UNPKG

@gguf/claw

Version:

WhatsApp gateway CLI (Baileys web) with Pi RPC agent

995 lines (986 loc) • 631 kB

JavaScript

import { B as normalizeElevatedLevel, H as normalizeThinkLevel, I as formatThinkingLevels, K as supportsXHighThinking, L as formatXHighModelHint, U as normalizeUsageDisplay, V as normalizeReasoningLevel, W as normalizeVerboseLevel } from "./pi-embedded-helpers-BB4uACeq.js"; import { $n as setTtsEnabled, A as resolveOutboundTarget, An as normalizePollInput, Ar as DEFAULT_INPUT_PDF_MIN_TEXT_CHARS, At as buildControlUiAvatarUrl, B as scheduleGatewaySigusr1Restart, Bn as createInternalHookEvent, Bt as listNodePairing, C as resolveSessionTranscriptCandidates, Cr as DEFAULT_INPUT_FILE_MAX_CHARS, D as resolveOutboundSessionRoute, Dn as onAgentEvent, Dr as DEFAULT_INPUT_MAX_REDIRECTS, E as ensureOutboundSessionEntry, En as getAgentRunContext, Er as DEFAULT_INPUT_IMAGE_MIMES, F as runWithModelFallback, Ft as recordRemoteNodeInfo, Gn as getTtsProvider, Gt as verifyNodeToken, H as consumeRestartSentinel, Hn as triggerInternalHook, Ht as renamePairedNode, In as formatUserTime, Ir as resolveAgentTimeoutMs, It as refreshRemoteBinsForConnectedNodes, J as writeRestartSentinel, Jn as resolveTtsApiKey, Jt as buildSafeExternalPrompt, K as summarizeRestartSentinel, Kn as isTtsEnabled, Kt as getSkillsSnapshotVersion, L as authorizeGatewaySigusr1Restart, Ln as resolveUserTimeFormat, Lt as refreshRemoteNodeBins, Mr as extractFileContentFromSource, Mt as resolveAssistantAvatarUrl, N as resetDirectoryCache, Nr as extractImageContentFromSource, Nt as getRemoteSkillEligibility, On as registerAgentRunContext, Or as DEFAULT_INPUT_PDF_MAX_PAGES, Pn as resolveAgentIdentity, Pr as normalizeMimeList, Pt as primeRemoteSkillsCache, Qn as resolveTtsProviderOrder, R as consumeGatewaySigusr1RestartAuthorization, Rn as resolveUserTimezone, Rt as setSkillsRemoteRegistry, S as readSessionPreviewItemsFromTranscript, Sn as initSubagentRegistry, Sr as DEFAULT_INPUT_FILE_MAX_BYTES, Tn as emitAgentEvent, Tr as DEFAULT_INPUT_IMAGE_MAX_BYTES, U as formatDoctorNonInteractiveHint, Un as OPENAI_TTS_MODELS, Ut as requestNodePairing, V as setGatewaySigusr1RestartPolicy, Vn as registerInternalHook, Vt as rejectNodePairing, W as formatRestartSentinelMessage, Wn as OPENAI_TTS_VOICES, Wt as updatePairedNodeMetadata, X as normalizeCronJobPatch, Xn as resolveTtsConfig, Xt as getHookType, Y as normalizeCronJobCreate, Yn as resolveTtsAutoMode, Yt as detectSuspiciousPatterns, Z as migrateLegacyCronPayload, Zn as resolveTtsPrefsPath, Zt as isExternalHookSession, _ as resolveGatewaySessionStoreTarget, _n as dispatchInboundMessage, _r as parseVerboseOverride, a as normalizeSendPolicy, ar as startDiagnosticHeartbeat, b as capArrayByJsonBytes, bn as isAbortTrigger, c as runEmbeddedPiAgent, cr as DEFAULT_HEARTBEAT_ACK_MAX_CHARS, d as createOpenClawTools, er as setTtsProvider, et as requestHeartbeatNow, f as resolveAnnounceTargetFromKey, fr as stripHeartbeatToken, g as loadSessionEntry, gr as applyVerboseOverride, h as loadCombinedSessionStoreForGateway, hr as applyModelOverrideToSessionEntry, i as runCliAgent, in as registerUnhandledRejectionHandler, ir as CommandLane, it as loadProviderUsageSummary, j as resolveSessionDeliveryTarget, jr as DEFAULT_INPUT_TIMEOUT_MS, jt as normalizeControlUiBasePath, kr as DEFAULT_INPUT_PDF_MAX_PIXELS, kt as CONTROL_UI_AVATAR_PREFIX, l as abortEmbeddedPiRun, ln as getLastHeartbeatEvent, lt as handleSlackHttpRequest, m as listSessionsFromStore, mn as getChannelActivity, n as getCliSessionId, nn as normalizeGroupActivation, nt as getPluginToolMeta, o as resolveSendPolicy, on as buildHistoryContextFromEntries, or as stopDiagnosticHeartbeat, p as listAgentsForGateway, pr as lookupContextTokens, qn as isTtsProviderConfigured, qt as registerSkillsChangeListener, r as setCliSessionId, rr as setCommandLaneConcurrency, rt as loadOpenClawPlugins, s as clearSessionQueues, sn as resolveHeartbeatVisibility, sr as isDiagnosticsEnabled, tn as createReplyPrefixOptions, tr as textToSpeech, u as waitForEmbeddedPiRunEnd, un as onHeartbeatEvent, v as resolveSessionModelRef, vn as createReplyDispatcher, vr as enqueueSystemEvent, vt as handleReset, w as stripEnvelopeFromMessages, wn as clearAgentRunContext, wr as DEFAULT_INPUT_FILE_MIMES, x as readSessionMessages, xn as stopSubagentsForRequester, xr as loadModelCatalog, y as archiveFileOnDisk, yn as formatZonedTimestamp, yr as isSystemEventContextChanged, z as isGatewaySigusr1RestartExternallyAllowed, zn as clearInternalHooks, zt as approveNodePairing } from "./reply-B8pOiUNN.js"; import { g as resolveStateDir, i as isNixMode, l as resolveGatewayLockDir, o as resolveConfigPath, r as STATE_DIR, t as CONFIG_PATH, u as resolveGatewayPort } from "./paths-scjhy7N2.js"; import { _ as parseAgentSessionKey, c as normalizeAgentId, g as isSubagentSessionKey, i as buildAgentMainSessionKey, l as normalizeMainKey, p as toAgentRequestSessionKey, t as DEFAULT_ACCOUNT_ID, u as resolveAgentIdFromSessionKey } from "./session-key-Dm2EOhrH.js"; import { B as getLogger, C as getActivePluginRegistry, I as colorize, L as isRich, M as setVerbose, R as theme, V as getResolvedLoggerSettings, a as setConsoleTimestampPrefix, c as defaultRuntime, h as DEFAULT_CHAT_CHANNEL, i as setConsoleSubsystemFilter, n as runtimeForLogger, p as CHANNEL_IDS, t as createSubsystemLogger, z as getChildLogger } from "./subsystem-CAq3uyo7.js"; import { _ as shortenHomePath, h as resolveUserPath, s as ensureDir, t as CONFIG_DIR, x as truncateUtf16Safe } from "./utils-CKSrBNwq.js"; import { a as logDebug, c as logWarn, n as runExec, t as runCommandWithTimeout } from "./exec-HEWTMJ7j.js"; import { t as resolveOpenClawPackageRoot } from "./openclaw-root-Cvotktkd.js"; import { T as resolveWorkspaceTemplateDir, _ as DEFAULT_MEMORY_FILENAME, b as DEFAULT_USER_FILENAME, c as resolveDefaultAgentId, d as DEFAULT_AGENTS_FILENAME, g as DEFAULT_MEMORY_ALT_FILENAME, h as DEFAULT_IDENTITY_FILENAME, i as resolveAgentModelFallbacksOverride, l as resolveSessionAgentId, m as DEFAULT_HEARTBEAT_FILENAME, n