[exportName] as (...a: unknown[]) => Promise; - return await fn(...args); + const runtimeSend = await cached; + return await runtimeSend.sendMessage(...args); }; } @@ -35,33 +41,27 @@ export function createDefaultDeps(): CliDeps { return { whatsapp: createLazySender( "whatsapp", - () => import("../plugin-sdk-internal/whatsapp.js") as Promise>, - "sendMessageWhatsApp", + () => import("./send-runtime/whatsapp.js") as Promise, ), telegram: createLazySender( "telegram", - () => import("../plugin-sdk-internal/telegram.js") as Promise>, - "sendMessageTelegram", + () => import("./send-runtime/telegram.js") as Promise, ), discord: createLazySender( "discord", - () => import("../plugin-sdk-internal/discord.js") as Promise>, - "sendMessageDiscord", + () => import("./send-runtime/discord.js") as Promise, ), slack: createLazySender( "slack", - () => import("../plugin-sdk-internal/slack.js") as Promise>, - "sendMessageSlack", + () => import("./send-runtime/slack.js") as Promise, ), signal: createLazySender( "signal", - () => import("../plugin-sdk-internal/signal.js") as Promise>, - "sendMessageSignal", + () => import("./send-runtime/signal.js") as Promise, ), imessage: createLazySender( "imessage", - () => import("../plugin-sdk-internal/imessage.js") as Promise>, - "sendMessageIMessage", + () => import("./send-runtime/imessage.js") as Promise, ), }; } @@ -70,4 +70,4 @@ export function createOutboundSendDeps(deps: CliDeps): OutboundSendDeps { return createOutboundSendDepsFromCliSource(deps); } -export { logWebSelfId } from "../plugin-sdk-internal/whatsapp.js"; +export { logWebSelfId } from "../plugin-sdk/whatsapp.js"; diff --git a/src/cli/mcp-cli.test.ts b/src/cli/mcp-cli.test.ts new file mode 100644 index 00000000000..299406d5f31 --- /dev/null +++ b/src/cli/mcp-cli.test.ts @@ -0,0 +1,83 @@ +import fs from "node:fs/promises"; +import os from "node:os"; +import path from "node:path"; +import { Command } from "commander"; +import { afterEach, beforeAll, beforeEach, describe, expect, it, vi } from "vitest"; +import { withTempHome } from "../config/home-env.test-harness.js"; + +const mockLog = vi.fn(); +const mockError = vi.fn(); +const mockExit = vi.fn((code: number) => { + throw new Error(`__exit__:${code}`); +}); + +vi.mock("../runtime.js", () => ({ + defaultRuntime: { + log: (...args: unknown[]) => mockLog(...args), + error: (...args: unknown[]) => mockError(...args), + exit: (code: number) => mockExit(code), + }, +})); + +const tempDirs: string[] = []; + +async function createWorkspace(): Promise { + const dir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-cli-mcp-")); + tempDirs.push(dir); + return dir; +} + +let registerMcpCli: typeof import("./mcp-cli.js").registerMcpCli; +let sharedProgram: Command; +let previousCwd = process.cwd(); + +async function runMcpCommand(args: string[]) { + await sharedProgram.parseAsync(args, { from: "user" }); +} + +describe("mcp cli", () => { + beforeAll(async () => { + ({ registerMcpCli } = await import("./mcp-cli.js")); + sharedProgram = new Command(); + sharedProgram.exitOverride(); + registerMcpCli(sharedProgram); + }, 300_000); + + beforeEach(() => { + vi.clearAllMocks(); + previousCwd = process.cwd(); + }); + + afterEach(async () => { + process.chdir(previousCwd); + await Promise.all( + tempDirs.splice(0).map((dir) => fs.rm(dir, { recursive: true, force: true })), + ); + }); + + it("sets and shows a configured MCP server", async () => { + await withTempHome("openclaw-cli-mcp-home-", async () => { + const workspaceDir = await createWorkspace(); + process.chdir(workspaceDir); + + await runMcpCommand(["mcp", "set", "context7", '{"command":"uvx","args":["context7-mcp"]}']); + expect(mockLog).toHaveBeenCalledWith(expect.stringContaining('Saved MCP server "context7"')); + + mockLog.mockClear(); + await runMcpCommand(["mcp", "show", "context7", "--json"]); + expect(mockLog).toHaveBeenCalledWith(expect.stringContaining('"command": "uvx"')); + }); + }); + + it("fails when removing an unknown MCP server", async () => { + await withTempHome("openclaw-cli-mcp-home-", async () => { + const workspaceDir = await createWorkspace(); + process.chdir(workspaceDir); + + await expect(runMcpCommand(["mcp", "unset", "missing"])).rejects.toThrow("__exit__:1"); + expect(mockError).toHaveBeenCalledWith( + expect.stringContaining('No MCP server named "missing"'), + ); + }); + }); +}); diff --git a/src/cli/mcp-cli.ts b/src/cli/mcp-cli.ts new file mode 100644 index 00000000000..61956468b82 --- /dev/null +++ b/src/cli/mcp-cli.ts @@ -0,0 +1,104 @@ +import { Command } from "commander"; +import { parseConfigValue } from "../auto-reply/reply/config-value.js"; +import { + listConfiguredMcpServers, + setConfiguredMcpServer, + unsetConfiguredMcpServer, +} from "../config/mcp-config.js"; +import { defaultRuntime } from "../runtime.js"; + +function fail(message: string): never { + defaultRuntime.error(message); + defaultRuntime.exit(1); + throw new Error(message); +} + +function printJson(value: unknown): void { + defaultRuntime.log(JSON.stringify(value, null, 2)); +} + +export function registerMcpCli(program: Command) { + const mcp = program.command("mcp").description("Manage OpenClaw MCP server config"); + + mcp + .command("list") + .description("List configured MCP servers") + .option("--json", "Print JSON") + .action(async (opts: { json?: boolean }) => { + const loaded = await listConfiguredMcpServers(); + if (!loaded.ok) { + fail(loaded.error); + } + if (opts.json) { + printJson(loaded.mcpServers); + return; + } + const names = Object.keys(loaded.mcpServers).toSorted(); + if (names.length === 0) { + defaultRuntime.log(`No MCP servers configured in ${loaded.path}.`); + return; + } + defaultRuntime.log(`MCP servers (${loaded.path}):`); + for (const name of names) { + defaultRuntime.log(`- ${name}`); + } + }); + + mcp + .command("show") + .description("Show one configured MCP server or the full MCP config") + .argument("[name]", "MCP server name") + .option("--json", "Print JSON") + .action(async (name: string | undefined, opts: { json?: boolean }) => { + const loaded = await listConfiguredMcpServers(); + if (!loaded.ok) { + fail(loaded.error); + } + const value = name ? loaded.mcpServers[name] : loaded.mcpServers; + if (name && !value) { + fail(`No MCP server named "${name}" in ${loaded.path}.`); + } + if (opts.json) { + printJson(value ?? {}); + return; + } + if (name) { + defaultRuntime.log(`MCP server "${name}" (${loaded.path}):`); + } else { + defaultRuntime.log(`MCP servers (${loaded.path}):`); + } + printJson(value ?? {}); + }); + + mcp + .command("set") + .description("Set one configured MCP server from a JSON object") + .argument("", "MCP server name") + .argument("", 'JSON object, for example {"command":"uvx","args":["context7-mcp"]}') + .action(async (name: string, rawValue: string) => { + const parsed = parseConfigValue(rawValue); + if (parsed.error) { + fail(parsed.error); + } + const result = await setConfiguredMcpServer({ name, server: parsed.value }); + if (!result.ok) { + fail(result.error); + } + defaultRuntime.log(`Saved MCP server "${name}" to ${result.path}.`); + }); + + mcp + .command("unset") + .description("Remove one configured MCP server") + .argument("", "MCP server name") + .action(async (name: string) => { + const result = await unsetConfiguredMcpServer({ name }); + if (!result.ok) { + fail(result.error); + } + if (!result.removed) { + fail(`No MCP server named "${name}" in ${result.path}.`); + } + defaultRuntime.log(`Removed MCP server "${name}" from ${result.path}.`); + }); +} diff --git a/src/cli/memory-cli.test.ts b/src/cli/memory-cli.test.ts index 2405055adc6..3738616cb2c 100644 --- a/src/cli/memory-cli.test.ts +++ b/src/cli/memory-cli.test.ts @@ -2,15 +2,17 @@ import fs from "node:fs/promises"; import os from "node:os"; import path from "node:path"; import { Command } from "commander"; -import { afterEach, beforeAll, describe, expect, it, vi } from "vitest"; +import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; -const getMemorySearchManager = vi.fn(); -const loadConfig = vi.fn(() => ({})); -const resolveDefaultAgentId = vi.fn(() => "main"); -const resolveCommandSecretRefsViaGateway = vi.fn(async ({ config }: { config: unknown }) => ({ - resolvedConfig: config, - diagnostics: [] as string[], -})); +const getMemorySearchManager = vi.hoisted(() => vi.fn()); +const loadConfig = vi.hoisted(() => vi.fn(() => ({}))); +const resolveDefaultAgentId = vi.hoisted(() => vi.fn(() => "main")); +const resolveCommandSecretRefsViaGateway = vi.hoisted(() => + vi.fn(async ({ config }: { config: unknown }) => ({ + resolvedConfig: config, + diagnostics: [] as string[], + })), +); vi.mock("../memory/index.js", () => ({ getMemorySearchManager, @@ -33,7 +35,8 @@ let defaultRuntime: typeof import("../runtime.js").defaultRuntime; let isVerbose: typeof import("../globals.js").isVerbose; let setVerbose: typeof import("../globals.js").setVerbose; -beforeAll(async () => { +beforeEach(async () => { + vi.resetModules(); ({ registerMemoryCli } = await import("./memory-cli.js")); ({ defaultRuntime } = await import("../runtime.js")); ({ isVerbose, setVerbose } = await import("../globals.js")); diff --git a/src/cli/message-secret-scope.test.ts b/src/cli/message-secret-scope.test.ts new file mode 100644 index 00000000000..9e243f48b7c --- /dev/null +++ b/src/cli/message-secret-scope.test.ts @@ -0,0 +1,56 @@ +import { describe, expect, it } from "vitest"; +import { resolveMessageSecretScope } from "./message-secret-scope.js"; + +describe("resolveMessageSecretScope", () => { + it("prefers explicit channel/account inputs", () => { + expect( + resolveMessageSecretScope({ + channel: "Discord", + accountId: "Ops", + }), + ).toEqual({ + channel: "discord", + accountId: "ops", + }); + }); + + it("infers channel from a prefixed target", () => { + expect( + resolveMessageSecretScope({ + target: "telegram:12345", + }), + ).toEqual({ + channel: "telegram", + }); + }); + + it("infers a shared channel from target arrays", () => { + expect( + resolveMessageSecretScope({ + targets: ["discord:one", "discord:two"], + }), + ).toEqual({ + channel: "discord", + }); + }); + + it("does not infer a channel when target arrays mix channels", () => { + expect( + resolveMessageSecretScope({ + targets: ["discord:one", "slack:two"], + }), + ).toEqual({}); + }); + + it("uses fallback channel/account when direct inputs are missing", () => { + expect( + resolveMessageSecretScope({ + fallbackChannel: "Signal", + fallbackAccountId: "Chat", + }), + ).toEqual({ + channel: "signal", + accountId: "chat", + }); + }); +}); diff --git a/src/cli/message-secret-scope.ts b/src/cli/message-secret-scope.ts new file mode 100644 index 00000000000..5dd72655ec6 --- /dev/null +++ b/src/cli/message-secret-scope.ts @@ -0,0 +1,83 @@ +import { normalizeAccountId } from "../routing/session-key.js"; +import { isDeliverableMessageChannel, normalizeMessageChannel } from "../utils/message-channel.js"; + +function resolveScopedChannelCandidate(value: unknown): string | undefined { + if (typeof value !== "string") { + return undefined; + } + const normalized = normalizeMessageChannel(value); + if (!normalized || !isDeliverableMessageChannel(normalized)) { + return undefined; + } + return normalized; +} + +function resolveChannelFromTargetValue(target: unknown): string | undefined { + if (typeof target !== "string") { + return undefined; + } + const trimmed = target.trim(); + if (!trimmed) { + return undefined; + } + const separator = trimmed.indexOf(":"); + if (separator <= 0) { + return undefined; + } + return resolveScopedChannelCandidate(trimmed.slice(0, separator)); +} + +function resolveChannelFromTargets(targets: unknown): string | undefined { + if (!Array.isArray(targets)) { + return undefined; + } + const seen = new Set(); + for (const target of targets) { + const channel = resolveChannelFromTargetValue(target); + if (channel) { + seen.add(channel); + } + } + if (seen.size !== 1) { + return undefined; + } + return [...seen][0]; +} + +function resolveScopedAccountId(value: unknown): string | undefined { + if (typeof value !== "string") { + return undefined; + } + const trimmed = value.trim(); + if (!trimmed) { + return undefined; + } + return normalizeAccountId(trimmed); +} + +export function resolveMessageSecretScope(params: { + channel?: unknown; + target?: unknown; + targets?: unknown; + fallbackChannel?: string | null; + accountId?: unknown; + fallbackAccountId?: string | null; +}): { + channel?: string; + accountId?: string; +} { + const channel = + resolveScopedChannelCandidate(params.channel) ?? + resolveChannelFromTargetValue(params.target) ?? + resolveChannelFromTargets(params.targets) ?? + resolveScopedChannelCandidate(params.fallbackChannel); + + const accountId = + resolveScopedAccountId(params.accountId) ?? + resolveScopedAccountId(params.fallbackAccountId ?? undefined); + + return { + ...(channel ? { channel } : {}), + ...(accountId ? { accountId } : {}), + }; +} diff --git a/src/cli/pairing-cli.test.ts b/src/cli/pairing-cli.test.ts index 97d9c9c7751..c05cdb61050 100644 --- a/src/cli/pairing-cli.test.ts +++ b/src/cli/pairing-cli.test.ts @@ -1,5 +1,5 @@ import { Command } from "commander"; -import { beforeAll, beforeEach, describe, expect, it, vi } from "vitest"; +import { beforeEach, describe, expect, it, vi } from "vitest"; const listChannelPairingRequests = vi.fn(); const approveChannelPairingCode = vi.fn(); @@ -47,11 +47,9 @@ vi.mock("../config/config.js", () => ({ describe("pairing cli", () => { let registerPairingCli: typeof import("./pairing-cli.js").registerPairingCli; - beforeAll(async () => { + beforeEach(async () => { + vi.resetModules(); ({ registerPairingCli } = await import("./pairing-cli.js")); - }); - - beforeEach(() => { listChannelPairingRequests.mockClear(); listChannelPairingRequests.mockResolvedValue([]); approveChannelPairingCode.mockClear(); diff --git a/src/cli/plugin-registry.test.ts b/src/cli/plugin-registry.test.ts index f9751d5fed8..336c720dfdb 100644 --- a/src/cli/plugin-registry.test.ts +++ b/src/cli/plugin-registry.test.ts @@ -59,7 +59,7 @@ describe("ensurePluginRegistryLoaded", () => { expect(mocks.loadOpenClawPlugins).toHaveBeenCalledWith( expect.objectContaining({ - onlyPluginIds: ["telegram"], + onlyPluginIds: [], }), ); }); @@ -85,7 +85,7 @@ describe("ensurePluginRegistryLoaded", () => { expect(mocks.loadOpenClawPlugins).toHaveBeenCalledTimes(2); expect(mocks.loadOpenClawPlugins).toHaveBeenNthCalledWith( 1, - expect.objectContaining({ onlyPluginIds: ["telegram"] }), + expect.objectContaining({ onlyPluginIds: [] }), ); expect(mocks.loadOpenClawPlugins).toHaveBeenNthCalledWith( 2, diff --git a/src/cli/plugins-cli.ts b/src/cli/plugins-cli.ts index b4b197bf96c..c91f65c04c7 100644 --- a/src/cli/plugins-cli.ts +++ b/src/cli/plugins-cli.ts @@ -5,6 +5,7 @@ import type { Command } from "commander"; import type { OpenClawConfig } from "../config/config.js"; import { loadConfig, writeConfigFile } from "../config/config.js"; import { resolveStateDir } from "../config/paths.js"; +import type { PluginInstallRecord } from "../config/types.plugins.js"; import { resolveArchiveKind } from "../infra/archive.js"; import { type BundledPluginSource, findBundledPluginSource } from "../plugins/bundled-sources.js"; import { enablePluginInConfig } from "../plugins/enable.js"; @@ -19,7 +20,11 @@ import { import type { PluginRecord } from "../plugins/registry.js"; import { applyExclusiveSlotSelection } from "../plugins/slots.js"; import { resolvePluginSourceRoots, formatPluginSourceForTable } from "../plugins/source-display.js"; -import { buildPluginStatusReport } from "../plugins/status.js"; +import { + buildAllPluginInspectReports, + buildPluginInspectReport, + buildPluginStatusReport, +} from "../plugins/status.js"; import { resolveUninstallDirectoryTarget, uninstallPlugin } from "../plugins/uninstall.js"; import { updateNpmInstalledPlugins } from "../plugins/update.js"; import { defaultRuntime } from "../runtime.js"; @@ -42,8 +47,9 @@ export type PluginsListOptions = { verbose?: boolean; }; -export type PluginInfoOptions = { +export type PluginInspectOptions = { json?: boolean; + all?: boolean; }; export type PluginUpdateOptions = { @@ -133,6 +139,67 @@ function formatPluginLine(plugin: PluginRecord, verbose = false): string { return parts.join("\n"); } +function formatInspectSection(title: string, lines: string[]): string[] { + if (lines.length === 0) { + return []; + } + return ["", `${theme.muted(`${title}:`)}`, ...lines]; +} + +function formatCapabilityKinds( + capabilities: Array<{ + kind: string; + }>, +): string { + if (capabilities.length === 0) { + return "-"; + } + return capabilities.map((entry) => entry.kind).join(", "); +} + +function formatHookSummary(params: { + usesLegacyBeforeAgentStart: boolean; + typedHookCount: number; + customHookCount: number; +}): string { + const parts: string[] = []; + if (params.usesLegacyBeforeAgentStart) { + parts.push("before_agent_start"); + } + const nonLegacyTypedHookCount = + params.typedHookCount - (params.usesLegacyBeforeAgentStart ? 1 : 0); + if (nonLegacyTypedHookCount > 0) { + parts.push(`${nonLegacyTypedHookCount} typed`); + } + if (params.customHookCount > 0) { + parts.push(`${params.customHookCount} custom`); + } + return parts.length > 0 ? parts.join(", ") : "-"; +} + +function formatInstallLines(install: PluginInstallRecord | undefined): string[] { + if (!install) { + return []; + } + const lines = [`Source: ${install.source}`]; + if (install.spec) { + lines.push(`Spec: ${install.spec}`); + } + if (install.sourcePath) { + lines.push(`Source path: ${shortenHomePath(install.sourcePath)}`); + } + if (install.installPath) { + lines.push(`Install path: ${shortenHomePath(install.installPath)}`); + } + if (install.version) { + lines.push(`Recorded version: ${install.version}`); + } + if (install.installedAt) { + lines.push(`Installed at: ${install.installedAt}`); + } + return lines; +} + function applySlotSelectionForPlugin( config: OpenClawConfig, pluginId: string, @@ -542,88 +609,196 @@ export function registerPluginsCli(program: Command) { }); plugins - .command("info") - .description("Show plugin details") - .argument("", "Plugin id") + .command("inspect") + .alias("info") + .description("Inspect plugin details") + .argument("[id]", "Plugin id") + .option("--all", "Inspect all plugins") .option("--json", "Print JSON") - .action((id: string, opts: PluginInfoOptions) => { - const report = buildPluginStatusReport(); - const plugin = report.plugins.find((p) => p.id === id || p.name === id); - if (!plugin) { + .action((id: string | undefined, opts: PluginInspectOptions) => { + const cfg = loadConfig(); + const report = buildPluginStatusReport({ config: cfg }); + if (opts.all) { + if (id) { + defaultRuntime.error("Pass either a plugin id or --all, not both."); + process.exit(1); + } + const inspectAll = buildAllPluginInspectReports({ + config: cfg, + report, + }); + const inspectAllWithInstall = inspectAll.map((inspect) => ({ + ...inspect, + install: cfg.plugins?.installs?.[inspect.plugin.id], + })); + + if (opts.json) { + defaultRuntime.log(JSON.stringify(inspectAllWithInstall, null, 2)); + return; + } + + const tableWidth = getTerminalTableWidth(); + const rows = inspectAll.map((inspect) => ({ + Name: inspect.plugin.name || inspect.plugin.id, + ID: + inspect.plugin.name && inspect.plugin.name !== inspect.plugin.id + ? inspect.plugin.id + : "", + Status: + inspect.plugin.status === "loaded" + ? theme.success("loaded") + : inspect.plugin.status === "disabled" + ? theme.warn("disabled") + : theme.error("error"), + Shape: inspect.shape, + Capabilities: formatCapabilityKinds(inspect.capabilities), + Hooks: formatHookSummary({ + usesLegacyBeforeAgentStart: inspect.usesLegacyBeforeAgentStart, + typedHookCount: inspect.typedHooks.length, + customHookCount: inspect.customHooks.length, + }), + })); + defaultRuntime.log( + renderTable({ + width: tableWidth, + columns: [ + { key: "Name", header: "Name", minWidth: 14, flex: true }, + { key: "ID", header: "ID", minWidth: 10, flex: true }, + { key: "Status", header: "Status", minWidth: 10 }, + { key: "Shape", header: "Shape", minWidth: 18 }, + { key: "Capabilities", header: "Capabilities", minWidth: 28, flex: true }, + { key: "Hooks", header: "Hooks", minWidth: 20, flex: true }, + ], + rows, + }).trimEnd(), + ); + return; + } + + if (!id) { + defaultRuntime.error("Provide a plugin id or use --all."); + process.exit(1); + } + + const inspect = buildPluginInspectReport({ + id, + config: cfg, + report, + }); + if (!inspect) { defaultRuntime.error(`Plugin not found: ${id}`); process.exit(1); } - const cfg = loadConfig(); - const install = cfg.plugins?.installs?.[plugin.id]; + const install = cfg.plugins?.installs?.[inspect.plugin.id]; if (opts.json) { - defaultRuntime.log(JSON.stringify(plugin, null, 2)); + defaultRuntime.log( + JSON.stringify( + { + ...inspect, + install, + }, + null, + 2, + ), + ); return; } const lines: string[] = []; - lines.push(theme.heading(plugin.name || plugin.id)); - if (plugin.name && plugin.name !== plugin.id) { - lines.push(theme.muted(`id: ${plugin.id}`)); + lines.push(theme.heading(inspect.plugin.name || inspect.plugin.id)); + if (inspect.plugin.name && inspect.plugin.name !== inspect.plugin.id) { + lines.push(theme.muted(`id: ${inspect.plugin.id}`)); } - if (plugin.description) { - lines.push(plugin.description); + if (inspect.plugin.description) { + lines.push(inspect.plugin.description); } lines.push(""); - lines.push(`${theme.muted("Status:")} ${plugin.status}`); - lines.push(`${theme.muted("Format:")} ${plugin.format ?? "openclaw"}`); - if (plugin.bundleFormat) { - lines.push(`${theme.muted("Bundle format:")} ${plugin.bundleFormat}`); + lines.push(`${theme.muted("Status:")} ${inspect.plugin.status}`); + lines.push(`${theme.muted("Format:")} ${inspect.plugin.format ?? "openclaw"}`); + if (inspect.plugin.bundleFormat) { + lines.push(`${theme.muted("Bundle format:")} ${inspect.plugin.bundleFormat}`); } - lines.push(`${theme.muted("Source:")} ${shortenHomeInString(plugin.source)}`); - lines.push(`${theme.muted("Origin:")} ${plugin.origin}`); - if (plugin.version) { - lines.push(`${theme.muted("Version:")} ${plugin.version}`); + lines.push(`${theme.muted("Source:")} ${shortenHomeInString(inspect.plugin.source)}`); + lines.push(`${theme.muted("Origin:")} ${inspect.plugin.origin}`); + if (inspect.plugin.version) { + lines.push(`${theme.muted("Version:")} ${inspect.plugin.version}`); } - if (plugin.toolNames.length > 0) { - lines.push(`${theme.muted("Tools:")} ${plugin.toolNames.join(", ")}`); - } - if (plugin.hookNames.length > 0) { - lines.push(`${theme.muted("Hooks:")} ${plugin.hookNames.join(", ")}`); - } - if (plugin.gatewayMethods.length > 0) { - lines.push(`${theme.muted("Gateway methods:")} ${plugin.gatewayMethods.join(", ")}`); - } - if (plugin.providerIds.length > 0) { - lines.push(`${theme.muted("Providers:")} ${plugin.providerIds.join(", ")}`); - } - if ((plugin.bundleCapabilities?.length ?? 0) > 0) { + lines.push(`${theme.muted("Shape:")} ${inspect.shape}`); + lines.push(`${theme.muted("Capability mode:")} ${inspect.capabilityMode}`); + lines.push( + `${theme.muted("Legacy before_agent_start:")} ${inspect.usesLegacyBeforeAgentStart ? "yes" : "no"}`, + ); + if ((inspect.plugin.bundleCapabilities?.length ?? 0) > 0) { lines.push( - `${theme.muted("Bundle capabilities:")} ${plugin.bundleCapabilities?.join(", ")}`, + `${theme.muted("Bundle capabilities:")} ${inspect.plugin.bundleCapabilities?.join(", ")}`, ); } - if (plugin.cliCommands.length > 0) { - lines.push(`${theme.muted("CLI commands:")} ${plugin.cliCommands.join(", ")}`); + lines.push( + ...formatInspectSection( + "Capabilities", + inspect.capabilities.map( + (entry) => + `${entry.kind}: ${entry.ids.length > 0 ? entry.ids.join(", ") : "(registered)"}`, + ), + ), + ); + lines.push( + ...formatInspectSection( + "Typed hooks", + inspect.typedHooks.map((entry) => + entry.priority == null ? entry.name : `${entry.name} (priority ${entry.priority})`, + ), + ), + ); + lines.push( + ...formatInspectSection( + "Custom hooks", + inspect.customHooks.map((entry) => `${entry.name}: ${entry.events.join(", ")}`), + ), + ); + lines.push( + ...formatInspectSection( + "Tools", + inspect.tools.map((entry) => { + const names = entry.names.length > 0 ? entry.names.join(", ") : "(anonymous)"; + return entry.optional ? `${names} [optional]` : names; + }), + ), + ); + lines.push(...formatInspectSection("Commands", inspect.commands)); + lines.push(...formatInspectSection("CLI commands", inspect.cliCommands)); + lines.push(...formatInspectSection("Services", inspect.services)); + lines.push(...formatInspectSection("Gateway methods", inspect.gatewayMethods)); + if (inspect.httpRouteCount > 0) { + lines.push(...formatInspectSection("HTTP routes", [String(inspect.httpRouteCount)])); } - if (plugin.services.length > 0) { - lines.push(`${theme.muted("Services:")} ${plugin.services.join(", ")}`); + const policyLines: string[] = []; + if (typeof inspect.policy.allowPromptInjection === "boolean") { + policyLines.push(`allowPromptInjection: ${inspect.policy.allowPromptInjection}`); } - if (plugin.error) { - lines.push(`${theme.error("Error:")} ${plugin.error}`); + if (typeof inspect.policy.allowModelOverride === "boolean") { + policyLines.push(`allowModelOverride: ${inspect.policy.allowModelOverride}`); } - if (install) { - lines.push(""); - lines.push(`${theme.muted("Install:")} ${install.source}`); - if (install.spec) { - lines.push(`${theme.muted("Spec:")} ${install.spec}`); - } - if (install.sourcePath) { - lines.push(`${theme.muted("Source path:")} ${shortenHomePath(install.sourcePath)}`); - } - if (install.installPath) { - lines.push(`${theme.muted("Install path:")} ${shortenHomePath(install.installPath)}`); - } - if (install.version) { - lines.push(`${theme.muted("Recorded version:")} ${install.version}`); - } - if (install.installedAt) { - lines.push(`${theme.muted("Installed at:")} ${install.installedAt}`); - } + if (inspect.policy.hasAllowedModelsConfig) { + policyLines.push( + `allowedModels: ${ + inspect.policy.allowedModels.length > 0 + ? inspect.policy.allowedModels.join(", ") + : "(configured but empty)" + }`, + ); + } + lines.push(...formatInspectSection("Policy", policyLines)); + lines.push( + ...formatInspectSection( + "Diagnostics", + inspect.diagnostics.map((entry) => `${entry.level.toUpperCase()}: ${entry.message}`), + ), + ); + lines.push(...formatInspectSection("Install", formatInstallLines(install))); + if (inspect.plugin.error) { + lines.push("", `${theme.error("Error:")} ${inspect.plugin.error}`); } defaultRuntime.log(lines.join("\n")); }); diff --git a/src/cli/program/command-registry.ts b/src/cli/program/command-registry.ts index 89d59bfb7ee..93c4616594e 100644 --- a/src/cli/program/command-registry.ts +++ b/src/cli/program/command-registry.ts @@ -56,7 +56,7 @@ const coreEntries: CoreCliEntry[] = [ commands: [ { name: "onboard", - description: "Interactive setup wizard for gateway, workspace, and skills", + description: "Interactive onboarding for gateway, workspace, and skills", hasSubcommands: false, }, ], @@ -70,7 +70,7 @@ const coreEntries: CoreCliEntry[] = [ { name: "configure", description: - "Interactive setup wizard for credentials, channels, gateway, and agent defaults", + "Interactive configuration for credentials, channels, gateway, and agent defaults", hasSubcommands: false, }, ], @@ -84,7 +84,7 @@ const coreEntries: CoreCliEntry[] = [ { name: "config", description: - "Non-interactive config helpers (get/set/unset/file/validate). Default: starts setup wizard.", + "Non-interactive config helpers (get/set/unset/file/validate). Default: starts guided setup.", hasSubcommands: true, }, ], @@ -160,6 +160,19 @@ const coreEntries: CoreCliEntry[] = [ mod.registerMemoryCli(program); }, }, + { + commands: [ + { + name: "mcp", + description: "Manage embedded Pi MCP servers", + hasSubcommands: true, + }, + ], + register: async ({ program }) => { + const mod = await import("../mcp-cli.js"); + mod.registerMcpCli(program); + }, + }, { commands: [ { diff --git a/src/cli/program/core-command-descriptors.ts b/src/cli/program/core-command-descriptors.ts index 8756c7bf7d4..ed7a0b10cdb 100644 --- a/src/cli/program/core-command-descriptors.ts +++ b/src/cli/program/core-command-descriptors.ts @@ -12,18 +12,18 @@ export const CORE_CLI_COMMAND_DESCRIPTORS = [ }, { name: "onboard", - description: "Interactive setup wizard for gateway, workspace, and skills", + description: "Interactive onboarding for gateway, workspace, and skills", hasSubcommands: false, }, { name: "configure", - description: "Interactive setup wizard for credentials, channels, gateway, and agent defaults", + description: "Interactive configuration for credentials, channels, gateway, and agent defaults", hasSubcommands: false, }, { name: "config", description: - "Non-interactive config helpers (get/set/unset/file/validate). Default: starts setup wizard.", + "Non-interactive config helpers (get/set/unset/file/validate). Default: starts guided setup.", hasSubcommands: true, }, { diff --git a/src/cli/program/register.configure.ts b/src/cli/program/register.configure.ts index e93fb2386ed..0236503a4f2 100644 --- a/src/cli/program/register.configure.ts +++ b/src/cli/program/register.configure.ts @@ -11,7 +11,7 @@ import { runCommandWithRuntime } from "../cli-utils.js"; export function registerConfigureCommand(program: Command) { program .command("configure") - .description("Interactive setup wizard for credentials, channels, gateway, and agent defaults") + .description("Interactive configuration for credentials, channels, gateway, and agent defaults") .addHelpText( "after", () => diff --git a/src/cli/program/register.onboard.ts b/src/cli/program/register.onboard.ts index 0cd2828553b..3909707f263 100644 --- a/src/cli/program/register.onboard.ts +++ b/src/cli/program/register.onboard.ts @@ -63,7 +63,7 @@ function pickOnboardProviderAuthOptionValues( export function registerOnboardCommand(program: Command) { const command = program .command("onboard") - .description("Interactive wizard to set up the gateway, workspace, and skills") + .description("Interactive onboarding for the gateway, workspace, and skills") .addHelpText( "after", () => @@ -72,7 +72,7 @@ export function registerOnboardCommand(program: Command) { .option("--workspace ", "Agent workspace directory (default: ~/.openclaw/workspace)") .option( "--reset", - "Reset config + credentials + sessions before running wizard (workspace only with --reset-scope full)", + "Reset config + credentials + sessions before running onboard (workspace only with --reset-scope full)", ) .option("--reset-scope ", "Reset scope: config|config+creds+sessions|full") .option("--non-interactive", "Run without prompts", false) @@ -81,8 +81,8 @@ export function registerOnboardCommand(program: Command) { "Acknowledge that agents are powerful and full system access is risky (required for --non-interactive)", false, ) - .option("--flow ", "Wizard flow: quickstart|advanced|manual") - .option("--mode ", "Wizard mode: local|remote") + .option("--flow ", "Onboard flow: quickstart|advanced|manual") + .option("--mode ", "Onboard mode: local|remote") .option("--auth-choice ", `Auth: ${AUTH_CHOICE_HELP}`) .option( "--token-provider ", diff --git a/src/cli/program/register.setup.ts b/src/cli/program/register.setup.ts index 33893d945bb..3546a2adbdf 100644 --- a/src/cli/program/register.setup.ts +++ b/src/cli/program/register.setup.ts @@ -20,9 +20,9 @@ export function registerSetupCommand(program: Command) { "--workspace ", "Agent workspace directory (default: ~/.openclaw/workspace; stored as agents.defaults.workspace)", ) - .option("--wizard", "Run the interactive onboarding wizard", false) - .option("--non-interactive", "Run the wizard without prompts", false) - .option("--mode ", "Wizard mode: local|remote") + .option("--wizard", "Run interactive onboarding", false) + .option("--non-interactive", "Run onboarding without prompts", false) + .option("--mode ", "Onboard mode: local|remote") .option("--remote-url ", "Remote Gateway WebSocket URL") .option("--remote-token ", "Remote Gateway token (optional)") .action(async (opts, command) => { diff --git a/src/cli/prompt.test.ts b/src/cli/prompt.test.ts index da5843dcbda..ee68e646700 100644 --- a/src/cli/prompt.test.ts +++ b/src/cli/prompt.test.ts @@ -1,12 +1,4 @@ -import { describe, expect, it, vi } from "vitest"; -import { isYes, setVerbose, setYes } from "../globals.js"; - -vi.mock("node:readline/promises", () => { - const question = vi.fn(async () => ""); - const close = vi.fn(); - const createInterface = vi.fn(() => ({ question, close })); - return { default: { createInterface } }; -}); +import { beforeEach, describe, expect, it, vi } from "vitest"; type ReadlineMock = { default: { @@ -17,8 +9,27 @@ type ReadlineMock = { }; }; -const { promptYesNo } = await import("./prompt.js"); -const readline = (await import("node:readline/promises")) as unknown as ReadlineMock; +type PromptModule = typeof import("./prompt.js"); +type GlobalsModule = typeof import("../globals.js"); + +let promptYesNo: PromptModule["promptYesNo"]; +let readline: ReadlineMock; +let isYes: GlobalsModule["isYes"]; +let setVerbose: GlobalsModule["setVerbose"]; +let setYes: GlobalsModule["setYes"]; + +beforeEach(async () => { + vi.resetModules(); + vi.doMock("node:readline/promises", () => { + const question = vi.fn(async () => ""); + const close = vi.fn(); + const createInterface = vi.fn(() => ({ question, close })); + return { default: { createInterface } }; + }); + ({ promptYesNo } = await import("./prompt.js")); + ({ isYes, setVerbose, setYes } = await import("../globals.js")); + readline = (await import("node:readline/promises")) as unknown as ReadlineMock; +}); describe("promptYesNo", () => { it("returns true when global --yes is set", async () => { diff --git a/src/cli/send-runtime/discord.ts b/src/cli/send-runtime/discord.ts new file mode 100644 index 00000000000..768653752b6 --- /dev/null +++ b/src/cli/send-runtime/discord.ts @@ -0,0 +1,9 @@ +import { sendMessageDiscord as sendMessageDiscordImpl } from "../../plugin-sdk/discord.js"; + +type RuntimeSend = { + sendMessage: typeof import("../../plugin-sdk/discord.js").sendMessageDiscord; +}; + +export const runtimeSend = { + sendMessage: sendMessageDiscordImpl, +} satisfies RuntimeSend; diff --git a/src/cli/send-runtime/imessage.ts b/src/cli/send-runtime/imessage.ts new file mode 100644 index 00000000000..cdc91c0be74 --- /dev/null +++ b/src/cli/send-runtime/imessage.ts @@ -0,0 +1,9 @@ +import { sendMessageIMessage as sendMessageIMessageImpl } from "../../plugin-sdk/imessage.js"; + +type RuntimeSend = { + sendMessage: typeof import("../../plugin-sdk/imessage.js").sendMessageIMessage; +}; + +export const runtimeSend = { + sendMessage: sendMessageIMessageImpl, +} satisfies RuntimeSend; diff --git a/src/cli/send-runtime/signal.ts b/src/cli/send-runtime/signal.ts new file mode 100644 index 00000000000..151f13cc351 --- /dev/null +++ b/src/cli/send-runtime/signal.ts @@ -0,0 +1,9 @@ +import { sendMessageSignal as sendMessageSignalImpl } from "../../plugin-sdk/signal.js"; + +type RuntimeSend = { + sendMessage: typeof import("../../plugin-sdk/signal.js").sendMessageSignal; +}; + +export const runtimeSend = { + sendMessage: sendMessageSignalImpl, +} satisfies RuntimeSend; diff --git a/src/cli/send-runtime/slack.ts b/src/cli/send-runtime/slack.ts new file mode 100644 index 00000000000..354186cd128 --- /dev/null +++ b/src/cli/send-runtime/slack.ts @@ -0,0 +1,9 @@ +import { sendMessageSlack as sendMessageSlackImpl } from "../../plugin-sdk/slack.js"; + +type RuntimeSend = { + sendMessage: typeof import("../../plugin-sdk/slack.js").sendMessageSlack; +}; + +export const runtimeSend = { + sendMessage: sendMessageSlackImpl, +} satisfies RuntimeSend; diff --git a/src/cli/send-runtime/telegram.ts b/src/cli/send-runtime/telegram.ts new file mode 100644 index 00000000000..09d5e3e9b19 --- /dev/null +++ b/src/cli/send-runtime/telegram.ts @@ -0,0 +1,9 @@ +import { sendMessageTelegram as sendMessageTelegramImpl } from "../../plugin-sdk/telegram.js"; + +type RuntimeSend = { + sendMessage: typeof import("../../plugin-sdk/telegram.js").sendMessageTelegram; +}; + +export const runtimeSend = { + sendMessage: sendMessageTelegramImpl, +} satisfies RuntimeSend; diff --git a/src/cli/send-runtime/whatsapp.ts b/src/cli/send-runtime/whatsapp.ts new file mode 100644 index 00000000000..49f0e50baa6 --- /dev/null +++ b/src/cli/send-runtime/whatsapp.ts @@ -0,0 +1,9 @@ +import { sendMessageWhatsApp as sendMessageWhatsAppImpl } from "../../plugin-sdk/whatsapp.js"; + +type RuntimeSend = { + sendMessage: typeof import("../../plugin-sdk/whatsapp.js").sendMessageWhatsApp; +}; + +export const runtimeSend = { + sendMessage: sendMessageWhatsAppImpl, +} satisfies RuntimeSend; diff --git a/src/cli/update-cli.test.ts b/src/cli/update-cli.test.ts index 77593f876aa..abab0eb5cf4 100644 --- a/src/cli/update-cli.test.ts +++ b/src/cli/update-cli.test.ts @@ -206,6 +206,14 @@ describe("update-cli", () => { return call; }; + const expectPackageInstallSpec = (spec: string) => { + expect(runGatewayUpdate).not.toHaveBeenCalled(); + expect(runCommandWithTimeout).toHaveBeenCalledWith( + ["npm", "i", "-g", spec, "--no-fund", "--no-audit", "--loglevel=error"], + expect.any(Object), + ); + }; + const makeOkUpdateResult = (overrides: Partial = {}): UpdateRunResult => ({ status: "ok", @@ -257,6 +265,27 @@ describe("update-cli", () => { return tempDir; }; + const setupUpdatedRootRefresh = (params?: { + gatewayUpdateImpl?: () => Promise; + }) => { + const root = createCaseDir("openclaw-updated-root"); + const entryPath = path.join(root, "dist", "entry.js"); + pathExists.mockImplementation(async (candidate: string) => candidate === entryPath); + if (params?.gatewayUpdateImpl) { + vi.mocked(runGatewayUpdate).mockImplementation(params.gatewayUpdateImpl); + } else { + vi.mocked(runGatewayUpdate).mockResolvedValue({ + status: "ok", + mode: "npm", + root, + steps: [], + durationMs: 100, + }); + } + serviceLoaded.mockResolvedValue(true); + return { root, entryPath }; + }; + beforeEach(() => { vi.clearAllMocks(); vi.mocked(resolveOpenClawPackageRoot).mockResolvedValue(process.cwd()); @@ -347,37 +376,77 @@ describe("update-cli", () => { setStdoutTty(false); }); - it("updateCommand --dry-run previews without mutating", async () => { - vi.mocked(defaultRuntime.log).mockClear(); - serviceLoaded.mockResolvedValue(true); + it("updateCommand dry-run previews without mutating and bypasses downgrade confirmation", async () => { + const cases = [ + { + name: "preview mode", + run: async () => { + vi.mocked(defaultRuntime.log).mockClear(); + serviceLoaded.mockResolvedValue(true); + await updateCommand({ dryRun: true, channel: "beta" }); + }, + assert: () => { + expect(writeConfigFile).not.toHaveBeenCalled(); + expect(runGatewayUpdate).not.toHaveBeenCalled(); + expect(runDaemonInstall).not.toHaveBeenCalled(); + expect(runRestartScript).not.toHaveBeenCalled(); + expect(runDaemonRestart).not.toHaveBeenCalled(); - await updateCommand({ dryRun: true, channel: "beta" }); + const logs = vi.mocked(defaultRuntime.log).mock.calls.map((call) => String(call[0])); + expect(logs.join("\n")).toContain("Update dry-run"); + expect(logs.join("\n")).toContain("No changes were applied."); + }, + }, + { + name: "downgrade bypass", + run: async () => { + await setupNonInteractiveDowngrade(); + vi.mocked(defaultRuntime.exit).mockClear(); + await updateCommand({ dryRun: true }); + }, + assert: () => { + expect(vi.mocked(defaultRuntime.exit).mock.calls.some((call) => call[0] === 1)).toBe( + false, + ); + expect(runGatewayUpdate).not.toHaveBeenCalled(); + }, + }, + ] as const; - expect(writeConfigFile).not.toHaveBeenCalled(); - expect(runGatewayUpdate).not.toHaveBeenCalled(); - expect(runDaemonInstall).not.toHaveBeenCalled(); - expect(runRestartScript).not.toHaveBeenCalled(); - expect(runDaemonRestart).not.toHaveBeenCalled(); - - const logs = vi.mocked(defaultRuntime.log).mock.calls.map((call) => String(call[0])); - expect(logs.join("\n")).toContain("Update dry-run"); - expect(logs.join("\n")).toContain("No changes were applied."); + for (const testCase of cases) { + vi.clearAllMocks(); + await testCase.run(); + testCase.assert(); + } }); - it("updateStatusCommand prints table output", async () => { - await updateStatusCommand({ json: false }); + it("updateStatusCommand renders table and json output", async () => { + const cases = [ + { + name: "table output", + options: { json: false }, + assert: () => { + const logs = vi.mocked(defaultRuntime.log).mock.calls.map((call) => call[0]); + expect(logs.join("\n")).toContain("OpenClaw update status"); + }, + }, + { + name: "json output", + options: { json: true }, + assert: () => { + const last = vi.mocked(defaultRuntime.log).mock.calls.at(-1)?.[0]; + expect(typeof last).toBe("string"); + const parsed = JSON.parse(String(last)); + expect(parsed.channel.value).toBe("stable"); + }, + }, + ] as const; - const logs = vi.mocked(defaultRuntime.log).mock.calls.map((call) => call[0]); - expect(logs.join("\n")).toContain("OpenClaw update status"); - }); - - it("updateStatusCommand emits JSON", async () => { - await updateStatusCommand({ json: true }); - - const last = vi.mocked(defaultRuntime.log).mock.calls.at(-1)?.[0]; - expect(typeof last).toBe("string"); - const parsed = JSON.parse(String(last)); - expect(parsed.channel.value).toBe("stable"); + for (const testCase of cases) { + vi.mocked(defaultRuntime.log).mockClear(); + await updateStatusCommand(testCase.options); + testCase.assert(); + } }); it.each([ @@ -412,28 +481,47 @@ describe("update-cli", () => { expectedChannel: "beta" as const, expectedTag: undefined as string | undefined, }, - ])("$name", async ({ mode, options, prepare, expectedChannel, expectedTag }) => { - await prepare(); - if (mode) { - vi.mocked(runGatewayUpdate).mockResolvedValue(makeOkUpdateResult({ mode })); - } - - await updateCommand(options); - - if (expectedChannel !== undefined) { - const call = expectUpdateCallChannel(expectedChannel); - if (expectedTag !== undefined) { - expect(call?.tag).toBe(expectedTag); + { + name: "switches git installs to package mode for explicit beta and persists it", + mode: "git" as const, + options: { channel: "beta" }, + prepare: async () => {}, + expectedChannel: undefined as string | undefined, + expectedTag: undefined as string | undefined, + expectedPersistedChannel: "beta" as const, + }, + ])( + "$name", + async ({ mode, options, prepare, expectedChannel, expectedTag, expectedPersistedChannel }) => { + await prepare(); + if (mode) { + vi.mocked(runGatewayUpdate).mockResolvedValue(makeOkUpdateResult({ mode })); } - return; - } - expect(runGatewayUpdate).not.toHaveBeenCalled(); - expect(runCommandWithTimeout).toHaveBeenCalledWith( - ["npm", "i", "-g", "openclaw@latest", "--no-fund", "--no-audit", "--loglevel=error"], - expect.any(Object), - ); - }); + await updateCommand(options); + + if (expectedChannel !== undefined) { + const call = expectUpdateCallChannel(expectedChannel); + if (expectedTag !== undefined) { + expect(call?.tag).toBe(expectedTag); + } + } else { + expect(runGatewayUpdate).not.toHaveBeenCalled(); + expect(runCommandWithTimeout).toHaveBeenCalledWith( + ["npm", "i", "-g", "openclaw@latest", "--no-fund", "--no-audit", "--loglevel=error"], + expect.any(Object), + ); + } + + if (expectedPersistedChannel !== undefined) { + expect(writeConfigFile).toHaveBeenCalled(); + const writeCall = vi.mocked(writeConfigFile).mock.calls[0]?.[0] as { + update?: { channel?: string }; + }; + expect(writeCall?.update?.channel).toBe(expectedPersistedChannel); + } + }, + ); it("falls back to latest when beta tag is older than release", async () => { const tempDir = createCaseDir("openclaw-update"); @@ -456,18 +544,54 @@ describe("update-cli", () => { ); }); - it("honors --tag override", async () => { - const tempDir = createCaseDir("openclaw-update"); - - mockPackageInstallStatus(tempDir); - - await updateCommand({ tag: "next" }); - - expect(runGatewayUpdate).not.toHaveBeenCalled(); - expect(runCommandWithTimeout).toHaveBeenCalledWith( - ["npm", "i", "-g", "openclaw@next", "--no-fund", "--no-audit", "--loglevel=error"], - expect.any(Object), - ); + it("resolves package install specs from tags and env overrides", async () => { + for (const scenario of [ + { + name: "explicit dist-tag", + run: async () => { + mockPackageInstallStatus(createCaseDir("openclaw-update")); + await updateCommand({ tag: "next" }); + }, + expectedSpec: "openclaw@next", + }, + { + name: "main shorthand", + run: async () => { + mockPackageInstallStatus(createCaseDir("openclaw-update")); + await updateCommand({ yes: true, tag: "main" }); + }, + expectedSpec: "github:openclaw/openclaw#main", + }, + { + name: "explicit git package spec", + run: async () => { + mockPackageInstallStatus(createCaseDir("openclaw-update")); + await updateCommand({ yes: true, tag: "github:openclaw/openclaw#main" }); + }, + expectedSpec: "github:openclaw/openclaw#main", + }, + { + name: "OPENCLAW_UPDATE_PACKAGE_SPEC override", + run: async () => { + mockPackageInstallStatus(createCaseDir("openclaw-update")); + await withEnvAsync( + { OPENCLAW_UPDATE_PACKAGE_SPEC: "http://10.211.55.2:8138/openclaw-next.tgz" }, + async () => { + await updateCommand({ yes: true, tag: "latest" }); + }, + ); + }, + expectedSpec: "http://10.211.55.2:8138/openclaw-next.tgz", + }, + ]) { + vi.clearAllMocks(); + readPackageName.mockResolvedValue("openclaw"); + readPackageVersion.mockResolvedValue("1.0.0"); + resolveGlobalManager.mockResolvedValue("npm"); + vi.mocked(resolveOpenClawPackageRoot).mockResolvedValue(process.cwd()); + await scenario.run(); + expectPackageInstallSpec(scenario.expectedSpec); + } }); it("prepends portable Git PATH for package updates on Windows", async () => { @@ -523,258 +647,244 @@ describe("update-cli", () => { expect(updateOptions?.env?.NODE_LLAMA_CPP_SKIP_DOWNLOAD).toBe("1"); }); - it("uses OPENCLAW_UPDATE_PACKAGE_SPEC for package updates", async () => { - const tempDir = createCaseDir("openclaw-update"); - mockPackageInstallStatus(tempDir); - - await withEnvAsync( - { OPENCLAW_UPDATE_PACKAGE_SPEC: "http://10.211.55.2:8138/openclaw-next.tgz" }, - async () => { - await updateCommand({ yes: true, tag: "latest" }); - }, - ); - - expect(runGatewayUpdate).not.toHaveBeenCalled(); - expect(runCommandWithTimeout).toHaveBeenCalledWith( - [ - "npm", - "i", - "-g", - "http://10.211.55.2:8138/openclaw-next.tgz", - "--no-fund", - "--no-audit", - "--loglevel=error", - ], - expect.any(Object), - ); - }); - - it("maps --tag main to the GitHub main package spec for package updates", async () => { - const tempDir = createCaseDir("openclaw-update"); - mockPackageInstallStatus(tempDir); - - await updateCommand({ yes: true, tag: "main" }); - - expect(runGatewayUpdate).not.toHaveBeenCalled(); - expect(runCommandWithTimeout).toHaveBeenCalledWith( - [ - "npm", - "i", - "-g", - "github:openclaw/openclaw#main", - "--no-fund", - "--no-audit", - "--loglevel=error", - ], - expect.any(Object), - ); - }); - - it("passes explicit git package specs through for package updates", async () => { - const tempDir = createCaseDir("openclaw-update"); - mockPackageInstallStatus(tempDir); - - await updateCommand({ yes: true, tag: "github:openclaw/openclaw#main" }); - - expect(runGatewayUpdate).not.toHaveBeenCalled(); - expect(runCommandWithTimeout).toHaveBeenCalledWith( - [ - "npm", - "i", - "-g", - "github:openclaw/openclaw#main", - "--no-fund", - "--no-audit", - "--loglevel=error", - ], - expect.any(Object), - ); - }); - - it("updateCommand outputs JSON when --json is set", async () => { - vi.mocked(runGatewayUpdate).mockResolvedValue(makeOkUpdateResult()); - vi.mocked(defaultRuntime.log).mockClear(); - - await updateCommand({ json: true }); - - const logCalls = vi.mocked(defaultRuntime.log).mock.calls; - const jsonOutput = logCalls.find((call) => { - try { - JSON.parse(call[0] as string); - return true; - } catch { - return false; - } - }); - expect(jsonOutput).toBeDefined(); - }); - - it("updateCommand exits with error on failure", async () => { - const mockResult: UpdateRunResult = { - status: "error", - mode: "git", - reason: "rebase-failed", - steps: [], - durationMs: 100, - }; - - vi.mocked(runGatewayUpdate).mockResolvedValue(mockResult); - vi.mocked(defaultRuntime.exit).mockClear(); - - await updateCommand({}); - - expect(defaultRuntime.exit).toHaveBeenCalledWith(1); - }); - - it("updateCommand refreshes gateway service env when service is already installed", async () => { - const mockResult: UpdateRunResult = { - status: "ok", - mode: "git", - steps: [], - durationMs: 100, - }; - - vi.mocked(runGatewayUpdate).mockResolvedValue(mockResult); - vi.mocked(runDaemonInstall).mockResolvedValue(undefined); - serviceLoaded.mockResolvedValue(true); - - await updateCommand({}); - - expect(runDaemonInstall).toHaveBeenCalledWith({ - force: true, - json: undefined, - }); - expect(runRestartScript).toHaveBeenCalled(); - expect(runDaemonRestart).not.toHaveBeenCalled(); - }); - - it("updateCommand refreshes service env from updated install root when available", async () => { - const root = createCaseDir("openclaw-updated-root"); - const entryPath = path.join(root, "dist", "entry.js"); - pathExists.mockImplementation(async (candidate: string) => candidate === entryPath); - - vi.mocked(runGatewayUpdate).mockResolvedValue({ - status: "ok", - mode: "npm", - root, - steps: [], - durationMs: 100, - }); - serviceLoaded.mockResolvedValue(true); - - await updateCommand({}); - - expect(runCommandWithTimeout).toHaveBeenCalledWith( - [expect.stringMatching(/node/), entryPath, "gateway", "install", "--force"], - expect.objectContaining({ cwd: root, timeoutMs: 60_000 }), - ); - expect(runDaemonInstall).not.toHaveBeenCalled(); - expect(runRestartScript).toHaveBeenCalled(); - }); - - it("updateCommand preserves invocation-relative service env overrides during refresh", async () => { - const root = createCaseDir("openclaw-updated-root"); - const entryPath = path.join(root, "dist", "entry.js"); - pathExists.mockImplementation(async (candidate: string) => candidate === entryPath); - - vi.mocked(runGatewayUpdate).mockResolvedValue({ - status: "ok", - mode: "npm", - root, - steps: [], - durationMs: 100, - }); - serviceLoaded.mockResolvedValue(true); - - await withEnvAsync( + it("updateCommand reports success and failure outcomes", async () => { + const cases = [ { - OPENCLAW_STATE_DIR: "./state", - OPENCLAW_CONFIG_PATH: "./config/openclaw.json", - }, - async () => { - await updateCommand({}); - }, - ); - - expect(runCommandWithTimeout).toHaveBeenCalledWith( - [expect.stringMatching(/node/), entryPath, "gateway", "install", "--force"], - expect.objectContaining({ - cwd: root, - env: expect.objectContaining({ - OPENCLAW_STATE_DIR: path.resolve("./state"), - OPENCLAW_CONFIG_PATH: path.resolve("./config/openclaw.json"), - }), - timeoutMs: 60_000, - }), - ); - expect(runDaemonInstall).not.toHaveBeenCalled(); - }); - - it("updateCommand reuses the captured invocation cwd when process.cwd later fails", async () => { - const root = createCaseDir("openclaw-updated-root"); - const entryPath = path.join(root, "dist", "entry.js"); - pathExists.mockImplementation(async (candidate: string) => candidate === entryPath); - - const originalCwd = process.cwd(); - let restoreCwd: (() => void) | undefined; - vi.mocked(runGatewayUpdate).mockImplementation(async () => { - const cwdSpy = vi.spyOn(process, "cwd").mockImplementation(() => { - throw new Error("ENOENT: current working directory is gone"); - }); - restoreCwd = () => cwdSpy.mockRestore(); - return { - status: "ok", - mode: "npm", - root, - steps: [], - durationMs: 100, - }; - }); - serviceLoaded.mockResolvedValue(true); - - try { - await withEnvAsync( - { - OPENCLAW_STATE_DIR: "./state", + name: "outputs JSON when --json is set", + run: async () => { + vi.mocked(runGatewayUpdate).mockResolvedValue(makeOkUpdateResult()); + vi.mocked(defaultRuntime.log).mockClear(); + await updateCommand({ json: true }); }, - async () => { + assert: () => { + const logCalls = vi.mocked(defaultRuntime.log).mock.calls; + const jsonOutput = logCalls.find((call) => { + try { + JSON.parse(call[0] as string); + return true; + } catch { + return false; + } + }); + expect(jsonOutput).toBeDefined(); + }, + }, + { + name: "exits with error on failure", + run: async () => { + vi.mocked(runGatewayUpdate).mockResolvedValue({ + status: "error", + mode: "git", + reason: "rebase-failed", + steps: [], + durationMs: 100, + } satisfies UpdateRunResult); + vi.mocked(defaultRuntime.exit).mockClear(); await updateCommand({}); }, - ); - } finally { - restoreCwd?.(); + assert: () => { + expect(defaultRuntime.exit).toHaveBeenCalledWith(1); + }, + }, + ] as const; + + for (const testCase of cases) { + vi.clearAllMocks(); + await testCase.run(); + testCase.assert(); } + }); + + it("updateCommand handles service env refresh and restart behavior", async () => { + const cases = [ + { + name: "refreshes service env when already installed", + run: async () => { + vi.mocked(runGatewayUpdate).mockResolvedValue({ + status: "ok", + mode: "git", + steps: [], + durationMs: 100, + } satisfies UpdateRunResult); + vi.mocked(runDaemonInstall).mockResolvedValue(undefined); + serviceLoaded.mockResolvedValue(true); + + await updateCommand({}); + }, + assert: () => { + expect(runDaemonInstall).toHaveBeenCalledWith({ + force: true, + json: undefined, + }); + expect(runRestartScript).toHaveBeenCalled(); + expect(runDaemonRestart).not.toHaveBeenCalled(); + }, + }, + { + name: "falls back to daemon restart when service env refresh cannot complete", + run: async () => { + vi.mocked(runDaemonRestart).mockResolvedValue(true); + await runRestartFallbackScenario({ daemonInstall: "fail" }); + }, + assert: () => { + expect(runDaemonInstall).toHaveBeenCalledWith({ + force: true, + json: undefined, + }); + expect(runDaemonRestart).toHaveBeenCalled(); + }, + }, + { + name: "keeps going when daemon install succeeds but restart fallback still handles relaunch", + run: async () => { + vi.mocked(runDaemonRestart).mockResolvedValue(true); + await runRestartFallbackScenario({ daemonInstall: "ok" }); + }, + assert: () => { + expect(runDaemonInstall).toHaveBeenCalledWith({ + force: true, + json: undefined, + }); + expect(runDaemonRestart).toHaveBeenCalled(); + }, + }, + { + name: "skips service env refresh when --no-restart is set", + run: async () => { + vi.mocked(runGatewayUpdate).mockResolvedValue(makeOkUpdateResult()); + serviceLoaded.mockResolvedValue(true); + + await updateCommand({ restart: false }); + }, + assert: () => { + expect(runDaemonInstall).not.toHaveBeenCalled(); + expect(runRestartScript).not.toHaveBeenCalled(); + expect(runDaemonRestart).not.toHaveBeenCalled(); + }, + }, + { + name: "skips success message when restart does not run", + run: async () => { + vi.mocked(runGatewayUpdate).mockResolvedValue(makeOkUpdateResult()); + vi.mocked(runDaemonRestart).mockResolvedValue(false); + vi.mocked(defaultRuntime.log).mockClear(); + await updateCommand({ restart: true }); + }, + assert: () => { + const logLines = vi.mocked(defaultRuntime.log).mock.calls.map((call) => String(call[0])); + expect(logLines.some((line) => line.includes("Daemon restarted successfully."))).toBe( + false, + ); + }, + }, + ] as const; + + for (const testCase of cases) { + vi.clearAllMocks(); + await testCase.run(); + testCase.assert(); + } + }); + + it.each([ + { + name: "updateCommand refreshes service env from updated install root when available", + invoke: async () => { + await updateCommand({}); + }, + expectedOptions: (root: string) => expect.objectContaining({ cwd: root, timeoutMs: 60_000 }), + assertExtra: () => { + expect(runDaemonInstall).not.toHaveBeenCalled(); + expect(runRestartScript).toHaveBeenCalled(); + }, + }, + { + name: "updateCommand preserves invocation-relative service env overrides during refresh", + invoke: async () => { + await withEnvAsync( + { + OPENCLAW_STATE_DIR: "./state", + OPENCLAW_CONFIG_PATH: "./config/openclaw.json", + }, + async () => { + await updateCommand({}); + }, + ); + }, + expectedOptions: (root: string) => + expect.objectContaining({ + cwd: root, + env: expect.objectContaining({ + OPENCLAW_STATE_DIR: path.resolve("./state"), + OPENCLAW_CONFIG_PATH: path.resolve("./config/openclaw.json"), + }), + timeoutMs: 60_000, + }), + assertExtra: () => { + expect(runDaemonInstall).not.toHaveBeenCalled(); + }, + }, + { + name: "updateCommand reuses the captured invocation cwd when process.cwd later fails", + invoke: async () => { + const originalCwd = process.cwd(); + let restoreCwd: (() => void) | undefined; + const { root } = setupUpdatedRootRefresh({ + gatewayUpdateImpl: async () => { + const cwdSpy = vi.spyOn(process, "cwd").mockImplementation(() => { + throw new Error("ENOENT: current working directory is gone"); + }); + restoreCwd = () => cwdSpy.mockRestore(); + return { + status: "ok", + mode: "npm", + root, + steps: [], + durationMs: 100, + }; + }, + }); + try { + await withEnvAsync( + { + OPENCLAW_STATE_DIR: "./state", + }, + async () => { + await updateCommand({}); + }, + ); + } finally { + restoreCwd?.(); + } + return { originalCwd }; + }, + customSetup: true, + expectedOptions: (_root: string, context?: { originalCwd: string }) => + expect.objectContaining({ + cwd: expect.any(String), + env: expect.objectContaining({ + OPENCLAW_STATE_DIR: path.resolve(context?.originalCwd ?? process.cwd(), "./state"), + }), + timeoutMs: 60_000, + }), + assertExtra: () => { + expect(runDaemonInstall).not.toHaveBeenCalled(); + }, + }, + ])("$name", async (testCase) => { + const setup = testCase.customSetup ? undefined : setupUpdatedRootRefresh(); + const context = (await testCase.invoke()) as { originalCwd: string } | undefined; + const runCommandWithTimeoutMock = vi.mocked(runCommandWithTimeout) as unknown as { + mock: { calls: Array<[unknown, { cwd?: string }?]> }; + }; + const root = setup?.root ?? runCommandWithTimeoutMock.mock.calls[0]?.[1]?.cwd; + const entryPath = setup?.entryPath ?? path.join(String(root), "dist", "entry.js"); expect(runCommandWithTimeout).toHaveBeenCalledWith( [expect.stringMatching(/node/), entryPath, "gateway", "install", "--force"], - expect.objectContaining({ - cwd: root, - env: expect.objectContaining({ - OPENCLAW_STATE_DIR: path.resolve(originalCwd, "./state"), - }), - timeoutMs: 60_000, - }), + testCase.expectedOptions(String(root), context), ); - expect(runDaemonInstall).not.toHaveBeenCalled(); - }); - - it("updateCommand falls back to restart when env refresh install fails", async () => { - await runRestartFallbackScenario({ daemonInstall: "fail" }); - }); - - it("updateCommand falls back to restart when no detached restart script is available", async () => { - await runRestartFallbackScenario({ daemonInstall: "ok" }); - }); - - it("updateCommand does not refresh service env when --no-restart is set", async () => { - vi.mocked(runGatewayUpdate).mockResolvedValue(makeOkUpdateResult()); - serviceLoaded.mockResolvedValue(true); - - await updateCommand({ restart: false }); - - expect(runDaemonInstall).not.toHaveBeenCalled(); - expect(runRestartScript).not.toHaveBeenCalled(); - expect(runDaemonRestart).not.toHaveBeenCalled(); + testCase.assertExtra(); }); it("updateCommand continues after doctor sub-step and clears update flag", async () => { @@ -806,54 +916,46 @@ describe("update-cli", () => { } }); - it("updateCommand skips success message when restart does not run", async () => { - vi.mocked(runGatewayUpdate).mockResolvedValue(makeOkUpdateResult()); - vi.mocked(runDaemonRestart).mockResolvedValue(false); - vi.mocked(defaultRuntime.log).mockClear(); + it("validates update command invocation errors", async () => { + const cases = [ + { + name: "update command invalid timeout", + run: async () => await updateCommand({ timeout: "invalid" }), + requireTty: false, + expectedError: "timeout", + }, + { + name: "update status command invalid timeout", + run: async () => await updateStatusCommand({ timeout: "invalid" }), + requireTty: false, + expectedError: "timeout", + }, + { + name: "update wizard invalid timeout", + run: async () => await updateWizardCommand({ timeout: "invalid" }), + requireTty: true, + expectedError: "timeout", + }, + { + name: "update wizard requires a TTY", + run: async () => await updateWizardCommand({}), + requireTty: false, + expectedError: "Update wizard requires a TTY", + }, + ] as const; - await updateCommand({ restart: true }); + for (const testCase of cases) { + setTty(testCase.requireTty); + vi.mocked(defaultRuntime.error).mockClear(); + vi.mocked(defaultRuntime.exit).mockClear(); - const logLines = vi.mocked(defaultRuntime.log).mock.calls.map((call) => String(call[0])); - expect(logLines.some((line) => line.includes("Daemon restarted successfully."))).toBe(false); - }); + await testCase.run(); - it.each([ - { - name: "update command", - run: async () => await updateCommand({ timeout: "invalid" }), - requireTty: false, - }, - { - name: "update status command", - run: async () => await updateStatusCommand({ timeout: "invalid" }), - requireTty: false, - }, - { - name: "update wizard command", - run: async () => await updateWizardCommand({ timeout: "invalid" }), - requireTty: true, - }, - ])("validates timeout option for $name", async ({ run, requireTty }) => { - setTty(requireTty); - vi.mocked(defaultRuntime.error).mockClear(); - vi.mocked(defaultRuntime.exit).mockClear(); - - await run(); - - expect(defaultRuntime.error).toHaveBeenCalledWith(expect.stringContaining("timeout")); - expect(defaultRuntime.exit).toHaveBeenCalledWith(1); - }); - - it("persists update channel when --channel is set", async () => { - vi.mocked(runGatewayUpdate).mockResolvedValue(makeOkUpdateResult()); - - await updateCommand({ channel: "beta" }); - - expect(writeConfigFile).toHaveBeenCalled(); - const call = vi.mocked(writeConfigFile).mock.calls[0]?.[0] as { - update?: { channel?: string }; - }; - expect(call?.update?.channel).toBe("beta"); + expect(defaultRuntime.error, testCase.name).toHaveBeenCalledWith( + expect.stringContaining(testCase.expectedError), + ); + expect(defaultRuntime.exit, testCase.name).toHaveBeenCalledWith(1); + } }); it.each([ @@ -888,29 +990,6 @@ describe("update-cli", () => { ).toBe(shouldRunPackageUpdate); }); - it("dry-run bypasses downgrade confirmation checks in non-interactive mode", async () => { - await setupNonInteractiveDowngrade(); - vi.mocked(defaultRuntime.exit).mockClear(); - - await updateCommand({ dryRun: true }); - - expect(vi.mocked(defaultRuntime.exit).mock.calls.some((call) => call[0] === 1)).toBe(false); - expect(runGatewayUpdate).not.toHaveBeenCalled(); - }); - - it("updateWizardCommand requires a TTY", async () => { - setTty(false); - vi.mocked(defaultRuntime.error).mockClear(); - vi.mocked(defaultRuntime.exit).mockClear(); - - await updateWizardCommand({}); - - expect(defaultRuntime.error).toHaveBeenCalledWith( - expect.stringContaining("Update wizard requires a TTY"), - ); - expect(defaultRuntime.exit).toHaveBeenCalledWith(1); - }); - it("updateWizardCommand offers dev checkout and forwards selections", async () => { const tempDir = createCaseDir("openclaw-update-wizard"); await withEnvAsync({ OPENCLAW_GIT_DIR: tempDir }, async () => { diff --git a/src/commands/agent.test.ts b/src/commands/agent.test.ts index 5b4fc2c9040..04d92a2d76d 100644 --- a/src/commands/agent.test.ts +++ b/src/commands/agent.test.ts @@ -3,6 +3,7 @@ import path from "node:path"; import { beforeEach, describe, expect, it, type MockInstance, vi } from "vitest"; import { withTempHome as withTempHomeBase } from "../../test/helpers/temp-home.js"; import "../cron/isolated-agent.mocks.js"; +import * as authProfilesModule from "../agents/auth-profiles.js"; import * as cliRunnerModule from "../agents/cli-runner.js"; import { FailoverError } from "../agents/failover-error.js"; import { loadModelCatalog } from "../agents/model-catalog.js"; @@ -11,7 +12,7 @@ import { runEmbeddedPiAgent } from "../agents/pi-embedded.js"; import * as commandSecretGatewayModule from "../cli/command-secret-gateway.js"; import type { OpenClawConfig } from "../config/config.js"; import * as configModule from "../config/config.js"; -import * as sessionsModule from "../config/sessions.js"; +import * as sessionPathsModule from "../config/sessions/paths.js"; import { emitAgentEvent, onAgentEvent } from "../infra/agent-events.js"; import { setActivePluginRegistry } from "../plugins/runtime.js"; import type { RuntimeEnv } from "../runtime.js"; @@ -19,6 +20,24 @@ import { createOutboundTestPlugin, createTestRegistry } from "../test-utils/chan import { agentCommand, agentCommandFromIngress } from "./agent.js"; import * as agentDeliveryModule from "./agent/delivery.js"; +vi.mock("../logging/subsystem.js", () => { + const createMockLogger = () => ({ + subsystem: "test", + isEnabled: vi.fn(() => true), + trace: vi.fn(), + info: vi.fn(), + warn: vi.fn(), + error: vi.fn(), + debug: vi.fn(), + fatal: vi.fn(), + raw: vi.fn(), + child: vi.fn(() => createMockLogger()), + }); + return { + createSubsystemLogger: vi.fn(() => createMockLogger()), + }; +}); + vi.mock("../agents/auth-profiles.js", async (importOriginal) => { const actual = await importOriginal(); return { @@ -27,10 +46,13 @@ vi.mock("../agents/auth-profiles.js", async (importOriginal) => { }; }); -vi.mock("../agents/workspace.js", async (importOriginal) => { - const actual = await importOriginal(); +vi.mock("../agents/workspace.js", () => { + const resolveDefaultAgentWorkspaceDir = () => "/tmp/openclaw-workspace"; return { - ...actual, + DEFAULT_AGENT_WORKSPACE_DIR: "/tmp/openclaw-workspace", + DEFAULT_AGENTS_FILENAME: "AGENTS.md", + DEFAULT_IDENTITY_FILENAME: "IDENTITY.md", + resolveDefaultAgentWorkspaceDir, ensureAgentWorkspace: vi.fn(async ({ dir }: { dir: string }) => ({ dir })), }; }); @@ -405,13 +427,35 @@ describe("agentCommand", () => { }); }); + it("requires explicit allowModelOverride for ingress runs", async () => { + await withTempHome(async (home) => { + const store = path.join(home, "sessions.json"); + mockConfig(home, store); + await expect( + // Runtime guard for non-TS callers; TS callsites are statically typed. + agentCommandFromIngress( + { + message: "hi", + to: "+1555", + senderIsOwner: false, + } as never, + runtime, + ), + ).rejects.toThrow("allowModelOverride must be explicitly set for ingress agent runs."); + }); + }); + it("honors explicit senderIsOwner for ingress runs", async () => { await withTempHome(async (home) => { const store = path.join(home, "sessions.json"); mockConfig(home, store); - await agentCommandFromIngress({ message: "hi", to: "+1555", senderIsOwner: false }, runtime); + await agentCommandFromIngress( + { message: "hi", to: "+1555", senderIsOwner: false, allowModelOverride: false }, + runtime, + ); const ingressCall = vi.mocked(runEmbeddedPiAgent).mock.calls.at(-1)?.[0]; expect(ingressCall?.senderIsOwner).toBe(false); + expect(ingressCall).not.toHaveProperty("allowModelOverride"); }); }); @@ -462,7 +506,7 @@ describe("agentCommand", () => { const store = path.join(customStoreDir, "sessions.json"); writeSessionStoreSeed(store, {}); mockConfig(home, store); - const resolveSessionFilePathSpy = vi.spyOn(sessionsModule, "resolveSessionFilePath"); + const resolveSessionFilePathSpy = vi.spyOn(sessionPathsModule, "resolveSessionFilePath"); await agentCommand({ message: "resume me", sessionId: "session-custom-123" }, runtime); @@ -686,6 +730,149 @@ describe("agentCommand", () => { }); }); + it("applies per-run provider and model overrides without persisting them", async () => { + await withTempHome(async (home) => { + const store = path.join(home, "sessions.json"); + mockConfig(home, store, { + models: { + "anthropic/claude-opus-4-5": {}, + "openai/gpt-4.1-mini": {}, + }, + }); + + await agentCommand( + { + message: "use the override", + sessionKey: "agent:main:subagent:run-override", + provider: "openai", + model: "gpt-4.1-mini", + }, + runtime, + ); + + expectLastRunProviderModel("openai", "gpt-4.1-mini"); + + const saved = readSessionStore<{ + providerOverride?: string; + modelOverride?: string; + }>(store); + expect(saved["agent:main:subagent:run-override"]?.providerOverride).toBeUndefined(); + expect(saved["agent:main:subagent:run-override"]?.modelOverride).toBeUndefined(); + }); + }); + + it("rejects explicit override values that contain control characters", async () => { + await withTempHome(async (home) => { + const store = path.join(home, "sessions.json"); + mockConfig(home, store, { + models: { + "anthropic/claude-opus-4-5": {}, + "openai/gpt-4.1-mini": {}, + }, + }); + + await expect( + agentCommand( + { + message: "use an invalid override", + sessionKey: "agent:main:subagent:invalid-override", + provider: "openai\u001b[31m", + model: "gpt-4.1-mini", + }, + runtime, + ), + ).rejects.toThrow("Provider override contains invalid control characters."); + }); + }); + + it("sanitizes provider/model text in model-allowlist errors", async () => { + const parseModelRefSpy = vi.spyOn(modelSelectionModule, "parseModelRef"); + parseModelRefSpy.mockImplementationOnce(() => ({ + provider: "anthropic\u001b[31m", + model: "claude-haiku-4-5\u001b[32m", + })); + try { + await withTempHome(async (home) => { + const store = path.join(home, "sessions.json"); + mockConfig(home, store, { + models: { + "openai/gpt-4.1-mini": {}, + }, + }); + + await expect( + agentCommand( + { + message: "use disallowed override", + sessionKey: "agent:main:subagent:sanitized-override-error", + model: "claude-haiku-4-5", + }, + runtime, + ), + ).rejects.toThrow( + 'Model override "anthropic/claude-haiku-4-5" is not allowed for agent "main".', + ); + }); + } finally { + parseModelRefSpy.mockRestore(); + } + }); + + it("keeps stored auth profile overrides during one-off cross-provider runs", async () => { + await withTempHome(async (home) => { + const store = path.join(home, "sessions.json"); + writeSessionStoreSeed(store, { + "agent:main:subagent:temp-openai-run": { + sessionId: "session-temp-openai-run", + updatedAt: Date.now(), + authProfileOverride: "anthropic:work", + authProfileOverrideSource: "user", + authProfileOverrideCompactionCount: 2, + }, + }); + mockConfig(home, store, { + models: { + "anthropic/claude-opus-4-5": {}, + "openai/gpt-4.1-mini": {}, + }, + }); + vi.mocked(authProfilesModule.ensureAuthProfileStore).mockReturnValue({ + version: 1, + profiles: { + "anthropic:work": { + provider: "anthropic", + }, + }, + } as never); + + await agentCommand( + { + message: "use a different provider once", + sessionKey: "agent:main:subagent:temp-openai-run", + provider: "openai", + model: "gpt-4.1-mini", + }, + runtime, + ); + + expectLastRunProviderModel("openai", "gpt-4.1-mini"); + expect(getLastEmbeddedCall()?.authProfileId).toBeUndefined(); + + const saved = readSessionStore<{ + authProfileOverride?: string; + authProfileOverrideSource?: string; + authProfileOverrideCompactionCount?: number; + }>(store); + expect(saved["agent:main:subagent:temp-openai-run"]?.authProfileOverride).toBe( + "anthropic:work", + ); + expect(saved["agent:main:subagent:temp-openai-run"]?.authProfileOverrideSource).toBe("user"); + expect(saved["agent:main:subagent:temp-openai-run"]?.authProfileOverrideCompactionCount).toBe( + 2, + ); + }); + }); + it("keeps explicit sessionKey even when sessionId exists elsewhere", async () => { await withTempHome(async (home) => { const store = path.join(home, "sessions.json"); diff --git a/src/commands/agent.ts b/src/commands/agent.ts index ab690b37666..219cdf3dd58 100644 --- a/src/commands/agent.ts +++ b/src/commands/agent.ts @@ -1,1257 +1 @@ -import fs from "node:fs/promises"; -import { SessionManager } from "@mariozechner/pi-coding-agent"; -import { getAcpSessionManager } from "../acp/control-plane/manager.js"; -import { resolveAcpAgentPolicyError, resolveAcpDispatchPolicyError } from "../acp/policy.js"; -import { toAcpRuntimeError } from "../acp/runtime/errors.js"; -import { resolveAcpSessionCwd } from "../acp/runtime/session-identifiers.js"; -import { createSubsystemLogger } from "../logging/subsystem.js"; - -const log = createSubsystemLogger("commands/agent"); -import { - listAgentIds, - resolveAgentDir, - resolveEffectiveModelFallbacks, - resolveSessionAgentId, - resolveAgentSkillsFilter, - resolveAgentWorkspaceDir, -} from "../agents/agent-scope.js"; -import { ensureAuthProfileStore } from "../agents/auth-profiles.js"; -import { clearSessionAuthProfileOverride } from "../agents/auth-profiles/session-override.js"; -import { resolveBootstrapWarningSignaturesSeen } from "../agents/bootstrap-budget.js"; -import { runCliAgent } from "../agents/cli-runner.js"; -import { getCliSessionId, setCliSessionId } from "../agents/cli-session.js"; -import { DEFAULT_MODEL, DEFAULT_PROVIDER } from "../agents/defaults.js"; -import { FailoverError } from "../agents/failover-error.js"; -import { formatAgentInternalEventsForPrompt } from "../agents/internal-events.js"; -import { AGENT_LANE_SUBAGENT } from "../agents/lanes.js"; -import { loadModelCatalog } from "../agents/model-catalog.js"; -import { runWithModelFallback } from "../agents/model-fallback.js"; -import { - buildAllowedModelSet, - isCliProvider, - modelKey, - normalizeModelRef, - normalizeProviderId, - resolveConfiguredModelRef, - resolveDefaultModelForAgent, - resolveThinkingDefault, -} from "../agents/model-selection.js"; -import { prepareSessionManagerForRun } from "../agents/pi-embedded-runner/session-manager-init.js"; -import { runEmbeddedPiAgent } from "../agents/pi-embedded.js"; -import { buildWorkspaceSkillSnapshot } from "../agents/skills.js"; -import { getSkillsSnapshotVersion } from "../agents/skills/refresh.js"; -import { normalizeSpawnedRunMetadata } from "../agents/spawned-context.js"; -import { resolveAgentTimeoutMs } from "../agents/timeout.js"; -import { ensureAgentWorkspace } from "../agents/workspace.js"; -import { normalizeReplyPayload } from "../auto-reply/reply/normalize-reply.js"; -import { - formatThinkingLevels, - formatXHighModelHint, - normalizeThinkLevel, - normalizeVerboseLevel, - supportsXHighThinking, - type ThinkLevel, - type VerboseLevel, -} from "../auto-reply/thinking.js"; -import { - isSilentReplyPrefixText, - isSilentReplyText, - SILENT_REPLY_TOKEN, -} from "../auto-reply/tokens.js"; -import { formatCliCommand } from "../cli/command-format.js"; -import { resolveCommandSecretRefsViaGateway } from "../cli/command-secret-gateway.js"; -import { getAgentRuntimeCommandSecretTargetIds } from "../cli/command-secret-targets.js"; -import { type CliDeps, createDefaultDeps } from "../cli/deps.js"; -import { - loadConfig, - readConfigFileSnapshotForWrite, - setRuntimeConfigSnapshot, -} from "../config/config.js"; -import { - mergeSessionEntry, - resolveAgentIdFromSessionKey, - type SessionEntry, - updateSessionStore, -} from "../config/sessions.js"; -import { resolveSessionTranscriptFile } from "../config/sessions/transcript.js"; -import { - clearAgentRunContext, - emitAgentEvent, - registerAgentRunContext, -} from "../infra/agent-events.js"; -import { buildOutboundSessionContext } from "../infra/outbound/session-context.js"; -import { getRemoteSkillEligibility } from "../infra/skills-remote.js"; -import { normalizeAgentId } from "../routing/session-key.js"; -import { defaultRuntime, type RuntimeEnv } from "../runtime.js"; -import { applyVerboseOverride } from "../sessions/level-overrides.js"; -import { applyModelOverrideToSessionEntry } from "../sessions/model-overrides.js"; -import { resolveSendPolicy } from "../sessions/send-policy.js"; -import { emitSessionTranscriptUpdate } from "../sessions/transcript-events.js"; -import { resolveMessageChannel } from "../utils/message-channel.js"; -import { deliverAgentCommandResult } from "./agent/delivery.js"; -import { resolveAgentRunContext } from "./agent/run-context.js"; -import { updateSessionStoreAfterAgentRun } from "./agent/session-store.js"; -import { resolveSession } from "./agent/session.js"; -import type { AgentCommandIngressOpts, AgentCommandOpts } from "./agent/types.js"; - -type PersistSessionEntryParams = { - sessionStore: Record; - sessionKey: string; - storePath: string; - entry: SessionEntry; -}; - -type OverrideFieldClearedByDelete = - | "providerOverride" - | "modelOverride" - | "authProfileOverride" - | "authProfileOverrideSource" - | "authProfileOverrideCompactionCount" - | "fallbackNoticeSelectedModel" - | "fallbackNoticeActiveModel" - | "fallbackNoticeReason" - | "claudeCliSessionId"; - -const OVERRIDE_FIELDS_CLEARED_BY_DELETE: OverrideFieldClearedByDelete[] = [ - "providerOverride", - "modelOverride", - "authProfileOverride", - "authProfileOverrideSource", - "authProfileOverrideCompactionCount", - "fallbackNoticeSelectedModel", - "fallbackNoticeActiveModel", - "fallbackNoticeReason", - "claudeCliSessionId", -]; - -async function persistSessionEntry(params: PersistSessionEntryParams): Promise { - const persisted = await updateSessionStore(params.storePath, (store) => { - const merged = mergeSessionEntry(store[params.sessionKey], params.entry); - // Preserve explicit `delete` clears done by session override helpers. - for (const field of OVERRIDE_FIELDS_CLEARED_BY_DELETE) { - if (!Object.hasOwn(params.entry, field)) { - Reflect.deleteProperty(merged, field); - } - } - store[params.sessionKey] = merged; - return merged; - }); - params.sessionStore[params.sessionKey] = persisted; -} - -function resolveFallbackRetryPrompt(params: { body: string; isFallbackRetry: boolean }): string { - if (!params.isFallbackRetry) { - return params.body; - } - return "Continue where you left off. The previous model attempt failed or timed out."; -} - -function prependInternalEventContext( - body: string, - events: AgentCommandOpts["internalEvents"], -): string { - if (body.includes("OpenClaw runtime context (internal):")) { - return body; - } - const renderedEvents = formatAgentInternalEventsForPrompt(events); - if (!renderedEvents) { - return body; - } - return [renderedEvents, body].filter(Boolean).join("\n\n"); -} - -function createAcpVisibleTextAccumulator() { - let pendingSilentPrefix = ""; - let visibleText = ""; - const startsWithWordChar = (chunk: string): boolean => /^[\p{L}\p{N}]/u.test(chunk); - - const resolveNextCandidate = (base: string, chunk: string): string => { - if (!base) { - return chunk; - } - if ( - isSilentReplyText(base, SILENT_REPLY_TOKEN) && - !chunk.startsWith(base) && - startsWithWordChar(chunk) - ) { - return chunk; - } - // Some ACP backends emit cumulative snapshots even on text_delta-style hooks. - // Accept those only when they strictly extend the buffered text. - if (chunk.startsWith(base) && chunk.length > base.length) { - return chunk; - } - return `${base}${chunk}`; - }; - - const mergeVisibleChunk = (base: string, chunk: string): { text: string; delta: string } => { - if (!base) { - return { text: chunk, delta: chunk }; - } - if (chunk.startsWith(base) && chunk.length > base.length) { - const delta = chunk.slice(base.length); - return { text: chunk, delta }; - } - return { - text: `${base}${chunk}`, - delta: chunk, - }; - }; - - return { - consume(chunk: string): { text: string; delta: string } | null { - if (!chunk) { - return null; - } - - if (!visibleText) { - const leadCandidate = resolveNextCandidate(pendingSilentPrefix, chunk); - const trimmedLeadCandidate = leadCandidate.trim(); - if ( - isSilentReplyText(trimmedLeadCandidate, SILENT_REPLY_TOKEN) || - isSilentReplyPrefixText(trimmedLeadCandidate, SILENT_REPLY_TOKEN) - ) { - pendingSilentPrefix = leadCandidate; - return null; - } - if (pendingSilentPrefix) { - pendingSilentPrefix = ""; - visibleText = leadCandidate; - return { - text: visibleText, - delta: leadCandidate, - }; - } - } - - const nextVisible = mergeVisibleChunk(visibleText, chunk); - visibleText = nextVisible.text; - return nextVisible.delta ? nextVisible : null; - }, - finalize(): string { - return visibleText.trim(); - }, - finalizeRaw(): string { - return visibleText; - }, - }; -} - -const ACP_TRANSCRIPT_USAGE = { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, - totalTokens: 0, - cost: { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, - total: 0, - }, -} as const; - -async function persistAcpTurnTranscript(params: { - body: string; - finalText: string; - sessionId: string; - sessionKey: string; - sessionEntry: SessionEntry | undefined; - sessionStore?: Record; - storePath?: string; - sessionAgentId: string; - threadId?: string | number; - sessionCwd: string; -}): Promise { - const promptText = params.body; - const replyText = params.finalText; - if (!promptText && !replyText) { - return params.sessionEntry; - } - - const { sessionFile, sessionEntry } = await resolveSessionTranscriptFile({ - sessionId: params.sessionId, - sessionKey: params.sessionKey, - sessionEntry: params.sessionEntry, - sessionStore: params.sessionStore, - storePath: params.storePath, - agentId: params.sessionAgentId, - threadId: params.threadId, - }); - const hadSessionFile = await fs - .access(sessionFile) - .then(() => true) - .catch(() => false); - const sessionManager = SessionManager.open(sessionFile); - await prepareSessionManagerForRun({ - sessionManager, - sessionFile, - hadSessionFile, - sessionId: params.sessionId, - cwd: params.sessionCwd, - }); - - if (promptText) { - sessionManager.appendMessage({ - role: "user", - content: promptText, - timestamp: Date.now(), - }); - } - - if (replyText) { - sessionManager.appendMessage({ - role: "assistant", - content: [{ type: "text", text: replyText }], - api: "openai-responses", - provider: "openclaw", - model: "acp-runtime", - usage: ACP_TRANSCRIPT_USAGE, - stopReason: "stop", - timestamp: Date.now(), - }); - } - - emitSessionTranscriptUpdate(sessionFile); - return sessionEntry; -} - -function runAgentAttempt(params: { - providerOverride: string; - modelOverride: string; - cfg: ReturnType; - sessionEntry: SessionEntry | undefined; - sessionId: string; - sessionKey: string | undefined; - sessionAgentId: string; - sessionFile: string; - workspaceDir: string; - body: string; - isFallbackRetry: boolean; - resolvedThinkLevel: ThinkLevel; - timeoutMs: number; - runId: string; - opts: AgentCommandOpts & { senderIsOwner: boolean }; - runContext: ReturnType; - spawnedBy: string | undefined; - messageChannel: ReturnType; - skillsSnapshot: ReturnType | undefined; - resolvedVerboseLevel: VerboseLevel | undefined; - agentDir: string; - onAgentEvent: (evt: { stream: string; data?: Record }) => void; - primaryProvider: string; - sessionStore?: Record; - storePath?: string; - allowTransientCooldownProbe?: boolean; -}) { - const effectivePrompt = resolveFallbackRetryPrompt({ - body: params.body, - isFallbackRetry: params.isFallbackRetry, - }); - const bootstrapPromptWarningSignaturesSeen = resolveBootstrapWarningSignaturesSeen( - params.sessionEntry?.systemPromptReport, - ); - const bootstrapPromptWarningSignature = - bootstrapPromptWarningSignaturesSeen[bootstrapPromptWarningSignaturesSeen.length - 1]; - if (isCliProvider(params.providerOverride, params.cfg)) { - const cliSessionId = getCliSessionId(params.sessionEntry, params.providerOverride); - const runCliWithSession = (nextCliSessionId: string | undefined) => - runCliAgent({ - sessionId: params.sessionId, - sessionKey: params.sessionKey, - agentId: params.sessionAgentId, - sessionFile: params.sessionFile, - workspaceDir: params.workspaceDir, - config: params.cfg, - prompt: effectivePrompt, - provider: params.providerOverride, - model: params.modelOverride, - thinkLevel: params.resolvedThinkLevel, - timeoutMs: params.timeoutMs, - runId: params.runId, - extraSystemPrompt: params.opts.extraSystemPrompt, - cliSessionId: nextCliSessionId, - bootstrapPromptWarningSignaturesSeen, - bootstrapPromptWarningSignature, - images: params.isFallbackRetry ? undefined : params.opts.images, - streamParams: params.opts.streamParams, - }); - return runCliWithSession(cliSessionId).catch(async (err) => { - // Handle CLI session expired error - if ( - err instanceof FailoverError && - err.reason === "session_expired" && - cliSessionId && - params.sessionKey && - params.sessionStore && - params.storePath - ) { - log.warn( - `CLI session expired, clearing from session store: provider=${params.providerOverride} sessionKey=${params.sessionKey}`, - ); - - // Clear the expired session ID from the session store - const entry = params.sessionStore[params.sessionKey]; - if (entry) { - const updatedEntry = { ...entry }; - if (params.providerOverride === "claude-cli") { - delete updatedEntry.claudeCliSessionId; - } - if (updatedEntry.cliSessionIds) { - const normalizedProvider = normalizeProviderId(params.providerOverride); - const newCliSessionIds = { ...updatedEntry.cliSessionIds }; - delete newCliSessionIds[normalizedProvider]; - updatedEntry.cliSessionIds = newCliSessionIds; - } - updatedEntry.updatedAt = Date.now(); - - await persistSessionEntry({ - sessionStore: params.sessionStore, - sessionKey: params.sessionKey, - storePath: params.storePath, - entry: updatedEntry, - }); - - // Update the session entry reference - params.sessionEntry = updatedEntry; - } - - // Retry with no session ID (will create a new session) - return runCliWithSession(undefined).then(async (result) => { - // Update session store with new CLI session ID if available - if ( - result.meta.agentMeta?.sessionId && - params.sessionKey && - params.sessionStore && - params.storePath - ) { - const entry = params.sessionStore[params.sessionKey]; - if (entry) { - const updatedEntry = { ...entry }; - setCliSessionId( - updatedEntry, - params.providerOverride, - result.meta.agentMeta.sessionId, - ); - updatedEntry.updatedAt = Date.now(); - - await persistSessionEntry({ - sessionStore: params.sessionStore, - sessionKey: params.sessionKey, - storePath: params.storePath, - entry: updatedEntry, - }); - } - } - return result; - }); - } - throw err; - }); - } - - const authProfileId = - params.providerOverride === params.primaryProvider - ? params.sessionEntry?.authProfileOverride - : undefined; - return runEmbeddedPiAgent({ - sessionId: params.sessionId, - sessionKey: params.sessionKey, - agentId: params.sessionAgentId, - trigger: "user", - messageChannel: params.messageChannel, - agentAccountId: params.runContext.accountId, - messageTo: params.opts.replyTo ?? params.opts.to, - messageThreadId: params.opts.threadId, - groupId: params.runContext.groupId, - groupChannel: params.runContext.groupChannel, - groupSpace: params.runContext.groupSpace, - spawnedBy: params.spawnedBy, - currentChannelId: params.runContext.currentChannelId, - currentThreadTs: params.runContext.currentThreadTs, - replyToMode: params.runContext.replyToMode, - hasRepliedRef: params.runContext.hasRepliedRef, - senderIsOwner: params.opts.senderIsOwner, - sessionFile: params.sessionFile, - workspaceDir: params.workspaceDir, - config: params.cfg, - skillsSnapshot: params.skillsSnapshot, - prompt: effectivePrompt, - images: params.isFallbackRetry ? undefined : params.opts.images, - clientTools: params.opts.clientTools, - provider: params.providerOverride, - model: params.modelOverride, - authProfileId, - authProfileIdSource: authProfileId ? params.sessionEntry?.authProfileOverrideSource : undefined, - thinkLevel: params.resolvedThinkLevel, - verboseLevel: params.resolvedVerboseLevel, - timeoutMs: params.timeoutMs, - runId: params.runId, - lane: params.opts.lane, - abortSignal: params.opts.abortSignal, - extraSystemPrompt: params.opts.extraSystemPrompt, - inputProvenance: params.opts.inputProvenance, - streamParams: params.opts.streamParams, - agentDir: params.agentDir, - allowTransientCooldownProbe: params.allowTransientCooldownProbe, - onAgentEvent: params.onAgentEvent, - bootstrapPromptWarningSignaturesSeen, - bootstrapPromptWarningSignature, - }); -} - -async function prepareAgentCommandExecution( - opts: AgentCommandOpts & { senderIsOwner: boolean }, - runtime: RuntimeEnv, -) { - const message = opts.message ?? ""; - if (!message.trim()) { - throw new Error("Message (--message) is required"); - } - const body = prependInternalEventContext(message, opts.internalEvents); - if (!opts.to && !opts.sessionId && !opts.sessionKey && !opts.agentId) { - throw new Error("Pass --to , --session-id, or --agent to choose a session"); - } - - const loadedRaw = loadConfig(); - const sourceConfig = await (async () => { - try { - const { snapshot } = await readConfigFileSnapshotForWrite(); - if (snapshot.valid) { - return snapshot.resolved; - } - } catch { - // Fall back to runtime-loaded config when source snapshot is unavailable. - } - return loadedRaw; - })(); - const { resolvedConfig: cfg, diagnostics } = await resolveCommandSecretRefsViaGateway({ - config: loadedRaw, - commandName: "agent", - targetIds: getAgentRuntimeCommandSecretTargetIds(), - }); - setRuntimeConfigSnapshot(cfg, sourceConfig); - const normalizedSpawned = normalizeSpawnedRunMetadata({ - spawnedBy: opts.spawnedBy, - groupId: opts.groupId, - groupChannel: opts.groupChannel, - groupSpace: opts.groupSpace, - workspaceDir: opts.workspaceDir, - }); - for (const entry of diagnostics) { - runtime.log(`[secrets] ${entry}`); - } - const agentIdOverrideRaw = opts.agentId?.trim(); - const agentIdOverride = agentIdOverrideRaw ? normalizeAgentId(agentIdOverrideRaw) : undefined; - if (agentIdOverride) { - const knownAgents = listAgentIds(cfg); - if (!knownAgents.includes(agentIdOverride)) { - throw new Error( - `Unknown agent id "${agentIdOverrideRaw}". Use "${formatCliCommand("openclaw agents list")}" to see configured agents.`, - ); - } - } - if (agentIdOverride && opts.sessionKey) { - const sessionAgentId = resolveAgentIdFromSessionKey(opts.sessionKey); - if (sessionAgentId !== agentIdOverride) { - throw new Error( - `Agent id "${agentIdOverrideRaw}" does not match session key agent "${sessionAgentId}".`, - ); - } - } - const agentCfg = cfg.agents?.defaults; - const configuredModel = resolveConfiguredModelRef({ - cfg, - defaultProvider: DEFAULT_PROVIDER, - defaultModel: DEFAULT_MODEL, - }); - const thinkingLevelsHint = formatThinkingLevels(configuredModel.provider, configuredModel.model); - - const thinkOverride = normalizeThinkLevel(opts.thinking); - const thinkOnce = normalizeThinkLevel(opts.thinkingOnce); - if (opts.thinking && !thinkOverride) { - throw new Error(`Invalid thinking level. Use one of: ${thinkingLevelsHint}.`); - } - if (opts.thinkingOnce && !thinkOnce) { - throw new Error(`Invalid one-shot thinking level. Use one of: ${thinkingLevelsHint}.`); - } - - const verboseOverride = normalizeVerboseLevel(opts.verbose); - if (opts.verbose && !verboseOverride) { - throw new Error('Invalid verbose level. Use "on", "full", or "off".'); - } - - const laneRaw = typeof opts.lane === "string" ? opts.lane.trim() : ""; - const isSubagentLane = laneRaw === String(AGENT_LANE_SUBAGENT); - const timeoutSecondsRaw = - opts.timeout !== undefined - ? Number.parseInt(String(opts.timeout), 10) - : isSubagentLane - ? 0 - : undefined; - if ( - timeoutSecondsRaw !== undefined && - (Number.isNaN(timeoutSecondsRaw) || timeoutSecondsRaw < 0) - ) { - throw new Error("--timeout must be a non-negative integer (seconds; 0 means no timeout)"); - } - const timeoutMs = resolveAgentTimeoutMs({ - cfg, - overrideSeconds: timeoutSecondsRaw, - }); - - const sessionResolution = resolveSession({ - cfg, - to: opts.to, - sessionId: opts.sessionId, - sessionKey: opts.sessionKey, - agentId: agentIdOverride, - }); - - const { - sessionId, - sessionKey, - sessionEntry: sessionEntryRaw, - sessionStore, - storePath, - isNewSession, - persistedThinking, - persistedVerbose, - } = sessionResolution; - const sessionAgentId = - agentIdOverride ?? - resolveSessionAgentId({ - sessionKey: sessionKey ?? opts.sessionKey?.trim(), - config: cfg, - }); - const outboundSession = buildOutboundSessionContext({ - cfg, - agentId: sessionAgentId, - sessionKey, - }); - // Internal callers (for example subagent spawns) may pin workspace inheritance. - const workspaceDirRaw = - normalizedSpawned.workspaceDir ?? resolveAgentWorkspaceDir(cfg, sessionAgentId); - const agentDir = resolveAgentDir(cfg, sessionAgentId); - const workspace = await ensureAgentWorkspace({ - dir: workspaceDirRaw, - ensureBootstrapFiles: !agentCfg?.skipBootstrap, - }); - const workspaceDir = workspace.dir; - const runId = opts.runId?.trim() || sessionId; - const acpManager = getAcpSessionManager(); - const acpResolution = sessionKey - ? acpManager.resolveSession({ - cfg, - sessionKey, - }) - : null; - - return { - body, - cfg, - normalizedSpawned, - agentCfg, - thinkOverride, - thinkOnce, - verboseOverride, - timeoutMs, - sessionId, - sessionKey, - sessionEntry: sessionEntryRaw, - sessionStore, - storePath, - isNewSession, - persistedThinking, - persistedVerbose, - sessionAgentId, - outboundSession, - workspaceDir, - agentDir, - runId, - acpManager, - acpResolution, - }; -} - -async function agentCommandInternal( - opts: AgentCommandOpts & { senderIsOwner: boolean }, - runtime: RuntimeEnv = defaultRuntime, - deps: CliDeps = createDefaultDeps(), -) { - const prepared = await prepareAgentCommandExecution(opts, runtime); - const { - body, - cfg, - normalizedSpawned, - agentCfg, - thinkOverride, - thinkOnce, - verboseOverride, - timeoutMs, - sessionId, - sessionKey, - sessionStore, - storePath, - isNewSession, - persistedThinking, - persistedVerbose, - sessionAgentId, - outboundSession, - workspaceDir, - agentDir, - runId, - acpManager, - acpResolution, - } = prepared; - let sessionEntry = prepared.sessionEntry; - - try { - if (opts.deliver === true) { - const sendPolicy = resolveSendPolicy({ - cfg, - entry: sessionEntry, - sessionKey, - channel: sessionEntry?.channel, - chatType: sessionEntry?.chatType, - }); - if (sendPolicy === "deny") { - throw new Error("send blocked by session policy"); - } - } - - if (acpResolution?.kind === "stale") { - throw acpResolution.error; - } - - if (acpResolution?.kind === "ready" && sessionKey) { - const startedAt = Date.now(); - registerAgentRunContext(runId, { - sessionKey, - }); - emitAgentEvent({ - runId, - stream: "lifecycle", - data: { - phase: "start", - startedAt, - }, - }); - - const visibleTextAccumulator = createAcpVisibleTextAccumulator(); - let stopReason: string | undefined; - try { - const dispatchPolicyError = resolveAcpDispatchPolicyError(cfg); - if (dispatchPolicyError) { - throw dispatchPolicyError; - } - const acpAgent = normalizeAgentId( - acpResolution.meta.agent || resolveAgentIdFromSessionKey(sessionKey), - ); - const agentPolicyError = resolveAcpAgentPolicyError(cfg, acpAgent); - if (agentPolicyError) { - throw agentPolicyError; - } - - await acpManager.runTurn({ - cfg, - sessionKey, - text: body, - mode: "prompt", - requestId: runId, - signal: opts.abortSignal, - onEvent: (event) => { - if (event.type === "done") { - stopReason = event.stopReason; - return; - } - if (event.type !== "text_delta") { - return; - } - if (event.stream && event.stream !== "output") { - return; - } - if (!event.text) { - return; - } - const visibleUpdate = visibleTextAccumulator.consume(event.text); - if (!visibleUpdate) { - return; - } - emitAgentEvent({ - runId, - stream: "assistant", - data: { - text: visibleUpdate.text, - delta: visibleUpdate.delta, - }, - }); - }, - }); - } catch (error) { - const acpError = toAcpRuntimeError({ - error, - fallbackCode: "ACP_TURN_FAILED", - fallbackMessage: "ACP turn failed before completion.", - }); - emitAgentEvent({ - runId, - stream: "lifecycle", - data: { - phase: "error", - error: acpError.message, - endedAt: Date.now(), - }, - }); - throw acpError; - } - - emitAgentEvent({ - runId, - stream: "lifecycle", - data: { - phase: "end", - endedAt: Date.now(), - }, - }); - - const finalTextRaw = visibleTextAccumulator.finalizeRaw(); - const finalText = visibleTextAccumulator.finalize(); - try { - sessionEntry = await persistAcpTurnTranscript({ - body, - finalText: finalTextRaw, - sessionId, - sessionKey, - sessionEntry, - sessionStore, - storePath, - sessionAgentId, - threadId: opts.threadId, - sessionCwd: resolveAcpSessionCwd(acpResolution.meta) ?? workspaceDir, - }); - } catch (error) { - log.warn( - `ACP transcript persistence failed for ${sessionKey}: ${error instanceof Error ? error.message : String(error)}`, - ); - } - - const normalizedFinalPayload = normalizeReplyPayload({ - text: finalText, - }); - const payloads = normalizedFinalPayload ? [normalizedFinalPayload] : []; - const result = { - payloads, - meta: { - durationMs: Date.now() - startedAt, - aborted: opts.abortSignal?.aborted === true, - stopReason, - }, - }; - - return await deliverAgentCommandResult({ - cfg, - deps, - runtime, - opts, - outboundSession, - sessionEntry, - result, - payloads, - }); - } - - let resolvedThinkLevel = thinkOnce ?? thinkOverride ?? persistedThinking; - const resolvedVerboseLevel = - verboseOverride ?? persistedVerbose ?? (agentCfg?.verboseDefault as VerboseLevel | undefined); - - if (sessionKey) { - registerAgentRunContext(runId, { - sessionKey, - verboseLevel: resolvedVerboseLevel, - }); - } - - const needsSkillsSnapshot = isNewSession || !sessionEntry?.skillsSnapshot; - const skillsSnapshotVersion = getSkillsSnapshotVersion(workspaceDir); - const skillFilter = resolveAgentSkillsFilter(cfg, sessionAgentId); - const skillsSnapshot = needsSkillsSnapshot - ? buildWorkspaceSkillSnapshot(workspaceDir, { - config: cfg, - eligibility: { remote: getRemoteSkillEligibility() }, - snapshotVersion: skillsSnapshotVersion, - skillFilter, - }) - : sessionEntry?.skillsSnapshot; - - if (skillsSnapshot && sessionStore && sessionKey && needsSkillsSnapshot) { - const current = sessionEntry ?? { - sessionId, - updatedAt: Date.now(), - }; - const next: SessionEntry = { - ...current, - sessionId, - updatedAt: Date.now(), - skillsSnapshot, - }; - await persistSessionEntry({ - sessionStore, - sessionKey, - storePath, - entry: next, - }); - sessionEntry = next; - } - - // Persist explicit /command overrides to the session store when we have a key. - if (sessionStore && sessionKey) { - const entry = sessionStore[sessionKey] ?? - sessionEntry ?? { sessionId, updatedAt: Date.now() }; - const next: SessionEntry = { ...entry, sessionId, updatedAt: Date.now() }; - if (thinkOverride) { - next.thinkingLevel = thinkOverride; - } - applyVerboseOverride(next, verboseOverride); - await persistSessionEntry({ - sessionStore, - sessionKey, - storePath, - entry: next, - }); - sessionEntry = next; - } - - const configuredDefaultRef = resolveDefaultModelForAgent({ - cfg, - agentId: sessionAgentId, - }); - const { provider: defaultProvider, model: defaultModel } = normalizeModelRef( - configuredDefaultRef.provider, - configuredDefaultRef.model, - ); - let provider = defaultProvider; - let model = defaultModel; - const hasAllowlist = agentCfg?.models && Object.keys(agentCfg.models).length > 0; - const hasStoredOverride = Boolean( - sessionEntry?.modelOverride || sessionEntry?.providerOverride, - ); - const needsModelCatalog = hasAllowlist || hasStoredOverride; - let allowedModelKeys = new Set(); - let allowedModelCatalog: Awaited> = []; - let modelCatalog: Awaited> | null = null; - let allowAnyModel = false; - - if (needsModelCatalog) { - modelCatalog = await loadModelCatalog({ config: cfg }); - const allowed = buildAllowedModelSet({ - cfg, - catalog: modelCatalog, - defaultProvider, - defaultModel, - agentId: sessionAgentId, - }); - allowedModelKeys = allowed.allowedKeys; - allowedModelCatalog = allowed.allowedCatalog; - allowAnyModel = allowed.allowAny ?? false; - } - - if (sessionEntry && sessionStore && sessionKey && hasStoredOverride) { - const entry = sessionEntry; - const overrideProvider = sessionEntry.providerOverride?.trim() || defaultProvider; - const overrideModel = sessionEntry.modelOverride?.trim(); - if (overrideModel) { - const normalizedOverride = normalizeModelRef(overrideProvider, overrideModel); - const key = modelKey(normalizedOverride.provider, normalizedOverride.model); - if ( - !isCliProvider(normalizedOverride.provider, cfg) && - !allowAnyModel && - !allowedModelKeys.has(key) - ) { - const { updated } = applyModelOverrideToSessionEntry({ - entry, - selection: { provider: defaultProvider, model: defaultModel, isDefault: true }, - }); - if (updated) { - await persistSessionEntry({ - sessionStore, - sessionKey, - storePath, - entry, - }); - } - } - } - } - - const storedProviderOverride = sessionEntry?.providerOverride?.trim(); - const storedModelOverride = sessionEntry?.modelOverride?.trim(); - if (storedModelOverride) { - const candidateProvider = storedProviderOverride || defaultProvider; - const normalizedStored = normalizeModelRef(candidateProvider, storedModelOverride); - const key = modelKey(normalizedStored.provider, normalizedStored.model); - if ( - isCliProvider(normalizedStored.provider, cfg) || - allowAnyModel || - allowedModelKeys.has(key) - ) { - provider = normalizedStored.provider; - model = normalizedStored.model; - } - } - if (sessionEntry) { - const authProfileId = sessionEntry.authProfileOverride; - if (authProfileId) { - const entry = sessionEntry; - const store = ensureAuthProfileStore(); - const profile = store.profiles[authProfileId]; - if (!profile || profile.provider !== provider) { - if (sessionStore && sessionKey) { - await clearSessionAuthProfileOverride({ - sessionEntry: entry, - sessionStore, - sessionKey, - storePath, - }); - } - } - } - } - - if (!resolvedThinkLevel) { - let catalogForThinking = modelCatalog ?? allowedModelCatalog; - if (!catalogForThinking || catalogForThinking.length === 0) { - modelCatalog = await loadModelCatalog({ config: cfg }); - catalogForThinking = modelCatalog; - } - resolvedThinkLevel = resolveThinkingDefault({ - cfg, - provider, - model, - catalog: catalogForThinking, - }); - } - if (resolvedThinkLevel === "xhigh" && !supportsXHighThinking(provider, model)) { - const explicitThink = Boolean(thinkOnce || thinkOverride); - if (explicitThink) { - throw new Error(`Thinking level "xhigh" is only supported for ${formatXHighModelHint()}.`); - } - resolvedThinkLevel = "high"; - if (sessionEntry && sessionStore && sessionKey && sessionEntry.thinkingLevel === "xhigh") { - const entry = sessionEntry; - entry.thinkingLevel = "high"; - entry.updatedAt = Date.now(); - await persistSessionEntry({ - sessionStore, - sessionKey, - storePath, - entry, - }); - } - } - let sessionFile: string | undefined; - if (sessionStore && sessionKey) { - const resolvedSessionFile = await resolveSessionTranscriptFile({ - sessionId, - sessionKey, - sessionStore, - storePath, - sessionEntry, - agentId: sessionAgentId, - threadId: opts.threadId, - }); - sessionFile = resolvedSessionFile.sessionFile; - sessionEntry = resolvedSessionFile.sessionEntry; - } - if (!sessionFile) { - const resolvedSessionFile = await resolveSessionTranscriptFile({ - sessionId, - sessionKey: sessionKey ?? sessionId, - sessionEntry, - agentId: sessionAgentId, - threadId: opts.threadId, - }); - sessionFile = resolvedSessionFile.sessionFile; - sessionEntry = resolvedSessionFile.sessionEntry; - } - - const startedAt = Date.now(); - let lifecycleEnded = false; - - let result: Awaited>; - let fallbackProvider = provider; - let fallbackModel = model; - try { - const runContext = resolveAgentRunContext(opts); - const messageChannel = resolveMessageChannel( - runContext.messageChannel, - opts.replyChannel ?? opts.channel, - ); - const spawnedBy = normalizedSpawned.spawnedBy ?? sessionEntry?.spawnedBy; - // Keep fallback candidate resolution centralized so session model overrides, - // per-agent overrides, and default fallbacks stay consistent across callers. - const effectiveFallbacksOverride = resolveEffectiveModelFallbacks({ - cfg, - agentId: sessionAgentId, - hasSessionModelOverride: Boolean(storedModelOverride), - }); - - // Track model fallback attempts so retries on an existing session don't - // re-inject the original prompt as a duplicate user message. - let fallbackAttemptIndex = 0; - const fallbackResult = await runWithModelFallback({ - cfg, - provider, - model, - runId, - agentDir, - fallbacksOverride: effectiveFallbacksOverride, - run: (providerOverride, modelOverride, runOptions) => { - const isFallbackRetry = fallbackAttemptIndex > 0; - fallbackAttemptIndex += 1; - return runAgentAttempt({ - providerOverride, - modelOverride, - cfg, - sessionEntry, - sessionId, - sessionKey, - sessionAgentId, - sessionFile, - workspaceDir, - body, - isFallbackRetry, - resolvedThinkLevel, - timeoutMs, - runId, - opts, - runContext, - spawnedBy, - messageChannel, - skillsSnapshot, - resolvedVerboseLevel, - agentDir, - primaryProvider: provider, - sessionStore, - storePath, - allowTransientCooldownProbe: runOptions?.allowTransientCooldownProbe, - onAgentEvent: (evt) => { - // Track lifecycle end for fallback emission below. - if ( - evt.stream === "lifecycle" && - typeof evt.data?.phase === "string" && - (evt.data.phase === "end" || evt.data.phase === "error") - ) { - lifecycleEnded = true; - } - }, - }); - }, - }); - result = fallbackResult.result; - fallbackProvider = fallbackResult.provider; - fallbackModel = fallbackResult.model; - if (!lifecycleEnded) { - const stopReason = result.meta.stopReason; - if (stopReason && stopReason !== "end_turn") { - console.error(`[agent] run ${runId} ended with stopReason=${stopReason}`); - } - emitAgentEvent({ - runId, - stream: "lifecycle", - data: { - phase: "end", - startedAt, - endedAt: Date.now(), - aborted: result.meta.aborted ?? false, - stopReason, - }, - }); - } - } catch (err) { - if (!lifecycleEnded) { - emitAgentEvent({ - runId, - stream: "lifecycle", - data: { - phase: "error", - startedAt, - endedAt: Date.now(), - error: String(err), - }, - }); - } - throw err; - } - - // Update token+model fields in the session store. - if (sessionStore && sessionKey) { - await updateSessionStoreAfterAgentRun({ - cfg, - contextTokensOverride: agentCfg?.contextTokens, - sessionId, - sessionKey, - storePath, - sessionStore, - defaultProvider: provider, - defaultModel: model, - fallbackProvider, - fallbackModel, - result, - }); - } - - const payloads = result.payloads ?? []; - return await deliverAgentCommandResult({ - cfg, - deps, - runtime, - opts, - outboundSession, - sessionEntry, - result, - payloads, - }); - } finally { - clearAgentRunContext(runId); - } -} - -export async function agentCommand( - opts: AgentCommandOpts, - runtime: RuntimeEnv = defaultRuntime, - deps: CliDeps = createDefaultDeps(), -) { - return await agentCommandInternal( - { - ...opts, - // agentCommand is the trusted-operator entrypoint used by CLI/local flows. - // Ingress callers must opt into owner semantics explicitly via - // agentCommandFromIngress so network-facing paths cannot inherit this default by accident. - senderIsOwner: opts.senderIsOwner ?? true, - }, - runtime, - deps, - ); -} - -export async function agentCommandFromIngress( - opts: AgentCommandIngressOpts, - runtime: RuntimeEnv = defaultRuntime, - deps: CliDeps = createDefaultDeps(), -) { - if (typeof opts.senderIsOwner !== "boolean") { - // HTTP/WS ingress must declare the trust level explicitly at the boundary. - // This keeps network-facing callers from silently picking up the local trusted default. - throw new Error("senderIsOwner must be explicitly set for ingress agent runs."); - } - return await agentCommandInternal( - { - ...opts, - senderIsOwner: opts.senderIsOwner, - }, - runtime, - deps, - ); -} +export * from "../agents/agent-command.js"; diff --git a/src/commands/agent/delivery.ts b/src/commands/agent/delivery.ts index 282ed52e45e..02d9a36041e 100644 --- a/src/commands/agent/delivery.ts +++ b/src/commands/agent/delivery.ts @@ -1,240 +1 @@ -import { AGENT_LANE_NESTED } from "../../agents/lanes.js"; -import { getChannelPlugin, normalizeChannelId } from "../../channels/plugins/index.js"; -import { createOutboundSendDeps, type CliDeps } from "../../cli/outbound-send-deps.js"; -import type { OpenClawConfig } from "../../config/config.js"; -import type { SessionEntry } from "../../config/sessions.js"; -import { - resolveAgentDeliveryPlan, - resolveAgentOutboundTarget, -} from "../../infra/outbound/agent-delivery.js"; -import { resolveMessageChannelSelection } from "../../infra/outbound/channel-selection.js"; -import { deliverOutboundPayloads } from "../../infra/outbound/deliver.js"; -import { buildOutboundResultEnvelope } from "../../infra/outbound/envelope.js"; -import { - formatOutboundPayloadLog, - type NormalizedOutboundPayload, - normalizeOutboundPayloads, - normalizeOutboundPayloadsForJson, -} from "../../infra/outbound/payloads.js"; -import type { OutboundSessionContext } from "../../infra/outbound/session-context.js"; -import type { RuntimeEnv } from "../../runtime.js"; -import { isInternalMessageChannel } from "../../utils/message-channel.js"; -import type { AgentCommandOpts } from "./types.js"; - -type RunResult = Awaited< - ReturnType<(typeof import("../../agents/pi-embedded.js"))["runEmbeddedPiAgent"]> ->; - -const NESTED_LOG_PREFIX = "[agent:nested]"; - -function formatNestedLogPrefix(opts: AgentCommandOpts, sessionKey?: string): string { - const parts = [NESTED_LOG_PREFIX]; - const session = sessionKey ?? opts.sessionKey ?? opts.sessionId; - if (session) { - parts.push(`session=${session}`); - } - if (opts.runId) { - parts.push(`run=${opts.runId}`); - } - const channel = opts.messageChannel ?? opts.channel; - if (channel) { - parts.push(`channel=${channel}`); - } - if (opts.to) { - parts.push(`to=${opts.to}`); - } - if (opts.accountId) { - parts.push(`account=${opts.accountId}`); - } - return parts.join(" "); -} - -function logNestedOutput( - runtime: RuntimeEnv, - opts: AgentCommandOpts, - output: string, - sessionKey?: string, -) { - const prefix = formatNestedLogPrefix(opts, sessionKey); - for (const line of output.split(/\r?\n/)) { - if (!line) { - continue; - } - runtime.log(`${prefix} ${line}`); - } -} - -export async function deliverAgentCommandResult(params: { - cfg: OpenClawConfig; - deps: CliDeps; - runtime: RuntimeEnv; - opts: AgentCommandOpts; - outboundSession: OutboundSessionContext | undefined; - sessionEntry: SessionEntry | undefined; - result: RunResult; - payloads: RunResult["payloads"]; -}) { - const { cfg, deps, runtime, opts, outboundSession, sessionEntry, payloads, result } = params; - const effectiveSessionKey = outboundSession?.key ?? opts.sessionKey; - const deliver = opts.deliver === true; - const bestEffortDeliver = opts.bestEffortDeliver === true; - const turnSourceChannel = opts.runContext?.messageChannel ?? opts.messageChannel; - const turnSourceTo = opts.runContext?.currentChannelId ?? opts.to; - const turnSourceAccountId = opts.runContext?.accountId ?? opts.accountId; - const turnSourceThreadId = opts.runContext?.currentThreadTs ?? opts.threadId; - const deliveryPlan = resolveAgentDeliveryPlan({ - sessionEntry, - requestedChannel: opts.replyChannel ?? opts.channel, - explicitTo: opts.replyTo ?? opts.to, - explicitThreadId: opts.threadId, - accountId: opts.replyAccountId ?? opts.accountId, - wantsDelivery: deliver, - turnSourceChannel, - turnSourceTo, - turnSourceAccountId, - turnSourceThreadId, - }); - let deliveryChannel = deliveryPlan.resolvedChannel; - const explicitChannelHint = (opts.replyChannel ?? opts.channel)?.trim(); - if (deliver && isInternalMessageChannel(deliveryChannel) && !explicitChannelHint) { - try { - const selection = await resolveMessageChannelSelection({ cfg }); - deliveryChannel = selection.channel; - } catch { - // Keep the internal channel marker; error handling below reports the failure. - } - } - const effectiveDeliveryPlan = - deliveryChannel === deliveryPlan.resolvedChannel - ? deliveryPlan - : { - ...deliveryPlan, - resolvedChannel: deliveryChannel, - }; - // Channel docking: delivery channels are resolved via plugin registry. - const deliveryPlugin = !isInternalMessageChannel(deliveryChannel) - ? getChannelPlugin(normalizeChannelId(deliveryChannel) ?? deliveryChannel) - : undefined; - - const isDeliveryChannelKnown = - isInternalMessageChannel(deliveryChannel) || Boolean(deliveryPlugin); - - const targetMode = - opts.deliveryTargetMode ?? - effectiveDeliveryPlan.deliveryTargetMode ?? - (opts.to ? "explicit" : "implicit"); - const resolvedAccountId = effectiveDeliveryPlan.resolvedAccountId; - const resolved = - deliver && isDeliveryChannelKnown && deliveryChannel - ? resolveAgentOutboundTarget({ - cfg, - plan: effectiveDeliveryPlan, - targetMode, - validateExplicitTarget: true, - }) - : { - resolvedTarget: null, - resolvedTo: effectiveDeliveryPlan.resolvedTo, - targetMode, - }; - const resolvedTarget = resolved.resolvedTarget; - const deliveryTarget = resolved.resolvedTo; - const resolvedThreadId = deliveryPlan.resolvedThreadId ?? opts.threadId; - const resolvedReplyToId = - deliveryChannel === "slack" && resolvedThreadId != null ? String(resolvedThreadId) : undefined; - const resolvedThreadTarget = deliveryChannel === "slack" ? undefined : resolvedThreadId; - - const logDeliveryError = (err: unknown) => { - const message = `Delivery failed (${deliveryChannel}${deliveryTarget ? ` to ${deliveryTarget}` : ""}): ${String(err)}`; - runtime.error?.(message); - if (!runtime.error) { - runtime.log(message); - } - }; - - if (deliver) { - if (isInternalMessageChannel(deliveryChannel)) { - const err = new Error( - "delivery channel is required: pass --channel/--reply-channel or use a main session with a previous channel", - ); - if (!bestEffortDeliver) { - throw err; - } - logDeliveryError(err); - } else if (!isDeliveryChannelKnown) { - const err = new Error(`Unknown channel: ${deliveryChannel}`); - if (!bestEffortDeliver) { - throw err; - } - logDeliveryError(err); - } else if (resolvedTarget && !resolvedTarget.ok) { - if (!bestEffortDeliver) { - throw resolvedTarget.error; - } - logDeliveryError(resolvedTarget.error); - } - } - - const normalizedPayloads = normalizeOutboundPayloadsForJson(payloads ?? []); - if (opts.json) { - runtime.log( - JSON.stringify( - buildOutboundResultEnvelope({ - payloads: normalizedPayloads, - meta: result.meta, - }), - null, - 2, - ), - ); - if (!deliver) { - return { payloads: normalizedPayloads, meta: result.meta }; - } - } - - if (!payloads || payloads.length === 0) { - runtime.log("No reply from agent."); - return { payloads: [], meta: result.meta }; - } - - const deliveryPayloads = normalizeOutboundPayloads(payloads); - const logPayload = (payload: NormalizedOutboundPayload) => { - if (opts.json) { - return; - } - const output = formatOutboundPayloadLog(payload); - if (!output) { - return; - } - if (opts.lane === AGENT_LANE_NESTED) { - logNestedOutput(runtime, opts, output, effectiveSessionKey); - return; - } - runtime.log(output); - }; - if (!deliver) { - for (const payload of deliveryPayloads) { - logPayload(payload); - } - } - if (deliver && deliveryChannel && !isInternalMessageChannel(deliveryChannel)) { - if (deliveryTarget) { - await deliverOutboundPayloads({ - cfg, - channel: deliveryChannel, - to: deliveryTarget, - accountId: resolvedAccountId, - payloads: deliveryPayloads, - session: outboundSession, - replyToId: resolvedReplyToId ?? null, - threadId: resolvedThreadTarget ?? null, - bestEffort: bestEffortDeliver, - onError: (err) => logDeliveryError(err), - onPayload: logPayload, - deps: createOutboundSendDeps(deps), - }); - } - } - - return { payloads: normalizedPayloads, meta: result.meta }; -} +export * from "../../agents/command/delivery.js"; diff --git a/src/commands/agent/run-context.ts b/src/commands/agent/run-context.ts index b6c121a6c0a..92dcf6adc71 100644 --- a/src/commands/agent/run-context.ts +++ b/src/commands/agent/run-context.ts @@ -1,55 +1 @@ -import { normalizeAccountId } from "../../utils/account-id.js"; -import { resolveMessageChannel } from "../../utils/message-channel.js"; -import type { AgentCommandOpts, AgentRunContext } from "./types.js"; - -export function resolveAgentRunContext(opts: AgentCommandOpts): AgentRunContext { - const merged: AgentRunContext = opts.runContext ? { ...opts.runContext } : {}; - - const normalizedChannel = resolveMessageChannel( - merged.messageChannel ?? opts.messageChannel, - opts.replyChannel ?? opts.channel, - ); - if (normalizedChannel) { - merged.messageChannel = normalizedChannel; - } - - const normalizedAccountId = normalizeAccountId(merged.accountId ?? opts.accountId); - if (normalizedAccountId) { - merged.accountId = normalizedAccountId; - } - - const groupId = (merged.groupId ?? opts.groupId)?.toString().trim(); - if (groupId) { - merged.groupId = groupId; - } - - const groupChannel = (merged.groupChannel ?? opts.groupChannel)?.toString().trim(); - if (groupChannel) { - merged.groupChannel = groupChannel; - } - - const groupSpace = (merged.groupSpace ?? opts.groupSpace)?.toString().trim(); - if (groupSpace) { - merged.groupSpace = groupSpace; - } - - if ( - merged.currentThreadTs == null && - opts.threadId != null && - opts.threadId !== "" && - opts.threadId !== null - ) { - merged.currentThreadTs = String(opts.threadId); - } - - // Populate currentChannelId from the outbound target so channel threading - // adapters can detect same-conversation auto-threading. - if (!merged.currentChannelId && opts.to) { - const trimmedTo = opts.to.trim(); - if (trimmedTo) { - merged.currentChannelId = trimmedTo; - } - } - - return merged; -} +export * from "../../agents/command/run-context.js"; diff --git a/src/commands/agent/session-store.ts b/src/commands/agent/session-store.ts index 08bde6bb9a8..29c590e1dad 100644 --- a/src/commands/agent/session-store.ts +++ b/src/commands/agent/session-store.ts @@ -1,111 +1 @@ -import { setCliSessionId } from "../../agents/cli-session.js"; -import { resolveContextTokensForModel } from "../../agents/context.js"; -import { DEFAULT_CONTEXT_TOKENS } from "../../agents/defaults.js"; -import { isCliProvider } from "../../agents/model-selection.js"; -import { deriveSessionTotalTokens, hasNonzeroUsage } from "../../agents/usage.js"; -import type { OpenClawConfig } from "../../config/config.js"; -import { - mergeSessionEntry, - setSessionRuntimeModel, - type SessionEntry, - updateSessionStore, -} from "../../config/sessions.js"; - -type RunResult = Awaited< - ReturnType<(typeof import("../../agents/pi-embedded.js"))["runEmbeddedPiAgent"]> ->; - -export async function updateSessionStoreAfterAgentRun(params: { - cfg: OpenClawConfig; - contextTokensOverride?: number; - sessionId: string; - sessionKey: string; - storePath: string; - sessionStore: Record; - defaultProvider: string; - defaultModel: string; - fallbackProvider?: string; - fallbackModel?: string; - result: RunResult; -}) { - const { - cfg, - sessionId, - sessionKey, - storePath, - sessionStore, - defaultProvider, - defaultModel, - fallbackProvider, - fallbackModel, - result, - } = params; - - const usage = result.meta.agentMeta?.usage; - const promptTokens = result.meta.agentMeta?.promptTokens; - const compactionsThisRun = Math.max(0, result.meta.agentMeta?.compactionCount ?? 0); - const modelUsed = result.meta.agentMeta?.model ?? fallbackModel ?? defaultModel; - const providerUsed = result.meta.agentMeta?.provider ?? fallbackProvider ?? defaultProvider; - const contextTokens = - resolveContextTokensForModel({ - cfg, - provider: providerUsed, - model: modelUsed, - contextTokensOverride: params.contextTokensOverride, - fallbackContextTokens: DEFAULT_CONTEXT_TOKENS, - }) ?? DEFAULT_CONTEXT_TOKENS; - - const entry = sessionStore[sessionKey] ?? { - sessionId, - updatedAt: Date.now(), - }; - const next: SessionEntry = { - ...entry, - sessionId, - updatedAt: Date.now(), - contextTokens, - }; - setSessionRuntimeModel(next, { - provider: providerUsed, - model: modelUsed, - }); - if (isCliProvider(providerUsed, cfg)) { - const cliSessionId = result.meta.agentMeta?.sessionId?.trim(); - if (cliSessionId) { - setCliSessionId(next, providerUsed, cliSessionId); - } - } - next.abortedLastRun = result.meta.aborted ?? false; - if (result.meta.systemPromptReport) { - next.systemPromptReport = result.meta.systemPromptReport; - } - if (hasNonzeroUsage(usage)) { - const input = usage.input ?? 0; - const output = usage.output ?? 0; - const totalTokens = deriveSessionTotalTokens({ - usage, - contextTokens, - promptTokens, - }); - next.inputTokens = input; - next.outputTokens = output; - if (typeof totalTokens === "number" && Number.isFinite(totalTokens) && totalTokens > 0) { - next.totalTokens = totalTokens; - next.totalTokensFresh = true; - } else { - next.totalTokens = undefined; - next.totalTokensFresh = false; - } - next.cacheRead = usage.cacheRead ?? 0; - next.cacheWrite = usage.cacheWrite ?? 0; - } - if (compactionsThisRun > 0) { - next.compactionCount = (entry.compactionCount ?? 0) + compactionsThisRun; - } - const persisted = await updateSessionStore(storePath, (store) => { - const merged = mergeSessionEntry(store[sessionKey], next); - store[sessionKey] = merged; - return merged; - }); - sessionStore[sessionKey] = persisted; -} +export * from "../../agents/command/session-store.js"; diff --git a/src/commands/agent/session.ts b/src/commands/agent/session.ts index f3ef076d654..232bb38327c 100644 --- a/src/commands/agent/session.ts +++ b/src/commands/agent/session.ts @@ -1,172 +1 @@ -import crypto from "node:crypto"; -import { listAgentIds } from "../../agents/agent-scope.js"; -import { clearBootstrapSnapshotOnSessionRollover } from "../../agents/bootstrap-cache.js"; -import type { MsgContext } from "../../auto-reply/templating.js"; -import { - normalizeThinkLevel, - normalizeVerboseLevel, - type ThinkLevel, - type VerboseLevel, -} from "../../auto-reply/thinking.js"; -import type { OpenClawConfig } from "../../config/config.js"; -import { - evaluateSessionFreshness, - loadSessionStore, - resolveAgentIdFromSessionKey, - resolveChannelResetConfig, - resolveExplicitAgentSessionKey, - resolveSessionResetPolicy, - resolveSessionResetType, - resolveSessionKey, - resolveStorePath, - type SessionEntry, -} from "../../config/sessions.js"; -import { normalizeMainKey } from "../../routing/session-key.js"; - -export type SessionResolution = { - sessionId: string; - sessionKey?: string; - sessionEntry?: SessionEntry; - sessionStore?: Record; - storePath: string; - isNewSession: boolean; - persistedThinking?: ThinkLevel; - persistedVerbose?: VerboseLevel; -}; - -type SessionKeyResolution = { - sessionKey?: string; - sessionStore: Record; - storePath: string; -}; - -export function resolveSessionKeyForRequest(opts: { - cfg: OpenClawConfig; - to?: string; - sessionId?: string; - sessionKey?: string; - agentId?: string; -}): SessionKeyResolution { - const sessionCfg = opts.cfg.session; - const scope = sessionCfg?.scope ?? "per-sender"; - const mainKey = normalizeMainKey(sessionCfg?.mainKey); - const explicitSessionKey = - opts.sessionKey?.trim() || - resolveExplicitAgentSessionKey({ - cfg: opts.cfg, - agentId: opts.agentId, - }); - const storeAgentId = resolveAgentIdFromSessionKey(explicitSessionKey); - const storePath = resolveStorePath(sessionCfg?.store, { - agentId: storeAgentId, - }); - const sessionStore = loadSessionStore(storePath); - - const ctx: MsgContext | undefined = opts.to?.trim() ? { From: opts.to } : undefined; - let sessionKey: string | undefined = - explicitSessionKey ?? (ctx ? resolveSessionKey(scope, ctx, mainKey) : undefined); - - // If a session id was provided, prefer to re-use its entry (by id) even when no key was derived. - if ( - !explicitSessionKey && - opts.sessionId && - (!sessionKey || sessionStore[sessionKey]?.sessionId !== opts.sessionId) - ) { - const foundKey = Object.keys(sessionStore).find( - (key) => sessionStore[key]?.sessionId === opts.sessionId, - ); - if (foundKey) { - sessionKey = foundKey; - } - } - - // When sessionId was provided but not found in the primary store, search all agent stores. - // Sessions created under a specific agent live in that agent's store file; the primary - // store (derived from the default agent) won't contain them. - // Also covers the case where --to derived a sessionKey that doesn't match the requested sessionId. - if ( - opts.sessionId && - !explicitSessionKey && - (!sessionKey || sessionStore[sessionKey]?.sessionId !== opts.sessionId) - ) { - const allAgentIds = listAgentIds(opts.cfg); - for (const agentId of allAgentIds) { - if (agentId === storeAgentId) { - continue; - } - const altStorePath = resolveStorePath(sessionCfg?.store, { agentId }); - const altStore = loadSessionStore(altStorePath); - const foundKey = Object.keys(altStore).find( - (key) => altStore[key]?.sessionId === opts.sessionId, - ); - if (foundKey) { - return { sessionKey: foundKey, sessionStore: altStore, storePath: altStorePath }; - } - } - } - - return { sessionKey, sessionStore, storePath }; -} - -export function resolveSession(opts: { - cfg: OpenClawConfig; - to?: string; - sessionId?: string; - sessionKey?: string; - agentId?: string; -}): SessionResolution { - const sessionCfg = opts.cfg.session; - const { sessionKey, sessionStore, storePath } = resolveSessionKeyForRequest({ - cfg: opts.cfg, - to: opts.to, - sessionId: opts.sessionId, - sessionKey: opts.sessionKey, - agentId: opts.agentId, - }); - const now = Date.now(); - - const sessionEntry = sessionKey ? sessionStore[sessionKey] : undefined; - - const resetType = resolveSessionResetType({ sessionKey }); - const channelReset = resolveChannelResetConfig({ - sessionCfg, - channel: sessionEntry?.lastChannel ?? sessionEntry?.channel, - }); - const resetPolicy = resolveSessionResetPolicy({ - sessionCfg, - resetType, - resetOverride: channelReset, - }); - const fresh = sessionEntry - ? evaluateSessionFreshness({ updatedAt: sessionEntry.updatedAt, now, policy: resetPolicy }) - .fresh - : false; - const sessionId = - opts.sessionId?.trim() || (fresh ? sessionEntry?.sessionId : undefined) || crypto.randomUUID(); - const isNewSession = !fresh && !opts.sessionId; - - clearBootstrapSnapshotOnSessionRollover({ - sessionKey, - previousSessionId: isNewSession ? sessionEntry?.sessionId : undefined, - }); - - const persistedThinking = - fresh && sessionEntry?.thinkingLevel - ? normalizeThinkLevel(sessionEntry.thinkingLevel) - : undefined; - const persistedVerbose = - fresh && sessionEntry?.verboseLevel - ? normalizeVerboseLevel(sessionEntry.verboseLevel) - : undefined; - - return { - sessionId, - sessionKey, - sessionEntry, - sessionStore, - storePath, - isNewSession, - persistedThinking, - persistedVerbose, - }; -} +export * from "../../agents/command/session.js"; diff --git a/src/commands/agent/types.ts b/src/commands/agent/types.ts index 66d0209bdfb..1768b3ba204 100644 --- a/src/commands/agent/types.ts +++ b/src/commands/agent/types.ts @@ -1,90 +1 @@ -import type { AgentInternalEvent } from "../../agents/internal-events.js"; -import type { ClientToolDefinition } from "../../agents/pi-embedded-runner/run/params.js"; -import type { SpawnedRunMetadata } from "../../agents/spawned-context.js"; -import type { ChannelOutboundTargetMode } from "../../channels/plugins/types.js"; -import type { InputProvenance } from "../../sessions/input-provenance.js"; - -/** Image content block for Claude API multimodal messages. */ -export type ImageContent = { - type: "image"; - data: string; - mimeType: string; -}; - -export type AgentStreamParams = { - /** Provider stream params override (best-effort). */ - temperature?: number; - maxTokens?: number; - /** Provider fast-mode override (best-effort). */ - fastMode?: boolean; -}; - -export type AgentRunContext = { - messageChannel?: string; - accountId?: string; - groupId?: string | null; - groupChannel?: string | null; - groupSpace?: string | null; - currentChannelId?: string; - currentThreadTs?: string; - replyToMode?: "off" | "first" | "all"; - hasRepliedRef?: { value: boolean }; -}; - -export type AgentCommandOpts = { - message: string; - /** Optional image attachments for multimodal messages. */ - images?: ImageContent[]; - /** Optional client-provided tools (OpenResponses hosted tools). */ - clientTools?: ClientToolDefinition[]; - /** Agent id override (must exist in config). */ - agentId?: string; - to?: string; - sessionId?: string; - sessionKey?: string; - thinking?: string; - thinkingOnce?: string; - verbose?: string; - json?: boolean; - timeout?: string; - deliver?: boolean; - /** Override delivery target (separate from session routing). */ - replyTo?: string; - /** Override delivery channel (separate from session routing). */ - replyChannel?: string; - /** Override delivery account id (separate from session routing). */ - replyAccountId?: string; - /** Override delivery thread/topic id (separate from session routing). */ - threadId?: string | number; - /** Message channel context (webchat|voicewake|whatsapp|...). */ - messageChannel?: string; - channel?: string; // delivery channel (whatsapp|telegram|...) - /** Account ID for multi-account channel routing (e.g., WhatsApp account). */ - accountId?: string; - /** Context for embedded run routing (channel/account/thread). */ - runContext?: AgentRunContext; - /** Whether this caller is authorized for owner-only tools (defaults true for local CLI calls). */ - senderIsOwner?: boolean; - /** Group/spawn metadata for subagent policy inheritance and routing context. */ - groupId?: SpawnedRunMetadata["groupId"]; - groupChannel?: SpawnedRunMetadata["groupChannel"]; - groupSpace?: SpawnedRunMetadata["groupSpace"]; - spawnedBy?: SpawnedRunMetadata["spawnedBy"]; - deliveryTargetMode?: ChannelOutboundTargetMode; - bestEffortDeliver?: boolean; - abortSignal?: AbortSignal; - lane?: string; - runId?: string; - extraSystemPrompt?: string; - internalEvents?: AgentInternalEvent[]; - inputProvenance?: InputProvenance; - /** Per-call stream param overrides (best-effort). */ - streamParams?: AgentStreamParams; - /** Explicit workspace directory override (for subagents to inherit parent workspace). */ - workspaceDir?: SpawnedRunMetadata["workspaceDir"]; -}; - -export type AgentCommandIngressOpts = Omit & { - /** Ingress callsites must always pass explicit owner authorization state. */ - senderIsOwner: boolean; -}; +export * from "../../agents/command/types.js"; diff --git a/src/commands/auth-choice.api-key.ts b/src/commands/auth-choice.api-key.ts index 59a7ca08e6f..ae5e716a46f 100644 --- a/src/commands/auth-choice.api-key.ts +++ b/src/commands/auth-choice.api-key.ts @@ -1,48 +1,5 @@ -const DEFAULT_KEY_PREVIEW = { head: 4, tail: 4 }; - -export function normalizeApiKeyInput(raw: string): string { - const trimmed = String(raw ?? "").trim(); - if (!trimmed) { - return ""; - } - - // Handle shell-style assignments: export KEY="value" or KEY=value - const assignmentMatch = trimmed.match(/^(?:export\s+)?[A-Za-z_][A-Za-z0-9_]*\s*=\s*(.+)$/); - const valuePart = assignmentMatch ? assignmentMatch[1].trim() : trimmed; - - const unquoted = - valuePart.length >= 2 && - ((valuePart.startsWith('"') && valuePart.endsWith('"')) || - (valuePart.startsWith("'") && valuePart.endsWith("'")) || - (valuePart.startsWith("`") && valuePart.endsWith("`"))) - ? valuePart.slice(1, -1) - : valuePart; - - const withoutSemicolon = unquoted.endsWith(";") ? unquoted.slice(0, -1) : unquoted; - - return withoutSemicolon.trim(); -} - -export const validateApiKeyInput = (value: string) => - normalizeApiKeyInput(value).length > 0 ? undefined : "Required"; - -export function formatApiKeyPreview( - raw: string, - opts: { head?: number; tail?: number } = {}, -): string { - const trimmed = raw.trim(); - if (!trimmed) { - return "…"; - } - const head = opts.head ?? DEFAULT_KEY_PREVIEW.head; - const tail = opts.tail ?? DEFAULT_KEY_PREVIEW.tail; - if (trimmed.length <= head + tail) { - const shortHead = Math.min(2, trimmed.length); - const shortTail = Math.min(2, trimmed.length - shortHead); - if (shortTail <= 0) { - return `${trimmed.slice(0, shortHead)}…`; - } - return `${trimmed.slice(0, shortHead)}…${trimmed.slice(-shortTail)}`; - } - return `${trimmed.slice(0, head)}…${trimmed.slice(-tail)}`; -} +export { + formatApiKeyPreview, + normalizeApiKeyInput, + validateApiKeyInput, +} from "../plugins/provider-auth-input.js"; diff --git a/src/commands/auth-choice.apply-helpers.ts b/src/commands/auth-choice.apply-helpers.ts index 7029dd081c3..b123f50f99c 100644 --- a/src/commands/auth-choice.apply-helpers.ts +++ b/src/commands/auth-choice.apply-helpers.ts @@ -1,280 +1,19 @@ -import { resolveEnvApiKey } from "../agents/model-auth.js"; -import type { OpenClawConfig } from "../config/types.js"; -import { - isValidEnvSecretRefId, - type SecretInput, - type SecretRef, -} from "../config/types.secrets.js"; -import { encodeJsonPointerToken } from "../secrets/json-pointer.js"; -import { PROVIDER_ENV_VARS } from "../secrets/provider-env-vars.js"; -import { - formatExecSecretRefIdValidationMessage, - isValidExecSecretRefId, - isValidFileSecretRefId, - resolveDefaultSecretProviderAlias, -} from "../secrets/ref-contract.js"; -import { resolveSecretRefString } from "../secrets/resolve.js"; -import type { WizardPrompter } from "../wizard/prompts.js"; -import { formatApiKeyPreview } from "./auth-choice.api-key.js"; import type { ApplyAuthChoiceParams } from "./auth-choice.apply.js"; import { applyDefaultModelChoice } from "./auth-choice.default-model.js"; -import type { SecretInputMode } from "./onboard-types.js"; -const ENV_SOURCE_LABEL_RE = /(?:^|:\s)([A-Z][A-Z0-9_]*)$/; - -type SecretRefChoice = "env" | "provider"; // pragma: allowlist secret - -export type SecretInputModePromptCopy = { - modeMessage?: string; - plaintextLabel?: string; - plaintextHint?: string; - refLabel?: string; - refHint?: string; -}; - -export type SecretRefSetupPromptCopy = { - sourceMessage?: string; - envVarMessage?: string; - envVarPlaceholder?: string; - envVarFormatError?: string; - envVarMissingError?: (envVar: string) => string; - noProvidersMessage?: string; - envValidatedMessage?: (envVar: string) => string; - providerValidatedMessage?: (provider: string, id: string, source: "file" | "exec") => string; -}; - -function formatErrorMessage(error: unknown): string { - if (error instanceof Error && typeof error.message === "string" && error.message.trim()) { - return error.message; - } - return String(error); -} - -function extractEnvVarFromSourceLabel(source: string): string | undefined { - const match = ENV_SOURCE_LABEL_RE.exec(source.trim()); - return match?.[1]; -} - -function resolveDefaultProviderEnvVar(provider: string): string | undefined { - const envVars = PROVIDER_ENV_VARS[provider]; - return envVars?.find((candidate) => candidate.trim().length > 0); -} - -function resolveDefaultFilePointerId(provider: string): string { - return `/providers/${encodeJsonPointerToken(provider)}/apiKey`; -} - -function resolveRefFallbackInput(params: { - config: OpenClawConfig; - provider: string; - preferredEnvVar?: string; -}): { ref: SecretRef; resolvedValue: string } { - const fallbackEnvVar = params.preferredEnvVar ?? resolveDefaultProviderEnvVar(params.provider); - if (!fallbackEnvVar) { - throw new Error( - `No default environment variable mapping found for provider "${params.provider}". Set a provider-specific env var, or re-run setup in an interactive terminal to configure a ref.`, - ); - } - const value = process.env[fallbackEnvVar]?.trim(); - if (!value) { - throw new Error( - `Environment variable "${fallbackEnvVar}" is required for --secret-input-mode ref in non-interactive setup.`, - ); - } - return { - ref: { - source: "env", - provider: resolveDefaultSecretProviderAlias(params.config, "env", { - preferFirstProviderForSource: true, - }), - id: fallbackEnvVar, - }, - resolvedValue: value, - }; -} - -export async function promptSecretRefForSetup(params: { - provider: string; - config: OpenClawConfig; - prompter: WizardPrompter; - preferredEnvVar?: string; - copy?: SecretRefSetupPromptCopy; -}): Promise<{ ref: SecretRef; resolvedValue: string }> { - const defaultEnvVar = - params.preferredEnvVar ?? resolveDefaultProviderEnvVar(params.provider) ?? ""; - const defaultFilePointer = resolveDefaultFilePointerId(params.provider); - let sourceChoice: SecretRefChoice = "env"; // pragma: allowlist secret - - while (true) { - const sourceRaw: SecretRefChoice = await params.prompter.select({ - message: params.copy?.sourceMessage ?? "Where is this API key stored?", - initialValue: sourceChoice, - options: [ - { - value: "env", - label: "Environment variable", - hint: "Reference a variable from your runtime environment", - }, - { - value: "provider", - label: "Configured secret provider", - hint: "Use a configured file or exec secret provider", - }, - ], - }); - const source: SecretRefChoice = sourceRaw === "provider" ? "provider" : "env"; - sourceChoice = source; - - if (source === "env") { - const envVarRaw = await params.prompter.text({ - message: params.copy?.envVarMessage ?? "Environment variable name", - initialValue: defaultEnvVar || undefined, - placeholder: params.copy?.envVarPlaceholder ?? "OPENAI_API_KEY", - validate: (value) => { - const candidate = value.trim(); - if (!isValidEnvSecretRefId(candidate)) { - return ( - params.copy?.envVarFormatError ?? - 'Use an env var name like "OPENAI_API_KEY" (uppercase letters, numbers, underscores).' - ); - } - if (!process.env[candidate]?.trim()) { - return ( - params.copy?.envVarMissingError?.(candidate) ?? - `Environment variable "${candidate}" is missing or empty in this session.` - ); - } - return undefined; - }, - }); - const envCandidate = String(envVarRaw ?? "").trim(); - const envVar = - envCandidate && isValidEnvSecretRefId(envCandidate) ? envCandidate : defaultEnvVar; - if (!envVar) { - throw new Error( - `No valid environment variable name provided for provider "${params.provider}".`, - ); - } - const ref: SecretRef = { - source: "env", - provider: resolveDefaultSecretProviderAlias(params.config, "env", { - preferFirstProviderForSource: true, - }), - id: envVar, - }; - const resolvedValue = await resolveSecretRefString(ref, { - config: params.config, - env: process.env, - }); - await params.prompter.note( - params.copy?.envValidatedMessage?.(envVar) ?? - `Validated environment variable ${envVar}. OpenClaw will store a reference, not the key value.`, - "Reference validated", - ); - return { ref, resolvedValue }; - } - - const externalProviders = Object.entries(params.config.secrets?.providers ?? {}).filter( - ([, provider]) => provider?.source === "file" || provider?.source === "exec", - ); - if (externalProviders.length === 0) { - await params.prompter.note( - params.copy?.noProvidersMessage ?? - "No file/exec secret providers are configured yet. Add one under secrets.providers, or select Environment variable.", - "No providers configured", - ); - continue; - } - const defaultProvider = resolveDefaultSecretProviderAlias(params.config, "file", { - preferFirstProviderForSource: true, - }); - const selectedProvider = await params.prompter.select({ - message: "Select secret provider", - initialValue: - externalProviders.find(([providerName]) => providerName === defaultProvider)?.[0] ?? - externalProviders[0]?.[0], - options: externalProviders.map(([providerName, provider]) => ({ - value: providerName, - label: providerName, - hint: provider?.source === "exec" ? "Exec provider" : "File provider", - })), - }); - const providerEntry = params.config.secrets?.providers?.[selectedProvider]; - if (!providerEntry || (providerEntry.source !== "file" && providerEntry.source !== "exec")) { - await params.prompter.note( - `Provider "${selectedProvider}" is not a file/exec provider.`, - "Invalid provider", - ); - continue; - } - const idPrompt = - providerEntry.source === "file" - ? "Secret id (JSON pointer for json mode, or 'value' for singleValue mode)" - : "Secret id for the exec provider"; - const idDefault = - providerEntry.source === "file" - ? providerEntry.mode === "singleValue" - ? "value" - : defaultFilePointer - : `${params.provider}/apiKey`; - const idRaw = await params.prompter.text({ - message: idPrompt, - initialValue: idDefault, - placeholder: providerEntry.source === "file" ? "/providers/openai/apiKey" : "openai/api-key", - validate: (value) => { - const candidate = value.trim(); - if (!candidate) { - return "Secret id cannot be empty."; - } - if ( - providerEntry.source === "file" && - providerEntry.mode !== "singleValue" && - !isValidFileSecretRefId(candidate) - ) { - return 'Use an absolute JSON pointer like "/providers/openai/apiKey".'; - } - if ( - providerEntry.source === "file" && - providerEntry.mode === "singleValue" && - candidate !== "value" - ) { - return 'singleValue mode expects id "value".'; - } - if (providerEntry.source === "exec" && !isValidExecSecretRefId(candidate)) { - return formatExecSecretRefIdValidationMessage(); - } - return undefined; - }, - }); - const id = String(idRaw ?? "").trim() || idDefault; - const ref: SecretRef = { - source: providerEntry.source, - provider: selectedProvider, - id, - }; - try { - const resolvedValue = await resolveSecretRefString(ref, { - config: params.config, - env: process.env, - }); - await params.prompter.note( - params.copy?.providerValidatedMessage?.(selectedProvider, id, providerEntry.source) ?? - `Validated ${providerEntry.source} reference ${selectedProvider}:${id}. OpenClaw will store a reference, not the key value.`, - "Reference validated", - ); - return { ref, resolvedValue }; - } catch (error) { - await params.prompter.note( - [ - `Could not validate provider reference ${selectedProvider}:${id}.`, - formatErrorMessage(error), - "Check your provider configuration and try again.", - ].join("\n"), - "Reference check failed", - ); - } - } -} +export type { + SecretInputModePromptCopy, + SecretRefSetupPromptCopy, +} from "../plugins/provider-auth-input.js"; +export { + ensureApiKeyFromEnvOrPrompt, + ensureApiKeyFromOptionEnvOrPrompt, + maybeApplyApiKeyFromOption, + normalizeSecretInputModeInput, + normalizeTokenProviderInput, + promptSecretRefForSetup, + resolveSecretInputModeForEnvSelection, +} from "../plugins/provider-auth-input.js"; export function createAuthChoiceAgentModelNoter( params: ApplyAuthChoiceParams, @@ -358,180 +97,3 @@ export function createAuthChoiceDefaultModelApplierForMutableState( }), ); } - -export function normalizeTokenProviderInput( - tokenProvider: string | null | undefined, -): string | undefined { - const normalized = String(tokenProvider ?? "") - .trim() - .toLowerCase(); - return normalized || undefined; -} - -export function normalizeSecretInputModeInput( - secretInputMode: string | null | undefined, -): SecretInputMode | undefined { - const normalized = String(secretInputMode ?? "") - .trim() - .toLowerCase(); - if (normalized === "plaintext" || normalized === "ref") { - return normalized; - } - return undefined; -} - -export async function resolveSecretInputModeForEnvSelection(params: { - prompter: WizardPrompter; - explicitMode?: SecretInputMode; - copy?: SecretInputModePromptCopy; -}): Promise { - if (params.explicitMode) { - return params.explicitMode; - } - // Some tests pass partial prompt harnesses without a select implementation. - // Preserve backward-compatible behavior by defaulting to plaintext in that case. - if (typeof params.prompter.select !== "function") { - return "plaintext"; - } - const selected = await params.prompter.select({ - message: params.copy?.modeMessage ?? "How do you want to provide this API key?", - initialValue: "plaintext", - options: [ - { - value: "plaintext", - label: params.copy?.plaintextLabel ?? "Paste API key now", - hint: params.copy?.plaintextHint ?? "Stores the key directly in OpenClaw config", - }, - { - value: "ref", - label: params.copy?.refLabel ?? "Use external secret provider", - hint: - params.copy?.refHint ?? - "Stores a reference to env or configured external secret providers", - }, - ], - }); - return selected === "ref" ? "ref" : "plaintext"; -} - -export async function maybeApplyApiKeyFromOption(params: { - token: string | undefined; - tokenProvider: string | undefined; - secretInputMode?: SecretInputMode; - expectedProviders: string[]; - normalize: (value: string) => string; - setCredential: (apiKey: SecretInput, mode?: SecretInputMode) => Promise; -}): Promise { - const tokenProvider = normalizeTokenProviderInput(params.tokenProvider); - const expectedProviders = params.expectedProviders - .map((provider) => normalizeTokenProviderInput(provider)) - .filter((provider): provider is string => Boolean(provider)); - if (!params.token || !tokenProvider || !expectedProviders.includes(tokenProvider)) { - return undefined; - } - const apiKey = params.normalize(params.token); - await params.setCredential(apiKey, params.secretInputMode); - return apiKey; -} - -export async function ensureApiKeyFromOptionEnvOrPrompt(params: { - token: string | undefined; - tokenProvider: string | undefined; - secretInputMode?: SecretInputMode; - config: OpenClawConfig; - expectedProviders: string[]; - provider: string; - envLabel: string; - promptMessage: string; - normalize: (value: string) => string; - validate: (value: string) => string | undefined; - prompter: WizardPrompter; - setCredential: (apiKey: SecretInput, mode?: SecretInputMode) => Promise; - noteMessage?: string; - noteTitle?: string; -}): Promise { - const optionApiKey = await maybeApplyApiKeyFromOption({ - token: params.token, - tokenProvider: params.tokenProvider, - secretInputMode: params.secretInputMode, - expectedProviders: params.expectedProviders, - normalize: params.normalize, - setCredential: params.setCredential, - }); - if (optionApiKey) { - return optionApiKey; - } - - if (params.noteMessage) { - await params.prompter.note(params.noteMessage, params.noteTitle); - } - - return await ensureApiKeyFromEnvOrPrompt({ - config: params.config, - provider: params.provider, - envLabel: params.envLabel, - promptMessage: params.promptMessage, - normalize: params.normalize, - validate: params.validate, - prompter: params.prompter, - secretInputMode: params.secretInputMode, - setCredential: params.setCredential, - }); -} - -export async function ensureApiKeyFromEnvOrPrompt(params: { - config: OpenClawConfig; - provider: string; - envLabel: string; - promptMessage: string; - normalize: (value: string) => string; - validate: (value: string) => string | undefined; - prompter: WizardPrompter; - secretInputMode?: SecretInputMode; - setCredential: (apiKey: SecretInput, mode?: SecretInputMode) => Promise; -}): Promise { - const selectedMode = await resolveSecretInputModeForEnvSelection({ - prompter: params.prompter, - explicitMode: params.secretInputMode, - }); - const envKey = resolveEnvApiKey(params.provider); - - if (selectedMode === "ref") { - if (typeof params.prompter.select !== "function") { - const fallback = resolveRefFallbackInput({ - config: params.config, - provider: params.provider, - preferredEnvVar: envKey?.source ? extractEnvVarFromSourceLabel(envKey.source) : undefined, - }); - await params.setCredential(fallback.ref, selectedMode); - return fallback.resolvedValue; - } - const resolved = await promptSecretRefForSetup({ - provider: params.provider, - config: params.config, - prompter: params.prompter, - preferredEnvVar: envKey?.source ? extractEnvVarFromSourceLabel(envKey.source) : undefined, - }); - await params.setCredential(resolved.ref, selectedMode); - return resolved.resolvedValue; - } - - if (envKey && selectedMode === "plaintext") { - const useExisting = await params.prompter.confirm({ - message: `Use existing ${params.envLabel} (${envKey.source}, ${formatApiKeyPreview(envKey.apiKey)})?`, - initialValue: true, - }); - if (useExisting) { - await params.setCredential(envKey.apiKey, selectedMode); - return envKey.apiKey; - } - } - - const key = await params.prompter.text({ - message: params.promptMessage, - validate: params.validate, - }); - const apiKey = params.normalize(String(key ?? "")); - await params.setCredential(apiKey, selectedMode); - return apiKey; -} diff --git a/src/commands/auth-choice.apply.api-key-providers.ts b/src/commands/auth-choice.apply.api-key-providers.ts index 3ff35a46365..0d508ff687f 100644 --- a/src/commands/auth-choice.apply.api-key-providers.ts +++ b/src/commands/auth-choice.apply.api-key-providers.ts @@ -1,14 +1,10 @@ import { ensureAuthProfileStore, resolveAuthProfileOrder } from "../agents/auth-profiles.js"; +import { applyAuthProfileConfig } from "../plugins/provider-auth-helpers.js"; +import { LITELLM_DEFAULT_MODEL_REF, setLitellmApiKey } from "../plugins/provider-auth-storage.js"; import { normalizeApiKeyInput, validateApiKeyInput } from "./auth-choice.api-key.js"; import { ensureApiKeyFromOptionEnvOrPrompt } from "./auth-choice.apply-helpers.js"; import type { ApplyAuthChoiceParams, ApplyAuthChoiceResult } from "./auth-choice.apply.js"; -import { - applyAuthProfileConfig, - applyLitellmConfig, - applyLitellmProviderConfig, - LITELLM_DEFAULT_MODEL_REF, - setLitellmApiKey, -} from "./onboard-auth.js"; +import { applyLitellmConfig, applyLitellmProviderConfig } from "./onboard-auth.config-litellm.js"; import type { SecretInputMode } from "./onboard-types.js"; type ApiKeyProviderConfigApplier = ( diff --git a/src/commands/auth-choice.apply.oauth.ts b/src/commands/auth-choice.apply.oauth.ts index 0e9a5523ce0..1966d2bd8d8 100644 --- a/src/commands/auth-choice.apply.oauth.ts +++ b/src/commands/auth-choice.apply.oauth.ts @@ -1,94 +1,7 @@ import type { ApplyAuthChoiceParams, ApplyAuthChoiceResult } from "./auth-choice.apply.js"; -import { loginChutes } from "./chutes-oauth.js"; -import { isRemoteEnvironment } from "./oauth-env.js"; -import { createVpsAwareOAuthHandlers } from "./oauth-flow.js"; -import { applyAuthProfileConfig, writeOAuthCredentials } from "./onboard-auth.js"; -import { openUrl } from "./onboard-helpers.js"; export async function applyAuthChoiceOAuth( - params: ApplyAuthChoiceParams, + _params: ApplyAuthChoiceParams, ): Promise { - if (params.authChoice === "chutes") { - let nextConfig = params.config; - const isRemote = isRemoteEnvironment(); - const redirectUri = - process.env.CHUTES_OAUTH_REDIRECT_URI?.trim() || "http://127.0.0.1:1456/oauth-callback"; - const scopes = process.env.CHUTES_OAUTH_SCOPES?.trim() || "openid profile chutes:invoke"; - const clientId = - process.env.CHUTES_CLIENT_ID?.trim() || - String( - await params.prompter.text({ - message: "Enter Chutes OAuth client id", - placeholder: "cid_xxx", - validate: (value) => (value?.trim() ? undefined : "Required"), - }), - ).trim(); - const clientSecret = process.env.CHUTES_CLIENT_SECRET?.trim() || undefined; - - await params.prompter.note( - isRemote - ? [ - "You are running in a remote/VPS environment.", - "A URL will be shown for you to open in your LOCAL browser.", - "After signing in, paste the redirect URL back here.", - "", - `Redirect URI: ${redirectUri}`, - ].join("\n") - : [ - "Browser will open for Chutes authentication.", - "If the callback doesn't auto-complete, paste the redirect URL.", - "", - `Redirect URI: ${redirectUri}`, - ].join("\n"), - "Chutes OAuth", - ); - - const spin = params.prompter.progress("Starting OAuth flow…"); - try { - const { onAuth, onPrompt } = createVpsAwareOAuthHandlers({ - isRemote, - prompter: params.prompter, - runtime: params.runtime, - spin, - openUrl, - localBrowserMessage: "Complete sign-in in browser…", - }); - - const creds = await loginChutes({ - app: { - clientId, - clientSecret, - redirectUri, - scopes: scopes.split(/\s+/).filter(Boolean), - }, - manual: isRemote, - onAuth, - onPrompt, - onProgress: (msg) => spin.update(msg), - }); - - spin.stop("Chutes OAuth complete"); - const profileId = await writeOAuthCredentials("chutes", creds, params.agentDir); - nextConfig = applyAuthProfileConfig(nextConfig, { - profileId, - provider: "chutes", - mode: "oauth", - }); - } catch (err) { - spin.stop("Chutes OAuth failed"); - params.runtime.error(String(err)); - await params.prompter.note( - [ - "Trouble with OAuth?", - "Verify CHUTES_CLIENT_ID (and CHUTES_CLIENT_SECRET if required).", - `Verify the OAuth app redirect URI includes: ${redirectUri}`, - "Chutes docs: https://chutes.ai/docs/sign-in-with-chutes/overview", - ].join("\n"), - "OAuth help", - ); - } - return { config: nextConfig }; - } - return null; } diff --git a/src/commands/auth-choice.apply.plugin-provider.runtime.ts b/src/commands/auth-choice.apply.plugin-provider.runtime.ts index 9fb990318ad..c1a54580ca7 100644 --- a/src/commands/auth-choice.apply.plugin-provider.runtime.ts +++ b/src/commands/auth-choice.apply.plugin-provider.runtime.ts @@ -1,5 +1 @@ -export { - resolveProviderPluginChoice, - runProviderModelSelectedHook, -} from "../plugins/provider-wizard.js"; -export { resolvePluginProviders } from "../plugins/providers.js"; +export * from "../plugins/provider-auth-choice.runtime.js"; diff --git a/src/commands/auth-choice.apply.plugin-provider.test.ts b/src/commands/auth-choice.apply.plugin-provider.test.ts index 27615989d1d..40de6a48994 100644 --- a/src/commands/auth-choice.apply.plugin-provider.test.ts +++ b/src/commands/auth-choice.apply.plugin-provider.test.ts @@ -13,7 +13,7 @@ const resolveProviderPluginChoice = vi.hoisted(() => vi.fn<() => { provider: ProviderPlugin; method: ProviderAuthMethod } | null>(), ); const runProviderModelSelectedHook = vi.hoisted(() => vi.fn(async () => {})); -vi.mock("./auth-choice.apply.plugin-provider.runtime.js", () => ({ +vi.mock("../plugins/provider-auth-choice.runtime.js", () => ({ resolvePluginProviders, resolveProviderPluginChoice, runProviderModelSelectedHook, @@ -44,25 +44,22 @@ vi.mock("../agents/agent-paths.js", () => ({ })); const applyAuthProfileConfig = vi.hoisted(() => vi.fn((config) => config)); -vi.mock("./onboard-auth.js", () => ({ +vi.mock("../plugins/provider-auth-helpers.js", () => ({ applyAuthProfileConfig, })); const isRemoteEnvironment = vi.hoisted(() => vi.fn(() => false)); -vi.mock("./oauth-env.js", () => ({ +const openUrl = vi.hoisted(() => vi.fn(async () => {})); +vi.mock("../plugins/setup-browser.js", () => ({ isRemoteEnvironment, + openUrl, })); const createVpsAwareOAuthHandlers = vi.hoisted(() => vi.fn()); -vi.mock("./oauth-flow.js", () => ({ +vi.mock("../plugins/provider-oauth-flow.js", () => ({ createVpsAwareOAuthHandlers, })); -const openUrl = vi.hoisted(() => vi.fn(async () => {})); -vi.mock("./onboard-helpers.js", () => ({ - openUrl, -})); - function buildProvider(): ProviderPlugin { return { id: "ollama", diff --git a/src/commands/auth-choice.apply.plugin-provider.ts b/src/commands/auth-choice.apply.plugin-provider.ts index 746eb219fff..aa0f17e4e2f 100644 --- a/src/commands/auth-choice.apply.plugin-provider.ts +++ b/src/commands/auth-choice.apply.plugin-provider.ts @@ -1,295 +1 @@ -import { resolveOpenClawAgentDir } from "../agents/agent-paths.js"; -import { - resolveDefaultAgentId, - resolveAgentDir, - resolveAgentWorkspaceDir, -} from "../agents/agent-scope.js"; -import { upsertAuthProfile } from "../agents/auth-profiles.js"; -import { resolveDefaultAgentWorkspaceDir } from "../agents/workspace.js"; -import { enablePluginInConfig } from "../plugins/enable.js"; -import type { ProviderAuthMethod } from "../plugins/types.js"; -import type { ApplyAuthChoiceParams, ApplyAuthChoiceResult } from "./auth-choice.apply.js"; -import { isRemoteEnvironment } from "./oauth-env.js"; -import { createVpsAwareOAuthHandlers } from "./oauth-flow.js"; -import { applyAuthProfileConfig } from "./onboard-auth.js"; -import { openUrl } from "./onboard-helpers.js"; -import type { OnboardOptions } from "./onboard-types.js"; -import { - applyDefaultModel, - mergeConfigPatch, - pickAuthMethod, - resolveProviderMatch, -} from "./provider-auth-helpers.js"; - -export type PluginProviderAuthChoiceOptions = { - authChoice: string; - pluginId: string; - providerId: string; - methodId?: string; - label: string; -}; - -function restoreConfiguredPrimaryModel( - nextConfig: ApplyAuthChoiceParams["config"], - originalConfig: ApplyAuthChoiceParams["config"], -): ApplyAuthChoiceParams["config"] { - const originalModel = originalConfig.agents?.defaults?.model; - const nextAgents = nextConfig.agents; - const nextDefaults = nextAgents?.defaults; - if (!nextDefaults) { - return nextConfig; - } - if (originalModel !== undefined) { - return { - ...nextConfig, - agents: { - ...nextAgents, - defaults: { - ...nextDefaults, - model: originalModel, - }, - }, - }; - } - const { model: _model, ...restDefaults } = nextDefaults; - return { - ...nextConfig, - agents: { - ...nextAgents, - defaults: restDefaults, - }, - }; -} - -async function loadPluginProviderRuntime() { - return import("./auth-choice.apply.plugin-provider.runtime.js"); -} - -export async function runProviderPluginAuthMethod(params: { - config: ApplyAuthChoiceParams["config"]; - runtime: ApplyAuthChoiceParams["runtime"]; - prompter: ApplyAuthChoiceParams["prompter"]; - method: ProviderAuthMethod; - agentDir?: string; - agentId?: string; - workspaceDir?: string; - emitNotes?: boolean; - secretInputMode?: OnboardOptions["secretInputMode"]; - allowSecretRefPrompt?: boolean; - opts?: Partial; -}): Promise<{ config: ApplyAuthChoiceParams["config"]; defaultModel?: string }> { - const agentId = params.agentId ?? resolveDefaultAgentId(params.config); - const defaultAgentId = resolveDefaultAgentId(params.config); - const agentDir = - params.agentDir ?? - (agentId === defaultAgentId - ? resolveOpenClawAgentDir() - : resolveAgentDir(params.config, agentId)); - const workspaceDir = - params.workspaceDir ?? - resolveAgentWorkspaceDir(params.config, agentId) ?? - resolveDefaultAgentWorkspaceDir(); - - const isRemote = isRemoteEnvironment(); - const result = await params.method.run({ - config: params.config, - agentDir, - workspaceDir, - prompter: params.prompter, - runtime: params.runtime, - opts: params.opts, - secretInputMode: params.secretInputMode, - allowSecretRefPrompt: params.allowSecretRefPrompt, - isRemote, - openUrl: async (url) => { - await openUrl(url); - }, - oauth: { - createVpsAwareHandlers: (opts) => createVpsAwareOAuthHandlers(opts), - }, - }); - - let nextConfig = params.config; - if (result.configPatch) { - nextConfig = mergeConfigPatch(nextConfig, result.configPatch); - } - - for (const profile of result.profiles) { - upsertAuthProfile({ - profileId: profile.profileId, - credential: profile.credential, - agentDir, - }); - - nextConfig = applyAuthProfileConfig(nextConfig, { - profileId: profile.profileId, - provider: profile.credential.provider, - mode: profile.credential.type === "token" ? "token" : profile.credential.type, - ...("email" in profile.credential && profile.credential.email - ? { email: profile.credential.email } - : {}), - }); - } - - if (params.emitNotes !== false && result.notes && result.notes.length > 0) { - await params.prompter.note(result.notes.join("\n"), "Provider notes"); - } - - return { - config: nextConfig, - defaultModel: result.defaultModel, - }; -} - -export async function applyAuthChoiceLoadedPluginProvider( - params: ApplyAuthChoiceParams, -): Promise { - const agentId = params.agentId ?? resolveDefaultAgentId(params.config); - const workspaceDir = - resolveAgentWorkspaceDir(params.config, agentId) ?? resolveDefaultAgentWorkspaceDir(); - const { resolvePluginProviders, resolveProviderPluginChoice, runProviderModelSelectedHook } = - await loadPluginProviderRuntime(); - const providers = resolvePluginProviders({ - config: params.config, - workspaceDir, - bundledProviderAllowlistCompat: true, - bundledProviderVitestCompat: true, - }); - const resolved = resolveProviderPluginChoice({ - providers, - choice: params.authChoice, - }); - if (!resolved) { - return null; - } - - const applied = await runProviderPluginAuthMethod({ - config: params.config, - runtime: params.runtime, - prompter: params.prompter, - method: resolved.method, - agentDir: params.agentDir, - agentId: params.agentId, - workspaceDir, - secretInputMode: params.opts?.secretInputMode, - allowSecretRefPrompt: false, - opts: params.opts, - }); - - let nextConfig = applied.config; - let agentModelOverride: string | undefined; - if (applied.defaultModel) { - if (params.setDefaultModel) { - nextConfig = applyDefaultModel(nextConfig, applied.defaultModel); - await runProviderModelSelectedHook({ - config: nextConfig, - model: applied.defaultModel, - prompter: params.prompter, - agentDir: params.agentDir, - workspaceDir, - }); - await params.prompter.note( - `Default model set to ${applied.defaultModel}`, - "Model configured", - ); - return { config: nextConfig }; - } - nextConfig = restoreConfiguredPrimaryModel(nextConfig, params.config); - agentModelOverride = applied.defaultModel; - } - - return { config: nextConfig, agentModelOverride }; -} - -export async function applyAuthChoicePluginProvider( - params: ApplyAuthChoiceParams, - options: PluginProviderAuthChoiceOptions, -): Promise { - if (params.authChoice !== options.authChoice) { - return null; - } - - const enableResult = enablePluginInConfig(params.config, options.pluginId); - let nextConfig = enableResult.config; - if (!enableResult.enabled) { - await params.prompter.note( - `${options.label} plugin is disabled (${enableResult.reason ?? "blocked"}).`, - options.label, - ); - return { config: nextConfig }; - } - - const agentId = params.agentId ?? resolveDefaultAgentId(nextConfig); - const defaultAgentId = resolveDefaultAgentId(nextConfig); - const agentDir = - params.agentDir ?? - (agentId === defaultAgentId ? resolveOpenClawAgentDir() : resolveAgentDir(nextConfig, agentId)); - const workspaceDir = - resolveAgentWorkspaceDir(nextConfig, agentId) ?? resolveDefaultAgentWorkspaceDir(); - - const { resolvePluginProviders, runProviderModelSelectedHook } = - await loadPluginProviderRuntime(); - const providers = resolvePluginProviders({ - config: nextConfig, - workspaceDir, - bundledProviderAllowlistCompat: true, - bundledProviderVitestCompat: true, - }); - const provider = resolveProviderMatch(providers, options.providerId); - if (!provider) { - await params.prompter.note( - `${options.label} auth plugin is not available. Enable it and re-run the wizard.`, - options.label, - ); - return { config: nextConfig }; - } - - const method = pickAuthMethod(provider, options.methodId) ?? provider.auth[0]; - if (!method) { - await params.prompter.note(`${options.label} auth method missing.`, options.label); - return { config: nextConfig }; - } - - const applied = await runProviderPluginAuthMethod({ - config: nextConfig, - runtime: params.runtime, - prompter: params.prompter, - method, - agentDir, - agentId, - workspaceDir, - secretInputMode: params.opts?.secretInputMode, - allowSecretRefPrompt: false, - opts: params.opts, - }); - nextConfig = applied.config; - - let agentModelOverride: string | undefined; - if (applied.defaultModel) { - if (params.setDefaultModel) { - nextConfig = applyDefaultModel(nextConfig, applied.defaultModel); - await runProviderModelSelectedHook({ - config: nextConfig, - model: applied.defaultModel, - prompter: params.prompter, - agentDir, - workspaceDir, - }); - await params.prompter.note( - `Default model set to ${applied.defaultModel}`, - "Model configured", - ); - } else { - nextConfig = restoreConfiguredPrimaryModel(nextConfig, params.config); - } - if (!params.setDefaultModel && params.agentId) { - agentModelOverride = applied.defaultModel; - await params.prompter.note( - `Default model set to ${applied.defaultModel} for agent "${params.agentId}".`, - "Model configured", - ); - } - } - - return { config: nextConfig, agentModelOverride }; -} +export * from "../plugins/provider-auth-choice.js"; diff --git a/src/commands/auth-choice.apply.ts b/src/commands/auth-choice.apply.ts index cf96b8f8905..a2b8f31c206 100644 --- a/src/commands/auth-choice.apply.ts +++ b/src/commands/auth-choice.apply.ts @@ -1,11 +1,11 @@ import type { OpenClawConfig } from "../config/config.js"; +import { applyAuthChoiceLoadedPluginProvider } from "../plugins/provider-auth-choice.js"; import type { RuntimeEnv } from "../runtime.js"; import type { WizardPrompter } from "../wizard/prompts.js"; import { normalizeLegacyOnboardAuthChoice } from "./auth-choice-legacy.js"; import { applyAuthChoiceApiProviders } from "./auth-choice.apply.api-providers.js"; import { normalizeApiKeyTokenProviderAuthChoice } from "./auth-choice.apply.api-providers.js"; import { applyAuthChoiceOAuth } from "./auth-choice.apply.oauth.js"; -import { applyAuthChoiceLoadedPluginProvider } from "./auth-choice.apply.plugin-provider.js"; import type { AuthChoice, OnboardOptions } from "./onboard-types.js"; export type ApplyAuthChoiceParams = { diff --git a/src/commands/auth-choice.preferred-provider.ts b/src/commands/auth-choice.preferred-provider.ts index 7cab79d2215..7b8189414cf 100644 --- a/src/commands/auth-choice.preferred-provider.ts +++ b/src/commands/auth-choice.preferred-provider.ts @@ -1,47 +1 @@ -import type { OpenClawConfig } from "../config/config.js"; -import { resolveManifestProviderAuthChoice } from "../plugins/provider-auth-choices.js"; -import { normalizeLegacyOnboardAuthChoice } from "./auth-choice-legacy.js"; -import type { AuthChoice } from "./onboard-types.js"; - -const PREFERRED_PROVIDER_BY_AUTH_CHOICE: Partial> = { - chutes: "chutes", - "litellm-api-key": "litellm", - "custom-api-key": "custom", -}; - -export async function resolvePreferredProviderForAuthChoice(params: { - choice: AuthChoice; - config?: OpenClawConfig; - workspaceDir?: string; - env?: NodeJS.ProcessEnv; -}): Promise { - const choice = normalizeLegacyOnboardAuthChoice(params.choice) ?? params.choice; - const manifestResolved = resolveManifestProviderAuthChoice(choice, params); - if (manifestResolved) { - return manifestResolved.providerId; - } - const [{ resolveProviderPluginChoice }, { resolvePluginProviders }] = await Promise.all([ - import("../plugins/provider-wizard.js"), - import("../plugins/providers.js"), - ]); - const providers = resolvePluginProviders({ - config: params.config, - workspaceDir: params.workspaceDir, - env: params.env, - bundledProviderAllowlistCompat: true, - bundledProviderVitestCompat: true, - }); - const pluginResolved = resolveProviderPluginChoice({ - providers, - choice, - }); - if (pluginResolved) { - return pluginResolved.provider.id; - } - - const preferred = PREFERRED_PROVIDER_BY_AUTH_CHOICE[choice]; - if (preferred) { - return preferred; - } - return undefined; -} +export * from "../plugins/provider-auth-choice-preference.js"; diff --git a/src/commands/auth-choice.test.ts b/src/commands/auth-choice.test.ts index f6ca9d29332..dd270a6d3d2 100644 --- a/src/commands/auth-choice.test.ts +++ b/src/commands/auth-choice.test.ts @@ -2,6 +2,7 @@ import fs from "node:fs/promises"; import type { OAuthCredentials } from "@mariozechner/pi-ai"; import { afterEach, describe, expect, it, vi } from "vitest"; import anthropicPlugin from "../../extensions/anthropic/index.js"; +import chutesPlugin from "../../extensions/chutes/index.js"; import cloudflareAiGatewayPlugin from "../../extensions/cloudflare-ai-gateway/index.js"; import googlePlugin from "../../extensions/google/index.js"; import huggingfacePlugin from "../../extensions/huggingface/index.js"; @@ -26,16 +27,16 @@ import { setDetectZaiEndpointForTesting } from "../../extensions/zai/detect.js"; import zaiPlugin from "../../extensions/zai/index.js"; import { resolveAgentDir } from "../agents/agent-scope.js"; import { resolveAgentModelPrimaryValue } from "../config/model-input.js"; -import type { ProviderPlugin } from "../plugins/types.js"; -import { createCapturedPluginRegistration } from "../test-utils/plugin-registration.js"; -import type { WizardPrompter } from "../wizard/prompts.js"; -import { applyAuthChoice, resolvePreferredProviderForAuthChoice } from "./auth-choice.js"; -import { GOOGLE_GEMINI_DEFAULT_MODEL } from "./google-gemini-model-default.js"; import { MINIMAX_CN_API_BASE_URL, ZAI_CODING_CN_BASE_URL, ZAI_CODING_GLOBAL_BASE_URL, -} from "./onboard-auth.js"; +} from "../plugin-sdk/provider-models.js"; +import type { ProviderPlugin } from "../plugins/types.js"; +import { registerProviderPlugins } from "../test-utils/plugin-registration.js"; +import type { WizardPrompter } from "../wizard/prompts.js"; +import { applyAuthChoice, resolvePreferredProviderForAuthChoice } from "./auth-choice.js"; +import { GOOGLE_GEMINI_DEFAULT_MODEL } from "./google-gemini-model-default.js"; import type { AuthChoice } from "./onboard-types.js"; import { authProfilePathForAgent, @@ -82,9 +83,9 @@ type StoredAuthProfile = { }; function createDefaultProviderPlugins() { - const captured = createCapturedPluginRegistration(); - for (const plugin of [ + return registerProviderPlugins( anthropicPlugin, + chutesPlugin, cloudflareAiGatewayPlugin, googlePlugin, huggingfacePlugin, @@ -106,10 +107,7 @@ function createDefaultProviderPlugins() { xaiPlugin, xiaomiPlugin, zaiPlugin, - ]) { - plugin.register(captured.api); - } - return captured.providers; + ); } describe("applyAuthChoice", () => { @@ -520,9 +518,9 @@ describe("applyAuthChoice", () => { { tokenProvider: "KIMI-CODING", token: "sk-kimi-token-provider-test", - profileId: "kimi-coding:default", - provider: "kimi-coding", - expectedModelPrefix: "kimi-coding/", + profileId: "kimi:default", + provider: "kimi", + expectedModelPrefix: "kimi/", }, { tokenProvider: " GOOGLE ", @@ -600,9 +598,9 @@ describe("applyAuthChoice", () => { { authChoice: "kimi-code-api-key", tokenProvider: "kimi-code", - profileId: "kimi-coding:default", - provider: "kimi-coding", - modelPrefix: "kimi-coding/", + profileId: "kimi:default", + provider: "kimi", + modelPrefix: "kimi/", }, { authChoice: "xiaomi-api-key", @@ -1349,7 +1347,7 @@ describe("applyAuthChoice", () => { const runtime = createExitThrowingRuntime(); const text: WizardPrompter["text"] = vi.fn(async (params) => { - if (params.message === "Paste the redirect URL") { + if (params.message.startsWith("Paste the redirect URL")) { const runtimeLog = runtime.log as ReturnType; const lastLog = runtimeLog.mock.calls.at(-1)?.[0]; const urlLine = typeof lastLog === "string" ? lastLog : String(lastLog ?? ""); @@ -1374,7 +1372,7 @@ describe("applyAuthChoice", () => { expect(text).toHaveBeenCalledWith( expect.objectContaining({ - message: "Paste the redirect URL", + message: expect.stringContaining("Paste the redirect URL"), }), ); expect(result.config.auth?.profiles?.["chutes:remote-user"]).toMatchObject({ diff --git a/src/commands/auth-profile-config.ts b/src/commands/auth-profile-config.ts deleted file mode 100644 index 797135b87b2..00000000000 --- a/src/commands/auth-profile-config.ts +++ /dev/null @@ -1,73 +0,0 @@ -import type { OpenClawConfig } from "../config/config.js"; - -export function applyAuthProfileConfig( - cfg: OpenClawConfig, - params: { - profileId: string; - provider: string; - mode: "api_key" | "oauth" | "token"; - email?: string; - preferProfileFirst?: boolean; - }, -): OpenClawConfig { - const normalizedProvider = params.provider.toLowerCase(); - const profiles = { - ...cfg.auth?.profiles, - [params.profileId]: { - provider: params.provider, - mode: params.mode, - ...(params.email ? { email: params.email } : {}), - }, - }; - - const configuredProviderProfiles = Object.entries(cfg.auth?.profiles ?? {}) - .filter(([, profile]) => profile.provider.toLowerCase() === normalizedProvider) - .map(([profileId, profile]) => ({ profileId, mode: profile.mode })); - - // Maintain `auth.order` when it already exists. Additionally, if we detect - // mixed auth modes for the same provider (e.g. legacy oauth + newly selected - // api_key), create an explicit order to keep the newly selected profile first. - const existingProviderOrder = cfg.auth?.order?.[params.provider]; - const preferProfileFirst = params.preferProfileFirst ?? true; - const reorderedProviderOrder = - existingProviderOrder && preferProfileFirst - ? [ - params.profileId, - ...existingProviderOrder.filter((profileId) => profileId !== params.profileId), - ] - : existingProviderOrder; - const hasMixedConfiguredModes = configuredProviderProfiles.some( - ({ profileId, mode }) => profileId !== params.profileId && mode !== params.mode, - ); - const derivedProviderOrder = - existingProviderOrder === undefined && preferProfileFirst && hasMixedConfiguredModes - ? [ - params.profileId, - ...configuredProviderProfiles - .map(({ profileId }) => profileId) - .filter((profileId) => profileId !== params.profileId), - ] - : undefined; - const order = - existingProviderOrder !== undefined - ? { - ...cfg.auth?.order, - [params.provider]: reorderedProviderOrder?.includes(params.profileId) - ? reorderedProviderOrder - : [...(reorderedProviderOrder ?? []), params.profileId], - } - : derivedProviderOrder - ? { - ...cfg.auth?.order, - [params.provider]: derivedProviderOrder, - } - : cfg.auth?.order; - return { - ...cfg, - auth: { - ...cfg.auth, - profiles, - ...(order ? { order } : {}), - }, - }; -} diff --git a/src/commands/auth-token.ts b/src/commands/auth-token.ts index d003c2aa1b7..b371599b222 100644 --- a/src/commands/auth-token.ts +++ b/src/commands/auth-token.ts @@ -1,38 +1,8 @@ -import { normalizeProviderId } from "../agents/model-selection.js"; - -export const ANTHROPIC_SETUP_TOKEN_PREFIX = "sk-ant-oat01-"; -export const ANTHROPIC_SETUP_TOKEN_MIN_LENGTH = 80; -export const DEFAULT_TOKEN_PROFILE_NAME = "default"; - -export function normalizeTokenProfileName(raw: string): string { - const trimmed = raw.trim(); - if (!trimmed) { - return DEFAULT_TOKEN_PROFILE_NAME; - } - const slug = trimmed - .toLowerCase() - .replace(/[^a-z0-9._-]+/g, "-") - .replace(/-+/g, "-") - .replace(/^-+|-+$/g, ""); - return slug || DEFAULT_TOKEN_PROFILE_NAME; -} - -export function buildTokenProfileId(params: { provider: string; name: string }): string { - const provider = normalizeProviderId(params.provider); - const name = normalizeTokenProfileName(params.name); - return `${provider}:${name}`; -} - -export function validateAnthropicSetupToken(raw: string): string | undefined { - const trimmed = raw.trim(); - if (!trimmed) { - return "Required"; - } - if (!trimmed.startsWith(ANTHROPIC_SETUP_TOKEN_PREFIX)) { - return `Expected token starting with ${ANTHROPIC_SETUP_TOKEN_PREFIX}`; - } - if (trimmed.length < ANTHROPIC_SETUP_TOKEN_MIN_LENGTH) { - return "Token looks too short; paste the full setup-token"; - } - return undefined; -} +export { + ANTHROPIC_SETUP_TOKEN_MIN_LENGTH, + ANTHROPIC_SETUP_TOKEN_PREFIX, + buildTokenProfileId, + DEFAULT_TOKEN_PROFILE_NAME, + normalizeTokenProfileName, + validateAnthropicSetupToken, +} from "../plugins/provider-auth-token.js"; diff --git a/src/commands/channel-setup/plugin-install.test.ts b/src/commands/channel-setup/plugin-install.test.ts index 056b2709891..88c70bc26ef 100644 --- a/src/commands/channel-setup/plugin-install.test.ts +++ b/src/commands/channel-setup/plugin-install.test.ts @@ -337,6 +337,9 @@ describe("ensureChannelSetupPluginInstalled", () => { hookNames: [], channelIds: [], providerIds: [], + speechProviderIds: [], + mediaUnderstandingProviderIds: [], + imageGenerationProviderIds: [], webSearchProviderIds: [], gatewayMethods: [], cliCommands: [], diff --git a/src/commands/channels.mock-harness.ts b/src/commands/channels.mock-harness.ts index d1f412b0399..6a448a9750e 100644 --- a/src/commands/channels.mock-harness.ts +++ b/src/commands/channels.mock-harness.ts @@ -24,9 +24,8 @@ vi.mock("../config/config.js", async (importOriginal) => { }; }); -vi.mock("../../extensions/telegram/src/update-offset-store.js", async (importOriginal) => { - const actual = - await importOriginal(); +vi.mock("../../extensions/telegram/api.js", async (importOriginal) => { + const actual = await importOriginal(); return { ...actual, deleteTelegramUpdateOffset: offsetMocks.deleteTelegramUpdateOffset, diff --git a/src/commands/daemon-install-helpers.test.ts b/src/commands/daemon-install-helpers.test.ts index 931a983a8ee..113e7edd637 100644 --- a/src/commands/daemon-install-helpers.test.ts +++ b/src/commands/daemon-install-helpers.test.ts @@ -96,6 +96,30 @@ describe("buildGatewayInstallPlan", () => { expect(plan.workingDirectory).toBe("/Users/me"); expect(plan.environment).toEqual({ OPENCLAW_PORT: "3000" }); expect(mocks.resolvePreferredNodePath).not.toHaveBeenCalled(); + expect(mocks.buildServiceEnvironment).toHaveBeenCalledWith( + expect.objectContaining({ + env: {}, + port: 3000, + extraPathDirs: ["/custom"], + }), + ); + }); + + it("does not prepend '.' when nodePath is a bare executable name", async () => { + mockNodeGatewayPlanFixture(); + + await buildGatewayInstallPlan({ + env: {}, + port: 3000, + runtime: "node", + nodePath: "node", + }); + + expect(mocks.buildServiceEnvironment).toHaveBeenCalledWith( + expect.objectContaining({ + extraPathDirs: undefined, + }), + ); }); it("emits warnings when renderSystemNodeWarning returns one", async () => { diff --git a/src/commands/daemon-install-helpers.ts b/src/commands/daemon-install-helpers.ts index 91248cb86a7..fcd4a6447fb 100644 --- a/src/commands/daemon-install-helpers.ts +++ b/src/commands/daemon-install-helpers.ts @@ -11,6 +11,7 @@ import { buildServiceEnvironment } from "../daemon/service-env.js"; import { emitDaemonInstallRuntimeWarning, resolveDaemonInstallRuntimeInputs, + resolveDaemonNodeBinDir, } from "./daemon-install-plan.shared.js"; import type { DaemonInstallWarnFn } from "./daemon-install-runtime-warning.js"; import type { GatewayDaemonRuntime } from "./daemon-runtime.js"; @@ -87,6 +88,9 @@ export async function buildGatewayInstallPlan(params: { process.platform === "darwin" ? resolveGatewayLaunchAgentLabel(params.env.OPENCLAW_PROFILE) : undefined, + // Keep npm/pnpm available to the service when the selected daemon node comes from + // a version-manager bin directory that isn't covered by static PATH guesses. + extraPathDirs: resolveDaemonNodeBinDir(nodePath), }); // Merge config env vars into the service environment (vars + inline env keys). diff --git a/src/commands/daemon-install-plan.shared.test.ts b/src/commands/daemon-install-plan.shared.test.ts index 399b521a5d5..8d7a3520eaf 100644 --- a/src/commands/daemon-install-plan.shared.test.ts +++ b/src/commands/daemon-install-plan.shared.test.ts @@ -1,6 +1,7 @@ import { describe, expect, it } from "vitest"; import { resolveDaemonInstallRuntimeInputs, + resolveDaemonNodeBinDir, resolveGatewayDevMode, } from "./daemon-install-plan.shared.js"; @@ -29,3 +30,13 @@ describe("resolveDaemonInstallRuntimeInputs", () => { }); }); }); + +describe("resolveDaemonNodeBinDir", () => { + it("returns the absolute node bin directory", () => { + expect(resolveDaemonNodeBinDir("/custom/node/bin/node")).toEqual(["/custom/node/bin"]); + }); + + it("ignores bare executable names", () => { + expect(resolveDaemonNodeBinDir("node")).toBeUndefined(); + }); +}); diff --git a/src/commands/daemon-install-plan.shared.ts b/src/commands/daemon-install-plan.shared.ts index b3a970d05f4..cb2f701e632 100644 --- a/src/commands/daemon-install-plan.shared.ts +++ b/src/commands/daemon-install-plan.shared.ts @@ -1,3 +1,4 @@ +import path from "node:path"; import { resolvePreferredNodePath } from "../daemon/runtime-paths.js"; import { emitNodeRuntimeWarning, @@ -42,3 +43,11 @@ export async function emitDaemonInstallRuntimeWarning(params: { title: params.title, }); } + +export function resolveDaemonNodeBinDir(nodePath?: string): string[] | undefined { + const trimmed = nodePath?.trim(); + if (!trimmed || !path.isAbsolute(trimmed)) { + return undefined; + } + return [path.dirname(trimmed)]; +} diff --git a/src/commands/doctor-config-flow.test.ts b/src/commands/doctor-config-flow.test.ts index a1b204b5990..39e7b9d00fe 100644 --- a/src/commands/doctor-config-flow.test.ts +++ b/src/commands/doctor-config-flow.test.ts @@ -387,6 +387,61 @@ describe("doctor config flow", () => { } }); + it("warns and continues when Telegram account inspection hits inactive SecretRef surfaces", async () => { + const noteSpy = vi.spyOn(noteModule, "note").mockImplementation(() => {}); + const fetchSpy = vi.fn(); + vi.stubGlobal("fetch", fetchSpy); + try { + const result = await runDoctorConfigWithInput({ + repair: true, + config: { + secrets: { + providers: { + default: { source: "env" }, + }, + }, + channels: { + telegram: { + accounts: { + inactive: { + enabled: false, + botToken: { source: "env", provider: "default", id: "TELEGRAM_BOT_TOKEN" }, + allowFrom: ["@testuser"], + }, + }, + }, + }, + }, + run: loadAndMaybeMigrateDoctorConfig, + }); + + const cfg = result.cfg as { + channels?: { + telegram?: { + accounts?: Record; + }; + }; + }; + expect(cfg.channels?.telegram?.accounts?.inactive?.allowFrom).toEqual(["@testuser"]); + expect(fetchSpy).not.toHaveBeenCalled(); + expect( + noteSpy.mock.calls.some((call) => + String(call[0]).includes("Telegram account inactive: failed to inspect bot token"), + ), + ).toBe(true); + expect( + noteSpy.mock.calls.some((call) => + String(call[0]).includes( + "Telegram allowFrom contains @username entries, but no Telegram bot token is configured", + ), + ), + ).toBe(true); + } finally { + noteSpy.mockRestore(); + vi.unstubAllGlobals(); + } + }); + it("converts numeric discord ids to strings on repair", async () => { await withTempHome(async (home) => { const configDir = path.join(home, ".openclaw"); diff --git a/src/commands/doctor-config-flow.ts b/src/commands/doctor-config-flow.ts index 0c52c9b582a..ae755423987 100644 --- a/src/commands/doctor-config-flow.ts +++ b/src/commands/doctor-config-flow.ts @@ -22,14 +22,14 @@ import { normalizeTrustedSafeBinDirs, } from "../infra/exec-safe-bin-trust.js"; import { readChannelAllowFromStore } from "../pairing/pairing-store.js"; +import { resolveTelegramAccount } from "../plugin-sdk/account-resolution.js"; import { fetchTelegramChatId, inspectTelegramAccount, isNumericTelegramUserId, listTelegramAccountIds, normalizeTelegramAllowFromEntry, - resolveTelegramAccount, -} from "../plugin-sdk-internal/telegram.js"; +} from "../plugin-sdk/telegram.js"; import { formatChannelAccountsDefaultPath, formatSetExplicitDefaultInstruction, @@ -40,6 +40,7 @@ import { normalizeAccountId, normalizeOptionalAccountId, } from "../routing/session-key.js"; +import { describeUnknownError } from "../secrets/shared.js"; import { isDiscordMutableAllowEntry, isGoogleChatMutableAllowEntry, @@ -334,10 +335,23 @@ async function maybeRepairTelegramAllowFromUsernames(cfg: OpenClawConfig): Promi const inspected = inspectTelegramAccount({ cfg, accountId }); return inspected.enabled && inspected.tokenStatus === "configured_unavailable"; }); + const tokenResolutionWarnings: string[] = []; const tokens = Array.from( new Set( listTelegramAccountIds(resolvedConfig) - .map((accountId) => resolveTelegramAccount({ cfg: resolvedConfig, accountId })) + .map((accountId) => { + try { + return resolveTelegramAccount({ cfg: resolvedConfig, accountId }); + } catch (error) { + tokenResolutionWarnings.push( + `- Telegram account ${accountId}: failed to inspect bot token (${describeUnknownError(error)}).`, + ); + return null; + } + }) + .filter((account): account is NonNullable> => + Boolean(account), + ) .map((account) => (account.tokenSource === "none" ? "" : account.token)) .map((token) => token.trim()) .filter(Boolean), @@ -348,6 +362,7 @@ async function maybeRepairTelegramAllowFromUsernames(cfg: OpenClawConfig): Promi return { config: cfg, changes: [ + ...tokenResolutionWarnings, hasConfiguredUnavailableToken ? `- Telegram allowFrom contains @username entries, but configured Telegram bot credentials are unavailable in this command path; cannot auto-resolve (start the gateway or make the secret source available, then rerun doctor --fix).` : `- Telegram allowFrom contains @username entries, but no Telegram bot token is configured; cannot auto-resolve (run setup or replace with numeric sender IDs).`, diff --git a/src/commands/doctor.e2e-harness.ts b/src/commands/doctor.e2e-harness.ts index b75e3bbc5d4..320e8e1258c 100644 --- a/src/commands/doctor.e2e-harness.ts +++ b/src/commands/doctor.e2e-harness.ts @@ -258,7 +258,7 @@ vi.mock("../pairing/pairing-store.js", () => ({ upsertChannelPairingRequest: vi.fn().mockResolvedValue({ code: "000000", created: false }), })); -vi.mock("../../extensions/telegram/src/token.js", () => ({ +vi.mock("../../extensions/telegram/api.js", () => ({ resolveTelegramToken: vi.fn(() => ({ token: "", source: "none" })), })); diff --git a/src/commands/google-gemini-model-default.ts b/src/commands/google-gemini-model-default.ts index 491fdd3c6d9..25b92d6459f 100644 --- a/src/commands/google-gemini-model-default.ts +++ b/src/commands/google-gemini-model-default.ts @@ -1,11 +1,4 @@ -import type { OpenClawConfig } from "../config/config.js"; -import { applyAgentDefaultPrimaryModel } from "./model-default.js"; - -export const GOOGLE_GEMINI_DEFAULT_MODEL = "google/gemini-3.1-pro-preview"; - -export function applyGoogleGeminiModelDefault(cfg: OpenClawConfig): { - next: OpenClawConfig; - changed: boolean; -} { - return applyAgentDefaultPrimaryModel({ cfg, model: GOOGLE_GEMINI_DEFAULT_MODEL }); -} +export { + applyGoogleGeminiModelDefault, + GOOGLE_GEMINI_DEFAULT_MODEL, +} from "../plugins/provider-model-defaults.js"; diff --git a/src/commands/message.test.ts b/src/commands/message.test.ts index adbe4ae7850..182946ba7ad 100644 --- a/src/commands/message.test.ts +++ b/src/commands/message.test.ts @@ -301,6 +301,13 @@ describe("messageCommand", () => { commandName: "message", }), ); + const secretResolveCall = resolveCommandSecretRefsViaGateway.mock.calls[0]?.[0] as { + targetIds?: Set; + }; + expect(secretResolveCall.targetIds).toBeInstanceOf(Set); + expect( + [...(secretResolveCall.targetIds ?? [])].every((id) => id.startsWith("channels.telegram.")), + ).toBe(true); expect(handleTelegramAction).toHaveBeenCalledWith( expect.objectContaining({ action: "send", to: "123456", accountId: undefined }), resolvedConfig, diff --git a/src/commands/message.ts b/src/commands/message.ts index 76e622e2cf3..52540e8916d 100644 --- a/src/commands/message.ts +++ b/src/commands/message.ts @@ -3,7 +3,8 @@ import { type ChannelMessageActionName, } from "../channels/plugins/types.js"; import { resolveCommandSecretRefsViaGateway } from "../cli/command-secret-gateway.js"; -import { getChannelsCommandSecretTargetIds } from "../cli/command-secret-targets.js"; +import { getScopedChannelsCommandSecretTargets } from "../cli/command-secret-targets.js"; +import { resolveMessageSecretScope } from "../cli/message-secret-scope.js"; import { createOutboundSendDeps, type CliDeps } from "../cli/outbound-send-deps.js"; import { withProgress } from "../cli/progress.js"; import { loadConfig } from "../config/config.js"; @@ -19,10 +20,22 @@ export async function messageCommand( runtime: RuntimeEnv, ) { const loadedRaw = loadConfig(); + const scope = resolveMessageSecretScope({ + channel: opts.channel, + target: opts.target, + targets: opts.targets, + accountId: opts.accountId, + }); + const scopedTargets = getScopedChannelsCommandSecretTargets({ + config: loadedRaw, + channel: scope.channel, + accountId: scope.accountId, + }); const { resolvedConfig: cfg, diagnostics } = await resolveCommandSecretRefsViaGateway({ config: loadedRaw, commandName: "message", - targetIds: getChannelsCommandSecretTargetIds(), + targetIds: scopedTargets.targetIds, + ...(scopedTargets.allowedPaths ? { allowedPaths: scopedTargets.allowedPaths } : {}), }); for (const entry of diagnostics) { runtime.log(`[secrets] ${entry}`); diff --git a/src/commands/model-allowlist.ts b/src/commands/model-allowlist.ts index bc6dfc5308d..37f664aef36 100644 --- a/src/commands/model-allowlist.ts +++ b/src/commands/model-allowlist.ts @@ -1,41 +1 @@ -import { DEFAULT_PROVIDER } from "../agents/defaults.js"; -import { resolveAllowlistModelKey } from "../agents/model-selection.js"; -import type { OpenClawConfig } from "../config/config.js"; - -export function ensureModelAllowlistEntry(params: { - cfg: OpenClawConfig; - modelRef: string; - defaultProvider?: string; -}): OpenClawConfig { - const rawModelRef = params.modelRef.trim(); - if (!rawModelRef) { - return params.cfg; - } - - const models = { ...params.cfg.agents?.defaults?.models }; - const keySet = new Set([rawModelRef]); - const canonicalKey = resolveAllowlistModelKey( - rawModelRef, - params.defaultProvider ?? DEFAULT_PROVIDER, - ); - if (canonicalKey) { - keySet.add(canonicalKey); - } - - for (const key of keySet) { - models[key] = { - ...models[key], - }; - } - - return { - ...params.cfg, - agents: { - ...params.cfg.agents, - defaults: { - ...params.cfg.agents?.defaults, - models, - }, - }, - }; -} +export { ensureModelAllowlistEntry } from "../plugins/provider-model-allowlist.js"; diff --git a/src/commands/model-default.ts b/src/commands/model-default.ts index ce121973da3..d70e5208f3b 100644 --- a/src/commands/model-default.ts +++ b/src/commands/model-default.ts @@ -1,45 +1,4 @@ -import type { OpenClawConfig } from "../config/config.js"; -import type { AgentModelListConfig } from "../config/types.js"; - -export function resolvePrimaryModel(model?: AgentModelListConfig | string): string | undefined { - if (typeof model === "string") { - return model; - } - if (model && typeof model === "object" && typeof model.primary === "string") { - return model.primary; - } - return undefined; -} - -export function applyAgentDefaultPrimaryModel(params: { - cfg: OpenClawConfig; - model: string; - legacyModels?: Set; -}): { next: OpenClawConfig; changed: boolean } { - const current = resolvePrimaryModel(params.cfg.agents?.defaults?.model)?.trim(); - const normalizedCurrent = current && params.legacyModels?.has(current) ? params.model : current; - if (normalizedCurrent === params.model) { - return { next: params.cfg, changed: false }; - } - - return { - next: { - ...params.cfg, - agents: { - ...params.cfg.agents, - defaults: { - ...params.cfg.agents?.defaults, - model: - params.cfg.agents?.defaults?.model && - typeof params.cfg.agents.defaults.model === "object" - ? { - ...params.cfg.agents.defaults.model, - primary: params.model, - } - : { primary: params.model }, - }, - }, - }, - changed: true, - }; -} +export { + applyAgentDefaultPrimaryModel, + resolvePrimaryModel, +} from "../plugins/provider-model-primary.js"; diff --git a/src/commands/model-picker.runtime.ts b/src/commands/model-picker.runtime.ts index 74c4f68c605..f527f0c5cf8 100644 --- a/src/commands/model-picker.runtime.ts +++ b/src/commands/model-picker.runtime.ts @@ -1,7 +1,15 @@ -export { +import { runProviderPluginAuthMethod } from "../plugins/provider-auth-choice.js"; +import { resolveProviderModelPickerEntries, resolveProviderPluginChoice, runProviderModelSelectedHook, } from "../plugins/provider-wizard.js"; -export { resolvePluginProviders } from "../plugins/providers.js"; -export { runProviderPluginAuthMethod } from "./auth-choice.apply.plugin-provider.js"; +import { resolvePluginProviders } from "../plugins/providers.js"; + +export const modelPickerRuntime = { + resolveProviderModelPickerEntries, + resolveProviderPluginChoice, + runProviderModelSelectedHook, + resolvePluginProviders, + runProviderPluginAuthMethod, +}; diff --git a/src/commands/model-picker.test.ts b/src/commands/model-picker.test.ts index a4eb89e066c..fc09d5a7f3c 100644 --- a/src/commands/model-picker.test.ts +++ b/src/commands/model-picker.test.ts @@ -40,11 +40,13 @@ const runProviderModelSelectedHook = vi.hoisted(() => vi.fn(async () => {})); const resolvePluginProviders = vi.hoisted(() => vi.fn(() => [])); const runProviderPluginAuthMethod = vi.hoisted(() => vi.fn()); vi.mock("./model-picker.runtime.js", () => ({ - resolveProviderModelPickerEntries, - resolveProviderPluginChoice, - runProviderModelSelectedHook, - resolvePluginProviders, - runProviderPluginAuthMethod, + modelPickerRuntime: { + resolveProviderModelPickerEntries, + resolveProviderPluginChoice, + runProviderModelSelectedHook, + resolvePluginProviders, + runProviderPluginAuthMethod, + }, })); const OPENROUTER_CATALOG = [ diff --git a/src/commands/model-picker.ts b/src/commands/model-picker.ts index 483997511cb..cea263f7e58 100644 --- a/src/commands/model-picker.ts +++ b/src/commands/model-picker.ts @@ -11,10 +11,14 @@ import { } from "../agents/model-selection.js"; import type { OpenClawConfig } from "../config/config.js"; import { resolveAgentModelPrimaryValue } from "../config/model-input.js"; +import { applyPrimaryModel } from "../plugins/provider-model-primary.js"; import type { ProviderPlugin } from "../plugins/types.js"; +import { createLazyRuntimeSurface } from "../shared/lazy-runtime.js"; import type { WizardPrompter, WizardSelectOption } from "../wizard/prompts.js"; import { formatTokenK } from "./models/shared.js"; +export { applyPrimaryModel } from "../plugins/provider-model-primary.js"; + const KEEP_VALUE = "__keep__"; const MANUAL_VALUE = "__manual__"; const PROVIDER_FILTER_THRESHOLD = 30; @@ -46,6 +50,11 @@ async function loadModelPickerRuntime() { return import("./model-picker.runtime.js"); } +const loadResolvedModelPickerRuntime = createLazyRuntimeSurface( + loadModelPickerRuntime, + ({ modelPickerRuntime }) => modelPickerRuntime, +); + function hasAuthForProvider( provider: string, cfg: OpenClawConfig, @@ -281,7 +290,7 @@ export async function promptDefaultModel( options.push({ value: MANUAL_VALUE, label: "Enter model manually" }); } if (includeProviderPluginSetups && agentDir) { - const { resolveProviderModelPickerEntries } = await loadModelPickerRuntime(); + const { resolveProviderModelPickerEntries } = await loadResolvedModelPickerRuntime(); options.push( ...resolveProviderModelPickerEntries({ config: cfg, @@ -340,7 +349,7 @@ export async function promptDefaultModel( if (selection.startsWith("provider-plugin:")) { pluginResolution = selection; } else if (!selection.includes("/")) { - const { resolvePluginProviders } = await loadModelPickerRuntime(); + const { resolvePluginProviders } = await loadResolvedModelPickerRuntime(); pluginProviders = resolvePluginProviders({ config: cfg, workspaceDir: params.workspaceDir, @@ -365,7 +374,7 @@ export async function promptDefaultModel( resolveProviderPluginChoice, runProviderModelSelectedHook, runProviderPluginAuthMethod, - } = await loadModelPickerRuntime(); + } = await loadResolvedModelPickerRuntime(); if (pluginProviders.length === 0) { pluginProviders = resolvePluginProviders({ config: cfg, @@ -401,7 +410,7 @@ export async function promptDefaultModel( return { model: applied.defaultModel, config: applied.config }; } const model = String(selection); - const { runProviderModelSelectedHook } = await loadModelPickerRuntime(); + const { runProviderModelSelectedHook } = await loadResolvedModelPickerRuntime(); await runProviderModelSelectedHook({ config: cfg, model, @@ -516,33 +525,6 @@ export async function promptModelAllowlist(params: { return { models: [] }; } -export function applyPrimaryModel(cfg: OpenClawConfig, model: string): OpenClawConfig { - const defaults = cfg.agents?.defaults; - const existingModel = defaults?.model; - const existingModels = defaults?.models; - const fallbacks = - typeof existingModel === "object" && existingModel !== null && "fallbacks" in existingModel - ? (existingModel as { fallbacks?: string[] }).fallbacks - : undefined; - return { - ...cfg, - agents: { - ...cfg.agents, - defaults: { - ...defaults, - model: { - ...(fallbacks ? { fallbacks } : undefined), - primary: model, - }, - models: { - ...existingModels, - [model]: existingModels?.[model] ?? {}, - }, - }, - }, - }; -} - export function applyModelAllowlist(cfg: OpenClawConfig, models: string[]): OpenClawConfig { const defaults = cfg.agents?.defaults; const normalized = normalizeModelKeys(models); diff --git a/src/commands/models/auth.ts b/src/commands/models/auth.ts index 6001ede2ea4..c3de2dd06dc 100644 --- a/src/commands/models/auth.ts +++ b/src/commands/models/auth.ts @@ -23,6 +23,7 @@ import { formatCliCommand } from "../../cli/command-format.js"; import { parseDurationMs } from "../../cli/parse-duration.js"; import type { OpenClawConfig } from "../../config/config.js"; import { logConfigUpdated } from "../../config/logging.js"; +import { applyAuthProfileConfig } from "../../plugins/provider-auth-helpers.js"; import { resolvePluginProviders } from "../../plugins/providers.js"; import type { ProviderAuthMethod, @@ -34,7 +35,6 @@ import { stylePromptHint, stylePromptMessage } from "../../terminal/prompt-style import { createClackPrompter } from "../../wizard/clack-prompter.js"; import { isRemoteEnvironment } from "../oauth-env.js"; import { createVpsAwareOAuthHandlers } from "../oauth-flow.js"; -import { applyAuthProfileConfig } from "../onboard-auth.js"; import { openUrl } from "../onboard-helpers.js"; import { applyDefaultModel, diff --git a/src/commands/node-daemon-install-helpers.test.ts b/src/commands/node-daemon-install-helpers.test.ts new file mode 100644 index 00000000000..536bea1d014 --- /dev/null +++ b/src/commands/node-daemon-install-helpers.test.ts @@ -0,0 +1,93 @@ +import { afterEach, describe, expect, it, vi } from "vitest"; + +const mocks = vi.hoisted(() => ({ + resolvePreferredNodePath: vi.fn(), + resolveNodeProgramArguments: vi.fn(), + resolveSystemNodeInfo: vi.fn(), + renderSystemNodeWarning: vi.fn(), + buildNodeServiceEnvironment: vi.fn(), +})); + +vi.mock("../daemon/runtime-paths.js", () => ({ + resolvePreferredNodePath: mocks.resolvePreferredNodePath, + resolveSystemNodeInfo: mocks.resolveSystemNodeInfo, + renderSystemNodeWarning: mocks.renderSystemNodeWarning, +})); + +vi.mock("../daemon/program-args.js", () => ({ + resolveNodeProgramArguments: mocks.resolveNodeProgramArguments, +})); + +vi.mock("../daemon/service-env.js", () => ({ + buildNodeServiceEnvironment: mocks.buildNodeServiceEnvironment, +})); + +import { buildNodeInstallPlan } from "./node-daemon-install-helpers.js"; + +afterEach(() => { + vi.resetAllMocks(); +}); + +describe("buildNodeInstallPlan", () => { + it("passes the selected node bin directory into the node service environment", async () => { + mocks.resolveNodeProgramArguments.mockResolvedValue({ + programArguments: ["node", "node-host"], + workingDirectory: "/Users/me", + }); + mocks.resolveSystemNodeInfo.mockResolvedValue({ + path: "/opt/node/bin/node", + version: "22.0.0", + supported: true, + }); + mocks.renderSystemNodeWarning.mockReturnValue(undefined); + mocks.buildNodeServiceEnvironment.mockReturnValue({ + OPENCLAW_SERVICE_VERSION: "2026.3.14", + }); + + const plan = await buildNodeInstallPlan({ + env: {}, + host: "127.0.0.1", + port: 18789, + runtime: "node", + nodePath: "/custom/node/bin/node", + }); + + expect(plan.environment).toEqual({ + OPENCLAW_SERVICE_VERSION: "2026.3.14", + }); + expect(mocks.resolvePreferredNodePath).not.toHaveBeenCalled(); + expect(mocks.buildNodeServiceEnvironment).toHaveBeenCalledWith({ + env: {}, + extraPathDirs: ["/custom/node/bin"], + }); + }); + + it("does not prepend '.' when nodePath is a bare executable name", async () => { + mocks.resolveNodeProgramArguments.mockResolvedValue({ + programArguments: ["node", "node-host"], + workingDirectory: "/Users/me", + }); + mocks.resolveSystemNodeInfo.mockResolvedValue({ + path: "/usr/bin/node", + version: "22.0.0", + supported: true, + }); + mocks.renderSystemNodeWarning.mockReturnValue(undefined); + mocks.buildNodeServiceEnvironment.mockReturnValue({ + OPENCLAW_SERVICE_VERSION: "2026.3.14", + }); + + await buildNodeInstallPlan({ + env: {}, + host: "127.0.0.1", + port: 18789, + runtime: "node", + nodePath: "node", + }); + + expect(mocks.buildNodeServiceEnvironment).toHaveBeenCalledWith({ + env: {}, + extraPathDirs: undefined, + }); + }); +}); diff --git a/src/commands/node-daemon-install-helpers.ts b/src/commands/node-daemon-install-helpers.ts index 2f86d1c3b5e..321dff5a664 100644 --- a/src/commands/node-daemon-install-helpers.ts +++ b/src/commands/node-daemon-install-helpers.ts @@ -4,6 +4,7 @@ import { buildNodeServiceEnvironment } from "../daemon/service-env.js"; import { emitDaemonInstallRuntimeWarning, resolveDaemonInstallRuntimeInputs, + resolveDaemonNodeBinDir, } from "./daemon-install-plan.shared.js"; import type { DaemonInstallWarnFn } from "./daemon-install-runtime-warning.js"; import type { NodeDaemonRuntime } from "./node-daemon-runtime.js"; @@ -54,7 +55,12 @@ export async function buildNodeInstallPlan(params: { title: "Node daemon runtime", }); - const environment = buildNodeServiceEnvironment({ env: params.env }); + const environment = buildNodeServiceEnvironment({ + env: params.env, + // Match the gateway install path so supervised node services keep the chosen + // node toolchain on PATH for sibling binaries like npm/pnpm when needed. + extraPathDirs: resolveDaemonNodeBinDir(nodePath), + }); const description = formatNodeServiceDescription({ version: environment.OPENCLAW_SERVICE_VERSION, }); diff --git a/src/commands/oauth-flow.ts b/src/commands/oauth-flow.ts index 1b0eba3b4f8..48e89b25720 100644 --- a/src/commands/oauth-flow.ts +++ b/src/commands/oauth-flow.ts @@ -1,53 +1 @@ -import type { RuntimeEnv } from "../runtime.js"; -import type { WizardPrompter } from "../wizard/prompts.js"; - -type OAuthPrompt = { message: string; placeholder?: string }; - -const validateRequiredInput = (value: string) => (value.trim().length > 0 ? undefined : "Required"); - -export function createVpsAwareOAuthHandlers(params: { - isRemote: boolean; - prompter: WizardPrompter; - runtime: RuntimeEnv; - spin: ReturnType; - openUrl: (url: string) => Promise; - localBrowserMessage: string; - manualPromptMessage?: string; -}): { - onAuth: (event: { url: string }) => Promise; - onPrompt: (prompt: OAuthPrompt) => Promise; -} { - const manualPromptMessage = params.manualPromptMessage ?? "Paste the redirect URL"; - let manualCodePromise: Promise | undefined; - - return { - onAuth: async ({ url }) => { - if (params.isRemote) { - params.spin.stop("OAuth URL ready"); - params.runtime.log(`\nOpen this URL in your LOCAL browser:\n\n${url}\n`); - manualCodePromise = params.prompter - .text({ - message: manualPromptMessage, - validate: validateRequiredInput, - }) - .then((value) => String(value)); - return; - } - - params.spin.update(params.localBrowserMessage); - await params.openUrl(url); - params.runtime.log(`Open: ${url}`); - }, - onPrompt: async (prompt) => { - if (manualCodePromise) { - return manualCodePromise; - } - const code = await params.prompter.text({ - message: prompt.message, - placeholder: prompt.placeholder, - validate: validateRequiredInput, - }); - return String(code); - }, - }; -} +export * from "../plugins/provider-oauth-flow.js"; diff --git a/src/commands/oauth-tls-preflight.ts b/src/commands/oauth-tls-preflight.ts index bf9e69b0519..6852c58ad5c 100644 --- a/src/commands/oauth-tls-preflight.ts +++ b/src/commands/oauth-tls-preflight.ts @@ -1,164 +1 @@ -import path from "node:path"; -import { formatCliCommand } from "../cli/command-format.js"; -import type { OpenClawConfig } from "../config/config.js"; -import { note } from "../terminal/note.js"; - -const TLS_CERT_ERROR_CODES = new Set([ - "UNABLE_TO_GET_ISSUER_CERT_LOCALLY", - "UNABLE_TO_VERIFY_LEAF_SIGNATURE", - "CERT_HAS_EXPIRED", - "DEPTH_ZERO_SELF_SIGNED_CERT", - "SELF_SIGNED_CERT_IN_CHAIN", - "ERR_TLS_CERT_ALTNAME_INVALID", -]); - -const TLS_CERT_ERROR_PATTERNS = [ - /unable to get local issuer certificate/i, - /unable to verify the first certificate/i, - /self[- ]signed certificate/i, - /certificate has expired/i, -]; - -const OPENAI_AUTH_PROBE_URL = - "https://auth.openai.com/oauth/authorize?response_type=code&client_id=openclaw-preflight&redirect_uri=http%3A%2F%2Flocalhost%3A1455%2Fauth%2Fcallback&scope=openid+profile+email"; - -type PreflightFailureKind = "tls-cert" | "network"; - -export type OpenAIOAuthTlsPreflightResult = - | { ok: true } - | { - ok: false; - kind: PreflightFailureKind; - code?: string; - message: string; - }; - -function asRecord(value: unknown): Record | null { - return value && typeof value === "object" ? (value as Record) : null; -} - -function extractFailure(error: unknown): { - code?: string; - message: string; - kind: PreflightFailureKind; -} { - const root = asRecord(error); - const rootCause = asRecord(root?.cause); - const code = typeof rootCause?.code === "string" ? rootCause.code : undefined; - const message = - typeof rootCause?.message === "string" - ? rootCause.message - : typeof root?.message === "string" - ? root.message - : String(error); - const isTlsCertError = - (code ? TLS_CERT_ERROR_CODES.has(code) : false) || - TLS_CERT_ERROR_PATTERNS.some((pattern) => pattern.test(message)); - return { - code, - message, - kind: isTlsCertError ? "tls-cert" : "network", - }; -} - -function resolveHomebrewPrefixFromExecPath(execPath: string): string | null { - const marker = `${path.sep}Cellar${path.sep}`; - const idx = execPath.indexOf(marker); - if (idx > 0) { - return execPath.slice(0, idx); - } - const envPrefix = process.env.HOMEBREW_PREFIX?.trim(); - return envPrefix ? envPrefix : null; -} - -function resolveCertBundlePath(): string | null { - const prefix = resolveHomebrewPrefixFromExecPath(process.execPath); - if (!prefix) { - return null; - } - return path.join(prefix, "etc", "openssl@3", "cert.pem"); -} - -function hasOpenAICodexOAuthProfile(cfg: OpenClawConfig): boolean { - const profiles = cfg.auth?.profiles; - if (!profiles) { - return false; - } - return Object.values(profiles).some( - (profile) => profile.provider === "openai-codex" && profile.mode === "oauth", - ); -} - -function shouldRunOpenAIOAuthTlsPrerequisites(params: { - cfg: OpenClawConfig; - deep?: boolean; -}): boolean { - if (params.deep === true) { - return true; - } - return hasOpenAICodexOAuthProfile(params.cfg); -} - -export async function runOpenAIOAuthTlsPreflight(options?: { - timeoutMs?: number; - fetchImpl?: typeof fetch; -}): Promise { - const timeoutMs = options?.timeoutMs ?? 5000; - const fetchImpl = options?.fetchImpl ?? fetch; - try { - await fetchImpl(OPENAI_AUTH_PROBE_URL, { - method: "GET", - redirect: "manual", - signal: AbortSignal.timeout(timeoutMs), - }); - return { ok: true }; - } catch (error) { - const failure = extractFailure(error); - return { - ok: false, - kind: failure.kind, - code: failure.code, - message: failure.message, - }; - } -} - -export function formatOpenAIOAuthTlsPreflightFix( - result: Exclude, -): string { - if (result.kind !== "tls-cert") { - return [ - "OpenAI OAuth prerequisites check failed due to a network error before the browser flow.", - `Cause: ${result.message}`, - "Verify DNS/firewall/proxy access to auth.openai.com and retry.", - ].join("\n"); - } - const certBundlePath = resolveCertBundlePath(); - const lines = [ - "OpenAI OAuth prerequisites check failed: Node/OpenSSL cannot validate TLS certificates.", - `Cause: ${result.code ? `${result.code} (${result.message})` : result.message}`, - "", - "Fix (Homebrew Node/OpenSSL):", - `- ${formatCliCommand("brew postinstall ca-certificates")}`, - `- ${formatCliCommand("brew postinstall openssl@3")}`, - ]; - if (certBundlePath) { - lines.push(`- Verify cert bundle exists: ${certBundlePath}`); - } - lines.push("- Retry the OAuth login flow."); - return lines.join("\n"); -} - -export async function noteOpenAIOAuthTlsPrerequisites(params: { - cfg: OpenClawConfig; - deep?: boolean; -}): Promise { - if (!shouldRunOpenAIOAuthTlsPrerequisites(params)) { - return; - } - const result = await runOpenAIOAuthTlsPreflight({ timeoutMs: 4000 }); - if (result.ok || result.kind !== "tls-cert") { - return; - } - note(formatOpenAIOAuthTlsPreflightFix(result), "OAuth TLS prerequisites"); -} +export * from "../plugins/provider-openai-codex-oauth-tls.js"; diff --git a/src/commands/ollama-setup.ts b/src/commands/ollama-setup.ts index 4557f606bb6..9be1fcf6c31 100644 --- a/src/commands/ollama-setup.ts +++ b/src/commands/ollama-setup.ts @@ -1,531 +1 @@ -import { upsertAuthProfileWithLock } from "../agents/auth-profiles/upsert-with-lock.js"; -import { OLLAMA_DEFAULT_BASE_URL } from "../agents/ollama-defaults.js"; -import { - buildOllamaModelDefinition, - enrichOllamaModelsWithContext, - fetchOllamaModels, - resolveOllamaApiBase, - type OllamaModelWithContext, -} from "../agents/ollama-models.js"; -import type { OpenClawConfig } from "../config/config.js"; -import type { RuntimeEnv } from "../runtime.js"; -import { WizardCancelledError, type WizardPrompter } from "../wizard/prompts.js"; -import { isRemoteEnvironment } from "./oauth-env.js"; -import { applyAgentDefaultModelPrimary } from "./onboard-auth.config-shared.js"; -import { openUrl } from "./onboard-helpers.js"; -import type { OnboardMode, OnboardOptions } from "./onboard-types.js"; - -export { OLLAMA_DEFAULT_BASE_URL } from "../agents/ollama-defaults.js"; -export const OLLAMA_DEFAULT_MODEL = "glm-4.7-flash"; - -const OLLAMA_SUGGESTED_MODELS_LOCAL = ["glm-4.7-flash"]; -const OLLAMA_SUGGESTED_MODELS_CLOUD = ["kimi-k2.5:cloud", "minimax-m2.5:cloud", "glm-5:cloud"]; - -function normalizeOllamaModelName(value: string | undefined): string | undefined { - const trimmed = value?.trim(); - if (!trimmed) { - return undefined; - } - if (trimmed.toLowerCase().startsWith("ollama/")) { - const withoutPrefix = trimmed.slice("ollama/".length).trim(); - return withoutPrefix || undefined; - } - return trimmed; -} - -function isOllamaCloudModel(modelName: string | undefined): boolean { - return Boolean(modelName?.trim().toLowerCase().endsWith(":cloud")); -} - -function formatOllamaPullStatus(status: string): { text: string; hidePercent: boolean } { - const trimmed = status.trim(); - const partStatusMatch = trimmed.match(/^([a-z-]+)\s+(?:sha256:)?[a-f0-9]{8,}$/i); - if (partStatusMatch) { - return { text: `${partStatusMatch[1]} part`, hidePercent: false }; - } - if (/^verifying\b.*\bdigest\b/i.test(trimmed)) { - return { text: "verifying digest", hidePercent: true }; - } - return { text: trimmed, hidePercent: false }; -} - -type OllamaCloudAuthResult = { - signedIn: boolean; - signinUrl?: string; -}; - -/** Check if the user is signed in to Ollama cloud via /api/me. */ -async function checkOllamaCloudAuth(baseUrl: string): Promise { - try { - const apiBase = resolveOllamaApiBase(baseUrl); - const response = await fetch(`${apiBase}/api/me`, { - method: "POST", - signal: AbortSignal.timeout(5000), - }); - if (response.status === 401) { - // 401 body contains { error, signin_url } - const data = (await response.json()) as { signin_url?: string }; - return { signedIn: false, signinUrl: data.signin_url }; - } - if (!response.ok) { - return { signedIn: false }; - } - return { signedIn: true }; - } catch { - // /api/me not supported or unreachable — fail closed so cloud mode - // doesn't silently skip auth; the caller handles the fallback. - return { signedIn: false }; - } -} - -type OllamaPullChunk = { - status?: string; - total?: number; - completed?: number; - error?: string; -}; - -type OllamaPullFailureKind = "http" | "no-body" | "chunk-error" | "network"; -type OllamaPullResult = - | { ok: true } - | { - ok: false; - kind: OllamaPullFailureKind; - message: string; - }; - -async function pullOllamaModelCore(params: { - baseUrl: string; - modelName: string; - onStatus?: (status: string, percent: number | null) => void; -}): Promise { - const { onStatus } = params; - const baseUrl = resolveOllamaApiBase(params.baseUrl); - const modelName = normalizeOllamaModelName(params.modelName) ?? params.modelName.trim(); - try { - const response = await fetch(`${baseUrl}/api/pull`, { - method: "POST", - headers: { "Content-Type": "application/json" }, - body: JSON.stringify({ name: modelName }), - }); - if (!response.ok) { - return { - ok: false, - kind: "http", - message: `Failed to download ${modelName} (HTTP ${response.status})`, - }; - } - if (!response.body) { - return { - ok: false, - kind: "no-body", - message: `Failed to download ${modelName} (no response body)`, - }; - } - - const reader = response.body.getReader(); - const decoder = new TextDecoder(); - let buffer = ""; - const layers = new Map(); - - const parseLine = (line: string): OllamaPullResult => { - const trimmed = line.trim(); - if (!trimmed) { - return { ok: true }; - } - try { - const chunk = JSON.parse(trimmed) as OllamaPullChunk; - if (chunk.error) { - return { - ok: false, - kind: "chunk-error", - message: `Download failed: ${chunk.error}`, - }; - } - if (!chunk.status) { - return { ok: true }; - } - if (chunk.total && chunk.completed !== undefined) { - layers.set(chunk.status, { total: chunk.total, completed: chunk.completed }); - let totalSum = 0; - let completedSum = 0; - for (const layer of layers.values()) { - totalSum += layer.total; - completedSum += layer.completed; - } - const percent = totalSum > 0 ? Math.round((completedSum / totalSum) * 100) : null; - onStatus?.(chunk.status, percent); - } else { - onStatus?.(chunk.status, null); - } - } catch { - // Ignore malformed lines from streaming output. - } - return { ok: true }; - }; - - for (;;) { - const { done, value } = await reader.read(); - if (done) { - break; - } - buffer += decoder.decode(value, { stream: true }); - const lines = buffer.split("\n"); - buffer = lines.pop() ?? ""; - for (const line of lines) { - const parsed = parseLine(line); - if (!parsed.ok) { - return parsed; - } - } - } - - const trailing = buffer.trim(); - if (trailing) { - const parsed = parseLine(trailing); - if (!parsed.ok) { - return parsed; - } - } - - return { ok: true }; - } catch (err) { - const reason = err instanceof Error ? err.message : String(err); - return { - ok: false, - kind: "network", - message: `Failed to download ${modelName}: ${reason}`, - }; - } -} - -/** Pull a model from Ollama, streaming progress updates. */ -async function pullOllamaModel( - baseUrl: string, - modelName: string, - prompter: WizardPrompter, -): Promise { - const spinner = prompter.progress(`Downloading ${modelName}...`); - const result = await pullOllamaModelCore({ - baseUrl, - modelName, - onStatus: (status, percent) => { - const displayStatus = formatOllamaPullStatus(status); - if (displayStatus.hidePercent) { - spinner.update(`Downloading ${modelName} - ${displayStatus.text}`); - } else { - spinner.update(`Downloading ${modelName} - ${displayStatus.text} - ${percent ?? 0}%`); - } - }, - }); - if (!result.ok) { - spinner.stop(result.message); - return false; - } - spinner.stop(`Downloaded ${modelName}`); - return true; -} - -async function pullOllamaModelNonInteractive( - baseUrl: string, - modelName: string, - runtime: RuntimeEnv, -): Promise { - runtime.log(`Downloading ${modelName}...`); - const result = await pullOllamaModelCore({ baseUrl, modelName }); - if (!result.ok) { - runtime.error(result.message); - return false; - } - runtime.log(`Downloaded ${modelName}`); - return true; -} - -function buildOllamaModelsConfig( - modelNames: string[], - discoveredModelsByName?: Map, -) { - return modelNames.map((name) => - buildOllamaModelDefinition(name, discoveredModelsByName?.get(name)?.contextWindow), - ); -} - -function applyOllamaProviderConfig( - cfg: OpenClawConfig, - baseUrl: string, - modelNames: string[], - discoveredModelsByName?: Map, -): OpenClawConfig { - return { - ...cfg, - models: { - ...cfg.models, - mode: cfg.models?.mode ?? "merge", - providers: { - ...cfg.models?.providers, - ollama: { - baseUrl, - api: "ollama", - apiKey: "OLLAMA_API_KEY", // pragma: allowlist secret - models: buildOllamaModelsConfig(modelNames, discoveredModelsByName), - }, - }, - }, - }; -} - -async function storeOllamaCredential(agentDir?: string): Promise { - await upsertAuthProfileWithLock({ - profileId: "ollama:default", - credential: { type: "api_key", provider: "ollama", key: "ollama-local" }, - agentDir, - }); -} - -/** - * Interactive: prompt for base URL, discover models, configure provider. - * Model selection is handled by the standard model picker downstream. - */ -export async function promptAndConfigureOllama(params: { - cfg: OpenClawConfig; - prompter: WizardPrompter; -}): Promise<{ config: OpenClawConfig; defaultModelId: string }> { - const { prompter } = params; - - // 1. Prompt base URL - const baseUrlRaw = await prompter.text({ - message: "Ollama base URL", - initialValue: OLLAMA_DEFAULT_BASE_URL, - placeholder: OLLAMA_DEFAULT_BASE_URL, - validate: (value) => (value?.trim() ? undefined : "Required"), - }); - const configuredBaseUrl = String(baseUrlRaw ?? "") - .trim() - .replace(/\/+$/, ""); - const baseUrl = resolveOllamaApiBase(configuredBaseUrl); - - // 2. Check reachability - const { reachable, models } = await fetchOllamaModels(baseUrl); - - if (!reachable) { - await prompter.note( - [ - `Ollama could not be reached at ${baseUrl}.`, - "Download it at https://ollama.com/download", - "", - "Start Ollama and re-run setup.", - ].join("\n"), - "Ollama", - ); - throw new WizardCancelledError("Ollama not reachable"); - } - - const enrichedModels = await enrichOllamaModelsWithContext(baseUrl, models.slice(0, 50)); - const discoveredModelsByName = new Map(enrichedModels.map((model) => [model.name, model])); - const modelNames = models.map((m) => m.name); - - // 3. Mode selection - const mode = (await prompter.select({ - message: "Ollama mode", - options: [ - { value: "remote", label: "Cloud + Local", hint: "Ollama cloud models + local models" }, - { value: "local", label: "Local", hint: "Local models only" }, - ], - })) as OnboardMode; - - // 4. Cloud auth — check /api/me upfront for remote (cloud+local) mode - let cloudAuthVerified = false; - if (mode === "remote") { - const authResult = await checkOllamaCloudAuth(baseUrl); - if (!authResult.signedIn) { - if (authResult.signinUrl) { - if (!isRemoteEnvironment()) { - await openUrl(authResult.signinUrl); - } - await prompter.note( - ["Sign in to Ollama Cloud:", authResult.signinUrl].join("\n"), - "Ollama Cloud", - ); - const confirmed = await prompter.confirm({ - message: "Have you signed in?", - }); - if (!confirmed) { - throw new WizardCancelledError("Ollama cloud sign-in cancelled"); - } - // Re-check after user claims sign-in - const recheck = await checkOllamaCloudAuth(baseUrl); - if (!recheck.signedIn) { - throw new WizardCancelledError("Ollama cloud sign-in required"); - } - cloudAuthVerified = true; - } else { - // No signin URL available (older server, unreachable /api/me, or custom gateway). - await prompter.note( - [ - "Could not verify Ollama Cloud authentication.", - "Cloud models may not work until you sign in at https://ollama.com.", - ].join("\n"), - "Ollama Cloud", - ); - const continueAnyway = await prompter.confirm({ - message: "Continue without cloud auth?", - }); - if (!continueAnyway) { - throw new WizardCancelledError("Ollama cloud auth could not be verified"); - } - // Cloud auth unverified — fall back to local defaults so the model - // picker doesn't steer toward cloud models that may fail. - } - } else { - cloudAuthVerified = true; - } - } - - // 5. Model ordering — suggested models first. - // Use cloud defaults only when auth was actually verified; otherwise fall - // back to local defaults so the user isn't steered toward cloud models - // that may fail at runtime. - const suggestedModels = - mode === "local" || !cloudAuthVerified - ? OLLAMA_SUGGESTED_MODELS_LOCAL - : OLLAMA_SUGGESTED_MODELS_CLOUD; - const orderedModelNames = [ - ...suggestedModels, - ...modelNames.filter((name) => !suggestedModels.includes(name)), - ]; - - const defaultModelId = suggestedModels[0] ?? OLLAMA_DEFAULT_MODEL; - const config = applyOllamaProviderConfig( - params.cfg, - baseUrl, - orderedModelNames, - discoveredModelsByName, - ); - return { config, defaultModelId }; -} - -/** Non-interactive: auto-discover models and configure provider. */ -export async function configureOllamaNonInteractive(params: { - nextConfig: OpenClawConfig; - opts: OnboardOptions; - runtime: RuntimeEnv; -}): Promise { - const { opts, runtime } = params; - const configuredBaseUrl = (opts.customBaseUrl?.trim() || OLLAMA_DEFAULT_BASE_URL).replace( - /\/+$/, - "", - ); - const baseUrl = resolveOllamaApiBase(configuredBaseUrl); - - const { reachable, models } = await fetchOllamaModels(baseUrl); - const explicitModel = normalizeOllamaModelName(opts.customModelId); - - if (!reachable) { - runtime.error( - [ - `Ollama could not be reached at ${baseUrl}.`, - "Download it at https://ollama.com/download", - ].join("\n"), - ); - runtime.exit(1); - return params.nextConfig; - } - - await storeOllamaCredential(); - - const enrichedModels = await enrichOllamaModelsWithContext(baseUrl, models.slice(0, 50)); - const discoveredModelsByName = new Map(enrichedModels.map((model) => [model.name, model])); - const modelNames = models.map((m) => m.name); - - // Apply local suggested model ordering. - const suggestedModels = OLLAMA_SUGGESTED_MODELS_LOCAL; - const orderedModelNames = [ - ...suggestedModels, - ...modelNames.filter((name) => !suggestedModels.includes(name)), - ]; - - const requestedDefaultModelId = explicitModel ?? suggestedModels[0]; - let pulledRequestedModel = false; - const availableModelNames = new Set(modelNames); - const requestedCloudModel = isOllamaCloudModel(requestedDefaultModelId); - - if (requestedCloudModel) { - availableModelNames.add(requestedDefaultModelId); - } - - // Pull if model not in discovered list and Ollama is reachable - if (!requestedCloudModel && !modelNames.includes(requestedDefaultModelId)) { - pulledRequestedModel = await pullOllamaModelNonInteractive( - baseUrl, - requestedDefaultModelId, - runtime, - ); - if (pulledRequestedModel) { - availableModelNames.add(requestedDefaultModelId); - } - } - - let allModelNames = orderedModelNames; - let defaultModelId = requestedDefaultModelId; - if ( - (pulledRequestedModel || requestedCloudModel) && - !allModelNames.includes(requestedDefaultModelId) - ) { - allModelNames = [...allModelNames, requestedDefaultModelId]; - } - if (!availableModelNames.has(requestedDefaultModelId)) { - if (availableModelNames.size > 0) { - const firstAvailableModel = - allModelNames.find((name) => availableModelNames.has(name)) ?? - Array.from(availableModelNames)[0]; - defaultModelId = firstAvailableModel; - runtime.log( - `Ollama model ${requestedDefaultModelId} was not available; using ${defaultModelId} instead.`, - ); - } else { - runtime.error( - [ - `No Ollama models are available at ${baseUrl}.