mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-31 11:38:34 +00:00
04c2982535
* fix(msteams): rebase SDK migration onto current main Reapply the msteams SDK migration (originally on feat/msteams-sdk-migration) on top of upstream/main, resolving conflicts with parallel msteams work that landed upstream during our session. What got applied vs decisions made: CLEANLY APPLIED (3-way patch): - monitor.ts, monitor-handler.ts, polls.ts, reply-stream-controller.ts/.test.ts, reply-dispatcher.ts, attachments/download.ts, monitor.lifecycle.test.ts, monitor-handler/message-handler.ts, monitor-handler.types.ts, etc. - streaming-message.ts + .test.ts deletions WHOLESALE TAKE FROM ORIGINAL BRANCH (partial 3-way left broken cross-refs): - sdk.ts, sdk.test.ts, messenger.ts, feedback-reflection.ts, send-context.ts, send.test.ts KEPT UPSTREAM (deferred for separate cleanup): - extensions/msteams/package.json (still has jsonwebtoken/jwks-rsa per Peter'sb3bc60ae25incremental approach) - src/plugins/contracts/package-manifest.contract.test.ts (consistent with package.json) - pnpm-lock.yaml (avoids lockfile churn; pnpm install --frozen-lockfile clean) ADAPTED: - Dockerfile matrix-sdk-crypto check now wraps upstream's new retry-loop in the if-matrix-bundled gate KNOWN TEST FAILURES (need eyes — see PR comment): - attachments.test.ts: 1 fail (pre-existing — warn meta arg shape changed in our migration but test wasn't updated) - reply-dispatcher.test.ts: 6 fails (pre-existing — tests mock old TeamsHttpStream, not updated for our ctx.stream rewrite) - send.test.ts: 4 fails (NEW from merge — upstream's send.ts changed media loading; our mocks need updating or take upstream's send.test.ts wholesale) UPSTREAM COMMITS POTENTIALLY MISSED (in wholesale-take files): -08c4af0ddffix(msteams): accept conversation id allowlists -e1840b8581fix(msteams): bind global audience tokens to app id - Channels turn-kernel refactor (ffe67e9cdc/1ead1b2d18/9a9cd0c0ab) — may be partially preserved in cleanly-patched files Static checks pass: pnpm check:changed is green (typecheck, lint, contract tests, import cycles, etc.). Manual testing required before merge. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(msteams): preserve thread routing for channel and group-chat replies - monitor.ts: adaptSdkContext now uses ctx.reply() for channel and groupChat conversations (so the SDK threads outbound activities to the inbound's replyToId/serviceUrl) and ctx.send() only for personal DMs (where reply()'s blockquote-prepend is ugly). - messenger.ts: sendProactively passes resolvedThreadId on the non-thread fallback path so channel @mentions that fall through outbound.ts -> send.ts still land in the original thread instead of top-level. Live-validated: channel @mention -> bot replies in thread, threaded reply -> bot replies in same thread, no top-level leakage. * fix(msteams): tag outbound SDK calls with OpenClaw User-Agent - user-agent.ts: add buildOpenClawUserAgentFragment() that returns just 'OpenClaw/<version>'. The SDK's Client.clone merges this with its own 'teams.ts[apps]/<sdk-version>' identifier — passing the full buildUserAgent() here would double-print the SDK token. - sdk.ts: pass the fragment via AppOptions.client.headers['User-Agent'] so the Teams backend can identify OpenClaw traffic for usage telemetry. Final UA looks like 'OpenClaw/<openclaw-version> teams.ts[apps]/<sdk-version>'. * fix(msteams): handle StreamCancelledError when user presses Stop mid-stream The new SDK throws StreamCancelledError synchronously from stream.emit/update when the user pressed Stop in Teams: Teams replies 403 to the next chunk update, the SDK flips _canceled, and any subsequent emit() throws. The old custom TeamsHttpStream either swallowed cancel or didn't expose this exception type, so the migration inherited an SDK behavior the original code didn't have to handle. Symptom on 2026-05-05: pressing Stop during a streaming reply caused an unhandled promise rejection that crashed the Node 24 process. Docker restarted the gateway about two minutes after each Stop click. Two related bugs surfaced once the crash was caught: the would-be block fallback re-delivered the full text as a second message (duplicate after Stop), and the typing-keepalive kept pulsing in Teams for the rest of the agent run because nothing told it to stop. reply-stream-controller.ts: - Wrap stream.update / stream.emit / stream.close in try/catch that swallows StreamCancelledError (matched by .name to dodge tsgo's SDK re-export resolution quirk). Latch a wasCanceled flag so subsequent calls short-circuit even if stream.canceled is stale. - preparePayload() returns undefined when the stream was canceled — the streamed prefix is already visible to the user, so dropping the payload prevents a duplicate block message from overriding the cancel intent. reply-dispatcher.ts: - Typing-keepalive gate now also checks streamController.wasCanceled() so typing pulses stop firing once Stop is observed. Otherwise the bot keeps pulsing for the rest of the (uncancellable) agent run. reply-stream-controller.test.ts: - 6 new regression tests cover: cancel-during-emit (the crash scenario), cancel-during-update, cancel-during-finalize, non-cancel error propagation, post-cancel inactivity, and dropped-payload-on-cancel. Live-validated: long streaming reply + Stop mid-stream -> stream freezes, no duplicate message, no zombie typing, container stays healthy. * fix(msteams): allow Bearer-token retry on Skype CDN attachment downloads Teams puts inline DM images and clipboard-pasted images on *.asm.skype.com URLs (e.g. us-api.asm.skype.com/v1/objects/<id>/views/imgo). The download path in attachments/download.ts already does a plain GET first and falls back to a Bearer-token retry on 401/403 — but the retry was gated on the URL being in DEFAULT_MEDIA_AUTH_HOST_ALLOWLIST. asm.skype.com hosts were in DEFAULT_MEDIA_HOST_ALLOWLIST (download permitted) but not in the auth-host list, so a 401 plain-GET response skipped the retry and surfaced as a missing image to the agent. Add asm.skype.com and ams.skype.com to the auth allowlist so openclaw attempts the Bearer-token retry consistently, matching how it treats the other CDN/Bot-Framework hosts already in the list. Note: this does not unblock all clipboard-pasted DM images — for at least some tenants asm.skype.com rejects the Bot Framework token (returns 401 even with auth). Routing those URLs through <serviceUrl>/v3/attachments/... the way #62219 already handles HTML-wrapped attachments is a separate follow-up. The +button 'Upload from this device' path works today because Teams generates an attachment with an HTML wrapper that triggers the existing BF v3 attachments fallback in monitor-handler/inbound-media.ts. * fix(msteams): align docker-compose msteams port default with plugin default The plugin defaults webhook.port to 3978 (the Bot Framework standard used in Microsoft samples) and listens on whatever the operator sets there. The docker-compose.yml port mapping was exposing ${OPENCLAW_MSTEAMS_PORT:-3000}:3000 which only works for operators who explicitly set webhook.port to 3000. Default-config users would have the plugin listening on 3978 inside the container while compose forwarded 3000, causing connection refused. Realign to ${OPENCLAW_MSTEAMS_PORT:-3978}:3978 so a default-config docker compose up Just Works with Teams. Operators wanting a custom port override both webhook.port in openclaw.json and OPENCLAW_MSTEAMS_PORT env var. * fix(msteams): post-rebase reconciliation with main Three follow-ups after rebasing the SDK migration onto current main: - reply-dispatcher.ts: rename createChannelReplyPipeline to its post-rebase identifier createChannelMessageReplyPipeline (the plugin-sdk barrel renamed it during the 1454-commit rebase window). - reply-dispatcher.ts: tighten the typing-keepalive onStartError signature to (err: unknown) to satisfy upstream's stricter type checks. - messenger.ts: drop the unconditional thread suffix on the bottom proactive fallback. The previous behavior threaded all top-level proactive sends when the stored ref had a threadId, which contradicts replyStyle='top-level' semantics (and breaks the new upstream test). Threading on the proactive path is preserved where it matters — the onRevoked branch within replyStyle==='thread' still passes resolvedThreadId, which is the original #55198 fix path. - attachments.test.ts: update the warn-call assertion to match the migration's inline message format (host=... error=...) — the structured meta object was being dropped by the logger formatter pre-migration. * feat(msteams): port streaming preview/progress features to ctx.stream While the SDK migration was open, upstream landed preview/progress/draft streaming features built on the OLD custom TeamsHttpStream class (which the migration deletes). This commit ports the user-visible parts of those features onto the new ctx.stream substrate so the migration doesn't lose ground: - pickInformativeStatusText: reads custom labels from msteams.streaming.progressDraft config via resolveChannelProgressDraftLabel. Falls back to the plugin-sdk default rotation. Pre-rebase used a hardcoded 4-string array. - streamMode resolution: "partial" (default, per-token streaming), "progress" (no tokens; preview card carries informative label that updates as tools run), or "block" (no native streaming). Mode is read from cfg.channels.msteams.streaming.preview. - progress-draft gate: createChannelProgressDraftGate gates informative updates so the rotating label only starts firing once meaningful work has begun (avoids flicker before the first tool call). - noteProgressWork() / pushProgressLine(): public methods on the controller for callers (typing keepalive ticks, tool-event callbacks) to signal work. pushProgressLine appends tool names as bullets above the rotating label when streaming.previewToolProgress is enabled. Wiring these into actual tool events is a separate follow-up. - preparePayload progress-mode path: when stream is active but no tokens streamed (progress mode) and a final text payload arrives, emit the text into the stream so the preview card transitions in place to the final reply on close(). reply-dispatcher: pass log + msteamsConfig + a stable progressSeed (${accountId}:${conversation.id}) to createTeamsReplyStreamController so the informative-label rotation is consistent across reconnects. What's NOT ported and why: - Live-edit-via-replaceInformativeWithFinal: the SDK's HttpStream natively accumulates emitted text + entities + channelData and flushes ONE final activity at close() using the same activity id as the preview. So the separate "replace informative with final" call from upstream is unnecessary — we get live-finalization for free via the SDK's design. - pushProgressLine triggers from tool events: needs reply-pipeline-side callbacks the new SDK migration didn't surface yet. Follow-up. Tests: existing 22 reply-stream-controller tests still pass (the new behaviors are additive). * feat(msteams): wire pipeline tool events to streaming progress + fix test debt Two follow-ups from yesterday's stopping point: 1. Wire pipeline events into the stream controller's progress-draft surface. reply-dispatcher's replyOptions now exposes onReasoningStream, onToolStart, onItemEvent, onPlanUpdate, onApprovalEvent, onCommandOutput callbacks that format each event via the channel-streaming helpers and route through streamController.pushProgressLine(). Mirrors the discord adapter's wiring. Also: - resolveChannelStreamingPreviewToolProgress + ...SuppressDefaultTool... so the dispatcher exposes suppressDefaultToolProgressMessages on its replyOptions when progress mode is on. - Switch disableBlockStreaming resolution to the channel-streaming helpers (resolveChannelPreviewStreamMode + resolveChannelStreamingBlockEnabled) so streaming.mode='block' and streaming.block.enabled=true are honored alongside the legacy blockStreaming boolean. 