as resolveAgentConfig, p as DEFAULT_BOOTSTRAP_FILENAME, r as resolveAgentDir, s as resolveAgentWorkspaceDir, t as listAgentIds, v as DEFAULT_SOUL_FILENAME, w as resolveDefaultAgentWorkspaceDir, x as ensureAgentWorkspace, y as DEFAULT_TOOLS_FILENAME } from "./agent-scope-CMs5Y7l-.js"; import { a as isCliProvider, bt as DEFAULT_PROVIDER, d as resolveConfiguredModelRef, f as resolveDefaultModelForAgent, h as resolveThinkingDefault, i as getModelRefStatus, l as resolveAllowedModelRef, p as resolveHooksGmailModel, vt as DEFAULT_CONTEXT_TOKENS, yt as DEFAULT_MODEL } from "./model-selection-DMUrNhQP.js"; import "./github-copilot-token-pGSmVaW-.js"; import { t as formatCliCommand } from "./command-format-ChfKqObn.js"; import "./boolean-BgXe2hyu.js"; import { n as logAcceptedEnvOption, t as isTruthyEnvValue } from "./env-0_mKbEWW.js"; import { A as resolveSubagentMaxConcurrent, T as applyLegacyMigrations, a as parseConfigJson5, c as writeConfigFile, i as loadConfig, j as VERSION, k as resolveAgentMaxConcurrent, l as validateConfigObjectWithPlugins, n as migrateLegacyConfig, o as readConfigFileSnapshot, r as createConfigIO, s as resolveConfigSnapshotHash, u as OpenClawSchema } from "./config-CAuZ-EkU.js"; import { o as isTestDefaultMemorySlotDisabled } from "./manifest-registry-DHaa1SJb.js"; import { n as listChannelPlugins, r as normalizeChannelId, t as getChannelPlugin } from "./plugins-BYIWo0Cp.js"; import { B as snapshotSessionOrigin, F as resolveAgentMainSessionKey, I as resolveExplicitAgentSessionKey, L as resolveMainSessionKey, R as resolveMainSessionKeyFromConfig, S as mergeDeliveryContext, at as normalizeToolName, b as deliveryContextFromSession, d as loadSessionStore, g as updateSessionStore, nt as collectExplicitAllowlist, ot as resolveToolProfilePolicy, rt as expandPolicyWithPluginGroups, st as stripPluginOnlyAllowlist, tt as buildPluginToolGroups, w as normalizeSessionDeliveryFields } from "./sandbox-CV8VwPij.js"; import "./image-Ca_PtqY7.js"; import "./pi-model-discovery-CV2V1HHz.js"; import { T as formatErrorMessage, d as inspectPortUsage, l as ensurePortAvailable, p as formatPortDiagnostics } from "./chrome-BNSd7Bie.js"; import { d as hasBinary, i as loadWorkspaceSkillEntries, r as buildWorkspaceSkillSnapshot } from "./skills-D5JDj3TR.js"; import { c as saveMediaBuffer, l as detectMime } from "./routes-DchZU3EK.js"; import "./server-context-vChIAqjH.js"; import { t as rawDataToString } from "./ws-CEcdsnN9.js"; import { f as GATEWAY_CLIENT_CAPS, g as hasGatewayClientCap, h as GATEWAY_CLIENT_NAMES, i as isGatewayMessageChannel, l as normalizeMessageChannel, m as GATEWAY_CLIENT_MODES, n as isDeliverableMessageChannel, p as GATEWAY_CLIENT_IDS, r as isGatewayCliClient, s as isWebchatClient, t as INTERNAL_MESSAGE_CHANNEL } from "./message-channel-Bpfe5l5f.js"; import "./logging-BWRYHvLp.js"; import "./accounts-BgZmhIm6.js"; import { n as resolveSessionFilePath, o as resolveStorePath, r as resolveSessionTranscriptPath } from "./paths-Bb0nwPeu.js"; import "./redact-DJCFY628.js"; import "./tool-display-BxZG0o1b.js"; import { o as normalizeReplyPayloadsForDelivery, t as deliverOutboundPayloads } from "./deliver-C3bnXkg5.js"; import { i as getMachineDisplayName, t as createBrowserRouteDispatcher } from "./dispatcher-6oI-H42S.js"; import "./manager-LpytrxUw.js"; import "./sqlite-BKl1HJFe.js"; import "./channel-summary-DUiKDBLv.js"; import { $ as validatePollParams, A as validateDevicePairListParams, At as deriveDeviceIdFromPublicKey, B as validateLogsTailParams, C as validateCronListParams, Ct as PROTOCOL_VERSION, D as validateCronStatusParams, Dt as parseSessionLabel, E as validateCronRunsParams, F as validateExecApprovalResolveParams, G as validateNodeInvokeResultParams, H as validateNodeDescribeParams, I as validateExecApprovalsGetParams, J as validateNodePairListParams, K as validateNodeListParams, L as validateExecApprovalsNodeGetParams, M as validateDeviceTokenRevokeParams, Mt as normalizeDevicePublicKeyBase64Url, N as validateDeviceTokenRotateParams, Nt as verifyDeviceSignature, O as validateCronUpdateParams, Ot as buildDeviceAuthPayload, P as validateExecApprovalRequestParams, Q as validateNodeRenameParams, R as validateExecApprovalsNodeSetParams, S as validateCronAddParams, St as validateWizardStatusParams, T as validateCronRunParams, Tt as errorShape, U as validateNodeEventParams, V as validateModelsListParams, W as validateNodeInvokeParams, X as validateNodePairRequestParams, Y as validateNodePairRejectParams, Z as validateNodePairVerifyParams, _ as validateConfigGetParams, _t as validateWebLoginStartParams, a as validateAgentWaitParams, at as validateSessionsPatchParams, b as validateConfigSetParams, bt as validateWizardNextParams, c as validateAgentsFilesSetParams, ct as validateSessionsResolveParams, d as validateChannelsStatusParams, dt as validateSkillsInstallParams, et as validateRequestFrame, f as validateChatAbortParams, ft as validateSkillsStatusParams, g as validateConfigApplyParams, gt as validateWakeParams, h as validateChatSendParams, ht as validateUpdateRunParams, i as validateAgentParams, it as validateSessionsListParams, j as validateDevicePairRejectParams, k as validateDevicePairApproveParams, l as validateAgentsListParams, lt as validateSessionsUsageParams, m as validateChatInjectParams, mt as validateTalkModeParams, n as formatValidationErrors, nt as validateSessionsCompactParams, o as validateAgentsFilesGetParams, ot as validateSessionsPreviewParams, p as validateChatHistoryParams, pt as validateSkillsUpdateParams, q as validateNodePairApproveParams, r as validateAgentIdentityParams, rt as validateSessionsDeleteParams, s as validateAgentsFilesListParams, st as validateSessionsResetParams, tt as validateSendParams, u as validateChannelsLogoutParams, ut as validateSkillsBinsParams, v as validateConfigPatchParams, vt as validateWebLoginWaitParams, w as validateCronRemoveParams, wt as ErrorCodes, x as validateConnectParams, xt as validateWizardStartParams, y as validateConfigSchemaParams, yt as validateWizardCancelParams, z