diff --git a/.agent/.DS_Store b/.agent/.DS_Store
deleted file mode 100644
index 1f2c43e08..000000000
Binary files a/.agent/.DS_Store and /dev/null differ
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
new file mode 100644
index 000000000..f6fca8c5e
--- /dev/null
+++ b/.github/FUNDING.yml
@@ -0,0 +1 @@
+custom: ['https://github.com/sponsors/steipete']
diff --git a/.github/labeler.yml b/.github/labeler.yml
index 5d2837a6c..5c19fa418 100644
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -24,6 +24,7 @@
- changed-files:
- any-glob-to-any-file:
- "extensions/line/**"
+ - "docs/channels/line.md"
"channel: matrix":
- changed-files:
- any-glob-to-any-file:
@@ -132,6 +133,53 @@
- "docs/**"
- "docs.acp.md"
+"cli":
+ - changed-files:
+ - any-glob-to-any-file:
+ - "src/cli/**"
+
+"commands":
+ - changed-files:
+ - any-glob-to-any-file:
+ - "src/commands/**"
+
+"scripts":
+ - changed-files:
+ - any-glob-to-any-file:
+ - "scripts/**"
+
+"docker":
+ - changed-files:
+ - any-glob-to-any-file:
+ - "Dockerfile"
+ - "Dockerfile.*"
+ - "docker-compose.yml"
+ - "docker-setup.sh"
+ - ".dockerignore"
+ - "scripts/**/*docker*"
+ - "scripts/**/Dockerfile*"
+ - "scripts/sandbox-*.sh"
+ - "src/agents/sandbox*.ts"
+ - "src/commands/sandbox*.ts"
+ - "src/cli/sandbox-cli.ts"
+ - "src/docker-setup.test.ts"
+ - "src/config/**/*sandbox*"
+ - "docs/cli/sandbox.md"
+ - "docs/gateway/sandbox*.md"
+ - "docs/install/docker.md"
+ - "docs/multi-agent-sandbox-tools.md"
+
+"agents":
+ - changed-files:
+ - any-glob-to-any-file:
+ - "src/agents/**"
+
+"security":
+ - changed-files:
+ - any-glob-to-any-file:
+ - "docs/cli/security.md"
+ - "docs/gateway/security.md"
+
"extensions: copilot-proxy":
- changed-files:
- any-glob-to-any-file:
diff --git a/.github/workflows/auto-response.yml b/.github/workflows/auto-response.yml
index 7f242a094..b610e1718 100644
--- a/.github/workflows/auto-response.yml
+++ b/.github/workflows/auto-response.yml
@@ -3,7 +3,7 @@ name: Auto response
on:
issues:
types: [labeled]
- pull_request:
+ pull_request_target:
types: [labeled]
permissions:
@@ -14,9 +14,15 @@ jobs:
auto-response:
runs-on: ubuntu-latest
steps:
+ - uses: actions/create-github-app-token@v1
+ id: app-token
+ with:
+ app-id: "2729701"
+ private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
- name: Handle labeled items
uses: actions/github-script@v7
with:
+ github-token: ${{ steps.app-token.outputs.token }}
script: |
const rules = [
{
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
index 8d078774b..2b2f80130 100644
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -21,3 +21,4 @@ jobs:
with:
configuration-path: .github/labeler.yml
repo-token: ${{ steps.app-token.outputs.token }}
+ sync-labels: true
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1f6993076..e059812b7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,17 +6,30 @@ Docs: https://docs.clawd.bot
Status: unreleased.
### Changes
+- Agents: summarize dropped messages during compaction safeguard pruning. (#2509) Thanks @jogi47.
+- Skills: add multi-image input support to Nano Banana Pro skill. (#1958) Thanks @tyler6204.
+- Agents: honor tools.exec.safeBins in exec allowlist checks. (#2281)
+- Matrix: switch plugin SDK to @vector-im/matrix-bot-sdk.
+- Docs: tighten Fly private deployment steps. (#2289) Thanks @dguido.
+- Docs: add migration guide for moving to a new machine. (#2381)
+- Docs: add Northflank one-click deployment guide. (#2167) Thanks @AdeboyeDN.
+- Gateway: warn on hook tokens via query params; document header auth preference. (#2200) Thanks @YuriNachos.
+- Gateway: add dangerous Control UI device auth bypass flag + audit warnings. (#2248)
- Doctor: warn on gateway exposure without auth. (#2016) Thanks @Alex-Alaniz.
+- Discord: add configurable privileged gateway intents for presences/members. (#2266) Thanks @kentaro.
- Docs: add Vercel AI Gateway to providers sidebar. (#1901) Thanks @jerilynzheng.
- Agents: expand cron tool description with full schema docs. (#1988) Thanks @tomascupr.
- Skills: add missing dependency metadata for GitHub, Notion, Slack, Discord. (#1995) Thanks @jackheuberger.
- Docs: add Render deployment guide. (#1975) Thanks @anurag.
- Docs: add Claude Max API Proxy guide. (#1875) Thanks @atalovesyou.
- Docs: add DigitalOcean deployment guide. (#1870) Thanks @0xJonHoldsCrypto.
+- Docs: add Oracle Cloud (OCI) platform guide + cross-links. (#2333) Thanks @hirefrank.
- Docs: add Raspberry Pi install guide. (#1871) Thanks @0xJonHoldsCrypto.
- Docs: add GCP Compute Engine deployment guide. (#1848) Thanks @hougangdev.
+- Docs: add LINE channel guide. Thanks @thewilloftheshadow.
- Docs: credit both contributors for Control UI refresh. (#1852) Thanks @EnzeD.
- Onboarding: add Venice API key to non-interactive flow. (#1893) Thanks @jonisjongithub.
+- Onboarding: strengthen security warning copy for beta + access control expectations.
- Tlon: format thread reply IDs as @ud. (#1837) Thanks @wca4a.
- Gateway: prefer newest session metadata when combining stores. (#1823) Thanks @emanuelst.
- Web UI: keep sub-agent announce replies visible in WebChat. (#1977) Thanks @andrescardonas7.
@@ -25,22 +38,53 @@ Status: unreleased.
- Browser: fall back to URL matching for extension relay target resolution. (#1999) Thanks @jonit-dev.
- Update: ignore dist/control-ui for dirty checks and restore after ui builds. (#1976) Thanks @Glucksberg.
- Telegram: allow caption param for media sends. (#1888) Thanks @mguellsegarra.
+- Telegram: support plugin sendPayload channelData (media/buttons) and validate plugin commands. (#1917) Thanks @JoshuaLelon.
- Telegram: avoid block replies when streaming is disabled. (#1885) Thanks @ivancasco.
+- Docs: keep docs header sticky so navbar stays visible while scrolling. (#2445) Thanks @chenyuan99.
+- Security: use Windows ACLs for permission audits and fixes on Windows. (#1957)
- Auth: show copyable Google auth URL after ASCII prompt. (#1787) Thanks @robbyczgw-cla.
- Routing: precompile session key regexes. (#1697) Thanks @Ray0907.
- TUI: avoid width overflow when rendering selection lists. (#1686) Thanks @mossein.
- Telegram: keep topic IDs in restart sentinel notifications. (#1807) Thanks @hsrvc.
+- Telegram: add optional silent send flag (disable notifications). (#2382) Thanks @Suksham-sharma.
+- Telegram: support editing sent messages via message(action="edit"). (#2394) Thanks @marcelomar21.
- Config: apply config.env before ${VAR} substitution. (#1813) Thanks @spanishflu-est1918.
- Slack: clear ack reaction after streamed replies. (#2044) Thanks @fancyboi999.
- macOS: keep custom SSH usernames in remote target. (#2046) Thanks @algal.
+### Breaking
+- **BREAKING:** Gateway auth mode "none" is removed; gateway now requires token/password (Tailscale Serve identity still allowed).
+
### Fixes
+- Gateway: suppress AbortError and transient network errors in unhandled rejections. (#2451) Thanks @Glucksberg.
+- TTS: keep /tts status replies on text-only commands and avoid duplicate block-stream audio. (#2451) Thanks @Glucksberg.
+- Security: pin npm overrides to keep tar@7.5.4 for install toolchains.
+- Security: properly test Windows ACL audit for config includes. (#2403) Thanks @dominicnunez.
+- CLI: recognize versioned Node executables when parsing argv. (#2490) Thanks @David-Marsh-Photo.
+- BlueBubbles: coalesce inbound URL link preview messages. (#1981) Thanks @tyler6204.
+- Cron: allow payloads containing "heartbeat" in event filter. (#2219) Thanks @dwfinkelstein.
+- CLI: avoid loading config for global help/version while registering plugin commands. (#2212) Thanks @dial481.
+- Agents: include memory.md when bootstrapping memory context. (#2318) Thanks @czekaj.
+- Agents: release session locks on process termination and cover more signals. (#2483) Thanks @janeexai.
+- Telegram: harden polling + retry behavior for transient network errors and Node 22 transport issues. (#2420) Thanks @techboss.
+- Telegram: wrap reasoning italics per line to avoid raw underscores. (#2181) Thanks @YuriNachos.
+- Telegram: centralize API error logging for delivery and bot calls. (#2492) Thanks @altryne.
+- Voice Call: enforce Twilio webhook signature verification for ngrok URLs; disable ngrok free tier bypass by default.
+- Security: harden Tailscale Serve auth by validating identity via local tailscaled before trusting headers.
+- Build: align memory-core peer dependency with lockfile.
+- Security: add mDNS discovery mode with minimal default to reduce information disclosure. (#1882) Thanks @orlyjamie.
+- Security: harden URL fetches with DNS pinning to reduce rebinding risk. Thanks Chris Zheng.
- Web UI: improve WebChat image paste previews and allow image-only sends. (#1925) Thanks @smartprogrammer93.
- Gateway: fix server resource leak in canBindToHost error handler.
+- Security: wrap external hook content by default with a per-hook opt-out. (#1827) Thanks @mertcicekci0.
+- Gateway: default auth now fail-closed (token/password required; Tailscale Serve identity remains allowed).
+- Gateway: treat loopback + non-local Host connections as remote unless trusted proxy headers are present.
+- Onboarding: remove unsupported gateway auth "off" choice from onboarding/configure flows and CLI flags.
## 2026.1.24-3
### Fixes
+- Slack: fix image downloads failing due to missing Authorization header on cross-origin redirects. (#1936) Thanks @sanderhelgesen.
- Gateway: harden reverse proxy handling for local-client detection and unauthenticated proxied connects. (#1795) Thanks @orlyjamie.
- Security audit: flag loopback Control UI with auth disabled as critical. (#1795) Thanks @orlyjamie.
- CLI: resume claude-cli sessions and stream CLI replies to TUI clients. (#1921) Thanks @rmorse.
diff --git a/Dockerfile b/Dockerfile
index a33f0077d..642cfd612 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -32,4 +32,9 @@ RUN pnpm ui:build
ENV NODE_ENV=production
+# Security hardening: Run as non-root user
+# The node:22-bookworm image includes a 'node' user (uid 1000)
+# This reduces the attack surface by preventing container escape via root privileges
+USER node
+
CMD ["node", "dist/index.js"]
diff --git a/README.md b/README.md
index 217a4b61c..db80c6cd0 100644
--- a/README.md
+++ b/README.md
@@ -477,34 +477,36 @@ Special thanks to [Mario Zechner](https://mariozechner.at/) for his support and
Thanks to all clawtributors:
- 
- 
- 
- 
![google-labs-jules[bot]](https://avatars.githubusercontent.com/in/842251?v=4&s=48 "google-labs-jules[bot]")
- 
- 
- 
- 
- 
- 
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&s=48 "dependabot[bot]")
- 
- 
- 
![blacksmith-sh[bot]](https://avatars.githubusercontent.com/in/807020?v=4&s=48 "blacksmith-sh[bot]")
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
+ 
+
+
+
+ 
+
+
+ 
+ 
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 
+ 
+
+ 
+ 
+ 
+ 
+
+
+
diff --git a/SECURITY.md b/SECURITY.md
index 43d493996..11aa0b781 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,6 +1,6 @@
# Security Policy
-If you believe you’ve found a security issue in Clawdbot, please report it privately.
+If you believe you've found a security issue in Clawdbot, please report it privately.
## Reporting
@@ -12,3 +12,46 @@ If you believe you’ve found a security issue in Clawdbot, please report it pri
For threat model + hardening guidance (including `clawdbot security audit --deep` and `--fix`), see:
- `https://docs.clawd.bot/gateway/security`
+
+## Runtime Requirements
+
+### Node.js Version
+
+Clawdbot requires **Node.js 22.12.0 or later** (LTS). This version includes important security patches:
+
+- CVE-2025-59466: async_hooks DoS vulnerability
+- CVE-2026-21636: Permission model bypass vulnerability
+
+Verify your Node.js version:
+
+```bash
+node --version # Should be v22.12.0 or later
+```
+
+### Docker Security
+
+When running Clawdbot in Docker:
+
+1. The official image runs as a non-root user (`node`) for reduced attack surface
+2. Use `--read-only` flag when possible for additional filesystem protection
+3. Limit container capabilities with `--cap-drop=ALL`
+
+Example secure Docker run:
+
+```bash
+docker run --read-only --cap-drop=ALL \
+ -v clawdbot-data:/app/data \
+ clawdbot/clawdbot:latest
+```
+
+## Security Scanning
+
+This project uses `detect-secrets` for automated secret detection in CI/CD.
+See `.detect-secrets.cfg` for configuration and `.secrets.baseline` for the baseline.
+
+Run locally:
+
+```bash
+pip install detect-secrets==1.5.0
+detect-secrets scan --baseline .secrets.baseline
+```
diff --git a/apps/macos/Sources/Clawdbot/CommandResolver.swift b/apps/macos/Sources/Clawdbot/CommandResolver.swift
index 7661c48f1..f83638b10 100644
--- a/apps/macos/Sources/Clawdbot/CommandResolver.swift
+++ b/apps/macos/Sources/Clawdbot/CommandResolver.swift
@@ -282,22 +282,6 @@ enum CommandResolver {
guard !settings.target.isEmpty else { return nil }
guard let parsed = self.parseSSHTarget(settings.target) else { return nil }
- var args: [String] = [
- "-o", "BatchMode=yes",
- "-o", "StrictHostKeyChecking=accept-new",
- "-o", "UpdateHostKeys=yes",
- ]
- if parsed.port > 0 { args.append(contentsOf: ["-p", String(parsed.port)]) }
- let identity = settings.identity.trimmingCharacters(in: .whitespacesAndNewlines)
- if !identity.isEmpty {
- // Only use IdentitiesOnly when an explicit identity file is provided.
- // This allows 1Password SSH agent and other SSH agents to provide keys.
- args.append(contentsOf: ["-o", "IdentitiesOnly=yes"])
- args.append(contentsOf: ["-i", identity])
- }
- let userHost = parsed.user.map { "\($0)@\(parsed.host)" } ?? parsed.host
- args.append(userHost)
-
// Run the real clawdbot CLI on the remote host.
let exportedPath = [
"/opt/homebrew/bin",
@@ -324,7 +308,7 @@ enum CommandResolver {
} else {
"""
PRJ=\(self.shellQuote(userPRJ))
- cd \(self.shellQuote(userPRJ)) || { echo "Project root not found: \(userPRJ)"; exit 127; }
+ cd "$PRJ" || { echo "Project root not found: $PRJ"; exit 127; }
"""
}
@@ -378,7 +362,16 @@ enum CommandResolver {
echo "clawdbot CLI missing on remote host"; exit 127;
fi
"""
- args.append(contentsOf: ["/bin/sh", "-c", scriptBody])
+ let options: [String] = [
+ "-o", "BatchMode=yes",
+ "-o", "StrictHostKeyChecking=accept-new",
+ "-o", "UpdateHostKeys=yes",
+ ]
+ let args = self.sshArguments(
+ target: parsed,
+ identity: settings.identity,
+ options: options,
+ remoteCommand: ["/bin/sh", "-c", scriptBody])
return ["/usr/bin/ssh"] + args
}
@@ -427,8 +420,11 @@ enum CommandResolver {
}
static func parseSSHTarget(_ target: String) -> SSHParsedTarget? {
- let trimmed = target.trimmingCharacters(in: .whitespacesAndNewlines)
+ let trimmed = self.normalizeSSHTargetInput(target)
guard !trimmed.isEmpty else { return nil }
+ if trimmed.rangeOfCharacter(from: CharacterSet.whitespacesAndNewlines.union(.controlCharacters)) != nil {
+ return nil
+ }
let userHostPort: String
let user: String?
if let atRange = trimmed.range(of: "@") {
@@ -444,13 +440,31 @@ enum CommandResolver {
if let colon = userHostPort.lastIndex(of: ":"), colon != userHostPort.startIndex {
host = String(userHostPort[.. 0, parsedPort <= 65535 else {
+ return nil
+ }
+ port = parsedPort
} else {
host = userHostPort
port = 22
}
- return SSHParsedTarget(user: user, host: host, port: port)
+ return self.makeSSHTarget(user: user, host: host, port: port)
+ }
+
+ static func sshTargetValidationMessage(_ target: String) -> String? {
+ let trimmed = self.normalizeSSHTargetInput(target)
+ guard !trimmed.isEmpty else { return nil }
+ if trimmed.hasPrefix("-") {
+ return "SSH target cannot start with '-'"
+ }
+ if trimmed.rangeOfCharacter(from: CharacterSet.whitespacesAndNewlines.union(.controlCharacters)) != nil {
+ return "SSH target cannot contain spaces"
+ }
+ if self.parseSSHTarget(trimmed) == nil {
+ return "SSH target must look like user@host[:port]"
+ }
+ return nil
}
private static func shellQuote(_ text: String) -> String {
@@ -468,6 +482,64 @@ enum CommandResolver {
return URL(fileURLWithPath: expanded)
}
+ private static func normalizeSSHTargetInput(_ target: String) -> String {
+ var trimmed = target.trimmingCharacters(in: .whitespacesAndNewlines)
+ if trimmed.hasPrefix("ssh ") {
+ trimmed = trimmed.replacingOccurrences(of: "ssh ", with: "")
+ .trimmingCharacters(in: .whitespacesAndNewlines)
+ }
+ return trimmed
+ }
+
+ private static func isValidSSHComponent(_ value: String, allowLeadingDash: Bool = false) -> Bool {
+ if value.isEmpty { return false }
+ if !allowLeadingDash, value.hasPrefix("-") { return false }
+ let invalid = CharacterSet.whitespacesAndNewlines.union(.controlCharacters)
+ return value.rangeOfCharacter(from: invalid) == nil
+ }
+
+ static func makeSSHTarget(user: String?, host: String, port: Int) -> SSHParsedTarget? {
+ let trimmedHost = host.trimmingCharacters(in: .whitespacesAndNewlines)
+ guard self.isValidSSHComponent(trimmedHost) else { return nil }
+ let trimmedUser = user?.trimmingCharacters(in: .whitespacesAndNewlines)
+ let normalizedUser: String?
+ if let trimmedUser {
+ guard self.isValidSSHComponent(trimmedUser) else { return nil }
+ normalizedUser = trimmedUser.isEmpty ? nil : trimmedUser
+ } else {
+ normalizedUser = nil
+ }
+ guard port > 0, port <= 65535 else { return nil }
+ return SSHParsedTarget(user: normalizedUser, host: trimmedHost, port: port)
+ }
+
+ private static func sshTargetString(_ target: SSHParsedTarget) -> String {
+ target.user.map { "\($0)@\(target.host)" } ?? target.host
+ }
+
+ static func sshArguments(
+ target: SSHParsedTarget,
+ identity: String,
+ options: [String],
+ remoteCommand: [String] = []) -> [String]
+ {
+ var args = options
+ if target.port > 0 {
+ args.append(contentsOf: ["-p", String(target.port)])
+ }
+ let trimmedIdentity = identity.trimmingCharacters(in: .whitespacesAndNewlines)
+ if !trimmedIdentity.isEmpty {
+ // Only use IdentitiesOnly when an explicit identity file is provided.
+ // This allows 1Password SSH agent and other SSH agents to provide keys.
+ args.append(contentsOf: ["-o", "IdentitiesOnly=yes"])
+ args.append(contentsOf: ["-i", trimmedIdentity])
+ }
+ args.append("--")
+ args.append(self.sshTargetString(target))
+ args.append(contentsOf: remoteCommand)
+ return args
+ }
+
#if SWIFT_PACKAGE
static func _testNodeManagerBinPaths(home: URL) -> [String] {
self.nodeManagerBinPaths(home: home)
diff --git a/apps/macos/Sources/Clawdbot/GeneralSettings.swift b/apps/macos/Sources/Clawdbot/GeneralSettings.swift
index 18dd423a2..b315ad32e 100644
--- a/apps/macos/Sources/Clawdbot/GeneralSettings.swift
+++ b/apps/macos/Sources/Clawdbot/GeneralSettings.swift
@@ -243,25 +243,36 @@ struct GeneralSettings: View {
}
private var remoteSshRow: some View {
- HStack(alignment: .center, spacing: 10) {
- Text("SSH target")
- .font(.callout.weight(.semibold))
- .frame(width: self.remoteLabelWidth, alignment: .leading)
- TextField("user@host[:22]", text: self.$state.remoteTarget)
- .textFieldStyle(.roundedBorder)
- .frame(maxWidth: .infinity)
- Button {
- Task { await self.testRemote() }
- } label: {
- if self.remoteStatus == .checking {
- ProgressView().controlSize(.small)
- } else {
- Text("Test remote")
+ let trimmedTarget = self.state.remoteTarget.trimmingCharacters(in: .whitespacesAndNewlines)
+ let validationMessage = CommandResolver.sshTargetValidationMessage(trimmedTarget)
+ let canTest = !trimmedTarget.isEmpty && validationMessage == nil
+
+ return VStack(alignment: .leading, spacing: 4) {
+ HStack(alignment: .center, spacing: 10) {
+ Text("SSH target")
+ .font(.callout.weight(.semibold))
+ .frame(width: self.remoteLabelWidth, alignment: .leading)
+ TextField("user@host[:22]", text: self.$state.remoteTarget)
+ .textFieldStyle(.roundedBorder)
+ .frame(maxWidth: .infinity)
+ Button {
+ Task { await self.testRemote() }
+ } label: {
+ if self.remoteStatus == .checking {
+ ProgressView().controlSize(.small)
+ } else {
+ Text("Test remote")
+ }
}
+ .buttonStyle(.borderedProminent)
+ .disabled(self.remoteStatus == .checking || !canTest)
+ }
+ if let validationMessage {
+ Text(validationMessage)
+ .font(.caption)
+ .foregroundStyle(.red)
+ .padding(.leading, self.remoteLabelWidth + 10)
}
- .buttonStyle(.borderedProminent)
- .disabled(self.remoteStatus == .checking || self.state.remoteTarget
- .trimmingCharacters(in: .whitespacesAndNewlines).isEmpty)
}
}
@@ -540,8 +551,15 @@ extension GeneralSettings {
}
// Step 1: basic SSH reachability check
+ guard let sshCommand = Self.sshCheckCommand(
+ target: settings.target,
+ identity: settings.identity)
+ else {
+ self.remoteStatus = .failed("SSH target is invalid")
+ return
+ }
let sshResult = await ShellExecutor.run(
- command: Self.sshCheckCommand(target: settings.target, identity: settings.identity),
+ command: sshCommand,
cwd: nil,
env: nil,
timeout: 8)
@@ -587,20 +605,20 @@ extension GeneralSettings {
return !host.isEmpty
}
- private static func sshCheckCommand(target: String, identity: String) -> [String] {
- var args: [String] = [
- "/usr/bin/ssh",
+ private static func sshCheckCommand(target: String, identity: String) -> [String]? {
+ guard let parsed = CommandResolver.parseSSHTarget(target) else { return nil }
+ let options = [
"-o", "BatchMode=yes",
"-o", "ConnectTimeout=5",
"-o", "StrictHostKeyChecking=accept-new",
"-o", "UpdateHostKeys=yes",
]
- if !identity.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty {
- args.append(contentsOf: ["-i", identity])
- }
- args.append(target)
- args.append("echo ok")
- return args
+ let args = CommandResolver.sshArguments(
+ target: parsed,
+ identity: identity,
+ options: options,
+ remoteCommand: ["echo", "ok"])
+ return ["/usr/bin/ssh"] + args
}
private func formatSSHFailure(_ response: Response, target: String) -> String {
diff --git a/apps/macos/Sources/Clawdbot/NodePairingApprovalPrompter.swift b/apps/macos/Sources/Clawdbot/NodePairingApprovalPrompter.swift
index b3f7e9295..e81b7a914 100644
--- a/apps/macos/Sources/Clawdbot/NodePairingApprovalPrompter.swift
+++ b/apps/macos/Sources/Clawdbot/NodePairingApprovalPrompter.swift
@@ -559,22 +559,21 @@ final class NodePairingApprovalPrompter {
let process = Process()
process.executableURL = URL(fileURLWithPath: "/usr/bin/ssh")
- var args = [
- "-o",
- "BatchMode=yes",
- "-o",
- "ConnectTimeout=5",
- "-o",
- "NumberOfPasswordPrompts=0",
- "-o",
- "PreferredAuthentications=publickey",
- "-o",
- "StrictHostKeyChecking=accept-new",
+ let options = [
+ "-o", "BatchMode=yes",
+ "-o", "ConnectTimeout=5",
+ "-o", "NumberOfPasswordPrompts=0",
+ "-o", "PreferredAuthentications=publickey",
+ "-o", "StrictHostKeyChecking=accept-new",
]
- if port > 0, port != 22 {
- args.append(contentsOf: ["-p", String(port)])
+ guard let target = CommandResolver.makeSSHTarget(user: user, host: host, port: port) else {
+ return false
}
- args.append(contentsOf: ["-l", user, host, "/usr/bin/true"])
+ let args = CommandResolver.sshArguments(
+ target: target,
+ identity: "",
+ options: options,
+ remoteCommand: ["/usr/bin/true"])
process.arguments = args
let pipe = Pipe()
process.standardOutput = pipe
diff --git a/apps/macos/Sources/Clawdbot/OnboardingView+Pages.swift b/apps/macos/Sources/Clawdbot/OnboardingView+Pages.swift
index 5c5eead34..9abbcf972 100644
--- a/apps/macos/Sources/Clawdbot/OnboardingView+Pages.swift
+++ b/apps/macos/Sources/Clawdbot/OnboardingView+Pages.swift
@@ -206,6 +206,16 @@ extension OnboardingView {
.textFieldStyle(.roundedBorder)
.frame(width: fieldWidth)
}
+ if let message = CommandResolver.sshTargetValidationMessage(self.state.remoteTarget) {
+ GridRow {
+ Text("")
+ .frame(width: labelWidth, alignment: .leading)
+ Text(message)
+ .font(.caption)
+ .foregroundStyle(.red)
+ .frame(width: fieldWidth, alignment: .leading)
+ }
+ }
GridRow {
Text("Identity file")
.font(.callout.weight(.semibold))
diff --git a/apps/macos/Sources/Clawdbot/RemotePortTunnel.swift b/apps/macos/Sources/Clawdbot/RemotePortTunnel.swift
index 8eaee1c05..4206a3750 100644
--- a/apps/macos/Sources/Clawdbot/RemotePortTunnel.swift
+++ b/apps/macos/Sources/Clawdbot/RemotePortTunnel.swift
@@ -70,7 +70,7 @@ final class RemotePortTunnel {
"ssh tunnel using default remote port " +
"host=\(sshHost, privacy: .public) port=\(remotePort, privacy: .public)")
}
- var args: [String] = [
+ let options: [String] = [
"-o", "BatchMode=yes",
"-o", "ExitOnForwardFailure=yes",
"-o", "StrictHostKeyChecking=accept-new",
@@ -81,16 +81,11 @@ final class RemotePortTunnel {
"-N",
"-L", "\(localPort):127.0.0.1:\(resolvedRemotePort)",
]
- if parsed.port > 0 { args.append(contentsOf: ["-p", String(parsed.port)]) }
let identity = settings.identity.trimmingCharacters(in: .whitespacesAndNewlines)
- if !identity.isEmpty {
- // Only use IdentitiesOnly when an explicit identity file is provided.
- // This allows 1Password SSH agent and other SSH agents to provide keys.
- args.append(contentsOf: ["-o", "IdentitiesOnly=yes"])
- args.append(contentsOf: ["-i", identity])
- }
- let userHost = parsed.user.map { "\($0)@\(parsed.host)" } ?? parsed.host
- args.append(userHost)
+ let args = CommandResolver.sshArguments(
+ target: parsed,
+ identity: identity,
+ options: options)
let process = Process()
process.executableURL = URL(fileURLWithPath: "/usr/bin/ssh")
diff --git a/apps/macos/Tests/ClawdbotIPCTests/CommandResolverTests.swift b/apps/macos/Tests/ClawdbotIPCTests/CommandResolverTests.swift
index 827057888..d8daa17f6 100644
--- a/apps/macos/Tests/ClawdbotIPCTests/CommandResolverTests.swift
+++ b/apps/macos/Tests/ClawdbotIPCTests/CommandResolverTests.swift
@@ -123,11 +123,16 @@ import Testing
configRoot: [:])
#expect(cmd.first == "/usr/bin/ssh")
- #expect(cmd.contains("clawd@example.com"))
+ if let marker = cmd.firstIndex(of: "--") {
+ #expect(cmd[marker + 1] == "clawd@example.com")
+ } else {
+ #expect(Bool(false))
+ }
#expect(cmd.contains("-i"))
#expect(cmd.contains("/tmp/id_ed25519"))
if let script = cmd.last {
- #expect(script.contains("cd '/srv/clawdbot'"))
+ #expect(script.contains("PRJ='/srv/clawdbot'"))
+ #expect(script.contains("cd \"$PRJ\""))
#expect(script.contains("clawdbot"))
#expect(script.contains("status"))
#expect(script.contains("--json"))
@@ -135,6 +140,12 @@ import Testing
}
}
+ @Test func rejectsUnsafeSSHTargets() async throws {
+ #expect(CommandResolver.parseSSHTarget("-oProxyCommand=calc") == nil)
+ #expect(CommandResolver.parseSSHTarget("host:-oProxyCommand=calc") == nil)
+ #expect(CommandResolver.parseSSHTarget("user@host:2222")?.port == 2222)
+ }
+
@Test func configRootLocalOverridesRemoteDefaults() async throws {
let defaults = self.makeDefaults()
defaults.set(AppState.ConnectionMode.remote.rawValue, forKey: connectionModeKey)
diff --git a/apps/macos/Tests/ClawdbotIPCTests/MasterDiscoveryMenuSmokeTests.swift b/apps/macos/Tests/ClawdbotIPCTests/MasterDiscoveryMenuSmokeTests.swift
index 10630c202..2541e0634 100644
--- a/apps/macos/Tests/ClawdbotIPCTests/MasterDiscoveryMenuSmokeTests.swift
+++ b/apps/macos/Tests/ClawdbotIPCTests/MasterDiscoveryMenuSmokeTests.swift
@@ -11,7 +11,12 @@ struct MasterDiscoveryMenuSmokeTests {
discovery.statusText = "Searching…"
discovery.gateways = []
- let view = GatewayDiscoveryInlineList(discovery: discovery, currentTarget: nil, onSelect: { _ in })
+ let view = GatewayDiscoveryInlineList(
+ discovery: discovery,
+ currentTarget: nil,
+ currentUrl: nil,
+ transport: .ssh,
+ onSelect: { _ in })
_ = view.body
}
@@ -32,7 +37,12 @@ struct MasterDiscoveryMenuSmokeTests {
]
let currentTarget = "\(NSUserName())@office.tailnet-123.ts.net:2222"
- let view = GatewayDiscoveryInlineList(discovery: discovery, currentTarget: currentTarget, onSelect: { _ in })
+ let view = GatewayDiscoveryInlineList(
+ discovery: discovery,
+ currentTarget: currentTarget,
+ currentUrl: nil,
+ transport: .ssh,
+ onSelect: { _ in })
_ = view.body
}
diff --git a/docs/assets/terminal.css b/docs/assets/terminal.css
index 23283d651..e5e51af9e 100644
--- a/docs/assets/terminal.css
+++ b/docs/assets/terminal.css
@@ -115,6 +115,9 @@ body::after {
}
.shell {
+ position: sticky;
+ top: 0;
+ z-index: 100;
padding: 22px 16px 10px;
}
diff --git a/docs/automation/cron-vs-heartbeat.md b/docs/automation/cron-vs-heartbeat.md
index 333a45d0b..325575602 100644
--- a/docs/automation/cron-vs-heartbeat.md
+++ b/docs/automation/cron-vs-heartbeat.md
@@ -201,7 +201,7 @@ For ad-hoc workflows, call Lobster directly.
- Lobster runs as a **local subprocess** (`lobster` CLI) in tool mode and returns a **JSON envelope**.
- If the tool returns `needs_approval`, you resume with a `resumeToken` and `approve` flag.
-- The tool is an **optional plugin**; you must allowlist `lobster` in `tools.allow`.
+- The tool is an **optional plugin**; enable it additively via `tools.alsoAllow: ["lobster"]` (recommended).
- If you pass `lobsterPath`, it must be an **absolute path**.
See [Lobster](/tools/lobster) for full usage and examples.
diff --git a/docs/automation/gmail-pubsub.md b/docs/automation/gmail-pubsub.md
index 94feba3d7..6c84fdb5e 100644
--- a/docs/automation/gmail-pubsub.md
+++ b/docs/automation/gmail-pubsub.md
@@ -83,6 +83,8 @@ Notes:
- Per-hook `model`/`thinking` in the mapping still overrides these defaults.
- Fallback order: `hooks.gmail.model` → `agents.defaults.model.fallbacks` → primary (auth/rate-limit/timeouts).
- If `agents.defaults.models` is set, the Gmail model must be in the allowlist.
+- Gmail hook content is wrapped with external-content safety boundaries by default.
+ To disable (dangerous), set `hooks.gmail.allowUnsafeExternalContent: true`.
To customize payload handling further, add `hooks.mappings` or a JS/TS transform module
under `hooks.transformsDir` (see [Webhooks](/automation/webhook)).
diff --git a/docs/automation/webhook.md b/docs/automation/webhook.md
index 0828483d2..12fc6b92a 100644
--- a/docs/automation/webhook.md
+++ b/docs/automation/webhook.md
@@ -27,10 +27,10 @@ Notes:
## Auth
-Every request must include the hook token:
-- `Authorization: Bearer `
-- or `x-clawdbot-token: `
-- or `?token=`
+Every request must include the hook token. Prefer headers:
+- `Authorization: Bearer ` (recommended)
+- `x-clawdbot-token: `
+- `?token=` (deprecated; logs a warning and will be removed in a future major release)
## Endpoints
@@ -96,6 +96,8 @@ Mapping options (summary):
- TS transforms require a TS loader (e.g. `bun` or `tsx`) or precompiled `.js` at runtime.
- Set `deliver: true` + `channel`/`to` on mappings to route replies to a chat surface
(`channel` defaults to `last` and falls back to WhatsApp).
+- `allowUnsafeExternalContent: true` disables the external content safety wrapper for that hook
+ (dangerous; only for trusted internal sources).
- `clawdbot webhooks gmail setup` writes `hooks.gmail` config for `clawdbot webhooks gmail run`.
See [Gmail Pub/Sub](/automation/gmail-pubsub) for the full Gmail watch flow.
@@ -148,3 +150,6 @@ curl -X POST http://127.0.0.1:18789/hooks/gmail \
- Keep hook endpoints behind loopback, tailnet, or trusted reverse proxy.
- Use a dedicated hook token; do not reuse gateway auth tokens.
- Avoid including sensitive raw payloads in webhook logs.
+- Hook payloads are treated as untrusted and wrapped with safety boundaries by default.
+ If you must disable this for a specific hook, set `allowUnsafeExternalContent: true`
+ in that hook's mapping (dangerous).
diff --git a/docs/channels/discord.md b/docs/channels/discord.md
index 12dd28084..395f13c6a 100644
--- a/docs/channels/discord.md
+++ b/docs/channels/discord.md
@@ -10,13 +10,14 @@ Status: ready for DM and guild text channels via the official Discord bot gatewa
## Quick setup (beginner)
1) Create a Discord bot and copy the bot token.
-2) Set the token for Clawdbot:
+2) In the Discord app settings, enable **Message Content Intent** (and **Server Members Intent** if you plan to use allowlists or name lookups).
+3) Set the token for Clawdbot:
- Env: `DISCORD_BOT_TOKEN=...`
- Or config: `channels.discord.token: "..."`.
- If both are set, config takes precedence (env fallback is default-account only).
-3) Invite the bot to your server with message permissions.
-4) Start the gateway.
-5) DM access is pairing by default; approve the pairing code on first contact.
+4) Invite the bot to your server with message permissions (create a private server if you just want DMs).
+5) Start the gateway.
+6) DM access is pairing by default; approve the pairing code on first contact.
Minimal config:
```json5
diff --git a/docs/channels/index.md b/docs/channels/index.md
index 52e963b87..4c2f77581 100644
--- a/docs/channels/index.md
+++ b/docs/channels/index.md
@@ -21,10 +21,12 @@ Text is supported everywhere; media and reactions vary by channel.
- [BlueBubbles](/channels/bluebubbles) — **Recommended for iMessage**; uses the BlueBubbles macOS server REST API with full feature support (edit, unsend, effects, reactions, group management — edit currently broken on macOS 26 Tahoe).
- [iMessage](/channels/imessage) — macOS only; native integration via imsg (legacy, consider BlueBubbles for new setups).
- [Microsoft Teams](/channels/msteams) — Bot Framework; enterprise support (plugin, installed separately).
+- [LINE](/channels/line) — LINE Messaging API bot (plugin, installed separately).
- [Nextcloud Talk](/channels/nextcloud-talk) — Self-hosted chat via Nextcloud Talk (plugin, installed separately).
- [Matrix](/channels/matrix) — Matrix protocol (plugin, installed separately).
- [Nostr](/channels/nostr) — Decentralized DMs via NIP-04 (plugin, installed separately).
- [Tlon](/channels/tlon) — Urbit-based messenger (plugin, installed separately).
+- [Twitch](/channels/twitch) — Twitch chat via IRC connection (plugin, installed separately).
- [Zalo](/channels/zalo) — Zalo Bot API; Vietnam's popular messenger (plugin, installed separately).
- [Zalo Personal](/channels/zalouser) — Zalo personal account via QR login (plugin, installed separately).
- [WebChat](/web/webchat) — Gateway WebChat UI over WebSocket.
diff --git a/docs/channels/line.md b/docs/channels/line.md
new file mode 100644
index 000000000..40ed2f9f6
--- /dev/null
+++ b/docs/channels/line.md
@@ -0,0 +1,183 @@
+---
+summary: "LINE Messaging API plugin setup, config, and usage"
+read_when:
+ - You want to connect Clawdbot to LINE
+ - You need LINE webhook + credential setup
+ - You want LINE-specific message options
+---
+
+# LINE (plugin)
+
+LINE connects to Clawdbot via the LINE Messaging API. The plugin runs as a webhook
+receiver on the gateway and uses your channel access token + channel secret for
+authentication.
+
+Status: supported via plugin. Direct messages, group chats, media, locations, Flex
+messages, template messages, and quick replies are supported. Reactions and threads
+are not supported.
+
+## Plugin required
+
+Install the LINE plugin:
+
+```bash
+clawdbot plugins install @clawdbot/line
+```
+
+Local checkout (when running from a git repo):
+
+```bash
+clawdbot plugins install ./extensions/line
+```
+
+## Setup
+
+1) Create a LINE Developers account and open the Console:
+ https://developers.line.biz/console/
+2) Create (or pick) a Provider and add a **Messaging API** channel.
+3) Copy the **Channel access token** and **Channel secret** from the channel settings.
+4) Enable **Use webhook** in the Messaging API settings.
+5) Set the webhook URL to your gateway endpoint (HTTPS required):
+
+```
+https://gateway-host/line/webhook
+```
+
+The gateway responds to LINE’s webhook verification (GET) and inbound events (POST).
+If you need a custom path, set `channels.line.webhookPath` or
+`channels.line.accounts..webhookPath` and update the URL accordingly.
+
+## Configure
+
+Minimal config:
+
+```json5
+{
+ channels: {
+ line: {
+ enabled: true,
+ channelAccessToken: "LINE_CHANNEL_ACCESS_TOKEN",
+ channelSecret: "LINE_CHANNEL_SECRET",
+ dmPolicy: "pairing"
+ }
+ }
+}
+```
+
+Env vars (default account only):
+
+- `LINE_CHANNEL_ACCESS_TOKEN`
+- `LINE_CHANNEL_SECRET`
+
+Token/secret files:
+
+```json5
+{
+ channels: {
+ line: {
+ tokenFile: "/path/to/line-token.txt",
+ secretFile: "/path/to/line-secret.txt"
+ }
+ }
+}
+```
+
+Multiple accounts:
+
+```json5
+{
+ channels: {
+ line: {
+ accounts: {
+ marketing: {
+ channelAccessToken: "...",
+ channelSecret: "...",
+ webhookPath: "/line/marketing"
+ }
+ }
+ }
+ }
+}
+```
+
+## Access control
+
+Direct messages default to pairing. Unknown senders get a pairing code and their
+messages are ignored until approved.
+
+```bash
+clawdbot pairing list line
+clawdbot pairing approve line
+```
+
+Allowlists and policies:
+
+- `channels.line.dmPolicy`: `pairing | allowlist | open | disabled`
+- `channels.line.allowFrom`: allowlisted LINE user IDs for DMs
+- `channels.line.groupPolicy`: `allowlist | open | disabled`
+- `channels.line.groupAllowFrom`: allowlisted LINE user IDs for groups
+- Per-group overrides: `channels.line.groups..allowFrom`
+
+LINE IDs are case-sensitive. Valid IDs look like:
+
+- User: `U` + 32 hex chars
+- Group: `C` + 32 hex chars
+- Room: `R` + 32 hex chars
+
+## Message behavior
+
+- Text is chunked at 5000 characters.
+- Markdown formatting is stripped; code blocks and tables are converted into Flex
+ cards when possible.
+- Streaming responses are buffered; LINE receives full chunks with a loading
+ animation while the agent works.
+- Media downloads are capped by `channels.line.mediaMaxMb` (default 10).
+
+## Channel data (rich messages)
+
+Use `channelData.line` to send quick replies, locations, Flex cards, or template
+messages.
+
+```json5
+{
+ text: "Here you go",
+ channelData: {
+ line: {
+ quickReplies: ["Status", "Help"],
+ location: {
+ title: "Office",
+ address: "123 Main St",
+ latitude: 35.681236,
+ longitude: 139.767125
+ },
+ flexMessage: {
+ altText: "Status card",
+ contents: { /* Flex payload */ }
+ },
+ templateMessage: {
+ type: "confirm",
+ text: "Proceed?",
+ confirmLabel: "Yes",
+ confirmData: "yes",
+ cancelLabel: "No",
+ cancelData: "no"
+ }
+ }
+ }
+}
+```
+
+The LINE plugin also ships a `/card` command for Flex message presets:
+
+```
+/card info "Welcome" "Thanks for joining!"
+```
+
+## Troubleshooting
+
+- **Webhook verification fails:** ensure the webhook URL is HTTPS and the
+ `channelSecret` matches the LINE console.
+- **No inbound events:** confirm the webhook path matches `channels.line.webhookPath`
+ and that the gateway is reachable from LINE.
+- **Media download errors:** raise `channels.line.mediaMaxMb` if media exceeds the
+ default limit.
diff --git a/docs/channels/matrix.md b/docs/channels/matrix.md
index 2d9025f51..8151bfed1 100644
--- a/docs/channels/matrix.md
+++ b/docs/channels/matrix.md
@@ -10,7 +10,7 @@ on any homeserver, so you need a Matrix account for the bot. Once it is logged i
the bot directly or invite it to rooms (Matrix "groups"). Beeper is a valid client option too,
but it requires E2EE to be enabled.
-Status: supported via plugin (matrix-bot-sdk). Direct messages, rooms, threads, media, reactions,
+Status: supported via plugin (@vector-im/matrix-bot-sdk). Direct messages, rooms, threads, media, reactions,
polls (send + poll-start as text), location, and E2EE (with crypto support).
## Plugin required
diff --git a/docs/channels/telegram.md b/docs/channels/telegram.md
index e708e2e64..39f3a2ec3 100644
--- a/docs/channels/telegram.md
+++ b/docs/channels/telegram.md
@@ -529,6 +529,7 @@ Provider options:
- `channels.telegram.streamMode`: `off | partial | block` (draft streaming).
- `channels.telegram.mediaMaxMb`: inbound/outbound media cap (MB).
- `channels.telegram.retry`: retry policy for outbound Telegram API calls (attempts, minDelayMs, maxDelayMs, jitter).
+- `channels.telegram.network.autoSelectFamily`: override Node autoSelectFamily (true=enable, false=disable). Defaults to disabled on Node 22 to avoid Happy Eyeballs timeouts.
- `channels.telegram.proxy`: proxy URL for Bot API calls (SOCKS/HTTP).
- `channels.telegram.webhookUrl`: enable webhook mode.
- `channels.telegram.webhookSecret`: webhook secret (optional).
diff --git a/docs/channels/twitch.md b/docs/channels/twitch.md
new file mode 100644
index 000000000..e92a6c255
--- /dev/null
+++ b/docs/channels/twitch.md
@@ -0,0 +1,366 @@
+---
+summary: "Twitch chat bot configuration and setup"
+read_when:
+ - Setting up Twitch chat integration for Clawdbot
+---
+# Twitch (plugin)
+
+Twitch chat support via IRC connection. Clawdbot connects as a Twitch user (bot account) to receive and send messages in channels.
+
+## Plugin required
+
+Twitch ships as a plugin and is not bundled with the core install.
+
+Install via CLI (npm registry):
+
+```bash
+clawdbot plugins install @clawdbot/twitch
+```
+
+Local checkout (when running from a git repo):
+
+```bash
+clawdbot plugins install ./extensions/twitch
+```
+
+Details: [Plugins](/plugin)
+
+## Quick setup (beginner)
+
+1) Create a dedicated Twitch account for the bot (or use an existing account).
+2) Generate credentials: [Twitch Token Generator](https://twitchtokengenerator.com/)
+ - Select **Bot Token**
+ - Verify scopes `chat:read` and `chat:write` are selected
+ - Copy the **Client ID** and **Access Token**
+3) Find your Twitch user ID: https://www.streamweasels.com/tools/convert-twitch-username-to-user-id/
+4) Configure the token:
+ - Env: `CLAWDBOT_TWITCH_ACCESS_TOKEN=...` (default account only)
+ - Or config: `channels.twitch.accessToken`
+ - If both are set, config takes precedence (env fallback is default-account only).
+5) Start the gateway.
+
+**⚠️ Important:** Add access control (`allowFrom` or `allowedRoles`) to prevent unauthorized users from triggering the bot. `requireMention` defaults to `true`.
+
+Minimal config:
+
+```json5
+{
+ channels: {
+ twitch: {
+ enabled: true,
+ username: "clawdbot", // Bot's Twitch account
+ accessToken: "oauth:abc123...", // OAuth Access Token (or use CLAWDBOT_TWITCH_ACCESS_TOKEN env var)
+ clientId: "xyz789...", // Client ID from Token Generator
+ channel: "vevisk", // Which Twitch channel's chat to join (required)
+ allowFrom: ["123456789"] // (recommended) Your Twitch user ID only - get it from https://www.streamweasels.com/tools/convert-twitch-username-to-user-id/
+ }
+ }
+}
+```
+
+## What it is
+
+- A Twitch channel owned by the Gateway.
+- Deterministic routing: replies always go back to Twitch.
+- Each account maps to an isolated session key `agent::twitch:`.
+- `username` is the bot's account (who authenticates), `channel` is which chat room to join.
+
+## Setup (detailed)
+
+### Generate credentials
+
+Use [Twitch Token Generator](https://twitchtokengenerator.com/):
+- Select **Bot Token**
+- Verify scopes `chat:read` and `chat:write` are selected
+- Copy the **Client ID** and **Access Token**
+
+No manual app registration needed. Tokens expire after several hours.
+
+### Configure the bot
+
+**Env var (default account only):**
+```bash
+CLAWDBOT_TWITCH_ACCESS_TOKEN=oauth:abc123...
+```
+
+**Or config:**
+```json5
+{
+ channels: {
+ twitch: {
+ enabled: true,
+ username: "clawdbot",
+ accessToken: "oauth:abc123...",
+ clientId: "xyz789...",
+ channel: "vevisk"
+ }
+ }
+}
+```
+
+If both env and config are set, config takes precedence.
+
+### Access control (recommended)
+
+```json5
+{
+ channels: {
+ twitch: {
+ allowFrom: ["123456789"], // (recommended) Your Twitch user ID only
+ allowedRoles: ["moderator"] // Or restrict to roles
+ }
+ }
+}
+```
+
+**Available roles:** `"moderator"`, `"owner"`, `"vip"`, `"subscriber"`, `"all"`.
+
+**Why user IDs?** Usernames can change, allowing impersonation. User IDs are permanent.
+
+Find your Twitch user ID: https://www.streamweasels.com/tools/convert-twitch-username-%20to-user-id/ (Convert your Twitch username to ID)
+
+## Token refresh (optional)
+
+Tokens from [Twitch Token Generator](https://twitchtokengenerator.com/) cannot be automatically refreshed - regenerate when expired.
+
+For automatic token refresh, create your own Twitch application at [Twitch Developer Console](https://dev.twitch.tv/console) and add to config:
+
+```json5
+{
+ channels: {
+ twitch: {
+ clientSecret: "your_client_secret",
+ refreshToken: "your_refresh_token"
+ }
+ }
+}
+```
+
+The bot automatically refreshes tokens before expiration and logs refresh events.
+
+## Multi-account support
+
+Use `channels.twitch.accounts` with per-account tokens. See [`gateway/configuration`](/gateway/configuration) for the shared pattern.
+
+Example (one bot account in two channels):
+
+```json5
+{
+ channels: {
+ twitch: {
+ accounts: {
+ channel1: {
+ username: "clawdbot",
+ accessToken: "oauth:abc123...",
+ clientId: "xyz789...",
+ channel: "vevisk"
+ },
+ channel2: {
+ username: "clawdbot",
+ accessToken: "oauth:def456...",
+ clientId: "uvw012...",
+ channel: "secondchannel"
+ }
+ }
+ }
+ }
+}
+```
+
+**Note:** Each account needs its own token (one token per channel).
+
+## Access control
+
+### Role-based restrictions
+
+```json5
+{
+ channels: {
+ twitch: {
+ accounts: {
+ default: {
+ allowedRoles: ["moderator", "vip"]
+ }
+ }
+ }
+ }
+}
+```
+
+### Allowlist by User ID (most secure)
+
+```json5
+{
+ channels: {
+ twitch: {
+ accounts: {
+ default: {
+ allowFrom: ["123456789", "987654321"]
+ }
+ }
+ }
+ }
+}
+```
+
+### Combined allowlist + roles
+
+Users in `allowFrom` bypass role checks:
+
+```json5
+{
+ channels: {
+ twitch: {
+ accounts: {
+ default: {
+ allowFrom: ["123456789"],
+ allowedRoles: ["moderator"]
+ }
+ }
+ }
+ }
+}
+```
+
+### Disable @mention requirement
+
+By default, `requireMention` is `true`. To disable and respond to all messages:
+
+```json5
+{
+ channels: {
+ twitch: {
+ accounts: {
+ default: {
+ requireMention: false
+ }
+ }
+ }
+ }
+}
+```
+
+## Troubleshooting
+
+First, run diagnostic commands:
+
+```bash
+clawdbot doctor
+clawdbot channels status --probe
+```
+
+### Bot doesn't respond to messages
+
+**Check access control:** Temporarily set `allowedRoles: ["all"]` to test.
+
+**Check the bot is in the channel:** The bot must join the channel specified in `channel`.
+
+### Token issues
+
+**"Failed to connect" or authentication errors:**
+- Verify `accessToken` is the OAuth access token value (typically starts with `oauth:` prefix)
+- Check token has `chat:read` and `chat:write` scopes
+- If using token refresh, verify `clientSecret` and `refreshToken` are set
+
+### Token refresh not working
+
+**Check logs for refresh events:**
+```
+Using env token source for mybot
+Access token refreshed for user 123456 (expires in 14400s)
+```
+
+If you see "token refresh disabled (no refresh token)":
+- Ensure `clientSecret` is provided
+- Ensure `refreshToken` is provided
+
+## Config
+
+**Account config:**
+- `username` - Bot username
+- `accessToken` - OAuth access token with `chat:read` and `chat:write`
+- `clientId` - Twitch Client ID (from Token Generator or your app)
+- `channel` - Channel to join (required)
+- `enabled` - Enable this account (default: `true`)
+- `clientSecret` - Optional: For automatic token refresh
+- `refreshToken` - Optional: For automatic token refresh
+- `expiresIn` - Token expiry in seconds
+- `obtainmentTimestamp` - Token obtained timestamp
+- `allowFrom` - User ID allowlist
+- `allowedRoles` - Role-based access control (`"moderator" | "owner" | "vip" | "subscriber" | "all"`)
+- `requireMention` - Require @mention (default: `true`)
+
+**Provider options:**
+- `channels.twitch.enabled` - Enable/disable channel startup
+- `channels.twitch.username` - Bot username (simplified single-account config)
+- `channels.twitch.accessToken` - OAuth access token (simplified single-account config)
+- `channels.twitch.clientId` - Twitch Client ID (simplified single-account config)
+- `channels.twitch.channel` - Channel to join (simplified single-account config)
+- `channels.twitch.accounts.` - Multi-account config (all account fields above)
+
+Full example:
+
+```json5
+{
+ channels: {
+ twitch: {
+ enabled: true,
+ username: "clawdbot",
+ accessToken: "oauth:abc123...",
+ clientId: "xyz789...",
+ channel: "vevisk",
+ clientSecret: "secret123...",
+ refreshToken: "refresh456...",
+ allowFrom: ["123456789"],
+ allowedRoles: ["moderator", "vip"],
+ accounts: {
+ default: {
+ username: "mybot",
+ accessToken: "oauth:abc123...",
+ clientId: "xyz789...",
+ channel: "your_channel",
+ enabled: true,
+ clientSecret: "secret123...",
+ refreshToken: "refresh456...",
+ expiresIn: 14400,
+ obtainmentTimestamp: 1706092800000,
+ allowFrom: ["123456789", "987654321"],
+ allowedRoles: ["moderator"]
+ }
+ }
+ }
+ }
+}
+```
+
+## Tool actions
+
+The agent can call `twitch` with action:
+- `send` - Send a message to a channel
+
+Example:
+
+```json5
+{
+ "action": "twitch",
+ "params": {
+ "message": "Hello Twitch!",
+ "to": "#mychannel"
+ }
+}
+```
+
+## Safety & ops
+
+- **Treat tokens like passwords** - Never commit tokens to git
+- **Use automatic token refresh** for long-running bots
+- **Use user ID allowlists** instead of usernames for access control
+- **Monitor logs** for token refresh events and connection status
+- **Scope tokens minimally** - Only request `chat:read` and `chat:write`
+- **If stuck**: Restart the gateway after confirming no other process owns the session
+
+## Limits
+
+- **500 characters** per message (auto-chunked at word boundaries)
+- Markdown is stripped before chunking
+- No rate limiting (uses Twitch's built-in rate limits)
diff --git a/docs/cli/index.md b/docs/cli/index.md
index d23ee3a5e..c49677cbf 100644
--- a/docs/cli/index.md
+++ b/docs/cli/index.md
@@ -297,7 +297,7 @@ Options:
- `--non-interactive`
- `--mode `
- `--flow ` (manual is an alias for advanced)
-- `--auth-choice `
+- `--auth-choice `
- `--token-provider ` (non-interactive; used with `--auth-choice token`)
- `--token ` (non-interactive; used with `--auth-choice token`)
- `--token-profile-id ` (non-interactive; default: `:manual`)
@@ -314,7 +314,7 @@ Options:
- `--opencode-zen-api-key `
- `--gateway-port `
- `--gateway-bind `
-- `--gateway-auth `
+- `--gateway-auth `
- `--gateway-token `
- `--gateway-password `
- `--remote-url `
@@ -358,7 +358,7 @@ Options:
Manage chat channel accounts (WhatsApp/Telegram/Discord/Google Chat/Slack/Mattermost (plugin)/Signal/iMessage/MS Teams).
Subcommands:
-- `channels list`: show configured channels and auth profiles (Claude Code + Codex CLI OAuth sync included).
+- `channels list`: show configured channels and auth profiles.
- `channels status`: check gateway reachability and channel health (`--probe` runs extra checks; use `clawdbot health` or `clawdbot status --deep` for gateway health probes).
- Tip: `channels status` prints warnings with suggested fixes when it can detect common misconfigurations (then points you to `clawdbot doctor`).
- `channels logs`: show recent channel logs from the gateway log file.
@@ -390,12 +390,6 @@ Common options:
- `--lines ` (default `200`)
- `--json`
-OAuth sync sources:
-- Claude Code → `anthropic:claude-cli`
- - macOS: Keychain item "Claude Code-credentials" (choose "Always Allow" to avoid launchd prompts)
- - Linux/Windows: `~/.claude/.credentials.json`
-- `~/.codex/auth.json` → `openai-codex:codex-cli`
-
More detail: [/concepts/oauth](/concepts/oauth)
Examples:
@@ -676,10 +670,11 @@ Tip: when calling `config.set`/`config.apply`/`config.patch` directly, pass `bas
See [/concepts/models](/concepts/models) for fallback behavior and scanning strategy.
-Preferred Anthropic auth (CLI token, not API key):
+Preferred Anthropic auth (setup-token):
```bash
claude setup-token
+clawdbot models auth setup-token --provider anthropic
clawdbot models status
```
diff --git a/docs/cli/models.md b/docs/cli/models.md
index ba4600ce4..cb0992121 100644
--- a/docs/cli/models.md
+++ b/docs/cli/models.md
@@ -64,5 +64,5 @@ clawdbot models auth paste-token
`clawdbot plugins list` to see which providers are installed.
Notes:
-- `setup-token` runs `claude setup-token` on the current machine (requires the Claude Code CLI).
-- `paste-token` accepts a token string generated elsewhere.
+- `setup-token` prompts for a setup-token value (generate it with `claude setup-token` on any machine).
+- `paste-token` accepts a token string generated elsewhere or from automation.
diff --git a/docs/cli/onboard.md b/docs/cli/onboard.md
index bd100c460..22cf0037e 100644
--- a/docs/cli/onboard.md
+++ b/docs/cli/onboard.md
@@ -23,3 +23,4 @@ clawdbot onboard --mode remote --remote-url ws://gateway-host:18789
Flow notes:
- `quickstart`: minimal prompts, auto-generates a gateway token.
- `manual`: full prompts for port/bind/auth (alias of `advanced`).
+- Fastest first chat: `clawdbot dashboard` (Control UI, no channel setup).
diff --git a/docs/concepts/model-providers.md b/docs/concepts/model-providers.md
index acbca6461..46dc4f749 100644
--- a/docs/concepts/model-providers.md
+++ b/docs/concepts/model-providers.md
@@ -49,9 +49,9 @@ Clawdbot ships with the pi‑ai catalog. These providers require **no**
### OpenAI Code (Codex)
- Provider: `openai-codex`
-- Auth: OAuth or Codex CLI (`~/.codex/auth.json`)
+- Auth: OAuth (ChatGPT)
- Example model: `openai-codex/gpt-5.2`
-- CLI: `clawdbot onboard --auth-choice openai-codex` or `codex-cli`
+- CLI: `clawdbot onboard --auth-choice openai-codex` or `clawdbot models auth login --provider openai-codex`
```json5
{
diff --git a/docs/concepts/oauth.md b/docs/concepts/oauth.md
index 8b2f54d1d..00fe3d656 100644
--- a/docs/concepts/oauth.md
+++ b/docs/concepts/oauth.md
@@ -1,18 +1,17 @@
---
-summary: "OAuth in Clawdbot: token exchange, storage, CLI sync, and multi-account patterns"
+summary: "OAuth in Clawdbot: token exchange, storage, and multi-account patterns"
read_when:
- You want to understand Clawdbot OAuth end-to-end
- You hit token invalidation / logout issues
- - You want to reuse Claude Code / Codex CLI OAuth tokens
+ - You want setup-token or OAuth auth flows
- You want multiple accounts or profile routing
---
# OAuth
-Clawdbot supports “subscription auth” via OAuth for providers that offer it (notably **Anthropic (Claude Pro/Max)** and **OpenAI Codex (ChatGPT OAuth)**). This page explains:
+Clawdbot supports “subscription auth” via OAuth for providers that offer it (notably **OpenAI Codex (ChatGPT OAuth)**). For Anthropic subscriptions, use the **setup-token** flow. This page explains:
- how the OAuth **token exchange** works (PKCE)
- where tokens are **stored** (and why)
-- how we **reuse external CLI tokens** (Claude Code / Codex CLI)
- how to handle **multiple accounts** (profiles + per-session overrides)
Clawdbot also supports **provider plugins** that ship their own OAuth or API‑key
@@ -31,7 +30,6 @@ Practical symptom:
To reduce that, Clawdbot treats `auth-profiles.json` as a **token sink**:
- the runtime reads credentials from **one place**
-- we can **sync in** credentials from external CLIs instead of doing a second login
- we can keep multiple profiles and route them deterministically
## Storage (where tokens live)
@@ -46,47 +44,39 @@ Legacy import-only file (still supported, but not the main store):
All of the above also respect `$CLAWDBOT_STATE_DIR` (state dir override). Full reference: [/gateway/configuration](/gateway/configuration#auth-storage-oauth--api-keys)
-## Reusing Claude Code / Codex CLI OAuth tokens (recommended)
+## Anthropic setup-token (subscription auth)
-If you already signed in with the external CLIs *on the gateway host*, Clawdbot can reuse those tokens without starting a separate OAuth flow:
+Run `claude setup-token` on any machine, then paste it into Clawdbot:
-- Claude Code: `anthropic:claude-cli`
- - macOS: Keychain item "Claude Code-credentials" (choose "Always Allow" to avoid launchd prompts)
- - Linux/Windows: `~/.claude/.credentials.json`
-- Codex CLI: reads `~/.codex/auth.json` → profile `openai-codex:codex-cli`
+```bash
+clawdbot models auth setup-token --provider anthropic
+```
-Sync happens when Clawdbot loads the auth store (so it stays up-to-date when the CLIs refresh tokens).
-On macOS, the first read may trigger a Keychain prompt; run `clawdbot models status`
-in a terminal once if the Gateway runs headless and can’t access the entry.
+If you generated the token elsewhere, paste it manually:
-How to verify:
+```bash
+clawdbot models auth paste-token --provider anthropic
+```
+
+Verify:
```bash
clawdbot models status
-clawdbot channels list
-```
-
-Or JSON:
-
-```bash
-clawdbot channels list --json
```
## OAuth exchange (how login works)
Clawdbot’s interactive login flows are implemented in `@mariozechner/pi-ai` and wired into the wizards/commands.
-### Anthropic (Claude Pro/Max)
+### Anthropic (Claude Pro/Max) setup-token
-Flow shape (PKCE):
+Flow shape:
-1) generate PKCE verifier/challenge
-2) open `https://claude.ai/oauth/authorize?...`
-3) user pastes `code#state`
-4) exchange at `https://console.anthropic.com/v1/oauth/token`
-5) store `{ access, refresh, expires }` under an auth profile
+1) run `claude setup-token`
+2) paste the token into Clawdbot
+3) store as a token auth profile (no refresh)
-The wizard path is `clawdbot onboard` → auth choice `oauth` (Anthropic).
+The wizard path is `clawdbot onboard` → auth choice `setup-token` (Anthropic).
### OpenAI Codex (ChatGPT OAuth)
@@ -99,7 +89,7 @@ Flow shape (PKCE):
5) exchange at `https://auth.openai.com/oauth/token`
6) extract `accountId` from the access token and store `{ access, refresh, expires, accountId }`
-Wizard path is `clawdbot onboard` → auth choice `openai-codex` (or `codex-cli` to reuse an existing Codex CLI login).
+Wizard path is `clawdbot onboard` → auth choice `openai-codex`.
## Refresh + expiry
@@ -111,23 +101,6 @@ At runtime:
The refresh flow is automatic; you generally don't need to manage tokens manually.
-### Bidirectional sync with Claude Code
-
-When Clawdbot refreshes an Anthropic OAuth token (profile `anthropic:claude-cli`), it **writes the new credentials back** to Claude Code's storage:
-
-- **Linux/Windows**: updates `~/.claude/.credentials.json`
-- **macOS**: updates Keychain item "Claude Code-credentials"
-
-This ensures both tools stay in sync and neither gets "logged out" after the other refreshes.
-
-**Why this matters for long-running agents:**
-
-Anthropic OAuth tokens expire after a few hours. Without bidirectional sync:
-1. Clawdbot refreshes the token → gets new access token
-2. Claude Code still has the old token → gets logged out
-
-With bidirectional sync, both tools always have the latest valid token, enabling autonomous operation for days or weeks without manual intervention.
-
## Multiple accounts (profiles) + routing
Two patterns:
diff --git a/docs/docs.json b/docs/docs.json
index b0f0ee802..01a338a18 100644
--- a/docs/docs.json
+++ b/docs/docs.json
@@ -117,6 +117,14 @@
"source": "/mattermost/",
"destination": "/channels/mattermost"
},
+ {
+ "source": "/line",
+ "destination": "/channels/line"
+ },
+ {
+ "source": "/line/",
+ "destination": "/channels/line"
+ },
{
"source": "/glm",
"destination": "/providers/glm"
@@ -197,6 +205,14 @@
"source": "/providers/msteams/",
"destination": "/channels/msteams"
},
+ {
+ "source": "/providers/line",
+ "destination": "/channels/line"
+ },
+ {
+ "source": "/providers/line/",
+ "destination": "/channels/line"
+ },
{
"source": "/providers/signal",
"destination": "/channels/signal"
@@ -329,10 +345,6 @@
"source": "/auth-monitoring",
"destination": "/automation/auth-monitoring"
},
- {
- "source": "/scripts",
- "destination": "/scripts"
- },
{
"source": "/camera",
"destination": "/nodes/camera"
@@ -789,6 +801,10 @@
"source": "/install/railway/",
"destination": "/railway"
},
+ {
+ "source": "/install/northflank/",
+ "destination": "/northflank"
+ },
{
"source": "/gcp",
"destination": "/platforms/gcp"
@@ -836,6 +852,7 @@
"install/docker",
"railway",
"render",
+ "northflank",
"install/bun"
]
},
@@ -974,6 +991,7 @@
"channels/signal",
"channels/imessage",
"channels/msteams",
+ "channels/line",
"channels/matrix",
"channels/zalo",
"channels/zalouser",
diff --git a/docs/gateway/authentication.md b/docs/gateway/authentication.md
index 5f6aa3723..e350242d4 100644
--- a/docs/gateway/authentication.md
+++ b/docs/gateway/authentication.md
@@ -1,5 +1,5 @@
---
-summary: "Model authentication: OAuth, API keys, and Claude Code token reuse"
+summary: "Model authentication: OAuth, API keys, and setup-token"
read_when:
- Debugging model auth or OAuth expiry
- Documenting authentication or credential storage
@@ -7,8 +7,8 @@ read_when:
# Authentication
Clawdbot supports OAuth and API keys for model providers. For Anthropic
-accounts, we recommend using an **API key**. Clawdbot can also reuse Claude Code
-credentials, including the long‑lived token created by `claude setup-token`.
+accounts, we recommend using an **API key**. For Claude subscription access,
+use the long‑lived token created by `claude setup-token`.
See [/concepts/oauth](/concepts/oauth) for the full OAuth flow and storage
layout.
@@ -47,29 +47,26 @@ API keys for daemon use: `clawdbot onboard`.
See [Help](/help) for details on env inheritance (`env.shellEnv`,
`~/.clawdbot/.env`, systemd/launchd).
-## Anthropic: Claude Code CLI setup-token (supported)
+## Anthropic: setup-token (subscription auth)
-For Anthropic, the recommended path is an **API key**. If you’re already using
-Claude Code CLI, the setup-token flow is also supported.
-Run it on the **gateway host**:
+For Anthropic, the recommended path is an **API key**. If you’re using a Claude
+subscription, the setup-token flow is also supported. Run it on the **gateway host**:
```bash
claude setup-token
```
-Then verify and sync into Clawdbot:
+Then paste it into Clawdbot:
```bash
-clawdbot models status
-clawdbot doctor
+clawdbot models auth setup-token --provider anthropic
```
-This should create (or refresh) an auth profile like `anthropic:claude-cli` in
-the agent auth store.
+If the token was created on another machine, paste it manually:
-Clawdbot config sets `auth.profiles["anthropic:claude-cli"].mode` to `"oauth"` so
-the profile accepts both OAuth and setup-token credentials. Older configs that
-used `"token"` are auto-migrated on load.
+```bash
+clawdbot models auth paste-token --provider anthropic
+```
If you see an Anthropic error like:
@@ -79,12 +76,6 @@ This credential is only authorized for use with Claude Code and cannot be used f
…use an Anthropic API key instead.
-Alternative: run the wrapper (also updates Clawdbot config):
-
-```bash
-clawdbot models auth setup-token --provider anthropic
-```
-
Manual token entry (any provider; writes `auth-profiles.json` + updates config):
```bash
@@ -101,10 +92,6 @@ clawdbot models status --check
Optional ops scripts (systemd/Termux) are documented here:
[/automation/auth-monitoring](/automation/auth-monitoring)
-`clawdbot models status` loads Claude Code credentials into Clawdbot’s
-`auth-profiles.json` and shows expiry (warns within 24h by default).
-`clawdbot doctor` also performs the sync when it runs.
-
> `claude setup-token` requires an interactive TTY.
## Checking model auth status
@@ -118,7 +105,7 @@ clawdbot doctor
### Per-session (chat command)
-Use `/model @` to pin a specific provider credential for the current session (example profile ids: `anthropic:claude-cli`, `anthropic:default`).
+Use `/model @` to pin a specific provider credential for the current session (example profile ids: `anthropic:default`, `anthropic:work`).
Use `/model` (or `/model list`) for a compact picker; use `/model status` for the full view (candidates + next auth profile, plus provider endpoint details when configured).
@@ -128,23 +115,12 @@ Set an explicit auth profile order override for an agent (stored in that agent
```bash
clawdbot models auth order get --provider anthropic
-clawdbot models auth order set --provider anthropic anthropic:claude-cli
+clawdbot models auth order set --provider anthropic anthropic:default
clawdbot models auth order clear --provider anthropic
```
Use `--agent ` to target a specific agent; omit it to use the configured default agent.
-## How sync works
-
-1. **Claude Code** stores credentials in `~/.claude/.credentials.json` (or
- Keychain on macOS).
-2. **Clawdbot** syncs those into
- `~/.clawdbot/agents//agent/auth-profiles.json` when the auth store is
- loaded.
-3. Refreshable OAuth profiles can be refreshed automatically on use. Static
- token profiles (including Claude Code CLI setup-token) are not refreshable by
- Clawdbot.
-
## Troubleshooting
### “No credentials found”
@@ -159,7 +135,7 @@ clawdbot models status
### Token expiring/expired
Run `clawdbot models status` to confirm which profile is expiring. If the profile
-is `anthropic:claude-cli`, rerun `claude setup-token`.
+is missing, rerun `claude setup-token` and paste the token again.
## Requirements
diff --git a/docs/gateway/configuration.md b/docs/gateway/configuration.md
index 868126101..9c850e070 100644
--- a/docs/gateway/configuration.md
+++ b/docs/gateway/configuration.md
@@ -374,12 +374,6 @@ Overrides:
On first use, Clawdbot imports `oauth.json` entries into `auth-profiles.json`.
-Clawdbot also auto-syncs OAuth tokens from external CLIs into `auth-profiles.json` (when present on the gateway host):
-- Claude Code → `anthropic:claude-cli`
- - macOS: Keychain item "Claude Code-credentials" (choose "Always Allow" to avoid launchd prompts)
- - Linux/Windows: `~/.claude/.credentials.json`
-- `~/.codex/auth.json` (Codex CLI) → `openai-codex:codex-cli`
-
### `auth`
Optional metadata for auth profiles. This does **not** store secrets; it maps
@@ -400,10 +394,6 @@ rotation order used for failover.
}
```
-Note: `anthropic:claude-cli` should use `mode: "oauth"` even when the stored
-credential is a setup-token. Clawdbot auto-migrates older configs that used
-`mode: "token"`.
-
### `agents.list[].identity`
Optional per-agent identity used for defaults and UX. This is written by the macOS onboarding assistant.
@@ -964,6 +954,8 @@ Notes:
- `commands.debug: true` enables `/debug` (runtime-only overrides).
- `commands.restart: true` enables `/restart` and the gateway tool restart action.
- `commands.useAccessGroups: false` allows commands to bypass access-group allowlists/policies.
+- Slash commands and directives are only honored for **authorized senders**. Authorization is derived from
+ channel allowlists/pairing plus `commands.useAccessGroups`.
### `web` (WhatsApp web channel runtime)
@@ -1037,6 +1029,9 @@ Set `channels.telegram.configWrites: false` to block Telegram-initiated config w
maxDelayMs: 30000,
jitter: 0.1
},
+ network: { // transport overrides
+ autoSelectFamily: false
+ },
proxy: "socks5://localhost:9050",
webhookUrl: "https://example.com/telegram-webhook",
webhookSecret: "secret",
@@ -2847,9 +2842,11 @@ Control UI base path:
- `gateway.controlUi.basePath` sets the URL prefix where the Control UI is served.
- Examples: `"/ui"`, `"/clawdbot"`, `"/apps/clawdbot"`.
- Default: root (`/`) (unchanged).
-- `gateway.controlUi.allowInsecureAuth` allows token-only auth for the Control UI and skips
- device identity + pairing (even on HTTPS). Default: `false`. Prefer HTTPS
+- `gateway.controlUi.allowInsecureAuth` allows token-only auth for the Control UI when
+ device identity is omitted (typically over HTTP). Default: `false`. Prefer HTTPS
(Tailscale Serve) or `127.0.0.1`.
+- `gateway.controlUi.dangerouslyDisableDeviceAuth` disables device identity checks for the
+ Control UI (token/password only). Default: `false`. Break-glass only.
Related docs:
- [Control UI](/web/control-ui)
@@ -2867,21 +2864,22 @@ Notes:
- `gateway.port` controls the single multiplexed port used for WebSocket + HTTP (control UI, hooks, A2UI).
- OpenAI Chat Completions endpoint: **disabled by default**; enable with `gateway.http.endpoints.chatCompletions.enabled: true`.
- Precedence: `--port` > `CLAWDBOT_GATEWAY_PORT` > `gateway.port` > default `18789`.
-- Non-loopback binds (`lan`/`tailnet`/`auto`) require auth. Use `gateway.auth.token` (or `CLAWDBOT_GATEWAY_TOKEN`).
+- Gateway auth is required by default (token/password or Tailscale Serve identity). Non-loopback binds require a shared token/password.
- The onboarding wizard generates a gateway token by default (even on loopback).
- `gateway.remote.token` is **only** for remote CLI calls; it does not enable local gateway auth. `gateway.token` is ignored.
Auth and Tailscale:
-- `gateway.auth.mode` sets the handshake requirements (`token` or `password`).
+- `gateway.auth.mode` sets the handshake requirements (`token` or `password`). When unset, token auth is assumed.
- `gateway.auth.token` stores the shared token for token auth (used by the CLI on the same machine).
- When `gateway.auth.mode` is set, only that method is accepted (plus optional Tailscale headers).
- `gateway.auth.password` can be set here, or via `CLAWDBOT_GATEWAY_PASSWORD` (recommended).
- `gateway.auth.allowTailscale` allows Tailscale Serve identity headers
(`tailscale-user-login`) to satisfy auth when the request arrives on loopback
- with `x-forwarded-for`, `x-forwarded-proto`, and `x-forwarded-host`. When
- `true`, Serve requests do not need a token/password; set `false` to require
- explicit credentials. Defaults to `true` when `tailscale.mode = "serve"` and
- auth mode is not `password`.
+ with `x-forwarded-for`, `x-forwarded-proto`, and `x-forwarded-host`. Clawdbot
+ verifies the identity by resolving the `x-forwarded-for` address via
+ `tailscale whois` before accepting it. When `true`, Serve requests do not need
+ a token/password; set `false` to require explicit credentials. Defaults to
+ `true` when `tailscale.mode = "serve"` and auth mode is not `password`.
- `gateway.tailscale.mode: "serve"` uses Tailscale Serve (tailnet only, loopback bind).
- `gateway.tailscale.mode: "funnel"` exposes the dashboard publicly; requires auth.
- `gateway.tailscale.resetOnExit` resets Serve/Funnel config on shutdown.
@@ -3174,6 +3172,20 @@ Auto-generated certs require `openssl` on PATH; if generation fails, the bridge
}
```
+### `discovery.mdns` (Bonjour / mDNS broadcast mode)
+
+Controls LAN mDNS discovery broadcasts (`_clawdbot-gw._tcp`).
+
+- `minimal` (default): omit `cliPath` + `sshPort` from TXT records
+- `full`: include `cliPath` + `sshPort` in TXT records
+- `off`: disable mDNS broadcasts entirely
+
+```json5
+{
+ discovery: { mdns: { mode: "minimal" } }
+}
+```
+
### `discovery.wideArea` (Wide-Area Bonjour / unicast DNS‑SD)
When enabled, the Gateway writes a unicast DNS-SD zone for `_clawdbot-bridge._tcp` under `~/.clawdbot/dns/` using the standard discovery domain `clawdbot.internal.`
diff --git a/docs/gateway/index.md b/docs/gateway/index.md
index d37320d1b..824984bde 100644
--- a/docs/gateway/index.md
+++ b/docs/gateway/index.md
@@ -37,7 +37,7 @@ pnpm gateway:watch
- `--force` uses `lsof` to find listeners on the chosen port, sends SIGTERM, logs what it killed, then starts the gateway (fails fast if `lsof` is missing).
- If you run under a supervisor (launchd/systemd/mac app child-process mode), a stop/restart typically sends **SIGTERM**; older builds may surface this as `pnpm` `ELIFECYCLE` exit code **143** (SIGTERM), which is a normal shutdown, not a crash.
- **SIGUSR1** triggers an in-process restart when authorized (gateway tool/config apply/update, or enable `commands.restart` for manual restarts).
-- Gateway auth: set `gateway.auth.mode=token` + `gateway.auth.token` (or pass `--token ` / `CLAWDBOT_GATEWAY_TOKEN`) to require clients to send `connect.params.auth.token`.
+- Gateway auth is required by default: set `gateway.auth.token` (or `CLAWDBOT_GATEWAY_TOKEN`) or `gateway.auth.password`. Clients must send `connect.params.auth.token/password` unless using Tailscale Serve identity.
- The wizard now generates a token by default, even on loopback.
- Port precedence: `--port` > `CLAWDBOT_GATEWAY_PORT` > `gateway.port` > default `18789`.
diff --git a/docs/gateway/protocol.md b/docs/gateway/protocol.md
index fc6682708..279b37614 100644
--- a/docs/gateway/protocol.md
+++ b/docs/gateway/protocol.md
@@ -198,7 +198,8 @@ The Gateway treats these as **claims** and enforces server-side allowlists.
- **Local** connects include loopback and the gateway host’s own tailnet address
(so same‑host tailnet binds can still auto‑approve).
- All WS clients must include `device` identity during `connect` (operator + node).
- Control UI can omit it **only** when `gateway.controlUi.allowInsecureAuth` is enabled.
+ Control UI can omit it **only** when `gateway.controlUi.allowInsecureAuth` is enabled
+ (or `gateway.controlUi.dangerouslyDisableDeviceAuth` for break-glass use).
- Non-local connections must sign the server-provided `connect.challenge` nonce.
## TLS + pinning
diff --git a/docs/gateway/sandbox-vs-tool-policy-vs-elevated.md b/docs/gateway/sandbox-vs-tool-policy-vs-elevated.md
index d28481ebb..d7fd921e7 100644
--- a/docs/gateway/sandbox-vs-tool-policy-vs-elevated.md
+++ b/docs/gateway/sandbox-vs-tool-policy-vs-elevated.md
@@ -59,6 +59,8 @@ Two layers matter:
Rules of thumb:
- `deny` always wins.
- If `allow` is non-empty, everything else is treated as blocked.
+- Tool policy is the hard stop: `/exec` cannot override a denied `exec` tool.
+- `/exec` only changes session defaults for authorized senders; it does not grant tool access.
Provider tool keys accept either `provider` (e.g. `google-antigravity`) or `provider/model` (e.g. `openai/gpt-5.2`).
### Tool groups (shorthands)
@@ -95,6 +97,7 @@ Elevated does **not** grant extra tools; it only affects `exec`.
- Use `/elevated full` to skip exec approvals for the session.
- If you’re already running direct, elevated is effectively a no-op (still gated).
- Elevated is **not** skill-scoped and does **not** override tool allow/deny.
+- `/exec` is separate from elevated. It only adjusts per-session exec defaults for authorized senders.
Gates:
- Enablement: `tools.elevated.enabled` (and optionally `agents.list[].tools.elevated.enabled`)
diff --git a/docs/gateway/sandboxing.md b/docs/gateway/sandboxing.md
index b9b1bd8fe..fcbc46b9b 100644
--- a/docs/gateway/sandboxing.md
+++ b/docs/gateway/sandboxing.md
@@ -142,6 +142,8 @@ Tool allow/deny policies still apply before sandbox rules. If a tool is denied
globally or per-agent, sandboxing doesn’t bring it back.
`tools.elevated` is an explicit escape hatch that runs `exec` on the host.
+`/exec` directives only apply for authorized senders and persist per session; to hard-disable
+`exec`, use tool policy deny (see [Sandbox vs Tool Policy vs Elevated](/gateway/sandbox-vs-tool-policy-vs-elevated)).
Debugging:
- Use `clawdbot sandbox explain` to inspect effective sandbox mode, tool policy, and fix-it config keys.
diff --git a/docs/gateway/security.md b/docs/gateway/security.md
index 05e1673c6..52671d864 100644
--- a/docs/gateway/security.md
+++ b/docs/gateway/security.md
@@ -43,6 +43,18 @@ Start with the smallest access that still works, then widen it as you gain confi
If you run `--deep`, Clawdbot also attempts a best-effort live Gateway probe.
+## Credential storage map
+
+Use this when auditing access or deciding what to back up:
+
+- **WhatsApp**: `~/.clawdbot/credentials/whatsapp//creds.json`
+- **Telegram bot token**: config/env or `channels.telegram.tokenFile`
+- **Discord bot token**: config/env (token file not yet supported)
+- **Slack tokens**: config/env (`channels.slack.*`)
+- **Pairing allowlists**: `~/.clawdbot/credentials/-allowFrom.json`
+- **Model auth profiles**: `~/.clawdbot/agents//agent/auth-profiles.json`
+- **Legacy OAuth import**: `~/.clawdbot/credentials/oauth.json`
+
## Security Audit Checklist
When the audit prints findings, treat this as a priority order:
@@ -58,9 +70,13 @@ When the audit prints findings, treat this as a priority order:
The Control UI needs a **secure context** (HTTPS or localhost) to generate device
identity. If you enable `gateway.controlUi.allowInsecureAuth`, the UI falls back
-to **token-only auth** and skips device pairing (even on HTTPS). This is a security
+to **token-only auth** and skips device pairing when device identity is omitted. This is a security
downgrade—prefer HTTPS (Tailscale Serve) or open the UI on `127.0.0.1`.
+For break-glass scenarios only, `gateway.controlUi.dangerouslyDisableDeviceAuth`
+disables device identity checks entirely. This is a severe security downgrade;
+keep it off unless you are actively debugging and can revert quickly.
+
`clawdbot security audit` warns when this setting is enabled.
## Reverse Proxy Configuration
@@ -126,6 +142,16 @@ Clawdbot’s stance:
- **Scope next:** decide where the bot is allowed to act (group allowlists + mention gating, tools, sandboxing, device permissions).
- **Model last:** assume the model can be manipulated; design so manipulation has limited blast radius.
+## Command authorization model
+
+Slash commands and directives are only honored for **authorized senders**. Authorization is derived from
+channel allowlists/pairing plus `commands.useAccessGroups` (see [Configuration](/gateway/configuration)
+and [Slash commands](/tools/slash-commands)). If a channel allowlist is empty or includes `"*"`,
+commands are effectively open for that channel.
+
+`/exec` is a session-only convenience for authorized operators. It does **not** write config or
+change other sessions.
+
## Plugins/extensions
Plugins run **in-process** with the Gateway. Treat them as trusted code:
@@ -193,10 +219,18 @@ Prompt injection is when an attacker crafts a message that manipulates the model
Even with strong system prompts, **prompt injection is not solved**. What helps in practice:
- Keep inbound DMs locked down (pairing/allowlists).
- Prefer mention gating in groups; avoid “always-on” bots in public rooms.
-- Treat links and pasted instructions as hostile by default.
+- Treat links, attachments, and pasted instructions as hostile by default.
- Run sensitive tool execution in a sandbox; keep secrets out of the agent’s reachable filesystem.
+- Note: sandboxing is opt-in. If sandbox mode is off, exec runs on the gateway host even though tools.exec.host defaults to sandbox, and host exec does not require approvals unless you set host=gateway and configure exec approvals.
+- Limit high-risk tools (`exec`, `browser`, `web_fetch`, `web_search`) to trusted agents or explicit allowlists.
- **Model choice matters:** older/legacy models can be less robust against prompt injection and tool misuse. Prefer modern, instruction-hardened models for any bot with tools. We recommend Anthropic Opus 4.5 because it’s quite good at recognizing prompt injections (see [“A step forward on safety”](https://www.anthropic.com/news/claude-opus-4-5)).
+Red flags to treat as untrusted:
+- “Read this file/URL and do exactly what it says.”
+- “Ignore your system prompt or safety rules.”
+- “Reveal your hidden instructions or tool outputs.”
+- “Paste the full contents of ~/.clawdbot or your logs.”
+
### Prompt injection does not require public DMs
Even if **only you** can message the bot, prompt injection can still happen via
@@ -210,6 +244,7 @@ tool calls. Reduce the blast radius by:
then pass the summary to your main agent.
- Keeping `web_search` / `web_fetch` / `browser` off for tool-enabled agents unless needed.
- Enabling sandboxing and strict tool allowlists for any agent that touches untrusted input.
+- Keeping secrets out of prompts; pass them via env/config on the gateway host instead.
### Model strength (security note)
@@ -226,8 +261,12 @@ Recommendations:
`/reasoning` and `/verbose` can expose internal reasoning or tool output that
was not meant for a public channel. In group settings, treat them as **debug
-only** and keep them off unless you explicitly need them. If you enable them,
-do so only in trusted DMs or tightly controlled rooms.
+only** and keep them off unless you explicitly need them.
+
+Guidance:
+- Keep `/reasoning` and `/verbose` disabled in public rooms.
+- If you enable them, do so only in trusted DMs or tightly controlled rooms.
+- Remember: verbose output can include tool args, URLs, and data the model saw.
## Incident Response (if you suspect compromise)
@@ -280,22 +319,63 @@ The Gateway multiplexes **WebSocket + HTTP** on a single port:
Bind mode controls where the Gateway listens:
- `gateway.bind: "loopback"` (default): only local clients can connect.
-- Non-loopback binds (`"lan"`, `"tailnet"`, `"custom"`) expand the attack surface. Only use them with `gateway.auth` enabled and a real firewall.
+- Non-loopback binds (`"lan"`, `"tailnet"`, `"custom"`) expand the attack surface. Only use them with a shared token/password and a real firewall.
Rules of thumb:
- Prefer Tailscale Serve over LAN binds (Serve keeps the Gateway on loopback, and Tailscale handles access).
- If you must bind to LAN, firewall the port to a tight allowlist of source IPs; do not port-forward it broadly.
- Never expose the Gateway unauthenticated on `0.0.0.0`.
+### 0.4.1) mDNS/Bonjour discovery (information disclosure)
+
+The Gateway broadcasts its presence via mDNS (`_clawdbot-gw._tcp` on port 5353) for local device discovery. In full mode, this includes TXT records that may expose operational details:
+
+- `cliPath`: full filesystem path to the CLI binary (reveals username and install location)
+- `sshPort`: advertises SSH availability on the host
+- `displayName`, `lanHost`: hostname information
+
+**Operational security consideration:** Broadcasting infrastructure details makes reconnaissance easier for anyone on the local network. Even "harmless" info like filesystem paths and SSH availability helps attackers map your environment.
+
+**Recommendations:**
+
+1. **Minimal mode** (default, recommended for exposed gateways): omit sensitive fields from mDNS broadcasts:
+ ```json5
+ {
+ discovery: {
+ mdns: { mode: "minimal" }
+ }
+ }
+ ```
+
+2. **Disable entirely** if you don't need local device discovery:
+ ```json5
+ {
+ discovery: {
+ mdns: { mode: "off" }
+ }
+ }
+ ```
+
+3. **Full mode** (opt-in): include `cliPath` + `sshPort` in TXT records:
+ ```json5
+ {
+ discovery: {
+ mdns: { mode: "full" }
+ }
+ }
+ ```
+
+4. **Environment variable** (alternative): set `CLAWDBOT_DISABLE_BONJOUR=1` to disable mDNS without config changes.
+
+In minimal mode, the Gateway still broadcasts enough for device discovery (`role`, `gatewayPort`, `transport`) but omits `cliPath` and `sshPort`. Apps that need CLI path information can fetch it via the authenticated WebSocket connection instead.
+
### 0.5) Lock down the Gateway WebSocket (local auth)
-Gateway auth is **only** enforced when you set `gateway.auth`. If it’s unset,
-loopback WS clients are unauthenticated — any local process can connect and call
-`config.apply`.
+Gateway auth is **required by default**. If no token/password is configured,
+the Gateway refuses WebSocket connections (fail‑closed).
-The onboarding wizard now generates a token by default (even for loopback) so
-local clients must authenticate. If you skip the wizard or remove auth, you’re
-back to open loopback.
+The onboarding wizard generates a token by default (even for loopback) so
+local clients must authenticate.
Set a token so **all** WS clients must authenticate:
@@ -333,9 +413,11 @@ Rotation checklist (token/password):
When `gateway.auth.allowTailscale` is `true` (default for Serve), Clawdbot
accepts Tailscale Serve identity headers (`tailscale-user-login`) as
-authentication. This only triggers for requests that hit loopback and include
-`x-forwarded-for`, `x-forwarded-proto`, and `x-forwarded-host` as injected by
-Tailscale.
+authentication. Clawdbot verifies the identity by resolving the
+`x-forwarded-for` address through the local Tailscale daemon (`tailscale whois`)
+and matching it to the header. This only triggers for requests that hit loopback
+and include `x-forwarded-for`, `x-forwarded-proto`, and `x-forwarded-host` as
+injected by Tailscale.
**Security rule:** do not forward these headers from your own reverse proxy. If
you terminate TLS or proxy in front of the gateway, disable
@@ -501,6 +583,7 @@ access those accounts and data. Treat browser profiles as **sensitive state**:
- For remote gateways, assume “browser control” is equivalent to “operator access” to whatever that profile can reach.
- Treat `browser.controlUrl` endpoints as an admin API: tailnet-only + token auth. Prefer Tailscale Serve over LAN binds.
- Keep `browser.controlToken` separate from `gateway.auth.token` (you can reuse it, but that increases blast radius).
+- Prefer env vars for the token (`CLAWDBOT_BROWSER_CONTROL_TOKEN`) instead of storing it in config on disk.
- Chrome extension relay mode is **not** “safer”; it can take over your existing Chrome tabs. Assume it can act as you in whatever that tab/profile can reach.
## Per-agent access profiles (multi-agent)
diff --git a/docs/gateway/tailscale.md b/docs/gateway/tailscale.md
index b57ffcc33..e6477fbfc 100644
--- a/docs/gateway/tailscale.md
+++ b/docs/gateway/tailscale.md
@@ -25,9 +25,12 @@ Set `gateway.auth.mode` to control the handshake:
When `tailscale.mode = "serve"` and `gateway.auth.allowTailscale` is `true`,
valid Serve proxy requests can authenticate via Tailscale identity headers
-(`tailscale-user-login`) without supplying a token/password. Clawdbot only
-treats a request as Serve when it arrives from loopback with Tailscale’s
-`x-forwarded-for`, `x-forwarded-proto`, and `x-forwarded-host` headers.
+(`tailscale-user-login`) without supplying a token/password. Clawdbot verifies
+the identity by resolving the `x-forwarded-for` address via the local Tailscale
+daemon (`tailscale whois`) and matching it to the header before accepting it.
+Clawdbot only treats a request as Serve when it arrives from loopback with
+Tailscale’s `x-forwarded-for`, `x-forwarded-proto`, and `x-forwarded-host`
+headers.
To require explicit credentials, set `gateway.auth.allowTailscale: false` or
force `gateway.auth.mode: "password"`.
diff --git a/docs/gateway/troubleshooting.md b/docs/gateway/troubleshooting.md
index 24815e258..697654b80 100644
--- a/docs/gateway/troubleshooting.md
+++ b/docs/gateway/troubleshooting.md
@@ -53,13 +53,12 @@ clawdbot models status
This means the stored Anthropic OAuth token expired and the refresh failed.
If you’re on a Claude subscription (no API key), the most reliable fix is to
-switch to a **Claude Code setup-token** or re-sync Claude Code CLI OAuth on the
-**gateway host**.
+switch to a **Claude Code setup-token** and paste it on the **gateway host**.
**Recommended (setup-token):**
```bash
-# Run on the gateway host (runs Claude Code CLI)
+# Run on the gateway host (paste the setup-token)
clawdbot models auth setup-token --provider anthropic
clawdbot models status
```
@@ -71,10 +70,6 @@ clawdbot models auth paste-token --provider anthropic
clawdbot models status
```
-**If you want to keep OAuth reuse:**
-log in with Claude Code CLI on the gateway host, then run `clawdbot models status`
-to sync the refreshed token into Clawdbot’s auth store.
-
More detail: [Anthropic](/providers/anthropic) and [OAuth](/concepts/oauth).
### Control UI fails on HTTP ("device identity required" / "connect failed")
@@ -214,7 +209,7 @@ the Gateway likely refused to bind.
- Fix: run `clawdbot doctor` to update it (or `clawdbot gateway install --force` for a full rewrite).
**If `Last gateway error:` mentions “refusing to bind … without auth”**
-- You set `gateway.bind` to a non-loopback mode (`lan`/`tailnet`/`custom`, or `auto` when loopback is unavailable) but left auth off.
+- You set `gateway.bind` to a non-loopback mode (`lan`/`tailnet`/`custom`, or `auto` when loopback is unavailable) but didn’t configure auth.
- Fix: set `gateway.auth.mode` + `gateway.auth.token` (or export `CLAWDBOT_GATEWAY_TOKEN`) and restart the service.
**If `clawdbot gateway status` says `bind=tailnet` but no tailnet interface was found**
diff --git a/docs/help/faq.md b/docs/help/faq.md
index 7a5ca6ce8..336b324c9 100644
--- a/docs/help/faq.md
+++ b/docs/help/faq.md
@@ -401,7 +401,7 @@ remote mode, remember the gateway host owns the session store and workspace.
up **memory + bootstrap files**, but **not** session history or auth. Those live
under `~/.clawdbot/` (for example `~/.clawdbot/agents//sessions/`).
-Related: [Where things live on disk](/help/faq#where-does-clawdbot-store-its-data),
+Related: [Migrating](/install/migrating), [Where things live on disk](/help/faq#where-does-clawdbot-store-its-data),
[Agent workspace](/concepts/agent-workspace), [Doctor](/gateway/doctor),
[Remote mode](/gateway/remote).
@@ -566,7 +566,6 @@ Remote access: [Gateway remote](/gateway/remote).
We keep a **hosting hub** with the common providers. Pick one and follow the guide:
- [VPS hosting](/vps) (all providers in one place)
-- [Railway](/railway) (one‑click, browser‑based setup)
- [Fly.io](/platforms/fly)
- [Hetzner](/platforms/hetzner)
- [exe.dev](/platforms/exe-dev)
@@ -631,7 +630,7 @@ Docs: [Anthropic](/providers/anthropic), [OpenAI](/providers/openai),
### Can I use Claude Max subscription without an API key
-Yes. You can authenticate with **Claude Code CLI OAuth** or a **setup-token**
+Yes. You can authenticate with a **setup-token**
instead of an API key. This is the subscription path.
Claude Pro/Max subscriptions **do not include an API key**, so this is the
@@ -641,11 +640,7 @@ If you want the most explicit, supported path, use an Anthropic API key.
### How does Anthropic setuptoken auth work
-`claude setup-token` generates a **token string** via the Claude Code CLI (it is not available in the web console). You can run it on **any machine**. If Claude Code CLI credentials are present on the gateway host, Clawdbot can reuse them; otherwise choose **Anthropic token (paste setup-token)** and paste the string. The token is stored as an auth profile for the **anthropic** provider and used like an API key or OAuth profile. More detail: [OAuth](/concepts/oauth).
-
-Clawdbot keeps `auth.profiles["anthropic:claude-cli"].mode` set to `"oauth"` so
-the profile accepts both OAuth and setup-token credentials; older `"token"` mode
-entries auto-migrate.
+`claude setup-token` generates a **token string** via the Claude Code CLI (it is not available in the web console). You can run it on **any machine**. Choose **Anthropic token (paste setup-token)** in the wizard or paste it with `clawdbot models auth paste-token --provider anthropic`. The token is stored as an auth profile for the **anthropic** provider and used like an API key (no auto-refresh). More detail: [OAuth](/concepts/oauth).
### Where do I find an Anthropic setuptoken
@@ -657,9 +652,9 @@ claude setup-token
Copy the token it prints, then choose **Anthropic token (paste setup-token)** in the wizard. If you want to run it on the gateway host, use `clawdbot models auth setup-token --provider anthropic`. If you ran `claude setup-token` elsewhere, paste it on the gateway host with `clawdbot models auth paste-token --provider anthropic`. See [Anthropic](/providers/anthropic).
-### Do you support Claude subscription auth Claude Code OAuth
+### Do you support Claude subscription auth (Claude Pro/Max)
-Yes. Clawdbot can **reuse Claude Code CLI credentials** (OAuth) and also supports **setup-token**. If you have a Claude subscription, we recommend **setup-token** for long‑running setups (requires Claude Pro/Max + the `claude` CLI). You can generate it anywhere and paste it on the gateway host. OAuth reuse is supported, but avoid logging in separately via Clawdbot and Claude Code to prevent token conflicts. See [Anthropic](/providers/anthropic) and [OAuth](/concepts/oauth).
+Yes — via **setup-token**. Clawdbot no longer reuses Claude Code CLI OAuth tokens; use a setup-token or an Anthropic API key. Generate the token anywhere and paste it on the gateway host. See [Anthropic](/providers/anthropic) and [OAuth](/concepts/oauth).
Note: Claude subscription access is governed by Anthropic’s terms. For production or multi‑user workloads, API keys are usually the safer choice.
@@ -679,13 +674,12 @@ Yes - via pi‑ai’s **Amazon Bedrock (Converse)** provider with **manual confi
### How does Codex auth work
-Clawdbot supports **OpenAI Code (Codex)** via OAuth or by reusing your Codex CLI login (`~/.codex/auth.json`). The wizard can import the CLI login or run the OAuth flow and will set the default model to `openai-codex/gpt-5.2` when appropriate. See [Model providers](/concepts/model-providers) and [Wizard](/start/wizard).
+Clawdbot supports **OpenAI Code (Codex)** via OAuth (ChatGPT sign-in). The wizard can run the OAuth flow and will set the default model to `openai-codex/gpt-5.2` when appropriate. See [Model providers](/concepts/model-providers) and [Wizard](/start/wizard).
### Do you support OpenAI subscription auth Codex OAuth
-Yes. Clawdbot fully supports **OpenAI Code (Codex) subscription OAuth** and can also reuse an
-existing Codex CLI login (`~/.codex/auth.json`) on the gateway host. The onboarding wizard
-can import the CLI login or run the OAuth flow for you.
+Yes. Clawdbot fully supports **OpenAI Code (Codex) subscription OAuth**. The onboarding wizard
+can run the OAuth flow for you.
See [OAuth](/concepts/oauth), [Model providers](/concepts/model-providers), and [Wizard](/start/wizard).
@@ -1451,7 +1445,7 @@ Have Bot A send a message to Bot B, then let Bot B reply as usual.
**CLI bridge (generic):** run a script that calls the other Gateway with
`clawdbot agent --message ... --deliver`, targeting a chat where the other bot
-listens. If one bot is on Railway/VPS, point your CLI at that remote Gateway
+listens. If one bot is on a remote VPS, point your CLI at that remote Gateway
via SSH/Tailscale (see [Remote access](/gateway/remote)).
Example pattern (run from a machine that can reach the target Gateway):
@@ -1941,8 +1935,8 @@ You can list available models with `/model`, `/model list`, or `/model status`.
You can also force a specific auth profile for the provider (per session):
```
-/model opus@anthropic:claude-cli
/model opus@anthropic:default
+/model opus@anthropic:work
```
Tip: `/model status` shows which agent is active, which `auth-profiles.json` file is being used, and which auth profile will be tried next.
@@ -2146,21 +2140,17 @@ It means the system attempted to use the auth profile ID `anthropic:default`, bu
- **Sanity‑check model/auth status**
- Use `clawdbot models status` to see configured models and whether providers are authenticated.
-**Fix checklist for No credentials found for profile anthropic claude cli**
+**Fix checklist for No credentials found for profile anthropic**
-This means the run is pinned to the **Claude Code CLI** profile, but the Gateway
-can’t find that profile in its auth store.
+This means the run is pinned to an Anthropic auth profile, but the Gateway
+can’t find it in its auth store.
-- **Sync the Claude Code CLI token on the gateway host**
- - Run `clawdbot models status` (it loads + syncs Claude Code CLI credentials).
- - If it still says missing: run `claude setup-token` (or `clawdbot models auth setup-token --provider anthropic`) and retry.
-- **If the token was created on another machine**
- - Paste it into the gateway host with `clawdbot models auth paste-token --provider anthropic`.
-- **Check the profile mode**
- - `auth.profiles["anthropic:claude-cli"].mode` must be `"oauth"` (token mode rejects OAuth credentials).
+- **Use a setup-token**
+ - Run `claude setup-token`, then paste it with `clawdbot models auth setup-token --provider anthropic`.
