vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 04:00:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
58fa23b4a2f24e2eb254dec9517c5c387ef4fc11
openclaw/src/gateway/server-methods/config.ts
Peter Steinberger 928c70fb6b perf(gateway): trim startup watcher imports
2026-05-03 14:30:36 +01:00

583 lines
17 KiB
TypeScript
Raw Blame History

import { execFile } from "node:child_process";
import {
createConfigIO,
parseConfigJson5,
readConfigFileSnapshot,
readConfigFileSnapshotForWrite,
resolveConfigSnapshotHash,
validateConfigObjectWithPlugins,
} from "../../config/config.js";
import { formatConfigIssueLines } from "../../config/issue-format.js";
import { applyMergePatch } from "../../config/merge-patch.js";
import {
redactConfigObject,
redactConfigSnapshot,
restoreRedactedValues,
} from "../../config/redact-snapshot.js";
import { loadGatewayRuntimeConfigSchema } from "../../config/runtime-schema.js";
import { lookupConfigSchema, type ConfigSchemaResponse } from "../../config/schema.js";
import type { ConfigValidationIssue, OpenClawConfig } from "../../config/types.openclaw.js";
import { formatErrorMessage } from "../../infra/errors.js";
import {
prepareSecretsRuntimeSnapshot,
type PreparedSecretsRuntimeSnapshot,
} from "../../secrets/runtime.js";
import { diffConfigPaths } from "../config-diff.js";
import {
formatControlPlaneActor,
resolveControlPlaneActor,
summarizeChangedPaths,
} from "../control-plane-audit.js";
import {
ErrorCodes,
errorShape,
formatValidationErrors,
validateConfigApplyParams,
validateConfigGetParams,
validateConfigPatchParams,
validateConfigSchemaLookupParams,
validateConfigSchemaLookupResult,
validateConfigSchemaParams,
validateConfigSetParams,
} from "../protocol/index.js";
import { resolveBaseHashParam } from "./base-hash.js";
import {
commitGatewayConfigWrite,
didActiveSharedGatewayAuthChange,
didSharedGatewayAuthChange,
resolveGatewayConfigPath,
resolveGatewayConfigRestartWriteResult,
} from "./config-write-flow.js";
import type { GatewayRequestHandlers, RespondFn } from "./types.js";
import { assertValidParams } from "./validation.js";
const MAX_CONFIG_ISSUES_IN_ERROR_MESSAGE = 3;
type ConfigOpenCommand = {
command: string;
args: string[];
};
function requireConfigBaseHash(
params: unknown,
snapshot: Awaited<ReturnType<typeof readConfigFileSnapshot>>,
respond: RespondFn,
): boolean {
if (!snapshot.exists) {
return true;
}
const snapshotHash = resolveConfigSnapshotHash(snapshot);
if (!snapshotHash) {
respond(
false,
undefined,
errorShape(
ErrorCodes.INVALID_REQUEST,
"config base hash unavailable; re-run config.get and retry",
),
);
return false;
}
const baseHash = resolveBaseHashParam(params);
if (!baseHash) {
respond(
false,
undefined,
errorShape(
ErrorCodes.INVALID_REQUEST,
"config base hash required; re-run config.get and retry",
),
);
return false;
}
if (baseHash !== snapshotHash) {
respond(
false,
undefined,
errorShape(
ErrorCodes.INVALID_REQUEST,
"config changed since last load; re-run config.get and retry",
),
);
return false;
}
return true;
}
function parseRawConfigOrRespond(
params: unknown,
requestName: string,
respond: RespondFn,
): string | null {
const rawValue = (params as { raw?: unknown }).raw;
if (typeof rawValue !== "string") {
respond(
false,
undefined,
errorShape(
ErrorCodes.INVALID_REQUEST,
`invalid ${requestName} params: raw (string) required`,
),
);
return null;
}
return rawValue;
}
function sanitizeLookupPathForLog(path: string): string {
const sanitized = Array.from(path, (char) => {
const code = char.charCodeAt(0);
return code < 0x20 || code === 0x7f ? "?" : char;
}).join("");
return sanitized.length > 120 ? `${sanitized.slice(0, 117)}...` : sanitized;
}
function escapePowerShellSingleQuotedString(value: string): string {
return value.replaceAll("'", "''");
}
export function resolveConfigOpenCommand(
configPath: string,
platform: NodeJS.Platform = process.platform,
): ConfigOpenCommand {
if (platform === "win32") {
// Use a PowerShell string literal so the path stays data, not code.