as validateExecApprovalsSetParams } from "./client-BYVbRnuQ.js"; import { n as pickPrimaryTailnetIPv6, t as pickPrimaryTailnetIPv4 } from "./tailnet-DLDGNuH2.js"; import { n as callGateway, o as loadGatewayTlsRuntime$1 } from "./call-BTbA5OB4.js"; import "./login-qr-BIlr0vwe.js"; import "./pairing-store-DFq7WtOv.js"; import { t as formatDocsLink } from "./links-B5pRdmo1.js"; import { r as runCommandWithRuntime } from "./cli-utils-BkRQdAoC.js"; import { n as withProgress } from "./progress-xpLtQsNY.js"; import { a as resolveSubagentToolPolicy, i as resolveGroupToolPolicy, r as resolveEffectiveToolPolicy, t as filterToolsByPolicy } from "./pi-tools.policy-BQ8N5y8a.js"; import "./prompt-style-vzh0MGHs.js"; import "./pairing-labels-CtqLxbG6.js"; import { i as loadSessionUsageTimeSeries, l as hasNonzeroUsage, n as loadCostUsageSummary, r as loadSessionCostSummary, t as discoverAllSessions } from "./session-cost-usage-CBP4Hv9D.js"; import { n as formatTokenCount, r as formatUsd } from "./usage-format-DvowRSs-.js"; import { c as normalizeExecApprovals, g as saveExecApprovals, l as readExecApprovalsSnapshot, m as resolveExecApprovalsSocketPath, r as ensureExecApprovals } from "./exec-approvals-DZixgolZ.js"; import { n as createBrowserControlContext, r as startBrowserControlServiceFromConfig } from "./control-service-CS61Road.js"; import { t as parseAbsoluteTimeMs } from "./parse-BZz5lHzQ.js"; import { n as resolveMessageChannelSelection } from "./channel-selection-CJWYmCLf.js"; import { n as createOutboundSendDeps, t as createDefaultDeps } from "./deps-BG1LonF6.js"; import { i as enableTailscaleServe, n as disableTailscaleServe, o as getTailnetHostname, r as enableTailscaleFunnel, t as disableTailscaleFunnel } from "./tailscale-BVGD9gSD.js"; import { t as ensureOpenClawCliOnPath } from "./path-env-DP3DsVge.js"; import "./daemon-runtime-DMd0mgTK.js"; import { c as loadAgentIdentity, d as loadAgentIdentityFromWorkspace, p as forceFreePortAndWait, r as getStatusSummary, t as runOnboardingWizard } from "./onboarding-BP4-5uzE.js"; import { t as resolveChannelDefaultAccountId } from "./helpers-BIc7L8EF.js"; import "./logging-TXWhN8jG.js"; import "./note-B5HnoeZX.js"; import { t as WizardCancelledError } from "./prompts-FbZThK8w.js"; import { i as discoverGatewayBeacons, n as installSkill } from "./onboard-skills-s8J5xbUr.js"; import "./github-copilot-auth-C8Uf0Q03.js"; import "./onboard-channels-DKT27PdN.js"; import { r as buildChannelUiCatalog, t as applyPluginAutoEnable } from "./plugin-auto-enable-Ci7TBlH2.js"; import "./archive-Dy3Ezb-5.js"; import "./skill-scanner-BoGjHXUZ.js"; import "./installs-BhEjOqPy.js"; import { a as resolveControlUiRootOverrideSync, c as getHealthSnapshot, d as runHeartbeatOnce, f as setHeartbeatsEnabled, n as ensureControlUiAssetsBuilt, o as resolveControlUiRootSync, p as startHeartbeatRunner, s as formatHealthChannelLines } from "./health-format-B3eStY5r.js"; import { S as normalizeUpdateChannel, _ as resolveNpmChannelTag, h as compareSemverStrings, m as checkUpdateStatus, t as runGatewayUpdate, y as DEFAULT_PACKAGE_CHANNEL } from "./update-runner-BDdk_K2S.js"; import { a as resolveGatewayBindHost, n as isLoopbackHost$2, o as resolveGatewayClientIp, r as isTrustedProxyAddress, s as resolveGatewayListenHosts, t as isLoopbackAddress } from "./net-C8YRVt16.js"; import { i as resolveGatewayAuth, n as authorizeGatewayConnect, r as isLocalDirectRequest, t as assertGatewayAuthConfigured } from "./auth-CbhB03Rz.js"; import { i as probeGateway } from "./audit-ZY6Dk5Ec.js"; import "./table-CLtGjVsx.js"; import { t as buildWorkspaceSkillStatus } from "./skills-status-CEvVUD3U.js"; import "./service-BZesBIaG.js"; import "./systemd-B-3NdMmA.js"; import "./service-audit-C-IA4omi.js"; import "./node-service-BAYHx0E7.js"; import "./channels-status-issues-CrS1r5sr.js"; import "./completion-cli-BPIeQDFy.js"; import { a as createOutboundSendDeps$1, i as resolveAgentOutboundTarget, r as resolveAgentDeliveryPlan, t as agentCommand } from "./agent-_H-0rbHV.js"; import { n as resolveWideAreaDiscoveryDomain, r as writeWideAreaGatewayZone } from "./widearea-dns-D9Al4QRv.js"; import { i as shouldIncludeHook, n as loadWorkspaceHookEntries, r as resolveHookConfig } from "./hooks-status-DepPyfBb.js"; import "./tui-XH6_v0qC.js"; import { t as buildChannelAccountSnapshot } from "./status-tCu4RWZH.js"; import "./shared-BmtNKsPq.js"; import { a as runDaemonStop, i as runDaemonStart, n as runDaemonStatus, o as runDaemonUninstall, r as runDaemonRestart, s as runDaemonInstall } from "./daemon-cli-B6aLZ8OE.js"; import { a as toOptionString, i as parsePort$1, n as extractGatewayMiskeys, r as maybeExplainGatewayServiceStop, t as describeUnknownError } from "./shared-C8_5pNbb.js"; import { i as setGatewayWsLogStyle, n as logWs, r as summarizeAgentEventForWsLog, t as formatForLog } from "./ws-log-B7UNLFLC.js"; import { T as resolveGmailHookRuntimeConfig, _ as buildGogWatchServeArgs, i as ensureTailscaleEndpoint, v as buildGogWatchStartArgs } from "./gmail-setup-utils-QpN7TEXS.js"; import { fileURLToPath, pathToFileURL } from "node:url"; import os from "node:os"; import path from "node:path"; import * as fsSync from "node:fs"; import fs, { constants } from "node:fs"; import JSON5 from "json5"; import chalk from "chalk"; import fs$1 from "node:fs/promises"; import { spawn, spawnSync } from "node:child_process"; import crypto, { createHash, randomUUID } from "node:crypto"; import { z } from "zod"; import { CURRENT_SESSION_VERSION } from "@mariozechner/pi-coding-agent"; import { createServer } from "node:http"; import { createServer as createServer$1 } from "node:https"; import { WebSocketServer } from "ws"; import { Buffer as Buffer$1 } from "node:buffer"; import net from "node:net"; import chokidar from "chokidar"; import { Cron } from "croner"; //#region src/infra/ssh-config.ts function parsePort(value) { if (!value) return; const parsed = Number.parseInt(value, 10); if (!Number.isFinite(parsed) || parsed <= 0) return; return parsed; } function parseSshConfigOutput(output) { const result = { identityFiles: [] }; const lines = output.split("\n"); for (const raw of lines) { const line = raw.trim(); if (!line) continue; const [key, ...rest] = line.split(/\s+/); const value = rest.join(" ").trim(); if (!key || !value) continue; switch (key) { case "user": result.user = value; break; case "hostname": result.host = value; break; case "port": result.port = parsePort(value); break; case "identityfile": if (value !