+ - If the token was created on another machine, use `clawdbot models auth paste-token --provider anthropic`.
- **If you want to use an API key instead**
- Put `ANTHROPIC_API_KEY` in `~/.clawdbot/.env` on the **gateway host**.
- - Clear any pinned order that forces `anthropic:claude-cli`:
+ - Clear any pinned order that forces a missing profile:
```bash
clawdbot models auth order clear --provider anthropic
```
@@ -2182,7 +2172,7 @@ Fix: Clawdbot now strips unsigned thinking blocks for Google Antigravity Claude.
## Auth profiles: what they are and how to manage them
-Related: [/concepts/oauth](/concepts/oauth) (OAuth flows, token storage, multi-account patterns, CLI sync)
+Related: [/concepts/oauth](/concepts/oauth) (OAuth flows, token storage, multi-account patterns)
### What is an auth profile
@@ -2213,10 +2203,10 @@ You can also set a **per-agent** order override (stored in that agent’s `auth-
clawdbot models auth order get --provider anthropic
# Lock rotation to a single profile (only try this one)
-clawdbot models auth order set --provider anthropic anthropic:claude-cli
+clawdbot models auth order set --provider anthropic anthropic:default
# Or set an explicit order (fallback within provider)
-clawdbot models auth order set --provider anthropic anthropic:claude-cli anthropic:default
+clawdbot models auth order set --provider anthropic anthropic:work anthropic:default
# Clear override (fall back to config auth.order / round-robin)
clawdbot models auth order clear --provider anthropic
@@ -2225,7 +2215,7 @@ clawdbot models auth order clear --provider anthropic
To target a specific agent:
```bash
-clawdbot models auth order set --provider anthropic --agent main anthropic:claude-cli
+clawdbot models auth order set --provider anthropic --agent main anthropic:default
```
### OAuth vs API key whats the difference
@@ -2235,7 +2225,7 @@ Clawdbot supports both:
- **OAuth** often leverages subscription access (where applicable).
- **API keys** use pay‑per‑token billing.
-The wizard explicitly supports Anthropic OAuth and OpenAI Codex OAuth and can store API keys for you.
+The wizard explicitly supports Anthropic setup-token and OpenAI Codex OAuth and can store API keys for you.
## Gateway: ports, “already running”, and remote mode
diff --git a/docs/install/index.md b/docs/install/index.md
index dde0e5eeb..7ccab0ca8 100644
--- a/docs/install/index.md
+++ b/docs/install/index.md
@@ -177,4 +177,5 @@ Then open a new terminal (or `rehash` in zsh / `hash -r` in bash).
## Update / uninstall
- Updates: [Updating](/install/updating)
+- Migrate to a new machine: [Migrating](/install/migrating)
- Uninstall: [Uninstall](/install/uninstall)
diff --git a/docs/install/migrating.md b/docs/install/migrating.md
new file mode 100644
index 000000000..4987b38b9
--- /dev/null
+++ b/docs/install/migrating.md
@@ -0,0 +1,190 @@
+---
+summary: "Move (migrate) a Clawdbot install from one machine to another"
+read_when:
+ - You are moving Clawdbot to a new laptop/server
+ - You want to preserve sessions, auth, and channel logins (WhatsApp, etc.)
+---
+# Migrating Clawdbot to a new machine
+
+This guide migrates a Clawdbot Gateway from one machine to another **without redoing onboarding**.
+
+The migration is simple conceptually:
+
+- Copy the **state directory** (`$CLAWDBOT_STATE_DIR`, default: `~/.clawdbot/`) — this includes config, auth, sessions, and channel state.
+- Copy your **workspace** (`~/clawd/` by default) — this includes your agent files (memory, prompts, etc.).
+
+But there are common footguns around **profiles**, **permissions**, and **partial copies**.
+
+## Before you start (what you are migrating)
+
+### 1) Identify your state directory
+
+Most installs use the default:
+
+- **State dir:** `~/.clawdbot/`
+
+But it may be different if you use:
+
+- `--profile ` (often becomes `~/.clawdbot-/`)
+- `CLAWDBOT_STATE_DIR=/some/path`
+
+If you’re not sure, run on the **old** machine:
+
+```bash
+clawdbot status
+```
+
+Look for mentions of `CLAWDBOT_STATE_DIR` / profile in the output. If you run multiple gateways, repeat for each profile.
+
+### 2) Identify your workspace
+
+Common defaults:
+
+- `~/clawd/` (recommended workspace)
+- a custom folder you created
+
+Your workspace is where files like `MEMORY.md`, `USER.md`, and `memory/*.md` live.
+
+### 3) Understand what you will preserve
+
+If you copy **both** the state dir and workspace, you keep:
+
+- Gateway configuration (`clawdbot.json`)
+- Auth profiles / API keys / OAuth tokens
+- Session history + agent state
+- Channel state (e.g. WhatsApp login/session)
+- Your workspace files (memory, skills notes, etc.)
+
+If you copy **only** the workspace (e.g., via Git), you do **not** preserve:
+
+- sessions
+- credentials
+- channel logins
+
+Those live under `$CLAWDBOT_STATE_DIR`.
+
+## Migration steps (recommended)
+
+### Step 0 — Make a backup (old machine)
+
+On the **old** machine, stop the gateway first so files aren’t changing mid-copy:
+
+```bash
+clawdbot gateway stop
+```
+
+(Optional but recommended) archive the state dir and workspace:
+
+```bash
+# Adjust paths if you use a profile or custom locations
+cd ~
+tar -czf clawdbot-state.tgz .clawdbot
+
+tar -czf clawd-workspace.tgz clawd
+```
+
+If you have multiple profiles/state dirs (e.g. `~/.clawdbot-main`, `~/.clawdbot-work`), archive each.
+
+### Step 1 — Install Clawdbot on the new machine
+
+On the **new** machine, install the CLI (and Node if needed):
+
+- See: [Install](/install)
+
+At this stage, it’s OK if onboarding creates a fresh `~/.clawdbot/` — you will overwrite it in the next step.
+
+### Step 2 — Copy the state dir + workspace to the new machine
+
+Copy **both**:
+
+- `$CLAWDBOT_STATE_DIR` (default `~/.clawdbot/`)
+- your workspace (default `~/clawd/`)
+
+Common approaches:
+
+- `scp` the tarballs and extract
+- `rsync -a` over SSH
+- external drive
+
+After copying, ensure:
+
+- Hidden directories were included (e.g. `.clawdbot/`)
+- File ownership is correct for the user running the gateway
+
+### Step 3 — Run Doctor (migrations + service repair)
+
+On the **new** machine:
+
+```bash
+clawdbot doctor
+```
+
+Doctor is the “safe boring” command. It repairs services, applies config migrations, and warns about mismatches.
+
+Then:
+
+```bash
+clawdbot gateway restart
+clawdbot status
+```
+
+## Common footguns (and how to avoid them)
+
+### Footgun: profile / state-dir mismatch
+
+If you ran the old gateway with a profile (or `CLAWDBOT_STATE_DIR`), and the new gateway uses a different one, you’ll see symptoms like:
+
+- config changes not taking effect
+- channels missing / logged out
+- empty session history
+
+Fix: run the gateway/service using the **same** profile/state dir you migrated, then rerun:
+
+```bash
+clawdbot doctor
+```
+
+### Footgun: copying only `clawdbot.json`
+
+`clawdbot.json` is not enough. Many providers store state under:
+
+- `$CLAWDBOT_STATE_DIR/credentials/`
+- `$CLAWDBOT_STATE_DIR/agents//...`
+
+Always migrate the entire `$CLAWDBOT_STATE_DIR` folder.
+
+### Footgun: permissions / ownership
+
+If you copied as root or changed users, the gateway may fail to read credentials/sessions.
+
+Fix: ensure the state dir + workspace are owned by the user running the gateway.
+
+### Footgun: migrating between remote/local modes
+
+- If your UI (WebUI/TUI) points at a **remote** gateway, the remote host owns the session store + workspace.
+- Migrating your laptop won’t move the remote gateway’s state.
+
+If you’re in remote mode, migrate the **gateway host**.
+
+### Footgun: secrets in backups
+
+`$CLAWDBOT_STATE_DIR` contains secrets (API keys, OAuth tokens, WhatsApp creds). Treat backups like production secrets:
+
+- store encrypted
+- avoid sharing over insecure channels
+- rotate keys if you suspect exposure
+
+## Verification checklist
+
+On the new machine, confirm:
+
+- `clawdbot status` shows the gateway running
+- Your channels are still connected (e.g. WhatsApp doesn’t require re-pair)
+- The dashboard opens and shows existing sessions
+- Your workspace files (memory, configs) are present
+
+## Related
+
+- [Doctor](/gateway/doctor)
+- [Gateway troubleshooting](/gateway/troubleshooting)
+- [Where does Clawdbot store its data?](/help/faq#where-does-clawdbot-store-its-data)
diff --git a/docs/install/node.md b/docs/install/node.md
index 6a622e198..3075b6207 100644
--- a/docs/install/node.md
+++ b/docs/install/node.md
@@ -1,9 +1,10 @@
---
+title: "Node.js + npm (PATH sanity)"
summary: "Node.js + npm install sanity: versions, PATH, and global installs"
read_when:
- - You installed Clawdbot but `clawdbot` is “command not found”
- - You’re setting up Node.js/npm on a new machine
- - `npm install -g ...` fails with permissions or PATH issues
+ - "You installed Clawdbot but `clawdbot` is “command not found”"
+ - "You’re setting up Node.js/npm on a new machine"
+ - "npm install -g ... fails with permissions or PATH issues"
---
# Node.js + npm (PATH sanity)
diff --git a/docs/northflank.mdx b/docs/northflank.mdx
new file mode 100644
index 000000000..aae9c6a22
--- /dev/null
+++ b/docs/northflank.mdx
@@ -0,0 +1,53 @@
+---
+title: Deploy on Northflank
+---
+
+Deploy Clawdbot on Northflank with a one-click template and finish setup in your browser.
+This is the easiest “no terminal on the server” path: Northflank runs the Gateway for you,
+and you configure everything via the `/setup` web wizard.
+
+## How to get started
+
+1. Click [Deploy Clawdbot](https://northflank.com/stacks/deploy-clawdbot) to open the template.
+2. Create an [account on Northflank](https://app.northflank.com/signup) if you don’t already have one.
+3. Click **Deploy Clawdbot now**.
+4. Set the required environment variable: `SETUP_PASSWORD`.
+5. Click **Deploy stack** to build and run the Clawdbot template.
+6. Wait for the deployment to complete, then click **View resources**.
+7. Open the Clawdbot service.
+8. Open the public Clawdbot URL and complete setup at `/setup`.
+9. Open the Control UI at `/clawdbot`.
+
+## What you get
+
+- Hosted Clawdbot Gateway + Control UI
+- Web setup wizard at `/setup` (no terminal commands)
+- Persistent storage via Northflank Volume (`/data`) so config/credentials/workspace survive redeploys
+
+## Setup flow
+
+1) Visit `https:///setup` and enter your `SETUP_PASSWORD`.
+2) Choose a model/auth provider and paste your key.
+3) (Optional) Add Telegram/Discord/Slack tokens.
+4) Click **Run setup**.
+5) Open the Control UI at `https:///clawdbot`
+
+If Telegram DMs are set to pairing, the setup wizard can approve the pairing code.
+
+## Getting chat tokens
+
+### Telegram bot token
+
+1) Message `@BotFather` in Telegram
+2) Run `/newbot`
+3) Copy the token (looks like `123456789:AA...`)
+4) Paste it into `/setup`
+
+### Discord bot token
+
+1) Go to https://discord.com/developers/applications
+2) **New Application** → choose a name
+3) **Bot** → **Add Bot**
+4) **Enable MESSAGE CONTENT INTENT** under Bot → Privileged Gateway Intents (required or the bot will crash on startup)
+5) Copy the **Bot Token** and paste into `/setup`
+6) Invite the bot to your server (OAuth2 URL Generator; scopes: `bot`, `applications.commands`)
diff --git a/docs/platforms/digitalocean.md b/docs/platforms/digitalocean.md
index 1b8e1d90d..afefe3676 100644
--- a/docs/platforms/digitalocean.md
+++ b/docs/platforms/digitalocean.md
@@ -1,5 +1,5 @@
---
-summary: "Clawdbot on DigitalOcean (cheapest paid VPS option)"
+summary: "Clawdbot on DigitalOcean (simple paid VPS option)"
read_when:
- Setting up Clawdbot on DigitalOcean
- Looking for cheap VPS hosting for Clawdbot
@@ -11,22 +11,22 @@ read_when:
Run a persistent Clawdbot Gateway on DigitalOcean for **$6/month** (or $4/mo with reserved pricing).
-If you want something even cheaper, see [Oracle Cloud (Free Tier)](#oracle-cloud-free-alternative) at the bottom — it's **actually free forever**.
+If you want a $0/month option and don’t mind ARM + provider-specific setup, see the [Oracle Cloud guide](/platforms/oracle).
## Cost Comparison (2026)
| Provider | Plan | Specs | Price/mo | Notes |
|----------|------|-------|----------|-------|
-| **Oracle Cloud** | Always Free ARM | 4 OCPU, 24GB RAM | **$0** | Best value, requires ARM-compatible setup |
-| **Hetzner** | CX22 | 2 vCPU, 4GB RAM | €3.79 (~$4) | Cheapest paid, EU datacenters |
-| **DigitalOcean** | Basic | 1 vCPU, 1GB RAM | $6 | Easy UI, good docs |
-| **Vultr** | Cloud Compute | 1 vCPU, 1GB RAM | $6 | Many locations |
-| **Linode** | Nanode | 1 vCPU, 1GB RAM | $5 | Now part of Akamai |
+| Oracle Cloud | Always Free ARM | up to 4 OCPU, 24GB RAM | $0 | ARM, limited capacity / signup quirks |
+| Hetzner | CX22 | 2 vCPU, 4GB RAM | €3.79 (~$4) | Cheapest paid option |
+| DigitalOcean | Basic | 1 vCPU, 1GB RAM | $6 | Easy UI, good docs |
+| Vultr | Cloud Compute | 1 vCPU, 1GB RAM | $6 | Many locations |
+| Linode | Nanode | 1 vCPU, 1GB RAM | $5 | Now part of Akamai |
-**Recommendation:**
-- **Free:** Oracle Cloud ARM (if you can handle the signup process)
-- **Paid:** Hetzner CX22 (best specs per dollar) — see [Hetzner guide](/platforms/hetzner)
-- **Easy:** DigitalOcean (this guide) — beginner-friendly UI
+**Picking a provider:**
+- DigitalOcean: simplest UX + predictable setup (this guide)
+- Hetzner: good price/perf (see [Hetzner guide](/platforms/hetzner))
+- Oracle Cloud: can be $0/month, but is more finicky and ARM-only (see [Oracle guide](/platforms/oracle))
---
@@ -90,10 +90,10 @@ The wizard will walk you through:
clawdbot status
# Check service
-systemctl status clawdbot
+systemctl --user status clawdbot-gateway.service
# View logs
-journalctl -u clawdbot -f
+journalctl --user -u clawdbot-gateway.service -f
```
## 6) Access the Dashboard
@@ -108,18 +108,30 @@ ssh -L 18789:localhost:18789 root@YOUR_DROPLET_IP
# Then open: http://localhost:18789
```
-**Option B: Tailscale (easier long-term)**
+**Option B: Tailscale Serve (HTTPS, loopback-only)**
```bash
# On the droplet
curl -fsSL https://tailscale.com/install.sh | sh
tailscale up
-# Configure gateway to bind to Tailscale
+# Configure Gateway to use Tailscale Serve
+clawdbot config set gateway.tailscale.mode serve
+clawdbot gateway restart
+```
+
+Open: `https:///`
+
+Notes:
+- Serve keeps the Gateway loopback-only and authenticates via Tailscale identity headers.
+- To require token/password instead, set `gateway.auth.allowTailscale: false` or use `gateway.auth.mode: "password"`.
+
+**Option C: Tailnet bind (no Serve)**
+```bash
clawdbot config set gateway.bind tailnet
clawdbot gateway restart
```
-Then access via your Tailscale IP: `http://100.x.x.x:18789`
+Open: `http://:18789` (token required).
## 7) Connect Your Channels
@@ -180,7 +192,7 @@ tar -czvf clawdbot-backup.tar.gz ~/.clawdbot ~/clawd
## Oracle Cloud Free Alternative
-Oracle Cloud offers **Always Free** ARM instances that are significantly more powerful:
+Oracle Cloud offers **Always Free** ARM instances that are significantly more powerful than any paid option here — for $0/month.
| What you get | Specs |
|--------------|-------|
@@ -189,19 +201,11 @@ Oracle Cloud offers **Always Free** ARM instances that are significantly more po
| **200GB storage** | Block volume |
| **Forever free** | No credit card charges |
-### Quick setup:
-1. Sign up at [oracle.com/cloud/free](https://www.oracle.com/cloud/free/)
-2. Create a VM.Standard.A1.Flex instance (ARM)
-3. Choose Oracle Linux or Ubuntu
-4. Allocate up to 4 OCPU / 24GB RAM within free tier
-5. Follow the same Clawdbot install steps above
-
**Caveats:**
- Signup can be finicky (retry if it fails)
- ARM architecture — most things work, but some binaries need ARM builds
-- Oracle may reclaim idle instances (keep them active)
-For the full Oracle guide, see the [community docs](https://gist.github.com/rssnyder/51e3cfedd730e7dd5f4a816143b25dbd).
+For the full setup guide, see [Oracle Cloud](/platforms/oracle). For signup tips and troubleshooting the enrollment process, see this [community guide](https://gist.github.com/rssnyder/51e3cfedd730e7dd5f4a816143b25dbd).
---
diff --git a/docs/platforms/fly.md b/docs/platforms/fly.md
index 0fdf176ae..dee731ea7 100644
--- a/docs/platforms/fly.md
+++ b/docs/platforms/fly.md
@@ -39,7 +39,9 @@ fly volumes create clawdbot_data --size 1 --region iad
## 2) Configure fly.toml
-Edit `fly.toml` to match your app name and requirements:
+Edit `fly.toml` to match your app name and requirements.
+
+**Security note:** The default config exposes a public URL. For a hardened deployment with no public IP, see [Private Deployment](#private-deployment-hardened) or use `fly.private.toml`.
```toml
app = "my-clawdbot" # Your app name
@@ -104,6 +106,7 @@ fly secrets set DISCORD_BOT_TOKEN=MTQ...
**Notes:**
- Non-loopback binds (`--bind lan`) require `CLAWDBOT_GATEWAY_TOKEN` for security.
- Treat these tokens like passwords.
+- **Prefer env vars over config file** for all API keys and tokens. This keeps secrets out of `clawdbot.json` where they could be accidentally exposed or logged.
## 4) Deploy
@@ -337,6 +340,114 @@ fly machine update --vm-memory 2048 --command "node dist/index.js g
**Note:** After `fly deploy`, the machine command may reset to what's in `fly.toml`. If you made manual changes, re-apply them after deploy.
+## Private Deployment (Hardened)
+
+By default, Fly allocates public IPs, making your gateway accessible at `https://your-app.fly.dev`. This is convenient but means your deployment is discoverable by internet scanners (Shodan, Censys, etc.).
+
+For a hardened deployment with **no public exposure**, use the private template.
+
+### When to use private deployment
+
+- You only make **outbound** calls/messages (no inbound webhooks)
+- You use **ngrok or Tailscale** tunnels for any webhook callbacks
+- You access the gateway via **SSH, proxy, or WireGuard** instead of browser
+- You want the deployment **hidden from internet scanners**
+
+### Setup
+
+Use `fly.private.toml` instead of the standard config:
+
+```bash
+# Deploy with private config
+fly deploy -c fly.private.toml
+```
+
+Or convert an existing deployment:
+
+```bash
+# List current IPs
+fly ips list -a my-clawdbot
+
+# Release public IPs
+fly ips release -a my-clawdbot
+fly ips release -a my-clawdbot
+
+# Switch to private config so future deploys don't re-allocate public IPs
+# (remove [http_service] or deploy with the private template)
+fly deploy -c fly.private.toml
+
+# Allocate private-only IPv6
+fly ips allocate-v6 --private -a my-clawdbot
+```
+
+After this, `fly ips list` should show only a `private` type IP:
+```
+VERSION IP TYPE REGION
+v6 fdaa:x:x:x:x::x private global
+```
+
+### Accessing a private deployment
+
+Since there's no public URL, use one of these methods:
+
+**Option 1: Local proxy (simplest)**
+```bash
+# Forward local port 3000 to the app
+fly proxy 3000:3000 -a my-clawdbot
+
+# Then open http://localhost:3000 in browser
+```
+
+**Option 2: WireGuard VPN**
+```bash
+# Create WireGuard config (one-time)
+fly wireguard create
+
+# Import to WireGuard client, then access via internal IPv6
+# Example: http://[fdaa:x:x:x:x::x]:3000
+```
+
+**Option 3: SSH only**
+```bash
+fly ssh console -a my-clawdbot
+```
+
+### Webhooks with private deployment
+
+If you need webhook callbacks (Twilio, Telnyx, etc.) without public exposure:
+
+1. **ngrok tunnel** - Run ngrok inside the container or as a sidecar
+2. **Tailscale Funnel** - Expose specific paths via Tailscale
+3. **Outbound-only** - Some providers (Twilio) work fine for outbound calls without webhooks
+
+Example voice-call config with ngrok:
+```json
+{
+ "plugins": {
+ "entries": {
+ "voice-call": {
+ "enabled": true,
+ "config": {
+ "provider": "twilio",
+ "tunnel": { "provider": "ngrok" }
+ }
+ }
+ }
+ }
+}
+```
+
+The ngrok tunnel runs inside the container and provides a public webhook URL without exposing the Fly app itself.
+
+### Security benefits
+
+| Aspect | Public | Private |
+|--------|--------|---------|
+| Internet scanners | Discoverable | Hidden |
+| Direct attacks | Possible | Blocked |
+| Control UI access | Browser | Proxy/VPN |
+| Webhook delivery | Direct | Via tunnel |
+
## Notes
- Fly.io uses **x86 architecture** (not ARM)
diff --git a/docs/platforms/index.md b/docs/platforms/index.md
index d53073026..3a1e87267 100644
--- a/docs/platforms/index.md
+++ b/docs/platforms/index.md
@@ -24,7 +24,6 @@ Native companion apps for Windows are also planned; the Gateway is recommended v
## VPS & hosting
- VPS hub: [VPS hosting](/vps)
-- Railway (one-click): [Railway](/railway)
- Fly.io: [Fly.io](/platforms/fly)
- Hetzner (Docker): [Hetzner](/platforms/hetzner)
- GCP (Compute Engine): [GCP](/platforms/gcp)
diff --git a/docs/platforms/oracle.md b/docs/platforms/oracle.md
new file mode 100644
index 000000000..d8006754b
--- /dev/null
+++ b/docs/platforms/oracle.md
@@ -0,0 +1,291 @@
+---
+summary: "Clawdbot on Oracle Cloud (Always Free ARM)"
+read_when:
+ - Setting up Clawdbot on Oracle Cloud
+ - Looking for low-cost VPS hosting for Clawdbot
+ - Want 24/7 Clawdbot on a small server
+---
+
+# Clawdbot on Oracle Cloud (OCI)
+
+## Goal
+
+Run a persistent Clawdbot Gateway on Oracle Cloud's **Always Free** ARM tier.
+
+Oracle’s free tier can be a great fit for Clawdbot (especially if you already have an OCI account), but it comes with tradeoffs:
+
+- ARM architecture (most things work, but some binaries may be x86-only)
+- Capacity and signup can be finicky
+
+## Cost Comparison (2026)
+
+| Provider | Plan | Specs | Price/mo | Notes |
+|----------|------|-------|----------|-------|
+| Oracle Cloud | Always Free ARM | up to 4 OCPU, 24GB RAM | $0 | ARM, limited capacity |
+| Hetzner | CX22 | 2 vCPU, 4GB RAM | ~ $4 | Cheapest paid option |
+| DigitalOcean | Basic | 1 vCPU, 1GB RAM | $6 | Easy UI, good docs |
+| Vultr | Cloud Compute | 1 vCPU, 1GB RAM | $6 | Many locations |
+| Linode | Nanode | 1 vCPU, 1GB RAM | $5 | Now part of Akamai |
+
+---
+
+## Prerequisites
+
+- Oracle Cloud account ([signup](https://www.oracle.com/cloud/free/)) — see [community signup guide](https://gist.github.com/rssnyder/51e3cfedd730e7dd5f4a816143b25dbd) if you hit issues
+- Tailscale account (free at [tailscale.com](https://tailscale.com))
+- ~30 minutes
+
+## 1) Create an OCI Instance
+
+1. Log into [Oracle Cloud Console](https://cloud.oracle.com/)
+2. Navigate to **Compute → Instances → Create Instance**
+3. Configure:
+ - **Name:** `clawdbot`
+ - **Image:** Ubuntu 24.04 (aarch64)
+ - **Shape:** `VM.Standard.A1.Flex` (Ampere ARM)
+ - **OCPUs:** 2 (or up to 4)
+ - **Memory:** 12 GB (or up to 24 GB)
+ - **Boot volume:** 50 GB (up to 200 GB free)
+ - **SSH key:** Add your public key
+4. Click **Create**
+5. Note the public IP address
+
+**Tip:** If instance creation fails with "Out of capacity", try a different availability domain or retry later. Free tier capacity is limited.
+
+## 2) Connect and Update
+
+```bash
+# Connect via public IP
+ssh ubuntu@YOUR_PUBLIC_IP
+
+# Update system
+sudo apt update && sudo apt upgrade -y
+sudo apt install -y build-essential
+```
+
+**Note:** `build-essential` is required for ARM compilation of some dependencies.
+
+## 3) Configure User and Hostname
+
+```bash
+# Set hostname
+sudo hostnamectl set-hostname clawdbot
+
+# Set password for ubuntu user
+sudo passwd ubuntu
+
+# Enable lingering (keeps user services running after logout)
+sudo loginctl enable-linger ubuntu
+```
+
+## 4) Install Tailscale
+
+```bash
+curl -fsSL https://tailscale.com/install.sh | sh
+sudo tailscale up --ssh --hostname=clawdbot
+```
+
+This enables Tailscale SSH, so you can connect via `ssh clawdbot` from any device on your tailnet — no public IP needed.
+
+Verify:
+```bash
+tailscale status
+```
+
+**From now on, connect via Tailscale:** `ssh ubuntu@clawdbot` (or use the Tailscale IP).
+
+## 5) Install Clawdbot
+
+```bash
+curl -fsSL https://clawd.bot/install.sh | bash
+source ~/.bashrc
+```
+
+When prompted "How do you want to hatch your bot?", select **"Do this later"**.
+
+> Note: If you hit ARM-native build issues, start with system packages (e.g. `sudo apt install -y build-essential`) before reaching for Homebrew.
+
+## 6) Configure Gateway (loopback + token auth) and enable Tailscale Serve
+
+Use token auth as the default. It’s predictable and avoids needing any “insecure auth” Control UI flags.
+
+```bash
+# Keep the Gateway private on the VM
+clawdbot config set gateway.bind loopback
+
+# Require auth for the Gateway + Control UI
+clawdbot config set gateway.auth.mode token
+clawdbot doctor --generate-gateway-token
+
+# Expose over Tailscale Serve (HTTPS + tailnet access)
+clawdbot config set gateway.tailscale.mode serve
+clawdbot config set gateway.trustedProxies '["127.0.0.1"]'
+
+systemctl --user restart clawdbot-gateway
+```
+
+## 7) Verify
+
+```bash
+# Check version
+clawdbot --version
+
+# Check daemon status
+systemctl --user status clawdbot-gateway
+
+# Check Tailscale Serve
+tailscale serve status
+
+# Test local response
+curl http://localhost:18789
+```
+
+## 8) Lock Down VCN Security
+
+Now that everything is working, lock down the VCN to block all traffic except Tailscale. OCI's Virtual Cloud Network acts as a firewall at the network edge — traffic is blocked before it reaches your instance.
+
+1. Go to **Networking → Virtual Cloud Networks** in the OCI Console
+2. Click your VCN → **Security Lists** → Default Security List
+3. **Remove** all ingress rules except:
+ - `0.0.0.0/0 UDP 41641` (Tailscale)
+4. Keep default egress rules (allow all outbound)
+
+This blocks SSH on port 22, HTTP, HTTPS, and everything else at the network edge. From now on, you can only connect via Tailscale.
+
+---
+
+## Access the Control UI
+
+From any device on your Tailscale network:
+
+```
+https://clawdbot..ts.net/
+```
+
+Replace `` with your tailnet name (visible in `tailscale status`).
+
+No SSH tunnel needed. Tailscale provides:
+- HTTPS encryption (automatic certs)
+- Authentication via Tailscale identity
+- Access from any device on your tailnet (laptop, phone, etc.)
+
+---
+
+## Security: VCN + Tailscale (recommended baseline)
+
+With the VCN locked down (only UDP 41641 open) and the Gateway bound to loopback, you get strong defense-in-depth: public traffic is blocked at the network edge, and admin access happens over your tailnet.
+
+This setup often removes the *need* for extra host-based firewall rules purely to stop Internet-wide SSH brute force — but you should still keep the OS updated, run `clawdbot security audit`, and verify you aren’t accidentally listening on public interfaces.
+
+### What's Already Protected
+
+| Traditional Step | Needed? | Why |
+|------------------|---------|-----|
+| UFW firewall | No | VCN blocks before traffic reaches instance |
+| fail2ban | No | No brute force if port 22 blocked at VCN |
+| sshd hardening | No | Tailscale SSH doesn't use sshd |
+| Disable root login | No | Tailscale uses Tailscale identity, not system users |
+| SSH key-only auth | No | Tailscale authenticates via your tailnet |
+| IPv6 hardening | Usually not | Depends on your VCN/subnet settings; verify what’s actually assigned/exposed |
+
+### Still Recommended
+
+- **Credential permissions:** `chmod 700 ~/.clawdbot`
+- **Security audit:** `clawdbot security audit`
+- **System updates:** `sudo apt update && sudo apt upgrade` regularly
+- **Monitor Tailscale:** Review devices in [Tailscale admin console](https://login.tailscale.com/admin)
+
+### Verify Security Posture
+
+```bash
+# Confirm no public ports listening
+sudo ss -tlnp | grep -v '127.0.0.1\|::1'
+
+# Verify Tailscale SSH is active
+tailscale status | grep -q 'offers: ssh' && echo "Tailscale SSH active"
+
+# Optional: disable sshd entirely
+sudo systemctl disable --now ssh
+```
+
+---
+
+## Fallback: SSH Tunnel
+
+If Tailscale Serve isn't working, use an SSH tunnel:
+
+```bash
+# From your local machine (via Tailscale)
+ssh -L 18789:127.0.0.1:18789 ubuntu@clawdbot
+```
+
+Then open `http://localhost:18789`.
+
+---
+
+## Troubleshooting
+
+### Instance creation fails ("Out of capacity")
+Free tier ARM instances are popular. Try:
+- Different availability domain
+- Retry during off-peak hours (early morning)
+- Use the "Always Free" filter when selecting shape
+
+### Tailscale won't connect
+```bash
+# Check status
+sudo tailscale status
+
+# Re-authenticate
+sudo tailscale up --ssh --hostname=clawdbot --reset
+```
+
+### Gateway won't start
+```bash
+clawdbot gateway status
+clawdbot doctor --non-interactive
+journalctl --user -u clawdbot-gateway -n 50
+```
+
+### Can't reach Control UI
+```bash
+# Verify Tailscale Serve is running
+tailscale serve status
+
+# Check gateway is listening
+curl http://localhost:18789
+
+# Restart if needed
+systemctl --user restart clawdbot-gateway
+```
+
+### ARM binary issues
+Some tools may not have ARM builds. Check:
+```bash
+uname -m # Should show aarch64
+```
+
+Most npm packages work fine. For binaries, look for `linux-arm64` or `aarch64` releases.
+
+---
+
+## Persistence
+
+All state lives in:
+- `~/.clawdbot/` — config, credentials, session data
+- `~/clawd/` — workspace (SOUL.md, memory, artifacts)
+
+Back up periodically:
+```bash
+tar -czvf clawdbot-backup.tar.gz ~/.clawdbot ~/clawd
+```
+
+---
+
+## See Also
+
+- [Gateway remote access](/gateway/remote) — other remote access patterns
+- [Tailscale integration](/gateway/tailscale) — full Tailscale docs
+- [Gateway configuration](/gateway/configuration) — all config options
+- [DigitalOcean guide](/platforms/digitalocean) — if you want paid + easier signup
+- [Hetzner guide](/platforms/hetzner) — Docker-based alternative
diff --git a/docs/plugins/voice-call.md b/docs/plugins/voice-call.md
index eecb80133..46713c939 100644
--- a/docs/plugins/voice-call.md
+++ b/docs/plugins/voice-call.md
@@ -103,6 +103,9 @@ Notes:
- Plivo requires a **publicly reachable** webhook URL.
- `mock` is a local dev provider (no network calls).
- `skipSignatureVerification` is for local testing only.
+- If you use ngrok free tier, set `publicUrl` to the exact ngrok URL; signature verification is always enforced.
+- `tunnel.allowNgrokFreeTierLoopbackBypass: true` allows Twilio webhooks with invalid signatures **only** when `tunnel.provider="ngrok"` and `serve.bind` is loopback (ngrok local agent). Use for local dev only.
+- Ngrok free tier URLs can change or add interstitial behavior; if `publicUrl` drifts, Twilio signatures will fail. For production, prefer a stable domain or Tailscale funnel.
## TTS for calls
diff --git a/docs/providers/anthropic.md b/docs/providers/anthropic.md
index 7876c4ae9..018e130dd 100644
--- a/docs/providers/anthropic.md
+++ b/docs/providers/anthropic.md
@@ -1,14 +1,13 @@
---
-summary: "Use Anthropic Claude via API keys or Claude Code CLI auth in Clawdbot"
+summary: "Use Anthropic Claude via API keys or setup-token in Clawdbot"
read_when:
- You want to use Anthropic models in Clawdbot
- - You want setup-token or Claude Code CLI auth instead of API keys
+ - You want setup-token instead of API keys
---
# Anthropic (Claude)
Anthropic builds the **Claude** model family and provides access via an API.
-In Clawdbot you can authenticate with an API key or reuse **Claude Code CLI** credentials
-(setup-token or OAuth).
+In Clawdbot you can authenticate with an API key or a **setup-token**.
## Option A: Anthropic API key
@@ -37,7 +36,7 @@ clawdbot onboard --anthropic-api-key "$ANTHROPIC_API_KEY"
## Prompt caching (Anthropic API)
Clawdbot does **not** override Anthropic’s default cache TTL unless you set it.
-This is **API-only**; Claude Code CLI OAuth ignores TTL settings.
+This is **API-only**; subscription auth does not honor TTL settings.
To set the TTL per model, use `cacheControlTtl` in the model `params`:
@@ -58,9 +57,9 @@ To set the TTL per model, use `cacheControlTtl` in the model `params`:
Clawdbot includes the `extended-cache-ttl-2025-04-11` beta flag for Anthropic API
requests; keep it if you override provider headers (see [/gateway/configuration](/gateway/configuration)).
-## Option B: Claude Code CLI (setup-token or OAuth)
+## Option B: Claude setup-token
-**Best for:** using your Claude subscription or existing Claude Code CLI login.
+**Best for:** using your Claude subscription.
### Where to get a setup-token
@@ -85,8 +84,8 @@ clawdbot models auth paste-token --provider anthropic
### CLI setup
```bash
-# Reuse Claude Code CLI OAuth credentials if already logged in
-clawdbot onboard --auth-choice claude-cli
+# Paste a setup-token during onboarding
+clawdbot onboard --auth-choice setup-token
```
### Config snippet
@@ -100,10 +99,7 @@ clawdbot onboard --auth-choice claude-cli
## Notes
- Generate the setup-token with `claude setup-token` and paste it, or run `clawdbot models auth setup-token` on the gateway host.
-- If you see “OAuth token refresh failed …” on a Claude subscription, re-auth with a setup-token or resync Claude Code CLI OAuth on the gateway host. See [/gateway/troubleshooting#oauth-token-refresh-failed-anthropic-claude-subscription](/gateway/troubleshooting#oauth-token-refresh-failed-anthropic-claude-subscription).
-- Clawdbot writes `auth.profiles["anthropic:claude-cli"].mode` as `"oauth"` so the profile
- accepts both OAuth and setup-token credentials. Older configs using `"token"` are
- auto-migrated on load.
+- If you see “OAuth token refresh failed …” on a Claude subscription, re-auth with a setup-token. See [/gateway/troubleshooting#oauth-token-refresh-failed-anthropic-claude-subscription](/gateway/troubleshooting#oauth-token-refresh-failed-anthropic-claude-subscription).
- Auth details + reuse rules are in [/concepts/oauth](/concepts/oauth).
## Troubleshooting
@@ -119,7 +115,7 @@ clawdbot onboard --auth-choice claude-cli
- Re-run onboarding for that agent, or paste a setup-token / API key on the
gateway host, then verify with `clawdbot models status`.
-**No credentials found for profile `anthropic:default` or `anthropic:claude-cli`**
+**No credentials found for profile `anthropic:default`**
- Run `clawdbot models status` to see which auth profile is active.
- Re-run onboarding, or paste a setup-token / API key for that profile.
diff --git a/docs/providers/claude-max-api-proxy.md b/docs/providers/claude-max-api-proxy.md
index 255be62fc..d2bb6cde8 100644
--- a/docs/providers/claude-max-api-proxy.md
+++ b/docs/providers/claude-max-api-proxy.md
@@ -141,5 +141,5 @@ launchctl bootstrap gui/$(id -u) ~/Library/LaunchAgents/com.claude-max-api.plist
## See Also
-- [Anthropic provider](/providers/anthropic) - Native Clawdbot integration with Claude Code CLI OAuth
+- [Anthropic provider](/providers/anthropic) - Native Clawdbot integration with Claude setup-token or API keys
- [OpenAI provider](/providers/openai) - For OpenAI/Codex subscriptions
diff --git a/docs/providers/openai.md b/docs/providers/openai.md
index 442d7f3ae..c877d59ff 100644
--- a/docs/providers/openai.md
+++ b/docs/providers/openai.md
@@ -7,9 +7,7 @@ read_when:
# OpenAI
OpenAI provides developer APIs for GPT models. Codex supports **ChatGPT sign-in** for subscription
-access or **API key** sign-in for usage-based access. Codex cloud requires ChatGPT sign-in, while
-the Codex CLI supports either sign-in method. The Codex CLI caches login details in
-`~/.codex/auth.json` (or your OS credential store), which Clawdbot can reuse.
+access or **API key** sign-in for usage-based access. Codex cloud requires ChatGPT sign-in.
## Option A: OpenAI API key (OpenAI Platform)
@@ -38,16 +36,14 @@ clawdbot onboard --openai-api-key "$OPENAI_API_KEY"
**Best for:** using ChatGPT/Codex subscription access instead of an API key.
Codex cloud requires ChatGPT sign-in, while the Codex CLI supports ChatGPT or API key sign-in.
-Clawdbot can reuse your **Codex CLI** login (`~/.codex/auth.json`) or run the OAuth flow.
-
### CLI setup
```bash
-# Reuse existing Codex CLI login
-clawdbot onboard --auth-choice codex-cli
-
-# Or run Codex OAuth in the wizard
+# Run Codex OAuth in the wizard
clawdbot onboard --auth-choice openai-codex
+
+# Or run OAuth directly
+clawdbot models auth login --provider openai-codex
```
### Config snippet
diff --git a/docs/start/getting-started.md b/docs/start/getting-started.md
index dd68b8f55..00bc00efb 100644
--- a/docs/start/getting-started.md
+++ b/docs/start/getting-started.md
@@ -9,6 +9,10 @@ read_when:
Goal: go from **zero** → **first working chat** (with sane defaults) as quickly as possible.
+Fastest chat: open the Control UI (no channel setup needed). Run `clawdbot dashboard`
+and chat in the browser, or open `http://127.0.0.1:18789/` on the gateway host.
+Docs: [Dashboard](/web/dashboard) and [Control UI](/web/control-ui).
+
Recommended path: use the **CLI onboarding wizard** (`clawdbot onboard`). It sets up:
- model/auth (OAuth recommended)
- gateway settings
@@ -121,6 +125,7 @@ channels. If you use WhatsApp or Telegram, run the Gateway with **Node**.
```bash
clawdbot status
clawdbot health
+clawdbot security audit --deep
```
## 4) Pair + connect your first chat surface
diff --git a/docs/start/setup.md b/docs/start/setup.md
index 587b7fd6b..ec525b7b6 100644
--- a/docs/start/setup.md
+++ b/docs/start/setup.md
@@ -104,6 +104,19 @@ clawdbot health
- Sessions: `~/.clawdbot/agents//sessions/`
- Logs: `/tmp/clawdbot/`
+## Credential storage map
+
+Use this when debugging auth or deciding what to back up:
+
+- **WhatsApp**: `~/.clawdbot/credentials/whatsapp//creds.json`
+- **Telegram bot token**: config/env or `channels.telegram.tokenFile`
+- **Discord bot token**: config/env (token file not yet supported)
+- **Slack tokens**: config/env (`channels.slack.*`)
+- **Pairing allowlists**: `~/.clawdbot/credentials/-allowFrom.json`
+- **Model auth profiles**: `~/.clawdbot/agents//agent/auth-profiles.json`
+- **Legacy OAuth import**: `~/.clawdbot/credentials/oauth.json`
+More detail: [Security](/gateway/security#credential-storage-map).
+
## Updating (without wrecking your setup)
- Keep `~/clawd` and `~/.clawdbot/` as “your stuff”; don’t put personal prompts/config into the `clawdbot` repo.
diff --git a/docs/start/wizard.md b/docs/start/wizard.md
index 8d4866392..59eb69402 100644
--- a/docs/start/wizard.md
+++ b/docs/start/wizard.md
@@ -18,6 +18,9 @@ Primary entrypoint:
clawdbot onboard
```
+Fastest first chat: open the Control UI (no channel setup needed). Run
+`clawdbot dashboard` and chat in the browser. Docs: [Dashboard](/web/dashboard).
+
Follow‑up reconfiguration:
```bash
diff --git a/docs/tools/elevated.md b/docs/tools/elevated.md
index 863c53a1f..7635bbbee 100644
--- a/docs/tools/elevated.md
+++ b/docs/tools/elevated.md
@@ -23,6 +23,7 @@ read_when:
- **Approvals**: `full` skips exec approvals; `on`/`ask` honor them when allowlist/ask rules require.
- **Unsandboxed agents**: no-op for location; only affects gating, logging, and status.
- **Tool policy still applies**: if `exec` is denied by tool policy, elevated cannot be used.
+- **Separate from `/exec`**: `/exec` adjusts per-session defaults for authorized senders and does not require elevated.
## Resolution order
1. Inline directive on the message (applies only to that message).
diff --git a/docs/tools/exec-approvals.md b/docs/tools/exec-approvals.md
index ec350f9d9..2ec8ec191 100644
--- a/docs/tools/exec-approvals.md
+++ b/docs/tools/exec-approvals.md
@@ -216,6 +216,9 @@ Approval-gated execs reuse the approval id as the `runId` in these messages for
- **full** is powerful; prefer allowlists when possible.
- **ask** keeps you in the loop while still allowing fast approvals.
- Per-agent allowlists prevent one agent’s approvals from leaking into others.
+- Approvals only apply to host exec requests from **authorized senders**. Unauthorized senders cannot issue `/exec`.
+- `/exec security=full` is a session-level convenience for authorized operators and skips approvals by design.
+ To hard-block host exec, set approvals security to `deny` or deny the `exec` tool via tool policy.
Related:
- [Exec tool](/tools/exec)
diff --git a/docs/tools/exec.md b/docs/tools/exec.md
index e2088137b..2524c3665 100644
--- a/docs/tools/exec.md
+++ b/docs/tools/exec.md
@@ -34,6 +34,9 @@ Notes:
- If multiple nodes are available, set `exec.node` or `tools.exec.node` to select one.
- On non-Windows hosts, exec uses `SHELL` when set; if `SHELL` is `fish`, it prefers `bash` (or `sh`)
from `PATH` to avoid fish-incompatible scripts, then falls back to `SHELL` if neither exists.
+- Important: sandboxing is **off by default**. If sandboxing is off, `host=sandbox` runs directly on
+ the gateway host (no container) and **does not require approvals**. To require approvals, run with
+ `host=gateway` and configure exec approvals (or enable sandboxing).
## Config
@@ -88,6 +91,13 @@ Example:
/exec host=gateway security=allowlist ask=on-miss node=mac-1
```
+## Authorization model
+
+`/exec` is only honored for **authorized senders** (channel allowlists/pairing plus `commands.useAccessGroups`).
+It updates **session state only** and does not write config. To hard-disable exec, deny it via tool
+policy (`tools.deny: ["exec"]` or per-agent). Host approvals still apply unless you explicitly set
+`security=full` and `ask=off`.
+
## Exec approvals (companion app / node host)
Sandboxed agents can require per-request approval before `exec` runs on the gateway or node host.
diff --git a/docs/tools/lobster.md b/docs/tools/lobster.md
index daf04fd39..f4718c4b5 100644
--- a/docs/tools/lobster.md
+++ b/docs/tools/lobster.md
@@ -158,7 +158,19 @@ If you want to use a custom binary location, pass an **absolute** `lobsterPath`
## Enable the tool
-Lobster is an **optional** plugin tool (not enabled by default). Allow it per agent:
+Lobster is an **optional** plugin tool (not enabled by default).
+
+Recommended (additive, safe):
+
+```json
+{
+ "tools": {
+ "alsoAllow": ["lobster"]
+ }
+}
+```
+
+Or per-agent:
```json
{
@@ -167,7 +179,7 @@ Lobster is an **optional** plugin tool (not enabled by default). Allow it per ag
{
"id": "main",
"tools": {
- "allow": ["lobster"]
+ "alsoAllow": ["lobster"]
}
}
]
@@ -175,7 +187,7 @@ Lobster is an **optional** plugin tool (not enabled by default). Allow it per ag
}
```
-You can also allow it globally with `tools.allow` if every agent should see it.
+Avoid using `tools.allow: ["lobster"]` unless you intend to run in restrictive allowlist mode.
Note: allowlists are opt-in for optional plugins. If your allowlist only names
plugin tools (like `lobster`), Clawdbot keeps core tools enabled. To restrict core
diff --git a/docs/tools/skills.md b/docs/tools/skills.md
index 289118bae..d9c840d73 100644
--- a/docs/tools/skills.md
+++ b/docs/tools/skills.md
@@ -64,6 +64,14 @@ By default, `clawdhub` installs into `./skills` under your current working
directory (or falls back to the configured Clawdbot workspace). Clawdbot picks
that up as `/skills` on the next session.
+## Security notes
+
+- Treat third-party skills as **trusted code**. Read them before enabling.
+- Prefer sandboxed runs for untrusted inputs and risky tools. See [Sandboxing](/gateway/sandboxing).
+- `skills.entries.*.env` and `skills.entries.*.apiKey` inject secrets into the **host** process
+ for that agent turn (not the sandbox). Keep secrets out of prompts and logs.
+- For a broader threat model and checklists, see [Security](/gateway/security).
+
## Format (AgentSkills + Pi-compatible)
`SKILL.md` must include at least:
diff --git a/docs/tools/slash-commands.md b/docs/tools/slash-commands.md
index 84a087dba..138ede9d0 100644
--- a/docs/tools/slash-commands.md
+++ b/docs/tools/slash-commands.md
@@ -16,6 +16,8 @@ There are two related systems:
- Directives are stripped from the message before the model sees it.
- In normal chat messages (not directive-only), they are treated as “inline hints” and do **not** persist session settings.
- In directive-only messages (the message contains only directives), they persist to the session and reply with an acknowledgement.
+ - Directives are only applied for **authorized senders** (channel allowlists/pairing plus `commands.useAccessGroups`).
+ Unauthorized senders see directives treated as plain text.
There are also a few **inline shortcuts** (allowlisted/authorized senders only): `/help`, `/commands`, `/status`, `/whoami` (`/id`).
They run immediately, are stripped before the model sees the message, and the remaining text continues through the normal flow.
@@ -132,7 +134,7 @@ Examples:
/model list
/model 3
/model openai/gpt-5.2
-/model opus@anthropic:claude-cli
+/model opus@anthropic:default
/model status
```
diff --git a/docs/vps.md b/docs/vps.md
index 23e88255b..08910733f 100644
--- a/docs/vps.md
+++ b/docs/vps.md
@@ -1,5 +1,5 @@
---
-summary: "VPS hosting hub for Clawdbot (Railway/Fly/Hetzner/exe.dev)"
+summary: "VPS hosting hub for Clawdbot (Oracle/Fly/Hetzner/GCP/exe.dev)"
read_when:
- You want to run the Gateway in the cloud
- You need a quick map of VPS/hosting guides
@@ -12,6 +12,8 @@ deployments work at a high level.
## Pick a provider
- **Railway** (one‑click + browser setup): [Railway](/railway)
+- **Northflank** (one‑click + browser setup): [Northflank](/northflank)
+- **Oracle Cloud (Always Free)**: [Oracle](/platforms/oracle) — $0/month (Always Free, ARM; capacity/signup can be finicky)
- **Fly.io**: [Fly.io](/platforms/fly)
- **Hetzner (Docker)**: [Hetzner](/platforms/hetzner)
- **GCP (Compute Engine)**: [GCP](/platforms/gcp)
@@ -24,6 +26,8 @@ deployments work at a high level.
- The **Gateway runs on the VPS** and owns state + workspace.
- You connect from your laptop/phone via the **Control UI** or **Tailscale/SSH**.
- Treat the VPS as the source of truth and **back up** the state + workspace.
+- Secure default: keep the Gateway on loopback and access it via SSH tunnel or Tailscale Serve.
+ If you bind to `lan`/`tailnet`, require `gateway.auth.token` or `gateway.auth.password`.
Remote access: [Gateway remote](/gateway/remote)
Platforms hub: [Platforms](/platforms)
diff --git a/docs/web/control-ui.md b/docs/web/control-ui.md
index 188479679..996ed0fe4 100644
--- a/docs/web/control-ui.md
+++ b/docs/web/control-ui.md
@@ -70,10 +70,11 @@ Open:
By default, Serve requests can authenticate via Tailscale identity headers
(`tailscale-user-login`) when `gateway.auth.allowTailscale` is `true`. Clawdbot
-only accepts these when the request hits loopback with Tailscale’s
-`x-forwarded-*` headers. Set `gateway.auth.allowTailscale: false` (or force
-`gateway.auth.mode: "password"`) if you want to require a token/password even
-for Serve traffic.
+verifies the identity by resolving the `x-forwarded-for` address with
+`tailscale whois` and matching it to the header, and only accepts these when the
+request hits loopback with Tailscale’s `x-forwarded-*` headers. Set
+`gateway.auth.allowTailscale: false` (or force `gateway.auth.mode: "password"`)
+if you want to require a token/password even for Serve traffic.
### Bind to tailnet + token
diff --git a/docs/web/dashboard.md b/docs/web/dashboard.md
index 81d0aacc4..fdbf209be 100644
--- a/docs/web/dashboard.md
+++ b/docs/web/dashboard.md
@@ -19,6 +19,10 @@ Key references:
Authentication is enforced at the WebSocket handshake via `connect.params.auth`
(token or password). See `gateway.auth` in [Gateway configuration](/gateway/configuration).
+Security note: the Control UI is an **admin surface** (chat, config, exec approvals).
+Do not expose it publicly. The UI stores the token in `localStorage` after first load.
+Prefer localhost, Tailscale Serve, or an SSH tunnel.
+
## Fast path (recommended)
- After onboarding, the CLI now auto-opens the dashboard with your token and prints the same tokenized link.
diff --git a/docs/web/index.md b/docs/web/index.md
index 82ca62205..0e1fadfa4 100644
--- a/docs/web/index.md
+++ b/docs/web/index.md
@@ -91,7 +91,8 @@ Open:
## Security notes
-- Binding the Gateway to a non-loopback address **requires** auth (`gateway.auth` or `CLAWDBOT_GATEWAY_TOKEN`).
+- Gateway auth is required by default (token/password or Tailscale identity headers).
+- Non-loopback binds still **require** a shared token/password (`gateway.auth` or env).
- The wizard generates a gateway token by default (even on loopback).
- The UI sends `connect.params.auth.token` or `connect.params.auth.password`.
- With Serve, Tailscale identity headers can satisfy auth when
diff --git a/docs/web/webchat.md b/docs/web/webchat.md
index 2abfa67ea..3c968e0fc 100644
--- a/docs/web/webchat.md
+++ b/docs/web/webchat.md
@@ -16,7 +16,7 @@ Status: the macOS/iOS SwiftUI chat UI talks directly to the Gateway WebSocket.
## Quick start
1) Start the gateway.
2) Open the WebChat UI (macOS/iOS app) or the Control UI chat tab.
-3) Ensure gateway auth is configured if you are not on loopback.
+3) Ensure gateway auth is configured (required by default, even on loopback).
## How it works (behavior)
- The UI connects to the Gateway WebSocket and uses `chat.history`, `chat.send`, and `chat.inject`.
diff --git a/extensions/bluebubbles/src/monitor.test.ts b/extensions/bluebubbles/src/monitor.test.ts
index 12aef679c..76c9eebf6 100644
--- a/extensions/bluebubbles/src/monitor.test.ts
+++ b/extensions/bluebubbles/src/monitor.test.ts
@@ -146,8 +146,14 @@ function createMockRuntime(): PluginRuntime {
resolveRequireMention: mockResolveRequireMention as unknown as PluginRuntime["channel"]["groups"]["resolveRequireMention"],
},
debounce: {
- createInboundDebouncer: vi.fn() as unknown as PluginRuntime["channel"]["debounce"]["createInboundDebouncer"],
- resolveInboundDebounceMs: vi.fn() as unknown as PluginRuntime["channel"]["debounce"]["resolveInboundDebounceMs"],
+ // Create a pass-through debouncer that immediately calls onFlush
+ createInboundDebouncer: vi.fn((params: { onFlush: (items: unknown[]) => Promise }) => ({
+ enqueue: async (item: unknown) => {
+ await params.onFlush([item]);
+ },
+ flushKey: vi.fn(),
+ })) as unknown as PluginRuntime["channel"]["debounce"]["createInboundDebouncer"],
+ resolveInboundDebounceMs: vi.fn(() => 0) as unknown as PluginRuntime["channel"]["debounce"]["resolveInboundDebounceMs"],
},
commands: {
resolveCommandAuthorizedFromAuthorizers: mockResolveCommandAuthorizedFromAuthorizers as unknown as PluginRuntime["channel"]["commands"]["resolveCommandAuthorizedFromAuthorizers"],
diff --git a/extensions/bluebubbles/src/monitor.ts b/extensions/bluebubbles/src/monitor.ts
index 8635b183e..98431775a 100644
--- a/extensions/bluebubbles/src/monitor.ts
+++ b/extensions/bluebubbles/src/monitor.ts
@@ -250,8 +250,178 @@ type WebhookTarget = {
statusSink?: (patch: { lastInboundAt?: number; lastOutboundAt?: number }) => void;
};
+/**
+ * Entry type for debouncing inbound messages.
+ * Captures the normalized message and its target for later combined processing.
+ */
+type BlueBubblesDebounceEntry = {
+ message: NormalizedWebhookMessage;
+ target: WebhookTarget;
+};
+
+/**
+ * Default debounce window for inbound message coalescing (ms).
+ * This helps combine URL text + link preview balloon messages that BlueBubbles
+ * sends as separate webhook events when no explicit inbound debounce config exists.
+ */
+const DEFAULT_INBOUND_DEBOUNCE_MS = 350;
+
+/**
+ * Combines multiple debounced messages into a single message for processing.
+ * Used when multiple webhook events arrive within the debounce window.
+ */
+function combineDebounceEntries(entries: BlueBubblesDebounceEntry[]): NormalizedWebhookMessage {
+ if (entries.length === 0) {
+ throw new Error("Cannot combine empty entries");
+ }
+ if (entries.length === 1) {
+ return entries[0].message;
+ }
+
+ // Use the first message as the base (typically the text message)
+ const first = entries[0].message;
+
+ // Combine text from all entries, filtering out duplicates and empty strings
+ const seenTexts = new Set();
+ const textParts: string[] = [];
+
+ for (const entry of entries) {
+ const text = entry.message.text.trim();
+ if (!text) continue;
+ // Skip duplicate text (URL might be in both text message and balloon)
+ const normalizedText = text.toLowerCase();
+ if (seenTexts.has(normalizedText)) continue;
+ seenTexts.add(normalizedText);
+ textParts.push(text);
+ }
+
+ // Merge attachments from all entries
+ const allAttachments = entries.flatMap((e) => e.message.attachments ?? []);
+
+ // Use the latest timestamp
+ const timestamps = entries
+ .map((e) => e.message.timestamp)
+ .filter((t): t is number => typeof t === "number");
+ const latestTimestamp = timestamps.length > 0 ? Math.max(...timestamps) : first.timestamp;
+
+ // Collect all message IDs for reference
+ const messageIds = entries
+ .map((e) => e.message.messageId)
+ .filter((id): id is string => Boolean(id));
+
+ // Prefer reply context from any entry that has it
+ const entryWithReply = entries.find((e) => e.message.replyToId);
+
+ return {
+ ...first,
+ text: textParts.join(" "),
+ attachments: allAttachments.length > 0 ? allAttachments : first.attachments,
+ timestamp: latestTimestamp,
+ // Use first message's ID as primary (for reply reference), but we've coalesced others
+ messageId: messageIds[0] ?? first.messageId,
+ // Preserve reply context if present
+ replyToId: entryWithReply?.message.replyToId ?? first.replyToId,
+ replyToBody: entryWithReply?.message.replyToBody ?? first.replyToBody,
+ replyToSender: entryWithReply?.message.replyToSender ?? first.replyToSender,
+ // Clear balloonBundleId since we've combined (the combined message is no longer just a balloon)
+ balloonBundleId: undefined,
+ };
+}
+
const webhookTargets = new Map();
+/**
+ * Maps webhook targets to their inbound debouncers.
+ * Each target gets its own debouncer keyed by a unique identifier.
+ */
+const targetDebouncers = new Map<
+ WebhookTarget,
+ ReturnType
+>();
+
+function resolveBlueBubblesDebounceMs(
+ config: ClawdbotConfig,
+ core: BlueBubblesCoreRuntime,
+): number {
+ const inbound = config.messages?.inbound;
+ const hasExplicitDebounce =
+ typeof inbound?.debounceMs === "number" || typeof inbound?.byChannel?.bluebubbles === "number";
+ if (!hasExplicitDebounce) return DEFAULT_INBOUND_DEBOUNCE_MS;
+ return core.channel.debounce.resolveInboundDebounceMs({ cfg: config, channel: "bluebubbles" });
+}
+
+/**
+ * Creates or retrieves a debouncer for a webhook target.
+ */
+function getOrCreateDebouncer(target: WebhookTarget) {
+ const existing = targetDebouncers.get(target);
+ if (existing) return existing;
+
+ const { account, config, runtime, core } = target;
+
+ const debouncer = core.channel.debounce.createInboundDebouncer({
+ debounceMs: resolveBlueBubblesDebounceMs(config, core),
+ buildKey: (entry) => {
+ const msg = entry.message;
+ // Build key from account + chat + sender to coalesce messages from same source
+ const chatKey =
+ msg.chatGuid?.trim() ??
+ msg.chatIdentifier?.trim() ??
+ (msg.chatId ? String(msg.chatId) : "dm");
+ return `bluebubbles:${account.accountId}:${chatKey}:${msg.senderId}`;
+ },
+ shouldDebounce: (entry) => {
+ const msg = entry.message;
+ // Skip debouncing for messages with attachments - process immediately
+ if (msg.attachments && msg.attachments.length > 0) return false;
+ // Skip debouncing for from-me messages (they're just cached, not processed)
+ if (msg.fromMe) return false;
+ // Skip debouncing for control commands - process immediately
+ if (core.channel.text.hasControlCommand(msg.text, config)) return false;
+ // Debounce normal text messages and URL balloon messages
+ return true;
+ },
+ onFlush: async (entries) => {
+ if (entries.length === 0) return;
+
+ // Use target from first entry (all entries have same target due to key structure)
+ const flushTarget = entries[0].target;
+
+ if (entries.length === 1) {
+ // Single message - process normally
+ await processMessage(entries[0].message, flushTarget);
+ return;
+ }
+
+ // Multiple messages - combine and process
+ const combined = combineDebounceEntries(entries);
+
+ if (core.logging.shouldLogVerbose()) {
+ const count = entries.length;
+ const preview = combined.text.slice(0, 50);
+ runtime.log?.(
+ `[bluebubbles] coalesced ${count} messages: "${preview}${combined.text.length > 50 ? "..." : ""}"`,
+ );
+ }
+
+ await processMessage(combined, flushTarget);
+ },
+ onError: (err) => {
+ runtime.error?.(`[${account.accountId}] [bluebubbles] debounce flush failed: ${String(err)}`);
+ },
+ });
+
+ targetDebouncers.set(target, debouncer);
+ return debouncer;
+}
+
+/**
+ * Removes a debouncer for a target (called during unregistration).
+ */
+function removeDebouncer(target: WebhookTarget): void {
+ targetDebouncers.delete(target);
+}
+
function normalizeWebhookPath(raw: string): string {
const trimmed = raw.trim();
if (!trimmed) return "/";
@@ -275,6 +445,8 @@ export function registerBlueBubblesWebhookTarget(target: WebhookTarget): () => v
} else {
webhookTargets.delete(key);
}
+ // Clean up debouncer when target is unregistered
+ removeDebouncer(normalizedTarget);
};
}
@@ -1205,7 +1377,10 @@ export async function handleBlueBubblesWebhookRequest(
);
});
} else if (message) {
- processMessage(message, target).catch((err) => {
+ // Route messages through debouncer to coalesce rapid-fire events
+ // (e.g., text message + URL balloon arriving as separate webhooks)
+ const debouncer = getOrCreateDebouncer(target);
+ debouncer.enqueue({ message, target }).catch((err) => {
target.runtime.error?.(
`[${target.account.accountId}] BlueBubbles webhook failed: ${String(err)}`,
);
diff --git a/extensions/matrix/package.json b/extensions/matrix/package.json
index 7fa12bc74..625c92df0 100644
--- a/extensions/matrix/package.json
+++ b/extensions/matrix/package.json
@@ -26,7 +26,7 @@
"dependencies": {
"@matrix-org/matrix-sdk-crypto-nodejs": "^0.4.0",
"markdown-it": "14.1.0",
- "matrix-bot-sdk": "0.8.0",
+ "@vector-im/matrix-bot-sdk": "0.8.0-element.3",
"music-metadata": "^11.10.6",
"zod": "^4.3.6"
},
diff --git a/extensions/matrix/src/matrix/actions/messages.ts b/extensions/matrix/src/matrix/actions/messages.ts
index dae1a0f20..60f69e219 100644
--- a/extensions/matrix/src/matrix/actions/messages.ts
+++ b/extensions/matrix/src/matrix/actions/messages.ts
@@ -95,7 +95,7 @@ export async function readMatrixMessages(
: 20;
const token = opts.before?.trim() || opts.after?.trim() || undefined;
const dir = opts.after ? "f" : "b";
- // matrix-bot-sdk uses doRequest for room messages
+ // @vector-im/matrix-bot-sdk uses doRequest for room messages
const res = await client.doRequest(
"GET",
`/_matrix/client/v3/rooms/${encodeURIComponent(resolvedRoom)}/messages`,
diff --git a/extensions/matrix/src/matrix/actions/reactions.ts b/extensions/matrix/src/matrix/actions/reactions.ts
index 5c3f65305..044ef46c5 100644
--- a/extensions/matrix/src/matrix/actions/reactions.ts
+++ b/extensions/matrix/src/matrix/actions/reactions.ts
@@ -21,7 +21,7 @@ export async function listMatrixReactions(
typeof opts.limit === "number" && Number.isFinite(opts.limit)
? Math.max(1, Math.floor(opts.limit))
: 100;
- // matrix-bot-sdk uses doRequest for relations
+ // @vector-im/matrix-bot-sdk uses doRequest for relations
const res = await client.doRequest(
"GET",
`/_matrix/client/v1/rooms/${encodeURIComponent(resolvedRoom)}/relations/${encodeURIComponent(messageId)}/${RelationType.Annotation}/${EventType.Reaction}`,
diff --git a/extensions/matrix/src/matrix/actions/room.ts b/extensions/matrix/src/matrix/actions/room.ts
index 1b52404dc..68cf9b0a0 100644
--- a/extensions/matrix/src/matrix/actions/room.ts
+++ b/extensions/matrix/src/matrix/actions/room.ts
@@ -9,9 +9,9 @@ export async function getMatrixMemberInfo(
const { client, stopOnDone } = await resolveActionClient(opts);
try {
const roomId = opts.roomId ? await resolveMatrixRoomId(client, opts.roomId) : undefined;
- // matrix-bot-sdk uses getUserProfile
+ // @vector-im/matrix-bot-sdk uses getUserProfile
const profile = await client.getUserProfile(userId);
- // Note: matrix-bot-sdk doesn't have getRoom().getMember() like matrix-js-sdk
+ // Note: @vector-im/matrix-bot-sdk doesn't have getRoom().getMember() like matrix-js-sdk
// We'd need to fetch room state separately if needed
return {
userId,
@@ -36,7 +36,7 @@ export async function getMatrixRoomInfo(
const { client, stopOnDone } = await resolveActionClient(opts);
try {
const resolvedRoom = await resolveMatrixRoomId(client, roomId);
- // matrix-bot-sdk uses getRoomState for state events
+ // @vector-im/matrix-bot-sdk uses getRoomState for state events
let name: string | null = null;
let topic: string | null = null;
let canonicalAlias: string | null = null;
diff --git a/extensions/matrix/src/matrix/actions/summary.ts b/extensions/matrix/src/matrix/actions/summary.ts
index f58d6a9b8..2fa2d27b3 100644
--- a/extensions/matrix/src/matrix/actions/summary.ts
+++ b/extensions/matrix/src/matrix/actions/summary.ts
@@ -1,4 +1,4 @@
-import type { MatrixClient } from "matrix-bot-sdk";
+import type { MatrixClient } from "@vector-im/matrix-bot-sdk";
import {
EventType,
diff --git a/extensions/matrix/src/matrix/actions/types.ts b/extensions/matrix/src/matrix/actions/types.ts
index 506e00783..75fddbd9c 100644
--- a/extensions/matrix/src/matrix/actions/types.ts
+++ b/extensions/matrix/src/matrix/actions/types.ts
@@ -1,4 +1,4 @@
-import type { MatrixClient } from "matrix-bot-sdk";
+import type { MatrixClient } from "@vector-im/matrix-bot-sdk";
export const MsgType = {
Text: "m.text",
diff --git a/extensions/matrix/src/matrix/active-client.ts b/extensions/matrix/src/matrix/active-client.ts
index 9aa0ffdde..5ff540926 100644
--- a/extensions/matrix/src/matrix/active-client.ts
+++ b/extensions/matrix/src/matrix/active-client.ts
@@ -1,4 +1,4 @@
-import type { MatrixClient } from "matrix-bot-sdk";
+import type { MatrixClient } from "@vector-im/matrix-bot-sdk";
let activeClient: MatrixClient | null = null;
diff --git a/extensions/matrix/src/matrix/client/config.ts b/extensions/matrix/src/matrix/client/config.ts
index bc0729ddb..048c3bef9 100644
--- a/extensions/matrix/src/matrix/client/config.ts
+++ b/extensions/matrix/src/matrix/client/config.ts
@@ -1,4 +1,4 @@
-import { MatrixClient } from "matrix-bot-sdk";
+import { MatrixClient } from "@vector-im/matrix-bot-sdk";
import type { CoreConfig } from "../types.js";
import { getMatrixRuntime } from "../../runtime.js";
diff --git a/extensions/matrix/src/matrix/client/create-client.ts b/extensions/matrix/src/matrix/client/create-client.ts
index 01dc2e7ad..874da7e92 100644
--- a/extensions/matrix/src/matrix/client/create-client.ts
+++ b/extensions/matrix/src/matrix/client/create-client.ts
@@ -5,8 +5,8 @@ import {
MatrixClient,
SimpleFsStorageProvider,
RustSdkCryptoStorageProvider,
-} from "matrix-bot-sdk";
-import type { IStorageProvider, ICryptoStorageProvider } from "matrix-bot-sdk";
+} from "@vector-im/matrix-bot-sdk";
+import type { IStorageProvider, ICryptoStorageProvider } from "@vector-im/matrix-bot-sdk";
import { ensureMatrixSdkLoggingConfigured } from "./logging.js";
import {
diff --git a/extensions/matrix/src/matrix/client/logging.ts b/extensions/matrix/src/matrix/client/logging.ts
index 7c4011fc5..5a7180597 100644
--- a/extensions/matrix/src/matrix/client/logging.ts
+++ b/extensions/matrix/src/matrix/client/logging.ts
@@ -1,4 +1,4 @@
-import { ConsoleLogger, LogService } from "matrix-bot-sdk";
+import { ConsoleLogger, LogService } from "@vector-im/matrix-bot-sdk";
let matrixSdkLoggingConfigured = false;
const matrixSdkBaseLogger = new ConsoleLogger();
diff --git a/extensions/matrix/src/matrix/client/shared.ts b/extensions/matrix/src/matrix/client/shared.ts
index fcde28268..da10fc360 100644
--- a/extensions/matrix/src/matrix/client/shared.ts
+++ b/extensions/matrix/src/matrix/client/shared.ts
@@ -1,5 +1,5 @@
-import { LogService } from "matrix-bot-sdk";
-import type { MatrixClient } from "matrix-bot-sdk";
+import { LogService } from "@vector-im/matrix-bot-sdk";
+import type { MatrixClient } from "@vector-im/matrix-bot-sdk";
import type { CoreConfig } from "../types.js";
import { createMatrixClient } from "./create-client.js";
@@ -157,7 +157,7 @@ export async function waitForMatrixSync(_params: {
timeoutMs?: number;
abortSignal?: AbortSignal;
}): Promise {
- // matrix-bot-sdk handles sync internally in start()
+ // @vector-im/matrix-bot-sdk handles sync internally in start()
// This is kept for API compatibility but is essentially a no-op now
}
diff --git a/extensions/matrix/src/matrix/deps.ts b/extensions/matrix/src/matrix/deps.ts
index df2f58706..5777e43a7 100644
--- a/extensions/matrix/src/matrix/deps.ts
+++ b/extensions/matrix/src/matrix/deps.ts
@@ -6,7 +6,7 @@ import { fileURLToPath } from "node:url";
import type { RuntimeEnv } from "clawdbot/plugin-sdk";
import { getMatrixRuntime } from "../runtime.js";
-const MATRIX_SDK_PACKAGE = "matrix-bot-sdk";
+const MATRIX_SDK_PACKAGE = "@vector-im/matrix-bot-sdk";
export function isMatrixSdkAvailable(): boolean {
try {
@@ -30,9 +30,9 @@ export async function ensureMatrixSdkInstalled(params: {
if (isMatrixSdkAvailable()) return;
const confirm = params.confirm;
if (confirm) {
- const ok = await confirm("Matrix requires matrix-bot-sdk. Install now?");
+ const ok = await confirm("Matrix requires @vector-im/matrix-bot-sdk. Install now?");
if (!ok) {
- throw new Error("Matrix requires matrix-bot-sdk (install dependencies first).");
+ throw new Error("Matrix requires @vector-im/matrix-bot-sdk (install dependencies first).");
}
}
@@ -52,6 +52,6 @@ export async function ensureMatrixSdkInstalled(params: {
);
}
if (!isMatrixSdkAvailable()) {
- throw new Error("Matrix dependency install completed but matrix-bot-sdk is still missing.");
+ throw new Error("Matrix dependency install completed but @vector-im/matrix-bot-sdk is still missing.");
}
}
diff --git a/extensions/matrix/src/matrix/monitor/auto-join.ts b/extensions/matrix/src/matrix/monitor/auto-join.ts
index 564c78995..5feb5bc3a 100644
--- a/extensions/matrix/src/matrix/monitor/auto-join.ts
+++ b/extensions/matrix/src/matrix/monitor/auto-join.ts
@@ -1,5 +1,5 @@
-import type { MatrixClient } from "matrix-bot-sdk";
-import { AutojoinRoomsMixin } from "matrix-bot-sdk";
+import type { MatrixClient } from "@vector-im/matrix-bot-sdk";
+import { AutojoinRoomsMixin } from "@vector-im/matrix-bot-sdk";
import type { RuntimeEnv } from "clawdbot/plugin-sdk";
import type { CoreConfig } from "../../types.js";
diff --git a/extensions/matrix/src/matrix/monitor/direct.ts b/extensions/matrix/src/matrix/monitor/direct.ts
index fff8383ca..cd2234fdd 100644
--- a/extensions/matrix/src/matrix/monitor/direct.ts
+++ b/extensions/matrix/src/matrix/monitor/direct.ts
@@ -1,4 +1,4 @@
-import type { MatrixClient } from "matrix-bot-sdk";
+import type { MatrixClient } from "@vector-im/matrix-bot-sdk";
type DirectMessageCheck = {
roomId: string;
diff --git a/extensions/matrix/src/matrix/monitor/events.ts b/extensions/matrix/src/matrix/monitor/events.ts
index af49693ff..3705eb356 100644
--- a/extensions/matrix/src/matrix/monitor/events.ts
+++ b/extensions/matrix/src/matrix/monitor/events.ts
@@ -1,4 +1,4 @@
-import type { MatrixClient } from "matrix-bot-sdk";
+import type { MatrixClient } from "@vector-im/matrix-bot-sdk";
import type { PluginRuntime } from "clawdbot/plugin-sdk";
import type { MatrixAuth } from "../client.js";
diff --git a/extensions/matrix/src/matrix/monitor/handler.ts b/extensions/matrix/src/matrix/monitor/handler.ts
index 4542e113a..19f9be38d 100644
--- a/extensions/matrix/src/matrix/monitor/handler.ts
+++ b/extensions/matrix/src/matrix/monitor/handler.ts
@@ -1,4 +1,4 @@
-import type { LocationMessageEventContent, MatrixClient } from "matrix-bot-sdk";
+import type { LocationMessageEventContent, MatrixClient } from "@vector-im/matrix-bot-sdk";
import {
createReplyPrefixContext,
@@ -110,7 +110,7 @@ export function createMatrixRoomMessageHandler(params: MatrixMonitorHandlerParam
try {
const eventType = event.type;
if (eventType === EventType.RoomMessageEncrypted) {
- // Encrypted messages are decrypted automatically by matrix-bot-sdk with crypto enabled
+ // Encrypted messages are decrypted automatically by @vector-im/matrix-bot-sdk with crypto enabled
return;
}
@@ -436,7 +436,7 @@ export function createMatrixRoomMessageHandler(params: MatrixMonitorHandlerParam
threadReplies,
messageId,
threadRootId,
- isThreadRoot: false, // matrix-bot-sdk doesn't have this info readily available
+ isThreadRoot: false, // @vector-im/matrix-bot-sdk doesn't have this info readily available
});
const route = core.channel.routing.resolveAgentRoute({
diff --git a/extensions/matrix/src/matrix/monitor/index.ts b/extensions/matrix/src/matrix/monitor/index.ts
index 35e75c4ed..0a203be41 100644
--- a/extensions/matrix/src/matrix/monitor/index.ts
+++ b/extensions/matrix/src/matrix/monitor/index.ts
@@ -244,7 +244,7 @@ export async function monitorMatrixProvider(opts: MonitorMatrixOpts = {}): Promi
});
logVerboseMessage("matrix: client started");
- // matrix-bot-sdk client is already started via resolveSharedMatrixClient
+ // @vector-im/matrix-bot-sdk client is already started via resolveSharedMatrixClient
logger.info(`matrix: logged in as ${auth.userId}`);
// If E2EE is enabled, trigger device verification
diff --git a/extensions/matrix/src/matrix/monitor/location.ts b/extensions/matrix/src/matrix/monitor/location.ts
index 22374cad8..0054b6c6b 100644
--- a/extensions/matrix/src/matrix/monitor/location.ts
+++ b/extensions/matrix/src/matrix/monitor/location.ts
@@ -1,4 +1,4 @@
-import type { LocationMessageEventContent } from "matrix-bot-sdk";
+import type { LocationMessageEventContent } from "@vector-im/matrix-bot-sdk";
import {
formatLocationText,
diff --git a/extensions/matrix/src/matrix/monitor/media.test.ts b/extensions/matrix/src/matrix/monitor/media.test.ts
index 10cbd8b47..28ed5046a 100644
--- a/extensions/matrix/src/matrix/monitor/media.test.ts
+++ b/extensions/matrix/src/matrix/monitor/media.test.ts
@@ -29,7 +29,7 @@ describe("downloadMatrixMedia", () => {
const client = {
crypto: { decryptMedia },
mxcToHttp: vi.fn().mockReturnValue("https://example/mxc"),
- } as unknown as import("matrix-bot-sdk").MatrixClient;
+ } as unknown as import("@vector-im/matrix-bot-sdk").MatrixClient;
const file = {
url: "mxc://example/file",
@@ -70,7 +70,7 @@ describe("downloadMatrixMedia", () => {
const client = {
crypto: { decryptMedia },
mxcToHttp: vi.fn().mockReturnValue("https://example/mxc"),
- } as unknown as import("matrix-bot-sdk").MatrixClient;
+ } as unknown as import("@vector-im/matrix-bot-sdk").MatrixClient;
const file = {
url: "mxc://example/file",
diff --git a/extensions/matrix/src/matrix/monitor/media.ts b/extensions/matrix/src/matrix/monitor/media.ts
index 1ade1d19c..0b33cca53 100644
--- a/extensions/matrix/src/matrix/monitor/media.ts
+++ b/extensions/matrix/src/matrix/monitor/media.ts
@@ -1,4 +1,4 @@
-import type { MatrixClient } from "matrix-bot-sdk";
+import type { MatrixClient } from "@vector-im/matrix-bot-sdk";
import { getMatrixRuntime } from "../../runtime.js";
@@ -22,7 +22,7 @@ async function fetchMatrixMediaBuffer(params: {
mxcUrl: string;
maxBytes: number;
}): Promise<{ buffer: Buffer; headerType?: string } | null> {
- // matrix-bot-sdk provides mxcToHttp helper
+ // @vector-im/matrix-bot-sdk provides mxcToHttp helper
const url = params.client.mxcToHttp(params.mxcUrl);
if (!url) return null;
@@ -40,7 +40,7 @@ async function fetchMatrixMediaBuffer(params: {
/**
* Download and decrypt encrypted media from a Matrix room.
- * Uses matrix-bot-sdk's decryptMedia which handles both download and decryption.
+ * Uses @vector-im/matrix-bot-sdk's decryptMedia which handles both download and decryption.
*/
async function fetchEncryptedMediaBuffer(params: {
client: MatrixClient;
diff --git a/extensions/matrix/src/matrix/monitor/replies.ts b/extensions/matrix/src/matrix/monitor/replies.ts
index f79ef5926..70ac9bacc 100644
--- a/extensions/matrix/src/matrix/monitor/replies.ts
+++ b/extensions/matrix/src/matrix/monitor/replies.ts
@@ -1,4 +1,4 @@
-import type { MatrixClient } from "matrix-bot-sdk";
+import type { MatrixClient } from "@vector-im/matrix-bot-sdk";
import type { MarkdownTableMode, ReplyPayload, RuntimeEnv } from "clawdbot/plugin-sdk";
import { sendMessageMatrix } from "../send.js";
diff --git a/extensions/matrix/src/matrix/monitor/room-info.ts b/extensions/matrix/src/matrix/monitor/room-info.ts
index e32b5b37a..cad377e1a 100644
--- a/extensions/matrix/src/matrix/monitor/room-info.ts
+++ b/extensions/matrix/src/matrix/monitor/room-info.ts
@@ -1,4 +1,4 @@
-import type { MatrixClient } from "matrix-bot-sdk";
+import type { MatrixClient } from "@vector-im/matrix-bot-sdk";
export type MatrixRoomInfo = {
name?: string;
diff --git a/extensions/matrix/src/matrix/monitor/threads.ts b/extensions/matrix/src/matrix/monitor/threads.ts
index 3378d3b2b..4d618f329 100644
--- a/extensions/matrix/src/matrix/monitor/threads.ts
+++ b/extensions/matrix/src/matrix/monitor/threads.ts
@@ -1,4 +1,4 @@
-// Type for raw Matrix event from matrix-bot-sdk
+// Type for raw Matrix event from @vector-im/matrix-bot-sdk
type MatrixRawEvent = {
event_id: string;
sender: string;
diff --git a/extensions/matrix/src/matrix/monitor/types.ts b/extensions/matrix/src/matrix/monitor/types.ts
index c77cf0282..c910f931f 100644
--- a/extensions/matrix/src/matrix/monitor/types.ts
+++ b/extensions/matrix/src/matrix/monitor/types.ts
@@ -1,4 +1,4 @@
-import type { EncryptedFile, MessageEventContent } from "matrix-bot-sdk";
+import type { EncryptedFile, MessageEventContent } from "@vector-im/matrix-bot-sdk";
export const EventType = {
RoomMessage: "m.room.message",
diff --git a/extensions/matrix/src/matrix/probe.ts b/extensions/matrix/src/matrix/probe.ts
index 3bfdd1728..7bd54bdc4 100644
--- a/extensions/matrix/src/matrix/probe.ts
+++ b/extensions/matrix/src/matrix/probe.ts
@@ -49,7 +49,7 @@ export async function probeMatrix(params: {
accessToken: params.accessToken,
localTimeoutMs: params.timeoutMs,
});
- // matrix-bot-sdk uses getUserId() which calls whoami internally
+ // @vector-im/matrix-bot-sdk uses getUserId() which calls whoami internally
const userId = await client.getUserId();
result.ok = true;
result.userId = userId ?? null;
diff --git a/extensions/matrix/src/matrix/send.test.ts b/extensions/matrix/src/matrix/send.test.ts
index c647eedb9..e82e18fb0 100644
--- a/extensions/matrix/src/matrix/send.test.ts
+++ b/extensions/matrix/src/matrix/send.test.ts
@@ -3,7 +3,7 @@ import { beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
import type { PluginRuntime } from "clawdbot/plugin-sdk";
import { setMatrixRuntime } from "../runtime.js";
-vi.mock("matrix-bot-sdk", () => ({
+vi.mock("@vector-im/matrix-bot-sdk", () => ({
ConsoleLogger: class {
trace = vi.fn();
debug = vi.fn();
@@ -60,7 +60,7 @@ const makeClient = () => {
sendMessage,
uploadContent,
getUserId: vi.fn().mockResolvedValue("@bot:example.org"),
- } as unknown as import("matrix-bot-sdk").MatrixClient;
+ } as unknown as import("@vector-im/matrix-bot-sdk").MatrixClient;
return { client, sendMessage, uploadContent };
};
diff --git a/extensions/matrix/src/matrix/send.ts b/extensions/matrix/src/matrix/send.ts
index 264bd6429..1fed4198a 100644
--- a/extensions/matrix/src/matrix/send.ts
+++ b/extensions/matrix/src/matrix/send.ts
@@ -1,4 +1,4 @@
-import type { MatrixClient } from "matrix-bot-sdk";
+import type { MatrixClient } from "@vector-im/matrix-bot-sdk";
import type { PollInput } from "clawdbot/plugin-sdk";
import { getMatrixRuntime } from "../runtime.js";
@@ -72,7 +72,7 @@ export async function sendMessageMatrix(
? buildThreadRelation(threadId, opts.replyToId)
: buildReplyRelation(opts.replyToId);
const sendContent = async (content: MatrixOutboundContent) => {
- // matrix-bot-sdk uses sendMessage differently
+ // @vector-im/matrix-bot-sdk uses sendMessage differently
const eventId = await client.sendMessage(roomId, content);
return eventId;
};
@@ -172,7 +172,7 @@ export async function sendPollMatrix(
const pollPayload = threadId
? { ...pollContent, "m.relates_to": buildThreadRelation(threadId) }
: pollContent;
- // matrix-bot-sdk sendEvent returns eventId string directly
+ // @vector-im/matrix-bot-sdk sendEvent returns eventId string directly
const eventId = await client.sendEvent(roomId, M_POLL_START, pollPayload);
return {
diff --git a/extensions/matrix/src/matrix/send/client.ts b/extensions/matrix/src/matrix/send/client.ts
index 2faa19091..5b9338054 100644
--- a/extensions/matrix/src/matrix/send/client.ts
+++ b/extensions/matrix/src/matrix/send/client.ts
@@ -1,4 +1,4 @@
-import type { MatrixClient } from "matrix-bot-sdk";
+import type { MatrixClient } from "@vector-im/matrix-bot-sdk";
import { getMatrixRuntime } from "../../runtime.js";
import { getActiveMatrixClient } from "../active-client.js";
@@ -57,7 +57,7 @@ export async function resolveMatrixClient(opts: {
// Ignore crypto prep failures for one-off sends; normal sync will retry.
}
}
- // matrix-bot-sdk uses start() instead of startClient()
+ // @vector-im/matrix-bot-sdk uses start() instead of startClient()
await client.start();
return { client, stopOnDone: true };
}
diff --git a/extensions/matrix/src/matrix/send/media.ts b/extensions/matrix/src/matrix/send/media.ts
index d4cf29805..8c564bddb 100644
--- a/extensions/matrix/src/matrix/send/media.ts
+++ b/extensions/matrix/src/matrix/send/media.ts
@@ -5,7 +5,7 @@ import type {
MatrixClient,
TimedFileInfo,
VideoFileInfo,
-} from "matrix-bot-sdk";
+} from "@vector-im/matrix-bot-sdk";
import { parseBuffer, type IFileInfo } from "music-metadata";
import { getMatrixRuntime } from "../../runtime.js";
diff --git a/extensions/matrix/src/matrix/send/targets.test.ts b/extensions/matrix/src/matrix/send/targets.test.ts
index 18499f895..7173b1cf6 100644
--- a/extensions/matrix/src/matrix/send/targets.test.ts
+++ b/extensions/matrix/src/matrix/send/targets.test.ts
@@ -1,6 +1,6 @@
import { beforeEach, describe, expect, it, vi } from "vitest";
-import type { MatrixClient } from "matrix-bot-sdk";
+import type { MatrixClient } from "@vector-im/matrix-bot-sdk";
import { EventType } from "./types.js";
let resolveMatrixRoomId: typeof import("./targets.js").resolveMatrixRoomId;
diff --git a/extensions/matrix/src/matrix/send/targets.ts b/extensions/matrix/src/matrix/send/targets.ts
index dde734ba2..6ec6ad6d7 100644
--- a/extensions/matrix/src/matrix/send/targets.ts
+++ b/extensions/matrix/src/matrix/send/targets.ts
@@ -1,4 +1,4 @@
-import type { MatrixClient } from "matrix-bot-sdk";
+import type { MatrixClient } from "@vector-im/matrix-bot-sdk";
import { EventType, type MatrixDirectAccountData } from "./types.js";
diff --git a/extensions/matrix/src/matrix/send/types.ts b/extensions/matrix/src/matrix/send/types.ts
index eb59f8a62..2b91327aa 100644
--- a/extensions/matrix/src/matrix/send/types.ts
+++ b/extensions/matrix/src/matrix/send/types.ts
@@ -6,7 +6,7 @@ import type {
TextualMessageEventContent,
TimedFileInfo,
VideoFileInfo,
-} from "matrix-bot-sdk";
+} from "@vector-im/matrix-bot-sdk";
// Message types
export const MsgType = {
@@ -85,7 +85,7 @@ export type MatrixSendResult = {
};
export type MatrixSendOpts = {
- client?: import("matrix-bot-sdk").MatrixClient;
+ client?: import("@vector-im/matrix-bot-sdk").MatrixClient;
mediaUrl?: string;
accountId?: string;
replyToId?: string;
diff --git a/extensions/matrix/src/onboarding.ts b/extensions/matrix/src/onboarding.ts
index 28f24b788..80c034d44 100644
--- a/extensions/matrix/src/onboarding.ts
+++ b/extensions/matrix/src/onboarding.ts
@@ -185,7 +185,7 @@ export const matrixOnboardingAdapter: ChannelOnboardingAdapter = {
`Matrix: ${configured ? "configured" : "needs homeserver + access token or password"}`,
],
selectionHint: !sdkReady
- ? "install matrix-bot-sdk"
+ ? "install @vector-im/matrix-bot-sdk"
: configured
? "configured"
: "needs auth",
diff --git a/extensions/matrix/src/types.ts b/extensions/matrix/src/types.ts
index f44f1074d..f03734130 100644
--- a/extensions/matrix/src/types.ts
+++ b/extensions/matrix/src/types.ts
@@ -53,7 +53,7 @@ export type MatrixConfig = {
password?: string;
/** Optional device name when logging in via password. */
deviceName?: string;
- /** Initial sync limit for startup (default: matrix-bot-sdk default). */
+ /** Initial sync limit for startup (default: @vector-im/matrix-bot-sdk default). */
initialSyncLimit?: number;
/** Enable end-to-end encryption (E2EE). Default: false. */
encryption?: boolean;
diff --git a/extensions/memory-core/package.json b/extensions/memory-core/package.json
index c70da1395..af6a3f9cd 100644
--- a/extensions/memory-core/package.json
+++ b/extensions/memory-core/package.json
@@ -9,6 +9,6 @@
]
},
"peerDependencies": {
- "clawdbot": ">=2026.1.25"
+ "clawdbot": ">=2026.1.24-3"
}
}
diff --git a/extensions/msteams/src/reply-dispatcher.ts b/extensions/msteams/src/reply-dispatcher.ts
index c83867a65..f54422d33 100644
--- a/extensions/msteams/src/reply-dispatcher.ts
+++ b/extensions/msteams/src/reply-dispatcher.ts
@@ -42,7 +42,7 @@ export function createMSTeamsReplyDispatcher(params: {
}) {
const core = getMSTeamsRuntime();
const sendTypingIndicator = async () => {
- await params.context.sendActivities([{ type: "typing" }]);
+ await params.context.sendActivity({ type: "typing" });
};
const typingCallbacks = createTypingCallbacks({
start: sendTypingIndicator,
@@ -70,38 +70,38 @@ export function createMSTeamsReplyDispatcher(params: {
const tableMode = core.channel.text.resolveMarkdownTableMode({
cfg: params.cfg,
channel: "msteams",
- });
- const messages = renderReplyPayloadsToMessages([payload], {
- textChunkLimit: params.textLimit,
- chunkText: true,
- mediaMode: "split",
- tableMode,
- chunkMode,
- });
- const mediaMaxBytes = resolveChannelMediaMaxBytes({
- cfg: params.cfg,
- resolveChannelLimitMb: ({ cfg }) => cfg.channels?.msteams?.mediaMaxMb,
- });
- const ids = await sendMSTeamsMessages({
- replyStyle: params.replyStyle,
- adapter: params.adapter,
- appId: params.appId,
- conversationRef: params.conversationRef,
- context: params.context,
- messages,
- // Enable default retry/backoff for throttling/transient failures.
- retry: {},
- onRetry: (event) => {
- params.log.debug("retrying send", {
- replyStyle: params.replyStyle,
- ...event,
- });
- },
- tokenProvider: params.tokenProvider,
- sharePointSiteId: params.sharePointSiteId,
- mediaMaxBytes,
- });
- if (ids.length > 0) params.onSentMessageIds?.(ids);
+ });
+ const messages = renderReplyPayloadsToMessages([payload], {
+ textChunkLimit: params.textLimit,
+ chunkText: true,
+ mediaMode: "split",
+ tableMode,
+ chunkMode,
+ });
+ const mediaMaxBytes = resolveChannelMediaMaxBytes({
+ cfg: params.cfg,
+ resolveChannelLimitMb: ({ cfg }) => cfg.channels?.msteams?.mediaMaxMb,
+ });
+ const ids = await sendMSTeamsMessages({
+ replyStyle: params.replyStyle,
+ adapter: params.adapter,
+ appId: params.appId,
+ conversationRef: params.conversationRef,
+ context: params.context,
+ messages,
+ // Enable default retry/backoff for throttling/transient failures.
+ retry: {},
+ onRetry: (event) => {
+ params.log.debug("retrying send", {
+ replyStyle: params.replyStyle,
+ ...event,
+ });
+ },
+ tokenProvider: params.tokenProvider,
+ sharePointSiteId: params.sharePointSiteId,
+ mediaMaxBytes,
+ });
+ if (ids.length > 0) params.onSentMessageIds?.(ids);
},
onError: (err, info) => {
const errMsg = formatUnknownError(err);
diff --git a/extensions/twitch/CHANGELOG.md b/extensions/twitch/CHANGELOG.md
new file mode 100644
index 000000000..9573d58ae
--- /dev/null
+++ b/extensions/twitch/CHANGELOG.md
@@ -0,0 +1,21 @@
+# Changelog
+
+## 2026.1.23
+
+### Features
+
+- Initial Twitch plugin release
+- Twitch chat integration via @twurple (IRC connection)
+- Multi-account support with per-channel configuration
+- Access control via user ID allowlists and role-based restrictions
+- Automatic token refresh with RefreshingAuthProvider
+- Environment variable fallback for default account token
+- Message actions support
+- Status monitoring and probing
+- Outbound message delivery with markdown stripping
+
+### Improvements
+
+- Added proper configuration schema with Zod validation
+- Added plugin descriptor (clawdbot.plugin.json)
+- Added comprehensive README and documentation
diff --git a/extensions/twitch/README.md b/extensions/twitch/README.md
new file mode 100644
index 000000000..2d3e4ceea
--- /dev/null
+++ b/extensions/twitch/README.md
@@ -0,0 +1,89 @@
+# @clawdbot/twitch
+
+Twitch channel plugin for Clawdbot.
+
+## Install (local checkout)
+
+```bash
+clawdbot plugins install ./extensions/twitch
+```
+
+## Install (npm)
+
+```bash
+clawdbot plugins install @clawdbot/twitch
+```
+
+Onboarding: select Twitch and confirm the install prompt to fetch the plugin automatically.
+
+## Config
+
+Minimal config (simplified single-account):
+
+**⚠️ Important:** `requireMention` defaults to `true`. Add access control (`allowFrom` or `allowedRoles`) to prevent unauthorized users from triggering the bot.
