mirror of
https://github.com/openclaw/openclaw.git
synced 2026-06-01 20:46:42 +00:00
bb46b79d3c
* refactor: extract agent core package Introduce packages/agent-core as the OpenClaw-owned home for reusable agent loop, harness, session, prompt, and runtime dependency contracts. * refactor: extract shared llm runtime Move provider model registries, stream wrappers, OAuth helpers, and LLM utilities into src/llm with plugin-sdk barrels instead of depending on the old embedded runtime layout. * refactor: remove pi runtime internals Rename remaining Pi-shaped agent surfaces to OpenClaw agent runtime names, delete obsolete Pi docs and package graph checks, and add the third-party notice for incorporated code. * refactor: tighten agent session runtime Make agent-core/runtime dependencies explicit, consolidate compaction and session transcript helpers, and move model/session helpers behind OpenClaw-owned contracts. * refactor: remove static model and pi auth paths Drop static model catalogs and Pi auth bridges, move model/provider facts to manifest-owned runtime contracts, and harden internal embedded-agent utilities. * refactor: remove legacy provider compat paths * docs: remove agent parity notes * fix: skip provider wildcard metadata parsing * refactor: share session extension sdk loading * refactor: inline acpx proxy error formatter * refactor: fold edit recovery into edit tool * fix: accept extension batch separator * test: align startup provider plugin expectations * fix: restore provider-scoped release discovery * test: align static asset packaging expectations * fix: run static provider catalogs during scoped discovery * fix: add provider entry catalogs for scoped live discovery * fix: load lightweight provider catalog entries * fix: refresh provider-scoped plugin metadata * fix: keep provider catalog entries on release live path * fix: keep static manifest models in release live checks * fix: harden release model discovery * fix: reduce OpenAI live cache probe reasoning * fix: disable OpenAI cache probe reasoning * ci: extend OpenAI gateway live timeout * fix: extend live gateway model budget * fix: stabilize release validation regressions * fix: honor provider aliases in model rows * fix: stabilize release validation lanes * fix: stabilize release memory qa * ci: stabilize release validation lanes * ci: prefer ipv4 for live docker node calls * fix: restore shared tool-call stream wrapper * ci: remove legacy pi test shard alias * fix: clean up embedded agent test drift * fix: stabilize runtime alias status * fix: clean up embedded agent ci drift * fix: restore release ci invariants * fix: clean up post-rebase runtime drift * fix: restore release ci checks * fix: restore release ci after rebase * fix: remove stale pi runtime path * test: align compaction runtime expectations * test: update plugin prerelease expectations * fix: handle claude live tool approvals * fix: stabilize release validation gates * fix: finish agent runtime import * test: finish post-rebase agent runtime mocks * fix: keep codex compaction native * fix: stabilize codex app-server hook tests * test: isolate codex diagnostic active run * test: remove codex diagnostic completion race # Conflicts: # extensions/codex/src/app-server/run-attempt.test.ts * ci: fix full release manifest performance run id * refactor: narrow llm plugin sdk boundary * chore: drop generated google