2. Fix the test debt that the rebase exposed: - reply-dispatcher.test.ts: drop the streamInstances + TeamsHttpStream mock pattern (file deleted by migration); replace with a streamMock provided via context.stream that mirrors the SDK's IStreamer shape (update/emit/close/canceled). Update assertions on sendInformativeUpdate -> stream.update, stream.update -> stream.emit. Drop the resumes-typing-between-segments test (no equivalent in the new ctx.stream model — the SDK's HttpStream doesn't have a 'between segments' notion; close ends the stream). - send.test.ts: fix two stale mock targets — loadOutboundMediaFromUrl comes from openclaw/plugin-sdk/outbound-media (not /msteams), and resolveMarkdownTableMode comes from openclaw/plugin-sdk/markdown-table-runtime (not /config-runtime). The previous mock paths were no-ops post-migration. All 854 msteams tests now pass (was 17 failing in 4 files yesterday). * fix(msteams): SDK streaming delta + use app.reply for proactive thread sends Two narrow regressions exposed by the @microsoft/teams.apps migration: - The SDK's HttpStream.emit appends each chunk to its internal buffer (`this.text += activity.text`), but the channel reply pipeline emits cumulative text on each chunk. Forwarding cumulative text into an appending sink produced "chunk1 + chunk1chunk2 + chunk1chunk2chunk3..." duplication for streamed (DM) replies. Track the emitted prefix length in the stream controller and only forward the new tail. - Replace the manual `${convId};messageid=${msgId}` URL construction in the proactive thread fallback with `app.reply()`, which builds the threaded conversation id via the SDK's own toThreadedConversationId helper. Mechanically equivalent today; removes coupling to Teams' URL format and tracks any future SDK changes. Also adds the `reply` method to the structural MSTeamsApp type so the refactor typechecks without casts. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore(msteams): bump @microsoft/teams.api and teams.apps to 2.0.10 2.0.10 adds support for the AAD v1 token issuer that the Bot Framework JWT validator needs. The minor version bump pulls teams.cards / common / graph along to 2.0.10 too. Add `@microsoft/teams.*` to `minimumReleaseAgeExclude` in pnpm-workspace.yaml because 2.0.10 was published <48h ago and the default `minimumReleaseAge: 2880` (~2 days) would otherwise reject it. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * revert(msteams): remove asm.skype.com auth-host allowlist additions These hosts were added indfc169d31dfor inline DM image auth-retry, but the commit's own footnote acknowledges it doesn't actually unblock clipboard-pasted images (asm.skype.com rejects Bot Framework tokens in at least some tenants). The change is unrelated to the SDK migration and the user-visible bug it claimed to fix isn't fixed; lifting it out keeps this PR focused on the migration. Will land as a separate PR if the auth-allowlist consistency improvement is wanted on its own. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * refactor(msteams): typed ExpressAdapter helper, drop unknown-cast pyramid The monitor's SDK bootstrap had an awkward chain: httpServerAdapter: new ( (await import("@microsoft/teams.apps")) as unknown as { ExpressAdapter: new (app: unknown) => unknown; } ).ExpressAdapter(expressApp) as never, Three casts (`unknown`, structural shape literal, `never`) were a defensive workaround from when the SDK's hashed d.ts files tripped up tsgo. With the SDK's exports now resolving cleanly, the same import can be done with full types. - Extend the lazy `loadSdkModules()` cache to include `ExpressAdapter` alongside `App` so the dynamic import is shared. - Add `createMSTeamsExpressAdapter(serverOrApp)` helper in `sdk.ts` that encapsulates the lazy import and returns a properly-typed adapter instance. - Replace `httpServerAdapter`'s structural shape on `CreateMSTeamsAppOptions` with the SDK's own `IHttpServerAdapter` interface (re-exported from `@microsoft/teams.apps`). The call site in `monitor.ts` becomes a single typed call with no `any`, no `unknown`, no `as never`. The lazy-load behavior is preserved: nothing imports `@microsoft/teams.apps` at module load time. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(msteams): unbreak tsgo:extensions on the ExpressAdapter helper CI's check-prod-types failed because the previous commit's typed helper used `typeof import("@microsoft/teams.apps").ExpressAdapter`, which tsc/tsgo's NodeNext resolution can't follow through the SDK's chained `export *` barrel: @microsoft/teams.apps/dist/index.d.ts: export * from "./http"; // folder with index.d.ts export * from "./app"; // single .d.ts file The folder re-export drops `ExpressAdapter` and `IHttpServerAdapter` from the namespace shape under `tsconfig.extensions.json` (passes under the per-extension `tsconfig.json` because of inherited `paths`). Same root cause as why we already model `MSTeamsApp` structurally (line 47 comment). Switch the ExpressAdapter side to the same structural-shape pattern: - Define `MSTeamsHttpServerAdapter` and `MSTeamsExpressAdapterCtor` locally. - Cast `m.ExpressAdapter` once inside `loadSdkModules` (the runtime export is fine; only the type surface is hidden). - `httpServerAdapter` on `CreateMSTeamsAppOptions` and the return type of `createMSTeamsExpressAdapter` use the local structural type. Net result: the call site in `monitor.ts` stays the cast-free single line the previous commit landed; the one remaining cast is confined to the SDK-loading helper with an explanatory comment. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore(msteams): drop unused jsonwebtoken/jwks-rsa deps The SDK migration removed all `import "jsonwebtoken"` / `import "jwks-rsa"` from source code (the SDK does JWT validation internally now), but the package.json entries and the matching `package-manifest.contract.test.ts` expectation were left orphaned. Drop both: - `extensions/msteams/package.json`: remove `jsonwebtoken` (^9), `jwks-rsa` (^4) from `dependencies` and `@types/jsonwebtoken` from `devDependencies`. - `src/plugins/contracts/package-manifest.contract.test.ts`: remove the two entries from msteams's `pluginLocalRuntimeDeps` expectation. - `monitor.lifecycle.test.ts`: extend the `./sdk.js` mock with the `createMSTeamsExpressAdapter` export added in the typed-helper cleanup, so the lifecycle suite still mounts after the deps drop. Lockfile regenerates accordingly. All msteams tests (865) pass. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore(msteams): drop unused @microsoft/teams.api direct dep CI's deadcode:dependencies (knip) flagged @microsoft/teams.api as unused in extensions/msteams. The plugin source uses structural type aliases (MSTeamsActivityParams, MSTeamsActivityLike, etc.) to dodge tsgo resolution bugs with teams.api's hashed d.ts files, so it never imports teams.api directly. The package is brought in transitively via @microsoft/teams.apps; the only other reference is probe.test.ts's vi.mock("@microsoft/teams.api"), which works on the import-path string and doesn't require a direct dep declaration. Lockfile regenerates accordingly. tsgo:extensions, knip, and all 865 msteams tests pass. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(msteams): clear three CI gate failures (lint, contract, deprecated config API) Three CI checks flagged on the latest run; all three are msteams-local and unrelated to one another: - **check-lint** / **check-additional-extension-bundled**: `oxlint` flagged a redundant `as string[]` assertion in `reply-dispatcher.ts:431`. The preceding `every((s: unknown) => typeof s === "string")` already narrows the array type, so the cast does nothing. Drop it. - **checks-fast-contracts-plugins-c**: the `package-manifest.contract.test.ts` `pluginLocalRuntimeDeps` for msteams still expected `@microsoft/teams.api`, but the deadcode cleanup commit (8f4050f51a) dropped it from `extensions/msteams/package.json`. Remove it from the contract test too — `teams.api` is only present transitively via `teams.apps`, which is the reason knip flagged it. - **check-additional-runtime-topology-architecture**: the deprecated internal config API guard caught `messenger.ts:223` calling `getMSTeamsRuntime().config.loadConfig()`. Switch to `config.current()` to match the pattern used by phone-control, synology-chat, and matrix. Pre-existing failures on this run that are NOT msteams-related and not caused by this PR: `check-test-types` (errors in `src/agents/openai-transport-stream.test.ts` and `pi-embedded-runner/openai-stream-wrappers.test.ts`) and `macos-swift` (`hoistAwait` in `MacNodeRuntime.swift`). Leaving those for upstream. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(msteams): cast config.current() return to OpenClawConfig The previous commit switched `messenger.ts:223` from the deprecated `config.loadConfig()` to `config.current()` to satisfy the architecture guard, but `config.current()` returns a deeply-readonly type that's not assignable to the `Partial<OpenClawConfig>` parameter `resolveMarkdownTableMode` expects (a mutable type from the SDK contract). Phone-control, synology-chat, and matrix all cast at this seam — adopt the same pattern. Verified locally: tsgo:core, tsgo:extensions, check:architecture, and test:extensions:package-boundary:compile all pass. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(msteams): address PR review — pre-auth body limit, allowlist log level, /api/messages forwarder, narrow release-age exclude Four narrow fixes from the PR review (BradGroux + clawsweeper bot + galiniliev's plan), each its own concern: - **pre-auth-body-limit** (monitor.ts) — install `express.json({ limit: DEFAULT_WEBHOOK_MAX_BODY_BYTES })` before the bearer-presence gate and SDK route. Express memoizes the parsed body on the request, so the SDK's later `json()` becomes a no-op and our limit applies before any handler parses bodies. Closes the gap where a `Bearer garbage`-shaped attacker could force unbounded JSON parsing before token validation. - **allowlist-error-logging** (monitor.ts) — restore main's `runtime.error` level for the `msteams resolve failed` catch (was downgraded to `runtime.log` mid-merge). Graph allowlist resolution failures are security-relevant; they need to surface to operators. - **legacy-messages-route** (monitor.ts) — when `webhook.path` is set to a custom value, also accept POSTs on the legacy `/api/messages` path with a one-time deprecation warning, then re-enter the Express middleware chain on the configured path. Keeps existing Azure Bot registrations working through the transition. Cast-free (`expressApp(req, res, next)` works because `Application extends IRouter extends RequestHandler`). - **release-age-scope** (pnpm-workspace.yaml) — narrow `@microsoft/teams.