+
+```json5
+{
+ channels: {
+ twitch: {
+ enabled: true,
+ username: "clawdbot",
+ accessToken: "oauth:abc123...", // OAuth Access Token (add oauth: prefix)
+ clientId: "xyz789...", // Client ID from Token Generator
+ channel: "vevisk", // Channel to join (required)
+ allowFrom: ["123456789"], // (recommended) Your Twitch user ID only (Convert your twitch username to ID at https://www.streamweasels.com/tools/convert-twitch-username-%20to-user-id/)
+ },
+ },
+}
+```
+
+**Access control options:**
+
+- `requireMention: false` - Disable the default mention requirement to respond to all messages
+- `allowFrom: ["your_user_id"]` - Restrict to your Twitch user ID only (find your ID at https://www.twitchangles.com/xqc or similar)
+- `allowedRoles: ["moderator", "vip", "subscriber"]` - Restrict to specific roles
+
+Multi-account config (advanced):
+
+```json5
+{
+ channels: {
+ twitch: {
+ enabled: true,
+ accounts: {
+ default: {
+ username: "clawdbot",
+ accessToken: "oauth:abc123...",
+ clientId: "xyz789...",
+ channel: "vevisk",
+ },
+ channel2: {
+ username: "clawdbot",
+ accessToken: "oauth:def456...",
+ clientId: "uvw012...",
+ channel: "secondchannel",
+ },
+ },
+ },
+ },
+}
+```
+
+## Setup
+
+1. Create a dedicated Twitch account for the bot, then generate credentials: [Twitch Token Generator](https://twitchtokengenerator.com/)
+ - Select **Bot Token**
+ - Verify scopes `chat:read` and `chat:write` are selected
+ - Copy the **Access Token** to `token` property
+ - Copy the **Client ID** to `clientId` property
+2. Start the gateway
+
+## Full documentation
+
+See https://docs.clawd.bot/channels/twitch for:
+
+- Token refresh setup
+- Access control patterns
+- Multi-account configuration
+- Troubleshooting
+- Capabilities & limits
diff --git a/extensions/twitch/clawdbot.plugin.json b/extensions/twitch/clawdbot.plugin.json
new file mode 100644
index 000000000..3e7d1ec26
--- /dev/null
+++ b/extensions/twitch/clawdbot.plugin.json
@@ -0,0 +1,9 @@
+{
+ "id": "twitch",
+ "channels": ["twitch"],
+ "configSchema": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {}
+ }
+}
diff --git a/extensions/twitch/index.ts b/extensions/twitch/index.ts
new file mode 100644
index 000000000..25adc4705
--- /dev/null
+++ b/extensions/twitch/index.ts
@@ -0,0 +1,20 @@
+import type { ClawdbotPluginApi } from "clawdbot/plugin-sdk";
+import { emptyPluginConfigSchema } from "clawdbot/plugin-sdk";
+
+import { twitchPlugin } from "./src/plugin.js";
+import { setTwitchRuntime } from "./src/runtime.js";
+
+export { monitorTwitchProvider } from "./src/monitor.js";
+
+const plugin = {
+ id: "twitch",
+ name: "Twitch",
+ description: "Twitch channel plugin",
+ configSchema: emptyPluginConfigSchema(),
+ register(api: ClawdbotPluginApi) {
+ setTwitchRuntime(api.runtime);
+ api.registerChannel({ plugin: twitchPlugin as any });
+ },
+};
+
+export default plugin;
diff --git a/extensions/twitch/package.json b/extensions/twitch/package.json
new file mode 100644
index 000000000..2c9dd2683
--- /dev/null
+++ b/extensions/twitch/package.json
@@ -0,0 +1,20 @@
+{
+ "name": "@clawdbot/twitch",
+ "version": "2026.1.23",
+ "description": "Clawdbot Twitch channel plugin",
+ "type": "module",
+ "dependencies": {
+ "@twurple/api": "^8.0.3",
+ "@twurple/auth": "^8.0.3",
+ "@twurple/chat": "^8.0.3",
+ "zod": "^4.3.5"
+ },
+ "devDependencies": {
+ "clawdbot": "workspace:*"
+ },
+ "clawdbot": {
+ "extensions": [
+ "./index.ts"
+ ]
+ }
+}
diff --git a/extensions/twitch/src/access-control.test.ts b/extensions/twitch/src/access-control.test.ts
new file mode 100644
index 000000000..1200f72db
--- /dev/null
+++ b/extensions/twitch/src/access-control.test.ts
@@ -0,0 +1,489 @@
+import { describe, expect, it } from "vitest";
+import { checkTwitchAccessControl, extractMentions } from "./access-control.js";
+import type { TwitchAccountConfig, TwitchChatMessage } from "./types.js";
+
+describe("checkTwitchAccessControl", () => {
+ const mockAccount: TwitchAccountConfig = {
+ username: "testbot",
+ token: "oauth:test",
+ };
+
+ const mockMessage: TwitchChatMessage = {
+ username: "testuser",
+ userId: "123456",
+ message: "hello bot",
+ channel: "testchannel",
+ };
+
+ describe("when no restrictions are configured", () => {
+ it("allows messages that mention the bot (default requireMention)", () => {
+ const message: TwitchChatMessage = {
+ ...mockMessage,
+ message: "@testbot hello",
+ };
+ const result = checkTwitchAccessControl({
+ message,
+ account: mockAccount,
+ botUsername: "testbot",
+ });
+ expect(result.allowed).toBe(true);
+ });
+ });
+
+ describe("requireMention default", () => {
+ it("defaults to true when undefined", () => {
+ const message: TwitchChatMessage = {
+ ...mockMessage,
+ message: "hello bot",
+ };
+
+ const result = checkTwitchAccessControl({
+ message,
+ account: mockAccount,
+ botUsername: "testbot",
+ });
+ expect(result.allowed).toBe(false);
+ expect(result.reason).toContain("does not mention the bot");
+ });
+
+ it("allows mention when requireMention is undefined", () => {
+ const message: TwitchChatMessage = {
+ ...mockMessage,
+ message: "@testbot hello",
+ };
+
+ const result = checkTwitchAccessControl({
+ message,
+ account: mockAccount,
+ botUsername: "testbot",
+ });
+ expect(result.allowed).toBe(true);
+ });
+ });
+
+ describe("requireMention", () => {
+ it("allows messages that mention the bot", () => {
+ const account: TwitchAccountConfig = {
+ ...mockAccount,
+ requireMention: true,
+ };
+ const message: TwitchChatMessage = {
+ ...mockMessage,
+ message: "@testbot hello",
+ };
+
+ const result = checkTwitchAccessControl({
+ message,
+ account,
+ botUsername: "testbot",
+ });
+ expect(result.allowed).toBe(true);
+ });
+
+ it("blocks messages that don't mention the bot", () => {
+ const account: TwitchAccountConfig = {
+ ...mockAccount,
+ requireMention: true,
+ };
+
+ const result = checkTwitchAccessControl({
+ message: mockMessage,
+ account,
+ botUsername: "testbot",
+ });
+ expect(result.allowed).toBe(false);
+ expect(result.reason).toContain("does not mention the bot");
+ });
+
+ it("is case-insensitive for bot username", () => {
+ const account: TwitchAccountConfig = {
+ ...mockAccount,
+ requireMention: true,
+ };
+ const message: TwitchChatMessage = {
+ ...mockMessage,
+ message: "@TestBot hello",
+ };
+
+ const result = checkTwitchAccessControl({
+ message,
+ account,
+ botUsername: "testbot",
+ });
+ expect(result.allowed).toBe(true);
+ });
+ });
+
+ describe("allowFrom allowlist", () => {
+ it("allows users in the allowlist", () => {
+ const account: TwitchAccountConfig = {
+ ...mockAccount,
+ allowFrom: ["123456", "789012"],
+ };
+ const message: TwitchChatMessage = {
+ ...mockMessage,
+ message: "@testbot hello",
+ };
+
+ const result = checkTwitchAccessControl({
+ message,
+ account,
+ botUsername: "testbot",
+ });
+ expect(result.allowed).toBe(true);
+ expect(result.matchKey).toBe("123456");
+ expect(result.matchSource).toBe("allowlist");
+ });
+
+ it("allows users not in allowlist via fallback (open access)", () => {
+ const account: TwitchAccountConfig = {
+ ...mockAccount,
+ allowFrom: ["789012"],
+ };
+ const message: TwitchChatMessage = {
+ ...mockMessage,
+ message: "@testbot hello",
+ };
+
+ const result = checkTwitchAccessControl({
+ message,
+ account,
+ botUsername: "testbot",
+ });
+ // Falls through to final fallback since allowedRoles is not set
+ expect(result.allowed).toBe(true);
+ });
+
+ it("blocks messages without userId", () => {
+ const account: TwitchAccountConfig = {
+ ...mockAccount,
+ allowFrom: ["123456"],
+ };
+ const message: TwitchChatMessage = {
+ ...mockMessage,
+ message: "@testbot hello",
+ userId: undefined,
+ };
+
+ const result = checkTwitchAccessControl({
+ message,
+ account,
+ botUsername: "testbot",
+ });
+ expect(result.allowed).toBe(false);
+ expect(result.reason).toContain("user ID not available");
+ });
+
+ it("bypasses role checks when user is in allowlist", () => {
+ const account: TwitchAccountConfig = {
+ ...mockAccount,
+ allowFrom: ["123456"],
+ allowedRoles: ["owner"],
+ };
+ const message: TwitchChatMessage = {
+ ...mockMessage,
+ message: "@testbot hello",
+ isOwner: false,
+ };
+
+ const result = checkTwitchAccessControl({
+ message,
+ account,
+ botUsername: "testbot",
+ });
+ expect(result.allowed).toBe(true);
+ });
+
+ it("allows user with role even if not in allowlist", () => {
+ const account: TwitchAccountConfig = {
+ ...mockAccount,
+ allowFrom: ["789012"],
+ allowedRoles: ["moderator"],
+ };
+ const message: TwitchChatMessage = {
+ ...mockMessage,
+ message: "@testbot hello",
+ userId: "123456",
+ isMod: true,
+ };
+
+ const result = checkTwitchAccessControl({
+ message,
+ account,
+ botUsername: "testbot",
+ });
+ expect(result.allowed).toBe(true);
+ expect(result.matchSource).toBe("role");
+ });
+
+ it("blocks user with neither allowlist nor role", () => {
+ const account: TwitchAccountConfig = {
+ ...mockAccount,
+ allowFrom: ["789012"],
+ allowedRoles: ["moderator"],
+ };
+ const message: TwitchChatMessage = {
+ ...mockMessage,
+ message: "@testbot hello",
+ userId: "123456",
+ isMod: false,
+ };
+
+ const result = checkTwitchAccessControl({
+ message,
+ account,
+ botUsername: "testbot",
+ });
+ expect(result.allowed).toBe(false);
+ expect(result.reason).toContain("does not have any of the required roles");
+ });
+ });
+
+ describe("allowedRoles", () => {
+ it("allows users with matching role", () => {
+ const account: TwitchAccountConfig = {
+ ...mockAccount,
+ allowedRoles: ["moderator"],
+ };
+ const message: TwitchChatMessage = {
+ ...mockMessage,
+ message: "@testbot hello",
+ isMod: true,
+ };
+
+ const result = checkTwitchAccessControl({
+ message,
+ account,
+ botUsername: "testbot",
+ });
+ expect(result.allowed).toBe(true);
+ expect(result.matchSource).toBe("role");
+ });
+
+ it("allows users with any of multiple roles", () => {
+ const account: TwitchAccountConfig = {
+ ...mockAccount,
+ allowedRoles: ["moderator", "vip", "subscriber"],
+ };
+ const message: TwitchChatMessage = {
+ ...mockMessage,
+ message: "@testbot hello",
+ isVip: true,
+ isMod: false,
+ isSub: false,
+ };
+
+ const result = checkTwitchAccessControl({
+ message,
+ account,
+ botUsername: "testbot",
+ });
+ expect(result.allowed).toBe(true);
+ });
+
+ it("blocks users without matching role", () => {
+ const account: TwitchAccountConfig = {
+ ...mockAccount,
+ allowedRoles: ["moderator"],
+ };
+ const message: TwitchChatMessage = {
+ ...mockMessage,
+ message: "@testbot hello",
+ isMod: false,
+ };
+
+ const result = checkTwitchAccessControl({
+ message,
+ account,
+ botUsername: "testbot",
+ });
+ expect(result.allowed).toBe(false);
+ expect(result.reason).toContain("does not have any of the required roles");
+ });
+
+ it("allows all users when role is 'all'", () => {
+ const account: TwitchAccountConfig = {
+ ...mockAccount,
+ allowedRoles: ["all"],
+ };
+ const message: TwitchChatMessage = {
+ ...mockMessage,
+ message: "@testbot hello",
+ };
+
+ const result = checkTwitchAccessControl({
+ message,
+ account,
+ botUsername: "testbot",
+ });
+ expect(result.allowed).toBe(true);
+ expect(result.matchKey).toBe("all");
+ });
+
+ it("handles moderator role", () => {
+ const account: TwitchAccountConfig = {
+ ...mockAccount,
+ allowedRoles: ["moderator"],
+ };
+ const message: TwitchChatMessage = {
+ ...mockMessage,
+ message: "@testbot hello",
+ isMod: true,
+ };
+
+ const result = checkTwitchAccessControl({
+ message,
+ account,
+ botUsername: "testbot",
+ });
+ expect(result.allowed).toBe(true);
+ });
+
+ it("handles subscriber role", () => {
+ const account: TwitchAccountConfig = {
+ ...mockAccount,
+ allowedRoles: ["subscriber"],
+ };
+ const message: TwitchChatMessage = {
+ ...mockMessage,
+ message: "@testbot hello",
+ isSub: true,
+ };
+
+ const result = checkTwitchAccessControl({
+ message,
+ account,
+ botUsername: "testbot",
+ });
+ expect(result.allowed).toBe(true);
+ });
+
+ it("handles owner role", () => {
+ const account: TwitchAccountConfig = {
+ ...mockAccount,
+ allowedRoles: ["owner"],
+ };
+ const message: TwitchChatMessage = {
+ ...mockMessage,
+ message: "@testbot hello",
+ isOwner: true,
+ };
+
+ const result = checkTwitchAccessControl({
+ message,
+ account,
+ botUsername: "testbot",
+ });
+ expect(result.allowed).toBe(true);
+ });
+
+ it("handles vip role", () => {
+ const account: TwitchAccountConfig = {
+ ...mockAccount,
+ allowedRoles: ["vip"],
+ };
+ const message: TwitchChatMessage = {
+ ...mockMessage,
+ message: "@testbot hello",
+ isVip: true,
+ };
+
+ const result = checkTwitchAccessControl({
+ message,
+ account,
+ botUsername: "testbot",
+ });
+ expect(result.allowed).toBe(true);
+ });
+ });
+
+ describe("combined restrictions", () => {
+ it("checks requireMention before allowlist", () => {
+ const account: TwitchAccountConfig = {
+ ...mockAccount,
+ requireMention: true,
+ allowFrom: ["123456"],
+ };
+ const message: TwitchChatMessage = {
+ ...mockMessage,
+ message: "hello", // No mention
+ };
+
+ const result = checkTwitchAccessControl({
+ message,
+ account,
+ botUsername: "testbot",
+ });
+ expect(result.allowed).toBe(false);
+ expect(result.reason).toContain("does not mention the bot");
+ });
+
+ it("checks allowlist before allowedRoles", () => {
+ const account: TwitchAccountConfig = {
+ ...mockAccount,
+ allowFrom: ["123456"],
+ allowedRoles: ["owner"],
+ };
+ const message: TwitchChatMessage = {
+ ...mockMessage,
+ message: "@testbot hello",
+ isOwner: false,
+ };
+
+ const result = checkTwitchAccessControl({
+ message,
+ account,
+ botUsername: "testbot",
+ });
+ expect(result.allowed).toBe(true);
+ expect(result.matchSource).toBe("allowlist");
+ });
+ });
+});
+
+describe("extractMentions", () => {
+ it("extracts single mention", () => {
+ const mentions = extractMentions("hello @testbot");
+ expect(mentions).toEqual(["testbot"]);
+ });
+
+ it("extracts multiple mentions", () => {
+ const mentions = extractMentions("hello @testbot and @otheruser");
+ expect(mentions).toEqual(["testbot", "otheruser"]);
+ });
+
+ it("returns empty array when no mentions", () => {
+ const mentions = extractMentions("hello everyone");
+ expect(mentions).toEqual([]);
+ });
+
+ it("handles mentions at start of message", () => {
+ const mentions = extractMentions("@testbot hello");
+ expect(mentions).toEqual(["testbot"]);
+ });
+
+ it("handles mentions at end of message", () => {
+ const mentions = extractMentions("hello @testbot");
+ expect(mentions).toEqual(["testbot"]);
+ });
+
+ it("converts mentions to lowercase", () => {
+ const mentions = extractMentions("hello @TestBot");
+ expect(mentions).toEqual(["testbot"]);
+ });
+
+ it("extracts alphanumeric usernames", () => {
+ const mentions = extractMentions("hello @user123");
+ expect(mentions).toEqual(["user123"]);
+ });
+
+ it("handles underscores in usernames", () => {
+ const mentions = extractMentions("hello @test_user");
+ expect(mentions).toEqual(["test_user"]);
+ });
+
+ it("handles empty string", () => {
+ const mentions = extractMentions("");
+ expect(mentions).toEqual([]);
+ });
+});
diff --git a/extensions/twitch/src/access-control.ts b/extensions/twitch/src/access-control.ts
new file mode 100644
index 000000000..0ce86d78b
--- /dev/null
+++ b/extensions/twitch/src/access-control.ts
@@ -0,0 +1,154 @@
+import type { TwitchAccountConfig, TwitchChatMessage } from "./types.js";
+
+/**
+ * Result of checking access control for a Twitch message
+ */
+export type TwitchAccessControlResult = {
+ allowed: boolean;
+ reason?: string;
+ matchKey?: string;
+ matchSource?: string;
+};
+
+/**
+ * Check if a Twitch message should be allowed based on account configuration
+ *
+ * This function implements the access control logic for incoming Twitch messages,
+ * checking allowlists, role-based restrictions, and mention requirements.
+ *
+ * Priority order:
+ * 1. If `requireMention` is true, message must mention the bot
+ * 2. If `allowFrom` is set, sender must be in the allowlist (by user ID)
+ * 3. If `allowedRoles` is set, sender must have at least one of the specified roles
+ *
+ * Note: You can combine `allowFrom` with `allowedRoles`. If a user is in `allowFrom`,
+ * they bypass role checks. This is useful for allowing specific users regardless of role.
+ *
+ * Available roles:
+ * - "moderator": Moderators
+ * - "owner": Channel owner/broadcaster
+ * - "vip": VIPs
+ * - "subscriber": Subscribers
+ * - "all": Anyone in the chat
+ */
+export function checkTwitchAccessControl(params: {
+ message: TwitchChatMessage;
+ account: TwitchAccountConfig;
+ botUsername: string;
+}): TwitchAccessControlResult {
+ const { message, account, botUsername } = params;
+
+ if (account.requireMention ?? true) {
+ const mentions = extractMentions(message.message);
+ if (!mentions.includes(botUsername.toLowerCase())) {
+ return {
+ allowed: false,
+ reason: "message does not mention the bot (requireMention is enabled)",
+ };
+ }
+ }
+
+ if (account.allowFrom && account.allowFrom.length > 0) {
+ const allowFrom = account.allowFrom;
+ const senderId = message.userId;
+
+ if (!senderId) {
+ return {
+ allowed: false,
+ reason: "sender user ID not available for allowlist check",
+ };
+ }
+
+ if (allowFrom.includes(senderId)) {
+ return {
+ allowed: true,
+ matchKey: senderId,
+ matchSource: "allowlist",
+ };
+ }
+ }
+
+ if (account.allowedRoles && account.allowedRoles.length > 0) {
+ const allowedRoles = account.allowedRoles;
+
+ // "all" grants access to everyone
+ if (allowedRoles.includes("all")) {
+ return {
+ allowed: true,
+ matchKey: "all",
+ matchSource: "role",
+ };
+ }
+
+ const hasAllowedRole = checkSenderRoles({
+ message,
+ allowedRoles,
+ });
+
+ if (!hasAllowedRole) {
+ return {
+ allowed: false,
+ reason: `sender does not have any of the required roles: ${allowedRoles.join(", ")}`,
+ };
+ }
+
+ return {
+ allowed: true,
+ matchKey: allowedRoles.join(","),
+ matchSource: "role",
+ };
+ }
+
+ return {
+ allowed: true,
+ };
+}
+
+/**
+ * Check if the sender has any of the allowed roles
+ */
+function checkSenderRoles(params: { message: TwitchChatMessage; allowedRoles: string[] }): boolean {
+ const { message, allowedRoles } = params;
+ const { isMod, isOwner, isVip, isSub } = message;
+
+ for (const role of allowedRoles) {
+ switch (role) {
+ case "moderator":
+ if (isMod) return true;
+ break;
+ case "owner":
+ if (isOwner) return true;
+ break;
+ case "vip":
+ if (isVip) return true;
+ break;
+ case "subscriber":
+ if (isSub) return true;
+ break;
+ }
+ }
+
+ return false;
+}
+
+/**
+ * Extract @mentions from a Twitch chat message
+ *
+ * Returns a list of lowercase usernames that were mentioned in the message.
+ * Twitch mentions are in the format @username.
+ */
+export function extractMentions(message: string): string[] {
+ const mentionRegex = /@(\w+)/g;
+ const mentions: string[] = [];
+ let match: RegExpExecArray | null;
+
+ // biome-ignore lint/suspicious/noAssignInExpressions: Standard regex iteration pattern
+ while ((match = mentionRegex.exec(message)) !== null) {
+ const username = match[1];
+ if (username) {
+ mentions.push(username.toLowerCase());
+ }
+ }
+
+ return mentions;
+}
diff --git a/extensions/twitch/src/actions.ts b/extensions/twitch/src/actions.ts
new file mode 100644
index 000000000..9e7ade194
--- /dev/null
+++ b/extensions/twitch/src/actions.ts
@@ -0,0 +1,173 @@
+/**
+ * Twitch message actions adapter.
+ *
+ * Handles tool-based actions for Twitch, such as sending messages.
+ */
+
+import { DEFAULT_ACCOUNT_ID, getAccountConfig } from "./config.js";
+import { twitchOutbound } from "./outbound.js";
+import type { ChannelMessageActionAdapter, ChannelMessageActionContext } from "./types.js";
+
+/**
+ * Create a tool result with error content.
+ */
+function errorResponse(error: string) {
+ return {
+ content: [
+ {
+ type: "text",
+ text: JSON.stringify({ ok: false, error }),
+ },
+ ],
+ details: { ok: false },
+ };
+}
+
+/**
+ * Read a string parameter from action arguments.
+ *
+ * @param args - Action arguments
+ * @param key - Parameter key
+ * @param options - Options for reading the parameter
+ * @returns The parameter value or undefined if not found
+ */
+function readStringParam(
+ args: Record,
+ key: string,
+ options: { required?: boolean; trim?: boolean } = {},
+): string | undefined {
+ const value = args[key];
+ if (value === undefined || value === null) {
+ if (options.required) {
+ throw new Error(`Missing required parameter: ${key}`);
+ }
+ return undefined;
+ }
+
+ // Convert value to string safely
+ if (typeof value === "string") {
+ return options.trim !== false ? value.trim() : value;
+ }
+
+ if (typeof value === "number" || typeof value === "boolean") {
+ const str = String(value);
+ return options.trim !== false ? str.trim() : str;
+ }
+
+ throw new Error(`Parameter ${key} must be a string, number, or boolean`);
+}
+
+/** Supported Twitch actions */
+const TWITCH_ACTIONS = new Set(["send" as const]);
+type TwitchAction = typeof TWITCH_ACTIONS extends Set ? U : never;
+
+/**
+ * Twitch message actions adapter.
+ */
+export const twitchMessageActions: ChannelMessageActionAdapter = {
+ /**
+ * List available actions for this channel.
+ */
+ listActions: () => [...TWITCH_ACTIONS],
+
+ /**
+ * Check if an action is supported.
+ */
+ supportsAction: ({ action }) => TWITCH_ACTIONS.has(action as TwitchAction),
+
+ /**
+ * Extract tool send parameters from action arguments.
+ *
+ * Parses and validates the "to" and "message" parameters for sending.
+ *
+ * @param params - Arguments from the tool call
+ * @returns Parsed send parameters or null if invalid
+ *
+ * @example
+ * const result = twitchMessageActions.extractToolSend!({
+ * args: { to: "#mychannel", message: "Hello!" }
+ * });
+ * // Returns: { to: "#mychannel", message: "Hello!" }
+ */
+ extractToolSend: ({ args }) => {
+ try {
+ const to = readStringParam(args, "to", { required: true });
+ const message = readStringParam(args, "message", { required: true });
+
+ if (!to || !message) {
+ return null;
+ }
+
+ return { to, message };
+ } catch {
+ return null;
+ }
+ },
+
+ /**
+ * Handle an action execution.
+ *
+ * Processes the "send" action to send messages to Twitch.
+ *
+ * @param ctx - Action context including action type, parameters, and config
+ * @returns Tool result with content or null if action not supported
+ *
+ * @example
+ * const result = await twitchMessageActions.handleAction!({
+ * action: "send",
+ * params: { message: "Hello Twitch!", to: "#mychannel" },
+ * cfg: clawdbotConfig,
+ * accountId: "default",
+ * });
+ */
+ handleAction: async (
+ ctx: ChannelMessageActionContext,
+ ): Promise<{ content: Array<{ type: string; text: string }> } | null> => {
+ if (ctx.action !== "send") {
+ return null;
+ }
+
+ const message = readStringParam(ctx.params, "message", { required: true });
+ const to = readStringParam(ctx.params, "to", { required: false });
+ const accountId = ctx.accountId ?? DEFAULT_ACCOUNT_ID;
+
+ const account = getAccountConfig(ctx.cfg, accountId);
+ if (!account) {
+ return errorResponse(
+ `Account not found: ${accountId}. Available accounts: ${Object.keys(ctx.cfg.channels?.twitch?.accounts ?? {}).join(", ") || "none"}`,
+ );
+ }
+
+ // Use the channel from account config (or override with `to` parameter)
+ const targetChannel = to || account.channel;
+ if (!targetChannel) {
+ return errorResponse("No channel specified and no default channel in account config");
+ }
+
+ if (!twitchOutbound.sendText) {
+ return errorResponse("sendText not implemented");
+ }
+
+ try {
+ const result = await twitchOutbound.sendText({
+ cfg: ctx.cfg,
+ to: targetChannel,
+ text: message ?? "",
+ accountId,
+ });
+
+ return {
+ content: [
+ {
+ type: "text",
+ text: JSON.stringify(result),
+ },
+ ],
+ details: { ok: true },
+ };
+ } catch (error) {
+ const errorMsg = error instanceof Error ? error.message : String(error);
+ return errorResponse(errorMsg);
+ }
+ },
+};
diff --git a/extensions/twitch/src/client-manager-registry.ts b/extensions/twitch/src/client-manager-registry.ts
new file mode 100644
index 000000000..1b7ae23f2
--- /dev/null
+++ b/extensions/twitch/src/client-manager-registry.ts
@@ -0,0 +1,115 @@
+/**
+ * Client manager registry for Twitch plugin.
+ *
+ * Manages the lifecycle of TwitchClientManager instances across the plugin,
+ * ensuring proper cleanup when accounts are stopped or reconfigured.
+ */
+
+import { TwitchClientManager } from "./twitch-client.js";
+import type { ChannelLogSink } from "./types.js";
+
+/**
+ * Registry entry tracking a client manager and its associated account.
+ */
+type RegistryEntry = {
+ /** The client manager instance */
+ manager: TwitchClientManager;
+ /** The account ID this manager is for */
+ accountId: string;
+ /** Logger for this entry */
+ logger: ChannelLogSink;
+ /** When this entry was created */
+ createdAt: number;
+};
+
+/**
+ * Global registry of client managers.
+ * Keyed by account ID.
+ */
+const registry = new Map();
+
+/**
+ * Get or create a client manager for an account.
+ *
+ * @param accountId - The account ID
+ * @param logger - Logger instance
+ * @returns The client manager
+ */
+export function getOrCreateClientManager(
+ accountId: string,
+ logger: ChannelLogSink,
+): TwitchClientManager {
+ const existing = registry.get(accountId);
+ if (existing) {
+ return existing.manager;
+ }
+
+ const manager = new TwitchClientManager(logger);
+ registry.set(accountId, {
+ manager,
+ accountId,
+ logger,
+ createdAt: Date.now(),
+ });
+
+ logger.info(`Registered client manager for account: ${accountId}`);
+ return manager;
+}
+
+/**
+ * Get an existing client manager for an account.
+ *
+ * @param accountId - The account ID
+ * @returns The client manager, or undefined if not registered
+ */
+export function getClientManager(accountId: string): TwitchClientManager | undefined {
+ return registry.get(accountId)?.manager;
+}
+
+/**
+ * Disconnect and remove a client manager from the registry.
+ *
+ * @param accountId - The account ID
+ * @returns Promise that resolves when cleanup is complete
+ */
+export async function removeClientManager(accountId: string): Promise {
+ const entry = registry.get(accountId);
+ if (!entry) {
+ return;
+ }
+
+ // Disconnect the client manager
+ await entry.manager.disconnectAll();
+
+ // Remove from registry
+ registry.delete(accountId);
+ entry.logger.info(`Unregistered client manager for account: ${accountId}`);
+}
+
+/**
+ * Disconnect and remove all client managers from the registry.
+ *
+ * @returns Promise that resolves when all cleanup is complete
+ */
+export async function removeAllClientManagers(): Promise {
+ const promises = [...registry.keys()].map((accountId) => removeClientManager(accountId));
+ await Promise.all(promises);
+}
+
+/**
+ * Get the number of registered client managers.
+ *
+ * @returns The count of registered managers
+ */
+export function getRegisteredClientManagerCount(): number {
+ return registry.size;
+}
+
+/**
+ * Clear all client managers without disconnecting.
+ *
+ * This is primarily for testing purposes.
+ */
+export function _clearAllClientManagersForTest(): void {
+ registry.clear();
+}
diff --git a/extensions/twitch/src/config-schema.ts b/extensions/twitch/src/config-schema.ts
new file mode 100644
index 000000000..f4d8500c7
--- /dev/null
+++ b/extensions/twitch/src/config-schema.ts
@@ -0,0 +1,82 @@
+import { MarkdownConfigSchema } from "clawdbot/plugin-sdk";
+import { z } from "zod";
+
+/**
+ * Twitch user roles that can be allowed to interact with the bot
+ */
+const TwitchRoleSchema = z.enum(["moderator", "owner", "vip", "subscriber", "all"]);
+
+/**
+ * Twitch account configuration schema
+ */
+const TwitchAccountSchema = z.object({
+ /** Twitch username */
+ username: z.string(),
+ /** Twitch OAuth access token (requires chat:read and chat:write scopes) */
+ accessToken: z.string(),
+ /** Twitch client ID (from Twitch Developer Portal or twitchtokengenerator.com) */
+ clientId: z.string().optional(),
+ /** Channel name to join */
+ channel: z.string().min(1),
+ /** Enable this account */
+ enabled: z.boolean().optional(),
+ /** Allowlist of Twitch user IDs who can interact with the bot (use IDs for safety, not usernames) */
+ allowFrom: z.array(z.string()).optional(),
+ /** Roles allowed to interact with the bot (e.g., ["moderator", "vip", "subscriber"]) */
+ allowedRoles: z.array(TwitchRoleSchema).optional(),
+ /** Require @mention to trigger bot responses */
+ requireMention: z.boolean().optional(),
+ /** Twitch client secret (required for token refresh via RefreshingAuthProvider) */
+ clientSecret: z.string().optional(),
+ /** Refresh token (required for automatic token refresh) */
+ refreshToken: z.string().optional(),
+ /** Token expiry time in seconds (optional, for token refresh tracking) */
+ expiresIn: z.number().nullable().optional(),
+ /** Timestamp when token was obtained (optional, for token refresh tracking) */
+ obtainmentTimestamp: z.number().optional(),
+});
+
+/**
+ * Base configuration properties shared by both single and multi-account modes
+ */
+const TwitchConfigBaseSchema = z.object({
+ name: z.string().optional(),
+ enabled: z.boolean().optional(),
+ markdown: MarkdownConfigSchema.optional(),
+});
+
+/**
+ * Simplified single-account configuration schema
+ *
+ * Use this for single-account setups. Properties are at the top level,
+ * creating an implicit "default" account.
+ */
+const SimplifiedSchema = z.intersection(TwitchConfigBaseSchema, TwitchAccountSchema);
+
+/**
+ * Multi-account configuration schema
+ *
+ * Use this for multi-account setups. Each key is an account ID (e.g., "default", "secondary").
+ */
+const MultiAccountSchema = z.intersection(
+ TwitchConfigBaseSchema,
+ z
+ .object({
+ /** Per-account configuration (for multi-account setups) */
+ accounts: z.record(z.string(), TwitchAccountSchema),
+ })
+ .refine((val) => Object.keys(val.accounts || {}).length > 0, {
+ message: "accounts must contain at least one entry",
+ }),
+);
+
+/**
+ * Twitch plugin configuration schema
+ *
+ * Supports two mutually exclusive patterns:
+ * 1. Simplified single-account: username, accessToken, clientId, channel at top level
+ * 2. Multi-account: accounts object with named account configs
+ *
+ * The union ensures clear discrimination between the two modes.
+ */
+export const TwitchConfigSchema = z.union([SimplifiedSchema, MultiAccountSchema]);
diff --git a/extensions/twitch/src/config.test.ts b/extensions/twitch/src/config.test.ts
new file mode 100644
index 000000000..cdef1c4c8
--- /dev/null
+++ b/extensions/twitch/src/config.test.ts
@@ -0,0 +1,88 @@
+import { describe, expect, it } from "vitest";
+
+import { getAccountConfig } from "./config.js";
+
+describe("getAccountConfig", () => {
+ const mockMultiAccountConfig = {
+ channels: {
+ twitch: {
+ accounts: {
+ default: {
+ username: "testbot",
+ accessToken: "oauth:test123",
+ },
+ secondary: {
+ username: "secondbot",
+ accessToken: "oauth:secondary",
+ },
+ },
+ },
+ },
+ };
+
+ const mockSimplifiedConfig = {
+ channels: {
+ twitch: {
+ username: "testbot",
+ accessToken: "oauth:test123",
+ },
+ },
+ };
+
+ it("returns account config for valid account ID (multi-account)", () => {
+ const result = getAccountConfig(mockMultiAccountConfig, "default");
+
+ expect(result).not.toBeNull();
+ expect(result?.username).toBe("testbot");
+ });
+
+ it("returns account config for default account (simplified config)", () => {
+ const result = getAccountConfig(mockSimplifiedConfig, "default");
+
+ expect(result).not.toBeNull();
+ expect(result?.username).toBe("testbot");
+ });
+
+ it("returns non-default account from multi-account config", () => {
+ const result = getAccountConfig(mockMultiAccountConfig, "secondary");
+
+ expect(result).not.toBeNull();
+ expect(result?.username).toBe("secondbot");
+ });
+
+ it("returns null for non-existent account ID", () => {
+ const result = getAccountConfig(mockMultiAccountConfig, "nonexistent");
+
+ expect(result).toBeNull();
+ });
+
+ it("returns null when core config is null", () => {
+ const result = getAccountConfig(null, "default");
+
+ expect(result).toBeNull();
+ });
+
+ it("returns null when core config is undefined", () => {
+ const result = getAccountConfig(undefined, "default");
+
+ expect(result).toBeNull();
+ });
+
+ it("returns null when channels are not defined", () => {
+ const result = getAccountConfig({}, "default");
+
+ expect(result).toBeNull();
+ });
+
+ it("returns null when twitch is not defined", () => {
+ const result = getAccountConfig({ channels: {} }, "default");
+
+ expect(result).toBeNull();
+ });
+
+ it("returns null when accounts are not defined", () => {
+ const result = getAccountConfig({ channels: { twitch: {} } }, "default");
+
+ expect(result).toBeNull();
+ });
+});
diff --git a/extensions/twitch/src/config.ts b/extensions/twitch/src/config.ts
new file mode 100644
index 000000000..b4c5d54ca
--- /dev/null
+++ b/extensions/twitch/src/config.ts
@@ -0,0 +1,116 @@
+import type { ClawdbotConfig } from "clawdbot/plugin-sdk";
+import type { TwitchAccountConfig } from "./types.js";
+
+/**
+ * Default account ID for Twitch
+ */
+export const DEFAULT_ACCOUNT_ID = "default";
+
+/**
+ * Get account config from core config
+ *
+ * Handles two patterns:
+ * 1. Simplified single-account: base-level properties create implicit "default" account
+ * 2. Multi-account: explicit accounts object
+ *
+ * For "default" account, base-level properties take precedence over accounts.default
+ * For other accounts, only the accounts object is checked
+ */
+export function getAccountConfig(
+ coreConfig: unknown,
+ accountId: string,
+): TwitchAccountConfig | null {
+ if (!coreConfig || typeof coreConfig !== "object") {
+ return null;
+ }
+
+ const cfg = coreConfig as ClawdbotConfig;
+ const twitch = cfg.channels?.twitch;
+ // Access accounts via unknown to handle union type (single-account vs multi-account)
+ const twitchRaw = twitch as Record | undefined;
+ const accounts = twitchRaw?.accounts as Record | undefined;
+
+ // For default account, check base-level config first
+ if (accountId === DEFAULT_ACCOUNT_ID) {
+ const accountFromAccounts = accounts?.[DEFAULT_ACCOUNT_ID];
+
+ // Base-level properties that can form an implicit default account
+ const baseLevel = {
+ username: typeof twitchRaw?.username === "string" ? twitchRaw.username : undefined,
+ accessToken: typeof twitchRaw?.accessToken === "string" ? twitchRaw.accessToken : undefined,
+ clientId: typeof twitchRaw?.clientId === "string" ? twitchRaw.clientId : undefined,
+ channel: typeof twitchRaw?.channel === "string" ? twitchRaw.channel : undefined,
+ enabled: typeof twitchRaw?.enabled === "boolean" ? twitchRaw.enabled : undefined,
+ allowFrom: Array.isArray(twitchRaw?.allowFrom) ? twitchRaw.allowFrom : undefined,
+ allowedRoles: Array.isArray(twitchRaw?.allowedRoles) ? twitchRaw.allowedRoles : undefined,
+ requireMention:
+ typeof twitchRaw?.requireMention === "boolean" ? twitchRaw.requireMention : undefined,
+ clientSecret:
+ typeof twitchRaw?.clientSecret === "string" ? twitchRaw.clientSecret : undefined,
+ refreshToken:
+ typeof twitchRaw?.refreshToken === "string" ? twitchRaw.refreshToken : undefined,
+ expiresIn: typeof twitchRaw?.expiresIn === "number" ? twitchRaw.expiresIn : undefined,
+ obtainmentTimestamp:
+ typeof twitchRaw?.obtainmentTimestamp === "number"
+ ? twitchRaw.obtainmentTimestamp
+ : undefined,
+ };
+
+ // Merge: base-level takes precedence over accounts.default
+ const merged: Partial = {
+ ...accountFromAccounts,
+ ...baseLevel,
+ } as Partial;
+
+ // Only return if we have at least username
+ if (merged.username) {
+ return merged as TwitchAccountConfig;
+ }
+
+ // Fall through to accounts.default if no base-level username
+ if (accountFromAccounts) {
+ return accountFromAccounts;
+ }
+
+ return null;
+ }
+
+ // For non-default accounts, only check accounts object
+ if (!accounts || !accounts[accountId]) {
+ return null;
+ }
+
+ return accounts[accountId] as TwitchAccountConfig | null;
+}
+
+/**
+ * List all configured account IDs
+ *
+ * Includes both explicit accounts and implicit "default" from base-level config
+ */
+export function listAccountIds(cfg: ClawdbotConfig): string[] {
+ const twitch = cfg.channels?.twitch;
+ // Access accounts via unknown to handle union type (single-account vs multi-account)
+ const twitchRaw = twitch as Record | undefined;
+ const accountMap = twitchRaw?.accounts as Record | undefined;
+
+ const ids: string[] = [];
+
+ // Add explicit accounts
+ if (accountMap) {
+ ids.push(...Object.keys(accountMap));
+ }
+
+ // Add implicit "default" if base-level config exists and "default" not already present
+ const hasBaseLevelConfig =
+ twitchRaw &&
+ (typeof twitchRaw.username === "string" ||
+ typeof twitchRaw.accessToken === "string" ||
+ typeof twitchRaw.channel === "string");
+
+ if (hasBaseLevelConfig && !ids.includes(DEFAULT_ACCOUNT_ID)) {
+ ids.push(DEFAULT_ACCOUNT_ID);
+ }
+
+ return ids;
+}
diff --git a/extensions/twitch/src/monitor.ts b/extensions/twitch/src/monitor.ts
new file mode 100644
index 000000000..f5f00b3fb
--- /dev/null
+++ b/extensions/twitch/src/monitor.ts
@@ -0,0 +1,257 @@
+/**
+ * Twitch message monitor - processes incoming messages and routes to agents.
+ *
+ * This monitor connects to the Twitch client manager, processes incoming messages,
+ * resolves agent routes, and handles replies.
+ */
+
+import type { ReplyPayload, ClawdbotConfig } from "clawdbot/plugin-sdk";
+import type { TwitchAccountConfig, TwitchChatMessage } from "./types.js";
+import { checkTwitchAccessControl } from "./access-control.js";
+import { getTwitchRuntime } from "./runtime.js";
+import { getOrCreateClientManager } from "./client-manager-registry.js";
+import { stripMarkdownForTwitch } from "./utils/markdown.js";
+
+export type TwitchRuntimeEnv = {
+ log?: (message: string) => void;
+ error?: (message: string) => void;
+};
+
+export type TwitchMonitorOptions = {
+ account: TwitchAccountConfig;
+ accountId: string;
+ config: unknown; // ClawdbotConfig
+ runtime: TwitchRuntimeEnv;
+ abortSignal: AbortSignal;
+ statusSink?: (patch: { lastInboundAt?: number; lastOutboundAt?: number }) => void;
+};
+
+export type TwitchMonitorResult = {
+ stop: () => void;
+};
+
+type TwitchCoreRuntime = ReturnType;
+
+/**
+ * Process an incoming Twitch message and dispatch to agent.
+ */
+async function processTwitchMessage(params: {
+ message: TwitchChatMessage;
+ account: TwitchAccountConfig;
+ accountId: string;
+ config: unknown;
+ runtime: TwitchRuntimeEnv;
+ core: TwitchCoreRuntime;
+ statusSink?: (patch: { lastInboundAt?: number; lastOutboundAt?: number }) => void;
+}): Promise {
+ const { message, account, accountId, config, runtime, core, statusSink } = params;
+ const cfg = config as ClawdbotConfig;
+
+ const route = core.channel.routing.resolveAgentRoute({
+ cfg,
+ channel: "twitch",
+ accountId,
+ peer: {
+ kind: "group", // Twitch chat is always group-like
+ id: message.channel,
+ },
+ });
+
+ const rawBody = message.message;
+ const body = core.channel.reply.formatAgentEnvelope({
+ channel: "Twitch",
+ from: message.displayName ?? message.username,
+ timestamp: message.timestamp?.getTime(),
+ envelope: core.channel.reply.resolveEnvelopeFormatOptions(cfg),
+ body: rawBody,
+ });
+
+ const ctxPayload = core.channel.reply.finalizeInboundContext({
+ Body: body,
+ RawBody: rawBody,
+ CommandBody: rawBody,
+ From: `twitch:user:${message.userId}`,
+ To: `twitch:channel:${message.channel}`,
+ SessionKey: route.sessionKey,
+ AccountId: route.accountId,
+ ChatType: "group",
+ ConversationLabel: message.channel,
+ SenderName: message.displayName ?? message.username,
+ SenderId: message.userId,
+ SenderUsername: message.username,
+ Provider: "twitch",
+ Surface: "twitch",
+ MessageSid: message.id,
+ OriginatingChannel: "twitch",
+ OriginatingTo: `twitch:channel:${message.channel}`,
+ });
+
+ const storePath = core.channel.session.resolveStorePath(cfg.session?.store, {
+ agentId: route.agentId,
+ });
+ await core.channel.session.recordInboundSession({
+ storePath,
+ sessionKey: ctxPayload.SessionKey ?? route.sessionKey,
+ ctx: ctxPayload,
+ onRecordError: (err) => {
+ runtime.error?.(`Failed updating session meta: ${String(err)}`);
+ },
+ });
+
+ const tableMode = core.channel.text.resolveMarkdownTableMode({
+ cfg,
+ channel: "twitch",
+ accountId,
+ });
+
+ await core.channel.reply.dispatchReplyWithBufferedBlockDispatcher({
+ ctx: ctxPayload,
+ cfg,
+ dispatcherOptions: {
+ deliver: async (payload) => {
+ await deliverTwitchReply({
+ payload,
+ channel: message.channel,
+ account,
+ accountId,
+ config,
+ tableMode,
+ runtime,
+ statusSink,
+ });
+ },
+ },
+ });
+}
+
+/**
+ * Deliver a reply to Twitch chat.
+ */
+async function deliverTwitchReply(params: {
+ payload: ReplyPayload;
+ channel: string;
+ account: TwitchAccountConfig;
+ accountId: string;
+ config: unknown;
+ tableMode: "off" | "plain" | "markdown" | "bullets" | "code";
+ runtime: TwitchRuntimeEnv;
+ statusSink?: (patch: { lastInboundAt?: number; lastOutboundAt?: number }) => void;
+}): Promise {
+ const { payload, channel, account, accountId, config, tableMode, runtime, statusSink } = params;
+
+ try {
+ const clientManager = getOrCreateClientManager(accountId, {
+ info: (msg) => runtime.log?.(msg),
+ warn: (msg) => runtime.log?.(msg),
+ error: (msg) => runtime.error?.(msg),
+ debug: (msg) => runtime.log?.(msg),
+ });
+
+ const client = await clientManager.getClient(
+ account,
+ config as Parameters[1],
+ accountId,
+ );
+ if (!client) {
+ runtime.error?.(`No client available for sending reply`);
+ return;
+ }
+
+ // Send the reply
+ if (!payload.text) {
+ runtime.error?.(`No text to send in reply payload`);
+ return;
+ }
+
+ const textToSend = stripMarkdownForTwitch(payload.text);
+
+ await client.say(channel, textToSend);
+ statusSink?.({ lastOutboundAt: Date.now() });
+ } catch (err) {
+ runtime.error?.(`Failed to send reply: ${String(err)}`);
+ }
+}
+
+/**
+ * Main monitor provider for Twitch.
+ *
+ * Sets up message handlers and processes incoming messages.
+ */
+export async function monitorTwitchProvider(
+ options: TwitchMonitorOptions,
+): Promise {
+ const { account, accountId, config, runtime, abortSignal, statusSink } = options;
+
+ const core = getTwitchRuntime();
+ let stopped = false;
+
+ const coreLogger = core.logging.getChildLogger({ module: "twitch" });
+ const logVerboseMessage = (message: string) => {
+ if (!core.logging.shouldLogVerbose()) return;
+ coreLogger.debug?.(message);
+ };
+ const logger = {
+ info: (msg: string) => coreLogger.info(msg),
+ warn: (msg: string) => coreLogger.warn(msg),
+ error: (msg: string) => coreLogger.error(msg),
+ debug: logVerboseMessage,
+ };
+
+ const clientManager = getOrCreateClientManager(accountId, logger);
+
+ try {
+ await clientManager.getClient(
+ account,
+ config as Parameters[1],
+ accountId,
+ );
+ } catch (error) {
+ const errorMsg = error instanceof Error ? error.message : String(error);
+ runtime.error?.(`Failed to connect: ${errorMsg}`);
+ throw error;
+ }
+
+ const unregisterHandler = clientManager.onMessage(account, (message) => {
+ if (stopped) return;
+
+ // Access control check
+ const botUsername = account.username.toLowerCase();
+ if (message.username.toLowerCase() === botUsername) {
+ return; // Ignore own messages
+ }
+
+ const access = checkTwitchAccessControl({
+ message,
+ account,
+ botUsername,
+ });
+
+ if (!access.allowed) {
+ return;
+ }
+
+ statusSink?.({ lastInboundAt: Date.now() });
+
+ // Fire-and-forget: process message without blocking
+ void processTwitchMessage({
+ message,
+ account,
+ accountId,
+ config,
+ runtime,
+ core,
+ statusSink,
+ }).catch((err) => {
+ runtime.error?.(`Message processing failed: ${String(err)}`);
+ });
+ });
+
+ const stop = () => {
+ stopped = true;
+ unregisterHandler();
+ };
+
+ abortSignal.addEventListener("abort", stop, { once: true });
+
+ return { stop };
+}
diff --git a/extensions/twitch/src/onboarding.test.ts b/extensions/twitch/src/onboarding.test.ts
new file mode 100644
index 000000000..492845bc1
--- /dev/null
+++ b/extensions/twitch/src/onboarding.test.ts
@@ -0,0 +1,311 @@
+/**
+ * Tests for onboarding.ts helpers
+ *
+ * Tests cover:
+ * - promptToken helper
+ * - promptUsername helper
+ * - promptClientId helper
+ * - promptChannelName helper
+ * - promptRefreshTokenSetup helper
+ * - configureWithEnvToken helper
+ * - setTwitchAccount config updates
+ */
+
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import type { WizardPrompter } from "clawdbot/plugin-sdk";
+import type { TwitchAccountConfig } from "./types.js";
+
+// Mock the helpers we're testing
+const mockPromptText = vi.fn();
+const mockPromptConfirm = vi.fn();
+const mockPrompter: WizardPrompter = {
+ text: mockPromptText,
+ confirm: mockPromptConfirm,
+} as unknown as WizardPrompter;
+
+const mockAccount: TwitchAccountConfig = {
+ username: "testbot",
+ accessToken: "oauth:test123",
+ clientId: "test-client-id",
+ channel: "#testchannel",
+};
+
+describe("onboarding helpers", () => {
+ beforeEach(() => {
+ vi.clearAllMocks();
+ });
+
+ afterEach(() => {
+ // Don't restoreAllMocks as it breaks module-level mocks
+ });
+
+ describe("promptToken", () => {
+ it("should return existing token when user confirms to keep it", async () => {
+ const { promptToken } = await import("./onboarding.js");
+
+ mockPromptConfirm.mockResolvedValue(true);
+
+ const result = await promptToken(mockPrompter, mockAccount, undefined);
+
+ expect(result).toBe("oauth:test123");
+ expect(mockPromptConfirm).toHaveBeenCalledWith({
+ message: "Access token already configured. Keep it?",
+ initialValue: true,
+ });
+ expect(mockPromptText).not.toHaveBeenCalled();
+ });
+
+ it("should prompt for new token when user doesn't keep existing", async () => {
+ const { promptToken } = await import("./onboarding.js");
+
+ mockPromptConfirm.mockResolvedValue(false);
+ mockPromptText.mockResolvedValue("oauth:newtoken123");
+
+ const result = await promptToken(mockPrompter, mockAccount, undefined);
+
+ expect(result).toBe("oauth:newtoken123");
+ expect(mockPromptText).toHaveBeenCalledWith({
+ message: "Twitch OAuth token (oauth:...)",
+ initialValue: "",
+ validate: expect.any(Function),
+ });
+ });
+
+ it("should use env token as initial value when provided", async () => {
+ const { promptToken } = await import("./onboarding.js");
+
+ mockPromptConfirm.mockResolvedValue(false);
+ mockPromptText.mockResolvedValue("oauth:fromenv");
+
+ await promptToken(mockPrompter, null, "oauth:fromenv");
+
+ expect(mockPromptText).toHaveBeenCalledWith(
+ expect.objectContaining({
+ initialValue: "oauth:fromenv",
+ }),
+ );
+ });
+
+ it("should validate token format", async () => {
+ const { promptToken } = await import("./onboarding.js");
+
+ // Set up mocks - user doesn't want to keep existing token
+ mockPromptConfirm.mockResolvedValueOnce(false);
+
+ // Track how many times promptText is called
+ let promptTextCallCount = 0;
+ let capturedValidate: ((value: string) => string | undefined) | undefined;
+
+ mockPromptText.mockImplementationOnce((_args) => {
+ promptTextCallCount++;
+ // Capture the validate function from the first argument
+ if (_args?.validate) {
+ capturedValidate = _args.validate;
+ }
+ return Promise.resolve("oauth:test123");
+ });
+
+ // Call promptToken
+ const result = await promptToken(mockPrompter, mockAccount, undefined);
+
+ // Verify promptText was called
+ expect(promptTextCallCount).toBe(1);
+ expect(result).toBe("oauth:test123");
+
+ // Test the validate function
+ expect(capturedValidate).toBeDefined();
+ expect(capturedValidate!("")).toBe("Required");
+ expect(capturedValidate!("notoauth")).toBe("Token should start with 'oauth:'");
+ });
+
+ it("should return early when no existing token and no env token", async () => {
+ const { promptToken } = await import("./onboarding.js");
+
+ mockPromptText.mockResolvedValue("oauth:newtoken");
+
+ const result = await promptToken(mockPrompter, null, undefined);
+
+ expect(result).toBe("oauth:newtoken");
+ expect(mockPromptConfirm).not.toHaveBeenCalled();
+ });
+ });
+
+ describe("promptUsername", () => {
+ it("should prompt for username with validation", async () => {
+ const { promptUsername } = await import("./onboarding.js");
+
+ mockPromptText.mockResolvedValue("mybot");
+
+ const result = await promptUsername(mockPrompter, null);
+
+ expect(result).toBe("mybot");
+ expect(mockPromptText).toHaveBeenCalledWith({
+ message: "Twitch bot username",
+ initialValue: "",
+ validate: expect.any(Function),
+ });
+ });
+
+ it("should use existing username as initial value", async () => {
+ const { promptUsername } = await import("./onboarding.js");
+
+ mockPromptText.mockResolvedValue("testbot");
+
+ await promptUsername(mockPrompter, mockAccount);
+
+ expect(mockPromptText).toHaveBeenCalledWith(
+ expect.objectContaining({
+ initialValue: "testbot",
+ }),
+ );
+ });
+ });
+
+ describe("promptClientId", () => {
+ it("should prompt for client ID with validation", async () => {
+ const { promptClientId } = await import("./onboarding.js");
+
+ mockPromptText.mockResolvedValue("abc123xyz");
+
+ const result = await promptClientId(mockPrompter, null);
+
+ expect(result).toBe("abc123xyz");
+ expect(mockPromptText).toHaveBeenCalledWith({
+ message: "Twitch Client ID",
+ initialValue: "",
+ validate: expect.any(Function),
+ });
+ });
+ });
+
+ describe("promptChannelName", () => {
+ it("should return channel name when provided", async () => {
+ const { promptChannelName } = await import("./onboarding.js");
+
+ mockPromptText.mockResolvedValue("#mychannel");
+
+ const result = await promptChannelName(mockPrompter, null);
+
+ expect(result).toBe("#mychannel");
+ });
+
+ it("should require a non-empty channel name", async () => {
+ const { promptChannelName } = await import("./onboarding.js");
+
+ mockPromptText.mockResolvedValue("");
+
+ await promptChannelName(mockPrompter, null);
+
+ const { validate } = mockPromptText.mock.calls[0]?.[0] ?? {};
+ expect(validate?.("")).toBe("Required");
+ expect(validate?.(" ")).toBe("Required");
+ expect(validate?.("#chan")).toBeUndefined();
+ });
+ });
+
+ describe("promptRefreshTokenSetup", () => {
+ it("should return empty object when user declines", async () => {
+ const { promptRefreshTokenSetup } = await import("./onboarding.js");
+
+ mockPromptConfirm.mockResolvedValue(false);
+
+ const result = await promptRefreshTokenSetup(mockPrompter, mockAccount);
+
+ expect(result).toEqual({});
+ expect(mockPromptConfirm).toHaveBeenCalledWith({
+ message: "Enable automatic token refresh (requires client secret and refresh token)?",
+ initialValue: false,
+ });
+ });
+
+ it("should prompt for credentials when user accepts", async () => {
+ const { promptRefreshTokenSetup } = await import("./onboarding.js");
+
+ mockPromptConfirm
+ .mockResolvedValueOnce(true) // First call: useRefresh
+ .mockResolvedValueOnce("secret123") // clientSecret
+ .mockResolvedValueOnce("refresh123"); // refreshToken
+
+ mockPromptText.mockResolvedValueOnce("secret123").mockResolvedValueOnce("refresh123");
+
+ const result = await promptRefreshTokenSetup(mockPrompter, null);
+
+ expect(result).toEqual({
+ clientSecret: "secret123",
+ refreshToken: "refresh123",
+ });
+ });
+
+ it("should use existing values as initial prompts", async () => {
+ const { promptRefreshTokenSetup } = await import("./onboarding.js");
+
+ const accountWithRefresh = {
+ ...mockAccount,
+ clientSecret: "existing-secret",
+ refreshToken: "existing-refresh",
+ };
+
+ mockPromptConfirm.mockResolvedValue(true);
+ mockPromptText
+ .mockResolvedValueOnce("existing-secret")
+ .mockResolvedValueOnce("existing-refresh");
+
+ await promptRefreshTokenSetup(mockPrompter, accountWithRefresh);
+
+ expect(mockPromptConfirm).toHaveBeenCalledWith(
+ expect.objectContaining({
+ initialValue: true, // Both clientSecret and refreshToken exist
+ }),
+ );
+ });
+ });
+
+ describe("configureWithEnvToken", () => {
+ it("should return null when user declines env token", async () => {
+ const { configureWithEnvToken } = await import("./onboarding.js");
+
+ // Reset and set up mock - user declines env token
+ mockPromptConfirm.mockReset().mockResolvedValue(false as never);
+
+ const result = await configureWithEnvToken(
+ {} as Parameters[0],
+ mockPrompter,
+ null,
+ "oauth:fromenv",
+ false,
+ {} as Parameters[5],
+ );
+
+ // Since user declined, should return null without prompting for username/clientId
+ expect(result).toBeNull();
+ expect(mockPromptText).not.toHaveBeenCalled();
+ });
+
+ it("should prompt for username and clientId when using env token", async () => {
+ const { configureWithEnvToken } = await import("./onboarding.js");
+
+ // Reset and set up mocks - user accepts env token
+ mockPromptConfirm.mockReset().mockResolvedValue(true as never);
+
+ // Set up mocks for username and clientId prompts
+ mockPromptText
+ .mockReset()
+ .mockResolvedValueOnce("testbot" as never)
+ .mockResolvedValueOnce("test-client-id" as never);
+
+ const result = await configureWithEnvToken(
+ {} as Parameters[0],
+ mockPrompter,
+ null,
+ "oauth:fromenv",
+ false,
+ {} as Parameters[5],
+ );
+
+ // Should return config with username and clientId
+ expect(result).not.toBeNull();
+ expect(result?.cfg.channels?.twitch?.accounts?.default?.username).toBe("testbot");
+ expect(result?.cfg.channels?.twitch?.accounts?.default?.clientId).toBe("test-client-id");
+ });
+ });
+});
diff --git a/extensions/twitch/src/onboarding.ts b/extensions/twitch/src/onboarding.ts
new file mode 100644
index 000000000..9308b55a0
--- /dev/null
+++ b/extensions/twitch/src/onboarding.ts
@@ -0,0 +1,411 @@
+/**
+ * Twitch onboarding adapter for CLI setup wizard.
+ */
+
+import {
+ formatDocsLink,
+ promptChannelAccessConfig,
+ type ChannelOnboardingAdapter,
+ type ChannelOnboardingDmPolicy,
+ type WizardPrompter,
+} from "clawdbot/plugin-sdk";
+import { DEFAULT_ACCOUNT_ID, getAccountConfig } from "./config.js";
+import { isAccountConfigured } from "./utils/twitch.js";
+import type { TwitchAccountConfig, TwitchRole } from "./types.js";
+import type { ClawdbotConfig } from "clawdbot/plugin-sdk";
+
+const channel = "twitch" as const;
+
+/**
+ * Set Twitch account configuration
+ */
+function setTwitchAccount(
+ cfg: ClawdbotConfig,
+ account: Partial,
+): ClawdbotConfig {
+ const existing = getAccountConfig(cfg, DEFAULT_ACCOUNT_ID);
+ const merged: TwitchAccountConfig = {
+ username: account.username ?? existing?.username ?? "",
+ accessToken: account.accessToken ?? existing?.accessToken ?? "",
+ clientId: account.clientId ?? existing?.clientId ?? "",
+ channel: account.channel ?? existing?.channel ?? "",
+ enabled: account.enabled ?? existing?.enabled ?? true,
+ allowFrom: account.allowFrom ?? existing?.allowFrom,
+ allowedRoles: account.allowedRoles ?? existing?.allowedRoles,
+ requireMention: account.requireMention ?? existing?.requireMention,
+ clientSecret: account.clientSecret ?? existing?.clientSecret,
+ refreshToken: account.refreshToken ?? existing?.refreshToken,
+ expiresIn: account.expiresIn ?? existing?.expiresIn,
+ obtainmentTimestamp: account.obtainmentTimestamp ?? existing?.obtainmentTimestamp,
+ };
+
+ return {
+ ...cfg,
+ channels: {
+ ...cfg.channels,
+ twitch: {
+ ...((cfg.channels as Record)?.twitch as
+ | Record
+ | undefined),
+ enabled: true,
+ accounts: {
+ ...((
+ (cfg.channels as Record)?.twitch as Record | undefined
+ )?.accounts as Record | undefined),
+ [DEFAULT_ACCOUNT_ID]: merged,
+ },
+ },
+ },
+ };
+}
+
+/**
+ * Note about Twitch setup
+ */
+async function noteTwitchSetupHelp(prompter: WizardPrompter): Promise {
+ await prompter.note(
+ [
+ "Twitch requires a bot account with OAuth token.",
+ "1. Create a Twitch application at https://dev.twitch.tv/console",
+ "2. Generate a token with scopes: chat:read and chat:write",
+ " Use https://twitchtokengenerator.com/ or https://twitchapps.com/tmi/",
+ "3. Copy the token (starts with 'oauth:') and Client ID",
+ "Env vars supported: CLAWDBOT_TWITCH_ACCESS_TOKEN",
+ `Docs: ${formatDocsLink("/channels/twitch", "channels/twitch")}`,
+ ].join("\n"),
+ "Twitch setup",
+ );
+}
+
+/**
+ * Prompt for Twitch OAuth token with early returns.
+ */
+async function promptToken(
+ prompter: WizardPrompter,
+ account: TwitchAccountConfig | null,
+ envToken: string | undefined,
+): Promise {
+ const existingToken = account?.accessToken ?? "";
+
+ // If we have an existing token and no env var, ask if we should keep it
+ if (existingToken && !envToken) {
+ const keepToken = await prompter.confirm({
+ message: "Access token already configured. Keep it?",
+ initialValue: true,
+ });
+ if (keepToken) {
+ return existingToken;
+ }
+ }
+
+ // Prompt for new token
+ return String(
+ await prompter.text({
+ message: "Twitch OAuth token (oauth:...)",
+ initialValue: envToken ?? "",
+ validate: (value) => {
+ const raw = String(value ?? "").trim();
+ if (!raw) return "Required";
+ if (!raw.startsWith("oauth:")) {
+ return "Token should start with 'oauth:'";
+ }
+ return undefined;
+ },
+ }),
+ ).trim();
+}
+
+/**
+ * Prompt for Twitch username.
+ */
+async function promptUsername(
+ prompter: WizardPrompter,
+ account: TwitchAccountConfig | null,
+): Promise {
+ return String(
+ await prompter.text({
+ message: "Twitch bot username",
+ initialValue: account?.username ?? "",
+ validate: (value) => (value?.trim() ? undefined : "Required"),
+ }),
+ ).trim();
+}
+
+/**
+ * Prompt for Twitch Client ID.
+ */
+async function promptClientId(
+ prompter: WizardPrompter,
+ account: TwitchAccountConfig | null,
+): Promise {
+ return String(
+ await prompter.text({
+ message: "Twitch Client ID",
+ initialValue: account?.clientId ?? "",
+ validate: (value) => (value?.trim() ? undefined : "Required"),
+ }),
+ ).trim();
+}
+
+/**
+ * Prompt for optional channel name.
+ */
+async function promptChannelName(
+ prompter: WizardPrompter,
+ account: TwitchAccountConfig | null,
+): Promise {
+ const channelName = String(
+ await prompter.text({
+ message: "Channel to join",
+ initialValue: account?.channel ?? "",
+ validate: (value) => (value?.trim() ? undefined : "Required"),
+ }),
+ ).trim();
+ return channelName;
+}
+
+/**
+ * Prompt for token refresh credentials (client secret and refresh token).
+ */
+async function promptRefreshTokenSetup(
+ prompter: WizardPrompter,
+ account: TwitchAccountConfig | null,
+): Promise<{ clientSecret?: string; refreshToken?: string }> {
+ const useRefresh = await prompter.confirm({
+ message: "Enable automatic token refresh (requires client secret and refresh token)?",
+ initialValue: Boolean(account?.clientSecret && account?.refreshToken),
+ });
+
+ if (!useRefresh) {
+ return {};
+ }
+
+ const clientSecret =
+ String(
+ await prompter.text({
+ message: "Twitch Client Secret (for token refresh)",
+ initialValue: account?.clientSecret ?? "",
+ validate: (value) => (value?.trim() ? undefined : "Required"),
+ }),
+ ).trim() || undefined;
+
+ const refreshToken =
+ String(
+ await prompter.text({
+ message: "Twitch Refresh Token",
+ initialValue: account?.refreshToken ?? "",
+ validate: (value) => (value?.trim() ? undefined : "Required"),
+ }),
+ ).trim() || undefined;
+
+ return { clientSecret, refreshToken };
+}
+
+/**
+ * Configure with env token path (returns early if user chooses env token).
+ */
+async function configureWithEnvToken(
+ cfg: ClawdbotConfig,
+ prompter: WizardPrompter,
+ account: TwitchAccountConfig | null,
+ envToken: string,
+ forceAllowFrom: boolean,
+ dmPolicy: ChannelOnboardingDmPolicy,
+): Promise<{ cfg: ClawdbotConfig } | null> {
+ const useEnv = await prompter.confirm({
+ message: "Twitch env var CLAWDBOT_TWITCH_ACCESS_TOKEN detected. Use env token?",
+ initialValue: true,
+ });
+ if (!useEnv) {
+ return null;
+ }
+
+ const username = await promptUsername(prompter, account);
+ const clientId = await promptClientId(prompter, account);
+
+ const cfgWithAccount = setTwitchAccount(cfg, {
+ username,
+ clientId,
+ accessToken: "", // Will use env var
+ enabled: true,
+ });
+
+ if (forceAllowFrom && dmPolicy.promptAllowFrom) {
+ return { cfg: await dmPolicy.promptAllowFrom({ cfg: cfgWithAccount, prompter }) };
+ }
+
+ return { cfg: cfgWithAccount };
+}
+
+/**
+ * Set Twitch access control (role-based)
+ */
+function setTwitchAccessControl(
+ cfg: ClawdbotConfig,
+ allowedRoles: TwitchRole[],
+ requireMention: boolean,
+): ClawdbotConfig {
+ const account = getAccountConfig(cfg, DEFAULT_ACCOUNT_ID);
+ if (!account) {
+ return cfg;
+ }
+
+ return setTwitchAccount(cfg, {
+ ...account,
+ allowedRoles,
+ requireMention,
+ });
+}
+
+const dmPolicy: ChannelOnboardingDmPolicy = {
+ label: "Twitch",
+ channel,
+ policyKey: "channels.twitch.allowedRoles", // Twitch uses roles instead of DM policy
+ allowFromKey: "channels.twitch.accounts.default.allowFrom",
+ getCurrent: (cfg) => {
+ const account = getAccountConfig(cfg, DEFAULT_ACCOUNT_ID);
+ // Map allowedRoles to policy equivalent
+ if (account?.allowedRoles?.includes("all")) return "open";
+ if (account?.allowFrom && account.allowFrom.length > 0) return "allowlist";
+ return "disabled";
+ },
+ setPolicy: (cfg, policy) => {
+ const allowedRoles: TwitchRole[] =
+ policy === "open" ? ["all"] : policy === "allowlist" ? [] : ["moderator"];
+ return setTwitchAccessControl(cfg as ClawdbotConfig, allowedRoles, true);
+ },
+ promptAllowFrom: async ({ cfg, prompter }) => {
+ const account = getAccountConfig(cfg, DEFAULT_ACCOUNT_ID);
+ const existingAllowFrom = account?.allowFrom ?? [];
+
+ const entry = await prompter.text({
+ message: "Twitch allowFrom (user IDs, one per line, recommended for security)",
+ placeholder: "123456789",
+ initialValue: existingAllowFrom[0] ? String(existingAllowFrom[0]) : undefined,
+ });
+
+ const allowFrom = String(entry ?? "")
+ .split(/[\n,;]+/g)
+ .map((s) => s.trim())
+ .filter(Boolean);
+
+ return setTwitchAccount(cfg as ClawdbotConfig, {
+ ...(account ?? undefined),
+ allowFrom,
+ });
+ },
+};
+
+export const twitchOnboardingAdapter: ChannelOnboardingAdapter = {
+ channel,
+ getStatus: async ({ cfg }) => {
+ const account = getAccountConfig(cfg, DEFAULT_ACCOUNT_ID);
+ const configured = account ? isAccountConfigured(account) : false;
+
+ return {
+ channel,
+ configured,
+ statusLines: [`Twitch: ${configured ? "configured" : "needs username, token, and clientId"}`],
+ selectionHint: configured ? "configured" : "needs setup",
+ };
+ },
+ configure: async ({ cfg, prompter, forceAllowFrom }) => {
+ const account = getAccountConfig(cfg, DEFAULT_ACCOUNT_ID);
+
+ if (!account || !isAccountConfigured(account)) {
+ await noteTwitchSetupHelp(prompter);
+ }
+
+ const envToken = process.env.CLAWDBOT_TWITCH_ACCESS_TOKEN?.trim();
+
+ // Check if env var is set and config is empty
+ if (envToken && !account?.accessToken) {
+ const envResult = await configureWithEnvToken(
+ cfg,
+ prompter,
+ account,
+ envToken,
+ forceAllowFrom,
+ dmPolicy,
+ );
+ if (envResult) {
+ return envResult;
+ }
+ }
+
+ // Prompt for credentials
+ const username = await promptUsername(prompter, account);
+ const token = await promptToken(prompter, account, envToken);
+ const clientId = await promptClientId(prompter, account);
+ const channelName = await promptChannelName(prompter, account);
+ const { clientSecret, refreshToken } = await promptRefreshTokenSetup(prompter, account);
+
+ const cfgWithAccount = setTwitchAccount(cfg, {
+ username,
+ accessToken: token,
+ clientId,
+ channel: channelName,
+ clientSecret,
+ refreshToken,
+ enabled: true,
+ });
+
+ const cfgWithAllowFrom =
+ forceAllowFrom && dmPolicy.promptAllowFrom
+ ? await dmPolicy.promptAllowFrom({ cfg: cfgWithAccount, prompter })
+ : cfgWithAccount;
+
+ // Prompt for access control if allowFrom not set
+ if (!account?.allowFrom || account.allowFrom.length === 0) {
+ const accessConfig = await promptChannelAccessConfig({
+ prompter,
+ label: "Twitch chat",
+ currentPolicy: account?.allowedRoles?.includes("all")
+ ? "open"
+ : account?.allowedRoles?.includes("moderator")
+ ? "allowlist"
+ : "disabled",
+ currentEntries: [],
+ placeholder: "",
+ updatePrompt: false,
+ });
+
+ if (accessConfig) {
+ const allowedRoles: TwitchRole[] =
+ accessConfig.policy === "open"
+ ? ["all"]
+ : accessConfig.policy === "allowlist"
+ ? ["moderator", "vip"]
+ : [];
+
+ const cfgWithAccessControl = setTwitchAccessControl(cfgWithAllowFrom, allowedRoles, true);
+ return { cfg: cfgWithAccessControl };
+ }
+ }
+
+ return { cfg: cfgWithAllowFrom };
+ },
+ dmPolicy,
+ disable: (cfg) => {
+ const twitch = (cfg.channels as Record)?.twitch as
+ | Record
+ | undefined;
+ return {
+ ...cfg,
+ channels: {
+ ...cfg.channels,
+ twitch: { ...twitch, enabled: false },
+ },
+ };
+ },
+};
+
+// Export helper functions for testing
+export {
+ promptToken,
+ promptUsername,
+ promptClientId,
+ promptChannelName,
+ promptRefreshTokenSetup,
+ configureWithEnvToken,
+};
diff --git a/extensions/twitch/src/outbound.test.ts b/extensions/twitch/src/outbound.test.ts
new file mode 100644
index 000000000..41a68418f
--- /dev/null
+++ b/extensions/twitch/src/outbound.test.ts
@@ -0,0 +1,373 @@
+/**
+ * Tests for outbound.ts module
+ *
+ * Tests cover:
+ * - resolveTarget with various modes (explicit, implicit, heartbeat)
+ * - sendText with markdown stripping
+ * - sendMedia delegation to sendText
+ * - Error handling for missing accounts/channels
+ * - Abort signal handling
+ */
+
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import { twitchOutbound } from "./outbound.js";
+import type { ClawdbotConfig } from "clawdbot/plugin-sdk";
+
+// Mock dependencies
+vi.mock("./config.js", () => ({
+ DEFAULT_ACCOUNT_ID: "default",
+ getAccountConfig: vi.fn(),
+}));
+
+vi.mock("./send.js", () => ({
+ sendMessageTwitchInternal: vi.fn(),
+}));
+
+vi.mock("./utils/markdown.js", () => ({
+ chunkTextForTwitch: vi.fn((text) => text.split(/(.{500})/).filter(Boolean)),
+}));
+
+vi.mock("./utils/twitch.js", () => ({
+ normalizeTwitchChannel: (channel: string) => channel.toLowerCase().replace(/^#/, ""),
+ missingTargetError: (channel: string, hint: string) =>
+ `Missing target for ${channel}. Provide ${hint}`,
+}));
+
+describe("outbound", () => {
+ const mockAccount = {
+ username: "testbot",
+ token: "oauth:test123",
+ clientId: "test-client-id",
+ channel: "#testchannel",
+ };
+
+ const mockConfig = {
+ channels: {
+ twitch: {
+ accounts: {
+ default: mockAccount,
+ },
+ },
+ },
+ } as unknown as ClawdbotConfig;
+
+ beforeEach(() => {
+ vi.clearAllMocks();
+ });
+
+ afterEach(() => {
+ vi.restoreAllMocks();
+ });
+
+ describe("metadata", () => {
+ it("should have direct delivery mode", () => {
+ expect(twitchOutbound.deliveryMode).toBe("direct");
+ });
+
+ it("should have 500 character text chunk limit", () => {
+ expect(twitchOutbound.textChunkLimit).toBe(500);
+ });
+
+ it("should have chunker function", () => {
+ expect(twitchOutbound.chunker).toBeDefined();
+ expect(typeof twitchOutbound.chunker).toBe("function");
+ });
+ });
+
+ describe("resolveTarget", () => {
+ it("should normalize and return target in explicit mode", () => {
+ const result = twitchOutbound.resolveTarget({
+ to: "#MyChannel",
+ mode: "explicit",
+ allowFrom: [],
+ });
+
+ expect(result.ok).toBe(true);
+ expect(result.to).toBe("mychannel");
+ });
+
+ it("should return target in implicit mode with wildcard allowlist", () => {
+ const result = twitchOutbound.resolveTarget({
+ to: "#AnyChannel",
+ mode: "implicit",
+ allowFrom: ["*"],
+ });
+
+ expect(result.ok).toBe(true);
+ expect(result.to).toBe("anychannel");
+ });
+
+ it("should return target in implicit mode when in allowlist", () => {
+ const result = twitchOutbound.resolveTarget({
+ to: "#allowed",
+ mode: "implicit",
+ allowFrom: ["#allowed", "#other"],
+ });
+
+ expect(result.ok).toBe(true);
+ expect(result.to).toBe("allowed");
+ });
+
+ it("should fallback to first allowlist entry when target not in list", () => {
+ const result = twitchOutbound.resolveTarget({
+ to: "#notallowed",
+ mode: "implicit",
+ allowFrom: ["#primary", "#secondary"],
+ });
+
+ expect(result.ok).toBe(true);
+ expect(result.to).toBe("primary");
+ });
+
+ it("should accept any target when allowlist is empty", () => {
+ const result = twitchOutbound.resolveTarget({
+ to: "#anychannel",
+ mode: "heartbeat",
+ allowFrom: [],
+ });
+
+ expect(result.ok).toBe(true);
+ expect(result.to).toBe("anychannel");
+ });
+
+ it("should use first allowlist entry when no target provided", () => {
+ const result = twitchOutbound.resolveTarget({
+ to: undefined,
+ mode: "implicit",
+ allowFrom: ["#fallback", "#other"],
+ });
+
+ expect(result.ok).toBe(true);
+ expect(result.to).toBe("fallback");
+ });
+
+ it("should return error when no target and no allowlist", () => {
+ const result = twitchOutbound.resolveTarget({
+ to: undefined,
+ mode: "explicit",
+ allowFrom: [],
+ });
+
+ expect(result.ok).toBe(false);
+ expect(result.error).toContain("Missing target");
+ });
+
+ it("should handle whitespace-only target", () => {
+ const result = twitchOutbound.resolveTarget({
+ to: " ",
+ mode: "explicit",
+ allowFrom: [],
+ });
+
+ expect(result.ok).toBe(false);
+ expect(result.error).toContain("Missing target");
+ });
+
+ it("should filter wildcard from allowlist when checking membership", () => {
+ const result = twitchOutbound.resolveTarget({
+ to: "#mychannel",
+ mode: "implicit",
+ allowFrom: ["*", "#specific"],
+ });
+
+ // With wildcard, any target is accepted
+ expect(result.ok).toBe(true);
+ expect(result.to).toBe("mychannel");
+ });
+ });
+
+ describe("sendText", () => {
+ it("should send message successfully", async () => {
+ const { getAccountConfig } = await import("./config.js");
+ const { sendMessageTwitchInternal } = await import("./send.js");
+
+ vi.mocked(getAccountConfig).mockReturnValue(mockAccount);
+ vi.mocked(sendMessageTwitchInternal).mockResolvedValue({
+ ok: true,
+ messageId: "twitch-msg-123",
+ });
+
+ const result = await twitchOutbound.sendText({
+ cfg: mockConfig,
+ to: "#testchannel",
+ text: "Hello Twitch!",
+ accountId: "default",
+ });
+
+ expect(result.channel).toBe("twitch");
+ expect(result.messageId).toBe("twitch-msg-123");
+ expect(result.to).toBe("testchannel");
+ expect(result.timestamp).toBeGreaterThan(0);
+ });
+
+ it("should throw when account not found", async () => {
+ const { getAccountConfig } = await import("./config.js");
+
+ vi.mocked(getAccountConfig).mockReturnValue(null);
+
+ await expect(
+ twitchOutbound.sendText({
+ cfg: mockConfig,
+ to: "#testchannel",
+ text: "Hello!",
+ accountId: "nonexistent",
+ }),
+ ).rejects.toThrow("Twitch account not found: nonexistent");
+ });
+
+ it("should throw when no channel specified", async () => {
+ const { getAccountConfig } = await import("./config.js");
+
+ const accountWithoutChannel = { ...mockAccount, channel: undefined as unknown as string };
+ vi.mocked(getAccountConfig).mockReturnValue(accountWithoutChannel);
+
+ await expect(
+ twitchOutbound.sendText({
+ cfg: mockConfig,
+ to: undefined,
+ text: "Hello!",
+ accountId: "default",
+ }),
+ ).rejects.toThrow("No channel specified");
+ });
+
+ it("should use account channel when target not provided", async () => {
+ const { getAccountConfig } = await import("./config.js");
+ const { sendMessageTwitchInternal } = await import("./send.js");
+
+ vi.mocked(getAccountConfig).mockReturnValue(mockAccount);
+ vi.mocked(sendMessageTwitchInternal).mockResolvedValue({
+ ok: true,
+ messageId: "msg-456",
+ });
+
+ await twitchOutbound.sendText({
+ cfg: mockConfig,
+ to: undefined,
+ text: "Hello!",
+ accountId: "default",
+ });
+
+ expect(sendMessageTwitchInternal).toHaveBeenCalledWith(
+ "testchannel",
+ "Hello!",
+ mockConfig,
+ "default",
+ true,
+ console,
+ );
+ });
+
+ it("should handle abort signal", async () => {
+ const abortController = new AbortController();
+ abortController.abort();
+
+ await expect(
+ twitchOutbound.sendText({
+ cfg: mockConfig,
+ to: "#testchannel",
+ text: "Hello!",
+ accountId: "default",
+ signal: abortController.signal,
+ }),
+ ).rejects.toThrow("Outbound delivery aborted");
+ });
+
+ it("should throw on send failure", async () => {
+ const { getAccountConfig } = await import("./config.js");
+ const { sendMessageTwitchInternal } = await import("./send.js");
+
+ vi.mocked(getAccountConfig).mockReturnValue(mockAccount);
+ vi.mocked(sendMessageTwitchInternal).mockResolvedValue({
+ ok: false,
+ messageId: "failed-msg",
+ error: "Connection lost",
+ });
+
+ await expect(
+ twitchOutbound.sendText({
+ cfg: mockConfig,
+ to: "#testchannel",
+ text: "Hello!",
+ accountId: "default",
+ }),
+ ).rejects.toThrow("Connection lost");
+ });
+ });
+
+ describe("sendMedia", () => {
+ it("should combine text and media URL", async () => {
+ const { sendMessageTwitchInternal } = await import("./send.js");
+ const { getAccountConfig } = await import("./config.js");
+
+ vi.mocked(getAccountConfig).mockReturnValue(mockAccount);
+ vi.mocked(sendMessageTwitchInternal).mockResolvedValue({
+ ok: true,
+ messageId: "media-msg-123",
+ });
+
+ const result = await twitchOutbound.sendMedia({
+ cfg: mockConfig,
+ to: "#testchannel",
+ text: "Check this:",
+ mediaUrl: "https://example.com/image.png",
+ accountId: "default",
+ });
+
+ expect(result.channel).toBe("twitch");
+ expect(result.messageId).toBe("media-msg-123");
+ expect(sendMessageTwitchInternal).toHaveBeenCalledWith(
+ expect.anything(),
+ "Check this: https://example.com/image.png",
+ expect.anything(),
+ expect.anything(),
+ expect.anything(),
+ expect.anything(),
+ );
+ });
+
+ it("should send media URL only when no text", async () => {
+ const { sendMessageTwitchInternal } = await import("./send.js");
+ const { getAccountConfig } = await import("./config.js");
+
+ vi.mocked(getAccountConfig).mockReturnValue(mockAccount);
+ vi.mocked(sendMessageTwitchInternal).mockResolvedValue({
+ ok: true,
+ messageId: "media-only-msg",
+ });
+
+ await twitchOutbound.sendMedia({
+ cfg: mockConfig,
+ to: "#testchannel",
+ text: undefined,
+ mediaUrl: "https://example.com/image.png",
+ accountId: "default",
+ });
+
+ expect(sendMessageTwitchInternal).toHaveBeenCalledWith(
+ expect.anything(),
+ "https://example.com/image.png",
+ expect.anything(),
+ expect.anything(),
+ expect.anything(),
+ expect.anything(),
+ );
+ });
+
+ it("should handle abort signal", async () => {
+ const abortController = new AbortController();
+ abortController.abort();
+
+ await expect(
+ twitchOutbound.sendMedia({
+ cfg: mockConfig,
+ to: "#testchannel",
+ text: "Check this:",
+ mediaUrl: "https://example.com/image.png",
+ accountId: "default",
+ signal: abortController.signal,
+ }),
+ ).rejects.toThrow("Outbound delivery aborted");
+ });
+ });
+});
diff --git a/extensions/twitch/src/outbound.ts b/extensions/twitch/src/outbound.ts
new file mode 100644
index 000000000..7f2edabec
--- /dev/null
+++ b/extensions/twitch/src/outbound.ts
@@ -0,0 +1,186 @@
+/**
+ * Twitch outbound adapter for sending messages.
+ *
+ * Implements the ChannelOutboundAdapter interface for Twitch chat.
+ * Supports text and media (URL) sending with markdown stripping and chunking.
+ */
+
+import { DEFAULT_ACCOUNT_ID, getAccountConfig } from "./config.js";
+import { sendMessageTwitchInternal } from "./send.js";
+import type {
+ ChannelOutboundAdapter,
+ ChannelOutboundContext,
+ OutboundDeliveryResult,
+} from "./types.js";
+import { chunkTextForTwitch } from "./utils/markdown.js";
+import { missingTargetError, normalizeTwitchChannel } from "./utils/twitch.js";
+
+/**
+ * Twitch outbound adapter.
+ *
+ * Handles sending text and media to Twitch channels with automatic
+ * markdown stripping and message chunking.
+ */
+export const twitchOutbound: ChannelOutboundAdapter = {
+ /** Direct delivery mode - messages are sent immediately */
+ deliveryMode: "direct",
+
+ /** Twitch chat message limit is 500 characters */
+ textChunkLimit: 500,
+
+ /** Word-boundary chunker with markdown stripping */
+ chunker: chunkTextForTwitch,
+
+ /**
+ * Resolve target from context.
+ *
+ * Handles target resolution with allowlist support for implicit/heartbeat modes.
+ * For explicit mode, accepts any valid channel name.
+ *
+ * @param params - Resolution parameters
+ * @returns Resolved target or error
+ */
+ resolveTarget: ({ to, allowFrom, mode }) => {
+ const trimmed = to?.trim() ?? "";
+ const allowListRaw = (allowFrom ?? [])
+ .map((entry: unknown) => String(entry).trim())
+ .filter(Boolean);
+ const hasWildcard = allowListRaw.includes("*");
+ const allowList = allowListRaw
+ .filter((entry: string) => entry !== "*")
+ .map((entry: string) => normalizeTwitchChannel(entry))
+ .filter((entry): entry is string => entry.length > 0);
+
+ // If target is provided, normalize and validate it
+ if (trimmed) {
+ const normalizedTo = normalizeTwitchChannel(trimmed);
+
+ // For implicit/heartbeat modes with allowList, check against allowlist
+ if (mode === "implicit" || mode === "heartbeat") {
+ if (hasWildcard || allowList.length === 0) {
+ return { ok: true, to: normalizedTo };
+ }
+ if (allowList.includes(normalizedTo)) {
+ return { ok: true, to: normalizedTo };
+ }
+ // Fallback to first allowFrom entry
+ // biome-ignore lint/style/noNonNullAssertion: length > 0 check ensures element exists
+ return { ok: true, to: allowList[0]! };
+ }
+
+ // For explicit mode, accept any valid channel name
+ return { ok: true, to: normalizedTo };
+ }
+
+ // No target provided, use allowFrom fallback
+ if (allowList.length > 0) {
+ // biome-ignore lint/style/noNonNullAssertion: length > 0 check ensures element exists
+ return { ok: true, to: allowList[0]! };
+ }
+
+ // No target and no allowFrom - error
+ return {
+ ok: false,
+ error: missingTargetError(
+ "Twitch",
+ " or channels.twitch.accounts..allowFrom[0]",
+ ),
+ };
+ },
+
+ /**
+ * Send a text message to a Twitch channel.
+ *
+ * Strips markdown if enabled, validates account configuration,
+ * and sends the message via the Twitch client.
+ *
+ * @param params - Send parameters including target, text, and config
+ * @returns Delivery result with message ID and status
+ *
+ * @example
+ * const result = await twitchOutbound.sendText({
+ * cfg: clawdbotConfig,
+ * to: "#mychannel",
+ * text: "Hello Twitch!",
+ * accountId: "default",
+ * });
+ */
+ sendText: async (params: ChannelOutboundContext): Promise => {
+ const { cfg, to, text, accountId, signal } = params;
+
+ if (signal?.aborted) {
+ throw new Error("Outbound delivery aborted");
+ }
+
+ const resolvedAccountId = accountId ?? DEFAULT_ACCOUNT_ID;
+ const account = getAccountConfig(cfg, resolvedAccountId);
+ if (!account) {
+ const availableIds = Object.keys(cfg.channels?.twitch?.accounts ?? {});
+ throw new Error(
+ `Twitch account not found: ${resolvedAccountId}. ` +
+ `Available accounts: ${availableIds.join(", ") || "none"}`,
+ );
+ }
+
+ const channel = to || account.channel;
+ if (!channel) {
+ throw new Error("No channel specified and no default channel in account config");
+ }
+
+ const result = await sendMessageTwitchInternal(
+ normalizeTwitchChannel(channel),
+ text,
+ cfg,
+ resolvedAccountId,
+ true, // stripMarkdown
+ console,
+ );
+
+ if (!result.ok) {
+ throw new Error(result.error ?? "Send failed");
+ }
+
+ return {
+ channel: "twitch",
+ messageId: result.messageId,
+ timestamp: Date.now(),
+ to: normalizeTwitchChannel(channel),
+ };
+ },
+
+ /**
+ * Send media to a Twitch channel.
+ *
+ * Note: Twitch chat doesn't support direct media uploads.
+ * This sends the media URL as text instead.
+ *
+ * @param params - Send parameters including media URL
+ * @returns Delivery result with message ID and status
+ *
+ * @example
+ * const result = await twitchOutbound.sendMedia({
+ * cfg: clawdbotConfig,
+ * to: "#mychannel",
+ * text: "Check this out!",
+ * mediaUrl: "https://example.com/image.png",
+ * accountId: "default",
+ * });
+ */
+ sendMedia: async (params: ChannelOutboundContext): Promise => {
+ const { text, mediaUrl, signal } = params;
+
+ if (signal?.aborted) {
+ throw new Error("Outbound delivery aborted");
+ }
+
+ const message = mediaUrl ? `${text || ""} ${mediaUrl}`.trim() : text;
+
+ if (!twitchOutbound.sendText) {
+ throw new Error("sendText not implemented");
+ }
+ return twitchOutbound.sendText({
+ ...params,
+ text: message,
+ });
+ },
+};
diff --git a/extensions/twitch/src/plugin.test.ts b/extensions/twitch/src/plugin.test.ts
new file mode 100644
index 000000000..dd8ec8ad0
--- /dev/null
+++ b/extensions/twitch/src/plugin.test.ts
@@ -0,0 +1,39 @@
+import { describe, expect, it } from "vitest";
+import type { ClawdbotConfig } from "clawdbot/plugin-sdk";
+import { twitchPlugin } from "./plugin.js";
+
+describe("twitchPlugin.status.buildAccountSnapshot", () => {
+ it("uses the resolved account ID for multi-account configs", async () => {
+ const secondary = {
+ channel: "secondary-channel",
+ username: "secondary",
+ accessToken: "oauth:secondary-token",
+ clientId: "secondary-client",
+ enabled: true,
+ };
+
+ const cfg = {
+ channels: {
+ twitch: {
+ accounts: {
+ default: {
+ channel: "default-channel",
+ username: "default",
+ accessToken: "oauth:default-token",
+ clientId: "default-client",
+ enabled: true,
+ },
+ secondary,
+ },
+ },
+ },
+ } as ClawdbotConfig;
+
+ const snapshot = await twitchPlugin.status?.buildAccountSnapshot?.({
+ account: secondary,
+ cfg,
+ });
+
+ expect(snapshot?.accountId).toBe("secondary");
+ });
+});
diff --git a/extensions/twitch/src/plugin.ts b/extensions/twitch/src/plugin.ts
new file mode 100644
index 000000000..2064722b0
--- /dev/null
+++ b/extensions/twitch/src/plugin.ts
@@ -0,0 +1,274 @@
+/**
+ * Twitch channel plugin for Clawdbot.
+ *
+ * Main plugin export combining all adapters (outbound, actions, status, gateway).
+ * This is the primary entry point for the Twitch channel integration.
+ */
+
+import type { ClawdbotConfig } from "clawdbot/plugin-sdk";
+import { buildChannelConfigSchema } from "clawdbot/plugin-sdk";
+import { twitchMessageActions } from "./actions.js";
+import { TwitchConfigSchema } from "./config-schema.js";
+import { DEFAULT_ACCOUNT_ID, getAccountConfig, listAccountIds } from "./config.js";
+import { twitchOnboardingAdapter } from "./onboarding.js";
+import { twitchOutbound } from "./outbound.js";
+import { probeTwitch } from "./probe.js";
+import { resolveTwitchTargets } from "./resolver.js";
+import { collectTwitchStatusIssues } from "./status.js";
+import { removeClientManager } from "./client-manager-registry.js";
+import { resolveTwitchToken } from "./token.js";
+import { isAccountConfigured } from "./utils/twitch.js";
+import type {
+ ChannelAccountSnapshot,
+ ChannelCapabilities,
+ ChannelLogSink,
+ ChannelMeta,
+ ChannelPlugin,
+ ChannelResolveKind,
+ ChannelResolveResult,
+ TwitchAccountConfig,
+} from "./types.js";
+
+/**
+ * Twitch channel plugin.
+ *
+ * Implements the ChannelPlugin interface to provide Twitch chat integration
+ * for Clawdbot. Supports message sending, receiving, access control, and
+ * status monitoring.
+ */
+export const twitchPlugin: ChannelPlugin = {
+ /** Plugin identifier */
+ id: "twitch",
+
+ /** Plugin metadata */
+ meta: {
+ id: "twitch",
+ label: "Twitch",
+ selectionLabel: "Twitch (Chat)",
+ docsPath: "/channels/twitch",
+ blurb: "Twitch chat integration",
+ aliases: ["twitch-chat"],
+ } satisfies ChannelMeta,
+
+ /** Onboarding adapter */
+ onboarding: twitchOnboardingAdapter,
+
+ /** Pairing configuration */
+ pairing: {
+ idLabel: "twitchUserId",
+ normalizeAllowEntry: (entry) => entry.replace(/^(twitch:)?user:?/i, ""),
+ notifyApproval: async ({ id }) => {
+ // Note: Twitch doesn't support DMs from bots, so pairing approval is limited
+ // We'll log the approval instead
+ console.warn(`Pairing approved for user ${id} (notification sent via chat if possible)`);
+ },
+ },
+
+ /** Supported chat capabilities */
+ capabilities: {
+ chatTypes: ["group"],
+ } satisfies ChannelCapabilities,
+
+ /** Configuration schema for Twitch channel */
+ configSchema: buildChannelConfigSchema(TwitchConfigSchema),
+
+ /** Account configuration management */
+ config: {
+ /** List all configured account IDs */
+ listAccountIds: (cfg: ClawdbotConfig): string[] => listAccountIds(cfg),
+
+ /** Resolve an account config by ID */
+ resolveAccount: (cfg: ClawdbotConfig, accountId?: string | null): TwitchAccountConfig => {
+ const account = getAccountConfig(cfg, accountId ?? DEFAULT_ACCOUNT_ID);
+ if (!account) {
+ // Return a default/empty account if not configured
+ return {
+ username: "",
+ accessToken: "",
+ clientId: "",
+ enabled: false,
+ } as TwitchAccountConfig;
+ }
+ return account;
+ },
+
+ /** Get the default account ID */
+ defaultAccountId: (): string => DEFAULT_ACCOUNT_ID,
+
+ /** Check if an account is configured */
+ isConfigured: (_account: unknown, cfg: ClawdbotConfig): boolean => {
+ const account = getAccountConfig(cfg, DEFAULT_ACCOUNT_ID);
+ const tokenResolution = resolveTwitchToken(cfg, { accountId: DEFAULT_ACCOUNT_ID });
+ return account ? isAccountConfigured(account, tokenResolution.token) : false;
+ },
+
+ /** Check if an account is enabled */
+ isEnabled: (account: TwitchAccountConfig | undefined): boolean => account?.enabled !== false,
+
+ /** Describe account status */
+ describeAccount: (account: TwitchAccountConfig | undefined) => {
+ return {
+ accountId: DEFAULT_ACCOUNT_ID,
+ enabled: account?.enabled !== false,
+ configured: account ? isAccountConfigured(account, account?.accessToken) : false,
+ };
+ },
+ },
+
+ /** Outbound message adapter */
+ outbound: twitchOutbound,
+
+ /** Message actions adapter */
+ actions: twitchMessageActions,
+
+ /** Resolver adapter for username -> user ID resolution */
+ resolver: {
+ resolveTargets: async ({
+ cfg,
+ accountId,
+ inputs,
+ kind,
+ runtime,
+ }: {
+ cfg: ClawdbotConfig;
+ accountId?: string | null;
+ inputs: string[];
+ kind: ChannelResolveKind;
+ runtime: import("../../../src/runtime.js").RuntimeEnv;
+ }): Promise => {
+ const account = getAccountConfig(cfg, accountId ?? DEFAULT_ACCOUNT_ID);
+
+ if (!account) {
+ return inputs.map((input) => ({
+ input,
+ resolved: false,
+ note: "account not configured",
+ }));
+ }
+
+ // Adapt RuntimeEnv.log to ChannelLogSink
+ const log: ChannelLogSink = {
+ info: (msg) => runtime.log(msg),
+ warn: (msg) => runtime.log(msg),
+ error: (msg) => runtime.error(msg),
+ debug: (msg) => runtime.log(msg),
+ };
+ return await resolveTwitchTargets(inputs, account, kind, log);
+ },
+ },
+
+ /** Status monitoring adapter */
+ status: {
+ /** Default runtime state */
+ defaultRuntime: {
+ accountId: DEFAULT_ACCOUNT_ID,
+ running: false,
+ lastStartAt: null,
+ lastStopAt: null,
+ lastError: null,
+ },
+
+ /** Build channel summary from snapshot */
+ buildChannelSummary: ({ snapshot }: { snapshot: ChannelAccountSnapshot }) => ({
+ configured: snapshot.configured ?? false,
+ running: snapshot.running ?? false,
+ lastStartAt: snapshot.lastStartAt ?? null,
+ lastStopAt: snapshot.lastStopAt ?? null,
+ lastError: snapshot.lastError ?? null,
+ probe: snapshot.probe,
+ lastProbeAt: snapshot.lastProbeAt ?? null,
+ }),
+
+ /** Probe account connection */
+ probeAccount: async ({
+ account,
+ timeoutMs,
+ }: {
+ account: TwitchAccountConfig;
+ timeoutMs: number;
+ }): Promise => {
+ return await probeTwitch(account, timeoutMs);
+ },
+
+ /** Build account snapshot with current status */
+ buildAccountSnapshot: ({
+ account,
+ cfg,
+ runtime,
+ probe,
+ }: {
+ account: TwitchAccountConfig;
+ cfg: ClawdbotConfig;
+ runtime?: ChannelAccountSnapshot;
+ probe?: unknown;
+ }): ChannelAccountSnapshot => {
+ const twitch = (cfg as Record).channels as
+ | Record
+ | undefined;
+ const twitchCfg = twitch?.twitch as Record | undefined;
+ const accountMap = (twitchCfg?.accounts as Record | undefined) ?? {};
+ const resolvedAccountId =
+ Object.entries(accountMap).find(([, value]) => value === account)?.[0] ??
+ DEFAULT_ACCOUNT_ID;
+ const tokenResolution = resolveTwitchToken(cfg, { accountId: resolvedAccountId });
+ return {
+ accountId: resolvedAccountId,
+ enabled: account?.enabled !== false,
+ configured: isAccountConfigured(account, tokenResolution.token),
+ running: runtime?.running ?? false,
+ lastStartAt: runtime?.lastStartAt ?? null,
+ lastStopAt: runtime?.lastStopAt ?? null,
+ lastError: runtime?.lastError ?? null,
+ probe,
+ };
+ },
+
+ /** Collect status issues for all accounts */
+ collectStatusIssues: collectTwitchStatusIssues,
+ },
+
+ /** Gateway adapter for connection lifecycle */
+ gateway: {
+ /** Start an account connection */
+ startAccount: async (ctx): Promise => {
+ const account = ctx.account as TwitchAccountConfig;
+ const accountId = ctx.accountId;
+
+ ctx.setStatus?.({
+ accountId,
+ running: true,
+ lastStartAt: Date.now(),
+ lastError: null,
+ });
+
+ ctx.log?.info(`Starting Twitch connection for ${account.username}`);
+
+ // Lazy import: the monitor pulls the reply pipeline; avoid ESM init cycles.
+ const { monitorTwitchProvider } = await import("./monitor.js");
+ await monitorTwitchProvider({
+ account,
+ accountId,
+ config: ctx.cfg,
+ runtime: ctx.runtime,
+ abortSignal: ctx.abortSignal,
+ });
+ },
+
+ /** Stop an account connection */
+ stopAccount: async (ctx): Promise => {
+ const account = ctx.account as TwitchAccountConfig;
+ const accountId = ctx.accountId;
+
+ // Disconnect and remove client manager from registry
+ await removeClientManager(accountId);
+
+ ctx.setStatus?.({
+ accountId,
+ running: false,
+ lastStopAt: Date.now(),
+ });
+
+ ctx.log?.info(`Stopped Twitch connection for ${account.username}`);
+ },
+ },
+};
diff --git a/extensions/twitch/src/probe.test.ts b/extensions/twitch/src/probe.test.ts
new file mode 100644
index 000000000..21d43ee18
--- /dev/null
+++ b/extensions/twitch/src/probe.test.ts
@@ -0,0 +1,198 @@
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import { probeTwitch } from "./probe.js";
+import type { TwitchAccountConfig } from "./types.js";
+
+// Mock Twurple modules - Vitest v4 compatible mocking
+const mockUnbind = vi.fn();
+
+// Event handler storage
+let connectHandler: (() => void) | null = null;
+let disconnectHandler: ((manually: boolean, reason?: Error) => void) | null = null;
+let authFailHandler: (() => void) | null = null;
+
+// Event listener mocks that store handlers and return unbind function
+const mockOnConnect = vi.fn((handler: () => void) => {
+ connectHandler = handler;
+ return { unbind: mockUnbind };
+});
+
+const mockOnDisconnect = vi.fn((handler: (manually: boolean, reason?: Error) => void) => {
+ disconnectHandler = handler;
+ return { unbind: mockUnbind };
+});
+
+const mockOnAuthenticationFailure = vi.fn((handler: () => void) => {
+ authFailHandler = handler;
+ return { unbind: mockUnbind };
+});
+
+// Connect mock that triggers the registered handler
+const defaultConnectImpl = async () => {
+ // Simulate successful connection by calling the handler after a delay
+ if (connectHandler) {
+ await new Promise((resolve) => setTimeout(resolve, 1));
+ connectHandler();
+ }
+};
+
+const mockConnect = vi.fn().mockImplementation(defaultConnectImpl);
+
+const mockQuit = vi.fn().mockResolvedValue(undefined);
+
+vi.mock("@twurple/chat", () => ({
+ ChatClient: class {
+ connect = mockConnect;
+ quit = mockQuit;
+ onConnect = mockOnConnect;
+ onDisconnect = mockOnDisconnect;
+ onAuthenticationFailure = mockOnAuthenticationFailure;
+ },
+}));
+
+vi.mock("@twurple/auth", () => ({
+ StaticAuthProvider: class {},
+}));
+
+describe("probeTwitch", () => {
+ const mockAccount: TwitchAccountConfig = {
+ username: "testbot",
+ token: "oauth:test123456789",
+ channel: "testchannel",
+ };
+
+ beforeEach(() => {
+ vi.clearAllMocks();
+ // Reset handlers
+ connectHandler = null;
+ disconnectHandler = null;
+ authFailHandler = null;
+ });
+
+ it("returns error when username is missing", async () => {
+ const account = { ...mockAccount, username: "" };
+ const result = await probeTwitch(account, 5000);
+
+ expect(result.ok).toBe(false);
+ expect(result.error).toContain("missing credentials");
+ });
+
+ it("returns error when token is missing", async () => {
+ const account = { ...mockAccount, token: "" };
+ const result = await probeTwitch(account, 5000);
+
+ expect(result.ok).toBe(false);
+ expect(result.error).toContain("missing credentials");
+ });
+
+ it("attempts connection regardless of token prefix", async () => {
+ // Note: probeTwitch doesn't validate token format - it tries to connect with whatever token is provided
+ // The actual connection would fail in production with an invalid token
+ const account = { ...mockAccount, token: "raw_token_no_prefix" };
+ const result = await probeTwitch(account, 5000);
+
+ // With mock, connection succeeds even without oauth: prefix
+ expect(result.ok).toBe(true);
+ });
+
+ it("successfully connects with valid credentials", async () => {
+ const result = await probeTwitch(mockAccount, 5000);
+
+ expect(result.ok).toBe(true);
+ expect(result.connected).toBe(true);
+ expect(result.username).toBe("testbot");
+ expect(result.channel).toBe("testchannel"); // uses account's configured channel
+ });
+
+ it("uses custom channel when specified", async () => {
+ const account: TwitchAccountConfig = {
+ ...mockAccount,
+ channel: "customchannel",
+ };
+
+ const result = await probeTwitch(account, 5000);
+
+ expect(result.ok).toBe(true);
+ expect(result.channel).toBe("customchannel");
+ });
+
+ it("times out when connection takes too long", async () => {
+ mockConnect.mockImplementationOnce(() => new Promise(() => {})); // Never resolves
+
+ const result = await probeTwitch(mockAccount, 100);
+
+ expect(result.ok).toBe(false);
+ expect(result.error).toContain("timeout");
+
+ // Reset mock
+ mockConnect.mockImplementation(defaultConnectImpl);
+ });
+
+ it("cleans up client even on failure", async () => {
+ mockConnect.mockImplementationOnce(async () => {
+ // Simulate connection failure by calling disconnect handler
+ // onDisconnect signature: (manually: boolean, reason?: Error) => void
+ if (disconnectHandler) {
+ await new Promise((resolve) => setTimeout(resolve, 1));
+ disconnectHandler(false, new Error("Connection failed"));
+ }
+ });
+
+ const result = await probeTwitch(mockAccount, 5000);
+
+ expect(result.ok).toBe(false);
+ expect(result.error).toContain("Connection failed");
+ expect(mockQuit).toHaveBeenCalled();
+
+ // Reset mocks
+ mockConnect.mockImplementation(defaultConnectImpl);
+ });
+
+ it("handles connection errors gracefully", async () => {
+ mockConnect.mockImplementationOnce(async () => {
+ // Simulate connection failure by calling disconnect handler
+ // onDisconnect signature: (manually: boolean, reason?: Error) => void
+ if (disconnectHandler) {
+ await new Promise((resolve) => setTimeout(resolve, 1));
+ disconnectHandler(false, new Error("Network error"));
+ }
+ });
+
+ const result = await probeTwitch(mockAccount, 5000);
+
+ expect(result.ok).toBe(false);
+ expect(result.error).toContain("Network error");
+
+ // Reset mock
+ mockConnect.mockImplementation(defaultConnectImpl);
+ });
+
+ it("trims token before validation", async () => {
+ const account: TwitchAccountConfig = {
+ ...mockAccount,
+ token: " oauth:test123456789 ",
+ };
+
+ const result = await probeTwitch(account, 5000);
+
+ expect(result.ok).toBe(true);
+ });
+
+ it("handles non-Error objects in catch block", async () => {
+ mockConnect.mockImplementationOnce(async () => {
+ // Simulate connection failure by calling disconnect handler
+ // onDisconnect signature: (manually: boolean, reason?: Error) => void
+ if (disconnectHandler) {
+ await new Promise((resolve) => setTimeout(resolve, 1));
+ disconnectHandler(false, "String error" as unknown as Error);
+ }
+ });
+
+ const result = await probeTwitch(mockAccount, 5000);
+
+ expect(result.ok).toBe(false);
+ expect(result.error).toBe("String error");
+
+ // Reset mock
+ mockConnect.mockImplementation(defaultConnectImpl);
+ });
+});
diff --git a/extensions/twitch/src/probe.ts b/extensions/twitch/src/probe.ts
new file mode 100644
index 000000000..90e34826b
--- /dev/null
+++ b/extensions/twitch/src/probe.ts
@@ -0,0 +1,118 @@
+import { StaticAuthProvider } from "@twurple/auth";
+import { ChatClient } from "@twurple/chat";
+import type { TwitchAccountConfig } from "./types.js";
+import { normalizeToken } from "./utils/twitch.js";
+
+/**
+ * Result of probing a Twitch account
+ */
+export type ProbeTwitchResult = {
+ ok: boolean;
+ error?: string;
+ username?: string;
+ elapsedMs: number;
+ connected?: boolean;
+ channel?: string;
+};
+
+/**
+ * Probe a Twitch account to verify the connection is working
+ *
+ * This tests the Twitch OAuth token by attempting to connect
+ * to the chat server and verify the bot's username.
+ */
+export async function probeTwitch(
+ account: TwitchAccountConfig,
+ timeoutMs: number,
+): Promise {
+ const started = Date.now();
+
+ if (!account.token || !account.username) {
+ return {
+ ok: false,
+ error: "missing credentials (token, username)",
+ username: account.username,
+ elapsedMs: Date.now() - started,
+ };
+ }
+
+ const rawToken = normalizeToken(account.token.trim());
+
+ let client: ChatClient | undefined;
+
+ try {
+ const authProvider = new StaticAuthProvider(account.clientId ?? "", rawToken);
+
+ client = new ChatClient({
+ authProvider,
+ });
+
+ // Create a promise that resolves when connected
+ const connectionPromise = new Promise((resolve, reject) => {
+ let settled = false;
+ let connectListener: ReturnType | undefined;
+ let disconnectListener: ReturnType | undefined;
+ let authFailListener: ReturnType | undefined;
+
+ const cleanup = () => {
+ if (settled) return;
+ settled = true;
+ connectListener?.unbind();
+ disconnectListener?.unbind();
+ authFailListener?.unbind();
+ };
+
+ // Success: connection established
+ connectListener = client?.onConnect(() => {
+ cleanup();
+ resolve();
+ });
+
+ // Failure: disconnected (e.g., auth failed)
+ disconnectListener = client?.onDisconnect((_manually, reason) => {
+ cleanup();
+ reject(reason || new Error("Disconnected"));
+ });
+
+ // Failure: authentication failed
+ authFailListener = client?.onAuthenticationFailure(() => {
+ cleanup();
+ reject(new Error("Authentication failed"));
+ });
+ });
+
+ const timeout = new Promise((_, reject) => {
+ setTimeout(() => reject(new Error(`timeout after ${timeoutMs}ms`)), timeoutMs);
+ });
+
+ client.connect();
+ await Promise.race([connectionPromise, timeout]);
+
+ client.quit();
+ client = undefined;
+
+ return {
+ ok: true,
+ connected: true,
+ username: account.username,
+ channel: account.channel,
+ elapsedMs: Date.now() - started,
+ };
+ } catch (error) {
+ return {
+ ok: false,
+ error: error instanceof Error ? error.message : String(error),
+ username: account.username,
+ channel: account.channel,
+ elapsedMs: Date.now() - started,
+ };
+ } finally {
+ if (client) {
+ try {
+ client.quit();
+ } catch {
+ // Ignore cleanup errors
+ }
+ }
+ }
+}
diff --git a/extensions/twitch/src/resolver.ts b/extensions/twitch/src/resolver.ts
new file mode 100644
index 000000000..acc578f4b
--- /dev/null
+++ b/extensions/twitch/src/resolver.ts
@@ -0,0 +1,137 @@
+/**
+ * Twitch resolver adapter for channel/user name resolution.