== "none") result.identityFiles.push(value); break; default: break; } } return result; } async function resolveSshConfig(target, opts = {}) { const sshPath = "/usr/bin/ssh"; const args = ["-G"]; if (target.port > 0 && target.port !== 22) args.push("-p", String(target.port)); if (opts.identity?.trim()) args.push("-i", opts.identity.trim()); const userHost = target.user ? `${target.user}@${target.host}` : target.host; args.push("--", userHost); return await new Promise((resolve) => { const child = spawn(sshPath, args, { stdio: [ "ignore", "pipe", "ignore" ] }); let stdout = ""; child.stdout?.setEncoding("utf8"); child.stdout?.on("data", (chunk) => { stdout += String(chunk); }); const timeoutMs = Math.max(200, opts.timeoutMs ?? 800); const timer = setTimeout(() => { try { child.kill("SIGKILL"); } finally { resolve(null); } }, timeoutMs); child.once("error", () => { clearTimeout(timer); resolve(null); }); child.once("exit", (code) => { clearTimeout(timer); if (code !== 0 || !stdout.trim()) { resolve(null); return; } resolve(parseSshConfigOutput(stdout)); }); }); } //#endregion //#region src/infra/ssh-tunnel.ts function isErrno(err) { return Boolean(err && typeof err === "object" && "code" in err); } function parseSshTarget(raw) { const trimmed = raw.trim().replace(/^ssh\s+/, ""); if (!trimmed) return null; const [userPart, hostPart] = trimmed.includes("@") ? (() => { const idx = trimmed.indexOf("@"); const user = trimmed.slice(0, idx).trim(); const host = trimmed.slice(idx + 1).trim(); return [user || void 0, host]; })() : [void 0, trimmed]; const colonIdx = hostPart.lastIndexOf(":"); if (colonIdx > 0 && colonIdx < hostPart.length - 1) { const host = hostPart.slice(0, colonIdx).trim(); const portRaw = hostPart.slice(colonIdx + 1).trim(); const port = Number.parseInt(portRaw, 10); if (!host || !Number.isFinite(port) || port <= 0) return null; if (host.startsWith("-")) return null; return { user: userPart, host, port }; } if (!hostPart) return null; if (hostPart.startsWith("-")) return null; return { user: userPart, host: hostPart, port: 22 }; } async function pickEphemeralPort() { return await new Promise((resolve, reject) => { const server = net.createServer(); server.once("error", reject); server.listen(0, "127.0.0.1", () => { const addr = server.address(); server.close(() => { if (!addr || typeof addr === "string") { reject(/* @__PURE__ */ new Error("failed to allocate a local port")); return; } resolve(addr.port); }); }); }); } async function canConnectLocal(port) { return await new Promise((resolve) => { const socket = net.connect({ host: "127.0.0.1", port }); const done = (ok) => { socket.removeAllListeners(); socket.destroy(); resolve(ok); }; socket.once("connect", () => done(true)); socket.once("error", () => done(false)); socket.setTimeout(250, () => done(false)); }); } async function waitForLocalListener(port, timeoutMs) { const startedAt = Date.now(); while (Date.now() - startedAt < timeoutMs) { if (await canConnectLocal(port)) return; await new Promise((r) => setTimeout(r, 50)); } throw new Error(`ssh tunnel did not start listening on localhost:${port}`); } async function startSshPortForward(opts) { const parsed = parseSshTarget(opts.target); if (!parsed) throw new Error(`invalid SSH target: ${opts.target}`); let localPort = opts.localPortPreferred; try { await ensurePortAvailable(localPort); } catch (err) { if (isErrno(err) && err.code === "EADDRINUSE") localPort = await pickEphemeralPort(); else throw err; } const userHost = parsed.user ? `${parsed.user}@${parsed.host}` : parsed.host; const args = [ "-N", "-L", `${localPort}:127.0.0.1:${opts.remotePort}`, "-p", String(parsed.port), "-o", "ExitOnForwardFailure=yes", "-o", "BatchMode=yes", "-o", "StrictHostKeyChecking=accept-new", "-o", "UpdateHostKeys=yes", "-o", "ConnectTimeout=5", "-o", "ServerAliveInterval=15", "-o", "ServerAliveCountMax=3" ]; if (opts.identity?.trim()) args.push("-i", opts.identity.trim()); args.push("--", userHost); const stderr = []; const child = spawn("/usr/bin/ssh", args, { stdio: [ "ignore", "ignore", "pipe" ] }); child.stderr?.setEncoding("utf8"); child.stderr?.on("data", (chunk) => { const lines = String(chunk).split("\n").map((l) => l.trim()).filter(Boolean); stderr.push(...lines); }); const stop = async () => { if (child.killed) return; child.kill("SIGTERM"); await new Promise((resolve) => { const t = setTimeout(() => { try { child.kill("SIGKILL"); } finally { resolve(); } }, 1500); child.once("exit", () => { clearTimeout(t); resolve(); }); }); }; try { await Promise.race([waitForLocalListener(localPort, Math.max(250, opts.timeoutMs)), new Promise((_, reject) => { child.once("exit", (code, signal) => { reject(/* @__PURE__ */ new Error(`ssh exited (${code ?? "null"}${signal ? `/${signal}` : ""})`)); }); })]); } catch (err) { await stop(); const suffix = stderr.length > 0 ? `\n${stderr.join("\n")}` : ""; throw new Error(`${err instanceof Error ? err.message : String(err)}${suffix}`, { cause: err }); } return { parsedTarget: parsed, localPort, remotePort: opts.remotePort, pid: typeof child.pid === "number" ? child.pid : null, stderr, stop }; } //#endregion //#region src/commands/gateway-status/helpers.ts function parseIntOrNull(value) { const s = typeof value === "string" ? value.trim() : typeof value === "number" || typeof value === "bigint" ? String(value) : ""; if (!s) return null; const n = Number.parseInt(s, 10); return Number.isFinite(n) ? n : null; } function parseTimeoutMs(raw, fallbackMs) { const value = typeof raw === "string" ? raw.trim() : typeof raw === "number" || typeof raw === "bigint" ? String(raw) : ""; if (!value) return fallbackMs; const parsed = Number.parseInt(value, 10); if (!Number.isFinite(parsed) || parsed <= 0) throw new Error(`invalid --timeout: ${value}`); return parsed; } function normalizeWsUrl(value) { const trimmed = value.trim(); if (!trimmed) return null; if (!trimmed.startsWith("ws://") && !trimmed.startsWith("wss://")) return null; return trimmed; } function resolveTargets(cfg, explicitUrl) { const targets = []; const add = (t) => { if (!targets.some((x) => x.url === t.url)) targets.push(t); }; const explicit = typeof explicitUrl === "string" ? normalizeWsUrl(explicitUrl) : null; if (explicit) add({ id: "explicit", kind: "explicit", url: explicit, active: true }); const remoteUrl = typeof cfg.gateway?.remote?.url === "string" ? normalizeWsUrl(cfg.gateway.remote.url) : null; if (remoteUrl) add({ id: "configRemote", kind: "configRemote", url: remoteUrl, active: cfg.gateway?.mode === "remote" }); add({ id: "localLoopback", kind: "localLoopback", url: `ws://127.0.0.1:${resolveGatewayPort(cfg)}`, active: cfg.gateway?.mode !== "remote" }); return targets; } function resolveProbeBudgetMs(overallMs, kind) { if (kind === "localLoopback") return Math.min(800, overallMs); if (kind === "sshTunnel") return Math.min(2e3, overallMs); return Math.min(1500, overallMs); } function sanitizeSshTarget(value) { if (typeof value !== "string") return null; const trimmed = value.trim(); if (!trimmed) return null; return trimmed.replace(/^ssh\\s+/, ""); } function resolveAuthForTarget(cfg, target, overrides) { const tokenOverride = overrides.token?.trim() ? overrides.token.trim() : void 0; const passwordOverride = overrides.password?.trim() ? overrides.password.trim() : void 0; if (tokenOverride || passwordOverride) return { token: tokenOverride, password: passwordOverride }; if (target.kind === "configRemote" || target.kind === "sshTunnel") { const token = typeof cfg.gateway?.remote?.token === "string" ? cfg.gateway.remote.token.trim() : ""; const remotePassword = (cfg.gateway?.remote)?.password; const password = typeof remotePassword === "string" ? remotePassword.trim() : ""; return { token: token.length > 0 ? token : void 0, password: password.length > 0 ? password : void 0 }; } const envToken = process.env.OPENCLAW_GATEWAY_TOKEN?.trim() || ""; const envPassword = process.env.OPENCLAW_GATEWAY_PASSWORD?.trim() || ""; const cfgToken = typeof cfg.gateway?.auth?.token === "string" ? cfg.gateway.auth.token.trim() : ""; const cfgPassword = typeof cfg.gateway?.auth?.password === "string" ? cfg.gateway.auth.password.trim() : ""; return { token: envToken || cfgToken || void 0, password: envPassword || cfgPassword || void 0 }; } function pickGatewaySelfPresence(presence) { if (!Array.isArray(presence)) return null; const entries = presence; const self = entries.find((e) => e.mode === "gateway" && e.reason === "self") ?? entries.find((e) => typeof e.text === "string" && String(e.text).startsWith("Gateway:")) ?? null; if (!self) return null; return { host: typeof self.host === "string" ? self.host : void 0, ip: typeof self.ip === "string" ? self.ip : void 0, version: typeof self.version === "string" ? self.version : void 0, platform: typeof self.platform === "string" ? self.platform : void 0 }; } function extractConfigSummary(snapshotUnknown) { const snap = snapshotUnknown; const path = typeof snap?.path === "string" ? snap.path : null; const exists = Boolean(snap?.exists); const valid = Boolean(snap?.valid); const issuesRaw = Array.isArray(snap?.issues) ? snap.issues : []; const legacyRaw = Array.isArray(snap?.legacyIssues) ? snap.legacyIssues : []; const cfg = snap?.config ?? {}; const gateway = cfg.gateway ?? {}; const wideArea = (cfg.discovery ?? {}).wideArea ?? {}; const remote = gateway.remote ?? {}; const auth = gateway.auth ?? {}; const controlUi = gateway.controlUi ?? {}; const tailscale = gateway.tailscale ?? {}; const authMode = typeof auth.mode === "string" ? auth.mode : null; const authTokenConfigured = typeof auth.token === "string" ? auth.token.trim().length > 0 : false; const authPasswordConfigured = typeof auth.password === "string" ? auth.password.trim().length > 0 : false; const remoteUrl = typeof remote.url === "string" ? normalizeWsUrl(remote.url) : null; const remoteTokenConfigured = typeof remote.token === "string" ? remote.token.trim().length > 0 : false; const remotePasswordConfigured = typeof remote.password === "string" ? String(remote.password).trim().length > 0 : false; const wideAreaEnabled = typeof wideArea.enabled === "boolean" ? wideArea.enabled : null; return { path, exists, valid, issues: issuesRaw.filter((i) => Boolean(i && typeof i.path === "string" && typeof i.message === "string")).map((i) => ({ path: i.path, message: i.message })), legacyIssues: legacyRaw.filter((i) => Boolean(i && typeof i.path === "string" && typeof i.message === "string")).map((i) => ({ path: i.path, message: i.message })), gateway: { mode: typeof gateway.mode === "string" ? gateway.mode : null, bind: typeof gateway.bind === "string" ? gateway.bind : null, port: parseIntOrNull(gateway.port), controlUiEnabled: typeof controlUi.enabled === "boolean" ? controlUi.enabled : null, controlUiBasePath: typeof controlUi.basePath === "string" ? controlUi.basePath : null, authMode, authTokenConfigured, authPasswordConfigured, remoteUrl, remoteTokenConfigured, remotePasswordConfigured, tailscaleMode: typeof tailscale.mode === "string" ? tailscale.mode : null }, discovery: { wideAreaEnabled } }; } function buildNetworkHints(cfg) { const tailnetIPv4 = pickPrimaryTailnetIPv4(); const port = resolveGatewayPort(cfg); return { localLoopbackUrl: `ws://127.0.0.1:${port}`, localTailnetUrl: tailnetIPv4 ? `ws://${tailnetIPv4}:${port}` : null, tailnetIPv4: tailnetIPv4 ?? null }; } function renderTargetHeader(target, rich) { const kindLabel = target.kind === "localLoopback" ? "Local loopback" : target.kind === "sshTunnel" ? "Remote over SSH" : target.kind === "configRemote" ? target.active ? "Remote (configured)" : "Remote (configured, inactive)" : "URL (explicit)"; return `${colorize(rich, theme.heading, kindLabel)} ${colorize(rich, theme.muted, target.url)}`; } function renderProbeSummaryLine(probe, rich) { if (probe.ok) { const latency = typeof probe.connectLatencyMs === "number" ? `${probe.connectLatencyMs}ms` : "unknown"; return `${colorize(rich, theme.success, "Connect: ok")} (${latency}) · ${colorize(rich, theme.success, "RPC: ok")}`; } const detail = probe.error ? ` - ${probe.error}` : ""; if (probe.connectLatencyMs != null) { const latency = typeof probe.connectLatencyMs === "number" ? `${probe.connectLatencyMs}ms` : "unknown"; return `${colorize(rich, theme.success, "Connect: ok")} (${latency}) · ${colorize(rich, theme.error, "RPC: failed")}${detail}`; } return `${colorize(rich, theme.error, "Connect: failed")}${detail}`; } //#endregion //#region src/commands/gateway-status.ts async function gatewayStatusCommand(opts, runtime) { const startedAt = Date.now(); const cfg = loadConfig(); const rich = isRich() && opts.json !== true; const overallTimeoutMs = parseTimeoutMs(opts.timeout, 3e3); const wideAreaDomain = resolveWideAreaDiscoveryDomain({ configDomain: cfg.discovery?.wideArea?.domain }); const baseTargets = resolveTargets(cfg, opts.url); const network = buildNetworkHints(cfg); const discoveryTimeoutMs = Math.min(1200, overallTimeoutMs); const discoveryPromise = discoverGatewayBeacons({ timeoutMs: discoveryTimeoutMs, wideAreaDomain }); let sshTarget = sanitizeSshTarget(opts.ssh) ?? sanitizeSshTarget(cfg.gateway?.remote?.sshTarget); let sshIdentity = sanitizeSshTarget(opts.sshIdentity) ?? sanitizeSshTarget(cfg.gateway?.remote?.sshIdentity); const remotePort = resolveGatewayPort(cfg); let sshTunnelError = null; let sshTunnelStarted = false; if (!sshTarget) sshTarget = inferSshTargetFromRemoteUrl(cfg.gateway?.remote?.url); if (sshTarget) { const resolved = await resolveSshTarget(sshTarget, sshIdentity, overallTimeoutMs); if (resolved) { sshTarget = resolved.target; if (!sshIdentity && resolved.identity) sshIdentity = resolved.identity; } } const { discovery, probed } = await withProgress({ label: "Inspecting gateways…", indeterminate: true, enabled: opts.json !== true }, async () => { const tryStartTunnel = async () => { if (!sshTarget) return null; try { const tunnel = await startSshPortForward({ target: sshTarget, identity: sshIdentity ?? void 0, localPortPreferred: remotePort, remotePort, timeoutMs: Math.min(1500, overallTimeoutMs) }); sshTunnelStarted = true; return tunnel; } catch (err) { sshTunnelError = err instanceof Error ? err.message : String(err); return null; } }; const discoveryTask = discoveryPromise.catch(() => []); const tunnelTask = sshTarget ? tryStartTunnel() : Promise.resolve(null); const [discovery, tunnelFirst] = await Promise.all([discoveryTask, tunnelTask]); if (!sshTarget && opts.sshAuto) { const user = process.env.USER?.trim() || ""; const candidates = discovery.map((b) => { const host = b.tailnetDns || b.lanHost || b.host; if (!host?.trim()) return null; const sshPort = typeof b.sshPort === "number" && b.sshPort > 0 ? b.sshPort : 22; const base = user ? `${user}@${host.trim()}` : host.trim(); return sshPort !== 22 ? `${base}:${sshPort}` : base; }).filter((candidate) => Boolean(candidate && parseSshTarget(candidate))); if (candidates.length > 0) sshTarget = candidates[0] ?? null; } const tunnel = tunnelFirst || (sshTarget && !sshTunnelStarted && !sshTunnelError ? await tryStartTunnel() : null); const tunnelTarget = tunnel ? { id: "sshTunnel", kind: "sshTunnel", url: `ws://127.0.0.1:${tunnel.localPort}`, active: true, tunnel: { kind: "ssh", target: sshTarget ?? "", localPort: tunnel.localPort, remotePort, pid: tunnel.pid } } : null; const targets = tunnelTarget ? [tunnelTarget, ...baseTargets.filter((t) => t.url !== tunnelTarget.url)] : baseTargets; try { return { discovery, probed: await Promise.all(targets.map(async (target) => { const auth = resolveAuthForTarget(cfg, target, { token: typeof opts.token === "string" ? opts.token : void 0, password: typeof opts.password === "string" ? opts.password : void 0 }); const timeoutMs = resolveProbeBudgetMs(overallTimeoutMs, target.kind); const probe = await probeGateway({ url: target.url, auth, timeoutMs }); return { target, probe, configSummary: probe.configSnapshot ? extractConfigSummary(probe.configSnapshot) : null, self: pickGatewaySelfPresence(probe.presence) }; })) }; } finally { if (tunnel) try { await tunnel.stop(); } catch {} } }); const reachable = probed.filter((p) => p.probe.ok); const ok = reachable.length > 0; const multipleGateways = reachable.length > 1; const primary = reachable.find((p) => p.target.kind === "explicit") ?? reachable.find((p) => p.target.kind === "sshTunnel") ?? reachable.find((p) => p.target.kind === "configRemote") ?? reachable.find((p) => p.target.kind === "localLoopback") ?? null; const warnings = []; if (sshTarget && !sshTunnelStarted) warnings.push({ code: "ssh_tunnel_failed", message: sshTunnelError ? `SSH tunnel failed: ${String(sshTunnelError)}` : "SSH tunnel failed to start; falling back to direct probes." }); if (multipleGateways) warnings.push({ code: "multiple_gateways", message: "Unconventional setup: multiple reachable gateways detected. Usually one gateway per network is recommended unless you intentionally run isolated profiles, like a rescue bot (see docs: /gateway#multiple-gateways-same-host).", targetIds: reachable.map((p) => p.target.id) }); if (opts.json) { runtime.log(JSON.stringify({ ok, ts: Date.now(), durationMs: Date.now() - startedAt, timeoutMs: overallTimeoutMs, primaryTargetId: primary?.target.id ?? null, warnings, network, discovery: { timeoutMs: discoveryTimeoutMs, count: discovery.length, beacons: discovery.map((b) => ({ instanceName: b.instanceName, displayName: b.displayName ?? null, domain: b.domain ?? null, host: b.host ?? null, lanHost: b.lanHost ?? null, tailnetDns: b.tailnetDns ?? null, gatewayPort: b.gatewayPort ?? null, sshPort: b.sshPort ?? null, wsUrl: (() => { const host = b.tailnetDns || b.lanHost || b.host; const port = b.gatewayPort ?? 