`, - "Pull a model first, then re-run setup.", - ].join("\n"), - ); - runtime.exit(1); - return params.nextConfig; - } - } - - const config = applyOllamaProviderConfig( - params.nextConfig, - baseUrl, - allModelNames, - discoveredModelsByName, - ); - const modelRef = `ollama/${defaultModelId}`; - runtime.log(`Default Ollama model: ${defaultModelId}`); - return applyAgentDefaultModelPrimary(config, modelRef); -} - -/** Pull the configured default Ollama model if it isn't already available locally. */ -export async function ensureOllamaModelPulled(params: { - config: OpenClawConfig; - prompter: WizardPrompter; -}): Promise { - const modelCfg = params.config.agents?.defaults?.model; - const modelId = typeof modelCfg === "string" ? modelCfg : modelCfg?.primary; - if (!modelId?.startsWith("ollama/")) { - return; - } - const baseUrl = params.config.models?.providers?.ollama?.baseUrl ?? OLLAMA_DEFAULT_BASE_URL; - const modelName = modelId.slice("ollama/".length); - if (isOllamaCloudModel(modelName)) { - return; - } - const { models } = await fetchOllamaModels(baseUrl); - if (models.some((m) => m.name === modelName)) { - return; - } - const pulled = await pullOllamaModel(baseUrl, modelName, params.prompter); - if (!pulled) { - throw new WizardCancelledError("Failed to download selected Ollama model"); - } -} +export * from "../plugins/provider-ollama-setup.js"; diff --git a/src/commands/onboard-auth.config-core.kilocode.test.ts b/src/commands/onboard-auth.config-core.kilocode.test.ts index 82faf85c8f0..b27acab133a 100644 --- a/src/commands/onboard-auth.config-core.kilocode.test.ts +++ b/src/commands/onboard-auth.config-core.kilocode.test.ts @@ -2,23 +2,23 @@ import { mkdtempSync } from "node:fs"; import { tmpdir } from "node:os"; import { join } from "node:path"; import { describe, expect, it } from "vitest"; -import { resolveApiKeyForProvider, resolveEnvApiKey } from "../agents/model-auth.js"; -import type { OpenClawConfig } from "../config/config.js"; -import { resolveAgentModelPrimaryValue } from "../config/model-input.js"; -import { captureEnv } from "../test-utils/env.js"; import { applyKilocodeProviderConfig, applyKilocodeConfig, KILOCODE_BASE_URL, -} from "./onboard-auth.config-core.js"; -import { KILOCODE_DEFAULT_MODEL_REF } from "./onboard-auth.credentials.js"; + KILOCODE_DEFAULT_MODEL_REF, +} from "../../extensions/kilocode/onboard.js"; +import { resolveApiKeyForProvider, resolveEnvApiKey } from "../agents/model-auth.js"; +import type { OpenClawConfig } from "../config/config.js"; +import { resolveAgentModelPrimaryValue } from "../config/model-input.js"; import { buildKilocodeModelDefinition, KILOCODE_DEFAULT_MODEL_ID, KILOCODE_DEFAULT_CONTEXT_WINDOW, KILOCODE_DEFAULT_MAX_TOKENS, KILOCODE_DEFAULT_COST, -} from "./onboard-auth.models.js"; +} from "../plugin-sdk/provider-models.js"; +import { captureEnv } from "../test-utils/env.js"; const emptyCfg: OpenClawConfig = {}; const KILOCODE_MODEL_IDS = ["kilo/auto"]; diff --git a/src/commands/onboard-auth.config-core.ts b/src/commands/onboard-auth.config-core.ts deleted file mode 100644 index c939a2cb99d..00000000000 --- a/src/commands/onboard-auth.config-core.ts +++ /dev/null @@ -1,602 +0,0 @@ -import { - buildHuggingfaceModelDefinition, - HUGGINGFACE_BASE_URL, - HUGGINGFACE_MODEL_CATALOG, -} from "../agents/huggingface-models.js"; -import { - buildKilocodeProvider, - buildKimiCodingProvider, - buildQianfanProvider, - buildXiaomiProvider, - QIANFAN_DEFAULT_MODEL_ID, - XIAOMI_DEFAULT_MODEL_ID, -} from "../agents/models-config.providers.static.js"; -import { - buildSyntheticModelDefinition, - SYNTHETIC_BASE_URL, - SYNTHETIC_DEFAULT_MODEL_REF, - SYNTHETIC_MODEL_CATALOG, -} from "../agents/synthetic-models.js"; -import { - buildTogetherModelDefinition, - TOGETHER_BASE_URL, - TOGETHER_MODEL_CATALOG, -} from "../agents/together-models.js"; -import { - buildVeniceModelDefinition, - VENICE_BASE_URL, - VENICE_DEFAULT_MODEL_REF, - VENICE_MODEL_CATALOG, -} from "../agents/venice-models.js"; -import type { OpenClawConfig } from "../config/config.js"; -import type { ModelApi } from "../config/types.models.js"; -import { KILOCODE_BASE_URL } from "../providers/kilocode-shared.js"; -import { - HUGGINGFACE_DEFAULT_MODEL_REF, - KILOCODE_DEFAULT_MODEL_REF, - MISTRAL_DEFAULT_MODEL_REF, - OPENROUTER_DEFAULT_MODEL_REF, - TOGETHER_DEFAULT_MODEL_REF, - XIAOMI_DEFAULT_MODEL_REF, - ZAI_DEFAULT_MODEL_REF, - XAI_DEFAULT_MODEL_REF, -} from "./onboard-auth.credentials.js"; -export { - applyCloudflareAiGatewayConfig, - applyCloudflareAiGatewayProviderConfig, - applyVercelAiGatewayConfig, - applyVercelAiGatewayProviderConfig, -} from "./onboard-auth.config-gateways.js"; -export { - applyLitellmConfig, - applyLitellmProviderConfig, - LITELLM_BASE_URL, - LITELLM_DEFAULT_MODEL_ID, -} from "./onboard-auth.config-litellm.js"; -import { - applyAgentDefaultModelPrimary, - applyOnboardAuthAgentModelsAndProviders, - applyProviderConfigWithDefaultModel, - applyProviderConfigWithDefaultModels, - applyProviderConfigWithModelCatalog, -} from "./onboard-auth.config-shared.js"; -import { - buildMistralModelDefinition, - buildZaiModelDefinition, - buildMoonshotModelDefinition, - buildXaiModelDefinition, - buildModelStudioModelDefinition, - MISTRAL_BASE_URL, - MISTRAL_DEFAULT_MODEL_ID, - QIANFAN_BASE_URL, - QIANFAN_DEFAULT_MODEL_REF, - KIMI_CODING_MODEL_ID, - KIMI_CODING_MODEL_REF, - MOONSHOT_BASE_URL, - MOONSHOT_CN_BASE_URL, - MOONSHOT_DEFAULT_MODEL_ID, - MOONSHOT_DEFAULT_MODEL_REF, - ZAI_DEFAULT_MODEL_ID, - resolveZaiBaseUrl, - XAI_BASE_URL, - XAI_DEFAULT_MODEL_ID, - MODELSTUDIO_CN_BASE_URL, - MODELSTUDIO_GLOBAL_BASE_URL, - MODELSTUDIO_DEFAULT_MODEL_REF, -} from "./onboard-auth.models.js"; -export { applyAuthProfileConfig } from "./auth-profile-config.js"; - -function mergeProviderModels( - existingProvider: Record | undefined, - defaultModels: T[], -): T[] { - const existingModels = Array.isArray(existingProvider?.models) - ? (existingProvider.models as T[]) - : []; - const mergedModels = [...existingModels]; - const seen = new Set(existingModels.map((model) => model.id)); - for (const model of defaultModels) { - if (!seen.has(model.id)) { - mergedModels.push(model); - seen.add(model.id); - } - } - return mergedModels; -} - -function getNormalizedProviderApiKey(existingProvider: Record | undefined) { - const { apiKey } = (existingProvider ?? {}) as { apiKey?: string }; - return typeof apiKey === "string" ? apiKey.trim() || undefined : undefined; -} - -export function applyZaiProviderConfig( - cfg: OpenClawConfig, - params?: { endpoint?: string; modelId?: string }, -): OpenClawConfig { - const modelId = params?.modelId?.trim() || ZAI_DEFAULT_MODEL_ID; - const modelRef = `zai/${modelId}`; - - const models = { ...cfg.agents?.defaults?.models }; - models[modelRef] = { - ...models[modelRef], - alias: models[modelRef]?.alias ?? "GLM", - }; - - const providers = { ...cfg.models?.providers }; - const existingProvider = providers.zai; - - const defaultModels = [ - buildZaiModelDefinition({ id: "glm-5" }), - buildZaiModelDefinition({ id: "glm-5-turbo" }), - buildZaiModelDefinition({ id: "glm-4.7" }), - buildZaiModelDefinition({ id: "glm-4.7-flash" }), - buildZaiModelDefinition({ id: "glm-4.7-flashx" }), - ]; - - const mergedModels = mergeProviderModels(existingProvider, defaultModels); - - const { apiKey: _existingApiKey, ...existingProviderRest } = (existingProvider ?? {}) as Record< - string, - unknown - > as { apiKey?: string }; - const normalizedApiKey = getNormalizedProviderApiKey(existingProvider); - - const baseUrl = params?.endpoint - ? resolveZaiBaseUrl(params.endpoint) - : (typeof existingProvider?.baseUrl === "string" ? existingProvider.baseUrl : "") || - resolveZaiBaseUrl(); - - providers.zai = { - ...existingProviderRest, - baseUrl, - api: "openai-completions", - ...(normalizedApiKey ? { apiKey: normalizedApiKey } : {}), - models: mergedModels.length > 0 ? mergedModels : defaultModels, - }; - - return applyOnboardAuthAgentModelsAndProviders(cfg, { agentModels: models, providers }); -} - -export function applyZaiConfig( - cfg: OpenClawConfig, - params?: { endpoint?: string; modelId?: string }, -): OpenClawConfig { - const modelId = params?.modelId?.trim() || ZAI_DEFAULT_MODEL_ID; - const modelRef = modelId === ZAI_DEFAULT_MODEL_ID ? ZAI_DEFAULT_MODEL_REF : `zai/${modelId}`; - const next = applyZaiProviderConfig(cfg, params); - return applyAgentDefaultModelPrimary(next, modelRef); -} - -export function applyOpenrouterProviderConfig(cfg: OpenClawConfig): OpenClawConfig { - const models = { ...cfg.agents?.defaults?.models }; - models[OPENROUTER_DEFAULT_MODEL_REF] = { - ...models[OPENROUTER_DEFAULT_MODEL_REF], - alias: models[OPENROUTER_DEFAULT_MODEL_REF]?.alias ?? "OpenRouter", - }; - - return { - ...cfg, - agents: { - ...cfg.agents, - defaults: { - ...cfg.agents?.defaults, - models, - }, - }, - }; -} - -export function applyOpenrouterConfig(cfg: OpenClawConfig): OpenClawConfig { - const next = applyOpenrouterProviderConfig(cfg); - return applyAgentDefaultModelPrimary(next, OPENROUTER_DEFAULT_MODEL_REF); -} - -export function applyMoonshotProviderConfig(cfg: OpenClawConfig): OpenClawConfig { - return applyMoonshotProviderConfigWithBaseUrl(cfg, MOONSHOT_BASE_URL); -} - -export function applyMoonshotProviderConfigCn(cfg: OpenClawConfig): OpenClawConfig { - return applyMoonshotProviderConfigWithBaseUrl(cfg, MOONSHOT_CN_BASE_URL); -} - -function applyMoonshotProviderConfigWithBaseUrl( - cfg: OpenClawConfig, - baseUrl: string, -): OpenClawConfig { - const models = { ...cfg.agents?.defaults?.models }; - models[MOONSHOT_DEFAULT_MODEL_REF] = { - ...models[MOONSHOT_DEFAULT_MODEL_REF], - alias: models[MOONSHOT_DEFAULT_MODEL_REF]?.alias ?? "Kimi", - }; - - const defaultModel = buildMoonshotModelDefinition(); - - return applyProviderConfigWithDefaultModel(cfg, { - agentModels: models, - providerId: "moonshot", - api: "openai-completions", - baseUrl, - defaultModel, - defaultModelId: MOONSHOT_DEFAULT_MODEL_ID, - }); -} - -export function applyMoonshotConfig(cfg: OpenClawConfig): OpenClawConfig { - const next = applyMoonshotProviderConfig(cfg); - return applyAgentDefaultModelPrimary(next, MOONSHOT_DEFAULT_MODEL_REF); -} - -export function applyMoonshotConfigCn(cfg: OpenClawConfig): OpenClawConfig { - const next = applyMoonshotProviderConfigCn(cfg); - return applyAgentDefaultModelPrimary(next, MOONSHOT_DEFAULT_MODEL_REF); -} - -export function applyKimiCodeProviderConfig(cfg: OpenClawConfig): OpenClawConfig { - const models = { ...cfg.agents?.defaults?.models }; - models[KIMI_CODING_MODEL_REF] = { - ...models[KIMI_CODING_MODEL_REF], - alias: models[KIMI_CODING_MODEL_REF]?.alias ?? "Kimi for Coding", - }; - - const defaultModel = buildKimiCodingProvider().models[0]; - - return applyProviderConfigWithDefaultModel(cfg, { - agentModels: models, - providerId: "kimi-coding", - api: "anthropic-messages", - baseUrl: "https://api.kimi.com/coding/", - defaultModel, - defaultModelId: KIMI_CODING_MODEL_ID, - }); -} - -export function applyKimiCodeConfig(cfg: OpenClawConfig): OpenClawConfig { - const next = applyKimiCodeProviderConfig(cfg); - return applyAgentDefaultModelPrimary(next, KIMI_CODING_MODEL_REF); -} - -export function applySyntheticProviderConfig(cfg: OpenClawConfig): OpenClawConfig { - const models = { ...cfg.agents?.defaults?.models }; - models[SYNTHETIC_DEFAULT_MODEL_REF] = { - ...models[SYNTHETIC_DEFAULT_MODEL_REF], - alias: models[SYNTHETIC_DEFAULT_MODEL_REF]?.alias ?? "MiniMax M2.5", - }; - - const providers = { ...cfg.models?.providers }; - const existingProvider = providers.synthetic; - const existingModels = Array.isArray(existingProvider?.models) ? existingProvider.models : []; - const syntheticModels = SYNTHETIC_MODEL_CATALOG.map(buildSyntheticModelDefinition); - const mergedModels = [ - ...existingModels, - ...syntheticModels.filter( - (model) => !existingModels.some((existing) => existing.id === model.id), - ), - ]; - const { apiKey: _existingApiKey, ...existingProviderRest } = (existingProvider ?? {}) as Record< - string, - unknown - > as { apiKey?: string }; - const normalizedApiKey = getNormalizedProviderApiKey(existingProvider); - providers.synthetic = { - ...existingProviderRest, - baseUrl: SYNTHETIC_BASE_URL, - api: "anthropic-messages", - ...(normalizedApiKey ? { apiKey: normalizedApiKey } : {}), - models: mergedModels.length > 0 ? mergedModels : syntheticModels, - }; - - return applyOnboardAuthAgentModelsAndProviders(cfg, { agentModels: models, providers }); -} - -export function applySyntheticConfig(cfg: OpenClawConfig): OpenClawConfig { - const next = applySyntheticProviderConfig(cfg); - return applyAgentDefaultModelPrimary(next, SYNTHETIC_DEFAULT_MODEL_REF); -} - -export function applyXiaomiProviderConfig(cfg: OpenClawConfig): OpenClawConfig { - const models = { ...cfg.agents?.defaults?.models }; - models[XIAOMI_DEFAULT_MODEL_REF] = { - ...models[XIAOMI_DEFAULT_MODEL_REF], - alias: models[XIAOMI_DEFAULT_MODEL_REF]?.alias ?? "Xiaomi", - }; - const defaultProvider = buildXiaomiProvider(); - const resolvedApi = defaultProvider.api ?? "openai-completions"; - return applyProviderConfigWithDefaultModels(cfg, { - agentModels: models, - providerId: "xiaomi", - api: resolvedApi, - baseUrl: defaultProvider.baseUrl, - defaultModels: defaultProvider.models ?? [], - defaultModelId: XIAOMI_DEFAULT_MODEL_ID, - }); -} - -export function applyXiaomiConfig(cfg: OpenClawConfig): OpenClawConfig { - const next = applyXiaomiProviderConfig(cfg); - return applyAgentDefaultModelPrimary(next, XIAOMI_DEFAULT_MODEL_REF); -} - -/** - * Apply Venice provider configuration without changing the default model. - * Registers Venice models and sets up the provider, but preserves existing model selection. - */ -export function applyVeniceProviderConfig(cfg: OpenClawConfig): OpenClawConfig { - const models = { ...cfg.agents?.defaults?.models }; - models[VENICE_DEFAULT_MODEL_REF] = { - ...models[VENICE_DEFAULT_MODEL_REF], - alias: models[VENICE_DEFAULT_MODEL_REF]?.alias ?? "Kimi K2.5", - }; - - const veniceModels = VENICE_MODEL_CATALOG.map(buildVeniceModelDefinition); - return applyProviderConfigWithModelCatalog(cfg, { - agentModels: models, - providerId: "venice", - api: "openai-completions", - baseUrl: VENICE_BASE_URL, - catalogModels: veniceModels, - }); -} - -/** - * Apply Venice provider configuration AND set Venice as the default model. - * Use this when Venice is the primary provider choice during setup. - */ -export function applyVeniceConfig(cfg: OpenClawConfig): OpenClawConfig { - const next = applyVeniceProviderConfig(cfg); - return applyAgentDefaultModelPrimary(next, VENICE_DEFAULT_MODEL_REF); -} - -/** - * Apply Together provider configuration without changing the default model. - * Registers Together models and sets up the provider, but preserves existing model selection. - */ -export function applyTogetherProviderConfig(cfg: OpenClawConfig): OpenClawConfig { - const models = { ...cfg.agents?.defaults?.models }; - models[TOGETHER_DEFAULT_MODEL_REF] = { - ...models[TOGETHER_DEFAULT_MODEL_REF], - alias: models[TOGETHER_DEFAULT_MODEL_REF]?.alias ?? "Together AI", - }; - - const togetherModels = TOGETHER_MODEL_CATALOG.map(buildTogetherModelDefinition); - return applyProviderConfigWithModelCatalog(cfg, { - agentModels: models, - providerId: "together", - api: "openai-completions", - baseUrl: TOGETHER_BASE_URL, - catalogModels: togetherModels, - }); -} - -/** - * Apply Together provider configuration AND set Together as the default model. - * Use this when Together is the primary provider choice during setup. - */ -export function applyTogetherConfig(cfg: OpenClawConfig): OpenClawConfig { - const next = applyTogetherProviderConfig(cfg); - return applyAgentDefaultModelPrimary(next, TOGETHER_DEFAULT_MODEL_REF); -} - -/** - * Apply Hugging Face (Inference Providers) provider configuration without changing the default model. - */ -export function applyHuggingfaceProviderConfig(cfg: OpenClawConfig): OpenClawConfig { - const models = { ...cfg.agents?.defaults?.models }; - models[HUGGINGFACE_DEFAULT_MODEL_REF] = { - ...models[HUGGINGFACE_DEFAULT_MODEL_REF], - alias: models[HUGGINGFACE_DEFAULT_MODEL_REF]?.alias ?? "Hugging Face", - }; - - const hfModels = HUGGINGFACE_MODEL_CATALOG.map(buildHuggingfaceModelDefinition); - return applyProviderConfigWithModelCatalog(cfg, { - agentModels: models, - providerId: "huggingface", - api: "openai-completions", - baseUrl: HUGGINGFACE_BASE_URL, - catalogModels: hfModels, - }); -} - -/** - * Apply Hugging Face provider configuration AND set Hugging Face as the default model. - */ -export function applyHuggingfaceConfig(cfg: OpenClawConfig): OpenClawConfig { - const next = applyHuggingfaceProviderConfig(cfg); - return applyAgentDefaultModelPrimary(next, HUGGINGFACE_DEFAULT_MODEL_REF); -} - -export function applyXaiProviderConfig(cfg: OpenClawConfig): OpenClawConfig { - const models = { ...cfg.agents?.defaults?.models }; - models[XAI_DEFAULT_MODEL_REF] = { - ...models[XAI_DEFAULT_MODEL_REF], - alias: models[XAI_DEFAULT_MODEL_REF]?.alias ?? "Grok", - }; - - const defaultModel = buildXaiModelDefinition(); - - return applyProviderConfigWithDefaultModel(cfg, { - agentModels: models, - providerId: "xai", - api: "openai-completions", - baseUrl: XAI_BASE_URL, - defaultModel, - defaultModelId: XAI_DEFAULT_MODEL_ID, - }); -} - -export function applyXaiConfig(cfg: OpenClawConfig): OpenClawConfig { - const next = applyXaiProviderConfig(cfg); - return applyAgentDefaultModelPrimary(next, XAI_DEFAULT_MODEL_REF); -} - -export function applyMistralProviderConfig(cfg: OpenClawConfig): OpenClawConfig { - const models = { ...cfg.agents?.defaults?.models }; - models[MISTRAL_DEFAULT_MODEL_REF] = { - ...models[MISTRAL_DEFAULT_MODEL_REF], - alias: models[MISTRAL_DEFAULT_MODEL_REF]?.alias ?? "Mistral", - }; - - const defaultModel = buildMistralModelDefinition(); - - return applyProviderConfigWithDefaultModel(cfg, { - agentModels: models, - providerId: "mistral", - api: "openai-completions", - baseUrl: MISTRAL_BASE_URL, - defaultModel, - defaultModelId: MISTRAL_DEFAULT_MODEL_ID, - }); -} - -export function applyMistralConfig(cfg: OpenClawConfig): OpenClawConfig { - const next = applyMistralProviderConfig(cfg); - return applyAgentDefaultModelPrimary(next, MISTRAL_DEFAULT_MODEL_REF); -} - -export { KILOCODE_BASE_URL }; - -/** - * Apply Kilo Gateway provider configuration without changing the default model. - * Registers Kilo Gateway and sets up the provider, but preserves existing model selection. - */ -export function applyKilocodeProviderConfig(cfg: OpenClawConfig): OpenClawConfig { - const models = { ...cfg.agents?.defaults?.models }; - models[KILOCODE_DEFAULT_MODEL_REF] = { - ...models[KILOCODE_DEFAULT_MODEL_REF], - alias: models[KILOCODE_DEFAULT_MODEL_REF]?.alias ?? "Kilo Gateway", - }; - - const kilocodeModels = buildKilocodeProvider().models ?? []; - - return applyProviderConfigWithModelCatalog(cfg, { - agentModels: models, - providerId: "kilocode", - api: "openai-completions", - baseUrl: KILOCODE_BASE_URL, - catalogModels: kilocodeModels, - }); -} - -/** - * Apply Kilo Gateway provider configuration AND set Kilo Gateway as the default model. - * Use this when Kilo Gateway is the primary provider choice during setup. - */ -export function applyKilocodeConfig(cfg: OpenClawConfig): OpenClawConfig { - const next = applyKilocodeProviderConfig(cfg); - return applyAgentDefaultModelPrimary(next, KILOCODE_DEFAULT_MODEL_REF); -} - -export function applyQianfanProviderConfig(cfg: OpenClawConfig): OpenClawConfig { - const models = { ...cfg.agents?.defaults?.models }; - models[QIANFAN_DEFAULT_MODEL_REF] = { - ...models[QIANFAN_DEFAULT_MODEL_REF], - alias: models[QIANFAN_DEFAULT_MODEL_REF]?.alias ?? "QIANFAN", - }; - const defaultProvider = buildQianfanProvider(); - const existingProvider = cfg.models?.providers?.qianfan as - | { - baseUrl?: unknown; - api?: unknown; - } - | undefined; - const existingBaseUrl = - typeof existingProvider?.baseUrl === "string" ? existingProvider.baseUrl.trim() : ""; - const resolvedBaseUrl = existingBaseUrl || QIANFAN_BASE_URL; - const resolvedApi = - typeof existingProvider?.api === "string" - ? (existingProvider.api as ModelApi) - : "openai-completions"; - - return applyProviderConfigWithDefaultModels(cfg, { - agentModels: models, - providerId: "qianfan", - api: resolvedApi, - baseUrl: resolvedBaseUrl, - defaultModels: defaultProvider.models ?? [], - defaultModelId: QIANFAN_DEFAULT_MODEL_ID, - }); -} - -export function applyQianfanConfig(cfg: OpenClawConfig): OpenClawConfig { - const next = applyQianfanProviderConfig(cfg); - return applyAgentDefaultModelPrimary(next, QIANFAN_DEFAULT_MODEL_REF); -} - -// Alibaba Cloud Model Studio Coding Plan - -function applyModelStudioProviderConfigWithBaseUrl( - cfg: OpenClawConfig, - baseUrl: string, -): OpenClawConfig { - const models = { ...cfg.agents?.defaults?.models }; - - const modelStudioModelIds = [ - "qwen3.5-plus", - "qwen3-max-2026-01-23", - "qwen3-coder-next", - "qwen3-coder-plus", - "MiniMax-M2.5", - "glm-5", - "glm-4.7", - "kimi-k2.5", - ]; - for (const modelId of modelStudioModelIds) { - const modelRef = `modelstudio/${modelId}`; - if (!models[modelRef]) { - models[modelRef] = {}; - } - } - models[MODELSTUDIO_DEFAULT_MODEL_REF] = { - ...models[MODELSTUDIO_DEFAULT_MODEL_REF], - alias: models[MODELSTUDIO_DEFAULT_MODEL_REF]?.alias ?? "Qwen", - }; - - const providers = { ...cfg.models?.providers }; - const existingProvider = providers.modelstudio; - - const defaultModels = [ - buildModelStudioModelDefinition({ id: "qwen3.5-plus" }), - buildModelStudioModelDefinition({ id: "qwen3-max-2026-01-23" }), - buildModelStudioModelDefinition({ id: "qwen3-coder-next" }), - buildModelStudioModelDefinition({ id: "qwen3-coder-plus" }), - buildModelStudioModelDefinition({ id: "MiniMax-M2.5" }), - buildModelStudioModelDefinition({ id: "glm-5" }), - buildModelStudioModelDefinition({ id: "glm-4.7" }), - buildModelStudioModelDefinition({ id: "kimi-k2.5" }), - ]; - - const mergedModels = mergeProviderModels(existingProvider, defaultModels); - - const { apiKey: _existingApiKey, ...existingProviderRest } = (existingProvider ?? {}) as Record< - string, - unknown - > as { apiKey?: string }; - const normalizedApiKey = getNormalizedProviderApiKey(existingProvider); - - providers.modelstudio = { - ...existingProviderRest, - baseUrl, - api: "openai-completions", - ...(normalizedApiKey ? { apiKey: normalizedApiKey } : {}), - models: mergedModels.length > 0 ? mergedModels : defaultModels, - }; - - return applyOnboardAuthAgentModelsAndProviders(cfg, { agentModels: models, providers }); -} - -export function applyModelStudioProviderConfig(cfg: OpenClawConfig): OpenClawConfig { - return applyModelStudioProviderConfigWithBaseUrl(cfg, MODELSTUDIO_GLOBAL_BASE_URL); -} - -export function applyModelStudioProviderConfigCn(cfg: OpenClawConfig): OpenClawConfig { - return applyModelStudioProviderConfigWithBaseUrl(cfg, MODELSTUDIO_CN_BASE_URL); -} - -export function applyModelStudioConfig(cfg: OpenClawConfig): OpenClawConfig { - const next = applyModelStudioProviderConfig(cfg); - return applyAgentDefaultModelPrimary(next, MODELSTUDIO_DEFAULT_MODEL_REF); -} - -export function applyModelStudioConfigCn(cfg: OpenClawConfig): OpenClawConfig { - const next = applyModelStudioProviderConfigCn(cfg); - return applyAgentDefaultModelPrimary(next, MODELSTUDIO_DEFAULT_MODEL_REF); -} diff --git a/src/commands/onboard-auth.config-gateways.ts b/src/commands/onboard-auth.config-gateways.ts index a7a4d4246ce..4699481d79a 100644 --- a/src/commands/onboard-auth.config-gateways.ts +++ b/src/commands/onboard-auth.config-gateways.ts @@ -1,91 +1,10 @@ -import { - buildCloudflareAiGatewayModelDefinition, - resolveCloudflareAiGatewayBaseUrl, -} from "../agents/cloudflare-ai-gateway.js"; -import type { OpenClawConfig } from "../config/config.js"; -import { - applyAgentDefaultModelPrimary, - applyProviderConfigWithDefaultModel, -} from "./onboard-auth.config-shared.js"; -import { +export { + applyCloudflareAiGatewayConfig, + applyCloudflareAiGatewayProviderConfig, CLOUDFLARE_AI_GATEWAY_DEFAULT_MODEL_REF, +} from "../../extensions/cloudflare-ai-gateway/onboard.js"; +export { + applyVercelAiGatewayConfig, + applyVercelAiGatewayProviderConfig, VERCEL_AI_GATEWAY_DEFAULT_MODEL_REF, -} from "./onboard-auth.credentials.js"; - -export function applyVercelAiGatewayProviderConfig(cfg: OpenClawConfig): OpenClawConfig { - const models = { ...cfg.agents?.defaults?.models }; - models[VERCEL_AI_GATEWAY_DEFAULT_MODEL_REF] = { - ...models[VERCEL_AI_GATEWAY_DEFAULT_MODEL_REF], - alias: models[VERCEL_AI_GATEWAY_DEFAULT_MODEL_REF]?.alias ?? "Vercel AI Gateway", - }; - - return { - ...cfg, - agents: { - ...cfg.agents, - defaults: { - ...cfg.agents?.defaults, - models, - }, - }, - }; -} - -export function applyCloudflareAiGatewayProviderConfig( - cfg: OpenClawConfig, - params?: { accountId?: string; gatewayId?: string }, -): OpenClawConfig { - const models = { ...cfg.agents?.defaults?.models }; - models[CLOUDFLARE_AI_GATEWAY_DEFAULT_MODEL_REF] = { - ...models[CLOUDFLARE_AI_GATEWAY_DEFAULT_MODEL_REF], - alias: models[CLOUDFLARE_AI_GATEWAY_DEFAULT_MODEL_REF]?.alias ?? "Cloudflare AI Gateway", - }; - - const defaultModel = buildCloudflareAiGatewayModelDefinition(); - const existingProvider = cfg.models?.providers?.["cloudflare-ai-gateway"] as - | { baseUrl?: unknown } - | undefined; - const baseUrl = - params?.accountId && params?.gatewayId - ? resolveCloudflareAiGatewayBaseUrl({ - accountId: params.accountId, - gatewayId: params.gatewayId, - }) - : typeof existingProvider?.baseUrl === "string" - ? existingProvider.baseUrl - : undefined; - - if (!baseUrl) { - return { - ...cfg, - agents: { - ...cfg.agents, - defaults: { - ...cfg.agents?.defaults, - models, - }, - }, - }; - } - - return applyProviderConfigWithDefaultModel(cfg, { - agentModels: models, - providerId: "cloudflare-ai-gateway", - api: "anthropic-messages", - baseUrl, - defaultModel, - }); -} - -export function applyVercelAiGatewayConfig(cfg: OpenClawConfig): OpenClawConfig { - const next = applyVercelAiGatewayProviderConfig(cfg); - return applyAgentDefaultModelPrimary(next, VERCEL_AI_GATEWAY_DEFAULT_MODEL_REF); -} - -export function applyCloudflareAiGatewayConfig( - cfg: OpenClawConfig, - params?: { accountId?: string; gatewayId?: string }, -): OpenClawConfig { - const next = applyCloudflareAiGatewayProviderConfig(cfg, params); - return applyAgentDefaultModelPrimary(next, CLOUDFLARE_AI_GATEWAY_DEFAULT_MODEL_REF); -} +} from "../../extensions/vercel-ai-gateway/onboard.js"; diff --git a/src/commands/onboard-auth.config-litellm.ts b/src/commands/onboard-auth.config-litellm.ts index ec1ba251056..2dd60bab894 100644 --- a/src/commands/onboard-auth.config-litellm.ts +++ b/src/commands/onboard-auth.config-litellm.ts @@ -1,9 +1,9 @@ import type { OpenClawConfig } from "../config/config.js"; +import { LITELLM_DEFAULT_MODEL_REF } from "../plugins/provider-auth-storage.js"; import { applyAgentDefaultModelPrimary, applyProviderConfigWithDefaultModel, -} from "./onboard-auth.config-shared.js"; -import { LITELLM_DEFAULT_MODEL_REF } from "./onboard-auth.credentials.js"; +} from "../plugins/provider-onboarding-config.js"; export const LITELLM_BASE_URL = "http://localhost:4000"; export const LITELLM_DEFAULT_MODEL_ID = "claude-opus-4-6"; diff --git a/src/commands/onboard-auth.config-shared.test.ts b/src/commands/onboard-auth.config-shared.test.ts index de2dc9adb62..01cda96ae74 100644 --- a/src/commands/onboard-auth.config-shared.test.ts +++ b/src/commands/onboard-auth.config-shared.test.ts @@ -6,7 +6,7 @@ import { applyProviderConfigWithDefaultModel, applyProviderConfigWithDefaultModels, applyProviderConfigWithModelCatalog, -} from "./onboard-auth.config-shared.js"; +} from "../plugins/provider-onboarding-config.js"; function makeModel(id: string): ModelDefinitionConfig { return { diff --git a/src/commands/onboard-auth.credentials.test.ts b/src/commands/onboard-auth.credentials.test.ts index e844ac501c2..8c80f51ec2a 100644 --- a/src/commands/onboard-auth.credentials.test.ts +++ b/src/commands/onboard-auth.credentials.test.ts @@ -6,7 +6,7 @@ import { setOpencodeZenApiKey, setOpenaiApiKey, setVolcengineApiKey, -} from "./onboard-auth.js"; +} from "../plugins/provider-auth-storage.js"; import { createAuthTestLifecycle, readAuthProfilesForAgent, diff --git a/src/commands/onboard-auth.models.ts b/src/commands/onboard-auth.models.ts deleted file mode 100644 index 383121b5700..00000000000 --- a/src/commands/onboard-auth.models.ts +++ /dev/null @@ -1,332 +0,0 @@ -import { - QIANFAN_BASE_URL, - QIANFAN_DEFAULT_MODEL_ID, -} from "../agents/models-config.providers.static.js"; -import type { ModelDefinitionConfig } from "../config/types.js"; -import { - KILOCODE_DEFAULT_CONTEXT_WINDOW, - KILOCODE_DEFAULT_COST, - KILOCODE_DEFAULT_MAX_TOKENS, - KILOCODE_DEFAULT_MODEL_ID, - KILOCODE_DEFAULT_MODEL_NAME, -} from "../providers/kilocode-shared.js"; -export { - KILOCODE_DEFAULT_CONTEXT_WINDOW, - KILOCODE_DEFAULT_COST, - KILOCODE_DEFAULT_MAX_TOKENS, - KILOCODE_DEFAULT_MODEL_ID, -}; - -export const DEFAULT_MINIMAX_BASE_URL = "https://api.minimax.io/v1"; -export const MINIMAX_API_BASE_URL = "https://api.minimax.io/anthropic"; -export const MINIMAX_CN_API_BASE_URL = "https://api.minimaxi.com/anthropic"; -export const MINIMAX_HOSTED_MODEL_ID = "MiniMax-M2.5"; -export const MINIMAX_HOSTED_MODEL_REF = `minimax/${MINIMAX_HOSTED_MODEL_ID}`; -export const DEFAULT_MINIMAX_CONTEXT_WINDOW = 200000; -export const DEFAULT_MINIMAX_MAX_TOKENS = 8192; - -export const MOONSHOT_BASE_URL = "https://api.moonshot.ai/v1"; -export const MOONSHOT_CN_BASE_URL = "https://api.moonshot.cn/v1"; -export const MOONSHOT_DEFAULT_MODEL_ID = "kimi-k2.5"; -export const MOONSHOT_DEFAULT_MODEL_REF = `moonshot/${MOONSHOT_DEFAULT_MODEL_ID}`; -export const MOONSHOT_DEFAULT_CONTEXT_WINDOW = 256000; -export const MOONSHOT_DEFAULT_MAX_TOKENS = 8192; -export const KIMI_CODING_MODEL_ID = "k2p5"; -export const KIMI_CODING_MODEL_REF = `kimi-coding/${KIMI_CODING_MODEL_ID}`; - -export { QIANFAN_BASE_URL, QIANFAN_DEFAULT_MODEL_ID }; -export const QIANFAN_DEFAULT_MODEL_REF = `qianfan/${QIANFAN_DEFAULT_MODEL_ID}`; - -export const ZAI_CODING_GLOBAL_BASE_URL = "https://api.z.ai/api/coding/paas/v4"; -export const ZAI_CODING_CN_BASE_URL = "https://open.bigmodel.cn/api/coding/paas/v4"; -export const ZAI_GLOBAL_BASE_URL = "https://api.z.ai/api/paas/v4"; -export const ZAI_CN_BASE_URL = "https://open.bigmodel.cn/api/paas/v4"; -export const ZAI_DEFAULT_MODEL_ID = "glm-5"; - -export function resolveZaiBaseUrl(endpoint?: string): string { - switch (endpoint) { - case "coding-cn": - return ZAI_CODING_CN_BASE_URL; - case "global": - return ZAI_GLOBAL_BASE_URL; - case "cn": - return ZAI_CN_BASE_URL; - case "coding-global": - return ZAI_CODING_GLOBAL_BASE_URL; - default: - return ZAI_GLOBAL_BASE_URL; - } -} - -// Pricing per 1M tokens (USD) — https://platform.minimaxi.com/document/Price -export const MINIMAX_API_COST = { - input: 0.3, - output: 1.2, - cacheRead: 0.03, - cacheWrite: 0.12, -}; -export const MINIMAX_HOSTED_COST = { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, -}; -export const MINIMAX_LM_STUDIO_COST = { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, -}; -export const MOONSHOT_DEFAULT_COST = { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, -}; - -export const ZAI_DEFAULT_COST = { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, -}; - -const MINIMAX_MODEL_CATALOG = { - "MiniMax-M2.5": { name: "MiniMax M2.5", reasoning: true }, - "MiniMax-M2.5-highspeed": { name: "MiniMax M2.5 Highspeed", reasoning: true }, -} as const; - -type MinimaxCatalogId = keyof typeof MINIMAX_MODEL_CATALOG; - -const ZAI_MODEL_CATALOG = { - "glm-5": { name: "GLM-5", reasoning: true }, - "glm-5-turbo": { name: "GLM-5 Turbo", reasoning: true }, - "glm-4.7": { name: "GLM-4.7", reasoning: true }, - "glm-4.7-flash": { name: "GLM-4.7 Flash", reasoning: true }, - "glm-4.7-flashx": { name: "GLM-4.7 FlashX", reasoning: true }, -} as const; - -type ZaiCatalogId = keyof typeof ZAI_MODEL_CATALOG; - -export function buildMinimaxModelDefinition(params: { - id: string; - name?: string; - reasoning?: boolean; - cost: ModelDefinitionConfig["cost"]; - contextWindow: number; - maxTokens: number; -}): ModelDefinitionConfig { - const catalog = MINIMAX_MODEL_CATALOG[params.id as MinimaxCatalogId]; - return { - id: params.id, - name: params.name ?? catalog?.name ?? `MiniMax ${params.id}`, - reasoning: params.reasoning ?? catalog?.reasoning ?? false, - input: ["text"], - cost: params.cost, - contextWindow: params.contextWindow, - maxTokens: params.maxTokens, - }; -} - -export function buildMinimaxApiModelDefinition(modelId: string): ModelDefinitionConfig { - return buildMinimaxModelDefinition({ - id: modelId, - cost: MINIMAX_API_COST, - contextWindow: DEFAULT_MINIMAX_CONTEXT_WINDOW, - maxTokens: DEFAULT_MINIMAX_MAX_TOKENS, - }); -} - -export function buildMoonshotModelDefinition(): ModelDefinitionConfig { - return { - id: MOONSHOT_DEFAULT_MODEL_ID, - name: "Kimi K2.5", - reasoning: false, - input: ["text", "image"], - cost: MOONSHOT_DEFAULT_COST, - contextWindow: MOONSHOT_DEFAULT_CONTEXT_WINDOW, - maxTokens: MOONSHOT_DEFAULT_MAX_TOKENS, - }; -} - -export const MISTRAL_BASE_URL = "https://api.mistral.ai/v1"; -export const MISTRAL_DEFAULT_MODEL_ID = "mistral-large-latest"; -export const MISTRAL_DEFAULT_MODEL_REF = `mistral/${MISTRAL_DEFAULT_MODEL_ID}`; -export const MISTRAL_DEFAULT_CONTEXT_WINDOW = 262144; -export const MISTRAL_DEFAULT_MAX_TOKENS = 262144; -export const MISTRAL_DEFAULT_COST = { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, -}; - -export function buildMistralModelDefinition(): ModelDefinitionConfig { - return { - id: MISTRAL_DEFAULT_MODEL_ID, - name: "Mistral Large", - reasoning: false, - input: ["text", "image"], - cost: MISTRAL_DEFAULT_COST, - contextWindow: MISTRAL_DEFAULT_CONTEXT_WINDOW, - maxTokens: MISTRAL_DEFAULT_MAX_TOKENS, - }; -} - -export function buildZaiModelDefinition(params: { - id: string; - name?: string; - reasoning?: boolean; - cost?: ModelDefinitionConfig["cost"]; - contextWindow?: number; - maxTokens?: number; -}): ModelDefinitionConfig { - const catalog = ZAI_MODEL_CATALOG[params.id as ZaiCatalogId]; - return { - id: params.id, - name: params.name ?? catalog?.name ?? `GLM ${params.id}`, - reasoning: params.reasoning ?? catalog?.reasoning ?? true, - input: ["text"], - cost: params.cost ?? ZAI_DEFAULT_COST, - contextWindow: params.contextWindow ?? 204800, - maxTokens: params.maxTokens ?? 131072, - }; -} - -export const XAI_BASE_URL = "https://api.x.ai/v1"; -export const XAI_DEFAULT_MODEL_ID = "grok-4"; -export const XAI_DEFAULT_MODEL_REF = `xai/${XAI_DEFAULT_MODEL_ID}`; -export const XAI_DEFAULT_CONTEXT_WINDOW = 131072; -export const XAI_DEFAULT_MAX_TOKENS = 8192; -export const XAI_DEFAULT_COST = { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, -}; - -export function buildXaiModelDefinition(): ModelDefinitionConfig { - return { - id: XAI_DEFAULT_MODEL_ID, - name: "Grok 4", - reasoning: false, - input: ["text"], - cost: XAI_DEFAULT_COST, - contextWindow: XAI_DEFAULT_CONTEXT_WINDOW, - maxTokens: XAI_DEFAULT_MAX_TOKENS, - }; -} - -export function buildKilocodeModelDefinition(): ModelDefinitionConfig { - return { - id: KILOCODE_DEFAULT_MODEL_ID, - name: KILOCODE_DEFAULT_MODEL_NAME, - reasoning: true, - input: ["text", "image"], - cost: KILOCODE_DEFAULT_COST, - contextWindow: KILOCODE_DEFAULT_CONTEXT_WINDOW, - maxTokens: KILOCODE_DEFAULT_MAX_TOKENS, - }; -} - -// Alibaba Cloud Model Studio Coding Plan -export const MODELSTUDIO_CN_BASE_URL = "https://coding.dashscope.aliyuncs.com/v1"; -export const MODELSTUDIO_GLOBAL_BASE_URL = "https://coding-intl.dashscope.aliyuncs.com/v1"; -export const MODELSTUDIO_DEFAULT_MODEL_ID = "qwen3.5-plus"; -export const MODELSTUDIO_DEFAULT_MODEL_REF = `modelstudio/${MODELSTUDIO_DEFAULT_MODEL_ID}`; -export const MODELSTUDIO_DEFAULT_COST = { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, -}; - -const MODELSTUDIO_MODEL_CATALOG = { - "qwen3.5-plus": { - name: "qwen3.5-plus", - reasoning: false, - input: ["text", "image"], - contextWindow: 1000000, - maxTokens: 65536, - }, - "qwen3-max-2026-01-23": { - name: "qwen3-max-2026-01-23", - reasoning: false, - input: ["text"], - contextWindow: 262144, - maxTokens: 65536, - }, - "qwen3-coder-next": { - name: "qwen3-coder-next", - reasoning: false, - input: ["text"], - contextWindow: 262144, - maxTokens: 65536, - }, - "qwen3-coder-plus": { - name: "qwen3-coder-plus", - reasoning: false, - input: ["text"], - contextWindow: 1000000, - maxTokens: 65536, - }, - "MiniMax-M2.5": { - name: "MiniMax-M2.5", - reasoning: false, - input: ["text"], - contextWindow: 1000000, - maxTokens: 65536, - }, - "glm-5": { - name: "glm-5", - reasoning: false, - input: ["text"], - contextWindow: 202752, - maxTokens: 16384, - }, - "glm-4.7": { - name: "glm-4.7", - reasoning: false, - input: ["text"], - contextWindow: 202752, - maxTokens: 16384, - }, - "kimi-k2.5": { - name: "kimi-k2.5", - reasoning: false, - input: ["text", "image"], - contextWindow: 262144, - maxTokens: 32768, - }, -} as const; - -type ModelStudioCatalogId = keyof typeof MODELSTUDIO_MODEL_CATALOG; - -export function buildModelStudioModelDefinition(params: { - id: string; - name?: string; - reasoning?: boolean; - input?: string[]; - cost?: ModelDefinitionConfig["cost"]; - contextWindow?: number; - maxTokens?: number; -}): ModelDefinitionConfig { - const catalog = MODELSTUDIO_MODEL_CATALOG[params.id as ModelStudioCatalogId]; - return { - id: params.id, - name: params.name ?? catalog?.name ?? params.id, - reasoning: params.reasoning ?? catalog?.reasoning ?? false, - input: - (params.input as ("text" | "image")[]) ?? - ([...(catalog?.input ?? ["text"])] as ("text" | "image")[]), - cost: params.cost ?? MODELSTUDIO_DEFAULT_COST, - contextWindow: params.contextWindow ?? catalog?.contextWindow ?? 262144, - maxTokens: params.maxTokens ?? catalog?.maxTokens ?? 65536, - }; -} - -export function buildModelStudioDefaultModelDefinition(): ModelDefinitionConfig { - return buildModelStudioModelDefinition({ - id: MODELSTUDIO_DEFAULT_MODEL_ID, - }); -} diff --git a/src/commands/onboard-auth.test.ts b/src/commands/onboard-auth.test.ts index 8c4b8e38bda..969128d343e 100644 --- a/src/commands/onboard-auth.test.ts +++ b/src/commands/onboard-auth.test.ts @@ -3,6 +3,39 @@ import os from "node:os"; import path from "node:path"; import type { OAuthCredentials } from "@mariozechner/pi-ai"; import { afterEach, describe, expect, it } from "vitest"; +import { + applyMinimaxApiConfig, + applyMinimaxApiProviderConfig, +} from "../../extensions/minimax/onboard.js"; +import { + applyMistralConfig, + applyMistralProviderConfig, +} from "../../extensions/mistral/onboard.js"; +import { + applyOpencodeGoConfig, + applyOpencodeGoProviderConfig, +} from "../../extensions/opencode-go/onboard.js"; +import { + applyOpencodeZenConfig, + applyOpencodeZenProviderConfig, +} from "../../extensions/opencode/onboard.js"; +import { + applyOpenrouterConfig, + applyOpenrouterProviderConfig, +} from "../../extensions/openrouter/onboard.js"; +import { + applySyntheticConfig, + applySyntheticProviderConfig, + SYNTHETIC_DEFAULT_MODEL_REF, +} from "../../extensions/synthetic/onboard.js"; +import { + applyXaiConfig, + applyXaiProviderConfig, + XAI_DEFAULT_MODEL_REF, +} from "../../extensions/xai/onboard.js"; +import { applyXiaomiConfig, applyXiaomiProviderConfig } from "../../extensions/xiaomi/onboard.js"; +import { applyZaiConfig, applyZaiProviderConfig } from "../../extensions/zai/onboard.js"; +import { SYNTHETIC_DEFAULT_MODEL_ID } from "../agents/synthetic-models.js"; import type { OpenClawConfig } from "../config/config.js"; import { resolveAgentModelFallbackValues, @@ -10,36 +43,17 @@ import { } from "../config/model-input.js"; import type { ModelApi } from "../config/types.models.js"; import { - applyAuthProfileConfig, - applyLitellmProviderConfig, - applyMistralConfig, - applyMistralProviderConfig, - applyMinimaxApiConfig, - applyMinimaxApiProviderConfig, - applyOpencodeGoConfig, - applyOpencodeGoProviderConfig, - applyOpencodeZenConfig, - applyOpencodeZenProviderConfig, - applyOpenrouterConfig, - applyOpenrouterProviderConfig, - applySyntheticConfig, - applySyntheticProviderConfig, - applyXaiConfig, - applyXaiProviderConfig, - applyXiaomiConfig, - applyXiaomiProviderConfig, - applyZaiConfig, - applyZaiProviderConfig, - OPENROUTER_DEFAULT_MODEL_REF, MISTRAL_DEFAULT_MODEL_REF, - SYNTHETIC_DEFAULT_MODEL_ID, - SYNTHETIC_DEFAULT_MODEL_REF, - XAI_DEFAULT_MODEL_REF, - setMinimaxApiKey, - writeOAuthCredentials, ZAI_CODING_CN_BASE_URL, ZAI_GLOBAL_BASE_URL, -} from "./onboard-auth.js"; +} from "../plugin-sdk/provider-models.js"; +import { applyAuthProfileConfig } from "../plugins/provider-auth-helpers.js"; +import { + OPENROUTER_DEFAULT_MODEL_REF, + setMinimaxApiKey, + writeOAuthCredentials, +} from "../plugins/provider-auth-storage.js"; +import { applyLitellmProviderConfig } from "./onboard-auth.config-litellm.js"; import { createAuthTestLifecycle, readAuthProfilesForAgent, diff --git a/src/commands/onboard-auth.ts b/src/commands/onboard-auth.ts deleted file mode 100644 index f51e61a8cee..00000000000 --- a/src/commands/onboard-auth.ts +++ /dev/null @@ -1,133 +0,0 @@ -export { - SYNTHETIC_DEFAULT_MODEL_ID, - SYNTHETIC_DEFAULT_MODEL_REF, -} from "../agents/synthetic-models.js"; -export { VENICE_DEFAULT_MODEL_ID, VENICE_DEFAULT_MODEL_REF } from "../agents/venice-models.js"; -export { - applyAuthProfileConfig, - applyCloudflareAiGatewayConfig, - applyCloudflareAiGatewayProviderConfig, - applyHuggingfaceConfig, - applyHuggingfaceProviderConfig, - applyKilocodeConfig, - applyKilocodeProviderConfig, - applyQianfanConfig, - applyQianfanProviderConfig, - applyKimiCodeConfig, - applyKimiCodeProviderConfig, - applyLitellmConfig, - applyLitellmProviderConfig, - applyMistralConfig, - applyMistralProviderConfig, - applyMoonshotConfig, - applyMoonshotConfigCn, - applyMoonshotProviderConfig, - applyMoonshotProviderConfigCn, - applyOpenrouterConfig, - applyOpenrouterProviderConfig, - applySyntheticConfig, - applySyntheticProviderConfig, - applyTogetherConfig, - applyTogetherProviderConfig, - applyVeniceConfig, - applyVeniceProviderConfig, - applyVercelAiGatewayConfig, - applyVercelAiGatewayProviderConfig, - applyXaiConfig, - applyXaiProviderConfig, - applyXiaomiConfig, - applyXiaomiProviderConfig, - applyZaiConfig, - applyZaiProviderConfig, - applyModelStudioConfig, - applyModelStudioConfigCn, - applyModelStudioProviderConfig, - applyModelStudioProviderConfigCn, - KILOCODE_BASE_URL, -} from "./onboard-auth.config-core.js"; -export { - applyMinimaxApiConfig, - applyMinimaxApiConfigCn, - applyMinimaxApiProviderConfig, - applyMinimaxApiProviderConfigCn, -} from "./onboard-auth.config-minimax.js"; - -export { - applyOpencodeZenConfig, - applyOpencodeZenProviderConfig, -} from "./onboard-auth.config-opencode.js"; -export { - applyOpencodeGoConfig, - applyOpencodeGoProviderConfig, -} from "./onboard-auth.config-opencode-go.js"; -export { - CLOUDFLARE_AI_GATEWAY_DEFAULT_MODEL_REF, - KILOCODE_DEFAULT_MODEL_REF, - LITELLM_DEFAULT_MODEL_REF, - OPENROUTER_DEFAULT_MODEL_REF, - setOpenaiApiKey, - setAnthropicApiKey, - setCloudflareAiGatewayConfig, - setByteplusApiKey, - setQianfanApiKey, - setGeminiApiKey, - setKilocodeApiKey, - setLitellmApiKey, - setKimiCodingApiKey, - setMinimaxApiKey, - setMistralApiKey, - setMoonshotApiKey, - setOpencodeGoApiKey, - setOpencodeZenApiKey, - setOpenrouterApiKey, - setSyntheticApiKey, - setTogetherApiKey, - setHuggingfaceApiKey, - setVeniceApiKey, - setVercelAiGatewayApiKey, - setXiaomiApiKey, - setVolcengineApiKey, - setZaiApiKey, - setXaiApiKey, - setModelStudioApiKey, - writeOAuthCredentials, - HUGGINGFACE_DEFAULT_MODEL_REF, - VERCEL_AI_GATEWAY_DEFAULT_MODEL_REF, - XIAOMI_DEFAULT_MODEL_REF, - ZAI_DEFAULT_MODEL_REF, - TOGETHER_DEFAULT_MODEL_REF, - MISTRAL_DEFAULT_MODEL_REF, - XAI_DEFAULT_MODEL_REF, - MODELSTUDIO_DEFAULT_MODEL_REF, -} from "./onboard-auth.credentials.js"; -export { - buildKilocodeModelDefinition, - buildMinimaxApiModelDefinition, - buildMinimaxModelDefinition, - buildMistralModelDefinition, - buildMoonshotModelDefinition, - buildZaiModelDefinition, - DEFAULT_MINIMAX_BASE_URL, - KILOCODE_DEFAULT_MODEL_ID, - MOONSHOT_CN_BASE_URL, - QIANFAN_BASE_URL, - QIANFAN_DEFAULT_MODEL_ID, - QIANFAN_DEFAULT_MODEL_REF, - KIMI_CODING_MODEL_ID, - KIMI_CODING_MODEL_REF, - MINIMAX_API_BASE_URL, - MINIMAX_CN_API_BASE_URL, - MINIMAX_HOSTED_MODEL_ID, - MINIMAX_HOSTED_MODEL_REF, - MOONSHOT_BASE_URL, - MOONSHOT_DEFAULT_MODEL_ID, - MOONSHOT_DEFAULT_MODEL_REF, - MISTRAL_BASE_URL, - MISTRAL_DEFAULT_MODEL_ID, - resolveZaiBaseUrl, - ZAI_CODING_CN_BASE_URL, - ZAI_DEFAULT_MODEL_ID, - ZAI_CODING_GLOBAL_BASE_URL, - ZAI_CN_BASE_URL, - ZAI_GLOBAL_BASE_URL, -} from "./onboard-auth.models.js"; diff --git a/src/commands/onboard-non-interactive.provider-auth.test.ts b/src/commands/onboard-non-interactive.provider-auth.test.ts index abf8362d694..329314d1efd 100644 --- a/src/commands/onboard-non-interactive.provider-auth.test.ts +++ b/src/commands/onboard-non-interactive.provider-auth.test.ts @@ -2,15 +2,15 @@ import fs from "node:fs/promises"; import path from "node:path"; import { setTimeout as delay } from "node:timers/promises"; import { beforeAll, describe, expect, it, vi } from "vitest"; -import { makeTempWorkspace } from "../test-helpers/workspace.js"; -import { withEnvAsync } from "../test-utils/env.js"; import { MINIMAX_API_BASE_URL, MINIMAX_CN_API_BASE_URL, ZAI_CODING_CN_BASE_URL, ZAI_CODING_GLOBAL_BASE_URL, ZAI_GLOBAL_BASE_URL, -} from "./onboard-auth.js"; +} from "../plugin-sdk/provider-models.js"; +import { makeTempWorkspace } from "../test-helpers/workspace.js"; +import { withEnvAsync } from "../test-utils/env.js"; import { createThrowingRuntime, readJsonFile, @@ -22,6 +22,7 @@ type OnboardEnv = { configPath: string; runtime: NonInteractiveRuntime; }; +type FetchLike = (input: RequestInfo | URL, init?: RequestInit) => Promise; const ensureWorkspaceAndSessionsMock = vi.hoisted(() => vi.fn(async (..._args: unknown[]) => {})); @@ -61,7 +62,7 @@ type ProviderAuthConfigSnapshot = { }; }; -function createZaiFetchMock(responses: Record): typeof fetch { +function createZaiFetchMock(responses: Record): FetchLike { return vi.fn(async (input, init) => { const url = typeof input === "string" ? input : input instanceof URL ? input.toString() : ""; const parsedBody = @@ -77,12 +78,12 @@ function createZaiFetchMock(responses: Record): typeof fetch { headers: { "content-type": "application/json" }, }, ); - }) as typeof fetch; + }); } async function withZaiProbeFetch( responses: Record, - run: (fetchMock: typeof fetch) => Promise, + run: (fetchMock: FetchLike) => Promise, ): Promise { const originalVitest = process.env.VITEST; delete process.env.VITEST; diff --git a/src/commands/onboard-non-interactive/local/auth-choice.api-key-providers.ts b/src/commands/onboard-non-interactive/local/auth-choice.api-key-providers.ts index 4c0454401ad..bb9ab999411 100644 --- a/src/commands/onboard-non-interactive/local/auth-choice.api-key-providers.ts +++ b/src/commands/onboard-non-interactive/local/auth-choice.api-key-providers.ts @@ -1,11 +1,9 @@ import type { OpenClawConfig } from "../../../config/config.js"; import type { SecretInput } from "../../../config/types.secrets.js"; +import { applyAuthProfileConfig } from "../../../plugins/provider-auth-helpers.js"; +import { setLitellmApiKey } from "../../../plugins/provider-auth-storage.js"; import type { RuntimeEnv } from "../../../runtime.js"; -import { - applyAuthProfileConfig, - applyLitellmConfig, - setLitellmApiKey, -} from "../../onboard-auth.js"; +import { applyLitellmConfig } from "../../onboard-auth.config-litellm.js"; import type { AuthChoice, OnboardOptions } from "../../onboard-types.js"; type ApiKeyStorageOptions = { diff --git a/src/commands/onboard-non-interactive/local/auth-choice.plugin-providers.runtime.ts b/src/commands/onboard-non-interactive/local/auth-choice.plugin-providers.runtime.ts index a02dd2f2ee2..05422a839fb 100644 --- a/src/commands/onboard-non-interactive/local/auth-choice.plugin-providers.runtime.ts +++ b/src/commands/onboard-non-interactive/local/auth-choice.plugin-providers.runtime.ts @@ -1,5 +1,11 @@ -export { resolveProviderPluginChoice } from "../../../plugins/provider-wizard.js"; -export { +import { resolveProviderPluginChoice } from "../../../plugins/provider-wizard.js"; +import { resolveOwningPluginIdsForProvider, resolvePluginProviders, } from "../../../plugins/providers.js"; + +export const authChoicePluginProvidersRuntime = { + resolveOwningPluginIdsForProvider, + resolveProviderPluginChoice, + resolvePluginProviders, +}; diff --git a/src/commands/onboard-non-interactive/local/auth-choice.plugin-providers.test.ts b/src/commands/onboard-non-interactive/local/auth-choice.plugin-providers.test.ts index f993091dd49..bea20a66764 100644 --- a/src/commands/onboard-non-interactive/local/auth-choice.plugin-providers.test.ts +++ b/src/commands/onboard-non-interactive/local/auth-choice.plugin-providers.test.ts @@ -3,7 +3,7 @@ import type { OpenClawConfig } from "../../../config/config.js"; import { applyNonInteractivePluginProviderChoice } from "./auth-choice.plugin-providers.js"; const resolvePreferredProviderForAuthChoice = vi.hoisted(() => vi.fn(async () => undefined)); -vi.mock("../../auth-choice.preferred-provider.js", () => ({ +vi.mock("../../../plugins/provider-auth-choice-preference.js", () => ({ resolvePreferredProviderForAuthChoice, })); @@ -11,10 +11,11 @@ const resolveOwningPluginIdsForProvider = vi.hoisted(() => vi.fn(() => undefined const resolveProviderPluginChoice = vi.hoisted(() => vi.fn()); const resolvePluginProviders = vi.hoisted(() => vi.fn(() => [])); vi.mock("./auth-choice.plugin-providers.runtime.js", () => ({ - resolveOwningPluginIdsForProvider, - resolveProviderPluginChoice, - resolvePluginProviders, - PROVIDER_PLUGIN_CHOICE_PREFIX: "provider-plugin:", + authChoicePluginProvidersRuntime: { + resolveOwningPluginIdsForProvider, + resolveProviderPluginChoice, + resolvePluginProviders, + }, })); beforeEach(() => { diff --git a/src/commands/onboard-non-interactive/local/auth-choice.plugin-providers.ts b/src/commands/onboard-non-interactive/local/auth-choice.plugin-providers.ts index 3f11a7367a9..ad6cb853955 100644 --- a/src/commands/onboard-non-interactive/local/auth-choice.plugin-providers.ts +++ b/src/commands/onboard-non-interactive/local/auth-choice.plugin-providers.ts @@ -7,12 +7,14 @@ import type { ApiKeyCredential } from "../../../agents/auth-profiles/types.js"; import { resolveDefaultAgentWorkspaceDir } from "../../../agents/workspace.js"; import type { OpenClawConfig } from "../../../config/config.js"; import { enablePluginInConfig } from "../../../plugins/enable.js"; +import { resolvePreferredProviderForAuthChoice } from "../../../plugins/provider-auth-choice-preference.js"; import type { + ProviderAuthOptionBag, ProviderNonInteractiveApiKeyCredentialParams, ProviderResolveNonInteractiveApiKeyParams, } from "../../../plugins/types.js"; import type { RuntimeEnv } from "../../../runtime.js"; -import { resolvePreferredProviderForAuthChoice } from "../../auth-choice.preferred-provider.js"; +import { createLazyRuntimeSurface } from "../../../shared/lazy-runtime.js"; import type { OnboardOptions } from "../../onboard-types.js"; const PROVIDER_PLUGIN_CHOICE_PREFIX = "provider-plugin:"; @@ -21,6 +23,11 @@ async function loadPluginProviderRuntime() { return import("./auth-choice.plugin-providers.runtime.js"); } +const loadAuthChoicePluginProvidersRuntime = createLazyRuntimeSurface( + loadPluginProviderRuntime, + ({ authChoicePluginProvidersRuntime }) => authChoicePluginProvidersRuntime, +); + function buildIsolatedProviderResolutionConfig( cfg: OpenClawConfig, providerId: string | undefined, @@ -80,7 +87,7 @@ export async function applyNonInteractivePluginProviderChoice(params: { preferredProviderId, ); const { resolveOwningPluginIdsForProvider, resolveProviderPluginChoice, resolvePluginProviders } = - await loadPluginProviderRuntime(); + await loadAuthChoicePluginProvidersRuntime(); const owningPluginIds = preferredProviderId ? resolveOwningPluginIdsForProvider({ provider: preferredProviderId, @@ -130,7 +137,7 @@ export async function applyNonInteractivePluginProviderChoice(params: { authChoice: params.authChoice, config: enableResult.config, baseConfig: params.baseConfig, - opts: params.opts, + opts: params.opts as ProviderAuthOptionBag, runtime: params.runtime, agentDir, workspaceDir, diff --git a/src/commands/onboard-non-interactive/local/auth-choice.ts b/src/commands/onboard-non-interactive/local/auth-choice.ts index c52be44afda..85322122e1f 100644 --- a/src/commands/onboard-non-interactive/local/auth-choice.ts +++ b/src/commands/onboard-non-interactive/local/auth-choice.ts @@ -1,15 +1,13 @@ import type { ApiKeyCredential } from "../../../agents/auth-profiles/types.js"; import type { OpenClawConfig } from "../../../config/config.js"; import type { SecretInput } from "../../../config/types.secrets.js"; +import { applyAuthProfileConfig } from "../../../plugins/provider-auth-helpers.js"; +import { setCloudflareAiGatewayConfig } from "../../../plugins/provider-auth-storage.js"; import type { RuntimeEnv } from "../../../runtime.js"; import { resolveDefaultSecretProviderAlias } from "../../../secrets/ref-contract.js"; import { normalizeSecretInputModeInput } from "../../auth-choice.apply-helpers.js"; import { normalizeApiKeyTokenProviderAuthChoice } from "../../auth-choice.apply.api-providers.js"; -import { - applyAuthProfileConfig, - applyCloudflareAiGatewayConfig, - setCloudflareAiGatewayConfig, -} from "../../onboard-auth.js"; +import { applyCloudflareAiGatewayConfig } from "../../onboard-auth.config-gateways.js"; import { applyCustomApiConfig, CustomApiError, diff --git a/src/commands/onboard-types.ts b/src/commands/onboard-types.ts index 9d738298e52..832fae75448 100644 --- a/src/commands/onboard-types.ts +++ b/src/commands/onboard-types.ts @@ -1,4 +1,5 @@ import type { ChannelId } from "../channels/plugins/types.js"; +import type { SecretInputMode } from "../plugins/provider-auth-types.js"; import type { GatewayDaemonRuntime } from "./daemon-runtime.js"; export type OnboardMode = "local" | "remote"; @@ -90,7 +91,7 @@ export type NodeManagerChoice = "npm" | "pnpm" | "bun"; export type ChannelChoice = ChannelId; // Legacy alias (pre-rename). export type ProviderChoice = ChannelChoice; -export type SecretInputMode = "plaintext" | "ref"; // pragma: allowlist secret +export type { SecretInputMode } from "../plugins/provider-auth-types.js"; export type OnboardOptions = { mode?: OnboardMode; diff --git a/src/commands/openai-codex-oauth.ts b/src/commands/openai-codex-oauth.ts index a868217750b..0c5f098c41f 100644 --- a/src/commands/openai-codex-oauth.ts +++ b/src/commands/openai-codex-oauth.ts @@ -1,65 +1 @@ -import { loginOpenAICodex, type OAuthCredentials } from "@mariozechner/pi-ai/oauth"; -import type { RuntimeEnv } from "../runtime.js"; -import type { WizardPrompter } from "../wizard/prompts.js"; -import { createVpsAwareOAuthHandlers } from "./oauth-flow.js"; -import { - formatOpenAIOAuthTlsPreflightFix, - runOpenAIOAuthTlsPreflight, -} from "./oauth-tls-preflight.js"; - -export async function loginOpenAICodexOAuth(params: { - prompter: WizardPrompter; - runtime: RuntimeEnv; - isRemote: boolean; - openUrl: (url: string) => Promise; - localBrowserMessage?: string; -}): Promise { - const { prompter, runtime, isRemote, openUrl, localBrowserMessage } = params; - const preflight = await runOpenAIOAuthTlsPreflight(); - if (!preflight.ok && preflight.kind === "tls-cert") { - const hint = formatOpenAIOAuthTlsPreflightFix(preflight); - runtime.error(hint); - await prompter.note(hint, "OAuth prerequisites"); - throw new Error(preflight.message); - } - - await prompter.note( - isRemote - ? [ - "You are running in a remote/VPS environment.", - "A URL will be shown for you to open in your LOCAL browser.", - "After signing in, paste the redirect URL back here.", - ].join("\n") - : [ - "Browser will open for OpenAI authentication.", - "If the callback doesn't auto-complete, paste the redirect URL.", - "OpenAI OAuth uses localhost:1455 for the callback.", - ].join("\n"), - "OpenAI Codex OAuth", - ); - - const spin = prompter.progress("Starting OAuth flow…"); - try { - const { onAuth: baseOnAuth, onPrompt } = createVpsAwareOAuthHandlers({ - isRemote, - prompter, - runtime, - spin, - openUrl, - localBrowserMessage: localBrowserMessage ?? "Complete sign-in in browser…", - }); - - const creds = await loginOpenAICodex({ - onAuth: baseOnAuth, - onPrompt, - onProgress: (msg: string) => spin.update(msg), - }); - spin.stop("OpenAI OAuth complete"); - return creds ?? null; - } catch (err) { - spin.stop("OpenAI OAuth failed"); - runtime.error(String(err)); - await prompter.note("Trouble with OAuth? See https://docs.openclaw.ai/start/faq", "OAuth help"); - throw err; - } -} +export { loginOpenAICodexOAuth } from "../plugins/provider-openai-codex-oauth.js"; diff --git a/src/commands/openai-model-default.ts b/src/commands/openai-model-default.ts index 191756e0fa0..81316e753ed 100644 --- a/src/commands/openai-model-default.ts +++ b/src/commands/openai-model-default.ts @@ -1,47 +1,5 @@ -import type { OpenClawConfig } from "../config/config.js"; -import { ensureModelAllowlistEntry } from "./model-allowlist.js"; - -export const OPENAI_DEFAULT_MODEL = "openai/gpt-5.1-codex"; - -export function applyOpenAIProviderConfig(cfg: OpenClawConfig): OpenClawConfig { - const next = ensureModelAllowlistEntry({ - cfg, - modelRef: OPENAI_DEFAULT_MODEL, - }); - const models = { ...next.agents?.defaults?.models }; - models[OPENAI_DEFAULT_MODEL] = { - ...models[OPENAI_DEFAULT_MODEL], - alias: models[OPENAI_DEFAULT_MODEL]?.alias ?? "GPT", - }; - - return { - ...next, - agents: { - ...next.agents, - defaults: { - ...next.agents?.defaults, - models, - }, - }, - }; -} - -export function applyOpenAIConfig(cfg: OpenClawConfig): OpenClawConfig { - const next = applyOpenAIProviderConfig(cfg); - return { - ...next, - agents: { - ...next.agents, - defaults: { - ...next.agents?.defaults, - model: - next.agents?.defaults?.model && typeof next.agents.defaults.model === "object" - ? { - ...next.agents.defaults.model, - primary: OPENAI_DEFAULT_MODEL, - } - : { primary: OPENAI_DEFAULT_MODEL }, - }, - }, - }; -} +export { + applyOpenAIConfig, + applyOpenAIProviderConfig, + OPENAI_DEFAULT_MODEL, +} from "../plugins/provider-model-defaults.js"; diff --git a/src/commands/opencode-go-model-default.ts b/src/commands/opencode-go-model-default.ts index c959f23ff2e..c87816456c3 100644 --- a/src/commands/opencode-go-model-default.ts +++ b/src/commands/opencode-go-model-default.ts @@ -1,11 +1,4 @@ -import type { OpenClawConfig } from "../config/config.js"; -import { applyAgentDefaultPrimaryModel } from "./model-default.js"; - -export const OPENCODE_GO_DEFAULT_MODEL_REF = "opencode-go/kimi-k2.5"; - -export function applyOpencodeGoModelDefault(cfg: OpenClawConfig): { - next: OpenClawConfig; - changed: boolean; -} { - return applyAgentDefaultPrimaryModel({ cfg, model: OPENCODE_GO_DEFAULT_MODEL_REF }); -} +export { + applyOpencodeGoModelDefault, + OPENCODE_GO_DEFAULT_MODEL_REF, +} from "../plugins/provider-model-defaults.js"; diff --git a/src/commands/opencode-zen-model-default.ts b/src/commands/opencode-zen-model-default.ts index 9efb9c17ade..0d874241076 100644 --- a/src/commands/opencode-zen-model-default.ts +++ b/src/commands/opencode-zen-model-default.ts @@ -1,19 +1,4 @@ -import type { OpenClawConfig } from "../config/config.js"; -import { applyAgentDefaultPrimaryModel } from "./model-default.js"; - -export const OPENCODE_ZEN_DEFAULT_MODEL = "opencode/claude-opus-4-6"; -const LEGACY_OPENCODE_ZEN_DEFAULT_MODELS = new Set([ - "opencode/claude-opus-4-5", - "opencode-zen/claude-opus-4-5", -]); - -export function applyOpencodeZenModelDefault(cfg: OpenClawConfig): { - next: OpenClawConfig; - changed: boolean; -} { - return applyAgentDefaultPrimaryModel({ - cfg, - model: OPENCODE_ZEN_DEFAULT_MODEL, - legacyModels: LEGACY_OPENCODE_ZEN_DEFAULT_MODELS, - }); -} +export { + applyOpencodeZenModelDefault, + OPENCODE_ZEN_DEFAULT_MODEL, +} from "../plugins/provider-model-defaults.js"; diff --git a/src/commands/provider-auth-helpers.ts b/src/commands/provider-auth-helpers.ts index f36c1c3de73..a9fabf9f1bd 100644 --- a/src/commands/provider-auth-helpers.ts +++ b/src/commands/provider-auth-helpers.ts @@ -1,82 +1 @@ -import { normalizeProviderId } from "../agents/model-selection.js"; -import type { OpenClawConfig } from "../config/config.js"; -import type { ProviderAuthMethod, ProviderPlugin } from "../plugins/types.js"; - -export function resolveProviderMatch( - providers: ProviderPlugin[], - rawProvider?: string, -): ProviderPlugin | null { - const raw = rawProvider?.trim(); - if (!raw) { - return null; - } - const normalized = normalizeProviderId(raw); - return ( - providers.find((provider) => normalizeProviderId(provider.id) === normalized) ?? - providers.find( - (provider) => - provider.aliases?.some((alias) => normalizeProviderId(alias) === normalized) ?? false, - ) ?? - null - ); -} - -export function pickAuthMethod( - provider: ProviderPlugin, - rawMethod?: string, -): ProviderAuthMethod | null { - const raw = rawMethod?.trim(); - if (!raw) { - return null; - } - const normalized = raw.toLowerCase(); - return ( - provider.auth.find((method) => method.id.toLowerCase() === normalized) ?? - provider.auth.find((method) => method.label.toLowerCase() === normalized) ?? - null - ); -} - -function isPlainRecord(value: unknown): value is Record { - return Boolean(value && typeof value === "object" && !Array.isArray(value)); -} - -export function mergeConfigPatch(base: T, patch: unknown): T { - if (!isPlainRecord(base) || !isPlainRecord(patch)) { - return patch as T; - } - - const next: Record = { ...base }; - for (const [key, value] of Object.entries(patch)) { - const existing = next[key]; - if (isPlainRecord(existing) && isPlainRecord(value)) { - next[key] = mergeConfigPatch(existing, value); - } else { - next[key] = value; - } - } - return next as T; -} - -export function applyDefaultModel(cfg: OpenClawConfig, model: string): OpenClawConfig { - const models = { ...cfg.agents?.defaults?.models }; - models[model] = models[model] ?? {}; - - const existingModel = cfg.agents?.defaults?.model; - return { - ...cfg, - agents: { - ...cfg.agents, - defaults: { - ...cfg.agents?.defaults, - models, - model: { - ...(existingModel && typeof existingModel === "object" && "fallbacks" in existingModel - ? { fallbacks: (existingModel as { fallbacks?: string[] }).fallbacks } - : undefined), - primary: model, - }, - }, - }, - }; -} +export * from "../plugins/provider-auth-choice-helpers.js"; diff --git a/src/commands/self-hosted-provider-setup.ts b/src/commands/self-hosted-provider-setup.ts index ec2d8c683e3..8d4e85fa8ff 100644 --- a/src/commands/self-hosted-provider-setup.ts +++ b/src/commands/self-hosted-provider-setup.ts @@ -1,304 +1 @@ -import type { ApiKeyCredential, AuthProfileCredential } from "../agents/auth-profiles/types.js"; -import { upsertAuthProfileWithLock } from "../agents/auth-profiles/upsert-with-lock.js"; -import { - SELF_HOSTED_DEFAULT_CONTEXT_WINDOW, - SELF_HOSTED_DEFAULT_COST, - SELF_HOSTED_DEFAULT_MAX_TOKENS, -} from "../agents/self-hosted-provider-defaults.js"; -import type { OpenClawConfig } from "../config/config.js"; -import type { - ProviderDiscoveryContext, - ProviderAuthResult, - ProviderAuthMethodNonInteractiveContext, - ProviderNonInteractiveApiKeyResult, -} from "../plugins/types.js"; -import type { WizardPrompter } from "../wizard/prompts.js"; -import { applyAuthProfileConfig } from "./auth-profile-config.js"; - -export { - SELF_HOSTED_DEFAULT_CONTEXT_WINDOW, - SELF_HOSTED_DEFAULT_COST, - SELF_HOSTED_DEFAULT_MAX_TOKENS, -} from "../agents/self-hosted-provider-defaults.js"; - -export function applyProviderDefaultModel(cfg: OpenClawConfig, modelRef: string): OpenClawConfig { - const existingModel = cfg.agents?.defaults?.model; - const fallbacks = - existingModel && typeof existingModel === "object" && "fallbacks" in existingModel - ? (existingModel as { fallbacks?: string[] }).fallbacks - : undefined; - - return { - ...cfg, - agents: { - ...cfg.agents, - defaults: { - ...cfg.agents?.defaults, - model: { - ...(fallbacks ? { fallbacks } : undefined), - primary: modelRef, - }, - }, - }, - }; -} - -function buildOpenAICompatibleSelfHostedProviderConfig(params: { - cfg: OpenClawConfig; - providerId: string; - baseUrl: string; - providerApiKey: string; - modelId: string; - input?: Array<"text" | "image">; - reasoning?: boolean; - contextWindow?: number; - maxTokens?: number; -}): { config: OpenClawConfig; modelId: string; modelRef: string; profileId: string } { - const modelRef = `${params.providerId}/${params.modelId}`; - const profileId = `${params.providerId}:default`; - return { - config: { - ...params.cfg, - models: { - ...params.cfg.models, - mode: params.cfg.models?.mode ?? "merge", - providers: { - ...params.cfg.models?.providers, - [params.providerId]: { - baseUrl: params.baseUrl, - api: "openai-completions", - apiKey: params.providerApiKey, - models: [ - { - id: params.modelId, - name: params.modelId, - reasoning: params.reasoning ?? false, - input: params.input ?? ["text"], - cost: SELF_HOSTED_DEFAULT_COST, - contextWindow: params.contextWindow ?? SELF_HOSTED_DEFAULT_CONTEXT_WINDOW, - maxTokens: params.maxTokens ?? SELF_HOSTED_DEFAULT_MAX_TOKENS, - }, - ], - }, - }, - }, - }, - modelId: params.modelId, - modelRef, - profileId, - }; -} - -type OpenAICompatibleSelfHostedProviderSetupParams = { - cfg: OpenClawConfig; - prompter: WizardPrompter; - providerId: string; - providerLabel: string; - defaultBaseUrl: string; - defaultApiKeyEnvVar: string; - modelPlaceholder: string; - input?: Array<"text" | "image">; - reasoning?: boolean; - contextWindow?: number; - maxTokens?: number; -}; - -type OpenAICompatibleSelfHostedProviderPromptResult = { - config: OpenClawConfig; - credential: AuthProfileCredential; - modelId: string; - modelRef: string; - profileId: string; -}; - -function buildSelfHostedProviderAuthResult( - result: OpenAICompatibleSelfHostedProviderPromptResult, -): ProviderAuthResult { - return { - profiles: [ - { - profileId: result.profileId, - credential: result.credential, - }, - ], - configPatch: result.config, - defaultModel: result.modelRef, - }; -} - -export async function promptAndConfigureOpenAICompatibleSelfHostedProvider( - params: OpenAICompatibleSelfHostedProviderSetupParams, -): Promise { - const baseUrlRaw = await params.prompter.text({ - message: `${params.providerLabel} base URL`, - initialValue: params.defaultBaseUrl, - placeholder: params.defaultBaseUrl, - validate: (value) => (value?.trim() ? undefined : "Required"), - }); - const apiKeyRaw = await params.prompter.text({ - message: `${params.providerLabel} API key`, - placeholder: "sk-... (or any non-empty string)", - validate: (value) => (value?.trim() ? undefined : "Required"), - }); - const modelIdRaw = await params.prompter.text({ - message: `${params.providerLabel} model`, - placeholder: params.modelPlaceholder, - validate: (value) => (value?.trim() ? undefined : "Required"), - }); - - const baseUrl = String(baseUrlRaw ?? "") - .trim() - .replace(/\/+$/, ""); - const apiKey = String(apiKeyRaw ?? "").trim(); - const modelId = String(modelIdRaw ?? "").trim(); - const credential: AuthProfileCredential = { - type: "api_key", - provider: params.providerId, - key: apiKey, - }; - const configured = buildOpenAICompatibleSelfHostedProviderConfig({ - cfg: params.cfg, - providerId: params.providerId, - baseUrl, - providerApiKey: params.defaultApiKeyEnvVar, - modelId, - input: params.input, - reasoning: params.reasoning, - contextWindow: params.contextWindow, - maxTokens: params.maxTokens, - }); - - return { - config: configured.config, - credential, - modelId: configured.modelId, - modelRef: configured.modelRef, - profileId: configured.profileId, - }; -} - -export async function promptAndConfigureOpenAICompatibleSelfHostedProviderAuth( - params: OpenAICompatibleSelfHostedProviderSetupParams, -): Promise { - const result = await promptAndConfigureOpenAICompatibleSelfHostedProvider(params); - return buildSelfHostedProviderAuthResult(result); -} - -export async function discoverOpenAICompatibleSelfHostedProvider< - T extends Record, ->(params: { - ctx: ProviderDiscoveryContext; - providerId: string; - buildProvider: (params: { apiKey?: string }) => Promise; -}): Promise<{ provider: T & { apiKey: string } } | null> { - if (params.ctx.config.models?.providers?.[params.providerId]) { - return null; - } - const { apiKey, discoveryApiKey } = params.ctx.resolveProviderApiKey(params.providerId); - if (!apiKey) { - return null; - } - return { - provider: { - ...(await params.buildProvider({ apiKey: discoveryApiKey })), - apiKey, - }, - }; -} - -function buildMissingNonInteractiveModelIdMessage(params: { - authChoice: string; - providerLabel: string; - modelPlaceholder: string; -}): string { - return [ - `Missing --custom-model-id for --auth-choice ${params.authChoice}.`, - `Pass the ${params.providerLabel} model id to use, for example ${params.modelPlaceholder}.`, - ].join("\n"); -} - -function buildSelfHostedProviderCredential(params: { - ctx: ProviderAuthMethodNonInteractiveContext; - providerId: string; - resolved: ProviderNonInteractiveApiKeyResult; -}): ApiKeyCredential | null { - return params.ctx.toApiKeyCredential({ - provider: params.providerId, - resolved: params.resolved, - }); -} - -export async function configureOpenAICompatibleSelfHostedProviderNonInteractive(params: { - ctx: ProviderAuthMethodNonInteractiveContext; - providerId: string; - providerLabel: string; - defaultBaseUrl: string; - defaultApiKeyEnvVar: string; - modelPlaceholder: string; - input?: Array<"text" | "image">; - reasoning?: boolean; - contextWindow?: number; - maxTokens?: number; -}): Promise { - const baseUrl = (params.ctx.opts.customBaseUrl?.trim() || params.defaultBaseUrl).replace( - /\/+$/, - "", - ); - const modelId = params.ctx.opts.customModelId?.trim(); - if (!modelId) { - params.ctx.runtime.error( - buildMissingNonInteractiveModelIdMessage({ - authChoice: params.ctx.authChoice, - providerLabel: params.providerLabel, - modelPlaceholder: params.modelPlaceholder, - }), - ); - params.ctx.runtime.exit(1); - return null; - } - - const resolved = await params.ctx.resolveApiKey({ - provider: params.providerId, - flagValue: params.ctx.opts.customApiKey, - flagName: "--custom-api-key", - envVar: params.defaultApiKeyEnvVar, - envVarName: params.defaultApiKeyEnvVar, - }); - if (!resolved) { - return null; - } - - const credential = buildSelfHostedProviderCredential({ - ctx: params.ctx, - providerId: params.providerId, - resolved, - }); - if (!credential) { - return null; - } - - const configured = buildOpenAICompatibleSelfHostedProviderConfig({ - cfg: params.ctx.config, - providerId: params.providerId, - baseUrl, - providerApiKey: params.defaultApiKeyEnvVar, - modelId, - input: params.input, - reasoning: params.reasoning, - contextWindow: params.contextWindow, - maxTokens: params.maxTokens, - }); - await upsertAuthProfileWithLock({ - profileId: configured.profileId, - credential, - agentDir: params.ctx.agentDir, - }); - - const withProfile = applyAuthProfileConfig(configured.config, { - profileId: configured.profileId, - provider: params.providerId, - mode: "api_key", - }); - params.ctx.runtime.log(`Default ${params.providerLabel} model: ${modelId}`); - return applyProviderDefaultModel(withProfile, configured.modelRef); -} +export * from "../plugins/provider-self-hosted-setup.js"; diff --git a/src/commands/signal-install.ts b/src/commands/signal-install.ts index a5c73392b4b..0a329ecdde0 100644 --- a/src/commands/signal-install.ts +++ b/src/commands/signal-install.ts @@ -1,302 +1 @@ -import { createWriteStream } from "node:fs"; -import fs from "node:fs/promises"; -import { request } from "node:https"; -import os from "node:os"; -import path from "node:path"; -import { pipeline } from "node:stream/promises"; -import { extractArchive } from "../infra/archive.js"; -import { resolveBrewExecutable } from "../infra/brew.js"; -import { runCommandWithTimeout } from "../process/exec.js"; -import type { RuntimeEnv } from "../runtime.js"; -import { CONFIG_DIR } from "../utils.js"; - -export type ReleaseAsset = { - name?: string; - browser_download_url?: string; -}; - -export type NamedAsset = { - name: string; - browser_download_url: string; -}; - -type ReleaseResponse = { - tag_name?: string; - assets?: ReleaseAsset[]; -}; - -export type SignalInstallResult = { - ok: boolean; - cliPath?: string; - version?: string; - error?: string; -}; - -/** @internal Exported for testing. */ -export async function extractSignalCliArchive( - archivePath: string, - installRoot: string, - timeoutMs: number, -): Promise { - await extractArchive({ archivePath, destDir: installRoot, timeoutMs }); -} - -/** @internal Exported for testing. */ -export function looksLikeArchive(name: string): boolean { - return name.endsWith(".tar.gz") || name.endsWith(".tgz") || name.endsWith(".zip"); -} - -/** - * Pick a native release asset from the official GitHub releases. - * - * The official signal-cli releases only publish native (GraalVM) binaries for - * x86-64 Linux. On architectures where no native asset is available this - * returns `undefined` so the caller can fall back to a different install - * strategy (e.g. Homebrew). - */ -/** @internal Exported for testing. */ -export function pickAsset( - assets: ReleaseAsset[], - platform: NodeJS.Platform, - arch: string, -): NamedAsset | undefined { - const withName = assets.filter((asset): asset is NamedAsset => - Boolean(asset.name && asset.browser_download_url), - ); - - // Archives only, excluding signature files (.asc) - const archives = withName.filter((a) => looksLikeArchive(a.name.toLowerCase())); - - const byName = (pattern: RegExp) => - archives.find((asset) => pattern.test(asset.name.toLowerCase())); - - if (platform === "linux") { - // The official "Linux-native" asset is an x86-64 GraalVM binary. - // On non-x64 architectures it will fail with "Exec format error", - // so only select it when the host architecture matches. - if (arch === "x64") { - return byName(/linux-native/) || byName(/linux/) || archives[0]; - } - // No native release for this arch — caller should fall back. - return undefined; - } - - if (platform === "darwin") { - return byName(/macos|osx|darwin/) || archives[0]; - } - - if (platform === "win32") { - return byName(/windows|win/) || archives[0]; - } - - return archives[0]; -} - -async function downloadToFile(url: string, dest: string, maxRedirects = 5): Promise { - await new Promise((resolve, reject) => { - const req = request(url, (res) => { - if (res.statusCode && res.statusCode >= 300 && res.statusCode < 400) { - const location = res.headers.location; - if (!location || maxRedirects <= 0) { - reject(new Error("Redirect loop or missing Location header")); - return; - } - const redirectUrl = new URL(location, url).href; - resolve(downloadToFile(redirectUrl, dest, maxRedirects - 1)); - return; - } - if (!res.statusCode || res.statusCode >= 400) { - reject(new Error(`HTTP ${res.statusCode ?? "?"} downloading file`)); - return; - } - const out = createWriteStream(dest); - pipeline(res, out).then(resolve).catch(reject); - }); - req.on("error", reject); - req.end(); - }); -} - -async function findSignalCliBinary(root: string): Promise { - const candidates: string[] = []; - const enqueue = async (dir: string, depth: number) => { - if (depth > 3) { - return; - } - const entries = await fs.readdir(dir, { withFileTypes: true }).catch(() => []); - for (const entry of entries) { - const full = path.join(dir, entry.name); - if (entry.isDirectory()) { - await enqueue(full, depth + 1); - } else if (entry.isFile() && entry.name === "signal-cli") { - candidates.push(full); - } - } - }; - await enqueue(root, 0); - return candidates[0] ?? null; -} - -// --------------------------------------------------------------------------- -// Brew-based install (used on architectures without an official native build) -// --------------------------------------------------------------------------- - -async function resolveBrewSignalCliPath(brewExe: string): Promise { - try { - const result = await runCommandWithTimeout([brewExe, "--prefix", "signal-cli"], { - timeoutMs: 10_000, - }); - if (result.code === 0 && result.stdout.trim()) { - const prefix = result.stdout.trim(); - // Homebrew installs the wrapper script at /bin/signal-cli - const candidate = path.join(prefix, "bin", "signal-cli"); - try { - await fs.access(candidate); - return candidate; - } catch { - // Fall back to searching the prefix - return findSignalCliBinary(prefix); - } - } - } catch { - // ignore - } - return null; -} - -async function installSignalCliViaBrew(runtime: RuntimeEnv): Promise { - const brewExe = resolveBrewExecutable(); - if (!brewExe) { - return { - ok: false, - error: - `No native signal-cli build is available for ${process.arch}. ` + - "Install Homebrew (https://brew.sh) and try again, or install signal-cli manually.", - }; - } - - runtime.log(`Installing signal-cli via Homebrew (${brewExe})…`); - const result = await runCommandWithTimeout([brewExe, "install", "signal-cli"], { - timeoutMs: 15 * 60_000, // brew builds from source; can take a while - }); - - if (result.code !== 0) { - return { - ok: false, - error: `brew install signal-cli failed (exit ${result.code}): ${result.stderr.trim().slice(0, 200)}`, - }; - } - - const cliPath = await resolveBrewSignalCliPath(brewExe); - if (!cliPath) { - return { - ok: false, - error: "brew install succeeded but signal-cli binary was not found.", - }; - } - - // Extract version from the installed binary. - let version: string | undefined; - try { - const vResult = await runCommandWithTimeout([cliPath, "--version"], { - timeoutMs: 10_000, - }); - // Output is typically "signal-cli 0.13.24" - version = vResult.stdout.trim().replace(/^signal-cli\s+/, "") || undefined; - } catch { - // non-critical; leave version undefined - } - - return { ok: true, cliPath, version }; -} - -// --------------------------------------------------------------------------- -// Direct download install (used when an official native asset is available) -// --------------------------------------------------------------------------- - -async function installSignalCliFromRelease(runtime: RuntimeEnv): Promise { - const apiUrl = "https://api.github.com/repos/AsamK/signal-cli/releases/latest"; - const response = await fetch(apiUrl, { - headers: { - "User-Agent": "openclaw", - Accept: "application/vnd.github+json", - }, - }); - - if (!response.ok) { - return { - ok: false, - error: `Failed to fetch release info (${response.status})`, - }; - } - - const payload = (await response.json()) as ReleaseResponse; - const version = payload.tag_name?.replace(/^v/, "") ?? "unknown"; - const assets = payload.assets ?? []; - const asset = pickAsset(assets, process.platform, process.arch); - - if (!asset) { - return { - ok: false, - error: "No compatible release asset found for this platform.", - }; - } - - const tmpDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-signal-")); - const archivePath = path.join(tmpDir, asset.name); - - runtime.log(`Downloading signal-cli ${version} (${asset.name})…`); - await downloadToFile(asset.browser_download_url, archivePath); - - const installRoot = path.join(CONFIG_DIR, "tools", "signal-cli", version); - await fs.mkdir(installRoot, { recursive: true }); - - if (!looksLikeArchive(asset.name.toLowerCase())) { - return { ok: false, error: `Unsupported archive type: ${asset.name}` }; - } - try { - await extractSignalCliArchive(archivePath, installRoot, 60_000); - } catch (err) { - const message = err instanceof Error ? err.message : String(err); - return { - ok: false, - error: `Failed to extract ${asset.name}: ${message}`, - }; - } - - const cliPath = await findSignalCliBinary(installRoot); - if (!cliPath) { - return { - ok: false, - error: `signal-cli binary not found after extracting ${asset.name}`, - }; - } - - await fs.chmod(cliPath, 0o755).catch(() => {}); - - return { ok: true, cliPath, version }; -} - -// --------------------------------------------------------------------------- -// Public entry point -// --------------------------------------------------------------------------- - -export async function installSignalCli(runtime: RuntimeEnv): Promise { - if (process.platform === "win32") { - return { - ok: false, - error: "Signal CLI auto-install is not supported on Windows yet.", - }; - } - - // The official signal-cli GitHub releases only ship a native binary for - // x86-64 Linux. On other architectures (arm64, armv7, etc.) we delegate - // to Homebrew which builds from source and bundles the JRE automatically. - const hasNativeRelease = process.platform !== "linux" || process.arch === "x64"; - - if (hasNativeRelease) { - return installSignalCliFromRelease(runtime); - } - - return installSignalCliViaBrew(runtime); -} +export * from "../plugins/signal-cli-install.js"; diff --git a/src/commands/status-all.ts b/src/commands/status-all.ts index b643c30ff33..3ef91457a50 100644 --- a/src/commands/status-all.ts +++ b/src/commands/status-all.ts @@ -44,12 +44,13 @@ export async function statusAllCommand( await withProgress({ label: "Scanning status --all…", total: 11 }, async (progress) => { progress.setLabel("Loading config…"); const loadedRaw = await readBestEffortConfig(); - const { resolvedConfig: cfg } = await resolveCommandSecretRefsViaGateway({ - config: loadedRaw, - commandName: "status --all", - targetIds: getStatusCommandSecretTargetIds(), - mode: "read_only_status", - }); + const { resolvedConfig: cfg, diagnostics: secretDiagnostics } = + await resolveCommandSecretRefsViaGateway({ + config: loadedRaw, + commandName: "status --all", + targetIds: getStatusCommandSecretTargetIds(), + mode: "read_only_status", + }); const osSummary = resolveOsSummary(); const snap = await readConfigFileSnapshot().catch(() => null); progress.tick(); @@ -328,6 +329,13 @@ export async function statusAllCommand( Item: "Agents", Value: `${agentStatus.agents.length} total · ${agentStatus.bootstrapPendingCount} bootstrapping · ${aliveAgents} active · ${agentStatus.totalSessions} sessions`, }, + { + Item: "Secrets", + Value: + secretDiagnostics.length > 0 + ? `${secretDiagnostics.length} diagnostic${secretDiagnostics.length === 1 ? "" : "s"}` + : "none", + }, ]; const lines = await buildStatusAllReportLines({ @@ -343,6 +351,7 @@ export async function statusAllCommand( diagnosis: { snap, remoteUrlMissing, + secretDiagnostics, sentinel, lastErr, port, diff --git a/src/commands/status-all/diagnosis.ts b/src/commands/status-all/diagnosis.ts index 59140e49b44..5b866413021 100644 --- a/src/commands/status-all/diagnosis.ts +++ b/src/commands/status-all/diagnosis.ts @@ -50,6 +50,7 @@ export async function appendStatusAllDiagnosis(params: { connectionDetailsForReport: string; snap: ConfigSnapshotLike | null; remoteUrlMissing: boolean; + secretDiagnostics: string[]; sentinel: { payload?: RestartSentinelPayload | null } | null; lastErr: string | null; port: number; @@ -104,6 +105,17 @@ export async function appendStatusAllDiagnosis(params: { lines.push(` ${muted("Fix: set gateway.remote.url, or set gateway.mode=local.")}`); } + emitCheck( + `Secret diagnostics (${params.secretDiagnostics.length})`, + params.secretDiagnostics.length === 0 ? "ok" : "warn", + ); + for (const diagnostic of params.secretDiagnostics.slice(0, 10)) { + lines.push(` - ${muted(redactSecrets(diagnostic))}`); + } + if (params.secretDiagnostics.length > 10) { + lines.push(` ${muted(`… +${params.secretDiagnostics.length - 10} more`)}`); + } + if (params.sentinel?.payload) { emitCheck("Restart sentinel present", "warn"); lines.push( diff --git a/src/commands/status-all/report-lines.test.ts b/src/commands/status-all/report-lines.test.ts index 5769bc0d41d..0a71665224c 100644 --- a/src/commands/status-all/report-lines.test.ts +++ b/src/commands/status-all/report-lines.test.ts @@ -46,6 +46,7 @@ describe("buildStatusAllReportLines", () => { diagnosis: { snap: null, remoteUrlMissing: false, + secretDiagnostics: [], sentinel: null, lastErr: null, port: 18789, @@ -70,5 +71,10 @@ describe("buildStatusAllReportLines", () => { expect(output).toContain("Bootstrap file"); expect(output).toContain("PRESENT"); expect(output).toContain("ABSENT"); + expect(diagnosisSpy).toHaveBeenCalledWith( + expect.objectContaining({ + secretDiagnostics: [], + }), + ); }); }); diff --git a/src/commands/status.scan.deps.runtime.ts b/src/commands/status.scan.deps.runtime.ts index b9838d2176f..722bcfc1599 100644 --- a/src/commands/status.scan.deps.runtime.ts +++ b/src/commands/status.scan.deps.runtime.ts @@ -1,2 +1,34 @@ -export { getTailnetHostname } from "../infra/tailscale.js"; -export { getMemorySearchManager } from "../memory/index.js"; +import type { OpenClawConfig } from "../config/config.js"; +import { getTailnetHostname } from "../infra/tailscale.js"; +import { getMemorySearchManager as getMemorySearchManagerImpl } from "../memory/index.js"; +import type { MemoryProviderStatus } from "../memory/types.js"; + +export { getTailnetHostname }; + +type StatusMemoryManager = { + probeVectorAvailability(): Promise; + status(): MemoryProviderStatus; + close?(): Promise; +}; + +export async function getMemorySearchManager(params: { + cfg: OpenClawConfig; + agentId: string; + purpose: "status"; +}): Promise<{ manager: StatusMemoryManager | null }> { + const { manager } = await getMemorySearchManagerImpl(params); + if (!manager) { + return { manager: null }; + } + return { + manager: { + async probeVectorAvailability() { + return await manager.probeVectorAvailability(); + }, + status() { + return manager.status(); + }, + close: manager.close ? async () => await manager.close?.() : undefined, + }, + }; +} diff --git a/src/commands/status.scan.fast-json.ts b/src/commands/status.scan.fast-json.ts index 505084ef992..73b0b1feae6 100644 --- a/src/commands/status.scan.fast-json.ts +++ b/src/commands/status.scan.fast-json.ts @@ -2,53 +2,25 @@ import { existsSync } from "node:fs"; import os from "node:os"; import path from "node:path"; import { hasPotentialConfiguredChannels } from "../channels/config-presence.js"; -import { resolveConfigPath, resolveGatewayPort, resolveStateDir } from "../config/paths.js"; +import { resolveConfigPath, resolveStateDir } from "../config/paths.js"; import type { OpenClawConfig } from "../config/types.js"; -import { isSecureWebSocketUrl } from "../gateway/net.js"; -import { probeGateway } from "../gateway/probe.js"; import { resolveOsSummary } from "../infra/os-summary.js"; -import type { MemoryProviderStatus } from "../memory/types.js"; import { runExec } from "../process/exec.js"; import type { RuntimeEnv } from "../runtime.js"; import { getAgentLocalStatuses } from "./status.agent-local.js"; -import { - pickGatewaySelfPresence, - resolveGatewayProbeAuthResolution, -} from "./status.gateway-probe.js"; import type { StatusScanResult } from "./status.scan.js"; +import { + buildTailscaleHttpsUrl, + pickGatewaySelfPresence, + resolveGatewayProbeSnapshot, + resolveMemoryPluginStatus, + resolveSharedMemoryStatusSnapshot, + type MemoryPluginStatus, + type MemoryStatusSnapshot, +} from "./status.scan.shared.js"; import { getStatusSummary } from "./status.summary.js"; import { getUpdateCheckResult } from "./status.update.js"; -type MemoryStatusSnapshot = MemoryProviderStatus & { - agentId: string; -}; - -type MemoryPluginStatus = { - enabled: boolean; - slot: string | null; - reason?: string; -}; - -type GatewayConnectionDetails = { - url: string; - urlSource: string; - bindDetail?: string; - remoteFallbackNote?: string; - message: string; -}; - -type GatewayProbeSnapshot = { - gatewayConnection: GatewayConnectionDetails; - remoteUrlMissing: boolean; - gatewayMode: "local" | "remote"; - gatewayProbeAuth: { - token?: string; - password?: string; - }; - gatewayProbeAuthWarning?: string; - gatewayProbe: Awaited> | null; -}; - let pluginRegistryModulePromise: Promise | undefined; let configIoModulePromise: Promise | undefined; let commandSecretTargetsModulePromise: @@ -100,204 +72,25 @@ function shouldSkipMissingConfigFastPath(): boolean { ); } -function hasExplicitMemorySearchConfig(cfg: OpenClawConfig, agentId: string): boolean { - if ( - cfg.agents?.defaults && - Object.prototype.hasOwnProperty.call(cfg.agents.defaults, "memorySearch") - ) { - return true; - } - const agents = Array.isArray(cfg.agents?.list) ? cfg.agents.list : []; - return agents.some( - (agent) => agent?.id === agentId && Object.prototype.hasOwnProperty.call(agent, "memorySearch"), - ); -} - -function normalizeControlUiBasePath(basePath?: string): string { - if (!basePath) { - return ""; - } - let normalized = basePath.trim(); - if (!normalized) { - return ""; - } - if (!normalized.startsWith("/")) { - normalized = `/${normalized}`; - } - if (normalized === "/") { - return ""; - } - if (normalized.endsWith("/")) { - normalized = normalized.slice(0, -1); - } - return normalized; -} - -function trimToUndefined(value: string | undefined): string | undefined { - const trimmed = value?.trim(); - return trimmed ? trimmed : undefined; -} - -function buildGatewayConnectionDetails(options: { - config: OpenClawConfig; - url?: string; - configPath?: string; - urlSource?: "cli" | "env"; -}): GatewayConnectionDetails { - const config = options.config; - const configPath = - options.configPath ?? resolveConfigPath(process.env, resolveStateDir(process.env)); - const isRemoteMode = config.gateway?.mode === "remote"; - const remote = isRemoteMode ? config.gateway?.remote : undefined; - const tlsEnabled = config.gateway?.tls?.enabled === true; - const localPort = resolveGatewayPort(config); - const bindMode = config.gateway?.bind ?? "loopback"; - const scheme = tlsEnabled ? "wss" : "ws"; - const localUrl = `${scheme}://127.0.0.1:${localPort}`; - const cliUrlOverride = - typeof options.url === "string" && options.url.trim().length > 0 - ? options.url.trim() - : undefined; - const envUrlOverride = cliUrlOverride - ? undefined - : (trimToUndefined(process.env.OPENCLAW_GATEWAY_URL) ?? - trimToUndefined(process.env.CLAWDBOT_GATEWAY_URL)); - const urlOverride = cliUrlOverride ?? envUrlOverride; - const remoteUrl = - typeof remote?.url === "string" && remote.url.trim().length > 0 ? remote.url.trim() : undefined; - const remoteMisconfigured = isRemoteMode && !urlOverride && !remoteUrl; - const urlSourceHint = - options.urlSource ?? (cliUrlOverride ? "cli" : envUrlOverride ? "env" : undefined); - const url = urlOverride || remoteUrl || localUrl; - const urlSource = urlOverride - ? urlSourceHint === "env" - ? "env OPENCLAW_GATEWAY_URL" - : "cli --url" - : remoteUrl - ? "config gateway.remote.url" - : remoteMisconfigured - ? "missing gateway.remote.url (fallback local)" - : "local loopback"; - const bindDetail = !urlOverride && !remoteUrl ? `Bind: ${bindMode}` : undefined; - const remoteFallbackNote = remoteMisconfigured - ? "Warn: gateway.mode=remote but gateway.remote.url is missing; set gateway.remote.url or switch gateway.mode=local." - : undefined; - const allowPrivateWs = process.env.OPENCLAW_ALLOW_INSECURE_PRIVATE_WS === "1"; - if (!isSecureWebSocketUrl(url, { allowPrivateWs })) { - throw new Error( - [ - `SECURITY ERROR: Gateway URL "${url}" uses plaintext ws:// to a non-loopback address.`, - "Both credentials and chat data would be exposed to network interception.", - `Source: ${urlSource}`, - `Config: ${configPath}`, - ].join("\n"), - ); - } - return { - url, - urlSource, - bindDetail, - remoteFallbackNote, - message: [ - `Gateway target: ${url}`, - `Source: ${urlSource}`, - `Config: ${configPath}`, - bindDetail, - remoteFallbackNote, - ] - .filter(Boolean) - .join("\n"), - }; -} - function resolveDefaultMemoryStorePath(agentId: string): string { return path.join(resolveStateDir(process.env, os.homedir), "memory", `${agentId}.sqlite`); } -function resolveMemoryPluginStatus(cfg: OpenClawConfig): MemoryPluginStatus { - const pluginsEnabled = cfg.plugins?.enabled !== false; - if (!pluginsEnabled) { - return { enabled: false, slot: null, reason: "plugins disabled" }; - } - const raw = typeof cfg.plugins?.slots?.memory === "string" ? cfg.plugins.slots.memory.trim() : ""; - if (raw && raw.toLowerCase() === "none") { - return { enabled: false, slot: null, reason: 'plugins.slots.memory="none"' }; - } - return { enabled: true, slot: raw || "memory-core" }; -} - -async function resolveGatewayProbeSnapshot(params: { - cfg: OpenClawConfig; - opts: { timeoutMs?: number; all?: boolean }; -}): Promise { - const gatewayConnection = buildGatewayConnectionDetails({ config: params.cfg }); - const isRemoteMode = params.cfg.gateway?.mode === "remote"; - const remoteUrlRaw = - typeof params.cfg.gateway?.remote?.url === "string" ? params.cfg.gateway.remote.url : ""; - const remoteUrlMissing = isRemoteMode && !remoteUrlRaw.trim(); - const gatewayMode = isRemoteMode ? "remote" : "local"; - const gatewayProbeAuthResolution = resolveGatewayProbeAuthResolution(params.cfg); - let gatewayProbeAuthWarning = gatewayProbeAuthResolution.warning; - const gatewayProbe = remoteUrlMissing - ? null - : await probeGateway({ - url: gatewayConnection.url, - auth: gatewayProbeAuthResolution.auth, - timeoutMs: Math.min(params.opts.all ? 5000 : 2500, params.opts.timeoutMs ?? 10_000), - detailLevel: "presence", - }).catch(() => null); - if (gatewayProbeAuthWarning && gatewayProbe?.ok === false) { - gatewayProbe.error = gatewayProbe.error - ? `${gatewayProbe.error}; ${gatewayProbeAuthWarning}` - : gatewayProbeAuthWarning; - gatewayProbeAuthWarning = undefined; - } - return { - gatewayConnection, - remoteUrlMissing, - gatewayMode, - gatewayProbeAuth: gatewayProbeAuthResolution.auth, - gatewayProbeAuthWarning, - gatewayProbe, - }; -} - async function resolveMemoryStatusSnapshot(params: { cfg: OpenClawConfig; agentStatus: Awaited>; memoryPlugin: MemoryPluginStatus; }): Promise { - const { cfg, agentStatus, memoryPlugin } = params; - if (!memoryPlugin.enabled || memoryPlugin.slot !== "memory-core") { - return null; - } - const agentId = agentStatus.defaultId ?? "main"; - const explicitMemoryConfig = hasExplicitMemorySearchConfig(cfg, agentId); - const defaultStorePath = resolveDefaultMemoryStorePath(agentId); - if (!explicitMemoryConfig && !existsSync(defaultStorePath)) { - return null; - } const { resolveMemorySearchConfig } = await loadMemorySearchModule(); - const resolvedMemory = resolveMemorySearchConfig(cfg, agentId); - if (!resolvedMemory) { - return null; - } - const shouldInspectStore = - hasExplicitMemorySearchConfig(cfg, agentId) || existsSync(resolvedMemory.store.path); - if (!shouldInspectStore) { - return null; - } const { getMemorySearchManager } = await loadStatusScanDepsRuntimeModule(); - const { manager } = await getMemorySearchManager({ cfg, agentId, purpose: "status" }); - if (!manager) { - return null; - } - try { - await manager.probeVectorAvailability(); - } catch {} - const status = manager.status(); - await manager.close?.().catch(() => {}); - return { agentId, ...status }; + return await resolveSharedMemoryStatusSnapshot({ + cfg: params.cfg, + agentStatus: params.agentStatus, + memoryPlugin: params.memoryPlugin, + resolveMemoryConfig: resolveMemorySearchConfig, + getMemorySearchManager, + requireDefaultStore: resolveDefaultMemoryStorePath, + }); } async function readStatusSourceConfig(): Promise { @@ -372,10 +165,11 @@ export async function scanStatusJsonFast( gatewayProbePromise, summaryPromise, ]); - const tailscaleHttpsUrl = - tailscaleMode !== "off" && tailscaleDns - ? `https://${tailscaleDns}${normalizeControlUiBasePath(cfg.gateway?.controlUi?.basePath)}` - : null; + const tailscaleHttpsUrl = buildTailscaleHttpsUrl({ + tailscaleMode, + tailscaleDns, + controlUiBasePath: cfg.gateway?.controlUi?.basePath, + }); const { gatewayConnection, diff --git a/src/commands/status.scan.runtime.ts b/src/commands/status.scan.runtime.ts index 372b31f4803..a783d0a94d6 100644 --- a/src/commands/status.scan.runtime.ts +++ b/src/commands/status.scan.runtime.ts @@ -1,2 +1,7 @@ -export { collectChannelStatusIssues } from "../infra/channels-status-issues.js"; -export { buildChannelsTable } from "./status-all/channels.js"; +import { collectChannelStatusIssues } from "../infra/channels-status-issues.js"; +import { buildChannelsTable } from "./status-all/channels.js"; + +export const statusScanRuntime = { + collectChannelStatusIssues, + buildChannelsTable, +}; diff --git a/src/commands/status.scan.shared.ts b/src/commands/status.scan.shared.ts new file mode 100644 index 00000000000..6f28bcd7773 --- /dev/null +++ b/src/commands/status.scan.shared.ts @@ -0,0 +1,157 @@ +import { existsSync } from "node:fs"; +import type { OpenClawConfig } from "../config/types.js"; +import { buildGatewayConnectionDetails } from "../gateway/call.js"; +import { normalizeControlUiBasePath } from "../gateway/control-ui-shared.js"; +import { probeGateway } from "../gateway/probe.js"; +import type { MemoryProviderStatus } from "../memory/types.js"; +import { + pickGatewaySelfPresence, + resolveGatewayProbeAuthResolution, +} from "./status.gateway-probe.js"; + +export type MemoryStatusSnapshot = MemoryProviderStatus & { + agentId: string; +}; + +export type MemoryPluginStatus = { + enabled: boolean; + slot: string | null; + reason?: string; +}; + +export type GatewayProbeSnapshot = { + gatewayConnection: ReturnType; + remoteUrlMissing: boolean; + gatewayMode: "local" | "remote"; + gatewayProbeAuth: { + token?: string; + password?: string; + }; + gatewayProbeAuthWarning?: string; + gatewayProbe: Awaited> | null; +}; + +export function hasExplicitMemorySearchConfig(cfg: OpenClawConfig, agentId: string): boolean { + if ( + cfg.agents?.defaults && + Object.prototype.hasOwnProperty.call(cfg.agents.defaults, "memorySearch") + ) { + return true; + } + const agents = Array.isArray(cfg.agents?.list) ? cfg.agents.list : []; + return agents.some( + (agent) => agent?.id === agentId && Object.prototype.hasOwnProperty.call(agent, "memorySearch"), + ); +} + +export function resolveMemoryPluginStatus(cfg: OpenClawConfig): MemoryPluginStatus { + const pluginsEnabled = cfg.plugins?.enabled !== false; + if (!pluginsEnabled) { + return { enabled: false, slot: null, reason: "plugins disabled" }; + } + const raw = typeof cfg.plugins?.slots?.memory === "string" ? cfg.plugins.slots.memory.trim() : ""; + if (raw && raw.toLowerCase() === "none") { + return { enabled: false, slot: null, reason: 'plugins.slots.memory="none"' }; + } + return { enabled: true, slot: raw || "memory-core" }; +} + +export async function resolveGatewayProbeSnapshot(params: { + cfg: OpenClawConfig; + opts: { timeoutMs?: number; all?: boolean }; +}): Promise { + const gatewayConnection = buildGatewayConnectionDetails({ config: params.cfg }); + const isRemoteMode = params.cfg.gateway?.mode === "remote"; + const remoteUrlRaw = + typeof params.cfg.gateway?.remote?.url === "string" ? params.cfg.gateway.remote.url : ""; + const remoteUrlMissing = isRemoteMode && !remoteUrlRaw.trim(); + const gatewayMode = isRemoteMode ? "remote" : "local"; + const gatewayProbeAuthResolution = resolveGatewayProbeAuthResolution(params.cfg); + let gatewayProbeAuthWarning = gatewayProbeAuthResolution.warning; + const gatewayProbe = remoteUrlMissing + ? null + : await probeGateway({ + url: gatewayConnection.url, + auth: gatewayProbeAuthResolution.auth, + timeoutMs: Math.min(params.opts.all ? 5000 : 2500, params.opts.timeoutMs ?? 10_000), + detailLevel: "presence", + }).catch(() => null); + if (gatewayProbeAuthWarning && gatewayProbe?.ok === false) { + gatewayProbe.error = gatewayProbe.error + ? `${gatewayProbe.error}; ${gatewayProbeAuthWarning}` + : gatewayProbeAuthWarning; + gatewayProbeAuthWarning = undefined; + } + return { + gatewayConnection, + remoteUrlMissing, + gatewayMode, + gatewayProbeAuth: gatewayProbeAuthResolution.auth, + gatewayProbeAuthWarning, + gatewayProbe, + }; +} + +export function buildTailscaleHttpsUrl(params: { + tailscaleMode: string; + tailscaleDns: string | null; + controlUiBasePath?: string; +}): string | null { + return params.tailscaleMode !== "off" && params.tailscaleDns + ? `https://${params.tailscaleDns}${normalizeControlUiBasePath(params.controlUiBasePath)}` + : null; +} + +export async function resolveSharedMemoryStatusSnapshot(params: { + cfg: OpenClawConfig; + agentStatus: { defaultId?: string | null }; + memoryPlugin: MemoryPluginStatus; + resolveMemoryConfig: (cfg: OpenClawConfig, agentId: string) => { store: { path: string } } | null; + getMemorySearchManager: (params: { + cfg: OpenClawConfig; + agentId: string; + purpose: "status"; + }) => Promise<{ + manager: { + probeVectorAvailability(): Promise; + status(): MemoryProviderStatus; + close?(): Promise; + } | null; + }>; + requireDefaultStore?: (agentId: string) => string | null; +}): Promise { + const { cfg, agentStatus, memoryPlugin } = params; + if (!memoryPlugin.enabled || memoryPlugin.slot !== "memory-core") { + return null; + } + const agentId = agentStatus.defaultId ?? "main"; + const defaultStorePath = params.requireDefaultStore?.(agentId); + if ( + defaultStorePath && + !hasExplicitMemorySearchConfig(cfg, agentId) && + !existsSync(defaultStorePath) + ) { + return null; + } + const resolvedMemory = params.resolveMemoryConfig(cfg, agentId); + if (!resolvedMemory) { + return null; + } + const shouldInspectStore = + hasExplicitMemorySearchConfig(cfg, agentId) || existsSync(resolvedMemory.store.path); + if (!shouldInspectStore) { + return null; + } + const { manager } = await params.getMemorySearchManager({ cfg, agentId, purpose: "status" }); + if (!manager) { + return null; + } + try { + await manager.probeVectorAvailability(); + } catch {} + const status = manager.status(); + await manager.close?.().catch(() => {}); + return { agentId, ...status }; +} + +export { pickGatewaySelfPresence }; diff --git a/src/commands/status.scan.test.ts b/src/commands/status.scan.test.ts index edb77ae4fcf..899aea2b267 100644 --- a/src/commands/status.scan.test.ts +++ b/src/commands/status.scan.test.ts @@ -1,6 +1,7 @@ -import { describe, expect, it, vi } from "vitest"; +import { beforeEach, describe, expect, it, vi } from "vitest"; const mocks = vi.hoisted(() => ({ + hasPotentialConfiguredChannels: vi.fn(), readBestEffortConfig: vi.fn(), resolveCommandSecretRefsViaGateway: vi.fn(), buildChannelsTable: vi.fn(), @@ -15,6 +16,15 @@ const mocks = vi.hoisted(() => ({ ensurePluginRegistryLoaded: vi.fn(), })); +beforeEach(() => { + vi.clearAllMocks(); + mocks.hasPotentialConfiguredChannels.mockReturnValue(false); +}); + +vi.mock("../channels/config-presence.js", () => ({ + hasPotentialConfiguredChannels: mocks.hasPotentialConfiguredChannels, +})); + vi.mock("../cli/progress.js", () => ({ withProgress: vi.fn(async (_opts, run) => await run({ setLabel: vi.fn(), tick: vi.fn() })), })); @@ -32,8 +42,10 @@ vi.mock("./status-all/channels.js", () => ({ })); vi.mock("./status.scan.runtime.js", () => ({ - buildChannelsTable: mocks.buildChannelsTable, - collectChannelStatusIssues: vi.fn(() => []), + statusScanRuntime: { + buildChannelsTable: mocks.buildChannelsTable, + collectChannelStatusIssues: vi.fn(() => []), + }, })); vi.mock("./status.update.js", () => ({ @@ -333,6 +345,7 @@ describe("scanStatus", () => { }); it("preloads configured channel plugins for status --json when channel config exists", async () => { + mocks.hasPotentialConfiguredChannels.mockReturnValue(true); mocks.readBestEffortConfig.mockResolvedValue({ session: {}, plugins: { enabled: false }, @@ -395,6 +408,7 @@ describe("scanStatus", () => { }); it("preloads configured channel plugins for status --json when channel auth is env-only", async () => { + mocks.hasPotentialConfiguredChannels.mockReturnValue(true); const prevMatrixToken = process.env.MATRIX_ACCESS_TOKEN; process.env.MATRIX_ACCESS_TOKEN = "token"; mocks.readBestEffortConfig.mockResolvedValue({ diff --git a/src/commands/status.scan.ts b/src/commands/status.scan.ts index 6c2bd67f3dd..e7d05542743 100644 --- a/src/commands/status.scan.ts +++ b/src/commands/status.scan.ts @@ -1,4 +1,3 @@ -import { existsSync } from "node:fs"; import { resolveMemorySearchConfig } from "../agents/memory-search.js"; import { hasPotentialConfiguredChannels } from "../channels/config-presence.js"; import { resolveCommandSecretRefsViaGateway } from "../cli/command-secret-gateway.js"; @@ -6,64 +5,30 @@ import { getStatusCommandSecretTargetIds } from "../cli/command-secret-targets.j import { withProgress } from "../cli/progress.js"; import type { OpenClawConfig } from "../config/config.js"; import { readBestEffortConfig } from "../config/config.js"; -import { buildGatewayConnectionDetails, callGateway } from "../gateway/call.js"; -import { normalizeControlUiBasePath } from "../gateway/control-ui-shared.js"; -import { probeGateway } from "../gateway/probe.js"; +import { callGateway } from "../gateway/call.js"; +import type { collectChannelStatusIssues as collectChannelStatusIssuesFn } from "../infra/channels-status-issues.js"; import { resolveOsSummary } from "../infra/os-summary.js"; -import type { MemoryProviderStatus } from "../memory/types.js"; import { runExec } from "../process/exec.js"; import type { RuntimeEnv } from "../runtime.js"; +import { createLazyRuntimeSurface } from "../shared/lazy-runtime.js"; +import type { buildChannelsTable as buildChannelsTableFn } from "./status-all/channels.js"; import { getAgentLocalStatuses } from "./status.agent-local.js"; import { + buildTailscaleHttpsUrl, pickGatewaySelfPresence, - resolveGatewayProbeAuthResolution, -} from "./status.gateway-probe.js"; -import type { - buildChannelsTable as buildChannelsTableFn, - collectChannelStatusIssues as collectChannelStatusIssuesFn, -} from "./status.scan.runtime.js"; + resolveGatewayProbeSnapshot, + resolveMemoryPluginStatus, + resolveSharedMemoryStatusSnapshot, + type GatewayProbeSnapshot, + type MemoryPluginStatus, + type MemoryStatusSnapshot, +} from "./status.scan.shared.js"; import { getStatusSummary } from "./status.summary.js"; import { getUpdateCheckResult } from "./status.update.js"; -type MemoryStatusSnapshot = MemoryProviderStatus & { - agentId: string; -}; - -type MemoryPluginStatus = { - enabled: boolean; - slot: string | null; - reason?: string; -}; - -function hasExplicitMemorySearchConfig(cfg: OpenClawConfig, agentId: string): boolean { - if ( - cfg.agents?.defaults && - Object.prototype.hasOwnProperty.call(cfg.agents.defaults, "memorySearch") - ) { - return true; - } - const agents = Array.isArray(cfg.agents?.list) ? cfg.agents.list : []; - return agents.some( - (agent) => agent?.id === agentId && Object.prototype.hasOwnProperty.call(agent, "memorySearch"), - ); -} - type DeferredResult = { ok: true; value: T } | { ok: false; error: unknown }; -type GatewayProbeSnapshot = { - gatewayConnection: ReturnType; - remoteUrlMissing: boolean; - gatewayMode: "local" | "remote"; - gatewayProbeAuth: { - token?: string; - password?: string; - }; - gatewayProbeAuthWarning?: string; - gatewayProbe: Awaited> | null; -}; - let pluginRegistryModulePromise: Promise | undefined; -let statusScanRuntimeModulePromise: Promise | undefined; let statusScanDepsRuntimeModulePromise: | Promise | undefined; @@ -73,10 +38,10 @@ function loadPluginRegistryModule() { return pluginRegistryModulePromise; } -function loadStatusScanRuntimeModule() { - statusScanRuntimeModulePromise ??= import("./status.scan.runtime.js"); - return statusScanRuntimeModulePromise; -} +const loadStatusScanRuntimeModule = createLazyRuntimeSurface( + () => import("./status.scan.runtime.js"), + ({ statusScanRuntime }) => statusScanRuntime, +); function loadStatusScanDepsRuntimeModule() { statusScanDepsRuntimeModulePromise ??= import("./status.scan.deps.runtime.js"); @@ -97,54 +62,6 @@ function unwrapDeferredResult(result: DeferredResult): T { return result.value; } -function resolveMemoryPluginStatus(cfg: OpenClawConfig): MemoryPluginStatus { - const pluginsEnabled = cfg.plugins?.enabled !== false; - if (!pluginsEnabled) { - return { enabled: false, slot: null, reason: "plugins disabled" }; - } - const raw = typeof cfg.plugins?.slots?.memory === "string" ? cfg.plugins.slots.memory.trim() : ""; - if (raw && raw.toLowerCase() === "none") { - return { enabled: false, slot: null, reason: 'plugins.slots.memory="none"' }; - } - return { enabled: true, slot: raw || "memory-core" }; -} - -async function resolveGatewayProbeSnapshot(params: { - cfg: OpenClawConfig; - opts: { timeoutMs?: number; all?: boolean }; -}): Promise { - const gatewayConnection = buildGatewayConnectionDetails({ config: params.cfg }); - const isRemoteMode = params.cfg.gateway?.mode === "remote"; - const remoteUrlRaw = - typeof params.cfg.gateway?.remote?.url === "string" ? params.cfg.gateway.remote.url : ""; - const remoteUrlMissing = isRemoteMode && !remoteUrlRaw.trim(); - const gatewayMode = isRemoteMode ? "remote" : "local"; - const gatewayProbeAuthResolution = resolveGatewayProbeAuthResolution(params.cfg); - let gatewayProbeAuthWarning = gatewayProbeAuthResolution.warning; - const gatewayProbe = remoteUrlMissing - ? null - : await probeGateway({ - url: gatewayConnection.url, - auth: gatewayProbeAuthResolution.auth, - timeoutMs: Math.min(params.opts.all ? 5000 : 2500, params.opts.timeoutMs ?? 10_000), - detailLevel: "presence", - }).catch(() => null); - if (gatewayProbeAuthWarning && gatewayProbe?.ok === false) { - gatewayProbe.error = gatewayProbe.error - ? `${gatewayProbe.error}; ${gatewayProbeAuthWarning}` - : gatewayProbeAuthWarning; - gatewayProbeAuthWarning = undefined; - } - return { - gatewayConnection, - remoteUrlMissing, - gatewayMode, - gatewayProbeAuth: gatewayProbeAuthResolution.auth, - gatewayProbeAuthWarning, - gatewayProbe, - }; -} - async function resolveChannelsStatus(params: { cfg: OpenClawConfig; gatewayReachable: boolean; @@ -173,7 +90,7 @@ export type StatusScanResult = { tailscaleDns: string | null; tailscaleHttpsUrl: string | null; update: Awaited>; - gatewayConnection: ReturnType; + gatewayConnection: GatewayProbeSnapshot["gatewayConnection"]; remoteUrlMissing: boolean; gatewayMode: "local" | "remote"; gatewayProbeAuth: { @@ -181,7 +98,7 @@ export type StatusScanResult = { password?: string; }; gatewayProbeAuthWarning?: string; - gatewayProbe: Awaited> | null; + gatewayProbe: GatewayProbeSnapshot["gatewayProbe"]; gatewayReachable: boolean; gatewaySelf: ReturnType; channelIssues: ReturnType; @@ -197,34 +114,14 @@ async function resolveMemoryStatusSnapshot(params: { agentStatus: Awaited>; memoryPlugin: MemoryPluginStatus; }): Promise { - const { cfg, agentStatus, memoryPlugin } = params; - if (!memoryPlugin.enabled) { - return null; - } - if (memoryPlugin.slot !== "memory-core") { - return null; - } - const agentId = agentStatus.defaultId ?? "main"; - const resolvedMemory = resolveMemorySearchConfig(cfg, agentId); - if (!resolvedMemory) { - return null; - } - const shouldInspectStore = - hasExplicitMemorySearchConfig(cfg, agentId) || existsSync(resolvedMemory.store.path); - if (!shouldInspectStore) { - return null; - } const { getMemorySearchManager } = await loadStatusScanDepsRuntimeModule(); - const { manager } = await getMemorySearchManager({ cfg, agentId, purpose: "status" }); - if (!manager) { - return null; - } - try { - await manager.probeVectorAvailability(); - } catch {} - const status = manager.status(); - await manager.close?.().catch(() => {}); - return { agentId, ...status }; + return await resolveSharedMemoryStatusSnapshot({ + cfg: params.cfg, + agentStatus: params.agentStatus, + memoryPlugin: params.memoryPlugin, + resolveMemoryConfig: resolveMemorySearchConfig, + getMemorySearchManager, + }); } async function scanStatusJsonFast(opts: { @@ -274,10 +171,11 @@ async function scanStatusJsonFast(opts: { gatewayProbePromise, summaryPromise, ]); - const tailscaleHttpsUrl = - tailscaleMode !== "off" && tailscaleDns - ? `https://${tailscaleDns}${normalizeControlUiBasePath(cfg.gateway?.controlUi?.basePath)}` - : null; + const tailscaleHttpsUrl = buildTailscaleHttpsUrl({ + tailscaleMode, + tailscaleDns, + controlUiBasePath: cfg.gateway?.controlUi?.basePath, + }); const { gatewayConnection, @@ -376,10 +274,11 @@ export async function scanStatus( progress.setLabel("Checking Tailscale…"); const tailscaleDns = await tailscaleDnsPromise; - const tailscaleHttpsUrl = - tailscaleMode !== "off" && tailscaleDns - ? `https://${tailscaleDns}${normalizeControlUiBasePath(cfg.gateway?.controlUi?.basePath)}` - : null; + const tailscaleHttpsUrl = buildTailscaleHttpsUrl({ + tailscaleMode, + tailscaleDns, + controlUiBasePath: cfg.gateway?.controlUi?.basePath, + }); progress.tick(); progress.setLabel("Checking for updates…"); diff --git a/src/commands/status.summary.runtime.ts b/src/commands/status.summary.runtime.ts index df1ae881d4f..e4b08a49856 100644 --- a/src/commands/status.summary.runtime.ts +++ b/src/commands/status.summary.runtime.ts @@ -1,2 +1,8 @@ -export { resolveContextTokensForModel } from "../agents/context.js"; -export { classifySessionKey, resolveSessionModelRef } from "../gateway/session-utils.js"; +import { resolveContextTokensForModel } from "../agents/context.js"; +import { classifySessionKey, resolveSessionModelRef } from "../gateway/session-utils.js"; + +export const statusSummaryRuntime = { + resolveContextTokensForModel, + classifySessionKey, + resolveSessionModelRef, +}; diff --git a/src/commands/status.summary.test.ts b/src/commands/status.summary.test.ts index 12ce55844c3..2f4f9ce260f 100644 --- a/src/commands/status.summary.test.ts +++ b/src/commands/status.summary.test.ts @@ -77,14 +77,17 @@ vi.mock("./status.link-channel.js", () => ({ resolveLinkChannelContext: vi.fn(async () => undefined), })); +const { hasPotentialConfiguredChannels } = await import("../channels/config-presence.js"); +const { buildChannelSummary } = await import("../infra/channel-summary.js"); +const { resolveLinkChannelContext } = await import("./status.link-channel.js"); +const { getStatusSummary } = await import("./status.summary.js"); + describe("getStatusSummary", () => { beforeEach(() => { vi.clearAllMocks(); }); it("includes runtimeVersion in the status payload", async () => { - const { getStatusSummary } = await import("./status.summary.js"); - const summary = await getStatusSummary(); expect(summary.runtimeVersion).toBe("2026.3.8"); @@ -93,11 +96,7 @@ describe("getStatusSummary", () => { }); it("skips channel summary imports when no channels are configured", async () => { - const { hasPotentialConfiguredChannels } = await import("../channels/config-presence.js"); vi.mocked(hasPotentialConfiguredChannels).mockReturnValue(false); - const { buildChannelSummary } = await import("../infra/channel-summary.js"); - const { resolveLinkChannelContext } = await import("./status.link-channel.js"); - const { getStatusSummary } = await import("./status.summary.js"); const summary = await getStatusSummary(); diff --git a/src/commands/status.summary.ts b/src/commands/status.summary.ts index c5c3f174547..c235765b406 100644 --- a/src/commands/status.summary.ts +++ b/src/commands/status.summary.ts @@ -10,14 +10,12 @@ import { listGatewayAgentsBasic } from "../gateway/agent-list.js"; import { resolveHeartbeatSummaryForAgent } from "../infra/heartbeat-summary.js"; import { peekSystemEvents } from "../infra/system-events.js"; import { parseAgentSessionKey } from "../routing/session-key.js"; +import { createLazyRuntimeSurface } from "../shared/lazy-runtime.js"; import { resolveRuntimeServiceVersion } from "../version.js"; import type { HeartbeatStatus, SessionStatus, StatusSummary } from "./status.types.js"; let channelSummaryModulePromise: Promise | undefined; let linkChannelModulePromise: Promise | undefined; -let statusSummaryRuntimeModulePromise: - | Promise - | undefined; let configIoModulePromise: Promise | undefined; function loadChannelSummaryModule() { @@ -30,10 +28,10 @@ function loadLinkChannelModule() { return linkChannelModulePromise; } -function loadStatusSummaryRuntimeModule() { - statusSummaryRuntimeModulePromise ??= import("./status.summary.runtime.js"); - return statusSummaryRuntimeModulePromise; -} +const loadStatusSummaryRuntimeModule = createLazyRuntimeSurface( + () => import("./status.summary.runtime.js"), + ({ statusSummaryRuntime }) => statusSummaryRuntime, +); function loadConfigIoModule() { configIoModulePromise ??= import("../config/io.js"); diff --git a/src/commands/test-wizard-helpers.ts b/src/commands/test-wizard-helpers.ts index 078cd5ef87c..77d6eaa0754 100644 --- a/src/commands/test-wizard-helpers.ts +++ b/src/commands/test-wizard-helpers.ts @@ -1,92 +1 @@ -import fs from "node:fs/promises"; -import path from "node:path"; -import { vi } from "vitest"; -import type { RuntimeEnv } from "../runtime.js"; -import { makeTempWorkspace } from "../test-helpers/workspace.js"; -import { captureEnv } from "../test-utils/env.js"; -import type { WizardPrompter } from "../wizard/prompts.js"; - -export const noopAsync = async () => {}; -export const noop = () => {}; - -export function createExitThrowingRuntime(): RuntimeEnv { - return { - log: vi.fn(), - error: vi.fn(), - exit: vi.fn((code: number) => { - throw new Error(`exit:${code}`); - }), - }; -} - -export function createWizardPrompter( - overrides: Partial, - options?: { defaultSelect?: string }, -): WizardPrompter { - return { - intro: vi.fn(noopAsync), - outro: vi.fn(noopAsync), - note: vi.fn(noopAsync), - select: vi.fn(async () => (options?.defaultSelect ?? "") as never), - multiselect: vi.fn(async () => []), - text: vi.fn(async () => "") as unknown as WizardPrompter["text"], - confirm: vi.fn(async () => false), - progress: vi.fn(() => ({ update: noop, stop: noop })), - ...overrides, - }; -} - -export async function setupAuthTestEnv( - prefix = "openclaw-auth-", - options?: { agentSubdir?: string }, -): Promise<{ - stateDir: string; - agentDir: string; -}> { - const stateDir = await makeTempWorkspace(prefix); - const agentDir = path.join(stateDir, options?.agentSubdir ?? "agent"); - process.env.OPENCLAW_STATE_DIR = stateDir; - process.env.OPENCLAW_AGENT_DIR = agentDir; - process.env.PI_CODING_AGENT_DIR = agentDir; - await fs.mkdir(agentDir, { recursive: true }); - return { stateDir, agentDir }; -} - -export type AuthTestLifecycle = { - setStateDir: (stateDir: string) => void; - cleanup: () => Promise; -}; - -export function createAuthTestLifecycle(envKeys: string[]): AuthTestLifecycle { - const envSnapshot = captureEnv(envKeys); - let stateDir: string | null = null; - return { - setStateDir(nextStateDir: string) { - stateDir = nextStateDir; - }, - async cleanup() { - if (stateDir) { - await fs.rm(stateDir, { recursive: true, force: true }); - stateDir = null; - } - envSnapshot.restore(); - }, - }; -} - -export function requireOpenClawAgentDir(): string { - const agentDir = process.env.OPENCLAW_AGENT_DIR; - if (!agentDir) { - throw new Error("OPENCLAW_AGENT_DIR not set"); - } - return agentDir; -} - -export function authProfilePathForAgent(agentDir: string): string { - return path.join(agentDir, "auth-profiles.json"); -} - -export async function readAuthProfilesForAgent(agentDir: string): Promise { - const raw = await fs.readFile(authProfilePathForAgent(agentDir), "utf8"); - return JSON.parse(raw) as T; -} +export * from "../../test/helpers/auth-wizard.js"; diff --git a/src/commands/vllm-setup.ts b/src/commands/vllm-setup.ts index 4c44587c06e..57d9ce0d3e9 100644 --- a/src/commands/vllm-setup.ts +++ b/src/commands/vllm-setup.ts @@ -1,42 +1 @@ -import { - VLLM_DEFAULT_API_KEY_ENV_VAR, - VLLM_DEFAULT_BASE_URL, - VLLM_MODEL_PLACEHOLDER, - VLLM_PROVIDER_LABEL, -} from "../agents/vllm-defaults.js"; -import type { OpenClawConfig } from "../config/config.js"; -import type { WizardPrompter } from "../wizard/prompts.js"; -import { - applyProviderDefaultModel, - SELF_HOSTED_DEFAULT_CONTEXT_WINDOW, - SELF_HOSTED_DEFAULT_COST, - SELF_HOSTED_DEFAULT_MAX_TOKENS, - promptAndConfigureOpenAICompatibleSelfHostedProvider, -} from "./self-hosted-provider-setup.js"; - -export { VLLM_DEFAULT_BASE_URL } from "../agents/vllm-defaults.js"; -export const VLLM_DEFAULT_CONTEXT_WINDOW = SELF_HOSTED_DEFAULT_CONTEXT_WINDOW; -export const VLLM_DEFAULT_MAX_TOKENS = SELF_HOSTED_DEFAULT_MAX_TOKENS; -export const VLLM_DEFAULT_COST = SELF_HOSTED_DEFAULT_COST; - -export async function promptAndConfigureVllm(params: { - cfg: OpenClawConfig; - prompter: WizardPrompter; -}): Promise<{ config: OpenClawConfig; modelId: string; modelRef: string }> { - const result = await promptAndConfigureOpenAICompatibleSelfHostedProvider({ - cfg: params.cfg, - prompter: params.prompter, - providerId: "vllm", - providerLabel: VLLM_PROVIDER_LABEL, - defaultBaseUrl: VLLM_DEFAULT_BASE_URL, - defaultApiKeyEnvVar: VLLM_DEFAULT_API_KEY_ENV_VAR, - modelPlaceholder: VLLM_MODEL_PLACEHOLDER, - }); - return { - config: result.config, - modelId: result.modelId, - modelRef: result.modelRef, - }; -} - -export { applyProviderDefaultModel as applyVllmDefaultModel }; +export * from "../plugins/provider-vllm-setup.js"; diff --git a/src/commands/zai-endpoint-detect.ts b/src/commands/zai-endpoint-detect.ts index b0799088559..a3a53e1f5eb 100644 --- a/src/commands/zai-endpoint-detect.ts +++ b/src/commands/zai-endpoint-detect.ts @@ -1,179 +1 @@ -import { fetchWithTimeout } from "../utils/fetch-timeout.js"; -import { - ZAI_CN_BASE_URL, - ZAI_CODING_CN_BASE_URL, - ZAI_CODING_GLOBAL_BASE_URL, - ZAI_GLOBAL_BASE_URL, -} from "./onboard-auth.models.js"; - -export type ZaiEndpointId = "global" | "cn" | "coding-global" | "coding-cn"; - -export type ZaiDetectedEndpoint = { - endpoint: ZaiEndpointId; - /** Provider baseUrl to store in config. */ - baseUrl: string; - /** Recommended default model id for that endpoint. */ - modelId: string; - /** Human-readable note explaining the choice. */ - note: string; -}; - -type ProbeResult = - | { ok: true } - | { - ok: false; - status?: number; - errorCode?: string; - errorMessage?: string; - }; - -async function probeZaiChatCompletions(params: { - baseUrl: string; - apiKey: string; - modelId: string; - timeoutMs: number; - fetchFn?: typeof fetch; -}): Promise { - try { - const res = await fetchWithTimeout( - `${params.baseUrl}/chat/completions`, - { - method: "POST", - headers: { - authorization: `Bearer ${params.apiKey}`, - "content-type": "application/json", - }, - body: JSON.stringify({ - model: params.modelId, - stream: false, - max_tokens: 1, - messages: [{ role: "user", content: "ping" }], - }), - }, - params.timeoutMs, - params.fetchFn, - ); - - if (res.ok) { - return { ok: true }; - } - - let errorCode: string | undefined; - let errorMessage: string | undefined; - try { - const json = (await res.json()) as { - error?: { code?: unknown; message?: unknown }; - msg?: unknown; - message?: unknown; - }; - const code = json?.error?.code; - const msg = json?.error?.message ?? json?.msg ?? json?.message; - if (typeof code === "string") { - errorCode = code; - } else if (typeof code === "number") { - errorCode = String(code); - } - if (typeof msg === "string") { - errorMessage = msg; - } - } catch { - // ignore - } - - return { ok: false, status: res.status, errorCode, errorMessage }; - } catch { - return { ok: false }; - } -} - -export async function detectZaiEndpoint(params: { - apiKey: string; - endpoint?: ZaiEndpointId; - timeoutMs?: number; - fetchFn?: typeof fetch; -}): Promise { - // Never auto-probe in vitest; it would create flaky network behavior. - if (process.env.VITEST && !params.fetchFn) { - return null; - } - - const timeoutMs = params.timeoutMs ?? 5_000; - const probeCandidates = (() => { - const general = [ - { - endpoint: "global" as const, - baseUrl: ZAI_GLOBAL_BASE_URL, - modelId: "glm-5", - note: "Verified GLM-5 on global endpoint.", - }, - { - endpoint: "cn" as const, - baseUrl: ZAI_CN_BASE_URL, - modelId: "glm-5", - note: "Verified GLM-5 on cn endpoint.", - }, - ]; - const codingGlm5 = [ - { - endpoint: "coding-global" as const, - baseUrl: ZAI_CODING_GLOBAL_BASE_URL, - modelId: "glm-5", - note: "Verified GLM-5 on coding-global endpoint.", - }, - { - endpoint: "coding-cn" as const, - baseUrl: ZAI_CODING_CN_BASE_URL, - modelId: "glm-5", - note: "Verified GLM-5 on coding-cn endpoint.", - }, - ]; - const codingFallback = [ - { - endpoint: "coding-global" as const, - baseUrl: ZAI_CODING_GLOBAL_BASE_URL, - modelId: "glm-4.7", - note: "Coding Plan endpoint verified, but this key/plan does not expose GLM-5 there. Defaulting to GLM-4.7.", - }, - { - endpoint: "coding-cn" as const, - baseUrl: ZAI_CODING_CN_BASE_URL, - modelId: "glm-4.7", - note: "Coding Plan CN endpoint verified, but this key/plan does not expose GLM-5 there. Defaulting to GLM-4.7.", - }, - ]; - - switch (params.endpoint) { - case "global": - return general.filter((candidate) => candidate.endpoint === "global"); - case "cn": - return general.filter((candidate) => candidate.endpoint === "cn"); - case "coding-global": - return [ - ...codingGlm5.filter((candidate) => candidate.endpoint === "coding-global"), - ...codingFallback.filter((candidate) => candidate.endpoint === "coding-global"), - ]; - case "coding-cn": - return [ - ...codingGlm5.filter((candidate) => candidate.endpoint === "coding-cn"), - ...codingFallback.filter((candidate) => candidate.endpoint === "coding-cn"), - ]; - default: - return [...general, ...codingGlm5, ...codingFallback]; - } - })(); - - for (const candidate of probeCandidates) { - const result = await probeZaiChatCompletions({ - baseUrl: candidate.baseUrl, - apiKey: params.apiKey, - modelId: candidate.modelId, - timeoutMs, - fetchFn: params.fetchFn, - }); - if (result.ok) { - return candidate; - } - } - - return null; -} +export * from "../plugins/provider-zai-endpoint.js"; diff --git a/src/config/bindings.ts b/src/config/bindings.ts index b035fa3be15..5cbcd19c552 100644 --- a/src/config/bindings.ts +++ b/src/config/bindings.ts @@ -1,6 +1,8 @@ import type { OpenClawConfig } from "./config.js"; import type { AgentAcpBinding, AgentBinding, AgentRouteBinding } from "./types.agents.js"; +export type ConfiguredBindingRule = AgentBinding; + function normalizeBindingType(binding: AgentBinding): "route" | "acp" { return binding.type === "acp" ? "acp" : "route"; } diff --git a/src/config/config-misc.test.ts b/src/config/config-misc.test.ts index 177711dcc03..43dec5acfef 100644 --- a/src/config/config-misc.test.ts +++ b/src/config/config-misc.test.ts @@ -93,6 +93,40 @@ describe("plugins.entries.*.hooks.allowPromptInjection", () => { }); }); +describe("plugins.entries.*.subagent", () => { + it("accepts trusted subagent override settings", () => { + const result = OpenClawSchema.safeParse({ + plugins: { + entries: { + "voice-call": { + subagent: { + allowModelOverride: true, + allowedModels: ["anthropic/claude-haiku-4-5"], + }, + }, + }, + }, + }); + expect(result.success).toBe(true); + }); + + it("rejects invalid trusted subagent override settings", () => { + const result = OpenClawSchema.safeParse({ + plugins: { + entries: { + "voice-call": { + subagent: { + allowModelOverride: "yes", + allowedModels: [1], + }, + }, + }, + }, + }); + expect(result.success).toBe(false); + }); +}); + describe("web search provider config", () => { it("accepts kimi provider and config", () => { const res = validateConfigObject( diff --git a/src/config/doc-baseline.ts b/src/config/doc-baseline.ts index 4ff03af91e0..396634cb088 100644 --- a/src/config/doc-baseline.ts +++ b/src/config/doc-baseline.ts @@ -7,6 +7,7 @@ import { resolveOpenClawPackageRootSync } from "../infra/openclaw-root.js"; import { loadPluginManifestRegistry } from "../plugins/manifest-registry.js"; import { FIELD_HELP } from "./schema.help.js"; import { buildConfigSchema, type ConfigSchemaResponse } from "./schema.js"; +import { findWildcardHintMatch, schemaHasChildren } from "./schema.shared.js"; type JsonValue = null | boolean | number | string | JsonValue[] | { [key: string]: JsonValue }; @@ -132,24 +133,6 @@ function asSchemaObject(value: unknown): JsonSchemaObject | null { return value as JsonSchemaObject; } -function schemaHasChildren(schema: JsonSchemaObject): boolean { - if (schema.properties && Object.keys(schema.properties).length > 0) { - return true; - } - if (schema.additionalProperties && typeof schema.additionalProperties === "object") { - return true; - } - if (Array.isArray(schema.items)) { - return schema.items.some((entry) => typeof entry === "object" && entry !== null); - } - for (const branch of [schema.oneOf, schema.anyOf, schema.allOf]) { - if (branch?.some((entry) => entry && typeof entry === "object" && schemaHasChildren(entry))) { - return true; - } - } - return Boolean(schema.items && typeof schema.items === "object"); -} - function splitHintLookupPath(path: string): string[] { const normalized = normalizeBaselinePath(path); return normalized ? normalized.split(".").filter(Boolean) : []; @@ -159,45 +142,11 @@ function resolveUiHintMatch( uiHints: ConfigSchemaResponse["uiHints"], path: string, ): ConfigSchemaResponse["uiHints"][string] | undefined { - const targetParts = splitHintLookupPath(path); - let bestMatch: - | { - hint: ConfigSchemaResponse["uiHints"][string]; - wildcardCount: number; - } - | undefined; - - for (const [hintPath, hint] of Object.entries(uiHints)) { - const hintParts = splitHintLookupPath(hintPath); - if (hintParts.length !== targetParts.length) { - continue; - } - - let wildcardCount = 0; - let matches = true; - for (let index = 0; index < hintParts.length; index += 1) { - const hintPart = hintParts[index]; - const targetPart = targetParts[index]; - if (hintPart === targetPart) { - continue; - } - if (hintPart === "*") { - wildcardCount += 1; - continue; - } - matches = false; - break; - } - - if (!matches) { - continue; - } - if (!bestMatch || wildcardCount < bestMatch.wildcardCount) { - bestMatch = { hint, wildcardCount }; - } - } - - return bestMatch?.hint; + return findWildcardHintMatch({ + uiHints, + path, + splitPath: splitHintLookupPath, + })?.hint; } function normalizeTypeValue(value: string | string[] | undefined): string | string[] | undefined { diff --git a/src/config/logging.test.ts b/src/config/logging.test.ts index 6c55961d80d..e410c3f81ba 100644 --- a/src/config/logging.test.ts +++ b/src/config/logging.test.ts @@ -1,4 +1,4 @@ -import { describe, expect, it, vi } from "vitest"; +import { beforeEach, describe, expect, it, vi } from "vitest"; const mocks = vi.hoisted(() => ({ createConfigIO: vi.fn().mockReturnValue({ @@ -10,7 +10,13 @@ vi.mock("./io.js", () => ({ createConfigIO: mocks.createConfigIO, })); -import { formatConfigPath, logConfigUpdated } from "./logging.js"; +let formatConfigPath: typeof import("./logging.js").formatConfigPath; +let logConfigUpdated: typeof import("./logging.js").logConfigUpdated; + +beforeEach(async () => { + vi.resetModules(); + ({ formatConfigPath, logConfigUpdated } = await import("./logging.js")); +}); describe("config logging", () => { it("formats the live config path when no explicit path is provided", () => { diff --git a/src/config/mcp-config.test.ts b/src/config/mcp-config.test.ts new file mode 100644 index 00000000000..bd7032fb8a4 --- /dev/null +++ b/src/config/mcp-config.test.ts @@ -0,0 +1,56 @@ +import fs from "node:fs/promises"; +import { describe, expect, it } from "vitest"; +import { + listConfiguredMcpServers, + setConfiguredMcpServer, + unsetConfiguredMcpServer, +} from "./mcp-config.js"; +import { withTempHomeConfig } from "./test-helpers.js"; + +describe("config mcp config", () => { + it("writes and removes top-level mcp servers", async () => { + await withTempHomeConfig({}, async () => { + const setResult = await setConfiguredMcpServer({ + name: "context7", + server: { + command: "uvx", + args: ["context7-mcp"], + }, + }); + + expect(setResult.ok).toBe(true); + const loaded = await listConfiguredMcpServers(); + expect(loaded.ok).toBe(true); + if (!loaded.ok) { + throw new Error("expected MCP config to load"); + } + expect(loaded.mcpServers.context7).toEqual({ + command: "uvx", + args: ["context7-mcp"], + }); + + const unsetResult = await unsetConfiguredMcpServer({ name: "context7" }); + expect(unsetResult.ok).toBe(true); + + const reloaded = await listConfiguredMcpServers(); + expect(reloaded.ok).toBe(true); + if (!reloaded.ok) { + throw new Error("expected MCP config to reload"); + } + expect(reloaded.mcpServers).toEqual({}); + }); + }); + + it("fails closed when the config file is invalid", async () => { + await withTempHomeConfig({}, async ({ configPath }) => { + await fs.writeFile(configPath, "{", "utf-8"); + + const loaded = await listConfiguredMcpServers(); + expect(loaded.ok).toBe(false); + if (loaded.ok) { + throw new Error("expected invalid config to fail"); + } + expect(loaded.path).toBe(configPath); + }); + }); +}); diff --git a/src/config/mcp-config.ts b/src/config/mcp-config.ts new file mode 100644 index 00000000000..eb24e3c0ae4 --- /dev/null +++ b/src/config/mcp-config.ts @@ -0,0 +1,150 @@ +import { readConfigFileSnapshot, writeConfigFile } from "./io.js"; +import type { OpenClawConfig } from "./types.openclaw.js"; +import { validateConfigObjectWithPlugins } from "./validation.js"; + +export type ConfigMcpServers = Record>; + +type ConfigMcpReadResult = + | { ok: true; path: string; config: OpenClawConfig; mcpServers: ConfigMcpServers } + | { ok: false; path: string; error: string }; + +type ConfigMcpWriteResult = + | { + ok: true; + path: string; + config: OpenClawConfig; + mcpServers: ConfigMcpServers; + removed?: boolean; + } + | { ok: false; path: string; error: string }; + +function isRecord(value: unknown): value is Record { + return value !== null && typeof value === "object" && !Array.isArray(value); +} + +export function normalizeConfiguredMcpServers(value: unknown): ConfigMcpServers { + if (!isRecord(value)) { + return {}; + } + return Object.fromEntries( + Object.entries(value) + .filter(([, server]) => isRecord(server)) + .map(([name, server]) => [name, { ...(server as Record) }]), + ); +} + +export async function listConfiguredMcpServers(): Promise { + const snapshot = await readConfigFileSnapshot(); + if (!snapshot.valid) { + return { + ok: false, + path: snapshot.path, + error: "Config file is invalid; fix it before using MCP config commands.", + }; + } + return { + ok: true, + path: snapshot.path, + config: structuredClone(snapshot.resolved), + mcpServers: normalizeConfiguredMcpServers(snapshot.resolved.mcp?.servers), + }; +} + +export async function setConfiguredMcpServer(params: { + name: string; + server: unknown; +}): Promise { + const name = params.name.trim(); + if (!name) { + return { ok: false, path: "", error: "MCP server name is required." }; + } + if (!isRecord(params.server)) { + return { ok: false, path: "", error: "MCP server config must be a JSON object." }; + } + + const loaded = await listConfiguredMcpServers(); + if (!loaded.ok) { + return loaded; + } + + const next = structuredClone(loaded.config); + const servers = normalizeConfiguredMcpServers(next.mcp?.servers); + servers[name] = { ...params.server }; + next.mcp = { + ...next.mcp, + servers, + }; + + const validated = validateConfigObjectWithPlugins(next); + if (!validated.ok) { + const issue = validated.issues[0]; + return { + ok: false, + path: loaded.path, + error: `Config invalid after MCP set (${issue.path}: ${issue.message}).`, + }; + } + await writeConfigFile(validated.config); + return { + ok: true, + path: loaded.path, + config: validated.config, + mcpServers: servers, + }; +} + +export async function unsetConfiguredMcpServer(params: { + name: string; +}): Promise { + const name = params.name.trim(); + if (!name) { + return { ok: false, path: "", error: "MCP server name is required." }; + } + + const loaded = await listConfiguredMcpServers(); + if (!loaded.ok) { + return loaded; + } + if (!Object.hasOwn(loaded.mcpServers, name)) { + return { + ok: true, + path: loaded.path, + config: loaded.config, + mcpServers: loaded.mcpServers, + removed: false, + }; + } + + const next = structuredClone(loaded.config); + const servers = normalizeConfiguredMcpServers(next.mcp?.servers); + delete servers[name]; + if (Object.keys(servers).length > 0) { + next.mcp = { + ...next.mcp, + servers, + }; + } else if (next.mcp) { + delete next.mcp.servers; + if (Object.keys(next.mcp).length === 0) { + delete next.mcp; + } + } + + const validated = validateConfigObjectWithPlugins(next); + if (!validated.ok) { + const issue = validated.issues[0]; + return { + ok: false, + path: loaded.path, + error: `Config invalid after MCP unset (${issue.path}: ${issue.message}).`, + }; + } + await writeConfigFile(validated.config); + return { + ok: true, + path: loaded.path, + config: validated.config, + mcpServers: servers, + removed: true, + }; +} diff --git a/src/config/plugin-auto-enable.ts b/src/config/plugin-auto-enable.ts index c1297e7de4c..1deaad96d6f 100644 --- a/src/config/plugin-auto-enable.ts +++ b/src/config/plugin-auto-enable.ts @@ -9,7 +9,7 @@ import { listChatChannels, normalizeChatChannelId, } from "../channels/registry.js"; -import { hasAnyWhatsAppAuth } from "../plugin-sdk-internal/whatsapp.js"; +import { hasAnyWhatsAppAuth } from "../plugin-sdk/whatsapp.js"; import { loadPluginManifestRegistry, type PluginManifestRegistry, diff --git a/src/config/schema.help.quality.test.ts b/src/config/schema.help.quality.test.ts index e915350ee62..f1542bcb7de 100644 --- a/src/config/schema.help.quality.test.ts +++ b/src/config/schema.help.quality.test.ts @@ -349,6 +349,9 @@ const TARGET_KEYS = [ "plugins.entries.*.enabled", "plugins.entries.*.hooks", "plugins.entries.*.hooks.allowPromptInjection", + "plugins.entries.*.subagent", + "plugins.entries.*.subagent.allowModelOverride", + "plugins.entries.*.subagent.allowedModels", "plugins.entries.*.apiKey", "plugins.entries.*.env", "plugins.entries.*.config", diff --git a/src/config/schema.help.ts b/src/config/schema.help.ts index 1b048bc9aa1..4518d393ed2 100644 --- a/src/config/schema.help.ts +++ b/src/config/schema.help.ts @@ -1,7 +1,7 @@ import { DISCORD_DEFAULT_INBOUND_WORKER_TIMEOUT_MS, DISCORD_DEFAULT_LISTENER_TIMEOUT_MS, -} from "../plugin-sdk-internal/discord.js"; +} from "../plugin-sdk/discord.js"; import { MEDIA_AUDIO_FIELD_HELP } from "./media-audio-field-metadata.js"; import { IRC_FIELD_HELP } from "./schema.irc.js"; import { describeTalkSilenceTimeoutDefaults } from "./talk-defaults.js"; @@ -385,7 +385,7 @@ export const FIELD_HELP: Record = { "gateway.controlUi.root": "Optional filesystem root for Control UI assets (defaults to dist/control-ui).", "gateway.controlUi.allowedOrigins": - "Allowed browser origins for Control UI/WebChat websocket connections (full origins only, e.g. https://control.example.com). Required for non-loopback Control UI deployments unless dangerous Host-header fallback is explicitly enabled.", + 'Allowed browser origins for Control UI/WebChat websocket connections (full origins only, e.g. https://control.example.com). Required for non-loopback Control UI deployments unless dangerous Host-header fallback is explicitly enabled. Setting ["*"] means allow any browser origin and should be avoided outside tightly controlled local testing.', "gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback": "DANGEROUS toggle that enables Host-header based origin fallback for Control UI/WebChat websocket checks. This mode is supported when your deployment intentionally relies on Host-header origin policy; explicit gateway.controlUi.allowedOrigins remains the recommended hardened default.", "gateway.controlUi.allowInsecureAuth": @@ -413,9 +413,9 @@ export const FIELD_HELP: Record = { "gateway.http.endpoints.chatCompletions.images": "Image fetch/validation controls for OpenAI-compatible `image_url` parts.", "gateway.http.endpoints.chatCompletions.images.allowUrl": - "Allow server-side URL fetches for `image_url` parts (default: false; data URIs remain supported).", + "Allow server-side URL fetches for `image_url` parts (default: false; data URIs remain supported). Set this to `false` to disable URL fetching entirely.", "gateway.http.endpoints.chatCompletions.images.urlAllowlist": - "Optional hostname allowlist for `image_url` URL fetches; supports exact hosts and `*.example.com` wildcards.", + "Optional hostname allowlist for `image_url` URL fetches; supports exact hosts and `*.example.com` wildcards. Empty or omitted lists mean no hostname allowlist restriction.", "gateway.http.endpoints.chatCompletions.images.allowedMimes": "Allowed MIME types for `image_url` parts (case-insensitive list).", "gateway.http.endpoints.chatCompletions.images.maxBytes": @@ -979,6 +979,12 @@ export const FIELD_HELP: Record = { "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "plugins.entries.*.hooks.allowPromptInjection": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", + "plugins.entries.*.subagent": + "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + "plugins.entries.*.subagent.allowModelOverride": + "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + "plugins.entries.*.subagent.allowedModels": + 'Allowed override targets for trusted plugin subagent runs as canonical "provider/model" refs. Use "*" only when you intentionally allow any model.', "plugins.entries.*.apiKey": "Optional API key field consumed by plugins that accept direct key configuration in entry settings. Use secret/env substitution and avoid committing real credentials into config files.", "plugins.entries.*.env": @@ -1019,6 +1025,10 @@ export const FIELD_HELP: Record = { "agents.defaults.imageModel.primary": "Optional image model (provider/model) used when the primary model lacks image input.", "agents.defaults.imageModel.fallbacks": "Ordered fallback image models (provider/model).", + "agents.defaults.imageGenerationModel.primary": + "Optional image-generation model (provider/model) used by the shared image generation capability.", + "agents.defaults.imageGenerationModel.fallbacks": + "Ordered fallback image-generation models (provider/model).", "agents.defaults.pdfModel.primary": "Optional PDF model (provider/model) for the PDF analysis tool. Defaults to imageModel, then session model.", "agents.defaults.pdfModel.fallbacks": "Ordered fallback PDF models (provider/model).", @@ -1093,6 +1103,10 @@ export const FIELD_HELP: Record = { "commands.bashForegroundMs": "How long bash waits before backgrounding (default: 2000; 0 backgrounds immediately).", "commands.config": "Allow /config chat command to read/write config on disk (default: false).", + "commands.mcp": + "Allow /mcp chat command to manage OpenClaw MCP server config under mcp.servers (default: false).", + "commands.plugins": + "Allow /plugins chat command to list discovered plugins and toggle plugin enablement in config (default: false).", "commands.debug": "Allow /debug chat command for runtime-only overrides (default: false).", "commands.restart": "Allow /restart and gateway restart tool actions (default: true).", "commands.useAccessGroups": "Enforce access-group allowlists/policies for commands.", @@ -1104,6 +1118,9 @@ export const FIELD_HELP: Record = { "Optional secret used to HMAC hash owner IDs when ownerDisplay=hash. Prefer env substitution.", "commands.allowFrom": "Defines elevated command allow rules by channel and sender for owner-level command surfaces. Use narrow provider-specific identities so privileged commands are not exposed to broad chat audiences.", + mcp: "Global MCP server definitions managed by OpenClaw. Embedded Pi and other runtime adapters can consume these servers without storing them inside Pi-owned project settings.", + "mcp.servers": + "Named MCP server definitions. OpenClaw stores them in its own config and runtime adapters decide which transports are supported at execution time.", session: "Global session routing, reset, delivery policy, and maintenance controls for conversation history behavior. Keep defaults unless you need stricter isolation, retention, or delivery constraints.", "session.scope": @@ -1228,7 +1245,7 @@ export const FIELD_HELP: Record = { "hooks.path": "HTTP path used by the hooks endpoint (for example `/hooks`) on the gateway control server. Use a non-guessable path and combine it with token validation for defense in depth.", "hooks.token": - "Shared bearer token checked by hooks ingress for request authentication before mappings run. Use environment substitution and rotate regularly when webhook endpoints are internet-accessible.", + "Shared bearer token checked by hooks ingress for request authentication before mappings run. Treat holders as full-trust callers for the hook ingress surface, not as a separate non-owner role. Use environment substitution and rotate regularly when webhook endpoints are internet-accessible.", "hooks.defaultSessionKey": "Fallback session key used for hook deliveries when a request does not provide one through allowed channels. Use a stable but scoped key to avoid mixing unrelated automation conversations.", "hooks.allowRequestSessionKey": @@ -1236,7 +1253,7 @@ export const FIELD_HELP: Record = { "hooks.allowedSessionKeyPrefixes": "Allowlist of accepted session-key prefixes for inbound hook requests when caller-provided keys are enabled. Use narrow prefixes to prevent arbitrary session-key injection.", "hooks.allowedAgentIds": - "Allowlist of agent IDs that hook mappings are allowed to target when selecting execution agents. Use this to constrain automation events to dedicated service agents.", + "Allowlist of agent IDs that hook mappings are allowed to target when selecting execution agents. Use this to constrain automation events to dedicated service agents and reduce blast radius if a hook token is exposed.", "hooks.maxBodyBytes": "Maximum accepted webhook payload size in bytes before the request is rejected. Keep this bounded to reduce abuse risk and protect memory usage under bursty integrations.", "hooks.presets": diff --git a/src/config/schema.labels.ts b/src/config/schema.labels.ts index a88cdc1ded5..ae1c8d2829d 100644 --- a/src/config/schema.labels.ts +++ b/src/config/schema.labels.ts @@ -454,6 +454,8 @@ export const FIELD_LABELS: Record = { "agents.defaults.model.fallbacks": "Model Fallbacks", "agents.defaults.imageModel.primary": "Image Model", "agents.defaults.imageModel.fallbacks": "Image Model Fallbacks", + "agents.defaults.imageGenerationModel.primary": "Image Generation Model", + "agents.defaults.imageGenerationModel.fallbacks": "Image Generation Model Fallbacks", "agents.defaults.pdfModel.primary": "PDF Model", "agents.defaults.pdfModel.fallbacks": "PDF Model Fallbacks", "agents.defaults.pdfMaxBytesMb": "PDF Max Size (MB)", @@ -503,6 +505,8 @@ export const FIELD_LABELS: Record = { "commands.bash": "Allow Bash Chat Command", "commands.bashForegroundMs": "Bash Foreground Window (ms)", "commands.config": "Allow /config", + "commands.mcp": "Allow /mcp", + "commands.plugins": "Allow /plugins", "commands.debug": "Allow /debug", "commands.restart": "Allow Restart", "commands.useAccessGroups": "Use Access Groups", @@ -510,6 +514,8 @@ export const FIELD_LABELS: Record = { "commands.ownerDisplay": "Owner ID Display", "commands.ownerDisplaySecret": "Owner ID Hash Secret", // pragma: allowlist secret "commands.allowFrom": "Command Elevated Access Rules", + mcp: "MCP", + "mcp.servers": "MCP Servers", ui: "UI", "ui.seamColor": "Accent Color", "ui.assistant": "Assistant Appearance", @@ -857,6 +863,9 @@ export const FIELD_LABELS: Record = { "plugins.entries.*.enabled": "Plugin Enabled", "plugins.entries.*.hooks": "Plugin Hook Policy", "plugins.entries.*.hooks.allowPromptInjection": "Allow Prompt Injection Hooks", + "plugins.entries.*.subagent": "Plugin Subagent Policy", + "plugins.entries.*.subagent.allowModelOverride": "Allow Plugin Subagent Model Override", + "plugins.entries.*.subagent.allowedModels": "Plugin Subagent Allowed Models", "plugins.entries.*.apiKey": "Plugin API Key", // pragma: allowlist secret "plugins.entries.*.env": "Plugin Environment Variables", "plugins.entries.*.config": "Plugin Config", diff --git a/src/config/schema.shared.test.ts b/src/config/schema.shared.test.ts new file mode 100644 index 00000000000..d566bfd55f5 --- /dev/null +++ b/src/config/schema.shared.test.ts @@ -0,0 +1,28 @@ +import { describe, expect, it } from "vitest"; +import { findWildcardHintMatch, schemaHasChildren } from "./schema.shared.js"; + +describe("schema.shared", () => { + it("prefers the most specific wildcard hint match", () => { + const match = findWildcardHintMatch({ + uiHints: { + "channels.*.token": { label: "wildcard" }, + "channels.telegram.token": { label: "telegram" }, + }, + path: "channels.telegram.token", + splitPath: (value) => value.split("."), + }); + + expect(match).toEqual({ + path: "channels.telegram.token", + hint: { label: "telegram" }, + }); + }); + + it("treats branch schemas as having children", () => { + expect( + schemaHasChildren({ + oneOf: [{}, { properties: { token: {} } }], + }), + ).toBe(true); + }); +}); diff --git a/src/config/schema.shared.ts b/src/config/schema.shared.ts new file mode 100644 index 00000000000..9eb6f71e052 --- /dev/null +++ b/src/config/schema.shared.ts @@ -0,0 +1,74 @@ +type JsonSchemaObject = { + type?: string | string[]; + properties?: Record; + additionalProperties?: JsonSchemaObject | boolean; + items?: JsonSchemaObject | JsonSchemaObject[]; + anyOf?: JsonSchemaObject[]; + allOf?: JsonSchemaObject[]; + oneOf?: JsonSchemaObject[]; +}; + +export function schemaHasChildren(schema: JsonSchemaObject): boolean { + if (schema.properties && Object.keys(schema.properties).length > 0) { + return true; + } + if (schema.additionalProperties && typeof schema.additionalProperties === "object") { + return true; + } + if (Array.isArray(schema.items)) { + return schema.items.some((entry) => typeof entry === "object" && entry !== null); + } + for (const branch of [schema.oneOf, schema.anyOf, schema.allOf]) { + if (branch?.some((entry) => entry && typeof entry === "object" && schemaHasChildren(entry))) { + return true; + } + } + return Boolean(schema.items && typeof schema.items === "object"); +} + +export function findWildcardHintMatch(params: { + uiHints: Record; + path: string; + splitPath: (path: string) => string[]; +}): { path: string; hint: T } | null { + const targetParts = params.splitPath(params.path); + let bestMatch: + | { + path: string; + hint: T; + wildcardCount: number; + } + | undefined; + + for (const [hintPath, hint] of Object.entries(params.uiHints)) { + const hintParts = params.splitPath(hintPath); + if (hintParts.length !== targetParts.length) { + continue; + } + + let wildcardCount = 0; + let matches = true; + for (let index = 0; index < hintParts.length; index += 1) { + const hintPart = hintParts[index]; + const targetPart = targetParts[index]; + if (hintPart === targetPart) { + continue; + } + if (hintPart === "*") { + wildcardCount += 1; + continue; + } + matches = false; + break; + } + + if (!matches) { + continue; + } + if (!bestMatch || wildcardCount < bestMatch.wildcardCount) { + bestMatch = { path: hintPath, hint, wildcardCount }; + } + } + + return bestMatch ? { path: bestMatch.path, hint: bestMatch.hint } : null; +} diff --git a/src/config/schema.ts b/src/config/schema.ts index 83227a375d5..c81e08ea3c3 100644 --- a/src/config/schema.ts +++ b/src/config/schema.ts @@ -3,6 +3,7 @@ import { CHANNEL_IDS } from "../channels/registry.js"; import { VERSION } from "../version.js"; import type { ConfigUiHint, ConfigUiHints } from "./schema.hints.js"; import { applySensitiveHints, buildBaseHints, mapSensitivePaths } from "./schema.hints.js"; +import { findWildcardHintMatch, schemaHasChildren } from "./schema.shared.js"; import { applyDerivedTags } from "./schema.tags.js"; import { OpenClawSchema } from "./zod-schema.js"; @@ -500,52 +501,11 @@ function resolveUiHintMatch( uiHints: ConfigUiHints, path: string, ): { path: string; hint: ConfigUiHint } | null { - const targetParts = splitLookupPath(path); - let best: { path: string; hint: ConfigUiHint; wildcardCount: number } | null = null; - - for (const [hintPath, hint] of Object.entries(uiHints)) { - const hintParts = splitLookupPath(hintPath); - if (hintParts.length !== targetParts.length) { - continue; - } - - let wildcardCount = 0; - let matches = true; - for (let index = 0; index < hintParts.length; index += 1) { - const hintPart = hintParts[index]; - const targetPart = targetParts[index]; - if (hintPart === targetPart) { - continue; - } - if (hintPart === "*") { - wildcardCount += 1; - continue; - } - matches = false; - break; - } - if (!matches) { - continue; - } - if (!best || wildcardCount < best.wildcardCount) { - best = { path: hintPath, hint, wildcardCount }; - } - } - - return best ? { path: best.path, hint: best.hint } : null; -} - -function schemaHasChildren(schema: JsonSchemaObject): boolean { - if (schema.properties && Object.keys(schema.properties).length > 0) { - return true; - } - if (schema.additionalProperties && typeof schema.additionalProperties === "object") { - return true; - } - if (Array.isArray(schema.items)) { - return schema.items.some((entry) => typeof entry === "object" && entry !== null); - } - return Boolean(schema.items && typeof schema.items === "object"); + return findWildcardHintMatch({ + uiHints, + path, + splitPath: splitLookupPath, + }); } function resolveItemsSchema(schema: JsonSchemaObject, index?: number): JsonSchemaObject | null { diff --git a/src/config/sessions/delivery-info.test.ts b/src/config/sessions/delivery-info.test.ts index 23717338ea3..2f315fd807e 100644 --- a/src/config/sessions/delivery-info.test.ts +++ b/src/config/sessions/delivery-info.test.ts @@ -17,7 +17,8 @@ vi.mock("./store.js", () => ({ loadSessionStore: () => storeState.store, })); -import { extractDeliveryInfo, parseSessionThreadInfo } from "./delivery-info.js"; +let extractDeliveryInfo: typeof import("./delivery-info.js").extractDeliveryInfo; +let parseSessionThreadInfo: typeof import("./delivery-info.js").parseSessionThreadInfo; const buildEntry = (deliveryContext: SessionEntry["deliveryContext"]): SessionEntry => ({ sessionId: "session-1", @@ -25,8 +26,10 @@ const buildEntry = (deliveryContext: SessionEntry["deliveryContext"]): SessionEn deliveryContext, }); -beforeEach(() => { +beforeEach(async () => { + vi.resetModules(); storeState.store = {}; + ({ extractDeliveryInfo, parseSessionThreadInfo } = await import("./delivery-info.js")); }); describe("extractDeliveryInfo", () => { diff --git a/src/config/sessions/explicit-session-key-normalization.ts b/src/config/sessions/explicit-session-key-normalization.ts index 16b43a7c43c..08543e5a6d0 100644 --- a/src/config/sessions/explicit-session-key-normalization.ts +++ b/src/config/sessions/explicit-session-key-normalization.ts @@ -1,5 +1,5 @@ import type { MsgContext } from "../../auto-reply/templating.js"; -import { normalizeExplicitDiscordSessionKey } from "../../plugin-sdk-internal/discord.js"; +import { normalizeExplicitDiscordSessionKey } from "../../plugin-sdk/discord.js"; type ExplicitSessionKeyNormalizer = (sessionKey: string, ctx: MsgContext) => string; type ExplicitSessionKeyNormalizerEntry = { diff --git a/src/config/sessions/sessions.test.ts b/src/config/sessions/sessions.test.ts index 2773b6d0fe7..eedf63913eb 100644 --- a/src/config/sessions/sessions.test.ts +++ b/src/config/sessions/sessions.test.ts @@ -3,7 +3,9 @@ import fsPromises from "node:fs/promises"; import os from "node:os"; import path from "node:path"; import { afterAll, afterEach, beforeAll, beforeEach, describe, expect, it, vi } from "vitest"; +import { upsertAcpSessionMeta } from "../../acp/runtime/session-meta.js"; import * as jsonFiles from "../../infra/json-files.js"; +import type { OpenClawConfig } from "../config.js"; import { clearSessionStoreCacheForTest, loadSessionStore, @@ -279,6 +281,72 @@ describe("session store lock (Promise chain mutex)", () => { expect(store[key]?.modelProvider).toBeUndefined(); expect(store[key]?.model).toBeUndefined(); }); + + it("preserves ACP metadata when replacing a session entry wholesale", async () => { + const key = "agent:codex:acp:binding:discord:default:feedface"; + const acp = { + backend: "acpx", + agent: "codex", + runtimeSessionName: "codex-discord", + mode: "persistent" as const, + state: "idle" as const, + lastActivityAt: 100, + }; + const { storePath } = await makeTmpStore({ + [key]: { + sessionId: "sess-acp", + updatedAt: 100, + acp, + }, + }); + + await updateSessionStore(storePath, (store) => { + store[key] = { + sessionId: "sess-acp", + updatedAt: 200, + modelProvider: "openai-codex", + model: "gpt-5.4", + }; + }); + + const store = loadSessionStore(storePath); + expect(store[key]?.acp).toEqual(acp); + expect(store[key]?.modelProvider).toBe("openai-codex"); + expect(store[key]?.model).toBe("gpt-5.4"); + }); + + it("allows explicit ACP metadata removal through the ACP session helper", async () => { + const key = "agent:codex:acp:binding:discord:default:deadbeef"; + const { storePath } = await makeTmpStore({ + [key]: { + sessionId: "sess-acp-clear", + updatedAt: 100, + acp: { + backend: "acpx", + agent: "codex", + runtimeSessionName: "codex-discord", + mode: "persistent", + state: "idle", + lastActivityAt: 100, + }, + }, + }); + const cfg = { + session: { + store: storePath, + }, + } as OpenClawConfig; + + const result = await upsertAcpSessionMeta({ + cfg, + sessionKey: key, + mutate: () => null, + }); + + expect(result?.acp).toBeUndefined(); + const store = loadSessionStore(storePath); + expect(store[key]?.acp).toBeUndefined(); + }); }); describe("appendAssistantMessageToSessionTranscript", () => { diff --git a/src/config/sessions/store.pruning.integration.test.ts b/src/config/sessions/store.pruning.integration.test.ts index d5cf106c520..3fde5236294 100644 --- a/src/config/sessions/store.pruning.integration.test.ts +++ b/src/config/sessions/store.pruning.integration.test.ts @@ -3,15 +3,19 @@ import fs from "node:fs/promises"; import os from "node:os"; import path from "node:path"; import { afterAll, afterEach, beforeAll, beforeEach, describe, expect, it, vi } from "vitest"; -import { clearSessionStoreCacheForTest, loadSessionStore, saveSessionStore } from "./store.js"; import type { SessionEntry } from "./types.js"; // Keep integration tests deterministic: never read a real openclaw.json. vi.mock("../config.js", () => ({ loadConfig: vi.fn().mockReturnValue({}), })); -const { loadConfig } = await import("../config.js"); -const mockLoadConfig = vi.mocked(loadConfig) as ReturnType; + +type StoreModule = typeof import("./store.js"); + +let clearSessionStoreCacheForTest: StoreModule["clearSessionStoreCacheForTest"]; +let loadSessionStore: StoreModule["loadSessionStore"]; +let saveSessionStore: StoreModule["saveSessionStore"]; +let mockLoadConfig: ReturnType; const DAY_MS = 24 * 60 * 60 * 1000; @@ -77,6 +81,11 @@ describe("Integration: saveSessionStore with pruning", () => { }); beforeEach(async () => { + vi.resetModules(); + ({ clearSessionStoreCacheForTest, loadSessionStore, saveSessionStore } = + await import("./store.js")); + const { loadConfig } = await import("../config.js"); + mockLoadConfig = vi.mocked(loadConfig) as ReturnType; testDir = await createCaseDir("pruning-integ"); storePath = path.join(testDir, "sessions.json"); savedCacheTtl = process.env.OPENCLAW_SESSION_CACHE_TTL_MS; diff --git a/src/config/sessions/store.ts b/src/config/sessions/store.ts index a70285c4c62..3936086beb8 100644 --- a/src/config/sessions/store.ts +++ b/src/config/sessions/store.ts @@ -309,6 +309,12 @@ type SaveSessionStoreOptions = { skipMaintenance?: boolean; /** Active session key for warn-only maintenance. */ activeSessionKey?: string; + /** + * Session keys that are allowed to drop persisted ACP metadata during this update. + * All other updates preserve existing `entry.acp` blocks when callers replace the + * whole session entry without carrying ACP state forward. + */ + allowDropAcpMetaSessionKeys?: string[]; /** Optional callback for warn-only maintenance. */ onWarn?: (warning: SessionMaintenanceWarning) => void | Promise; /** Optional callback with maintenance stats after a save. */ @@ -337,6 +343,64 @@ function updateSessionStoreWriteCaches(params: { }); } +function resolveMutableSessionStoreKey( + store: Record, + sessionKey: string, +): string | undefined { + const trimmed = sessionKey.trim(); + if (!trimmed) { + return undefined; + } + if (Object.prototype.hasOwnProperty.call(store, trimmed)) { + return trimmed; + } + const normalized = normalizeStoreSessionKey(trimmed); + if (Object.prototype.hasOwnProperty.call(store, normalized)) { + return normalized; + } + return Object.keys(store).find((key) => normalizeStoreSessionKey(key) === normalized); +} + +function collectAcpMetadataSnapshot( + store: Record, +): Map> { + const snapshot = new Map>(); + for (const [sessionKey, entry] of Object.entries(store)) { + if (entry?.acp) { + snapshot.set(sessionKey, entry.acp); + } + } + return snapshot; +} + +function preserveExistingAcpMetadata(params: { + previousAcpByKey: Map>; + nextStore: Record; + allowDropSessionKeys?: string[]; +}): void { + const allowDrop = new Set( + (params.allowDropSessionKeys ?? []).map((key) => normalizeStoreSessionKey(key)), + ); + for (const [previousKey, previousAcp] of params.previousAcpByKey.entries()) { + const normalizedKey = normalizeStoreSessionKey(previousKey); + if (allowDrop.has(normalizedKey)) { + continue; + } + const nextKey = resolveMutableSessionStoreKey(params.nextStore, previousKey); + if (!nextKey) { + continue; + } + const nextEntry = params.nextStore[nextKey]; + if (!nextEntry || nextEntry.acp) { + continue; + } + params.nextStore[nextKey] = { + ...nextEntry, + acp: previousAcp, + }; + } +} + async function saveSessionStoreUnlocked( storePath: string, store: Record, @@ -526,7 +590,13 @@ export async function updateSessionStore( return await withSessionStoreLock(storePath, async () => { // Always re-read inside the lock to avoid clobbering concurrent writers. const store = loadSessionStore(storePath, { skipCache: true }); + const previousAcpByKey = collectAcpMetadataSnapshot(store); const result = await mutator(store); + preserveExistingAcpMetadata({ + previousAcpByKey, + nextStore: store, + allowDropSessionKeys: opts?.allowDropAcpMetaSessionKeys, + }); await saveSessionStoreUnlocked(storePath, store, opts); return result; }); diff --git a/src/config/types.agent-defaults.ts b/src/config/types.agent-defaults.ts index e5613c7649d..68506e8be3c 100644 --- a/src/config/types.agent-defaults.ts +++ b/src/config/types.agent-defaults.ts @@ -122,6 +122,8 @@ export type AgentDefaultsConfig = { model?: AgentModelConfig; /** Optional image-capable model and fallbacks (provider/model). Accepts string or {primary,fallbacks}. */ imageModel?: AgentModelConfig; + /** Optional image-generation model and fallbacks (provider/model). Accepts string or {primary,fallbacks}. */ + imageGenerationModel?: AgentModelConfig; /** Optional PDF-capable model and fallbacks (provider/model). Accepts string or {primary,fallbacks}. */ pdfModel?: AgentModelConfig; /** Maximum PDF file size in megabytes (default: 10). */ diff --git a/src/config/types.discord.ts b/src/config/types.discord.ts index aea4e7f8cfd..c9269c6b8fd 100644 --- a/src/config/types.discord.ts +++ b/src/config/types.discord.ts @@ -1,4 +1,4 @@ -import type { DiscordPluralKitConfig } from "../plugin-sdk-internal/discord.js"; +import type { DiscordPluralKitConfig } from "../plugin-sdk/discord.js"; import type { BlockStreamingChunkConfig, BlockStreamingCoalesceConfig, diff --git a/src/config/types.mcp.ts b/src/config/types.mcp.ts new file mode 100644 index 00000000000..9d6b5e5a1d6 --- /dev/null +++ b/src/config/types.mcp.ts @@ -0,0 +1,14 @@ +export type McpServerConfig = { + command?: string; + args?: string[]; + env?: Record; + cwd?: string; + workingDirectory?: string; + url?: string; + [key: string]: unknown; +}; + +export type McpConfig = { + /** Named MCP server definitions managed by OpenClaw. */ + servers?: Record; +}; diff --git a/src/config/types.messages.ts b/src/config/types.messages.ts index 002a1200b8b..601a86d115b 100644 --- a/src/config/types.messages.ts +++ b/src/config/types.messages.ts @@ -148,6 +148,10 @@ export type CommandsConfig = { bashForegroundMs?: number; /** Allow /config command (default: false). */ config?: boolean; + /** Allow /mcp command for OpenClaw-managed MCP settings (default: false). */ + mcp?: boolean; + /** Allow /plugins command for plugin listing and enablement toggles (default: false). */ + plugins?: boolean; /** Allow /debug command (default: false). */ debug?: boolean; /** Allow restart commands/tools (default: true). */ diff --git a/src/config/types.openclaw.ts b/src/config/types.openclaw.ts index 3d1f0a90080..9997ecc6f84 100644 --- a/src/config/types.openclaw.ts +++ b/src/config/types.openclaw.ts @@ -14,6 +14,7 @@ import type { TalkConfig, } from "./types.gateway.js"; import type { HooksConfig } from "./types.hooks.js"; +import type { McpConfig } from "./types.mcp.js"; import type { MemoryConfig } from "./types.memory.js"; import type { AudioConfig, @@ -120,6 +121,7 @@ export type OpenClawConfig = { talk?: TalkConfig; gateway?: GatewayConfig; memory?: MemoryConfig; + mcp?: McpConfig; }; export type ConfigValidationIssue = { diff --git a/src/config/types.plugins.ts b/src/config/types.plugins.ts index 62d750b0470..af37ba2020f 100644 --- a/src/config/types.plugins.ts +++ b/src/config/types.plugins.ts @@ -4,6 +4,15 @@ export type PluginEntryConfig = { /** Controls prompt mutation via before_prompt_build and prompt fields from legacy before_agent_start. */ allowPromptInjection?: boolean; }; + subagent?: { + /** Explicitly allow this plugin to request per-run provider/model overrides for subagent runs. */ + allowModelOverride?: boolean; + /** + * Allowed override targets as canonical provider/model refs. + * Use "*" to explicitly allow any model for this plugin. + */ + allowedModels?: string[]; + }; config?: Record; }; diff --git a/src/config/types.ts b/src/config/types.ts index 52e45b32aaf..47c46e48c68 100644 --- a/src/config/types.ts +++ b/src/config/types.ts @@ -33,3 +33,4 @@ export * from "./types.tts.js"; export * from "./types.tools.js"; export * from "./types.whatsapp.js"; export * from "./types.memory.js"; +export * from "./types.mcp.js"; diff --git a/src/config/types.tts.ts b/src/config/types.tts.ts index a6232f9de5a..4703f43ae12 100644 --- a/src/config/types.tts.ts +++ b/src/config/types.tts.ts @@ -1,6 +1,6 @@ import type { SecretInput } from "./types.secrets.js"; -export type TtsProvider = "elevenlabs" | "openai" | "edge"; +export type TtsProvider = string; export type TtsMode = "final" | "all"; @@ -66,9 +66,22 @@ export type TtsConfig = { /** System-level instructions for the TTS model (gpt-4o-mini-tts only). */ instructions?: string; }; - /** Microsoft Edge (node-edge-tts) configuration. */ + /** Legacy alias for Microsoft speech configuration. */ edge?: { - /** Explicitly allow Edge TTS usage (no API key required). */ + /** Explicitly allow Microsoft speech usage (no API key required). */ + enabled?: boolean; + voice?: string; + lang?: string; + outputFormat?: string; + pitch?: string; + rate?: string; + volume?: string; + saveSubtitles?: boolean; + proxy?: string; + timeoutMs?: number; + }; + /** Preferred alias for Microsoft speech configuration. */ + microsoft?: { enabled?: boolean; voice?: string; lang?: string; diff --git a/src/config/zod-schema.agent-defaults.ts b/src/config/zod-schema.agent-defaults.ts index b2cc5603c90..a631ae725b8 100644 --- a/src/config/zod-schema.agent-defaults.ts +++ b/src/config/zod-schema.agent-defaults.ts @@ -18,6 +18,7 @@ export const AgentDefaultsSchema = z .object({ model: AgentModelSchema.optional(), imageModel: AgentModelSchema.optional(), + imageGenerationModel: AgentModelSchema.optional(), pdfModel: AgentModelSchema.optional(), pdfMaxBytesMb: z.number().positive().optional(), pdfMaxPages: z.number().int().positive().optional(), diff --git a/src/config/zod-schema.core.ts b/src/config/zod-schema.core.ts index 305efab4b26..199637bba52 100644 --- a/src/config/zod-schema.core.ts +++ b/src/config/zod-schema.core.ts @@ -353,9 +353,24 @@ export const MarkdownConfigSchema = z .strict() .optional(); -export const TtsProviderSchema = z.enum(["elevenlabs", "openai", "edge"]); +export const TtsProviderSchema = z.string().min(1); export const TtsModeSchema = z.enum(["final", "all"]); export const TtsAutoSchema = z.enum(["off", "always", "inbound", "tagged"]); +const TtsMicrosoftConfigSchema = z + .object({ + enabled: z.boolean().optional(), + voice: z.string().optional(), + lang: z.string().optional(), + outputFormat: z.string().optional(), + pitch: z.string().optional(), + rate: z.string().optional(), + volume: z.string().optional(), + saveSubtitles: z.boolean().optional(), + proxy: z.string().optional(), + timeoutMs: z.number().int().min(1000).max(120000).optional(), + }) + .strict() + .optional(); export const TtsConfigSchema = z .object({ auto: TtsAutoSchema.optional(), @@ -409,21 +424,8 @@ export const TtsConfigSchema = z }) .strict() .optional(), - edge: z - .object({ - enabled: z.boolean().optional(), - voice: z.string().optional(), - lang: z.string().optional(), - outputFormat: z.string().optional(), - pitch: z.string().optional(), - rate: z.string().optional(), - volume: z.string().optional(), - saveSubtitles: z.boolean().optional(), - proxy: z.string().optional(), - timeoutMs: z.number().int().min(1000).max(120000).optional(), - }) - .strict() - .optional(), + edge: TtsMicrosoftConfigSchema, + microsoft: TtsMicrosoftConfigSchema, prefsPath: z.string().optional(), maxTextLength: z.number().int().min(1).optional(), timeoutMs: z.number().int().min(1000).max(120000).optional(), diff --git a/src/config/zod-schema.session.ts b/src/config/zod-schema.session.ts index b8bb99b1b14..3f4b6a24d80 100644 --- a/src/config/zod-schema.session.ts +++ b/src/config/zod-schema.session.ts @@ -200,6 +200,8 @@ export const CommandsSchema = z bash: z.boolean().optional(), bashForegroundMs: z.number().int().min(0).max(30_000).optional(), config: z.boolean().optional(), + mcp: z.boolean().optional(), + plugins: z.boolean().optional(), debug: z.boolean().optional(), restart: z.boolean().optional().default(true), useAccessGroups: z.boolean().optional(), diff --git a/src/config/zod-schema.ts b/src/config/zod-schema.ts index 817183cab5d..f8ad6bfcbc9 100644 --- a/src/config/zod-schema.ts +++ b/src/config/zod-schema.ts @@ -155,6 +155,13 @@ const PluginEntrySchema = z }) .strict() .optional(), + subagent: z + .object({ + allowModelOverride: z.boolean().optional(), + allowedModels: z.array(z.string()).optional(), + }) + .strict() + .optional(), config: z.record(z.string(), z.unknown()).optional(), }) .strict(); @@ -203,6 +210,24 @@ const TalkSchema = z } }); +const McpServerSchema = z + .object({ + command: z.string().optional(), + args: z.array(z.string()).optional(), + env: z.record(z.string(), z.union([z.string(), z.number(), z.boolean()])).optional(), + cwd: z.string().optional(), + workingDirectory: z.string().optional(), + url: HttpUrlSchema.optional(), + }) + .catchall(z.unknown()); + +const McpConfigSchema = z + .object({ + servers: z.record(z.string(), McpServerSchema).optional(), + }) + .strict() + .optional(); + export const OpenClawSchema = z .object({ $schema: z.string().optional(), @@ -851,6 +876,7 @@ export const OpenClawSchema = z }) .optional(), memory: MemorySchema, + mcp: McpConfigSchema, skills: z .object({ allowBundled: z.array(z.string()).optional(), diff --git a/src/context-engine/context-engine.test.ts b/src/context-engine/context-engine.test.ts index 703ee88bf57..82c3501343b 100644 --- a/src/context-engine/context-engine.test.ts +++ b/src/context-engine/context-engine.test.ts @@ -109,6 +109,113 @@ class MockContextEngine implements ContextEngine { } } +class LegacySessionKeyStrictEngine implements ContextEngine { + readonly info: ContextEngineInfo = { + id: "legacy-sessionkey-strict", + name: "Legacy SessionKey Strict Engine", + }; + readonly ingestCalls: Array> = []; + readonly assembleCalls: Array> = []; + readonly compactCalls: Array> = []; + readonly ingestedMessages: AgentMessage[] = []; + + private rejectSessionKey(params: { sessionKey?: string }): void { + if (Object.prototype.hasOwnProperty.call(params, "sessionKey")) { + throw new Error("Unrecognized key(s) in object: 'sessionKey'"); + } + } + + async ingest(params: { + sessionId: string; + sessionKey?: string; + message: AgentMessage; + isHeartbeat?: boolean; + }): Promise { + this.ingestCalls.push({ ...params }); + this.rejectSessionKey(params); + this.ingestedMessages.push(params.message); + return { ingested: true }; + } + + async assemble(params: { + sessionId: string; + sessionKey?: string; + messages: AgentMessage[]; + tokenBudget?: number; + }): Promise { + this.assembleCalls.push({ ...params }); + this.rejectSessionKey(params); + return { + messages: params.messages, + estimatedTokens: 7, + }; + } + + async compact(params: { + sessionId: string; + sessionKey?: string; + sessionFile: string; + tokenBudget?: number; + compactionTarget?: "budget" | "threshold"; + customInstructions?: string; + runtimeContext?: Record; + }): Promise { + this.compactCalls.push({ ...params }); + this.rejectSessionKey(params); + return { + ok: true, + compacted: true, + result: { + tokensBefore: 50, + tokensAfter: 25, + }, + }; + } +} + +class SessionKeyRuntimeErrorEngine implements ContextEngine { + readonly info: ContextEngineInfo = { + id: "sessionkey-runtime-error", + name: "SessionKey Runtime Error Engine", + }; + assembleCalls = 0; + constructor(private readonly errorMessage = "sessionKey lookup failed") {} + + async ingest(_params: { + sessionId: string; + sessionKey?: string; + message: AgentMessage; + isHeartbeat?: boolean; + }): Promise { + return { ingested: true }; + } + + async assemble(_params: { + sessionId: string; + sessionKey?: string; + messages: AgentMessage[]; + tokenBudget?: number; + }): Promise { + this.assembleCalls += 1; + throw new Error(this.errorMessage); + } + + async compact(_params: { + sessionId: string; + sessionKey?: string; + sessionFile: string; + tokenBudget?: number; + compactionTarget?: "budget" | "threshold"; + customInstructions?: string; + runtimeContext?: Record; + }): Promise { + return { + ok: true, + compacted: false, + }; + } +} + // ═══════════════════════════════════════════════════════════════════════════ // 1. Engine contract tests // ═══════════════════════════════════════════════════════════════════════════ @@ -130,57 +237,6 @@ describe("Engine contract tests", () => { expect(engine.info.id).toBe("mock"); }); - it("ingest() returns IngestResult with ingested boolean", async () => { - const engine = new MockContextEngine(); - const result = await engine.ingest({ - sessionId: "s1", - message: makeMockMessage(), - }); - - expect(result).toHaveProperty("ingested"); - expect(typeof result.ingested).toBe("boolean"); - expect(result.ingested).toBe(true); - }); - - it("assemble() returns AssembleResult with messages array and estimatedTokens", async () => { - const engine = new MockContextEngine(); - const msgs = [makeMockMessage(), makeMockMessage("assistant", "world")]; - const result = await engine.assemble({ - sessionId: "s1", - messages: msgs, - }); - - expect(Array.isArray(result.messages)).toBe(true); - expect(result.messages).toHaveLength(2); - expect(typeof result.estimatedTokens).toBe("number"); - expect(result.estimatedTokens).toBe(42); - expect(result.systemPromptAddition).toBe("mock system addition"); - }); - - it("compact() returns CompactResult with ok, compacted, reason, result fields", async () => { - const engine = new MockContextEngine(); - const result = await engine.compact({ - sessionId: "s1", - sessionFile: "/tmp/session.json", - }); - - expect(typeof result.ok).toBe("boolean"); - expect(typeof result.compacted).toBe("boolean"); - expect(result.ok).toBe(true); - expect(result.compacted).toBe(true); - expect(result.reason).toBe("mock compaction"); - expect(result.result).toBeDefined(); - expect(result.result!.summary).toBe("mock summary"); - expect(result.result!.tokensBefore).toBe(100); - expect(result.result!.tokensAfter).toBe(50); - }); - - it("dispose() is callable (optional method)", async () => { - const engine = new MockContextEngine(); - // Should complete without error - await expect(engine.dispose()).resolves.toBeUndefined(); - }); - it("legacy compact preserves runtimeContext currentTokenCount when top-level value is absent", async () => { const engine = new LegacyContextEngine(); @@ -206,14 +262,7 @@ describe("Engine contract tests", () => { // ═══════════════════════════════════════════════════════════════════════════ describe("Registry tests", () => { - it("registerContextEngine() stores a factory", () => { - const factory = () => new MockContextEngine(); - registerContextEngine("reg-test-1", factory); - - expect(getContextEngineFactory("reg-test-1")).toBe(factory); - }); - - it("getContextEngineFactory() returns the factory", () => { + it("registerContextEngine() stores retrievable factories", () => { const factory = () => new MockContextEngine(); registerContextEngine("reg-test-2", factory); @@ -325,6 +374,97 @@ describe("Registry tests", () => { // 3. Default engine selection // ═══════════════════════════════════════════════════════════════════════════ +describe("Legacy sessionKey compatibility", () => { + it("memoizes legacy mode after the first strict compatibility retry", async () => { + const engineId = `legacy-sessionkey-${Date.now().toString(36)}`; + const strictEngine = new LegacySessionKeyStrictEngine(); + registerContextEngine(engineId, () => strictEngine); + + const engine = await resolveContextEngine(configWithSlot(engineId)); + const firstAssembled = await engine.assemble({ + sessionId: "s1", + sessionKey: "agent:main:test", + messages: [makeMockMessage()], + }); + const compacted = await engine.compact({ + sessionId: "s1", + sessionKey: "agent:main:test", + sessionFile: "/tmp/session.json", + }); + + expect(firstAssembled.estimatedTokens).toBe(7); + expect(compacted.compacted).toBe(true); + expect(strictEngine.assembleCalls).toHaveLength(2); + expect(strictEngine.assembleCalls[0]).toHaveProperty("sessionKey", "agent:main:test"); + expect(strictEngine.assembleCalls[1]).not.toHaveProperty("sessionKey"); + expect(strictEngine.compactCalls).toHaveLength(1); + expect(strictEngine.compactCalls[0]).not.toHaveProperty("sessionKey"); + }); + + it("retries strict ingest once and ingests each message only once", async () => { + const engineId = `legacy-sessionkey-ingest-${Date.now().toString(36)}`; + const strictEngine = new LegacySessionKeyStrictEngine(); + registerContextEngine(engineId, () => strictEngine); + + const engine = await resolveContextEngine(configWithSlot(engineId)); + const firstMessage = makeMockMessage("user", "first"); + const secondMessage = makeMockMessage("assistant", "second"); + + await engine.ingest({ + sessionId: "s1", + sessionKey: "agent:main:test", + message: firstMessage, + }); + await engine.ingest({ + sessionId: "s1", + sessionKey: "agent:main:test", + message: secondMessage, + }); + + expect(strictEngine.ingestCalls).toHaveLength(3); + expect(strictEngine.ingestCalls[0]).toHaveProperty("sessionKey", "agent:main:test"); + expect(strictEngine.ingestCalls[1]).not.toHaveProperty("sessionKey"); + expect(strictEngine.ingestCalls[2]).not.toHaveProperty("sessionKey"); + expect(strictEngine.ingestedMessages).toEqual([firstMessage, secondMessage]); + }); + + it("does not retry non-compat runtime errors", async () => { + const engineId = `sessionkey-runtime-${Date.now().toString(36)}`; + const runtimeErrorEngine = new SessionKeyRuntimeErrorEngine(); + registerContextEngine(engineId, () => runtimeErrorEngine); + + const engine = await resolveContextEngine(configWithSlot(engineId)); + + await expect( + engine.assemble({ + sessionId: "s1", + sessionKey: "agent:main:test", + messages: [makeMockMessage()], + }), + ).rejects.toThrow("sessionKey lookup failed"); + expect(runtimeErrorEngine.assembleCalls).toBe(1); + }); + + it("does not treat 'Unknown sessionKey' runtime failures as schema-compat errors", async () => { + const engineId = `sessionkey-unknown-runtime-${Date.now().toString(36)}`; + const runtimeErrorEngine = new SessionKeyRuntimeErrorEngine( + 'Unknown sessionKey "agent:main:missing"', + ); + registerContextEngine(engineId, () => runtimeErrorEngine); + + const engine = await resolveContextEngine(configWithSlot(engineId)); + + await expect( + engine.assemble({ + sessionId: "s1", + sessionKey: "agent:main:missing", + messages: [makeMockMessage()], + }), + ).rejects.toThrow('Unknown sessionKey "agent:main:missing"'); + expect(runtimeErrorEngine.assembleCalls).toBe(1); + }); +}); + describe("Default engine selection", () => { // Ensure both legacy and a custom test engine are registered before these tests. beforeEach(() => { @@ -369,13 +509,7 @@ describe("Default engine selection", () => { // ═══════════════════════════════════════════════════════════════════════════ describe("Invalid engine fallback", () => { - it("resolveContextEngine() with config pointing to unregistered engine throws with helpful error", async () => { - await expect(resolveContextEngine(configWithSlot("nonexistent-engine"))).rejects.toThrow( - /nonexistent-engine/, - ); - }); - - it("error message includes the requested id and available ids", async () => { + it("includes the requested id and available ids in unknown-engine errors", async () => { // Ensure at least legacy is registered so we see it in the available list registerLegacyContextEngine(); @@ -441,16 +575,11 @@ describe("LegacyContextEngine parity", () => { // ═══════════════════════════════════════════════════════════════════════════ describe("Initialization guard", () => { - it("ensureContextEnginesInitialized() is idempotent (calling twice does not throw)", async () => { + it("ensureContextEnginesInitialized() is idempotent and registers legacy", async () => { const { ensureContextEnginesInitialized } = await import("./init.js"); expect(() => ensureContextEnginesInitialized()).not.toThrow(); expect(() => ensureContextEnginesInitialized()).not.toThrow(); - }); - - it("after init, 'legacy' engine is registered", async () => { - const { ensureContextEnginesInitialized } = await import("./init.js"); - ensureContextEnginesInitialized(); const ids = listContextEngineIds(); expect(ids).toContain("legacy"); diff --git a/src/context-engine/registry.ts b/src/context-engine/registry.ts index 1701877790a..2c5cac439c0 100644 --- a/src/context-engine/registry.ts +++ b/src/context-engine/registry.ts @@ -13,6 +13,202 @@ type RegisterContextEngineForOwnerOptions = { allowSameOwnerRefresh?: boolean; }; +const LEGACY_SESSION_KEY_COMPAT = Symbol.for("openclaw.contextEngine.sessionKeyCompat"); +const SESSION_KEY_COMPAT_METHODS = [ + "bootstrap", + "ingest", + "ingestBatch", + "afterTurn", + "assemble", + "compact", +] as const; + +type SessionKeyCompatMethodName = (typeof SESSION_KEY_COMPAT_METHODS)[number]; +type SessionKeyCompatParams = { + sessionKey?: string; +}; + +function isSessionKeyCompatMethodName(value: PropertyKey): value is SessionKeyCompatMethodName { + return ( + typeof value === "string" && (SESSION_KEY_COMPAT_METHODS as readonly string[]).includes(value) + ); +} + +function hasOwnSessionKey(params: unknown): params is SessionKeyCompatParams { + return ( + params !== null && + typeof params === "object" && + Object.prototype.hasOwnProperty.call(params, "sessionKey") + ); +} + +function withoutSessionKey(params: T): T { + const legacyParams = { ...params }; + delete legacyParams.sessionKey; + return legacyParams; +} + +function issueRejectsSessionKeyStrictly(issue: unknown): boolean { + if (!issue || typeof issue !== "object") { + return false; + } + + const issueRecord = issue as { + code?: unknown; + keys?: unknown; + message?: unknown; + }; + if ( + issueRecord.code === "unrecognized_keys" && + Array.isArray(issueRecord.keys) && + issueRecord.keys.some((key) => key === "sessionKey") + ) { + return true; + } + + return isSessionKeyCompatibilityError(issueRecord.message); +} + +function* iterateErrorChain(error: unknown) { + let current = error; + const seen = new Set(); + while (current !== undefined && current !== null && !seen.has(current)) { + yield current; + seen.add(current); + if (typeof current !== "object") { + break; + } + current = (current as { cause?: unknown }).cause; + } +} + +const SESSION_KEY_UNKNOWN_FIELD_PATTERNS = [ + /\bunrecognized key(?:\(s\)|s)? in object:.*['"`]sessionKey['"`]/i, + /\badditional propert(?:y|ies)\b.*['"`]sessionKey['"`]/i, + /\bmust not have additional propert(?:y|ies)\b.*['"`]sessionKey['"`]/i, + /\b(?:unexpected|extraneous)\s+(?:property|properties|field|fields|key|keys)\b.*['"`]sessionKey['"`]/i, + /\b(?:unknown|invalid)\s+(?:property|properties|field|fields|key|keys)\b.*['"`]sessionKey['"`]/i, + /['"`]sessionKey['"`].*\b(?:was|is)\s+not allowed\b/i, + /"code"\s*:\s*"unrecognized_keys"[^]*"sessionKey"/i, +] as const; + +function isSessionKeyUnknownFieldValidationMessage(message: string): boolean { + return SESSION_KEY_UNKNOWN_FIELD_PATTERNS.some((pattern) => pattern.test(message)); +} + +function isSessionKeyCompatibilityError(error: unknown): boolean { + for (const candidate of iterateErrorChain(error)) { + if (Array.isArray(candidate)) { + if (candidate.some((entry) => issueRejectsSessionKeyStrictly(entry))) { + return true; + } + continue; + } + + if (typeof candidate === "string") { + if (isSessionKeyUnknownFieldValidationMessage(candidate)) { + return true; + } + continue; + } + + if (!candidate || typeof candidate !== "object") { + continue; + } + + const issueContainer = candidate as { + message?: unknown; + issues?: unknown; + errors?: unknown; + }; + + if ( + Array.isArray(issueContainer.issues) && + issueContainer.issues.some((issue) => issueRejectsSessionKeyStrictly(issue)) + ) { + return true; + } + + if ( + Array.isArray(issueContainer.errors) && + issueContainer.errors.some((issue) => issueRejectsSessionKeyStrictly(issue)) + ) { + return true; + } + + if ( + typeof issueContainer.message === "string" && + isSessionKeyUnknownFieldValidationMessage(issueContainer.message) + ) { + return true; + } + } + + return false; +} + +async function invokeWithLegacySessionKeyCompat( + method: (params: TParams) => Promise | TResult, + params: TParams, + opts?: { + onLegacyModeDetected?: () => void; + }, +): Promise { + if (!hasOwnSessionKey(params)) { + return await method(params); + } + + try { + return await method(params); + } catch (error) { + if (!isSessionKeyCompatibilityError(error)) { + throw error; + } + opts?.onLegacyModeDetected?.(); + return await method(withoutSessionKey(params)); + } +} + +function wrapContextEngineWithSessionKeyCompat(engine: ContextEngine): ContextEngine { + const marked = engine as ContextEngine & { + [LEGACY_SESSION_KEY_COMPAT]?: boolean; + }; + if (marked[LEGACY_SESSION_KEY_COMPAT]) { + return engine; + } + + let isLegacy = false; + const proxy: ContextEngine = new Proxy(engine, { + get(target, property, receiver) { + if (property === LEGACY_SESSION_KEY_COMPAT) { + return true; + } + + const value = Reflect.get(target, property, receiver); + if (typeof value !== "function") { + return value; + } + + if (!isSessionKeyCompatMethodName(property)) { + return value.bind(target); + } + + return (params: SessionKeyCompatParams) => { + const method = value.bind(target) as (params: SessionKeyCompatParams) => unknown; + if (isLegacy && hasOwnSessionKey(params)) { + return method(withoutSessionKey(params)); + } + return invokeWithLegacySessionKeyCompat(method, params, { + onLegacyModeDetected: () => { + isLegacy = true; + }, + }); + }; + }, + }); + return proxy; +} + // --------------------------------------------------------------------------- // Registry (module-level singleton) // --------------------------------------------------------------------------- @@ -139,5 +335,5 @@ export async function resolveContextEngine(config?: OpenClawConfig): Promise> = {}; -vi.mock("../config/sessions.js", () => ({ - loadSessionStore: vi.fn((storePath: string) => mockStore[storePath] ?? {}), - resolveAgentMainSessionKey: vi.fn(({ agentId }: { agentId: string }) => `agent:${agentId}:main`), - resolveStorePath: vi.fn((_store: unknown, _opts: unknown) => "/mock/store.json"), -})); +type DeliveryTargetModule = typeof import("./isolated-agent/delivery-target.js"); -// Mock channel-selection to avoid real config resolution. -vi.mock("../infra/outbound/channel-selection.js", () => ({ - resolveMessageChannelSelection: vi.fn(async () => ({ channel: "telegram" })), -})); +let resolveDeliveryTarget: DeliveryTargetModule["resolveDeliveryTarget"]; -// Minimal mock for channel plugins (Telegram resolveTarget is an identity). -vi.mock("../channels/plugins/index.js", () => ({ - getChannelPlugin: vi.fn(() => ({ - meta: { label: "Telegram" }, - config: {}, - messaging: { - parseExplicitTarget: ({ raw }: { raw: string }) => { - const target = parseTelegramTarget(raw); - return { - to: target.chatId, - threadId: target.messageThreadId, - chatType: target.chatType === "unknown" ? undefined : target.chatType, - }; +beforeEach(async () => { + vi.resetModules(); + for (const key of Object.keys(mockStore)) { + delete mockStore[key]; + } + vi.doMock("../config/sessions.js", () => ({ + loadSessionStore: vi.fn((storePath: string) => mockStore[storePath] ?? {}), + resolveAgentMainSessionKey: vi.fn( + ({ agentId }: { agentId: string }) => `agent:${agentId}:main`, + ), + resolveStorePath: vi.fn((_store: unknown, _opts: unknown) => "/mock/store.json"), + })); + vi.doMock("../infra/outbound/channel-selection.js", () => ({ + resolveMessageChannelSelection: vi.fn(async () => ({ channel: "telegram" })), + })); + vi.doMock("../channels/plugins/index.js", () => ({ + getChannelPlugin: vi.fn(() => ({ + meta: { label: "Telegram" }, + config: {}, + messaging: { + parseExplicitTarget: ({ raw }: { raw: string }) => { + const target = parseTelegramTarget(raw); + return { + to: target.chatId, + threadId: target.messageThreadId, + chatType: target.chatType === "unknown" ? undefined : target.chatType, + }; + }, }, - }, - outbound: { - resolveTarget: ({ to }: { to?: string }) => - to ? { ok: true, to } : { ok: false, error: new Error("missing") }, - }, - })), - normalizeChannelId: vi.fn((id: string) => id), -})); - -const { resolveDeliveryTarget } = await import("./isolated-agent/delivery-target.js"); + outbound: { + resolveTarget: ({ to }: { to?: string }) => + to ? { ok: true, to } : { ok: false, error: new Error("missing") }, + }, + })), + normalizeChannelId: vi.fn((id: string) => id), + })); + ({ resolveDeliveryTarget } = await import("./isolated-agent/delivery-target.js")); +}); describe("resolveDeliveryTarget thread session lookup", () => { const cfg: OpenClawConfig = {}; diff --git a/src/cron/isolated-agent.test-setup.ts b/src/cron/isolated-agent.test-setup.ts index c70ea583f68..c677230f3a2 100644 --- a/src/cron/isolated-agent.test-setup.ts +++ b/src/cron/isolated-agent.test-setup.ts @@ -1,5 +1,5 @@ import { vi } from "vitest"; -import { parseTelegramTarget } from "../../extensions/telegram/src/targets.js"; +import { parseTelegramTarget } from "../../extensions/telegram/api.js"; import { signalOutbound, telegramOutbound } from "../../test/channel-outbounds.js"; import { loadModelCatalog } from "../agents/model-catalog.js"; import { runEmbeddedPiAgent } from "../agents/pi-embedded.js"; diff --git a/src/cron/isolated-agent/delivery-target.ts b/src/cron/isolated-agent/delivery-target.ts index 585e273e613..e903cd15cab 100644 --- a/src/cron/isolated-agent/delivery-target.ts +++ b/src/cron/isolated-agent/delivery-target.ts @@ -13,7 +13,7 @@ import { resolveSessionDeliveryTarget, } from "../../infra/outbound/targets.js"; import { readChannelAllowFromStoreSync } from "../../pairing/pairing-store.js"; -import { resolveWhatsAppAccount } from "../../plugin-sdk-internal/whatsapp.js"; +import { resolveWhatsAppAccount } from "../../plugin-sdk/whatsapp.js"; import { buildChannelAccountBindings } from "../../routing/bindings.js"; import { normalizeAccountId, normalizeAgentId } from "../../routing/session-key.js"; import { normalizeWhatsAppTarget } from "../../whatsapp/normalize.js"; diff --git a/src/cron/isolated-agent/run.fast-mode.test.ts b/src/cron/isolated-agent/run.fast-mode.test.ts index abe50ea5554..1a176709a04 100644 --- a/src/cron/isolated-agent/run.fast-mode.test.ts +++ b/src/cron/isolated-agent/run.fast-mode.test.ts @@ -81,6 +81,7 @@ async function runFastModeCase(params: { provider: "openai", model: "gpt-4", fastMode: params.expectedFastMode, + allowGatewaySubagentBinding: true, }); } diff --git a/src/cron/isolated-agent/run.sandbox-config-preserved.test.ts b/src/cron/isolated-agent/run.sandbox-config-preserved.test.ts index edaee62daa6..d953185c369 100644 --- a/src/cron/isolated-agent/run.sandbox-config-preserved.test.ts +++ b/src/cron/isolated-agent/run.sandbox-config-preserved.test.ts @@ -1,4 +1,4 @@ -import { afterEach, beforeEach, describe, expect, it } from "vitest"; +import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; import { clearFastTestEnv, loadRunCronIsolatedAgentTurn, @@ -8,8 +8,11 @@ import { runWithModelFallbackMock, } from "./run.test-harness.js"; -const runCronIsolatedAgentTurn = await loadRunCronIsolatedAgentTurn(); -const { resolveSandboxConfigForAgent } = await import("../../agents/sandbox/config.js"); +type RunModule = typeof import("./run.js"); +type SandboxConfigModule = typeof import("../../agents/sandbox/config.js"); + +let runCronIsolatedAgentTurn: RunModule["runCronIsolatedAgentTurn"]; +let resolveSandboxConfigForAgent: SandboxConfigModule["resolveSandboxConfigForAgent"]; function makeJob(overrides?: Record) { return { @@ -82,7 +85,10 @@ function expectDefaultSandboxPreserved( describe("runCronIsolatedAgentTurn sandbox config preserved", () => { let previousFastTestEnv: string | undefined; - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); + runCronIsolatedAgentTurn = await loadRunCronIsolatedAgentTurn(); + ({ resolveSandboxConfigForAgent } = await import("../../agents/sandbox/config.js")); previousFastTestEnv = clearFastTestEnv(); resetRunCronIsolatedAgentTurnHarness(); }); diff --git a/src/cron/isolated-agent/run.ts b/src/cron/isolated-agent/run.ts index 9f3f28584e3..78f045d03cf 100644 --- a/src/cron/isolated-agent/run.ts +++ b/src/cron/isolated-agent/run.ts @@ -622,6 +622,9 @@ export async function runCronIsolatedAgentTurn(params: { sessionKey: agentSessionKey, agentId, trigger: "cron", + // Cron runs execute inside the gateway process and need the same + // explicit subagent late-binding as other gateway-owned runners. + allowGatewaySubagentBinding: true, // Cron jobs are trusted local automation, so isolated runs should // inherit owner-only tooling like local `openclaw agent` runs. senderIsOwner: true, diff --git a/src/cron/isolated-agent/session.test.ts b/src/cron/isolated-agent/session.test.ts index fc75ed100f6..8310276d75a 100644 --- a/src/cron/isolated-agent/session.test.ts +++ b/src/cron/isolated-agent/session.test.ts @@ -63,7 +63,7 @@ describe("resolveCronSession", () => { modelOverride: "deepseek-v3-4bit-mlx", providerOverride: "inferencer", thinkingLevel: "high", - model: "k2p5", + model: "kimi-code", }, }); @@ -71,7 +71,7 @@ describe("resolveCronSession", () => { expect(result.sessionEntry.providerOverride).toBe("inferencer"); expect(result.sessionEntry.thinkingLevel).toBe("high"); // The model field (last-used model) should also be preserved - expect(result.sessionEntry.model).toBe("k2p5"); + expect(result.sessionEntry.model).toBe("kimi-code"); }); it("handles missing modelOverride gracefully", () => { diff --git a/src/cron/isolated-agent/subagent-followup.ts b/src/cron/isolated-agent/subagent-followup.ts index a337fe528b7..b83bc7e1040 100644 --- a/src/cron/isolated-agent/subagent-followup.ts +++ b/src/cron/isolated-agent/subagent-followup.ts @@ -3,11 +3,14 @@ import { readLatestAssistantReply } from "../../agents/tools/agent-step.js"; import { SILENT_REPLY_TOKEN } from "../../auto-reply/tokens.js"; import { callGateway } from "../../gateway/call.js"; -const FAST_TEST_MODE = process.env.OPENCLAW_TEST_FAST === "1"; - -const CRON_SUBAGENT_WAIT_MIN_MS = FAST_TEST_MODE ? 10 : 30_000; -const CRON_SUBAGENT_FINAL_REPLY_GRACE_MS = FAST_TEST_MODE ? 50 : 5_000; -const CRON_SUBAGENT_GRACE_POLL_MS = FAST_TEST_MODE ? 8 : 200; +function resolveCronSubagentTimings() { + const fastTestMode = process.env.OPENCLAW_TEST_FAST === "1"; + return { + waitMinMs: fastTestMode ? 10 : 30_000, + finalReplyGraceMs: fastTestMode ? 50 : 5_000, + gracePollMs: fastTestMode ? 8 : 200, + }; +} const SUBAGENT_FOLLOWUP_HINTS = [ "subagent spawned", @@ -121,8 +124,9 @@ export async function waitForDescendantSubagentSummary(params: { timeoutMs: number; observedActiveDescendants?: boolean; }): Promise { + const timings = resolveCronSubagentTimings(); const initialReply = params.initialReply?.trim(); - const deadline = Date.now() + Math.max(CRON_SUBAGENT_WAIT_MIN_MS, Math.floor(params.timeoutMs)); + const deadline = Date.now() + Math.max(timings.waitMinMs, Math.floor(params.timeoutMs)); // Snapshot the currently active descendant run IDs. const getActiveRuns = () => @@ -166,8 +170,8 @@ export async function waitForDescendantSubagentSummary(params: { // --- Grace period: wait for the cron agent's synthesis --- // After the subagent announces fire and the cron agent processes them, it // produces a new assistant message. Poll briefly (bounded by - // CRON_SUBAGENT_FINAL_REPLY_GRACE_MS) to capture that synthesis. - const gracePeriodDeadline = Math.min(Date.now() + CRON_SUBAGENT_FINAL_REPLY_GRACE_MS, deadline); + // finalReplyGraceMs) to capture that synthesis. + const gracePeriodDeadline = Math.min(Date.now() + timings.finalReplyGraceMs, deadline); const resolveUsableLatestReply = async () => { const latest = (await readLatestAssistantReply({ sessionKey: params.sessionKey }))?.trim(); @@ -186,7 +190,7 @@ export async function waitForDescendantSubagentSummary(params: { if (latest) { return latest; } - await new Promise((resolve) => setTimeout(resolve, CRON_SUBAGENT_GRACE_POLL_MS)); + await new Promise((resolve) => setTimeout(resolve, timings.gracePollMs)); } // Final read after grace period expires. diff --git a/src/cron/service.runs-one-shot-main-job-disables-it.test.ts b/src/cron/service.runs-one-shot-main-job-disables-it.test.ts index 75ffb262d4d..7b0e13e8cde 100644 --- a/src/cron/service.runs-one-shot-main-job-disables-it.test.ts +++ b/src/cron/service.runs-one-shot-main-job-disables-it.test.ts @@ -4,7 +4,6 @@ import type { HeartbeatRunResult } from "../infra/heartbeat-wake.js"; import type { CronEvent, CronServiceDeps } from "./service.js"; import { CronService } from "./service.js"; import { createDeferred, createNoopLogger, installCronTestHooks } from "./service.test-harness.js"; -import { loadCronStore } from "./store.js"; const noopLogger = createNoopLogger(); installCronTestHooks({ logger: noopLogger }); @@ -60,10 +59,6 @@ async function makeStorePath() { return { storePath, cleanup: async () => {} }; } -function writeStoreFile(storePath: string, payload: unknown) { - setFile(storePath, JSON.stringify(payload, null, 2)); -} - vi.mock("node:fs", async (importOriginal) => { const actual = await importOriginal(); const pathMod = await import("node:path"); @@ -415,14 +410,6 @@ async function createMainOneShotJobHarness(params: { name: string; deleteAfterRu return { ...harness, atMs, job }; } -async function loadLegacyDeliveryMigrationByPayload(params: { - id: string; - payload: { provider?: string; channel?: string }; -}) { - const rawJob = createLegacyDeliveryMigrationJob(params); - return loadLegacyDeliveryMigration(rawJob); -} - async function expectNoMainSummaryForIsolatedRun(params: { runIsolatedAgentJob: CronServiceDeps["runIsolatedAgentJob"]; name: string; @@ -439,43 +426,6 @@ async function expectNoMainSummaryForIsolatedRun(params: { await stopCronAndCleanup(cron, store); } -function createLegacyDeliveryMigrationJob(options: { - id: string; - payload: { provider?: string; channel?: string }; -}) { - return { - id: options.id, - name: "legacy", - enabled: true, - createdAtMs: Date.now(), - updatedAtMs: Date.now(), - schedule: { kind: "cron", expr: "* * * * *" }, - sessionTarget: "isolated", - wakeMode: "now", - payload: { - kind: "agentTurn", - message: "hi", - deliver: true, - ...options.payload, - to: "7200373102", - }, - state: {}, - }; -} - -async function loadLegacyDeliveryMigration(rawJob: Record) { - ensureDir(fixturesRoot); - const store = await makeStorePath(); - writeStoreFile(store.storePath, { version: 1, jobs: [rawJob] }); - - const cron = createStartedCronService(store.storePath); - await cron.start(); - cron.stop(); - const loaded = await loadCronStore(store.storePath); - const job = loaded.jobs.find((j) => j.id === rawJob.id); - return { store, cron, job }; -} - describe("CronService", () => { it("runs a one-shot main job and disables it after success when requested", async () => { const { store, cron, enqueueSystemEvent, requestHeartbeatNow, events, atMs, job } = @@ -658,33 +608,6 @@ describe("CronService", () => { expect(runIsolatedAgentJob).toHaveBeenCalledTimes(1); }); - it("migrates legacy payload.provider to payload.channel on load", async () => { - const { store, cron, job } = await loadLegacyDeliveryMigrationByPayload({ - id: "legacy-1", - payload: { provider: " TeLeGrAm " }, - }); - // Legacy delivery fields are migrated to the top-level delivery object - const delivery = job?.delivery as unknown as Record; - expect(delivery?.channel).toBe("telegram"); - const payload = job?.payload as unknown as Record; - expect("provider" in payload).toBe(false); - expect("channel" in payload).toBe(false); - - await stopCronAndCleanup(cron, store); - }); - - it("canonicalizes payload.channel casing on load", async () => { - const { store, cron, job } = await loadLegacyDeliveryMigrationByPayload({ - id: "legacy-2", - payload: { channel: "Telegram" }, - }); - // Legacy delivery fields are migrated to the top-level delivery object - const delivery = job?.delivery as unknown as Record; - expect(delivery?.channel).toBe("telegram"); - - await stopCronAndCleanup(cron, store); - }); - it("does not post a fallback main summary when an isolated job errors", async () => { const runIsolatedAgentJob = vi.fn(async () => ({ status: "error" as const, @@ -764,60 +687,4 @@ describe("CronService", () => { cron.stop(); await store.cleanup(); }); - - it("skips invalid main jobs with agentTurn payloads from disk", async () => { - ensureDir(fixturesRoot); - const store = await makeStorePath(); - const enqueueSystemEvent = vi.fn(); - const requestHeartbeatNow = vi.fn(); - const events = createCronEventHarness(); - - const atMs = Date.parse("2025-12-13T00:00:01.000Z"); - writeStoreFile(store.storePath, { - version: 1, - jobs: [ - { - id: "job-1", - enabled: true, - createdAtMs: Date.parse("2025-12-13T00:00:00.000Z"), - updatedAtMs: Date.parse("2025-12-13T00:00:00.000Z"), - schedule: { kind: "at", at: new Date(atMs).toISOString() }, - sessionTarget: "main", - wakeMode: "now", - payload: { kind: "agentTurn", message: "bad" }, - state: {}, - }, - ], - }); - - const cron = new CronService({ - storePath: store.storePath, - cronEnabled: true, - log: noopLogger, - enqueueSystemEvent, - requestHeartbeatNow, - runIsolatedAgentJob: vi.fn(async (_params: { job: unknown; message: string }) => ({ - status: "ok", - })) as unknown as CronServiceDeps["runIsolatedAgentJob"], - onEvent: events.onEvent, - }); - - await cron.start(); - - vi.setSystemTime(new Date("2025-12-13T00:00:01.000Z")); - await vi.runOnlyPendingTimersAsync(); - await events.waitFor( - (evt) => evt.jobId === "job-1" && evt.action === "finished" && evt.status === "skipped", - ); - - expect(enqueueSystemEvent).not.toHaveBeenCalled(); - expect(requestHeartbeatNow).not.toHaveBeenCalled(); - - const jobs = await cron.list({ includeDisabled: true }); - expect(jobs[0]?.state.lastStatus).toBe("skipped"); - expect(jobs[0]?.state.lastError).toMatch(/main job requires/i); - - cron.stop(); - await store.cleanup(); - }); }); diff --git a/src/cron/service.store-load-invalid-main-job.test.ts b/src/cron/service.store-load-invalid-main-job.test.ts new file mode 100644 index 00000000000..39bc3588e44 --- /dev/null +++ b/src/cron/service.store-load-invalid-main-job.test.ts @@ -0,0 +1,78 @@ +import fs from "node:fs/promises"; +import os from "node:os"; +import path from "node:path"; +import { afterEach, describe, expect, it, vi } from "vitest"; +import { CronService } from "./service.js"; +import { + createNoopLogger, + installCronTestHooks, + writeCronStoreSnapshot, +} from "./service.test-harness.js"; +import type { CronJob } from "./types.js"; + +const noopLogger = createNoopLogger(); +installCronTestHooks({ logger: noopLogger }); + +async function makeStorePath() { + const dir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-cron-store-load-")); + return { + dir, + storePath: path.join(dir, "cron", "jobs.json"), + }; +} + +describe("CronService store load", () => { + let tempDir: string | null = null; + + afterEach(async () => { + if (!tempDir) { + return; + } + await fs.rm(tempDir, { recursive: true, force: true }); + tempDir = null; + }); + + it("skips invalid main jobs with agentTurn payloads loaded from disk", async () => { + const { dir, storePath } = await makeStorePath(); + tempDir = dir; + const enqueueSystemEvent = vi.fn(); + const requestHeartbeatNow = vi.fn(); + + const job = { + id: "job-1", + enabled: true, + createdAtMs: Date.parse("2025-12-13T00:00:00.000Z"), + updatedAtMs: Date.parse("2025-12-13T00:00:00.000Z"), + schedule: { kind: "at", at: "2025-12-13T00:00:01.000Z" }, + sessionTarget: "main", + wakeMode: "now", + payload: { kind: "agentTurn", message: "bad" }, + state: {}, + name: "bad", + } satisfies CronJob; + + await writeCronStoreSnapshot({ storePath, jobs: [job] }); + + const cron = new CronService({ + storePath, + cronEnabled: true, + log: noopLogger, + enqueueSystemEvent, + requestHeartbeatNow, + runIsolatedAgentJob: vi.fn(async () => ({ status: "ok" as const })), + }); + + await cron.start(); + vi.setSystemTime(new Date("2025-12-13T00:00:01.000Z")); + await cron.run("job-1", "due"); + + expect(enqueueSystemEvent).not.toHaveBeenCalled(); + expect(requestHeartbeatNow).not.toHaveBeenCalled(); + + const jobs = await cron.list({ includeDisabled: true }); + expect(jobs[0]?.state.lastStatus).toBe("skipped"); + expect(jobs[0]?.state.lastError).toMatch(/main job requires/i); + + cron.stop(); + }); +}); diff --git a/src/daemon/service-env.test.ts b/src/daemon/service-env.test.ts index e5d60fdfc96..f8297a28554 100644 --- a/src/daemon/service-env.test.ts +++ b/src/daemon/service-env.test.ts @@ -257,6 +257,18 @@ describe("buildMinimalServicePath", () => { const unique = [...new Set(parts)]; expect(parts.length).toBe(unique.length); }); + + it("prepends explicit runtime bin directories before guessed user paths", () => { + const result = buildMinimalServicePath({ + platform: "linux", + extraDirs: ["/home/alice/.nvm/versions/node/v22.22.0/bin"], + env: { HOME: "/home/alice" }, + }); + const parts = splitPath(result, "linux"); + + expect(parts[0]).toBe("/home/alice/.nvm/versions/node/v22.22.0/bin"); + expect(parts).toContain("/home/alice/.nvm/current/bin"); + }); }); describe("buildServiceEnvironment", () => { @@ -344,6 +356,19 @@ describe("buildServiceEnvironment", () => { expect(env).not.toHaveProperty("PATH"); expect(env.OPENCLAW_WINDOWS_TASK_NAME).toBe("OpenClaw Gateway"); }); + + it("prepends extra runtime directories to the gateway service PATH", () => { + const env = buildServiceEnvironment({ + env: { HOME: "/home/user" }, + port: 18789, + platform: "linux", + extraPathDirs: ["/home/user/.nvm/versions/node/v22.22.0/bin"], + }); + + expect(env.PATH?.split(path.posix.delimiter)[0]).toBe( + "/home/user/.nvm/versions/node/v22.22.0/bin", + ); + }); }); describe("buildNodeServiceEnvironment", () => { @@ -416,6 +441,18 @@ describe("buildNodeServiceEnvironment", () => { }); expect(env.TMPDIR).toBe(os.tmpdir()); }); + + it("prepends extra runtime directories to the node service PATH", () => { + const env = buildNodeServiceEnvironment({ + env: { HOME: "/home/user" }, + platform: "linux", + extraPathDirs: ["/home/user/.nvm/versions/node/v22.22.0/bin"], + }); + + expect(env.PATH?.split(path.posix.delimiter)[0]).toBe( + "/home/user/.nvm/versions/node/v22.22.0/bin", + ); + }); }); describe("shared Node TLS env defaults", () => { diff --git a/src/daemon/service-env.ts b/src/daemon/service-env.ts index fb6fff41839..cb26c210efb 100644 --- a/src/daemon/service-env.ts +++ b/src/daemon/service-env.ts @@ -247,10 +247,11 @@ export function buildServiceEnvironment(params: { port: number; launchdLabel?: string; platform?: NodeJS.Platform; + extraPathDirs?: string[]; }): Record { - const { env, port, launchdLabel } = params; + const { env, port, launchdLabel, extraPathDirs } = params; const platform = params.platform ?? process.platform; - const sharedEnv = resolveSharedServiceEnvironmentFields(env, platform); + const sharedEnv = resolveSharedServiceEnvironmentFields(env, platform, extraPathDirs); const profile = env.OPENCLAW_PROFILE; const resolvedLaunchdLabel = launchdLabel || (platform === "darwin" ? resolveGatewayLaunchAgentLabel(profile) : undefined); @@ -271,10 +272,11 @@ export function buildServiceEnvironment(params: { export function buildNodeServiceEnvironment(params: { env: Record; platform?: NodeJS.Platform; + extraPathDirs?: string[]; }): Record { - const { env } = params; + const { env, extraPathDirs } = params; const platform = params.platform ?? process.platform; - const sharedEnv = resolveSharedServiceEnvironmentFields(env, platform); + const sharedEnv = resolveSharedServiceEnvironmentFields(env, platform, extraPathDirs); const gatewayToken = env.OPENCLAW_GATEWAY_TOKEN?.trim() || env.CLAWDBOT_GATEWAY_TOKEN?.trim() || undefined; return { @@ -313,6 +315,7 @@ function buildCommonServiceEnvironment( function resolveSharedServiceEnvironmentFields( env: Record, platform: NodeJS.Platform, + extraPathDirs: string[] | undefined, ): SharedServiceEnvironmentFields { const stateDir = env.OPENCLAW_STATE_DIR; const configPath = env.OPENCLAW_CONFIG_PATH; @@ -331,7 +334,10 @@ function resolveSharedServiceEnvironmentFields( tmpDir, // On Windows, Scheduled Tasks should inherit the current task PATH instead of // freezing the install-time snapshot into gateway.cmd/node-host.cmd. - minimalPath: platform === "win32" ? undefined : buildMinimalServicePath({ env, platform }), + minimalPath: + platform === "win32" + ? undefined + : buildMinimalServicePath({ env, platform, extraDirs: extraPathDirs }), proxyEnv, nodeCaCerts, nodeUseSystemCa, diff --git a/src/entry.ts b/src/entry.ts index 3496e48f0e9..bee75ea2fcb 100644 --- a/src/entry.ts +++ b/src/entry.ts @@ -43,7 +43,7 @@ if ( } else { const { installGaxiosFetchCompat } = await import("./infra/gaxios-fetch-compat.js"); - installGaxiosFetchCompat(); + await installGaxiosFetchCompat(); process.title = "openclaw"; ensureOpenClawExecMarkerOnProcess(); installProcessWarningFilter(); diff --git a/src/extensionAPI.ts b/src/extensionAPI.ts deleted file mode 100644 index 8b886dfef5a..00000000000 --- a/src/extensionAPI.ts +++ /dev/null @@ -1,14 +0,0 @@ -export { resolveAgentDir, resolveAgentWorkspaceDir } from "./agents/agent-scope.ts"; - -export { DEFAULT_MODEL, DEFAULT_PROVIDER } from "./agents/defaults.ts"; -export { resolveAgentIdentity } from "./agents/identity.ts"; -export { resolveThinkingDefault } from "./agents/model-selection.ts"; -export { runEmbeddedPiAgent } from "./agents/pi-embedded.ts"; -export { resolveAgentTimeoutMs } from "./agents/timeout.ts"; -export { ensureAgentWorkspace } from "./agents/workspace.ts"; -export { - resolveStorePath, - loadSessionStore, - saveSessionStore, - resolveSessionFilePath, -} from "./config/sessions.ts"; diff --git a/src/gateway/gateway-cli-backend.live.test.ts b/src/gateway/gateway-cli-backend.live.test.ts index b0426c59175..d0d313cc455 100644 --- a/src/gateway/gateway-cli-backend.live.test.ts +++ b/src/gateway/gateway-cli-backend.live.test.ts @@ -4,7 +4,7 @@ import os from "node:os"; import path from "node:path"; import { describe, expect, it } from "vitest"; import { parseModelRef } from "../agents/model-selection.js"; -import { loadConfig } from "../config/config.js"; +import { clearRuntimeConfigSnapshot, loadConfig } from "../config/config.js"; import { isTruthyEnvValue } from "../infra/env.js"; import { getFreePortBlockWithPermissionFallback } from "../test-utils/ports.js"; import { GATEWAY_CLIENT_NAMES } from "../utils/message-channel.js"; @@ -166,6 +166,7 @@ async function connectClient(params: { url: string; token: string }) { describeLive("gateway live (cli backend)", () => { it("runs the agent pipeline against the local CLI backend", async () => { + clearRuntimeConfigSnapshot(); const previous = { configPath: process.env.OPENCLAW_CONFIG_PATH, token: process.env.OPENCLAW_GATEWAY_TOKEN, @@ -384,6 +385,7 @@ describeLive("gateway live (cli backend)", () => { } } } finally { + clearRuntimeConfigSnapshot(); client.stop(); await server.close(); await fs.rm(tempDir, { recursive: true, force: true }); diff --git a/src/gateway/gateway-models.profiles.live.test.ts b/src/gateway/gateway-models.profiles.live.test.ts index 6a74c98da3b..973cf952d16 100644 --- a/src/gateway/gateway-models.profiles.live.test.ts +++ b/src/gateway/gateway-models.profiles.live.test.ts @@ -24,7 +24,7 @@ import { shouldSuppressBuiltInModel } from "../agents/model-suppression.js"; import { ensureOpenClawModelsJson } from "../agents/models-config.js"; import { isRateLimitErrorMessage } from "../agents/pi-embedded-helpers/errors.js"; import { discoverAuthStorage, discoverModels } from "../agents/pi-model-discovery.js"; -import { loadConfig } from "../config/config.js"; +import { clearRuntimeConfigSnapshot, loadConfig } from "../config/config.js"; import type { ModelsConfig, OpenClawConfig, ModelProviderConfig } from "../config/types.js"; import { isTruthyEnvValue } from "../infra/env.js"; import { DEFAULT_AGENT_ID } from "../routing/session-key.js"; @@ -38,7 +38,7 @@ import { shouldRetryToolReadProbe, } from "./live-tool-probe-utils.js"; import { startGatewayServer } from "./server.js"; -import { extractPayloadText } from "./test-helpers.agent-results.js"; +import { loadSessionEntry, readSessionMessages } from "./session-utils.js"; const LIVE = isTruthyEnvValue(process.env.LIVE) || isTruthyEnvValue(process.env.OPENCLAW_LIVE_TEST); const GATEWAY_LIVE = isTruthyEnvValue(process.env.OPENCLAW_LIVE_GATEWAY); @@ -171,6 +171,32 @@ function logProgress(message: string): void { console.log(`[live] ${message}`); } +function enterProductionEnvForLiveRun() { + const previous = { + vitest: process.env.VITEST, + nodeEnv: process.env.NODE_ENV, + }; + delete process.env.VITEST; + process.env.NODE_ENV = "production"; + return previous; +} + +function restoreProductionEnvForLiveRun(previous: { + vitest: string | undefined; + nodeEnv: string | undefined; +}) { + if (previous.vitest === undefined) { + delete process.env.VITEST; + } else { + process.env.VITEST = previous.vitest; + } + if (previous.nodeEnv === undefined) { + delete process.env.NODE_ENV; + } else { + process.env.NODE_ENV = previous.nodeEnv; + } +} + function formatFailurePreview( failures: Array<{ model: string; error: string }>, maxItems: number, @@ -319,25 +345,14 @@ async function runAnthropicRefusalProbe(params: { }): Promise { logProgress(`${params.label}: refusal-probe`); const magic = buildAnthropicRefusalToken(); - const runId = randomUUID(); - const probe = await withGatewayLiveProbeTimeout( - params.client.request( - "agent", - { - sessionKey: params.sessionKey, - idempotencyKey: `idem-${runId}-refusal`, - message: `Reply with the single word ok. Test token: ${magic}`, - thinking: params.thinkingLevel, - deliver: false, - }, - { expectFinal: true }, - ), - `${params.label}: refusal-probe`, - ); - if (probe?.status !== "ok") { - throw new Error(`refusal probe failed: status=${String(probe?.status)}`); - } - const probeText = extractPayloadText(probe?.result); + const probeText = await requestGatewayAgentText({ + client: params.client, + sessionKey: params.sessionKey, + idempotencyKey: `idem-${randomUUID()}-refusal`, + message: `Reply with the single word ok. Test token: ${magic}`, + thinkingLevel: params.thinkingLevel, + context: `${params.label}: refusal-probe`, + }); assertNoReasoningTags({ text: probeText, model: params.modelKey, @@ -348,25 +363,14 @@ async function runAnthropicRefusalProbe(params: { throw new Error(`refusal probe missing ok: ${probeText}`); } - const followupId = randomUUID(); - const followup = await withGatewayLiveProbeTimeout( - params.client.request( - "agent", - { - sessionKey: params.sessionKey, - idempotencyKey: `idem-${followupId}-refusal-followup`, - message: "Now reply with exactly: still ok.", - thinking: params.thinkingLevel, - deliver: false, - }, - { expectFinal: true }, - ), - `${params.label}: refusal-followup`, - ); - if (followup?.status !== "ok") { - throw new Error(`refusal followup failed: status=${String(followup?.status)}`); - } - const followupText = extractPayloadText(followup?.result); + const followupText = await requestGatewayAgentText({ + client: params.client, + sessionKey: params.sessionKey, + idempotencyKey: `idem-${randomUUID()}-refusal-followup`, + message: "Now reply with exactly: still ok.", + thinkingLevel: params.thinkingLevel, + context: `${params.label}: refusal-followup`, + }); assertNoReasoningTags({ text: followupText, model: params.modelKey, @@ -475,11 +479,6 @@ async function getFreeGatewayPort(): Promise { throw new Error("failed to acquire a free gateway port block"); } -type AgentFinalPayload = { - status?: unknown; - result?: unknown; -}; - async function connectClient(params: { url: string; token: string }) { return await new Promise((resolve, reject) => { let settled = false; @@ -513,6 +512,115 @@ async function connectClient(params: { url: string; token: string }) { }); } +function extractTranscriptMessageText(message: unknown): string { + if (!message || typeof message !== "object") { + return ""; + } + const record = message as { + text?: unknown; + content?: unknown; + }; + if (typeof record.text === "string" && record.text.trim()) { + return record.text.trim(); + } + if (typeof record.content === "string" && record.content.trim()) { + return record.content.trim(); + } + if (!Array.isArray(record.content)) { + return ""; + } + return record.content + .map((entry) => { + if (!entry || typeof entry !== "object") { + return ""; + } + const text = (entry as { text?: unknown }).text; + return typeof text === "string" && text.trim() ? text.trim() : ""; + }) + .filter(Boolean) + .join("\n") + .trim(); +} + +function readSessionAssistantTexts(sessionKey: string): string[] { + const { storePath, entry } = loadSessionEntry(sessionKey); + if (!entry?.sessionId) { + return []; + } + const messages = readSessionMessages(entry.sessionId, storePath, entry.sessionFile); + const assistantTexts: string[] = []; + for (const message of messages) { + if (!message || typeof message !== "object") { + continue; + } + const role = (message as { role?: unknown }).role; + if (role !== "assistant") { + continue; + } + assistantTexts.push(extractTranscriptMessageText(message)); + } + return assistantTexts; +} + +async function waitForSessionAssistantText(params: { + sessionKey: string; + baselineAssistantCount: number; + context: string; +}) { + const startedAt = Date.now(); + let delayMs = 50; + while (Date.now() - startedAt < GATEWAY_LIVE_PROBE_TIMEOUT_MS) { + const assistantTexts = readSessionAssistantTexts(params.sessionKey); + if (assistantTexts.length > params.baselineAssistantCount) { + const freshText = assistantTexts + .slice(params.baselineAssistantCount) + .map((text) => text.trim()) + .findLast((text) => text.length > 0); + if (freshText) { + return freshText; + } + } + await new Promise((resolve) => setTimeout(resolve, delayMs)); + delayMs = Math.min(delayMs * 2, 250); + } + throw new Error(`probe timeout after ${GATEWAY_LIVE_PROBE_TIMEOUT_MS}ms (${params.context})`); +} + +async function requestGatewayAgentText(params: { + client: GatewayClient; + sessionKey: string; + message: string; + thinkingLevel: string; + context: string; + idempotencyKey: string; + attachments?: Array<{ + mimeType: string; + fileName: string; + content: string; + }>; +}) { + const baselineAssistantCount = readSessionAssistantTexts(params.sessionKey).length; + const accepted = await withGatewayLiveProbeTimeout( + params.client.request<{ runId?: unknown; status?: unknown }>("agent", { + sessionKey: params.sessionKey, + idempotencyKey: params.idempotencyKey, + message: params.message, + thinking: params.thinkingLevel, + deliver: false, + attachments: params.attachments, + }), + `${params.context}: agent-accept`, + ); + if (accepted?.status !