+ *
+ * This module implements the ChannelResolverAdapter interface to resolve
+ * Twitch usernames to user IDs via the Twitch Helix API.
+ */
+
+import { ApiClient } from "@twurple/api";
+import { StaticAuthProvider } from "@twurple/auth";
+import type { ChannelResolveKind, ChannelResolveResult } from "./types.js";
+import type { ChannelLogSink, TwitchAccountConfig } from "./types.js";
+import { normalizeToken } from "./utils/twitch.js";
+
+/**
+ * Normalize a Twitch username - strip @ prefix and convert to lowercase
+ */
+function normalizeUsername(input: string): string {
+ const trimmed = input.trim();
+ if (trimmed.startsWith("@")) {
+ return trimmed.slice(1).toLowerCase();
+ }
+ return trimmed.toLowerCase();
+}
+
+/**
+ * Create a logger that includes the Twitch prefix
+ */
+function createLogger(logger?: ChannelLogSink): ChannelLogSink {
+ return {
+ info: (msg: string) => logger?.info(msg),
+ warn: (msg: string) => logger?.warn(msg),
+ error: (msg: string) => logger?.error(msg),
+ debug: (msg: string) => logger?.debug?.(msg) ?? (() => {}),
+ };
+}
+
+/**
+ * Resolve Twitch usernames to user IDs via the Helix API
+ *
+ * @param inputs - Array of usernames or user IDs to resolve
+ * @param account - Twitch account configuration with auth credentials
+ * @param kind - Type of target to resolve ("user" or "group")
+ * @param logger - Optional logger
+ * @returns Promise resolving to array of ChannelResolveResult
+ */
+export async function resolveTwitchTargets(
+ inputs: string[],
+ account: TwitchAccountConfig,
+ kind: ChannelResolveKind,
+ logger?: ChannelLogSink,
+): Promise {
+ const log = createLogger(logger);
+
+ if (!account.clientId || !account.token) {
+ log.error("Missing Twitch client ID or token");
+ return inputs.map((input) => ({
+ input,
+ resolved: false,
+ note: "missing Twitch credentials",
+ }));
+ }
+
+ const normalizedToken = normalizeToken(account.token);
+
+ const authProvider = new StaticAuthProvider(account.clientId, normalizedToken);
+ const apiClient = new ApiClient({ authProvider });
+
+ const results: ChannelResolveResult[] = [];
+
+ for (const input of inputs) {
+ const normalized = normalizeUsername(input);
+
+ if (!normalized) {
+ results.push({
+ input,
+ resolved: false,
+ note: "empty input",
+ });
+ continue;
+ }
+
+ const looksLikeUserId = /^\d+$/.test(normalized);
+
+ try {
+ if (looksLikeUserId) {
+ const user = await apiClient.users.getUserById(normalized);
+
+ if (user) {
+ results.push({
+ input,
+ resolved: true,
+ id: user.id,
+ name: user.name,
+ });
+ log.debug?.(`Resolved user ID ${normalized} -> ${user.name}`);
+ } else {
+ results.push({
+ input,
+ resolved: false,
+ note: "user ID not found",
+ });
+ log.warn(`User ID ${normalized} not found`);
+ }
+ } else {
+ const user = await apiClient.users.getUserByName(normalized);
+
+ if (user) {
+ results.push({
+ input,
+ resolved: true,
+ id: user.id,
+ name: user.name,
+ note: user.displayName !== user.name ? `display: ${user.displayName}` : undefined,
+ });
+ log.debug?.(`Resolved username ${normalized} -> ${user.id} (${user.name})`);
+ } else {
+ results.push({
+ input,
+ resolved: false,
+ note: "username not found",
+ });
+ log.warn(`Username ${normalized} not found`);
+ }
+ }
+ } catch (error) {
+ const errorMessage = error instanceof Error ? error.message : String(error);
+ results.push({
+ input,
+ resolved: false,
+ note: `API error: ${errorMessage}`,
+ });
+ log.error(`Failed to resolve ${input}: ${errorMessage}`);
+ }
+ }
+
+ return results;
+}
diff --git a/extensions/twitch/src/runtime.ts b/extensions/twitch/src/runtime.ts
new file mode 100644
index 000000000..5c2f1c672
--- /dev/null
+++ b/extensions/twitch/src/runtime.ts
@@ -0,0 +1,14 @@
+import type { PluginRuntime } from "clawdbot/plugin-sdk";
+
+let runtime: PluginRuntime | null = null;
+
+export function setTwitchRuntime(next: PluginRuntime) {
+ runtime = next;
+}
+
+export function getTwitchRuntime(): PluginRuntime {
+ if (!runtime) {
+ throw new Error("Twitch runtime not initialized");
+ }
+ return runtime;
+}
diff --git a/extensions/twitch/src/send.test.ts b/extensions/twitch/src/send.test.ts
new file mode 100644
index 000000000..541d4964d
--- /dev/null
+++ b/extensions/twitch/src/send.test.ts
@@ -0,0 +1,289 @@
+/**
+ * Tests for send.ts module
+ *
+ * Tests cover:
+ * - Message sending with valid configuration
+ * - Account resolution and validation
+ * - Channel normalization
+ * - Markdown stripping
+ * - Error handling for missing/invalid accounts
+ * - Registry integration
+ */
+
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import { sendMessageTwitchInternal } from "./send.js";
+import type { ClawdbotConfig } from "clawdbot/plugin-sdk";
+
+// Mock dependencies
+vi.mock("./config.js", () => ({
+ DEFAULT_ACCOUNT_ID: "default",
+ getAccountConfig: vi.fn(),
+}));
+
+vi.mock("./utils/twitch.js", () => ({
+ generateMessageId: vi.fn(() => "test-msg-id"),
+ isAccountConfigured: vi.fn(() => true),
+ normalizeTwitchChannel: (channel: string) => channel.toLowerCase().replace(/^#/, ""),
+}));
+
+vi.mock("./utils/markdown.js", () => ({
+ stripMarkdownForTwitch: vi.fn((text: string) => text.replace(/\*\*/g, "")),
+}));
+
+vi.mock("./client-manager-registry.js", () => ({
+ getClientManager: vi.fn(),
+}));
+
+describe("send", () => {
+ const mockLogger = {
+ info: vi.fn(),
+ warn: vi.fn(),
+ error: vi.fn(),
+ debug: vi.fn(),
+ };
+
+ const mockAccount = {
+ username: "testbot",
+ token: "oauth:test123",
+ clientId: "test-client-id",
+ channel: "#testchannel",
+ };
+
+ const mockConfig = {
+ channels: {
+ twitch: {
+ accounts: {
+ default: mockAccount,
+ },
+ },
+ },
+ } as unknown as ClawdbotConfig;
+
+ beforeEach(() => {
+ vi.clearAllMocks();
+ });
+
+ afterEach(() => {
+ vi.restoreAllMocks();
+ });
+
+ describe("sendMessageTwitchInternal", () => {
+ it("should send a message successfully", async () => {
+ const { getAccountConfig } = await import("./config.js");
+ const { getClientManager } = await import("./client-manager-registry.js");
+ const { stripMarkdownForTwitch } = await import("./utils/markdown.js");
+
+ vi.mocked(getAccountConfig).mockReturnValue(mockAccount);
+ vi.mocked(getClientManager).mockReturnValue({
+ sendMessage: vi.fn().mockResolvedValue({
+ ok: true,
+ messageId: "twitch-msg-123",
+ }),
+ } as ReturnType);
+ vi.mocked(stripMarkdownForTwitch).mockImplementation((text) => text);
+
+ const result = await sendMessageTwitchInternal(
+ "#testchannel",
+ "Hello Twitch!",
+ mockConfig,
+ "default",
+ false,
+ mockLogger as unknown as Console,
+ );
+
+ expect(result.ok).toBe(true);
+ expect(result.messageId).toBe("twitch-msg-123");
+ });
+
+ it("should strip markdown when enabled", async () => {
+ const { getAccountConfig } = await import("./config.js");
+ const { getClientManager } = await import("./client-manager-registry.js");
+ const { stripMarkdownForTwitch } = await import("./utils/markdown.js");
+
+ vi.mocked(getAccountConfig).mockReturnValue(mockAccount);
+ vi.mocked(getClientManager).mockReturnValue({
+ sendMessage: vi.fn().mockResolvedValue({
+ ok: true,
+ messageId: "twitch-msg-456",
+ }),
+ } as ReturnType);
+ vi.mocked(stripMarkdownForTwitch).mockImplementation((text) => text.replace(/\*\*/g, ""));
+
+ await sendMessageTwitchInternal(
+ "#testchannel",
+ "**Bold** text",
+ mockConfig,
+ "default",
+ true,
+ mockLogger as unknown as Console,
+ );
+
+ expect(stripMarkdownForTwitch).toHaveBeenCalledWith("**Bold** text");
+ });
+
+ it("should return error when account not found", async () => {
+ const { getAccountConfig } = await import("./config.js");
+
+ vi.mocked(getAccountConfig).mockReturnValue(null);
+
+ const result = await sendMessageTwitchInternal(
+ "#testchannel",
+ "Hello!",
+ mockConfig,
+ "nonexistent",
+ false,
+ mockLogger as unknown as Console,
+ );
+
+ expect(result.ok).toBe(false);
+ expect(result.error).toContain("Account not found: nonexistent");
+ });
+
+ it("should return error when account not configured", async () => {
+ const { getAccountConfig } = await import("./config.js");
+ const { isAccountConfigured } = await import("./utils/twitch.js");
+
+ vi.mocked(getAccountConfig).mockReturnValue(mockAccount);
+ vi.mocked(isAccountConfigured).mockReturnValue(false);
+
+ const result = await sendMessageTwitchInternal(
+ "#testchannel",
+ "Hello!",
+ mockConfig,
+ "default",
+ false,
+ mockLogger as unknown as Console,
+ );
+
+ expect(result.ok).toBe(false);
+ expect(result.error).toContain("not properly configured");
+ });
+
+ it("should return error when no channel specified", async () => {
+ const { getAccountConfig } = await import("./config.js");
+ const { isAccountConfigured } = await import("./utils/twitch.js");
+
+ // Set channel to undefined to trigger the error (bypassing type check)
+ const accountWithoutChannel = {
+ ...mockAccount,
+ channel: undefined as unknown as string,
+ };
+ vi.mocked(getAccountConfig).mockReturnValue(accountWithoutChannel);
+ vi.mocked(isAccountConfigured).mockReturnValue(true);
+
+ const result = await sendMessageTwitchInternal(
+ "",
+ "Hello!",
+ mockConfig,
+ "default",
+ false,
+ mockLogger as unknown as Console,
+ );
+
+ expect(result.ok).toBe(false);
+ expect(result.error).toContain("No channel specified");
+ });
+
+ it("should skip sending empty message after markdown stripping", async () => {
+ const { getAccountConfig } = await import("./config.js");
+ const { isAccountConfigured } = await import("./utils/twitch.js");
+ const { stripMarkdownForTwitch } = await import("./utils/markdown.js");
+
+ vi.mocked(getAccountConfig).mockReturnValue(mockAccount);
+ vi.mocked(isAccountConfigured).mockReturnValue(true);
+ vi.mocked(stripMarkdownForTwitch).mockReturnValue("");
+
+ const result = await sendMessageTwitchInternal(
+ "#testchannel",
+ "**Only markdown**",
+ mockConfig,
+ "default",
+ true,
+ mockLogger as unknown as Console,
+ );
+
+ expect(result.ok).toBe(true);
+ expect(result.messageId).toBe("skipped");
+ });
+
+ it("should return error when client manager not found", async () => {
+ const { getAccountConfig } = await import("./config.js");
+ const { isAccountConfigured } = await import("./utils/twitch.js");
+ const { getClientManager } = await import("./client-manager-registry.js");
+
+ vi.mocked(getAccountConfig).mockReturnValue(mockAccount);
+ vi.mocked(isAccountConfigured).mockReturnValue(true);
+ vi.mocked(getClientManager).mockReturnValue(undefined);
+
+ const result = await sendMessageTwitchInternal(
+ "#testchannel",
+ "Hello!",
+ mockConfig,
+ "default",
+ false,
+ mockLogger as unknown as Console,
+ );
+
+ expect(result.ok).toBe(false);
+ expect(result.error).toContain("Client manager not found");
+ });
+
+ it("should handle send errors gracefully", async () => {
+ const { getAccountConfig } = await import("./config.js");
+ const { isAccountConfigured } = await import("./utils/twitch.js");
+ const { getClientManager } = await import("./client-manager-registry.js");
+
+ vi.mocked(getAccountConfig).mockReturnValue(mockAccount);
+ vi.mocked(isAccountConfigured).mockReturnValue(true);
+ vi.mocked(getClientManager).mockReturnValue({
+ sendMessage: vi.fn().mockRejectedValue(new Error("Connection lost")),
+ } as ReturnType);
+
+ const result = await sendMessageTwitchInternal(
+ "#testchannel",
+ "Hello!",
+ mockConfig,
+ "default",
+ false,
+ mockLogger as unknown as Console,
+ );
+
+ expect(result.ok).toBe(false);
+ expect(result.error).toBe("Connection lost");
+ expect(mockLogger.error).toHaveBeenCalled();
+ });
+
+ it("should use account channel when channel parameter is empty", async () => {
+ const { getAccountConfig } = await import("./config.js");
+ const { isAccountConfigured } = await import("./utils/twitch.js");
+ const { getClientManager } = await import("./client-manager-registry.js");
+
+ vi.mocked(getAccountConfig).mockReturnValue(mockAccount);
+ vi.mocked(isAccountConfigured).mockReturnValue(true);
+ const mockSend = vi.fn().mockResolvedValue({
+ ok: true,
+ messageId: "twitch-msg-789",
+ });
+ vi.mocked(getClientManager).mockReturnValue({
+ sendMessage: mockSend,
+ } as ReturnType);
+
+ await sendMessageTwitchInternal(
+ "",
+ "Hello!",
+ mockConfig,
+ "default",
+ false,
+ mockLogger as unknown as Console,
+ );
+
+ expect(mockSend).toHaveBeenCalledWith(
+ mockAccount,
+ "testchannel", // normalized account channel
+ "Hello!",
+ mockConfig,
+ "default",
+ );
+ });
+ });
+});
diff --git a/extensions/twitch/src/send.ts b/extensions/twitch/src/send.ts
new file mode 100644
index 000000000..cc9ff678e
--- /dev/null
+++ b/extensions/twitch/src/send.ts
@@ -0,0 +1,136 @@
+/**
+ * Twitch message sending functions with dependency injection support.
+ *
+ * These functions are the primary interface for sending messages to Twitch.
+ * They support dependency injection via the `deps` parameter for testability.
+ */
+
+import { DEFAULT_ACCOUNT_ID, getAccountConfig } from "./config.js";
+import { getClientManager as getRegistryClientManager } from "./client-manager-registry.js";
+import type { ClawdbotConfig } from "clawdbot/plugin-sdk";
+import { resolveTwitchToken } from "./token.js";
+import { stripMarkdownForTwitch } from "./utils/markdown.js";
+import { generateMessageId, isAccountConfigured, normalizeTwitchChannel } from "./utils/twitch.js";
+
+/**
+ * Result from sending a message to Twitch.
+ */
+export interface SendMessageResult {
+ /** Whether the send was successful */
+ ok: boolean;
+ /** The message ID (generated for tracking) */
+ messageId: string;
+ /** Error message if the send failed */
+ error?: string;
+}
+
+/**
+ * Internal send function used by the outbound adapter.
+ *
+ * This function has access to the full Clawdbot config and handles
+ * account resolution, markdown stripping, and actual message sending.
+ *
+ * @param channel - The channel name
+ * @param text - The message text
+ * @param cfg - Full Clawdbot configuration
+ * @param accountId - Account ID to use
+ * @param stripMarkdown - Whether to strip markdown (default: true)
+ * @param logger - Logger instance
+ * @returns Result with message ID and status
+ *
+ * @example
+ * const result = await sendMessageTwitchInternal(
+ * "#mychannel",
+ * "Hello Twitch!",
+ * clawdbotConfig,
+ * "default",
+ * true,
+ * console,
+ * );
+ */
+export async function sendMessageTwitchInternal(
+ channel: string,
+ text: string,
+ cfg: ClawdbotConfig,
+ accountId: string = DEFAULT_ACCOUNT_ID,
+ stripMarkdown: boolean = true,
+ logger: Console = console,
+): Promise {
+ const account = getAccountConfig(cfg, accountId);
+ if (!account) {
+ const availableIds = Object.keys(cfg.channels?.twitch?.accounts ?? {});
+ return {
+ ok: false,
+ messageId: generateMessageId(),
+ error: `Account not found: ${accountId}. Available accounts: ${availableIds.join(", ") || "none"}`,
+ };
+ }
+
+ const tokenResolution = resolveTwitchToken(cfg, { accountId });
+ if (!isAccountConfigured(account, tokenResolution.token)) {
+ return {
+ ok: false,
+ messageId: generateMessageId(),
+ error:
+ `Account ${accountId} is not properly configured. ` +
+ "Required: username, clientId, and token (config or env for default account).",
+ };
+ }
+
+ const normalizedChannel = channel || account.channel;
+ if (!normalizedChannel) {
+ return {
+ ok: false,
+ messageId: generateMessageId(),
+ error: "No channel specified and no default channel in account config",
+ };
+ }
+
+ const cleanedText = stripMarkdown ? stripMarkdownForTwitch(text) : text;
+ if (!cleanedText) {
+ return {
+ ok: true,
+ messageId: "skipped",
+ };
+ }
+
+ const clientManager = getRegistryClientManager(accountId);
+ if (!clientManager) {
+ return {
+ ok: false,
+ messageId: generateMessageId(),
+ error: `Client manager not found for account: ${accountId}. Please start the Twitch gateway first.`,
+ };
+ }
+
+ try {
+ const result = await clientManager.sendMessage(
+ account,
+ normalizeTwitchChannel(normalizedChannel),
+ cleanedText,
+ cfg,
+ accountId,
+ );
+
+ if (!result.ok) {
+ return {
+ ok: false,
+ messageId: result.messageId ?? generateMessageId(),
+ error: result.error ?? "Send failed",
+ };
+ }
+
+ return {
+ ok: true,
+ messageId: result.messageId ?? generateMessageId(),
+ };
+ } catch (error) {
+ const errorMsg = error instanceof Error ? error.message : String(error);
+ logger.error(`Failed to send message: ${errorMsg}`);
+ return {
+ ok: false,
+ messageId: generateMessageId(),
+ error: errorMsg,
+ };
+ }
+}
diff --git a/extensions/twitch/src/status.test.ts b/extensions/twitch/src/status.test.ts
new file mode 100644
index 000000000..8f7cd55ab
--- /dev/null
+++ b/extensions/twitch/src/status.test.ts
@@ -0,0 +1,270 @@
+/**
+ * Tests for status.ts module
+ *
+ * Tests cover:
+ * - Detection of unconfigured accounts
+ * - Detection of disabled accounts
+ * - Detection of missing clientId
+ * - Token format warnings
+ * - Access control warnings
+ * - Runtime error detection
+ */
+
+import { describe, expect, it } from "vitest";
+import { collectTwitchStatusIssues } from "./status.js";
+import type { ChannelAccountSnapshot } from "./types.js";
+
+describe("status", () => {
+ describe("collectTwitchStatusIssues", () => {
+ it("should detect unconfigured accounts", () => {
+ const snapshots: ChannelAccountSnapshot[] = [
+ {
+ accountId: "default",
+ configured: false,
+ enabled: true,
+ running: false,
+ },
+ ];
+
+ const issues = collectTwitchStatusIssues(snapshots);
+
+ expect(issues.length).toBeGreaterThan(0);
+ expect(issues[0]?.kind).toBe("config");
+ expect(issues[0]?.message).toContain("not properly configured");
+ });
+
+ it("should detect disabled accounts", () => {
+ const snapshots: ChannelAccountSnapshot[] = [
+ {
+ accountId: "default",
+ configured: true,
+ enabled: false,
+ running: false,
+ },
+ ];
+
+ const issues = collectTwitchStatusIssues(snapshots);
+
+ expect(issues.length).toBeGreaterThan(0);
+ const disabledIssue = issues.find((i) => i.message.includes("disabled"));
+ expect(disabledIssue).toBeDefined();
+ });
+
+ it("should detect missing clientId when account configured (simplified config)", () => {
+ const snapshots: ChannelAccountSnapshot[] = [
+ {
+ accountId: "default",
+ configured: true,
+ enabled: true,
+ running: false,
+ },
+ ];
+
+ const mockCfg = {
+ channels: {
+ twitch: {
+ username: "testbot",
+ accessToken: "oauth:test123",
+ // clientId missing
+ },
+ },
+ };
+
+ const issues = collectTwitchStatusIssues(snapshots, () => mockCfg as never);
+
+ const clientIdIssue = issues.find((i) => i.message.includes("client ID"));
+ expect(clientIdIssue).toBeDefined();
+ });
+
+ it("should warn about oauth: prefix in token (simplified config)", () => {
+ const snapshots: ChannelAccountSnapshot[] = [
+ {
+ accountId: "default",
+ configured: true,
+ enabled: true,
+ running: false,
+ },
+ ];
+
+ const mockCfg = {
+ channels: {
+ twitch: {
+ username: "testbot",
+ accessToken: "oauth:test123", // has prefix
+ clientId: "test-id",
+ },
+ },
+ };
+
+ const issues = collectTwitchStatusIssues(snapshots, () => mockCfg as never);
+
+ const prefixIssue = issues.find((i) => i.message.includes("oauth:"));
+ expect(prefixIssue).toBeDefined();
+ expect(prefixIssue?.kind).toBe("config");
+ });
+
+ it("should detect clientSecret without refreshToken (simplified config)", () => {
+ const snapshots: ChannelAccountSnapshot[] = [
+ {
+ accountId: "default",
+ configured: true,
+ enabled: true,
+ running: false,
+ },
+ ];
+
+ const mockCfg = {
+ channels: {
+ twitch: {
+ username: "testbot",
+ accessToken: "oauth:test123",
+ clientId: "test-id",
+ clientSecret: "secret123",
+ // refreshToken missing
+ },
+ },
+ };
+
+ const issues = collectTwitchStatusIssues(snapshots, () => mockCfg as never);
+
+ const secretIssue = issues.find((i) => i.message.includes("clientSecret"));
+ expect(secretIssue).toBeDefined();
+ });
+
+ it("should detect empty allowFrom array (simplified config)", () => {
+ const snapshots: ChannelAccountSnapshot[] = [
+ {
+ accountId: "default",
+ configured: true,
+ enabled: true,
+ running: false,
+ },
+ ];
+
+ const mockCfg = {
+ channels: {
+ twitch: {
+ username: "testbot",
+ accessToken: "test123",
+ clientId: "test-id",
+ allowFrom: [], // empty array
+ },
+ },
+ };
+
+ const issues = collectTwitchStatusIssues(snapshots, () => mockCfg as never);
+
+ const allowFromIssue = issues.find((i) => i.message.includes("allowFrom"));
+ expect(allowFromIssue).toBeDefined();
+ });
+
+ it("should detect allowedRoles 'all' with allowFrom conflict (simplified config)", () => {
+ const snapshots: ChannelAccountSnapshot[] = [
+ {
+ accountId: "default",
+ configured: true,
+ enabled: true,
+ running: false,
+ },
+ ];
+
+ const mockCfg = {
+ channels: {
+ twitch: {
+ username: "testbot",
+ accessToken: "test123",
+ clientId: "test-id",
+ allowedRoles: ["all"],
+ allowFrom: ["123456"], // conflict!
+ },
+ },
+ };
+
+ const issues = collectTwitchStatusIssues(snapshots, () => mockCfg as never);
+
+ const conflictIssue = issues.find((i) => i.kind === "intent");
+ expect(conflictIssue).toBeDefined();
+ expect(conflictIssue?.message).toContain("allowedRoles is set to 'all'");
+ });
+
+ it("should detect runtime errors", () => {
+ const snapshots: ChannelAccountSnapshot[] = [
+ {
+ accountId: "default",
+ configured: true,
+ enabled: true,
+ running: false,
+ lastError: "Connection timeout",
+ },
+ ];
+
+ const issues = collectTwitchStatusIssues(snapshots);
+
+ const runtimeIssue = issues.find((i) => i.kind === "runtime");
+ expect(runtimeIssue).toBeDefined();
+ expect(runtimeIssue?.message).toContain("Connection timeout");
+ });
+
+ it("should detect accounts that never connected", () => {
+ const snapshots: ChannelAccountSnapshot[] = [
+ {
+ accountId: "default",
+ configured: true,
+ enabled: true,
+ running: false,
+ lastStartAt: undefined,
+ lastInboundAt: undefined,
+ lastOutboundAt: undefined,
+ },
+ ];
+
+ const issues = collectTwitchStatusIssues(snapshots);
+
+ const neverConnectedIssue = issues.find((i) =>
+ i.message.includes("never connected successfully"),
+ );
+ expect(neverConnectedIssue).toBeDefined();
+ });
+
+ it("should detect long-running connections", () => {
+ const oldDate = Date.now() - 8 * 24 * 60 * 60 * 1000; // 8 days ago
+
+ const snapshots: ChannelAccountSnapshot[] = [
+ {
+ accountId: "default",
+ configured: true,
+ enabled: true,
+ running: true,
+ lastStartAt: oldDate,
+ },
+ ];
+
+ const issues = collectTwitchStatusIssues(snapshots);
+
+ const uptimeIssue = issues.find((i) => i.message.includes("running for"));
+ expect(uptimeIssue).toBeDefined();
+ });
+
+ it("should handle empty snapshots array", () => {
+ const issues = collectTwitchStatusIssues([]);
+
+ expect(issues).toEqual([]);
+ });
+
+ it("should skip non-Twitch accounts gracefully", () => {
+ const snapshots: ChannelAccountSnapshot[] = [
+ {
+ accountId: undefined,
+ configured: false,
+ enabled: true,
+ running: false,
+ },
+ ];
+
+ const issues = collectTwitchStatusIssues(snapshots);
+
+ // Should not crash, may return empty or minimal issues
+ expect(Array.isArray(issues)).toBe(true);
+ });
+ });
+});
diff --git a/extensions/twitch/src/status.ts b/extensions/twitch/src/status.ts
new file mode 100644
index 000000000..b2a488e66
--- /dev/null
+++ b/extensions/twitch/src/status.ts
@@ -0,0 +1,176 @@
+/**
+ * Twitch status issues collector.
+ *
+ * Detects and reports configuration issues for Twitch accounts.
+ */
+
+import { getAccountConfig } from "./config.js";
+import type { ChannelAccountSnapshot, ChannelStatusIssue } from "./types.js";
+import { resolveTwitchToken } from "./token.js";
+import { isAccountConfigured } from "./utils/twitch.js";
+
+/**
+ * Collect status issues for Twitch accounts.
+ *
+ * Analyzes account snapshots and detects configuration problems,
+ * authentication issues, and other potential problems.
+ *
+ * @param accounts - Array of account snapshots to analyze
+ * @param getCfg - Optional function to get full config for additional checks
+ * @returns Array of detected status issues
+ *
+ * @example
+ * const issues = collectTwitchStatusIssues(accountSnapshots);
+ * if (issues.length > 0) {
+ * console.warn("Twitch configuration issues detected:");
+ * issues.forEach(issue => console.warn(`- ${issue.message}`));
+ * }
+ */
+export function collectTwitchStatusIssues(
+ accounts: ChannelAccountSnapshot[],
+ getCfg?: () => unknown,
+): ChannelStatusIssue[] {
+ const issues: ChannelStatusIssue[] = [];
+
+ for (const entry of accounts) {
+ const accountId = entry.accountId;
+
+ if (!accountId) continue;
+
+ let account: ReturnType | null = null;
+ let cfg: Parameters[0] | undefined;
+ if (getCfg) {
+ try {
+ cfg = getCfg() as {
+ channels?: { twitch?: { accounts?: Record } };
+ };
+ account = getAccountConfig(cfg, accountId);
+ } catch {
+ // Ignore config access errors
+ }
+ }
+
+ if (!entry.configured) {
+ issues.push({
+ channel: "twitch",
+ accountId,
+ kind: "config",
+ message: "Twitch account is not properly configured",
+ fix: "Add required fields: username, accessToken, and clientId to your account configuration",
+ });
+ continue;
+ }
+
+ if (entry.enabled === false) {
+ issues.push({
+ channel: "twitch",
+ accountId,
+ kind: "config",
+ message: "Twitch account is disabled",
+ fix: "Set enabled: true in your account configuration to enable this account",
+ });
+ continue;
+ }
+
+ if (account && account.username && account.accessToken && !account.clientId) {
+ issues.push({
+ channel: "twitch",
+ accountId,
+ kind: "config",
+ message: "Twitch client ID is required",
+ fix: "Add clientId to your Twitch account configuration (from Twitch Developer Portal)",
+ });
+ }
+
+ const tokenResolution = cfg
+ ? resolveTwitchToken(cfg as Parameters[0], { accountId })
+ : { token: "", source: "none" };
+ if (account && isAccountConfigured(account, tokenResolution.token)) {
+ if (account.accessToken?.startsWith("oauth:")) {
+ issues.push({
+ channel: "twitch",
+ accountId,
+ kind: "config",
+ message: "Token contains 'oauth:' prefix (will be stripped)",
+ fix: "The 'oauth:' prefix is optional. You can use just the token value, or keep it as-is (it will be normalized automatically).",
+ });
+ }
+
+ if (account.clientSecret && !account.refreshToken) {
+ issues.push({
+ channel: "twitch",
+ accountId,
+ kind: "config",
+ message: "clientSecret provided without refreshToken",
+ fix: "For automatic token refresh, provide both clientSecret and refreshToken. Otherwise, clientSecret is not needed.",
+ });
+ }
+
+ if (account.allowFrom && account.allowFrom.length === 0) {
+ issues.push({
+ channel: "twitch",
+ accountId,
+ kind: "config",
+ message: "allowFrom is configured but empty",
+ fix: "Either add user IDs to allowFrom, remove the allowFrom field, or use allowedRoles instead.",
+ });
+ }
+
+ if (
+ account.allowedRoles?.includes("all") &&
+ account.allowFrom &&
+ account.allowFrom.length > 0
+ ) {
+ issues.push({
+ channel: "twitch",
+ accountId,
+ kind: "intent",
+ message: "allowedRoles is set to 'all' but allowFrom is also configured",
+ fix: "When allowedRoles is 'all', the allowFrom list is not needed. Remove allowFrom or set allowedRoles to specific roles.",
+ });
+ }
+ }
+
+ if (entry.lastError) {
+ issues.push({
+ channel: "twitch",
+ accountId,
+ kind: "runtime",
+ message: `Last error: ${entry.lastError}`,
+ fix: "Check your token validity and network connection. Ensure the bot has the required OAuth scopes.",
+ });
+ }
+
+ if (
+ entry.configured &&
+ !entry.running &&
+ !entry.lastStartAt &&
+ !entry.lastInboundAt &&
+ !entry.lastOutboundAt
+ ) {
+ issues.push({
+ channel: "twitch",
+ accountId,
+ kind: "runtime",
+ message: "Account has never connected successfully",
+ fix: "Start the Twitch gateway to begin receiving messages. Check logs for connection errors.",
+ });
+ }
+
+ if (entry.running && entry.lastStartAt) {
+ const uptime = Date.now() - entry.lastStartAt;
+ const daysSinceStart = uptime / (1000 * 60 * 60 * 24);
+ if (daysSinceStart > 7) {
+ issues.push({
+ channel: "twitch",
+ accountId,
+ kind: "runtime",
+ message: `Connection has been running for ${Math.floor(daysSinceStart)} days`,
+ fix: "Consider restarting the connection periodically to refresh the connection. Twitch tokens may expire after long periods.",
+ });
+ }
+ }
+ }
+
+ return issues;
+}
diff --git a/extensions/twitch/src/token.test.ts b/extensions/twitch/src/token.test.ts
new file mode 100644
index 000000000..3894532bc
--- /dev/null
+++ b/extensions/twitch/src/token.test.ts
@@ -0,0 +1,171 @@
+/**
+ * Tests for token.ts module
+ *
+ * Tests cover:
+ * - Token resolution from config
+ * - Token resolution from environment variable
+ * - Fallback behavior when token not found
+ * - Account ID normalization
+ */
+
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import { resolveTwitchToken, type TwitchTokenSource } from "./token.js";
+import type { ClawdbotConfig } from "clawdbot/plugin-sdk";
+
+describe("token", () => {
+ // Multi-account config for testing non-default accounts
+ const mockMultiAccountConfig = {
+ channels: {
+ twitch: {
+ accounts: {
+ default: {
+ username: "testbot",
+ accessToken: "oauth:config-token",
+ },
+ other: {
+ username: "otherbot",
+ accessToken: "oauth:other-token",
+ },
+ },
+ },
+ },
+ } as unknown as ClawdbotConfig;
+
+ // Simplified single-account config
+ const mockSimplifiedConfig = {
+ channels: {
+ twitch: {
+ username: "testbot",
+ accessToken: "oauth:config-token",
+ },
+ },
+ } as unknown as ClawdbotConfig;
+
+ beforeEach(() => {
+ vi.clearAllMocks();
+ });
+
+ afterEach(() => {
+ vi.restoreAllMocks();
+ delete process.env.CLAWDBOT_TWITCH_ACCESS_TOKEN;
+ });
+
+ describe("resolveTwitchToken", () => {
+ it("should resolve token from simplified config for default account", () => {
+ const result = resolveTwitchToken(mockSimplifiedConfig, { accountId: "default" });
+
+ expect(result.token).toBe("oauth:config-token");
+ expect(result.source).toBe("config");
+ });
+
+ it("should resolve token from config for non-default account (multi-account)", () => {
+ const result = resolveTwitchToken(mockMultiAccountConfig, { accountId: "other" });
+
+ expect(result.token).toBe("oauth:other-token");
+ expect(result.source).toBe("config");
+ });
+
+ it("should prioritize config token over env var (simplified config)", () => {
+ process.env.CLAWDBOT_TWITCH_ACCESS_TOKEN = "oauth:env-token";
+
+ const result = resolveTwitchToken(mockSimplifiedConfig, { accountId: "default" });
+
+ // Config token should be used even if env var exists
+ expect(result.token).toBe("oauth:config-token");
+ expect(result.source).toBe("config");
+ });
+
+ it("should use env var when config token is empty (simplified config)", () => {
+ process.env.CLAWDBOT_TWITCH_ACCESS_TOKEN = "oauth:env-token";
+
+ const configWithEmptyToken = {
+ channels: {
+ twitch: {
+ username: "testbot",
+ accessToken: "",
+ },
+ },
+ } as unknown as ClawdbotConfig;
+
+ const result = resolveTwitchToken(configWithEmptyToken, { accountId: "default" });
+
+ expect(result.token).toBe("oauth:env-token");
+ expect(result.source).toBe("env");
+ });
+
+ it("should return empty token when neither config nor env has token (simplified config)", () => {
+ const configWithoutToken = {
+ channels: {
+ twitch: {
+ username: "testbot",
+ accessToken: "",
+ },
+ },
+ } as unknown as ClawdbotConfig;
+
+ const result = resolveTwitchToken(configWithoutToken, { accountId: "default" });
+
+ expect(result.token).toBe("");
+ expect(result.source).toBe("none");
+ });
+
+ it("should not use env var for non-default accounts (multi-account)", () => {
+ process.env.CLAWDBOT_TWITCH_ACCESS_TOKEN = "oauth:env-token";
+
+ const configWithoutToken = {
+ channels: {
+ twitch: {
+ accounts: {
+ secondary: {
+ username: "secondary",
+ accessToken: "",
+ },
+ },
+ },
+ },
+ } as unknown as ClawdbotConfig;
+
+ const result = resolveTwitchToken(configWithoutToken, { accountId: "secondary" });
+
+ // Non-default accounts shouldn't use env var
+ expect(result.token).toBe("");
+ expect(result.source).toBe("none");
+ });
+
+ it("should handle missing account gracefully", () => {
+ const configWithoutAccount = {
+ channels: {
+ twitch: {
+ accounts: {},
+ },
+ },
+ } as unknown as ClawdbotConfig;
+
+ const result = resolveTwitchToken(configWithoutAccount, { accountId: "nonexistent" });
+
+ expect(result.token).toBe("");
+ expect(result.source).toBe("none");
+ });
+
+ it("should handle missing Twitch config section", () => {
+ const configWithoutSection = {
+ channels: {},
+ } as unknown as ClawdbotConfig;
+
+ const result = resolveTwitchToken(configWithoutSection, { accountId: "default" });
+
+ expect(result.token).toBe("");
+ expect(result.source).toBe("none");
+ });
+ });
+
+ describe("TwitchTokenSource type", () => {
+ it("should have correct values", () => {
+ const sources: TwitchTokenSource[] = ["env", "config", "none"];
+
+ expect(sources).toContain("env");
+ expect(sources).toContain("config");
+ expect(sources).toContain("none");
+ });
+ });
+});
diff --git a/extensions/twitch/src/token.ts b/extensions/twitch/src/token.ts
new file mode 100644
index 000000000..bad0f2b57
--- /dev/null
+++ b/extensions/twitch/src/token.ts
@@ -0,0 +1,87 @@
+/**
+ * Twitch access token resolution with environment variable support.
+ *
+ * Supports reading Twitch OAuth access tokens from config or environment variable.
+ * The CLAWDBOT_TWITCH_ACCESS_TOKEN env var is only used for the default account.
+ *
+ * Token resolution priority:
+ * 1. Account access token from merged config (accounts.{id} or base-level for default)
+ * 2. Environment variable: CLAWDBOT_TWITCH_ACCESS_TOKEN (default account only)
+ */
+
+import type { ClawdbotConfig } from "../../../src/config/config.js";
+import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js";
+
+export type TwitchTokenSource = "env" | "config" | "none";
+
+export type TwitchTokenResolution = {
+ token: string;
+ source: TwitchTokenSource;
+};
+
+/**
+ * Normalize a Twitch OAuth token - ensure it has the oauth: prefix
+ */
+function normalizeTwitchToken(raw?: string | null): string | undefined {
+ if (!raw) return undefined;
+ const trimmed = raw.trim();
+ if (!trimmed) return undefined;
+ // Twitch tokens should have oauth: prefix
+ return trimmed.startsWith("oauth:") ? trimmed : `oauth:${trimmed}`;
+}
+
+/**
+ * Resolve Twitch access token from config or environment variable.
+ *
+ * Priority:
+ * 1. Account access token (from merged config - base-level for default, or accounts.{accountId})
+ * 2. Environment variable: CLAWDBOT_TWITCH_ACCESS_TOKEN (default account only)
+ *
+ * The getAccountConfig function handles merging base-level config with accounts.default,
+ * so this logic works for both simplified and multi-account patterns.
+ *
+ * @param cfg - Clawdbot config
+ * @param opts - Options including accountId and optional envToken override
+ * @returns Token resolution with source
+ */
+export function resolveTwitchToken(
+ cfg?: ClawdbotConfig,
+ opts: { accountId?: string | null; envToken?: string | null } = {},
+): TwitchTokenResolution {
+ const accountId = normalizeAccountId(opts.accountId);
+
+ // Get merged account config (handles both simplified and multi-account patterns)
+ const twitchCfg = cfg?.channels?.twitch;
+ const accountCfg =
+ accountId === DEFAULT_ACCOUNT_ID
+ ? (twitchCfg?.accounts?.[DEFAULT_ACCOUNT_ID] as Record | undefined)
+ : (twitchCfg?.accounts?.[accountId as string] as Record | undefined);
+
+ // For default account, also check base-level config
+ let token: string | undefined;
+ if (accountId === DEFAULT_ACCOUNT_ID) {
+ // Base-level config takes precedence
+ token = normalizeTwitchToken(
+ (typeof twitchCfg?.accessToken === "string" ? twitchCfg.accessToken : undefined) ||
+ (accountCfg?.accessToken as string | undefined),
+ );
+ } else {
+ // Non-default accounts only use accounts object
+ token = normalizeTwitchToken(accountCfg?.accessToken as string | undefined);
+ }
+
+ if (token) {
+ return { token, source: "config" };
+ }
+
+ // Environment variable (default account only)
+ const allowEnv = accountId === DEFAULT_ACCOUNT_ID;
+ const envToken = allowEnv
+ ? normalizeTwitchToken(opts.envToken ?? process.env.CLAWDBOT_TWITCH_ACCESS_TOKEN)
+ : undefined;
+ if (envToken) {
+ return { token: envToken, source: "env" };
+ }
+
+ return { token: "", source: "none" };
+}
diff --git a/extensions/twitch/src/twitch-client.test.ts b/extensions/twitch/src/twitch-client.test.ts
new file mode 100644
index 000000000..b6e270acd
--- /dev/null
+++ b/extensions/twitch/src/twitch-client.test.ts
@@ -0,0 +1,574 @@
+/**
+ * Tests for TwitchClientManager class
+ *
+ * Tests cover:
+ * - Client connection and reconnection
+ * - Message handling (chat)
+ * - Message sending with rate limiting
+ * - Disconnection scenarios
+ * - Error handling and edge cases
+ */
+
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import { TwitchClientManager } from "./twitch-client.js";
+import type { ChannelLogSink, TwitchAccountConfig, TwitchChatMessage } from "./types.js";
+
+// Mock @twurple dependencies
+const mockConnect = vi.fn().mockResolvedValue(undefined);
+const mockJoin = vi.fn().mockResolvedValue(undefined);
+const mockSay = vi.fn().mockResolvedValue({ messageId: "test-msg-123" });
+const mockQuit = vi.fn();
+const mockUnbind = vi.fn();
+
+// Event handler storage for testing
+const messageHandlers: Array<(channel: string, user: string, message: string, msg: any) => void> =
+ [];
+
+// Mock functions that track handlers and return unbind objects
+const mockOnMessage = vi.fn((handler: any) => {
+ messageHandlers.push(handler);
+ return { unbind: mockUnbind };
+});
+
+const mockAddUserForToken = vi.fn().mockResolvedValue("123456");
+const mockOnRefresh = vi.fn();
+const mockOnRefreshFailure = vi.fn();
+
+vi.mock("@twurple/chat", () => ({
+ ChatClient: class {
+ onMessage = mockOnMessage;
+ connect = mockConnect;
+ join = mockJoin;
+ say = mockSay;
+ quit = mockQuit;
+ },
+ LogLevel: {
+ CRITICAL: "CRITICAL",
+ ERROR: "ERROR",
+ WARNING: "WARNING",
+ INFO: "INFO",
+ DEBUG: "DEBUG",
+ TRACE: "TRACE",
+ },
+}));
+
+const mockAuthProvider = {
+ constructor: vi.fn(),
+};
+
+vi.mock("@twurple/auth", () => ({
+ StaticAuthProvider: class {
+ constructor(...args: unknown[]) {
+ mockAuthProvider.constructor(...args);
+ }
+ },
+ RefreshingAuthProvider: class {
+ addUserForToken = mockAddUserForToken;
+ onRefresh = mockOnRefresh;
+ onRefreshFailure = mockOnRefreshFailure;
+ },
+}));
+
+// Mock token resolution - must be after @twurple/auth mock
+vi.mock("./token.js", () => ({
+ resolveTwitchToken: vi.fn(() => ({
+ token: "oauth:mock-token-from-tests",
+ source: "config" as const,
+ })),
+ DEFAULT_ACCOUNT_ID: "default",
+}));
+
+describe("TwitchClientManager", () => {
+ let manager: TwitchClientManager;
+ let mockLogger: ChannelLogSink;
+
+ const testAccount: TwitchAccountConfig = {
+ username: "testbot",
+ token: "oauth:test123456",
+ clientId: "test-client-id",
+ channel: "testchannel",
+ enabled: true,
+ };
+
+ const testAccount2: TwitchAccountConfig = {
+ username: "testbot2",
+ token: "oauth:test789",
+ clientId: "test-client-id-2",
+ channel: "testchannel2",
+ enabled: true,
+ };
+
+ beforeEach(async () => {
+ // Clear all mocks first
+ vi.clearAllMocks();
+
+ // Clear handler arrays
+ messageHandlers.length = 0;
+
+ // Re-set up the default token mock implementation after clearing
+ const { resolveTwitchToken } = await import("./token.js");
+ vi.mocked(resolveTwitchToken).mockReturnValue({
+ token: "oauth:mock-token-from-tests",
+ source: "config" as const,
+ });
+
+ // Create mock logger
+ mockLogger = {
+ info: vi.fn(),
+ warn: vi.fn(),
+ error: vi.fn(),
+ debug: vi.fn(),
+ };
+
+ // Create manager instance
+ manager = new TwitchClientManager(mockLogger);
+ });
+
+ afterEach(() => {
+ // Clean up manager to avoid side effects
+ manager._clearForTest();
+ });
+
+ describe("getClient", () => {
+ it("should create a new client connection", async () => {
+ const _client = await manager.getClient(testAccount);
+
+ // New implementation: connect is called, channels are passed to constructor
+ expect(mockConnect).toHaveBeenCalledTimes(1);
+ expect(mockLogger.info).toHaveBeenCalledWith(
+ expect.stringContaining("Connected to Twitch as testbot"),
+ );
+ });
+
+ it("should use account username as default channel when channel not specified", async () => {
+ const accountWithoutChannel: TwitchAccountConfig = {
+ ...testAccount,
+ channel: undefined,
+ };
+
+ await manager.getClient(accountWithoutChannel);
+
+ // New implementation: channel (testbot) is passed to constructor, not via join()
+ expect(mockConnect).toHaveBeenCalledTimes(1);
+ });
+
+ it("should reuse existing client for same account", async () => {
+ const client1 = await manager.getClient(testAccount);
+ const client2 = await manager.getClient(testAccount);
+
+ expect(client1).toBe(client2);
+ expect(mockConnect).toHaveBeenCalledTimes(1);
+ });
+
+ it("should create separate clients for different accounts", async () => {
+ await manager.getClient(testAccount);
+ await manager.getClient(testAccount2);
+
+ expect(mockConnect).toHaveBeenCalledTimes(2);
+ });
+
+ it("should normalize token by removing oauth: prefix", async () => {
+ const accountWithPrefix: TwitchAccountConfig = {
+ ...testAccount,
+ token: "oauth:actualtoken123",
+ };
+
+ // Override the mock to return a specific token for this test
+ const { resolveTwitchToken } = await import("./token.js");
+ vi.mocked(resolveTwitchToken).mockReturnValue({
+ token: "oauth:actualtoken123",
+ source: "config" as const,
+ });
+
+ await manager.getClient(accountWithPrefix);
+
+ expect(mockAuthProvider.constructor).toHaveBeenCalledWith("test-client-id", "actualtoken123");
+ });
+
+ it("should use token directly when no oauth: prefix", async () => {
+ // Override the mock to return a token without oauth: prefix
+ const { resolveTwitchToken } = await import("./token.js");
+ vi.mocked(resolveTwitchToken).mockReturnValue({
+ token: "oauth:mock-token-from-tests",
+ source: "config" as const,
+ });
+
+ await manager.getClient(testAccount);
+
+ // Implementation strips oauth: prefix from all tokens
+ expect(mockAuthProvider.constructor).toHaveBeenCalledWith(
+ "test-client-id",
+ "mock-token-from-tests",
+ );
+ });
+
+ it("should throw error when clientId is missing", async () => {
+ const accountWithoutClientId: TwitchAccountConfig = {
+ ...testAccount,
+ clientId: undefined,
+ };
+
+ await expect(manager.getClient(accountWithoutClientId)).rejects.toThrow(
+ "Missing Twitch client ID",
+ );
+
+ expect(mockLogger.error).toHaveBeenCalledWith(
+ expect.stringContaining("Missing Twitch client ID"),
+ );
+ });
+
+ it("should throw error when token is missing", async () => {
+ // Override the mock to return empty token
+ const { resolveTwitchToken } = await import("./token.js");
+ vi.mocked(resolveTwitchToken).mockReturnValue({
+ token: "",
+ source: "none" as const,
+ });
+
+ await expect(manager.getClient(testAccount)).rejects.toThrow("Missing Twitch token");
+ });
+
+ it("should set up message handlers on client connection", async () => {
+ await manager.getClient(testAccount);
+
+ expect(mockOnMessage).toHaveBeenCalled();
+ expect(mockLogger.info).toHaveBeenCalledWith(expect.stringContaining("Set up handlers for"));
+ });
+
+ it("should create separate clients for same account with different channels", async () => {
+ const account1: TwitchAccountConfig = {
+ ...testAccount,
+ channel: "channel1",
+ };
+ const account2: TwitchAccountConfig = {
+ ...testAccount,
+ channel: "channel2",
+ };
+
+ await manager.getClient(account1);
+ await manager.getClient(account2);
+
+ expect(mockConnect).toHaveBeenCalledTimes(2);
+ });
+ });
+
+ describe("onMessage", () => {
+ it("should register message handler for account", () => {
+ const handler = vi.fn();
+ manager.onMessage(testAccount, handler);
+
+ expect(handler).not.toHaveBeenCalled();
+ });
+
+ it("should replace existing handler for same account", () => {
+ const handler1 = vi.fn();
+ const handler2 = vi.fn();
+
+ manager.onMessage(testAccount, handler1);
+ manager.onMessage(testAccount, handler2);
+
+ // Check the stored handler is handler2
+ const key = manager.getAccountKey(testAccount);
+ expect((manager as any).messageHandlers.get(key)).toBe(handler2);
+ });
+ });
+
+ describe("disconnect", () => {
+ it("should disconnect a connected client", async () => {
+ await manager.getClient(testAccount);
+ await manager.disconnect(testAccount);
+
+ expect(mockQuit).toHaveBeenCalledTimes(1);
+ expect(mockLogger.info).toHaveBeenCalledWith(expect.stringContaining("Disconnected"));
+ });
+
+ it("should clear client and message handler", async () => {
+ const handler = vi.fn();
+ await manager.getClient(testAccount);
+ manager.onMessage(testAccount, handler);
+
+ await manager.disconnect(testAccount);
+
+ const key = manager.getAccountKey(testAccount);
+ expect((manager as any).clients.has(key)).toBe(false);
+ expect((manager as any).messageHandlers.has(key)).toBe(false);
+ });
+
+ it("should handle disconnecting non-existent client gracefully", async () => {
+ // disconnect doesn't throw, just does nothing
+ await manager.disconnect(testAccount);
+ expect(mockQuit).not.toHaveBeenCalled();
+ });
+
+ it("should only disconnect specified account when multiple accounts exist", async () => {
+ await manager.getClient(testAccount);
+ await manager.getClient(testAccount2);
+
+ await manager.disconnect(testAccount);
+
+ expect(mockQuit).toHaveBeenCalledTimes(1);
+
+ const key2 = manager.getAccountKey(testAccount2);
+ expect((manager as any).clients.has(key2)).toBe(true);
+ });
+ });
+
+ describe("disconnectAll", () => {
+ it("should disconnect all connected clients", async () => {
+ await manager.getClient(testAccount);
+ await manager.getClient(testAccount2);
+
+ await manager.disconnectAll();
+
+ expect(mockQuit).toHaveBeenCalledTimes(2);
+ expect((manager as any).clients.size).toBe(0);
+ expect((manager as any).messageHandlers.size).toBe(0);
+ });
+
+ it("should handle empty client list gracefully", async () => {
+ // disconnectAll doesn't throw, just does nothing
+ await manager.disconnectAll();
+ expect(mockQuit).not.toHaveBeenCalled();
+ });
+ });
+
+ describe("sendMessage", () => {
+ beforeEach(async () => {
+ await manager.getClient(testAccount);
+ });
+
+ it("should send message successfully", async () => {
+ const result = await manager.sendMessage(testAccount, "testchannel", "Hello, world!");
+
+ expect(result.ok).toBe(true);
+ expect(result.messageId).toBeDefined();
+ expect(mockSay).toHaveBeenCalledWith("testchannel", "Hello, world!");
+ });
+
+ it("should generate unique message ID for each message", async () => {
+ const result1 = await manager.sendMessage(testAccount, "testchannel", "First message");
+ const result2 = await manager.sendMessage(testAccount, "testchannel", "Second message");
+
+ expect(result1.messageId).not.toBe(result2.messageId);
+ });
+
+ it("should handle sending to account's default channel", async () => {
+ const result = await manager.sendMessage(
+ testAccount,
+ testAccount.channel || testAccount.username,
+ "Test message",
+ );
+
+ // Should use the account's channel or username
+ expect(result.ok).toBe(true);
+ expect(mockSay).toHaveBeenCalled();
+ });
+
+ it("should return error on send failure", async () => {
+ mockSay.mockRejectedValueOnce(new Error("Rate limited"));
+
+ const result = await manager.sendMessage(testAccount, "testchannel", "Test message");
+
+ expect(result.ok).toBe(false);
+ expect(result.error).toBe("Rate limited");
+ expect(mockLogger.error).toHaveBeenCalledWith(
+ expect.stringContaining("Failed to send message"),
+ );
+ });
+
+ it("should handle unknown error types", async () => {
+ mockSay.mockRejectedValueOnce("String error");
+
+ const result = await manager.sendMessage(testAccount, "testchannel", "Test message");
+
+ expect(result.ok).toBe(false);
+ expect(result.error).toBe("String error");
+ });
+
+ it("should create client if not already connected", async () => {
+ // Clear the existing client
+ (manager as any).clients.clear();
+
+ // Reset connect call count for this specific test
+ const connectCallCountBefore = mockConnect.mock.calls.length;
+
+ const result = await manager.sendMessage(testAccount, "testchannel", "Test message");
+
+ expect(result.ok).toBe(true);
+ expect(mockConnect.mock.calls.length).toBeGreaterThan(connectCallCountBefore);
+ });
+ });
+
+ describe("message handling integration", () => {
+ let capturedMessage: TwitchChatMessage | null = null;
+
+ beforeEach(() => {
+ capturedMessage = null;
+
+ // Set up message handler before connecting
+ manager.onMessage(testAccount, (message) => {
+ capturedMessage = message;
+ });
+ });
+
+ it("should handle incoming chat messages", async () => {
+ await manager.getClient(testAccount);
+
+ // Get the onMessage callback
+ const onMessageCallback = messageHandlers[0];
+ if (!onMessageCallback) throw new Error("onMessageCallback not found");
+
+ // Simulate Twitch message
+ onMessageCallback("#testchannel", "testuser", "Hello bot!", {
+ userInfo: {
+ userName: "testuser",
+ displayName: "TestUser",
+ userId: "12345",
+ isMod: false,
+ isBroadcaster: false,
+ isVip: false,
+ isSubscriber: false,
+ },
+ id: "msg123",
+ });
+
+ expect(capturedMessage).not.toBeNull();
+ expect(capturedMessage?.username).toBe("testuser");
+ expect(capturedMessage?.displayName).toBe("TestUser");
+ expect(capturedMessage?.userId).toBe("12345");
+ expect(capturedMessage?.message).toBe("Hello bot!");
+ expect(capturedMessage?.channel).toBe("testchannel");
+ expect(capturedMessage?.chatType).toBe("group");
+ });
+
+ it("should normalize channel names without # prefix", async () => {
+ await manager.getClient(testAccount);
+
+ const onMessageCallback = messageHandlers[0];
+
+ onMessageCallback("testchannel", "testuser", "Test", {
+ userInfo: {
+ userName: "testuser",
+ displayName: "TestUser",
+ userId: "123",
+ isMod: false,
+ isBroadcaster: false,
+ isVip: false,
+ isSubscriber: false,
+ },
+ id: "msg1",
+ });
+
+ expect(capturedMessage?.channel).toBe("testchannel");
+ });
+
+ it("should include user role flags in message", async () => {
+ await manager.getClient(testAccount);
+
+ const onMessageCallback = messageHandlers[0];
+
+ onMessageCallback("#testchannel", "moduser", "Test", {
+ userInfo: {
+ userName: "moduser",
+ displayName: "ModUser",
+ userId: "456",
+ isMod: true,
+ isBroadcaster: false,
+ isVip: true,
+ isSubscriber: true,
+ },
+ id: "msg2",
+ });
+
+ expect(capturedMessage?.isMod).toBe(true);
+ expect(capturedMessage?.isVip).toBe(true);
+ expect(capturedMessage?.isSub).toBe(true);
+ expect(capturedMessage?.isOwner).toBe(false);
+ });
+
+ it("should handle broadcaster messages", async () => {
+ await manager.getClient(testAccount);
+
+ const onMessageCallback = messageHandlers[0];
+
+ onMessageCallback("#testchannel", "broadcaster", "Test", {
+ userInfo: {
+ userName: "broadcaster",
+ displayName: "Broadcaster",
+ userId: "789",
+ isMod: false,
+ isBroadcaster: true,
+ isVip: false,
+ isSubscriber: false,
+ },
+ id: "msg3",
+ });
+
+ expect(capturedMessage?.isOwner).toBe(true);
+ });
+ });
+
+ describe("edge cases", () => {
+ it("should handle multiple message handlers for different accounts", async () => {
+ const messages1: TwitchChatMessage[] = [];
+ const messages2: TwitchChatMessage[] = [];
+
+ manager.onMessage(testAccount, (msg) => messages1.push(msg));
+ manager.onMessage(testAccount2, (msg) => messages2.push(msg));
+
+ await manager.getClient(testAccount);
+ await manager.getClient(testAccount2);
+
+ // Simulate message for first account
+ const onMessage1 = messageHandlers[0];
+ if (!onMessage1) throw new Error("onMessage1 not found");
+ onMessage1("#testchannel", "user1", "msg1", {
+ userInfo: {
+ userName: "user1",
+ displayName: "User1",
+ userId: "1",
+ isMod: false,
+ isBroadcaster: false,
+ isVip: false,
+ isSubscriber: false,
+ },
+ id: "1",
+ });
+
+ // Simulate message for second account
+ const onMessage2 = messageHandlers[1];
+ if (!onMessage2) throw new Error("onMessage2 not found");
+ onMessage2("#testchannel2", "user2", "msg2", {
+ userInfo: {
+ userName: "user2",
+ displayName: "User2",
+ userId: "2",
+ isMod: false,
+ isBroadcaster: false,
+ isVip: false,
+ isSubscriber: false,
+ },
+ id: "2",
+ });
+
+ expect(messages1).toHaveLength(1);
+ expect(messages2).toHaveLength(1);
+ expect(messages1[0]?.message).toBe("msg1");
+ expect(messages2[0]?.message).toBe("msg2");
+ });
+
+ it("should handle rapid client creation requests", async () => {
+ const promises = [
+ manager.getClient(testAccount),
+ manager.getClient(testAccount),
+ manager.getClient(testAccount),
+ ];
+
+ await Promise.all(promises);
+
+ // Note: The implementation doesn't handle concurrent getClient calls,
+ // so multiple connections may be created. This is expected behavior.
+ expect(mockConnect).toHaveBeenCalled();
+ });
+ });
+});
diff --git a/extensions/twitch/src/twitch-client.ts b/extensions/twitch/src/twitch-client.ts
new file mode 100644
index 000000000..f76435aa4
--- /dev/null
+++ b/extensions/twitch/src/twitch-client.ts
@@ -0,0 +1,277 @@
+import { RefreshingAuthProvider, StaticAuthProvider } from "@twurple/auth";
+import { ChatClient, LogLevel } from "@twurple/chat";
+import type { ClawdbotConfig } from "clawdbot/plugin-sdk";
+import type { ChannelLogSink, TwitchAccountConfig, TwitchChatMessage } from "./types.js";
+import { resolveTwitchToken } from "./token.js";
+import { normalizeToken } from "./utils/twitch.js";
+
+/**
+ * Manages Twitch chat client connections
+ */
+export class TwitchClientManager {
+ private clients = new Map();
+ private messageHandlers = new Map void>();
+
+ constructor(private logger: ChannelLogSink) {}
+
+ /**
+ * Create an auth provider for the account.
+ */
+ private async createAuthProvider(
+ account: TwitchAccountConfig,
+ normalizedToken: string,
+ ): Promise {
+ if (!account.clientId) {
+ throw new Error("Missing Twitch client ID");
+ }
+
+ if (account.clientSecret) {
+ const authProvider = new RefreshingAuthProvider({
+ clientId: account.clientId,
+ clientSecret: account.clientSecret,
+ });
+
+ await authProvider
+ .addUserForToken({
+ accessToken: normalizedToken,
+ refreshToken: account.refreshToken ?? null,
+ expiresIn: account.expiresIn ?? null,
+ obtainmentTimestamp: account.obtainmentTimestamp ?? Date.now(),
+ })
+ .then((userId) => {
+ this.logger.info(
+ `Added user ${userId} to RefreshingAuthProvider for ${account.username}`,
+ );
+ })
+ .catch((err) => {
+ this.logger.error(
+ `Failed to add user to RefreshingAuthProvider: ${err instanceof Error ? err.message : String(err)}`,
+ );
+ });
+
+ authProvider.onRefresh((userId, token) => {
+ this.logger.info(
+ `Access token refreshed for user ${userId} (expires in ${token.expiresIn ? `${token.expiresIn}s` : "unknown"})`,
+ );
+ });
+
+ authProvider.onRefreshFailure((userId, error) => {
+ this.logger.error(`Failed to refresh access token for user ${userId}: ${error.message}`);
+ });
+
+ const refreshStatus = account.refreshToken
+ ? "automatic token refresh enabled"
+ : "token refresh disabled (no refresh token)";
+ this.logger.info(`Using RefreshingAuthProvider for ${account.username} (${refreshStatus})`);
+
+ return authProvider;
+ }
+
+ this.logger.info(`Using StaticAuthProvider for ${account.username} (no clientSecret provided)`);
+ return new StaticAuthProvider(account.clientId, normalizedToken);
+ }
+
+ /**
+ * Get or create a chat client for an account
+ */
+ async getClient(
+ account: TwitchAccountConfig,
+ cfg?: ClawdbotConfig,
+ accountId?: string,
+ ): Promise {
+ const key = this.getAccountKey(account);
+
+ const existing = this.clients.get(key);
+ if (existing) {
+ return existing;
+ }
+
+ const tokenResolution = resolveTwitchToken(cfg, {
+ accountId,
+ });
+
+ if (!tokenResolution.token) {
+ this.logger.error(
+ `Missing Twitch token for account ${account.username} (set channels.twitch.accounts.${account.username}.token or CLAWDBOT_TWITCH_ACCESS_TOKEN for default)`,
+ );
+ throw new Error("Missing Twitch token");
+ }
+
+ this.logger.debug?.(`Using ${tokenResolution.source} token source for ${account.username}`);
+
+ if (!account.clientId) {
+ this.logger.error(`Missing Twitch client ID for account ${account.username}`);
+ throw new Error("Missing Twitch client ID");
+ }
+
+ const normalizedToken = normalizeToken(tokenResolution.token);
+
+ const authProvider = await this.createAuthProvider(account, normalizedToken);
+
+ const client = new ChatClient({
+ authProvider,
+ channels: [account.channel],
+ rejoinChannelsOnReconnect: true,
+ requestMembershipEvents: true,
+ logger: {
+ minLevel: LogLevel.WARNING,
+ custom: {
+ log: (level, message) => {
+ switch (level) {
+ case LogLevel.CRITICAL:
+ this.logger.error(`${message}`);
+ break;
+ case LogLevel.ERROR:
+ this.logger.error(`${message}`);
+ break;
+ case LogLevel.WARNING:
+ this.logger.warn(`${message}`);
+ break;
+ case LogLevel.INFO:
+ this.logger.info(`${message}`);
+ break;
+ case LogLevel.DEBUG:
+ this.logger.debug?.(`${message}`);
+ break;
+ case LogLevel.TRACE:
+ this.logger.debug?.(`${message}`);
+ break;
+ }
+ },
+ },
+ },
+ });
+
+ this.setupClientHandlers(client, account);
+
+ client.connect();
+
+ this.clients.set(key, client);
+ this.logger.info(`Connected to Twitch as ${account.username}`);
+
+ return client;
+ }
+
+ /**
+ * Set up message and event handlers for a client
+ */
+ private setupClientHandlers(client: ChatClient, account: TwitchAccountConfig): void {
+ const key = this.getAccountKey(account);
+
+ // Handle incoming messages
+ client.onMessage((channelName, _user, messageText, msg) => {
+ const handler = this.messageHandlers.get(key);
+ if (handler) {
+ const normalizedChannel = channelName.startsWith("#") ? channelName.slice(1) : channelName;
+ const from = `twitch:${msg.userInfo.userName}`;
+ const preview = messageText.slice(0, 100).replace(/\n/g, "\\n");
+ this.logger.debug?.(
+ `twitch inbound: channel=${normalizedChannel} from=${from} len=${messageText.length} preview="${preview}"`,
+ );
+
+ handler({
+ username: msg.userInfo.userName,
+ displayName: msg.userInfo.displayName,
+ userId: msg.userInfo.userId,
+ message: messageText,
+ channel: normalizedChannel,
+ id: msg.id,
+ timestamp: new Date(),
+ isMod: msg.userInfo.isMod,
+ isOwner: msg.userInfo.isBroadcaster,
+ isVip: msg.userInfo.isVip,
+ isSub: msg.userInfo.isSubscriber,
+ chatType: "group",
+ });
+ }
+ });
+
+ this.logger.info(`Set up handlers for ${key}`);
+ }
+
+ /**
+ * Set a message handler for an account
+ * @returns A function that removes the handler when called
+ */
+ onMessage(
+ account: TwitchAccountConfig,
+ handler: (message: TwitchChatMessage) => void,
+ ): () => void {
+ const key = this.getAccountKey(account);
+ this.messageHandlers.set(key, handler);
+ return () => {
+ this.messageHandlers.delete(key);
+ };
+ }
+
+ /**
+ * Disconnect a client
+ */
+ async disconnect(account: TwitchAccountConfig): Promise {
+ const key = this.getAccountKey(account);
+ const client = this.clients.get(key);
+
+ if (client) {
+ client.quit();
+ this.clients.delete(key);
+ this.messageHandlers.delete(key);
+ this.logger.info(`Disconnected ${key}`);
+ }
+ }
+
+ /**
+ * Disconnect all clients
+ */
+ async disconnectAll(): Promise {
+ this.clients.forEach((client) => client.quit());
+ this.clients.clear();
+ this.messageHandlers.clear();
+ this.logger.info(" Disconnected all clients");
+ }
+
+ /**
+ * Send a message to a channel
+ */
+ async sendMessage(
+ account: TwitchAccountConfig,
+ channel: string,
+ message: string,
+ cfg?: ClawdbotConfig,
+ accountId?: string,
+ ): Promise<{ ok: boolean; error?: string; messageId?: string }> {
+ try {
+ const client = await this.getClient(account, cfg, accountId);
+
+ // Generate a message ID (Twurple's say() doesn't return the message ID, so we generate one)
+ const messageId = crypto.randomUUID();
+
+ // Send message (Twurple handles rate limiting)
+ await client.say(channel, message);
+
+ return { ok: true, messageId };
+ } catch (error) {
+ this.logger.error(
+ `Failed to send message: ${error instanceof Error ? error.message : String(error)}`,
+ );
+ return {
+ ok: false,
+ error: error instanceof Error ? error.message : String(error),
+ };
+ }
+ }
+
+ /**
+ * Generate a unique key for an account
+ */
+ public getAccountKey(account: TwitchAccountConfig): string {
+ return `${account.username}:${account.channel}`;
+ }
+
+ /**
+ * Clear all clients and handlers (for testing)
+ */
+ _clearForTest(): void {
+ this.clients.clear();
+ this.messageHandlers.clear();
+ }
+}
diff --git a/extensions/twitch/src/types.ts b/extensions/twitch/src/types.ts
new file mode 100644
index 000000000..74b2b4acf
--- /dev/null
+++ b/extensions/twitch/src/types.ts
@@ -0,0 +1,141 @@
+/**
+ * Twitch channel plugin types.
+ *
+ * This file defines Twitch-specific types. Generic channel types are imported
+ * from Clawdbot core.
+ */
+
+import type {
+ ChannelAccountSnapshot,
+ ChannelCapabilities,
+ ChannelLogSink,
+ ChannelMessageActionAdapter,
+ ChannelMessageActionContext,
+ ChannelMeta,
+} from "../../../src/channels/plugins/types.core.js";
+import type { ChannelPlugin } from "../../../src/channels/plugins/types.plugin.js";
+import type {
+ ChannelGatewayContext,
+ ChannelOutboundAdapter,
+ ChannelOutboundContext,
+ ChannelResolveKind,
+ ChannelResolveResult,
+ ChannelStatusAdapter,
+} from "../../../src/channels/plugins/types.adapters.js";
+import type { ClawdbotConfig } from "../../../src/config/config.js";
+import type { OutboundDeliveryResult } from "../../../src/infra/outbound/deliver.js";
+import type { RuntimeEnv } from "../../../src/runtime.js";
+
+// ============================================================================
+// Twitch-Specific Types
+// ============================================================================
+
+/**
+ * Twitch user roles that can be allowed to interact with the bot
+ */
+export type TwitchRole = "moderator" | "owner" | "vip" | "subscriber" | "all";
+
+/**
+ * Account configuration for a Twitch channel
+ */
+export interface TwitchAccountConfig {
+ /** Twitch username */
+ username: string;
+ /** Twitch OAuth access token (requires chat:read and chat:write scopes) */
+ accessToken: string;
+ /** Twitch client ID (from Twitch Developer Portal or twitchtokengenerator.com) */
+ clientId: string;
+ /** Channel name to join (required) */
+ channel: string;
+ /** Enable this account */
+ enabled?: boolean;
+ /** Allowlist of Twitch user IDs who can interact with the bot (use IDs for safety, not usernames) */
+ allowFrom?: Array;
+ /** Roles allowed to interact with the bot (e.g., ["mod", "vip", "sub"]) */
+ allowedRoles?: TwitchRole[];
+ /** Require @mention to trigger bot responses */
+ requireMention?: boolean;
+ /** Twitch client secret (required for token refresh via RefreshingAuthProvider) */
+ clientSecret?: string;
+ /** Refresh token (required for automatic token refresh) */
+ refreshToken?: string;
+ /** Token expiry time in seconds (optional, for token refresh tracking) */
+ expiresIn?: number | null;
+ /** Timestamp when token was obtained (optional, for token refresh tracking) */
+ obtainmentTimestamp?: number;
+}
+
+/**
+ * Message target for Twitch
+ */
+export interface TwitchTarget {
+ /** Account ID */
+ accountId: string;
+ /** Channel name (defaults to account's channel) */
+ channel?: string;
+}
+
+/**
+ * Twitch message from chat
+ */
+export interface TwitchChatMessage {
+ /** Username of sender */
+ username: string;
+ /** Twitch user ID of sender (unique, persistent identifier) */
+ userId?: string;
+ /** Message text */
+ message: string;
+ /** Channel name */
+ channel: string;
+ /** Display name (may include special characters) */
+ displayName?: string;
+ /** Message ID */
+ id?: string;
+ /** Timestamp */
+ timestamp?: Date;
+ /** Whether the sender is a moderator */
+ isMod?: boolean;
+ /** Whether the sender is the channel owner/broadcaster */
+ isOwner?: boolean;
+ /** Whether the sender is a VIP */
+ isVip?: boolean;
+ /** Whether the sender is a subscriber */
+ isSub?: boolean;
+ /** Chat type */
+ chatType?: "group";
+}
+
+/**
+ * Send result from Twitch client
+ */
+export interface SendResult {
+ ok: boolean;
+ error?: string;
+ messageId?: string;
+}
+
+// Re-export core types for convenience
+export type {
+ ChannelAccountSnapshot,
+ ChannelGatewayContext,
+ ChannelLogSink,
+ ChannelMessageActionAdapter,
+ ChannelMessageActionContext,
+ ChannelMeta,
+ ChannelOutboundAdapter,
+ ChannelStatusAdapter,
+ ChannelCapabilities,
+ ChannelResolveKind,
+ ChannelResolveResult,
+ ChannelPlugin,
+ ChannelOutboundContext,
+ OutboundDeliveryResult,
+};
+
+// Import and re-export the schema type
+import type { TwitchConfigSchema } from "./config-schema.js";
+import type { z } from "zod";
+export type TwitchConfig = z.infer;
+
+export type { ClawdbotConfig };
+export type { RuntimeEnv };
diff --git a/extensions/twitch/src/utils/markdown.ts b/extensions/twitch/src/utils/markdown.ts
new file mode 100644
index 000000000..0fa4a5fdf
--- /dev/null
+++ b/extensions/twitch/src/utils/markdown.ts
@@ -0,0 +1,92 @@
+/**
+ * Markdown utilities for Twitch chat
+ *
+ * Twitch chat doesn't support markdown formatting, so we strip it before sending.
+ * Based on Clawdbot's markdownToText in src/agents/tools/web-fetch-utils.ts.
+ */
+
+/**
+ * Strip markdown formatting from text for Twitch compatibility.
+ *
+ * Removes images, links, bold, italic, strikethrough, code blocks, inline code,
+ * headers, and list formatting. Replaces newlines with spaces since Twitch
+ * is a single-line chat medium.
+ *
+ * @param markdown - The markdown text to strip
+ * @returns Plain text with markdown removed
+ */
+export function stripMarkdownForTwitch(markdown: string): string {
+ return (
+ markdown
+ // Images
+ .replace(/!\[[^\]]*]\([^)]+\)/g, "")
+ // Links
+ .replace(/\[([^\]]+)]\([^)]+\)/g, "$1")
+ // Bold (**text**)
+ .replace(/\*\*([^*]+)\*\*/g, "$1")
+ // Bold (__text__)
+ .replace(/__([^_]+)__/g, "$1")
+ // Italic (*text*)
+ .replace(/\*([^*]+)\*/g, "$1")
+ // Italic (_text_)
+ .replace(/_([^_]+)_/g, "$1")
+ // Strikethrough (~~text~~)
+ .replace(/~~([^~]+)~~/g, "$1")
+ // Code blocks
+ .replace(/```[\s\S]*?```/g, (block) => block.replace(/```[^\n]*\n?/g, "").replace(/```/g, ""))
+ // Inline code
+ .replace(/`([^`]+)`/g, "$1")
+ // Headers
+ .replace(/^#{1,6}\s+/gm, "")
+ // Lists
+ .replace(/^\s*[-*+]\s+/gm, "")
+ .replace(/^\s*\d+\.\s+/gm, "")
+ // Normalize whitespace
+ .replace(/\r/g, "") // Remove carriage returns
+ .replace(/[ \t]+\n/g, "\n") // Remove trailing spaces before newlines
+ .replace(/\n/g, " ") // Replace newlines with spaces (for Twitch)
+ .replace(/[ \t]{2,}/g, " ") // Reduce multiple spaces to single
+ .trim()
+ );
+}
+
+/**
+ * Simple word-boundary chunker for Twitch (500 char limit).
+ * Strips markdown before chunking to avoid breaking markdown patterns.
+ *
+ * @param text - The text to chunk
+ * @param limit - Maximum characters per chunk (Twitch limit is 500)
+ * @returns Array of text chunks
+ */
+export function chunkTextForTwitch(text: string, limit: number): string[] {
+ // First, strip markdown
+ const cleaned = stripMarkdownForTwitch(text);
+ if (!cleaned) return [];
+ if (limit <= 0) return [cleaned];
+ if (cleaned.length <= limit) return [cleaned];
+
+ const chunks: string[] = [];
+ let remaining = cleaned;
+
+ while (remaining.length > limit) {
+ // Find the last space before the limit
+ const window = remaining.slice(0, limit);
+ const lastSpaceIndex = window.lastIndexOf(" ");
+
+ if (lastSpaceIndex === -1) {
+ // No space found, hard split at limit
+ chunks.push(window);
+ remaining = remaining.slice(limit);
+ } else {
+ // Split at the last space
+ chunks.push(window.slice(0, lastSpaceIndex));
+ remaining = remaining.slice(lastSpaceIndex + 1);
+ }
+ }
+
+ if (remaining) {
+ chunks.push(remaining);
+ }
+
+ return chunks;
+}
diff --git a/extensions/twitch/src/utils/twitch.ts b/extensions/twitch/src/utils/twitch.ts
new file mode 100644
index 000000000..cb2667cb1
--- /dev/null
+++ b/extensions/twitch/src/utils/twitch.ts
@@ -0,0 +1,78 @@
+/**
+ * Twitch-specific utility functions
+ */
+
+/**
+ * Normalize Twitch channel names.
+ *
+ * Removes the '#' prefix if present, converts to lowercase, and trims whitespace.
+ * Twitch channel names are case-insensitive and don't use the '#' prefix in the API.
+ *
+ * @param channel - The channel name to normalize
+ * @returns Normalized channel name
+ *
+ * @example
+ * normalizeTwitchChannel("#TwitchChannel") // "twitchchannel"
+ * normalizeTwitchChannel("MyChannel") // "mychannel"
+ */
+export function normalizeTwitchChannel(channel: string): string {
+ const trimmed = channel.trim().toLowerCase();
+ return trimmed.startsWith("#") ? trimmed.slice(1) : trimmed;
+}
+
+/**
+ * Create a standardized error message for missing target.
+ *
+ * @param provider - The provider name (e.g., "Twitch")
+ * @param hint - Optional hint for how to fix the issue
+ * @returns Error object with descriptive message
+ */
+export function missingTargetError(provider: string, hint?: string): Error {
+ return new Error(`Delivering to ${provider} requires target${hint ? ` ${hint}` : ""}`);
+}
+
+/**
+ * Generate a unique message ID for Twitch messages.
+ *
+ * Twurple's say() doesn't return the message ID, so we generate one
+ * for tracking purposes.
+ *
+ * @returns A unique message ID
+ */
+export function generateMessageId(): string {
+ return `${Date.now()}-${Math.random().toString(36).substring(2, 15)}`;
+}
+
+/**
+ * Normalize OAuth token by removing the "oauth:" prefix if present.
+ *
+ * Twurple doesn't require the "oauth:" prefix, so we strip it for consistency.
+ *
+ * @param token - The OAuth token to normalize
+ * @returns Normalized token without "oauth:" prefix
+ *
+ * @example
+ * normalizeToken("oauth:abc123") // "abc123"
+ * normalizeToken("abc123") // "abc123"
+ */
+export function normalizeToken(token: string): string {
+ return token.startsWith("oauth:") ? token.slice(6) : token;
+}
+
+/**
+ * Check if an account is properly configured with required credentials.
+ *
+ * @param account - The Twitch account config to check
+ * @returns true if the account has required credentials
+ */
+export function isAccountConfigured(
+ account: {
+ username?: string;
+ accessToken?: string;
+ clientId?: string;
+ },
+ resolvedToken?: string | null,
+): boolean {
+ const token = resolvedToken ?? account?.accessToken;
+ return Boolean(account?.username && token && account?.clientId);
+}
diff --git a/extensions/twitch/test/setup.ts b/extensions/twitch/test/setup.ts
new file mode 100644
index 000000000..fb391c471
--- /dev/null
+++ b/extensions/twitch/test/setup.ts
@@ -0,0 +1,7 @@
+/**
+ * Vitest setup file for Twitch plugin tests.
+ *
+ * Re-exports the root test setup to avoid duplication.
+ */
+
+export * from "../../../test/setup.js";
diff --git a/extensions/voice-call/CHANGELOG.md b/extensions/voice-call/CHANGELOG.md
index a8721d47d..588817858 100644
--- a/extensions/voice-call/CHANGELOG.md
+++ b/extensions/voice-call/CHANGELOG.md
@@ -6,6 +6,7 @@
- Breaking: voice-call TTS now uses core `messages.tts` (plugin TTS config deep‑merges with core).
- Telephony TTS supports OpenAI + ElevenLabs; Edge TTS is ignored for calls.
- Removed legacy `tts.model`/`tts.voice`/`tts.instructions` plugin fields.
+- Ngrok free-tier bypass renamed to `tunnel.allowNgrokFreeTierLoopbackBypass` and gated to loopback + `tunnel.provider="ngrok"`.
## 2026.1.23
diff --git a/extensions/voice-call/README.md b/extensions/voice-call/README.md
index d96f90392..5f009aa28 100644
--- a/extensions/voice-call/README.md
+++ b/extensions/voice-call/README.md
@@ -74,6 +74,7 @@ Put under `plugins.entries.voice-call.config`:
Notes:
- Twilio/Telnyx/Plivo require a **publicly reachable** webhook URL.
- `mock` is a local dev provider (no network calls).
+- `tunnel.allowNgrokFreeTierLoopbackBypass: true` allows Twilio webhooks with invalid signatures **only** when `tunnel.provider="ngrok"` and `serve.bind` is loopback (ngrok local agent). Use for local dev only.
## TTS for calls
diff --git a/extensions/voice-call/clawdbot.plugin.json b/extensions/voice-call/clawdbot.plugin.json
index 2a4f04466..cfac7ad9d 100644
--- a/extensions/voice-call/clawdbot.plugin.json
+++ b/extensions/voice-call/clawdbot.plugin.json
@@ -78,8 +78,8 @@
"label": "ngrok Domain",
"advanced": true
},
- "tunnel.allowNgrokFreeTier": {
- "label": "Allow ngrok Free Tier",
+ "tunnel.allowNgrokFreeTierLoopbackBypass": {
+ "label": "Allow ngrok Free Tier (Loopback Bypass)",
"advanced": true
},
"streaming.enabled": {
@@ -330,7 +330,7 @@
"ngrokDomain": {
"type": "string"
},
- "allowNgrokFreeTier": {
+ "allowNgrokFreeTierLoopbackBypass": {
"type": "boolean"
}
}
diff --git a/extensions/voice-call/index.ts b/extensions/voice-call/index.ts
index 760726faa..60cb64eb2 100644
--- a/extensions/voice-call/index.ts
+++ b/extensions/voice-call/index.ts
@@ -1,8 +1,8 @@
import { Type } from "@sinclair/typebox";
-
import type { CoreConfig } from "./src/core-bridge.js";
import {
VoiceCallConfigSchema,
+ resolveVoiceCallConfig,
validateProviderConfig,
type VoiceCallConfig,
} from "./src/config.js";
@@ -62,8 +62,8 @@ const voiceCallConfigSchema = {
advanced: true,
},
"tunnel.ngrokDomain": { label: "ngrok Domain", advanced: true },
- "tunnel.allowNgrokFreeTier": {
- label: "Allow ngrok Free Tier",
+ "tunnel.allowNgrokFreeTierLoopbackBypass": {
+ label: "Allow ngrok Free Tier (Loopback Bypass)",
advanced: true,
},
"streaming.enabled": { label: "Enable Streaming", advanced: true },
@@ -145,8 +145,10 @@ const voiceCallPlugin = {
description: "Voice-call plugin with Telnyx/Twilio/Plivo providers",
configSchema: voiceCallConfigSchema,
register(api) {
- const cfg = voiceCallConfigSchema.parse(api.pluginConfig);
- const validation = validateProviderConfig(cfg);
+ const config = resolveVoiceCallConfig(
+ voiceCallConfigSchema.parse(api.pluginConfig),
+ );
+ const validation = validateProviderConfig(config);
if (api.pluginConfig && typeof api.pluginConfig === "object") {
const raw = api.pluginConfig as Record;
@@ -167,7 +169,7 @@ const voiceCallPlugin = {
let runtime: VoiceCallRuntime | null = null;
const ensureRuntime = async () => {
- if (!cfg.enabled) {
+ if (!config.enabled) {
throw new Error("Voice call disabled in plugin config");
}
if (!validation.valid) {
@@ -176,7 +178,7 @@ const voiceCallPlugin = {
if (runtime) return runtime;
if (!runtimePromise) {
runtimePromise = createVoiceCallRuntime({
- config: cfg,
+ config,
coreConfig: api.config as CoreConfig,
ttsRuntime: api.runtime.tts,
logger: api.logger,
@@ -457,7 +459,7 @@ const voiceCallPlugin = {
({ program }) =>
registerVoiceCallCli({
program,
- config: cfg,
+ config,
ensureRuntime,
logger: api.logger,
}),
@@ -467,7 +469,7 @@ const voiceCallPlugin = {
api.registerService({
id: "voicecall",
start: async () => {
- if (!cfg.enabled) return;
+ if (!config.enabled) return;
try {
await ensureRuntime();
} catch (err) {
diff --git a/extensions/voice-call/src/config.test.ts b/extensions/voice-call/src/config.test.ts
new file mode 100644
index 000000000..dde17e122
--- /dev/null
+++ b/extensions/voice-call/src/config.test.ts
@@ -0,0 +1,204 @@
+import { afterEach, beforeEach, describe, expect, it } from "vitest";
+
+import { validateProviderConfig, resolveVoiceCallConfig, type VoiceCallConfig } from "./config.js";
+
+function createBaseConfig(
+ provider: "telnyx" | "twilio" | "plivo" | "mock",
+): VoiceCallConfig {
+ return {
+ enabled: true,
+ provider,
+ fromNumber: "+15550001234",
+ inboundPolicy: "disabled",
+ allowFrom: [],
+ outbound: { defaultMode: "notify", notifyHangupDelaySec: 3 },
+ maxDurationSeconds: 300,
+ silenceTimeoutMs: 800,
+ transcriptTimeoutMs: 180000,
+ ringTimeoutMs: 30000,
+ maxConcurrentCalls: 1,
+ serve: { port: 3334, bind: "127.0.0.1", path: "/voice/webhook" },
+ tailscale: { mode: "off", path: "/voice/webhook" },
+ tunnel: { provider: "none", allowNgrokFreeTierLoopbackBypass: false },
+ streaming: {
+ enabled: false,
+ sttProvider: "openai-realtime",
+ sttModel: "gpt-4o-transcribe",
+ silenceDurationMs: 800,
+ vadThreshold: 0.5,
+ streamPath: "/voice/stream",
+ },
+ skipSignatureVerification: false,
+ stt: { provider: "openai", model: "whisper-1" },
+ tts: { provider: "openai", model: "gpt-4o-mini-tts", voice: "coral" },
+ responseModel: "openai/gpt-4o-mini",
+ responseTimeoutMs: 30000,
+ };
+}
+
+describe("validateProviderConfig", () => {
+ const originalEnv = { ...process.env };
+
+ beforeEach(() => {
+ // Clear all relevant env vars before each test
+ delete process.env.TWILIO_ACCOUNT_SID;
+ delete process.env.TWILIO_AUTH_TOKEN;
+ delete process.env.TELNYX_API_KEY;
+ delete process.env.TELNYX_CONNECTION_ID;
+ delete process.env.PLIVO_AUTH_ID;
+ delete process.env.PLIVO_AUTH_TOKEN;
+ });
+
+ afterEach(() => {
+ // Restore original env
+ process.env = { ...originalEnv };
+ });
+
+ describe("twilio provider", () => {
+ it("passes validation when credentials are in config", () => {
+ const config = createBaseConfig("twilio");
+ config.twilio = { accountSid: "AC123", authToken: "secret" };
+
+ const result = validateProviderConfig(config);
+
+ expect(result.valid).toBe(true);
+ expect(result.errors).toEqual([]);
+ });
+
+ it("passes validation when credentials are in environment variables", () => {
+ process.env.TWILIO_ACCOUNT_SID = "AC123";
+ process.env.TWILIO_AUTH_TOKEN = "secret";
+ let config = createBaseConfig("twilio");
+ config = resolveVoiceCallConfig(config);
+
+ const result = validateProviderConfig(config);
+
+ expect(result.valid).toBe(true);
+ expect(result.errors).toEqual([]);
+ });
+
+ it("passes validation with mixed config and env vars", () => {
+ process.env.TWILIO_AUTH_TOKEN = "secret";
+ let config = createBaseConfig("twilio");
+ config.twilio = { accountSid: "AC123" };
+ config = resolveVoiceCallConfig(config);
+
+ const result = validateProviderConfig(config);
+
+ expect(result.valid).toBe(true);
+ expect(result.errors).toEqual([]);
+ });
+
+ it("fails validation when accountSid is missing everywhere", () => {
+ process.env.TWILIO_AUTH_TOKEN = "secret";
+ let config = createBaseConfig("twilio");
+ config = resolveVoiceCallConfig(config);
+
+ const result = validateProviderConfig(config);
+
+ expect(result.valid).toBe(false);
+ expect(result.errors).toContain(
+ "plugins.entries.voice-call.config.twilio.accountSid is required (or set TWILIO_ACCOUNT_SID env)",
+ );
+ });
+
+ it("fails validation when authToken is missing everywhere", () => {
+ process.env.TWILIO_ACCOUNT_SID = "AC123";
+ let config = createBaseConfig("twilio");
+ config = resolveVoiceCallConfig(config);
+
+ const result = validateProviderConfig(config);
+
+ expect(result.valid).toBe(false);
+ expect(result.errors).toContain(
+ "plugins.entries.voice-call.config.twilio.authToken is required (or set TWILIO_AUTH_TOKEN env)",
+ );
+ });
+ });
+
+ describe("telnyx provider", () => {
+ it("passes validation when credentials are in config", () => {
+ const config = createBaseConfig("telnyx");
+ config.telnyx = { apiKey: "KEY123", connectionId: "CONN456" };
+
+ const result = validateProviderConfig(config);
+
+ expect(result.valid).toBe(true);
+ expect(result.errors).toEqual([]);
+ });
+
+ it("passes validation when credentials are in environment variables", () => {
+ process.env.TELNYX_API_KEY = "KEY123";
+ process.env.TELNYX_CONNECTION_ID = "CONN456";
+ let config = createBaseConfig("telnyx");
+ config = resolveVoiceCallConfig(config);
+
+ const result = validateProviderConfig(config);
+
+ expect(result.valid).toBe(true);
+ expect(result.errors).toEqual([]);
+ });
+
+ it("fails validation when apiKey is missing everywhere", () => {
+ process.env.TELNYX_CONNECTION_ID = "CONN456";
+ let config = createBaseConfig("telnyx");
+ config = resolveVoiceCallConfig(config);
+
+ const result = validateProviderConfig(config);
+
+ expect(result.valid).toBe(false);
+ expect(result.errors).toContain(
+ "plugins.entries.voice-call.config.telnyx.apiKey is required (or set TELNYX_API_KEY env)",
+ );
+ });
+ });
+
+ describe("plivo provider", () => {
+ it("passes validation when credentials are in config", () => {
+ const config = createBaseConfig("plivo");
+ config.plivo = { authId: "MA123", authToken: "secret" };
+
+ const result = validateProviderConfig(config);
+
+ expect(result.valid).toBe(true);
+ expect(result.errors).toEqual([]);
+ });
+
+ it("passes validation when credentials are in environment variables", () => {
+ process.env.PLIVO_AUTH_ID = "MA123";
+ process.env.PLIVO_AUTH_TOKEN = "secret";
+ let config = createBaseConfig("plivo");
+ config = resolveVoiceCallConfig(config);
+
+ const result = validateProviderConfig(config);
+
+ expect(result.valid).toBe(true);
+ expect(result.errors).toEqual([]);
+ });
+
+ it("fails validation when authId is missing everywhere", () => {
+ process.env.PLIVO_AUTH_TOKEN = "secret";
+ let config = createBaseConfig("plivo");
+ config = resolveVoiceCallConfig(config);
+
+ const result = validateProviderConfig(config);
+
+ expect(result.valid).toBe(false);
+ expect(result.errors).toContain(
+ "plugins.entries.voice-call.config.plivo.authId is required (or set PLIVO_AUTH_ID env)",
+ );
+ });
+ });
+
+ describe("disabled config", () => {
+ it("skips validation when enabled is false", () => {
+ const config = createBaseConfig("twilio");
+ config.enabled = false;
+
+ const result = validateProviderConfig(config);
+
+ expect(result.valid).toBe(true);
+ expect(result.errors).toEqual([]);
+ });
+ });
+});
diff --git a/extensions/voice-call/src/config.ts b/extensions/voice-call/src/config.ts
index 48f4691fe..7784406e7 100644
--- a/extensions/voice-call/src/config.ts
+++ b/extensions/voice-call/src/config.ts
@@ -217,13 +217,17 @@ export const VoiceCallTunnelConfigSchema = z
/**
* Allow ngrok free tier compatibility mode.
* When true, signature verification failures on ngrok-free.app URLs
- * will be logged but allowed through. Less secure, but necessary
- * for ngrok free tier which may modify URLs.
+ * will be allowed only for loopback requests (ngrok local agent).
*/
- allowNgrokFreeTier: z.boolean().default(true),
+ allowNgrokFreeTierLoopbackBypass: z.boolean().default(false),
+ /**
+ * Legacy ngrok free tier compatibility mode (deprecated).
+ * Use allowNgrokFreeTierLoopbackBypass instead.
+ */
+ allowNgrokFreeTier: z.boolean().optional(),
})
.strict()
- .default({ provider: "none", allowNgrokFreeTier: true });
+ .default({ provider: "none", allowNgrokFreeTierLoopbackBypass: false });
export type VoiceCallTunnelConfig = z.infer;
// -----------------------------------------------------------------------------
@@ -381,6 +385,59 @@ export type VoiceCallConfig = z.infer;
// Configuration Helpers
// -----------------------------------------------------------------------------
+/**
+ * Resolves the configuration by merging environment variables into missing fields.
+ * Returns a new configuration object with environment variables applied.
+ */
+export function resolveVoiceCallConfig(config: VoiceCallConfig): VoiceCallConfig {
+ const resolved = JSON.parse(JSON.stringify(config)) as VoiceCallConfig;
+
+ // Telnyx
+ if (resolved.provider === "telnyx") {
+ resolved.telnyx = resolved.telnyx ?? {};
+ resolved.telnyx.apiKey =
+ resolved.telnyx.apiKey ?? process.env.TELNYX_API_KEY;
+ resolved.telnyx.connectionId =
+ resolved.telnyx.connectionId ?? process.env.TELNYX_CONNECTION_ID;
+ resolved.telnyx.publicKey =
+ resolved.telnyx.publicKey ?? process.env.TELNYX_PUBLIC_KEY;
+ }
+
+ // Twilio
+ if (resolved.provider === "twilio") {
+ resolved.twilio = resolved.twilio ?? {};
+ resolved.twilio.accountSid =
+ resolved.twilio.accountSid ?? process.env.TWILIO_ACCOUNT_SID;
+ resolved.twilio.authToken =
+ resolved.twilio.authToken ?? process.env.TWILIO_AUTH_TOKEN;
+ }
+
+ // Plivo
+ if (resolved.provider === "plivo") {
+ resolved.plivo = resolved.plivo ?? {};
+ resolved.plivo.authId =
+ resolved.plivo.authId ?? process.env.PLIVO_AUTH_ID;
+ resolved.plivo.authToken =
+ resolved.plivo.authToken ?? process.env.PLIVO_AUTH_TOKEN;
+ }
+
+ // Tunnel Config
+ resolved.tunnel = resolved.tunnel ?? {
+ provider: "none",
+ allowNgrokFreeTierLoopbackBypass: false,
+ };
+ resolved.tunnel.allowNgrokFreeTierLoopbackBypass =
+ resolved.tunnel.allowNgrokFreeTierLoopbackBypass ||
+ resolved.tunnel.allowNgrokFreeTier ||
+ false;
+ resolved.tunnel.ngrokAuthToken =
+ resolved.tunnel.ngrokAuthToken ?? process.env.NGROK_AUTHTOKEN;
+ resolved.tunnel.ngrokDomain =
+ resolved.tunnel.ngrokDomain ?? process.env.NGROK_DOMAIN;
+
+ return resolved;
+}
+
/**
* Validate that the configuration has all required fields for the selected provider.
*/
diff --git a/extensions/voice-call/src/providers/twilio.ts b/extensions/voice-call/src/providers/twilio.ts
index be9dd6eda..87c0f244d 100644
--- a/extensions/voice-call/src/providers/twilio.ts
+++ b/extensions/voice-call/src/providers/twilio.ts
@@ -31,8 +31,8 @@ import { verifyTwilioProviderWebhook } from "./twilio/webhook.js";
* @see https://www.twilio.com/docs/voice/media-streams
*/
export interface TwilioProviderOptions {
- /** Allow ngrok free tier compatibility mode (less secure) */
- allowNgrokFreeTier?: boolean;
+ /** Allow ngrok free tier compatibility mode (loopback only, less secure) */
+ allowNgrokFreeTierLoopbackBypass?: boolean;
/** Override public URL for signature verification */
publicUrl?: string;
/** Path for media stream WebSocket (e.g., /voice/stream) */
diff --git a/extensions/voice-call/src/providers/twilio/webhook.ts b/extensions/voice-call/src/providers/twilio/webhook.ts
index 28f445c88..d5c3abb95 100644
--- a/extensions/voice-call/src/providers/twilio/webhook.ts
+++ b/extensions/voice-call/src/providers/twilio/webhook.ts
@@ -11,7 +11,8 @@ export function verifyTwilioProviderWebhook(params: {
}): WebhookVerificationResult {
const result = verifyTwilioWebhook(params.ctx, params.authToken, {
publicUrl: params.currentPublicUrl || undefined,
- allowNgrokFreeTier: params.options.allowNgrokFreeTier ?? true,
+ allowNgrokFreeTierLoopbackBypass:
+ params.options.allowNgrokFreeTierLoopbackBypass ?? false,
skipVerification: params.options.skipVerification,
});
diff --git a/extensions/voice-call/src/runtime.ts b/extensions/voice-call/src/runtime.ts
index 0770333cd..6f638ab5b 100644
--- a/extensions/voice-call/src/runtime.ts
+++ b/extensions/voice-call/src/runtime.ts
@@ -1,6 +1,6 @@
import type { CoreConfig } from "./core-bridge.js";
import type { VoiceCallConfig } from "./config.js";
-import { validateProviderConfig } from "./config.js";
+import { resolveVoiceCallConfig, validateProviderConfig } from "./config.js";
import { CallManager } from "./manager.js";
import type { VoiceCallProvider } from "./providers/base.js";
import { MockProvider } from "./providers/mock.js";
@@ -33,24 +33,34 @@ type Logger = {
debug: (message: string) => void;
};
+function isLoopbackBind(bind: string | undefined): boolean {
+ if (!bind) return false;
+ return bind === "127.0.0.1" || bind === "::1" || bind === "localhost";
+}
+
function resolveProvider(config: VoiceCallConfig): VoiceCallProvider {
+ const allowNgrokFreeTierLoopbackBypass =
+ config.tunnel?.provider === "ngrok" &&
+ isLoopbackBind(config.serve?.bind) &&
+ (config.tunnel?.allowNgrokFreeTierLoopbackBypass ||
+ config.tunnel?.allowNgrokFreeTier ||
+ false);
+
switch (config.provider) {
case "telnyx":
return new TelnyxProvider({
- apiKey: config.telnyx?.apiKey ?? process.env.TELNYX_API_KEY,
- connectionId:
- config.telnyx?.connectionId ?? process.env.TELNYX_CONNECTION_ID,
- publicKey: config.telnyx?.publicKey ?? process.env.TELNYX_PUBLIC_KEY,
+ apiKey: config.telnyx?.apiKey,
+ connectionId: config.telnyx?.connectionId,
+ publicKey: config.telnyx?.publicKey,
});
case "twilio":
return new TwilioProvider(
{
- accountSid:
- config.twilio?.accountSid ?? process.env.TWILIO_ACCOUNT_SID,
- authToken: config.twilio?.authToken ?? process.env.TWILIO_AUTH_TOKEN,
+ accountSid: config.twilio?.accountSid,
+ authToken: config.twilio?.authToken,
},
{
- allowNgrokFreeTier: config.tunnel?.allowNgrokFreeTier ?? true,
+ allowNgrokFreeTierLoopbackBypass,
publicUrl: config.publicUrl,
skipVerification: config.skipSignatureVerification,
streamPath: config.streaming?.enabled
@@ -61,8 +71,8 @@ function resolveProvider(config: VoiceCallConfig): VoiceCallProvider {
case "plivo":
return new PlivoProvider(
{
- authId: config.plivo?.authId ?? process.env.PLIVO_AUTH_ID,
- authToken: config.plivo?.authToken ?? process.env.PLIVO_AUTH_TOKEN,
+ authId: config.plivo?.authId,
+ authToken: config.plivo?.authToken,
},
{
publicUrl: config.publicUrl,
@@ -85,7 +95,7 @@ export async function createVoiceCallRuntime(params: {
ttsRuntime?: TelephonyTtsRuntime;
logger?: Logger;
}): Promise {
- const { config, coreConfig, ttsRuntime, logger } = params;
+ const { config: rawConfig, coreConfig, ttsRuntime, logger } = params;
const log = logger ?? {
info: console.log,
warn: console.warn,
@@ -93,6 +103,8 @@ export async function createVoiceCallRuntime(params: {
debug: console.debug,
};
+ const config = resolveVoiceCallConfig(rawConfig);
+
if (!config.enabled) {
throw new Error(
"Voice call disabled. Enable the plugin entry in config.",
@@ -125,9 +137,8 @@ export async function createVoiceCallRuntime(params: {
provider: config.tunnel.provider,
port: config.serve.port,
path: config.serve.path,
- ngrokAuthToken:
- config.tunnel.ngrokAuthToken ?? process.env.NGROK_AUTHTOKEN,
- ngrokDomain: config.tunnel.ngrokDomain ?? process.env.NGROK_DOMAIN,
+ ngrokAuthToken: config.tunnel.ngrokAuthToken,
+ ngrokDomain: config.tunnel.ngrokDomain,
});
publicUrl = tunnelResult?.publicUrl ?? null;
} catch (err) {
diff --git a/extensions/voice-call/src/types.ts b/extensions/voice-call/src/types.ts
index 7f3928778..68cca11e6 100644
--- a/extensions/voice-call/src/types.ts
+++ b/extensions/voice-call/src/types.ts
@@ -180,6 +180,7 @@ export type WebhookContext = {
url: string;
method: "GET" | "POST" | "PUT" | "DELETE" | "PATCH";
query?: Record;
+ remoteAddress?: string;
};
export type ProviderWebhookParseResult = {
diff --git a/extensions/voice-call/src/webhook-security.test.ts b/extensions/voice-call/src/webhook-security.test.ts
index c31d7225a..3db2983ec 100644
--- a/extensions/voice-call/src/webhook-security.test.ts
+++ b/extensions/voice-call/src/webhook-security.test.ts
@@ -205,4 +205,56 @@ describe("verifyTwilioWebhook", () => {
expect(result.ok).toBe(true);
});
+
+ it("rejects invalid signatures even with ngrok free tier enabled", () => {
+ const authToken = "test-auth-token";
+ const postBody = "CallSid=CS123&CallStatus=completed&From=%2B15550000000";
+
+ const result = verifyTwilioWebhook(
+ {
+ headers: {
+ host: "127.0.0.1:3334",
+ "x-forwarded-proto": "https",
+ "x-forwarded-host": "attacker.ngrok-free.app",
+ "x-twilio-signature": "invalid",
+ },
+ rawBody: postBody,
+ url: "http://127.0.0.1:3334/voice/webhook",
+ method: "POST",
+ remoteAddress: "203.0.113.10",
+ },
+ authToken,
+ { allowNgrokFreeTierLoopbackBypass: true },
+ );
+
+ expect(result.ok).toBe(false);
+ expect(result.isNgrokFreeTier).toBe(true);
+ expect(result.reason).toMatch(/Invalid signature/);
+ });
+
+ it("allows invalid signatures for ngrok free tier only on loopback", () => {
+ const authToken = "test-auth-token";
+ const postBody = "CallSid=CS123&CallStatus=completed&From=%2B15550000000";
+
+ const result = verifyTwilioWebhook(
+ {
+ headers: {
+ host: "127.0.0.1:3334",
+ "x-forwarded-proto": "https",
+ "x-forwarded-host": "local.ngrok-free.app",
+ "x-twilio-signature": "invalid",
+ },
+ rawBody: postBody,
+ url: "http://127.0.0.1:3334/voice/webhook",
+ method: "POST",
+ remoteAddress: "127.0.0.1",
+ },
+ authToken,
+ { allowNgrokFreeTierLoopbackBypass: true },
+ );
+
+ expect(result.ok).toBe(true);
+ expect(result.isNgrokFreeTier).toBe(true);
+ expect(result.reason).toMatch(/compatibility mode/);
+ });
});
diff --git a/extensions/voice-call/src/webhook-security.ts b/extensions/voice-call/src/webhook-security.ts
index 79bd96099..6c7d4d9ab 100644
--- a/extensions/voice-call/src/webhook-security.ts
+++ b/extensions/voice-call/src/webhook-security.ts
@@ -131,6 +131,13 @@ function getHeader(
return value;
}
+function isLoopbackAddress(address?: string): boolean {
+ if (!address) return false;
+ if (address === "127.0.0.1" || address === "::1") return true;
+ if (address.startsWith("::ffff:127.")) return true;
+ return false;
+}
+
/**
* Result of Twilio webhook verification with detailed info.