boundary stamps * fix: repair rebase fallout * fix: clean up rebased runtime references * fix: decode codex jwt payloads as base64url * fix: preserve shipped pi runtime alias * fix: add scoped sdk virtual modules * fix: decode llm codex oauth jwt as base64url * fix: avoid stale vertex adc negative cache * fix: harden tool arg decoding and codeql path * fix: keep vertex adc negative checks live * refactor: consolidate codex jwt and edit helpers * fix: await codex oauth node runtime imports * fix: preserve sdk tool and notice contracts * fix: preserve shipped compat config boundaries * fix: align codex oauth callback host * fix: terminate agent-core loop streams on failure * fix: keep codex oauth callback alive during fallback * ci: include session tools in critical codeql scans * fix: keep Cloudflare Anthropic provider auth header * docs: redirect legacy pi runtime pages * fix: honor bundled web provider compat discovery * fix: protect session output spill files * fix: keep legacy agent dir env blocked * fix: contain auto-discovered skill symlinks * fix: harden agent core sdk proxy surfaces * fix: restore approval reaction sdk compat * fix: keep live docker runs bounded * fix: keep codex oauth redirect host aligned * fix: resolve post-rebase agent runtime drift * fix: redact anthropic oauth parse failures * fix: preserve responses strict tool shaping * fix: repair agent runtime rebase cleanup * docs: redirect retired parity pages * fix: bound auto-discovered resources to roots * fix: repair post-rebase agent test drift * fix: preserve bundled provider allowlist migration * fix: preserve manifest-owned provider aliases * fix: declare photon image dependency * fix: keep provider headers out of proxy body * fix: preserve shipped env aliases * fix: refresh control ui i18n generated state * fix: quote read fallback paths * fix: preview edits through configured backend * test: satisfy core test typecheck * fix: preserve ZAI usage auth fallback * test: repair codex diagnostic test * fix: repair agent runtime rebase drift * test: finish embedded runner import rename * fix: repair agent runtime rebase integrations * test: align compaction oauth fallback expectations * fix: allow sdk-auth session models * fix: update doctor tool schema import * fix: preserve bedrock plugin region * fix: stream harmony-like prose immediately * ci: include session runtime in codeql shards * fix: repair latest rebase integrations * fix: honor explicit codex websocket transport * fix: keep openai-compatible credentials provider-scoped * fix: refresh sdk api baseline after rebase * fix: route cli runtime aliases through openclaw harness * test: rename stale harness mock expectation * test: rename embedded agent overflow calls * test: clean embedded auth test wording * test: use openclaw stream types in deepinfra cache test * fix: refresh sdk api baseline on latest main * fix: honor bundled discovery compat allowlists * fix: refresh sdk api baseline after latest rebase * fix: remove stale rebase imports * test: rename stale model catalog mock * test: mock renamed doctor runtime modules * fix: map canonical kimi env auth * fix: use internal model registry in bench script * fix: migrate deepinfra provider catalog entry * fix: enforce builtin tool suppression * fix: route compaction auth and proxy payloads safely * refactor: prune unused llm registry leftovers * test: update codex hooks session import * test: fix model picker ci coverage * test: align model picker auth mock types