*` glob to the single direct dep `@microsoft/teams.apps`. Future scoped packages no longer get a freshness-guard pass. Tests + checks: msteams suite (867), tsgo:core, tsgo:extensions, tsgo:test, lint:extensions, check:architecture, knip --dependencies, package-manifest contract, all green. Still pending from the review (separate commits): - auth-coverage-tests (Brad #1 + comment) — tests proving the SDK accepts `aud=<bot app id>` and rejects `aud=api.botframework.com`. - invoke-response-handling (Brad #2, codex P2) — file-consent invoke ack must return through the SDK invoke handler, not `ctx.sendActivity`. - stream-failure-fallback (codex P2, galin F5) — `streamFailed` latch so partial streams fall back to block delivery on non-cancel errors. - serviceurl-routing (Brad #4, codex P2) — proposed rebuttal pending empirical confirmation that `smba.trafficmanager.net/teams` routes to non-default-region conversations. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * test(msteams): lock SDK auth contract — aud + v1/v2 issuer coverage Adds extensions/msteams/src/auth-coverage.test.ts driving ServiceTokenValidator and createEntraTokenValidator directly with jose-minted RS256 tokens against an in-memory JWKS (via JwksClient.prototype patch). Locks in the three contract cases @BradGroux flagged on #76262: aud=<bot app id> accepted, aud=api.botframework.com rejected even when appid/azp match, and v1/v2 issuers accepted for allowed tenant (disallowed tenant rejected). Drops a stale ambient module declaration in src/types/microsoft-teams-sdk.d.ts that was shadowing the SDK's real jwt-validator types with a long-renamed createServiceTokenValidator surface. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(msteams): route file-consent invokes through typed app.on, drop broken invokeResponse send Brad #2 / codex #4 on PR #76262 — `ctx.sendActivity({ type: "invokeResponse", ... })` no longer reaches Teams as an HTTP InvokeResponse on the new SDK; it becomes an outbound Bot Framework activity instead. Move file-consent accept/decline to typed `app.on("file.consent.accept|decline", ...)` handlers. The SDK's typed-route layer wraps a void return into `{ status: 200 }` (`app.process.js:130`), so the manual ack disappears. While in here, type `MSTeamsApp.on` properly. Borrowing the SDK's `App.on` directly fails because that function carries a `this: App<TPlugin>` constraint our structural alias can't satisfy, so we model an equivalent generic over `IRoutes` with route-specific overloads (`card.action`, `file.consent.*`, `activity`). The overloads work around a tsgo bug — the `@microsoft/teams.api` `Activity` discriminated union collapses to `any`, turning `ActivityRoutes` into a `[string]: RouteHandler<X, void>` index signature that swallows every typed `Out` not already void-compatible (card.action returns `AdaptiveCardActionResponse`; the others happen to include `void`). Real tsc resolves cleanly. Linked upstream: https://github.com/microsoft/typescript-go/issues/1057. Other cleanups: - Cast-free call sites for `adaptSdkContext` (now returns `MSTeamsTurnContext` instead of `unknown`). - card.action error responses include `innerHttpError` per the SDK's `HttpError` shape requirement. - Activity catch-all also skips `fileConsent/invoke` now that it's typed-routed (parallel to the existing `adaptiveCard/action` skip). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(msteams): route SSO sign-in invokes through typed app.on, drop broken invokeResponse send Brad #2 / codex #4 on PR #76262, SSO half. Continue the typed-route migration: `signin/tokenExchange` and `signin/verifyState` now register via `app.on("signin.token-exchange" | "signin.verify-state", ...)`. Per the SDK's router, registering a user route with the same name as a system route removes the system default — so the SDK's built-in handlers (which would call `api.users.token.exchange` themselves and emit a `signin` event nobody currently subscribes to) are silenced, and only ours runs. The SDK wraps a void return into the HTTP 200 InvokeResponse, so the legacy `ctx.sendActivity({ type: "invokeResponse", ... })` ack — broken on the new SDK because it becomes an outbound BF activity instead of the HTTP response — is gone. The handler body is extracted from the activity-catch-all dispatch in `monitor-handler.ts` to a new `signin-invoke.ts`, parallel to `file-consent-invoke.ts`. `isSigninInvokeAuthorized` is now exported from `monitor-handler.ts` so the new handler can reuse it. The activity catch-all skips the SSO invoke names alongside the existing skips for `adaptiveCard/action` and `fileConsent/invoke`. `MSTeamsAppOn` overloads now cover the two SSO routes with their typed ctx (`ISignInTokenExchangeInvokeActivity` / `ISignInVerifyStateInvokeActivity`). Tests in `monitor-handler.sso.test.ts` were rewritten to call the extracted handler directly — the `registered.run(ctx)` shape no longer covers SSO, and the `expect(ctx.sendActivity).toHaveBeenCalledWith({ type: "invokeResponse" })` assertions were dropped to match the new contract (the SDK ack happens via the typed-route return value). Note on overlap with #77784 (Stefan Stüben, Microsoft): that PR is doing a much bigger SSO rework (sign-in card / sign-in-link / six-digit-code fallbacks plus a `ctx.auth` plumbed to plugin tools). This change is the small migration-correctness fix and is structured so #77784's SSO body changes drop into the typed-route registrations cleanly on rebase. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(msteams): route message-submit (feedback) invokes through typed app.on Last invoke off the activity catch-all dispatch. `message/submitAction` (thumbs up/down on AI-generated messages) now registers via `app.on("message.submit", ...)`. Same shape as file-consent and SSO: handler body extracted to a new `feedback-invoke.ts`, the SDK wraps a void return into the HTTP 200 InvokeResponse, the broken `ctx.sendActivity({ type: "invokeResponse", ... })` line is gone, and the activity catch-all skips this invoke name alongside the others. `isFeedbackInvokeAuthorized` is exported from `monitor-handler.ts` so `feedback-invoke.ts` can reuse it. Tests in `monitor-handler.feedback-authz.test.ts` were rewritten to call the extracted handler directly — the old `handler.run(ctx)` shape no longer intercepts feedback, and `originalRun` was removed because the typed route is the dispatch point now. `MSTeamsAppOn` overload added with the typed `IMessageSubmitActionInvokeActivity` ctx, slotted between the SSO overloads and the `activity` catch-all so `activity` stays last. This leaves only `message`, `conversationUpdate`, and `messageReaction` flowing through `app.on("activity", ...)` → `handler.run`. Promoting those is the path to deleting the catch-all entirely. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(msteams): fall back to block delivery when partial-mode stream fails mid-flight codex #5 / Galin F5 on PR #76262. `reply-stream-controller.ts` previously re-threw any non-cancel error from `stream.emit` during partial streaming and from `stream.emit`/`stream.close` during finalize. Combined with `preparePayload` suppressing block delivery once `tokensEmitted` was true, that meant a network blip or API error mid-stream produced a truncated reply with no recovery — the user saw the prefix that made it through and nothing else. Add a `streamFailed` latch parallel to `canceledLocally` / `tokensEmitted`: - `onPartialReply`: catch non-cancel errors, set `streamFailed = true`, log a warn, don't propagate (the pipeline must keep running so `preparePayload` can decide). - `preparePayload`: when `tokensEmitted && streamFailed`, fall through to block delivery instead of suppressing. The user may see a duplicate (streamed prefix + full block reply); intentional — matches the pre-migration `TeamsHttpStream.hasContent` recovery and is better than truncated-only. - `finalize`: same latch + warn on non-cancel close failure, swallow rather than throw. The streamed content already reached the user; the closing activity (AI-Generated marker, feedback channelData) is the only loss, not worth blowing up the dispatcher. - `isStreamActive` returns false once the stream has failed. New tests cover crash-mid-stream after tokens were emitted (assert block delivery payload is returned), happy-path no-duplicate behavior (assert `preparePayload` still suppresses when nothing failed), and finalize close-failure (assert no throw). The pre-existing "re-throws non-cancel" test was inverted to assert non-throwing latch behavior. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(msteams): declare @microsoft/teams.api as a runtime dependency Type-only `import("@microsoft/teams.api/dist/...").TypeName` references in `sdk.ts` (added when typed `MSTeamsApp.on` overloads were introduced) are picked up by the `extension-runtime-dependencies` contract test as genuine runtime imports. Declaring `@microsoft/teams.api` as a direct dep makes the contract pass; the package was already coming in transitively via `@microsoft/teams.apps`. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(msteams): keep SSO on SDK signin routes * test(msteams): avoid redundant signin handler assertion * docs(msteams): clarify Teams cloud support * fix(msteams): use current SDK string helper * fix(msteams): gate SDK invoke side effects * test(msteams): avoid implicit any in lifecycle tests * fix(msteams): preserve SDK user agent and matrix check * fix(msteams): expose SDK common dependency * fix(msteams): use SDK user agent merge * fix(msteams): fall back when stream close no-ops * chore(msteams): drop unrelated merge artifacts * chore(msteams): restore unrelated main files * chore(msteams): restore unrelated main files * chore(msteams): restore unrelated main files * test(msteams): type stream close mock result * fix(msteams): configure Teams cloud service URL * chore(msteams): refresh shrinkwrap * chore(deps): refresh shrinkwrap locks * chore(ci): rerun guards after main sync * chore(deps): refresh shrinkwrap for node 24 * chore(config): refresh docs baseline * fix(msteams): preserve Teams SDK proactive references * fix(msteams): harden SDK proactive sends * fix(msteams): align service url contract * test: fix bonjour beacon type narrowing * fix(msteams): ignore ambient service url * fix(msteams): fall through submit invokes * test: align shrinkwrap override policy with Teams SDK deps * fix(msteams): ack invoke routes promptly * fix(msteams): support china cloud boundaries * test: sync PR with current CI gates * test: isolate channel setup registry metadata --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Peter Steinberger <steipete@gmail.com>
1206 lines
40 KiB
JavaScript
1206 lines
40 KiB
JavaScript
#!/usr/bin/env node
|
|
// Normalizes package-acceptance inputs into the tarball shape consumed by Docker E2E.