*/
@@ -155,8 +162,8 @@ export function verifyTwilioWebhook(
options?: {
/** Override the public URL (e.g., from config) */
publicUrl?: string;
- /** Allow ngrok free tier compatibility mode (less secure) */
- allowNgrokFreeTier?: boolean;
+ /** Allow ngrok free tier compatibility mode (loopback only, less secure) */
+ allowNgrokFreeTierLoopbackBypass?: boolean;
/** Skip verification entirely (only for development) */
skipVerification?: boolean;
},
@@ -195,13 +202,17 @@ export function verifyTwilioWebhook(
verificationUrl.includes(".ngrok-free.app") ||
verificationUrl.includes(".ngrok.io");
- if (isNgrokFreeTier && options?.allowNgrokFreeTier) {
+ if (
+ isNgrokFreeTier &&
+ options?.allowNgrokFreeTierLoopbackBypass &&
+ isLoopbackAddress(ctx.remoteAddress)
+ ) {
console.warn(
- "[voice-call] Twilio signature validation failed (proceeding for ngrok free tier compatibility)",
+ "[voice-call] Twilio signature validation failed (ngrok free tier compatibility, loopback only)",
);
return {
ok: true,
- reason: "ngrok free tier compatibility mode",
+ reason: "ngrok free tier compatibility mode (loopback only)",
verificationUrl,
isNgrokFreeTier: true,
};
diff --git a/extensions/voice-call/src/webhook.ts b/extensions/voice-call/src/webhook.ts
index 6ab4d0eed..09e96ffed 100644
--- a/extensions/voice-call/src/webhook.ts
+++ b/extensions/voice-call/src/webhook.ts
@@ -252,6 +252,7 @@ export class VoiceCallWebhookServer {
url: `http://${req.headers.host}${req.url}`,
method: "POST",
query: Object.fromEntries(url.searchParams),
+ remoteAddress: req.socket.remoteAddress ?? undefined,
};
// Verify signature
diff --git a/fly.private.toml b/fly.private.toml
new file mode 100644
index 000000000..6edbc8005
--- /dev/null
+++ b/fly.private.toml
@@ -0,0 +1,39 @@
+# Clawdbot Fly.io PRIVATE deployment configuration
+# Use this template for hardened deployments with no public IP exposure.
+#
+# This config is suitable when:
+# - You only make outbound calls (no inbound webhooks needed)
+# - You use ngrok/Tailscale tunnels for any webhook callbacks
+# - You access the gateway via `fly proxy` or WireGuard, not public URL
+# - You want the deployment hidden from internet scanners (Shodan, etc.)
+#
+# See https://fly.io/docs/reference/configuration/
+
+app = "my-clawdbot" # change to your app name
+primary_region = "iad" # change to your closest region
+
+[build]
+ dockerfile = "Dockerfile"
+
+[env]
+ NODE_ENV = "production"
+ CLAWDBOT_PREFER_PNPM = "1"
+ CLAWDBOT_STATE_DIR = "/data"
+ NODE_OPTIONS = "--max-old-space-size=1536"
+
+[processes]
+ app = "node dist/index.js gateway --allow-unconfigured --port 3000 --bind lan"
+
+# NOTE: No [http_service] block = no public ingress allocated.
+# The gateway will only be accessible via:
+# - fly proxy 3000:3000 -a
+# - fly wireguard (then access via internal IPv6)
+# - fly ssh console
+
+[[vm]]
+ size = "shared-cpu-2x"
+ memory = "2048mb"
+
+[mounts]
+ source = "clawdbot_data"
+ destination = "/data"
diff --git a/package.json b/package.json
index 0c63d5d69..1299d72d5 100644
--- a/package.json
+++ b/package.json
@@ -237,6 +237,9 @@
"vitest": "^4.0.18",
"wireit": "^0.14.12"
},
+ "overrides": {
+ "tar": "7.5.4"
+ },
"pnpm": {
"minimumReleaseAge": 2880,
"overrides": {
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 14bef9f5c..d1c55dd8d 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -335,12 +335,12 @@ importers:
'@matrix-org/matrix-sdk-crypto-nodejs':
specifier: ^0.4.0
version: 0.4.0
+ '@vector-im/matrix-bot-sdk':
+ specifier: 0.8.0-element.3
+ version: 0.8.0-element.3
markdown-it:
specifier: 14.1.0
version: 14.1.0
- matrix-bot-sdk:
- specifier: 0.8.0
- version: 0.8.0
music-metadata:
specifier: ^11.10.6
version: 11.10.6
@@ -357,8 +357,8 @@ importers:
extensions/memory-core:
dependencies:
clawdbot:
- specifier: '>=2026.1.25'
- version: link:../..
+ specifier: '>=2026.1.24-3'
+ version: 2026.1.24-3(@types/express@5.0.6)(audio-decode@2.2.3)(devtools-protocol@0.0.1561482)(typescript@5.9.3)
extensions/memory-lancedb:
dependencies:
@@ -424,6 +424,25 @@ importers:
specifier: ^3.0.0
version: 3.0.0
+ extensions/twitch:
+ dependencies:
+ '@twurple/api':
+ specifier: ^8.0.3
+ version: 8.0.3(@twurple/auth@8.0.3)
+ '@twurple/auth':
+ specifier: ^8.0.3
+ version: 8.0.3
+ '@twurple/chat':
+ specifier: ^8.0.3
+ version: 8.0.3(@twurple/auth@8.0.3)
+ zod:
+ specifier: ^4.3.5
+ version: 4.3.6
+ devDependencies:
+ clawdbot:
+ specifier: workspace:*
+ version: link:../..
+
extensions/voice-call:
dependencies:
'@sinclair/typebox':
@@ -810,6 +829,39 @@ packages:
'@cloudflare/workers-types@4.20260120.0':
resolution: {integrity: sha512-B8pueG+a5S+mdK3z8oKu1ShcxloZ7qWb68IEyLLaepvdryIbNC7JVPcY0bWsjS56UQVKc5fnyRge3yZIwc9bxw==}
+ '@d-fischer/cache-decorators@4.0.1':
+ resolution: {integrity: sha512-HNYLBLWs/t28GFZZeqdIBqq8f37mqDIFO6xNPof94VjpKvuP6ROqCZGafx88dk5zZUlBfViV9jD8iNNlXfc4CA==}
+
+ '@d-fischer/connection@9.0.0':
+ resolution: {integrity: sha512-Mljp/EbaE+eYWfsFXUOk+RfpbHgrWGL/60JkAvjYixw6KREfi5r17XdUiXe54ByAQox6jwgdN2vebdmW1BT+nQ==}
+
+ '@d-fischer/deprecate@2.0.2':
+ resolution: {integrity: sha512-wlw3HwEanJFJKctwLzhfOM6LKwR70FPfGZGoKOhWBKyOPXk+3a9Cc6S9zhm6tka7xKtpmfxVIReGUwPnMbIaZg==}
+
+ '@d-fischer/detect-node@3.0.1':
+ resolution: {integrity: sha512-0Rf3XwTzuTh8+oPZW9SfxTIiL+26RRJ0BRPwj5oVjZFyFKmsj9RGfN2zuTRjOuA3FCK/jYm06HOhwNK+8Pfv8w==}
+
+ '@d-fischer/escape-string-regexp@5.0.0':
+ resolution: {integrity: sha512-7eoxnxcto5eVPW5h1T+ePnVFukmI9f/ZR9nlBLh1t3kyzJDUNor2C+YW9H/Terw3YnbZSDgDYrpCJCHtOtAQHw==}
+ engines: {node: '>=10'}
+
+ '@d-fischer/isomorphic-ws@7.0.2':
+ resolution: {integrity: sha512-xK+qIJUF0ne3dsjq5Y3BviQ4M+gx9dzkN+dPP7abBMje4YRfow+X9jBgeEoTe5e+Q6+8hI9R0b37Okkk8Vf0hQ==}
+ peerDependencies:
+ ws: ^8.2.0
+
+ '@d-fischer/logger@4.2.4':
+ resolution: {integrity: sha512-TFMZ/SVW8xyQtyJw9Rcuci4betSKy0qbQn2B5+1+72vVXeO8Qb1pYvuwF5qr0vDGundmSWq7W8r19nVPnXXSvA==}
+
+ '@d-fischer/rate-limiter@1.1.0':
+ resolution: {integrity: sha512-O5HgACwApyCZhp4JTEBEtbv/W3eAwEkrARFvgWnEsDmXgCMWjIHwohWoHre5BW6IYXFSHBGsuZB/EvNL3942kQ==}
+
+ '@d-fischer/shared-utils@3.6.4':
+ resolution: {integrity: sha512-BPkVLHfn2Lbyo/ENDBwtEB8JVQ+9OzkjJhUunLaxkw4k59YFlQxUUwlDBejVSFcpQT0t+D3CQlX+ySZnQj0wxw==}
+
+ '@d-fischer/typed-event-emitter@3.3.3':
+ resolution: {integrity: sha512-OvSEOa8icfdWDqcRtjSEZtgJTFOFNgTjje7zaL0+nAtu2/kZtRCSK5wUMrI/aXtCH8o0Qz2vA8UqkhWUTARFQQ==}
+
'@discordjs/voice@0.19.0':
resolution: {integrity: sha512-UyX6rGEXzVyPzb1yvjHtPfTlnLvB5jX/stAMdiytHhfoydX+98hfympdOwsnTktzr+IRvphxTbdErgYDJkEsvw==}
engines: {node: '>=22.12.0'}
@@ -2585,6 +2637,25 @@ packages:
'@tokenizer/token@0.3.0':
resolution: {integrity: sha512-OvjF+z51L3ov0OyAU0duzsYuvO01PH7x4t6DJx+guahgTnBHkhJdG7soQeTSFLWN3efnHyibZ4Z8l2EuWwJN3A==}
+ '@twurple/api-call@8.0.3':
+ resolution: {integrity: sha512-/5DBTqFjpYB+qqOkkFzoTWE79a7+I8uLXmBIIIYjGoq/CIPxKcHnlemXlU8cQhTr87PVa3th8zJXGYiNkpRx8w==}
+
+ '@twurple/api@8.0.3':
+ resolution: {integrity: sha512-vnqVi9YlNDbCqgpUUvTIq4sDitKCY0dkTw9zPluZvRNqUB1eCsuoaRNW96HQDhKtA9P4pRzwZ8xU7v/1KU2ytg==}
+ peerDependencies:
+ '@twurple/auth': 8.0.3
+
+ '@twurple/auth@8.0.3':
+ resolution: {integrity: sha512-Xlv+WNXmGQir4aBXYeRCqdno5XurA6jzYTIovSEHa7FZf3AMHMFqtzW7yqTCUn4iOahfUSA2TIIxmxFM0wis0g==}
+
+ '@twurple/chat@8.0.3':
+ resolution: {integrity: sha512-rhm6xhWKp+4zYFimaEj5fPm6lw/yjrAOsGXXSvPDsEqFR+fc0cVXzmHmglTavkmEELRajFiqNBKZjg73JZWhTQ==}
+ peerDependencies:
+ '@twurple/auth': 8.0.3
+
+ '@twurple/common@8.0.3':
+ resolution: {integrity: sha512-JQ2lb5qSFT21Y9qMfIouAILb94ppedLHASq49Fe/AP8oq0k3IC9Q7tX2n6tiMzGWqn+n8MnONUpMSZ6FhulMXA==}
+
'@tybys/wasm-util@0.10.1':
resolution: {integrity: sha512-9tTaPJLSiejZKx+Bmog4uSubteqTvFrVrURwkmHixBo0G4seD0zUxp98E1DzUBJxLQ3NPwXrGKDiVjwx/DpPsg==}
@@ -2597,6 +2668,9 @@ packages:
'@types/bun@1.3.6':
resolution: {integrity: sha512-uWCv6FO/8LcpREhenN1d1b6fcspAB+cefwD7uti8C8VffIv0Um08TKMn98FynpTiU38+y2dUO55T11NgDt8VAA==}
+ '@types/caseless@0.12.5':
+ resolution: {integrity: sha512-hWtVTC2q7hc7xZ/RLbxapMvDMgUnDvKvMOpKal4DrMyfGBUfB1oKaZlIRr6mJL+If3bAP6sV/QneGzF6tJjZDg==}
+
'@types/chai@5.2.3':
resolution: {integrity: sha512-Mw558oeA9fFbv65/y4mHtXDs9bPnFMZAL/jxdPFUpOHHIXX91mcgEHbS5Lahr+pwZFR8A7GQleRWeI6cGFC2UA==}
@@ -2678,6 +2752,9 @@ packages:
'@types/range-parser@1.2.7':
resolution: {integrity: sha512-hKormJbkJqzQGhziax5PItDUTMAM9uE2XXQmM37dyd4hVM+5aVl7oVxMVUiVQn2oCQFN/LKCZdvSM0pFRqbSmQ==}
+ '@types/request@2.48.13':
+ resolution: {integrity: sha512-FGJ6udDNUCjd19pp0Q3iTiDkwhYup7J8hpMW9c4k53NrccQFFWKRho6hvtPPEhnXWKvukfwAlB6DbDz4yhH5Gg==}
+
'@types/retry@0.12.0':
resolution: {integrity: sha512-wWKOClTTiizcZhXnPY4wikVAwmdYHp8q6DmC+EJUzAMsycb7HB32Kh9RN4+0gExjmPmZSAQjgURXIGATPegAvA==}
@@ -2696,6 +2773,9 @@ packages:
'@types/serve-static@2.2.0':
resolution: {integrity: sha512-8mam4H1NHLtu7nmtalF7eyBH14QyOASmcxHhSfEoRyr0nP/YdoesEtU+uSRvMe96TW/HPTtkoKqQLl53N7UXMQ==}
+ '@types/tough-cookie@4.0.5':
+ resolution: {integrity: sha512-/Ad8+nIOV7Rl++6f1BdKxFSMgmoqEoYbHRpPcx3JEfv8VRsQe9Z4mCXeJBzxs7mbHY/XOZZuXlRNfhpVPbs6ZA==}
+
'@types/trusted-types@2.0.7':
resolution: {integrity: sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==}
@@ -2752,6 +2832,10 @@ packages:
'@urbit/http-api@3.0.0':
resolution: {integrity: sha512-EmyPbWHWXhfYQ/9wWFcLT53VvCn8ct9ljd6QEe+UBjNPEhUPOFBLpDsDp3iPLQgg8ykSU8JMMHxp95LHCorExA==}
+ '@vector-im/matrix-bot-sdk@0.8.0-element.3':
+ resolution: {integrity: sha512-2FFo/Kz2vTnOZDv59Q0s803LHf7KzuQ2EwOYYAtO0zUKJ8pV5CPsVC/IHyFb+Fsxl3R9XWFiX529yhslb4v9cQ==}
+ engines: {node: '>=22.0.0'}
+
'@vitest/browser-playwright@4.0.18':
resolution: {integrity: sha512-gfajTHVCiwpxRj1qh0Sh/5bbGLG4F/ZH/V9xvFVoFddpITfMta9YGow0W6ZpTTORv2vdJuz9TnrNSmjKvpOf4g==}
peerDependencies:
@@ -3124,6 +3208,11 @@ packages:
class-variance-authority@0.7.1:
resolution: {integrity: sha512-Ka+9Trutv7G8M6WT6SeiRWz792K5qEqIGEGzXKhAE6xOWAY6pPH8U+9IY3oCMv6kqTmLsv7Xh/2w2RigkePMsg==}
+ clawdbot@2026.1.24-3:
+ resolution: {integrity: sha512-zt9BzhWXduq8ZZR4rfzQDurQWAgmijTTyPZCQGrn5ew6wCEwhxxEr2/NHG7IlCwcfRsKymsY4se9KMhoNz0JtQ==}
+ engines: {node: '>=22.12.0'}
+ hasBin: true
+
cli-cursor@5.0.0:
resolution: {integrity: sha512-aCj4O5wKyszjMmDT4tZj93kxyydN/K5zPWSCe6/0AV/AA1pqe5ZBIw0a2ZfPQV7lL5/yb5HsUreJ6UFAF1tEQw==}
engines: {node: '>=18'}
@@ -3541,6 +3630,10 @@ packages:
resolution: {integrity: sha512-1lLKB2Mu3aGP1Q/2eCOx0fNbRMe7XdwktwOruhfqqd0rIJWwN4Dh+E3hrPSlDCXnSR7UtZ1N38rVXm+6+MEhJQ==}
engines: {node: '>= 0.12'}
+ form-data@2.5.5:
+ resolution: {integrity: sha512-jqdObeR2rxZZbPSGL+3VckHMYtu+f9//KXBsVny6JSX/pa38Fy+bGjuG8eW/H6USNQWhLi8Num++cU2yOCNz4A==}
+ engines: {node: '>= 0.12'}
+
form-data@4.0.5:
resolution: {integrity: sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w==}
engines: {node: '>= 6'}
@@ -3775,6 +3868,9 @@ packages:
engines: {node: '>=18.0.0'}
hasBin: true
+ ircv3@0.33.0:
+ resolution: {integrity: sha512-7rK1Aial3LBiFycE8w3MHiBBFb41/2GG2Ll/fR2IJj1vx0pLpn1s+78K+z/I4PZTqCCSp/Sb4QgKMh3NMhx0Kg==}
+
is-binary-path@2.1.0:
resolution: {integrity: sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==}
engines: {node: '>=8'}
@@ -3944,6 +4040,10 @@ packages:
keyv@5.6.0:
resolution: {integrity: sha512-CYDD3SOtsHtyXeEORYRx2qBtpDJFjRTGXUtmNEMGyzYOKj1TE3tycdlho7kA1Ufx9OYWZzg52QFBGALTirzDSw==}
+ klona@2.0.6:
+ resolution: {integrity: sha512-dhG34DXATL5hSxJbIexCft8FChFXtmskoZYnoPWjXQuebWYCNkVeV3KkGegCK9CP1oswI/vQibS2GY7Em/sJJA==}
+ engines: {node: '>= 8'}
+
leac@0.6.0:
resolution: {integrity: sha512-y+SqErxb8h7nE/fiEX07jsbuhrpO9lL8eca7/Y1nuWV2moNlXhyd59iDGcRf6moVyDMbmTNzL40SUyrFU/yDpg==}
@@ -4158,10 +4258,6 @@ packages:
resolution: {integrity: sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==}
engines: {node: '>= 0.4'}
- matrix-bot-sdk@0.8.0:
- resolution: {integrity: sha512-sCY5UvZfsZhJdCjSc8wZhGhIHOe5cSFSILxx9Zp5a/NEXtmQ6W/bIhefIk4zFAZXetFwXsgvKh1960k1hG5WDw==}
- engines: {node: '>=22.0.0'}
-
mdurl@2.0.0:
resolution: {integrity: sha512-Lf+9+2r+Tdp5wXDXC4PcIBjTDtq4UKjCPMQhKIuzpJNW0b96kVqSwW0bT7FhRSfmAiFYgP+SCRvdrDozfh0U5w==}
@@ -6383,6 +6479,54 @@ snapshots:
'@cloudflare/workers-types@4.20260120.0':
optional: true
+ '@d-fischer/cache-decorators@4.0.1':
+ dependencies:
+ '@d-fischer/shared-utils': 3.6.4
+ tslib: 2.8.1
+
+ '@d-fischer/connection@9.0.0':
+ dependencies:
+ '@d-fischer/isomorphic-ws': 7.0.2(ws@8.19.0)
+ '@d-fischer/logger': 4.2.4
+ '@d-fischer/shared-utils': 3.6.4
+ '@d-fischer/typed-event-emitter': 3.3.3
+ '@types/ws': 8.18.1
+ tslib: 2.8.1
+ ws: 8.19.0
+ transitivePeerDependencies:
+ - bufferutil
+ - utf-8-validate
+
+ '@d-fischer/deprecate@2.0.2': {}
+
+ '@d-fischer/detect-node@3.0.1': {}
+
+ '@d-fischer/escape-string-regexp@5.0.0': {}
+
+ '@d-fischer/isomorphic-ws@7.0.2(ws@8.19.0)':
+ dependencies:
+ ws: 8.19.0
+
+ '@d-fischer/logger@4.2.4':
+ dependencies:
+ '@d-fischer/detect-node': 3.0.1
+ '@d-fischer/shared-utils': 3.6.4
+ tslib: 2.8.1
+
+ '@d-fischer/rate-limiter@1.1.0':
+ dependencies:
+ '@d-fischer/logger': 4.2.4
+ '@d-fischer/shared-utils': 3.6.4
+ tslib: 2.8.1
+
+ '@d-fischer/shared-utils@3.6.4':
+ dependencies:
+ tslib: 2.8.1
+
+ '@d-fischer/typed-event-emitter@3.3.3':
+ dependencies:
+ tslib: 2.8.1
+
'@discordjs/voice@0.19.0':
dependencies:
'@types/ws': 8.18.1
@@ -8225,6 +8369,57 @@ snapshots:
'@tokenizer/token@0.3.0': {}
+ '@twurple/api-call@8.0.3':
+ dependencies:
+ '@d-fischer/shared-utils': 3.6.4
+ '@twurple/common': 8.0.3
+ tslib: 2.8.1
+
+ '@twurple/api@8.0.3(@twurple/auth@8.0.3)':
+ dependencies:
+ '@d-fischer/cache-decorators': 4.0.1
+ '@d-fischer/detect-node': 3.0.1
+ '@d-fischer/logger': 4.2.4
+ '@d-fischer/rate-limiter': 1.1.0
+ '@d-fischer/shared-utils': 3.6.4
+ '@d-fischer/typed-event-emitter': 3.3.3
+ '@twurple/api-call': 8.0.3
+ '@twurple/auth': 8.0.3
+ '@twurple/common': 8.0.3
+ retry: 0.13.1
+ tslib: 2.8.1
+
+ '@twurple/auth@8.0.3':
+ dependencies:
+ '@d-fischer/logger': 4.2.4
+ '@d-fischer/shared-utils': 3.6.4
+ '@d-fischer/typed-event-emitter': 3.3.3
+ '@twurple/api-call': 8.0.3
+ '@twurple/common': 8.0.3
+ tslib: 2.8.1
+
+ '@twurple/chat@8.0.3(@twurple/auth@8.0.3)':
+ dependencies:
+ '@d-fischer/cache-decorators': 4.0.1
+ '@d-fischer/deprecate': 2.0.2
+ '@d-fischer/logger': 4.2.4
+ '@d-fischer/rate-limiter': 1.1.0
+ '@d-fischer/shared-utils': 3.6.4
+ '@d-fischer/typed-event-emitter': 3.3.3
+ '@twurple/auth': 8.0.3
+ '@twurple/common': 8.0.3
+ ircv3: 0.33.0
+ tslib: 2.8.1
+ transitivePeerDependencies:
+ - bufferutil
+ - utf-8-validate
+
+ '@twurple/common@8.0.3':
+ dependencies:
+ '@d-fischer/shared-utils': 3.6.4
+ klona: 2.0.6
+ tslib: 2.8.1
+
'@tybys/wasm-util@0.10.1':
dependencies:
tslib: 2.8.1
@@ -8243,6 +8438,8 @@ snapshots:
bun-types: 1.3.6
optional: true
+ '@types/caseless@0.12.5': {}
+
'@types/chai@5.2.3':
dependencies:
'@types/deep-eql': 4.0.2
@@ -8335,6 +8532,13 @@ snapshots:
'@types/range-parser@1.2.7': {}
+ '@types/request@2.48.13':
+ dependencies:
+ '@types/caseless': 0.12.5
+ '@types/node': 25.0.10
+ '@types/tough-cookie': 4.0.5
+ form-data: 2.5.5
+
'@types/retry@0.12.0': {}
'@types/retry@0.12.5': {}
@@ -8359,6 +8563,8 @@ snapshots:
'@types/http-errors': 2.0.5
'@types/node': 25.0.10
+ '@types/tough-cookie@4.0.5': {}
+
'@types/trusted-types@2.0.7': {}
'@types/ws@8.18.1':
@@ -8412,6 +8618,30 @@ snapshots:
browser-or-node: 1.3.0
core-js: 3.48.0
+ '@vector-im/matrix-bot-sdk@0.8.0-element.3':
+ dependencies:
+ '@matrix-org/matrix-sdk-crypto-nodejs': 0.4.0
+ '@types/express': 4.17.25
+ '@types/request': 2.48.13
+ another-json: 0.2.0
+ async-lock: 1.4.1
+ chalk: 4.1.2
+ express: 4.22.1
+ glob-to-regexp: 0.4.1
+ hash.js: 1.1.7
+ html-to-text: 9.0.5
+ htmlencode: 0.0.4
+ lowdb: 1.0.0
+ lru-cache: 10.4.3
+ mkdirp: 3.0.1
+ morgan: 1.10.1
+ postgres: 3.4.8
+ request: 2.88.2
+ request-promise: 4.2.6(request@2.88.2)
+ sanitize-html: 2.17.0
+ transitivePeerDependencies:
+ - supports-color
+
'@vitest/browser-playwright@4.0.18(playwright@1.58.0)(vite@7.3.1(@types/node@25.0.10)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2))(vitest@4.0.18)':
dependencies:
'@vitest/browser': 4.0.18(vite@7.3.1(@types/node@25.0.10)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2))(vitest@4.0.18)
@@ -8862,6 +9092,84 @@ snapshots:
dependencies:
clsx: 2.1.1
+ clawdbot@2026.1.24-3(@types/express@5.0.6)(audio-decode@2.2.3)(devtools-protocol@0.0.1561482)(typescript@5.9.3):
+ dependencies:
+ '@agentclientprotocol/sdk': 0.13.1(zod@4.3.6)
+ '@aws-sdk/client-bedrock': 3.975.0
+ '@buape/carbon': 0.14.0(hono@4.11.4)
+ '@clack/prompts': 0.11.0
+ '@grammyjs/runner': 2.0.3(grammy@1.39.3)
+ '@grammyjs/transformer-throttler': 1.2.1(grammy@1.39.3)
+ '@homebridge/ciao': 1.3.4
+ '@line/bot-sdk': 10.6.0
+ '@lydell/node-pty': 1.2.0-beta.3
+ '@mariozechner/pi-agent-core': 0.49.3(ws@8.19.0)(zod@4.3.6)
+ '@mariozechner/pi-ai': 0.49.3(ws@8.19.0)(zod@4.3.6)
+ '@mariozechner/pi-coding-agent': 0.49.3(ws@8.19.0)(zod@4.3.6)
+ '@mariozechner/pi-tui': 0.49.3
+ '@mozilla/readability': 0.6.0
+ '@sinclair/typebox': 0.34.47
+ '@slack/bolt': 4.6.0(@types/express@5.0.6)
+ '@slack/web-api': 7.13.0
+ '@whiskeysockets/baileys': 7.0.0-rc.9(audio-decode@2.2.3)(sharp@0.34.5)
+ ajv: 8.17.1
+ body-parser: 2.2.2
+ chalk: 5.6.2
+ chokidar: 5.0.0
+ chromium-bidi: 13.0.1(devtools-protocol@0.0.1561482)
+ cli-highlight: 2.1.11
+ commander: 14.0.2
+ croner: 9.1.0
+ detect-libc: 2.1.2
+ discord-api-types: 0.38.37
+ dotenv: 17.2.3
+ express: 5.2.1
+ file-type: 21.3.0
+ grammy: 1.39.3
+ hono: 4.11.4
+ jiti: 2.6.1
+ json5: 2.2.3
+ jszip: 3.10.1
+ linkedom: 0.18.12
+ long: 5.3.2
+ markdown-it: 14.1.0
+ node-edge-tts: 1.2.9
+ osc-progress: 0.3.0
+ pdfjs-dist: 5.4.530
+ playwright-core: 1.58.0
+ proper-lockfile: 4.1.2
+ qrcode-terminal: 0.12.0
+ sharp: 0.34.5
+ sqlite-vec: 0.1.7-alpha.2
+ tar: 7.5.4
+ tslog: 4.10.2
+ undici: 7.19.0
+ ws: 8.19.0
+ yaml: 2.8.2
+ zod: 4.3.6
+ optionalDependencies:
+ '@napi-rs/canvas': 0.1.88
+ node-llama-cpp: 3.15.0(typescript@5.9.3)
+ transitivePeerDependencies:
+ - '@discordjs/opus'
+ - '@modelcontextprotocol/sdk'
+ - '@types/express'
+ - audio-decode
+ - aws-crt
+ - bufferutil
+ - canvas
+ - debug
+ - devtools-protocol
+ - encoding
+ - ffmpeg-static
+ - jimp
+ - link-preview-js
+ - node-opus
+ - opusscript
+ - supports-color
+ - typescript
+ - utf-8-validate
+
cli-cursor@5.0.0:
dependencies:
restore-cursor: 5.1.0
@@ -9342,6 +9650,15 @@ snapshots:
combined-stream: 1.0.8
mime-types: 2.1.35
+ form-data@2.5.5:
+ dependencies:
+ asynckit: 0.4.0
+ combined-stream: 1.0.8
+ es-set-tostringtag: 2.1.0
+ hasown: 2.0.2
+ mime-types: 2.1.35
+ safe-buffer: 5.2.1
+
form-data@4.0.5:
dependencies:
asynckit: 0.4.0
@@ -9644,6 +9961,19 @@ snapshots:
'@reflink/reflink': 0.1.19
optional: true
+ ircv3@0.33.0:
+ dependencies:
+ '@d-fischer/connection': 9.0.0
+ '@d-fischer/escape-string-regexp': 5.0.0
+ '@d-fischer/logger': 4.2.4
+ '@d-fischer/shared-utils': 3.6.4
+ '@d-fischer/typed-event-emitter': 3.3.3
+ klona: 2.0.6
+ tslib: 2.8.1
+ transitivePeerDependencies:
+ - bufferutil
+ - utf-8-validate
+
is-binary-path@2.1.0:
dependencies:
binary-extensions: 2.3.0
@@ -9814,6 +10144,8 @@ snapshots:
dependencies:
'@keyv/serialize': 1.1.1
+ klona@2.0.6: {}
+
leac@0.6.0: {}
lie@3.3.0:
@@ -10006,29 +10338,6 @@ snapshots:
math-intrinsics@1.1.0: {}
- matrix-bot-sdk@0.8.0:
- dependencies:
- '@matrix-org/matrix-sdk-crypto-nodejs': 0.4.0
- '@types/express': 4.17.25
- another-json: 0.2.0
- async-lock: 1.4.1
- chalk: 4.1.2
- express: 4.22.1
- glob-to-regexp: 0.4.1
- hash.js: 1.1.7
- html-to-text: 9.0.5
- htmlencode: 0.0.4
- lowdb: 1.0.0
- lru-cache: 10.4.3
- mkdirp: 3.0.1
- morgan: 1.10.1
- postgres: 3.4.8
- request: 2.88.2
- request-promise: 4.2.6(request@2.88.2)
- sanitize-html: 2.17.0
- transitivePeerDependencies:
- - supports-color
-
mdurl@2.0.0: {}
media-typer@0.3.0: {}
diff --git a/scripts/claude-auth-status.sh b/scripts/claude-auth-status.sh
index cf10b197d..d0294d58d 100755
--- a/scripts/claude-auth-status.sh
+++ b/scripts/claude-auth-status.sh
@@ -54,7 +54,7 @@ calc_status_from_expires() {
json_expires_for_claude_cli() {
echo "$STATUS_JSON" | jq -r '
[.auth.oauth.profiles[]
- | select(.provider == "anthropic" and .type == "oauth" and .source == "claude-cli")
+ | select(.provider == "anthropic" and (.type == "oauth" or .type == "token"))
| .expiresAt // 0]
| max // 0
' 2>/dev/null || echo "0"
diff --git a/skills/nano-banana-pro/SKILL.md b/skills/nano-banana-pro/SKILL.md
index a36c21f64..469576ec7 100644
--- a/skills/nano-banana-pro/SKILL.md
+++ b/skills/nano-banana-pro/SKILL.md
@@ -14,9 +14,14 @@ Generate
uv run {baseDir}/scripts/generate_image.py --prompt "your image description" --filename "output.png" --resolution 1K
```
-Edit
+Edit (single image)
```bash
-uv run {baseDir}/scripts/generate_image.py --prompt "edit instructions" --filename "output.png" --input-image "/path/in.png" --resolution 2K
+uv run {baseDir}/scripts/generate_image.py --prompt "edit instructions" --filename "output.png" -i "/path/in.png" --resolution 2K
+```
+
+Multi-image composition (up to 14 images)
+```bash
+uv run {baseDir}/scripts/generate_image.py --prompt "combine these into one scene" --filename "output.png" -i img1.png -i img2.png -i img3.png
```
API key
diff --git a/skills/nano-banana-pro/scripts/generate_image.py b/skills/nano-banana-pro/scripts/generate_image.py
index 48dd9e9e5..32fc1fc32 100755
--- a/skills/nano-banana-pro/scripts/generate_image.py
+++ b/skills/nano-banana-pro/scripts/generate_image.py
@@ -11,6 +11,9 @@ Generate images using Google's Nano Banana Pro (Gemini 3 Pro Image) API.
Usage:
uv run generate_image.py --prompt "your image description" --filename "output.png" [--resolution 1K|2K|4K] [--api-key KEY]
+
+Multi-image editing (up to 14 images):
+ uv run generate_image.py --prompt "combine these images" --filename "output.png" -i img1.png -i img2.png -i img3.png
"""
import argparse
@@ -42,7 +45,10 @@ def main():
)
parser.add_argument(
"--input-image", "-i",
- help="Optional input image path for editing/modification"
+ action="append",
+ dest="input_images",
+ metavar="IMAGE",
+ help="Input image path(s) for editing/composition. Can be specified multiple times (up to 14 images)."
)
parser.add_argument(
"--resolution", "-r",
@@ -78,34 +84,43 @@ def main():
output_path = Path(args.filename)
output_path.parent.mkdir(parents=True, exist_ok=True)
- # Load input image if provided
- input_image = None
+ # Load input images if provided (up to 14 supported by Nano Banana Pro)
+ input_images = []
output_resolution = args.resolution
- if args.input_image:
- try:
- input_image = PILImage.open(args.input_image)
- print(f"Loaded input image: {args.input_image}")
-
- # Auto-detect resolution if not explicitly set by user
- if args.resolution == "1K": # Default value
- # Map input image size to resolution
- width, height = input_image.size
- max_dim = max(width, height)
- if max_dim >= 3000:
- output_resolution = "4K"
- elif max_dim >= 1500:
- output_resolution = "2K"
- else:
- output_resolution = "1K"
- print(f"Auto-detected resolution: {output_resolution} (from input {width}x{height})")
- except Exception as e:
- print(f"Error loading input image: {e}", file=sys.stderr)
+ if args.input_images:
+ if len(args.input_images) > 14:
+ print(f"Error: Too many input images ({len(args.input_images)}). Maximum is 14.", file=sys.stderr)
sys.exit(1)
- # Build contents (image first if editing, prompt only if generating)
- if input_image:
- contents = [input_image, args.prompt]
- print(f"Editing image with resolution {output_resolution}...")
+ max_input_dim = 0
+ for img_path in args.input_images:
+ try:
+ img = PILImage.open(img_path)
+ input_images.append(img)
+ print(f"Loaded input image: {img_path}")
+
+ # Track largest dimension for auto-resolution
+ width, height = img.size
+ max_input_dim = max(max_input_dim, width, height)
+ except Exception as e:
+ print(f"Error loading input image '{img_path}': {e}", file=sys.stderr)
+ sys.exit(1)
+
+ # Auto-detect resolution from largest input if not explicitly set
+ if args.resolution == "1K" and max_input_dim > 0: # Default value
+ if max_input_dim >= 3000:
+ output_resolution = "4K"
+ elif max_input_dim >= 1500:
+ output_resolution = "2K"
+ else:
+ output_resolution = "1K"
+ print(f"Auto-detected resolution: {output_resolution} (from max input dimension {max_input_dim})")
+
+ # Build contents (images first if editing, prompt only if generating)
+ if input_images:
+ contents = [*input_images, args.prompt]
+ img_count = len(input_images)
+ print(f"Processing {img_count} image{'s' if img_count > 1 else ''} with resolution {output_resolution}...")
else:
contents = args.prompt
print(f"Generating image with resolution {output_resolution}...")
diff --git a/src/agents/auth-health.ts b/src/agents/auth-health.ts
index 96e79dc66..15bf3a07f 100644
--- a/src/agents/auth-health.ts
+++ b/src/agents/auth-health.ts
@@ -2,12 +2,10 @@ import type { ClawdbotConfig } from "../config/config.js";
import {
type AuthProfileCredential,
type AuthProfileStore,
- CLAUDE_CLI_PROFILE_ID,
- CODEX_CLI_PROFILE_ID,
resolveAuthProfileDisplayLabel,
} from "./auth-profiles.js";
-export type AuthProfileSource = "claude-cli" | "codex-cli" | "store";
+export type AuthProfileSource = "store";
export type AuthProfileHealthStatus = "ok" | "expiring" | "expired" | "missing" | "static";
@@ -41,9 +39,7 @@ export type AuthHealthSummary = {
export const DEFAULT_OAUTH_WARN_MS = 24 * 60 * 60 * 1000;
-export function resolveAuthProfileSource(profileId: string): AuthProfileSource {
- if (profileId === CLAUDE_CLI_PROFILE_ID) return "claude-cli";
- if (profileId === CODEX_CLI_PROFILE_ID) return "codex-cli";
+export function resolveAuthProfileSource(_profileId: string): AuthProfileSource {
return "store";
}
diff --git a/src/agents/auth-profiles.ensureauthprofilestore.test.ts b/src/agents/auth-profiles.ensureauthprofilestore.test.ts
index 3eadb6c5b..db7d6f031 100644
--- a/src/agents/auth-profiles.ensureauthprofilestore.test.ts
+++ b/src/agents/auth-profiles.ensureauthprofilestore.test.ts
@@ -3,8 +3,7 @@ import os from "node:os";
import path from "node:path";
import { describe, expect, it } from "vitest";
import { ensureAuthProfileStore } from "./auth-profiles.js";
-import { AUTH_STORE_VERSION, CODEX_CLI_PROFILE_ID } from "./auth-profiles/constants.js";
-import { withTempHome } from "../../test/helpers/temp-home.js";
+import { AUTH_STORE_VERSION } from "./auth-profiles/constants.js";
describe("ensureAuthProfileStore", () => {
it("migrates legacy auth.json and deletes it (PR #368)", () => {
@@ -123,80 +122,4 @@ describe("ensureAuthProfileStore", () => {
fs.rmSync(root, { recursive: true, force: true });
}
});
-
- it("drops codex-cli from merged store when a custom openai-codex profile matches", async () => {
- await withTempHome(async (tempHome) => {
- const root = fs.mkdtempSync(path.join(os.tmpdir(), "clawdbot-auth-dedup-merge-"));
- const previousAgentDir = process.env.CLAWDBOT_AGENT_DIR;
- const previousPiAgentDir = process.env.PI_CODING_AGENT_DIR;
- try {
- const mainDir = path.join(root, "main-agent");
- const agentDir = path.join(root, "agent-x");
- fs.mkdirSync(mainDir, { recursive: true });
- fs.mkdirSync(agentDir, { recursive: true });
-
- process.env.CLAWDBOT_AGENT_DIR = mainDir;
- process.env.PI_CODING_AGENT_DIR = mainDir;
- process.env.HOME = tempHome;
-
- fs.writeFileSync(
- path.join(mainDir, "auth-profiles.json"),
- `${JSON.stringify(
- {
- version: AUTH_STORE_VERSION,
- profiles: {
- [CODEX_CLI_PROFILE_ID]: {
- type: "oauth",
- provider: "openai-codex",
- access: "shared-access-token",
- refresh: "shared-refresh-token",
- expires: Date.now() + 3600000,
- },
- },
- },
- null,
- 2,
- )}\n`,
- "utf8",
- );
-
- fs.writeFileSync(
- path.join(agentDir, "auth-profiles.json"),
- `${JSON.stringify(
- {
- version: AUTH_STORE_VERSION,
- profiles: {
- "openai-codex:my-custom-profile": {
- type: "oauth",
- provider: "openai-codex",
- access: "shared-access-token",
- refresh: "shared-refresh-token",
- expires: Date.now() + 3600000,
- },
- },
- },
- null,
- 2,
- )}\n`,
- "utf8",
- );
-
- const store = ensureAuthProfileStore(agentDir);
- expect(store.profiles[CODEX_CLI_PROFILE_ID]).toBeUndefined();
- expect(store.profiles["openai-codex:my-custom-profile"]).toBeDefined();
- } finally {
- if (previousAgentDir === undefined) {
- delete process.env.CLAWDBOT_AGENT_DIR;
- } else {
- process.env.CLAWDBOT_AGENT_DIR = previousAgentDir;
- }
- if (previousPiAgentDir === undefined) {
- delete process.env.PI_CODING_AGENT_DIR;
- } else {
- process.env.PI_CODING_AGENT_DIR = previousPiAgentDir;
- }
- fs.rmSync(root, { recursive: true, force: true });
- }
- });
- });
});
diff --git a/src/agents/auth-profiles.external-cli-credential-sync.does-not-overwrite-api-keys-syncing-external.test.ts b/src/agents/auth-profiles.external-cli-credential-sync.does-not-overwrite-api-keys-syncing-external.test.ts
deleted file mode 100644
index 1109d3452..000000000
--- a/src/agents/auth-profiles.external-cli-credential-sync.does-not-overwrite-api-keys-syncing-external.test.ts
+++ /dev/null
@@ -1,102 +0,0 @@
-import fs from "node:fs";
-import os from "node:os";
-import path from "node:path";
-import { describe, expect, it } from "vitest";
-import { withTempHome } from "../../test/helpers/temp-home.js";
-import { CLAUDE_CLI_PROFILE_ID, ensureAuthProfileStore } from "./auth-profiles.js";
-
-describe("external CLI credential sync", () => {
- it("does not overwrite API keys when syncing external CLI creds", async () => {
- const agentDir = fs.mkdtempSync(path.join(os.tmpdir(), "clawdbot-no-overwrite-"));
- try {
- await withTempHome(
- async (tempHome) => {
- // Create Claude Code CLI credentials
- const claudeDir = path.join(tempHome, ".claude");
- fs.mkdirSync(claudeDir, { recursive: true });
- const claudeCreds = {
- claudeAiOauth: {
- accessToken: "cli-access",
- refreshToken: "cli-refresh",
- expiresAt: Date.now() + 30 * 60 * 1000,
- },
- };
- fs.writeFileSync(path.join(claudeDir, ".credentials.json"), JSON.stringify(claudeCreds));
-
- // Create auth-profiles.json with an API key
- const authPath = path.join(agentDir, "auth-profiles.json");
- fs.writeFileSync(
- authPath,
- JSON.stringify({
- version: 1,
- profiles: {
- "anthropic:default": {
- type: "api_key",
- provider: "anthropic",
- key: "sk-store",
- },
- },
- }),
- );
-
- const store = ensureAuthProfileStore(agentDir);
-
- // Should keep the store's API key and still add the CLI profile.
- expect((store.profiles["anthropic:default"] as { key: string }).key).toBe("sk-store");
- expect(store.profiles[CLAUDE_CLI_PROFILE_ID]).toBeDefined();
- },
- { prefix: "clawdbot-home-" },
- );
- } finally {
- fs.rmSync(agentDir, { recursive: true, force: true });
- }
- });
- it("prefers oauth over token even if token has later expiry (oauth enables auto-refresh)", async () => {
- const agentDir = fs.mkdtempSync(path.join(os.tmpdir(), "clawdbot-cli-oauth-preferred-"));
- try {
- await withTempHome(
- async (tempHome) => {
- const claudeDir = path.join(tempHome, ".claude");
- fs.mkdirSync(claudeDir, { recursive: true });
- // CLI has OAuth credentials (with refresh token) expiring in 30 min
- fs.writeFileSync(
- path.join(claudeDir, ".credentials.json"),
- JSON.stringify({
- claudeAiOauth: {
- accessToken: "cli-oauth-access",
- refreshToken: "cli-refresh",
- expiresAt: Date.now() + 30 * 60 * 1000,
- },
- }),
- );
-
- const authPath = path.join(agentDir, "auth-profiles.json");
- // Store has token credentials expiring in 60 min (later than CLI)
- fs.writeFileSync(
- authPath,
- JSON.stringify({
- version: 1,
- profiles: {
- [CLAUDE_CLI_PROFILE_ID]: {
- type: "token",
- provider: "anthropic",
- token: "store-token-access",
- expires: Date.now() + 60 * 60 * 1000,
- },
- },
- }),
- );
-
- const store = ensureAuthProfileStore(agentDir);
- // OAuth should be preferred over token because it can auto-refresh
- const cliProfile = store.profiles[CLAUDE_CLI_PROFILE_ID];
- expect(cliProfile.type).toBe("oauth");
- expect((cliProfile as { access: string }).access).toBe("cli-oauth-access");
- },
- { prefix: "clawdbot-home-" },
- );
- } finally {
- fs.rmSync(agentDir, { recursive: true, force: true });
- }
- });
-});
diff --git a/src/agents/auth-profiles.external-cli-credential-sync.does-not-overwrite-fresher-store-oauth-older.test.ts b/src/agents/auth-profiles.external-cli-credential-sync.does-not-overwrite-fresher-store-oauth-older.test.ts
deleted file mode 100644
index 3ca83a576..000000000
--- a/src/agents/auth-profiles.external-cli-credential-sync.does-not-overwrite-fresher-store-oauth-older.test.ts
+++ /dev/null
@@ -1,106 +0,0 @@
-import fs from "node:fs";
-import os from "node:os";
-import path from "node:path";
-import { describe, expect, it } from "vitest";
-import { withTempHome } from "../../test/helpers/temp-home.js";
-import { CLAUDE_CLI_PROFILE_ID, ensureAuthProfileStore } from "./auth-profiles.js";
-
-describe("external CLI credential sync", () => {
- it("does not overwrite fresher store oauth with older CLI oauth", async () => {
- const agentDir = fs.mkdtempSync(path.join(os.tmpdir(), "clawdbot-cli-oauth-no-downgrade-"));
- try {
- await withTempHome(
- async (tempHome) => {
- const claudeDir = path.join(tempHome, ".claude");
- fs.mkdirSync(claudeDir, { recursive: true });
- // CLI has OAuth credentials expiring in 30 min
- fs.writeFileSync(
- path.join(claudeDir, ".credentials.json"),
- JSON.stringify({
- claudeAiOauth: {
- accessToken: "cli-oauth-access",
- refreshToken: "cli-refresh",
- expiresAt: Date.now() + 30 * 60 * 1000,
- },
- }),
- );
-
- const authPath = path.join(agentDir, "auth-profiles.json");
- // Store has OAuth credentials expiring in 60 min (later than CLI)
- fs.writeFileSync(
- authPath,
- JSON.stringify({
- version: 1,
- profiles: {
- [CLAUDE_CLI_PROFILE_ID]: {
- type: "oauth",
- provider: "anthropic",
- access: "store-oauth-access",
- refresh: "store-refresh",
- expires: Date.now() + 60 * 60 * 1000,
- },
- },
- }),
- );
-
- const store = ensureAuthProfileStore(agentDir);
- // Fresher store oauth should be kept
- const cliProfile = store.profiles[CLAUDE_CLI_PROFILE_ID];
- expect(cliProfile.type).toBe("oauth");
- expect((cliProfile as { access: string }).access).toBe("store-oauth-access");
- },
- { prefix: "clawdbot-home-" },
- );
- } finally {
- fs.rmSync(agentDir, { recursive: true, force: true });
- }
- });
- it("does not downgrade store oauth to token when CLI lacks refresh token", async () => {
- const agentDir = fs.mkdtempSync(path.join(os.tmpdir(), "clawdbot-cli-no-downgrade-oauth-"));
- try {
- await withTempHome(
- async (tempHome) => {
- const claudeDir = path.join(tempHome, ".claude");
- fs.mkdirSync(claudeDir, { recursive: true });
- // CLI has token-only credentials (no refresh token)
- fs.writeFileSync(
- path.join(claudeDir, ".credentials.json"),
- JSON.stringify({
- claudeAiOauth: {
- accessToken: "cli-token-access",
- expiresAt: Date.now() + 30 * 60 * 1000,
- },
- }),
- );
-
- const authPath = path.join(agentDir, "auth-profiles.json");
- // Store already has OAuth credentials with refresh token
- fs.writeFileSync(
- authPath,
- JSON.stringify({
- version: 1,
- profiles: {
- [CLAUDE_CLI_PROFILE_ID]: {
- type: "oauth",
- provider: "anthropic",
- access: "store-oauth-access",
- refresh: "store-refresh",
- expires: Date.now() + 60 * 60 * 1000,
- },
- },
- }),
- );
-
- const store = ensureAuthProfileStore(agentDir);
- // Keep oauth to preserve auto-refresh capability
- const cliProfile = store.profiles[CLAUDE_CLI_PROFILE_ID];
- expect(cliProfile.type).toBe("oauth");
- expect((cliProfile as { access: string }).access).toBe("store-oauth-access");
- },
- { prefix: "clawdbot-home-" },
- );
- } finally {
- fs.rmSync(agentDir, { recursive: true, force: true });
- }
- });
-});
diff --git a/src/agents/auth-profiles.external-cli-credential-sync.skips-codex-sync-when-credentials-exist-in-another-profile.test.ts b/src/agents/auth-profiles.external-cli-credential-sync.skips-codex-sync-when-credentials-exist-in-another-profile.test.ts
deleted file mode 100644
index 6fa6734d7..000000000
--- a/src/agents/auth-profiles.external-cli-credential-sync.skips-codex-sync-when-credentials-exist-in-another-profile.test.ts
+++ /dev/null
@@ -1,166 +0,0 @@
-import fs from "node:fs";
-import os from "node:os";
-import path from "node:path";
-import { describe, expect, it } from "vitest";
-import { withTempHome } from "../../test/helpers/temp-home.js";
-import { CODEX_CLI_PROFILE_ID, ensureAuthProfileStore } from "./auth-profiles.js";
-
-describe("external CLI credential sync", () => {
- it("skips codex-cli sync when credentials already exist in another openai-codex profile", async () => {
- const agentDir = fs.mkdtempSync(path.join(os.tmpdir(), "clawdbot-codex-dedup-skip-"));
- try {
- await withTempHome(
- async (tempHome) => {
- const codexDir = path.join(tempHome, ".codex");
- fs.mkdirSync(codexDir, { recursive: true });
- const codexAuthPath = path.join(codexDir, "auth.json");
- fs.writeFileSync(
- codexAuthPath,
- JSON.stringify({
- tokens: {
- access_token: "shared-access-token",
- refresh_token: "shared-refresh-token",
- },
- }),
- );
- fs.utimesSync(codexAuthPath, new Date(), new Date());
-
- const authPath = path.join(agentDir, "auth-profiles.json");
- fs.writeFileSync(
- authPath,
- JSON.stringify({
- version: 1,
- profiles: {
- "openai-codex:my-custom-profile": {
- type: "oauth",
- provider: "openai-codex",
- access: "shared-access-token",
- refresh: "shared-refresh-token",
- expires: Date.now() + 3600000,
- },
- },
- }),
- );
-
- const store = ensureAuthProfileStore(agentDir);
-
- expect(store.profiles[CODEX_CLI_PROFILE_ID]).toBeUndefined();
- expect(store.profiles["openai-codex:my-custom-profile"]).toBeDefined();
- },
- { prefix: "clawdbot-home-" },
- );
- } finally {
- fs.rmSync(agentDir, { recursive: true, force: true });
- }
- });
-
- it("creates codex-cli profile when credentials differ from existing openai-codex profiles", async () => {
- const agentDir = fs.mkdtempSync(path.join(os.tmpdir(), "clawdbot-codex-dedup-create-"));
- try {
- await withTempHome(
- async (tempHome) => {
- const codexDir = path.join(tempHome, ".codex");
- fs.mkdirSync(codexDir, { recursive: true });
- const codexAuthPath = path.join(codexDir, "auth.json");
- fs.writeFileSync(
- codexAuthPath,
- JSON.stringify({
- tokens: {
- access_token: "unique-access-token",
- refresh_token: "unique-refresh-token",
- },
- }),
- );
- fs.utimesSync(codexAuthPath, new Date(), new Date());
-
- const authPath = path.join(agentDir, "auth-profiles.json");
- fs.writeFileSync(
- authPath,
- JSON.stringify({
- version: 1,
- profiles: {
- "openai-codex:my-custom-profile": {
- type: "oauth",
- provider: "openai-codex",
- access: "different-access-token",
- refresh: "different-refresh-token",
- expires: Date.now() + 3600000,
- },
- },
- }),
- );
-
- const store = ensureAuthProfileStore(agentDir);
-
- expect(store.profiles[CODEX_CLI_PROFILE_ID]).toBeDefined();
- expect((store.profiles[CODEX_CLI_PROFILE_ID] as { access: string }).access).toBe(
- "unique-access-token",
- );
- expect(store.profiles["openai-codex:my-custom-profile"]).toBeDefined();
- },
- { prefix: "clawdbot-home-" },
- );
- } finally {
- fs.rmSync(agentDir, { recursive: true, force: true });
- }
- });
-
- it("removes codex-cli profile when it duplicates another openai-codex profile", async () => {
- const agentDir = fs.mkdtempSync(path.join(os.tmpdir(), "clawdbot-codex-dedup-remove-"));
- try {
- await withTempHome(
- async (tempHome) => {
- const codexDir = path.join(tempHome, ".codex");
- fs.mkdirSync(codexDir, { recursive: true });
- const codexAuthPath = path.join(codexDir, "auth.json");
- fs.writeFileSync(
- codexAuthPath,
- JSON.stringify({
- tokens: {
- access_token: "shared-access-token",
- refresh_token: "shared-refresh-token",
- },
- }),
- );
- fs.utimesSync(codexAuthPath, new Date(), new Date());
-
- const authPath = path.join(agentDir, "auth-profiles.json");
- fs.writeFileSync(
- authPath,
- JSON.stringify({
- version: 1,
- profiles: {
- [CODEX_CLI_PROFILE_ID]: {
- type: "oauth",
- provider: "openai-codex",
- access: "shared-access-token",
- refresh: "shared-refresh-token",
- expires: Date.now() + 3600000,
- },
- "openai-codex:my-custom-profile": {
- type: "oauth",
- provider: "openai-codex",
- access: "shared-access-token",
- refresh: "shared-refresh-token",
- expires: Date.now() + 3600000,
- },
- },
- }),
- );
-
- const store = ensureAuthProfileStore(agentDir);
-
- expect(store.profiles[CODEX_CLI_PROFILE_ID]).toBeUndefined();
- const saved = JSON.parse(fs.readFileSync(authPath, "utf8")) as {
- profiles?: Record;
- };
- expect(saved.profiles?.[CODEX_CLI_PROFILE_ID]).toBeUndefined();
- expect(saved.profiles?.["openai-codex:my-custom-profile"]).toBeDefined();
- },
- { prefix: "clawdbot-home-" },
- );
- } finally {
- fs.rmSync(agentDir, { recursive: true, force: true });
- }
- });
-});
diff --git a/src/agents/auth-profiles.external-cli-credential-sync.syncs-claude-cli-oauth-credentials-into-anthropic.test.ts b/src/agents/auth-profiles.external-cli-credential-sync.syncs-claude-cli-oauth-credentials-into-anthropic.test.ts
deleted file mode 100644
index 1295552ba..000000000
--- a/src/agents/auth-profiles.external-cli-credential-sync.syncs-claude-cli-oauth-credentials-into-anthropic.test.ts
+++ /dev/null
@@ -1,96 +0,0 @@
-import fs from "node:fs";
-import os from "node:os";
-import path from "node:path";
-import { describe, expect, it } from "vitest";
-import { withTempHome } from "../../test/helpers/temp-home.js";
-import { CLAUDE_CLI_PROFILE_ID, ensureAuthProfileStore } from "./auth-profiles.js";
-
-describe("external CLI credential sync", () => {
- it("syncs Claude Code CLI OAuth credentials into anthropic:claude-cli", async () => {
- const agentDir = fs.mkdtempSync(path.join(os.tmpdir(), "clawdbot-cli-sync-"));
- try {
- // Create a temp home with Claude Code CLI credentials
- await withTempHome(
- async (tempHome) => {
- // Create Claude Code CLI credentials with refreshToken (OAuth)
- const claudeDir = path.join(tempHome, ".claude");
- fs.mkdirSync(claudeDir, { recursive: true });
- const claudeCreds = {
- claudeAiOauth: {
- accessToken: "fresh-access-token",
- refreshToken: "fresh-refresh-token",
- expiresAt: Date.now() + 60 * 60 * 1000, // 1 hour from now
- },
- };
- fs.writeFileSync(path.join(claudeDir, ".credentials.json"), JSON.stringify(claudeCreds));
-
- // Create empty auth-profiles.json
- const authPath = path.join(agentDir, "auth-profiles.json");
- fs.writeFileSync(
- authPath,
- JSON.stringify({
- version: 1,
- profiles: {
- "anthropic:default": {
- type: "api_key",
- provider: "anthropic",
- key: "sk-default",
- },
- },
- }),
- );
-
- // Load the store - should sync from CLI as OAuth credential
- const store = ensureAuthProfileStore(agentDir);
-
- expect(store.profiles["anthropic:default"]).toBeDefined();
- expect((store.profiles["anthropic:default"] as { key: string }).key).toBe("sk-default");
- expect(store.profiles[CLAUDE_CLI_PROFILE_ID]).toBeDefined();
- // Should be stored as OAuth credential (type: "oauth") for auto-refresh
- const cliProfile = store.profiles[CLAUDE_CLI_PROFILE_ID];
- expect(cliProfile.type).toBe("oauth");
- expect((cliProfile as { access: string }).access).toBe("fresh-access-token");
- expect((cliProfile as { refresh: string }).refresh).toBe("fresh-refresh-token");
- expect((cliProfile as { expires: number }).expires).toBeGreaterThan(Date.now());
- },
- { prefix: "clawdbot-home-" },
- );
- } finally {
- fs.rmSync(agentDir, { recursive: true, force: true });
- }
- });
- it("syncs Claude Code CLI credentials without refreshToken as token type", async () => {
- const agentDir = fs.mkdtempSync(path.join(os.tmpdir(), "clawdbot-cli-token-sync-"));
- try {
- await withTempHome(
- async (tempHome) => {
- // Create Claude Code CLI credentials WITHOUT refreshToken (fallback to token type)
- const claudeDir = path.join(tempHome, ".claude");
- fs.mkdirSync(claudeDir, { recursive: true });
- const claudeCreds = {
- claudeAiOauth: {
- accessToken: "access-only-token",
- // No refreshToken - backward compatibility scenario
- expiresAt: Date.now() + 60 * 60 * 1000,
- },
- };
- fs.writeFileSync(path.join(claudeDir, ".credentials.json"), JSON.stringify(claudeCreds));
-
- const authPath = path.join(agentDir, "auth-profiles.json");
- fs.writeFileSync(authPath, JSON.stringify({ version: 1, profiles: {} }));
-
- const store = ensureAuthProfileStore(agentDir);
-
- expect(store.profiles[CLAUDE_CLI_PROFILE_ID]).toBeDefined();
- // Should be stored as token type (no refresh capability)
- const cliProfile = store.profiles[CLAUDE_CLI_PROFILE_ID];
- expect(cliProfile.type).toBe("token");
- expect((cliProfile as { token: string }).token).toBe("access-only-token");
- },
- { prefix: "clawdbot-home-" },
- );
- } finally {
- fs.rmSync(agentDir, { recursive: true, force: true });
- }
- });
-});
diff --git a/src/agents/auth-profiles.external-cli-credential-sync.updates-codex-cli-profile-codex-cli-refresh.test.ts b/src/agents/auth-profiles.external-cli-credential-sync.updates-codex-cli-profile-codex-cli-refresh.test.ts
deleted file mode 100644
index 16fe775ab..000000000
--- a/src/agents/auth-profiles.external-cli-credential-sync.updates-codex-cli-profile-codex-cli-refresh.test.ts
+++ /dev/null
@@ -1,56 +0,0 @@
-import fs from "node:fs";
-import os from "node:os";
-import path from "node:path";
-import { describe, expect, it } from "vitest";
-import { withTempHome } from "../../test/helpers/temp-home.js";
-import { CODEX_CLI_PROFILE_ID, ensureAuthProfileStore } from "./auth-profiles.js";
-
-describe("external CLI credential sync", () => {
- it("updates codex-cli profile when Codex CLI refresh token changes", async () => {
- const agentDir = fs.mkdtempSync(path.join(os.tmpdir(), "clawdbot-codex-refresh-sync-"));
- try {
- await withTempHome(
- async (tempHome) => {
- const codexDir = path.join(tempHome, ".codex");
- fs.mkdirSync(codexDir, { recursive: true });
- const codexAuthPath = path.join(codexDir, "auth.json");
- fs.writeFileSync(
- codexAuthPath,
- JSON.stringify({
- tokens: {
- access_token: "same-access",
- refresh_token: "new-refresh",
- },
- }),
- );
- fs.utimesSync(codexAuthPath, new Date(), new Date());
-
- const authPath = path.join(agentDir, "auth-profiles.json");
- fs.writeFileSync(
- authPath,
- JSON.stringify({
- version: 1,
- profiles: {
- [CODEX_CLI_PROFILE_ID]: {
- type: "oauth",
- provider: "openai-codex",
- access: "same-access",
- refresh: "old-refresh",
- expires: Date.now() - 1000,
- },
- },
- }),
- );
-
- const store = ensureAuthProfileStore(agentDir);
- expect((store.profiles[CODEX_CLI_PROFILE_ID] as { refresh: string }).refresh).toBe(
- "new-refresh",
- );
- },
- { prefix: "clawdbot-home-" },
- );
- } finally {
- fs.rmSync(agentDir, { recursive: true, force: true });
- }
- });
-});
diff --git a/src/agents/auth-profiles.external-cli-credential-sync.upgrades-token-oauth-claude-cli-gets-refreshtoken.test.ts b/src/agents/auth-profiles.external-cli-credential-sync.upgrades-token-oauth-claude-cli-gets-refreshtoken.test.ts
deleted file mode 100644
index 2957215f6..000000000
--- a/src/agents/auth-profiles.external-cli-credential-sync.upgrades-token-oauth-claude-cli-gets-refreshtoken.test.ts
+++ /dev/null
@@ -1,103 +0,0 @@
-import fs from "node:fs";
-import os from "node:os";
-import path from "node:path";
-import { describe, expect, it } from "vitest";
-import { withTempHome } from "../../test/helpers/temp-home.js";
-import {
- CLAUDE_CLI_PROFILE_ID,
- CODEX_CLI_PROFILE_ID,
- ensureAuthProfileStore,
-} from "./auth-profiles.js";
-
-describe("external CLI credential sync", () => {
- it("upgrades token to oauth when Claude Code CLI gets refreshToken", async () => {
- const agentDir = fs.mkdtempSync(path.join(os.tmpdir(), "clawdbot-cli-upgrade-"));
- try {
- await withTempHome(
- async (tempHome) => {
- // Create Claude Code CLI credentials with refreshToken
- const claudeDir = path.join(tempHome, ".claude");
- fs.mkdirSync(claudeDir, { recursive: true });
- fs.writeFileSync(
- path.join(claudeDir, ".credentials.json"),
- JSON.stringify({
- claudeAiOauth: {
- accessToken: "new-oauth-access",
- refreshToken: "new-refresh-token",
- expiresAt: Date.now() + 60 * 60 * 1000,
- },
- }),
- );
-
- // Create auth-profiles.json with existing token type credential
- const authPath = path.join(agentDir, "auth-profiles.json");
- fs.writeFileSync(
- authPath,
- JSON.stringify({
- version: 1,
- profiles: {
- [CLAUDE_CLI_PROFILE_ID]: {
- type: "token",
- provider: "anthropic",
- token: "old-token",
- expires: Date.now() + 30 * 60 * 1000,
- },
- },
- }),
- );
-
- const store = ensureAuthProfileStore(agentDir);
-
- // Should upgrade from token to oauth
- const cliProfile = store.profiles[CLAUDE_CLI_PROFILE_ID];
- expect(cliProfile.type).toBe("oauth");
- expect((cliProfile as { access: string }).access).toBe("new-oauth-access");
- expect((cliProfile as { refresh: string }).refresh).toBe("new-refresh-token");
- },
- { prefix: "clawdbot-home-" },
- );
- } finally {
- fs.rmSync(agentDir, { recursive: true, force: true });
- }
- });
- it("syncs Codex CLI credentials into openai-codex:codex-cli", async () => {
- const agentDir = fs.mkdtempSync(path.join(os.tmpdir(), "clawdbot-codex-sync-"));
- try {
- await withTempHome(
- async (tempHome) => {
- // Create Codex CLI credentials
- const codexDir = path.join(tempHome, ".codex");
- fs.mkdirSync(codexDir, { recursive: true });
- const codexCreds = {
- tokens: {
- access_token: "codex-access-token",
- refresh_token: "codex-refresh-token",
- },
- };
- const codexAuthPath = path.join(codexDir, "auth.json");
- fs.writeFileSync(codexAuthPath, JSON.stringify(codexCreds));
-
- // Create empty auth-profiles.json
- const authPath = path.join(agentDir, "auth-profiles.json");
- fs.writeFileSync(
- authPath,
- JSON.stringify({
- version: 1,
- profiles: {},
- }),
- );
-
- const store = ensureAuthProfileStore(agentDir);
-
- expect(store.profiles[CODEX_CLI_PROFILE_ID]).toBeDefined();
- expect((store.profiles[CODEX_CLI_PROFILE_ID] as { access: string }).access).toBe(
- "codex-access-token",
- );
- },
- { prefix: "clawdbot-home-" },
- );
- } finally {
- fs.rmSync(agentDir, { recursive: true, force: true });
- }
- });
-});
diff --git a/src/agents/auth-profiles/external-cli-sync.ts b/src/agents/auth-profiles/external-cli-sync.ts
index 8a7d8270f..d1fa31f23 100644
--- a/src/agents/auth-profiles/external-cli-sync.ts
+++ b/src/agents/auth-profiles/external-cli-sync.ts
@@ -1,22 +1,11 @@
+import { readQwenCliCredentialsCached } from "../cli-credentials.js";
import {
- readClaudeCliCredentialsCached,
- readCodexCliCredentialsCached,
- readQwenCliCredentialsCached,
-} from "../cli-credentials.js";
-import {
- CLAUDE_CLI_PROFILE_ID,
- CODEX_CLI_PROFILE_ID,
EXTERNAL_CLI_NEAR_EXPIRY_MS,
EXTERNAL_CLI_SYNC_TTL_MS,
QWEN_CLI_PROFILE_ID,
log,
} from "./constants.js";
-import type {
- AuthProfileCredential,
- AuthProfileStore,
- OAuthCredential,
- TokenCredential,
-} from "./types.js";
+import type { AuthProfileCredential, AuthProfileStore, OAuthCredential } from "./types.js";
function shallowEqualOAuthCredentials(a: OAuthCredential | undefined, b: OAuthCredential): boolean {
if (!a) return false;
@@ -33,25 +22,10 @@ function shallowEqualOAuthCredentials(a: OAuthCredential | undefined, b: OAuthCr
);
}
-function shallowEqualTokenCredentials(a: TokenCredential | undefined, b: TokenCredential): boolean {
- if (!a) return false;
- if (a.type !== "token") return false;
- return (
- a.provider === b.provider &&
- a.token === b.token &&
- a.expires === b.expires &&
- a.email === b.email
- );
-}
-
function isExternalProfileFresh(cred: AuthProfileCredential | undefined, now: number): boolean {
if (!cred) return false;
if (cred.type !== "oauth" && cred.type !== "token") return false;
- if (
- cred.provider !== "anthropic" &&
- cred.provider !== "openai-codex" &&
- cred.provider !== "qwen-portal"
- ) {
+ if (cred.provider !== "qwen-portal") {
return false;
}
if (typeof cred.expires !== "number") return true;
@@ -59,163 +33,14 @@ function isExternalProfileFresh(cred: AuthProfileCredential | undefined, now: nu
}
/**
- * Find any existing openai-codex profile (other than codex-cli) that has the same
- * access and refresh tokens. This prevents creating a duplicate codex-cli profile
- * when the user has already set up a custom profile with the same credentials.
- */
-export function findDuplicateCodexProfile(
- store: AuthProfileStore,
- creds: OAuthCredential,
-): string | undefined {
- for (const [profileId, profile] of Object.entries(store.profiles)) {
- if (profileId === CODEX_CLI_PROFILE_ID) continue;
- if (profile.type !== "oauth") continue;
- if (profile.provider !== "openai-codex") continue;
- if (profile.access === creds.access && profile.refresh === creds.refresh) {
- return profileId;
- }
- }
- return undefined;
-}
-
-/**
- * Sync OAuth credentials from external CLI tools (Claude Code CLI, Codex CLI) into the store.
- * This allows clawdbot to use the same credentials as these tools without requiring
- * separate authentication, and keeps credentials in sync when CLI tools refresh tokens.
+ * Sync OAuth credentials from external CLI tools (Qwen Code CLI) into the store.
*
* Returns true if any credentials were updated.
*/
-export function syncExternalCliCredentials(
- store: AuthProfileStore,
- options?: { allowKeychainPrompt?: boolean },
-): boolean {
+export function syncExternalCliCredentials(store: AuthProfileStore): boolean {
let mutated = false;
const now = Date.now();
- // Sync from Claude Code CLI (supports both OAuth and Token credentials)
- const existingClaude = store.profiles[CLAUDE_CLI_PROFILE_ID];
- const shouldSyncClaude =
- !existingClaude ||
- existingClaude.provider !== "anthropic" ||
- existingClaude.type === "token" ||
- !isExternalProfileFresh(existingClaude, now);
- const claudeCreds = shouldSyncClaude
- ? readClaudeCliCredentialsCached({
- allowKeychainPrompt: options?.allowKeychainPrompt,
- ttlMs: EXTERNAL_CLI_SYNC_TTL_MS,
- })
- : null;
- if (claudeCreds) {
- const existing = store.profiles[CLAUDE_CLI_PROFILE_ID];
- const claudeCredsExpires = claudeCreds.expires ?? 0;
-
- // Determine if we should update based on credential comparison
- let shouldUpdate = false;
- let isEqual = false;
-
- if (claudeCreds.type === "oauth") {
- const existingOAuth = existing?.type === "oauth" ? existing : undefined;
- isEqual = shallowEqualOAuthCredentials(existingOAuth, claudeCreds);
- // Update if: no existing profile, type changed to oauth, expired, or CLI has newer token
- shouldUpdate =
- !existingOAuth ||
- existingOAuth.provider !== "anthropic" ||
- existingOAuth.expires <= now ||
- (claudeCredsExpires > now && claudeCredsExpires > existingOAuth.expires);
- } else {
- const existingToken = existing?.type === "token" ? existing : undefined;
- isEqual = shallowEqualTokenCredentials(existingToken, claudeCreds);
- // Update if: no existing profile, expired, or CLI has newer token
- shouldUpdate =
- !existingToken ||
- existingToken.provider !== "anthropic" ||
- (existingToken.expires ?? 0) <= now ||
- (claudeCredsExpires > now && claudeCredsExpires > (existingToken.expires ?? 0));
- }
-
- // Also update if credential type changed (token -> oauth upgrade)
- if (existing && existing.type !== claudeCreds.type) {
- // Prefer oauth over token (enables auto-refresh)
- if (claudeCreds.type === "oauth") {
- shouldUpdate = true;
- isEqual = false;
- }
- }
-
- // Avoid downgrading from oauth to token-only credentials.
- if (existing?.type === "oauth" && claudeCreds.type === "token") {
- shouldUpdate = false;
- }
-
- if (shouldUpdate && !isEqual) {
- store.profiles[CLAUDE_CLI_PROFILE_ID] = claudeCreds;
- mutated = true;
- log.info("synced anthropic credentials from claude cli", {
- profileId: CLAUDE_CLI_PROFILE_ID,
- type: claudeCreds.type,
- expires:
- typeof claudeCreds.expires === "number"
- ? new Date(claudeCreds.expires).toISOString()
- : "unknown",
- });
- }
- }
-
- // Sync from Codex CLI
- const existingCodex = store.profiles[CODEX_CLI_PROFILE_ID];
- const existingCodexOAuth = existingCodex?.type === "oauth" ? existingCodex : undefined;
- const duplicateExistingId = existingCodexOAuth
- ? findDuplicateCodexProfile(store, existingCodexOAuth)
- : undefined;
- if (duplicateExistingId) {
- delete store.profiles[CODEX_CLI_PROFILE_ID];
- mutated = true;
- log.info("removed codex-cli profile: credentials already exist in another profile", {
- existingProfileId: duplicateExistingId,
- removedProfileId: CODEX_CLI_PROFILE_ID,
- });
- }
- const shouldSyncCodex =
- !existingCodex ||
- existingCodex.provider !== "openai-codex" ||
- !isExternalProfileFresh(existingCodex, now);
- const codexCreds =
- shouldSyncCodex || duplicateExistingId
- ? readCodexCliCredentialsCached({ ttlMs: EXTERNAL_CLI_SYNC_TTL_MS })
- : null;
- if (codexCreds) {
- const duplicateProfileId = findDuplicateCodexProfile(store, codexCreds);
- if (duplicateProfileId) {
- if (store.profiles[CODEX_CLI_PROFILE_ID]) {
- delete store.profiles[CODEX_CLI_PROFILE_ID];
- mutated = true;
- log.info("removed codex-cli profile: credentials already exist in another profile", {
- existingProfileId: duplicateProfileId,
- removedProfileId: CODEX_CLI_PROFILE_ID,
- });
- }
- } else {
- const existing = store.profiles[CODEX_CLI_PROFILE_ID];
- const existingOAuth = existing?.type === "oauth" ? existing : undefined;
-
- // Codex creds don't carry expiry; use file mtime heuristic for freshness.
- const shouldUpdate =
- !existingOAuth ||
- existingOAuth.provider !== "openai-codex" ||
- existingOAuth.expires <= now ||
- codexCreds.expires > existingOAuth.expires;
-
- if (shouldUpdate && !shallowEqualOAuthCredentials(existingOAuth, codexCreds)) {
- store.profiles[CODEX_CLI_PROFILE_ID] = codexCreds;
- mutated = true;
- log.info("synced openai-codex credentials from codex cli", {
- profileId: CODEX_CLI_PROFILE_ID,
- expires: new Date(codexCreds.expires).toISOString(),
- });
- }
- }
- }
-
// Sync from Qwen Code CLI
const existingQwen = store.profiles[QWEN_CLI_PROFILE_ID];
const shouldSyncQwen =
diff --git a/src/agents/auth-profiles/oauth.fallback-to-main-agent.test.ts b/src/agents/auth-profiles/oauth.fallback-to-main-agent.test.ts
new file mode 100644
index 000000000..d37d1a8c3
--- /dev/null
+++ b/src/agents/auth-profiles/oauth.fallback-to-main-agent.test.ts
@@ -0,0 +1,164 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+import os from "node:os";
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import { resolveApiKeyForProfile } from "./oauth.js";
+import { ensureAuthProfileStore } from "./store.js";
+import type { AuthProfileStore } from "./types.js";
+
+describe("resolveApiKeyForProfile fallback to main agent", () => {
+ const previousStateDir = process.env.CLAWDBOT_STATE_DIR;
+ const previousAgentDir = process.env.CLAWDBOT_AGENT_DIR;
+ const previousPiAgentDir = process.env.PI_CODING_AGENT_DIR;
+ let tmpDir: string;
+ let mainAgentDir: string;
+ let secondaryAgentDir: string;
+
+ beforeEach(async () => {
+ tmpDir = await fs.mkdtemp(path.join(os.tmpdir(), "oauth-fallback-test-"));
+ mainAgentDir = path.join(tmpDir, "agents", "main", "agent");
+ secondaryAgentDir = path.join(tmpDir, "agents", "kids", "agent");
+ await fs.mkdir(mainAgentDir, { recursive: true });
+ await fs.mkdir(secondaryAgentDir, { recursive: true });
+
+ // Set environment variables so resolveClawdbotAgentDir() returns mainAgentDir
+ process.env.CLAWDBOT_STATE_DIR = tmpDir;
+ process.env.CLAWDBOT_AGENT_DIR = mainAgentDir;
+ process.env.PI_CODING_AGENT_DIR = mainAgentDir;
+ });
+
+ afterEach(async () => {
+ vi.unstubAllGlobals();
+
+ // Restore original environment
+ if (previousStateDir === undefined) delete process.env.CLAWDBOT_STATE_DIR;
+ else process.env.CLAWDBOT_STATE_DIR = previousStateDir;
+ if (previousAgentDir === undefined) delete process.env.CLAWDBOT_AGENT_DIR;
+ else process.env.CLAWDBOT_AGENT_DIR = previousAgentDir;
+ if (previousPiAgentDir === undefined) delete process.env.PI_CODING_AGENT_DIR;
+ else process.env.PI_CODING_AGENT_DIR = previousPiAgentDir;
+
+ await fs.rm(tmpDir, { recursive: true, force: true });
+ });
+
+ it("falls back to main agent credentials when secondary agent token is expired and refresh fails", async () => {
+ const profileId = "anthropic:claude-cli";
+ const now = Date.now();
+ const expiredTime = now - 60 * 60 * 1000; // 1 hour ago
+ const freshTime = now + 60 * 60 * 1000; // 1 hour from now
+
+ // Write expired credentials for secondary agent
+ const secondaryStore: AuthProfileStore = {
+ version: 1,
+ profiles: {
+ [profileId]: {
+ type: "oauth",
+ provider: "anthropic",
+ access: "expired-access-token",
+ refresh: "expired-refresh-token",
+ expires: expiredTime,
+ },
+ },
+ };
+ await fs.writeFile(
+ path.join(secondaryAgentDir, "auth-profiles.json"),
+ JSON.stringify(secondaryStore),
+ );
+
+ // Write fresh credentials for main agent
+ const mainStore: AuthProfileStore = {
+ version: 1,
+ profiles: {
+ [profileId]: {
+ type: "oauth",
+ provider: "anthropic",
+ access: "fresh-access-token",
+ refresh: "fresh-refresh-token",
+ expires: freshTime,
+ },
+ },
+ };
+ await fs.writeFile(path.join(mainAgentDir, "auth-profiles.json"), JSON.stringify(mainStore));
+
+ // Mock fetch to simulate OAuth refresh failure
+ const fetchSpy = vi.fn(async () => {
+ return new Response(JSON.stringify({ error: "invalid_grant" }), {
+ status: 400,
+ headers: { "Content-Type": "application/json" },
+ });
+ });
+ vi.stubGlobal("fetch", fetchSpy);
+
+ // Load the secondary agent's store (will merge with main agent's store)
+ const loadedSecondaryStore = ensureAuthProfileStore(secondaryAgentDir);
+
+ // Call resolveApiKeyForProfile with the secondary agent's expired credentials
+ // This should:
+ // 1. Try to refresh the expired token (fails due to mocked fetch)
+ // 2. Fall back to main agent's fresh credentials
+ // 3. Copy those credentials to the secondary agent
+ const result = await resolveApiKeyForProfile({
+ store: loadedSecondaryStore,
+ profileId,
+ agentDir: secondaryAgentDir,
+ });
+
+ expect(result).not.toBeNull();
+ expect(result?.apiKey).toBe("fresh-access-token");
+ expect(result?.provider).toBe("anthropic");
+
+ // Verify the credentials were copied to the secondary agent
+ const updatedSecondaryStore = JSON.parse(
+ await fs.readFile(path.join(secondaryAgentDir, "auth-profiles.json"), "utf8"),
+ ) as AuthProfileStore;
+ expect(updatedSecondaryStore.profiles[profileId]).toMatchObject({
+ access: "fresh-access-token",
+ expires: freshTime,
+ });
+ });
+
+ it("throws error when both secondary and main agent credentials are expired", async () => {
+ const profileId = "anthropic:claude-cli";
+ const now = Date.now();
+ const expiredTime = now - 60 * 60 * 1000; // 1 hour ago
+
+ // Write expired credentials for both agents
+ const expiredStore: AuthProfileStore = {
+ version: 1,
+ profiles: {
+ [profileId]: {
+ type: "oauth",
+ provider: "anthropic",
+ access: "expired-access-token",
+ refresh: "expired-refresh-token",
+ expires: expiredTime,
+ },
+ },
+ };
+ await fs.writeFile(
+ path.join(secondaryAgentDir, "auth-profiles.json"),
+ JSON.stringify(expiredStore),
+ );
+ await fs.writeFile(path.join(mainAgentDir, "auth-profiles.json"), JSON.stringify(expiredStore));
+
+ // Mock fetch to simulate OAuth refresh failure
+ const fetchSpy = vi.fn(async () => {
+ return new Response(JSON.stringify({ error: "invalid_grant" }), {
+ status: 400,
+ headers: { "Content-Type": "application/json" },
+ });
+ });
+ vi.stubGlobal("fetch", fetchSpy);
+
+ const loadedSecondaryStore = ensureAuthProfileStore(secondaryAgentDir);
+
+ // Should throw because both agents have expired credentials
+ await expect(
+ resolveApiKeyForProfile({
+ store: loadedSecondaryStore,
+ profileId,
+ agentDir: secondaryAgentDir,
+ }),
+ ).rejects.toThrow(/OAuth token refresh failed/);
+ });
+});
diff --git a/src/agents/auth-profiles/oauth.ts b/src/agents/auth-profiles/oauth.ts
index 8c59a3044..d7b3360de 100644
--- a/src/agents/auth-profiles/oauth.ts
+++ b/src/agents/auth-profiles/oauth.ts
@@ -4,8 +4,7 @@ import lockfile from "proper-lockfile";
import type { ClawdbotConfig } from "../../config/config.js";
import { refreshChutesTokens } from "../chutes-oauth.js";
import { refreshQwenPortalCredentials } from "../../providers/qwen-portal-oauth.js";
-import { writeClaudeCliCredentials } from "../cli-credentials.js";
-import { AUTH_STORE_LOCK_OPTIONS, CLAUDE_CLI_PROFILE_ID } from "./constants.js";
+import { AUTH_STORE_LOCK_OPTIONS, log } from "./constants.js";
import { formatAuthDoctorHint } from "./doctor.js";
import { ensureAuthStoreFile, resolveAuthStorePath } from "./paths.js";
import { suggestOAuthProfileIdForLegacyDefault } from "./repair.js";
@@ -72,12 +71,6 @@ async function refreshOAuthTokenWithLock(params: {
};
saveAuthProfileStore(store, params.agentDir);
- // Sync refreshed credentials back to Claude Code CLI if this is the claude-cli profile
- // This ensures Claude Code continues to work after ClawdBot refreshes the token
- if (params.profileId === CLAUDE_CLI_PROFILE_ID && cred.provider === "anthropic") {
- writeClaudeCliCredentials(result.newCredentials);
- }
-
return result;
} finally {
if (release) {
@@ -203,6 +196,32 @@ export async function resolveApiKeyForProfile(params: {
// keep original error
}
}
+
+ // Fallback: if this is a secondary agent, try using the main agent's credentials
+ if (params.agentDir) {
+ try {
+ const mainStore = ensureAuthProfileStore(undefined); // main agent (no agentDir)
+ const mainCred = mainStore.profiles[profileId];
+ if (mainCred?.type === "oauth" && Date.now() < mainCred.expires) {
+ // Main agent has fresh credentials - copy them to this agent and use them
+ refreshedStore.profiles[profileId] = { ...mainCred };
+ saveAuthProfileStore(refreshedStore, params.agentDir);
+ log.info("inherited fresh OAuth credentials from main agent", {
+ profileId,
+ agentDir: params.agentDir,
+ expires: new Date(mainCred.expires).toISOString(),
+ });
+ return {
+ apiKey: buildOAuthApiKey(mainCred.provider, mainCred),
+ provider: mainCred.provider,
+ email: mainCred.email,
+ };
+ }
+ } catch {
+ // keep original error if main agent fallback also fails
+ }
+ }
+
const message = error instanceof Error ? error.message : String(error);
const hint = formatAuthDoctorHint({
cfg,
diff --git a/src/agents/auth-profiles/store.ts b/src/agents/auth-profiles/store.ts
index 010f0e9b7..ae4a999b9 100644
--- a/src/agents/auth-profiles/store.ts
+++ b/src/agents/auth-profiles/store.ts
@@ -3,13 +3,8 @@ import type { OAuthCredentials } from "@mariozechner/pi-ai";
import lockfile from "proper-lockfile";
import { resolveOAuthPath } from "../../config/paths.js";
import { loadJsonFile, saveJsonFile } from "../../infra/json-file.js";
-import {
- AUTH_STORE_LOCK_OPTIONS,
- AUTH_STORE_VERSION,
- CODEX_CLI_PROFILE_ID,
- log,
-} from "./constants.js";
-import { findDuplicateCodexProfile, syncExternalCliCredentials } from "./external-cli-sync.js";
+import { AUTH_STORE_LOCK_OPTIONS, AUTH_STORE_VERSION, log } from "./constants.js";
+import { syncExternalCliCredentials } from "./external-cli-sync.js";
import { ensureAuthStoreFile, resolveAuthStorePath, resolveLegacyAuthStorePath } from "./paths.js";
import type { AuthProfileCredential, AuthProfileStore, ProfileUsageStats } from "./types.js";
@@ -229,14 +224,14 @@ export function loadAuthProfileStore(): AuthProfileStore {
function loadAuthProfileStoreForAgent(
agentDir?: string,
- options?: { allowKeychainPrompt?: boolean },
+ _options?: { allowKeychainPrompt?: boolean },
): AuthProfileStore {
const authPath = resolveAuthStorePath(agentDir);
const raw = loadJsonFile(authPath);
const asStore = coerceAuthStore(raw);
if (asStore) {
// Sync from external CLI tools on every load
- const synced = syncExternalCliCredentials(asStore, options);
+ const synced = syncExternalCliCredentials(asStore);
if (synced) {
saveJsonFile(authPath, asStore);
}
@@ -297,7 +292,7 @@ function loadAuthProfileStoreForAgent(
}
const mergedOAuth = mergeOAuthFileIntoStore(store);
- const syncedCli = syncExternalCliCredentials(store, options);
+ const syncedCli = syncExternalCliCredentials(store);
const shouldWrite = legacy !== null || mergedOAuth || syncedCli;
if (shouldWrite) {
saveJsonFile(authPath, store);
@@ -337,15 +332,6 @@ export function ensureAuthProfileStore(
const mainStore = loadAuthProfileStoreForAgent(undefined, options);
const merged = mergeAuthProfileStores(mainStore, store);
- // Keep per-agent view clean even if the main store has codex-cli.
- const codexProfile = merged.profiles[CODEX_CLI_PROFILE_ID];
- if (codexProfile?.type === "oauth") {
- const duplicateId = findDuplicateCodexProfile(merged, codexProfile);
- if (duplicateId) {
- delete merged.profiles[CODEX_CLI_PROFILE_ID];
- }
- }
-
return merged;
}
diff --git a/src/agents/compaction.test.ts b/src/agents/compaction.test.ts
index 1cfacda9a..32511a586 100644
--- a/src/agents/compaction.test.ts
+++ b/src/agents/compaction.test.ts
@@ -103,5 +103,47 @@ describe("pruneHistoryForContextShare", () => {
expect(pruned.droppedChunks).toBe(0);
expect(pruned.messages.length).toBe(messages.length);
expect(pruned.keptTokens).toBe(estimateMessagesTokens(messages));
+ expect(pruned.droppedMessagesList).toEqual([]);
+ });
+
+ it("returns droppedMessagesList containing dropped messages", () => {
+ const messages: AgentMessage[] = [
+ makeMessage(1, 4000),
+ makeMessage(2, 4000),
+ makeMessage(3, 4000),
+ makeMessage(4, 4000),
+ ];
+ const maxContextTokens = 2000; // budget is 1000 tokens (50%)
+ const pruned = pruneHistoryForContextShare({
+ messages,
+ maxContextTokens,
+ maxHistoryShare: 0.5,
+ parts: 2,
+ });
+
+ expect(pruned.droppedChunks).toBeGreaterThan(0);
+ expect(pruned.droppedMessagesList.length).toBe(pruned.droppedMessages);
+
+ // All messages accounted for: kept + dropped = original
+ const allIds = [
+ ...pruned.droppedMessagesList.map((m) => m.timestamp),
+ ...pruned.messages.map((m) => m.timestamp),
+ ].sort((a, b) => a - b);
+ const originalIds = messages.map((m) => m.timestamp).sort((a, b) => a - b);
+ expect(allIds).toEqual(originalIds);
+ });
+
+ it("returns empty droppedMessagesList when no pruning needed", () => {
+ const messages: AgentMessage[] = [makeMessage(1, 100)];
+ const pruned = pruneHistoryForContextShare({
+ messages,
+ maxContextTokens: 100_000,
+ maxHistoryShare: 0.5,
+ parts: 2,
+ });
+
+ expect(pruned.droppedChunks).toBe(0);
+ expect(pruned.droppedMessagesList).toEqual([]);
+ expect(pruned.messages.length).toBe(1);
});
});
diff --git a/src/agents/compaction.ts b/src/agents/compaction.ts
index 2ab4566fd..a88447307 100644
--- a/src/agents/compaction.ts
+++ b/src/agents/compaction.ts
@@ -301,6 +301,7 @@ export function pruneHistoryForContextShare(params: {
parts?: number;
}): {
messages: AgentMessage[];
+ droppedMessagesList: AgentMessage[];
droppedChunks: number;
droppedMessages: number;
droppedTokens: number;
@@ -310,6 +311,7 @@ export function pruneHistoryForContextShare(params: {
const maxHistoryShare = params.maxHistoryShare ?? 0.5;
const budgetTokens = Math.max(1, Math.floor(params.maxContextTokens * maxHistoryShare));
let keptMessages = params.messages;
+ const allDroppedMessages: AgentMessage[] = [];
let droppedChunks = 0;
let droppedMessages = 0;
let droppedTokens = 0;
@@ -323,11 +325,13 @@ export function pruneHistoryForContextShare(params: {
droppedChunks += 1;
droppedMessages += dropped.length;
droppedTokens += estimateMessagesTokens(dropped);
+ allDroppedMessages.push(...dropped);
keptMessages = rest.flat();
}
return {
messages: keptMessages,
+ droppedMessagesList: allDroppedMessages,
droppedChunks,
droppedMessages,
droppedTokens,
diff --git a/src/agents/model-fallback.test.ts b/src/agents/model-fallback.test.ts
index c3febd289..8662b0101 100644
--- a/src/agents/model-fallback.test.ts
+++ b/src/agents/model-fallback.test.ts
@@ -101,7 +101,7 @@ describe("runWithModelFallback", () => {
const cfg = makeCfg();
const run = vi
.fn()
- .mockRejectedValueOnce(new Error('No credentials found for profile "anthropic:claude-cli".'))
+ .mockRejectedValueOnce(new Error('No credentials found for profile "anthropic:default".'))
.mockResolvedValueOnce("ok");
const result = await runWithModelFallback({
diff --git a/src/agents/pi-embedded-helpers.isautherrormessage.test.ts b/src/agents/pi-embedded-helpers.isautherrormessage.test.ts
index 160054b11..2c8fd65d0 100644
--- a/src/agents/pi-embedded-helpers.isautherrormessage.test.ts
+++ b/src/agents/pi-embedded-helpers.isautherrormessage.test.ts
@@ -12,7 +12,7 @@ const _makeFile = (overrides: Partial): WorkspaceBootstr
describe("isAuthErrorMessage", () => {
it("matches credential validation errors", () => {
const samples = [
- 'No credentials found for profile "anthropic:claude-cli".',
+ 'No credentials found for profile "anthropic:default".',
"No API key found for profile openai.",
];
for (const sample of samples) {
diff --git a/src/agents/pi-embedded-runner/extensions.ts b/src/agents/pi-embedded-runner/extensions.ts
index 73deae21d..bb592e930 100644
--- a/src/agents/pi-embedded-runner/extensions.ts
+++ b/src/agents/pi-embedded-runner/extensions.ts
@@ -7,6 +7,7 @@ import type { SessionManager } from "@mariozechner/pi-coding-agent";
import type { ClawdbotConfig } from "../../config/config.js";
import { resolveContextWindowInfo } from "../context-window-guard.js";
import { DEFAULT_CONTEXT_TOKENS } from "../defaults.js";
+import { setCompactionSafeguardRuntime } from "../pi-extensions/compaction-safeguard-runtime.js";
import { setContextPruningRuntime } from "../pi-extensions/context-pruning/runtime.js";
import { computeEffectiveSettings } from "../pi-extensions/context-pruning/settings.js";
import { makeToolPrunablePredicate } from "../pi-extensions/context-pruning/tools.js";
@@ -75,6 +76,10 @@ export function buildEmbeddedExtensionPaths(params: {
}): string[] {
const paths: string[] = [];
if (resolveCompactionMode(params.cfg) === "safeguard") {
+ const compactionCfg = params.cfg?.agents?.defaults?.compaction;
+ setCompactionSafeguardRuntime(params.sessionManager, {
+ maxHistoryShare: compactionCfg?.maxHistoryShare,
+ });
paths.push(resolvePiExtensionPath("compaction-safeguard"));
}
const pruning = buildContextPruningExtension(params);
diff --git a/src/agents/pi-embedded-utils.test.ts b/src/agents/pi-embedded-utils.test.ts
index c765a4d3a..cca7f8cb4 100644
--- a/src/agents/pi-embedded-utils.test.ts
+++ b/src/agents/pi-embedded-utils.test.ts
@@ -1,6 +1,6 @@
import type { AssistantMessage } from "@mariozechner/pi-ai";
import { describe, expect, it } from "vitest";
-import { extractAssistantText } from "./pi-embedded-utils.js";
+import { extractAssistantText, formatReasoningMessage } from "./pi-embedded-utils.js";
describe("extractAssistantText", () => {
it("strips Minimax tool invocation XML from text", () => {
@@ -508,3 +508,41 @@ File contents here`,
expect(result).toBe("StartMiddleEnd");
});
});
+
+describe("formatReasoningMessage", () => {
+ it("returns empty string for empty input", () => {
+ expect(formatReasoningMessage("")).toBe("");
+ });
+
+ it("returns empty string for whitespace-only input", () => {
+ expect(formatReasoningMessage(" \n \t ")).toBe("");
+ });
+
+ it("wraps single line in italics", () => {
+ expect(formatReasoningMessage("Single line of reasoning")).toBe(
+ "Reasoning:\n_Single line of reasoning_",
+ );
+ });
+
+ it("wraps each line separately for multiline text (Telegram fix)", () => {
+ expect(formatReasoningMessage("Line one\nLine two\nLine three")).toBe(
+ "Reasoning:\n_Line one_\n_Line two_\n_Line three_",
+ );
+ });
+
+ it("preserves empty lines between reasoning text", () => {
+ expect(formatReasoningMessage("First block\n\nSecond block")).toBe(
+ "Reasoning:\n_First block_\n\n_Second block_",
+ );
+ });
+
+ it("handles mixed empty and non-empty lines", () => {
+ expect(formatReasoningMessage("A\n\nB\nC")).toBe("Reasoning:\n_A_\n\n_B_\n_C_");
+ });
+
+ it("trims leading/trailing whitespace", () => {
+ expect(formatReasoningMessage(" \n Reasoning here \n ")).toBe(
+ "Reasoning:\n_Reasoning here_",
+ );
+ });
+});
diff --git a/src/agents/pi-embedded-utils.ts b/src/agents/pi-embedded-utils.ts
index 89a9df805..969b0a316 100644
--- a/src/agents/pi-embedded-utils.ts
+++ b/src/agents/pi-embedded-utils.ts
@@ -211,7 +211,13 @@ export function formatReasoningMessage(text: string): string {
if (!trimmed) return "";
// Show reasoning in italics (cursive) for markdown-friendly surfaces (Discord, etc.).
// Keep the plain "Reasoning:" prefix so existing parsing/detection keeps working.
- return `Reasoning:\n_${trimmed}_`;
+ // Note: Underscore markdown cannot span multiple lines on Telegram, so we wrap
+ // each non-empty line separately.
+ const italicLines = trimmed
+ .split("\n")
+ .map((line) => (line ? `_${line}_` : line))
+ .join("\n");
+ return `Reasoning:\n${italicLines}`;
}
type ThinkTaggedSplitBlock =
diff --git a/src/agents/pi-extensions/compaction-safeguard-runtime.ts b/src/agents/pi-extensions/compaction-safeguard-runtime.ts
new file mode 100644
index 000000000..f42cf7abe
--- /dev/null
+++ b/src/agents/pi-extensions/compaction-safeguard-runtime.ts
@@ -0,0 +1,34 @@
+export type CompactionSafeguardRuntimeValue = {
+ maxHistoryShare?: number;
+};
+
+// Session-scoped runtime registry keyed by object identity.
+// Follows the same WeakMap pattern as context-pruning/runtime.ts.