return {
command: "powershell.exe",
args: [
"-NoProfile",
"-NonInteractive",
"-Command",
`Start-Process -LiteralPath '${escapePowerShellSingleQuotedString(configPath)}'`,
],
};
}
return {
command: platform === "darwin" ? "open" : "xdg-open",
args: [configPath],
};
}
function execConfigOpenCommand(command: ConfigOpenCommand): Promise<void> {
return new Promise((resolve, reject) => {
execFile(command.command, command.args, (error) => {
if (error) {
reject(error);
return;
}
resolve();
});
});
}
function formatConfigOpenError(error: unknown): string {
if (
typeof error === "object" &&
error &&
"message" in error &&
typeof error.message === "string"
) {
return error.message;
}
return String(error);
}
function parseValidateConfigFromRawOrRespond(
params: unknown,
requestName: string,
snapshot: Awaited<ReturnType<typeof readConfigFileSnapshot>>,
respond: RespondFn,
): { config: OpenClawConfig; schema: ConfigSchemaResponse } | null {
const rawValue = parseRawConfigOrRespond(params, requestName, respond);
if (!rawValue) {
return null;
}
const parsedRes = parseConfigJson5(rawValue);
if (!parsedRes.ok) {
respond(false, undefined, errorShape(ErrorCodes.INVALID_REQUEST, parsedRes.error));
return null;
}
const schema = loadSchemaWithPlugins();
const restored = restoreRedactedValues(parsedRes.parsed, snapshot.config, schema.uiHints);
if (!restored.ok) {
respond(
false,
undefined,
errorShape(ErrorCodes.INVALID_REQUEST, restored.humanReadableMessage ?? "invalid config"),
);
return null;
}
const validated = validateConfigObjectWithPlugins(restored.result);
if (!validated.ok) {
respond(
false,
undefined,
errorShape(ErrorCodes.INVALID_REQUEST, summarizeConfigValidationIssues(validated.issues), {
details: { issues: validated.issues },
}),
);
return null;
}
return { config: validated.config, schema };
}
function summarizeConfigValidationIssues(issues: ReadonlyArray<ConfigValidationIssue>): string {
const trimmed = issues.slice(0, MAX_CONFIG_ISSUES_IN_ERROR_MESSAGE);
const lines = formatConfigIssueLines(trimmed, "", { normalizeRoot: true })
.map((line) => line.trim())
.filter(Boolean);
if (lines.length === 0) {
return "invalid config";
}
const hiddenCount = Math.max(0, issues.length - lines.length);
return `invalid config: ${lines.join("; ")}${
hiddenCount > 0 ? ` (+${hiddenCount} more issue${hiddenCount === 1 ? "" : "s"})` : ""
}`;
}
async function ensureResolvableSecretRefsOrRespond(params: {
config: OpenClawConfig;
respond: RespondFn;
}): Promise<PreparedSecretsRuntimeSnapshot | null> {
try {
return await prepareSecretsRuntimeSnapshot({
config: params.config,
includeAuthStoreRefs: false,
});
} catch (error) {
const details = formatErrorMessage(error);
params.respond(
false,
undefined,
errorShape(
ErrorCodes.INVALID_REQUEST,
`invalid config: active SecretRef resolution failed (${details})`,
),
);
return null;
}
}
function loadSchemaWithPlugins(): ConfigSchemaResponse {
// Note: We can't easily cache this, as there are no callback that can invalidate
// our cache. However, getRuntimeConfig() and loadOpenClawPlugins() (called inside
// loadGatewayRuntimeConfigSchema) already cache their results, and buildConfigSchema()
// is just a cheap transformation.