|
|
import { spawn } from "node:child_process";
|
|
import { createHash } from "node:crypto";
|
|
import { lookup as dnsLookupCb } from "node:dns";
|
|
import { lookup as dnsLookup } from "node:dns/promises";
|
|
import { createWriteStream } from "node:fs";
|
|
import fs from "node:fs/promises";
|
|
import { request as httpsRequest } from "node:https";
|
|
import { isIP } from "node:net";
|
|
import os from "node:os";
|
|
import path from "node:path";
|
|
import { pipeline } from "node:stream/promises";
|
|
import { fileURLToPath } from "node:url";
|
|
import { resolveNpmRunner } from "./npm-runner.mjs";
|
|
|
|
const ROOT_DIR = path.resolve(path.dirname(fileURLToPath(import.meta.url)), "..");
|
|
const DEFAULT_OUTPUT_NAME = "openclaw-current.tgz";
|
|
const PACKAGE_URL_DOWNLOAD_TIMEOUT_MS = 60_000;
|
|
const PACKAGE_URL_MAX_BYTES = 250 * 1024 * 1024;
|
|
const PACKAGE_URL_MAX_REDIRECTS = 5;
|
|
const COMMAND_STDOUT_CAPTURE_MAX_CHARS = 8 * 1024 * 1024;
|
|
const COMMAND_STDERR_CAPTURE_MAX_CHARS = 128 * 1024;
|
|
const TRUSTED_PACKAGE_SOURCE_POLICY = ".github/package-trusted-sources.json";
|
|
const TRUSTED_PACKAGE_SOURCE_TOKEN_ENV = "OPENCLAW_TRUSTED_PACKAGE_TOKEN";
|
|
const BLOCKED_PACKAGE_HOSTNAMES = new Set([
|
|
"localhost",
|
|
"localhost.localdomain",
|
|
"metadata.google.internal",
|
|
]);
|
|
export const OPENCLAW_PACKAGE_SPEC_RE =
|
|
/^openclaw@(alpha|beta|latest|[0-9]{4}\.[1-9][0-9]*\.[1-9][0-9]*(-[1-9][0-9]*|-(alpha|beta)\.[1-9][0-9]*)?)$/u;
|
|
|
|
function usage() {
|
|
return `Usage: node scripts/resolve-openclaw-package-candidate.mjs --source <ref|npm|url|trusted-url|artifact> --output-dir <dir> [options]
|
|
|
|
Options:
|
|
--package-spec <spec> Published npm spec for source=npm.
|
|
--package-ref <ref> Trusted repo ref for source=ref.
|
|
--package-url <url> HTTPS tarball URL for source=url or source=trusted-url.
|
|
--package-sha256 <sha256> Expected tarball SHA-256 for source=url, source=trusted-url, or source=artifact.
|
|
--trusted-source-id <id> Named trusted URL policy for source=trusted-url.
|
|
--trusted-source-policy <file>
|
|
Repo-controlled trusted URL source policy. Default: ${TRUSTED_PACKAGE_SOURCE_POLICY}
|
|
--artifact-dir <dir> Directory containing exactly one .tgz for source=artifact.
|
|
--output-name <name> Output tarball filename. Default: ${DEFAULT_OUTPUT_NAME}
|
|
--metadata <file> Write package metadata JSON.
|
|
--github-output <file> Append tarball, sha256, package name/version outputs.`;
|
|
}
|
|
|
|
export function parseArgs(argv) {
|
|
const options = {
|
|
artifactDir: "",
|
|
githubOutput: "",
|
|
metadata: "",
|
|
outputDir: "",
|
|
outputName: DEFAULT_OUTPUT_NAME,
|
|
packageRef: "",
|
|
packageSha256: "",
|
|
packageSpec: "",
|
|
packageUrl: "",
|
|
source: "",
|
|
trustedSourceId: "",
|
|
trustedSourcePolicy: TRUSTED_PACKAGE_SOURCE_POLICY,
|
|
};
|
|
for (let index = 0; index < argv.length; index += 1) {
|
|
const arg = argv[index];
|
|
const readValue = (name) => {
|
|
const value = argv[(index += 1)];
|
|
if (value === undefined) {
|
|
throw new Error(`${name} requires a value`);
|
|
}
|
|
return value;
|
|
};
|
|
if (arg === "--artifact-dir") {
|
|
options.artifactDir = readValue(arg);
|
|
} else if (arg === "--github-output") {
|
|
options.githubOutput = readValue(arg);
|
|
} else if (arg === "--metadata") {
|
|
options.metadata = readValue(arg);
|
|
} else if (arg === "--output-dir") {
|
|
options.outputDir = readValue(arg);
|
|
} else if (arg === "--output-name") {
|
|
options.outputName = readValue(arg);
|
|
} else if (arg === "--package-sha256") {
|
|
options.packageSha256 = readValue(arg).toLowerCase();
|
|
} else if (arg === "--package-ref") {
|
|
options.packageRef = readValue(arg);
|
|
} else if (arg === "--package-spec") {
|
|
options.packageSpec = readValue(arg);
|
|
} else if (arg === "--package-url") {
|
|
options.packageUrl = readValue(arg);
|
|
} else if (arg === "--source") {
|
|
options.source = readValue(arg);
|
|
} else if (arg === "--trusted-source-id") {
|
|
options.trustedSourceId = readValue(arg);
|
|
} else if (arg === "--trusted-source-policy") {
|
|
options.trustedSourcePolicy = readValue(arg);
|
|
} else if (arg === "--help" || arg === "-h") {
|
|
options.help = true;
|
|
} else {
|
|
throw new Error(`unknown argument: ${arg}`);
|
|
}
|
|
}
|
|
return options;
|
|
}
|
|
|
|
export function validateOpenClawPackageSpec(spec) {
|
|
if (!OPENCLAW_PACKAGE_SPEC_RE.test(spec)) {
|
|
throw new Error(
|
|
`package_spec must be openclaw@alpha, openclaw@beta, openclaw@latest, or an exact OpenClaw release version; got: ${spec}`,
|
|
);
|
|
}
|
|
}
|
|
|
|
export function resolveNpmPackageCandidatePackRunner(packageSpec, outputDir, params = {}) {
|
|
validateOpenClawPackageSpec(packageSpec);
|
|
return resolveNpmRunner({
|
|
comSpec: params.comSpec,
|
|
env: params.env,
|
|
execPath: params.execPath,
|
|
existsSync: params.existsSync,
|
|
npmArgs: ["pack", packageSpec, "--ignore-scripts", "--json", "--pack-destination", outputDir],
|
|
platform: params.platform,
|
|
});
|
|
}
|
|
|
|
function run(command, args, options = {}) {
|
|
return new Promise((resolve, reject) => {
|
|
const spawnOptions = {
|
|
cwd: options.cwd ?? ROOT_DIR,
|
|
stdio: options.capture ? ["ignore", "pipe", "pipe"] : ["ignore", "inherit", "inherit"],
|
|
...(options.env ? { env: options.env } : {}),
|
|
...(options.shell !== undefined ? { shell: options.shell } : {}),
|
|
...(options.windowsVerbatimArguments !== undefined
|
|
? { windowsVerbatimArguments: options.windowsVerbatimArguments }
|
|
: {}),
|
|
};
|
|
const child = spawn(command, args, {
|
|
...spawnOptions,
|
|
});
|
|
let timedOut = false;
|
|
let killTimer;
|
|
const timeout =
|
|
options.timeoutMs === undefined
|
|
? undefined
|
|
: setTimeout(() => {
|
|
timedOut = true;
|
|
child.kill("SIGTERM");
|
|
killTimer = setTimeout(() => child.kill("SIGKILL"), 5_000);
|
|
killTimer.unref?.();
|
|
}, options.timeoutMs);
|
|
timeout?.unref?.();
|
|
let stdout = { text: "", truncatedChars: 0 };
|
|
let stderr = { text: "", truncatedChars: 0 };
|
|
if (options.capture) {
|
|
child.stdout.on("data", (chunk) => {
|
|
stdout = appendBoundedCommandOutput(stdout, chunk, COMMAND_STDOUT_CAPTURE_MAX_CHARS);
|
|
});
|
|
child.stderr.on("data", (chunk) => {
|
|
stderr = appendBoundedCommandOutput(stderr, chunk, COMMAND_STDERR_CAPTURE_MAX_CHARS);
|
|
});
|
|
}
|
|
child.on("error", reject);
|
|
child.on("close", (status, signal) => {
|
|
if (timeout) {
|
|
clearTimeout(timeout);
|
|
}
|
|
if (killTimer) {
|
|
clearTimeout(killTimer);
|
|
}
|
|
if (timedOut) {
|
|
reject(new Error(`${command} ${args.join(" ")} timed out after ${options.timeoutMs}ms`));
|
|
return;
|
|
}
|
|
if (status === 0) {
|
|
if (stdout.truncatedChars > 0) {
|
|
reject(
|
|
new Error(
|
|
`${command} ${args.join(" ")} produced more than ${COMMAND_STDOUT_CAPTURE_MAX_CHARS} captured stdout chars`,
|
|
),
|
|
);
|
|
return;
|
|
}
|
|
resolve(stdout.text);
|
|
return;
|
|
}
|
|
const stderrText = formatCapturedCommandOutput(stderr).trim();
|
|
const detail = stderrText ? `\n${stderrText}` : "";
|
|
reject(new Error(`${command} ${args.join(" ")} failed with ${status ?? signal}${detail}`));
|
|
});
|
|
});
|
|
}
|
|
|
|
function appendBoundedCommandOutput(buffer, chunk, maxChars) {
|
|
const nextText = buffer.text + String(chunk);
|
|
if (nextText.length <= maxChars) {
|
|
return { text: nextText, truncatedChars: buffer.truncatedChars };
|
|
}
|
|
const truncatedChars = buffer.truncatedChars + nextText.length - maxChars;
|
|
return { text: nextText.slice(-maxChars), truncatedChars };
|
|
}
|
|
|
|
function formatCapturedCommandOutput(buffer) {
|
|
if (buffer.truncatedChars === 0) {
|
|
return buffer.text;
|
|
}
|
|
return `[output truncated ${buffer.truncatedChars} chars; showing tail]\n${buffer.text}`;
|
|
}
|
|
|
|
export const runCommandForTest = run;
|
|
|
|
async function walkFiles(dir) {
|
|
const entries = await fs.readdir(dir, { withFileTypes: true });
|
|
const files = [];
|
|
for (const entry of entries) {
|
|
const absolute = path.join(dir, entry.name);
|
|
if (entry.isDirectory()) {
|
|
files.push(...(await walkFiles(absolute)));
|
|
} else if (entry.isFile()) {
|
|
files.push(absolute);