== "accepted") { + throw new Error(`agent status=${String(accepted?.status)}`); + } + return await waitForSessionAssistantText({ + sessionKey: params.sessionKey, + baselineAssistantCount, + context: `${params.context}: transcript-final`, + }); +} + type GatewayModelSuiteParams = { label: string; cfg: OpenClawConfig; @@ -636,6 +744,8 @@ function buildMinimaxProviderOverride(params: { } async function runGatewayModelSuite(params: GatewayModelSuiteParams) { + clearRuntimeConfigSnapshot(); + const runtimeEnv = enterProductionEnvForLiveRun(); const previous = { configPath: process.env.OPENCLAW_CONFIG_PATH, token: process.env.OPENCLAW_GATEWAY_TOKEN, @@ -793,48 +903,26 @@ async function runGatewayModelSuite(params: GatewayModelSuiteParams) { ); logProgress(`${progressLabel}: prompt`); - const runId = randomUUID(); - const payload = await withGatewayLiveProbeTimeout( - client.request( - "agent", - { - sessionKey, - idempotencyKey: `idem-${runId}`, - message: - "Explain in 2-3 sentences how the JavaScript event loop handles microtasks vs macrotasks. Must mention both words: microtask and macrotask.", - thinking: params.thinkingLevel, - deliver: false, - }, - { expectFinal: true }, - ), - `${progressLabel}: prompt`, - ); - - if (payload?.status !== "ok") { - throw new Error(`agent status=${String(payload?.status)}`); - } - let text = extractPayloadText(payload?.result); + let text = await requestGatewayAgentText({ + client, + sessionKey, + idempotencyKey: `idem-${randomUUID()}`, + message: + "Explain in 2-3 sentences how the JavaScript event loop handles microtasks vs macrotasks. Must mention both words: microtask and macrotask.", + thinkingLevel: params.thinkingLevel, + context: `${progressLabel}: prompt`, + }); if (!text) { logProgress(`${progressLabel}: empty response, retrying`); - const retry = await withGatewayLiveProbeTimeout( - client.request( - "agent", - { - sessionKey, - idempotencyKey: `idem-${randomUUID()}-retry`, - message: - "Explain in 2-3 sentences how the JavaScript event loop handles microtasks vs macrotasks. Must mention both words: microtask and macrotask.", - thinking: params.thinkingLevel, - deliver: false, - }, - { expectFinal: true }, - ), - `${progressLabel}: prompt-retry`, - ); - if (retry?.status !== "ok") { - throw new Error(`agent status=${String(retry?.status)}`); - } - text = extractPayloadText(retry?.result); + text = await requestGatewayAgentText({ + client, + sessionKey, + idempotencyKey: `idem-${randomUUID()}-retry`, + message: + "Explain in 2-3 sentences how the JavaScript event loop handles microtasks vs macrotasks. Must mention both words: microtask and macrotask.", + thinkingLevel: params.thinkingLevel, + context: `${progressLabel}: prompt-retry`, + }); } if (!text && isGoogleishProvider(model.provider)) { logProgress(`${progressLabel}: skip (google empty response)`); @@ -881,36 +969,20 @@ async function runGatewayModelSuite(params: GatewayModelSuiteParams) { toolReadAttempt += 1 ) { const strictReply = toolReadAttempt > 0; - const toolProbe = await withGatewayLiveProbeTimeout( - client.request( - "agent", - { - sessionKey, - idempotencyKey: `idem-${runIdTool}-tool-${toolReadAttempt + 1}`, - message: strictReply - ? "OpenClaw live tool probe (local, safe): " + - `use the tool named \`read\` (or \`Read\`) with JSON arguments {"path":"${toolProbePath}"}. ` + - `Then reply with exactly: ${nonceA} ${nonceB}. No extra text.` - : "OpenClaw live tool probe (local, safe): " + - `use the tool named \`read\` (or \`Read\`) with JSON arguments {"path":"${toolProbePath}"}. ` + - "Then reply with the two nonce values you read (include both).", - thinking: params.thinkingLevel, - deliver: false, - }, - { expectFinal: true }, - ), - `${progressLabel}: tool-read`, - ); - if (toolProbe?.status !== "ok") { - if (toolReadAttempt + 1 < maxToolReadAttempts) { - logProgress( - `${progressLabel}: tool-read retry (${toolReadAttempt + 2}/${maxToolReadAttempts}) status=${String(toolProbe?.status)}`, - ); - continue; - } - throw new Error(`tool probe failed: status=${String(toolProbe?.status)}`); - } - toolText = extractPayloadText(toolProbe?.result); + toolText = await requestGatewayAgentText({ + client, + sessionKey, + idempotencyKey: `idem-${runIdTool}-tool-${toolReadAttempt + 1}`, + message: strictReply + ? "OpenClaw live tool probe (local, safe): " + + `use the tool named \`read\` (or \`Read\`) with JSON arguments {"path":"${toolProbePath}"}. ` + + `Then reply with exactly: ${nonceA} ${nonceB}. No extra text.` + : "OpenClaw live tool probe (local, safe): " + + `use the tool named \`read\` (or \`Read\`) with JSON arguments {"path":"${toolProbePath}"}. ` + + "Then reply with the two nonce values you read (include both).", + thinkingLevel: params.thinkingLevel, + context: `${progressLabel}: tool-read`, + }); if ( isEmptyStreamText(toolText) && (model.provider === "minimax" || model.provider === "openai-codex") @@ -960,40 +1032,24 @@ async function runGatewayModelSuite(params: GatewayModelSuiteParams) { execReadAttempt += 1 ) { const strictReply = execReadAttempt > 0; - const execReadProbe = await withGatewayLiveProbeTimeout( - client.request( - "agent", - { - sessionKey, - idempotencyKey: `idem-${runIdTool}-exec-read-${execReadAttempt + 1}`, - message: strictReply - ? "OpenClaw live tool probe (local, safe): " + - "use the tool named `exec` (or `Exec`) to run this command: " + - `mkdir -p "${tempDir}" && printf '%s' '${nonceC}' > "${toolWritePath}". ` + - `Then use the tool named \`read\` (or \`Read\`) with JSON arguments {"path":"${toolWritePath}"}. ` + - `Then reply with exactly: ${nonceC}. No extra text.` - : "OpenClaw live tool probe (local, safe): " + - "use the tool named `exec` (or `Exec`) to run this command: " + - `mkdir -p "${tempDir}" && printf '%s' '${nonceC}' > "${toolWritePath}". ` + - `Then use the tool named \`read\` (or \`Read\`) with JSON arguments {"path":"${toolWritePath}"}. ` + - "Finally reply including the nonce text you read back.", - thinking: params.thinkingLevel, - deliver: false, - }, - { expectFinal: true }, - ), - `${progressLabel}: tool-exec`, - ); - if (execReadProbe?.status !== "ok") { - if (execReadAttempt + 1 < maxExecReadAttempts) { - logProgress( - `${progressLabel}: tool-exec retry (${execReadAttempt + 2}/${maxExecReadAttempts}) status=${String(execReadProbe?.status)}`, - ); - continue; - } - throw new Error(`exec+read probe failed: status=${String(execReadProbe?.status)}`); - } - execReadText = extractPayloadText(execReadProbe?.result); + execReadText = await requestGatewayAgentText({ + client, + sessionKey, + idempotencyKey: `idem-${runIdTool}-exec-read-${execReadAttempt + 1}`, + message: strictReply + ? "OpenClaw live tool probe (local, safe): " + + "use the tool named `exec` (or `Exec`) to run this command: " + + `mkdir -p "${tempDir}" && printf '%s' '${nonceC}' > "${toolWritePath}". ` + + `Then use the tool named \`read\` (or \`Read\`) with JSON arguments {"path":"${toolWritePath}"}. ` + + `Then reply with exactly: ${nonceC}. No extra text.` + : "OpenClaw live tool probe (local, safe): " + + "use the tool named `exec` (or `Exec`) to run this command: " + + `mkdir -p "${tempDir}" && printf '%s' '${nonceC}' > "${toolWritePath}". ` + + `Then use the tool named \`read\` (or \`Read\`) with JSON arguments {"path":"${toolWritePath}"}. ` + + "Finally reply including the nonce text you read back.", + thinkingLevel: params.thinkingLevel, + context: `${progressLabel}: tool-exec`, + }); if ( isEmptyStreamText(execReadText) && (model.provider === "minimax" || model.provider === "openai-codex") @@ -1040,62 +1096,51 @@ async function runGatewayModelSuite(params: GatewayModelSuiteParams) { const imageBase64 = renderCatNoncePngBase64(imageCode); const runIdImage = randomUUID(); - const imageProbe = await withGatewayLiveProbeTimeout( - client.request( - "agent", + const imageText = await requestGatewayAgentText({ + client, + sessionKey, + idempotencyKey: `idem-${runIdImage}-image`, + message: + "Look at the attached image. Reply with exactly two tokens separated by a single space: " + + "(1) the animal shown or written in the image, lowercase; " + + "(2) the code printed in the image, uppercase. No extra text.", + attachments: [ { - sessionKey, - idempotencyKey: `idem-${runIdImage}-image`, - message: - "Look at the attached image. Reply with exactly two tokens separated by a single space: " + - "(1) the animal shown or written in the image, lowercase; " + - "(2) the code printed in the image, uppercase. No extra text.", - attachments: [ - { - mimeType: "image/png", - fileName: `probe-${runIdImage}.png`, - content: imageBase64, - }, - ], - thinking: params.thinkingLevel, - deliver: false, + mimeType: "image/png", + fileName: `probe-${runIdImage}.png`, + content: imageBase64, }, - { expectFinal: true }, - ), - `${progressLabel}: image`, - ); + ], + thinkingLevel: params.thinkingLevel, + context: `${progressLabel}: image`, + }); // Best-effort: do not fail the whole live suite on flaky image handling. // (We still keep prompt + tool probes as hard checks.) - if (imageProbe?.status !== "ok") { - logProgress(`${progressLabel}: image skip (status=${String(imageProbe?.status)})`); + if ( + isEmptyStreamText(imageText) && + (model.provider === "minimax" || model.provider === "openai-codex") + ) { + logProgress(`${progressLabel}: image skip (${model.provider} empty response)`); } else { - const imageText = extractPayloadText(imageProbe?.result); - if ( - isEmptyStreamText(imageText) && - (model.provider === "minimax" || model.provider === "openai-codex") - ) { - logProgress(`${progressLabel}: image skip (${model.provider} empty response)`); + assertNoReasoningTags({ + text: imageText, + model: modelKey, + phase: "image", + label: params.label, + }); + if (!/\bcat\b/i.test(imageText)) { + logProgress(`${progressLabel}: image skip (missing 'cat')`); } else { - assertNoReasoningTags({ - text: imageText, - model: modelKey, - phase: "image", - label: params.label, - }); - if (!/\bcat\b/i.test(imageText)) { - logProgress(`${progressLabel}: image skip (missing 'cat')`); - } else { - const candidates = imageText.toUpperCase().match(/[A-Z0-9]{6,20}/g) ?? []; - const bestDistance = candidates.reduce((best, cand) => { - if (Math.abs(cand.length - imageCode.length) > 2) { - return best; - } - return Math.min(best, editDistance(cand, imageCode)); - }, Number.POSITIVE_INFINITY); - // OCR / image-read flake: allow a small edit distance, but still require the "cat" token above. - if (!(bestDistance <= 3)) { - logProgress(`${progressLabel}: image skip (code mismatch)`); + const candidates = imageText.toUpperCase().match(/[A-Z0-9]{6,20}/g) ?? []; + const bestDistance = candidates.reduce((best, cand) => { + if (Math.abs(cand.length - imageCode.length) > 2) { + return best; } + return Math.min(best, editDistance(cand, imageCode)); + }, Number.POSITIVE_INFINITY); + // OCR / image-read flake: allow a small edit distance, but still require the "cat" token above. + if (!(bestDistance <= 3)) { + logProgress(`${progressLabel}: image skip (code mismatch)`); } } } @@ -1108,24 +1153,14 @@ async function runGatewayModelSuite(params: GatewayModelSuiteParams) { ) { logProgress(`${progressLabel}: tool-only regression`); const runId2 = randomUUID(); - const first = await withGatewayLiveProbeTimeout( - client.request( - "agent", - { - sessionKey, - idempotencyKey: `idem-${runId2}-1`, - message: `Call the tool named \`read\` (or \`Read\`) on "${toolProbePath}". Do not write any other text.`, - thinking: params.thinkingLevel, - deliver: false, - }, - { expectFinal: true }, - ), - `${progressLabel}: tool-only-regression-first`, - ); - if (first?.status !== "ok") { - throw new Error(`tool-only turn failed: status=${String(first?.status)}`); - } - const firstText = extractPayloadText(first?.result); + const firstText = await requestGatewayAgentText({ + client, + sessionKey, + idempotencyKey: `idem-${runId2}-1`, + message: `Call the tool named \`read\` (or \`Read\`) on "${toolProbePath}". Do not write any other text.`, + thinkingLevel: params.thinkingLevel, + context: `${progressLabel}: tool-only-regression-first`, + }); assertNoReasoningTags({ text: firstText, model: modelKey, @@ -1133,24 +1168,14 @@ async function runGatewayModelSuite(params: GatewayModelSuiteParams) { label: params.label, }); - const second = await withGatewayLiveProbeTimeout( - client.request( - "agent", - { - sessionKey, - idempotencyKey: `idem-${runId2}-2`, - message: `Now answer: what are the values of nonceA and nonceB in "${toolProbePath}"? Reply with exactly: ${nonceA} ${nonceB}.`, - thinking: params.thinkingLevel, - deliver: false, - }, - { expectFinal: true }, - ), - `${progressLabel}: tool-only-regression-second`, - ); - if (second?.status !== "ok") { - throw new Error(`post-tool message failed: status=${String(second?.status)}`); - } - const reply = extractPayloadText(second?.result); + const reply = await requestGatewayAgentText({ + client, + sessionKey, + idempotencyKey: `idem-${runId2}-2`, + message: `Now answer: what are the values of nonceA and nonceB in "${toolProbePath}"? Reply with exactly: ${nonceA} ${nonceB}.`, + thinkingLevel: params.thinkingLevel, + context: `${progressLabel}: tool-only-regression-second`, + }); assertNoReasoningTags({ text: reply, model: modelKey, @@ -1290,6 +1315,8 @@ async function runGatewayModelSuite(params: GatewayModelSuiteParams) { logProgress(`[${params.label}] skipped all models (missing profiles)`); } } finally { + clearRuntimeConfigSnapshot(); + restoreProductionEnvForLiveRun(runtimeEnv); client.stop(); await server.close({ reason: "live test complete" }); await fs.rm(toolProbePath, { force: true }); @@ -1317,6 +1344,7 @@ describeLive("gateway live (dev agent, profile keys)", () => { it( "runs meaningful prompts across models with available keys", async () => { + clearRuntimeConfigSnapshot(); const cfg = loadConfig(); await ensureOpenClawModelsJson(cfg); @@ -1422,6 +1450,8 @@ describeLive("gateway live (dev agent, profile keys)", () => { if (!ZAI_FALLBACK) { return; } + clearRuntimeConfigSnapshot(); + const runtimeEnv = enterProductionEnvForLiveRun(); const previous = { configPath: process.env.OPENCLAW_CONFIG_PATH, token: process.env.OPENCLAW_GATEWAY_TOKEN, @@ -1520,27 +1550,16 @@ describeLive("gateway live (dev agent, profile keys)", () => { "zai-fallback: sessions-reset", ); - const runId = randomUUID(); - const toolProbe = await withGatewayLiveProbeTimeout( - client.request( - "agent", - { - sessionKey, - idempotencyKey: `idem-${runId}-tool`, - message: - `Call the tool named \`read\` (or \`Read\` if \`read\` is unavailable) with JSON arguments {"path":"${toolProbePath}"}. ` + - `Then reply with exactly: ${nonceA} ${nonceB}. No extra text.`, - thinking: THINKING_LEVEL, - deliver: false, - }, - { expectFinal: true }, - ), - "zai-fallback: tool-probe", - ); - if (toolProbe?.status !== "ok") { - throw new Error(`anthropic tool probe failed: status=${String(toolProbe?.status)}`); - } - const toolText = extractPayloadText(toolProbe?.result); + const toolText = await requestGatewayAgentText({ + client, + sessionKey, + idempotencyKey: `idem-${randomUUID()}-tool`, + message: + `Call the tool named \`read\` (or \`Read\` if \`read\` is unavailable) with JSON arguments {"path":"${toolProbePath}"}. ` + + `Then reply with exactly: ${nonceA} ${nonceB}. No extra text.`, + thinkingLevel: THINKING_LEVEL, + context: "zai-fallback: tool-probe", + }); assertNoReasoningTags({ text: toolText, model: "anthropic/claude-opus-4-5", @@ -1559,27 +1578,16 @@ describeLive("gateway live (dev agent, profile keys)", () => { "zai-fallback: sessions-patch-zai", ); - const followupId = randomUUID(); - const followup = await withGatewayLiveProbeTimeout( - client.request( - "agent", - { - sessionKey, - idempotencyKey: `idem-${followupId}-followup`, - message: - `What are the values of nonceA and nonceB in "${toolProbePath}"? ` + - `Reply with exactly: ${nonceA} ${nonceB}.`, - thinking: THINKING_LEVEL, - deliver: false, - }, - { expectFinal: true }, - ), - "zai-fallback: followup", - ); - if (followup?.status !== "ok") { - throw new Error(`zai followup failed: status=${String(followup?.status)}`); - } - const followupText = extractPayloadText(followup?.result); + const followupText = await requestGatewayAgentText({ + client, + sessionKey, + idempotencyKey: `idem-${randomUUID()}-followup`, + message: + `What are the values of nonceA and nonceB in "${toolProbePath}"? ` + + `Reply with exactly: ${nonceA} ${nonceB}.`, + thinkingLevel: THINKING_LEVEL, + context: "zai-fallback: followup", + }); assertNoReasoningTags({ text: followupText, model: "zai/glm-4.7", @@ -1590,6 +1598,8 @@ describeLive("gateway live (dev agent, profile keys)", () => { throw new Error(`zai followup missing nonce: ${followupText}`); } } finally { + clearRuntimeConfigSnapshot(); + restoreProductionEnvForLiveRun(runtimeEnv); client.stop(); await server.close({ reason: "live test complete" }); await fs.rm(toolProbePath, { force: true }); diff --git a/src/gateway/input-allowlist.test.ts b/src/gateway/input-allowlist.test.ts new file mode 100644 index 00000000000..169e8ac03e2 --- /dev/null +++ b/src/gateway/input-allowlist.test.ts @@ -0,0 +1,20 @@ +import { describe, expect, it } from "vitest"; +import { normalizeInputHostnameAllowlist } from "./input-allowlist.js"; + +describe("normalizeInputHostnameAllowlist", () => { + it("treats missing and empty allowlists as unset", () => { + expect(normalizeInputHostnameAllowlist(undefined)).toBeUndefined(); + expect(normalizeInputHostnameAllowlist([])).toBeUndefined(); + }); + + it("drops whitespace-only entries and treats the result as unset", () => { + expect(normalizeInputHostnameAllowlist(["", " "])).toBeUndefined(); + }); + + it("preserves trimmed hostname patterns", () => { + expect(normalizeInputHostnameAllowlist([" cdn.example.com ", "*.assets.example.com"])).toEqual([ + "cdn.example.com", + "*.assets.example.com", + ]); + }); +}); diff --git a/src/gateway/input-allowlist.ts b/src/gateway/input-allowlist.ts index d59b3e6265c..61ad9d06cc4 100644 --- a/src/gateway/input-allowlist.ts +++ b/src/gateway/input-allowlist.ts @@ -1,3 +1,10 @@ +/** + * Normalize optional gateway URL-input hostname allowlists. + * + * Semantics are intentionally: + * - missing / empty / whitespace-only list => no hostname allowlist restriction + * - deny-all URL fetching => use the corresponding `allowUrl: false` switch + */ export function normalizeInputHostnameAllowlist( values: string[] | undefined, ): string[] | undefined { diff --git a/src/gateway/openai-http.ts b/src/gateway/openai-http.ts index c4ffb02b148..5809da5bcee 100644 --- a/src/gateway/openai-http.ts +++ b/src/gateway/openai-http.ts @@ -1,8 +1,8 @@ import { randomUUID } from "node:crypto"; import type { IncomingMessage, ServerResponse } from "node:http"; +import type { ImageContent } from "../agents/command/types.js"; import { createDefaultDeps } from "../cli/deps.js"; import { agentCommandFromIngress } from "../commands/agent.js"; -import type { ImageContent } from "../commands/agent/types.js"; import type { GatewayHttpChatCompletionsConfig } from "../config/types.gateway.js"; import { emitAgentEvent, onAgentEvent } from "../infra/agent-events.js"; import { logWarn } from "../logger.js"; @@ -117,6 +117,7 @@ function buildAgentCommandInput(params: { bestEffortDeliver: false as const, // HTTP API callers are authenticated operator clients for this gateway context. senderIsOwner: true as const, + allowModelOverride: true as const, }; } diff --git a/src/gateway/openresponses-http.ts b/src/gateway/openresponses-http.ts index 97a5fee3c66..9c9e7384445 100644 --- a/src/gateway/openresponses-http.ts +++ b/src/gateway/openresponses-http.ts @@ -8,10 +8,10 @@ import { randomUUID } from "node:crypto"; import type { IncomingMessage, ServerResponse } from "node:http"; +import type { ImageContent } from "../agents/command/types.js"; import type { ClientToolDefinition } from "../agents/pi-embedded-runner/run/params.js"; import { createDefaultDeps } from "../cli/deps.js"; import { agentCommandFromIngress } from "../commands/agent.js"; -import type { ImageContent } from "../commands/agent/types.js"; import type { GatewayHttpResponsesConfig } from "../config/types.gateway.js"; import { emitAgentEvent, onAgentEvent } from "../infra/agent-events.js"; import { logWarn } from "../logger.js"; @@ -256,6 +256,7 @@ async function runResponsesAgentCommand(params: { bestEffortDeliver: false, // HTTP API callers are authenticated operator clients for this gateway context. senderIsOwner: true, + allowModelOverride: true, }, defaultRuntime, params.deps, diff --git a/src/gateway/protocol/schema/agent.ts b/src/gateway/protocol/schema/agent.ts index 11369a4ed4a..b9c844b135b 100644 --- a/src/gateway/protocol/schema/agent.ts +++ b/src/gateway/protocol/schema/agent.ts @@ -75,6 +75,8 @@ export const AgentParamsSchema = Type.Object( { message: NonEmptyString, agentId: Type.Optional(NonEmptyString), + provider: Type.Optional(Type.String()), + model: Type.Optional(Type.String()), to: Type.Optional(Type.String()), replyTo: Type.Optional(Type.String()), sessionId: Type.Optional(Type.String()), diff --git a/src/gateway/server-http.ts b/src/gateway/server-http.ts index fe35da1f356..0ad655f4990 100644 --- a/src/gateway/server-http.ts +++ b/src/gateway/server-http.ts @@ -13,7 +13,7 @@ import { CANVAS_WS_PATH, handleA2uiHttpRequest } from "../canvas-host/a2ui.js"; import type { CanvasHostHandler } from "../canvas-host/server.js"; import { loadConfig } from "../config/config.js"; import type { createSubsystemLogger } from "../logging/subsystem.js"; -import { handleSlackHttpRequest } from "../plugin-sdk-internal/slack.js"; +import { handleSlackHttpRequest } from "../plugin-sdk/slack.js"; import { safeEqualSecret } from "../security/secret-equal.js"; import { AUTH_RATE_LIMIT_SCOPE_HOOK_AUTH, diff --git a/src/gateway/server-methods/agent.test.ts b/src/gateway/server-methods/agent.test.ts index f3b74416c70..06613d9e180 100644 --- a/src/gateway/server-methods/agent.test.ts +++ b/src/gateway/server-methods/agent.test.ts @@ -303,6 +303,107 @@ describe("gateway agent handler", () => { expect(capturedEntry?.acp).toEqual(existingAcpMeta); }); + it("forwards provider and model overrides for admin-scoped callers", async () => { + primeMainAgentRun(); + + await invokeAgent( + { + message: "test override", + agentId: "main", + sessionKey: "agent:main:main", + provider: "anthropic", + model: "claude-haiku-4-5", + idempotencyKey: "test-idem-model-override", + }, + { + reqId: "test-idem-model-override", + client: { + connect: { + scopes: ["operator.admin"], + }, + } as AgentHandlerArgs["client"], + }, + ); + + const lastCall = mocks.agentCommand.mock.calls.at(-1); + expect(lastCall?.[0]).toEqual( + expect.objectContaining({ + provider: "anthropic", + model: "claude-haiku-4-5", + }), + ); + }); + + it("rejects provider and model overrides for write-scoped callers", async () => { + primeMainAgentRun(); + mocks.agentCommand.mockClear(); + const respond = vi.fn(); + + await invokeAgent( + { + message: "test override", + agentId: "main", + sessionKey: "agent:main:main", + provider: "anthropic", + model: "claude-haiku-4-5", + idempotencyKey: "test-idem-model-override-write", + }, + { + reqId: "test-idem-model-override-write", + client: { + connect: { + scopes: ["operator.write"], + }, + } as AgentHandlerArgs["client"], + respond, + }, + ); + + expect(mocks.agentCommand).not.toHaveBeenCalled(); + expect(respond).toHaveBeenCalledWith( + false, + undefined, + expect.objectContaining({ + message: "provider/model overrides are not authorized for this caller.", + }), + ); + }); + + it("forwards provider and model overrides when internal override authorization is set", async () => { + primeMainAgentRun(); + + await invokeAgent( + { + message: "test override", + agentId: "main", + sessionKey: "agent:main:main", + provider: "anthropic", + model: "claude-haiku-4-5", + idempotencyKey: "test-idem-model-override-internal", + }, + { + reqId: "test-idem-model-override-internal", + client: { + connect: { + scopes: ["operator.write"], + }, + internal: { + allowModelOverride: true, + }, + } as AgentHandlerArgs["client"], + }, + ); + + const lastCall = mocks.agentCommand.mock.calls.at(-1); + expect(lastCall?.[0]).toEqual( + expect.objectContaining({ + provider: "anthropic", + model: "claude-haiku-4-5", + senderIsOwner: false, + }), + ); + }); + it("preserves cliSessionIds from existing session entry", async () => { const existingCliSessionIds = { "claude-cli": "abc-123-def" }; const existingClaudeCliSessionId = "abc-123-def"; diff --git a/src/gateway/server-methods/agent.ts b/src/gateway/server-methods/agent.ts index 5a7507345df..9ab032a2edd 100644 --- a/src/gateway/server-methods/agent.ts +++ b/src/gateway/server-methods/agent.ts @@ -71,6 +71,12 @@ function resolveSenderIsOwnerFromClient(client: GatewayRequestHandlerOptions["cl return scopes.includes(ADMIN_SCOPE); } +function resolveAllowModelOverrideFromClient( + client: GatewayRequestHandlerOptions["client"], +): boolean { + return resolveSenderIsOwnerFromClient(client) || client?.internal?.allowModelOverride === true; +} + async function runSessionResetFromAgent(params: { key: string; reason: "new" | "reset"; @@ -162,6 +168,8 @@ export const agentHandlers: GatewayRequestHandlers = { const request = p as { message: string; agentId?: string; + provider?: string; + model?: string; to?: string; replyTo?: string; sessionId?: string; @@ -192,6 +200,21 @@ export const agentHandlers: GatewayRequestHandlers = { inputProvenance?: InputProvenance; }; const senderIsOwner = resolveSenderIsOwnerFromClient(client); + const allowModelOverride = resolveAllowModelOverrideFromClient(client); + const requestedModelOverride = Boolean(request.provider || request.model); + if (requestedModelOverride && !allowModelOverride) { + respond( + false, + undefined, + errorShape( + ErrorCodes.INVALID_REQUEST, + "provider/model overrides are not authorized for this caller.", + ), + ); + return; + } + const providerOverride = allowModelOverride ? request.provider : undefined; + const modelOverride = allowModelOverride ? request.model : undefined; const cfg = loadConfig(); const idem = request.idempotencyKey; const normalizedSpawned = normalizeSpawnedRunMetadata({ @@ -584,6 +607,8 @@ export const agentHandlers: GatewayRequestHandlers = { ingressOpts: { message, images, + provider: providerOverride, + model: modelOverride, to: resolvedTo, sessionId: resolvedSessionId, sessionKey: resolvedSessionKey, @@ -619,6 +644,7 @@ export const agentHandlers: GatewayRequestHandlers = { workspaceDir: sessionEntry?.spawnedWorkspaceDir, }), senderIsOwner, + allowModelOverride, }, runId, idempotencyKey: idem, diff --git a/src/gateway/server-methods/config.ts b/src/gateway/server-methods/config.ts index 6e6cf9e92e3..977a59f00b5 100644 --- a/src/gateway/server-methods/config.ts +++ b/src/gateway/server-methods/config.ts @@ -249,6 +249,9 @@ function loadSchemaWithPlugins(): ConfigSchemaResponse { config: cfg, cache: true, workspaceDir, + runtimeOptions: { + allowGatewaySubagentBinding: true, + }, logger: { info: () => {}, warn: () => {}, diff --git a/src/gateway/server-methods/devices.ts b/src/gateway/server-methods/devices.ts index 862aaf95f06..3917f49d301 100644 --- a/src/gateway/server-methods/devices.ts +++ b/src/gateway/server-methods/devices.ts @@ -11,7 +11,7 @@ import { summarizeDeviceTokens, } from "../../infra/device-pairing.js"; import { normalizeDeviceAuthScopes } from "../../shared/device-auth.js"; -import { roleScopesAllow } from "../../shared/operator-scope-compat.js"; +import { resolveMissingRequestedScope } from "../../shared/operator-scope-compat.js"; import { ErrorCodes, errorShape, @@ -37,25 +37,6 @@ function redactPairedDevice( }; } -function resolveMissingRequestedScope(params: { - role: string; - requestedScopes: readonly string[]; - callerScopes: readonly string[]; -}): string | null { - for (const scope of params.requestedScopes) { - if ( - !roleScopesAllow({ - role: params.role, - requestedScopes: [scope], - allowedScopes: params.callerScopes, - }) - ) { - return scope; - } - } - return null; -} - function logDeviceTokenRotationDenied(params: { log: { warn: (message: string) => void }; deviceId: string; @@ -234,7 +215,7 @@ export const deviceHandlers: GatewayRequestHandlers = { const missingScope = resolveMissingRequestedScope({ role, requestedScopes, - callerScopes, + allowedScopes: callerScopes, }); if (missingScope) { logDeviceTokenRotationDenied({ diff --git a/src/gateway/server-methods/exec-approval.ts b/src/gateway/server-methods/exec-approval.ts index 81d479cbbd6..383e8498a28 100644 --- a/src/gateway/server-methods/exec-approval.ts +++ b/src/gateway/server-methods/exec-approval.ts @@ -4,7 +4,10 @@ import { DEFAULT_EXEC_APPROVAL_TIMEOUT_MS, type ExecApprovalDecision, } from "../../infra/exec-approvals.js"; -import { buildSystemRunApprovalBinding } from "../../infra/system-run-approval-binding.js"; +import { + buildSystemRunApprovalBinding, + buildSystemRunApprovalEnvBinding, +} from "../../infra/system-run-approval-binding.js"; import { resolveSystemRunApprovalRequestContext } from "../../infra/system-run-approval-context.js"; import type { ExecApprovalManager } from "../exec-approval-manager.js"; import { @@ -107,6 +110,7 @@ export function createExecApprovalHandlers( ); return; } + const envBinding = buildSystemRunApprovalEnvBinding(p.env); const systemRunBinding = host === "node" ? buildSystemRunApprovalBinding({ @@ -132,7 +136,7 @@ export function createExecApprovalHandlers( ? undefined : sanitizeExecApprovalDisplayText(approvalContext.commandPreview), commandArgv: host === "node" ? undefined : effectiveCommandArgv, - envKeys: systemRunBinding?.envKeys?.length ? systemRunBinding.envKeys : undefined, + envKeys: envBinding.envKeys.length > 0 ? envBinding.envKeys : undefined, systemRunBinding: systemRunBinding?.binding ?? null, systemRunPlan: approvalContext.plan, cwd: effectiveCwd ?? null, diff --git a/src/gateway/server-methods/server-methods.test.ts b/src/gateway/server-methods/server-methods.test.ts index bd42485f4f8..a7afcb60f5f 100644 --- a/src/gateway/server-methods/server-methods.test.ts +++ b/src/gateway/server-methods/server-methods.test.ts @@ -6,7 +6,10 @@ import { fileURLToPath } from "node:url"; import { afterEach, beforeAll, beforeEach, describe, expect, it, vi } from "vitest"; import { emitAgentEvent } from "../../infra/agent-events.js"; import { formatZonedTimestamp } from "../../infra/format-time/format-datetime.js"; -import { buildSystemRunApprovalBinding } from "../../infra/system-run-approval-binding.js"; +import { + buildSystemRunApprovalBinding, + buildSystemRunApprovalEnvBinding, +} from "../../infra/system-run-approval-binding.js"; import { resetLogger, setLoggerOverride } from "../../logging.js"; import { ExecApprovalManager } from "../exec-approval-manager.js"; import { validateExecApprovalRequestParams } from "../protocol/index.js"; @@ -583,6 +586,31 @@ describe("exec approval handlers", () => { ); }); + it("stores sorted env keys for gateway approvals without node-only binding", async () => { + const { handlers, broadcasts, respond, context } = createExecApprovalFixture(); + await requestExecApproval({ + handlers, + respond, + context, + params: { + host: "gateway", + nodeId: undefined, + systemRunPlan: undefined, + env: { + Z_VAR: "z", + A_VAR: "a", + }, + }, + }); + const requested = broadcasts.find((entry) => entry.event === "exec.approval.requested"); + expect(requested).toBeTruthy(); + const request = (requested?.payload as { request?: Record })?.request ?? {}; + expect(request["envKeys"]).toEqual( + buildSystemRunApprovalEnvBinding({ A_VAR: "a", Z_VAR: "z" }).envKeys, + ); + expect(request["systemRunBinding"]).toBeNull(); + }); + it("prefers systemRunPlan canonical command/cwd when present", async () => { const { handlers, broadcasts, respond, context } = createExecApprovalFixture(); await requestExecApproval({ diff --git a/src/gateway/server-methods/tools-catalog.test.ts b/src/gateway/server-methods/tools-catalog.test.ts index 70fcdcdf85e..b806bbdd14d 100644 --- a/src/gateway/server-methods/tools-catalog.test.ts +++ b/src/gateway/server-methods/tools-catalog.test.ts @@ -1,4 +1,5 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; +import { resolvePluginTools } from "../../plugins/tools.js"; import { ErrorCodes } from "../protocol/index.js"; import { toolsCatalogHandlers } from "./tools-catalog.js"; @@ -117,4 +118,16 @@ describe("tools.catalog handler", () => { optional: true, }); }); + + it("opts plugin tool catalog loads into gateway subagent binding", async () => { + const { invoke } = createInvokeParams({}); + + await invoke(); + + expect(vi.mocked(resolvePluginTools)).toHaveBeenCalledWith( + expect.objectContaining({ + allowGatewaySubagentBinding: true, + }), + ); + }); }); diff --git a/src/gateway/server-methods/tools-catalog.ts b/src/gateway/server-methods/tools-catalog.ts index 27f488822a3..2eec921c4c0 100644 --- a/src/gateway/server-methods/tools-catalog.ts +++ b/src/gateway/server-methods/tools-catalog.ts @@ -85,6 +85,7 @@ function buildPluginGroups(params: { existingToolNames: params.existingToolNames, toolAllowlist: ["group:plugins"], suppressNameConflicts: true, + allowGatewaySubagentBinding: true, }); const groups = new Map(); for (const tool of pluginTools) { diff --git a/src/gateway/server-methods/tts.ts b/src/gateway/server-methods/tts.ts index 5e4e8254eba..0f7729bf3b5 100644 --- a/src/gateway/server-methods/tts.ts +++ b/src/gateway/server-methods/tts.ts @@ -1,4 +1,5 @@ import { loadConfig } from "../../config/config.js"; +import { listSpeechProviders, normalizeSpeechProviderId } from "../../tts/provider-registry.js"; import { OPENAI_TTS_MODELS, OPENAI_TTS_VOICES, @@ -26,9 +27,9 @@ export const ttsHandlers: GatewayRequestHandlers = { const prefsPath = resolveTtsPrefsPath(config); const provider = getTtsProvider(config, prefsPath); const autoMode = resolveTtsAutoMode({ config, prefsPath }); - const fallbackProviders = resolveTtsProviderOrder(provider) + const fallbackProviders = resolveTtsProviderOrder(provider, cfg) .slice(1) - .filter((candidate) => isTtsProviderConfigured(config, candidate)); + .filter((candidate) => isTtsProviderConfigured(config, candidate, cfg)); respond(true, { enabled: isTtsEnabled(config, prefsPath), auto: autoMode, @@ -38,7 +39,7 @@ export const ttsHandlers: GatewayRequestHandlers = { prefsPath, hasOpenAIKey: Boolean(resolveTtsApiKey(config, "openai")), hasElevenLabsKey: Boolean(resolveTtsApiKey(config, "elevenlabs")), - edgeEnabled: isTtsProviderConfigured(config, "edge"), + microsoftEnabled: isTtsProviderConfigured(config, "microsoft", cfg), }); } catch (err) { respond(false, undefined, errorShape(ErrorCodes.UNAVAILABLE, formatForLog(err))); @@ -99,20 +100,23 @@ export const ttsHandlers: GatewayRequestHandlers = { } }, "tts.setProvider": async ({ params, respond }) => { - const provider = typeof params.provider === "string" ? params.provider.trim() : ""; - if (provider !== "openai" && provider !== "elevenlabs" && provider !== "edge") { + const provider = normalizeSpeechProviderId( + typeof params.provider === "string" ? params.provider.trim() : "", + ); + const cfg = loadConfig(); + const knownProviders = new Set(listSpeechProviders(cfg).map((entry) => entry.id)); + if (!provider || !knownProviders.has(provider)) { respond( false, undefined, errorShape( ErrorCodes.INVALID_REQUEST, - "Invalid provider. Use openai, elevenlabs, or edge.", + "Invalid provider. Use a registered TTS provider id such as openai, elevenlabs, or microsoft.", ), ); return; } try { - const cfg = loadConfig(); const config = resolveTtsConfig(cfg); const prefsPath = resolveTtsPrefsPath(config); setTtsProvider(prefsPath, provider); @@ -127,27 +131,19 @@ export const ttsHandlers: GatewayRequestHandlers = { const config = resolveTtsConfig(cfg); const prefsPath = resolveTtsPrefsPath(config); respond(true, { - providers: [ - { - id: "openai", - name: "OpenAI", - configured: Boolean(resolveTtsApiKey(config, "openai")), - models: [...OPENAI_TTS_MODELS], - voices: [...OPENAI_TTS_VOICES], - }, - { - id: "elevenlabs", - name: "ElevenLabs", - configured: Boolean(resolveTtsApiKey(config, "elevenlabs")), - models: ["eleven_multilingual_v2", "eleven_turbo_v2_5", "eleven_monolingual_v1"], - }, - { - id: "edge", - name: "Edge TTS", - configured: isTtsProviderConfigured(config, "edge"), - models: [], - }, - ], + providers: listSpeechProviders(cfg).map((provider) => ({ + id: provider.id, + name: provider.label, + configured: provider.isConfigured({ cfg, config }), + models: + provider.id === "openai" && provider.models == null + ? [...OPENAI_TTS_MODELS] + : [...(provider.models ?? [])], + voices: + provider.id === "openai" && provider.voices == null + ? [...OPENAI_TTS_VOICES] + : [...(provider.voices ?? [])], + })), active: getTtsProvider(config, prefsPath), }); } catch (err) { diff --git a/src/gateway/server-methods/types.ts b/src/gateway/server-methods/types.ts index 4998a84c842..ab3a5c889c2 100644 --- a/src/gateway/server-methods/types.ts +++ b/src/gateway/server-methods/types.ts @@ -21,6 +21,10 @@ export type GatewayClient = { canvasHostUrl?: string; canvasCapability?: string; canvasCapabilityExpiresAtMs?: number; + /** Internal-only auth context that cannot be supplied through gateway RPC payloads. */ + internal?: { + allowModelOverride?: boolean; + }; }; export type RespondFn = ( diff --git a/src/gateway/server-node-events.ts b/src/gateway/server-node-events.ts index 8ab24644101..c2aa3c454c7 100644 --- a/src/gateway/server-node-events.ts +++ b/src/gateway/server-node-events.ts @@ -310,6 +310,7 @@ export const handleNodeEvent = async (ctx: NodeEventContext, nodeId: string, evt sourceTool: "gateway.voice.transcript", }, senderIsOwner: false, + allowModelOverride: false, }, defaultRuntime, ctx.deps, @@ -441,6 +442,7 @@ export const handleNodeEvent = async (ctx: NodeEventContext, nodeId: string, evt typeof link?.timeoutSeconds === "number" ? link.timeoutSeconds.toString() : undefined, messageChannel: "node", senderIsOwner: false, + allowModelOverride: false, }, defaultRuntime, ctx.deps, diff --git a/src/gateway/server-plugins.test.ts b/src/gateway/server-plugins.test.ts index 489ce365d61..1ad6bf858ef 100644 --- a/src/gateway/server-plugins.test.ts +++ b/src/gateway/server-plugins.test.ts @@ -1,10 +1,14 @@ import { afterEach, beforeEach, describe, expect, test, vi } from "vitest"; import type { PluginRegistry } from "../plugins/registry.js"; +import type { PluginRuntimeGatewayRequestScope } from "../plugins/runtime/gateway-request-scope.js"; import type { PluginRuntime } from "../plugins/runtime/types.js"; import type { PluginDiagnostic } from "../plugins/types.js"; import type { GatewayRequestContext, GatewayRequestOptions } from "./server-methods/types.js"; const loadOpenClawPlugins = vi.hoisted(() => vi.fn()); +const primeConfiguredBindingRegistry = vi.hoisted(() => + vi.fn(() => ({ bindingCount: 0, channelCount: 0 })), +); type HandleGatewayRequestOptions = GatewayRequestOptions & { extraHandlers?: Record; }; @@ -16,10 +20,27 @@ vi.mock("../plugins/loader.js", () => ({ loadOpenClawPlugins, })); +vi.mock("../channels/plugins/binding-registry.js", () => ({ + primeConfiguredBindingRegistry, +})); + vi.mock("./server-methods.js", () => ({ handleGatewayRequest, })); +vi.mock("../channels/registry.js", () => ({ + CHAT_CHANNEL_ORDER: [], + CHANNEL_IDS: [], + listChatChannels: () => [], + listChatChannelAliases: () => [], + getChatChannelMeta: () => null, + normalizeChatChannelId: () => null, + normalizeChannelId: () => null, + normalizeAnyChannelId: () => null, + formatChannelPrimerLine: () => "", + formatChannelSelectionLine: () => "", +})); + const createRegistry = (diagnostics: PluginDiagnostic[]): PluginRegistry => ({ plugins: [], tools: [], @@ -29,11 +50,15 @@ const createRegistry = (diagnostics: PluginDiagnostic[]): PluginRegistry => ({ channelSetups: [], commands: [], providers: [], + speechProviders: [], + mediaUnderstandingProviders: [], + imageGenerationProviders: [], webSearchProviders: [], gatewayHandlers: {}, httpRoutes: [], cliRegistrars: [], services: [], + conversationBindingResolvedHandlers: [], diagnostics, }); @@ -48,11 +73,25 @@ function getLastDispatchedContext(): GatewayRequestContext | undefined { return call?.context; } +function getLastDispatchedParams(): Record | undefined { + const call = handleGatewayRequest.mock.calls.at(-1)?.[0]; + return call?.req?.params as Record | undefined; +} + +function getLastDispatchedClientScopes(): string[] { + const call = handleGatewayRequest.mock.calls.at(-1)?.[0]; + const scopes = call?.client?.connect?.scopes; + return Array.isArray(scopes) ? scopes : []; +} + async function importServerPluginsModule(): Promise { return import("./server-plugins.js"); } -function createSubagentRuntime(serverPlugins: ServerPluginsModule): PluginRuntime["subagent"] { +async function createSubagentRuntime( + serverPlugins: ServerPluginsModule, + cfg: Record = {}, +): Promise { const log = { info: vi.fn(), warn: vi.fn(), @@ -61,24 +100,28 @@ function createSubagentRuntime(serverPlugins: ServerPluginsModule): PluginRuntim }; loadOpenClawPlugins.mockReturnValue(createRegistry([])); serverPlugins.loadGatewayPlugins({ - cfg: {}, + cfg, workspaceDir: "/tmp", log, coreGatewayHandlers: {}, baseMethods: [], }); const call = loadOpenClawPlugins.mock.calls.at(-1)?.[0] as - | { runtimeOptions?: { subagent?: PluginRuntime["subagent"] } } + | { runtimeOptions?: { allowGatewaySubagentBinding?: boolean } } | undefined; - if (!call?.runtimeOptions?.subagent) { - throw new Error("Expected loadGatewayPlugins to provide subagent runtime"); + if (call?.runtimeOptions?.allowGatewaySubagentBinding !== true) { + throw new Error("Expected loadGatewayPlugins to opt into gateway subagent binding"); } - return call.runtimeOptions.subagent; + const runtimeModule = await import("../plugins/runtime/index.js"); + return runtimeModule.createPluginRuntime({ allowGatewaySubagentBinding: true }).subagent; } -beforeEach(() => { +beforeEach(async () => { loadOpenClawPlugins.mockReset(); + primeConfiguredBindingRegistry.mockClear().mockReturnValue({ bindingCount: 0, channelCount: 0 }); handleGatewayRequest.mockReset(); + const runtimeModule = await import("../plugins/runtime/index.js"); + runtimeModule.clearGatewaySubagentRuntime(); handleGatewayRequest.mockImplementation(async (opts: HandleGatewayRequestOptions) => { switch (opts.req.method) { case "agent": @@ -99,7 +142,9 @@ beforeEach(() => { }); }); -afterEach(() => { +afterEach(async () => { + const runtimeModule = await import("../plugins/runtime/index.js"); + runtimeModule.clearGatewaySubagentRuntime(); vi.resetModules(); }); @@ -156,12 +201,227 @@ describe("loadGatewayPlugins", () => { baseMethods: [], }); - const call = loadOpenClawPlugins.mock.calls.at(-1)?.[0]; - const subagent = call?.runtimeOptions?.subagent; + const call = loadOpenClawPlugins.mock.calls.at(-1)?.[0] as + | { runtimeOptions?: { allowGatewaySubagentBinding?: boolean } } + | undefined; + expect(call?.runtimeOptions?.allowGatewaySubagentBinding).toBe(true); + const runtimeModule = await import("../plugins/runtime/index.js"); + const subagent = runtimeModule.createPluginRuntime({ + allowGatewaySubagentBinding: true, + }).subagent; expect(typeof subagent?.getSessionMessages).toBe("function"); expect(typeof subagent?.getSession).toBe("function"); }); + test("forwards provider and model overrides when the request scope is authorized", async () => { + const serverPlugins = await importServerPluginsModule(); + const runtime = await createSubagentRuntime(serverPlugins); + const gatewayScopeModule = await import("../plugins/runtime/gateway-request-scope.js"); + const scope = { + context: createTestContext("request-scope-forward-overrides"), + client: { + connect: { + scopes: ["operator.admin"], + }, + } as GatewayRequestOptions["client"], + isWebchatConnect: () => false, + } satisfies PluginRuntimeGatewayRequestScope; + + await gatewayScopeModule.withPluginRuntimeGatewayRequestScope(scope, () => + runtime.run({ + sessionKey: "s-override", + message: "use the override", + provider: "anthropic", + model: "claude-haiku-4-5", + deliver: false, + }), + ); + + expect(getLastDispatchedParams()).toMatchObject({ + sessionKey: "s-override", + message: "use the override", + provider: "anthropic", + model: "claude-haiku-4-5", + deliver: false, + }); + }); + + test("rejects provider/model overrides for fallback runs without explicit authorization", async () => { + const serverPlugins = await importServerPluginsModule(); + const runtime = await createSubagentRuntime(serverPlugins); + serverPlugins.setFallbackGatewayContext(createTestContext("fallback-deny-overrides")); + + await expect( + runtime.run({ + sessionKey: "s-fallback-override", + message: "use the override", + provider: "anthropic", + model: "claude-haiku-4-5", + deliver: false, + }), + ).rejects.toThrow( + "provider/model override requires plugin identity in fallback subagent runs.", + ); + }); + + test("allows trusted fallback provider/model overrides when plugin config is explicit", async () => { + const serverPlugins = await importServerPluginsModule(); + const runtime = await createSubagentRuntime(serverPlugins, { + plugins: { + entries: { + "voice-call": { + subagent: { + allowModelOverride: true, + allowedModels: ["anthropic/claude-haiku-4-5"], + }, + }, + }, + }, + }); + serverPlugins.setFallbackGatewayContext(createTestContext("fallback-trusted-overrides")); + const gatewayScopeModule = await import("../plugins/runtime/gateway-request-scope.js"); + + await gatewayScopeModule.withPluginRuntimePluginIdScope("voice-call", () => + runtime.run({ + sessionKey: "s-trusted-override", + message: "use trusted override", + provider: "anthropic", + model: "claude-haiku-4-5", + deliver: false, + }), + ); + + expect(getLastDispatchedParams()).toMatchObject({ + sessionKey: "s-trusted-override", + provider: "anthropic", + model: "claude-haiku-4-5", + }); + }); + + test("allows trusted fallback model-only overrides when the model ref is canonical", async () => { + const serverPlugins = await importServerPluginsModule(); + const runtime = await createSubagentRuntime(serverPlugins, { + plugins: { + entries: { + "voice-call": { + subagent: { + allowModelOverride: true, + allowedModels: ["anthropic/claude-haiku-4-5"], + }, + }, + }, + }, + }); + serverPlugins.setFallbackGatewayContext(createTestContext("fallback-model-only-override")); + const gatewayScopeModule = await import("../plugins/runtime/gateway-request-scope.js"); + + await gatewayScopeModule.withPluginRuntimePluginIdScope("voice-call", () => + runtime.run({ + sessionKey: "s-model-only-override", + message: "use trusted model-only override", + model: "anthropic/claude-haiku-4-5", + deliver: false, + }), + ); + + expect(getLastDispatchedParams()).toMatchObject({ + sessionKey: "s-model-only-override", + model: "anthropic/claude-haiku-4-5", + }); + expect(getLastDispatchedParams()).not.toHaveProperty("provider"); + }); + + test("rejects trusted fallback overrides when the configured allowlist normalizes to empty", async () => { + const serverPlugins = await importServerPluginsModule(); + const runtime = await createSubagentRuntime(serverPlugins, { + plugins: { + entries: { + "voice-call": { + subagent: { + allowModelOverride: true, + allowedModels: ["anthropic"], + }, + }, + }, + }, + }); + serverPlugins.setFallbackGatewayContext(createTestContext("fallback-invalid-allowlist")); + const gatewayScopeModule = await import("../plugins/runtime/gateway-request-scope.js"); + + await expect( + gatewayScopeModule.withPluginRuntimePluginIdScope("voice-call", () => + runtime.run({ + sessionKey: "s-invalid-allowlist", + message: "use trusted override", + provider: "anthropic", + model: "claude-haiku-4-5", + deliver: false, + }), + ), + ).rejects.toThrow( + 'plugin "voice-call" configured subagent.allowedModels, but none of the entries normalized to a valid provider/model target.', + ); + }); + + test("uses least-privilege synthetic fallback scopes without admin", async () => { + const serverPlugins = await importServerPluginsModule(); + const runtime = await createSubagentRuntime(serverPlugins); + serverPlugins.setFallbackGatewayContext(createTestContext("synthetic-least-privilege")); + + await runtime.run({ + sessionKey: "s-synthetic", + message: "run synthetic", + deliver: false, + }); + + expect(getLastDispatchedClientScopes()).toEqual(["operator.write"]); + expect(getLastDispatchedClientScopes()).not.toContain("operator.admin"); + }); + + test("allows fallback session reads with synthetic write scope", async () => { + const serverPlugins = await importServerPluginsModule(); + const runtime = await createSubagentRuntime(serverPlugins); + serverPlugins.setFallbackGatewayContext(createTestContext("synthetic-session-read")); + const { authorizeOperatorScopesForMethod } = await import("./method-scopes.js"); + + handleGatewayRequest.mockImplementationOnce(async (opts: HandleGatewayRequestOptions) => { + const scopes = Array.isArray(opts.client?.connect?.scopes) ? opts.client.connect.scopes : []; + const auth = authorizeOperatorScopesForMethod("sessions.get", scopes); + if (!auth.allowed) { + opts.respond(false, undefined, { + code: "INVALID_REQUEST", + message: `missing scope: ${auth.missingScope}`, + }); + return; + } + opts.respond(true, { messages: [{ id: "m-1" }] }); + }); + + await expect( + runtime.getSessionMessages({ + sessionKey: "s-read", + }), + ).resolves.toEqual({ + messages: [{ id: "m-1" }], + }); + + expect(getLastDispatchedClientScopes()).toEqual(["operator.write"]); + expect(getLastDispatchedClientScopes()).not.toContain("operator.admin"); + }); + + test("keeps admin scope for fallback session deletion", async () => { + const serverPlugins = await importServerPluginsModule(); + const runtime = await createSubagentRuntime(serverPlugins); + serverPlugins.setFallbackGatewayContext(createTestContext("synthetic-delete-session")); + + await runtime.deleteSession({ + sessionKey: "s-delete", + deleteTranscript: true, + }); + + expect(getLastDispatchedClientScopes()).toEqual(["operator.admin"]); + }); + test("can prefer setup-runtime channel plugins during startup loads", async () => { const { loadGatewayPlugins } = await importServerPluginsModule(); loadOpenClawPlugins.mockReturnValue(createRegistry([])); @@ -189,6 +449,29 @@ describe("loadGatewayPlugins", () => { ); }); + test("primes configured bindings during gateway startup", async () => { + const { loadGatewayPlugins } = await importServerPluginsModule(); + loadOpenClawPlugins.mockReturnValue(createRegistry([])); + + const log = { + info: vi.fn(), + warn: vi.fn(), + error: vi.fn(), + debug: vi.fn(), + }; + + const cfg = {}; + loadGatewayPlugins({ + cfg, + workspaceDir: "/tmp", + log, + coreGatewayHandlers: {}, + baseMethods: [], + }); + + expect(primeConfiguredBindingRegistry).toHaveBeenCalledWith({ cfg }); + }); + test("can suppress duplicate diagnostics when reloading full runtime plugins", async () => { const { loadGatewayPlugins } = await importServerPluginsModule(); const diagnostics: PluginDiagnostic[] = [ @@ -220,10 +503,9 @@ describe("loadGatewayPlugins", () => { expect(log.error).not.toHaveBeenCalled(); expect(log.info).not.toHaveBeenCalled(); }); - test("shares fallback context across module reloads for existing runtimes", async () => { const first = await importServerPluginsModule(); - const runtime = createSubagentRuntime(first); + const runtime = await createSubagentRuntime(first); const staleContext = createTestContext("stale"); first.setFallbackGatewayContext(staleContext); @@ -241,7 +523,7 @@ describe("loadGatewayPlugins", () => { test("uses updated fallback context after context replacement", async () => { const serverPlugins = await importServerPluginsModule(); - const runtime = createSubagentRuntime(serverPlugins); + const runtime = await createSubagentRuntime(serverPlugins); const firstContext = createTestContext("before-restart"); const secondContext = createTestContext("after-restart"); @@ -256,7 +538,7 @@ describe("loadGatewayPlugins", () => { test("reflects fallback context object mutation at dispatch time", async () => { const serverPlugins = await importServerPluginsModule(); - const runtime = createSubagentRuntime(serverPlugins); + const runtime = await createSubagentRuntime(serverPlugins); const context = { marker: "before-mutation" } as GatewayRequestContext & { marker: string; }; diff --git a/src/gateway/server-plugins.ts b/src/gateway/server-plugins.ts index 4bcf8fa8d08..a997c93cbbc 100644 --- a/src/gateway/server-plugins.ts +++ b/src/gateway/server-plugins.ts @@ -1,8 +1,13 @@ import { randomUUID } from "node:crypto"; +import { normalizeModelRef, parseModelRef } from "../agents/model-selection.js"; +import { primeConfiguredBindingRegistry } from "../channels/plugins/binding-registry.js"; import type { loadConfig } from "../config/config.js"; +import { normalizePluginsConfig } from "../plugins/config-state.js"; import { loadOpenClawPlugins } from "../plugins/loader.js"; import { getPluginRuntimeGatewayRequestScope } from "../plugins/runtime/gateway-request-scope.js"; +import { setGatewaySubagentRuntime } from "../plugins/runtime/index.js"; import type { PluginRuntime } from "../plugins/runtime/types.js"; +import { ADMIN_SCOPE, WRITE_SCOPE } from "./method-scopes.js"; import { GATEWAY_CLIENT_IDS, GATEWAY_CLIENT_MODES } from "./protocol/client-info.js"; import type { ErrorShape } from "./protocol/index.js"; import { PROTOCOL_VERSION } from "./protocol/index.js"; @@ -45,9 +50,168 @@ export function setFallbackGatewayContext(ctx: GatewayRequestContext): void { fallbackGatewayContextState.context = ctx; } +type PluginSubagentOverridePolicy = { + allowModelOverride: boolean; + allowAnyModel: boolean; + hasConfiguredAllowlist: boolean; + allowedModels: Set; +}; + +type PluginSubagentPolicyState = { + policies: Record; +}; + +const PLUGIN_SUBAGENT_POLICY_STATE_KEY: unique symbol = Symbol.for( + "openclaw.pluginSubagentOverridePolicyState", +); + +const pluginSubagentPolicyState: PluginSubagentPolicyState = (() => { + const globalState = globalThis as typeof globalThis & { + [PLUGIN_SUBAGENT_POLICY_STATE_KEY]?: PluginSubagentPolicyState; + }; + const existing = globalState[PLUGIN_SUBAGENT_POLICY_STATE_KEY]; + if (existing) { + return existing; + } + const created: PluginSubagentPolicyState = { + policies: {}, + }; + globalState[PLUGIN_SUBAGENT_POLICY_STATE_KEY] = created; + return created; +})(); + +function normalizeAllowedModelRef(raw: string): string | null { + const trimmed = raw.trim(); + if (!trimmed) { + return null; + } + if (trimmed === "*") { + return "*"; + } + const slash = trimmed.indexOf("/"); + if (slash <= 0 || slash >= trimmed.length - 1) { + return null; + } + const providerRaw = trimmed.slice(0, slash).trim(); + const modelRaw = trimmed.slice(slash + 1).trim(); + if (!providerRaw || !modelRaw) { + return null; + } + const normalized = normalizeModelRef(providerRaw, modelRaw); + return `${normalized.provider}/${normalized.model}`; +} + +function setPluginSubagentOverridePolicies(cfg: ReturnType): void { + const normalized = normalizePluginsConfig(cfg.plugins); + const policies: PluginSubagentPolicyState["policies"] = {}; + for (const [pluginId, entry] of Object.entries(normalized.entries)) { + const allowModelOverride = entry.subagent?.allowModelOverride === true; + const hasConfiguredAllowlist = entry.subagent?.hasAllowedModelsConfig === true; + const configuredAllowedModels = entry.subagent?.allowedModels ?? []; + const allowedModels = new Set(); + let allowAnyModel = false; + for (const modelRef of configuredAllowedModels) { + const normalizedModelRef = normalizeAllowedModelRef(modelRef); + if (!normalizedModelRef) { + continue; + } + if (normalizedModelRef === "*") { + allowAnyModel = true; + continue; + } + allowedModels.add(normalizedModelRef); + } + if ( + !allowModelOverride && + !hasConfiguredAllowlist && + allowedModels.size === 0 && + !allowAnyModel + ) { + continue; + } + policies[pluginId] = { + allowModelOverride, + allowAnyModel, + hasConfiguredAllowlist, + allowedModels, + }; + } + pluginSubagentPolicyState.policies = policies; +} + +function authorizeFallbackModelOverride(params: { + pluginId?: string; + provider?: string; + model?: string; +}): { allowed: true } | { allowed: false; reason: string } { + const pluginId = params.pluginId?.trim(); + if (!pluginId) { + return { + allowed: false, + reason: "provider/model override requires plugin identity in fallback subagent runs.", + }; + } + const policy = pluginSubagentPolicyState.policies[pluginId]; + if (!policy?.allowModelOverride) { + return { + allowed: false, + reason: `plugin "${pluginId}" is not trusted for fallback provider/model override requests.`, + }; + } + if (policy.allowAnyModel) { + return { allowed: true }; + } + if (policy.hasConfiguredAllowlist && policy.allowedModels.size === 0) { + return { + allowed: false, + reason: `plugin "${pluginId}" configured subagent.allowedModels, but none of the entries normalized to a valid provider/model target.`, + }; + } + if (policy.allowedModels.size === 0) { + return { allowed: true }; + } + const requestedModelRef = resolveRequestedFallbackModelRef(params); + if (!requestedModelRef) { + return { + allowed: false, + reason: + "fallback provider/model overrides that use an allowlist must resolve to a canonical provider/model target.", + }; + } + if (policy.allowedModels.has(requestedModelRef)) { + return { allowed: true }; + } + return { + allowed: false, + reason: `model override "${requestedModelRef}" is not allowlisted for plugin "${pluginId}".`, + }; +} + +function resolveRequestedFallbackModelRef(params: { + provider?: string; + model?: string; +}): string | null { + if (params.provider && params.model) { + const normalizedRequest = normalizeModelRef(params.provider, params.model); + return `${normalizedRequest.provider}/${normalizedRequest.model}`; + } + const rawModel = params.model?.trim(); + if (!rawModel || !rawModel.includes("/")) { + return null; + } + const parsed = parseModelRef(rawModel, ""); + if (!parsed?.provider || !parsed.model) { + return null; + } + return `${parsed.provider}/${parsed.model}`; +} + // ── Internal gateway dispatch for plugin runtime ──────────────────── -function createSyntheticOperatorClient(): GatewayRequestOptions["client"] { +function createSyntheticOperatorClient(params?: { + allowModelOverride?: boolean; + scopes?: string[]; +}): GatewayRequestOptions["client"] { return { connect: { minProtocol: PROTOCOL_VERSION, @@ -59,14 +223,30 @@ function createSyntheticOperatorClient(): GatewayRequestOptions["client"] { mode: GATEWAY_CLIENT_MODES.BACKEND, }, role: "operator", - scopes: ["operator.admin", "operator.approvals", "operator.pairing"], + scopes: params?.scopes ?? [WRITE_SCOPE], + }, + internal: { + allowModelOverride: params?.allowModelOverride === true, }, }; } +function hasAdminScope(client: GatewayRequestOptions["client"]): boolean { + const scopes = Array.isArray(client?.connect?.scopes) ? client.connect.scopes : []; + return scopes.includes(ADMIN_SCOPE); +} + +function canClientUseModelOverride(client: GatewayRequestOptions["client"]): boolean { + return hasAdminScope(client) || client?.internal?.allowModelOverride === true; +} + async function dispatchGatewayMethod( method: string, params: Record, + options?: { + allowSyntheticModelOverride?: boolean; + syntheticScopes?: string[]; + }, ): Promise { const scope = getPluginRuntimeGatewayRequestScope(); const context = scope?.context ?? fallbackGatewayContextState.context; @@ -85,7 +265,12 @@ async function dispatchGatewayMethod( method, params, }, - client: scope?.client ?? createSyntheticOperatorClient(), + client: + scope?.client ?? + createSyntheticOperatorClient({ + allowModelOverride: options?.allowSyntheticModelOverride === true, + scopes: options?.syntheticScopes, + }), isWebchatConnect, respond: (ok, payload, error) => { if (!result) { @@ -115,14 +300,42 @@ function createGatewaySubagentRuntime(): PluginRuntime["subagent"] { return { async run(params) { - const payload = await dispatchGatewayMethod<{ runId?: string }>("agent", { - sessionKey: params.sessionKey, - message: params.message, - deliver: params.deliver ?? false, - ...(params.extraSystemPrompt && { extraSystemPrompt: params.extraSystemPrompt }), - ...(params.lane && { lane: params.lane }), - ...(params.idempotencyKey && { idempotencyKey: params.idempotencyKey }), - }); + const scope = getPluginRuntimeGatewayRequestScope(); + const overrideRequested = Boolean(params.provider || params.model); + const hasRequestScopeClient = Boolean(scope?.client); + let allowOverride = hasRequestScopeClient && canClientUseModelOverride(scope?.client ?? null); + let allowSyntheticModelOverride = false; + if (overrideRequested && !allowOverride && !hasRequestScopeClient) { + const fallbackAuth = authorizeFallbackModelOverride({ + pluginId: scope?.pluginId, + provider: params.provider, + model: params.model, + }); + if (!fallbackAuth.allowed) { + throw new Error(fallbackAuth.reason); + } + allowOverride = true; + allowSyntheticModelOverride = true; + } + if (overrideRequested && !allowOverride) { + throw new Error("provider/model override is not authorized for this plugin subagent run."); + } + const payload = await dispatchGatewayMethod<{ runId?: string }>( + "agent", + { + sessionKey: params.sessionKey, + message: params.message, + deliver: params.deliver ?? false, + ...(allowOverride && params.provider && { provider: params.provider }), + ...(allowOverride && params.model && { model: params.model }), + ...(params.extraSystemPrompt && { extraSystemPrompt: params.extraSystemPrompt }), + ...(params.lane && { lane: params.lane }), + ...(params.idempotencyKey && { idempotencyKey: params.idempotencyKey }), + }, + { + allowSyntheticModelOverride, + }, + ); const runId = payload?.runId; if (typeof runId !== "string" || !runId) { throw new Error("Gateway agent method returned an invalid runId."); @@ -151,10 +364,16 @@ function createGatewaySubagentRuntime(): PluginRuntime["subagent"] { return getSessionMessages(params); }, async deleteSession(params) { - await dispatchGatewayMethod("sessions.delete", { - key: params.sessionKey, - deleteTranscript: params.deleteTranscript ?? true, - }); + await dispatchGatewayMethod( + "sessions.delete", + { + key: params.sessionKey, + deleteTranscript: params.deleteTranscript ?? true, + }, + { + syntheticScopes: [ADMIN_SCOPE], + }, + ); }, }; } @@ -175,6 +394,14 @@ export function loadGatewayPlugins(params: { preferSetupRuntimeForChannelPlugins?: boolean; logDiagnostics?: boolean; }) { + setPluginSubagentOverridePolicies(params.cfg); + // Set the process-global gateway subagent runtime BEFORE loading plugins. + // Gateway-owned registries may already exist from schema loads, so the + // gateway path opts those runtimes into late binding rather than changing + // the default subagent behavior for every plugin runtime in the process. + const gatewaySubagent = createGatewaySubagentRuntime(); + setGatewaySubagentRuntime(gatewaySubagent); + const pluginRegistry = loadOpenClawPlugins({ config: params.cfg, workspaceDir: params.workspaceDir, @@ -186,10 +413,11 @@ export function loadGatewayPlugins(params: { }, coreGatewayHandlers: params.coreGatewayHandlers, runtimeOptions: { - subagent: createGatewaySubagentRuntime(), + allowGatewaySubagentBinding: true, }, preferSetupRuntimeForChannelPlugins: params.preferSetupRuntimeForChannelPlugins, }); + primeConfiguredBindingRegistry({ cfg: params.cfg }); const pluginMethods = Object.keys(pluginRegistry.gatewayHandlers); const gatewayMethods = Array.from(new Set([...params.baseMethods, ...pluginMethods])); if ((params.logDiagnostics ?? true) && pluginRegistry.diagnostics.length > 0) { diff --git a/src/gateway/server.agent.gateway-server-agent.mocks.ts b/src/gateway/server.agent.gateway-server-agent.mocks.ts index acf507dbde2..f6b29fe041a 100644 --- a/src/gateway/server.agent.gateway-server-agent.mocks.ts +++ b/src/gateway/server.agent.gateway-server-agent.mocks.ts @@ -1,25 +1,9 @@ import { vi } from "vitest"; -import type { PluginRegistry } from "../plugins/registry.js"; +import { createEmptyPluginRegistry, type PluginRegistry } from "../plugins/registry.js"; import { setActivePluginRegistry } from "../plugins/runtime.js"; export const registryState: { registry: PluginRegistry } = { - registry: { - plugins: [], - tools: [], - hooks: [], - typedHooks: [], - channels: [], - channelSetups: [], - providers: [], - webSearchProviders: [], - gatewayHandlers: {}, - httpHandlers: [], - httpRoutes: [], - cliRegistrars: [], - services: [], - commands: [], - diagnostics: [], - } as PluginRegistry, + registry: createEmptyPluginRegistry(), }; export function setRegistry(registry: PluginRegistry) { diff --git a/src/gateway/server.auth.control-ui.suite.ts b/src/gateway/server.auth.control-ui.suite.ts index 44863f61f31..9452c26eb33 100644 --- a/src/gateway/server.auth.control-ui.suite.ts +++ b/src/gateway/server.auth.control-ui.suite.ts @@ -36,14 +36,12 @@ export function registerControlUiAndPairingSuite(): void { expectedOk: boolean; expectedErrorSubstring?: string; expectedErrorCode?: string; - expectStatusChecks: boolean; }> = [ { name: "allows trusted-proxy control ui operator without device identity", role: "operator", withUnpairedNodeDevice: false, expectedOk: true, - expectStatusChecks: true, }, { name: "rejects trusted-proxy control ui node role without device identity", @@ -52,7 +50,6 @@ export function registerControlUiAndPairingSuite(): void { expectedOk: false, expectedErrorSubstring: "control ui requires device identity", expectedErrorCode: ConnectErrorDetailCodes.CONTROL_UI_DEVICE_IDENTITY_REQUIRED, - expectStatusChecks: false, }, { name: "requires pairing for trusted-proxy control ui node role with unpaired device", @@ -61,7 +58,6 @@ export function registerControlUiAndPairingSuite(): void { expectedOk: false, expectedErrorSubstring: "pairing required", expectedErrorCode: ConnectErrorDetailCodes.PAIRING_REQUIRED, - expectStatusChecks: false, }, ]; @@ -96,6 +92,26 @@ export function registerControlUiAndPairingSuite(): void { expect(admin.ok).toBe(true); }; + const expectStatusMissingScopeButHealthOk = async (ws: WebSocket) => { + const status = await rpcReq(ws, "status"); + expect(status.ok).toBe(false); + expect(status.error?.message ?? "").toContain("missing scope"); + const health = await rpcReq(ws, "health"); + expect(health.ok).toBe(true); + }; + + const expectAdminRpcDenied = async (ws: WebSocket) => { + const admin = await rpcReq(ws, "set-heartbeats", { enabled: false }); + expect(admin.ok).toBe(false); + expect(admin.error?.message).toBe("missing scope: operator.admin"); + }; + + const expectTalkSecretsDenied = async (ws: WebSocket) => { + const talk = await rpcReq(ws, "talk.config", { includeSecrets: true }); + expect(talk.ok).toBe(false); + expect(talk.error?.message).toBe("missing scope: operator.read"); + }; + const connectControlUiWithoutDeviceAndExpectOk = async (params: { ws: WebSocket; token?: string; @@ -221,17 +237,34 @@ export function registerControlUiAndPairingSuite(): void { ws.close(); return; } - if (tc.expectStatusChecks) { - await expectStatusAndHealthOk(ws); - if (tc.role === "operator") { - await expectAdminRpcOk(ws); - } - } ws.close(); }); }); } + test("clears self-declared scopes for trusted-proxy control ui without device identity", async () => { + await configureTrustedProxyControlUiAuth(); + await withGatewayServer(async ({ port }) => { + const ws = await openWs(port, TRUSTED_PROXY_CONTROL_UI_HEADERS); + try { + const res = await connectReq(ws, { + skipDefaultAuth: true, + scopes: ["operator.admin"], + device: null, + client: { ...CONTROL_UI_CLIENT }, + }); + expect(res.ok).toBe(true); + expect((res.payload as { auth?: unknown } | undefined)?.auth).toBeUndefined(); + + await expectStatusMissingScopeButHealthOk(ws); + await expectAdminRpcDenied(ws); + await expectTalkSecretsDenied(ws); + } finally { + ws.close(); + } + }); + }); + test("allows localhost control ui without device identity when insecure auth is enabled", async () => { testState.gatewayControlUi = { allowInsecureAuth: true }; const { server, ws, prevToken } = await startServerWithClient("secret", { diff --git a/src/gateway/server/ws-connection/message-handler.ts b/src/gateway/server/ws-connection/message-handler.ts index f7eec2153ad..51e4a6fc0c4 100644 --- a/src/gateway/server/ws-connection/message-handler.ts +++ b/src/gateway/server/ws-connection/message-handler.ts @@ -532,9 +532,9 @@ export function attachGatewayWsMessageHandler(params: { isLocalClient, }); // Shared token/password auth can bypass pairing for trusted operators, but - // device-less backend clients must not self-declare scopes. Control UI - // keeps its explicitly allowed device-less scopes on the allow path. - if (!device && (!isControlUi || decision.kind !== "allow")) { + // device-less clients must not keep self-declared scopes unless the + // operator explicitly chose a local break-glass Control UI mode. + if (!device && (!isControlUi || decision.kind !== "allow" || trustedProxyAuthOk)) { clearUnboundScopes(); } if (decision.kind === "allow") { diff --git a/src/gateway/test-helpers.mocks.ts b/src/gateway/test-helpers.mocks.ts index 4bfb7ef4e4d..bfd2603bc0a 100644 --- a/src/gateway/test-helpers.mocks.ts +++ b/src/gateway/test-helpers.mocks.ts @@ -146,12 +146,16 @@ const createStubPluginRegistry = (): PluginRegistry => ({ ], channelSetups: [], providers: [], + speechProviders: [], + mediaUnderstandingProviders: [], + imageGenerationProviders: [], webSearchProviders: [], gatewayHandlers: {}, httpRoutes: [], cliRegistrars: [], services: [], commands: [], + conversationBindingResolvedHandlers: [], diagnostics: [], }); @@ -570,7 +574,7 @@ vi.mock("../commands/health.js", () => ({ vi.mock("../commands/status.js", () => ({ getStatusSummary: vi.fn().mockResolvedValue({ ok: true }), })); -vi.mock("../../extensions/whatsapp/src/send.js", () => ({ +vi.mock("../../extensions/whatsapp/runtime-api.js", () => ({ sendMessageWhatsApp: (...args: unknown[]) => (hoisted.sendWhatsAppMock as (...args: unknown[]) => unknown)(...args), sendPollWhatsApp: (...args: unknown[]) => diff --git a/src/gateway/tools-invoke-http.test.ts b/src/gateway/tools-invoke-http.test.ts index f47e80a9bf6..96ede78ef00 100644 --- a/src/gateway/tools-invoke-http.test.ts +++ b/src/gateway/tools-invoke-http.test.ts @@ -380,6 +380,14 @@ describe("POST /tools/invoke", () => { ); }); + it("opts direct gateway tool invocation into gateway subagent binding", async () => { + allowAgentsListForMain(); + const res = await invokeAgentsListAuthed({ sessionKey: "main" }); + + expect(res.status).toBe(200); + expect(lastCreateOpenClawToolsContext?.allowGatewaySubagentBinding).toBe(true); + }); + it("blocks tool execution when before_tool_call rejects the invoke", async () => { setMainAllowedTools({ allow: ["tools_invoke_test"] }); hookMocks.runBeforeToolCallHook.mockResolvedValueOnce({ diff --git a/src/gateway/tools-invoke-http.ts b/src/gateway/tools-invoke-http.ts index 0cccafce999..80b6dc37733 100644 --- a/src/gateway/tools-invoke-http.ts +++ b/src/gateway/tools-invoke-http.ts @@ -254,6 +254,7 @@ export async function handleToolsInvokeHttpRequest( agentAccountId: accountId, agentTo, agentThreadId, + allowGatewaySubagentBinding: true, // HTTP callers consume tool output directly; preserve raw media invoke payloads. allowMediaInvokeCommands: true, config: cfg, diff --git a/src/image-generation/live-test-helpers.test.ts b/src/image-generation/live-test-helpers.test.ts new file mode 100644 index 00000000000..3a7058569cf --- /dev/null +++ b/src/image-generation/live-test-helpers.test.ts @@ -0,0 +1,90 @@ +import { describe, expect, it } from "vitest"; +import type { OpenClawConfig } from "../config/config.js"; +import { + parseCaseFilter, + parseCsvFilter, + parseProviderModelMap, + redactLiveApiKey, + resolveConfiguredLiveImageModels, + resolveLiveImageAuthStore, +} from "./live-test-helpers.js"; + +describe("image-generation live-test helpers", () => { + it("parses provider filters and treats empty/all as unfiltered", () => { + expect(parseCsvFilter()).toBeNull(); + expect(parseCsvFilter("all")).toBeNull(); + expect(parseCsvFilter(" openai , google ")).toEqual(new Set(["openai", "google"])); + }); + + it("parses live case filters and treats empty/all as unfiltered", () => { + expect(parseCaseFilter()).toBeNull(); + expect(parseCaseFilter("all")).toBeNull(); + expect(parseCaseFilter(" google:flash , openai:default ")).toEqual( + new Set(["google:flash", "openai:default"]), + ); + }); + + it("parses provider model overrides by provider id", () => { + expect( + parseProviderModelMap("openai/gpt-image-1, google/gemini-3.1-flash-image-preview, invalid"), + ).toEqual( + new Map([ + ["openai", "openai/gpt-image-1"], + ["google", "google/gemini-3.1-flash-image-preview"], + ]), + ); + }); + + it("collects configured models from primary and fallbacks", () => { + const cfg = { + agents: { + defaults: { + imageGenerationModel: { + primary: "openai/gpt-image-1", + fallbacks: ["google/gemini-3.1-flash-image-preview", "invalid"], + }, + }, + }, + } as OpenClawConfig; + + expect(resolveConfiguredLiveImageModels(cfg)).toEqual( + new Map([ + ["openai", "openai/gpt-image-1"], + ["google", "google/gemini-3.1-flash-image-preview"], + ]), + ); + }); + + it("uses an empty auth store when live env keys should override stale profiles", () => { + expect( + resolveLiveImageAuthStore({ + requireProfileKeys: false, + hasLiveKeys: true, + }), + ).toEqual({ + version: 1, + profiles: {}, + }); + }); + + it("keeps profile-store mode when requested or when no live keys exist", () => { + expect( + resolveLiveImageAuthStore({ + requireProfileKeys: true, + hasLiveKeys: true, + }), + ).toBeUndefined(); + expect( + resolveLiveImageAuthStore({ + requireProfileKeys: false, + hasLiveKeys: false, + }), + ).toBeUndefined(); + }); + + it("redacts live API keys for diagnostics", () => { + expect(redactLiveApiKey(undefined)).toBe("none"); + expect(redactLiveApiKey("short-key")).toBe("short-key"); + expect(redactLiveApiKey("sk-proj-1234567890")).toBe("sk-proj-...7890"); + }); +}); diff --git a/src/image-generation/live-test-helpers.ts b/src/image-generation/live-test-helpers.ts new file mode 100644 index 00000000000..0063bab89fa --- /dev/null +++ b/src/image-generation/live-test-helpers.ts @@ -0,0 +1,96 @@ +import type { AuthProfileStore } from "../agents/auth-profiles.js"; +import type { OpenClawConfig } from "../config/config.js"; + +export const DEFAULT_LIVE_IMAGE_MODELS: Record = { + google: "google/gemini-3.1-flash-image-preview", + openai: "openai/gpt-image-1", +}; + +export function parseCaseFilter(raw?: string): Set | null { + const trimmed = raw?.trim(); + if (!trimmed || trimmed === "all") { + return null; + } + const values = trimmed + .split(",") + .map((entry) => entry.trim().toLowerCase()) + .filter(Boolean); + return values.length > 0 ? new Set(values) : null; +} + +export function redactLiveApiKey(value: string | undefined): string { + const trimmed = value?.trim(); + if (!trimmed) { + return "none"; + } + if (trimmed.length <= 12) { + return trimmed; + } + return `${trimmed.slice(0, 8)}...${trimmed.slice(-4)}`; +} + +export function parseCsvFilter(raw?: string): Set | null { + const trimmed = raw?.trim(); + if (!trimmed || trimmed === "all") { + return null; + } + const values = trimmed + .split(",") + .map((entry) => entry.trim()) + .filter(Boolean); + return values.length > 0 ? new Set(values) : null; +} + +export function parseProviderModelMap(raw?: string): Map { + const entries = new Map(); + for (const token of raw?.split(",") ?? []) { + const trimmed = token.trim(); + if (!trimmed) { + continue; + } + const slash = trimmed.indexOf("/"); + if (slash <= 0 || slash === trimmed.length - 1) { + continue; + } + entries.set(trimmed.slice(0, slash).trim().toLowerCase(), trimmed); + } + return entries; +} + +export function resolveConfiguredLiveImageModels(cfg: OpenClawConfig): Map { + const resolved = new Map(); + const configured = cfg.agents?.defaults?.imageGenerationModel; + const add = (value: string | undefined) => { + const trimmed = value?.trim(); + if (!trimmed) { + return; + } + const slash = trimmed.indexOf("/"); + if (slash <= 0 || slash === trimmed.length - 1) { + return; + } + resolved.set(trimmed.slice(0, slash).trim().toLowerCase(), trimmed); + }; + if (typeof configured === "string") { + add(configured); + return resolved; + } + add(configured?.primary); + for (const fallback of configured?.fallbacks ?? []) { + add(fallback); + } + return resolved; +} + +export function resolveLiveImageAuthStore(params: { + requireProfileKeys: boolean; + hasLiveKeys: boolean; +}): AuthProfileStore | undefined { + if (params.requireProfileKeys || !params.hasLiveKeys) { + return undefined; + } + return { + version: 1, + profiles: {}, + }; +} diff --git a/src/image-generation/provider-registry.ts b/src/image-generation/provider-registry.ts new file mode 100644 index 00000000000..500c7c9a34a --- /dev/null +++ b/src/image-generation/provider-registry.ts @@ -0,0 +1,71 @@ +import { normalizeProviderId } from "../agents/model-selection.js"; +import type { OpenClawConfig } from "../config/config.js"; +import { loadOpenClawPlugins } from "../plugins/loader.js"; +import { getActivePluginRegistry } from "../plugins/runtime.js"; +import type { ImageGenerationProviderPlugin } from "../plugins/types.js"; + +const BUILTIN_IMAGE_GENERATION_PROVIDERS: readonly ImageGenerationProviderPlugin[] = []; + +function normalizeImageGenerationProviderId(id: string | undefined): string | undefined { + const normalized = normalizeProviderId(id ?? ""); + return normalized || undefined; +} + +function resolvePluginImageGenerationProviders( + cfg?: OpenClawConfig, +): ImageGenerationProviderPlugin[] { + const active = getActivePluginRegistry(); + const registry = + (active?.imageGenerationProviders?.length ?? 0) > 0 || !cfg + ? active + : loadOpenClawPlugins({ config: cfg }); + return registry?.imageGenerationProviders?.map((entry) => entry.provider) ?? []; +} + +function buildProviderMaps(cfg?: OpenClawConfig): { + canonical: Map; + aliases: Map; +} { + const canonical = new Map(); + const aliases = new Map(); + const register = (provider: ImageGenerationProviderPlugin) => { + const id = normalizeImageGenerationProviderId(provider.id); + if (!id) { + return; + } + canonical.set(id, provider); + aliases.set(id, provider); + for (const alias of provider.aliases ?? []) { + const normalizedAlias = normalizeImageGenerationProviderId(alias); + if (normalizedAlias) { + aliases.set(normalizedAlias, provider); + } + } + }; + + for (const provider of BUILTIN_IMAGE_GENERATION_PROVIDERS) { + register(provider); + } + for (const provider of resolvePluginImageGenerationProviders(cfg)) { + register(provider); + } + + return { canonical, aliases }; +} + +export function listImageGenerationProviders( + cfg?: OpenClawConfig, +): ImageGenerationProviderPlugin[] { + return [...buildProviderMaps(cfg).canonical.values()]; +} + +export function getImageGenerationProvider( + providerId: string | undefined, + cfg?: OpenClawConfig, +): ImageGenerationProviderPlugin | undefined { + const normalized = normalizeImageGenerationProviderId(providerId); + if (!normalized) { + return undefined; + } + return buildProviderMaps(cfg).aliases.get(normalized); +} diff --git a/src/image-generation/providers/google.test.ts b/src/image-generation/providers/google.test.ts new file mode 100644 index 00000000000..224779f3429 --- /dev/null +++ b/src/image-generation/providers/google.test.ts @@ -0,0 +1,208 @@ +import { afterEach, describe, expect, it, vi } from "vitest"; +import * as modelAuth from "../../agents/model-auth.js"; +import { buildGoogleImageGenerationProvider } from "./google.js"; + +describe("Google image-generation provider", () => { + afterEach(() => { + vi.restoreAllMocks(); + }); + + it("generates image buffers from the Gemini generateContent API", async () => { + vi.spyOn(modelAuth, "resolveApiKeyForProvider").mockResolvedValue({ + apiKey: "google-test-key", + source: "env", + mode: "api-key", + }); + const fetchMock = vi.fn().mockResolvedValue({ + ok: true, + json: async () => ({ + candidates: [ + { + content: { + parts: [ + { text: "generated" }, + { + inlineData: { + mimeType: "image/png", + data: Buffer.from("png-data").toString("base64"), + }, + }, + ], + }, + }, + ], + }), + }); + vi.stubGlobal("fetch", fetchMock); + + const provider = buildGoogleImageGenerationProvider(); + const result = await provider.generateImage({ + provider: "google", + model: "gemini-3.1-flash-image-preview", + prompt: "draw a cat", + cfg: {}, + size: "1536x1024", + }); + + expect(fetchMock).toHaveBeenCalledWith( + "https://generativelanguage.googleapis.com/v1beta/models/gemini-3.1-flash-image-preview:generateContent", + expect.objectContaining({ + method: "POST", + body: JSON.stringify({ + contents: [ + { + role: "user", + parts: [{ text: "draw a cat" }], + }, + ], + generationConfig: { + responseModalities: ["TEXT", "IMAGE"], + imageConfig: { + aspectRatio: "3:2", + imageSize: "2K", + }, + }, + }), + }), + ); + expect(result).toEqual({ + images: [ + { + buffer: Buffer.from("png-data"), + mimeType: "image/png", + fileName: "image-1.png", + }, + ], + model: "gemini-3.1-flash-image-preview", + }); + }); + + it("accepts OAuth JSON auth and inline_data responses", async () => { + vi.spyOn(modelAuth, "resolveApiKeyForProvider").mockResolvedValue({ + apiKey: JSON.stringify({ token: "oauth-token" }), + source: "profile", + mode: "token", + }); + const fetchMock = vi.fn().mockResolvedValue({ + ok: true, + json: async () => ({ + candidates: [ + { + content: { + parts: [ + { + inline_data: { + mime_type: "image/jpeg", + data: Buffer.from("jpg-data").toString("base64"), + }, + }, + ], + }, + }, + ], + }), + }); + vi.stubGlobal("fetch", fetchMock); + + const provider = buildGoogleImageGenerationProvider(); + const result = await provider.generateImage({ + provider: "google", + model: "gemini-3.1-flash-image-preview", + prompt: "draw a dog", + cfg: {}, + }); + + expect(fetchMock).toHaveBeenCalledWith( + expect.any(String), + expect.objectContaining({ + headers: expect.any(Headers), + }), + ); + const [, init] = fetchMock.mock.calls[0]; + expect(new Headers(init.headers).get("authorization")).toBe("Bearer oauth-token"); + expect(result).toEqual({ + images: [ + { + buffer: Buffer.from("jpg-data"), + mimeType: "image/jpeg", + fileName: "image-1.jpg", + }, + ], + model: "gemini-3.1-flash-image-preview", + }); + }); + + it("sends reference images and explicit resolution for edit flows", async () => { + vi.spyOn(modelAuth, "resolveApiKeyForProvider").mockResolvedValue({ + apiKey: "google-test-key", + source: "env", + mode: "api-key", + }); + const fetchMock = vi.fn().mockResolvedValue({ + ok: true, + json: async () => ({ + candidates: [ + { + content: { + parts: [ + { + inlineData: { + mimeType: "image/png", + data: Buffer.from("png-data").toString("base64"), + }, + }, + ], + }, + }, + ], + }), + }); + vi.stubGlobal("fetch", fetchMock); + + const provider = buildGoogleImageGenerationProvider(); + await provider.generateImage({ + provider: "google", + model: "gemini-3-pro-image-preview", + prompt: "Change only the sky to a sunset.", + cfg: {}, + resolution: "4K", + inputImages: [ + { + buffer: Buffer.from("reference-bytes"), + mimeType: "image/png", + fileName: "reference.png", + }, + ], + }); + + expect(fetchMock).toHaveBeenCalledWith( + "https://generativelanguage.googleapis.com/v1beta/models/gemini-3-pro-image-preview:generateContent", + expect.objectContaining({ + method: "POST", + body: JSON.stringify({ + contents: [ + { + role: "user", + parts: [ + { + inlineData: { + mimeType: "image/png", + data: Buffer.from("reference-bytes").toString("base64"), + }, + }, + { text: "Change only the sky to a sunset." }, + ], + }, + ], + generationConfig: { + responseModalities: ["TEXT", "IMAGE"], + imageConfig: { + aspectRatio: "1:1", + imageSize: "4K", + }, + }, + }), + }), + ); + }); +}); diff --git a/src/image-generation/providers/google.ts b/src/image-generation/providers/google.ts new file mode 100644 index 00000000000..f7469b147fa --- /dev/null +++ b/src/image-generation/providers/google.ts @@ -0,0 +1,176 @@ +import { resolveApiKeyForProvider } from "../../agents/model-auth.js"; +import { normalizeGoogleModelId } from "../../agents/model-id-normalization.js"; +import { parseGeminiAuth } from "../../infra/gemini-auth.js"; +import { + assertOkOrThrowHttpError, + normalizeBaseUrl, + postJsonRequest, +} from "../../media-understanding/providers/shared.js"; +import type { ImageGenerationProviderPlugin } from "../../plugins/types.js"; + +const DEFAULT_GOOGLE_IMAGE_BASE_URL = "https://generativelanguage.googleapis.com/v1beta"; +const DEFAULT_GOOGLE_IMAGE_MODEL = "gemini-3.1-flash-image-preview"; +const DEFAULT_OUTPUT_MIME = "image/png"; +const DEFAULT_ASPECT_RATIO = "1:1"; + +type GoogleInlineDataPart = { + mimeType?: string; + mime_type?: string; + data?: string; +}; + +type GoogleGenerateImageResponse = { + candidates?: Array<{ + content?: { + parts?: Array<{ + text?: string; + inlineData?: GoogleInlineDataPart; + inline_data?: GoogleInlineDataPart; + }>; + }; + }>; +}; + +function resolveGoogleBaseUrl(cfg: Parameters[0]["cfg"]): string { + const direct = cfg?.models?.providers?.google?.baseUrl?.trim(); + return direct || DEFAULT_GOOGLE_IMAGE_BASE_URL; +} + +function normalizeGoogleImageModel(model: string | undefined): string { + const trimmed = model?.trim(); + return normalizeGoogleModelId(trimmed || DEFAULT_GOOGLE_IMAGE_MODEL); +} + +function mapSizeToImageConfig( + size: string | undefined, +): { aspectRatio?: string; imageSize?: "2K" | "4K" } | undefined { + const trimmed = size?.trim(); + if (!trimmed) { + return { aspectRatio: DEFAULT_ASPECT_RATIO }; + } + + const normalized = trimmed.toLowerCase(); + const mapping = new Map([ + ["1024x1024", "1:1"], + ["1024x1536", "2:3"], + ["1536x1024", "3:2"], + ["1024x1792", "9:16"], + ["1792x1024", "16:9"], + ]); + const aspectRatio = mapping.get(normalized); + + const [widthRaw, heightRaw] = normalized.split("x"); + const width = Number.parseInt(widthRaw ?? "", 10); + const height = Number.parseInt(heightRaw ?? "", 10); + const longestEdge = Math.max(width, height); + const imageSize = longestEdge >= 3072 ? "4K" : longestEdge >= 1536 ? "2K" : undefined; + + if (!aspectRatio && !imageSize) { + return undefined; + } + + return { + ...(aspectRatio ? { aspectRatio } : {}), + ...(imageSize ? { imageSize } : {}), + }; +} + +export function buildGoogleImageGenerationProvider(): ImageGenerationProviderPlugin { + return { + id: "google", + label: "Google", + defaultModel: DEFAULT_GOOGLE_IMAGE_MODEL, + models: [DEFAULT_GOOGLE_IMAGE_MODEL, "gemini-3-pro-image-preview"], + supportedResolutions: ["1K", "2K", "4K"], + supportsImageEditing: true, + async generateImage(req) { + const auth = await resolveApiKeyForProvider({ + provider: "google", + cfg: req.cfg, + agentDir: req.agentDir, + store: req.authStore, + }); + if (!auth.apiKey) { + throw new Error("Google API key missing"); + } + + const model = normalizeGoogleImageModel(req.model); + const baseUrl = normalizeBaseUrl( + resolveGoogleBaseUrl(req.cfg), + DEFAULT_GOOGLE_IMAGE_BASE_URL, + ); + const allowPrivate = Boolean(req.cfg?.models?.providers?.google?.baseUrl?.trim()); + const authHeaders = parseGeminiAuth(auth.apiKey); + const headers = new Headers(authHeaders.headers); + const imageConfig = mapSizeToImageConfig(req.size); + const inputParts = (req.inputImages ?? []).map((image) => ({ + inlineData: { + mimeType: image.mimeType, + data: image.buffer.toString("base64"), + }, + })); + const resolvedImageConfig = { + ...imageConfig, + ...(req.resolution ? { imageSize: req.resolution } : {}), + }; + + const { response: res, release } = await postJsonRequest({ + url: `${baseUrl}/models/${model}:generateContent`, + headers, + body: { + contents: [ + { + role: "user", + parts: [...inputParts, { text: req.prompt }], + }, + ], + generationConfig: { + responseModalities: ["TEXT", "IMAGE"], + ...(Object.keys(resolvedImageConfig).length > 0 + ? { imageConfig: resolvedImageConfig } + : {}), + }, + }, + timeoutMs: 60_000, + fetchFn: fetch, + allowPrivateNetwork: allowPrivate, + }); + + try { + await assertOkOrThrowHttpError(res, "Google image generation failed"); + + const payload = (await res.json()) as GoogleGenerateImageResponse; + let imageIndex = 0; + const images = (payload.candidates ?? []) + .flatMap((candidate) => candidate.content?.parts ?? []) + .map((part) => { + const inline = part.inlineData ?? part.inline_data; + const data = inline?.data?.trim(); + if (!data) { + return null; + } + const mimeType = inline?.mimeType ?? inline?.mime_type ?? DEFAULT_OUTPUT_MIME; + const extension = mimeType.includes("jpeg") ? "jpg" : (mimeType.split("/")[1] ?? "png"); + imageIndex += 1; + return { + buffer: Buffer.from(data, "base64"), + mimeType, + fileName: `image-${imageIndex}.${extension}`, + }; + }) + .filter((entry): entry is NonNullable => entry !== null); + + if (images.length === 0) { + throw new Error("Google image generation response missing image data"); + } + + return { + images, + model, + }; + } finally { + await release(); + } + }, + }; +} diff --git a/src/image-generation/providers/openai.test.ts b/src/image-generation/providers/openai.test.ts new file mode 100644 index 00000000000..a128d6c6e04 --- /dev/null +++ b/src/image-generation/providers/openai.test.ts @@ -0,0 +1,83 @@ +import { afterEach, describe, expect, it, vi } from "vitest"; +import * as modelAuth from "../../agents/model-auth.js"; +import { buildOpenAIImageGenerationProvider } from "./openai.js"; + +describe("OpenAI image-generation provider", () => { + afterEach(() => { + vi.restoreAllMocks(); + }); + + it("generates PNG buffers from the OpenAI Images API", async () => { + const resolveApiKeySpy = vi.spyOn(modelAuth, "resolveApiKeyForProvider").mockResolvedValue({ + apiKey: "sk-test", + source: "env", + mode: "api-key", + }); + const fetchMock = vi.fn().mockResolvedValue({ + ok: true, + json: async () => ({ + data: [ + { + b64_json: Buffer.from("png-data").toString("base64"), + revised_prompt: "revised", + }, + ], + }), + }); + vi.stubGlobal("fetch", fetchMock); + + const provider = buildOpenAIImageGenerationProvider(); + const authStore = { version: 1, profiles: {} }; + const result = await provider.generateImage({ + provider: "openai", + model: "gpt-image-1", + prompt: "draw a cat", + cfg: {}, + authStore, + }); + + expect(resolveApiKeySpy).toHaveBeenCalledWith( + expect.objectContaining({ + provider: "openai", + store: authStore, + }), + ); + expect(fetchMock).toHaveBeenCalledWith( + "https://api.openai.com/v1/images/generations", + expect.objectContaining({ + method: "POST", + body: JSON.stringify({ + model: "gpt-image-1", + prompt: "draw a cat", + n: 1, + size: "1024x1024", + }), + }), + ); + expect(result).toEqual({ + images: [ + { + buffer: Buffer.from("png-data"), + mimeType: "image/png", + fileName: "image-1.png", + revisedPrompt: "revised", + }, + ], + model: "gpt-image-1", + }); + }); + + it("rejects reference-image edits for now", async () => { + const provider = buildOpenAIImageGenerationProvider(); + + await expect( + provider.generateImage({ + provider: "openai", + model: "gpt-image-1", + prompt: "Edit this image", + cfg: {}, + inputImages: [{ buffer: Buffer.from("x"), mimeType: "image/png" }], + }), + ).rejects.toThrow("does not support reference-image edits"); + }); +}); diff --git a/src/image-generation/providers/openai.ts b/src/image-generation/providers/openai.ts new file mode 100644 index 00000000000..1a0afe1f67d --- /dev/null +++ b/src/image-generation/providers/openai.ts @@ -0,0 +1,84 @@ +import { resolveApiKeyForProvider } from "../../agents/model-auth.js"; +import type { ImageGenerationProviderPlugin } from "../../plugins/types.js"; + +const DEFAULT_OPENAI_IMAGE_BASE_URL = "https://api.openai.com/v1"; +const DEFAULT_OPENAI_IMAGE_MODEL = "gpt-image-1"; +const DEFAULT_OUTPUT_MIME = "image/png"; +const DEFAULT_SIZE = "1024x1024"; + +type OpenAIImageApiResponse = { + data?: Array<{ + b64_json?: string; + revised_prompt?: string; + }>; +}; + +function resolveOpenAIBaseUrl(cfg: Parameters[0]["cfg"]): string { + const direct = cfg?.models?.providers?.openai?.baseUrl?.trim(); + return direct || DEFAULT_OPENAI_IMAGE_BASE_URL; +} + +export function buildOpenAIImageGenerationProvider(): ImageGenerationProviderPlugin { + return { + id: "openai", + label: "OpenAI", + defaultModel: DEFAULT_OPENAI_IMAGE_MODEL, + models: [DEFAULT_OPENAI_IMAGE_MODEL], + supportedSizes: ["1024x1024", "1024x1536", "1536x1024"], + async generateImage(req) { + if ((req.inputImages?.length ?? 0) > 0) { + throw new Error("OpenAI image generation provider does not support reference-image edits"); + } + const auth = await resolveApiKeyForProvider({ + provider: "openai", + cfg: req.cfg, + agentDir: req.agentDir, + store: req.authStore, + }); + if (!auth.apiKey) { + throw new Error("OpenAI API key missing"); + } + + const response = await fetch(`${resolveOpenAIBaseUrl(req.cfg)}/images/generations`, { + method: "POST", + headers: { + Authorization: `Bearer ${auth.apiKey}`, + "Content-Type": "application/json", + }, + body: JSON.stringify({ + model: req.model || DEFAULT_OPENAI_IMAGE_MODEL, + prompt: req.prompt, + n: req.count ?? 1, + size: req.size ?? DEFAULT_SIZE, + }), + }); + + if (!response.ok) { + const text = await response.text().catch(() => ""); + throw new Error( + `OpenAI image generation failed (${response.status}): ${text || response.statusText}`, + ); + } + + const data = (await response.json()) as OpenAIImageApiResponse; + const images = (data.data ?? []) + .map((entry, index) => { + if (!entry.b64_json) { + return null; + } + return { + buffer: Buffer.from(entry.b64_json, "base64"), + mimeType: DEFAULT_OUTPUT_MIME, + fileName: `image-${index + 1}.png`, + ...(entry.revised_prompt ? { revisedPrompt: entry.revised_prompt } : {}), + }; + }) + .filter((entry): entry is NonNullable => entry !== null); + + return { + images, + model: req.model || DEFAULT_OPENAI_IMAGE_MODEL, + }; + }, + }; +} diff --git a/src/image-generation/runtime.live.test.ts b/src/image-generation/runtime.live.test.ts new file mode 100644 index 00000000000..f0132414a6c --- /dev/null +++ b/src/image-generation/runtime.live.test.ts @@ -0,0 +1,237 @@ +import { describe, expect, it } from "vitest"; +import { resolveOpenClawAgentDir } from "../agents/agent-paths.js"; +import { collectProviderApiKeys } from "../agents/live-auth-keys.js"; +import { resolveApiKeyForProvider } from "../agents/model-auth.js"; +import type { OpenClawConfig } from "../config/config.js"; +import { loadConfig } from "../config/config.js"; +import { isTruthyEnvValue } from "../infra/env.js"; +import { getShellEnvAppliedKeys, loadShellEnvFallback } from "../infra/shell-env.js"; +import { encodePngRgba, fillPixel } from "../media/png-encode.js"; +import { + imageGenerationProviderContractRegistry, + providerContractRegistry, +} from "../plugins/contracts/registry.js"; +import { + DEFAULT_LIVE_IMAGE_MODELS, + parseCaseFilter, + parseCsvFilter, + parseProviderModelMap, + redactLiveApiKey, + resolveConfiguredLiveImageModels, + resolveLiveImageAuthStore, +} from "./live-test-helpers.js"; +import { generateImage } from "./runtime.js"; + +const LIVE = isTruthyEnvValue(process.env.LIVE) || isTruthyEnvValue(process.env.OPENCLAW_LIVE_TEST); +const REQUIRE_PROFILE_KEYS = isTruthyEnvValue(process.env.OPENCLAW_LIVE_REQUIRE_PROFILE_KEYS); +const describeLive = LIVE ? describe : describe.skip; + +type LiveImageCase = { + id: string; + providerId: string; + modelRef: string; + prompt: string; + size?: string; + resolution?: "1K" | "2K" | "4K"; + inputImages?: Array<{ buffer: Buffer; mimeType: string; fileName?: string }>; +}; + +function createEditReferencePng(): Buffer { + const width = 192; + const height = 192; + const buf = Buffer.alloc(width * height * 4, 255); + + for (let y = 0; y < height; y += 1) { + for (let x = 0; x < width; x += 1) { + fillPixel(buf, x, y, width, 245, 248, 255, 255); + } + } + + for (let y = 24; y < 168; y += 1) { + for (let x = 24; x < 168; x += 1) { + fillPixel(buf, x, y, width, 255, 189, 89, 255); + } + } + + for (let y = 48; y < 144; y += 1) { + for (let x = 48; x < 144; x += 1) { + fillPixel(buf, x, y, width, 41, 47, 54, 255); + } + } + + return encodePngRgba(buf, width, height); +} + +function withPluginsEnabled(cfg: OpenClawConfig): OpenClawConfig { + return { + ...cfg, + plugins: { + ...cfg.plugins, + enabled: true, + }, + }; +} + +function resolveProviderEnvVars(providerId: string): string[] { + const entry = providerContractRegistry.find((candidate) => candidate.provider.id === providerId); + return entry?.provider.envVars ?? []; +} + +function maybeLoadShellEnvForImageProviders(providerIds: string[]): void { + const expectedKeys = [ + ...new Set(providerIds.flatMap((providerId) => resolveProviderEnvVars(providerId))), + ]; + if (expectedKeys.length === 0) { + return; + } + loadShellEnvFallback({ + enabled: true, + env: process.env, + expectedKeys, + logger: { warn: (message: string) => console.warn(message) }, + }); +} + +async function resolveLiveAuthForProvider( + provider: string, + cfg: ReturnType, + agentDir: string, +) { + const authStore = resolveLiveImageAuthStore({ + requireProfileKeys: REQUIRE_PROFILE_KEYS, + hasLiveKeys: collectProviderApiKeys(provider).length > 0, + }); + try { + const auth = await resolveApiKeyForProvider({ provider, cfg, agentDir, store: authStore }); + return { auth, authStore }; + } catch { + return null; + } +} + +describeLive("image generation live (provider sweep)", () => { + it("generates images for every configured image-generation variant with available auth", async () => { + const cfg = withPluginsEnabled(loadConfig()); + const agentDir = resolveOpenClawAgentDir(); + const providerFilter = parseCsvFilter(process.env.OPENCLAW_LIVE_IMAGE_GENERATION_PROVIDERS); + const caseFilter = parseCaseFilter(process.env.OPENCLAW_LIVE_IMAGE_GENERATION_CASES); + const envModelMap = parseProviderModelMap(process.env.OPENCLAW_LIVE_IMAGE_GENERATION_MODELS); + const configuredModels = resolveConfiguredLiveImageModels(cfg); + const availableProviders = imageGenerationProviderContractRegistry + .map((entry) => entry.provider.id) + .toSorted((left, right) => left.localeCompare(right)) + .filter((providerId) => (providerFilter ? providerFilter.has(providerId) : true)); + const liveCases: LiveImageCase[] = []; + + if (availableProviders.includes("google")) { + liveCases.push( + { + id: "google:flash-generate", + providerId: "google", + modelRef: + envModelMap.get("google") ?? + configuredModels.get("google") ?? + DEFAULT_LIVE_IMAGE_MODELS.google, + prompt: + "Create a minimal flat illustration of an orange cat face sticker on a white background.", + size: "1024x1024", + }, + { + id: "google:pro-generate", + providerId: "google", + modelRef: "google/gemini-3-pro-image-preview", + prompt: + "Create a minimal flat illustration of an orange cat face sticker on a white background.", + size: "1024x1024", + }, + { + id: "google:pro-edit", + providerId: "google", + modelRef: "google/gemini-3-pro-image-preview", + prompt: + "Change ONLY the background to a pale blue gradient. Keep the subject, framing, and style identical.", + resolution: "2K", + inputImages: [ + { + buffer: createEditReferencePng(), + mimeType: "image/png", + fileName: "reference.png", + }, + ], + }, + ); + } + if (availableProviders.includes("openai")) { + liveCases.push({ + id: "openai:default-generate", + providerId: "openai", + modelRef: + envModelMap.get("openai") ?? + configuredModels.get("openai") ?? + DEFAULT_LIVE_IMAGE_MODELS.openai, + prompt: + "Create a minimal flat illustration of an orange cat face sticker on a white background.", + size: "1024x1024", + }); + } + + const selectedCases = liveCases.filter((entry) => + caseFilter ? caseFilter.has(entry.id.toLowerCase()) : true, + ); + + maybeLoadShellEnvForImageProviders(availableProviders); + + const attempted: string[] = []; + const skipped: string[] = []; + const failures: string[] = []; + + for (const testCase of selectedCases) { + if (!testCase.modelRef) { + skipped.push(`${testCase.id}: no model configured`); + continue; + } + const resolvedAuth = await resolveLiveAuthForProvider(testCase.providerId, cfg, agentDir); + if (!resolvedAuth) { + skipped.push(`${testCase.id}: no auth`); + continue; + } + + try { + const result = await generateImage({ + cfg, + agentDir, + authStore: resolvedAuth.authStore, + modelOverride: testCase.modelRef, + prompt: testCase.prompt, + size: testCase.size, + resolution: testCase.resolution, + inputImages: testCase.inputImages, + }); + + attempted.push( + `${testCase.id}:${result.model} (${resolvedAuth.auth.source} ${redactLiveApiKey(resolvedAuth.auth.apiKey)})`, + ); + expect(result.provider).toBe(testCase.providerId); + expect(result.images.length).toBeGreaterThan(0); + expect(result.images[0]?.mimeType.startsWith("image/")).toBe(true); + expect(result.images[0]?.buffer.byteLength).toBeGreaterThan(512); + } catch (error) { + const message = error instanceof Error ? error.message : String(error); + failures.push( + `${testCase.id} (${resolvedAuth.auth.source} ${redactLiveApiKey(resolvedAuth.auth.apiKey)}): ${message}`, + ); + } + } + + console.log( + `[live:image-generation] attempted=${attempted.join(", ") || "none"} skipped=${skipped.join(", ") || "none"} failures=${failures.join(" | ") || "none"} shellEnv=${getShellEnvAppliedKeys().join(", ") || "none"}`, + ); + + if (attempted.length === 0) { + console.warn("[live:image-generation] no provider had usable auth; skipping assertions"); + return; + } + expect(failures).toEqual([]); + expect(attempted.length).toBeGreaterThan(0); + }, 180_000); +}); diff --git a/src/image-generation/runtime.test.ts b/src/image-generation/runtime.test.ts new file mode 100644 index 00000000000..b044c899c60 --- /dev/null +++ b/src/image-generation/runtime.test.ts @@ -0,0 +1,96 @@ +import { afterEach, describe, expect, it } from "vitest"; +import type { OpenClawConfig } from "../config/config.js"; +import { createEmptyPluginRegistry } from "../plugins/registry.js"; +import { setActivePluginRegistry } from "../plugins/runtime.js"; +import { generateImage, listRuntimeImageGenerationProviders } from "./runtime.js"; + +describe("image-generation runtime helpers", () => { + afterEach(() => { + setActivePluginRegistry(createEmptyPluginRegistry()); + }); + + it("generates images through the active image-generation registry", async () => { + const pluginRegistry = createEmptyPluginRegistry(); + const authStore = { version: 1, profiles: {} } as const; + let seenAuthStore: unknown; + pluginRegistry.imageGenerationProviders.push({ + pluginId: "image-plugin", + pluginName: "Image Plugin", + source: "test", + provider: { + id: "image-plugin", + async generateImage(req) { + seenAuthStore = req.authStore; + return { + images: [ + { + buffer: Buffer.from("png-bytes"), + mimeType: "image/png", + fileName: "sample.png", + }, + ], + model: "img-v1", + }; + }, + }, + }); + setActivePluginRegistry(pluginRegistry); + + const cfg = { + agents: { + defaults: { + imageGenerationModel: { + primary: "image-plugin/img-v1", + }, + }, + }, + } as OpenClawConfig; + + const result = await generateImage({ + cfg, + prompt: "draw a cat", + agentDir: "/tmp/agent", + authStore, + }); + + expect(result.provider).toBe("image-plugin"); + expect(result.model).toBe("img-v1"); + expect(result.attempts).toEqual([]); + expect(seenAuthStore).toEqual(authStore); + expect(result.images).toEqual([ + { + buffer: Buffer.from("png-bytes"), + mimeType: "image/png", + fileName: "sample.png", + }, + ]); + }); + + it("lists runtime image-generation providers from the active registry", () => { + const pluginRegistry = createEmptyPluginRegistry(); + pluginRegistry.imageGenerationProviders.push({ + pluginId: "image-plugin", + pluginName: "Image Plugin", + source: "test", + provider: { + id: "image-plugin", + defaultModel: "img-v1", + models: ["img-v1", "img-v2"], + supportedResolutions: ["1K", "2K"], + generateImage: async () => ({ + images: [{ buffer: Buffer.from("x"), mimeType: "image/png" }], + }), + }, + }); + setActivePluginRegistry(pluginRegistry); + + expect(listRuntimeImageGenerationProviders()).toMatchObject([ + { + id: "image-plugin", + defaultModel: "img-v1", + models: ["img-v1", "img-v2"], + supportedResolutions: ["1K", "2K"], + }, + ]); + }); +}); diff --git a/src/image-generation/runtime.ts b/src/image-generation/runtime.ts new file mode 100644 index 00000000000..f25048cd0b1 --- /dev/null +++ b/src/image-generation/runtime.ts @@ -0,0 +1,174 @@ +import type { AuthProfileStore } from "../agents/auth-profiles.js"; +import { describeFailoverError, isFailoverError } from "../agents/failover-error.js"; +import type { FallbackAttempt } from "../agents/model-fallback.types.js"; +import type { OpenClawConfig } from "../config/config.js"; +import { + resolveAgentModelFallbackValues, + resolveAgentModelPrimaryValue, +} from "../config/model-input.js"; +import { createSubsystemLogger } from "../logging/subsystem.js"; +import { getImageGenerationProvider, listImageGenerationProviders } from "./provider-registry.js"; +import type { + GeneratedImageAsset, + ImageGenerationResolution, + ImageGenerationResult, + ImageGenerationSourceImage, +} from "./types.js"; + +const log = createSubsystemLogger("image-generation"); + +export type GenerateImageParams = { + cfg: OpenClawConfig; + prompt: string; + agentDir?: string; + authStore?: AuthProfileStore; + modelOverride?: string; + count?: number; + size?: string; + resolution?: ImageGenerationResolution; + inputImages?: ImageGenerationSourceImage[]; +}; + +export type GenerateImageRuntimeResult = { + images: GeneratedImageAsset[]; + provider: string; + model: string; + attempts: FallbackAttempt[]; + metadata?: Record; +}; + +function parseModelRef(raw: string | undefined): { provider: string; model: string } | null { + const trimmed = raw?.trim(); + if (!trimmed) { + return null; + } + const slashIndex = trimmed.indexOf("/"); + if (slashIndex <= 0 || slashIndex === trimmed.length - 1) { + return null; + } + return { + provider: trimmed.slice(0, slashIndex).trim(), + model: trimmed.slice(slashIndex + 1).trim(), + }; +} + +function resolveImageGenerationCandidates(params: { + cfg: OpenClawConfig; + modelOverride?: string; +}): Array<{ provider: string; model: string }> { + const candidates: Array<{ provider: string; model: string }> = []; + const seen = new Set(); + const add = (raw: string | undefined) => { + const parsed = parseModelRef(raw); + if (!parsed) { + return; + } + const key = `${parsed.provider}/${parsed.model}`; + if (seen.has(key)) { + return; + } + seen.add(key); + candidates.push(parsed); + }; + + add(params.modelOverride); + add(resolveAgentModelPrimaryValue(params.cfg.agents?.defaults?.imageGenerationModel)); + for (const fallback of resolveAgentModelFallbackValues( + params.cfg.agents?.defaults?.imageGenerationModel, + )) { + add(fallback); + } + return candidates; +} + +function throwImageGenerationFailure(params: { + attempts: FallbackAttempt[]; + lastError: unknown; +}): never { + if (params.attempts.length <= 1 && params.lastError) { + throw params.lastError; + } + const summary = + params.attempts.length > 0 + ? params.attempts + .map((attempt) => `${attempt.provider}/${attempt.model}: ${attempt.error}`) + .join(" | ") + : "unknown"; + throw new Error(`All image generation models failed (${params.attempts.length}): ${summary}`, { + cause: params.lastError instanceof Error ? params.lastError : undefined, + }); +} + +export function listRuntimeImageGenerationProviders(params?: { config?: OpenClawConfig }) { + return listImageGenerationProviders(params?.config); +} + +export async function generateImage( + params: GenerateImageParams, +): Promise { + const candidates = resolveImageGenerationCandidates({ + cfg: params.cfg, + modelOverride: params.modelOverride, + }); + if (candidates.length === 0) { + throw new Error( + "No image-generation model configured. Set agents.defaults.imageGenerationModel.primary or agents.defaults.imageGenerationModel.fallbacks.", + ); + } + + const attempts: FallbackAttempt[] = []; + let lastError: unknown; + + for (const candidate of candidates) { + const provider = getImageGenerationProvider(candidate.provider, params.cfg); + if (!provider) { + const error = `No image-generation provider registered for ${candidate.provider}`; + attempts.push({ + provider: candidate.provider, + model: candidate.model, + error, + }); + lastError = new Error(error); + continue; + } + + try { + const result: ImageGenerationResult = await provider.generateImage({ + provider: candidate.provider, + model: candidate.model, + prompt: params.prompt, + cfg: params.cfg, + agentDir: params.agentDir, + authStore: params.authStore, + count: params.count, + size: params.size, + resolution: params.resolution, + inputImages: params.inputImages, + }); + if (!Array.isArray(result.images) || result.images.length === 0) { + throw new Error("Image generation provider returned no images."); + } + return { + images: result.images, + provider: candidate.provider, + model: result.model ?? candidate.model, + attempts, + metadata: result.metadata, + }; + } catch (err) { + lastError = err; + const described = isFailoverError(err) ? describeFailoverError(err) : undefined; + attempts.push({ + provider: candidate.provider, + model: candidate.model, + error: described?.message ?? (err instanceof Error ? err.message : String(err)), + reason: described?.reason, + status: described?.status, + code: described?.code, + }); + log.debug(`image-generation candidate failed: ${candidate.provider}/${candidate.model}`); + } + } + + throwImageGenerationFailure({ attempts, lastError }); +} diff --git a/src/image-generation/types.ts b/src/image-generation/types.ts new file mode 100644 index 00000000000..7ea530ac2b9 --- /dev/null +++ b/src/image-generation/types.ts @@ -0,0 +1,50 @@ +import type { AuthProfileStore } from "../agents/auth-profiles.js"; +import type { OpenClawConfig } from "../config/config.js"; + +export type GeneratedImageAsset = { + buffer: Buffer; + mimeType: string; + fileName?: string; + revisedPrompt?: string; + metadata?: Record; +}; + +export type ImageGenerationResolution = "1K" | "2K" | "4K"; + +export type ImageGenerationSourceImage = { + buffer: Buffer; + mimeType: string; + fileName?: string; + metadata?: Record; +}; + +export type ImageGenerationRequest = { + provider: string; + model: string; + prompt: string; + cfg: OpenClawConfig; + agentDir?: string; + authStore?: AuthProfileStore; + count?: number; + size?: string; + resolution?: ImageGenerationResolution; + inputImages?: ImageGenerationSourceImage[]; +}; + +export type ImageGenerationResult = { + images: GeneratedImageAsset[]; + model?: string; + metadata?: Record; +}; + +export type ImageGenerationProvider = { + id: string; + aliases?: string[]; + label?: string; + defaultModel?: string; + models?: string[]; + supportedSizes?: string[]; + supportedResolutions?: ImageGenerationResolution[]; + supportsImageEditing?: boolean; + generateImage: (req: ImageGenerationRequest) => Promise; +}; diff --git a/src/index.ts b/src/index.ts index 92cf6269cc4..80069007220 100644 --- a/src/index.ts +++ b/src/index.ts @@ -37,7 +37,7 @@ export async function runLegacyCliEntry(argv: string[] = process.argv): Promise< import("./cli/run-main.js"), ]); - installGaxiosFetchCompat(); + await installGaxiosFetchCompat(); await runCli(argv); } diff --git a/src/infra/boundary-file-read.test.ts b/src/infra/boundary-file-read.test.ts index 2dceb0cb06a..8829fec80b8 100644 --- a/src/infra/boundary-file-read.test.ts +++ b/src/infra/boundary-file-read.test.ts @@ -14,11 +14,15 @@ vi.mock("./safe-open-sync.js", () => ({ openVerifiedFileSync: (...args: unknown[]) => openVerifiedFileSyncMock(...args), })); -const { canUseBoundaryFileOpen, openBoundaryFile, openBoundaryFileSync } = - await import("./boundary-file-read.js"); +let canUseBoundaryFileOpen: typeof import("./boundary-file-read.js").canUseBoundaryFileOpen; +let openBoundaryFile: typeof import("./boundary-file-read.js").openBoundaryFile; +let openBoundaryFileSync: typeof import("./boundary-file-read.js").openBoundaryFileSync; describe("boundary-file-read", () => { - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); + ({ canUseBoundaryFileOpen, openBoundaryFile, openBoundaryFileSync } = + await import("./boundary-file-read.js")); resolveBoundaryPathSyncMock.mockReset(); resolveBoundaryPathMock.mockReset(); openVerifiedFileSyncMock.mockReset(); diff --git a/src/infra/channel-summary.test.ts b/src/infra/channel-summary.test.ts index c0fc17ba255..12cfa8bbbae 100644 --- a/src/infra/channel-summary.test.ts +++ b/src/infra/channel-summary.test.ts @@ -1,12 +1,18 @@ -import { describe, expect, it, vi } from "vitest"; +import { beforeEach, describe, expect, it, vi } from "vitest"; import type { ChannelPlugin } from "../channels/plugins/types.js"; vi.mock("../channels/plugins/index.js", () => ({ listChannelPlugins: vi.fn(), })); -const { buildChannelSummary } = await import("./channel-summary.js"); -const { listChannelPlugins } = await import("../channels/plugins/index.js"); +let buildChannelSummary: typeof import("./channel-summary.js").buildChannelSummary; +let listChannelPlugins: typeof import("../channels/plugins/index.js").listChannelPlugins; + +beforeEach(async () => { + vi.resetModules(); + ({ buildChannelSummary } = await import("./channel-summary.js")); + ({ listChannelPlugins } = await import("../channels/plugins/index.js")); +}); function makeSlackHttpSummaryPlugin(): ChannelPlugin { return { diff --git a/src/infra/device-pairing.ts b/src/infra/device-pairing.ts index e6cf9259a66..063834a17de 100644 --- a/src/infra/device-pairing.ts +++ b/src/infra/device-pairing.ts @@ -1,6 +1,6 @@ import { randomUUID } from "node:crypto"; import { normalizeDeviceAuthScopes } from "../shared/device-auth.js"; -import { roleScopesAllow } from "../shared/operator-scope-compat.js"; +import { resolveMissingRequestedScope, roleScopesAllow } from "../shared/operator-scope-compat.js"; import { createAsyncLock, pruneExpiredPending, @@ -256,25 +256,6 @@ function scopesWithinApprovedDeviceBaseline(params: { }); } -function resolveMissingRequestedScope(params: { - role: string; - requestedScopes: readonly string[]; - callerScopes: readonly string[]; -}): string | null { - for (const scope of params.requestedScopes) { - if ( - !roleScopesAllow({ - role: params.role, - requestedScopes: [scope], - allowedScopes: params.callerScopes, - }) - ) { - return scope; - } - } - return null; -} - export async function listDevicePairing(baseDir?: string): Promise { const state = await loadState(baseDir); const pending = Object.values(state.pendingById).toSorted((a, b) => b.ts - a.ts); @@ -377,7 +358,7 @@ export async function approveDevicePairing( const missingScope = resolveMissingRequestedScope({ role: pending.role, requestedScopes: normalizeDeviceAuthScopes(pending.scopes), - callerScopes: options.callerScopes, + allowedScopes: options.callerScopes, }); if (missingScope) { return { status: "forbidden", missingScope }; diff --git a/src/infra/env.test.ts b/src/infra/env.test.ts index 5ee0af072fb..7cfac44bb86 100644 --- a/src/infra/env.test.ts +++ b/src/infra/env.test.ts @@ -1,4 +1,4 @@ -import { describe, expect, it, vi } from "vitest"; +import { beforeEach, describe, expect, it, vi } from "vitest"; import { withEnv } from "../test-utils/env.js"; const loggerMocks = vi.hoisted(() => ({ @@ -11,7 +11,18 @@ vi.mock("../logging/subsystem.js", () => ({ }), })); -import { isTruthyEnvValue, logAcceptedEnvOption, normalizeEnv, normalizeZaiEnv } from "./env.js"; +type EnvModule = typeof import("./env.js"); + +let isTruthyEnvValue: EnvModule["isTruthyEnvValue"]; +let logAcceptedEnvOption: EnvModule["logAcceptedEnvOption"]; +let normalizeEnv: EnvModule["normalizeEnv"]; +let normalizeZaiEnv: EnvModule["normalizeZaiEnv"]; + +beforeEach(async () => { + vi.resetModules(); + ({ isTruthyEnvValue, logAcceptedEnvOption, normalizeEnv, normalizeZaiEnv } = + await import("./env.js")); +}); describe("normalizeZaiEnv", () => { it("copies Z_AI_API_KEY to ZAI_API_KEY when missing", () => { diff --git a/src/infra/exec-approval-surface.test.ts b/src/infra/exec-approval-surface.test.ts index c4b959c5042..3e59d968670 100644 --- a/src/infra/exec-approval-surface.test.ts +++ b/src/infra/exec-approval-surface.test.ts @@ -5,51 +5,14 @@ const getChannelPluginMock = vi.hoisted(() => vi.fn()); const listChannelPluginsMock = vi.hoisted(() => vi.fn()); const normalizeMessageChannelMock = vi.hoisted(() => vi.fn()); -vi.mock("../config/config.js", () => ({ - loadConfig: (...args: unknown[]) => loadConfigMock(...args), -})); +type ExecApprovalSurfaceModule = typeof import("./exec-approval-surface.js"); -vi.mock("../channels/plugins/index.js", () => ({ - getChannelPlugin: (...args: unknown[]) => getChannelPluginMock(...args), - listChannelPlugins: (...args: unknown[]) => listChannelPluginsMock(...args), -})); - -vi.mock("../../extensions/discord/src/channel.js", () => ({ - discordPlugin: {}, -})); - -vi.mock("../../extensions/telegram/src/channel.js", () => ({ - telegramPlugin: {}, -})); - -vi.mock("../../extensions/slack/src/channel.js", () => ({ - slackPlugin: {}, -})); - -vi.mock("../../extensions/whatsapp/src/channel.js", () => ({ - whatsappPlugin: {}, -})); - -vi.mock("../../extensions/signal/src/channel.js", () => ({ - signalPlugin: {}, -})); - -vi.mock("../../extensions/imessage/src/channel.js", () => ({ - imessagePlugin: {}, -})); - -vi.mock("../utils/message-channel.js", () => ({ - INTERNAL_MESSAGE_CHANNEL: "web", - normalizeMessageChannel: (...args: unknown[]) => normalizeMessageChannelMock(...args), -})); - -import { - hasConfiguredExecApprovalDmRoute, - resolveExecApprovalInitiatingSurfaceState, -} from "./exec-approval-surface.js"; +let hasConfiguredExecApprovalDmRoute: ExecApprovalSurfaceModule["hasConfiguredExecApprovalDmRoute"]; +let resolveExecApprovalInitiatingSurfaceState: ExecApprovalSurfaceModule["resolveExecApprovalInitiatingSurfaceState"]; describe("resolveExecApprovalInitiatingSurfaceState", () => { - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); loadConfigMock.mockReset(); getChannelPluginMock.mockReset(); listChannelPluginsMock.mockReset(); @@ -57,6 +20,37 @@ describe("resolveExecApprovalInitiatingSurfaceState", () => { normalizeMessageChannelMock.mockImplementation((value?: string | null) => typeof value === "string" ? value.trim().toLowerCase() : undefined, ); + vi.doMock("../config/config.js", () => ({ + loadConfig: (...args: unknown[]) => loadConfigMock(...args), + })); + vi.doMock("../channels/plugins/index.js", () => ({ + getChannelPlugin: (...args: unknown[]) => getChannelPluginMock(...args), + listChannelPlugins: (...args: unknown[]) => listChannelPluginsMock(...args), + })); + vi.doMock("../../extensions/discord/src/channel.js", () => ({ + discordPlugin: {}, + })); + vi.doMock("../../extensions/telegram/src/channel.js", () => ({ + telegramPlugin: {}, + })); + vi.doMock("../../extensions/slack/src/channel.js", () => ({ + slackPlugin: {}, + })); + vi.doMock("../../extensions/whatsapp/src/channel.js", () => ({ + whatsappPlugin: {}, + })); + vi.doMock("../../extensions/signal/src/channel.js", () => ({ + signalPlugin: {}, + })); + vi.doMock("../../extensions/imessage/src/channel.js", () => ({ + imessagePlugin: {}, + })); + vi.doMock("../utils/message-channel.js", () => ({ + INTERNAL_MESSAGE_CHANNEL: "web", + normalizeMessageChannel: (...args: unknown[]) => normalizeMessageChannelMock(...args), + })); + ({ hasConfiguredExecApprovalDmRoute, resolveExecApprovalInitiatingSurfaceState } = + await import("./exec-approval-surface.js")); }); it("treats web UI, terminal UI, and missing channels as enabled", () => { @@ -154,8 +148,46 @@ describe("resolveExecApprovalInitiatingSurfaceState", () => { }); describe("hasConfiguredExecApprovalDmRoute", () => { - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); + loadConfigMock.mockReset(); + getChannelPluginMock.mockReset(); listChannelPluginsMock.mockReset(); + normalizeMessageChannelMock.mockReset(); + normalizeMessageChannelMock.mockImplementation((value?: string | null) => + typeof value === "string" ? value.trim().toLowerCase() : undefined, + ); + vi.doMock("../config/config.js", () => ({ + loadConfig: (...args: unknown[]) => loadConfigMock(...args), + })); + vi.doMock("../channels/plugins/index.js", () => ({ + getChannelPlugin: (...args: unknown[]) => getChannelPluginMock(...args), + listChannelPlugins: (...args: unknown[]) => listChannelPluginsMock(...args), + })); + vi.doMock("../../extensions/discord/src/channel.js", () => ({ + discordPlugin: {}, + })); + vi.doMock("../../extensions/telegram/src/channel.js", () => ({ + telegramPlugin: {}, + })); + vi.doMock("../../extensions/slack/src/channel.js", () => ({ + slackPlugin: {}, + })); + vi.doMock("../../extensions/whatsapp/src/channel.js", () => ({ + whatsappPlugin: {}, + })); + vi.doMock("../../extensions/signal/src/channel.js", () => ({ + signalPlugin: {}, + })); + vi.doMock("../../extensions/imessage/src/channel.js", () => ({ + imessagePlugin: {}, + })); + vi.doMock("../utils/message-channel.js", () => ({ + INTERNAL_MESSAGE_CHANNEL: "web", + normalizeMessageChannel: (...args: unknown[]) => normalizeMessageChannelMock(...args), + })); + ({ hasConfiguredExecApprovalDmRoute, resolveExecApprovalInitiatingSurfaceState } = + await import("./exec-approval-surface.js")); }); it("returns true when any enabled account routes approvals to DM or both", () => { diff --git a/src/infra/exec-approvals-store.test.ts b/src/infra/exec-approvals-store.test.ts index 4dc6ab71c7e..365e40b1f1d 100644 --- a/src/infra/exec-approvals-store.test.ts +++ b/src/infra/exec-approvals-store.test.ts @@ -9,23 +9,36 @@ vi.mock("./jsonl-socket.js", () => ({ requestJsonlSocket: (...args: unknown[]) => requestJsonlSocketMock(...args), })); -import { - addAllowlistEntry, - ensureExecApprovals, - mergeExecApprovalsSocketDefaults, - normalizeExecApprovals, - readExecApprovalsSnapshot, - recordAllowlistUse, - requestExecApprovalViaSocket, - resolveExecApprovalsPath, - resolveExecApprovalsSocketPath, - type ExecApprovalsFile, -} from "./exec-approvals.js"; +import type { ExecApprovalsFile } from "./exec-approvals.js"; + +type ExecApprovalsModule = typeof import("./exec-approvals.js"); + +let addAllowlistEntry: ExecApprovalsModule["addAllowlistEntry"]; +let ensureExecApprovals: ExecApprovalsModule["ensureExecApprovals"]; +let mergeExecApprovalsSocketDefaults: ExecApprovalsModule["mergeExecApprovalsSocketDefaults"]; +let normalizeExecApprovals: ExecApprovalsModule["normalizeExecApprovals"]; +let readExecApprovalsSnapshot: ExecApprovalsModule["readExecApprovalsSnapshot"]; +let recordAllowlistUse: ExecApprovalsModule["recordAllowlistUse"]; +let requestExecApprovalViaSocket: ExecApprovalsModule["requestExecApprovalViaSocket"]; +let resolveExecApprovalsPath: ExecApprovalsModule["resolveExecApprovalsPath"]; +let resolveExecApprovalsSocketPath: ExecApprovalsModule["resolveExecApprovalsSocketPath"]; const tempDirs: string[] = []; const originalOpenClawHome = process.env.OPENCLAW_HOME; -beforeEach(() => { +beforeEach(async () => { + vi.resetModules(); + ({ + addAllowlistEntry, + ensureExecApprovals, + mergeExecApprovalsSocketDefaults, + normalizeExecApprovals, + readExecApprovalsSnapshot, + recordAllowlistUse, + requestExecApprovalViaSocket, + resolveExecApprovalsPath, + resolveExecApprovalsSocketPath, + } = await import("./exec-approvals.js")); requestJsonlSocketMock.mockReset(); }); diff --git a/src/infra/gaxios-fetch-compat.test.ts b/src/infra/gaxios-fetch-compat.test.ts index 4d7559f3eee..7d4c0dd402a 100644 --- a/src/infra/gaxios-fetch-compat.test.ts +++ b/src/infra/gaxios-fetch-compat.test.ts @@ -2,15 +2,27 @@ import { HttpsProxyAgent } from "https-proxy-agent"; import { ProxyAgent } from "undici"; import { afterEach, describe, expect, it, vi } from "vitest"; +const TEST_GAXIOS_CONSTRUCTOR_OVERRIDE = "__OPENCLAW_TEST_GAXIOS_CONSTRUCTOR__"; +type FetchLike = (input: RequestInfo | URL, init?: RequestInit) => Promise; + describe("gaxios fetch compat", () => { afterEach(() => { + Reflect.deleteProperty(globalThis as object, TEST_GAXIOS_CONSTRUCTOR_OVERRIDE); vi.resetModules(); vi.restoreAllMocks(); vi.unstubAllGlobals(); }); it("uses native fetch without defining window or importing node-fetch", async () => { - const fetchMock = vi.fn(async () => { + type MockRequestConfig = RequestInit & { + fetchImplementation?: FetchLike; + responseType?: string; + url: string; + }; + let MockGaxiosCtor!: new () => { + request(config: MockRequestConfig): Promise<{ data: string } & object>; + }; + const fetchMock = vi.fn(async () => { return new Response("ok", { headers: { "content-type": "text/plain" }, status: 200, @@ -18,16 +30,30 @@ describe("gaxios fetch compat", () => { }); vi.stubGlobal("fetch", fetchMock); - vi.doMock("node-fetch", () => { - throw new Error("node-fetch should not load"); - }); + class MockGaxios { + _defaultAdapter!: (config: MockRequestConfig) => Promise; + + async request(config: MockRequestConfig) { + const response = await this._defaultAdapter(config); + return { + ...(response as object), + data: await response.text(), + }; + } + } + MockGaxiosCtor = MockGaxios; + + MockGaxios.prototype._defaultAdapter = async (config: MockRequestConfig) => { + const fetchImplementation = config.fetchImplementation ?? fetch; + return await fetchImplementation(config.url, config); + }; + (globalThis as Record)[TEST_GAXIOS_CONSTRUCTOR_OVERRIDE] = MockGaxios; const { installGaxiosFetchCompat } = await import("./gaxios-fetch-compat.js"); - const { Gaxios } = await import("gaxios"); - installGaxiosFetchCompat(); + await installGaxiosFetchCompat(); - const res = await new Gaxios().request({ + const res = await new MockGaxiosCtor().request({ responseType: "text", url: "https://example.com", }); @@ -37,8 +63,27 @@ describe("gaxios fetch compat", () => { expect("window" in globalThis).toBe(false); }); + it("falls back to a legacy window fetch shim when gaxios is unavailable", async () => { + const originalWindowDescriptor = Object.getOwnPropertyDescriptor(globalThis, "window"); + vi.stubGlobal("fetch", vi.fn()); + Reflect.deleteProperty(globalThis as object, "window"); + (globalThis as Record)[TEST_GAXIOS_CONSTRUCTOR_OVERRIDE] = null; + const { installGaxiosFetchCompat } = await import("./gaxios-fetch-compat.js"); + + try { + await expect(installGaxiosFetchCompat()).resolves.toBeUndefined(); + expect((globalThis as { window?: { fetch?: FetchLike } }).window?.fetch).toBe(fetch); + await expect(installGaxiosFetchCompat()).resolves.toBeUndefined(); + } finally { + Reflect.deleteProperty(globalThis as object, "window"); + if (originalWindowDescriptor) { + Object.defineProperty(globalThis, "window", originalWindowDescriptor); + } + } + }); + it("translates proxy agents into undici dispatchers for native fetch", async () => { - const fetchMock = vi.fn(async () => { + const fetchMock = vi.fn(async () => { return new Response("ok", { headers: { "content-type": "text/plain" }, status: 200, diff --git a/src/infra/gaxios-fetch-compat.ts b/src/infra/gaxios-fetch-compat.ts index e4d3688d7e5..0d5c0684090 100644 --- a/src/infra/gaxios-fetch-compat.ts +++ b/src/infra/gaxios-fetch-compat.ts @@ -1,17 +1,19 @@ +import { createRequire } from "node:module"; import type { ConnectionOptions } from "node:tls"; -import { Gaxios } from "gaxios"; +import { pathToFileURL } from "node:url"; import type { Dispatcher } from "undici"; import { Agent as UndiciAgent, ProxyAgent } from "undici"; type ProxyRule = RegExp | URL | string; type TlsCert = ConnectionOptions["cert"]; type TlsKey = ConnectionOptions["key"]; +type FetchLike = (input: RequestInfo | URL, init?: RequestInit) => Promise; type GaxiosFetchRequestInit = RequestInit & { agent?: unknown; cert?: TlsCert; dispatcher?: Dispatcher; - fetchImplementation?: typeof fetch; + fetchImplementation?: FetchLike; key?: TlsKey; noProxy?: ProxyRule[]; proxy?: string | URL; @@ -27,10 +29,16 @@ type TlsAgentLike = { }; type GaxiosPrototype = { - _defaultAdapter: (this: Gaxios, config: GaxiosFetchRequestInit) => Promise; + _defaultAdapter: (this: unknown, config: GaxiosFetchRequestInit) => Promise; }; -let installState: "not-installed" | "installed" = "not-installed"; +type GaxiosConstructor = { + prototype: GaxiosPrototype; +}; + +const TEST_GAXIOS_CONSTRUCTOR_OVERRIDE = "__OPENCLAW_TEST_GAXIOS_CONSTRUCTOR__"; + +let installState: "not-installed" | "installing" | "shimmed" | "installed" = "not-installed"; function isRecord(value: unknown): value is Record { return typeof value === "object" && value !== null; @@ -161,7 +169,81 @@ function buildDispatcher(init: GaxiosFetchRequestInit, url: URL): Dispatcher | u return undefined; } -export function createGaxiosCompatFetch(baseFetch: typeof fetch = globalThis.fetch): typeof fetch { +function isModuleNotFoundError(err: unknown): err is NodeJS.ErrnoException { + return isRecord(err) && (err.code === "ERR_MODULE_NOT_FOUND" || err.code === "MODULE_NOT_FOUND"); +} + +function hasGaxiosConstructorShape(value: unknown): value is GaxiosConstructor { + return ( + typeof value === "function" && + "prototype" in value && + isRecord(value.prototype) && + typeof value.prototype._defaultAdapter === "function" + ); +} + +function getTestGaxiosConstructorOverride(): GaxiosConstructor | null | undefined { + const testGlobal = globalThis as Record; + if (!Object.prototype.hasOwnProperty.call(testGlobal, TEST_GAXIOS_CONSTRUCTOR_OVERRIDE)) { + return undefined; + } + const override = testGlobal[TEST_GAXIOS_CONSTRUCTOR_OVERRIDE]; + if (override === null) { + return null; + } + if (hasGaxiosConstructorShape(override)) { + return override; + } + throw new Error("invalid gaxios test constructor override"); +} + +function isDirectGaxiosImportMiss(err: unknown): boolean { + if (!isModuleNotFoundError(err)) { + return false; + } + return ( + typeof err.message === "string" && + (err.message.includes("Cannot find package 'gaxios'") || + err.message.includes("Cannot find module 'gaxios'")) + ); +} + +async function loadGaxiosConstructor(): Promise { + const testOverride = getTestGaxiosConstructorOverride(); + if (testOverride !== undefined) { + return testOverride; + } + + try { + const require = createRequire(import.meta.url); + const resolvedPath = require.resolve("gaxios"); + const mod = await import(pathToFileURL(resolvedPath).href); + const candidate = isRecord(mod) ? mod.Gaxios : undefined; + if (!hasGaxiosConstructorShape(candidate)) { + throw new Error("gaxios: missing Gaxios export"); + } + return candidate; + } catch (err) { + if (isDirectGaxiosImportMiss(err)) { + return null; + } + throw err; + } +} + +function installLegacyWindowFetchShim(): void { + if ( + typeof globalThis.fetch !== "function" || + typeof (globalThis as Record).window !== "undefined" + ) { + return; + } + (globalThis as Record).window = { fetch: globalThis.fetch }; +} + +export function createGaxiosCompatFetch( + baseFetch: FetchLike = globalThis.fetch.bind(globalThis), +): FetchLike { return async (input: RequestInfo | URL, init?: RequestInit): Promise => { const gaxiosInit = (init ?? {}) as GaxiosFetchRequestInit; const requestUrl = @@ -186,27 +268,41 @@ export function createGaxiosCompatFetch(baseFetch: typeof fetch = globalThis.fet }; } -export function installGaxiosFetchCompat(): void { - if (installState === "installed" || typeof globalThis.fetch !== "function") { +export async function installGaxiosFetchCompat(): Promise { + if (installState !== "not-installed" || typeof globalThis.fetch !== "function") { return; } - const prototype = Gaxios.prototype as unknown as GaxiosPrototype; - const originalDefaultAdapter = prototype._defaultAdapter; - const compatFetch = createGaxiosCompatFetch(); + installState = "installing"; - prototype._defaultAdapter = function patchedDefaultAdapter( - this: Gaxios, - config: GaxiosFetchRequestInit, - ): Promise { - if (config.fetchImplementation) { - return originalDefaultAdapter.call(this, config); + try { + const Gaxios = await loadGaxiosConstructor(); + if (!Gaxios) { + installLegacyWindowFetchShim(); + installState = "shimmed"; + return; } - return originalDefaultAdapter.call(this, { - ...config, - fetchImplementation: compatFetch, - }); - }; - installState = "installed"; + const prototype = Gaxios.prototype; + const originalDefaultAdapter = prototype._defaultAdapter; + const compatFetch = createGaxiosCompatFetch(); + + prototype._defaultAdapter = function patchedDefaultAdapter( + this: unknown, + config: GaxiosFetchRequestInit, + ): Promise { + if (config.fetchImplementation) { + return originalDefaultAdapter.call(this, config); + } + return originalDefaultAdapter.call(this, { + ...config, + fetchImplementation: compatFetch, + }); + }; + + installState = "installed"; + } catch (err) { + installState = "not-installed"; + throw err; + } } diff --git a/src/infra/git-commit.test.ts b/src/infra/git-commit.test.ts index cffd27162b0..03af9a053ac 100644 --- a/src/infra/git-commit.test.ts +++ b/src/infra/git-commit.test.ts @@ -40,13 +40,15 @@ async function makeFakeGitRepo( describe("git commit resolution", () => { const repoRoot = path.resolve(path.dirname(fileURLToPath(import.meta.url)), "../.."); + let resolveCommitHash: (typeof import("./git-commit.js"))["resolveCommitHash"]; + let __testing: (typeof import("./git-commit.js"))["__testing"]; beforeEach(async () => { vi.restoreAllMocks(); vi.doUnmock("node:fs"); vi.doUnmock("node:module"); vi.resetModules(); - const { __testing } = await import("./git-commit.js"); + ({ resolveCommitHash, __testing } = await import("./git-commit.js")); __testing.clearCachedGitCommits(); }); @@ -54,9 +56,8 @@ describe("git commit resolution", () => { vi.restoreAllMocks(); vi.doUnmock("node:fs"); vi.doUnmock("node:module"); - vi.resetModules(); - const { __testing } = await import("./git-commit.js"); __testing.clearCachedGitCommits(); + vi.resetModules(); }); it("resolves commit metadata from the caller module root instead of the caller cwd", async () => { @@ -85,7 +86,6 @@ describe("git commit resolution", () => { .trim() .slice(0, 7); - const { resolveCommitHash } = await import("./git-commit.js"); const entryModuleUrl = pathToFileURL(path.join(repoRoot, "src", "entry.ts")).href; vi.spyOn(process, "cwd").mockReturnValue(otherRepo); @@ -101,7 +101,6 @@ describe("git commit resolution", () => { .trim() .slice(0, 7); - const { resolveCommitHash } = await import("./git-commit.js"); const entryModuleUrl = pathToFileURL(path.join(repoRoot, "src", "entry.ts")).href; expect( @@ -117,7 +116,6 @@ describe("git commit resolution", () => { it("caches build-info fallback results per resolved search directory", async () => { const temp = await makeTempDir("git-commit-build-info-cache"); - const { resolveCommitHash } = await import("./git-commit.js"); const readBuildInfoCommit = vi.fn(() => "deadbee"); expect(resolveCommitHash({ cwd: temp, env: {}, readers: { readBuildInfoCommit } })).toBe( @@ -133,7 +131,6 @@ describe("git commit resolution", () => { it("caches package.json fallback results per resolved search directory", async () => { const temp = await makeTempDir("git-commit-package-json-cache"); - const { resolveCommitHash } = await import("./git-commit.js"); const readPackageJsonCommit = vi.fn(() => "badc0ff"); expect( @@ -169,8 +166,6 @@ describe("git commit resolution", () => { .trim() .slice(0, 7); - const { resolveCommitHash } = await import("./git-commit.js"); - expect(() => resolveCommitHash({ moduleUrl: "not-a-file-url", cwd: repoRoot, env: {} }), ).not.toThrow(); @@ -201,8 +196,6 @@ describe("git commit resolution", () => { ); const moduleUrl = pathToFileURL(path.join(packageRoot, "dist", "entry.js")).href; - const { resolveCommitHash } = await import("./git-commit.js"); - expect( resolveCommitHash({ moduleUrl, @@ -227,8 +220,6 @@ describe("git commit resolution", () => { head: "89abcdef0123456789abcdef0123456789abcdef\n", }); - const { resolveCommitHash } = await import("./git-commit.js"); - expect(resolveCommitHash({ cwd: repoA, env: {} })).toBe("0123456"); expect(resolveCommitHash({ cwd: repoB, env: {} })).toBe("89abcde"); expect(resolveCommitHash({ cwd: repoA, env: {} })).toBe("0123456"); @@ -241,7 +232,6 @@ describe("git commit resolution", () => { head: "not-a-commit\n", }); - const { resolveCommitHash } = await import("./git-commit.js"); const readGitCommit = vi.fn(() => null); expect(resolveCommitHash({ cwd: repoRoot, env: {}, readers: { readGitCommit } })).toBeNull(); @@ -257,7 +247,6 @@ describe("git commit resolution", () => { await makeFakeGitRepo(repoRoot, { head: "0123456789abcdef0123456789abcdef01234567\n", }); - const { resolveCommitHash } = await import("./git-commit.js"); const readGitCommit = vi.fn(() => { const error = Object.assign(new Error(`EACCES: permission denied`), { code: "EACCES", @@ -294,8 +283,6 @@ describe("git commit resolution", () => { it("formats env-provided commit strings consistently", async () => { const temp = await makeTempDir("git-commit-env"); - const { resolveCommitHash } = await import("./git-commit.js"); - expect(resolveCommitHash({ cwd: temp, env: { GIT_COMMIT: "ABCDEF0123456789" } })).toBe( "abcdef0", ); @@ -308,8 +295,6 @@ describe("git commit resolution", () => { it("rejects unsafe HEAD refs and accepts valid refs", async () => { const temp = await makeTempDir("git-commit-refs"); - const { resolveCommitHash } = await import("./git-commit.js"); - const absoluteRepo = path.join(temp, "absolute"); await makeFakeGitRepo(absoluteRepo, { head: "ref: /tmp/evil\n" }); expect(resolveCommitHash({ cwd: absoluteRepo, env: {} })).toBeNull(); @@ -347,8 +332,6 @@ describe("git commit resolution", () => { commondir: "../common-git", }); - const { resolveCommitHash } = await import("./git-commit.js"); - expect(resolveCommitHash({ cwd: repoRoot, env: {} })).toBe("bbbbbbb"); }); @@ -363,8 +346,6 @@ describe("git commit resolution", () => { }, }); - const { resolveCommitHash } = await import("./git-commit.js"); - expect(resolveCommitHash({ cwd: repoRoot, env: {} })).toBe("ccccccc"); }); }); diff --git a/src/infra/heartbeat-runner.model-override.test.ts b/src/infra/heartbeat-runner.model-override.test.ts index f33e5e9fbd0..92c89e0b026 100644 --- a/src/infra/heartbeat-runner.model-override.test.ts +++ b/src/infra/heartbeat-runner.model-override.test.ts @@ -61,6 +61,34 @@ afterEach(() => { }); describe("runHeartbeatOnce – heartbeat model override", () => { + async function runHeartbeatWithSeed(params: { + seedSession: (sessionKey: string, input: SeedSessionInput) => Promise; + cfg: OpenClawConfig; + sessionKey: string; + agentId?: string; + }) { + await params.seedSession(params.sessionKey, { lastChannel: "whatsapp", lastTo: "+1555" }); + + const replySpy = vi.spyOn(replyModule, "getReplyFromConfig"); + replySpy.mockResolvedValue({ text: "HEARTBEAT_OK" }); + + await runHeartbeatOnce({ + cfg: params.cfg, + agentId: params.agentId, + deps: { + getQueueSize: () => 0, + nowMs: () => 0, + }, + }); + + expect(replySpy).toHaveBeenCalledTimes(1); + return { + ctx: replySpy.mock.calls[0]?.[0], + opts: replySpy.mock.calls[0]?.[1], + replySpy, + }; + } + async function runDefaultsHeartbeat(params: { model?: string; suppressToolErrorWarnings?: boolean; @@ -86,21 +114,12 @@ describe("runHeartbeatOnce – heartbeat model override", () => { session: { store: storePath }, }; const sessionKey = resolveMainSessionKey(cfg); - await seedSession(sessionKey, { lastChannel: "whatsapp", lastTo: "+1555" }); - - const replySpy = vi.spyOn(replyModule, "getReplyFromConfig"); - replySpy.mockResolvedValue({ text: "HEARTBEAT_OK" }); - - await runHeartbeatOnce({ + const result = await runHeartbeatWithSeed({ + seedSession, cfg, - deps: { - getQueueSize: () => 0, - nowMs: () => 0, - }, + sessionKey, }); - - expect(replySpy).toHaveBeenCalledTimes(1); - return replySpy.mock.calls[0]?.[1]; + return result.opts; }); } @@ -152,20 +171,14 @@ describe("runHeartbeatOnce – heartbeat model override", () => { session: { store: storePath }, }; const sessionKey = resolveMainSessionKey(cfg); - await seedSession(sessionKey, { lastChannel: "whatsapp", lastTo: "+1555" }); - - const replySpy = vi.spyOn(replyModule, "getReplyFromConfig"); - replySpy.mockResolvedValue({ text: "HEARTBEAT_OK" }); - - await runHeartbeatOnce({ + const result = await runHeartbeatWithSeed({ + seedSession, cfg, - deps: { getQueueSize: () => 0, nowMs: () => 0 }, + sessionKey, }); - expect(replySpy).toHaveBeenCalledTimes(1); - const ctx = replySpy.mock.calls[0]?.[0]; // Isolated heartbeat runs use a dedicated session key with :heartbeat suffix - expect(ctx.SessionKey).toBe(`${sessionKey}:heartbeat`); + expect(result.ctx?.SessionKey).toBe(`${sessionKey}:heartbeat`); }); }); @@ -185,19 +198,13 @@ describe("runHeartbeatOnce – heartbeat model override", () => { session: { store: storePath }, }; const sessionKey = resolveMainSessionKey(cfg); - await seedSession(sessionKey, { lastChannel: "whatsapp", lastTo: "+1555" }); - - const replySpy = vi.spyOn(replyModule, "getReplyFromConfig"); - replySpy.mockResolvedValue({ text: "HEARTBEAT_OK" }); - - await runHeartbeatOnce({ + const result = await runHeartbeatWithSeed({ + seedSession, cfg, - deps: { getQueueSize: () => 0, nowMs: () => 0 }, + sessionKey, }); - expect(replySpy).toHaveBeenCalledTimes(1); - const ctx = replySpy.mock.calls[0]?.[0]; - expect(ctx.SessionKey).toBe(sessionKey); + expect(result.ctx?.SessionKey).toBe(sessionKey); }); }); @@ -228,21 +235,14 @@ describe("runHeartbeatOnce – heartbeat model override", () => { session: { store: storePath }, }; const sessionKey = resolveAgentMainSessionKey({ cfg, agentId: "ops" }); - await seedSession(sessionKey, { lastChannel: "whatsapp", lastTo: "+1555" }); - - const replySpy = vi.spyOn(replyModule, "getReplyFromConfig"); - replySpy.mockResolvedValue({ text: "HEARTBEAT_OK" }); - - await runHeartbeatOnce({ + const result = await runHeartbeatWithSeed({ + seedSession, cfg, agentId: "ops", - deps: { - getQueueSize: () => 0, - nowMs: () => 0, - }, + sessionKey, }); - expect(replySpy).toHaveBeenCalledWith( + expect(result.replySpy).toHaveBeenCalledWith( expect.any(Object), expect.objectContaining({ isHeartbeat: true, diff --git a/src/infra/heartbeat-runner.test-harness.ts b/src/infra/heartbeat-runner.test-harness.ts index f884aabfe87..1099fdf50ab 100644 --- a/src/infra/heartbeat-runner.test-harness.ts +++ b/src/infra/heartbeat-runner.test-harness.ts @@ -1,10 +1,7 @@ import { beforeEach } from "vitest"; -import { slackPlugin } from "../../extensions/slack/src/channel.js"; -import { setSlackRuntime } from "../../extensions/slack/src/runtime.js"; -import { telegramPlugin } from "../../extensions/telegram/src/channel.js"; -import { setTelegramRuntime } from "../../extensions/telegram/src/runtime.js"; -import { whatsappPlugin } from "../../extensions/whatsapp/src/channel.js"; -import { setWhatsAppRuntime } from "../../extensions/whatsapp/src/runtime.js"; +import { slackPlugin, setSlackRuntime } from "../../extensions/slack/index.js"; +import { telegramPlugin, setTelegramRuntime } from "../../extensions/telegram/index.js"; +import { whatsappPlugin, setWhatsAppRuntime } from "../../extensions/whatsapp/index.js"; import type { ChannelPlugin } from "../channels/plugins/types.plugin.js"; import { setActivePluginRegistry } from "../plugins/runtime.js"; import { createPluginRuntime } from "../plugins/runtime/index.js"; diff --git a/src/infra/heartbeat-runner.test-utils.ts b/src/infra/heartbeat-runner.test-utils.ts index a5d72b4adad..3ced54d8333 100644 --- a/src/infra/heartbeat-runner.test-utils.ts +++ b/src/infra/heartbeat-runner.test-utils.ts @@ -2,8 +2,7 @@ import fs from "node:fs/promises"; import os from "node:os"; import path from "node:path"; import { vi } from "vitest"; -import { telegramPlugin } from "../../extensions/telegram/src/channel.js"; -import { setTelegramRuntime } from "../../extensions/telegram/src/runtime.js"; +import { telegramPlugin, setTelegramRuntime } from "../../extensions/telegram/index.js"; import * as replyModule from "../auto-reply/reply.js"; import type { OpenClawConfig } from "../config/config.js"; import { resolveMainSessionKey } from "../config/sessions.js"; diff --git a/src/infra/host-env-security-policy.json b/src/infra/host-env-security-policy.json index 9e3ad27581e..bf99f458e58 100644 --- a/src/infra/host-env-security-policy.json +++ b/src/infra/host-env-security-policy.json @@ -17,7 +17,12 @@ "PS4", "GCONV_PATH", "IFS", - "SSLKEYLOGFILE" + "SSLKEYLOGFILE", + "JAVA_TOOL_OPTIONS", + "_JAVA_OPTIONS", + "JDK_JAVA_OPTIONS", + "PYTHONBREAKPOINT", + "DOTNET_STARTUP_HOOKS" ], "blockedOverrideKeys": [ "HOME", diff --git a/src/infra/host-env-security.test.ts b/src/infra/host-env-security.test.ts index acb756b62a2..fe194eabc28 100644 --- a/src/infra/host-env-security.test.ts +++ b/src/infra/host-env-security.test.ts @@ -48,6 +48,16 @@ describe("isDangerousHostEnvVarName", () => { expect(isDangerousHostEnvVarName("DYLD_INSERT_LIBRARIES")).toBe(true); expect(isDangerousHostEnvVarName("ld_preload")).toBe(true); expect(isDangerousHostEnvVarName("BASH_FUNC_echo%%")).toBe(true); + expect(isDangerousHostEnvVarName("JAVA_TOOL_OPTIONS")).toBe(true); + expect(isDangerousHostEnvVarName("java_tool_options")).toBe(true); + expect(isDangerousHostEnvVarName("_JAVA_OPTIONS")).toBe(true); + expect(isDangerousHostEnvVarName("_java_options")).toBe(true); + expect(isDangerousHostEnvVarName("JDK_JAVA_OPTIONS")).toBe(true); + expect(isDangerousHostEnvVarName("jdk_java_options")).toBe(true); + expect(isDangerousHostEnvVarName("PYTHONBREAKPOINT")).toBe(true); + expect(isDangerousHostEnvVarName("pythonbreakpoint")).toBe(true); + expect(isDangerousHostEnvVarName("DOTNET_STARTUP_HOOKS")).toBe(true); + expect(isDangerousHostEnvVarName("dotnet_startup_hooks")).toBe(true); expect(isDangerousHostEnvVarName("PATH")).toBe(false); expect(isDangerousHostEnvVarName("FOO")).toBe(false); }); diff --git a/src/infra/net/fetch-guard.ts b/src/infra/net/fetch-guard.ts index ed082e92fb9..8aec91a62ef 100644 --- a/src/infra/net/fetch-guard.ts +++ b/src/infra/net/fetch-guard.ts @@ -198,7 +198,7 @@ export async function fetchWithSsrFGuard(params: GuardedFetchOptions): Promise ({ fetch: undiciFetch, })); -import { - getProxyUrlFromFetch, - makeProxyFetch, - PROXY_FETCH_PROXY_URL, - resolveProxyFetchFromEnv, -} from "./proxy-fetch.js"; +let getProxyUrlFromFetch: typeof import("./proxy-fetch.js").getProxyUrlFromFetch; +let makeProxyFetch: typeof import("./proxy-fetch.js").makeProxyFetch; +let PROXY_FETCH_PROXY_URL: typeof import("./proxy-fetch.js").PROXY_FETCH_PROXY_URL; +let resolveProxyFetchFromEnv: typeof import("./proxy-fetch.js").resolveProxyFetchFromEnv; function clearProxyEnv(): void { for (const key of PROXY_ENV_KEYS) { @@ -75,7 +73,12 @@ function restoreProxyEnv(): void { } describe("makeProxyFetch", () => { - beforeEach(() => vi.clearAllMocks()); + beforeEach(async () => { + vi.resetModules(); + vi.clearAllMocks(); + ({ getProxyUrlFromFetch, makeProxyFetch, PROXY_FETCH_PROXY_URL, resolveProxyFetchFromEnv } = + await import("./proxy-fetch.js")); + }); it("uses undici fetch with ProxyAgent dispatcher", async () => { const proxyUrl = "http://proxy.test:8080"; diff --git a/src/infra/net/ssrf.dispatcher.test.ts b/src/infra/net/ssrf.dispatcher.test.ts index 07b80b40465..af6fc8ae5e8 100644 --- a/src/infra/net/ssrf.dispatcher.test.ts +++ b/src/infra/net/ssrf.dispatcher.test.ts @@ -1,4 +1,4 @@ -import { describe, expect, it, vi } from "vitest"; +import { beforeEach, describe, expect, it, vi } from "vitest"; const { agentCtor, envHttpProxyAgentCtor, proxyAgentCtor } = vi.hoisted(() => ({ agentCtor: vi.fn(function MockAgent(this: { options: unknown }, options: unknown) { @@ -21,7 +21,14 @@ vi.mock("undici", () => ({ ProxyAgent: proxyAgentCtor, })); -import { createPinnedDispatcher, type PinnedHostname } from "./ssrf.js"; +import type { PinnedHostname } from "./ssrf.js"; + +let createPinnedDispatcher: typeof import("./ssrf.js").createPinnedDispatcher; + +beforeEach(async () => { + vi.resetModules(); + ({ createPinnedDispatcher } = await import("./ssrf.js")); +}); describe("createPinnedDispatcher", () => { it("uses pinned lookup without overriding global family policy", () => { @@ -73,6 +80,58 @@ describe("createPinnedDispatcher", () => { }); }); + it("replaces the pinned lookup when a dispatcher override hostname is provided", () => { + const originalLookup = vi.fn() as unknown as PinnedHostname["lookup"]; + const pinned: PinnedHostname = { + hostname: "api.telegram.org", + addresses: ["149.154.167.221"], + lookup: originalLookup, + }; + + createPinnedDispatcher(pinned, { + mode: "direct", + pinnedHostname: { + hostname: "api.telegram.org", + addresses: ["149.154.167.220"], + }, + }); + + const firstCallArg = agentCtor.mock.calls.at(-1)?.[0] as + | { connect?: { lookup?: PinnedHostname["lookup"] } } + | undefined; + expect(firstCallArg?.connect?.lookup).toBeTypeOf("function"); + + const lookup = firstCallArg?.connect?.lookup; + const callback = vi.fn(); + lookup?.("api.telegram.org", callback); + + expect(callback).toHaveBeenCalledWith(null, "149.154.167.220", 4); + expect(originalLookup).not.toHaveBeenCalled(); + }); + + it("rejects pinned override addresses that violate SSRF policy", () => { + const originalLookup = vi.fn() as unknown as PinnedHostname["lookup"]; + const pinned: PinnedHostname = { + hostname: "api.telegram.org", + addresses: ["149.154.167.221"], + lookup: originalLookup, + }; + + expect(() => + createPinnedDispatcher( + pinned, + { + mode: "direct", + pinnedHostname: { + hostname: "api.telegram.org", + addresses: ["127.0.0.1"], + }, + }, + undefined, + ), + ).toThrow(/private|internal|blocked/i); + }); + it("keeps env proxy route while pinning the direct no-proxy path", () => { const lookup = vi.fn() as unknown as PinnedHostname["lookup"]; const pinned: PinnedHostname = { diff --git a/src/infra/net/ssrf.pinning.test.ts b/src/infra/net/ssrf.pinning.test.ts index 28420ea373f..a8847c26642 100644 --- a/src/infra/net/ssrf.pinning.test.ts +++ b/src/infra/net/ssrf.pinning.test.ts @@ -99,6 +99,15 @@ describe("ssrf pinning", () => { expect(result.address).toBe("1.2.3.4"); }); + it("fails loud when a pinned lookup is created without any addresses", () => { + expect(() => + createPinnedLookup({ + hostname: "example.com", + addresses: [], + }), + ).toThrow("Pinned lookup requires at least one address for example.com"); + }); + it("enforces hostname allowlist when configured", async () => { const lookup = vi.fn(async () => [ { address: "93.184.216.34", family: 4 }, diff --git a/src/infra/net/ssrf.ts b/src/infra/net/ssrf.ts index db70664a43f..fd633fcb20d 100644 --- a/src/infra/net/ssrf.ts +++ b/src/infra/net/ssrf.ts @@ -67,6 +67,13 @@ export function isPrivateNetworkAllowedByPolicy(policy?: SsrFPolicy): boolean { return policy?.dangerouslyAllowPrivateNetwork === true || policy?.allowPrivateNetwork === true; } +function shouldSkipPrivateNetworkChecks(hostname: string, policy?: SsrFPolicy): boolean { + return ( + isPrivateNetworkAllowedByPolicy(policy) || + normalizeHostnameSet(policy?.allowedHostnames).has(hostname) + ); +} + function resolveIpv4SpecialUseBlockOptions(policy?: SsrFPolicy): Ipv4SpecialUseBlockOptions { return { allowRfc2544BenchmarkRange: policy?.allowRfc2544BenchmarkRange === true, @@ -198,6 +205,9 @@ export function createPinnedLookup(params: { fallback?: typeof dnsLookupCb; }): typeof dnsLookupCb { const normalizedHost = normalizeHostname(params.hostname); + if (params.addresses.length === 0) { + throw new Error(`Pinned lookup requires at least one address for ${params.hostname}`); + } const fallback = params.fallback ?? dnsLookupCb; const fallbackLookup = fallback as unknown as ( hostname: string, @@ -255,20 +265,28 @@ export type PinnedHostname = { lookup: typeof dnsLookupCb; }; +export type PinnedHostnameOverride = { + hostname: string; + addresses: string[]; +}; + export type PinnedDispatcherPolicy = | { mode: "direct"; connect?: Record; + pinnedHostname?: PinnedHostnameOverride; } | { mode: "env-proxy"; connect?: Record; proxyTls?: Record; + pinnedHostname?: PinnedHostnameOverride; } | { mode: "explicit-proxy"; proxyUrl: string; proxyTls?: Record; + pinnedHostname?: PinnedHostnameOverride; }; function dedupeAndPreferIpv4(results: readonly LookupAddress[]): string[] { @@ -298,11 +316,8 @@ export async function resolvePinnedHostnameWithPolicy( throw new Error("Invalid hostname"); } - const allowPrivateNetwork = isPrivateNetworkAllowedByPolicy(params.policy); - const allowedHostnames = normalizeHostnameSet(params.policy?.allowedHostnames); const hostnameAllowlist = normalizeHostnameAllowlist(params.policy?.hostnameAllowlist); - const isExplicitAllowed = allowedHostnames.has(normalized); - const skipPrivateNetworkChecks = allowPrivateNetwork || isExplicitAllowed; + const skipPrivateNetworkChecks = shouldSkipPrivateNetworkChecks(normalized, params.policy); if (!matchesHostnameAllowlist(normalized, hostnameAllowlist)) { throw new SsrFBlockedError(`Blocked hostname (not in allowlist): ${hostname}`); @@ -352,19 +367,50 @@ function withPinnedLookup( return connect ? { ...connect, lookup } : { lookup }; } +function resolvePinnedDispatcherLookup( + pinned: PinnedHostname, + override?: PinnedHostnameOverride, + policy?: SsrFPolicy, +): PinnedHostname["lookup"] { + if (!override) { + return pinned.lookup; + } + const normalizedOverrideHost = normalizeHostname(override.hostname); + if (!normalizedOverrideHost || normalizedOverrideHost !== pinned.hostname) { + throw new Error( + `Pinned dispatcher override hostname mismatch: expected ${pinned.hostname}, got ${override.hostname}`, + ); + } + const records = override.addresses.map((address) => ({ + address, + family: address.includes(":") ? 6 : 4, + })); + if (!shouldSkipPrivateNetworkChecks(pinned.hostname, policy)) { + assertAllowedResolvedAddressesOrThrow(records, policy); + } + return createPinnedLookup({ + hostname: pinned.hostname, + addresses: [...override.addresses], + fallback: pinned.lookup, + }); +} + export function createPinnedDispatcher( pinned: PinnedHostname, policy?: PinnedDispatcherPolicy, + ssrfPolicy?: SsrFPolicy, ): Dispatcher { + const lookup = resolvePinnedDispatcherLookup(pinned, policy?.pinnedHostname, ssrfPolicy); + if (!policy || policy.mode === "direct") { return new Agent({ - connect: withPinnedLookup(pinned.lookup, policy?.connect), + connect: withPinnedLookup(lookup, policy?.connect), }); } if (policy.mode === "env-proxy") { return new EnvHttpProxyAgent({ - connect: withPinnedLookup(pinned.lookup, policy.connect), + connect: withPinnedLookup(lookup, policy.connect), ...(policy.proxyTls ? { proxyTls: { ...policy.proxyTls } } : {}), }); } diff --git a/src/infra/net/undici-global-dispatcher.test.ts b/src/infra/net/undici-global-dispatcher.test.ts index 8b14c4084fc..47a97dd6fb6 100644 --- a/src/infra/net/undici-global-dispatcher.test.ts +++ b/src/infra/net/undici-global-dispatcher.test.ts @@ -62,15 +62,20 @@ vi.mock("./proxy-env.js", () => ({ })); import { hasEnvHttpProxyConfigured } from "./proxy-env.js"; -import { - DEFAULT_UNDICI_STREAM_TIMEOUT_MS, - ensureGlobalUndiciEnvProxyDispatcher, - ensureGlobalUndiciStreamTimeouts, - resetGlobalUndiciStreamTimeoutsForTests, -} from "./undici-global-dispatcher.js"; +let DEFAULT_UNDICI_STREAM_TIMEOUT_MS: typeof import("./undici-global-dispatcher.js").DEFAULT_UNDICI_STREAM_TIMEOUT_MS; +let ensureGlobalUndiciEnvProxyDispatcher: typeof import("./undici-global-dispatcher.js").ensureGlobalUndiciEnvProxyDispatcher; +let ensureGlobalUndiciStreamTimeouts: typeof import("./undici-global-dispatcher.js").ensureGlobalUndiciStreamTimeouts; +let resetGlobalUndiciStreamTimeoutsForTests: typeof import("./undici-global-dispatcher.js").resetGlobalUndiciStreamTimeoutsForTests; describe("ensureGlobalUndiciStreamTimeouts", () => { - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); + ({ + DEFAULT_UNDICI_STREAM_TIMEOUT_MS, + ensureGlobalUndiciEnvProxyDispatcher, + ensureGlobalUndiciStreamTimeouts, + resetGlobalUndiciStreamTimeoutsForTests, + } = await import("./undici-global-dispatcher.js")); vi.clearAllMocks(); resetGlobalUndiciStreamTimeoutsForTests(); setCurrentDispatcher(new Agent()); diff --git a/src/infra/openclaw-root.test.ts b/src/infra/openclaw-root.test.ts index e12b2d77f64..291280318bb 100644 --- a/src/infra/openclaw-root.test.ts +++ b/src/infra/openclaw-root.test.ts @@ -1,6 +1,6 @@ import path from "node:path"; import { pathToFileURL } from "node:url"; -import { beforeAll, beforeEach, describe, expect, it, vi } from "vitest"; +import { beforeEach, describe, expect, it, vi } from "vitest"; type FakeFsEntry = { kind: "file"; content: string } | { kind: "dir" }; @@ -93,12 +93,10 @@ describe("resolveOpenClawPackageRoot", () => { let resolveOpenClawPackageRoot: typeof import("./openclaw-root.js").resolveOpenClawPackageRoot; let resolveOpenClawPackageRootSync: typeof import("./openclaw-root.js").resolveOpenClawPackageRootSync; - beforeAll(async () => { + beforeEach(async () => { + vi.resetModules(); ({ resolveOpenClawPackageRoot, resolveOpenClawPackageRootSync } = await import("./openclaw-root.js")); - }); - - beforeEach(() => { state.entries.clear(); state.realpaths.clear(); state.realpathErrors.clear(); diff --git a/src/infra/outbound/agent-delivery.test.ts b/src/infra/outbound/agent-delivery.test.ts index b137ce2a73f..88b6776105e 100644 --- a/src/infra/outbound/agent-delivery.test.ts +++ b/src/infra/outbound/agent-delivery.test.ts @@ -1,4 +1,4 @@ -import { describe, expect, it, vi } from "vitest"; +import { beforeEach, describe, expect, it, vi } from "vitest"; const mocks = vi.hoisted(() => ({ resolveOutboundTarget: vi.fn(() => ({ ok: true as const, to: "+1999" })), @@ -13,7 +13,15 @@ vi.mock("./targets.js", async () => { }); import type { OpenClawConfig } from "../../config/config.js"; -import { resolveAgentDeliveryPlan, resolveAgentOutboundTarget } from "./agent-delivery.js"; +type AgentDeliveryModule = typeof import("./agent-delivery.js"); + +let resolveAgentDeliveryPlan: AgentDeliveryModule["resolveAgentDeliveryPlan"]; +let resolveAgentOutboundTarget: AgentDeliveryModule["resolveAgentOutboundTarget"]; + +beforeEach(async () => { + vi.resetModules(); + ({ resolveAgentDeliveryPlan, resolveAgentOutboundTarget } = await import("./agent-delivery.js")); +}); describe("agent delivery helpers", () => { it("builds a delivery plan from session delivery context", () => { diff --git a/src/infra/outbound/base-session-key.ts b/src/infra/outbound/base-session-key.ts new file mode 100644 index 00000000000..af3b3da1cdd --- /dev/null +++ b/src/infra/outbound/base-session-key.ts @@ -0,0 +1,19 @@ +import type { OpenClawConfig } from "../../config/config.js"; +import { buildAgentSessionKey, type RoutePeer } from "../../routing/resolve-route.js"; + +export function buildOutboundBaseSessionKey(params: { + cfg: OpenClawConfig; + agentId: string; + channel: string; + accountId?: string | null; + peer: RoutePeer; +}): string { + return buildAgentSessionKey({ + agentId: params.agentId, + channel: params.channel, + accountId: params.accountId, + peer: params.peer, + dmScope: params.cfg.session?.dmScope ?? "main", + identityLinks: params.cfg.session?.identityLinks, + }); +} diff --git a/src/infra/outbound/channel-resolution.test.ts b/src/infra/outbound/channel-resolution.test.ts index 3d8f8c4fbdd..30480fd0046 100644 --- a/src/infra/outbound/channel-resolution.test.ts +++ b/src/infra/outbound/channel-resolution.test.ts @@ -123,6 +123,9 @@ describe("outbound channel resolution", () => { expect(loadOpenClawPluginsMock).toHaveBeenCalledWith({ config: { autoEnabled: true }, workspaceDir: "/tmp/workspace", + runtimeOptions: { + allowGatewaySubagentBinding: true, + }, }); getChannelPluginMock.mockReturnValue(undefined); @@ -131,6 +134,13 @@ describe("outbound channel resolution", () => { cfg: { channels: {} } as never, }); expect(loadOpenClawPluginsMock).toHaveBeenCalledTimes(1); + expect(loadOpenClawPluginsMock).toHaveBeenLastCalledWith({ + config: { autoEnabled: true }, + workspaceDir: "/tmp/workspace", + runtimeOptions: { + allowGatewaySubagentBinding: true, + }, + }); }); it("bootstraps when the active registry has other channels but not the requested one", async () => { diff --git a/src/infra/outbound/channel-resolution.ts b/src/infra/outbound/channel-resolution.ts index c39ff8bb210..15372daa2a1 100644 --- a/src/infra/outbound/channel-resolution.ts +++ b/src/infra/outbound/channel-resolution.ts @@ -54,6 +54,9 @@ function maybeBootstrapChannelPlugin(params: { loadOpenClawPlugins({ config: autoEnabled, workspaceDir, + runtimeOptions: { + allowGatewaySubagentBinding: true, + }, }); } catch { // Allow a follow-up resolution attempt if bootstrap failed transiently. diff --git a/src/infra/outbound/channel-selection.test.ts b/src/infra/outbound/channel-selection.test.ts index 9448b919312..fdb4ecd4b6f 100644 --- a/src/infra/outbound/channel-selection.test.ts +++ b/src/infra/outbound/channel-selection.test.ts @@ -13,10 +13,20 @@ vi.mock("./channel-resolution.js", () => ({ resolveOutboundChannelPlugin: mocks.resolveOutboundChannelPlugin, })); -import { - listConfiguredMessageChannels, - resolveMessageChannelSelection, -} from "./channel-selection.js"; +type ChannelSelectionModule = typeof import("./channel-selection.js"); +type RuntimeModule = typeof import("../../runtime.js"); + +let __testing: ChannelSelectionModule["__testing"]; +let listConfiguredMessageChannels: ChannelSelectionModule["listConfiguredMessageChannels"]; +let resolveMessageChannelSelection: ChannelSelectionModule["resolveMessageChannelSelection"]; +let runtimeModule: RuntimeModule; + +beforeEach(async () => { + vi.resetModules(); + runtimeModule = await import("../../runtime.js"); + ({ __testing, listConfiguredMessageChannels, resolveMessageChannelSelection } = + await import("./channel-selection.js")); +}); function makePlugin(params: { id: string; @@ -38,13 +48,18 @@ function makePlugin(params: { } describe("listConfiguredMessageChannels", () => { + let errorSpy: ReturnType; + beforeEach(() => { + errorSpy = vi.spyOn(runtimeModule.defaultRuntime, "error").mockImplementation(() => undefined); mocks.listChannelPlugins.mockReset(); mocks.listChannelPlugins.mockReturnValue([]); mocks.resolveOutboundChannelPlugin.mockReset(); mocks.resolveOutboundChannelPlugin.mockImplementation(({ channel }: { channel: string }) => ({ id: channel, })); + __testing.resetLoggedChannelSelectionErrors(); + errorSpy.mockClear(); }); it("skips unknown plugin ids and plugins without accounts", async () => { @@ -93,6 +108,20 @@ describe("listConfiguredMessageChannels", () => { await expect(listConfiguredMessageChannels({} as never)).resolves.toEqual([]); }); + + it("skips plugin accounts whose resolveAccount throws", async () => { + mocks.listChannelPlugins.mockReturnValue([ + makePlugin({ + id: "discord", + resolveAccount: () => { + throw new Error("boom"); + }, + }), + ]); + + await expect(listConfiguredMessageChannels({} as never)).resolves.toEqual([]); + expect(errorSpy).toHaveBeenCalledTimes(1); + }); }); describe("resolveMessageChannelSelection", () => { diff --git a/src/infra/outbound/channel-selection.ts b/src/infra/outbound/channel-selection.ts index 024fc2273f6..0e87a8e4950 100644 --- a/src/infra/outbound/channel-selection.ts +++ b/src/infra/outbound/channel-selection.ts @@ -1,6 +1,7 @@ import { listChannelPlugins } from "../../channels/plugins/index.js"; import type { ChannelPlugin } from "../../channels/plugins/types.js"; import type { OpenClawConfig } from "../../config/config.js"; +import { defaultRuntime } from "../../runtime.js"; import { listDeliverableMessageChannels, type DeliverableMessageChannel, @@ -59,6 +60,25 @@ function isAccountEnabled(account: unknown): boolean { return enabled !== false; } +const loggedChannelSelectionErrors = new Set(); + +function logChannelSelectionError(params: { + pluginId: string; + accountId: string; + operation: "resolveAccount" | "isConfigured"; + error: unknown; +}) { + const message = params.error instanceof Error ? params.error.message : String(params.error); + const key = `${params.pluginId}:${params.accountId}:${params.operation}:${message}`; + if (loggedChannelSelectionErrors.has(key)) { + return; + } + loggedChannelSelectionErrors.add(key); + defaultRuntime.error?.( + `[channel-selection] ${params.pluginId}(${params.accountId}) ${params.operation} failed: ${message}`, + ); +} + async function isPluginConfigured(plugin: ChannelPlugin, cfg: OpenClawConfig): Promise { const accountIds = plugin.config.listAccountIds(cfg); if (accountIds.length === 0) { @@ -66,7 +86,18 @@ async function isPluginConfigured(plugin: ChannelPlugin, cfg: OpenClawConfig): P } for (const accountId of accountIds) { - const account = plugin.config.resolveAccount(cfg, accountId); + let account: unknown; + try { + account = plugin.config.resolveAccount(cfg, accountId); + } catch (error) { + logChannelSelectionError({ + pluginId: plugin.id, + accountId, + operation: "resolveAccount", + error, + }); + continue; + } const enabled = plugin.config.isEnabled ? plugin.config.isEnabled(account, cfg) : isAccountEnabled(account); @@ -76,7 +107,18 @@ async function isPluginConfigured(plugin: ChannelPlugin, cfg: OpenClawConfig): P if (!plugin.config.isConfigured) { return true; } - const configured = await plugin.config.isConfigured(account, cfg); + let configured = false; + try { + configured = await plugin.config.isConfigured(account, cfg); + } catch (error) { + logChannelSelectionError({ + pluginId: plugin.id, + accountId, + operation: "isConfigured", + error, + }); + continue; + } if (configured) { return true; } @@ -162,3 +204,9 @@ export async function resolveMessageChannelSelection(params: { `Channel is required when multiple channels are configured: ${configured.join(", ")}`, ); } + +export const __testing = { + resetLoggedChannelSelectionErrors() { + loggedChannelSelectionErrors.clear(); + }, +}; diff --git a/src/infra/outbound/deliver.lifecycle.test.ts b/src/infra/outbound/deliver.lifecycle.test.ts index 22fa829812e..c8ce22b826b 100644 --- a/src/infra/outbound/deliver.lifecycle.test.ts +++ b/src/infra/outbound/deliver.lifecycle.test.ts @@ -15,10 +15,12 @@ import { whatsappChunkConfig, } from "./deliver.test-helpers.js"; -const { deliverOutboundPayloads } = await import("./deliver.js"); +type DeliverModule = typeof import("./deliver.js"); + +let deliverOutboundPayloads: DeliverModule["deliverOutboundPayloads"]; async function runChunkedWhatsAppDelivery(params?: { - mirror?: Parameters[0]["mirror"]; + mirror?: Parameters[0]["mirror"]; }) { return await runChunkedWhatsAppDeliveryHelper({ deliverOutboundPayloads, @@ -75,7 +77,9 @@ function expectSuccessfulWhatsAppInternalHookPayload( } describe("deliverOutboundPayloads lifecycle", () => { - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); + ({ deliverOutboundPayloads } = await import("./deliver.js")); resetDeliverTestState(); resetDeliverTestMocks({ includeSessionMocks: true }); }); diff --git a/src/infra/outbound/deliver.test.ts b/src/infra/outbound/deliver.test.ts index 5323dd83e27..e72cbaa0bee 100644 --- a/src/infra/outbound/deliver.test.ts +++ b/src/infra/outbound/deliver.test.ts @@ -80,7 +80,10 @@ vi.mock("../../logging/subsystem.js", () => ({ }, })); -const { deliverOutboundPayloads, normalizeOutboundPayloads } = await import("./deliver.js"); +type DeliverModule = typeof import("./deliver.js"); + +let deliverOutboundPayloads: DeliverModule["deliverOutboundPayloads"]; +let normalizeOutboundPayloads: DeliverModule["normalizeOutboundPayloads"]; const telegramChunkConfig: OpenClawConfig = { channels: { telegram: { botToken: "tok-1", textChunkLimit: 2 } }, @@ -90,13 +93,13 @@ const whatsappChunkConfig: OpenClawConfig = { channels: { whatsapp: { textChunkLimit: 4000 } }, }; -type DeliverOutboundArgs = Parameters[0]; +type DeliverOutboundArgs = Parameters[0]; type DeliverOutboundPayload = DeliverOutboundArgs["payloads"][number]; type DeliverSession = DeliverOutboundArgs["session"]; async function deliverWhatsAppPayload(params: { sendWhatsApp: NonNullable< - NonNullable[0]["deps"]>["sendWhatsApp"] + NonNullable[0]["deps"]>["sendWhatsApp"] >; payload: DeliverOutboundPayload; cfg?: OpenClawConfig; @@ -198,7 +201,9 @@ function expectSuccessfulWhatsAppInternalHookPayload( } describe("deliverOutboundPayloads", () => { - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); + ({ deliverOutboundPayloads, normalizeOutboundPayloads } = await import("./deliver.js")); setActivePluginRegistry(defaultRegistry); mocks.appendAssistantMessageToSessionTranscript.mockClear(); hookMocks.runner.hasHooks.mockClear(); diff --git a/src/infra/outbound/identity.test.ts b/src/infra/outbound/identity.test.ts index d31d8a6dd06..e5a8ea6a808 100644 --- a/src/infra/outbound/identity.test.ts +++ b/src/infra/outbound/identity.test.ts @@ -1,4 +1,4 @@ -import { describe, expect, it, vi } from "vitest"; +import { beforeEach, describe, expect, it, vi } from "vitest"; const resolveAgentIdentityMock = vi.hoisted(() => vi.fn()); const resolveAgentAvatarMock = vi.hoisted(() => vi.fn()); @@ -11,7 +11,15 @@ vi.mock("../../agents/identity-avatar.js", () => ({ resolveAgentAvatar: (...args: unknown[]) => resolveAgentAvatarMock(...args), })); -import { normalizeOutboundIdentity, resolveAgentOutboundIdentity } from "./identity.js"; +type IdentityModule = typeof import("./identity.js"); + +let normalizeOutboundIdentity: IdentityModule["normalizeOutboundIdentity"]; +let resolveAgentOutboundIdentity: IdentityModule["resolveAgentOutboundIdentity"]; + +beforeEach(async () => { + vi.resetModules(); + ({ normalizeOutboundIdentity, resolveAgentOutboundIdentity } = await import("./identity.js")); +}); describe("normalizeOutboundIdentity", () => { it("trims fields and drops empty identities", () => { diff --git a/src/infra/outbound/message-action-runner.media.test.ts b/src/infra/outbound/message-action-runner.media.test.ts index 1715ea090f2..fbbb9e6e2c8 100644 --- a/src/infra/outbound/message-action-runner.media.test.ts +++ b/src/infra/outbound/message-action-runner.media.test.ts @@ -1,16 +1,13 @@ import fs from "node:fs/promises"; import os from "node:os"; import path from "node:path"; -import { afterEach, beforeAll, beforeEach, describe, expect, it, vi } from "vitest"; -import { slackPlugin } from "../../../extensions/slack/src/channel.js"; -import { loadWebMedia } from "../../../extensions/whatsapp/src/media.js"; +import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; import { jsonResult } from "../../agents/tools/common.js"; import type { ChannelPlugin } from "../../channels/plugins/types.js"; import type { OpenClawConfig } from "../../config/config.js"; import { setActivePluginRegistry } from "../../plugins/runtime.js"; import { createTestRegistry } from "../../test-utils/channel-plugins.js"; import { resolvePreferredOpenClawTmpDir } from "../tmp-openclaw-dir.js"; -import { runMessageAction } from "./message-action-runner.js"; vi.mock("../../../extensions/whatsapp/src/media.js", async () => { const actual = await vi.importActual( @@ -79,8 +76,17 @@ async function expectSandboxMediaRewrite(params: { ); } -let createPluginRuntime: typeof import("../../plugins/runtime/index.js").createPluginRuntime; -let setSlackRuntime: typeof import("../../../extensions/slack/src/runtime.js").setSlackRuntime; +type MessageActionRunnerModule = typeof import("./message-action-runner.js"); +type WhatsAppMediaModule = typeof import("../../../extensions/whatsapp/src/media.js"); +type SlackChannelModule = typeof import("../../../extensions/slack/src/channel.js"); +type RuntimeIndexModule = typeof import("../../plugins/runtime/index.js"); +type SlackRuntimeModule = typeof import("../../../extensions/slack/src/runtime.js"); + +let runMessageAction: MessageActionRunnerModule["runMessageAction"]; +let loadWebMedia: WhatsAppMediaModule["loadWebMedia"]; +let slackPlugin: SlackChannelModule["slackPlugin"]; +let createPluginRuntime: RuntimeIndexModule["createPluginRuntime"]; +let setSlackRuntime: SlackRuntimeModule["setSlackRuntime"]; function installSlackRuntime() { const runtime = createPluginRuntime(); @@ -88,7 +94,11 @@ function installSlackRuntime() { } describe("runMessageAction media behavior", () => { - beforeAll(async () => { + beforeEach(async () => { + vi.resetModules(); + ({ runMessageAction } = await import("./message-action-runner.js")); + ({ loadWebMedia } = await import("../../../extensions/whatsapp/src/media.js")); + ({ slackPlugin } = await import("../../../extensions/slack/src/channel.js")); ({ createPluginRuntime } = await import("../../plugins/runtime/index.js")); ({ setSlackRuntime } = await import("../../../extensions/slack/src/runtime.js")); }); @@ -229,68 +239,63 @@ describe("runMessageAction media behavior", () => { ); }); - it("rewrites sandboxed media paths for sendAttachment", async () => { - await withSandbox(async (sandboxDir) => { - await runMessageAction({ - cfg, - action: "sendAttachment", - params: { - channel: "bluebubbles", - target: "+15551234567", - media: "./data/pic.png", - message: "caption", - }, - sandboxRoot: sandboxDir, + it("enforces sandboxed attachment paths for attachment actions", async () => { + for (const testCase of [ + { + name: "sendAttachment rewrite", + action: "sendAttachment" as const, + target: "+15551234567", + media: "./data/pic.png", + message: "caption", + expectedPath: path.join("data", "pic.png"), + }, + { + name: "setGroupIcon rewrite", + action: "setGroupIcon" as const, + target: "group:123", + media: "./icons/group.png", + expectedPath: path.join("icons", "group.png"), + }, + ]) { + vi.mocked(loadWebMedia).mockClear(); + await withSandbox(async (sandboxDir) => { + await runMessageAction({ + cfg, + action: testCase.action, + params: { + channel: "bluebubbles", + target: testCase.target, + media: testCase.media, + ...(testCase.message ? { message: testCase.message } : {}), + }, + sandboxRoot: sandboxDir, + }); + + const call = vi.mocked(loadWebMedia).mock.calls[0]; + expect(call?.[0], testCase.name).toBe(path.join(sandboxDir, testCase.expectedPath)); + expect(call?.[1], testCase.name).toEqual( + expect.objectContaining({ + sandboxValidated: true, + }), + ); }); + } - const call = vi.mocked(loadWebMedia).mock.calls[0]; - expect(call?.[0]).toBe(path.join(sandboxDir, "data", "pic.png")); - expect(call?.[1]).toEqual( - expect.objectContaining({ - sandboxValidated: true, - }), - ); - }); - }); - - it("rewrites sandboxed media paths for setGroupIcon", async () => { - await withSandbox(async (sandboxDir) => { - await runMessageAction({ - cfg, - action: "setGroupIcon", - params: { - channel: "bluebubbles", - target: "group:123", - media: "./icons/group.png", - }, - sandboxRoot: sandboxDir, - }); - - const call = vi.mocked(loadWebMedia).mock.calls[0]; - expect(call?.[0]).toBe(path.join(sandboxDir, "icons", "group.png")); - expect(call?.[1]).toEqual( - expect.objectContaining({ - sandboxValidated: true, - }), - ); - }); - }); - - it("rejects local absolute path for sendAttachment when sandboxRoot is missing", async () => { - await expectRejectsLocalAbsolutePathWithoutSandbox({ - action: "sendAttachment", - target: "+15551234567", - message: "caption", - tempPrefix: "msg-attachment-", - }); - }); - - it("rejects local absolute path for setGroupIcon when sandboxRoot is missing", async () => { - await expectRejectsLocalAbsolutePathWithoutSandbox({ - action: "setGroupIcon", - target: "group:123", - tempPrefix: "msg-group-icon-", - }); + for (const testCase of [ + { + action: "sendAttachment" as const, + target: "+15551234567", + message: "caption", + tempPrefix: "msg-attachment-", + }, + { + action: "setGroupIcon" as const, + target: "group:123", + tempPrefix: "msg-group-icon-", + }, + ]) { + await expectRejectsLocalAbsolutePathWithoutSandbox(testCase); + } }); }); @@ -346,36 +351,35 @@ describe("runMessageAction media behavior", () => { ).rejects.toThrow(/data:/i); }); - it("rewrites sandbox-relative media paths", async () => { - await withSandbox(async (sandboxDir) => { - await expectSandboxMediaRewrite({ - sandboxDir, + it("rewrites in-sandbox media references before dry send", async () => { + for (const testCase of [ + { + name: "relative media path", media: "./data/file.txt", message: "", expectedRelativePath: path.join("data", "file.txt"), - }); - }); - }); - - it("rewrites /workspace media paths to host sandbox root", async () => { - await withSandbox(async (sandboxDir) => { - await expectSandboxMediaRewrite({ - sandboxDir, + }, + { + name: "/workspace media path", media: "/workspace/data/file.txt", message: "", expectedRelativePath: path.join("data", "file.txt"), - }); - }); - }); - - it("rewrites MEDIA directives under sandbox", async () => { - await withSandbox(async (sandboxDir) => { - await expectSandboxMediaRewrite({ - sandboxDir, + }, + { + name: "MEDIA directive", message: "Hello\nMEDIA: ./data/note.ogg", expectedRelativePath: path.join("data", "note.ogg"), + }, + ]) { + await withSandbox(async (sandboxDir) => { + await expectSandboxMediaRewrite({ + sandboxDir, + media: testCase.media, + message: testCase.message, + expectedRelativePath: testCase.expectedRelativePath, + }); }); - }); + } }); it("allows media paths under preferred OpenClaw tmp root", async () => { diff --git a/src/infra/outbound/message-action-runner.poll.test.ts b/src/infra/outbound/message-action-runner.poll.test.ts index 895e47605ce..ed1beb91f5d 100644 --- a/src/infra/outbound/message-action-runner.poll.test.ts +++ b/src/infra/outbound/message-action-runner.poll.test.ts @@ -1,11 +1,4 @@ import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; -import { - installMessageActionRunnerTestRegistry, - resetMessageActionRunnerTestRegistry, - slackConfig, - telegramConfig, -} from "./message-action-runner.test-helpers.js"; - const mocks = vi.hoisted(() => ({ executePollAction: vi.fn(), })); @@ -20,10 +13,18 @@ vi.mock("./outbound-send-service.js", async () => { }; }); -import { runMessageAction } from "./message-action-runner.js"; +type MessageActionRunnerModule = typeof import("./message-action-runner.js"); +type MessageActionRunnerTestHelpersModule = + typeof import("./message-action-runner.test-helpers.js"); + +let runMessageAction: MessageActionRunnerModule["runMessageAction"]; +let installMessageActionRunnerTestRegistry: MessageActionRunnerTestHelpersModule["installMessageActionRunnerTestRegistry"]; +let resetMessageActionRunnerTestRegistry: MessageActionRunnerTestHelpersModule["resetMessageActionRunnerTestRegistry"]; +let slackConfig: MessageActionRunnerTestHelpersModule["slackConfig"]; +let telegramConfig: MessageActionRunnerTestHelpersModule["telegramConfig"]; async function runPollAction(params: { - cfg: typeof slackConfig; + cfg: MessageActionRunnerTestHelpersModule["slackConfig"]; actionParams: Record; toolContext?: Record; }) { @@ -44,7 +45,15 @@ async function runPollAction(params: { | undefined; } describe("runMessageAction poll handling", () => { - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); + ({ runMessageAction } = await import("./message-action-runner.js")); + ({ + installMessageActionRunnerTestRegistry, + resetMessageActionRunnerTestRegistry, + slackConfig, + telegramConfig, + } = await import("./message-action-runner.test-helpers.js")); installMessageActionRunnerTestRegistry(); mocks.executePollAction.mockResolvedValue({ handledBy: "core", @@ -54,14 +63,14 @@ describe("runMessageAction poll handling", () => { }); afterEach(() => { - resetMessageActionRunnerTestRegistry(); + resetMessageActionRunnerTestRegistry?.(); mocks.executePollAction.mockReset(); }); it.each([ { name: "requires at least two poll options", - cfg: telegramConfig, + getCfg: () => telegramConfig, actionParams: { channel: "telegram", target: "telegram:123", @@ -72,7 +81,7 @@ describe("runMessageAction poll handling", () => { }, { name: "rejects durationSeconds outside telegram", - cfg: slackConfig, + getCfg: () => slackConfig, actionParams: { channel: "slack", target: "#C12345678", @@ -84,7 +93,7 @@ describe("runMessageAction poll handling", () => { }, { name: "rejects poll visibility outside telegram", - cfg: slackConfig, + getCfg: () => slackConfig, actionParams: { channel: "slack", target: "#C12345678", @@ -94,8 +103,8 @@ describe("runMessageAction poll handling", () => { }, message: /pollAnonymous\/pollPublic are only supported for Telegram polls/i, }, - ])("$name", async ({ cfg, actionParams, message }) => { - await expect(runPollAction({ cfg, actionParams })).rejects.toThrow(message); + ])("$name", async ({ getCfg, actionParams, message }) => { + await expect(runPollAction({ cfg: getCfg(), actionParams })).rejects.toThrow(message); expect(mocks.executePollAction).not.toHaveBeenCalled(); }); diff --git a/src/infra/outbound/message-action-runner.test-helpers.ts b/src/infra/outbound/message-action-runner.test-helpers.ts index 8ca1ea6a822..78a2585cfc0 100644 --- a/src/infra/outbound/message-action-runner.test-helpers.ts +++ b/src/infra/outbound/message-action-runner.test-helpers.ts @@ -1,7 +1,5 @@ -import { slackPlugin } from "../../../extensions/slack/src/channel.js"; -import { setSlackRuntime } from "../../../extensions/slack/src/runtime.js"; -import { telegramPlugin } from "../../../extensions/telegram/src/channel.js"; -import { setTelegramRuntime } from "../../../extensions/telegram/src/runtime.js"; +import { slackPlugin, setSlackRuntime } from "../../../extensions/slack/index.js"; +import { telegramPlugin, setTelegramRuntime } from "../../../extensions/telegram/index.js"; import type { OpenClawConfig } from "../../config/config.js"; import { setActivePluginRegistry } from "../../plugins/runtime.js"; import { createPluginRuntime } from "../../plugins/runtime/index.js"; diff --git a/src/infra/outbound/message-action-runner.threading.test.ts b/src/infra/outbound/message-action-runner.threading.test.ts index 42d898b145a..7401127251a 100644 --- a/src/infra/outbound/message-action-runner.threading.test.ts +++ b/src/infra/outbound/message-action-runner.threading.test.ts @@ -1,11 +1,4 @@ import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; -import { - installMessageActionRunnerTestRegistry, - resetMessageActionRunnerTestRegistry, - slackConfig, - telegramConfig, -} from "./message-action-runner.test-helpers.js"; - const mocks = vi.hoisted(() => ({ executeSendAction: vi.fn(), recordSessionMetaFromInbound: vi.fn(async () => ({ ok: true })), @@ -31,10 +24,18 @@ vi.mock("../../config/sessions.js", async () => { }; }); -import { runMessageAction } from "./message-action-runner.js"; +type MessageActionRunnerModule = typeof import("./message-action-runner.js"); +type MessageActionRunnerTestHelpersModule = + typeof import("./message-action-runner.test-helpers.js"); + +let runMessageAction: MessageActionRunnerModule["runMessageAction"]; +let installMessageActionRunnerTestRegistry: MessageActionRunnerTestHelpersModule["installMessageActionRunnerTestRegistry"]; +let resetMessageActionRunnerTestRegistry: MessageActionRunnerTestHelpersModule["resetMessageActionRunnerTestRegistry"]; +let slackConfig: MessageActionRunnerTestHelpersModule["slackConfig"]; +let telegramConfig: MessageActionRunnerTestHelpersModule["telegramConfig"]; async function runThreadingAction(params: { - cfg: typeof slackConfig; + cfg: MessageActionRunnerTestHelpersModule["slackConfig"]; actionParams: Record; toolContext?: Record; }) { @@ -65,12 +66,20 @@ const defaultTelegramToolContext = { } as const; describe("runMessageAction threading auto-injection", () => { - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); + ({ runMessageAction } = await import("./message-action-runner.js")); + ({ + installMessageActionRunnerTestRegistry, + resetMessageActionRunnerTestRegistry, + slackConfig, + telegramConfig, + } = await import("./message-action-runner.test-helpers.js")); installMessageActionRunnerTestRegistry(); }); afterEach(() => { - resetMessageActionRunnerTestRegistry(); + resetMessageActionRunnerTestRegistry?.(); mocks.executeSendAction.mockClear(); mocks.recordSessionMetaFromInbound.mockClear(); }); diff --git a/src/infra/outbound/message.channels.test.ts b/src/infra/outbound/message.channels.test.ts index 6d89ac5ab91..6167c3c250c 100644 --- a/src/infra/outbound/message.channels.test.ts +++ b/src/infra/outbound/message.channels.test.ts @@ -4,7 +4,6 @@ import { setActivePluginRegistry } from "../../plugins/runtime.js"; import { createMSTeamsTestPlugin, createTestRegistry } from "../../test-utils/channel-plugins.js"; import { createIMessageTestPlugin } from "../../test-utils/imessage-test-plugin.js"; import { GATEWAY_CLIENT_MODES, GATEWAY_CLIENT_NAMES } from "../../utils/message-channel.js"; -import { sendMessage, sendPoll } from "./message.js"; const setRegistry = (registry: ReturnType) => { setActivePluginRegistry(registry); @@ -17,7 +16,12 @@ vi.mock("../../gateway/call.js", () => ({ randomIdempotencyKey: () => "idem-1", })); -beforeEach(() => { +let sendMessage: typeof import("./message.js").sendMessage; +let sendPoll: typeof import("./message.js").sendPoll; + +beforeEach(async () => { + vi.resetModules(); + ({ sendMessage, sendPoll } = await import("./message.js")); callGatewayMock.mockClear(); setRegistry(emptyRegistry); }); diff --git a/src/infra/outbound/message.test.ts b/src/infra/outbound/message.test.ts index 200d4d587e1..47a43eb8437 100644 --- a/src/infra/outbound/message.test.ts +++ b/src/infra/outbound/message.test.ts @@ -46,10 +46,13 @@ vi.mock("./deliver.js", () => ({ import { setActivePluginRegistry } from "../../plugins/runtime.js"; import { createTestRegistry } from "../../test-utils/channel-plugins.js"; -import { sendMessage } from "./message.js"; + +let sendMessage: typeof import("./message.js").sendMessage; describe("sendMessage", () => { - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); + ({ sendMessage } = await import("./message.js")); setActivePluginRegistry(createTestRegistry([])); mocks.getChannelPlugin.mockClear(); mocks.resolveOutboundTarget.mockClear(); diff --git a/src/infra/outbound/outbound-send-service.test.ts b/src/infra/outbound/outbound-send-service.test.ts index d4a481a8693..f5d1f2b9b28 100644 --- a/src/infra/outbound/outbound-send-service.test.ts +++ b/src/infra/outbound/outbound-send-service.test.ts @@ -32,7 +32,10 @@ vi.mock("../../config/sessions.js", () => ({ appendAssistantMessageToSessionTranscript: mocks.appendAssistantMessageToSessionTranscript, })); -import { executePollAction, executeSendAction } from "./outbound-send-service.js"; +type OutboundSendServiceModule = typeof import("./outbound-send-service.js"); + +let executePollAction: OutboundSendServiceModule["executePollAction"]; +let executeSendAction: OutboundSendServiceModule["executeSendAction"]; describe("executeSendAction", () => { function pluginActionResult(messageId: string) { @@ -88,7 +91,9 @@ describe("executeSendAction", () => { }); } - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); + ({ executePollAction, executeSendAction } = await import("./outbound-send-service.js")); mocks.dispatchChannelMessageAction.mockClear(); mocks.sendMessage.mockClear(); mocks.sendPoll.mockClear(); diff --git a/src/infra/outbound/outbound-session.ts b/src/infra/outbound/outbound-session.ts index c8da99c5f66..274e2c80397 100644 --- a/src/infra/outbound/outbound-session.ts +++ b/src/infra/outbound/outbound-session.ts @@ -4,10 +4,12 @@ import { getChannelPlugin } from "../../channels/plugins/index.js"; import type { ChannelId } from "../../channels/plugins/types.js"; import type { OpenClawConfig } from "../../config/config.js"; import { recordSessionMetaFromInbound, resolveStorePath } from "../../config/sessions.js"; -import { buildAgentSessionKey, type RoutePeer } from "../../routing/resolve-route.js"; +import type { RoutePeer } from "../../routing/resolve-route.js"; import { resolveThreadSessionKeys } from "../../routing/session-key.js"; import { isWhatsAppGroupJid, normalizeWhatsAppTarget } from "../../whatsapp/normalize.js"; +import { buildOutboundBaseSessionKey } from "./base-session-key.js"; import type { ResolvedMessagingTarget } from "./target-resolver.js"; +import { normalizeOutboundThreadId } from "./thread-id.js"; export type OutboundSessionRoute = { sessionKey: string; @@ -30,20 +32,6 @@ export type ResolveOutboundSessionRouteParams = { threadId?: string | number | null; }; -function normalizeThreadId(value?: string | number | null): string | undefined { - if (value == null) { - return undefined; - } - if (typeof value === "number") { - if (!Number.isFinite(value)) { - return undefined; - } - return String(Math.trunc(value)); - } - const trimmed = value.trim(); - return trimmed ? trimmed : undefined; -} - function stripProviderPrefix(raw: string, channel: string): string { const trimmed = raw.trim(); const lower = trimmed.toLowerCase(); @@ -89,14 +77,7 @@ function buildBaseSessionKey(params: { accountId?: string | null; peer: RoutePeer; }): string { - return buildAgentSessionKey({ - agentId: params.agentId, - channel: params.channel, - accountId: params.accountId, - peer: params.peer, - dmScope: params.cfg.session?.dmScope ?? "main", - identityLinks: params.cfg.session?.identityLinks, - }); + return buildOutboundBaseSessionKey(params); } function resolveWhatsAppSession( @@ -240,7 +221,7 @@ function resolveMattermostSession( channel: "mattermost", peer: { kind: isUser ? "direct" : "channel", id: rawId }, }); - const threadId = normalizeThreadId(params.replyToId ?? params.threadId); + const threadId = normalizeOutboundThreadId(params.replyToId ?? params.threadId); const threadKeys = resolveThreadSessionKeys({ baseSessionKey, threadId, diff --git a/src/infra/outbound/session-context.test.ts b/src/infra/outbound/session-context.test.ts index a62c47fb998..1446d665f35 100644 --- a/src/infra/outbound/session-context.test.ts +++ b/src/infra/outbound/session-context.test.ts @@ -1,12 +1,19 @@ -import { describe, expect, it, vi } from "vitest"; +import { beforeEach, describe, expect, it, vi } from "vitest"; const resolveSessionAgentIdMock = vi.hoisted(() => vi.fn()); -vi.mock("../../agents/agent-scope.js", () => ({ - resolveSessionAgentId: (...args: unknown[]) => resolveSessionAgentIdMock(...args), -})); +type SessionContextModule = typeof import("./session-context.js"); -import { buildOutboundSessionContext } from "./session-context.js"; +let buildOutboundSessionContext: SessionContextModule["buildOutboundSessionContext"]; + +beforeEach(async () => { + vi.resetModules(); + resolveSessionAgentIdMock.mockReset(); + vi.doMock("../../agents/agent-scope.js", () => ({ + resolveSessionAgentId: (...args: unknown[]) => resolveSessionAgentIdMock(...args), + })); + ({ buildOutboundSessionContext } = await import("./session-context.js")); +}); describe("buildOutboundSessionContext", () => { it("returns undefined when both session key and agent id are blank", () => { diff --git a/src/infra/outbound/target-normalization.test.ts b/src/infra/outbound/target-normalization.test.ts index c8e6ea7e124..33b4fd8f08c 100644 --- a/src/infra/outbound/target-normalization.test.ts +++ b/src/infra/outbound/target-normalization.test.ts @@ -4,33 +4,51 @@ const normalizeChannelIdMock = vi.hoisted(() => vi.fn()); const getChannelPluginMock = vi.hoisted(() => vi.fn()); const getActivePluginRegistryVersionMock = vi.hoisted(() => vi.fn()); -vi.mock("../../channels/plugins/index.js", () => ({ - normalizeChannelId: (...args: unknown[]) => normalizeChannelIdMock(...args), - getChannelPlugin: (...args: unknown[]) => getChannelPluginMock(...args), -})); +type TargetNormalizationModule = typeof import("./target-normalization.js"); -vi.mock("../../plugins/runtime.js", () => ({ - getActivePluginRegistryVersion: (...args: unknown[]) => - getActivePluginRegistryVersionMock(...args), -})); - -import { - buildTargetResolverSignature, - normalizeChannelTargetInput, - normalizeTargetForProvider, -} from "./target-normalization.js"; +let buildTargetResolverSignature: TargetNormalizationModule["buildTargetResolverSignature"]; +let normalizeChannelTargetInput: TargetNormalizationModule["normalizeChannelTargetInput"]; +let normalizeTargetForProvider: TargetNormalizationModule["normalizeTargetForProvider"]; describe("normalizeChannelTargetInput", () => { + beforeEach(async () => { + vi.resetModules(); + normalizeChannelIdMock.mockReset(); + getChannelPluginMock.mockReset(); + getActivePluginRegistryVersionMock.mockReset(); + vi.doMock("../../channels/plugins/index.js", () => ({ + normalizeChannelId: (...args: unknown[]) => normalizeChannelIdMock(...args), + getChannelPlugin: (...args: unknown[]) => getChannelPluginMock(...args), + })); + vi.doMock("../../plugins/runtime.js", () => ({ + getActivePluginRegistryVersion: (...args: unknown[]) => + getActivePluginRegistryVersionMock(...args), + })); + ({ buildTargetResolverSignature, normalizeChannelTargetInput, normalizeTargetForProvider } = + await import("./target-normalization.js")); + }); + it("trims raw target input", () => { expect(normalizeChannelTargetInput(" channel:C1 ")).toBe("channel:C1"); }); }); describe("normalizeTargetForProvider", () => { - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); normalizeChannelIdMock.mockReset(); getChannelPluginMock.mockReset(); getActivePluginRegistryVersionMock.mockReset(); + vi.doMock("../../channels/plugins/index.js", () => ({ + normalizeChannelId: (...args: unknown[]) => normalizeChannelIdMock(...args), + getChannelPlugin: (...args: unknown[]) => getChannelPluginMock(...args), + })); + vi.doMock("../../plugins/runtime.js", () => ({ + getActivePluginRegistryVersion: (...args: unknown[]) => + getActivePluginRegistryVersionMock(...args), + })); + ({ buildTargetResolverSignature, normalizeChannelTargetInput, normalizeTargetForProvider } = + await import("./target-normalization.js")); }); it("returns undefined for missing or blank raw input", () => { @@ -87,8 +105,21 @@ describe("normalizeTargetForProvider", () => { }); describe("buildTargetResolverSignature", () => { - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); + normalizeChannelIdMock.mockReset(); getChannelPluginMock.mockReset(); + getActivePluginRegistryVersionMock.mockReset(); + vi.doMock("../../channels/plugins/index.js", () => ({ + normalizeChannelId: (...args: unknown[]) => normalizeChannelIdMock(...args), + getChannelPlugin: (...args: unknown[]) => getChannelPluginMock(...args), + })); + vi.doMock("../../plugins/runtime.js", () => ({ + getActivePluginRegistryVersion: (...args: unknown[]) => + getActivePluginRegistryVersionMock(...args), + })); + ({ buildTargetResolverSignature, normalizeChannelTargetInput, normalizeTargetForProvider } = + await import("./target-normalization.js")); }); it("builds stable signatures from resolver hint and looksLikeId source", () => { diff --git a/src/infra/outbound/target-resolver.test.ts b/src/infra/outbound/target-resolver.test.ts index 643a5c3ed25..0e877a60c6a 100644 --- a/src/infra/outbound/target-resolver.test.ts +++ b/src/infra/outbound/target-resolver.test.ts @@ -1,28 +1,41 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; import type { ChannelDirectoryEntry } from "../../channels/plugins/types.js"; import type { OpenClawConfig } from "../../config/config.js"; -import { resetDirectoryCache, resolveMessagingTarget } from "./target-resolver.js"; +type TargetResolverModule = typeof import("./target-resolver.js"); + +let resetDirectoryCache: TargetResolverModule["resetDirectoryCache"]; +let resolveMessagingTarget: TargetResolverModule["resolveMessagingTarget"]; const mocks = vi.hoisted(() => ({ listGroups: vi.fn(), listGroupsLive: vi.fn(), resolveTarget: vi.fn(), getChannelPlugin: vi.fn(), + getActivePluginRegistryVersion: vi.fn(() => 1), })); -vi.mock("../../channels/plugins/index.js", () => ({ - getChannelPlugin: (...args: unknown[]) => mocks.getChannelPlugin(...args), - normalizeChannelId: (value: string) => value, -})); +beforeEach(async () => { + vi.resetModules(); + mocks.listGroups.mockReset(); + mocks.listGroupsLive.mockReset(); + mocks.resolveTarget.mockReset(); + mocks.getChannelPlugin.mockReset(); + mocks.getActivePluginRegistryVersion.mockReset(); + mocks.getActivePluginRegistryVersion.mockReturnValue(1); + vi.doMock("../../channels/plugins/index.js", () => ({ + getChannelPlugin: (...args: unknown[]) => mocks.getChannelPlugin(...args), + normalizeChannelId: (value: string) => value, + })); + vi.doMock("../../plugins/runtime.js", () => ({ + getActivePluginRegistryVersion: () => mocks.getActivePluginRegistryVersion(), + })); + ({ resetDirectoryCache, resolveMessagingTarget } = await import("./target-resolver.js")); +}); describe("resolveMessagingTarget (directory fallback)", () => { const cfg = {} as OpenClawConfig; beforeEach(() => { - mocks.listGroups.mockClear(); - mocks.listGroupsLive.mockClear(); - mocks.resolveTarget.mockClear(); - mocks.getChannelPlugin.mockClear(); resetDirectoryCache(); mocks.getChannelPlugin.mockReturnValue({ directory: { diff --git a/src/infra/outbound/targets.channel-resolution.test.ts b/src/infra/outbound/targets.channel-resolution.test.ts index e676a425bba..f7e38e0bfef 100644 --- a/src/infra/outbound/targets.channel-resolution.test.ts +++ b/src/infra/outbound/targets.channel-resolution.test.ts @@ -48,7 +48,8 @@ vi.mock("../../config/plugin-auto-enable.js", () => ({ import { setActivePluginRegistry } from "../../plugins/runtime.js"; import { createTestRegistry } from "../../test-utils/channel-plugins.js"; -import { resolveOutboundTarget } from "./targets.js"; + +let resolveOutboundTarget: typeof import("./targets.js").resolveOutboundTarget; describe("resolveOutboundTarget channel resolution", () => { let registrySeq = 0; @@ -60,7 +61,9 @@ describe("resolveOutboundTarget channel resolution", () => { mode: "explicit", }); - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); + ({ resolveOutboundTarget } = await import("./targets.js")); registrySeq += 1; setActivePluginRegistry(createTestRegistry([]), `targets-test-${registrySeq}`); mocks.getChannelPlugin.mockReset(); diff --git a/src/infra/outbound/targets.shared-test.ts b/src/infra/outbound/targets.shared-test.ts index 91c2ca9b84d..dae0ca82dd5 100644 --- a/src/infra/outbound/targets.shared-test.ts +++ b/src/infra/outbound/targets.shared-test.ts @@ -1,6 +1,6 @@ import { afterEach, beforeEach, describe, expect, it } from "vitest"; -import { telegramPlugin } from "../../../extensions/telegram/src/channel.js"; -import { whatsappPlugin } from "../../../extensions/whatsapp/src/channel.js"; +import { telegramPlugin } from "../../../extensions/telegram/index.js"; +import { whatsappPlugin } from "../../../extensions/whatsapp/index.js"; import { setActivePluginRegistry } from "../../plugins/runtime.js"; import { createTestRegistry } from "../../test-utils/channel-plugins.js"; import { resolveOutboundTarget } from "./targets.js"; diff --git a/src/infra/outbound/thread-id.test.ts b/src/infra/outbound/thread-id.test.ts new file mode 100644 index 00000000000..a872c0d78d7 --- /dev/null +++ b/src/infra/outbound/thread-id.test.ts @@ -0,0 +1,20 @@ +import { describe, expect, it } from "vitest"; +import { normalizeOutboundThreadId } from "./thread-id.js"; + +describe("normalizeOutboundThreadId", () => { + it("returns undefined for missing values", () => { + expect(normalizeOutboundThreadId()).toBeUndefined(); + expect(normalizeOutboundThreadId(null)).toBeUndefined(); + expect(normalizeOutboundThreadId(" ")).toBeUndefined(); + }); + + it("normalizes numbers and trims strings", () => { + expect(normalizeOutboundThreadId(123.9)).toBe("123"); + expect(normalizeOutboundThreadId(" 456 ")).toBe("456"); + }); + + it("drops non-finite numeric values", () => { + expect(normalizeOutboundThreadId(Number.NaN)).toBeUndefined(); + expect(normalizeOutboundThreadId(Number.POSITIVE_INFINITY)).toBeUndefined(); + }); +}); diff --git a/src/infra/outbound/thread-id.ts b/src/infra/outbound/thread-id.ts new file mode 100644 index 00000000000..287ce99d34a --- /dev/null +++ b/src/infra/outbound/thread-id.ts @@ -0,0 +1,13 @@ +export function normalizeOutboundThreadId(value?: string | number | null): string | undefined { + if (value == null) { + return undefined; + } + if (typeof value === "number") { + if (!Number.isFinite(value)) { + return undefined; + } + return String(Math.trunc(value)); + } + const trimmed = value.trim(); + return trimmed ? trimmed : undefined; +} diff --git a/src/infra/pairing-token.test.ts b/src/infra/pairing-token.test.ts index 1ef0c8e20d7..9788e448e49 100644 --- a/src/infra/pairing-token.test.ts +++ b/src/infra/pairing-token.test.ts @@ -1,5 +1,5 @@ import { Buffer } from "node:buffer"; -import { describe, expect, it, vi } from "vitest"; +import { beforeEach, describe, expect, it, vi } from "vitest"; const randomBytesMock = vi.hoisted(() => vi.fn()); @@ -11,7 +11,17 @@ vi.mock("node:crypto", async () => { }; }); -import { generatePairingToken, PAIRING_TOKEN_BYTES, verifyPairingToken } from "./pairing-token.js"; +type PairingTokenModule = typeof import("./pairing-token.js"); + +let generatePairingToken: PairingTokenModule["generatePairingToken"]; +let PAIRING_TOKEN_BYTES: PairingTokenModule["PAIRING_TOKEN_BYTES"]; +let verifyPairingToken: PairingTokenModule["verifyPairingToken"]; + +beforeEach(async () => { + vi.resetModules(); + ({ generatePairingToken, PAIRING_TOKEN_BYTES, verifyPairingToken } = + await import("./pairing-token.js")); +}); describe("generatePairingToken", () => { it("uses the configured byte count and returns a base64url token", () => { diff --git a/src/infra/ports.test.ts b/src/infra/ports.test.ts index 090ccb128b9..4c3d3597f40 100644 --- a/src/infra/ports.test.ts +++ b/src/infra/ports.test.ts @@ -7,11 +7,20 @@ const runCommandWithTimeoutMock = vi.hoisted(() => vi.fn()); vi.mock("../process/exec.js", () => ({ runCommandWithTimeout: (...args: unknown[]) => runCommandWithTimeoutMock(...args), })); -import { inspectPortUsage } from "./ports-inspect.js"; -import { ensurePortAvailable, handlePortError, PortInUseError } from "./ports.js"; + +let inspectPortUsage: typeof import("./ports-inspect.js").inspectPortUsage; +let ensurePortAvailable: typeof import("./ports.js").ensurePortAvailable; +let handlePortError: typeof import("./ports.js").handlePortError; +let PortInUseError: typeof import("./ports.js").PortInUseError; const describeUnix = process.platform === "win32" ? describe.skip : describe; +beforeEach(async () => { + vi.resetModules(); + ({ inspectPortUsage } = await import("./ports-inspect.js")); + ({ ensurePortAvailable, handlePortError, PortInUseError } = await import("./ports.js")); +}); + describe("ports helpers", () => { it("ensurePortAvailable rejects when port busy", async () => { const server = net.createServer(); diff --git a/src/infra/provider-usage.auth.normalizes-keys.test.ts b/src/infra/provider-usage.auth.normalizes-keys.test.ts index baf96781c27..261ff0203bc 100644 --- a/src/infra/provider-usage.auth.normalizes-keys.test.ts +++ b/src/infra/provider-usage.auth.normalizes-keys.test.ts @@ -50,6 +50,13 @@ describe("resolveProviderAuths key normalization", () => { process.env.HOME = base; process.env.USERPROFILE = base; + if (process.platform === "win32") { + const match = base.match(/^([A-Za-z]:)(.*)$/); + if (match) { + process.env.HOMEDRIVE = match[1]; + process.env.HOMEPATH = match[2] || "\\"; + } + } delete process.env.OPENCLAW_HOME; process.env.OPENCLAW_STATE_DIR = path.join(base, ".openclaw"); for (const [key, value] of Object.entries(env)) { diff --git a/src/infra/provider-usage.auth.plugin.test.ts b/src/infra/provider-usage.auth.plugin.test.ts index 6782e89489b..64339a919d2 100644 --- a/src/infra/provider-usage.auth.plugin.test.ts +++ b/src/infra/provider-usage.auth.plugin.test.ts @@ -7,12 +7,14 @@ vi.mock("../plugins/provider-runtime.js", () => ({ resolveProviderUsageAuthWithPluginMock(...args), })); -import { resolveProviderAuths } from "./provider-usage.auth.js"; +let resolveProviderAuths: typeof import("./provider-usage.auth.js").resolveProviderAuths; describe("resolveProviderAuths plugin seam", () => { - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); resolveProviderUsageAuthWithPluginMock.mockReset(); resolveProviderUsageAuthWithPluginMock.mockResolvedValue(null); + ({ resolveProviderAuths } = await import("./provider-usage.auth.js")); }); it("prefers plugin-owned usage auth when available", async () => { diff --git a/src/infra/provider-usage.auth.ts b/src/infra/provider-usage.auth.ts index 00bba63f2e1..982ffbc8be5 100644 --- a/src/infra/provider-usage.auth.ts +++ b/src/infra/provider-usage.auth.ts @@ -11,6 +11,7 @@ import { normalizeProviderId } from "../agents/model-selection.js"; import { loadConfig, type OpenClawConfig } from "../config/config.js"; import { resolveProviderUsageAuthWithPlugin } from "../plugins/provider-runtime.js"; import { normalizeSecretInput } from "../utils/normalize-secret-input.js"; +import { resolveLegacyPiAgentAccessToken } from "./provider-usage.shared.js"; import type { UsageProviderId } from "./provider-usage.types.js"; export type ProviderAuth = { @@ -28,6 +29,18 @@ type UsageAuthState = { agentDir?: string; }; +function parseGoogleUsageToken(apiKey: string): string { + try { + const parsed = JSON.parse(apiKey) as { token?: unknown }; + if (typeof parsed?.token === "string") { + return parsed.token; + } + } catch { + // ignore + } + return apiKey; +} + function resolveProviderApiKeyFromConfigAndStore(params: { state: UsageAuthState; providerIds: string[]; @@ -166,6 +179,52 @@ async function resolveProviderUsageAuthViaPlugin(params: { }; } +async function resolveProviderUsageAuthFallback(params: { + state: UsageAuthState; + provider: UsageProviderId; +}): Promise { + switch (params.provider) { + case "anthropic": + case "github-copilot": + case "openai-codex": + return await resolveOAuthToken(params); + case "google-gemini-cli": { + const auth = await resolveOAuthToken(params); + return auth ? { ...auth, token: parseGoogleUsageToken(auth.token) } : null; + } + case "zai": { + const apiKey = resolveProviderApiKeyFromConfigAndStore({ + state: params.state, + providerIds: ["zai", "z-ai"], + envDirect: [params.state.env.ZAI_API_KEY, params.state.env.Z_AI_API_KEY], + }); + if (apiKey) { + return { provider: "zai", token: apiKey }; + } + const legacyToken = resolveLegacyPiAgentAccessToken(params.state.env, ["z-ai", "zai"]); + return legacyToken ? { provider: "zai", token: legacyToken } : null; + } + case "minimax": { + const apiKey = resolveProviderApiKeyFromConfigAndStore({ + state: params.state, + providerIds: ["minimax"], + envDirect: [params.state.env.MINIMAX_CODE_PLAN_KEY, params.state.env.MINIMAX_API_KEY], + }); + return apiKey ? { provider: "minimax", token: apiKey } : null; + } + case "xiaomi": { + const apiKey = resolveProviderApiKeyFromConfigAndStore({ + state: params.state, + providerIds: ["xiaomi"], + envDirect: [params.state.env.XIAOMI_API_KEY], + }); + return apiKey ? { provider: "xiaomi", token: apiKey } : null; + } + default: + return null; + } +} + export async function resolveProviderAuths(params: { providers: UsageProviderId[]; auth?: ProviderAuth[]; @@ -192,6 +251,14 @@ export async function resolveProviderAuths(params: { }); if (pluginAuth) { auths.push(pluginAuth); + continue; + } + const fallbackAuth = await resolveProviderUsageAuthFallback({ + state, + provider, + }); + if (fallbackAuth) { + auths.push(fallbackAuth); } } diff --git a/src/infra/provider-usage.load.plugin.test.ts b/src/infra/provider-usage.load.plugin.test.ts index 55cff6cad72..6d4d7d7b602 100644 --- a/src/infra/provider-usage.load.plugin.test.ts +++ b/src/infra/provider-usage.load.plugin.test.ts @@ -12,14 +12,16 @@ vi.mock("../plugins/provider-runtime.js", () => ({ resolveProviderUsageSnapshotWithPluginMock(...args), })); -import { loadProviderUsageSummary } from "./provider-usage.load.js"; +let loadProviderUsageSummary: typeof import("./provider-usage.load.js").loadProviderUsageSummary; const usageNow = Date.UTC(2026, 0, 7, 0, 0, 0); describe("provider-usage.load plugin seam", () => { - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); resolveProviderUsageSnapshotWithPluginMock.mockReset(); resolveProviderUsageSnapshotWithPluginMock.mockResolvedValue(null); + ({ loadProviderUsageSummary } = await import("./provider-usage.load.js")); }); it("prefers plugin-owned usage snapshots", async () => { diff --git a/src/infra/provider-usage.load.test.ts b/src/infra/provider-usage.load.test.ts index 1a91b87a56b..c388b5702e6 100644 --- a/src/infra/provider-usage.load.test.ts +++ b/src/infra/provider-usage.load.test.ts @@ -2,23 +2,13 @@ import { describe, expect, it, vi } from "vitest"; import { createProviderUsageFetch, makeResponse } from "../test-utils/provider-usage-fetch.js"; import { loadProviderUsageSummary } from "./provider-usage.load.js"; import { ignoredErrors } from "./provider-usage.shared.js"; +import { + loadUsageWithAuth, + type ProviderUsageAuth, + usageNow, +} from "./provider-usage.test-support.js"; -const usageNow = Date.UTC(2026, 0, 7, 0, 0, 0); - -type ProviderAuth = NonNullable< - NonNullable[0]>["auth"] ->[number]; - -async function loadUsageWithAuth( - auth: ProviderAuth[], - mockFetch: ReturnType, -) { - return await loadProviderUsageSummary({ - now: usageNow, - auth, - fetch: mockFetch as unknown as typeof fetch, - }); -} +type ProviderAuth = ProviderUsageAuth; describe("provider-usage.load", () => { it("loads snapshots for copilot gemini codex and xiaomi", async () => { @@ -53,6 +43,7 @@ describe("provider-usage.load", () => { }); const summary = await loadUsageWithAuth( + loadProviderUsageSummary, [ { provider: "github-copilot", token: "copilot-token" }, { provider: "google-gemini-cli", token: "gemini-token" }, @@ -85,13 +76,14 @@ describe("provider-usage.load", () => { it("returns empty provider list when auth resolves to none", async () => { const mockFetch = createProviderUsageFetch(async () => makeResponse(404, "not found")); - const summary = await loadUsageWithAuth([], mockFetch); + const summary = await loadUsageWithAuth(loadProviderUsageSummary, [], mockFetch); expect(summary).toEqual({ updatedAt: usageNow, providers: [] }); }); it("returns unsupported provider snapshots for unknown provider ids", async () => { const mockFetch = createProviderUsageFetch(async () => makeResponse(404, "not found")); const summary = await loadUsageWithAuth( + loadProviderUsageSummary, [{ provider: "unsupported-provider", token: "token-u" }] as unknown as ProviderAuth[], mockFetch, ); @@ -109,6 +101,7 @@ describe("provider-usage.load", () => { ignoredErrors.add("HTTP 500"); try { const summary = await loadUsageWithAuth( + loadProviderUsageSummary, [{ provider: "anthropic", token: "token-a" }], mockFetch, ); diff --git a/src/infra/provider-usage.load.ts b/src/infra/provider-usage.load.ts index d34c55c22d3..a8658889c68 100644 --- a/src/infra/provider-usage.load.ts +++ b/src/infra/provider-usage.load.ts @@ -2,6 +2,13 @@ import { loadConfig, type OpenClawConfig } from "../config/config.js"; import { resolveProviderUsageSnapshotWithPlugin } from "../plugins/provider-runtime.js"; import { resolveFetch } from "./fetch.js"; import { type ProviderAuth, resolveProviderAuths } from "./provider-usage.auth.js"; +import { + fetchClaudeUsage, + fetchCodexUsage, + fetchGeminiUsage, + fetchMinimaxUsage, + fetchZaiUsage, +} from "./provider-usage.fetch.js"; import { DEFAULT_TIMEOUT_MS, ignoredErrors, @@ -15,6 +22,99 @@ import type { UsageSummary, } from "./provider-usage.types.js"; +async function fetchCopilotUsageFallback( + token: string, + timeoutMs: number, + fetchFn: typeof fetch, +): Promise { + const res = await fetchFn("https://api.github.com/copilot_internal/user", { + headers: { + Authorization: `token ${token}`, + "Editor-Version": "vscode/1.96.2", + "User-Agent": "GitHubCopilotChat/0.26.7", + "X-Github-Api-Version": "2025-04-01", + }, + signal: AbortSignal.timeout(timeoutMs), + }); + if (!res.ok) { + return { + provider: "github-copilot", + displayName: PROVIDER_LABELS["github-copilot"], + windows: [], + error: `HTTP ${res.status}`, + }; + } + const data = (await res.json()) as { + quota_snapshots?: { + premium_interactions?: { percent_remaining?: number | null }; + chat?: { percent_remaining?: number | null }; + }; + copilot_plan?: string; + }; + const windows = []; + const premiumRemaining = data.quota_snapshots?.premium_interactions?.percent_remaining; + if (premiumRemaining !== undefined && premiumRemaining !== null) { + windows.push({ + label: "Premium", + usedPercent: Math.max(0, Math.min(100, 100 - premiumRemaining)), + }); + } + const chatRemaining = data.quota_snapshots?.chat?.percent_remaining; + if (chatRemaining !== undefined && chatRemaining !== null) { + windows.push({ label: "Chat", usedPercent: Math.max(0, Math.min(100, 100 - chatRemaining)) }); + } + return { + provider: "github-copilot", + displayName: PROVIDER_LABELS["github-copilot"], + windows, + plan: data.copilot_plan, + }; +} + +async function fetchProviderUsageSnapshotFallback(params: { + auth: ProviderAuth; + timeoutMs: number; + fetchFn: typeof fetch; +}): Promise { + switch (params.auth.provider) { + case "anthropic": + return await fetchClaudeUsage(params.auth.token, params.timeoutMs, params.fetchFn); + case "github-copilot": + return await fetchCopilotUsageFallback(params.auth.token, params.timeoutMs, params.fetchFn); + case "google-gemini-cli": + return await fetchGeminiUsage( + params.auth.token, + params.timeoutMs, + params.fetchFn, + "google-gemini-cli", + ); + case "openai-codex": + return await fetchCodexUsage( + params.auth.token, + params.auth.accountId, + params.timeoutMs, + params.fetchFn, + ); + case "zai": + return await fetchZaiUsage(params.auth.token, params.timeoutMs, params.fetchFn); + case "minimax": + return await fetchMinimaxUsage(params.auth.token, params.timeoutMs, params.fetchFn); + case "xiaomi": + return { + provider: "xiaomi", + displayName: PROVIDER_LABELS.xiaomi, + windows: [], + }; + default: + return { + provider: params.auth.provider, + displayName: PROVIDER_LABELS[params.auth.provider], + windows: [], + error: "Unsupported provider", + }; + } +} + type UsageSummaryOptions = { now?: number; timeoutMs?: number; @@ -56,12 +156,11 @@ async function fetchProviderUsageSnapshot(params: { if (pluginSnapshot) { return pluginSnapshot; } - return { - provider: params.auth.provider, - displayName: PROVIDER_LABELS[params.auth.provider], - windows: [], - error: "Unsupported provider", - }; + return await fetchProviderUsageSnapshotFallback({ + auth: params.auth, + timeoutMs: params.timeoutMs, + fetchFn: params.fetchFn, + }); } export async function loadProviderUsageSummary( diff --git a/src/infra/provider-usage.shared.test.ts b/src/infra/provider-usage.shared.test.ts index 048352a183d..4f575f197ff 100644 --- a/src/infra/provider-usage.shared.test.ts +++ b/src/infra/provider-usage.shared.test.ts @@ -1,5 +1,13 @@ +import fs from "node:fs/promises"; +import os from "node:os"; +import path from "node:path"; import { afterEach, describe, expect, it, vi } from "vitest"; -import { clampPercent, resolveUsageProviderId, withTimeout } from "./provider-usage.shared.js"; +import { + clampPercent, + resolveLegacyPiAgentAccessToken, + resolveUsageProviderId, + withTimeout, +} from "./provider-usage.shared.js"; describe("provider-usage.shared", () => { afterEach(() => { @@ -52,4 +60,34 @@ describe("provider-usage.shared", () => { expect(clearTimeoutSpy).toHaveBeenCalledTimes(1); }); + + it("reads legacy pi auth tokens for known provider aliases", async () => { + const home = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-provider-usage-")); + await fs.mkdir(path.join(home, ".pi", "agent"), { recursive: true }); + await fs.writeFile( + path.join(home, ".pi", "agent", "auth.json"), + `${JSON.stringify({ "z-ai": { access: "legacy-zai-key" } }, null, 2)}\n`, + "utf8", + ); + + try { + expect(resolveLegacyPiAgentAccessToken({ HOME: home }, ["z-ai", "zai"])).toBe( + "legacy-zai-key", + ); + } finally { + await fs.rm(home, { recursive: true, force: true }); + } + }); + + it("returns undefined for invalid legacy pi auth files", async () => { + const home = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-provider-usage-")); + await fs.mkdir(path.join(home, ".pi", "agent"), { recursive: true }); + await fs.writeFile(path.join(home, ".pi", "agent", "auth.json"), "{not-json", "utf8"); + + try { + expect(resolveLegacyPiAgentAccessToken({ HOME: home }, ["z-ai", "zai"])).toBeUndefined(); + } finally { + await fs.rm(home, { recursive: true, force: true }); + } + }); }); diff --git a/src/infra/provider-usage.shared.ts b/src/infra/provider-usage.shared.ts index 6fa823db630..b801da4824c 100644 --- a/src/infra/provider-usage.shared.ts +++ b/src/infra/provider-usage.shared.ts @@ -1,4 +1,8 @@ +import fs from "node:fs"; +import os from "node:os"; +import path from "node:path"; import { normalizeProviderId } from "../agents/model-selection.js"; +import { resolveRequiredHomeDir } from "./home-dir.js"; import type { UsageProviderId } from "./provider-usage.types.js"; export const DEFAULT_TIMEOUT_MS = 5000; @@ -59,3 +63,33 @@ export const withTimeout = async (work: Promise, ms: number, fallback: T): } } }; + +export function resolveLegacyPiAgentAccessToken( + env: NodeJS.ProcessEnv, + providerIds: string[], +): string | undefined { + try { + const authPath = path.join( + resolveRequiredHomeDir(env, os.homedir), + ".pi", + "agent", + "auth.json", + ); + if (!fs.existsSync(authPath)) { + return undefined; + } + const parsed = JSON.parse(fs.readFileSync(authPath, "utf8")) as Record< + string, + { access?: string } + >; + for (const providerId of providerIds) { + const token = parsed[providerId]?.access; + if (typeof token === "string" && token.trim()) { + return token; + } + } + return undefined; + } catch { + return undefined; + } +} diff --git a/src/infra/provider-usage.test-support.ts b/src/infra/provider-usage.test-support.ts new file mode 100644 index 00000000000..2d2609a29d6 --- /dev/null +++ b/src/infra/provider-usage.test-support.ts @@ -0,0 +1,27 @@ +import { createProviderUsageFetch } from "../test-utils/provider-usage-fetch.js"; +import type { ProviderAuth } from "./provider-usage.auth.js"; +import type { UsageSummary } from "./provider-usage.types.js"; + +export const usageNow = Date.UTC(2026, 0, 7, 0, 0, 0); + +type ProviderUsageLoader = (params: { + now: number; + auth?: ProviderAuth[]; + fetch?: typeof fetch; +}) => Promise; + +export type ProviderUsageAuth = NonNullable< + NonNullable[0]>["auth"] +>[number]; + +export async function loadUsageWithAuth( + loadProviderUsageSummary: T, + auth: ProviderUsageAuth[], + mockFetch: ReturnType, +) { + return await loadProviderUsageSummary({ + now: usageNow, + auth, + fetch: mockFetch as unknown as typeof fetch, + }); +} diff --git a/src/infra/provider-usage.test.ts b/src/infra/provider-usage.test.ts index 2e45a2ee9dc..fdd2326a9a0 100644 --- a/src/infra/provider-usage.test.ts +++ b/src/infra/provider-usage.test.ts @@ -11,23 +11,9 @@ import { loadProviderUsageSummary, type UsageSummary, } from "./provider-usage.js"; +import { loadUsageWithAuth, usageNow } from "./provider-usage.test-support.js"; const minimaxRemainsEndpoint = "api.minimaxi.com/v1/api/openplatform/coding_plan/remains"; -const usageNow = Date.UTC(2026, 0, 7, 0, 0, 0); -type ProviderAuth = NonNullable< - NonNullable[0]>["auth"] ->[number]; - -async function loadUsageWithAuth( - auth: ProviderAuth[], - mockFetch: ReturnType, -) { - return await loadProviderUsageSummary({ - now: usageNow, - auth, - fetch: mockFetch as unknown as typeof fetch, - }); -} function expectSingleAnthropicProvider(summary: UsageSummary) { expect(summary.providers).toHaveLength(1); @@ -55,7 +41,11 @@ async function expectMinimaxUsage( ) { const mockFetch = createMinimaxOnlyFetch(payload); - const summary = await loadUsageWithAuth([{ provider: "minimax", token: "token-1b" }], mockFetch); + const summary = await loadUsageWithAuth( + loadProviderUsageSummary, + [{ provider: "minimax", token: "token-1b" }], + mockFetch, + ); const minimax = summary.providers.find((p) => p.provider === "minimax"); expect(minimax?.windows[0]?.usedPercent).toBe(expected.usedPercent); @@ -166,6 +156,7 @@ describe("provider usage loading", () => { }); const summary = await loadUsageWithAuth( + loadProviderUsageSummary, [ { provider: "anthropic", token: "token-1" }, { provider: "minimax", token: "token-1b" }, @@ -344,6 +335,7 @@ describe("provider usage loading", () => { }); const summary = await loadUsageWithAuth( + loadProviderUsageSummary, [{ provider: "anthropic", token: "sk-ant-oauth-1" }], mockFetch, ); diff --git a/src/infra/push-apns.relay.test.ts b/src/infra/push-apns.relay.test.ts index 4e8e8054311..0079597a8cd 100644 --- a/src/infra/push-apns.relay.test.ts +++ b/src/infra/push-apns.relay.test.ts @@ -27,6 +27,21 @@ afterEach(() => { vi.unstubAllGlobals(); }); +function createRelayPushParams() { + return { + relayConfig: { + baseUrl: "https://relay.example.com", + timeoutMs: 1000, + }, + sendGrant: "send-grant-123", + relayHandle: "relay-handle-123", + payload: { aps: { "content-available": 1 } }, + pushType: "background" as const, + priority: "5" as const, + gatewayIdentity: relayGatewayIdentity, + }; +} + describe("push-apns.relay", () => { describe("resolveApnsRelayConfigFromEnv", () => { it("returns a missing-config error when no relay base URL is configured", () => { @@ -190,18 +205,7 @@ describe("push-apns.relay", () => { }); vi.stubGlobal("fetch", fetchMock as unknown as typeof fetch); - const result = await sendApnsRelayPush({ - relayConfig: { - baseUrl: "https://relay.example.com", - timeoutMs: 1000, - }, - sendGrant: "send-grant-123", - relayHandle: "relay-handle-123", - payload: { aps: { "content-available": 1 } }, - pushType: "background", - priority: "5", - gatewayIdentity: relayGatewayIdentity, - }); + const result = await sendApnsRelayPush(createRelayPushParams()); expect(fetchMock).toHaveBeenCalledTimes(1); expect(fetchMock.mock.calls[0]?.