return loadGatewayRuntimeConfigSchema();
}
export const configHandlers: GatewayRequestHandlers = {
"config.get": async ({ params, respond }) => {
if (!assertValidParams(params, validateConfigGetParams, "config.get", respond)) {
return;
}
const snapshot = await readConfigFileSnapshot();
const schema = loadSchemaWithPlugins();
respond(true, redactConfigSnapshot(snapshot, schema.uiHints), undefined);
},
"config.schema": ({ params, respond }) => {
if (!assertValidParams(params, validateConfigSchemaParams, "config.schema", respond)) {
return;
}
respond(true, loadSchemaWithPlugins(), undefined);
},
"config.schema.lookup": ({ params, respond, context }) => {
if (
!assertValidParams(params, validateConfigSchemaLookupParams, "config.schema.lookup", respond)
) {
return;
}
const path = (params as { path: string }).path;
const schema = loadSchemaWithPlugins();
const result = lookupConfigSchema(schema, path);
if (!result) {
respond(
false,
undefined,
errorShape(ErrorCodes.INVALID_REQUEST, "config schema path not found"),
);
return;
}
if (!validateConfigSchemaLookupResult(result)) {
const errors = validateConfigSchemaLookupResult.errors ?? [];
context.logGateway.warn(
`config.schema.lookup produced invalid payload for ${sanitizeLookupPathForLog(path)}: ${formatValidationErrors(errors)}`,
);
respond(
false,
undefined,
errorShape(ErrorCodes.UNAVAILABLE, "config.schema.lookup returned invalid payload", {
details: { errors },
}),
);
return;
}
respond(true, result, undefined);
},
"config.set": async ({ params, respond, context }) => {
if (!assertValidParams(params, validateConfigSetParams, "config.set", respond)) {
return;
}
const { snapshot, writeOptions } = await readConfigFileSnapshotForWrite();
if (!requireConfigBaseHash(params, snapshot, respond)) {
return;
}
const parsed = parseValidateConfigFromRawOrRespond(params, "config.set", snapshot, respond);
if (!parsed) {
return;
}
if (!(await ensureResolvableSecretRefsOrRespond({ config: parsed.config, respond }))) {
return;
}
const writeResult = await commitGatewayConfigWrite({
snapshot,
writeOptions,
nextConfig: parsed.config,
context,
});
respond(
true,
{
ok: true,
path: writeResult.path,
config: redactConfigObject(parsed.config, parsed.schema.uiHints),
},
undefined,
);
writeResult.queueFollowUp();
},
"config.patch": async ({ params, respond, client, context }) => {
if (!assertValidParams(params, validateConfigPatchParams, "config.patch", respond)) {
return;
}
const { snapshot, writeOptions } = await readConfigFileSnapshotForWrite();
if (!requireConfigBaseHash(params, snapshot, respond)) {
return;
}
if (!snapshot.valid) {
respond(
false,
undefined,
errorShape(ErrorCodes.INVALID_REQUEST, "invalid config; fix before patching"),
);
return;
}
const rawValue = (params as { raw?: unknown }).raw;
if (typeof rawValue !== "string") {
respond(
false,
undefined,
errorShape(
ErrorCodes.INVALID_REQUEST,
"invalid config.patch params: raw (string) required",
),
);
return;
}
const parsedRes = parseConfigJson5(rawValue);
if (!parsedRes.ok) {
respond(false, undefined, errorShape(ErrorCodes.INVALID_REQUEST, parsedRes.error));
return;
}
if (
!parsedRes.parsed ||
typeof parsedRes.parsed !== "object" ||
Array.isArray(parsedRes.parsed)
) {
respond(
false,
undefined,
errorShape(ErrorCodes.INVALID_REQUEST, "config.patch raw must be an object"),
);
return;
}
const merged = applyMergePatch(snapshot.config, parsedRes.parsed, {
mergeObjectArraysById: true,
});
const schemaPatch = loadSchemaWithPlugins();
const restoredMerge = restoreRedactedValues(merged, snapshot.config, schemaPatch.uiHints);
if (!restoredMerge.ok) {
respond(
false,
undefined,
errorShape(
ErrorCodes.INVALID_REQUEST,
restoredMerge.humanReadableMessage ?? "invalid config",
),
);
return;
}
const validated = validateConfigObjectWithPlugins(restoredMerge.result);
if (!validated.ok) {
respond(
false,
undefined,
errorShape(ErrorCodes.INVALID_REQUEST, summarizeConfigValidationIssues(validated.issues), {
details: { issues: validated.issues },
}),
);
return;
}
const preparedSecretsSnapshot = await ensureResolvableSecretRefsOrRespond({
config: validated.config,
respond,
});
if (!preparedSecretsSnapshot) {
return;
}
const changedPaths = diffConfigPaths(snapshot.config, validated.config);
const actor = resolveControlPlaneActor(client);
// No-op: if the validated config is identical to the current config,
// skip the file write and SIGUSR1 restart entirely. This avoids a full
// gateway restart (and the resulting connection drop) when a control-plane
// client re-sends the same config (e.g. hot-apply with no actual changes).