|
|
}
|
|
}
|
|
return files;
|
|
}
|
|
|
|
async function sha256(file) {
|
|
const hash = createHash("sha256");
|
|
const handle = await fs.open(file, "r");
|
|
try {
|
|
for await (const chunk of handle.createReadStream()) {
|
|
hash.update(chunk);
|
|
}
|
|
} finally {
|
|
await handle.close();
|
|
}
|
|
return hash.digest("hex");
|
|
}
|
|
|
|
function assertSha256(value) {
|
|
if (!/^[a-f0-9]{64}$/u.test(value)) {
|
|
throw new Error(`package_sha256 must be a lowercase or uppercase 64-character SHA-256 digest`);
|
|
}
|
|
}
|
|
|
|
async function assertExpectedSha256(file, expected) {
|
|
if (!expected) {
|
|
return await sha256(file);
|
|
}
|
|
assertSha256(expected);
|
|
const actual = await sha256(file);
|
|
if (actual !== expected.toLowerCase()) {
|
|
throw new Error(`package SHA-256 mismatch: expected ${expected}, got ${actual}`);
|
|
}
|
|
return actual;
|
|
}
|
|
|
|
async function findSingleTarball(dir) {
|
|
const files = (await walkFiles(path.resolve(ROOT_DIR, dir)))
|
|
.filter((file) => /\.t(?:ar\.)?gz$/u.test(path.basename(file)))
|
|
.toSorted((a, b) => a.localeCompare(b));
|
|
if (files.length !== 1) {
|
|
throw new Error(
|
|
`source=artifact requires exactly one .tgz under ${dir}; found ${files.length}: ${files.join(", ")}`,
|
|
);
|
|
}
|
|
return files[0];
|
|
}
|
|
|
|
export async function readArtifactPackageCandidateMetadata(dir) {
|
|
const metadataPath = path.join(path.resolve(ROOT_DIR, dir), "package-candidate.json");
|
|
let raw = "";
|
|
try {
|
|
raw = await fs.readFile(metadataPath, "utf8");
|
|
} catch (error) {
|
|
if (error?.code === "ENOENT") {
|
|
return {};
|
|
}
|
|
throw error;
|
|
}
|
|
const parsed = JSON.parse(raw);
|
|
if (parsed == null || typeof parsed !== "object" || Array.isArray(parsed)) {
|
|
throw new Error(`artifact package-candidate.json must contain a JSON object`);
|
|
}
|
|
return parsed;
|
|
}
|
|
|
|
async function revParseTrustedInputRef(ref) {
|
|
const candidates = [ref, `refs/remotes/origin/${ref}`, `refs/tags/${ref}`];
|
|
for (const candidate of candidates) {
|
|
const resolved = await run("git", ["rev-parse", "--verify", `${candidate}^{commit}`], {
|
|
capture: true,
|
|
}).then(
|
|
(value) => value.trim(),
|
|
() => "",
|
|
);
|
|
if (resolved) {
|
|
return resolved;
|
|
}
|
|
}
|
|
throw new Error(`package_ref does not resolve to a commit: ${ref}`);
|
|
}
|
|
|
|
async function resolveTrustedRepoRef(ref) {
|
|
if (!ref || ref.trim() === "" || ref.startsWith("-")) {
|
|
throw new Error(
|
|
`package_ref must be a branch, tag, or full commit SHA; got: ${ref || "<empty>"}`,
|
|
);
|
|
}
|
|
|
|
await run("git", ["fetch", "--no-tags", "origin", "+refs/heads/*:refs/remotes/origin/*"]);
|
|
await run("git", ["fetch", "--tags", "origin", "+refs/tags/*:refs/tags/*"]);
|
|
|
|
const selectedSha = await revParseTrustedInputRef(ref);
|
|
const isMainAncestor = await run("git", [
|
|
"merge-base",
|
|
"--is-ancestor",
|
|
selectedSha,
|
|
"refs/remotes/origin/main",
|
|
]).then(
|
|
() => true,
|
|
() => false,
|
|
);
|
|
if (isMainAncestor) {
|
|
return { selectedSha, trustedReason: "main-ancestor" };
|
|
}
|
|
|
|
const releaseTags = (await run("git", ["tag", "--points-at", selectedSha], { capture: true }))
|
|
.split(/\r?\n/u)
|
|
.map((line) => line.trim())
|
|
.filter(Boolean);
|
|
if (releaseTags.some((tag) => tag.startsWith("v"))) {
|
|
return { selectedSha, trustedReason: "release-tag" };
|
|
}
|
|
|
|
const containingBranches = (
|
|
await run(
|
|
"git",
|
|
[
|
|
"for-each-ref",
|
|
"--format=%(refname:short)",
|
|
"--contains",
|
|
selectedSha,
|
|
"refs/remotes/origin",
|
|
],
|
|
{ capture: true },
|
|
)
|
|
)
|
|
.split(/\r?\n/u)
|
|
.map((line) => line.trim())
|
|
.filter(Boolean);
|
|
if (containingBranches.some((branch) => branch.startsWith("origin/"))) {
|
|
return { selectedSha, trustedReason: "repository-branch-history" };
|
|
}
|
|
|
|
throw new Error(
|
|
`package_ref ${ref} resolved to ${selectedSha}, which is not reachable from an OpenClaw branch or release tag`,
|
|
);
|
|
}
|
|
|
|
async function preparePackageSourceWorktree(ref) {
|
|
const { selectedSha, trustedReason } = await resolveTrustedRepoRef(ref);
|
|
const sourceDir = path.join(
|
|
process.env.RUNNER_TEMP || os.tmpdir(),
|
|
`openclaw-package-source-${process.pid}`,
|
|
);
|
|
await fs.rm(sourceDir, { recursive: true, force: true });
|
|
await run("git", ["worktree", "add", "--detach", sourceDir, selectedSha]);
|
|
return { selectedSha, sourceDir, trustedReason };
|
|
}
|
|
|
|
async function installPackageSourceDeps(sourceDir) {
|
|
await run(
|
|
"pnpm",
|
|
[
|
|
"install",
|
|
"--frozen-lockfile",
|
|
"--ignore-scripts=false",
|
|
"--config.engine-strict=false",
|
|
"--config.enable-pre-post-scripts=true",
|
|
],
|
|
{ cwd: sourceDir },
|
|
);
|
|
}
|
|
|
|
async function moveNewestPackedTarball(outputDir, packOutput, outputName) {
|
|
let filename = "";
|
|
try {
|
|
const parsed = JSON.parse(packOutput);
|
|
if (Array.isArray(parsed)) {
|
|
filename = parsed.find((entry) => typeof entry?.filename === "string")?.filename ?? "";
|
|
}
|
|
} catch {}
|
|
if (!filename) {
|
|
for (const line of packOutput.split(/\r?\n/u)) {
|
|
const trimmed = line.trim();
|
|
if (/^openclaw-.*\.tgz$/u.test(trimmed)) {
|
|
filename = trimmed;
|
|
}
|
|
}
|
|
}
|
|
if (!filename) {
|
|
const entries = await fs.readdir(outputDir);
|
|
filename = entries
|
|
.filter((entry) => /^openclaw-.*\.tgz$/u.test(entry))
|
|
.toSorted((a, b) => a.localeCompare(b))
|
|
.at(-1);
|
|
}
|
|
if (!filename) {
|
|
throw new Error(`npm pack produced no OpenClaw tarball in ${outputDir}`);
|
|
}
|
|
const packed = path.join(outputDir, filename);
|
|
const target = path.join(outputDir, outputName);
|
|
if (packed !== target) {
|
|
await fs.rm(target, { force: true });
|
|
await fs.rename(packed, target);
|
|
}
|
|
return target;
|
|
}
|
|
|
|
function normalizeUrlHostname(hostname) {
|
|
return hostname.replace(/^\[/u, "").replace(/\]$/u, "").replace(/\.+$/u, "").toLowerCase();
|
|
}
|
|
|
|
function parseIpv4(address) {
|
|
const parts = address.split(".");
|
|
if (parts.length !== 4) {
|
|
return null;
|
|
}
|
|
const octets = parts.map((part) => Number(part));
|
|
if (octets.some((octet) => !Number.isInteger(octet) || octet < 0 || octet > 255)) {
|
|
return null;
|
|
}
|
|
return octets;
|
|
}
|
|
|
|
function ipv4ToInt(octets) {
|
|
return ((octets[0] << 24) >>> 0) + (octets[1] << 16) + (octets[2] << 8) + octets[3];
|
|
}
|
|
|
|
function ipv4InCidr(octets, base, bits) {
|
|
const mask = bits === 0 ? 0 : (0xffffffff << (32 - bits)) >>> 0;
|
|
return (ipv4ToInt(octets) & mask) === (ipv4ToInt(base) & mask);
|
|
}
|
|
|
|
function isUnsafeIpv4(address) {
|
|
const octets = Array.isArray(address) ? address : parseIpv4(address);
|
|
if (!octets) {
|
|
return true;
|
|
}
|
|
return [
|
|
[[0, 0, 0, 0], 8],
|
|
[[10, 0, 0, 0], 8],
|
|
[[100, 64, 0, 0], 10],
|
|
[[127, 0, 0, 0], 8],
|
|
[[169, 254, 0, 0], 16],
|
|
[[172, 16, 0, 0], 12],
|
|
[[192, 0, 0, 0], 24],
|
|
[[192, 0, 2, 0], 24],
|
|
[[192, 168, 0, 0], 16],
|
|
[[198, 18, 0, 0], 15],
|
|
[[198, 51, 100, 0], 24],
|
|
[[203, 0, 113, 0], 24],
|
|
[[224, 0, 0, 0], 4],
|
|
[[240, 0, 0, 0], 4],
|
|
].some(([base, bits]) => ipv4InCidr(octets, base, bits));
|
|
}
|
|
|
|
function ipv4FromHextets(high, low) {
|
|
return [(high >>> 8) & 0xff, high & 0xff, (low >>> 8) & 0xff, low & 0xff];
|
|
}
|
|
|
|
function ipv4OctetsToHextets(octets) {
|
|
return [((octets[0] << 8) | octets[1]).toString(16), ((octets[2] << 8) | octets[3]).toString(16)];
|
|
}
|
|
|
|
function parseIpv6Parts(address) {
|
|
const normalized = address.toLowerCase().replace(/%[0-9a-z_.-]+$/u, "");
|
|
const dottedIpv4 = normalized.match(/^(.*:)(\d{1,3}(?:\.\d{1,3}){3})$/u);
|
|
const dottedIpv4Octets = dottedIpv4 ? parseIpv4(dottedIpv4[2]) : null;
|
|
if (dottedIpv4 && !dottedIpv4Octets) {
|
|
return null;
|
|
}
|
|
const canonical = dottedIpv4
|
|
? `${dottedIpv4[1]}${ipv4OctetsToHextets(dottedIpv4Octets)[0]}:${ipv4OctetsToHextets(dottedIpv4Octets)[1]}`
|
|
: normalized;
|
|
if (canonical.includes(":::") || canonical.split("::").length > 2) {
|
|
return null;
|
|
}
|
|
const [leftRaw = "", rightRaw = ""] = canonical.split("::");