[1]).toMatchObject({ redirect: "manual" }); @@ -221,20 +225,7 @@ describe("push-apns.relay", () => { }); vi.stubGlobal("fetch", fetchMock as unknown as typeof fetch); - await expect( - sendApnsRelayPush({ - relayConfig: { - baseUrl: "https://relay.example.com", - timeoutMs: 1000, - }, - sendGrant: "send-grant-123", - relayHandle: "relay-handle-123", - payload: { aps: { "content-available": 1 } }, - pushType: "background", - priority: "5", - gatewayIdentity: relayGatewayIdentity, - }), - ).resolves.toEqual({ + await expect(sendApnsRelayPush(createRelayPushParams())).resolves.toEqual({ ok: true, status: 202, apnsId: undefined, @@ -258,20 +249,7 @@ describe("push-apns.relay", () => { }); vi.stubGlobal("fetch", fetchMock as unknown as typeof fetch); - await expect( - sendApnsRelayPush({ - relayConfig: { - baseUrl: "https://relay.example.com", - timeoutMs: 1000, - }, - sendGrant: "send-grant-123", - relayHandle: "relay-handle-123", - payload: { aps: { "content-available": 1 } }, - pushType: "background", - priority: "5", - gatewayIdentity: relayGatewayIdentity, - }), - ).resolves.toEqual({ + await expect(sendApnsRelayPush(createRelayPushParams())).resolves.toEqual({ ok: false, status: 410, apnsId: "relay-apns-id", diff --git a/src/infra/restart-stale-pids.test.ts b/src/infra/restart-stale-pids.test.ts index b7589d26e15..4ff0823e4c3 100644 --- a/src/infra/restart-stale-pids.test.ts +++ b/src/infra/restart-stale-pids.test.ts @@ -32,11 +32,9 @@ vi.mock("../logging/subsystem.js", () => ({ })); import { resolveLsofCommandSync } from "./ports-lsof.js"; -import { - __testing, - cleanStaleGatewayProcessesSync, - findGatewayPidsOnPortSync, -} from "./restart-stale-pids.js"; +let __testing: typeof import("./restart-stale-pids.js").__testing; +let cleanStaleGatewayProcessesSync: typeof import("./restart-stale-pids.js").cleanStaleGatewayProcessesSync; +let findGatewayPidsOnPortSync: typeof import("./restart-stale-pids.js").findGatewayPidsOnPortSync; function lsofOutput(entries: Array<{ pid: number; cmd: string }>): string { return entries.map(({ pid, cmd }) => `p${pid}\nc${cmd}`).join("\n") + "\n"; @@ -89,6 +87,12 @@ function installInitialBusyPoll( describe.skipIf(isWindows)("restart-stale-pids", () => { beforeEach(() => { + vi.resetModules(); + }); + + beforeEach(async () => { + ({ __testing, cleanStaleGatewayProcessesSync, findGatewayPidsOnPortSync } = + await import("./restart-stale-pids.js")); mockSpawnSync.mockReset(); mockResolveGatewayPort.mockReset(); mockRestartWarn.mockReset(); diff --git a/src/infra/restart.test.ts b/src/infra/restart.test.ts index e21225be37b..fe6e760041b 100644 --- a/src/infra/restart.test.ts +++ b/src/infra/restart.test.ts @@ -16,13 +16,14 @@ vi.mock("../config/paths.js", () => ({ resolveGatewayPort: (...args: unknown[]) => resolveGatewayPortMock(...args), })); -import { - __testing, - cleanStaleGatewayProcessesSync, - findGatewayPidsOnPortSync, -} from "./restart-stale-pids.js"; +let __testing: typeof import("./restart-stale-pids.js").__testing; +let cleanStaleGatewayProcessesSync: typeof import("./restart-stale-pids.js").cleanStaleGatewayProcessesSync; +let findGatewayPidsOnPortSync: typeof import("./restart-stale-pids.js").findGatewayPidsOnPortSync; -beforeEach(() => { +beforeEach(async () => { + vi.resetModules(); + ({ __testing, cleanStaleGatewayProcessesSync, findGatewayPidsOnPortSync } = + await import("./restart-stale-pids.js")); spawnSyncMock.mockReset(); resolveLsofCommandSyncMock.mockReset(); resolveGatewayPortMock.mockReset(); diff --git a/src/infra/run-node.test.ts b/src/infra/run-node.test.ts index dfebf6c2ad2..9b6c871379b 100644 --- a/src/infra/run-node.test.ts +++ b/src/infra/run-node.test.ts @@ -3,6 +3,7 @@ import fs from "node:fs/promises"; import os from "node:os"; import path from "node:path"; import { describe, expect, it } from "vitest"; +import { runNodeMain } from "../../scripts/run-node.mjs"; async function withTempDir(run: (dir: string) => Promise): Promise { const dir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-run-node-")); @@ -70,7 +71,6 @@ describe("run-node script", () => { }; }; - const { runNodeMain } = await import("../../scripts/run-node.mjs"); const exitCode = await runNodeMain({ cwd: tmp, args: ["--version"], @@ -130,7 +130,6 @@ describe("run-node script", () => { return createExitedProcess(0); }; - const { runNodeMain } = await import("../../scripts/run-node.mjs"); const exitCode = await runNodeMain({ cwd: tmp, args: ["status"], @@ -205,7 +204,6 @@ describe("run-node script", () => { return { status: 1, stdout: "" }; }; - const { runNodeMain } = await import("../../scripts/run-node.mjs"); const exitCode = await runNodeMain({ cwd: tmp, args: ["status"], @@ -233,7 +231,6 @@ describe("run-node script", () => { return createExitedProcess(0); }; - const { runNodeMain } = await import("../../scripts/run-node.mjs"); const exitCode = await runNodeMain({ cwd: tmp, args: ["status"], @@ -282,7 +279,6 @@ describe("run-node script", () => { }; const spawnSync = () => ({ status: 1, stdout: "" }); - const { runNodeMain } = await import("../../scripts/run-node.mjs"); const exitCode = await runNodeMain({ cwd: tmp, args: ["status"], @@ -354,7 +350,6 @@ describe("run-node script", () => { }; const spawnSync = () => ({ status: 1, stdout: "" }); - const { runNodeMain } = await import("../../scripts/run-node.mjs"); const exitCode = await runNodeMain({ cwd: tmp, args: ["status"], @@ -419,7 +414,6 @@ describe("run-node script", () => { return { status: 1, stdout: "" }; }; - const { runNodeMain } = await import("../../scripts/run-node.mjs"); const exitCode = await runNodeMain({ cwd: tmp, args: ["status"], @@ -490,7 +484,6 @@ describe("run-node script", () => { return { status: 1, stdout: "" }; }; - const { runNodeMain } = await import("../../scripts/run-node.mjs"); const exitCode = await runNodeMain({ cwd: tmp, args: ["status"], @@ -560,7 +553,6 @@ describe("run-node script", () => { return { status: 1, stdout: "" }; }; - const { runNodeMain } = await import("../../scripts/run-node.mjs"); const exitCode = await runNodeMain({ cwd: tmp, args: ["status"], @@ -636,7 +628,6 @@ describe("run-node script", () => { return { status: 1, stdout: "" }; }; - const { runNodeMain } = await import("../../scripts/run-node.mjs"); const exitCode = await runNodeMain({ cwd: tmp, args: ["status"], @@ -696,7 +687,6 @@ describe("run-node script", () => { }; const spawnSync = () => ({ status: 1, stdout: "" }); - const { runNodeMain } = await import("../../scripts/run-node.mjs"); const exitCode = await runNodeMain({ cwd: tmp, args: ["status"], @@ -758,7 +748,6 @@ describe("run-node script", () => { return { status: 1, stdout: "" }; }; - const { runNodeMain } = await import("../../scripts/run-node.mjs"); const exitCode = await runNodeMain({ cwd: tmp, args: ["status"], diff --git a/src/infra/secret-file.ts b/src/infra/secret-file.ts index d62fb326d6b..0d10e605ce5 100644 --- a/src/infra/secret-file.ts +++ b/src/infra/secret-file.ts @@ -22,6 +22,10 @@ export type SecretFileReadResult = error?: unknown; }; +function normalizeSecretReadError(error: unknown): Error { + return error instanceof Error ? error : new Error(String(error)); +} + export function loadSecretFileSync( filePath: string, label: string, @@ -39,11 +43,12 @@ export function loadSecretFileSync( try { previewStat = fs.lstatSync(resolvedPath); } catch (error) { + const normalized = normalizeSecretReadError(error); return { ok: false, resolvedPath, - error, - message: `Failed to inspect ${label} file at ${resolvedPath}: ${String(error)}`, + error: normalized, + message: `Failed to inspect ${label} file at ${resolvedPath}: ${String(normalized)}`, }; } @@ -75,8 +80,9 @@ export function loadSecretFileSync( maxBytes, }); if (!opened.ok) { - const error = - opened.reason === "validation" ? new Error("security validation failed") : opened.error; + const error = normalizeSecretReadError( + opened.reason === "validation" ? new Error("security validation failed") : opened.error, + ); return { ok: false, resolvedPath, @@ -97,11 +103,12 @@ export function loadSecretFileSync( } return { ok: true, secret, resolvedPath }; } catch (error) { + const normalized = normalizeSecretReadError(error); return { ok: false, resolvedPath, - error, - message: `Failed to read ${label} file at ${resolvedPath}: ${String(error)}`, + error: normalized, + message: `Failed to read ${label} file at ${resolvedPath}: ${String(normalized)}`, }; } finally { fs.closeSync(opened.fd); diff --git a/src/infra/secure-random.test.ts b/src/infra/secure-random.test.ts index 2a595900c7b..1c9f8d949bc 100644 --- a/src/infra/secure-random.test.ts +++ b/src/infra/secure-random.test.ts @@ -1,5 +1,5 @@ import { Buffer } from "node:buffer"; -import { describe, expect, it, vi } from "vitest"; +import { beforeEach, describe, expect, it, vi } from "vitest"; const cryptoMocks = vi.hoisted(() => ({ randomBytes: vi.fn((bytes: number) => Buffer.alloc(bytes, 0xab)), @@ -11,7 +11,13 @@ vi.mock("node:crypto", () => ({ randomUUID: cryptoMocks.randomUUID, })); -import { generateSecureToken, generateSecureUuid } from "./secure-random.js"; +let generateSecureToken: typeof import("./secure-random.js").generateSecureToken; +let generateSecureUuid: typeof import("./secure-random.js").generateSecureUuid; + +beforeEach(async () => { + vi.resetModules(); + ({ generateSecureToken, generateSecureUuid } = await import("./secure-random.js")); +}); describe("secure-random", () => { it("delegates UUID generation to crypto.randomUUID", () => { diff --git a/src/infra/session-maintenance-warning.test.ts b/src/infra/session-maintenance-warning.test.ts index f4c2e0757a1..4395a46df89 100644 --- a/src/infra/session-maintenance-warning.test.ts +++ b/src/infra/session-maintenance-warning.test.ts @@ -15,28 +15,9 @@ const mocks = vi.hoisted(() => ({ enqueueSystemEvent: vi.fn(), })); -vi.mock("../agents/agent-scope.js", () => ({ - resolveSessionAgentId: mocks.resolveSessionAgentId, -})); +type SessionMaintenanceWarningModule = typeof import("./session-maintenance-warning.js"); -vi.mock("../utils/message-channel.js", () => ({ - normalizeMessageChannel: mocks.normalizeMessageChannel, - isDeliverableMessageChannel: mocks.isDeliverableMessageChannel, -})); - -vi.mock("./outbound/targets.js", () => ({ - resolveSessionDeliveryTarget: mocks.resolveSessionDeliveryTarget, -})); - -vi.mock("./outbound/deliver.js", () => ({ - deliverOutboundPayloads: mocks.deliverOutboundPayloads, -})); - -vi.mock("./system-events.js", () => ({ - enqueueSystemEvent: mocks.enqueueSystemEvent, -})); - -const { deliverSessionMaintenanceWarning } = await import("./session-maintenance-warning.js"); +let deliverSessionMaintenanceWarning: SessionMaintenanceWarningModule["deliverSessionMaintenanceWarning"]; function createParams( overrides: Partial[0]> = {}, @@ -62,17 +43,35 @@ describe("deliverSessionMaintenanceWarning", () => { let prevVitest: string | undefined; let prevNodeEnv: string | undefined; - beforeEach(() => { + beforeEach(async () => { prevVitest = process.env.VITEST; prevNodeEnv = process.env.NODE_ENV; delete process.env.VITEST; process.env.NODE_ENV = "development"; + vi.resetModules(); mocks.resolveSessionAgentId.mockClear(); mocks.resolveSessionDeliveryTarget.mockClear(); mocks.normalizeMessageChannel.mockClear(); mocks.isDeliverableMessageChannel.mockClear(); mocks.deliverOutboundPayloads.mockClear(); mocks.enqueueSystemEvent.mockClear(); + vi.doMock("../agents/agent-scope.js", () => ({ + resolveSessionAgentId: mocks.resolveSessionAgentId, + })); + vi.doMock("../utils/message-channel.js", () => ({ + normalizeMessageChannel: mocks.normalizeMessageChannel, + isDeliverableMessageChannel: mocks.isDeliverableMessageChannel, + })); + vi.doMock("./outbound/targets.js", () => ({ + resolveSessionDeliveryTarget: mocks.resolveSessionDeliveryTarget, + })); + vi.doMock("./outbound/deliver.js", () => ({ + deliverOutboundPayloads: mocks.deliverOutboundPayloads, + })); + vi.doMock("./system-events.js", () => ({ + enqueueSystemEvent: mocks.enqueueSystemEvent, + })); + ({ deliverSessionMaintenanceWarning } = await import("./session-maintenance-warning.js")); }); afterEach(() => { diff --git a/src/infra/state-migrations.ts b/src/infra/state-migrations.ts index 6646ab02e75..b429365a4a4 100644 --- a/src/infra/state-migrations.ts +++ b/src/infra/state-migrations.ts @@ -15,7 +15,7 @@ import { canonicalizeMainSessionAlias } from "../config/sessions/main-session.js import type { SessionScope } from "../config/sessions/types.js"; import { createSubsystemLogger } from "../logging/subsystem.js"; import { resolveChannelAllowFromPath } from "../pairing/pairing-store.js"; -import { listTelegramAccountIds } from "../plugin-sdk-internal/telegram.js"; +import { listTelegramAccountIds } from "../plugin-sdk/telegram.js"; import { buildAgentMainSessionKey, DEFAULT_ACCOUNT_ID, diff --git a/src/infra/transport-ready.test.ts b/src/infra/transport-ready.test.ts index a4703ba512c..e55dcb7dd7b 100644 --- a/src/infra/transport-ready.test.ts +++ b/src/infra/transport-ready.test.ts @@ -1,43 +1,45 @@ import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; -import { waitForTransportReady } from "./transport-ready.js"; let injectedSleepError: Error | null = null; - -// Perf: `sleepWithAbort` uses `node:timers/promises` which isn't controlled by fake timers. -// Route sleeps through global `setTimeout` so tests can advance time deterministically. -vi.mock("./backoff.js", () => ({ - sleepWithAbort: async (ms: number, signal?: AbortSignal) => { - if (injectedSleepError) { - throw injectedSleepError; - } - if (signal?.aborted) { - throw new Error("aborted"); - } - if (ms <= 0) { - return; - } - await new Promise((resolve, reject) => { - const timer = setTimeout(() => { - signal?.removeEventListener("abort", onAbort); - resolve(); - }, ms); - const onAbort = () => { - clearTimeout(timer); - signal?.removeEventListener("abort", onAbort); - reject(new Error("aborted")); - }; - signal?.addEventListener("abort", onAbort, { once: true }); - }); - }, -})); +type TransportReadyModule = typeof import("./transport-ready.js"); +let waitForTransportReady: TransportReadyModule["waitForTransportReady"]; function createRuntime() { return { log: vi.fn(), error: vi.fn(), exit: vi.fn() }; } describe("waitForTransportReady", () => { - beforeEach(() => { + beforeEach(async () => { vi.useFakeTimers(); + vi.resetModules(); + // Perf: `sleepWithAbort` uses `node:timers/promises` which isn't controlled by fake timers. + // Route sleeps through global `setTimeout` so tests can advance time deterministically. + vi.doMock("./backoff.js", () => ({ + sleepWithAbort: async (ms: number, signal?: AbortSignal) => { + if (injectedSleepError) { + throw injectedSleepError; + } + if (signal?.aborted) { + throw new Error("aborted"); + } + if (ms <= 0) { + return; + } + await new Promise((resolve, reject) => { + const timer = setTimeout(() => { + signal?.removeEventListener("abort", onAbort); + resolve(); + }, ms); + const onAbort = () => { + clearTimeout(timer); + signal?.removeEventListener("abort", onAbort); + reject(new Error("aborted")); + }; + signal?.addEventListener("abort", onAbort, { once: true }); + }); + }, + })); + ({ waitForTransportReady } = await import("./transport-ready.js")); }); afterEach(() => { diff --git a/src/infra/tsdown-config.test.ts b/src/infra/tsdown-config.test.ts new file mode 100644 index 00000000000..94332c5b307 --- /dev/null +++ b/src/infra/tsdown-config.test.ts @@ -0,0 +1,58 @@ +import { describe, expect, it } from "vitest"; +import tsdownConfig from "../../tsdown.config.ts"; + +type TsdownConfigEntry = { + entry?: Record | string[]; + outDir?: string; +}; + +function asConfigArray(config: unknown): TsdownConfigEntry[] { + return Array.isArray(config) ? (config as TsdownConfigEntry[]) : [config as TsdownConfigEntry]; +} + +function entryKeys(config: TsdownConfigEntry): string[] { + if (!config.entry || Array.isArray(config.entry)) { + return []; + } + return Object.keys(config.entry); +} + +describe("tsdown config", () => { + it("keeps core, plugin runtime, plugin-sdk, bundled plugins, and bundled hooks in one dist graph", () => { + const configs = asConfigArray(tsdownConfig); + const distGraphs = configs.filter((config) => { + const keys = entryKeys(config); + return ( + keys.includes("index") || + keys.includes("plugins/runtime/index") || + keys.includes("plugin-sdk/index") || + keys.includes("extensions/openai/index") || + keys.includes("bundled/boot-md/handler") + ); + }); + + expect(distGraphs).toHaveLength(1); + expect(entryKeys(distGraphs[0])).toEqual( + expect.arrayContaining([ + "index", + "plugins/runtime/index", + "plugin-sdk/index", + "extensions/openai/index", + "bundled/boot-md/handler", + ]), + ); + }); + + it("does not emit plugin-sdk or hooks from a separate dist graph", () => { + const configs = asConfigArray(tsdownConfig); + + expect(configs.some((config) => config.outDir === "dist/plugin-sdk")).toBe(false); + expect( + configs.some((config) => + Array.isArray(config.entry) + ? config.entry.some((entry) => entry.includes("src/hooks/")) + : false, + ), + ).toBe(false); + }); +}); diff --git a/src/infra/warning-filter.test.ts b/src/infra/warning-filter.test.ts index da4b9dad163..ad3a69571f0 100644 --- a/src/infra/warning-filter.test.ts +++ b/src/infra/warning-filter.test.ts @@ -137,10 +137,7 @@ describe("warning filter", () => { seenWarnings.find((warning) => warning.code === "OPENCLAW_TEST_WARNING"), ).toBeDefined(); expect( - seenWarnings.find( - (warning) => - warning.code === "DEP0040" && warning.message === "The punycode module is deprecated.", - ), + seenWarnings.find((warning) => warning.message === "The punycode module is deprecated."), ).toBeDefined(); expect(stderrWrites.join("")).toContain("Visible warning"); } finally { diff --git a/src/infra/warning-filter.ts b/src/infra/warning-filter.ts index 40863222885..d3117e1da55 100644 --- a/src/infra/warning-filter.ts +++ b/src/infra/warning-filter.ts @@ -75,6 +75,20 @@ export function installProcessWarningFilter(): void { if (shouldIgnoreWarning(normalizeWarningArgs(args))) { return; } + if ( + args[0] instanceof Error && + args[1] && + typeof args[1] === "object" && + !Array.isArray(args[1]) + ) { + const warning = args[0]; + const emitted = Object.assign(new Error(warning.message), { + name: warning.name, + code: (warning as Error & { code?: string }).code, + }); + process.emit("warning", emitted); + return; + } return Reflect.apply(originalEmitWarning, process, args); }) as typeof process.emitWarning; diff --git a/src/infra/windows-task-restart.test.ts b/src/infra/windows-task-restart.test.ts index 1a25a7a7415..5da5625f9b8 100644 --- a/src/infra/windows-task-restart.test.ts +++ b/src/infra/windows-task-restart.test.ts @@ -1,7 +1,7 @@ import fs from "node:fs"; import os from "node:os"; import path from "node:path"; -import { afterEach, describe, expect, it, vi } from "vitest"; +import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; import { captureFullEnv } from "../test-utils/env.js"; const spawnMock = vi.hoisted(() => vi.fn()); @@ -14,7 +14,9 @@ vi.mock("./tmp-openclaw-dir.js", () => ({ resolvePreferredOpenClawTmpDir: () => resolvePreferredOpenClawTmpDirMock(), })); -import { relaunchGatewayScheduledTask } from "./windows-task-restart.js"; +type WindowsTaskRestartModule = typeof import("./windows-task-restart.js"); + +let relaunchGatewayScheduledTask: WindowsTaskRestartModule["relaunchGatewayScheduledTask"]; const envSnapshot = captureFullEnv(); const createdScriptPaths = new Set(); @@ -51,6 +53,11 @@ afterEach(() => { }); describe("relaunchGatewayScheduledTask", () => { + beforeEach(async () => { + vi.resetModules(); + ({ relaunchGatewayScheduledTask } = await import("./windows-task-restart.js")); + }); + it("writes a detached schtasks relaunch helper", () => { const unref = vi.fn(); let seenCommandArg = ""; diff --git a/src/infra/wsl.test.ts b/src/infra/wsl.test.ts index d026cf4bbb1..bc1aa23dad0 100644 --- a/src/infra/wsl.test.ts +++ b/src/infra/wsl.test.ts @@ -14,7 +14,11 @@ vi.mock("node:fs/promises", () => ({ }, })); -const { isWSLEnv, isWSLSync, isWSL2Sync, isWSL, resetWSLStateForTests } = await import("./wsl.js"); +let isWSLEnv: typeof import("./wsl.js").isWSLEnv; +let isWSLSync: typeof import("./wsl.js").isWSLSync; +let isWSL2Sync: typeof import("./wsl.js").isWSL2Sync; +let isWSL: typeof import("./wsl.js").isWSL; +let resetWSLStateForTests: typeof import("./wsl.js").resetWSLStateForTests; const originalPlatformDescriptor = Object.getOwnPropertyDescriptor(process, "platform"); @@ -29,13 +33,18 @@ describe("wsl detection", () => { let envSnapshot: ReturnType; beforeEach(() => { + vi.resetModules(); envSnapshot = captureEnv(["WSL_INTEROP", "WSL_DISTRO_NAME", "WSLENV"]); readFileSyncMock.mockReset(); readFileMock.mockReset(); - resetWSLStateForTests(); setPlatform("linux"); }); + beforeEach(async () => { + ({ isWSLEnv, isWSLSync, isWSL2Sync, isWSL, resetWSLStateForTests } = await import("./wsl.js")); + resetWSLStateForTests(); + }); + afterEach(() => { envSnapshot.restore(); resetWSLStateForTests(); diff --git a/src/logging/logger.browser-import.test.ts b/src/logging/logger.browser-import.test.ts new file mode 100644 index 00000000000..5704770d3ed --- /dev/null +++ b/src/logging/logger.browser-import.test.ts @@ -0,0 +1,70 @@ +import { afterEach, describe, expect, it, vi } from "vitest"; + +type LoggerModule = typeof import("./logger.js"); + +const originalGetBuiltinModule = ( + process as NodeJS.Process & { getBuiltinModule?: (id: string) => unknown } +).getBuiltinModule; + +async function importBrowserSafeLogger(params?: { + resolvePreferredOpenClawTmpDir?: ReturnType; +}): Promise<{ + module: LoggerModule; + resolvePreferredOpenClawTmpDir: ReturnType; +}> { + vi.resetModules(); + const resolvePreferredOpenClawTmpDir = + params?.resolvePreferredOpenClawTmpDir ?? + vi.fn(() => { + throw new Error("resolvePreferredOpenClawTmpDir should not run during browser-safe import"); + }); + + vi.doMock("../infra/tmp-openclaw-dir.js", async () => { + const actual = await vi.importActual( + "../infra/tmp-openclaw-dir.js", + ); + return { + ...actual, + resolvePreferredOpenClawTmpDir, + }; + }); + + Object.defineProperty(process, "getBuiltinModule", { + configurable: true, + value: undefined, + }); + + const module = await import("./logger.js"); + return { module, resolvePreferredOpenClawTmpDir }; +} + +describe("logging/logger browser-safe import", () => { + afterEach(() => { + vi.resetModules(); + vi.doUnmock("../infra/tmp-openclaw-dir.js"); + Object.defineProperty(process, "getBuiltinModule", { + configurable: true, + value: originalGetBuiltinModule, + }); + }); + + it("does not resolve the preferred temp dir at import time when node fs is unavailable", async () => { + const { module, resolvePreferredOpenClawTmpDir } = await importBrowserSafeLogger(); + + expect(resolvePreferredOpenClawTmpDir).not.toHaveBeenCalled(); + expect(module.DEFAULT_LOG_DIR).toBe("/tmp/openclaw"); + expect(module.DEFAULT_LOG_FILE).toBe("/tmp/openclaw/openclaw.log"); + }); + + it("disables file logging when imported in a browser-like environment", async () => { + const { module, resolvePreferredOpenClawTmpDir } = await importBrowserSafeLogger(); + + expect(module.getResolvedLoggerSettings()).toMatchObject({ + level: "silent", + file: "/tmp/openclaw/openclaw.log", + }); + expect(module.isFileLogLevelEnabled("info")).toBe(false); + expect(() => module.getLogger().info("browser-safe")).not.toThrow(); + expect(resolvePreferredOpenClawTmpDir).not.toHaveBeenCalled(); + }); +}); diff --git a/src/logging/logger.ts b/src/logging/logger.ts index 47e5624dc20..d73009fc696 100644 --- a/src/logging/logger.ts +++ b/src/logging/logger.ts @@ -3,7 +3,10 @@ import path from "node:path"; import { Logger as TsLogger } from "tslog"; import { getCommandPathWithRootOptions } from "../cli/argv.js"; import type { OpenClawConfig } from "../config/types.js"; -import { resolvePreferredOpenClawTmpDir } from "../infra/tmp-openclaw-dir.js"; +import { + POSIX_OPENCLAW_TMP_DIR, + resolvePreferredOpenClawTmpDir, +} from "../infra/tmp-openclaw-dir.js"; import { readLoggingConfig } from "./config.js"; import type { ConsoleStyle } from "./console.js"; import { resolveEnvLogLevelOverride } from "./env-log-level.js"; @@ -12,7 +15,27 @@ import { resolveNodeRequireFromMeta } from "./node-require.js"; import { loggingState } from "./state.js"; import { formatLocalIsoWithOffset } from "./timestamps.js"; -export const DEFAULT_LOG_DIR = resolvePreferredOpenClawTmpDir(); +type ProcessWithBuiltinModule = NodeJS.Process & { + getBuiltinModule?: (id: string) => unknown; +}; + +function canUseNodeFs(): boolean { + const getBuiltinModule = (process as ProcessWithBuiltinModule).getBuiltinModule; + if (typeof getBuiltinModule !== "function") { + return false; + } + try { + return getBuiltinModule("fs") !== undefined; + } catch { + return false; + } +} + +function resolveDefaultLogDir(): string { + return canUseNodeFs() ? resolvePreferredOpenClawTmpDir() : POSIX_OPENCLAW_TMP_DIR; +} + +export const DEFAULT_LOG_DIR = resolveDefaultLogDir(); export const DEFAULT_LOG_FILE = path.join(DEFAULT_LOG_DIR, "openclaw.log"); // legacy single-file path const LOG_PREFIX = "openclaw"; @@ -71,6 +94,14 @@ function canUseSilentVitestFileLogFastPath(envLevel: LogLevel | undefined): bool } function resolveSettings(): ResolvedSettings { + if (!canUseNodeFs()) { + return { + level: "silent", + file: DEFAULT_LOG_FILE, + maxFileBytes: DEFAULT_MAX_LOG_FILE_BYTES, + }; + } + const envLevel = resolveEnvLogLevelOverride(); // Test runs default file logs to silent. Skip config reads and fallback load in the // common case to avoid pulling heavy config/schema stacks on startup. diff --git a/src/media-understanding/apply.echo-transcript.test.ts b/src/media-understanding/apply.echo-transcript.test.ts index ae62d294989..6411ab0f48d 100644 --- a/src/media-understanding/apply.echo-transcript.test.ts +++ b/src/media-understanding/apply.echo-transcript.test.ts @@ -10,26 +10,28 @@ import { createSafeAudioFixtureBuffer } from "./runner.test-utils.js"; // Module mocks // --------------------------------------------------------------------------- -vi.mock("../agents/model-auth.js", () => ({ - resolveApiKeyForProvider: vi.fn(async () => ({ +type ResolveApiKeyForProvider = typeof import("../agents/model-auth.js").resolveApiKeyForProvider; + +const resolveApiKeyForProviderMock = vi.hoisted(() => + vi.fn(async () => ({ apiKey: "test-key", // pragma: allowlist secret source: "test", mode: "api-key", })), - requireApiKey: (auth: { apiKey?: string; mode?: string }, provider: string) => { - if (auth?.apiKey) { - return auth.apiKey; - } - throw new Error(`No API key resolved for provider "${provider}" (auth mode: ${auth?.mode}).`); - }, - resolveAwsSdkEnvVarName: vi.fn(() => undefined), - resolveEnvApiKey: vi.fn(() => null), - resolveModelAuthMode: vi.fn(() => "api-key"), - getApiKeyForModel: vi.fn(async () => ({ apiKey: "test-key", source: "test", mode: "api-key" })), - getCustomProviderApiKey: vi.fn(() => undefined), - ensureAuthProfileStore: vi.fn(async () => ({})), - resolveAuthProfileOrder: vi.fn(() => []), -})); +); +const hasAvailableAuthForProviderMock = vi.hoisted(() => + vi.fn(async (...args: Parameters) => { + const resolved = await resolveApiKeyForProviderMock(...args); + return Boolean(resolved?.apiKey); + }), +); +const getApiKeyForModelMock = vi.hoisted(() => + vi.fn(async () => ({ apiKey: "test-key", source: "test", mode: "api-key" })), +); +const fetchRemoteMediaMock = vi.hoisted(() => vi.fn()); +const runExecMock = vi.hoisted(() => vi.fn()); +const runCommandWithTimeoutMock = vi.hoisted(() => vi.fn()); +const mockDeliverOutboundPayloads = vi.hoisted(() => vi.fn()); const { MediaFetchErrorMock } = vi.hoisted(() => { class MediaFetchErrorMock extends Error { @@ -43,22 +45,6 @@ const { MediaFetchErrorMock } = vi.hoisted(() => { return { MediaFetchErrorMock }; }); -vi.mock("../media/fetch.js", () => ({ - fetchRemoteMedia: vi.fn(), - MediaFetchError: MediaFetchErrorMock, -})); - -vi.mock("../process/exec.js", () => ({ - runExec: vi.fn(), - runCommandWithTimeout: vi.fn(), -})); - -const mockDeliverOutboundPayloads = vi.fn(); - -vi.mock("../infra/outbound/deliver.js", () => ({ - deliverOutboundPayloads: (...args: unknown[]) => mockDeliverOutboundPayloads(...args), -})); - // --------------------------------------------------------------------------- // Helpers // --------------------------------------------------------------------------- @@ -145,6 +131,38 @@ function createAudioConfigWithoutEchoFlag() { describe("applyMediaUnderstanding – echo transcript", () => { beforeAll(async () => { + vi.resetModules(); + vi.doMock("../agents/model-auth.js", () => ({ + resolveApiKeyForProvider: resolveApiKeyForProviderMock, + hasAvailableAuthForProvider: hasAvailableAuthForProviderMock, + requireApiKey: (auth: { apiKey?: string; mode?: string }, provider: string) => { + if (auth?.apiKey) { + return auth.apiKey; + } + throw new Error( + `No API key resolved for provider "${provider}" (auth mode: ${auth?.mode}).`, + ); + }, + resolveAwsSdkEnvVarName: vi.fn(() => undefined), + resolveEnvApiKey: vi.fn(() => null), + resolveModelAuthMode: vi.fn(() => "api-key"), + getApiKeyForModel: getApiKeyForModelMock, + getCustomProviderApiKey: vi.fn(() => undefined), + ensureAuthProfileStore: vi.fn(async () => ({})), + resolveAuthProfileOrder: vi.fn(() => []), + })); + vi.doMock("../media/fetch.js", () => ({ + fetchRemoteMedia: fetchRemoteMediaMock, + MediaFetchError: MediaFetchErrorMock, + })); + vi.doMock("../process/exec.js", () => ({ + runExec: runExecMock, + runCommandWithTimeout: runCommandWithTimeoutMock, + })); + vi.doMock("../infra/outbound/deliver-runtime.js", () => ({ + deliverOutboundPayloads: (...args: unknown[]) => mockDeliverOutboundPayloads(...args), + })); + const baseDir = resolvePreferredOpenClawTmpDir(); await fs.mkdir(baseDir, { recursive: true }); suiteTempMediaRootDir = await fs.mkdtemp(path.join(baseDir, TEMP_MEDIA_PREFIX)); @@ -155,6 +173,12 @@ describe("applyMediaUnderstanding – echo transcript", () => { }); beforeEach(() => { + resolveApiKeyForProviderMock.mockClear(); + hasAvailableAuthForProviderMock.mockClear(); + getApiKeyForModelMock.mockClear(); + fetchRemoteMediaMock.mockClear(); + runExecMock.mockReset(); + runCommandWithTimeoutMock.mockReset(); mockDeliverOutboundPayloads.mockClear(); mockDeliverOutboundPayloads.mockResolvedValue([{ channel: "whatsapp", messageId: "echo-1" }]); clearMediaUnderstandingBinaryCacheForTests?.(); diff --git a/src/media-understanding/apply.test.ts b/src/media-understanding/apply.test.ts index 7058cef6bb1..b9fb809f2a0 100644 --- a/src/media-understanding/apply.test.ts +++ b/src/media-understanding/apply.test.ts @@ -2,51 +2,35 @@ import crypto from "node:crypto"; import fs from "node:fs/promises"; import path from "node:path"; import { afterAll, beforeAll, beforeEach, describe, expect, it, vi } from "vitest"; -import { resolveApiKeyForProvider } from "../agents/model-auth.js"; import type { MsgContext } from "../auto-reply/templating.js"; import type { OpenClawConfig } from "../config/config.js"; import { resolvePreferredOpenClawTmpDir } from "../infra/tmp-openclaw-dir.js"; -import { fetchRemoteMedia } from "../media/fetch.js"; -import { runExec } from "../process/exec.js"; import { withEnvAsync } from "../test-utils/env.js"; -import { clearMediaUnderstandingBinaryCacheForTests } from "./runner.js"; import { createSafeAudioFixtureBuffer } from "./runner.test-utils.js"; +type ResolveApiKeyForProvider = typeof import("../agents/model-auth.js").resolveApiKeyForProvider; + const resolveApiKeyForProviderMock = vi.hoisted(() => - vi.fn(async () => ({ + vi.fn(async () => ({ apiKey: "test-key", // pragma: allowlist secret source: "test", mode: "api-key", })), ); const hasAvailableAuthForProviderMock = vi.hoisted(() => - vi.fn(async (...args: Parameters) => { + vi.fn(async (...args: Parameters) => { const resolved = await resolveApiKeyForProviderMock(...args); return Boolean(resolved?.apiKey); }), ); - -vi.mock("../agents/model-auth.js", () => ({ - resolveApiKeyForProvider: resolveApiKeyForProviderMock, - hasAvailableAuthForProvider: hasAvailableAuthForProviderMock, - requireApiKey: (auth: { apiKey?: string; mode?: string }, provider: string) => { - if (auth?.apiKey) { - return auth.apiKey; - } - throw new Error(`No API key resolved for provider "${provider}" (auth mode: ${auth?.mode}).`); - }, -})); - -vi.mock("../media/fetch.js", () => ({ - fetchRemoteMedia: vi.fn(), -})); - -vi.mock("../process/exec.js", () => ({ - runExec: vi.fn(), -})); +const fetchRemoteMediaMock = vi.hoisted(() => vi.fn()); +const runExecMock = vi.hoisted(() => vi.fn()); let applyMediaUnderstanding: typeof import("./apply.js").applyMediaUnderstanding; -const mockedRunExec = vi.mocked(runExec); +let clearMediaUnderstandingBinaryCacheForTests: typeof import("./runner.js").clearMediaUnderstandingBinaryCacheForTests; +const mockedResolveApiKey = resolveApiKeyForProviderMock; +const mockedFetchRemoteMedia = fetchRemoteMediaMock; +const mockedRunExec = runExecMock; const TEMP_MEDIA_PREFIX = "openclaw-media-"; let suiteTempMediaRootDir = ""; @@ -241,14 +225,32 @@ function expectFileNotApplied(params: { } describe("applyMediaUnderstanding", () => { - const mockedResolveApiKey = vi.mocked(resolveApiKeyForProvider); - const mockedFetchRemoteMedia = vi.mocked(fetchRemoteMedia); - beforeAll(async () => { + vi.resetModules(); + vi.doMock("../agents/model-auth.js", () => ({ + resolveApiKeyForProvider: resolveApiKeyForProviderMock, + hasAvailableAuthForProvider: hasAvailableAuthForProviderMock, + requireApiKey: (auth: { apiKey?: string; mode?: string }, provider: string) => { + if (auth?.apiKey) { + return auth.apiKey; + } + throw new Error( + `No API key resolved for provider "${provider}" (auth mode: ${auth?.mode}).`, + ); + }, + })); + vi.doMock("../media/fetch.js", () => ({ + fetchRemoteMedia: fetchRemoteMediaMock, + })); + vi.doMock("../process/exec.js", () => ({ + runExec: runExecMock, + })); + ({ applyMediaUnderstanding } = await import("./apply.js")); + ({ clearMediaUnderstandingBinaryCacheForTests } = await import("./runner.js")); + const baseDir = resolvePreferredOpenClawTmpDir(); await fs.mkdir(baseDir, { recursive: true }); suiteTempMediaRootDir = await fs.mkdtemp(path.join(baseDir, TEMP_MEDIA_PREFIX)); - ({ applyMediaUnderstanding } = await import("./apply.js")); }); beforeEach(() => { diff --git a/src/media-understanding/providers/anthropic/index.ts b/src/media-understanding/providers/anthropic/index.ts deleted file mode 100644 index 35ae04a921e..00000000000 --- a/src/media-understanding/providers/anthropic/index.ts +++ /dev/null @@ -1,8 +0,0 @@ -import type { MediaUnderstandingProvider } from "../../types.js"; -import { describeImageWithModel } from "../image.js"; - -export const anthropicProvider: MediaUnderstandingProvider = { - id: "anthropic", - capabilities: ["image"], - describeImage: describeImageWithModel, -}; diff --git a/src/media-understanding/providers/google/audio.ts b/src/media-understanding/providers/google/audio.ts deleted file mode 100644 index 5173ad3f093..00000000000 --- a/src/media-understanding/providers/google/audio.ts +++ /dev/null @@ -1,21 +0,0 @@ -import type { AudioTranscriptionRequest, AudioTranscriptionResult } from "../../types.js"; -import { generateGeminiInlineDataText } from "./inline-data.js"; - -export const DEFAULT_GOOGLE_AUDIO_BASE_URL = "https://generativelanguage.googleapis.com/v1beta"; -const DEFAULT_GOOGLE_AUDIO_MODEL = "gemini-3-flash-preview"; -const DEFAULT_GOOGLE_AUDIO_PROMPT = "Transcribe the audio."; - -export async function transcribeGeminiAudio( - params: AudioTranscriptionRequest, -): Promise { - const { text, model } = await generateGeminiInlineDataText({ - ...params, - defaultBaseUrl: DEFAULT_GOOGLE_AUDIO_BASE_URL, - defaultModel: DEFAULT_GOOGLE_AUDIO_MODEL, - defaultPrompt: DEFAULT_GOOGLE_AUDIO_PROMPT, - defaultMime: "audio/wav", - httpErrorLabel: "Audio transcription failed", - missingTextError: "Audio transcription response missing text", - }); - return { text, model }; -} diff --git a/src/media-understanding/providers/google/index.ts b/src/media-understanding/providers/google/index.ts deleted file mode 100644 index 50674aac396..00000000000 --- a/src/media-understanding/providers/google/index.ts +++ /dev/null @@ -1,12 +0,0 @@ -import type { MediaUnderstandingProvider } from "../../types.js"; -import { describeImageWithModel } from "../image.js"; -import { transcribeGeminiAudio } from "./audio.js"; -import { describeGeminiVideo } from "./video.js"; - -export const googleProvider: MediaUnderstandingProvider = { - id: "google", - capabilities: ["image", "audio", "video"], - describeImage: describeImageWithModel, - transcribeAudio: transcribeGeminiAudio, - describeVideo: describeGeminiVideo, -}; diff --git a/src/media-understanding/providers/google/inline-data.ts b/src/media-understanding/providers/google/inline-data.ts deleted file mode 100644 index 18116a54bc2..00000000000 --- a/src/media-understanding/providers/google/inline-data.ts +++ /dev/null @@ -1,93 +0,0 @@ -import { normalizeGoogleModelId } from "../../../agents/model-id-normalization.js"; -import { parseGeminiAuth } from "../../../infra/gemini-auth.js"; -import { assertOkOrThrowHttpError, normalizeBaseUrl, postJsonRequest } from "../shared.js"; - -export async function generateGeminiInlineDataText(params: { - buffer: Buffer; - mime?: string; - apiKey: string; - baseUrl?: string; - headers?: Record; - model?: string; - prompt?: string; - timeoutMs: number; - fetchFn?: typeof fetch; - defaultBaseUrl: string; - defaultModel: string; - defaultPrompt: string; - defaultMime: string; - httpErrorLabel: string; - missingTextError: string; -}): Promise<{ text: string; model: string }> { - const fetchFn = params.fetchFn ?? fetch; - const baseUrl = normalizeBaseUrl(params.baseUrl, params.defaultBaseUrl); - const allowPrivate = Boolean(params.baseUrl?.trim()); - const model = (() => { - const trimmed = params.model?.trim(); - if (!trimmed) { - return params.defaultModel; - } - return normalizeGoogleModelId(trimmed); - })(); - const url = `${baseUrl}/models/${model}:generateContent`; - - const authHeaders = parseGeminiAuth(params.apiKey); - const headers = new Headers(params.headers); - for (const [key, value] of Object.entries(authHeaders.headers)) { - if (!headers.has(key)) { - headers.set(key, value); - } - } - - const prompt = (() => { - const trimmed = params.prompt?.trim(); - return trimmed || params.defaultPrompt; - })(); - - const body = { - contents: [ - { - role: "user", - parts: [ - { text: prompt }, - { - inline_data: { - mime_type: params.mime ?? params.defaultMime, - data: params.buffer.toString("base64"), - }, - }, - ], - }, - ], - }; - - const { response: res, release } = await postJsonRequest({ - url, - headers, - body, - timeoutMs: params.timeoutMs, - fetchFn, - allowPrivateNetwork: allowPrivate, - }); - - try { - await assertOkOrThrowHttpError(res, params.httpErrorLabel); - - const payload = (await res.json()) as { - candidates?: Array<{ - content?: { parts?: Array<{ text?: string }> }; - }>; - }; - const parts = payload.candidates?.[0]?.content?.parts ?? []; - const text = parts - .map((part) => part?.text?.trim()) - .filter(Boolean) - .join("\n"); - if (!text) { - throw new Error(params.missingTextError); - } - return { text, model }; - } finally { - await release(); - } -} diff --git a/src/media-understanding/providers/google/video.test.ts b/src/media-understanding/providers/google/video.test.ts index 772d01e2d70..c4307e4caad 100644 --- a/src/media-understanding/providers/google/video.test.ts +++ b/src/media-understanding/providers/google/video.test.ts @@ -1,8 +1,8 @@ import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; +import { describeGeminiVideo } from "../../../../extensions/google/media-understanding-provider.js"; import * as ssrf from "../../../infra/net/ssrf.js"; import { withFetchPreconnect } from "../../../test-utils/fetch-mock.js"; import { createRequestCaptureJsonFetch } from "../audio.test-helpers.js"; -import { describeGeminiVideo } from "./video.js"; const TEST_NET_IP = "203.0.113.10"; diff --git a/src/media-understanding/providers/google/video.ts b/src/media-understanding/providers/google/video.ts deleted file mode 100644 index edbeccf0288..00000000000 --- a/src/media-understanding/providers/google/video.ts +++ /dev/null @@ -1,21 +0,0 @@ -import type { VideoDescriptionRequest, VideoDescriptionResult } from "../../types.js"; -import { generateGeminiInlineDataText } from "./inline-data.js"; - -export const DEFAULT_GOOGLE_VIDEO_BASE_URL = "https://generativelanguage.googleapis.com/v1beta"; -const DEFAULT_GOOGLE_VIDEO_MODEL = "gemini-3-flash-preview"; -const DEFAULT_GOOGLE_VIDEO_PROMPT = "Describe the video."; - -export async function describeGeminiVideo( - params: VideoDescriptionRequest, -): Promise { - const { text, model } = await generateGeminiInlineDataText({ - ...params, - defaultBaseUrl: DEFAULT_GOOGLE_VIDEO_BASE_URL, - defaultModel: DEFAULT_GOOGLE_VIDEO_MODEL, - defaultPrompt: DEFAULT_GOOGLE_VIDEO_PROMPT, - defaultMime: "video/mp4", - httpErrorLabel: "Video description failed", - missingTextError: "Video description response missing text", - }); - return { text, model }; -} diff --git a/src/media-understanding/providers/groq/index.ts b/src/media-understanding/providers/groq/index.ts index 5f59e5702ab..0e4a2ec33e4 100644 --- a/src/media-understanding/providers/groq/index.ts +++ b/src/media-understanding/providers/groq/index.ts @@ -1,7 +1,8 @@ import type { MediaUnderstandingProvider } from "../../types.js"; -import { transcribeOpenAiCompatibleAudio } from "../openai/audio.js"; +import { transcribeOpenAiCompatibleAudio } from "../openai-compatible-audio.js"; const DEFAULT_GROQ_AUDIO_BASE_URL = "https://api.groq.com/openai/v1"; +const DEFAULT_GROQ_AUDIO_MODEL = "whisper-large-v3-turbo"; export const groqProvider: MediaUnderstandingProvider = { id: "groq", @@ -10,5 +11,7 @@ export const groqProvider: MediaUnderstandingProvider = { transcribeOpenAiCompatibleAudio({ ...req, baseUrl: req.baseUrl ?? DEFAULT_GROQ_AUDIO_BASE_URL, + defaultBaseUrl: DEFAULT_GROQ_AUDIO_BASE_URL, + defaultModel: DEFAULT_GROQ_AUDIO_MODEL, }), }; diff --git a/src/media-understanding/providers/image.test.ts b/src/media-understanding/providers/image.test.ts index 51c8739f43a..9044d8ba83d 100644 --- a/src/media-understanding/providers/image.test.ts +++ b/src/media-understanding/providers/image.test.ts @@ -8,45 +8,51 @@ const getApiKeyForModelMock = vi.fn(async () => ({ source: "test", mode: "oauth", })); +const resolveApiKeyForProviderMock = vi.fn(async () => ({ + apiKey: "oauth-test", // pragma: allowlist secret + source: "test", + mode: "oauth", +})); const requireApiKeyMock = vi.fn((auth: { apiKey?: string }) => auth.apiKey ?? ""); const setRuntimeApiKeyMock = vi.fn(); const discoverModelsMock = vi.fn(); +type ImageModule = typeof import("./image.js"); -vi.mock("@mariozechner/pi-ai", async (importOriginal) => { - const actual = await importOriginal(); - return { - ...actual, - complete: completeMock, - }; -}); - -vi.mock("../../agents/minimax-vlm.js", () => ({ - isMinimaxVlmProvider: (provider: string) => - provider === "minimax" || provider === "minimax-portal", - isMinimaxVlmModel: (provider: string, modelId: string) => - (provider === "minimax" || provider === "minimax-portal") && modelId === "MiniMax-VL-01", - minimaxUnderstandImage: minimaxUnderstandImageMock, -})); - -vi.mock("../../agents/models-config.js", () => ({ - ensureOpenClawModelsJson: ensureOpenClawModelsJsonMock, -})); - -vi.mock("../../agents/model-auth.js", () => ({ - getApiKeyForModel: getApiKeyForModelMock, - requireApiKey: requireApiKeyMock, -})); - -vi.mock("../../agents/pi-model-discovery-runtime.js", () => ({ - discoverAuthStorage: () => ({ - setRuntimeApiKey: setRuntimeApiKeyMock, - }), - discoverModels: discoverModelsMock, -})); +let describeImageWithModel: ImageModule["describeImageWithModel"]; describe("describeImageWithModel", () => { - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); vi.clearAllMocks(); + vi.doMock("@mariozechner/pi-ai", async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + complete: completeMock, + }; + }); + vi.doMock("../../agents/minimax-vlm.js", () => ({ + isMinimaxVlmProvider: (provider: string) => + provider === "minimax" || provider === "minimax-portal", + isMinimaxVlmModel: (provider: string, modelId: string) => + (provider === "minimax" || provider === "minimax-portal") && modelId === "MiniMax-VL-01", + minimaxUnderstandImage: minimaxUnderstandImageMock, + })); + vi.doMock("../../agents/models-config.js", () => ({ + ensureOpenClawModelsJson: ensureOpenClawModelsJsonMock, + })); + vi.doMock("../../agents/model-auth.js", () => ({ + getApiKeyForModel: getApiKeyForModelMock, + resolveApiKeyForProvider: resolveApiKeyForProviderMock, + requireApiKey: requireApiKeyMock, + })); + vi.doMock("../../agents/pi-model-discovery-runtime.js", () => ({ + discoverAuthStorage: () => ({ + setRuntimeApiKey: setRuntimeApiKeyMock, + }), + discoverModels: discoverModelsMock, + })); + ({ describeImageWithModel } = await import("./image.js")); minimaxUnderstandImageMock.mockResolvedValue("portal ok"); discoverModelsMock.mockReturnValue({ find: vi.fn(() => ({ @@ -59,8 +65,6 @@ describe("describeImageWithModel", () => { }); it("routes minimax-portal image models through the MiniMax VLM endpoint", async () => { - const { describeImageWithModel } = await import("./image.js"); - const result = await describeImageWithModel({ cfg: {}, agentDir: "/tmp/openclaw-agent", @@ -109,8 +113,6 @@ describe("describeImageWithModel", () => { content: [{ type: "text", text: "generic ok" }], }); - const { describeImageWithModel } = await import("./image.js"); - const result = await describeImageWithModel({ cfg: {}, agentDir: "/tmp/openclaw-agent", @@ -153,8 +155,6 @@ describe("describeImageWithModel", () => { content: [{ type: "text", text: "flash ok" }], }); - const { describeImageWithModel } = await import("./image.js"); - const result = await describeImageWithModel({ cfg: {}, agentDir: "/tmp/openclaw-agent", @@ -203,8 +203,6 @@ describe("describeImageWithModel", () => { content: [{ type: "text", text: "flash lite ok" }], }); - const { describeImageWithModel } = await import("./image.js"); - const result = await describeImageWithModel({ cfg: {}, agentDir: "/tmp/openclaw-agent", diff --git a/src/media-understanding/providers/image.ts b/src/media-understanding/providers/image.ts index 1511a7c9bb9..9d7dc67949b 100644 --- a/src/media-understanding/providers/image.ts +++ b/src/media-understanding/providers/image.ts @@ -1,11 +1,20 @@ import type { Api, Context, Model } from "@mariozechner/pi-ai"; import { complete } from "@mariozechner/pi-ai"; import { isMinimaxVlmModel, minimaxUnderstandImage } from "../../agents/minimax-vlm.js"; -import { getApiKeyForModel, requireApiKey } from "../../agents/model-auth.js"; +import { + getApiKeyForModel, + requireApiKey, + resolveApiKeyForProvider, +} from "../../agents/model-auth.js"; import { normalizeModelRef } from "../../agents/model-selection.js"; import { ensureOpenClawModelsJson } from "../../agents/models-config.js"; import { coerceImageAssistantText } from "../../agents/tools/image-tool.helpers.js"; -import type { ImageDescriptionRequest, ImageDescriptionResult } from "../types.js"; +import type { + ImageDescriptionRequest, + ImageDescriptionResult, + ImagesDescriptionRequest, + ImagesDescriptionResult, +} from "../types.js"; let piModelDiscoveryRuntimePromise: Promise< typeof import("../../agents/pi-model-discovery-runtime.js") @@ -16,14 +25,29 @@ function loadPiModelDiscoveryRuntime() { return piModelDiscoveryRuntimePromise; } -export async function describeImageWithModel( - params: ImageDescriptionRequest, -): Promise { +function resolveImageToolMaxTokens(modelMaxTokens: number | undefined, requestedMaxTokens = 4096) { + if ( + typeof modelMaxTokens !== "number" || + !Number.isFinite(modelMaxTokens) || + modelMaxTokens <= 0 + ) { + return requestedMaxTokens; + } + return Math.min(requestedMaxTokens, modelMaxTokens); +} + +async function resolveImageRuntime(params: { + cfg: ImageDescriptionRequest["cfg"]; + agentDir: string; + provider: string; + model: string; + profile?: string; + preferredProfile?: string; +}): Promise<{ apiKey: string; model: Model }> { await ensureOpenClawModelsJson(params.cfg, params.agentDir); const { discoverAuthStorage, discoverModels } = await loadPiModelDiscoveryRuntime(); const authStorage = discoverAuthStorage(params.agentDir); const modelRegistry = discoverModels(authStorage, params.agentDir); - // Keep direct media config entries compatible with deprecated provider model aliases. const resolvedRef = normalizeModelRef(params.provider, params.model); const model = modelRegistry.find(resolvedRef.provider, resolvedRef.model) as Model | null; if (!model) { @@ -41,33 +65,132 @@ export async function describeImageWithModel( }); const apiKey = requireApiKey(apiKeyInfo, model.provider); authStorage.setRuntimeApiKey(model.provider, apiKey); + return { apiKey, model }; +} - const base64 = params.buffer.toString("base64"); - if (isMinimaxVlmModel(model.provider, model.id)) { - const text = await minimaxUnderstandImage({ - apiKey, - prompt: params.prompt ?? "Describe the image.", - imageDataUrl: `data:${params.mime ?? "image/jpeg"};base64,${base64}`, - modelBaseUrl: model.baseUrl, - }); - return { text, model: model.id }; - } - - const context: Context = { +function buildImageContext( + prompt: string, + images: Array<{ buffer: Buffer; mime?: string }>, +): Context { + return { messages: [ { role: "user", content: [ - { type: "text", text: params.prompt ?? "Describe the image." }, - { type: "image", data: base64, mimeType: params.mime ?? "image/jpeg" }, + { type: "text", text: prompt }, + ...images.map((image) => ({ + type: "image" as const, + data: image.buffer.toString("base64"), + mimeType: image.mime ?? "image/jpeg", + })), ], timestamp: Date.now(), }, ], }; +} + +async function describeImagesWithMinimax(params: { + apiKey: string; + modelId: string; + modelBaseUrl?: string; + prompt: string; + images: Array<{ buffer: Buffer; mime?: string }>; +}): Promise { + const responses: string[] = []; + for (const [index, image] of params.images.entries()) { + const prompt = + params.images.length > 1 + ? `${params.prompt}\n\nDescribe image ${index + 1} of ${params.images.length} independently.` + : params.prompt; + const text = await minimaxUnderstandImage({ + apiKey: params.apiKey, + prompt, + imageDataUrl: `data:${image.mime ?? "image/jpeg"};base64,${image.buffer.toString("base64")}`, + modelBaseUrl: params.modelBaseUrl, + }); + responses.push(params.images.length > 1 ? `Image ${index + 1}:\n${text.trim()}` : text.trim()); + } + return { + text: responses.join("\n\n").trim(), + model: params.modelId, + }; +} + +function isUnknownModelError(err: unknown): boolean { + return err instanceof Error && /^Unknown model:/i.test(err.message); +} + +function resolveConfiguredProviderBaseUrl( + cfg: ImageDescriptionRequest["cfg"], + provider: string, +): string | undefined { + const direct = cfg.models?.providers?.[provider]; + if (typeof direct?.baseUrl === "string" && direct.baseUrl.trim()) { + return direct.baseUrl.trim(); + } + return undefined; +} + +async function resolveMinimaxVlmFallbackRuntime(params: { + cfg: ImageDescriptionRequest["cfg"]; + agentDir: string; + provider: string; + profile?: string; + preferredProfile?: string; +}): Promise<{ apiKey: string; modelBaseUrl?: string }> { + const auth = await resolveApiKeyForProvider({ + provider: params.provider, + cfg: params.cfg, + profileId: params.profile, + preferredProfile: params.preferredProfile, + agentDir: params.agentDir, + }); + return { + apiKey: requireApiKey(auth, params.provider), + modelBaseUrl: resolveConfiguredProviderBaseUrl(params.cfg, params.provider), + }; +} + +export async function describeImagesWithModel( + params: ImagesDescriptionRequest, +): Promise { + const prompt = params.prompt ?? "Describe the image."; + let apiKey: string; + let model: Model | undefined; + + try { + const resolved = await resolveImageRuntime(params); + apiKey = resolved.apiKey; + model = resolved.model; + } catch (err) { + if (!isMinimaxVlmModel(params.provider, params.model) || !isUnknownModelError(err)) { + throw err; + } + const fallback = await resolveMinimaxVlmFallbackRuntime(params); + return await describeImagesWithMinimax({ + apiKey: fallback.apiKey, + modelId: params.model, + modelBaseUrl: fallback.modelBaseUrl, + prompt, + images: params.images, + }); + } + + if (isMinimaxVlmModel(model.provider, model.id)) { + return await describeImagesWithMinimax({ + apiKey, + modelId: model.id, + modelBaseUrl: model.baseUrl, + prompt, + images: params.images, + }); + } + + const context = buildImageContext(prompt, params.images); const message = await complete(model, context, { apiKey, - maxTokens: params.maxTokens ?? 512, + maxTokens: resolveImageToolMaxTokens(model.maxTokens, params.maxTokens ?? 512), }); const text = coerceImageAssistantText({ message, @@ -76,3 +199,26 @@ export async function describeImageWithModel( }); return { text, model: model.id }; } + +export async function describeImageWithModel( + params: ImageDescriptionRequest, +): Promise { + return await describeImagesWithModel({ + images: [ + { + buffer: params.buffer, + fileName: params.fileName, + mime: params.mime, + }, + ], + model: params.model, + provider: params.provider, + prompt: params.prompt, + maxTokens: params.maxTokens, + timeoutMs: params.timeoutMs, + profile: params.profile, + preferredProfile: params.preferredProfile, + agentDir: params.agentDir, + cfg: params.cfg, + }); +} diff --git a/src/media-understanding/providers/index.test.ts b/src/media-understanding/providers/index.test.ts index 9294d44acd5..31bc041a608 100644 --- a/src/media-understanding/providers/index.test.ts +++ b/src/media-understanding/providers/index.test.ts @@ -1,35 +1,63 @@ -import { describe, expect, it } from "vitest"; +import { afterEach, describe, expect, it } from "vitest"; +import { createEmptyPluginRegistry } from "../../plugins/registry.js"; +import { setActivePluginRegistry } from "../../plugins/runtime.js"; import { buildMediaUnderstandingRegistry, getMediaUnderstandingProvider } from "./index.js"; describe("media-understanding provider registry", () => { - it("registers the Mistral provider", () => { - const registry = buildMediaUnderstandingRegistry(); - const provider = getMediaUnderstandingProvider("mistral", registry); - - expect(provider?.id).toBe("mistral"); - expect(provider?.capabilities).toEqual(["audio"]); + afterEach(() => { + setActivePluginRegistry(createEmptyPluginRegistry()); }); - it("keeps provider id normalization behavior", () => { + it("keeps core-owned fallback providers registered by default", () => { + const registry = buildMediaUnderstandingRegistry(); + const groqProvider = getMediaUnderstandingProvider("groq", registry); + const deepgramProvider = getMediaUnderstandingProvider("deepgram", registry); + + expect(groqProvider?.id).toBe("groq"); + expect(groqProvider?.capabilities).toEqual(["audio"]); + expect(deepgramProvider?.id).toBe("deepgram"); + expect(deepgramProvider?.capabilities).toEqual(["audio"]); + }); + + it("merges plugin-registered media providers into the active registry", async () => { + const pluginRegistry = createEmptyPluginRegistry(); + pluginRegistry.mediaUnderstandingProviders.push({ + pluginId: "google", + pluginName: "Google Plugin", + source: "test", + provider: { + id: "google", + capabilities: ["image", "audio", "video"], + describeImage: async () => ({ text: "plugin image" }), + transcribeAudio: async () => ({ text: "plugin audio" }), + describeVideo: async () => ({ text: "plugin video" }), + }, + }); + setActivePluginRegistry(pluginRegistry); + + const registry = buildMediaUnderstandingRegistry(); + const provider = getMediaUnderstandingProvider("gemini", registry); + + expect(provider?.id).toBe("google"); + expect(await provider?.describeVideo?.({} as never)).toEqual({ text: "plugin video" }); + }); + + it("keeps provider id normalization behavior for plugin-owned providers", () => { + const pluginRegistry = createEmptyPluginRegistry(); + pluginRegistry.mediaUnderstandingProviders.push({ + pluginId: "google", + pluginName: "Google Plugin", + source: "test", + provider: { + id: "google", + capabilities: ["image", "audio", "video"], + }, + }); + setActivePluginRegistry(pluginRegistry); + const registry = buildMediaUnderstandingRegistry(); const provider = getMediaUnderstandingProvider("gemini", registry); expect(provider?.id).toBe("google"); }); - - it("registers the Moonshot provider", () => { - const registry = buildMediaUnderstandingRegistry(); - const provider = getMediaUnderstandingProvider("moonshot", registry); - - expect(provider?.id).toBe("moonshot"); - expect(provider?.capabilities).toEqual(["image", "video"]); - }); - - it("registers the minimax portal provider", () => { - const registry = buildMediaUnderstandingRegistry(); - const provider = getMediaUnderstandingProvider("minimax-portal", registry); - - expect(provider?.id).toBe("minimax-portal"); - expect(provider?.capabilities).toEqual(["image"]); - }); }); diff --git a/src/media-understanding/providers/index.ts b/src/media-understanding/providers/index.ts index 0ceaa78fd80..521d55caee1 100644 --- a/src/media-understanding/providers/index.ts +++ b/src/media-understanding/providers/index.ts @@ -1,27 +1,28 @@ import { normalizeProviderId } from "../../agents/model-selection.js"; +import type { OpenClawConfig } from "../../config/config.js"; +import { loadOpenClawPlugins } from "../../plugins/loader.js"; +import { getActivePluginRegistry } from "../../plugins/runtime.js"; import type { MediaUnderstandingProvider } from "../types.js"; -import { anthropicProvider } from "./anthropic/index.js"; import { deepgramProvider } from "./deepgram/index.js"; -import { googleProvider } from "./google/index.js"; import { groqProvider } from "./groq/index.js"; -import { minimaxPortalProvider, minimaxProvider } from "./minimax/index.js"; -import { mistralProvider } from "./mistral/index.js"; -import { moonshotProvider } from "./moonshot/index.js"; -import { openaiProvider } from "./openai/index.js"; -import { zaiProvider } from "./zai/index.js"; -const PROVIDERS: MediaUnderstandingProvider[] = [ - groqProvider, - openaiProvider, - googleProvider, - anthropicProvider, - minimaxProvider, - minimaxPortalProvider, - moonshotProvider, - mistralProvider, - zaiProvider, - deepgramProvider, -]; +const PROVIDERS: MediaUnderstandingProvider[] = [groqProvider, deepgramProvider]; + +function mergeProviderIntoRegistry( + registry: Map, + provider: MediaUnderstandingProvider, +) { + const normalizedKey = normalizeMediaProviderId(provider.id); + const existing = registry.get(normalizedKey); + const merged = existing + ? { + ...existing, + ...provider, + capabilities: provider.capabilities ?? existing.capabilities, + } + : provider; + registry.set(normalizedKey, merged); +} export function normalizeMediaProviderId(id: string): string { const normalized = normalizeProviderId(id); @@ -33,10 +34,19 @@ export function normalizeMediaProviderId(id: string): string { export function buildMediaUnderstandingRegistry( overrides?: Record, + cfg?: OpenClawConfig, ): Map { const registry = new Map(); for (const provider of PROVIDERS) { - registry.set(normalizeMediaProviderId(provider.id), provider); + mergeProviderIntoRegistry(registry, provider); + } + const active = getActivePluginRegistry(); + const pluginRegistry = + (active?.mediaUnderstandingProviders?.length ?? 0) > 0 + ? active + : loadOpenClawPlugins({ config: cfg }); + for (const entry of pluginRegistry?.mediaUnderstandingProviders ?? []) { + mergeProviderIntoRegistry(registry, entry.provider); } if (overrides) { for (const [key, provider] of Object.entries(overrides)) { diff --git a/src/media-understanding/providers/minimax/index.ts b/src/media-understanding/providers/minimax/index.ts deleted file mode 100644 index c9a7936f4d3..00000000000 --- a/src/media-understanding/providers/minimax/index.ts +++ /dev/null @@ -1,14 +0,0 @@ -import type { MediaUnderstandingProvider } from "../../types.js"; -import { describeImageWithModel } from "../image.js"; - -export const minimaxProvider: MediaUnderstandingProvider = { - id: "minimax", - capabilities: ["image"], - describeImage: describeImageWithModel, -}; - -export const minimaxPortalProvider: MediaUnderstandingProvider = { - id: "minimax-portal", - capabilities: ["image"], - describeImage: describeImageWithModel, -}; diff --git a/src/media-understanding/providers/mistral/index.test.ts b/src/media-understanding/providers/mistral/index.test.ts index b368e516667..1afa3bd9265 100644 --- a/src/media-understanding/providers/mistral/index.test.ts +++ b/src/media-understanding/providers/mistral/index.test.ts @@ -1,23 +1,23 @@ import { describe, expect, it } from "vitest"; +import { mistralMediaUnderstandingProvider } from "../../../../extensions/mistral/media-understanding-provider.js"; import { createRequestCaptureJsonFetch, installPinnedHostnameTestHooks, } from "../audio.test-helpers.js"; -import { mistralProvider } from "./index.js"; installPinnedHostnameTestHooks(); -describe("mistralProvider", () => { +describe("mistralMediaUnderstandingProvider", () => { it("has expected provider metadata", () => { - expect(mistralProvider.id).toBe("mistral"); - expect(mistralProvider.capabilities).toEqual(["audio"]); - expect(mistralProvider.transcribeAudio).toBeDefined(); + expect(mistralMediaUnderstandingProvider.id).toBe("mistral"); + expect(mistralMediaUnderstandingProvider.capabilities).toEqual(["audio"]); + expect(mistralMediaUnderstandingProvider.transcribeAudio).toBeDefined(); }); it("uses Mistral base URL by default", async () => { const { fetchFn, getRequest } = createRequestCaptureJsonFetch({ text: "bonjour" }); - const result = await mistralProvider.transcribeAudio!({ + const result = await mistralMediaUnderstandingProvider.transcribeAudio!({ buffer: Buffer.from("audio-bytes"), fileName: "voice.ogg", apiKey: "test-mistral-key", // pragma: allowlist secret @@ -32,7 +32,7 @@ describe("mistralProvider", () => { it("allows overriding baseUrl", async () => { const { fetchFn, getRequest } = createRequestCaptureJsonFetch({ text: "ok" }); - await mistralProvider.transcribeAudio!({ + await mistralMediaUnderstandingProvider.transcribeAudio!({ buffer: Buffer.from("audio"), fileName: "note.mp3", apiKey: "key", // pragma: allowlist secret diff --git a/src/media-understanding/providers/mistral/index.ts b/src/media-understanding/providers/mistral/index.ts deleted file mode 100644 index ae146d84c80..00000000000 --- a/src/media-understanding/providers/mistral/index.ts +++ /dev/null @@ -1,14 +0,0 @@ -import type { MediaUnderstandingProvider } from "../../types.js"; -import { transcribeOpenAiCompatibleAudio } from "../openai/audio.js"; - -const DEFAULT_MISTRAL_AUDIO_BASE_URL = "https://api.mistral.ai/v1"; - -export const mistralProvider: MediaUnderstandingProvider = { - id: "mistral", - capabilities: ["audio"], - transcribeAudio: (req) => - transcribeOpenAiCompatibleAudio({ - ...req, - baseUrl: req.baseUrl ?? DEFAULT_MISTRAL_AUDIO_BASE_URL, - }), -}; diff --git a/src/media-understanding/providers/moonshot/index.ts b/src/media-understanding/providers/moonshot/index.ts deleted file mode 100644 index 78a525129dc..00000000000 --- a/src/media-understanding/providers/moonshot/index.ts +++ /dev/null @@ -1,10 +0,0 @@ -import type { MediaUnderstandingProvider } from "../../types.js"; -import { describeImageWithModel } from "../image.js"; -import { describeMoonshotVideo } from "./video.js"; - -export const moonshotProvider: MediaUnderstandingProvider = { - id: "moonshot", - capabilities: ["image", "video"], - describeImage: describeImageWithModel, - describeVideo: describeMoonshotVideo, -}; diff --git a/src/media-understanding/providers/moonshot/video.test.ts b/src/media-understanding/providers/moonshot/video.test.ts index f6ffb1ca957..0306e7927ca 100644 --- a/src/media-understanding/providers/moonshot/video.test.ts +++ b/src/media-understanding/providers/moonshot/video.test.ts @@ -1,9 +1,9 @@ import { describe, expect, it } from "vitest"; +import { describeMoonshotVideo } from "../../../../extensions/moonshot/media-understanding-provider.js"; import { createRequestCaptureJsonFetch, installPinnedHostnameTestHooks, } from "../audio.test-helpers.js"; -import { describeMoonshotVideo } from "./video.js"; installPinnedHostnameTestHooks(); diff --git a/src/media-understanding/providers/openai/audio.ts b/src/media-understanding/providers/openai-compatible-audio.ts similarity index 78% rename from src/media-understanding/providers/openai/audio.ts rename to src/media-understanding/providers/openai-compatible-audio.ts index 26db4b0c201..669f8ddc873 100644 --- a/src/media-understanding/providers/openai/audio.ts +++ b/src/media-understanding/providers/openai-compatible-audio.ts @@ -1,29 +1,31 @@ import path from "node:path"; -import type { AudioTranscriptionRequest, AudioTranscriptionResult } from "../../types.js"; +import type { AudioTranscriptionRequest, AudioTranscriptionResult } from "../types.js"; import { assertOkOrThrowHttpError, normalizeBaseUrl, postTranscriptionRequest, requireTranscriptionText, -} from "../shared.js"; +} from "./shared.js"; -export const DEFAULT_OPENAI_AUDIO_BASE_URL = "https://api.openai.com/v1"; -const DEFAULT_OPENAI_AUDIO_MODEL = "gpt-4o-mini-transcribe"; +type OpenAiCompatibleAudioParams = AudioTranscriptionRequest & { + defaultBaseUrl: string; + defaultModel: string; +}; -function resolveModel(model?: string): string { +function resolveModel(model: string | undefined, fallback: string): string { const trimmed = model?.trim(); - return trimmed || DEFAULT_OPENAI_AUDIO_MODEL; + return trimmed || fallback; } export async function transcribeOpenAiCompatibleAudio( - params: AudioTranscriptionRequest, + params: OpenAiCompatibleAudioParams, ): Promise { const fetchFn = params.fetchFn ?? fetch; - const baseUrl = normalizeBaseUrl(params.baseUrl, DEFAULT_OPENAI_AUDIO_BASE_URL); + const baseUrl = normalizeBaseUrl(params.baseUrl, params.defaultBaseUrl); const allowPrivate = Boolean(params.baseUrl?.trim()); const url = `${baseUrl}/audio/transcriptions`; - const model = resolveModel(params.model); + const model = resolveModel(params.model, params.defaultModel); const form = new FormData(); const fileName = params.fileName?.trim() || path.basename(params.fileName) || "audio"; const bytes = new Uint8Array(params.buffer); diff --git a/src/media-understanding/providers/openai/audio.test.ts b/src/media-understanding/providers/openai/audio.test.ts index aeafb6f2ae8..06366a4c3cc 100644 --- a/src/media-understanding/providers/openai/audio.test.ts +++ b/src/media-understanding/providers/openai/audio.test.ts @@ -1,18 +1,18 @@ import { describe, expect, it } from "vitest"; +import { transcribeOpenAiAudio } from "../../../../extensions/openai/media-understanding-provider.js"; import { createAuthCaptureJsonFetch, createRequestCaptureJsonFetch, installPinnedHostnameTestHooks, } from "../audio.test-helpers.js"; -import { transcribeOpenAiCompatibleAudio } from "./audio.js"; installPinnedHostnameTestHooks(); -describe("transcribeOpenAiCompatibleAudio", () => { +describe("transcribeOpenAiAudio", () => { it("respects lowercase authorization header overrides", async () => { const { fetchFn, getAuthHeader } = createAuthCaptureJsonFetch({ text: "ok" }); - const result = await transcribeOpenAiCompatibleAudio({ + const result = await transcribeOpenAiAudio({ buffer: Buffer.from("audio"), fileName: "note.mp3", apiKey: "test-key", @@ -28,7 +28,7 @@ describe("transcribeOpenAiCompatibleAudio", () => { it("builds the expected request payload", async () => { const { fetchFn, getRequest } = createRequestCaptureJsonFetch({ text: "hello" }); - const result = await transcribeOpenAiCompatibleAudio({ + const result = await transcribeOpenAiAudio({ buffer: Buffer.from("audio-bytes"), fileName: "voice.wav", apiKey: "test-key", @@ -72,7 +72,7 @@ describe("transcribeOpenAiCompatibleAudio", () => { const { fetchFn } = createRequestCaptureJsonFetch({}); await expect( - transcribeOpenAiCompatibleAudio({ + transcribeOpenAiAudio({ buffer: Buffer.from("audio-bytes"), fileName: "voice.wav", apiKey: "test-key", diff --git a/src/media-understanding/providers/openai/index.ts b/src/media-understanding/providers/openai/index.ts deleted file mode 100644 index 24d01964562..00000000000 --- a/src/media-understanding/providers/openai/index.ts +++ /dev/null @@ -1,10 +0,0 @@ -import type { MediaUnderstandingProvider } from "../../types.js"; -import { describeImageWithModel } from "../image.js"; -import { transcribeOpenAiCompatibleAudio } from "./audio.js"; - -export const openaiProvider: MediaUnderstandingProvider = { - id: "openai", - capabilities: ["image", "audio"], - describeImage: describeImageWithModel, - transcribeAudio: transcribeOpenAiCompatibleAudio, -}; diff --git a/src/media-understanding/providers/zai/index.ts b/src/media-understanding/providers/zai/index.ts deleted file mode 100644 index 337ea0a6853..00000000000 --- a/src/media-understanding/providers/zai/index.ts +++ /dev/null @@ -1,8 +0,0 @@ -import type { MediaUnderstandingProvider } from "../../types.js"; -import { describeImageWithModel } from "../image.js"; - -export const zaiProvider: MediaUnderstandingProvider = { - id: "zai", - capabilities: ["image"], - describeImage: describeImageWithModel, -}; diff --git a/src/media-understanding/runner.ts b/src/media-understanding/runner.ts index a04cc6420fa..807edb45c22 100644 --- a/src/media-understanding/runner.ts +++ b/src/media-understanding/runner.ts @@ -75,8 +75,9 @@ export type RunCapabilityResult = { export function buildProviderRegistry( overrides?: Record, + cfg?: OpenClawConfig, ): ProviderRegistry { - return buildMediaUnderstandingRegistry(overrides); + return buildMediaUnderstandingRegistry(overrides, cfg); } export function normalizeMediaAttachments(ctx: MsgContext): MediaAttachment[] { diff --git a/src/media-understanding/runtime.test.ts b/src/media-understanding/runtime.test.ts new file mode 100644 index 00000000000..e15648a57fd --- /dev/null +++ b/src/media-understanding/runtime.test.ts @@ -0,0 +1,92 @@ +import fs from "node:fs/promises"; +import os from "node:os"; +import path from "node:path"; +import { afterEach, describe, expect, it } from "vitest"; +import type { OpenClawConfig } from "../config/config.js"; +import { createEmptyPluginRegistry } from "../plugins/registry.js"; +import { setActivePluginRegistry } from "../plugins/runtime.js"; +import { describeImageFile, runMediaUnderstandingFile } from "./runtime.js"; + +describe("media-understanding runtime helpers", () => { + afterEach(() => { + setActivePluginRegistry(createEmptyPluginRegistry()); + }); + + it("describes images through the active media-understanding registry", async () => { + const tempDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-media-runtime-")); + const imagePath = path.join(tempDir, "sample.jpg"); + await fs.writeFile(imagePath, Buffer.from("image-bytes")); + + const pluginRegistry = createEmptyPluginRegistry(); + pluginRegistry.mediaUnderstandingProviders.push({ + pluginId: "vision-plugin", + pluginName: "Vision Plugin", + source: "test", + provider: { + id: "vision-plugin", + capabilities: ["image"], + describeImage: async () => ({ text: "image ok", model: "vision-v1" }), + }, + }); + setActivePluginRegistry(pluginRegistry); + + const cfg = { + tools: { + media: { + image: { + models: [{ provider: "vision-plugin", model: "vision-v1" }], + }, + }, + }, + } as OpenClawConfig; + + const result = await describeImageFile({ + filePath: imagePath, + mime: "image/jpeg", + cfg, + agentDir: "/tmp/agent", + }); + + expect(result).toEqual({ + text: "image ok", + provider: "vision-plugin", + model: "vision-v1", + output: { + kind: "image.description", + attachmentIndex: 0, + text: "image ok", + provider: "vision-plugin", + model: "vision-v1", + }, + }); + }); + + it("returns undefined when no media output is produced", async () => { + const tempDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-media-runtime-")); + const imagePath = path.join(tempDir, "sample.jpg"); + await fs.writeFile(imagePath, Buffer.from("image-bytes")); + + const result = await runMediaUnderstandingFile({ + capability: "image", + filePath: imagePath, + mime: "image/jpeg", + cfg: { + tools: { + media: { + image: { + enabled: false, + }, + }, + }, + } as OpenClawConfig, + agentDir: "/tmp/agent", + }); + + expect(result).toEqual({ + text: undefined, + provider: undefined, + model: undefined, + output: undefined, + }); + }); +}); diff --git a/src/media-understanding/runtime.ts b/src/media-understanding/runtime.ts new file mode 100644 index 00000000000..74f125135dd --- /dev/null +++ b/src/media-understanding/runtime.ts @@ -0,0 +1,146 @@ +import fs from "node:fs/promises"; +import path from "node:path"; +import type { MsgContext } from "../auto-reply/templating.js"; +import type { OpenClawConfig } from "../config/config.js"; +import { getMediaUnderstandingProvider } from "./providers/index.js"; +import { + buildProviderRegistry, + createMediaAttachmentCache, + normalizeMediaAttachments, + runCapability, + type ActiveMediaModel, +} from "./runner.js"; +import type { MediaUnderstandingCapability, MediaUnderstandingOutput } from "./types.js"; + +const KIND_BY_CAPABILITY: Record = { + audio: "audio.transcription", + image: "image.description", + video: "video.description", +}; + +export type RunMediaUnderstandingFileParams = { + capability: MediaUnderstandingCapability; + filePath: string; + cfg: OpenClawConfig; + agentDir?: string; + mime?: string; + activeModel?: ActiveMediaModel; +}; + +export type RunMediaUnderstandingFileResult = { + text: string | undefined; + provider?: string; + model?: string; + output?: MediaUnderstandingOutput; +}; + +function buildFileContext(params: { filePath: string; mime?: string }): MsgContext { + return { + MediaPath: params.filePath, + MediaType: params.mime, + }; +} + +export async function runMediaUnderstandingFile( + params: RunMediaUnderstandingFileParams, +): Promise { + const ctx = buildFileContext(params); + const attachments = normalizeMediaAttachments(ctx); + if (attachments.length === 0) { + return { text: undefined }; + } + + const providerRegistry = buildProviderRegistry(undefined, params.cfg); + const cache = createMediaAttachmentCache(attachments, { + localPathRoots: [path.dirname(params.filePath)], + }); + + try { + const result = await runCapability({ + capability: params.capability, + cfg: params.cfg, + ctx, + attachments: cache, + media: attachments, + agentDir: params.agentDir, + providerRegistry, + config: params.cfg.tools?.media?.[params.capability], + activeModel: params.activeModel, + }); + const output = result.outputs.find( + (entry) => entry.kind === KIND_BY_CAPABILITY[params.capability], + ); + const text = output?.text?.trim(); + return { + text: text || undefined, + provider: output?.provider, + model: output?.model, + output, + }; + } finally { + await cache.cleanup(); + } +} + +export async function describeImageFile(params: { + filePath: string; + cfg: OpenClawConfig; + agentDir?: string; + mime?: string; + activeModel?: ActiveMediaModel; +}): Promise { + return await runMediaUnderstandingFile({ ...params, capability: "image" }); +} + +export async function describeImageFileWithModel(params: { + filePath: string; + cfg: OpenClawConfig; + agentDir?: string; + mime?: string; + provider: string; + model: string; + prompt: string; + maxTokens?: number; + timeoutMs?: number; +}) { + const timeoutMs = params.timeoutMs ?? 30_000; + const providerRegistry = buildProviderRegistry(undefined, params.cfg); + const provider = getMediaUnderstandingProvider(params.provider, providerRegistry); + if (!provider?.describeImage) { + throw new Error(`Provider does not support image analysis: ${params.provider}`); + } + const buffer = await fs.readFile(params.filePath); + return await provider.describeImage({ + buffer, + fileName: path.basename(params.filePath), + mime: params.mime, + provider: params.provider, + model: params.model, + prompt: params.prompt, + maxTokens: params.maxTokens, + timeoutMs, + cfg: params.cfg, + agentDir: params.agentDir ?? "", + }); +} + +export async function describeVideoFile(params: { + filePath: string; + cfg: OpenClawConfig; + agentDir?: string; + mime?: string; + activeModel?: ActiveMediaModel; +}): Promise { + return await runMediaUnderstandingFile({ ...params, capability: "video" }); +} + +export async function transcribeAudioFile(params: { + filePath: string; + cfg: OpenClawConfig; + agentDir?: string; + mime?: string; + activeModel?: ActiveMediaModel; +}): Promise<{ text: string | undefined }> { + const result = await runMediaUnderstandingFile({ ...params, capability: "audio" }); + return { text: result.text }; +} diff --git a/src/media-understanding/transcribe-audio.test.ts b/src/media-understanding/transcribe-audio.test.ts index 8e76cb2b9d7..3ecddc60ce3 100644 --- a/src/media-understanding/transcribe-audio.test.ts +++ b/src/media-understanding/transcribe-audio.test.ts @@ -1,13 +1,13 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; import type { OpenClawConfig } from "../config/config.js"; -const { runAudioTranscription } = vi.hoisted(() => { - const runAudioTranscription = vi.fn(); - return { runAudioTranscription }; +const { transcribeAudioFileFromRuntime } = vi.hoisted(() => { + const transcribeAudioFileFromRuntime = vi.fn(); + return { transcribeAudioFileFromRuntime }; }); -vi.mock("./audio-transcription-runner.js", () => ({ - runAudioTranscription, +vi.mock("./runtime.js", () => ({ + transcribeAudioFile: transcribeAudioFileFromRuntime, })); import { transcribeAudioFile } from "./transcribe-audio.js"; @@ -17,27 +17,23 @@ describe("transcribeAudioFile", () => { vi.clearAllMocks(); }); - it("does not force audio/wav when mime is omitted", async () => { - runAudioTranscription.mockResolvedValue({ transcript: "hello", attachments: [] }); + it("forwards file transcription requests to the shared runtime helper", async () => { + transcribeAudioFileFromRuntime.mockResolvedValue({ text: "hello" }); const result = await transcribeAudioFile({ filePath: "/tmp/note.mp3", cfg: {} as OpenClawConfig, }); - expect(runAudioTranscription).toHaveBeenCalledWith({ - ctx: { - MediaPath: "/tmp/note.mp3", - MediaType: undefined, - }, + expect(transcribeAudioFileFromRuntime).toHaveBeenCalledWith({ + filePath: "/tmp/note.mp3", cfg: {} as OpenClawConfig, - agentDir: undefined, }); expect(result).toEqual({ text: "hello" }); }); - it("returns undefined when helper returns no transcript", async () => { - runAudioTranscription.mockResolvedValue({ transcript: undefined, attachments: [] }); + it("returns undefined when the runtime helper returns no transcript", async () => { + transcribeAudioFileFromRuntime.mockResolvedValue({ text: undefined }); const result = await transcribeAudioFile({ filePath: "/tmp/missing.wav", @@ -51,7 +47,7 @@ describe("transcribeAudioFile", () => { const cfg = { tools: { media: { audio: { timeoutSeconds: 10 } } }, } as unknown as OpenClawConfig; - runAudioTranscription.mockRejectedValue(new Error("boom")); + transcribeAudioFileFromRuntime.mockRejectedValue(new Error("boom")); await expect( transcribeAudioFile({ diff --git a/src/media-understanding/transcribe-audio.ts b/src/media-understanding/transcribe-audio.ts index b2840c80ea3..c0d567b9e83 100644 --- a/src/media-understanding/transcribe-audio.ts +++ b/src/media-understanding/transcribe-audio.ts @@ -1,29 +1 @@ -import type { OpenClawConfig } from "../config/config.js"; -import { runAudioTranscription } from "./audio-transcription-runner.js"; - -/** - * Transcribe an audio file using the configured media-understanding provider. - * - * Reads provider/model/apiKey from `tools.media.audio` in the openclaw config, - * falling back through configured models until one succeeds. - * - * This is the runtime-exposed entry point for external plugins (e.g. marmot) - * that need STT without importing internal media-understanding modules directly. - */ -export async function transcribeAudioFile(params: { - filePath: string; - cfg: OpenClawConfig; - agentDir?: string; - mime?: string; -}): Promise<{ text: string | undefined }> { - const ctx = { - MediaPath: params.filePath, - MediaType: params.mime, - }; - const { transcript } = await runAudioTranscription({ - ctx, - cfg: params.cfg, - agentDir: params.agentDir, - }); - return { text: transcript }; -} +export { transcribeAudioFile } from "./runtime.js"; diff --git a/src/media-understanding/types.ts b/src/media-understanding/types.ts index 60c425626de..36c467e105f 100644 --- a/src/media-understanding/types.ts +++ b/src/media-understanding/types.ts @@ -90,6 +90,25 @@ export type ImageDescriptionRequest = { buffer: Buffer; fileName: string; mime?: string; + prompt?: string; + maxTokens?: number; + timeoutMs: number; + profile?: string; + preferredProfile?: string; + agentDir: string; + cfg: import("../config/config.js").OpenClawConfig; + model: string; + provider: string; +}; + +export type ImagesDescriptionInput = { + buffer: Buffer; + fileName: string; + mime?: string; +}; + +export type ImagesDescriptionRequest = { + images: ImagesDescriptionInput[]; model: string; provider: string; prompt?: string; @@ -106,10 +125,16 @@ export type ImageDescriptionResult = { model?: string; }; +export type ImagesDescriptionResult = { + text: string; + model?: string; +}; + export type MediaUnderstandingProvider = { id: string; capabilities?: MediaUnderstandingCapability[]; transcribeAudio?: (req: AudioTranscriptionRequest) => Promise; describeVideo?: (req: VideoDescriptionRequest) => Promise; describeImage?: (req: ImageDescriptionRequest) => Promise; + describeImages?: (req: ImagesDescriptionRequest) => Promise; }; diff --git a/src/media/fetch.telegram-network.test.ts b/src/media/fetch.telegram-network.test.ts index d7a4d8e217d..faf16314d98 100644 --- a/src/media/fetch.telegram-network.test.ts +++ b/src/media/fetch.telegram-network.test.ts @@ -1,9 +1,4 @@ -import { afterEach, describe, expect, it, vi } from "vitest"; -import { - resolveTelegramTransport, - shouldRetryTelegramIpv4Fallback, -} from "../../extensions/telegram/src/fetch.js"; -import { fetchRemoteMedia } from "./fetch.js"; +import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; const undiciMocks = vi.hoisted(() => { const createDispatcherCtor = | string>() => @@ -26,9 +21,20 @@ vi.mock("undici", () => ({ fetch: undiciMocks.fetch, })); +let resolveTelegramTransport: typeof import("../../extensions/telegram/src/fetch.js").resolveTelegramTransport; +let shouldRetryTelegramTransportFallback: typeof import("../../extensions/telegram/src/fetch.js").shouldRetryTelegramTransportFallback; +let fetchRemoteMedia: typeof import("./fetch.js").fetchRemoteMedia; + describe("fetchRemoteMedia telegram network policy", () => { type LookupFn = NonNullable[0]["lookupFn"]>; + beforeEach(async () => { + vi.resetModules(); + ({ resolveTelegramTransport, shouldRetryTelegramTransportFallback } = + await import("../../extensions/telegram/src/fetch.js")); + ({ fetchRemoteMedia } = await import("./fetch.js")); + }); + function createTelegramFetchFailedError(code: string): Error { return Object.assign(new TypeError("fetch failed"), { cause: { code }, @@ -64,7 +70,7 @@ describe("fetchRemoteMedia telegram network policy", () => { await fetchRemoteMedia({ url: "https://api.telegram.org/file/bottok/photos/1.jpg", fetchImpl: telegramTransport.sourceFetch, - dispatcherPolicy: telegramTransport.pinnedDispatcherPolicy, + dispatcherAttempts: telegramTransport.dispatcherAttempts, lookupFn, maxBytes: 1024, ssrfPolicy: { @@ -114,7 +120,7 @@ describe("fetchRemoteMedia telegram network policy", () => { await fetchRemoteMedia({ url: "https://api.telegram.org/file/bottok/files/1.pdf", fetchImpl: telegramTransport.sourceFetch, - dispatcherPolicy: telegramTransport.pinnedDispatcherPolicy, + dispatcherAttempts: telegramTransport.dispatcherAttempts, lookupFn, maxBytes: 1024, ssrfPolicy: { @@ -161,9 +167,8 @@ describe("fetchRemoteMedia telegram network policy", () => { await fetchRemoteMedia({ url: "https://api.telegram.org/file/bottok/photos/2.jpg", fetchImpl: telegramTransport.sourceFetch, - dispatcherPolicy: telegramTransport.pinnedDispatcherPolicy, - fallbackDispatcherPolicy: telegramTransport.fallbackPinnedDispatcherPolicy, - shouldRetryFetchError: shouldRetryTelegramIpv4Fallback, + dispatcherAttempts: telegramTransport.dispatcherAttempts, + shouldRetryFetchError: shouldRetryTelegramTransportFallback, lookupFn, maxBytes: 1024, ssrfPolicy: { @@ -208,14 +213,83 @@ describe("fetchRemoteMedia telegram network policy", () => { ); }); - it("preserves both primary and fallback errors when Telegram media retry fails twice", async () => { + it("retries Telegram file downloads with pinned Telegram IP after IPv4 fallback fails", async () => { + const lookupFn = vi.fn(async () => [ + { address: "149.154.167.221", family: 4 }, + { address: "2001:67c:4e8:f004::9", family: 6 }, + ]) as unknown as LookupFn; + undiciMocks.fetch + .mockRejectedValueOnce(createTelegramFetchFailedError("EHOSTUNREACH")) + .mockRejectedValueOnce(createTelegramFetchFailedError("ETIMEDOUT")) + .mockResolvedValueOnce( + new Response(new Uint8Array([0xff, 0xd8, 0xff, 0x00]), { + status: 200, + headers: { "content-type": "image/jpeg" }, + }), + ); + + const telegramTransport = resolveTelegramTransport(undefined, { + network: { + autoSelectFamily: true, + dnsResultOrder: "ipv4first", + }, + }); + + await fetchRemoteMedia({ + url: "https://api.telegram.org/file/bottok/photos/3.jpg", + fetchImpl: telegramTransport.sourceFetch, + dispatcherAttempts: telegramTransport.dispatcherAttempts, + shouldRetryFetchError: shouldRetryTelegramTransportFallback, + lookupFn, + maxBytes: 1024, + ssrfPolicy: { + allowedHostnames: ["api.telegram.org"], + allowRfc2544BenchmarkRange: true, + }, + }); + + const thirdInit = undiciMocks.fetch.mock.calls[2]?.[1] as + | (RequestInit & { + dispatcher?: { + options?: { + connect?: Record; + }; + }; + }) + | undefined; + const callback = vi.fn(); + ( + thirdInit?.dispatcher?.options?.connect?.lookup as + | (( + hostname: string, + callback: (err: null, address: string, family: number) => void, + ) => void) + | undefined + )?.("api.telegram.org", callback); + + expect(undiciMocks.fetch).toHaveBeenCalledTimes(3); + expect(thirdInit?.dispatcher?.options?.connect).toEqual( + expect.objectContaining({ + family: 4, + autoSelectFamily: false, + lookup: expect.any(Function), + }), + ); + expect(callback).toHaveBeenCalledWith(null, "149.154.167.220", 4); + }); + + it("preserves both primary and final fallback errors when Telegram media retry chain fails", async () => { const lookupFn = vi.fn(async () => [ { address: "149.154.167.220", family: 4 }, { address: "2001:67c:4e8:f004::9", family: 6 }, ]) as unknown as LookupFn; const primaryError = createTelegramFetchFailedError("EHOSTUNREACH"); + const ipv4Error = createTelegramFetchFailedError("ETIMEDOUT"); const fallbackError = createTelegramFetchFailedError("ETIMEDOUT"); - undiciMocks.fetch.mockRejectedValueOnce(primaryError).mockRejectedValueOnce(fallbackError); + undiciMocks.fetch + .mockRejectedValueOnce(primaryError) + .mockRejectedValueOnce(ipv4Error) + .mockRejectedValueOnce(fallbackError); const telegramTransport = resolveTelegramTransport(undefined, { network: { @@ -226,11 +300,10 @@ describe("fetchRemoteMedia telegram network policy", () => { await expect( fetchRemoteMedia({ - url: "https://api.telegram.org/file/bottok/photos/3.jpg", + url: "https://api.telegram.org/file/bottok/photos/4.jpg", fetchImpl: telegramTransport.sourceFetch, - dispatcherPolicy: telegramTransport.pinnedDispatcherPolicy, - fallbackDispatcherPolicy: telegramTransport.fallbackPinnedDispatcherPolicy, - shouldRetryFetchError: shouldRetryTelegramIpv4Fallback, + dispatcherAttempts: telegramTransport.dispatcherAttempts, + shouldRetryFetchError: shouldRetryTelegramTransportFallback, lookupFn, maxBytes: 1024, ssrfPolicy: { @@ -244,6 +317,7 @@ describe("fetchRemoteMedia telegram network policy", () => { cause: expect.objectContaining({ name: "Error", cause: fallbackError, + attemptErrors: [primaryError, ipv4Error, fallbackError], primaryError, }), }); diff --git a/src/media/fetch.test.ts b/src/media/fetch.test.ts index 4498ca4b550..ea7354135d4 100644 --- a/src/media/fetch.test.ts +++ b/src/media/fetch.test.ts @@ -31,6 +31,29 @@ function makeLookupFn() { >; } +async function expectRedactedTelegramFetchError(params: { + telegramFileUrl: string; + telegramToken: string; + redactedTelegramToken: string; + fetchImpl: Parameters[0]["fetchImpl"]; +}) { + const error = await fetchRemoteMedia({ + url: params.telegramFileUrl, + fetchImpl: params.fetchImpl, + lookupFn: makeLookupFn(), + maxBytes: 1024, + ssrfPolicy: { + allowedHostnames: ["api.telegram.org"], + allowRfc2544BenchmarkRange: true, + }, + }).catch((err: unknown) => err as Error); + + expect(error).toBeInstanceOf(Error); + const errorText = error instanceof Error ? String(error) : ""; + expect(errorText).not.toContain(params.telegramToken); + expect(errorText).toContain(`bot${params.redactedTelegramToken}`); +} + describe("fetchRemoteMedia", () => { const telegramToken = "123456789:ABCDEFGHIJKLMNOPQRSTUVWXYZabcd"; const redactedTelegramToken = `${telegramToken.slice(0, 6)}…${telegramToken.slice(-4)}`; @@ -100,41 +123,23 @@ describe("fetchRemoteMedia", () => { throw new Error(`dial failed for ${telegramFileUrl}`); }); - const error = await fetchRemoteMedia({ - url: telegramFileUrl, + await expectRedactedTelegramFetchError({ + telegramFileUrl, + telegramToken, + redactedTelegramToken, fetchImpl, - lookupFn: makeLookupFn(), - maxBytes: 1024, - ssrfPolicy: { - allowedHostnames: ["api.telegram.org"], - allowRfc2544BenchmarkRange: true, - }, - }).catch((err: unknown) => err as Error); - - expect(error).toBeInstanceOf(Error); - const errorText = error instanceof Error ? String(error) : ""; - expect(errorText).not.toContain(telegramToken); - expect(errorText).toContain(`bot${redactedTelegramToken}`); + }); }); it("redacts Telegram bot tokens from HTTP error messages", async () => { const fetchImpl = vi.fn(async () => new Response("unauthorized", { status: 401 })); - const error = await fetchRemoteMedia({ - url: telegramFileUrl, + await expectRedactedTelegramFetchError({ + telegramFileUrl, + telegramToken, + redactedTelegramToken, fetchImpl, - lookupFn: makeLookupFn(), - maxBytes: 1024, - ssrfPolicy: { - allowedHostnames: ["api.telegram.org"], - allowRfc2544BenchmarkRange: true, - }, - }).catch((err: unknown) => err as Error); - - expect(error).toBeInstanceOf(Error); - const errorText = error instanceof Error ? String(error) : ""; - expect(errorText).not.toContain(telegramToken); - expect(errorText).toContain(`bot${redactedTelegramToken}`); + }); }); it("blocks private IP literals before fetching", async () => { diff --git a/src/media/fetch.ts b/src/media/fetch.ts index 020ac8040bd..3893b1366d4 100644 --- a/src/media/fetch.ts +++ b/src/media/fetch.ts @@ -26,6 +26,11 @@ export class MediaFetchError extends Error { export type FetchLike = (input: RequestInfo | URL, init?: RequestInit) => Promise; +export type FetchDispatcherAttempt = { + dispatcherPolicy?: PinnedDispatcherPolicy; + lookupFn?: LookupFn; +}; + type FetchMediaOptions = { url: string; fetchImpl?: FetchLike; @@ -37,8 +42,7 @@ type FetchMediaOptions = { readIdleTimeoutMs?: number; ssrfPolicy?: SsrFPolicy; lookupFn?: LookupFn; - dispatcherPolicy?: PinnedDispatcherPolicy; - fallbackDispatcherPolicy?: PinnedDispatcherPolicy; + dispatcherAttempts?: FetchDispatcherAttempt[]; shouldRetryFetchError?: (error: unknown) => boolean; }; @@ -101,8 +105,7 @@ export async function fetchRemoteMedia(options: FetchMediaOptions): Promise Promise) | null = null; - const runGuardedFetch = async (policy?: PinnedDispatcherPolicy) => + const attempts = + dispatcherAttempts && dispatcherAttempts.length > 0 + ? dispatcherAttempts + : [{ dispatcherPolicy: undefined, lookupFn }]; + const runGuardedFetch = async (attempt: FetchDispatcherAttempt) => await fetchWithSsrFGuard( withStrictGuardedFetchMode({ url, @@ -118,32 +125,43 @@ export async function fetchRemoteMedia(options: FetchMediaOptions): Promise>; + const attemptErrors: unknown[] = []; + for (let i = 0; i < attempts.length; i += 1) { + try { + result = await runGuardedFetch(attempts[i]); + break; + } catch (err) { + if ( + typeof shouldRetryFetchError !== "function" || + !shouldRetryFetchError(err) || + i === attempts.length - 1 + ) { + if (attemptErrors.length > 0) { + const combined = new Error( + `Primary fetch failed and fallback fetch also failed for ${sourceUrl}`, + { cause: err }, + ); + ( + combined as Error & { + primaryError?: unknown; + attemptErrors?: unknown[]; + } + ).primaryError = attemptErrors[0]; + (combined as Error & { attemptErrors?: unknown[] }).attemptErrors = [ + ...attemptErrors, + err, + ]; + throw combined; + } + throw err; } - } else { - throw err; + attemptErrors.push(err); } } res = result.response; diff --git a/src/media/input-files.fetch-guard.test.ts b/src/media/input-files.fetch-guard.test.ts index 377bbf78fa9..6bd9fbb4b81 100644 --- a/src/media/input-files.fetch-guard.test.ts +++ b/src/media/input-files.fetch-guard.test.ts @@ -1,4 +1,4 @@ -import { beforeAll, beforeEach, describe, expect, it, vi } from "vitest"; +import { beforeEach, describe, expect, it, vi } from "vitest"; const fetchWithSsrFGuardMock = vi.fn(); const convertHeicToJpegMock = vi.fn(); @@ -24,15 +24,13 @@ let fetchWithGuard: typeof import("./input-files.js").fetchWithGuard; let extractImageContentFromSource: typeof import("./input-files.js").extractImageContentFromSource; let extractFileContentFromSource: typeof import("./input-files.js").extractFileContentFromSource; -beforeAll(async () => { +beforeEach(async () => { + vi.resetModules(); + vi.clearAllMocks(); ({ fetchWithGuard, extractImageContentFromSource, extractFileContentFromSource } = await import("./input-files.js")); }); -beforeEach(() => { - vi.clearAllMocks(); -}); - describe("HEIC input image normalization", () => { it("converts base64 HEIC images to JPEG before returning them", async () => { const normalized = Buffer.from("jpeg-normalized"); diff --git a/src/media/store.outside-workspace.test.ts b/src/media/store.outside-workspace.test.ts index 6483a856cd9..97c8c9df52b 100644 --- a/src/media/store.outside-workspace.test.ts +++ b/src/media/store.outside-workspace.test.ts @@ -1,6 +1,6 @@ import fs from "node:fs/promises"; import path from "node:path"; -import { afterAll, beforeAll, describe, expect, it, vi } from "vitest"; +import { afterAll, beforeAll, beforeEach, describe, expect, it, vi } from "vitest"; import { createTempHomeEnv, type TempHomeEnv } from "../test-utils/temp-home.js"; const mocks = vi.hoisted(() => ({ @@ -15,13 +15,22 @@ vi.mock("../infra/fs-safe.js", async (importOriginal) => { }; }); -const { saveMediaSource } = await import("./store.js"); -const { SafeOpenError } = await import("../infra/fs-safe.js"); +type StoreModule = typeof import("./store.js"); +type FsSafeModule = typeof import("../infra/fs-safe.js"); + +let saveMediaSource: StoreModule["saveMediaSource"]; +let SafeOpenError: FsSafeModule["SafeOpenError"]; describe("media store outside-workspace mapping", () => { let tempHome: TempHomeEnv; let home = ""; + beforeEach(async () => { + vi.resetModules(); + ({ saveMediaSource } = await import("./store.js")); + ({ SafeOpenError } = await import("../infra/fs-safe.js")); + }); + beforeAll(async () => { tempHome = await createTempHomeEnv("openclaw-media-store-test-home-"); home = tempHome.home; diff --git a/src/memory/batch-http.test.ts b/src/memory/batch-http.test.ts index d70cdf292a2..275e3725eb9 100644 --- a/src/memory/batch-http.test.ts +++ b/src/memory/batch-http.test.ts @@ -1,7 +1,4 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; -import { retryAsync } from "../infra/retry.js"; -import { postJsonWithRetry } from "./batch-http.js"; -import { postJson } from "./post-json.js"; vi.mock("../infra/retry.js", () => ({ retryAsync: vi.fn(async (run: () => Promise) => await run()), @@ -12,11 +9,18 @@ vi.mock("./post-json.js", () => ({ })); describe("postJsonWithRetry", () => { - const retryAsyncMock = vi.mocked(retryAsync); - const postJsonMock = vi.mocked(postJson); + let retryAsyncMock: ReturnType>; + let postJsonMock: ReturnType>; + let postJsonWithRetry: typeof import("./batch-http.js").postJsonWithRetry; - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); vi.clearAllMocks(); + ({ postJsonWithRetry } = await import("./batch-http.js")); + const retryModule = await import("../infra/retry.js"); + const postJsonModule = await import("./post-json.js"); + retryAsyncMock = vi.mocked(retryModule.retryAsync); + postJsonMock = vi.mocked(postJsonModule.postJson); }); it("posts JSON and returns parsed response payload", async () => { diff --git a/src/memory/embedding-manager.test-harness.ts b/src/memory/embedding-manager.test-harness.ts index 6835c9cce27..c0e973fade1 100644 --- a/src/memory/embedding-manager.test-harness.ts +++ b/src/memory/embedding-manager.test-harness.ts @@ -1,14 +1,12 @@ import fs from "node:fs/promises"; import os from "node:os"; import path from "node:path"; -import { afterAll, beforeAll, beforeEach, expect } from "vitest"; +import { afterAll, beforeAll, beforeEach, expect, vi, type Mock } from "vitest"; import type { OpenClawConfig } from "../config/config.js"; -import { getEmbedBatchMock, resetEmbeddingMocks } from "./embedding.test-mocks.js"; -import { - getMemorySearchManager, - type MemoryIndexManager, - type MemorySearchManager, -} from "./index.js"; +import type { MemoryIndexManager, MemorySearchManager } from "./index.js"; + +type EmbeddingTestMocksModule = typeof import("./embedding.test-mocks.js"); +type MemoryIndexModule = typeof import("./index.js"); export function installEmbeddingManagerFixture(opts: { fixturePrefix: string; @@ -21,7 +19,6 @@ export function installEmbeddingManagerFixture(opts: { }) => OpenClawConfig; resetIndexEachTest?: boolean; }) { - const embedBatch = getEmbedBatchMock(); const resetIndexEachTest = opts.resetIndexEachTest ?? true; let fixtureRoot: string | undefined; @@ -29,6 +26,9 @@ export function installEmbeddingManagerFixture(opts: { let memoryDir: string | undefined; let managerLarge: MemoryIndexManager | undefined; let managerSmall: MemoryIndexManager | undefined; + let embedBatch: Mock<(texts: string[]) => Promise> | undefined; + let getMemorySearchManager: MemoryIndexModule["getMemorySearchManager"]; + let resetEmbeddingMocks: EmbeddingTestMocksModule["resetEmbeddingMocks"]; const resetManager = (manager: MemoryIndexManager) => { (manager as unknown as { resetIndex: () => void }).resetIndex(); @@ -56,6 +56,12 @@ export function installEmbeddingManagerFixture(opts: { }; beforeAll(async () => { + vi.resetModules(); + await import("./embedding.test-mocks.js"); + const embeddingMocks = await import("./embedding.test-mocks.js"); + embedBatch = embeddingMocks.getEmbedBatchMock(); + resetEmbeddingMocks = embeddingMocks.resetEmbeddingMocks; + ({ getMemorySearchManager } = await import("./index.js")); fixtureRoot = await fs.mkdtemp(path.join(os.tmpdir(), opts.fixturePrefix)); workspaceDir = path.join(fixtureRoot, "workspace"); memoryDir = path.join(workspaceDir, "memory"); @@ -116,7 +122,9 @@ export function installEmbeddingManagerFixture(opts: { }); return { - embedBatch, + get embedBatch() { + return requireValue(embedBatch, "embedBatch"); + }, getFixtureRoot: () => requireValue(fixtureRoot, "fixtureRoot"), getWorkspaceDir: () => requireValue(workspaceDir, "workspaceDir"), getMemoryDir: () => requireValue(memoryDir, "memoryDir"), diff --git a/src/memory/embeddings-remote-fetch.test.ts b/src/memory/embeddings-remote-fetch.test.ts index bcef98fafda..eeaa39e9277 100644 --- a/src/memory/embeddings-remote-fetch.test.ts +++ b/src/memory/embeddings-remote-fetch.test.ts @@ -1,15 +1,20 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; -import { fetchRemoteEmbeddingVectors } from "./embeddings-remote-fetch.js"; import { postJson } from "./post-json.js"; vi.mock("./post-json.js", () => ({ postJson: vi.fn(), })); +type EmbeddingsRemoteFetchModule = typeof import("./embeddings-remote-fetch.js"); + +let fetchRemoteEmbeddingVectors: EmbeddingsRemoteFetchModule["fetchRemoteEmbeddingVectors"]; + describe("fetchRemoteEmbeddingVectors", () => { const postJsonMock = vi.mocked(postJson); - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); + ({ fetchRemoteEmbeddingVectors } = await import("./embeddings-remote-fetch.js")); vi.clearAllMocks(); }); diff --git a/src/memory/embeddings-voyage.test.ts b/src/memory/embeddings-voyage.test.ts index ccc164bd064..9dac8c04d75 100644 --- a/src/memory/embeddings-voyage.test.ts +++ b/src/memory/embeddings-voyage.test.ts @@ -1,7 +1,5 @@ -import { afterEach, describe, expect, it, vi } from "vitest"; -import * as authModule from "../agents/model-auth.js"; +import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; import { type FetchMock, withFetchPreconnect } from "../test-utils/fetch-mock.js"; -import { createVoyageEmbeddingProvider, normalizeVoyageModel } from "./embeddings-voyage.js"; import { mockPublicPinnedHostname } from "./test-helpers/ssrf.js"; vi.mock("../agents/model-auth.js", async () => { @@ -20,6 +18,17 @@ const createFetchMock = () => { return withFetchPreconnect(fetchMock); }; +let authModule: typeof import("../agents/model-auth.js"); +let createVoyageEmbeddingProvider: typeof import("./embeddings-voyage.js").createVoyageEmbeddingProvider; +let normalizeVoyageModel: typeof import("./embeddings-voyage.js").normalizeVoyageModel; + +beforeEach(async () => { + vi.resetModules(); + authModule = await import("../agents/model-auth.js"); + ({ createVoyageEmbeddingProvider, normalizeVoyageModel } = + await import("./embeddings-voyage.js")); +}); + function mockVoyageApiKey() { vi.mocked(authModule.resolveApiKeyForProvider).mockResolvedValue({ apiKey: "voyage-key-123", diff --git a/src/memory/embeddings.test.ts b/src/memory/embeddings.test.ts index f15624ee1cb..8cf984522e2 100644 --- a/src/memory/embeddings.test.ts +++ b/src/memory/embeddings.test.ts @@ -1,7 +1,5 @@ -import { afterEach, describe, expect, it, vi } from "vitest"; -import * as authModule from "../agents/model-auth.js"; +import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; import { DEFAULT_GEMINI_EMBEDDING_MODEL } from "./embeddings-gemini.js"; -import { createEmbeddingProvider, DEFAULT_LOCAL_MODEL } from "./embeddings.js"; import { mockPublicPinnedHostname } from "./test-helpers/ssrf.js"; vi.mock("../agents/model-auth.js", async () => { @@ -33,12 +31,26 @@ function readFirstFetchRequest(fetchMock: { mock: { calls: unknown[][] } }) { return { url, init: init as RequestInit | undefined }; } +type EmbeddingsModule = typeof import("./embeddings.js"); +type AuthModule = typeof import("../agents/model-auth.js"); +type ResolvedProviderAuth = Awaited>; + +let authModule: AuthModule; +let createEmbeddingProvider: EmbeddingsModule["createEmbeddingProvider"]; +let DEFAULT_LOCAL_MODEL: EmbeddingsModule["DEFAULT_LOCAL_MODEL"]; + +beforeEach(async () => { + vi.resetModules(); + authModule = await import("../agents/model-auth.js"); + ({ createEmbeddingProvider, DEFAULT_LOCAL_MODEL } = await import("./embeddings.js")); +}); + afterEach(() => { vi.resetAllMocks(); vi.unstubAllGlobals(); }); -function requireProvider(result: Awaited>) { +function requireProvider(result: Awaited>) { if (!result.provider) { throw new Error("Expected embedding provider"); } @@ -71,7 +83,7 @@ function createLocalProvider(options?: { fallback?: "none" | "openai" }) { } function expectAutoSelectedProvider( - result: Awaited>, + result: Awaited>, expectedId: "openai" | "gemini" | "mistral", ) { expect(result.requestedProvider).toBe("auto"); @@ -291,41 +303,6 @@ describe("embedding provider remote overrides", () => { }); describe("embedding provider auto selection", () => { - it("prefers openai when a key resolves", async () => { - vi.mocked(authModule.resolveApiKeyForProvider).mockImplementation(async ({ provider }) => { - if (provider === "openai") { - return { apiKey: "openai-key", source: "env: OPENAI_API_KEY", mode: "api-key" }; - } - throw new Error(`No API key found for provider "${provider}".`); - }); - - const result = await createAutoProvider(); - expectAutoSelectedProvider(result, "openai"); - }); - - it("uses gemini when openai is missing", async () => { - const fetchMock = createGeminiFetchMock(); - vi.stubGlobal("fetch", fetchMock); - mockPublicPinnedHostname(); - vi.mocked(authModule.resolveApiKeyForProvider).mockImplementation(async ({ provider }) => { - if (provider === "openai") { - throw new Error('No API key found for provider "openai".'); - } - if (provider === "google") { - return { apiKey: "gemini-key", source: "env: GEMINI_API_KEY", mode: "api-key" }; - } - throw new Error(`Unexpected provider ${provider}`); - }); - - const result = await createAutoProvider(); - const provider = expectAutoSelectedProvider(result, "gemini"); - await provider.embedQuery("hello"); - const [url] = fetchMock.mock.calls[0] ?? []; - expect(url).toBe( - `https://generativelanguage.googleapis.com/v1beta/models/${DEFAULT_GEMINI_EMBEDDING_MODEL}:embedContent`, - ); - }); - it("keeps explicit model when openai is selected", async () => { const fetchMock = vi.fn(async (_input?: unknown, _init?: unknown) => ({ ok: true, @@ -359,22 +336,79 @@ describe("embedding provider auto selection", () => { expect(payload.model).toBe("text-embedding-3-small"); }); - it("uses mistral when openai/gemini/voyage are missing", async () => { - const fetchMock = createFetchMock(); - vi.stubGlobal("fetch", fetchMock); - mockPublicPinnedHostname(); - vi.mocked(authModule.resolveApiKeyForProvider).mockImplementation(async ({ provider }) => { - if (provider === "mistral") { - return { apiKey: "mistral-key", source: "env: MISTRAL_API_KEY", mode: "api-key" }; // pragma: allowlist secret - } - throw new Error(`No API key found for provider "${provider}".`); - }); + it("selects the first available remote provider in auto mode", async () => { + const cases: Array<{ + name: string; + expectedProvider: "openai" | "gemini" | "mistral"; + fetchMockFactory: typeof createFetchMock | typeof createGeminiFetchMock; + resolveApiKey: (provider: string) => ResolvedProviderAuth; + expectedUrl: string; + }> = [ + { + name: "openai first", + expectedProvider: "openai" as const, + fetchMockFactory: createFetchMock, + resolveApiKey(provider: string): ResolvedProviderAuth { + if (provider === "openai") { + return { apiKey: "openai-key", source: "env: OPENAI_API_KEY", mode: "api-key" }; + } + throw new Error(`No API key found for provider "${provider}".`); + }, + expectedUrl: "https://api.openai.com/v1/embeddings", + }, + { + name: "gemini fallback", + expectedProvider: "gemini" as const, + fetchMockFactory: createGeminiFetchMock, + resolveApiKey(provider: string): ResolvedProviderAuth { + if (provider === "openai") { + throw new Error('No API key found for provider "openai".'); + } + if (provider === "google") { + return { + apiKey: "gemini-key", + source: "env: GEMINI_API_KEY", + mode: "api-key" as const, + }; + } + throw new Error(`Unexpected provider ${provider}`); + }, + expectedUrl: `https://generativelanguage.googleapis.com/v1beta/models/${DEFAULT_GEMINI_EMBEDDING_MODEL}:embedContent`, + }, + { + name: "mistral after earlier misses", + expectedProvider: "mistral" as const, + fetchMockFactory: createFetchMock, + resolveApiKey(provider: string): ResolvedProviderAuth { + if (provider === "mistral") { + return { + apiKey: "mistral-key", + source: "env: MISTRAL_API_KEY", + mode: "api-key" as const, + }; + } + throw new Error(`No API key found for provider "${provider}".`); + }, + expectedUrl: "https://api.mistral.ai/v1/embeddings", + }, + ]; - const result = await createAutoProvider(); - const provider = expectAutoSelectedProvider(result, "mistral"); - await provider.embedQuery("hello"); - const [url] = fetchMock.mock.calls[0] ?? []; - expect(url).toBe("https://api.mistral.ai/v1/embeddings"); + for (const testCase of cases) { + vi.resetAllMocks(); + vi.unstubAllGlobals(); + const fetchMock = testCase.fetchMockFactory(); + vi.stubGlobal("fetch", fetchMock); + mockPublicPinnedHostname(); + vi.mocked(authModule.resolveApiKeyForProvider).mockImplementation(async ({ provider }) => + testCase.resolveApiKey(provider), + ); + + const result = await createAutoProvider(); + const provider = expectAutoSelectedProvider(result, testCase.expectedProvider); + await provider.embedQuery("hello"); + const [url] = fetchMock.mock.calls[0] ?? []; + expect(url, testCase.name).toBe(testCase.expectedUrl); + } }); }); @@ -650,56 +684,54 @@ describe("local embedding ensureContext concurrency", () => { }); describe("FTS-only fallback when no provider available", () => { - it("returns null provider with reason when auto mode finds no providers", async () => { - vi.mocked(authModule.resolveApiKeyForProvider).mockRejectedValue( - new Error('No API key found for provider "openai"'), - ); - - const result = await createEmbeddingProvider({ - config: {} as never, - provider: "auto", - model: "", - fallback: "none", - }); - - expect(result.provider).toBeNull(); - expect(result.requestedProvider).toBe("auto"); - expect(result.providerUnavailableReason).toBeDefined(); - expect(result.providerUnavailableReason).toContain("No API key"); - }); - - it("returns null provider when explicit provider fails with missing API key", async () => { - vi.mocked(authModule.resolveApiKeyForProvider).mockRejectedValue( - new Error('No API key found for provider "openai"'), - ); - - const result = await createEmbeddingProvider({ - config: {} as never, - provider: "openai", - model: "text-embedding-3-small", - fallback: "none", - }); - - expect(result.provider).toBeNull(); - expect(result.requestedProvider).toBe("openai"); - expect(result.providerUnavailableReason).toBeDefined(); - }); - - it("returns null provider when both primary and fallback fail with missing API keys", async () => { + it("returns null provider when all requested auth paths fail", async () => { vi.mocked(authModule.resolveApiKeyForProvider).mockRejectedValue( new Error("No API key found for provider"), ); - const result = await createEmbeddingProvider({ - config: {} as never, - provider: "openai", - model: "text-embedding-3-small", - fallback: "gemini", - }); - - expect(result.provider).toBeNull(); - expect(result.requestedProvider).toBe("openai"); - expect(result.fallbackFrom).toBe("openai"); - expect(result.providerUnavailableReason).toContain("Fallback to gemini failed"); + for (const testCase of [ + { + name: "auto mode", + options: { + config: {} as never, + provider: "auto" as const, + model: "", + fallback: "none" as const, + }, + requestedProvider: "auto", + fallbackFrom: undefined, + reasonIncludes: "No API key", + }, + { + name: "explicit provider only", + options: { + config: {} as never, + provider: "openai" as const, + model: "text-embedding-3-small", + fallback: "none" as const, + }, + requestedProvider: "openai", + fallbackFrom: undefined, + reasonIncludes: "No API key", + }, + { + name: "primary and fallback", + options: { + config: {} as never, + provider: "openai" as const, + model: "text-embedding-3-small", + fallback: "gemini" as const, + }, + requestedProvider: "openai", + fallbackFrom: "openai", + reasonIncludes: "Fallback to gemini failed", + }, + ]) { + const result = await createEmbeddingProvider(testCase.options); + expect(result.provider, testCase.name).toBeNull(); + expect(result.requestedProvider, testCase.name).toBe(testCase.requestedProvider); + expect(result.fallbackFrom, testCase.name).toBe(testCase.fallbackFrom); + expect(result.providerUnavailableReason, testCase.name).toContain(testCase.reasonIncludes); + } }); }); diff --git a/src/memory/index.test.ts b/src/memory/index.test.ts index dcb0b061073..1072eab2cc4 100644 --- a/src/memory/index.test.ts +++ b/src/memory/index.test.ts @@ -3,8 +3,12 @@ import fs from "node:fs/promises"; import os from "node:os"; import path from "node:path"; import { afterAll, beforeAll, beforeEach, describe, expect, it, vi } from "vitest"; -import { getMemorySearchManager, type MemoryIndexManager } from "./index.js"; import "./test-runtime-mocks.js"; +import type { MemoryIndexManager } from "./index.js"; + +type MemoryIndexModule = typeof import("./index.js"); + +let getMemorySearchManager: MemoryIndexModule["getMemorySearchManager"]; let embedBatchCalls = 0; let embedBatchInputCalls = 0; @@ -151,6 +155,9 @@ describe("memory index", () => { }); beforeEach(async () => { + vi.resetModules(); + await import("./test-runtime-mocks.js"); + ({ getMemorySearchManager } = await import("./index.js")); // Perf: most suites don't need atomic swap behavior for full reindexes. // Keep atomic reindex tests on the safe path. vi.stubEnv("OPENCLAW_TEST_MEMORY_UNSAFE_REINDEX", "1"); diff --git a/src/memory/manager.async-search.test.ts b/src/memory/manager.async-search.test.ts index 22ecd91b267..7250314cd55 100644 --- a/src/memory/manager.async-search.test.ts +++ b/src/memory/manager.async-search.test.ts @@ -87,7 +87,11 @@ describe("memory search async sync", () => { }); manager = await createMemoryManagerOrThrow(cfg); + (manager as unknown as { dirty: boolean }).dirty = true; await manager.search("hello"); + await vi.waitFor(() => { + expect((manager as unknown as { syncing: Promise | null }).syncing).toBeTruthy(); + }); let closed = false; const closePromise = manager.close().then(() => { diff --git a/src/memory/manager.atomic-reindex.test.ts b/src/memory/manager.atomic-reindex.test.ts index d7d610312f5..b4dd35f9f37 100644 --- a/src/memory/manager.atomic-reindex.test.ts +++ b/src/memory/manager.atomic-reindex.test.ts @@ -3,25 +3,33 @@ import os from "node:os"; import path from "node:path"; import { afterAll, afterEach, beforeAll, beforeEach, describe, expect, it, vi } from "vitest"; import type { OpenClawConfig } from "../config/config.js"; -import { getEmbedBatchMock, resetEmbeddingMocks } from "./embedding.test-mocks.js"; import type { MemoryIndexManager } from "./index.js"; -import { getRequiredMemoryIndexManager } from "./test-manager-helpers.js"; let shouldFail = false; +type EmbeddingTestMocksModule = typeof import("./embedding.test-mocks.js"); +type TestManagerHelpersModule = typeof import("./test-manager-helpers.js"); + describe("memory manager atomic reindex", () => { let fixtureRoot = ""; let caseId = 0; let workspaceDir: string; let indexPath: string; let manager: MemoryIndexManager | null = null; - const embedBatch = getEmbedBatchMock(); + let embedBatch: ReturnType; + let resetEmbeddingMocks: EmbeddingTestMocksModule["resetEmbeddingMocks"]; + let getRequiredMemoryIndexManager: TestManagerHelpersModule["getRequiredMemoryIndexManager"]; beforeAll(async () => { fixtureRoot = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-mem-atomic-")); }); beforeEach(async () => { + vi.resetModules(); + const embeddingMocks = await import("./embedding.test-mocks.js"); + embedBatch = embeddingMocks.getEmbedBatchMock(); + resetEmbeddingMocks = embeddingMocks.resetEmbeddingMocks; + ({ getRequiredMemoryIndexManager } = await import("./test-manager-helpers.js")); vi.stubEnv("OPENCLAW_TEST_MEMORY_UNSAFE_REINDEX", "0"); resetEmbeddingMocks(); shouldFail = false; diff --git a/src/memory/manager.batch.test.ts b/src/memory/manager.batch.test.ts index 453f1a6c815..38be2020f35 100644 --- a/src/memory/manager.batch.test.ts +++ b/src/memory/manager.batch.test.ts @@ -4,21 +4,15 @@ import path from "node:path"; import { afterAll, afterEach, beforeAll, beforeEach, describe, expect, it, vi } from "vitest"; import { useFastShortTimeouts } from "../../test/helpers/fast-short-timeouts.js"; import type { OpenClawConfig } from "../config/config.js"; -import { getMemorySearchManager, type MemoryIndexManager } from "./index.js"; import { createOpenAIEmbeddingProviderMock } from "./test-embeddings-mock.js"; import { mockPublicPinnedHostname } from "./test-helpers/ssrf.js"; -import "./test-runtime-mocks.js"; + +type MemoryIndexManager = import("./index.js").MemoryIndexManager; +type MemoryIndexModule = typeof import("./index.js"); const embedBatch = vi.fn(async (_texts: string[]) => [] as number[][]); const embedQuery = vi.fn(async () => [0.5, 0.5, 0.5]); - -vi.mock("./embeddings.js", () => ({ - createEmbeddingProvider: async () => - createOpenAIEmbeddingProviderMock({ - embedQuery, - embedBatch, - }), -})); +let getMemorySearchManager: MemoryIndexModule["getMemorySearchManager"]; describe("memory indexing with OpenAI batches", () => { let fixtureRoot: string; @@ -118,6 +112,17 @@ describe("memory indexing with OpenAI batches", () => { } beforeAll(async () => { + vi.resetModules(); + vi.doMock("./embeddings.js", () => ({ + createEmbeddingProvider: async () => + createOpenAIEmbeddingProviderMock({ + embedQuery, + embedBatch, + }), + })); + await import("./test-runtime-mocks.js"); + ({ getMemorySearchManager } = await import("./index.js")); + fixtureRoot = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-mem-batch-")); workspaceDir = path.join(fixtureRoot, "workspace"); memoryDir = path.join(workspaceDir, "memory"); diff --git a/src/memory/manager.embedding-batches.test.ts b/src/memory/manager.embedding-batches.test.ts index e2af1ed97f2..d7b1071deed 100644 --- a/src/memory/manager.embedding-batches.test.ts +++ b/src/memory/manager.embedding-batches.test.ts @@ -25,7 +25,6 @@ const fx = installEmbeddingManagerFixture({ }, }), }); -const { embedBatch } = fx; describe("memory embedding batches", () => { async function expectSyncWithFastTimeouts(manager: { @@ -55,13 +54,13 @@ describe("memory embedding batches", () => { }); const status = managerLarge.status(); - const totalTexts = embedBatch.mock.calls.reduce( + const totalTexts = fx.embedBatch.mock.calls.reduce( (sum: number, call: unknown[]) => sum + ((call[0] as string[] | undefined)?.length ?? 0), 0, ); expect(totalTexts).toBe(status.chunks); - expect(embedBatch.mock.calls.length).toBeGreaterThan(1); - const inputs: string[] = embedBatch.mock.calls.flatMap( + expect(fx.embedBatch.mock.calls.length).toBeGreaterThan(1); + const inputs: string[] = fx.embedBatch.mock.calls.flatMap( (call: unknown[]) => (call[0] as string[] | undefined) ?? [], ); expect(inputs.every((text) => Buffer.byteLength(text, "utf8") <= 8000)).toBe(true); @@ -80,7 +79,7 @@ describe("memory embedding batches", () => { await fs.writeFile(path.join(memoryDir, "2026-01-04.md"), content); await managerSmall.sync({ reason: "test" }); - expect(embedBatch.mock.calls.length).toBe(1); + expect(fx.embedBatch.mock.calls.length).toBe(1); }); it("retries embeddings on transient rate limit and 5xx errors", async () => { @@ -95,7 +94,7 @@ describe("memory embedding batches", () => { "openai embeddings failed: 502 Bad Gateway (cloudflare)", ]; let calls = 0; - embedBatch.mockImplementation(async (texts: string[]) => { + fx.embedBatch.mockImplementation(async (texts: string[]) => { calls += 1; const transient = transientErrors[calls - 1]; if (transient) { @@ -117,7 +116,7 @@ describe("memory embedding batches", () => { await fs.writeFile(path.join(memoryDir, "2026-01-08.md"), content); let calls = 0; - embedBatch.mockImplementation(async (texts: string[]) => { + fx.embedBatch.mockImplementation(async (texts: string[]) => { calls += 1; if (calls === 1) { throw new Error("AWS Bedrock embeddings failed: Too many tokens per day"); @@ -136,7 +135,9 @@ describe("memory embedding batches", () => { await fs.writeFile(path.join(memoryDir, "2026-01-07.md"), "\n\n\n"); await managerSmall.sync({ reason: "test" }); - const inputs = embedBatch.mock.calls.flatMap((call: unknown[]) => (call[0] as string[]) ?? []); + const inputs = fx.embedBatch.mock.calls.flatMap( + (call: unknown[]) => (call[0] as string[]) ?? [], + ); expect(inputs).not.toContain(""); }); }); diff --git a/src/memory/manager.get-concurrency.test.ts b/src/memory/manager.get-concurrency.test.ts index 515a9d8226d..236f6780b84 100644 --- a/src/memory/manager.get-concurrency.test.ts +++ b/src/memory/manager.get-concurrency.test.ts @@ -3,12 +3,11 @@ import os from "node:os"; import path from "node:path"; import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; import type { OpenClawConfig } from "../config/config.js"; -import { getMemorySearchManager, type MemoryIndexManager } from "./index.js"; -import { - closeAllMemoryIndexManagers, - MemoryIndexManager as RawMemoryIndexManager, -} from "./manager.js"; import "./test-runtime-mocks.js"; +import type { MemoryIndexManager } from "./index.js"; + +type MemoryIndexModule = typeof import("./index.js"); +type ManagerModule = typeof import("./manager.js"); const hoisted = vi.hoisted(() => ({ providerCreateCalls: 0, @@ -34,10 +33,19 @@ vi.mock("./embeddings.js", () => ({ }, })); +let getMemorySearchManager: MemoryIndexModule["getMemorySearchManager"]; +let closeAllMemoryIndexManagers: ManagerModule["closeAllMemoryIndexManagers"]; +let RawMemoryIndexManager: ManagerModule["MemoryIndexManager"]; + describe("memory manager cache hydration", () => { let workspaceDir = ""; beforeEach(async () => { + vi.resetModules(); + await import("./test-runtime-mocks.js"); + ({ getMemorySearchManager } = await import("./index.js")); + ({ closeAllMemoryIndexManagers, MemoryIndexManager: RawMemoryIndexManager } = + await import("./manager.js")); workspaceDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-mem-concurrent-")); await fs.mkdir(path.join(workspaceDir, "memory"), { recursive: true }); await fs.writeFile(path.join(workspaceDir, "MEMORY.md"), "Hello memory."); diff --git a/src/memory/manager.mistral-provider.test.ts b/src/memory/manager.mistral-provider.test.ts index 3345b01933c..be10e3c232b 100644 --- a/src/memory/manager.mistral-provider.test.ts +++ b/src/memory/manager.mistral-provider.test.ts @@ -11,7 +11,7 @@ import type { OllamaEmbeddingClient, OpenAiEmbeddingClient, } from "./embeddings.js"; -import { getMemorySearchManager, type MemoryIndexManager } from "./index.js"; +import type { MemoryIndexManager } from "./index.js"; const { createEmbeddingProviderMock } = vi.hoisted(() => ({ createEmbeddingProviderMock: vi.fn(), @@ -25,6 +25,10 @@ vi.mock("./sqlite-vec.js", () => ({ loadSqliteVecExtension: async () => ({ ok: false, error: "sqlite-vec disabled in tests" }), })); +type MemoryIndexModule = typeof import("./index.js"); + +let getMemorySearchManager: MemoryIndexModule["getMemorySearchManager"]; + function createProvider(id: string): EmbeddingProvider { return { id, @@ -64,6 +68,8 @@ describe("memory manager mistral provider wiring", () => { let manager: MemoryIndexManager | null = null; beforeEach(async () => { + vi.resetModules(); + ({ getMemorySearchManager } = await import("./index.js")); createEmbeddingProviderMock.mockReset(); workspaceDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-memory-mistral-")); indexPath = path.join(workspaceDir, "index.sqlite"); diff --git a/src/memory/manager.vector-dedupe.test.ts b/src/memory/manager.vector-dedupe.test.ts index fcd21a88431..64242ec3f0e 100644 --- a/src/memory/manager.vector-dedupe.test.ts +++ b/src/memory/manager.vector-dedupe.test.ts @@ -4,8 +4,6 @@ import path from "node:path"; import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; import type { OpenClawConfig } from "../config/config.js"; import type { MemoryIndexManager } from "./index.js"; -import { buildFileEntry } from "./internal.js"; -import { createMemoryManagerOrThrow } from "./test-manager.js"; vi.mock("./embeddings.js", () => { return { @@ -21,6 +19,12 @@ vi.mock("./embeddings.js", () => { }; }); +type MemoryInternalModule = typeof import("./internal.js"); +type TestManagerModule = typeof import("./test-manager.js"); + +let buildFileEntry: MemoryInternalModule["buildFileEntry"]; +let createMemoryManagerOrThrow: TestManagerModule["createMemoryManagerOrThrow"]; + describe("memory vector dedupe", () => { let workspaceDir: string; let indexPath: string; @@ -40,6 +44,9 @@ describe("memory vector dedupe", () => { } beforeEach(async () => { + vi.resetModules(); + ({ buildFileEntry } = await import("./internal.js")); + ({ createMemoryManagerOrThrow } = await import("./test-manager.js")); workspaceDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-mem-")); indexPath = path.join(workspaceDir, "index.sqlite"); await seedMemoryWorkspace(workspaceDir); diff --git a/src/memory/manager.watcher-config.test.ts b/src/memory/manager.watcher-config.test.ts index b10cf84c71f..36d1b830e4a 100644 --- a/src/memory/manager.watcher-config.test.ts +++ b/src/memory/manager.watcher-config.test.ts @@ -1,10 +1,10 @@ import fs from "node:fs/promises"; import os from "node:os"; import path from "node:path"; -import { afterEach, describe, expect, it, vi } from "vitest"; +import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; import type { OpenClawConfig } from "../config/config.js"; import type { MemorySearchConfig } from "../config/types.tools.js"; -import { getMemorySearchManager, type MemoryIndexManager } from "./index.js"; +import type { MemoryIndexManager } from "./index.js"; const { watchMock } = vi.hoisted(() => ({ watchMock: vi.fn(() => ({ @@ -34,11 +34,20 @@ vi.mock("./embeddings.js", () => ({ }), })); +type MemoryIndexModule = typeof import("./index.js"); + +let getMemorySearchManager: MemoryIndexModule["getMemorySearchManager"]; + describe("memory watcher config", () => { let manager: MemoryIndexManager | null = null; let workspaceDir = ""; let extraDir = ""; + beforeEach(async () => { + vi.resetModules(); + ({ getMemorySearchManager } = await import("./index.js")); + }); + afterEach(async () => { watchMock.mockClear(); if (manager) { diff --git a/src/memory/post-json.test.ts b/src/memory/post-json.test.ts index 7e1aaf27cb6..1fd4210c111 100644 --- a/src/memory/post-json.test.ts +++ b/src/memory/post-json.test.ts @@ -1,16 +1,21 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; -import { postJson } from "./post-json.js"; -import { withRemoteHttpResponse } from "./remote-http.js"; vi.mock("./remote-http.js", () => ({ withRemoteHttpResponse: vi.fn(), })); -describe("postJson", () => { - const remoteHttpMock = vi.mocked(withRemoteHttpResponse); +let postJson: typeof import("./post-json.js").postJson; +let withRemoteHttpResponse: typeof import("./remote-http.js").withRemoteHttpResponse; - beforeEach(() => { +describe("postJson", () => { + let remoteHttpMock: ReturnType>; + + beforeEach(async () => { + vi.resetModules(); vi.clearAllMocks(); + ({ postJson } = await import("./post-json.js")); + ({ withRemoteHttpResponse } = await import("./remote-http.js")); + remoteHttpMock = vi.mocked(withRemoteHttpResponse); }); it("parses JSON payload on successful response", async () => { diff --git a/src/memory/test-manager-helpers.ts b/src/memory/test-manager-helpers.ts index 4bbcf2d608e..cfe3f09e49f 100644 --- a/src/memory/test-manager-helpers.ts +++ b/src/memory/test-manager-helpers.ts @@ -1,10 +1,12 @@ import type { OpenClawConfig } from "../config/config.js"; -import { getMemorySearchManager, type MemoryIndexManager } from "./index.js"; +import type { MemoryIndexManager } from "./index.js"; export async function getRequiredMemoryIndexManager(params: { cfg: OpenClawConfig; agentId?: string; }): Promise { + await import("./embedding.test-mocks.js"); + const { getMemorySearchManager } = await import("./index.js"); const result = await getMemorySearchManager({ cfg: params.cfg, agentId: params.agentId ?? "main", diff --git a/src/pairing/setup-code.test.ts b/src/pairing/setup-code.test.ts index e72a9399623..6622f6c010f 100644 --- a/src/pairing/setup-code.test.ts +++ b/src/pairing/setup-code.test.ts @@ -1,6 +1,5 @@ import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; import type { SecretInput } from "../config/types.secrets.js"; -import { encodePairingSetupCode, resolvePairingSetupFromConfig } from "./setup-code.js"; vi.mock("../infra/device-bootstrap.js", () => ({ issueDeviceBootstrapToken: vi.fn(async () => ({ @@ -9,6 +8,9 @@ vi.mock("../infra/device-bootstrap.js", () => ({ })), })); +let encodePairingSetupCode: typeof import("./setup-code.js").encodePairingSetupCode; +let resolvePairingSetupFromConfig: typeof import("./setup-code.js").resolvePairingSetupFromConfig; + describe("pairing setup code", () => { type ResolvedSetup = Awaited>; const defaultEnvSecretProviderConfig = { @@ -68,10 +70,17 @@ describe("pairing setup code", () => { } beforeEach(() => { + vi.resetModules(); vi.stubEnv("OPENCLAW_GATEWAY_TOKEN", ""); vi.stubEnv("CLAWDBOT_GATEWAY_TOKEN", ""); vi.stubEnv("OPENCLAW_GATEWAY_PASSWORD", ""); vi.stubEnv("CLAWDBOT_GATEWAY_PASSWORD", ""); + vi.stubEnv("OPENCLAW_GATEWAY_PORT", ""); + vi.stubEnv("CLAWDBOT_GATEWAY_PORT", ""); + }); + + beforeEach(async () => { + ({ encodePairingSetupCode, resolvePairingSetupFromConfig } = await import("./setup-code.js")); }); afterEach(() => { diff --git a/src/plugin-sdk-internal/discord.ts b/src/plugin-sdk-internal/discord.ts deleted file mode 100644 index 9a29900c717..00000000000 --- a/src/plugin-sdk-internal/discord.ts +++ /dev/null @@ -1,116 +0,0 @@ -export type { ChannelMessageActionAdapter } from "../channels/plugins/types.js"; -export type { OpenClawConfig } from "../config/config.js"; -export type { DiscordAccountConfig, DiscordActionConfig } from "../config/types.js"; -export type { InspectedDiscordAccount } from "../../extensions/discord/src/account-inspect.js"; -export type { ResolvedDiscordAccount } from "../../extensions/discord/src/accounts.js"; -export type { - DiscordSendComponents, - DiscordSendEmbeds, -} from "../../extensions/discord/src/send.shared.js"; -export * from "../plugin-sdk/channel-plugin-common.js"; - -export { - createDiscordActionGate, - listDiscordAccountIds, - resolveDefaultDiscordAccountId, - resolveDiscordAccount, -} from "../../extensions/discord/src/accounts.js"; -export { inspectDiscordAccount } from "../../extensions/discord/src/account-inspect.js"; -export { - projectCredentialSnapshotFields, - resolveConfiguredFromCredentialStatuses, -} from "../channels/account-snapshot-fields.js"; -export { - listDiscordDirectoryGroupsFromConfig, - listDiscordDirectoryPeersFromConfig, -} from "../channels/plugins/directory-config.js"; -export { - looksLikeDiscordTargetId, - normalizeDiscordMessagingTarget, - normalizeDiscordOutboundTarget, -} from "../../extensions/discord/src/normalize.js"; -export { collectDiscordAuditChannelIds } from "../../extensions/discord/src/audit.js"; -export { collectDiscordStatusIssues } from "../../extensions/discord/src/status-issues.js"; -export { - DISCORD_DEFAULT_INBOUND_WORKER_TIMEOUT_MS, - DISCORD_DEFAULT_LISTENER_TIMEOUT_MS, -} from "../../extensions/discord/src/monitor/timeouts.js"; -export { normalizeExplicitDiscordSessionKey } from "../../extensions/discord/src/session-key-normalization.js"; -export type { DiscordPluralKitConfig } from "../../extensions/discord/src/pluralkit.js"; - -export { - resolveDefaultGroupPolicy, - resolveOpenProviderRuntimeGroupPolicy, -} from "../config/runtime-group-policy.js"; -export { - resolveDiscordGroupRequireMention, - resolveDiscordGroupToolPolicy, -} from "../channels/plugins/group-mentions.js"; -export { discordSetupWizard } from "../../extensions/discord/src/setup-surface.js"; -export { discordSetupAdapter } from "../../extensions/discord/src/setup-core.js"; -export { DiscordConfigSchema } from "../config/zod-schema.providers-core.js"; - -export { - autoBindSpawnedDiscordSubagent, - listThreadBindingsBySessionKey, - unbindThreadBindingsBySessionKey, -} from "../../extensions/discord/src/monitor/thread-bindings.js"; -export { getGateway } from "../../extensions/discord/src/monitor/gateway-registry.js"; -export { getPresence } from "../../extensions/discord/src/monitor/presence-cache.js"; -export { readDiscordComponentSpec } from "../../extensions/discord/src/components.js"; -export { resolveDiscordChannelId } from "../../extensions/discord/src/targets.js"; -export { - addRoleDiscord, - banMemberDiscord, - createChannelDiscord, - createScheduledEventDiscord, - createThreadDiscord, - deleteChannelDiscord, - deleteMessageDiscord, - editChannelDiscord, - editMessageDiscord, - fetchChannelInfoDiscord, - fetchChannelPermissionsDiscord, - fetchMemberInfoDiscord, - fetchMessageDiscord, - fetchReactionsDiscord, - fetchRoleInfoDiscord, - fetchVoiceStatusDiscord, - hasAnyGuildPermissionDiscord, - kickMemberDiscord, - listGuildChannelsDiscord, - listGuildEmojisDiscord, - listPinsDiscord, - listScheduledEventsDiscord, - listThreadsDiscord, - moveChannelDiscord, - pinMessageDiscord, - reactMessageDiscord, - readMessagesDiscord, - removeChannelPermissionDiscord, - removeOwnReactionsDiscord, - removeReactionDiscord, - removeRoleDiscord, - searchMessagesDiscord, - sendDiscordComponentMessage, - sendMessageDiscord, - sendPollDiscord, - sendStickerDiscord, - sendVoiceMessageDiscord, - setChannelPermissionDiscord, - timeoutMemberDiscord, - unpinMessageDiscord, - uploadEmojiDiscord, - uploadStickerDiscord, -} from "../../extensions/discord/src/send.js"; -export { discordMessageActions } from "../../extensions/discord/src/channel-actions.js"; -export type { - ThreadBindingManager, - ThreadBindingRecord, - ThreadBindingTargetKind, -} from "../../extensions/discord/src/monitor/thread-bindings.js"; - -export { - buildComputedAccountStatusSnapshot, - buildTokenChannelStatusSummary, -} from "../plugin-sdk/status-helpers.js"; diff --git a/src/plugin-sdk-internal/imessage.ts b/src/plugin-sdk-internal/imessage.ts deleted file mode 100644 index 170dd7ff188..00000000000 --- a/src/plugin-sdk-internal/imessage.ts +++ /dev/null @@ -1,46 +0,0 @@ -export type { ResolvedIMessageAccount } from "../../extensions/imessage/src/accounts.js"; -export type { IMessageAccountConfig } from "../config/types.js"; -export * from "../plugin-sdk/channel-plugin-common.js"; -export { - listIMessageAccountIds, - resolveDefaultIMessageAccountId, - resolveIMessageAccount, -} from "../../extensions/imessage/src/accounts.js"; -export { - formatTrimmedAllowFromEntries, - resolveIMessageConfigAllowFrom, - resolveIMessageConfigDefaultTo, -} from "../plugin-sdk/channel-config-helpers.js"; -export { - looksLikeIMessageTargetId, - normalizeIMessageMessagingTarget, -} from "../channels/plugins/normalize/imessage.js"; -export { - createAllowedChatSenderMatcher, - parseChatAllowTargetPrefixes, - parseChatTargetPrefixesOrThrow, - resolveServicePrefixedChatTarget, - resolveServicePrefixedAllowTarget, - resolveServicePrefixedOrChatAllowTarget, - resolveServicePrefixedTarget, -} from "../../extensions/imessage/src/target-parsing-helpers.js"; -export type { - ChatSenderAllowParams, - ParsedChatTarget, -} from "../../extensions/imessage/src/target-parsing-helpers.js"; -export { sendMessageIMessage } from "../../extensions/imessage/src/send.js"; - -export { - resolveAllowlistProviderRuntimeGroupPolicy, - resolveDefaultGroupPolicy, -} from "../config/runtime-group-policy.js"; -export { - resolveIMessageGroupRequireMention, - resolveIMessageGroupToolPolicy, -} from "../channels/plugins/group-mentions.js"; -export { imessageSetupWizard } from "../../extensions/imessage/src/setup-surface.js"; -export { imessageSetupAdapter } from "../../extensions/imessage/src/setup-core.js"; -export { IMessageConfigSchema } from "../config/zod-schema.providers-core.js"; - -export { resolveChannelMediaMaxBytes } from "../channels/plugins/media-limits.js"; -export { collectStatusIssuesFromLastError } from "../plugin-sdk/status-helpers.js"; diff --git a/src/plugin-sdk-internal/signal.ts b/src/plugin-sdk-internal/signal.ts deleted file mode 100644 index 4594420af8d..00000000000 --- a/src/plugin-sdk-internal/signal.ts +++ /dev/null @@ -1,38 +0,0 @@ -export type { ChannelMessageActionAdapter } from "../channels/plugins/types.js"; -export type { ResolvedSignalAccount } from "../../extensions/signal/src/accounts.js"; -export type { SignalAccountConfig } from "../config/types.js"; -export * from "../plugin-sdk/channel-plugin-common.js"; -export { - listEnabledSignalAccounts, - listSignalAccountIds, - resolveDefaultSignalAccountId, - resolveSignalAccount, -} from "../../extensions/signal/src/accounts.js"; -export { resolveSignalReactionLevel } from "../../extensions/signal/src/reaction-level.js"; -export { - removeReactionSignal, - sendReactionSignal, -} from "../../extensions/signal/src/send-reactions.js"; -export { sendMessageSignal } from "../../extensions/signal/src/send.js"; -export { - looksLikeSignalTargetId, - normalizeSignalMessagingTarget, -} from "../channels/plugins/normalize/signal.js"; - -export { - resolveAllowlistProviderRuntimeGroupPolicy, - resolveDefaultGroupPolicy, -} from "../config/runtime-group-policy.js"; -export { signalSetupWizard } from "../../extensions/signal/src/setup-surface.js"; -export { signalSetupAdapter } from "../../extensions/signal/src/setup-core.js"; -export { SignalConfigSchema } from "../config/zod-schema.providers-core.js"; - -export { normalizeE164 } from "../utils.js"; -export { resolveChannelMediaMaxBytes } from "../channels/plugins/media-limits.js"; - -export { - buildBaseAccountStatusSnapshot, - buildBaseChannelStatusSummary, - collectStatusIssuesFromLastError, - createDefaultChannelRuntimeState, -} from "../plugin-sdk/status-helpers.js"; diff --git a/src/plugin-sdk-internal/slack.ts b/src/plugin-sdk-internal/slack.ts deleted file mode 100644 index abde5688cdb..00000000000 --- a/src/plugin-sdk-internal/slack.ts +++ /dev/null @@ -1,68 +0,0 @@ -export type { OpenClawConfig } from "../config/config.js"; -export type { SlackAccountConfig } from "../config/types.slack.js"; -export type { InspectedSlackAccount } from "../../extensions/slack/src/account-inspect.js"; -export type { ResolvedSlackAccount } from "../../extensions/slack/src/accounts.js"; -export * from "../plugin-sdk/channel-plugin-common.js"; -export { - listEnabledSlackAccounts, - listSlackAccountIds, - resolveDefaultSlackAccountId, - resolveSlackAccount, - resolveSlackReplyToMode, -} from "../../extensions/slack/src/accounts.js"; -export { isSlackInteractiveRepliesEnabled } from "../../extensions/slack/src/interactive-replies.js"; -export { inspectSlackAccount } from "../../extensions/slack/src/account-inspect.js"; -export { - projectCredentialSnapshotFields, - resolveConfiguredFromCredentialStatuses, - resolveConfiguredFromRequiredCredentialStatuses, -} from "../channels/account-snapshot-fields.js"; -export { - listSlackDirectoryGroupsFromConfig, - listSlackDirectoryPeersFromConfig, -} from "../channels/plugins/directory-config.js"; -export { - looksLikeSlackTargetId, - normalizeSlackMessagingTarget, -} from "../channels/plugins/normalize/slack.js"; -export { parseSlackTarget, resolveSlackChannelId } from "../plugin-sdk/slack-targets.js"; -export { - extractSlackToolSend, - listSlackMessageActions, -} from "../../extensions/slack/src/message-actions.js"; -export { buildSlackThreadingToolContext } from "../../extensions/slack/src/threading-tool-context.js"; -export { parseSlackBlocksInput } from "../../extensions/slack/src/blocks-input.js"; -export { handleSlackHttpRequest } from "../../extensions/slack/src/http/index.js"; -export { sendMessageSlack } from "../../extensions/slack/src/send.js"; -export { - deleteSlackMessage, - downloadSlackFile, - editSlackMessage, - getSlackMemberInfo, - listSlackEmojis, - listSlackPins, - listSlackReactions, - pinSlackMessage, - reactSlackMessage, - readSlackMessages, - removeOwnSlackReactions, - removeSlackReaction, - sendSlackMessage, - unpinSlackMessage, -} from "../../extensions/slack/src/actions.js"; -export { recordSlackThreadParticipation } from "../../extensions/slack/src/sent-thread-cache.js"; -export { buildComputedAccountStatusSnapshot } from "../plugin-sdk/status-helpers.js"; - -export { - resolveDefaultGroupPolicy, - resolveOpenProviderRuntimeGroupPolicy, -} from "../config/runtime-group-policy.js"; -export { - resolveSlackGroupRequireMention, - resolveSlackGroupToolPolicy, -} from "../channels/plugins/group-mentions.js"; -export { slackSetupAdapter } from "../../extensions/slack/src/setup-core.js"; -export { slackSetupWizard } from "../../extensions/slack/src/setup-surface.js"; -export { SlackConfigSchema } from "../config/zod-schema.providers-core.js"; - -export { handleSlackMessageAction } from "../plugin-sdk/slack-message-actions.js"; diff --git a/src/plugin-sdk-internal/telegram.ts b/src/plugin-sdk-internal/telegram.ts deleted file mode 100644 index bb983d690d1..00000000000 --- a/src/plugin-sdk-internal/telegram.ts +++ /dev/null @@ -1,113 +0,0 @@ -export type { - ChannelAccountSnapshot, - ChannelGatewayContext, - ChannelMessageActionAdapter, -} from "../channels/plugins/types.js"; -export type { ChannelPlugin } from "../channels/plugins/types.plugin.js"; -export type { OpenClawConfig } from "../config/config.js"; -export type { PluginRuntime } from "../plugins/runtime/types.js"; -export type { OpenClawPluginApi } from "../plugins/types.js"; -export type { TelegramAccountConfig, TelegramActionConfig } from "../config/types.js"; -export type { InspectedTelegramAccount } from "../../extensions/telegram/src/account-inspect.js"; -export type { ResolvedTelegramAccount } from "../../extensions/telegram/src/accounts.js"; -export type { TelegramProbe } from "../../extensions/telegram/src/probe.js"; -export type { - TelegramButtonStyle, - TelegramInlineButtons, -} from "../../extensions/telegram/src/button-types.js"; - -export { emptyPluginConfigSchema } from "../plugins/config-schema.js"; - -export { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../routing/session-key.js"; - -export { - applyAccountNameToChannelSection, - migrateBaseNameToDefaultAccount, -} from "../channels/plugins/setup-helpers.js"; -export { buildChannelConfigSchema } from "../channels/plugins/config-schema.js"; -export { - deleteAccountFromConfigSection, - clearAccountEntryFields, - setAccountEnabledInConfigSection, -} from "../channels/plugins/config-helpers.js"; -export { formatPairingApproveHint } from "../channels/plugins/helpers.js"; -export { PAIRING_APPROVED_MESSAGE } from "../channels/plugins/pairing-message.js"; - -export { getChatChannelMeta } from "../channels/registry.js"; - -export { - createTelegramActionGate, - listTelegramAccountIds, - resolveDefaultTelegramAccountId, - resolveTelegramPollActionGateState, - resolveTelegramAccount, -} from "../../extensions/telegram/src/accounts.js"; -export { inspectTelegramAccount } from "../../extensions/telegram/src/account-inspect.js"; -export { - projectCredentialSnapshotFields, - resolveConfiguredFromCredentialStatuses, -} from "../channels/account-snapshot-fields.js"; -export { - listTelegramDirectoryGroupsFromConfig, - listTelegramDirectoryPeersFromConfig, -} from "../channels/plugins/directory-config.js"; -export { - looksLikeTelegramTargetId, - normalizeTelegramMessagingTarget, -} from "../../extensions/telegram/src/normalize.js"; -export { - parseTelegramReplyToMessageId, - parseTelegramThreadId, -} from "../../extensions/telegram/src/outbound-params.js"; -export { - isNumericTelegramUserId, - normalizeTelegramAllowFromEntry, -} from "../../extensions/telegram/src/allow-from.js"; -export { fetchTelegramChatId } from "../../extensions/telegram/src/api-fetch.js"; -export { - resolveTelegramInlineButtonsScope, - resolveTelegramTargetChatType, -} from "../../extensions/telegram/src/inline-buttons.js"; -export { resolveTelegramReactionLevel } from "../../extensions/telegram/src/reaction-level.js"; -export { - createForumTopicTelegram, - deleteMessageTelegram, - editForumTopicTelegram, - editMessageTelegram, - reactMessageTelegram, - sendMessageTelegram, - sendPollTelegram, - sendStickerTelegram, -} from "../../extensions/telegram/src/send.js"; -export { getCacheStats, searchStickers } from "../../extensions/telegram/src/sticker-cache.js"; -export { resolveTelegramToken } from "../../extensions/telegram/src/token.js"; -export { telegramMessageActions } from "../../extensions/telegram/src/channel-actions.js"; -export { collectTelegramStatusIssues } from "../../extensions/telegram/src/status-issues.js"; -export { sendTelegramPayloadMessages } from "../../extensions/telegram/src/outbound-adapter.js"; -export { - buildBrowseProvidersButton, - buildModelsKeyboard, - buildProviderKeyboard, - calculateTotalPages, - getModelsPageSize, - type ProviderInfo, -} from "../../extensions/telegram/src/model-buttons.js"; -export { - isTelegramExecApprovalApprover, - isTelegramExecApprovalClientEnabled, -} from "../../extensions/telegram/src/exec-approvals.js"; -export type { StickerMetadata } from "../../extensions/telegram/src/bot/types.js"; - -export { - resolveAllowlistProviderRuntimeGroupPolicy, - resolveDefaultGroupPolicy, -} from "../config/runtime-group-policy.js"; -export { - resolveTelegramGroupRequireMention, - resolveTelegramGroupToolPolicy, -} from "../channels/plugins/group-mentions.js"; -export { telegramSetupWizard } from "../../extensions/telegram/src/setup-surface.js"; -export { telegramSetupAdapter } from "../../extensions/telegram/src/setup-core.js"; -export { TelegramConfigSchema } from "../config/zod-schema.providers-core.js"; - -export { buildTokenChannelStatusSummary } from "../plugin-sdk/status-helpers.js"; diff --git a/src/plugin-sdk-internal/whatsapp.ts b/src/plugin-sdk-internal/whatsapp.ts deleted file mode 100644 index a1871198c70..00000000000 --- a/src/plugin-sdk-internal/whatsapp.ts +++ /dev/null @@ -1,108 +0,0 @@ -export type { ChannelMessageActionName } from "../channels/plugins/types.js"; -export type { ChannelPlugin } from "../channels/plugins/types.plugin.js"; -export type { OpenClawConfig } from "../config/config.js"; -export type { DmPolicy, GroupPolicy, WhatsAppAccountConfig } from "../config/types.js"; -export type { PluginRuntime } from "../plugins/runtime/types.js"; -export type { OpenClawPluginApi } from "../plugins/types.js"; - -export { emptyPluginConfigSchema } from "../plugins/config-schema.js"; - -export { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../routing/session-key.js"; - -export { - applyAccountNameToChannelSection, - migrateBaseNameToDefaultAccount, -} from "../channels/plugins/setup-helpers.js"; -export { buildChannelConfigSchema } from "../channels/plugins/config-schema.js"; -export { formatPairingApproveHint } from "../channels/plugins/helpers.js"; - -export { getChatChannelMeta } from "../channels/registry.js"; -export { - formatWhatsAppConfigAllowFromEntries, - resolveWhatsAppConfigAllowFrom, - resolveWhatsAppConfigDefaultTo, -} from "../plugin-sdk/channel-config-helpers.js"; -export { - listWhatsAppDirectoryGroupsFromConfig, - listWhatsAppDirectoryPeersFromConfig, -} from "../channels/plugins/directory-config.js"; -export { - hasAnyWhatsAppAuth, - listEnabledWhatsAppAccounts, - resolveWhatsAppAccount, -} from "../../extensions/whatsapp/src/accounts.js"; -export { - WA_WEB_AUTH_DIR, - logWebSelfId, - logoutWeb, - pickWebChannel, - webAuthExists, -} from "../../extensions/whatsapp/src/auth-store.js"; -export { - DEFAULT_WEB_MEDIA_BYTES, - HEARTBEAT_PROMPT, - HEARTBEAT_TOKEN, - monitorWebChannel, - resolveHeartbeatRecipients, - runWebHeartbeatOnce, -} from "../../extensions/whatsapp/src/auto-reply.js"; -export type { - WebChannelStatus, - WebMonitorTuning, -} from "../../extensions/whatsapp/src/auto-reply.js"; -export { - extractMediaPlaceholder, - extractText, - monitorWebInbox, -} from "../../extensions/whatsapp/src/inbound.js"; -export type { - WebInboundMessage, - WebListenerCloseReason, -} from "../../extensions/whatsapp/src/inbound.js"; -export { loginWeb } from "../../extensions/whatsapp/src/login.js"; -export { - getDefaultLocalRoots, - loadWebMedia, - loadWebMediaRaw, - optimizeImageToJpeg, -} from "../../extensions/whatsapp/src/media.js"; -export { - sendMessageWhatsApp, - sendPollWhatsApp, - sendReactionWhatsApp, -} from "../../extensions/whatsapp/src/send.js"; -export { - createWaSocket, - formatError, - getStatusCode, - waitForWaConnection, -} from "../../extensions/whatsapp/src/session.js"; -export { createWhatsAppLoginTool } from "../../extensions/whatsapp/src/agent-tools-login.js"; -export { normalizeWhatsAppAllowFromEntries } from "../channels/plugins/normalize/whatsapp.js"; -export { - collectAllowlistProviderGroupPolicyWarnings, - collectOpenGroupPolicyRouteAllowlistWarnings, -} from "../channels/plugins/group-policy-warnings.js"; -export { buildAccountScopedDmSecurityPolicy } from "../channels/plugins/helpers.js"; -export { resolveWhatsAppOutboundTarget } from "../whatsapp/resolve-outbound-target.js"; - -export { - resolveAllowlistProviderRuntimeGroupPolicy, - resolveDefaultGroupPolicy, -} from "../config/runtime-group-policy.js"; -export { - resolveWhatsAppGroupRequireMention, - resolveWhatsAppGroupToolPolicy, -} from "../channels/plugins/group-mentions.js"; -export { - createWhatsAppOutboundBase, - resolveWhatsAppGroupIntroHint, - resolveWhatsAppMentionStripRegexes, -} from "../channels/plugins/whatsapp-shared.js"; -export { resolveWhatsAppHeartbeatRecipients } from "../channels/plugins/whatsapp-heartbeat.js"; -export { WhatsAppConfigSchema } from "../config/zod-schema.providers-whatsapp.js"; - -export { createActionGate, readStringParam } from "../agents/tools/common.js"; -export { createPluginRuntimeStore } from "../plugin-sdk/runtime-store.js"; - -export { normalizeE164 } from "../utils.js"; diff --git a/src/plugin-sdk/account-resolution.ts b/src/plugin-sdk/account-resolution.ts index 4aceec2c945..f5f1229a798 100644 --- a/src/plugin-sdk/account-resolution.ts +++ b/src/plugin-sdk/account-resolution.ts @@ -1,3 +1,26 @@ +export type { OpenClawConfig } from "../config/config.js"; + +export { createAccountActionGate } from "../channels/plugins/account-action-gate.js"; +export { createAccountListHelpers } from "../channels/plugins/account-helpers.js"; +export { normalizeChatType } from "../channels/chat-type.js"; +export { resolveAccountEntry } from "../routing/account-lookup.js"; +export { + DEFAULT_ACCOUNT_ID, + normalizeAccountId, + normalizeOptionalAccountId, +} from "../routing/session-key.js"; +export { normalizeE164, pathExists, resolveUserPath } from "../utils.js"; +export { + resolveDiscordAccount, + type ResolvedDiscordAccount, +} from "../../extensions/discord/api.js"; +export { resolveSlackAccount, type ResolvedSlackAccount } from "../../extensions/slack/api.js"; +export { + resolveTelegramAccount, + type ResolvedTelegramAccount, +} from "../../extensions/telegram/api.js"; +export { resolveSignalAccount, type ResolvedSignalAccount } from "../../extensions/signal/api.js"; + /** Resolve an account by id, then fall back to the default account when the primary lacks credentials. */ export function resolveAccountWithDefaultFallback(params: { accountId?: string | null; diff --git a/src/plugin-sdk/acp-runtime.ts b/src/plugin-sdk/acp-runtime.ts new file mode 100644 index 00000000000..c50c36419bb --- /dev/null +++ b/src/plugin-sdk/acp-runtime.ts @@ -0,0 +1,6 @@ +// Public ACP runtime helpers for plugins that integrate with ACP control/session state. + +export { getAcpSessionManager } from "../acp/control-plane/manager.js"; +export { isAcpRuntimeError } from "../acp/runtime/errors.js"; +export { readAcpSessionEntry } from "../acp/runtime/session-meta.js"; +export type { AcpSessionStoreEntry } from "../acp/runtime/session-meta.js"; diff --git a/src/plugin-sdk/agent-runtime.ts b/src/plugin-sdk/agent-runtime.ts new file mode 100644 index 00000000000..03490dc8432 --- /dev/null +++ b/src/plugin-sdk/agent-runtime.ts @@ -0,0 +1,29 @@ +// Public agent/model/runtime helpers for plugins that integrate with core agent flows. + +export * from "../agents/agent-scope.js"; +export * from "../agents/auth-profiles.js"; +export * from "../agents/current-time.js"; +export * from "../agents/defaults.js"; +export * from "../agents/identity-avatar.js"; +export * from "../agents/identity.js"; +export * from "../agents/model-auth-markers.js"; +export * from "../agents/model-auth.js"; +export * from "../agents/model-catalog.js"; +export * from "../agents/model-selection.js"; +export * from "../agents/pi-embedded-block-chunker.js"; +export * from "../agents/pi-embedded-utils.js"; +export * from "../agents/provider-id.js"; +export * from "../agents/schema/typebox.js"; +export * from "../agents/sglang-defaults.js"; +export * from "../agents/tools/common.js"; +export * from "../agents/tools/discord-actions-shared.js"; +export * from "../agents/tools/discord-actions.js"; +export * from "../agents/tools/telegram-actions.js"; +export * from "../agents/tools/web-guarded-fetch.js"; +export * from "../agents/tools/web-shared.js"; +export * from "../agents/tools/discord-actions-moderation-shared.js"; +export * from "../agents/tools/web-fetch-utils.js"; +export * from "../agents/vllm-defaults.js"; +// Intentional public runtime surface: channel plugins use ingress agent helpers directly. +export * from "../agents/agent-command.js"; +export * from "../tts/tts.js"; diff --git a/src/plugin-sdk/allowlist-config-edit.ts b/src/plugin-sdk/allowlist-config-edit.ts index c9f2a92e3be..e92e4cb8551 100644 --- a/src/plugin-sdk/allowlist-config-edit.ts +++ b/src/plugin-sdk/allowlist-config-edit.ts @@ -11,6 +11,16 @@ type AllowlistConfigPaths = { cleanupPaths?: string[][]; }; +const LEGACY_DM_ALLOWLIST_CONFIG_PATHS: AllowlistConfigPaths = { + readPaths: [["allowFrom"], ["dm", "allowFrom"]], + writePath: ["allowFrom"], + cleanupPaths: [["dm", "allowFrom"]], +}; + +export function resolveLegacyDmAllowlistConfigPaths(scope: "dm" | "group") { + return scope === "dm" ? LEGACY_DM_ALLOWLIST_CONFIG_PATHS : null; +} + function resolveAccountScopedWriteTarget( parsed: Record, channelId: ChannelId, diff --git a/src/plugin-sdk/bluebubbles.ts b/src/plugin-sdk/bluebubbles.ts index 6375bdea76c..88300031290 100644 --- a/src/plugin-sdk/bluebubbles.ts +++ b/src/plugin-sdk/bluebubbles.ts @@ -62,13 +62,13 @@ export { export { buildSecretInputSchema } from "./secret-input-schema.js"; export { ToolPolicySchema } from "../config/zod-schema.agent-runtime.js"; export { MarkdownConfigSchema } from "../config/zod-schema.core.js"; -export type { ParsedChatTarget } from "../../extensions/imessage/src/target-parsing-helpers.js"; +export type { ParsedChatTarget } from "../../extensions/imessage/api.js"; export { parseChatAllowTargetPrefixes, parseChatTargetPrefixesOrThrow, resolveServicePrefixedAllowTarget, resolveServicePrefixedTarget, -} from "../../extensions/imessage/src/target-parsing-helpers.js"; +} from "../../extensions/imessage/api.js"; export { stripMarkdown } from "../line/markdown-to-line.js"; export { parseFiniteNumber } from "../infra/parse-finite-number.js"; export { emptyPluginConfigSchema } from "../plugins/config-schema.js"; diff --git a/src/plugin-sdk/channel-config-helpers.ts b/src/plugin-sdk/channel-config-helpers.ts index 564bc86bc68..556e2a0c1c1 100644 --- a/src/plugin-sdk/channel-config-helpers.ts +++ b/src/plugin-sdk/channel-config-helpers.ts @@ -2,6 +2,13 @@ import { deleteAccountFromConfigSection, setAccountEnabledInConfigSection, } from "../channels/plugins/config-helpers.js"; +import { + collectAllowlistProviderGroupPolicyWarnings, + collectAllowlistProviderRestrictSendersWarnings, + collectOpenGroupPolicyConfiguredRouteWarnings, + collectOpenGroupPolicyRouteAllowlistWarnings, + collectOpenProviderGroupPolicyWarnings, +} from "../channels/plugins/group-policy-warnings.js"; import { buildAccountScopedDmSecurityPolicy } from "../channels/plugins/helpers.js"; import { normalizeWhatsAppAllowFromEntries } from "../channels/plugins/normalize/whatsapp.js"; import { getChannelPlugin } from "../channels/plugins/registry.js"; @@ -149,6 +156,15 @@ export function createScopedDmSecurityResolver< }); } +export { buildAccountScopedDmSecurityPolicy }; +export { + collectAllowlistProviderGroupPolicyWarnings, + collectAllowlistProviderRestrictSendersWarnings, + collectOpenGroupPolicyConfiguredRouteWarnings, + collectOpenGroupPolicyRouteAllowlistWarnings, + collectOpenProviderGroupPolicyWarnings, +}; + /** Read the effective WhatsApp allowlist through the active plugin contract. */ export function resolveWhatsAppConfigAllowFrom(params: { cfg: OpenClawConfig; diff --git a/src/plugin-sdk/channel-config-schema.ts b/src/plugin-sdk/channel-config-schema.ts new file mode 100644 index 00000000000..bbf6191ae75 --- /dev/null +++ b/src/plugin-sdk/channel-config-schema.ts @@ -0,0 +1,7 @@ +/** Shared config-schema primitives for channel plugins with DM/group policy knobs. */ +export { + AllowFromListSchema, + buildCatchallMultiAccountChannelSchema, + buildNestedDmConfigSchema, +} from "../channels/plugins/config-schema.js"; +export { DmPolicySchema, GroupPolicySchema } from "../config/zod-schema.core.js"; diff --git a/src/plugin-sdk/channel-import-guardrails.test.ts b/src/plugin-sdk/channel-import-guardrails.test.ts new file mode 100644 index 00000000000..7321adb1264 --- /dev/null +++ b/src/plugin-sdk/channel-import-guardrails.test.ts @@ -0,0 +1,302 @@ +import { readdirSync, readFileSync } from "node:fs"; +import { dirname, resolve } from "node:path"; +import { fileURLToPath } from "node:url"; +import { describe, expect, it } from "vitest"; + +const ROOT_DIR = resolve(dirname(fileURLToPath(import.meta.url)), ".."); +const ALLOWED_EXTENSION_PUBLIC_SEAMS = new Set([ + "api.js", + "index.js", + "login-qr-api.js", + "runtime-api.js", + "setup-entry.js", +]); +const GUARDED_CHANNEL_EXTENSIONS = new Set([ + "bluebubbles", + "discord", + "feishu", + "googlechat", + "imessage", + "irc", + "line", + "matrix", + "mattermost", + "msteams", + "nextcloud-talk", + "nostr", + "signal", + "slack", + "synology-chat", + "telegram", + "tlon", + "twitch", + "whatsapp", + "zalo", + "zalouser", +]); + +type GuardedSource = { + path: string; + forbiddenPatterns: RegExp[]; +}; + +const SAME_CHANNEL_SDK_GUARDS: GuardedSource[] = [ + { + path: "extensions/discord/src/shared.ts", + forbiddenPatterns: [/["']openclaw\/plugin-sdk\/discord["']/, /plugin-sdk-internal\/discord/], + }, + { + path: "extensions/slack/src/shared.ts", + forbiddenPatterns: [/["']openclaw\/plugin-sdk\/slack["']/, /plugin-sdk-internal\/slack/], + }, + { + path: "extensions/telegram/src/shared.ts", + forbiddenPatterns: [/["']openclaw\/plugin-sdk\/telegram["']/, /plugin-sdk-internal\/telegram/], + }, + { + path: "extensions/imessage/src/shared.ts", + forbiddenPatterns: [/["']openclaw\/plugin-sdk\/imessage["']/, /plugin-sdk-internal\/imessage/], + }, + { + path: "extensions/whatsapp/src/shared.ts", + forbiddenPatterns: [/["']openclaw\/plugin-sdk\/whatsapp["']/, /plugin-sdk-internal\/whatsapp/], + }, + { + path: "extensions/signal/src/shared.ts", + forbiddenPatterns: [/["']openclaw\/plugin-sdk\/signal["']/, /plugin-sdk-internal\/signal/], + }, +]; + +const SETUP_BARREL_GUARDS: GuardedSource[] = [ + { + path: "extensions/signal/src/setup-core.ts", + forbiddenPatterns: [/\bformatCliCommand\b/, /\bformatDocsLink\b/], + }, + { + path: "extensions/signal/src/setup-surface.ts", + forbiddenPatterns: [ + /\bdetectBinary\b/, + /\binstallSignalCli\b/, + /\bformatCliCommand\b/, + /\bformatDocsLink\b/, + ], + }, + { + path: "extensions/slack/src/setup-core.ts", + forbiddenPatterns: [/\bformatDocsLink\b/], + }, + { + path: "extensions/slack/src/setup-surface.ts", + forbiddenPatterns: [/\bformatDocsLink\b/], + }, + { + path: "extensions/discord/src/setup-core.ts", + forbiddenPatterns: [/\bformatDocsLink\b/], + }, + { + path: "extensions/discord/src/setup-surface.ts", + forbiddenPatterns: [/\bformatDocsLink\b/], + }, + { + path: "extensions/imessage/src/setup-core.ts", + forbiddenPatterns: [/\bformatDocsLink\b/], + }, + { + path: "extensions/imessage/src/setup-surface.ts", + forbiddenPatterns: [/\bdetectBinary\b/, /\bformatDocsLink\b/], + }, + { + path: "extensions/telegram/src/setup-core.ts", + forbiddenPatterns: [/\bformatCliCommand\b/, /\bformatDocsLink\b/], + }, + { + path: "extensions/whatsapp/src/setup-surface.ts", + forbiddenPatterns: [/\bformatCliCommand\b/, /\bformatDocsLink\b/], + }, +]; + +function readSource(path: string): string { + return readFileSync(resolve(ROOT_DIR, "..", path), "utf8"); +} + +function readSetupBarrelImportBlock(path: string): string { + const lines = readSource(path).split("\n"); + const targetLineIndex = lines.findIndex((line) => + /from\s*"[^"]*plugin-sdk(?:-internal)?\/setup(?:\.js)?";/.test(line), + ); + if (targetLineIndex === -1) { + return ""; + } + let startLineIndex = targetLineIndex; + while (startLineIndex >= 0 && !lines[startLineIndex].includes("import")) { + startLineIndex -= 1; + } + return lines.slice(startLineIndex, targetLineIndex + 1).join("\n"); +} + +function collectExtensionSourceFiles(): string[] { + const extensionsDir = resolve(ROOT_DIR, "..", "extensions"); + const sharedExtensionsDir = resolve(extensionsDir, "shared"); + const files: string[] = []; + const stack = [extensionsDir]; + while (stack.length > 0) { + const current = stack.pop(); + if (!current) { + continue; + } + for (const entry of readdirSync(current, { withFileTypes: true })) { + const fullPath = resolve(current, entry.name); + if (entry.isDirectory()) { + if (entry.name === "node_modules" || entry.name === "dist" || entry.name === "coverage") { + continue; + } + stack.push(fullPath); + continue; + } + if (!entry.isFile() || !/\.(?:[cm]?ts|[cm]?js|tsx|jsx)$/u.test(entry.name)) { + continue; + } + if (entry.name.endsWith(".d.ts") || fullPath.includes(sharedExtensionsDir)) { + continue; + } + if (fullPath.includes(`${resolve(ROOT_DIR, "..", "extensions")}/shared/`)) { + continue; + } + if ( + fullPath.includes(".test.") || + fullPath.includes(".fixture.") || + fullPath.includes(".snap") || + fullPath.includes("test-support") || + fullPath.endsWith("/api.ts") || + fullPath.endsWith("/runtime-api.ts") + ) { + continue; + } + files.push(fullPath); + } + } + return files; +} + +function collectCoreSourceFiles(): string[] { + const srcDir = resolve(ROOT_DIR, "..", "src"); + const files: string[] = []; + const stack = [srcDir]; + while (stack.length > 0) { + const current = stack.pop(); + if (!current) { + continue; + } + for (const entry of readdirSync(current, { withFileTypes: true })) { + const fullPath = resolve(current, entry.name); + if (entry.isDirectory()) { + if (entry.name === "node_modules" || entry.name === "dist" || entry.name === "coverage") { + continue; + } + stack.push(fullPath); + continue; + } + if (!entry.isFile() || !/\.(?:[cm]?ts|[cm]?js|tsx|jsx)$/u.test(entry.name)) { + continue; + } + if (entry.name.endsWith(".d.ts")) { + continue; + } + if ( + fullPath.includes(".test.") || + fullPath.includes(".spec.") || + fullPath.includes(".fixture.") || + fullPath.includes(".snap") + ) { + continue; + } + files.push(fullPath); + } + } + return files; +} + +function collectExtensionImports(text: string): string[] { + return [...text.matchAll(/["']([^"']*extensions\/[^"']+\.(?:[cm]?[jt]sx?))["']/g)].map( + (match) => match[1] ?? "", + ); +} + +function expectOnlyApprovedExtensionSeams(file: string, imports: string[]): void { + for (const specifier of imports) { + const normalized = specifier.replaceAll("\\", "/"); + const extensionId = normalized.match(/extensions\/([^/]+)\//)?.[1] ?? null; + if (!extensionId || !GUARDED_CHANNEL_EXTENSIONS.has(extensionId)) { + continue; + } + const basename = normalized.split("/").at(-1) ?? ""; + expect( + ALLOWED_EXTENSION_PUBLIC_SEAMS.has(basename), + `${file} should only import approved extension seams, got ${specifier}`, + ).toBe(true); + } +} + +describe("channel import guardrails", () => { + it("keeps channel helper modules off their own SDK barrels", () => { + for (const source of SAME_CHANNEL_SDK_GUARDS) { + const text = readSource(source.path); + for (const pattern of source.forbiddenPatterns) { + expect(text, `${source.path} should not match ${pattern}`).not.toMatch(pattern); + } + } + }); + + it("keeps setup barrels limited to setup primitives", () => { + for (const source of SETUP_BARREL_GUARDS) { + const importBlock = readSetupBarrelImportBlock(source.path); + for (const pattern of source.forbiddenPatterns) { + expect(importBlock, `${source.path} setup import should not match ${pattern}`).not.toMatch( + pattern, + ); + } + } + }); + + it("keeps bundled extension source files off root and compat plugin-sdk imports", () => { + for (const file of collectExtensionSourceFiles()) { + const text = readFileSync(file, "utf8"); + expect(text, `${file} should not import openclaw/plugin-sdk root`).not.toMatch( + /["']openclaw\/plugin-sdk["']/, + ); + expect(text, `${file} should not import openclaw/plugin-sdk/compat`).not.toMatch( + /["']openclaw\/plugin-sdk\/compat["']/, + ); + } + }); + + it("keeps core production files off extension private src imports", () => { + for (const file of collectCoreSourceFiles()) { + const text = readFileSync(file, "utf8"); + expect(text, `${file} should not import extensions/*/src`).not.toMatch( + /["'][^"']*extensions\/[^/"']+\/src\//, + ); + } + }); + + it("keeps extension production files off other extensions' private src imports", () => { + for (const file of collectExtensionSourceFiles()) { + const text = readFileSync(file, "utf8"); + expect(text, `${file} should not import another extension's src`).not.toMatch( + /["'][^"']*\.\.\/(?:\.\.\/)?(?!src\/)[^/"']+\/src\//, + ); + } + }); + + it("keeps core extension imports limited to approved public seams", () => { + for (const file of collectCoreSourceFiles()) { + expectOnlyApprovedExtensionSeams(file, collectExtensionImports(readFileSync(file, "utf8"))); + } + }); + + it("keeps extension-to-extension imports limited to approved public seams", () => { + for (const file of collectExtensionSourceFiles()) { + expectOnlyApprovedExtensionSeams(file, collectExtensionImports(readFileSync(file, "utf8"))); + } + }); +}); diff --git a/src/plugin-sdk/channel-policy.ts b/src/plugin-sdk/channel-policy.ts new file mode 100644 index 00000000000..62538b68dd6 --- /dev/null +++ b/src/plugin-sdk/channel-policy.ts @@ -0,0 +1,19 @@ +/** Shared policy warnings and DM/group policy helpers for channel plugins. */ +export { + buildOpenGroupPolicyConfigureRouteAllowlistWarning, + buildOpenGroupPolicyRestrictSendersWarning, + buildOpenGroupPolicyWarning, + collectAllowlistProviderGroupPolicyWarnings, + collectAllowlistProviderRestrictSendersWarnings, + collectOpenGroupPolicyRestrictSendersWarnings, + collectOpenGroupPolicyRouteAllowlistWarnings, + collectOpenProviderGroupPolicyWarnings, +} from "../channels/plugins/group-policy-warnings.js"; +export { buildAccountScopedDmSecurityPolicy } from "../channels/plugins/helpers.js"; +export { resolveChannelGroupRequireMention } from "../config/group-policy.js"; +export { + DM_GROUP_ACCESS_REASON, + readStoreAllowFromForDmPolicy, + resolveDmGroupAccessWithLists, + resolveEffectiveAllowFromLists, +} from "../security/dm-policy-shared.js"; diff --git a/src/plugin-sdk/channel-runtime.ts b/src/plugin-sdk/channel-runtime.ts new file mode 100644 index 00000000000..fad81c36d59 --- /dev/null +++ b/src/plugin-sdk/channel-runtime.ts @@ -0,0 +1,54 @@ +// Shared channel/runtime helpers for plugins. Channel plugins should use this +// surface instead of reaching into src/channels or adjacent infra modules. + +export * from "../channels/ack-reactions.js"; +export * from "../channels/allow-from.js"; +export * from "../channels/allowlists/resolve-utils.js"; +export * from "../channels/allowlist-match.js"; +export * from "../channels/channel-config.js"; +export * from "../channels/chat-type.js"; +export * from "../channels/command-gating.js"; +export * from "../channels/conversation-label.js"; +export * from "../channels/draft-stream-controls.js"; +export * from "../channels/draft-stream-loop.js"; +export * from "../channels/inbound-debounce-policy.js"; +export * from "../channels/location.js"; +export * from "../channels/logging.js"; +export * from "../channels/mention-gating.js"; +export * from "../channels/native-command-session-targets.js"; +export * from "../channels/reply-prefix.js"; +export * from "../channels/run-state-machine.js"; +export * from "../channels/session.js"; +export * from "../channels/session-envelope.js"; +export * from "../channels/session-meta.js"; +export * from "../channels/status-reactions.js"; +export * from "../channels/targets.js"; +export * from "../channels/thread-binding-id.js"; +export * from "../channels/thread-bindings-messages.js"; +export * from "../channels/thread-bindings-policy.js"; +export * from "../channels/transport/stall-watchdog.js"; +export * from "../channels/typing.js"; +export * from "../channels/plugins/actions/reaction-message-id.js"; +export * from "../channels/plugins/actions/shared.js"; +export type * from "../channels/plugins/types.js"; +export * from "../channels/plugins/config-writes.js"; +export * from "../channels/plugins/directory-config.js"; +export * from "../channels/plugins/media-payload.js"; +export * from "../channels/plugins/normalize/signal.js"; +export * from "../channels/plugins/normalize/whatsapp.js"; +export * from "../channels/plugins/outbound/direct-text-media.js"; +export * from "../channels/plugins/outbound/interactive.js"; +export * from "../channels/plugins/status-issues/shared.js"; +export * from "../channels/plugins/whatsapp-heartbeat.js"; +export * from "../infra/outbound/send-deps.js"; +export * from "../utils/message-channel.js"; +export * from "./channel-lifecycle.js"; +export type { + InteractiveButtonStyle, + InteractiveReplyButton, + InteractiveReply, +} from "../interactive/payload.js"; +export { + normalizeInteractiveReply, + resolveInteractiveTextFallback, +} from "../interactive/payload.js"; diff --git a/src/plugin-sdk/cli-runtime.ts b/src/plugin-sdk/cli-runtime.ts new file mode 100644 index 00000000000..23a881da23a --- /dev/null +++ b/src/plugin-sdk/cli-runtime.ts @@ -0,0 +1,6 @@ +// Public CLI/output helpers for plugins that share terminal-facing command behavior. + +export * from "../cli/command-format.js"; +export * from "../cli/parse-duration.js"; +export * from "../cli/wait.js"; +export * from "../version.js"; diff --git a/src/plugin-sdk/compat.ts b/src/plugin-sdk/compat.ts index 8e893de15df..ad8d9ff5293 100644 --- a/src/plugin-sdk/compat.ts +++ b/src/plugin-sdk/compat.ts @@ -1 +1,44 @@ -export * from "./index.js"; +// Legacy compat surface for external plugins that still depend on older +// broad plugin-sdk imports. Keep this file intentionally small. + +const shouldWarnCompatImport = + process.env.VITEST !== "true" && + process.env.NODE_ENV !== "test" && + process.env.OPENCLAW_SUPPRESS_PLUGIN_SDK_COMPAT_WARNING !== "1"; + +if (shouldWarnCompatImport) { + process.emitWarning( + "openclaw/plugin-sdk/compat is deprecated for new plugins. Migrate to focused openclaw/plugin-sdk/ imports.", + { + code: "OPENCLAW_PLUGIN_SDK_COMPAT_DEPRECATED", + detail: + "Bundled plugins must use scoped plugin-sdk subpaths. External plugins may keep compat temporarily while migrating.", + }, + ); +} + +export { emptyPluginConfigSchema } from "../plugins/config-schema.js"; +export { resolveControlCommandGate } from "../channels/command-gating.js"; + +export { createAccountStatusSink } from "./channel-lifecycle.js"; +export { createPluginRuntimeStore } from "./runtime-store.js"; +export { KeyedAsyncQueue } from "./keyed-async-queue.js"; + +export { + createScopedAccountConfigAccessors, + createScopedChannelConfigBase, + createScopedDmSecurityResolver, + mapAllowFromEntries, +} from "./channel-config-helpers.js"; +export { formatAllowFromLowercase, formatNormalizedAllowFromEntries } from "./allow-from.js"; +export * from "./channel-config-schema.js"; +export * from "./channel-policy.js"; +export * from "./reply-history.js"; +export * from "./directory-runtime.js"; +export { mapAllowlistResolutionInputs } from "./allowlist-resolution.js"; + +export { + resolveBlueBubblesGroupRequireMention, + resolveBlueBubblesGroupToolPolicy, +} from "../channels/plugins/group-mentions.js"; +export { collectBlueBubblesStatusIssues } from "../channels/plugins/status-issues/bluebubbles.js"; diff --git a/src/plugin-sdk/config-runtime.ts b/src/plugin-sdk/config-runtime.ts new file mode 100644 index 00000000000..67b2ec82fee --- /dev/null +++ b/src/plugin-sdk/config-runtime.ts @@ -0,0 +1,42 @@ +// Shared config/runtime boundary for plugins that need config loading, +// config writes, or session-store helpers without importing src internals. + +export * from "../config/config.js"; +export * from "../config/markdown-tables.js"; +export * from "../config/group-policy.js"; +export * from "../config/runtime-group-policy.js"; +export * from "../config/commands.js"; +export * from "../config/discord-preview-streaming.js"; +export * from "../config/io.js"; +export * from "../config/telegram-custom-commands.js"; +export * from "../config/talk.js"; +export * from "../config/agent-limits.js"; +export * from "../cron/store.js"; +export * from "../sessions/model-overrides.js"; +export type * from "../config/types.slack.js"; +export { + loadSessionStore, + readSessionUpdatedAt, + recordSessionMetaFromInbound, + resolveSessionKey, + resolveStorePath, + updateLastRoute, + updateSessionStore, + type SessionResetMode, + type SessionScope, +} from "../config/sessions.js"; +export { resolveGroupSessionKey } from "../config/sessions/group.js"; +export { + evaluateSessionFreshness, + resolveChannelResetConfig, + resolveSessionResetPolicy, + resolveSessionResetType, + resolveThreadFlag, +} from "../config/sessions/reset.js"; +export { resolveSessionStoreEntry } from "../config/sessions/store.js"; +export { isDangerousNameMatchingEnabled } from "../config/dangerous-name-matching.js"; +export { + hasConfiguredSecretInput, + normalizeResolvedSecretInputString, + normalizeSecretInputString, +} from "../config/types.secrets.js"; diff --git a/src/plugin-sdk/conversation-runtime.ts b/src/plugin-sdk/conversation-runtime.ts new file mode 100644 index 00000000000..66b7e3b938f --- /dev/null +++ b/src/plugin-sdk/conversation-runtime.ts @@ -0,0 +1,78 @@ +// Public binding helpers for both runtime plugin-owned bindings and +// config-driven channel bindings. + +export { + createConversationBindingRecord, + getConversationBindingCapabilities, + listSessionBindingRecords, + resolveConversationBindingRecord, + touchConversationBindingRecord, + unbindConversationBindingRecord, +} from "../bindings/records.js"; +export { + ensureConfiguredBindingRouteReady, + resolveConfiguredBindingRoute, + type ConfiguredBindingRouteResult, +} from "../channels/plugins/binding-routing.js"; +export { + primeConfiguredBindingRegistry, + resolveConfiguredBinding, + resolveConfiguredBindingRecord, + resolveConfiguredBindingRecordBySessionKey, + resolveConfiguredBindingRecordForConversation, +} from "../channels/plugins/binding-registry.js"; +export { + ensureConfiguredBindingTargetReady, + ensureConfiguredBindingTargetSession, + resetConfiguredBindingTargetInPlace, +} from "../channels/plugins/binding-targets.js"; +export type { + ConfiguredBindingConversation, + ConfiguredBindingResolution, + CompiledConfiguredBinding, + StatefulBindingTargetDescriptor, +} from "../channels/plugins/binding-types.js"; +export type { + StatefulBindingTargetDriver, + StatefulBindingTargetReadyResult, + StatefulBindingTargetResetResult, + StatefulBindingTargetSessionResult, +} from "../channels/plugins/stateful-target-drivers.js"; +export { + type BindingStatus, + type BindingTargetKind, + type ConversationRef, + SessionBindingError, + type SessionBindingAdapter, + type SessionBindingAdapterCapabilities, + type SessionBindingBindInput, + type SessionBindingCapabilities, + type SessionBindingPlacement, + type SessionBindingRecord, + type SessionBindingService, + type SessionBindingUnbindInput, + getSessionBindingService, + isSessionBindingError, + registerSessionBindingAdapter, + unregisterSessionBindingAdapter, +} from "../infra/outbound/session-binding-service.js"; +export * from "../pairing/pairing-challenge.js"; +export * from "../pairing/pairing-messages.js"; +export * from "../pairing/pairing-store.js"; +export { + buildPluginBindingApprovalCustomId, + buildPluginBindingDeclinedText, + buildPluginBindingErrorText, + buildPluginBindingResolvedText, + buildPluginBindingUnavailableText, + detachPluginConversationBinding, + getCurrentPluginConversationBinding, + hasShownPluginBindingFallbackNotice, + isPluginOwnedBindingMetadata, + isPluginOwnedSessionBindingRecord, + markPluginBindingFallbackNoticeShown, + parsePluginBindingApprovalCustomId, + requestPluginConversationBinding, + resolvePluginConversationBindingApproval, + toPluginConversationBinding, +} from "../plugins/conversation-binding.js"; diff --git a/src/plugin-sdk/copilot-proxy.ts b/src/plugin-sdk/copilot-proxy.ts index 80a83010c1d..d4a4dec92bf 100644 --- a/src/plugin-sdk/copilot-proxy.ts +++ b/src/plugin-sdk/copilot-proxy.ts @@ -1,7 +1,7 @@ // Narrow plugin-sdk surface for the bundled copilot-proxy plugin. // Keep this list additive and scoped to symbols used under extensions/copilot-proxy. -export { emptyPluginConfigSchema } from "../plugins/config-schema.js"; +export { definePluginEntry } from "./core.js"; export type { OpenClawPluginApi, ProviderAuthContext, diff --git a/src/plugin-sdk/core.ts b/src/plugin-sdk/core.ts index 0c521f84122..56f0bdafa26 100644 --- a/src/plugin-sdk/core.ts +++ b/src/plugin-sdk/core.ts @@ -1,5 +1,17 @@ +import type { ChannelPlugin } from "../channels/plugins/types.plugin.js"; +import { emptyPluginConfigSchema } from "../plugins/config-schema.js"; +import type { PluginRuntime } from "../plugins/runtime/types.js"; +import type { + OpenClawPluginApi, + OpenClawPluginCommandDefinition, + OpenClawPluginConfigSchema, + OpenClawPluginDefinition, + PluginInteractiveTelegramHandlerContext, +} from "../plugins/types.js"; + export type { AnyAgentTool, + MediaUnderstandingProviderPlugin, OpenClawPluginConfigSchema, ProviderDiscoveryContext, ProviderCatalogContext, @@ -21,6 +33,7 @@ export type { ProviderResolveDynamicModelContext, ProviderNormalizeResolvedModelContext, ProviderRuntimeModel, + SpeechProviderPlugin, ProviderThinkingPolicyContext, ProviderWrapStreamFnContext, OpenClawPluginService, @@ -29,6 +42,9 @@ export type { ProviderAuthMethodNonInteractiveContext, ProviderAuthMethod, ProviderAuthResult, + OpenClawPluginCommandDefinition, + OpenClawPluginDefinition, + PluginInteractiveTelegramHandlerContext, } from "../plugins/types.js"; export type { OpenClawConfig } from "../config/config.js"; export type { GatewayRequestHandlerOptions } from "../gateway/server-methods/types.js"; @@ -37,14 +53,24 @@ export type { UsageProviderId, UsageWindow, } from "../infra/provider-usage.types.js"; -export type { - ChannelMessageActionContext, - ChannelPlugin, - OpenClawPluginApi, - PluginRuntime, -} from "./channel-plugin-common.js"; +export type { ChannelMessageActionContext } from "../channels/plugins/types.js"; +export type { ChannelPlugin } from "../channels/plugins/types.plugin.js"; +export type { OpenClawPluginApi } from "../plugins/types.js"; +export type { PluginRuntime } from "../plugins/runtime/types.js"; -export { emptyPluginConfigSchema } from "./channel-plugin-common.js"; +export { emptyPluginConfigSchema } from "../plugins/config-schema.js"; +export { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../routing/session-key.js"; +export { buildChannelConfigSchema } from "../channels/plugins/config-schema.js"; +export { + applyAccountNameToChannelSection, + migrateBaseNameToDefaultAccount, +} from "../channels/plugins/setup-helpers.js"; +export { + deleteAccountFromConfigSection, + setAccountEnabledInConfigSection, +} from "../channels/plugins/config-helpers.js"; +export { formatPairingApproveHint } from "../channels/plugins/helpers.js"; +export { getChatChannelMeta } from "../channels/registry.js"; export { buildOauthProviderAuthResult } from "./provider-auth-result.js"; export { DEFAULT_SECRET_FILE_MAX_BYTES, @@ -67,6 +93,89 @@ export { type RoutePeer, type RoutePeerKind, } from "../routing/resolve-route.js"; +export { buildOutboundBaseSessionKey } from "../infra/outbound/base-session-key.js"; +export { normalizeOutboundThreadId } from "../infra/outbound/thread-id.js"; export { resolveThreadSessionKeys } from "../routing/session-key.js"; -export { runPassiveAccountLifecycle } from "./channel-lifecycle.js"; -export { createLoggerBackedRuntime } from "./runtime.js"; + +type DefineChannelPluginEntryOptions = { + id: string; + name: string; + description: string; + plugin: TPlugin; + configSchema?: DefinePluginEntryOptions["configSchema"]; + setRuntime?: (runtime: PluginRuntime) => void; + registerFull?: (api: OpenClawPluginApi) => void; +}; + +type DefinePluginEntryOptions = { + id: string; + name: string; + description: string; + kind?: OpenClawPluginDefinition["kind"]; + configSchema?: OpenClawPluginConfigSchema | (() => OpenClawPluginConfigSchema); + register: (api: OpenClawPluginApi) => void; +}; + +type DefinedPluginEntry = { + id: string; + name: string; + description: string; + configSchema: OpenClawPluginConfigSchema; + register: NonNullable; +} & Pick; + +function resolvePluginConfigSchema( + configSchema: DefinePluginEntryOptions["configSchema"] = emptyPluginConfigSchema, +): OpenClawPluginConfigSchema { + return typeof configSchema === "function" ? configSchema() : configSchema; +} + +// Shared generic plugin-entry boilerplate for bundled and third-party plugins. +export function definePluginEntry({ + id, + name, + description, + kind, + configSchema = emptyPluginConfigSchema, + register, +}: DefinePluginEntryOptions): DefinedPluginEntry { + return { + id, + name, + description, + ...(kind ? { kind } : {}), + configSchema: resolvePluginConfigSchema(configSchema), + register, + }; +} + +// Shared channel-plugin entry boilerplate for bundled and third-party channels. +export function defineChannelPluginEntry({ + id, + name, + description, + plugin, + configSchema = emptyPluginConfigSchema, + setRuntime, + registerFull, +}: DefineChannelPluginEntryOptions) { + return definePluginEntry({ + id, + name, + description, + configSchema, + register(api: OpenClawPluginApi) { + setRuntime?.(api.runtime); + api.registerChannel({ plugin }); + if (api.registrationMode !== "full") { + return; + } + registerFull?.(api); + }, + }); +} + +// Shared setup-entry shape so bundled channels do not duplicate `{ plugin }`. +export function defineSetupPluginEntry(plugin: TPlugin) { + return { plugin }; +} diff --git a/src/plugin-sdk/device-pair.ts b/src/plugin-sdk/device-pair.ts index 5828ad0535f..a87e1eea8f1 100644 --- a/src/plugin-sdk/device-pair.ts +++ b/src/plugin-sdk/device-pair.ts @@ -1,6 +1,7 @@ // Narrow plugin-sdk surface for the bundled device-pair plugin. // Keep this list additive and scoped to symbols used under extensions/device-pair. +export { definePluginEntry } from "./core.js"; export { approveDevicePairing, listDevicePairing } from "../infra/device-pairing.js"; export { issueDeviceBootstrapToken } from "../infra/device-bootstrap.js"; export type { OpenClawPluginApi } from "../plugins/types.js"; diff --git a/src/plugin-sdk/directory-runtime.ts b/src/plugin-sdk/directory-runtime.ts new file mode 100644 index 00000000000..afb0ca41822 --- /dev/null +++ b/src/plugin-sdk/directory-runtime.ts @@ -0,0 +1,9 @@ +/** Shared directory listing helpers for plugins that derive users/groups from config maps. */ +export { + applyDirectoryQueryAndLimit, + listDirectoryGroupEntriesFromMapKeys, + listDirectoryGroupEntriesFromMapKeysAndAllowFrom, + listDirectoryUserEntriesFromAllowFrom, + listDirectoryUserEntriesFromAllowFromAndMapKeys, + toDirectoryEntries, +} from "../channels/plugins/directory-config-helpers.js"; diff --git a/src/plugin-sdk/discord-core.ts b/src/plugin-sdk/discord-core.ts new file mode 100644 index 00000000000..3e87e17ef42 --- /dev/null +++ b/src/plugin-sdk/discord-core.ts @@ -0,0 +1,3 @@ +export type { ChannelPlugin } from "./channel-plugin-common.js"; +export { buildChannelConfigSchema, getChatChannelMeta } from "./channel-plugin-common.js"; +export { DiscordConfigSchema } from "../config/zod-schema.providers-core.js"; diff --git a/src/plugin-sdk/discord-send.ts b/src/plugin-sdk/discord-send.ts index 6cca5f9f803..679b5109a5e 100644 --- a/src/plugin-sdk/discord-send.ts +++ b/src/plugin-sdk/discord-send.ts @@ -1,4 +1,4 @@ -import type { DiscordSendResult } from "../../extensions/discord/src/send.types.js"; +import type { DiscordSendResult } from "../../extensions/discord/api.js"; type DiscordSendOptionInput = { replyToId?: string | null; diff --git a/src/plugin-sdk/discord.ts b/src/plugin-sdk/discord.ts index d15f5091b9d..91bde97a5aa 100644 --- a/src/plugin-sdk/discord.ts +++ b/src/plugin-sdk/discord.ts @@ -1,6 +1,24 @@ -export type { ChannelMessageActionAdapter } from "../channels/plugins/types.js"; +export type { + ChannelAccountSnapshot, + ChannelGatewayContext, + ChannelMessageActionAdapter, +} from "../channels/plugins/types.js"; export type { OpenClawConfig } from "../config/config.js"; export type { DiscordAccountConfig, DiscordActionConfig } from "../config/types.js"; +export type { DiscordPluralKitConfig } from "../../extensions/discord/api.js"; +export type { InspectedDiscordAccount } from "../../extensions/discord/api.js"; +export type { ResolvedDiscordAccount } from "../../extensions/discord/api.js"; +export type { DiscordSendComponents, DiscordSendEmbeds } from "../../extensions/discord/api.js"; +export type { + ThreadBindingManager, + ThreadBindingRecord, + ThreadBindingTargetKind, +} from "../../extensions/discord/runtime-api.js"; +export type { + ChannelConfiguredBindingProvider, + ChannelConfiguredBindingConversationRef, + ChannelConfiguredBindingMatch, +} from "../channels/plugins/types.adapters.js"; export type { ChannelMessageActionContext, ChannelPlugin, @@ -20,6 +38,7 @@ export { normalizeAccountId, setAccountEnabledInConfigSection, } from "./channel-plugin-common.js"; +export { formatDocsLink } from "../terminal/links.js"; export { projectCredentialSnapshotFields, @@ -44,3 +63,76 @@ export { buildComputedAccountStatusSnapshot, buildTokenChannelStatusSummary, } from "./status-helpers.js"; + +export { + createDiscordActionGate, + listDiscordAccountIds, + resolveDefaultDiscordAccountId, +} from "../../extensions/discord/api.js"; +export { inspectDiscordAccount } from "../../extensions/discord/api.js"; +export { + looksLikeDiscordTargetId, + normalizeDiscordMessagingTarget, + normalizeDiscordOutboundTarget, +} from "../../extensions/discord/api.js"; +export { collectDiscordAuditChannelIds } from "../../extensions/discord/runtime-api.js"; +export { collectDiscordStatusIssues } from "../../extensions/discord/api.js"; +export { + DISCORD_DEFAULT_INBOUND_WORKER_TIMEOUT_MS, + DISCORD_DEFAULT_LISTENER_TIMEOUT_MS, +} from "../../extensions/discord/runtime-api.js"; +export { normalizeExplicitDiscordSessionKey } from "../../extensions/discord/api.js"; +export { + autoBindSpawnedDiscordSubagent, + listThreadBindingsBySessionKey, + unbindThreadBindingsBySessionKey, +} from "../../extensions/discord/runtime-api.js"; +export { getGateway } from "../../extensions/discord/runtime-api.js"; +export { getPresence } from "../../extensions/discord/runtime-api.js"; +export { readDiscordComponentSpec } from "../../extensions/discord/api.js"; +export { resolveDiscordChannelId } from "../../extensions/discord/api.js"; +export { + addRoleDiscord, + banMemberDiscord, + createChannelDiscord, + createScheduledEventDiscord, + createThreadDiscord, + deleteChannelDiscord, + deleteMessageDiscord, + editChannelDiscord, + editMessageDiscord, + fetchChannelInfoDiscord, + fetchChannelPermissionsDiscord, + fetchMemberInfoDiscord, + fetchMessageDiscord, + fetchReactionsDiscord, + fetchRoleInfoDiscord, + fetchVoiceStatusDiscord, + hasAnyGuildPermissionDiscord, + kickMemberDiscord, + listGuildChannelsDiscord, + listGuildEmojisDiscord, + listPinsDiscord, + listScheduledEventsDiscord, + listThreadsDiscord, + moveChannelDiscord, + pinMessageDiscord, + reactMessageDiscord, + readMessagesDiscord, + removeChannelPermissionDiscord, + removeOwnReactionsDiscord, + removeReactionDiscord, + removeRoleDiscord, + searchMessagesDiscord, + sendDiscordComponentMessage, + sendMessageDiscord, + sendPollDiscord, + sendStickerDiscord, + sendVoiceMessageDiscord, + setChannelPermissionDiscord, + timeoutMemberDiscord, + unpinMessageDiscord, + uploadEmojiDiscord, + uploadStickerDiscord, +} from "../../extensions/discord/runtime-api.js"; +export { discordMessageActions } from "../../extensions/discord/runtime-api.js"; diff --git a/src/plugin-sdk/feishu.ts b/src/plugin-sdk/feishu.ts index ee15823738b..3a4fa4779c4 100644 --- a/src/plugin-sdk/feishu.ts +++ b/src/plugin-sdk/feishu.ts @@ -31,6 +31,11 @@ export type { ChannelMeta, ChannelOutboundAdapter, } from "../channels/plugins/types.js"; +export type { + ChannelConfiguredBindingProvider, + ChannelConfiguredBindingConversationRef, + ChannelConfiguredBindingMatch, +} from "../channels/plugins/types.adapters.js"; export type { ChannelPlugin } from "../channels/plugins/types.plugin.js"; export { createReplyPrefixContext } from "../channels/reply-prefix.js"; export { createTypingCallbacks } from "../channels/typing.js"; @@ -62,8 +67,8 @@ export type { RuntimeEnv } from "../runtime.js"; export { formatDocsLink } from "../terminal/links.js"; export { evaluateSenderGroupAccessForPolicy } from "./group-access.js"; export type { WizardPrompter } from "../wizard/prompts.js"; -export { feishuSetupWizard } from "../../extensions/feishu/src/setup-surface.js"; -export { feishuSetupAdapter } from "../../extensions/feishu/src/setup-core.js"; +export { feishuSetupWizard } from "../../extensions/feishu/api.js"; +export { feishuSetupAdapter } from "../../extensions/feishu/api.js"; export { buildAgentMediaPayload } from "./agent-media-payload.js"; export { readJsonFileWithFallback } from "./json-store.js"; export { createScopedPairingAccess } from "./pairing-access.js"; @@ -79,7 +84,7 @@ export { withTempDownloadPath } from "./temp-path.js"; export { buildFeishuConversationId, parseFeishuConversationId, -} from "../../extensions/feishu/src/conversation-id.js"; +} from "../../extensions/feishu/api.js"; export { createFixedWindowRateLimiter, createWebhookAnomalyTracker, diff --git a/src/plugin-sdk/gateway-runtime.ts b/src/plugin-sdk/gateway-runtime.ts new file mode 100644 index 00000000000..f1ef78ef14c --- /dev/null +++ b/src/plugin-sdk/gateway-runtime.ts @@ -0,0 +1,6 @@ +// Public gateway/client helpers for plugins that talk to the host gateway surface. + +export * from "../gateway/channel-status-patches.js"; +export { GatewayClient } from "../gateway/client.js"; +export { createOperatorApprovalsGatewayClient } from "../gateway/operator-approvals-client.js"; +export type { EventFrame } from "../gateway/protocol/index.js"; diff --git a/src/plugin-sdk/google.ts b/src/plugin-sdk/google.ts new file mode 100644 index 00000000000..b39d4aa4ced --- /dev/null +++ b/src/plugin-sdk/google.ts @@ -0,0 +1,4 @@ +// Public Google-specific helpers used by bundled Google plugins. + +export { normalizeGoogleModelId } from "../agents/model-id-normalization.js"; +export { parseGeminiAuth } from "../infra/gemini-auth.js"; diff --git a/src/plugin-sdk/googlechat.ts b/src/plugin-sdk/googlechat.ts index ce05a95b47a..ce6d5f44511 100644 --- a/src/plugin-sdk/googlechat.ts +++ b/src/plugin-sdk/googlechat.ts @@ -65,8 +65,8 @@ export { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../routing/session-key.j export { resolveDmGroupAccessWithLists } from "../security/dm-policy-shared.js"; export { formatDocsLink } from "../terminal/links.js"; export type { WizardPrompter } from "../wizard/prompts.js"; -export { googlechatSetupAdapter } from "../../extensions/googlechat/src/setup-core.js"; -export { googlechatSetupWizard } from "../../extensions/googlechat/src/setup-surface.js"; +export { googlechatSetupAdapter } from "../../extensions/googlechat/api.js"; +export { googlechatSetupWizard } from "../../extensions/googlechat/api.js"; export { resolveInboundRouteEnvelopeBuilderWithRuntime } from "./inbound-envelope.js"; export { createScopedPairingAccess } from "./pairing-access.js"; export { issuePairingChallenge } from "../pairing/pairing-challenge.js"; diff --git a/src/plugin-sdk/hook-runtime.ts b/src/plugin-sdk/hook-runtime.ts new file mode 100644 index 00000000000..dd67f98cf04 --- /dev/null +++ b/src/plugin-sdk/hook-runtime.ts @@ -0,0 +1,5 @@ +// Public hook helpers for plugins that need the shared internal/webhook hook pipeline. + +export * from "../hooks/fire-and-forget.js"; +export * from "../hooks/internal-hooks.js"; +export * from "../hooks/message-hook-mappers.js"; diff --git a/src/plugin-sdk/image-generation-runtime.ts b/src/plugin-sdk/image-generation-runtime.ts new file mode 100644 index 00000000000..54f91d0d558 --- /dev/null +++ b/src/plugin-sdk/image-generation-runtime.ts @@ -0,0 +1,3 @@ +// Public runtime-facing image-generation helpers for feature/channel plugins. + +export { generateImage, listRuntimeImageGenerationProviders } from "../image-generation/runtime.js"; diff --git a/src/plugin-sdk/image-generation.ts b/src/plugin-sdk/image-generation.ts new file mode 100644 index 00000000000..25fde2e9d2b --- /dev/null +++ b/src/plugin-sdk/image-generation.ts @@ -0,0 +1,13 @@ +// Public image-generation helpers and types for provider plugins. + +export type { + GeneratedImageAsset, + ImageGenerationProvider, + ImageGenerationResolution, + ImageGenerationRequest, + ImageGenerationResult, + ImageGenerationSourceImage, +} from "../image-generation/types.js"; + +export { buildGoogleImageGenerationProvider } from "../image-generation/providers/google.js"; +export { buildOpenAIImageGenerationProvider } from "../image-generation/providers/openai.js"; diff --git a/src/plugin-sdk/imessage-core.ts b/src/plugin-sdk/imessage-core.ts new file mode 100644 index 00000000000..ac93a67f307 --- /dev/null +++ b/src/plugin-sdk/imessage-core.ts @@ -0,0 +1,14 @@ +export type { ChannelPlugin } from "./channel-plugin-common.js"; +export { + DEFAULT_ACCOUNT_ID, + buildChannelConfigSchema, + deleteAccountFromConfigSection, + getChatChannelMeta, + setAccountEnabledInConfigSection, +} from "./channel-plugin-common.js"; +export { + formatTrimmedAllowFromEntries, + resolveIMessageConfigAllowFrom, + resolveIMessageConfigDefaultTo, +} from "./channel-config-helpers.js"; +export { IMessageConfigSchema } from "../config/zod-schema.providers-core.js"; diff --git a/src/plugin-sdk/imessage-targets.ts b/src/plugin-sdk/imessage-targets.ts index b3353edc3df..4a7f535be48 100644 --- a/src/plugin-sdk/imessage-targets.ts +++ b/src/plugin-sdk/imessage-targets.ts @@ -1 +1 @@ -export { normalizeIMessageHandle } from "../../extensions/imessage/src/targets.js"; +export { normalizeIMessageHandle } from "../../extensions/imessage/api.js"; diff --git a/src/plugin-sdk/imessage.ts b/src/plugin-sdk/imessage.ts index a974910e680..adad1403eb6 100644 --- a/src/plugin-sdk/imessage.ts +++ b/src/plugin-sdk/imessage.ts @@ -18,6 +18,8 @@ export { normalizeAccountId, setAccountEnabledInConfigSection, } from "./channel-plugin-common.js"; +export { detectBinary } from "../plugins/setup-binary.js"; +export { formatDocsLink } from "../terminal/links.js"; export { formatTrimmedAllowFromEntries, resolveIMessageConfigAllowFrom, @@ -40,3 +42,4 @@ export { IMessageConfigSchema } from "../config/zod-schema.providers-core.js"; export { resolveChannelMediaMaxBytes } from "../channels/plugins/media-limits.js"; export { collectStatusIssuesFromLastError } from "./status-helpers.js"; +export { sendMessageIMessage } from "../../extensions/imessage/runtime-api.js"; diff --git a/src/plugin-sdk/index.test.ts b/src/plugin-sdk/index.test.ts index d634f80ce66..07d4dde6d98 100644 --- a/src/plugin-sdk/index.test.ts +++ b/src/plugin-sdk/index.test.ts @@ -1,8 +1,10 @@ +import { execFile } from "node:child_process"; import fs from "node:fs/promises"; +import { createRequire } from "node:module"; import os from "node:os"; import path from "node:path"; import { pathToFileURL } from "node:url"; -import { build } from "tsdown"; +import { promisify } from "node:util"; import { describe, expect, it } from "vitest"; import { buildPluginSdkEntrySources, @@ -13,13 +15,15 @@ import { import * as sdk from "./index.js"; const pluginSdkSpecifiers = buildPluginSdkSpecifiers(); +const execFileAsync = promisify(execFile); +const require = createRequire(import.meta.url); +const tsdownModuleUrl = pathToFileURL(require.resolve("tsdown")).href; describe("plugin-sdk exports", () => { it("does not expose runtime modules", () => { const forbidden = [ "chunkMarkdownText", "chunkText", - "resolveTextChunkLimit", "hasControlCommand", "isControlCommandMessage", "shouldComputeCommandAuthorized", @@ -27,9 +31,7 @@ describe("plugin-sdk exports", () => { "buildMentionRegexes", "matchesMentionPatterns", "resolveStateDir", - "loadConfig", "writeConfigFile", - "runCommandWithTimeout", "enqueueSystemEvent", "fetchRemoteMedia", "saveMediaBuffer", @@ -60,62 +62,11 @@ describe("plugin-sdk exports", () => { } }); - // Verify critical functions that extensions depend on are exported and callable. - // Regression guard for #27569 where isDangerousNameMatchingEnabled was missing - // from the compiled output, breaking mattermost/googlechat/msteams/irc plugins. - it("exports critical functions used by channel extensions", () => { - const requiredFunctions = [ - "isDangerousNameMatchingEnabled", - "createAccountListHelpers", - "buildAgentMediaPayload", - "createReplyPrefixOptions", - "createTypingCallbacks", - "logInboundDrop", - "logTypingFailure", - "buildPendingHistoryContextFromMap", - "clearHistoryEntriesIfEnabled", - "recordPendingHistoryEntryIfEnabled", - "resolveControlCommandGate", - "resolveDmGroupAccessWithLists", - "resolveAllowlistProviderRuntimeGroupPolicy", - "resolveDefaultGroupPolicy", - "resolveChannelMediaMaxBytes", - "warnMissingProviderGroupPolicyFallbackOnce", - "createDedupeCache", - "formatInboundFromLabel", - "resolveRuntimeGroupPolicy", - "emptyPluginConfigSchema", - "normalizePluginHttpPath", - "registerPluginHttpRoute", - "buildBaseAccountStatusSnapshot", - "buildBaseChannelStatusSummary", - "buildTokenChannelStatusSummary", - "collectStatusIssuesFromLastError", - "createDefaultChannelRuntimeState", - "resolveChannelEntryMatch", - "resolveChannelEntryMatchWithFallback", - "normalizeChannelSlug", - "buildChannelKeyCandidates", - ]; - - for (const key of requiredFunctions) { - expect(sdk).toHaveProperty(key); - expect(typeof (sdk as Record)[key]).toBe("function"); - } - }); - - // Verify critical constants that extensions depend on are exported. - it("exports critical constants used by channel extensions", () => { - const requiredConstants = [ - "DEFAULT_GROUP_HISTORY_LIMIT", - "DEFAULT_ACCOUNT_ID", - "SILENT_REPLY_TOKEN", - "PAIRING_APPROVED_MESSAGE", - ]; - - for (const key of requiredConstants) { - expect(sdk).toHaveProperty(key); - } + it("keeps the root runtime surface intentionally small", () => { + expect(typeof sdk.emptyPluginConfigSchema).toBe("function"); + expect(Object.prototype.hasOwnProperty.call(sdk, "resolveControlCommandGate")).toBe(false); + expect(Object.prototype.hasOwnProperty.call(sdk, "buildAgentSessionKey")).toBe(false); + expect(Object.prototype.hasOwnProperty.call(sdk, "isDangerousNameMatchingEnabled")).toBe(false); }); it("emits importable bundled subpath entries", { timeout: 240_000 }, async () => { @@ -123,16 +74,25 @@ describe("plugin-sdk exports", () => { const fixtureDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-plugin-sdk-consumer-")); try { - await build({ - clean: true, - config: false, - dts: false, - entry: buildPluginSdkEntrySources(), - env: { NODE_ENV: "production" }, - fixedExtension: false, - logLevel: "error", - outDir, - platform: "node", + const buildScriptPath = path.join(fixtureDir, "build-plugin-sdk.mjs"); + await fs.writeFile( + buildScriptPath, + `import { build } from ${JSON.stringify(tsdownModuleUrl)}; +await build(${JSON.stringify({ + clean: true, + config: false, + dts: false, + entry: buildPluginSdkEntrySources(), + env: { NODE_ENV: "production" }, + fixedExtension: false, + logLevel: "error", + outDir, + platform: "node", + })}); +`, + ); + await execFileAsync(process.execPath, [buildScriptPath], { + cwd: process.cwd(), }); for (const entry of pluginSdkEntrypoints) { diff --git a/src/plugin-sdk/index.ts b/src/plugin-sdk/index.ts index e43be3bfadd..a683f5437ca 100644 --- a/src/plugin-sdk/index.ts +++ b/src/plugin-sdk/index.ts @@ -1,759 +1,69 @@ -export { createAccountListHelpers } from "../channels/plugins/account-helpers.js"; -export { CHANNEL_MESSAGE_ACTION_NAMES } from "../channels/plugins/message-action-names.js"; -export { - BLUEBUBBLES_ACTIONS, - BLUEBUBBLES_ACTION_NAMES, - BLUEBUBBLES_GROUP_ACTIONS, -} from "../channels/plugins/bluebubbles-actions.js"; +// Shared root plugin-sdk surface. +// Keep this entry intentionally tiny. Channel/provider helpers belong on +// dedicated subpaths or, for legacy consumers, the compat surface. + export type { ChannelAccountSnapshot, - ChannelAccountState, ChannelAgentTool, ChannelAgentToolFactory, - ChannelAuthAdapter, ChannelCapabilities, - ChannelCommandAdapter, - ChannelConfigAdapter, - ChannelDirectoryAdapter, - ChannelDirectoryEntry, - ChannelDirectoryEntryKind, - ChannelElevatedAdapter, - ChannelGatewayAdapter, ChannelGatewayContext, - ChannelGroupAdapter, - ChannelGroupContext, - ChannelHeartbeatAdapter, - ChannelHeartbeatDeps, ChannelId, - ChannelLogSink, - ChannelLoginWithQrStartResult, - ChannelLoginWithQrWaitResult, - ChannelLogoutContext, - ChannelLogoutResult, - ChannelMentionAdapter, ChannelMessageActionAdapter, ChannelMessageActionContext, ChannelMessageActionName, - ChannelMessagingAdapter, - ChannelMeta, - ChannelOutboundAdapter, - ChannelOutboundContext, - ChannelOutboundTargetMode, - ChannelPairingAdapter, - ChannelPollContext, - ChannelPollResult, - ChannelResolveKind, - ChannelResolveResult, - ChannelResolverAdapter, - ChannelSecurityAdapter, - ChannelSecurityContext, - ChannelSecurityDmPolicy, - ChannelSetupAdapter, - ChannelSetupInput, - ChannelStatusAdapter, ChannelStatusIssue, - ChannelStreamingAdapter, - ChannelThreadingAdapter, - ChannelThreadingContext, - ChannelThreadingToolContext, - ChannelToolSend, - BaseProbeResult, - BaseTokenResolution, } from "../channels/plugins/types.js"; -export type { ChannelConfigSchema, ChannelPlugin } from "../channels/plugins/types.plugin.js"; export type { - AcpRuntimeCapabilities, - AcpRuntimeControl, - AcpRuntimeDoctorReport, - AcpRuntime, - AcpRuntimeEnsureInput, - AcpRuntimeEvent, - AcpRuntimeHandle, - AcpRuntimePromptMode, - AcpSessionUpdateTag, - AcpRuntimeSessionMode, - AcpRuntimeStatus, - AcpRuntimeTurnInput, -} from "../acp/runtime/types.js"; -export type { AcpRuntimeBackend } from "../acp/runtime/registry.js"; -export { - getAcpRuntimeBackend, - registerAcpRuntimeBackend, - requireAcpRuntimeBackend, - unregisterAcpRuntimeBackend, -} from "../acp/runtime/registry.js"; -export { ACP_ERROR_CODES, AcpRuntimeError } from "../acp/runtime/errors.js"; -export type { AcpRuntimeErrorCode } from "../acp/runtime/errors.js"; + ChannelConfiguredBindingConversationRef, + ChannelConfiguredBindingMatch, + ChannelConfiguredBindingProvider, +} from "../channels/plugins/types.adapters.js"; +export type { ChannelConfigSchema, ChannelPlugin } from "../channels/plugins/types.plugin.js"; +export type { ChannelSetupAdapter, ChannelSetupInput } from "../channels/plugins/types.js"; +export type { + ConfiguredBindingConversation, + ConfiguredBindingResolution, + CompiledConfiguredBinding, + StatefulBindingTargetDescriptor, +} from "../channels/plugins/binding-types.js"; +export type { + StatefulBindingTargetDriver, + StatefulBindingTargetReadyResult, + StatefulBindingTargetResetResult, + StatefulBindingTargetSessionResult, +} from "../channels/plugins/stateful-target-drivers.js"; +export type { + ChannelSetupWizard, + ChannelSetupWizardAllowFromEntry, +} from "../channels/plugins/setup-wizard.js"; export type { AnyAgentTool, - OpenClawPluginConfigSchema, + MediaUnderstandingProviderPlugin, OpenClawPluginApi, - OpenClawPluginService, - OpenClawPluginServiceContext, - PluginHookInboundClaimContext, - PluginHookInboundClaimEvent, - PluginHookInboundClaimResult, - PluginInteractiveDiscordHandlerContext, - PluginInteractiveHandlerRegistration, - PluginInteractiveSlackHandlerContext, - PluginInteractiveTelegramHandlerContext, + OpenClawPluginConfigSchema, PluginLogger, ProviderAuthContext, - ProviderAuthDoctorHintContext, ProviderAuthResult, - ProviderAugmentModelCatalogContext, - ProviderBuiltInModelSuppressionContext, - ProviderBuiltInModelSuppressionResult, - ProviderBuildMissingAuthMessageContext, - ProviderCacheTtlEligibilityContext, - ProviderDefaultThinkingPolicyContext, - ProviderFetchUsageSnapshotContext, - ProviderModernModelPolicyContext, - ProviderPreparedRuntimeAuth, - ProviderResolvedUsageAuth, - ProviderPrepareExtraParamsContext, - ProviderPrepareDynamicModelContext, - ProviderPrepareRuntimeAuthContext, - ProviderResolveUsageAuthContext, - ProviderResolveDynamicModelContext, - ProviderNormalizeResolvedModelContext, ProviderRuntimeModel, - ProviderThinkingPolicyContext, - ProviderWrapStreamFnContext, + SpeechProviderPlugin, } from "../plugins/types.js"; -export type { - ProviderUsageSnapshot, - UsageProviderId, - UsageWindow, -} from "../infra/provider-usage.types.js"; -export type { - ConversationRef, - SessionBindingBindInput, - SessionBindingCapabilities, - SessionBindingRecord, - SessionBindingService, - SessionBindingUnbindInput, -} from "../infra/outbound/session-binding-service.js"; -export type { - GatewayRequestHandler, - GatewayRequestHandlerOptions, - RespondFn, -} from "../gateway/server-methods/types.js"; export type { PluginRuntime, RuntimeLogger, SubagentRunParams, SubagentRunResult, - SubagentWaitParams, - SubagentWaitResult, - SubagentGetSessionMessagesParams, - SubagentGetSessionMessagesResult, - SubagentGetSessionParams, - SubagentGetSessionResult, - SubagentDeleteSessionParams, } from "../plugins/runtime/types.js"; -export { normalizePluginHttpPath } from "../plugins/http-path.js"; -export { registerPluginHttpRoute } from "../plugins/http-registry.js"; -export { emptyPluginConfigSchema } from "../plugins/config-schema.js"; export type { OpenClawConfig } from "../config/config.js"; /** @deprecated Use OpenClawConfig instead */ export type { OpenClawConfig as ClawdbotConfig } from "../config/config.js"; -export { isDangerousNameMatchingEnabled } from "../config/dangerous-name-matching.js"; - -export type { FileLockHandle, FileLockOptions } from "./file-lock.js"; -export { acquireFileLock, withFileLock } from "./file-lock.js"; -export { - mapAllowlistResolutionInputs, - mapBasicAllowlistResolutionEntries, - type BasicAllowlistResolutionEntry, -} from "./allowlist-resolution.js"; -export { resolveRequestUrl } from "./request-url.js"; -export { - buildDiscordSendMediaOptions, - buildDiscordSendOptions, - tagDiscordChannelResult, -} from "./discord-send.js"; -export type { KeyedAsyncQueueHooks } from "./keyed-async-queue.js"; -export { enqueueKeyedTask, KeyedAsyncQueue } from "./keyed-async-queue.js"; -export { normalizeWebhookPath, resolveWebhookPath } from "./webhook-path.js"; -export { - registerWebhookTarget, - registerWebhookTargetWithPluginRoute, - rejectNonPostWebhookRequest, - resolveWebhookTargetWithAuthOrReject, - resolveWebhookTargetWithAuthOrRejectSync, - resolveSingleWebhookTarget, - resolveSingleWebhookTargetAsync, - resolveWebhookTargets, - withResolvedWebhookRequestPipeline, -} from "./webhook-targets.js"; -export type { - RegisterWebhookPluginRouteOptions, - RegisterWebhookTargetOptions, - WebhookTargetMatchResult, -} from "./webhook-targets.js"; -export { - applyBasicWebhookRequestGuards, - beginWebhookRequestPipelineOrReject, - createWebhookInFlightLimiter, - isJsonContentType, - readWebhookBodyOrReject, - readJsonWebhookBodyOrReject, - WEBHOOK_BODY_READ_DEFAULTS, - WEBHOOK_IN_FLIGHT_DEFAULTS, -} from "./webhook-request-guards.js"; -export type { WebhookBodyReadProfile, WebhookInFlightLimiter } from "./webhook-request-guards.js"; -export { - createAccountStatusSink, - keepHttpServerTaskAlive, - runPassiveAccountLifecycle, - waitUntilAbort, -} from "./channel-lifecycle.js"; -export type { AgentMediaPayload } from "./agent-media-payload.js"; -export { buildAgentMediaPayload } from "./agent-media-payload.js"; -export { - buildBaseAccountStatusSnapshot, - buildBaseChannelStatusSummary, - buildComputedAccountStatusSnapshot, - buildProbeChannelStatusSummary, - buildRuntimeAccountStatusSnapshot, - buildTokenChannelStatusSummary, - collectStatusIssuesFromLastError, - createDefaultChannelRuntimeState, -} from "./status-helpers.js"; -export { - promptSingleChannelSecretInput, - type SingleChannelSecretInputPromptResult, -} from "../channels/plugins/setup-wizard-helpers.js"; -export { buildOauthProviderAuthResult } from "./provider-auth-result.js"; -export { formatResolvedUnresolvedNote } from "./resolution-notes.js"; -export { buildChannelSendResult } from "./channel-send-result.js"; -export type { ChannelSendRawResult } from "./channel-send-result.js"; -export { createPluginRuntimeStore } from "./runtime-store.js"; -export { createScopedChannelConfigBase } from "./channel-config-helpers.js"; -export { buildAccountScopedAllowlistConfigEditor } from "./allowlist-config-edit.js"; -export { - AllowFromEntrySchema, - AllowFromListSchema, - buildNestedDmConfigSchema, - buildCatchallMultiAccountChannelSchema, -} from "../channels/plugins/config-schema.js"; -export { getChatChannelMeta } from "../channels/registry.js"; -export { - compileAllowlist, - resolveAllowlistCandidates, - resolveAllowlistMatchByCandidates, -} from "../channels/allowlist-match.js"; -export type { - BlockStreamingCoalesceConfig, - DmPolicy, - DmConfig, - GroupPolicy, - GroupToolPolicyConfig, - GroupToolPolicyBySenderConfig, - MarkdownConfig, - MarkdownTableMode, - GoogleChatAccountConfig, - GoogleChatConfig, - GoogleChatDmConfig, - GoogleChatGroupConfig, - GoogleChatActionConfig, - MSTeamsChannelConfig, - MSTeamsConfig, - MSTeamsReplyStyle, - MSTeamsTeamConfig, -} from "../config/types.js"; -export { - GROUP_POLICY_BLOCKED_LABEL, - resetMissingProviderGroupPolicyFallbackWarningsForTesting, - resolveAllowlistProviderRuntimeGroupPolicy, - resolveDefaultGroupPolicy, - resolveOpenProviderRuntimeGroupPolicy, - resolveRuntimeGroupPolicy, - type GroupPolicyDefaultsConfig, - type RuntimeGroupPolicyResolution, - type RuntimeGroupPolicyParams, - type ResolveProviderRuntimeGroupPolicyParams, - warnMissingProviderGroupPolicyFallbackOnce, -} from "../config/runtime-group-policy.js"; -export { - DiscordConfigSchema, - GoogleChatConfigSchema, - IMessageConfigSchema, - MSTeamsConfigSchema, - SignalConfigSchema, - SlackConfigSchema, - TelegramConfigSchema, -} from "../config/zod-schema.providers-core.js"; -export { WhatsAppConfigSchema } from "../config/zod-schema.providers-whatsapp.js"; -export { - BlockStreamingCoalesceSchema, - DmConfigSchema, - DmPolicySchema, - GroupPolicySchema, - MarkdownConfigSchema, - MarkdownTableModeSchema, - normalizeAllowFrom, - ReplyRuntimeConfigSchemaShape, - requireOpenAllowFrom, - SecretInputSchema, - TtsAutoSchema, - TtsConfigSchema, - TtsModeSchema, - TtsProviderSchema, -} from "../config/zod-schema.core.js"; -export { - assertSecretInputResolved, - hasConfiguredSecretInput, - isSecretRef, - normalizeResolvedSecretInputString, - normalizeSecretInputString, -} from "../config/types.secrets.js"; +export * from "./image-generation.js"; export type { SecretInput, SecretRef } from "../config/types.secrets.js"; -export { ToolPolicySchema } from "../config/zod-schema.agent-runtime.js"; export type { RuntimeEnv } from "../runtime.js"; -export type { WizardPrompter } from "../wizard/prompts.js"; -export { - DEFAULT_ACCOUNT_ID, - normalizeAccountId, - normalizeAgentId, - resolveThreadSessionKeys, -} from "../routing/session-key.js"; -export { buildAgentSessionKey, type RoutePeer } from "../routing/resolve-route.js"; -export { - formatAllowFromLowercase, - formatNormalizedAllowFromEntries, - isAllowedParsedChatSender, - isNormalizedSenderAllowed, -} from "./allow-from.js"; -export { - evaluateGroupRouteAccessForPolicy, - evaluateMatchedGroupAccessForPolicy, - evaluateSenderGroupAccess, - evaluateSenderGroupAccessForPolicy, - resolveSenderScopedGroupPolicy, - type GroupRouteAccessDecision, - type GroupRouteAccessReason, - type MatchedGroupAccessDecision, - type MatchedGroupAccessReason, - type SenderGroupAccessDecision, - type SenderGroupAccessReason, -} from "./group-access.js"; -export { - resolveDirectDmAuthorizationOutcome, - resolveSenderCommandAuthorization, - resolveSenderCommandAuthorizationWithRuntime, -} from "./command-auth.js"; -export type { CommandAuthorizationRuntime } from "./command-auth.js"; -export { createScopedPairingAccess } from "./pairing-access.js"; -export { - createInboundEnvelopeBuilder, - resolveInboundRouteEnvelopeBuilder, - resolveInboundRouteEnvelopeBuilderWithRuntime, -} from "./inbound-envelope.js"; -export { resolveInboundSessionEnvelopeContext } from "../channels/session-envelope.js"; -export { - listConfiguredAccountIds, - resolveAccountWithDefaultFallback, -} from "./account-resolution.js"; -export { issuePairingChallenge } from "../pairing/pairing-challenge.js"; -export { handleSlackMessageAction } from "./slack-message-actions.js"; -export { extractToolSend } from "./tool-send.js"; -export { - createNormalizedOutboundDeliverer, - formatTextWithAttachmentLinks, - isNumericTargetId, - normalizeOutboundReplyPayload, - resolveOutboundMediaUrls, - sendPayloadWithChunkedTextAndMedia, - sendMediaWithLeadingCaption, -} from "./reply-payload.js"; -export type { OutboundReplyPayload } from "./reply-payload.js"; -export { - buildInboundReplyDispatchBase, - dispatchInboundReplyWithBase, - dispatchReplyFromConfigWithSettledDispatcher, - recordInboundSessionAndDispatchReply, -} from "./inbound-reply-dispatch.js"; -export type { OutboundMediaLoadOptions } from "./outbound-media.js"; -export { loadOutboundMediaFromUrl } from "./outbound-media.js"; -export { resolveChannelAccountConfigBasePath } from "./config-paths.js"; -export { buildMediaPayload } from "../channels/plugins/media-payload.js"; -export type { MediaPayload, MediaPayloadInput } from "../channels/plugins/media-payload.js"; -export { - createLoggerBackedRuntime, - resolveRuntimeEnv, - resolveRuntimeEnvWithUnavailableExit, -} from "./runtime.js"; -export { chunkTextForOutbound } from "./text-chunking.js"; -export { readBooleanParam } from "./boolean-param.js"; -export { readJsonFileWithFallback, writeJsonFileAtomically } from "./json-store.js"; -export { generatePkceVerifierChallenge, toFormUrlEncoded } from "./oauth-utils.js"; -export { buildRandomTempFilePath, withTempDownloadPath } from "./temp-path.js"; -export { - applyWindowsSpawnProgramPolicy, - materializeWindowsSpawnProgram, - resolveWindowsExecutablePath, - resolveWindowsSpawnProgramCandidate, - resolveWindowsSpawnProgram, -} from "./windows-spawn.js"; -export type { - ResolveWindowsSpawnProgramCandidateParams, - ResolveWindowsSpawnProgramParams, - WindowsSpawnCandidateResolution, - WindowsSpawnInvocation, - WindowsSpawnProgramCandidate, - WindowsSpawnProgram, - WindowsSpawnResolution, -} from "./windows-spawn.js"; -export { resolvePreferredOpenClawTmpDir } from "../infra/tmp-openclaw-dir.js"; -export { - runPluginCommandWithTimeout, - type PluginCommandRunOptions, - type PluginCommandRunResult, -} from "./run-command.js"; -export { resolveGatewayBindUrl } from "../shared/gateway-bind-url.js"; -export type { GatewayBindUrlResult } from "../shared/gateway-bind-url.js"; -export { resolveTailnetHostWithRunner } from "../shared/tailscale-status.js"; -export type { - TailscaleStatusCommandResult, - TailscaleStatusCommandRunner, -} from "../shared/tailscale-status.js"; -export type { ChatType } from "../channels/chat-type.js"; -/** @deprecated Use ChatType instead */ -export type { RoutePeerKind } from "../routing/resolve-route.js"; -export { resolveAckReaction } from "../agents/identity.js"; -export type { ReplyPayload } from "../auto-reply/types.js"; -export type { ChunkMode } from "../auto-reply/chunk.js"; -export { SILENT_REPLY_TOKEN, isSilentReplyText } from "../auto-reply/tokens.js"; -export { formatInboundFromLabel } from "../auto-reply/envelope.js"; -export { - createScopedAccountConfigAccessors, - formatTrimmedAllowFromEntries, - mapAllowFromEntries, - resolveOptionalConfigString, - createScopedDmSecurityResolver, - formatWhatsAppConfigAllowFromEntries, - resolveIMessageConfigAllowFrom, - resolveIMessageConfigDefaultTo, - resolveWhatsAppConfigAllowFrom, - resolveWhatsAppConfigDefaultTo, -} from "./channel-config-helpers.js"; -export { - approveDevicePairing, - listDevicePairing, - rejectDevicePairing, -} from "../infra/device-pairing.js"; -export { createDedupeCache } from "../infra/dedupe.js"; -export type { DedupeCache } from "../infra/dedupe.js"; -export { createPersistentDedupe } from "./persistent-dedupe.js"; -export type { - PersistentDedupe, - PersistentDedupeCheckOptions, - PersistentDedupeOptions, -} from "./persistent-dedupe.js"; -export { formatErrorMessage } from "../infra/errors.js"; -export { - formatUtcTimestamp, - formatZonedTimestamp, - resolveTimezone, -} from "../infra/format-time/format-datetime.js"; -export { - DEFAULT_WEBHOOK_BODY_TIMEOUT_MS, - DEFAULT_WEBHOOK_MAX_BODY_BYTES, - RequestBodyLimitError, - installRequestBodyLimitGuard, - isRequestBodyLimitError, - readJsonBodyWithLimit, - readRequestBodyWithLimit, - requestBodyErrorToText, -} from "../infra/http-body.js"; -export { - WEBHOOK_ANOMALY_COUNTER_DEFAULTS, - WEBHOOK_ANOMALY_STATUS_CODES, - WEBHOOK_RATE_LIMIT_DEFAULTS, - createBoundedCounter, - createFixedWindowRateLimiter, - createWebhookAnomalyTracker, -} from "./webhook-memory-guards.js"; -export type { - BoundedCounter, - FixedWindowRateLimiter, - WebhookAnomalyTracker, -} from "./webhook-memory-guards.js"; - -export { fetchWithSsrFGuard } from "../infra/net/fetch-guard.js"; -export { - SsrFBlockedError, - isBlockedHostname, - isBlockedHostnameOrIp, - isPrivateIpAddress, -} from "../infra/net/ssrf.js"; -export type { LookupFn, SsrFPolicy } from "../infra/net/ssrf.js"; -export { - buildHostnameAllowlistPolicyFromSuffixAllowlist, - isHttpsUrlAllowedByHostnameSuffixAllowlist, - normalizeHostnameSuffixAllowlist, -} from "./ssrf-policy.js"; -export { fetchWithBearerAuthScopeFallback } from "./fetch-auth.js"; -export type { ScopeTokenProvider } from "./fetch-auth.js"; -export { rawDataToString } from "../infra/ws.js"; -export { isWSLSync, isWSL2Sync, isWSLEnv } from "../infra/wsl.js"; -export { isTruthyEnvValue } from "../infra/env.js"; -export { resolveChannelGroupRequireMention, resolveToolsBySender } from "../config/group-policy.js"; -export { - buildPendingHistoryContextFromMap, - clearHistoryEntries, - clearHistoryEntriesIfEnabled, - DEFAULT_GROUP_HISTORY_LIMIT, - evictOldHistoryKeys, - recordPendingHistoryEntry, - recordPendingHistoryEntryIfEnabled, -} from "../auto-reply/reply/history.js"; -export type { HistoryEntry } from "../auto-reply/reply/history.js"; -export { mergeAllowlist, summarizeMapping } from "../channels/allowlists/resolve-utils.js"; -export { - resolveMentionGating, - resolveMentionGatingWithBypass, -} from "../channels/mention-gating.js"; -export type { - AckReactionGateParams, - AckReactionScope, - WhatsAppAckReactionMode, -} from "../channels/ack-reactions.js"; -export { - removeAckReactionAfterReply, - shouldAckReaction, - shouldAckReactionForWhatsApp, -} from "../channels/ack-reactions.js"; -export { createTypingCallbacks } from "../channels/typing.js"; -export { createReplyPrefixContext, createReplyPrefixOptions } from "../channels/reply-prefix.js"; -export { logAckFailure, logInboundDrop, logTypingFailure } from "../channels/logging.js"; -export { resolveChannelMediaMaxBytes } from "../channels/plugins/media-limits.js"; -export type { NormalizedLocation } from "../channels/location.js"; -export { formatLocationText, toLocationContext } from "../channels/location.js"; -export { resolveControlCommandGate } from "../channels/command-gating.js"; -export { - resolveBlueBubblesGroupRequireMention, - resolveDiscordGroupRequireMention, - resolveGoogleChatGroupRequireMention, - resolveIMessageGroupRequireMention, - resolveSlackGroupRequireMention, - resolveTelegramGroupRequireMention, - resolveWhatsAppGroupRequireMention, - resolveBlueBubblesGroupToolPolicy, - resolveDiscordGroupToolPolicy, - resolveGoogleChatGroupToolPolicy, - resolveIMessageGroupToolPolicy, - resolveSlackGroupToolPolicy, - resolveTelegramGroupToolPolicy, - resolveWhatsAppGroupToolPolicy, -} from "../channels/plugins/group-mentions.js"; -export { recordInboundSession } from "../channels/session.js"; -export { - buildChannelKeyCandidates, - normalizeChannelSlug, - resolveChannelEntryMatch, - resolveChannelEntryMatchWithFallback, - resolveNestedAllowlistDecision, -} from "../channels/plugins/channel-config.js"; -export { - listDiscordDirectoryGroupsFromConfig, - listDiscordDirectoryPeersFromConfig, - listSlackDirectoryGroupsFromConfig, - listSlackDirectoryPeersFromConfig, - listTelegramDirectoryGroupsFromConfig, - listTelegramDirectoryPeersFromConfig, - listWhatsAppDirectoryGroupsFromConfig, - listWhatsAppDirectoryPeersFromConfig, -} from "../channels/plugins/directory-config.js"; -export type { AllowlistMatch } from "../channels/plugins/allowlist-match.js"; -export { - formatAllowlistMatchMeta, - resolveAllowlistMatchSimple, -} from "../channels/plugins/allowlist-match.js"; -export { optionalStringEnum, stringEnum } from "../agents/schema/typebox.js"; -export type { PollInput } from "../polls.js"; - -export { buildChannelConfigSchema } from "../channels/plugins/config-schema.js"; -export { - listDirectoryGroupEntriesFromMapKeys, - listDirectoryGroupEntriesFromMapKeysAndAllowFrom, - listDirectoryUserEntriesFromAllowFrom, - listDirectoryUserEntriesFromAllowFromAndMapKeys, -} from "../channels/plugins/directory-config-helpers.js"; -export { - clearAccountEntryFields, - deleteAccountFromConfigSection, - setAccountEnabledInConfigSection, -} from "../channels/plugins/config-helpers.js"; -export { - applyAccountNameToChannelSection, - applySetupAccountConfigPatch, - migrateBaseNameToDefaultAccount, - patchScopedAccountConfig, -} from "../channels/plugins/setup-helpers.js"; -export { - buildOpenGroupPolicyConfigureRouteAllowlistWarning, - buildOpenGroupPolicyNoRouteAllowlistWarning, - buildOpenGroupPolicyRestrictSendersWarning, - buildOpenGroupPolicyWarning, - collectAllowlistProviderGroupPolicyWarnings, - collectAllowlistProviderRestrictSendersWarnings, - collectOpenProviderGroupPolicyWarnings, - collectOpenGroupPolicyConfiguredRouteWarnings, - collectOpenGroupPolicyRestrictSendersWarnings, - collectOpenGroupPolicyRouteAllowlistWarnings, -} from "../channels/plugins/group-policy-warnings.js"; -export { - buildAccountScopedDmSecurityPolicy, - formatPairingApproveHint, -} from "../channels/plugins/helpers.js"; -export { PAIRING_APPROVED_MESSAGE } from "../channels/plugins/pairing-message.js"; - -export { - createActionGate, - jsonResult, - readNumberParam, - readReactionParams, - readStringParam, -} from "../agents/tools/common.js"; -export { formatDocsLink } from "../terminal/links.js"; -export { - DM_GROUP_ACCESS_REASON, - readStoreAllowFromForDmPolicy, - resolveDmAllowState, - resolveDmGroupAccessDecision, - resolveDmGroupAccessWithCommandGate, - resolveDmGroupAccessWithLists, - resolveEffectiveAllowFromLists, -} from "../security/dm-policy-shared.js"; -export type { DmGroupAccessReasonCode } from "../security/dm-policy-shared.js"; export type { HookEntry } from "../hooks/types.js"; -export { clamp, escapeRegExp, normalizeE164, safeParseJson, sleep } from "../utils.js"; -export { stripAnsi } from "../terminal/ansi.js"; -export { missingTargetError } from "../infra/outbound/target-errors.js"; -export { registerLogTransport } from "../logging/logger.js"; -export type { LogTransport, LogTransportRecord } from "../logging/logger.js"; -export { - emitDiagnosticEvent, - isDiagnosticsEnabled, - onDiagnosticEvent, -} from "../infra/diagnostic-events.js"; -export type { - DiagnosticEventPayload, - DiagnosticHeartbeatEvent, - DiagnosticLaneDequeueEvent, - DiagnosticLaneEnqueueEvent, - DiagnosticMessageProcessedEvent, - DiagnosticMessageQueuedEvent, - DiagnosticRunAttemptEvent, - DiagnosticSessionState, - DiagnosticSessionStateEvent, - DiagnosticSessionStuckEvent, - DiagnosticUsageEvent, - DiagnosticWebhookErrorEvent, - DiagnosticWebhookProcessedEvent, - DiagnosticWebhookReceivedEvent, -} from "../infra/diagnostic-events.js"; -export { detectMime, extensionForMime, getFileExtension } from "../media/mime.js"; -export { extractOriginalFilename } from "../media/store.js"; -export { listSkillCommandsForAgents } from "../auto-reply/skill-commands.js"; -export type { SkillCommandSpec } from "../agents/skills.js"; - -// Channel: WhatsApp — WhatsApp-specific exports moved to extensions/whatsapp/src/ -export { isWhatsAppGroupJid, normalizeWhatsAppTarget } from "../whatsapp/normalize.js"; -export { resolveWhatsAppOutboundTarget } from "../whatsapp/resolve-outbound-target.js"; - -// Channel: BlueBubbles -export { collectBlueBubblesStatusIssues } from "../channels/plugins/status-issues/bluebubbles.js"; - -// Channel: LINE -export { - listLineAccountIds, - lineSetupAdapter, - lineSetupWizard, - normalizeAccountId as normalizeLineAccountId, - resolveDefaultLineAccountId, - resolveLineAccount, - LineConfigSchema, -} from "./line.js"; -export type { - LineConfig, - LineAccountConfig, - ResolvedLineAccount, - LineChannelData, -} from "../line/types.js"; -export { - createInfoCard, - createListCard, - createImageCard, - createActionCard, - createReceiptCard, - type CardAction, - type ListItem, -} from "../line/flex-templates.js"; -export { - processLineMessage, - hasMarkdownToConvert, - stripMarkdown, -} from "../line/markdown-to-line.js"; -export type { ProcessedLineMessage } from "../line/markdown-to-line.js"; - -// Media utilities -export { loadWebMedia, type WebMediaResult } from "./web-media.js"; - -// Context engine -export type { - ContextEngine, - ContextEngineInfo, - AssembleResult, - CompactResult, - IngestResult, - IngestBatchResult, - BootstrapResult, - SubagentSpawnPreparation, - SubagentEndReason, -} from "../context-engine/types.js"; -export { registerContextEngine } from "../context-engine/registry.js"; +export type { ReplyPayload } from "../auto-reply/types.js"; +export type { WizardPrompter } from "../wizard/prompts.js"; export type { ContextEngineFactory } from "../context-engine/registry.js"; -// Model authentication types for plugins. -// Plugins should use runtime.modelAuth (which strips unsafe overrides like -// agentDir/store) rather than importing raw helpers directly. -export { requireApiKey } from "../agents/model-auth.js"; -export type { ResolvedProviderAuth } from "../agents/model-auth.js"; -export type { - ProviderCatalogContext, - ProviderCatalogResult, - ProviderDiscoveryContext, -} from "../plugins/types.js"; -export { - applyProviderDefaultModel, - promptAndConfigureOpenAICompatibleSelfHostedProvider, - SELF_HOSTED_DEFAULT_CONTEXT_WINDOW, - SELF_HOSTED_DEFAULT_COST, - SELF_HOSTED_DEFAULT_MAX_TOKENS, -} from "../commands/self-hosted-provider-setup.js"; -export { - OLLAMA_DEFAULT_BASE_URL, - OLLAMA_DEFAULT_MODEL, - configureOllamaNonInteractive, - ensureOllamaModelPulled, - promptAndConfigureOllama, -} from "../commands/ollama-setup.js"; -export { - VLLM_DEFAULT_BASE_URL, - VLLM_DEFAULT_CONTEXT_WINDOW, - VLLM_DEFAULT_COST, - VLLM_DEFAULT_MAX_TOKENS, - promptAndConfigureVllm, -} from "../commands/vllm-setup.js"; -export { - buildOllamaProvider, - buildSglangProvider, - buildVllmProvider, -} from "../agents/models-config.providers.discovery.js"; - -// Security utilities -export { redactSensitiveText } from "../logging/redact.js"; +export { emptyPluginConfigSchema } from "../plugins/config-schema.js"; +export { registerContextEngine } from "../context-engine/registry.js"; diff --git a/src/plugin-sdk/infra-runtime.ts b/src/plugin-sdk/infra-runtime.ts new file mode 100644 index 00000000000..dd75ac4fea2 --- /dev/null +++ b/src/plugin-sdk/infra-runtime.ts @@ -0,0 +1,39 @@ +// Public runtime/transport helpers for plugins that need shared infra behavior. + +export * from "../infra/backoff.js"; +export * from "../infra/channel-activity.js"; +export * from "../infra/dedupe.js"; +export * from "../infra/diagnostic-events.js"; +export * from "../infra/diagnostic-flags.js"; +export * from "../infra/env.js"; +export * from "../infra/errors.js"; +export * from "../infra/exec-approval-command-display.ts"; +export * from "../infra/exec-approval-reply.ts"; +export * from "../infra/exec-approval-session-target.ts"; +export * from "../infra/exec-approvals.ts"; +export * from "../infra/fetch.js"; +export * from "../infra/file-lock.js"; +export * from "../infra/format-time/format-duration.ts"; +export * from "../infra/fs-safe.ts"; +export * from "../infra/heartbeat-events.ts"; +export * from "../infra/heartbeat-visibility.ts"; +export * from "../infra/home-dir.js"; +export * from "../infra/http-body.js"; +export * from "../infra/json-files.js"; +export * from "../infra/map-size.js"; +export * from "../infra/net/hostname.ts"; +export * from "../infra/net/fetch-guard.js"; +export * from "../infra/net/proxy-env.js"; +export * from "../infra/net/proxy-fetch.js"; +export * from "../infra/net/ssrf.js"; +export * from "../infra/outbound/identity.js"; +export * from "../infra/retry.js"; +export * from "../infra/retry-policy.js"; +export * from "../infra/scp-host.ts"; +export * from "../infra/secret-file.js"; +export * from "../infra/secure-random.js"; +export * from "../infra/system-events.js"; +export * from "../infra/system-message.ts"; +export * from "../infra/tmp-openclaw-dir.js"; +export * from "../infra/transport-ready.js"; +export * from "../infra/wsl.ts"; diff --git a/src/plugin-sdk/irc.ts b/src/plugin-sdk/irc.ts index 4192322d527..47ba490ec42 100644 --- a/src/plugin-sdk/irc.ts +++ b/src/plugin-sdk/irc.ts @@ -62,7 +62,7 @@ export { listIrcAccountIds, resolveDefaultIrcAccountId, resolveIrcAccount, -} from "../../extensions/irc/src/accounts.js"; +} from "../../extensions/irc/api.js"; export { readStoreAllowFromForDmPolicy, resolveEffectiveAllowFromLists, @@ -72,7 +72,7 @@ export type { WizardPrompter } from "../wizard/prompts.js"; export { createScopedPairingAccess } from "./pairing-access.js"; export { issuePairingChallenge } from "../pairing/pairing-challenge.js"; export { dispatchInboundReplyWithBase } from "./inbound-reply-dispatch.js"; -export { ircSetupAdapter, ircSetupWizard } from "../../extensions/irc/src/setup-surface.js"; +export { ircSetupAdapter, ircSetupWizard } from "../../extensions/irc/api.js"; export type { OutboundReplyPayload } from "./reply-payload.js"; export { createNormalizedOutboundDeliverer, diff --git a/src/plugin-sdk/json-store.ts b/src/plugin-sdk/json-store.ts index faff8f64e59..b95ee5b819b 100644 --- a/src/plugin-sdk/json-store.ts +++ b/src/plugin-sdk/json-store.ts @@ -1,7 +1,14 @@ import fs from "node:fs"; +import { loadJsonFile, saveJsonFile } from "../infra/json-file.js"; import { writeJsonAtomic } from "../infra/json-files.js"; import { safeParseJson } from "../utils.js"; +/** Read small JSON blobs synchronously for token/state caches. */ +export { loadJsonFile }; + +/** Persist small JSON blobs synchronously with restrictive permissions. */ +export { saveJsonFile }; + /** Read JSON from disk and fall back cleanly when the file is missing or invalid. */ export async function readJsonFileWithFallback( filePath: string, diff --git a/src/plugin-sdk/lazy-runtime.ts b/src/plugin-sdk/lazy-runtime.ts new file mode 100644 index 00000000000..e1f829204a2 --- /dev/null +++ b/src/plugin-sdk/lazy-runtime.ts @@ -0,0 +1,7 @@ +export { + createLazyRuntimeModule, + createLazyRuntimeMethod, + createLazyRuntimeMethodBinder, + createLazyRuntimeNamedExport, + createLazyRuntimeSurface, +} from "../shared/lazy-runtime.js"; diff --git a/src/plugin-sdk/line.ts b/src/plugin-sdk/line.ts index b6617199472..9592fe7f12e 100644 --- a/src/plugin-sdk/line.ts +++ b/src/plugin-sdk/line.ts @@ -32,8 +32,8 @@ export { resolveDefaultLineAccountId, resolveLineAccount, } from "../line/accounts.js"; -export { lineSetupAdapter } from "../../extensions/line/src/setup-core.js"; -export { lineSetupWizard } from "../../extensions/line/src/setup-surface.js"; +export { lineSetupAdapter } from "../../extensions/line/api.js"; +export { lineSetupWizard } from "../../extensions/line/api.js"; export { LineConfigSchema } from "../line/config-schema.js"; export type { LineChannelData, LineConfig, ResolvedLineAccount } from "../line/types.js"; export { diff --git a/src/plugin-sdk/llm-task.ts b/src/plugin-sdk/llm-task.ts index c69e82f36f7..b93a3197d26 100644 --- a/src/plugin-sdk/llm-task.ts +++ b/src/plugin-sdk/llm-task.ts @@ -1,6 +1,7 @@ // Narrow plugin-sdk surface for the bundled llm-task plugin. // Keep this list additive and scoped to symbols used under extensions/llm-task. +export { definePluginEntry } from "./core.js"; export { resolvePreferredOpenClawTmpDir } from "../infra/tmp-openclaw-dir.js"; export { formatThinkingLevels, diff --git a/src/plugin-sdk/lobster.ts b/src/plugin-sdk/lobster.ts index 436acdf4d45..968fcf2cae1 100644 --- a/src/plugin-sdk/lobster.ts +++ b/src/plugin-sdk/lobster.ts @@ -1,6 +1,7 @@ // Narrow plugin-sdk surface for the bundled lobster plugin. // Keep this list additive and scoped to symbols used under extensions/lobster. +export { definePluginEntry } from "./core.js"; export { applyWindowsSpawnProgramPolicy, materializeWindowsSpawnProgram, diff --git a/src/plugin-sdk/matrix.ts b/src/plugin-sdk/matrix.ts index 164575e04e1..099b53792da 100644 --- a/src/plugin-sdk/matrix.ts +++ b/src/plugin-sdk/matrix.ts @@ -108,5 +108,5 @@ export { buildProbeChannelStatusSummary, collectStatusIssuesFromLastError, } from "./status-helpers.js"; -export { matrixSetupWizard } from "../../extensions/matrix/src/setup-surface.js"; -export { matrixSetupAdapter } from "../../extensions/matrix/src/setup-core.js"; +export { matrixSetupWizard } from "../../extensions/matrix/api.js"; +export { matrixSetupAdapter } from "../../extensions/matrix/api.js"; diff --git a/src/plugin-sdk/media-runtime.ts b/src/plugin-sdk/media-runtime.ts new file mode 100644 index 00000000000..2f2d81b0d46 --- /dev/null +++ b/src/plugin-sdk/media-runtime.ts @@ -0,0 +1,21 @@ +// Public media/payload helpers for plugins that fetch, transform, or send attachments. + +export * from "../media/audio.js"; +export * from "../media/constants.js"; +export * from "../media/fetch.js"; +export * from "../media/ffmpeg-exec.js"; +export * from "../media/ffmpeg-limits.js"; +export * from "../media/image-ops.js"; +export * from "../media/inbound-path-policy.js"; +export * from "../media/load-options.js"; +export * from "../media/local-roots.js"; +export * from "../media/mime.js"; +export * from "../media/outbound-attachment.js"; +export * from "../media/png-encode.ts"; +export * from "../media/store.js"; +export * from "../media/temp-files.js"; +export * from "../media-understanding/audio-preflight.ts"; +export * from "../media-understanding/defaults.js"; +export * from "../media-understanding/providers/image-runtime.ts"; +export * from "../media-understanding/runner.js"; +export * from "../polls.js"; diff --git a/src/plugin-sdk/media-understanding-runtime.ts b/src/plugin-sdk/media-understanding-runtime.ts new file mode 100644 index 00000000000..5a4c6cdff65 --- /dev/null +++ b/src/plugin-sdk/media-understanding-runtime.ts @@ -0,0 +1,9 @@ +// Public runtime-facing media-understanding helpers for feature/channel plugins. + +export { + describeImageFile, + describeImageFileWithModel, + describeVideoFile, + runMediaUnderstandingFile, + transcribeAudioFile, +} from "../media-understanding/runtime.js"; diff --git a/src/plugin-sdk/media-understanding.ts b/src/plugin-sdk/media-understanding.ts new file mode 100644 index 00000000000..a9f10cd8d58 --- /dev/null +++ b/src/plugin-sdk/media-understanding.ts @@ -0,0 +1,27 @@ +// Public media-understanding helpers and types for provider plugins. + +export type { + AudioTranscriptionRequest, + AudioTranscriptionResult, + ImageDescriptionRequest, + ImageDescriptionResult, + ImagesDescriptionInput, + ImagesDescriptionRequest, + ImagesDescriptionResult, + MediaUnderstandingProvider, + VideoDescriptionRequest, + VideoDescriptionResult, +} from "../media-understanding/types.js"; + +export { + describeImageWithModel, + describeImagesWithModel, +} from "../media-understanding/providers/image.js"; +export { transcribeOpenAiCompatibleAudio } from "../media-understanding/providers/openai-compatible-audio.js"; +export { + assertOkOrThrowHttpError, + normalizeBaseUrl, + postJsonRequest, + postTranscriptionRequest, + requireTranscriptionText, +} from "../media-understanding/providers/shared.js"; diff --git a/src/plugin-sdk/memory-lancedb.ts b/src/plugin-sdk/memory-lancedb.ts index 840ed95982c..23d3e2619c8 100644 --- a/src/plugin-sdk/memory-lancedb.ts +++ b/src/plugin-sdk/memory-lancedb.ts @@ -1,4 +1,5 @@ // Narrow plugin-sdk surface for the bundled memory-lancedb plugin. // Keep this list additive and scoped to symbols used under extensions/memory-lancedb. +export { definePluginEntry } from "./core.js"; export type { OpenClawPluginApi } from "../plugins/types.js"; diff --git a/src/plugin-sdk/minimax-portal-auth.ts b/src/plugin-sdk/minimax-portal-auth.ts index 07aefa0aafa..a8dad415488 100644 --- a/src/plugin-sdk/minimax-portal-auth.ts +++ b/src/plugin-sdk/minimax-portal-auth.ts @@ -1,7 +1,7 @@ // Narrow plugin-sdk surface for MiniMax OAuth helpers used by the bundled minimax plugin. // Keep this list additive and scoped to MiniMax OAuth support code. -export { emptyPluginConfigSchema } from "../plugins/config-schema.js"; +export { definePluginEntry } from "./core.js"; export { buildOauthProviderAuthResult } from "./provider-auth-result.js"; export type { OpenClawPluginApi, diff --git a/src/plugin-sdk/msteams.ts b/src/plugin-sdk/msteams.ts index b30e6c6914a..1185558de79 100644 --- a/src/plugin-sdk/msteams.ts +++ b/src/plugin-sdk/msteams.ts @@ -117,5 +117,5 @@ export { createDefaultChannelRuntimeState, } from "./status-helpers.js"; export { normalizeStringEntries } from "../shared/string-normalization.js"; -export { msteamsSetupWizard } from "../../extensions/msteams/src/setup-surface.js"; -export { msteamsSetupAdapter } from "../../extensions/msteams/src/setup-core.js"; +export { msteamsSetupWizard } from "../../extensions/msteams/api.js"; +export { msteamsSetupAdapter } from "../../extensions/msteams/api.js"; diff --git a/src/plugin-sdk/nostr.ts b/src/plugin-sdk/nostr.ts index a2997c5702c..362344810fa 100644 --- a/src/plugin-sdk/nostr.ts +++ b/src/plugin-sdk/nostr.ts @@ -19,4 +19,4 @@ export { } from "./status-helpers.js"; export { createFixedWindowRateLimiter } from "./webhook-memory-guards.js"; export { mapAllowFromEntries } from "./channel-config-helpers.js"; -export { nostrSetupAdapter, nostrSetupWizard } from "../../extensions/nostr/src/setup-surface.js"; +export { nostrSetupAdapter, nostrSetupWizard } from "../../extensions/nostr/api.js"; diff --git a/src/plugin-sdk/ollama-setup.ts b/src/plugin-sdk/ollama-setup.ts index 5b6fd732774..2ddad898bb7 100644 --- a/src/plugin-sdk/ollama-setup.ts +++ b/src/plugin-sdk/ollama-setup.ts @@ -12,6 +12,6 @@ export { configureOllamaNonInteractive, ensureOllamaModelPulled, promptAndConfigureOllama, -} from "../commands/ollama-setup.js"; +} from "../plugins/provider-ollama-setup.js"; export { buildOllamaProvider } from "../agents/models-config.providers.discovery.js"; diff --git a/src/plugin-sdk/open-prose.ts b/src/plugin-sdk/open-prose.ts index 1973404f2a8..049370ed986 100644 --- a/src/plugin-sdk/open-prose.ts +++ b/src/plugin-sdk/open-prose.ts @@ -1,4 +1,5 @@ // Narrow plugin-sdk surface for the bundled open-prose plugin. // Keep this list additive and scoped to symbols used under extensions/open-prose. +export { definePluginEntry } from "./core.js"; export type { OpenClawPluginApi } from "../plugins/types.js"; diff --git a/src/plugin-sdk/outbound-media.test.ts b/src/plugin-sdk/outbound-media.test.ts index bc56f2e6ea4..84b0db6def9 100644 --- a/src/plugin-sdk/outbound-media.test.ts +++ b/src/plugin-sdk/outbound-media.test.ts @@ -1,5 +1,4 @@ -import { describe, expect, it, vi } from "vitest"; -import { loadOutboundMediaFromUrl } from "./outbound-media.js"; +import { beforeEach, describe, expect, it, vi } from "vitest"; const loadWebMediaMock = vi.hoisted(() => vi.fn()); @@ -7,7 +6,17 @@ vi.mock("../../extensions/whatsapp/src/media.js", () => ({ loadWebMedia: loadWebMediaMock, })); +type OutboundMediaModule = typeof import("./outbound-media.js"); + +let loadOutboundMediaFromUrl: OutboundMediaModule["loadOutboundMediaFromUrl"]; + describe("loadOutboundMediaFromUrl", () => { + beforeEach(async () => { + vi.resetModules(); + ({ loadOutboundMediaFromUrl } = await import("./outbound-media.js")); + loadWebMediaMock.mockReset(); + }); + it("forwards maxBytes and mediaLocalRoots to loadWebMedia", async () => { loadWebMediaMock.mockResolvedValueOnce({ buffer: Buffer.from("x"), diff --git a/src/plugin-sdk/phone-control.ts b/src/plugin-sdk/phone-control.ts index 394ff9c88ee..c116eba1076 100644 --- a/src/plugin-sdk/phone-control.ts +++ b/src/plugin-sdk/phone-control.ts @@ -1,6 +1,7 @@ // Narrow plugin-sdk surface for the bundled phone-control plugin. // Keep this list additive and scoped to symbols used under extensions/phone-control. +export { definePluginEntry } from "./core.js"; export type { OpenClawPluginApi, OpenClawPluginCommandDefinition, diff --git a/src/plugin-sdk/plugin-runtime.ts b/src/plugin-sdk/plugin-runtime.ts new file mode 100644 index 00000000000..7286beae159 --- /dev/null +++ b/src/plugin-sdk/plugin-runtime.ts @@ -0,0 +1,8 @@ +// Public plugin-command/hook helpers for plugins that extend shared command or hook flows. + +export * from "../plugins/commands.js"; +export * from "../plugins/hook-runner-global.js"; +export * from "../plugins/http-path.js"; +export * from "../plugins/http-registry.js"; +export * from "../plugins/interactive.js"; +export * from "../plugins/types.js"; diff --git a/src/plugin-sdk/process-runtime.ts b/src/plugin-sdk/process-runtime.ts new file mode 100644 index 00000000000..826ed2d1197 --- /dev/null +++ b/src/plugin-sdk/process-runtime.ts @@ -0,0 +1,3 @@ +// Public process helpers for plugins that spawn or probe local commands. + +export * from "../process/exec.js"; diff --git a/src/plugin-sdk/provider-auth.ts b/src/plugin-sdk/provider-auth.ts new file mode 100644 index 00000000000..84373befb88 --- /dev/null +++ b/src/plugin-sdk/provider-auth.ts @@ -0,0 +1,49 @@ +// Public auth/onboarding helpers for provider plugins. + +export type { OpenClawConfig } from "../config/config.js"; +export type { SecretInput } from "../config/types.secrets.js"; +export type { ProviderAuthResult } from "../plugins/types.js"; +export type { ProviderAuthContext } from "../plugins/types.js"; +export type { AuthProfileStore, OAuthCredential } from "../agents/auth-profiles/types.js"; +export { buildOauthProviderAuthResult } from "./provider-auth-result.js"; + +export { + CLAUDE_CLI_PROFILE_ID, + CODEX_CLI_PROFILE_ID, + ensureAuthProfileStore, + listProfilesForProvider, + suggestOAuthProfileIdForLegacyDefault, + upsertAuthProfile, +} from "../agents/auth-profiles.js"; +export { + MINIMAX_OAUTH_MARKER, + resolveOAuthApiKeyMarker, + resolveNonEnvSecretRefApiKeyMarker, +} from "../agents/model-auth-markers.js"; +export { + formatApiKeyPreview, + normalizeApiKeyInput, + validateApiKeyInput, +} from "../plugins/provider-auth-input.js"; +export { + ensureApiKeyFromOptionEnvOrPrompt, + normalizeSecretInputModeInput, + promptSecretRefForSetup, + resolveSecretInputModeForEnvSelection, +} from "../plugins/provider-auth-input.js"; +export { + buildTokenProfileId, + validateAnthropicSetupToken, +} from "../plugins/provider-auth-token.js"; +export { applyAuthProfileConfig, buildApiKeyCredential } from "../plugins/provider-auth-helpers.js"; +export { githubCopilotLoginCommand } from "../providers/github-copilot-auth.js"; +export { loginChutes } from "../commands/chutes-oauth.js"; +export { loginOpenAICodexOAuth } from "../plugins/provider-openai-codex-oauth.js"; +export { createProviderApiKeyAuthMethod } from "../plugins/provider-api-key-auth.js"; +export { coerceSecretRef } from "../config/types.secrets.js"; +export { resolveDefaultSecretProviderAlias } from "../secrets/ref-contract.js"; +export { resolveRequiredHomeDir } from "../infra/home-dir.js"; +export { + normalizeOptionalSecretInput, + normalizeSecretInput, +} from "../utils/normalize-secret-input.js"; diff --git a/src/plugin-sdk/provider-catalog.ts b/src/plugin-sdk/provider-catalog.ts new file mode 100644 index 00000000000..7295658a3cb --- /dev/null +++ b/src/plugin-sdk/provider-catalog.ts @@ -0,0 +1,9 @@ +// Public provider catalog helpers for provider plugins. + +export type { ProviderCatalogContext, ProviderCatalogResult } from "../plugins/types.js"; + +export { + buildPairedProviderApiKeyCatalog, + buildSingleProviderApiKeyCatalog, + findCatalogTemplate, +} from "../plugins/provider-catalog.js"; diff --git a/src/plugin-sdk/provider-models.ts b/src/plugin-sdk/provider-models.ts new file mode 100644 index 00000000000..996135c9011 --- /dev/null +++ b/src/plugin-sdk/provider-models.ts @@ -0,0 +1,153 @@ +// Public model/catalog helpers for provider plugins. + +import type { ModelDefinitionConfig } from "../config/types.models.js"; +import { + KILOCODE_DEFAULT_CONTEXT_WINDOW, + KILOCODE_DEFAULT_COST, + KILOCODE_DEFAULT_MAX_TOKENS, + KILOCODE_DEFAULT_MODEL_ID, + KILOCODE_DEFAULT_MODEL_NAME, +} from "../providers/kilocode-shared.js"; + +export type { ModelApi, ModelProviderConfig } from "../config/types.models.js"; +export type { ModelDefinitionConfig } from "../config/types.models.js"; +export type { ProviderPlugin } from "../plugins/types.js"; + +export { DEFAULT_CONTEXT_TOKENS } from "../agents/defaults.js"; +export { normalizeModelCompat } from "../agents/model-compat.js"; +export { normalizeProviderId } from "../agents/provider-id.js"; +export { cloneFirstTemplateModel } from "../plugins/provider-model-helpers.js"; + +export { + applyGoogleGeminiModelDefault, + GOOGLE_GEMINI_DEFAULT_MODEL, +} from "../plugins/provider-model-defaults.js"; +export { applyOpenAIConfig, OPENAI_DEFAULT_MODEL } from "../plugins/provider-model-defaults.js"; +export { OPENCODE_GO_DEFAULT_MODEL_REF } from "../plugins/provider-model-defaults.js"; +export { OPENCODE_ZEN_DEFAULT_MODEL } from "../plugins/provider-model-defaults.js"; +export { OPENCODE_ZEN_DEFAULT_MODEL_REF } from "../agents/opencode-zen-models.js"; +export { + buildMinimaxApiModelDefinition, + DEFAULT_MINIMAX_BASE_URL, + MINIMAX_API_BASE_URL, + MINIMAX_CN_API_BASE_URL, + MINIMAX_HOSTED_COST, + MINIMAX_HOSTED_MODEL_ID, + MINIMAX_HOSTED_MODEL_REF, + MINIMAX_LM_STUDIO_COST, +} from "../../extensions/minimax/model-definitions.js"; +export { + buildMistralModelDefinition, + MISTRAL_BASE_URL, + MISTRAL_DEFAULT_MODEL_ID, + MISTRAL_DEFAULT_MODEL_REF, +} from "../../extensions/mistral/model-definitions.js"; +export { + buildModelStudioDefaultModelDefinition, + buildModelStudioModelDefinition, + MODELSTUDIO_CN_BASE_URL, + MODELSTUDIO_DEFAULT_MODEL_ID, + MODELSTUDIO_DEFAULT_MODEL_REF, + MODELSTUDIO_GLOBAL_BASE_URL, +} from "../../extensions/modelstudio/model-definitions.js"; +export { MOONSHOT_BASE_URL } from "../../extensions/moonshot/provider-catalog.js"; +export { MOONSHOT_CN_BASE_URL } from "../../extensions/moonshot/onboard.js"; +export { + buildXaiModelDefinition, + XAI_BASE_URL, + XAI_DEFAULT_MODEL_ID, + XAI_DEFAULT_MODEL_REF, +} from "../../extensions/xai/model-definitions.js"; +export { + buildZaiModelDefinition, + resolveZaiBaseUrl, + ZAI_CODING_CN_BASE_URL, + ZAI_CODING_GLOBAL_BASE_URL, + ZAI_CN_BASE_URL, + ZAI_DEFAULT_MODEL_ID, + ZAI_DEFAULT_MODEL_REF, + ZAI_GLOBAL_BASE_URL, +} from "../../extensions/zai/model-definitions.js"; + +export { + buildCloudflareAiGatewayModelDefinition, + CLOUDFLARE_AI_GATEWAY_DEFAULT_MODEL_REF, + resolveCloudflareAiGatewayBaseUrl, +} from "../agents/cloudflare-ai-gateway.js"; +export { + discoverHuggingfaceModels, + HUGGINGFACE_BASE_URL, + HUGGINGFACE_MODEL_CATALOG, + buildHuggingfaceModelDefinition, +} from "../agents/huggingface-models.js"; +export { discoverKilocodeModels } from "../agents/kilocode-models.js"; +export { + buildChutesModelDefinition, + CHUTES_BASE_URL, + CHUTES_DEFAULT_MODEL_ID, + CHUTES_DEFAULT_MODEL_REF, + CHUTES_MODEL_CATALOG, + discoverChutesModels, +} from "../agents/chutes-models.js"; +export { resolveOllamaApiBase } from "../agents/ollama-models.js"; +export { + buildSyntheticModelDefinition, + SYNTHETIC_BASE_URL, + SYNTHETIC_DEFAULT_MODEL_REF, + SYNTHETIC_MODEL_CATALOG, +} from "../agents/synthetic-models.js"; +export { + buildTogetherModelDefinition, + TOGETHER_BASE_URL, + TOGETHER_MODEL_CATALOG, +} from "../agents/together-models.js"; +export { + discoverVeniceModels, + VENICE_BASE_URL, + VENICE_DEFAULT_MODEL_REF, + VENICE_MODEL_CATALOG, + buildVeniceModelDefinition, +} from "../agents/venice-models.js"; +export { + BYTEPLUS_BASE_URL, + BYTEPLUS_CODING_BASE_URL, + BYTEPLUS_CODING_MODEL_CATALOG, + BYTEPLUS_MODEL_CATALOG, + buildBytePlusModelDefinition, +} from "../agents/byteplus-models.js"; +export { + DOUBAO_BASE_URL, + DOUBAO_CODING_BASE_URL, + DOUBAO_CODING_MODEL_CATALOG, + DOUBAO_MODEL_CATALOG, + buildDoubaoModelDefinition, +} from "../agents/doubao-models.js"; +export { OLLAMA_DEFAULT_BASE_URL } from "../agents/ollama-defaults.js"; +export { VLLM_DEFAULT_BASE_URL } from "../agents/vllm-defaults.js"; +export { SGLANG_DEFAULT_BASE_URL } from "../agents/sglang-defaults.js"; +export { + KILOCODE_BASE_URL, + KILOCODE_DEFAULT_CONTEXT_WINDOW, + KILOCODE_DEFAULT_COST, + KILOCODE_DEFAULT_MODEL_REF, + KILOCODE_DEFAULT_MAX_TOKENS, + KILOCODE_DEFAULT_MODEL_ID, + KILOCODE_DEFAULT_MODEL_NAME, + KILOCODE_MODEL_CATALOG, +} from "../providers/kilocode-shared.js"; +export { + discoverVercelAiGatewayModels, + VERCEL_AI_GATEWAY_BASE_URL, +} from "../agents/vercel-ai-gateway.js"; + +export function buildKilocodeModelDefinition(): ModelDefinitionConfig { + return { + id: KILOCODE_DEFAULT_MODEL_ID, + name: KILOCODE_DEFAULT_MODEL_NAME, + reasoning: true, + input: ["text", "image"], + cost: KILOCODE_DEFAULT_COST, + contextWindow: KILOCODE_DEFAULT_CONTEXT_WINDOW, + maxTokens: KILOCODE_DEFAULT_MAX_TOKENS, + }; +} diff --git a/src/plugin-sdk/provider-onboard.ts b/src/plugin-sdk/provider-onboard.ts new file mode 100644 index 00000000000..35b9287bcc8 --- /dev/null +++ b/src/plugin-sdk/provider-onboard.ts @@ -0,0 +1,16 @@ +// Public config patch helpers for provider onboarding flows. + +export type { OpenClawConfig } from "../config/config.js"; +export type { + ModelApi, + ModelDefinitionConfig, + ModelProviderConfig, +} from "../config/types.models.js"; +export { + applyAgentDefaultModelPrimary, + applyOnboardAuthAgentModelsAndProviders, + applyProviderConfigWithDefaultModel, + applyProviderConfigWithDefaultModels, + applyProviderConfigWithModelCatalog, +} from "../plugins/provider-onboarding-config.js"; +export { ensureModelAllowlistEntry } from "../plugins/provider-model-allowlist.js"; diff --git a/src/plugin-sdk/provider-setup.ts b/src/plugin-sdk/provider-setup.ts index 6569c36a324..57f1a94e3bd 100644 --- a/src/plugin-sdk/provider-setup.ts +++ b/src/plugin-sdk/provider-setup.ts @@ -15,21 +15,21 @@ export { SELF_HOSTED_DEFAULT_CONTEXT_WINDOW, SELF_HOSTED_DEFAULT_COST, SELF_HOSTED_DEFAULT_MAX_TOKENS, -} from "../commands/self-hosted-provider-setup.js"; +} from "../plugins/provider-self-hosted-setup.js"; export { OLLAMA_DEFAULT_BASE_URL, OLLAMA_DEFAULT_MODEL, configureOllamaNonInteractive, ensureOllamaModelPulled, promptAndConfigureOllama, -} from "../commands/ollama-setup.js"; +} from "../plugins/provider-ollama-setup.js"; export { VLLM_DEFAULT_BASE_URL, VLLM_DEFAULT_CONTEXT_WINDOW, VLLM_DEFAULT_COST, VLLM_DEFAULT_MAX_TOKENS, promptAndConfigureVllm, -} from "../commands/vllm-setup.js"; +} from "../plugins/provider-vllm-setup.js"; export { buildOllamaProvider, buildSglangProvider, diff --git a/src/plugin-sdk/provider-stream.ts b/src/plugin-sdk/provider-stream.ts new file mode 100644 index 00000000000..19b8fe76092 --- /dev/null +++ b/src/plugin-sdk/provider-stream.ts @@ -0,0 +1,17 @@ +// Public stream-wrapper helpers for provider plugins. + +export { + createKilocodeWrapper, + createOpenRouterSystemCacheWrapper, + createOpenRouterWrapper, + isProxyReasoningUnsupported, +} from "../agents/pi-embedded-runner/proxy-stream-wrappers.js"; +export { + createMoonshotThinkingWrapper, + resolveMoonshotThinkingType, +} from "../agents/pi-embedded-runner/moonshot-stream-wrappers.js"; +export { createZaiToolStreamWrapper } from "../agents/pi-embedded-runner/zai-stream-wrappers.js"; +export { + getOpenRouterModelCapabilities, + loadOpenRouterModelCapabilities, +} from "../agents/pi-embedded-runner/openrouter-model-capabilities.js"; diff --git a/src/plugin-sdk/provider-usage.ts b/src/plugin-sdk/provider-usage.ts new file mode 100644 index 00000000000..9b63a53ea93 --- /dev/null +++ b/src/plugin-sdk/provider-usage.ts @@ -0,0 +1,25 @@ +// Public usage fetch helpers for provider plugins. + +export type { + ProviderUsageSnapshot, + UsageProviderId, + UsageWindow, +} from "../infra/provider-usage.types.js"; + +export { + fetchClaudeUsage, + fetchCodexUsage, + fetchGeminiUsage, + fetchMinimaxUsage, + fetchZaiUsage, +} from "../infra/provider-usage.fetch.js"; +export { + clampPercent, + PROVIDER_LABELS, + resolveLegacyPiAgentAccessToken, +} from "../infra/provider-usage.shared.js"; +export { + buildUsageErrorSnapshot, + buildUsageHttpErrorSnapshot, + fetchJson, +} from "../infra/provider-usage.fetch.shared.js"; diff --git a/src/plugin-sdk/provider-web-search.ts b/src/plugin-sdk/provider-web-search.ts new file mode 100644 index 00000000000..551c3d5ed5d --- /dev/null +++ b/src/plugin-sdk/provider-web-search.ts @@ -0,0 +1,18 @@ +// Public web-search registration helpers for provider plugins. + +export { + createPluginBackedWebSearchProvider, + getScopedCredentialValue, + getTopLevelCredentialValue, + setScopedCredentialValue, + setTopLevelCredentialValue, +} from "../agents/tools/web-search-plugin-factory.js"; +export { withTrustedWebToolsEndpoint } from "../agents/tools/web-guarded-fetch.js"; +export { + DEFAULT_CACHE_TTL_MINUTES, + normalizeCacheKey, + readCache, + readResponseText, + resolveCacheTtlMs, + writeCache, +} from "../agents/tools/web-shared.js"; diff --git a/src/plugin-sdk/qwen-portal-auth.ts b/src/plugin-sdk/qwen-portal-auth.ts index 01533a77e8c..adc61259a09 100644 --- a/src/plugin-sdk/qwen-portal-auth.ts +++ b/src/plugin-sdk/qwen-portal-auth.ts @@ -1,11 +1,14 @@ // Narrow plugin-sdk surface for the bundled qwen-portal-auth plugin. // Keep this list additive and scoped to symbols used under extensions/qwen-portal-auth. -export { emptyPluginConfigSchema } from "../plugins/config-schema.js"; +export { definePluginEntry } from "./core.js"; export { buildOauthProviderAuthResult } from "./provider-auth-result.js"; export type { OpenClawPluginApi, ProviderAuthContext, ProviderCatalogContext, } from "../plugins/types.js"; +export { ensureAuthProfileStore, listProfilesForProvider } from "../agents/auth-profiles.js"; +export { QWEN_OAUTH_MARKER } from "../agents/model-auth-markers.js"; +export { refreshQwenPortalCredentials } from "../providers/qwen-portal-oauth.js"; export { generatePkceVerifierChallenge, toFormUrlEncoded } from "./oauth-utils.js"; diff --git a/src/plugin-sdk/reply-history.ts b/src/plugin-sdk/reply-history.ts new file mode 100644 index 00000000000..d327b767a99 --- /dev/null +++ b/src/plugin-sdk/reply-history.ts @@ -0,0 +1,14 @@ +/** Shared reply-history helpers for plugins that keep short per-thread context windows. */ +export type { HistoryEntry } from "../auto-reply/reply/history.js"; +export { + DEFAULT_GROUP_HISTORY_LIMIT, + buildHistoryContext, + buildHistoryContextFromEntries, + buildHistoryContextFromMap, + buildPendingHistoryContextFromMap, + clearHistoryEntries, + clearHistoryEntriesIfEnabled, + evictOldHistoryKeys, + recordPendingHistoryEntry, + recordPendingHistoryEntryIfEnabled, +} from "../auto-reply/reply/history.js"; diff --git a/src/plugin-sdk/reply-runtime.ts b/src/plugin-sdk/reply-runtime.ts new file mode 100644 index 00000000000..689cf4cdba7 --- /dev/null +++ b/src/plugin-sdk/reply-runtime.ts @@ -0,0 +1,31 @@ +// Shared agent/reply runtime helpers for channel plugins. Keep channel plugins +// off direct src/auto-reply imports by routing common reply primitives here. + +export * from "../auto-reply/chunk.js"; +export * from "../auto-reply/command-auth.js"; +export * from "../auto-reply/command-detection.js"; +export * from "../auto-reply/commands-registry.js"; +export * from "../auto-reply/dispatch.js"; +export * from "../auto-reply/group-activation.js"; +export * from "../auto-reply/heartbeat.js"; +export * from "../auto-reply/heartbeat-reply-payload.js"; +export * from "../auto-reply/inbound-debounce.js"; +export * from "../auto-reply/reply.js"; +export * from "../auto-reply/tokens.js"; +export * from "../auto-reply/envelope.js"; +export * from "../auto-reply/reply/history.js"; +export * from "../auto-reply/reply/abort.js"; +export * from "../auto-reply/reply/btw-command.js"; +export * from "../auto-reply/reply/commands-models.js"; +export * from "../auto-reply/reply/inbound-dedupe.js"; +export * from "../auto-reply/reply/inbound-context.js"; +export * from "../auto-reply/reply/mentions.js"; +export * from "../auto-reply/reply/reply-dispatcher.js"; +export * from "../auto-reply/reply/reply-reference.js"; +export * from "../auto-reply/reply/provider-dispatcher.js"; +export * from "../auto-reply/reply/model-selection.js"; +export * from "../auto-reply/reply/commands-info.js"; +export * from "../auto-reply/skill-commands.js"; +export * from "../auto-reply/status.js"; +export type { ReplyPayload } from "../auto-reply/types.js"; +export type { FinalizedMsgContext, MsgContext } from "../auto-reply/templating.js"; diff --git a/src/plugin-sdk/root-alias.cjs b/src/plugin-sdk/root-alias.cjs index 9f3ab45379f..0013b32d21f 100644 --- a/src/plugin-sdk/root-alias.cjs +++ b/src/plugin-sdk/root-alias.cjs @@ -69,6 +69,9 @@ function getJiti() { const { createJiti } = require("jiti"); jitiLoader = createJiti(__filename, { interopDefault: true, + // Prefer Node's native sync ESM loader for built dist/plugin-sdk/*.js files + // so local plugins do not create a second transpiled OpenClaw core graph. + tryNative: true, extensions: [".ts", ".tsx", ".mts", ".cts", ".mtsx", ".ctsx", ".js", ".mjs", ".cjs", ".json"], }); return jitiLoader; @@ -81,7 +84,7 @@ function loadMonolithicSdk() { const jiti = getJiti(); - const distCandidate = path.resolve(__dirname, "..", "..", "dist", "plugin-sdk", "index.js"); + const distCandidate = path.resolve(__dirname, "..", "..", "dist", "plugin-sdk", "compat.js"); if (fs.existsSync(distCandidate)) { try { monolithicSdk = jiti(distCandidate); @@ -91,7 +94,7 @@ function loadMonolithicSdk() { } } - monolithicSdk = jiti(path.join(__dirname, "index.ts")); + monolithicSdk = jiti(path.join(__dirname, "compat.ts")); return monolithicSdk; } diff --git a/src/plugin-sdk/root-alias.test.ts b/src/plugin-sdk/root-alias.test.ts index 4822c247323..3c30dbee6be 100644 --- a/src/plugin-sdk/root-alias.test.ts +++ b/src/plugin-sdk/root-alias.test.ts @@ -25,6 +25,7 @@ function loadRootAliasWithStubs(options?: { }) { let createJitiCalls = 0; let jitiLoadCalls = 0; + let lastJitiOptions: Record | undefined; const loadedSpecifiers: string[] = []; const monolithicExports = options?.monolithicExports ?? { slowHelper: () => "loaded", @@ -52,8 +53,9 @@ function loadRootAliasWithStubs(options?: { } if (id === "jiti") { return { - createJiti() { + createJiti(_filename: string, jitiOptions?: Record) { createJitiCalls += 1; + lastJitiOptions = jitiOptions; return (specifier: string) => { jitiLoadCalls += 1; loadedSpecifiers.push(specifier); @@ -73,6 +75,9 @@ function loadRootAliasWithStubs(options?: { get jitiLoadCalls() { return jitiLoadCalls; }, + get lastJitiOptions() { + return lastJitiOptions; + }, loadedSpecifiers, }; } @@ -116,6 +121,7 @@ describe("plugin-sdk root alias", () => { expect("slowHelper" in lazyRootSdk).toBe(true); expect(lazyModule.createJitiCalls).toBe(1); expect(lazyModule.jitiLoadCalls).toBe(1); + expect(lazyModule.lastJitiOptions?.tryNative).toBe(true); expect((lazyRootSdk.slowHelper as () => string)()).toBe("loaded"); expect(Object.keys(lazyRootSdk)).toContain("slowHelper"); expect(Object.getOwnPropertyDescriptor(lazyRootSdk, "slowHelper")).toBeDefined(); diff --git a/src/plugin-sdk/routing.ts b/src/plugin-sdk/routing.ts index 921d085ae55..144304a607c 100644 --- a/src/plugin-sdk/routing.ts +++ b/src/plugin-sdk/routing.ts @@ -1,6 +1,31 @@ export { buildAgentSessionKey, + deriveLastRoutePolicy, + resolveAgentRoute, + resolveInboundLastRouteSessionKey, + type ResolvedAgentRoute, type RoutePeer, type RoutePeerKind, } from "../routing/resolve-route.js"; -export { resolveThreadSessionKeys } from "../routing/session-key.js"; +export { + buildAgentMainSessionKey, + DEFAULT_ACCOUNT_ID, + DEFAULT_MAIN_KEY, + buildGroupHistoryKey, + isCronSessionKey, + isSubagentSessionKey, + normalizeAccountId, + normalizeAgentId, + normalizeMainKey, + normalizeOptionalAccountId, + parseAgentSessionKey, + resolveAgentIdFromSessionKey, + resolveThreadSessionKeys, + sanitizeAgentId, +} from "../routing/session-key.js"; +export { resolveAccountEntry } from "../routing/account-lookup.js"; +export { listBoundAccountIds, resolveDefaultAgentBoundAccountId } from "../routing/bindings.js"; +export { + formatSetExplicitDefaultInstruction, + formatSetExplicitDefaultToConfiguredInstruction, +} from "../routing/default-account-warnings.js"; diff --git a/src/plugin-sdk/runtime-env.ts b/src/plugin-sdk/runtime-env.ts new file mode 100644 index 00000000000..c216bbbfbe6 --- /dev/null +++ b/src/plugin-sdk/runtime-env.ts @@ -0,0 +1,21 @@ +// Shared process/runtime utilities for plugins. This is the public boundary for +// logger wiring, runtime env shims, and global verbose console helpers. + +export type { RuntimeEnv } from "../runtime.js"; +export { createNonExitingRuntime, defaultRuntime } from "../runtime.js"; +export { + danger, + info, + isVerbose, + isYes, + logVerbose, + logVerboseConsole, + setVerbose, + setYes, + shouldLogVerbose, + success, + warn, +} from "../globals.js"; +export * from "../logging.js"; +export { waitForAbortSignal } from "../infra/abort-signal.js"; +export { registerUnhandledRejectionHandler } from "../infra/unhandled-rejections.js"; diff --git a/src/plugin-sdk/runtime-store.ts b/src/plugin-sdk/runtime-store.ts index 67e8bb3644c..34257c918b0 100644 --- a/src/plugin-sdk/runtime-store.ts +++ b/src/plugin-sdk/runtime-store.ts @@ -1,3 +1,5 @@ +export type { PluginRuntime } from "../plugins/runtime/types.js"; + /** Create a tiny mutable runtime slot with strict access when the runtime has not been initialized. */ export function createPluginRuntimeStore(errorMessage: string): { setRuntime: (next: T) => void; diff --git a/src/plugin-sdk/runtime.ts b/src/plugin-sdk/runtime.ts index 75b6f955dc7..ec39c97a549 100644 --- a/src/plugin-sdk/runtime.ts +++ b/src/plugin-sdk/runtime.ts @@ -1,5 +1,23 @@ import { format } from "node:util"; import type { RuntimeEnv } from "../runtime.js"; +export type { RuntimeEnv } from "../runtime.js"; +export { createNonExitingRuntime, defaultRuntime } from "../runtime.js"; +export { + danger, + info, + isVerbose, + isYes, + logVerbose, + logVerboseConsole, + setVerbose, + setYes, + shouldLogVerbose, + success, + warn, +} from "../globals.js"; +export * from "../logging.js"; +export { waitForAbortSignal } from "../infra/abort-signal.js"; +export { registerUnhandledRejectionHandler } from "../infra/unhandled-rejections.js"; type LoggerLike = { info: (message: string) => void; diff --git a/src/plugin-sdk/security-runtime.ts b/src/plugin-sdk/security-runtime.ts new file mode 100644 index 00000000000..4b7c42bbef3 --- /dev/null +++ b/src/plugin-sdk/security-runtime.ts @@ -0,0 +1,6 @@ +// Public security/policy helpers for plugins that need shared trust and DM gating logic. + +export * from "../security/channel-metadata.js"; +export * from "../security/dm-policy-shared.js"; +export * from "../security/external-content.js"; +export * from "../security/safe-regex.js"; diff --git a/src/plugin-sdk/self-hosted-provider-setup.ts b/src/plugin-sdk/self-hosted-provider-setup.ts index 950bbbb953e..47fe7d6588f 100644 --- a/src/plugin-sdk/self-hosted-provider-setup.ts +++ b/src/plugin-sdk/self-hosted-provider-setup.ts @@ -15,7 +15,7 @@ export { SELF_HOSTED_DEFAULT_CONTEXT_WINDOW, SELF_HOSTED_DEFAULT_COST, SELF_HOSTED_DEFAULT_MAX_TOKENS, -} from "../commands/self-hosted-provider-setup.js"; +} from "../plugins/provider-self-hosted-setup.js"; export { buildSglangProvider, diff --git a/src/plugin-sdk/setup-tools.ts b/src/plugin-sdk/setup-tools.ts new file mode 100644 index 00000000000..d2a625c608d --- /dev/null +++ b/src/plugin-sdk/setup-tools.ts @@ -0,0 +1,4 @@ +export { formatCliCommand } from "../cli/command-format.js"; +export { detectBinary } from "../plugins/setup-binary.js"; +export { installSignalCli } from "../plugins/signal-cli-install.js"; +export { formatDocsLink } from "../terminal/links.js"; diff --git a/src/plugin-sdk/setup.ts b/src/plugin-sdk/setup.ts new file mode 100644 index 00000000000..065fbfeed9c --- /dev/null +++ b/src/plugin-sdk/setup.ts @@ -0,0 +1,61 @@ +// Shared setup wizard/types/helpers for extension setup surfaces and adapters. + +export type { OpenClawConfig } from "../config/config.js"; +export type { DmPolicy, GroupPolicy } from "../config/types.js"; +export type { SecretInput } from "../config/types.secrets.js"; +export type { WizardPrompter } from "../wizard/prompts.js"; +export type { ChannelSetupAdapter } from "../channels/plugins/types.adapters.js"; +export type { ChannelSetupInput } from "../channels/plugins/types.core.js"; +export type { ChannelSetupDmPolicy } from "../channels/plugins/setup-wizard-types.js"; +export type { + ChannelSetupWizard, + ChannelSetupWizardAllowFromEntry, + ChannelSetupWizardTextInput, +} from "../channels/plugins/setup-wizard.js"; + +export { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../routing/session-key.js"; +export { formatCliCommand } from "../cli/command-format.js"; +export { detectBinary } from "../plugins/setup-binary.js"; +export { installSignalCli } from "../plugins/signal-cli-install.js"; +export { formatDocsLink } from "../terminal/links.js"; +export { hasConfiguredSecretInput, normalizeSecretInputString } from "../config/types.secrets.js"; +export { normalizeE164, pathExists } from "../utils.js"; + +export { + applyAccountNameToChannelSection, + applySetupAccountConfigPatch, + createEnvPatchedAccountSetupAdapter, + createPatchedAccountSetupAdapter, + migrateBaseNameToDefaultAccount, + patchScopedAccountConfig, + prepareScopedSetupConfig, +} from "../channels/plugins/setup-helpers.js"; +export { + addWildcardAllowFrom, + buildSingleChannelSecretPromptState, + mergeAllowFromEntries, + normalizeAllowFromEntries, + noteChannelLookupFailure, + noteChannelLookupSummary, + parseMentionOrPrefixedId, + parseSetupEntriesAllowingWildcard, + parseSetupEntriesWithParser, + patchChannelConfigForAccount, + promptLegacyChannelAllowFrom, + promptParsedAllowFromForScopedChannel, + promptSingleChannelSecretInput, + promptResolvedAllowFrom, + resolveSetupAccountId, + runSingleChannelSecretStep, + setAccountGroupPolicyForChannel, + setChannelDmPolicyWithAllowFrom, + setLegacyChannelDmPolicyWithAllowFrom, + setSetupChannelEnabled, + setTopLevelChannelAllowFrom, + setTopLevelChannelDmPolicyWithAllowFrom, + setTopLevelChannelGroupPolicy, + splitSetupEntries, +} from "../channels/plugins/setup-wizard-helpers.js"; +export { createAllowlistSetupWizardProxy } from "../channels/plugins/setup-wizard-proxy.js"; + +export { formatResolvedUnresolvedNote } from "./resolution-notes.js"; diff --git a/src/plugin-sdk/signal-core.ts b/src/plugin-sdk/signal-core.ts new file mode 100644 index 00000000000..42b1facd2af --- /dev/null +++ b/src/plugin-sdk/signal-core.ts @@ -0,0 +1,10 @@ +export type { ChannelPlugin } from "./channel-plugin-common.js"; +export { + DEFAULT_ACCOUNT_ID, + buildChannelConfigSchema, + deleteAccountFromConfigSection, + getChatChannelMeta, + setAccountEnabledInConfigSection, +} from "./channel-plugin-common.js"; +export { SignalConfigSchema } from "../config/zod-schema.providers-core.js"; +export { normalizeE164 } from "../utils.js"; diff --git a/src/plugin-sdk/signal.ts b/src/plugin-sdk/signal.ts index 8fd6fd2afd0..f44dfa2f9ff 100644 --- a/src/plugin-sdk/signal.ts +++ b/src/plugin-sdk/signal.ts @@ -1,5 +1,7 @@ export type { ChannelMessageActionAdapter } from "../channels/plugins/types.js"; +export type { OpenClawConfig } from "../config/config.js"; export type { SignalAccountConfig } from "../config/types.js"; +export type { ResolvedSignalAccount } from "../../extensions/signal/api.js"; export type { ChannelMessageActionContext, ChannelPlugin, @@ -19,11 +21,15 @@ export { normalizeAccountId, setAccountEnabledInConfigSection, } from "./channel-plugin-common.js"; +export { formatCliCommand } from "../cli/command-format.js"; +export { formatDocsLink } from "../terminal/links.js"; export { looksLikeSignalTargetId, normalizeSignalMessagingTarget, } from "../channels/plugins/normalize/signal.js"; +export { detectBinary } from "../plugins/setup-binary.js"; +export { installSignalCli } from "../plugins/signal-cli-install.js"; export { resolveAllowlistProviderRuntimeGroupPolicy, @@ -40,3 +46,12 @@ export { collectStatusIssuesFromLastError, createDefaultChannelRuntimeState, } from "./status-helpers.js"; + +export { + listEnabledSignalAccounts, + listSignalAccountIds, + resolveDefaultSignalAccountId, +} from "../../extensions/signal/api.js"; +export { resolveSignalReactionLevel } from "../../extensions/signal/runtime-api.js"; +export { removeReactionSignal, sendReactionSignal } from "../../extensions/signal/runtime-api.js"; +export { sendMessageSignal } from "../../extensions/signal/runtime-api.js"; diff --git a/src/plugin-sdk/slack-core.ts b/src/plugin-sdk/slack-core.ts new file mode 100644 index 00000000000..8df7ad669a7 --- /dev/null +++ b/src/plugin-sdk/slack-core.ts @@ -0,0 +1,4 @@ +export type { OpenClawConfig } from "../config/config.js"; +export type { ChannelPlugin } from "./channel-plugin-common.js"; +export { buildChannelConfigSchema, getChatChannelMeta } from "./channel-plugin-common.js"; +export { SlackConfigSchema } from "../config/zod-schema.providers-core.js"; diff --git a/src/plugin-sdk/slack-message-actions.ts b/src/plugin-sdk/slack-message-actions.ts index ef7a5f12876..64863623503 100644 --- a/src/plugin-sdk/slack-message-actions.ts +++ b/src/plugin-sdk/slack-message-actions.ts @@ -1,6 +1,5 @@ import type { AgentToolResult } from "@mariozechner/pi-agent-core"; -import { parseSlackBlocksInput } from "../../extensions/slack/src/blocks-input.js"; -import { buildSlackInteractiveBlocks } from "../../extensions/slack/src/blocks-render.js"; +import { parseSlackBlocksInput, buildSlackInteractiveBlocks } from "../../extensions/slack/api.js"; import { readNumberParam, readStringParam } from "../agents/tools/common.js"; import type { ChannelMessageActionContext } from "../channels/plugins/types.js"; import { normalizeInteractiveReply } from "../interactive/payload.js"; diff --git a/src/plugin-sdk/slack-targets.ts b/src/plugin-sdk/slack-targets.ts index be9ded918cf..20ea56e44d1 100644 --- a/src/plugin-sdk/slack-targets.ts +++ b/src/plugin-sdk/slack-targets.ts @@ -3,4 +3,4 @@ export { resolveSlackChannelId, type SlackTarget, type SlackTargetKind, -} from "../../extensions/slack/src/targets.js"; +} from "../../extensions/slack/api.js"; diff --git a/src/plugin-sdk/slack.ts b/src/plugin-sdk/slack.ts index f7533b95687..4b78d14480d 100644 --- a/src/plugin-sdk/slack.ts +++ b/src/plugin-sdk/slack.ts @@ -1,5 +1,7 @@ export type { OpenClawConfig } from "../config/config.js"; export type { SlackAccountConfig } from "../config/types.slack.js"; +export type { InspectedSlackAccount } from "../../extensions/slack/api.js"; +export type { ResolvedSlackAccount } from "../../extensions/slack/api.js"; export type { ChannelMessageActionContext, ChannelPlugin, @@ -19,6 +21,7 @@ export { normalizeAccountId, setAccountEnabledInConfigSection, } from "./channel-plugin-common.js"; +export { formatDocsLink } from "../terminal/links.js"; export { projectCredentialSnapshotFields, @@ -43,3 +46,38 @@ export { } from "../channels/plugins/group-mentions.js"; export { SlackConfigSchema } from "../config/zod-schema.providers-core.js"; export { buildComputedAccountStatusSnapshot } from "./status-helpers.js"; + +export { + listEnabledSlackAccounts, + listSlackAccountIds, + resolveDefaultSlackAccountId, + resolveSlackReplyToMode, +} from "../../extensions/slack/api.js"; +export { isSlackInteractiveRepliesEnabled } from "../../extensions/slack/api.js"; +export { inspectSlackAccount } from "../../extensions/slack/api.js"; +export { parseSlackTarget, resolveSlackChannelId } from "./slack-targets.js"; +export { extractSlackToolSend, listSlackMessageActions } from "../../extensions/slack/api.js"; +export { buildSlackThreadingToolContext } from "../../extensions/slack/api.js"; +export { parseSlackBlocksInput } from "../../extensions/slack/api.js"; +export { handleSlackHttpRequest } from "../../extensions/slack/api.js"; +export { sendMessageSlack } from "../../extensions/slack/runtime-api.js"; +export { + deleteSlackMessage, + downloadSlackFile, + editSlackMessage, + getSlackMemberInfo, + listSlackEmojis, + listSlackPins, + listSlackReactions, + pinSlackMessage, + reactSlackMessage, + readSlackMessages, + removeOwnSlackReactions, + removeSlackReaction, + sendSlackMessage, + unpinSlackMessage, +} from "../../extensions/slack/api.js"; +export { recordSlackThreadParticipation } from "../../extensions/slack/api.js"; +export { handleSlackMessageAction } from "./slack-message-actions.js"; +export { createSlackActions } from "../channels/plugins/slack.actions.js"; +export type { SlackActionContext } from "../agents/tools/slack-actions.js"; diff --git a/src/plugin-sdk/speech-runtime.ts b/src/plugin-sdk/speech-runtime.ts new file mode 100644 index 00000000000..afe192c4f53 --- /dev/null +++ b/src/plugin-sdk/speech-runtime.ts @@ -0,0 +1,3 @@ +// Public runtime-facing speech helpers for feature/channel plugins. + +export { listSpeechVoices, textToSpeech, textToSpeechTelephony } from "../tts/runtime.js"; diff --git a/src/plugin-sdk/speech.ts b/src/plugin-sdk/speech.ts new file mode 100644 index 00000000000..3fb9758ffdc --- /dev/null +++ b/src/plugin-sdk/speech.ts @@ -0,0 +1,7 @@ +// Public speech-provider builders for bundled or third-party plugins. + +export { buildElevenLabsSpeechProvider } from "../tts/providers/elevenlabs.js"; +export { buildMicrosoftSpeechProvider } from "../tts/providers/microsoft.js"; +export { buildOpenAISpeechProvider } from "../tts/providers/openai.js"; +export { parseTtsDirectives } from "../tts/tts-core.js"; +export type { SpeechVoiceOption } from "../tts/provider-types.js"; diff --git a/src/plugin-sdk/state-paths.ts b/src/plugin-sdk/state-paths.ts new file mode 100644 index 00000000000..aeae39fa1f1 --- /dev/null +++ b/src/plugin-sdk/state-paths.ts @@ -0,0 +1,3 @@ +// Public state/config path helpers for plugins that persist small caches. + +export { resolveOAuthDir, resolveStateDir, STATE_DIR } from "../config/paths.js"; diff --git a/src/plugin-sdk/subpaths.test.ts b/src/plugin-sdk/subpaths.test.ts index eff2820af79..4e73ce9c26e 100644 --- a/src/plugin-sdk/subpaths.test.ts +++ b/src/plugin-sdk/subpaths.test.ts @@ -1,4 +1,3 @@ -import * as extensionApi from "openclaw/extension-api"; import * as compatSdk from "openclaw/plugin-sdk/compat"; import * as coreSdk from "openclaw/plugin-sdk/core"; import type { @@ -8,16 +7,21 @@ import type { } from "openclaw/plugin-sdk/core"; import * as discordSdk from "openclaw/plugin-sdk/discord"; import * as imessageSdk from "openclaw/plugin-sdk/imessage"; +import * as lazyRuntimeSdk from "openclaw/plugin-sdk/lazy-runtime"; import * as lineSdk from "openclaw/plugin-sdk/line"; import * as msteamsSdk from "openclaw/plugin-sdk/msteams"; import * as nostrSdk from "openclaw/plugin-sdk/nostr"; import * as ollamaSetupSdk from "openclaw/plugin-sdk/ollama-setup"; import * as providerSetupSdk from "openclaw/plugin-sdk/provider-setup"; +import * as routingSdk from "openclaw/plugin-sdk/routing"; +import * as runtimeSdk from "openclaw/plugin-sdk/runtime"; import * as sandboxSdk from "openclaw/plugin-sdk/sandbox"; import * as selfHostedProviderSetupSdk from "openclaw/plugin-sdk/self-hosted-provider-setup"; +import * as setupSdk from "openclaw/plugin-sdk/setup"; import * as signalSdk from "openclaw/plugin-sdk/signal"; import * as slackSdk from "openclaw/plugin-sdk/slack"; import * as telegramSdk from "openclaw/plugin-sdk/telegram"; +import * as testingSdk from "openclaw/plugin-sdk/testing"; import * as whatsappSdk from "openclaw/plugin-sdk/whatsapp"; import { describe, expect, expectTypeOf, it } from "vitest"; import type { ChannelMessageActionContext } from "../channels/plugins/types.js"; @@ -38,6 +42,19 @@ const bundledExtensionSubpathLoaders = pluginSdkSubpaths.map((id: string) => ({ })); const asExports = (mod: object) => mod as Record; +const ircSdk = await import("openclaw/plugin-sdk/irc"); +const feishuSdk = await import("openclaw/plugin-sdk/feishu"); +const googlechatSdk = await import("openclaw/plugin-sdk/googlechat"); +const zaloSdk = await import("openclaw/plugin-sdk/zalo"); +const synologyChatSdk = await import("openclaw/plugin-sdk/synology-chat"); +const zalouserSdk = await import("openclaw/plugin-sdk/zalouser"); +const tlonSdk = await import("openclaw/plugin-sdk/tlon"); +const acpxSdk = await import("openclaw/plugin-sdk/acpx"); +const bluebubblesSdk = await import("openclaw/plugin-sdk/bluebubbles"); +const matrixSdk = await import("openclaw/plugin-sdk/matrix"); +const mattermostSdk = await import("openclaw/plugin-sdk/mattermost"); +const nextcloudTalkSdk = await import("openclaw/plugin-sdk/nextcloud-talk"); +const twitchSdk = await import("openclaw/plugin-sdk/twitch"); describe("plugin-sdk subpath exports", () => { it("exports compat helpers", () => { @@ -45,17 +62,28 @@ describe("plugin-sdk subpath exports", () => { expect(typeof compatSdk.resolveControlCommandGate).toBe("function"); }); - it("exports core routing helpers", () => { - expect(typeof coreSdk.buildAgentSessionKey).toBe("function"); - expect(typeof coreSdk.resolveThreadSessionKeys).toBe("function"); - expect(typeof coreSdk.runPassiveAccountLifecycle).toBe("function"); - expect(typeof coreSdk.createLoggerBackedRuntime).toBe("function"); + it("keeps core focused on generic shared exports", () => { + expect(typeof coreSdk.emptyPluginConfigSchema).toBe("function"); + expect(typeof coreSdk.definePluginEntry).toBe("function"); + expect(typeof coreSdk.defineChannelPluginEntry).toBe("function"); + expect(typeof coreSdk.defineSetupPluginEntry).toBe("function"); + expect("runPassiveAccountLifecycle" in asExports(coreSdk)).toBe(false); + expect("createLoggerBackedRuntime" in asExports(coreSdk)).toBe(false); expect("registerSandboxBackend" in asExports(coreSdk)).toBe(false); expect("promptAndConfigureOpenAICompatibleSelfHostedProviderAuth" in asExports(coreSdk)).toBe( false, ); }); + it("exports routing helpers from the dedicated subpath", () => { + expect(typeof routingSdk.buildAgentSessionKey).toBe("function"); + expect(typeof routingSdk.resolveThreadSessionKeys).toBe("function"); + }); + + it("exports runtime helpers from the dedicated subpath", () => { + expect(typeof runtimeSdk.createLoggerBackedRuntime).toBe("function"); + }); + it("exports provider setup helpers from the dedicated subpath", () => { expect(typeof providerSetupSdk.buildVllmProvider).toBe("function"); expect(typeof providerSetupSdk.discoverOpenAICompatibleSelfHostedProvider).toBe("function"); @@ -64,6 +92,20 @@ describe("plugin-sdk subpath exports", () => { ); }); + it("exports shared setup helpers from the dedicated subpath", () => { + expect(typeof setupSdk.DEFAULT_ACCOUNT_ID).toBe("string"); + expect(typeof setupSdk.formatDocsLink).toBe("function"); + expect(typeof setupSdk.mergeAllowFromEntries).toBe("function"); + expect(typeof setupSdk.setTopLevelChannelDmPolicyWithAllowFrom).toBe("function"); + expect(typeof setupSdk.formatResolvedUnresolvedNote).toBe("function"); + }); + + it("exports shared lazy runtime helpers from the dedicated subpath", () => { + expect(typeof lazyRuntimeSdk.createLazyRuntimeSurface).toBe("function"); + expect(typeof lazyRuntimeSdk.createLazyRuntimeModule).toBe("function"); + expect(typeof lazyRuntimeSdk.createLazyRuntimeNamedExport).toBe("function"); + }); + it("exports narrow self-hosted provider setup helpers", () => { expect(typeof selfHostedProviderSetupSdk.buildVllmProvider).toBe("function"); expect(typeof selfHostedProviderSetupSdk.buildSglangProvider).toBe("function"); @@ -93,6 +135,11 @@ describe("plugin-sdk subpath exports", () => { expectTypeOf().toMatchTypeOf(); }); + it("exports the public testing seam", () => { + expect(typeof testingSdk.removeAckReactionAfterReply).toBe("function"); + expect(typeof testingSdk.shouldAckReaction).toBe("function"); + }); + it("keeps core shared types aligned with the channel prelude", () => { expectTypeOf().toMatchTypeOf(); expectTypeOf().toMatchTypeOf(); @@ -135,7 +182,6 @@ describe("plugin-sdk subpath exports", () => { }); it("exports IRC helpers", async () => { - const ircSdk = await import("openclaw/plugin-sdk/irc"); expect(typeof ircSdk.resolveIrcAccount).toBe("function"); expect(typeof ircSdk.ircSetupWizard).toBe("object"); expect(typeof ircSdk.ircSetupAdapter).toBe("object"); @@ -150,7 +196,6 @@ describe("plugin-sdk subpath exports", () => { }); it("exports Feishu helpers", async () => { - const feishuSdk = await import("openclaw/plugin-sdk/feishu"); expect(typeof feishuSdk.feishuSetupWizard).toBe("object"); expect(typeof feishuSdk.feishuSetupAdapter).toBe("object"); }); @@ -175,38 +220,32 @@ describe("plugin-sdk subpath exports", () => { }); it("exports Google Chat helpers", async () => { - const googlechatSdk = await import("openclaw/plugin-sdk/googlechat"); expect(typeof googlechatSdk.googlechatSetupWizard).toBe("object"); expect(typeof googlechatSdk.googlechatSetupAdapter).toBe("object"); }); it("exports Zalo helpers", async () => { - const zaloSdk = await import("openclaw/plugin-sdk/zalo"); expect(typeof zaloSdk.zaloSetupWizard).toBe("object"); expect(typeof zaloSdk.zaloSetupAdapter).toBe("object"); }); it("exports Synology Chat helpers", async () => { - const synologyChatSdk = await import("openclaw/plugin-sdk/synology-chat"); expect(typeof synologyChatSdk.synologyChatSetupWizard).toBe("object"); expect(typeof synologyChatSdk.synologyChatSetupAdapter).toBe("object"); }); it("exports Zalouser helpers", async () => { - const zalouserSdk = await import("openclaw/plugin-sdk/zalouser"); expect(typeof zalouserSdk.zalouserSetupWizard).toBe("object"); expect(typeof zalouserSdk.zalouserSetupAdapter).toBe("object"); }); it("exports Tlon helpers", async () => { - const tlonSdk = await import("openclaw/plugin-sdk/tlon"); expect(typeof tlonSdk.fetchWithSsrFGuard).toBe("function"); expect(typeof tlonSdk.tlonSetupWizard).toBe("object"); expect(typeof tlonSdk.tlonSetupAdapter).toBe("object"); }); it("exports acpx helpers", async () => { - const acpxSdk = await import("openclaw/plugin-sdk/acpx"); expect(typeof acpxSdk.listKnownProviderAuthEnvVarNames).toBe("function"); expect(typeof acpxSdk.omitEnvKeysCaseInsensitive).toBe("function"); }); @@ -220,30 +259,15 @@ describe("plugin-sdk subpath exports", () => { }); it("keeps the newly added bundled plugin-sdk contracts available", async () => { - const bluebubbles = await import("openclaw/plugin-sdk/bluebubbles"); - expect(typeof bluebubbles.parseFiniteNumber).toBe("function"); - - const matrix = await import("openclaw/plugin-sdk/matrix"); - expect(typeof matrix.matrixSetupWizard).toBe("object"); - expect(typeof matrix.matrixSetupAdapter).toBe("object"); - - const mattermost = await import("openclaw/plugin-sdk/mattermost"); - expect(typeof mattermost.parseStrictPositiveInteger).toBe("function"); - - const nextcloudTalk = await import("openclaw/plugin-sdk/nextcloud-talk"); - expect(typeof nextcloudTalk.waitForAbortSignal).toBe("function"); - - const twitch = await import("openclaw/plugin-sdk/twitch"); - expect(typeof twitch.DEFAULT_ACCOUNT_ID).toBe("string"); - expect(typeof twitch.normalizeAccountId).toBe("function"); - expect(typeof twitch.twitchSetupWizard).toBe("object"); - expect(typeof twitch.twitchSetupAdapter).toBe("object"); - - const zalo = await import("openclaw/plugin-sdk/zalo"); - expect(typeof zalo.resolveClientIp).toBe("function"); - }); - - it("exports the extension api bridge", () => { - expect(typeof extensionApi.runEmbeddedPiAgent).toBe("function"); + expect(typeof bluebubblesSdk.parseFiniteNumber).toBe("function"); + expect(typeof matrixSdk.matrixSetupWizard).toBe("object"); + expect(typeof matrixSdk.matrixSetupAdapter).toBe("object"); + expect(typeof mattermostSdk.parseStrictPositiveInteger).toBe("function"); + expect(typeof nextcloudTalkSdk.waitForAbortSignal).toBe("function"); + expect(typeof twitchSdk.DEFAULT_ACCOUNT_ID).toBe("string"); + expect(typeof twitchSdk.normalizeAccountId).toBe("function"); + expect(typeof twitchSdk.twitchSetupWizard).toBe("object"); + expect(typeof twitchSdk.twitchSetupAdapter).toBe("object"); + expect(typeof zaloSdk.resolveClientIp).toBe("function"); }); }); diff --git a/src/plugin-sdk/synology-chat.ts b/src/plugin-sdk/synology-chat.ts index f5fae73fbb2..17b916385bc 100644 --- a/src/plugin-sdk/synology-chat.ts +++ b/src/plugin-sdk/synology-chat.ts @@ -20,4 +20,4 @@ export { createFixedWindowRateLimiter } from "./webhook-memory-guards.js"; export { synologyChatSetupAdapter, synologyChatSetupWizard, -} from "../../extensions/synology-chat/src/setup-surface.js"; +} from "../../extensions/synology-chat/api.js"; diff --git a/src/plugin-sdk/talk-voice.ts b/src/plugin-sdk/talk-voice.ts index 3ee313ec42f..e89f210af62 100644 --- a/src/plugin-sdk/talk-voice.ts +++ b/src/plugin-sdk/talk-voice.ts @@ -1,4 +1,5 @@ // Narrow plugin-sdk surface for the bundled talk-voice plugin. // Keep this list additive and scoped to symbols used under extensions/talk-voice. +export { definePluginEntry } from "./core.js"; export type { OpenClawPluginApi } from "../plugins/types.js"; diff --git a/src/plugin-sdk/telegram-core.ts b/src/plugin-sdk/telegram-core.ts new file mode 100644 index 00000000000..a020a333fd3 --- /dev/null +++ b/src/plugin-sdk/telegram-core.ts @@ -0,0 +1,5 @@ +export type { OpenClawConfig } from "../config/config.js"; +export type { ChannelPlugin } from "./channel-plugin-common.js"; +export { buildChannelConfigSchema, getChatChannelMeta } from "./channel-plugin-common.js"; +export { normalizeAccountId } from "../routing/session-key.js"; +export { TelegramConfigSchema } from "../config/zod-schema.providers-core.js"; diff --git a/src/plugin-sdk/telegram.ts b/src/plugin-sdk/telegram.ts index 2eed87097f0..9a94e7c2d1c 100644 --- a/src/plugin-sdk/telegram.ts +++ b/src/plugin-sdk/telegram.ts @@ -2,30 +2,44 @@ export type { ChannelAccountSnapshot, ChannelGatewayContext, ChannelMessageActionAdapter, + ChannelPlugin, } from "../channels/plugins/types.js"; export type { OpenClawConfig } from "../config/config.js"; -export type { TelegramAccountConfig, TelegramActionConfig } from "../config/types.js"; +export type { PluginRuntime } from "../plugins/runtime/types.js"; +export type { OpenClawPluginApi } from "../plugins/types.js"; export type { - ChannelMessageActionContext, - ChannelPlugin, - OpenClawPluginApi, - PluginRuntime, -} from "./channel-plugin-common.js"; + TelegramAccountConfig, + TelegramActionConfig, + TelegramNetworkConfig, +} from "../config/types.js"; +export type { + ChannelConfiguredBindingProvider, + ChannelConfiguredBindingConversationRef, + ChannelConfiguredBindingMatch, +} from "../channels/plugins/types.adapters.js"; +export type { InspectedTelegramAccount } from "../../extensions/telegram/api.js"; +export type { ResolvedTelegramAccount } from "../../extensions/telegram/api.js"; +export type { TelegramProbe } from "../../extensions/telegram/runtime-api.js"; +export type { TelegramButtonStyle, TelegramInlineButtons } from "../../extensions/telegram/api.js"; +export type { StickerMetadata } from "../../extensions/telegram/api.js"; + +export { emptyPluginConfigSchema } from "../plugins/config-schema.js"; +export { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../routing/session-key.js"; +export { parseTelegramTopicConversation } from "../acp/conversation-id.js"; + export { - DEFAULT_ACCOUNT_ID, PAIRING_APPROVED_MESSAGE, applyAccountNameToChannelSection, buildChannelConfigSchema, deleteAccountFromConfigSection, - emptyPluginConfigSchema, formatPairingApproveHint, getChatChannelMeta, migrateBaseNameToDefaultAccount, - normalizeAccountId, setAccountEnabledInConfigSection, } from "./channel-plugin-common.js"; export { clearAccountEntryFields } from "../channels/plugins/config-helpers.js"; +export { resolveTelegramPollVisibility } from "../poll-params.js"; export { projectCredentialSnapshotFields, @@ -47,3 +61,56 @@ export { export { TelegramConfigSchema } from "../config/zod-schema.providers-core.js"; export { buildTokenChannelStatusSummary } from "./status-helpers.js"; + +export { + createTelegramActionGate, + listTelegramAccountIds, + resolveDefaultTelegramAccountId, + resolveTelegramPollActionGateState, +} from "../../extensions/telegram/api.js"; +export { inspectTelegramAccount } from "../../extensions/telegram/api.js"; +export { + looksLikeTelegramTargetId, + normalizeTelegramMessagingTarget, +} from "../../extensions/telegram/api.js"; +export { + parseTelegramReplyToMessageId, + parseTelegramThreadId, +} from "../../extensions/telegram/api.js"; +export { + isNumericTelegramUserId, + normalizeTelegramAllowFromEntry, +} from "../../extensions/telegram/api.js"; +export { fetchTelegramChatId } from "../../extensions/telegram/api.js"; +export { + resolveTelegramInlineButtonsScope, + resolveTelegramTargetChatType, +} from "../../extensions/telegram/api.js"; +export { resolveTelegramReactionLevel } from "../../extensions/telegram/api.js"; +export { + createForumTopicTelegram, + deleteMessageTelegram, + editForumTopicTelegram, + editMessageTelegram, + reactMessageTelegram, + sendMessageTelegram, + sendPollTelegram, + sendStickerTelegram, +} from "../../extensions/telegram/runtime-api.js"; +export { getCacheStats, searchStickers } from "../../extensions/telegram/api.js"; +export { resolveTelegramToken } from "../../extensions/telegram/runtime-api.js"; +export { telegramMessageActions } from "../../extensions/telegram/runtime-api.js"; +export { collectTelegramStatusIssues } from "../../extensions/telegram/api.js"; +export { sendTelegramPayloadMessages } from "../../extensions/telegram/api.js"; +export { + buildBrowseProvidersButton, + buildModelsKeyboard, + buildProviderKeyboard, + calculateTotalPages, + getModelsPageSize, + type ProviderInfo, +} from "../../extensions/telegram/api.js"; +export { + isTelegramExecApprovalApprover, + isTelegramExecApprovalClientEnabled, +} from "../../extensions/telegram/api.js"; diff --git a/src/plugin-sdk/test-utils.ts b/src/plugin-sdk/test-utils.ts index 78307f694a6..26cddc72854 100644 --- a/src/plugin-sdk/test-utils.ts +++ b/src/plugin-sdk/test-utils.ts @@ -1,8 +1,4 @@ -// Narrow plugin-sdk surface for the bundled test-utils plugin. -// Keep this list additive and scoped to symbols used under extensions/test-utils. +// Deprecated compatibility alias. +// Prefer openclaw/plugin-sdk/testing for public test helpers. -export { removeAckReactionAfterReply, shouldAckReaction } from "../channels/ack-reactions.js"; -export type { ChannelAccountSnapshot, ChannelGatewayContext } from "../channels/plugins/types.js"; -export type { OpenClawConfig } from "../config/config.js"; -export type { PluginRuntime } from "../plugins/runtime/types.js"; -export type { RuntimeEnv } from "../runtime.js"; +export * from "./testing.js"; diff --git a/src/plugin-sdk/testing.ts b/src/plugin-sdk/testing.ts new file mode 100644 index 00000000000..e8a7e89f646 --- /dev/null +++ b/src/plugin-sdk/testing.ts @@ -0,0 +1,9 @@ +// Narrow public testing surface for plugin authors. +// Keep this list additive and limited to helpers we are willing to support. + +export { removeAckReactionAfterReply, shouldAckReaction } from "../channels/ack-reactions.js"; +export type { ChannelAccountSnapshot, ChannelGatewayContext } from "../channels/plugins/types.js"; +export type { OpenClawConfig } from "../config/config.js"; +export type { PluginRuntime } from "../plugins/runtime/types.js"; +export type { RuntimeEnv } from "../runtime.js"; +export type { MockFn } from "../test-utils/vitest-mock-fn.js"; diff --git a/src/plugin-sdk/text-runtime.ts b/src/plugin-sdk/text-runtime.ts new file mode 100644 index 00000000000..bfdb2db690f --- /dev/null +++ b/src/plugin-sdk/text-runtime.ts @@ -0,0 +1,23 @@ +// Public shared text/formatting helpers for plugins that parse or rewrite message text. + +export * from "../logger.js"; +export * from "../logging/diagnostic.js"; +export * from "../logging/logger.js"; +export * from "../logging/redact.js"; +export * from "../logging/redact-identifier.js"; +export * from "../markdown/ir.js"; +export * from "../markdown/render.js"; +export * from "../markdown/tables.js"; +export * from "../markdown/whatsapp.js"; +export * from "../shared/global-singleton.js"; +export * from "../shared/string-normalization.js"; +export * from "../shared/string-sample.js"; +export * from "../shared/text/assistant-visible-text.js"; +export * from "../shared/text/code-regions.js"; +export * from "../shared/text/reasoning-tags.js"; +export * from "../terminal/safe-text.js"; +export * from "../utils.js"; +export * from "../utils/chunk-items.js"; +export * from "../utils/fetch-timeout.js"; +export * from "../utils/reaction-level.js"; +export * from "../utils/with-timeout.js"; diff --git a/src/plugin-sdk/thread-ownership.ts b/src/plugin-sdk/thread-ownership.ts index 48d72fa5d35..ea8ad079a8c 100644 --- a/src/plugin-sdk/thread-ownership.ts +++ b/src/plugin-sdk/thread-ownership.ts @@ -1,5 +1,6 @@ // Narrow plugin-sdk surface for the bundled thread-ownership plugin. // Keep this list additive and scoped to symbols used under extensions/thread-ownership. +export { definePluginEntry } from "./core.js"; export type { OpenClawConfig } from "../config/config.js"; export type { OpenClawPluginApi } from "../plugins/types.js"; diff --git a/src/plugin-sdk/tlon.ts b/src/plugin-sdk/tlon.ts index 291834b9648..246c4b7093e 100644 --- a/src/plugin-sdk/tlon.ts +++ b/src/plugin-sdk/tlon.ts @@ -27,5 +27,5 @@ export type { RuntimeEnv } from "../runtime.js"; export { formatDocsLink } from "../terminal/links.js"; export type { WizardPrompter } from "../wizard/prompts.js"; export { createLoggerBackedRuntime } from "./runtime.js"; -export { tlonSetupAdapter } from "../../extensions/tlon/src/setup-core.js"; -export { tlonSetupWizard } from "../../extensions/tlon/src/setup-surface.js"; +export { tlonSetupAdapter } from "../../extensions/tlon/api.js"; +export { tlonSetupWizard } from "../../extensions/tlon/api.js"; diff --git a/src/plugin-sdk/twitch.ts b/src/plugin-sdk/twitch.ts index 907cdd171fa..9b200cf03f7 100644 --- a/src/plugin-sdk/twitch.ts +++ b/src/plugin-sdk/twitch.ts @@ -33,7 +33,4 @@ export type { OpenClawPluginApi } from "../plugins/types.js"; export type { RuntimeEnv } from "../runtime.js"; export { formatDocsLink } from "../terminal/links.js"; export type { WizardPrompter } from "../wizard/prompts.js"; -export { - twitchSetupAdapter, - twitchSetupWizard, -} from "../../extensions/twitch/src/setup-surface.js"; +export { twitchSetupAdapter, twitchSetupWizard } from "../../extensions/twitch/api.js"; diff --git a/src/plugin-sdk/voice-call.ts b/src/plugin-sdk/voice-call.ts index c50b979a145..b3f1a889f78 100644 --- a/src/plugin-sdk/voice-call.ts +++ b/src/plugin-sdk/voice-call.ts @@ -1,6 +1,7 @@ // Narrow plugin-sdk surface for the bundled voice-call plugin. // Keep this list additive and scoped to symbols used under extensions/voice-call. +export { definePluginEntry } from "./core.js"; export { TtsAutoSchema, TtsConfigSchema, @@ -15,5 +16,6 @@ export { requestBodyErrorToText, } from "../infra/http-body.js"; export { fetchWithSsrFGuard } from "../infra/net/fetch-guard.js"; +export type { SessionEntry } from "../config/sessions/types.js"; export type { OpenClawPluginApi } from "../plugins/types.js"; export { sleep } from "../utils.js"; diff --git a/src/plugin-sdk/web-media.ts b/src/plugin-sdk/web-media.ts index 1c7432ad2b5..ce734a295bb 100644 --- a/src/plugin-sdk/web-media.ts +++ b/src/plugin-sdk/web-media.ts @@ -3,4 +3,4 @@ export { loadWebMedia, loadWebMediaRaw, type WebMediaResult, -} from "../../extensions/whatsapp/src/media.js"; +} from "../../extensions/whatsapp/runtime-api.js"; diff --git a/src/plugin-sdk/whatsapp-core.ts b/src/plugin-sdk/whatsapp-core.ts new file mode 100644 index 00000000000..036fda6a5a9 --- /dev/null +++ b/src/plugin-sdk/whatsapp-core.ts @@ -0,0 +1,18 @@ +export type { ChannelPlugin } from "./channel-plugin-common.js"; +export { + DEFAULT_ACCOUNT_ID, + buildChannelConfigSchema, + getChatChannelMeta, +} from "./channel-plugin-common.js"; +export { + formatWhatsAppConfigAllowFromEntries, + resolveWhatsAppConfigAllowFrom, + resolveWhatsAppConfigDefaultTo, +} from "./channel-config-helpers.js"; +export { + resolveWhatsAppGroupRequireMention, + resolveWhatsAppGroupToolPolicy, +} from "../channels/plugins/group-mentions.js"; +export { resolveWhatsAppGroupIntroHint } from "../channels/plugins/whatsapp-shared.js"; +export { WhatsAppConfigSchema } from "../config/zod-schema.providers-whatsapp.js"; +export { normalizeE164 } from "../utils.js"; diff --git a/src/plugin-sdk/whatsapp.ts b/src/plugin-sdk/whatsapp.ts index df814fa04eb..74ab27dac2f 100644 --- a/src/plugin-sdk/whatsapp.ts +++ b/src/plugin-sdk/whatsapp.ts @@ -1,6 +1,11 @@ export type { ChannelMessageActionName } from "../channels/plugins/types.js"; export type { OpenClawConfig } from "../config/config.js"; export type { DmPolicy, GroupPolicy, WhatsAppAccountConfig } from "../config/types.js"; +export type { WebChannelStatus, WebMonitorTuning } from "../../extensions/whatsapp/runtime-api.js"; +export type { + WebInboundMessage, + WebListenerCloseReason, +} from "../../extensions/whatsapp/runtime-api.js"; export type { ChannelMessageActionContext, ChannelPlugin, @@ -20,6 +25,8 @@ export { normalizeAccountId, setAccountEnabledInConfigSection, } from "./channel-plugin-common.js"; +export { formatCliCommand } from "../cli/command-format.js"; +export { formatDocsLink } from "../terminal/links.js"; export { formatWhatsAppConfigAllowFromEntries, resolveWhatsAppConfigAllowFrom, @@ -36,6 +43,7 @@ export { } from "../channels/plugins/group-policy-warnings.js"; export { buildAccountScopedDmSecurityPolicy } from "../channels/plugins/helpers.js"; export { resolveWhatsAppOutboundTarget } from "../whatsapp/resolve-outbound-target.js"; +export { isWhatsAppGroupJid, normalizeWhatsAppTarget } from "../whatsapp/normalize.js"; export { resolveAllowlistProviderRuntimeGroupPolicy, @@ -56,3 +64,48 @@ export { WhatsAppConfigSchema } from "../config/zod-schema.providers-whatsapp.js export { createActionGate, readStringParam } from "../agents/tools/common.js"; export { createPluginRuntimeStore } from "./runtime-store.js"; export { normalizeE164 } from "../utils.js"; + +export { + hasAnyWhatsAppAuth, + listEnabledWhatsAppAccounts, + resolveWhatsAppAccount, +} from "../../extensions/whatsapp/api.js"; +export { + WA_WEB_AUTH_DIR, + logWebSelfId, + logoutWeb, + pickWebChannel, + webAuthExists, +} from "../../extensions/whatsapp/runtime-api.js"; +export { + DEFAULT_WEB_MEDIA_BYTES, + HEARTBEAT_PROMPT, + HEARTBEAT_TOKEN, + monitorWebChannel, + resolveHeartbeatRecipients, + runWebHeartbeatOnce, +} from "../../extensions/whatsapp/runtime-api.js"; +export { + extractMediaPlaceholder, + extractText, + monitorWebInbox, +} from "../../extensions/whatsapp/runtime-api.js"; +export { loginWeb } from "../../extensions/whatsapp/runtime-api.js"; +export { + getDefaultLocalRoots, + loadWebMedia, + loadWebMediaRaw, + optimizeImageToJpeg, +} from "../../extensions/whatsapp/runtime-api.js"; +export { + sendMessageWhatsApp, + sendPollWhatsApp, + sendReactionWhatsApp, +} from "../../extensions/whatsapp/runtime-api.js"; +export { + createWaSocket, + formatError, + getStatusCode, + waitForWaConnection, +} from "../../extensions/whatsapp/runtime-api.js"; +export { createWhatsAppLoginTool } from "../../extensions/whatsapp/runtime-api.js"; diff --git a/src/plugin-sdk/zai.ts b/src/plugin-sdk/zai.ts new file mode 100644 index 00000000000..87a745ee7d0 --- /dev/null +++ b/src/plugin-sdk/zai.ts @@ -0,0 +1,7 @@ +// Public Z.ai helpers for provider plugins that need endpoint detection. + +export { + detectZaiEndpoint, + type ZaiDetectedEndpoint, + type ZaiEndpointId, +} from "../plugins/provider-zai-endpoint.js"; diff --git a/src/plugin-sdk/zalo.ts b/src/plugin-sdk/zalo.ts index 37e3b9fde26..2655e26e18f 100644 --- a/src/plugin-sdk/zalo.ts +++ b/src/plugin-sdk/zalo.ts @@ -62,8 +62,8 @@ export { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../routing/session-key.j export type { RuntimeEnv } from "../runtime.js"; export type { WizardPrompter } from "../wizard/prompts.js"; export { formatAllowFromLowercase, isNormalizedSenderAllowed } from "./allow-from.js"; -export { zaloSetupAdapter } from "../../extensions/zalo/src/setup-core.js"; -export { zaloSetupWizard } from "../../extensions/zalo/src/setup-surface.js"; +export { zaloSetupAdapter } from "../../extensions/zalo/api.js"; +export { zaloSetupWizard } from "../../extensions/zalo/api.js"; export { resolveDirectDmAuthorizationOutcome, resolveSenderCommandAuthorizationWithRuntime, diff --git a/src/plugin-sdk/zalouser.ts b/src/plugin-sdk/zalouser.ts index b7b95910132..ed66e31754e 100644 --- a/src/plugin-sdk/zalouser.ts +++ b/src/plugin-sdk/zalouser.ts @@ -53,8 +53,8 @@ export type { WizardPrompter } from "../wizard/prompts.js"; export { formatAllowFromLowercase } from "./allow-from.js"; export { resolveSenderCommandAuthorization } from "./command-auth.js"; export { resolveChannelAccountConfigBasePath } from "./config-paths.js"; -export { zalouserSetupAdapter } from "../../extensions/zalouser/src/setup-core.js"; -export { zalouserSetupWizard } from "../../extensions/zalouser/src/setup-surface.js"; +export { zalouserSetupAdapter } from "../../extensions/zalouser/api.js"; +export { zalouserSetupWizard } from "../../extensions/zalouser/api.js"; export { evaluateGroupRouteAccessForPolicy, resolveSenderScopedGroupPolicy, diff --git a/src/plugins/bundle-manifest.ts b/src/plugins/bundle-manifest.ts index 981eb9fd3a6..b5645035f5d 100644 --- a/src/plugins/bundle-manifest.ts +++ b/src/plugins/bundle-manifest.ts @@ -46,11 +46,11 @@ function normalizePathList(value: unknown): string[] { return value.map((entry) => (typeof entry === "string" ? entry.trim() : "")).filter(Boolean); } -function normalizeBundlePathList(value: unknown): string[] { +export function normalizeBundlePathList(value: unknown): string[] { return Array.from(new Set(normalizePathList(value))); } -function mergeBundlePathLists(...groups: string[][]): string[] { +export function mergeBundlePathLists(...groups: string[][]): string[] { const merged: string[] = []; const seen = new Set(); for (const group of groups) { diff --git a/src/plugins/bundle-mcp.test-support.ts b/src/plugins/bundle-mcp.test-support.ts new file mode 100644 index 00000000000..8b6723e7e13 --- /dev/null +++ b/src/plugins/bundle-mcp.test-support.ts @@ -0,0 +1,54 @@ +import fs from "node:fs/promises"; +import os from "node:os"; +import path from "node:path"; +import { clearPluginManifestRegistryCache } from "./manifest-registry.js"; + +export function createBundleMcpTempHarness() { + const tempDirs: string[] = []; + + return { + async createTempDir(prefix: string): Promise { + const dir = await fs.mkdtemp(path.join(os.tmpdir(), prefix)); + tempDirs.push(dir); + return dir; + }, + async cleanup() { + clearPluginManifestRegistryCache(); + await Promise.all( + tempDirs + .splice(0, tempDirs.length) + .map((dir) => fs.rm(dir, { recursive: true, force: true })), + ); + }, + }; +} + +export async function createBundleProbePlugin(homeDir: string) { + const pluginRoot = path.join(homeDir, ".openclaw", "extensions", "bundle-probe"); + const serverPath = path.join(pluginRoot, "servers", "probe.mjs"); + await fs.mkdir(path.join(pluginRoot, ".claude-plugin"), { recursive: true }); + await fs.mkdir(path.dirname(serverPath), { recursive: true }); + await fs.writeFile(serverPath, "export {};\n", "utf-8"); + await fs.writeFile( + path.join(pluginRoot, ".claude-plugin", "plugin.json"), + `${JSON.stringify({ name: "bundle-probe" }, null, 2)}\n`, + "utf-8", + ); + await fs.writeFile( + path.join(pluginRoot, ".mcp.json"), + `${JSON.stringify( + { + mcpServers: { + bundleProbe: { + command: "node", + args: ["./servers/probe.mjs"], + }, + }, + }, + null, + 2, + )}\n`, + "utf-8", + ); + return { pluginRoot, serverPath }; +} diff --git a/src/plugins/bundle-mcp.test.ts b/src/plugins/bundle-mcp.test.ts index ef109f4abfb..b9d5ca18cf3 100644 --- a/src/plugins/bundle-mcp.test.ts +++ b/src/plugins/bundle-mcp.test.ts @@ -1,64 +1,34 @@ import fs from "node:fs/promises"; -import os from "node:os"; import path from "node:path"; import { afterEach, describe, expect, it } from "vitest"; import type { OpenClawConfig } from "../config/config.js"; import { captureEnv } from "../test-utils/env.js"; +import { isRecord } from "../utils.js"; import { loadEnabledBundleMcpConfig } from "./bundle-mcp.js"; -import { clearPluginManifestRegistryCache } from "./manifest-registry.js"; +import { createBundleMcpTempHarness, createBundleProbePlugin } from "./bundle-mcp.test-support.js"; -const tempDirs: string[] = []; - -async function createTempDir(prefix: string): Promise { - const dir = await fs.mkdtemp(path.join(os.tmpdir(), prefix)); - tempDirs.push(dir); - return dir; +function getServerArgs(value: unknown): unknown[] | undefined { + return isRecord(value) && Array.isArray(value.args) ? value.args : undefined; } +const tempHarness = createBundleMcpTempHarness(); + afterEach(async () => { - clearPluginManifestRegistryCache(); - await Promise.all( - tempDirs.splice(0, tempDirs.length).map((dir) => fs.rm(dir, { recursive: true, force: true })), - ); + await tempHarness.cleanup(); }); describe("loadEnabledBundleMcpConfig", () => { it("loads enabled Claude bundle MCP config and absolutizes relative args", async () => { const env = captureEnv(["HOME", "USERPROFILE", "OPENCLAW_HOME", "OPENCLAW_STATE_DIR"]); try { - const homeDir = await createTempDir("openclaw-bundle-mcp-home-"); - const workspaceDir = await createTempDir("openclaw-bundle-mcp-workspace-"); + const homeDir = await tempHarness.createTempDir("openclaw-bundle-mcp-home-"); + const workspaceDir = await tempHarness.createTempDir("openclaw-bundle-mcp-workspace-"); process.env.HOME = homeDir; process.env.USERPROFILE = homeDir; delete process.env.OPENCLAW_HOME; delete process.env.OPENCLAW_STATE_DIR; - const pluginRoot = path.join(homeDir, ".openclaw", "extensions", "bundle-probe"); - const serverPath = path.join(pluginRoot, "servers", "probe.mjs"); - await fs.mkdir(path.join(pluginRoot, ".claude-plugin"), { recursive: true }); - await fs.mkdir(path.dirname(serverPath), { recursive: true }); - await fs.writeFile(serverPath, "export {};\n", "utf-8"); - await fs.writeFile( - path.join(pluginRoot, ".claude-plugin", "plugin.json"), - `${JSON.stringify({ name: "bundle-probe" }, null, 2)}\n`, - "utf-8", - ); - await fs.writeFile( - path.join(pluginRoot, ".mcp.json"), - `${JSON.stringify( - { - mcpServers: { - bundleProbe: { - command: "node", - args: ["./servers/probe.mjs"], - }, - }, - }, - null, - 2, - )}\n`, - "utf-8", - ); + const { pluginRoot, serverPath } = await createBundleProbePlugin(homeDir); const config: OpenClawConfig = { plugins: { @@ -73,10 +43,20 @@ describe("loadEnabledBundleMcpConfig", () => { cfg: config, }); const resolvedServerPath = await fs.realpath(serverPath); + const loadedServer = loaded.config.mcpServers.bundleProbe; + const loadedArgs = getServerArgs(loadedServer); + const loadedServerPath = typeof loadedArgs?.[0] === "string" ? loadedArgs[0] : undefined; + const resolvedPluginRoot = await fs.realpath(pluginRoot); expect(loaded.diagnostics).toEqual([]); - expect(loaded.config.mcpServers.bundleProbe?.command).toBe("node"); - expect(loaded.config.mcpServers.bundleProbe?.args).toEqual([resolvedServerPath]); + expect(isRecord(loadedServer) ? loadedServer.command : undefined).toBe("node"); + expect(loadedArgs).toHaveLength(1); + expect(loadedServerPath).toBeDefined(); + if (!loadedServerPath) { + throw new Error("expected bundled MCP args to include the server path"); + } + expect(await fs.realpath(loadedServerPath)).toBe(resolvedServerPath); + expect(loadedServer.cwd).toBe(resolvedPluginRoot); } finally { env.restore(); } @@ -85,8 +65,8 @@ describe("loadEnabledBundleMcpConfig", () => { it("merges inline bundle MCP servers and skips disabled bundles", async () => { const env = captureEnv(["HOME", "USERPROFILE", "OPENCLAW_HOME", "OPENCLAW_STATE_DIR"]); try { - const homeDir = await createTempDir("openclaw-bundle-inline-home-"); - const workspaceDir = await createTempDir("openclaw-bundle-inline-workspace-"); + const homeDir = await tempHarness.createTempDir("openclaw-bundle-inline-home-"); + const workspaceDir = await tempHarness.createTempDir("openclaw-bundle-inline-workspace-"); process.env.HOME = homeDir; process.env.USERPROFILE = homeDir; delete process.env.OPENCLAW_HOME; @@ -151,4 +131,69 @@ describe("loadEnabledBundleMcpConfig", () => { env.restore(); } }); + + it("resolves inline Claude MCP paths from the plugin root and expands CLAUDE_PLUGIN_ROOT", async () => { + const env = captureEnv(["HOME", "USERPROFILE", "OPENCLAW_HOME", "OPENCLAW_STATE_DIR"]); + try { + const homeDir = await tempHarness.createTempDir("openclaw-bundle-inline-placeholder-home-"); + const workspaceDir = await tempHarness.createTempDir( + "openclaw-bundle-inline-placeholder-workspace-", + ); + process.env.HOME = homeDir; + process.env.USERPROFILE = homeDir; + delete process.env.OPENCLAW_HOME; + delete process.env.OPENCLAW_STATE_DIR; + + const pluginRoot = path.join(homeDir, ".openclaw", "extensions", "inline-claude"); + await fs.mkdir(path.join(pluginRoot, ".claude-plugin"), { recursive: true }); + await fs.writeFile( + path.join(pluginRoot, ".claude-plugin", "plugin.json"), + `${JSON.stringify( + { + name: "inline-claude", + mcpServers: { + inlineProbe: { + command: "${CLAUDE_PLUGIN_ROOT}/bin/server.sh", + args: ["${CLAUDE_PLUGIN_ROOT}/servers/probe.mjs", "./local-probe.mjs"], + cwd: "${CLAUDE_PLUGIN_ROOT}", + env: { + PLUGIN_ROOT: "${CLAUDE_PLUGIN_ROOT}", + }, + }, + }, + }, + null, + 2, + )}\n`, + "utf-8", + ); + + const loaded = loadEnabledBundleMcpConfig({ + workspaceDir, + cfg: { + plugins: { + entries: { + "inline-claude": { enabled: true }, + }, + }, + }, + }); + const resolvedPluginRoot = await fs.realpath(pluginRoot); + + expect(loaded.diagnostics).toEqual([]); + expect(loaded.config.mcpServers.inlineProbe).toEqual({ + command: path.join(resolvedPluginRoot, "bin", "server.sh"), + args: [ + path.join(resolvedPluginRoot, "servers", "probe.mjs"), + path.join(resolvedPluginRoot, "local-probe.mjs"), + ], + cwd: resolvedPluginRoot, + env: { + PLUGIN_ROOT: resolvedPluginRoot, + }, + }); + } finally { + env.restore(); + } + }); }); diff --git a/src/plugins/bundle-mcp.ts b/src/plugins/bundle-mcp.ts index 6ce186384c7..fbd733d9695 100644 --- a/src/plugins/bundle-mcp.ts +++ b/src/plugins/bundle-mcp.ts @@ -8,6 +8,8 @@ import { CLAUDE_BUNDLE_MANIFEST_RELATIVE_PATH, CODEX_BUNDLE_MANIFEST_RELATIVE_PATH, CURSOR_BUNDLE_MANIFEST_RELATIVE_PATH, + mergeBundlePathLists, + normalizeBundlePathList, } from "./bundle-manifest.js"; import { normalizePluginsConfig, resolveEffectiveEnableState } from "./config-state.js"; import { loadPluginManifestRegistry } from "./manifest-registry.js"; @@ -28,38 +30,18 @@ export type EnabledBundleMcpConfigResult = { config: BundleMcpConfig; diagnostics: BundleMcpDiagnostic[]; }; +export type BundleMcpRuntimeSupport = { + hasSupportedStdioServer: boolean; + unsupportedServerNames: string[]; + diagnostics: string[]; +}; const MANIFEST_PATH_BY_FORMAT: Record = { claude: CLAUDE_BUNDLE_MANIFEST_RELATIVE_PATH, codex: CODEX_BUNDLE_MANIFEST_RELATIVE_PATH, cursor: CURSOR_BUNDLE_MANIFEST_RELATIVE_PATH, }; - -function normalizePathList(value: unknown): string[] { - if (typeof value === "string") { - const trimmed = value.trim(); - return trimmed ? [trimmed] : []; - } - if (!Array.isArray(value)) { - return []; - } - return value.map((entry) => (typeof entry === "string" ? entry.trim() : "")).filter(Boolean); -} - -function mergeUniquePathLists(...groups: string[][]): string[] { - const merged: string[] = []; - const seen = new Set(); - for (const group of groups) { - for (const entry of group) { - if (seen.has(entry)) { - continue; - } - seen.add(entry); - merged.push(entry); - } - } - return merged; -} +const CLAUDE_PLUGIN_ROOT_PLACEHOLDER = "${CLAUDE_PLUGIN_ROOT}"; function readPluginJsonObject(params: { rootDir: string; @@ -97,15 +79,15 @@ function resolveBundleMcpConfigPaths(params: { rootDir: string; bundleFormat: PluginBundleFormat; }): string[] { - const declared = normalizePathList(params.raw.mcpServers); + const declared = normalizeBundlePathList(params.raw.mcpServers); const defaults = fs.existsSync(path.join(params.rootDir, ".mcp.json")) ? [".mcp.json"] : []; if (params.bundleFormat === "claude") { - return mergeUniquePathLists(defaults, declared); + return mergeBundlePathLists(defaults, declared); } - return mergeUniquePathLists(defaults, declared); + return mergeBundlePathLists(defaults, declared); } -function extractMcpServerMap(raw: unknown): Record { +export function extractMcpServerMap(raw: unknown): Record { if (!isRecord(raw)) { return {}; } @@ -131,36 +113,68 @@ function isExplicitRelativePath(value: string): boolean { return value === "." || value === ".." || value.startsWith("./") || value.startsWith("../"); } +function expandBundleRootPlaceholders(value: string, rootDir: string): string { + if (!value.includes(CLAUDE_PLUGIN_ROOT_PLACEHOLDER)) { + return value; + } + return value.split(CLAUDE_PLUGIN_ROOT_PLACEHOLDER).join(rootDir); +} + function absolutizeBundleMcpServer(params: { + rootDir: string; baseDir: string; server: BundleMcpServerConfig; }): BundleMcpServerConfig { const next: BundleMcpServerConfig = { ...params.server }; + if (typeof next.cwd !== "string" && typeof next.workingDirectory !== "string") { + next.cwd = params.baseDir; + } + const command = next.command; - if (typeof command === "string" && isExplicitRelativePath(command)) { - next.command = path.resolve(params.baseDir, command); + if (typeof command === "string") { + const expanded = expandBundleRootPlaceholders(command, params.rootDir); + next.command = isExplicitRelativePath(expanded) + ? path.resolve(params.baseDir, expanded) + : expanded; } const cwd = next.cwd; - if (typeof cwd === "string" && !path.isAbsolute(cwd)) { - next.cwd = path.resolve(params.baseDir, cwd); + if (typeof cwd === "string") { + const expanded = expandBundleRootPlaceholders(cwd, params.rootDir); + next.cwd = path.isAbsolute(expanded) ? expanded : path.resolve(params.baseDir, expanded); } const workingDirectory = next.workingDirectory; - if (typeof workingDirectory === "string" && !path.isAbsolute(workingDirectory)) { - next.workingDirectory = path.resolve(params.baseDir, workingDirectory); + if (typeof workingDirectory === "string") { + const expanded = expandBundleRootPlaceholders(workingDirectory, params.rootDir); + next.workingDirectory = path.isAbsolute(expanded) + ? expanded + : path.resolve(params.baseDir, expanded); } if (Array.isArray(next.args)) { next.args = next.args.map((entry) => { - if (typeof entry !== "string" || !isExplicitRelativePath(entry)) { + if (typeof entry !== "string") { return entry; } - return path.resolve(params.baseDir, entry); + const expanded = expandBundleRootPlaceholders(entry, params.rootDir); + if (!isExplicitRelativePath(expanded)) { + return expanded; + } + return path.resolve(params.baseDir, expanded); }); } + if (isRecord(next.env)) { + next.env = Object.fromEntries( + Object.entries(next.env).map(([key, value]) => [ + key, + typeof value === "string" ? expandBundleRootPlaceholders(value, params.rootDir) : value, + ]), + ); + } + return next; } @@ -190,7 +204,7 @@ function loadBundleFileBackedMcpConfig(params: { mcpServers: Object.fromEntries( Object.entries(servers).map(([serverName, server]) => [ serverName, - absolutizeBundleMcpServer({ baseDir, server }), + absolutizeBundleMcpServer({ rootDir: params.rootDir, baseDir, server }), ]), ), }; @@ -211,7 +225,7 @@ function loadBundleInlineMcpConfig(params: { mcpServers: Object.fromEntries( Object.entries(servers).map(([serverName, server]) => [ serverName, - absolutizeBundleMcpServer({ baseDir: params.baseDir, server }), + absolutizeBundleMcpServer({ rootDir: params.baseDir, baseDir: params.baseDir, server }), ]), ), }; @@ -252,13 +266,35 @@ function loadBundleMcpConfig(params: { merged, loadBundleInlineMcpConfig({ raw: manifestLoaded.raw, - baseDir: path.dirname(path.join(params.rootDir, manifestRelativePath)), + baseDir: params.rootDir, }), ) as BundleMcpConfig; return { config: merged, diagnostics: [] }; } +export function inspectBundleMcpRuntimeSupport(params: { + pluginId: string; + rootDir: string; + bundleFormat: PluginBundleFormat; +}): BundleMcpRuntimeSupport { + const loaded = loadBundleMcpConfig(params); + const unsupportedServerNames: string[] = []; + let hasSupportedStdioServer = false; + for (const [serverName, server] of Object.entries(loaded.config.mcpServers)) { + if (typeof server.command === "string" && server.command.trim().length > 0) { + hasSupportedStdioServer = true; + continue; + } + unsupportedServerNames.push(serverName); + } + return { + hasSupportedStdioServer, + unsupportedServerNames, + diagnostics: loaded.diagnostics, + }; +} + export function loadEnabledBundleMcpConfig(params: { workspaceDir: string; cfg?: OpenClawConfig; diff --git a/src/plugins/bundled-dir.ts b/src/plugins/bundled-dir.ts index b69da702a7e..8b5ffdd5c4d 100644 --- a/src/plugins/bundled-dir.ts +++ b/src/plugins/bundled-dir.ts @@ -19,9 +19,11 @@ export function resolveBundledPluginsDir(env: NodeJS.ProcessEnv = process.env): ); for (const packageRoot of packageRoots) { // Local source checkouts stage a runtime-complete bundled plugin tree under - // dist-runtime/. Prefer that over release-shaped dist/extensions. + // dist-runtime/. Prefer that over source extensions only when the paired + // dist/ tree exists; otherwise wrappers can drift ahead of the last build. const runtimeExtensionsDir = path.join(packageRoot, "dist-runtime", "extensions"); - if (fs.existsSync(runtimeExtensionsDir)) { + const builtExtensionsDir = path.join(packageRoot, "dist", "extensions"); + if (fs.existsSync(runtimeExtensionsDir) && fs.existsSync(builtExtensionsDir)) { return runtimeExtensionsDir; } } diff --git a/src/plugins/captured-registration.ts b/src/plugins/captured-registration.ts new file mode 100644 index 00000000000..fd2c359b463 --- /dev/null +++ b/src/plugins/captured-registration.ts @@ -0,0 +1,65 @@ +import type { + AnyAgentTool, + ImageGenerationProviderPlugin, + MediaUnderstandingProviderPlugin, + OpenClawPluginApi, + ProviderPlugin, + SpeechProviderPlugin, + WebSearchProviderPlugin, +} from "./types.js"; + +export type CapturedPluginRegistration = { + api: OpenClawPluginApi; + providers: ProviderPlugin[]; + speechProviders: SpeechProviderPlugin[]; + mediaUnderstandingProviders: MediaUnderstandingProviderPlugin[]; + imageGenerationProviders: ImageGenerationProviderPlugin[]; + webSearchProviders: WebSearchProviderPlugin[]; + tools: AnyAgentTool[]; +}; + +export function createCapturedPluginRegistration(): CapturedPluginRegistration { + const providers: ProviderPlugin[] = []; + const speechProviders: SpeechProviderPlugin[] = []; + const mediaUnderstandingProviders: MediaUnderstandingProviderPlugin[] = []; + const imageGenerationProviders: ImageGenerationProviderPlugin[] = []; + const webSearchProviders: WebSearchProviderPlugin[] = []; + const tools: AnyAgentTool[] = []; + + return { + providers, + speechProviders, + mediaUnderstandingProviders, + imageGenerationProviders, + webSearchProviders, + tools, + api: { + registerProvider(provider: ProviderPlugin) { + providers.push(provider); + }, + registerSpeechProvider(provider: SpeechProviderPlugin) { + speechProviders.push(provider); + }, + registerMediaUnderstandingProvider(provider: MediaUnderstandingProviderPlugin) { + mediaUnderstandingProviders.push(provider); + }, + registerImageGenerationProvider(provider: ImageGenerationProviderPlugin) { + imageGenerationProviders.push(provider); + }, + registerWebSearchProvider(provider: WebSearchProviderPlugin) { + webSearchProviders.push(provider); + }, + registerTool(tool: AnyAgentTool) { + tools.push(tool); + }, + } as OpenClawPluginApi, + }; +} + +export function capturePluginRegistration(params: { + register(api: OpenClawPluginApi): void; +}): CapturedPluginRegistration { + const captured = createCapturedPluginRegistration(); + params.register(captured.api); + return captured; +} diff --git a/src/plugins/commands.test.ts b/src/plugins/commands.test.ts index d95a98b18d9..c1c482e2bd2 100644 --- a/src/plugins/commands.test.ts +++ b/src/plugins/commands.test.ts @@ -7,6 +7,7 @@ import { executePluginCommand, getPluginCommandSpecs, listPluginCommands, + matchPluginCommand, registerPluginCommand, } from "./commands.js"; import { setActivePluginRegistry } from "./runtime.js"; @@ -107,6 +108,73 @@ describe("registerPluginCommand", () => { expect(getPluginCommandSpecs("slack")).toEqual([]); }); + it("matches provider-specific native aliases back to the canonical command", () => { + const result = registerPluginCommand("demo-plugin", { + name: "voice", + nativeNames: { + default: "talkvoice", + discord: "discordvoice", + }, + description: "Demo command", + acceptsArgs: true, + handler: async () => ({ text: "ok" }), + }); + + expect(result).toEqual({ ok: true }); + expect(matchPluginCommand("/talkvoice now")).toMatchObject({ + command: expect.objectContaining({ name: "voice", pluginId: "demo-plugin" }), + args: "now", + }); + expect(matchPluginCommand("/discordvoice now")).toMatchObject({ + command: expect.objectContaining({ name: "voice", pluginId: "demo-plugin" }), + args: "now", + }); + }); + + it("rejects provider aliases that collide with another registered command", () => { + expect( + registerPluginCommand("demo-plugin", { + name: "voice", + nativeNames: { + telegram: "pair_device", + }, + description: "Voice command", + handler: async () => ({ text: "ok" }), + }), + ).toEqual({ ok: true }); + + expect( + registerPluginCommand("other-plugin", { + name: "pair", + nativeNames: { + telegram: "pair_device", + }, + description: "Pair command", + handler: async () => ({ text: "ok" }), + }), + ).toEqual({ + ok: false, + error: 'Command "pair_device" already registered by plugin "demo-plugin"', + }); + }); + + it("rejects reserved provider aliases", () => { + expect( + registerPluginCommand("demo-plugin", { + name: "voice", + nativeNames: { + telegram: "help", + }, + description: "Voice command", + handler: async () => ({ text: "ok" }), + }), + ).toEqual({ + ok: false, + error: + 'Native command alias "telegram" invalid: Command name "help" is reserved by a built-in command', + }); + }); + it("resolves Discord DM command bindings with the user target prefix intact", () => { expect( __testing.resolveBindingConversationFromCommand({ diff --git a/src/plugins/commands.ts b/src/plugins/commands.ts index fdd71d4f31c..b16b3aef4ed 100644 --- a/src/plugins/commands.ts +++ b/src/plugins/commands.ts @@ -130,7 +130,38 @@ export function validatePluginCommandDefinition( if (!command.description.trim()) { return "Command description cannot be empty"; } - return validateCommandName(command.name.trim()); + const nameError = validateCommandName(command.name.trim()); + if (nameError) { + return nameError; + } + for (const [label, alias] of Object.entries(command.nativeNames ?? {})) { + if (typeof alias !== "string") { + continue; + } + const aliasError = validateCommandName(alias.trim()); + if (aliasError) { + return `Native command alias "${label}" invalid: ${aliasError}`; + } + } + return null; +} + +function listPluginInvocationKeys(command: OpenClawPluginCommandDefinition): string[] { + const keys = new Set(); + const push = (value: string | undefined) => { + const normalized = value?.trim().toLowerCase(); + if (!normalized) { + return; + } + keys.add(`/${normalized}`); + }; + + push(command.name); + push(command.nativeNames?.default); + push(command.nativeNames?.telegram); + push(command.nativeNames?.discord); + + return [...keys]; } /** @@ -154,22 +185,31 @@ export function registerPluginCommand( const name = command.name.trim(); const description = command.description.trim(); - - const key = `/${name.toLowerCase()}`; - - // Check for duplicate registration - if (pluginCommands.has(key)) { - const existing = pluginCommands.get(key)!; - return { - ok: false, - error: `Command "${name}" already registered by plugin "${existing.pluginId}"`, - }; - } - - pluginCommands.set(key, { + const normalizedCommand = { ...command, name, description, + }; + const invocationKeys = listPluginInvocationKeys(normalizedCommand); + const key = `/${name.toLowerCase()}`; + + // Check for duplicate registration + for (const invocationKey of invocationKeys) { + const existing = + pluginCommands.get(invocationKey) ?? + Array.from(pluginCommands.values()).find((candidate) => + listPluginInvocationKeys(candidate).includes(invocationKey), + ); + if (existing) { + return { + ok: false, + error: `Command "${invocationKey.slice(1)}" already registered by plugin "${existing.pluginId}"`, + }; + } + } + + pluginCommands.set(key, { + ...normalizedCommand, pluginId, pluginName: opts?.pluginName, pluginRoot: opts?.pluginRoot, @@ -219,7 +259,11 @@ export function matchPluginCommand( const args = spaceIndex === -1 ? undefined : trimmed.slice(spaceIndex + 1).trim(); const key = commandName.toLowerCase(); - const command = pluginCommands.get(key); + const command = + pluginCommands.get(key) ?? + Array.from(pluginCommands.values()).find((candidate) => + listPluginInvocationNames(candidate).includes(key), + ); if (!command) { return null; @@ -458,6 +502,10 @@ function resolvePluginNativeName( return command.name; } +function listPluginInvocationNames(command: OpenClawPluginCommandDefinition): string[] { + return listPluginInvocationKeys(command); +} + /** * Get plugin command specs for native command registration (e.g., Telegram). */ diff --git a/src/plugins/config-state.test.ts b/src/plugins/config-state.test.ts index 8becf375f96..01f2b14cfd7 100644 --- a/src/plugins/config-state.test.ts +++ b/src/plugins/config-state.test.ts @@ -78,6 +78,58 @@ describe("normalizePluginsConfig", () => { expect(result.entries["voice-call"]?.hooks).toBeUndefined(); }); + it("normalizes plugin subagent override policy settings", () => { + const result = normalizePluginsConfig({ + entries: { + "voice-call": { + subagent: { + allowModelOverride: true, + allowedModels: [" anthropic/claude-haiku-4-5 ", "", "openai/gpt-4.1-mini"], + }, + }, + }, + }); + expect(result.entries["voice-call"]?.subagent).toEqual({ + allowModelOverride: true, + hasAllowedModelsConfig: true, + allowedModels: ["anthropic/claude-haiku-4-5", "openai/gpt-4.1-mini"], + }); + }); + + it("preserves explicit subagent allowlist intent even when all entries are invalid", () => { + const result = normalizePluginsConfig({ + entries: { + "voice-call": { + subagent: { + allowModelOverride: true, + allowedModels: [42, null, "anthropic"], + } as unknown as { allowModelOverride: boolean; allowedModels: string[] }, + }, + }, + }); + expect(result.entries["voice-call"]?.subagent).toEqual({ + allowModelOverride: true, + hasAllowedModelsConfig: true, + allowedModels: ["anthropic"], + }); + }); + + it("keeps explicit invalid subagent allowlist config visible to callers", () => { + const result = normalizePluginsConfig({ + entries: { + "voice-call": { + subagent: { + allowModelOverride: "nope", + allowedModels: [42, null], + } as unknown as { allowModelOverride: boolean; allowedModels: string[] }, + }, + }, + }); + expect(result.entries["voice-call"]?.subagent).toEqual({ + hasAllowedModelsConfig: true, + }); + }); + it("normalizes legacy plugin ids to their merged bundled plugin id", () => { const result = normalizePluginsConfig({ allow: ["openai-codex", "minimax-portal-auth"], @@ -218,4 +270,9 @@ describe("resolveEnableState", () => { const state = resolveEnableState("google", "bundled", normalizePluginsConfig({})); expect(state).toEqual({ enabled: true }); }); + + it("allows bundled plugins to opt into default enablement from manifest metadata", () => { + const state = resolveEnableState("profile-aware", "bundled", normalizePluginsConfig({}), true); + expect(state).toEqual({ enabled: true }); + }); }); diff --git a/src/plugins/config-state.ts b/src/plugins/config-state.ts index 46070deab34..26827e50aa3 100644 --- a/src/plugins/config-state.ts +++ b/src/plugins/config-state.ts @@ -18,6 +18,11 @@ export type NormalizedPluginsConfig = { hooks?: { allowPromptInjection?: boolean; }; + subagent?: { + allowModelOverride?: boolean; + allowedModels?: string[]; + hasAllowedModelsConfig?: boolean; + }; config?: unknown; } >; @@ -33,7 +38,7 @@ export const BUNDLED_ENABLED_BY_DEFAULT = new Set([ "google", "huggingface", "kilocode", - "kimi-coding", + "kimi", "minimax", "mistral", "modelstudio", @@ -62,6 +67,7 @@ export const BUNDLED_ENABLED_BY_DEFAULT = new Set([ const PLUGIN_ID_ALIASES: Readonly> = { "openai-codex": "openai", + "kimi-coding": "kimi", "minimax-portal-auth": "minimax", }; @@ -122,11 +128,43 @@ const normalizePluginEntries = (entries: unknown): NormalizedPluginsConfig["entr allowPromptInjection: hooks.allowPromptInjection, } : undefined; + const subagentRaw = entry.subagent; + const subagent = + subagentRaw && typeof subagentRaw === "object" && !Array.isArray(subagentRaw) + ? { + allowModelOverride: (subagentRaw as { allowModelOverride?: unknown }) + .allowModelOverride, + hasAllowedModelsConfig: Array.isArray( + (subagentRaw as { allowedModels?: unknown }).allowedModels, + ), + allowedModels: Array.isArray((subagentRaw as { allowedModels?: unknown }).allowedModels) + ? ((subagentRaw as { allowedModels?: unknown }).allowedModels as unknown[]) + .map((model) => (typeof model === "string" ? model.trim() : "")) + .filter(Boolean) + : undefined, + } + : undefined; + const normalizedSubagent = + subagent && + (typeof subagent.allowModelOverride === "boolean" || + subagent.hasAllowedModelsConfig || + (Array.isArray(subagent.allowedModels) && subagent.allowedModels.length > 0)) + ? { + ...(typeof subagent.allowModelOverride === "boolean" + ? { allowModelOverride: subagent.allowModelOverride } + : {}), + ...(subagent.hasAllowedModelsConfig ? { hasAllowedModelsConfig: true } : {}), + ...(Array.isArray(subagent.allowedModels) && subagent.allowedModels.length > 0 + ? { allowedModels: subagent.allowedModels } + : {}), + } + : undefined; normalized[normalizedKey] = { ...normalized[normalizedKey], enabled: typeof entry.enabled === "boolean" ? entry.enabled : normalized[normalizedKey]?.enabled, hooks: normalizedHooks ?? normalized[normalizedKey]?.hooks, + subagent: normalizedSubagent ?? normalized[normalizedKey]?.subagent, config: "config" in entry ? entry.config : normalized[normalizedKey]?.config, }; } @@ -236,6 +274,7 @@ export function resolveEnableState( id: string, origin: PluginRecord["origin"], config: NormalizedPluginsConfig, + enabledByDefault?: boolean, ): { enabled: boolean; reason?: string } { if (!config.enabled) { return { enabled: false, reason: "plugins disabled" }; @@ -260,7 +299,7 @@ export function resolveEnableState( if (entry?.enabled === true) { return { enabled: true }; } - if (origin === "bundled" && BUNDLED_ENABLED_BY_DEFAULT.has(id)) { + if (origin === "bundled" && (enabledByDefault ?? BUNDLED_ENABLED_BY_DEFAULT.has(id))) { return { enabled: true }; } if (origin === "bundled") { @@ -293,8 +332,9 @@ export function resolveEffectiveEnableState(params: { origin: PluginRecord["origin"]; config: NormalizedPluginsConfig; rootConfig?: OpenClawConfig; + enabledByDefault?: boolean; }): { enabled: boolean; reason?: string } { - const base = resolveEnableState(params.id, params.origin, params.config); + const base = resolveEnableState(params.id, params.origin, params.config, params.enabledByDefault); if ( !base.enabled && base.reason === "bundled (disabled by default)" && diff --git a/src/plugins/contracts/auth-choice.contract.test.ts b/src/plugins/contracts/auth-choice.contract.test.ts index fa4f4daa0ad..ac2069b0d75 100644 --- a/src/plugins/contracts/auth-choice.contract.test.ts +++ b/src/plugins/contracts/auth-choice.contract.test.ts @@ -1,8 +1,4 @@ -import { afterEach, describe, expect, it, vi } from "vitest"; -import { clearRuntimeAuthProfileStoreSnapshots } from "../../agents/auth-profiles/store.js"; -import { applyAuthChoiceLoadedPluginProvider } from "../../commands/auth-choice.apply.plugin-provider.js"; -import { resolvePreferredProviderForAuthChoice } from "../../commands/auth-choice.preferred-provider.js"; -import type { AuthChoice } from "../../commands/onboard-types.js"; +import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; import { createAuthTestLifecycle, createExitThrowingRuntime, @@ -10,16 +6,19 @@ import { readAuthProfilesForAgent, requireOpenClawAgentDir, setupAuthTestEnv, -} from "../../commands/test-wizard-helpers.js"; -import { createCapturedPluginRegistration } from "../../test-utils/plugin-registration.js"; -import type { OpenClawPluginApi, ProviderPlugin } from "../types.js"; +} from "../../../test/helpers/auth-wizard.js"; +import { clearRuntimeAuthProfileStoreSnapshots } from "../../agents/auth-profiles/store.js"; +import { applyAuthChoiceLoadedPluginProvider } from "../../plugins/provider-auth-choice.js"; +import { buildProviderPluginMethodChoice } from "../provider-wizard.js"; +import { requireProviderContractProvider, uniqueProviderContractProviders } from "./registry.js"; +import { registerProviders, requireProvider } from "./testkit.js"; type ResolvePluginProviders = - typeof import("../../commands/auth-choice.apply.plugin-provider.runtime.js").resolvePluginProviders; + typeof import("../../plugins/provider-auth-choice.runtime.js").resolvePluginProviders; type ResolveProviderPluginChoice = - typeof import("../../commands/auth-choice.apply.plugin-provider.runtime.js").resolveProviderPluginChoice; + typeof import("../../plugins/provider-auth-choice.runtime.js").resolveProviderPluginChoice; type RunProviderModelSelectedHook = - typeof import("../../commands/auth-choice.apply.plugin-provider.runtime.js").runProviderModelSelectedHook; + typeof import("../../plugins/provider-auth-choice.runtime.js").runProviderModelSelectedHook; const loginQwenPortalOAuthMock = vi.hoisted(() => vi.fn()); const githubCopilotLoginCommandMock = vi.hoisted(() => vi.fn()); @@ -37,12 +36,15 @@ vi.mock("../../providers/github-copilot-auth.js", () => ({ githubCopilotLoginCommand: githubCopilotLoginCommandMock, })); -vi.mock("../../commands/auth-choice.apply.plugin-provider.runtime.js", () => ({ +vi.mock("../../plugins/provider-auth-choice.runtime.js", () => ({ resolvePluginProviders: resolvePluginProvidersMock, resolveProviderPluginChoice: resolveProviderPluginChoiceMock, runProviderModelSelectedHook: runProviderModelSelectedHookMock, })); +const { resolvePreferredProviderForAuthChoice } = + await import("../../plugins/provider-auth-choice-preference.js"); + type StoredAuthProfile = { type?: string; provider?: string; @@ -54,22 +56,6 @@ type StoredAuthProfile = { const qwenPortalPlugin = (await import("../../../extensions/qwen-portal-auth/index.js")).default; -function registerProviders(...plugins: Array<{ register(api: OpenClawPluginApi): void }>) { - const captured = createCapturedPluginRegistration(); - for (const plugin of plugins) { - plugin.register(captured.api); - } - return captured.providers; -} - -function requireProvider(providers: ProviderPlugin[], providerId: string) { - const provider = providers.find((entry) => entry.id === providerId); - if (!provider) { - throw new Error(`provider ${providerId} missing`); - } - return provider; -} - describe("provider auth-choice contract", () => { const lifecycle = createAuthTestLifecycle([ "OPENCLAW_STATE_DIR", @@ -87,6 +73,27 @@ describe("provider auth-choice contract", () => { lifecycle.setStateDir(env.stateDir); } + beforeEach(() => { + resolvePluginProvidersMock.mockReset(); + resolvePluginProvidersMock.mockReturnValue(uniqueProviderContractProviders); + resolveProviderPluginChoiceMock.mockReset(); + resolveProviderPluginChoiceMock.mockImplementation(({ providers, choice }) => { + const provider = providers.find((entry) => + entry.auth.some( + (method) => buildProviderPluginMethodChoice(entry.id, method.id) === choice, + ), + ); + if (!provider) { + return null; + } + const method = + provider.auth.find( + (entry) => buildProviderPluginMethodChoice(provider.id, entry.id) === choice, + ) ?? null; + return method ? { provider, method } : null; + }); + }); + afterEach(async () => { loginQwenPortalOAuthMock.mockReset(); githubCopilotLoginCommandMock.mockReset(); @@ -100,21 +107,34 @@ describe("provider auth-choice contract", () => { activeStateDir = null; }); - it("maps plugin-backed auth choices through the shared preferred-provider resolver", async () => { - const scenarios = [ - { authChoice: "github-copilot" as const, expectedProvider: "github-copilot" }, - { authChoice: "qwen-portal" as const, expectedProvider: "qwen-portal" }, - { authChoice: "minimax-global-oauth" as const, expectedProvider: "minimax-portal" }, - { authChoice: "modelstudio-api-key" as const, expectedProvider: "modelstudio" }, - { authChoice: "ollama" as const, expectedProvider: "ollama" }, - { authChoice: "unknown" as AuthChoice, expectedProvider: undefined }, - ] as const; + it("maps provider-plugin choices through the shared preferred-provider fallback resolver", async () => { + const pluginFallbackScenarios = [ + "github-copilot", + "qwen-portal", + "minimax-portal", + "modelstudio", + "ollama", + ].map((providerId) => { + const provider = requireProviderContractProvider(providerId); + return { + authChoice: buildProviderPluginMethodChoice(provider.id, provider.auth[0]?.id ?? "default"), + expectedProvider: provider.id, + }; + }); - for (const scenario of scenarios) { + for (const scenario of pluginFallbackScenarios) { + resolvePluginProvidersMock.mockClear(); await expect( resolvePreferredProviderForAuthChoice({ choice: scenario.authChoice }), ).resolves.toBe(scenario.expectedProvider); + expect(resolvePluginProvidersMock).toHaveBeenCalled(); } + + resolvePluginProvidersMock.mockClear(); + await expect(resolvePreferredProviderForAuthChoice({ choice: "unknown" })).resolves.toBe( + undefined, + ); + expect(resolvePluginProvidersMock).toHaveBeenCalled(); }); it("applies qwen portal auth choices through the shared plugin-provider path", async () => { diff --git a/src/plugins/contracts/auth.contract.test.ts b/src/plugins/contracts/auth.contract.test.ts index cca85917c59..355ceb43962 100644 --- a/src/plugins/contracts/auth.contract.test.ts +++ b/src/plugins/contracts/auth.contract.test.ts @@ -14,34 +14,51 @@ import type { import type { OpenClawPluginApi, ProviderPlugin } from "../types.js"; type LoginOpenAICodexOAuth = - (typeof import("../../commands/openai-codex-oauth.js"))["loginOpenAICodexOAuth"]; + (typeof import("openclaw/plugin-sdk/provider-auth"))["loginOpenAICodexOAuth"]; type LoginQwenPortalOAuth = (typeof import("../../../extensions/qwen-portal-auth/oauth.js"))["loginQwenPortalOAuth"]; type GithubCopilotLoginCommand = - (typeof import("../../providers/github-copilot-auth.js"))["githubCopilotLoginCommand"]; + (typeof import("openclaw/plugin-sdk/provider-auth"))["githubCopilotLoginCommand"]; type CreateVpsAwareHandlers = - (typeof import("../../commands/oauth-flow.js"))["createVpsAwareOAuthHandlers"]; + (typeof import("../provider-oauth-flow.js"))["createVpsAwareOAuthHandlers"]; const loginOpenAICodexOAuthMock = vi.hoisted(() => vi.fn()); const loginQwenPortalOAuthMock = vi.hoisted(() => vi.fn()); const githubCopilotLoginCommandMock = vi.hoisted(() => vi.fn()); -vi.mock("../../commands/openai-codex-oauth.js", () => ({ - loginOpenAICodexOAuth: loginOpenAICodexOAuthMock, -})); +vi.mock("openclaw/plugin-sdk/provider-auth", async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + loginOpenAICodexOAuth: loginOpenAICodexOAuthMock, + githubCopilotLoginCommand: githubCopilotLoginCommandMock, + }; +}); vi.mock("../../../extensions/qwen-portal-auth/oauth.js", () => ({ loginQwenPortalOAuth: loginQwenPortalOAuthMock, })); -vi.mock("../../providers/github-copilot-auth.js", () => ({ - githubCopilotLoginCommand: githubCopilotLoginCommandMock, -})); - const openAIPlugin = (await import("../../../extensions/openai/index.js")).default; const qwenPortalPlugin = (await import("../../../extensions/qwen-portal-auth/index.js")).default; const githubCopilotPlugin = (await import("../../../extensions/github-copilot/index.js")).default; +function registerProviders(...plugins: Array<{ register(api: OpenClawPluginApi): void }>) { + const captured = createCapturedPluginRegistration(); + for (const plugin of plugins) { + plugin.register(captured.api); + } + return captured.providers; +} + +function requireProvider(providers: ProviderPlugin[], providerId: string) { + const provider = providers.find((entry) => entry.id === providerId); + if (!provider) { + throw new Error(`provider ${providerId} missing`); + } + return provider; +} + function buildPrompter(): WizardPrompter { const progress: WizardProgress = { update() {}, @@ -78,22 +95,6 @@ function buildAuthContext() { }; } -function registerProviders(...plugins: Array<{ register(api: OpenClawPluginApi): void }>) { - const captured = createCapturedPluginRegistration(); - for (const plugin of plugins) { - plugin.register(captured.api); - } - return captured.providers; -} - -function requireProvider(providers: ProviderPlugin[], providerId: string) { - const provider = providers.find((entry) => entry.id === providerId); - if (!provider) { - throw new Error(`provider ${providerId} missing`); - } - return provider; -} - describe("provider auth contract", () => { afterEach(() => { loginOpenAICodexOAuthMock.mockReset(); diff --git a/src/plugins/contracts/catalog.contract.test.ts b/src/plugins/contracts/catalog.contract.test.ts index 306162b2dcf..a87e632ac45 100644 --- a/src/plugins/contracts/catalog.contract.test.ts +++ b/src/plugins/contracts/catalog.contract.test.ts @@ -1,63 +1,84 @@ -import { describe, expect, it } from "vitest"; +import { beforeEach, describe, it, vi } from "vitest"; import { - augmentModelCatalogWithProviderPlugins, - buildProviderMissingAuthMessageWithPlugin, - resolveProviderBuiltInModelSuppression, -} from "../provider-runtime.js"; + expectAugmentedCodexCatalog, + expectCodexBuiltInSuppression, + expectCodexMissingAuthHint, +} from "../provider-runtime.test-support.js"; +import { + resolveProviderContractPluginIdsForProvider, + resolveProviderContractProvidersForPluginIds, + uniqueProviderContractProviders, +} from "./registry.js"; + +type ResolvePluginProviders = typeof import("../providers.js").resolvePluginProviders; +type ResolveOwningPluginIdsForProvider = + typeof import("../providers.js").resolveOwningPluginIdsForProvider; +type ResolveNonBundledProviderPluginIds = + typeof import("../providers.js").resolveNonBundledProviderPluginIds; + +const resolvePluginProvidersMock = vi.hoisted(() => + vi.fn((_) => uniqueProviderContractProviders), +); +const resolveOwningPluginIdsForProviderMock = vi.hoisted(() => + vi.fn((params) => + resolveProviderContractPluginIdsForProvider(params.provider), + ), +); +const resolveNonBundledProviderPluginIdsMock = vi.hoisted(() => + vi.fn((_) => [] as string[]), +); + +vi.mock("../providers.js", () => ({ + resolvePluginProviders: (params: unknown) => resolvePluginProvidersMock(params as never), + resolveOwningPluginIdsForProvider: (params: unknown) => + resolveOwningPluginIdsForProviderMock(params as never), + resolveNonBundledProviderPluginIds: (params: unknown) => + resolveNonBundledProviderPluginIdsMock(params as never), +})); + +let augmentModelCatalogWithProviderPlugins: typeof import("../provider-runtime.js").augmentModelCatalogWithProviderPlugins; +let buildProviderMissingAuthMessageWithPlugin: typeof import("../provider-runtime.js").buildProviderMissingAuthMessageWithPlugin; +let resetProviderRuntimeHookCacheForTest: typeof import("../provider-runtime.js").resetProviderRuntimeHookCacheForTest; +let resolveProviderBuiltInModelSuppression: typeof import("../provider-runtime.js").resolveProviderBuiltInModelSuppression; describe("provider catalog contract", () => { - it("keeps codex-only missing-auth hints wired through the provider runtime", () => { - expect( - buildProviderMissingAuthMessageWithPlugin({ - provider: "openai", - env: process.env, - context: { - env: process.env, - provider: "openai", - listProfileIds: (providerId) => (providerId === "openai-codex" ? ["p1"] : []), - }, - }), - ).toContain("openai-codex/gpt-5.4"); - }); + beforeEach(async () => { + vi.resetModules(); + ({ + augmentModelCatalogWithProviderPlugins, + buildProviderMissingAuthMessageWithPlugin, + resetProviderRuntimeHookCacheForTest, + resolveProviderBuiltInModelSuppression, + } = await import("../provider-runtime.js")); + resetProviderRuntimeHookCacheForTest(); - it("keeps built-in model suppression wired through the provider runtime", () => { - expect( - resolveProviderBuiltInModelSuppression({ - env: process.env, - context: { - env: process.env, - provider: "azure-openai-responses", - modelId: "gpt-5.3-codex-spark", - }, - }), - ).toMatchObject({ - suppress: true, - errorMessage: expect.stringContaining("openai-codex/gpt-5.3-codex-spark"), + resolveOwningPluginIdsForProviderMock.mockReset(); + resolveOwningPluginIdsForProviderMock.mockImplementation((params) => + resolveProviderContractPluginIdsForProvider(params.provider), + ); + + resolveNonBundledProviderPluginIdsMock.mockReset(); + resolveNonBundledProviderPluginIdsMock.mockReturnValue([]); + + resolvePluginProvidersMock.mockReset(); + resolvePluginProvidersMock.mockImplementation((params?: { onlyPluginIds?: string[] }) => { + const onlyPluginIds = params?.onlyPluginIds; + if (!onlyPluginIds || onlyPluginIds.length === 0) { + return uniqueProviderContractProviders; + } + return resolveProviderContractProvidersForPluginIds(onlyPluginIds); }); }); + it("keeps codex-only missing-auth hints wired through the provider runtime", () => { + expectCodexMissingAuthHint(buildProviderMissingAuthMessageWithPlugin); + }); + + it("keeps built-in model suppression wired through the provider runtime", () => { + expectCodexBuiltInSuppression(resolveProviderBuiltInModelSuppression); + }); + it("keeps bundled model augmentation wired through the provider runtime", async () => { - await expect( - augmentModelCatalogWithProviderPlugins({ - env: process.env, - context: { - env: process.env, - entries: [ - { provider: "openai", id: "gpt-5.2", name: "GPT-5.2" }, - { provider: "openai", id: "gpt-5.2-pro", name: "GPT-5.2 Pro" }, - { provider: "openai-codex", id: "gpt-5.3-codex", name: "GPT-5.3 Codex" }, - ], - }, - }), - ).resolves.toEqual([ - { provider: "openai", id: "gpt-5.4", name: "gpt-5.4" }, - { provider: "openai", id: "gpt-5.4-pro", name: "gpt-5.4-pro" }, - { provider: "openai-codex", id: "gpt-5.4", name: "gpt-5.4" }, - { - provider: "openai-codex", - id: "gpt-5.3-codex-spark", - name: "gpt-5.3-codex-spark", - }, - ]); + await expectAugmentedCodexCatalog(augmentModelCatalogWithProviderPlugins); }); }); diff --git a/src/plugins/contracts/discovery.contract.test.ts b/src/plugins/contracts/discovery.contract.test.ts index 072e657616e..47e098a2baf 100644 --- a/src/plugins/contracts/discovery.contract.test.ts +++ b/src/plugins/contracts/discovery.contract.test.ts @@ -5,9 +5,8 @@ import { } from "../../agents/auth-profiles/store.js"; import { QWEN_OAUTH_MARKER } from "../../agents/model-auth-markers.js"; import type { ModelDefinitionConfig } from "../../config/types.models.js"; -import { createCapturedPluginRegistration } from "../../test-utils/plugin-registration.js"; import { runProviderCatalog } from "../provider-discovery.js"; -import type { OpenClawPluginApi, ProviderPlugin } from "../types.js"; +import { registerProviders, requireProvider } from "./testkit.js"; const resolveCopilotApiTokenMock = vi.hoisted(() => vi.fn()); const buildOllamaProviderMock = vi.hoisted(() => vi.fn()); @@ -59,22 +58,21 @@ const modelStudioPlugin = (await import("../../../extensions/modelstudio/index.j const cloudflareAiGatewayPlugin = ( await import("../../../extensions/cloudflare-ai-gateway/index.js") ).default; - -function registerProviders(...plugins: Array<{ register(api: OpenClawPluginApi): void }>) { - const captured = createCapturedPluginRegistration(); - for (const plugin of plugins) { - plugin.register(captured.api); - } - return captured.providers; -} - -function requireProvider(providers: ProviderPlugin[], providerId: string) { - const provider = providers.find((entry) => entry.id === providerId); - if (!provider) { - throw new Error(`provider ${providerId} missing`); - } - return provider; -} +const qwenPortalProvider = requireProvider(registerProviders(qwenPortalPlugin), "qwen-portal"); +const githubCopilotProvider = requireProvider( + registerProviders(githubCopilotPlugin), + "github-copilot", +); +const ollamaProvider = requireProvider(registerProviders(ollamaPlugin), "ollama"); +const vllmProvider = requireProvider(registerProviders(vllmPlugin), "vllm"); +const sglangProvider = requireProvider(registerProviders(sglangPlugin), "sglang"); +const minimaxProvider = requireProvider(registerProviders(minimaxPlugin), "minimax"); +const minimaxPortalProvider = requireProvider(registerProviders(minimaxPlugin), "minimax-portal"); +const modelStudioProvider = requireProvider(registerProviders(modelStudioPlugin), "modelstudio"); +const cloudflareAiGatewayProvider = requireProvider( + registerProviders(cloudflareAiGatewayPlugin), + "cloudflare-ai-gateway", +); function createModelConfig(id: string, name = id): ModelDefinitionConfig { return { @@ -92,6 +90,74 @@ function createModelConfig(id: string, name = id): ModelDefinitionConfig { maxTokens: 8_192, }; } + +function setQwenPortalOauthSnapshot() { + replaceRuntimeAuthProfileStoreSnapshots([ + { + store: { + version: 1, + profiles: { + "qwen-portal:default": { + type: "oauth", + provider: "qwen-portal", + access: "access-token", + refresh: "refresh-token", + expires: Date.now() + 60_000, + }, + }, + }, + }, + ]); +} + +function setGithubCopilotProfileSnapshot() { + replaceRuntimeAuthProfileStoreSnapshots([ + { + store: { + version: 1, + profiles: { + "github-copilot:github": { + type: "token", + provider: "github-copilot", + token: "profile-token", + }, + }, + }, + }, + ]); +} + +function runCatalog(params: { + provider: Awaited>; + env?: NodeJS.ProcessEnv; + resolveProviderApiKey?: () => { apiKey: string | undefined }; + resolveProviderAuth?: ( + providerId?: string, + options?: { oauthMarker?: string }, + ) => { + apiKey: string | undefined; + discoveryApiKey?: string; + mode: "api_key" | "oauth" | "token" | "none"; + source: "env" | "profile" | "none"; + profileId?: string; + }; +}) { + return runProviderCatalog({ + provider: params.provider, + config: {}, + env: params.env ?? ({} as NodeJS.ProcessEnv), + resolveProviderApiKey: params.resolveProviderApiKey ?? (() => ({ apiKey: undefined })), + resolveProviderAuth: + params.resolveProviderAuth ?? + ((_, options) => ({ + apiKey: options?.oauthMarker, + discoveryApiKey: undefined, + mode: options?.oauthMarker ? "oauth" : "none", + source: options?.oauthMarker ? "profile" : "none", + })), + }); +} + describe("provider discovery contract", () => { afterEach(() => { resolveCopilotApiTokenMock.mockReset(); @@ -102,30 +168,11 @@ describe("provider discovery contract", () => { }); it("keeps qwen portal oauth marker fallback provider-owned", async () => { - const provider = requireProvider(registerProviders(qwenPortalPlugin), "qwen-portal"); - replaceRuntimeAuthProfileStoreSnapshots([ - { - store: { - version: 1, - profiles: { - "qwen-portal:default": { - type: "oauth", - provider: "qwen-portal", - access: "access-token", - refresh: "refresh-token", - expires: Date.now() + 60_000, - }, - }, - }, - }, - ]); + setQwenPortalOauthSnapshot(); await expect( - runProviderCatalog({ - provider, - config: {}, - env: {} as NodeJS.ProcessEnv, - resolveProviderApiKey: () => ({ apiKey: undefined }), + runCatalog({ + provider: qwenPortalProvider, }), ).resolves.toEqual({ provider: { @@ -141,28 +188,11 @@ describe("provider discovery contract", () => { }); it("keeps qwen portal env api keys higher priority than oauth markers", async () => { - const provider = requireProvider(registerProviders(qwenPortalPlugin), "qwen-portal"); - replaceRuntimeAuthProfileStoreSnapshots([ - { - store: { - version: 1, - profiles: { - "qwen-portal:default": { - type: "oauth", - provider: "qwen-portal", - access: "access-token", - refresh: "refresh-token", - expires: Date.now() + 60_000, - }, - }, - }, - }, - ]); + setQwenPortalOauthSnapshot(); await expect( - runProviderCatalog({ - provider, - config: {}, + runCatalog({ + provider: qwenPortalProvider, env: { QWEN_PORTAL_API_KEY: "env-key" } as NodeJS.ProcessEnv, resolveProviderApiKey: () => ({ apiKey: "env-key" }), }), @@ -174,41 +204,15 @@ describe("provider discovery contract", () => { }); it("keeps GitHub Copilot catalog disabled without env tokens or profiles", async () => { - const provider = requireProvider(registerProviders(githubCopilotPlugin), "github-copilot"); - - await expect( - runProviderCatalog({ - provider, - config: {}, - env: {} as NodeJS.ProcessEnv, - resolveProviderApiKey: () => ({ apiKey: undefined }), - }), - ).resolves.toBeNull(); + await expect(runCatalog({ provider: githubCopilotProvider })).resolves.toBeNull(); }); it("keeps GitHub Copilot profile-only catalog fallback provider-owned", async () => { - const provider = requireProvider(registerProviders(githubCopilotPlugin), "github-copilot"); - replaceRuntimeAuthProfileStoreSnapshots([ - { - store: { - version: 1, - profiles: { - "github-copilot:github": { - type: "token", - provider: "github-copilot", - token: "profile-token", - }, - }, - }, - }, - ]); + setGithubCopilotProfileSnapshot(); await expect( - runProviderCatalog({ - provider, - config: {}, - env: {} as NodeJS.ProcessEnv, - resolveProviderApiKey: () => ({ apiKey: undefined }), + runCatalog({ + provider: githubCopilotProvider, }), ).resolves.toEqual({ provider: { @@ -219,7 +223,6 @@ describe("provider discovery contract", () => { }); it("keeps GitHub Copilot env-token base URL resolution provider-owned", async () => { - const provider = requireProvider(registerProviders(githubCopilotPlugin), "github-copilot"); resolveCopilotApiTokenMock.mockResolvedValueOnce({ token: "copilot-api-token", baseUrl: "https://copilot-proxy.example.com", @@ -227,9 +230,8 @@ describe("provider discovery contract", () => { }); await expect( - runProviderCatalog({ - provider, - config: {}, + runCatalog({ + provider: githubCopilotProvider, env: { GITHUB_TOKEN: "github-env-token", } as NodeJS.ProcessEnv, @@ -250,11 +252,9 @@ describe("provider discovery contract", () => { }); it("keeps Ollama explicit catalog normalization provider-owned", async () => { - const provider = requireProvider(registerProviders(ollamaPlugin), "ollama"); - await expect( runProviderCatalog({ - provider, + provider: ollamaProvider, config: { models: { providers: { @@ -267,6 +267,12 @@ describe("provider discovery contract", () => { }, env: {} as NodeJS.ProcessEnv, resolveProviderApiKey: () => ({ apiKey: undefined }), + resolveProviderAuth: () => ({ + apiKey: undefined, + discoveryApiKey: undefined, + mode: "none", + source: "none", + }), }), ).resolves.toMatchObject({ provider: { @@ -280,7 +286,6 @@ describe("provider discovery contract", () => { }); it("keeps Ollama empty autodiscovery disabled without keys or explicit config", async () => { - const provider = requireProvider(registerProviders(ollamaPlugin), "ollama"); buildOllamaProviderMock.mockResolvedValueOnce({ baseUrl: "http://127.0.0.1:11434", api: "ollama", @@ -289,17 +294,22 @@ describe("provider discovery contract", () => { await expect( runProviderCatalog({ - provider, + provider: ollamaProvider, config: {}, env: {} as NodeJS.ProcessEnv, resolveProviderApiKey: () => ({ apiKey: undefined }), + resolveProviderAuth: () => ({ + apiKey: undefined, + discoveryApiKey: undefined, + mode: "none", + source: "none", + }), }), ).resolves.toBeNull(); expect(buildOllamaProviderMock).toHaveBeenCalledWith(undefined, { quiet: true }); }); it("keeps vLLM self-hosted discovery provider-owned", async () => { - const provider = requireProvider(registerProviders(vllmPlugin), "vllm"); buildVllmProviderMock.mockResolvedValueOnce({ baseUrl: "http://127.0.0.1:8000/v1", api: "openai-completions", @@ -308,7 +318,7 @@ describe("provider discovery contract", () => { await expect( runProviderCatalog({ - provider, + provider: vllmProvider, config: {}, env: { VLLM_API_KEY: "env-vllm-key", @@ -317,6 +327,12 @@ describe("provider discovery contract", () => { apiKey: "VLLM_API_KEY", discoveryApiKey: "env-vllm-key", }), + resolveProviderAuth: () => ({ + apiKey: "VLLM_API_KEY", + discoveryApiKey: "env-vllm-key", + mode: "api_key", + source: "env", + }), }), ).resolves.toEqual({ provider: { @@ -332,7 +348,6 @@ describe("provider discovery contract", () => { }); it("keeps SGLang self-hosted discovery provider-owned", async () => { - const provider = requireProvider(registerProviders(sglangPlugin), "sglang"); buildSglangProviderMock.mockResolvedValueOnce({ baseUrl: "http://127.0.0.1:30000/v1", api: "openai-completions", @@ -341,7 +356,7 @@ describe("provider discovery contract", () => { await expect( runProviderCatalog({ - provider, + provider: sglangProvider, config: {}, env: { SGLANG_API_KEY: "env-sglang-key", @@ -350,6 +365,12 @@ describe("provider discovery contract", () => { apiKey: "SGLANG_API_KEY", discoveryApiKey: "env-sglang-key", }), + resolveProviderAuth: () => ({ + apiKey: "SGLANG_API_KEY", + discoveryApiKey: "env-sglang-key", + mode: "api_key", + source: "env", + }), }), ).resolves.toEqual({ provider: { @@ -365,16 +386,20 @@ describe("provider discovery contract", () => { }); it("keeps MiniMax API catalog provider-owned", async () => { - const provider = requireProvider(registerProviders(minimaxPlugin), "minimax"); - await expect( runProviderCatalog({ - provider, + provider: minimaxProvider, config: {}, env: { MINIMAX_API_KEY: "minimax-key", } as NodeJS.ProcessEnv, resolveProviderApiKey: () => ({ apiKey: "minimax-key" }), + resolveProviderAuth: () => ({ + apiKey: "minimax-key", + discoveryApiKey: undefined, + mode: "api_key", + source: "env", + }), }), ).resolves.toMatchObject({ provider: { @@ -391,7 +416,6 @@ describe("provider discovery contract", () => { }); it("keeps MiniMax portal oauth marker fallback provider-owned", async () => { - const provider = requireProvider(registerProviders(minimaxPlugin), "minimax-portal"); replaceRuntimeAuthProfileStoreSnapshots([ { store: { @@ -411,10 +435,17 @@ describe("provider discovery contract", () => { await expect( runProviderCatalog({ - provider, + provider: minimaxPortalProvider, config: {}, env: {} as NodeJS.ProcessEnv, resolveProviderApiKey: () => ({ apiKey: undefined }), + resolveProviderAuth: () => ({ + apiKey: "minimax-oauth", + discoveryApiKey: "access-token", + mode: "oauth", + source: "profile", + profileId: "minimax-portal:default", + }), }), ).resolves.toMatchObject({ provider: { @@ -428,11 +459,9 @@ describe("provider discovery contract", () => { }); it("keeps MiniMax portal explicit base URL override provider-owned", async () => { - const provider = requireProvider(registerProviders(minimaxPlugin), "minimax-portal"); - await expect( runProviderCatalog({ - provider, + provider: minimaxPortalProvider, config: { models: { providers: { @@ -446,6 +475,12 @@ describe("provider discovery contract", () => { }, env: {} as NodeJS.ProcessEnv, resolveProviderApiKey: () => ({ apiKey: undefined }), + resolveProviderAuth: () => ({ + apiKey: undefined, + discoveryApiKey: undefined, + mode: "none", + source: "none", + }), }), ).resolves.toMatchObject({ provider: { @@ -456,11 +491,9 @@ describe("provider discovery contract", () => { }); it("keeps Model Studio catalog provider-owned", async () => { - const provider = requireProvider(registerProviders(modelStudioPlugin), "modelstudio"); - await expect( runProviderCatalog({ - provider, + provider: modelStudioProvider, config: { models: { providers: { @@ -475,6 +508,12 @@ describe("provider discovery contract", () => { MODELSTUDIO_API_KEY: "modelstudio-key", } as NodeJS.ProcessEnv, resolveProviderApiKey: () => ({ apiKey: "modelstudio-key" }), + resolveProviderAuth: () => ({ + apiKey: "modelstudio-key", + discoveryApiKey: undefined, + mode: "api_key", + source: "env", + }), }), ).resolves.toMatchObject({ provider: { @@ -490,26 +529,23 @@ describe("provider discovery contract", () => { }); it("keeps Cloudflare AI Gateway catalog disabled without stored metadata", async () => { - const provider = requireProvider( - registerProviders(cloudflareAiGatewayPlugin), - "cloudflare-ai-gateway", - ); - await expect( runProviderCatalog({ - provider, + provider: cloudflareAiGatewayProvider, config: {}, env: {} as NodeJS.ProcessEnv, resolveProviderApiKey: () => ({ apiKey: undefined }), + resolveProviderAuth: () => ({ + apiKey: undefined, + discoveryApiKey: undefined, + mode: "none", + source: "none", + }), }), ).resolves.toBeNull(); }); it("keeps Cloudflare AI Gateway env-managed catalog provider-owned", async () => { - const provider = requireProvider( - registerProviders(cloudflareAiGatewayPlugin), - "cloudflare-ai-gateway", - ); replaceRuntimeAuthProfileStoreSnapshots([ { store: { @@ -535,12 +571,18 @@ describe("provider discovery contract", () => { await expect( runProviderCatalog({ - provider, + provider: cloudflareAiGatewayProvider, config: {}, env: { CLOUDFLARE_AI_GATEWAY_API_KEY: "secret-value", } as NodeJS.ProcessEnv, resolveProviderApiKey: () => ({ apiKey: undefined }), + resolveProviderAuth: () => ({ + apiKey: undefined, + discoveryApiKey: undefined, + mode: "none", + source: "none", + }), }), ).resolves.toEqual({ provider: { diff --git a/src/plugins/contracts/loader.contract.test.ts b/src/plugins/contracts/loader.contract.test.ts index a42c24712ec..c550f1d96b2 100644 --- a/src/plugins/contracts/loader.contract.test.ts +++ b/src/plugins/contracts/loader.contract.test.ts @@ -1,35 +1,28 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; -import { providerContractRegistry, webSearchProviderContractRegistry } from "./registry.js"; +import { withBundledPluginAllowlistCompat } from "../bundled-compat.js"; +import { loadPluginManifestRegistry } from "../manifest-registry.js"; +import { __testing as providerTesting } from "../providers.js"; +import { resolvePluginWebSearchProviders } from "../web-search-providers.js"; +import { providerContractCompatPluginIds, webSearchProviderContractRegistry } from "./registry.js"; +import { uniqueSortedStrings } from "./testkit.js"; -const loadOpenClawPluginsMock = vi.fn(); - -vi.mock("../loader.js", () => ({ - loadOpenClawPlugins: (...args: unknown[]) => loadOpenClawPluginsMock(...args), -})); - -const { resolvePluginProviders } = await import("../providers.js"); -const { resolvePluginWebSearchProviders } = await import("../web-search-providers.js"); - -function uniqueSortedPluginIds(values: string[]) { - return [...new Set(values)].toSorted((left, right) => left.localeCompare(right)); +function resolveBundledManifestProviderPluginIds() { + return uniqueSortedStrings( + loadPluginManifestRegistry({}) + .plugins.filter((plugin) => plugin.origin === "bundled" && plugin.providers.length > 0) + .map((plugin) => plugin.id), + ); } describe("plugin loader contract", () => { beforeEach(() => { - loadOpenClawPluginsMock.mockReset(); - loadOpenClawPluginsMock.mockReturnValue({ - providers: [], - webSearchProviders: [], - }); + vi.restoreAllMocks(); }); it("keeps bundled provider compatibility wired to the provider registry", () => { - const providerPluginIds = uniqueSortedPluginIds( - providerContractRegistry.map((entry) => entry.pluginId), - ); - - resolvePluginProviders({ - bundledProviderAllowlistCompat: true, + const providerPluginIds = uniqueSortedStrings(providerContractCompatPluginIds); + const manifestProviderPluginIds = resolveBundledManifestProviderPluginIds(); + const compatPluginIds = providerTesting.resolveBundledProviderCompatPluginIds({ config: { plugins: { allow: ["openrouter"], @@ -37,54 +30,51 @@ describe("plugin loader contract", () => { }, }); - expect(loadOpenClawPluginsMock).toHaveBeenCalledWith( - expect.objectContaining({ - config: expect.objectContaining({ - plugins: expect.objectContaining({ - allow: expect.arrayContaining(providerPluginIds), - }), - }), - }), - ); + const compatConfig = withBundledPluginAllowlistCompat({ + config: { + plugins: { + allow: ["openrouter"], + }, + }, + pluginIds: compatPluginIds, + }); + + expect(providerPluginIds).toEqual(manifestProviderPluginIds); + expect(uniqueSortedStrings(compatPluginIds)).toEqual(manifestProviderPluginIds); + expect(uniqueSortedStrings(compatPluginIds)).toEqual(expect.arrayContaining(providerPluginIds)); + expect(compatConfig?.plugins?.allow).toEqual(expect.arrayContaining(providerPluginIds)); }); it("keeps vitest bundled provider enablement wired to the provider registry", () => { - const providerPluginIds = uniqueSortedPluginIds( - providerContractRegistry.map((entry) => entry.pluginId), - ); - - resolvePluginProviders({ - bundledProviderVitestCompat: true, + const providerPluginIds = uniqueSortedStrings(providerContractCompatPluginIds); + const manifestProviderPluginIds = resolveBundledManifestProviderPluginIds(); + const compatConfig = providerTesting.withBundledProviderVitestCompat({ + config: undefined, + pluginIds: providerPluginIds, env: { VITEST: "1" } as NodeJS.ProcessEnv, }); - expect(loadOpenClawPluginsMock).toHaveBeenCalledWith( - expect.objectContaining({ - config: expect.objectContaining({ - plugins: expect.objectContaining({ - enabled: true, - allow: expect.arrayContaining(providerPluginIds), - }), - }), - }), - ); + expect(providerPluginIds).toEqual(manifestProviderPluginIds); + expect(compatConfig?.plugins).toMatchObject({ + enabled: true, + allow: expect.arrayContaining(providerPluginIds), + }); }); it("keeps bundled web search loading scoped to the web search registry", () => { - const webSearchPluginIds = uniqueSortedPluginIds( + const webSearchPluginIds = uniqueSortedStrings( webSearchProviderContractRegistry.map((entry) => entry.pluginId), ); const providers = resolvePluginWebSearchProviders({}); - expect(uniqueSortedPluginIds(providers.map((provider) => provider.pluginId))).toEqual( + expect(uniqueSortedStrings(providers.map((provider) => provider.pluginId))).toEqual( webSearchPluginIds, ); - expect(loadOpenClawPluginsMock).not.toHaveBeenCalled(); }); it("keeps bundled web search allowlist compatibility wired to the web search registry", () => { - const webSearchPluginIds = uniqueSortedPluginIds( + const webSearchPluginIds = uniqueSortedStrings( webSearchProviderContractRegistry.map((entry) => entry.pluginId), ); @@ -97,9 +87,8 @@ describe("plugin loader contract", () => { }, }); - expect(uniqueSortedPluginIds(providers.map((provider) => provider.pluginId))).toEqual( + expect(uniqueSortedStrings(providers.map((provider) => provider.pluginId))).toEqual( webSearchPluginIds, ); - expect(loadOpenClawPluginsMock).not.toHaveBeenCalled(); }); }); diff --git a/src/plugins/contracts/registry.contract.test.ts b/src/plugins/contracts/registry.contract.test.ts index 2bf113fe76d..997aa560579 100644 --- a/src/plugins/contracts/registry.contract.test.ts +++ b/src/plugins/contracts/registry.contract.test.ts @@ -1,7 +1,13 @@ import { describe, expect, it } from "vitest"; +import { loadPluginManifestRegistry } from "../manifest-registry.js"; +import { resolvePluginWebSearchProviders } from "../web-search-providers.js"; import { + imageGenerationProviderContractRegistry, + mediaUnderstandingProviderContractRegistry, pluginRegistrationContractRegistry, + providerContractPluginIds, providerContractRegistry, + speechProviderContractRegistry, webSearchProviderContractRegistry, } from "./registry.js"; @@ -19,6 +25,55 @@ function findWebSearchIdsForPlugin(pluginId: string) { .toSorted((left, right) => left.localeCompare(right)); } +function findSpeechProviderIdsForPlugin(pluginId: string) { + return speechProviderContractRegistry + .filter((entry) => entry.pluginId === pluginId) + .map((entry) => entry.provider.id) + .toSorted((left, right) => left.localeCompare(right)); +} + +function findSpeechProviderForPlugin(pluginId: string) { + const entry = speechProviderContractRegistry.find((candidate) => candidate.pluginId === pluginId); + if (!entry) { + throw new Error(`speech provider contract missing for ${pluginId}`); + } + return entry.provider; +} + +function findMediaUnderstandingProviderIdsForPlugin(pluginId: string) { + return mediaUnderstandingProviderContractRegistry + .filter((entry) => entry.pluginId === pluginId) + .map((entry) => entry.provider.id) + .toSorted((left, right) => left.localeCompare(right)); +} + +function findMediaUnderstandingProviderForPlugin(pluginId: string) { + const entry = mediaUnderstandingProviderContractRegistry.find( + (candidate) => candidate.pluginId === pluginId, + ); + if (!entry) { + throw new Error(`media-understanding provider contract missing for ${pluginId}`); + } + return entry.provider; +} + +function findImageGenerationProviderIdsForPlugin(pluginId: string) { + return imageGenerationProviderContractRegistry + .filter((entry) => entry.pluginId === pluginId) + .map((entry) => entry.provider.id) + .toSorted((left, right) => left.localeCompare(right)); +} + +function findImageGenerationProviderForPlugin(pluginId: string) { + const entry = imageGenerationProviderContractRegistry.find( + (candidate) => candidate.pluginId === pluginId, + ); + if (!entry) { + throw new Error(`image-generation provider contract missing for ${pluginId}`); + } + return entry.provider; +} + function findRegistrationForPlugin(pluginId: string) { const entry = pluginRegistrationContractRegistry.find( (candidate) => candidate.pluginId === pluginId, @@ -40,6 +95,41 @@ describe("plugin contract registry", () => { expect(ids).toEqual([...new Set(ids)]); }); + it("does not duplicate bundled speech provider ids", () => { + const ids = speechProviderContractRegistry.map((entry) => entry.provider.id); + expect(ids).toEqual([...new Set(ids)]); + }); + + it("does not duplicate bundled media provider ids", () => { + const ids = mediaUnderstandingProviderContractRegistry.map((entry) => entry.provider.id); + expect(ids).toEqual([...new Set(ids)]); + }); + + it("covers every bundled provider plugin discovered from manifests", () => { + const bundledProviderPluginIds = loadPluginManifestRegistry({}) + .plugins.filter((plugin) => plugin.origin === "bundled" && plugin.providers.length > 0) + .map((plugin) => plugin.id) + .toSorted((left, right) => left.localeCompare(right)); + + expect(providerContractPluginIds).toEqual(bundledProviderPluginIds); + }); + + it("covers every bundled web search plugin from the shared resolver", () => { + const bundledWebSearchPluginIds = resolvePluginWebSearchProviders({}) + .map((provider) => provider.pluginId) + .toSorted((left, right) => left.localeCompare(right)); + + expect( + [...new Set(webSearchProviderContractRegistry.map((entry) => entry.pluginId))].toSorted( + (left, right) => left.localeCompare(right), + ), + ).toEqual(bundledWebSearchPluginIds); + }); + + it("does not duplicate bundled image-generation provider ids", () => { + const ids = imageGenerationProviderContractRegistry.map((entry) => entry.provider.id); + expect(ids).toEqual([...new Set(ids)]); + }); it("keeps multi-provider plugin ownership explicit", () => { expect(findProviderIdsForPlugin("google")).toEqual(["google", "google-gemini-cli"]); expect(findProviderIdsForPlugin("minimax")).toEqual(["minimax", "minimax-portal"]); @@ -55,11 +145,119 @@ describe("plugin contract registry", () => { expect(findWebSearchIdsForPlugin("xai")).toEqual(["grok"]); }); + it("keeps bundled speech ownership explicit", () => { + expect(findSpeechProviderIdsForPlugin("elevenlabs")).toEqual(["elevenlabs"]); + expect(findSpeechProviderIdsForPlugin("microsoft")).toEqual(["microsoft"]); + expect(findSpeechProviderIdsForPlugin("openai")).toEqual(["openai"]); + }); + + it("keeps bundled media-understanding ownership explicit", () => { + expect(findMediaUnderstandingProviderIdsForPlugin("anthropic")).toEqual(["anthropic"]); + expect(findMediaUnderstandingProviderIdsForPlugin("google")).toEqual(["google"]); + expect(findMediaUnderstandingProviderIdsForPlugin("minimax")).toEqual([ + "minimax", + "minimax-portal", + ]); + expect(findMediaUnderstandingProviderIdsForPlugin("mistral")).toEqual(["mistral"]); + expect(findMediaUnderstandingProviderIdsForPlugin("moonshot")).toEqual(["moonshot"]); + expect(findMediaUnderstandingProviderIdsForPlugin("openai")).toEqual(["openai"]); + expect(findMediaUnderstandingProviderIdsForPlugin("zai")).toEqual(["zai"]); + }); + + it("keeps bundled image-generation ownership explicit", () => { + expect(findImageGenerationProviderIdsForPlugin("google")).toEqual(["google"]); + expect(findImageGenerationProviderIdsForPlugin("openai")).toEqual(["openai"]); + }); + it("keeps bundled provider and web search tool ownership explicit", () => { expect(findRegistrationForPlugin("firecrawl")).toMatchObject({ providerIds: [], + speechProviderIds: [], + mediaUnderstandingProviderIds: [], + imageGenerationProviderIds: [], webSearchProviderIds: ["firecrawl"], toolNames: ["firecrawl_search", "firecrawl_scrape"], }); }); + + it("tracks speech registrations on bundled provider plugins", () => { + expect(findRegistrationForPlugin("google")).toMatchObject({ + providerIds: ["google", "google-gemini-cli"], + speechProviderIds: [], + mediaUnderstandingProviderIds: ["google"], + imageGenerationProviderIds: ["google"], + webSearchProviderIds: ["gemini"], + }); + expect(findRegistrationForPlugin("openai")).toMatchObject({ + providerIds: ["openai", "openai-codex"], + speechProviderIds: ["openai"], + mediaUnderstandingProviderIds: ["openai"], + imageGenerationProviderIds: ["openai"], + }); + expect(findRegistrationForPlugin("elevenlabs")).toMatchObject({ + providerIds: [], + speechProviderIds: ["elevenlabs"], + mediaUnderstandingProviderIds: [], + imageGenerationProviderIds: [], + }); + expect(findRegistrationForPlugin("microsoft")).toMatchObject({ + providerIds: [], + speechProviderIds: ["microsoft"], + mediaUnderstandingProviderIds: [], + imageGenerationProviderIds: [], + }); + }); + + it("tracks every provider, speech, media, or web search plugin in the registration registry", () => { + const expectedPluginIds = [ + ...new Set([ + ...providerContractRegistry.map((entry) => entry.pluginId), + ...speechProviderContractRegistry.map((entry) => entry.pluginId), + ...mediaUnderstandingProviderContractRegistry.map((entry) => entry.pluginId), + ...webSearchProviderContractRegistry.map((entry) => entry.pluginId), + ]), + ].toSorted((left, right) => left.localeCompare(right)); + + expect( + pluginRegistrationContractRegistry + .map((entry) => entry.pluginId) + .toSorted((left, right) => left.localeCompare(right)), + ).toEqual(expectedPluginIds); + }); + + it("keeps bundled speech voice-list support explicit", () => { + expect(findSpeechProviderForPlugin("openai").listVoices).toEqual(expect.any(Function)); + expect(findSpeechProviderForPlugin("elevenlabs").listVoices).toEqual(expect.any(Function)); + expect(findSpeechProviderForPlugin("microsoft").listVoices).toEqual(expect.any(Function)); + }); + + it("keeps bundled multi-image support explicit", () => { + expect(findMediaUnderstandingProviderForPlugin("anthropic").describeImages).toEqual( + expect.any(Function), + ); + expect(findMediaUnderstandingProviderForPlugin("google").describeImages).toEqual( + expect.any(Function), + ); + expect(findMediaUnderstandingProviderForPlugin("minimax").describeImages).toEqual( + expect.any(Function), + ); + expect(findMediaUnderstandingProviderForPlugin("moonshot").describeImages).toEqual( + expect.any(Function), + ); + expect(findMediaUnderstandingProviderForPlugin("openai").describeImages).toEqual( + expect.any(Function), + ); + expect(findMediaUnderstandingProviderForPlugin("zai").describeImages).toEqual( + expect.any(Function), + ); + }); + + it("keeps bundled image-generation support explicit", () => { + expect(findImageGenerationProviderForPlugin("google").generateImage).toEqual( + expect.any(Function), + ); + expect(findImageGenerationProviderForPlugin("openai").generateImage).toEqual( + expect.any(Function), + ); + }); }); diff --git a/src/plugins/contracts/registry.ts b/src/plugins/contracts/registry.ts index 8099ce4ca44..e4b6cf1059a 100644 --- a/src/plugins/contracts/registry.ts +++ b/src/plugins/contracts/registry.ts @@ -1,97 +1,57 @@ import anthropicPlugin from "../../../extensions/anthropic/index.js"; import bravePlugin from "../../../extensions/brave/index.js"; -import byteplusPlugin from "../../../extensions/byteplus/index.js"; -import cloudflareAiGatewayPlugin from "../../../extensions/cloudflare-ai-gateway/index.js"; -import copilotProxyPlugin from "../../../extensions/copilot-proxy/index.js"; +import elevenLabsPlugin from "../../../extensions/elevenlabs/index.js"; import firecrawlPlugin from "../../../extensions/firecrawl/index.js"; -import githubCopilotPlugin from "../../../extensions/github-copilot/index.js"; import googlePlugin from "../../../extensions/google/index.js"; -import huggingFacePlugin from "../../../extensions/huggingface/index.js"; -import kilocodePlugin from "../../../extensions/kilocode/index.js"; -import kimiCodingPlugin from "../../../extensions/kimi-coding/index.js"; +import microsoftPlugin from "../../../extensions/microsoft/index.js"; import minimaxPlugin from "../../../extensions/minimax/index.js"; import mistralPlugin from "../../../extensions/mistral/index.js"; -import modelStudioPlugin from "../../../extensions/modelstudio/index.js"; import moonshotPlugin from "../../../extensions/moonshot/index.js"; -import nvidiaPlugin from "../../../extensions/nvidia/index.js"; -import ollamaPlugin from "../../../extensions/ollama/index.js"; import openAIPlugin from "../../../extensions/openai/index.js"; -import opencodeGoPlugin from "../../../extensions/opencode-go/index.js"; -import opencodePlugin from "../../../extensions/opencode/index.js"; -import openRouterPlugin from "../../../extensions/openrouter/index.js"; import perplexityPlugin from "../../../extensions/perplexity/index.js"; -import qianfanPlugin from "../../../extensions/qianfan/index.js"; -import qwenPortalPlugin from "../../../extensions/qwen-portal-auth/index.js"; -import sglangPlugin from "../../../extensions/sglang/index.js"; -import syntheticPlugin from "../../../extensions/synthetic/index.js"; -import togetherPlugin from "../../../extensions/together/index.js"; -import venicePlugin from "../../../extensions/venice/index.js"; -import vercelAiGatewayPlugin from "../../../extensions/vercel-ai-gateway/index.js"; -import vllmPlugin from "../../../extensions/vllm/index.js"; -import volcenginePlugin from "../../../extensions/volcengine/index.js"; import xaiPlugin from "../../../extensions/xai/index.js"; -import xiaomiPlugin from "../../../extensions/xiaomi/index.js"; import zaiPlugin from "../../../extensions/zai/index.js"; -import { createCapturedPluginRegistration } from "../../test-utils/plugin-registration.js"; -import type { ProviderPlugin, WebSearchProviderPlugin } from "../types.js"; +import { createCapturedPluginRegistration } from "../captured-registration.js"; +import { resolvePluginProviders } from "../providers.js"; +import type { + ImageGenerationProviderPlugin, + MediaUnderstandingProviderPlugin, + ProviderPlugin, + SpeechProviderPlugin, + WebSearchProviderPlugin, +} from "../types.js"; type RegistrablePlugin = { id: string; register: (api: ReturnType["api"]) => void; }; -type ProviderContractEntry = { +type CapabilityContractEntry = { pluginId: string; - provider: ProviderPlugin; + provider: T; }; -type WebSearchProviderContractEntry = { - pluginId: string; - provider: WebSearchProviderPlugin; +type ProviderContractEntry = CapabilityContractEntry; + +type WebSearchProviderContractEntry = CapabilityContractEntry & { credentialValue: unknown; }; +type SpeechProviderContractEntry = CapabilityContractEntry; +type MediaUnderstandingProviderContractEntry = + CapabilityContractEntry; +type ImageGenerationProviderContractEntry = CapabilityContractEntry; + type PluginRegistrationContractEntry = { pluginId: string; providerIds: string[]; + speechProviderIds: string[]; + mediaUnderstandingProviderIds: string[]; + imageGenerationProviderIds: string[]; webSearchProviderIds: string[]; toolNames: string[]; }; -const bundledProviderPlugins: RegistrablePlugin[] = [ - anthropicPlugin, - byteplusPlugin, - cloudflareAiGatewayPlugin, - copilotProxyPlugin, - githubCopilotPlugin, - googlePlugin, - huggingFacePlugin, - kilocodePlugin, - kimiCodingPlugin, - minimaxPlugin, - mistralPlugin, - modelStudioPlugin, - moonshotPlugin, - nvidiaPlugin, - ollamaPlugin, - opencodeGoPlugin, - opencodePlugin, - openAIPlugin, - openRouterPlugin, - qianfanPlugin, - qwenPortalPlugin, - sglangPlugin, - syntheticPlugin, - togetherPlugin, - venicePlugin, - vercelAiGatewayPlugin, - vllmPlugin, - volcenginePlugin, - xaiPlugin, - xiaomiPlugin, - zaiPlugin, -]; - const bundledWebSearchPlugins: Array = [ { ...bravePlugin, credentialValue: "BSA-test" }, { ...firecrawlPlugin, credentialValue: "fc-test" }, @@ -101,22 +61,110 @@ const bundledWebSearchPlugins: Array { +function buildCapabilityContractRegistry(params: { + plugins: RegistrablePlugin[]; + select: (captured: ReturnType) => T[]; +}): CapabilityContractEntry[] { + return params.plugins.flatMap((plugin) => { const captured = captureRegistrations(plugin); - return captured.providers.map((provider) => ({ + return params.select(captured).map((provider) => ({ pluginId: plugin.id, provider, })); - }, + }); +} + +export const providerContractRegistry: ProviderContractEntry[] = buildCapabilityContractRegistry({ + plugins: [], + select: () => [], +}); + +const loadedBundledProviderRegistry: ProviderContractEntry[] = resolvePluginProviders({ + bundledProviderAllowlistCompat: true, + bundledProviderVitestCompat: true, + cache: false, + activate: false, +}) + .filter((provider): provider is ProviderPlugin & { pluginId: string } => + Boolean(provider.pluginId), + ) + .map((provider) => ({ + pluginId: provider.pluginId, + provider, + })); + +providerContractRegistry.splice( + 0, + providerContractRegistry.length, + ...loadedBundledProviderRegistry, ); +export const uniqueProviderContractProviders: ProviderPlugin[] = [ + ...new Map(providerContractRegistry.map((entry) => [entry.provider.id, entry.provider])).values(), +]; + +export const providerContractPluginIds = [ + ...new Set(providerContractRegistry.map((entry) => entry.pluginId)), +].toSorted((left, right) => left.localeCompare(right)); + +export const providerContractCompatPluginIds = providerContractPluginIds.map((pluginId) => + pluginId === "kimi-coding" ? "kimi" : pluginId, +); + +export function requireProviderContractProvider(providerId: string): ProviderPlugin { + const provider = uniqueProviderContractProviders.find((entry) => entry.id === providerId); + if (!provider) { + throw new Error(`provider contract entry missing for ${providerId}`); + } + return provider; +} + +export function resolveProviderContractPluginIdsForProvider( + providerId: string, +): string[] | undefined { + const pluginIds = [ + ...new Set( + providerContractRegistry + .filter((entry) => entry.provider.id === providerId) + .map((entry) => entry.pluginId), + ), + ]; + return pluginIds.length > 0 ? pluginIds : undefined; +} + +export function resolveProviderContractProvidersForPluginIds( + pluginIds: readonly string[], +): ProviderPlugin[] { + const allowed = new Set(pluginIds); + return [ + ...new Map( + providerContractRegistry + .filter((entry) => allowed.has(entry.pluginId)) + .map((entry) => [entry.provider.id, entry.provider]), + ).values(), + ]; +} + export const webSearchProviderContractRegistry: WebSearchProviderContractEntry[] = bundledWebSearchPlugins.flatMap((plugin) => { const captured = captureRegistrations(plugin); @@ -127,19 +175,76 @@ export const webSearchProviderContractRegistry: WebSearchProviderContractEntry[] })); }); +export const speechProviderContractRegistry: SpeechProviderContractEntry[] = + buildCapabilityContractRegistry({ + plugins: bundledSpeechPlugins, + select: (captured) => captured.speechProviders, + }); + +export const mediaUnderstandingProviderContractRegistry: MediaUnderstandingProviderContractEntry[] = + buildCapabilityContractRegistry({ + plugins: bundledMediaUnderstandingPlugins, + select: (captured) => captured.mediaUnderstandingProviders, + }); + +export const imageGenerationProviderContractRegistry: ImageGenerationProviderContractEntry[] = + buildCapabilityContractRegistry({ + plugins: bundledImageGenerationPlugins, + select: (captured) => captured.imageGenerationProviders, + }); + const bundledPluginRegistrationList = [ ...new Map( - [...bundledProviderPlugins, ...bundledWebSearchPlugins].map((plugin) => [plugin.id, plugin]), + [ + ...bundledSpeechPlugins, + ...bundledMediaUnderstandingPlugins, + ...bundledImageGenerationPlugins, + ...bundledWebSearchPlugins, + ].map((plugin) => [plugin.id, plugin]), ).values(), ]; -export const pluginRegistrationContractRegistry: PluginRegistrationContractEntry[] = - bundledPluginRegistrationList.map((plugin) => { - const captured = captureRegistrations(plugin); - return { - pluginId: plugin.id, - providerIds: captured.providers.map((provider) => provider.id), - webSearchProviderIds: captured.webSearchProviders.map((provider) => provider.id), - toolNames: captured.tools.map((tool) => tool.name), - }; - }); +export const pluginRegistrationContractRegistry: PluginRegistrationContractEntry[] = [ + ...new Map( + providerContractRegistry.map((entry) => [ + entry.pluginId, + { + pluginId: entry.pluginId, + providerIds: providerContractRegistry + .filter((candidate) => candidate.pluginId === entry.pluginId) + .map((candidate) => candidate.provider.id), + speechProviderIds: [] as string[], + mediaUnderstandingProviderIds: [] as string[], + imageGenerationProviderIds: [] as string[], + webSearchProviderIds: [] as string[], + toolNames: [] as string[], + }, + ]), + ).values(), +]; + +for (const plugin of bundledPluginRegistrationList) { + const captured = captureRegistrations(plugin); + const existing = pluginRegistrationContractRegistry.find((entry) => entry.pluginId === plugin.id); + const next = { + pluginId: plugin.id, + providerIds: captured.providers.map((provider) => provider.id), + speechProviderIds: captured.speechProviders.map((provider) => provider.id), + mediaUnderstandingProviderIds: captured.mediaUnderstandingProviders.map( + (provider) => provider.id, + ), + imageGenerationProviderIds: captured.imageGenerationProviders.map((provider) => provider.id), + webSearchProviderIds: captured.webSearchProviders.map((provider) => provider.id), + toolNames: captured.tools.map((tool) => tool.name), + }; + if (!existing) { + pluginRegistrationContractRegistry.push(next); + continue; + } + existing.providerIds = next.providerIds.length > 0 ? next.providerIds : existing.providerIds; + existing.speechProviderIds = next.speechProviderIds; + existing.mediaUnderstandingProviderIds = next.mediaUnderstandingProviderIds; + existing.imageGenerationProviderIds = next.imageGenerationProviderIds; + existing.webSearchProviderIds = next.webSearchProviderIds; + existing.toolNames = next.toolNames; +} diff --git a/src/plugins/contracts/runtime.contract.test.ts b/src/plugins/contracts/runtime.contract.test.ts index ee8503d88bf..15adc59e130 100644 --- a/src/plugins/contracts/runtime.contract.test.ts +++ b/src/plugins/contracts/runtime.contract.test.ts @@ -1,6 +1,10 @@ +import fs from "node:fs/promises"; +import os from "node:os"; +import path from "node:path"; import { describe, expect, it, vi } from "vitest"; import { createProviderUsageFetch, makeResponse } from "../../test-utils/provider-usage-fetch.js"; import type { ProviderRuntimeModel } from "../types.js"; +import { requireProviderContractProvider } from "./registry.js"; const getOAuthApiKeyMock = vi.hoisted(() => vi.fn()); const refreshQwenPortalCredentialsMock = vi.hoisted(() => vi.fn()); @@ -17,16 +21,6 @@ vi.mock("../../providers/qwen-portal-oauth.js", () => ({ refreshQwenPortalCredentials: refreshQwenPortalCredentialsMock, })); -const { providerContractRegistry } = await import("./registry.js"); - -function requireProvider(providerId: string) { - const entry = providerContractRegistry.find((candidate) => candidate.provider.id === providerId); - if (!entry) { - throw new Error(`provider contract entry missing for ${providerId}`); - } - return entry.provider; -} - function createModel(overrides: Partial & Pick) { return { id: overrides.id, @@ -45,7 +39,7 @@ function createModel(overrides: Partial & Pick { describe("anthropic", () => { it("owns anthropic 4.6 forward-compat resolution", () => { - const provider = requireProvider("anthropic"); + const provider = requireProviderContractProvider("anthropic"); const model = provider.resolveDynamicModel?.({ provider: "anthropic", modelId: "claude-sonnet-4.6-20260219", @@ -71,7 +65,7 @@ describe("provider runtime contract", () => { }); it("owns usage auth resolution", async () => { - const provider = requireProvider("anthropic"); + const provider = requireProviderContractProvider("anthropic"); await expect( provider.resolveUsageAuth?.({ config: {} as never, @@ -88,7 +82,7 @@ describe("provider runtime contract", () => { }); it("owns auth doctor hint generation", () => { - const provider = requireProvider("anthropic"); + const provider = requireProviderContractProvider("anthropic"); const hint = provider.buildAuthDoctorHint?.({ provider: "anthropic", profileId: "anthropic:default", @@ -121,7 +115,7 @@ describe("provider runtime contract", () => { }); it("owns usage snapshot fetching", async () => { - const provider = requireProvider("anthropic"); + const provider = requireProviderContractProvider("anthropic"); const mockFetch = createProviderUsageFetch(async (url) => { if (url.includes("api.anthropic.com/api/oauth/usage")) { return makeResponse(200, { @@ -154,7 +148,7 @@ describe("provider runtime contract", () => { describe("github-copilot", () => { it("owns Copilot-specific forward-compat fallbacks", () => { - const provider = requireProvider("github-copilot"); + const provider = requireProviderContractProvider("github-copilot"); const model = provider.resolveDynamicModel?.({ provider: "github-copilot", modelId: "gpt-5.3-codex", @@ -181,7 +175,7 @@ describe("provider runtime contract", () => { describe("google", () => { it("owns google direct gemini 3.1 forward-compat resolution", () => { - const provider = requireProvider("google"); + const provider = requireProviderContractProvider("google"); const model = provider.resolveDynamicModel?.({ provider: "google", modelId: "gemini-3.1-pro-preview", @@ -213,7 +207,7 @@ describe("provider runtime contract", () => { describe("google-gemini-cli", () => { it("owns gemini cli 3.1 forward-compat resolution", () => { - const provider = requireProvider("google-gemini-cli"); + const provider = requireProviderContractProvider("google-gemini-cli"); const model = provider.resolveDynamicModel?.({ provider: "google-gemini-cli", modelId: "gemini-3.1-pro-preview", @@ -241,7 +235,7 @@ describe("provider runtime contract", () => { }); it("owns usage-token parsing", async () => { - const provider = requireProvider("google-gemini-cli"); + const provider = requireProviderContractProvider("google-gemini-cli"); await expect( provider.resolveUsageAuth?.({ config: {} as never, @@ -260,7 +254,7 @@ describe("provider runtime contract", () => { }); it("owns OAuth auth-profile formatting", () => { - const provider = requireProvider("google-gemini-cli"); + const provider = requireProviderContractProvider("google-gemini-cli"); expect( provider.formatApiKey?.({ @@ -275,7 +269,7 @@ describe("provider runtime contract", () => { }); it("owns usage snapshot fetching", async () => { - const provider = requireProvider("google-gemini-cli"); + const provider = requireProviderContractProvider("google-gemini-cli"); const mockFetch = createProviderUsageFetch(async (url) => { if (url.includes("cloudcode-pa.googleapis.com/v1internal:retrieveUserQuota")) { return makeResponse(200, { @@ -309,7 +303,7 @@ describe("provider runtime contract", () => { describe("openai", () => { it("owns openai gpt-5.4 forward-compat resolution", () => { - const provider = requireProvider("openai"); + const provider = requireProviderContractProvider("openai"); const model = provider.resolveDynamicModel?.({ provider: "openai", modelId: "gpt-5.4-pro", @@ -337,7 +331,7 @@ describe("provider runtime contract", () => { }); it("owns direct openai transport normalization", () => { - const provider = requireProvider("openai"); + const provider = requireProviderContractProvider("openai"); expect( provider.normalizeResolvedModel?.({ provider: "openai", @@ -360,7 +354,7 @@ describe("provider runtime contract", () => { describe("openai-codex", () => { it("owns refresh fallback for accountId extraction failures", async () => { - const provider = requireProvider("openai-codex"); + const provider = requireProviderContractProvider("openai-codex"); const credential = { type: "oauth" as const, provider: "openai-codex", @@ -376,7 +370,7 @@ describe("provider runtime contract", () => { }); it("owns forward-compat codex models", () => { - const provider = requireProvider("openai-codex"); + const provider = requireProviderContractProvider("openai-codex"); const model = provider.resolveDynamicModel?.({ provider: "openai-codex", modelId: "gpt-5.4", @@ -403,7 +397,7 @@ describe("provider runtime contract", () => { }); it("owns codex transport defaults", () => { - const provider = requireProvider("openai-codex"); + const provider = requireProviderContractProvider("openai-codex"); expect( provider.prepareExtraParams?.({ provider: "openai-codex", @@ -417,7 +411,7 @@ describe("provider runtime contract", () => { }); it("owns usage snapshot fetching", async () => { - const provider = requireProvider("openai-codex"); + const provider = requireProviderContractProvider("openai-codex"); const mockFetch = createProviderUsageFetch(async (url) => { if (url.includes("chatgpt.com/backend-api/wham/usage")) { return makeResponse(200, { @@ -455,7 +449,7 @@ describe("provider runtime contract", () => { describe("qwen-portal", () => { it("owns OAuth refresh", async () => { - const provider = requireProvider("qwen-portal"); + const provider = requireProviderContractProvider("qwen-portal"); const credential = { type: "oauth" as const, provider: "qwen-portal", @@ -478,7 +472,7 @@ describe("provider runtime contract", () => { describe("zai", () => { it("owns glm-5 forward-compat resolution", () => { - const provider = requireProvider("zai"); + const provider = requireProviderContractProvider("zai"); const model = provider.resolveDynamicModel?.({ provider: "zai", modelId: "glm-5", @@ -507,7 +501,7 @@ describe("provider runtime contract", () => { }); it("owns usage auth resolution", async () => { - const provider = requireProvider("zai"); + const provider = requireProviderContractProvider("zai"); await expect( provider.resolveUsageAuth?.({ config: {} as never, @@ -523,8 +517,35 @@ describe("provider runtime contract", () => { }); }); + it("falls back to legacy pi auth tokens for usage auth", async () => { + const provider = requireProviderContractProvider("zai"); + const home = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-zai-contract-")); + await fs.mkdir(path.join(home, ".pi", "agent"), { recursive: true }); + await fs.writeFile( + path.join(home, ".pi", "agent", "auth.json"), + `${JSON.stringify({ "z-ai": { access: "legacy-zai-token" } }, null, 2)}\n`, + "utf8", + ); + + try { + await expect( + provider.resolveUsageAuth?.({ + config: {} as never, + env: { HOME: home } as NodeJS.ProcessEnv, + provider: "zai", + resolveApiKeyFromConfigAndStore: () => undefined, + resolveOAuthToken: async () => null, + }), + ).resolves.toEqual({ + token: "legacy-zai-token", + }); + } finally { + await fs.rm(home, { recursive: true, force: true }); + } + }); + it("owns usage snapshot fetching", async () => { - const provider = requireProvider("zai"); + const provider = requireProviderContractProvider("zai"); const mockFetch = createProviderUsageFetch(async (url) => { if (url.includes("api.z.ai/api/monitor/usage/quota/limit")) { return makeResponse(200, { diff --git a/src/plugins/contracts/testkit.ts b/src/plugins/contracts/testkit.ts new file mode 100644 index 00000000000..32f36c502b9 --- /dev/null +++ b/src/plugins/contracts/testkit.ts @@ -0,0 +1,8 @@ +export { + registerProviderPlugins as registerProviders, + requireRegisteredProvider as requireProvider, +} from "../../test-utils/plugin-registration.js"; + +export function uniqueSortedStrings(values: readonly string[]) { + return [...new Set(values)].toSorted((left, right) => left.localeCompare(right)); +} diff --git a/src/plugins/contracts/wizard.contract.test.ts b/src/plugins/contracts/wizard.contract.test.ts index ee0cd879b25..1e0ca6e49be 100644 --- a/src/plugins/contracts/wizard.contract.test.ts +++ b/src/plugins/contracts/wizard.contract.test.ts @@ -1,25 +1,17 @@ -import { describe, expect, it } from "vitest"; -import { - buildProviderPluginMethodChoice, - resolveProviderModelPickerEntries, - resolveProviderPluginChoice, - resolveProviderWizardOptions, -} from "../provider-wizard.js"; -import { resolvePluginProviders } from "../providers.js"; +import { beforeEach, describe, expect, it, vi } from "vitest"; import type { ProviderPlugin } from "../types.js"; -import { providerContractRegistry } from "./registry.js"; +import { providerContractPluginIds, uniqueProviderContractProviders } from "./registry.js"; -function createBundledProviderConfig() { - return { - plugins: { - enabled: true, - allow: [...new Set(providerContractRegistry.map((entry) => entry.pluginId))], - slots: { - memory: "none", - }, - }, - }; -} +const resolvePluginProvidersMock = vi.fn(); + +vi.mock("../providers.js", () => ({ + resolvePluginProviders: (...args: unknown[]) => resolvePluginProvidersMock(...args), +})); + +let buildProviderPluginMethodChoice: typeof import("../provider-wizard.js").buildProviderPluginMethodChoice; +let resolveProviderModelPickerEntries: typeof import("../provider-wizard.js").resolveProviderModelPickerEntries; +let resolveProviderPluginChoice: typeof import("../provider-wizard.js").resolveProviderPluginChoice; +let resolveProviderWizardOptions: typeof import("../provider-wizard.js").resolveProviderWizardOptions; function resolveExpectedWizardChoiceValues(providers: ProviderPlugin[]) { const values: string[] = []; @@ -78,36 +70,44 @@ function resolveExpectedModelPickerValues(providers: ProviderPlugin[]) { } describe("provider wizard contract", () => { - it("exposes every registered provider setup choice through the shared wizard layer", () => { - const config = createBundledProviderConfig(); - const providers = resolvePluginProviders({ - config, - env: process.env, - }); + beforeEach(async () => { + vi.resetModules(); + ({ + buildProviderPluginMethodChoice, + resolveProviderModelPickerEntries, + resolveProviderPluginChoice, + resolveProviderWizardOptions, + } = await import("../provider-wizard.js")); + resolvePluginProvidersMock.mockReset(); + resolvePluginProvidersMock.mockReturnValue(uniqueProviderContractProviders); + }); + it("exposes every registered provider setup choice through the shared wizard layer", () => { const options = resolveProviderWizardOptions({ - config, + config: { + plugins: { + enabled: true, + allow: providerContractPluginIds, + slots: { + memory: "none", + }, + }, + }, env: process.env, }); expect( options.map((option) => option.value).toSorted((left, right) => left.localeCompare(right)), - ).toEqual(resolveExpectedWizardChoiceValues(providers)); + ).toEqual(resolveExpectedWizardChoiceValues(uniqueProviderContractProviders)); expect(options.map((option) => option.value)).toEqual([ ...new Set(options.map((option) => option.value)), ]); }); it("round-trips every shared wizard choice back to its provider and auth method", () => { - const config = createBundledProviderConfig(); - const providers = resolvePluginProviders({ - config, - env: process.env, - }); - - for (const option of resolveProviderWizardOptions({ config, env: process.env })) { + for (const option of resolveProviderWizardOptions({ config: {}, env: process.env })) { const resolved = resolveProviderPluginChoice({ - providers, + providers: uniqueProviderContractProviders, choice: option.value, }); expect(resolved).not.toBeNull(); @@ -117,23 +117,14 @@ describe("provider wizard contract", () => { }); it("exposes every registered model-picker entry through the shared wizard layer", () => { - const config = createBundledProviderConfig(); - const providers = resolvePluginProviders({ - config, - env: process.env, - }); - - const entries = resolveProviderModelPickerEntries({ - config, - env: process.env, - }); + const entries = resolveProviderModelPickerEntries({ config: {}, env: process.env }); expect( entries.map((entry) => entry.value).toSorted((left, right) => left.localeCompare(right)), - ).toEqual(resolveExpectedModelPickerValues(providers)); + ).toEqual(resolveExpectedModelPickerValues(uniqueProviderContractProviders)); for (const entry of entries) { const resolved = resolveProviderPluginChoice({ - providers, + providers: uniqueProviderContractProviders, choice: entry.value, }); expect(resolved).not.toBeNull(); diff --git a/src/plugins/conversation-binding.test.ts b/src/plugins/conversation-binding.test.ts index 0a673572d59..fe01ed3beed 100644 --- a/src/plugins/conversation-binding.test.ts +++ b/src/plugins/conversation-binding.test.ts @@ -7,6 +7,8 @@ import type { SessionBindingAdapter, SessionBindingRecord, } from "../infra/outbound/session-binding-service.js"; +import { createEmptyPluginRegistry } from "./registry.js"; +import { setActivePluginRegistry } from "./runtime.js"; const tempRoot = fs.mkdtempSync(path.join(os.tmpdir(), "openclaw-plugin-binding-")); const approvalsPath = path.join(tempRoot, "plugin-binding-approvals.json"); @@ -102,6 +104,8 @@ const { const { registerSessionBindingAdapter, unregisterSessionBindingAdapter } = await import("../infra/outbound/session-binding-service.js"); +type PluginBindingRequest = Awaited>; + function createAdapter(channel: string, accountId: string): SessionBindingAdapter { return { channel, @@ -119,10 +123,43 @@ function createAdapter(channel: string, accountId: string): SessionBindingAdapte }; } +async function resolveRequestedBinding(request: PluginBindingRequest) { + expect(["pending", "bound"]).toContain(request.status); + if (request.status === "pending") { + const approved = await resolvePluginConversationBindingApproval({ + approvalId: request.approvalId, + decision: "allow-once", + senderId: "user-1", + }); + expect(approved.status).toBe("approved"); + if (approved.status !== "approved") { + throw new Error("expected approved bind result"); + } + return approved.binding; + } + if (request.status === "bound") { + return request.binding; + } + throw new Error("expected pending or bound bind result"); +} + +async function flushMicrotasks(): Promise { + await new Promise((resolve) => setImmediate(resolve)); +} + +function createDeferredVoid(): { promise: Promise; resolve: () => void } { + let resolve = () => {}; + const promise = new Promise((innerResolve) => { + resolve = innerResolve; + }); + return { promise, resolve }; +} + describe("plugin conversation binding approvals", () => { beforeEach(() => { sessionBindingState.reset(); __testing.reset(); + setActivePluginRegistry(createEmptyPluginRegistry()); fs.rmSync(approvalsPath, { force: true }); unregisterSessionBindingAdapter({ channel: "discord", accountId: "default" }); unregisterSessionBindingAdapter({ channel: "discord", accountId: "work" }); @@ -344,6 +381,222 @@ describe("plugin conversation binding approvals", () => { expect(currentBinding?.detachHint).toBe("/codex_detach"); }); + it("notifies the owning plugin when a bind approval is approved", async () => { + const registry = createEmptyPluginRegistry(); + const onResolved = vi.fn(async () => undefined); + registry.conversationBindingResolvedHandlers.push({ + pluginId: "codex", + pluginRoot: "/plugins/callback-test", + handler: onResolved, + source: "/plugins/callback-test/index.ts", + rootDir: "/plugins/callback-test", + }); + setActivePluginRegistry(registry); + + const request = await requestPluginConversationBinding({ + pluginId: "codex", + pluginName: "Codex App Server", + pluginRoot: "/plugins/callback-test", + requestedBySenderId: "user-1", + conversation: { + channel: "discord", + accountId: "isolated", + conversationId: "channel:callback-test", + }, + binding: { summary: "Bind this conversation to Codex thread abc." }, + }); + + expect(request.status).toBe("pending"); + if (request.status !== "pending") { + throw new Error("expected pending bind request"); + } + + const approved = await resolvePluginConversationBindingApproval({ + approvalId: request.approvalId, + decision: "allow-once", + senderId: "user-1", + }); + + expect(approved.status).toBe("approved"); + await flushMicrotasks(); + expect(onResolved).toHaveBeenCalledWith({ + status: "approved", + binding: expect.objectContaining({ + pluginId: "codex", + pluginRoot: "/plugins/callback-test", + conversationId: "channel:callback-test", + }), + decision: "allow-once", + request: { + summary: "Bind this conversation to Codex thread abc.", + detachHint: undefined, + requestedBySenderId: "user-1", + conversation: { + channel: "discord", + accountId: "isolated", + conversationId: "channel:callback-test", + }, + }, + }); + }); + + it("notifies the owning plugin when a bind approval is denied", async () => { + const registry = createEmptyPluginRegistry(); + const onResolved = vi.fn(async () => undefined); + registry.conversationBindingResolvedHandlers.push({ + pluginId: "codex", + pluginRoot: "/plugins/callback-deny", + handler: onResolved, + source: "/plugins/callback-deny/index.ts", + rootDir: "/plugins/callback-deny", + }); + setActivePluginRegistry(registry); + + const request = await requestPluginConversationBinding({ + pluginId: "codex", + pluginName: "Codex App Server", + pluginRoot: "/plugins/callback-deny", + requestedBySenderId: "user-1", + conversation: { + channel: "telegram", + accountId: "default", + conversationId: "8460800771", + }, + binding: { summary: "Bind this conversation to Codex thread deny." }, + }); + + expect(request.status).toBe("pending"); + if (request.status !== "pending") { + throw new Error("expected pending bind request"); + } + + const denied = await resolvePluginConversationBindingApproval({ + approvalId: request.approvalId, + decision: "deny", + senderId: "user-1", + }); + + expect(denied.status).toBe("denied"); + await flushMicrotasks(); + expect(onResolved).toHaveBeenCalledWith({ + status: "denied", + binding: undefined, + decision: "deny", + request: { + summary: "Bind this conversation to Codex thread deny.", + detachHint: undefined, + requestedBySenderId: "user-1", + conversation: { + channel: "telegram", + accountId: "default", + conversationId: "8460800771", + }, + }, + }); + }); + + it("does not wait for an approved bind callback before returning", async () => { + const registry = createEmptyPluginRegistry(); + const callbackGate = createDeferredVoid(); + const onResolved = vi.fn(async () => callbackGate.promise); + registry.conversationBindingResolvedHandlers.push({ + pluginId: "codex", + pluginRoot: "/plugins/callback-slow-approve", + handler: onResolved, + source: "/plugins/callback-slow-approve/index.ts", + rootDir: "/plugins/callback-slow-approve", + }); + setActivePluginRegistry(registry); + + const request = await requestPluginConversationBinding({ + pluginId: "codex", + pluginName: "Codex App Server", + pluginRoot: "/plugins/callback-slow-approve", + requestedBySenderId: "user-1", + conversation: { + channel: "discord", + accountId: "isolated", + conversationId: "channel:slow-approve", + }, + binding: { summary: "Bind this conversation to Codex thread slow-approve." }, + }); + + expect(request.status).toBe("pending"); + if (request.status !== "pending") { + throw new Error("expected pending bind request"); + } + + let settled = false; + const resolutionPromise = resolvePluginConversationBindingApproval({ + approvalId: request.approvalId, + decision: "allow-once", + senderId: "user-1", + }).then((result) => { + settled = true; + return result; + }); + + await flushMicrotasks(); + + expect(settled).toBe(true); + expect(onResolved).toHaveBeenCalledTimes(1); + + callbackGate.resolve(); + const approved = await resolutionPromise; + expect(approved.status).toBe("approved"); + }); + + it("does not wait for a denied bind callback before returning", async () => { + const registry = createEmptyPluginRegistry(); + const callbackGate = createDeferredVoid(); + const onResolved = vi.fn(async () => callbackGate.promise); + registry.conversationBindingResolvedHandlers.push({ + pluginId: "codex", + pluginRoot: "/plugins/callback-slow-deny", + handler: onResolved, + source: "/plugins/callback-slow-deny/index.ts", + rootDir: "/plugins/callback-slow-deny", + }); + setActivePluginRegistry(registry); + + const request = await requestPluginConversationBinding({ + pluginId: "codex", + pluginName: "Codex App Server", + pluginRoot: "/plugins/callback-slow-deny", + requestedBySenderId: "user-1", + conversation: { + channel: "telegram", + accountId: "default", + conversationId: "slow-deny", + }, + binding: { summary: "Bind this conversation to Codex thread slow-deny." }, + }); + + expect(request.status).toBe("pending"); + if (request.status !== "pending") { + throw new Error("expected pending bind request"); + } + + let settled = false; + const resolutionPromise = resolvePluginConversationBindingApproval({ + approvalId: request.approvalId, + decision: "deny", + senderId: "user-1", + }).then((result) => { + settled = true; + return result; + }); + + await flushMicrotasks(); + + expect(settled).toBe(true); + expect(onResolved).toHaveBeenCalledTimes(1); + + callbackGate.resolve(); + const denied = await resolutionPromise; + expect(denied.status).toBe("denied"); + }); + it("returns and detaches only bindings owned by the requesting plugin root", async () => { const request = await requestPluginConversationBinding({ pluginId: "codex", @@ -485,25 +738,7 @@ describe("plugin conversation binding approvals", () => { binding: { summary: "Bind this conversation to Codex thread abc." }, }); - expect(["pending", "bound"]).toContain(request.status); - const binding = - request.status === "pending" - ? await resolvePluginConversationBindingApproval({ - approvalId: request.approvalId, - decision: "allow-once", - senderId: "user-1", - }).then((approved) => { - expect(approved.status).toBe("approved"); - if (approved.status !== "approved") { - throw new Error("expected approved bind result"); - } - return approved.binding; - }) - : request.status === "bound" - ? request.binding - : (() => { - throw new Error("expected pending or bound bind result"); - })(); + const binding = await resolveRequestedBinding(request); expect(binding).toEqual( expect.objectContaining({ @@ -546,25 +781,7 @@ describe("plugin conversation binding approvals", () => { }, }); - expect(["pending", "bound"]).toContain(request.status); - const binding = - request.status === "pending" - ? await resolvePluginConversationBindingApproval({ - approvalId: request.approvalId, - decision: "allow-once", - senderId: "user-1", - }).then((approved) => { - expect(approved.status).toBe("approved"); - if (approved.status !== "approved") { - throw new Error("expected approved bind result"); - } - return approved.binding; - }) - : request.status === "bound" - ? request.binding - : (() => { - throw new Error("expected pending or bound bind result"); - })(); + const binding = await resolveRequestedBinding(request); expect(binding).toEqual( expect.objectContaining({ diff --git a/src/plugins/conversation-binding.ts b/src/plugins/conversation-binding.ts index 4b5cb0671da..aef5ec92b40 100644 --- a/src/plugins/conversation-binding.ts +++ b/src/plugins/conversation-binding.ts @@ -2,15 +2,20 @@ import crypto from "node:crypto"; import fs from "node:fs"; import path from "node:path"; import type { ReplyPayload } from "../auto-reply/types.js"; +import { + createConversationBindingRecord, + resolveConversationBindingRecord, + unbindConversationBindingRecord, +} from "../bindings/records.js"; import { expandHomePrefix } from "../infra/home-dir.js"; import { writeJsonAtomic } from "../infra/json-files.js"; -import { - getSessionBindingService, - type ConversationRef, -} from "../infra/outbound/session-binding-service.js"; +import { type ConversationRef } from "../infra/outbound/session-binding-service.js"; import { createSubsystemLogger } from "../logging/subsystem.js"; +import { getActivePluginRegistry } from "./runtime.js"; import type { PluginConversationBinding, + PluginConversationBindingResolvedEvent, + PluginConversationBindingResolutionDecision, PluginConversationBindingRequestParams, PluginConversationBindingRequestResult, } from "./types.js"; @@ -26,7 +31,9 @@ const LEGACY_CODEX_PLUGIN_SESSION_PREFIXES = [ "openclaw-codex-app-server:thread:", ] as const; -type PluginBindingApprovalDecision = "allow-once" | "allow-always" | "deny"; +// Runtime plugin conversation bindings are approval-driven and distinct from +// configured channel bindings compiled from config. +type PluginBindingApprovalDecision = PluginConversationBindingResolutionDecision; type PluginBindingApprovalEntry = { pluginRoot: string; @@ -87,7 +94,7 @@ type PluginBindingResolveResult = status: "approved"; binding: PluginConversationBinding; request: PendingPluginBindingRequest; - decision: PluginBindingApprovalDecision; + decision: Exclude; } | { status: "denied"; @@ -423,7 +430,7 @@ async function bindConversationNow(params: { accountId: ref.accountId, conversationId: ref.conversationId, }); - const record = await getSessionBindingService().bind({ + const record = await createConversationBindingRecord({ targetSessionKey, targetKind: "session", conversation: ref, @@ -574,7 +581,7 @@ export async function requestPluginConversationBinding(params: { }): Promise { const conversation = normalizeConversation(params.conversation); const ref = toConversationRef(conversation); - const existing = getSessionBindingService().resolveByConversation(ref); + const existing = resolveConversationBindingRecord(ref); const existingPluginBinding = toPluginConversationBinding(existing); const existingLegacyPluginBinding = isLegacyPluginBindingRecord({ record: existing, @@ -665,9 +672,7 @@ export async function getCurrentPluginConversationBinding(params: { pluginRoot: string; conversation: PluginBindingConversation; }): Promise { - const record = getSessionBindingService().resolveByConversation( - toConversationRef(params.conversation), - ); + const record = resolveConversationBindingRecord(toConversationRef(params.conversation)); const binding = toPluginConversationBinding(record); if (!binding || binding.pluginRoot !== params.pluginRoot) { return null; @@ -684,12 +689,12 @@ export async function detachPluginConversationBinding(params: { conversation: PluginBindingConversation; }): Promise<{ removed: boolean }> { const ref = toConversationRef(params.conversation); - const record = getSessionBindingService().resolveByConversation(ref); + const record = resolveConversationBindingRecord(ref); const binding = toPluginConversationBinding(record); if (!binding || binding.pluginRoot !== params.pluginRoot) { return { removed: false }; } - await getSessionBindingService().unbind({ + await unbindConversationBindingRecord({ bindingId: binding.bindingId, reason: "plugin-detach", }); @@ -717,6 +722,11 @@ export async function resolvePluginConversationBindingApproval(params: { } pendingRequests.delete(params.approvalId); if (params.decision === "deny") { + dispatchPluginConversationBindingResolved({ + status: "denied", + decision: "deny", + request, + }); log.info( `plugin binding denied plugin=${request.pluginId} root=${request.pluginRoot} channel=${request.conversation.channel} account=${request.conversation.accountId} conversation=${request.conversation.conversationId}`, ); @@ -745,6 +755,12 @@ export async function resolvePluginConversationBindingApproval(params: { log.info( `plugin binding approved plugin=${request.pluginId} root=${request.pluginRoot} decision=${params.decision} channel=${request.conversation.channel} account=${request.conversation.accountId} conversation=${request.conversation.conversationId}`, ); + dispatchPluginConversationBindingResolved({ + status: "approved", + binding, + decision: params.decision, + request, + }); return { status: "approved", binding, @@ -753,6 +769,56 @@ export async function resolvePluginConversationBindingApproval(params: { }; } +function dispatchPluginConversationBindingResolved(params: { + status: "approved" | "denied"; + binding?: PluginConversationBinding; + decision: PluginConversationBindingResolutionDecision; + request: PendingPluginBindingRequest; +}): void { + // Keep platform interaction acks fast even if the plugin does slow post-bind work. + queueMicrotask(() => { + void notifyPluginConversationBindingResolved(params).catch((error) => { + log.warn(`plugin binding resolved dispatch failed: ${String(error)}`); + }); + }); +} + +async function notifyPluginConversationBindingResolved(params: { + status: "approved" | "denied"; + binding?: PluginConversationBinding; + decision: PluginConversationBindingResolutionDecision; + request: PendingPluginBindingRequest; +}): Promise { + const registrations = getActivePluginRegistry()?.conversationBindingResolvedHandlers ?? []; + for (const registration of registrations) { + if (registration.pluginId !== params.request.pluginId) { + continue; + } + const registeredRoot = registration.pluginRoot?.trim(); + if (registeredRoot && registeredRoot !== params.request.pluginRoot) { + continue; + } + try { + const event: PluginConversationBindingResolvedEvent = { + status: params.status, + binding: params.binding, + decision: params.decision, + request: { + summary: params.request.summary, + detachHint: params.request.detachHint, + requestedBySenderId: params.request.requestedBySenderId, + conversation: params.request.conversation, + }, + }; + await registration.handler(event); + } catch (error) { + log.warn( + `plugin binding resolved callback failed plugin=${registration.pluginId} root=${registration.pluginRoot ?? ""}: ${error instanceof Error ? error.message : String(error)}`, + ); + } + } +} + export function buildPluginBindingResolvedText(params: PluginBindingResolveResult): string { if (params.status === "expired") { return "That plugin bind approval expired. Retry the bind command."; diff --git a/src/plugins/discovery.test.ts b/src/plugins/discovery.test.ts index ea84b562729..7a6d9d54578 100644 --- a/src/plugins/discovery.test.ts +++ b/src/plugins/discovery.test.ts @@ -219,6 +219,46 @@ describe("discoverOpenClawPlugins", () => { expect(ids).not.toContain("ollama-provider"); }); + it("normalizes bundled speech package ids to canonical plugin ids", async () => { + const stateDir = makeTempDir(); + const extensionsDir = path.join(stateDir, "extensions"); + const elevenlabsDir = path.join(extensionsDir, "elevenlabs-speech-pack"); + const microsoftDir = path.join(extensionsDir, "microsoft-speech-pack"); + + mkdirSafe(path.join(elevenlabsDir, "src")); + mkdirSafe(path.join(microsoftDir, "src")); + + writePluginPackageManifest({ + packageDir: elevenlabsDir, + packageName: "@openclaw/elevenlabs-speech", + extensions: ["./src/index.ts"], + }); + writePluginPackageManifest({ + packageDir: microsoftDir, + packageName: "@openclaw/microsoft-speech", + extensions: ["./src/index.ts"], + }); + + fs.writeFileSync( + path.join(elevenlabsDir, "src", "index.ts"), + "export default function () {}", + "utf-8", + ); + fs.writeFileSync( + path.join(microsoftDir, "src", "index.ts"), + "export default function () {}", + "utf-8", + ); + + const { candidates } = await discoverWithStateDir(stateDir, {}); + + const ids = candidates.map((c) => c.idHint); + expect(ids).toContain("elevenlabs"); + expect(ids).toContain("microsoft"); + expect(ids).not.toContain("elevenlabs-speech"); + expect(ids).not.toContain("microsoft-speech"); + }); + it("treats configured directory paths as plugin packages", async () => { const stateDir = makeTempDir(); const packDir = path.join(stateDir, "packs", "demo-plugin-dir"); diff --git a/src/plugins/discovery.ts b/src/plugins/discovery.ts index 743b0b569f9..24d4765e31b 100644 --- a/src/plugins/discovery.ts +++ b/src/plugins/discovery.ts @@ -16,6 +16,14 @@ import type { PluginBundleFormat, PluginDiagnostic, PluginFormat, PluginOrigin } const EXTENSION_EXTS = new Set([".ts", ".js", ".mts", ".cts", ".mjs", ".cjs"]); +const CANONICAL_PACKAGE_ID_ALIASES: Record = { + "elevenlabs-speech": "elevenlabs", + "microsoft-speech": "microsoft", + "ollama-provider": "ollama", + "sglang-provider": "sglang", + "vllm-provider": "vllm", +}; + export type PluginCandidate = { idHint: string; source: string; @@ -337,12 +345,7 @@ function deriveIdHint(params: { const unscoped = rawPackageName.includes("/") ? (rawPackageName.split("/").pop() ?? rawPackageName) : rawPackageName; - const canonicalPackageId = - { - "ollama-provider": "ollama", - "sglang-provider": "sglang", - "vllm-provider": "vllm", - }[unscoped] ?? unscoped; + const canonicalPackageId = CANONICAL_PACKAGE_ID_ALIASES[unscoped] ?? unscoped; if (!params.hasMultipleExtensions) { return canonicalPackageId; diff --git a/src/plugins/hooks.test-helpers.ts b/src/plugins/hooks.test-helpers.ts index 7954257e714..559f70a1dc7 100644 --- a/src/plugins/hooks.test-helpers.ts +++ b/src/plugins/hooks.test-helpers.ts @@ -17,6 +17,10 @@ export function createMockPluginRegistry( hookNames: [], channelIds: [], providerIds: [], + speechProviderIds: [], + mediaUnderstandingProviderIds: [], + imageGenerationProviderIds: [], + webSearchProviderIds: [], gatewayMethods: [], cliCommands: [], services: [], @@ -35,13 +39,19 @@ export function createMockPluginRegistry( source: "test", })), tools: [], + channels: [], + channelSetups: [], + providers: [], + speechProviders: [], + mediaUnderstandingProviders: [], + imageGenerationProviders: [], + webSearchProviders: [], httpRoutes: [], - channelRegistrations: [], gatewayHandlers: {}, cliRegistrars: [], services: [], - providers: [], commands: [], + diagnostics: [], } as unknown as PluginRegistry; } diff --git a/src/plugins/hooks.ts b/src/plugins/hooks.ts index cffafd6645d..e8e1e2aa163 100644 --- a/src/plugins/hooks.ts +++ b/src/plugins/hooks.ts @@ -317,20 +317,7 @@ export function createHookRunner(registry: PluginRegistry, options: HookRunnerOp logger?.debug?.(`[hooks] running ${hookName} (${hooks.length} handlers, first-claim wins)`); - for (const hook of hooks) { - try { - const handlerResult = await ( - hook.handler as (event: unknown, ctx: unknown) => Promise - )(event, ctx); - if (handlerResult?.handled) { - return handlerResult; - } - } catch (err) { - handleHookError({ hookName, pluginId: hook.pluginId, error: err }); - } - } - - return undefined; + return await runClaimingHooksList(hooks, hookName, event, ctx); } async function runClaimingHookForPlugin< @@ -351,6 +338,18 @@ export function createHookRunner(registry: PluginRegistry, options: HookRunnerOp `[hooks] running ${hookName} for ${pluginId} (${hooks.length} handlers, targeted)`, ); + return await runClaimingHooksList(hooks, hookName, event, ctx); + } + + async function runClaimingHooksList< + K extends PluginHookName, + TResult extends { handled: boolean }, + >( + hooks: Array & { pluginId: string }>, + hookName: K, + event: Parameters["handler"]>>[0], + ctx: Parameters["handler"]>>[1], + ): Promise { for (const hook of hooks) { try { const handlerResult = await ( diff --git a/src/plugins/install.ts b/src/plugins/install.ts index e6b66381970..52ae9ebf2e1 100644 --- a/src/plugins/install.ts +++ b/src/plugins/install.ts @@ -198,6 +198,23 @@ function buildFileInstallResult(pluginId: string, targetFile: string): InstallPl }; } +function buildDirectoryInstallResult(params: { + pluginId: string; + targetDir: string; + manifestName?: string; + version?: string; + extensions: string[]; +}): InstallPluginResult { + return { + ok: true, + pluginId: params.pluginId, + targetDir: params.targetDir, + manifestName: params.manifestName, + version: params.version, + extensions: params.extensions, + }; +} + type PackageInstallCommonParams = { extensionsDir?: string; timeoutMs?: number; @@ -234,6 +251,80 @@ function pickFileInstallCommonParams(params: FileInstallCommonParams): FileInsta }; } +async function installPluginDirectoryIntoExtensions(params: { + sourceDir: string; + pluginId: string; + manifestName?: string; + version?: string; + extensions: string[]; + extensionsDir?: string; + logger: PluginInstallLogger; + timeoutMs: number; + mode: "install" | "update"; + dryRun: boolean; + copyErrorPrefix: string; + hasDeps: boolean; + depsLogMessage: string; + afterCopy?: (installedDir: string) => Promise; + nameEncoder?: (pluginId: string) => string; +}): Promise { + const extensionsDir = params.extensionsDir + ? resolveUserPath(params.extensionsDir) + : path.join(CONFIG_DIR, "extensions"); + const targetDirResult = await resolveCanonicalInstallTarget({ + baseDir: extensionsDir, + id: params.pluginId, + invalidNameMessage: "invalid plugin name: path traversal detected", + boundaryLabel: "extensions directory", + nameEncoder: params.nameEncoder, + }); + if (!targetDirResult.ok) { + return { ok: false, error: targetDirResult.error }; + } + const targetDir = targetDirResult.targetDir; + const availability = await ensureInstallTargetAvailable({ + mode: params.mode, + targetDir, + alreadyExistsError: `plugin already exists: ${targetDir} (delete it first)`, + }); + if (!availability.ok) { + return availability; + } + + if (params.dryRun) { + return buildDirectoryInstallResult({ + pluginId: params.pluginId, + targetDir, + manifestName: params.manifestName, + version: params.version, + extensions: params.extensions, + }); + } + + const installRes = await installPackageDir({ + sourceDir: params.sourceDir, + targetDir, + mode: params.mode, + timeoutMs: params.timeoutMs, + logger: params.logger, + copyErrorPrefix: params.copyErrorPrefix, + hasDeps: params.hasDeps, + depsLogMessage: params.depsLogMessage, + afterCopy: params.afterCopy, + }); + if (!installRes.ok) { + return installRes; + } + + return buildDirectoryInstallResult({ + pluginId: params.pluginId, + targetDir, + manifestName: params.manifestName, + version: params.version, + extensions: params.extensions, + }); +} + export function resolvePluginInstallDir(pluginId: string, extensionsDir?: string): string { const extensionsBase = extensionsDir ? resolveUserPath(extensionsDir) @@ -308,61 +399,21 @@ async function installBundleFromSourceDir( ); } - const extensionsDir = params.extensionsDir - ? resolveUserPath(params.extensionsDir) - : path.join(CONFIG_DIR, "extensions"); - const targetDirResult = await resolveCanonicalInstallTarget({ - baseDir: extensionsDir, - id: pluginId, - invalidNameMessage: "invalid plugin name: path traversal detected", - boundaryLabel: "extensions directory", - }); - if (!targetDirResult.ok) { - return { ok: false, error: targetDirResult.error }; - } - const targetDir = targetDirResult.targetDir; - const availability = await ensureInstallTargetAvailable({ - mode, - targetDir, - alreadyExistsError: `plugin already exists: ${targetDir} (delete it first)`, - }); - if (!availability.ok) { - return availability; - } - - if (dryRun) { - return { - ok: true, - pluginId, - targetDir, - manifestName: manifestRes.manifest.name, - version: manifestRes.manifest.version, - extensions: [], - }; - } - - const installRes = await installPackageDir({ + return await installPluginDirectoryIntoExtensions({ sourceDir: params.sourceDir, - targetDir, - mode, - timeoutMs, + pluginId, + manifestName: manifestRes.manifest.name, + version: manifestRes.manifest.version, + extensions: [], + extensionsDir: params.extensionsDir, logger, + timeoutMs, + mode, + dryRun, copyErrorPrefix: "failed to copy plugin bundle", hasDeps: false, depsLogMessage: "", }); - if (!installRes.ok) { - return installRes; - } - - return { - ok: true, - pluginId, - targetDir, - manifestName: manifestRes.manifest.name, - version: manifestRes.manifest.version, - extensions: [], - }; } async function installPluginFromSourceDir( @@ -514,51 +565,22 @@ async function installPluginFromPackageDir( ); } - const extensionsDir = params.extensionsDir - ? resolveUserPath(params.extensionsDir) - : path.join(CONFIG_DIR, "extensions"); - const targetDirResult = await resolveCanonicalInstallTarget({ - baseDir: extensionsDir, - id: pluginId, - invalidNameMessage: "invalid plugin name: path traversal detected", - boundaryLabel: "extensions directory", - nameEncoder: encodePluginInstallDirName, - }); - if (!targetDirResult.ok) { - return { ok: false, error: targetDirResult.error }; - } - const targetDir = targetDirResult.targetDir; - const availability = await ensureInstallTargetAvailable({ - mode, - targetDir, - alreadyExistsError: `plugin already exists: ${targetDir} (delete it first)`, - }); - if (!availability.ok) { - return availability; - } - - if (dryRun) { - return { - ok: true, - pluginId, - targetDir, - manifestName: pkgName || undefined, - version: typeof manifest.version === "string" ? manifest.version : undefined, - extensions, - }; - } - const deps = manifest.dependencies ?? {}; - const hasDeps = Object.keys(deps).length > 0; - const installRes = await installPackageDir({ + return await installPluginDirectoryIntoExtensions({ sourceDir: params.packageDir, - targetDir, - mode, - timeoutMs, + pluginId, + manifestName: pkgName || undefined, + version: typeof manifest.version === "string" ? manifest.version : undefined, + extensions, + extensionsDir: params.extensionsDir, logger, + timeoutMs, + mode, + dryRun, copyErrorPrefix: "failed to copy plugin", - hasDeps, + hasDeps: Object.keys(deps).length > 0, depsLogMessage: "Installing plugin dependencies…", + nameEncoder: encodePluginInstallDirName, afterCopy: async (installedDir) => { for (const entry of extensions) { const resolvedEntry = path.resolve(installedDir, entry); @@ -572,18 +594,6 @@ async function installPluginFromPackageDir( } }, }); - if (!installRes.ok) { - return installRes; - } - - return { - ok: true, - pluginId, - targetDir, - manifestName: pkgName || undefined, - version: typeof manifest.version === "string" ? manifest.version : undefined, - extensions, - }; } export async function installPluginFromArchive( diff --git a/src/plugins/interactive.test.ts b/src/plugins/interactive.test.ts index 14980ec4545..2b595e856f8 100644 --- a/src/plugins/interactive.test.ts +++ b/src/plugins/interactive.test.ts @@ -1,10 +1,20 @@ import { afterEach, beforeEach, describe, expect, it, vi, type MockInstance } from "vitest"; import * as conversationBinding from "./conversation-binding.js"; +import type { + DiscordInteractiveDispatchContext, + SlackInteractiveDispatchContext, + TelegramInteractiveDispatchContext, +} from "./interactive-dispatch-adapters.js"; import { clearPluginInteractiveHandlers, dispatchPluginInteractiveHandler, registerPluginInteractiveHandler, } from "./interactive.js"; +import type { + PluginInteractiveDiscordHandlerContext, + PluginInteractiveSlackHandlerContext, + PluginInteractiveTelegramHandlerContext, +} from "./types.js"; let requestPluginConversationBindingMock: MockInstance< typeof conversationBinding.requestPluginConversationBinding @@ -16,6 +26,53 @@ let getCurrentPluginConversationBindingMock: MockInstance< typeof conversationBinding.getCurrentPluginConversationBinding >; +type InteractiveDispatchParams = + | { + channel: "telegram"; + data: string; + callbackId: string; + ctx: TelegramInteractiveDispatchContext; + respond: PluginInteractiveTelegramHandlerContext["respond"]; + } + | { + channel: "discord"; + data: string; + interactionId: string; + ctx: DiscordInteractiveDispatchContext; + respond: PluginInteractiveDiscordHandlerContext["respond"]; + } + | { + channel: "slack"; + data: string; + interactionId: string; + ctx: SlackInteractiveDispatchContext; + respond: PluginInteractiveSlackHandlerContext["respond"]; + }; + +async function expectDedupedInteractiveDispatch(params: { + baseParams: InteractiveDispatchParams; + handler: ReturnType; + expectedCall: unknown; +}) { + const dispatch = async (baseParams: InteractiveDispatchParams) => { + if (baseParams.channel === "telegram") { + return await dispatchPluginInteractiveHandler(baseParams); + } + if (baseParams.channel === "discord") { + return await dispatchPluginInteractiveHandler(baseParams); + } + return await dispatchPluginInteractiveHandler(baseParams); + }; + + const first = await dispatch(params.baseParams); + const duplicate = await dispatch(params.baseParams); + + expect(first).toEqual({ matched: true, handled: true, duplicate: false }); + expect(duplicate).toEqual({ matched: true, handled: true, duplicate: true }); + expect(params.handler).toHaveBeenCalledTimes(1); + expect(params.handler).toHaveBeenCalledWith(expect.objectContaining(params.expectedCall)); +} + describe("plugin interactive handlers", () => { beforeEach(() => { clearPluginInteractiveHandlers(); @@ -99,14 +156,10 @@ describe("plugin interactive handlers", () => { }, }; - const first = await dispatchPluginInteractiveHandler(baseParams); - const duplicate = await dispatchPluginInteractiveHandler(baseParams); - - expect(first).toEqual({ matched: true, handled: true, duplicate: false }); - expect(duplicate).toEqual({ matched: true, handled: true, duplicate: true }); - expect(handler).toHaveBeenCalledTimes(1); - expect(handler).toHaveBeenCalledWith( - expect.objectContaining({ + await expectDedupedInteractiveDispatch({ + baseParams, + handler, + expectedCall: { channel: "telegram", conversationId: "-10099:topic:77", callback: expect.objectContaining({ @@ -115,8 +168,8 @@ describe("plugin interactive handlers", () => { chatId: "-10099", messageId: 55, }), - }), - ); + }, + }); }); it("rejects duplicate namespace registrations", () => { @@ -176,14 +229,10 @@ describe("plugin interactive handlers", () => { }, }; - const first = await dispatchPluginInteractiveHandler(baseParams); - const duplicate = await dispatchPluginInteractiveHandler(baseParams); - - expect(first).toEqual({ matched: true, handled: true, duplicate: false }); - expect(duplicate).toEqual({ matched: true, handled: true, duplicate: true }); - expect(handler).toHaveBeenCalledTimes(1); - expect(handler).toHaveBeenCalledWith( - expect.objectContaining({ + await expectDedupedInteractiveDispatch({ + baseParams, + handler, + expectedCall: { channel: "discord", conversationId: "channel-1", interaction: expect.objectContaining({ @@ -192,8 +241,8 @@ describe("plugin interactive handlers", () => { messageId: "message-1", values: ["allow"], }), - }), - ); + }, + }); }); it("routes Slack interactions by namespace and dedupes interaction ids", async () => { @@ -241,14 +290,10 @@ describe("plugin interactive handlers", () => { }, }; - const first = await dispatchPluginInteractiveHandler(baseParams); - const duplicate = await dispatchPluginInteractiveHandler(baseParams); - - expect(first).toEqual({ matched: true, handled: true, duplicate: false }); - expect(duplicate).toEqual({ matched: true, handled: true, duplicate: true }); - expect(handler).toHaveBeenCalledTimes(1); - expect(handler).toHaveBeenCalledWith( - expect.objectContaining({ + await expectDedupedInteractiveDispatch({ + baseParams, + handler, + expectedCall: { channel: "slack", conversationId: "C123", threadId: "1710000000.000100", @@ -258,8 +303,8 @@ describe("plugin interactive handlers", () => { actionId: "codex", messageTs: "1710000000.000200", }), - }), - ); + }, + }); }); it("wires Telegram conversation binding helpers with topic context", async () => { diff --git a/src/plugins/loader.test.ts b/src/plugins/loader.test.ts index a91b6c939ab..60673ffa67f 100644 --- a/src/plugins/loader.test.ts +++ b/src/plugins/loader.test.ts @@ -44,6 +44,7 @@ const { } = await importFreshPluginTestModules(); type TempPlugin = { dir: string; file: string; id: string }; +type PluginLoadConfig = NonNullable[0]>["config"]; function chmodSafeDir(dir: string) { if (process.platform === "win32") { @@ -238,6 +239,22 @@ function loadRegistryFromSinglePlugin(params: { }); } +function loadRegistryFromAllowedPlugins( + plugins: TempPlugin[], + options?: Omit[0], "cache" | "config">, +) { + return loadOpenClawPlugins({ + cache: false, + ...options, + config: { + plugins: { + load: { paths: plugins.map((plugin) => plugin.file) }, + allow: plugins.map((plugin) => plugin.id), + }, + }, + }); +} + function createWarningLogger(warnings: string[]) { return { info: () => {}, @@ -297,22 +314,6 @@ function createPluginSdkAliasFixture(params?: { return { root, srcFile, distFile }; } -function createExtensionApiAliasFixture(params?: { srcBody?: string; distBody?: string }) { - const root = makeTempDir(); - const srcFile = path.join(root, "src", "extensionAPI.ts"); - const distFile = path.join(root, "dist", "extensionAPI.js"); - mkdirSafe(path.dirname(srcFile)); - mkdirSafe(path.dirname(distFile)); - fs.writeFileSync( - path.join(root, "package.json"), - JSON.stringify({ name: "openclaw", type: "module" }, null, 2), - "utf-8", - ); - fs.writeFileSync(srcFile, params?.srcBody ?? "export {};\n", "utf-8"); - fs.writeFileSync(distFile, params?.distBody ?? "export {};\n", "utf-8"); - return { root, srcFile, distFile }; -} - function createPluginRuntimeAliasFixture(params?: { srcBody?: string; distBody?: string }) { const root = makeTempDir(); const srcFile = path.join(root, "src", "plugins", "runtime", "index.ts"); @@ -337,6 +338,307 @@ function createPluginRuntimeAliasFixture(params?: { srcBody?: string; distBody?: return { root, srcFile, distFile }; } +function loadBundleFixture(params: { + pluginId: string; + build: (bundleRoot: string) => void; + env?: NodeJS.ProcessEnv; + onlyPluginIds?: string[]; +}) { + useNoBundledPlugins(); + const workspaceDir = makeTempDir(); + const stateDir = makeTempDir(); + const bundleRoot = path.join(workspaceDir, ".openclaw", "extensions", params.pluginId); + params.build(bundleRoot); + return withEnv({ OPENCLAW_STATE_DIR: stateDir, ...params.env }, () => + loadOpenClawPlugins({ + workspaceDir, + onlyPluginIds: params.onlyPluginIds ?? [params.pluginId], + config: { + plugins: { + entries: { + [params.pluginId]: { + enabled: true, + }, + }, + }, + }, + cache: false, + }), + ); +} + +function expectNoUnwiredBundleDiagnostic( + registry: ReturnType, + pluginId: string, +) { + expect( + registry.diagnostics.some( + (diag) => + diag.pluginId === pluginId && + diag.message.includes("bundle capability detected but not wired"), + ), + ).toBe(false); +} + +function resolveLoadedPluginSource( + registry: ReturnType, + pluginId: string, +) { + return fs.realpathSync(registry.plugins.find((entry) => entry.id === pluginId)?.source ?? ""); +} + +function expectCachePartitionByPluginSource(params: { + pluginId: string; + loadFirst: () => ReturnType; + loadSecond: () => ReturnType; + expectedFirstSource: string; + expectedSecondSource: string; +}) { + const first = params.loadFirst(); + const second = params.loadSecond(); + + expect(second).not.toBe(first); + expect(resolveLoadedPluginSource(first, params.pluginId)).toBe( + fs.realpathSync(params.expectedFirstSource), + ); + expect(resolveLoadedPluginSource(second, params.pluginId)).toBe( + fs.realpathSync(params.expectedSecondSource), + ); +} + +function expectCacheMissThenHit(params: { + loadFirst: () => ReturnType; + loadVariant: () => ReturnType; +}) { + const first = params.loadFirst(); + const second = params.loadVariant(); + const third = params.loadVariant(); + + expect(second).not.toBe(first); + expect(third).toBe(second); +} + +function createSetupEntryChannelPluginFixture(params: { + id: string; + label: string; + packageName: string; + fullBlurb: string; + setupBlurb: string; + configured: boolean; + startupDeferConfiguredChannelFullLoadUntilAfterListen?: boolean; +}) { + useNoBundledPlugins(); + const pluginDir = makeTempDir(); + const fullMarker = path.join(pluginDir, "full-loaded.txt"); + const setupMarker = path.join(pluginDir, "setup-loaded.txt"); + const listAccountIds = params.configured ? '["default"]' : "[]"; + const resolveAccount = params.configured + ? '({ accountId: "default", token: "configured" })' + : '({ accountId: "default" })'; + + fs.writeFileSync( + path.join(pluginDir, "package.json"), + JSON.stringify( + { + name: params.packageName, + openclaw: { + extensions: ["./index.cjs"], + setupEntry: "./setup-entry.cjs", + ...