+const REGISTRY = new WeakMap();
+
+export function setCompactionSafeguardRuntime(
+ sessionManager: unknown,
+ value: CompactionSafeguardRuntimeValue | null,
+): void {
+ if (!sessionManager || typeof sessionManager !== "object") {
+ return;
+ }
+
+ const key = sessionManager as object;
+ if (value === null) {
+ REGISTRY.delete(key);
+ return;
+ }
+
+ REGISTRY.set(key, value);
+}
+
+export function getCompactionSafeguardRuntime(
+ sessionManager: unknown,
+): CompactionSafeguardRuntimeValue | null {
+ if (!sessionManager || typeof sessionManager !== "object") {
+ return null;
+ }
+
+ return REGISTRY.get(sessionManager as object) ?? null;
+}
diff --git a/src/agents/pi-extensions/compaction-safeguard.test.ts b/src/agents/pi-extensions/compaction-safeguard.test.ts
index 275e10e9f..23ab1efda 100644
--- a/src/agents/pi-extensions/compaction-safeguard.test.ts
+++ b/src/agents/pi-extensions/compaction-safeguard.test.ts
@@ -1,6 +1,10 @@
import type { AgentMessage } from "@mariozechner/pi-agent-core";
import { describe, expect, it } from "vitest";
+import {
+ getCompactionSafeguardRuntime,
+ setCompactionSafeguardRuntime,
+} from "./compaction-safeguard-runtime.js";
import { __testing } from "./compaction-safeguard.js";
const {
@@ -208,3 +212,41 @@ describe("isOversizedForSummary", () => {
expect(typeof isOversized).toBe("boolean");
});
});
+
+describe("compaction-safeguard runtime registry", () => {
+ it("stores and retrieves config by session manager identity", () => {
+ const sm = {};
+ setCompactionSafeguardRuntime(sm, { maxHistoryShare: 0.3 });
+ const runtime = getCompactionSafeguardRuntime(sm);
+ expect(runtime).toEqual({ maxHistoryShare: 0.3 });
+ });
+
+ it("returns null for unknown session manager", () => {
+ const sm = {};
+ expect(getCompactionSafeguardRuntime(sm)).toBeNull();
+ });
+
+ it("clears entry when value is null", () => {
+ const sm = {};
+ setCompactionSafeguardRuntime(sm, { maxHistoryShare: 0.7 });
+ expect(getCompactionSafeguardRuntime(sm)).not.toBeNull();
+ setCompactionSafeguardRuntime(sm, null);
+ expect(getCompactionSafeguardRuntime(sm)).toBeNull();
+ });
+
+ it("ignores non-object session managers", () => {
+ setCompactionSafeguardRuntime(null, { maxHistoryShare: 0.5 });
+ expect(getCompactionSafeguardRuntime(null)).toBeNull();
+ setCompactionSafeguardRuntime(undefined, { maxHistoryShare: 0.5 });
+ expect(getCompactionSafeguardRuntime(undefined)).toBeNull();
+ });
+
+ it("isolates different session managers", () => {
+ const sm1 = {};
+ const sm2 = {};
+ setCompactionSafeguardRuntime(sm1, { maxHistoryShare: 0.3 });
+ setCompactionSafeguardRuntime(sm2, { maxHistoryShare: 0.8 });
+ expect(getCompactionSafeguardRuntime(sm1)).toEqual({ maxHistoryShare: 0.3 });
+ expect(getCompactionSafeguardRuntime(sm2)).toEqual({ maxHistoryShare: 0.8 });
+ });
+});
diff --git a/src/agents/pi-extensions/compaction-safeguard.ts b/src/agents/pi-extensions/compaction-safeguard.ts
index 82ad19f2a..b2fe39884 100644
--- a/src/agents/pi-extensions/compaction-safeguard.ts
+++ b/src/agents/pi-extensions/compaction-safeguard.ts
@@ -11,6 +11,7 @@ import {
resolveContextWindowTokens,
summarizeInStages,
} from "../compaction.js";
+import { getCompactionSafeguardRuntime } from "./compaction-safeguard-runtime.js";
const FALLBACK_SUMMARY =
"Summary unavailable due to context limits. Older messages were truncated.";
const TURN_PREFIX_INSTRUCTIONS =
@@ -174,21 +175,28 @@ export default function compactionSafeguardExtension(api: ExtensionAPI): void {
const turnPrefixMessages = preparation.turnPrefixMessages ?? [];
let messagesToSummarize = preparation.messagesToSummarize;
+ const runtime = getCompactionSafeguardRuntime(ctx.sessionManager);
+ const maxHistoryShare = runtime?.maxHistoryShare ?? 0.5;
+
const tokensBefore =
typeof preparation.tokensBefore === "number" && Number.isFinite(preparation.tokensBefore)
? preparation.tokensBefore
: undefined;
+
+ let droppedSummary: string | undefined;
+
if (tokensBefore !== undefined) {
const summarizableTokens =
estimateMessagesTokens(messagesToSummarize) + estimateMessagesTokens(turnPrefixMessages);
const newContentTokens = Math.max(0, Math.floor(tokensBefore - summarizableTokens));
- const maxHistoryTokens = Math.floor(contextWindowTokens * 0.5);
+ // Apply SAFETY_MARGIN so token underestimates don't trigger unnecessary pruning
+ const maxHistoryTokens = Math.floor(contextWindowTokens * maxHistoryShare * SAFETY_MARGIN);
if (newContentTokens > maxHistoryTokens) {
const pruned = pruneHistoryForContextShare({
messages: messagesToSummarize,
maxContextTokens: contextWindowTokens,
- maxHistoryShare: 0.5,
+ maxHistoryShare,
parts: 2,
});
if (pruned.droppedChunks > 0) {
@@ -200,6 +208,37 @@ export default function compactionSafeguardExtension(api: ExtensionAPI): void {
`(${pruned.droppedMessages} messages) to fit history budget.`,
);
messagesToSummarize = pruned.messages;
+
+ // Summarize dropped messages so context isn't lost
+ if (pruned.droppedMessagesList.length > 0) {
+ try {
+ const droppedChunkRatio = computeAdaptiveChunkRatio(
+ pruned.droppedMessagesList,
+ contextWindowTokens,
+ );
+ const droppedMaxChunkTokens = Math.max(
+ 1,
+ Math.floor(contextWindowTokens * droppedChunkRatio),
+ );
+ droppedSummary = await summarizeInStages({
+ messages: pruned.droppedMessagesList,
+ model,
+ apiKey,
+ signal,
+ reserveTokens: Math.max(1, Math.floor(preparation.settings.reserveTokens)),
+ maxChunkTokens: droppedMaxChunkTokens,
+ contextWindow: contextWindowTokens,
+ customInstructions,
+ previousSummary: preparation.previousSummary,
+ });
+ } catch (droppedError) {
+ console.warn(
+ `Compaction safeguard: failed to summarize dropped messages, continuing without: ${
+ droppedError instanceof Error ? droppedError.message : String(droppedError)
+ }`,
+ );
+ }
+ }
}
}
}
@@ -210,6 +249,10 @@ export default function compactionSafeguardExtension(api: ExtensionAPI): void {
const maxChunkTokens = Math.max(1, Math.floor(contextWindowTokens * adaptiveRatio));
const reserveTokens = Math.max(1, Math.floor(preparation.settings.reserveTokens));
+ // Feed dropped-messages summary as previousSummary so the main summarization
+ // incorporates context from pruned messages instead of losing it entirely.
+ const effectivePreviousSummary = droppedSummary ?? preparation.previousSummary;
+
const historySummary = await summarizeInStages({
messages: messagesToSummarize,
model,
@@ -219,7 +262,7 @@ export default function compactionSafeguardExtension(api: ExtensionAPI): void {
maxChunkTokens,
contextWindow: contextWindowTokens,
customInstructions,
- previousSummary: preparation.previousSummary,
+ previousSummary: effectivePreviousSummary,
});
let summary = historySummary;
diff --git a/src/agents/pi-tools.policy.ts b/src/agents/pi-tools.policy.ts
index 98585ca9d..d6e125e33 100644
--- a/src/agents/pi-tools.policy.ts
+++ b/src/agents/pi-tools.policy.ts
@@ -96,13 +96,28 @@ export function filterToolsByPolicy(tools: AnyAgentTool[], policy?: SandboxToolP
type ToolPolicyConfig = {
allow?: string[];
+ alsoAllow?: string[];
deny?: string[];
profile?: string;
};
+function unionAllow(base?: string[], extra?: string[]) {
+ if (!Array.isArray(extra) || extra.length === 0) return base;
+ // If the user is using alsoAllow without an allowlist, treat it as additive on top of
+ // an implicit allow-all policy.
+ if (!Array.isArray(base) || base.length === 0) {
+ return Array.from(new Set(["*", ...extra]));
+ }
+ return Array.from(new Set([...base, ...extra]));
+}
+
function pickToolPolicy(config?: ToolPolicyConfig): SandboxToolPolicy | undefined {
if (!config) return undefined;
- const allow = Array.isArray(config.allow) ? config.allow : undefined;
+ const allow = Array.isArray(config.allow)
+ ? unionAllow(config.allow, config.alsoAllow)
+ : Array.isArray(config.alsoAllow) && config.alsoAllow.length > 0
+ ? unionAllow(undefined, config.alsoAllow)
+ : undefined;
const deny = Array.isArray(config.deny) ? config.deny : undefined;
if (!allow && !deny) return undefined;
return { allow, deny };
@@ -195,6 +210,17 @@ export function resolveEffectiveToolPolicy(params: {
agentProviderPolicy: pickToolPolicy(agentProviderPolicy),
profile,
providerProfile: agentProviderPolicy?.profile ?? providerPolicy?.profile,
+ // alsoAllow is applied at the profile stage (to avoid being filtered out early).
+ profileAlsoAllow: Array.isArray(agentTools?.alsoAllow)
+ ? agentTools?.alsoAllow
+ : Array.isArray(globalTools?.alsoAllow)
+ ? globalTools?.alsoAllow
+ : undefined,
+ providerProfileAlsoAllow: Array.isArray(agentProviderPolicy?.alsoAllow)
+ ? agentProviderPolicy?.alsoAllow
+ : Array.isArray(providerPolicy?.alsoAllow)
+ ? providerPolicy?.alsoAllow
+ : undefined,
};
}
diff --git a/src/agents/pi-tools.safe-bins.test.ts b/src/agents/pi-tools.safe-bins.test.ts
new file mode 100644
index 000000000..43202bbb5
--- /dev/null
+++ b/src/agents/pi-tools.safe-bins.test.ts
@@ -0,0 +1,78 @@
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import { describe, expect, it, vi } from "vitest";
+import type { ClawdbotConfig } from "../config/config.js";
+import type { ExecApprovalsResolved } from "../infra/exec-approvals.js";
+import { createClawdbotCodingTools } from "./pi-tools.js";
+
+vi.mock("../infra/exec-approvals.js", async (importOriginal) => {
+ const mod = await importOriginal();
+ const approvals: ExecApprovalsResolved = {
+ path: "/tmp/exec-approvals.json",
+ socketPath: "/tmp/exec-approvals.sock",
+ token: "token",
+ defaults: {
+ security: "allowlist",
+ ask: "off",
+ askFallback: "deny",
+ autoAllowSkills: false,
+ },
+ agent: {
+ security: "allowlist",
+ ask: "off",
+ askFallback: "deny",
+ autoAllowSkills: false,
+ },
+ allowlist: [],
+ file: {
+ version: 1,
+ socket: { path: "/tmp/exec-approvals.sock", token: "token" },
+ defaults: {
+ security: "allowlist",
+ ask: "off",
+ askFallback: "deny",
+ autoAllowSkills: false,
+ },
+ agents: {},
+ },
+ };
+ return { ...mod, resolveExecApprovals: () => approvals };
+});
+
+describe("createClawdbotCodingTools safeBins", () => {
+ it("threads tools.exec.safeBins into exec allowlist checks", async () => {
+ if (process.platform === "win32") return;
+
+ const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "clawdbot-safe-bins-"));
+ const cfg: ClawdbotConfig = {
+ tools: {
+ exec: {
+ host: "gateway",
+ security: "allowlist",
+ ask: "off",
+ safeBins: ["echo"],
+ },
+ },
+ };
+
+ const tools = createClawdbotCodingTools({
+ config: cfg,
+ sessionKey: "agent:main:main",
+ workspaceDir: tmpDir,
+ agentDir: path.join(tmpDir, "agent"),
+ });
+ const execTool = tools.find((tool) => tool.name === "exec");
+ expect(execTool).toBeDefined();
+
+ const marker = `safe-bins-${Date.now()}`;
+ const result = await execTool!.execute("call1", {
+ command: `echo ${marker}`,
+ workdir: tmpDir,
+ });
+ const text = result.content.find((content) => content.type === "text")?.text ?? "";
+
+ expect(result.details.status).toBe("completed");
+ expect(text).toContain(marker);
+ });
+});
diff --git a/src/agents/pi-tools.ts b/src/agents/pi-tools.ts
index bd745da03..4a0bebed0 100644
--- a/src/agents/pi-tools.ts
+++ b/src/agents/pi-tools.ts
@@ -86,6 +86,7 @@ function resolveExecConfig(cfg: ClawdbotConfig | undefined) {
ask: globalExec?.ask,
node: globalExec?.node,
pathPrepend: globalExec?.pathPrepend,
+ safeBins: globalExec?.safeBins,
backgroundMs: globalExec?.backgroundMs,
timeoutSec: globalExec?.timeoutSec,
approvalRunningNoticeMs: globalExec?.approvalRunningNoticeMs,
@@ -156,6 +157,8 @@ export function createClawdbotCodingTools(options?: {
agentProviderPolicy,
profile,
providerProfile,
+ profileAlsoAllow,
+ providerProfileAlsoAllow,
} = resolveEffectiveToolPolicy({
config: options?.config,
sessionKey: options?.sessionKey,
@@ -174,14 +177,25 @@ export function createClawdbotCodingTools(options?: {
});
const profilePolicy = resolveToolProfilePolicy(profile);
const providerProfilePolicy = resolveToolProfilePolicy(providerProfile);
+
+ const mergeAlsoAllow = (policy: typeof profilePolicy, alsoAllow?: string[]) => {
+ if (!policy?.allow || !Array.isArray(alsoAllow) || alsoAllow.length === 0) return policy;
+ return { ...policy, allow: Array.from(new Set([...policy.allow, ...alsoAllow])) };
+ };
+
+ const profilePolicyWithAlsoAllow = mergeAlsoAllow(profilePolicy, profileAlsoAllow);
+ const providerProfilePolicyWithAlsoAllow = mergeAlsoAllow(
+ providerProfilePolicy,
+ providerProfileAlsoAllow,
+ );
const scopeKey = options?.exec?.scopeKey ?? (agentId ? `agent:${agentId}` : undefined);
const subagentPolicy =
isSubagentSessionKey(options?.sessionKey) && options?.sessionKey
? resolveSubagentToolPolicy(options.config)
: undefined;
const allowBackground = isToolAllowedByPolicies("process", [
- profilePolicy,
- providerProfilePolicy,
+ profilePolicyWithAlsoAllow,
+ providerProfilePolicyWithAlsoAllow,
globalPolicy,
globalProviderPolicy,
agentPolicy,
@@ -235,6 +249,7 @@ export function createClawdbotCodingTools(options?: {
ask: options?.exec?.ask ?? execConfig.ask,
node: options?.exec?.node ?? execConfig.node,
pathPrepend: options?.exec?.pathPrepend ?? execConfig.pathPrepend,
+ safeBins: options?.exec?.safeBins ?? execConfig.safeBins,
agentId,
cwd: options?.workspaceDir,
allowBackground,
@@ -331,18 +346,18 @@ export function createClawdbotCodingTools(options?: {
if (resolved.unknownAllowlist.length > 0) {
const entries = resolved.unknownAllowlist.join(", ");
const suffix = resolved.strippedAllowlist
- ? "Ignoring allowlist so core tools remain available."
+ ? "Ignoring allowlist so core tools remain available. Use tools.alsoAllow for additive plugin tool enablement."
: "These entries won't match any tool unless the plugin is enabled.";
logWarn(`tools: ${label} allowlist contains unknown entries (${entries}). ${suffix}`);
}
return expandPolicyWithPluginGroups(resolved.policy, pluginGroups);
};
const profilePolicyExpanded = resolvePolicy(
- profilePolicy,
+ profilePolicyWithAlsoAllow,
profile ? `tools.profile (${profile})` : "tools.profile",
);
const providerProfileExpanded = resolvePolicy(
- providerProfilePolicy,
+ providerProfilePolicyWithAlsoAllow,
providerProfile ? `tools.byProvider.profile (${providerProfile})` : "tools.byProvider.profile",
);
const globalPolicyExpanded = resolvePolicy(globalPolicy, "tools.allow");
diff --git a/src/agents/session-write-lock.test.ts b/src/agents/session-write-lock.test.ts
index 8f93bface..072eca364 100644
--- a/src/agents/session-write-lock.test.ts
+++ b/src/agents/session-write-lock.test.ts
@@ -3,7 +3,7 @@ import os from "node:os";
import path from "node:path";
import { describe, expect, it } from "vitest";
-import { acquireSessionWriteLock } from "./session-write-lock.js";
+import { __testing, acquireSessionWriteLock } from "./session-write-lock.js";
describe("acquireSessionWriteLock", () => {
it("reuses locks across symlinked session paths", async () => {
@@ -31,4 +31,132 @@ describe("acquireSessionWriteLock", () => {
await fs.rm(root, { recursive: true, force: true });
}
});
+
+ it("keeps the lock file until the last release", async () => {
+ const root = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-lock-"));
+ try {
+ const sessionFile = path.join(root, "sessions.json");
+ const lockPath = `${sessionFile}.lock`;
+
+ const lockA = await acquireSessionWriteLock({ sessionFile, timeoutMs: 500 });
+ const lockB = await acquireSessionWriteLock({ sessionFile, timeoutMs: 500 });
+
+ await expect(fs.access(lockPath)).resolves.toBeUndefined();
+ await lockA.release();
+ await expect(fs.access(lockPath)).resolves.toBeUndefined();
+ await lockB.release();
+ await expect(fs.access(lockPath)).rejects.toThrow();
+ } finally {
+ await fs.rm(root, { recursive: true, force: true });
+ }
+ });
+
+ it("reclaims stale lock files", async () => {
+ const root = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-lock-"));
+ try {
+ const sessionFile = path.join(root, "sessions.json");
+ const lockPath = `${sessionFile}.lock`;
+ await fs.writeFile(
+ lockPath,
+ JSON.stringify({ pid: 123456, createdAt: new Date(Date.now() - 60_000).toISOString() }),
+ "utf8",
+ );
+
+ const lock = await acquireSessionWriteLock({ sessionFile, timeoutMs: 500, staleMs: 10 });
+ const raw = await fs.readFile(lockPath, "utf8");
+ const payload = JSON.parse(raw) as { pid: number };
+
+ expect(payload.pid).toBe(process.pid);
+ await lock.release();
+ } finally {
+ await fs.rm(root, { recursive: true, force: true });
+ }
+ });
+
+ it("removes held locks on termination signals", async () => {
+ const signals = ["SIGINT", "SIGTERM", "SIGQUIT", "SIGABRT"] as const;
+ for (const signal of signals) {
+ const root = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-lock-cleanup-"));
+ try {
+ const sessionFile = path.join(root, "sessions.json");
+ const lockPath = `${sessionFile}.lock`;
+ await acquireSessionWriteLock({ sessionFile, timeoutMs: 500 });
+ const keepAlive = () => {};
+ if (signal === "SIGINT") {
+ process.on(signal, keepAlive);
+ }
+
+ __testing.handleTerminationSignal(signal);
+
+ await expect(fs.stat(lockPath)).rejects.toThrow();
+ if (signal === "SIGINT") {
+ process.off(signal, keepAlive);
+ }
+ } finally {
+ await fs.rm(root, { recursive: true, force: true });
+ }
+ }
+ });
+
+ it("registers cleanup for SIGQUIT and SIGABRT", () => {
+ expect(__testing.cleanupSignals).toContain("SIGQUIT");
+ expect(__testing.cleanupSignals).toContain("SIGABRT");
+ });
+ it("cleans up locks on SIGINT without removing other handlers", async () => {
+ const root = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-lock-"));
+ const originalKill = process.kill.bind(process);
+ const killCalls: Array = [];
+ let otherHandlerCalled = false;
+
+ process.kill = ((pid: number, signal?: NodeJS.Signals) => {
+ killCalls.push(signal);
+ return true;
+ }) as typeof process.kill;
+
+ const otherHandler = () => {
+ otherHandlerCalled = true;
+ };
+
+ process.on("SIGINT", otherHandler);
+
+ try {
+ const sessionFile = path.join(root, "sessions.json");
+ const lockPath = `${sessionFile}.lock`;
+ await acquireSessionWriteLock({ sessionFile, timeoutMs: 500 });
+
+ process.emit("SIGINT");
+
+ await expect(fs.access(lockPath)).rejects.toThrow();
+ expect(otherHandlerCalled).toBe(true);
+ expect(killCalls).toEqual([]);
+ } finally {
+ process.off("SIGINT", otherHandler);
+ process.kill = originalKill;
+ await fs.rm(root, { recursive: true, force: true });
+ }
+ });
+
+ it("cleans up locks on exit", async () => {
+ const root = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-lock-"));
+ try {
+ const sessionFile = path.join(root, "sessions.json");
+ const lockPath = `${sessionFile}.lock`;
+ await acquireSessionWriteLock({ sessionFile, timeoutMs: 500 });
+
+ process.emit("exit", 0);
+
+ await expect(fs.access(lockPath)).rejects.toThrow();
+ } finally {
+ await fs.rm(root, { recursive: true, force: true });
+ }
+ });
+ it("keeps other signal listeners registered", () => {
+ const keepAlive = () => {};
+ process.on("SIGINT", keepAlive);
+
+ __testing.handleTerminationSignal("SIGINT");
+
+ expect(process.listeners("SIGINT")).toContain(keepAlive);
+ process.off("SIGINT", keepAlive);
+ });
});
diff --git a/src/agents/session-write-lock.ts b/src/agents/session-write-lock.ts
index 54e61d965..832d368a6 100644
--- a/src/agents/session-write-lock.ts
+++ b/src/agents/session-write-lock.ts
@@ -1,3 +1,4 @@
+import fsSync from "node:fs";
import fs from "node:fs/promises";
import path from "node:path";
@@ -13,6 +14,9 @@ type HeldLock = {
};
const HELD_LOCKS = new Map();
+const CLEANUP_SIGNALS = ["SIGINT", "SIGTERM", "SIGQUIT", "SIGABRT"] as const;
+type CleanupSignal = (typeof CLEANUP_SIGNALS)[number];
+const cleanupHandlers = new Map void>();
function isAlive(pid: number): boolean {
if (!Number.isFinite(pid) || pid <= 0) return false;
@@ -24,6 +28,65 @@ function isAlive(pid: number): boolean {
}
}
+/**
+ * Synchronously release all held locks.
+ * Used during process exit when async operations aren't reliable.
+ */
+function releaseAllLocksSync(): void {
+ for (const [sessionFile, held] of HELD_LOCKS) {
+ try {
+ if (typeof held.handle.fd === "number") {
+ fsSync.closeSync(held.handle.fd);
+ }
+ } catch {
+ // Ignore errors during cleanup - best effort
+ }
+ try {
+ fsSync.rmSync(held.lockPath, { force: true });
+ } catch {
+ // Ignore errors during cleanup - best effort
+ }
+ HELD_LOCKS.delete(sessionFile);
+ }
+}
+
+let cleanupRegistered = false;
+
+function handleTerminationSignal(signal: CleanupSignal): void {
+ releaseAllLocksSync();
+ const shouldReraise = process.listenerCount(signal) === 1;
+ if (shouldReraise) {
+ const handler = cleanupHandlers.get(signal);
+ if (handler) process.off(signal, handler);
+ try {
+ process.kill(process.pid, signal);
+ } catch {
+ // Ignore errors during shutdown
+ }
+ }
+}
+
+function registerCleanupHandlers(): void {
+ if (cleanupRegistered) return;
+ cleanupRegistered = true;
+
+ // Cleanup on normal exit and process.exit() calls
+ process.on("exit", () => {
+ releaseAllLocksSync();
+ });
+
+ // Handle termination signals
+ for (const signal of CLEANUP_SIGNALS) {
+ try {
+ const handler = () => handleTerminationSignal(signal);
+ cleanupHandlers.set(signal, handler);
+ process.on(signal, handler);
+ } catch {
+ // Ignore unsupported signals on this platform.
+ }
+ }
+}
+
async function readLockPayload(lockPath: string): Promise {
try {
const raw = await fs.readFile(lockPath, "utf8");
@@ -43,6 +106,7 @@ export async function acquireSessionWriteLock(params: {
}): Promise<{
release: () => Promise;
}> {
+ registerCleanupHandlers();
const timeoutMs = params.timeoutMs ?? 10_000;
const staleMs = params.staleMs ?? 30 * 60 * 1000;
const sessionFile = path.resolve(params.sessionFile);
@@ -116,3 +180,9 @@ export async function acquireSessionWriteLock(params: {
const owner = payload?.pid ? `pid=${payload.pid}` : "unknown";
throw new Error(`session file locked (timeout ${timeoutMs}ms): ${owner} ${lockPath}`);
}
+
+export const __testing = {
+ cleanupSignals: [...CLEANUP_SIGNALS],
+ handleTerminationSignal,
+ releaseAllLocksSync,
+};
diff --git a/src/agents/tool-policy.ts b/src/agents/tool-policy.ts
index ac2b1a91c..85152069e 100644
--- a/src/agents/tool-policy.ts
+++ b/src/agents/tool-policy.ts
@@ -209,6 +209,12 @@ export function stripPluginOnlyAllowlist(
if (!isCoreEntry && !isPluginEntry) unknownAllowlist.push(entry);
}
const strippedAllowlist = !hasCoreEntry;
+ // When an allowlist contains only plugin tools, we strip it to avoid accidentally
+ // disabling core tools. Users who want additive behavior should prefer `tools.alsoAllow`.
+ if (strippedAllowlist) {
+ // Note: logging happens in the caller (pi-tools/tools-invoke) after this function returns.
+ // We keep this note here for future maintainers.
+ }
return {
policy: strippedAllowlist ? { ...policy, allow: undefined } : policy,
unknownAllowlist: Array.from(new Set(unknownAllowlist)),
diff --git a/src/agents/tools/discord-actions-guild.ts b/src/agents/tools/discord-actions-guild.ts
index 0994829bd..26e21c82e 100644
--- a/src/agents/tools/discord-actions-guild.ts
+++ b/src/agents/tools/discord-actions-guild.ts
@@ -1,5 +1,6 @@
import type { AgentToolResult } from "@mariozechner/pi-agent-core";
import type { DiscordActionConfig } from "../../config/config.js";
+import { getPresence } from "../../discord/monitor/presence-cache.js";
import {
addRoleDiscord,
createChannelDiscord,
@@ -54,7 +55,10 @@ export async function handleDiscordGuildAction(
const member = accountId
? await fetchMemberInfoDiscord(guildId, userId, { accountId })
: await fetchMemberInfoDiscord(guildId, userId);
- return jsonResult({ ok: true, member });
+ const presence = getPresence(accountId, userId);
+ const activities = presence?.activities ?? undefined;
+ const status = presence?.status ?? undefined;
+ return jsonResult({ ok: true, member, ...(presence ? { status, activities } : {}) });
}
case "roleInfo": {
if (!isActionEnabled("roleInfo")) {
diff --git a/src/agents/tools/message-tool.ts b/src/agents/tools/message-tool.ts
index eae4356db..73969cb54 100644
--- a/src/agents/tools/message-tool.ts
+++ b/src/agents/tools/message-tool.ts
@@ -59,6 +59,7 @@ function buildSendSchema(options: { includeButtons: boolean; includeCards: boole
replyTo: Type.Optional(Type.String()),
threadId: Type.Optional(Type.String()),
asVoice: Type.Optional(Type.Boolean()),
+ silent: Type.Optional(Type.Boolean()),
bestEffort: Type.Optional(Type.Boolean()),
gifPlayback: Type.Optional(Type.Boolean()),
buttons: Type.Optional(
diff --git a/src/agents/tools/telegram-actions.ts b/src/agents/tools/telegram-actions.ts
index 5385dd10f..891ab2b45 100644
--- a/src/agents/tools/telegram-actions.ts
+++ b/src/agents/tools/telegram-actions.ts
@@ -3,6 +3,7 @@ import type { ClawdbotConfig } from "../../config/config.js";
import { resolveTelegramReactionLevel } from "../../telegram/reaction-level.js";
import {
deleteMessageTelegram,
+ editMessageTelegram,
reactMessageTelegram,
sendMessageTelegram,
} from "../../telegram/send.js";
@@ -176,6 +177,7 @@ export async function handleTelegramAction(
replyToMessageId: replyToMessageId ?? undefined,
messageThreadId: messageThreadId ?? undefined,
asVoice: typeof params.asVoice === "boolean" ? params.asVoice : undefined,
+ silent: typeof params.silent === "boolean" ? params.silent : undefined,
});
return jsonResult({
ok: true,
@@ -208,5 +210,50 @@ export async function handleTelegramAction(
return jsonResult({ ok: true, deleted: true });
}
+ if (action === "editMessage") {
+ if (!isActionEnabled("editMessage")) {
+ throw new Error("Telegram editMessage is disabled.");
+ }
+ const chatId = readStringOrNumberParam(params, "chatId", {
+ required: true,
+ });
+ const messageId = readNumberParam(params, "messageId", {
+ required: true,
+ integer: true,
+ });
+ const content = readStringParam(params, "content", {
+ required: true,
+ allowEmpty: false,
+ });
+ const buttons = readTelegramButtons(params);
+ if (buttons) {
+ const inlineButtonsScope = resolveTelegramInlineButtonsScope({
+ cfg,
+ accountId: accountId ?? undefined,
+ });
+ if (inlineButtonsScope === "off") {
+ throw new Error(
+ 'Telegram inline buttons are disabled. Set channels.telegram.capabilities.inlineButtons to "dm", "group", "all", or "allowlist".',
+ );
+ }
+ }
+ const token = resolveTelegramToken(cfg, { accountId }).token;
+ if (!token) {
+ throw new Error(
+ "Telegram bot token missing. Set TELEGRAM_BOT_TOKEN or channels.telegram.botToken.",
+ );
+ }
+ const result = await editMessageTelegram(chatId ?? "", messageId ?? 0, content, {
+ token,
+ accountId: accountId ?? undefined,
+ buttons,
+ });
+ return jsonResult({
+ ok: true,
+ messageId: result.messageId,
+ chatId: result.chatId,
+ });
+ }
+
throw new Error(`Unsupported Telegram action: ${action}`);
}
diff --git a/src/agents/tools/web-fetch.ts b/src/agents/tools/web-fetch.ts
index c8bcaa609..9f1e565dd 100644
--- a/src/agents/tools/web-fetch.ts
+++ b/src/agents/tools/web-fetch.ts
@@ -1,7 +1,13 @@
import { Type } from "@sinclair/typebox";
import type { ClawdbotConfig } from "../../config/config.js";
-import { assertPublicHostname, SsrFBlockedError } from "../../infra/net/ssrf.js";
+import {
+ closeDispatcher,
+ createPinnedDispatcher,
+ resolvePinnedHostname,
+ SsrFBlockedError,
+} from "../../infra/net/ssrf.js";
+import type { Dispatcher } from "undici";
import { stringEnum } from "../schema/typebox.js";
import type { AnyAgentTool } from "./common.js";
import { jsonResult, readNumberParam, readStringParam } from "./common.js";
@@ -167,7 +173,7 @@ async function fetchWithRedirects(params: {
maxRedirects: number;
timeoutSeconds: number;
userAgent: string;
-}): Promise<{ response: Response; finalUrl: string }> {
+}): Promise<{ response: Response; finalUrl: string; dispatcher: Dispatcher }> {
const signal = withTimeout(undefined, params.timeoutSeconds * 1000);
const visited = new Set();
let currentUrl = params.url;
@@ -184,39 +190,50 @@ async function fetchWithRedirects(params: {
throw new Error("Invalid URL: must be http or https");
}
- await assertPublicHostname(parsedUrl.hostname);
-
- const res = await fetch(parsedUrl.toString(), {
- method: "GET",
- headers: {
- Accept: "*/*",
- "User-Agent": params.userAgent,
- "Accept-Language": "en-US,en;q=0.9",
- },
- signal,
- redirect: "manual",
- });
+ const pinned = await resolvePinnedHostname(parsedUrl.hostname);
+ const dispatcher = createPinnedDispatcher(pinned);
+ let res: Response;
+ try {
+ res = await fetch(parsedUrl.toString(), {
+ method: "GET",
+ headers: {
+ Accept: "*/*",
+ "User-Agent": params.userAgent,
+ "Accept-Language": "en-US,en;q=0.9",
+ },
+ signal,
+ redirect: "manual",
+ dispatcher,
+ } as RequestInit);
+ } catch (err) {
+ await closeDispatcher(dispatcher);
+ throw err;
+ }
if (isRedirectStatus(res.status)) {
const location = res.headers.get("location");
if (!location) {
+ await closeDispatcher(dispatcher);
throw new Error(`Redirect missing location header (${res.status})`);
}
redirectCount += 1;
if (redirectCount > params.maxRedirects) {
+ await closeDispatcher(dispatcher);
throw new Error(`Too many redirects (limit: ${params.maxRedirects})`);
}
const nextUrl = new URL(location, parsedUrl).toString();
if (visited.has(nextUrl)) {
+ await closeDispatcher(dispatcher);
throw new Error("Redirect loop detected");
}
visited.add(nextUrl);
void res.body?.cancel();
+ await closeDispatcher(dispatcher);
currentUrl = nextUrl;
continue;
}
- return { response: res, finalUrl: currentUrl };
+ return { response: res, finalUrl: currentUrl, dispatcher };
}
}
@@ -348,6 +365,7 @@ async function runWebFetch(params: {
const start = Date.now();
let res: Response;
+ let dispatcher: Dispatcher | null = null;
let finalUrl = params.url;
try {
const result = await fetchWithRedirects({
@@ -358,6 +376,7 @@ async function runWebFetch(params: {
});
res = result.response;
finalUrl = result.finalUrl;
+ dispatcher = result.dispatcher;
} catch (error) {
if (error instanceof SsrFBlockedError) {
throw error;
@@ -396,108 +415,112 @@ async function runWebFetch(params: {
throw error;
}
- if (!res.ok) {
- if (params.firecrawlEnabled && params.firecrawlApiKey) {
- const firecrawl = await fetchFirecrawlContent({
- url: params.url,
- extractMode: params.extractMode,
- apiKey: params.firecrawlApiKey,
- baseUrl: params.firecrawlBaseUrl,
- onlyMainContent: params.firecrawlOnlyMainContent,
- maxAgeMs: params.firecrawlMaxAgeMs,
- proxy: params.firecrawlProxy,
- storeInCache: params.firecrawlStoreInCache,
- timeoutSeconds: params.firecrawlTimeoutSeconds,
- });
- const truncated = truncateText(firecrawl.text, params.maxChars);
- const payload = {
- url: params.url,
- finalUrl: firecrawl.finalUrl || finalUrl,
- status: firecrawl.status ?? res.status,
- contentType: "text/markdown",
- title: firecrawl.title,
- extractMode: params.extractMode,
- extractor: "firecrawl",
- truncated: truncated.truncated,
- length: truncated.text.length,
- fetchedAt: new Date().toISOString(),
- tookMs: Date.now() - start,
- text: truncated.text,
- warning: firecrawl.warning,
- };
- writeCache(FETCH_CACHE, cacheKey, payload, params.cacheTtlMs);
- return payload;
- }
- const rawDetail = await readResponseText(res);
- const detail = formatWebFetchErrorDetail({
- detail: rawDetail,
- contentType: res.headers.get("content-type"),
- maxChars: DEFAULT_ERROR_MAX_CHARS,
- });
- throw new Error(`Web fetch failed (${res.status}): ${detail || res.statusText}`);
- }
-
- const contentType = res.headers.get("content-type") ?? "application/octet-stream";
- const body = await readResponseText(res);
-
- let title: string | undefined;
- let extractor = "raw";
- let text = body;
- if (contentType.includes("text/html")) {
- if (params.readabilityEnabled) {
- const readable = await extractReadableContent({
- html: body,
- url: finalUrl,
- extractMode: params.extractMode,
- });
- if (readable?.text) {
- text = readable.text;
- title = readable.title;
- extractor = "readability";
- } else {
- const firecrawl = await tryFirecrawlFallback({ ...params, url: finalUrl });
- if (firecrawl) {
- text = firecrawl.text;
- title = firecrawl.title;
- extractor = "firecrawl";
- } else {
- throw new Error(
- "Web fetch extraction failed: Readability and Firecrawl returned no content.",
- );
- }
+ try {
+ if (!res.ok) {
+ if (params.firecrawlEnabled && params.firecrawlApiKey) {
+ const firecrawl = await fetchFirecrawlContent({
+ url: params.url,
+ extractMode: params.extractMode,
+ apiKey: params.firecrawlApiKey,
+ baseUrl: params.firecrawlBaseUrl,
+ onlyMainContent: params.firecrawlOnlyMainContent,
+ maxAgeMs: params.firecrawlMaxAgeMs,
+ proxy: params.firecrawlProxy,
+ storeInCache: params.firecrawlStoreInCache,
+ timeoutSeconds: params.firecrawlTimeoutSeconds,
+ });
+ const truncated = truncateText(firecrawl.text, params.maxChars);
+ const payload = {
+ url: params.url,
+ finalUrl: firecrawl.finalUrl || finalUrl,
+ status: firecrawl.status ?? res.status,
+ contentType: "text/markdown",
+ title: firecrawl.title,
+ extractMode: params.extractMode,
+ extractor: "firecrawl",
+ truncated: truncated.truncated,
+ length: truncated.text.length,
+ fetchedAt: new Date().toISOString(),
+ tookMs: Date.now() - start,
+ text: truncated.text,
+ warning: firecrawl.warning,
+ };
+ writeCache(FETCH_CACHE, cacheKey, payload, params.cacheTtlMs);
+ return payload;
}
- } else {
- throw new Error(
- "Web fetch extraction failed: Readability disabled and Firecrawl unavailable.",
- );
+ const rawDetail = await readResponseText(res);
+ const detail = formatWebFetchErrorDetail({
+ detail: rawDetail,
+ contentType: res.headers.get("content-type"),
+ maxChars: DEFAULT_ERROR_MAX_CHARS,
+ });
+ throw new Error(`Web fetch failed (${res.status}): ${detail || res.statusText}`);
}
- } else if (contentType.includes("application/json")) {
- try {
- text = JSON.stringify(JSON.parse(body), null, 2);
- extractor = "json";
- } catch {
- text = body;
- extractor = "raw";
- }
- }
- const truncated = truncateText(text, params.maxChars);
- const payload = {
- url: params.url,
- finalUrl,
- status: res.status,
- contentType,
- title,
- extractMode: params.extractMode,
- extractor,
- truncated: truncated.truncated,
- length: truncated.text.length,
- fetchedAt: new Date().toISOString(),
- tookMs: Date.now() - start,
- text: truncated.text,
- };
- writeCache(FETCH_CACHE, cacheKey, payload, params.cacheTtlMs);
- return payload;
+ const contentType = res.headers.get("content-type") ?? "application/octet-stream";
+ const body = await readResponseText(res);
+
+ let title: string | undefined;
+ let extractor = "raw";
+ let text = body;
+ if (contentType.includes("text/html")) {
+ if (params.readabilityEnabled) {
+ const readable = await extractReadableContent({
+ html: body,
+ url: finalUrl,
+ extractMode: params.extractMode,
+ });
+ if (readable?.text) {
+ text = readable.text;
+ title = readable.title;
+ extractor = "readability";
+ } else {
+ const firecrawl = await tryFirecrawlFallback({ ...params, url: finalUrl });
+ if (firecrawl) {
+ text = firecrawl.text;
+ title = firecrawl.title;
+ extractor = "firecrawl";
+ } else {
+ throw new Error(
+ "Web fetch extraction failed: Readability and Firecrawl returned no content.",
+ );
+ }
+ }
+ } else {
+ throw new Error(
+ "Web fetch extraction failed: Readability disabled and Firecrawl unavailable.",
+ );
+ }
+ } else if (contentType.includes("application/json")) {
+ try {
+ text = JSON.stringify(JSON.parse(body), null, 2);
+ extractor = "json";
+ } catch {
+ text = body;
+ extractor = "raw";
+ }
+ }
+
+ const truncated = truncateText(text, params.maxChars);
+ const payload = {
+ url: params.url,
+ finalUrl,
+ status: res.status,
+ contentType,
+ title,
+ extractMode: params.extractMode,
+ extractor,
+ truncated: truncated.truncated,
+ length: truncated.text.length,
+ fetchedAt: new Date().toISOString(),
+ tookMs: Date.now() - start,
+ text: truncated.text,
+ };
+ writeCache(FETCH_CACHE, cacheKey, payload, params.cacheTtlMs);
+ return payload;
+ } finally {
+ await closeDispatcher(dispatcher);
+ }
}
async function tryFirecrawlFallback(params: {
diff --git a/src/agents/workspace.test.ts b/src/agents/workspace.test.ts
index 8c4f5a0de..ff589a193 100644
--- a/src/agents/workspace.test.ts
+++ b/src/agents/workspace.test.ts
@@ -1,152 +1,49 @@
-import fs from "node:fs/promises";
-import os from "node:os";
-import path from "node:path";
import { describe, expect, it } from "vitest";
-import { runCommandWithTimeout } from "../process/exec.js";
-import type { WorkspaceBootstrapFile } from "./workspace.js";
+
import {
- DEFAULT_AGENTS_FILENAME,
- DEFAULT_BOOTSTRAP_FILENAME,
- DEFAULT_HEARTBEAT_FILENAME,
- DEFAULT_IDENTITY_FILENAME,
- DEFAULT_SOUL_FILENAME,
- DEFAULT_TOOLS_FILENAME,
- DEFAULT_USER_FILENAME,
- ensureAgentWorkspace,
- filterBootstrapFilesForSession,
+ DEFAULT_MEMORY_ALT_FILENAME,
+ DEFAULT_MEMORY_FILENAME,
+ loadWorkspaceBootstrapFiles,
} from "./workspace.js";
+import { makeTempWorkspace, writeWorkspaceFile } from "../test-helpers/workspace.js";
-describe("ensureAgentWorkspace", () => {
- it("creates directory and bootstrap files when missing", async () => {
- const dir = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-ws-"));
- const nested = path.join(dir, "nested");
- const result = await ensureAgentWorkspace({
- dir: nested,
- ensureBootstrapFiles: true,
- });
- expect(result.dir).toBe(path.resolve(nested));
- expect(result.agentsPath).toBe(path.join(path.resolve(nested), "AGENTS.md"));
- expect(result.agentsPath).toBeDefined();
- if (!result.agentsPath) throw new Error("agentsPath missing");
- const content = await fs.readFile(result.agentsPath, "utf-8");
- expect(content).toContain("# AGENTS.md");
+describe("loadWorkspaceBootstrapFiles", () => {
+ it("includes MEMORY.md when present", async () => {
+ const tempDir = await makeTempWorkspace("clawdbot-workspace-");
+ await writeWorkspaceFile({ dir: tempDir, name: "MEMORY.md", content: "memory" });
- const identity = path.join(path.resolve(nested), "IDENTITY.md");
- const user = path.join(path.resolve(nested), "USER.md");
- const heartbeat = path.join(path.resolve(nested), "HEARTBEAT.md");
- const bootstrap = path.join(path.resolve(nested), "BOOTSTRAP.md");
- await expect(fs.stat(identity)).resolves.toBeDefined();
- await expect(fs.stat(user)).resolves.toBeDefined();
- await expect(fs.stat(heartbeat)).resolves.toBeDefined();
- await expect(fs.stat(bootstrap)).resolves.toBeDefined();
+ const files = await loadWorkspaceBootstrapFiles(tempDir);
+ const memoryEntries = files.filter((file) =>
+ [DEFAULT_MEMORY_FILENAME, DEFAULT_MEMORY_ALT_FILENAME].includes(file.name),
+ );
+
+ expect(memoryEntries).toHaveLength(1);
+ expect(memoryEntries[0]?.missing).toBe(false);
+ expect(memoryEntries[0]?.content).toBe("memory");
});
- it("initializes a git repo for brand-new workspaces when git is available", async () => {
- const dir = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-ws-"));
- const nested = path.join(dir, "nested");
- const gitAvailable = await runCommandWithTimeout(["git", "--version"], { timeoutMs: 2_000 })
- .then((res) => res.code === 0)
- .catch(() => false);
- if (!gitAvailable) return;
+ it("includes memory.md when MEMORY.md is absent", async () => {
+ const tempDir = await makeTempWorkspace("clawdbot-workspace-");
+ await writeWorkspaceFile({ dir: tempDir, name: "memory.md", content: "alt" });
- await ensureAgentWorkspace({
- dir: nested,
- ensureBootstrapFiles: true,
- });
+ const files = await loadWorkspaceBootstrapFiles(tempDir);
+ const memoryEntries = files.filter((file) =>
+ [DEFAULT_MEMORY_FILENAME, DEFAULT_MEMORY_ALT_FILENAME].includes(file.name),
+ );
- await expect(fs.stat(path.join(nested, ".git"))).resolves.toBeDefined();
+ expect(memoryEntries).toHaveLength(1);
+ expect(memoryEntries[0]?.missing).toBe(false);
+ expect(memoryEntries[0]?.content).toBe("alt");
});
- it("does not initialize git when workspace already exists", async () => {
- const dir = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-ws-"));
- await fs.writeFile(path.join(dir, "AGENTS.md"), "custom", "utf-8");
+ it("omits memory entries when no memory files exist", async () => {
+ const tempDir = await makeTempWorkspace("clawdbot-workspace-");
- await ensureAgentWorkspace({
- dir,
- ensureBootstrapFiles: true,
- });
+ const files = await loadWorkspaceBootstrapFiles(tempDir);
+ const memoryEntries = files.filter((file) =>
+ [DEFAULT_MEMORY_FILENAME, DEFAULT_MEMORY_ALT_FILENAME].includes(file.name),
+ );
- await expect(fs.stat(path.join(dir, ".git"))).rejects.toBeDefined();
- });
-
- it("does not overwrite existing AGENTS.md", async () => {
- const dir = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-ws-"));
- const agentsPath = path.join(dir, "AGENTS.md");
- await fs.writeFile(agentsPath, "custom", "utf-8");
- await ensureAgentWorkspace({ dir, ensureBootstrapFiles: true });
- expect(await fs.readFile(agentsPath, "utf-8")).toBe("custom");
- });
-
- it("does not recreate BOOTSTRAP.md once workspace exists", async () => {
- const dir = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-ws-"));
- const agentsPath = path.join(dir, "AGENTS.md");
- const bootstrapPath = path.join(dir, "BOOTSTRAP.md");
-
- await fs.writeFile(agentsPath, "custom", "utf-8");
- await fs.rm(bootstrapPath, { force: true });
-
- await ensureAgentWorkspace({ dir, ensureBootstrapFiles: true });
-
- await expect(fs.stat(bootstrapPath)).rejects.toBeDefined();
- });
-});
-
-describe("filterBootstrapFilesForSession", () => {
- const files: WorkspaceBootstrapFile[] = [
- {
- name: DEFAULT_AGENTS_FILENAME,
- path: "/tmp/AGENTS.md",
- content: "agents",
- missing: false,
- },
- {
- name: DEFAULT_SOUL_FILENAME,
- path: "/tmp/SOUL.md",
- content: "soul",
- missing: false,
- },
- {
- name: DEFAULT_TOOLS_FILENAME,
- path: "/tmp/TOOLS.md",
- content: "tools",
- missing: false,
- },
- {
- name: DEFAULT_IDENTITY_FILENAME,
- path: "/tmp/IDENTITY.md",
- content: "identity",
- missing: false,
- },
- {
- name: DEFAULT_USER_FILENAME,
- path: "/tmp/USER.md",
- content: "user",
- missing: false,
- },
- {
- name: DEFAULT_HEARTBEAT_FILENAME,
- path: "/tmp/HEARTBEAT.md",
- content: "heartbeat",
- missing: false,
- },
- {
- name: DEFAULT_BOOTSTRAP_FILENAME,
- path: "/tmp/BOOTSTRAP.md",
- content: "bootstrap",
- missing: false,
- },
- ];
-
- it("keeps full bootstrap set for non-subagent sessions", () => {
- const result = filterBootstrapFilesForSession(files, "agent:main:session:abc");
- expect(result.map((file) => file.name)).toEqual(files.map((file) => file.name));
- });
-
- it("limits bootstrap files for subagent sessions", () => {
- const result = filterBootstrapFilesForSession(files, "agent:main:subagent:abc");
- expect(result.map((file) => file.name)).toEqual([
- DEFAULT_AGENTS_FILENAME,
- DEFAULT_TOOLS_FILENAME,
- ]);
+ expect(memoryEntries).toHaveLength(0);
});
});
diff --git a/src/agents/workspace.ts b/src/agents/workspace.ts
index 6732069a9..0cef8e5f0 100644
--- a/src/agents/workspace.ts
+++ b/src/agents/workspace.ts
@@ -26,6 +26,8 @@ export const DEFAULT_IDENTITY_FILENAME = "IDENTITY.md";
export const DEFAULT_USER_FILENAME = "USER.md";
export const DEFAULT_HEARTBEAT_FILENAME = "HEARTBEAT.md";
export const DEFAULT_BOOTSTRAP_FILENAME = "BOOTSTRAP.md";
+export const DEFAULT_MEMORY_FILENAME = "MEMORY.md";
+export const DEFAULT_MEMORY_ALT_FILENAME = "memory.md";
const TEMPLATE_DIR = path.resolve(
path.dirname(fileURLToPath(import.meta.url)),
@@ -61,7 +63,9 @@ export type WorkspaceBootstrapFileName =
| typeof DEFAULT_IDENTITY_FILENAME
| typeof DEFAULT_USER_FILENAME
| typeof DEFAULT_HEARTBEAT_FILENAME
- | typeof DEFAULT_BOOTSTRAP_FILENAME;
+ | typeof DEFAULT_BOOTSTRAP_FILENAME
+ | typeof DEFAULT_MEMORY_FILENAME
+ | typeof DEFAULT_MEMORY_ALT_FILENAME;
export type WorkspaceBootstrapFile = {
name: WorkspaceBootstrapFileName;
@@ -184,6 +188,39 @@ export async function ensureAgentWorkspace(params?: {
};
}
+async function resolveMemoryBootstrapEntries(
+ resolvedDir: string,
+): Promise> {
+ const candidates: WorkspaceBootstrapFileName[] = [
+ DEFAULT_MEMORY_FILENAME,
+ DEFAULT_MEMORY_ALT_FILENAME,
+ ];
+ const entries: Array<{ name: WorkspaceBootstrapFileName; filePath: string }> = [];
+ for (const name of candidates) {
+ const filePath = path.join(resolvedDir, name);
+ try {
+ await fs.access(filePath);
+ entries.push({ name, filePath });
+ } catch {
+ // optional
+ }
+ }
+ if (entries.length <= 1) return entries;
+
+ const seen = new Set();
+ const deduped: Array<{ name: WorkspaceBootstrapFileName; filePath: string }> = [];
+ for (const entry of entries) {
+ let key = entry.filePath;
+ try {
+ key = await fs.realpath(entry.filePath);
+ } catch {}
+ if (seen.has(key)) continue;
+ seen.add(key);
+ deduped.push(entry);
+ }
+ return deduped;
+}
+
export async function loadWorkspaceBootstrapFiles(dir: string): Promise {
const resolvedDir = resolveUserPath(dir);
@@ -221,6 +258,8 @@ export async function loadWorkspaceBootstrapFiles(dir: string): Promise {
const menu = resolveCommandArgMenu({ command, args: undefined, cfg: {} as never });
expect(menu?.arg.name).toBe("mode");
- expect(menu?.choices).toEqual(["off", "tokens", "full", "cost"]);
+ expect(menu?.choices).toEqual([
+ { label: "off", value: "off" },
+ { label: "tokens", value: "tokens" },
+ { label: "full", value: "full" },
+ { label: "cost", value: "cost" },
+ ]);
});
it("does not show menus when arg already provided", () => {
@@ -284,7 +289,10 @@ describe("commands registry args", () => {
const menu = resolveCommandArgMenu({ command, args: undefined, cfg: {} as never });
expect(menu?.arg.name).toBe("level");
- expect(menu?.choices).toEqual(["low", "high"]);
+ expect(menu?.choices).toEqual([
+ { label: "low", value: "low" },
+ { label: "high", value: "high" },
+ ]);
expect(seen?.commandKey).toBe("think");
expect(seen?.argName).toBe("level");
expect(seen?.provider).toBeTruthy();
diff --git a/src/auto-reply/commands-registry.ts b/src/auto-reply/commands-registry.ts
index 5bca565f0..f772ac7fc 100644
--- a/src/auto-reply/commands-registry.ts
+++ b/src/auto-reply/commands-registry.ts
@@ -255,33 +255,41 @@ function resolveDefaultCommandContext(cfg?: ClawdbotConfig): {
};
}
+export type ResolvedCommandArgChoice = { value: string; label: string };
+
export function resolveCommandArgChoices(params: {
command: ChatCommandDefinition;
arg: CommandArgDefinition;
cfg?: ClawdbotConfig;
provider?: string;
model?: string;
-}): string[] {
+}): ResolvedCommandArgChoice[] {
const { command, arg, cfg } = params;
if (!arg.choices) return [];
const provided = arg.choices;
- if (Array.isArray(provided)) return provided;
- const defaults = resolveDefaultCommandContext(cfg);
- const context: CommandArgChoiceContext = {
- cfg,
- provider: params.provider ?? defaults.provider,
- model: params.model ?? defaults.model,
- command,
- arg,
- };
- return provided(context);
+ const raw = Array.isArray(provided)
+ ? provided
+ : (() => {
+ const defaults = resolveDefaultCommandContext(cfg);
+ const context: CommandArgChoiceContext = {
+ cfg,
+ provider: params.provider ?? defaults.provider,
+ model: params.model ?? defaults.model,
+ command,
+ arg,
+ };
+ return provided(context);
+ })();
+ return raw.map((choice) =>
+ typeof choice === "string" ? { value: choice, label: choice } : choice,
+ );
}
export function resolveCommandArgMenu(params: {
command: ChatCommandDefinition;
args?: CommandArgs;
cfg?: ClawdbotConfig;
-}): { arg: CommandArgDefinition; choices: string[]; title?: string } | null {
+}): { arg: CommandArgDefinition; choices: ResolvedCommandArgChoice[]; title?: string } | null {
const { command, args, cfg } = params;
if (!command.args || !command.argsMenu) return null;
if (command.argsParsing === "none") return null;
diff --git a/src/auto-reply/commands-registry.types.ts b/src/auto-reply/commands-registry.types.ts
index c19c9d9a7..5e5bdd8cb 100644
--- a/src/auto-reply/commands-registry.types.ts
+++ b/src/auto-reply/commands-registry.types.ts
@@ -12,14 +12,16 @@ export type CommandArgChoiceContext = {
arg: CommandArgDefinition;
};
-export type CommandArgChoicesProvider = (context: CommandArgChoiceContext) => string[];
+export type CommandArgChoice = string | { value: string; label: string };
+
+export type CommandArgChoicesProvider = (context: CommandArgChoiceContext) => CommandArgChoice[];
export type CommandArgDefinition = {
name: string;
description: string;
type: CommandArgType;
required?: boolean;
- choices?: string[] | CommandArgChoicesProvider;
+ choices?: CommandArgChoice[] | CommandArgChoicesProvider;
captureRemaining?: boolean;
};
diff --git a/src/auto-reply/reply/agent-runner-execution.ts b/src/auto-reply/reply/agent-runner-execution.ts
index 939fa92f0..3537972e4 100644
--- a/src/auto-reply/reply/agent-runner-execution.ts
+++ b/src/auto-reply/reply/agent-runner-execution.ts
@@ -89,6 +89,7 @@ export async function runAgentTurnWithFallback(params: {
registerAgentRunContext(runId, {
sessionKey: params.sessionKey,
verboseLevel: params.resolvedVerboseLevel,
+ isHeartbeat: params.isHeartbeat,
});
}
let runResult: Awaited>;
diff --git a/src/auto-reply/reply/commands-tts.ts b/src/auto-reply/reply/commands-tts.ts
index 5c65fb94c..04b60a4e9 100644
--- a/src/auto-reply/reply/commands-tts.ts
+++ b/src/auto-reply/reply/commands-tts.ts
@@ -6,20 +6,18 @@ import {
getTtsMaxLength,
getTtsProvider,
isSummarizationEnabled,
+ isTtsEnabled,
isTtsProviderConfigured,
- normalizeTtsAutoMode,
- resolveTtsAutoMode,
resolveTtsApiKey,
resolveTtsConfig,
resolveTtsPrefsPath,
- resolveTtsProviderOrder,
setLastTtsAttempt,
setSummarizationEnabled,
+ setTtsEnabled,
setTtsMaxLength,
setTtsProvider,
textToSpeech,
} from "../../tts/tts.js";
-import { updateSessionStore } from "../../config/sessions.js";
type ParsedTtsCommand = {
action: string;
@@ -40,14 +38,27 @@ function ttsUsage(): ReplyPayload {
// Keep usage in one place so help/validation stays consistent.
return {
text:
- "⚙️ Usage: /tts [value]" +
- "\nExamples:\n" +
- "/tts always\n" +
- "/tts provider openai\n" +
- "/tts provider edge\n" +
- "/tts limit 2000\n" +
- "/tts summary off\n" +
- "/tts audio Hello from Clawdbot",
+ `🔊 **TTS (Text-to-Speech) Help**\n\n` +
+ `**Commands:**\n` +
+ `• /tts on — Enable automatic TTS for replies\n` +
+ `• /tts off — Disable TTS\n` +
+ `• /tts status — Show current settings\n` +
+ `• /tts provider [name] — View/change provider\n` +
+ `• /tts limit [number] — View/change text limit\n` +
+ `• /tts summary [on|off] — View/change auto-summary\n` +
+ `• /tts audio — Generate audio from text\n\n` +
+ `**Providers:**\n` +
+ `• edge — Free, fast (default)\n` +
+ `• openai — High quality (requires API key)\n` +
+ `• elevenlabs — Premium voices (requires API key)\n\n` +
+ `**Text Limit (default: 1500, max: 4096):**\n` +
+ `When text exceeds the limit:\n` +
+ `• Summary ON: AI summarizes, then generates audio\n` +
+ `• Summary OFF: Truncates text, then generates audio\n\n` +
+ `**Examples:**\n` +
+ `/tts provider edge\n` +
+ `/tts limit 2000\n` +
+ `/tts audio Hello, this is a test!`,
};
}
@@ -72,35 +83,27 @@ export const handleTtsCommands: CommandHandler = async (params, allowTextCommand
return { shouldContinue: false, reply: ttsUsage() };
}
- const requestedAuto = normalizeTtsAutoMode(
- action === "on" ? "always" : action === "off" ? "off" : action,
- );
- if (requestedAuto) {
- const entry = params.sessionEntry;
- const sessionKey = params.sessionKey;
- const store = params.sessionStore;
- if (entry && store && sessionKey) {
- entry.ttsAuto = requestedAuto;
- entry.updatedAt = Date.now();
- store[sessionKey] = entry;
- if (params.storePath) {
- await updateSessionStore(params.storePath, (store) => {
- store[sessionKey] = entry;
- });
- }
- }
- const label = requestedAuto === "always" ? "enabled (always)" : requestedAuto;
- return {
- shouldContinue: false,
- reply: {
- text: requestedAuto === "off" ? "🔇 TTS disabled." : `🔊 TTS ${label}.`,
- },
- };
+ if (action === "on") {
+ setTtsEnabled(prefsPath, true);
+ return { shouldContinue: false, reply: { text: "🔊 TTS enabled." } };
+ }
+
+ if (action === "off") {
+ setTtsEnabled(prefsPath, false);
+ return { shouldContinue: false, reply: { text: "🔇 TTS disabled." } };
}
if (action === "audio") {
if (!args.trim()) {
- return { shouldContinue: false, reply: ttsUsage() };
+ return {
+ shouldContinue: false,
+ reply: {
+ text:
+ `🎤 Generate audio from text.\n\n` +
+ `Usage: /tts audio \n` +
+ `Example: /tts audio Hello, this is a test!`,
+ },
+ };
}
const start = Date.now();
@@ -146,9 +149,6 @@ export const handleTtsCommands: CommandHandler = async (params, allowTextCommand
if (action === "provider") {
const currentProvider = getTtsProvider(config, prefsPath);
if (!args.trim()) {
- const fallback = resolveTtsProviderOrder(currentProvider)
- .slice(1)
- .filter((provider) => isTtsProviderConfigured(config, provider));
const hasOpenAI = Boolean(resolveTtsApiKey(config, "openai"));
const hasElevenLabs = Boolean(resolveTtsApiKey(config, "elevenlabs"));
const hasEdge = isTtsProviderConfigured(config, "edge");
@@ -158,7 +158,6 @@ export const handleTtsCommands: CommandHandler = async (params, allowTextCommand
text:
`🎙️ TTS provider\n` +
`Primary: ${currentProvider}\n` +
- `Fallbacks: ${fallback.join(", ") || "none"}\n` +
`OpenAI key: ${hasOpenAI ? "✅" : "❌"}\n` +
`ElevenLabs key: ${hasElevenLabs ? "✅" : "❌"}\n` +
`Edge enabled: ${hasEdge ? "✅" : "❌"}\n` +
@@ -173,18 +172,9 @@ export const handleTtsCommands: CommandHandler = async (params, allowTextCommand
}
setTtsProvider(prefsPath, requested);
- const fallback = resolveTtsProviderOrder(requested)
- .slice(1)
- .filter((provider) => isTtsProviderConfigured(config, provider));
return {
shouldContinue: false,
- reply: {
- text:
- `✅ TTS provider set to ${requested} (fallbacks: ${fallback.join(", ") || "none"}).` +
- (requested === "edge"
- ? "\nEnable Edge TTS in config: messages.tts.edge.enabled = true."
- : ""),
- },
+ reply: { text: `✅ TTS provider set to ${requested}.` },
};
}
@@ -193,12 +183,22 @@ export const handleTtsCommands: CommandHandler = async (params, allowTextCommand
const currentLimit = getTtsMaxLength(prefsPath);
return {
shouldContinue: false,
- reply: { text: `📏 TTS limit: ${currentLimit} characters.` },
+ reply: {
+ text:
+ `📏 TTS limit: ${currentLimit} characters.\n\n` +
+ `Text longer than this triggers summary (if enabled).\n` +
+ `Range: 100-4096 chars (Telegram max).\n\n` +
+ `To change: /tts limit \n` +
+ `Example: /tts limit 2000`,
+ },
};
}
const next = Number.parseInt(args.trim(), 10);
- if (!Number.isFinite(next) || next < 100 || next > 10_000) {
- return { shouldContinue: false, reply: ttsUsage() };
+ if (!Number.isFinite(next) || next < 100 || next > 4096) {
+ return {
+ shouldContinue: false,
+ reply: { text: "❌ Limit must be between 100 and 4096 characters." },
+ };
}
setTtsMaxLength(prefsPath, next);
return {
@@ -210,9 +210,17 @@ export const handleTtsCommands: CommandHandler = async (params, allowTextCommand
if (action === "summary") {
if (!args.trim()) {
const enabled = isSummarizationEnabled(prefsPath);
+ const maxLen = getTtsMaxLength(prefsPath);
return {
shouldContinue: false,
- reply: { text: `📝 TTS auto-summary: ${enabled ? "on" : "off"}.` },
+ reply: {
+ text:
+ `📝 TTS auto-summary: ${enabled ? "on" : "off"}.\n\n` +
+ `When text exceeds ${maxLen} chars:\n` +
+ `• ON: summarizes text, then generates audio\n` +
+ `• OFF: truncates text, then generates audio\n\n` +
+ `To change: /tts summary on | off`,
+ },
};
}
const requested = args.trim().toLowerCase();
@@ -229,27 +237,16 @@ export const handleTtsCommands: CommandHandler = async (params, allowTextCommand
}
if (action === "status") {
- const sessionAuto = params.sessionEntry?.ttsAuto;
- const autoMode = resolveTtsAutoMode({ config, prefsPath, sessionAuto });
- const enabled = autoMode !== "off";
+ const enabled = isTtsEnabled(config, prefsPath);
const provider = getTtsProvider(config, prefsPath);
const hasKey = isTtsProviderConfigured(config, provider);
- const providerStatus =
- provider === "edge"
- ? hasKey
- ? "✅ enabled"
- : "❌ disabled"
- : hasKey
- ? "✅ key"
- : "❌ no key";
const maxLength = getTtsMaxLength(prefsPath);
const summarize = isSummarizationEnabled(prefsPath);
const last = getLastTtsAttempt();
- const autoLabel = sessionAuto ? `${autoMode} (session)` : autoMode;
const lines = [
"📊 TTS status",
- `Auto: ${enabled ? autoLabel : "off"}`,
- `Provider: ${provider} (${providerStatus})`,
+ `State: ${enabled ? "✅ enabled" : "❌ disabled"}`,
+ `Provider: ${provider} (${hasKey ? "✅ configured" : "❌ not configured"})`,
`Text limit: ${maxLength} chars`,
`Auto-summary: ${summarize ? "on" : "off"}`,
];
diff --git a/src/auto-reply/reply/commands.test.ts b/src/auto-reply/reply/commands.test.ts
index 7078c15dc..fd8236c95 100644
--- a/src/auto-reply/reply/commands.test.ts
+++ b/src/auto-reply/reply/commands.test.ts
@@ -420,3 +420,17 @@ describe("handleCommands subagents", () => {
expect(result.reply?.text).toContain("Status: done");
});
});
+
+describe("handleCommands /tts", () => {
+ it("returns status for bare /tts on text command surfaces", async () => {
+ const cfg = {
+ commands: { text: true },
+ channels: { whatsapp: { allowFrom: ["*"] } },
+ messages: { tts: { prefsPath: path.join(testWorkspaceDir, "tts.json") } },
+ } as ClawdbotConfig;
+ const params = buildParams("/tts", cfg);
+ const result = await handleCommands(params);
+ expect(result.shouldContinue).toBe(false);
+ expect(result.reply?.text).toContain("TTS status");
+ });
+});
diff --git a/src/auto-reply/reply/dispatch-from-config.ts b/src/auto-reply/reply/dispatch-from-config.ts
index f946c05f9..1dcd770bc 100644
--- a/src/auto-reply/reply/dispatch-from-config.ts
+++ b/src/auto-reply/reply/dispatch-from-config.ts
@@ -16,7 +16,7 @@ import { formatAbortReplyText, tryFastAbortFromMessage } from "./abort.js";
import { shouldSkipDuplicateInbound } from "./inbound-dedupe.js";
import type { ReplyDispatcher, ReplyDispatchKind } from "./reply-dispatcher.js";
import { isRoutableChannel, routeReply } from "./route-reply.js";
-import { maybeApplyTtsToPayload, normalizeTtsAutoMode } from "../../tts/tts.js";
+import { maybeApplyTtsToPayload, normalizeTtsAutoMode, resolveTtsConfig } from "../../tts/tts.js";
const AUDIO_PLACEHOLDER_RE = /^(\s*\([^)]*\))?$/i;
const AUDIO_HEADER_RE = /^\[Audio\b/i;
@@ -266,12 +266,26 @@ export async function dispatchReplyFromConfig(params: {
return { queuedFinal, counts };
}
+ // Track accumulated block text for TTS generation after streaming completes.
+ // When block streaming succeeds, there's no final reply, so we need to generate
+ // TTS audio separately from the accumulated block content.
+ let accumulatedBlockText = "";
+ let blockCount = 0;
+
const replyResult = await (params.replyResolver ?? getReplyFromConfig)(
ctx,
{
...params.replyOptions,
onBlockReply: (payload: ReplyPayload, context) => {
const run = async () => {
+ // Accumulate block text for TTS generation after streaming
+ if (payload.text) {
+ if (accumulatedBlockText.length > 0) {
+ accumulatedBlockText += "\n";
+ }
+ accumulatedBlockText += payload.text;
+ blockCount++;
+ }
const ttsPayload = await maybeApplyTtsToPayload({
payload,
cfg,
@@ -327,6 +341,62 @@ export async function dispatchReplyFromConfig(params: {
queuedFinal = dispatcher.sendFinalReply(ttsReply) || queuedFinal;
}
}
+
+ const ttsMode = resolveTtsConfig(cfg).mode ?? "final";
+ // Generate TTS-only reply after block streaming completes (when there's no final reply).
+ // This handles the case where block streaming succeeds and drops final payloads,
+ // but we still want TTS audio to be generated from the accumulated block content.
+ if (
+ ttsMode === "final" &&
+ replies.length === 0 &&
+ blockCount > 0 &&
+ accumulatedBlockText.trim()
+ ) {
+ try {
+ const ttsSyntheticReply = await maybeApplyTtsToPayload({
+ payload: { text: accumulatedBlockText },
+ cfg,
+ channel: ttsChannel,
+ kind: "final",
+ inboundAudio,
+ ttsAuto: sessionTtsAuto,
+ });
+ // Only send if TTS was actually applied (mediaUrl exists)
+ if (ttsSyntheticReply.mediaUrl) {
+ // Send TTS-only payload (no text, just audio) so it doesn't duplicate the block content
+ const ttsOnlyPayload: ReplyPayload = {
+ mediaUrl: ttsSyntheticReply.mediaUrl,
+ audioAsVoice: ttsSyntheticReply.audioAsVoice,
+ };
+ if (shouldRouteToOriginating && originatingChannel && originatingTo) {
+ const result = await routeReply({
+ payload: ttsOnlyPayload,
+ channel: originatingChannel,
+ to: originatingTo,
+ sessionKey: ctx.SessionKey,
+ accountId: ctx.AccountId,
+ threadId: ctx.MessageThreadId,
+ cfg,
+ });
+ queuedFinal = result.ok || queuedFinal;
+ if (result.ok) routedFinalCount += 1;
+ if (!result.ok) {
+ logVerbose(
+ `dispatch-from-config: route-reply (tts-only) failed: ${result.error ?? "unknown error"}`,
+ );
+ }
+ } else {
+ const didQueue = dispatcher.sendFinalReply(ttsOnlyPayload);
+ queuedFinal = didQueue || queuedFinal;
+ }
+ }
+ } catch (err) {
+ logVerbose(
+ `dispatch-from-config: accumulated block TTS failed: ${err instanceof Error ? err.message : String(err)}`,
+ );
+ }
+ }
+
await dispatcher.waitForIdle();
const counts = dispatcher.getQueuedCounts();
diff --git a/src/auto-reply/reply/history.ts b/src/auto-reply/reply/history.ts
index bc59b4f2e..45ad44d5a 100644
--- a/src/auto-reply/reply/history.ts
+++ b/src/auto-reply/reply/history.ts
@@ -3,6 +3,26 @@ import { CURRENT_MESSAGE_MARKER } from "./mentions.js";
export const HISTORY_CONTEXT_MARKER = "[Chat messages since your last reply - for context]";
export const DEFAULT_GROUP_HISTORY_LIMIT = 50;
+/** Maximum number of group history keys to retain (LRU eviction when exceeded). */
+export const MAX_HISTORY_KEYS = 1000;
+
+/**
+ * Evict oldest keys from a history map when it exceeds MAX_HISTORY_KEYS.
+ * Uses Map's insertion order for LRU-like behavior.
+ */
+export function evictOldHistoryKeys(
+ historyMap: Map,
+ maxKeys: number = MAX_HISTORY_KEYS,
+): void {
+ if (historyMap.size <= maxKeys) return;
+ const keysToDelete = historyMap.size - maxKeys;
+ const iterator = historyMap.keys();
+ for (let i = 0; i < keysToDelete; i++) {
+ const key = iterator.next().value;
+ if (key !== undefined) historyMap.delete(key);
+ }
+}
+
export type HistoryEntry = {
sender: string;
body: string;
@@ -34,7 +54,13 @@ export function appendHistoryEntry(params: {
const history = historyMap.get(historyKey) ?? [];
history.push(entry);
while (history.length > params.limit) history.shift();
+ if (historyMap.has(historyKey)) {
+ // Refresh insertion order so eviction keeps recently used histories.
+ historyMap.delete(historyKey);
+ }
historyMap.set(historyKey, history);
+ // Evict oldest keys if map exceeds max size to prevent unbounded memory growth
+ evictOldHistoryKeys(historyMap);
return history;
}
diff --git a/src/auto-reply/reply/session-updates.ts b/src/auto-reply/reply/session-updates.ts
index 970a714d0..0fea27708 100644
--- a/src/auto-reply/reply/session-updates.ts
+++ b/src/auto-reply/reply/session-updates.ts
@@ -21,7 +21,11 @@ export async function prependSystemEvents(params: {
if (!trimmed) return null;
const lower = trimmed.toLowerCase();
if (lower.includes("reason periodic")) return null;
- if (lower.includes("heartbeat")) return null;
+ // Filter out the actual heartbeat prompt, but not cron jobs that mention "heartbeat"
+ // The heartbeat prompt starts with "Read HEARTBEAT.md" - cron payloads won't match this
+ if (lower.startsWith("read heartbeat.md")) return null;
+ // Also filter heartbeat poll/wake noise
+ if (lower.includes("heartbeat poll") || lower.includes("heartbeat wake")) return null;
if (trimmed.startsWith("Node:")) {
return trimmed.replace(/ · last input [^·]+/i, "").trim();
}
diff --git a/src/channels/plugins/actions/discord.test.ts b/src/channels/plugins/actions/discord.test.ts
index 67047410e..9cc184e6c 100644
--- a/src/channels/plugins/actions/discord.test.ts
+++ b/src/channels/plugins/actions/discord.test.ts
@@ -127,4 +127,30 @@ describe("handleDiscordMessageAction", () => {
}),
);
});
+
+ it("accepts threadId for thread replies (tool compatibility)", async () => {
+ sendMessageDiscord.mockClear();
+ const handleDiscordMessageAction = await loadHandleDiscordMessageAction();
+
+ await handleDiscordMessageAction({
+ action: "thread-reply",
+ params: {
+ // The `message` tool uses `threadId`.
+ threadId: "999",
+ // Include a conflicting channelId to ensure threadId takes precedence.
+ channelId: "123",
+ message: "hi",
+ },
+ cfg: {} as ClawdbotConfig,
+ accountId: "ops",
+ });
+
+ expect(sendMessageDiscord).toHaveBeenCalledWith(
+ "channel:999",
+ "hi",
+ expect.objectContaining({
+ accountId: "ops",
+ }),
+ );
+ });
});
diff --git a/src/channels/plugins/actions/discord/handle-action.guild-admin.ts b/src/channels/plugins/actions/discord/handle-action.guild-admin.ts
index d65d044e2..5a3b13f61 100644
--- a/src/channels/plugins/actions/discord/handle-action.guild-admin.ts
+++ b/src/channels/plugins/actions/discord/handle-action.guild-admin.ts
@@ -393,11 +393,17 @@ export async function tryHandleDiscordMessageActionGuildAdmin(params: {
});
const mediaUrl = readStringParam(actionParams, "media", { trim: false });
const replyTo = readStringParam(actionParams, "replyTo");
+
+ // `message.thread-reply` (tool) uses `threadId`, while the CLI historically used `to`/`channelId`.
+ // Prefer `threadId` when present to avoid accidentally replying in the parent channel.
+ const threadId = readStringParam(actionParams, "threadId");
+ const channelId = threadId ?? resolveChannelId();
+
return await handleDiscordAction(
{
action: "threadReply",
accountId: accountId ?? undefined,
- channelId: resolveChannelId(),
+ channelId,
content,
mediaUrl: mediaUrl ?? undefined,
replyTo: replyTo ?? undefined,
diff --git a/src/channels/plugins/actions/telegram.test.ts b/src/channels/plugins/actions/telegram.test.ts
index aac316858..b2673134d 100644
--- a/src/channels/plugins/actions/telegram.test.ts
+++ b/src/channels/plugins/actions/telegram.test.ts
@@ -36,4 +36,79 @@ describe("telegramMessageActions", () => {
cfg,
);
});
+
+ it("passes silent flag for silent sends", async () => {
+ handleTelegramAction.mockClear();
+ const cfg = { channels: { telegram: { botToken: "tok" } } } as ClawdbotConfig;
+
+ await telegramMessageActions.handleAction({
+ action: "send",
+ params: {
+ to: "456",
+ message: "Silent notification test",
+ silent: true,
+ },
+ cfg,
+ accountId: undefined,
+ });
+
+ expect(handleTelegramAction).toHaveBeenCalledWith(
+ expect.objectContaining({
+ action: "sendMessage",
+ to: "456",
+ content: "Silent notification test",
+ silent: true,
+ }),
+ cfg,
+ );
+ });
+
+ it("maps edit action params into editMessage", async () => {
+ handleTelegramAction.mockClear();
+ const cfg = { channels: { telegram: { botToken: "tok" } } } as ClawdbotConfig;
+
+ await telegramMessageActions.handleAction({
+ action: "edit",
+ params: {
+ chatId: "123",
+ messageId: 42,
+ message: "Updated",
+ buttons: [],
+ },
+ cfg,
+ accountId: undefined,
+ });
+
+ expect(handleTelegramAction).toHaveBeenCalledWith(
+ {
+ action: "editMessage",
+ chatId: "123",
+ messageId: 42,
+ content: "Updated",
+ buttons: [],
+ accountId: undefined,
+ },
+ cfg,
+ );
+ });
+
+ it("rejects non-integer messageId for edit before reaching telegram-actions", async () => {
+ handleTelegramAction.mockClear();
+ const cfg = { channels: { telegram: { botToken: "tok" } } } as ClawdbotConfig;
+
+ await expect(
+ telegramMessageActions.handleAction({
+ action: "edit",
+ params: {
+ chatId: "123",
+ messageId: "nope",
+ message: "Updated",
+ },
+ cfg,
+ accountId: undefined,
+ }),
+ ).rejects.toThrow();
+
+ expect(handleTelegramAction).not.toHaveBeenCalled();
+ });
});
diff --git a/src/channels/plugins/actions/telegram.ts b/src/channels/plugins/actions/telegram.ts
index fe4e41307..364707e0a 100644
--- a/src/channels/plugins/actions/telegram.ts
+++ b/src/channels/plugins/actions/telegram.ts
@@ -1,5 +1,6 @@
import {
createActionGate,
+ readNumberParam,
readStringOrNumberParam,
readStringParam,
} from "../../../agents/tools/common.js";
@@ -20,6 +21,7 @@ function readTelegramSendParams(params: Record) {
const threadId = readStringParam(params, "threadId");
const buttons = params.buttons;
const asVoice = typeof params.asVoice === "boolean" ? params.asVoice : undefined;
+ const silent = typeof params.silent === "boolean" ? params.silent : undefined;
return {
to,
content,
@@ -28,6 +30,7 @@ function readTelegramSendParams(params: Record) {
messageThreadId: threadId ?? undefined,
buttons,
asVoice,
+ silent,
};
}
@@ -41,6 +44,7 @@ export const telegramMessageActions: ChannelMessageActionAdapter = {
const actions = new Set(["send"]);
if (gate("reactions")) actions.add("react");
if (gate("deleteMessage")) actions.add("delete");
+ if (gate("editMessage")) actions.add("edit");
return Array.from(actions);
},
supportsButtons: ({ cfg }) => {
@@ -98,14 +102,39 @@ export const telegramMessageActions: ChannelMessageActionAdapter = {
readStringOrNumberParam(params, "chatId") ??
readStringOrNumberParam(params, "channelId") ??
readStringParam(params, "to", { required: true });
- const messageId = readStringParam(params, "messageId", {
+ const messageId = readNumberParam(params, "messageId", {
required: true,
+ integer: true,
});
return await handleTelegramAction(
{
action: "deleteMessage",
chatId,
- messageId: Number(messageId),
+ messageId,
+ accountId: accountId ?? undefined,
+ },
+ cfg,
+ );
+ }
+
+ if (action === "edit") {
+ const chatId =
+ readStringOrNumberParam(params, "chatId") ??
+ readStringOrNumberParam(params, "channelId") ??
+ readStringParam(params, "to", { required: true });
+ const messageId = readNumberParam(params, "messageId", {
+ required: true,
+ integer: true,
+ });
+ const message = readStringParam(params, "message", { required: true, allowEmpty: false });
+ const buttons = params.buttons;
+ return await handleTelegramAction(
+ {
+ action: "editMessage",
+ chatId,
+ messageId,
+ content: message,
+ buttons,
accountId: accountId ?? undefined,
},
cfg,
diff --git a/src/channels/plugins/onboarding/telegram.ts b/src/channels/plugins/onboarding/telegram.ts
index 0356acd33..fdbc044c5 100644
--- a/src/channels/plugins/onboarding/telegram.ts
+++ b/src/channels/plugins/onboarding/telegram.ts
@@ -80,14 +80,20 @@ async function promptTelegramAllowFrom(params: {
if (!token) return null;
const username = stripped.startsWith("@") ? stripped : `@${stripped}`;
const url = `https://api.telegram.org/bot${token}/getChat?chat_id=${encodeURIComponent(username)}`;
- const res = await fetch(url);
- const data = (await res.json().catch(() => null)) as {
- ok?: boolean;
- result?: { id?: number | string };
- } | null;
- const id = data?.ok ? data?.result?.id : undefined;
- if (typeof id === "number" || typeof id === "string") return String(id);
- return null;
+ try {
+ const res = await fetch(url);
+ if (!res.ok) return null;
+ const data = (await res.json().catch(() => null)) as {
+ ok?: boolean;
+ result?: { id?: number | string };
+ } | null;
+ const id = data?.ok ? data?.result?.id : undefined;
+ if (typeof id === "number" || typeof id === "string") return String(id);
+ return null;
+ } catch {
+ // Network error during username lookup - return null to prompt user for numeric ID
+ return null;
+ }
};
const parseInput = (value: string) =>
diff --git a/src/channels/plugins/outbound/telegram.test.ts b/src/channels/plugins/outbound/telegram.test.ts
new file mode 100644
index 000000000..3bbab0cee
--- /dev/null
+++ b/src/channels/plugins/outbound/telegram.test.ts
@@ -0,0 +1,81 @@
+import { describe, expect, it, vi } from "vitest";
+
+import type { ClawdbotConfig } from "../../../config/config.js";
+import { telegramOutbound } from "./telegram.js";
+
+describe("telegramOutbound.sendPayload", () => {
+ it("sends text payload with buttons", async () => {
+ const sendTelegram = vi.fn(async () => ({ messageId: "m1", chatId: "c1" }));
+
+ const result = await telegramOutbound.sendPayload?.({
+ cfg: {} as ClawdbotConfig,
+ to: "telegram:123",
+ text: "ignored",
+ payload: {
+ text: "Hello",
+ channelData: {
+ telegram: {
+ buttons: [[{ text: "Option", callback_data: "/option" }]],
+ },
+ },
+ },
+ deps: { sendTelegram },
+ });
+
+ expect(sendTelegram).toHaveBeenCalledTimes(1);
+ expect(sendTelegram).toHaveBeenCalledWith(
+ "telegram:123",
+ "Hello",
+ expect.objectContaining({
+ buttons: [[{ text: "Option", callback_data: "/option" }]],
+ textMode: "html",
+ }),
+ );
+ expect(result).toEqual({ channel: "telegram", messageId: "m1", chatId: "c1" });
+ });
+
+ it("sends media payloads and attaches buttons only to first", async () => {
+ const sendTelegram = vi
+ .fn()
+ .mockResolvedValueOnce({ messageId: "m1", chatId: "c1" })
+ .mockResolvedValueOnce({ messageId: "m2", chatId: "c1" });
+
+ const result = await telegramOutbound.sendPayload?.({
+ cfg: {} as ClawdbotConfig,
+ to: "telegram:123",
+ text: "ignored",
+ payload: {
+ text: "Caption",
+ mediaUrls: ["https://example.com/a.png", "https://example.com/b.png"],
+ channelData: {
+ telegram: {
+ buttons: [[{ text: "Go", callback_data: "/go" }]],
+ },
+ },
+ },
+ deps: { sendTelegram },
+ });
+
+ expect(sendTelegram).toHaveBeenCalledTimes(2);
+ expect(sendTelegram).toHaveBeenNthCalledWith(
+ 1,
+ "telegram:123",
+ "Caption",
+ expect.objectContaining({
+ mediaUrl: "https://example.com/a.png",
+ buttons: [[{ text: "Go", callback_data: "/go" }]],
+ }),
+ );
+ const secondOpts = sendTelegram.mock.calls[1]?.[2] as { buttons?: unknown } | undefined;
+ expect(sendTelegram).toHaveBeenNthCalledWith(
+ 2,
+ "telegram:123",
+ "",
+ expect.objectContaining({
+ mediaUrl: "https://example.com/b.png",
+ }),
+ );
+ expect(secondOpts?.buttons).toBeUndefined();
+ expect(result).toEqual({ channel: "telegram", messageId: "m2", chatId: "c1" });
+ });
+});
diff --git a/src/channels/plugins/outbound/telegram.ts b/src/channels/plugins/outbound/telegram.ts
index 9b138705a..6db7afd28 100644
--- a/src/channels/plugins/outbound/telegram.ts
+++ b/src/channels/plugins/outbound/telegram.ts
@@ -18,6 +18,7 @@ function parseThreadId(threadId?: string | number | null) {
const parsed = Number.parseInt(trimmed, 10);
return Number.isFinite(parsed) ? parsed : undefined;
}
+
export const telegramOutbound: ChannelOutboundAdapter = {
deliveryMode: "direct",
chunker: markdownToTelegramHtmlChunks,
@@ -50,4 +51,46 @@ export const telegramOutbound: ChannelOutboundAdapter = {
});
return { channel: "telegram", ...result };
},
+ sendPayload: async ({ to, payload, accountId, deps, replyToId, threadId }) => {
+ const send = deps?.sendTelegram ?? sendMessageTelegram;
+ const replyToMessageId = parseReplyToMessageId(replyToId);
+ const messageThreadId = parseThreadId(threadId);
+ const telegramData = payload.channelData?.telegram as
+ | { buttons?: Array> }
+ | undefined;
+ const text = payload.text ?? "";
+ const mediaUrls = payload.mediaUrls?.length
+ ? payload.mediaUrls
+ : payload.mediaUrl
+ ? [payload.mediaUrl]
+ : [];
+ const baseOpts = {
+ verbose: false,
+ textMode: "html" as const,
+ messageThreadId,
+ replyToMessageId,
+ accountId: accountId ?? undefined,
+ };
+
+ if (mediaUrls.length === 0) {
+ const result = await send(to, text, {
+ ...baseOpts,
+ buttons: telegramData?.buttons,
+ });
+ return { channel: "telegram", ...result };
+ }
+
+ // Telegram allows reply_markup on media; attach buttons only to first send.
+ let finalResult: Awaited> | undefined;
+ for (let i = 0; i < mediaUrls.length; i += 1) {
+ const mediaUrl = mediaUrls[i];
+ const isFirst = i === 0;
+ finalResult = await send(to, isFirst ? text : "", {
+ ...baseOpts,
+ mediaUrl,
+ ...(isFirst ? { buttons: telegramData?.buttons } : {}),
+ });
+ }
+ return { channel: "telegram", ...(finalResult ?? { messageId: "unknown", chatId: to }) };
+ },
};
diff --git a/src/cli/argv.test.ts b/src/cli/argv.test.ts
index 244e72241..54b93fcc7 100644
--- a/src/cli/argv.test.ts
+++ b/src/cli/argv.test.ts
@@ -78,6 +78,48 @@ describe("argv helpers", () => {
});
expect(nodeArgv).toEqual(["node", "clawdbot", "status"]);
+ const versionedNodeArgv = buildParseArgv({
+ programName: "clawdbot",
+ rawArgs: ["node-22", "clawdbot", "status"],
+ });
+ expect(versionedNodeArgv).toEqual(["node-22", "clawdbot", "status"]);
+
+ const versionedNodeWindowsArgv = buildParseArgv({
+ programName: "clawdbot",
+ rawArgs: ["node-22.2.0.exe", "clawdbot", "status"],
+ });
+ expect(versionedNodeWindowsArgv).toEqual(["node-22.2.0.exe", "clawdbot", "status"]);
+
+ const versionedNodePatchlessArgv = buildParseArgv({
+ programName: "clawdbot",
+ rawArgs: ["node-22.2", "clawdbot", "status"],
+ });
+ expect(versionedNodePatchlessArgv).toEqual(["node-22.2", "clawdbot", "status"]);
+
+ const versionedNodeWindowsPatchlessArgv = buildParseArgv({
+ programName: "clawdbot",
+ rawArgs: ["node-22.2.exe", "clawdbot", "status"],
+ });
+ expect(versionedNodeWindowsPatchlessArgv).toEqual(["node-22.2.exe", "clawdbot", "status"]);
+
+ const versionedNodeWithPathArgv = buildParseArgv({
+ programName: "clawdbot",
+ rawArgs: ["/usr/bin/node-22.2.0", "clawdbot", "status"],
+ });
+ expect(versionedNodeWithPathArgv).toEqual(["/usr/bin/node-22.2.0", "clawdbot", "status"]);
+
+ const nodejsArgv = buildParseArgv({
+ programName: "clawdbot",
+ rawArgs: ["nodejs", "clawdbot", "status"],
+ });
+ expect(nodejsArgv).toEqual(["nodejs", "clawdbot", "status"]);
+
+ const nonVersionedNodeArgv = buildParseArgv({
+ programName: "clawdbot",
+ rawArgs: ["node-dev", "clawdbot", "status"],
+ });
+ expect(nonVersionedNodeArgv).toEqual(["node", "clawdbot", "node-dev", "clawdbot", "status"]);
+
const directArgv = buildParseArgv({
programName: "clawdbot",
rawArgs: ["clawdbot", "status"],
diff --git a/src/cli/argv.ts b/src/cli/argv.ts
index bc7b60ac9..4b403c92e 100644
--- a/src/cli/argv.ts
+++ b/src/cli/argv.ts
@@ -96,15 +96,27 @@ export function buildParseArgv(params: {
: baseArgv;
const executable = (normalizedArgv[0]?.split(/[/\\]/).pop() ?? "").toLowerCase();
const looksLikeNode =
- normalizedArgv.length >= 2 &&
- (executable === "node" ||
- executable === "node.exe" ||
- executable === "bun" ||
- executable === "bun.exe");
+ normalizedArgv.length >= 2 && (isNodeExecutable(executable) || isBunExecutable(executable));
if (looksLikeNode) return normalizedArgv;
return ["node", programName || "clawdbot", ...normalizedArgv];
}
+const nodeExecutablePattern = /^node-\d+(?:\.\d+)*(?:\.exe)?$/;
+
+function isNodeExecutable(executable: string): boolean {
+ return (
+ executable === "node" ||
+ executable === "node.exe" ||
+ executable === "nodejs" ||
+ executable === "nodejs.exe" ||
+ nodeExecutablePattern.test(executable)
+ );
+}
+
+function isBunExecutable(executable: string): boolean {
+ return executable === "bun" || executable === "bun.exe";
+}
+
export function shouldMigrateStateFromPath(path: string[]): boolean {
if (path.length === 0) return true;
const [primary, secondary] = path;
diff --git a/src/cli/gateway-cli.coverage.test.ts b/src/cli/gateway-cli.coverage.test.ts
index 96437d566..002743170 100644
--- a/src/cli/gateway-cli.coverage.test.ts
+++ b/src/cli/gateway-cli.coverage.test.ts
@@ -249,7 +249,7 @@ describe("gateway-cli coverage", () => {
programInvalidPort.exitOverride();
registerGatewayCli(programInvalidPort);
await expect(
- programInvalidPort.parseAsync(["gateway", "--port", "0"], {
+ programInvalidPort.parseAsync(["gateway", "--port", "0", "--token", "test-token"], {
from: "user",
}),
).rejects.toThrow("__exit__:1");
@@ -263,7 +263,7 @@ describe("gateway-cli coverage", () => {
registerGatewayCli(programForceFail);
await expect(
programForceFail.parseAsync(
- ["gateway", "--port", "18789", "--force", "--allow-unconfigured"],
+ ["gateway", "--port", "18789", "--token", "test-token", "--force", "--allow-unconfigured"],
{ from: "user" },
),
).rejects.toThrow("__exit__:1");
@@ -276,9 +276,12 @@ describe("gateway-cli coverage", () => {
const beforeSigterm = new Set(process.listeners("SIGTERM"));
const beforeSigint = new Set(process.listeners("SIGINT"));
await expect(
- programStartFail.parseAsync(["gateway", "--port", "18789", "--allow-unconfigured"], {
- from: "user",
- }),
+ programStartFail.parseAsync(
+ ["gateway", "--port", "18789", "--token", "test-token", "--allow-unconfigured"],
+ {
+ from: "user",
+ },
+ ),
).rejects.toThrow("__exit__:1");
for (const listener of process.listeners("SIGTERM")) {
if (!beforeSigterm.has(listener)) process.removeListener("SIGTERM", listener);
@@ -304,7 +307,7 @@ describe("gateway-cli coverage", () => {
registerGatewayCli(program);
await expect(
- program.parseAsync(["gateway", "--allow-unconfigured"], {
+ program.parseAsync(["gateway", "--token", "test-token", "--allow-unconfigured"], {
from: "user",
}),
).rejects.toThrow("__exit__:1");
@@ -327,7 +330,7 @@ describe("gateway-cli coverage", () => {
startGatewayServer.mockRejectedValueOnce(new Error("nope"));
await expect(
- program.parseAsync(["gateway", "--allow-unconfigured"], {
+ program.parseAsync(["gateway", "--token", "test-token", "--allow-unconfigured"], {
from: "user",
}),
).rejects.toThrow("__exit__:1");
diff --git a/src/cli/gateway-cli/run.ts b/src/cli/gateway-cli/run.ts
index 1c2e8273c..0de667c3c 100644
--- a/src/cli/gateway-cli/run.ts
+++ b/src/cli/gateway-cli/run.ts
@@ -203,6 +203,10 @@ async function runGatewayCommand(opts: GatewayRunOpts) {
const resolvedAuthMode = resolvedAuth.mode;
const tokenValue = resolvedAuth.token;
const passwordValue = resolvedAuth.password;
+ const hasToken = typeof tokenValue === "string" && tokenValue.trim().length > 0;
+ const hasPassword = typeof passwordValue === "string" && passwordValue.trim().length > 0;
+ const hasSharedSecret =
+ (resolvedAuthMode === "token" && hasToken) || (resolvedAuthMode === "password" && hasPassword);
const authHints: string[] = [];
if (miskeys.hasGatewayToken) {
authHints.push('Found "gateway.token" in config. Use "gateway.auth.token" instead.');
@@ -212,7 +216,7 @@ async function runGatewayCommand(opts: GatewayRunOpts) {
'"gateway.remote.token" is for remote CLI calls; it does not enable local gateway auth.',
);
}
- if (resolvedAuthMode === "token" && !tokenValue) {
+ if (resolvedAuthMode === "token" && !hasToken && !resolvedAuth.allowTailscale) {
defaultRuntime.error(
[
"Gateway auth is set to token, but no token is configured.",
@@ -225,7 +229,7 @@ async function runGatewayCommand(opts: GatewayRunOpts) {
defaultRuntime.exit(1);
return;
}
- if (resolvedAuthMode === "password" && !passwordValue) {
+ if (resolvedAuthMode === "password" && !hasPassword) {
defaultRuntime.error(
[
"Gateway auth is set to password, but no password is configured.",
@@ -238,11 +242,11 @@ async function runGatewayCommand(opts: GatewayRunOpts) {
defaultRuntime.exit(1);
return;
}
- if (bind !== "loopback" && resolvedAuthMode === "none") {
+ if (bind !== "loopback" && !hasSharedSecret) {
defaultRuntime.error(
[
`Refusing to bind gateway to ${bind} without auth.`,
- "Set gateway.auth.token (or CLAWDBOT_GATEWAY_TOKEN) or pass --token.",
+ "Set gateway.auth.token/password (or CLAWDBOT_GATEWAY_TOKEN/CLAWDBOT_GATEWAY_PASSWORD) or pass --token/--password.",
...authHints,
]
.filter(Boolean)
diff --git a/src/cli/models-cli.ts b/src/cli/models-cli.ts
index 20a476f81..d914629e7 100644
--- a/src/cli/models-cli.ts
+++ b/src/cli/models-cli.ts
@@ -389,7 +389,7 @@ export function registerModelsCli(program: Command) {
.description("Set per-agent auth order override (locks rotation to this list)")
.requiredOption("--provider ", "Provider id (e.g. anthropic)")
.option("--agent ", "Agent id (default: configured default agent)")
- .argument("", "Auth profile ids (e.g. anthropic:claude-cli)")
+ .argument("", "Auth profile ids (e.g. anthropic:default)")
.action(async (profileIds: string[], opts) => {
await runModelsCommand(async () => {
await modelsAuthOrderSetCommand(
diff --git a/src/cli/program/message/register.send.ts b/src/cli/program/message/register.send.ts
index 8841c3ce8..4ab3a852f 100644
--- a/src/cli/program/message/register.send.ts
+++ b/src/cli/program/message/register.send.ts
@@ -22,7 +22,8 @@ export function registerMessageSendCommand(message: Command, helpers: MessageCli
.option("--card ", "Adaptive Card JSON object (when supported by the channel)")
.option("--reply-to ", "Reply-to message id")
.option("--thread-id ", "Thread id (Telegram forum thread)")
- .option("--gif-playback", "Treat video media as GIF playback (WhatsApp only).", false),
+ .option("--gif-playback", "Treat video media as GIF playback (WhatsApp only).", false)
+ .option("--silent", "Send message silently without notification (Telegram only)", false),
)
.action(async (opts) => {
await helpers.runMessageAction("send", opts);
diff --git a/src/cli/program/register.onboard.ts b/src/cli/program/register.onboard.ts
index ee9d5ccd2..eac6a60df 100644
--- a/src/cli/program/register.onboard.ts
+++ b/src/cli/program/register.onboard.ts
@@ -52,7 +52,7 @@ export function registerOnboardCommand(program: Command) {
.option("--mode ", "Wizard mode: local|remote")
.option(
"--auth-choice ",
- "Auth: setup-token|claude-cli|token|chutes|openai-codex|openai-api-key|openrouter-api-key|ai-gateway-api-key|moonshot-api-key|kimi-code-api-key|synthetic-api-key|venice-api-key|codex-cli|gemini-api-key|zai-api-key|apiKey|minimax-api|minimax-api-lightning|opencode-zen|skip",
+ "Auth: setup-token|token|chutes|openai-codex|openai-api-key|openrouter-api-key|ai-gateway-api-key|moonshot-api-key|kimi-code-api-key|synthetic-api-key|venice-api-key|gemini-api-key|zai-api-key|apiKey|minimax-api|minimax-api-lightning|opencode-zen|skip",
)
.option(
"--token-provider ",
@@ -78,7 +78,7 @@ export function registerOnboardCommand(program: Command) {
.option("--opencode-zen-api-key ", "OpenCode Zen API key")
.option("--gateway-port ", "Gateway port")
.option("--gateway-bind ", "Gateway bind: loopback|tailnet|lan|auto|custom")
- .option("--gateway-auth ", "Gateway auth: off|token|password")
+ .option("--gateway-auth ", "Gateway auth: token|password")
.option("--gateway-token ", "Gateway token (token auth)")
.option("--gateway-password ", "Gateway password (password auth)")
.option("--remote-url ", "Remote Gateway WebSocket URL")
diff --git a/src/cli/run-main.ts b/src/cli/run-main.ts
index b24e5b456..bb029ae31 100644
--- a/src/cli/run-main.ts
+++ b/src/cli/run-main.ts
@@ -11,7 +11,7 @@ import { assertSupportedRuntime } from "../infra/runtime-guard.js";
import { formatUncaughtError } from "../infra/errors.js";
import { installUnhandledRejectionHandler } from "../infra/unhandled-rejections.js";
import { enableConsoleCapture } from "../logging.js";
-import { getPrimaryCommand } from "./argv.js";
+import { getPrimaryCommand, hasHelpOrVersion } from "./argv.js";
import { tryRouteCli } from "./route.js";
export function rewriteUpdateFlagArgv(argv: string[]): string[] {
@@ -56,6 +56,15 @@ export async function runCli(argv: string[] = process.argv) {
const { registerSubCliByName } = await import("./program/register.subclis.js");
await registerSubCliByName(program, primary);
}
+
+ const shouldSkipPluginRegistration = !primary && hasHelpOrVersion(parseArgv);
+ if (!shouldSkipPluginRegistration) {
+ // Register plugin CLI commands before parsing
+ const { registerPluginCliCommands } = await import("../plugins/cli.js");
+ const { loadConfig } = await import("../config/config.js");
+ registerPluginCliCommands(program, loadConfig());
+ }
+
await program.parseAsync(parseArgv);
}
diff --git a/src/cli/security-cli.ts b/src/cli/security-cli.ts
index 42bca4ca4..2bd5a36b7 100644
--- a/src/cli/security-cli.ts
+++ b/src/cli/security-cli.ts
@@ -87,16 +87,23 @@ export function registerSecurityCli(program: Command) {
lines.push(muted(` ${shortenHomeInString(change)}`));
}
for (const action of fixResult.actions) {
- const mode = action.mode.toString(8).padStart(3, "0");
- if (action.ok) lines.push(muted(` chmod ${mode} ${shortenHomePath(action.path)}`));
- else if (action.skipped)
- lines.push(
- muted(` skip chmod ${mode} ${shortenHomePath(action.path)} (${action.skipped})`),
- );
- else if (action.error)
- lines.push(
- muted(` chmod ${mode} ${shortenHomePath(action.path)} failed: ${action.error}`),
- );
+ if (action.kind === "chmod") {
+ const mode = action.mode.toString(8).padStart(3, "0");
+ if (action.ok) lines.push(muted(` chmod ${mode} ${shortenHomePath(action.path)}`));
+ else if (action.skipped)
+ lines.push(
+ muted(` skip chmod ${mode} ${shortenHomePath(action.path)} (${action.skipped})`),
+ );
+ else if (action.error)
+ lines.push(
+ muted(` chmod ${mode} ${shortenHomePath(action.path)} failed: ${action.error}`),
+ );
+ continue;
+ }
+ const command = shortenHomeInString(action.command);
+ if (action.ok) lines.push(muted(` ${command}`));
+ else if (action.skipped) lines.push(muted(` skip ${command} (${action.skipped})`));
+ else if (action.error) lines.push(muted(` ${command} failed: ${action.error}`));
}
if (fixResult.errors.length > 0) {
for (const err of fixResult.errors) {
diff --git a/src/commands/agents.commands.add.ts b/src/commands/agents.commands.add.ts
index c8a6a3e0a..53b8ba049 100644
--- a/src/commands/agents.commands.add.ts
+++ b/src/commands/agents.commands.add.ts
@@ -258,7 +258,6 @@ export async function agentsAddCommand(
prompter,
store: authStore,
includeSkip: true,
- includeClaudeCliIfMissing: true,
});
const authResult = await applyAuthChoice({
diff --git a/src/commands/auth-choice-options.test.ts b/src/commands/auth-choice-options.test.ts
index db529761f..7bf917a27 100644
--- a/src/commands/auth-choice-options.test.ts
+++ b/src/commands/auth-choice-options.test.ts
@@ -1,6 +1,6 @@
import { describe, expect, it } from "vitest";
-import { type AuthProfileStore, CLAUDE_CLI_PROFILE_ID } from "../agents/auth-profiles.js";
+import type { AuthProfileStore } from "../agents/auth-profiles.js";
import { buildAuthChoiceOptions } from "./auth-choice-options.js";
describe("buildAuthChoiceOptions", () => {
@@ -9,60 +9,18 @@ describe("buildAuthChoiceOptions", () => {
const options = buildAuthChoiceOptions({
store,
includeSkip: false,
- includeClaudeCliIfMissing: false,
- platform: "linux",
});
expect(options.find((opt) => opt.value === "github-copilot")).toBeDefined();
});
- it("includes Claude Code CLI option on macOS even when missing", () => {
+ it("includes setup-token option for Anthropic", () => {
const store: AuthProfileStore = { version: 1, profiles: {} };
const options = buildAuthChoiceOptions({
store,
includeSkip: false,
- includeClaudeCliIfMissing: true,
- platform: "darwin",
});
- const claudeCli = options.find((opt) => opt.value === "claude-cli");
- expect(claudeCli).toBeDefined();
- expect(claudeCli?.hint).toBe("reuses existing Claude Code auth · requires Keychain access");
- });
-
- it("skips missing Claude Code CLI option off macOS", () => {
- const store: AuthProfileStore = { version: 1, profiles: {} };
- const options = buildAuthChoiceOptions({
- store,
- includeSkip: false,
- includeClaudeCliIfMissing: true,
- platform: "linux",
- });
-
- expect(options.find((opt) => opt.value === "claude-cli")).toBeUndefined();
- });
-
- it("uses token hint when Claude Code CLI credentials exist", () => {
- const store: AuthProfileStore = {
- version: 1,
- profiles: {
- [CLAUDE_CLI_PROFILE_ID]: {
- type: "token",
- provider: "anthropic",
- token: "token",
- expires: Date.now() + 60 * 60 * 1000,
- },
- },
- };
-
- const options = buildAuthChoiceOptions({
- store,
- includeSkip: false,
- includeClaudeCliIfMissing: true,
- platform: "darwin",
- });
-
- const claudeCli = options.find((opt) => opt.value === "claude-cli");
- expect(claudeCli?.hint).toContain("token ok");
+ expect(options.some((opt) => opt.value === "token")).toBe(true);
});
it("includes Z.AI (GLM) auth choice", () => {
@@ -70,8 +28,6 @@ describe("buildAuthChoiceOptions", () => {
const options = buildAuthChoiceOptions({
store,
includeSkip: false,
- includeClaudeCliIfMissing: true,
- platform: "darwin",
});
expect(options.some((opt) => opt.value === "zai-api-key")).toBe(true);
@@ -82,8 +38,6 @@ describe("buildAuthChoiceOptions", () => {
const options = buildAuthChoiceOptions({
store,
includeSkip: false,
- includeClaudeCliIfMissing: true,
- platform: "darwin",
});
expect(options.some((opt) => opt.value === "minimax-api")).toBe(true);
@@ -95,8 +49,6 @@ describe("buildAuthChoiceOptions", () => {
const options = buildAuthChoiceOptions({
store,
includeSkip: false,
- includeClaudeCliIfMissing: true,
- platform: "darwin",
});
expect(options.some((opt) => opt.value === "moonshot-api-key")).toBe(true);
@@ -108,8 +60,6 @@ describe("buildAuthChoiceOptions", () => {
const options = buildAuthChoiceOptions({
store,
includeSkip: false,
- includeClaudeCliIfMissing: true,
- platform: "darwin",
});
expect(options.some((opt) => opt.value === "ai-gateway-api-key")).toBe(true);
@@ -120,8 +70,6 @@ describe("buildAuthChoiceOptions", () => {
const options = buildAuthChoiceOptions({
store,
includeSkip: false,
- includeClaudeCliIfMissing: true,
- platform: "darwin",
});
expect(options.some((opt) => opt.value === "synthetic-api-key")).toBe(true);
@@ -132,8 +80,6 @@ describe("buildAuthChoiceOptions", () => {
const options = buildAuthChoiceOptions({
store,
includeSkip: false,
- includeClaudeCliIfMissing: true,
- platform: "darwin",
});
expect(options.some((opt) => opt.value === "chutes")).toBe(true);
@@ -144,8 +90,6 @@ describe("buildAuthChoiceOptions", () => {
const options = buildAuthChoiceOptions({
store,
includeSkip: false,
- includeClaudeCliIfMissing: true,
- platform: "darwin",
});
expect(options.some((opt) => opt.value === "qwen-portal")).toBe(true);
diff --git a/src/commands/auth-choice-options.ts b/src/commands/auth-choice-options.ts
index f13eef365..6b49ff17b 100644
--- a/src/commands/auth-choice-options.ts
+++ b/src/commands/auth-choice-options.ts
@@ -1,6 +1,4 @@
import type { AuthProfileStore } from "../agents/auth-profiles.js";
-import { CLAUDE_CLI_PROFILE_ID, CODEX_CLI_PROFILE_ID } from "../agents/auth-profiles.js";
-import { colorize, isRich, theme } from "../terminal/theme.js";
import type { AuthChoice } from "./onboard-types.js";
export type AuthChoiceOption = {
@@ -41,13 +39,13 @@ const AUTH_CHOICE_GROUP_DEFS: {
value: "openai",
label: "OpenAI",
hint: "Codex OAuth + API key",
- choices: ["codex-cli", "openai-codex", "openai-api-key"],
+ choices: ["openai-codex", "openai-api-key"],
},
{
value: "anthropic",
label: "Anthropic",
- hint: "Claude Code CLI + API key",
- choices: ["token", "claude-cli", "apiKey"],
+ hint: "setup-token + API key",
+ choices: ["token", "apiKey"],
},
{
value: "minimax",
@@ -117,65 +115,12 @@ const AUTH_CHOICE_GROUP_DEFS: {
},
];
-function formatOAuthHint(expires?: number, opts?: { allowStale?: boolean }): string {
- const rich = isRich();
- if (!expires) {
- return colorize(rich, theme.muted, "token unavailable");
- }
- const now = Date.now();
- const remaining = expires - now;
- if (remaining <= 0) {
- if (opts?.allowStale) {
- return colorize(rich, theme.warn, "token present · refresh on use");
- }
- return colorize(rich, theme.error, "token expired");
- }
- const minutes = Math.round(remaining / (60 * 1000));
- const duration =
- minutes >= 120
- ? `${Math.round(minutes / 60)}h`
- : minutes >= 60
- ? "1h"
- : `${Math.max(minutes, 1)}m`;
- const label = `token ok · expires in ${duration}`;
- if (minutes <= 10) {
- return colorize(rich, theme.warn, label);
- }
- return colorize(rich, theme.success, label);
-}
-
export function buildAuthChoiceOptions(params: {
store: AuthProfileStore;
includeSkip: boolean;
- includeClaudeCliIfMissing?: boolean;
- platform?: NodeJS.Platform;
}): AuthChoiceOption[] {
+ void params.store;
const options: AuthChoiceOption[] = [];
- const platform = params.platform ?? process.platform;
-
- const codexCli = params.store.profiles[CODEX_CLI_PROFILE_ID];
- if (codexCli?.type === "oauth") {
- options.push({
- value: "codex-cli",
- label: "OpenAI Codex OAuth (Codex CLI)",
- hint: formatOAuthHint(codexCli.expires, { allowStale: true }),
- });
- }
-
- const claudeCli = params.store.profiles[CLAUDE_CLI_PROFILE_ID];
- if (claudeCli?.type === "oauth" || claudeCli?.type === "token") {
- options.push({
- value: "claude-cli",
- label: "Anthropic token (Claude Code CLI)",
- hint: `reuses existing Claude Code auth · ${formatOAuthHint(claudeCli.expires)}`,
- });
- } else if (params.includeClaudeCliIfMissing && platform === "darwin") {
- options.push({
- value: "claude-cli",
- label: "Anthropic token (Claude Code CLI)",
- hint: "reuses existing Claude Code auth · requires Keychain access",
- });
- }
options.push({
value: "token",
@@ -245,12 +190,7 @@ export function buildAuthChoiceOptions(params: {
return options;
}
-export function buildAuthChoiceGroups(params: {
- store: AuthProfileStore;
- includeSkip: boolean;
- includeClaudeCliIfMissing?: boolean;
- platform?: NodeJS.Platform;
-}): {
+export function buildAuthChoiceGroups(params: { store: AuthProfileStore; includeSkip: boolean }): {
groups: AuthChoiceGroup[];
skipOption?: AuthChoiceOption;
} {
diff --git a/src/commands/auth-choice-prompt.ts b/src/commands/auth-choice-prompt.ts
index 82756229e..275fa72c9 100644
--- a/src/commands/auth-choice-prompt.ts
+++ b/src/commands/auth-choice-prompt.ts
@@ -9,8 +9,6 @@ export async function promptAuthChoiceGrouped(params: {
prompter: WizardPrompter;
store: AuthProfileStore;
includeSkip: boolean;
- includeClaudeCliIfMissing?: boolean;
- platform?: NodeJS.Platform;
}): Promise {
const { groups, skipOption } = buildAuthChoiceGroups(params);
const availableGroups = groups.filter((group) => group.options.length > 0);
diff --git a/src/commands/auth-choice.apply.anthropic.ts b/src/commands/auth-choice.apply.anthropic.ts
index c5700663c..b28b8ebee 100644
--- a/src/commands/auth-choice.apply.anthropic.ts
+++ b/src/commands/auth-choice.apply.anthropic.ts
@@ -1,8 +1,4 @@
-import {
- CLAUDE_CLI_PROFILE_ID,
- ensureAuthProfileStore,
- upsertAuthProfile,
-} from "../agents/auth-profiles.js";
+import { upsertAuthProfile } from "../agents/auth-profiles.js";
import {
formatApiKeyPreview,
normalizeApiKeyInput,
@@ -15,153 +11,17 @@ import { applyAuthProfileConfig, setAnthropicApiKey } from "./onboard-auth.js";
export async function applyAuthChoiceAnthropic(
params: ApplyAuthChoiceParams,
): Promise {
- if (params.authChoice === "claude-cli") {
+ if (
+ params.authChoice === "setup-token" ||
+ params.authChoice === "oauth" ||
+ params.authChoice === "token"
+ ) {
let nextConfig = params.config;
- const store = ensureAuthProfileStore(params.agentDir, {
- allowKeychainPrompt: false,
- });
- const hasClaudeCli = Boolean(store.profiles[CLAUDE_CLI_PROFILE_ID]);
- if (!hasClaudeCli && process.platform === "darwin") {
- await params.prompter.note(
- [
- "macOS will show a Keychain prompt next.",
- 'Choose "Always Allow" so the launchd gateway can start without prompts.',
- 'If you choose "Allow" or "Deny", each restart will block on a Keychain alert.',
- ].join("\n"),
- "Claude Code CLI Keychain",
- );
- const proceed = await params.prompter.confirm({
- message: "Check Keychain for Claude Code CLI credentials now?",
- initialValue: true,
- });
- if (!proceed) return { config: nextConfig };
- }
-
- const storeWithKeychain = hasClaudeCli
- ? store
- : ensureAuthProfileStore(params.agentDir, {
- allowKeychainPrompt: true,
- });
-
- if (!storeWithKeychain.profiles[CLAUDE_CLI_PROFILE_ID]) {
- if (process.stdin.isTTY) {
- const runNow = await params.prompter.confirm({
- message: "Run `claude setup-token` now?",
- initialValue: true,
- });
- if (runNow) {
- const res = await (async () => {
- const { spawnSync } = await import("node:child_process");
- return spawnSync("claude", ["setup-token"], { stdio: "inherit" });
- })();
- if (res.error) {
- await params.prompter.note(
- `Failed to run claude: ${String(res.error)}`,
- "Claude setup-token",
- );
- }
- }
- } else {
- await params.prompter.note(
- "`claude setup-token` requires an interactive TTY.",
- "Claude setup-token",
- );
- }
-
- const refreshed = ensureAuthProfileStore(params.agentDir, {
- allowKeychainPrompt: true,
- });
- if (!refreshed.profiles[CLAUDE_CLI_PROFILE_ID]) {
- await params.prompter.note(
- process.platform === "darwin"
- ? 'No Claude Code CLI credentials found in Keychain ("Claude Code-credentials") or ~/.claude/.credentials.json.'