|
|
const parseParts = (value) => {
|
|
if (!value) {
|
|
return [];
|
|
}
|
|
return value.split(":").map((part) => {
|
|
if (!/^[0-9a-f]{1,4}$/u.test(part)) {
|
|
return Number.NaN;
|
|
}
|
|
return Number.parseInt(part, 16);
|
|
});
|
|
};
|
|
const left = parseParts(leftRaw);
|
|
const right = parseParts(rightRaw);
|
|
if ([...left, ...right].some((part) => !Number.isInteger(part) || part < 0 || part > 0xffff)) {
|
|
return null;
|
|
}
|
|
const zeroCount = canonical.includes("::") ? 8 - left.length - right.length : 0;
|
|
if (zeroCount < 0 || (!canonical.includes("::") && left.length !== 8)) {
|
|
return null;
|
|
}
|
|
return [...left, ...Array.from({ length: zeroCount }, () => 0), ...right];
|
|
}
|
|
|
|
function extractUnsafeEmbeddedIpv4FromIpv6(address) {
|
|
const parts = parseIpv6Parts(address);
|
|
if (!parts || parts.length !== 8) {
|
|
return null;
|
|
}
|
|
const candidates = [];
|
|
if (parts.slice(0, 5).every((part) => part === 0) && parts[5] === 0xffff) {
|
|
candidates.push(ipv4FromHextets(parts[6], parts[7]));
|
|
}
|
|
if (parts.slice(0, 6).every((part) => part === 0)) {
|
|
candidates.push(ipv4FromHextets(parts[6], parts[7]));
|
|
}
|
|
if (parts[0] === 0x0064 && parts[1] === 0xff9b && parts.slice(2, 6).every((part) => part === 0)) {
|
|
candidates.push(ipv4FromHextets(parts[6], parts[7]));
|
|
}
|
|
if (
|
|
parts[0] === 0x0064 &&
|
|
parts[1] === 0xff9b &&
|
|
parts[2] === 0x0001 &&
|
|
parts.slice(3, 6).every((part) => part === 0)
|
|
) {
|
|
candidates.push(ipv4FromHextets(parts[6], parts[7]));
|
|
}
|
|
if (parts[0] === 0x2002) {
|
|
candidates.push(ipv4FromHextets(parts[1], parts[2]));
|
|
}
|
|
if (parts[0] === 0x2001 && parts[1] === 0x0000) {
|
|
candidates.push(ipv4FromHextets(parts[6] ^ 0xffff, parts[7] ^ 0xffff));
|
|
}
|
|
if ((parts[4] & 0xfcff) === 0 && parts[5] === 0x5efe) {
|
|
candidates.push(ipv4FromHextets(parts[6], parts[7]));
|
|
}
|
|
return candidates.find((candidate) => isUnsafeIpv4(candidate)) ?? null;
|
|
}
|
|
|
|
function isUnsafeIpv6(address) {
|
|
const normalized = address.toLowerCase();
|
|
if (extractUnsafeEmbeddedIpv4FromIpv6(normalized)) {
|
|
return true;
|
|
}
|
|
return (
|
|
normalized === "::" ||
|
|
normalized === "::1" ||
|
|
normalized.startsWith("fc") ||
|
|
normalized.startsWith("fd") ||
|
|
/^fe[89ab]/u.test(normalized) ||
|
|
normalized.startsWith("ff") ||
|
|
normalized.startsWith("64:ff9b:") ||
|
|
normalized.startsWith("100:") ||
|
|
normalized.startsWith("2001:2:") ||
|
|
normalized.startsWith("2001:db8:")
|
|
);
|
|
}
|
|
|
|
function isUnsafeIpAddress(address) {
|
|
const normalized = normalizeUrlHostname(address);
|
|
const family = isIP(normalized);
|
|
if (family === 4) {
|
|
return isUnsafeIpv4(normalized);
|
|
}
|
|
if (family === 6) {
|
|
return isUnsafeIpv6(normalized);
|
|
}
|
|
return true;
|
|
}
|
|
|
|
function isBlockedPackageHostname(hostname) {
|
|
const normalized = normalizeUrlHostname(hostname);
|
|
return (
|
|
BLOCKED_PACKAGE_HOSTNAMES.has(normalized) ||
|
|
normalized.endsWith(".localhost") ||
|
|
normalized.endsWith(".local") ||
|
|
normalized.endsWith(".internal") ||
|
|
(isIP(normalized) !== 0 && isUnsafeIpAddress(normalized))
|
|
);
|
|
}
|
|
|
|
function packageUrlPort(parsed) {
|
|
return parsed.port ? Number(parsed.port) : 443;
|
|
}
|
|
|
|
function toUniqueNormalizedHostList(value, field, sourceId) {
|
|
if (!Array.isArray(value) || value.length === 0) {
|
|
throw new Error(`trusted package source ${sourceId} must define non-empty ${field}`);
|
|
}
|
|
return [...new Set(value.map((entry) => normalizeUrlHostname(String(entry))).filter(Boolean))];
|
|
}
|
|
|
|
function toTrustedPorts(value, sourceId) {
|
|
const ports = value === undefined ? [443] : value;
|
|
if (!Array.isArray(ports) || ports.length === 0) {
|
|
throw new Error(`trusted package source ${sourceId} must define non-empty ports`);
|
|
}
|
|
const normalized = ports.map((port) => Number(port));
|
|
if (normalized.some((port) => !Number.isInteger(port) || port < 1 || port > 65535)) {
|
|
throw new Error(`trusted package source ${sourceId} has invalid ports`);
|
|
}
|
|
return [...new Set(normalized)].toSorted((a, b) => a - b);
|
|
}
|
|
|
|
function toPathPrefixes(value, sourceId) {
|
|
const prefixes = value === undefined ? ["/"] : value;
|
|
if (!Array.isArray(prefixes) || prefixes.length === 0) {
|
|
throw new Error(`trusted package source ${sourceId} must define non-empty pathPrefixes`);
|
|
}
|
|
return prefixes.map((prefix) => {
|
|
const text = String(prefix);
|
|
if (!text.startsWith("/")) {
|
|
throw new Error(`trusted package source ${sourceId} pathPrefixes must start with /`);
|
|
}
|
|
return text;
|
|
});
|
|
}
|
|
|
|
function normalizeTrustedPackageSource(id, raw) {
|
|
if (!/^[A-Za-z0-9][A-Za-z0-9._-]{0,127}$/u.test(id)) {
|
|
throw new Error(`Invalid trusted package source id: ${id}`);
|
|
}
|
|
if (!raw || typeof raw !== "object" || Array.isArray(raw)) {
|
|
throw new Error(`trusted package source ${id} must be an object`);
|
|
}
|
|
const hosts = toUniqueNormalizedHostList(raw.hosts, "hosts", id);
|
|
const redirectHosts = raw.redirectHosts
|
|
? toUniqueNormalizedHostList(raw.redirectHosts, "redirectHosts", id)
|
|
: hosts;
|
|
const auth = raw.auth === undefined ? undefined : raw.auth;
|
|
if (auth !== undefined) {
|
|
if (!auth || typeof auth !== "object" || Array.isArray(auth) || auth.type !== "bearer") {
|
|
throw new Error(`trusted package source ${id} auth must be {"type":"bearer"}`);
|
|
}
|
|
const authKeys = Object.keys(auth);
|
|
if (authKeys.some((key) => key !== "type")) {
|
|
throw new Error(`trusted package source ${id} auth only supports type`);
|
|
}
|
|
}
|
|
return {
|
|
allowPrivateNetwork: raw.allowPrivateNetwork === true,
|
|
auth,
|
|
hosts,
|
|
id,
|
|
pathPrefixes: toPathPrefixes(raw.pathPrefixes, id),
|
|
ports: toTrustedPorts(raw.ports, id),
|
|
redirectHosts,
|
|
};
|
|
}
|
|
|
|
export async function loadTrustedPackageSource(id, policyPath = TRUSTED_PACKAGE_SOURCE_POLICY) {
|
|
if (!id) {
|
|
throw new Error("source=trusted-url requires --trusted-source-id");
|
|
}
|
|
const absolutePolicyPath = path.resolve(ROOT_DIR, policyPath);
|
|
let policy;
|
|
try {
|
|
policy = JSON.parse(await fs.readFile(absolutePolicyPath, "utf8"));
|
|
} catch (error) {
|
|
throw new Error(`Unable to read trusted package source policy: ${policyPath}`, {
|
|
cause: error,
|
|
});
|
|
}
|
|
if (!policy || typeof policy !== "object" || policy.schemaVersion !== 1) {
|
|
throw new Error(`Trusted package source policy must use schemaVersion 1: ${policyPath}`);
|
|
}
|
|
const sources = policy.sources;
|
|
if (!sources || typeof sources !== "object" || Array.isArray(sources)) {
|
|
throw new Error(`Trusted package source policy must define sources: ${policyPath}`);
|
|
}
|
|
if (!Object.hasOwn(sources, id)) {
|
|
throw new Error(`Unknown trusted package source: ${id}`);
|
|
}
|
|
return normalizeTrustedPackageSource(id, sources[id]);
|
|
}
|
|
|
|
function validateTrustedPackageDownloadUrl(parsed, trustedSource, options = {}) {
|
|
if (parsed.protocol !== "https:") {
|
|
throw new Error(`package_url must use https: ${parsed.toString()}`);
|
|
}
|
|
if (parsed.username || parsed.password) {
|
|
throw new Error(`package_url must not include credentials: ${parsed.origin}`);
|
|
}
|
|
const hostname = normalizeUrlHostname(parsed.hostname);
|
|
const allowedHosts = options.isRedirect ? trustedSource.redirectHosts : trustedSource.hosts;
|
|
if (!allowedHosts.includes(hostname)) {
|
|
throw new Error(
|
|
`package_url host ${parsed.hostname} is not allowed by trusted package source ${trustedSource.id}`,
|
|
);
|
|
}
|
|
if (!trustedSource.ports.includes(packageUrlPort(parsed))) {
|
|
throw new Error(
|
|
`package_url port ${packageUrlPort(parsed)} is not allowed by trusted package source ${trustedSource.id}`,
|
|
);
|
|
}
|
|
if (!trustedSource.pathPrefixes.some((prefix) => parsed.pathname.startsWith(prefix))) {
|
|
throw new Error(
|
|
`package_url path is not allowed by trusted package source ${trustedSource.id}`,
|
|
);
|
|
}
|
|
if (!trustedSource.allowPrivateNetwork && isBlockedPackageHostname(parsed.hostname)) {
|
|
throw new Error(
|
|