(params.startupDeferConfiguredChannelFullLoadUntilAfterListen + ? { + startup: { + deferConfiguredChannelFullLoadUntilAfterListen: true, + }, + } + : {}), + }, + }, + null, + 2, + ), + "utf-8", + ); + fs.writeFileSync( + path.join(pluginDir, "openclaw.plugin.json"), + JSON.stringify( + { + id: params.id, + configSchema: EMPTY_PLUGIN_SCHEMA, + channels: [params.id], + }, + null, + 2, + ), + "utf-8", + ); + fs.writeFileSync( + path.join(pluginDir, "index.cjs"), + `require("node:fs").writeFileSync(${JSON.stringify(fullMarker)}, "loaded", "utf-8"); +module.exports = { + id: ${JSON.stringify(params.id)}, + register(api) { + api.registerChannel({ + plugin: { + id: ${JSON.stringify(params.id)}, + meta: { + id: ${JSON.stringify(params.id)}, + label: ${JSON.stringify(params.label)}, + selectionLabel: ${JSON.stringify(params.label)}, + docsPath: ${JSON.stringify(`/channels/${params.id}`)}, + blurb: ${JSON.stringify(params.fullBlurb)}, + }, + capabilities: { chatTypes: ["direct"] }, + config: { + listAccountIds: () => ${listAccountIds}, + resolveAccount: () => ${resolveAccount}, + }, + outbound: { deliveryMode: "direct" }, + }, + }); + }, +};`, + "utf-8", + ); + fs.writeFileSync( + path.join(pluginDir, "setup-entry.cjs"), + `require("node:fs").writeFileSync(${JSON.stringify(setupMarker)}, "loaded", "utf-8"); +module.exports = { + plugin: { + id: ${JSON.stringify(params.id)}, + meta: { + id: ${JSON.stringify(params.id)}, + label: ${JSON.stringify(params.label)}, + selectionLabel: ${JSON.stringify(params.label)}, + docsPath: ${JSON.stringify(`/channels/${params.id}`)}, + blurb: ${JSON.stringify(params.setupBlurb)}, + }, + capabilities: { chatTypes: ["direct"] }, + config: { + listAccountIds: () => ${listAccountIds}, + resolveAccount: () => ${resolveAccount}, + }, + outbound: { deliveryMode: "direct" }, + }, +};`, + "utf-8", + ); + + return { pluginDir, fullMarker, setupMarker }; +} + +function createEnvResolvedPluginFixture(pluginId: string) { + useNoBundledPlugins(); + const openclawHome = makeTempDir(); + const ignoredHome = makeTempDir(); + const stateDir = makeTempDir(); + const pluginDir = path.join(openclawHome, "plugins", pluginId); + mkdirSafe(pluginDir); + const plugin = writePlugin({ + id: pluginId, + dir: pluginDir, + filename: "index.cjs", + body: `module.exports = { id: ${JSON.stringify(pluginId)}, register() {} };`, + }); + const env = { + ...process.env, + OPENCLAW_HOME: openclawHome, + HOME: ignoredHome, + OPENCLAW_STATE_DIR: stateDir, + CLAWDBOT_STATE_DIR: undefined, + OPENCLAW_BUNDLED_PLUGINS_DIR: "/nonexistent/bundled/plugins", + }; + return { plugin, env }; +} + +function expectEscapingEntryRejected(params: { + id: string; + linkKind: "symlink" | "hardlink"; + sourceBody: string; +}) { + useNoBundledPlugins(); + const { outsideEntry, linkedEntry } = createEscapingEntryFixture({ + id: params.id, + sourceBody: params.sourceBody, + }); + try { + if (params.linkKind === "symlink") { + fs.symlinkSync(outsideEntry, linkedEntry); + } else { + fs.linkSync(outsideEntry, linkedEntry); + } + } catch (err) { + if (params.linkKind === "hardlink" && (err as NodeJS.ErrnoException).code === "EXDEV") { + return undefined; + } + if (params.linkKind === "symlink") { + return undefined; + } + throw err; + } + + const registry = loadOpenClawPlugins({ + cache: false, + config: { + plugins: { + load: { paths: [linkedEntry] }, + allow: [params.id], + }, + }, + }); + + const record = registry.plugins.find((entry) => entry.id === params.id); + expect(record?.status).not.toBe("loaded"); + expect(registry.diagnostics.some((entry) => entry.message.includes("escapes"))).toBe(true); + return registry; +} + +function resolvePluginSdkAlias(params: { + root: string; + srcFile: string; + distFile: string; + modulePath: string; + argv1?: string; + env?: NodeJS.ProcessEnv; +}) { + const run = () => + __testing.resolvePluginSdkAliasFile({ + srcFile: params.srcFile, + distFile: params.distFile, + modulePath: params.modulePath, + argv1: params.argv1, + }); + return params.env ? withEnv(params.env, run) : run(); +} + +function listPluginSdkAliasCandidates(params: { + root: string; + srcFile: string; + distFile: string; + modulePath: string; + env?: NodeJS.ProcessEnv; +}) { + const run = () => + __testing.listPluginSdkAliasCandidates({ + srcFile: params.srcFile, + distFile: params.distFile, + modulePath: params.modulePath, + }); + return params.env ? withEnv(params.env, run) : run(); +} + +function resolvePluginRuntimeModule(params: { + modulePath: string; + argv1?: string; + env?: NodeJS.ProcessEnv; +}) { + const run = () => + __testing.resolvePluginRuntimeModulePath({ + modulePath: params.modulePath, + argv1: params.argv1, + }); + return params.env ? withEnv(params.env, run) : run(); +} + afterEach(() => { clearPluginLoaderCache(); if (prevBundledDir === undefined) { @@ -392,97 +694,125 @@ describe("bundle plugins", () => { expect(plugin?.bundleCapabilities).toContain("skills"); }); - it("treats Claude command roots and settings as supported bundle surfaces", () => { - useNoBundledPlugins(); - const workspaceDir = makeTempDir(); - const stateDir = makeTempDir(); - const bundleRoot = path.join(workspaceDir, ".openclaw", "extensions", "claude-skills"); - mkdirSafe(path.join(bundleRoot, "commands")); - fs.writeFileSync( - path.join(bundleRoot, "commands", "review.md"), - "---\ndescription: fixture\n---\n", - ); - fs.writeFileSync(path.join(bundleRoot, "settings.json"), '{"hideThinkingBlock":true}', "utf-8"); - - const registry = withEnv({ OPENCLAW_STATE_DIR: stateDir }, () => - loadOpenClawPlugins({ - workspaceDir, - onlyPluginIds: ["claude-skills"], - config: { - plugins: { - entries: { - "claude-skills": { - enabled: true, + it.each([ + { + name: "treats Claude command roots and settings as supported bundle surfaces", + pluginId: "claude-skills", + expectedFormat: "claude", + expectedCapabilities: ["skills", "commands", "settings"], + build: (bundleRoot: string) => { + mkdirSafe(path.join(bundleRoot, "commands")); + fs.writeFileSync( + path.join(bundleRoot, "commands", "review.md"), + "---\ndescription: fixture\n---\n", + ); + fs.writeFileSync( + path.join(bundleRoot, "settings.json"), + '{"hideThinkingBlock":true}', + "utf-8", + ); + }, + }, + { + name: "treats bundle MCP as a supported bundle surface", + pluginId: "claude-mcp", + expectedFormat: "claude", + expectedCapabilities: ["mcpServers"], + build: (bundleRoot: string) => { + mkdirSafe(path.join(bundleRoot, ".claude-plugin")); + fs.writeFileSync( + path.join(bundleRoot, ".claude-plugin", "plugin.json"), + JSON.stringify({ + name: "Claude MCP", + }), + "utf-8", + ); + fs.writeFileSync( + path.join(bundleRoot, ".mcp.json"), + JSON.stringify({ + mcpServers: { + probe: { + command: "node", + args: ["./probe.mjs"], }, }, - }, - }, - cache: false, - }), - ); + }), + "utf-8", + ); + }, + }, + { + name: "treats Cursor command roots as supported bundle skill surfaces", + pluginId: "cursor-skills", + expectedFormat: "cursor", + expectedCapabilities: ["skills", "commands"], + build: (bundleRoot: string) => { + mkdirSafe(path.join(bundleRoot, ".cursor-plugin")); + mkdirSafe(path.join(bundleRoot, ".cursor", "commands")); + fs.writeFileSync( + path.join(bundleRoot, ".cursor-plugin", "plugin.json"), + JSON.stringify({ + name: "Cursor Skills", + }), + "utf-8", + ); + fs.writeFileSync( + path.join(bundleRoot, ".cursor", "commands", "review.md"), + "---\ndescription: fixture\n---\n", + ); + }, + }, + ])("$name", ({ pluginId, expectedFormat, expectedCapabilities, build }) => { + const registry = loadBundleFixture({ pluginId, build }); + const plugin = registry.plugins.find((entry) => entry.id === pluginId); - const plugin = registry.plugins.find((entry) => entry.id === "claude-skills"); expect(plugin?.status).toBe("loaded"); - expect(plugin?.bundleFormat).toBe("claude"); - expect(plugin?.bundleCapabilities).toEqual( - expect.arrayContaining(["skills", "commands", "settings"]), - ); - expect( - registry.diagnostics.some( - (diag) => - diag.pluginId === "claude-skills" && - diag.message.includes("bundle capability detected but not wired"), - ), - ).toBe(false); + expect(plugin?.bundleFormat).toBe(expectedFormat); + expect(plugin?.bundleCapabilities).toEqual(expect.arrayContaining(expectedCapabilities)); + expectNoUnwiredBundleDiagnostic(registry, pluginId); }); - it("treats Cursor command roots as supported bundle skill surfaces", () => { - useNoBundledPlugins(); - const workspaceDir = makeTempDir(); + it("warns when bundle MCP only declares unsupported non-stdio transports", () => { const stateDir = makeTempDir(); - const bundleRoot = path.join(workspaceDir, ".openclaw", "extensions", "cursor-skills"); - mkdirSafe(path.join(bundleRoot, ".cursor-plugin")); - mkdirSafe(path.join(bundleRoot, ".cursor", "commands")); - fs.writeFileSync( - path.join(bundleRoot, ".cursor-plugin", "plugin.json"), - JSON.stringify({ - name: "Cursor Skills", - }), - "utf-8", - ); - fs.writeFileSync( - path.join(bundleRoot, ".cursor", "commands", "review.md"), - "---\ndescription: fixture\n---\n", - ); - - const registry = withEnv({ OPENCLAW_STATE_DIR: stateDir }, () => - loadOpenClawPlugins({ - workspaceDir, - onlyPluginIds: ["cursor-skills"], - config: { - plugins: { - entries: { - "cursor-skills": { - enabled: true, + const registry = loadBundleFixture({ + pluginId: "claude-mcp-url", + env: { + OPENCLAW_HOME: stateDir, + }, + build: (bundleRoot) => { + mkdirSafe(path.join(bundleRoot, ".claude-plugin")); + fs.writeFileSync( + path.join(bundleRoot, ".claude-plugin", "plugin.json"), + JSON.stringify({ + name: "Claude MCP URL", + }), + "utf-8", + ); + fs.writeFileSync( + path.join(bundleRoot, ".mcp.json"), + JSON.stringify({ + mcpServers: { + remoteProbe: { + url: "http://127.0.0.1:8787/mcp", }, }, - }, - }, - cache: false, - }), - ); + }), + "utf-8", + ); + }, + }); - const plugin = registry.plugins.find((entry) => entry.id === "cursor-skills"); + const plugin = registry.plugins.find((entry) => entry.id === "claude-mcp-url"); expect(plugin?.status).toBe("loaded"); - expect(plugin?.bundleFormat).toBe("cursor"); - expect(plugin?.bundleCapabilities).toEqual(expect.arrayContaining(["skills", "commands"])); + expect(plugin?.bundleCapabilities).toEqual(expect.arrayContaining(["mcpServers"])); expect( registry.diagnostics.some( (diag) => - diag.pluginId === "cursor-skills" && - diag.message.includes("bundle capability detected but not wired"), + diag.pluginId === "claude-mcp-url" && + diag.message.includes("stdio only today") && + diag.message.includes("remoteProbe"), ), - ).toBe(false); + ).toBe(true); }); }); @@ -521,69 +851,69 @@ describe("loadOpenClawPlugins", () => { expect(bundled?.status).toBe("disabled"); }); - it("loads bundled telegram plugin when enabled", () => { + it("handles bundled telegram plugin enablement and override rules", () => { setupBundledTelegramPlugin(); - - const registry = loadOpenClawPlugins({ - cache: false, - workspaceDir: cachedBundledTelegramDir, - config: { - plugins: { - allow: ["telegram"], - entries: { - telegram: { enabled: true }, + const cases = [ + { + name: "loads bundled telegram plugin when enabled", + config: { + plugins: { + allow: ["telegram"], + entries: { + telegram: { enabled: true }, + }, }, + } satisfies PluginLoadConfig, + assert: (registry: ReturnType) => { + expectTelegramLoaded(registry); }, }, - }); - - expectTelegramLoaded(registry); - }); - - it("loads bundled channel plugins when channels..enabled=true", () => { - setupBundledTelegramPlugin(); - - const registry = loadOpenClawPlugins({ - cache: false, - workspaceDir: cachedBundledTelegramDir, - config: { - channels: { - telegram: { + { + name: "loads bundled channel plugins when channels..enabled=true", + config: { + channels: { + telegram: { + enabled: true, + }, + }, + plugins: { enabled: true, }, - }, - plugins: { - enabled: true, + } satisfies PluginLoadConfig, + assert: (registry: ReturnType) => { + expectTelegramLoaded(registry); }, }, - }); - - expectTelegramLoaded(registry); - }); - - it("still respects explicit disable via plugins.entries for bundled channels", () => { - setupBundledTelegramPlugin(); - - const registry = loadOpenClawPlugins({ - cache: false, - workspaceDir: cachedBundledTelegramDir, - config: { - channels: { - telegram: { - enabled: true, + { + name: "still respects explicit disable via plugins.entries for bundled channels", + config: { + channels: { + telegram: { + enabled: true, + }, }, - }, - plugins: { - entries: { - telegram: { enabled: false }, + plugins: { + entries: { + telegram: { enabled: false }, + }, }, + } satisfies PluginLoadConfig, + assert: (registry: ReturnType) => { + const telegram = registry.plugins.find((entry) => entry.id === "telegram"); + expect(telegram?.status).toBe("disabled"); + expect(telegram?.error).toBe("disabled in config"); }, }, - }); + ] as const; - const telegram = registry.plugins.find((entry) => entry.id === "telegram"); - expect(telegram?.status).toBe("disabled"); - expect(telegram?.error).toBe("disabled in config"); + for (const testCase of cases) { + const registry = loadOpenClawPlugins({ + cache: false, + workspaceDir: cachedBundledTelegramDir, + config: testCase.config, + }); + testCase.assert(registry); + } }); it("preserves package.json metadata for bundled memory plugins", () => { @@ -603,112 +933,172 @@ describe("loadOpenClawPlugins", () => { expect(memory?.name).toBe("Memory (Core)"); expect(memory?.version).toBe("1.2.3"); }); - it("loads plugins from config paths", () => { - process.env.OPENCLAW_BUNDLED_PLUGINS_DIR = "/nonexistent/bundled/plugins"; - const plugin = writePlugin({ - id: "allowed", - filename: "allowed.cjs", - body: `module.exports = { - id: "allowed", + it("handles config-path and scoped plugin loads", () => { + const scenarios = [ + { + label: "loads plugins from config paths", + run: () => { + process.env.OPENCLAW_BUNDLED_PLUGINS_DIR = "/nonexistent/bundled/plugins"; + const plugin = writePlugin({ + id: "allowed-config-path", + filename: "allowed-config-path.cjs", + body: `module.exports = { + id: "allowed-config-path", register(api) { - api.registerGatewayMethod("allowed.ping", ({ respond }) => respond(true, { ok: true })); + api.registerGatewayMethod("allowed-config-path.ping", ({ respond }) => respond(true, { ok: true })); }, };`, - }); + }); - const registry = loadOpenClawPlugins({ - cache: false, - workspaceDir: plugin.dir, - config: { - plugins: { - load: { paths: [plugin.file] }, - allow: ["allowed"], + const registry = loadOpenClawPlugins({ + cache: false, + workspaceDir: plugin.dir, + config: { + plugins: { + load: { paths: [plugin.file] }, + allow: ["allowed-config-path"], + }, + }, + }); + + const loaded = registry.plugins.find((entry) => entry.id === "allowed-config-path"); + expect(loaded?.status).toBe("loaded"); + expect(Object.keys(registry.gatewayHandlers)).toContain("allowed-config-path.ping"); }, }, - }); + { + label: "limits imports to the requested plugin ids", + run: () => { + useNoBundledPlugins(); + const allowed = writePlugin({ + id: "allowed-scoped-only", + filename: "allowed-scoped-only.cjs", + body: `module.exports = { id: "allowed-scoped-only", register() {} };`, + }); + const skippedMarker = path.join(makeTempDir(), "skipped-loaded.txt"); + const skipped = writePlugin({ + id: "skipped-scoped-only", + filename: "skipped-scoped-only.cjs", + body: `require("node:fs").writeFileSync(${JSON.stringify(skippedMarker)}, "loaded", "utf-8"); +module.exports = { id: "skipped-scoped-only", register() { throw new Error("skipped plugin should not load"); } };`, + }); - const loaded = registry.plugins.find((entry) => entry.id === "allowed"); - expect(loaded?.status).toBe("loaded"); - expect(Object.keys(registry.gatewayHandlers)).toContain("allowed.ping"); - }); + const registry = loadOpenClawPlugins({ + cache: false, + config: { + plugins: { + load: { paths: [allowed.file, skipped.file] }, + allow: ["allowed-scoped-only", "skipped-scoped-only"], + }, + }, + onlyPluginIds: ["allowed-scoped-only"], + }); - it("limits imports to the requested plugin ids", () => { - useNoBundledPlugins(); - const allowed = writePlugin({ - id: "allowed", - filename: "allowed.cjs", - body: `module.exports = { id: "allowed", register() {} };`, - }); - const skippedMarker = path.join(makeTempDir(), "skipped-loaded.txt"); - const skipped = writePlugin({ - id: "skipped", - filename: "skipped.cjs", - body: `require("node:fs").writeFileSync(${JSON.stringify(skippedMarker)}, "loaded", "utf-8"); -module.exports = { id: "skipped", register() { throw new Error("skipped plugin should not load"); } };`, - }); - - const registry = loadOpenClawPlugins({ - cache: false, - config: { - plugins: { - load: { paths: [allowed.file, skipped.file] }, - allow: ["allowed", "skipped"], + expect(registry.plugins.map((entry) => entry.id)).toEqual(["allowed-scoped-only"]); + expect(fs.existsSync(skippedMarker)).toBe(false); }, }, - onlyPluginIds: ["allowed"], - }); + { + label: "keeps scoped plugin loads in a separate cache entry", + run: () => { + useNoBundledPlugins(); + const allowed = writePlugin({ + id: "allowed-cache-scope", + filename: "allowed-cache-scope.cjs", + body: `module.exports = { id: "allowed-cache-scope", register() {} };`, + }); + const extra = writePlugin({ + id: "extra-cache-scope", + filename: "extra-cache-scope.cjs", + body: `module.exports = { id: "extra-cache-scope", register() {} };`, + }); + const options = { + config: { + plugins: { + load: { paths: [allowed.file, extra.file] }, + allow: ["allowed-cache-scope", "extra-cache-scope"], + }, + }, + }; - expect(registry.plugins.map((entry) => entry.id)).toEqual(["allowed"]); - expect(fs.existsSync(skippedMarker)).toBe(false); - }); + const full = loadOpenClawPlugins(options); + const scoped = loadOpenClawPlugins({ + ...options, + onlyPluginIds: ["allowed-cache-scope"], + }); + const scopedAgain = loadOpenClawPlugins({ + ...options, + onlyPluginIds: ["allowed-cache-scope"], + }); - it("keeps scoped plugin loads in a separate cache entry", () => { - useNoBundledPlugins(); - const allowed = writePlugin({ - id: "allowed", - filename: "allowed.cjs", - body: `module.exports = { id: "allowed", register() {} };`, - }); - const extra = writePlugin({ - id: "extra", - filename: "extra.cjs", - body: `module.exports = { id: "extra", register() {} };`, - }); - const options = { - config: { - plugins: { - load: { paths: [allowed.file, extra.file] }, - allow: ["allowed", "extra"], + expect(full.plugins.map((entry) => entry.id).toSorted()).toEqual([ + "allowed-cache-scope", + "extra-cache-scope", + ]); + expect(scoped).not.toBe(full); + expect(scoped.plugins.map((entry) => entry.id)).toEqual(["allowed-cache-scope"]); + expect(scopedAgain).toBe(scoped); }, }, - }; + { + label: "can load a scoped registry without replacing the active global registry", + run: () => { + useNoBundledPlugins(); + const plugin = writePlugin({ + id: "allowed-nonactivating-scope", + filename: "allowed-nonactivating-scope.cjs", + body: `module.exports = { id: "allowed-nonactivating-scope", register() {} };`, + }); + const previousRegistry = createEmptyPluginRegistry(); + setActivePluginRegistry(previousRegistry, "existing-registry"); + resetGlobalHookRunner(); - const full = loadOpenClawPlugins(options); - const scoped = loadOpenClawPlugins({ - ...options, - onlyPluginIds: ["allowed"], - }); - const scopedAgain = loadOpenClawPlugins({ - ...options, - onlyPluginIds: ["allowed"], - }); + const scoped = loadOpenClawPlugins({ + cache: false, + activate: false, + workspaceDir: plugin.dir, + config: { + plugins: { + load: { paths: [plugin.file] }, + allow: ["allowed-nonactivating-scope"], + }, + }, + onlyPluginIds: ["allowed-nonactivating-scope"], + }); - expect(full.plugins.map((entry) => entry.id).toSorted()).toEqual(["allowed", "extra"]); - expect(scoped).not.toBe(full); - expect(scoped.plugins.map((entry) => entry.id)).toEqual(["allowed"]); - expect(scopedAgain).toBe(scoped); + expect(scoped.plugins.map((entry) => entry.id)).toEqual(["allowed-nonactivating-scope"]); + expect(getActivePluginRegistry()).toBe(previousRegistry); + expect(getActivePluginRegistryKey()).toBe("existing-registry"); + expect(getGlobalHookRunner()).toBeNull(); + }, + }, + ] as const; + + for (const scenario of scenarios) { + scenario.run(); + } }); - it("can load a scoped registry without replacing the active global registry", () => { + it("only publishes plugin commands to the global registry during activating loads", async () => { useNoBundledPlugins(); const plugin = writePlugin({ - id: "allowed", - filename: "allowed.cjs", - body: `module.exports = { id: "allowed", register() {} };`, + id: "command-plugin", + filename: "command-plugin.cjs", + body: `module.exports = { + id: "command-plugin", + register(api) { + api.registerCommand({ + name: "pair", + description: "Pair device", + acceptsArgs: true, + handler: async ({ args }) => ({ text: \`paired:\${args ?? ""}\` }), + }); + }, + };`, }); - const previousRegistry = createEmptyPluginRegistry(); - setActivePluginRegistry(previousRegistry, "existing-registry"); - resetGlobalHookRunner(); + const { clearPluginCommands, getPluginCommandSpecs } = await import("./commands.js"); + + clearPluginCommands(); const scoped = loadOpenClawPlugins({ cache: false, @@ -717,16 +1107,38 @@ module.exports = { id: "skipped", register() { throw new Error("skipped plugin s config: { plugins: { load: { paths: [plugin.file] }, - allow: ["allowed"], + allow: ["command-plugin"], }, }, - onlyPluginIds: ["allowed"], + onlyPluginIds: ["command-plugin"], }); - expect(scoped.plugins.map((entry) => entry.id)).toEqual(["allowed"]); - expect(getActivePluginRegistry()).toBe(previousRegistry); - expect(getActivePluginRegistryKey()).toBe("existing-registry"); - expect(getGlobalHookRunner()).toBeNull(); + expect(scoped.plugins.find((entry) => entry.id === "command-plugin")?.status).toBe("loaded"); + expect(scoped.commands.map((entry) => entry.command.name)).toEqual(["pair"]); + expect(getPluginCommandSpecs("telegram")).toEqual([]); + + const active = loadOpenClawPlugins({ + cache: false, + workspaceDir: plugin.dir, + config: { + plugins: { + load: { paths: [plugin.file] }, + allow: ["command-plugin"], + }, + }, + onlyPluginIds: ["command-plugin"], + }); + + expect(active.plugins.find((entry) => entry.id === "command-plugin")?.status).toBe("loaded"); + expect(getPluginCommandSpecs("telegram")).toEqual([ + { + name: "pair", + description: "Pair device", + acceptsArgs: true, + }, + ]); + + clearPluginCommands(); }); it("throws when activate:false is used without cache:false", () => { @@ -769,177 +1181,231 @@ module.exports = { id: "skipped", register() { throw new Error("skipped plugin s resetGlobalHookRunner(); }); - it("does not reuse cached bundled plugin registries across env changes", () => { - const bundledA = makeTempDir(); - const bundledB = makeTempDir(); - const pluginA = writePlugin({ - id: "cache-root", - dir: path.join(bundledA, "cache-root"), - filename: "index.cjs", - body: `module.exports = { id: "cache-root", register() {} };`, - }); - const pluginB = writePlugin({ - id: "cache-root", - dir: path.join(bundledB, "cache-root"), - filename: "index.cjs", - body: `module.exports = { id: "cache-root", register() {} };`, - }); + it.each([ + { + name: "does not reuse cached bundled plugin registries across env changes", + pluginId: "cache-root", + setup: () => { + const bundledA = makeTempDir(); + const bundledB = makeTempDir(); + const pluginA = writePlugin({ + id: "cache-root", + dir: path.join(bundledA, "cache-root"), + filename: "index.cjs", + body: `module.exports = { id: "cache-root", register() {} };`, + }); + const pluginB = writePlugin({ + id: "cache-root", + dir: path.join(bundledB, "cache-root"), + filename: "index.cjs", + body: `module.exports = { id: "cache-root", register() {} };`, + }); - const options = { - config: { - plugins: { - allow: ["cache-root"], - entries: { - "cache-root": { enabled: true }, - }, - }, - }, - }; - - const first = loadOpenClawPlugins({ - ...options, - env: { - ...process.env, - OPENCLAW_BUNDLED_PLUGINS_DIR: bundledA, - }, - }); - const second = loadOpenClawPlugins({ - ...options, - env: { - ...process.env, - OPENCLAW_BUNDLED_PLUGINS_DIR: bundledB, - }, - }); - - expect(second).not.toBe(first); - expect( - fs.realpathSync(first.plugins.find((entry) => entry.id === "cache-root")?.source ?? ""), - ).toBe(fs.realpathSync(pluginA.file)); - expect( - fs.realpathSync(second.plugins.find((entry) => entry.id === "cache-root")?.source ?? ""), - ).toBe(fs.realpathSync(pluginB.file)); - }); - - it("does not reuse cached load-path plugin registries across env home changes", () => { - const homeA = makeTempDir(); - const homeB = makeTempDir(); - const stateDir = makeTempDir(); - const bundledDir = makeTempDir(); - const pluginA = writePlugin({ - id: "demo", - dir: path.join(homeA, "plugins", "demo"), - filename: "index.cjs", - body: `module.exports = { id: "demo", register() {} };`, - }); - const pluginB = writePlugin({ - id: "demo", - dir: path.join(homeB, "plugins", "demo"), - filename: "index.cjs", - body: `module.exports = { id: "demo", register() {} };`, - }); - - const options = { - config: { - plugins: { - allow: ["demo"], - entries: { - demo: { enabled: true }, - }, - load: { - paths: ["~/plugins/demo"], - }, - }, - }, - }; - - const first = loadOpenClawPlugins({ - ...options, - env: { - ...process.env, - HOME: homeA, - OPENCLAW_HOME: undefined, - OPENCLAW_STATE_DIR: stateDir, - OPENCLAW_BUNDLED_PLUGINS_DIR: bundledDir, - }, - }); - const second = loadOpenClawPlugins({ - ...options, - env: { - ...process.env, - HOME: homeB, - OPENCLAW_HOME: undefined, - OPENCLAW_STATE_DIR: stateDir, - OPENCLAW_BUNDLED_PLUGINS_DIR: bundledDir, - }, - }); - - expect(second).not.toBe(first); - expect(fs.realpathSync(first.plugins.find((entry) => entry.id === "demo")?.source ?? "")).toBe( - fs.realpathSync(pluginA.file), - ); - expect(fs.realpathSync(second.plugins.find((entry) => entry.id === "demo")?.source ?? "")).toBe( - fs.realpathSync(pluginB.file), - ); - }); - - it("does not reuse cached registries when env-resolved install paths change", () => { - useNoBundledPlugins(); - const openclawHome = makeTempDir(); - const ignoredHome = makeTempDir(); - const stateDir = makeTempDir(); - const pluginDir = path.join(openclawHome, "plugins", "tracked-install-cache"); - mkdirSafe(pluginDir); - const plugin = writePlugin({ - id: "tracked-install-cache", - dir: pluginDir, - filename: "index.cjs", - body: `module.exports = { id: "tracked-install-cache", register() {} };`, - }); - - const options = { - config: { - plugins: { - load: { paths: [plugin.file] }, - allow: ["tracked-install-cache"], - installs: { - "tracked-install-cache": { - source: "path" as const, - installPath: "~/plugins/tracked-install-cache", - sourcePath: "~/plugins/tracked-install-cache", + const options = { + config: { + plugins: { + allow: ["cache-root"], + entries: { + "cache-root": { enabled: true }, + }, }, }, - }, - }, - }; + }; - const first = loadOpenClawPlugins({ - ...options, - env: { - ...process.env, - OPENCLAW_HOME: openclawHome, - HOME: ignoredHome, - OPENCLAW_STATE_DIR: stateDir, - CLAWDBOT_STATE_DIR: undefined, - OPENCLAW_BUNDLED_PLUGINS_DIR: "/nonexistent/bundled/plugins", + return { + expectedFirstSource: pluginA.file, + expectedSecondSource: pluginB.file, + loadFirst: () => + loadOpenClawPlugins({ + ...options, + env: { + ...process.env, + OPENCLAW_BUNDLED_PLUGINS_DIR: bundledA, + }, + }), + loadSecond: () => + loadOpenClawPlugins({ + ...options, + env: { + ...process.env, + OPENCLAW_BUNDLED_PLUGINS_DIR: bundledB, + }, + }), + }; }, + }, + { + name: "does not reuse cached load-path plugin registries across env home changes", + pluginId: "demo", + setup: () => { + const homeA = makeTempDir(); + const homeB = makeTempDir(); + const stateDir = makeTempDir(); + const bundledDir = makeTempDir(); + const pluginA = writePlugin({ + id: "demo", + dir: path.join(homeA, "plugins", "demo"), + filename: "index.cjs", + body: `module.exports = { id: "demo", register() {} };`, + }); + const pluginB = writePlugin({ + id: "demo", + dir: path.join(homeB, "plugins", "demo"), + filename: "index.cjs", + body: `module.exports = { id: "demo", register() {} };`, + }); + + const options = { + config: { + plugins: { + allow: ["demo"], + entries: { + demo: { enabled: true }, + }, + load: { + paths: ["~/plugins/demo"], + }, + }, + }, + }; + + return { + expectedFirstSource: pluginA.file, + expectedSecondSource: pluginB.file, + loadFirst: () => + loadOpenClawPlugins({ + ...options, + env: { + ...process.env, + HOME: homeA, + OPENCLAW_HOME: undefined, + OPENCLAW_STATE_DIR: stateDir, + OPENCLAW_BUNDLED_PLUGINS_DIR: bundledDir, + }, + }), + loadSecond: () => + loadOpenClawPlugins({ + ...options, + env: { + ...process.env, + HOME: homeB, + OPENCLAW_HOME: undefined, + OPENCLAW_STATE_DIR: stateDir, + OPENCLAW_BUNDLED_PLUGINS_DIR: bundledDir, + }, + }), + }; + }, + }, + ])("$name", ({ pluginId, setup }) => { + const { expectedFirstSource, expectedSecondSource, loadFirst, loadSecond } = setup(); + expectCachePartitionByPluginSource({ + pluginId, + loadFirst, + loadSecond, + expectedFirstSource, + expectedSecondSource, }); - const secondHome = makeTempDir(); - const secondOptions = { - ...options, - env: { - ...process.env, - OPENCLAW_HOME: secondHome, - HOME: ignoredHome, - OPENCLAW_STATE_DIR: stateDir, - CLAWDBOT_STATE_DIR: undefined, - OPENCLAW_BUNDLED_PLUGINS_DIR: "/nonexistent/bundled/plugins", - }, - }; - const second = loadOpenClawPlugins(secondOptions); - const third = loadOpenClawPlugins(secondOptions); + }); - expect(second).not.toBe(first); - expect(third).toBe(second); + it.each([ + { + name: "does not reuse cached registries when env-resolved install paths change", + setup: () => { + useNoBundledPlugins(); + const openclawHome = makeTempDir(); + const ignoredHome = makeTempDir(); + const stateDir = makeTempDir(); + const pluginDir = path.join(openclawHome, "plugins", "tracked-install-cache"); + mkdirSafe(pluginDir); + const plugin = writePlugin({ + id: "tracked-install-cache", + dir: pluginDir, + filename: "index.cjs", + body: `module.exports = { id: "tracked-install-cache", register() {} };`, + }); + + const options = { + config: { + plugins: { + load: { paths: [plugin.file] }, + allow: ["tracked-install-cache"], + installs: { + "tracked-install-cache": { + source: "path" as const, + installPath: "~/plugins/tracked-install-cache", + sourcePath: "~/plugins/tracked-install-cache", + }, + }, + }, + }, + }; + + const secondHome = makeTempDir(); + return { + loadFirst: () => + loadOpenClawPlugins({ + ...options, + env: { + ...process.env, + OPENCLAW_HOME: openclawHome, + HOME: ignoredHome, + OPENCLAW_STATE_DIR: stateDir, + CLAWDBOT_STATE_DIR: undefined, + OPENCLAW_BUNDLED_PLUGINS_DIR: "/nonexistent/bundled/plugins", + }, + }), + loadVariant: () => + loadOpenClawPlugins({ + ...options, + env: { + ...process.env, + OPENCLAW_HOME: secondHome, + HOME: ignoredHome, + OPENCLAW_STATE_DIR: stateDir, + CLAWDBOT_STATE_DIR: undefined, + OPENCLAW_BUNDLED_PLUGINS_DIR: "/nonexistent/bundled/plugins", + }, + }), + }; + }, + }, + { + name: "does not reuse cached registries across gateway subagent binding modes", + setup: () => { + useNoBundledPlugins(); + const plugin = writePlugin({ + id: "cache-gateway-bindable", + filename: "cache-gateway-bindable.cjs", + body: `module.exports = { id: "cache-gateway-bindable", register() {} };`, + }); + + const options = { + workspaceDir: plugin.dir, + config: { + plugins: { + allow: ["cache-gateway-bindable"], + load: { + paths: [plugin.file], + }, + }, + }, + }; + + return { + loadFirst: () => loadOpenClawPlugins(options), + loadVariant: () => + loadOpenClawPlugins({ + ...options, + runtimeOptions: { + allowGatewaySubagentBinding: true, + }, + }), + }; + }, + }, + ])("$name", ({ setup }) => { + expectCacheMissThenHit(setup()); }); it("evicts least recently used registries when the loader cache exceeds its cap", () => { @@ -1153,12 +1619,13 @@ module.exports = { id: "skipped", register() { throw new Error("skipped plugin s ).toBe(true); }); - it("registers channel plugins", () => { + it("handles single-plugin channel, context engine, and cli validation", () => { useNoBundledPlugins(); - const plugin = writePlugin({ - id: "channel-demo", - filename: "channel-demo.cjs", - body: `module.exports = { id: "channel-demo", register(api) { + const scenarios = [ + { + label: "registers channel plugins", + pluginId: "channel-demo", + body: `module.exports = { id: "channel-demo", register(api) { api.registerChannel({ plugin: { id: "demo", @@ -1178,25 +1645,15 @@ module.exports = { id: "skipped", register() { throw new Error("skipped plugin s } }); } };`, - }); - - const registry = loadRegistryFromSinglePlugin({ - plugin, - pluginConfig: { - allow: ["channel-demo"], + assert: (registry: ReturnType) => { + const channel = registry.channels.find((entry) => entry.plugin.id === "demo"); + expect(channel).toBeDefined(); + }, }, - }); - - const channel = registry.channels.find((entry) => entry.plugin.id === "demo"); - expect(channel).toBeDefined(); - }); - - it("rejects duplicate channel ids during plugin registration", () => { - useNoBundledPlugins(); - const plugin = writePlugin({ - id: "channel-dup", - filename: "channel-dup.cjs", - body: `module.exports = { id: "channel-dup", register(api) { + { + label: "rejects duplicate channel ids during plugin registration", + pluginId: "channel-dup", + body: `module.exports = { id: "channel-dup", register(api) { api.registerChannel({ plugin: { id: "demo", @@ -1234,293 +1691,202 @@ module.exports = { id: "skipped", register() { throw new Error("skipped plugin s } }); } };`, - }); - - const registry = loadRegistryFromSinglePlugin({ - plugin, - pluginConfig: { - allow: ["channel-dup"], - }, - }); - - expect(registry.channels.filter((entry) => entry.plugin.id === "demo")).toHaveLength(1); - expect( - registry.diagnostics.some( - (entry) => - entry.level === "error" && - entry.pluginId === "channel-dup" && - entry.message === "channel already registered: demo (channel-dup)", - ), - ).toBe(true); - }); - - it("registers http routes with auth and match options", () => { - useNoBundledPlugins(); - const plugin = writePlugin({ - id: "http-demo", - filename: "http-demo.cjs", - body: `module.exports = { id: "http-demo", register(api) { - api.registerHttpRoute({ - path: "/webhook", - auth: "plugin", - match: "prefix", - handler: async () => false - }); -} };`, - }); - - const registry = loadRegistryFromSinglePlugin({ - plugin, - pluginConfig: { - allow: ["http-demo"], - }, - }); - - const route = registry.httpRoutes.find((entry) => entry.pluginId === "http-demo"); - expect(route).toBeDefined(); - expect(route?.path).toBe("/webhook"); - expect(route?.auth).toBe("plugin"); - expect(route?.match).toBe("prefix"); - const httpPlugin = registry.plugins.find((entry) => entry.id === "http-demo"); - expect(httpPlugin?.httpRoutes).toBe(1); - }); - - it("rejects duplicate plugin-visible hook names", () => { - useNoBundledPlugins(); - const first = writePlugin({ - id: "hook-owner-a", - filename: "hook-owner-a.cjs", - body: `module.exports = { id: "hook-owner-a", register(api) { - api.registerHook("gateway:startup", () => {}, { name: "shared-hook" }); -} };`, - }); - const second = writePlugin({ - id: "hook-owner-b", - filename: "hook-owner-b.cjs", - body: `module.exports = { id: "hook-owner-b", register(api) { - api.registerHook("gateway:startup", () => {}, { name: "shared-hook" }); -} };`, - }); - - const registry = loadOpenClawPlugins({ - cache: false, - config: { - plugins: { - load: { paths: [first.file, second.file] }, - allow: ["hook-owner-a", "hook-owner-b"], + assert: (registry: ReturnType) => { + expect(registry.channels.filter((entry) => entry.plugin.id === "demo")).toHaveLength(1); + expect( + registry.diagnostics.some( + (entry) => + entry.level === "error" && + entry.pluginId === "channel-dup" && + entry.message === "channel already registered: demo (channel-dup)", + ), + ).toBe(true); }, }, - }); - - expect(registry.hooks.filter((entry) => entry.entry.hook.name === "shared-hook")).toHaveLength( - 1, - ); - expect( - registry.diagnostics.some( - (diag) => - diag.level === "error" && - diag.pluginId === "hook-owner-b" && - diag.message === "hook already registered: shared-hook (hook-owner-a)", - ), - ).toBe(true); - }); - - it("rejects duplicate plugin service ids", () => { - useNoBundledPlugins(); - const first = writePlugin({ - id: "service-owner-a", - filename: "service-owner-a.cjs", - body: `module.exports = { id: "service-owner-a", register(api) { - api.registerService({ id: "shared-service", start() {} }); -} };`, - }); - const second = writePlugin({ - id: "service-owner-b", - filename: "service-owner-b.cjs", - body: `module.exports = { id: "service-owner-b", register(api) { - api.registerService({ id: "shared-service", start() {} }); -} };`, - }); - - const registry = loadOpenClawPlugins({ - cache: false, - config: { - plugins: { - load: { paths: [first.file, second.file] }, - allow: ["service-owner-a", "service-owner-b"], - }, - }, - }); - - expect(registry.services.filter((entry) => entry.service.id === "shared-service")).toHaveLength( - 1, - ); - expect( - registry.diagnostics.some( - (diag) => - diag.level === "error" && - diag.pluginId === "service-owner-b" && - diag.message === "service already registered: shared-service (service-owner-a)", - ), - ).toBe(true); - }); - - it("rejects plugin context engine ids reserved by core", () => { - useNoBundledPlugins(); - const plugin = writePlugin({ - id: "context-engine-core-collision", - filename: "context-engine-core-collision.cjs", - body: `module.exports = { id: "context-engine-core-collision", register(api) { + { + label: "rejects plugin context engine ids reserved by core", + pluginId: "context-engine-core-collision", + body: `module.exports = { id: "context-engine-core-collision", register(api) { api.registerContextEngine("legacy", () => ({})); } };`, - }); - - const registry = loadRegistryFromSinglePlugin({ - plugin, - pluginConfig: { - allow: ["context-engine-core-collision"], - }, - }); - - expect( - registry.diagnostics.some( - (diag) => - diag.level === "error" && - diag.pluginId === "context-engine-core-collision" && - diag.message === "context engine id reserved by core: legacy", - ), - ).toBe(true); - }); - - it("rejects duplicate plugin context engine ids", () => { - useNoBundledPlugins(); - const first = writePlugin({ - id: "context-engine-owner-a", - filename: "context-engine-owner-a.cjs", - body: `module.exports = { id: "context-engine-owner-a", register(api) { - api.registerContextEngine("shared-context-engine-loader-test", () => ({})); -} };`, - }); - const second = writePlugin({ - id: "context-engine-owner-b", - filename: "context-engine-owner-b.cjs", - body: `module.exports = { id: "context-engine-owner-b", register(api) { - api.registerContextEngine("shared-context-engine-loader-test", () => ({})); -} };`, - }); - - const registry = loadOpenClawPlugins({ - cache: false, - config: { - plugins: { - load: { paths: [first.file, second.file] }, - allow: ["context-engine-owner-a", "context-engine-owner-b"], + assert: (registry: ReturnType) => { + expect( + registry.diagnostics.some( + (diag) => + diag.level === "error" && + diag.pluginId === "context-engine-core-collision" && + diag.message === "context engine id reserved by core: legacy", + ), + ).toBe(true); }, }, - }); - - expect( - registry.diagnostics.some( - (diag) => - diag.level === "error" && - diag.pluginId === "context-engine-owner-b" && - diag.message === - "context engine already registered: shared-context-engine-loader-test (plugin:context-engine-owner-a)", - ), - ).toBe(true); - }); - - it("requires plugin CLI registrars to declare explicit command roots", () => { - useNoBundledPlugins(); - const plugin = writePlugin({ - id: "cli-missing-metadata", - filename: "cli-missing-metadata.cjs", - body: `module.exports = { id: "cli-missing-metadata", register(api) { + { + label: "requires plugin CLI registrars to declare explicit command roots", + pluginId: "cli-missing-metadata", + body: `module.exports = { id: "cli-missing-metadata", register(api) { api.registerCli(() => {}); } };`, - }); - - const registry = loadRegistryFromSinglePlugin({ - plugin, - pluginConfig: { - allow: ["cli-missing-metadata"], - }, - }); - - expect(registry.cliRegistrars).toHaveLength(0); - expect( - registry.diagnostics.some( - (diag) => - diag.level === "error" && - diag.pluginId === "cli-missing-metadata" && - diag.message === "cli registration missing explicit commands metadata", - ), - ).toBe(true); - }); - - it("rejects duplicate plugin CLI command roots", () => { - useNoBundledPlugins(); - const first = writePlugin({ - id: "cli-owner-a", - filename: "cli-owner-a.cjs", - body: `module.exports = { id: "cli-owner-a", register(api) { - api.registerCli(() => {}, { commands: ["shared-cli"] }); -} };`, - }); - const second = writePlugin({ - id: "cli-owner-b", - filename: "cli-owner-b.cjs", - body: `module.exports = { id: "cli-owner-b", register(api) { - api.registerCli(() => {}, { commands: ["shared-cli"] }); -} };`, - }); - - const registry = loadOpenClawPlugins({ - cache: false, - config: { - plugins: { - load: { paths: [first.file, second.file] }, - allow: ["cli-owner-a", "cli-owner-b"], + assert: (registry: ReturnType) => { + expect(registry.cliRegistrars).toHaveLength(0); + expect( + registry.diagnostics.some( + (diag) => + diag.level === "error" && + diag.pluginId === "cli-missing-metadata" && + diag.message === "cli registration missing explicit commands metadata", + ), + ).toBe(true); }, }, - }); + ] as const; - expect(registry.cliRegistrars).toHaveLength(1); - expect(registry.cliRegistrars[0]?.pluginId).toBe("cli-owner-a"); - expect( - registry.diagnostics.some( - (diag) => - diag.level === "error" && - diag.pluginId === "cli-owner-b" && - diag.message === "cli command already registered: shared-cli (cli-owner-a)", - ), - ).toBe(true); + for (const scenario of scenarios) { + const plugin = writePlugin({ + id: scenario.pluginId, + filename: `${scenario.pluginId}.cjs`, + body: scenario.body, + }); + + const registry = loadRegistryFromSinglePlugin({ + plugin, + pluginConfig: { + allow: [scenario.pluginId], + }, + }); + + scenario.assert(registry); + } }); - it("registers http routes", () => { + it("registers plugin http routes", () => { useNoBundledPlugins(); - const plugin = writePlugin({ - id: "http-route-demo", - filename: "http-route-demo.cjs", - body: `module.exports = { id: "http-route-demo", register(api) { - api.registerHttpRoute({ path: "/demo", auth: "gateway", handler: async (_req, res) => { res.statusCode = 200; res.end("ok"); } }); -} };`, - }); - - const registry = loadRegistryFromSinglePlugin({ - plugin, - pluginConfig: { - allow: ["http-route-demo"], + const scenarios = [ + { + label: "defaults exact match", + pluginId: "http-route-demo", + routeOptions: + '{ path: "/demo", auth: "gateway", handler: async (_req, res) => { res.statusCode = 200; res.end("ok"); } }', + expectedPath: "/demo", + expectedAuth: "gateway", + expectedMatch: "exact", }, - }); + { + label: "keeps explicit auth and match options", + pluginId: "http-demo", + routeOptions: + '{ path: "/webhook", auth: "plugin", match: "prefix", handler: async () => false }', + expectedPath: "/webhook", + expectedAuth: "plugin", + expectedMatch: "prefix", + }, + ] as const; - const route = registry.httpRoutes.find((entry) => entry.pluginId === "http-route-demo"); - expect(route).toBeDefined(); - expect(route?.path).toBe("/demo"); - expect(route?.auth).toBe("gateway"); - expect(route?.match).toBe("exact"); - const httpPlugin = registry.plugins.find((entry) => entry.id === "http-route-demo"); - expect(httpPlugin?.httpRoutes).toBe(1); + for (const scenario of scenarios) { + const plugin = writePlugin({ + id: scenario.pluginId, + filename: `${scenario.pluginId}.cjs`, + body: `module.exports = { id: "${scenario.pluginId}", register(api) { + api.registerHttpRoute(${scenario.routeOptions}); +} };`, + }); + + const registry = loadRegistryFromSinglePlugin({ + plugin, + pluginConfig: { + allow: [scenario.pluginId], + }, + }); + + const route = registry.httpRoutes.find((entry) => entry.pluginId === scenario.pluginId); + expect(route, scenario.label).toBeDefined(); + expect(route?.path, scenario.label).toBe(scenario.expectedPath); + expect(route?.auth, scenario.label).toBe(scenario.expectedAuth); + expect(route?.match, scenario.label).toBe(scenario.expectedMatch); + const httpPlugin = registry.plugins.find((entry) => entry.id === scenario.pluginId); + expect(httpPlugin?.httpRoutes, scenario.label).toBe(1); + } + }); + + it("rejects duplicate plugin registrations", () => { + useNoBundledPlugins(); + const scenarios = [ + { + label: "plugin-visible hook names", + ownerA: "hook-owner-a", + ownerB: "hook-owner-b", + buildBody: (ownerId: string) => `module.exports = { id: "${ownerId}", register(api) { + api.registerHook("gateway:startup", () => {}, { name: "shared-hook" }); +} };`, + selectCount: (registry: ReturnType) => + registry.hooks.filter((entry) => entry.entry.hook.name === "shared-hook").length, + duplicateMessage: "hook already registered: shared-hook (hook-owner-a)", + }, + { + label: "plugin service ids", + ownerA: "service-owner-a", + ownerB: "service-owner-b", + buildBody: (ownerId: string) => `module.exports = { id: "${ownerId}", register(api) { + api.registerService({ id: "shared-service", start() {} }); +} };`, + selectCount: (registry: ReturnType) => + registry.services.filter((entry) => entry.service.id === "shared-service").length, + duplicateMessage: "service already registered: shared-service (service-owner-a)", + }, + { + label: "plugin context engine ids", + ownerA: "context-engine-owner-a", + ownerB: "context-engine-owner-b", + buildBody: (ownerId: string) => `module.exports = { id: "${ownerId}", register(api) { + api.registerContextEngine("shared-context-engine-loader-test", () => ({})); +} };`, + selectCount: () => 1, + duplicateMessage: + "context engine already registered: shared-context-engine-loader-test (plugin:context-engine-owner-a)", + }, + { + label: "plugin CLI command roots", + ownerA: "cli-owner-a", + ownerB: "cli-owner-b", + buildBody: (ownerId: string) => `module.exports = { id: "${ownerId}", register(api) { + api.registerCli(() => {}, { commands: ["shared-cli"] }); +} };`, + selectCount: (registry: ReturnType) => + registry.cliRegistrars.length, + duplicateMessage: "cli command already registered: shared-cli (cli-owner-a)", + assertPrimaryOwner: (registry: ReturnType) => { + expect(registry.cliRegistrars[0]?.pluginId).toBe("cli-owner-a"); + }, + }, + ] as const; + + for (const scenario of scenarios) { + const first = writePlugin({ + id: scenario.ownerA, + filename: `${scenario.ownerA}.cjs`, + body: scenario.buildBody(scenario.ownerA), + }); + const second = writePlugin({ + id: scenario.ownerB, + filename: `${scenario.ownerB}.cjs`, + body: scenario.buildBody(scenario.ownerB), + }); + + const registry = loadRegistryFromAllowedPlugins([first, second]); + + expect(scenario.selectCount(registry), scenario.label).toBe(1); + if ("assertPrimaryOwner" in scenario) { + scenario.assertPrimaryOwner?.(registry); + } + expect( + registry.diagnostics.some( + (diag) => + diag.level === "error" && + diag.pluginId === scenario.ownerB && + diag.message === scenario.duplicateMessage, + ), + scenario.label, + ).toBe(true); + } }); it("rewrites removed registerHttpHandler failures into migration diagnostics", () => { @@ -1582,146 +1948,140 @@ module.exports = { id: "skipped", register() { throw new Error("skipped plugin s expect(loaded?.error).not.toContain("api.registerHttpHandler(...) was removed"); }); - it("rejects plugin http routes missing explicit auth", () => { + it("enforces plugin http route validation and conflict rules", () => { useNoBundledPlugins(); - const plugin = writePlugin({ - id: "http-route-missing-auth", - filename: "http-route-missing-auth.cjs", - body: `module.exports = { id: "http-route-missing-auth", register(api) { + const scenarios = [ + { + label: "missing auth is rejected", + buildPlugins: () => [ + writePlugin({ + id: "http-route-missing-auth", + filename: "http-route-missing-auth.cjs", + body: `module.exports = { id: "http-route-missing-auth", register(api) { api.registerHttpRoute({ path: "/demo", handler: async () => true }); } };`, - }); - - const registry = loadRegistryFromSinglePlugin({ - plugin, - pluginConfig: { - allow: ["http-route-missing-auth"], - }, - }); - - expect(registry.httpRoutes.find((entry) => entry.pluginId === "http-route-missing-auth")).toBe( - undefined, - ); - expect( - registry.diagnostics.some((diag) => - String(diag.message).includes("http route registration missing or invalid auth"), - ), - ).toBe(true); - }); - - it("allows explicit replaceExisting for same-plugin http route overrides", () => { - useNoBundledPlugins(); - const plugin = writePlugin({ - id: "http-route-replace-self", - filename: "http-route-replace-self.cjs", - body: `module.exports = { id: "http-route-replace-self", register(api) { - api.registerHttpRoute({ path: "/demo", auth: "plugin", handler: async () => false }); - api.registerHttpRoute({ path: "/demo", auth: "plugin", replaceExisting: true, handler: async () => true }); -} };`, - }); - - const registry = loadRegistryFromSinglePlugin({ - plugin, - pluginConfig: { - allow: ["http-route-replace-self"], - }, - }); - - const routes = registry.httpRoutes.filter( - (entry) => entry.pluginId === "http-route-replace-self", - ); - expect(routes).toHaveLength(1); - expect(routes[0]?.path).toBe("/demo"); - expect(registry.diagnostics).toEqual([]); - }); - - it("rejects http route replacement when another plugin owns the route", () => { - useNoBundledPlugins(); - const first = writePlugin({ - id: "http-route-owner-a", - filename: "http-route-owner-a.cjs", - body: `module.exports = { id: "http-route-owner-a", register(api) { - api.registerHttpRoute({ path: "/demo", auth: "plugin", handler: async () => false }); -} };`, - }); - const second = writePlugin({ - id: "http-route-owner-b", - filename: "http-route-owner-b.cjs", - body: `module.exports = { id: "http-route-owner-b", register(api) { - api.registerHttpRoute({ path: "/demo", auth: "plugin", replaceExisting: true, handler: async () => true }); -} };`, - }); - - const registry = loadOpenClawPlugins({ - cache: false, - config: { - plugins: { - load: { paths: [first.file, second.file] }, - allow: ["http-route-owner-a", "http-route-owner-b"], + }), + ], + assert: (registry: ReturnType) => { + expect( + registry.httpRoutes.find((entry) => entry.pluginId === "http-route-missing-auth"), + ).toBeUndefined(); + expect( + registry.diagnostics.some((diag) => + String(diag.message).includes("http route registration missing or invalid auth"), + ), + ).toBe(true); }, }, - }); - - const route = registry.httpRoutes.find((entry) => entry.path === "/demo"); - expect(route?.pluginId).toBe("http-route-owner-a"); - expect( - registry.diagnostics.some((diag) => - String(diag.message).includes("http route replacement rejected"), - ), - ).toBe(true); - }); - - it("rejects mixed-auth overlapping http routes", () => { - useNoBundledPlugins(); - const plugin = writePlugin({ - id: "http-route-overlap", - filename: "http-route-overlap.cjs", - body: `module.exports = { id: "http-route-overlap", register(api) { + { + label: "same plugin can replace its own route", + buildPlugins: () => [ + writePlugin({ + id: "http-route-replace-self", + filename: "http-route-replace-self.cjs", + body: `module.exports = { id: "http-route-replace-self", register(api) { + api.registerHttpRoute({ path: "/demo", auth: "plugin", handler: async () => false }); + api.registerHttpRoute({ path: "/demo", auth: "plugin", replaceExisting: true, handler: async () => true }); +} };`, + }), + ], + assert: (registry: ReturnType) => { + const routes = registry.httpRoutes.filter( + (entry) => entry.pluginId === "http-route-replace-self", + ); + expect(routes).toHaveLength(1); + expect(routes[0]?.path).toBe("/demo"); + expect(registry.diagnostics).toEqual([]); + }, + }, + { + label: "cross-plugin replaceExisting is rejected", + buildPlugins: () => [ + writePlugin({ + id: "http-route-owner-a", + filename: "http-route-owner-a.cjs", + body: `module.exports = { id: "http-route-owner-a", register(api) { + api.registerHttpRoute({ path: "/demo", auth: "plugin", handler: async () => false }); +} };`, + }), + writePlugin({ + id: "http-route-owner-b", + filename: "http-route-owner-b.cjs", + body: `module.exports = { id: "http-route-owner-b", register(api) { + api.registerHttpRoute({ path: "/demo", auth: "plugin", replaceExisting: true, handler: async () => true }); +} };`, + }), + ], + assert: (registry: ReturnType) => { + const route = registry.httpRoutes.find((entry) => entry.path === "/demo"); + expect(route?.pluginId).toBe("http-route-owner-a"); + expect( + registry.diagnostics.some((diag) => + String(diag.message).includes("http route replacement rejected"), + ), + ).toBe(true); + }, + }, + { + label: "mixed-auth overlaps are rejected", + buildPlugins: () => [ + writePlugin({ + id: "http-route-overlap", + filename: "http-route-overlap.cjs", + body: `module.exports = { id: "http-route-overlap", register(api) { api.registerHttpRoute({ path: "/plugin/secure", auth: "gateway", match: "prefix", handler: async () => true }); api.registerHttpRoute({ path: "/plugin/secure/report", auth: "plugin", match: "exact", handler: async () => true }); } };`, - }); - - const registry = loadRegistryFromSinglePlugin({ - plugin, - pluginConfig: { - allow: ["http-route-overlap"], + }), + ], + assert: (registry: ReturnType) => { + const routes = registry.httpRoutes.filter( + (entry) => entry.pluginId === "http-route-overlap", + ); + expect(routes).toHaveLength(1); + expect(routes[0]?.path).toBe("/plugin/secure"); + expect( + registry.diagnostics.some((diag) => + String(diag.message).includes("http route overlap rejected"), + ), + ).toBe(true); + }, }, - }); - - const routes = registry.httpRoutes.filter((entry) => entry.pluginId === "http-route-overlap"); - expect(routes).toHaveLength(1); - expect(routes[0]?.path).toBe("/plugin/secure"); - expect( - registry.diagnostics.some((diag) => - String(diag.message).includes("http route overlap rejected"), - ), - ).toBe(true); - }); - - it("allows same-auth overlapping http routes", () => { - useNoBundledPlugins(); - const plugin = writePlugin({ - id: "http-route-overlap-same-auth", - filename: "http-route-overlap-same-auth.cjs", - body: `module.exports = { id: "http-route-overlap-same-auth", register(api) { + { + label: "same-auth overlaps are allowed", + buildPlugins: () => [ + writePlugin({ + id: "http-route-overlap-same-auth", + filename: "http-route-overlap-same-auth.cjs", + body: `module.exports = { id: "http-route-overlap-same-auth", register(api) { api.registerHttpRoute({ path: "/plugin/public", auth: "plugin", match: "prefix", handler: async () => true }); api.registerHttpRoute({ path: "/plugin/public/report", auth: "plugin", match: "exact", handler: async () => true }); } };`, - }); - - const registry = loadRegistryFromSinglePlugin({ - plugin, - pluginConfig: { - allow: ["http-route-overlap-same-auth"], + }), + ], + assert: (registry: ReturnType) => { + const routes = registry.httpRoutes.filter( + (entry) => entry.pluginId === "http-route-overlap-same-auth", + ); + expect(routes).toHaveLength(2); + expect(registry.diagnostics).toEqual([]); + }, }, - }); + ] as const; - const routes = registry.httpRoutes.filter( - (entry) => entry.pluginId === "http-route-overlap-same-auth", - ); - expect(routes).toHaveLength(2); - expect(registry.diagnostics).toEqual([]); + for (const scenario of scenarios) { + const plugins = scenario.buildPlugins(); + const registry = + plugins.length === 1 + ? loadRegistryFromSinglePlugin({ + plugin: plugins[0], + pluginConfig: { + allow: [plugins[0].id], + }, + }) + : loadRegistryFromAllowedPlugins(plugins); + scenario.assert(registry); + } }); it("respects explicit disable in config", () => { @@ -1824,427 +2184,130 @@ module.exports = { ); }); - it("uses package setupEntry for setup-only channel loads", () => { - useNoBundledPlugins(); - const pluginDir = makeTempDir(); - const fullMarker = path.join(pluginDir, "full-loaded.txt"); - const setupMarker = path.join(pluginDir, "setup-loaded.txt"); - fs.writeFileSync( - path.join(pluginDir, "package.json"), - JSON.stringify( - { - name: "@openclaw/setup-entry-test", - openclaw: { - extensions: ["./index.cjs"], - setupEntry: "./setup-entry.cjs", - }, - }, - null, - 2, - ), - "utf-8", - ); - fs.writeFileSync( - path.join(pluginDir, "openclaw.plugin.json"), - JSON.stringify( - { - id: "setup-entry-test", - configSchema: EMPTY_PLUGIN_SCHEMA, - channels: ["setup-entry-test"], - }, - null, - 2, - ), - "utf-8", - ); - fs.writeFileSync( - path.join(pluginDir, "index.cjs"), - `require("node:fs").writeFileSync(${JSON.stringify(fullMarker)}, "loaded", "utf-8"); -module.exports = { - id: "setup-entry-test", - register(api) { - api.registerChannel({ - plugin: { + it.each([ + { + name: "uses package setupEntry for setup-only channel loads", + fixture: { id: "setup-entry-test", - meta: { - id: "setup-entry-test", - label: "Setup Entry Test", - selectionLabel: "Setup Entry Test", - docsPath: "/channels/setup-entry-test", - blurb: "full entry should not run in setup-only mode", - }, - capabilities: { chatTypes: ["direct"] }, - config: { - listAccountIds: () => [], - resolveAccount: () => ({ accountId: "default" }), - }, - outbound: { deliveryMode: "direct" }, + label: "Setup Entry Test", + packageName: "@openclaw/setup-entry-test", + fullBlurb: "full entry should not run in setup-only mode", + setupBlurb: "setup entry", + configured: false, }, - }); - }, -};`, - "utf-8", - ); - fs.writeFileSync( - path.join(pluginDir, "setup-entry.cjs"), - `require("node:fs").writeFileSync(${JSON.stringify(setupMarker)}, "loaded", "utf-8"); -module.exports = { - plugin: { - id: "setup-entry-test", - meta: { - id: "setup-entry-test", - label: "Setup Entry Test", - selectionLabel: "Setup Entry Test", - docsPath: "/channels/setup-entry-test", - blurb: "setup entry", - }, - capabilities: { chatTypes: ["direct"] }, - config: { - listAccountIds: () => [], - resolveAccount: () => ({ accountId: "default" }), - }, - outbound: { deliveryMode: "direct" }, - }, -};`, - "utf-8", - ); - - const setupRegistry = loadOpenClawPlugins({ - cache: false, - config: { - plugins: { - load: { paths: [pluginDir] }, - allow: ["setup-entry-test"], - entries: { - "setup-entry-test": { enabled: false }, - }, - }, - }, - includeSetupOnlyChannelPlugins: true, - }); - - expect(fs.existsSync(setupMarker)).toBe(true); - expect(fs.existsSync(fullMarker)).toBe(false); - expect(setupRegistry.channelSetups).toHaveLength(1); - expect(setupRegistry.channels).toHaveLength(0); - }); - - it("uses package setupEntry for enabled but unconfigured channel loads", () => { - useNoBundledPlugins(); - const pluginDir = makeTempDir(); - const fullMarker = path.join(pluginDir, "full-loaded.txt"); - const setupMarker = path.join(pluginDir, "setup-loaded.txt"); - fs.writeFileSync( - path.join(pluginDir, "package.json"), - JSON.stringify( - { - name: "@openclaw/setup-runtime-test", - openclaw: { - extensions: ["./index.cjs"], - setupEntry: "./setup-entry.cjs", - }, - }, - null, - 2, - ), - "utf-8", - ); - fs.writeFileSync( - path.join(pluginDir, "openclaw.plugin.json"), - JSON.stringify( - { - id: "setup-runtime-test", - configSchema: EMPTY_PLUGIN_SCHEMA, - channels: ["setup-runtime-test"], - }, - null, - 2, - ), - "utf-8", - ); - fs.writeFileSync( - path.join(pluginDir, "index.cjs"), - `require("node:fs").writeFileSync(${JSON.stringify(fullMarker)}, "loaded", "utf-8"); -module.exports = { - id: "setup-runtime-test", - register(api) { - api.registerChannel({ - plugin: { - id: "setup-runtime-test", - meta: { - id: "setup-runtime-test", - label: "Setup Runtime Test", - selectionLabel: "Setup Runtime Test", - docsPath: "/channels/setup-runtime-test", - blurb: "full entry should not run while unconfigured", - }, - capabilities: { chatTypes: ["direct"] }, - config: { - listAccountIds: () => [], - resolveAccount: () => ({ accountId: "default" }), - }, - outbound: { deliveryMode: "direct" }, - }, - }); - }, -};`, - "utf-8", - ); - fs.writeFileSync( - path.join(pluginDir, "setup-entry.cjs"), - `require("node:fs").writeFileSync(${JSON.stringify(setupMarker)}, "loaded", "utf-8"); -module.exports = { - plugin: { - id: "setup-runtime-test", - meta: { - id: "setup-runtime-test", - label: "Setup Runtime Test", - selectionLabel: "Setup Runtime Test", - docsPath: "/channels/setup-runtime-test", - blurb: "setup runtime", - }, - capabilities: { chatTypes: ["direct"] }, - config: { - listAccountIds: () => [], - resolveAccount: () => ({ accountId: "default" }), - }, - outbound: { deliveryMode: "direct" }, - }, -};`, - "utf-8", - ); - - const registry = loadOpenClawPlugins({ - cache: false, - config: { - plugins: { - load: { paths: [pluginDir] }, - allow: ["setup-runtime-test"], - }, - }, - }); - - expect(fs.existsSync(setupMarker)).toBe(true); - expect(fs.existsSync(fullMarker)).toBe(false); - expect(registry.channelSetups).toHaveLength(1); - expect(registry.channels).toHaveLength(1); - }); - - it("can prefer setupEntry for configured channel loads during startup", () => { - useNoBundledPlugins(); - const pluginDir = makeTempDir(); - const fullMarker = path.join(pluginDir, "full-loaded.txt"); - const setupMarker = path.join(pluginDir, "setup-loaded.txt"); - fs.writeFileSync( - path.join(pluginDir, "package.json"), - JSON.stringify( - { - name: "@openclaw/setup-runtime-preferred-test", - openclaw: { - extensions: ["./index.cjs"], - setupEntry: "./setup-entry.cjs", - startup: { - deferConfiguredChannelFullLoadUntilAfterListen: true, + load: ({ pluginDir }: { pluginDir: string }) => + loadOpenClawPlugins({ + cache: false, + config: { + plugins: { + load: { paths: [pluginDir] }, + allow: ["setup-entry-test"], + entries: { + "setup-entry-test": { enabled: false }, + }, }, }, - }, - null, - 2, - ), - "utf-8", - ); - fs.writeFileSync( - path.join(pluginDir, "openclaw.plugin.json"), - JSON.stringify( - { - id: "setup-runtime-preferred-test", - configSchema: EMPTY_PLUGIN_SCHEMA, - channels: ["setup-runtime-preferred-test"], - }, - null, - 2, - ), - "utf-8", - ); - fs.writeFileSync( - path.join(pluginDir, "index.cjs"), - `require("node:fs").writeFileSync(${JSON.stringify(fullMarker)}, "loaded", "utf-8"); -module.exports = { - id: "setup-runtime-preferred-test", - register(api) { - api.registerChannel({ - plugin: { + includeSetupOnlyChannelPlugins: true, + }), + expectFullLoaded: false, + expectSetupLoaded: true, + expectedChannels: 0, + }, + { + name: "uses package setupEntry for enabled but unconfigured channel loads", + fixture: { + id: "setup-runtime-test", + label: "Setup Runtime Test", + packageName: "@openclaw/setup-runtime-test", + fullBlurb: "full entry should not run while unconfigured", + setupBlurb: "setup runtime", + configured: false, + }, + load: ({ pluginDir }: { pluginDir: string }) => + loadOpenClawPlugins({ + cache: false, + config: { + plugins: { + load: { paths: [pluginDir] }, + allow: ["setup-runtime-test"], + }, + }, + }), + expectFullLoaded: false, + expectSetupLoaded: true, + expectedChannels: 1, + }, + { + name: "can prefer setupEntry for configured channel loads during startup", + fixture: { id: "setup-runtime-preferred-test", - meta: { - id: "setup-runtime-preferred-test", - label: "Setup Runtime Preferred Test", - selectionLabel: "Setup Runtime Preferred Test", - docsPath: "/channels/setup-runtime-preferred-test", - blurb: "full entry should be deferred while startup is still cold", - }, - capabilities: { chatTypes: ["direct"] }, - config: { - listAccountIds: () => ["default"], - resolveAccount: () => ({ accountId: "default", token: "configured" }), - }, - outbound: { deliveryMode: "direct" }, + label: "Setup Runtime Preferred Test", + packageName: "@openclaw/setup-runtime-preferred-test", + fullBlurb: "full entry should be deferred while startup is still cold", + setupBlurb: "setup runtime preferred", + configured: true, + startupDeferConfiguredChannelFullLoadUntilAfterListen: true, }, - }); - }, -};`, - "utf-8", - ); - fs.writeFileSync( - path.join(pluginDir, "setup-entry.cjs"), - `require("node:fs").writeFileSync(${JSON.stringify(setupMarker)}, "loaded", "utf-8"); -module.exports = { - plugin: { - id: "setup-runtime-preferred-test", - meta: { - id: "setup-runtime-preferred-test", - label: "Setup Runtime Preferred Test", - selectionLabel: "Setup Runtime Preferred Test", - docsPath: "/channels/setup-runtime-preferred-test", - blurb: "setup runtime preferred", - }, - capabilities: { chatTypes: ["direct"] }, - config: { - listAccountIds: () => ["default"], - resolveAccount: () => ({ accountId: "default", token: "configured" }), - }, - outbound: { deliveryMode: "direct" }, - }, -};`, - "utf-8", - ); - - const registry = loadOpenClawPlugins({ - cache: false, - preferSetupRuntimeForChannelPlugins: true, - config: { - channels: { - "setup-runtime-preferred-test": { - enabled: true, + load: ({ pluginDir }: { pluginDir: string }) => + loadOpenClawPlugins({ + cache: false, + preferSetupRuntimeForChannelPlugins: true, + config: { + channels: { + "setup-runtime-preferred-test": { + enabled: true, + token: "configured", + }, + }, + plugins: { + load: { paths: [pluginDir] }, + allow: ["setup-runtime-preferred-test"], + }, }, - }, - plugins: { - load: { paths: [pluginDir] }, - allow: ["setup-runtime-preferred-test"], - }, - }, - }); - - expect(fs.existsSync(setupMarker)).toBe(true); - expect(fs.existsSync(fullMarker)).toBe(false); - expect(registry.channelSetups).toHaveLength(1); - expect(registry.channels).toHaveLength(1); - }); - - it("does not prefer setupEntry for configured channel loads without startup opt-in", () => { - useNoBundledPlugins(); - const pluginDir = makeTempDir(); - const fullMarker = path.join(makeTempDir(), "full-loaded.txt"); - const setupMarker = path.join(makeTempDir(), "setup-loaded.txt"); - fs.writeFileSync( - path.join(pluginDir, "package.json"), - JSON.stringify( - { - name: "@openclaw/setup-runtime-not-preferred-test", - openclaw: { - extensions: ["./index.cjs"], - setupEntry: "./setup-entry.cjs", - }, - }, - null, - 2, - ), - "utf-8", - ); - fs.writeFileSync( - path.join(pluginDir, "openclaw.plugin.json"), - JSON.stringify( - { - id: "setup-runtime-not-preferred-test", - configSchema: EMPTY_PLUGIN_SCHEMA, - channels: ["setup-runtime-not-preferred-test"], - }, - null, - 2, - ), - "utf-8", - ); - fs.writeFileSync( - path.join(pluginDir, "index.cjs"), - `require("node:fs").writeFileSync(${JSON.stringify(fullMarker)}, "loaded", "utf-8"); -module.exports = { - id: "setup-runtime-not-preferred-test", - register(api) { - api.registerChannel({ - plugin: { + }), + expectFullLoaded: false, + expectSetupLoaded: true, + expectedChannels: 1, + }, + { + name: "does not prefer setupEntry for configured channel loads without startup opt-in", + fixture: { id: "setup-runtime-not-preferred-test", - meta: { - id: "setup-runtime-not-preferred-test", - label: "Setup Runtime Not Preferred Test", - selectionLabel: "Setup Runtime Not Preferred Test", - docsPath: "/channels/setup-runtime-not-preferred-test", - blurb: "full entry should still load without explicit startup opt-in", - }, - capabilities: { chatTypes: ["direct"] }, - config: { - listAccountIds: () => ["default"], - resolveAccount: () => ({ accountId: "default", token: "configured" }), - }, - outbound: { deliveryMode: "direct" }, + label: "Setup Runtime Not Preferred Test", + packageName: "@openclaw/setup-runtime-not-preferred-test", + fullBlurb: "full entry should still load without explicit startup opt-in", + setupBlurb: "setup runtime not preferred", + configured: true, }, - }); - }, -};`, - "utf-8", - ); - fs.writeFileSync( - path.join(pluginDir, "setup-entry.cjs"), - `require("node:fs").writeFileSync(${JSON.stringify(setupMarker)}, "loaded", "utf-8"); -module.exports = { - plugin: { - id: "setup-runtime-not-preferred-test", - meta: { - id: "setup-runtime-not-preferred-test", - label: "Setup Runtime Not Preferred Test", - selectionLabel: "Setup Runtime Not Preferred Test", - docsPath: "/channels/setup-runtime-not-preferred-test", - blurb: "setup runtime not preferred", - }, - capabilities: { chatTypes: ["direct"] }, - config: { - listAccountIds: () => ["default"], - resolveAccount: () => ({ accountId: "default", token: "configured" }), - }, - outbound: { deliveryMode: "direct" }, - }, -};`, - "utf-8", - ); - - const registry = loadOpenClawPlugins({ - cache: false, - preferSetupRuntimeForChannelPlugins: true, - config: { - channels: { - "setup-runtime-not-preferred-test": { - enabled: true, + load: ({ pluginDir }: { pluginDir: string }) => + loadOpenClawPlugins({ + cache: false, + preferSetupRuntimeForChannelPlugins: true, + config: { + channels: { + "setup-runtime-not-preferred-test": { + enabled: true, + token: "configured", + }, + }, + plugins: { + load: { paths: [pluginDir] }, + allow: ["setup-runtime-not-preferred-test"], + }, }, - }, - plugins: { - load: { paths: [pluginDir] }, - allow: ["setup-runtime-not-preferred-test"], - }, - }, - }); + }), + expectFullLoaded: true, + expectSetupLoaded: false, + expectedChannels: 1, + }, + ])("$name", ({ fixture, load, expectFullLoaded, expectSetupLoaded, expectedChannels }) => { + const built = createSetupEntryChannelPluginFixture(fixture); + const registry = load({ pluginDir: built.pluginDir }); - expect(fs.existsSync(fullMarker)).toBe(true); - expect(fs.existsSync(setupMarker)).toBe(false); + expect(fs.existsSync(built.fullMarker)).toBe(expectFullLoaded); + expect(fs.existsSync(built.setupMarker)).toBe(expectSetupLoaded); expect(registry.channelSetups).toHaveLength(1); - expect(registry.channels).toHaveLength(1); + expect(registry.channels).toHaveLength(expectedChannels); }); it("blocks before_prompt_build but preserves legacy model overrides when prompt injection is disabled", async () => { @@ -2363,305 +2426,483 @@ module.exports = { ).toBe(true); }); - it("enforces memory slot selection", () => { - process.env.OPENCLAW_BUNDLED_PLUGINS_DIR = "/nonexistent/bundled/plugins"; - const memoryA = writePlugin({ - id: "memory-a", - body: `module.exports = { id: "memory-a", kind: "memory", register() {} };`, - }); - const memoryB = writePlugin({ - id: "memory-b", - body: `module.exports = { id: "memory-b", kind: "memory", register() {} };`, - }); + it("enforces memory slot loading rules", () => { + const scenarios = [ + { + label: "enforces memory slot selection", + loadRegistry: () => { + process.env.OPENCLAW_BUNDLED_PLUGINS_DIR = "/nonexistent/bundled/plugins"; + const memoryA = writePlugin({ + id: "memory-a", + body: `module.exports = { id: "memory-a", kind: "memory", register() {} };`, + }); + const memoryB = writePlugin({ + id: "memory-b", + body: `module.exports = { id: "memory-b", kind: "memory", register() {} };`, + }); - const registry = loadOpenClawPlugins({ - cache: false, - config: { - plugins: { - load: { paths: [memoryA.file, memoryB.file] }, - slots: { memory: "memory-b" }, - }, - }, - }); - - const a = registry.plugins.find((entry) => entry.id === "memory-a"); - const b = registry.plugins.find((entry) => entry.id === "memory-b"); - expect(b?.status).toBe("loaded"); - expect(a?.status).toBe("disabled"); - }); - - it("skips importing bundled memory plugins that are disabled by memory slot", () => { - const bundledDir = makeTempDir(); - const memoryADir = path.join(bundledDir, "memory-a"); - const memoryBDir = path.join(bundledDir, "memory-b"); - mkdirSafe(memoryADir); - mkdirSafe(memoryBDir); - writePlugin({ - id: "memory-a", - dir: memoryADir, - filename: "index.cjs", - body: `throw new Error("memory-a should not be imported when slot selects memory-b");`, - }); - writePlugin({ - id: "memory-b", - dir: memoryBDir, - filename: "index.cjs", - body: `module.exports = { id: "memory-b", kind: "memory", register() {} };`, - }); - fs.writeFileSync( - path.join(memoryADir, "openclaw.plugin.json"), - JSON.stringify( - { - id: "memory-a", - kind: "memory", - configSchema: EMPTY_PLUGIN_SCHEMA, - }, - null, - 2, - ), - "utf-8", - ); - fs.writeFileSync( - path.join(memoryBDir, "openclaw.plugin.json"), - JSON.stringify( - { - id: "memory-b", - kind: "memory", - configSchema: EMPTY_PLUGIN_SCHEMA, - }, - null, - 2, - ), - "utf-8", - ); - process.env.OPENCLAW_BUNDLED_PLUGINS_DIR = bundledDir; - - const registry = loadOpenClawPlugins({ - cache: false, - config: { - plugins: { - allow: ["memory-a", "memory-b"], - slots: { memory: "memory-b" }, - entries: { - "memory-a": { enabled: true }, - "memory-b": { enabled: true }, - }, - }, - }, - }); - - const a = registry.plugins.find((entry) => entry.id === "memory-a"); - const b = registry.plugins.find((entry) => entry.id === "memory-b"); - expect(a?.status).toBe("disabled"); - expect(String(a?.error ?? "")).toContain('memory slot set to "memory-b"'); - expect(b?.status).toBe("loaded"); - }); - - it("disables memory plugins when slot is none", () => { - process.env.OPENCLAW_BUNDLED_PLUGINS_DIR = "/nonexistent/bundled/plugins"; - const memory = writePlugin({ - id: "memory-off", - body: `module.exports = { id: "memory-off", kind: "memory", register() {} };`, - }); - - const registry = loadOpenClawPlugins({ - cache: false, - config: { - plugins: { - load: { paths: [memory.file] }, - slots: { memory: "none" }, - }, - }, - }); - - const entry = registry.plugins.find((item) => item.id === "memory-off"); - expect(entry?.status).toBe("disabled"); - }); - - it("prefers higher-precedence plugins with the same id", () => { - const bundledDir = makeTempDir(); - writePlugin({ - id: "shadow", - body: `module.exports = { id: "shadow", register() {} };`, - dir: bundledDir, - filename: "shadow.cjs", - }); - process.env.OPENCLAW_BUNDLED_PLUGINS_DIR = bundledDir; - - const override = writePlugin({ - id: "shadow", - body: `module.exports = { id: "shadow", register() {} };`, - }); - - const registry = loadOpenClawPlugins({ - cache: false, - config: { - plugins: { - load: { paths: [override.file] }, - entries: { - shadow: { enabled: true }, - }, - }, - }, - }); - - const entries = registry.plugins.filter((entry) => entry.id === "shadow"); - const loaded = entries.find((entry) => entry.status === "loaded"); - const overridden = entries.find((entry) => entry.status === "disabled"); - expect(loaded?.origin).toBe("config"); - expect(overridden?.origin).toBe("bundled"); - }); - - it("prefers bundled plugin over auto-discovered global duplicate ids", () => { - const bundledDir = makeTempDir(); - writePlugin({ - id: "feishu", - body: `module.exports = { id: "feishu", register() {} };`, - dir: bundledDir, - filename: "index.cjs", - }); - process.env.OPENCLAW_BUNDLED_PLUGINS_DIR = bundledDir; - - const stateDir = makeTempDir(); - withEnv({ OPENCLAW_STATE_DIR: stateDir, CLAWDBOT_STATE_DIR: undefined }, () => { - const globalDir = path.join(stateDir, "extensions", "feishu"); - mkdirSafe(globalDir); - writePlugin({ - id: "feishu", - body: `module.exports = { id: "feishu", register() {} };`, - dir: globalDir, - filename: "index.cjs", - }); - - const registry = loadOpenClawPlugins({ - cache: false, - config: { - plugins: { - allow: ["feishu"], - entries: { - feishu: { enabled: true }, - }, - }, - }, - }); - - const entries = registry.plugins.filter((entry) => entry.id === "feishu"); - const loaded = entries.find((entry) => entry.status === "loaded"); - const overridden = entries.find((entry) => entry.status === "disabled"); - expect(loaded?.origin).toBe("bundled"); - expect(overridden?.origin).toBe("global"); - expect(overridden?.error).toContain("overridden by bundled plugin"); - }); - }); - - it("prefers an explicitly installed global plugin over a bundled duplicate", () => { - const bundledDir = makeTempDir(); - writePlugin({ - id: "zalouser", - body: `module.exports = { id: "zalouser", register() {} };`, - dir: bundledDir, - filename: "index.cjs", - }); - process.env.OPENCLAW_BUNDLED_PLUGINS_DIR = bundledDir; - - const stateDir = makeTempDir(); - withEnv({ OPENCLAW_STATE_DIR: stateDir, CLAWDBOT_STATE_DIR: undefined }, () => { - const globalDir = path.join(stateDir, "extensions", "zalouser"); - mkdirSafe(globalDir); - writePlugin({ - id: "zalouser", - body: `module.exports = { id: "zalouser", register() {} };`, - dir: globalDir, - filename: "index.cjs", - }); - - const registry = loadOpenClawPlugins({ - cache: false, - config: { - plugins: { - allow: ["zalouser"], - installs: { - zalouser: { - source: "npm", - installPath: globalDir, + return loadOpenClawPlugins({ + cache: false, + config: { + plugins: { + load: { paths: [memoryA.file, memoryB.file] }, + slots: { memory: "memory-b" }, }, }, - entries: { - zalouser: { enabled: true }, - }, - }, + }); }, - }); + assert: (registry: ReturnType) => { + const a = registry.plugins.find((entry) => entry.id === "memory-a"); + const b = registry.plugins.find((entry) => entry.id === "memory-b"); + expect(b?.status).toBe("loaded"); + expect(a?.status).toBe("disabled"); + }, + }, + { + label: "skips importing bundled memory plugins that are disabled by memory slot", + loadRegistry: () => { + const bundledDir = makeTempDir(); + const memoryADir = path.join(bundledDir, "memory-a"); + const memoryBDir = path.join(bundledDir, "memory-b"); + mkdirSafe(memoryADir); + mkdirSafe(memoryBDir); + writePlugin({ + id: "memory-a", + dir: memoryADir, + filename: "index.cjs", + body: `throw new Error("memory-a should not be imported when slot selects memory-b");`, + }); + writePlugin({ + id: "memory-b", + dir: memoryBDir, + filename: "index.cjs", + body: `module.exports = { id: "memory-b", kind: "memory", register() {} };`, + }); + fs.writeFileSync( + path.join(memoryADir, "openclaw.plugin.json"), + JSON.stringify( + { + id: "memory-a", + kind: "memory", + configSchema: EMPTY_PLUGIN_SCHEMA, + }, + null, + 2, + ), + "utf-8", + ); + fs.writeFileSync( + path.join(memoryBDir, "openclaw.plugin.json"), + JSON.stringify( + { + id: "memory-b", + kind: "memory", + configSchema: EMPTY_PLUGIN_SCHEMA, + }, + null, + 2, + ), + "utf-8", + ); + process.env.OPENCLAW_BUNDLED_PLUGINS_DIR = bundledDir; - const entries = registry.plugins.filter((entry) => entry.id === "zalouser"); + return loadOpenClawPlugins({ + cache: false, + config: { + plugins: { + allow: ["memory-a", "memory-b"], + slots: { memory: "memory-b" }, + entries: { + "memory-a": { enabled: true }, + "memory-b": { enabled: true }, + }, + }, + }, + }); + }, + assert: (registry: ReturnType) => { + const a = registry.plugins.find((entry) => entry.id === "memory-a"); + const b = registry.plugins.find((entry) => entry.id === "memory-b"); + expect(a?.status).toBe("disabled"); + expect(String(a?.error ?? "")).toContain('memory slot set to "memory-b"'); + expect(b?.status).toBe("loaded"); + }, + }, + { + label: "disables memory plugins when slot is none", + loadRegistry: () => { + process.env.OPENCLAW_BUNDLED_PLUGINS_DIR = "/nonexistent/bundled/plugins"; + const memory = writePlugin({ + id: "memory-off", + body: `module.exports = { id: "memory-off", kind: "memory", register() {} };`, + }); + + return loadOpenClawPlugins({ + cache: false, + config: { + plugins: { + load: { paths: [memory.file] }, + slots: { memory: "none" }, + }, + }, + }); + }, + assert: (registry: ReturnType) => { + const entry = registry.plugins.find((item) => item.id === "memory-off"); + expect(entry?.status).toBe("disabled"); + }, + }, + ] as const; + + for (const scenario of scenarios) { + const registry = scenario.loadRegistry(); + scenario.assert(registry); + } + }); + + it("resolves duplicate plugin ids by source precedence", () => { + const scenarios = [ + { + label: "config load overrides bundled", + pluginId: "shadow", + bundledFilename: "shadow.cjs", + loadRegistry: () => { + const bundledDir = makeTempDir(); + writePlugin({ + id: "shadow", + body: `module.exports = { id: "shadow", register() {} };`, + dir: bundledDir, + filename: "shadow.cjs", + }); + process.env.OPENCLAW_BUNDLED_PLUGINS_DIR = bundledDir; + + const override = writePlugin({ + id: "shadow", + body: `module.exports = { id: "shadow", register() {} };`, + }); + + return loadOpenClawPlugins({ + cache: false, + config: { + plugins: { + load: { paths: [override.file] }, + entries: { + shadow: { enabled: true }, + }, + }, + }, + }); + }, + expectedLoadedOrigin: "config", + expectedDisabledOrigin: "bundled", + }, + { + label: "bundled beats auto-discovered global duplicate", + pluginId: "feishu", + bundledFilename: "index.cjs", + loadRegistry: () => { + const bundledDir = makeTempDir(); + writePlugin({ + id: "feishu", + body: `module.exports = { id: "feishu", register() {} };`, + dir: bundledDir, + filename: "index.cjs", + }); + process.env.OPENCLAW_BUNDLED_PLUGINS_DIR = bundledDir; + + const stateDir = makeTempDir(); + return withEnv({ OPENCLAW_STATE_DIR: stateDir, CLAWDBOT_STATE_DIR: undefined }, () => { + const globalDir = path.join(stateDir, "extensions", "feishu"); + mkdirSafe(globalDir); + writePlugin({ + id: "feishu", + body: `module.exports = { id: "feishu", register() {} };`, + dir: globalDir, + filename: "index.cjs", + }); + + return loadOpenClawPlugins({ + cache: false, + config: { + plugins: { + allow: ["feishu"], + entries: { + feishu: { enabled: true }, + }, + }, + }, + }); + }); + }, + expectedLoadedOrigin: "bundled", + expectedDisabledOrigin: "global", + expectedDisabledError: "overridden by bundled plugin", + }, + { + label: "installed global beats bundled duplicate", + pluginId: "zalouser", + bundledFilename: "index.cjs", + loadRegistry: () => { + const bundledDir = makeTempDir(); + writePlugin({ + id: "zalouser", + body: `module.exports = { id: "zalouser", register() {} };`, + dir: bundledDir, + filename: "index.cjs", + }); + process.env.OPENCLAW_BUNDLED_PLUGINS_DIR = bundledDir; + + const stateDir = makeTempDir(); + return withEnv({ OPENCLAW_STATE_DIR: stateDir, CLAWDBOT_STATE_DIR: undefined }, () => { + const globalDir = path.join(stateDir, "extensions", "zalouser"); + mkdirSafe(globalDir); + writePlugin({ + id: "zalouser", + body: `module.exports = { id: "zalouser", register() {} };`, + dir: globalDir, + filename: "index.cjs", + }); + + return loadOpenClawPlugins({ + cache: false, + config: { + plugins: { + allow: ["zalouser"], + installs: { + zalouser: { + source: "npm", + installPath: globalDir, + }, + }, + entries: { + zalouser: { enabled: true }, + }, + }, + }, + }); + }); + }, + expectedLoadedOrigin: "global", + expectedDisabledOrigin: "bundled", + expectedDisabledError: "overridden by global plugin", + }, + ] as const; + + for (const scenario of scenarios) { + const registry = scenario.loadRegistry(); + const entries = registry.plugins.filter((entry) => entry.id === scenario.pluginId); const loaded = entries.find((entry) => entry.status === "loaded"); const overridden = entries.find((entry) => entry.status === "disabled"); - expect(loaded?.origin).toBe("global"); - expect(overridden?.origin).toBe("bundled"); - expect(overridden?.error).toContain("overridden by global plugin"); - }); + expect(loaded?.origin, scenario.label).toBe(scenario.expectedLoadedOrigin); + expect(overridden?.origin, scenario.label).toBe(scenario.expectedDisabledOrigin); + if ("expectedDisabledError" in scenario) { + expect(overridden?.error, scenario.label).toContain(scenario.expectedDisabledError); + } + } }); - it("warns when plugins.allow is empty and non-bundled plugins are discoverable", () => { - useNoBundledPlugins(); - const plugin = writePlugin({ - id: "warn-open-allow", - body: `module.exports = { id: "warn-open-allow", register() {} };`, - }); - const warnings: string[] = []; - loadOpenClawPlugins({ - cache: false, - logger: createWarningLogger(warnings), - config: { - plugins: { - load: { paths: [plugin.file] }, - }, - }, - }); - expect( - warnings.some((msg) => msg.includes("plugins.allow is empty") && msg.includes(plugin.id)), - ).toBe(true); - }); - - it("dedupes the open allowlist warning for repeated loads of the same plugin set", () => { + it("warns about open allowlists for discoverable plugins once per plugin set", () => { useNoBundledPlugins(); clearPluginLoaderCache(); + const scenarios = [ + { + label: "single load warns", + pluginId: "warn-open-allow", + loads: 1, + expectedWarnings: 1, + }, + { + label: "repeated identical loads dedupe warning", + pluginId: "warn-open-allow-once", + loads: 2, + expectedWarnings: 1, + }, + ] as const; + + for (const scenario of scenarios) { + const plugin = writePlugin({ + id: scenario.pluginId, + body: `module.exports = { id: "${scenario.pluginId}", register() {} };`, + }); + const warnings: string[] = []; + const options = { + cache: false, + logger: createWarningLogger(warnings), + config: { + plugins: { + load: { paths: [plugin.file] }, + }, + }, + }; + + for (let index = 0; index < scenario.loads; index += 1) { + loadOpenClawPlugins(options); + } + + const openAllowWarnings = warnings.filter((msg) => msg.includes("plugins.allow is empty")); + expect(openAllowWarnings, scenario.label).toHaveLength(scenario.expectedWarnings); + expect( + openAllowWarnings.some((msg) => msg.includes(scenario.pluginId)), + scenario.label, + ).toBe(true); + } + }); + + it("handles workspace-discovered plugins according to trust and precedence", () => { + useNoBundledPlugins(); + const scenarios = [ + { + label: "untrusted workspace plugins stay disabled", + pluginId: "workspace-helper", + loadRegistry: () => { + const workspaceDir = makeTempDir(); + const workspaceExtDir = path.join( + workspaceDir, + ".openclaw", + "extensions", + "workspace-helper", + ); + mkdirSafe(workspaceExtDir); + writePlugin({ + id: "workspace-helper", + body: `module.exports = { id: "workspace-helper", register() {} };`, + dir: workspaceExtDir, + filename: "index.cjs", + }); + + return loadOpenClawPlugins({ + cache: false, + workspaceDir, + config: { + plugins: { + enabled: true, + }, + }, + }); + }, + assert: (registry: ReturnType) => { + const workspacePlugin = registry.plugins.find((entry) => entry.id === "workspace-helper"); + expect(workspacePlugin?.origin).toBe("workspace"); + expect(workspacePlugin?.status).toBe("disabled"); + expect(workspacePlugin?.error).toContain("workspace plugin (disabled by default)"); + }, + }, + { + label: "trusted workspace plugins load", + pluginId: "workspace-helper", + loadRegistry: () => { + const workspaceDir = makeTempDir(); + const workspaceExtDir = path.join( + workspaceDir, + ".openclaw", + "extensions", + "workspace-helper", + ); + mkdirSafe(workspaceExtDir); + writePlugin({ + id: "workspace-helper", + body: `module.exports = { id: "workspace-helper", register() {} };`, + dir: workspaceExtDir, + filename: "index.cjs", + }); + + return loadOpenClawPlugins({ + cache: false, + workspaceDir, + config: { + plugins: { + enabled: true, + allow: ["workspace-helper"], + }, + }, + }); + }, + assert: (registry: ReturnType) => { + const workspacePlugin = registry.plugins.find((entry) => entry.id === "workspace-helper"); + expect(workspacePlugin?.origin).toBe("workspace"); + expect(workspacePlugin?.status).toBe("loaded"); + }, + }, + { + label: "bundled plugins stay ahead of trusted workspace duplicates", + pluginId: "shadowed", + loadRegistry: () => { + const bundledDir = makeTempDir(); + writePlugin({ + id: "shadowed", + body: `module.exports = { id: "shadowed", register() {} };`, + dir: bundledDir, + filename: "index.cjs", + }); + process.env.OPENCLAW_BUNDLED_PLUGINS_DIR = bundledDir; + + const workspaceDir = makeTempDir(); + const workspaceExtDir = path.join(workspaceDir, ".openclaw", "extensions", "shadowed"); + mkdirSafe(workspaceExtDir); + writePlugin({ + id: "shadowed", + body: `module.exports = { id: "shadowed", register() {} };`, + dir: workspaceExtDir, + filename: "index.cjs", + }); + + return loadOpenClawPlugins({ + cache: false, + workspaceDir, + config: { + plugins: { + enabled: true, + allow: ["shadowed"], + entries: { + shadowed: { enabled: true }, + }, + }, + }, + }); + }, + assert: (registry: ReturnType) => { + const entries = registry.plugins.filter((entry) => entry.id === "shadowed"); + const loaded = entries.find((entry) => entry.status === "loaded"); + const overridden = entries.find((entry) => entry.status === "disabled"); + expect(loaded?.origin).toBe("bundled"); + expect(overridden?.origin).toBe("workspace"); + expect(overridden?.error).toContain("overridden by bundled plugin"); + }, + }, + ] as const; + + for (const scenario of scenarios) { + const registry = scenario.loadRegistry(); + scenario.assert(registry); + } + }); + + it("loads bundled plugins when manifest metadata opts into default enablement", () => { + const bundledDir = makeTempDir(); const plugin = writePlugin({ - id: "warn-open-allow-once", - body: `module.exports = { id: "warn-open-allow-once", register() {} };`, - }); - const warnings: string[] = []; - const options = { - cache: false, - logger: createWarningLogger(warnings), - config: { - plugins: { - load: { paths: [plugin.file] }, - }, - }, - }; - - loadOpenClawPlugins(options); - loadOpenClawPlugins(options); - - expect(warnings.filter((msg) => msg.includes("plugins.allow is empty"))).toHaveLength(1); - }); - - it("does not auto-load workspace-discovered plugins unless explicitly trusted", () => { - useNoBundledPlugins(); - const workspaceDir = makeTempDir(); - const workspaceExtDir = path.join(workspaceDir, ".openclaw", "extensions", "workspace-helper"); - mkdirSafe(workspaceExtDir); - writePlugin({ - id: "workspace-helper", - body: `module.exports = { id: "workspace-helper", register() {} };`, - dir: workspaceExtDir, + id: "profile-aware", + body: `module.exports = { id: "profile-aware", register() {} };`, + dir: bundledDir, filename: "index.cjs", }); + fs.writeFileSync( + path.join(plugin.dir, "openclaw.plugin.json"), + JSON.stringify( + { + id: "profile-aware", + enabledByDefault: true, + configSchema: EMPTY_PLUGIN_SCHEMA, + }, + null, + 2, + ), + "utf-8", + ); + process.env.OPENCLAW_BUNDLED_PLUGINS_DIR = bundledDir; const registry = loadOpenClawPlugins({ cache: false, - workspaceDir, + workspaceDir: bundledDir, config: { plugins: { enabled: true, @@ -2669,38 +2910,9 @@ module.exports = { }, }); - const workspacePlugin = registry.plugins.find((entry) => entry.id === "workspace-helper"); - expect(workspacePlugin?.origin).toBe("workspace"); - expect(workspacePlugin?.status).toBe("disabled"); - expect(workspacePlugin?.error).toContain("workspace plugin (disabled by default)"); - }); - - it("loads workspace-discovered plugins when plugins.allow explicitly trusts them", () => { - useNoBundledPlugins(); - const workspaceDir = makeTempDir(); - const workspaceExtDir = path.join(workspaceDir, ".openclaw", "extensions", "workspace-helper"); - mkdirSafe(workspaceExtDir); - writePlugin({ - id: "workspace-helper", - body: `module.exports = { id: "workspace-helper", register() {} };`, - dir: workspaceExtDir, - filename: "index.cjs", - }); - - const registry = loadOpenClawPlugins({ - cache: false, - workspaceDir, - config: { - plugins: { - enabled: true, - allow: ["workspace-helper"], - }, - }, - }); - - const workspacePlugin = registry.plugins.find((entry) => entry.id === "workspace-helper"); - expect(workspacePlugin?.origin).toBe("workspace"); - expect(workspacePlugin?.status).toBe("loaded"); + const bundledPlugin = registry.plugins.find((entry) => entry.id === "profile-aware"); + expect(bundledPlugin?.origin).toBe("bundled"); + expect(bundledPlugin?.status).toBe("loaded"); }); it("keeps scoped and unscoped plugin ids distinct", () => { @@ -2733,234 +2945,140 @@ module.exports = { ).toBe(false); }); - it("keeps bundled plugins ahead of trusted workspace duplicates with the same id", () => { - const bundledDir = makeTempDir(); - writePlugin({ - id: "shadowed", - body: `module.exports = { id: "shadowed", register() {} };`, - dir: bundledDir, - filename: "index.cjs", - }); - process.env.OPENCLAW_BUNDLED_PLUGINS_DIR = bundledDir; + it("evaluates load-path provenance warnings", () => { + useNoBundledPlugins(); + const scenarios = [ + { + label: "warns when loaded non-bundled plugin has no install/load-path provenance", + loadRegistry: () => { + const stateDir = makeTempDir(); + return withEnv({ OPENCLAW_STATE_DIR: stateDir, CLAWDBOT_STATE_DIR: undefined }, () => { + const globalDir = path.join(stateDir, "extensions", "rogue"); + mkdirSafe(globalDir); + writePlugin({ + id: "rogue", + body: `module.exports = { id: "rogue", register() {} };`, + dir: globalDir, + filename: "index.cjs", + }); - const workspaceDir = makeTempDir(); - const workspaceExtDir = path.join(workspaceDir, ".openclaw", "extensions", "shadowed"); - mkdirSafe(workspaceExtDir); - writePlugin({ - id: "shadowed", - body: `module.exports = { id: "shadowed", register() {} };`, - dir: workspaceExtDir, - filename: "index.cjs", - }); + const warnings: string[] = []; + const registry = loadOpenClawPlugins({ + cache: false, + logger: createWarningLogger(warnings), + config: { + plugins: { + allow: ["rogue"], + }, + }, + }); - const registry = loadOpenClawPlugins({ - cache: false, - workspaceDir, - config: { - plugins: { - enabled: true, - allow: ["shadowed"], - entries: { - shadowed: { enabled: true }, - }, + return { registry, warnings, pluginId: "rogue", expectWarning: true }; + }); }, }, - }); + { + label: "does not warn about missing provenance for env-resolved load paths", + loadRegistry: () => { + const { plugin, env } = createEnvResolvedPluginFixture("tracked-load-path"); + const warnings: string[] = []; + const registry = loadOpenClawPlugins({ + cache: false, + logger: createWarningLogger(warnings), + env, + config: { + plugins: { + load: { paths: ["~/plugins/tracked-load-path"] }, + allow: [plugin.id], + }, + }, + }); - const entries = registry.plugins.filter((entry) => entry.id === "shadowed"); - const loaded = entries.find((entry) => entry.status === "loaded"); - const overridden = entries.find((entry) => entry.status === "disabled"); - expect(loaded?.origin).toBe("bundled"); - expect(overridden?.origin).toBe("workspace"); - expect(overridden?.error).toContain("overridden by bundled plugin"); - }); - - it("warns when loaded non-bundled plugin has no install/load-path provenance", () => { - useNoBundledPlugins(); - const stateDir = makeTempDir(); - withEnv({ OPENCLAW_STATE_DIR: stateDir, CLAWDBOT_STATE_DIR: undefined }, () => { - const globalDir = path.join(stateDir, "extensions", "rogue"); - mkdirSafe(globalDir); - writePlugin({ - id: "rogue", - body: `module.exports = { id: "rogue", register() {} };`, - dir: globalDir, - filename: "index.cjs", - }); - - const warnings: string[] = []; - const registry = loadOpenClawPlugins({ - cache: false, - logger: createWarningLogger(warnings), - config: { - plugins: { - allow: ["rogue"], - }, + return { + registry, + warnings, + pluginId: plugin.id, + expectWarning: false, + expectedSource: plugin.file, + }; }, - }); + }, + { + label: "does not warn about missing provenance for env-resolved install paths", + loadRegistry: () => { + const { plugin, env } = createEnvResolvedPluginFixture("tracked-install-path"); + const warnings: string[] = []; + const registry = loadOpenClawPlugins({ + cache: false, + logger: createWarningLogger(warnings), + env, + config: { + plugins: { + load: { paths: [plugin.file] }, + allow: [plugin.id], + installs: { + [plugin.id]: { + source: "path", + installPath: `~/plugins/${plugin.id}`, + sourcePath: `~/plugins/${plugin.id}`, + }, + }, + }, + }, + }); - const rogue = registry.plugins.find((entry) => entry.id === "rogue"); - expect(rogue?.status).toBe("loaded"); + return { + registry, + warnings, + pluginId: plugin.id, + expectWarning: false, + expectedSource: plugin.file, + }; + }, + }, + ] as const; + + for (const scenario of scenarios) { + const loadedScenario = scenario.loadRegistry(); + const { registry, warnings, pluginId, expectWarning } = loadedScenario; + const expectedSource = + "expectedSource" in loadedScenario ? loadedScenario.expectedSource : undefined; + const plugin = registry.plugins.find((entry) => entry.id === pluginId); + expect(plugin?.status, scenario.label).toBe("loaded"); + if (expectedSource) { + expect(plugin?.source, scenario.label).toBe(expectedSource); + } expect( warnings.some( (msg) => - msg.includes("rogue") && msg.includes("loaded without install/load-path provenance"), + msg.includes(pluginId) && msg.includes("loaded without install/load-path provenance"), ), - ).toBe(true); - }); + scenario.label, + ).toBe(expectWarning); + } }); - it("does not warn about missing provenance for env-resolved load paths", () => { - useNoBundledPlugins(); - const openclawHome = makeTempDir(); - const ignoredHome = makeTempDir(); - const stateDir = makeTempDir(); - const pluginDir = path.join(openclawHome, "plugins", "tracked-load-path"); - mkdirSafe(pluginDir); - const plugin = writePlugin({ - id: "tracked-load-path", - dir: pluginDir, - filename: "index.cjs", - body: `module.exports = { id: "tracked-load-path", register() {} };`, - }); - - const warnings: string[] = []; - const registry = loadOpenClawPlugins({ - cache: false, - logger: createWarningLogger(warnings), - env: { - ...process.env, - OPENCLAW_HOME: openclawHome, - HOME: ignoredHome, - OPENCLAW_STATE_DIR: stateDir, - CLAWDBOT_STATE_DIR: undefined, - OPENCLAW_BUNDLED_PLUGINS_DIR: "/nonexistent/bundled/plugins", - }, - config: { - plugins: { - load: { paths: ["~/plugins/tracked-load-path"] }, - allow: ["tracked-load-path"], - }, - }, - }); - - expect(registry.plugins.find((entry) => entry.id === "tracked-load-path")?.source).toBe( - plugin.file, - ); - expect( - warnings.some((msg) => msg.includes("loaded without install/load-path provenance")), - ).toBe(false); - }); - - it("does not warn about missing provenance for env-resolved install paths", () => { - useNoBundledPlugins(); - const openclawHome = makeTempDir(); - const ignoredHome = makeTempDir(); - const stateDir = makeTempDir(); - const pluginDir = path.join(openclawHome, "plugins", "tracked-install-path"); - mkdirSafe(pluginDir); - const plugin = writePlugin({ - id: "tracked-install-path", - dir: pluginDir, - filename: "index.cjs", - body: `module.exports = { id: "tracked-install-path", register() {} };`, - }); - - const warnings: string[] = []; - const registry = loadOpenClawPlugins({ - cache: false, - logger: createWarningLogger(warnings), - env: { - ...process.env, - OPENCLAW_HOME: openclawHome, - HOME: ignoredHome, - OPENCLAW_STATE_DIR: stateDir, - CLAWDBOT_STATE_DIR: undefined, - OPENCLAW_BUNDLED_PLUGINS_DIR: "/nonexistent/bundled/plugins", - }, - config: { - plugins: { - load: { paths: [plugin.file] }, - allow: ["tracked-install-path"], - installs: { - "tracked-install-path": { - source: "path", - installPath: "~/plugins/tracked-install-path", - sourcePath: "~/plugins/tracked-install-path", - }, - }, - }, - }, - }); - - expect(registry.plugins.find((entry) => entry.id === "tracked-install-path")?.source).toBe( - plugin.file, - ); - expect( - warnings.some((msg) => msg.includes("loaded without install/load-path provenance")), - ).toBe(false); - }); - - it("rejects plugin entry files that escape plugin root via symlink", () => { - useNoBundledPlugins(); - const { outsideEntry, linkedEntry } = createEscapingEntryFixture({ + it.each([ + { + name: "rejects plugin entry files that escape plugin root via symlink", id: "symlinked", - sourceBody: - 'module.exports = { id: "symlinked", register() { throw new Error("should not run"); } };', - }); - try { - fs.symlinkSync(outsideEntry, linkedEntry); - } catch { - return; - } - - const registry = loadOpenClawPlugins({ - cache: false, - config: { - plugins: { - load: { paths: [linkedEntry] }, - allow: ["symlinked"], - }, - }, - }); - - const record = registry.plugins.find((entry) => entry.id === "symlinked"); - expect(record?.status).not.toBe("loaded"); - expect(registry.diagnostics.some((entry) => entry.message.includes("escapes"))).toBe(true); - }); - - it("rejects plugin entry files that escape plugin root via hardlink", () => { - if (process.platform === "win32") { - return; - } - useNoBundledPlugins(); - const { outsideEntry, linkedEntry } = createEscapingEntryFixture({ + linkKind: "symlink" as const, + }, + { + name: "rejects plugin entry files that escape plugin root via hardlink", id: "hardlinked", - sourceBody: - 'module.exports = { id: "hardlinked", register() { throw new Error("should not run"); } };', - }); - try { - fs.linkSync(outsideEntry, linkedEntry); - } catch (err) { - if ((err as NodeJS.ErrnoException).code === "EXDEV") { - return; - } - throw err; + linkKind: "hardlink" as const, + skip: process.platform === "win32", + }, + ])("$name", ({ id, linkKind, skip }) => { + if (skip) { + return; } - - const registry = loadOpenClawPlugins({ - cache: false, - config: { - plugins: { - load: { paths: [linkedEntry] }, - allow: ["hardlinked"], - }, - }, + expectEscapingEntryRejected({ + id, + linkKind, + sourceBody: `module.exports = { id: "${id}", register() { throw new Error("should not run"); } };`, }); - - const record = registry.plugins.find((entry) => entry.id === "hardlinked"); - expect(record?.status).not.toBe("loaded"); - expect(registry.diagnostics.some((entry) => entry.message.includes("escapes"))).toBe(true); }); it("allows bundled plugin entry files that are hardlinked aliases", () => { @@ -3098,56 +3216,112 @@ module.exports = { }); }); - it("prefers dist plugin-sdk alias when loader runs from dist", () => { - const { root, distFile } = createPluginSdkAliasFixture(); - - const resolved = __testing.resolvePluginSdkAliasFile({ + it.each([ + { + name: "prefers dist plugin-sdk alias when loader runs from dist", + buildFixture: () => createPluginSdkAliasFixture(), + modulePath: (root: string) => path.join(root, "dist", "plugins", "loader.js"), srcFile: "index.ts", distFile: "index.js", - modulePath: path.join(root, "dist", "plugins", "loader.js"), + expected: "dist" as const, + }, + { + name: "prefers src plugin-sdk alias when loader runs from src in non-production", + buildFixture: () => createPluginSdkAliasFixture(), + modulePath: (root: string) => path.join(root, "src", "plugins", "loader.ts"), + srcFile: "index.ts", + distFile: "index.js", + env: { NODE_ENV: undefined }, + expected: "src" as const, + }, + { + name: "falls back to src plugin-sdk alias when dist is missing in production", + buildFixture: () => { + const fixture = createPluginSdkAliasFixture(); + fs.rmSync(fixture.distFile); + return fixture; + }, + modulePath: (root: string) => path.join(root, "src", "plugins", "loader.ts"), + srcFile: "index.ts", + distFile: "index.js", + env: { NODE_ENV: "production", VITEST: undefined }, + expected: "src" as const, + }, + { + name: "prefers dist root-alias shim when loader runs from dist", + buildFixture: () => + createPluginSdkAliasFixture({ + srcFile: "root-alias.cjs", + distFile: "root-alias.cjs", + srcBody: "module.exports = {};\n", + distBody: "module.exports = {};\n", + }), + modulePath: (root: string) => path.join(root, "dist", "plugins", "loader.js"), + srcFile: "root-alias.cjs", + distFile: "root-alias.cjs", + expected: "dist" as const, + }, + { + name: "prefers src root-alias shim when loader runs from src in non-production", + buildFixture: () => + createPluginSdkAliasFixture({ + srcFile: "root-alias.cjs", + distFile: "root-alias.cjs", + srcBody: "module.exports = {};\n", + distBody: "module.exports = {};\n", + }), + modulePath: (root: string) => path.join(root, "src", "plugins", "loader.ts"), + srcFile: "root-alias.cjs", + distFile: "root-alias.cjs", + env: { NODE_ENV: undefined }, + expected: "src" as const, + }, + { + name: "resolves plugin-sdk alias from package root when loader runs from transpiler cache path", + buildFixture: () => createPluginSdkAliasFixture(), + modulePath: () => "/tmp/tsx-cache/openclaw-loader.js", + argv1: (root: string) => path.join(root, "openclaw.mjs"), + srcFile: "index.ts", + distFile: "index.js", + env: { NODE_ENV: undefined }, + expected: "src" as const, + }, + ])("$name", ({ buildFixture, modulePath, argv1, srcFile, distFile, env, expected }) => { + const fixture = buildFixture(); + const resolved = resolvePluginSdkAlias({ + root: fixture.root, + srcFile, + distFile, + modulePath: modulePath(fixture.root), + argv1: argv1?.(fixture.root), + env, }); - expect(resolved).toBe(distFile); + expect(resolved).toBe(expected === "dist" ? fixture.distFile : fixture.srcFile); }); - it("prefers dist candidates first for production src runtime", () => { - const { root, srcFile, distFile } = createPluginSdkAliasFixture(); - - const candidates = withEnv({ NODE_ENV: "production", VITEST: undefined }, () => - __testing.listPluginSdkAliasCandidates({ - srcFile: "index.ts", - distFile: "index.js", - modulePath: path.join(root, "src", "plugins", "loader.ts"), - }), - ); - - expect(candidates.indexOf(distFile)).toBeLessThan(candidates.indexOf(srcFile)); - }); - - it("prefers src plugin-sdk alias when loader runs from src in non-production", () => { - const { root, srcFile } = createPluginSdkAliasFixture(); - - const resolved = withEnv({ NODE_ENV: undefined }, () => - __testing.resolvePluginSdkAliasFile({ - srcFile: "index.ts", - distFile: "index.js", - modulePath: path.join(root, "src", "plugins", "loader.ts"), - }), - ); - expect(resolved).toBe(srcFile); - }); - - it("prefers src candidates first for non-production src runtime", () => { - const { root, srcFile, distFile } = createPluginSdkAliasFixture(); - - const candidates = withEnv({ NODE_ENV: undefined }, () => - __testing.listPluginSdkAliasCandidates({ - srcFile: "index.ts", - distFile: "index.js", - modulePath: path.join(root, "src", "plugins", "loader.ts"), - }), - ); - - expect(candidates.indexOf(srcFile)).toBeLessThan(candidates.indexOf(distFile)); + it.each([ + { + name: "prefers dist candidates first for production src runtime", + env: { NODE_ENV: "production", VITEST: undefined }, + expectedFirst: "dist" as const, + }, + { + name: "prefers src candidates first for non-production src runtime", + env: { NODE_ENV: undefined }, + expectedFirst: "src" as const, + }, + ])("$name", ({ env, expectedFirst }) => { + const fixture = createPluginSdkAliasFixture(); + const candidates = listPluginSdkAliasCandidates({ + root: fixture.root, + srcFile: "index.ts", + distFile: "index.js", + modulePath: path.join(fixture.root, "src", "plugins", "loader.ts"), + env, + }); + const first = expectedFirst === "dist" ? fixture.distFile : fixture.srcFile; + const second = expectedFirst === "dist" ? fixture.srcFile : fixture.distFile; + expect(candidates.indexOf(first)).toBeLessThan(candidates.indexOf(second)); }); it("derives plugin-sdk subpaths from package exports", () => { @@ -3157,109 +3331,36 @@ module.exports = { expect(subpaths).not.toContain("root-alias"); }); - it("falls back to src plugin-sdk alias when dist is missing in production", () => { - const { root, srcFile, distFile } = createPluginSdkAliasFixture(); - fs.rmSync(distFile); + it("configures the plugin loader jiti boundary to prefer native dist modules", () => { + const options = __testing.buildPluginLoaderJitiOptions({}); - const resolved = withEnv({ NODE_ENV: "production", VITEST: undefined }, () => - __testing.resolvePluginSdkAliasFile({ - srcFile: "index.ts", - distFile: "index.js", - modulePath: path.join(root, "src", "plugins", "loader.ts"), - }), - ); - expect(resolved).toBe(srcFile); + expect(options.tryNative).toBe(true); + expect(options.interopDefault).toBe(true); + expect(options.extensions).toContain(".js"); + expect(options.extensions).toContain(".ts"); + expect("alias" in options).toBe(false); }); - it("prefers dist root-alias shim when loader runs from dist", () => { - const { root, distFile } = createPluginSdkAliasFixture({ - srcFile: "root-alias.cjs", - distFile: "root-alias.cjs", - srcBody: "module.exports = {};\n", - distBody: "module.exports = {};\n", + it.each([ + { + name: "prefers dist plugin runtime module when loader runs from dist", + modulePath: (root: string) => path.join(root, "dist", "plugins", "loader.js"), + expected: "dist" as const, + }, + { + name: "resolves plugin runtime module from package root when loader runs from transpiler cache path", + modulePath: () => "/tmp/tsx-cache/openclaw-loader.js", + argv1: (root: string) => path.join(root, "openclaw.mjs"), + env: { NODE_ENV: undefined }, + expected: "src" as const, + }, + ])("$name", ({ modulePath, argv1, env, expected }) => { + const fixture = createPluginRuntimeAliasFixture(); + const resolved = resolvePluginRuntimeModule({ + modulePath: modulePath(fixture.root), + argv1: argv1?.(fixture.root), + env, }); - - const resolved = __testing.resolvePluginSdkAliasFile({ - srcFile: "root-alias.cjs", - distFile: "root-alias.cjs", - modulePath: path.join(root, "dist", "plugins", "loader.js"), - }); - expect(resolved).toBe(distFile); - }); - - it("prefers src root-alias shim when loader runs from src in non-production", () => { - const { root, srcFile } = createPluginSdkAliasFixture({ - srcFile: "root-alias.cjs", - distFile: "root-alias.cjs", - srcBody: "module.exports = {};\n", - distBody: "module.exports = {};\n", - }); - - const resolved = withEnv({ NODE_ENV: undefined }, () => - __testing.resolvePluginSdkAliasFile({ - srcFile: "root-alias.cjs", - distFile: "root-alias.cjs", - modulePath: path.join(root, "src", "plugins", "loader.ts"), - }), - ); - expect(resolved).toBe(srcFile); - }); - - it("prefers dist extension-api alias when loader runs from dist", () => { - const { root, distFile } = createExtensionApiAliasFixture(); - - const resolved = __testing.resolveExtensionApiAlias({ - modulePath: path.join(root, "dist", "plugins", "loader.js"), - }); - expect(resolved).toBe(distFile); - }); - - it("prefers src extension-api alias when loader runs from src in non-production", () => { - const { root, srcFile } = createExtensionApiAliasFixture(); - - const resolved = withEnv({ NODE_ENV: undefined }, () => - __testing.resolveExtensionApiAlias({ - modulePath: path.join(root, "src", "plugins", "loader.ts"), - }), - ); - expect(resolved).toBe(srcFile); - }); - - it("resolves plugin-sdk alias from package root when loader runs from transpiler cache path", () => { - const { root, srcFile } = createPluginSdkAliasFixture(); - - const resolved = withEnv({ NODE_ENV: undefined }, () => - __testing.resolvePluginSdkAliasFile({ - srcFile: "index.ts", - distFile: "index.js", - modulePath: "/tmp/tsx-cache/openclaw-loader.js", - argv1: path.join(root, "openclaw.mjs"), - }), - ); - expect(resolved).toBe(srcFile); - }); - - it("resolves extension-api alias from package root when loader runs from transpiler cache path", () => { - const { root, srcFile } = createExtensionApiAliasFixture(); - - const resolved = withEnv({ NODE_ENV: undefined }, () => - __testing.resolveExtensionApiAlias({ - modulePath: "/tmp/tsx-cache/openclaw-loader.js", - argv1: path.join(root, "openclaw.mjs"), - }), - ); - expect(resolved).toBe(srcFile); - }); - - it("resolves plugin runtime module from package root when loader runs from transpiler cache path", () => { - const { root, srcFile } = createPluginRuntimeAliasFixture(); - - const resolved = withEnv({ NODE_ENV: undefined }, () => - __testing.resolvePluginRuntimeModulePath({ - modulePath: "/tmp/tsx-cache/openclaw-loader.js", - argv1: path.join(root, "openclaw.mjs"), - }), - ); - expect(resolved).toBe(srcFile); + expect(resolved).toBe(expected === "dist" ? fixture.distFile : fixture.srcFile); }); }); diff --git a/src/plugins/loader.ts b/src/plugins/loader.ts index dc3bf5139c6..251a08beb4e 100644 --- a/src/plugins/loader.ts +++ b/src/plugins/loader.ts @@ -11,6 +11,7 @@ import { openBoundaryFileSync } from "../infra/boundary-file-read.js"; import { resolveOpenClawPackageRootSync } from "../infra/openclaw-root.js"; import { createSubsystemLogger } from "../logging/subsystem.js"; import { resolveUserPath } from "../utils.js"; +import { inspectBundleMcpRuntimeSupport } from "./bundle-mcp.js"; import { clearPluginCommands } from "./commands.js"; import { applyTestPluginDefaults, @@ -68,6 +69,7 @@ const openAllowlistWarningCache = new Set(); const LAZY_RUNTIME_REFLECTION_KEYS = [ "version", "config", + "agent", "subagent", "system", "media", @@ -197,33 +199,20 @@ const resolvePluginSdkAliasFile = (params: { const resolvePluginSdkAlias = (): string | null => resolvePluginSdkAliasFile({ srcFile: "root-alias.cjs", distFile: "root-alias.cjs" }); -const resolveExtensionApiAlias = (params: LoaderModuleResolveParams = {}): string | null => { - try { - const modulePath = resolveLoaderModulePath(params); - const packageRoot = resolveLoaderPackageRoot({ ...params, modulePath }); - if (!packageRoot) { - return null; - } - - const orderedKinds = resolvePluginSdkAliasCandidateOrder({ - modulePath, - isProduction: process.env.NODE_ENV === "production", - }); - const candidateMap = { - src: path.join(packageRoot, "src", "extensionAPI.ts"), - dist: path.join(packageRoot, "dist", "extensionAPI.js"), - } as const; - for (const kind of orderedKinds) { - const candidate = candidateMap[kind]; - if (fs.existsSync(candidate)) { - return candidate; - } - } - } catch { - // ignore - } - return null; -}; +function buildPluginLoaderJitiOptions(aliasMap: Record) { + return { + interopDefault: true, + // Prefer Node's native sync ESM loader for built dist/*.js modules so + // bundled plugins and plugin-sdk subpaths stay on the canonical module graph. + tryNative: true, + extensions: [".ts", ".tsx", ".mts", ".cts", ".mtsx", ".ctsx", ".js", ".mjs", ".cjs", ".json"], + ...(Object.keys(aliasMap).length > 0 + ? { + alias: aliasMap, + } + : {}), + }; +} function resolvePluginRuntimeModulePath(params: LoaderModuleResolveParams = {}): string | null { try { @@ -300,9 +289,9 @@ const resolvePluginSdkScopedAliasMap = (): Record => { }; export const __testing = { + buildPluginLoaderJitiOptions, listPluginSdkAliasCandidates, listPluginSdkExportedSubpaths, - resolveExtensionApiAlias, resolvePluginSdkAliasCandidateOrder, resolvePluginSdkAliasFile, resolvePluginRuntimeModulePath, @@ -342,6 +331,7 @@ function buildCacheKey(params: { onlyPluginIds?: string[]; includeSetupOnlyChannelPlugins?: boolean; preferSetupRuntimeForChannelPlugins?: boolean; + runtimeSubagentMode?: "default" | "explicit" | "gateway-bindable"; }): string { const { roots, loadPaths } = resolvePluginCacheInputs({ workspaceDir: params.workspaceDir, @@ -372,7 +362,7 @@ function buildCacheKey(params: { ...params.plugins, installs, loadPaths, - })}::${scopeKey}::${setupOnlyKey}::${startupChannelMode}`; + })}::${scopeKey}::${setupOnlyKey}::${startupChannelMode}::${params.runtimeSubagentMode ?? "default"}`; } function normalizeScopedPluginIds(ids?: string[]): string[] | undefined { @@ -505,6 +495,9 @@ function createPluginRecord(params: { hookNames: [], channelIds: [], providerIds: [], + speechProviderIds: [], + mediaUnderstandingProviderIds: [], + imageGenerationProviderIds: [], webSearchProviderIds: [], gatewayMethods: [], cliCommands: [], @@ -830,6 +823,12 @@ export function loadOpenClawPlugins(options: PluginLoadOptions = {}): PluginRegi onlyPluginIds, includeSetupOnlyChannelPlugins, preferSetupRuntimeForChannelPlugins, + runtimeSubagentMode: + options.runtimeOptions?.allowGatewaySubagentBinding === true + ? "gateway-bindable" + : options.runtimeOptions?.subagent + ? "explicit" + : "default", }); const cacheEnabled = options.cache !== false; if (cacheEnabled) { @@ -856,21 +855,11 @@ export function loadOpenClawPlugins(options: PluginLoadOptions = {}): PluginRegi return jitiLoader; } const pluginSdkAlias = resolvePluginSdkAlias(); - const extensionApiAlias = resolveExtensionApiAlias(); const aliasMap = { - ...(extensionApiAlias ? { "openclaw/extension-api": extensionApiAlias } : {}), ...(pluginSdkAlias ? { "openclaw/plugin-sdk": pluginSdkAlias } : {}), ...resolvePluginSdkScopedAliasMap(), }; - jitiLoader = createJiti(import.meta.url, { - interopDefault: true, - extensions: [".ts", ".tsx", ".mts", ".cts", ".mtsx", ".ctsx", ".js", ".mjs", ".cjs", ".json"], - ...(Object.keys(aliasMap).length > 0 - ? { - alias: aliasMap, - } - : {}), - }); + jitiLoader = createJiti(import.meta.url, buildPluginLoaderJitiOptions(aliasMap)); return jitiLoader; }; @@ -1046,6 +1035,7 @@ export function loadOpenClawPlugins(options: PluginLoadOptions = {}): PluginRegi origin: candidate.origin, config: normalized, rootConfig: cfg, + enabledByDefault: manifestRecord.enabledByDefault, }); const entry = normalized.entries[pluginId]; const record = createPluginRecord({ @@ -1112,6 +1102,7 @@ export function loadOpenClawPlugins(options: PluginLoadOptions = {}): PluginRegi const unsupportedCapabilities = (record.bundleCapabilities ?? []).filter( (capability) => capability !== "skills" && + capability !== "mcpServers" && capability !== "settings" && !( capability === "commands" && @@ -1127,6 +1118,36 @@ export function loadOpenClawPlugins(options: PluginLoadOptions = {}): PluginRegi message: `bundle capability detected but not wired into OpenClaw yet: ${capability}`, }); } + if ( + enableState.enabled && + record.rootDir && + record.bundleFormat && + (record.bundleCapabilities ?? []).includes("mcpServers") + ) { + const runtimeSupport = inspectBundleMcpRuntimeSupport({ + pluginId: record.id, + rootDir: record.rootDir, + bundleFormat: record.bundleFormat, + }); + for (const message of runtimeSupport.diagnostics) { + registry.diagnostics.push({ + level: "warn", + pluginId: record.id, + source: record.source, + message, + }); + } + if (runtimeSupport.unsupportedServerNames.length > 0) { + registry.diagnostics.push({ + level: "warn", + pluginId: record.id, + source: record.source, + message: + "bundle MCP servers use unsupported transports or incomplete configs " + + `(stdio only today): ${runtimeSupport.unsupportedServerNames.join(", ")}`, + }); + } + } registry.plugins.push(record); seenIds.set(pluginId, candidate.origin); continue; diff --git a/src/plugins/manifest-registry.test.ts b/src/plugins/manifest-registry.test.ts index c60e5444443..14a571c9250 100644 --- a/src/plugins/manifest-registry.test.ts +++ b/src/plugins/manifest-registry.test.ts @@ -203,6 +203,7 @@ describe("loadPluginManifestRegistry", () => { const dir = makeTempDir(); writeManifest(dir, { id: "openai", + enabledByDefault: true, providers: ["openai", "openai-codex"], providerAuthEnvVars: { openai: ["OPENAI_API_KEY"], @@ -227,6 +228,7 @@ describe("loadPluginManifestRegistry", () => { expect(registry.plugins[0]?.providerAuthEnvVars).toEqual({ openai: ["OPENAI_API_KEY"], }); + expect(registry.plugins[0]?.enabledByDefault).toBe(true); expect(registry.plugins[0]?.providerAuthChoices).toEqual([ { provider: "openai", diff --git a/src/plugins/manifest-registry.ts b/src/plugins/manifest-registry.ts index 7a5c10d67f0..eea801a72ea 100644 --- a/src/plugins/manifest-registry.ts +++ b/src/plugins/manifest-registry.ts @@ -35,6 +35,7 @@ export type PluginManifestRecord = { name?: string; description?: string; version?: string; + enabledByDefault?: boolean; format?: PluginFormat; bundleFormat?: PluginBundleFormat; bundleCapabilities?: string[]; @@ -154,6 +155,7 @@ function buildRecord(params: { description: normalizeManifestLabel(params.manifest.description) ?? params.candidate.packageDescription, version: normalizeManifestLabel(params.manifest.version) ?? params.candidate.packageVersion, + enabledByDefault: params.manifest.enabledByDefault === true ? true : undefined, format: params.candidate.format ?? "openclaw", bundleFormat: params.candidate.bundleFormat, kind: params.manifest.kind, diff --git a/src/plugins/manifest.ts b/src/plugins/manifest.ts index dd8615d7350..a75a2a9b6ab 100644 --- a/src/plugins/manifest.ts +++ b/src/plugins/manifest.ts @@ -11,6 +11,7 @@ export const PLUGIN_MANIFEST_FILENAMES = [PLUGIN_MANIFEST_FILENAME] as const; export type PluginManifest = { id: string; configSchema: Record; + enabledByDefault?: boolean; kind?: PluginKind; channels?: string[]; providers?: string[]; @@ -180,6 +181,7 @@ export function loadPluginManifest( } const kind = typeof raw.kind === "string" ? (raw.kind as PluginKind) : undefined; + const enabledByDefault = raw.enabledByDefault === true; const name = typeof raw.name === "string" ? raw.name.trim() : undefined; const description = typeof raw.description === "string" ? raw.description.trim() : undefined; const version = typeof raw.version === "string" ? raw.version.trim() : undefined; @@ -199,6 +201,7 @@ export function loadPluginManifest( manifest: { id, configSchema, + ...(enabledByDefault ? { enabledByDefault } : {}), kind, channels, providers, diff --git a/src/plugins/marketplace.test.ts b/src/plugins/marketplace.test.ts index 14d3bda0323..92918e256d4 100644 --- a/src/plugins/marketplace.test.ts +++ b/src/plugins/marketplace.test.ts @@ -45,21 +45,22 @@ describe("marketplace plugins", () => { const { listMarketplacePlugins } = await import("./marketplace.js"); const result = await listMarketplacePlugins({ marketplace: rootDir }); - expect(result).toEqual({ - ok: true, - sourceLabel: expect.stringContaining(".claude-plugin/marketplace.json"), - manifest: { - name: "Example Marketplace", - version: "1.0.0", - plugins: [ - { - name: "frontend-design", - version: "0.1.0", - description: "Design system bundle", - source: { kind: "path", path: "./plugins/frontend-design" }, - }, - ], - }, + expect(result.ok).toBe(true); + if (!result.ok) { + throw new Error("expected marketplace listing to succeed"); + } + expect(result.sourceLabel.replaceAll("\\", "/")).toContain(".claude-plugin/marketplace.json"); + expect(result.manifest).toEqual({ + name: "Example Marketplace", + version: "1.0.0", + plugins: [ + { + name: "frontend-design", + version: "0.1.0", + description: "Design system bundle", + source: { kind: "path", path: "./plugins/frontend-design" }, + }, + ], }); }); }); diff --git a/src/plugins/provider-api-key-auth.runtime.ts b/src/plugins/provider-api-key-auth.runtime.ts index 6909bd4cc2c..40404f512af 100644 --- a/src/plugins/provider-api-key-auth.runtime.ts +++ b/src/plugins/provider-api-key-auth.runtime.ts @@ -1,10 +1,12 @@ -import { normalizeApiKeyInput, validateApiKeyInput } from "../commands/auth-choice.api-key.js"; -import { ensureApiKeyFromOptionEnvOrPrompt } from "../commands/auth-choice.apply-helpers.js"; -import { applyPrimaryModel } from "../commands/model-picker.js"; -import { buildApiKeyCredential } from "../commands/onboard-auth.credentials.js"; -import { applyAuthProfileConfig } from "../commands/onboard-auth.js"; +import { applyAuthProfileConfig, buildApiKeyCredential } from "./provider-auth-helpers.js"; +import { + ensureApiKeyFromOptionEnvOrPrompt, + normalizeApiKeyInput, + validateApiKeyInput, +} from "./provider-auth-input.js"; +import { applyPrimaryModel } from "./provider-model-primary.js"; -export { +export const providerApiKeyAuthRuntime = { applyAuthProfileConfig, applyPrimaryModel, buildApiKeyCredential, diff --git a/src/plugins/provider-api-key-auth.ts b/src/plugins/provider-api-key-auth.ts index aa3805aea8f..183c8c4f5f0 100644 --- a/src/plugins/provider-api-key-auth.ts +++ b/src/plugins/provider-api-key-auth.ts @@ -1,6 +1,7 @@ import { upsertAuthProfile } from "../agents/auth-profiles/profiles.js"; import type { OpenClawConfig } from "../config/config.js"; import type { SecretInput } from "../config/types.secrets.js"; +import { createLazyRuntimeSurface } from "../shared/lazy-runtime.js"; import { normalizeOptionalSecretInput } from "../utils/normalize-secret-input.js"; import type { ProviderAuthMethod, @@ -29,14 +30,10 @@ type ProviderApiKeyAuthMethodOptions = { applyConfig?: (cfg: OpenClawConfig) => OpenClawConfig; }; -let providerApiKeyAuthRuntimePromise: - | Promise - | undefined; - -function loadProviderApiKeyAuthRuntime() { - providerApiKeyAuthRuntimePromise ??= import("./provider-api-key-auth.runtime.js"); - return providerApiKeyAuthRuntimePromise; -} +const loadProviderApiKeyAuthRuntime = createLazyRuntimeSurface( + () => import("./provider-api-key-auth.runtime.js"), + ({ providerApiKeyAuthRuntime }) => providerApiKeyAuthRuntime, +); function resolveStringOption(opts: Record | undefined, optionKey: string) { return normalizeOptionalSecretInput(opts?.[optionKey]); diff --git a/src/plugins/provider-auth-choice-helpers.ts b/src/plugins/provider-auth-choice-helpers.ts new file mode 100644 index 00000000000..d9ce7a57db8 --- /dev/null +++ b/src/plugins/provider-auth-choice-helpers.ts @@ -0,0 +1,82 @@ +import { normalizeProviderId } from "../agents/model-selection.js"; +import type { OpenClawConfig } from "../config/config.js"; +import type { ProviderAuthMethod, ProviderPlugin } from "./types.js"; + +export function resolveProviderMatch( + providers: ProviderPlugin[], + rawProvider?: string, +): ProviderPlugin | null { + const raw = rawProvider?.trim(); + if (!raw) { + return null; + } + const normalized = normalizeProviderId(raw); + return ( + providers.find((provider) => normalizeProviderId(provider.id) === normalized) ?? + providers.find( + (provider) => + provider.aliases?.some((alias) => normalizeProviderId(alias) === normalized) ?? false, + ) ?? + null + ); +} + +export function pickAuthMethod( + provider: ProviderPlugin, + rawMethod?: string, +): ProviderAuthMethod | null { + const raw = rawMethod?.trim(); + if (!raw) { + return null; + } + const normalized = raw.toLowerCase(); + return ( + provider.auth.find((method) => method.id.toLowerCase() === normalized) ?? + provider.auth.find((method) => method.label.toLowerCase() === normalized) ?? + null + ); +} + +function isPlainRecord(value: unknown): value is Record { + return Boolean(value && typeof value === "object" && !Array.isArray(value)); +} + +export function mergeConfigPatch(base: T, patch: unknown): T { + if (!isPlainRecord(base) || !isPlainRecord(patch)) { + return patch as T; + } + + const next: Record = { ...base }; + for (const [key, value] of Object.entries(patch)) { + const existing = next[key]; + if (isPlainRecord(existing) && isPlainRecord(value)) { + next[key] = mergeConfigPatch(existing, value); + } else { + next[key] = value; + } + } + return next as T; +} + +export function applyDefaultModel(cfg: OpenClawConfig, model: string): OpenClawConfig { + const models = { ...cfg.agents?.defaults?.models }; + models[model] = models[model] ?? {}; + + const existingModel = cfg.agents?.defaults?.model; + return { + ...cfg, + agents: { + ...cfg.agents, + defaults: { + ...cfg.agents?.defaults, + models, + model: { + ...(existingModel && typeof existingModel === "object" && "fallbacks" in existingModel + ? { fallbacks: (existingModel as { fallbacks?: string[] }).fallbacks } + : undefined), + primary: model, + }, + }, + }, + }; +} diff --git a/src/plugins/provider-auth-choice-preference.ts b/src/plugins/provider-auth-choice-preference.ts new file mode 100644 index 00000000000..dfd247f1e31 --- /dev/null +++ b/src/plugins/provider-auth-choice-preference.ts @@ -0,0 +1,53 @@ +import type { OpenClawConfig } from "../config/config.js"; +import { resolveManifestProviderAuthChoice } from "./provider-auth-choices.js"; + +const PREFERRED_PROVIDER_BY_AUTH_CHOICE: Partial> = { + chutes: "chutes", + "litellm-api-key": "litellm", + "custom-api-key": "custom", +}; + +function normalizeLegacyAuthChoice(choice: string): string { + if (choice === "oauth") { + return "setup-token"; + } + if (choice === "claude-cli") { + return "setup-token"; + } + if (choice === "codex-cli") { + return "openai-codex"; + } + return choice; +} + +export async function resolvePreferredProviderForAuthChoice(params: { + choice: string; + config?: OpenClawConfig; + workspaceDir?: string; + env?: NodeJS.ProcessEnv; +}): Promise { + const choice = normalizeLegacyAuthChoice(params.choice) ?? params.choice; + const manifestResolved = resolveManifestProviderAuthChoice(choice, params); + if (manifestResolved) { + return manifestResolved.providerId; + } + + const { resolveProviderPluginChoice, resolvePluginProviders } = + await import("./provider-auth-choice.runtime.js"); + const providers = resolvePluginProviders({ + config: params.config, + workspaceDir: params.workspaceDir, + env: params.env, + bundledProviderAllowlistCompat: true, + bundledProviderVitestCompat: true, + }); + const pluginResolved = resolveProviderPluginChoice({ + providers, + choice, + }); + if (pluginResolved) { + return pluginResolved.provider.id; + } + + return PREFERRED_PROVIDER_BY_AUTH_CHOICE[choice]; +} diff --git a/src/plugins/provider-auth-choice.runtime.ts b/src/plugins/provider-auth-choice.runtime.ts new file mode 100644 index 00000000000..cb298d32c83 --- /dev/null +++ b/src/plugins/provider-auth-choice.runtime.ts @@ -0,0 +1,29 @@ +import { + resolveProviderPluginChoice as resolveProviderPluginChoiceImpl, + runProviderModelSelectedHook as runProviderModelSelectedHookImpl, +} from "./provider-wizard.js"; +import { resolvePluginProviders as resolvePluginProvidersImpl } from "./providers.js"; + +type ResolveProviderPluginChoice = + typeof import("./provider-wizard.js").resolveProviderPluginChoice; +type RunProviderModelSelectedHook = + typeof import("./provider-wizard.js").runProviderModelSelectedHook; +type ResolvePluginProviders = typeof import("./providers.js").resolvePluginProviders; + +export function resolveProviderPluginChoice( + ...args: Parameters +): ReturnType { + return resolveProviderPluginChoiceImpl(...args); +} + +export function runProviderModelSelectedHook( + ...args: Parameters +): ReturnType { + return runProviderModelSelectedHookImpl(...args); +} + +export function resolvePluginProviders( + ...args: Parameters +): ReturnType { + return resolvePluginProvidersImpl(...args); +} diff --git a/src/plugins/provider-auth-choice.ts b/src/plugins/provider-auth-choice.ts new file mode 100644 index 00000000000..7a9679d97dc --- /dev/null +++ b/src/plugins/provider-auth-choice.ts @@ -0,0 +1,309 @@ +import { resolveOpenClawAgentDir } from "../agents/agent-paths.js"; +import { + resolveDefaultAgentId, + resolveAgentDir, + resolveAgentWorkspaceDir, +} from "../agents/agent-scope.js"; +import { upsertAuthProfile } from "../agents/auth-profiles.js"; +import { resolveDefaultAgentWorkspaceDir } from "../agents/workspace.js"; +import type { OpenClawConfig } from "../config/config.js"; +import type { RuntimeEnv } from "../runtime.js"; +import type { WizardPrompter } from "../wizard/prompts.js"; +import { enablePluginInConfig } from "./enable.js"; +import { + applyDefaultModel, + mergeConfigPatch, + pickAuthMethod, + resolveProviderMatch, +} from "./provider-auth-choice-helpers.js"; +import { applyAuthProfileConfig } from "./provider-auth-helpers.js"; +import { createVpsAwareOAuthHandlers } from "./provider-oauth-flow.js"; +import { isRemoteEnvironment, openUrl } from "./setup-browser.js"; +import type { ProviderAuthMethod, ProviderAuthOptionBag } from "./types.js"; + +export type ApplyProviderAuthChoiceParams = { + authChoice: string; + config: OpenClawConfig; + prompter: WizardPrompter; + runtime: RuntimeEnv; + agentDir?: string; + setDefaultModel: boolean; + agentId?: string; + opts?: Partial; +}; + +export type ApplyProviderAuthChoiceResult = { + config: OpenClawConfig; + agentModelOverride?: string; +}; + +export type PluginProviderAuthChoiceOptions = { + authChoice: string; + pluginId: string; + providerId: string; + methodId?: string; + label: string; +}; + +function restoreConfiguredPrimaryModel( + nextConfig: OpenClawConfig, + originalConfig: OpenClawConfig, +): OpenClawConfig { + const originalModel = originalConfig.agents?.defaults?.model; + const nextAgents = nextConfig.agents; + const nextDefaults = nextAgents?.defaults; + if (!nextDefaults) { + return nextConfig; + } + if (originalModel !== undefined) { + return { + ...nextConfig, + agents: { + ...nextAgents, + defaults: { + ...nextDefaults, + model: originalModel, + }, + }, + }; + } + const { model: _model, ...restDefaults } = nextDefaults; + return { + ...nextConfig, + agents: { + ...nextAgents, + defaults: restDefaults, + }, + }; +} + +async function loadPluginProviderRuntime() { + return import("./provider-auth-choice.runtime.js"); +} + +export async function runProviderPluginAuthMethod(params: { + config: OpenClawConfig; + runtime: RuntimeEnv; + prompter: WizardPrompter; + method: ProviderAuthMethod; + agentDir?: string; + agentId?: string; + workspaceDir?: string; + emitNotes?: boolean; + secretInputMode?: ProviderAuthOptionBag["secretInputMode"]; + allowSecretRefPrompt?: boolean; + opts?: Partial; +}): Promise<{ config: OpenClawConfig; defaultModel?: string }> { + const agentId = params.agentId ?? resolveDefaultAgentId(params.config); + const defaultAgentId = resolveDefaultAgentId(params.config); + const agentDir = + params.agentDir ?? + (agentId === defaultAgentId + ? resolveOpenClawAgentDir() + : resolveAgentDir(params.config, agentId)); + const workspaceDir = + params.workspaceDir ?? + resolveAgentWorkspaceDir(params.config, agentId) ?? + resolveDefaultAgentWorkspaceDir(); + + const result = await params.method.run({ + config: params.config, + agentDir, + workspaceDir, + prompter: params.prompter, + runtime: params.runtime, + opts: params.opts, + secretInputMode: params.secretInputMode, + allowSecretRefPrompt: params.allowSecretRefPrompt, + isRemote: isRemoteEnvironment(), + openUrl: async (url) => { + await openUrl(url); + }, + oauth: { + createVpsAwareHandlers: (opts) => createVpsAwareOAuthHandlers(opts), + }, + }); + + let nextConfig = params.config; + if (result.configPatch) { + nextConfig = mergeConfigPatch(nextConfig, result.configPatch); + } + + for (const profile of result.profiles) { + upsertAuthProfile({ + profileId: profile.profileId, + credential: profile.credential, + agentDir, + }); + + nextConfig = applyAuthProfileConfig(nextConfig, { + profileId: profile.profileId, + provider: profile.credential.provider, + mode: profile.credential.type === "token" ? "token" : profile.credential.type, + ...("email" in profile.credential && profile.credential.email + ? { email: profile.credential.email } + : {}), + }); + } + + if (params.emitNotes !== false && result.notes && result.notes.length > 0) { + await params.prompter.note(result.notes.join("\n"), "Provider notes"); + } + + return { + config: nextConfig, + defaultModel: result.defaultModel, + }; +} + +export async function applyAuthChoiceLoadedPluginProvider( + params: ApplyProviderAuthChoiceParams, +): Promise { + const agentId = params.agentId ?? resolveDefaultAgentId(params.config); + const workspaceDir = + resolveAgentWorkspaceDir(params.config, agentId) ?? resolveDefaultAgentWorkspaceDir(); + const { resolvePluginProviders, resolveProviderPluginChoice, runProviderModelSelectedHook } = + await loadPluginProviderRuntime(); + const providers = resolvePluginProviders({ + config: params.config, + workspaceDir, + bundledProviderAllowlistCompat: true, + bundledProviderVitestCompat: true, + }); + const resolved = resolveProviderPluginChoice({ + providers, + choice: params.authChoice, + }); + if (!resolved) { + return null; + } + + const applied = await runProviderPluginAuthMethod({ + config: params.config, + runtime: params.runtime, + prompter: params.prompter, + method: resolved.method, + agentDir: params.agentDir, + agentId: params.agentId, + workspaceDir, + secretInputMode: params.opts?.secretInputMode, + allowSecretRefPrompt: false, + opts: params.opts, + }); + + let nextConfig = applied.config; + let agentModelOverride: string | undefined; + if (applied.defaultModel) { + if (params.setDefaultModel) { + nextConfig = applyDefaultModel(nextConfig, applied.defaultModel); + await runProviderModelSelectedHook({ + config: nextConfig, + model: applied.defaultModel, + prompter: params.prompter, + agentDir: params.agentDir, + workspaceDir, + }); + await params.prompter.note( + `Default model set to ${applied.defaultModel}`, + "Model configured", + ); + return { config: nextConfig }; + } + nextConfig = restoreConfiguredPrimaryModel(nextConfig, params.config); + agentModelOverride = applied.defaultModel; + } + + return { config: nextConfig, agentModelOverride }; +} + +export async function applyAuthChoicePluginProvider( + params: ApplyProviderAuthChoiceParams, + options: PluginProviderAuthChoiceOptions, +): Promise { + if (params.authChoice !== options.authChoice) { + return null; + } + + const enableResult = enablePluginInConfig(params.config, options.pluginId); + let nextConfig = enableResult.config; + if (!enableResult.enabled) { + await params.prompter.note( + `${options.label} plugin is disabled (${enableResult.reason ?? "blocked"}).`, + options.label, + ); + return { config: nextConfig }; + } + + const agentId = params.agentId ?? resolveDefaultAgentId(nextConfig); + const defaultAgentId = resolveDefaultAgentId(nextConfig); + const agentDir = + params.agentDir ?? + (agentId === defaultAgentId ? resolveOpenClawAgentDir() : resolveAgentDir(nextConfig, agentId)); + const workspaceDir = + resolveAgentWorkspaceDir(nextConfig, agentId) ?? resolveDefaultAgentWorkspaceDir(); + + const { resolvePluginProviders, runProviderModelSelectedHook } = + await loadPluginProviderRuntime(); + const providers = resolvePluginProviders({ + config: nextConfig, + workspaceDir, + bundledProviderAllowlistCompat: true, + bundledProviderVitestCompat: true, + }); + const provider = resolveProviderMatch(providers, options.providerId); + if (!provider) { + await params.prompter.note( + `${options.label} auth plugin is not available. Enable it and re-run onboarding.`, + options.label, + ); + return { config: nextConfig }; + } + + const method = pickAuthMethod(provider, options.methodId) ?? provider.auth[0]; + if (!method) { + await params.prompter.note(`${options.label} auth method missing.`, options.label); + return { config: nextConfig }; + } + + const applied = await runProviderPluginAuthMethod({ + config: nextConfig, + runtime: params.runtime, + prompter: params.prompter, + method, + agentDir, + agentId, + workspaceDir, + secretInputMode: params.opts?.secretInputMode, + allowSecretRefPrompt: false, + opts: params.opts, + }); + + nextConfig = applied.config; + if (applied.defaultModel) { + if (params.setDefaultModel) { + nextConfig = applyDefaultModel(nextConfig, applied.defaultModel); + await runProviderModelSelectedHook({ + config: nextConfig, + model: applied.defaultModel, + prompter: params.prompter, + agentDir, + workspaceDir, + }); + await params.prompter.note( + `Default model set to ${applied.defaultModel}`, + "Model configured", + ); + return { config: nextConfig }; + } + if (params.agentId) { + await params.prompter.note( + `Default model set to ${applied.defaultModel} for agent "${params.agentId}".`, + "Model configured", + ); + } + nextConfig = restoreConfiguredPrimaryModel(nextConfig, params.config); + return { config: nextConfig, agentModelOverride: applied.defaultModel }; + } + + return { config: nextConfig }; +} diff --git a/src/plugins/provider-auth-helpers.ts b/src/plugins/provider-auth-helpers.ts new file mode 100644 index 00000000000..bf397044eae --- /dev/null +++ b/src/plugins/provider-auth-helpers.ts @@ -0,0 +1,262 @@ +import fs from "node:fs"; +import path from "node:path"; +import type { OAuthCredentials } from "@mariozechner/pi-ai"; +import { resolveOpenClawAgentDir } from "../agents/agent-paths.js"; +import { upsertAuthProfile } from "../agents/auth-profiles.js"; +import { normalizeProviderIdForAuth } from "../agents/provider-id.js"; +import type { OpenClawConfig } from "../config/config.js"; +import { resolveStateDir } from "../config/paths.js"; +import { + coerceSecretRef, + DEFAULT_SECRET_PROVIDER_ALIAS, + type SecretInput, + type SecretRef, +} from "../config/types.secrets.js"; +import { PROVIDER_ENV_VARS } from "../secrets/provider-env-vars.js"; +import { normalizeSecretInput } from "../utils/normalize-secret-input.js"; +import type { SecretInputMode } from "./provider-auth-types.js"; + +const ENV_REF_PATTERN = /^\$\{([A-Z][A-Z0-9_]*)\}$/; + +const resolveAuthAgentDir = (agentDir?: string) => agentDir ?? resolveOpenClawAgentDir(); + +export type ApiKeyStorageOptions = { + secretInputMode?: SecretInputMode; +}; + +export type WriteOAuthCredentialsOptions = { + syncSiblingAgents?: boolean; +}; + +function buildEnvSecretRef(id: string): SecretRef { + return { source: "env", provider: DEFAULT_SECRET_PROVIDER_ALIAS, id }; +} + +function parseEnvSecretRef(value: string): SecretRef | null { + const match = ENV_REF_PATTERN.exec(value); + if (!match) { + return null; + } + return buildEnvSecretRef(match[1]); +} + +function resolveProviderDefaultEnvSecretRef(provider: string): SecretRef { + const envVars = PROVIDER_ENV_VARS[provider]; + const envVar = envVars?.find((candidate) => candidate.trim().length > 0); + if (!envVar) { + throw new Error( + `Provider "${provider}" does not have a default env var mapping for secret-input-mode=ref.`, + ); + } + return buildEnvSecretRef(envVar); +} + +function resolveApiKeySecretInput( + provider: string, + input: SecretInput, + options?: ApiKeyStorageOptions, +): SecretInput { + const coercedRef = coerceSecretRef(input); + if (coercedRef) { + return coercedRef; + } + const normalized = normalizeSecretInput(input); + const inlineEnvRef = parseEnvSecretRef(normalized); + if (inlineEnvRef) { + return inlineEnvRef; + } + if (options?.secretInputMode === "ref") { + return resolveProviderDefaultEnvSecretRef(provider); + } + return normalized; +} + +export function buildApiKeyCredential( + provider: string, + input: SecretInput, + metadata?: Record, + options?: ApiKeyStorageOptions, +): { + type: "api_key"; + provider: string; + key?: string; + keyRef?: SecretRef; + metadata?: Record; +} { + const secretInput = resolveApiKeySecretInput(provider, input, options); + if (typeof secretInput === "string") { + return { + type: "api_key", + provider, + key: secretInput, + ...(metadata ? { metadata } : {}), + }; + } + return { + type: "api_key", + provider, + keyRef: secretInput, + ...(metadata ? { metadata } : {}), + }; +} + +export function applyAuthProfileConfig( + cfg: OpenClawConfig, + params: { + profileId: string; + provider: string; + mode: "api_key" | "oauth" | "token"; + email?: string; + preferProfileFirst?: boolean; + }, +): OpenClawConfig { + const normalizedProvider = normalizeProviderIdForAuth(params.provider); + const profiles = { + ...cfg.auth?.profiles, + [params.profileId]: { + provider: params.provider, + mode: params.mode, + ...(params.email ? { email: params.email } : {}), + }, + }; + + const configuredProviderProfiles = Object.entries(cfg.auth?.profiles ?? {}) + .filter(([, profile]) => normalizeProviderIdForAuth(profile.provider) === normalizedProvider) + .map(([profileId, profile]) => ({ profileId, mode: profile.mode })); + + // Maintain `auth.order` when it already exists. Additionally, if we detect + // mixed auth modes for the same provider, keep the newly selected profile first. + const existingProviderOrder = cfg.auth?.order?.[params.provider]; + const preferProfileFirst = params.preferProfileFirst ?? true; + const reorderedProviderOrder = + existingProviderOrder && preferProfileFirst + ? [ + params.profileId, + ...existingProviderOrder.filter((profileId) => profileId !== params.profileId), + ] + : existingProviderOrder; + const hasMixedConfiguredModes = configuredProviderProfiles.some( + ({ profileId, mode }) => profileId !== params.profileId && mode !== params.mode, + ); + const derivedProviderOrder = + existingProviderOrder === undefined && preferProfileFirst && hasMixedConfiguredModes + ? [ + params.profileId, + ...configuredProviderProfiles + .map(({ profileId }) => profileId) + .filter((profileId) => profileId !== params.profileId), + ] + : undefined; + const order = + existingProviderOrder !== undefined + ? { + ...cfg.auth?.order, + [params.provider]: reorderedProviderOrder?.includes(params.profileId) + ? reorderedProviderOrder + : [...(reorderedProviderOrder ?? []), params.profileId], + } + : derivedProviderOrder + ? { + ...cfg.auth?.order, + [params.provider]: derivedProviderOrder, + } + : cfg.auth?.order; + return { + ...cfg, + auth: { + ...cfg.auth, + profiles, + ...(order ? { order } : {}), + }, + }; +} + +/** Resolve real path, returning null if the target doesn't exist. */ +function safeRealpathSync(dir: string): string | null { + try { + return fs.realpathSync(path.resolve(dir)); + } catch { + return null; + } +} + +function resolveSiblingAgentDirs(primaryAgentDir: string): string[] { + const normalized = path.resolve(primaryAgentDir); + const parentOfAgent = path.dirname(normalized); + const candidateAgentsRoot = path.dirname(parentOfAgent); + const looksLikeStandardLayout = + path.basename(normalized) === "agent" && path.basename(candidateAgentsRoot) === "agents"; + + const agentsRoot = looksLikeStandardLayout + ? candidateAgentsRoot + : path.join(resolveStateDir(), "agents"); + + const entries = (() => { + try { + return fs.readdirSync(agentsRoot, { withFileTypes: true }); + } catch { + return []; + } + })(); + const discovered = entries + .filter((entry) => entry.isDirectory() || entry.isSymbolicLink()) + .map((entry) => path.join(agentsRoot, entry.name, "agent")); + + const seen = new Set(); + const result: string[] = []; + for (const dir of [normalized, ...discovered]) { + const real = safeRealpathSync(dir); + if (real && !seen.has(real)) { + seen.add(real); + result.push(real); + } + } + return result; +} + +export async function writeOAuthCredentials( + provider: string, + creds: OAuthCredentials, + agentDir?: string, + options?: WriteOAuthCredentialsOptions, +): Promise { + const email = + typeof creds.email === "string" && creds.email.trim() ? creds.email.trim() : "default"; + const profileId = `${provider}:${email}`; + const resolvedAgentDir = path.resolve(resolveAuthAgentDir(agentDir)); + const targetAgentDirs = options?.syncSiblingAgents + ? resolveSiblingAgentDirs(resolvedAgentDir) + : [resolvedAgentDir]; + + const credential = { + type: "oauth" as const, + provider, + ...creds, + }; + + upsertAuthProfile({ + profileId, + credential, + agentDir: resolvedAgentDir, + }); + + if (options?.syncSiblingAgents) { + const primaryReal = safeRealpathSync(resolvedAgentDir); + for (const targetAgentDir of targetAgentDirs) { + const targetReal = safeRealpathSync(targetAgentDir); + if (targetReal && primaryReal && targetReal === primaryReal) { + continue; + } + try { + upsertAuthProfile({ + profileId, + credential, + agentDir: targetAgentDir, + }); + } catch { + // Best-effort: sibling sync failure must not block primary setup. + } + } + } + return profileId; +} diff --git a/src/plugins/provider-auth-input.ts b/src/plugins/provider-auth-input.ts new file mode 100644 index 00000000000..02abf92592d --- /dev/null +++ b/src/plugins/provider-auth-input.ts @@ -0,0 +1,496 @@ +import { resolveEnvApiKey } from "../agents/model-auth.js"; +import type { OpenClawConfig } from "../config/types.js"; +import { + isValidEnvSecretRefId, + type SecretInput, + type SecretRef, +} from "../config/types.secrets.js"; +import { encodeJsonPointerToken } from "../secrets/json-pointer.js"; +import { PROVIDER_ENV_VARS } from "../secrets/provider-env-vars.js"; +import { + formatExecSecretRefIdValidationMessage, + isValidExecSecretRefId, + isValidFileSecretRefId, + resolveDefaultSecretProviderAlias, +} from "../secrets/ref-contract.js"; +import { resolveSecretRefString } from "../secrets/resolve.js"; +import type { WizardPrompter } from "../wizard/prompts.js"; +import type { SecretInputMode } from "./provider-auth-types.js"; + +const DEFAULT_KEY_PREVIEW = { head: 4, tail: 4 }; +const ENV_SOURCE_LABEL_RE = /(?:^|:\s)([A-Z][A-Z0-9_]*)$/; + +type SecretRefChoice = "env" | "provider"; // pragma: allowlist secret + +export type SecretInputModePromptCopy = { + modeMessage?: string; + plaintextLabel?: string; + plaintextHint?: string; + refLabel?: string; + refHint?: string; +}; + +export type SecretRefSetupPromptCopy = { + sourceMessage?: string; + envVarMessage?: string; + envVarPlaceholder?: string; + envVarFormatError?: string; + envVarMissingError?: (envVar: string) => string; + noProvidersMessage?: string; + envValidatedMessage?: (envVar: string) => string; + providerValidatedMessage?: (provider: string, id: string, source: "file" | "exec") => string; +}; + +export function normalizeApiKeyInput(raw: string): string { + const trimmed = String(raw ?? "").trim(); + if (!trimmed) { + return ""; + } + + const assignmentMatch = trimmed.match(/^(?:export\s+)?[A-Za-z_][A-Za-z0-9_]*\s*=\s*(.+)$/); + const valuePart = assignmentMatch ? assignmentMatch[1].trim() : trimmed; + + const unquoted = + valuePart.length >= 2 && + ((valuePart.startsWith('"') && valuePart.endsWith('"')) || + (valuePart.startsWith("'") && valuePart.endsWith("'")) || + (valuePart.startsWith("`") && valuePart.endsWith("`"))) + ? valuePart.slice(1, -1) + : valuePart; + + const withoutSemicolon = unquoted.endsWith(";") ? unquoted.slice(0, -1) : unquoted; + + return withoutSemicolon.trim(); +} + +export const validateApiKeyInput = (value: string) => + normalizeApiKeyInput(value).length > 0 ? undefined : "Required"; + +export function formatApiKeyPreview( + raw: string, + opts: { head?: number; tail?: number } = {}, +): string { + const trimmed = raw.trim(); + if (!trimmed) { + return "…"; + } + const head = opts.head ?? DEFAULT_KEY_PREVIEW.head; + const tail = opts.tail ?? DEFAULT_KEY_PREVIEW.tail; + if (trimmed.length <= head + tail) { + const shortHead = Math.min(2, trimmed.length); + const shortTail = Math.min(2, trimmed.length - shortHead); + if (shortTail <= 0) { + return `${trimmed.slice(0, shortHead)}…`; + } + return `${trimmed.slice(0, shortHead)}…${trimmed.slice(-shortTail)}`; + } + return `${trimmed.slice(0, head)}…${trimmed.slice(-tail)}`; +} + +function formatErrorMessage(error: unknown): string { + if (error instanceof Error && typeof error.message === "string" && error.message.trim()) { + return error.message; + } + return String(error); +} + +function extractEnvVarFromSourceLabel(source: string): string | undefined { + const match = ENV_SOURCE_LABEL_RE.exec(source.trim()); + return match?.[1]; +} + +function resolveDefaultProviderEnvVar(provider: string): string | undefined { + const envVars = PROVIDER_ENV_VARS[provider]; + return envVars?.find((candidate) => candidate.trim().length > 0); +} + +function resolveDefaultFilePointerId(provider: string): string { + return `/providers/${encodeJsonPointerToken(provider)}/apiKey`; +} + +function resolveRefFallbackInput(params: { + config: OpenClawConfig; + provider: string; + preferredEnvVar?: string; +}): { ref: SecretRef; resolvedValue: string } { + const fallbackEnvVar = params.preferredEnvVar ?? resolveDefaultProviderEnvVar(params.provider); + if (!fallbackEnvVar) { + throw new Error( + `No default environment variable mapping found for provider "${params.provider}". Set a provider-specific env var, or re-run setup in an interactive terminal to configure a ref.`, + ); + } + const value = process.env[fallbackEnvVar]?.trim(); + if (!value) { + throw new Error( + `Environment variable "${fallbackEnvVar}" is required for --secret-input-mode ref in non-interactive setup.`, + ); + } + return { + ref: { + source: "env", + provider: resolveDefaultSecretProviderAlias(params.config, "env", { + preferFirstProviderForSource: true, + }), + id: fallbackEnvVar, + }, + resolvedValue: value, + }; +} + +export async function promptSecretRefForSetup(params: { + provider: string; + config: OpenClawConfig; + prompter: WizardPrompter; + preferredEnvVar?: string; + copy?: SecretRefSetupPromptCopy; +}): Promise<{ ref: SecretRef; resolvedValue: string }> { + const defaultEnvVar = + params.preferredEnvVar ?? resolveDefaultProviderEnvVar(params.provider) ?? ""; + const defaultFilePointer = resolveDefaultFilePointerId(params.provider); + let sourceChoice: SecretRefChoice = "env"; // pragma: allowlist secret + + while (true) { + const sourceRaw: SecretRefChoice = await params.prompter.select({ + message: params.copy?.sourceMessage ?? "Where is this API key stored?", + initialValue: sourceChoice, + options: [ + { + value: "env", + label: "Environment variable", + hint: "Reference a variable from your runtime environment", + }, + { + value: "provider", + label: "Configured secret provider", + hint: "Use a configured file or exec secret provider", + }, + ], + }); + const source: SecretRefChoice = sourceRaw === "provider" ? "provider" : "env"; + sourceChoice = source; + + if (source === "env") { + const envVarRaw = await params.prompter.text({ + message: params.copy?.envVarMessage ?? "Environment variable name", + initialValue: defaultEnvVar || undefined, + placeholder: params.copy?.envVarPlaceholder ?? "OPENAI_API_KEY", + validate: (value) => { + const candidate = value.trim(); + if (!isValidEnvSecretRefId(candidate)) { + return ( + params.copy?.envVarFormatError ?? + 'Use an env var name like "OPENAI_API_KEY" (uppercase letters, numbers, underscores).' + ); + } + if (!process.env[candidate]?.trim()) { + return ( + params.copy?.envVarMissingError?.(candidate) ?? + `Environment variable "${candidate}" is missing or empty in this session.` + ); + } + return undefined; + }, + }); + const envCandidate = String(envVarRaw ?? "").trim(); + const envVar = + envCandidate && isValidEnvSecretRefId(envCandidate) ? envCandidate : defaultEnvVar; + if (!envVar) { + throw new Error( + `No valid environment variable name provided for provider "${params.provider}".`, + ); + } + const ref: SecretRef = { + source: "env", + provider: resolveDefaultSecretProviderAlias(params.config, "env", { + preferFirstProviderForSource: true, + }), + id: envVar, + }; + const resolvedValue = await resolveSecretRefString(ref, { + config: params.config, + env: process.env, + }); + await params.prompter.note( + params.copy?.envValidatedMessage?.(envVar) ?? + `Validated environment variable ${envVar}. OpenClaw will store a reference, not the key value.`, + "Reference validated", + ); + return { ref, resolvedValue }; + } + + const externalProviders = Object.entries(params.config.secrets?.providers ?? {}).filter( + ([, provider]) => provider?.source === "file" || provider?.source === "exec", + ); + if (externalProviders.length === 0) { + await params.prompter.note( + params.copy?.noProvidersMessage ?? + "No file/exec secret providers are configured yet. Add one under secrets.providers, or select Environment variable.", + "No providers configured", + ); + continue; + } + const defaultProvider = resolveDefaultSecretProviderAlias(params.config, "file", { + preferFirstProviderForSource: true, + }); + const selectedProvider = await params.prompter.select({ + message: "Select secret provider", + initialValue: + externalProviders.find(([providerName]) => providerName === defaultProvider)?.[0] ?? + externalProviders[0]?.[0], + options: externalProviders.map(([providerName, provider]) => ({ + value: providerName, + label: providerName, + hint: provider?.source === "exec" ? "Exec provider" : "File provider", + })), + }); + const providerEntry = params.config.secrets?.providers?.[selectedProvider]; + if (!providerEntry || (providerEntry.source !== "file" && providerEntry.source !== "exec")) { + await params.prompter.note( + `Provider "${selectedProvider}" is not a file/exec provider.`, + "Invalid provider", + ); + continue; + } + const idPrompt = + providerEntry.source === "file" + ? "Secret id (JSON pointer for json mode, or 'value' for singleValue mode)" + : "Secret id for the exec provider"; + const idDefault = + providerEntry.source === "file" + ? providerEntry.mode === "singleValue" + ? "value" + : defaultFilePointer + : `${params.provider}/apiKey`; + const idRaw = await params.prompter.text({ + message: idPrompt, + initialValue: idDefault, + placeholder: providerEntry.source === "file" ? "/providers/openai/apiKey" : "openai/api-key", + validate: (value) => { + const candidate = value.trim(); + if (!candidate) { + return "Secret id cannot be empty."; + } + if ( + providerEntry.source === "file" && + providerEntry.mode !== "singleValue" && + !isValidFileSecretRefId(candidate) + ) { + return 'Use an absolute JSON pointer like "/providers/openai/apiKey".'; + } + if ( + providerEntry.source === "file" && + providerEntry.mode === "singleValue" && + candidate !== "value" + ) { + return 'singleValue mode expects id "value".'; + } + if (providerEntry.source === "exec" && !isValidExecSecretRefId(candidate)) { + return formatExecSecretRefIdValidationMessage(); + } + return undefined; + }, + }); + const id = String(idRaw ?? "").trim() || idDefault; + const ref: SecretRef = { + source: providerEntry.source, + provider: selectedProvider, + id, + }; + try { + const resolvedValue = await resolveSecretRefString(ref, { + config: params.config, + env: process.env, + }); + await params.prompter.note( + params.copy?.providerValidatedMessage?.(selectedProvider, id, providerEntry.source) ?? + `Validated ${providerEntry.source} reference ${selectedProvider}:${id}. OpenClaw will store a reference, not the key value.`, + "Reference validated", + ); + return { ref, resolvedValue }; + } catch (error) { + await params.prompter.note( + [ + `Could not validate provider reference ${selectedProvider}:${id}.`, + formatErrorMessage(error), + "Check your provider configuration and try again.", + ].join("\n"), + "Reference check failed", + ); + } + } +} + +export function normalizeTokenProviderInput( + tokenProvider: string | null | undefined, +): string | undefined { + const normalized = String(tokenProvider ?? "") + .trim() + .toLowerCase(); + return normalized || undefined; +} + +export function normalizeSecretInputModeInput( + secretInputMode: string | null | undefined, +): SecretInputMode | undefined { + const normalized = String(secretInputMode ?? "") + .trim() + .toLowerCase(); + if (normalized === "plaintext" || normalized === "ref") { + return normalized; + } + return undefined; +} + +export async function resolveSecretInputModeForEnvSelection(params: { + prompter: WizardPrompter; + explicitMode?: SecretInputMode; + copy?: SecretInputModePromptCopy; +}): Promise { + if (params.explicitMode) { + return params.explicitMode; + } + if (typeof params.prompter.select !== "function") { + return "plaintext"; + } + const selected = await params.prompter.select({ + message: params.copy?.modeMessage ?? "How do you want to provide this API key?", + initialValue: "plaintext", + options: [ + { + value: "plaintext", + label: params.copy?.plaintextLabel ?? "Paste API key now", + hint: params.copy?.plaintextHint ?? "Stores the key directly in OpenClaw config", + }, + { + value: "ref", + label: params.copy?.refLabel ?? "Use external secret provider", + hint: + params.copy?.refHint ?? + "Stores a reference to env or configured external secret providers", + }, + ], + }); + return selected === "ref" ? "ref" : "plaintext"; +} + +export async function maybeApplyApiKeyFromOption(params: { + token: string | undefined; + tokenProvider: string | undefined; + secretInputMode?: SecretInputMode; + expectedProviders: string[]; + normalize: (value: string) => string; + setCredential: (apiKey: SecretInput, mode?: SecretInputMode) => Promise; +}): Promise { + const tokenProvider = normalizeTokenProviderInput(params.tokenProvider); + const expectedProviders = params.expectedProviders + .map((provider) => normalizeTokenProviderInput(provider)) + .filter((provider): provider is string => Boolean(provider)); + if (!params.token || !tokenProvider || !expectedProviders.includes(tokenProvider)) { + return undefined; + } + const apiKey = params.normalize(params.token); + await params.setCredential(apiKey, params.secretInputMode); + return apiKey; +} + +export async function ensureApiKeyFromOptionEnvOrPrompt(params: { + token: string | undefined; + tokenProvider: string | undefined; + secretInputMode?: SecretInputMode; + config: OpenClawConfig; + expectedProviders: string[]; + provider: string; + envLabel: string; + promptMessage: string; + normalize: (value: string) => string; + validate: (value: string) => string | undefined; + prompter: WizardPrompter; + setCredential: (apiKey: SecretInput, mode?: SecretInputMode) => Promise; + noteMessage?: string; + noteTitle?: string; +}): Promise { + const optionApiKey = await maybeApplyApiKeyFromOption({ + token: params.token, + tokenProvider: params.tokenProvider, + secretInputMode: params.secretInputMode, + expectedProviders: params.expectedProviders, + normalize: params.normalize, + setCredential: params.setCredential, + }); + if (optionApiKey) { + return optionApiKey; + } + + if (params.noteMessage) { + await params.prompter.note(params.noteMessage, params.noteTitle); + } + + return await ensureApiKeyFromEnvOrPrompt({ + config: params.config, + provider: params.provider, + envLabel: params.envLabel, + promptMessage: params.promptMessage, + normalize: params.normalize, + validate: params.validate, + prompter: params.prompter, + secretInputMode: params.secretInputMode, + setCredential: params.setCredential, + }); +} + +export async function ensureApiKeyFromEnvOrPrompt(params: { + config: OpenClawConfig; + provider: string; + envLabel: string; + promptMessage: string; + normalize: (value: string) => string; + validate: (value: string) => string | undefined; + prompter: WizardPrompter; + secretInputMode?: SecretInputMode; + setCredential: (apiKey: SecretInput, mode?: SecretInputMode) => Promise; +}): Promise { + const selectedMode = await resolveSecretInputModeForEnvSelection({ + prompter: params.prompter, + explicitMode: params.secretInputMode, + }); + const envKey = resolveEnvApiKey(params.provider); + + if (selectedMode === "ref") { + if (typeof params.prompter.select !== "function") { + const fallback = resolveRefFallbackInput({ + config: params.config, + provider: params.provider, + preferredEnvVar: envKey?.source ? extractEnvVarFromSourceLabel(envKey.source) : undefined, + }); + await params.setCredential(fallback.ref, selectedMode); + return fallback.resolvedValue; + } + const resolved = await promptSecretRefForSetup({ + provider: params.provider, + config: params.config, + prompter: params.prompter, + preferredEnvVar: envKey?.source ? extractEnvVarFromSourceLabel(envKey.source) : undefined, + }); + await params.setCredential(resolved.ref, selectedMode); + return resolved.resolvedValue; + } + + if (envKey && selectedMode === "plaintext") { + const useExisting = await params.prompter.confirm({ + message: `Use existing ${params.envLabel} (${envKey.source}, ${formatApiKeyPreview(envKey.apiKey)})?`, + initialValue: true, + }); + if (useExisting) { + await params.setCredential(envKey.apiKey, selectedMode); + return envKey.apiKey; + } + } + + const key = await params.prompter.text({ + message: params.promptMessage, + validate: params.validate, + }); + const apiKey = params.normalize(String(key ?? "")); + await params.setCredential(apiKey, selectedMode); + return apiKey; +} diff --git a/src/commands/onboard-auth.credentials.ts b/src/plugins/provider-auth-storage.ts similarity index 57% rename from src/commands/onboard-auth.credentials.ts rename to src/plugins/provider-auth-storage.ts index 2973667830b..d8e15115902 100644 --- a/src/commands/onboard-auth.credentials.ts +++ b/src/plugins/provider-auth-storage.ts @@ -1,215 +1,29 @@ -import fs from "node:fs"; -import path from "node:path"; -import type { OAuthCredentials } from "@mariozechner/pi-ai"; import { resolveOpenClawAgentDir } from "../agents/agent-paths.js"; import { upsertAuthProfile } from "../agents/auth-profiles.js"; -import { resolveStateDir } from "../config/paths.js"; -import { - coerceSecretRef, - DEFAULT_SECRET_PROVIDER_ALIAS, - type SecretInput, - type SecretRef, -} from "../config/types.secrets.js"; +import type { SecretInput } from "../config/types.secrets.js"; import { KILOCODE_DEFAULT_MODEL_REF } from "../providers/kilocode-shared.js"; -import { PROVIDER_ENV_VARS } from "../secrets/provider-env-vars.js"; -import { normalizeSecretInput } from "../utils/normalize-secret-input.js"; -import type { SecretInputMode } from "./onboard-types.js"; -export { CLOUDFLARE_AI_GATEWAY_DEFAULT_MODEL_REF } from "../agents/cloudflare-ai-gateway.js"; -export { - MISTRAL_DEFAULT_MODEL_REF, - XAI_DEFAULT_MODEL_REF, - MODELSTUDIO_DEFAULT_MODEL_REF, -} from "./onboard-auth.models.js"; -export { KILOCODE_DEFAULT_MODEL_REF }; +import { + buildApiKeyCredential, + type ApiKeyStorageOptions, + writeOAuthCredentials, + type WriteOAuthCredentialsOptions, +} from "./provider-auth-helpers.js"; const resolveAuthAgentDir = (agentDir?: string) => agentDir ?? resolveOpenClawAgentDir(); -const ENV_REF_PATTERN = /^\$\{([A-Z][A-Z0-9_]*)\}$/; - -export type ApiKeyStorageOptions = { - secretInputMode?: SecretInputMode; +export { KILOCODE_DEFAULT_MODEL_REF }; +export { + buildApiKeyCredential, + type ApiKeyStorageOptions, + writeOAuthCredentials, + type WriteOAuthCredentialsOptions, }; -function buildEnvSecretRef(id: string): SecretRef { - return { source: "env", provider: DEFAULT_SECRET_PROVIDER_ALIAS, id }; -} - -function parseEnvSecretRef(value: string): SecretRef | null { - const match = ENV_REF_PATTERN.exec(value); - if (!match) { - return null; - } - return buildEnvSecretRef(match[1]); -} - -function resolveProviderDefaultEnvSecretRef(provider: string): SecretRef { - const envVars = PROVIDER_ENV_VARS[provider]; - const envVar = envVars?.find((candidate) => candidate.trim().length > 0); - if (!envVar) { - throw new Error( - `Provider "${provider}" does not have a default env var mapping for secret-input-mode=ref.`, - ); - } - return buildEnvSecretRef(envVar); -} - -function resolveApiKeySecretInput( - provider: string, - input: SecretInput, - options?: ApiKeyStorageOptions, -): SecretInput { - const coercedRef = coerceSecretRef(input); - if (coercedRef) { - return coercedRef; - } - const normalized = normalizeSecretInput(input); - const inlineEnvRef = parseEnvSecretRef(normalized); - if (inlineEnvRef) { - return inlineEnvRef; - } - const useSecretRefMode = options?.secretInputMode === "ref"; // pragma: allowlist secret - if (useSecretRefMode) { - return resolveProviderDefaultEnvSecretRef(provider); - } - return normalized; -} - -export function buildApiKeyCredential( - provider: string, - input: SecretInput, - metadata?: Record, - options?: ApiKeyStorageOptions, -): { - type: "api_key"; - provider: string; - key?: string; - keyRef?: SecretRef; - metadata?: Record; -} { - const secretInput = resolveApiKeySecretInput(provider, input, options); - if (typeof secretInput === "string") { - return { - type: "api_key", - provider, - key: secretInput, - ...(metadata ? { metadata } : {}), - }; - } - return { - type: "api_key", - provider, - keyRef: secretInput, - ...(metadata ? { metadata } : {}), - }; -} - -export type WriteOAuthCredentialsOptions = { - syncSiblingAgents?: boolean; -}; - -/** Resolve real path, returning null if the target doesn't exist. */ -function safeRealpathSync(dir: string): string | null { - try { - return fs.realpathSync(path.resolve(dir)); - } catch { - return null; - } -} - -function resolveSiblingAgentDirs(primaryAgentDir: string): string[] { - const normalized = path.resolve(primaryAgentDir); - - // Derive agentsRoot from primaryAgentDir when it matches the standard - // layout (.../agents//agent). Falls back to global state dir. - const parentOfAgent = path.dirname(normalized); - const candidateAgentsRoot = path.dirname(parentOfAgent); - const looksLikeStandardLayout = - path.basename(normalized) === "agent" && path.basename(candidateAgentsRoot) === "agents"; - - const agentsRoot = looksLikeStandardLayout - ? candidateAgentsRoot - : path.join(resolveStateDir(), "agents"); - - const entries = (() => { - try { - return fs.readdirSync(agentsRoot, { withFileTypes: true }); - } catch { - return []; - } - })(); - // Include both directories and symlinks-to-directories. - const discovered = entries - .filter((entry) => entry.isDirectory() || entry.isSymbolicLink()) - .map((entry) => path.join(agentsRoot, entry.name, "agent")); - - // Deduplicate via realpath to handle symlinks and path normalization. - const seen = new Set(); - const result: string[] = []; - for (const dir of [normalized, ...discovered]) { - const real = safeRealpathSync(dir); - if (real && !seen.has(real)) { - seen.add(real); - result.push(real); - } - } - return result; -} - -export async function writeOAuthCredentials( - provider: string, - creds: OAuthCredentials, - agentDir?: string, - options?: WriteOAuthCredentialsOptions, -): Promise { - const email = - typeof creds.email === "string" && creds.email.trim() ? creds.email.trim() : "default"; - const profileId = `${provider}:${email}`; - const resolvedAgentDir = path.resolve(resolveAuthAgentDir(agentDir)); - const targetAgentDirs = options?.syncSiblingAgents - ? resolveSiblingAgentDirs(resolvedAgentDir) - : [resolvedAgentDir]; - - const credential = { - type: "oauth" as const, - provider, - ...creds, - }; - - // Primary write must succeed — let it throw on failure. - upsertAuthProfile({ - profileId, - credential, - agentDir: resolvedAgentDir, - }); - - // Sibling sync is best-effort — log and ignore individual failures. - if (options?.syncSiblingAgents) { - const primaryReal = safeRealpathSync(resolvedAgentDir); - for (const targetAgentDir of targetAgentDirs) { - const targetReal = safeRealpathSync(targetAgentDir); - if (targetReal && primaryReal && targetReal === primaryReal) { - continue; - } - try { - upsertAuthProfile({ - profileId, - credential, - agentDir: targetAgentDir, - }); - } catch { - // Best-effort: sibling sync failure must not block primary setup. - } - } - } - return profileId; -} - export async function setAnthropicApiKey( key: SecretInput, agentDir?: string, options?: ApiKeyStorageOptions, ) { - // Write to resolved agent dir so gateway finds credentials on startup. upsertAuthProfile({ profileId: "anthropic:default", credential: buildApiKeyCredential("anthropic", key, undefined, options), @@ -234,7 +48,6 @@ export async function setGeminiApiKey( agentDir?: string, options?: ApiKeyStorageOptions, ) { - // Write to resolved agent dir so gateway finds credentials on startup. upsertAuthProfile({ profileId: "google:default", credential: buildApiKeyCredential("google", key, undefined, options), @@ -249,7 +62,6 @@ export async function setMinimaxApiKey( options?: ApiKeyStorageOptions, ) { const provider = profileId.split(":")[0] ?? "minimax"; - // Write to resolved agent dir so gateway finds credentials on startup. upsertAuthProfile({ profileId, credential: buildApiKeyCredential(provider, key, undefined, options), @@ -262,7 +74,6 @@ export async function setMoonshotApiKey( agentDir?: string, options?: ApiKeyStorageOptions, ) { - // Write to resolved agent dir so gateway finds credentials on startup. upsertAuthProfile({ profileId: "moonshot:default", credential: buildApiKeyCredential("moonshot", key, undefined, options), @@ -275,10 +86,9 @@ export async function setKimiCodingApiKey( agentDir?: string, options?: ApiKeyStorageOptions, ) { - // Write to resolved agent dir so gateway finds credentials on startup. upsertAuthProfile({ - profileId: "kimi-coding:default", - credential: buildApiKeyCredential("kimi-coding", key, undefined, options), + profileId: "kimi:default", + credential: buildApiKeyCredential("kimi", key, undefined, options), agentDir: resolveAuthAgentDir(agentDir), }); } @@ -312,7 +122,6 @@ export async function setSyntheticApiKey( agentDir?: string, options?: ApiKeyStorageOptions, ) { - // Write to resolved agent dir so gateway finds credentials on startup. upsertAuthProfile({ profileId: "synthetic:default", credential: buildApiKeyCredential("synthetic", key, undefined, options), @@ -325,7 +134,6 @@ export async function setVeniceApiKey( agentDir?: string, options?: ApiKeyStorageOptions, ) { - // Write to resolved agent dir so gateway finds credentials on startup. upsertAuthProfile({ profileId: "venice:default", credential: buildApiKeyCredential("venice", key, undefined, options), @@ -346,7 +154,6 @@ export async function setZaiApiKey( agentDir?: string, options?: ApiKeyStorageOptions, ) { - // Write to resolved agent dir so gateway finds credentials on startup. upsertAuthProfile({ profileId: "zai:default", credential: buildApiKeyCredential("zai", key, undefined, options), @@ -371,7 +178,6 @@ export async function setOpenrouterApiKey( agentDir?: string, options?: ApiKeyStorageOptions, ) { - // Never persist the literal "undefined" (e.g. when prompt returns undefined and caller used String(key)). const safeKey = typeof key === "string" && key === "undefined" ? "" : key; upsertAuthProfile({ profileId: "openrouter:default", @@ -449,12 +255,11 @@ async function setSharedOpencodeApiKey( agentDir?: string, options?: ApiKeyStorageOptions, ) { - const resolvedAgentDir = resolveAuthAgentDir(agentDir); for (const provider of ["opencode", "opencode-go"] as const) { upsertAuthProfile({ profileId: `${provider}:default`, credential: buildApiKeyCredential(provider, key, undefined, options), - agentDir: resolvedAgentDir, + agentDir: resolveAuthAgentDir(agentDir), }); } } diff --git a/src/plugins/provider-auth-token.ts b/src/plugins/provider-auth-token.ts new file mode 100644 index 00000000000..d003c2aa1b7 --- /dev/null +++ b/src/plugins/provider-auth-token.ts @@ -0,0 +1,38 @@ +import { normalizeProviderId } from "../agents/model-selection.js"; + +export const ANTHROPIC_SETUP_TOKEN_PREFIX = "sk-ant-oat01-"; +export const ANTHROPIC_SETUP_TOKEN_MIN_LENGTH = 80; +export const DEFAULT_TOKEN_PROFILE_NAME = "default"; + +export function normalizeTokenProfileName(raw: string): string { + const trimmed = raw.trim(); + if (!trimmed) { + return DEFAULT_TOKEN_PROFILE_NAME; + } + const slug = trimmed + .toLowerCase() + .replace(/[^a-z0-9._-]+/g, "-") + .replace(/-+/g, "-") + .replace(/^-+|-+$/g, ""); + return slug || DEFAULT_TOKEN_PROFILE_NAME; +} + +export function buildTokenProfileId(params: { provider: string; name: string }): string { + const provider = normalizeProviderId(params.provider); + const name = normalizeTokenProfileName(params.name); + return `${provider}:${name}`; +} + +export function validateAnthropicSetupToken(raw: string): string | undefined { + const trimmed = raw.trim(); + if (!trimmed) { + return "Required"; + } + if (!trimmed.startsWith(ANTHROPIC_SETUP_TOKEN_PREFIX)) { + return `Expected token starting with ${ANTHROPIC_SETUP_TOKEN_PREFIX}`; + } + if (trimmed.length < ANTHROPIC_SETUP_TOKEN_MIN_LENGTH) { + return "Token looks too short; paste the full setup-token"; + } + return undefined; +} diff --git a/src/plugins/provider-auth-types.ts b/src/plugins/provider-auth-types.ts new file mode 100644 index 00000000000..c26ba4778d8 --- /dev/null +++ b/src/plugins/provider-auth-types.ts @@ -0,0 +1 @@ +export type SecretInputMode = "plaintext" | "ref"; // pragma: allowlist secret diff --git a/src/plugins/provider-catalog-metadata.ts b/src/plugins/provider-catalog-metadata.ts index 123fef24289..5714861b219 100644 --- a/src/plugins/provider-catalog-metadata.ts +++ b/src/plugins/provider-catalog-metadata.ts @@ -1,4 +1,5 @@ import { normalizeProviderId } from "../agents/provider-id.js"; +import { findCatalogTemplate } from "./provider-catalog.js"; import type { ProviderAugmentModelCatalogContext, ProviderBuiltInModelSuppressionContext, @@ -9,22 +10,6 @@ const OPENAI_CODEX_PROVIDER_ID = "openai-codex"; const OPENAI_DIRECT_SPARK_MODEL_ID = "gpt-5.3-codex-spark"; const SUPPRESSED_SPARK_PROVIDERS = new Set(["openai", "azure-openai-responses"]); -function findCatalogTemplate(params: { - entries: ReadonlyArray<{ provider: string; id: string }>; - providerId: string; - templateIds: readonly string[]; -}) { - return params.templateIds - .map((templateId) => - params.entries.find( - (entry) => - entry.provider.toLowerCase() === params.providerId.toLowerCase() && - entry.id.toLowerCase() === templateId.toLowerCase(), - ), - ) - .find((entry) => entry !== undefined); -} - export function resolveBundledProviderBuiltInModelSuppression( context: ProviderBuiltInModelSuppressionContext, ) { diff --git a/src/plugins/provider-catalog.test.ts b/src/plugins/provider-catalog.test.ts new file mode 100644 index 00000000000..e7dcf201226 --- /dev/null +++ b/src/plugins/provider-catalog.test.ts @@ -0,0 +1,140 @@ +import { describe, expect, it } from "vitest"; +import type { OpenClawConfig } from "../config/config.js"; +import type { ModelProviderConfig } from "../config/types.models.js"; +import { + buildPairedProviderApiKeyCatalog, + buildSingleProviderApiKeyCatalog, + findCatalogTemplate, +} from "./provider-catalog.js"; +import type { ProviderCatalogContext } from "./types.js"; + +function createProviderConfig(overrides: Partial = {}): ModelProviderConfig { + return { + api: "openai-completions", + baseUrl: "https://default.example/v1", + models: [], + ...overrides, + }; +} + +function createCatalogContext(params: { + config?: OpenClawConfig; + apiKeys?: Record; +}): ProviderCatalogContext { + return { + config: params.config ?? {}, + env: {}, + resolveProviderApiKey: (providerId) => ({ + apiKey: providerId ? params.apiKeys?.[providerId] : undefined, + }), + resolveProviderAuth: (providerId) => ({ + apiKey: providerId ? params.apiKeys?.[providerId] : undefined, + mode: providerId && params.apiKeys?.[providerId] ? "api_key" : "none", + source: providerId && params.apiKeys?.[providerId] ? "env" : "none", + }), + }; +} + +describe("buildSingleProviderApiKeyCatalog", () => { + it("matches provider templates case-insensitively", () => { + const result = findCatalogTemplate({ + entries: [ + { provider: "OpenAI", id: "gpt-5.2" }, + { provider: "other", id: "fallback" }, + ], + providerId: "openai", + templateIds: ["missing", "GPT-5.2"], + }); + + expect(result).toEqual({ provider: "OpenAI", id: "gpt-5.2" }); + }); + + it("returns null when api key is missing", async () => { + const result = await buildSingleProviderApiKeyCatalog({ + ctx: createCatalogContext({}), + providerId: "test-provider", + buildProvider: () => createProviderConfig(), + }); + + expect(result).toBeNull(); + }); + + it("adds api key to the built provider", async () => { + const result = await buildSingleProviderApiKeyCatalog({ + ctx: createCatalogContext({ + apiKeys: { "test-provider": "secret-key" }, + }), + providerId: "test-provider", + buildProvider: async () => createProviderConfig(), + }); + + expect(result).toEqual({ + provider: { + api: "openai-completions", + baseUrl: "https://default.example/v1", + models: [], + apiKey: "secret-key", + }, + }); + }); + + it("prefers explicit base url when allowed", async () => { + const result = await buildSingleProviderApiKeyCatalog({ + ctx: createCatalogContext({ + apiKeys: { "test-provider": "secret-key" }, + config: { + models: { + providers: { + "test-provider": { + baseUrl: " https://override.example/v1/ ", + models: [], + }, + }, + }, + }, + }), + providerId: "test-provider", + buildProvider: () => createProviderConfig(), + allowExplicitBaseUrl: true, + }); + + expect(result).toEqual({ + provider: { + api: "openai-completions", + baseUrl: "https://override.example/v1/", + models: [], + apiKey: "secret-key", + }, + }); + }); + + it("adds api key to each paired provider", async () => { + const result = await buildPairedProviderApiKeyCatalog({ + ctx: createCatalogContext({ + apiKeys: { "test-provider": "secret-key" }, + }), + providerId: "test-provider", + buildProviders: async () => ({ + alpha: createProviderConfig(), + beta: createProviderConfig(), + }), + }); + + expect(result).toEqual({ + providers: { + alpha: { + api: "openai-completions", + baseUrl: "https://default.example/v1", + models: [], + apiKey: "secret-key", + }, + beta: { + api: "openai-completions", + baseUrl: "https://default.example/v1", + models: [], + apiKey: "secret-key", + }, + }, + }); + }); +}); diff --git a/src/plugins/provider-catalog.ts b/src/plugins/provider-catalog.ts new file mode 100644 index 00000000000..1d357887c03 --- /dev/null +++ b/src/plugins/provider-catalog.ts @@ -0,0 +1,64 @@ +import type { ModelProviderConfig } from "../config/types.js"; +import type { ProviderCatalogContext, ProviderCatalogResult } from "./types.js"; + +export function findCatalogTemplate(params: { + entries: ReadonlyArray<{ provider: string; id: string }>; + providerId: string; + templateIds: readonly string[]; +}) { + return params.templateIds + .map((templateId) => + params.entries.find( + (entry) => + entry.provider.toLowerCase() === params.providerId.toLowerCase() && + entry.id.toLowerCase() === templateId.toLowerCase(), + ), + ) + .find((entry) => entry !== undefined); +} + +export async function buildSingleProviderApiKeyCatalog(params: { + ctx: ProviderCatalogContext; + providerId: string; + buildProvider: () => ModelProviderConfig | Promise; + allowExplicitBaseUrl?: boolean; +}): Promise { + const apiKey = params.ctx.resolveProviderApiKey(params.providerId).apiKey; + if (!apiKey) { + return null; + } + + const explicitProvider = params.allowExplicitBaseUrl + ? params.ctx.config.models?.providers?.[params.providerId] + : undefined; + const explicitBaseUrl = + typeof explicitProvider?.baseUrl === "string" ? explicitProvider.baseUrl.trim() : ""; + + return { + provider: { + ...(await params.buildProvider()), + ...(explicitBaseUrl ? { baseUrl: explicitBaseUrl } : {}), + apiKey, + }, + }; +} + +export async function buildPairedProviderApiKeyCatalog(params: { + ctx: ProviderCatalogContext; + providerId: string; + buildProviders: () => + | Record + | Promise>; +}): Promise { + const apiKey = params.ctx.resolveProviderApiKey(params.providerId).apiKey; + if (!apiKey) { + return null; + } + + const providers = await params.buildProviders(); + return { + providers: Object.fromEntries( + Object.entries(providers).map(([id, provider]) => [id, { ...provider, apiKey }]), + ), + }; +} diff --git a/src/plugins/provider-discovery.test.ts b/src/plugins/provider-discovery.test.ts index 4952961062b..30efba6081b 100644 --- a/src/plugins/provider-discovery.test.ts +++ b/src/plugins/provider-discovery.test.ts @@ -120,6 +120,12 @@ describe("runProviderCatalog", () => { config: {}, env: {}, resolveProviderApiKey: () => ({ apiKey: undefined }), + resolveProviderAuth: () => ({ + apiKey: undefined, + discoveryApiKey: undefined, + mode: "none", + source: "none", + }), }); expect(result).toEqual({ diff --git a/src/plugins/provider-discovery.ts b/src/plugins/provider-discovery.ts index e249bf6e45a..b3816e2faf1 100644 --- a/src/plugins/provider-discovery.ts +++ b/src/plugins/provider-discovery.ts @@ -81,6 +81,16 @@ export function runProviderCatalog(params: { apiKey: string | undefined; discoveryApiKey?: string; }; + resolveProviderAuth: ( + providerId?: string, + options?: { oauthMarker?: string }, + ) => { + apiKey: string | undefined; + discoveryApiKey?: string; + mode: "api_key" | "oauth" | "token" | "none"; + source: "env" | "profile" | "none"; + profileId?: string; + }; }) { return resolveProviderCatalogHook(params.provider)?.run({ config: params.config, @@ -88,5 +98,6 @@ export function runProviderCatalog(params: { workspaceDir: params.workspaceDir, env: params.env, resolveProviderApiKey: params.resolveProviderApiKey, + resolveProviderAuth: params.resolveProviderAuth, }); } diff --git a/src/plugins/provider-model-allowlist.ts b/src/plugins/provider-model-allowlist.ts new file mode 100644 index 00000000000..bc6dfc5308d --- /dev/null +++ b/src/plugins/provider-model-allowlist.ts @@ -0,0 +1,41 @@ +import { DEFAULT_PROVIDER } from "../agents/defaults.js"; +import { resolveAllowlistModelKey } from "../agents/model-selection.js"; +import type { OpenClawConfig } from "../config/config.js"; + +export function ensureModelAllowlistEntry(params: { + cfg: OpenClawConfig; + modelRef: string; + defaultProvider?: string; +}): OpenClawConfig { + const rawModelRef = params.modelRef.trim(); + if (!rawModelRef) { + return params.cfg; + } + + const models = { ...params.cfg.agents?.defaults?.models }; + const keySet = new Set([rawModelRef]); + const canonicalKey = resolveAllowlistModelKey( + rawModelRef, + params.defaultProvider ?? DEFAULT_PROVIDER, + ); + if (canonicalKey) { + keySet.add(canonicalKey); + } + + for (const key of keySet) { + models[key] = { + ...models[key], + }; + } + + return { + ...params.cfg, + agents: { + ...params.cfg.agents, + defaults: { + ...params.cfg.agents?.defaults, + models, + }, + }, + }; +} diff --git a/src/plugins/provider-model-defaults.ts b/src/plugins/provider-model-defaults.ts new file mode 100644 index 00000000000..60a18c1a759 --- /dev/null +++ b/src/plugins/provider-model-defaults.ts @@ -0,0 +1,81 @@ +import type { OpenClawConfig } from "../config/config.js"; +import { ensureModelAllowlistEntry } from "./provider-model-allowlist.js"; +import { applyAgentDefaultPrimaryModel } from "./provider-model-primary.js"; + +export const GOOGLE_GEMINI_DEFAULT_MODEL = "google/gemini-3.1-pro-preview"; +export const OPENAI_DEFAULT_MODEL = "openai/gpt-5.1-codex"; +export const OPENCODE_GO_DEFAULT_MODEL_REF = "opencode-go/kimi-k2.5"; +export const OPENCODE_ZEN_DEFAULT_MODEL = "opencode/claude-opus-4-6"; + +const LEGACY_OPENCODE_ZEN_DEFAULT_MODELS = new Set([ + "opencode/claude-opus-4-5", + "opencode-zen/claude-opus-4-5", +]); + +export function applyGoogleGeminiModelDefault(cfg: OpenClawConfig): { + next: OpenClawConfig; + changed: boolean; +} { + return applyAgentDefaultPrimaryModel({ cfg, model: GOOGLE_GEMINI_DEFAULT_MODEL }); +} + +export function applyOpenAIProviderConfig(cfg: OpenClawConfig): OpenClawConfig { + const next = ensureModelAllowlistEntry({ + cfg, + modelRef: OPENAI_DEFAULT_MODEL, + }); + const models = { ...next.agents?.defaults?.models }; + models[OPENAI_DEFAULT_MODEL] = { + ...models[OPENAI_DEFAULT_MODEL], + alias: models[OPENAI_DEFAULT_MODEL]?.alias ?? "GPT", + }; + + return { + ...next, + agents: { + ...next.agents, + defaults: { + ...next.agents?.defaults, + models, + }, + }, + }; +} + +export function applyOpenAIConfig(cfg: OpenClawConfig): OpenClawConfig { + const next = applyOpenAIProviderConfig(cfg); + return { + ...next, + agents: { + ...next.agents, + defaults: { + ...next.agents?.defaults, + model: + next.agents?.defaults?.model && typeof next.agents.defaults.model === "object" + ? { + ...next.agents.defaults.model, + primary: OPENAI_DEFAULT_MODEL, + } + : { primary: OPENAI_DEFAULT_MODEL }, + }, + }, + }; +} + +export function applyOpencodeGoModelDefault(cfg: OpenClawConfig): { + next: OpenClawConfig; + changed: boolean; +} { + return applyAgentDefaultPrimaryModel({ cfg, model: OPENCODE_GO_DEFAULT_MODEL_REF }); +} + +export function applyOpencodeZenModelDefault(cfg: OpenClawConfig): { + next: OpenClawConfig; + changed: boolean; +} { + return applyAgentDefaultPrimaryModel({ + cfg, + model: OPENCODE_ZEN_DEFAULT_MODEL, + legacyModels: LEGACY_OPENCODE_ZEN_DEFAULT_MODELS, + }); +} diff --git a/src/plugins/provider-model-definitions.ts b/src/plugins/provider-model-definitions.ts new file mode 100644 index 00000000000..5788d0ad2ca --- /dev/null +++ b/src/plugins/provider-model-definitions.ts @@ -0,0 +1,140 @@ +import { KIMI_CODING_MODEL_REF } from "../../extensions/kimi-coding/onboard.js"; +import { + KIMI_DEFAULT_MODEL_ID as KIMI_CODING_MODEL_ID, + KIMI_CODING_BASE_URL, +} from "../../extensions/kimi-coding/provider-catalog.js"; +import { + DEFAULT_MINIMAX_BASE_URL, + MINIMAX_API_BASE_URL, + MINIMAX_API_COST, + MINIMAX_CN_API_BASE_URL, + MINIMAX_HOSTED_COST, + MINIMAX_HOSTED_MODEL_ID, + MINIMAX_HOSTED_MODEL_REF, + MINIMAX_LM_STUDIO_COST, + buildMinimaxApiModelDefinition, + buildMinimaxModelDefinition, +} from "../../extensions/minimax/model-definitions.js"; +import { + buildMistralModelDefinition, + MISTRAL_BASE_URL, + MISTRAL_DEFAULT_COST, + MISTRAL_DEFAULT_MODEL_ID, + MISTRAL_DEFAULT_MODEL_REF, +} from "../../extensions/mistral/model-definitions.js"; +import { + MODELSTUDIO_CN_BASE_URL, + MODELSTUDIO_DEFAULT_COST, + MODELSTUDIO_DEFAULT_MODEL_ID, + MODELSTUDIO_DEFAULT_MODEL_REF, + MODELSTUDIO_GLOBAL_BASE_URL, + buildModelStudioDefaultModelDefinition, + buildModelStudioModelDefinition, +} from "../../extensions/modelstudio/model-definitions.js"; +import { + MOONSHOT_CN_BASE_URL, + MOONSHOT_DEFAULT_MODEL_REF, +} from "../../extensions/moonshot/onboard.js"; +import { + buildMoonshotProvider, + MOONSHOT_BASE_URL, + MOONSHOT_DEFAULT_MODEL_ID, +} from "../../extensions/moonshot/provider-catalog.js"; +import { QIANFAN_DEFAULT_MODEL_REF } from "../../extensions/qianfan/onboard.js"; +import { + QIANFAN_BASE_URL, + QIANFAN_DEFAULT_MODEL_ID, +} from "../../extensions/qianfan/provider-catalog.js"; +import { + XAI_BASE_URL, + XAI_DEFAULT_COST, + XAI_DEFAULT_MODEL_ID, + XAI_DEFAULT_MODEL_REF, + buildXaiModelDefinition, +} from "../../extensions/xai/model-definitions.js"; +import { + buildZaiModelDefinition, + resolveZaiBaseUrl, + ZAI_CN_BASE_URL, + ZAI_CODING_CN_BASE_URL, + ZAI_CODING_GLOBAL_BASE_URL, + ZAI_DEFAULT_COST, + ZAI_DEFAULT_MODEL_ID, + ZAI_GLOBAL_BASE_URL, +} from "../../extensions/zai/model-definitions.js"; +import type { ModelDefinitionConfig } from "../config/types.models.js"; +import { + KILOCODE_DEFAULT_CONTEXT_WINDOW, + KILOCODE_DEFAULT_COST, + KILOCODE_DEFAULT_MAX_TOKENS, + KILOCODE_DEFAULT_MODEL_ID, + KILOCODE_DEFAULT_MODEL_NAME, +} from "../providers/kilocode-shared.js"; + +export { + DEFAULT_MINIMAX_BASE_URL, + MINIMAX_API_BASE_URL, + MINIMAX_API_COST, + MINIMAX_CN_API_BASE_URL, + MINIMAX_HOSTED_COST, + MINIMAX_HOSTED_MODEL_ID, + MINIMAX_HOSTED_MODEL_REF, + MINIMAX_LM_STUDIO_COST, + MISTRAL_BASE_URL, + MISTRAL_DEFAULT_COST, + MISTRAL_DEFAULT_MODEL_ID, + MISTRAL_DEFAULT_MODEL_REF, + MODELSTUDIO_CN_BASE_URL, + MODELSTUDIO_DEFAULT_COST, + MODELSTUDIO_DEFAULT_MODEL_ID, + MODELSTUDIO_DEFAULT_MODEL_REF, + MODELSTUDIO_GLOBAL_BASE_URL, + MOONSHOT_BASE_URL, + MOONSHOT_CN_BASE_URL, + MOONSHOT_DEFAULT_MODEL_ID, + MOONSHOT_DEFAULT_MODEL_REF, + QIANFAN_BASE_URL, + QIANFAN_DEFAULT_MODEL_ID, + QIANFAN_DEFAULT_MODEL_REF, + XAI_BASE_URL, + XAI_DEFAULT_COST, + XAI_DEFAULT_MODEL_ID, + XAI_DEFAULT_MODEL_REF, + ZAI_CN_BASE_URL, + ZAI_CODING_CN_BASE_URL, + ZAI_CODING_GLOBAL_BASE_URL, + ZAI_DEFAULT_COST, + ZAI_DEFAULT_MODEL_ID, + ZAI_GLOBAL_BASE_URL, + KIMI_CODING_BASE_URL, + KIMI_CODING_MODEL_ID, + KIMI_CODING_MODEL_REF, + KILOCODE_DEFAULT_CONTEXT_WINDOW, + KILOCODE_DEFAULT_COST, + KILOCODE_DEFAULT_MAX_TOKENS, + KILOCODE_DEFAULT_MODEL_ID, + buildMinimaxApiModelDefinition, + buildMinimaxModelDefinition, + buildMistralModelDefinition, + buildModelStudioDefaultModelDefinition, + buildModelStudioModelDefinition, + buildXaiModelDefinition, + buildZaiModelDefinition, + resolveZaiBaseUrl, +}; + +export function buildMoonshotModelDefinition(): ModelDefinitionConfig { + return buildMoonshotProvider().models[0]; +} + +export function buildKilocodeModelDefinition(): ModelDefinitionConfig { + return { + id: KILOCODE_DEFAULT_MODEL_ID, + name: KILOCODE_DEFAULT_MODEL_NAME, + reasoning: true, + input: ["text", "image"], + cost: KILOCODE_DEFAULT_COST, + contextWindow: KILOCODE_DEFAULT_CONTEXT_WINDOW, + maxTokens: KILOCODE_DEFAULT_MAX_TOKENS, + }; +} diff --git a/src/plugins/provider-model-helpers.test.ts b/src/plugins/provider-model-helpers.test.ts new file mode 100644 index 00000000000..905195775fe --- /dev/null +++ b/src/plugins/provider-model-helpers.test.ts @@ -0,0 +1,56 @@ +import type { ModelRegistry } from "@mariozechner/pi-coding-agent"; +import { describe, expect, it } from "vitest"; +import { cloneFirstTemplateModel } from "./provider-model-helpers.js"; +import type { ProviderResolveDynamicModelContext, ProviderRuntimeModel } from "./types.js"; + +function createContext(models: ProviderRuntimeModel[]): ProviderResolveDynamicModelContext { + return { + provider: "test-provider", + modelId: "next-model", + modelRegistry: { + find(providerId: string, modelId: string) { + return ( + models.find((model) => model.provider === providerId && model.id === modelId) ?? null + ); + }, + } as ModelRegistry, + }; +} + +describe("cloneFirstTemplateModel", () => { + it("clones the first matching template and applies patches", () => { + const model = cloneFirstTemplateModel({ + providerId: "test-provider", + modelId: " next-model ", + templateIds: ["missing", "template-a", "template-b"], + ctx: createContext([ + { + id: "template-a", + name: "Template A", + provider: "test-provider", + api: "openai-completions", + } as ProviderRuntimeModel, + ]), + patch: { reasoning: true }, + }); + + expect(model).toMatchObject({ + id: "next-model", + name: "next-model", + provider: "test-provider", + api: "openai-completions", + reasoning: true, + }); + }); + + it("returns undefined when no template exists", () => { + const model = cloneFirstTemplateModel({ + providerId: "test-provider", + modelId: "next-model", + templateIds: ["missing"], + ctx: createContext([]), + }); + + expect(model).toBeUndefined(); + }); +}); diff --git a/src/plugins/provider-model-helpers.ts b/src/plugins/provider-model-helpers.ts new file mode 100644 index 00000000000..8ffd8d18be7 --- /dev/null +++ b/src/plugins/provider-model-helpers.ts @@ -0,0 +1,28 @@ +import { normalizeModelCompat } from "../agents/model-compat.js"; +import type { ProviderResolveDynamicModelContext, ProviderRuntimeModel } from "./types.js"; + +export function cloneFirstTemplateModel(params: { + providerId: string; + modelId: string; + templateIds: readonly string[]; + ctx: ProviderResolveDynamicModelContext; + patch?: Partial; +}): ProviderRuntimeModel | undefined { + const trimmedModelId = params.modelId.trim(); + for (const templateId of [...new Set(params.templateIds)].filter(Boolean)) { + const template = params.ctx.modelRegistry.find( + params.providerId, + templateId, + ) as ProviderRuntimeModel | null; + if (!template) { + continue; + } + return normalizeModelCompat({ + ...template, + id: trimmedModelId, + name: trimmedModelId, + ...params.patch, + } as ProviderRuntimeModel); + } + return undefined; +} diff --git a/src/plugins/provider-model-primary.ts b/src/plugins/provider-model-primary.ts new file mode 100644 index 00000000000..bf4bd8a2fe7 --- /dev/null +++ b/src/plugins/provider-model-primary.ts @@ -0,0 +1,72 @@ +import type { OpenClawConfig } from "../config/config.js"; +import type { AgentModelListConfig } from "../config/types.js"; + +export function resolvePrimaryModel(model?: AgentModelListConfig | string): string | undefined { + if (typeof model === "string") { + return model; + } + if (model && typeof model === "object" && typeof model.primary === "string") { + return model.primary; + } + return undefined; +} + +export function applyAgentDefaultPrimaryModel(params: { + cfg: OpenClawConfig; + model: string; + legacyModels?: Set; +}): { next: OpenClawConfig; changed: boolean } { + const current = resolvePrimaryModel(params.cfg.agents?.defaults?.model)?.trim(); + const normalizedCurrent = current && params.legacyModels?.has(current) ? params.model : current; + if (normalizedCurrent === params.model) { + return { next: params.cfg, changed: false }; + } + + return { + next: { + ...params.cfg, + agents: { + ...params.cfg.agents, + defaults: { + ...params.cfg.agents?.defaults, + model: + params.cfg.agents?.defaults?.model && + typeof params.cfg.agents.defaults.model === "object" + ? { + ...params.cfg.agents.defaults.model, + primary: params.model, + } + : { primary: params.model }, + }, + }, + }, + changed: true, + }; +} + +export function applyPrimaryModel(cfg: OpenClawConfig, model: string): OpenClawConfig { + const defaults = cfg.agents?.defaults; + const existingModel = defaults?.model; + const existingModels = defaults?.models; + const fallbacks = + typeof existingModel === "object" && existingModel !== null && "fallbacks" in existingModel + ? (existingModel as { fallbacks?: string[] }).fallbacks + : undefined; + return { + ...cfg, + agents: { + ...cfg.agents, + defaults: { + ...defaults, + model: { + ...(fallbacks ? { fallbacks } : undefined), + primary: model, + }, + models: { + ...existingModels, + [model]: existingModels?.[model] ?? {}, + }, + }, + }, + }; +} diff --git a/src/plugins/provider-oauth-flow.ts b/src/plugins/provider-oauth-flow.ts new file mode 100644 index 00000000000..e2ae6717c60 --- /dev/null +++ b/src/plugins/provider-oauth-flow.ts @@ -0,0 +1,53 @@ +import type { RuntimeEnv } from "../runtime.js"; +import type { WizardPrompter } from "../wizard/prompts.js"; + +export type OAuthPrompt = { message: string; placeholder?: string }; + +const validateRequiredInput = (value: string) => (value.trim().length > 0 ? undefined : "Required"); + +export function createVpsAwareOAuthHandlers(params: { + isRemote: boolean; + prompter: WizardPrompter; + runtime: RuntimeEnv; + spin: ReturnType; + openUrl: (url: string) => Promise; + localBrowserMessage: string; + manualPromptMessage?: string; +}): { + onAuth: (event: { url: string }) => Promise; + onPrompt: (prompt: OAuthPrompt) => Promise; +} { + const manualPromptMessage = params.manualPromptMessage ?? "Paste the redirect URL"; + let manualCodePromise: Promise | undefined; + + return { + onAuth: async ({ url }) => { + if (params.isRemote) { + params.spin.stop("OAuth URL ready"); + params.runtime.log(`\nOpen this URL in your LOCAL browser:\n\n${url}\n`); + manualCodePromise = params.prompter + .text({ + message: manualPromptMessage, + validate: validateRequiredInput, + }) + .then((value) => String(value)); + return; + } + + params.spin.update(params.localBrowserMessage); + await params.openUrl(url); + params.runtime.log(`Open: ${url}`); + }, + onPrompt: async (prompt) => { + if (manualCodePromise) { + return manualCodePromise; + } + const code = await params.prompter.text({ + message: prompt.message, + placeholder: prompt.placeholder, + validate: validateRequiredInput, + }); + return String(code); + }, + }; +} diff --git a/src/plugins/provider-ollama-setup.ts b/src/plugins/provider-ollama-setup.ts new file mode 100644 index 00000000000..ac3fd5d1fc7 --- /dev/null +++ b/src/plugins/provider-ollama-setup.ts @@ -0,0 +1,535 @@ +import { upsertAuthProfileWithLock } from "../agents/auth-profiles/upsert-with-lock.js"; +import { OLLAMA_DEFAULT_BASE_URL } from "../agents/ollama-defaults.js"; +import { + buildOllamaModelDefinition, + enrichOllamaModelsWithContext, + fetchOllamaModels, + resolveOllamaApiBase, + type OllamaModelWithContext, +} from "../agents/ollama-models.js"; +import type { OpenClawConfig } from "../config/config.js"; +import type { RuntimeEnv } from "../runtime.js"; +import { WizardCancelledError, type WizardPrompter } from "../wizard/prompts.js"; +import { applyAgentDefaultModelPrimary } from "./provider-onboarding-config.js"; +import { isRemoteEnvironment, openUrl } from "./setup-browser.js"; +import type { ProviderAuthOptionBag } from "./types.js"; + +export { OLLAMA_DEFAULT_BASE_URL } from "../agents/ollama-defaults.js"; +export const OLLAMA_DEFAULT_MODEL = "glm-4.7-flash"; + +const OLLAMA_SUGGESTED_MODELS_LOCAL = ["glm-4.7-flash"]; +const OLLAMA_SUGGESTED_MODELS_CLOUD = ["kimi-k2.5:cloud", "minimax-m2.5:cloud", "glm-5:cloud"]; +type OllamaMode = "remote" | "local"; +type OllamaSetupOptions = ProviderAuthOptionBag & { + customBaseUrl?: string; + customModelId?: string; +}; + +function normalizeOllamaModelName(value: string | undefined): string | undefined { + const trimmed = value?.trim(); + if (!trimmed) { + return undefined; + } + if (trimmed.toLowerCase().startsWith("ollama/")) { + const withoutPrefix = trimmed.slice("ollama/".length).trim(); + return withoutPrefix || undefined; + } + return trimmed; +} + +function isOllamaCloudModel(modelName: string | undefined): boolean { + return Boolean(modelName?.trim().toLowerCase().endsWith(":cloud")); +} + +function formatOllamaPullStatus(status: string): { text: string; hidePercent: boolean } { + const trimmed = status.trim(); + const partStatusMatch = trimmed.match(/^([a-z-]+)\s+(?:sha256:)?[a-f0-9]{8,}$/i); + if (partStatusMatch) { + return { text: `${partStatusMatch[1]} part`, hidePercent: false }; + } + if (/^verifying\b.*\bdigest\b/i.test(trimmed)) { + return { text: "verifying digest", hidePercent: true }; + } + return { text: trimmed, hidePercent: false }; +} + +type OllamaCloudAuthResult = { + signedIn: boolean; + signinUrl?: string; +}; + +/** Check if the user is signed in to Ollama cloud via /api/me. */ +async function checkOllamaCloudAuth(baseUrl: string): Promise { + try { + const apiBase = resolveOllamaApiBase(baseUrl); + const response = await fetch(`${apiBase}/api/me`, { + method: "POST", + signal: AbortSignal.timeout(5000), + }); + if (response.status === 401) { + // 401 body contains { error, signin_url } + const data = (await response.json()) as { signin_url?: string }; + return { signedIn: false, signinUrl: data.signin_url }; + } + if (!response.ok) { + return { signedIn: false }; + } + return { signedIn: true }; + } catch { + // /api/me not supported or unreachable — fail closed so cloud mode + // doesn't silently skip auth; the caller handles the fallback. + return { signedIn: false }; + } +} + +type OllamaPullChunk = { + status?: string; + total?: number; + completed?: number; + error?: string; +}; + +type OllamaPullFailureKind = "http" | "no-body" | "chunk-error" | "network"; +type OllamaPullResult = + | { ok: true } + | { + ok: false; + kind: OllamaPullFailureKind; + message: string; + }; + +async function pullOllamaModelCore(params: { + baseUrl: string; + modelName: string; + onStatus?: (status: string, percent: number | null) => void; +}): Promise { + const { onStatus } = params; + const baseUrl = resolveOllamaApiBase(params.baseUrl); + const modelName = normalizeOllamaModelName(params.modelName) ?? params.modelName.trim(); + try { + const response = await fetch(`${baseUrl}/api/pull`, { + method: "POST", + headers: { "Content-Type": "application/json" }, + body: JSON.stringify({ name: modelName }), + }); + if (!response.ok) { + return { + ok: false, + kind: "http", + message: `Failed to download ${modelName} (HTTP ${response.status})`, + }; + } + if (!response.body) { + return { + ok: false, + kind: "no-body", + message: `Failed to download ${modelName} (no response body)`, + }; + } + + const reader = response.body.getReader(); + const decoder = new TextDecoder(); + let buffer = ""; + const layers = new Map(); + + const parseLine = (line: string): OllamaPullResult => { + const trimmed = line.trim(); + if (!trimmed) { + return { ok: true }; + } + try { + const chunk = JSON.parse(trimmed) as OllamaPullChunk; + if (chunk.error) { + return { + ok: false, + kind: "chunk-error", + message: `Download failed: ${chunk.error}`, + }; + } + if (!chunk.status) { + return { ok: true }; + } + if (chunk.total && chunk.completed !== undefined) { + layers.set(chunk.status, { total: chunk.total, completed: chunk.completed }); + let totalSum = 0; + let completedSum = 0; + for (const layer of layers.values()) { + totalSum += layer.total; + completedSum += layer.completed; + } + const percent = totalSum > 0 ? Math.round((completedSum / totalSum) * 100) : null; + onStatus?.(chunk.status, percent); + } else { + onStatus?.(chunk.status, null); + } + } catch { + // Ignore malformed lines from streaming output. + } + return { ok: true }; + }; + + for (;;) { + const { done, value } = await reader.read(); + if (done) { + break; + } + buffer += decoder.decode(value, { stream: true }); + const lines = buffer.split("\n"); + buffer = lines.pop() ?? ""; + for (const line of lines) { + const parsed = parseLine(line); + if (!parsed.ok) { + return parsed; + } + } + } + + const trailing = buffer.trim(); + if (trailing) { + const parsed = parseLine(trailing); + if (!parsed.ok) { + return parsed; + } + } + + return { ok: true }; + } catch (err) { + const reason = err instanceof Error ? err.message : String(err); + return { + ok: false, + kind: "network", + message: `Failed to download ${modelName}: ${reason}`, + }; + } +} + +/** Pull a model from Ollama, streaming progress updates. */ +async function pullOllamaModel( + baseUrl: string, + modelName: string, + prompter: WizardPrompter, +): Promise { + const spinner = prompter.progress(`Downloading ${modelName}...`); + const result = await pullOllamaModelCore({ + baseUrl, + modelName, + onStatus: (status, percent) => { + const displayStatus = formatOllamaPullStatus(status); + if (displayStatus.hidePercent) { + spinner.update(`Downloading ${modelName} - ${displayStatus.text}`); + } else { + spinner.update(`Downloading ${modelName} - ${displayStatus.text} - ${percent ?? 0}%`); + } + }, + }); + if (!result.ok) { + spinner.stop(result.message); + return false; + } + spinner.stop(`Downloaded ${modelName}`); + return true; +} + +async function pullOllamaModelNonInteractive( + baseUrl: string, + modelName: string, + runtime: RuntimeEnv, +): Promise { + runtime.log(`Downloading ${modelName}...`); + const result = await pullOllamaModelCore({ baseUrl, modelName }); + if (!result.ok) { + runtime.error(result.message); + return false; + } + runtime.log(`Downloaded ${modelName}`); + return true; +} + +function buildOllamaModelsConfig( + modelNames: string[], + discoveredModelsByName?: Map, +) { + return modelNames.map((name) => + buildOllamaModelDefinition(name, discoveredModelsByName?.get(name)?.contextWindow), + ); +} + +function applyOllamaProviderConfig( + cfg: OpenClawConfig, + baseUrl: string, + modelNames: string[], + discoveredModelsByName?: Map, +): OpenClawConfig { + return { + ...cfg, + models: { + ...cfg.models, + mode: cfg.models?.mode ?? "merge", + providers: { + ...cfg.models?.providers, + ollama: { + baseUrl, + api: "ollama", + apiKey: "OLLAMA_API_KEY", // pragma: allowlist secret + models: buildOllamaModelsConfig(modelNames, discoveredModelsByName), + }, + }, + }, + }; +} + +async function storeOllamaCredential(agentDir?: string): Promise { + await upsertAuthProfileWithLock({ + profileId: "ollama:default", + credential: { type: "api_key", provider: "ollama", key: "ollama-local" }, + agentDir, + }); +} + +/** + * Interactive: prompt for base URL, discover models, configure provider. + * Model selection is handled by the standard model picker downstream. + */ +export async function promptAndConfigureOllama(params: { + cfg: OpenClawConfig; + prompter: WizardPrompter; +}): Promise<{ config: OpenClawConfig; defaultModelId: string }> { + const { prompter } = params; + + // 1. Prompt base URL + const baseUrlRaw = await prompter.text({ + message: "Ollama base URL", + initialValue: OLLAMA_DEFAULT_BASE_URL, + placeholder: OLLAMA_DEFAULT_BASE_URL, + validate: (value) => (value?.trim() ? undefined : "Required"), + }); + const configuredBaseUrl = String(baseUrlRaw ?? "") + .trim() + .replace(/\/+$/, ""); + const baseUrl = resolveOllamaApiBase(configuredBaseUrl); + + // 2. Check reachability + const { reachable, models } = await fetchOllamaModels(baseUrl); + + if (!reachable) { + await prompter.note( + [ + `Ollama could not be reached at ${baseUrl}.`, + "Download it at https://ollama.com/download", + "", + "Start Ollama and re-run setup.", + ].join("\n"), + "Ollama", + ); + throw new WizardCancelledError("Ollama not reachable"); + } + + const enrichedModels = await enrichOllamaModelsWithContext(baseUrl, models.slice(0, 50)); + const discoveredModelsByName = new Map(enrichedModels.map((model) => [model.name, model])); + const modelNames = models.map((m) => m.name); + + // 3. Mode selection + const mode = (await prompter.select({ + message: "Ollama mode", + options: [ + { value: "remote", label: "Cloud + Local", hint: "Ollama cloud models + local models" }, + { value: "local", label: "Local", hint: "Local models only" }, + ], + })) as OllamaMode; + + // 4. Cloud auth — check /api/me upfront for remote (cloud+local) mode + let cloudAuthVerified = false; + if (mode === "remote") { + const authResult = await checkOllamaCloudAuth(baseUrl); + if (!authResult.signedIn) { + if (authResult.signinUrl) { + if (!isRemoteEnvironment()) { + await openUrl(authResult.signinUrl); + } + await prompter.note( + ["Sign in to Ollama Cloud:", authResult.signinUrl].join("\n"), + "Ollama Cloud", + ); + const confirmed = await prompter.confirm({ + message: "Have you signed in?", + }); + if (!confirmed) { + throw new WizardCancelledError("Ollama cloud sign-in cancelled"); + } + // Re-check after user claims sign-in + const recheck = await checkOllamaCloudAuth(baseUrl); + if (!recheck.signedIn) { + throw new WizardCancelledError("Ollama cloud sign-in required"); + } + cloudAuthVerified = true; + } else { + // No signin URL available (older server, unreachable /api/me, or custom gateway). + await prompter.note( + [ + "Could not verify Ollama Cloud authentication.", + "Cloud models may not work until you sign in at https://ollama.com.", + ].join("\n"), + "Ollama Cloud", + ); + const continueAnyway = await prompter.confirm({ + message: "Continue without cloud auth?", + }); + if (!continueAnyway) { + throw new WizardCancelledError("Ollama cloud auth could not be verified"); + } + // Cloud auth unverified — fall back to local defaults so the model + // picker doesn't steer toward cloud models that may fail. + } + } else { + cloudAuthVerified = true; + } + } + + // 5. Model ordering — suggested models first. + // Use cloud defaults only when auth was actually verified; otherwise fall + // back to local defaults so the user isn't steered toward cloud models + // that may fail at runtime. + const suggestedModels = + mode === "local" || !cloudAuthVerified + ? OLLAMA_SUGGESTED_MODELS_LOCAL + : OLLAMA_SUGGESTED_MODELS_CLOUD; + const orderedModelNames = [ + ...suggestedModels, + ...modelNames.filter((name) => !suggestedModels.includes(name)), + ]; + + const defaultModelId = suggestedModels[0] ?? OLLAMA_DEFAULT_MODEL; + const config = applyOllamaProviderConfig( + params.cfg, + baseUrl, + orderedModelNames, + discoveredModelsByName, + ); + return { config, defaultModelId }; +} + +/** Non-interactive: auto-discover models and configure provider. */ +export async function configureOllamaNonInteractive(params: { + nextConfig: OpenClawConfig; + opts: OllamaSetupOptions; + runtime: RuntimeEnv; +}): Promise { + const { opts, runtime } = params; + const configuredBaseUrl = (opts.customBaseUrl?.trim() || OLLAMA_DEFAULT_BASE_URL).replace( + /\/+$/, + "", + ); + const baseUrl = resolveOllamaApiBase(configuredBaseUrl); + + const { reachable, models } = await fetchOllamaModels(baseUrl); + const explicitModel = normalizeOllamaModelName(opts.customModelId); + + if (!reachable) { + runtime.error( + [ + `Ollama could not be reached at ${baseUrl}.`, + "Download it at https://ollama.com/download", + ].join("\n"), + ); + runtime.exit(1); + return params.nextConfig; + } + + await storeOllamaCredential(); + + const enrichedModels = await enrichOllamaModelsWithContext(baseUrl, models.slice(0, 50)); + const discoveredModelsByName = new Map(enrichedModels.map((model) => [model.name, model])); + const modelNames = models.map((m) => m.name); + + // Apply local suggested model ordering. + const suggestedModels = OLLAMA_SUGGESTED_MODELS_LOCAL; + const orderedModelNames = [ + ...suggestedModels, + ...modelNames.filter((name) => !suggestedModels.includes(name)), + ]; + + const requestedDefaultModelId = explicitModel ?? suggestedModels[0]; + let pulledRequestedModel = false; + const availableModelNames = new Set(modelNames); + const requestedCloudModel = isOllamaCloudModel(requestedDefaultModelId); + + if (requestedCloudModel) { + availableModelNames.add(requestedDefaultModelId); + } + + // Pull if model not in discovered list and Ollama is reachable + if (!requestedCloudModel && !modelNames.includes(requestedDefaultModelId)) { + pulledRequestedModel = await pullOllamaModelNonInteractive( + baseUrl, + requestedDefaultModelId, + runtime, + ); + if (pulledRequestedModel) { + availableModelNames.add(requestedDefaultModelId); + } + } + + let allModelNames = orderedModelNames; + let defaultModelId = requestedDefaultModelId; + if ( + (pulledRequestedModel || requestedCloudModel) && + !allModelNames.includes(requestedDefaultModelId) + ) { + allModelNames = [...allModelNames, requestedDefaultModelId]; + } + if (!availableModelNames.has(requestedDefaultModelId)) { + if (availableModelNames.size > 0) { + const firstAvailableModel = + allModelNames.find((name) => availableModelNames.has(name)) ?? + Array.from(availableModelNames)[0]; + defaultModelId = firstAvailableModel; + runtime.log( + `Ollama model ${requestedDefaultModelId} was not available; using ${defaultModelId} instead.`, + ); + } else { + runtime.error( + [ + `No Ollama models are available at ${baseUrl}.`, + "Pull a model first, then re-run setup.", + ].join("\n"), + ); + runtime.exit(1); + return params.nextConfig; + } + } + + const config = applyOllamaProviderConfig( + params.nextConfig, + baseUrl, + allModelNames, + discoveredModelsByName, + ); + const modelRef = `ollama/${defaultModelId}`; + runtime.log(`Default Ollama model: ${defaultModelId}`); + return applyAgentDefaultModelPrimary(config, modelRef); +} + +/** Pull the configured default Ollama model if it isn't already available locally. */ +export async function ensureOllamaModelPulled(params: { + config: OpenClawConfig; + prompter: WizardPrompter; +}): Promise { + const modelCfg = params.config.agents?.defaults?.model; + const modelId = typeof modelCfg === "string" ? modelCfg : modelCfg?.primary; + if (!modelId?.startsWith("ollama/")) { + return; + } + const baseUrl = params.config.models?.providers?.ollama?.baseUrl ?? OLLAMA_DEFAULT_BASE_URL; + const modelName = modelId.slice("ollama/".length); + if (isOllamaCloudModel(modelName)) { + return; + } + const { models } = await fetchOllamaModels(baseUrl); + if (models.some((m) => m.name === modelName)) { + return; + } + const pulled = await pullOllamaModel(baseUrl, modelName, params.prompter); + if (!pulled) { + throw new WizardCancelledError("Failed to download selected Ollama model"); + } +} diff --git a/src/commands/onboard-auth.config-shared.ts b/src/plugins/provider-onboarding-config.ts similarity index 93% rename from src/commands/onboard-auth.config-shared.ts rename to src/plugins/provider-onboarding-config.ts index a417b19c36e..9e70eaac192 100644 --- a/src/commands/onboard-auth.config-shared.ts +++ b/src/plugins/provider-onboarding-config.ts @@ -1,3 +1,4 @@ +import { findNormalizedProviderKey } from "../agents/provider-id.js"; import type { OpenClawConfig } from "../config/config.js"; import type { AgentModelEntryConfig } from "../config/types.agent-defaults.js"; import type { @@ -159,10 +160,17 @@ function resolveProviderModelMergeState( providerId: string, ): ProviderModelMergeState { const providers = { ...cfg.models?.providers } as Record; - const existingProvider = providers[providerId] as ModelProviderConfig | undefined; + const existingProviderKey = findNormalizedProviderKey(providers, providerId); + const existingProvider = + existingProviderKey !== undefined + ? (providers[existingProviderKey] as ModelProviderConfig | undefined) + : undefined; const existingModels: ModelDefinitionConfig[] = Array.isArray(existingProvider?.models) ? existingProvider.models : []; + if (existingProviderKey && existingProviderKey !== providerId) { + delete providers[existingProviderKey]; + } return { providers, existingProvider, existingModels }; } diff --git a/src/plugins/provider-openai-codex-oauth-tls.ts b/src/plugins/provider-openai-codex-oauth-tls.ts new file mode 100644 index 00000000000..bf9e69b0519 --- /dev/null +++ b/src/plugins/provider-openai-codex-oauth-tls.ts @@ -0,0 +1,164 @@ +import path from "node:path"; +import { formatCliCommand } from "../cli/command-format.js"; +import type { OpenClawConfig } from "../config/config.js"; +import { note } from "../terminal/note.js"; + +const TLS_CERT_ERROR_CODES = new Set([ + "UNABLE_TO_GET_ISSUER_CERT_LOCALLY", + "UNABLE_TO_VERIFY_LEAF_SIGNATURE", + "CERT_HAS_EXPIRED", + "DEPTH_ZERO_SELF_SIGNED_CERT", + "SELF_SIGNED_CERT_IN_CHAIN", + "ERR_TLS_CERT_ALTNAME_INVALID", +]); + +const TLS_CERT_ERROR_PATTERNS = [ + /unable to get local issuer certificate/i, + /unable to verify the first certificate/i, + /self[- ]signed certificate/i, + /certificate has expired/i, +]; + +const OPENAI_AUTH_PROBE_URL = + "https://auth.openai.com/oauth/authorize?response_type=code&client_id=openclaw-preflight&redirect_uri=http%3A%2F%2Flocalhost%3A1455%2Fauth%2Fcallback&scope=openid+profile+email"; + +type PreflightFailureKind = "tls-cert" | "network"; + +export type OpenAIOAuthTlsPreflightResult = + | { ok: true } + | { + ok: false; + kind: PreflightFailureKind; + code?: string; + message: string; + }; + +function asRecord(value: unknown): Record | null { + return value && typeof value === "object" ? (value as Record) : null; +} + +function extractFailure(error: unknown): { + code?: string; + message: string; + kind: PreflightFailureKind; +} { + const root = asRecord(error); + const rootCause = asRecord(root?.cause); + const code = typeof rootCause?.code === "string" ? rootCause.code : undefined; + const message = + typeof rootCause?.message === "string" + ? rootCause.message + : typeof root?.message === "string" + ? root.message + : String(error); + const isTlsCertError = + (code ? TLS_CERT_ERROR_CODES.has(code) : false) || + TLS_CERT_ERROR_PATTERNS.some((pattern) => pattern.test(message)); + return { + code, + message, + kind: isTlsCertError ? "tls-cert" : "network", + }; +} + +function resolveHomebrewPrefixFromExecPath(execPath: string): string | null { + const marker = `${path.sep}Cellar${path.sep}`; + const idx = execPath.indexOf(marker); + if (idx > 0) { + return execPath.slice(0, idx); + } + const envPrefix = process.env.HOMEBREW_PREFIX?.trim(); + return envPrefix ? envPrefix : null; +} + +function resolveCertBundlePath(): string | null { + const prefix = resolveHomebrewPrefixFromExecPath(process.execPath); + if (!prefix) { + return null; + } + return path.join(prefix, "etc", "openssl@3", "cert.pem"); +} + +function hasOpenAICodexOAuthProfile(cfg: OpenClawConfig): boolean { + const profiles = cfg.auth?.profiles; + if (!profiles) { + return false; + } + return Object.values(profiles).some( + (profile) => profile.provider === "openai-codex" && profile.mode === "oauth", + ); +} + +function shouldRunOpenAIOAuthTlsPrerequisites(params: { + cfg: OpenClawConfig; + deep?: boolean; +}): boolean { + if (params.deep === true) { + return true; + } + return hasOpenAICodexOAuthProfile(params.cfg); +} + +export async function runOpenAIOAuthTlsPreflight(options?: { + timeoutMs?: number; + fetchImpl?: typeof fetch; +}): Promise { + const timeoutMs = options?.timeoutMs ?? 5000; + const fetchImpl = options?.fetchImpl ?? fetch; + try { + await fetchImpl(OPENAI_AUTH_PROBE_URL, { + method: "GET", + redirect: "manual", + signal: AbortSignal.timeout(timeoutMs), + }); + return { ok: true }; + } catch (error) { + const failure = extractFailure(error); + return { + ok: false, + kind: failure.kind, + code: failure.code, + message: failure.message, + }; + } +} + +export function formatOpenAIOAuthTlsPreflightFix( + result: Exclude, +): string { + if (result.kind !== "tls-cert") { + return [ + "OpenAI OAuth prerequisites check failed due to a network error before the browser flow.", + `Cause: ${result.message}`, + "Verify DNS/firewall/proxy access to auth.openai.com and retry.", + ].join("\n"); + } + const certBundlePath = resolveCertBundlePath(); + const lines = [ + "OpenAI OAuth prerequisites check failed: Node/OpenSSL cannot validate TLS certificates.", + `Cause: ${result.code ? `${result.code} (${result.message})` : result.message}`, + "", + "Fix (Homebrew Node/OpenSSL):", + `- ${formatCliCommand("brew postinstall ca-certificates")}`, + `- ${formatCliCommand("brew postinstall openssl@3")}`, + ]; + if (certBundlePath) { + lines.push(`- Verify cert bundle exists: ${certBundlePath}`); + } + lines.push("- Retry the OAuth login flow."); + return lines.join("\n"); +} + +export async function noteOpenAIOAuthTlsPrerequisites(params: { + cfg: OpenClawConfig; + deep?: boolean; +}): Promise { + if (!shouldRunOpenAIOAuthTlsPrerequisites(params)) { + return; + } + const result = await runOpenAIOAuthTlsPreflight({ timeoutMs: 4000 }); + if (result.ok || result.kind !