- : "No Claude Code CLI credentials found at ~/.claude/.credentials.json.",
- "Claude Code CLI OAuth",
- );
- return { config: nextConfig };
- }
- }
- nextConfig = applyAuthProfileConfig(nextConfig, {
- profileId: CLAUDE_CLI_PROFILE_ID,
- provider: "anthropic",
- mode: "oauth",
- });
- return { config: nextConfig };
- }
-
- if (params.authChoice === "setup-token" || params.authChoice === "oauth") {
- let nextConfig = params.config;
- await params.prompter.note(
- [
- "This will run `claude setup-token` to create a long-lived Anthropic token.",
- "Requires an interactive TTY and a Claude Pro/Max subscription.",
- ].join("\n"),
- "Anthropic setup-token",
- );
-
- if (!process.stdin.isTTY) {
- await params.prompter.note(
- "`claude setup-token` requires an interactive TTY.",
- "Anthropic setup-token",
- );
- return { config: nextConfig };
- }
-
- const proceed = await params.prompter.confirm({
- message: "Run `claude setup-token` now?",
- initialValue: true,
- });
- if (!proceed) return { config: nextConfig };
-
- const res = await (async () => {
- const { spawnSync } = await import("node:child_process");
- return spawnSync("claude", ["setup-token"], { stdio: "inherit" });
- })();
- if (res.error) {
- await params.prompter.note(
- `Failed to run claude: ${String(res.error)}`,
- "Anthropic setup-token",
- );
- return { config: nextConfig };
- }
- if (typeof res.status === "number" && res.status !== 0) {
- await params.prompter.note(
- `claude setup-token failed (exit ${res.status})`,
- "Anthropic setup-token",
- );
- return { config: nextConfig };
- }
-
- const store = ensureAuthProfileStore(params.agentDir, {
- allowKeychainPrompt: true,
- });
- if (!store.profiles[CLAUDE_CLI_PROFILE_ID]) {
- await params.prompter.note(
- `No Claude Code CLI credentials found after setup-token. Expected ${CLAUDE_CLI_PROFILE_ID}.`,
- "Anthropic setup-token",
- );
- return { config: nextConfig };
- }
-
- nextConfig = applyAuthProfileConfig(nextConfig, {
- profileId: CLAUDE_CLI_PROFILE_ID,
- provider: "anthropic",
- mode: "oauth",
- });
- return { config: nextConfig };
- }
-
- if (params.authChoice === "token") {
- let nextConfig = params.config;
- const provider = (await params.prompter.select({
- message: "Token provider",
- options: [{ value: "anthropic", label: "Anthropic (only supported)" }],
- })) as "anthropic";
await params.prompter.note(
["Run `claude setup-token` in your terminal.", "Then paste the generated token below."].join(
"\n",
),
- "Anthropic token",
+ "Anthropic setup-token",
);
const tokenRaw = await params.prompter.text({
@@ -174,6 +34,7 @@ export async function applyAuthChoiceAnthropic(
message: "Token name (blank = default)",
placeholder: "default",
});
+ const provider = "anthropic";
const namedProfileId = buildTokenProfileId({
provider,
name: String(profileNameRaw ?? ""),
diff --git a/src/commands/auth-choice.apply.openai.ts b/src/commands/auth-choice.apply.openai.ts
index 7d96a35a1..947b81181 100644
--- a/src/commands/auth-choice.apply.openai.ts
+++ b/src/commands/auth-choice.apply.openai.ts
@@ -1,5 +1,4 @@
import { loginOpenAICodex } from "@mariozechner/pi-ai";
-import { CODEX_CLI_PROFILE_ID, ensureAuthProfileStore } from "../agents/auth-profiles.js";
import { resolveEnvApiKey } from "../agents/model-auth.js";
import { upsertSharedEnvVar } from "../infra/env-file.js";
import { isRemoteEnvironment } from "./oauth-env.js";
@@ -146,45 +145,5 @@ export async function applyAuthChoiceOpenAI(
return { config: nextConfig, agentModelOverride };
}
- if (params.authChoice === "codex-cli") {
- let nextConfig = params.config;
- let agentModelOverride: string | undefined;
- const noteAgentModel = async (model: string) => {
- if (!params.agentId) return;
- await params.prompter.note(
- `Default model set to ${model} for agent "${params.agentId}".`,
- "Model configured",
- );
- };
-
- const store = ensureAuthProfileStore(params.agentDir);
- if (!store.profiles[CODEX_CLI_PROFILE_ID]) {
- await params.prompter.note(
- "No Codex CLI credentials found at ~/.codex/auth.json.",
- "Codex CLI OAuth",
- );
- return { config: nextConfig, agentModelOverride };
- }
- nextConfig = applyAuthProfileConfig(nextConfig, {
- profileId: CODEX_CLI_PROFILE_ID,
- provider: "openai-codex",
- mode: "oauth",
- });
- if (params.setDefaultModel) {
- const applied = applyOpenAICodexModelDefault(nextConfig);
- nextConfig = applied.next;
- if (applied.changed) {
- await params.prompter.note(
- `Default model set to ${OPENAI_CODEX_DEFAULT_MODEL}`,
- "Model configured",
- );
- }
- } else {
- agentModelOverride = OPENAI_CODEX_DEFAULT_MODEL;
- await noteAgentModel(OPENAI_CODEX_DEFAULT_MODEL);
- }
- return { config: nextConfig, agentModelOverride };
- }
-
return null;
}
diff --git a/src/commands/channels.adds-non-default-telegram-account.test.ts b/src/commands/channels.adds-non-default-telegram-account.test.ts
index d03be6a51..3b1204c3b 100644
--- a/src/commands/channels.adds-non-default-telegram-account.test.ts
+++ b/src/commands/channels.adds-non-default-telegram-account.test.ts
@@ -244,7 +244,7 @@ describe("channels command", () => {
authMocks.loadAuthProfileStore.mockReturnValue({
version: 1,
profiles: {
- "anthropic:claude-cli": {
+ "anthropic:default": {
type: "oauth",
provider: "anthropic",
access: "token",
@@ -252,7 +252,7 @@ describe("channels command", () => {
expires: 0,
created: 0,
},
- "openai-codex:codex-cli": {
+ "openai-codex:default": {
type: "oauth",
provider: "openai",
access: "token",
@@ -268,8 +268,8 @@ describe("channels command", () => {
auth?: Array<{ id: string }>;
};
const ids = payload.auth?.map((entry) => entry.id) ?? [];
- expect(ids).toContain("anthropic:claude-cli");
- expect(ids).toContain("openai-codex:codex-cli");
+ expect(ids).toContain("anthropic:default");
+ expect(ids).toContain("openai-codex:default");
});
it("stores default account names in accounts when multiple accounts exist", async () => {
diff --git a/src/commands/channels/list.ts b/src/commands/channels/list.ts
index 93571312f..bd707e4e0 100644
--- a/src/commands/channels/list.ts
+++ b/src/commands/channels/list.ts
@@ -1,8 +1,4 @@
-import {
- CLAUDE_CLI_PROFILE_ID,
- CODEX_CLI_PROFILE_ID,
- loadAuthProfileStore,
-} from "../../agents/auth-profiles.js";
+import { loadAuthProfileStore } from "../../agents/auth-profiles.js";
import { listChannelPlugins } from "../../channels/plugins/index.js";
import { buildChannelAccountSnapshot } from "../../channels/plugins/status.js";
import type { ChannelAccountSnapshot, ChannelPlugin } from "../../channels/plugins/types.js";
@@ -115,7 +111,7 @@ export async function channelsListCommand(
id: profileId,
provider: profile.provider,
type: profile.type,
- isExternal: profileId === CLAUDE_CLI_PROFILE_ID || profileId === CODEX_CLI_PROFILE_ID,
+ isExternal: false,
}));
if (opts.json) {
const usage = includeUsage ? await loadProviderUsageSummary() : undefined;
diff --git a/src/commands/configure.gateway-auth.test.ts b/src/commands/configure.gateway-auth.test.ts
index 69faad450..26a3729f2 100644
--- a/src/commands/configure.gateway-auth.test.ts
+++ b/src/commands/configure.gateway-auth.test.ts
@@ -3,26 +3,18 @@ import { describe, expect, it } from "vitest";
import { buildGatewayAuthConfig } from "./configure.js";
describe("buildGatewayAuthConfig", () => {
- it("clears token/password when auth is off", () => {
- const result = buildGatewayAuthConfig({
- existing: { mode: "token", token: "abc", password: "secret" },
- mode: "off",
- });
-
- expect(result).toBeUndefined();
- });
-
- it("preserves allowTailscale when auth is off", () => {
+ it("preserves allowTailscale when switching to token", () => {
const result = buildGatewayAuthConfig({
existing: {
- mode: "token",
- token: "abc",
+ mode: "password",
+ password: "secret",
allowTailscale: true,
},
- mode: "off",
+ mode: "token",
+ token: "abc",
});
- expect(result).toEqual({ allowTailscale: true });
+ expect(result).toEqual({ mode: "token", token: "abc", allowTailscale: true });
});
it("drops password when switching to token", () => {
diff --git a/src/commands/configure.gateway-auth.ts b/src/commands/configure.gateway-auth.ts
index ad9406195..d60453a98 100644
--- a/src/commands/configure.gateway-auth.ts
+++ b/src/commands/configure.gateway-auth.ts
@@ -12,7 +12,7 @@ import {
promptModelAllowlist,
} from "./model-picker.js";
-type GatewayAuthChoice = "off" | "token" | "password";
+type GatewayAuthChoice = "token" | "password";
const ANTHROPIC_OAUTH_MODEL_KEYS = [
"anthropic/claude-opus-4-5",
@@ -30,9 +30,6 @@ export function buildGatewayAuthConfig(params: {
const base: GatewayAuthConfig = {};
if (typeof allowTailscale === "boolean") base.allowTailscale = allowTailscale;
- if (params.mode === "off") {
- return Object.keys(base).length > 0 ? base : undefined;
- }
if (params.mode === "token") {
return { ...base, mode: "token", token: params.token };
}
@@ -50,7 +47,6 @@ export async function promptAuthConfig(
allowKeychainPrompt: false,
}),
includeSkip: true,
- includeClaudeCliIfMissing: true,
});
let next = cfg;
@@ -77,10 +73,7 @@ export async function promptAuthConfig(
}
const anthropicOAuth =
- authChoice === "claude-cli" ||
- authChoice === "setup-token" ||
- authChoice === "token" ||
- authChoice === "oauth";
+ authChoice === "setup-token" || authChoice === "token" || authChoice === "oauth";
const allowlistSelection = await promptModelAllowlist({
config: next,
diff --git a/src/commands/configure.gateway.ts b/src/commands/configure.gateway.ts
index ba44c3dcf..d572e54a9 100644
--- a/src/commands/configure.gateway.ts
+++ b/src/commands/configure.gateway.ts
@@ -7,7 +7,7 @@ import { buildGatewayAuthConfig } from "./configure.gateway-auth.js";
import { confirm, select, text } from "./configure.shared.js";
import { guardCancel, randomToken } from "./onboard-helpers.js";
-type GatewayAuthChoice = "off" | "token" | "password";
+type GatewayAuthChoice = "token" | "password";
export async function promptGatewayConfig(
cfg: ClawdbotConfig,
@@ -91,11 +91,6 @@ export async function promptGatewayConfig(
await select({
message: "Gateway auth",
options: [
- {
- value: "off",
- label: "Off (loopback only)",
- hint: "Not recommended unless you fully trust local processes",
- },
{ value: "token", label: "Token", hint: "Recommended default" },
{ value: "password", label: "Password" },
],
@@ -165,11 +160,6 @@ export async function promptGatewayConfig(
bind = "loopback";
}
- if (authMode === "off" && bind !== "loopback") {
- note("Non-loopback bind requires auth. Switching to token auth.", "Note");
- authMode = "token";
- }
-
if (tailscaleMode === "funnel" && authMode !== "password") {
note("Tailscale funnel requires password auth.", "Note");
authMode = "password";
diff --git a/src/commands/doctor-auth.deprecated-cli-profiles.test.ts b/src/commands/doctor-auth.deprecated-cli-profiles.test.ts
new file mode 100644
index 000000000..b7a50374b
--- /dev/null
+++ b/src/commands/doctor-auth.deprecated-cli-profiles.test.ts
@@ -0,0 +1,109 @@
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+
+import { maybeRemoveDeprecatedCliAuthProfiles } from "./doctor-auth.js";
+import type { DoctorPrompter } from "./doctor-prompter.js";
+
+let originalAgentDir: string | undefined;
+let originalPiAgentDir: string | undefined;
+let tempAgentDir: string | undefined;
+
+function makePrompter(confirmValue: boolean): DoctorPrompter {
+ return {
+ confirm: vi.fn().mockResolvedValue(confirmValue),
+ confirmRepair: vi.fn().mockResolvedValue(confirmValue),
+ confirmAggressive: vi.fn().mockResolvedValue(confirmValue),
+ confirmSkipInNonInteractive: vi.fn().mockResolvedValue(confirmValue),
+ select: vi.fn().mockResolvedValue(""),
+ shouldRepair: confirmValue,
+ shouldForce: false,
+ };
+}
+
+beforeEach(() => {
+ originalAgentDir = process.env.CLAWDBOT_AGENT_DIR;
+ originalPiAgentDir = process.env.PI_CODING_AGENT_DIR;
+ tempAgentDir = fs.mkdtempSync(path.join(os.tmpdir(), "clawdbot-auth-"));
+ process.env.CLAWDBOT_AGENT_DIR = tempAgentDir;
+ process.env.PI_CODING_AGENT_DIR = tempAgentDir;
+});
+
+afterEach(() => {
+ if (originalAgentDir === undefined) {
+ delete process.env.CLAWDBOT_AGENT_DIR;
+ } else {
+ process.env.CLAWDBOT_AGENT_DIR = originalAgentDir;
+ }
+ if (originalPiAgentDir === undefined) {
+ delete process.env.PI_CODING_AGENT_DIR;
+ } else {
+ process.env.PI_CODING_AGENT_DIR = originalPiAgentDir;
+ }
+ if (tempAgentDir) {
+ fs.rmSync(tempAgentDir, { recursive: true, force: true });
+ tempAgentDir = undefined;
+ }
+});
+
+describe("maybeRemoveDeprecatedCliAuthProfiles", () => {
+ it("removes deprecated CLI auth profiles from store + config", async () => {
+ if (!tempAgentDir) throw new Error("Missing temp agent dir");
+ const authPath = path.join(tempAgentDir, "auth-profiles.json");
+ fs.writeFileSync(
+ authPath,
+ `${JSON.stringify(
+ {
+ version: 1,
+ profiles: {
+ "anthropic:claude-cli": {
+ type: "oauth",
+ provider: "anthropic",
+ access: "token-a",
+ refresh: "token-r",
+ expires: Date.now() + 60_000,
+ },
+ "openai-codex:codex-cli": {
+ type: "oauth",
+ provider: "openai-codex",
+ access: "token-b",
+ refresh: "token-r2",
+ expires: Date.now() + 60_000,
+ },
+ },
+ },
+ null,
+ 2,
+ )}\n`,
+ "utf8",
+ );
+
+ const cfg = {
+ auth: {
+ profiles: {
+ "anthropic:claude-cli": { provider: "anthropic", mode: "oauth" },
+ "openai-codex:codex-cli": { provider: "openai-codex", mode: "oauth" },
+ },
+ order: {
+ anthropic: ["anthropic:claude-cli"],
+ "openai-codex": ["openai-codex:codex-cli"],
+ },
+ },
+ } as const;
+
+ const next = await maybeRemoveDeprecatedCliAuthProfiles(cfg, makePrompter(true));
+
+ const raw = JSON.parse(fs.readFileSync(authPath, "utf8")) as {
+ profiles?: Record;
+ };
+ expect(raw.profiles?.["anthropic:claude-cli"]).toBeUndefined();
+ expect(raw.profiles?.["openai-codex:codex-cli"]).toBeUndefined();
+
+ expect(next.auth?.profiles?.["anthropic:claude-cli"]).toBeUndefined();
+ expect(next.auth?.profiles?.["openai-codex:codex-cli"]).toBeUndefined();
+ expect(next.auth?.order?.anthropic).toBeUndefined();
+ expect(next.auth?.order?.["openai-codex"]).toBeUndefined();
+ });
+});
diff --git a/src/commands/doctor-auth.ts b/src/commands/doctor-auth.ts
index 7fc17e28f..4ef6f7a0e 100644
--- a/src/commands/doctor-auth.ts
+++ b/src/commands/doctor-auth.ts
@@ -11,6 +11,7 @@ import {
resolveApiKeyForProfile,
resolveProfileUnusableUntilForDisplay,
} from "../agents/auth-profiles.js";
+import { updateAuthProfileStoreWithLock } from "../agents/auth-profiles/store.js";
import type { ClawdbotConfig } from "../config/config.js";
import { note } from "../terminal/note.js";
import { formatCliCommand } from "../cli/command-format.js";
@@ -38,6 +39,148 @@ export async function maybeRepairAnthropicOAuthProfileId(
return repair.config;
}
+function pruneAuthOrder(
+ order: Record | undefined,
+ profileIds: Set,
+): { next: Record | undefined; changed: boolean } {
+ if (!order) return { next: order, changed: false };
+ let changed = false;
+ const next: Record = {};
+ for (const [provider, list] of Object.entries(order)) {
+ const filtered = list.filter((id) => !profileIds.has(id));
+ if (filtered.length !== list.length) changed = true;
+ if (filtered.length > 0) next[provider] = filtered;
+ }
+ return { next: Object.keys(next).length > 0 ? next : undefined, changed };
+}
+
+function pruneAuthProfiles(
+ cfg: ClawdbotConfig,
+ profileIds: Set,
+): { next: ClawdbotConfig; changed: boolean } {
+ const profiles = cfg.auth?.profiles;
+ const order = cfg.auth?.order;
+ const nextProfiles = profiles ? { ...profiles } : undefined;
+ let changed = false;
+
+ if (nextProfiles) {
+ for (const id of profileIds) {
+ if (id in nextProfiles) {
+ delete nextProfiles[id];
+ changed = true;
+ }
+ }
+ }
+
+ const prunedOrder = pruneAuthOrder(order, profileIds);
+ if (prunedOrder.changed) changed = true;
+
+ if (!changed) return { next: cfg, changed: false };
+
+ const nextAuth =
+ nextProfiles || prunedOrder.next
+ ? {
+ ...cfg.auth,
+ profiles: nextProfiles && Object.keys(nextProfiles).length > 0 ? nextProfiles : undefined,
+ order: prunedOrder.next,
+ }
+ : undefined;
+
+ return {
+ next: {
+ ...cfg,
+ auth: nextAuth,
+ },
+ changed: true,
+ };
+}
+
+export async function maybeRemoveDeprecatedCliAuthProfiles(
+ cfg: ClawdbotConfig,
+ prompter: DoctorPrompter,
+): Promise {
+ const store = ensureAuthProfileStore(undefined, { allowKeychainPrompt: false });
+ const deprecated = new Set();
+ if (store.profiles[CLAUDE_CLI_PROFILE_ID] || cfg.auth?.profiles?.[CLAUDE_CLI_PROFILE_ID]) {
+ deprecated.add(CLAUDE_CLI_PROFILE_ID);
+ }
+ if (store.profiles[CODEX_CLI_PROFILE_ID] || cfg.auth?.profiles?.[CODEX_CLI_PROFILE_ID]) {
+ deprecated.add(CODEX_CLI_PROFILE_ID);
+ }
+
+ if (deprecated.size === 0) return cfg;
+
+ const lines = ["Deprecated external CLI auth profiles detected (no longer supported):"];
+ if (deprecated.has(CLAUDE_CLI_PROFILE_ID)) {
+ lines.push(
+ `- ${CLAUDE_CLI_PROFILE_ID} (Anthropic): use setup-token → ${formatCliCommand("clawdbot models auth setup-token")}`,
+ );
+ }
+ if (deprecated.has(CODEX_CLI_PROFILE_ID)) {
+ lines.push(
+ `- ${CODEX_CLI_PROFILE_ID} (OpenAI Codex): use OAuth → ${formatCliCommand(
+ "clawdbot models auth login --provider openai-codex",
+ )}`,
+ );
+ }
+ note(lines.join("\n"), "Auth profiles");
+
+ const shouldRemove = await prompter.confirmRepair({
+ message: "Remove deprecated CLI auth profiles now?",
+ initialValue: true,
+ });
+ if (!shouldRemove) return cfg;
+
+ await updateAuthProfileStoreWithLock({
+ updater: (nextStore) => {
+ let mutated = false;
+ for (const id of deprecated) {
+ if (nextStore.profiles[id]) {
+ delete nextStore.profiles[id];
+ mutated = true;
+ }
+ if (nextStore.usageStats?.[id]) {
+ delete nextStore.usageStats[id];
+ mutated = true;
+ }
+ }
+ if (nextStore.order) {
+ for (const [provider, list] of Object.entries(nextStore.order)) {
+ const filtered = list.filter((id) => !deprecated.has(id));
+ if (filtered.length !== list.length) {
+ mutated = true;
+ if (filtered.length > 0) {
+ nextStore.order[provider] = filtered;
+ } else {
+ delete nextStore.order[provider];
+ }
+ }
+ }
+ }
+ if (nextStore.lastGood) {
+ for (const [provider, profileId] of Object.entries(nextStore.lastGood)) {
+ if (deprecated.has(profileId)) {
+ delete nextStore.lastGood[provider];
+ mutated = true;
+ }
+ }
+ }
+ return mutated;
+ },
+ });
+
+ const pruned = pruneAuthProfiles(cfg, deprecated);
+ if (pruned.changed) {
+ note(
+ Array.from(deprecated.values())
+ .map((id) => `- removed ${id} from config`)
+ .join("\n"),
+ "Doctor changes",
+ );
+ }
+ return pruned.next;
+}
+
type AuthIssue = {
profileId: string;
provider: string;
@@ -47,10 +190,14 @@ type AuthIssue = {
function formatAuthIssueHint(issue: AuthIssue): string | null {
if (issue.provider === "anthropic" && issue.profileId === CLAUDE_CLI_PROFILE_ID) {
- return "Run `claude setup-token` on the gateway host.";
+ return `Deprecated profile. Use ${formatCliCommand("clawdbot models auth setup-token")} or ${formatCliCommand(
+ "clawdbot configure",
+ )}.`;
}
if (issue.provider === "openai-codex" && issue.profileId === CODEX_CLI_PROFILE_ID) {
- return `Run \`codex login\` (or \`${formatCliCommand("clawdbot configure")}\` → OpenAI Codex OAuth).`;
+ return `Deprecated profile. Use ${formatCliCommand(
+ "clawdbot models auth login --provider openai-codex",
+ )} or ${formatCliCommand("clawdbot configure")}.`;
}
return `Re-auth via \`${formatCliCommand("clawdbot configure")}\` or \`${formatCliCommand("clawdbot onboard")}\`.`;
}
diff --git a/src/commands/doctor-security.test.ts b/src/commands/doctor-security.test.ts
new file mode 100644
index 000000000..460b2b1fe
--- /dev/null
+++ b/src/commands/doctor-security.test.ts
@@ -0,0 +1,71 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+
+import type { ClawdbotConfig } from "../config/config.js";
+
+const note = vi.hoisted(() => vi.fn());
+
+vi.mock("../terminal/note.js", () => ({
+ note,
+}));
+
+vi.mock("../channels/plugins/index.js", () => ({
+ listChannelPlugins: () => [],
+}));
+
+import { noteSecurityWarnings } from "./doctor-security.js";
+
+describe("noteSecurityWarnings gateway exposure", () => {
+ let prevToken: string | undefined;
+ let prevPassword: string | undefined;
+
+ beforeEach(() => {
+ note.mockClear();
+ prevToken = process.env.CLAWDBOT_GATEWAY_TOKEN;
+ prevPassword = process.env.CLAWDBOT_GATEWAY_PASSWORD;
+ delete process.env.CLAWDBOT_GATEWAY_TOKEN;
+ delete process.env.CLAWDBOT_GATEWAY_PASSWORD;
+ });
+
+ afterEach(() => {
+ if (prevToken === undefined) delete process.env.CLAWDBOT_GATEWAY_TOKEN;
+ else process.env.CLAWDBOT_GATEWAY_TOKEN = prevToken;
+ if (prevPassword === undefined) delete process.env.CLAWDBOT_GATEWAY_PASSWORD;
+ else process.env.CLAWDBOT_GATEWAY_PASSWORD = prevPassword;
+ });
+
+ const lastMessage = () => String(note.mock.calls.at(-1)?.[0] ?? "");
+
+ it("warns when exposed without auth", async () => {
+ const cfg = { gateway: { bind: "lan" } } as ClawdbotConfig;
+ await noteSecurityWarnings(cfg);
+ const message = lastMessage();
+ expect(message).toContain("CRITICAL");
+ expect(message).toContain("without authentication");
+ });
+
+ it("uses env token to avoid critical warning", async () => {
+ process.env.CLAWDBOT_GATEWAY_TOKEN = "token-123";
+ const cfg = { gateway: { bind: "lan" } } as ClawdbotConfig;
+ await noteSecurityWarnings(cfg);
+ const message = lastMessage();
+ expect(message).toContain("WARNING");
+ expect(message).not.toContain("CRITICAL");
+ });
+
+ it("treats whitespace token as missing", async () => {
+ const cfg = {
+ gateway: { bind: "lan", auth: { mode: "token", token: " " } },
+ } as ClawdbotConfig;
+ await noteSecurityWarnings(cfg);
+ const message = lastMessage();
+ expect(message).toContain("CRITICAL");
+ });
+
+ it("skips warning for loopback bind", async () => {
+ const cfg = { gateway: { bind: "loopback" } } as ClawdbotConfig;
+ await noteSecurityWarnings(cfg);
+ const message = lastMessage();
+ expect(message).toContain("No channel security warnings detected");
+ expect(message).not.toContain("Gateway bound");
+ });
+});
diff --git a/src/commands/doctor-security.ts b/src/commands/doctor-security.ts
index 483917faa..620a7fd7d 100644
--- a/src/commands/doctor-security.ts
+++ b/src/commands/doctor-security.ts
@@ -1,10 +1,12 @@
import { resolveChannelDefaultAccountId } from "../channels/plugins/helpers.js";
import { listChannelPlugins } from "../channels/plugins/index.js";
import type { ChannelId } from "../channels/plugins/types.js";
-import type { ClawdbotConfig } from "../config/config.js";
+import type { ClawdbotConfig, GatewayBindMode } from "../config/config.js";
import { readChannelAllowFromStore } from "../pairing/pairing-store.js";
import { note } from "../terminal/note.js";
import { formatCliCommand } from "../cli/command-format.js";
+import { resolveGatewayAuth } from "../gateway/auth.js";
+import { isLoopbackHost, resolveGatewayBindHost } from "../gateway/net.js";
export async function noteSecurityWarnings(cfg: ClawdbotConfig) {
const warnings: string[] = [];
@@ -16,50 +18,55 @@ export async function noteSecurityWarnings(cfg: ClawdbotConfig) {
// Check for dangerous gateway binding configurations
// that expose the gateway to network without proper auth
- const gatewayBind = cfg.gateway?.bind ?? "loopback";
+ const gatewayBind = (cfg.gateway?.bind ?? "loopback") as string;
const customBindHost = cfg.gateway?.customBindHost?.trim();
- const authMode = cfg.gateway?.auth?.mode ?? "off";
- const authToken = cfg.gateway?.auth?.token;
- const authPassword = cfg.gateway?.auth?.password;
+ const bindModes: GatewayBindMode[] = ["auto", "lan", "loopback", "custom", "tailnet"];
+ const bindMode = bindModes.includes(gatewayBind as GatewayBindMode)
+ ? (gatewayBind as GatewayBindMode)
+ : undefined;
+ const resolvedBindHost = bindMode
+ ? await resolveGatewayBindHost(bindMode, customBindHost)
+ : "0.0.0.0";
+ const isExposed = !isLoopbackHost(resolvedBindHost);
- const isLoopbackBindHost = (host: string) => {
- const normalized = host.trim().toLowerCase();
- return (
- normalized === "localhost" ||
- normalized === "::1" ||
- normalized === "[::1]" ||
- normalized.startsWith("127.")
- );
- };
-
- // Bindings that expose gateway beyond localhost
- const exposedBindings = ["all", "lan", "0.0.0.0"];
- const isExposed =
- exposedBindings.includes(gatewayBind) ||
- (gatewayBind === "custom" && (!customBindHost || !isLoopbackBindHost(customBindHost)));
+ const resolvedAuth = resolveGatewayAuth({
+ authConfig: cfg.gateway?.auth,
+ env: process.env,
+ tailscaleMode: cfg.gateway?.tailscale?.mode ?? "off",
+ });
+ const authToken = resolvedAuth.token?.trim() ?? "";
+ const authPassword = resolvedAuth.password?.trim() ?? "";
+ const hasToken = authToken.length > 0;
+ const hasPassword = authPassword.length > 0;
+ const hasSharedSecret =
+ (resolvedAuth.mode === "token" && hasToken) ||
+ (resolvedAuth.mode === "password" && hasPassword);
+ const bindDescriptor = `"${gatewayBind}" (${resolvedBindHost})`;
if (isExposed) {
- if (authMode === "off") {
+ if (!hasSharedSecret) {
+ const authFixLines =
+ resolvedAuth.mode === "password"
+ ? [
+ ` Fix: ${formatCliCommand("clawdbot configure")} to set a password`,
+ ` Or switch to token: ${formatCliCommand("clawdbot config set gateway.auth.mode token")}`,
+ ]
+ : [
+ ` Fix: ${formatCliCommand("clawdbot doctor --fix")} to generate a token`,
+ ` Or set token directly: ${formatCliCommand(
+ "clawdbot config set gateway.auth.mode token",
+ )}`,
+ ];
warnings.push(
- `- CRITICAL: Gateway bound to "${gatewayBind}" with NO authentication.`,
+ `- CRITICAL: Gateway bound to ${bindDescriptor} without authentication.`,
` Anyone on your network (or internet if port-forwarded) can fully control your agent.`,
` Fix: ${formatCliCommand("clawdbot config set gateway.bind loopback")}`,
- ` Or enable auth: ${formatCliCommand("clawdbot config set gateway.auth.mode token")}`,
- );
- } else if (authMode === "token" && !authToken) {
- warnings.push(
- `- CRITICAL: Gateway bound to "${gatewayBind}" with empty auth token.`,
- ` Fix: ${formatCliCommand("clawdbot doctor --fix")} to generate a token`,
- );
- } else if (authMode === "password" && !authPassword) {
- warnings.push(
- `- CRITICAL: Gateway bound to "${gatewayBind}" with empty password.`,
- ` Fix: ${formatCliCommand("clawdbot configure")} to set a password`,
+ ...authFixLines,
);
} else {
// Auth is configured, but still warn about network exposure
warnings.push(
- `- WARNING: Gateway bound to "${gatewayBind}" (network-accessible).`,
+ `- WARNING: Gateway bound to ${bindDescriptor} (network-accessible).`,
` Ensure your auth credentials are strong and not exposed.`,
);
}
diff --git a/src/commands/doctor.ts b/src/commands/doctor.ts
index aa4f4d7a3..658504ecc 100644
--- a/src/commands/doctor.ts
+++ b/src/commands/doctor.ts
@@ -22,7 +22,11 @@ import { defaultRuntime } from "../runtime.js";
import { note } from "../terminal/note.js";
import { stylePromptTitle } from "../terminal/prompt-style.js";
import { shortenHomePath } from "../utils.js";
-import { maybeRepairAnthropicOAuthProfileId, noteAuthProfileHealth } from "./doctor-auth.js";
+import {
+ maybeRemoveDeprecatedCliAuthProfiles,
+ maybeRepairAnthropicOAuthProfileId,
+ noteAuthProfileHealth,
+} from "./doctor-auth.js";
import { loadAndMaybeMigrateDoctorConfig } from "./doctor-config-flow.js";
import { maybeRepairGatewayDaemon } from "./doctor-gateway-daemon-flow.js";
import { checkGatewayHealth } from "./doctor-gateway-health.js";
@@ -104,6 +108,7 @@ export async function doctorCommand(
}
cfg = await maybeRepairAnthropicOAuthProfileId(cfg, prompter);
+ cfg = await maybeRemoveDeprecatedCliAuthProfiles(cfg, prompter);
await noteAuthProfileHealth({
cfg,
prompter,
diff --git a/src/commands/models/auth.ts b/src/commands/models/auth.ts
index b2da0cde1..c38cf4520 100644
--- a/src/commands/models/auth.ts
+++ b/src/commands/models/auth.ts
@@ -1,12 +1,6 @@
-import { spawnSync } from "node:child_process";
-
import { confirm as clackConfirm, select as clackSelect, text as clackText } from "@clack/prompts";
-import {
- CLAUDE_CLI_PROFILE_ID,
- ensureAuthProfileStore,
- upsertAuthProfile,
-} from "../../agents/auth-profiles.js";
+import { upsertAuthProfile } from "../../agents/auth-profiles.js";
import { normalizeProviderId } from "../../agents/model-selection.js";
import {
resolveAgentDir,
@@ -33,6 +27,7 @@ import type {
ProviderPlugin,
} from "../../plugins/types.js";
import type { AuthProfileCredential } from "../../agents/auth-profiles/types.js";
+import { validateAnthropicSetupToken } from "../auth-token.js";
const confirm = (params: Parameters[0]) =>
clackConfirm({
@@ -73,9 +68,7 @@ export async function modelsAuthSetupTokenCommand(
) {
const provider = resolveTokenProvider(opts.provider ?? "anthropic");
if (provider !== "anthropic") {
- throw new Error(
- "Only --provider anthropic is supported for setup-token (uses `claude setup-token`).",
- );
+ throw new Error("Only --provider anthropic is supported for setup-token.");
}
if (!process.stdin.isTTY) {
@@ -84,38 +77,38 @@ export async function modelsAuthSetupTokenCommand(
if (!opts.yes) {
const proceed = await confirm({
- message: "Run `claude setup-token` now?",
+ message: "Have you run `claude setup-token` and copied the token?",
initialValue: true,
});
if (!proceed) return;
}
- const res = spawnSync("claude", ["setup-token"], { stdio: "inherit" });
- if (res.error) throw res.error;
- if (typeof res.status === "number" && res.status !== 0) {
- throw new Error(`claude setup-token failed (exit ${res.status})`);
- }
-
- const store = ensureAuthProfileStore(undefined, {
- allowKeychainPrompt: true,
+ const tokenInput = await text({
+ message: "Paste Anthropic setup-token",
+ validate: (value) => validateAnthropicSetupToken(String(value ?? "")),
+ });
+ const token = String(tokenInput).trim();
+ const profileId = resolveDefaultTokenProfileId(provider);
+
+ upsertAuthProfile({
+ profileId,
+ credential: {
+ type: "token",
+ provider,
+ token,
+ },
});
- const synced = store.profiles[CLAUDE_CLI_PROFILE_ID];
- if (!synced) {
- throw new Error(
- `No Claude Code CLI credentials found after setup-token. Expected auth profile ${CLAUDE_CLI_PROFILE_ID}.`,
- );
- }
await updateConfig((cfg) =>
applyAuthProfileConfig(cfg, {
- profileId: CLAUDE_CLI_PROFILE_ID,
- provider: "anthropic",
- mode: "oauth",
+ profileId,
+ provider,
+ mode: "token",
}),
);
logConfigUpdated(runtime);
- runtime.log(`Auth profile: ${CLAUDE_CLI_PROFILE_ID} (anthropic/oauth)`);
+ runtime.log(`Auth profile: ${profileId} (${provider}/token)`);
}
export async function modelsAuthPasteTokenCommand(
@@ -189,7 +182,7 @@ export async function modelsAuthAddCommand(_opts: Record, runtime
{
value: "setup-token",
label: "setup-token (claude)",
- hint: "Runs `claude setup-token` (recommended)",
+ hint: "Paste a setup-token from `claude setup-token`",
},
]
: []),
diff --git a/src/commands/models/list.status-command.ts b/src/commands/models/list.status-command.ts
index 8aa7015c8..fc29cc5d5 100644
--- a/src/commands/models/list.status-command.ts
+++ b/src/commands/models/list.status-command.ts
@@ -487,7 +487,7 @@ export async function modelsStatusCommand(
for (const provider of missingProvidersInUse) {
const hint =
provider === "anthropic"
- ? `Run \`claude setup-token\` or \`${formatCliCommand("clawdbot configure")}\`.`
+ ? `Run \`claude setup-token\`, then \`${formatCliCommand("clawdbot models auth setup-token")}\` or \`${formatCliCommand("clawdbot configure")}\`.`
: `Run \`${formatCliCommand("clawdbot configure")}\` or set an API key env var.`;
runtime.log(`- ${theme.heading(provider)} ${hint}`);
}
@@ -558,9 +558,7 @@ export async function modelsStatusCommand(
: profile.expiresAt
? ` expires in ${formatRemainingShort(profile.remainingMs)}`
: " expires unknown";
- const source =
- profile.source !== "store" ? colorize(rich, theme.muted, ` (${profile.source})`) : "";
- runtime.log(` - ${label} ${status}${expiry}${source}`);
+ runtime.log(` - ${label} ${status}${expiry}`);
}
}
}
diff --git a/src/commands/onboard-auth.test.ts b/src/commands/onboard-auth.test.ts
index c87f4efeb..35e69fd45 100644
--- a/src/commands/onboard-auth.test.ts
+++ b/src/commands/onboard-auth.test.ts
@@ -154,13 +154,13 @@ describe("applyAuthProfileConfig", () => {
},
},
{
- profileId: "anthropic:claude-cli",
+ profileId: "anthropic:work",
provider: "anthropic",
mode: "oauth",
},
);
- expect(next.auth?.order?.anthropic).toEqual(["anthropic:claude-cli", "anthropic:default"]);
+ expect(next.auth?.order?.anthropic).toEqual(["anthropic:work", "anthropic:default"]);
});
});
diff --git a/src/commands/onboard-non-interactive.gateway.test.ts b/src/commands/onboard-non-interactive.gateway.test.ts
index b5cf45166..a33cc531f 100644
--- a/src/commands/onboard-non-interactive.gateway.test.ts
+++ b/src/commands/onboard-non-interactive.gateway.test.ts
@@ -210,7 +210,7 @@ describe("onboard (non-interactive): gateway and remote auth", () => {
await fs.rm(stateDir, { recursive: true, force: true });
}, 60_000);
- it("auto-enables token auth when binding LAN and persists the token", async () => {
+ it("auto-generates token auth when binding LAN and persists the token", async () => {
if (process.platform === "win32") {
// Windows runner occasionally drops the temp config write in this flow; skip to keep CI green.
return;
@@ -242,7 +242,6 @@ describe("onboard (non-interactive): gateway and remote auth", () => {
installDaemon: false,
gatewayPort: port,
gatewayBind: "lan",
- gatewayAuth: "off",
},
runtime,
);
diff --git a/src/commands/onboard-non-interactive/local/auth-choice.ts b/src/commands/onboard-non-interactive/local/auth-choice.ts
index 02e0a75b9..c5558596a 100644
--- a/src/commands/onboard-non-interactive/local/auth-choice.ts
+++ b/src/commands/onboard-non-interactive/local/auth-choice.ts
@@ -1,9 +1,4 @@
-import {
- CLAUDE_CLI_PROFILE_ID,
- CODEX_CLI_PROFILE_ID,
- ensureAuthProfileStore,
- upsertAuthProfile,
-} from "../../../agents/auth-profiles.js";
+import { upsertAuthProfile } from "../../../agents/auth-profiles.js";
import { normalizeProviderId } from "../../../agents/model-selection.js";
import { parseDurationMs } from "../../../cli/parse-duration.js";
import type { ClawdbotConfig } from "../../../config/config.js";
@@ -36,7 +31,6 @@ import {
setZaiApiKey,
} from "../../onboard-auth.js";
import type { AuthChoice, OnboardOptions } from "../../onboard-types.js";
-import { applyOpenAICodexModelDefault } from "../../openai-codex-model-default.js";
import { resolveNonInteractiveApiKey } from "../api-keys.js";
import { shortenHomePath } from "../../../utils.js";
@@ -50,6 +44,28 @@ export async function applyNonInteractiveAuthChoice(params: {
const { authChoice, opts, runtime, baseConfig } = params;
let nextConfig = params.nextConfig;
+ if (authChoice === "claude-cli" || authChoice === "codex-cli") {
+ runtime.error(
+ [
+ `Auth choice "${authChoice}" is deprecated.`,
+ 'Use "--auth-choice token" (Anthropic setup-token) or "--auth-choice openai-codex".',
+ ].join("\n"),
+ );
+ runtime.exit(1);
+ return null;
+ }
+
+ if (authChoice === "setup-token") {
+ runtime.error(
+ [
+ 'Auth choice "setup-token" requires interactive mode.',
+ 'Use "--auth-choice token" with --token and --token-provider anthropic.',
+ ].join("\n"),
+ );
+ runtime.exit(1);
+ return null;
+ }
+
if (authChoice === "apiKey") {
const resolved = await resolveNonInteractiveApiKey({
provider: "anthropic",
@@ -318,41 +334,6 @@ export async function applyNonInteractiveAuthChoice(params: {
return applyMinimaxApiConfig(nextConfig, modelId);
}
- if (authChoice === "claude-cli") {
- const store = ensureAuthProfileStore(undefined, {
- allowKeychainPrompt: false,
- });
- if (!store.profiles[CLAUDE_CLI_PROFILE_ID]) {
- runtime.error(
- process.platform === "darwin"
- ? 'No Claude Code CLI credentials found. Run interactive onboarding to approve Keychain access for "Claude Code-credentials".'
- : "No Claude Code CLI credentials found at ~/.claude/.credentials.json",
- );
- runtime.exit(1);
- return null;
- }
- return applyAuthProfileConfig(nextConfig, {
- profileId: CLAUDE_CLI_PROFILE_ID,
- provider: "anthropic",
- mode: "oauth",
- });
- }
-
- if (authChoice === "codex-cli") {
- const store = ensureAuthProfileStore();
- if (!store.profiles[CODEX_CLI_PROFILE_ID]) {
- runtime.error("No Codex CLI credentials found at ~/.codex/auth.json");
- runtime.exit(1);
- return null;
- }
- nextConfig = applyAuthProfileConfig(nextConfig, {
- profileId: CODEX_CLI_PROFILE_ID,
- provider: "openai-codex",
- mode: "oauth",
- });
- return applyOpenAICodexModelDefault(nextConfig).next;
- }
-
if (authChoice === "minimax") return applyMinimaxConfig(nextConfig);
if (authChoice === "opencode-zen") {
diff --git a/src/commands/onboard-non-interactive/local/gateway-config.ts b/src/commands/onboard-non-interactive/local/gateway-config.ts
index fedf1ad19..70772fa9f 100644
--- a/src/commands/onboard-non-interactive/local/gateway-config.ts
+++ b/src/commands/onboard-non-interactive/local/gateway-config.ts
@@ -28,16 +28,20 @@ export function applyNonInteractiveGatewayConfig(params: {
const port = hasGatewayPort ? (opts.gatewayPort as number) : params.defaultPort;
let bind = opts.gatewayBind ?? "loopback";
- let authMode = opts.gatewayAuth ?? "token";
+ const authModeRaw = opts.gatewayAuth ?? "token";
+ if (authModeRaw !== "token" && authModeRaw !== "password") {
+ runtime.error("Invalid --gateway-auth (use token|password).");
+ runtime.exit(1);
+ return null;
+ }
+ let authMode = authModeRaw;
const tailscaleMode = opts.tailscale ?? "off";
const tailscaleResetOnExit = Boolean(opts.tailscaleResetOnExit);
// Tighten config to safe combos:
// - If Tailscale is on, force loopback bind (the tunnel handles external access).
- // - If binding beyond loopback, disallow auth=off.
// - If using Tailscale Funnel, require password auth.
if (tailscaleMode !== "off" && bind !== "loopback") bind = "loopback";
- if (authMode === "off" && bind !== "loopback") authMode = "token";
if (tailscaleMode === "funnel" && authMode !== "password") authMode = "password";
let nextConfig = params.nextConfig;
diff --git a/src/commands/onboard-types.ts b/src/commands/onboard-types.ts
index 84c15afc4..aa1d9afe0 100644
--- a/src/commands/onboard-types.ts
+++ b/src/commands/onboard-types.ts
@@ -32,7 +32,7 @@ export type AuthChoice =
| "copilot-proxy"
| "qwen-portal"
| "skip";
-export type GatewayAuthChoice = "off" | "token" | "password";
+export type GatewayAuthChoice = "token" | "password";
export type ResetScope = "config" | "config+creds+sessions" | "full";
export type GatewayBind = "loopback" | "lan" | "auto" | "custom" | "tailnet";
export type TailscaleMode = "off" | "serve" | "funnel";
diff --git a/src/commands/onboard.ts b/src/commands/onboard.ts
index d8618a871..348aca613 100644
--- a/src/commands/onboard.ts
+++ b/src/commands/onboard.ts
@@ -12,9 +12,33 @@ import type { OnboardOptions } from "./onboard-types.js";
export async function onboardCommand(opts: OnboardOptions, runtime: RuntimeEnv = defaultRuntime) {
assertSupportedRuntime(runtime);
const authChoice = opts.authChoice === "oauth" ? ("setup-token" as const) : opts.authChoice;
+ const normalizedAuthChoice =
+ authChoice === "claude-cli"
+ ? ("setup-token" as const)
+ : authChoice === "codex-cli"
+ ? ("openai-codex" as const)
+ : authChoice;
+ if (opts.nonInteractive && (authChoice === "claude-cli" || authChoice === "codex-cli")) {
+ runtime.error(
+ [
+ `Auth choice "${authChoice}" is deprecated.`,
+ 'Use "--auth-choice token" (Anthropic setup-token) or "--auth-choice openai-codex".',
+ ].join("\n"),
+ );
+ runtime.exit(1);
+ return;
+ }
+ if (authChoice === "claude-cli") {
+ runtime.log('Auth choice "claude-cli" is deprecated; using setup-token flow instead.');
+ }
+ if (authChoice === "codex-cli") {
+ runtime.log('Auth choice "codex-cli" is deprecated; using OpenAI Codex OAuth instead.');
+ }
const flow = opts.flow === "manual" ? ("advanced" as const) : opts.flow;
const normalizedOpts =
- authChoice === opts.authChoice && flow === opts.flow ? opts : { ...opts, authChoice, flow };
+ normalizedAuthChoice === opts.authChoice && flow === opts.flow
+ ? opts
+ : { ...opts, authChoice: normalizedAuthChoice, flow };
if (normalizedOpts.nonInteractive && normalizedOpts.acceptRisk !== true) {
runtime.error(
diff --git a/src/config/config.tools-alsoAllow.test.ts b/src/config/config.tools-alsoAllow.test.ts
new file mode 100644
index 000000000..aea4f02d9
--- /dev/null
+++ b/src/config/config.tools-alsoAllow.test.ts
@@ -0,0 +1,53 @@
+import { describe, expect, it } from "vitest";
+
+import { validateConfigObject } from "./validation.js";
+
+// NOTE: These tests ensure allow + alsoAllow cannot be set in the same scope.
+
+describe("config: tools.alsoAllow", () => {
+ it("rejects tools.allow + tools.alsoAllow together", () => {
+ const res = validateConfigObject({
+ tools: {
+ allow: ["group:fs"],
+ alsoAllow: ["lobster"],
+ },
+ });
+
+ expect(res.ok).toBe(false);
+ if (!res.ok) {
+ expect(res.issues.some((i) => i.path === "tools")).toBe(true);
+ }
+ });
+
+ it("rejects agents.list[].tools.allow + alsoAllow together", () => {
+ const res = validateConfigObject({
+ agents: {
+ list: [
+ {
+ id: "main",
+ tools: {
+ allow: ["group:fs"],
+ alsoAllow: ["lobster"],
+ },
+ },
+ ],
+ },
+ });
+
+ expect(res.ok).toBe(false);
+ if (!res.ok) {
+ expect(res.issues.some((i) => i.path.includes("agents.list"))).toBe(true);
+ }
+ });
+
+ it("allows profile + alsoAllow", () => {
+ const res = validateConfigObject({
+ tools: {
+ profile: "coding",
+ alsoAllow: ["lobster"],
+ },
+ });
+
+ expect(res.ok).toBe(true);
+ });
+});
diff --git a/src/config/legacy.migrations.part-3.ts b/src/config/legacy.migrations.part-3.ts
index 9db9e3ede..21589e4fa 100644
--- a/src/config/legacy.migrations.part-3.ts
+++ b/src/config/legacy.migrations.part-3.ts
@@ -9,6 +9,10 @@ import {
resolveDefaultAgentIdFromRaw,
} from "./legacy.shared.js";
+// NOTE: tools.alsoAllow was introduced after legacy migrations; no legacy migration needed.
+
+// tools.alsoAllow legacy migration intentionally omitted (field not shipped in prod).
+
export const LEGACY_CONFIG_MIGRATIONS_PART_3: LegacyConfigMigration[] = [
{
id: "auth.anthropic-claude-cli-mode-oauth",
@@ -24,6 +28,7 @@ export const LEGACY_CONFIG_MIGRATIONS_PART_3: LegacyConfigMigration[] = [
changes.push('Updated auth.profiles["anthropic:claude-cli"].mode → "oauth".');
},
},
+ // tools.alsoAllow migration removed (field not shipped in prod; enforce via schema instead).
{
id: "tools.bash->tools.exec",
describe: "Move tools.bash to tools.exec",
diff --git a/src/config/schema.ts b/src/config/schema.ts
index bb8d8c0bb..3261b5170 100644
--- a/src/config/schema.ts
+++ b/src/config/schema.ts
@@ -165,7 +165,9 @@ const FIELD_LABELS: Record = {
"tools.links.models": "Link Understanding Models",
"tools.links.scope": "Link Understanding Scope",
"tools.profile": "Tool Profile",
+ "tools.alsoAllow": "Tool Allowlist Additions",
"agents.list[].tools.profile": "Agent Tool Profile",
+ "agents.list[].tools.alsoAllow": "Agent Tool Allowlist Additions",
"tools.byProvider": "Tool Policy by Provider",
"agents.list[].tools.byProvider": "Agent Tool Policy by Provider",
"tools.exec.applyPatch.enabled": "Enable apply_patch",
@@ -199,6 +201,7 @@ const FIELD_LABELS: Record = {
"tools.web.fetch.userAgent": "Web Fetch User-Agent",
"gateway.controlUi.basePath": "Control UI Base Path",
"gateway.controlUi.allowInsecureAuth": "Allow Insecure Control UI Auth",
+ "gateway.controlUi.dangerouslyDisableDeviceAuth": "Dangerously Disable Control UI Device Auth",
"gateway.http.endpoints.chatCompletions.enabled": "OpenAI Chat Completions Endpoint",
"gateway.reload.mode": "Config Reload Mode",
"gateway.reload.debounceMs": "Config Reload Debounce (ms)",
@@ -307,6 +310,7 @@ const FIELD_LABELS: Record = {
"channels.telegram.retry.minDelayMs": "Telegram Retry Min Delay (ms)",
"channels.telegram.retry.maxDelayMs": "Telegram Retry Max Delay (ms)",
"channels.telegram.retry.jitter": "Telegram Retry Jitter",
+ "channels.telegram.network.autoSelectFamily": "Telegram autoSelectFamily",
"channels.telegram.timeoutSeconds": "Telegram API Timeout (seconds)",
"channels.telegram.capabilities.inlineButtons": "Telegram Inline Buttons",
"channels.whatsapp.dmPolicy": "WhatsApp DM Policy",
@@ -321,6 +325,8 @@ const FIELD_LABELS: Record = {
"channels.discord.retry.maxDelayMs": "Discord Retry Max Delay (ms)",
"channels.discord.retry.jitter": "Discord Retry Jitter",
"channels.discord.maxLinesPerMessage": "Discord Max Lines Per Message",
+ "channels.discord.intents.presence": "Discord Presence Intent",
+ "channels.discord.intents.guildMembers": "Discord Guild Members Intent",
"channels.slack.dm.policy": "Slack DM Policy",
"channels.slack.allowBots": "Slack Allow Bot Messages",
"channels.discord.token": "Discord Bot Token",
@@ -338,6 +344,7 @@ const FIELD_LABELS: Record = {
"channels.signal.account": "Signal Account",
"channels.imessage.cliPath": "iMessage CLI Path",
"agents.list[].identity.avatar": "Agent Avatar",
+ "discovery.mdns.mode": "mDNS Discovery Mode",
"plugins.enabled": "Enable Plugins",
"plugins.allow": "Plugin Allowlist",
"plugins.deny": "Plugin Denylist",
@@ -369,12 +376,17 @@ const FIELD_HELP: Record = {
"gateway.remote.sshIdentity": "Optional SSH identity file path (passed to ssh -i).",
"agents.list[].identity.avatar":
"Avatar image path (relative to the agent workspace only) or a remote URL/data URL.",
- "gateway.auth.token": "Recommended for all gateways; required for non-loopback binds.",
+ "discovery.mdns.mode":
+ 'mDNS broadcast mode ("minimal" default, "full" includes cliPath/sshPort, "off" disables mDNS).',
+ "gateway.auth.token":
+ "Required by default for gateway access (unless using Tailscale Serve identity); required for non-loopback binds.",
"gateway.auth.password": "Required for Tailscale funnel.",
"gateway.controlUi.basePath":
"Optional URL prefix where the Control UI is served (e.g. /clawdbot).",
"gateway.controlUi.allowInsecureAuth":
"Allow Control UI auth over insecure HTTP (token-only; not recommended).",
+ "gateway.controlUi.dangerouslyDisableDeviceAuth":
+ "DANGEROUS. Disable Control UI device identity checks (token/password only).",
"gateway.http.endpoints.chatCompletions.enabled":
"Enable the OpenAI-compatible `POST /v1/chat/completions` endpoint (default: false).",
"gateway.reload.mode": 'Hot reload strategy for config changes ("hybrid" recommended).',
@@ -632,6 +644,8 @@ const FIELD_HELP: Record = {
"channels.telegram.retry.maxDelayMs":
"Maximum retry delay cap in ms for Telegram outbound calls.",
"channels.telegram.retry.jitter": "Jitter factor (0-1) applied to Telegram retry delays.",
+ "channels.telegram.network.autoSelectFamily":
+ "Override Node autoSelectFamily for Telegram (true=enable, false=disable).",
"channels.telegram.timeoutSeconds":
"Max seconds before Telegram API requests are aborted (default: 500 per grammY).",
"channels.whatsapp.dmPolicy":
@@ -653,6 +667,10 @@ const FIELD_HELP: Record = {
"channels.discord.retry.maxDelayMs": "Maximum retry delay cap in ms for Discord outbound calls.",
"channels.discord.retry.jitter": "Jitter factor (0-1) applied to Discord retry delays.",
"channels.discord.maxLinesPerMessage": "Soft max line count per Discord message (default: 17).",
+ "channels.discord.intents.presence":
+ "Enable the Guild Presences privileged intent. Must also be enabled in the Discord Developer Portal. Allows tracking user activities (e.g. Spotify). Default: false.",
+ "channels.discord.intents.guildMembers":
+ "Enable the Guild Members privileged intent. Must also be enabled in the Discord Developer Portal. Default: false.",
"channels.slack.dm.policy":
'Direct message access control ("pairing" recommended). "open" requires channels.slack.dm.allowFrom=["*"].',
};
diff --git a/src/config/types.agent-defaults.ts b/src/config/types.agent-defaults.ts
index 2a42d3623..9c6ce0211 100644
--- a/src/config/types.agent-defaults.ts
+++ b/src/config/types.agent-defaults.ts
@@ -244,6 +244,8 @@ export type AgentCompactionConfig = {
mode?: AgentCompactionMode;
/** Minimum reserve tokens enforced for Pi compaction (0 disables the floor). */
reserveTokensFloor?: number;
+ /** Max share of context window for history during safeguard pruning (0.1–0.9, default 0.5). */
+ maxHistoryShare?: number;
/** Pre-compaction memory flush (agentic turn). Default: enabled. */
memoryFlush?: AgentCompactionMemoryFlushConfig;
};
diff --git a/src/config/types.discord.ts b/src/config/types.discord.ts
index 071d6e6a7..70ea5f1fb 100644
--- a/src/config/types.discord.ts
+++ b/src/config/types.discord.ts
@@ -72,6 +72,13 @@ export type DiscordActionConfig = {
channels?: boolean;
};
+export type DiscordIntentsConfig = {
+ /** Enable Guild Presences privileged intent (requires Portal opt-in). Default: false. */
+ presence?: boolean;
+ /** Enable Guild Members privileged intent (requires Portal opt-in). Default: false. */
+ guildMembers?: boolean;
+};
+
export type DiscordExecApprovalConfig = {
/** Enable exec approval forwarding to Discord DMs. Default: false. */
enabled?: boolean;
@@ -139,6 +146,8 @@ export type DiscordAccountConfig = {
heartbeat?: ChannelHeartbeatVisibilityConfig;
/** Exec approval forwarding configuration. */
execApprovals?: DiscordExecApprovalConfig;
+ /** Privileged Gateway Intents (must also be enabled in Discord Developer Portal). */
+ intents?: DiscordIntentsConfig;
};
export type DiscordConfig = {
diff --git a/src/config/types.gateway.ts b/src/config/types.gateway.ts
index 61c0d6f06..d80b721ec 100644
--- a/src/config/types.gateway.ts
+++ b/src/config/types.gateway.ts
@@ -17,8 +17,21 @@ export type WideAreaDiscoveryConfig = {
enabled?: boolean;
};
+export type MdnsDiscoveryMode = "off" | "minimal" | "full";
+
+export type MdnsDiscoveryConfig = {
+ /**
+ * mDNS/Bonjour discovery broadcast mode (default: minimal).
+ * - off: disable mDNS entirely
+ * - minimal: omit cliPath/sshPort from TXT records
+ * - full: include cliPath/sshPort in TXT records
+ */
+ mode?: MdnsDiscoveryMode;
+};
+
export type DiscoveryConfig = {
wideArea?: WideAreaDiscoveryConfig;
+ mdns?: MdnsDiscoveryConfig;
};
export type CanvasHostConfig = {
@@ -53,6 +66,8 @@ export type GatewayControlUiConfig = {
basePath?: string;
/** Allow token-only auth over insecure HTTP (default: false). */
allowInsecureAuth?: boolean;
+ /** DANGEROUS: Disable device identity checks for the Control UI (default: false). */
+ dangerouslyDisableDeviceAuth?: boolean;
};
export type GatewayAuthMode = "token" | "password";
diff --git a/src/config/types.hooks.ts b/src/config/types.hooks.ts
index e798ae6da..7ca74605a 100644
--- a/src/config/types.hooks.ts
+++ b/src/config/types.hooks.ts
@@ -18,6 +18,8 @@ export type HookMappingConfig = {
messageTemplate?: string;
textTemplate?: string;
deliver?: boolean;
+ /** DANGEROUS: Disable external content safety wrapping for this hook. */
+ allowUnsafeExternalContent?: boolean;
channel?:
| "last"
| "whatsapp"
@@ -48,6 +50,8 @@ export type HooksGmailConfig = {
includeBody?: boolean;
maxBytes?: number;
renewEveryMinutes?: number;
+ /** DANGEROUS: Disable external content safety wrapping for Gmail hooks. */
+ allowUnsafeExternalContent?: boolean;
serve?: {
bind?: string;
port?: number;
diff --git a/src/config/types.telegram.ts b/src/config/types.telegram.ts
index 5d0b80e25..fa9e2890a 100644
--- a/src/config/types.telegram.ts
+++ b/src/config/types.telegram.ts
@@ -15,6 +15,12 @@ export type TelegramActionConfig = {
reactions?: boolean;
sendMessage?: boolean;
deleteMessage?: boolean;
+ editMessage?: boolean;
+};
+
+export type TelegramNetworkConfig = {
+ /** Override Node's autoSelectFamily behavior (true = enable, false = disable). */
+ autoSelectFamily?: boolean;
};
export type TelegramInlineButtonsScope = "off" | "dm" | "group" | "all" | "allowlist";
@@ -95,6 +101,8 @@ export type TelegramAccountConfig = {
timeoutSeconds?: number;
/** Retry policy for outbound Telegram API calls. */
retry?: OutboundRetryConfig;
+ /** Network transport overrides for Telegram. */
+ network?: TelegramNetworkConfig;
proxy?: string;
webhookUrl?: string;
webhookSecret?: string;
diff --git a/src/config/types.tools.ts b/src/config/types.tools.ts
index ad7f69d85..d84dd1aa7 100644
--- a/src/config/types.tools.ts
+++ b/src/config/types.tools.ts
@@ -140,12 +140,21 @@ export type ToolProfileId = "minimal" | "coding" | "messaging" | "full";
export type ToolPolicyConfig = {
allow?: string[];
+ /**
+ * Additional allowlist entries merged into the effective allowlist.
+ *
+ * Intended for additive configuration (e.g., "also allow lobster") without forcing
+ * users to replace/duplicate an existing allowlist or profile.
+ */
+ alsoAllow?: string[];
deny?: string[];
profile?: ToolProfileId;
};
export type GroupToolPolicyConfig = {
allow?: string[];
+ /** Additional allowlist entries merged into allow. */
+ alsoAllow?: string[];
deny?: string[];
};
@@ -188,6 +197,8 @@ export type AgentToolsConfig = {
/** Base tool profile applied before allow/deny lists. */
profile?: ToolProfileId;
allow?: string[];
+ /** Additional allowlist entries merged into allow and/or profile allowlist. */
+ alsoAllow?: string[];
deny?: string[];
/** Optional tool policy overrides keyed by provider id or "provider/model". */
byProvider?: Record;
@@ -312,6 +323,8 @@ export type ToolsConfig = {
/** Base tool profile applied before allow/deny lists. */
profile?: ToolProfileId;
allow?: string[];
+ /** Additional allowlist entries merged into allow and/or profile allowlist. */
+ alsoAllow?: string[];
deny?: string[];
/** Optional tool policy overrides keyed by provider id or "provider/model". */
byProvider?: Record;
diff --git a/src/config/zod-schema.agent-defaults.ts b/src/config/zod-schema.agent-defaults.ts
index c4b8a8f2c..a849078ed 100644
--- a/src/config/zod-schema.agent-defaults.ts
+++ b/src/config/zod-schema.agent-defaults.ts
@@ -90,6 +90,7 @@ export const AgentDefaultsSchema = z
.object({
mode: z.union([z.literal("default"), z.literal("safeguard")]).optional(),
reserveTokensFloor: z.number().int().nonnegative().optional(),
+ maxHistoryShare: z.number().min(0.1).max(0.9).optional(),
memoryFlush: z
.object({
enabled: z.boolean().optional(),
diff --git a/src/config/zod-schema.agent-runtime.ts b/src/config/zod-schema.agent-runtime.ts
index c733dcfa9..b5a03a3ea 100644
--- a/src/config/zod-schema.agent-runtime.ts
+++ b/src/config/zod-schema.agent-runtime.ts
@@ -147,13 +147,23 @@ export const SandboxPruneSchema = z
.strict()
.optional();
-export const ToolPolicySchema = z
+const ToolPolicyBaseSchema = z
.object({
allow: z.array(z.string()).optional(),
+ alsoAllow: z.array(z.string()).optional(),
deny: z.array(z.string()).optional(),
})
- .strict()
- .optional();
+ .strict();
+
+export const ToolPolicySchema = ToolPolicyBaseSchema.superRefine((value, ctx) => {
+ if (value.allow && value.allow.length > 0 && value.alsoAllow && value.alsoAllow.length > 0) {
+ ctx.addIssue({
+ code: z.ZodIssueCode.custom,
+ message:
+ "tools policy cannot set both allow and alsoAllow in the same scope (merge alsoAllow into allow, or remove allow and use profile + alsoAllow)",
+ });
+ }
+}).optional();
export const ToolsWebSearchSchema = z
.object({
@@ -202,10 +212,20 @@ export const ToolProfileSchema = z
export const ToolPolicyWithProfileSchema = z
.object({
allow: z.array(z.string()).optional(),
+ alsoAllow: z.array(z.string()).optional(),
deny: z.array(z.string()).optional(),
profile: ToolProfileSchema,
})
- .strict();
+ .strict()
+ .superRefine((value, ctx) => {
+ if (value.allow && value.allow.length > 0 && value.alsoAllow && value.alsoAllow.length > 0) {
+ ctx.addIssue({
+ code: z.ZodIssueCode.custom,
+ message:
+ "tools.byProvider policy cannot set both allow and alsoAllow in the same scope (merge alsoAllow into allow, or remove allow and use profile + alsoAllow)",
+ });
+ }
+ });
// Provider docking: allowlists keyed by provider id (no schema updates when adding providers).
export const ElevatedAllowFromSchema = z
@@ -231,6 +251,7 @@ export const AgentToolsSchema = z
.object({
profile: ToolProfileSchema,
allow: z.array(z.string()).optional(),
+ alsoAllow: z.array(z.string()).optional(),
deny: z.array(z.string()).optional(),
byProvider: z.record(z.string(), ToolPolicyWithProfileSchema).optional(),
elevated: z
@@ -271,6 +292,15 @@ export const AgentToolsSchema = z
.optional(),
})
.strict()
+ .superRefine((value, ctx) => {
+ if (value.allow && value.allow.length > 0 && value.alsoAllow && value.alsoAllow.length > 0) {
+ ctx.addIssue({
+ code: z.ZodIssueCode.custom,
+ message:
+ "agent tools cannot set both allow and alsoAllow in the same scope (merge alsoAllow into allow, or remove allow and use profile + alsoAllow)",
+ });
+ }
+ })
.optional();
export const MemorySearchSchema = z
@@ -425,6 +455,7 @@ export const ToolsSchema = z
.object({
profile: ToolProfileSchema,
allow: z.array(z.string()).optional(),
+ alsoAllow: z.array(z.string()).optional(),
deny: z.array(z.string()).optional(),
byProvider: z.record(z.string(), ToolPolicyWithProfileSchema).optional(),
web: ToolsWebSchema,
@@ -507,4 +538,13 @@ export const ToolsSchema = z
.optional(),
})
.strict()
+ .superRefine((value, ctx) => {
+ if (value.allow && value.allow.length > 0 && value.alsoAllow && value.alsoAllow.length > 0) {
+ ctx.addIssue({
+ code: z.ZodIssueCode.custom,
+ message:
+ "tools cannot set both allow and alsoAllow in the same scope (merge alsoAllow into allow, or remove allow and use profile + alsoAllow)",
+ });
+ }
+ })
.optional();
diff --git a/src/config/zod-schema.hooks.ts b/src/config/zod-schema.hooks.ts
index 140e861dd..35e74f7af 100644
--- a/src/config/zod-schema.hooks.ts
+++ b/src/config/zod-schema.hooks.ts
@@ -16,6 +16,7 @@ export const HookMappingSchema = z
messageTemplate: z.string().optional(),
textTemplate: z.string().optional(),
deliver: z.boolean().optional(),
+ allowUnsafeExternalContent: z.boolean().optional(),
channel: z
.union([
z.literal("last"),
@@ -97,6 +98,7 @@ export const HooksGmailSchema = z
includeBody: z.boolean().optional(),
maxBytes: z.number().int().positive().optional(),
renewEveryMinutes: z.number().int().positive().optional(),
+ allowUnsafeExternalContent: z.boolean().optional(),
serve: z
.object({
bind: z.string().optional(),
diff --git a/src/config/zod-schema.providers-core.ts b/src/config/zod-schema.providers-core.ts
index 4b1b9338a..26e279faf 100644
--- a/src/config/zod-schema.providers-core.ts
+++ b/src/config/zod-schema.providers-core.ts
@@ -110,6 +110,12 @@ export const TelegramAccountSchemaBase = z
mediaMaxMb: z.number().positive().optional(),
timeoutSeconds: z.number().int().positive().optional(),
retry: RetryConfigSchema,
+ network: z
+ .object({
+ autoSelectFamily: z.boolean().optional(),
+ })
+ .strict()
+ .optional(),
proxy: z.string().optional(),
webhookUrl: z.string().optional(),
webhookSecret: z.string().optional(),
@@ -256,6 +262,13 @@ export const DiscordAccountSchema = z
})
.strict()
.optional(),
+ intents: z
+ .object({
+ presence: z.boolean().optional(),
+ guildMembers: z.boolean().optional(),
+ })
+ .strict()
+ .optional(),
})
.strict();
diff --git a/src/config/zod-schema.ts b/src/config/zod-schema.ts
index b3d157355..f39b001fa 100644
--- a/src/config/zod-schema.ts
+++ b/src/config/zod-schema.ts
@@ -272,6 +272,12 @@ export const ClawdbotSchema = z
})
.strict()
.optional(),
+ mdns: z
+ .object({
+ mode: z.enum(["off", "minimal", "full"]).optional(),
+ })
+ .strict()
+ .optional(),
})
.strict()
.optional(),
@@ -313,6 +319,7 @@ export const ClawdbotSchema = z
enabled: z.boolean().optional(),
basePath: z.string().optional(),
allowInsecureAuth: z.boolean().optional(),
+ dangerouslyDisableDeviceAuth: z.boolean().optional(),
})
.strict()
.optional(),
diff --git a/src/cron/isolated-agent.uses-last-non-empty-agent-text-as.test.ts b/src/cron/isolated-agent.uses-last-non-empty-agent-text-as.test.ts
index 90a4e64b8..b6c1196b4 100644
--- a/src/cron/isolated-agent.uses-last-non-empty-agent-text-as.test.ts
+++ b/src/cron/isolated-agent.uses-last-non-empty-agent-text-as.test.ts
@@ -308,6 +308,80 @@ describe("runCronIsolatedAgentTurn", () => {
});
});
+ it("wraps external hook content by default", async () => {
+ await withTempHome(async (home) => {
+ const storePath = await writeSessionStore(home);
+ const deps: CliDeps = {
+ sendMessageWhatsApp: vi.fn(),
+ sendMessageTelegram: vi.fn(),
+ sendMessageDiscord: vi.fn(),
+ sendMessageSignal: vi.fn(),
+ sendMessageIMessage: vi.fn(),
+ };
+ vi.mocked(runEmbeddedPiAgent).mockResolvedValue({
+ payloads: [{ text: "ok" }],
+ meta: {
+ durationMs: 5,
+ agentMeta: { sessionId: "s", provider: "p", model: "m" },
+ },
+ });
+
+ const res = await runCronIsolatedAgentTurn({
+ cfg: makeCfg(home, storePath),
+ deps,
+ job: makeJob({ kind: "agentTurn", message: "Hello" }),
+ message: "Hello",
+ sessionKey: "hook:gmail:msg-1",
+ lane: "cron",
+ });
+
+ expect(res.status).toBe("ok");
+ const call = vi.mocked(runEmbeddedPiAgent).mock.calls[0]?.[0] as { prompt?: string };
+ expect(call?.prompt).toContain("EXTERNAL, UNTRUSTED");
+ expect(call?.prompt).toContain("Hello");
+ });
+ });
+
+ it("skips external content wrapping when hooks.gmail opts out", async () => {
+ await withTempHome(async (home) => {
+ const storePath = await writeSessionStore(home);
+ const deps: CliDeps = {
+ sendMessageWhatsApp: vi.fn(),
+ sendMessageTelegram: vi.fn(),
+ sendMessageDiscord: vi.fn(),
+ sendMessageSignal: vi.fn(),
+ sendMessageIMessage: vi.fn(),
+ };
+ vi.mocked(runEmbeddedPiAgent).mockResolvedValue({
+ payloads: [{ text: "ok" }],
+ meta: {
+ durationMs: 5,
+ agentMeta: { sessionId: "s", provider: "p", model: "m" },
+ },
+ });
+
+ const res = await runCronIsolatedAgentTurn({
+ cfg: makeCfg(home, storePath, {
+ hooks: {
+ gmail: {
+ allowUnsafeExternalContent: true,
+ },
+ },
+ }),
+ deps,
+ job: makeJob({ kind: "agentTurn", message: "Hello" }),
+ message: "Hello",
+ sessionKey: "hook:gmail:msg-2",
+ lane: "cron",
+ });
+
+ expect(res.status).toBe("ok");
+ const call = vi.mocked(runEmbeddedPiAgent).mock.calls[0]?.[0] as { prompt?: string };
+ expect(call?.prompt).not.toContain("EXTERNAL, UNTRUSTED");
+ expect(call?.prompt).toContain("Hello");
+ });
+ });
+
it("ignores hooks.gmail.model when not in the allowlist", async () => {
await withTempHome(async (home) => {
const storePath = await writeSessionStore(home);
diff --git a/src/cron/isolated-agent/run.ts b/src/cron/isolated-agent/run.ts
index bab060438..2840cb50f 100644
--- a/src/cron/isolated-agent/run.ts
+++ b/src/cron/isolated-agent/run.ts
@@ -44,6 +44,13 @@ import { registerAgentRunContext } from "../../infra/agent-events.js";
import { deliverOutboundPayloads } from "../../infra/outbound/deliver.js";
import { getRemoteSkillEligibility } from "../../infra/skills-remote.js";
import { buildAgentMainSessionKey, normalizeAgentId } from "../../routing/session-key.js";
+import {
+ buildSafeExternalPrompt,
+ detectSuspiciousPatterns,
+ getHookType,
+ isExternalHookSession,
+} from "../../security/external-content.js";
+import { logWarn } from "../../logger.js";
import type { CronJob } from "../types.js";
import { resolveDeliveryTarget } from "./delivery-target.js";
import {
@@ -230,13 +237,50 @@ export async function runCronIsolatedAgentTurn(params: {
to: agentPayload?.to,
});
- const base = `[cron:${params.job.id} ${params.job.name}] ${params.message}`.trim();
const userTimezone = resolveUserTimezone(params.cfg.agents?.defaults?.userTimezone);
const userTimeFormat = resolveUserTimeFormat(params.cfg.agents?.defaults?.timeFormat);
const formattedTime =
formatUserTime(new Date(now), userTimezone, userTimeFormat) ?? new Date(now).toISOString();
const timeLine = `Current time: ${formattedTime} (${userTimezone})`;
- const commandBody = `${base}\n${timeLine}`.trim();
+ const base = `[cron:${params.job.id} ${params.job.name}] ${params.message}`.trim();
+
+ // SECURITY: Wrap external hook content with security boundaries to prevent prompt injection
+ // unless explicitly allowed via a dangerous config override.
+ const isExternalHook = isExternalHookSession(baseSessionKey);
+ const allowUnsafeExternalContent =
+ agentPayload?.allowUnsafeExternalContent === true ||
+ (isGmailHook && params.cfg.hooks?.gmail?.allowUnsafeExternalContent === true);
+ const shouldWrapExternal = isExternalHook && !allowUnsafeExternalContent;
+ let commandBody: string;
+
+ if (isExternalHook) {
+ // Log suspicious patterns for security monitoring
+ const suspiciousPatterns = detectSuspiciousPatterns(params.message);
+ if (suspiciousPatterns.length > 0) {
+ logWarn(
+ `[security] Suspicious patterns detected in external hook content ` +
+ `(session=${baseSessionKey}, patterns=${suspiciousPatterns.length}): ` +
+ `${suspiciousPatterns.slice(0, 3).join(", ")}`,
+ );
+ }
+ }
+
+ if (shouldWrapExternal) {
+ // Wrap external content with security boundaries
+ const hookType = getHookType(baseSessionKey);
+ const safeContent = buildSafeExternalPrompt({
+ content: params.message,
+ source: hookType,
+ jobName: params.job.name,
+ jobId: params.job.id,
+ timestamp: formattedTime,
+ });
+
+ commandBody = `${safeContent}\n\n${timeLine}`.trim();
+ } else {
+ // Internal/trusted source - use original format
+ commandBody = `${base}\n${timeLine}`.trim();
+ }
const existingSnapshot = cronSession.sessionEntry.skillsSnapshot;
const skillsSnapshotVersion = getSkillsSnapshotVersion(workspaceDir);
diff --git a/src/cron/types.ts b/src/cron/types.ts
index 9fc64588f..f3fd891d6 100644
--- a/src/cron/types.ts
+++ b/src/cron/types.ts
@@ -19,6 +19,7 @@ export type CronPayload =
model?: string;
thinking?: string;
timeoutSeconds?: number;
+ allowUnsafeExternalContent?: boolean;
deliver?: boolean;
channel?: CronMessageChannel;
to?: string;
@@ -33,6 +34,7 @@ export type CronPayloadPatch =
model?: string;
thinking?: string;
timeoutSeconds?: number;
+ allowUnsafeExternalContent?: boolean;
deliver?: boolean;
channel?: CronMessageChannel;
to?: string;
diff --git a/src/discord/monitor.slash.test.ts b/src/discord/monitor.slash.test.ts
index a6c43087d..d5488cb98 100644
--- a/src/discord/monitor.slash.test.ts
+++ b/src/discord/monitor.slash.test.ts
@@ -16,6 +16,7 @@ vi.mock("@buape/carbon", () => ({
MessageCreateListener: class {},
MessageReactionAddListener: class {},
MessageReactionRemoveListener: class {},
+ PresenceUpdateListener: class {},
Row: class {
constructor(_components: unknown[]) {}
},
diff --git a/src/discord/monitor/listeners.ts b/src/discord/monitor/listeners.ts
index 0eb5e2e8e..770ae6d6c 100644
--- a/src/discord/monitor/listeners.ts
+++ b/src/discord/monitor/listeners.ts
@@ -4,11 +4,13 @@ import {
MessageCreateListener,
MessageReactionAddListener,
MessageReactionRemoveListener,
+ PresenceUpdateListener,
} from "@buape/carbon";
import { danger } from "../../globals.js";
import { formatDurationSeconds } from "../../infra/format-duration.js";
import { enqueueSystemEvent } from "../../infra/system-events.js";
+import { setPresence } from "./presence-cache.js";
import { createSubsystemLogger } from "../../logging/subsystem.js";
import { resolveAgentRoute } from "../../routing/resolve-route.js";
import {
@@ -269,3 +271,34 @@ async function handleDiscordReactionEvent(params: {
params.logger.error(danger(`discord reaction handler failed: ${String(err)}`));
}
}
+
+type PresenceUpdateEvent = Parameters[0];
+
+export class DiscordPresenceListener extends PresenceUpdateListener {
+ private logger?: Logger;
+ private accountId?: string;
+
+ constructor(params: { logger?: Logger; accountId?: string }) {
+ super();
+ this.logger = params.logger;
+ this.accountId = params.accountId;
+ }
+
+ async handle(data: PresenceUpdateEvent) {
+ try {
+ const userId =
+ "user" in data && data.user && typeof data.user === "object" && "id" in data.user
+ ? String(data.user.id)
+ : undefined;
+ if (!userId) return;
+ setPresence(
+ this.accountId,
+ userId,
+ data as import("discord-api-types/v10").GatewayPresenceUpdate,
+ );
+ } catch (err) {
+ const logger = this.logger ?? discordEventQueueLog;
+ logger.error(danger(`discord presence handler failed: ${String(err)}`));
+ }
+ }
+}
diff --git a/src/discord/monitor/native-command.ts b/src/discord/monitor/native-command.ts
index 75c9b3b2b..2340da2da 100644
--- a/src/discord/monitor/native-command.ts
+++ b/src/discord/monitor/native-command.ts
@@ -93,16 +93,18 @@ function buildDiscordCommandOptions(params: {
typeof focused?.value === "string" ? focused.value.trim().toLowerCase() : "";
const choices = resolveCommandArgChoices({ command, arg, cfg });
const filtered = focusValue
- ? choices.filter((choice) => choice.toLowerCase().includes(focusValue))
+ ? choices.filter((choice) => choice.label.toLowerCase().includes(focusValue))
: choices;
await interaction.respond(
- filtered.slice(0, 25).map((choice) => ({ name: choice, value: choice })),
+ filtered.slice(0, 25).map((choice) => ({ name: choice.label, value: choice.value })),
);
}
: undefined;
const choices =
resolvedChoices.length > 0 && !autocomplete
- ? resolvedChoices.slice(0, 25).map((choice) => ({ name: choice, value: choice }))
+ ? resolvedChoices
+ .slice(0, 25)
+ .map((choice) => ({ name: choice.label, value: choice.value }))
: undefined;
return {
name: arg.name,
@@ -351,7 +353,11 @@ export function createDiscordCommandArgFallbackButton(params: DiscordCommandArgC
function buildDiscordCommandArgMenu(params: {
command: ChatCommandDefinition;
- menu: { arg: CommandArgDefinition; choices: string[]; title?: string };
+ menu: {
+ arg: CommandArgDefinition;
+ choices: Array<{ value: string; label: string }>;
+ title?: string;
+ };
interaction: CommandInteraction;
cfg: ReturnType;
discordConfig: DiscordConfig;
@@ -365,11 +371,11 @@ function buildDiscordCommandArgMenu(params: {
const buttons = choices.map(
(choice) =>
new DiscordCommandArgButton({
- label: choice,
+ label: choice.label,
customId: buildDiscordCommandArgCustomId({
command: commandLabel,
arg: menu.arg.name,
- value: choice,
+ value: choice.value,
userId,
}),
cfg: params.cfg,
diff --git a/src/discord/monitor/presence-cache.test.ts b/src/discord/monitor/presence-cache.test.ts
new file mode 100644
index 000000000..007d0548a
--- /dev/null
+++ b/src/discord/monitor/presence-cache.test.ts
@@ -0,0 +1,34 @@
+import { beforeEach, describe, expect, it } from "vitest";
+import type { GatewayPresenceUpdate } from "discord-api-types/v10";
+import { clearPresences, getPresence, presenceCacheSize, setPresence } from "./presence-cache.js";
+
+describe("presence-cache", () => {
+ beforeEach(() => {
+ clearPresences();
+ });
+
+ it("scopes presence entries by account", () => {
+ const presenceA = { status: "online" } as GatewayPresenceUpdate;
+ const presenceB = { status: "idle" } as GatewayPresenceUpdate;
+
+ setPresence("account-a", "user-1", presenceA);
+ setPresence("account-b", "user-1", presenceB);
+
+ expect(getPresence("account-a", "user-1")).toBe(presenceA);
+ expect(getPresence("account-b", "user-1")).toBe(presenceB);
+ expect(getPresence("account-a", "user-2")).toBeUndefined();
+ });
+
+ it("clears presence per account", () => {
+ const presence = { status: "dnd" } as GatewayPresenceUpdate;
+
+ setPresence("account-a", "user-1", presence);
+ setPresence("account-b", "user-2", presence);
+
+ clearPresences("account-a");
+
+ expect(getPresence("account-a", "user-1")).toBeUndefined();
+ expect(getPresence("account-b", "user-2")).toBe(presence);
+ expect(presenceCacheSize()).toBe(1);
+ });
+});
diff --git a/src/discord/monitor/presence-cache.ts b/src/discord/monitor/presence-cache.ts
new file mode 100644
index 000000000..e112297e8
--- /dev/null
+++ b/src/discord/monitor/presence-cache.ts
@@ -0,0 +1,52 @@
+import type { GatewayPresenceUpdate } from "discord-api-types/v10";
+
+/**
+ * In-memory cache of Discord user presence data.
+ * Populated by PRESENCE_UPDATE gateway events when the GuildPresences intent is enabled.
+ */
+const presenceCache = new Map>();
+
+function resolveAccountKey(accountId?: string): string {
+ return accountId ?? "default";
+}
+
+/** Update cached presence for a user. */
+export function setPresence(
+ accountId: string | undefined,
+ userId: string,
+ data: GatewayPresenceUpdate,
+): void {
+ const accountKey = resolveAccountKey(accountId);
+ let accountCache = presenceCache.get(accountKey);
+ if (!accountCache) {
+ accountCache = new Map();
+ presenceCache.set(accountKey, accountCache);
+ }
+ accountCache.set(userId, data);
+}
+
+/** Get cached presence for a user. Returns undefined if not cached. */
+export function getPresence(
+ accountId: string | undefined,
+ userId: string,
+): GatewayPresenceUpdate | undefined {
+ return presenceCache.get(resolveAccountKey(accountId))?.get(userId);
+}
+
+/** Clear cached presence data. */
+export function clearPresences(accountId?: string): void {
+ if (accountId) {
+ presenceCache.delete(resolveAccountKey(accountId));
+ return;
+ }
+ presenceCache.clear();
+}
+
+/** Get the number of cached presence entries. */
+export function presenceCacheSize(): number {
+ let total = 0;
+ for (const accountCache of presenceCache.values()) {
+ total += accountCache.size;
+ }
+ return total;
+}
diff --git a/src/discord/monitor/provider.ts b/src/discord/monitor/provider.ts
index 0599d104e..ed5299cf7 100644
--- a/src/discord/monitor/provider.ts
+++ b/src/discord/monitor/provider.ts
@@ -28,6 +28,7 @@ import { resolveDiscordUserAllowlist } from "../resolve-users.js";
import { normalizeDiscordToken } from "../token.js";
import {
DiscordMessageListener,
+ DiscordPresenceListener,
DiscordReactionListener,
DiscordReactionRemoveListener,
registerDiscordListener,
@@ -109,6 +110,25 @@ function formatDiscordDeployErrorDetails(err: unknown): string {
return details.length > 0 ? ` (${details.join(", ")})` : "";
}
+function resolveDiscordGatewayIntents(
+ intentsConfig?: import("../../config/types.discord.js").DiscordIntentsConfig,
+): number {
+ let intents =
+ GatewayIntents.Guilds |
+ GatewayIntents.GuildMessages |
+ GatewayIntents.MessageContent |
+ GatewayIntents.DirectMessages |
+ GatewayIntents.GuildMessageReactions |
+ GatewayIntents.DirectMessageReactions;
+ if (intentsConfig?.presence) {
+ intents |= GatewayIntents.GuildPresences;
+ }
+ if (intentsConfig?.guildMembers) {
+ intents |= GatewayIntents.GuildMembers;
+ }
+ return intents;
+}
+
export async function monitorDiscordProvider(opts: MonitorDiscordOpts = {}) {
const cfg = opts.config ?? loadConfig();
const account = resolveDiscordAccount({
@@ -451,13 +471,7 @@ export async function monitorDiscordProvider(opts: MonitorDiscordOpts = {}) {
reconnect: {
maxAttempts: Number.POSITIVE_INFINITY,
},
- intents:
- GatewayIntents.Guilds |
- GatewayIntents.GuildMessages |
- GatewayIntents.MessageContent |
- GatewayIntents.DirectMessages |
- GatewayIntents.GuildMessageReactions |
- GatewayIntents.DirectMessageReactions,
+ intents: resolveDiscordGatewayIntents(discordCfg.intents),
autoInteractions: true,
}),
],
@@ -527,6 +541,14 @@ export async function monitorDiscordProvider(opts: MonitorDiscordOpts = {}) {
}),
);
+ if (discordCfg.intents?.presence) {
+ registerDiscordListener(
+ client.listeners,
+ new DiscordPresenceListener({ logger, accountId: account.accountId }),
+ );
+ runtime.log?.("discord: GuildPresences intent enabled — presence listener registered");
+ }
+
runtime.log?.(`logged in to discord${botUserId ? ` as ${botUserId}` : ""}`);
// Start exec approvals handler after client is ready
diff --git a/src/docs/terminal-css.test.ts b/src/docs/terminal-css.test.ts
new file mode 100644
index 000000000..838d387a3
--- /dev/null
+++ b/src/docs/terminal-css.test.ts
@@ -0,0 +1,28 @@
+import { readFileSync } from "node:fs";
+import { join } from "node:path";
+import { describe, expect, test } from "vitest";
+
+function readTerminalCss() {
+ // This test is intentionally simple: it guards against regressions where the
+ // docs header stops being sticky because sticky elements live inside an
+ // overflow-clipped container.