`Blocked hostname or private/internal/special-use IP address: ${parsed.hostname}`,
|
|
);
|
|
}
|
|
}
|
|
|
|
function createTrustedPackageAuthHeaders(trustedSource) {
|
|
if (!trustedSource?.auth) {
|
|
return undefined;
|
|
}
|
|
const token = process.env[TRUSTED_PACKAGE_SOURCE_TOKEN_ENV];
|
|
if (!token) {
|
|
throw new Error(
|
|
`trusted package source ${trustedSource.id} requires ${TRUSTED_PACKAGE_SOURCE_TOKEN_ENV}`,
|
|
);
|
|
}
|
|
return { authorization: `Bearer ${token}` };
|
|
}
|
|
|
|
function validatePackageDownloadUrl(parsed) {
|
|
if (parsed.protocol !== "https:") {
|
|
throw new Error(`package_url must use https: ${parsed.toString()}`);
|
|
}
|
|
if (parsed.username || parsed.password) {
|
|
throw new Error(`package_url must not include credentials: ${parsed.origin}`);
|
|
}
|
|
if (parsed.port && parsed.port !== "443") {
|
|
throw new Error(`package_url must use the default HTTPS port: ${parsed.origin}`);
|
|
}
|
|
if (isBlockedPackageHostname(parsed.hostname)) {
|
|
throw new Error(
|
|
`Blocked hostname or private/internal/special-use IP address: ${parsed.hostname}`,
|
|
);
|
|
}
|
|
}
|
|
|
|
async function defaultLookupHost(hostname) {
|
|
return await dnsLookup(hostname, { all: true, verbatim: true });
|
|
}
|
|
|
|
function normalizeLookupResults(results) {
|
|
const entries = Array.isArray(results) ? results : [results];
|
|
return entries
|
|
.map((entry) => ({ address: String(entry.address ?? ""), family: Number(entry.family ?? 0) }))
|
|
.filter((entry) => entry.address && (entry.family === 4 || entry.family === 6));
|
|
}
|
|
|
|
function createPinnedLookup(hostname, addresses) {
|
|
const normalizedHost = normalizeUrlHostname(hostname);
|
|
const records = addresses.map((address) => ({
|
|
address,
|
|
family: isIP(normalizeUrlHostname(address)),
|
|
}));
|
|
return (host, options, callback) => {
|
|
const cb = typeof options === "function" ? options : callback;
|
|
if (!cb) {
|
|
return;
|
|
}
|
|
if (normalizeUrlHostname(host) !== normalizedHost) {
|
|
if (typeof options === "function") {
|
|
dnsLookupCb(host, cb);
|
|
return;
|
|
}
|
|
dnsLookupCb(host, options, cb);
|
|
return;
|
|
}
|
|
const opts = typeof options === "object" && options !== null ? options : {};
|
|
const filtered = opts.family
|
|
? records.filter((record) => record.family === opts.family)
|
|
: records;
|
|
const usable = filtered.length > 0 ? filtered : records;
|
|
if (opts.all) {
|
|
cb(null, usable);
|
|
return;
|
|
}
|
|
const chosen = usable[0];
|
|
cb(null, chosen.address, chosen.family);
|
|
};
|
|
}
|
|
|
|
async function resolvePackageDownloadAddresses(parsed, lookupHost, trustedSource) {
|
|
const hostname = normalizeUrlHostname(parsed.hostname);
|
|
if (isIP(hostname)) {
|
|
if (!trustedSource?.allowPrivateNetwork && isUnsafeIpAddress(hostname)) {
|
|
throw new Error(
|
|
`Blocked: package_url resolves to private/internal/special-use IP address: ${hostname}`,
|
|
);
|
|
}
|
|
return [hostname];
|
|
}
|
|
const results = normalizeLookupResults(await lookupHost(hostname));
|
|
if (results.length === 0) {
|
|
throw new Error(`Unable to resolve package_url hostname: ${parsed.hostname}`);
|
|
}
|
|
if (!trustedSource?.allowPrivateNetwork) {
|
|
const blocked = results.find((entry) => isUnsafeIpAddress(entry.address));
|
|
if (blocked) {
|
|
throw new Error(
|
|
`Blocked: package_url resolves to private/internal/special-use IP address: ${blocked.address}`,
|
|
);
|
|
}
|
|
}
|
|
return [...new Set(results.map((entry) => entry.address))];
|
|
}
|
|
|
|
function responseStatus(response) {
|
|
return Number(response.status ?? 0);
|
|
}
|
|
|
|
function responseOk(response) {
|
|
const status = responseStatus(response);
|
|
return status >= 200 && status < 300;
|
|
}
|
|
|
|
function responseHeader(response, name) {
|
|
return response.headers?.get?.(name) ?? null;
|
|
}
|
|
|
|
async function closeResponseBody(body) {
|
|
if (!body) {
|
|
return;
|
|
}
|
|
if (typeof body.cancel === "function") {
|
|
await body.cancel().catch(() => {});
|
|
return;
|
|
}
|
|
if (typeof body.destroy === "function") {
|
|
body.destroy();
|
|
}
|
|
}
|
|
|
|
async function openFetchPackageDownloadResponse(parsed, options) {
|
|
const controller = new AbortController();
|
|
const timeout = setTimeout(() => controller.abort(), options.timeoutMs);
|
|
timeout.unref?.();
|
|
const response = await options
|
|
.fetchImpl(parsed, {
|
|
headers: options.headers,
|
|
redirect: "manual",
|
|
signal: controller.signal,
|
|
})
|
|
.catch((error) => {
|
|
clearTimeout(timeout);
|
|
if (error?.name === "AbortError") {
|
|
throw new Error(
|
|
`package_url download timed out after ${options.timeoutMs}ms: ${parsed.toString()}`,
|
|
{
|
|
cause: error,
|
|
},
|
|
);
|
|
}
|
|
throw error;
|
|
});
|
|
return {
|
|
close: async () => closeResponseBody(response.body),
|
|
response,
|
|
timeout,
|
|
timeoutMs: options.timeoutMs,
|
|
};
|
|
}
|
|
|
|
async function openHttpsPackageDownloadResponse(parsed, options) {
|
|
const controller = new AbortController();
|
|
const timeout = setTimeout(() => controller.abort(), options.timeoutMs);
|
|
timeout.unref?.();
|
|
const lookup = createPinnedLookup(parsed.hostname, options.addresses);
|
|
const response = await new Promise((resolve, reject) => {
|
|
const request = httpsRequest(
|
|
parsed,
|
|
{
|
|
headers: options.headers,
|
|
lookup,
|
|
signal: controller.signal,
|
|
},
|
|
(message) => {
|
|
resolve({
|
|
body: message,
|
|
headers: {
|
|
get(name) {
|
|
const value = message.headers[name.toLowerCase()];
|
|
if (Array.isArray(value)) {
|
|
return value[0] ?? null;
|
|
}
|
|
return value ?? null;
|
|
},
|
|
},
|
|
status: message.statusCode ?? 0,
|
|
});
|
|
},
|
|
);
|
|
request.on("error", reject);
|
|
request.end();
|
|
}).catch((error) => {
|
|
clearTimeout(timeout);
|
|
if (error?.name === "AbortError" || error?.code === "ABORT_ERR") {
|
|
throw new Error(
|
|
`package_url download timed out after ${options.timeoutMs}ms: ${parsed.toString()}`,
|
|
{
|
|
cause: error,
|
|
},
|
|
);
|
|
}
|
|
throw error;
|
|
});
|
|
return {
|
|
close: async () => closeResponseBody(response.body),
|
|
response,
|
|
timeout,
|
|
timeoutMs: options.timeoutMs,
|
|
};
|
|
}
|
|
|
|
async function openPackageDownloadResponse(url, options) {
|
|
const lookupHost = options.lookupHost ?? defaultLookupHost;
|
|
const timeoutMs = options.timeoutMs ?? PACKAGE_URL_DOWNLOAD_TIMEOUT_MS;
|
|
const maxRedirects = options.maxRedirects ?? PACKAGE_URL_MAX_REDIRECTS;
|
|
const trustedSource = options.trustedSource;
|
|
const headers = createTrustedPackageAuthHeaders(trustedSource);
|
|
let parsed = new URL(url);
|
|
for (let redirectCount = 0; redirectCount <= maxRedirects; redirectCount += 1) {
|
|
if (trustedSource) {
|
|
validateTrustedPackageDownloadUrl(parsed, trustedSource, { isRedirect: redirectCount > 0 });
|
|
} else {
|
|
validatePackageDownloadUrl(parsed);
|
|
}
|
|
const addresses = await resolvePackageDownloadAddresses(parsed, lookupHost, trustedSource);
|
|
const opened = options.fetchImpl
|
|
? await openFetchPackageDownloadResponse(parsed, {
|
|
fetchImpl: options.fetchImpl,
|
|
headers,
|
|
timeoutMs,
|
|
})
|
|
: await openHttpsPackageDownloadResponse(parsed, {
|
|
addresses,
|
|
headers,
|
|
timeoutMs,
|
|
});
|
|
const status = responseStatus(opened.response);
|
|
if ([301, 302, 303, 307, 308].includes(status)) {
|
|
clearTimeout(opened.timeout);
|
|
await opened.close();
|
|
const location = responseHeader(opened.response, "location");
|
|
if (!location) {
|
|
throw new Error(`package_url redirect missing Location header: HTTP ${status}`);
|
|
}
|
|
parsed = new URL(location, parsed);
|
|
continue;
|
|
}
|
|
return opened;
|
|
}
|
|
throw new Error(`package_url exceeded ${maxRedirects} redirects: ${url}`);
|
|
}
|
|
|
|
async function* limitResponseBody(body, maxBytes) {
|
|
let downloaded = 0;
|
|
for await (const chunk of body) {
|
|
const size = typeof chunk === "string" ? Buffer.byteLength(chunk) : chunk.byteLength;
|
|
downloaded += size;
|
|
if (downloaded > maxBytes) {
|
|
throw new Error(`package_url exceeds maximum download size of ${maxBytes} bytes`);
|
|
}
|
|
yield chunk;
|
|
}
|
|
}
|
|
|
|
export async function downloadUrl(url, target, options = {}) {