18789; return host ? `ws://${host}:${port}` : null; })() })) }, targets: probed.map((p) => ({ id: p.target.id, kind: p.target.kind, url: p.target.url, active: p.target.active, tunnel: p.target.tunnel ?? null, connect: { ok: p.probe.ok, latencyMs: p.probe.connectLatencyMs, error: p.probe.error, close: p.probe.close }, self: p.self, config: p.configSummary, health: p.probe.health, summary: p.probe.status, presence: p.probe.presence })) }, null, 2)); if (!ok) runtime.exit(1); return; } runtime.log(colorize(rich, theme.heading, "Gateway Status")); runtime.log(ok ? `${colorize(rich, theme.success, "Reachable")}: yes` : `${colorize(rich, theme.error, "Reachable")}: no`); runtime.log(colorize(rich, theme.muted, `Probe budget: ${overallTimeoutMs}ms`)); if (warnings.length > 0) { runtime.log(""); runtime.log(colorize(rich, theme.warn, "Warning:")); for (const w of warnings) runtime.log(`- ${w.message}`); } runtime.log(""); runtime.log(colorize(rich, theme.heading, "Discovery (this machine)")); const discoveryDomains = wideAreaDomain ? `local. + ${wideAreaDomain}` : "local."; runtime.log(discovery.length > 0 ? `Found ${discovery.length} gateway(s) via Bonjour (${discoveryDomains})` : `Found 0 gateways via Bonjour (${discoveryDomains})`); if (discovery.length === 0) runtime.log(colorize(rich, theme.muted, "Tip: if the gateway is remote, mDNS won’t cross networks; use Wide-Area Bonjour (split DNS) or SSH tunnels.")); runtime.log(""); runtime.log(colorize(rich, theme.heading, "Targets")); for (const p of probed) { runtime.log(renderTargetHeader(p.target, rich)); runtime.log(` ${renderProbeSummaryLine(p.probe, rich)}`); if (p.target.tunnel?.kind === "ssh") runtime.log(` ${colorize(rich, theme.muted, "ssh")}: ${colorize(rich, theme.command, p.target.tunnel.target)}`); if (p.probe.ok && p.self) { const host = p.self.host ?? "unknown"; const ip = p.self.ip ? ` (${p.self.ip})` : ""; const platform = p.self.platform ? ` · ${p.self.platform}` : ""; const version = p.self.version ? ` · app ${p.self.version}` : ""; runtime.log(` ${colorize(rich, theme.info, "Gateway")}: ${host}${ip}${platform}${version}`); } if (p.configSummary) { const c = p.configSummary; const wideArea = c.discovery.wideAreaEnabled === true ? "enabled" : c.discovery.wideAreaEnabled === false ? "disabled" : "unknown"; runtime.log(` ${colorize(rich, theme.info, "Wide-area discovery")}: ${wideArea}`); } runtime.log(""); } if (!ok) runtime.exit(1); } function inferSshTargetFromRemoteUrl(rawUrl) { if (typeof rawUrl !== "string") return null; const trimmed = rawUrl.trim(); if (!trimmed) return null; let host = null; try { host = new URL(trimmed).hostname || null; } catch { return null; } if (!host) return null; const user = process.env.USER?.trim() || ""; return user ? `${user}@${host}` : host; } function buildSshTarget(input) { const host = input.host?.trim() ?? ""; if (!host) return null; const user = input.user?.trim() ?? ""; const base = user ? `${user}@${host}` : host; const port = input.port ?? 22; if (port && port !== 22) return `${base}:${port}`; return base; } async function resolveSshTarget(rawTarget, identity, overallTimeoutMs) { const parsed = parseSshTarget(rawTarget); if (!parsed) return null; const config = await resolveSshConfig(parsed, { identity: identity ?? void 0, timeoutMs: Math.min(800, overallTimeoutMs) }); if (!config) return { target: rawTarget, identity: identity ?? void 0 }; const target = buildSshTarget({ user: config.user ?? parsed.user, host: config.host ?? parsed.host, port: config.port ?? parsed.port }); if (!target) return { target: rawTarget, identity: identity ?? void 0 }; return { target, identity: identity ?? config.identityFiles.find((entry) => entry.trim().length > 0)?.trim() ?? void 0 }; } //#endregion //#region src/cli/gateway-cli/call.ts const gatewayCallOpts = (cmd) => cmd.option("--url <url>", "Gateway WebSocket URL (defaults to gateway.remote.url when configured)").option("--token <token>", "Gateway token (if required)").option("--password <password>", "Gateway password (password auth)").option("--timeout <ms>", "Timeout in ms", "10000").option("--expect-final", "Wait for final response (agent)", false).option("--json", "Output JSON", false); const callGatewayCli = async (method, opts, params) => withProgress({ label: `Gateway ${method}`, indeterminate: true, enabled: opts.json !== true }, async () => await callGateway({ url: opts.url, token: opts.token, password: opts.password, method, params, expectFinal: Boolean(opts.expectFinal), timeoutMs: Number(opts.timeout ?? 1e4), clientName: GATEWAY_CLIENT_NAMES.CLI, mode: GATEWAY_CLIENT_MODES.CLI })); //#endregion //#region src/cli/gateway-cli/discover.ts function parseDiscoverTimeoutMs(raw, fallbackMs) { if (raw === void 0 || raw === null) return fallbackMs; const value = typeof raw === "string" ? raw.trim() : typeof raw === "number" || typeof raw === "bigint" ? String(raw) : null; if (value === null) throw new Error("invalid --timeout"); if (!value) return fallbackMs; const parsed = Number.parseInt(value, 10); if (!Number.isFinite(parsed) || parsed <= 0) throw new Error(`invalid --timeout: ${value}`); return parsed; } function pickBeaconHost(beacon) { const host = beacon.tailnetDns || beacon.lanHost || beacon.host; return host?.trim() ? host.trim() : null; } function pickGatewayPort(beacon) { const port = beacon.gatewayPort ?? 