== "tls-cert") { + return; + } + note(formatOpenAIOAuthTlsPreflightFix(result), "OAuth TLS prerequisites"); +} diff --git a/src/plugins/provider-openai-codex-oauth.ts b/src/plugins/provider-openai-codex-oauth.ts new file mode 100644 index 00000000000..6e16cf863f0 --- /dev/null +++ b/src/plugins/provider-openai-codex-oauth.ts @@ -0,0 +1,65 @@ +import { loginOpenAICodex, type OAuthCredentials } from "@mariozechner/pi-ai/oauth"; +import type { RuntimeEnv } from "../runtime.js"; +import type { WizardPrompter } from "../wizard/prompts.js"; +import { createVpsAwareOAuthHandlers } from "./provider-oauth-flow.js"; +import { + formatOpenAIOAuthTlsPreflightFix, + runOpenAIOAuthTlsPreflight, +} from "./provider-openai-codex-oauth-tls.js"; + +export async function loginOpenAICodexOAuth(params: { + prompter: WizardPrompter; + runtime: RuntimeEnv; + isRemote: boolean; + openUrl: (url: string) => Promise; + localBrowserMessage?: string; +}): Promise { + const { prompter, runtime, isRemote, openUrl, localBrowserMessage } = params; + const preflight = await runOpenAIOAuthTlsPreflight(); + if (!preflight.ok && preflight.kind === "tls-cert") { + const hint = formatOpenAIOAuthTlsPreflightFix(preflight); + runtime.error(hint); + await prompter.note(hint, "OAuth prerequisites"); + throw new Error(preflight.message); + } + + await prompter.note( + isRemote + ? [ + "You are running in a remote/VPS environment.", + "A URL will be shown for you to open in your LOCAL browser.", + "After signing in, paste the redirect URL back here.", + ].join("\n") + : [ + "Browser will open for OpenAI authentication.", + "If the callback doesn't auto-complete, paste the redirect URL.", + "OpenAI OAuth uses localhost:1455 for the callback.", + ].join("\n"), + "OpenAI Codex OAuth", + ); + + const spin = prompter.progress("Starting OAuth flow…"); + try { + const { onAuth: baseOnAuth, onPrompt } = createVpsAwareOAuthHandlers({ + isRemote, + prompter, + runtime, + spin, + openUrl, + localBrowserMessage: localBrowserMessage ?? "Complete sign-in in browser…", + }); + + const creds = await loginOpenAICodex({ + onAuth: baseOnAuth, + onPrompt, + onProgress: (msg: string) => spin.update(msg), + }); + spin.stop("OpenAI OAuth complete"); + return creds ?? null; + } catch (err) { + spin.stop("OpenAI OAuth failed"); + runtime.error(String(err)); + await prompter.note("Trouble with OAuth? See https://docs.openclaw.ai/start/faq", "OAuth help"); + throw err; + } +} diff --git a/src/plugins/provider-runtime.test-support.ts b/src/plugins/provider-runtime.test-support.ts new file mode 100644 index 00000000000..818ad364cbd --- /dev/null +++ b/src/plugins/provider-runtime.test-support.ts @@ -0,0 +1,87 @@ +import { expect } from "vitest"; + +export const openaiCodexCatalogEntries = [ + { provider: "openai", id: "gpt-5.2", name: "GPT-5.2" }, + { provider: "openai", id: "gpt-5.2-pro", name: "GPT-5.2 Pro" }, + { provider: "openai-codex", id: "gpt-5.3-codex", name: "GPT-5.3 Codex" }, +]; + +export const expectedAugmentedOpenaiCodexCatalogEntries = [ + { provider: "openai", id: "gpt-5.4", name: "gpt-5.4" }, + { provider: "openai", id: "gpt-5.4-pro", name: "gpt-5.4-pro" }, + { provider: "openai-codex", id: "gpt-5.4", name: "gpt-5.4" }, + { + provider: "openai-codex", + id: "gpt-5.3-codex-spark", + name: "gpt-5.3-codex-spark", + }, +]; + +export function expectCodexMissingAuthHint( + buildProviderMissingAuthMessageWithPlugin: (params: { + provider: string; + env: NodeJS.ProcessEnv; + context: { + env: NodeJS.ProcessEnv; + provider: string; + listProfileIds: (providerId: string) => string[]; + }; + }) => string | undefined, +) { + expect( + buildProviderMissingAuthMessageWithPlugin({ + provider: "openai", + env: process.env, + context: { + env: process.env, + provider: "openai", + listProfileIds: (providerId) => (providerId === "openai-codex" ? ["p1"] : []), + }, + }), + ).toContain("openai-codex/gpt-5.4"); +} + +export function expectCodexBuiltInSuppression( + resolveProviderBuiltInModelSuppression: (params: { + env: NodeJS.ProcessEnv; + context: { + env: NodeJS.ProcessEnv; + provider: string; + modelId: string; + }; + }) => unknown, +) { + expect( + resolveProviderBuiltInModelSuppression({ + env: process.env, + context: { + env: process.env, + provider: "azure-openai-responses", + modelId: "gpt-5.3-codex-spark", + }, + }), + ).toMatchObject({ + suppress: true, + errorMessage: expect.stringContaining("openai-codex/gpt-5.3-codex-spark"), + }); +} + +export async function expectAugmentedCodexCatalog( + augmentModelCatalogWithProviderPlugins: (params: { + env: NodeJS.ProcessEnv; + context: { + env: NodeJS.ProcessEnv; + entries: typeof openaiCodexCatalogEntries; + }; + }) => Promise, +) { + await expect( + augmentModelCatalogWithProviderPlugins({ + env: process.env, + context: { + env: process.env, + entries: openaiCodexCatalogEntries, + }, + }), + ).resolves.toEqual(expectedAugmentedOpenaiCodexCatalogEntries); +} diff --git a/src/plugins/provider-runtime.test.ts b/src/plugins/provider-runtime.test.ts index 07ee1794562..d0e57c9216b 100644 --- a/src/plugins/provider-runtime.test.ts +++ b/src/plugins/provider-runtime.test.ts @@ -1,4 +1,9 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; +import { + expectAugmentedCodexCatalog, + expectCodexBuiltInSuppression, + expectCodexMissingAuthHint, +} from "./provider-runtime.test-support.js"; import type { ProviderPlugin, ProviderRuntimeModel } from "./types.js"; type ResolvePluginProviders = typeof import("./providers.js").resolvePluginProviders; @@ -23,30 +28,28 @@ vi.mock("./providers.js", () => ({ resolveOwningPluginIdsForProviderMock(params as never), })); -import { - augmentModelCatalogWithProviderPlugins, - buildProviderAuthDoctorHintWithPlugin, - buildProviderMissingAuthMessageWithPlugin, - formatProviderAuthProfileApiKeyWithPlugin, - prepareProviderExtraParams, - resolveProviderCacheTtlEligibility, - resolveProviderBinaryThinking, - resolveProviderBuiltInModelSuppression, - resolveProviderDefaultThinkingLevel, - resolveProviderModernModelRef, - resolveProviderUsageSnapshotWithPlugin, - resolveProviderCapabilitiesWithPlugin, - resolveProviderUsageAuthWithPlugin, - resolveProviderXHighThinking, - normalizeProviderResolvedModelWithPlugin, - prepareProviderDynamicModel, - prepareProviderRuntimeAuth, - resetProviderRuntimeHookCacheForTest, - refreshProviderOAuthCredentialWithPlugin, - resolveProviderRuntimePlugin, - runProviderDynamicModel, - wrapProviderStreamFn, -} from "./provider-runtime.js"; +let augmentModelCatalogWithProviderPlugins: typeof import("./provider-runtime.js").augmentModelCatalogWithProviderPlugins; +let buildProviderAuthDoctorHintWithPlugin: typeof import("./provider-runtime.js").buildProviderAuthDoctorHintWithPlugin; +let buildProviderMissingAuthMessageWithPlugin: typeof import("./provider-runtime.js").buildProviderMissingAuthMessageWithPlugin; +let formatProviderAuthProfileApiKeyWithPlugin: typeof import("./provider-runtime.js").formatProviderAuthProfileApiKeyWithPlugin; +let prepareProviderExtraParams: typeof import("./provider-runtime.js").prepareProviderExtraParams; +let resolveProviderCacheTtlEligibility: typeof import("./provider-runtime.js").resolveProviderCacheTtlEligibility; +let resolveProviderBinaryThinking: typeof import("./provider-runtime.js").resolveProviderBinaryThinking; +let resolveProviderBuiltInModelSuppression: typeof import("./provider-runtime.js").resolveProviderBuiltInModelSuppression; +let resolveProviderDefaultThinkingLevel: typeof import("./provider-runtime.js").resolveProviderDefaultThinkingLevel; +let resolveProviderModernModelRef: typeof import("./provider-runtime.js").resolveProviderModernModelRef; +let resolveProviderUsageSnapshotWithPlugin: typeof import("./provider-runtime.js").resolveProviderUsageSnapshotWithPlugin; +let resolveProviderCapabilitiesWithPlugin: typeof import("./provider-runtime.js").resolveProviderCapabilitiesWithPlugin; +let resolveProviderUsageAuthWithPlugin: typeof import("./provider-runtime.js").resolveProviderUsageAuthWithPlugin; +let resolveProviderXHighThinking: typeof import("./provider-runtime.js").resolveProviderXHighThinking; +let normalizeProviderResolvedModelWithPlugin: typeof import("./provider-runtime.js").normalizeProviderResolvedModelWithPlugin; +let prepareProviderDynamicModel: typeof import("./provider-runtime.js").prepareProviderDynamicModel; +let prepareProviderRuntimeAuth: typeof import("./provider-runtime.js").prepareProviderRuntimeAuth; +let resetProviderRuntimeHookCacheForTest: typeof import("./provider-runtime.js").resetProviderRuntimeHookCacheForTest; +let refreshProviderOAuthCredentialWithPlugin: typeof import("./provider-runtime.js").refreshProviderOAuthCredentialWithPlugin; +let resolveProviderRuntimePlugin: typeof import("./provider-runtime.js").resolveProviderRuntimePlugin; +let runProviderDynamicModel: typeof import("./provider-runtime.js").runProviderDynamicModel; +let wrapProviderStreamFn: typeof import("./provider-runtime.js").wrapProviderStreamFn; const MODEL: ProviderRuntimeModel = { id: "demo-model", @@ -62,7 +65,32 @@ const MODEL: ProviderRuntimeModel = { }; describe("provider-runtime", () => { - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); + ({ + augmentModelCatalogWithProviderPlugins, + buildProviderAuthDoctorHintWithPlugin, + buildProviderMissingAuthMessageWithPlugin, + formatProviderAuthProfileApiKeyWithPlugin, + prepareProviderExtraParams, + resolveProviderCacheTtlEligibility, + resolveProviderBinaryThinking, + resolveProviderBuiltInModelSuppression, + resolveProviderDefaultThinkingLevel, + resolveProviderModernModelRef, + resolveProviderUsageSnapshotWithPlugin, + resolveProviderCapabilitiesWithPlugin, + resolveProviderUsageAuthWithPlugin, + resolveProviderXHighThinking, + normalizeProviderResolvedModelWithPlugin, + prepareProviderDynamicModel, + prepareProviderRuntimeAuth, + resetProviderRuntimeHookCacheForTest, + refreshProviderOAuthCredentialWithPlugin, + resolveProviderRuntimePlugin, + runProviderDynamicModel, + wrapProviderStreamFn, + } = await import("./provider-runtime.js")); resetProviderRuntimeHookCacheForTest(); resolvePluginProvidersMock.mockReset(); resolvePluginProvidersMock.mockReturnValue([]); @@ -410,54 +438,9 @@ describe("provider-runtime", () => { }), ).toBe(true); - expect( - buildProviderMissingAuthMessageWithPlugin({ - provider: "openai", - env: process.env, - context: { - env: process.env, - provider: "openai", - listProfileIds: (providerId) => (providerId === "openai-codex" ? ["p1"] : []), - }, - }), - ).toContain("openai-codex/gpt-5.4"); - - expect( - resolveProviderBuiltInModelSuppression({ - env: process.env, - context: { - env: process.env, - provider: "azure-openai-responses", - modelId: "gpt-5.3-codex-spark", - }, - }), - ).toMatchObject({ - suppress: true, - errorMessage: expect.stringContaining("openai-codex/gpt-5.3-codex-spark"), - }); - - await expect( - augmentModelCatalogWithProviderPlugins({ - env: process.env, - context: { - env: process.env, - entries: [ - { provider: "openai", id: "gpt-5.2", name: "GPT-5.2" }, - { provider: "openai", id: "gpt-5.2-pro", name: "GPT-5.2 Pro" }, - { provider: "openai-codex", id: "gpt-5.3-codex", name: "GPT-5.3 Codex" }, - ], - }, - }), - ).resolves.toEqual([ - { provider: "openai", id: "gpt-5.4", name: "gpt-5.4" }, - { provider: "openai", id: "gpt-5.4-pro", name: "gpt-5.4-pro" }, - { provider: "openai-codex", id: "gpt-5.4", name: "gpt-5.4" }, - { - provider: "openai-codex", - id: "gpt-5.3-codex-spark", - name: "gpt-5.3-codex-spark", - }, - ]); + expectCodexMissingAuthHint(buildProviderMissingAuthMessageWithPlugin); + expectCodexBuiltInSuppression(resolveProviderBuiltInModelSuppression); + await expectAugmentedCodexCatalog(augmentModelCatalogWithProviderPlugins); expect(prepareDynamicModel).toHaveBeenCalledTimes(1); expect(refreshOAuth).toHaveBeenCalledTimes(1); diff --git a/src/plugins/provider-runtime.ts b/src/plugins/provider-runtime.ts index 61a2a0c5792..561154196f0 100644 --- a/src/plugins/provider-runtime.ts +++ b/src/plugins/provider-runtime.ts @@ -10,6 +10,7 @@ import { resolveOwningPluginIdsForProvider, resolvePluginProviders, } from "./providers.js"; +import { resolvePluginCacheInputs } from "./roots.js"; import type { ProviderAuthDoctorHintContext, ProviderAugmentModelCatalogContext, @@ -76,8 +77,16 @@ function resolveHookProviderCacheBucket(params: { return bucket; } -function buildHookProviderCacheKey(params: { workspaceDir?: string; onlyPluginIds?: string[] }) { - return `${params.workspaceDir ?? ""}::${JSON.stringify(params.onlyPluginIds ?? [])}`; +function buildHookProviderCacheKey(params: { + workspaceDir?: string; + onlyPluginIds?: string[]; + env?: NodeJS.ProcessEnv; +}) { + const { roots } = resolvePluginCacheInputs({ + workspaceDir: params.workspaceDir, + env: params.env, + }); + return `${roots.workspace ?? ""}::${roots.global}::${roots.stock ?? ""}::${JSON.stringify(params.onlyPluginIds ?? [])}`; } export function resetProviderRuntimeHookCacheForTest(): void { @@ -105,6 +114,7 @@ function resolveProviderPluginsForHooks(params: { const cacheKey = buildHookProviderCacheKey({ workspaceDir: params.workspaceDir, onlyPluginIds: params.onlyPluginIds, + env, }); const cached = cacheBucket.get(cacheKey); if (cached) { diff --git a/src/plugins/provider-self-hosted-setup.ts b/src/plugins/provider-self-hosted-setup.ts new file mode 100644 index 00000000000..db7223ed987 --- /dev/null +++ b/src/plugins/provider-self-hosted-setup.ts @@ -0,0 +1,304 @@ +import type { ApiKeyCredential, AuthProfileCredential } from "../agents/auth-profiles/types.js"; +import { upsertAuthProfileWithLock } from "../agents/auth-profiles/upsert-with-lock.js"; +import { + SELF_HOSTED_DEFAULT_CONTEXT_WINDOW, + SELF_HOSTED_DEFAULT_COST, + SELF_HOSTED_DEFAULT_MAX_TOKENS, +} from "../agents/self-hosted-provider-defaults.js"; +import type { OpenClawConfig } from "../config/config.js"; +import { normalizeOptionalSecretInput } from "../utils/normalize-secret-input.js"; +import type { WizardPrompter } from "../wizard/prompts.js"; +import { applyAuthProfileConfig } from "./provider-auth-helpers.js"; +import type { + ProviderDiscoveryContext, + ProviderAuthResult, + ProviderAuthMethodNonInteractiveContext, + ProviderNonInteractiveApiKeyResult, +} from "./types.js"; + +export { + SELF_HOSTED_DEFAULT_CONTEXT_WINDOW, + SELF_HOSTED_DEFAULT_COST, + SELF_HOSTED_DEFAULT_MAX_TOKENS, +} from "../agents/self-hosted-provider-defaults.js"; + +export function applyProviderDefaultModel(cfg: OpenClawConfig, modelRef: string): OpenClawConfig { + const existingModel = cfg.agents?.defaults?.model; + const fallbacks = + existingModel && typeof existingModel === "object" && "fallbacks" in existingModel + ? (existingModel as { fallbacks?: string[] }).fallbacks + : undefined; + + return { + ...cfg, + agents: { + ...cfg.agents, + defaults: { + ...cfg.agents?.defaults, + model: { + ...(fallbacks ? { fallbacks } : undefined), + primary: modelRef, + }, + }, + }, + }; +} + +function buildOpenAICompatibleSelfHostedProviderConfig(params: { + cfg: OpenClawConfig; + providerId: string; + baseUrl: string; + providerApiKey: string; + modelId: string; + input?: Array<"text" | "image">; + reasoning?: boolean; + contextWindow?: number; + maxTokens?: number; +}): { config: OpenClawConfig; modelId: string; modelRef: string; profileId: string } { + const modelRef = `${params.providerId}/${params.modelId}`; + const profileId = `${params.providerId}:default`; + return { + config: { + ...params.cfg, + models: { + ...params.cfg.models, + mode: params.cfg.models?.mode ?? "merge", + providers: { + ...params.cfg.models?.providers, + [params.providerId]: { + baseUrl: params.baseUrl, + api: "openai-completions", + apiKey: params.providerApiKey, + models: [ + { + id: params.modelId, + name: params.modelId, + reasoning: params.reasoning ?? false, + input: params.input ?? ["text"], + cost: SELF_HOSTED_DEFAULT_COST, + contextWindow: params.contextWindow ?? SELF_HOSTED_DEFAULT_CONTEXT_WINDOW, + maxTokens: params.maxTokens ?? SELF_HOSTED_DEFAULT_MAX_TOKENS, + }, + ], + }, + }, + }, + }, + modelId: params.modelId, + modelRef, + profileId, + }; +} + +type OpenAICompatibleSelfHostedProviderSetupParams = { + cfg: OpenClawConfig; + prompter: WizardPrompter; + providerId: string; + providerLabel: string; + defaultBaseUrl: string; + defaultApiKeyEnvVar: string; + modelPlaceholder: string; + input?: Array<"text" | "image">; + reasoning?: boolean; + contextWindow?: number; + maxTokens?: number; +}; + +type OpenAICompatibleSelfHostedProviderPromptResult = { + config: OpenClawConfig; + credential: AuthProfileCredential; + modelId: string; + modelRef: string; + profileId: string; +}; + +function buildSelfHostedProviderAuthResult( + result: OpenAICompatibleSelfHostedProviderPromptResult, +): ProviderAuthResult { + return { + profiles: [ + { + profileId: result.profileId, + credential: result.credential, + }, + ], + configPatch: result.config, + defaultModel: result.modelRef, + }; +} + +export async function promptAndConfigureOpenAICompatibleSelfHostedProvider( + params: OpenAICompatibleSelfHostedProviderSetupParams, +): Promise { + const baseUrlRaw = await params.prompter.text({ + message: `${params.providerLabel} base URL`, + initialValue: params.defaultBaseUrl, + placeholder: params.defaultBaseUrl, + validate: (value) => (value?.trim() ? undefined : "Required"), + }); + const apiKeyRaw = await params.prompter.text({ + message: `${params.providerLabel} API key`, + placeholder: "sk-... (or any non-empty string)", + validate: (value) => (value?.trim() ? undefined : "Required"), + }); + const modelIdRaw = await params.prompter.text({ + message: `${params.providerLabel} model`, + placeholder: params.modelPlaceholder, + validate: (value) => (value?.trim() ? undefined : "Required"), + }); + + const baseUrl = String(baseUrlRaw ?? "") + .trim() + .replace(/\/+$/, ""); + const apiKey = String(apiKeyRaw ?? "").trim(); + const modelId = String(modelIdRaw ?? "").trim(); + const credential: AuthProfileCredential = { + type: "api_key", + provider: params.providerId, + key: apiKey, + }; + const configured = buildOpenAICompatibleSelfHostedProviderConfig({ + cfg: params.cfg, + providerId: params.providerId, + baseUrl, + providerApiKey: params.defaultApiKeyEnvVar, + modelId, + input: params.input, + reasoning: params.reasoning, + contextWindow: params.contextWindow, + maxTokens: params.maxTokens, + }); + + return { + config: configured.config, + credential, + modelId: configured.modelId, + modelRef: configured.modelRef, + profileId: configured.profileId, + }; +} + +export async function promptAndConfigureOpenAICompatibleSelfHostedProviderAuth( + params: OpenAICompatibleSelfHostedProviderSetupParams, +): Promise { + const result = await promptAndConfigureOpenAICompatibleSelfHostedProvider(params); + return buildSelfHostedProviderAuthResult(result); +} + +export async function discoverOpenAICompatibleSelfHostedProvider< + T extends Record, +>(params: { + ctx: ProviderDiscoveryContext; + providerId: string; + buildProvider: (params: { apiKey?: string }) => Promise; +}): Promise<{ provider: T & { apiKey: string } } | null> { + if (params.ctx.config.models?.providers?.[params.providerId]) { + return null; + } + const { apiKey, discoveryApiKey } = params.ctx.resolveProviderApiKey(params.providerId); + if (!apiKey) { + return null; + } + return { + provider: { + ...(await params.buildProvider({ apiKey: discoveryApiKey })), + apiKey, + }, + }; +} + +function buildMissingNonInteractiveModelIdMessage(params: { + authChoice: string; + providerLabel: string; + modelPlaceholder: string; +}): string { + return [ + `Missing --custom-model-id for --auth-choice ${params.authChoice}.`, + `Pass the ${params.providerLabel} model id to use, for example ${params.modelPlaceholder}.`, + ].join("\n"); +} + +function buildSelfHostedProviderCredential(params: { + ctx: ProviderAuthMethodNonInteractiveContext; + providerId: string; + resolved: ProviderNonInteractiveApiKeyResult; +}): ApiKeyCredential | null { + return params.ctx.toApiKeyCredential({ + provider: params.providerId, + resolved: params.resolved, + }); +} + +export async function configureOpenAICompatibleSelfHostedProviderNonInteractive(params: { + ctx: ProviderAuthMethodNonInteractiveContext; + providerId: string; + providerLabel: string; + defaultBaseUrl: string; + defaultApiKeyEnvVar: string; + modelPlaceholder: string; + input?: Array<"text" | "image">; + reasoning?: boolean; + contextWindow?: number; + maxTokens?: number; +}): Promise { + const baseUrl = ( + normalizeOptionalSecretInput(params.ctx.opts.customBaseUrl) ?? params.defaultBaseUrl + ).replace(/\/+$/, ""); + const modelId = normalizeOptionalSecretInput(params.ctx.opts.customModelId); + if (!modelId) { + params.ctx.runtime.error( + buildMissingNonInteractiveModelIdMessage({ + authChoice: params.ctx.authChoice, + providerLabel: params.providerLabel, + modelPlaceholder: params.modelPlaceholder, + }), + ); + params.ctx.runtime.exit(1); + return null; + } + + const resolved = await params.ctx.resolveApiKey({ + provider: params.providerId, + flagValue: normalizeOptionalSecretInput(params.ctx.opts.customApiKey), + flagName: "--custom-api-key", + envVar: params.defaultApiKeyEnvVar, + envVarName: params.defaultApiKeyEnvVar, + }); + if (!resolved) { + return null; + } + + const credential = buildSelfHostedProviderCredential({ + ctx: params.ctx, + providerId: params.providerId, + resolved, + }); + if (!credential) { + return null; + } + + const configured = buildOpenAICompatibleSelfHostedProviderConfig({ + cfg: params.ctx.config, + providerId: params.providerId, + baseUrl, + providerApiKey: params.defaultApiKeyEnvVar, + modelId, + input: params.input, + reasoning: params.reasoning, + contextWindow: params.contextWindow, + maxTokens: params.maxTokens, + }); + await upsertAuthProfileWithLock({ + profileId: configured.profileId, + credential, + agentDir: params.ctx.agentDir, + }); + + const withProfile = applyAuthProfileConfig(configured.config, { + profileId: configured.profileId, + provider: params.providerId, + mode: "api_key", + }); + params.ctx.runtime.log(`Default ${params.providerLabel} model: ${modelId}`); + return applyProviderDefaultModel(withProfile, configured.modelRef); +} diff --git a/src/plugins/provider-vllm-setup.ts b/src/plugins/provider-vllm-setup.ts new file mode 100644 index 00000000000..01f291abbe5 --- /dev/null +++ b/src/plugins/provider-vllm-setup.ts @@ -0,0 +1,42 @@ +import { + VLLM_DEFAULT_API_KEY_ENV_VAR, + VLLM_DEFAULT_BASE_URL, + VLLM_MODEL_PLACEHOLDER, + VLLM_PROVIDER_LABEL, +} from "../agents/vllm-defaults.js"; +import type { OpenClawConfig } from "../config/config.js"; +import type { WizardPrompter } from "../wizard/prompts.js"; +import { + applyProviderDefaultModel, + SELF_HOSTED_DEFAULT_CONTEXT_WINDOW, + SELF_HOSTED_DEFAULT_COST, + SELF_HOSTED_DEFAULT_MAX_TOKENS, + promptAndConfigureOpenAICompatibleSelfHostedProvider, +} from "./provider-self-hosted-setup.js"; + +export { VLLM_DEFAULT_BASE_URL } from "../agents/vllm-defaults.js"; +export const VLLM_DEFAULT_CONTEXT_WINDOW = SELF_HOSTED_DEFAULT_CONTEXT_WINDOW; +export const VLLM_DEFAULT_MAX_TOKENS = SELF_HOSTED_DEFAULT_MAX_TOKENS; +export const VLLM_DEFAULT_COST = SELF_HOSTED_DEFAULT_COST; + +export async function promptAndConfigureVllm(params: { + cfg: OpenClawConfig; + prompter: WizardPrompter; +}): Promise<{ config: OpenClawConfig; modelId: string; modelRef: string }> { + const result = await promptAndConfigureOpenAICompatibleSelfHostedProvider({ + cfg: params.cfg, + prompter: params.prompter, + providerId: "vllm", + providerLabel: VLLM_PROVIDER_LABEL, + defaultBaseUrl: VLLM_DEFAULT_BASE_URL, + defaultApiKeyEnvVar: VLLM_DEFAULT_API_KEY_ENV_VAR, + modelPlaceholder: VLLM_MODEL_PLACEHOLDER, + }); + return { + config: result.config, + modelId: result.modelId, + modelRef: result.modelRef, + }; +} + +export { applyProviderDefaultModel as applyVllmDefaultModel }; diff --git a/src/plugins/provider-zai-endpoint.ts b/src/plugins/provider-zai-endpoint.ts new file mode 100644 index 00000000000..4426b1065fe --- /dev/null +++ b/src/plugins/provider-zai-endpoint.ts @@ -0,0 +1,179 @@ +import { + ZAI_CN_BASE_URL, + ZAI_CODING_CN_BASE_URL, + ZAI_CODING_GLOBAL_BASE_URL, + ZAI_GLOBAL_BASE_URL, +} from "../../extensions/zai/model-definitions.js"; +import { fetchWithTimeout } from "../utils/fetch-timeout.js"; + +export type ZaiEndpointId = "global" | "cn" | "coding-global" | "coding-cn"; + +export type ZaiDetectedEndpoint = { + endpoint: ZaiEndpointId; + /** Provider baseUrl to store in config. */ + baseUrl: string; + /** Recommended default model id for that endpoint. */ + modelId: string; + /** Human-readable note explaining the choice. */ + note: string; +}; + +type ProbeResult = + | { ok: true } + | { + ok: false; + status?: number; + errorCode?: string; + errorMessage?: string; + }; + +async function probeZaiChatCompletions(params: { + baseUrl: string; + apiKey: string; + modelId: string; + timeoutMs: number; + fetchFn?: typeof fetch; +}): Promise { + try { + const res = await fetchWithTimeout( + `${params.baseUrl}/chat/completions`, + { + method: "POST", + headers: { + authorization: `Bearer ${params.apiKey}`, + "content-type": "application/json", + }, + body: JSON.stringify({ + model: params.modelId, + stream: false, + max_tokens: 1, + messages: [{ role: "user", content: "ping" }], + }), + }, + params.timeoutMs, + params.fetchFn, + ); + + if (res.ok) { + return { ok: true }; + } + + let errorCode: string | undefined; + let errorMessage: string | undefined; + try { + const json = (await res.json()) as { + error?: { code?: unknown; message?: unknown }; + msg?: unknown; + message?: unknown; + }; + const code = json?.error?.code; + const msg = json?.error?.message ?? json?.msg ?? json?.message; + if (typeof code === "string") { + errorCode = code; + } else if (typeof code === "number") { + errorCode = String(code); + } + if (typeof msg === "string") { + errorMessage = msg; + } + } catch { + // ignore + } + + return { ok: false, status: res.status, errorCode, errorMessage }; + } catch { + return { ok: false }; + } +} + +export async function detectZaiEndpoint(params: { + apiKey: string; + endpoint?: ZaiEndpointId; + timeoutMs?: number; + fetchFn?: typeof fetch; +}): Promise { + // Never auto-probe in vitest; it would create flaky network behavior. + if (process.env.VITEST && !params.fetchFn) { + return null; + } + + const timeoutMs = params.timeoutMs ?? 5_000; + const probeCandidates = (() => { + const general = [ + { + endpoint: "global" as const, + baseUrl: ZAI_GLOBAL_BASE_URL, + modelId: "glm-5", + note: "Verified GLM-5 on global endpoint.", + }, + { + endpoint: "cn" as const, + baseUrl: ZAI_CN_BASE_URL, + modelId: "glm-5", + note: "Verified GLM-5 on cn endpoint.", + }, + ]; + const codingGlm5 = [ + { + endpoint: "coding-global" as const, + baseUrl: ZAI_CODING_GLOBAL_BASE_URL, + modelId: "glm-5", + note: "Verified GLM-5 on coding-global endpoint.", + }, + { + endpoint: "coding-cn" as const, + baseUrl: ZAI_CODING_CN_BASE_URL, + modelId: "glm-5", + note: "Verified GLM-5 on coding-cn endpoint.", + }, + ]; + const codingFallback = [ + { + endpoint: "coding-global" as const, + baseUrl: ZAI_CODING_GLOBAL_BASE_URL, + modelId: "glm-4.7", + note: "Coding Plan endpoint verified, but this key/plan does not expose GLM-5 there. Defaulting to GLM-4.7.", + }, + { + endpoint: "coding-cn" as const, + baseUrl: ZAI_CODING_CN_BASE_URL, + modelId: "glm-4.7", + note: "Coding Plan CN endpoint verified, but this key/plan does not expose GLM-5 there. Defaulting to GLM-4.7.", + }, + ]; + + switch (params.endpoint) { + case "global": + return general.filter((candidate) => candidate.endpoint === "global"); + case "cn": + return general.filter((candidate) => candidate.endpoint === "cn"); + case "coding-global": + return [ + ...codingGlm5.filter((candidate) => candidate.endpoint === "coding-global"), + ...codingFallback.filter((candidate) => candidate.endpoint === "coding-global"), + ]; + case "coding-cn": + return [ + ...codingGlm5.filter((candidate) => candidate.endpoint === "coding-cn"), + ...codingFallback.filter((candidate) => candidate.endpoint === "coding-cn"), + ]; + default: + return [...general, ...codingGlm5, ...codingFallback]; + } + })(); + + for (const candidate of probeCandidates) { + const result = await probeZaiChatCompletions({ + baseUrl: candidate.baseUrl, + apiKey: params.apiKey, + modelId: candidate.modelId, + timeoutMs, + fetchFn: params.fetchFn, + }); + if (result.ok) { + return candidate; + } + } + + return null; +} diff --git a/src/plugins/providers.test.ts b/src/plugins/providers.test.ts index bfc976a7abf..ff804babb43 100644 --- a/src/plugins/providers.test.ts +++ b/src/plugins/providers.test.ts @@ -1,5 +1,4 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; -import { resolveOwningPluginIdsForProvider, resolvePluginProviders } from "./providers.js"; const loadOpenClawPluginsMock = vi.fn(); const loadPluginManifestRegistryMock = vi.fn(); @@ -12,8 +11,12 @@ vi.mock("./manifest-registry.js", () => ({ loadPluginManifestRegistry: (...args: unknown[]) => loadPluginManifestRegistryMock(...args), })); +let resolveOwningPluginIdsForProvider: typeof import("./providers.js").resolveOwningPluginIdsForProvider; +let resolvePluginProviders: typeof import("./providers.js").resolvePluginProviders; + describe("resolvePluginProviders", () => { - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); loadOpenClawPluginsMock.mockReset(); loadOpenClawPluginsMock.mockReturnValue({ providers: [{ pluginId: "google", provider: { id: "demo-provider" } }], @@ -29,6 +32,8 @@ describe("resolvePluginProviders", () => { ], diagnostics: [], }); + ({ resolveOwningPluginIdsForProvider, resolvePluginProviders } = + await import("./providers.js")); }); it("forwards an explicit env to plugin loading", () => { @@ -65,6 +70,11 @@ describe("resolvePluginProviders", () => { config: expect.objectContaining({ plugins: expect.objectContaining({ allow: expect.arrayContaining(["openrouter", "google", "kilocode", "moonshot"]), + entries: expect.objectContaining({ + google: { enabled: true }, + kilocode: { enabled: true }, + moonshot: { enabled: true }, + }), }), }), cache: false, @@ -84,6 +94,10 @@ describe("resolvePluginProviders", () => { plugins: expect.objectContaining({ enabled: true, allow: expect.arrayContaining(["google", "moonshot"]), + entries: expect.objectContaining({ + google: { enabled: true }, + moonshot: { enabled: true }, + }), }), }), cache: false, diff --git a/src/plugins/providers.ts b/src/plugins/providers.ts index 35ef2703553..e966e9d4128 100644 --- a/src/plugins/providers.ts +++ b/src/plugins/providers.ts @@ -1,6 +1,9 @@ import { normalizeProviderId } from "../agents/provider-id.js"; import { createSubsystemLogger } from "../logging/subsystem.js"; -import { withBundledPluginAllowlistCompat } from "./bundled-compat.js"; +import { + withBundledPluginAllowlistCompat, + withBundledPluginEnablementCompat, +} from "./bundled-compat.js"; import { normalizePluginsConfig, resolveEffectiveEnableState } from "./config-state.js"; import { loadOpenClawPlugins, type PluginLoadOptions } from "./loader.js"; import { createPluginLoaderLogger } from "./logger.js"; @@ -82,6 +85,11 @@ function resolveBundledProviderCompatPluginIds(params: { .toSorted((left, right) => left.localeCompare(right)); } +export const __testing = { + resolveBundledProviderCompatPluginIds, + withBundledProviderVitestCompat, +} as const; + export function resolveOwningPluginIdsForProvider(params: { provider: string; config?: PluginLoadOptions["config"]; @@ -160,13 +168,20 @@ export function resolvePluginProviders(params: { pluginIds: bundledProviderCompatPluginIds, }) : params.config; - const config = params.bundledProviderVitestCompat + const maybeVitestCompat = params.bundledProviderVitestCompat ? withBundledProviderVitestCompat({ config: maybeAllowlistCompat, pluginIds: bundledProviderCompatPluginIds, env: params.env, }) : maybeAllowlistCompat; + const config = + params.bundledProviderAllowlistCompat || params.bundledProviderVitestCompat + ? withBundledPluginEnablementCompat({ + config: maybeVitestCompat, + pluginIds: bundledProviderCompatPluginIds, + }) + : maybeVitestCompat; const registry = loadOpenClawPlugins({ config, workspaceDir: params.workspaceDir, diff --git a/src/plugins/registry.ts b/src/plugins/registry.ts index fabf9fa1069..3e89c8462b5 100644 --- a/src/plugins/registry.ts +++ b/src/plugins/registry.ts @@ -14,6 +14,7 @@ import { normalizePluginHttpPath } from "./http-path.js"; import { findOverlappingPluginHttpRoute } from "./http-route-overlap.js"; import { registerPluginInteractiveHandler } from "./interactive.js"; import { normalizeRegisteredProvider } from "./provider-validation.js"; +import { withPluginRuntimePluginIdScope } from "./runtime/gateway-request-scope.js"; import type { PluginRuntime } from "./runtime/types.js"; import { defaultSlotIdForKey } from "./slots.js"; import { @@ -22,15 +23,18 @@ import { stripPromptMutationFieldsFromLegacyHookResult, } from "./types.js"; import type { + ImageGenerationProviderPlugin, OpenClawPluginApi, OpenClawPluginChannelRegistration, OpenClawPluginCliRegistrar, OpenClawPluginCommandDefinition, + PluginConversationBindingResolvedEvent, OpenClawPluginHttpRouteAuth, OpenClawPluginHttpRouteMatch, OpenClawPluginHttpRouteHandler, OpenClawPluginHttpRouteParams, OpenClawPluginHookOptions, + MediaUnderstandingProviderPlugin, ProviderPlugin, OpenClawPluginService, OpenClawPluginToolContext, @@ -46,6 +50,7 @@ import type { PluginHookName, PluginHookHandlerMap, PluginHookRegistration as TypedPluginHookRegistration, + SpeechProviderPlugin, WebSearchProviderPlugin, } from "./types.js"; @@ -102,14 +107,23 @@ export type PluginProviderRegistration = { rootDir?: string; }; -export type PluginWebSearchProviderRegistration = { +type PluginOwnedProviderRegistration = { pluginId: string; pluginName?: string; - provider: WebSearchProviderPlugin; + provider: T; source: string; rootDir?: string; }; +export type PluginSpeechProviderRegistration = + PluginOwnedProviderRegistration; +export type PluginMediaUnderstandingProviderRegistration = + PluginOwnedProviderRegistration; +export type PluginImageGenerationProviderRegistration = + PluginOwnedProviderRegistration; +export type PluginWebSearchProviderRegistration = + PluginOwnedProviderRegistration; + export type PluginHookRegistration = { pluginId: string; entry: HookEntry; @@ -134,6 +148,15 @@ export type PluginCommandRegistration = { rootDir?: string; }; +export type PluginConversationBindingResolvedHandlerRegistration = { + pluginId: string; + pluginName?: string; + pluginRoot?: string; + handler: (event: PluginConversationBindingResolvedEvent) => void | Promise; + source: string; + rootDir?: string; +}; + export type PluginRecord = { id: string; name: string; @@ -154,6 +177,9 @@ export type PluginRecord = { hookNames: string[]; channelIds: string[]; providerIds: string[]; + speechProviderIds: string[]; + mediaUnderstandingProviderIds: string[]; + imageGenerationProviderIds: string[]; webSearchProviderIds: string[]; gatewayMethods: string[]; cliCommands: string[]; @@ -174,12 +200,16 @@ export type PluginRegistry = { channels: PluginChannelRegistration[]; channelSetups: PluginChannelSetupRegistration[]; providers: PluginProviderRegistration[]; + speechProviders: PluginSpeechProviderRegistration[]; + mediaUnderstandingProviders: PluginMediaUnderstandingProviderRegistration[]; + imageGenerationProviders: PluginImageGenerationProviderRegistration[]; webSearchProviders: PluginWebSearchProviderRegistration[]; gatewayHandlers: GatewayRequestHandlers; httpRoutes: PluginHttpRouteRegistration[]; cliRegistrars: PluginCliRegistration[]; services: PluginServiceRegistration[]; commands: PluginCommandRegistration[]; + conversationBindingResolvedHandlers: PluginConversationBindingResolvedHandlerRegistration[]; diagnostics: PluginDiagnostic[]; }; @@ -219,12 +249,16 @@ export function createEmptyPluginRegistry(): PluginRegistry { channels: [], channelSetups: [], providers: [], + speechProviders: [], + mediaUnderstandingProviders: [], + imageGenerationProviders: [], webSearchProviders: [], gatewayHandlers: {}, httpRoutes: [], cliRegistrars: [], services: [], commands: [], + conversationBindingResolvedHandlers: [], diagnostics: [], }; } @@ -550,34 +584,92 @@ export function createPluginRegistry(registryParams: PluginRegistryParams) { }); }; - const registerWebSearchProvider = (record: PluginRecord, provider: WebSearchProviderPlugin) => { - const id = provider.id.trim(); + const registerUniqueProviderLike = < + T extends { id: string }, + R extends PluginOwnedProviderRegistration, + >(params: { + record: PluginRecord; + provider: T; + kindLabel: string; + registrations: R[]; + ownedIds: string[]; + }) => { + const id = params.provider.id.trim(); + const { record, kindLabel } = params; + const missingLabel = `${kindLabel} registration missing id`; + const duplicateLabel = `${kindLabel} already registered: ${id}`; if (!id) { pushDiagnostic({ level: "error", pluginId: record.id, source: record.source, - message: "web search provider registration missing id", + message: missingLabel, }); return; } - const existing = registry.webSearchProviders.find((entry) => entry.provider.id === id); + const existing = params.registrations.find((entry) => entry.provider.id === id); if (existing) { pushDiagnostic({ level: "error", pluginId: record.id, source: record.source, - message: `web search provider already registered: ${id} (${existing.pluginId})`, + message: `${duplicateLabel} (${existing.pluginId})`, }); return; } - record.webSearchProviderIds.push(id); - registry.webSearchProviders.push({ + params.ownedIds.push(id); + params.registrations.push({ pluginId: record.id, pluginName: record.name, - provider, + provider: params.provider, source: record.source, rootDir: record.rootDir, + } as R); + }; + + const registerSpeechProvider = (record: PluginRecord, provider: SpeechProviderPlugin) => { + registerUniqueProviderLike({ + record, + provider, + kindLabel: "speech provider", + registrations: registry.speechProviders, + ownedIds: record.speechProviderIds, + }); + }; + + const registerMediaUnderstandingProvider = ( + record: PluginRecord, + provider: MediaUnderstandingProviderPlugin, + ) => { + registerUniqueProviderLike({ + record, + provider, + kindLabel: "media provider", + registrations: registry.mediaUnderstandingProviders, + ownedIds: record.mediaUnderstandingProviderIds, + }); + }; + + const registerImageGenerationProvider = ( + record: PluginRecord, + provider: ImageGenerationProviderPlugin, + ) => { + registerUniqueProviderLike({ + record, + provider, + kindLabel: "image-generation provider", + registrations: registry.imageGenerationProviders, + ownedIds: record.imageGenerationProviderIds, + }); + }; + + const registerWebSearchProvider = (record: PluginRecord, provider: WebSearchProviderPlugin) => { + registerUniqueProviderLike({ + record, + provider, + kindLabel: "web search provider", + registrations: registry.webSearchProviders, + ownedIds: record.webSearchProviderIds, }); }; @@ -749,6 +841,20 @@ export function createPluginRegistry(registryParams: PluginRegistryParams) { } as TypedPluginHookRegistration); }; + const registerConversationBindingResolvedHandler = ( + record: PluginRecord, + handler: (event: PluginConversationBindingResolvedEvent) => void | Promise, + ) => { + registry.conversationBindingResolvedHandlers.push({ + pluginId: record.id, + pluginName: record.name, + pluginRoot: record.rootDir, + handler, + source: record.source, + rootDir: record.rootDir, + }); + }; + const normalizeLogger = (logger: PluginLogger): PluginLogger => ({ info: logger.info, warn: logger.warn, @@ -756,6 +862,36 @@ export function createPluginRegistry(registryParams: PluginRegistryParams) { debug: logger.debug, }); + const pluginRuntimeById = new Map(); + + const resolvePluginRuntime = (pluginId: string): PluginRuntime => { + const cached = pluginRuntimeById.get(pluginId); + if (cached) { + return cached; + } + const runtime = new Proxy(registryParams.runtime, { + get(target, prop, receiver) { + if (prop !== "subagent") { + return Reflect.get(target, prop, receiver); + } + const subagent = Reflect.get(target, prop, receiver); + return { + run: (params) => withPluginRuntimePluginIdScope(pluginId, () => subagent.run(params)), + waitForRun: (params) => + withPluginRuntimePluginIdScope(pluginId, () => subagent.waitForRun(params)), + getSessionMessages: (params) => + withPluginRuntimePluginIdScope(pluginId, () => subagent.getSessionMessages(params)), + getSession: (params) => + withPluginRuntimePluginIdScope(pluginId, () => subagent.getSession(params)), + deleteSession: (params) => + withPluginRuntimePluginIdScope(pluginId, () => subagent.deleteSession(params)), + } satisfies PluginRuntime["subagent"]; + }, + }); + pluginRuntimeById.set(pluginId, runtime); + return runtime; + }; + const createApi = ( record: PluginRecord, params: { @@ -776,7 +912,7 @@ export function createPluginRegistry(registryParams: PluginRegistryParams) { registrationMode, config: params.config, pluginConfig: params.pluginConfig, - runtime: registryParams.runtime, + runtime: resolvePluginRuntime(record.id), logger: normalizeLogger(registryParams.logger), registerTool: registrationMode === "full" ? (tool, opts) => registerTool(record, tool, opts) : () => {}, @@ -789,6 +925,18 @@ export function createPluginRegistry(registryParams: PluginRegistryParams) { registerChannel: (registration) => registerChannel(record, registration, registrationMode), registerProvider: registrationMode === "full" ? (provider) => registerProvider(record, provider) : () => {}, + registerSpeechProvider: + registrationMode === "full" + ? (provider) => registerSpeechProvider(record, provider) + : () => {}, + registerMediaUnderstandingProvider: + registrationMode === "full" + ? (provider) => registerMediaUnderstandingProvider(record, provider) + : () => {}, + registerImageGenerationProvider: + registrationMode === "full" + ? (provider) => registerImageGenerationProvider(record, provider) + : () => {}, registerWebSearchProvider: registrationMode === "full" ? (provider) => registerWebSearchProvider(record, provider) @@ -820,6 +968,10 @@ export function createPluginRegistry(registryParams: PluginRegistryParams) { } } : () => {}, + onConversationBindingResolved: + registrationMode === "full" + ? (handler) => registerConversationBindingResolvedHandler(record, handler) + : () => {}, registerCommand: registrationMode === "full" ? (command) => registerCommand(record, command) : () => {}, registerContextEngine: (id, factory) => { @@ -862,6 +1014,9 @@ export function createPluginRegistry(registryParams: PluginRegistryParams) { registerTool, registerChannel, registerProvider, + registerSpeechProvider, + registerMediaUnderstandingProvider, + registerImageGenerationProvider, registerWebSearchProvider, registerGatewayMethod, registerCli, diff --git a/src/plugins/runtime/gateway-request-scope.test.ts b/src/plugins/runtime/gateway-request-scope.test.ts index ef31350e2a3..4d00d04fd74 100644 --- a/src/plugins/runtime/gateway-request-scope.test.ts +++ b/src/plugins/runtime/gateway-request-scope.test.ts @@ -20,4 +20,17 @@ describe("gateway request scope", () => { expect(second.getPluginRuntimeGatewayRequestScope()).toEqual(TEST_SCOPE); }); }); + + it("attaches plugin id to the active scope", async () => { + const runtimeScope = await import("./gateway-request-scope.js"); + + await runtimeScope.withPluginRuntimeGatewayRequestScope(TEST_SCOPE, async () => { + await runtimeScope.withPluginRuntimePluginIdScope("voice-call", async () => { + expect(runtimeScope.getPluginRuntimeGatewayRequestScope()).toEqual({ + ...TEST_SCOPE, + pluginId: "voice-call", + }); + }); + }); + }); }); diff --git a/src/plugins/runtime/gateway-request-scope.ts b/src/plugins/runtime/gateway-request-scope.ts index 72a6f5af402..7a4ffbb608b 100644 --- a/src/plugins/runtime/gateway-request-scope.ts +++ b/src/plugins/runtime/gateway-request-scope.ts @@ -8,6 +8,7 @@ export type PluginRuntimeGatewayRequestScope = { context?: GatewayRequestContext; client?: GatewayRequestOptions["client"]; isWebchatConnect: GatewayRequestOptions["isWebchatConnect"]; + pluginId?: string; }; const PLUGIN_RUNTIME_GATEWAY_REQUEST_SCOPE_KEY: unique symbol = Symbol.for( @@ -37,6 +38,20 @@ export function withPluginRuntimeGatewayRequestScope( return pluginRuntimeGatewayRequestScope.run(scope, run); } +/** + * Runs work under the current gateway request scope while attaching plugin identity. + */ +export function withPluginRuntimePluginIdScope(pluginId: string, run: () => T): T { + const current = pluginRuntimeGatewayRequestScope.getStore(); + const scoped: PluginRuntimeGatewayRequestScope = current + ? { ...current, pluginId } + : { + pluginId, + isWebchatConnect: () => false, + }; + return pluginRuntimeGatewayRequestScope.run(scoped, run); +} + /** * Returns the current plugin gateway request scope when called from a plugin request handler. */ diff --git a/src/plugins/runtime/index.test.ts b/src/plugins/runtime/index.test.ts index 5ec2df28199..5ffbd60aa2e 100644 --- a/src/plugins/runtime/index.test.ts +++ b/src/plugins/runtime/index.test.ts @@ -1,31 +1,35 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; +import { DEFAULT_MODEL, DEFAULT_PROVIDER } from "../../agents/defaults.js"; import { onAgentEvent } from "../../infra/agent-events.js"; import { requestHeartbeatNow } from "../../infra/heartbeat-wake.js"; +import * as execModule from "../../process/exec.js"; import { onSessionTranscriptUpdate } from "../../sessions/transcript-events.js"; - -const runCommandWithTimeoutMock = vi.hoisted(() => vi.fn()); - -vi.mock("../../process/exec.js", () => ({ - runCommandWithTimeout: (...args: unknown[]) => runCommandWithTimeoutMock(...args), -})); - -import { createPluginRuntime } from "./index.js"; +import { + clearGatewaySubagentRuntime, + createPluginRuntime, + setGatewaySubagentRuntime, +} from "./index.js"; describe("plugin runtime command execution", () => { beforeEach(() => { - runCommandWithTimeoutMock.mockClear(); + vi.restoreAllMocks(); + clearGatewaySubagentRuntime(); }); it("exposes runtime.system.runCommandWithTimeout by default", async () => { const commandResult = { + pid: 12345, stdout: "hello\n", stderr: "", code: 0, signal: null, killed: false, + noOutputTimedOut: false, termination: "exit" as const, }; - runCommandWithTimeoutMock.mockResolvedValue(commandResult); + const runCommandWithTimeoutMock = vi + .spyOn(execModule, "runCommandWithTimeout") + .mockResolvedValue(commandResult); const runtime = createPluginRuntime(); await expect( @@ -35,7 +39,9 @@ describe("plugin runtime command execution", () => { }); it("forwards runtime.system.runCommandWithTimeout errors", async () => { - runCommandWithTimeoutMock.mockRejectedValue(new Error("boom")); + const runCommandWithTimeoutMock = vi + .spyOn(execModule, "runCommandWithTimeout") + .mockRejectedValue(new Error("boom")); const runtime = createPluginRuntime(); await expect( runtime.system.runCommandWithTimeout(["echo", "hello"], { timeoutMs: 1000 }), @@ -49,11 +55,43 @@ describe("plugin runtime command execution", () => { expect(runtime.events.onSessionTranscriptUpdate).toBe(onSessionTranscriptUpdate); }); + it("exposes runtime.mediaUnderstanding helpers and keeps stt as an alias", () => { + const runtime = createPluginRuntime(); + expect(typeof runtime.mediaUnderstanding.runFile).toBe("function"); + expect(typeof runtime.mediaUnderstanding.describeImageFile).toBe("function"); + expect(typeof runtime.mediaUnderstanding.describeImageFileWithModel).toBe("function"); + expect(typeof runtime.mediaUnderstanding.describeVideoFile).toBe("function"); + expect(runtime.mediaUnderstanding.transcribeAudioFile).toBe(runtime.stt.transcribeAudioFile); + }); + + it("exposes runtime.imageGeneration helpers", () => { + const runtime = createPluginRuntime(); + expect(typeof runtime.imageGeneration.generate).toBe("function"); + expect(typeof runtime.imageGeneration.listProviders).toBe("function"); + }); + + it("exposes runtime.webSearch helpers", () => { + const runtime = createPluginRuntime(); + expect(typeof runtime.webSearch.listProviders).toBe("function"); + expect(typeof runtime.webSearch.search).toBe("function"); + }); + it("exposes runtime.system.requestHeartbeatNow", () => { const runtime = createPluginRuntime(); expect(runtime.system.requestHeartbeatNow).toBe(requestHeartbeatNow); }); + it("exposes runtime.agent host helpers", () => { + const runtime = createPluginRuntime(); + expect(runtime.agent.defaults).toEqual({ + model: DEFAULT_MODEL, + provider: DEFAULT_PROVIDER, + }); + expect(typeof runtime.agent.runEmbeddedPiAgent).toBe("function"); + expect(typeof runtime.agent.resolveAgentDir).toBe("function"); + expect(typeof runtime.agent.session.resolveSessionFilePath).toBe("function"); + }); + it("exposes runtime.modelAuth with getApiKeyForModel and resolveApiKeyForProvider", () => { const runtime = createPluginRuntime(); expect(runtime.modelAuth).toBeDefined(); @@ -70,4 +108,37 @@ describe("plugin runtime command execution", () => { // Wrappers should NOT be the same reference as the raw functions expect(runtime.modelAuth.getApiKeyForModel).not.toBe(rawGetApiKey); }); + + it("keeps subagent unavailable by default even after gateway initialization", async () => { + const runtime = createPluginRuntime(); + setGatewaySubagentRuntime({ + run: vi.fn(), + waitForRun: vi.fn(), + getSessionMessages: vi.fn(), + getSession: vi.fn(), + deleteSession: vi.fn(), + }); + + expect(() => runtime.subagent.run({ sessionKey: "s-1", message: "hello" })).toThrow( + "Plugin runtime subagent methods are only available during a gateway request.", + ); + }); + + it("late-binds to the gateway subagent when explicitly enabled", async () => { + const run = vi.fn().mockResolvedValue({ runId: "run-1" }); + const runtime = createPluginRuntime({ allowGatewaySubagentBinding: true }); + + setGatewaySubagentRuntime({ + run, + waitForRun: vi.fn(), + getSessionMessages: vi.fn(), + getSession: vi.fn(), + deleteSession: vi.fn(), + }); + + await expect(runtime.subagent.run({ sessionKey: "s-2", message: "hello" })).resolves.toEqual({ + runId: "run-1", + }); + expect(run).toHaveBeenCalledWith({ sessionKey: "s-2", message: "hello" }); + }); }); diff --git a/src/plugins/runtime/index.ts b/src/plugins/runtime/index.ts index 12d33168cd3..3f5b80d1caa 100644 --- a/src/plugins/runtime/index.ts +++ b/src/plugins/runtime/index.ts @@ -4,8 +4,20 @@ import { resolveApiKeyForProvider as resolveApiKeyForProviderRaw, } from "../../agents/model-auth.js"; import { resolveStateDir } from "../../config/paths.js"; -import { transcribeAudioFile } from "../../media-understanding/transcribe-audio.js"; -import { textToSpeechTelephony } from "../../tts/tts.js"; +import { + generateImage, + listRuntimeImageGenerationProviders, +} from "../../image-generation/runtime.js"; +import { + describeImageFile, + describeImageFileWithModel, + describeVideoFile, + runMediaUnderstandingFile, + transcribeAudioFile, +} from "../../media-understanding/runtime.js"; +import { listSpeechVoices, textToSpeech, textToSpeechTelephony } from "../../tts/runtime.js"; +import { listWebSearchProviders, runWebSearch } from "../../web-search/runtime.js"; +import { createRuntimeAgent } from "./runtime-agent.js"; import { createRuntimeChannel } from "./runtime-channel.js"; import { createRuntimeConfig } from "./runtime-config.js"; import { createRuntimeEvents } from "./runtime-events.js"; @@ -45,18 +57,111 @@ function createUnavailableSubagentRuntime(): PluginRuntime["subagent"] { }; } +// ── Process-global gateway subagent runtime ───────────────────────── +// The gateway creates a real subagent runtime during startup, but gateway-owned +// plugin registries may be loaded (and cached) before the gateway path runs. +// A process-global holder lets explicitly gateway-bindable runtimes resolve the +// active gateway subagent dynamically without changing the default behavior for +// ordinary plugin runtimes. + +const GATEWAY_SUBAGENT_SYMBOL: unique symbol = Symbol.for( + "openclaw.plugin.gatewaySubagentRuntime", +) as unknown as typeof GATEWAY_SUBAGENT_SYMBOL; + +type GatewaySubagentState = { + subagent: PluginRuntime["subagent"] | undefined; +}; + +const gatewaySubagentState: GatewaySubagentState = (() => { + const g = globalThis as typeof globalThis & { + [GATEWAY_SUBAGENT_SYMBOL]?: GatewaySubagentState; + }; + const existing = g[GATEWAY_SUBAGENT_SYMBOL]; + if (existing) { + return existing; + } + const created: GatewaySubagentState = { subagent: undefined }; + g[GATEWAY_SUBAGENT_SYMBOL] = created; + return created; +})(); + +/** + * Set the process-global gateway subagent runtime. + * Called during gateway startup so that gateway-bindable plugin runtimes can + * resolve subagent methods dynamically even when their registry was cached + * before the gateway finished loading plugins. + */ +export function setGatewaySubagentRuntime(subagent: PluginRuntime["subagent"]): void { + gatewaySubagentState.subagent = subagent; +} + +/** + * Reset the process-global gateway subagent runtime. + * Used by tests to avoid leaking gateway state across module reloads. + */ +export function clearGatewaySubagentRuntime(): void { + gatewaySubagentState.subagent = undefined; +} + +/** + * Create a late-binding subagent that resolves to: + * 1. An explicitly provided subagent (from runtimeOptions), OR + * 2. The process-global gateway subagent when the caller explicitly opts in, OR + * 3. The unavailable fallback (throws with a clear error message). + */ +function createLateBindingSubagent( + explicit?: PluginRuntime["subagent"], + allowGatewaySubagentBinding = false, +): PluginRuntime["subagent"] { + if (explicit) { + return explicit; + } + + const unavailable = createUnavailableSubagentRuntime(); + if (!allowGatewaySubagentBinding) { + return unavailable; + } + + return new Proxy(unavailable, { + get(_target, prop, _receiver) { + const resolved = gatewaySubagentState.subagent ?? unavailable; + return Reflect.get(resolved, prop, resolved); + }, + }); +} + export type CreatePluginRuntimeOptions = { subagent?: PluginRuntime["subagent"]; + allowGatewaySubagentBinding?: boolean; }; export function createPluginRuntime(_options: CreatePluginRuntimeOptions = {}): PluginRuntime { const runtime = { version: resolveVersion(), config: createRuntimeConfig(), - subagent: _options.subagent ?? createUnavailableSubagentRuntime(), + agent: createRuntimeAgent(), + subagent: createLateBindingSubagent( + _options.subagent, + _options.allowGatewaySubagentBinding === true, + ), system: createRuntimeSystem(), media: createRuntimeMedia(), - tts: { textToSpeechTelephony }, + tts: { textToSpeech, textToSpeechTelephony, listVoices: listSpeechVoices }, + mediaUnderstanding: { + runFile: runMediaUnderstandingFile, + describeImageFile, + describeImageFileWithModel, + describeVideoFile, + transcribeAudioFile, + }, + imageGeneration: { + generate: generateImage, + listProviders: listRuntimeImageGenerationProviders, + }, + webSearch: { + listProviders: listWebSearchProviders, + search: runWebSearch, + }, stt: { transcribeAudioFile }, tools: createRuntimeTools(), channel: createRuntimeChannel(), diff --git a/src/plugins/runtime/runtime-agent.ts b/src/plugins/runtime/runtime-agent.ts new file mode 100644 index 00000000000..ae56d1e4bd3 --- /dev/null +++ b/src/plugins/runtime/runtime-agent.ts @@ -0,0 +1,36 @@ +import { resolveAgentDir, resolveAgentWorkspaceDir } from "../../agents/agent-scope.js"; +import { DEFAULT_MODEL, DEFAULT_PROVIDER } from "../../agents/defaults.js"; +import { resolveAgentIdentity } from "../../agents/identity.js"; +import { resolveThinkingDefault } from "../../agents/model-selection.js"; +import { runEmbeddedPiAgent } from "../../agents/pi-embedded.js"; +import { resolveAgentTimeoutMs } from "../../agents/timeout.js"; +import { ensureAgentWorkspace } from "../../agents/workspace.js"; +import { + loadSessionStore, + resolveSessionFilePath, + resolveStorePath, + saveSessionStore, +} from "../../config/sessions.js"; +import type { PluginRuntime } from "./types.js"; + +export function createRuntimeAgent(): PluginRuntime["agent"] { + return { + defaults: { + model: DEFAULT_MODEL, + provider: DEFAULT_PROVIDER, + }, + resolveAgentDir, + resolveAgentWorkspaceDir, + resolveAgentIdentity, + resolveThinkingDefault, + runEmbeddedPiAgent, + resolveAgentTimeoutMs, + ensureAgentWorkspace, + session: { + resolveStorePath, + loadSessionStore, + saveSessionStore, + resolveSessionFilePath, + }, + }; +} diff --git a/src/plugins/runtime/runtime-discord-ops.runtime.ts b/src/plugins/runtime/runtime-discord-ops.runtime.ts index d10daac5a35..e1bc99166af 100644 --- a/src/plugins/runtime/runtime-discord-ops.runtime.ts +++ b/src/plugins/runtime/runtime-discord-ops.runtime.ts @@ -1,21 +1,66 @@ -export { auditDiscordChannelPermissions } from "../../../extensions/discord/src/audit.js"; -export { - listDiscordDirectoryGroupsLive, - listDiscordDirectoryPeersLive, -} from "../../../extensions/discord/src/directory-live.js"; -export { monitorDiscordProvider } from "../../../extensions/discord/src/monitor.js"; -export { probeDiscord } from "../../../extensions/discord/src/probe.js"; -export { resolveDiscordChannelAllowlist } from "../../../extensions/discord/src/resolve-channels.js"; -export { resolveDiscordUserAllowlist } from "../../../extensions/discord/src/resolve-users.js"; -export { - createThreadDiscord, - deleteMessageDiscord, - editChannelDiscord, - editMessageDiscord, - pinMessageDiscord, - sendDiscordComponentMessage, - sendMessageDiscord, - sendPollDiscord, - sendTypingDiscord, - unpinMessageDiscord, -} from "../../../extensions/discord/src/send.js"; +import { auditDiscordChannelPermissions as auditDiscordChannelPermissionsImpl } from "../../../extensions/discord/runtime-api.js"; +import { + listDiscordDirectoryGroupsLive as listDiscordDirectoryGroupsLiveImpl, + listDiscordDirectoryPeersLive as listDiscordDirectoryPeersLiveImpl, +} from "../../../extensions/discord/runtime-api.js"; +import { monitorDiscordProvider as monitorDiscordProviderImpl } from "../../../extensions/discord/runtime-api.js"; +import { probeDiscord as probeDiscordImpl } from "../../../extensions/discord/runtime-api.js"; +import { resolveDiscordChannelAllowlist as resolveDiscordChannelAllowlistImpl } from "../../../extensions/discord/runtime-api.js"; +import { resolveDiscordUserAllowlist as resolveDiscordUserAllowlistImpl } from "../../../extensions/discord/runtime-api.js"; +import { + createThreadDiscord as createThreadDiscordImpl, + deleteMessageDiscord as deleteMessageDiscordImpl, + editChannelDiscord as editChannelDiscordImpl, + editMessageDiscord as editMessageDiscordImpl, + pinMessageDiscord as pinMessageDiscordImpl, + sendDiscordComponentMessage as sendDiscordComponentMessageImpl, + sendMessageDiscord as sendMessageDiscordImpl, + sendPollDiscord as sendPollDiscordImpl, + sendTypingDiscord as sendTypingDiscordImpl, + unpinMessageDiscord as unpinMessageDiscordImpl, +} from "../../../extensions/discord/runtime-api.js"; +import type { PluginRuntimeChannel } from "./types-channel.js"; + +type RuntimeDiscordOps = Pick< + PluginRuntimeChannel["discord"], + | "auditChannelPermissions" + | "listDirectoryGroupsLive" + | "listDirectoryPeersLive" + | "probeDiscord" + | "resolveChannelAllowlist" + | "resolveUserAllowlist" + | "sendComponentMessage" + | "sendMessageDiscord" + | "sendPollDiscord" + | "monitorDiscordProvider" +> & { + typing: Pick; + conversationActions: Pick< + PluginRuntimeChannel["discord"]["conversationActions"], + "editMessage" | "deleteMessage" | "pinMessage" | "unpinMessage" | "createThread" | "editChannel" + >; +}; + +export const runtimeDiscordOps = { + auditChannelPermissions: auditDiscordChannelPermissionsImpl, + listDirectoryGroupsLive: listDiscordDirectoryGroupsLiveImpl, + listDirectoryPeersLive: listDiscordDirectoryPeersLiveImpl, + probeDiscord: probeDiscordImpl, + resolveChannelAllowlist: resolveDiscordChannelAllowlistImpl, + resolveUserAllowlist: resolveDiscordUserAllowlistImpl, + sendComponentMessage: sendDiscordComponentMessageImpl, + sendMessageDiscord: sendMessageDiscordImpl, + sendPollDiscord: sendPollDiscordImpl, + monitorDiscordProvider: monitorDiscordProviderImpl, + typing: { + pulse: sendTypingDiscordImpl, + }, + conversationActions: { + editMessage: editMessageDiscordImpl, + deleteMessage: deleteMessageDiscordImpl, + pinMessage: pinMessageDiscordImpl, + unpinMessage: unpinMessageDiscordImpl, + createThread: createThreadDiscordImpl, + editChannel: editChannelDiscordImpl, + }, +} satisfies RuntimeDiscordOps; diff --git a/src/plugins/runtime/runtime-discord-typing.test.ts b/src/plugins/runtime/runtime-discord-typing.test.ts index 1eb5b6fd315..6f6ec1a1dec 100644 --- a/src/plugins/runtime/runtime-discord-typing.test.ts +++ b/src/plugins/runtime/runtime-discord-typing.test.ts @@ -1,5 +1,9 @@ -import { afterEach, describe, expect, it, vi } from "vitest"; +import { afterEach, describe, it, vi } from "vitest"; import { createDiscordTypingLease } from "./runtime-discord-typing.js"; +import { + expectBackgroundTypingPulseFailuresAreSwallowed, + expectIndependentTypingLeases, +} from "./typing-lease.test-support.js"; describe("createDiscordTypingLease", () => { afterEach(() => { @@ -7,51 +11,30 @@ describe("createDiscordTypingLease", () => { }); it("pulses immediately and keeps leases independent", async () => { - vi.useFakeTimers(); - const pulse = vi.fn(async () => undefined); - - const leaseA = await createDiscordTypingLease({ - channelId: "123", - intervalMs: 2_000, - pulse, + await expectIndependentTypingLeases({ + createLease: createDiscordTypingLease, + buildParams: (pulse) => ({ + channelId: "123", + intervalMs: 2_000, + pulse, + }), }); - const leaseB = await createDiscordTypingLease({ - channelId: "123", - intervalMs: 2_000, - pulse, - }); - - expect(pulse).toHaveBeenCalledTimes(2); - - await vi.advanceTimersByTimeAsync(2_000); - expect(pulse).toHaveBeenCalledTimes(4); - - leaseA.stop(); - await vi.advanceTimersByTimeAsync(2_000); - expect(pulse).toHaveBeenCalledTimes(5); - - await leaseB.refresh(); - expect(pulse).toHaveBeenCalledTimes(6); - - leaseB.stop(); }); it("swallows background pulse failures", async () => { - vi.useFakeTimers(); const pulse = vi .fn<(params: { channelId: string; accountId?: string; cfg?: unknown }) => Promise>() .mockResolvedValueOnce(undefined) .mockRejectedValueOnce(new Error("boom")); - const lease = await createDiscordTypingLease({ - channelId: "123", - intervalMs: 2_000, + await expectBackgroundTypingPulseFailuresAreSwallowed({ + createLease: createDiscordTypingLease, pulse, + buildParams: (pulse) => ({ + channelId: "123", + intervalMs: 2_000, + pulse, + }), }); - - await expect(vi.advanceTimersByTimeAsync(2_000)).resolves.toBe(vi); - expect(pulse).toHaveBeenCalledTimes(2); - - lease.stop(); }); }); diff --git a/src/plugins/runtime/runtime-discord.ts b/src/plugins/runtime/runtime-discord.ts index ae302ad0e5f..8264a7f04df 100644 --- a/src/plugins/runtime/runtime-discord.ts +++ b/src/plugins/runtime/runtime-discord.ts @@ -1,4 +1,4 @@ -import { discordMessageActions } from "../../../extensions/discord/src/channel-actions.js"; +import { discordMessageActions } from "../../../extensions/discord/runtime-api.js"; import { getThreadBindingManager, resolveThreadBindingIdleTimeoutMs, @@ -8,121 +8,72 @@ import { setThreadBindingIdleTimeoutBySessionKey, setThreadBindingMaxAgeBySessionKey, unbindThreadBindingsBySessionKey, -} from "../../../extensions/discord/src/monitor/thread-bindings.js"; +} from "../../../extensions/discord/runtime-api.js"; +import { + createLazyRuntimeMethodBinder, + createLazyRuntimeSurface, +} from "../../shared/lazy-runtime.js"; import { createDiscordTypingLease } from "./runtime-discord-typing.js"; import type { PluginRuntimeChannel } from "./types-channel.js"; -let runtimeDiscordOpsPromise: Promise | null = - null; +const loadRuntimeDiscordOps = createLazyRuntimeSurface( + () => import("./runtime-discord-ops.runtime.js"), + ({ runtimeDiscordOps }) => runtimeDiscordOps, +); -function loadRuntimeDiscordOps() { - runtimeDiscordOpsPromise ??= import("./runtime-discord-ops.runtime.js"); - return runtimeDiscordOpsPromise; -} +const bindDiscordRuntimeMethod = createLazyRuntimeMethodBinder(loadRuntimeDiscordOps); -const auditChannelPermissionsLazy: PluginRuntimeChannel["discord"]["auditChannelPermissions"] = - async (...args) => { - const { auditDiscordChannelPermissions } = await loadRuntimeDiscordOps(); - return auditDiscordChannelPermissions(...args); - }; - -const listDirectoryGroupsLiveLazy: PluginRuntimeChannel["discord"]["listDirectoryGroupsLive"] = - async (...args) => { - const { listDiscordDirectoryGroupsLive } = await loadRuntimeDiscordOps(); - return listDiscordDirectoryGroupsLive(...args); - }; - -const listDirectoryPeersLiveLazy: PluginRuntimeChannel["discord"]["listDirectoryPeersLive"] = - async (...args) => { - const { listDiscordDirectoryPeersLive } = await loadRuntimeDiscordOps(); - return listDiscordDirectoryPeersLive(...args); - }; - -const probeDiscordLazy: PluginRuntimeChannel["discord"]["probeDiscord"] = async (...args) => { - const { probeDiscord } = await loadRuntimeDiscordOps(); - return probeDiscord(...args); -}; - -const resolveChannelAllowlistLazy: PluginRuntimeChannel["discord"]["resolveChannelAllowlist"] = - async (...args) => { - const { resolveDiscordChannelAllowlist } = await loadRuntimeDiscordOps(); - return resolveDiscordChannelAllowlist(...args); - }; - -const resolveUserAllowlistLazy: PluginRuntimeChannel["discord"]["resolveUserAllowlist"] = async ( - ...args -) => { - const { resolveDiscordUserAllowlist } = await loadRuntimeDiscordOps(); - return resolveDiscordUserAllowlist(...args); -}; - -const sendComponentMessageLazy: PluginRuntimeChannel["discord"]["sendComponentMessage"] = async ( - ...args -) => { - const { sendDiscordComponentMessage } = await loadRuntimeDiscordOps(); - return sendDiscordComponentMessage(...args); -}; - -const sendMessageDiscordLazy: PluginRuntimeChannel["discord"]["sendMessageDiscord"] = async ( - ...args -) => { - const { sendMessageDiscord } = await loadRuntimeDiscordOps(); - return sendMessageDiscord(...args); -}; - -const sendPollDiscordLazy: PluginRuntimeChannel["discord"]["sendPollDiscord"] = async (...args) => { - const { sendPollDiscord } = await loadRuntimeDiscordOps(); - return sendPollDiscord(...args); -}; - -const monitorDiscordProviderLazy: PluginRuntimeChannel["discord"]["monitorDiscordProvider"] = - async (...args) => { - const { monitorDiscordProvider } = await loadRuntimeDiscordOps(); - return monitorDiscordProvider(...args); - }; - -const sendTypingDiscordLazy: PluginRuntimeChannel["discord"]["typing"]["pulse"] = async ( - ...args -) => { - const { sendTypingDiscord } = await loadRuntimeDiscordOps(); - return sendTypingDiscord(...args); -}; - -const editMessageDiscordLazy: PluginRuntimeChannel["discord"]["conversationActions"]["editMessage"] = - async (...args) => { - const { editMessageDiscord } = await loadRuntimeDiscordOps(); - return editMessageDiscord(...args); - }; - -const deleteMessageDiscordLazy: PluginRuntimeChannel["discord"]["conversationActions"]["deleteMessage"] = - async (...args) => { - const { deleteMessageDiscord } = await loadRuntimeDiscordOps(); - return deleteMessageDiscord(...args); - }; - -const pinMessageDiscordLazy: PluginRuntimeChannel["discord"]["conversationActions"]["pinMessage"] = - async (...args) => { - const { pinMessageDiscord } = await loadRuntimeDiscordOps(); - return pinMessageDiscord(...args); - }; - -const unpinMessageDiscordLazy: PluginRuntimeChannel["discord"]["conversationActions"]["unpinMessage"] = - async (...args) => { - const { unpinMessageDiscord } = await loadRuntimeDiscordOps(); - return unpinMessageDiscord(...args); - }; - -const createThreadDiscordLazy: PluginRuntimeChannel["discord"]["conversationActions"]["createThread"] = - async (...args) => { - const { createThreadDiscord } = await loadRuntimeDiscordOps(); - return createThreadDiscord(...args); - }; - -const editChannelDiscordLazy: PluginRuntimeChannel["discord"]["conversationActions"]["editChannel"] = - async (...args) => { - const { editChannelDiscord } = await loadRuntimeDiscordOps(); - return editChannelDiscord(...args); - }; +const auditChannelPermissionsLazy = bindDiscordRuntimeMethod( + (runtimeDiscordOps) => runtimeDiscordOps.auditChannelPermissions, +); +const listDirectoryGroupsLiveLazy = bindDiscordRuntimeMethod( + (runtimeDiscordOps) => runtimeDiscordOps.listDirectoryGroupsLive, +); +const listDirectoryPeersLiveLazy = bindDiscordRuntimeMethod( + (runtimeDiscordOps) => runtimeDiscordOps.listDirectoryPeersLive, +); +const probeDiscordLazy = bindDiscordRuntimeMethod( + (runtimeDiscordOps) => runtimeDiscordOps.probeDiscord, +); +const resolveChannelAllowlistLazy = bindDiscordRuntimeMethod( + (runtimeDiscordOps) => runtimeDiscordOps.resolveChannelAllowlist, +); +const resolveUserAllowlistLazy = bindDiscordRuntimeMethod( + (runtimeDiscordOps) => runtimeDiscordOps.resolveUserAllowlist, +); +const sendComponentMessageLazy = bindDiscordRuntimeMethod( + (runtimeDiscordOps) => runtimeDiscordOps.sendComponentMessage, +); +const sendMessageDiscordLazy = bindDiscordRuntimeMethod( + (runtimeDiscordOps) => runtimeDiscordOps.sendMessageDiscord, +); +const sendPollDiscordLazy = bindDiscordRuntimeMethod( + (runtimeDiscordOps) => runtimeDiscordOps.sendPollDiscord, +); +const monitorDiscordProviderLazy = bindDiscordRuntimeMethod( + (runtimeDiscordOps) => runtimeDiscordOps.monitorDiscordProvider, +); +const sendTypingDiscordLazy = bindDiscordRuntimeMethod( + (runtimeDiscordOps) => runtimeDiscordOps.typing.pulse, +); +const editMessageDiscordLazy = bindDiscordRuntimeMethod( + (runtimeDiscordOps) => runtimeDiscordOps.conversationActions.editMessage, +); +const deleteMessageDiscordLazy = bindDiscordRuntimeMethod( + (runtimeDiscordOps) => runtimeDiscordOps.conversationActions.deleteMessage, +); +const pinMessageDiscordLazy = bindDiscordRuntimeMethod( + (runtimeDiscordOps) => runtimeDiscordOps.conversationActions.pinMessage, +); +const unpinMessageDiscordLazy = bindDiscordRuntimeMethod( + (runtimeDiscordOps) => runtimeDiscordOps.conversationActions.unpinMessage, +); +const createThreadDiscordLazy = bindDiscordRuntimeMethod( + (runtimeDiscordOps) => runtimeDiscordOps.conversationActions.createThread, +); +const editChannelDiscordLazy = bindDiscordRuntimeMethod( + (runtimeDiscordOps) => runtimeDiscordOps.conversationActions.editChannel, +); export function createRuntimeDiscord(): PluginRuntimeChannel["discord"] { return { diff --git a/src/plugins/runtime/runtime-imessage.ts b/src/plugins/runtime/runtime-imessage.ts index 01430cacc3c..56136197626 100644 --- a/src/plugins/runtime/runtime-imessage.ts +++ b/src/plugins/runtime/runtime-imessage.ts @@ -1,6 +1,8 @@ -import { monitorIMessageProvider } from "../../../extensions/imessage/src/monitor.js"; -import { probeIMessage } from "../../../extensions/imessage/src/probe.js"; -import { sendMessageIMessage } from "../../../extensions/imessage/src/send.js"; +import { + monitorIMessageProvider, + probeIMessage, + sendMessageIMessage, +} from "../../../extensions/imessage/runtime-api.js"; import type { PluginRuntimeChannel } from "./types-channel.js"; export function createRuntimeIMessage(): PluginRuntimeChannel["imessage"] { diff --git a/src/plugins/runtime/runtime-media.ts b/src/plugins/runtime/runtime-media.ts index 90b28eea31e..abf88724981 100644 --- a/src/plugins/runtime/runtime-media.ts +++ b/src/plugins/runtime/runtime-media.ts @@ -1,4 +1,4 @@ -import { loadWebMedia } from "../../../extensions/whatsapp/src/media.js"; +import { loadWebMedia } from "../../../extensions/whatsapp/runtime-api.js"; import { isVoiceCompatibleAudio } from "../../media/audio.js"; import { mediaKindFromMime } from "../../media/constants.js"; import { getImageMetadata, resizeToJpeg } from "../../media/image-ops.js"; diff --git a/src/plugins/runtime/runtime-signal.ts b/src/plugins/runtime/runtime-signal.ts index 2465ecbdbbc..dc83f3fd1e2 100644 --- a/src/plugins/runtime/runtime-signal.ts +++ b/src/plugins/runtime/runtime-signal.ts @@ -1,6 +1,8 @@ -import { monitorSignalProvider } from "../../../extensions/signal/src/index.js"; -import { probeSignal } from "../../../extensions/signal/src/probe.js"; -import { sendMessageSignal } from "../../../extensions/signal/src/send.js"; +import { + monitorSignalProvider, + probeSignal, + sendMessageSignal, +} from "../../../extensions/signal/runtime-api.js"; import { signalMessageActions } from "../../channels/plugins/actions/signal.js"; import type { PluginRuntimeChannel } from "./types-channel.js"; diff --git a/src/plugins/runtime/runtime-slack-ops.runtime.ts b/src/plugins/runtime/runtime-slack-ops.runtime.ts index e22662c3b7f..65b7ed9e884 100644 --- a/src/plugins/runtime/runtime-slack-ops.runtime.ts +++ b/src/plugins/runtime/runtime-slack-ops.runtime.ts @@ -1,10 +1,34 @@ -export { - listSlackDirectoryGroupsLive, - listSlackDirectoryPeersLive, -} from "../../../extensions/slack/src/directory-live.js"; -export { monitorSlackProvider } from "../../../extensions/slack/src/index.js"; -export { probeSlack } from "../../../extensions/slack/src/probe.js"; -export { resolveSlackChannelAllowlist } from "../../../extensions/slack/src/resolve-channels.js"; -export { resolveSlackUserAllowlist } from "../../../extensions/slack/src/resolve-users.js"; -export { sendMessageSlack } from "../../../extensions/slack/src/send.js"; -export { handleSlackAction } from "../../agents/tools/slack-actions.js"; +import { + listSlackDirectoryGroupsLive as listSlackDirectoryGroupsLiveImpl, + listSlackDirectoryPeersLive as listSlackDirectoryPeersLiveImpl, +} from "../../../extensions/slack/runtime-api.js"; +import { monitorSlackProvider as monitorSlackProviderImpl } from "../../../extensions/slack/runtime-api.js"; +import { probeSlack as probeSlackImpl } from "../../../extensions/slack/runtime-api.js"; +import { resolveSlackChannelAllowlist as resolveSlackChannelAllowlistImpl } from "../../../extensions/slack/runtime-api.js"; +import { resolveSlackUserAllowlist as resolveSlackUserAllowlistImpl } from "../../../extensions/slack/runtime-api.js"; +import { sendMessageSlack as sendMessageSlackImpl } from "../../../extensions/slack/runtime-api.js"; +import { handleSlackAction as handleSlackActionImpl } from "../../agents/tools/slack-actions.js"; +import type { PluginRuntimeChannel } from "./types-channel.js"; + +type RuntimeSlackOps = Pick< + PluginRuntimeChannel["slack"], + | "listDirectoryGroupsLive" + | "listDirectoryPeersLive" + | "probeSlack" + | "resolveChannelAllowlist" + | "resolveUserAllowlist" + | "sendMessageSlack" + | "monitorSlackProvider" + | "handleSlackAction" +>; + +export const runtimeSlackOps = { + listDirectoryGroupsLive: listSlackDirectoryGroupsLiveImpl, + listDirectoryPeersLive: listSlackDirectoryPeersLiveImpl, + probeSlack: probeSlackImpl, + resolveChannelAllowlist: resolveSlackChannelAllowlistImpl, + resolveUserAllowlist: resolveSlackUserAllowlistImpl, + sendMessageSlack: sendMessageSlackImpl, + monitorSlackProvider: monitorSlackProviderImpl, + handleSlackAction: handleSlackActionImpl, +} satisfies RuntimeSlackOps; diff --git a/src/plugins/runtime/runtime-slack.ts b/src/plugins/runtime/runtime-slack.ts index 9579aed4c1b..9f1cab0f094 100644 --- a/src/plugins/runtime/runtime-slack.ts +++ b/src/plugins/runtime/runtime-slack.ts @@ -1,61 +1,38 @@ +import { + createLazyRuntimeMethodBinder, + createLazyRuntimeSurface, +} from "../../shared/lazy-runtime.js"; import type { PluginRuntimeChannel } from "./types-channel.js"; -let runtimeSlackOpsPromise: Promise | null = null; +const loadRuntimeSlackOps = createLazyRuntimeSurface( + () => import("./runtime-slack-ops.runtime.js"), + ({ runtimeSlackOps }) => runtimeSlackOps, +); -function loadRuntimeSlackOps() { - runtimeSlackOpsPromise ??= import("./runtime-slack-ops.runtime.js"); - return runtimeSlackOpsPromise; -} +const bindSlackRuntimeMethod = createLazyRuntimeMethodBinder(loadRuntimeSlackOps); -const listDirectoryGroupsLiveLazy: PluginRuntimeChannel["slack"]["listDirectoryGroupsLive"] = - async (...args) => { - const { listSlackDirectoryGroupsLive } = await loadRuntimeSlackOps(); - return listSlackDirectoryGroupsLive(...args); - }; - -const listDirectoryPeersLiveLazy: PluginRuntimeChannel["slack"]["listDirectoryPeersLive"] = async ( - ...args -) => { - const { listSlackDirectoryPeersLive } = await loadRuntimeSlackOps(); - return listSlackDirectoryPeersLive(...args); -}; - -const probeSlackLazy: PluginRuntimeChannel["slack"]["probeSlack"] = async (...args) => { - const { probeSlack } = await loadRuntimeSlackOps(); - return probeSlack(...args); -}; - -const resolveChannelAllowlistLazy: PluginRuntimeChannel["slack"]["resolveChannelAllowlist"] = - async (...args) => { - const { resolveSlackChannelAllowlist } = await loadRuntimeSlackOps(); - return resolveSlackChannelAllowlist(...args); - }; - -const resolveUserAllowlistLazy: PluginRuntimeChannel["slack"]["resolveUserAllowlist"] = async ( - ...args -) => { - const { resolveSlackUserAllowlist } = await loadRuntimeSlackOps(); - return resolveSlackUserAllowlist(...args); -}; - -const sendMessageSlackLazy: PluginRuntimeChannel["slack"]["sendMessageSlack"] = async (...args) => { - const { sendMessageSlack } = await loadRuntimeSlackOps(); - return sendMessageSlack(...args); -}; - -const monitorSlackProviderLazy: PluginRuntimeChannel["slack"]["monitorSlackProvider"] = async ( - ...args -) => { - const { monitorSlackProvider } = await loadRuntimeSlackOps(); - return monitorSlackProvider(...args); -}; - -const handleSlackActionLazy: PluginRuntimeChannel["slack"]["handleSlackAction"] = async ( - ...args -) => { - const { handleSlackAction } = await loadRuntimeSlackOps(); - return handleSlackAction(...args); -}; +const listDirectoryGroupsLiveLazy = bindSlackRuntimeMethod( + (runtimeSlackOps) => runtimeSlackOps.listDirectoryGroupsLive, +); +const listDirectoryPeersLiveLazy = bindSlackRuntimeMethod( + (runtimeSlackOps) => runtimeSlackOps.listDirectoryPeersLive, +); +const probeSlackLazy = bindSlackRuntimeMethod((runtimeSlackOps) => runtimeSlackOps.probeSlack); +const resolveChannelAllowlistLazy = bindSlackRuntimeMethod( + (runtimeSlackOps) => runtimeSlackOps.resolveChannelAllowlist, +); +const resolveUserAllowlistLazy = bindSlackRuntimeMethod( + (runtimeSlackOps) => runtimeSlackOps.resolveUserAllowlist, +); +const sendMessageSlackLazy = bindSlackRuntimeMethod( + (runtimeSlackOps) => runtimeSlackOps.sendMessageSlack, +); +const monitorSlackProviderLazy = bindSlackRuntimeMethod( + (runtimeSlackOps) => runtimeSlackOps.monitorSlackProvider, +); +const handleSlackActionLazy = bindSlackRuntimeMethod( + (runtimeSlackOps) => runtimeSlackOps.handleSlackAction, +); export function createRuntimeSlack(): PluginRuntimeChannel["slack"] { return { diff --git a/src/plugins/runtime/runtime-telegram-ops.runtime.ts b/src/plugins/runtime/runtime-telegram-ops.runtime.ts index dc463625b4f..dcd3fa05dec 100644 --- a/src/plugins/runtime/runtime-telegram-ops.runtime.ts +++ b/src/plugins/runtime/runtime-telegram-ops.runtime.ts @@ -1,18 +1,54 @@ -export { - auditTelegramGroupMembership, - collectTelegramUnmentionedGroupIds, -} from "../../../extensions/telegram/src/audit.js"; -export { monitorTelegramProvider } from "../../../extensions/telegram/src/monitor.js"; -export { probeTelegram } from "../../../extensions/telegram/src/probe.js"; -export { - deleteMessageTelegram, - editMessageReplyMarkupTelegram, - editMessageTelegram, - pinMessageTelegram, - renameForumTopicTelegram, - sendMessageTelegram, - sendPollTelegram, - sendTypingTelegram, - unpinMessageTelegram, -} from "../../../extensions/telegram/src/send.js"; -export { resolveTelegramToken } from "../../../extensions/telegram/src/token.js"; +import { auditTelegramGroupMembership as auditTelegramGroupMembershipImpl } from "../../../extensions/telegram/runtime-api.js"; +import { monitorTelegramProvider as monitorTelegramProviderImpl } from "../../../extensions/telegram/runtime-api.js"; +import { probeTelegram as probeTelegramImpl } from "../../../extensions/telegram/runtime-api.js"; +import { + deleteMessageTelegram as deleteMessageTelegramImpl, + editMessageReplyMarkupTelegram as editMessageReplyMarkupTelegramImpl, + editMessageTelegram as editMessageTelegramImpl, + pinMessageTelegram as pinMessageTelegramImpl, + renameForumTopicTelegram as renameForumTopicTelegramImpl, + sendMessageTelegram as sendMessageTelegramImpl, + sendPollTelegram as sendPollTelegramImpl, + sendTypingTelegram as sendTypingTelegramImpl, + unpinMessageTelegram as unpinMessageTelegramImpl, +} from "../../../extensions/telegram/runtime-api.js"; +import type { PluginRuntimeChannel } from "./types-channel.js"; + +type RuntimeTelegramOps = Pick< + PluginRuntimeChannel["telegram"], + | "auditGroupMembership" + | "probeTelegram" + | "sendMessageTelegram" + | "sendPollTelegram" + | "monitorTelegramProvider" +> & { + typing: Pick; + conversationActions: Pick< + PluginRuntimeChannel["telegram"]["conversationActions"], + | "editMessage" + | "editReplyMarkup" + | "deleteMessage" + | "renameTopic" + | "pinMessage" + | "unpinMessage" + >; +}; + +export const runtimeTelegramOps = { + auditGroupMembership: auditTelegramGroupMembershipImpl, + probeTelegram: probeTelegramImpl, + sendMessageTelegram: sendMessageTelegramImpl, + sendPollTelegram: sendPollTelegramImpl, + monitorTelegramProvider: monitorTelegramProviderImpl, + typing: { + pulse: sendTypingTelegramImpl, + }, + conversationActions: { + editMessage: editMessageTelegramImpl, + editReplyMarkup: editMessageReplyMarkupTelegramImpl, + deleteMessage: deleteMessageTelegramImpl, + renameTopic: renameForumTopicTelegramImpl, + pinMessage: pinMessageTelegramImpl, + unpinMessage: unpinMessageTelegramImpl, + }, +} satisfies RuntimeTelegramOps; diff --git a/src/plugins/runtime/runtime-telegram-typing.test.ts b/src/plugins/runtime/runtime-telegram-typing.test.ts index 3394aa1cf50..0ec97971eb8 100644 --- a/src/plugins/runtime/runtime-telegram-typing.test.ts +++ b/src/plugins/runtime/runtime-telegram-typing.test.ts @@ -1,5 +1,9 @@ import { afterEach, describe, expect, it, vi } from "vitest"; import { createTelegramTypingLease } from "./runtime-telegram-typing.js"; +import { + expectBackgroundTypingPulseFailuresAreSwallowed, + expectIndependentTypingLeases, +} from "./typing-lease.test-support.js"; describe("createTelegramTypingLease", () => { afterEach(() => { @@ -7,37 +11,17 @@ describe("createTelegramTypingLease", () => { }); it("pulses immediately and keeps leases independent", async () => { - vi.useFakeTimers(); - const pulse = vi.fn(async () => undefined); - - const leaseA = await createTelegramTypingLease({ - to: "telegram:123", - intervalMs: 2_000, - pulse, + await expectIndependentTypingLeases({ + createLease: createTelegramTypingLease, + buildParams: (pulse) => ({ + to: "telegram:123", + intervalMs: 2_000, + pulse, + }), }); - const leaseB = await createTelegramTypingLease({ - to: "telegram:123", - intervalMs: 2_000, - pulse, - }); - - expect(pulse).toHaveBeenCalledTimes(2); - - await vi.advanceTimersByTimeAsync(2_000); - expect(pulse).toHaveBeenCalledTimes(4); - - leaseA.stop(); - await vi.advanceTimersByTimeAsync(2_000); - expect(pulse).toHaveBeenCalledTimes(5); - - await leaseB.refresh(); - expect(pulse).toHaveBeenCalledTimes(6); - - leaseB.stop(); }); it("swallows background pulse failures", async () => { - vi.useFakeTimers(); const pulse = vi .fn< (params: { @@ -50,16 +34,15 @@ describe("createTelegramTypingLease", () => { .mockResolvedValueOnce(undefined) .mockRejectedValueOnce(new Error("boom")); - const lease = await createTelegramTypingLease({ - to: "telegram:123", - intervalMs: 2_000, + await expectBackgroundTypingPulseFailuresAreSwallowed({ + createLease: createTelegramTypingLease, pulse, + buildParams: (pulse) => ({ + to: "telegram:123", + intervalMs: 2_000, + pulse, + }), }); - - await expect(vi.advanceTimersByTimeAsync(2_000)).resolves.toBe(vi); - expect(pulse).toHaveBeenCalledTimes(2); - - lease.stop(); }); it("falls back to the default interval for non-finite values", async () => { diff --git a/src/plugins/runtime/runtime-telegram.ts b/src/plugins/runtime/runtime-telegram.ts index 22061a7e00d..74b4de7e48e 100644 --- a/src/plugins/runtime/runtime-telegram.ts +++ b/src/plugins/runtime/runtime-telegram.ts @@ -1,95 +1,60 @@ -import { collectTelegramUnmentionedGroupIds } from "../../../extensions/telegram/src/audit.js"; -import { telegramMessageActions } from "../../../extensions/telegram/src/channel-actions.js"; +import { collectTelegramUnmentionedGroupIds } from "../../../extensions/telegram/runtime-api.js"; +import { telegramMessageActions } from "../../../extensions/telegram/runtime-api.js"; import { setTelegramThreadBindingIdleTimeoutBySessionKey, setTelegramThreadBindingMaxAgeBySessionKey, -} from "../../../extensions/telegram/src/thread-bindings.js"; -import { resolveTelegramToken } from "../../../extensions/telegram/src/token.js"; +} from "../../../extensions/telegram/runtime-api.js"; +import { resolveTelegramToken } from "../../../extensions/telegram/runtime-api.js"; +import { + createLazyRuntimeMethodBinder, + createLazyRuntimeSurface, +} from "../../shared/lazy-runtime.js"; import { createTelegramTypingLease } from "./runtime-telegram-typing.js"; import type { PluginRuntimeChannel } from "./types-channel.js"; -let runtimeTelegramOpsPromise: Promise | null = - null; +const loadRuntimeTelegramOps = createLazyRuntimeSurface( + () => import("./runtime-telegram-ops.runtime.js"), + ({ runtimeTelegramOps }) => runtimeTelegramOps, +); -function loadRuntimeTelegramOps() { - runtimeTelegramOpsPromise ??= import("./runtime-telegram-ops.runtime.js"); - return runtimeTelegramOpsPromise; -} +const bindTelegramRuntimeMethod = createLazyRuntimeMethodBinder(loadRuntimeTelegramOps); -const auditGroupMembershipLazy: PluginRuntimeChannel["telegram"]["auditGroupMembership"] = async ( - ...args -) => { - const { auditTelegramGroupMembership } = await loadRuntimeTelegramOps(); - return auditTelegramGroupMembership(...args); -}; - -const probeTelegramLazy: PluginRuntimeChannel["telegram"]["probeTelegram"] = async (...args) => { - const { probeTelegram } = await loadRuntimeTelegramOps(); - return probeTelegram(...args); -}; - -const sendMessageTelegramLazy: PluginRuntimeChannel["telegram"]["sendMessageTelegram"] = async ( - ...args -) => { - const { sendMessageTelegram } = await loadRuntimeTelegramOps(); - return sendMessageTelegram(...args); -}; - -const sendPollTelegramLazy: PluginRuntimeChannel["telegram"]["sendPollTelegram"] = async ( - ...args -) => { - const { sendPollTelegram } = await loadRuntimeTelegramOps(); - return sendPollTelegram(...args); -}; - -const monitorTelegramProviderLazy: PluginRuntimeChannel["telegram"]["monitorTelegramProvider"] = - async (...args) => { - const { monitorTelegramProvider } = await loadRuntimeTelegramOps(); - return monitorTelegramProvider(...args); - }; - -const sendTypingTelegramLazy: PluginRuntimeChannel["telegram"]["typing"]["pulse"] = async ( - ...args -) => { - const { sendTypingTelegram } = await loadRuntimeTelegramOps(); - return sendTypingTelegram(...args); -}; - -const editMessageTelegramLazy: PluginRuntimeChannel["telegram"]["conversationActions"]["editMessage"] = - async (...args) => { - const { editMessageTelegram } = await loadRuntimeTelegramOps(); - return editMessageTelegram(...args); - }; - -const editMessageReplyMarkupTelegramLazy: PluginRuntimeChannel["telegram"]["conversationActions"]["editReplyMarkup"] = - async (...args) => { - const { editMessageReplyMarkupTelegram } = await loadRuntimeTelegramOps(); - return editMessageReplyMarkupTelegram(...args); - }; - -const deleteMessageTelegramLazy: PluginRuntimeChannel["telegram"]["conversationActions"]["deleteMessage"] = - async (...args) => { - const { deleteMessageTelegram } = await loadRuntimeTelegramOps(); - return deleteMessageTelegram(...args); - }; - -const renameForumTopicTelegramLazy: PluginRuntimeChannel["telegram"]["conversationActions"]["renameTopic"] = - async (...args) => { - const { renameForumTopicTelegram } = await loadRuntimeTelegramOps(); - return renameForumTopicTelegram(...args); - }; - -const pinMessageTelegramLazy: PluginRuntimeChannel["telegram"]["conversationActions"]["pinMessage"] = - async (...args) => { - const { pinMessageTelegram } = await loadRuntimeTelegramOps(); - return pinMessageTelegram(...args); - }; - -const unpinMessageTelegramLazy: PluginRuntimeChannel["telegram"]["conversationActions"]["unpinMessage"] = - async (...args) => { - const { unpinMessageTelegram } = await loadRuntimeTelegramOps(); - return unpinMessageTelegram(...args); - }; +const auditGroupMembershipLazy = bindTelegramRuntimeMethod( + (runtimeTelegramOps) => runtimeTelegramOps.auditGroupMembership, +); +const probeTelegramLazy = bindTelegramRuntimeMethod( + (runtimeTelegramOps) => runtimeTelegramOps.probeTelegram, +); +const sendMessageTelegramLazy = bindTelegramRuntimeMethod( + (runtimeTelegramOps) => runtimeTelegramOps.sendMessageTelegram, +); +const sendPollTelegramLazy = bindTelegramRuntimeMethod( + (runtimeTelegramOps) => runtimeTelegramOps.sendPollTelegram, +); +const monitorTelegramProviderLazy = bindTelegramRuntimeMethod( + (runtimeTelegramOps) => runtimeTelegramOps.monitorTelegramProvider, +); +const sendTypingTelegramLazy = bindTelegramRuntimeMethod( + (runtimeTelegramOps) => runtimeTelegramOps.typing.pulse, +); +const editMessageTelegramLazy = bindTelegramRuntimeMethod( + (runtimeTelegramOps) => runtimeTelegramOps.conversationActions.editMessage, +); +const editMessageReplyMarkupTelegramLazy = bindTelegramRuntimeMethod( + (runtimeTelegramOps) => runtimeTelegramOps.conversationActions.editReplyMarkup, +); +const deleteMessageTelegramLazy = bindTelegramRuntimeMethod( + (runtimeTelegramOps) => runtimeTelegramOps.conversationActions.deleteMessage, +); +const renameForumTopicTelegramLazy = bindTelegramRuntimeMethod( + (runtimeTelegramOps) => runtimeTelegramOps.conversationActions.renameTopic, +); +const pinMessageTelegramLazy = bindTelegramRuntimeMethod( + (runtimeTelegramOps) => runtimeTelegramOps.conversationActions.pinMessage, +); +const unpinMessageTelegramLazy = bindTelegramRuntimeMethod( + (runtimeTelegramOps) => runtimeTelegramOps.conversationActions.unpinMessage, +); export function createRuntimeTelegram(): PluginRuntimeChannel["telegram"] { return { diff --git a/src/plugins/runtime/runtime-whatsapp-login-tool.ts b/src/plugins/runtime/runtime-whatsapp-login-tool.ts new file mode 100644 index 00000000000..094e47c9a1d --- /dev/null +++ b/src/plugins/runtime/runtime-whatsapp-login-tool.ts @@ -0,0 +1 @@ +export { createWhatsAppLoginTool as createRuntimeWhatsAppLoginTool } from "../../../extensions/whatsapp/runtime-api.js"; diff --git a/src/plugins/runtime/runtime-whatsapp-login.runtime.ts b/src/plugins/runtime/runtime-whatsapp-login.runtime.ts index 584b9d8d524..baef795d478 100644 --- a/src/plugins/runtime/runtime-whatsapp-login.runtime.ts +++ b/src/plugins/runtime/runtime-whatsapp-login.runtime.ts @@ -1 +1,8 @@ -export { loginWeb } from "../../../extensions/whatsapp/src/login.js"; +import { loginWeb as loginWebImpl } from "../../../extensions/whatsapp/runtime-api.js"; +import type { PluginRuntime } from "./types.js"; + +type RuntimeWhatsAppLogin = Pick; + +export const runtimeWhatsAppLogin = { + loginWeb: loginWebImpl, +} satisfies RuntimeWhatsAppLogin; diff --git a/src/plugins/runtime/runtime-whatsapp-outbound.runtime.ts b/src/plugins/runtime/runtime-whatsapp-outbound.runtime.ts index fca645e90b0..91fcba6fd39 100644 --- a/src/plugins/runtime/runtime-whatsapp-outbound.runtime.ts +++ b/src/plugins/runtime/runtime-whatsapp-outbound.runtime.ts @@ -1 +1,15 @@ -export { sendMessageWhatsApp, sendPollWhatsApp } from "../../../extensions/whatsapp/src/send.js"; +import { + sendMessageWhatsApp as sendMessageWhatsAppImpl, + sendPollWhatsApp as sendPollWhatsAppImpl, +} from "../../../extensions/whatsapp/runtime-api.js"; +import type { PluginRuntime } from "./types.js"; + +type RuntimeWhatsAppOutbound = Pick< + PluginRuntime["channel"]["whatsapp"], + "sendMessageWhatsApp" | "sendPollWhatsApp" +>; + +export const runtimeWhatsAppOutbound = { + sendMessageWhatsApp: sendMessageWhatsAppImpl, + sendPollWhatsApp: sendPollWhatsAppImpl, +} satisfies RuntimeWhatsAppOutbound; diff --git a/src/plugins/runtime/runtime-whatsapp.ts b/src/plugins/runtime/runtime-whatsapp.ts index 20d36a936f0..5ca70688471 100644 --- a/src/plugins/runtime/runtime-whatsapp.ts +++ b/src/plugins/runtime/runtime-whatsapp.ts @@ -1,32 +1,40 @@ -import { getActiveWebListener } from "../../../extensions/whatsapp/src/active-listener.js"; +import { getActiveWebListener } from "../../../extensions/whatsapp/runtime-api.js"; import { getWebAuthAgeMs, logoutWeb, logWebSelfId, readWebSelfId, webAuthExists, -} from "../../../extensions/whatsapp/src/auth-store.js"; -import { createWhatsAppLoginTool } from "../../channels/plugins/agent-tools/whatsapp-login.js"; +} from "../../../extensions/whatsapp/runtime-api.js"; +import { + createLazyRuntimeMethodBinder, + createLazyRuntimeSurface, +} from "../../shared/lazy-runtime.js"; +import { createRuntimeWhatsAppLoginTool } from "./runtime-whatsapp-login-tool.js"; import type { PluginRuntime } from "./types.js"; -const sendMessageWhatsAppLazy: PluginRuntime["channel"]["whatsapp"]["sendMessageWhatsApp"] = async ( - ...args -) => { - const { sendMessageWhatsApp } = await loadWebOutbound(); - return sendMessageWhatsApp(...args); -}; +const loadWebOutbound = createLazyRuntimeSurface( + () => import("./runtime-whatsapp-outbound.runtime.js"), + ({ runtimeWhatsAppOutbound }) => runtimeWhatsAppOutbound, +); -const sendPollWhatsAppLazy: PluginRuntime["channel"]["whatsapp"]["sendPollWhatsApp"] = async ( - ...args -) => { - const { sendPollWhatsApp } = await loadWebOutbound(); - return sendPollWhatsApp(...args); -}; +const loadWebLogin = createLazyRuntimeSurface( + () => import("./runtime-whatsapp-login.runtime.js"), + ({ runtimeWhatsAppLogin }) => runtimeWhatsAppLogin, +); -const loginWebLazy: PluginRuntime["channel"]["whatsapp"]["loginWeb"] = async (...args) => { - const { loginWeb } = await loadWebLogin(); - return loginWeb(...args); -}; +const bindWhatsAppOutboundMethod = createLazyRuntimeMethodBinder(loadWebOutbound); +const bindWhatsAppLoginMethod = createLazyRuntimeMethodBinder(loadWebLogin); + +const sendMessageWhatsAppLazy = bindWhatsAppOutboundMethod( + (runtimeWhatsAppOutbound) => runtimeWhatsAppOutbound.sendMessageWhatsApp, +); +const sendPollWhatsAppLazy = bindWhatsAppOutboundMethod( + (runtimeWhatsAppOutbound) => runtimeWhatsAppOutbound.sendPollWhatsApp, +); +const loginWebLazy = bindWhatsAppLoginMethod( + (runtimeWhatsAppLogin) => runtimeWhatsAppLogin.loginWeb, +); const startWebLoginWithQrLazy: PluginRuntime["channel"]["whatsapp"]["startWebLoginWithQr"] = async ( ...args @@ -56,28 +64,15 @@ const handleWhatsAppActionLazy: PluginRuntime["channel"]["whatsapp"]["handleWhat }; let webLoginQrPromise: Promise< - typeof import("../../../extensions/whatsapp/src/login-qr.js") + typeof import("../../../extensions/whatsapp/login-qr-api.js") > | null = null; let webChannelPromise: Promise | null = null; -let webOutboundPromise: Promise | null = - null; -let webLoginPromise: Promise | null = null; let whatsappActionsPromise: Promise< typeof import("../../agents/tools/whatsapp-actions.js") > | null = null; -function loadWebOutbound() { - webOutboundPromise ??= import("./runtime-whatsapp-outbound.runtime.js"); - return webOutboundPromise; -} - -function loadWebLogin() { - webLoginPromise ??= import("./runtime-whatsapp-login.runtime.js"); - return webLoginPromise; -} - function loadWebLoginQr() { - webLoginQrPromise ??= import("../../../extensions/whatsapp/src/login-qr.js"); + webLoginQrPromise ??= import("../../../extensions/whatsapp/login-qr-api.js"); return webLoginQrPromise; } @@ -106,6 +101,6 @@ export function createRuntimeWhatsApp(): PluginRuntime["channel"]["whatsapp"] { waitForWebLogin: waitForWebLoginLazy, monitorWebChannel: monitorWebChannelLazy, handleWhatsAppAction: handleWhatsAppActionLazy, - createLoginTool: createWhatsAppLoginTool, + createLoginTool: createRuntimeWhatsAppLoginTool, }; } diff --git a/src/plugins/runtime/types-channel.ts b/src/plugins/runtime/types-channel.ts index f8e6e095ef5..ee50b7dd02a 100644 --- a/src/plugins/runtime/types-channel.ts +++ b/src/plugins/runtime/types-channel.ts @@ -87,29 +87,29 @@ export type PluginRuntimeChannel = { shouldHandleTextCommands: typeof import("../../auto-reply/commands-registry.js").shouldHandleTextCommands; }; discord: { - messageActions: typeof import("../../../extensions/discord/src/channel-actions.js").discordMessageActions; - auditChannelPermissions: typeof import("../../../extensions/discord/src/audit.js").auditDiscordChannelPermissions; - listDirectoryGroupsLive: typeof import("../../../extensions/discord/src/directory-live.js").listDiscordDirectoryGroupsLive; - listDirectoryPeersLive: typeof import("../../../extensions/discord/src/directory-live.js").listDiscordDirectoryPeersLive; - probeDiscord: typeof import("../../../extensions/discord/src/probe.js").probeDiscord; - resolveChannelAllowlist: typeof import("../../../extensions/discord/src/resolve-channels.js").resolveDiscordChannelAllowlist; - resolveUserAllowlist: typeof import("../../../extensions/discord/src/resolve-users.js").resolveDiscordUserAllowlist; - sendComponentMessage: typeof import("../../../extensions/discord/src/send.js").sendDiscordComponentMessage; - sendMessageDiscord: typeof import("../../../extensions/discord/src/send.js").sendMessageDiscord; - sendPollDiscord: typeof import("../../../extensions/discord/src/send.js").sendPollDiscord; - monitorDiscordProvider: typeof import("../../../extensions/discord/src/monitor.js").monitorDiscordProvider; + messageActions: typeof import("../../../extensions/discord/runtime-api.js").discordMessageActions; + auditChannelPermissions: typeof import("../../../extensions/discord/runtime-api.js").auditDiscordChannelPermissions; + listDirectoryGroupsLive: typeof import("../../../extensions/discord/runtime-api.js").listDiscordDirectoryGroupsLive; + listDirectoryPeersLive: typeof import("../../../extensions/discord/runtime-api.js").listDiscordDirectoryPeersLive; + probeDiscord: typeof import("../../../extensions/discord/runtime-api.js").probeDiscord; + resolveChannelAllowlist: typeof import("../../../extensions/discord/runtime-api.js").resolveDiscordChannelAllowlist; + resolveUserAllowlist: typeof import("../../../extensions/discord/runtime-api.js").resolveDiscordUserAllowlist; + sendComponentMessage: typeof import("../../../extensions/discord/runtime-api.js").sendDiscordComponentMessage; + sendMessageDiscord: typeof import("../../../extensions/discord/runtime-api.js").sendMessageDiscord; + sendPollDiscord: typeof import("../../../extensions/discord/runtime-api.js").sendPollDiscord; + monitorDiscordProvider: typeof import("../../../extensions/discord/runtime-api.js").monitorDiscordProvider; threadBindings: { - getManager: typeof import("../../../extensions/discord/src/monitor/thread-bindings.js").getThreadBindingManager; - resolveIdleTimeoutMs: typeof import("../../../extensions/discord/src/monitor/thread-bindings.js").resolveThreadBindingIdleTimeoutMs; - resolveInactivityExpiresAt: typeof import("../../../extensions/discord/src/monitor/thread-bindings.js").resolveThreadBindingInactivityExpiresAt; - resolveMaxAgeMs: typeof import("../../../extensions/discord/src/monitor/thread-bindings.js").resolveThreadBindingMaxAgeMs; - resolveMaxAgeExpiresAt: typeof import("../../../extensions/discord/src/monitor/thread-bindings.js").resolveThreadBindingMaxAgeExpiresAt; - setIdleTimeoutBySessionKey: typeof import("../../../extensions/discord/src/monitor/thread-bindings.js").setThreadBindingIdleTimeoutBySessionKey; - setMaxAgeBySessionKey: typeof import("../../../extensions/discord/src/monitor/thread-bindings.js").setThreadBindingMaxAgeBySessionKey; - unbindBySessionKey: typeof import("../../../extensions/discord/src/monitor/thread-bindings.js").unbindThreadBindingsBySessionKey; + getManager: typeof import("../../../extensions/discord/runtime-api.js").getThreadBindingManager; + resolveIdleTimeoutMs: typeof import("../../../extensions/discord/runtime-api.js").resolveThreadBindingIdleTimeoutMs; + resolveInactivityExpiresAt: typeof import("../../../extensions/discord/runtime-api.js").resolveThreadBindingInactivityExpiresAt; + resolveMaxAgeMs: typeof import("../../../extensions/discord/runtime-api.js").resolveThreadBindingMaxAgeMs; + resolveMaxAgeExpiresAt: typeof import("../../../extensions/discord/runtime-api.js").resolveThreadBindingMaxAgeExpiresAt; + setIdleTimeoutBySessionKey: typeof import("../../../extensions/discord/runtime-api.js").setThreadBindingIdleTimeoutBySessionKey; + setMaxAgeBySessionKey: typeof import("../../../extensions/discord/runtime-api.js").setThreadBindingMaxAgeBySessionKey; + unbindBySessionKey: typeof import("../../../extensions/discord/runtime-api.js").unbindThreadBindingsBySessionKey; }; typing: { - pulse: typeof import("../../../extensions/discord/src/send.js").sendTypingDiscord; + pulse: typeof import("../../../extensions/discord/runtime-api.js").sendTypingDiscord; start: (params: { channelId: string; accountId?: string; @@ -121,39 +121,39 @@ export type PluginRuntimeChannel = { }>; }; conversationActions: { - editMessage: typeof import("../../../extensions/discord/src/send.js").editMessageDiscord; - deleteMessage: typeof import("../../../extensions/discord/src/send.js").deleteMessageDiscord; - pinMessage: typeof import("../../../extensions/discord/src/send.js").pinMessageDiscord; - unpinMessage: typeof import("../../../extensions/discord/src/send.js").unpinMessageDiscord; - createThread: typeof import("../../../extensions/discord/src/send.js").createThreadDiscord; - editChannel: typeof import("../../../extensions/discord/src/send.js").editChannelDiscord; + editMessage: typeof import("../../../extensions/discord/runtime-api.js").editMessageDiscord; + deleteMessage: typeof import("../../../extensions/discord/runtime-api.js").deleteMessageDiscord; + pinMessage: typeof import("../../../extensions/discord/runtime-api.js").pinMessageDiscord; + unpinMessage: typeof import("../../../extensions/discord/runtime-api.js").unpinMessageDiscord; + createThread: typeof import("../../../extensions/discord/runtime-api.js").createThreadDiscord; + editChannel: typeof import("../../../extensions/discord/runtime-api.js").editChannelDiscord; }; }; slack: { - listDirectoryGroupsLive: typeof import("../../../extensions/slack/src/directory-live.js").listSlackDirectoryGroupsLive; - listDirectoryPeersLive: typeof import("../../../extensions/slack/src/directory-live.js").listSlackDirectoryPeersLive; - probeSlack: typeof import("../../../extensions/slack/src/probe.js").probeSlack; - resolveChannelAllowlist: typeof import("../../../extensions/slack/src/resolve-channels.js").resolveSlackChannelAllowlist; - resolveUserAllowlist: typeof import("../../../extensions/slack/src/resolve-users.js").resolveSlackUserAllowlist; - sendMessageSlack: typeof import("../../../extensions/slack/src/send.js").sendMessageSlack; - monitorSlackProvider: typeof import("../../../extensions/slack/src/index.js").monitorSlackProvider; + listDirectoryGroupsLive: typeof import("../../../extensions/slack/runtime-api.js").listSlackDirectoryGroupsLive; + listDirectoryPeersLive: typeof import("../../../extensions/slack/runtime-api.js").listSlackDirectoryPeersLive; + probeSlack: typeof import("../../../extensions/slack/runtime-api.js").probeSlack; + resolveChannelAllowlist: typeof import("../../../extensions/slack/runtime-api.js").resolveSlackChannelAllowlist; + resolveUserAllowlist: typeof import("../../../extensions/slack/runtime-api.js").resolveSlackUserAllowlist; + sendMessageSlack: typeof import("../../../extensions/slack/runtime-api.js").sendMessageSlack; + monitorSlackProvider: typeof import("../../../extensions/slack/runtime-api.js").monitorSlackProvider; handleSlackAction: typeof import("../../agents/tools/slack-actions.js").handleSlackAction; }; telegram: { - auditGroupMembership: typeof import("../../../extensions/telegram/src/audit.js").auditTelegramGroupMembership; - collectUnmentionedGroupIds: typeof import("../../../extensions/telegram/src/audit.js").collectTelegramUnmentionedGroupIds; - probeTelegram: typeof import("../../../extensions/telegram/src/probe.js").probeTelegram; - resolveTelegramToken: typeof import("../../../extensions/telegram/src/token.js").resolveTelegramToken; - sendMessageTelegram: typeof import("../../../extensions/telegram/src/send.js").sendMessageTelegram; - sendPollTelegram: typeof import("../../../extensions/telegram/src/send.js").sendPollTelegram; - monitorTelegramProvider: typeof import("../../../extensions/telegram/src/monitor.js").monitorTelegramProvider; - messageActions: typeof import("../../../extensions/telegram/src/channel-actions.js").telegramMessageActions; + auditGroupMembership: typeof import("../../../extensions/telegram/runtime-api.js").auditTelegramGroupMembership; + collectUnmentionedGroupIds: typeof import("../../../extensions/telegram/runtime-api.js").collectTelegramUnmentionedGroupIds; + probeTelegram: typeof import("../../../extensions/telegram/runtime-api.js").probeTelegram; + resolveTelegramToken: typeof import("../../../extensions/telegram/runtime-api.js").resolveTelegramToken; + sendMessageTelegram: typeof import("../../../extensions/telegram/runtime-api.js").sendMessageTelegram; + sendPollTelegram: typeof import("../../../extensions/telegram/runtime-api.js").sendPollTelegram; + monitorTelegramProvider: typeof import("../../../extensions/telegram/runtime-api.js").monitorTelegramProvider; + messageActions: typeof import("../../../extensions/telegram/runtime-api.js").telegramMessageActions; threadBindings: { - setIdleTimeoutBySessionKey: typeof import("../../../extensions/telegram/src/thread-bindings.js").setTelegramThreadBindingIdleTimeoutBySessionKey; - setMaxAgeBySessionKey: typeof import("../../../extensions/telegram/src/thread-bindings.js").setTelegramThreadBindingMaxAgeBySessionKey; + setIdleTimeoutBySessionKey: typeof import("../../../extensions/telegram/runtime-api.js").setTelegramThreadBindingIdleTimeoutBySessionKey; + setMaxAgeBySessionKey: typeof import("../../../extensions/telegram/runtime-api.js").setTelegramThreadBindingMaxAgeBySessionKey; }; typing: { - pulse: typeof import("../../../extensions/telegram/src/send.js").sendTypingTelegram; + pulse: typeof import("../../../extensions/telegram/runtime-api.js").sendTypingTelegram; start: (params: { to: string; accountId?: string; @@ -166,8 +166,8 @@ export type PluginRuntimeChannel = { }>; }; conversationActions: { - editMessage: typeof import("../../../extensions/telegram/src/send.js").editMessageTelegram; - editReplyMarkup: typeof import("../../../extensions/telegram/src/send.js").editMessageReplyMarkupTelegram; + editMessage: typeof import("../../../extensions/telegram/runtime-api.js").editMessageTelegram; + editReplyMarkup: typeof import("../../../extensions/telegram/runtime-api.js").editMessageReplyMarkupTelegram; clearReplyMarkup: ( chatIdInput: string | number, messageIdInput: string | number, @@ -180,38 +180,38 @@ export type PluginRuntimeChannel = { cfg?: ReturnType; }, ) => Promise<{ ok: true; messageId: string; chatId: string }>; - deleteMessage: typeof import("../../../extensions/telegram/src/send.js").deleteMessageTelegram; - renameTopic: typeof import("../../../extensions/telegram/src/send.js").renameForumTopicTelegram; - pinMessage: typeof import("../../../extensions/telegram/src/send.js").pinMessageTelegram; - unpinMessage: typeof import("../../../extensions/telegram/src/send.js").unpinMessageTelegram; + deleteMessage: typeof import("../../../extensions/telegram/runtime-api.js").deleteMessageTelegram; + renameTopic: typeof import("../../../extensions/telegram/runtime-api.js").renameForumTopicTelegram; + pinMessage: typeof import("../../../extensions/telegram/runtime-api.js").pinMessageTelegram; + unpinMessage: typeof import("../../../extensions/telegram/runtime-api.js").unpinMessageTelegram; }; }; signal: { - probeSignal: typeof import("../../../extensions/signal/src/probe.js").probeSignal; - sendMessageSignal: typeof import("../../../extensions/signal/src/send.js").sendMessageSignal; - monitorSignalProvider: typeof import("../../../extensions/signal/src/index.js").monitorSignalProvider; + probeSignal: typeof import("../../../extensions/signal/runtime-api.js").probeSignal; + sendMessageSignal: typeof import("../../../extensions/signal/runtime-api.js").sendMessageSignal; + monitorSignalProvider: typeof import("../../../extensions/signal/runtime-api.js").monitorSignalProvider; messageActions: typeof import("../../channels/plugins/actions/signal.js").signalMessageActions; }; imessage: { - monitorIMessageProvider: typeof import("../../../extensions/imessage/src/monitor.js").monitorIMessageProvider; - probeIMessage: typeof import("../../../extensions/imessage/src/probe.js").probeIMessage; - sendMessageIMessage: typeof import("../../../extensions/imessage/src/send.js").sendMessageIMessage; + monitorIMessageProvider: typeof import("../../../extensions/imessage/runtime-api.js").monitorIMessageProvider; + probeIMessage: typeof import("../../../extensions/imessage/runtime-api.js").probeIMessage; + sendMessageIMessage: typeof import("../../../extensions/imessage/runtime-api.js").sendMessageIMessage; }; whatsapp: { - getActiveWebListener: typeof import("../../../extensions/whatsapp/src/active-listener.js").getActiveWebListener; - getWebAuthAgeMs: typeof import("../../../extensions/whatsapp/src/auth-store.js").getWebAuthAgeMs; - logoutWeb: typeof import("../../../extensions/whatsapp/src/auth-store.js").logoutWeb; - logWebSelfId: typeof import("../../../extensions/whatsapp/src/auth-store.js").logWebSelfId; - readWebSelfId: typeof import("../../../extensions/whatsapp/src/auth-store.js").readWebSelfId; - webAuthExists: typeof import("../../../extensions/whatsapp/src/auth-store.js").webAuthExists; - sendMessageWhatsApp: typeof import("../../../extensions/whatsapp/src/send.js").sendMessageWhatsApp; - sendPollWhatsApp: typeof import("../../../extensions/whatsapp/src/send.js").sendPollWhatsApp; - loginWeb: typeof import("../../../extensions/whatsapp/src/login.js").loginWeb; - startWebLoginWithQr: typeof import("../../../extensions/whatsapp/src/login-qr.js").startWebLoginWithQr; - waitForWebLogin: typeof import("../../../extensions/whatsapp/src/login-qr.js").waitForWebLogin; + getActiveWebListener: typeof import("../../../extensions/whatsapp/runtime-api.js").getActiveWebListener; + getWebAuthAgeMs: typeof import("../../../extensions/whatsapp/runtime-api.js").getWebAuthAgeMs; + logoutWeb: typeof import("../../../extensions/whatsapp/runtime-api.js").logoutWeb; + logWebSelfId: typeof import("../../../extensions/whatsapp/runtime-api.js").logWebSelfId; + readWebSelfId: typeof import("../../../extensions/whatsapp/runtime-api.js").readWebSelfId; + webAuthExists: typeof import("../../../extensions/whatsapp/runtime-api.js").webAuthExists; + sendMessageWhatsApp: typeof import("../../../extensions/whatsapp/runtime-api.js").sendMessageWhatsApp; + sendPollWhatsApp: typeof import("../../../extensions/whatsapp/runtime-api.js").sendPollWhatsApp; + loginWeb: typeof import("../../../extensions/whatsapp/runtime-api.js").loginWeb; + startWebLoginWithQr: typeof import("../../../extensions/whatsapp/login-qr-api.js").startWebLoginWithQr; + waitForWebLogin: typeof import("../../../extensions/whatsapp/login-qr-api.js").waitForWebLogin; monitorWebChannel: typeof import("../../channels/web/index.js").monitorWebChannel; handleWhatsAppAction: typeof import("../../agents/tools/whatsapp-actions.js").handleWhatsAppAction; - createLoginTool: typeof import("../../channels/plugins/agent-tools/whatsapp-login.js").createWhatsAppLoginTool; + createLoginTool: typeof import("./runtime-whatsapp-login-tool.js").createRuntimeWhatsAppLoginTool; }; line: { listLineAccountIds: typeof import("../../line/accounts.js").listLineAccountIds; diff --git a/src/plugins/runtime/types-core.ts b/src/plugins/runtime/types-core.ts index c25c3afa86b..2ca6f6c035a 100644 --- a/src/plugins/runtime/types-core.ts +++ b/src/plugins/runtime/types-core.ts @@ -13,6 +13,25 @@ export type PluginRuntimeCore = { loadConfig: typeof import("../../config/config.js").loadConfig; writeConfigFile: typeof import("../../config/config.js").writeConfigFile; }; + agent: { + defaults: { + model: typeof import("../../agents/defaults.js").DEFAULT_MODEL; + provider: typeof import("../../agents/defaults.js").DEFAULT_PROVIDER; + }; + resolveAgentDir: typeof import("../../agents/agent-scope.js").resolveAgentDir; + resolveAgentWorkspaceDir: typeof import("../../agents/agent-scope.js").resolveAgentWorkspaceDir; + resolveAgentIdentity: typeof import("../../agents/identity.js").resolveAgentIdentity; + resolveThinkingDefault: typeof import("../../agents/model-selection.js").resolveThinkingDefault; + runEmbeddedPiAgent: typeof import("../../agents/pi-embedded.js").runEmbeddedPiAgent; + resolveAgentTimeoutMs: typeof import("../../agents/timeout.js").resolveAgentTimeoutMs; + ensureAgentWorkspace: typeof import("../../agents/workspace.js").ensureAgentWorkspace; + session: { + resolveStorePath: typeof import("../../config/sessions.js").resolveStorePath; + loadSessionStore: typeof import("../../config/sessions.js").loadSessionStore; + saveSessionStore: typeof import("../../config/sessions.js").saveSessionStore; + resolveSessionFilePath: typeof import("../../config/sessions.js").resolveSessionFilePath; + }; + }; system: { enqueueSystemEvent: typeof import("../../infra/system-events.js").enqueueSystemEvent; requestHeartbeatNow: typeof import("../../infra/heartbeat-wake.js").requestHeartbeatNow; @@ -20,7 +39,7 @@ export type PluginRuntimeCore = { formatNativeDependencyHint: typeof import("./native-deps.js").formatNativeDependencyHint; }; media: { - loadWebMedia: typeof import("../../../extensions/whatsapp/src/media.js").loadWebMedia; + loadWebMedia: typeof import("../../../extensions/whatsapp/runtime-api.js").loadWebMedia; detectMime: typeof import("../../media/mime.js").detectMime; mediaKindFromMime: typeof import("../../media/constants.js").mediaKindFromMime; isVoiceCompatibleAudio: typeof import("../../media/audio.js").isVoiceCompatibleAudio; @@ -28,7 +47,24 @@ export type PluginRuntimeCore = { resizeToJpeg: typeof import("../../media/image-ops.js").resizeToJpeg; }; tts: { - textToSpeechTelephony: typeof import("../../tts/tts.js").textToSpeechTelephony; + textToSpeech: typeof import("../../tts/runtime.js").textToSpeech; + textToSpeechTelephony: typeof import("../../tts/runtime.js").textToSpeechTelephony; + listVoices: typeof import("../../tts/runtime.js").listSpeechVoices; + }; + mediaUnderstanding: { + runFile: typeof import("../../media-understanding/runtime.js").runMediaUnderstandingFile; + describeImageFile: typeof import("../../media-understanding/runtime.js").describeImageFile; + describeImageFileWithModel: typeof import("../../media-understanding/runtime.js").describeImageFileWithModel; + describeVideoFile: typeof import("../../media-understanding/runtime.js").describeVideoFile; + transcribeAudioFile: typeof import("../../media-understanding/runtime.js").transcribeAudioFile; + }; + imageGeneration: { + generate: typeof import("../../image-generation/runtime.js").generateImage; + listProviders: typeof import("../../image-generation/runtime.js").listRuntimeImageGenerationProviders; + }; + webSearch: { + listProviders: typeof import("../../web-search/runtime.js").listWebSearchProviders; + search: typeof import("../../web-search/runtime.js").runWebSearch; }; stt: { transcribeAudioFile: typeof import("../../media-understanding/transcribe-audio.js").transcribeAudioFile; diff --git a/src/plugins/runtime/types.ts b/src/plugins/runtime/types.ts index 245e8dd1274..aa1118ecf92 100644 --- a/src/plugins/runtime/types.ts +++ b/src/plugins/runtime/types.ts @@ -8,6 +8,8 @@ export type { RuntimeLogger }; export type SubagentRunParams = { sessionKey: string; message: string; + provider?: string; + model?: string; extraSystemPrompt?: string; lane?: string; deliver?: boolean; diff --git a/src/plugins/runtime/typing-lease.test-support.ts b/src/plugins/runtime/typing-lease.test-support.ts new file mode 100644 index 00000000000..f32511d760d --- /dev/null +++ b/src/plugins/runtime/typing-lease.test-support.ts @@ -0,0 +1,47 @@ +import { expect, vi } from "vitest"; + +export async function expectIndependentTypingLeases< + TParams extends { intervalMs?: number; pulse: (...args: never[]) => Promise }, + TLease extends { refresh: () => Promise; stop: () => void }, +>(params: { + createLease: (params: TParams) => Promise; + buildParams: (pulse: TParams["pulse"]) => TParams; +}) { + vi.useFakeTimers(); + const pulse = vi.fn(async () => undefined) as TParams["pulse"]; + + const leaseA = await params.createLease(params.buildParams(pulse)); + const leaseB = await params.createLease(params.buildParams(pulse)); + + expect(pulse).toHaveBeenCalledTimes(2); + + await vi.advanceTimersByTimeAsync(2_000); + expect(pulse).toHaveBeenCalledTimes(4); + + leaseA.stop(); + await vi.advanceTimersByTimeAsync(2_000); + expect(pulse).toHaveBeenCalledTimes(5); + + await leaseB.refresh(); + expect(pulse).toHaveBeenCalledTimes(6); + + leaseB.stop(); +} + +export async function expectBackgroundTypingPulseFailuresAreSwallowed< + TParams extends { intervalMs?: number; pulse: (...args: never[]) => Promise }, + TLease extends { stop: () => void }, +>(params: { + createLease: (params: TParams) => Promise; + buildParams: (pulse: TParams["pulse"]) => TParams; + pulse: TParams["pulse"]; +}) { + vi.useFakeTimers(); + + const lease = await params.createLease(params.buildParams(params.pulse)); + + await expect(vi.advanceTimersByTimeAsync(2_000)).resolves.toBe(vi); + expect(params.pulse).toHaveBeenCalledTimes(2); + + lease.stop(); +} diff --git a/src/plugins/setup-binary.ts b/src/plugins/setup-binary.ts new file mode 100644 index 00000000000..c1e534c2944 --- /dev/null +++ b/src/plugins/setup-binary.ts @@ -0,0 +1,36 @@ +import fs from "node:fs/promises"; +import path from "node:path"; +import { isSafeExecutableValue } from "../infra/exec-safety.js"; +import { runCommandWithTimeout } from "../process/exec.js"; +import { resolveUserPath } from "../utils.js"; + +export async function detectBinary(name: string): Promise { + if (!name?.trim()) { + return false; + } + if (!isSafeExecutableValue(name)) { + return false; + } + const resolved = name.startsWith("~") ? resolveUserPath(name) : name; + if ( + path.isAbsolute(resolved) || + resolved.startsWith(".") || + resolved.includes("/") || + resolved.includes("\\") + ) { + try { + await fs.access(resolved); + return true; + } catch { + return false; + } + } + + const command = process.platform === "win32" ? ["where", name] : ["/usr/bin/env", "which", name]; + try { + const result = await runCommandWithTimeout(command, { timeoutMs: 2000 }); + return result.code === 0 && result.stdout.trim().length > 0; + } catch { + return false; + } +} diff --git a/src/plugins/setup-browser.ts b/src/plugins/setup-browser.ts new file mode 100644 index 00000000000..eca0ab486bd --- /dev/null +++ b/src/plugins/setup-browser.ts @@ -0,0 +1,112 @@ +import { isWSL, isWSLEnv } from "../infra/wsl.js"; +import { runCommandWithTimeout } from "../process/exec.js"; +import { detectBinary } from "./setup-binary.js"; + +function shouldSkipBrowserOpenInTests(): boolean { + if (process.env.VITEST) { + return true; + } + return process.env.NODE_ENV === "test"; +} + +type BrowserOpenCommand = { + argv: string[] | null; + command?: string; + quoteUrl?: boolean; +}; + +async function resolveBrowserOpenCommand(): Promise { + const platform = process.platform; + const hasDisplay = Boolean(process.env.DISPLAY || process.env.WAYLAND_DISPLAY); + const isSsh = + Boolean(process.env.SSH_CLIENT) || + Boolean(process.env.SSH_TTY) || + Boolean(process.env.SSH_CONNECTION); + + if (isSsh && !hasDisplay && platform !== "win32") { + return { argv: null }; + } + + if (platform === "win32") { + return { + argv: ["cmd", "/c", "start", ""], + command: "cmd", + quoteUrl: true, + }; + } + + if (platform === "darwin") { + const hasOpen = await detectBinary("open"); + return hasOpen ? { argv: ["open"], command: "open" } : { argv: null }; + } + + if (platform === "linux") { + const wsl = await isWSL(); + if (!hasDisplay && !wsl) { + return { argv: null }; + } + if (wsl) { + const hasWslview = await detectBinary("wslview"); + if (hasWslview) { + return { argv: ["wslview"], command: "wslview" }; + } + if (!hasDisplay) { + return { argv: null }; + } + } + const hasXdgOpen = await detectBinary("xdg-open"); + return hasXdgOpen ? { argv: ["xdg-open"], command: "xdg-open" } : { argv: null }; + } + + return { argv: null }; +} + +export function isRemoteEnvironment(): boolean { + if (process.env.SSH_CLIENT || process.env.SSH_TTY || process.env.SSH_CONNECTION) { + return true; + } + + if (process.env.REMOTE_CONTAINERS || process.env.CODESPACES) { + return true; + } + + if ( + process.platform === "linux" && + !process.env.DISPLAY && + !process.env.WAYLAND_DISPLAY && + !isWSLEnv() + ) { + return true; + } + + return false; +} + +export async function openUrl(url: string): Promise { + if (shouldSkipBrowserOpenInTests()) { + return false; + } + const resolved = await resolveBrowserOpenCommand(); + if (!resolved.argv) { + return false; + } + const quoteUrl = resolved.quoteUrl === true; + const command = [...resolved.argv]; + if (quoteUrl) { + if (command.at(-1) === "") { + command[command.length - 1] = '""'; + } + command.push(`"${url}"`); + } else { + command.push(url); + } + try { + await runCommandWithTimeout(command, { + timeoutMs: 5_000, + windowsVerbatimArguments: quoteUrl, + }); + return true; + } catch { + return false; + } +} diff --git a/src/plugins/signal-cli-install.ts b/src/plugins/signal-cli-install.ts new file mode 100644 index 00000000000..a5c73392b4b --- /dev/null +++ b/src/plugins/signal-cli-install.ts @@ -0,0 +1,302 @@ +import { createWriteStream } from "node:fs"; +import fs from "node:fs/promises"; +import { request } from "node:https"; +import os from "node:os"; +import path from "node:path"; +import { pipeline } from "node:stream/promises"; +import { extractArchive } from "../infra/archive.js"; +import { resolveBrewExecutable } from "../infra/brew.js"; +import { runCommandWithTimeout } from "../process/exec.js"; +import type { RuntimeEnv } from "../runtime.js"; +import { CONFIG_DIR } from "../utils.js"; + +export type ReleaseAsset = { + name?: string; + browser_download_url?: string; +}; + +export type NamedAsset = { + name: string; + browser_download_url: string; +}; + +type ReleaseResponse = { + tag_name?: string; + assets?: ReleaseAsset[]; +}; + +export type SignalInstallResult = { + ok: boolean; + cliPath?: string; + version?: string; + error?: string; +}; + +/** @internal Exported for testing. */ +export async function extractSignalCliArchive( + archivePath: string, + installRoot: string, + timeoutMs: number, +): Promise { + await extractArchive({ archivePath, destDir: installRoot, timeoutMs }); +} + +/** @internal Exported for testing. */ +export function looksLikeArchive(name: string): boolean { + return name.endsWith(".tar.gz") || name.endsWith(".tgz") || name.endsWith(".zip"); +} + +/** + * Pick a native release asset from the official GitHub releases. + * + * The official signal-cli releases only publish native (GraalVM) binaries for + * x86-64 Linux. On architectures where no native asset is available this + * returns `undefined` so the caller can fall back to a different install + * strategy (e.g. Homebrew). + */ +/** @internal Exported for testing. */ +export function pickAsset( + assets: ReleaseAsset[], + platform: NodeJS.Platform, + arch: string, +): NamedAsset | undefined { + const withName = assets.filter((asset): asset is NamedAsset => + Boolean(asset.name && asset.browser_download_url), + ); + + // Archives only, excluding signature files (.asc) + const archives = withName.filter((a) => looksLikeArchive(a.name.toLowerCase())); + + const byName = (pattern: RegExp) => + archives.find((asset) => pattern.test(asset.name.toLowerCase())); + + if (platform === "linux") { + // The official "Linux-native" asset is an x86-64 GraalVM binary. + // On non-x64 architectures it will fail with "Exec format error", + // so only select it when the host architecture matches. + if (arch === "x64") { + return byName(/linux-native/) || byName(/linux/) || archives[0]; + } + // No native release for this arch — caller should fall back. + return undefined; + } + + if (platform === "darwin") { + return byName(/macos|osx|darwin/) || archives[0]; + } + + if (platform === "win32") { + return byName(/windows|win/) || archives[0]; + } + + return archives[0]; +} + +async function downloadToFile(url: string, dest: string, maxRedirects = 5): Promise { + await new Promise((resolve, reject) => { + const req = request(url, (res) => { + if (res.statusCode && res.statusCode >= 300 && res.statusCode < 400) { + const location = res.headers.location; + if (!location || maxRedirects <= 0) { + reject(new Error("Redirect loop or missing Location header")); + return; + } + const redirectUrl = new URL(location, url).href; + resolve(downloadToFile(redirectUrl, dest, maxRedirects - 1)); + return; + } + if (!res.statusCode || res.statusCode >= 400) { + reject(new Error(`HTTP ${res.statusCode ?? "?"} downloading file`)); + return; + } + const out = createWriteStream(dest); + pipeline(res, out).then(resolve).catch(reject); + }); + req.on("error", reject); + req.end(); + }); +} + +async function findSignalCliBinary(root: string): Promise { + const candidates: string[] = []; + const enqueue = async (dir: string, depth: number) => { + if (depth > 3) { + return; + } + const entries = await fs.readdir(dir, { withFileTypes: true }).catch(() => []); + for (const entry of entries) { + const full = path.join(dir, entry.name); + if (entry.isDirectory()) { + await enqueue(full, depth + 1); + } else if (entry.isFile() && entry.name === "signal-cli") { + candidates.push(full); + } + } + }; + await enqueue(root, 0); + return candidates[0] ?? null; +} + +// --------------------------------------------------------------------------- +// Brew-based install (used on architectures without an official native build) +// --------------------------------------------------------------------------- + +async function resolveBrewSignalCliPath(brewExe: string): Promise { + try { + const result = await runCommandWithTimeout([brewExe, "--prefix", "signal-cli"], { + timeoutMs: 10_000, + }); + if (result.code === 0 && result.stdout.trim()) { + const prefix = result.stdout.trim(); + // Homebrew installs the wrapper script at /bin/signal-cli + const candidate = path.join(prefix, "bin", "signal-cli"); + try { + await fs.access(candidate); + return candidate; + } catch { + // Fall back to searching the prefix + return findSignalCliBinary(prefix); + } + } + } catch { + // ignore + } + return null; +} + +async function installSignalCliViaBrew(runtime: RuntimeEnv): Promise { + const brewExe = resolveBrewExecutable(); + if (!brewExe) { + return { + ok: false, + error: + `No native signal-cli build is available for ${process.arch}. ` + + "Install Homebrew (https://brew.sh) and try again, or install signal-cli manually.", + }; + } + + runtime.log(`Installing signal-cli via Homebrew (${brewExe})…`); + const result = await runCommandWithTimeout([brewExe, "install", "signal-cli"], { + timeoutMs: 15 * 60_000, // brew builds from source; can take a while + }); + + if (result.code !== 0) { + return { + ok: false, + error: `brew install signal-cli failed (exit ${result.code}): ${result.stderr.trim().slice(0, 200)}`, + }; + } + + const cliPath = await resolveBrewSignalCliPath(brewExe); + if (!cliPath) { + return { + ok: false, + error: "brew install succeeded but signal-cli binary was not found.", + }; + } + + // Extract version from the installed binary. + let version: string | undefined; + try { + const vResult = await runCommandWithTimeout([cliPath, "--version"], { + timeoutMs: 10_000, + }); + // Output is typically "signal-cli 0.13.24" + version = vResult.stdout.trim().replace(/^signal-cli\s+/, "") || undefined; + } catch { + // non-critical; leave version undefined + } + + return { ok: true, cliPath, version }; +} + +// --------------------------------------------------------------------------- +// Direct download install (used when an official native asset is available) +// --------------------------------------------------------------------------- + +async function installSignalCliFromRelease(runtime: RuntimeEnv): Promise { + const apiUrl = "https://api.github.com/repos/AsamK/signal-cli/releases/latest"; + const response = await fetch(apiUrl, { + headers: { + "User-Agent": "openclaw", + Accept: "application/vnd.github+json", + }, + }); + + if (!response.ok) { + return { + ok: false, + error: `Failed to fetch release info (${response.status})`, + }; + } + + const payload = (await response.json()) as ReleaseResponse; + const version = payload.tag_name?.replace(/^v/, "") ?? "unknown"; + const assets = payload.assets ?? []; + const asset = pickAsset(assets, process.platform, process.arch); + + if (!asset) { + return { + ok: false, + error: "No compatible release asset found for this platform.", + }; + } + + const tmpDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-signal-")); + const archivePath = path.join(tmpDir, asset.name); + + runtime.log(`Downloading signal-cli ${version} (${asset.name})…`); + await downloadToFile(asset.browser_download_url, archivePath); + + const installRoot = path.join(CONFIG_DIR, "tools", "signal-cli", version); + await fs.mkdir(installRoot, { recursive: true }); + + if (!looksLikeArchive(asset.name.toLowerCase())) { + return { ok: false, error: `Unsupported archive type: ${asset.name}` }; + } + try { + await extractSignalCliArchive(archivePath, installRoot, 60_000); + } catch (err) { + const message = err instanceof Error ? err.message : String(err); + return { + ok: false, + error: `Failed to extract ${asset.name}: ${message}`, + }; + } + + const cliPath = await findSignalCliBinary(installRoot); + if (!cliPath) { + return { + ok: false, + error: `signal-cli binary not found after extracting ${asset.name}`, + }; + } + + await fs.chmod(cliPath, 0o755).catch(() => {}); + + return { ok: true, cliPath, version }; +} + +// --------------------------------------------------------------------------- +// Public entry point +// --------------------------------------------------------------------------- + +export async function installSignalCli(runtime: RuntimeEnv): Promise { + if (process.platform === "win32") { + return { + ok: false, + error: "Signal CLI auto-install is not supported on Windows yet.", + }; + } + + // The official signal-cli GitHub releases only ship a native binary for + // x86-64 Linux. On other architectures (arm64, armv7, etc.) we delegate + // to Homebrew which builds from source and bundles the JRE automatically. + const hasNativeRelease = process.platform !== "linux" || process.arch === "x64"; + + if (hasNativeRelease) { + return installSignalCliFromRelease(runtime); + } + + return installSignalCliViaBrew(runtime); +} diff --git a/src/plugins/stage-bundled-plugin-runtime.test.ts b/src/plugins/stage-bundled-plugin-runtime.test.ts index f96a2408c6a..fe246e8fcfe 100644 --- a/src/plugins/stage-bundled-plugin-runtime.test.ts +++ b/src/plugins/stage-bundled-plugin-runtime.test.ts @@ -1,8 +1,11 @@ import fs from "node:fs"; import os from "node:os"; import path from "node:path"; +import { pathToFileURL } from "node:url"; import { afterEach, describe, expect, it } from "vitest"; import { stageBundledPluginRuntime } from "../../scripts/stage-bundled-plugin-runtime.mjs"; +import { discoverOpenClawPlugins } from "./discovery.js"; +import { loadPluginManifestRegistry } from "./manifest-registry.js"; const tempDirs: string[] = []; @@ -19,7 +22,7 @@ afterEach(() => { }); describe("stageBundledPluginRuntime", () => { - it("hard-links bundled dist plugins into dist-runtime and links plugin-local node_modules", () => { + it("stages bundled dist plugins as runtime wrappers and links plugin-local node_modules", () => { const repoRoot = makeRepoRoot("openclaw-stage-bundled-runtime-"); const distPluginDir = path.join(repoRoot, "dist", "extensions", "diffs"); fs.mkdirSync(path.join(repoRoot, "dist"), { recursive: true }); @@ -39,14 +42,16 @@ describe("stageBundledPluginRuntime", () => { const runtimePluginDir = path.join(repoRoot, "dist-runtime", "extensions", "diffs"); expect(fs.existsSync(path.join(runtimePluginDir, "index.js"))).toBe(true); - expect(fs.statSync(path.join(runtimePluginDir, "index.js")).nlink).toBeGreaterThan(1); + expect(fs.readFileSync(path.join(runtimePluginDir, "index.js"), "utf8")).toContain( + "../../../dist/extensions/diffs/index.js", + ); expect(fs.lstatSync(path.join(runtimePluginDir, "node_modules")).isSymbolicLink()).toBe(true); expect(fs.realpathSync(path.join(runtimePluginDir, "node_modules"))).toBe( fs.realpathSync(sourcePluginNodeModulesDir), ); }); - it("hard-links top-level dist chunks so staged bundled plugins keep relative imports working", () => { + it("writes wrappers that forward plugin entry imports into canonical dist files", async () => { const repoRoot = makeRepoRoot("openclaw-stage-bundled-runtime-chunks-"); fs.mkdirSync(path.join(repoRoot, "dist", "extensions", "diffs"), { recursive: true }); fs.writeFileSync( @@ -62,19 +67,245 @@ describe("stageBundledPluginRuntime", () => { stageBundledPluginRuntime({ repoRoot }); - const runtimeChunkPath = path.join(repoRoot, "dist-runtime", "chunk-abc.js"); - expect(fs.readFileSync(runtimeChunkPath, "utf8")).toContain("value = 1"); - expect(fs.statSync(runtimeChunkPath).nlink).toBeGreaterThan(1); - expect( - fs.readFileSync( - path.join(repoRoot, "dist-runtime", "extensions", "diffs", "index.js"), - "utf8", + const runtimeEntryPath = path.join(repoRoot, "dist-runtime", "extensions", "diffs", "index.js"); + expect(fs.readFileSync(runtimeEntryPath, "utf8")).toContain( + "../../../dist/extensions/diffs/index.js", + ); + expect(fs.existsSync(path.join(repoRoot, "dist-runtime", "chunk-abc.js"))).toBe(false); + + const runtimeModule = await import(`${pathToFileURL(runtimeEntryPath).href}?t=${Date.now()}`); + expect(runtimeModule.value).toBe(1); + }); + + it("keeps plugin command registration on the canonical dist graph when loaded from dist-runtime", async () => { + const repoRoot = makeRepoRoot("openclaw-stage-bundled-runtime-commands-"); + const distPluginDir = path.join(repoRoot, "dist", "extensions", "demo"); + const distCommandsDir = path.join(repoRoot, "dist", "plugins"); + fs.mkdirSync(distPluginDir, { recursive: true }); + fs.mkdirSync(distCommandsDir, { recursive: true }); + fs.writeFileSync(path.join(repoRoot, "package.json"), '{ "type": "module" }\n', "utf8"); + fs.writeFileSync( + path.join(distCommandsDir, "commands.js"), + [ + "const registry = globalThis.__openclawTestPluginCommands ??= new Map();", + "export function registerPluginCommand(pluginId, command) {", + " registry.set(`/${command.name.toLowerCase()}`, { ...command, pluginId });", + "}", + "export function clearPluginCommands() {", + " registry.clear();", + "}", + "export function getPluginCommandSpecs(provider) {", + " if (provider && provider !== 'telegram' && provider !== 'discord') return [];", + " return Array.from(registry.values()).map((command) => ({", + " name: command.nativeNames?.[provider] ?? command.nativeNames?.default ?? command.name,", + " description: command.description,", + " acceptsArgs: command.acceptsArgs ?? false,", + " }));", + "}", + "export function matchPluginCommand(commandBody) {", + " const [commandName, ...rest] = commandBody.trim().split(/\\s+/u);", + " const command = registry.get(commandName.toLowerCase());", + " if (!command) return null;", + " return { command, args: rest.length > 0 ? rest.join(' ') : undefined };", + "}", + "export async function executePluginCommand(params) {", + " return params.command.handler({ args: params.args });", + "}", + "", + ].join("\n"), + "utf8", + ); + fs.writeFileSync( + path.join(distPluginDir, "index.js"), + [ + "import { registerPluginCommand } from '../../plugins/commands.js';", + "", + "export function registerDemoCommand() {", + " registerPluginCommand('demo-plugin', {", + " name: 'pair',", + " description: 'Pair a device',", + " acceptsArgs: true,", + " nativeNames: { telegram: 'pair', discord: 'pair' },", + " handler: async ({ args }) => ({ text: `paired:${args ?? ''}` }),", + " });", + "}", + "", + ].join("\n"), + "utf8", + ); + + stageBundledPluginRuntime({ repoRoot }); + + const runtimeEntryPath = path.join(repoRoot, "dist-runtime", "extensions", "demo", "index.js"); + const canonicalCommandsPath = path.join(repoRoot, "dist", "plugins", "commands.js"); + + expect(fs.existsSync(path.join(repoRoot, "dist-runtime", "plugins", "commands.js"))).toBe( + false, + ); + + const runtimeModule = await import(`${pathToFileURL(runtimeEntryPath).href}?t=${Date.now()}`); + const commandsModule = (await import( + `${pathToFileURL(canonicalCommandsPath).href}?t=${Date.now()}` + )) as { + clearPluginCommands: () => void; + getPluginCommandSpecs: (provider?: string) => Array<{ + name: string; + description: string; + acceptsArgs: boolean; + }>; + matchPluginCommand: (commandBody: string) => { + command: { handler: ({ args }: { args?: string }) => Promise<{ text: string }> }; + args?: string; + } | null; + executePluginCommand: (params: { + command: { handler: ({ args }: { args?: string }) => Promise<{ text: string }> }; + args?: string; + }) => Promise<{ text: string }>; + }; + + commandsModule.clearPluginCommands(); + runtimeModule.registerDemoCommand(); + + expect(commandsModule.getPluginCommandSpecs("telegram")).toEqual([ + { name: "pair", description: "Pair a device", acceptsArgs: true }, + ]); + expect(commandsModule.getPluginCommandSpecs("discord")).toEqual([ + { name: "pair", description: "Pair a device", acceptsArgs: true }, + ]); + + const match = commandsModule.matchPluginCommand("/pair now"); + expect(match).not.toBeNull(); + expect(match?.args).toBe("now"); + await expect( + commandsModule.executePluginCommand({ + command: match!.command, + args: match?.args, + }), + ).resolves.toEqual({ text: "paired:now" }); + }); + + it("copies package metadata files but symlinks other non-js plugin artifacts into the runtime overlay", () => { + const repoRoot = makeRepoRoot("openclaw-stage-bundled-runtime-assets-"); + const distPluginDir = path.join(repoRoot, "dist", "extensions", "diffs"); + fs.mkdirSync(path.join(distPluginDir, "assets"), { recursive: true }); + fs.writeFileSync( + path.join(distPluginDir, "package.json"), + JSON.stringify( + { name: "@openclaw/diffs", openclaw: { extensions: ["./index.js"] } }, + null, + 2, ), - ).toContain("../../chunk-abc.js"); - const distChunkStats = fs.statSync(path.join(repoRoot, "dist", "chunk-abc.js")); - const runtimeChunkStats = fs.statSync(runtimeChunkPath); - expect(runtimeChunkStats.ino).toBe(distChunkStats.ino); - expect(runtimeChunkStats.dev).toBe(distChunkStats.dev); + "utf8", + ); + fs.writeFileSync(path.join(distPluginDir, "openclaw.plugin.json"), "{}\n", "utf8"); + fs.writeFileSync(path.join(distPluginDir, "assets", "info.txt"), "ok\n", "utf8"); + + stageBundledPluginRuntime({ repoRoot }); + + const runtimePackagePath = path.join( + repoRoot, + "dist-runtime", + "extensions", + "diffs", + "package.json", + ); + const runtimeManifestPath = path.join( + repoRoot, + "dist-runtime", + "extensions", + "diffs", + "openclaw.plugin.json", + ); + const runtimeAssetPath = path.join( + repoRoot, + "dist-runtime", + "extensions", + "diffs", + "assets", + "info.txt", + ); + + expect(fs.lstatSync(runtimePackagePath).isSymbolicLink()).toBe(false); + expect(fs.readFileSync(runtimePackagePath, "utf8")).toContain('"extensions": ['); + expect(fs.lstatSync(runtimeManifestPath).isSymbolicLink()).toBe(false); + expect(fs.readFileSync(runtimeManifestPath, "utf8")).toBe("{}\n"); + expect(fs.lstatSync(runtimeAssetPath).isSymbolicLink()).toBe(true); + expect(fs.readFileSync(runtimeAssetPath, "utf8")).toBe("ok\n"); + }); + + it("preserves package metadata needed for bundled plugin discovery from dist-runtime", () => { + const repoRoot = makeRepoRoot("openclaw-stage-bundled-runtime-discovery-"); + const distPluginDir = path.join(repoRoot, "dist", "extensions", "demo"); + const runtimeExtensionsDir = path.join(repoRoot, "dist-runtime", "extensions"); + fs.mkdirSync(distPluginDir, { recursive: true }); + fs.writeFileSync( + path.join(distPluginDir, "package.json"), + JSON.stringify( + { + name: "@openclaw/demo", + openclaw: { + extensions: ["./main.js"], + setupEntry: "./setup.js", + startup: { + deferConfiguredChannelFullLoadUntilAfterListen: true, + }, + }, + }, + null, + 2, + ), + "utf8", + ); + fs.writeFileSync( + path.join(distPluginDir, "openclaw.plugin.json"), + JSON.stringify( + { + id: "demo", + channels: ["demo"], + configSchema: { type: "object" }, + }, + null, + 2, + ), + "utf8", + ); + fs.writeFileSync(path.join(distPluginDir, "main.js"), "export default {};\n", "utf8"); + fs.writeFileSync(path.join(distPluginDir, "setup.js"), "export default {};\n", "utf8"); + + stageBundledPluginRuntime({ repoRoot }); + + const env = { + ...process.env, + OPENCLAW_BUNDLED_PLUGINS_DIR: runtimeExtensionsDir, + }; + const discovery = discoverOpenClawPlugins({ + env, + cache: false, + }); + const manifestRegistry = loadPluginManifestRegistry({ + env, + cache: false, + candidates: discovery.candidates, + diagnostics: discovery.diagnostics, + }); + const expectedRuntimeMainPath = fs.realpathSync( + path.join(runtimeExtensionsDir, "demo", "main.js"), + ); + const expectedRuntimeSetupPath = fs.realpathSync( + path.join(runtimeExtensionsDir, "demo", "setup.js"), + ); + + expect(discovery.candidates).toHaveLength(1); + expect(fs.realpathSync(discovery.candidates[0]?.source ?? "")).toBe(expectedRuntimeMainPath); + expect(fs.realpathSync(discovery.candidates[0]?.setupSource ?? "")).toBe( + expectedRuntimeSetupPath, + ); + expect(fs.realpathSync(manifestRegistry.plugins[0]?.setupSource ?? "")).toBe( + expectedRuntimeSetupPath, + ); + expect(manifestRegistry.plugins[0]?.startupDeferConfiguredChannelFullLoadUntilAfterListen).toBe( + true, + ); }); it("removes stale runtime plugin directories that are no longer in dist", () => { diff --git a/src/plugins/status.test.ts b/src/plugins/status.test.ts index c93ce5ef37b..d16db23da4b 100644 --- a/src/plugins/status.test.ts +++ b/src/plugins/status.test.ts @@ -1,8 +1,10 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; -import { buildPluginStatusReport } from "./status.js"; const loadConfigMock = vi.fn(); const loadOpenClawPluginsMock = vi.fn(); +let buildPluginStatusReport: typeof import("./status.js").buildPluginStatusReport; +let buildPluginInspectReport: typeof import("./status.js").buildPluginInspectReport; +let buildAllPluginInspectReports: typeof import("./status.js").buildAllPluginInspectReports; vi.mock("../config/config.js", () => ({ loadConfig: () => loadConfigMock(), @@ -22,7 +24,8 @@ vi.mock("../agents/workspace.js", () => ({ })); describe("buildPluginStatusReport", () => { - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); loadConfigMock.mockReset(); loadOpenClawPluginsMock.mockReset(); loadConfigMock.mockReturnValue({}); @@ -31,13 +34,22 @@ describe("buildPluginStatusReport", () => { diagnostics: [], channels: [], providers: [], + speechProviders: [], + mediaUnderstandingProviders: [], + imageGenerationProviders: [], + webSearchProviders: [], tools: [], hooks: [], + typedHooks: [], + channelSetups: [], + httpRoutes: [], gatewayHandlers: {}, cliRegistrars: [], services: [], commands: [], }); + ({ buildAllPluginInspectReports, buildPluginInspectReport, buildPluginStatusReport } = + await import("./status.js")); }); it("forwards an explicit env to plugin loading", () => { @@ -57,4 +69,192 @@ describe("buildPluginStatusReport", () => { }), ); }); + + it("builds an inspect report with capability shape and policy", () => { + loadConfigMock.mockReturnValue({ + plugins: { + entries: { + google: { + hooks: { allowPromptInjection: false }, + subagent: { + allowModelOverride: true, + allowedModels: ["openai/gpt-5.4"], + }, + }, + }, + }, + }); + loadOpenClawPluginsMock.mockReturnValue({ + plugins: [ + { + id: "google", + name: "Google", + description: "Google provider plugin", + source: "/tmp/google/index.ts", + origin: "bundled", + enabled: true, + status: "loaded", + toolNames: [], + hookNames: [], + channelIds: [], + providerIds: ["google"], + speechProviderIds: [], + mediaUnderstandingProviderIds: ["google"], + imageGenerationProviderIds: ["google"], + webSearchProviderIds: ["google"], + gatewayMethods: [], + cliCommands: [], + services: [], + commands: [], + httpRoutes: 0, + hookCount: 0, + configSchema: false, + }, + ], + diagnostics: [{ level: "warn", pluginId: "google", message: "watch this seam" }], + channels: [], + channelSetups: [], + providers: [], + speechProviders: [], + mediaUnderstandingProviders: [], + imageGenerationProviders: [], + webSearchProviders: [], + tools: [], + hooks: [], + typedHooks: [ + { + pluginId: "google", + hookName: "before_agent_start", + handler: () => undefined, + source: "/tmp/google/index.ts", + }, + ], + httpRoutes: [], + gatewayHandlers: {}, + cliRegistrars: [], + services: [], + commands: [], + }); + + const inspect = buildPluginInspectReport({ id: "google" }); + + expect(inspect).not.toBeNull(); + expect(inspect?.shape).toBe("hybrid-capability"); + expect(inspect?.capabilityMode).toBe("hybrid"); + expect(inspect?.capabilities.map((entry) => entry.kind)).toEqual([ + "text-inference", + "media-understanding", + "image-generation", + "web-search", + ]); + expect(inspect?.usesLegacyBeforeAgentStart).toBe(true); + expect(inspect?.policy).toEqual({ + allowPromptInjection: false, + allowModelOverride: true, + allowedModels: ["openai/gpt-5.4"], + hasAllowedModelsConfig: true, + }); + expect(inspect?.diagnostics).toEqual([ + { level: "warn", pluginId: "google", message: "watch this seam" }, + ]); + }); + + it("builds inspect reports for every loaded plugin", () => { + loadOpenClawPluginsMock.mockReturnValue({ + plugins: [ + { + id: "lca", + name: "LCA", + description: "Legacy hook plugin", + source: "/tmp/lca/index.ts", + origin: "workspace", + enabled: true, + status: "loaded", + toolNames: [], + hookNames: [], + channelIds: [], + providerIds: [], + speechProviderIds: [], + mediaUnderstandingProviderIds: [], + imageGenerationProviderIds: [], + webSearchProviderIds: [], + gatewayMethods: [], + cliCommands: [], + services: [], + commands: [], + httpRoutes: 0, + hookCount: 1, + configSchema: false, + }, + { + id: "microsoft", + name: "Microsoft", + description: "Hybrid capability plugin", + source: "/tmp/microsoft/index.ts", + origin: "bundled", + enabled: true, + status: "loaded", + toolNames: [], + hookNames: [], + channelIds: [], + providerIds: ["microsoft"], + speechProviderIds: [], + mediaUnderstandingProviderIds: [], + imageGenerationProviderIds: [], + webSearchProviderIds: ["microsoft"], + gatewayMethods: [], + cliCommands: [], + services: [], + commands: [], + httpRoutes: 0, + hookCount: 0, + configSchema: false, + }, + ], + diagnostics: [], + channels: [], + channelSetups: [], + providers: [], + speechProviders: [], + mediaUnderstandingProviders: [], + imageGenerationProviders: [], + webSearchProviders: [], + tools: [], + hooks: [ + { + pluginId: "lca", + events: ["message"], + entry: { + hook: { + name: "legacy", + handler: () => undefined, + }, + }, + }, + ], + typedHooks: [ + { + pluginId: "lca", + hookName: "before_agent_start", + handler: () => undefined, + source: "/tmp/lca/index.ts", + }, + ], + httpRoutes: [], + gatewayHandlers: {}, + cliRegistrars: [], + services: [], + commands: [], + }); + + const inspect = buildAllPluginInspectReports(); + + expect(inspect.map((entry) => entry.plugin.id)).toEqual(["lca", "microsoft"]); + expect(inspect.map((entry) => entry.shape)).toEqual(["hook-only", "hybrid-capability"]); + expect(inspect[0]?.usesLegacyBeforeAgentStart).toBe(true); + expect(inspect[1]?.capabilities.map((entry) => entry.kind)).toEqual([ + "text-inference", + "web-search", + ]); + }); }); diff --git a/src/plugins/status.ts b/src/plugins/status.ts index 65c48203eb8..09a75e02516 100644 --- a/src/plugins/status.ts +++ b/src/plugins/status.ts @@ -2,14 +2,67 @@ import { resolveAgentWorkspaceDir, resolveDefaultAgentId } from "../agents/agent import { resolveDefaultAgentWorkspaceDir } from "../agents/workspace.js"; import { loadConfig } from "../config/config.js"; import { createSubsystemLogger } from "../logging/subsystem.js"; +import { normalizePluginsConfig } from "./config-state.js"; import { loadOpenClawPlugins } from "./loader.js"; import { createPluginLoaderLogger } from "./logger.js"; import type { PluginRegistry } from "./registry.js"; +import type { PluginDiagnostic, PluginHookName } from "./types.js"; export type PluginStatusReport = PluginRegistry & { workspaceDir?: string; }; +export type PluginCapabilityKind = + | "text-inference" + | "speech" + | "media-understanding" + | "image-generation" + | "web-search" + | "channel"; + +export type PluginInspectShape = + | "hook-only" + | "plain-capability" + | "hybrid-capability" + | "non-capability"; + +export type PluginInspectReport = { + workspaceDir?: string; + plugin: PluginRegistry["plugins"][number]; + shape: PluginInspectShape; + capabilityMode: "none" | "plain" | "hybrid"; + capabilityCount: number; + capabilities: Array<{ + kind: PluginCapabilityKind; + ids: string[]; + }>; + typedHooks: Array<{ + name: PluginHookName; + priority?: number; + }>; + customHooks: Array<{ + name: string; + events: string[]; + }>; + tools: Array<{ + names: string[]; + optional: boolean; + }>; + commands: string[]; + cliCommands: string[]; + services: string[]; + gatewayMethods: string[]; + httpRouteCount: number; + diagnostics: PluginDiagnostic[]; + policy: { + allowPromptInjection?: boolean; + allowModelOverride?: boolean; + allowedModels: string[]; + hasAllowedModelsConfig: boolean; + }; + usesLegacyBeforeAgentStart: boolean; +}; + const log = createSubsystemLogger("plugins"); export function buildPluginStatusReport(params?: { @@ -36,3 +89,152 @@ export function buildPluginStatusReport(params?: { ...registry, }; } + +function buildCapabilityEntries(plugin: PluginRegistry["plugins"][number]) { + return [ + { kind: "text-inference" as const, ids: plugin.providerIds }, + { kind: "speech" as const, ids: plugin.speechProviderIds }, + { kind: "media-understanding" as const, ids: plugin.mediaUnderstandingProviderIds }, + { kind: "image-generation" as const, ids: plugin.imageGenerationProviderIds }, + { kind: "web-search" as const, ids: plugin.webSearchProviderIds }, + { kind: "channel" as const, ids: plugin.channelIds }, + ].filter((entry) => entry.ids.length > 0); +} + +function deriveInspectShape(params: { + capabilityCount: number; + typedHookCount: number; + customHookCount: number; + toolCount: number; + commandCount: number; + cliCount: number; + serviceCount: number; + gatewayMethodCount: number; + httpRouteCount: number; +}): PluginInspectShape { + if (params.capabilityCount > 1) { + return "hybrid-capability"; + } + if (params.capabilityCount === 1) { + return "plain-capability"; + } + const hasOnlyHooks = + params.typedHookCount + params.customHookCount > 0 && + params.toolCount === 0 && + params.commandCount === 0 && + params.cliCount === 0 && + params.serviceCount === 0 && + params.gatewayMethodCount === 0 && + params.httpRouteCount === 0; + if (hasOnlyHooks) { + return "hook-only"; + } + return "non-capability"; +} + +export function buildPluginInspectReport(params: { + id: string; + config?: ReturnType; + workspaceDir?: string; + env?: NodeJS.ProcessEnv; + report?: PluginStatusReport; +}): PluginInspectReport | null { + const config = params.config ?? loadConfig(); + const report = + params.report ?? + buildPluginStatusReport({ + config, + workspaceDir: params.workspaceDir, + env: params.env, + }); + const plugin = report.plugins.find((entry) => entry.id === params.id || entry.name === params.id); + if (!plugin) { + return null; + } + + const capabilities = buildCapabilityEntries(plugin); + const typedHooks = report.typedHooks + .filter((entry) => entry.pluginId === plugin.id) + .map((entry) => ({ + name: entry.hookName, + priority: entry.priority, + })) + .sort((a, b) => a.name.localeCompare(b.name)); + const customHooks = report.hooks + .filter((entry) => entry.pluginId === plugin.id) + .map((entry) => ({ + name: entry.entry.hook.name, + events: [...entry.events].sort(), + })) + .sort((a, b) => a.name.localeCompare(b.name)); + const tools = report.tools + .filter((entry) => entry.pluginId === plugin.id) + .map((entry) => ({ + names: [...entry.names], + optional: entry.optional, + })); + const diagnostics = report.diagnostics.filter((entry) => entry.pluginId === plugin.id); + const policyEntry = normalizePluginsConfig(config.plugins).entries[plugin.id]; + const capabilityCount = capabilities.length; + + return { + workspaceDir: report.workspaceDir, + plugin, + shape: deriveInspectShape({ + capabilityCount, + typedHookCount: typedHooks.length, + customHookCount: customHooks.length, + toolCount: tools.length, + commandCount: plugin.commands.length, + cliCount: plugin.cliCommands.length, + serviceCount: plugin.services.length, + gatewayMethodCount: plugin.gatewayMethods.length, + httpRouteCount: plugin.httpRoutes, + }), + capabilityMode: capabilityCount === 0 ? "none" : capabilityCount === 1 ? "plain" : "hybrid", + capabilityCount, + capabilities, + typedHooks, + customHooks, + tools, + commands: [...plugin.commands], + cliCommands: [...plugin.cliCommands], + services: [...plugin.services], + gatewayMethods: [...plugin.gatewayMethods], + httpRouteCount: plugin.httpRoutes, + diagnostics, + policy: { + allowPromptInjection: policyEntry?.hooks?.allowPromptInjection, + allowModelOverride: policyEntry?.subagent?.allowModelOverride, + allowedModels: [...(policyEntry?.subagent?.allowedModels ?? [])], + hasAllowedModelsConfig: policyEntry?.subagent?.hasAllowedModelsConfig === true, + }, + usesLegacyBeforeAgentStart: typedHooks.some((entry) => entry.name === "before_agent_start"), + }; +} + +export function buildAllPluginInspectReports(params?: { + config?: ReturnType; + workspaceDir?: string; + env?: NodeJS.ProcessEnv; + report?: PluginStatusReport; +}): PluginInspectReport[] { + const config = params?.config ?? loadConfig(); + const report = + params?.report ?? + buildPluginStatusReport({ + config, + workspaceDir: params?.workspaceDir, + env: params?.env, + }); + + return report.plugins + .map((plugin) => + buildPluginInspectReport({ + id: plugin.id, + config, + report, + }), + ) + .filter((entry): entry is PluginInspectReport => entry !== null); +} diff --git a/src/plugins/tools.optional.test.ts b/src/plugins/tools.optional.test.ts index 20e68f0ca66..c18f5008c31 100644 --- a/src/plugins/tools.optional.test.ts +++ b/src/plugins/tools.optional.test.ts @@ -1,5 +1,4 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; -import { resolvePluginTools } from "./tools.js"; type MockRegistryToolEntry = { pluginId: string; @@ -14,6 +13,8 @@ vi.mock("./loader.js", () => ({ loadOpenClawPlugins: (params: unknown) => loadOpenClawPluginsMock(params), })); +let resolvePluginTools: typeof import("./tools.js").resolvePluginTools; + function makeTool(name: string) { return { name, @@ -90,8 +91,10 @@ function resolveOptionalDemoTools(toolAllowlist?: string[]) { } describe("resolvePluginTools optional tools", () => { - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); loadOpenClawPluginsMock.mockClear(); + ({ resolvePluginTools } = await import("./tools.js")); }); it("skips optional tools without explicit allowlist", () => { @@ -170,4 +173,22 @@ describe("resolvePluginTools optional tools", () => { }), ); }); + + it("forwards gateway subagent binding to plugin runtime options", () => { + setOptionalDemoRegistry(); + + resolvePluginTools({ + context: createContext() as never, + allowGatewaySubagentBinding: true, + toolAllowlist: ["optional_tool"], + }); + + expect(loadOpenClawPluginsMock).toHaveBeenCalledWith( + expect.objectContaining({ + runtimeOptions: { + allowGatewaySubagentBinding: true, + }, + }), + ); + }); }); diff --git a/src/plugins/tools.ts b/src/plugins/tools.ts index ebf96ec6a4c..9a1142a8306 100644 --- a/src/plugins/tools.ts +++ b/src/plugins/tools.ts @@ -47,6 +47,7 @@ export function resolvePluginTools(params: { existingToolNames?: Set; toolAllowlist?: string[]; suppressNameConflicts?: boolean; + allowGatewaySubagentBinding?: boolean; env?: NodeJS.ProcessEnv; }): AnyAgentTool[] { // Fast path: when plugins are effectively disabled, avoid discovery/jiti entirely. @@ -61,6 +62,11 @@ export function resolvePluginTools(params: { const registry = loadOpenClawPlugins({ config: effectiveConfig, workspaceDir: params.context.workspaceDir, + runtimeOptions: params.allowGatewaySubagentBinding + ? { + allowGatewaySubagentBinding: true, + } + : undefined, env, logger: createPluginLoaderLogger(log), }); diff --git a/src/plugins/types.ts b/src/plugins/types.ts index 0c817a99cf8..ae5b2d116b4 100644 --- a/src/plugins/types.ts +++ b/src/plugins/types.ts @@ -17,22 +17,41 @@ import type { AnyAgentTool } from "../agents/tools/common.js"; import type { ThinkLevel } from "../auto-reply/thinking.js"; import type { ReplyPayload } from "../auto-reply/types.js"; import type { ChannelId, ChannelPlugin } from "../channels/plugins/types.js"; -import type { createVpsAwareOAuthHandlers } from "../commands/oauth-flow.js"; -import type { OnboardOptions } from "../commands/onboard-types.js"; import type { OpenClawConfig } from "../config/config.js"; import type { ModelProviderConfig } from "../config/types.js"; import type { GatewayRequestHandler } from "../gateway/server-methods/types.js"; import type { InternalHookHandler } from "../hooks/internal-hooks.js"; import type { HookEntry } from "../hooks/types.js"; +import type { ImageGenerationProvider } from "../image-generation/types.js"; import type { ProviderUsageSnapshot } from "../infra/provider-usage.types.js"; +import type { MediaUnderstandingProvider } from "../media-understanding/types.js"; import type { RuntimeEnv } from "../runtime.js"; import type { RuntimeWebSearchMetadata } from "../secrets/runtime-web-tools.types.js"; +import type { + SpeechProviderConfiguredContext, + SpeechListVoicesRequest, + SpeechProviderId, + SpeechSynthesisRequest, + SpeechSynthesisResult, + SpeechTelephonySynthesisRequest, + SpeechTelephonySynthesisResult, + SpeechVoiceOption, +} from "../tts/provider-types.js"; import type { WizardPrompter } from "../wizard/prompts.js"; +import type { SecretInputMode } from "./provider-auth-types.js"; +import type { createVpsAwareOAuthHandlers } from "./provider-oauth-flow.js"; import type { PluginRuntime } from "./runtime/types.js"; export type { PluginRuntime } from "./runtime/types.js"; export type { AnyAgentTool } from "../agents/tools/common.js"; +export type ProviderAuthOptionBag = { + token?: string; + tokenProvider?: string; + secretInputMode?: SecretInputMode; + [key: string]: unknown; +}; + export type PluginLogger = { debug?: (message: string) => void; info: (message: string) => void; @@ -133,7 +152,7 @@ export type ProviderAuthContext = { * `--token/--token-provider` pairs. Direct `models auth login` usually * leaves this undefined. */ - opts?: Partial; + opts?: ProviderAuthOptionBag; /** * Onboarding secret persistence preference. * @@ -141,7 +160,7 @@ export type ProviderAuthContext = { * plaintext or env/file/exec ref storage. Ad-hoc `models auth login` flows * usually leave it undefined. */ - secretInputMode?: OnboardOptions["secretInputMode"]; + secretInputMode?: SecretInputMode; /** * Whether the provider auth flow should offer the onboarding secret-storage * mode picker when `secretInputMode` is unset. @@ -185,7 +204,7 @@ export type ProviderAuthMethodNonInteractiveContext = { authChoice: string; config: OpenClawConfig; baseConfig: OpenClawConfig; - opts: OnboardOptions; + opts: ProviderAuthOptionBag; runtime: RuntimeEnv; agentDir?: string; workspaceDir?: string; @@ -227,6 +246,18 @@ export type ProviderCatalogContext = { apiKey: string | undefined; discoveryApiKey?: string; }; + resolveProviderAuth: ( + providerId?: string, + options?: { + oauthMarker?: string; + }, + ) => { + apiKey: string | undefined; + discoveryApiKey?: string; + mode: "api_key" | "oauth" | "token" | "none"; + source: "env" | "profile" | "none"; + profileId?: string; + }; }; export type ProviderCatalogResult = @@ -853,6 +884,27 @@ export type PluginWebSearchProviderEntry = WebSearchProviderPlugin & { pluginId: string; }; +export type SpeechProviderPlugin = { + id: SpeechProviderId; + label: string; + aliases?: string[]; + models?: readonly string[]; + voices?: readonly string[]; + isConfigured: (ctx: SpeechProviderConfiguredContext) => boolean; + synthesize: (req: SpeechSynthesisRequest) => Promise; + synthesizeTelephony?: ( + req: SpeechTelephonySynthesisRequest, + ) => Promise; + listVoices?: (req: SpeechListVoicesRequest) => Promise; +}; + +export type PluginSpeechProviderEntry = SpeechProviderPlugin & { + pluginId: string; +}; + +export type MediaUnderstandingProviderPlugin = MediaUnderstandingProvider; +export type ImageGenerationProviderPlugin = ImageGenerationProvider; + export type OpenClawPluginGatewayMethod = { method: string; handler: GatewayRequestHandler; @@ -900,6 +952,8 @@ export type PluginConversationBindingRequestParams = { detachHint?: string; }; +export type PluginConversationBindingResolutionDecision = "allow-once" | "allow-always" | "deny"; + export type PluginConversationBinding = { bindingId: string; pluginId: string; @@ -930,6 +984,24 @@ export type PluginConversationBindingRequestResult = message: string; }; +export type PluginConversationBindingResolvedEvent = { + status: "approved" | "denied"; + binding?: PluginConversationBinding; + decision: PluginConversationBindingResolutionDecision; + request: { + summary?: string; + detachHint?: string; + requestedBySenderId?: string; + conversation: { + channel: string; + accountId: string; + conversationId: string; + parentConversationId?: string; + threadId?: string | number; + }; + }; +}; + /** * Result returned by a plugin command handler. */ @@ -1211,8 +1283,14 @@ export type OpenClawPluginApi = { registerCli: (registrar: OpenClawPluginCliRegistrar, opts?: { commands?: string[] }) => void; registerService: (service: OpenClawPluginService) => void; registerProvider: (provider: ProviderPlugin) => void; + registerSpeechProvider: (provider: SpeechProviderPlugin) => void; + registerMediaUnderstandingProvider: (provider: MediaUnderstandingProviderPlugin) => void; + registerImageGenerationProvider: (provider: ImageGenerationProviderPlugin) => void; registerWebSearchProvider: (provider: WebSearchProviderPlugin) => void; registerInteractiveHandler: (registration: PluginInteractiveHandlerRegistration) => void; + onConversationBindingResolved: ( + handler: (event: PluginConversationBindingResolvedEvent) => void | Promise, + ) => void; /** * Register a custom command that bypasses the LLM agent. * Plugin commands are processed before built-in commands and before agent invocation. diff --git a/src/plugins/update.test.ts b/src/plugins/update.test.ts index e3c21e8d7ef..7e93ab7ba50 100644 --- a/src/plugins/update.test.ts +++ b/src/plugins/update.test.ts @@ -20,6 +20,8 @@ vi.mock("./bundled-sources.js", () => ({ resolveBundledPluginSources: (...args: unknown[]) => resolveBundledPluginSourcesMock(...args), })); +const { syncPluginsForUpdateChannel, updateNpmInstalledPlugins } = await import("./update.js"); + describe("updateNpmInstalledPlugins", () => { beforeEach(() => { installPluginFromNpmSpecMock.mockReset(); @@ -36,7 +38,6 @@ describe("updateNpmInstalledPlugins", () => { extensions: ["index.ts"], }); - const { updateNpmInstalledPlugins } = await import("./update.js"); await updateNpmInstalledPlugins({ config: { plugins: { @@ -71,7 +72,6 @@ describe("updateNpmInstalledPlugins", () => { extensions: ["index.ts"], }); - const { updateNpmInstalledPlugins } = await import("./update.js"); await updateNpmInstalledPlugins({ config: { plugins: { @@ -104,7 +104,6 @@ describe("updateNpmInstalledPlugins", () => { error: "Package not found on npm: @openclaw/missing.", }); - const { updateNpmInstalledPlugins } = await import("./update.js"); const result = await updateNpmInstalledPlugins({ config: { plugins: { @@ -137,7 +136,6 @@ describe("updateNpmInstalledPlugins", () => { error: "unsupported npm spec: github:evil/evil", }); - const { updateNpmInstalledPlugins } = await import("./update.js"); const result = await updateNpmInstalledPlugins({ config: { plugins: { @@ -172,7 +170,6 @@ describe("updateNpmInstalledPlugins", () => { extensions: ["index.ts"], }); - const { updateNpmInstalledPlugins } = await import("./update.js"); const result = await updateNpmInstalledPlugins({ config: { plugins: { @@ -231,7 +228,6 @@ describe("updateNpmInstalledPlugins", () => { marketplacePlugin: "claude-bundle", }); - const { updateNpmInstalledPlugins } = await import("./update.js"); const result = await updateNpmInstalledPlugins({ config: { plugins: { @@ -280,7 +276,6 @@ describe("updateNpmInstalledPlugins", () => { marketplacePlugin: "claude-bundle", }); - const { updateNpmInstalledPlugins } = await import("./update.js"); const result = await updateNpmInstalledPlugins({ config: { plugins: { @@ -330,7 +325,6 @@ describe("syncPluginsForUpdateChannel", () => { ]), ); - const { syncPluginsForUpdateChannel } = await import("./update.js"); const result = await syncPluginsForUpdateChannel({ channel: "beta", config: { @@ -369,7 +363,6 @@ describe("syncPluginsForUpdateChannel", () => { ]), ); - const { syncPluginsForUpdateChannel } = await import("./update.js"); const result = await syncPluginsForUpdateChannel({ channel: "beta", config: { @@ -402,7 +395,6 @@ describe("syncPluginsForUpdateChannel", () => { resolveBundledPluginSourcesMock.mockReturnValue(new Map()); const env = { OPENCLAW_HOME: "/srv/openclaw-home" } as NodeJS.ProcessEnv; - const { syncPluginsForUpdateChannel } = await import("./update.js"); await syncPluginsForUpdateChannel({ channel: "beta", config: {}, @@ -434,7 +426,6 @@ describe("syncPluginsForUpdateChannel", () => { const previousHome = process.env.HOME; process.env.HOME = "/tmp/process-home"; try { - const { syncPluginsForUpdateChannel } = await import("./update.js"); const result = await syncPluginsForUpdateChannel({ channel: "beta", env: { diff --git a/src/plugins/voice-call.plugin.test.ts b/src/plugins/voice-call.plugin.test.ts index 0ca6106d1a9..6a018c27b42 100644 --- a/src/plugins/voice-call.plugin.test.ts +++ b/src/plugins/voice-call.plugin.test.ts @@ -45,7 +45,7 @@ type RegisterCliContext = { function setup(config: Record): Registered { const methods = new Map(); const tools: unknown[] = []; - plugin.register({ + void plugin.register({ id: "voice-call", name: "Voice Call", description: "test", diff --git a/src/plugins/web-search-providers.test.ts b/src/plugins/web-search-providers.test.ts index 52e326ddc04..9d2fd18e030 100644 --- a/src/plugins/web-search-providers.test.ts +++ b/src/plugins/web-search-providers.test.ts @@ -1,7 +1,16 @@ -import { describe, expect, it } from "vitest"; -import { resolvePluginWebSearchProviders } from "./web-search-providers.js"; +import { afterEach, describe, expect, it } from "vitest"; +import { createEmptyPluginRegistry } from "./registry.js"; +import { setActivePluginRegistry } from "./runtime.js"; +import { + resolvePluginWebSearchProviders, + resolveRuntimeWebSearchProviders, +} from "./web-search-providers.js"; describe("resolvePluginWebSearchProviders", () => { + afterEach(() => { + setActivePluginRegistry(createEmptyPluginRegistry()); + }); + it("returns bundled providers in auto-detect order", () => { const providers = resolvePluginWebSearchProviders({}); @@ -72,4 +81,36 @@ describe("resolvePluginWebSearchProviders", () => { expect(providers).toEqual([]); }); + + it("prefers the active plugin registry for runtime resolution", () => { + const registry = createEmptyPluginRegistry(); + registry.webSearchProviders.push({ + pluginId: "custom-search", + pluginName: "Custom Search", + provider: { + id: "custom", + label: "Custom Search", + hint: "Custom runtime provider", + envVars: ["CUSTOM_SEARCH_API_KEY"], + placeholder: "custom-...", + signupUrl: "https://example.com/signup", + autoDetectOrder: 1, + getCredentialValue: () => "configured", + setCredentialValue: () => {}, + createTool: () => ({ + description: "custom", + parameters: {}, + execute: async () => ({}), + }), + }, + source: "test", + }); + setActivePluginRegistry(registry); + + const providers = resolveRuntimeWebSearchProviders({}); + + expect(providers.map((provider) => `${provider.pluginId}:${provider.id}`)).toEqual([ + "custom-search:custom", + ]); + }); }); diff --git a/src/plugins/web-search-providers.ts b/src/plugins/web-search-providers.ts index 97b6d9ee022..585ed0bd36c 100644 --- a/src/plugins/web-search-providers.ts +++ b/src/plugins/web-search-providers.ts @@ -1,113 +1,111 @@ -import { createFirecrawlWebSearchProvider } from "../../extensions/firecrawl/src/firecrawl-search-provider.js"; -import { - createPluginBackedWebSearchProvider, - getScopedCredentialValue, - getTopLevelCredentialValue, - setScopedCredentialValue, - setTopLevelCredentialValue, -} from "../agents/tools/web-search-plugin-factory.js"; +import bravePlugin from "../../extensions/brave/index.js"; +import firecrawlPlugin from "../../extensions/firecrawl/index.js"; +import googlePlugin from "../../extensions/google/index.js"; +import moonshotPlugin from "../../extensions/moonshot/index.js"; +import perplexityPlugin from "../../extensions/perplexity/index.js"; +import xaiPlugin from "../../extensions/xai/index.js"; import { withBundledPluginAllowlistCompat, withBundledPluginEnablementCompat, } from "./bundled-compat.js"; -import { normalizePluginsConfig, resolveEffectiveEnableState } from "./config-state.js"; +import { capturePluginRegistration } from "./captured-registration.js"; import type { PluginLoadOptions } from "./loader.js"; -import type { PluginWebSearchProviderEntry } from "./types.js"; +import type { PluginWebSearchProviderRegistration } from "./registry.js"; +import { getActivePluginRegistry } from "./runtime.js"; +import type { OpenClawPluginApi, PluginWebSearchProviderEntry } from "./types.js"; -const BUNDLED_WEB_SEARCH_ALLOWLIST_COMPAT_PLUGIN_IDS = [ - "brave", - "firecrawl", - "google", - "moonshot", - "perplexity", - "xai", -] as const; +type RegistrablePlugin = { + id: string; + name: string; + register: (api: OpenClawPluginApi) => void; +}; -const BUNDLED_WEB_SEARCH_PROVIDER_REGISTRY = [ - { - pluginId: "brave", - provider: createPluginBackedWebSearchProvider({ - id: "brave", - label: "Brave Search", - hint: "Structured results · country/language/time filters", - envVars: ["BRAVE_API_KEY"], - placeholder: "BSA...", - signupUrl: "https://brave.com/search/api/", - docsUrl: "https://docs.openclaw.ai/brave-search", - autoDetectOrder: 10, - getCredentialValue: getTopLevelCredentialValue, - setCredentialValue: setTopLevelCredentialValue, - }), - }, - { - pluginId: "google", - provider: createPluginBackedWebSearchProvider({ - id: "gemini", - label: "Gemini (Google Search)", - hint: "Google Search grounding · AI-synthesized", - envVars: ["GEMINI_API_KEY"], - placeholder: "AIza...", - signupUrl: "https://aistudio.google.com/apikey", - docsUrl: "https://docs.openclaw.ai/tools/web", - autoDetectOrder: 20, - getCredentialValue: (searchConfig) => getScopedCredentialValue(searchConfig, "gemini"), - setCredentialValue: (searchConfigTarget, value) => - setScopedCredentialValue(searchConfigTarget, "gemini", value), - }), - }, - { - pluginId: "xai", - provider: createPluginBackedWebSearchProvider({ - id: "grok", - label: "Grok (xAI)", - hint: "xAI web-grounded responses", - envVars: ["XAI_API_KEY"], - placeholder: "xai-...", - signupUrl: "https://console.x.ai/", - docsUrl: "https://docs.openclaw.ai/tools/web", - autoDetectOrder: 30, - getCredentialValue: (searchConfig) => getScopedCredentialValue(searchConfig, "grok"), - setCredentialValue: (searchConfigTarget, value) => - setScopedCredentialValue(searchConfigTarget, "grok", value), - }), - }, - { - pluginId: "moonshot", - provider: createPluginBackedWebSearchProvider({ - id: "kimi", - label: "Kimi (Moonshot)", - hint: "Moonshot web search", - envVars: ["KIMI_API_KEY", "MOONSHOT_API_KEY"], - placeholder: "sk-...", - signupUrl: "https://platform.moonshot.cn/", - docsUrl: "https://docs.openclaw.ai/tools/web", - autoDetectOrder: 40, - getCredentialValue: (searchConfig) => getScopedCredentialValue(searchConfig, "kimi"), - setCredentialValue: (searchConfigTarget, value) => - setScopedCredentialValue(searchConfigTarget, "kimi", value), - }), - }, - { - pluginId: "perplexity", - provider: createPluginBackedWebSearchProvider({ - id: "perplexity", - label: "Perplexity Search", - hint: "Structured results · domain/country/language/time filters", - envVars: ["PERPLEXITY_API_KEY", "OPENROUTER_API_KEY"], - placeholder: "pplx-...", - signupUrl: "https://www.perplexity.ai/settings/api", - docsUrl: "https://docs.openclaw.ai/perplexity", - autoDetectOrder: 50, - getCredentialValue: (searchConfig) => getScopedCredentialValue(searchConfig, "perplexity"), - setCredentialValue: (searchConfigTarget, value) => - setScopedCredentialValue(searchConfigTarget, "perplexity", value), - }), - }, - { - pluginId: "firecrawl", - provider: createFirecrawlWebSearchProvider(), - }, -] as const; +const BUNDLED_WEB_SEARCH_PLUGINS: readonly RegistrablePlugin[] = [ + bravePlugin, + firecrawlPlugin, + googlePlugin, + moonshotPlugin, + perplexityPlugin, + xaiPlugin, +]; + +const BUNDLED_WEB_SEARCH_ALLOWLIST_COMPAT_PLUGIN_IDS = BUNDLED_WEB_SEARCH_PLUGINS.map( + (plugin) => plugin.id, +); + +function sortWebSearchProviders( + providers: PluginWebSearchProviderEntry[], +): PluginWebSearchProviderEntry[] { + return providers.toSorted((a, b) => { + const aOrder = a.autoDetectOrder ?? Number.MAX_SAFE_INTEGER; + const bOrder = b.autoDetectOrder ?? Number.MAX_SAFE_INTEGER; + if (aOrder !== bOrder) { + return aOrder - bOrder; + } + return a.id.localeCompare(b.id); + }); +} + +function mapWebSearchProviderEntries( + entries: PluginWebSearchProviderRegistration[], +): PluginWebSearchProviderEntry[] { + return sortWebSearchProviders( + entries.map((entry) => ({ + ...entry.provider, + pluginId: entry.pluginId, + })), + ); +} + +function normalizeWebSearchPluginConfig(params: { + config?: PluginLoadOptions["config"]; + bundledAllowlistCompat?: boolean; +}): PluginLoadOptions["config"] { + const allowlistCompat = params.bundledAllowlistCompat + ? withBundledPluginAllowlistCompat({ + config: params.config, + pluginIds: BUNDLED_WEB_SEARCH_ALLOWLIST_COMPAT_PLUGIN_IDS, + }) + : params.config; + return withBundledPluginEnablementCompat({ + config: allowlistCompat, + pluginIds: BUNDLED_WEB_SEARCH_ALLOWLIST_COMPAT_PLUGIN_IDS, + }); +} + +function captureBundledWebSearchProviders( + plugin: RegistrablePlugin, +): PluginWebSearchProviderRegistration[] { + const captured = capturePluginRegistration(plugin); + return captured.webSearchProviders.map((provider) => ({ + pluginId: plugin.id, + pluginName: plugin.name, + provider, + source: "bundled", + })); +} + +function resolveBundledWebSearchRegistrations(params: { + config?: PluginLoadOptions["config"]; + bundledAllowlistCompat?: boolean; +}): PluginWebSearchProviderRegistration[] { + const config = normalizeWebSearchPluginConfig(params); + if (config?.plugins?.enabled === false) { + return []; + } + const allowlist = config?.plugins?.allow + ? new Set(config.plugins.allow.map((entry) => entry.trim()).filter(Boolean)) + : null; + return BUNDLED_WEB_SEARCH_PLUGINS.flatMap((plugin) => { + if (allowlist && !allowlist.has(plugin.id)) { + return []; + } + if (config?.plugins?.entries?.[plugin.id]?.enabled === false) { + return []; + } + return captureBundledWebSearchProviders(plugin); + }); +} export function resolvePluginWebSearchProviders(params: { config?: PluginLoadOptions["config"]; @@ -115,37 +113,18 @@ export function resolvePluginWebSearchProviders(params: { env?: PluginLoadOptions["env"]; bundledAllowlistCompat?: boolean; }): PluginWebSearchProviderEntry[] { - const allowlistCompat = params.bundledAllowlistCompat - ? withBundledPluginAllowlistCompat({ - config: params.config, - pluginIds: BUNDLED_WEB_SEARCH_ALLOWLIST_COMPAT_PLUGIN_IDS, - }) - : params.config; - const config = withBundledPluginEnablementCompat({ - config: allowlistCompat, - pluginIds: BUNDLED_WEB_SEARCH_ALLOWLIST_COMPAT_PLUGIN_IDS, - }); - const normalizedPlugins = normalizePluginsConfig(config?.plugins); - - return BUNDLED_WEB_SEARCH_PROVIDER_REGISTRY.filter( - ({ pluginId }) => - resolveEffectiveEnableState({ - id: pluginId, - origin: "bundled", - config: normalizedPlugins, - rootConfig: config, - }).enabled, - ) - .map((entry) => ({ - ...entry.provider, - pluginId: entry.pluginId, - })) - .toSorted((a, b) => { - const aOrder = a.autoDetectOrder ?? Number.MAX_SAFE_INTEGER; - const bOrder = b.autoDetectOrder ?? Number.MAX_SAFE_INTEGER; - if (aOrder !== bOrder) { - return aOrder - bOrder; - } - return a.id.localeCompare(b.id); - }); + return mapWebSearchProviderEntries(resolveBundledWebSearchRegistrations(params)); +} + +export function resolveRuntimeWebSearchProviders(params: { + config?: PluginLoadOptions["config"]; + workspaceDir?: string; + env?: PluginLoadOptions["env"]; + bundledAllowlistCompat?: boolean; +}): PluginWebSearchProviderEntry[] { + const runtimeProviders = getActivePluginRegistry()?.webSearchProviders ?? []; + if (runtimeProviders.length > 0) { + return mapWebSearchProviderEntries(runtimeProviders); + } + return resolvePluginWebSearchProviders(params); } diff --git a/src/plugins/wired-hooks-compaction.test.ts b/src/plugins/wired-hooks-compaction.test.ts index 694f4a1f4b4..1fc258d4cef 100644 --- a/src/plugins/wired-hooks-compaction.test.ts +++ b/src/plugins/wired-hooks-compaction.test.ts @@ -1,9 +1,8 @@ /** * Test: before_compaction & after_compaction hook wiring */ -import { beforeAll, beforeEach, describe, expect, it, vi } from "vitest"; +import { beforeEach, describe, expect, it, vi } from "vitest"; import { makeZeroUsageSnapshot } from "../agents/usage.js"; -import { emitAgentEvent } from "../infra/agent-events.js"; const hookMocks = vi.hoisted(() => ({ runner: { @@ -11,13 +10,6 @@ const hookMocks = vi.hoisted(() => ({ runBeforeCompaction: vi.fn(async () => {}), runAfterCompaction: vi.fn(async () => {}), }, -})); - -vi.mock("../plugins/hook-runner-global.js", () => ({ - getGlobalHookRunner: () => hookMocks.runner, -})); - -vi.mock("../infra/agent-events.js", () => ({ emitAgentEvent: vi.fn(), })); @@ -25,29 +17,42 @@ describe("compaction hook wiring", () => { let handleAutoCompactionStart: typeof import("../agents/pi-embedded-subscribe.handlers.compaction.js").handleAutoCompactionStart; let handleAutoCompactionEnd: typeof import("../agents/pi-embedded-subscribe.handlers.compaction.js").handleAutoCompactionEnd; - beforeAll(async () => { - ({ handleAutoCompactionStart, handleAutoCompactionEnd } = - await import("../agents/pi-embedded-subscribe.handlers.compaction.js")); - }); - - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); hookMocks.runner.hasHooks.mockClear(); hookMocks.runner.hasHooks.mockReturnValue(false); hookMocks.runner.runBeforeCompaction.mockClear(); hookMocks.runner.runBeforeCompaction.mockResolvedValue(undefined); hookMocks.runner.runAfterCompaction.mockClear(); hookMocks.runner.runAfterCompaction.mockResolvedValue(undefined); - vi.mocked(emitAgentEvent).mockClear(); + hookMocks.emitAgentEvent.mockClear(); + vi.doMock("../plugins/hook-runner-global.js", () => ({ + getGlobalHookRunner: () => hookMocks.runner, + })); + vi.doMock("../infra/agent-events.js", () => ({ + emitAgentEvent: hookMocks.emitAgentEvent, + })); + ({ handleAutoCompactionStart, handleAutoCompactionEnd } = + await import("../agents/pi-embedded-subscribe.handlers.compaction.js")); }); function createCompactionEndCtx(params: { runId: string; messages?: unknown[]; + sessionFile?: string; + sessionKey?: string; compactionCount?: number; withRetryHooks?: boolean; }) { return { - params: { runId: params.runId, session: { messages: params.messages ?? [] } }, + params: { + runId: params.runId, + sessionKey: params.sessionKey, + session: { + messages: params.messages ?? [], + sessionFile: params.sessionFile, + }, + }, state: { compactionInFlight: true }, log: { debug: vi.fn(), warn: vi.fn() }, maybeResolveCompactionWait: vi.fn(), @@ -94,7 +99,7 @@ describe("compaction hook wiring", () => { const hookCtx = beforeCalls[0]?.[1] as { sessionKey?: string } | undefined; expect(hookCtx?.sessionKey).toBe("agent:main:web-abc123"); expect(ctx.ensureCompactionPromise).toHaveBeenCalledTimes(1); - expect(emitAgentEvent).toHaveBeenCalledWith({ + expect(hookMocks.emitAgentEvent).toHaveBeenCalledWith({ runId: "r1", stream: "compaction", data: { phase: "start" }, @@ -111,6 +116,8 @@ describe("compaction hook wiring", () => { const ctx = createCompactionEndCtx({ runId: "r2", messages: [1, 2], + sessionFile: "/tmp/session.jsonl", + sessionKey: "agent:main:web-xyz", compactionCount: 1, }); @@ -126,16 +133,19 @@ describe("compaction hook wiring", () => { expect(hookMocks.runner.runAfterCompaction).toHaveBeenCalledTimes(1); const afterCalls = hookMocks.runner.runAfterCompaction.mock.calls as unknown as Array< - [unknown] + [unknown, unknown] >; const event = afterCalls[0]?.[0] as - | { messageCount?: number; compactedCount?: number } + | { messageCount?: number; compactedCount?: number; sessionFile?: string } | undefined; expect(event?.messageCount).toBe(2); expect(event?.compactedCount).toBe(1); + expect(event?.sessionFile).toBe("/tmp/session.jsonl"); + const hookCtx = afterCalls[0]?.[1] as { sessionKey?: string } | undefined; + expect(hookCtx?.sessionKey).toBe("agent:main:web-xyz"); expect(ctx.incrementCompactionCount).toHaveBeenCalledTimes(1); expect(ctx.maybeResolveCompactionWait).toHaveBeenCalledTimes(1); - expect(emitAgentEvent).toHaveBeenCalledWith({ + expect(hookMocks.emitAgentEvent).toHaveBeenCalledWith({ runId: "r2", stream: "compaction", data: { phase: "end", willRetry: false, completed: true }, @@ -166,7 +176,7 @@ describe("compaction hook wiring", () => { expect(ctx.noteCompactionRetry).toHaveBeenCalledTimes(1); expect(ctx.resetForCompactionRetry).toHaveBeenCalledTimes(1); expect(ctx.maybeResolveCompactionWait).not.toHaveBeenCalled(); - expect(emitAgentEvent).toHaveBeenCalledWith({ + expect(hookMocks.emitAgentEvent).toHaveBeenCalledWith({ runId: "r3", stream: "compaction", data: { phase: "end", willRetry: true, completed: true }, diff --git a/src/process/command-queue.test.ts b/src/process/command-queue.test.ts index b6e6f17cd85..a35512d4f0d 100644 --- a/src/process/command-queue.test.ts +++ b/src/process/command-queue.test.ts @@ -17,19 +17,19 @@ vi.mock("../logging/diagnostic.js", () => ({ diagnosticLogger: diagnosticMocks.diag, })); -import { - clearCommandLane, - CommandLaneClearedError, - enqueueCommand, - enqueueCommandInLane, - GatewayDrainingError, - getActiveTaskCount, - getQueueSize, - markGatewayDraining, - resetAllLanes, - setCommandLaneConcurrency, - waitForActiveTasks, -} from "./command-queue.js"; +type CommandQueueModule = typeof import("./command-queue.js"); + +let clearCommandLane: CommandQueueModule["clearCommandLane"]; +let CommandLaneClearedError: CommandQueueModule["CommandLaneClearedError"]; +let enqueueCommand: CommandQueueModule["enqueueCommand"]; +let enqueueCommandInLane: CommandQueueModule["enqueueCommandInLane"]; +let GatewayDrainingError: CommandQueueModule["GatewayDrainingError"]; +let getActiveTaskCount: CommandQueueModule["getActiveTaskCount"]; +let getQueueSize: CommandQueueModule["getQueueSize"]; +let markGatewayDraining: CommandQueueModule["markGatewayDraining"]; +let resetAllLanes: CommandQueueModule["resetAllLanes"]; +let setCommandLaneConcurrency: CommandQueueModule["setCommandLaneConcurrency"]; +let waitForActiveTasks: CommandQueueModule["waitForActiveTasks"]; function createDeferred(): { promise: Promise; resolve: () => void } { let resolve!: () => void; @@ -54,7 +54,21 @@ function enqueueBlockedMainTask( } describe("command queue", () => { - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); + ({ + clearCommandLane, + CommandLaneClearedError, + enqueueCommand, + enqueueCommandInLane, + GatewayDrainingError, + getActiveTaskCount, + getQueueSize, + markGatewayDraining, + resetAllLanes, + setCommandLaneConcurrency, + waitForActiveTasks, + } = await import("./command-queue.js")); resetAllLanes(); diagnosticMocks.logLaneEnqueue.mockClear(); diagnosticMocks.logLaneDequeue.mockClear(); diff --git a/src/process/exec.no-output-timer.test.ts b/src/process/exec.no-output-timer.test.ts index 9c851f1e1a2..dfd7348877a 100644 --- a/src/process/exec.no-output-timer.test.ts +++ b/src/process/exec.no-output-timer.test.ts @@ -1,6 +1,6 @@ import type { ChildProcess } from "node:child_process"; import { EventEmitter } from "node:events"; -import { afterEach, describe, expect, it, vi } from "vitest"; +import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; const spawnMock = vi.hoisted(() => vi.fn()); @@ -12,7 +12,9 @@ vi.mock("node:child_process", async () => { }; }); -import { runCommandWithTimeout } from "./exec.js"; +type ExecModule = typeof import("./exec.js"); + +let runCommandWithTimeout: ExecModule["runCommandWithTimeout"]; function createFakeSpawnedChild() { const child = new EventEmitter() as EventEmitter & ChildProcess; @@ -39,6 +41,11 @@ function createFakeSpawnedChild() { } describe("runCommandWithTimeout no-output timer", () => { + beforeEach(async () => { + vi.resetModules(); + ({ runCommandWithTimeout } = await import("./exec.js")); + }); + afterEach(() => { vi.useRealTimers(); vi.restoreAllMocks(); diff --git a/src/process/exec.windows.test.ts b/src/process/exec.windows.test.ts index 85600755dac..b2357858565 100644 --- a/src/process/exec.windows.test.ts +++ b/src/process/exec.windows.test.ts @@ -1,5 +1,5 @@ import { EventEmitter } from "node:events"; -import { afterEach, describe, expect, it, vi } from "vitest"; +import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; const spawnMock = vi.hoisted(() => vi.fn()); const execFileMock = vi.hoisted(() => vi.fn()); @@ -13,7 +13,8 @@ vi.mock("node:child_process", async (importOriginal) => { }; }); -import { runCommandWithTimeout, runExec } from "./exec.js"; +let runCommandWithTimeout: typeof import("./exec.js").runCommandWithTimeout; +let runExec: typeof import("./exec.js").runExec; type MockChild = EventEmitter & { stdout: EventEmitter; @@ -64,6 +65,11 @@ function expectCmdWrappedInvocation(params: { } describe("windows command wrapper behavior", () => { + beforeEach(async () => { + vi.resetModules(); + ({ runCommandWithTimeout, runExec } = await import("./exec.js")); + }); + afterEach(() => { spawnMock.mockReset(); execFileMock.mockReset(); diff --git a/src/process/kill-tree.test.ts b/src/process/kill-tree.test.ts index a506442aed4..7260938b438 100644 --- a/src/process/kill-tree.test.ts +++ b/src/process/kill-tree.test.ts @@ -1,5 +1,4 @@ import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; -import { killProcessTree } from "./kill-tree.js"; const { spawnMock } = vi.hoisted(() => ({ spawnMock: vi.fn(), @@ -9,6 +8,8 @@ vi.mock("node:child_process", () => ({ spawn: (...args: unknown[]) => spawnMock(...args), })); +let killProcessTree: typeof import("./kill-tree.js").killProcessTree; + async function withPlatform(platform: NodeJS.Platform, run: () => Promise | T): Promise { const originalPlatform = Object.getOwnPropertyDescriptor(process, "platform"); Object.defineProperty(process, "platform", { value: platform, configurable: true }); @@ -24,7 +25,9 @@ async function withPlatform(platform: NodeJS.Platform, run: () => Promise describe("killProcessTree", () => { let killSpy: ReturnType; - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); + ({ killProcessTree } = await import("./kill-tree.js")); spawnMock.mockClear(); killSpy = vi.spyOn(process, "kill"); vi.useFakeTimers(); diff --git a/src/process/supervisor/adapters/child.test.ts b/src/process/supervisor/adapters/child.test.ts index 8494a701c7e..2d3040f8811 100644 --- a/src/process/supervisor/adapters/child.test.ts +++ b/src/process/supervisor/adapters/child.test.ts @@ -1,7 +1,7 @@ import type { ChildProcess } from "node:child_process"; import { EventEmitter } from "node:events"; import { PassThrough } from "node:stream"; -import { afterAll, beforeAll, beforeEach, describe, expect, it, vi } from "vitest"; +import { afterAll, beforeEach, describe, expect, it, vi } from "vitest"; const { spawnWithFallbackMock, killProcessTreeMock } = vi.hoisted(() => ({ spawnWithFallbackMock: vi.fn(), @@ -51,11 +51,9 @@ async function createAdapterHarness(params?: { describe("createChildAdapter", () => { const originalServiceMarker = process.env.OPENCLAW_SERVICE_MARKER; - beforeAll(async () => { + beforeEach(async () => { + vi.resetModules(); ({ createChildAdapter } = await import("./child.js")); - }); - - beforeEach(() => { spawnWithFallbackMock.mockClear(); killProcessTreeMock.mockClear(); delete process.env.OPENCLAW_SERVICE_MARKER; diff --git a/src/process/supervisor/adapters/pty.test.ts b/src/process/supervisor/adapters/pty.test.ts index 32ca418b533..83e650c073a 100644 --- a/src/process/supervisor/adapters/pty.test.ts +++ b/src/process/supervisor/adapters/pty.test.ts @@ -1,4 +1,4 @@ -import { afterEach, beforeAll, beforeEach, describe, expect, it, vi } from "vitest"; +import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; const { spawnMock, ptyKillMock, killProcessTreeMock } = vi.hoisted(() => ({ spawnMock: vi.fn(), @@ -39,11 +39,9 @@ function expectSpawnEnv() { describe("createPtyAdapter", () => { let createPtyAdapter: typeof import("./pty.js").createPtyAdapter; - beforeAll(async () => { + beforeEach(async () => { + vi.resetModules(); ({ createPtyAdapter } = await import("./pty.js")); - }); - - beforeEach(() => { spawnMock.mockClear(); ptyKillMock.mockClear(); killProcessTreeMock.mockClear(); diff --git a/src/process/supervisor/supervisor.pty-command.test.ts b/src/process/supervisor/supervisor.pty-command.test.ts index daee348944d..eb3427d462f 100644 --- a/src/process/supervisor/supervisor.pty-command.test.ts +++ b/src/process/supervisor/supervisor.pty-command.test.ts @@ -1,4 +1,4 @@ -import { beforeAll, beforeEach, describe, expect, it, vi } from "vitest"; +import { beforeEach, describe, expect, it, vi } from "vitest"; const { createPtyAdapterMock } = vi.hoisted(() => ({ createPtyAdapterMock: vi.fn(), @@ -35,11 +35,9 @@ function createStubPtyAdapter() { describe("process supervisor PTY command contract", () => { let createProcessSupervisor: typeof import("./supervisor.js").createProcessSupervisor; - beforeAll(async () => { + beforeEach(async () => { + vi.resetModules(); ({ createProcessSupervisor } = await import("./supervisor.js")); - }); - - beforeEach(() => { createPtyAdapterMock.mockClear(); }); diff --git a/src/providers/github-copilot-auth.ts b/src/providers/github-copilot-auth.ts index d4ffb926a5f..efc3cb8dbb5 100644 --- a/src/providers/github-copilot-auth.ts +++ b/src/providers/github-copilot-auth.ts @@ -1,8 +1,8 @@ import { intro, note, outro, spinner } from "@clack/prompts"; import { ensureAuthProfileStore, upsertAuthProfile } from "../agents/auth-profiles.js"; import { updateConfig } from "../commands/models/shared.js"; -import { applyAuthProfileConfig } from "../commands/onboard-auth.js"; import { logConfigUpdated } from "../config/logging.js"; +import { applyAuthProfileConfig } from "../plugins/provider-auth-helpers.js"; import type { RuntimeEnv } from "../runtime.js"; import { stylePromptTitle } from "../terminal/prompt-style.js"; diff --git a/src/security/audit-channel.collect.runtime.ts b/src/security/audit-channel.collect.runtime.ts index 6a33ff6a93a..bed24a7f73e 100644 --- a/src/security/audit-channel.collect.runtime.ts +++ b/src/security/audit-channel.collect.runtime.ts @@ -1 +1,10 @@ -export { collectChannelSecurityFindings } from "./audit-channel.js"; +import { collectChannelSecurityFindings as collectChannelSecurityFindingsImpl } from "./audit-channel.js"; + +type CollectChannelSecurityFindings = + typeof import("./audit-channel.js").collectChannelSecurityFindings; + +export function collectChannelSecurityFindings( + ...args: Parameters +): ReturnType { + return collectChannelSecurityFindingsImpl(...args); +} diff --git a/src/security/audit-channel.runtime.ts b/src/security/audit-channel.runtime.ts index c3435fc2a64..de2d666cb87 100644 --- a/src/security/audit-channel.runtime.ts +++ b/src/security/audit-channel.runtime.ts @@ -1,9 +1,17 @@ -export { readChannelAllowFromStore } from "../pairing/pairing-store.js"; -export { +import { readChannelAllowFromStore } from "../pairing/pairing-store.js"; +import { + isNumericTelegramUserId, + normalizeTelegramAllowFromEntry, +} from "../plugin-sdk/telegram.js"; +import { isDiscordMutableAllowEntry, isZalouserMutableGroupEntry, } from "./mutable-allowlist-detectors.js"; -export { + +export const auditChannelRuntime = { + readChannelAllowFromStore, + isDiscordMutableAllowEntry, + isZalouserMutableGroupEntry, isNumericTelegramUserId, normalizeTelegramAllowFromEntry, -} from "../plugin-sdk-internal/telegram.js"; +}; diff --git a/src/security/audit-channel.ts b/src/security/audit-channel.ts index 44b83c28cc3..dd920e77818 100644 --- a/src/security/audit-channel.ts +++ b/src/security/audit-channel.ts @@ -11,18 +11,15 @@ import { resolveNativeCommandsEnabled, resolveNativeSkillsEnabled } from "../con import type { OpenClawConfig } from "../config/config.js"; import { isDangerousNameMatchingEnabled } from "../config/dangerous-name-matching.js"; import { formatErrorMessage } from "../infra/errors.js"; +import { createLazyRuntimeSurface } from "../shared/lazy-runtime.js"; import { normalizeStringEntries } from "../shared/string-normalization.js"; import type { SecurityAuditFinding, SecurityAuditSeverity } from "./audit.js"; import { resolveDmAllowState } from "./dm-policy-shared.js"; -let auditChannelRuntimeModulePromise: - | Promise - | undefined; - -function loadAuditChannelRuntimeModule() { - auditChannelRuntimeModulePromise ??= import("./audit-channel.runtime.js"); - return auditChannelRuntimeModulePromise; -} +const loadAuditChannelRuntimeModule = createLazyRuntimeSurface( + () => import("./audit-channel.runtime.js"), + ({ auditChannelRuntime }) => auditChannelRuntime, +); function normalizeAllowFromList(list: Array | undefined | null): string[] { return normalizeStringEntries(Array.isArray(list) ? list : undefined); diff --git a/src/security/audit.runtime.ts b/src/security/audit.runtime.ts index 349d2f26fe5..f36d23de14d 100644 --- a/src/security/audit.runtime.ts +++ b/src/security/audit.runtime.ts @@ -1 +1,9 @@ -export { runSecurityAudit } from "./audit.js"; +import { runSecurityAudit as runSecurityAuditImpl } from "./audit.js"; + +type RunSecurityAudit = typeof import("./audit.js").runSecurityAudit; + +export function runSecurityAudit( + ...args: Parameters +): ReturnType { + return runSecurityAuditImpl(...args); +} diff --git a/src/security/audit.test.ts b/src/security/audit.test.ts index dedc789773c..6a8e72f6f2e 100644 --- a/src/security/audit.test.ts +++ b/src/security/audit.test.ts @@ -171,6 +171,48 @@ function expectNoFinding(res: SecurityAuditReport, checkId: string): void { expect(hasFinding(res, checkId)).toBe(false); } +async function expectSeverityByExposureCases(params: { + checkId: string; + cases: Array<{ + name: string; + cfg: OpenClawConfig; + expectedSeverity: "warn" | "critical"; + }>; +}) { + await Promise.all( + params.cases.map(async (testCase) => { + const res = await audit(testCase.cfg); + expect(hasFinding(res, params.checkId, testCase.expectedSeverity), testCase.name).toBe(true); + }), + ); +} + +async function runChannelSecurityAudit( + cfg: OpenClawConfig, + plugins: ChannelPlugin[], +): Promise { + return runSecurityAudit({ + config: cfg, + includeFilesystem: false, + includeChannelSecurity: true, + plugins, + }); +} + +async function runInstallMetadataAudit( + cfg: OpenClawConfig, + stateDir: string, +): Promise { + return runSecurityAudit({ + config: cfg, + includeFilesystem: true, + includeChannelSecurity: false, + stateDir, + configPath: path.join(stateDir, "openclaw.json"), + execDockerRawFn: execDockerRawUnavailable, + }); +} + describe("security audit", () => { let fixtureRoot = ""; let caseId = 0; @@ -208,6 +250,17 @@ describe("security audit", () => { ); }; + const runSharedExtensionsAudit = async (config: OpenClawConfig) => { + return runSecurityAudit({ + config, + includeFilesystem: true, + includeChannelSecurity: false, + stateDir: sharedExtensionsStateDir, + configPath: path.join(sharedExtensionsStateDir, "openclaw.json"), + execDockerRawFn: execDockerRawUnavailable, + }); + }; + const createSharedCodeSafetyFixture = async () => { const stateDir = await makeTmpDir("audit-scanner-shared"); const workspaceDir = path.join(stateDir, "workspace"); @@ -295,132 +348,131 @@ description: test skill expect(summary?.detail).toContain("trust model: personal assistant"); }); - it("flags non-loopback bind without auth as critical", async () => { - // Clear env tokens so resolveGatewayAuth defaults to mode=none - const prevToken = process.env.OPENCLAW_GATEWAY_TOKEN; - const prevPassword = process.env.OPENCLAW_GATEWAY_PASSWORD; - delete process.env.OPENCLAW_GATEWAY_TOKEN; - delete process.env.OPENCLAW_GATEWAY_PASSWORD; - - try { - const cfg: OpenClawConfig = { - gateway: { - bind: "lan", - auth: {}, - }, - }; - - const res = await audit(cfg); - - expect(hasFinding(res, "gateway.bind_no_auth", "critical")).toBe(true); - } finally { - // Restore env - if (prevToken === undefined) { - delete process.env.OPENCLAW_GATEWAY_TOKEN; - } else { - process.env.OPENCLAW_GATEWAY_TOKEN = prevToken; - } - if (prevPassword === undefined) { - delete process.env.OPENCLAW_GATEWAY_PASSWORD; - } else { - process.env.OPENCLAW_GATEWAY_PASSWORD = prevPassword; - } - } - }); - - it("does not flag non-loopback bind without auth when gateway password uses SecretRef", async () => { - const cfg: OpenClawConfig = { - gateway: { - bind: "lan", - auth: { - password: { - source: "env", - provider: "default", - id: "OPENCLAW_GATEWAY_PASSWORD", - }, - }, - }, - }; - - const res = await audit(cfg, { env: {} }); - expectNoFinding(res, "gateway.bind_no_auth"); - }); - - it("does not flag missing gateway auth when read-only scrubbed config omits unavailable auth SecretRefs", async () => { - const sourceConfig: OpenClawConfig = { - gateway: { - bind: "lan", - auth: { - token: { - source: "env", - provider: "default", - id: "OPENCLAW_GATEWAY_TOKEN", - }, - }, - }, - secrets: { - providers: { - default: { source: "env" }, - }, - }, - }; - const resolvedConfig: OpenClawConfig = { - gateway: { - bind: "lan", - auth: {}, - }, - secrets: sourceConfig.secrets, - }; - - const res = await runSecurityAudit({ - config: resolvedConfig, - sourceConfig, - env: {}, - includeFilesystem: false, - includeChannelSecurity: false, - }); - - expectNoFinding(res, "gateway.bind_no_auth"); - }); - - it("evaluates gateway auth rate-limit warning based on configuration", async () => { - const cases: Array<{ - name: string; - cfg: OpenClawConfig; - expectWarn: boolean; - }> = [ + it("evaluates gateway auth presence and rate-limit guardrails", async () => { + const cases = [ { - name: "no rate limit", - cfg: { - gateway: { - bind: "lan", - auth: { token: "secret" }, - }, - }, - expectWarn: true, - }, - { - name: "rate limit configured", - cfg: { - gateway: { - bind: "lan", - auth: { - token: "secret", - rateLimit: { maxAttempts: 10, windowMs: 60_000, lockoutMs: 300_000 }, + name: "flags non-loopback bind without auth as critical", + run: async () => + withEnvAsync( + { + OPENCLAW_GATEWAY_TOKEN: undefined, + OPENCLAW_GATEWAY_PASSWORD: undefined, }, - }, + async () => + audit({ + gateway: { + bind: "lan", + auth: {}, + }, + }), + ), + assert: (res: SecurityAuditReport) => { + expect(hasFinding(res, "gateway.bind_no_auth", "critical")).toBe(true); }, - expectWarn: false, }, - ]; - await Promise.all( - cases.map(async (testCase) => { - const res = await audit(testCase.cfg, { env: {} }); - expect(hasFinding(res, "gateway.auth_no_rate_limit", "warn"), testCase.name).toBe( - testCase.expectWarn, - ); - }), - ); + { + name: "does not flag non-loopback bind without auth when gateway password uses SecretRef", + run: async () => + audit( + { + gateway: { + bind: "lan", + auth: { + password: { + source: "env", + provider: "default", + id: "OPENCLAW_GATEWAY_PASSWORD", + }, + }, + }, + }, + { env: {} }, + ), + assert: (res: SecurityAuditReport) => { + expectNoFinding(res, "gateway.bind_no_auth"); + }, + }, + { + name: "does not flag missing gateway auth when read-only scrubbed config omits unavailable auth SecretRefs", + run: async () => { + const sourceConfig: OpenClawConfig = { + gateway: { + bind: "lan", + auth: { + token: { + source: "env", + provider: "default", + id: "OPENCLAW_GATEWAY_TOKEN", + }, + }, + }, + secrets: { + providers: { + default: { source: "env" }, + }, + }, + }; + const resolvedConfig: OpenClawConfig = { + gateway: { + bind: "lan", + auth: {}, + }, + secrets: sourceConfig.secrets, + }; + + return runSecurityAudit({ + config: resolvedConfig, + sourceConfig, + env: {}, + includeFilesystem: false, + includeChannelSecurity: false, + }); + }, + assert: (res: SecurityAuditReport) => { + expectNoFinding(res, "gateway.bind_no_auth"); + }, + }, + { + name: "warns when auth has no rate limit", + run: async () => + audit( + { + gateway: { + bind: "lan", + auth: { token: "secret" }, + }, + }, + { env: {} }, + ), + assert: (res: SecurityAuditReport) => { + expect(hasFinding(res, "gateway.auth_no_rate_limit", "warn")).toBe(true); + }, + }, + { + name: "does not warn when auth rate limit is configured", + run: async () => + audit( + { + gateway: { + bind: "lan", + auth: { + token: "secret", + rateLimit: { maxAttempts: 10, windowMs: 60_000, lockoutMs: 300_000 }, + }, + }, + }, + { env: {} }, + ), + assert: (res: SecurityAuditReport) => { + expectNoFinding(res, "gateway.auth_no_rate_limit"); + }, + }, + ] as const; + + for (const testCase of cases) { + const res = await testCase.run(); + testCase.assert(res); + } }); it("scores dangerous gateway.tools.allow over HTTP by exposure", async () => { @@ -600,52 +652,64 @@ description: test skill ); }); - it("warns for risky safeBinTrustedDirs entries", async () => { + it("evaluates safeBinTrustedDirs risk findings", async () => { const riskyGlobalTrustedDirs = process.platform === "win32" ? [String.raw`C:\Users\ci-user\bin`, String.raw`C:\Users\ci-user\.local\bin`] : ["/usr/local/bin", "/tmp/openclaw-safe-bins"]; - const cfg: OpenClawConfig = { - tools: { - exec: { - safeBinTrustedDirs: riskyGlobalTrustedDirs, - }, - }, - agents: { - list: [ - { - id: "ops", - tools: { - exec: { - safeBinTrustedDirs: ["./relative-bin-dir"], - }, + const cases = [ + { + name: "warns for risky global and relative trusted dirs", + cfg: { + tools: { + exec: { + safeBinTrustedDirs: riskyGlobalTrustedDirs, }, }, - ], - }, - }; - - const res = await audit(cfg); - const finding = res.findings.find( - (f) => f.checkId === "tools.exec.safe_bin_trusted_dirs_risky", - ); - expect(finding?.severity).toBe("warn"); - expect(finding?.detail).toContain(riskyGlobalTrustedDirs[0]); - expect(finding?.detail).toContain(riskyGlobalTrustedDirs[1]); - expect(finding?.detail).toContain("agents.list.ops.tools.exec"); - }); - - it("does not warn for non-risky absolute safeBinTrustedDirs entries", async () => { - const cfg: OpenClawConfig = { - tools: { - exec: { - safeBinTrustedDirs: ["/usr/libexec"], + agents: { + list: [ + { + id: "ops", + tools: { + exec: { + safeBinTrustedDirs: ["./relative-bin-dir"], + }, + }, + }, + ], + }, + } satisfies OpenClawConfig, + assert: (res: SecurityAuditReport) => { + const finding = res.findings.find( + (f) => f.checkId === "tools.exec.safe_bin_trusted_dirs_risky", + ); + expect(finding?.severity).toBe("warn"); + expect(finding?.detail).toContain(riskyGlobalTrustedDirs[0]); + expect(finding?.detail).toContain(riskyGlobalTrustedDirs[1]); + expect(finding?.detail).toContain("agents.list.ops.tools.exec"); }, }, - }; + { + name: "ignores non-risky absolute dirs", + cfg: { + tools: { + exec: { + safeBinTrustedDirs: ["/usr/libexec"], + }, + }, + } satisfies OpenClawConfig, + assert: (res: SecurityAuditReport) => { + expectNoFinding(res, "tools.exec.safe_bin_trusted_dirs_risky"); + }, + }, + ] as const; - const res = await audit(cfg); - expectNoFinding(res, "tools.exec.safe_bin_trusted_dirs_risky"); + await Promise.all( + cases.map(async (testCase) => { + const res = await audit(testCase.cfg); + testCase.assert(res); + }), + ); }); it("evaluates loopback control UI and logging exposure findings", async () => { @@ -700,199 +764,254 @@ description: test skill ); }); - it("treats Windows ACL-only perms as secure", async () => { - const tmp = await makeTmpDir("win"); - const stateDir = path.join(tmp, "state"); - await fs.mkdir(stateDir, { recursive: true }); - const configPath = path.join(stateDir, "openclaw.json"); - await fs.writeFile(configPath, "{}\n", "utf-8"); - - const user = "DESKTOP-TEST\\Tester"; - const execIcacls = async (_cmd: string, args: string[]) => ({ - stdout: `${args[0]} NT AUTHORITY\\SYSTEM:(F)\n ${user}:(F)\n`, - stderr: "", - }); - - const res = await runSecurityAudit({ - config: {}, - includeFilesystem: true, - includeChannelSecurity: false, - stateDir, - configPath, - platform: "win32", - env: windowsAuditEnv, - execIcacls, - execDockerRawFn: execDockerRawUnavailable, - }); - - const forbidden = new Set([ - "fs.state_dir.perms_world_writable", - "fs.state_dir.perms_group_writable", - "fs.state_dir.perms_readable", - "fs.config.perms_writable", - "fs.config.perms_world_readable", - "fs.config.perms_group_readable", - ]); - for (const id of forbidden) { - expect(res.findings.some((f) => f.checkId === id)).toBe(false); - } - }); - - it("flags Windows ACLs when Users can read the state dir", async () => { - const tmp = await makeTmpDir("win-open"); - const stateDir = path.join(tmp, "state"); - await fs.mkdir(stateDir, { recursive: true }); - const configPath = path.join(stateDir, "openclaw.json"); - await fs.writeFile(configPath, "{}\n", "utf-8"); - - const user = "DESKTOP-TEST\\Tester"; - const execIcacls = async (_cmd: string, args: string[]) => { - const target = args[0]; - if (target === stateDir) { - return { - stdout: `${target} NT AUTHORITY\\SYSTEM:(F)\n BUILTIN\\Users:(RX)\n ${user}:(F)\n`, + it("evaluates Windows ACL-derived filesystem findings", async () => { + const cases = [ + { + name: "treats Windows ACL-only perms as secure", + label: "win", + execIcacls: async (_cmd: string, args: string[]) => ({ + stdout: `${args[0]} NT AUTHORITY\\SYSTEM:(F)\n DESKTOP-TEST\\Tester:(F)\n`, stderr: "", - }; - } - return { - stdout: `${target} NT AUTHORITY\\SYSTEM:(F)\n ${user}:(F)\n`, - stderr: "", - }; - }; + }), + assert: (res: SecurityAuditReport) => { + const forbidden = new Set([ + "fs.state_dir.perms_world_writable", + "fs.state_dir.perms_group_writable", + "fs.state_dir.perms_readable", + "fs.config.perms_writable", + "fs.config.perms_world_readable", + "fs.config.perms_group_readable", + ]); + for (const id of forbidden) { + expect( + res.findings.some((f) => f.checkId === id), + id, + ).toBe(false); + } + }, + }, + { + name: "flags Windows ACLs when Users can read the state dir", + label: "win-open", + execIcacls: async (_cmd: string, args: string[]) => { + const target = args[0]; + if (target.endsWith(`${path.sep}state`)) { + return { + stdout: `${target} NT AUTHORITY\\SYSTEM:(F)\n BUILTIN\\Users:(RX)\n DESKTOP-TEST\\Tester:(F)\n`, + stderr: "", + }; + } + return { + stdout: `${target} NT AUTHORITY\\SYSTEM:(F)\n DESKTOP-TEST\\Tester:(F)\n`, + stderr: "", + }; + }, + assert: (res: SecurityAuditReport) => { + expect( + res.findings.some( + (f) => f.checkId === "fs.state_dir.perms_readable" && f.severity === "warn", + ), + ).toBe(true); + }, + }, + ] as const; - const res = await runSecurityAudit({ - config: {}, - includeFilesystem: true, - includeChannelSecurity: false, - stateDir, - configPath, - platform: "win32", - env: windowsAuditEnv, - execIcacls, - execDockerRawFn: execDockerRawUnavailable, - }); + await Promise.all( + cases.map(async (testCase) => { + const tmp = await makeTmpDir(testCase.label); + const stateDir = path.join(tmp, "state"); + await fs.mkdir(stateDir, { recursive: true }); + const configPath = path.join(stateDir, "openclaw.json"); + await fs.writeFile(configPath, "{}\n", "utf-8"); - expect( - res.findings.some( - (f) => f.checkId === "fs.state_dir.perms_readable" && f.severity === "warn", - ), - ).toBe(true); - }); + const res = await runSecurityAudit({ + config: {}, + includeFilesystem: true, + includeChannelSecurity: false, + stateDir, + configPath, + platform: "win32", + env: windowsAuditEnv, + execIcacls: testCase.execIcacls, + execDockerRawFn: execDockerRawUnavailable, + }); - it("warns when sandbox browser containers have missing or stale hash labels", async () => { - const { stateDir, configPath } = await createFilesystemAuditFixture("browser-hash-labels"); - - const execDockerRawFn = (async (args: string[]) => { - if (args[0] === "ps") { - return { - stdout: Buffer.from("openclaw-sbx-browser-old\nopenclaw-sbx-browser-missing-hash\n"), - stderr: Buffer.alloc(0), - code: 0, - }; - } - if (args[0] === "inspect" && args.at(-1) === "openclaw-sbx-browser-old") { - return { - stdout: Buffer.from("abc123\tepoch-v0\n"), - stderr: Buffer.alloc(0), - code: 0, - }; - } - if (args[0] === "inspect" && args.at(-1) === "openclaw-sbx-browser-missing-hash") { - return { - stdout: Buffer.from("\t\n"), - stderr: Buffer.alloc(0), - code: 0, - }; - } - return { - stdout: Buffer.alloc(0), - stderr: Buffer.from("not found"), - code: 1, - }; - }) as NonNullable; - - const res = await runSecurityAudit({ - config: {}, - includeFilesystem: true, - includeChannelSecurity: false, - stateDir, - configPath, - execDockerRawFn, - }); - - expect(hasFinding(res, "sandbox.browser_container.hash_label_missing", "warn")).toBe(true); - expect(hasFinding(res, "sandbox.browser_container.hash_epoch_stale", "warn")).toBe(true); - const staleEpoch = res.findings.find( - (f) => f.checkId === "sandbox.browser_container.hash_epoch_stale", + testCase.assert(res); + }), ); - expect(staleEpoch?.detail).toContain("openclaw-sbx-browser-old"); }); - it("skips sandbox browser hash label checks when docker inspect is unavailable", async () => { - const { stateDir, configPath } = await createFilesystemAuditFixture("browser-hash-labels-skip"); + it("evaluates sandbox browser findings", async () => { + const cases = [ + { + name: "warns when sandbox browser containers have missing or stale hash labels", + run: async () => { + const { stateDir, configPath } = + await createFilesystemAuditFixture("browser-hash-labels"); + return runSecurityAudit({ + config: {}, + includeFilesystem: true, + includeChannelSecurity: false, + stateDir, + configPath, + execDockerRawFn: (async (args: string[]) => { + if (args[0] === "ps") { + return { + stdout: Buffer.from( + "openclaw-sbx-browser-old\nopenclaw-sbx-browser-missing-hash\n", + ), + stderr: Buffer.alloc(0), + code: 0, + }; + } + if (args[0] === "inspect" && args.at(-1) === "openclaw-sbx-browser-old") { + return { + stdout: Buffer.from("abc123\tepoch-v0\n"), + stderr: Buffer.alloc(0), + code: 0, + }; + } + if (args[0] === "inspect" && args.at(-1) === "openclaw-sbx-browser-missing-hash") { + return { + stdout: Buffer.from("\t\n"), + stderr: Buffer.alloc(0), + code: 0, + }; + } + return { + stdout: Buffer.alloc(0), + stderr: Buffer.from("not found"), + code: 1, + }; + }) as NonNullable, + }); + }, + assert: (res: SecurityAuditReport) => { + expect(hasFinding(res, "sandbox.browser_container.hash_label_missing", "warn")).toBe( + true, + ); + expect(hasFinding(res, "sandbox.browser_container.hash_epoch_stale", "warn")).toBe(true); + const staleEpoch = res.findings.find( + (f) => f.checkId === "sandbox.browser_container.hash_epoch_stale", + ); + expect(staleEpoch?.detail).toContain("openclaw-sbx-browser-old"); + }, + }, + { + name: "skips sandbox browser hash label checks when docker inspect is unavailable", + run: async () => { + const { stateDir, configPath } = await createFilesystemAuditFixture( + "browser-hash-labels-skip", + ); + return runSecurityAudit({ + config: {}, + includeFilesystem: true, + includeChannelSecurity: false, + stateDir, + configPath, + execDockerRawFn: (async () => { + throw new Error("spawn docker ENOENT"); + }) as NonNullable, + }); + }, + assert: (res: SecurityAuditReport) => { + expect(hasFinding(res, "sandbox.browser_container.hash_label_missing")).toBe(false); + expect(hasFinding(res, "sandbox.browser_container.hash_epoch_stale")).toBe(false); + }, + }, + { + name: "flags sandbox browser containers with non-loopback published ports", + run: async () => { + const { stateDir, configPath } = await createFilesystemAuditFixture( + "browser-non-loopback-publish", + ); + return runSecurityAudit({ + config: {}, + includeFilesystem: true, + includeChannelSecurity: false, + stateDir, + configPath, + execDockerRawFn: (async (args: string[]) => { + if (args[0] === "ps") { + return { + stdout: Buffer.from("openclaw-sbx-browser-exposed\n"), + stderr: Buffer.alloc(0), + code: 0, + }; + } + if (args[0] === "inspect" && args.at(-1) === "openclaw-sbx-browser-exposed") { + return { + stdout: Buffer.from("hash123\t2026-02-21-novnc-auth-default\n"), + stderr: Buffer.alloc(0), + code: 0, + }; + } + if (args[0] === "port" && args.at(-1) === "openclaw-sbx-browser-exposed") { + return { + stdout: Buffer.from("6080/tcp -> 0.0.0.0:49101\n9222/tcp -> 127.0.0.1:49100\n"), + stderr: Buffer.alloc(0), + code: 0, + }; + } + return { + stdout: Buffer.alloc(0), + stderr: Buffer.from("not found"), + code: 1, + }; + }) as NonNullable, + }); + }, + assert: (res: SecurityAuditReport) => { + expect( + hasFinding(res, "sandbox.browser_container.non_loopback_publish", "critical"), + ).toBe(true); + }, + }, + { + name: "warns when bridge network omits cdpSourceRange", + run: async () => + audit({ + agents: { + defaults: { + sandbox: { + mode: "all", + browser: { enabled: true, network: "bridge" }, + }, + }, + }, + }), + assert: (res: SecurityAuditReport) => { + const finding = res.findings.find( + (f) => f.checkId === "sandbox.browser_cdp_bridge_unrestricted", + ); + expect(finding?.severity).toBe("warn"); + expect(finding?.detail).toContain("agents.defaults.sandbox.browser"); + }, + }, + { + name: "does not warn for dedicated default browser network", + run: async () => + audit({ + agents: { + defaults: { + sandbox: { + mode: "all", + browser: { enabled: true }, + }, + }, + }, + }), + assert: (res: SecurityAuditReport) => { + expect(hasFinding(res, "sandbox.browser_cdp_bridge_unrestricted")).toBe(false); + }, + }, + ] as const; - const execDockerRawFn = (async () => { - throw new Error("spawn docker ENOENT"); - }) as NonNullable; - - const res = await runSecurityAudit({ - config: {}, - includeFilesystem: true, - includeChannelSecurity: false, - stateDir, - configPath, - execDockerRawFn, - }); - - expect(hasFinding(res, "sandbox.browser_container.hash_label_missing")).toBe(false); - expect(hasFinding(res, "sandbox.browser_container.hash_epoch_stale")).toBe(false); - }); - - it("flags sandbox browser containers with non-loopback published ports", async () => { - const { stateDir, configPath } = await createFilesystemAuditFixture( - "browser-non-loopback-publish", - ); - - const execDockerRawFn = (async (args: string[]) => { - if (args[0] === "ps") { - return { - stdout: Buffer.from("openclaw-sbx-browser-exposed\n"), - stderr: Buffer.alloc(0), - code: 0, - }; - } - if (args[0] === "inspect" && args.at(-1) === "openclaw-sbx-browser-exposed") { - return { - stdout: Buffer.from("hash123\t2026-02-21-novnc-auth-default\n"), - stderr: Buffer.alloc(0), - code: 0, - }; - } - if (args[0] === "port" && args.at(-1) === "openclaw-sbx-browser-exposed") { - return { - stdout: Buffer.from("6080/tcp -> 0.0.0.0:49101\n9222/tcp -> 127.0.0.1:49100\n"), - stderr: Buffer.alloc(0), - code: 0, - }; - } - return { - stdout: Buffer.alloc(0), - stderr: Buffer.from("not found"), - code: 1, - }; - }) as NonNullable; - - const res = await runSecurityAudit({ - config: {}, - includeFilesystem: true, - includeChannelSecurity: false, - stateDir, - configPath, - execDockerRawFn, - }); - - expect(hasFinding(res, "sandbox.browser_container.non_loopback_publish", "critical")).toBe( - true, + await Promise.all( + cases.map(async (testCase) => { + const res = await testCase.run(); + testCase.assert(res); + }), ); }); @@ -929,69 +1048,81 @@ description: test skill expect(res.findings.some((f) => f.checkId === "fs.config.perms_group_readable")).toBe(false); }); - it("warns when workspace skill files resolve outside workspace root", async () => { - if (isWindows) { - return; + it("evaluates workspace skill path escape findings", async () => { + const cases = [ + { + name: "warns when workspace skill files resolve outside workspace root", + supported: !isWindows, + setup: async () => { + const tmp = await makeTmpDir("workspace-skill-symlink-escape"); + const stateDir = path.join(tmp, "state"); + const workspaceDir = path.join(tmp, "workspace"); + const outsideDir = path.join(tmp, "outside"); + await fs.mkdir(stateDir, { recursive: true, mode: 0o700 }); + await fs.mkdir(path.join(workspaceDir, "skills", "leak"), { recursive: true }); + await fs.mkdir(outsideDir, { recursive: true }); + + const outsideSkillPath = path.join(outsideDir, "SKILL.md"); + await fs.writeFile(outsideSkillPath, "# outside\n", "utf-8"); + await fs.symlink(outsideSkillPath, path.join(workspaceDir, "skills", "leak", "SKILL.md")); + + return { stateDir, workspaceDir, outsideSkillPath }; + }, + assert: ( + res: SecurityAuditReport, + fixture: { stateDir: string; workspaceDir: string; outsideSkillPath?: string }, + ) => { + const finding = res.findings.find((f) => f.checkId === "skills.workspace.symlink_escape"); + expect(finding?.severity).toBe("warn"); + expect(fixture.outsideSkillPath).toBeTruthy(); + expect(finding?.detail).toContain(fixture.outsideSkillPath ?? ""); + }, + }, + { + name: "does not warn for workspace skills that stay inside workspace root", + supported: true, + setup: async () => { + const tmp = await makeTmpDir("workspace-skill-in-root"); + const stateDir = path.join(tmp, "state"); + const workspaceDir = path.join(tmp, "workspace"); + await fs.mkdir(stateDir, { recursive: true, mode: 0o700 }); + await fs.mkdir(path.join(workspaceDir, "skills", "safe"), { recursive: true }); + await fs.writeFile( + path.join(workspaceDir, "skills", "safe", "SKILL.md"), + "# in workspace\n", + "utf-8", + ); + return { stateDir, workspaceDir }; + }, + assert: (res: SecurityAuditReport) => { + expectNoFinding(res, "skills.workspace.symlink_escape"); + }, + }, + ] as const; + + for (const testCase of cases) { + if (!testCase.supported) { + continue; + } + + const fixture = await testCase.setup(); + const configPath = path.join(fixture.stateDir, "openclaw.json"); + await fs.writeFile(configPath, "{}\n", "utf-8"); + if (!isWindows) { + await fs.chmod(configPath, 0o600); + } + + const res = await runSecurityAudit({ + config: { agents: { defaults: { workspace: fixture.workspaceDir } } }, + includeFilesystem: true, + includeChannelSecurity: false, + stateDir: fixture.stateDir, + configPath, + execDockerRawFn: execDockerRawUnavailable, + }); + + testCase.assert(res, fixture); } - - const tmp = await makeTmpDir("workspace-skill-symlink-escape"); - const stateDir = path.join(tmp, "state"); - const workspaceDir = path.join(tmp, "workspace"); - const outsideDir = path.join(tmp, "outside"); - await fs.mkdir(stateDir, { recursive: true, mode: 0o700 }); - await fs.mkdir(path.join(workspaceDir, "skills", "leak"), { recursive: true }); - await fs.mkdir(outsideDir, { recursive: true }); - - const outsideSkillPath = path.join(outsideDir, "SKILL.md"); - await fs.writeFile(outsideSkillPath, "# outside\n", "utf-8"); - await fs.symlink(outsideSkillPath, path.join(workspaceDir, "skills", "leak", "SKILL.md")); - - const configPath = path.join(stateDir, "openclaw.json"); - await fs.writeFile(configPath, "{}\n", "utf-8"); - await fs.chmod(configPath, 0o600); - - const res = await runSecurityAudit({ - config: { agents: { defaults: { workspace: workspaceDir } } }, - includeFilesystem: true, - includeChannelSecurity: false, - stateDir, - configPath, - execDockerRawFn: execDockerRawUnavailable, - }); - - const finding = res.findings.find((f) => f.checkId === "skills.workspace.symlink_escape"); - expect(finding?.severity).toBe("warn"); - expect(finding?.detail).toContain(outsideSkillPath); - }); - - it("does not warn for workspace skills that stay inside workspace root", async () => { - const tmp = await makeTmpDir("workspace-skill-in-root"); - const stateDir = path.join(tmp, "state"); - const workspaceDir = path.join(tmp, "workspace"); - await fs.mkdir(stateDir, { recursive: true, mode: 0o700 }); - await fs.mkdir(path.join(workspaceDir, "skills", "safe"), { recursive: true }); - await fs.writeFile( - path.join(workspaceDir, "skills", "safe", "SKILL.md"), - "# in workspace\n", - "utf-8", - ); - - const configPath = path.join(stateDir, "openclaw.json"); - await fs.writeFile(configPath, "{}\n", "utf-8"); - if (!isWindows) { - await fs.chmod(configPath, 0o600); - } - - const res = await runSecurityAudit({ - config: { agents: { defaults: { workspace: workspaceDir } } }, - includeFilesystem: true, - includeChannelSecurity: false, - stateDir, - configPath, - execDockerRawFn: execDockerRawUnavailable, - }); - - expect(res.findings.some((f) => f.checkId === "skills.workspace.symlink_escape")).toBe(false); }); it("scores small-model risk by tool/sandbox exposure", async () => { @@ -1036,12 +1167,8 @@ description: test skill ); }); - it("checks sandbox docker mode-off findings with/without agent override", async () => { - const cases: Array<{ - name: string; - cfg: OpenClawConfig; - expectedPresent: boolean; - }> = [ + it("evaluates sandbox docker config findings", async () => { + const cases = [ { name: "mode off with docker config only", cfg: { @@ -1053,8 +1180,8 @@ description: test skill }, }, }, - }, - expectedPresent: true, + } as OpenClawConfig, + expectedFindings: [{ checkId: "sandbox.docker_config_mode_off" }], }, { name: "agent enables sandbox mode", @@ -1068,203 +1195,134 @@ description: test skill }, list: [{ id: "ops", sandbox: { mode: "all" } }], }, - }, - expectedPresent: false, + } as OpenClawConfig, + expectedFindings: [], + expectedAbsent: ["sandbox.docker_config_mode_off"], }, - ]; - await Promise.all( - cases.map(async (testCase) => { - const res = await audit(testCase.cfg); - expect(hasFinding(res, "sandbox.docker_config_mode_off"), testCase.name).toBe( - testCase.expectedPresent, - ); - }), - ); - }); - - it("flags dangerous sandbox docker config (binds/network/seccomp/apparmor)", async () => { - const cfg: OpenClawConfig = { - agents: { - defaults: { - sandbox: { - mode: "all", - docker: { - binds: ["/etc/passwd:/mnt/passwd:ro", "/run:/run"], - network: "host", - seccompProfile: "unconfined", - apparmorProfile: "unconfined", - }, - }, - }, - }, - }; - - const res = await audit(cfg); - - expect(res.findings).toEqual( - expect.arrayContaining([ - expect.objectContaining({ checkId: "sandbox.dangerous_bind_mount", severity: "critical" }), - expect.objectContaining({ - checkId: "sandbox.dangerous_network_mode", - severity: "critical", - }), - expect.objectContaining({ - checkId: "sandbox.dangerous_seccomp_profile", - severity: "critical", - }), - expect.objectContaining({ - checkId: "sandbox.dangerous_apparmor_profile", - severity: "critical", - }), - ]), - ); - }); - - it("flags container namespace join network mode in sandbox config", async () => { - const cfg: OpenClawConfig = { - agents: { - defaults: { - sandbox: { - mode: "all", - docker: { - network: "container:peer", - }, - }, - }, - }, - }; - const res = await audit(cfg); - expect(res.findings).toEqual( - expect.arrayContaining([ - expect.objectContaining({ - checkId: "sandbox.dangerous_network_mode", - severity: "critical", - title: "Dangerous network mode in sandbox config", - }), - ]), - ); - }); - - it("checks sandbox browser bridge-network restrictions", async () => { - const cases: Array<{ - name: string; - cfg: OpenClawConfig; - expectedPresent: boolean; - expectedSeverity?: "warn"; - detailIncludes?: string; - }> = [ { - name: "bridge without cdpSourceRange", + name: "dangerous binds, host network, seccomp, and apparmor", cfg: { agents: { defaults: { sandbox: { mode: "all", - browser: { enabled: true, network: "bridge" }, + docker: { + binds: ["/etc/passwd:/mnt/passwd:ro", "/run:/run"], + network: "host", + seccompProfile: "unconfined", + apparmorProfile: "unconfined", + }, }, }, }, - }, - expectedPresent: true, - expectedSeverity: "warn", - detailIncludes: "agents.defaults.sandbox.browser", + } as OpenClawConfig, + expectedFindings: [ + { checkId: "sandbox.dangerous_bind_mount", severity: "critical" }, + { checkId: "sandbox.dangerous_network_mode", severity: "critical" }, + { checkId: "sandbox.dangerous_seccomp_profile", severity: "critical" }, + { checkId: "sandbox.dangerous_apparmor_profile", severity: "critical" }, + ], }, { - name: "dedicated default network", + name: "container namespace join network mode", cfg: { agents: { defaults: { sandbox: { mode: "all", - browser: { enabled: true }, + docker: { + network: "container:peer", + }, }, }, }, - }, - expectedPresent: false, + } as OpenClawConfig, + expectedFindings: [ + { + checkId: "sandbox.dangerous_network_mode", + severity: "critical", + title: "Dangerous network mode in sandbox config", + }, + ], }, - ]; + ] as const; + await Promise.all( cases.map(async (testCase) => { const res = await audit(testCase.cfg); - const finding = res.findings.find( - (f) => f.checkId === "sandbox.browser_cdp_bridge_unrestricted", - ); - expect(Boolean(finding), testCase.name).toBe(testCase.expectedPresent); - if (testCase.expectedPresent) { - expect(finding?.severity, testCase.name).toBe(testCase.expectedSeverity); - if (testCase.detailIncludes) { - expect(finding?.detail, testCase.name).toContain(testCase.detailIncludes); - } + if (testCase.expectedFindings.length > 0) { + expect(res.findings, testCase.name).toEqual( + expect.arrayContaining( + testCase.expectedFindings.map((finding) => expect.objectContaining(finding)), + ), + ); + } + const expectedAbsent = "expectedAbsent" in testCase ? testCase.expectedAbsent : []; + for (const checkId of expectedAbsent) { + expect(hasFinding(res, checkId), `${testCase.name}:${checkId}`).toBe(false); } }), ); }); - it("flags ineffective gateway.nodes.denyCommands entries", async () => { - const cfg: OpenClawConfig = { - gateway: { - nodes: { - denyCommands: ["system.