|
|
const maxBytes = options.maxBytes ?? PACKAGE_URL_MAX_BYTES;
|
|
const { close, response, timeout, timeoutMs } = await openPackageDownloadResponse(url, options);
|
|
const tempTarget = `${target}.tmp`;
|
|
try {
|
|
if (!responseOk(response) || !response.body) {
|
|
throw new Error(`failed to download package_url: HTTP ${responseStatus(response)}`);
|
|
}
|
|
const contentLength = Number(responseHeader(response, "content-length") ?? "");
|
|
if (Number.isFinite(contentLength) && contentLength > maxBytes) {
|
|
throw new Error(`package_url exceeds maximum download size of ${maxBytes} bytes`);
|
|
}
|
|
await fs.rm(tempTarget, { force: true });
|
|
await pipeline(limitResponseBody(response.body, maxBytes), createWriteStream(tempTarget));
|
|
await fs.rename(tempTarget, target);
|
|
} catch (error) {
|
|
if (error?.name === "AbortError") {
|
|
throw new Error(`package_url download timed out after ${timeoutMs}ms: ${url}`, {
|
|
cause: error,
|
|
});
|
|
}
|
|
throw error;
|
|
} finally {
|
|
clearTimeout(timeout);
|
|
await close();
|
|
await fs.rm(tempTarget, { force: true });
|
|
}
|
|
}
|
|
|
|
async function readPackageJson(tarball) {
|
|
const raw = await run("tar", ["-xOf", tarball, "package/package.json"], { capture: true });
|
|
const pkg = JSON.parse(raw);
|
|
return {
|
|
name: typeof pkg.name === "string" ? pkg.name : "",
|
|
version: typeof pkg.version === "string" ? pkg.version : "",
|
|
};
|
|
}
|
|
|
|
export async function readPackageBuildSourceSha(tarball) {
|
|
const raw = await run("tar", ["-xOf", tarball, "package/dist/build-info.json"], {
|
|
capture: true,
|
|
}).then(
|
|
(value) => value,
|
|
() => "",
|
|
);
|
|
if (!raw.trim()) {
|
|
return "";
|
|
}
|
|
const buildInfo = JSON.parse(raw);
|
|
const commit = typeof buildInfo.commit === "string" ? buildInfo.commit.trim() : "";
|
|
return /^[0-9a-f]{40}$/iu.test(commit) ? commit.toLowerCase() : "";
|
|
}
|
|
|
|
async function appendGithubOutputs(file, outputs) {
|
|
if (!file) {
|
|
return;
|
|
}
|
|
const body = Object.entries(outputs)
|
|
.map(([key, value]) => `${key}=${String(value).replace(/\n/gu, " ")}`)
|
|
.join("\n");
|
|
await fs.appendFile(file, `${body}\n`);
|
|
}
|
|
|
|
async function resolveCandidate(options) {
|
|
const outputDir = path.resolve(ROOT_DIR, options.outputDir);
|
|
const target = path.join(outputDir, options.outputName || DEFAULT_OUTPUT_NAME);
|
|
await fs.mkdir(outputDir, { recursive: true });
|
|
await fs.rm(target, { force: true });
|
|
let packageRef = "";
|
|
let packageSourceSha = "";
|
|
let packageTrustedReason = "";
|
|
let packageTrustedSourceId = "";
|
|
let packageWorktreeDir = "";
|
|
let artifactMetadata = {};
|
|
|
|
try {
|
|
if (options.source === "ref") {
|
|
packageRef = options.packageRef || "main";
|
|
const packageSource = await preparePackageSourceWorktree(packageRef);
|
|
packageWorktreeDir = packageSource.sourceDir;
|
|
packageSourceSha = packageSource.selectedSha;
|
|
packageTrustedReason = packageSource.trustedReason;
|
|
await installPackageSourceDeps(packageSource.sourceDir);
|
|
await run("node", [
|
|
"scripts/package-openclaw-for-docker.mjs",
|
|
"--source-dir",
|
|
packageSource.sourceDir,
|
|
"--output-dir",
|
|
outputDir,
|
|
"--output-name",
|
|
options.outputName || DEFAULT_OUTPUT_NAME,
|
|
]);
|
|
} else if (options.source === "npm") {
|
|
const npmPackRunner = resolveNpmPackageCandidatePackRunner(options.packageSpec, outputDir, {
|
|
env: process.env,
|
|
});
|
|
const packOutput = await run(npmPackRunner.command, npmPackRunner.args, {
|
|
capture: true,
|
|
env: npmPackRunner.env,
|
|
shell: npmPackRunner.shell,
|
|
windowsVerbatimArguments: npmPackRunner.windowsVerbatimArguments,
|
|
});
|
|
await moveNewestPackedTarball(
|
|
outputDir,
|
|
packOutput,
|
|
options.outputName || DEFAULT_OUTPUT_NAME,
|
|
);
|
|
} else if (options.source === "url" || options.source === "trusted-url") {
|
|
if (!options.packageUrl) {
|
|
throw new Error(`${options.source} requires --package-url`);
|
|
}
|
|
if (!options.packageSha256) {
|
|
throw new Error(`${options.source} requires --package-sha256`);
|
|
}
|
|
if (options.source === "trusted-url") {
|
|
const trustedSource = await loadTrustedPackageSource(
|
|
options.trustedSourceId,
|
|
options.trustedSourcePolicy,
|
|
);
|
|
await downloadUrl(options.packageUrl, target, { trustedSource });
|
|
packageTrustedReason = `trusted-url-policy:${trustedSource.id}`;
|
|
packageTrustedSourceId = trustedSource.id;
|
|
} else {
|
|
if (options.trustedSourceId) {
|
|
throw new Error("--trusted-source-id is only allowed with source=trusted-url");
|
|
}
|
|
await downloadUrl(options.packageUrl, target);
|
|
}
|
|
} else if (options.source === "artifact") {
|
|
if (!options.artifactDir) {
|
|
throw new Error("source=artifact requires --artifact-dir");
|
|
}
|
|
artifactMetadata = await readArtifactPackageCandidateMetadata(options.artifactDir);
|
|
packageRef =
|
|
typeof artifactMetadata.packageRef === "string" ? artifactMetadata.packageRef : "";
|
|
packageSourceSha =
|
|
typeof artifactMetadata.packageSourceSha === "string"
|
|
? artifactMetadata.packageSourceSha
|
|
: "";
|
|
packageTrustedReason =
|
|
typeof artifactMetadata.packageTrustedReason === "string"
|
|
? artifactMetadata.packageTrustedReason
|
|
: "";
|
|
const input = await findSingleTarball(options.artifactDir);
|
|
await fs.copyFile(input, target);
|
|
} else {
|
|
throw new Error(
|
|
`source must be one of: ref, npm, url, trusted-url, artifact. Got: ${options.source}`,
|
|
);
|
|
}
|
|
} finally {
|
|
if (packageWorktreeDir) {
|
|
await run("git", ["worktree", "remove", "--force", packageWorktreeDir]).catch(() => {});
|
|
}
|
|
}
|
|
|
|
const artifactSha256 = typeof artifactMetadata.sha256 === "string" ? artifactMetadata.sha256 : "";
|
|
const digest = await assertExpectedSha256(target, options.packageSha256 || artifactSha256);
|
|
console.error(`Checking OpenClaw package tarball: ${target}`);
|
|
const checkStartedAt = Date.now();
|
|
await run("node", ["scripts/check-openclaw-package-tarball.mjs", target], {
|
|
timeoutMs: 5 * 60 * 1000,
|
|
});
|
|
console.error(
|
|
`OpenClaw package tarball check finished in ${Math.round((Date.now() - checkStartedAt) / 1000)}s`,
|
|
);
|
|
const pkg = await readPackageJson(target);
|
|
if (!packageSourceSha) {
|
|
packageSourceSha = await readPackageBuildSourceSha(target);
|
|
if (packageSourceSha && !packageTrustedReason) {
|
|
packageTrustedReason = "package-build-info";
|
|
}
|
|
}
|
|
const metadata = {
|
|
name: pkg.name,
|
|
packageRef,
|
|
packageSpec: options.packageSpec || "",
|
|
packageSourceSha,
|
|
packageTrustedReason,
|
|
trustedSourceId: packageTrustedSourceId,
|
|
sha256: digest,
|
|
source: options.source,
|
|
tarball: path.relative(ROOT_DIR, target),
|
|
version: pkg.version,
|
|
};
|
|
|
|
if (pkg.name !== "openclaw") {
|
|
throw new Error(`package candidate must be named "openclaw"; got: ${pkg.name || "<missing>"}`);
|
|
}
|
|
if (!pkg.version) {
|
|
throw new Error("package candidate package.json has no version");
|
|
}
|
|
|
|
if (options.metadata) {
|
|
await fs.mkdir(path.dirname(path.resolve(ROOT_DIR, options.metadata)), { recursive: true });
|
|
await fs.writeFile(
|
|
path.resolve(ROOT_DIR, options.metadata),
|
|
`${JSON.stringify(metadata, null, 2)}\n`,
|
|
);
|
|
}
|
|
await appendGithubOutputs(options.githubOutput, {
|
|
package_name: pkg.name,
|
|
package_source_sha: packageSourceSha,
|
|
package_version: pkg.version,
|
|
sha256: digest,
|
|
tarball: metadata.tarball,
|
|
});
|
|
return metadata;
|
|
}
|
|
|
|
export async function main(argv = process.argv.slice(2)) {
|
|
const options = parseArgs(argv);
|
|
if (options.help) {
|
|
console.log(usage());
|
|
return;
|
|
}
|
|
if (!options.outputDir) {
|
|
throw new Error("--output-dir is required");
|
|
}
|
|
const metadata = await resolveCandidate(options);
|
|
console.log(JSON.stringify(metadata, null, 2));
|
|
}
|
|
|
|
if (process.argv[1] && path.resolve(process.argv[1]) === fileURLToPath(import.meta.url)) {
|
|
await main().catch((error) => {
|
|
console.error(error instanceof Error ? error.message : String(error));
|
|
console.error(usage());
|
|
process.exit(1);
|
|
});
|
|
}
|