18789; return port > 0 ? port : 18789; } function dedupeBeacons(beacons) { const out = []; const seen = /* @__PURE__ */ new Set(); for (const b of beacons) { const host = pickBeaconHost(b) ?? ""; const key = [ b.domain ?? "", b.instanceName ?? "", b.displayName ?? "", host, String(b.port ?? ""), String(b.gatewayPort ?? "") ].join("|"); if (seen.has(key)) continue; seen.add(key); out.push(b); } return out; } function renderBeaconLines(beacon, rich) { const nameRaw = (beacon.displayName || beacon.instanceName || "Gateway").trim(); const domainRaw = (beacon.domain || "local.").trim(); const title = colorize(rich, theme.accentBright, nameRaw); const domain = colorize(rich, theme.muted, domainRaw); const host = pickBeaconHost(beacon); const gatewayPort = pickGatewayPort(beacon); const scheme = beacon.gatewayTls ? "wss" : "ws"; const wsUrl = host ? `${scheme}://${host}:${gatewayPort}` : null; const lines = [`- ${title} ${domain}`]; if (beacon.tailnetDns) lines.push(` ${colorize(rich, theme.info, "tailnet")}: ${beacon.tailnetDns}`); if (beacon.lanHost) lines.push(` ${colorize(rich, theme.info, "lan")}: ${beacon.lanHost}`); if (beacon.host) lines.push(` ${colorize(rich, theme.info, "host")}: ${beacon.host}`); if (wsUrl) lines.push(` ${colorize(rich, theme.muted, "ws")}: ${colorize(rich, theme.command, wsUrl)}`); if (beacon.role) lines.push(` ${colorize(rich, theme.muted, "role")}: ${beacon.role}`); if (beacon.transport) lines.push(` ${colorize(rich, theme.muted, "transport")}: ${beacon.transport}`); if (beacon.gatewayTls) { const fingerprint = beacon.gatewayTlsFingerprintSha256 ? `sha256 ${beacon.gatewayTlsFingerprintSha256}` : "enabled"; lines.push(` ${colorize(rich, theme.muted, "tls")}: ${fingerprint}`); } if (typeof beacon.sshPort === "number" && beacon.sshPort > 0 && host) { const ssh = `ssh -N -L 18789:127.0.0.1:18789 <user>@${host} -p ${beacon.sshPort}`; lines.push(` ${colorize(rich, theme.muted, "ssh")}: ${colorize(rich, theme.command, ssh)}`); } return lines; } //#endregion //#region src/gateway/server/close-reason.ts const CLOSE_REASON_MAX_BYTES = 120; function truncateCloseReason(reason, maxBytes = CLOSE_REASON_MAX_BYTES) { if (!reason) return "invalid handshake"; const buf = Buffer$1.from(reason); if (buf.length <= maxBytes) return reason; return buf.subarray(0, maxBytes).toString(); } //#endregion //#region src/infra/exec-approval-forwarder.ts const log$3 = createSubsystemLogger("gateway/exec-approvals"); const DEFAULT_MODE = "session"; function normalizeMode(mode) { return mode ?? DEFAULT_MODE; } function matchSessionFilter(sessionKey, patterns) { return patterns.some((pattern) => { try { return sessionKey.includes(pattern) || new RegExp(pattern).test(sessionKey); } catch { return sessionKey.includes(pattern); } }); } function shouldForward(params) { const config = params.config; if (!config?.enabled) return false; if (config.agentFilter?.length) { const agentId = params.request.request.agentId ?? parseAgentSessionKey(params.request.request.sessionKey)?.agentId; if (!agentId) return false; if (!config.agentFilter.includes(agentId)) return false; } if (config.sessionFilter?.length) { const sessionKey = params.request.request.sessionKey; if (!sessionKey) return false; if (!matchSessionFilter(sessionKey, config.sessionFilter)) return false; } return true; } function buildTargetKey(target) { const channel = normalizeMessageChannel(target.channel) ?? target.channel; const accountId = target.accountId ?? ""; const threadId = target.threadId ?? ""; return [ channel, target.to, accountId, threadId ].join(":"); } function buildRequestMessage(request, nowMs) { const lines = ["🔒 Exec approval required", `ID: ${request.id}`]; lines.push(`Command: ${request.request.command}`); if (request.request.cwd) lines.push(`CWD: ${request.request.cwd}`); if (request.request.host) lines.push(`Host: ${request.request.host}`); if (request.request.agentId) lines.push(`Agent: ${request.request.agentId}`); if (request.request.security) lines.push(`Security: ${request.request.security}`); if (request.request.ask) lines.push(`Ask: ${request.request.ask}`); const expiresIn = Math.max(0, Math.round((request.expiresAtMs - nowMs) / 1e3)); lines.push(`Expires in: ${expiresIn}s`); lines.push("Reply with: /approve <id> allow-once|allow-always|deny"); return lines.join("\n"); } function decisionLabel(decision) { if (decision === "allow-once") return "allowed once"; if (decision === "allow-always") return "allowed always"; return "denied"; } function buildResolvedMessage(resolved) { return `${`✅ Exec approval ${decisionLabel(resolved.decision)}.`}${resolved.resolvedBy ? ` Resolved by ${resolved.resolvedBy}.` : ""} ID: ${resolved.id}`; } function buildExpiredMessage(request) { return `⏱️ Exec approval expired. ID: ${request.id}`; } function defaultResolveSessionTarget(params) { const sessionKey = params.request.request.sessionKey?.trim(); if (!sessionKey) return null; const agentId = parseAgentSessionKey(sessionKey)?.agentId ?? params.request.request.agentId ?? "main"; const entry = loadSessionStore(resolveStorePath(params.cfg.session?.store, { agentId }))[sessionKey]; if (!entry) return null; const target = resolveSessionDeliveryTarget({ entry, requestedChannel: "last" }); if (!target.channel || !target.to) return null; if (!isDeliverableMessageChannel(target.channel)) return null; return { channel: target.channel, to: target.to, accountId: target.accountId, threadId: target.threadId }; } async function deliverToTargets(params) { const deliveries = params.targets.map(async (target) => { if (params.shouldSend && !params.shouldSend()) return; const channel = normalizeMessageChannel(target.channel) ?? target.channel; if (!isDeliverableMessageChannel(channel)) return; try { await params.deliver({ cfg: params.cfg, channel, to: target.to, accountId: target.accountId, threadId: target.threadId, payloads: [{ text: params.text }] }); } catch (err) { log$3.error(`exec approvals: failed to deliver to ${channel}:${target.to}: ${String(err)}`); } }); await Promise.allSettled(deliveries); } function createExecApprovalForwarder(deps = {}) { const getConfig = deps.getConfig ?? loadConfig; const deliver = deps.deliver ?? deliverOutboundPayloads; const nowMs = deps.nowMs ?? Date.now; const resolveSessionTarget = deps.resolveSessionTarget ?? defaultResolveSessionTarget; const pending = /* @__PURE__ */ new Map(); const handleRequested = async (request) => { const cfg = getConfig(); const config = cfg.approvals?.exec; if (!shouldForward({ config, request })) return; const mode = normalizeMode(config?.mode); const targets = []; const seen = /* @__PURE__ */ new Set(); if (mode === "session" || mode === "both") { const sessionTarget = resolveSessionTarget({ cfg, request }); if (sessionTarget) { const key = buildTargetKey(sessionTarget);