372 lines
13 KiB
TypeScript
372 lines
13 KiB
TypeScript
import crypto from "node:crypto";
|
|
import {
|
|
describeInterpreterInlineEval,
|
|
type InterpreterInlineEvalHit,
|
|
} from "../infra/command-analysis/inline-eval.js";
|
|
import { detectPolicyInlineEval } from "../infra/command-analysis/policy.js";
|
|
import {
|
|
type ExecApprovalsFile,
|
|
type ExecAsk,
|
|
type ExecSecurity,
|
|
type SystemRunApprovalPlan,
|
|
evaluateShellAllowlist,
|
|
hasDurableExecApproval,
|
|
resolveExecApprovalsFromFile,
|
|
} from "../infra/exec-approvals.js";
|
|
import { buildNodeShellCommand } from "../infra/node-shell.js";
|
|
import { parsePreparedSystemRunPayload } from "../infra/system-run-approval-context.js";
|
|
import { formatExecCommand, resolveSystemRunCommandRequest } from "../infra/system-run-command.js";
|
|
import { normalizeNullableString } from "../shared/string-coerce.js";
|
|
import type { ExecuteNodeHostCommandParams } from "./bash-tools.exec-host-node.types.js";
|
|
import { renderExecOutputText } from "./bash-tools.exec-output.js";
|
|
import type { ExecToolDetails } from "./bash-tools.exec-types.js";
|
|
import type { AgentToolResult } from "./runtime/index.js";
|
|
import { callGatewayTool } from "./tools/gateway.js";
|
|
import { listNodes, resolveNodeIdFromList } from "./tools/nodes-utils.js";
|
|
|
|
type NodeExecutionTarget = {
|
|
nodeId: string;
|
|
platform?: string | null;
|
|
argv: string[];
|
|
env: Record<string, string> | undefined;
|
|
invokeTimeoutMs: number;
|
|
runTimeoutSec: number;
|
|
supportsSystemRunPrepare: boolean;
|
|
};
|
|
|
|
type PreparedNodeRun = {
|
|
plan: SystemRunApprovalPlan;
|
|
argv: string[];
|
|
rawCommand: string;
|
|
cwd: string | undefined;
|
|
agentId: string | undefined;
|
|
sessionKey: string | undefined;
|
|
};
|
|
|
|
type NodeApprovalAnalysis = {
|
|
analysisOk: boolean;
|
|
allowlistSatisfied: boolean;
|
|
durableApprovalSatisfied: boolean;
|
|
inlineEvalHit: InterpreterInlineEvalHit | null;
|
|
};
|
|
|
|
export function shouldSkipNodeApprovalPrepare(params: {
|
|
hostSecurity: ExecSecurity;
|
|
hostAsk: ExecAsk;
|
|
strictInlineEval?: boolean;
|
|
}): boolean {
|
|
return (
|
|
params.hostSecurity === "full" && params.hostAsk === "off" && params.strictInlineEval !== true
|
|
);
|
|
}
|
|
|
|
export function formatNodeRunToolResult(params: {
|
|
raw: unknown;
|
|
startedAt: number;
|
|
cwd: string | undefined;
|
|
}): AgentToolResult<ExecToolDetails> {
|
|
const payload =
|
|
params.raw && typeof params.raw === "object"
|
|
? (params.raw as { payload?: unknown }).payload
|
|
: undefined;
|
|
const payloadObj =
|
|
payload && typeof payload === "object" ? (payload as Record<string, unknown>) : {};
|
|
const stdout = typeof payloadObj.stdout === "string" ? payloadObj.stdout : "";
|
|
const stderr = typeof payloadObj.stderr === "string" ? payloadObj.stderr : "";
|
|
const errorText = typeof payloadObj.error === "string" ? payloadObj.error : "";
|
|
const success = typeof payloadObj.success === "boolean" ? payloadObj.success : false;
|
|
const exitCode = typeof payloadObj.exitCode === "number" ? payloadObj.exitCode : null;
|
|
return {
|
|
content: [
|
|
{
|
|
type: "text",
|
|
text: renderExecOutputText(stdout || stderr || errorText),
|
|
},
|
|
],
|
|
details: {
|
|