*", "system.runx"], - }, + it("evaluates ineffective gateway.nodes.denyCommands entries", async () => { + const cases = [ + { + name: "flags ineffective gateway.nodes.denyCommands entries", + cfg: { + gateway: { + nodes: { + denyCommands: ["system.*", "system.runx"], + }, + }, + } satisfies OpenClawConfig, + detailIncludes: ["system.*", "system.runx", "did you mean", "system.run"], }, - }; + { + name: "suggests prefix-matching commands for unknown denyCommands entries", + cfg: { + gateway: { + nodes: { + denyCommands: ["system.run.prep"], + }, + }, + } satisfies OpenClawConfig, + detailIncludes: ["system.run.prep", "did you mean", "system.run.prepare"], + }, + { + name: "keeps unknown denyCommands entries without suggestions when no close command exists", + cfg: { + gateway: { + nodes: { + denyCommands: ["zzzzzzzzzzzzzz"], + }, + }, + } satisfies OpenClawConfig, + detailIncludes: ["zzzzzzzzzzzzzz"], + detailExcludes: ["did you mean"], + }, + ] as const; - const res = await audit(cfg); - - const finding = res.findings.find( - (f) => f.checkId === "gateway.nodes.deny_commands_ineffective", + await Promise.all( + cases.map(async (testCase) => { + const res = await audit(testCase.cfg); + const finding = res.findings.find( + (f) => f.checkId === "gateway.nodes.deny_commands_ineffective", + ); + expect(finding?.severity, testCase.name).toBe("warn"); + for (const text of testCase.detailIncludes) { + expect(finding?.detail, `${testCase.name}:${text}`).toContain(text); + } + const detailExcludes = "detailExcludes" in testCase ? testCase.detailExcludes : []; + for (const text of detailExcludes) { + expect(finding?.detail, `${testCase.name}:${text}`).not.toContain(text); + } + }), ); - expect(finding?.severity).toBe("warn"); - expect(finding?.detail).toContain("system.*"); - expect(finding?.detail).toContain("system.runx"); - expect(finding?.detail).toContain("did you mean"); - expect(finding?.detail).toContain("system.run"); }); - it("suggests prefix-matching commands for unknown denyCommands entries", async () => { - const cfg: OpenClawConfig = { - gateway: { - nodes: { - denyCommands: ["system.run.prep"], - }, - }, - }; - - const res = await audit(cfg); - const finding = res.findings.find( - (f) => f.checkId === "gateway.nodes.deny_commands_ineffective", - ); - expect(finding?.severity).toBe("warn"); - expect(finding?.detail).toContain("system.run.prep"); - expect(finding?.detail).toContain("did you mean"); - expect(finding?.detail).toContain("system.run.prepare"); - }); - - it("keeps unknown denyCommands entries without suggestions when no close command exists", async () => { - const cfg: OpenClawConfig = { - gateway: { - nodes: { - denyCommands: ["zzzzzzzzzzzzzz"], - }, - }, - }; - - const res = await audit(cfg); - const finding = res.findings.find( - (f) => f.checkId === "gateway.nodes.deny_commands_ineffective", - ); - expect(finding?.severity).toBe("warn"); - expect(finding?.detail).toContain("zzzzzzzzzzzzzz"); - expect(finding?.detail).not.toContain("did you mean"); - }); - - it("scores dangerous gateway.nodes.allowCommands by exposure", async () => { - const cases: Array<{ - name: string; - cfg: OpenClawConfig; - expectedSeverity: "warn" | "critical"; - }> = [ + it("evaluates dangerous gateway.nodes.allowCommands findings", async () => { + const cases = [ { name: "loopback gateway", cfg: { @@ -1272,8 +1330,8 @@ description: test skill bind: "loopback", nodes: { allowCommands: ["camera.snap", "screen.record"] }, }, - }, - expectedSeverity: "warn", + } as OpenClawConfig, + expectedSeverity: "warn" as const, }, { name: "lan-exposed gateway", @@ -1282,38 +1340,46 @@ description: test skill bind: "lan", nodes: { allowCommands: ["camera.snap", "screen.record"] }, }, - }, - expectedSeverity: "critical", + } as OpenClawConfig, + expectedSeverity: "critical" as const, }, - ]; + { + name: "denied again suppresses dangerous allowCommands finding", + cfg: { + gateway: { + nodes: { + allowCommands: ["camera.snap", "screen.record"], + denyCommands: ["camera.snap", "screen.record"], + }, + }, + } as OpenClawConfig, + expectedAbsent: true, + }, + ] as const; await Promise.all( cases.map(async (testCase) => { const res = await audit(testCase.cfg); + if ("expectedAbsent" in testCase && testCase.expectedAbsent) { + expectNoFinding(res, "gateway.nodes.allow_commands_dangerous"); + return; + } + const expectedSeverity = + "expectedSeverity" in testCase ? testCase.expectedSeverity : undefined; + if (!expectedSeverity) { + return; + } + const finding = res.findings.find( (f) => f.checkId === "gateway.nodes.allow_commands_dangerous", ); - expect(finding?.severity, testCase.name).toBe(testCase.expectedSeverity); + expect(finding?.severity, testCase.name).toBe(expectedSeverity); expect(finding?.detail, testCase.name).toContain("camera.snap"); expect(finding?.detail, testCase.name).toContain("screen.record"); }), ); }); - it("does not flag dangerous allowCommands entries when denied again", async () => { - const cfg: OpenClawConfig = { - gateway: { - nodes: { - allowCommands: ["camera.snap", "screen.record"], - denyCommands: ["camera.snap", "screen.record"], - }, - }, - }; - - const res = await audit(cfg); - expectNoFinding(res, "gateway.nodes.allow_commands_dangerous"); - }); - it("flags agent profile overrides when global tools.profile is minimal", async () => { const cfg: OpenClawConfig = { tools: { @@ -1348,205 +1414,212 @@ description: test skill expectFinding(res, "tools.elevated.allowFrom.whatsapp.wildcard", "critical"); }); - it("flags browser control without auth when browser is enabled", async () => { - const cfg: OpenClawConfig = { - gateway: { - controlUi: { enabled: false }, - auth: {}, - }, - browser: { - enabled: true, - }, - }; - - const res = await audit(cfg, { env: {} }); - - expectFinding(res, "browser.control_no_auth", "critical"); - }); - - it("does not flag browser control auth when gateway token is configured", async () => { - const cfg: OpenClawConfig = { - gateway: { - controlUi: { enabled: false }, - auth: { token: "very-long-browser-token-0123456789" }, - }, - browser: { - enabled: true, - }, - }; - - const res = await audit(cfg, { env: {} }); - - expectNoFinding(res, "browser.control_no_auth"); - }); - - it("does not flag browser control auth when gateway password uses SecretRef", async () => { - const cfg: OpenClawConfig = { - gateway: { - controlUi: { enabled: false }, - auth: { - password: { - source: "env", - provider: "default", - id: "OPENCLAW_GATEWAY_PASSWORD", + it.each([ + { + name: "flags browser control without auth when browser is enabled", + cfg: { + gateway: { + controlUi: { enabled: false }, + auth: {}, + }, + browser: { + enabled: true, + }, + } satisfies OpenClawConfig, + expectedFinding: { checkId: "browser.control_no_auth", severity: "critical" }, + }, + { + name: "does not flag browser control auth when gateway token is configured", + cfg: { + gateway: { + controlUi: { enabled: false }, + auth: { token: "very-long-browser-token-0123456789" }, + }, + browser: { + enabled: true, + }, + } satisfies OpenClawConfig, + expectedNoFinding: "browser.control_no_auth", + }, + { + name: "does not flag browser control auth when gateway password uses SecretRef", + cfg: { + gateway: { + controlUi: { enabled: false }, + auth: { + password: { + source: "env", + provider: "default", + id: "OPENCLAW_GATEWAY_PASSWORD", + }, }, }, - }, - browser: { - enabled: true, - }, - }; - - const res = await audit(cfg, { env: {} }); - expectNoFinding(res, "browser.control_no_auth"); - }); - - it("warns when remote CDP uses HTTP", async () => { - const cfg: OpenClawConfig = { - browser: { - profiles: { - remote: { cdpUrl: "http://example.com:9222", color: "#0066CC" }, + browser: { + enabled: true, }, - }, - }; - - const res = await audit(cfg); - - expectFinding(res, "browser.remote_cdp_http", "warn"); - }); - - it("warns when remote CDP targets a private/internal host", async () => { - const cfg: OpenClawConfig = { - browser: { - profiles: { - remote: { - cdpUrl: - "http://169.254.169.254:9222/json/version?token=supersecrettokenvalue1234567890", - color: "#0066CC", + } satisfies OpenClawConfig, + expectedNoFinding: "browser.control_no_auth", + }, + { + name: "warns when remote CDP uses HTTP", + cfg: { + browser: { + profiles: { + remote: { cdpUrl: "http://example.com:9222", color: "#0066CC" }, }, }, + } satisfies OpenClawConfig, + expectedFinding: { checkId: "browser.remote_cdp_http", severity: "warn" }, + }, + { + name: "warns when remote CDP targets a private/internal host", + cfg: { + browser: { + profiles: { + remote: { + cdpUrl: + "http://169.254.169.254:9222/json/version?token=supersecrettokenvalue1234567890", + color: "#0066CC", + }, + }, + }, + } satisfies OpenClawConfig, + expectedFinding: { + checkId: "browser.remote_cdp_private_host", + severity: "warn", + detail: expect.stringContaining("token=supers…7890"), }, - }; + }, + ])("$name", async (testCase) => { + const res = await audit(testCase.cfg, { env: {} }); - const res = await audit(cfg); - - expectFinding(res, "browser.remote_cdp_private_host", "warn"); - expect(res.findings).toEqual( - expect.arrayContaining([ - expect.objectContaining({ - checkId: "browser.remote_cdp_private_host", - detail: expect.stringContaining("token=supers…7890"), - }), - ]), - ); + if (testCase.expectedFinding) { + expect(res.findings).toEqual( + expect.arrayContaining([expect.objectContaining(testCase.expectedFinding)]), + ); + } + if (testCase.expectedNoFinding) { + expectNoFinding(res, testCase.expectedNoFinding); + } }); - it("warns when control UI allows insecure auth", async () => { - const cfg: OpenClawConfig = { - gateway: { - controlUi: { allowInsecureAuth: true }, - }, - }; - - const res = await audit(cfg); - - expect(res.findings).toEqual( - expect.arrayContaining([ - expect.objectContaining({ + it("warns on insecure or dangerous flags", async () => { + const cases = [ + { + name: "control UI allows insecure auth", + cfg: { + gateway: { + controlUi: { allowInsecureAuth: true }, + }, + } satisfies OpenClawConfig, + expectedFinding: { checkId: "gateway.control_ui.insecure_auth", severity: "warn", - }), - expect.objectContaining({ - checkId: "config.insecure_or_dangerous_flags", - severity: "warn", - detail: expect.stringContaining("gateway.controlUi.allowInsecureAuth=true"), - }), - ]), - ); - }); - - it("warns when control UI device auth is disabled", async () => { - const cfg: OpenClawConfig = { - gateway: { - controlUi: { dangerouslyDisableDeviceAuth: true }, + }, + expectedDangerousDetails: ["gateway.controlUi.allowInsecureAuth=true"], }, - }; - - const res = await audit(cfg); - - expect(res.findings).toEqual( - expect.arrayContaining([ - expect.objectContaining({ + { + name: "control UI device auth is disabled", + cfg: { + gateway: { + controlUi: { dangerouslyDisableDeviceAuth: true }, + }, + } satisfies OpenClawConfig, + expectedFinding: { checkId: "gateway.control_ui.device_auth_disabled", severity: "critical", - }), - expect.objectContaining({ - checkId: "config.insecure_or_dangerous_flags", - severity: "warn", - detail: expect.stringContaining("gateway.controlUi.dangerouslyDisableDeviceAuth=true"), - }), - ]), - ); - }); - - it("warns when insecure/dangerous debug flags are enabled", async () => { - const cfg: OpenClawConfig = { - hooks: { - gmail: { allowUnsafeExternalContent: true }, - mappings: [{ allowUnsafeExternalContent: true }], - }, - tools: { - exec: { - applyPatch: { - workspaceOnly: false, - }, }, + expectedDangerousDetails: ["gateway.controlUi.dangerouslyDisableDeviceAuth=true"], }, - }; + { + name: "generic insecure debug flags", + cfg: { + hooks: { + gmail: { allowUnsafeExternalContent: true }, + mappings: [{ allowUnsafeExternalContent: true }], + }, + tools: { + exec: { + applyPatch: { + workspaceOnly: false, + }, + }, + }, + } satisfies OpenClawConfig, + expectedDangerousDetails: [ + "hooks.gmail.allowUnsafeExternalContent=true", + "hooks.mappings[0].allowUnsafeExternalContent=true", + "tools.exec.applyPatch.workspaceOnly=false", + ], + }, + ] as const; - const res = await audit(cfg); - const finding = res.findings.find((f) => f.checkId === "config.insecure_or_dangerous_flags"); - - expect(finding).toBeTruthy(); - expect(finding?.severity).toBe("warn"); - expect(finding?.detail).toContain("hooks.gmail.allowUnsafeExternalContent=true"); - expect(finding?.detail).toContain("hooks.mappings[0].allowUnsafeExternalContent=true"); - expect(finding?.detail).toContain("tools.exec.applyPatch.workspaceOnly=false"); + for (const testCase of cases) { + const res = await audit(testCase.cfg); + if ("expectedFinding" in testCase) { + expect(res.findings, testCase.name).toEqual( + expect.arrayContaining([expect.objectContaining(testCase.expectedFinding)]), + ); + } + const finding = res.findings.find((f) => f.checkId === "config.insecure_or_dangerous_flags"); + expect(finding, testCase.name).toBeTruthy(); + expect(finding?.severity, testCase.name).toBe("warn"); + for (const detail of testCase.expectedDangerousDetails) { + expect(finding?.detail, `${testCase.name}:${detail}`).toContain(detail); + } + } }); - it("flags non-loopback Control UI without allowed origins", async () => { - const cfg: OpenClawConfig = { - gateway: { - bind: "lan", - auth: { mode: "token", token: "very-long-browser-token-0123456789" }, + it.each([ + { + name: "flags non-loopback Control UI without allowed origins", + cfg: { + gateway: { + bind: "lan", + auth: { mode: "token", token: "very-long-browser-token-0123456789" }, + }, + } satisfies OpenClawConfig, + expectedFinding: { + checkId: "gateway.control_ui.allowed_origins_required", + severity: "critical", }, - }; - - const res = await audit(cfg); - expectFinding(res, "gateway.control_ui.allowed_origins_required", "critical"); - }); - - it("flags wildcard Control UI origins by exposure level", async () => { - const loopbackCfg: OpenClawConfig = { - gateway: { - bind: "loopback", - controlUi: { allowedOrigins: ["*"] }, + }, + { + name: "flags wildcard Control UI origins by exposure level on loopback", + cfg: { + gateway: { + bind: "loopback", + controlUi: { allowedOrigins: ["*"] }, + }, + } satisfies OpenClawConfig, + expectedFinding: { + checkId: "gateway.control_ui.allowed_origins_wildcard", + severity: "warn", }, - }; - const exposedCfg: OpenClawConfig = { - gateway: { - bind: "lan", - auth: { mode: "token", token: "very-long-browser-token-0123456789" }, - controlUi: { allowedOrigins: ["*"] }, + }, + { + name: "flags wildcard Control UI origins by exposure level when exposed", + cfg: { + gateway: { + bind: "lan", + auth: { mode: "token", token: "very-long-browser-token-0123456789" }, + controlUi: { allowedOrigins: ["*"] }, + }, + } satisfies OpenClawConfig, + expectedFinding: { + checkId: "gateway.control_ui.allowed_origins_wildcard", + severity: "critical", }, - }; - - const loopback = await audit(loopbackCfg); - const exposed = await audit(exposedCfg); - - expectFinding(loopback, "gateway.control_ui.allowed_origins_wildcard", "warn"); - expectFinding(exposed, "gateway.control_ui.allowed_origins_wildcard", "critical"); - expectNoFinding(exposed, "gateway.control_ui.allowed_origins_required"); + expectedNoFinding: "gateway.control_ui.allowed_origins_required", + }, + ])("$name", async (testCase) => { + const res = await audit(testCase.cfg); + expect(res.findings).toEqual( + expect.arrayContaining([expect.objectContaining(testCase.expectedFinding)]), + ); + if (testCase.expectedNoFinding) { + expectNoFinding(res, testCase.expectedNoFinding); + } }); it("flags dangerous host-header origin fallback and suppresses missing allowed-origins finding", async () => { @@ -1569,51 +1642,56 @@ description: test skill ); }); - it("warns when Feishu doc tool is enabled because create can grant requester access", async () => { - const cfg: OpenClawConfig = { - channels: { - feishu: { - appId: "cli_test", - appSecret: "secret_test", // pragma: allowlist secret - }, - }, - }; - - const res = await audit(cfg); - expectFinding(res, "channels.feishu.doc_owner_open_id", "warn"); - }); - - it("treats Feishu SecretRef appSecret as configured for doc tool risk detection", async () => { - const cfg: OpenClawConfig = { - channels: { - feishu: { - appId: "cli_test", - appSecret: { - source: "env", - provider: "default", - id: "FEISHU_APP_SECRET", + it.each([ + { + name: "warns when Feishu doc tool is enabled because create can grant requester access", + cfg: { + channels: { + feishu: { + appId: "cli_test", + appSecret: "secret_test", // pragma: allowlist secret }, }, - }, - }; - - const res = await audit(cfg); - expectFinding(res, "channels.feishu.doc_owner_open_id", "warn"); - }); - - it("does not warn for Feishu doc grant risk when doc tools are disabled", async () => { - const cfg: OpenClawConfig = { - channels: { - feishu: { - appId: "cli_test", - appSecret: "secret_test", // pragma: allowlist secret - tools: { doc: false }, + } satisfies OpenClawConfig, + expectedFinding: "channels.feishu.doc_owner_open_id", + }, + { + name: "treats Feishu SecretRef appSecret as configured for doc tool risk detection", + cfg: { + channels: { + feishu: { + appId: "cli_test", + appSecret: { + source: "env", + provider: "default", + id: "FEISHU_APP_SECRET", + }, + }, }, - }, - }; - - const res = await audit(cfg); - expectNoFinding(res, "channels.feishu.doc_owner_open_id"); + } satisfies OpenClawConfig, + expectedFinding: "channels.feishu.doc_owner_open_id", + }, + { + name: "does not warn for Feishu doc grant risk when doc tools are disabled", + cfg: { + channels: { + feishu: { + appId: "cli_test", + appSecret: "secret_test", // pragma: allowlist secret + tools: { doc: false }, + }, + }, + } satisfies OpenClawConfig, + expectedNoFinding: "channels.feishu.doc_owner_open_id", + }, + ])("$name", async (testCase) => { + const res = await audit(testCase.cfg); + if (testCase.expectedFinding) { + expectFinding(res, testCase.expectedFinding, "warn"); + } + if (testCase.expectedNoFinding) { + expectNoFinding(res, testCase.expectedNoFinding); + } }); it("scores X-Real-IP fallback risk by gateway exposure", async () => { @@ -1688,15 +1766,10 @@ description: test skill }, ]; - await Promise.all( - cases.map(async (testCase) => { - const res = await audit(testCase.cfg); - expect( - hasFinding(res, "gateway.real_ip_fallback_enabled", testCase.expectedSeverity), - testCase.name, - ).toBe(true); - }), - ); + await expectSeverityByExposureCases({ + checkId: "gateway.real_ip_fallback_enabled", + cases, + }); }); it("scores mDNS full mode risk by gateway bind mode", async () => { @@ -1739,15 +1812,10 @@ description: test skill }, ]; - await Promise.all( - cases.map(async (testCase) => { - const res = await audit(testCase.cfg); - expect( - hasFinding(res, "discovery.mdns_full_mode", testCase.expectedSeverity), - testCase.name, - ).toBe(true); - }), - ); + await expectSeverityByExposureCases({ + checkId: "discovery.mdns_full_mode", + cases, + }); }); it("evaluates trusted-proxy auth guardrails", async () => { @@ -1891,130 +1959,281 @@ description: test skill ); }); - it("flags Discord native commands without a guild user allowlist", async () => { - await withChannelSecurityStateDir(async () => { - const cfg: OpenClawConfig = { - channels: { - discord: { - enabled: true, - token: "t", - groupPolicy: "allowlist", - guilds: { - "123": { - channels: { - general: { allow: true }, + it("evaluates Discord native command allowlist findings", async () => { + const cases = [ + { + name: "flags missing guild user allowlists", + cfg: { + channels: { + discord: { + enabled: true, + token: "t", + groupPolicy: "allowlist", + guilds: { + "123": { + channels: { + general: { allow: true }, + }, }, }, }, }, - }, - }; + } as OpenClawConfig, + expectFinding: true, + }, + { + name: "does not flag when dm.allowFrom includes a Discord snowflake id", + cfg: { + channels: { + discord: { + enabled: true, + token: "t", + dm: { allowFrom: ["387380367612706819"] }, + groupPolicy: "allowlist", + guilds: { + "123": { + channels: { + general: { allow: true }, + }, + }, + }, + }, + }, + } as OpenClawConfig, + expectFinding: false, + }, + ] as const; - const res = await runSecurityAudit({ - config: cfg, - includeFilesystem: false, - includeChannelSecurity: true, - plugins: [discordPlugin], + for (const testCase of cases) { + await withChannelSecurityStateDir(async () => { + const res = await runSecurityAudit({ + config: testCase.cfg, + includeFilesystem: false, + includeChannelSecurity: true, + plugins: [discordPlugin], + }); + + expect( + res.findings.some( + (finding) => finding.checkId === "channels.discord.commands.native.no_allowlists", + ), + testCase.name, + ).toBe(testCase.expectFinding); }); - - expect(res.findings).toEqual( - expect.arrayContaining([ - expect.objectContaining({ - checkId: "channels.discord.commands.native.no_allowlists", - severity: "warn", - }), - ]), - ); - }); + } }); - it("keeps channel security findings when SecretRef credentials are configured but unavailable", async () => { - await withChannelSecurityStateDir(async () => { - const sourceConfig: OpenClawConfig = { - channels: { - discord: { - enabled: true, - token: { source: "env", provider: "default", id: "DISCORD_BOT_TOKEN" }, - groupPolicy: "allowlist", - guilds: { - "123": { - channels: { - general: { allow: true }, + it("keeps source-configured channel security findings when resolved inspection is incomplete", async () => { + const cases = [ + { + name: "discord SecretRef configured but unavailable", + sourceConfig: { + channels: { + discord: { + enabled: true, + token: { source: "env", provider: "default", id: "DISCORD_BOT_TOKEN" }, + groupPolicy: "allowlist", + guilds: { + "123": { + channels: { + general: { allow: true }, + }, }, }, }, }, - }, - }; - const resolvedConfig: OpenClawConfig = { - channels: { - discord: { - enabled: true, - groupPolicy: "allowlist", - guilds: { - "123": { - channels: { - general: { allow: true }, + } as OpenClawConfig, + resolvedConfig: { + channels: { + discord: { + enabled: true, + groupPolicy: "allowlist", + guilds: { + "123": { + channels: { + general: { allow: true }, + }, }, }, }, }, - }, - }; - - const inspectableDiscordPlugin = stubChannelPlugin({ - id: "discord", - label: "Discord", - inspectAccount: (cfg) => { - const channel = cfg.channels?.discord ?? {}; - const token = channel.token; - return { - accountId: "default", - enabled: true, - configured: - Boolean(token) && - typeof token === "object" && - !Array.isArray(token) && - "source" in token, - token: "", - tokenSource: - Boolean(token) && - typeof token === "object" && - !Array.isArray(token) && - "source" in token - ? "config" - : "none", - tokenStatus: - Boolean(token) && - typeof token === "object" && - !Array.isArray(token) && - "source" in token - ? "configured_unavailable" - : "missing", - config: channel, - }; - }, - resolveAccount: (cfg) => ({ config: cfg.channels?.discord ?? {} }), - isConfigured: (account) => Boolean((account as { configured?: boolean }).configured), - }); - - const res = await runSecurityAudit({ - config: resolvedConfig, - sourceConfig, - includeFilesystem: false, - includeChannelSecurity: true, - plugins: [inspectableDiscordPlugin], - }); - - expect(res.findings).toEqual( - expect.arrayContaining([ - expect.objectContaining({ - checkId: "channels.discord.commands.native.no_allowlists", - severity: "warn", + } as OpenClawConfig, + plugin: () => + stubChannelPlugin({ + id: "discord", + label: "Discord", + inspectAccount: (cfg) => { + const channel = cfg.channels?.discord ?? {}; + const token = channel.token; + return { + accountId: "default", + enabled: true, + configured: + Boolean(token) && + typeof token === "object" && + !Array.isArray(token) && + "source" in token, + token: "", + tokenSource: + Boolean(token) && + typeof token === "object" && + !Array.isArray(token) && + "source" in token + ? "config" + : "none", + tokenStatus: + Boolean(token) && + typeof token === "object" && + !Array.isArray(token) && + "source" in token + ? "configured_unavailable" + : "missing", + config: channel, + }; + }, + resolveAccount: (cfg) => ({ config: cfg.channels?.discord ?? {} }), + isConfigured: (account) => Boolean((account as { configured?: boolean }).configured), }), - ]), - ); - }); + expectedCheckId: "channels.discord.commands.native.no_allowlists", + }, + { + name: "slack resolved inspection only exposes signingSecret status", + sourceConfig: { + channels: { + slack: { + enabled: true, + mode: "http", + groupPolicy: "open", + slashCommand: { enabled: true }, + }, + }, + } as OpenClawConfig, + resolvedConfig: { + channels: { + slack: { + enabled: true, + mode: "http", + groupPolicy: "open", + slashCommand: { enabled: true }, + }, + }, + } as OpenClawConfig, + plugin: (sourceConfig: OpenClawConfig) => + stubChannelPlugin({ + id: "slack", + label: "Slack", + inspectAccount: (cfg) => { + const channel = cfg.channels?.slack ?? {}; + if (cfg === sourceConfig) { + return { + accountId: "default", + enabled: false, + configured: true, + mode: "http", + botTokenSource: "config", + botTokenStatus: "configured_unavailable", + signingSecretSource: "config", // pragma: allowlist secret + signingSecretStatus: "configured_unavailable", // pragma: allowlist secret + config: channel, + }; + } + return { + accountId: "default", + enabled: true, + configured: true, + mode: "http", + botTokenSource: "config", + botTokenStatus: "available", + signingSecretSource: "config", // pragma: allowlist secret + signingSecretStatus: "available", // pragma: allowlist secret + config: channel, + }; + }, + resolveAccount: (cfg) => ({ config: cfg.channels?.slack ?? {} }), + isConfigured: (account) => Boolean((account as { configured?: boolean }).configured), + }), + expectedCheckId: "channels.slack.commands.slash.no_allowlists", + }, + { + name: "slack source config still wins when resolved inspection is unconfigured", + sourceConfig: { + channels: { + slack: { + enabled: true, + mode: "http", + groupPolicy: "open", + slashCommand: { enabled: true }, + }, + }, + } as OpenClawConfig, + resolvedConfig: { + channels: { + slack: { + enabled: true, + mode: "http", + groupPolicy: "open", + slashCommand: { enabled: true }, + }, + }, + } as OpenClawConfig, + plugin: (sourceConfig: OpenClawConfig) => + stubChannelPlugin({ + id: "slack", + label: "Slack", + inspectAccount: (cfg) => { + const channel = cfg.channels?.slack ?? {}; + if (cfg === sourceConfig) { + return { + accountId: "default", + enabled: true, + configured: true, + mode: "http", + botTokenSource: "config", + botTokenStatus: "configured_unavailable", + signingSecretSource: "config", // pragma: allowlist secret + signingSecretStatus: "configured_unavailable", // pragma: allowlist secret + config: channel, + }; + } + return { + accountId: "default", + enabled: true, + configured: false, + mode: "http", + botTokenSource: "config", + botTokenStatus: "available", + signingSecretSource: "config", // pragma: allowlist secret + signingSecretStatus: "missing", // pragma: allowlist secret + config: channel, + }; + }, + resolveAccount: (cfg) => ({ config: cfg.channels?.slack ?? {} }), + isConfigured: (account) => Boolean((account as { configured?: boolean }).configured), + }), + expectedCheckId: "channels.slack.commands.slash.no_allowlists", + }, + ] as const; + + for (const testCase of cases) { + await withChannelSecurityStateDir(async () => { + const res = await runSecurityAudit({ + config: testCase.resolvedConfig, + sourceConfig: testCase.sourceConfig, + includeFilesystem: false, + includeChannelSecurity: true, + plugins: [testCase.plugin(testCase.sourceConfig)], + }); + + expect(res.findings, testCase.name).toEqual( + expect.arrayContaining([ + expect.objectContaining({ + checkId: testCase.expectedCheckId, + severity: "warn", + }), + ]), + ); + }); + } }); it("adds a read-only resolution warning when channel account resolveAccount throws", async () => { @@ -2051,202 +2270,16 @@ description: test skill expect(finding?.detail).toContain("missing SecretRef"); }); - it("keeps Slack HTTP slash-command findings when resolved inspection only exposes signingSecret status", async () => { - await withChannelSecurityStateDir(async () => { - const sourceConfig: OpenClawConfig = { - channels: { - slack: { - enabled: true, - mode: "http", - groupPolicy: "open", - slashCommand: { enabled: true }, - }, - }, - }; - const resolvedConfig: OpenClawConfig = { - channels: { - slack: { - enabled: true, - mode: "http", - groupPolicy: "open", - slashCommand: { enabled: true }, - }, - }, - }; - - const inspectableSlackPlugin = stubChannelPlugin({ - id: "slack", - label: "Slack", - inspectAccount: (cfg) => { - const channel = cfg.channels?.slack ?? {}; - if (cfg === sourceConfig) { - return { - accountId: "default", - enabled: false, - configured: true, - mode: "http", - botTokenSource: "config", - botTokenStatus: "configured_unavailable", - signingSecretSource: "config", // pragma: allowlist secret - signingSecretStatus: "configured_unavailable", // pragma: allowlist secret - config: channel, - }; - } - return { - accountId: "default", - enabled: true, - configured: true, - mode: "http", - botTokenSource: "config", - botTokenStatus: "available", - signingSecretSource: "config", // pragma: allowlist secret - signingSecretStatus: "available", // pragma: allowlist secret - config: channel, - }; - }, - resolveAccount: (cfg) => ({ config: cfg.channels?.slack ?? {} }), - isConfigured: (account) => Boolean((account as { configured?: boolean }).configured), - }); - - const res = await runSecurityAudit({ - config: resolvedConfig, - sourceConfig, - includeFilesystem: false, - includeChannelSecurity: true, - plugins: [inspectableSlackPlugin], - }); - - expect(res.findings).toEqual( - expect.arrayContaining([ - expect.objectContaining({ - checkId: "channels.slack.commands.slash.no_allowlists", - severity: "warn", - }), - ]), - ); - }); - }); - - it("keeps source-configured Slack HTTP findings when resolved inspection is unconfigured", async () => { - await withChannelSecurityStateDir(async () => { - const sourceConfig: OpenClawConfig = { - channels: { - slack: { - enabled: true, - mode: "http", - groupPolicy: "open", - slashCommand: { enabled: true }, - }, - }, - }; - const resolvedConfig: OpenClawConfig = { - channels: { - slack: { - enabled: true, - mode: "http", - groupPolicy: "open", - slashCommand: { enabled: true }, - }, - }, - }; - - const inspectableSlackPlugin = stubChannelPlugin({ - id: "slack", - label: "Slack", - inspectAccount: (cfg) => { - const channel = cfg.channels?.slack ?? {}; - if (cfg === sourceConfig) { - return { - accountId: "default", - enabled: true, - configured: true, - mode: "http", - botTokenSource: "config", - botTokenStatus: "configured_unavailable", - signingSecretSource: "config", // pragma: allowlist secret - signingSecretStatus: "configured_unavailable", // pragma: allowlist secret - config: channel, - }; - } - return { - accountId: "default", - enabled: true, - configured: false, - mode: "http", - botTokenSource: "config", - botTokenStatus: "available", - signingSecretSource: "config", // pragma: allowlist secret - signingSecretStatus: "missing", // pragma: allowlist secret - config: channel, - }; - }, - resolveAccount: (cfg) => ({ config: cfg.channels?.slack ?? {} }), - isConfigured: (account) => Boolean((account as { configured?: boolean }).configured), - }); - - const res = await runSecurityAudit({ - config: resolvedConfig, - sourceConfig, - includeFilesystem: false, - includeChannelSecurity: true, - plugins: [inspectableSlackPlugin], - }); - - expect(res.findings).toEqual( - expect.arrayContaining([ - expect.objectContaining({ - checkId: "channels.slack.commands.slash.no_allowlists", - severity: "warn", - }), - ]), - ); - }); - }); - - it("does not flag Discord slash commands when dm.allowFrom includes a Discord snowflake id", async () => { - await withChannelSecurityStateDir(async () => { - const cfg: OpenClawConfig = { - channels: { - discord: { - enabled: true, - token: "t", - dm: { allowFrom: ["387380367612706819"] }, - groupPolicy: "allowlist", - guilds: { - "123": { - channels: { - general: { allow: true }, - }, - }, - }, - }, - }, - }; - - const res = await runSecurityAudit({ - config: cfg, - includeFilesystem: false, - includeChannelSecurity: true, - plugins: [discordPlugin], - }); - - expect(res.findings).not.toEqual( - expect.arrayContaining([ - expect.objectContaining({ - checkId: "channels.discord.commands.native.no_allowlists", - }), - ]), - ); - }); - }); - - it("warns when Discord allowlists contain name-based entries", async () => { - await withChannelSecurityStateDir(async (tmp) => { - await fs.writeFile( - path.join(tmp, "credentials", "discord-allowFrom.json"), - JSON.stringify({ version: 1, allowFrom: ["team.owner"] }), - ); - const cfg: OpenClawConfig = { + it.each([ + { + name: "warns when Discord allowlists contain name-based entries", + setup: async (tmp: string) => { + await fs.writeFile( + path.join(tmp, "credentials", "discord-allowFrom.json"), + JSON.stringify({ version: 1, allowFrom: ["team.owner"] }), + ); + }, + cfg: { channels: { discord: { enabled: true, @@ -2264,35 +2297,20 @@ description: test skill }, }, }, - }; - - const res = await runSecurityAudit({ - config: cfg, - includeFilesystem: false, - includeChannelSecurity: true, - plugins: [discordPlugin], - }); - - const finding = res.findings.find( - (entry) => entry.checkId === "channels.discord.allowFrom.name_based_entries", - ); - expect(finding).toBeDefined(); - expect(finding?.severity).toBe("warn"); - expect(finding?.detail).toContain("channels.discord.allowFrom:Alice#1234"); - expect(finding?.detail).toContain("channels.discord.guilds.123.users:trusted.operator"); - expect(finding?.detail).toContain( + } satisfies OpenClawConfig, + plugins: [discordPlugin], + expectNameBasedSeverity: "warn", + detailIncludes: [ + "channels.discord.allowFrom:Alice#1234", + "channels.discord.guilds.123.users:trusted.operator", "channels.discord.guilds.123.channels.general.users:security-team", - ); - expect(finding?.detail).toContain( "~/.openclaw/credentials/discord-allowFrom.json:team.owner", - ); - expect(finding?.detail).not.toContain("<@123456789012345678>"); - }); - }); - - it("marks Discord name-based allowlists as break-glass when dangerous matching is enabled", async () => { - await withChannelSecurityStateDir(async () => { - const cfg: OpenClawConfig = { + ], + detailExcludes: ["<@123456789012345678>"], + }, + { + name: "marks Discord name-based allowlists as break-glass when dangerous matching is enabled", + cfg: { channels: { discord: { enabled: true, @@ -2301,35 +2319,18 @@ description: test skill allowFrom: ["Alice#1234"], }, }, - }; - - const res = await runSecurityAudit({ - config: cfg, - includeFilesystem: false, - includeChannelSecurity: true, - plugins: [discordPlugin], - }); - - const finding = res.findings.find( - (entry) => entry.checkId === "channels.discord.allowFrom.name_based_entries", - ); - expect(finding).toBeDefined(); - expect(finding?.severity).toBe("info"); - expect(finding?.detail).toContain("out-of-scope"); - expect(res.findings).toEqual( - expect.arrayContaining([ - expect.objectContaining({ - checkId: "channels.discord.allowFrom.dangerous_name_matching_enabled", - severity: "info", - }), - ]), - ); - }); - }); - - it("audits non-default Discord accounts for dangerous name matching", async () => { - await withChannelSecurityStateDir(async () => { - const cfg: OpenClawConfig = { + } satisfies OpenClawConfig, + plugins: [discordPlugin], + expectNameBasedSeverity: "info", + detailIncludes: ["out-of-scope"], + expectFindingMatch: { + checkId: "channels.discord.allowFrom.dangerous_name_matching_enabled", + severity: "info", + }, + }, + { + name: "audits non-default Discord accounts for dangerous name matching", + cfg: { channels: { discord: { enabled: true, @@ -2343,24 +2344,101 @@ description: test skill }, }, }, - }; - - const res = await runSecurityAudit({ - config: cfg, - includeFilesystem: false, - includeChannelSecurity: true, - plugins: [discordPlugin], - }); - - expect(res.findings).toEqual( - expect.arrayContaining([ - expect.objectContaining({ - checkId: "channels.discord.allowFrom.dangerous_name_matching_enabled", - title: expect.stringContaining("(account: beta)"), - severity: "info", - }), - ]), + } satisfies OpenClawConfig, + plugins: [discordPlugin], + expectNoNameBasedFinding: true, + expectFindingMatch: { + checkId: "channels.discord.allowFrom.dangerous_name_matching_enabled", + title: expect.stringContaining("(account: beta)"), + severity: "info", + }, + }, + { + name: "audits name-based allowlists on non-default Discord accounts", + cfg: { + channels: { + discord: { + enabled: true, + token: "t", + accounts: { + alpha: { + token: "a", + allowFrom: ["123456789012345678"], + }, + beta: { + token: "b", + allowFrom: ["Alice#1234"], + }, + }, + }, + }, + } satisfies OpenClawConfig, + plugins: [discordPlugin], + expectNameBasedSeverity: "warn", + detailIncludes: ["channels.discord.accounts.beta.allowFrom:Alice#1234"], + }, + { + name: "does not warn when Discord allowlists use ID-style entries only", + cfg: { + channels: { + discord: { + enabled: true, + token: "t", + allowFrom: [ + "123456789012345678", + "<@223456789012345678>", + "user:323456789012345678", + "discord:423456789012345678", + "pk:member-123", + ], + guilds: { + "123": { + users: ["523456789012345678", "<@623456789012345678>", "pk:member-456"], + channels: { + general: { + users: ["723456789012345678", "user:823456789012345678"], + }, + }, + }, + }, + }, + }, + } satisfies OpenClawConfig, + plugins: [discordPlugin], + expectNoNameBasedFinding: true, + }, + ])("$name", async (testCase) => { + await withChannelSecurityStateDir(async (tmp) => { + await testCase.setup?.(tmp); + const res = await runChannelSecurityAudit(testCase.cfg, testCase.plugins); + const nameBasedFinding = res.findings.find( + (entry) => entry.checkId === "channels.discord.allowFrom.name_based_entries", ); + + if (testCase.expectNoNameBasedFinding) { + expect(nameBasedFinding).toBeUndefined(); + } else if ( + testCase.expectNameBasedSeverity || + testCase.detailIncludes?.length || + testCase.detailExcludes?.length + ) { + expect(nameBasedFinding).toBeDefined(); + if (testCase.expectNameBasedSeverity) { + expect(nameBasedFinding?.severity).toBe(testCase.expectNameBasedSeverity); + } + for (const snippet of testCase.detailIncludes ?? []) { + expect(nameBasedFinding?.detail).toContain(snippet); + } + for (const snippet of testCase.detailExcludes ?? []) { + expect(nameBasedFinding?.detail).not.toContain(snippet); + } + } + + if (testCase.expectFindingMatch) { + expect(res.findings).toEqual( + expect.arrayContaining([expect.objectContaining(testCase.expectFindingMatch)]), + ); + } }); }); @@ -2409,45 +2487,10 @@ description: test skill }); }); - it("audits name-based allowlists on non-default Discord accounts", async () => { - await withChannelSecurityStateDir(async () => { - const cfg: OpenClawConfig = { - channels: { - discord: { - enabled: true, - token: "t", - accounts: { - alpha: { - token: "a", - allowFrom: ["123456789012345678"], - }, - beta: { - token: "b", - allowFrom: ["Alice#1234"], - }, - }, - }, - }, - }; - - const res = await runSecurityAudit({ - config: cfg, - includeFilesystem: false, - includeChannelSecurity: true, - plugins: [discordPlugin], - }); - - const finding = res.findings.find( - (entry) => entry.checkId === "channels.discord.allowFrom.name_based_entries", - ); - expect(finding).toBeDefined(); - expect(finding?.detail).toContain("channels.discord.accounts.beta.allowFrom:Alice#1234"); - }); - }); - - it("warns when Zalouser group routing contains mutable group entries", async () => { - await withChannelSecurityStateDir(async () => { - const cfg: OpenClawConfig = { + it.each([ + { + name: "warns when Zalouser group routing contains mutable group entries", + cfg: { channels: { zalouser: { enabled: true, @@ -2457,28 +2500,14 @@ description: test skill }, }, }, - }; - - const res = await runSecurityAudit({ - config: cfg, - includeFilesystem: false, - includeChannelSecurity: true, - plugins: [zalouserPlugin], - }); - - const finding = res.findings.find( - (entry) => entry.checkId === "channels.zalouser.groups.mutable_entries", - ); - expect(finding).toBeDefined(); - expect(finding?.severity).toBe("warn"); - expect(finding?.detail).toContain("channels.zalouser.groups:Ops Room"); - expect(finding?.detail).not.toContain("group:g-123"); - }); - }); - - it("marks Zalouser mutable group routing as break-glass when dangerous matching is enabled", async () => { - await withChannelSecurityStateDir(async () => { - const cfg: OpenClawConfig = { + } satisfies OpenClawConfig, + expectedSeverity: "warn", + detailIncludes: ["channels.zalouser.groups:Ops Room"], + detailExcludes: ["group:g-123"], + }, + { + name: "marks Zalouser mutable group routing as break-glass when dangerous matching is enabled", + cfg: { channels: { zalouser: { enabled: true, @@ -2488,78 +2517,41 @@ description: test skill }, }, }, - }; - - const res = await runSecurityAudit({ - config: cfg, - includeFilesystem: false, - includeChannelSecurity: true, - plugins: [zalouserPlugin], - }); - + } satisfies OpenClawConfig, + expectedSeverity: "info", + detailIncludes: ["out-of-scope"], + expectFindingMatch: { + checkId: "channels.zalouser.allowFrom.dangerous_name_matching_enabled", + severity: "info", + }, + }, + ])("$name", async (testCase) => { + await withChannelSecurityStateDir(async () => { + const res = await runChannelSecurityAudit(testCase.cfg, [zalouserPlugin]); const finding = res.findings.find( (entry) => entry.checkId === "channels.zalouser.groups.mutable_entries", ); + expect(finding).toBeDefined(); - expect(finding?.severity).toBe("info"); - expect(finding?.detail).toContain("out-of-scope"); - expect(res.findings).toEqual( - expect.arrayContaining([ - expect.objectContaining({ - checkId: "channels.zalouser.allowFrom.dangerous_name_matching_enabled", - severity: "info", - }), - ]), - ); + expect(finding?.severity).toBe(testCase.expectedSeverity); + for (const snippet of testCase.detailIncludes) { + expect(finding?.detail).toContain(snippet); + } + for (const snippet of testCase.detailExcludes ?? []) { + expect(finding?.detail).not.toContain(snippet); + } + if (testCase.expectFindingMatch) { + expect(res.findings).toEqual( + expect.arrayContaining([expect.objectContaining(testCase.expectFindingMatch)]), + ); + } }); }); - it("does not warn when Discord allowlists use ID-style entries only", async () => { - await withChannelSecurityStateDir(async () => { - const cfg: OpenClawConfig = { - channels: { - discord: { - enabled: true, - token: "t", - allowFrom: [ - "123456789012345678", - "<@223456789012345678>", - "user:323456789012345678", - "discord:423456789012345678", - "pk:member-123", - ], - guilds: { - "123": { - users: ["523456789012345678", "<@623456789012345678>", "pk:member-456"], - channels: { - general: { - users: ["723456789012345678", "user:823456789012345678"], - }, - }, - }, - }, - }, - }, - }; - - const res = await runSecurityAudit({ - config: cfg, - includeFilesystem: false, - includeChannelSecurity: true, - plugins: [discordPlugin], - }); - - expect(res.findings).not.toEqual( - expect.arrayContaining([ - expect.objectContaining({ checkId: "channels.discord.allowFrom.name_based_entries" }), - ]), - ); - }); - }); - - it("flags Discord slash commands when access-group enforcement is disabled and no users allowlist exists", async () => { - await withChannelSecurityStateDir(async () => { - const cfg: OpenClawConfig = { + it.each([ + { + name: "flags Discord slash commands when access-group enforcement is disabled and no users allowlist exists", + cfg: { commands: { useAccessGroups: false }, channels: { discord: { @@ -2575,29 +2567,16 @@ description: test skill }, }, }, - }; - - const res = await runSecurityAudit({ - config: cfg, - includeFilesystem: false, - includeChannelSecurity: true, - plugins: [discordPlugin], - }); - - expect(res.findings).toEqual( - expect.arrayContaining([ - expect.objectContaining({ - checkId: "channels.discord.commands.native.unrestricted", - severity: "critical", - }), - ]), - ); - }); - }); - - it("flags Slack slash commands without a channel users allowlist", async () => { - await withChannelSecurityStateDir(async () => { - const cfg: OpenClawConfig = { + } satisfies OpenClawConfig, + plugins: [discordPlugin], + expectedFinding: { + checkId: "channels.discord.commands.native.unrestricted", + severity: "critical", + }, + }, + { + name: "flags Slack slash commands without a channel users allowlist", + cfg: { channels: { slack: { enabled: true, @@ -2607,29 +2586,16 @@ description: test skill slashCommand: { enabled: true }, }, }, - }; - - const res = await runSecurityAudit({ - config: cfg, - includeFilesystem: false, - includeChannelSecurity: true, - plugins: [slackPlugin], - }); - - expect(res.findings).toEqual( - expect.arrayContaining([ - expect.objectContaining({ - checkId: "channels.slack.commands.slash.no_allowlists", - severity: "warn", - }), - ]), - ); - }); - }); - - it("flags Slack slash commands when access-group enforcement is disabled", async () => { - await withChannelSecurityStateDir(async () => { - const cfg: OpenClawConfig = { + } satisfies OpenClawConfig, + plugins: [slackPlugin], + expectedFinding: { + checkId: "channels.slack.commands.slash.no_allowlists", + severity: "warn", + }, + }, + { + name: "flags Slack slash commands when access-group enforcement is disabled", + cfg: { commands: { useAccessGroups: false }, channels: { slack: { @@ -2640,29 +2606,16 @@ description: test skill slashCommand: { enabled: true }, }, }, - }; - - const res = await runSecurityAudit({ - config: cfg, - includeFilesystem: false, - includeChannelSecurity: true, - plugins: [slackPlugin], - }); - - expect(res.findings).toEqual( - expect.arrayContaining([ - expect.objectContaining({ - checkId: "channels.slack.commands.slash.useAccessGroups_off", - severity: "critical", - }), - ]), - ); - }); - }); - - it("flags Telegram group commands without a sender allowlist", async () => { - await withChannelSecurityStateDir(async () => { - const cfg: OpenClawConfig = { + } satisfies OpenClawConfig, + plugins: [slackPlugin], + expectedFinding: { + checkId: "channels.slack.commands.slash.useAccessGroups_off", + severity: "critical", + }, + }, + { + name: "flags Telegram group commands without a sender allowlist", + cfg: { channels: { telegram: { enabled: true, @@ -2671,29 +2624,16 @@ description: test skill groups: { "-100123": {} }, }, }, - }; - - const res = await runSecurityAudit({ - config: cfg, - includeFilesystem: false, - includeChannelSecurity: true, - plugins: [telegramPlugin], - }); - - expect(res.findings).toEqual( - expect.arrayContaining([ - expect.objectContaining({ - checkId: "channels.telegram.groups.allowFrom.missing", - severity: "critical", - }), - ]), - ); - }); - }); - - it("warns when Telegram allowFrom entries are non-numeric (legacy @username configs)", async () => { - await withChannelSecurityStateDir(async () => { - const cfg: OpenClawConfig = { + } satisfies OpenClawConfig, + plugins: [telegramPlugin], + expectedFinding: { + checkId: "channels.telegram.groups.allowFrom.missing", + severity: "critical", + }, + }, + { + name: "warns when Telegram allowFrom entries are non-numeric (legacy @username configs)", + cfg: { channels: { telegram: { enabled: true, @@ -2703,22 +2643,19 @@ description: test skill groups: { "-100123": {} }, }, }, - }; - - const res = await runSecurityAudit({ - config: cfg, - includeFilesystem: false, - includeChannelSecurity: true, - plugins: [telegramPlugin], - }); + } satisfies OpenClawConfig, + plugins: [telegramPlugin], + expectedFinding: { + checkId: "channels.telegram.allowFrom.invalid_entries", + severity: "warn", + }, + }, + ])("$name", async (testCase) => { + await withChannelSecurityStateDir(async () => { + const res = await runChannelSecurityAudit(testCase.cfg, testCase.plugins); expect(res.findings).toEqual( - expect.arrayContaining([ - expect.objectContaining({ - checkId: "channels.telegram.allowFrom.invalid_entries", - severity: "warn", - }), - ]), + expect.arrayContaining([expect.objectContaining(testCase.expectedFinding)]), ); }); }); @@ -2807,209 +2744,182 @@ description: test skill ); }); - it("warns when hooks token looks short", async () => { - const cfg: OpenClawConfig = { - hooks: { enabled: true, token: "short" }, - }; - - const res = await audit(cfg); - - expectFinding(res, "hooks.token_too_short", "warn"); - }); - - it("flags hooks token reuse of the gateway env token as critical", async () => { - const prevToken = process.env.OPENCLAW_GATEWAY_TOKEN; - process.env.OPENCLAW_GATEWAY_TOKEN = "shared-gateway-token-1234567890"; - const cfg: OpenClawConfig = { - hooks: { enabled: true, token: "shared-gateway-token-1234567890" }, - }; - - try { - const res = await audit(cfg); - expectFinding(res, "hooks.token_reuse_gateway_token", "critical"); - } finally { - if (prevToken === undefined) { - delete process.env.OPENCLAW_GATEWAY_TOKEN; - } else { - process.env.OPENCLAW_GATEWAY_TOKEN = prevToken; - } - } - }); - - it("warns when hooks.defaultSessionKey is unset", async () => { - const cfg: OpenClawConfig = { - hooks: { enabled: true, token: "shared-gateway-token-1234567890" }, - }; - - const res = await audit(cfg); - - expectFinding(res, "hooks.default_session_key_unset", "warn"); - }); - - it("scores unrestricted hooks.allowedAgentIds by gateway exposure", async () => { - const baseHooks = { + it("evaluates hooks ingress auth and routing findings", async () => { + const unrestrictedBaseHooks = { enabled: true, token: "shared-gateway-token-1234567890", defaultSessionKey: "hook:ingress", } satisfies NonNullable; - const cases: Array<{ - name: string; - cfg: OpenClawConfig; - expectedSeverity: "warn" | "critical"; - }> = [ - { - name: "local exposure", - cfg: { hooks: baseHooks }, - expectedSeverity: "warn", - }, - { - name: "remote exposure", - cfg: { gateway: { bind: "lan" }, hooks: baseHooks }, - expectedSeverity: "critical", - }, - ]; - await Promise.all( - cases.map(async (testCase) => { - const res = await audit(testCase.cfg); - expect( - hasFinding(res, "hooks.allowed_agent_ids_unrestricted", testCase.expectedSeverity), - testCase.name, - ).toBe(true); - }), - ); - }); - - it("treats wildcard hooks.allowedAgentIds as unrestricted routing", async () => { - const res = await audit({ - hooks: { - enabled: true, - token: "shared-gateway-token-1234567890", - defaultSessionKey: "hook:ingress", - allowedAgentIds: ["*"], - }, - }); - - expectFinding(res, "hooks.allowed_agent_ids_unrestricted", "warn"); - }); - - it("scores hooks request sessionKey override by gateway exposure", async () => { - const baseHooks = { - enabled: true, - token: "shared-gateway-token-1234567890", - defaultSessionKey: "hook:ingress", + const requestSessionKeyHooks = { + ...unrestrictedBaseHooks, allowRequestSessionKey: true, } satisfies NonNullable; - const cases: Array<{ - name: string; - cfg: OpenClawConfig; - expectedSeverity: "warn" | "critical"; - expectsPrefixesMissing?: boolean; - }> = [ + const cases = [ { - name: "local exposure", - cfg: { hooks: baseHooks }, - expectedSeverity: "warn", - expectsPrefixesMissing: true, + name: "warns when hooks token looks short", + cfg: { + hooks: { enabled: true, token: "short" }, + } satisfies OpenClawConfig, + expectedFinding: "hooks.token_too_short", + expectedSeverity: "warn" as const, }, { - name: "remote exposure", - cfg: { gateway: { bind: "lan" }, hooks: baseHooks }, - expectedSeverity: "critical", + name: "flags hooks token reuse of the gateway env token as critical", + cfg: { + hooks: { enabled: true, token: "shared-gateway-token-1234567890" }, + } satisfies OpenClawConfig, + env: { + OPENCLAW_GATEWAY_TOKEN: "shared-gateway-token-1234567890", + }, + expectedFinding: "hooks.token_reuse_gateway_token", + expectedSeverity: "critical" as const, }, - ]; + { + name: "warns when hooks.defaultSessionKey is unset", + cfg: { + hooks: { enabled: true, token: "shared-gateway-token-1234567890" }, + } satisfies OpenClawConfig, + expectedFinding: "hooks.default_session_key_unset", + expectedSeverity: "warn" as const, + }, + { + name: "treats wildcard hooks.allowedAgentIds as unrestricted routing", + cfg: { + hooks: { + enabled: true, + token: "shared-gateway-token-1234567890", + defaultSessionKey: "hook:ingress", + allowedAgentIds: ["*"], + }, + } satisfies OpenClawConfig, + expectedFinding: "hooks.allowed_agent_ids_unrestricted", + expectedSeverity: "warn" as const, + }, + { + name: "scores unrestricted hooks.allowedAgentIds by local exposure", + cfg: { hooks: unrestrictedBaseHooks } satisfies OpenClawConfig, + expectedFinding: "hooks.allowed_agent_ids_unrestricted", + expectedSeverity: "warn" as const, + }, + { + name: "scores unrestricted hooks.allowedAgentIds by remote exposure", + cfg: { gateway: { bind: "lan" }, hooks: unrestrictedBaseHooks } satisfies OpenClawConfig, + expectedFinding: "hooks.allowed_agent_ids_unrestricted", + expectedSeverity: "critical" as const, + }, + { + name: "scores hooks request sessionKey override by local exposure", + cfg: { hooks: requestSessionKeyHooks } satisfies OpenClawConfig, + expectedFinding: "hooks.request_session_key_enabled", + expectedSeverity: "warn" as const, + expectedExtraFinding: { + checkId: "hooks.request_session_key_prefixes_missing", + severity: "warn" as const, + }, + }, + { + name: "scores hooks request sessionKey override by remote exposure", + cfg: { + gateway: { bind: "lan" }, + hooks: requestSessionKeyHooks, + } satisfies OpenClawConfig, + expectedFinding: "hooks.request_session_key_enabled", + expectedSeverity: "critical" as const, + }, + ] as const; + await Promise.all( cases.map(async (testCase) => { - const res = await audit(testCase.cfg); - expect( - hasFinding(res, "hooks.request_session_key_enabled", testCase.expectedSeverity), - testCase.name, - ).toBe(true); - if (testCase.expectsPrefixesMissing) { - expect(hasFinding(res, "hooks.request_session_key_prefixes_missing", "warn")).toBe(true); + const env = "env" in testCase ? testCase.env : undefined; + const res = await audit(testCase.cfg, env ? { env } : undefined); + expectFinding(res, testCase.expectedFinding, testCase.expectedSeverity); + if ("expectedExtraFinding" in testCase) { + expectFinding( + res, + testCase.expectedExtraFinding.checkId, + testCase.expectedExtraFinding.severity, + ); } }), ); }); - it("scores gateway HTTP no-auth findings by exposure", async () => { - const cases: Array<{ - name: string; - cfg: OpenClawConfig; - expectedSeverity: "warn" | "critical"; - detailIncludes?: string[]; - }> = [ - { - name: "loopback no-auth", - cfg: { - gateway: { - bind: "loopback", - auth: { mode: "none" }, - http: { endpoints: { chatCompletions: { enabled: true } } }, + it.each([ + { + name: "scores loopback gateway HTTP no-auth as warn", + cfg: { + gateway: { + bind: "loopback", + auth: { mode: "none" }, + http: { endpoints: { chatCompletions: { enabled: true } } }, + }, + } satisfies OpenClawConfig, + expectedFinding: { checkId: "gateway.http.no_auth", severity: "warn" }, + detailIncludes: ["/tools/invoke", "/v1/chat/completions"], + auditOptions: { env: {} }, + }, + { + name: "scores remote gateway HTTP no-auth as critical", + cfg: { + gateway: { + bind: "lan", + auth: { mode: "none" }, + http: { endpoints: { responses: { enabled: true } } }, + }, + } satisfies OpenClawConfig, + expectedFinding: { checkId: "gateway.http.no_auth", severity: "critical" }, + auditOptions: { env: {} }, + }, + { + name: "does not report gateway.http.no_auth when auth mode is token", + cfg: { + gateway: { + bind: "loopback", + auth: { mode: "token", token: "secret" }, + http: { + endpoints: { + chatCompletions: { enabled: true }, + responses: { enabled: true }, + }, }, }, - expectedSeverity: "warn", - detailIncludes: ["/tools/invoke", "/v1/chat/completions"], - }, - { - name: "remote no-auth", - cfg: { - gateway: { - bind: "lan", - auth: { mode: "none" }, - http: { endpoints: { responses: { enabled: true } } }, + } satisfies OpenClawConfig, + expectedNoFinding: "gateway.http.no_auth", + auditOptions: { env: {} }, + }, + { + name: "reports HTTP API session-key override surfaces when enabled", + cfg: { + gateway: { + http: { + endpoints: { + chatCompletions: { enabled: true }, + responses: { enabled: true }, + }, }, }, - expectedSeverity: "critical", - }, - ]; + } satisfies OpenClawConfig, + expectedFinding: { checkId: "gateway.http.session_key_override_enabled", severity: "info" }, + }, + ])("$name", async (testCase) => { + const res = await audit(testCase.cfg, testCase.auditOptions); - await Promise.all( - cases.map(async (testCase) => { - const res = await audit(testCase.cfg, { env: {} }); - expectFinding(res, "gateway.http.no_auth", testCase.expectedSeverity); - if (testCase.detailIncludes) { - const finding = res.findings.find((entry) => entry.checkId === "gateway.http.no_auth"); - for (const text of testCase.detailIncludes) { - expect(finding?.detail, `${testCase.name}:${text}`).toContain(text); - } + if (testCase.expectedFinding) { + expect(res.findings).toEqual( + expect.arrayContaining([expect.objectContaining(testCase.expectedFinding)]), + ); + if (testCase.detailIncludes) { + const finding = res.findings.find( + (entry) => entry.checkId === testCase.expectedFinding?.checkId, + ); + for (const text of testCase.detailIncludes) { + expect(finding?.detail, `${testCase.name}:${text}`).toContain(text); } - }), - ); - }); - - it("does not report gateway.http.no_auth when auth mode is token", async () => { - const cfg: OpenClawConfig = { - gateway: { - bind: "loopback", - auth: { mode: "token", token: "secret" }, - http: { - endpoints: { - chatCompletions: { enabled: true }, - responses: { enabled: true }, - }, - }, - }, - }; - - const res = await audit(cfg, { env: {} }); - expectNoFinding(res, "gateway.http.no_auth"); - }); - - it("reports HTTP API session-key override surfaces when enabled", async () => { - const cfg: OpenClawConfig = { - gateway: { - http: { - endpoints: { - chatCompletions: { enabled: true }, - responses: { enabled: true }, - }, - }, - }, - }; - - const res = await audit(cfg); - - expectFinding(res, "gateway.http.session_key_override_enabled", "info"); + } + } + if (testCase.expectedNoFinding) { + expectNoFinding(res, testCase.expectedNoFinding); + } }); it("warns when state/config look like a synced folder", async () => { @@ -3084,515 +2994,485 @@ description: test skill ); }); - it("flags extensions without plugins.allow", async () => { - const prevDiscordToken = process.env.DISCORD_BOT_TOKEN; - const prevTelegramToken = process.env.TELEGRAM_BOT_TOKEN; - const prevSlackBotToken = process.env.SLACK_BOT_TOKEN; - const prevSlackAppToken = process.env.SLACK_APP_TOKEN; - delete process.env.DISCORD_BOT_TOKEN; - delete process.env.TELEGRAM_BOT_TOKEN; - delete process.env.SLACK_BOT_TOKEN; - delete process.env.SLACK_APP_TOKEN; - const stateDir = sharedExtensionsStateDir; + it("evaluates install metadata findings", async () => { + const cases = [ + { + name: "warns on unpinned npm install specs and missing integrity metadata", + run: async () => + runInstallMetadataAudit( + { + plugins: { + installs: { + "voice-call": { + source: "npm", + spec: "@openclaw/voice-call", + }, + }, + }, + hooks: { + internal: { + installs: { + "test-hooks": { + source: "npm", + spec: "@openclaw/test-hooks", + }, + }, + }, + }, + } satisfies OpenClawConfig, + sharedInstallMetadataStateDir, + ), + expectedPresent: [ + "plugins.installs_unpinned_npm_specs", + "plugins.installs_missing_integrity", + "hooks.installs_unpinned_npm_specs", + "hooks.installs_missing_integrity", + ], + }, + { + name: "does not warn on pinned npm install specs with integrity metadata", + run: async () => + runInstallMetadataAudit( + { + plugins: { + installs: { + "voice-call": { + source: "npm", + spec: "@openclaw/voice-call@1.2.3", + integrity: "sha512-plugin", + }, + }, + }, + hooks: { + internal: { + installs: { + "test-hooks": { + source: "npm", + spec: "@openclaw/test-hooks@1.2.3", + integrity: "sha512-hook", + }, + }, + }, + }, + } satisfies OpenClawConfig, + sharedInstallMetadataStateDir, + ), + expectedAbsent: [ + "plugins.installs_unpinned_npm_specs", + "plugins.installs_missing_integrity", + "hooks.installs_unpinned_npm_specs", + "hooks.installs_missing_integrity", + ], + }, + { + name: "warns when install records drift from installed package versions", + run: async () => { + const tmp = await makeTmpDir("install-version-drift"); + const stateDir = path.join(tmp, "state"); + const pluginDir = path.join(stateDir, "extensions", "voice-call"); + const hookDir = path.join(stateDir, "hooks", "test-hooks"); + await fs.mkdir(pluginDir, { recursive: true }); + await fs.mkdir(hookDir, { recursive: true }); + await fs.writeFile( + path.join(pluginDir, "package.json"), + JSON.stringify({ name: "@openclaw/voice-call", version: "9.9.9" }), + "utf-8", + ); + await fs.writeFile( + path.join(hookDir, "package.json"), + JSON.stringify({ name: "@openclaw/test-hooks", version: "8.8.8" }), + "utf-8", + ); - try { - const cfg: OpenClawConfig = {}; - const res = await runSecurityAudit({ - config: cfg, - includeFilesystem: true, - includeChannelSecurity: false, - stateDir, - configPath: path.join(stateDir, "openclaw.json"), - execDockerRawFn: execDockerRawUnavailable, - }); + return runInstallMetadataAudit( + { + plugins: { + installs: { + "voice-call": { + source: "npm", + spec: "@openclaw/voice-call@1.2.3", + integrity: "sha512-plugin", + resolvedVersion: "1.2.3", + }, + }, + }, + hooks: { + internal: { + installs: { + "test-hooks": { + source: "npm", + spec: "@openclaw/test-hooks@1.2.3", + integrity: "sha512-hook", + resolvedVersion: "1.2.3", + }, + }, + }, + }, + }, + stateDir, + ); + }, + expectedPresent: ["plugins.installs_version_drift", "hooks.installs_version_drift"], + }, + ] as const; - expect(res.findings).toEqual( - expect.arrayContaining([ - expect.objectContaining({ checkId: "plugins.extensions_no_allowlist", severity: "warn" }), - ]), - ); - } finally { - if (prevDiscordToken == null) { - delete process.env.DISCORD_BOT_TOKEN; - } else { - process.env.DISCORD_BOT_TOKEN = prevDiscordToken; + for (const testCase of cases) { + const res = await testCase.run(); + const expectedPresent = "expectedPresent" in testCase ? testCase.expectedPresent : []; + for (const checkId of expectedPresent) { + expect(hasFinding(res, checkId, "warn"), `${testCase.name}:${checkId}`).toBe(true); } - if (prevTelegramToken == null) { - delete process.env.TELEGRAM_BOT_TOKEN; - } else { - process.env.TELEGRAM_BOT_TOKEN = prevTelegramToken; - } - if (prevSlackBotToken == null) { - delete process.env.SLACK_BOT_TOKEN; - } else { - process.env.SLACK_BOT_TOKEN = prevSlackBotToken; - } - if (prevSlackAppToken == null) { - delete process.env.SLACK_APP_TOKEN; - } else { - process.env.SLACK_APP_TOKEN = prevSlackAppToken; + const expectedAbsent = "expectedAbsent" in testCase ? testCase.expectedAbsent : []; + for (const checkId of expectedAbsent) { + expect(hasFinding(res, checkId), `${testCase.name}:${checkId}`).toBe(false); } } }); - it("warns on unpinned npm install specs and missing integrity metadata", async () => { - const cfg: OpenClawConfig = { - plugins: { - installs: { - "voice-call": { - source: "npm", - spec: "@openclaw/voice-call", - }, + it("evaluates extension tool reachability findings", async () => { + const cases = [ + { + name: "flags extensions without plugins.allow", + cfg: {} satisfies OpenClawConfig, + assert: (res: SecurityAuditReport) => { + expect(res.findings).toEqual( + expect.arrayContaining([ + expect.objectContaining({ + checkId: "plugins.extensions_no_allowlist", + severity: "warn", + }), + ]), + ); }, }, - hooks: { - internal: { - installs: { - "test-hooks": { - source: "npm", - spec: "@openclaw/test-hooks", + { + name: "flags enabled extensions when tool policy can expose plugin tools", + cfg: { + plugins: { allow: ["some-plugin"] }, + } satisfies OpenClawConfig, + assert: (res: SecurityAuditReport) => { + expect(res.findings).toEqual( + expect.arrayContaining([ + expect.objectContaining({ + checkId: "plugins.tools_reachable_permissive_policy", + severity: "warn", + }), + ]), + ); + }, + }, + { + name: "does not flag plugin tool reachability when profile is restrictive", + cfg: { + plugins: { allow: ["some-plugin"] }, + tools: { profile: "coding" }, + } satisfies OpenClawConfig, + assert: (res: SecurityAuditReport) => { + expect( + res.findings.some((f) => f.checkId === "plugins.tools_reachable_permissive_policy"), + ).toBe(false); + }, + }, + { + name: "flags unallowlisted extensions as critical when native skill commands are exposed", + cfg: { + channels: { + discord: { enabled: true, token: "t" }, + }, + } satisfies OpenClawConfig, + assert: (res: SecurityAuditReport) => { + expect(res.findings).toEqual( + expect.arrayContaining([ + expect.objectContaining({ + checkId: "plugins.extensions_no_allowlist", + severity: "critical", + }), + ]), + ); + }, + }, + { + name: "treats SecretRef channel credentials as configured for extension allowlist severity", + cfg: { + channels: { + discord: { + enabled: true, + token: { + source: "env", + provider: "default", + id: "DISCORD_BOT_TOKEN", + } as unknown as string, }, }, + } satisfies OpenClawConfig, + assert: (res: SecurityAuditReport) => { + expect(res.findings).toEqual( + expect.arrayContaining([ + expect.objectContaining({ + checkId: "plugins.extensions_no_allowlist", + severity: "critical", + }), + ]), + ); }, }, - }; + ] as const; - const res = await runSecurityAudit({ - config: cfg, - includeFilesystem: true, - includeChannelSecurity: false, - stateDir: sharedInstallMetadataStateDir, - configPath: path.join(sharedInstallMetadataStateDir, "openclaw.json"), - execDockerRawFn: execDockerRawUnavailable, - }); - - expect(hasFinding(res, "plugins.installs_unpinned_npm_specs", "warn")).toBe(true); - expect(hasFinding(res, "plugins.installs_missing_integrity", "warn")).toBe(true); - expect(hasFinding(res, "hooks.installs_unpinned_npm_specs", "warn")).toBe(true); - expect(hasFinding(res, "hooks.installs_missing_integrity", "warn")).toBe(true); - }); - - it("does not warn on pinned npm install specs with integrity metadata", async () => { - const cfg: OpenClawConfig = { - plugins: { - installs: { - "voice-call": { - source: "npm", - spec: "@openclaw/voice-call@1.2.3", - integrity: "sha512-plugin", - }, - }, + await withEnvAsync( + { + DISCORD_BOT_TOKEN: undefined, + TELEGRAM_BOT_TOKEN: undefined, + SLACK_BOT_TOKEN: undefined, + SLACK_APP_TOKEN: undefined, }, - hooks: { - internal: { - installs: { - "test-hooks": { - source: "npm", - spec: "@openclaw/test-hooks@1.2.3", - integrity: "sha512-hook", - }, - }, - }, - }, - }; - - const res = await runSecurityAudit({ - config: cfg, - includeFilesystem: true, - includeChannelSecurity: false, - stateDir: sharedInstallMetadataStateDir, - configPath: path.join(sharedInstallMetadataStateDir, "openclaw.json"), - execDockerRawFn: execDockerRawUnavailable, - }); - - expect(hasFinding(res, "plugins.installs_unpinned_npm_specs")).toBe(false); - expect(hasFinding(res, "plugins.installs_missing_integrity")).toBe(false); - expect(hasFinding(res, "hooks.installs_unpinned_npm_specs")).toBe(false); - expect(hasFinding(res, "hooks.installs_missing_integrity")).toBe(false); - }); - - it("warns when install records drift from installed package versions", async () => { - const tmp = await makeTmpDir("install-version-drift"); - const stateDir = path.join(tmp, "state"); - const pluginDir = path.join(stateDir, "extensions", "voice-call"); - const hookDir = path.join(stateDir, "hooks", "test-hooks"); - await fs.mkdir(pluginDir, { recursive: true }); - await fs.mkdir(hookDir, { recursive: true }); - await fs.writeFile( - path.join(pluginDir, "package.json"), - JSON.stringify({ name: "@openclaw/voice-call", version: "9.9.9" }), - "utf-8", - ); - await fs.writeFile( - path.join(hookDir, "package.json"), - JSON.stringify({ name: "@openclaw/test-hooks", version: "8.8.8" }), - "utf-8", - ); - - const cfg: OpenClawConfig = { - plugins: { - installs: { - "voice-call": { - source: "npm", - spec: "@openclaw/voice-call@1.2.3", - integrity: "sha512-plugin", - resolvedVersion: "1.2.3", - }, - }, - }, - hooks: { - internal: { - installs: { - "test-hooks": { - source: "npm", - spec: "@openclaw/test-hooks@1.2.3", - integrity: "sha512-hook", - resolvedVersion: "1.2.3", - }, - }, - }, - }, - }; - - const res = await runSecurityAudit({ - config: cfg, - includeFilesystem: true, - includeChannelSecurity: false, - stateDir, - configPath: path.join(stateDir, "openclaw.json"), - execDockerRawFn: execDockerRawUnavailable, - }); - - expect(hasFinding(res, "plugins.installs_version_drift", "warn")).toBe(true); - expect(hasFinding(res, "hooks.installs_version_drift", "warn")).toBe(true); - }); - - it("flags enabled extensions when tool policy can expose plugin tools", async () => { - const stateDir = sharedExtensionsStateDir; - - const cfg: OpenClawConfig = { - plugins: { allow: ["some-plugin"] }, - }; - const res = await runSecurityAudit({ - config: cfg, - includeFilesystem: true, - includeChannelSecurity: false, - stateDir, - configPath: path.join(stateDir, "openclaw.json"), - execDockerRawFn: execDockerRawUnavailable, - }); - - expect(res.findings).toEqual( - expect.arrayContaining([ - expect.objectContaining({ - checkId: "plugins.tools_reachable_permissive_policy", - severity: "warn", - }), - ]), - ); - }); - - it("does not flag plugin tool reachability when profile is restrictive", async () => { - const stateDir = sharedExtensionsStateDir; - - const cfg: OpenClawConfig = { - plugins: { allow: ["some-plugin"] }, - tools: { profile: "coding" }, - }; - const res = await runSecurityAudit({ - config: cfg, - includeFilesystem: true, - includeChannelSecurity: false, - stateDir, - configPath: path.join(stateDir, "openclaw.json"), - execDockerRawFn: execDockerRawUnavailable, - }); - - expect( - res.findings.some((f) => f.checkId === "plugins.tools_reachable_permissive_policy"), - ).toBe(false); - }); - - it("flags unallowlisted extensions as critical when native skill commands are exposed", async () => { - const prevDiscordToken = process.env.DISCORD_BOT_TOKEN; - delete process.env.DISCORD_BOT_TOKEN; - const stateDir = sharedExtensionsStateDir; - - try { - const cfg: OpenClawConfig = { - channels: { - discord: { enabled: true, token: "t" }, - }, - }; - const res = await runSecurityAudit({ - config: cfg, - includeFilesystem: true, - includeChannelSecurity: false, - stateDir, - configPath: path.join(stateDir, "openclaw.json"), - execDockerRawFn: execDockerRawUnavailable, - }); - - expect(res.findings).toEqual( - expect.arrayContaining([ - expect.objectContaining({ - checkId: "plugins.extensions_no_allowlist", - severity: "critical", + async () => { + await Promise.all( + cases.map(async (testCase) => { + const res = await runSharedExtensionsAudit(testCase.cfg); + testCase.assert(res); }), - ]), - ); - } finally { - if (prevDiscordToken == null) { - delete process.env.DISCORD_BOT_TOKEN; - } else { - process.env.DISCORD_BOT_TOKEN = prevDiscordToken; - } - } + ); + }, + ); }); - it("treats SecretRef channel credentials as configured for extension allowlist severity", async () => { - const prevDiscordToken = process.env.DISCORD_BOT_TOKEN; - delete process.env.DISCORD_BOT_TOKEN; - const stateDir = sharedExtensionsStateDir; - - try { - const cfg: OpenClawConfig = { - channels: { - discord: { - enabled: true, - token: { - source: "env", - provider: "default", - id: "DISCORD_BOT_TOKEN", - } as unknown as string, - }, - }, - }; - const res = await runSecurityAudit({ - config: cfg, - includeFilesystem: true, - includeChannelSecurity: false, - stateDir, - configPath: path.join(stateDir, "openclaw.json"), - execDockerRawFn: execDockerRawUnavailable, - }); - - expect(res.findings).toEqual( - expect.arrayContaining([ - expect.objectContaining({ - checkId: "plugins.extensions_no_allowlist", - severity: "critical", + it("evaluates code-safety findings", async () => { + const cases = [ + { + name: "does not scan plugin code safety findings when deep audit is disabled", + run: async () => + runSecurityAudit({ + config: {}, + includeFilesystem: true, + includeChannelSecurity: false, + deep: false, + stateDir: sharedCodeSafetyStateDir, + execDockerRawFn: execDockerRawUnavailable, }), - ]), - ); - } finally { - if (prevDiscordToken == null) { - delete process.env.DISCORD_BOT_TOKEN; - } else { - process.env.DISCORD_BOT_TOKEN = prevDiscordToken; - } - } - }); - - it("does not scan plugin code safety findings when deep audit is disabled", async () => { - const cfg: OpenClawConfig = {}; - const nonDeepRes = await runSecurityAudit({ - config: cfg, - includeFilesystem: true, - includeChannelSecurity: false, - deep: false, - stateDir: sharedCodeSafetyStateDir, - execDockerRawFn: execDockerRawUnavailable, - }); - expect(nonDeepRes.findings.some((f) => f.checkId === "plugins.code_safety")).toBe(false); - - // Deep-mode positive coverage lives in the detailed plugin+skills code-safety test below. - }); - - it("reports detailed code-safety issues for both plugins and skills", async () => { - const cfg: OpenClawConfig = { - agents: { defaults: { workspace: sharedCodeSafetyWorkspaceDir } }, - }; - const [pluginFindings, skillFindings] = await Promise.all([ - collectPluginsCodeSafetyFindings({ stateDir: sharedCodeSafetyStateDir }), - collectInstalledSkillsCodeSafetyFindings({ cfg, stateDir: sharedCodeSafetyStateDir }), - ]); - - const pluginFinding = pluginFindings.find( - (finding) => finding.checkId === "plugins.code_safety" && finding.severity === "critical", - ); - expect(pluginFinding).toBeDefined(); - expect(pluginFinding?.detail).toContain("dangerous-exec"); - expect(pluginFinding?.detail).toMatch(/\.hidden[\\/]+index\.js:\d+/); - - const skillFinding = skillFindings.find( - (finding) => finding.checkId === "skills.code_safety" && finding.severity === "critical", - ); - expect(skillFinding).toBeDefined(); - expect(skillFinding?.detail).toContain("dangerous-exec"); - expect(skillFinding?.detail).toMatch(/runner\.js:\d+/); - }); - - it("flags plugin extension entry path traversal in deep audit", async () => { - const tmpDir = await makeTmpDir("audit-scanner-escape"); - const pluginDir = path.join(tmpDir, "extensions", "escape-plugin"); - await fs.mkdir(pluginDir, { recursive: true }); - await fs.writeFile( - path.join(pluginDir, "package.json"), - JSON.stringify({ - name: "escape-plugin", - openclaw: { extensions: ["../outside.js"] }, - }), - ); - await fs.writeFile(path.join(pluginDir, "index.js"), "export {};"); - - const findings = await collectPluginsCodeSafetyFindings({ stateDir: tmpDir }); - expect(findings.some((f) => f.checkId === "plugins.code_safety.entry_escape")).toBe(true); - }); - - it("reports scan_failed when plugin code scanner throws during deep audit", async () => { - const scanSpy = vi - .spyOn(skillScanner, "scanDirectoryWithSummary") - .mockRejectedValueOnce(new Error("boom")); - - const tmpDir = await makeTmpDir("audit-scanner-throws"); - try { - const pluginDir = path.join(tmpDir, "extensions", "scanfail-plugin"); - await fs.mkdir(pluginDir, { recursive: true }); - await fs.writeFile( - path.join(pluginDir, "package.json"), - JSON.stringify({ - name: "scanfail-plugin", - openclaw: { extensions: ["index.js"] }, - }), - ); - await fs.writeFile(path.join(pluginDir, "index.js"), "export {};"); - - const findings = await collectPluginsCodeSafetyFindings({ stateDir: tmpDir }); - expect(findings.some((f) => f.checkId === "plugins.code_safety.scan_failed")).toBe(true); - } finally { - scanSpy.mockRestore(); - } - }); - - it("flags open groupPolicy when tools.elevated is enabled", async () => { - const cfg: OpenClawConfig = { - tools: { elevated: { enabled: true, allowFrom: { whatsapp: ["+1"] } } }, - channels: { whatsapp: { groupPolicy: "open" } }, - }; - - const res = await audit(cfg); - - expect(res.findings).toEqual( - expect.arrayContaining([ - expect.objectContaining({ - checkId: "security.exposure.open_groups_with_elevated", - severity: "critical", - }), - ]), - ); - }); - - it("flags open groupPolicy when runtime/filesystem tools are exposed without guards", async () => { - const cfg: OpenClawConfig = { - channels: { whatsapp: { groupPolicy: "open" } }, - tools: { elevated: { enabled: false } }, - }; - - const res = await audit(cfg); - - expect(res.findings).toEqual( - expect.arrayContaining([ - expect.objectContaining({ - checkId: "security.exposure.open_groups_with_runtime_or_fs", - severity: "critical", - }), - ]), - ); - }); - - it("does not flag runtime/filesystem exposure for open groups when sandbox mode is all", async () => { - const cfg: OpenClawConfig = { - channels: { whatsapp: { groupPolicy: "open" } }, - tools: { - elevated: { enabled: false }, - profile: "coding", - }, - agents: { - defaults: { - sandbox: { mode: "all" }, + assert: (result: SecurityAuditReport) => { + expect(result.findings.some((f) => f.checkId === "plugins.code_safety")).toBe(false); }, }, - }; + { + name: "reports detailed code-safety issues for both plugins and skills", + run: async () => { + const cfg: OpenClawConfig = { + agents: { defaults: { workspace: sharedCodeSafetyWorkspaceDir } }, + }; + const [pluginFindings, skillFindings] = await Promise.all([ + collectPluginsCodeSafetyFindings({ stateDir: sharedCodeSafetyStateDir }), + collectInstalledSkillsCodeSafetyFindings({ cfg, stateDir: sharedCodeSafetyStateDir }), + ]); + return { pluginFindings, skillFindings }; + }, + assert: ( + result: Awaited> extends never + ? never + : { + pluginFindings: Awaited>; + skillFindings: Awaited>; + }, + ) => { + const pluginFinding = result.pluginFindings.find( + (finding) => + finding.checkId === "plugins.code_safety" && finding.severity === "critical", + ); + expect(pluginFinding).toBeDefined(); + expect(pluginFinding?.detail).toContain("dangerous-exec"); + expect(pluginFinding?.detail).toMatch(/\.hidden[\\/]+index\.js:\d+/); - const res = await audit(cfg); - - expect( - res.findings.some((f) => f.checkId === "security.exposure.open_groups_with_runtime_or_fs"), - ).toBe(false); - }); - - it("does not flag runtime/filesystem exposure for open groups when runtime is denied and fs is workspace-only", async () => { - const cfg: OpenClawConfig = { - channels: { whatsapp: { groupPolicy: "open" } }, - tools: { - elevated: { enabled: false }, - profile: "coding", - deny: ["group:runtime"], - fs: { workspaceOnly: true }, + const skillFinding = result.skillFindings.find( + (finding) => + finding.checkId === "skills.code_safety" && finding.severity === "critical", + ); + expect(skillFinding).toBeDefined(); + expect(skillFinding?.detail).toContain("dangerous-exec"); + expect(skillFinding?.detail).toMatch(/runner\.js:\d+/); + }, }, - }; + { + name: "flags plugin extension entry path traversal in deep audit", + run: async () => { + const tmpDir = await makeTmpDir("audit-scanner-escape"); + const pluginDir = path.join(tmpDir, "extensions", "escape-plugin"); + await fs.mkdir(pluginDir, { recursive: true }); + await fs.writeFile( + path.join(pluginDir, "package.json"), + JSON.stringify({ + name: "escape-plugin", + openclaw: { extensions: ["../outside.js"] }, + }), + ); + await fs.writeFile(path.join(pluginDir, "index.js"), "export {};"); + return collectPluginsCodeSafetyFindings({ stateDir: tmpDir }); + }, + assert: (findings: Awaited>) => { + expect(findings.some((f) => f.checkId === "plugins.code_safety.entry_escape")).toBe(true); + }, + }, + { + name: "reports scan_failed when plugin code scanner throws during deep audit", + run: async () => { + const scanSpy = vi + .spyOn(skillScanner, "scanDirectoryWithSummary") + .mockRejectedValueOnce(new Error("boom")); + try { + const tmpDir = await makeTmpDir("audit-scanner-throws"); + const pluginDir = path.join(tmpDir, "extensions", "scanfail-plugin"); + await fs.mkdir(pluginDir, { recursive: true }); + await fs.writeFile( + path.join(pluginDir, "package.json"), + JSON.stringify({ + name: "scanfail-plugin", + openclaw: { extensions: ["index.js"] }, + }), + ); + await fs.writeFile(path.join(pluginDir, "index.js"), "export {};"); + return await collectPluginsCodeSafetyFindings({ stateDir: tmpDir }); + } finally { + scanSpy.mockRestore(); + } + }, + assert: (findings: Awaited>) => { + expect(findings.some((f) => f.checkId === "plugins.code_safety.scan_failed")).toBe(true); + }, + }, + ] as const; - const res = await audit(cfg); - - expect( - res.findings.some((f) => f.checkId === "security.exposure.open_groups_with_runtime_or_fs"), - ).toBe(false); + for (const testCase of cases) { + const result = await testCase.run(); + testCase.assert(result as never); + } }); - it("warns when config heuristics suggest a likely multi-user setup", async () => { - const cfg: OpenClawConfig = { - channels: { - discord: { - groupPolicy: "allowlist", - guilds: { - "1234567890": { - channels: { - "7777777777": { allow: true }, + it("evaluates trust-model exposure findings", async () => { + const cases = [ + { + name: "flags open groupPolicy when tools.elevated is enabled", + cfg: { + tools: { elevated: { enabled: true, allowFrom: { whatsapp: ["+1"] } } }, + channels: { whatsapp: { groupPolicy: "open" } }, + } satisfies OpenClawConfig, + assert: (res: SecurityAuditReport) => { + expect(res.findings).toEqual( + expect.arrayContaining([ + expect.objectContaining({ + checkId: "security.exposure.open_groups_with_elevated", + severity: "critical", + }), + ]), + ); + }, + }, + { + name: "flags open groupPolicy when runtime/filesystem tools are exposed without guards", + cfg: { + channels: { whatsapp: { groupPolicy: "open" } }, + tools: { elevated: { enabled: false } }, + } satisfies OpenClawConfig, + assert: (res: SecurityAuditReport) => { + expect(res.findings).toEqual( + expect.arrayContaining([ + expect.objectContaining({ + checkId: "security.exposure.open_groups_with_runtime_or_fs", + severity: "critical", + }), + ]), + ); + }, + }, + { + name: "does not flag runtime/filesystem exposure for open groups when sandbox mode is all", + cfg: { + channels: { whatsapp: { groupPolicy: "open" } }, + tools: { + elevated: { enabled: false }, + profile: "coding", + }, + agents: { + defaults: { + sandbox: { mode: "all" }, + }, + }, + } satisfies OpenClawConfig, + assert: (res: SecurityAuditReport) => { + expect( + res.findings.some( + (f) => f.checkId === "security.exposure.open_groups_with_runtime_or_fs", + ), + ).toBe(false); + }, + }, + { + name: "does not flag runtime/filesystem exposure for open groups when runtime is denied and fs is workspace-only", + cfg: { + channels: { whatsapp: { groupPolicy: "open" } }, + tools: { + elevated: { enabled: false }, + profile: "coding", + deny: ["group:runtime"], + fs: { workspaceOnly: true }, + }, + } satisfies OpenClawConfig, + assert: (res: SecurityAuditReport) => { + expect( + res.findings.some( + (f) => f.checkId === "security.exposure.open_groups_with_runtime_or_fs", + ), + ).toBe(false); + }, + }, + { + name: "warns when config heuristics suggest a likely multi-user setup", + cfg: { + channels: { + discord: { + groupPolicy: "allowlist", + guilds: { + "1234567890": { + channels: { + "7777777777": { allow: true }, + }, + }, }, }, }, + tools: { elevated: { enabled: false } }, + } satisfies OpenClawConfig, + assert: (res: SecurityAuditReport) => { + const finding = res.findings.find( + (f) => f.checkId === "security.trust_model.multi_user_heuristic", + ); + expect(finding?.severity).toBe("warn"); + expect(finding?.detail).toContain( + 'channels.discord.groupPolicy="allowlist" with configured group targets', + ); + expect(finding?.detail).toContain("personal-assistant"); + expect(finding?.remediation).toContain('agents.defaults.sandbox.mode="all"'); }, }, - tools: { elevated: { enabled: false } }, - }; - - const res = await audit(cfg); - const finding = res.findings.find( - (f) => f.checkId === "security.trust_model.multi_user_heuristic", - ); - - expect(finding?.severity).toBe("warn"); - expect(finding?.detail).toContain( - 'channels.discord.groupPolicy="allowlist" with configured group targets', - ); - expect(finding?.detail).toContain("personal-assistant"); - expect(finding?.remediation).toContain('agents.defaults.sandbox.mode="all"'); - }); - - it("does not warn for multi-user heuristic when no shared-user signals are configured", async () => { - const cfg: OpenClawConfig = { - channels: { - discord: { - groupPolicy: "allowlist", + { + name: "does not warn for multi-user heuristic when no shared-user signals are configured", + cfg: { + channels: { + discord: { + groupPolicy: "allowlist", + }, + }, + tools: { elevated: { enabled: false } }, + } satisfies OpenClawConfig, + assert: (res: SecurityAuditReport) => { + expectNoFinding(res, "security.trust_model.multi_user_heuristic"); }, }, - tools: { elevated: { enabled: false } }, - }; + ] as const; - const res = await audit(cfg); - - expectNoFinding(res, "security.trust_model.multi_user_heuristic"); + await Promise.all( + cases.map(async (testCase) => { + const res = await audit(testCase.cfg); + testCase.assert(res); + }), + ); }); describe("maybeProbeGateway auth selection", () => { @@ -3621,28 +3501,28 @@ description: test skill return probeEnv; }; - it("applies token precedence across local/remote gateway modes", async () => { + it("applies gateway auth precedence across local/remote modes", async () => { const cases: Array<{ name: string; cfg: OpenClawConfig; - env?: { token?: string }; - expectedToken: string; + env?: { token?: string; password?: string }; + expectedAuth: { token?: string; password?: string }; }> = [ { name: "uses local auth when gateway.mode is local", cfg: { gateway: { mode: "local", auth: { token: "local-token-abc123" } } }, - expectedToken: "local-token-abc123", + expectedAuth: { token: "local-token-abc123" }, }, { name: "prefers env token over local config token", cfg: { gateway: { mode: "local", auth: { token: "local-token" } } }, env: { token: "env-token" }, - expectedToken: "env-token", + expectedAuth: { token: "env-token" }, }, { name: "uses local auth when gateway.mode is undefined (default)", cfg: { gateway: { auth: { token: "default-local-token" } } }, - expectedToken: "default-local-token", + expectedAuth: { token: "default-local-token" }, }, { name: "uses remote auth when gateway.mode is remote with URL", @@ -3653,7 +3533,7 @@ description: test skill remote: { url: "wss://remote.example.com:18789", token: "remote-token-xyz789" }, }, }, - expectedToken: "remote-token-xyz789", + expectedAuth: { token: "remote-token-xyz789" }, }, { name: "ignores env token when gateway.mode is remote", @@ -3665,7 +3545,7 @@ description: test skill }, }, env: { token: "env-token" }, - expectedToken: "remote-token", + expectedAuth: { token: "remote-token" }, }, { name: "falls back to local auth when gateway.mode is remote but URL is missing", @@ -3676,31 +3556,8 @@ description: test skill remote: { token: "remote-token-should-not-use" }, }, }, - expectedToken: "fallback-local-token", + expectedAuth: { token: "fallback-local-token" }, }, - ]; - - await Promise.all( - cases.map(async (testCase) => { - const { probeGatewayFn, getAuth } = makeProbeCapture(); - await audit(testCase.cfg, { - deep: true, - deepTimeoutMs: 50, - probeGatewayFn, - env: makeProbeEnv(testCase.env), - }); - expect(getAuth()?.token, testCase.name).toBe(testCase.expectedToken); - }), - ); - }); - - it("applies password precedence for remote gateways", async () => { - const cases: Array<{ - name: string; - cfg: OpenClawConfig; - env?: { password?: string }; - expectedPassword: string; - }> = [ { name: "uses remote password when env is unset", cfg: { @@ -3709,7 +3566,7 @@ description: test skill remote: { url: "wss://remote.example.com:18789", password: "remote-pass" }, }, }, - expectedPassword: "remote-pass", + expectedAuth: { password: "remote-pass" }, }, { name: "prefers env password over remote password", @@ -3720,7 +3577,7 @@ description: test skill }, }, env: { password: "env-pass" }, - expectedPassword: "env-pass", + expectedAuth: { password: "env-pass" }, }, ]; @@ -3733,7 +3590,7 @@ description: test skill probeGatewayFn, env: makeProbeEnv(testCase.env), }); - expect(getAuth()?.password, testCase.name).toBe(testCase.expectedPassword); + expect(getAuth(), testCase.name).toEqual(testCase.expectedAuth); }), ); }); diff --git a/src/security/audit.ts b/src/security/audit.ts index ba809a1714c..8eacad4649e 100644 --- a/src/security/audit.ts +++ b/src/security/audit.ts @@ -512,9 +512,9 @@ function collectGatewayConfigFindings( severity: exposed ? "critical" : "warn", title: "Control UI allowed origins contains wildcard", detail: - 'gateway.controlUi.allowedOrigins includes "*" which effectively disables origin allowlisting for Control UI/WebChat requests.', + 'gateway.controlUi.allowedOrigins includes "*" which means allow any browser origin for Control UI/WebChat requests. This disables origin allowlisting and should be treated as an intentional allow-all policy.', remediation: - "Replace wildcard origins with explicit trusted origins (for example https://control.example.com).", + 'Replace wildcard origins with explicit trusted origins (for example https://control.example.com). Do not use "*" outside tightly controlled local testing.', }); } if (dangerouslyAllowHostHeaderOriginFallback) { diff --git a/src/security/windows-acl.test.ts b/src/security/windows-acl.test.ts index f9cb67fa4e5..6f073e34a10 100644 --- a/src/security/windows-acl.test.ts +++ b/src/security/windows-acl.test.ts @@ -1,4 +1,4 @@ -import { describe, expect, it, vi } from "vitest"; +import { beforeEach, describe, expect, it, vi } from "vitest"; import type { WindowsAclEntry, WindowsAclSummary } from "./windows-acl.js"; const MOCK_USERNAME = "MockUser"; @@ -8,15 +8,26 @@ vi.mock("node:os", () => ({ userInfo: () => ({ username: MOCK_USERNAME }), })); -const { - createIcaclsResetCommand, - formatIcaclsResetCommand, - formatWindowsAclSummary, - inspectWindowsAcl, - parseIcaclsOutput, - resolveWindowsUserPrincipal, - summarizeWindowsAcl, -} = await import("./windows-acl.js"); +let createIcaclsResetCommand: typeof import("./windows-acl.js").createIcaclsResetCommand; +let formatIcaclsResetCommand: typeof import("./windows-acl.js").formatIcaclsResetCommand; +let formatWindowsAclSummary: typeof import("./windows-acl.js").formatWindowsAclSummary; +let inspectWindowsAcl: typeof import("./windows-acl.js").inspectWindowsAcl; +let parseIcaclsOutput: typeof import("./windows-acl.js").parseIcaclsOutput; +let resolveWindowsUserPrincipal: typeof import("./windows-acl.js").resolveWindowsUserPrincipal; +let summarizeWindowsAcl: typeof import("./windows-acl.js").summarizeWindowsAcl; + +beforeEach(async () => { + vi.resetModules(); + ({ + createIcaclsResetCommand, + formatIcaclsResetCommand, + formatWindowsAclSummary, + inspectWindowsAcl, + parseIcaclsOutput, + resolveWindowsUserPrincipal, + summarizeWindowsAcl, + } = await import("./windows-acl.js")); +}); function aclEntry(params: { principal: string; diff --git a/src/shared/lazy-runtime.ts b/src/shared/lazy-runtime.ts new file mode 100644 index 00000000000..23f6a6039de --- /dev/null +++ b/src/shared/lazy-runtime.ts @@ -0,0 +1,44 @@ +export function createLazyRuntimeSurface( + importer: () => Promise, + select: (module: TModule) => TSurface, +): () => Promise { + let cached: Promise | null = null; + return () => { + cached ??= importer().then(select); + return cached; + }; +} + +/** Cache the raw dynamically imported runtime module behind a stable loader. */ +export function createLazyRuntimeModule( + importer: () => Promise, +): () => Promise { + return createLazyRuntimeSurface(importer, (module) => module); +} + +/** Cache a single named runtime export without repeating a custom selector closure per caller. */ +export function createLazyRuntimeNamedExport( + importer: () => Promise, + key: TKey, +): () => Promise { + return createLazyRuntimeSurface(importer, (module) => module[key]); +} + +export function createLazyRuntimeMethod( + load: () => Promise, + select: (surface: TSurface) => (...args: TArgs) => TResult, +): (...args: TArgs) => Promise> { + const invoke = async (...args: TArgs): Promise> => { + const method = select(await load()); + return await method(...args); + }; + return invoke; +} + +export function createLazyRuntimeMethodBinder(load: () => Promise) { + return function ( + select: (surface: TSurface) => (...args: TArgs) => TResult, + ): (...args: TArgs) => Promise> { + return createLazyRuntimeMethod(load, select); + }; +} diff --git a/src/shared/operator-scope-compat.test.ts b/src/shared/operator-scope-compat.test.ts index 44236ca7341..895b9665d12 100644 --- a/src/shared/operator-scope-compat.test.ts +++ b/src/shared/operator-scope-compat.test.ts @@ -1,5 +1,5 @@ import { describe, expect, it } from "vitest"; -import { roleScopesAllow } from "./operator-scope-compat.js"; +import { resolveMissingRequestedScope, roleScopesAllow } from "./operator-scope-compat.js"; describe("roleScopesAllow", () => { it("allows empty requested scope lists regardless of granted scopes", () => { @@ -130,4 +130,24 @@ describe("roleScopesAllow", () => { }), ).toBe(false); }); + + it("returns the first missing requested scope with operator compatibility", () => { + expect( + resolveMissingRequestedScope({ + role: "operator", + requestedScopes: ["operator.read", "operator.write", "operator.approvals"], + allowedScopes: ["operator.write"], + }), + ).toBe("operator.approvals"); + }); + + it("returns null when all requested scopes are satisfied", () => { + expect( + resolveMissingRequestedScope({ + role: "node", + requestedScopes: ["system.run"], + allowedScopes: ["system.run", "operator.admin"], + }), + ).toBeNull(); + }); }); diff --git a/src/shared/operator-scope-compat.ts b/src/shared/operator-scope-compat.ts index 4b1d954b70f..cf184558caa 100644 --- a/src/shared/operator-scope-compat.ts +++ b/src/shared/operator-scope-compat.ts @@ -47,3 +47,22 @@ export function roleScopesAllow(params: { } return requested.every((scope) => operatorScopeSatisfied(scope, allowedSet)); } + +export function resolveMissingRequestedScope(params: { + role: string; + requestedScopes: readonly string[]; + allowedScopes: readonly string[]; +}): string | null { + for (const scope of params.requestedScopes) { + if ( + !roleScopesAllow({ + role: params.role, + requestedScopes: [scope], + allowedScopes: params.allowedScopes, + }) + ) { + return scope; + } + } + return null; +} diff --git a/src/shared/pid-alive.test.ts b/src/shared/pid-alive.test.ts index 88066f1a794..70eaaadc5a5 100644 --- a/src/shared/pid-alive.test.ts +++ b/src/shared/pid-alive.test.ts @@ -77,17 +77,27 @@ describe("isPidAlive", () => { }); describe("getProcessStartTime", () => { - it("returns a number on Linux for the current process", async () => { - // Simulate a realistic /proc//stat line - const fakeStat = `${process.pid} (node) S 1 ${process.pid} ${process.pid} 0 -1 4194304 12345 0 0 0 100 50 0 0 20 0 8 0 98765 123456789 5000 18446744073709551615 0 0 0 0 0 0 0 0 0 0 0 0 17 0 0 0 0 0 0`; + it("parses linux /proc stat start times and rejects malformed variants", async () => { + const fakeStatPrefix = "42 (node) S 1 42 42 0 -1 4194304 12345 0 0 0 100 50 0 0 20 0 8 0 "; + const fakeStatSuffix = + " 123456789 5000 18446744073709551615 0 0 0 0 0 0 0 0 0 0 0 0 17 0 0 0 0 0 0"; mockProcReads({ - [`/proc/${process.pid}/stat`]: fakeStat, + [`/proc/${process.pid}/stat`]: `${process.pid} (node) S 1 ${process.pid} ${process.pid} 0 -1 4194304 12345 0 0 0 100 50 0 0 20 0 8 0 98765 123456789 5000 18446744073709551615 0 0 0 0 0 0 0 0 0 0 0 0 17 0 0 0 0 0 0`, + "/proc/42/stat": `${fakeStatPrefix}55555${fakeStatSuffix}`, + "/proc/43/stat": "43 node S malformed", + "/proc/44/stat": `44 (My App (v2)) S 1 44 44 0 -1 4194304 0 0 0 0 0 0 0 0 20 0 1 0 66666 0 0 0 0 0 0 0 0 0 0 0 0 0 17 0 0 0 0 0 0`, + "/proc/45/stat": `${fakeStatPrefix}-1${fakeStatSuffix}`, + "/proc/46/stat": `${fakeStatPrefix}1.5${fakeStatSuffix}`, }); await withLinuxProcessPlatform(async () => { const { getProcessStartTime: fresh } = await import("./pid-alive.js"); - const starttime = fresh(process.pid); - expect(starttime).toBe(98765); + expect(fresh(process.pid)).toBe(98765); + expect(fresh(42)).toBe(55555); + expect(fresh(43)).toBeNull(); + expect(fresh(44)).toBe(66666); + expect(fresh(45)).toBeNull(); + expect(fresh(46)).toBeNull(); }); }); @@ -107,41 +117,4 @@ describe("getProcessStartTime", () => { expect(getProcessStartTime(Number.NaN)).toBeNull(); expect(getProcessStartTime(Number.POSITIVE_INFINITY)).toBeNull(); }); - - it("returns null for malformed /proc stat content", async () => { - mockProcReads({ - "/proc/42/stat": "42 node S malformed", - }); - await withLinuxProcessPlatform(async () => { - const { getProcessStartTime: fresh } = await import("./pid-alive.js"); - expect(fresh(42)).toBeNull(); - }); - }); - - it("handles comm fields containing spaces and parentheses", async () => { - // comm field with spaces and nested parens: "(My App (v2))" - const fakeStat = `42 (My App (v2)) S 1 42 42 0 -1 4194304 0 0 0 0 0 0 0 0 20 0 1 0 55555 0 0 0 0 0 0 0 0 0 0 0 0 0 17 0 0 0 0 0 0`; - mockProcReads({ - "/proc/42/stat": fakeStat, - }); - await withLinuxProcessPlatform(async () => { - const { getProcessStartTime: fresh } = await import("./pid-alive.js"); - expect(fresh(42)).toBe(55555); - }); - }); - - it("returns null for negative or non-integer start times", async () => { - const fakeStatPrefix = "42 (node) S 1 42 42 0 -1 4194304 12345 0 0 0 100 50 0 0 20 0 8 0 "; - const fakeStatSuffix = - " 123456789 5000 18446744073709551615 0 0 0 0 0 0 0 0 0 0 0 0 17 0 0 0 0 0 0"; - mockProcReads({ - "/proc/42/stat": `${fakeStatPrefix}-1${fakeStatSuffix}`, - "/proc/43/stat": `${fakeStatPrefix}1.5${fakeStatSuffix}`, - }); - await withLinuxProcessPlatform(async () => { - const { getProcessStartTime: fresh } = await import("./pid-alive.js"); - expect(fresh(42)).toBeNull(); - expect(fresh(43)).toBeNull(); - }); - }); }); diff --git a/src/test-utils/channel-plugins.ts b/src/test-utils/channel-plugins.ts index 4f52350f8fc..d2ebbc45933 100644 --- a/src/test-utils/channel-plugins.ts +++ b/src/test-utils/channel-plugins.ts @@ -26,12 +26,16 @@ export const createTestRegistry = (channels: TestChannelRegistration[] = []): Pl enabled: true, })), providers: [], + speechProviders: [], + mediaUnderstandingProviders: [], + imageGenerationProviders: [], webSearchProviders: [], gatewayHandlers: {}, httpRoutes: [], cliRegistrars: [], services: [], commands: [], + conversationBindingResolvedHandlers: [], diagnostics: [], }); diff --git a/src/test-utils/imessage-test-plugin.ts b/src/test-utils/imessage-test-plugin.ts index 201ad3f9897..62362fe5712 100644 --- a/src/test-utils/imessage-test-plugin.ts +++ b/src/test-utils/imessage-test-plugin.ts @@ -1,4 +1,4 @@ -import { normalizeIMessageHandle } from "../../extensions/imessage/src/targets.js"; +import { normalizeIMessageHandle } from "../../extensions/imessage/api.js"; import { imessageOutbound } from "../../test/channel-outbounds.js"; import type { ChannelOutboundAdapter, ChannelPlugin } from "../channels/plugins/types.js"; import { collectStatusIssuesFromLastError } from "../plugin-sdk/status-helpers.js"; diff --git a/src/test-utils/plugin-registration.ts b/src/test-utils/plugin-registration.ts index e17e4a2520d..e773e6848df 100644 --- a/src/test-utils/plugin-registration.ts +++ b/src/test-utils/plugin-registration.ts @@ -1,40 +1,12 @@ -import type { - AnyAgentTool, - OpenClawPluginApi, - ProviderPlugin, - WebSearchProviderPlugin, -} from "../plugins/types.js"; +import { createCapturedPluginRegistration } from "../plugins/captured-registration.js"; +import type { OpenClawPluginApi, ProviderPlugin } from "../plugins/types.js"; -export type CapturedPluginRegistration = { - api: OpenClawPluginApi; - providers: ProviderPlugin[]; - webSearchProviders: WebSearchProviderPlugin[]; - tools: AnyAgentTool[]; +export { createCapturedPluginRegistration }; + +type RegistrablePlugin = { + register(api: OpenClawPluginApi): void; }; -export function createCapturedPluginRegistration(): CapturedPluginRegistration { - const providers: ProviderPlugin[] = []; - const webSearchProviders: WebSearchProviderPlugin[] = []; - const tools: AnyAgentTool[] = []; - - return { - providers, - webSearchProviders, - tools, - api: { - registerProvider(provider: ProviderPlugin) { - providers.push(provider); - }, - registerWebSearchProvider(provider: WebSearchProviderPlugin) { - webSearchProviders.push(provider); - }, - registerTool(tool: AnyAgentTool) { - tools.push(tool); - }, - } as OpenClawPluginApi, - }; -} - export function registerSingleProviderPlugin(params: { register(api: OpenClawPluginApi): void; }): ProviderPlugin { @@ -46,3 +18,19 @@ export function registerSingleProviderPlugin(params: { } return provider; } + +export function registerProviderPlugins(...plugins: RegistrablePlugin[]): ProviderPlugin[] { + const captured = createCapturedPluginRegistration(); + for (const plugin of plugins) { + plugin.register(captured.api); + } + return captured.providers; +} + +export function requireRegisteredProvider(providers: ProviderPlugin[], providerId: string) { + const provider = providers.find((entry) => entry.id === providerId); + if (!provider) { + throw new Error(`provider ${providerId} missing`); + } + return provider; +} diff --git a/src/tts/edge-tts-validation.test.ts b/src/tts/edge-tts-validation.test.ts index 08697a2c9bd..51e4dbce39f 100644 --- a/src/tts/edge-tts-validation.test.ts +++ b/src/tts/edge-tts-validation.test.ts @@ -1,7 +1,7 @@ import { mkdtempSync, rmSync, writeFileSync } from "node:fs"; import { tmpdir } from "node:os"; import path from "node:path"; -import { afterEach, describe, expect, it, vi } from "vitest"; +import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; let mockTtsPromise = vi.fn<(text: string, filePath: string) => Promise>(); @@ -13,7 +13,9 @@ vi.mock("node-edge-tts", () => ({ }, })); -const { edgeTTS } = await import("./tts-core.js"); +type TtsCoreModule = typeof import("./tts-core.js"); + +let edgeTTS: TtsCoreModule["edgeTTS"]; const baseEdgeConfig = { enabled: true, @@ -27,6 +29,11 @@ const baseEdgeConfig = { describe("edgeTTS – empty audio validation", () => { let tempDir: string; + beforeEach(async () => { + vi.resetModules(); + ({ edgeTTS } = await import("./tts-core.js")); + }); + afterEach(() => { rmSync(tempDir, { recursive: true, force: true }); }); diff --git a/src/tts/provider-registry.ts b/src/tts/provider-registry.ts new file mode 100644 index 00000000000..d1462880a99 --- /dev/null +++ b/src/tts/provider-registry.ts @@ -0,0 +1,84 @@ +import type { OpenClawConfig } from "../config/config.js"; +import { loadOpenClawPlugins } from "../plugins/loader.js"; +import { getActivePluginRegistry } from "../plugins/runtime.js"; +import type { SpeechProviderPlugin } from "../plugins/types.js"; +import type { SpeechProviderId } from "./provider-types.js"; +import { buildElevenLabsSpeechProvider } from "./providers/elevenlabs.js"; +import { buildMicrosoftSpeechProvider } from "./providers/microsoft.js"; +import { buildOpenAISpeechProvider } from "./providers/openai.js"; + +const BUILTIN_SPEECH_PROVIDER_BUILDERS = [ + buildOpenAISpeechProvider, + buildElevenLabsSpeechProvider, + buildMicrosoftSpeechProvider, +] as const satisfies readonly (() => SpeechProviderPlugin)[]; + +function trimToUndefined(value: string | undefined): string | undefined { + const trimmed = value?.trim().toLowerCase(); + return trimmed ? trimmed : undefined; +} + +export function normalizeSpeechProviderId( + providerId: string | undefined, +): SpeechProviderId | undefined { + const normalized = trimToUndefined(providerId); + if (!normalized) { + return undefined; + } + return normalized === "edge" ? "microsoft" : normalized; +} + +function resolveSpeechProviderPluginEntries(cfg?: OpenClawConfig): SpeechProviderPlugin[] { + const active = getActivePluginRegistry(); + const registry = + (active?.speechProviders?.length ?? 0) > 0 || !cfg + ? active + : loadOpenClawPlugins({ config: cfg }); + return registry?.speechProviders?.map((entry) => entry.provider) ?? []; +} + +function buildProviderMaps(cfg?: OpenClawConfig): { + canonical: Map; + aliases: Map; +} { + const canonical = new Map(); + const aliases = new Map(); + const register = (provider: SpeechProviderPlugin) => { + const id = normalizeSpeechProviderId(provider.id); + if (!id) { + return; + } + canonical.set(id, provider); + aliases.set(id, provider); + for (const alias of provider.aliases ?? []) { + const normalizedAlias = normalizeSpeechProviderId(alias); + if (normalizedAlias) { + aliases.set(normalizedAlias, provider); + } + } + }; + + for (const buildProvider of BUILTIN_SPEECH_PROVIDER_BUILDERS) { + register(buildProvider()); + } + for (const provider of resolveSpeechProviderPluginEntries(cfg)) { + register(provider); + } + + return { canonical, aliases }; +} + +export function listSpeechProviders(cfg?: OpenClawConfig): SpeechProviderPlugin[] { + return [...buildProviderMaps(cfg).canonical.values()]; +} + +export function getSpeechProvider( + providerId: string | undefined, + cfg?: OpenClawConfig, +): SpeechProviderPlugin | undefined { + const normalized = normalizeSpeechProviderId(providerId); + if (!normalized) { + return undefined; + } + return buildProviderMaps(cfg).aliases.get(normalized); +} diff --git a/src/tts/provider-types.ts b/src/tts/provider-types.ts new file mode 100644 index 00000000000..c0640b63614 --- /dev/null +++ b/src/tts/provider-types.ts @@ -0,0 +1,55 @@ +import type { OpenClawConfig } from "../config/config.js"; +import type { ResolvedTtsConfig, TtsDirectiveOverrides } from "./tts.js"; + +export type SpeechProviderId = string; + +export type SpeechSynthesisTarget = "audio-file" | "voice-note"; + +export type SpeechProviderConfiguredContext = { + cfg?: OpenClawConfig; + config: ResolvedTtsConfig; +}; + +export type SpeechSynthesisRequest = { + text: string; + cfg: OpenClawConfig; + config: ResolvedTtsConfig; + target: SpeechSynthesisTarget; + overrides?: TtsDirectiveOverrides; +}; + +export type SpeechSynthesisResult = { + audioBuffer: Buffer; + outputFormat: string; + fileExtension: string; + voiceCompatible: boolean; +}; + +export type SpeechTelephonySynthesisRequest = { + text: string; + cfg: OpenClawConfig; + config: ResolvedTtsConfig; +}; + +export type SpeechTelephonySynthesisResult = { + audioBuffer: Buffer; + outputFormat: string; + sampleRate: number; +}; + +export type SpeechVoiceOption = { + id: string; + name?: string; + category?: string; + description?: string; + locale?: string; + gender?: string; + personalities?: string[]; +}; + +export type SpeechListVoicesRequest = { + cfg?: OpenClawConfig; + config?: ResolvedTtsConfig; + apiKey?: string; + baseUrl?: string; +}; diff --git a/src/tts/providers/elevenlabs.ts b/src/tts/providers/elevenlabs.ts new file mode 100644 index 00000000000..c22425926bf --- /dev/null +++ b/src/tts/providers/elevenlabs.ts @@ -0,0 +1,125 @@ +import type { SpeechProviderPlugin } from "../../plugins/types.js"; +import type { SpeechVoiceOption } from "../provider-types.js"; +import { elevenLabsTTS } from "../tts-core.js"; + +const ELEVENLABS_TTS_MODELS = [ + "eleven_multilingual_v2", + "eleven_turbo_v2_5", + "eleven_monolingual_v1", +] as const; + +function normalizeElevenLabsBaseUrl(baseUrl: string | undefined): string { + const trimmed = baseUrl?.trim(); + return trimmed?.replace(/\/+$/, "") || "https://api.elevenlabs.io"; +} + +export async function listElevenLabsVoices(params: { + apiKey: string; + baseUrl?: string; +}): Promise { + const res = await fetch(`${normalizeElevenLabsBaseUrl(params.baseUrl)}/v1/voices`, { + headers: { + "xi-api-key": params.apiKey, + }, + }); + if (!res.ok) { + throw new Error(`ElevenLabs voices API error (${res.status})`); + } + const json = (await res.json()) as { + voices?: Array<{ + voice_id?: string; + name?: string; + category?: string; + description?: string; + }>; + }; + return Array.isArray(json.voices) + ? json.voices + .map((voice) => ({ + id: voice.voice_id?.trim() ?? "", + name: voice.name?.trim() || undefined, + category: voice.category?.trim() || undefined, + description: voice.description?.trim() || undefined, + })) + .filter((voice) => voice.id.length > 0) + : []; +} + +export function buildElevenLabsSpeechProvider(): SpeechProviderPlugin { + return { + id: "elevenlabs", + label: "ElevenLabs", + models: ELEVENLABS_TTS_MODELS, + listVoices: async (req) => { + const apiKey = + req.apiKey || + req.config?.elevenlabs.apiKey || + process.env.ELEVENLABS_API_KEY || + process.env.XI_API_KEY; + if (!apiKey) { + throw new Error("ElevenLabs API key missing"); + } + return listElevenLabsVoices({ + apiKey, + baseUrl: req.baseUrl ?? req.config?.elevenlabs.baseUrl, + }); + }, + isConfigured: ({ config }) => + Boolean(config.elevenlabs.apiKey || process.env.ELEVENLABS_API_KEY || process.env.XI_API_KEY), + synthesize: async (req) => { + const apiKey = + req.config.elevenlabs.apiKey || process.env.ELEVENLABS_API_KEY || process.env.XI_API_KEY; + if (!apiKey) { + throw new Error("ElevenLabs API key missing"); + } + const outputFormat = req.target === "voice-note" ? "opus_48000_64" : "mp3_44100_128"; + const audioBuffer = await elevenLabsTTS({ + text: req.text, + apiKey, + baseUrl: req.config.elevenlabs.baseUrl, + voiceId: req.overrides?.elevenlabs?.voiceId ?? req.config.elevenlabs.voiceId, + modelId: req.overrides?.elevenlabs?.modelId ?? req.config.elevenlabs.modelId, + outputFormat, + seed: req.overrides?.elevenlabs?.seed ?? req.config.elevenlabs.seed, + applyTextNormalization: + req.overrides?.elevenlabs?.applyTextNormalization ?? + req.config.elevenlabs.applyTextNormalization, + languageCode: req.overrides?.elevenlabs?.languageCode ?? req.config.elevenlabs.languageCode, + voiceSettings: { + ...req.config.elevenlabs.voiceSettings, + ...req.overrides?.elevenlabs?.voiceSettings, + }, + timeoutMs: req.config.timeoutMs, + }); + return { + audioBuffer, + outputFormat, + fileExtension: req.target === "voice-note" ? ".opus" : ".mp3", + voiceCompatible: req.target === "voice-note", + }; + }, + synthesizeTelephony: async (req) => { + const apiKey = + req.config.elevenlabs.apiKey || process.env.ELEVENLABS_API_KEY || process.env.XI_API_KEY; + if (!apiKey) { + throw new Error("ElevenLabs API key missing"); + } + const outputFormat = "pcm_22050"; + const sampleRate = 22_050; + const audioBuffer = await elevenLabsTTS({ + text: req.text, + apiKey, + baseUrl: req.config.elevenlabs.baseUrl, + voiceId: req.config.elevenlabs.voiceId, + modelId: req.config.elevenlabs.modelId, + outputFormat, + seed: req.config.elevenlabs.seed, + applyTextNormalization: req.config.elevenlabs.applyTextNormalization, + languageCode: req.config.elevenlabs.languageCode, + voiceSettings: req.config.elevenlabs.voiceSettings, + timeoutMs: req.config.timeoutMs, + }); + return { audioBuffer, outputFormat, sampleRate }; + }, + }; +} diff --git a/src/tts/providers/microsoft.test.ts b/src/tts/providers/microsoft.test.ts new file mode 100644 index 00000000000..f78e09f70e4 --- /dev/null +++ b/src/tts/providers/microsoft.test.ts @@ -0,0 +1,63 @@ +import { afterEach, describe, expect, it, vi } from "vitest"; +import { listMicrosoftVoices } from "./microsoft.js"; + +describe("listMicrosoftVoices", () => { + const originalFetch = globalThis.fetch; + + afterEach(() => { + globalThis.fetch = originalFetch; + vi.restoreAllMocks(); + }); + + it("maps Microsoft voice metadata into speech voice options", async () => { + globalThis.fetch = vi.fn().mockResolvedValue( + new Response( + JSON.stringify([ + { + ShortName: "en-US-AvaNeural", + FriendlyName: "Microsoft Ava Online (Natural) - English (United States)", + Locale: "en-US", + Gender: "Female", + VoiceTag: { + ContentCategories: ["General"], + VoicePersonalities: ["Friendly", "Positive"], + }, + }, + ]), + { status: 200 }, + ), + ) as typeof globalThis.fetch; + + const voices = await listMicrosoftVoices(); + + expect(voices).toEqual([ + { + id: "en-US-AvaNeural", + name: "Microsoft Ava Online (Natural) - English (United States)", + category: "General", + description: "Friendly, Positive", + locale: "en-US", + gender: "Female", + personalities: ["Friendly", "Positive"], + }, + ]); + expect(globalThis.fetch).toHaveBeenCalledWith( + expect.stringContaining("/voices/list?trustedclienttoken="), + expect.objectContaining({ + headers: expect.objectContaining({ + Origin: "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold", + "Sec-MS-GEC": expect.any(String), + "Sec-MS-GEC-Version": expect.stringContaining("1-"), + }), + }), + ); + }); + + it("throws on Microsoft voice list failures", async () => { + globalThis.fetch = vi + .fn() + .mockResolvedValue(new Response("nope", { status: 503 })) as typeof globalThis.fetch; + + await expect(listMicrosoftVoices()).rejects.toThrow("Microsoft voices API error (503)"); + }); +}); diff --git a/src/tts/providers/microsoft.ts b/src/tts/providers/microsoft.ts new file mode 100644 index 00000000000..fef369740cb --- /dev/null +++ b/src/tts/providers/microsoft.ts @@ -0,0 +1,126 @@ +import { mkdirSync, mkdtempSync, readFileSync, rmSync } from "node:fs"; +import path from "node:path"; +import { + CHROMIUM_FULL_VERSION, + TRUSTED_CLIENT_TOKEN, + generateSecMsGecToken, +} from "node-edge-tts/dist/drm.js"; +import { resolvePreferredOpenClawTmpDir } from "../../infra/tmp-openclaw-dir.js"; +import { isVoiceCompatibleAudio } from "../../media/audio.js"; +import type { SpeechProviderPlugin } from "../../plugins/types.js"; +import type { SpeechVoiceOption } from "../provider-types.js"; +import { edgeTTS, inferEdgeExtension } from "../tts-core.js"; + +const DEFAULT_EDGE_OUTPUT_FORMAT = "audio-24khz-48kbitrate-mono-mp3"; + +type MicrosoftVoiceListEntry = { + ShortName?: string; + FriendlyName?: string; + Locale?: string; + Gender?: string; + VoiceTag?: { + ContentCategories?: string[]; + VoicePersonalities?: string[]; + }; +}; + +function buildMicrosoftVoiceHeaders(): Record { + const major = CHROMIUM_FULL_VERSION.split(".")[0] || "0"; + return { + Authority: "speech.platform.bing.com", + Origin: "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold", + Accept: "*/*", + "User-Agent": + `Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 ` + + `(KHTML, like Gecko) Chrome/${major}.0.0.0 Safari/537.36 Edg/${major}.0.0.0`, + "Sec-MS-GEC": generateSecMsGecToken(), + "Sec-MS-GEC-Version": `1-${CHROMIUM_FULL_VERSION}`, + }; +} + +function formatMicrosoftVoiceDescription(entry: MicrosoftVoiceListEntry): string | undefined { + const personalities = entry.VoiceTag?.VoicePersonalities?.filter(Boolean) ?? []; + return personalities.length > 0 ? personalities.join(", ") : undefined; +} + +export async function listMicrosoftVoices(): Promise { + const response = await fetch( + "https://speech.platform.bing.com/consumer/speech/synthesize/readaloud/voices/list" + + `?trustedclienttoken=${TRUSTED_CLIENT_TOKEN}`, + { + headers: buildMicrosoftVoiceHeaders(), + }, + ); + if (!response.ok) { + throw new Error(`Microsoft voices API error (${response.status})`); + } + const voices = (await response.json()) as MicrosoftVoiceListEntry[]; + return Array.isArray(voices) + ? voices + .map((voice) => ({ + id: voice.ShortName?.trim() ?? "", + name: voice.FriendlyName?.trim() || voice.ShortName?.trim() || undefined, + category: voice.VoiceTag?.ContentCategories?.find((value) => value.trim().length > 0), + description: formatMicrosoftVoiceDescription(voice), + locale: voice.Locale?.trim() || undefined, + gender: voice.Gender?.trim() || undefined, + personalities: voice.VoiceTag?.VoicePersonalities?.filter( + (value): value is string => value.trim().length > 0, + ), + })) + .filter((voice) => voice.id.length > 0) + : []; +} + +export function buildMicrosoftSpeechProvider(): SpeechProviderPlugin { + return { + id: "microsoft", + label: "Microsoft", + aliases: ["edge"], + listVoices: async () => await listMicrosoftVoices(), + isConfigured: ({ config }) => config.edge.enabled, + synthesize: async (req) => { + const tempRoot = resolvePreferredOpenClawTmpDir(); + mkdirSync(tempRoot, { recursive: true, mode: 0o700 }); + const tempDir = mkdtempSync(path.join(tempRoot, "tts-microsoft-")); + let outputFormat = req.config.edge.outputFormat; + const fallbackOutputFormat = + outputFormat !== DEFAULT_EDGE_OUTPUT_FORMAT ? DEFAULT_EDGE_OUTPUT_FORMAT : undefined; + + try { + const runEdge = async (format: string) => { + const fileExtension = inferEdgeExtension(format); + const outputPath = path.join(tempDir, `speech${fileExtension}`); + await edgeTTS({ + text: req.text, + outputPath, + config: { + ...req.config.edge, + outputFormat: format, + }, + timeoutMs: req.config.timeoutMs, + }); + const audioBuffer = readFileSync(outputPath); + return { + audioBuffer, + outputFormat: format, + fileExtension, + voiceCompatible: isVoiceCompatibleAudio({ fileName: outputPath }), + }; + }; + + try { + return await runEdge(outputFormat); + } catch (err) { + if (!fallbackOutputFormat || fallbackOutputFormat === outputFormat) { + throw err; + } + outputFormat = fallbackOutputFormat; + return await runEdge(outputFormat); + } + } finally { + rmSync(tempDir, { recursive: true, force: true }); + } + }, + }; +} diff --git a/src/tts/providers/openai.ts b/src/tts/providers/openai.ts new file mode 100644 index 00000000000..9f96e9ea6e9 --- /dev/null +++ b/src/tts/providers/openai.ts @@ -0,0 +1,57 @@ +import type { SpeechProviderPlugin } from "../../plugins/types.js"; +import { OPENAI_TTS_MODELS, OPENAI_TTS_VOICES, openaiTTS } from "../tts-core.js"; + +export function buildOpenAISpeechProvider(): SpeechProviderPlugin { + return { + id: "openai", + label: "OpenAI", + models: OPENAI_TTS_MODELS, + voices: OPENAI_TTS_VOICES, + listVoices: async () => OPENAI_TTS_VOICES.map((voice) => ({ id: voice, name: voice })), + isConfigured: ({ config }) => Boolean(config.openai.apiKey || process.env.OPENAI_API_KEY), + synthesize: async (req) => { + const apiKey = req.config.openai.apiKey || process.env.OPENAI_API_KEY; + if (!apiKey) { + throw new Error("OpenAI API key missing"); + } + const responseFormat = req.target === "voice-note" ? "opus" : "mp3"; + const audioBuffer = await openaiTTS({ + text: req.text, + apiKey, + baseUrl: req.config.openai.baseUrl, + model: req.overrides?.openai?.model ?? req.config.openai.model, + voice: req.overrides?.openai?.voice ?? req.config.openai.voice, + speed: req.config.openai.speed, + instructions: req.config.openai.instructions, + responseFormat, + timeoutMs: req.config.timeoutMs, + }); + return { + audioBuffer, + outputFormat: responseFormat, + fileExtension: responseFormat === "opus" ? ".opus" : ".mp3", + voiceCompatible: req.target === "voice-note", + }; + }, + synthesizeTelephony: async (req) => { + const apiKey = req.config.openai.apiKey || process.env.OPENAI_API_KEY; + if (!apiKey) { + throw new Error("OpenAI API key missing"); + } + const outputFormat = "pcm"; + const sampleRate = 24_000; + const audioBuffer = await openaiTTS({ + text: req.text, + apiKey, + baseUrl: req.config.openai.baseUrl, + model: req.config.openai.model, + voice: req.config.openai.voice, + speed: req.config.openai.speed, + instructions: req.config.openai.instructions, + responseFormat: outputFormat, + timeoutMs: req.config.timeoutMs, + }); + return { audioBuffer, outputFormat, sampleRate }; + }, + }; +} diff --git a/src/tts/runtime.ts b/src/tts/runtime.ts new file mode 100644 index 00000000000..2235a1124e0 --- /dev/null +++ b/src/tts/runtime.ts @@ -0,0 +1,4 @@ +// Shared runtime-facing speech helpers. Keep channel/feature plugins on this +// boundary instead of importing the full TTS orchestrator module directly. + +export { listSpeechVoices, textToSpeech, textToSpeechTelephony } from "./tts.js"; diff --git a/src/tts/tts-core.ts b/src/tts/tts-core.ts index 5d3000d7ad3..7bdc8f56288 100644 --- a/src/tts/tts-core.ts +++ b/src/tts/tts-core.ts @@ -156,10 +156,13 @@ export function parseTtsDirectives( if (!policy.allowProvider) { break; } - if (rawValue === "openai" || rawValue === "elevenlabs" || rawValue === "edge") { - overrides.provider = rawValue; - } else { - warnings.push(`unsupported provider "${rawValue}"`); + { + const providerId = rawValue.trim().toLowerCase(); + if (providerId) { + overrides.provider = providerId; + } else { + warnings.push("invalid provider id"); + } } break; case "voice": diff --git a/src/tts/tts.test.ts b/src/tts/tts.test.ts index 8b232ed034d..ade83c0b30a 100644 --- a/src/tts/tts.test.ts +++ b/src/tts/tts.test.ts @@ -311,7 +311,7 @@ describe("tts", () => { expect(result.overrides.elevenlabs?.voiceSettings?.speed).toBe(1.1); }); - it("accepts edge as provider override", () => { + it("accepts edge as a legacy microsoft provider override", () => { const policy = resolveModelOverridePolicy({ enabled: true, allowProvider: true }); const input = "Hello [[tts:provider=edge]] world"; const result = parseTtsDirectives(input, policy); @@ -362,20 +362,43 @@ describe("tts", () => { }); describe("summarizeText", () => { + let summarizeTextForTest: typeof summarizeText; + let resolveTtsConfigForTest: typeof resolveTtsConfig; + let completeSimpleForTest: typeof completeSimple; + let getApiKeyForModelForTest: typeof getApiKeyForModel; + let resolveModelAsyncForTest: typeof resolveModelAsync; + let ensureCustomApiRegisteredForTest: typeof ensureCustomApiRegistered; + const baseCfg: OpenClawConfig = { agents: { defaults: { model: { primary: "openai/gpt-4o-mini" } } }, messages: { tts: {} }, }; - const baseConfig = resolveTtsConfig(baseCfg); + + beforeEach(async () => { + vi.resetModules(); + ({ completeSimple: completeSimpleForTest } = await import("@mariozechner/pi-ai")); + ({ getApiKeyForModel: getApiKeyForModelForTest } = await import("../agents/model-auth.js")); + ({ resolveModelAsync: resolveModelAsyncForTest } = + await import("../agents/pi-embedded-runner/model.js")); + ({ ensureCustomApiRegistered: ensureCustomApiRegisteredForTest } = + await import("../agents/custom-api-registry.js")); + const ttsModule = await import("./tts.js"); + summarizeTextForTest = ttsModule._test.summarizeText; + resolveTtsConfigForTest = ttsModule.resolveTtsConfig; + vi.mocked(completeSimpleForTest).mockResolvedValue( + mockAssistantMessage([{ type: "text", text: "Summary" }]), + ); + }); it("summarizes text and returns result with metrics", async () => { const mockSummary = "This is a summarized version of the text."; - vi.mocked(completeSimple).mockResolvedValue( + const baseConfig = resolveTtsConfigForTest(baseCfg); + vi.mocked(completeSimpleForTest).mockResolvedValue( mockAssistantMessage([{ type: "text", text: mockSummary }]), ); const longText = "A".repeat(2000); - const result = await summarizeText({ + const result = await summarizeTextForTest({ text: longText, targetLength: 1500, cfg: baseCfg, @@ -387,11 +410,12 @@ describe("tts", () => { expect(result.inputLength).toBe(2000); expect(result.outputLength).toBe(mockSummary.length); expect(result.latencyMs).toBeGreaterThanOrEqual(0); - expect(completeSimple).toHaveBeenCalledTimes(1); + expect(completeSimpleForTest).toHaveBeenCalledTimes(1); }); it("calls the summary model with the expected parameters", async () => { - await summarizeText({ + const baseConfig = resolveTtsConfigForTest(baseCfg); + await summarizeTextForTest({ text: "Long text to summarize", targetLength: 500, cfg: baseCfg, @@ -399,11 +423,11 @@ describe("tts", () => { timeoutMs: 30_000, }); - const callArgs = vi.mocked(completeSimple).mock.calls[0]; + const callArgs = vi.mocked(completeSimpleForTest).mock.calls[0]; expect(callArgs?.[1]?.messages?.[0]?.role).toBe("user"); expect(callArgs?.[2]?.maxTokens).toBe(250); expect(callArgs?.[2]?.temperature).toBe(0.3); - expect(getApiKeyForModel).toHaveBeenCalledTimes(1); + expect(getApiKeyForModelForTest).toHaveBeenCalledTimes(1); }); it("uses summaryModel override when configured", async () => { @@ -411,8 +435,8 @@ describe("tts", () => { agents: { defaults: { model: { primary: "anthropic/claude-opus-4-5" } } }, messages: { tts: { summaryModel: "openai/gpt-4.1-mini" } }, }; - const config = resolveTtsConfig(cfg); - await summarizeText({ + const config = resolveTtsConfigForTest(cfg); + await summarizeTextForTest({ text: "Long text to summarize", targetLength: 500, cfg, @@ -420,11 +444,17 @@ describe("tts", () => { timeoutMs: 30_000, }); - expect(resolveModelAsync).toHaveBeenCalledWith("openai", "gpt-4.1-mini", undefined, cfg); + expect(resolveModelAsyncForTest).toHaveBeenCalledWith( + "openai", + "gpt-4.1-mini", + undefined, + cfg, + ); }); it("registers the Ollama api before direct summarization", async () => { - vi.mocked(resolveModelAsync).mockResolvedValue({ + const baseConfig = resolveTtsConfigForTest(baseCfg); + vi.mocked(resolveModelAsyncForTest).mockResolvedValue({ ...createResolvedModel("ollama", "qwen3:8b", "ollama"), model: { ...createResolvedModel("ollama", "qwen3:8b", "ollama").model, @@ -432,7 +462,7 @@ describe("tts", () => { }, } as never); - await summarizeText({ + await summarizeTextForTest({ text: "Long text to summarize", targetLength: 500, cfg: baseCfg, @@ -440,10 +470,11 @@ describe("tts", () => { timeoutMs: 30_000, }); - expect(ensureCustomApiRegistered).toHaveBeenCalledWith("ollama", expect.any(Function)); + expect(ensureCustomApiRegisteredForTest).toHaveBeenCalledWith("ollama", expect.any(Function)); }); it("validates targetLength bounds", async () => { + const baseConfig = resolveTtsConfigForTest(baseCfg); const cases = [ { targetLength: 99, shouldThrow: true }, { targetLength: 100, shouldThrow: false }, @@ -451,7 +482,7 @@ describe("tts", () => { { targetLength: 10001, shouldThrow: true }, ] as const; for (const testCase of cases) { - const call = summarizeText({ + const call = summarizeTextForTest({ text: "text", targetLength: testCase.targetLength, cfg: baseCfg, @@ -469,6 +500,7 @@ describe("tts", () => { }); it("throws when summary output is missing or empty", async () => { + const baseConfig = resolveTtsConfigForTest(baseCfg); const cases = [ { name: "no summary blocks", message: mockAssistantMessage([]) }, { @@ -477,9 +509,9 @@ describe("tts", () => { }, ] as const; for (const testCase of cases) { - vi.mocked(completeSimple).mockResolvedValue(testCase.message); + vi.mocked(completeSimpleForTest).mockResolvedValue(testCase.message); await expect( - summarizeText({ + summarizeTextForTest({ text: "text", targetLength: 500, cfg: baseCfg, @@ -524,8 +556,8 @@ describe("tts", () => { ELEVENLABS_API_KEY: undefined, XI_API_KEY: undefined, }, - prefsPath: "/tmp/tts-prefs-edge.json", - expected: "edge", + prefsPath: "/tmp/tts-prefs-microsoft.json", + expected: "microsoft", }, ] as const; @@ -539,55 +571,79 @@ describe("tts", () => { }); }); + describe("resolveTtsConfig provider normalization", () => { + it("normalizes legacy edge provider ids to microsoft", () => { + const config = resolveTtsConfig({ + agents: { defaults: { model: { primary: "openai/gpt-4o-mini" } } }, + messages: { + tts: { + provider: "edge", + edge: { + enabled: true, + }, + }, + }, + }); + + expect(config.provider).toBe("microsoft"); + expect(getTtsProvider(config, "/tmp/tts-prefs-normalized.json")).toBe("microsoft"); + }); + }); + describe("resolveTtsConfig – openai.baseUrl", () => { const baseCfg: OpenClawConfig = { agents: { defaults: { model: { primary: "openai/gpt-4o-mini" } } }, messages: { tts: {} }, }; - it("defaults to the official OpenAI endpoint", () => { - withEnv({ OPENAI_TTS_BASE_URL: undefined }, () => { - const config = resolveTtsConfig(baseCfg); - expect(config.openai.baseUrl).toBe("https://api.openai.com/v1"); - }); - }); - - it("picks up OPENAI_TTS_BASE_URL env var when no config baseUrl is set", () => { - withEnv({ OPENAI_TTS_BASE_URL: "http://localhost:8880/v1" }, () => { - const config = resolveTtsConfig(baseCfg); - expect(config.openai.baseUrl).toBe("http://localhost:8880/v1"); - }); - }); - - it("config baseUrl takes precedence over env var", () => { - const cfg: OpenClawConfig = { - ...baseCfg, - messages: { - tts: { openai: { baseUrl: "http://my-server:9000/v1" } }, + it("resolves openai.baseUrl from config/env with config precedence and slash trimming", () => { + for (const testCase of [ + { + name: "default endpoint", + cfg: baseCfg, + env: { OPENAI_TTS_BASE_URL: undefined }, + expected: "https://api.openai.com/v1", }, - }; - withEnv({ OPENAI_TTS_BASE_URL: "http://localhost:8880/v1" }, () => { - const config = resolveTtsConfig(cfg); - expect(config.openai.baseUrl).toBe("http://my-server:9000/v1"); - }); - }); - - it("strips trailing slashes from the resolved baseUrl", () => { - const cfg: OpenClawConfig = { - ...baseCfg, - messages: { - tts: { openai: { baseUrl: "http://my-server:9000/v1///" } }, + { + name: "env override", + cfg: baseCfg, + env: { OPENAI_TTS_BASE_URL: "http://localhost:8880/v1" }, + expected: "http://localhost:8880/v1", }, - }; - const config = resolveTtsConfig(cfg); - expect(config.openai.baseUrl).toBe("http://my-server:9000/v1"); - }); - - it("strips trailing slashes from env var baseUrl", () => { - withEnv({ OPENAI_TTS_BASE_URL: "http://localhost:8880/v1/" }, () => { - const config = resolveTtsConfig(baseCfg); - expect(config.openai.baseUrl).toBe("http://localhost:8880/v1"); - }); + { + name: "config wins over env", + cfg: { + ...baseCfg, + messages: { + tts: { openai: { baseUrl: "http://my-server:9000/v1" } }, + }, + } as OpenClawConfig, + env: { OPENAI_TTS_BASE_URL: "http://localhost:8880/v1" }, + expected: "http://my-server:9000/v1", + }, + { + name: "config slash trimming", + cfg: { + ...baseCfg, + messages: { + tts: { openai: { baseUrl: "http://my-server:9000/v1///" } }, + }, + } as OpenClawConfig, + env: { OPENAI_TTS_BASE_URL: undefined }, + expected: "http://my-server:9000/v1", + }, + { + name: "env slash trimming", + cfg: baseCfg, + env: { OPENAI_TTS_BASE_URL: "http://localhost:8880/v1/" }, + expected: "http://localhost:8880/v1", + }, + ] as const) { + withEnv(testCase.env, () => { + const config = resolveTtsConfig(testCase.cfg); + expect(config.openai.baseUrl, testCase.name).toBe(testCase.expected); + }); + } }); }); @@ -627,12 +683,13 @@ describe("tts", () => { }); } - it("omits instructions for unsupported speech models", async () => { - await expectTelephonyInstructions("tts-1", undefined); - }); - - it("includes instructions for gpt-4o-mini-tts", async () => { - await expectTelephonyInstructions("gpt-4o-mini-tts", "Speak warmly"); + it("only includes instructions for supported telephony models", async () => { + for (const testCase of [ + { model: "tts-1", expectedInstructions: undefined }, + { model: "gpt-4o-mini-tts", expectedInstructions: "Speak warmly" }, + ] as const) { + await expectTelephonyInstructions(testCase.model, testCase.expectedInstructions); + } }); }); @@ -718,31 +775,36 @@ describe("tts", () => { } }); - it("skips auto-TTS in tagged mode unless a tts tag is present", async () => { - await withMockedAutoTtsFetch(async (fetchMock) => { - const payload = { text: "Hello world" }; - const result = await maybeApplyTtsToPayload({ - payload, - cfg: taggedCfg, - kind: "final", - }); - - expect(result).toBe(payload); - expect(fetchMock).not.toHaveBeenCalled(); - }); - }); - - it("runs auto-TTS in tagged mode when tags are present", async () => { - await withMockedAutoTtsFetch(async (fetchMock) => { - const result = await maybeApplyTtsToPayload({ + it("respects tagged-mode auto-TTS gating", async () => { + for (const testCase of [ + { + name: "plain text is skipped", + payload: { text: "Hello world" }, + expectedFetchCalls: 0, + expectSamePayload: true, + }, + { + name: "tagged text is synthesized", payload: { text: "[[tts:text]]Hello world[[/tts:text]]" }, - cfg: taggedCfg, - kind: "final", - }); + expectedFetchCalls: 1, + expectSamePayload: false, + }, + ] as const) { + await withMockedAutoTtsFetch(async (fetchMock) => { + const result = await maybeApplyTtsToPayload({ + payload: testCase.payload, + cfg: taggedCfg, + kind: "final", + }); - expect(result.mediaUrl).toBeDefined(); - expect(fetchMock).toHaveBeenCalledTimes(1); - }); + expect(fetchMock, testCase.name).toHaveBeenCalledTimes(testCase.expectedFetchCalls); + if (testCase.expectSamePayload) { + expect(result, testCase.name).toBe(testCase.payload); + } else { + expect(result.mediaUrl, testCase.name).toBeDefined(); + } + }); + } }); }); }); diff --git a/src/tts/tts.ts b/src/tts/tts.ts index 403efc10543..7d48dfb8e07 100644 --- a/src/tts/tts.ts +++ b/src/tts/tts.ts @@ -5,7 +5,6 @@ import { readFileSync, writeFileSync, mkdtempSync, - rmSync, renameSync, unlinkSync, } from "node:fs"; @@ -25,20 +24,21 @@ import type { import { logVerbose } from "../globals.js"; import { resolvePreferredOpenClawTmpDir } from "../infra/tmp-openclaw-dir.js"; import { stripMarkdown } from "../line/markdown-to-line.js"; -import { isVoiceCompatibleAudio } from "../media/audio.js"; import { CONFIG_DIR, resolveUserPath } from "../utils.js"; +import { + getSpeechProvider, + listSpeechProviders, + normalizeSpeechProviderId, +} from "./provider-registry.js"; +import type { SpeechVoiceOption } from "./provider-types.js"; import { DEFAULT_OPENAI_BASE_URL, - edgeTTS, - elevenLabsTTS, - inferEdgeExtension, isValidOpenAIModel, isValidOpenAIVoice, isValidVoiceId, OPENAI_TTS_MODELS, OPENAI_TTS_VOICES, resolveOpenAITtsInstructions, - openaiTTS, parseTtsDirectives, scheduleCleanup, summarizeText, @@ -83,11 +83,6 @@ const DEFAULT_OUTPUT = { voiceCompatible: false, }; -const TELEPHONY_OUTPUT = { - openai: { format: "pcm" as const, sampleRate: 24000 }, - elevenlabs: { format: "pcm_22050", sampleRate: 22050 }, -}; - const TTS_AUTO_MODES = new Set(["off", "always", "inbound", "tagged"]); export type ResolvedTtsConfig = { @@ -261,12 +256,13 @@ function resolveModelOverridePolicy( export function resolveTtsConfig(cfg: OpenClawConfig): ResolvedTtsConfig { const raw: TtsConfig = cfg.messages?.tts ?? {}; const providerSource = raw.provider ? "config" : "default"; - const edgeOutputFormat = raw.edge?.outputFormat?.trim(); + const rawMicrosoft = { ...raw.edge, ...raw.microsoft }; + const edgeOutputFormat = rawMicrosoft.outputFormat?.trim(); const auto = normalizeTtsAutoMode(raw.auto) ?? (raw.enabled ? "always" : "off"); return { auto, mode: raw.mode ?? "final", - provider: raw.provider ?? "edge", + provider: normalizeSpeechProviderId(raw.provider) ?? "microsoft", providerSource, summaryModel: raw.summaryModel?.trim() || undefined, modelOverrides: resolveModelOverridePolicy(raw.modelOverrides), @@ -311,17 +307,17 @@ export function resolveTtsConfig(cfg: OpenClawConfig): ResolvedTtsConfig { instructions: raw.openai?.instructions?.trim() || undefined, }, edge: { - enabled: raw.edge?.enabled ?? true, - voice: raw.edge?.voice?.trim() || DEFAULT_EDGE_VOICE, - lang: raw.edge?.lang?.trim() || DEFAULT_EDGE_LANG, + enabled: rawMicrosoft.enabled ?? true, + voice: rawMicrosoft.voice?.trim() || DEFAULT_EDGE_VOICE, + lang: rawMicrosoft.lang?.trim() || DEFAULT_EDGE_LANG, outputFormat: edgeOutputFormat || DEFAULT_EDGE_OUTPUT_FORMAT, outputFormatConfigured: Boolean(edgeOutputFormat), - pitch: raw.edge?.pitch?.trim() || undefined, - rate: raw.edge?.rate?.trim() || undefined, - volume: raw.edge?.volume?.trim() || undefined, - saveSubtitles: raw.edge?.saveSubtitles ?? false, - proxy: raw.edge?.proxy?.trim() || undefined, - timeoutMs: raw.edge?.timeoutMs, + pitch: rawMicrosoft.pitch?.trim() || undefined, + rate: rawMicrosoft.rate?.trim() || undefined, + volume: rawMicrosoft.volume?.trim() || undefined, + saveSubtitles: rawMicrosoft.saveSubtitles ?? false, + proxy: rawMicrosoft.proxy?.trim() || undefined, + timeoutMs: rawMicrosoft.timeoutMs, }, prefsPath: raw.prefsPath, maxTextLength: raw.maxTextLength ?? DEFAULT_MAX_TEXT_LENGTH, @@ -448,11 +444,12 @@ export function setTtsEnabled(prefsPath: string, enabled: boolean): void { export function getTtsProvider(config: ResolvedTtsConfig, prefsPath: string): TtsProvider { const prefs = readPrefs(prefsPath); - if (prefs.tts?.provider) { - return prefs.tts.provider; + const prefsProvider = normalizeSpeechProviderId(prefs.tts?.provider); + if (prefsProvider) { + return prefsProvider; } if (config.providerSource === "config") { - return config.provider; + return normalizeSpeechProviderId(config.provider) ?? config.provider; } if (resolveTtsApiKey(config, "openai")) { @@ -461,12 +458,12 @@ export function getTtsProvider(config: ResolvedTtsConfig, prefsPath: string): Tt if (resolveTtsApiKey(config, "elevenlabs")) { return "elevenlabs"; } - return "edge"; + return "microsoft"; } export function setTtsProvider(prefsPath: string, provider: TtsProvider): void { updatePrefs(prefsPath, (prefs) => { - prefs.tts = { ...prefs.tts, provider }; + prefs.tts = { ...prefs.tts, provider: normalizeSpeechProviderId(provider) ?? provider }; }); } @@ -522,26 +519,42 @@ export function resolveTtsApiKey( config: ResolvedTtsConfig, provider: TtsProvider, ): string | undefined { - if (provider === "elevenlabs") { + const normalizedProvider = normalizeSpeechProviderId(provider); + if (normalizedProvider === "elevenlabs") { return config.elevenlabs.apiKey || process.env.ELEVENLABS_API_KEY || process.env.XI_API_KEY; } - if (provider === "openai") { + if (normalizedProvider === "openai") { return config.openai.apiKey || process.env.OPENAI_API_KEY; } return undefined; } -export const TTS_PROVIDERS = ["openai", "elevenlabs", "edge"] as const; +export const TTS_PROVIDERS = ["openai", "elevenlabs", "microsoft"] as const; -export function resolveTtsProviderOrder(primary: TtsProvider): TtsProvider[] { - return [primary, ...TTS_PROVIDERS.filter((provider) => provider !== primary)]; +export function resolveTtsProviderOrder(primary: TtsProvider, cfg?: OpenClawConfig): TtsProvider[] { + const normalizedPrimary = normalizeSpeechProviderId(primary) ?? primary; + const ordered = new Set([normalizedPrimary]); + for (const provider of TTS_PROVIDERS) { + if (provider !== normalizedPrimary) { + ordered.add(provider); + } + } + for (const provider of listSpeechProviders(cfg)) { + const normalized = normalizeSpeechProviderId(provider.id) ?? provider.id; + if (normalized !== normalizedPrimary) { + ordered.add(normalized); + } + } + return [...ordered]; } -export function isTtsProviderConfigured(config: ResolvedTtsConfig, provider: TtsProvider): boolean { - if (provider === "edge") { - return config.edge.enabled; - } - return Boolean(resolveTtsApiKey(config, provider)); +export function isTtsProviderConfigured( + config: ResolvedTtsConfig, + provider: TtsProvider, + cfg?: OpenClawConfig, +): boolean { + const resolvedProvider = getSpeechProvider(provider, cfg); + return resolvedProvider?.isConfigured({ cfg, config }) ?? false; } function formatTtsProviderError(provider: TtsProvider, err: unknown): string { @@ -559,6 +572,29 @@ function buildTtsFailureResult(errors: string[]): { success: false; error: strin }; } +function resolveReadySpeechProvider(params: { + provider: TtsProvider; + cfg: OpenClawConfig; + config: ResolvedTtsConfig; + errors: string[]; + requireTelephony?: boolean; +}): NonNullable> | null { + const resolvedProvider = getSpeechProvider(params.provider, params.cfg); + if (!resolvedProvider) { + params.errors.push(`${params.provider}: no provider registered`); + return null; + } + if (!resolvedProvider.isConfigured({ cfg: params.cfg, config: params.config })) { + params.errors.push(`${params.provider}: not configured`); + return null; + } + if (params.requireTelephony && !resolvedProvider.synthesizeTelephony) { + params.errors.push(`${params.provider}: unsupported for telephony`); + return null; + } + return resolvedProvider; +} + function resolveTtsRequestSetup(params: { text: string; cfg: OpenClawConfig; @@ -581,10 +617,10 @@ function resolveTtsRequestSetup(params: { } const userProvider = getTtsProvider(config, prefsPath); - const provider = params.providerOverride ?? userProvider; + const provider = normalizeSpeechProviderId(params.providerOverride) ?? userProvider; return { config, - providers: resolveTtsProviderOrder(provider), + providers: resolveTtsProviderOrder(provider, params.cfg), }; } @@ -607,136 +643,36 @@ export async function textToSpeech(params: { const { config, providers } = setup; const channelId = resolveChannelId(params.channel); - const output = resolveOutputFormat(channelId); + const target = channelId && VOICE_BUBBLE_CHANNELS.has(channelId) ? "voice-note" : "audio-file"; const errors: string[] = []; for (const provider of providers) { const providerStart = Date.now(); try { - if (provider === "edge") { - if (!config.edge.enabled) { - errors.push("edge: disabled"); - continue; - } - - const tempRoot = resolvePreferredOpenClawTmpDir(); - mkdirSync(tempRoot, { recursive: true, mode: 0o700 }); - const tempDir = mkdtempSync(path.join(tempRoot, "tts-")); - let edgeOutputFormat = resolveEdgeOutputFormat(config); - const fallbackEdgeOutputFormat = - edgeOutputFormat !== DEFAULT_EDGE_OUTPUT_FORMAT ? DEFAULT_EDGE_OUTPUT_FORMAT : undefined; - - const attemptEdgeTts = async (outputFormat: string) => { - const extension = inferEdgeExtension(outputFormat); - const audioPath = path.join(tempDir, `voice-${Date.now()}${extension}`); - await edgeTTS({ - text: params.text, - outputPath: audioPath, - config: { - ...config.edge, - outputFormat, - }, - timeoutMs: config.timeoutMs, - }); - return { audioPath, outputFormat }; - }; - - let edgeResult: { audioPath: string; outputFormat: string }; - try { - edgeResult = await attemptEdgeTts(edgeOutputFormat); - } catch (err) { - if (fallbackEdgeOutputFormat && fallbackEdgeOutputFormat !== edgeOutputFormat) { - logVerbose( - `TTS: Edge output ${edgeOutputFormat} failed; retrying with ${fallbackEdgeOutputFormat}.`, - ); - edgeOutputFormat = fallbackEdgeOutputFormat; - try { - edgeResult = await attemptEdgeTts(edgeOutputFormat); - } catch (fallbackErr) { - try { - rmSync(tempDir, { recursive: true, force: true }); - } catch { - // ignore cleanup errors - } - throw fallbackErr; - } - } else { - try { - rmSync(tempDir, { recursive: true, force: true }); - } catch { - // ignore cleanup errors - } - throw err; - } - } - - scheduleCleanup(tempDir); - const voiceCompatible = isVoiceCompatibleAudio({ fileName: edgeResult.audioPath }); - - return { - success: true, - audioPath: edgeResult.audioPath, - latencyMs: Date.now() - providerStart, - provider, - outputFormat: edgeResult.outputFormat, - voiceCompatible, - }; - } - - const apiKey = resolveTtsApiKey(config, provider); - if (!apiKey) { - errors.push(`${provider}: no API key`); + const resolvedProvider = resolveReadySpeechProvider({ + provider, + cfg: params.cfg, + config, + errors, + }); + if (!resolvedProvider) { continue; } - - let audioBuffer: Buffer; - if (provider === "elevenlabs") { - const voiceIdOverride = params.overrides?.elevenlabs?.voiceId; - const modelIdOverride = params.overrides?.elevenlabs?.modelId; - const voiceSettings = { - ...config.elevenlabs.voiceSettings, - ...params.overrides?.elevenlabs?.voiceSettings, - }; - const seedOverride = params.overrides?.elevenlabs?.seed; - const normalizationOverride = params.overrides?.elevenlabs?.applyTextNormalization; - const languageOverride = params.overrides?.elevenlabs?.languageCode; - audioBuffer = await elevenLabsTTS({ - text: params.text, - apiKey, - baseUrl: config.elevenlabs.baseUrl, - voiceId: voiceIdOverride ?? config.elevenlabs.voiceId, - modelId: modelIdOverride ?? config.elevenlabs.modelId, - outputFormat: output.elevenlabs, - seed: seedOverride ?? config.elevenlabs.seed, - applyTextNormalization: normalizationOverride ?? config.elevenlabs.applyTextNormalization, - languageCode: languageOverride ?? config.elevenlabs.languageCode, - voiceSettings, - timeoutMs: config.timeoutMs, - }); - } else { - const openaiModelOverride = params.overrides?.openai?.model; - const openaiVoiceOverride = params.overrides?.openai?.voice; - audioBuffer = await openaiTTS({ - text: params.text, - apiKey, - baseUrl: config.openai.baseUrl, - model: openaiModelOverride ?? config.openai.model, - voice: openaiVoiceOverride ?? config.openai.voice, - speed: config.openai.speed, - instructions: config.openai.instructions, - responseFormat: output.openai, - timeoutMs: config.timeoutMs, - }); - } - + const synthesis = await resolvedProvider.synthesize({ + text: params.text, + cfg: params.cfg, + config, + target, + overrides: params.overrides, + }); const latencyMs = Date.now() - providerStart; const tempRoot = resolvePreferredOpenClawTmpDir(); mkdirSync(tempRoot, { recursive: true, mode: 0o700 }); const tempDir = mkdtempSync(path.join(tempRoot, "tts-")); - const audioPath = path.join(tempDir, `voice-${Date.now()}${output.extension}`); - writeFileSync(audioPath, audioBuffer); + const audioPath = path.join(tempDir, `voice-${Date.now()}${synthesis.fileExtension}`); + writeFileSync(audioPath, synthesis.audioBuffer); scheduleCleanup(tempDir); return { @@ -744,8 +680,8 @@ export async function textToSpeech(params: { audioPath, latencyMs, provider, - outputFormat: provider === "openai" ? output.openai : output.elevenlabs, - voiceCompatible: output.voiceCompatible, + outputFormat: synthesis.outputFormat, + voiceCompatible: synthesis.voiceCompatible, }; } catch (err) { errors.push(formatTtsProviderError(provider, err)); @@ -776,63 +712,29 @@ export async function textToSpeechTelephony(params: { for (const provider of providers) { const providerStart = Date.now(); try { - if (provider === "edge") { - errors.push("edge: unsupported for telephony"); + const resolvedProvider = resolveReadySpeechProvider({ + provider, + cfg: params.cfg, + config, + errors, + requireTelephony: true, + }); + if (!resolvedProvider?.synthesizeTelephony) { continue; } - - const apiKey = resolveTtsApiKey(config, provider); - if (!apiKey) { - errors.push(`${provider}: no API key`); - continue; - } - - if (provider === "elevenlabs") { - const output = TELEPHONY_OUTPUT.elevenlabs; - const audioBuffer = await elevenLabsTTS({ - text: params.text, - apiKey, - baseUrl: config.elevenlabs.baseUrl, - voiceId: config.elevenlabs.voiceId, - modelId: config.elevenlabs.modelId, - outputFormat: output.format, - seed: config.elevenlabs.seed, - applyTextNormalization: config.elevenlabs.applyTextNormalization, - languageCode: config.elevenlabs.languageCode, - voiceSettings: config.elevenlabs.voiceSettings, - timeoutMs: config.timeoutMs, - }); - - return { - success: true, - audioBuffer, - latencyMs: Date.now() - providerStart, - provider, - outputFormat: output.format, - sampleRate: output.sampleRate, - }; - } - - const output = TELEPHONY_OUTPUT.openai; - const audioBuffer = await openaiTTS({ + const synthesis = await resolvedProvider.synthesizeTelephony({ text: params.text, - apiKey, - baseUrl: config.openai.baseUrl, - model: config.openai.model, - voice: config.openai.voice, - speed: config.openai.speed, - instructions: config.openai.instructions, - responseFormat: output.format, - timeoutMs: config.timeoutMs, + cfg: params.cfg, + config, }); return { success: true, - audioBuffer, + audioBuffer: synthesis.audioBuffer, latencyMs: Date.now() - providerStart, provider, - outputFormat: output.format, - sampleRate: output.sampleRate, + outputFormat: synthesis.outputFormat, + sampleRate: synthesis.sampleRate, }; } catch (err) { errors.push(formatTtsProviderError(provider, err)); @@ -842,6 +744,36 @@ export async function textToSpeechTelephony(params: { return buildTtsFailureResult(errors); } +export async function listSpeechVoices(params: { + provider: string; + cfg?: OpenClawConfig; + config?: ResolvedTtsConfig; + apiKey?: string; + baseUrl?: string; +}): Promise { + const provider = normalizeSpeechProviderId(params.provider); + if (!provider) { + throw new Error("speech provider id is required"); + } + const config = params.config ?? (params.cfg ? resolveTtsConfig(params.cfg) : undefined); + if (!config) { + throw new Error(`speech provider ${provider} requires cfg or resolved config`); + } + const resolvedProvider = getSpeechProvider(provider, params.cfg); + if (!resolvedProvider) { + throw new Error(`speech provider ${provider} is not registered`); + } + if (!resolvedProvider.listVoices) { + throw new Error(`speech provider ${provider} does not support voice listing`); + } + return await resolvedProvider.listVoices({ + cfg: params.cfg, + config, + apiKey: params.apiKey, + baseUrl: params.baseUrl, + }); +} + export async function maybeApplyTtsToPayload(params: { payload: ReplyPayload; cfg: OpenClawConfig; diff --git a/src/types/extension-api.d.ts b/src/types/extension-api.d.ts deleted file mode 100644 index ca711425cab..00000000000 --- a/src/types/extension-api.d.ts +++ /dev/null @@ -1,3 +0,0 @@ -declare module "../../../dist/extensionAPI.js" { - export const runEmbeddedPiAgent: (params: Record) => Promise; -} diff --git a/src/types/node-edge-tts.d.ts b/src/types/node-edge-tts.d.ts index eaaaa9cdf5a..b800c986cb8 100644 --- a/src/types/node-edge-tts.d.ts +++ b/src/types/node-edge-tts.d.ts @@ -16,3 +16,9 @@ declare module "node-edge-tts" { ttsPromise(text: string, outputPath: string): Promise; } } + +declare module "node-edge-tts/dist/drm.js" { + export const CHROMIUM_FULL_VERSION: string; + export const TRUSTED_CLIENT_TOKEN: string; + export function generateSecMsGecToken(): string; +} diff --git a/src/utils/message-channel.ts b/src/utils/message-channel.ts index ed580960ad4..f80633e450d 100644 --- a/src/utils/message-channel.ts +++ b/src/utils/message-channel.ts @@ -12,10 +12,23 @@ import { normalizeGatewayClientMode, normalizeGatewayClientName, } from "../gateway/protocol/client-info.js"; -import { getActivePluginRegistry } from "../plugins/runtime.js"; export const INTERNAL_MESSAGE_CHANNEL = "webchat" as const; export type InternalMessageChannel = typeof INTERNAL_MESSAGE_CHANNEL; +const REGISTRY_STATE = Symbol.for("openclaw.pluginRegistryState"); + +type PluginRegistryStateLike = { + registry?: { + channels?: Array<{ + plugin: { + id: string; + meta: { + aliases?: string[]; + }; + }; + }>; + } | null; +}; const MARKDOWN_CAPABLE_CHANNELS = new Set([ "slack", @@ -64,8 +77,13 @@ export function normalizeMessageChannel(raw?: string | null): string | undefined if (builtIn) { return builtIn; } - const registry = getActivePluginRegistry(); - const pluginMatch = registry?.channels.find((entry) => { + const channels = + ( + globalThis as typeof globalThis & { + [REGISTRY_STATE]?: PluginRegistryStateLike; + } + )[REGISTRY_STATE]?.registry?.channels ?? []; + const pluginMatch = channels.find((entry) => { if (entry.plugin.id.toLowerCase() === normalized) { return true; } @@ -77,19 +95,23 @@ export function normalizeMessageChannel(raw?: string | null): string | undefined } const listPluginChannelIds = (): string[] => { - const registry = getActivePluginRegistry(); - if (!registry) { - return []; - } - return registry.channels.map((entry) => entry.plugin.id); + const channels = + ( + globalThis as typeof globalThis & { + [REGISTRY_STATE]?: PluginRegistryStateLike; + } + )[REGISTRY_STATE]?.registry?.channels ?? []; + return channels.map((entry) => entry.plugin.id); }; const listPluginChannelAliases = (): string[] => { - const registry = getActivePluginRegistry(); - if (!registry) { - return []; - } - return registry.channels.flatMap((entry) => entry.plugin.meta.aliases ?? []); + const channels = + ( + globalThis as typeof globalThis & { + [REGISTRY_STATE]?: PluginRegistryStateLike; + } + )[REGISTRY_STATE]?.registry?.channels ?? []; + return channels.flatMap((entry) => entry.plugin.meta.aliases ?? []); }; export const listDeliverableMessageChannels = (): ChannelId[] => diff --git a/src/web-search/runtime.test.ts b/src/web-search/runtime.test.ts new file mode 100644 index 00000000000..68446d33a95 --- /dev/null +++ b/src/web-search/runtime.test.ts @@ -0,0 +1,46 @@ +import { afterEach, describe, expect, it } from "vitest"; +import { createEmptyPluginRegistry } from "../plugins/registry.js"; +import { setActivePluginRegistry } from "../plugins/runtime.js"; +import { runWebSearch } from "./runtime.js"; + +describe("web search runtime", () => { + afterEach(() => { + setActivePluginRegistry(createEmptyPluginRegistry()); + }); + + it("executes searches through the active plugin registry", async () => { + const registry = createEmptyPluginRegistry(); + registry.webSearchProviders.push({ + pluginId: "custom-search", + pluginName: "Custom Search", + provider: { + id: "custom", + label: "Custom Search", + hint: "Custom runtime provider", + envVars: ["CUSTOM_SEARCH_API_KEY"], + placeholder: "custom-...", + signupUrl: "https://example.com/signup", + autoDetectOrder: 1, + getCredentialValue: () => "configured", + setCredentialValue: () => {}, + createTool: () => ({ + description: "custom", + parameters: {}, + execute: async (args) => ({ ...args, ok: true }), + }), + }, + source: "test", + }); + setActivePluginRegistry(registry); + + await expect( + runWebSearch({ + config: {}, + args: { query: "hello" }, + }), + ).resolves.toEqual({ + provider: "custom", + result: { query: "hello", ok: true }, + }); + }); +}); diff --git a/src/web-search/runtime.ts b/src/web-search/runtime.ts new file mode 100644 index 00000000000..cf11dfcb667 --- /dev/null +++ b/src/web-search/runtime.ts @@ -0,0 +1,194 @@ +import type { OpenClawConfig } from "../config/config.js"; +import { normalizeResolvedSecretInputString } from "../config/types.secrets.js"; +import { logVerbose } from "../globals.js"; +import type { + PluginWebSearchProviderEntry, + WebSearchProviderToolDefinition, +} from "../plugins/types.js"; +import { + resolvePluginWebSearchProviders, + resolveRuntimeWebSearchProviders, +} from "../plugins/web-search-providers.js"; +import type { RuntimeWebSearchMetadata } from "../secrets/runtime-web-tools.types.js"; +import { normalizeSecretInput } from "../utils/normalize-secret-input.js"; + +type WebSearchConfig = NonNullable["web"] extends infer Web + ? Web extends { search?: infer Search } + ? Search + : undefined + : undefined; + +export type ResolveWebSearchDefinitionParams = { + config?: OpenClawConfig; + sandboxed?: boolean; + runtimeWebSearch?: RuntimeWebSearchMetadata; + providerId?: string; + preferRuntimeProviders?: boolean; +}; + +export type RunWebSearchParams = ResolveWebSearchDefinitionParams & { + args: Record; +}; + +function resolveSearchConfig(cfg?: OpenClawConfig): WebSearchConfig { + const search = cfg?.tools?.web?.search; + if (!search || typeof search !== "object") { + return undefined; + } + return search as WebSearchConfig; +} + +export function resolveWebSearchEnabled(params: { + search?: WebSearchConfig; + sandboxed?: boolean; +}): boolean { + if (typeof params.search?.enabled === "boolean") { + return params.search.enabled; + } + if (params.sandboxed) { + return true; + } + return true; +} + +function readProviderEnvValue(envVars: string[]): string | undefined { + for (const envVar of envVars) { + const value = normalizeSecretInput(process.env[envVar]); + if (value) { + return value; + } + } + return undefined; +} + +function hasProviderCredential(providerId: string, search: WebSearchConfig | undefined): boolean { + const providers = resolvePluginWebSearchProviders({ + bundledAllowlistCompat: true, + }); + const provider = providers.find((entry) => entry.id === providerId); + if (!provider) { + return false; + } + const rawValue = provider.getCredentialValue(search as Record | undefined); + const fromConfig = normalizeSecretInput( + normalizeResolvedSecretInputString({ + value: rawValue, + path: + providerId === "brave" + ? "tools.web.search.apiKey" + : `tools.web.search.${providerId}.apiKey`, + }), + ); + return Boolean(fromConfig || readProviderEnvValue(provider.envVars)); +} + +export function listWebSearchProviders(params?: { + config?: OpenClawConfig; +}): PluginWebSearchProviderEntry[] { + return resolveRuntimeWebSearchProviders({ + config: params?.config, + bundledAllowlistCompat: true, + }); +} + +export function resolveWebSearchProviderId(params: { + search?: WebSearchConfig; + providers?: PluginWebSearchProviderEntry[]; +}): string { + const providers = + params.providers ?? + resolvePluginWebSearchProviders({ + bundledAllowlistCompat: true, + }); + const raw = + params.search && "provider" in params.search && typeof params.search.provider === "string" + ? params.search.provider.trim().toLowerCase() + : ""; + + if (raw) { + const explicit = providers.find((provider) => provider.id === raw); + if (explicit) { + return explicit.id; + } + } + + if (!raw) { + for (const provider of providers) { + if (!hasProviderCredential(provider.id, params.search)) { + continue; + } + logVerbose( + `web_search: no provider configured, auto-detected "${provider.id}" from available API keys`, + ); + return provider.id; + } + } + + return providers[0]?.id ?? "brave"; +} + +export function resolveWebSearchDefinition( + options?: ResolveWebSearchDefinitionParams, +): { provider: PluginWebSearchProviderEntry; definition: WebSearchProviderToolDefinition } | null { + const search = resolveSearchConfig(options?.config); + if (!resolveWebSearchEnabled({ search, sandboxed: options?.sandboxed })) { + return null; + } + + const providers = ( + options?.preferRuntimeProviders + ? resolveRuntimeWebSearchProviders({ + config: options?.config, + bundledAllowlistCompat: true, + }) + : resolvePluginWebSearchProviders({ + config: options?.config, + bundledAllowlistCompat: true, + }) + ).filter(Boolean); + if (providers.length === 0) { + return null; + } + + const providerId = + options?.providerId ?? + options?.runtimeWebSearch?.selectedProvider ?? + options?.runtimeWebSearch?.providerConfigured ?? + resolveWebSearchProviderId({ search, providers }); + const provider = + providers.find((entry) => entry.id === providerId) ?? + providers.find((entry) => entry.id === resolveWebSearchProviderId({ search, providers })) ?? + providers[0]; + if (!provider) { + return null; + } + + const definition = provider.createTool({ + config: options?.config, + searchConfig: search as Record | undefined, + runtimeMetadata: options?.runtimeWebSearch, + }); + if (!definition) { + return null; + } + + return { provider, definition }; +} + +export async function runWebSearch( + params: RunWebSearchParams, +): Promise<{ provider: string; result: Record }> { + const resolved = resolveWebSearchDefinition({ ...params, preferRuntimeProviders: true }); + if (!resolved) { + throw new Error("web_search is disabled or no provider is available."); + } + return { + provider: resolved.provider.id, + result: await resolved.definition.execute(params.args), + }; +} + +export const __testing = { + resolveSearchConfig, + resolveWebSearchProviderId, +}; diff --git a/src/whatsapp/resolve-outbound-target.test.ts b/src/whatsapp/resolve-outbound-target.test.ts index 5c4495053b2..4d7d16b4393 100644 --- a/src/whatsapp/resolve-outbound-target.test.ts +++ b/src/whatsapp/resolve-outbound-target.test.ts @@ -1,12 +1,13 @@ import { describe, it, expect, vi, beforeEach } from "vitest"; import * as normalize from "./normalize.js"; -import { resolveWhatsAppOutboundTarget } from "./resolve-outbound-target.js"; vi.mock("./normalize.js"); vi.mock("../infra/outbound/target-errors.js", () => ({ missingTargetError: (platform: string, format: string) => new Error(`${platform}: ${format}`), })); +let resolveWhatsAppOutboundTarget: typeof import("./resolve-outbound-target.js").resolveWhatsAppOutboundTarget; + type ResolveParams = Parameters[0]; const PRIMARY_TARGET = "+11234567890"; const SECONDARY_TARGET = "+19876543210"; @@ -62,8 +63,10 @@ function expectDeniedForTarget(params: { } describe("resolveWhatsAppOutboundTarget", () => { - beforeEach(() => { + beforeEach(async () => { + vi.resetModules(); vi.resetAllMocks(); + ({ resolveWhatsAppOutboundTarget } = await import("./resolve-outbound-target.js")); }); describe("empty/missing to parameter", () => { diff --git a/src/wizard/setup.gateway-config.ts b/src/wizard/setup.gateway-config.ts index 74420c1dac2..ae6c9e42c6f 100644 --- a/src/wizard/setup.gateway-config.ts +++ b/src/wizard/setup.gateway-config.ts @@ -1,7 +1,3 @@ -import { - promptSecretRefForSetup, - resolveSecretInputModeForEnvSelection, -} from "../commands/auth-choice.apply-helpers.js"; import { normalizeGatewayTokenInput, randomToken, @@ -23,6 +19,10 @@ import { } from "../gateway/gateway-config-prompts.shared.js"; import { DEFAULT_DANGEROUS_NODE_COMMANDS } from "../gateway/node-command-policy.js"; import { findTailscaleBinary } from "../infra/tailscale.js"; +import { + promptSecretRefForSetup, + resolveSecretInputModeForEnvSelection, +} from "../plugins/provider-auth-input.js"; import type { RuntimeEnv } from "../runtime.js"; import { validateIPv4AddressInput } from "../shared/net/ipv4.js"; import type { WizardPrompter } from "./prompts.js"; diff --git a/test/helpers/auth-wizard.ts b/test/helpers/auth-wizard.ts new file mode 100644 index 00000000000..a9e409aa25a --- /dev/null +++ b/test/helpers/auth-wizard.ts @@ -0,0 +1,92 @@ +import fs from "node:fs/promises"; +import path from "node:path"; +import { vi } from "vitest"; +import type { RuntimeEnv } from "../../src/runtime.js"; +import { makeTempWorkspace } from "../../src/test-helpers/workspace.js"; +import { captureEnv } from "../../src/test-utils/env.js"; +import type { WizardPrompter } from "../../src/wizard/prompts.js"; + +export const noopAsync = async () => {}; +export const noop = () => {}; + +export function createExitThrowingRuntime(): RuntimeEnv { + return { + log: vi.fn(), + error: vi.fn(), + exit: vi.fn((code: number) => { + throw new Error(`exit:${code}`); + }), + }; +} + +export function createWizardPrompter( + overrides: Partial, + options?: { defaultSelect?: string }, +): WizardPrompter { + return { + intro: vi.fn(noopAsync), + outro: vi.fn(noopAsync), + note: vi.fn(noopAsync), + select: vi.fn(async () => (options?.defaultSelect ?? "") as never), + multiselect: vi.fn(async () => []), + text: vi.fn(async () => "") as unknown as WizardPrompter["text"], + confirm: vi.fn(async () => false), + progress: vi.fn(() => ({ update: noop, stop: noop })), + ...overrides, + }; +} + +export async function setupAuthTestEnv( + prefix = "openclaw-auth-", + options?: { agentSubdir?: string }, +): Promise<{ + stateDir: string; + agentDir: string; +}> { + const stateDir = await makeTempWorkspace(prefix); + const agentDir = path.join(stateDir, options?.agentSubdir ?? "agent"); + process.env.OPENCLAW_STATE_DIR = stateDir; + process.env.OPENCLAW_AGENT_DIR = agentDir; + process.env.PI_CODING_AGENT_DIR = agentDir; + await fs.mkdir(agentDir, { recursive: true }); + return { stateDir, agentDir }; +} + +export type AuthTestLifecycle = { + setStateDir: (stateDir: string) => void; + cleanup: () => Promise; +}; + +export function createAuthTestLifecycle(envKeys: string[]): AuthTestLifecycle { + const envSnapshot = captureEnv(envKeys); + let stateDir: string | null = null; + return { + setStateDir(nextStateDir: string) { + stateDir = nextStateDir; + }, + async cleanup() { + if (stateDir) { + await fs.rm(stateDir, { recursive: true, force: true }); + stateDir = null; + } + envSnapshot.restore(); + }, + }; +} + +export function requireOpenClawAgentDir(): string { + const agentDir = process.env.OPENCLAW_AGENT_DIR; + if (!agentDir) { + throw new Error("OPENCLAW_AGENT_DIR not set"); + } + return agentDir; +} + +export function authProfilePathForAgent(agentDir: string): string { + return path.join(agentDir, "auth-profiles.json"); +} + +export async function readAuthProfilesForAgent(agentDir: string): Promise { + const raw = await fs.readFile(authProfilePathForAgent(agentDir), "utf8"); + return JSON.parse(raw) as T; +} diff --git a/test/helpers/dispatch-inbound-capture.ts b/test/helpers/dispatch-inbound-capture.ts deleted file mode 100644 index cd7b0bd5fdb..00000000000 --- a/test/helpers/dispatch-inbound-capture.ts +++ /dev/null @@ -1,18 +0,0 @@ -import { vi } from "vitest"; - -export function buildDispatchInboundCaptureMock>( - actual: T, - setCtx: (ctx: unknown) => void, -) { - const dispatchInboundMessage = vi.fn(async (params: { ctx: unknown }) => { - setCtx(params.ctx); - return { queuedFinal: false, counts: { tool: 0, block: 0, final: 0 } }; - }); - - return { - ...actual, - dispatchInboundMessage, - dispatchInboundMessageWithDispatcher: dispatchInboundMessage, - dispatchInboundMessageWithBufferedDispatcher: dispatchInboundMessage, - }; -} diff --git a/test/helpers/extensions/chunk-test-helpers.ts b/test/helpers/extensions/chunk-test-helpers.ts new file mode 100644 index 00000000000..c6589284fd3 --- /dev/null +++ b/test/helpers/extensions/chunk-test-helpers.ts @@ -0,0 +1 @@ +export { countLines, hasBalancedFences } from "../../../src/test-utils/chunk-test-helpers.js"; diff --git a/extensions/test-utils/directory.ts b/test/helpers/extensions/directory.ts similarity index 88% rename from extensions/test-utils/directory.ts rename to test/helpers/extensions/directory.ts index 90d2ed445d3..b4edaa12ded 100644 --- a/extensions/test-utils/directory.ts +++ b/test/helpers/extensions/directory.ts @@ -1,4 +1,4 @@ -import type { ChannelDirectoryAdapter } from "../../src/channels/plugins/types.js"; +import type { ChannelDirectoryAdapter } from "openclaw/plugin-sdk/channel-runtime"; export function createDirectoryTestRuntime() { return { diff --git a/test/helpers/extensions/discord-provider.test-support.ts b/test/helpers/extensions/discord-provider.test-support.ts new file mode 100644 index 00000000000..2c8ad988d04 --- /dev/null +++ b/test/helpers/extensions/discord-provider.test-support.ts @@ -0,0 +1,473 @@ +import type { OpenClawConfig } from "openclaw/plugin-sdk/discord"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env"; +import type { Mock } from "vitest"; +import { expect, vi } from "vitest"; + +export type NativeCommandSpecMock = { + name: string; + description: string; + acceptsArgs: boolean; +}; + +export type PluginCommandSpecMock = { + name: string; + description: string; + acceptsArgs: boolean; +}; + +type ProviderMonitorTestMocks = { + clientHandleDeployRequestMock: Mock<() => Promise>; + clientFetchUserMock: Mock<(target: string) => Promise<{ id: string }>>; + clientGetPluginMock: Mock<(name: string) => unknown>; + clientConstructorOptionsMock: Mock<(options?: unknown) => void>; + createDiscordAutoPresenceControllerMock: Mock<() => unknown>; + createDiscordNativeCommandMock: Mock<(params?: { command?: { name?: string } }) => unknown>; + createDiscordMessageHandlerMock: Mock<() => unknown>; + createNoopThreadBindingManagerMock: Mock<() => { stop: ReturnType }>; + createThreadBindingManagerMock: Mock<() => { stop: ReturnType }>; + reconcileAcpThreadBindingsOnStartupMock: Mock<() => unknown>; + createdBindingManagers: Array<{ stop: ReturnType }>; + getAcpSessionStatusMock: Mock< + (params: { + cfg: OpenClawConfig; + sessionKey: string; + signal?: AbortSignal; + }) => Promise<{ state: string }> + >; + getPluginCommandSpecsMock: Mock<() => PluginCommandSpecMock[]>; + listNativeCommandSpecsForConfigMock: Mock<() => NativeCommandSpecMock[]>; + listSkillCommandsForAgentsMock: Mock<() => unknown[]>; + monitorLifecycleMock: Mock<(params: { threadBindings: { stop: () => void } }) => Promise>; + resolveDiscordAccountMock: Mock<() => unknown>; + resolveDiscordAllowlistConfigMock: Mock<() => Promise>; + resolveNativeCommandsEnabledMock: Mock<() => boolean>; + resolveNativeSkillsEnabledMock: Mock<() => boolean>; + isVerboseMock: Mock<() => boolean>; + shouldLogVerboseMock: Mock<() => boolean>; + voiceRuntimeModuleLoadedMock: Mock<() => void>; +}; + +export function baseDiscordAccountConfig() { + return { + commands: { native: true, nativeSkills: false }, + voice: { enabled: false }, + agentComponents: { enabled: false }, + execApprovals: { enabled: false }, + }; +} + +const providerMonitorTestMocks: ProviderMonitorTestMocks = vi.hoisted(() => { + const createdBindingManagers: Array<{ stop: ReturnType }> = []; + const isVerboseMock = vi.fn(() => false); + const shouldLogVerboseMock = vi.fn(() => false); + + return { + clientHandleDeployRequestMock: vi.fn(async () => undefined), + clientFetchUserMock: vi.fn(async (_target: string) => ({ id: "bot-1" })), + clientGetPluginMock: vi.fn<(_name: string) => unknown>(() => undefined), + clientConstructorOptionsMock: vi.fn(), + createDiscordAutoPresenceControllerMock: vi.fn(() => ({ + enabled: false, + start: vi.fn(), + stop: vi.fn(), + refresh: vi.fn(), + runNow: vi.fn(), + })), + createDiscordNativeCommandMock: vi.fn((params?: { command?: { name?: string } }) => ({ + name: params?.command?.name ?? "mock-command", + })), + createDiscordMessageHandlerMock: vi.fn(() => + Object.assign( + vi.fn(async () => undefined), + { + deactivate: vi.fn(), + }, + ), + ), + createNoopThreadBindingManagerMock: vi.fn(() => { + const manager = { stop: vi.fn() }; + createdBindingManagers.push(manager); + return manager; + }), + createThreadBindingManagerMock: vi.fn(() => { + const manager = { stop: vi.fn() }; + createdBindingManagers.push(manager); + return manager; + }), + reconcileAcpThreadBindingsOnStartupMock: vi.fn(() => ({ + checked: 0, + removed: 0, + staleSessionKeys: [], + })), + createdBindingManagers, + getAcpSessionStatusMock: vi.fn( + async (_params: { cfg: OpenClawConfig; sessionKey: string; signal?: AbortSignal }) => ({ + state: "idle", + }), + ), + getPluginCommandSpecsMock: vi.fn<() => PluginCommandSpecMock[]>(() => []), + listNativeCommandSpecsForConfigMock: vi.fn<() => NativeCommandSpecMock[]>(() => [ + { name: "cmd", description: "built-in", acceptsArgs: false }, + ]), + listSkillCommandsForAgentsMock: vi.fn(() => []), + monitorLifecycleMock: vi.fn(async (params: { threadBindings: { stop: () => void } }) => { + params.threadBindings.stop(); + }), + resolveDiscordAccountMock: vi.fn(() => ({ + accountId: "default", + token: "cfg-token", + config: baseDiscordAccountConfig(), + })), + resolveDiscordAllowlistConfigMock: vi.fn(async () => ({ + guildEntries: undefined, + allowFrom: undefined, + })), + resolveNativeCommandsEnabledMock: vi.fn(() => true), + resolveNativeSkillsEnabledMock: vi.fn(() => false), + isVerboseMock, + shouldLogVerboseMock, + voiceRuntimeModuleLoadedMock: vi.fn(), + }; +}); + +const { + clientHandleDeployRequestMock, + clientFetchUserMock, + clientGetPluginMock, + clientConstructorOptionsMock, + createDiscordAutoPresenceControllerMock, + createDiscordNativeCommandMock, + createDiscordMessageHandlerMock, + createNoopThreadBindingManagerMock, + createThreadBindingManagerMock, + reconcileAcpThreadBindingsOnStartupMock, + createdBindingManagers, + getAcpSessionStatusMock, + getPluginCommandSpecsMock, + listNativeCommandSpecsForConfigMock, + listSkillCommandsForAgentsMock, + monitorLifecycleMock, + resolveDiscordAccountMock, + resolveDiscordAllowlistConfigMock, + resolveNativeCommandsEnabledMock, + resolveNativeSkillsEnabledMock, + isVerboseMock, + shouldLogVerboseMock, + voiceRuntimeModuleLoadedMock, +} = providerMonitorTestMocks; + +export function getProviderMonitorTestMocks(): typeof providerMonitorTestMocks { + return providerMonitorTestMocks; +} + +export function mockResolvedDiscordAccountConfig(overrides: Record) { + resolveDiscordAccountMock.mockImplementation(() => ({ + accountId: "default", + token: "cfg-token", + config: { + ...baseDiscordAccountConfig(), + ...overrides, + }, + })); +} + +export function getFirstDiscordMessageHandlerParams() { + expect(createDiscordMessageHandlerMock).toHaveBeenCalledTimes(1); + const firstCall = createDiscordMessageHandlerMock.mock.calls.at(0) as [T] | undefined; + return firstCall?.[0]; +} + +export function resetDiscordProviderMonitorMocks(params?: { + nativeCommands?: NativeCommandSpecMock[]; +}) { + clientHandleDeployRequestMock.mockClear().mockResolvedValue(undefined); + clientFetchUserMock.mockClear().mockResolvedValue({ id: "bot-1" }); + clientGetPluginMock.mockClear().mockReturnValue(undefined); + clientConstructorOptionsMock.mockClear(); + createDiscordAutoPresenceControllerMock.mockClear().mockImplementation(() => ({ + enabled: false, + start: vi.fn(), + stop: vi.fn(), + refresh: vi.fn(), + runNow: vi.fn(), + })); + createDiscordNativeCommandMock.mockClear().mockImplementation((input) => ({ + name: input?.command?.name ?? "mock-command", + })); + createDiscordMessageHandlerMock.mockClear().mockImplementation(() => + Object.assign( + vi.fn(async () => undefined), + { + deactivate: vi.fn(), + }, + ), + ); + createNoopThreadBindingManagerMock.mockClear(); + createThreadBindingManagerMock.mockClear(); + reconcileAcpThreadBindingsOnStartupMock.mockClear().mockReturnValue({ + checked: 0, + removed: 0, + staleSessionKeys: [], + }); + createdBindingManagers.length = 0; + getAcpSessionStatusMock.mockClear().mockResolvedValue({ state: "idle" }); + getPluginCommandSpecsMock.mockClear().mockReturnValue([]); + listNativeCommandSpecsForConfigMock + .mockClear() + .mockReturnValue( + params?.nativeCommands ?? [{ name: "cmd", description: "built-in", acceptsArgs: false }], + ); + listSkillCommandsForAgentsMock.mockClear().mockReturnValue([]); + monitorLifecycleMock.mockClear().mockImplementation(async (monitorParams) => { + monitorParams.threadBindings.stop(); + }); + resolveDiscordAccountMock.mockClear().mockReturnValue({ + accountId: "default", + token: "cfg-token", + config: baseDiscordAccountConfig(), + }); + resolveDiscordAllowlistConfigMock.mockClear().mockResolvedValue({ + guildEntries: undefined, + allowFrom: undefined, + }); + resolveNativeCommandsEnabledMock.mockClear().mockReturnValue(true); + resolveNativeSkillsEnabledMock.mockClear().mockReturnValue(false); + isVerboseMock.mockClear().mockReturnValue(false); + shouldLogVerboseMock.mockClear().mockReturnValue(false); + voiceRuntimeModuleLoadedMock.mockClear(); +} + +export const baseRuntime = (): RuntimeEnv => ({ + log: vi.fn(), + error: vi.fn(), + exit: vi.fn(), +}); + +export const baseConfig = (): OpenClawConfig => + ({ + channels: { + discord: { + accounts: { + default: {}, + }, + }, + }, + }) as OpenClawConfig; + +vi.mock("@buape/carbon", () => { + class Command {} + class ReadyListener {} + class RateLimitError extends Error { + status = 429; + discordCode?: number; + retryAfter: number; + scope: string | null; + bucket: string | null; + constructor( + response: Response, + body: { message: string; retry_after: number; global: boolean }, + ) { + super(body.message); + this.retryAfter = body.retry_after; + this.scope = body.global ? "global" : response.headers.get("X-RateLimit-Scope"); + this.bucket = response.headers.get("X-RateLimit-Bucket"); + } + } + class Client { + listeners: unknown[]; + rest: { put: ReturnType }; + options: unknown; + constructor(options: unknown, handlers: { listeners?: unknown[] }) { + this.options = options; + this.listeners = handlers.listeners ?? []; + this.rest = { put: vi.fn(async () => undefined) }; + clientConstructorOptionsMock(options); + } + async handleDeployRequest() { + return await clientHandleDeployRequestMock(); + } + async fetchUser(target: string) { + return await clientFetchUserMock(target); + } + getPlugin(name: string) { + return clientGetPluginMock(name); + } + } + return { Client, Command, RateLimitError, ReadyListener }; +}); + +vi.mock("@buape/carbon/gateway", () => ({ + GatewayCloseCodes: { DisallowedIntents: 4014 }, +})); + +vi.mock("@buape/carbon/voice", () => ({ + VoicePlugin: class VoicePlugin {}, +})); + +vi.mock("openclaw/plugin-sdk/acp-runtime", async () => { + const actual = await vi.importActual( + "openclaw/plugin-sdk/acp-runtime", + ); + return { + ...actual, + getAcpSessionManager: () => ({ + getSessionStatus: getAcpSessionStatusMock, + }), + isAcpRuntimeError: (error: unknown): error is { code: string } => + error instanceof Error && "code" in error, + }; +}); + +vi.mock("openclaw/plugin-sdk/reply-runtime", async () => { + const actual = await vi.importActual( + "openclaw/plugin-sdk/reply-runtime", + ); + return { + ...actual, + resolveTextChunkLimit: () => 2000, + listNativeCommandSpecsForConfig: listNativeCommandSpecsForConfigMock, + listSkillCommandsForAgents: listSkillCommandsForAgentsMock, + }; +}); + +vi.mock("openclaw/plugin-sdk/config-runtime", async () => { + const actual = await vi.importActual( + "openclaw/plugin-sdk/config-runtime", + ); + return { + ...actual, + isNativeCommandsExplicitlyDisabled: () => false, + loadConfig: () => ({}), + resolveNativeCommandsEnabled: resolveNativeCommandsEnabledMock, + resolveNativeSkillsEnabled: resolveNativeSkillsEnabledMock, + }; +}); + +vi.mock("openclaw/plugin-sdk/runtime-env", async () => { + const actual = await vi.importActual( + "openclaw/plugin-sdk/runtime-env", + ); + return { + ...actual, + danger: (value: string) => value, + isVerbose: isVerboseMock, + logVerbose: vi.fn(), + shouldLogVerbose: shouldLogVerboseMock, + warn: (value: string) => value, + createSubsystemLogger: () => { + const logger = { + child: vi.fn(() => logger), + info: vi.fn(), + error: vi.fn(), + warn: vi.fn(), + debug: vi.fn(), + }; + return logger; + }, + createNonExitingRuntime: () => ({ log: vi.fn(), error: vi.fn(), exit: vi.fn() }), + }; +}); + +vi.mock("openclaw/plugin-sdk/infra-runtime", async () => { + const actual = await vi.importActual( + "openclaw/plugin-sdk/infra-runtime", + ); + return { + ...actual, + formatErrorMessage: (error: unknown) => String(error), + }; +}); + +vi.mock("../../../extensions/discord/src/accounts.js", () => ({ + resolveDiscordAccount: resolveDiscordAccountMock, +})); + +vi.mock("../../../extensions/discord/src/probe.js", () => ({ + fetchDiscordApplicationId: async () => "app-1", +})); + +vi.mock("../../../extensions/discord/src/token.js", () => ({ + normalizeDiscordToken: (value?: string) => value, +})); + +vi.mock("../../../extensions/discord/src/voice/command.js", () => ({ + createDiscordVoiceCommand: () => ({ name: "voice-command" }), +})); + +vi.mock("../../../extensions/discord/src/monitor/agent-components.js", () => ({ + createAgentComponentButton: () => ({ id: "btn" }), + createAgentSelectMenu: () => ({ id: "menu" }), + createDiscordComponentButton: () => ({ id: "btn2" }), + createDiscordComponentChannelSelect: () => ({ id: "channel" }), + createDiscordComponentMentionableSelect: () => ({ id: "mentionable" }), + createDiscordComponentModal: () => ({ id: "modal" }), + createDiscordComponentRoleSelect: () => ({ id: "role" }), + createDiscordComponentStringSelect: () => ({ id: "string" }), + createDiscordComponentUserSelect: () => ({ id: "user" }), +})); + +vi.mock("../../../extensions/discord/src/monitor/auto-presence.js", () => ({ + createDiscordAutoPresenceController: createDiscordAutoPresenceControllerMock, +})); + +vi.mock("../../../extensions/discord/src/monitor/commands.js", () => ({ + resolveDiscordSlashCommandConfig: () => ({ ephemeral: false }), +})); + +vi.mock("../../../extensions/discord/src/monitor/exec-approvals.js", () => ({ + createExecApprovalButton: () => ({ id: "exec-approval" }), + DiscordExecApprovalHandler: class DiscordExecApprovalHandler { + async start() { + return undefined; + } + async stop() { + return undefined; + } + }, +})); + +vi.mock("../../../extensions/discord/src/monitor/gateway-plugin.js", () => ({ + createDiscordGatewayPlugin: () => ({ id: "gateway-plugin" }), +})); + +vi.mock("../../../extensions/discord/src/monitor/listeners.js", () => ({ + DiscordMessageListener: class DiscordMessageListener {}, + DiscordPresenceListener: class DiscordPresenceListener {}, + DiscordReactionListener: class DiscordReactionListener {}, + DiscordReactionRemoveListener: class DiscordReactionRemoveListener {}, + DiscordThreadUpdateListener: class DiscordThreadUpdateListener {}, + registerDiscordListener: vi.fn(), +})); + +vi.mock("../../../extensions/discord/src/monitor/message-handler.js", () => ({ + createDiscordMessageHandler: createDiscordMessageHandlerMock, +})); + +vi.mock("../../../extensions/discord/src/monitor/native-command.js", () => ({ + createDiscordCommandArgFallbackButton: () => ({ id: "arg-fallback" }), + createDiscordModelPickerFallbackButton: () => ({ id: "model-fallback-btn" }), + createDiscordModelPickerFallbackSelect: () => ({ id: "model-fallback-select" }), + createDiscordNativeCommand: createDiscordNativeCommandMock, +})); + +vi.mock("../../../extensions/discord/src/monitor/presence.js", () => ({ + resolveDiscordPresenceUpdate: () => undefined, +})); + +vi.mock("../../../extensions/discord/src/monitor/provider.allowlist.js", () => ({ + resolveDiscordAllowlistConfig: resolveDiscordAllowlistConfigMock, +})); + +vi.mock("../../../extensions/discord/src/monitor/provider.lifecycle.js", () => ({ + runDiscordGatewayLifecycle: monitorLifecycleMock, +})); + +vi.mock("../../../extensions/discord/src/monitor/rest-fetch.js", () => ({ + resolveDiscordRestFetch: () => async () => undefined, +})); + +vi.mock("../../../extensions/discord/src/monitor/thread-bindings.js", () => ({ + createNoopThreadBindingManager: createNoopThreadBindingManagerMock, + createThreadBindingManager: createThreadBindingManagerMock, + reconcileAcpThreadBindingsOnStartup: reconcileAcpThreadBindingsOnStartupMock, +})); diff --git a/test/helpers/extensions/env.ts b/test/helpers/extensions/env.ts new file mode 100644 index 00000000000..bc48bfd3d10 --- /dev/null +++ b/test/helpers/extensions/env.ts @@ -0,0 +1 @@ +export { captureEnv, withEnv, withEnvAsync } from "../../../src/test-utils/env.js"; diff --git a/test/helpers/extensions/fetch-mock.ts b/test/helpers/extensions/fetch-mock.ts new file mode 100644 index 00000000000..e1774b46463 --- /dev/null +++ b/test/helpers/extensions/fetch-mock.ts @@ -0,0 +1 @@ +export { withFetchPreconnect, type FetchMock } from "../../../src/test-utils/fetch-mock.js"; diff --git a/test/helpers/extensions/frozen-time.ts b/test/helpers/extensions/frozen-time.ts new file mode 100644 index 00000000000..69f188f09ca --- /dev/null +++ b/test/helpers/extensions/frozen-time.ts @@ -0,0 +1 @@ +export { useFrozenTime, useRealTime } from "../../../src/test-utils/frozen-time.js"; diff --git a/test/helpers/extensions/mock-http-response.ts b/test/helpers/extensions/mock-http-response.ts new file mode 100644 index 00000000000..3bbed0372a8 --- /dev/null +++ b/test/helpers/extensions/mock-http-response.ts @@ -0,0 +1 @@ +export { createMockServerResponse } from "../../../src/test-utils/mock-http-response.js"; diff --git a/extensions/test-utils/plugin-api.ts b/test/helpers/extensions/plugin-api.ts similarity index 75% rename from extensions/test-utils/plugin-api.ts rename to test/helpers/extensions/plugin-api.ts index 5c621700602..ee1e97178a8 100644 --- a/extensions/test-utils/plugin-api.ts +++ b/test/helpers/extensions/plugin-api.ts @@ -1,4 +1,4 @@ -import type { OpenClawPluginApi } from "../../src/plugins/types.js"; +import type { OpenClawPluginApi } from "openclaw/plugin-sdk/plugin-runtime"; type TestPluginApiInput = Partial & Pick; @@ -15,8 +15,12 @@ export function createTestPluginApi(api: TestPluginApiInput): OpenClawPluginApi registerCli() {}, registerService() {}, registerProvider() {}, + registerSpeechProvider() {}, + registerMediaUnderstandingProvider() {}, + registerImageGenerationProvider() {}, registerWebSearchProvider() {}, registerInteractiveHandler() {}, + onConversationBindingResolved() {}, registerCommand() {}, registerContextEngine() {}, resolvePath(input: string) { diff --git a/test/helpers/extensions/plugin-command.ts b/test/helpers/extensions/plugin-command.ts new file mode 100644 index 00000000000..3b6f3aad50f --- /dev/null +++ b/test/helpers/extensions/plugin-command.ts @@ -0,0 +1 @@ +export type { OpenClawPluginCommandDefinition } from "openclaw/plugin-sdk/core"; diff --git a/test/helpers/extensions/plugin-registration.ts b/test/helpers/extensions/plugin-registration.ts new file mode 100644 index 00000000000..bd20510800e --- /dev/null +++ b/test/helpers/extensions/plugin-registration.ts @@ -0,0 +1 @@ +export { registerSingleProviderPlugin } from "../../../src/test-utils/plugin-registration.js"; diff --git a/extensions/test-utils/plugin-runtime-mock.ts b/test/helpers/extensions/plugin-runtime-mock.ts similarity index 79% rename from extensions/test-utils/plugin-runtime-mock.ts rename to test/helpers/extensions/plugin-runtime-mock.ts index 81e3fdedeec..d71eeb2d584 100644 --- a/extensions/test-utils/plugin-runtime-mock.ts +++ b/test/helpers/extensions/plugin-runtime-mock.ts @@ -1,5 +1,6 @@ -import type { PluginRuntime } from "openclaw/plugin-sdk/test-utils"; -import { removeAckReactionAfterReply, shouldAckReaction } from "openclaw/plugin-sdk/test-utils"; +import { DEFAULT_MODEL, DEFAULT_PROVIDER } from "openclaw/plugin-sdk/agent-runtime"; +import type { PluginRuntime } from "openclaw/plugin-sdk/testing"; +import { removeAckReactionAfterReply, shouldAckReaction } from "openclaw/plugin-sdk/testing"; import { vi } from "vitest"; type DeepPartial = { @@ -39,6 +40,50 @@ export function createPluginRuntimeMock(overrides: DeepPartial = loadConfig: vi.fn(() => ({})) as unknown as PluginRuntime["config"]["loadConfig"], writeConfigFile: vi.fn() as unknown as PluginRuntime["config"]["writeConfigFile"], }, + agent: { + defaults: { + model: DEFAULT_MODEL, + provider: DEFAULT_PROVIDER, + }, + resolveAgentDir: vi.fn( + () => "/tmp/agent", + ) as unknown as PluginRuntime["agent"]["resolveAgentDir"], + resolveAgentWorkspaceDir: vi.fn( + () => "/tmp/workspace", + ) as unknown as PluginRuntime["agent"]["resolveAgentWorkspaceDir"], + resolveAgentIdentity: vi.fn(() => ({ + name: "test-agent", + })) as unknown as PluginRuntime["agent"]["resolveAgentIdentity"], + resolveThinkingDefault: vi.fn( + () => "off", + ) as unknown as PluginRuntime["agent"]["resolveThinkingDefault"], + runEmbeddedPiAgent: vi.fn().mockResolvedValue({ + payloads: [], + meta: {}, + }) as unknown as PluginRuntime["agent"]["runEmbeddedPiAgent"], + resolveAgentTimeoutMs: vi.fn( + () => 30_000, + ) as unknown as PluginRuntime["agent"]["resolveAgentTimeoutMs"], + ensureAgentWorkspace: vi + .fn() + .mockResolvedValue(undefined) as unknown as PluginRuntime["agent"]["ensureAgentWorkspace"], + session: { + resolveStorePath: vi.fn( + () => "/tmp/agent-sessions.json", + ) as unknown as PluginRuntime["agent"]["session"]["resolveStorePath"], + loadSessionStore: vi.fn( + () => ({}), + ) as unknown as PluginRuntime["agent"]["session"]["loadSessionStore"], + saveSessionStore: vi + .fn() + .mockResolvedValue( + undefined, + ) as unknown as PluginRuntime["agent"]["session"]["saveSessionStore"], + resolveSessionFilePath: vi.fn( + (sessionId: string) => `/tmp/${sessionId}.json`, + ) as unknown as PluginRuntime["agent"]["session"]["resolveSessionFilePath"], + }, + }, system: { enqueueSystemEvent: vi.fn() as unknown as PluginRuntime["system"]["enqueueSystemEvent"], requestHeartbeatNow: vi.fn() as unknown as PluginRuntime["system"]["requestHeartbeatNow"], @@ -57,7 +102,28 @@ export function createPluginRuntimeMock(overrides: DeepPartial = resizeToJpeg: vi.fn() as unknown as PluginRuntime["media"]["resizeToJpeg"], }, tts: { + textToSpeech: vi.fn() as unknown as PluginRuntime["tts"]["textToSpeech"], textToSpeechTelephony: vi.fn() as unknown as PluginRuntime["tts"]["textToSpeechTelephony"], + listVoices: vi.fn() as unknown as PluginRuntime["tts"]["listVoices"], + }, + mediaUnderstanding: { + runFile: vi.fn() as unknown as PluginRuntime["mediaUnderstanding"]["runFile"], + describeImageFile: + vi.fn() as unknown as PluginRuntime["mediaUnderstanding"]["describeImageFile"], + describeImageFileWithModel: + vi.fn() as unknown as PluginRuntime["mediaUnderstanding"]["describeImageFileWithModel"], + describeVideoFile: + vi.fn() as unknown as PluginRuntime["mediaUnderstanding"]["describeVideoFile"], + transcribeAudioFile: + vi.fn() as unknown as PluginRuntime["mediaUnderstanding"]["transcribeAudioFile"], + }, + imageGeneration: { + generate: vi.fn() as unknown as PluginRuntime["imageGeneration"]["generate"], + listProviders: vi.fn() as unknown as PluginRuntime["imageGeneration"]["listProviders"], + }, + webSearch: { + listProviders: vi.fn() as unknown as PluginRuntime["webSearch"]["listProviders"], + search: vi.fn() as unknown as PluginRuntime["webSearch"]["search"], }, stt: { transcribeAudioFile: vi.fn() as unknown as PluginRuntime["stt"]["transcribeAudioFile"], diff --git a/test/helpers/extensions/provider-usage-fetch.ts b/test/helpers/extensions/provider-usage-fetch.ts new file mode 100644 index 00000000000..fe54174732e --- /dev/null +++ b/test/helpers/extensions/provider-usage-fetch.ts @@ -0,0 +1,4 @@ +export { + createProviderUsageFetch, + makeResponse, +} from "../../../src/test-utils/provider-usage-fetch.js"; diff --git a/extensions/test-utils/runtime-env.ts b/test/helpers/extensions/runtime-env.ts similarity index 77% rename from extensions/test-utils/runtime-env.ts rename to test/helpers/extensions/runtime-env.ts index a5e52665b0e..b197619e43e 100644 --- a/extensions/test-utils/runtime-env.ts +++ b/test/helpers/extensions/runtime-env.ts @@ -1,4 +1,4 @@ -import type { RuntimeEnv } from "openclaw/plugin-sdk/test-utils"; +import type { RuntimeEnv } from "openclaw/plugin-sdk/testing"; import { vi } from "vitest"; export function createRuntimeEnv(): RuntimeEnv { diff --git a/extensions/test-utils/send-config.ts b/test/helpers/extensions/send-config.ts similarity index 100% rename from extensions/test-utils/send-config.ts rename to test/helpers/extensions/send-config.ts diff --git a/test/helpers/extensions/setup-wizard.ts b/test/helpers/extensions/setup-wizard.ts new file mode 100644 index 00000000000..109394ee886 --- /dev/null +++ b/test/helpers/extensions/setup-wizard.ts @@ -0,0 +1,28 @@ +import { vi } from "vitest"; +import type { WizardPrompter } from "../../../src/wizard/prompts.js"; + +export type { WizardPrompter } from "../../../src/wizard/prompts.js"; + +export async function selectFirstWizardOption(params: { + options: Array<{ value: T }>; +}): Promise { + const first = params.options[0]; + if (!first) { + throw new Error("no options"); + } + return first.value; +} + +export function createTestWizardPrompter(overrides: Partial = {}): WizardPrompter { + return { + intro: vi.fn(async () => {}), + outro: vi.fn(async () => {}), + note: vi.fn(async () => {}), + select: selectFirstWizardOption as WizardPrompter["select"], + multiselect: vi.fn(async () => []), + text: vi.fn(async () => "") as WizardPrompter["text"], + confirm: vi.fn(async () => false), + progress: vi.fn(() => ({ update: vi.fn(), stop: vi.fn() })), + ...overrides, + }; +} diff --git a/extensions/test-utils/start-account-context.ts b/test/helpers/extensions/start-account-context.ts similarity index 95% rename from extensions/test-utils/start-account-context.ts rename to test/helpers/extensions/start-account-context.ts index a878b3dbfd9..56a66a9ca56 100644 --- a/extensions/test-utils/start-account-context.ts +++ b/test/helpers/extensions/start-account-context.ts @@ -2,7 +2,7 @@ import type { ChannelAccountSnapshot, ChannelGatewayContext, OpenClawConfig, -} from "openclaw/plugin-sdk/test-utils"; +} from "openclaw/plugin-sdk/testing"; import { vi } from "vitest"; import { createRuntimeEnv } from "./runtime-env.js"; diff --git a/extensions/test-utils/start-account-lifecycle.ts b/test/helpers/extensions/start-account-lifecycle.ts similarity index 98% rename from extensions/test-utils/start-account-lifecycle.ts rename to test/helpers/extensions/start-account-lifecycle.ts index 6ce1c734736..ea76fe857d5 100644 --- a/extensions/test-utils/start-account-lifecycle.ts +++ b/test/helpers/extensions/start-account-lifecycle.ts @@ -1,4 +1,4 @@ -import type { ChannelAccountSnapshot, ChannelGatewayContext } from "openclaw/plugin-sdk/test-utils"; +import type { ChannelAccountSnapshot, ChannelGatewayContext } from "openclaw/plugin-sdk/testing"; import { expect, vi } from "vitest"; import { createStartAccountContext } from "./start-account-context.js"; diff --git a/extensions/test-utils/status-issues.ts b/test/helpers/extensions/status-issues.ts similarity index 100% rename from extensions/test-utils/status-issues.ts rename to test/helpers/extensions/status-issues.ts diff --git a/test/helpers/extensions/subagent-hooks.ts b/test/helpers/extensions/subagent-hooks.ts new file mode 100644 index 00000000000..2cd80fc5a35 --- /dev/null +++ b/test/helpers/extensions/subagent-hooks.ts @@ -0,0 +1,25 @@ +export function registerHookHandlersForTest(params: { + config: Record; + register: (api: TApi) => void; +}) { + const handlers = new Map unknown>(); + const api = { + config: params.config, + on: (hookName: string, handler: (event: unknown, ctx: unknown) => unknown) => { + handlers.set(hookName, handler); + }, + } as TApi; + params.register(api); + return handlers; +} + +export function getRequiredHookHandler( + handlers: Map unknown>, + hookName: string, +): (event: unknown, ctx: unknown) => unknown { + const handler = handlers.get(hookName); + if (!handler) { + throw new Error(`expected ${hookName} hook handler`); + } + return handler; +} diff --git a/test/helpers/extensions/telegram-plugin-command.ts b/test/helpers/extensions/telegram-plugin-command.ts new file mode 100644 index 00000000000..dec0046de1f --- /dev/null +++ b/test/helpers/extensions/telegram-plugin-command.ts @@ -0,0 +1,22 @@ +import { vi } from "vitest"; + +export const pluginCommandMocks = { + getPluginCommandSpecs: vi.fn(() => []), + matchPluginCommand: vi.fn(() => null), + executePluginCommand: vi.fn(async () => ({ text: "ok" })), +}; + +vi.mock("openclaw/plugin-sdk/plugin-runtime", () => ({ + getPluginCommandSpecs: pluginCommandMocks.getPluginCommandSpecs, + matchPluginCommand: pluginCommandMocks.matchPluginCommand, + executePluginCommand: pluginCommandMocks.executePluginCommand, +})); + +export function resetPluginCommandMocks() { + pluginCommandMocks.getPluginCommandSpecs.mockClear(); + pluginCommandMocks.getPluginCommandSpecs.mockReturnValue([]); + pluginCommandMocks.matchPluginCommand.mockClear(); + pluginCommandMocks.matchPluginCommand.mockReturnValue(null); + pluginCommandMocks.executePluginCommand.mockClear(); + pluginCommandMocks.executePluginCommand.mockResolvedValue({ text: "ok" }); +} diff --git a/test/helpers/extensions/temp-dir.ts b/test/helpers/extensions/temp-dir.ts new file mode 100644 index 00000000000..08ec26218ec --- /dev/null +++ b/test/helpers/extensions/temp-dir.ts @@ -0,0 +1 @@ +export { withTempDir } from "../../../src/test-utils/temp-dir.js"; diff --git a/test/helpers/extensions/typed-cases.ts b/test/helpers/extensions/typed-cases.ts new file mode 100644 index 00000000000..45be30b08c3 --- /dev/null +++ b/test/helpers/extensions/typed-cases.ts @@ -0,0 +1 @@ +export { typedCases } from "../../../src/test-utils/typed-cases.js"; diff --git a/test/helpers/inbound-contract-capture.ts b/test/helpers/inbound-contract-capture.ts deleted file mode 100644 index ccc61d010f5..00000000000 --- a/test/helpers/inbound-contract-capture.ts +++ /dev/null @@ -1,20 +0,0 @@ -import type { MsgContext } from "../../src/auto-reply/templating.js"; -import { buildDispatchInboundCaptureMock } from "./dispatch-inbound-capture.js"; - -export type InboundContextCapture = { - ctx: MsgContext | undefined; -}; - -export function createInboundContextCapture(): InboundContextCapture { - return { ctx: undefined }; -} - -export async function buildDispatchInboundContextCapture( - importOriginal: >() => Promise, - capture: InboundContextCapture, -) { - const actual = await importOriginal(); - return buildDispatchInboundCaptureMock(actual, (ctx) => { - capture.ctx = ctx as MsgContext; - }); -} diff --git a/test/helpers/inbound-contract-dispatch-mock.ts b/test/helpers/inbound-contract-dispatch-mock.ts deleted file mode 100644 index 6193ae245c1..00000000000 --- a/test/helpers/inbound-contract-dispatch-mock.ts +++ /dev/null @@ -1,9 +0,0 @@ -import { vi } from "vitest"; -import { createInboundContextCapture } from "./inbound-contract-capture.js"; -import { buildDispatchInboundContextCapture } from "./inbound-contract-capture.js"; - -export const inboundCtxCapture = createInboundContextCapture(); - -vi.mock("../../src/auto-reply/dispatch.js", async (importOriginal) => { - return await buildDispatchInboundContextCapture(importOriginal, inboundCtxCapture); -}); diff --git a/test/openclaw-launcher.e2e.test.ts b/test/openclaw-launcher.e2e.test.ts new file mode 100644 index 00000000000..ab9400da5db --- /dev/null +++ b/test/openclaw-launcher.e2e.test.ts @@ -0,0 +1,58 @@ +import { spawnSync } from "node:child_process"; +import fs from "node:fs/promises"; +import os from "node:os"; +import path from "node:path"; +import { afterEach, describe, expect, it } from "vitest"; + +async function makeLauncherFixture(fixtureRoots: string[]): Promise { + const fixtureRoot = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-launcher-")); + fixtureRoots.push(fixtureRoot); + await fs.copyFile( + path.resolve(process.cwd(), "openclaw.mjs"), + path.join(fixtureRoot, "openclaw.mjs"), + ); + await fs.mkdir(path.join(fixtureRoot, "dist"), { recursive: true }); + return fixtureRoot; +} + +describe("openclaw launcher", () => { + const fixtureRoots: string[] = []; + + afterEach(async () => { + await Promise.all( + fixtureRoots.splice(0).map(async (fixtureRoot) => { + await fs.rm(fixtureRoot, { recursive: true, force: true }); + }), + ); + }); + + it("surfaces transitive entry import failures instead of masking them as missing dist", async () => { + const fixtureRoot = await makeLauncherFixture(fixtureRoots); + await fs.writeFile( + path.join(fixtureRoot, "dist", "entry.js"), + 'import "missing-openclaw-launcher-dep";\nexport {};\n', + "utf8", + ); + + const result = spawnSync(process.execPath, [path.join(fixtureRoot, "openclaw.mjs"), "--help"], { + cwd: fixtureRoot, + encoding: "utf8", + }); + + expect(result.status).not.toBe(0); + expect(result.stderr).toContain("missing-openclaw-launcher-dep"); + expect(result.stderr).not.toContain("missing dist/entry.(m)js"); + }); + + it("keeps the friendly launcher error for a truly missing entry build output", async () => { + const fixtureRoot = await makeLauncherFixture(fixtureRoots); + + const result = spawnSync(process.execPath, [path.join(fixtureRoot, "openclaw.mjs"), "--help"], { + cwd: fixtureRoot, + encoding: "utf8", + }); + + expect(result.status).not.toBe(0); + expect(result.stderr).toContain("missing dist/entry.(m)js"); + }); +}); diff --git a/test/scripts/test-extension.test.ts b/test/scripts/test-extension.test.ts index 63561cb5151..8919130c19a 100644 --- a/test/scripts/test-extension.test.ts +++ b/test/scripts/test-extension.test.ts @@ -3,6 +3,7 @@ import path from "node:path"; import { describe, expect, it } from "vitest"; import { detectChangedExtensionIds, + listAvailableExtensionIds, resolveExtensionTestPlan, } from "../../scripts/test-extension.mjs"; @@ -61,4 +62,14 @@ describe("scripts/test-extension.mjs", () => { expect(extensionIds).toEqual(["firecrawl", "line", "slack"]); }); + + it("lists available extension ids", () => { + const extensionIds = listAvailableExtensionIds(); + + expect(extensionIds).toContain("slack"); + expect(extensionIds).toContain("firecrawl"); + expect(extensionIds).toEqual( + [...extensionIds].toSorted((left, right) => left.localeCompare(right)), + ); + }); }); diff --git a/tsconfig.json b/tsconfig.json index e2f9e4ff97e..bc6439e921f 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -18,7 +18,6 @@ "target": "es2023", "useDefineForClassFields": false, "paths": { - "openclaw/extension-api": ["./src/extensionAPI.ts"], "openclaw/plugin-sdk": ["./src/plugin-sdk/index.ts"], "openclaw/plugin-sdk/*": ["./src/plugin-sdk/*.ts"], "openclaw/plugin-sdk/account-id": ["./src/plugin-sdk/account-id.ts"] diff --git a/tsdown.config.ts b/tsdown.config.ts index c577b1cc1e8..966e12afc10 100644 --- a/tsdown.config.ts +++ b/tsdown.config.ts @@ -1,13 +1,30 @@ import fs from "node:fs"; import path from "node:path"; -import { defineConfig } from "tsdown"; +import { defineConfig, type UserConfig } from "tsdown"; import { buildPluginSdkEntrySources } from "./scripts/lib/plugin-sdk-entries.mjs"; +type InputOptionsFactory = Extract, Function>; +type InputOptionsArg = InputOptionsFactory extends ( + options: infer Options, + format: infer _Format, + context: infer _Context, +) => infer _Return + ? Options + : never; +type InputOptionsReturn = InputOptionsFactory extends ( + options: infer _Options, + format: infer _Format, + context: infer _Context, +) => infer Return + ? Return + : never; +type OnLogFunction = InputOptionsArg extends { onLog?: infer OnLog } ? NonNullable : never; + const env = { NODE_ENV: "production", }; -function buildInputOptions(options: { onLog?: unknown; [key: string]: unknown }) { +function buildInputOptions(options: InputOptionsArg): InputOptionsReturn { if (process.env.OPENCLAW_BUILD_VERBOSE === "1") { return undefined; } @@ -32,11 +49,8 @@ function buildInputOptions(options: { onLog?: unknown; [key: string]: unknown }) return { ...options, - onLog( - level: string, - log: { code?: string; message?: string; id?: string; importer?: string }, - defaultHandler: (level: string, log: { code?: string }) => void, - ) { + onLog(...args: Parameters) { + const [level, log, defaultHandler] = args; if (isSuppressedLog(log)) { return; } @@ -49,7 +63,7 @@ function buildInputOptions(options: { onLog?: unknown; [key: string]: unknown }) }; } -function nodeBuildConfig(config: Record) { +function nodeBuildConfig(config: UserConfig): UserConfig { return { ...config, env, @@ -112,6 +126,33 @@ function listBundledPluginBuildEntries(): Record { const bundledPluginBuildEntries = listBundledPluginBuildEntries(); +function buildBundledHookEntries(): Record { + const hooksRoot = path.join(process.cwd(), "src", "hooks", "bundled"); + const entries: Record = {}; + + if (!fs.existsSync(hooksRoot)) { + return entries; + } + + for (const dirent of fs.readdirSync(hooksRoot, { withFileTypes: true })) { + if (!dirent.isDirectory()) { + continue; + } + + const hookName = dirent.name; + const handlerPath = path.join(hooksRoot, hookName, "handler.ts"); + if (!fs.existsSync(handlerPath)) { + continue; + } + + entries[`bundled/${hookName}/handler`] = handlerPath; + } + + return entries; +} + +const bundledHookEntries = buildBundledHookEntries(); + function buildCoreDistEntries(): Record { return { index: "src/index.ts", @@ -119,7 +160,6 @@ function buildCoreDistEntries(): Record { // Ensure this module is bundled as an entry so legacy CLI shims can resolve its exports. "cli/daemon-cli": "src/cli/daemon-cli.ts", "infra/warning-filter": "src/infra/warning-filter.ts", - extensionAPI: "src/extensionAPI.ts", // Keep sync lazy-runtime channel modules as concrete dist files. "channels/plugins/agent-tools/whatsapp-login": "src/channels/plugins/agent-tools/whatsapp-login.ts", @@ -131,33 +171,34 @@ function buildCoreDistEntries(): Record { "line/accounts": "src/line/accounts.ts", "line/send": "src/line/send.ts", "line/template-messages": "src/line/template-messages.ts", + "plugins/runtime/index": "src/plugins/runtime/index.ts", + "llm-slug-generator": "src/hooks/llm-slug-generator.ts", }; } const coreDistEntries = buildCoreDistEntries(); +function buildUnifiedDistEntries(): Record { + return { + ...coreDistEntries, + ...Object.fromEntries( + Object.entries(buildPluginSdkEntrySources()).map(([entry, source]) => [ + `plugin-sdk/${entry}`, + source, + ]), + ), + ...bundledPluginBuildEntries, + ...bundledHookEntries, + }; +} + export default defineConfig([ nodeBuildConfig({ - // Build the root dist entrypoints together so they can share hashed chunks - // instead of emitting near-identical copies across separate builds. - entry: coreDistEntries, - }), - nodeBuildConfig({ - // Bundle all plugin-sdk entries in a single build so the bundler can share - // common chunks instead of duplicating them per entry (~712MB heap saved). - entry: buildPluginSdkEntrySources(), - outDir: "dist/plugin-sdk", - }), - nodeBuildConfig({ - // Bundle bundled plugin entrypoints so built gateway startup can load JS - // directly from dist/extensions instead of transpiling extensions/*.ts via Jiti. - entry: bundledPluginBuildEntries, - outDir: "dist", + // Build core entrypoints, plugin-sdk subpaths, bundled plugin entrypoints, + // and bundled hooks in one graph so runtime singletons are emitted once. + entry: buildUnifiedDistEntries(), deps: { neverBundle: ["@lancedb/lancedb"], }, }), - nodeBuildConfig({ - entry: ["src/hooks/bundled/*/handler.ts", "src/hooks/llm-slug-generator.ts"], - }), ]); diff --git a/ui/src/ui/app-chat.ts b/ui/src/ui/app-chat.ts index ec5f7300000..dc8eaf39be6 100644 --- a/ui/src/ui/app-chat.ts +++ b/ui/src/ui/app-chat.ts @@ -1,5 +1,5 @@ import { parseAgentSessionKey } from "../../../src/sessions/session-key-utils.js"; -import { scheduleChatScroll } from "./app-scroll.ts"; +import { scheduleChatScroll, resetChatScroll } from "./app-scroll.ts"; import { setLastActiveSessionKey } from "./app-settings.ts"; import { resetToolStream } from "./app-tool-stream.ts"; import type { OpenClawApp } from "./app.ts"; @@ -121,6 +121,8 @@ async function sendChatMessageNow( }, ) { resetToolStream(host as unknown as Parameters[0]); + // Reset scroll state before sending to ensure auto-scroll works for the response + resetChatScroll(host as unknown as Parameters[0]); const runId = await sendChatMessage(host as unknown as OpenClawApp, message, opts?.attachments); const ok = Boolean(runId); if (!ok && opts?.previousDraft != null) { @@ -141,7 +143,8 @@ async function sendChatMessageNow( if (ok && opts?.restoreAttachments && opts.previousAttachments?.length) { host.chatAttachments = opts.previousAttachments; } - scheduleChatScroll(host as unknown as Parameters[0]); + // Force scroll after sending to ensure viewport is at bottom for incoming stream + scheduleChatScroll(host as unknown as Parameters[0], true); if (ok && !host.chatRunId) { void flushChatQueue(host); } diff --git a/ui/src/ui/app-lifecycle.ts b/ui/src/ui/app-lifecycle.ts index 28fb5271ecc..ae816a0bdb9 100644 --- a/ui/src/ui/app-lifecycle.ts +++ b/ui/src/ui/app-lifecycle.ts @@ -34,7 +34,7 @@ type LifecycleHost = { chatLoading: boolean; chatMessages: unknown[]; chatToolMessages: unknown[]; - chatStream: string; + chatStream: string | null; logsAutoFollow: boolean; logsAtBottom: boolean; logsEntries: unknown[]; @@ -99,9 +99,15 @@ export function handleUpdated(host: LifecycleHost, changed: Map[0], - forcedByTab || forcedByLoad || !host.chatHasAutoScrolled, + forcedByTab || forcedByLoad || streamJustStarted || !host.chatHasAutoScrolled, ); } if ( diff --git a/ui/src/ui/app-settings.test.ts b/ui/src/ui/app-settings.test.ts index fd02f7673e9..b037d32c64c 100644 --- a/ui/src/ui/app-settings.test.ts +++ b/ui/src/ui/app-settings.test.ts @@ -89,6 +89,49 @@ function createStorageMock(): Storage { }; } +function setTestWindowUrl(urlString: string) { + const current = new URL(urlString); + const history = { + replaceState: vi.fn((_state: unknown, _title: string, nextUrl: string | URL) => { + const next = new URL(String(nextUrl), current.toString()); + current.href = next.toString(); + current.protocol = next.protocol; + current.host = next.host; + current.pathname = next.pathname; + current.search = next.search; + current.hash = next.hash; + }), + }; + const locationLike = { + get href() { + return current.toString(); + }, + get protocol() { + return current.protocol; + }, + get host() { + return current.host; + }, + get pathname() { + return current.pathname; + }, + get search() { + return current.search; + }, + get hash() { + return current.hash; + }, + }; + vi.stubGlobal("window", { + location: locationLike, + history, + setInterval, + clearInterval, + } as unknown as Window & typeof globalThis); + vi.stubGlobal("location", locationLike as Location); + return { history, location: locationLike }; +} + const createHost = (tab: Tab): SettingsHost => ({ settings: { gatewayUrl: "", @@ -233,15 +276,44 @@ describe("setTabFromRoute", () => { describe("applySettingsFromUrl", () => { beforeEach(() => { vi.stubGlobal("localStorage", createStorageMock()); + vi.stubGlobal("sessionStorage", createStorageMock()); vi.stubGlobal("navigator", { language: "en-US" } as Navigator); + setTestWindowUrl("https://control.example/ui/overview"); }); afterEach(() => { + vi.restoreAllMocks(); vi.unstubAllGlobals(); - window.history.replaceState({}, "", "/chat"); + }); + + it("hydrates query token params and strips them from the URL", () => { + setTestWindowUrl("https://control.example/ui/overview?token=abc123"); + const host = createHost("overview"); + host.settings.gatewayUrl = "wss://control.example/openclaw"; + + applySettingsFromUrl(host); + + expect(host.settings.token).toBe("abc123"); + expect(window.location.search).toBe(""); + }); + + it("keeps query token params pending when a gatewayUrl confirmation is required", () => { + setTestWindowUrl( + "https://control.example/ui/overview?gatewayUrl=wss://other-gateway.example/openclaw&token=abc123", + ); + const host = createHost("overview"); + host.settings.gatewayUrl = "wss://control.example/openclaw"; + + applySettingsFromUrl(host); + + expect(host.settings.token).toBe(""); + expect(host.pendingGatewayUrl).toBe("wss://other-gateway.example/openclaw"); + expect(host.pendingGatewayToken).toBe("abc123"); + expect(window.location.search).toBe(""); }); it("resets stale persisted session selection to main when a token is supplied without a session", () => { + setTestWindowUrl("https://control.example/chat#token=test-token"); const host = createHost("chat"); host.settings = { ...host.settings, @@ -252,8 +324,6 @@ describe("applySettingsFromUrl", () => { }; host.sessionKey = "agent:test_old:main"; - window.history.replaceState({}, "", "/chat#token=test-token"); - applySettingsFromUrl(host); expect(host.sessionKey).toBe("main"); @@ -262,6 +332,9 @@ describe("applySettingsFromUrl", () => { }); it("preserves an explicit session from the URL when token and session are both supplied", () => { + setTestWindowUrl( + "https://control.example/chat?session=agent%3Atest_new%3Amain#token=test-token", + ); const host = createHost("chat"); host.settings = { ...host.settings, @@ -272,8 +345,6 @@ describe("applySettingsFromUrl", () => { }; host.sessionKey = "agent:test_old:main"; - window.history.replaceState({}, "", "/chat?session=agent%3Atest_new%3Amain#token=test-token"); - applySettingsFromUrl(host); expect(host.sessionKey).toBe("agent:test_new:main"); @@ -282,6 +353,9 @@ describe("applySettingsFromUrl", () => { }); it("does not reset the current gateway session when a different gateway is pending confirmation", () => { + setTestWindowUrl( + "https://control.example/chat?gatewayUrl=ws%3A%2F%2Fgateway-b.example%3A18789#token=test-token", + ); const host = createHost("chat"); host.settings = { ...host.settings, @@ -292,12 +366,6 @@ describe("applySettingsFromUrl", () => { }; host.sessionKey = "agent:test_old:main"; - window.history.replaceState( - {}, - "", - "/chat?gatewayUrl=ws%3A%2F%2Fgateway-b.example%3A18789#token=test-token", - ); - applySettingsFromUrl(host); expect(host.sessionKey).toBe("agent:test_old:main"); diff --git a/ui/src/ui/app-settings.ts b/ui/src/ui/app-settings.ts index 2a9c2685589..bd924915b76 100644 --- a/ui/src/ui/app-settings.ts +++ b/ui/src/ui/app-settings.ts @@ -97,7 +97,7 @@ export function applySettingsFromUrl(host: SettingsHost) { const gatewayUrlRaw = params.get("gatewayUrl") ?? hashParams.get("gatewayUrl"); const nextGatewayUrl = gatewayUrlRaw?.trim() ?? ""; const gatewayUrlChanged = Boolean(nextGatewayUrl && nextGatewayUrl !== host.settings.gatewayUrl); - const tokenRaw = hashParams.get("token"); + const tokenRaw = hashParams.get("token") ?? params.get("token"); const passwordRaw = params.get("password") ?? hashParams.get("password"); const sessionRaw = params.get("session") ?? hashParams.get("session"); const shouldResetSessionForToken = Boolean( diff --git a/ui/src/ui/navigation.browser.test.ts b/ui/src/ui/navigation.browser.test.ts index 5251eda790c..3407288c03d 100644 --- a/ui/src/ui/navigation.browser.test.ts +++ b/ui/src/ui/navigation.browser.test.ts @@ -315,11 +315,11 @@ describe("control UI routing", () => { expect(container.scrollTop).toBe(maxScroll); }); - it("strips query token params without importing them", async () => { + it("hydrates token from query params and strips them", async () => { const app = mountApp("/ui/overview?token=abc123"); await app.updateComplete; - expect(app.settings.token).toBe(""); + expect(app.settings.token).toBe("abc123"); expect(JSON.parse(localStorage.getItem("openclaw.control.settings.v1") ?? "{}").token).toBe( undefined, ); @@ -405,6 +405,28 @@ describe("control UI routing", () => { expect(window.location.hash).toBe(""); }); + it("keeps a query token pending until the gateway URL change is confirmed", async () => { + const app = mountApp( + "/ui/overview?gatewayUrl=wss://other-gateway.example/openclaw&token=abc123", + ); + await app.updateComplete; + + expect(app.settings.gatewayUrl).not.toBe("wss://other-gateway.example/openclaw"); + expect(app.settings.token).toBe(""); + + const confirmButton = Array.from(app.querySelectorAll("button")).find( + (button) => button.textContent?.trim() === "Confirm", + ); + expect(confirmButton).not.toBeUndefined(); + confirmButton?.dispatchEvent(new MouseEvent("click", { bubbles: true, cancelable: true })); + await app.updateComplete; + + expect(app.settings.gatewayUrl).toBe("wss://other-gateway.example/openclaw"); + expect(app.settings.token).toBe("abc123"); + expect(window.location.search).toBe(""); + expect(window.location.hash).toBe(""); + }); + it("restores the token after a same-tab refresh", async () => { const first = mountApp("/ui/overview#token=abc123"); await first.updateComplete; diff --git a/ui/src/ui/views/chat.test.ts b/ui/src/ui/views/chat.test.ts index 68e4a3afe01..5e02b2649e2 100644 --- a/ui/src/ui/views/chat.test.ts +++ b/ui/src/ui/views/chat.test.ts @@ -2,6 +2,7 @@ import { render } from "lit"; import { describe, expect, it, vi } from "vitest"; +import { i18n } from "../../i18n/index.ts"; import { getSafeLocalStorage } from "../../local-storage.ts"; import { renderChatSessionSelect } from "../app-render.helpers.ts"; import type { AppViewState } from "../app-view-state.ts"; @@ -9,6 +10,7 @@ import type { GatewayBrowserClient } from "../gateway.ts"; import type { ModelCatalogEntry } from "../types.ts"; import type { SessionsListResult } from "../types.ts"; import { renderChat, type ChatProps } from "./chat.ts"; +import { renderOverview, type OverviewProps } from "./overview.ts"; function createSessions(): SessionsListResult { return { @@ -195,6 +197,57 @@ function createProps(overrides: Partial = {}): ChatProps { }; } +function createOverviewProps(overrides: Partial = {}): OverviewProps { + return { + connected: false, + hello: null, + settings: { + gatewayUrl: "", + token: "", + sessionKey: "main", + lastActiveSessionKey: "main", + theme: "claw", + themeMode: "system", + chatFocusMode: false, + chatShowThinking: true, + chatShowToolCalls: true, + splitRatio: 0.6, + navCollapsed: false, + navWidth: 220, + navGroupsCollapsed: {}, + locale: "en", + }, + password: "", + lastError: null, + lastErrorCode: null, + presenceCount: 0, + sessionsCount: null, + cronEnabled: null, + cronNext: null, + lastChannelsRefresh: null, + usageResult: null, + sessionsResult: null, + skillsReport: null, + cronJobs: [], + cronStatus: null, + attentionItems: [], + eventLog: [], + overviewLogLines: [], + showGatewayToken: false, + showGatewayPassword: false, + onSettingsChange: () => undefined, + onPasswordChange: () => undefined, + onSessionKeyChange: () => undefined, + onToggleGatewayTokenVisibility: () => undefined, + onToggleGatewayPasswordVisibility: () => undefined, + onConnect: () => undefined, + onRefresh: () => undefined, + onNavigate: () => undefined, + onRefreshLogs: () => undefined, + ...overrides, + }; +} + describe("chat view", () => { it("uses the assistant avatar URL for the welcome state when the identity avatar is only initials", () => { const container = document.createElement("div"); @@ -285,6 +338,41 @@ describe("chat view", () => { expect(groupedLogo?.getAttribute("src")).toBe("/openclaw/favicon.svg"); }); + it("keeps the persisted overview locale selected before i18n hydration finishes", async () => { + const container = document.createElement("div"); + const props = createOverviewProps({ + settings: { + ...createOverviewProps().settings, + locale: "zh-CN", + }, + }); + + try { + localStorage.clear(); + } catch { + /* noop */ + } + await i18n.setLocale("en"); + + render(renderOverview(props), container); + await Promise.resolve(); + + let select = container.querySelector("select"); + expect(i18n.getLocale()).toBe("en"); + expect(select?.value).toBe("zh-CN"); + expect(select?.selectedOptions[0]?.textContent?.trim()).toBe("简体中文 (Simplified Chinese)"); + + await i18n.setLocale("zh-CN"); + render(renderOverview(props), container); + await Promise.resolve(); + + select = container.querySelector("select"); + expect(select?.value).toBe("zh-CN"); + expect(select?.selectedOptions[0]?.textContent?.trim()).toBe("简体中文 (简体中文)"); + + await i18n.setLocale("en"); + }); + it("renders compacting indicator as a badge", () => { const container = document.createElement("div"); render( diff --git a/ui/src/ui/views/overview.ts b/ui/src/ui/views/overview.ts index d24aa92ce9d..bb57874103e 100644 --- a/ui/src/ui/views/overview.ts +++ b/ui/src/ui/views/overview.ts @@ -1,5 +1,5 @@ import { html, nothing } from "lit"; -import { t, i18n, SUPPORTED_LOCALES, type Locale } from "../../i18n/index.ts"; +import { t, i18n, SUPPORTED_LOCALES, type Locale, isSupportedLocale } from "../../i18n/index.ts"; import type { EventLogEntry } from "../app-events.ts"; import { buildExternalLinkRel, EXTERNAL_LINK_TARGET } from "../external-link.ts"; import { formatRelativeTimestamp, formatDurationHuman } from "../format.ts"; @@ -190,7 +190,9 @@ export function renderOverview(props: OverviewProps) { `; })(); - const currentLocale = i18n.getLocale(); + const currentLocale = isSupportedLocale(props.settings.locale) + ? props.settings.locale + : i18n.getLocale(); return html`
@@ -295,7 +297,9 @@ export function renderOverview(props: OverviewProps) { > ${SUPPORTED_LOCALES.map((loc) => { const key = loc.replace(/-([a-zA-Z])/g, (_, c) => c.toUpperCase()); - return html``; + return html``; })} diff --git a/vitest.config.ts b/vitest.config.ts index 564065be9e3..2ed4ed07f7c 100644 --- a/vitest.config.ts +++ b/vitest.config.ts @@ -13,10 +13,6 @@ export default defineConfig({ resolve: { // Keep this ordered: the base `openclaw/plugin-sdk` alias is a prefix match. alias: [ - { - find: "openclaw/extension-api", - replacement: path.join(repoRoot, "src", "extensionAPI.ts"), - }, ...pluginSdkSubpaths.map((subpath) => ({ find: `openclaw/plugin-sdk/${subpath}`, replacement: path.join(repoRoot, "src", "plugin-sdk", `${subpath}.ts`), @@ -86,7 +82,6 @@ export default defineConfig({ "src/index.ts", "src/runtime.ts", "src/channel-web.ts", - "src/extensionAPI.ts", "src/logging.ts", "src/cli/**", "src/commands/**", diff --git a/vitest.e2e.config.ts b/vitest.e2e.config.ts index b70d8c8eedb..67e7cada10e 100644 --- a/vitest.e2e.config.ts +++ b/vitest.e2e.config.ts @@ -26,7 +26,7 @@ export default defineConfig({ pool: "forks", maxWorkers: e2eWorkers, silent: !verboseE2E, - include: ["test/**/*.e2e.test.ts", "src/**/*.e2e.test.ts"], + include: ["test/**/*.e2e.test.ts", "src/**/*.e2e.test.ts", "extensions/**/*.e2e.test.ts"], exclude, }, });