if (changedPaths.length === 0) {
context?.logGateway?.info(
`config.patch noop ${formatControlPlaneActor(actor)} (no changed paths)`,
);
respond(
true,
{
ok: true,
noop: true,
path: resolveGatewayConfigPath(snapshot),
config: redactConfigObject(validated.config, schemaPatch.uiHints),
},
undefined,
);
return;
}
context?.logGateway?.info(
`config.patch write ${formatControlPlaneActor(actor)} changedPaths=${summarizeChangedPaths(changedPaths)} restartReason=config.patch`,
);
// Compare before the write so we invalidate clients authenticated against the
// previous shared secret immediately after the config update succeeds.
const disconnectSharedAuthClients =
didSharedGatewayAuthChange(snapshot.config, validated.config) ||
didActiveSharedGatewayAuthChange({
fallbackPrev: snapshot.config,
next: preparedSecretsSnapshot.config,
});
const writeResult = await commitGatewayConfigWrite({
snapshot,
writeOptions,
nextConfig: validated.config,
context,
disconnectSharedAuthClients,
});
const { payload, sentinelPath, restart } = await resolveGatewayConfigRestartWriteResult({
requestParams: params,
kind: "config-patch",
mode: "config.patch",
configPath: writeResult.path,
changedPaths,
nextConfig: validated.config,
actor,
context,
});
respond(
true,
{
ok: true,
path: writeResult.path,
config: redactConfigObject(validated.config, schemaPatch.uiHints),
restart,
sentinel: {
path: sentinelPath,
payload,
},
},
undefined,
);
writeResult.queueFollowUp();
},
"config.apply": async ({ params, respond, client, context }) => {
if (!assertValidParams(params, validateConfigApplyParams, "config.apply", respond)) {
return;
}
const { snapshot, writeOptions } = await readConfigFileSnapshotForWrite();
if (!requireConfigBaseHash(params, snapshot, respond)) {
return;
}
const parsed = parseValidateConfigFromRawOrRespond(params, "config.apply", snapshot, respond);
if (!parsed) {
return;
}
const preparedSecretsSnapshot = await ensureResolvableSecretRefsOrRespond({
config: parsed.config,
respond,
});
if (!preparedSecretsSnapshot) {
return;
}
const changedPaths = diffConfigPaths(snapshot.config, parsed.config);
const actor = resolveControlPlaneActor(client);
context?.logGateway?.info(
`config.apply write ${formatControlPlaneActor(actor)} changedPaths=${summarizeChangedPaths(changedPaths)} restartReason=config.apply`,
);
// Compare before the write so we invalidate clients authenticated against the
// previous shared secret immediately after the config update succeeds.
const disconnectSharedAuthClients =
didSharedGatewayAuthChange(snapshot.config, parsed.config) ||
didActiveSharedGatewayAuthChange({
fallbackPrev: snapshot.config,
next: preparedSecretsSnapshot.config,
});
const writeResult = await commitGatewayConfigWrite({
snapshot,
writeOptions,
nextConfig: parsed.config,
context,
disconnectSharedAuthClients,
});
const { payload, sentinelPath, restart } = await resolveGatewayConfigRestartWriteResult({
requestParams: params,
kind: "config-apply",
mode: "config.apply",
configPath: writeResult.path,
changedPaths,
nextConfig: parsed.config,
actor,
context,
});
respond(
true,
{
ok: true,
path: writeResult.path,
config: redactConfigObject(parsed.config, parsed.schema.uiHints),
restart,
sentinel: {
path: sentinelPath,
payload,
},
},
undefined,
);
writeResult.queueFollowUp();
},
"config.openFile": async ({ params, respond, context }) => {
if (!assertValidParams(params, validateConfigGetParams, "config.openFile", respond)) {
return;
}
const configPath = createConfigIO().configPath;
try {
await execConfigOpenCommand(resolveConfigOpenCommand(configPath));
respond(true, { ok: true, path: configPath }, undefined);
} catch (error) {
context?.logGateway?.warn(
`config.openFile failed path=${sanitizeLookupPathForLog(configPath)}: ${formatConfigOpenError(error)}`,
);
respond(
true,
{ ok: false, path: configPath, error: "failed to open config file" },
undefined,
);
}
},
};
Reference in New Issue View Git Blame Copy Permalink