status: success ? "completed" : "failed",
|
|
exitCode,
|
|
durationMs: Date.now() - params.startedAt,
|
|
aggregated: [stdout, stderr, errorText].filter(Boolean).join("\n"),
|
|
cwd: params.cwd,
|
|
} satisfies ExecToolDetails,
|
|
};
|
|
}
|
|
|
|
export async function resolveNodeExecutionTarget(
|
|
params: ExecuteNodeHostCommandParams,
|
|
): Promise<NodeExecutionTarget> {
|
|
if (params.boundNode && params.requestedNode && params.boundNode !== params.requestedNode) {
|
|
throw new Error(`exec node not allowed (bound to ${params.boundNode})`);
|
|
}
|
|
const nodeQuery = params.boundNode || params.requestedNode;
|
|
const nodes = await listNodes({});
|
|
if (nodes.length === 0) {
|
|
throw new Error(
|
|
"exec host=node requires a paired node (none available). This requires a companion app or node host.",
|
|
);
|
|
}
|
|
let nodeId: string;
|
|
try {
|
|
nodeId = resolveNodeIdFromList(nodes, nodeQuery, !nodeQuery);
|
|
} catch (err) {
|
|
if (!nodeQuery && String(err).includes("node required")) {
|
|
throw new Error(
|
|
"exec host=node requires a node id when multiple nodes are available (set tools.exec.node or exec.node).",
|
|
{ cause: err },
|
|
);
|
|
}
|
|
throw err;
|
|
}
|
|
const nodeInfo = nodes.find((entry) => entry.nodeId === nodeId);
|
|
if (nodeInfo?.connected === false) {
|
|
throw new Error(
|
|
`exec host=node requires a connected node (${nodeId} is currently disconnected). Start or reconnect the companion app or node host, or select a connected node.`,
|
|
);
|
|
}
|
|
const declaredCommands = Array.isArray(nodeInfo?.commands) ? nodeInfo.commands : [];
|
|
const supportsSystemRun = declaredCommands.includes("system.run");
|
|
if (!supportsSystemRun) {
|
|
throw new Error(
|
|
"exec host=node requires a node that supports system.run (companion app or node host).",
|
|
);
|
|
}
|
|
|
|
const runTimeoutSec =
|
|
typeof params.timeoutSec === "number" ? params.timeoutSec : params.defaultTimeoutSec;
|
|
const invokeBaseTimeoutSec = runTimeoutSec > 0 ? runTimeoutSec : params.defaultTimeoutSec;
|
|
return {
|
|
nodeId,
|
|
platform: nodeInfo?.platform,
|
|
argv: buildNodeShellCommand(params.command, nodeInfo?.platform),
|
|
env: params.requestedEnv ? { ...params.requestedEnv } : undefined,
|
|
invokeTimeoutMs: Math.max(10_000, invokeBaseTimeoutSec * 1000 + 5_000),
|
|
runTimeoutSec,
|
|
supportsSystemRunPrepare: declaredCommands.includes("system.run.prepare"),
|
|
};
|
|
}
|
|
|
|
export function buildNodeSystemRunInvoke(params: {
|
|
target: NodeExecutionTarget;
|
|
command: string[];
|
|
rawCommand: string;
|
|
cwd: string | undefined;
|
|
agentId: string | undefined;
|
|
sessionKey: string | undefined;
|
|
turnSourceChannel?: string;
|
|
turnSourceTo?: string;
|
|
turnSourceAccountId?: string;
|
|
turnSourceThreadId?: string | number;
|
|
approved?: boolean;
|
|
approvalDecision?: "allow-once" | "allow-always" | null;
|
|
runId?: string;
|
|
suppressNotifyOnExit?: boolean;
|
|
notifyOnExit?: boolean;
|
|
systemRunPlan?: SystemRunApprovalPlan;
|
|
}): Record<string, unknown> {
|
|
const timeoutMs =
|
|
params.target.runTimeoutSec > 0 ? Math.floor(params.target.runTimeoutSec * 1000) : 0;
|
|
const runId = params.runId ?? crypto.randomUUID();
|
|
return {
|
|
nodeId: params.target.nodeId,
|
|
command: "system.run",
|
|
params: {
|
|
command: params.command,
|
|
rawCommand: params.rawCommand,
|
|
...(params.systemRunPlan ? { systemRunPlan: params.systemRunPlan } : {}),
|
|
...(params.cwd != null ? { cwd: params.cwd } : {}),
|
|
env: params.target.env,
|
|
timeoutMs,
|
|
agentId: params.agentId,
|
|
sessionKey: params.sessionKey,
|
|
...(params.turnSourceChannel != null ? { turnSourceChannel: params.turnSourceChannel } : {}),
|
|
...(params.turnSourceTo != null ? { turnSourceTo: params.turnSourceTo } : {}),
|
|
...(params.turnSourceAccountId != null
|
|
? { turnSourceAccountId: params.turnSourceAccountId }
|
|
: {}),
|
|
...(params.turnSourceThreadId != null
|
|
? { turnSourceThreadId: params.turnSourceThreadId }
|
|
: {}),
|
|
approved: params.approved,
|
|
approvalDecision: params.approvalDecision ?? undefined,
|
|
runId,
|
|
suppressNotifyOnExit:
|
|
params.suppressNotifyOnExit === true || params.notifyOnExit === false ? true : undefined,
|
|
},
|
|
idempotencyKey: crypto.randomUUID(),
|
|
};
|
|
}
|
|
|
|
export async function invokeNodeSystemRunDirect(params: {
|
|
request: ExecuteNodeHostCommandParams;
|
|
target: NodeExecutionTarget;
|
|
}): Promise<AgentToolResult<ExecToolDetails>> {
|
|
const startedAt = Date.now();
|
|
const raw = await callGatewayTool(
|
|
"node.invoke",
|
|
{ timeoutMs: params.target.invokeTimeoutMs },
|
|
buildNodeSystemRunInvoke({
|
|
target: params.target,
|
|
command: params.target.argv,
|
|
rawCommand: params.request.command,
|
|
cwd: params.request.workdir,
|
|
agentId: params.request.agentId,
|
|
sessionKey: params.request.sessionKey,
|
|
notifyOnExit: params.request.notifyOnExit,
|
|
}),
|
|
);
|
|
return formatNodeRunToolResult({ raw, startedAt, cwd: params.request.workdir });
|
|
}
|
|
|
|
export async function prepareNodeSystemRun(params: {
|
|
request: ExecuteNodeHostCommandParams;
|
|
target: NodeExecutionTarget;
|
|
}): Promise<PreparedNodeRun> {
|
|
if (!params.target.supportsSystemRunPrepare) {
|
|
return buildLocalPreparedNodeRun(params);
|
|
}
|
|
|
|
const prepareRaw = await callGatewayTool(
|
|
"node.invoke",
|
|
{ timeoutMs: 15_000 },
|
|
{
|
|
nodeId: params.target.nodeId,
|
|
command: "system.run.prepare",
|
|
params: {
|
|
command: params.target.argv,
|
|
rawCommand: params.request.command,
|
|
...(params.request.workdir != null ? { cwd: params.request.workdir } : {}),
|
|
agentId: params.request.agentId,
|
|
sessionKey: params.request.sessionKey,
|
|
},
|
|
idempotencyKey: crypto.randomUUID(),
|
|
},
|
|
);
|
|
const prepared = parsePreparedSystemRunPayload(prepareRaw?.payload);
|
|
if (!prepared) {
|
|
throw new Error("invalid system.run.prepare response");
|
|
}
|
|
return {
|
|
plan: prepared.plan,
|
|
argv: prepared.plan.argv,
|
|
rawCommand: prepared.plan.commandText,
|
|
cwd: prepared.plan.cwd ?? params.request.workdir,
|
|
agentId: prepared.plan.agentId ?? params.request.agentId,
|
|
sessionKey: prepared.plan.sessionKey ?? params.request.sessionKey,
|
|
};
|
|
}
|
|
|
|
function buildLocalPreparedNodeRun(params: {
|
|
request: ExecuteNodeHostCommandParams;
|
|
target: NodeExecutionTarget;
|
|
}): PreparedNodeRun {
|
|
const rawCommand = formatExecCommand(params.target.argv);
|
|
const command = resolveSystemRunCommandRequest({
|
|
command: params.target.argv,
|
|
rawCommand,
|
|
});
|
|
if (!command.ok) {
|
|
throw new Error(command.message);
|
|
}
|
|
if (command.argv.length === 0) {
|
|
throw new Error("command required");
|
|
}
|
|
const commandText = formatExecCommand(command.argv);
|
|
const previewText = params.request.command.trim() || command.previewText?.trim();
|
|
const commandPreview = previewText && previewText !== commandText ? previewText : null;
|
|
const plan = {
|
|
argv: [...command.argv],
|
|
cwd: normalizeNullableString(params.request.workdir),
|
|
commandText,
|
|
commandPreview,
|
|
agentId: normalizeNullableString(params.request.agentId),
|
|
sessionKey: normalizeNullableString(params.request.sessionKey),
|
|
} satisfies SystemRunApprovalPlan;
|
|
return {
|
|
plan,
|
|
argv: plan.argv,
|
|
rawCommand: plan.commandText,
|
|
cwd: plan.cwd ?? params.request.workdir,
|
|
agentId: plan.agentId ?? params.request.agentId,
|
|
sessionKey: plan.sessionKey ?? params.request.sessionKey,
|
|
};
|
|
}
|
|
|
|
export async function analyzeNodeApprovalRequirement(params: {
|
|
request: ExecuteNodeHostCommandParams;
|
|
target: NodeExecutionTarget;
|
|
prepared: PreparedNodeRun;
|
|
hostSecurity: ExecSecurity;
|
|
hostAsk: ExecAsk;
|
|
}): Promise<NodeApprovalAnalysis> {
|
|
const baseAllowlistEval = evaluateShellAllowlist({
|
|
command: params.request.command,
|
|
allowlist: [],
|
|
safeBins: new Set(),
|
|
cwd: params.request.workdir,
|
|
env: params.request.env,
|
|
platform: params.target.platform,
|
|
trustedSafeBinDirs: params.request.trustedSafeBinDirs,
|
|
});
|
|
let analysisOk = baseAllowlistEval.analysisOk;
|
|
let allowlistSatisfied = false;
|
|
let durableApprovalSatisfied = false;
|
|
const inlineEvalHit =
|
|
params.request.strictInlineEval === true
|
|
? detectPolicyInlineEval(baseAllowlistEval.segments)
|
|
: null;
|
|
if (inlineEvalHit) {
|
|
params.request.warnings.push(
|
|
`Warning: strict inline-eval mode requires explicit approval for ${describeInterpreterInlineEval(
|
|
inlineEvalHit,
|
|
)}.`,
|
|
);
|
|
}
|
|
if ((params.hostAsk === "always" || params.hostSecurity === "allowlist") && analysisOk) {
|
|
try {
|
|
const approvalsSnapshot = await callGatewayTool<{ file: string }>(
|
|
"exec.approvals.node.get",
|
|
{ timeoutMs: 10_000 },
|
|
{ nodeId: params.target.nodeId },
|
|
);
|
|
const approvalsFile =
|
|
approvalsSnapshot && typeof approvalsSnapshot === "object"
|
|
? approvalsSnapshot.file
|
|
: undefined;
|
|
if (approvalsFile && typeof approvalsFile === "object") {
|
|
const resolved = resolveExecApprovalsFromFile({
|
|
file: approvalsFile as ExecApprovalsFile,
|
|
agentId: params.request.agentId,
|
|
overrides: { security: "full" },
|
|
});
|
|
// Allowlist-only precheck; safe bins are node-local and may diverge.
|
|
const allowlistEval = evaluateShellAllowlist({
|
|
command: params.request.command,
|
|
allowlist: resolved.allowlist,
|
|
safeBins: new Set(),
|
|
cwd: params.request.workdir,
|
|
env: params.request.env,
|
|
platform: params.target.platform,
|
|
trustedSafeBinDirs: params.request.trustedSafeBinDirs,
|
|
});
|
|
durableApprovalSatisfied = hasDurableExecApproval({
|
|
analysisOk: allowlistEval.analysisOk,
|
|
segmentAllowlistEntries: allowlistEval.segmentAllowlistEntries,
|
|
allowlist: resolved.allowlist,
|
|
commandText: params.prepared.rawCommand,
|
|
});
|
|
allowlistSatisfied = allowlistEval.allowlistSatisfied;
|
|
analysisOk = allowlistEval.analysisOk;
|
|
}
|
|
} catch {
|
|
// Fall back to requiring approval if node approvals cannot be fetched.
|
|
}
|
|
}
|
|
return {
|
|
analysisOk,
|
|
allowlistSatisfied,
|
|
durableApprovalSatisfied,
|
|
inlineEvalHit,
|
|
};
|
|
}
|