+ const path = join(process.cwd(), "docs", "assets", "terminal.css");
+ return readFileSync(path, "utf8");
+}
+
+describe("docs terminal.css", () => {
+ test("keeps the docs header sticky (shell is sticky)", () => {
+ const css = readTerminalCss();
+ expect(css).toMatch(/\.shell\s*\{[^}]*position:\s*sticky;[^}]*top:\s*0;[^}]*\}/s);
+ });
+
+ test("does not rely on making body overflow visible", () => {
+ const css = readTerminalCss();
+ expect(css).not.toMatch(/body\s*\{[^}]*overflow-x:\s*visible;[^}]*\}/s);
+ });
+
+ test("does not make the terminal frame overflow visible (can break layout)", () => {
+ const css = readTerminalCss();
+ expect(css).not.toMatch(/\.shell__frame\s*\{[^}]*overflow:\s*visible;[^}]*\}/s);
+ });
+});
diff --git a/src/gateway/auth.test.ts b/src/gateway/auth.test.ts
index aa4d5e270..7e1022124 100644
--- a/src/gateway/auth.test.ts
+++ b/src/gateway/auth.test.ts
@@ -5,8 +5,8 @@ import { authorizeGatewayConnect } from "./auth.js";
describe("gateway auth", () => {
it("does not throw when req is missing socket", async () => {
const res = await authorizeGatewayConnect({
- auth: { mode: "none", allowTailscale: false },
- connectAuth: null,
+ auth: { mode: "token", token: "secret", allowTailscale: false },
+ connectAuth: { token: "secret" },
// Regression: avoid crashing on req.socket.remoteAddress when callers pass a non-IncomingMessage.
req: {} as never,
});
@@ -63,40 +63,10 @@ describe("gateway auth", () => {
expect(res.reason).toBe("password_missing_config");
});
- it("reports tailscale auth reasons when required", async () => {
- const reqBase = {
- socket: { remoteAddress: "100.100.100.100" },
- headers: { host: "gateway.local" },
- };
-
- const missingUser = await authorizeGatewayConnect({
- auth: { mode: "none", allowTailscale: true },
- connectAuth: null,
- req: reqBase as never,
- });
- expect(missingUser.ok).toBe(false);
- expect(missingUser.reason).toBe("tailscale_user_missing");
-
- const missingProxy = await authorizeGatewayConnect({
- auth: { mode: "none", allowTailscale: true },
- connectAuth: null,
- req: {
- ...reqBase,
- headers: {
- host: "gateway.local",
- "tailscale-user-login": "peter",
- "tailscale-user-name": "Peter",
- },
- } as never,
- });
- expect(missingProxy.ok).toBe(false);
- expect(missingProxy.reason).toBe("tailscale_proxy_missing");
- });
-
it("treats local tailscale serve hostnames as direct", async () => {
const res = await authorizeGatewayConnect({
- auth: { mode: "none", allowTailscale: true },
- connectAuth: null,
+ auth: { mode: "token", token: "secret", allowTailscale: true },
+ connectAuth: { token: "secret" },
req: {
socket: { remoteAddress: "127.0.0.1" },
headers: { host: "gateway.tailnet-1234.ts.net:443" },
@@ -104,27 +74,14 @@ describe("gateway auth", () => {
});
expect(res.ok).toBe(true);
- expect(res.method).toBe("none");
- });
-
- it("does not treat tailscale clients as direct", async () => {
- const res = await authorizeGatewayConnect({
- auth: { mode: "none", allowTailscale: true },
- connectAuth: null,
- req: {
- socket: { remoteAddress: "100.64.0.42" },
- headers: { host: "gateway.tailnet-1234.ts.net" },
- } as never,
- });
-
- expect(res.ok).toBe(false);
- expect(res.reason).toBe("tailscale_user_missing");
+ expect(res.method).toBe("token");
});
it("allows tailscale identity to satisfy token mode auth", async () => {
const res = await authorizeGatewayConnect({
auth: { mode: "token", token: "secret", allowTailscale: true },
connectAuth: null,
+ tailscaleWhois: async () => ({ login: "peter", name: "Peter" }),
req: {
socket: { remoteAddress: "127.0.0.1" },
headers: {
@@ -142,19 +99,4 @@ describe("gateway auth", () => {
expect(res.method).toBe("tailscale");
expect(res.user).toBe("peter");
});
-
- it("treats trusted proxy loopback clients as direct", async () => {
- const res = await authorizeGatewayConnect({
- auth: { mode: "none", allowTailscale: true },
- connectAuth: null,
- trustedProxies: ["10.0.0.2"],
- req: {
- socket: { remoteAddress: "10.0.0.2" },
- headers: { host: "localhost", "x-forwarded-for": "127.0.0.1" },
- } as never,
- });
-
- expect(res.ok).toBe(true);
- expect(res.method).toBe("none");
- });
});
diff --git a/src/gateway/auth.ts b/src/gateway/auth.ts
index cb4e868a2..1adc367a2 100644
--- a/src/gateway/auth.ts
+++ b/src/gateway/auth.ts
@@ -1,8 +1,9 @@
import { timingSafeEqual } from "node:crypto";
import type { IncomingMessage } from "node:http";
import type { GatewayAuthConfig, GatewayTailscaleMode } from "../config/config.js";
-import { isTrustedProxyAddress, resolveGatewayClientIp } from "./net.js";
-export type ResolvedGatewayAuthMode = "none" | "token" | "password";
+import { readTailscaleWhoisIdentity, type TailscaleWhoisIdentity } from "../infra/tailscale.js";
+import { isTrustedProxyAddress, parseForwardedForClientIp, resolveGatewayClientIp } from "./net.js";
+export type ResolvedGatewayAuthMode = "token" | "password";
export type ResolvedGatewayAuth = {
mode: ResolvedGatewayAuthMode;
@@ -13,7 +14,7 @@ export type ResolvedGatewayAuth = {
export type GatewayAuthResult = {
ok: boolean;
- method?: "none" | "token" | "password" | "tailscale" | "device-token";
+ method?: "token" | "password" | "tailscale" | "device-token";
user?: string;
reason?: string;
};
@@ -29,11 +30,17 @@ type TailscaleUser = {
profilePic?: string;
};
+type TailscaleWhoisLookup = (ip: string) => Promise;
+
function safeEqual(a: string, b: string): boolean {
if (a.length !== b.length) return false;
return timingSafeEqual(Buffer.from(a), Buffer.from(b));
}
+function normalizeLogin(login: string): string {
+ return login.trim().toLowerCase();
+}
+
function isLoopbackAddress(ip: string | undefined): boolean {
if (!ip) return false;
if (ip === "127.0.0.1") return true;
@@ -58,6 +65,12 @@ function headerValue(value: string | string[] | undefined): string | undefined {
return Array.isArray(value) ? value[0] : value;
}
+function resolveTailscaleClientIp(req?: IncomingMessage): string | undefined {
+ if (!req) return undefined;
+ const forwardedFor = headerValue(req.headers?.["x-forwarded-for"]);
+ return forwardedFor ? parseForwardedForClientIp(forwardedFor) : undefined;
+}
+
function resolveRequestClientIp(
req?: IncomingMessage,
trustedProxies?: string[],
@@ -71,7 +84,7 @@ function resolveRequestClientIp(
});
}
-function isLocalDirectRequest(req?: IncomingMessage, trustedProxies?: string[]): boolean {
+export function isLocalDirectRequest(req?: IncomingMessage, trustedProxies?: string[]): boolean {
if (!req) return false;
const clientIp = resolveRequestClientIp(req, trustedProxies) ?? "";
if (!isLoopbackAddress(clientIp)) return false;
@@ -118,6 +131,39 @@ function isTailscaleProxyRequest(req?: IncomingMessage): boolean {
return isLoopbackAddress(req.socket?.remoteAddress) && hasTailscaleProxyHeaders(req);
}
+async function resolveVerifiedTailscaleUser(params: {
+ req?: IncomingMessage;
+ tailscaleWhois: TailscaleWhoisLookup;
+}): Promise<{ ok: true; user: TailscaleUser } | { ok: false; reason: string }> {
+ const { req, tailscaleWhois } = params;
+ const tailscaleUser = getTailscaleUser(req);
+ if (!tailscaleUser) {
+ return { ok: false, reason: "tailscale_user_missing" };
+ }
+ if (!isTailscaleProxyRequest(req)) {
+ return { ok: false, reason: "tailscale_proxy_missing" };
+ }
+ const clientIp = resolveTailscaleClientIp(req);
+ if (!clientIp) {
+ return { ok: false, reason: "tailscale_whois_failed" };
+ }
+ const whois = await tailscaleWhois(clientIp);
+ if (!whois?.login) {
+ return { ok: false, reason: "tailscale_whois_failed" };
+ }
+ if (normalizeLogin(whois.login) !== normalizeLogin(tailscaleUser.login)) {
+ return { ok: false, reason: "tailscale_user_mismatch" };
+ }
+ return {
+ ok: true,
+ user: {
+ login: whois.login,
+ name: whois.name ?? tailscaleUser.name,
+ profilePic: tailscaleUser.profilePic,
+ },
+ };
+}
+
export function resolveGatewayAuth(params: {
authConfig?: GatewayAuthConfig | null;
env?: NodeJS.ProcessEnv;
@@ -127,8 +173,7 @@ export function resolveGatewayAuth(params: {
const env = params.env ?? process.env;
const token = authConfig.token ?? env.CLAWDBOT_GATEWAY_TOKEN ?? undefined;
const password = authConfig.password ?? env.CLAWDBOT_GATEWAY_PASSWORD ?? undefined;
- const mode: ResolvedGatewayAuth["mode"] =
- authConfig.mode ?? (password ? "password" : token ? "token" : "none");
+ const mode: ResolvedGatewayAuth["mode"] = authConfig.mode ?? (password ? "password" : "token");
const allowTailscale =
authConfig.allowTailscale ?? (params.tailscaleMode === "serve" && mode !== "password");
return {
@@ -141,6 +186,7 @@ export function resolveGatewayAuth(params: {
export function assertGatewayAuthConfigured(auth: ResolvedGatewayAuth): void {
if (auth.mode === "token" && !auth.token) {
+ if (auth.allowTailscale) return;
throw new Error(
"gateway auth mode is token, but no token was configured (set gateway.auth.token or CLAWDBOT_GATEWAY_TOKEN)",
);
@@ -155,34 +201,24 @@ export async function authorizeGatewayConnect(params: {
connectAuth?: ConnectAuth | null;
req?: IncomingMessage;
trustedProxies?: string[];
+ tailscaleWhois?: TailscaleWhoisLookup;
}): Promise {
const { auth, connectAuth, req, trustedProxies } = params;
+ const tailscaleWhois = params.tailscaleWhois ?? readTailscaleWhoisIdentity;
const localDirect = isLocalDirectRequest(req, trustedProxies);
if (auth.allowTailscale && !localDirect) {
- const tailscaleUser = getTailscaleUser(req);
- const tailscaleProxy = isTailscaleProxyRequest(req);
-
- if (tailscaleUser && tailscaleProxy) {
+ const tailscaleCheck = await resolveVerifiedTailscaleUser({
+ req,
+ tailscaleWhois,
+ });
+ if (tailscaleCheck.ok) {
return {
ok: true,
method: "tailscale",
- user: tailscaleUser.login,
+ user: tailscaleCheck.user.login,
};
}
-
- if (auth.mode === "none") {
- if (!tailscaleUser) {
- return { ok: false, reason: "tailscale_user_missing" };
- }
- if (!tailscaleProxy) {
- return { ok: false, reason: "tailscale_proxy_missing" };
- }
- }
- }
-
- if (auth.mode === "none") {
- return { ok: true, method: "none" };
}
if (auth.mode === "token") {
@@ -192,7 +228,7 @@ export async function authorizeGatewayConnect(params: {
if (!connectAuth?.token) {
return { ok: false, reason: "token_missing" };
}
- if (connectAuth.token !== auth.token) {
+ if (!safeEqual(connectAuth.token, auth.token)) {
return { ok: false, reason: "token_mismatch" };
}
return { ok: true, method: "token" };
diff --git a/src/gateway/gateway.e2e.test.ts b/src/gateway/gateway.e2e.test.ts
index 47ce694ce..0f65d16ac 100644
--- a/src/gateway/gateway.e2e.test.ts
+++ b/src/gateway/gateway.e2e.test.ts
@@ -181,7 +181,7 @@ describe("gateway e2e", () => {
const port = await getFreeGatewayPort();
const server = await startGatewayServer(port, {
bind: "loopback",
- auth: { mode: "none" },
+ auth: { mode: "token", token: wizardToken },
controlUiEnabled: false,
wizardRunner: async (_opts, _runtime, prompter) => {
await prompter.intro("Wizard E2E");
@@ -197,6 +197,7 @@ describe("gateway e2e", () => {
const client = await connectGatewayClient({
url: `ws://127.0.0.1:${port}`,
+ token: wizardToken,
clientDisplayName: "vitest-wizard",
});
diff --git a/src/gateway/hooks-mapping.ts b/src/gateway/hooks-mapping.ts
index becfce129..11fd35ee0 100644
--- a/src/gateway/hooks-mapping.ts
+++ b/src/gateway/hooks-mapping.ts
@@ -19,6 +19,7 @@ export type HookMappingResolved = {
messageTemplate?: string;
textTemplate?: string;
deliver?: boolean;
+ allowUnsafeExternalContent?: boolean;
channel?: HookMessageChannel;
to?: string;
model?: string;
@@ -52,6 +53,7 @@ export type HookAction =
wakeMode: "now" | "next-heartbeat";
sessionKey?: string;
deliver?: boolean;
+ allowUnsafeExternalContent?: boolean;
channel?: HookMessageChannel;
to?: string;
model?: string;
@@ -90,6 +92,7 @@ type HookTransformResult = Partial<{
name: string;
sessionKey: string;
deliver: boolean;
+ allowUnsafeExternalContent: boolean;
channel: HookMessageChannel;
to: string;
model: string;
@@ -103,11 +106,22 @@ type HookTransformFn = (
export function resolveHookMappings(hooks?: HooksConfig): HookMappingResolved[] {
const presets = hooks?.presets ?? [];
+ const gmailAllowUnsafe = hooks?.gmail?.allowUnsafeExternalContent;
const mappings: HookMappingConfig[] = [];
if (hooks?.mappings) mappings.push(...hooks.mappings);
for (const preset of presets) {
const presetMappings = hookPresetMappings[preset];
- if (presetMappings) mappings.push(...presetMappings);
+ if (!presetMappings) continue;
+ if (preset === "gmail" && typeof gmailAllowUnsafe === "boolean") {
+ mappings.push(
+ ...presetMappings.map((mapping) => ({
+ ...mapping,
+ allowUnsafeExternalContent: gmailAllowUnsafe,
+ })),
+ );
+ continue;
+ }
+ mappings.push(...presetMappings);
}
if (mappings.length === 0) return [];
@@ -175,6 +189,7 @@ function normalizeHookMapping(
messageTemplate: mapping.messageTemplate,
textTemplate: mapping.textTemplate,
deliver: mapping.deliver,
+ allowUnsafeExternalContent: mapping.allowUnsafeExternalContent,
channel: mapping.channel,
to: mapping.to,
model: mapping.model,
@@ -220,6 +235,7 @@ function buildActionFromMapping(
wakeMode: mapping.wakeMode ?? "now",
sessionKey: renderOptional(mapping.sessionKey, ctx),
deliver: mapping.deliver,
+ allowUnsafeExternalContent: mapping.allowUnsafeExternalContent,
channel: mapping.channel,
to: renderOptional(mapping.to, ctx),
model: renderOptional(mapping.model, ctx),
@@ -256,6 +272,10 @@ function mergeAction(
name: override.name ?? baseAgent?.name,
sessionKey: override.sessionKey ?? baseAgent?.sessionKey,
deliver: typeof override.deliver === "boolean" ? override.deliver : baseAgent?.deliver,
+ allowUnsafeExternalContent:
+ typeof override.allowUnsafeExternalContent === "boolean"
+ ? override.allowUnsafeExternalContent
+ : baseAgent?.allowUnsafeExternalContent,
channel: override.channel ?? baseAgent?.channel,
to: override.to ?? baseAgent?.to,
model: override.model ?? baseAgent?.model,
diff --git a/src/gateway/hooks.test.ts b/src/gateway/hooks.test.ts
index 5a3c5e79e..447e91bdb 100644
--- a/src/gateway/hooks.test.ts
+++ b/src/gateway/hooks.test.ts
@@ -47,15 +47,21 @@ describe("gateway hooks helpers", () => {
},
} as unknown as IncomingMessage;
const url = new URL("http://localhost/hooks/wake?token=query");
- expect(extractHookToken(req, url)).toBe("top");
+ const result1 = extractHookToken(req, url);
+ expect(result1.token).toBe("top");
+ expect(result1.fromQuery).toBe(false);
const req2 = {
headers: { "x-clawdbot-token": "header" },
} as unknown as IncomingMessage;
- expect(extractHookToken(req2, url)).toBe("header");
+ const result2 = extractHookToken(req2, url);
+ expect(result2.token).toBe("header");
+ expect(result2.fromQuery).toBe(false);
const req3 = { headers: {} } as unknown as IncomingMessage;
- expect(extractHookToken(req3, url)).toBe("query");
+ const result3 = extractHookToken(req3, url);
+ expect(result3.token).toBe("query");
+ expect(result3.fromQuery).toBe(true);
});
test("normalizeWakePayload trims + validates", () => {
diff --git a/src/gateway/hooks.ts b/src/gateway/hooks.ts
index 6065d121d..31265c341 100644
--- a/src/gateway/hooks.ts
+++ b/src/gateway/hooks.ts
@@ -41,21 +41,26 @@ export function resolveHooksConfig(cfg: ClawdbotConfig): HooksConfigResolved | n
};
}
-export function extractHookToken(req: IncomingMessage, url: URL): string | undefined {
+export type HookTokenResult = {
+ token: string | undefined;
+ fromQuery: boolean;
+};
+
+export function extractHookToken(req: IncomingMessage, url: URL): HookTokenResult {
const auth =
typeof req.headers.authorization === "string" ? req.headers.authorization.trim() : "";
if (auth.toLowerCase().startsWith("bearer ")) {
const token = auth.slice(7).trim();
- if (token) return token;
+ if (token) return { token, fromQuery: false };
}
const headerToken =
typeof req.headers["x-clawdbot-token"] === "string"
? req.headers["x-clawdbot-token"].trim()
: "";
- if (headerToken) return headerToken;
+ if (headerToken) return { token: headerToken, fromQuery: false };
const queryToken = url.searchParams.get("token");
- if (queryToken) return queryToken.trim();
- return undefined;
+ if (queryToken) return { token: queryToken.trim(), fromQuery: true };
+ return { token: undefined, fromQuery: false };
}
export async function readJsonBody(
diff --git a/src/gateway/net.ts b/src/gateway/net.ts
index a743140c9..cd97c8e3c 100644
--- a/src/gateway/net.ts
+++ b/src/gateway/net.ts
@@ -36,7 +36,7 @@ function stripOptionalPort(ip: string): string {
return ip;
}
-function parseForwardedForClientIp(forwardedFor?: string): string | undefined {
+export function parseForwardedForClientIp(forwardedFor?: string): string | undefined {
const raw = forwardedFor?.split(",")[0]?.trim();
if (!raw) return undefined;
return normalizeIp(stripOptionalPort(raw));
diff --git a/src/gateway/server-chat.ts b/src/gateway/server-chat.ts
index 9ef62e688..8c67767a6 100644
--- a/src/gateway/server-chat.ts
+++ b/src/gateway/server-chat.ts
@@ -1,8 +1,28 @@
import { normalizeVerboseLevel } from "../auto-reply/thinking.js";
+import { loadConfig } from "../config/config.js";
import { type AgentEventPayload, getAgentRunContext } from "../infra/agent-events.js";
+import { resolveHeartbeatVisibility } from "../infra/heartbeat-visibility.js";
import { loadSessionEntry } from "./session-utils.js";
import { formatForLog } from "./ws-log.js";
+/**
+ * Check if webchat broadcasts should be suppressed for heartbeat runs.
+ * Returns true if the run is a heartbeat and showOk is false.
+ */
+function shouldSuppressHeartbeatBroadcast(runId: string): boolean {
+ const runContext = getAgentRunContext(runId);
+ if (!runContext?.isHeartbeat) return false;
+
+ try {
+ const cfg = loadConfig();
+ const visibility = resolveHeartbeatVisibility({ cfg, channel: "webchat" });
+ return !visibility.showOk;
+ } catch {
+ // Default to suppressing if we can't load config
+ return true;
+ }
+}
+
export type ChatRunEntry = {
sessionKey: string;
clientRunId: string;
@@ -130,7 +150,10 @@ export function createAgentEventHandler({
timestamp: now,
},
};
- broadcast("chat", payload, { dropIfSlow: true });
+ // Suppress webchat broadcast for heartbeat runs when showOk is false
+ if (!shouldSuppressHeartbeatBroadcast(clientRunId)) {
+ broadcast("chat", payload, { dropIfSlow: true });
+ }
nodeSendToSession(sessionKey, "chat", payload);
};
@@ -158,7 +181,10 @@ export function createAgentEventHandler({
}
: undefined,
};
- broadcast("chat", payload);
+ // Suppress webchat broadcast for heartbeat runs when showOk is false
+ if (!shouldSuppressHeartbeatBroadcast(clientRunId)) {
+ broadcast("chat", payload);
+ }
nodeSendToSession(sessionKey, "chat", payload);
return;
}
diff --git a/src/gateway/server-discovery-runtime.ts b/src/gateway/server-discovery-runtime.ts
index ab1628d1d..2dec5883e 100644
--- a/src/gateway/server-discovery-runtime.ts
+++ b/src/gateway/server-discovery-runtime.ts
@@ -14,36 +14,46 @@ export async function startGatewayDiscovery(params: {
canvasPort?: number;
wideAreaDiscoveryEnabled: boolean;
tailscaleMode: "off" | "serve" | "funnel";
+ /** mDNS/Bonjour discovery mode (default: minimal). */
+ mdnsMode?: "off" | "minimal" | "full";
logDiscovery: { info: (msg: string) => void; warn: (msg: string) => void };
}) {
let bonjourStop: (() => Promise) | null = null;
+ const mdnsMode = params.mdnsMode ?? "minimal";
+ // mDNS can be disabled via config (mdnsMode: off) or env var.
const bonjourEnabled =
+ mdnsMode !== "off" &&
process.env.CLAWDBOT_DISABLE_BONJOUR !== "1" &&
process.env.NODE_ENV !== "test" &&
!process.env.VITEST;
+ const mdnsMinimal = mdnsMode !== "full";
const tailscaleEnabled = params.tailscaleMode !== "off";
const needsTailnetDns = bonjourEnabled || params.wideAreaDiscoveryEnabled;
const tailnetDns = needsTailnetDns
? await resolveTailnetDnsHint({ enabled: tailscaleEnabled })
: undefined;
- const sshPortEnv = process.env.CLAWDBOT_SSH_PORT?.trim();
+ const sshPortEnv = mdnsMinimal ? undefined : process.env.CLAWDBOT_SSH_PORT?.trim();
const sshPortParsed = sshPortEnv ? Number.parseInt(sshPortEnv, 10) : NaN;
const sshPort = Number.isFinite(sshPortParsed) && sshPortParsed > 0 ? sshPortParsed : undefined;
+ const cliPath = mdnsMinimal ? undefined : resolveBonjourCliPath();
- try {
- const bonjour = await startGatewayBonjourAdvertiser({
- instanceName: formatBonjourInstanceName(params.machineDisplayName),
- gatewayPort: params.port,
- gatewayTlsEnabled: params.gatewayTls?.enabled ?? false,
- gatewayTlsFingerprintSha256: params.gatewayTls?.fingerprintSha256,
- canvasPort: params.canvasPort,
- sshPort,
- tailnetDns,
- cliPath: resolveBonjourCliPath(),
- });
- bonjourStop = bonjour.stop;
- } catch (err) {
- params.logDiscovery.warn(`bonjour advertising failed: ${String(err)}`);
+ if (bonjourEnabled) {
+ try {
+ const bonjour = await startGatewayBonjourAdvertiser({
+ instanceName: formatBonjourInstanceName(params.machineDisplayName),
+ gatewayPort: params.port,
+ gatewayTlsEnabled: params.gatewayTls?.enabled ?? false,
+ gatewayTlsFingerprintSha256: params.gatewayTls?.fingerprintSha256,
+ canvasPort: params.canvasPort,
+ sshPort,
+ tailnetDns,
+ cliPath,
+ minimal: mdnsMinimal,
+ });
+ bonjourStop = bonjour.stop;
+ } catch (err) {
+ params.logDiscovery.warn(`bonjour advertising failed: ${String(err)}`);
+ }
}
if (params.wideAreaDiscoveryEnabled) {
diff --git a/src/gateway/server-http.ts b/src/gateway/server-http.ts
index 3a122ebc1..b72939c6a 100644
--- a/src/gateway/server-http.ts
+++ b/src/gateway/server-http.ts
@@ -46,6 +46,7 @@ type HookDispatchers = {
model?: string;
thinking?: string;
timeoutSeconds?: number;
+ allowUnsafeExternalContent?: boolean;
}) => string;
};
@@ -75,13 +76,20 @@ export function createHooksRequestHandler(
return false;
}
- const token = extractHookToken(req, url);
+ const { token, fromQuery } = extractHookToken(req, url);
if (!token || token !== hooksConfig.token) {
res.statusCode = 401;
res.setHeader("Content-Type", "text/plain; charset=utf-8");
res.end("Unauthorized");
return true;
}
+ if (fromQuery) {
+ logHooks.warn(
+ "Hook token provided via query parameter is deprecated for security reasons. " +
+ "Tokens in URLs appear in logs, browser history, and referrer headers. " +
+ "Use Authorization: Bearer or X-Clawdbot-Token header instead.",
+ );
+ }
if (req.method !== "POST") {
res.statusCode = 405;
@@ -173,6 +181,7 @@ export function createHooksRequestHandler(
model: mapped.action.model,
thinking: mapped.action.thinking,
timeoutSeconds: mapped.action.timeoutSeconds,
+ allowUnsafeExternalContent: mapped.action.allowUnsafeExternalContent,
});
sendJson(res, 202, { ok: true, runId });
return true;
@@ -282,10 +291,10 @@ export function createGatewayHttpServer(opts: {
res.statusCode = 404;
res.setHeader("Content-Type", "text/plain; charset=utf-8");
res.end("Not Found");
- } catch (err) {
+ } catch {
res.statusCode = 500;
res.setHeader("Content-Type", "text/plain; charset=utf-8");
- res.end(String(err));
+ res.end("Internal Server Error");
}
}
diff --git a/src/gateway/server-runtime-config.ts b/src/gateway/server-runtime-config.ts
index a155c5d0a..2d699988a 100644
--- a/src/gateway/server-runtime-config.ts
+++ b/src/gateway/server-runtime-config.ts
@@ -70,6 +70,11 @@ export async function resolveGatewayRuntimeConfig(params: {
tailscaleMode,
});
const authMode: ResolvedGatewayAuth["mode"] = resolvedAuth.mode;
+ const hasToken = typeof resolvedAuth.token === "string" && resolvedAuth.token.trim().length > 0;
+ const hasPassword =
+ typeof resolvedAuth.password === "string" && resolvedAuth.password.trim().length > 0;
+ const hasSharedSecret =
+ (authMode === "token" && hasToken) || (authMode === "password" && hasPassword);
const hooksConfig = resolveHooksConfig(params.cfg);
const canvasHostEnabled =
process.env.CLAWDBOT_SKIP_CANVAS_HOST !== "1" && params.cfg.canvasHost?.enabled !== false;
@@ -83,9 +88,9 @@ export async function resolveGatewayRuntimeConfig(params: {
if (tailscaleMode !== "off" && !isLoopbackHost(bindHost)) {
throw new Error("tailscale serve/funnel requires gateway bind=loopback (127.0.0.1)");
}
- if (!isLoopbackHost(bindHost) && authMode === "none") {
+ if (!isLoopbackHost(bindHost) && !hasSharedSecret) {
throw new Error(
- `refusing to bind gateway to ${bindHost}:${params.port} without auth (set gateway.auth.token or CLAWDBOT_GATEWAY_TOKEN, or pass --token)`,
+ `refusing to bind gateway to ${bindHost}:${params.port} without auth (set gateway.auth.token/password, or set CLAWDBOT_GATEWAY_TOKEN/CLAWDBOT_GATEWAY_PASSWORD)`,
);
}
diff --git a/src/gateway/server.auth.e2e.test.ts b/src/gateway/server.auth.e2e.test.ts
index 17a8802b2..2eb3dcef9 100644
--- a/src/gateway/server.auth.e2e.test.ts
+++ b/src/gateway/server.auth.e2e.test.ts
@@ -34,7 +34,7 @@ const openWs = async (port: number) => {
};
describe("gateway server auth/connect", () => {
- describe("default auth", () => {
+ describe("default auth (token)", () => {
let server: Awaited>;
let port: number;
@@ -122,6 +122,18 @@ describe("gateway server auth/connect", () => {
await new Promise((resolve) => ws.once("close", () => resolve()));
});
+ test("requires nonce when host is non-local", async () => {
+ const ws = new WebSocket(`ws://127.0.0.1:${port}`, {
+ headers: { host: "example.com" },
+ });
+ await new Promise((resolve) => ws.once("open", resolve));
+
+ const res = await connectReq(ws);
+ expect(res.ok).toBe(false);
+ expect(res.error?.message).toBe("device nonce required");
+ await new Promise((resolve) => ws.once("close", () => resolve()));
+ });
+
test(
"invalid connect params surface in response and close reason",
{ timeout: 60_000 },
@@ -234,6 +246,7 @@ describe("gateway server auth/connect", () => {
test("returns control ui hint when token is missing", async () => {
const ws = await openWs(port);
const res = await connectReq(ws, {
+ skipDefaultAuth: true,
client: {
id: GATEWAY_CLIENT_NAMES.CONTROL_UI,
version: "1.0.0",
@@ -289,6 +302,7 @@ describe("gateway server auth/connect", () => {
test("allows control ui with device identity when insecure auth is enabled", async () => {
testState.gatewayControlUi = { allowInsecureAuth: true };
+ testState.gatewayAuth = { mode: "token", token: "secret" };
const { writeConfigFile } = await import("../config/config.js");
await writeConfigFile({
gateway: {
@@ -351,18 +365,45 @@ describe("gateway server auth/connect", () => {
}
});
- test("rejects proxied connections without auth when proxy headers are untrusted", async () => {
+ test("allows control ui with stale device identity when device auth is disabled", async () => {
+ testState.gatewayControlUi = { dangerouslyDisableDeviceAuth: true };
+ testState.gatewayAuth = { mode: "token", token: "secret" };
const prevToken = process.env.CLAWDBOT_GATEWAY_TOKEN;
- delete process.env.CLAWDBOT_GATEWAY_TOKEN;
+ process.env.CLAWDBOT_GATEWAY_TOKEN = "secret";
const port = await getFreePort();
const server = await startGatewayServer(port);
- const ws = new WebSocket(`ws://127.0.0.1:${port}`, {
- headers: { "x-forwarded-for": "203.0.113.10" },
+ const ws = await openWs(port);
+ const { loadOrCreateDeviceIdentity, publicKeyRawBase64UrlFromPem, signDevicePayload } =
+ await import("../infra/device-identity.js");
+ const identity = loadOrCreateDeviceIdentity();
+ const signedAtMs = Date.now() - 60 * 60 * 1000;
+ const payload = buildDeviceAuthPayload({
+ deviceId: identity.deviceId,
+ clientId: GATEWAY_CLIENT_NAMES.CONTROL_UI,
+ clientMode: GATEWAY_CLIENT_MODES.WEBCHAT,
+ role: "operator",
+ scopes: [],
+ signedAtMs,
+ token: "secret",
});
- await new Promise((resolve) => ws.once("open", resolve));
- const res = await connectReq(ws);
- expect(res.ok).toBe(false);
- expect(res.error?.message ?? "").toContain("gateway auth required");
+ const device = {
+ id: identity.deviceId,
+ publicKey: publicKeyRawBase64UrlFromPem(identity.publicKeyPem),
+ signature: signDevicePayload(identity.privateKeyPem, payload),
+ signedAt: signedAtMs,
+ };
+ const res = await connectReq(ws, {
+ token: "secret",
+ device,
+ client: {
+ id: GATEWAY_CLIENT_NAMES.CONTROL_UI,
+ version: "1.0.0",
+ platform: "web",
+ mode: GATEWAY_CLIENT_MODES.WEBCHAT,
+ },
+ });
+ expect(res.ok).toBe(true);
+ expect((res.payload as { auth?: unknown } | undefined)?.auth).toBeUndefined();
ws.close();
await server.close();
if (prevToken === undefined) {
diff --git a/src/gateway/server.impl.ts b/src/gateway/server.impl.ts
index fdf40be61..7435ed1a7 100644
--- a/src/gateway/server.impl.ts
+++ b/src/gateway/server.impl.ts
@@ -352,6 +352,7 @@ export async function startGatewayServer(
: undefined,
wideAreaDiscoveryEnabled: cfgAtStart.discovery?.wideArea?.enabled === true,
tailscaleMode,
+ mdnsMode: cfgAtStart.discovery?.mdns?.mode,
logDiscovery,
});
bonjourStop = discovery.bonjourStop;
diff --git a/src/gateway/server.nodes.late-invoke.test.ts b/src/gateway/server.nodes.late-invoke.test.ts
index 50801583d..52f73e898 100644
--- a/src/gateway/server.nodes.late-invoke.test.ts
+++ b/src/gateway/server.nodes.late-invoke.test.ts
@@ -28,11 +28,12 @@ let ws: WebSocket;
let port: number;
beforeAll(async () => {
- const started = await startServerWithClient();
+ const token = "test-gateway-token-1234567890";
+ const started = await startServerWithClient(token);
server = started.server;
ws = started.ws;
port = started.port;
- await connectOk(ws);
+ await connectOk(ws, { token });
});
afterAll(async () => {
@@ -60,6 +61,7 @@ describe("late-arriving invoke results", () => {
mode: GATEWAY_CLIENT_MODES.NODE,
},
commands: ["canvas.snapshot"],
+ token: "test-gateway-token-1234567890",
});
// Send an invoke result with an unknown ID (simulating late arrival after timeout)
diff --git a/src/gateway/server/hooks.ts b/src/gateway/server/hooks.ts
index 66afca384..18d46368f 100644
--- a/src/gateway/server/hooks.ts
+++ b/src/gateway/server/hooks.ts
@@ -41,6 +41,7 @@ export function createGatewayHooksRequestHandler(params: {
model?: string;
thinking?: string;
timeoutSeconds?: number;
+ allowUnsafeExternalContent?: boolean;
}) => {
const sessionKey = value.sessionKey.trim() ? value.sessionKey.trim() : `hook:${randomUUID()}`;
const mainSessionKey = resolveMainSessionKeyFromConfig();
@@ -64,6 +65,7 @@ export function createGatewayHooksRequestHandler(params: {
deliver: value.deliver,
channel: value.channel,
to: value.to,
+ allowUnsafeExternalContent: value.allowUnsafeExternalContent,
},
state: { nextRunAtMs: now },
};
diff --git a/src/gateway/server/ws-connection/message-handler.ts b/src/gateway/server/ws-connection/message-handler.ts
index 35265ce63..d1f6ae511 100644
--- a/src/gateway/server/ws-connection/message-handler.ts
+++ b/src/gateway/server/ws-connection/message-handler.ts
@@ -23,10 +23,10 @@ import { rawDataToString } from "../../../infra/ws.js";
import type { createSubsystemLogger } from "../../../logging/subsystem.js";
import { isGatewayCliClient, isWebchatClient } from "../../../utils/message-channel.js";
import type { ResolvedGatewayAuth } from "../../auth.js";
-import { authorizeGatewayConnect } from "../../auth.js";
+import { authorizeGatewayConnect, isLocalDirectRequest } from "../../auth.js";
import { loadConfig } from "../../../config/config.js";
import { buildDeviceAuthPayload } from "../../device-auth.js";
-import { isLocalGatewayAddress, isTrustedProxyAddress, resolveGatewayClientIp } from "../../net.js";
+import { isLoopbackAddress, isTrustedProxyAddress, resolveGatewayClientIp } from "../../net.js";
import { resolveNodeCommandAllowlist } from "../../node-command-policy.js";
import {
type ConnectParams,
@@ -60,6 +60,17 @@ type SubsystemLogger = ReturnType;
const DEVICE_SIGNATURE_SKEW_MS = 10 * 60 * 1000;
+function resolveHostName(hostHeader?: string): string {
+ const host = (hostHeader ?? "").trim().toLowerCase();
+ if (!host) return "";
+ if (host.startsWith("[")) {
+ const end = host.indexOf("]");
+ if (end !== -1) return host.slice(1, end);
+ }
+ const [name] = host.split(":");
+ return name ?? "";
+}
+
type AuthProvidedKind = "token" | "password" | "none";
function formatGatewayAuthFailureMessage(params: {
@@ -100,6 +111,10 @@ function formatGatewayAuthFailureMessage(params: {
return "unauthorized: tailscale identity missing (use Tailscale Serve auth or gateway token/password)";
case "tailscale_proxy_missing":
return "unauthorized: tailscale proxy headers missing (use Tailscale Serve or gateway token/password)";
+ case "tailscale_whois_failed":
+ return "unauthorized: tailscale identity check failed (use Tailscale Serve auth or gateway token/password)";
+ case "tailscale_user_mismatch":
+ return "unauthorized: tailscale identity mismatch (use Tailscale Serve auth or gateway token/password)";
default:
break;
}
@@ -185,8 +200,17 @@ export function attachGatewayWsMessageHandler(params: {
const hasProxyHeaders = Boolean(forwardedFor || realIp);
const remoteIsTrustedProxy = isTrustedProxyAddress(remoteAddr, trustedProxies);
const hasUntrustedProxyHeaders = hasProxyHeaders && !remoteIsTrustedProxy;
- const isLocalClient = !hasUntrustedProxyHeaders && isLocalGatewayAddress(clientIp);
- const reportedClientIp = hasUntrustedProxyHeaders ? undefined : clientIp;
+ const hostName = resolveHostName(requestHost);
+ const hostIsLocal = hostName === "localhost" || hostName === "127.0.0.1" || hostName === "::1";
+ const hostIsTailscaleServe = hostName.endsWith(".ts.net");
+ const hostIsLocalish = hostIsLocal || hostIsTailscaleServe;
+ const isLocalClient = isLocalDirectRequest(upgradeReq, trustedProxies);
+ const reportedClientIp =
+ isLocalClient || hasUntrustedProxyHeaders
+ ? undefined
+ : clientIp && !isLoopbackAddress(clientIp)
+ ? clientIp
+ : undefined;
if (hasUntrustedProxyHeaders) {
logWsControl.warn(
@@ -195,6 +219,13 @@ export function attachGatewayWsMessageHandler(params: {
"Configure gateway.trustedProxies to restore local client detection behind your proxy.",
);
}
+ if (!hostIsLocalish && isLoopbackAddress(remoteAddr) && !hasProxyHeaders) {
+ logWsControl.warn(
+ "Loopback connection with non-local Host header. " +
+ "Treating it as remote. If you're behind a reverse proxy, " +
+ "set gateway.trustedProxies and forward X-Forwarded-For/X-Real-IP.",
+ );
+ }
const isWebchatConnect = (p: ConnectParams | null | undefined) => isWebchatClient(p?.client);
@@ -331,7 +362,7 @@ export function attachGatewayWsMessageHandler(params: {
connectParams.role = role;
connectParams.scopes = scopes;
- const device = connectParams.device;
+ const deviceRaw = connectParams.device;
let devicePublicKey: string | null = null;
const hasTokenAuth = Boolean(connectParams.auth?.token);
const hasPasswordAuth = Boolean(connectParams.auth?.password);
@@ -339,36 +370,14 @@ export function attachGatewayWsMessageHandler(params: {
const isControlUi = connectParams.client.id === GATEWAY_CLIENT_IDS.CONTROL_UI;
const allowInsecureControlUi =
isControlUi && configSnapshot.gateway?.controlUi?.allowInsecureAuth === true;
- if (hasUntrustedProxyHeaders && resolvedAuth.mode === "none") {
- setHandshakeState("failed");
- setCloseCause("proxy-auth-required", {
- client: connectParams.client.id,
- clientDisplayName: connectParams.client.displayName,
- mode: connectParams.client.mode,
- version: connectParams.client.version,
- });
- send({
- type: "res",
- id: frame.id,
- ok: false,
- error: errorShape(
- ErrorCodes.INVALID_REQUEST,
- "gateway auth required behind reverse proxy",
- {
- details: {
- hint: "set gateway.auth or configure gateway.trustedProxies",
- },
- },
- ),
- });
- close(1008, "gateway auth required");
- return;
- }
-
+ const disableControlUiDeviceAuth =
+ isControlUi && configSnapshot.gateway?.controlUi?.dangerouslyDisableDeviceAuth === true;
+ const allowControlUiBypass = allowInsecureControlUi || disableControlUiDeviceAuth;
+ const device = disableControlUiDeviceAuth ? null : deviceRaw;
if (!device) {
- const canSkipDevice = allowInsecureControlUi ? hasSharedAuth : hasTokenAuth;
+ const canSkipDevice = allowControlUiBypass ? hasSharedAuth : hasTokenAuth;
- if (isControlUi && !allowInsecureControlUi) {
+ if (isControlUi && !allowControlUiBypass) {
const errorMessage = "control ui requires HTTPS or localhost (secure context)";
setHandshakeState("failed");
setCloseCause("control-ui-insecure-auth", {
@@ -562,7 +571,8 @@ export function attachGatewayWsMessageHandler(params: {
trustedProxies,
});
let authOk = authResult.ok;
- let authMethod = authResult.method ?? "none";
+ let authMethod =
+ authResult.method ?? (resolvedAuth.mode === "password" ? "password" : "token");
if (!authOk && connectParams.auth?.token && device) {
const tokenCheck = await verifyDeviceToken({
deviceId: device.id,
@@ -611,7 +621,7 @@ export function attachGatewayWsMessageHandler(params: {
return;
}
- const skipPairing = allowInsecureControlUi && hasSharedAuth;
+ const skipPairing = allowControlUiBypass && hasSharedAuth;
if (device && devicePublicKey && !skipPairing) {
const requirePairing = async (reason: string, _paired?: { deviceId: string }) => {
const pairing = await requestDevicePairing({
@@ -732,9 +742,7 @@ export function attachGatewayWsMessageHandler(params: {
const shouldTrackPresence = !isGatewayCliClient(connectParams.client);
const clientId = connectParams.client.id;
const instanceId = connectParams.client.instanceId;
- const presenceKey = shouldTrackPresence
- ? (connectParams.device?.id ?? instanceId ?? connId)
- : undefined;
+ const presenceKey = shouldTrackPresence ? (device?.id ?? instanceId ?? connId) : undefined;
logWs("in", "connect", {
connId,
@@ -762,10 +770,10 @@ export function attachGatewayWsMessageHandler(params: {
deviceFamily: connectParams.client.deviceFamily,
modelIdentifier: connectParams.client.modelIdentifier,
mode: connectParams.client.mode,
- deviceId: connectParams.device?.id,
+ deviceId: device?.id,
roles: [role],
scopes,
- instanceId: connectParams.device?.id ?? instanceId,
+ instanceId: device?.id ?? instanceId,
reason: "connect",
});
incrementPresenceVersion();
diff --git a/src/gateway/test-helpers.server.ts b/src/gateway/test-helpers.server.ts
index b6e89486d..34c22c573 100644
--- a/src/gateway/test-helpers.server.ts
+++ b/src/gateway/test-helpers.server.ts
@@ -111,7 +111,7 @@ async function resetGatewayTestState(options: { uniqueConfigRoot: boolean }) {
sessionStoreSaveDelayMs.value = 0;
testTailnetIPv4.value = undefined;
testState.gatewayBind = undefined;
- testState.gatewayAuth = undefined;
+ testState.gatewayAuth = { mode: "token", token: "test-gateway-token-1234567890" };
testState.gatewayControlUi = undefined;
testState.hooksConfig = undefined;
testState.canvasHostPort = undefined;
@@ -260,10 +260,18 @@ export async function startGatewayServer(port: number, opts?: GatewayServerOptio
export async function startServerWithClient(token?: string, opts?: GatewayServerOptions) {
let port = await getFreePort();
const prev = process.env.CLAWDBOT_GATEWAY_TOKEN;
- if (token === undefined) {
+ if (typeof token === "string") {
+ testState.gatewayAuth = { mode: "token", token };
+ }
+ const fallbackToken =
+ token ??
+ (typeof (testState.gatewayAuth as { token?: unknown } | undefined)?.token === "string"
+ ? (testState.gatewayAuth as { token?: string }).token
+ : undefined);
+ if (fallbackToken === undefined) {
delete process.env.CLAWDBOT_GATEWAY_TOKEN;
} else {
- process.env.CLAWDBOT_GATEWAY_TOKEN = token;
+ process.env.CLAWDBOT_GATEWAY_TOKEN = fallbackToken;
}
let server: Awaited> | null = null;
@@ -299,6 +307,7 @@ export async function connectReq(
opts?: {
token?: string;
password?: string;
+ skipDefaultAuth?: boolean;
minProtocol?: number;
maxProtocol?: number;
client?: {
@@ -334,6 +343,20 @@ export async function connectReq(
mode: GATEWAY_CLIENT_MODES.TEST,
};
const role = opts?.role ?? "operator";
+ const defaultToken =
+ opts?.skipDefaultAuth === true
+ ? undefined
+ : typeof (testState.gatewayAuth as { token?: unknown } | undefined)?.token === "string"
+ ? ((testState.gatewayAuth as { token?: string }).token ?? undefined)
+ : process.env.CLAWDBOT_GATEWAY_TOKEN;
+ const defaultPassword =
+ opts?.skipDefaultAuth === true
+ ? undefined
+ : typeof (testState.gatewayAuth as { password?: unknown } | undefined)?.password === "string"
+ ? ((testState.gatewayAuth as { password?: string }).password ?? undefined)
+ : process.env.CLAWDBOT_GATEWAY_PASSWORD;
+ const token = opts?.token ?? defaultToken;
+ const password = opts?.password ?? defaultPassword;
const requestedScopes = Array.isArray(opts?.scopes) ? opts?.scopes : [];
const device = (() => {
if (opts?.device === null) return undefined;
@@ -347,7 +370,7 @@ export async function connectReq(
role,
scopes: requestedScopes,
signedAtMs,
- token: opts?.token ?? null,
+ token: token ?? null,
});
return {
id: identity.deviceId,
@@ -372,10 +395,10 @@ export async function connectReq(
role,
scopes: opts?.scopes,
auth:
- opts?.token || opts?.password
+ token || password
? {
- token: opts?.token,
- password: opts?.password,
+ token,
+ password,
}
: undefined,
device,
diff --git a/src/gateway/tools-invoke-http.test.ts b/src/gateway/tools-invoke-http.test.ts
index f23220d9d..a32c728a1 100644
--- a/src/gateway/tools-invoke-http.test.ts
+++ b/src/gateway/tools-invoke-http.test.ts
@@ -1,12 +1,28 @@
-import { describe, expect, it, vi } from "vitest";
+import { beforeEach, describe, expect, it, vi } from "vitest";
import type { IncomingMessage, ServerResponse } from "node:http";
+import { promises as fs } from "node:fs";
+import path from "node:path";
+
import { installGatewayTestHooks, getFreePort, startGatewayServer } from "./test-helpers.server.js";
import { resetTestPluginRegistry, setTestPluginRegistry, testState } from "./test-helpers.mocks.js";
import { createTestRegistry } from "../test-utils/channel-plugins.js";
+import { CONFIG_PATH_CLAWDBOT } from "../config/config.js";
installGatewayTestHooks({ scope: "suite" });
+beforeEach(() => {
+ // Ensure these tests are not affected by host env vars.
+ delete process.env.CLAWDBOT_GATEWAY_TOKEN;
+ delete process.env.CLAWDBOT_GATEWAY_PASSWORD;
+});
+
+const resolveGatewayToken = (): string => {
+ const token = (testState.gatewayAuth as { token?: string } | undefined)?.token;
+ if (!token) throw new Error("test gateway token missing");
+ return token;
+};
+
describe("POST /tools/invoke", () => {
it("invokes a tool and returns {ok:true,result}", async () => {
// Allow the sessions_list tool for main agent.
@@ -25,10 +41,11 @@ describe("POST /tools/invoke", () => {
const server = await startGatewayServer(port, {
bind: "loopback",
});
+ const token = resolveGatewayToken();
const res = await fetch(`http://127.0.0.1:${port}/tools/invoke`, {
method: "POST",
- headers: { "content-type": "application/json" },
+ headers: { "content-type": "application/json", authorization: `Bearer ${token}` },
body: JSON.stringify({ tool: "sessions_list", action: "json", args: {}, sessionKey: "main" }),
});
@@ -40,6 +57,64 @@ describe("POST /tools/invoke", () => {
await server.close();
});
+ it("supports tools.alsoAllow as additive allowlist (profile stage)", async () => {
+ // No explicit tool allowlist; rely on profile + alsoAllow.
+ testState.agentsConfig = {
+ list: [{ id: "main" }],
+ } as any;
+
+ // minimal profile does NOT include sessions_list, but alsoAllow should.
+ const { writeConfigFile } = await import("../config/config.js");
+ await writeConfigFile({
+ tools: { profile: "minimal", alsoAllow: ["sessions_list"] },
+ } as any);
+
+ const port = await getFreePort();
+ const server = await startGatewayServer(port, { bind: "loopback" });
+ const token = resolveGatewayToken();
+
+ const res = await fetch(`http://127.0.0.1:${port}/tools/invoke`, {
+ method: "POST",
+ headers: { "content-type": "application/json", authorization: `Bearer ${token}` },
+ body: JSON.stringify({ tool: "sessions_list", action: "json", args: {}, sessionKey: "main" }),
+ });
+
+ expect(res.status).toBe(200);
+ const body = await res.json();
+ expect(body.ok).toBe(true);
+
+ await server.close();
+ });
+
+ it("supports tools.alsoAllow without allow/profile (implicit allow-all)", async () => {
+ testState.agentsConfig = {
+ list: [{ id: "main" }],
+ } as any;
+
+ await fs.mkdir(path.dirname(CONFIG_PATH_CLAWDBOT), { recursive: true });
+ await fs.writeFile(
+ CONFIG_PATH_CLAWDBOT,
+ JSON.stringify({ tools: { alsoAllow: ["sessions_list"] } }, null, 2),
+ "utf-8",
+ );
+
+ const port = await getFreePort();
+ const server = await startGatewayServer(port, { bind: "loopback" });
+ const token = resolveGatewayToken();
+
+ const res = await fetch(`http://127.0.0.1:${port}/tools/invoke`, {
+ method: "POST",
+ headers: { "content-type": "application/json", authorization: `Bearer ${token}` },
+ body: JSON.stringify({ tool: "sessions_list", action: "json", args: {}, sessionKey: "main" }),
+ });
+
+ expect(res.status).toBe(200);
+ const body = await res.json();
+ expect(body.ok).toBe(true);
+
+ await server.close();
+ });
+
it("accepts password auth when bearer token matches", async () => {
testState.agentsConfig = {
list: [
@@ -105,9 +180,10 @@ describe("POST /tools/invoke", () => {
const port = await getFreePort();
const server = await startGatewayServer(port, { bind: "loopback" });
try {
+ const token = resolveGatewayToken();
const res = await fetch(`http://127.0.0.1:${port}/tools/invoke`, {
method: "POST",
- headers: { "content-type": "application/json" },
+ headers: { "content-type": "application/json", authorization: `Bearer ${token}` },
body: JSON.stringify({
tool: "sessions_list",
action: "json",
@@ -167,10 +243,11 @@ describe("POST /tools/invoke", () => {
const port = await getFreePort();
const server = await startGatewayServer(port, { bind: "loopback" });
+ const token = resolveGatewayToken();
const res = await fetch(`http://127.0.0.1:${port}/tools/invoke`, {
method: "POST",
- headers: { "content-type": "application/json" },
+ headers: { "content-type": "application/json", authorization: `Bearer ${token}` },
body: JSON.stringify({ tool: "sessions_list", action: "json", args: {}, sessionKey: "main" }),
});
@@ -198,10 +275,11 @@ describe("POST /tools/invoke", () => {
const port = await getFreePort();
const server = await startGatewayServer(port, { bind: "loopback" });
+ const token = resolveGatewayToken();
const res = await fetch(`http://127.0.0.1:${port}/tools/invoke`, {
method: "POST",
- headers: { "content-type": "application/json" },
+ headers: { "content-type": "application/json", authorization: `Bearer ${token}` },
body: JSON.stringify({ tool: "sessions_list", action: "json", args: {}, sessionKey: "main" }),
});
@@ -234,17 +312,18 @@ describe("POST /tools/invoke", () => {
const server = await startGatewayServer(port, { bind: "loopback" });
const payload = { tool: "sessions_list", action: "json", args: {} };
+ const token = resolveGatewayToken();
const resDefault = await fetch(`http://127.0.0.1:${port}/tools/invoke`, {
method: "POST",
- headers: { "content-type": "application/json" },
+ headers: { "content-type": "application/json", authorization: `Bearer ${token}` },
body: JSON.stringify(payload),
});
expect(resDefault.status).toBe(200);
const resMain = await fetch(`http://127.0.0.1:${port}/tools/invoke`, {
method: "POST",
- headers: { "content-type": "application/json" },
+ headers: { "content-type": "application/json", authorization: `Bearer ${token}` },
body: JSON.stringify({ ...payload, sessionKey: "main" }),
});
expect(resMain.status).toBe(200);
diff --git a/src/gateway/tools-invoke-http.ts b/src/gateway/tools-invoke-http.ts
index 80e2f295e..b747e2561 100644
--- a/src/gateway/tools-invoke-http.ts
+++ b/src/gateway/tools-invoke-http.ts
@@ -130,9 +130,22 @@ export async function handleToolsInvokeHttpRequest(
agentProviderPolicy,
profile,
providerProfile,
+ profileAlsoAllow,
+ providerProfileAlsoAllow,
} = resolveEffectiveToolPolicy({ config: cfg, sessionKey });
const profilePolicy = resolveToolProfilePolicy(profile);
const providerProfilePolicy = resolveToolProfilePolicy(providerProfile);
+
+ const mergeAlsoAllow = (policy: typeof profilePolicy, alsoAllow?: string[]) => {
+ if (!policy?.allow || !Array.isArray(alsoAllow) || alsoAllow.length === 0) return policy;
+ return { ...policy, allow: Array.from(new Set([...policy.allow, ...alsoAllow])) };
+ };
+
+ const profilePolicyWithAlsoAllow = mergeAlsoAllow(profilePolicy, profileAlsoAllow);
+ const providerProfilePolicyWithAlsoAllow = mergeAlsoAllow(
+ providerProfilePolicy,
+ providerProfileAlsoAllow,
+ );
const groupPolicy = resolveGroupToolPolicy({
config: cfg,
sessionKey,
@@ -176,18 +189,18 @@ export async function handleToolsInvokeHttpRequest(
if (resolved.unknownAllowlist.length > 0) {
const entries = resolved.unknownAllowlist.join(", ");
const suffix = resolved.strippedAllowlist
- ? "Ignoring allowlist so core tools remain available."
+ ? "Ignoring allowlist so core tools remain available. Use tools.alsoAllow for additive plugin tool enablement."
: "These entries won't match any tool unless the plugin is enabled.";
logWarn(`tools: ${label} allowlist contains unknown entries (${entries}). ${suffix}`);
}
return expandPolicyWithPluginGroups(resolved.policy, pluginGroups);
};
const profilePolicyExpanded = resolvePolicy(
- profilePolicy,
+ profilePolicyWithAlsoAllow,
profile ? `tools.profile (${profile})` : "tools.profile",
);
const providerProfileExpanded = resolvePolicy(
- providerProfilePolicy,
+ providerProfilePolicyWithAlsoAllow,
providerProfile ? `tools.byProvider.profile (${providerProfile})` : "tools.byProvider.profile",
);
const globalPolicyExpanded = resolvePolicy(globalPolicy, "tools.allow");
diff --git a/src/infra/agent-events.ts b/src/infra/agent-events.ts
index c11dff8ab..5c41c3c95 100644
--- a/src/infra/agent-events.ts
+++ b/src/infra/agent-events.ts
@@ -14,6 +14,7 @@ export type AgentEventPayload = {
export type AgentRunContext = {
sessionKey?: string;
verboseLevel?: VerboseLevel;
+ isHeartbeat?: boolean;
};
// Keep per-run counters so streams stay strictly monotonic per runId.
@@ -34,6 +35,9 @@ export function registerAgentRunContext(runId: string, context: AgentRunContext)
if (context.verboseLevel && existing.verboseLevel !== context.verboseLevel) {
existing.verboseLevel = context.verboseLevel;
}
+ if (context.isHeartbeat !== undefined && existing.isHeartbeat !== context.isHeartbeat) {
+ existing.isHeartbeat = context.isHeartbeat;
+ }
}
export function getAgentRunContext(runId: string) {
diff --git a/src/infra/bonjour.test.ts b/src/infra/bonjour.test.ts
index 82c8253d7..dabdb483e 100644
--- a/src/infra/bonjour.test.ts
+++ b/src/infra/bonjour.test.ts
@@ -138,6 +138,42 @@ describe("gateway bonjour advertiser", () => {
expect(shutdown).toHaveBeenCalledTimes(1);
});
+ it("omits cliPath and sshPort in minimal mode", async () => {
+ // Allow advertiser to run in unit tests.
+ delete process.env.VITEST;
+ process.env.NODE_ENV = "development";
+
+ vi.spyOn(os, "hostname").mockReturnValue("test-host");
+
+ const destroy = vi.fn().mockResolvedValue(undefined);
+ const advertise = vi.fn().mockResolvedValue(undefined);
+
+ createService.mockImplementation((options: Record) => {
+ return {
+ advertise,
+ destroy,
+ serviceState: "announced",
+ on: vi.fn(),
+ getFQDN: () => `${asString(options.type, "service")}.${asString(options.domain, "local")}.`,
+ getHostname: () => asString(options.hostname, "unknown"),
+ getPort: () => Number(options.port ?? -1),
+ };
+ });
+
+ const started = await startGatewayBonjourAdvertiser({
+ gatewayPort: 18789,
+ sshPort: 2222,
+ cliPath: "/opt/homebrew/bin/clawdbot",
+ minimal: true,
+ });
+
+ const [gatewayCall] = createService.mock.calls as Array<[Record]>;
+ expect((gatewayCall?.[0]?.txt as Record)?.sshPort).toBeUndefined();
+ expect((gatewayCall?.[0]?.txt as Record)?.cliPath).toBeUndefined();
+
+ await started.stop();
+ });
+
it("attaches conflict listeners for services", async () => {
// Allow advertiser to run in unit tests.
delete process.env.VITEST;
diff --git a/src/infra/bonjour.ts b/src/infra/bonjour.ts
index 302717116..94b38d68c 100644
--- a/src/infra/bonjour.ts
+++ b/src/infra/bonjour.ts
@@ -20,6 +20,11 @@ export type GatewayBonjourAdvertiseOpts = {
canvasPort?: number;
tailnetDns?: string;
cliPath?: string;
+ /**
+ * Minimal mode - omit sensitive fields (cliPath, sshPort) from TXT records.
+ * Reduces information disclosure for better operational security.
+ */
+ minimal?: boolean;
};
function isDisabledByEnv() {
@@ -115,12 +120,24 @@ export async function startGatewayBonjourAdvertiser(
if (typeof opts.tailnetDns === "string" && opts.tailnetDns.trim()) {
txtBase.tailnetDns = opts.tailnetDns.trim();
}
- if (typeof opts.cliPath === "string" && opts.cliPath.trim()) {
+ // In minimal mode, omit cliPath to avoid exposing filesystem structure.
+ // This info can be obtained via the authenticated WebSocket if needed.
+ if (!opts.minimal && typeof opts.cliPath === "string" && opts.cliPath.trim()) {
txtBase.cliPath = opts.cliPath.trim();
}
const services: Array<{ label: string; svc: BonjourService }> = [];
+ // Build TXT record for the gateway service.
+ // In minimal mode, omit sshPort to avoid advertising SSH availability.
+ const gatewayTxt: Record = {
+ ...txtBase,
+ transport: "gateway",
+ };
+ if (!opts.minimal) {
+ gatewayTxt.sshPort = String(opts.sshPort ?? 22);
+ }
+
const gateway = responder.createService({
name: safeServiceName(instanceName),
type: "clawdbot-gw",
@@ -128,11 +145,7 @@ export async function startGatewayBonjourAdvertiser(
port: opts.gatewayPort,
domain: "local",
hostname,
- txt: {
- ...txtBase,
- sshPort: String(opts.sshPort ?? 22),
- transport: "gateway",
- },
+ txt: gatewayTxt,
});
services.push({
label: "gateway",
@@ -149,7 +162,7 @@ export async function startGatewayBonjourAdvertiser(
logDebug(
`bonjour: starting (hostname=${hostname}, instance=${JSON.stringify(
safeServiceName(instanceName),
- )}, gatewayPort=${opts.gatewayPort}, sshPort=${opts.sshPort ?? 22})`,
+ )}, gatewayPort=${opts.gatewayPort}${opts.minimal ? ", minimal=true" : `, sshPort=${opts.sshPort ?? 22}`})`,
);
for (const { label, svc } of services) {
diff --git a/src/infra/heartbeat-runner.returns-default-unset.test.ts b/src/infra/heartbeat-runner.returns-default-unset.test.ts
index 621f895fa..595cbaed7 100644
--- a/src/infra/heartbeat-runner.returns-default-unset.test.ts
+++ b/src/infra/heartbeat-runner.returns-default-unset.test.ts
@@ -333,6 +333,7 @@ describe("runHeartbeatOnce", () => {
const cfg: ClawdbotConfig = {
agents: {
defaults: {
+ workspace: tmpDir,
heartbeat: { every: "5m", target: "whatsapp" },
},
},
@@ -461,6 +462,7 @@ describe("runHeartbeatOnce", () => {
const cfg: ClawdbotConfig = {
agents: {
defaults: {
+ workspace: tmpDir,
heartbeat: {
every: "5m",
target: "last",
@@ -542,6 +544,7 @@ describe("runHeartbeatOnce", () => {
const cfg: ClawdbotConfig = {
agents: {
defaults: {
+ workspace: tmpDir,
heartbeat: { every: "5m", target: "whatsapp" },
},
},
@@ -597,6 +600,7 @@ describe("runHeartbeatOnce", () => {
const cfg: ClawdbotConfig = {
agents: {
defaults: {
+ workspace: tmpDir,
heartbeat: {
every: "5m",
target: "whatsapp",
@@ -668,6 +672,7 @@ describe("runHeartbeatOnce", () => {
const cfg: ClawdbotConfig = {
agents: {
defaults: {
+ workspace: tmpDir,
heartbeat: {
every: "5m",
target: "whatsapp",
@@ -737,7 +742,7 @@ describe("runHeartbeatOnce", () => {
try {
const cfg: ClawdbotConfig = {
agents: {
- defaults: { heartbeat: { every: "5m" } },
+ defaults: { workspace: tmpDir, heartbeat: { every: "5m" } },
list: [{ id: "work", default: true }],
},
channels: { whatsapp: { allowFrom: ["*"] } },
diff --git a/src/infra/heartbeat-visibility.test.ts b/src/infra/heartbeat-visibility.test.ts
index 17a7dc128..e98054bbb 100644
--- a/src/infra/heartbeat-visibility.test.ts
+++ b/src/infra/heartbeat-visibility.test.ts
@@ -247,4 +247,58 @@ describe("resolveHeartbeatVisibility", () => {
useIndicator: true,
});
});
+
+ it("webchat uses channel defaults only (no per-channel config)", () => {
+ const cfg = {
+ channels: {
+ defaults: {
+ heartbeat: {
+ showOk: true,
+ showAlerts: false,
+ useIndicator: false,
+ },
+ },
+ },
+ } as ClawdbotConfig;
+
+ const result = resolveHeartbeatVisibility({ cfg, channel: "webchat" });
+
+ expect(result).toEqual({
+ showOk: true,
+ showAlerts: false,
+ useIndicator: false,
+ });
+ });
+
+ it("webchat returns defaults when no channel defaults configured", () => {
+ const cfg = {} as ClawdbotConfig;
+
+ const result = resolveHeartbeatVisibility({ cfg, channel: "webchat" });
+
+ expect(result).toEqual({
+ showOk: false,
+ showAlerts: true,
+ useIndicator: true,
+ });
+ });
+
+ it("webchat ignores accountId (only uses defaults)", () => {
+ const cfg = {
+ channels: {
+ defaults: {
+ heartbeat: {
+ showOk: true,
+ },
+ },
+ },
+ } as ClawdbotConfig;
+
+ const result = resolveHeartbeatVisibility({
+ cfg,
+ channel: "webchat",
+ accountId: "some-account",
+ });
+
+ expect(result.showOk).toBe(true);
+ });
});
diff --git a/src/infra/heartbeat-visibility.ts b/src/infra/heartbeat-visibility.ts
index 75555b878..c24b10417 100644
--- a/src/infra/heartbeat-visibility.ts
+++ b/src/infra/heartbeat-visibility.ts
@@ -1,6 +1,6 @@
import type { ClawdbotConfig } from "../config/config.js";
import type { ChannelHeartbeatVisibilityConfig } from "../config/types.channels.js";
-import type { DeliverableMessageChannel } from "../utils/message-channel.js";
+import type { GatewayMessageChannel } from "../utils/message-channel.js";
export type ResolvedHeartbeatVisibility = {
showOk: boolean;
@@ -14,13 +14,28 @@ const DEFAULT_VISIBILITY: ResolvedHeartbeatVisibility = {
useIndicator: true, // Emit indicator events
};
+/**
+ * Resolve heartbeat visibility settings for a channel.
+ * Supports both deliverable channels (telegram, signal, etc.) and webchat.
+ * For webchat, uses channels.defaults.heartbeat since webchat doesn't have per-channel config.
+ */
export function resolveHeartbeatVisibility(params: {
cfg: ClawdbotConfig;
- channel: DeliverableMessageChannel;
+ channel: GatewayMessageChannel;
accountId?: string;
}): ResolvedHeartbeatVisibility {
const { cfg, channel, accountId } = params;
+ // Webchat uses channel defaults only (no per-channel or per-account config)
+ if (channel === "webchat") {
+ const channelDefaults = cfg.channels?.defaults?.heartbeat;
+ return {
+ showOk: channelDefaults?.showOk ?? DEFAULT_VISIBILITY.showOk,
+ showAlerts: channelDefaults?.showAlerts ?? DEFAULT_VISIBILITY.showAlerts,
+ useIndicator: channelDefaults?.useIndicator ?? DEFAULT_VISIBILITY.useIndicator,
+ };
+ }
+
// Layer 1: Global channel defaults
const channelDefaults = cfg.channels?.defaults?.heartbeat;
diff --git a/src/infra/heartbeat-wake.ts b/src/infra/heartbeat-wake.ts
index 9d5a4c4ce..eb26bf499 100644
--- a/src/infra/heartbeat-wake.ts
+++ b/src/infra/heartbeat-wake.ts
@@ -37,10 +37,10 @@ function schedule(coalesceMs: number) {
pendingReason = reason ?? "retry";
schedule(DEFAULT_RETRY_MS);
}
- } catch (err) {
+ } catch {
+ // Error is already logged by the heartbeat runner; schedule a retry.
pendingReason = reason ?? "retry";
schedule(DEFAULT_RETRY_MS);
- throw err;
} finally {
running = false;
if (pendingReason || scheduled) schedule(coalesceMs);
diff --git a/src/infra/net/ssrf.pinning.test.ts b/src/infra/net/ssrf.pinning.test.ts
new file mode 100644
index 000000000..42bc54b66
--- /dev/null
+++ b/src/infra/net/ssrf.pinning.test.ts
@@ -0,0 +1,63 @@
+import { describe, expect, it, vi } from "vitest";
+
+import { createPinnedLookup, resolvePinnedHostname } from "./ssrf.js";
+
+describe("ssrf pinning", () => {
+ it("pins resolved addresses for the target hostname", async () => {
+ const lookup = vi.fn(async () => [
+ { address: "93.184.216.34", family: 4 },
+ { address: "93.184.216.35", family: 4 },
+ ]);
+
+ const pinned = await resolvePinnedHostname("Example.com.", lookup);
+ expect(pinned.hostname).toBe("example.com");
+ expect(pinned.addresses).toEqual(["93.184.216.34", "93.184.216.35"]);
+
+ const first = await new Promise<{ address: string; family?: number }>((resolve, reject) => {
+ pinned.lookup("example.com", (err, address, family) => {
+ if (err) reject(err);
+ else resolve({ address: address as string, family });
+ });
+ });
+ expect(first.address).toBe("93.184.216.34");
+ expect(first.family).toBe(4);
+
+ const all = await new Promise((resolve, reject) => {
+ pinned.lookup("example.com", { all: true }, (err, addresses) => {
+ if (err) reject(err);
+ else resolve(addresses);
+ });
+ });
+ expect(Array.isArray(all)).toBe(true);
+ expect((all as Array<{ address: string }>).map((entry) => entry.address)).toEqual(
+ pinned.addresses,
+ );
+ });
+
+ it("rejects private DNS results", async () => {
+ const lookup = vi.fn(async () => [{ address: "10.0.0.8", family: 4 }]);
+ await expect(resolvePinnedHostname("example.com", lookup)).rejects.toThrow(/private|internal/i);
+ });
+
+ it("falls back for non-matching hostnames", async () => {
+ const fallback = vi.fn((host: string, options?: unknown, callback?: unknown) => {
+ const cb = typeof options === "function" ? options : (callback as () => void);
+ (cb as (err: null, address: string, family: number) => void)(null, "1.2.3.4", 4);
+ });
+ const lookup = createPinnedLookup({
+ hostname: "example.com",
+ addresses: ["93.184.216.34"],
+ fallback,
+ });
+
+ const result = await new Promise<{ address: string }>((resolve, reject) => {
+ lookup("other.test", (err, address) => {
+ if (err) reject(err);
+ else resolve({ address: address as string });
+ });
+ });
+
+ expect(fallback).toHaveBeenCalledTimes(1);
+ expect(result.address).toBe("1.2.3.4");
+ });
+});
diff --git a/src/infra/net/ssrf.ts b/src/infra/net/ssrf.ts
index 9b09cc4b1..297df0f03 100644
--- a/src/infra/net/ssrf.ts
+++ b/src/infra/net/ssrf.ts
@@ -1,4 +1,12 @@
import { lookup as dnsLookup } from "node:dns/promises";
+import { lookup as dnsLookupCb, type LookupAddress } from "node:dns";
+import { Agent, type Dispatcher } from "undici";
+
+type LookupCallback = (
+ err: NodeJS.ErrnoException | null,
+ address: string | LookupAddress[],
+ family?: number,
+) => void;
export class SsrFBlockedError extends Error {
constructor(message: string) {
@@ -101,10 +109,71 @@ export function isBlockedHostname(hostname: string): boolean {
);
}
-export async function assertPublicHostname(
+export function createPinnedLookup(params: {
+ hostname: string;
+ addresses: string[];
+ fallback?: typeof dnsLookupCb;
+}): typeof dnsLookupCb {
+ const normalizedHost = normalizeHostname(params.hostname);
+ const fallback = params.fallback ?? dnsLookupCb;
+ const fallbackLookup = fallback as unknown as (
+ hostname: string,
+ callback: LookupCallback,
+ ) => void;
+ const fallbackWithOptions = fallback as unknown as (
+ hostname: string,
+ options: unknown,
+ callback: LookupCallback,
+ ) => void;
+ const records = params.addresses.map((address) => ({
+ address,
+ family: address.includes(":") ? 6 : 4,
+ }));
+ let index = 0;
+
+ return ((host: string, options?: unknown, callback?: unknown) => {
+ const cb: LookupCallback =
+ typeof options === "function" ? (options as LookupCallback) : (callback as LookupCallback);
+ if (!cb) return;
+ const normalized = normalizeHostname(host);
+ if (!normalized || normalized !== normalizedHost) {
+ if (typeof options === "function" || options === undefined) {
+ return fallbackLookup(host, cb);
+ }
+ return fallbackWithOptions(host, options, cb);
+ }
+
+ const opts =
+ typeof options === "object" && options !== null
+ ? (options as { all?: boolean; family?: number })
+ : {};
+ const requestedFamily =
+ typeof options === "number" ? options : typeof opts.family === "number" ? opts.family : 0;
+ const candidates =
+ requestedFamily === 4 || requestedFamily === 6
+ ? records.filter((entry) => entry.family === requestedFamily)
+ : records;
+ const usable = candidates.length > 0 ? candidates : records;
+ if (opts.all) {
+ cb(null, usable as LookupAddress[]);
+ return;
+ }
+ const chosen = usable[index % usable.length];
+ index += 1;
+ cb(null, chosen.address, chosen.family);
+ }) as typeof dnsLookupCb;
+}
+
+export type PinnedHostname = {
+ hostname: string;
+ addresses: string[];
+ lookup: typeof dnsLookupCb;
+};
+
+export async function resolvePinnedHostname(
hostname: string,
lookupFn: LookupFn = dnsLookup,
-): Promise {
+): Promise {
const normalized = normalizeHostname(hostname);
if (!normalized) {
throw new Error("Invalid hostname");
@@ -128,4 +197,46 @@ export async function assertPublicHostname(
throw new SsrFBlockedError("Blocked: resolves to private/internal IP address");
}
}
+
+ const addresses = Array.from(new Set(results.map((entry) => entry.address)));
+ if (addresses.length === 0) {
+ throw new Error(`Unable to resolve hostname: ${hostname}`);
+ }
+
+ return {
+ hostname: normalized,
+ addresses,
+ lookup: createPinnedLookup({ hostname: normalized, addresses }),
+ };
+}
+
+export function createPinnedDispatcher(pinned: PinnedHostname): Dispatcher {
+ return new Agent({
+ connect: {
+ lookup: pinned.lookup,
+ },
+ });
+}
+
+export async function closeDispatcher(dispatcher?: Dispatcher | null): Promise {
+ if (!dispatcher) return;
+ const candidate = dispatcher as { close?: () => Promise | void; destroy?: () => void };
+ try {
+ if (typeof candidate.close === "function") {
+ await candidate.close();
+ return;
+ }
+ if (typeof candidate.destroy === "function") {
+ candidate.destroy();
+ }
+ } catch {
+ // ignore dispatcher cleanup errors
+ }
+}
+
+export async function assertPublicHostname(
+ hostname: string,
+ lookupFn: LookupFn = dnsLookup,
+): Promise {
+ await resolvePinnedHostname(hostname, lookupFn);
}
diff --git a/src/infra/provider-usage.auth.ts b/src/infra/provider-usage.auth.ts
index 43e4c10c9..90d73bb59 100644
--- a/src/infra/provider-usage.auth.ts
+++ b/src/infra/provider-usage.auth.ts
@@ -3,7 +3,6 @@ import os from "node:os";
import path from "node:path";
import {
- CLAUDE_CLI_PROFILE_ID,
ensureAuthProfileStore,
listProfilesForProvider,
resolveApiKeyForProfile,
@@ -111,9 +110,7 @@ async function resolveOAuthToken(params: {
provider: params.provider,
});
- // Claude Code CLI creds are the only Anthropic tokens that reliably include the
- // `user:profile` scope required for the OAuth usage endpoint.
- const candidates = params.provider === "anthropic" ? [CLAUDE_CLI_PROFILE_ID, ...order] : order;
+ const candidates = order;
const deduped: string[] = [];
for (const entry of candidates) {
if (!deduped.includes(entry)) deduped.push(entry);
diff --git a/src/infra/provider-usage.test.ts b/src/infra/provider-usage.test.ts
index 7172c2ce9..bf082d559 100644
--- a/src/infra/provider-usage.test.ts
+++ b/src/infra/provider-usage.test.ts
@@ -335,81 +335,6 @@ describe("provider usage loading", () => {
);
});
- it("prefers claude-cli token for Anthropic usage snapshots", async () => {
- await withTempHome(
- async () => {
- const stateDir = process.env.CLAWDBOT_STATE_DIR;
- if (!stateDir) throw new Error("Missing CLAWDBOT_STATE_DIR");
- const agentDir = path.join(stateDir, "agents", "main", "agent");
- fs.mkdirSync(agentDir, { recursive: true, mode: 0o700 });
- fs.writeFileSync(
- path.join(agentDir, "auth-profiles.json"),
- `${JSON.stringify(
- {
- version: 1,
- profiles: {
- "anthropic:default": {
- type: "token",
- provider: "anthropic",
- token: "token-default",
- expires: Date.UTC(2100, 0, 1, 0, 0, 0),
- },
- "anthropic:claude-cli": {
- type: "token",
- provider: "anthropic",
- token: "token-cli",
- expires: Date.UTC(2100, 0, 1, 0, 0, 0),
- },
- },
- },
- null,
- 2,
- )}\n`,
- "utf8",
- );
-
- const makeResponse = (status: number, body: unknown): Response => {
- const payload = typeof body === "string" ? body : JSON.stringify(body);
- const headers =
- typeof body === "string" ? undefined : { "Content-Type": "application/json" };
- return new Response(payload, { status, headers });
- };
-
- const mockFetch = vi.fn, ReturnType>(
- async (input, init) => {
- const url =
- typeof input === "string"
- ? input
- : input instanceof URL
- ? input.toString()
- : input.url;
- if (url.includes("api.anthropic.com/api/oauth/usage")) {
- const headers = (init?.headers ?? {}) as Record;
- expect(headers.Authorization).toBe("Bearer token-cli");
- return makeResponse(200, {
- five_hour: { utilization: 20, resets_at: "2026-01-07T01:00:00Z" },
- });
- }
- return makeResponse(404, "not found");
- },
- );
-
- const summary = await loadProviderUsageSummary({
- now: Date.UTC(2026, 0, 7, 0, 0, 0),
- providers: ["anthropic"],
- agentDir,
- fetch: mockFetch,
- });
-
- expect(summary.providers).toHaveLength(1);
- expect(summary.providers[0]?.provider).toBe("anthropic");
- expect(summary.providers[0]?.windows[0]?.label).toBe("5h");
- expect(mockFetch).toHaveBeenCalled();
- },
- { prefix: "clawdbot-provider-usage-" },
- );
- });
-
it("falls back to claude.ai web usage when OAuth scope is missing", async () => {
const cookieSnapshot = process.env.CLAUDE_AI_SESSION_KEY;
process.env.CLAUDE_AI_SESSION_KEY = "sk-ant-web-1";
diff --git a/src/infra/retry-policy.test.ts b/src/infra/retry-policy.test.ts
new file mode 100644
index 000000000..02aedb087
--- /dev/null
+++ b/src/infra/retry-policy.test.ts
@@ -0,0 +1,27 @@
+import { afterEach, describe, expect, it, vi } from "vitest";
+
+import { createTelegramRetryRunner } from "./retry-policy.js";
+
+describe("createTelegramRetryRunner", () => {
+ afterEach(() => {
+ vi.useRealTimers();
+ });
+
+ it("retries when custom shouldRetry matches non-telegram error", async () => {
+ vi.useFakeTimers();
+ const runner = createTelegramRetryRunner({
+ retry: { attempts: 2, minDelayMs: 0, maxDelayMs: 0, jitter: 0 },
+ shouldRetry: (err) => err instanceof Error && err.message === "boom",
+ });
+ const fn = vi
+ .fn<[], Promise>()
+ .mockRejectedValueOnce(new Error("boom"))
+ .mockResolvedValue("ok");
+
+ const promise = runner(fn, "request");
+ await vi.runAllTimersAsync();
+
+ await expect(promise).resolves.toBe("ok");
+ expect(fn).toHaveBeenCalledTimes(2);
+ });
+});
diff --git a/src/infra/retry-policy.ts b/src/infra/retry-policy.ts
index f5a3c4b33..6d647aa5e 100644
--- a/src/infra/retry-policy.ts
+++ b/src/infra/retry-policy.ts
@@ -72,16 +72,21 @@ export function createTelegramRetryRunner(params: {
retry?: RetryConfig;
configRetry?: RetryConfig;
verbose?: boolean;
+ shouldRetry?: (err: unknown) => boolean;
}): RetryRunner {
const retryConfig = resolveRetryConfig(TELEGRAM_RETRY_DEFAULTS, {
...params.configRetry,
...params.retry,
});
+ const shouldRetry = params.shouldRetry
+ ? (err: unknown) => params.shouldRetry?.(err) || TELEGRAM_RETRY_RE.test(formatErrorMessage(err))
+ : (err: unknown) => TELEGRAM_RETRY_RE.test(formatErrorMessage(err));
+
return (fn: () => Promise, label?: string) =>
retryAsync(fn, {
...retryConfig,
label,
- shouldRetry: (err) => TELEGRAM_RETRY_RE.test(formatErrorMessage(err)),
+ shouldRetry,
retryAfterMs: getTelegramRetryAfterMs,
onRetry: params.verbose
? (info) => {
diff --git a/src/infra/tailscale.test.ts b/src/infra/tailscale.test.ts
index 44429b8aa..cc31c3ca9 100644
--- a/src/infra/tailscale.test.ts
+++ b/src/infra/tailscale.test.ts
@@ -10,7 +10,7 @@ const {
disableTailscaleServe,
ensureFunnel,
} = tailscale;
-const tailscaleBin = expect.stringMatching(/tailscale$/);
+const tailscaleBin = expect.stringMatching(/tailscale$/i);
describe("tailscale helpers", () => {
afterEach(() => {
diff --git a/src/infra/tailscale.ts b/src/infra/tailscale.ts
index 8ff340184..2350670bb 100644
--- a/src/infra/tailscale.ts
+++ b/src/infra/tailscale.ts
@@ -213,6 +213,18 @@ type ExecErrorDetails = {
code?: unknown;
};
+export type TailscaleWhoisIdentity = {
+ login: string;
+ name?: string;
+};
+
+type TailscaleWhoisCacheEntry = {
+ value: TailscaleWhoisIdentity | null;
+ expiresAt: number;
+};
+
+const whoisCache = new Map();
+
function extractExecErrorText(err: unknown) {
const errOutput = err as ExecErrorDetails;
const stdout = typeof errOutput.stdout === "string" ? errOutput.stdout : "";
@@ -381,3 +393,73 @@ export async function disableTailscaleFunnel(exec: typeof runExec = runExec) {
timeoutMs: 15_000,
});
}
+
+function getString(value: unknown): string | undefined {
+ return typeof value === "string" && value.trim() ? value.trim() : undefined;
+}
+
+function readRecord(value: unknown): Record | null {
+ return value && typeof value === "object" ? (value as Record) : null;
+}
+
+function parseWhoisIdentity(payload: Record): TailscaleWhoisIdentity | null {
+ const userProfile =
+ readRecord(payload.UserProfile) ?? readRecord(payload.userProfile) ?? readRecord(payload.User);
+ const login =
+ getString(userProfile?.LoginName) ??
+ getString(userProfile?.Login) ??
+ getString(userProfile?.login) ??
+ getString(payload.LoginName) ??
+ getString(payload.login);
+ if (!login) return null;
+ const name =
+ getString(userProfile?.DisplayName) ??
+ getString(userProfile?.Name) ??
+ getString(userProfile?.displayName) ??
+ getString(payload.DisplayName) ??
+ getString(payload.name);
+ return { login, name };
+}
+
+function readCachedWhois(ip: string, now: number): TailscaleWhoisIdentity | null | undefined {
+ const cached = whoisCache.get(ip);
+ if (!cached) return undefined;
+ if (cached.expiresAt <= now) {
+ whoisCache.delete(ip);
+ return undefined;
+ }
+ return cached.value;
+}
+
+function writeCachedWhois(ip: string, value: TailscaleWhoisIdentity | null, ttlMs: number) {
+ whoisCache.set(ip, { value, expiresAt: Date.now() + ttlMs });
+}
+
+export async function readTailscaleWhoisIdentity(
+ ip: string,
+ exec: typeof runExec = runExec,
+ opts?: { timeoutMs?: number; cacheTtlMs?: number; errorTtlMs?: number },
+): Promise {
+ const normalized = ip.trim();
+ if (!normalized) return null;
+ const now = Date.now();
+ const cached = readCachedWhois(normalized, now);
+ if (cached !== undefined) return cached;
+
+ const cacheTtlMs = opts?.cacheTtlMs ?? 60_000;
+ const errorTtlMs = opts?.errorTtlMs ?? 5_000;
+ try {
+ const tailscaleBin = await getTailscaleBinary();
+ const { stdout } = await exec(tailscaleBin, ["whois", "--json", normalized], {
+ timeoutMs: opts?.timeoutMs ?? 5_000,
+ maxBuffer: 200_000,
+ });
+ const parsed = stdout ? parsePossiblyNoisyJsonObject(stdout) : {};
+ const identity = parseWhoisIdentity(parsed);
+ writeCachedWhois(normalized, identity, cacheTtlMs);
+ return identity;
+ } catch {
+ writeCachedWhois(normalized, null, errorTtlMs);
+ return null;
+ }
+}
diff --git a/src/infra/unhandled-rejections.test.ts b/src/infra/unhandled-rejections.test.ts
new file mode 100644
index 000000000..1ec144ba1
--- /dev/null
+++ b/src/infra/unhandled-rejections.test.ts
@@ -0,0 +1,129 @@
+import { describe, expect, it } from "vitest";
+
+import { isAbortError, isTransientNetworkError } from "./unhandled-rejections.js";
+
+describe("isAbortError", () => {
+ it("returns true for error with name AbortError", () => {
+ const error = new Error("aborted");
+ error.name = "AbortError";
+ expect(isAbortError(error)).toBe(true);
+ });
+
+ it('returns true for error with "This operation was aborted" message', () => {
+ const error = new Error("This operation was aborted");
+ expect(isAbortError(error)).toBe(true);
+ });
+
+ it("returns true for undici-style AbortError", () => {
+ // Node's undici throws errors with this exact message
+ const error = Object.assign(new Error("This operation was aborted"), { name: "AbortError" });
+ expect(isAbortError(error)).toBe(true);
+ });
+
+ it("returns true for object with AbortError name", () => {
+ expect(isAbortError({ name: "AbortError", message: "test" })).toBe(true);
+ });
+
+ it("returns false for regular errors", () => {
+ expect(isAbortError(new Error("Something went wrong"))).toBe(false);
+ expect(isAbortError(new TypeError("Cannot read property"))).toBe(false);
+ expect(isAbortError(new RangeError("Invalid array length"))).toBe(false);
+ });
+
+ it("returns false for errors with similar but different messages", () => {
+ expect(isAbortError(new Error("Operation aborted"))).toBe(false);
+ expect(isAbortError(new Error("aborted"))).toBe(false);
+ expect(isAbortError(new Error("Request was aborted"))).toBe(false);
+ });
+
+ it("returns false for null and undefined", () => {
+ expect(isAbortError(null)).toBe(false);
+ expect(isAbortError(undefined)).toBe(false);
+ });
+
+ it("returns false for non-error values", () => {
+ expect(isAbortError("string error")).toBe(false);
+ expect(isAbortError(42)).toBe(false);
+ });
+
+ it("returns false for plain objects without AbortError name", () => {
+ expect(isAbortError({ message: "plain object" })).toBe(false);
+ });
+});
+
+describe("isTransientNetworkError", () => {
+ it("returns true for errors with transient network codes", () => {
+ const codes = [
+ "ECONNRESET",
+ "ECONNREFUSED",
+ "ENOTFOUND",
+ "ETIMEDOUT",
+ "ESOCKETTIMEDOUT",
+ "ECONNABORTED",
+ "EPIPE",
+ "EHOSTUNREACH",
+ "ENETUNREACH",
+ "EAI_AGAIN",
+ "UND_ERR_CONNECT_TIMEOUT",
+ "UND_ERR_SOCKET",
+ "UND_ERR_HEADERS_TIMEOUT",
+ "UND_ERR_BODY_TIMEOUT",
+ ];
+
+ for (const code of codes) {
+ const error = Object.assign(new Error("test"), { code });
+ expect(isTransientNetworkError(error), `code: ${code}`).toBe(true);
+ }
+ });
+
+ it('returns true for TypeError with "fetch failed" message', () => {
+ const error = new TypeError("fetch failed");
+ expect(isTransientNetworkError(error)).toBe(true);
+ });
+
+ it("returns true for fetch failed with network cause", () => {
+ const cause = Object.assign(new Error("getaddrinfo ENOTFOUND"), { code: "ENOTFOUND" });
+ const error = Object.assign(new TypeError("fetch failed"), { cause });
+ expect(isTransientNetworkError(error)).toBe(true);
+ });
+
+ it("returns true for nested cause chain with network error", () => {
+ const innerCause = Object.assign(new Error("connection reset"), { code: "ECONNRESET" });
+ const outerCause = Object.assign(new Error("wrapper"), { cause: innerCause });
+ const error = Object.assign(new TypeError("fetch failed"), { cause: outerCause });
+ expect(isTransientNetworkError(error)).toBe(true);
+ });
+
+ it("returns true for AggregateError containing network errors", () => {
+ const networkError = Object.assign(new Error("timeout"), { code: "ETIMEDOUT" });
+ const error = new AggregateError([networkError], "Multiple errors");
+ expect(isTransientNetworkError(error)).toBe(true);
+ });
+
+ it("returns false for regular errors without network codes", () => {
+ expect(isTransientNetworkError(new Error("Something went wrong"))).toBe(false);
+ expect(isTransientNetworkError(new TypeError("Cannot read property"))).toBe(false);
+ expect(isTransientNetworkError(new RangeError("Invalid array length"))).toBe(false);
+ });
+
+ it("returns false for errors with non-network codes", () => {
+ const error = Object.assign(new Error("test"), { code: "INVALID_CONFIG" });
+ expect(isTransientNetworkError(error)).toBe(false);
+ });
+
+ it("returns false for null and undefined", () => {
+ expect(isTransientNetworkError(null)).toBe(false);
+ expect(isTransientNetworkError(undefined)).toBe(false);
+ });
+
+ it("returns false for non-error values", () => {
+ expect(isTransientNetworkError("string error")).toBe(false);
+ expect(isTransientNetworkError(42)).toBe(false);
+ expect(isTransientNetworkError({ message: "plain object" })).toBe(false);
+ });
+
+ it("returns false for AggregateError with only non-network errors", () => {
+ const error = new AggregateError([new Error("regular error")], "Multiple errors");
+ expect(isTransientNetworkError(error)).toBe(false);
+ });
+});
diff --git a/src/infra/unhandled-rejections.ts b/src/infra/unhandled-rejections.ts
index c444baaa2..86e80e9a3 100644
--- a/src/infra/unhandled-rejections.ts
+++ b/src/infra/unhandled-rejections.ts
@@ -6,6 +6,83 @@ type UnhandledRejectionHandler = (reason: unknown) => boolean;
const handlers = new Set();
+/**
+ * Checks if an error is an AbortError.
+ * These are typically intentional cancellations (e.g., during shutdown) and shouldn't crash.
+ */
+export function isAbortError(err: unknown): boolean {
+ if (!err || typeof err !== "object") return false;
+ const name = "name" in err ? String(err.name) : "";
+ if (name === "AbortError") return true;
+ // Check for "This operation was aborted" message from Node's undici
+ const message = "message" in err && typeof err.message === "string" ? err.message : "";
+ if (message === "This operation was aborted") return true;
+ return false;
+}
+
+// Network error codes that indicate transient failures (shouldn't crash the gateway)
+const TRANSIENT_NETWORK_CODES = new Set([
+ "ECONNRESET",
+ "ECONNREFUSED",
+ "ENOTFOUND",
+ "ETIMEDOUT",
+ "ESOCKETTIMEDOUT",
+ "ECONNABORTED",
+ "EPIPE",
+ "EHOSTUNREACH",
+ "ENETUNREACH",
+ "EAI_AGAIN",
+ "UND_ERR_CONNECT_TIMEOUT",
+ "UND_ERR_SOCKET",
+ "UND_ERR_HEADERS_TIMEOUT",
+ "UND_ERR_BODY_TIMEOUT",
+]);
+
+function getErrorCode(err: unknown): string | undefined {
+ if (!err || typeof err !== "object") return undefined;
+ const code = (err as { code?: unknown }).code;
+ return typeof code === "string" ? code : undefined;
+}
+
+function getErrorCause(err: unknown): unknown {
+ if (!err || typeof err !== "object") return undefined;
+ return (err as { cause?: unknown }).cause;
+}
+
+/**
+ * Checks if an error is a transient network error that shouldn't crash the gateway.
+ * These are typically temporary connectivity issues that will resolve on their own.
+ */
+export function isTransientNetworkError(err: unknown): boolean {
+ if (!err) return false;
+
+ // Check the error itself
+ const code = getErrorCode(err);
+ if (code && TRANSIENT_NETWORK_CODES.has(code)) return true;
+
+ // "fetch failed" TypeError from undici (Node's native fetch)
+ if (err instanceof TypeError && err.message === "fetch failed") {
+ const cause = getErrorCause(err);
+ // The cause often contains the actual network error
+ if (cause) return isTransientNetworkError(cause);
+ // Even without a cause, "fetch failed" is typically a network issue
+ return true;
+ }
+
+ // Check the cause chain recursively
+ const cause = getErrorCause(err);
+ if (cause && cause !== err) {
+ return isTransientNetworkError(cause);
+ }
+
+ // AggregateError may wrap multiple causes
+ if (err instanceof AggregateError && err.errors?.length) {
+ return err.errors.some((e) => isTransientNetworkError(e));
+ }
+
+ return false;
+}
+
export function registerUnhandledRejectionHandler(handler: UnhandledRejectionHandler): () => void {
handlers.add(handler);
return () => {
@@ -30,6 +107,21 @@ export function isUnhandledRejectionHandled(reason: unknown): boolean {
export function installUnhandledRejectionHandler(): void {
process.on("unhandledRejection", (reason, _promise) => {
if (isUnhandledRejectionHandled(reason)) return;
+
+ // AbortError is typically an intentional cancellation (e.g., during shutdown)
+ // Log it but don't crash - these are expected during graceful shutdown
+ if (isAbortError(reason)) {
+ console.warn("[clawdbot] Suppressed AbortError:", formatUncaughtError(reason));
+ return;
+ }
+
+ // Transient network errors (fetch failed, connection reset, etc.) shouldn't crash
+ // These are temporary connectivity issues that will resolve on their own
+ if (isTransientNetworkError(reason)) {
+ console.error("[clawdbot] Network error (non-fatal):", formatUncaughtError(reason));
+ return;
+ }
+
console.error("[clawdbot] Unhandled promise rejection:", formatUncaughtError(reason));
process.exit(1);
});
diff --git a/src/line/monitor.ts b/src/line/monitor.ts
index 9b40e4460..c6241d97d 100644
--- a/src/line/monitor.ts
+++ b/src/line/monitor.ts
@@ -1,10 +1,10 @@
import type { WebhookRequestBody } from "@line/bot-sdk";
import type { IncomingMessage, ServerResponse } from "node:http";
-import crypto from "node:crypto";
import type { ClawdbotConfig } from "../config/config.js";
import { danger, logVerbose } from "../globals.js";
import type { RuntimeEnv } from "../runtime.js";
import { createLineBot } from "./bot.js";
+import { validateLineSignature } from "./signature.js";
import { normalizePluginHttpPath } from "../plugins/http-path.js";
import { registerPluginHttpRoute } from "../plugins/http-registry.js";
import {
@@ -85,11 +85,6 @@ export function getLineRuntimeState(accountId: string) {
return runtimeState.get(`line:${accountId}`);
}
-function validateLineSignature(body: string, signature: string, channelSecret: string): boolean {
- const hash = crypto.createHmac("SHA256", channelSecret).update(body).digest("base64");
- return hash === signature;
-}
-
async function readRequestBody(req: IncomingMessage): Promise {
return new Promise((resolve, reject) => {
const chunks: Buffer[] = [];
diff --git a/src/line/signature.test.ts b/src/line/signature.test.ts
new file mode 100644
index 000000000..8bd9b1f3f
--- /dev/null
+++ b/src/line/signature.test.ts
@@ -0,0 +1,27 @@
+import crypto from "node:crypto";
+import { describe, expect, it } from "vitest";
+import { validateLineSignature } from "./signature.js";
+
+const sign = (body: string, secret: string) =>
+ crypto.createHmac("SHA256", secret).update(body).digest("base64");
+
+describe("validateLineSignature", () => {
+ it("accepts valid signatures", () => {
+ const secret = "secret";
+ const rawBody = JSON.stringify({ events: [{ type: "message" }] });
+
+ expect(validateLineSignature(rawBody, sign(rawBody, secret), secret)).toBe(true);
+ });
+
+ it("rejects signatures computed with the wrong secret", () => {
+ const rawBody = JSON.stringify({ events: [{ type: "message" }] });
+
+ expect(validateLineSignature(rawBody, sign(rawBody, "wrong-secret"), "secret")).toBe(false);
+ });
+
+ it("rejects signatures with a different length", () => {
+ const rawBody = JSON.stringify({ events: [{ type: "message" }] });
+
+ expect(validateLineSignature(rawBody, "short", "secret")).toBe(false);
+ });
+});
diff --git a/src/line/signature.ts b/src/line/signature.ts
new file mode 100644
index 000000000..771a950ff
--- /dev/null
+++ b/src/line/signature.ts
@@ -0,0 +1,18 @@
+import crypto from "node:crypto";
+
+export function validateLineSignature(
+ body: string,
+ signature: string,
+ channelSecret: string,
+): boolean {
+ const hash = crypto.createHmac("SHA256", channelSecret).update(body).digest("base64");
+ const hashBuffer = Buffer.from(hash);
+ const signatureBuffer = Buffer.from(signature);
+
+ // Use constant-time comparison to prevent timing attacks.
+ if (hashBuffer.length !== signatureBuffer.length) {
+ return false;
+ }
+
+ return crypto.timingSafeEqual(hashBuffer, signatureBuffer);
+}
diff --git a/src/line/webhook.test.ts b/src/line/webhook.test.ts
index af30040b4..731653a09 100644
--- a/src/line/webhook.test.ts
+++ b/src/line/webhook.test.ts
@@ -70,4 +70,41 @@ describe("createLineWebhookMiddleware", () => {
expect(res.status).toHaveBeenCalledWith(400);
expect(onEvents).not.toHaveBeenCalled();
});
+
+ it("rejects webhooks with invalid signatures", async () => {
+ const onEvents = vi.fn(async () => {});
+ const secret = "secret";
+ const rawBody = JSON.stringify({ events: [{ type: "message" }] });
+ const middleware = createLineWebhookMiddleware({ channelSecret: secret, onEvents });
+
+ const req = {
+ headers: { "x-line-signature": "invalid-signature" },
+ body: rawBody,
+ } as any;
+ const res = createRes();
+
+ await middleware(req, res, {} as any);
+
+ expect(res.status).toHaveBeenCalledWith(401);
+ expect(onEvents).not.toHaveBeenCalled();
+ });
+
+ it("rejects webhooks with signatures computed using wrong secret", async () => {
+ const onEvents = vi.fn(async () => {});
+ const correctSecret = "correct-secret";
+ const wrongSecret = "wrong-secret";
+ const rawBody = JSON.stringify({ events: [{ type: "message" }] });
+ const middleware = createLineWebhookMiddleware({ channelSecret: correctSecret, onEvents });
+
+ const req = {
+ headers: { "x-line-signature": sign(rawBody, wrongSecret) },
+ body: rawBody,
+ } as any;
+ const res = createRes();
+
+ await middleware(req, res, {} as any);
+
+ expect(res.status).toHaveBeenCalledWith(401);
+ expect(onEvents).not.toHaveBeenCalled();
+ });
});
diff --git a/src/line/webhook.ts b/src/line/webhook.ts
index 5f5e12441..9986617f9 100644
--- a/src/line/webhook.ts
+++ b/src/line/webhook.ts
@@ -1,8 +1,8 @@
import type { Request, Response, NextFunction } from "express";
-import crypto from "node:crypto";
import type { WebhookRequestBody } from "@line/bot-sdk";
import { logVerbose, danger } from "../globals.js";
import type { RuntimeEnv } from "../runtime.js";
+import { validateLineSignature } from "./signature.js";
export interface LineWebhookOptions {
channelSecret: string;
@@ -10,11 +10,6 @@ export interface LineWebhookOptions {
runtime?: RuntimeEnv;
}
-function validateSignature(body: string, signature: string, channelSecret: string): boolean {
- const hash = crypto.createHmac("SHA256", channelSecret).update(body).digest("base64");
- return hash === signature;
-}
-
function readRawBody(req: Request): string | null {
const rawBody =
(req as { rawBody?: string | Buffer }).rawBody ??
@@ -52,7 +47,7 @@ export function createLineWebhookMiddleware(options: LineWebhookOptions) {
return;
}
- if (!validateSignature(rawBody, signature, channelSecret)) {
+ if (!validateLineSignature(rawBody, signature, channelSecret)) {
logVerbose("line: webhook signature validation failed");
res.status(401).json({ error: "Invalid signature" });
return;
diff --git a/src/media/input-files.ts b/src/media/input-files.ts
index 8b1d1945a..b337e17c5 100644
--- a/src/media/input-files.ts
+++ b/src/media/input-files.ts
@@ -1,5 +1,10 @@
import { logWarn } from "../logger.js";
-import { assertPublicHostname } from "../infra/net/ssrf.js";
+import {
+ closeDispatcher,
+ createPinnedDispatcher,
+ resolvePinnedHostname,
+} from "../infra/net/ssrf.js";
+import type { Dispatcher } from "undici";
type CanvasModule = typeof import("@napi-rs/canvas");
type PdfJsModule = typeof import("pdfjs-dist/legacy/build/pdf.mjs");
@@ -154,50 +159,57 @@ export async function fetchWithGuard(params: {
if (!["http:", "https:"].includes(parsedUrl.protocol)) {
throw new Error(`Invalid URL protocol: ${parsedUrl.protocol}. Only HTTP/HTTPS allowed.`);
}
- await assertPublicHostname(parsedUrl.hostname);
+ const pinned = await resolvePinnedHostname(parsedUrl.hostname);
+ const dispatcher = createPinnedDispatcher(pinned);
- const response = await fetch(parsedUrl, {
- signal: controller.signal,
- headers: { "User-Agent": "Clawdbot-Gateway/1.0" },
- redirect: "manual",
- });
+ try {
+ const response = await fetch(parsedUrl, {
+ signal: controller.signal,
+ headers: { "User-Agent": "Clawdbot-Gateway/1.0" },
+ redirect: "manual",
+ dispatcher,
+ } as RequestInit & { dispatcher: Dispatcher });
- if (isRedirectStatus(response.status)) {
- const location = response.headers.get("location");
- if (!location) {
- throw new Error(`Redirect missing location header (${response.status})`);
+ if (isRedirectStatus(response.status)) {
+ const location = response.headers.get("location");
+ if (!location) {
+ throw new Error(`Redirect missing location header (${response.status})`);
+ }
+ redirectCount += 1;
+ if (redirectCount > params.maxRedirects) {
+ throw new Error(`Too many redirects (limit: ${params.maxRedirects})`);
+ }
+ void response.body?.cancel();
+ currentUrl = new URL(location, parsedUrl).toString();
+ continue;
}
- redirectCount += 1;
- if (redirectCount > params.maxRedirects) {
- throw new Error(`Too many redirects (limit: ${params.maxRedirects})`);
+
+ if (!response.ok) {
+ throw new Error(`Failed to fetch: ${response.status} ${response.statusText}`);
}
- currentUrl = new URL(location, parsedUrl).toString();
- continue;
- }
- if (!response.ok) {
- throw new Error(`Failed to fetch: ${response.status} ${response.statusText}`);
- }
-
- const contentLength = response.headers.get("content-length");
- if (contentLength) {
- const size = parseInt(contentLength, 10);
- if (size > params.maxBytes) {
- throw new Error(`Content too large: ${size} bytes (limit: ${params.maxBytes} bytes)`);
+ const contentLength = response.headers.get("content-length");
+ if (contentLength) {
+ const size = parseInt(contentLength, 10);
+ if (size > params.maxBytes) {
+ throw new Error(`Content too large: ${size} bytes (limit: ${params.maxBytes} bytes)`);
+ }
}
- }
- const buffer = Buffer.from(await response.arrayBuffer());
- if (buffer.byteLength > params.maxBytes) {
- throw new Error(
- `Content too large: ${buffer.byteLength} bytes (limit: ${params.maxBytes} bytes)`,
- );
- }
+ const buffer = Buffer.from(await response.arrayBuffer());
+ if (buffer.byteLength > params.maxBytes) {
+ throw new Error(
+ `Content too large: ${buffer.byteLength} bytes (limit: ${params.maxBytes} bytes)`,
+ );
+ }
- const contentType = response.headers.get("content-type") || undefined;
- const parsed = parseContentType(contentType);
- const mimeType = parsed.mimeType ?? "application/octet-stream";
- return { buffer, mimeType, contentType };
+ const contentType = response.headers.get("content-type") || undefined;
+ const parsed = parseContentType(contentType);
+ const mimeType = parsed.mimeType ?? "application/octet-stream";
+ return { buffer, mimeType, contentType };
+ } finally {
+ await closeDispatcher(dispatcher);
+ }
}
} finally {
clearTimeout(timeoutId);
diff --git a/src/media/store.redirect.test.ts b/src/media/store.redirect.test.ts
index 474f9c050..90dacba9a 100644
--- a/src/media/store.redirect.test.ts
+++ b/src/media/store.redirect.test.ts
@@ -18,6 +18,9 @@ vi.doMock("node:os", () => ({
vi.doMock("node:https", () => ({
request: (...args: unknown[]) => mockRequest(...args),
}));
+vi.doMock("node:dns/promises", () => ({
+ lookup: async () => [{ address: "93.184.216.34", family: 4 }],
+}));
const loadStore = async () => await import("./store.js");
diff --git a/src/media/store.ts b/src/media/store.ts
index cd6c92411..c24614016 100644
--- a/src/media/store.ts
+++ b/src/media/store.ts
@@ -1,10 +1,12 @@
import crypto from "node:crypto";
import { createWriteStream } from "node:fs";
import fs from "node:fs/promises";
-import { request } from "node:https";
+import { request as httpRequest } from "node:http";
+import { request as httpsRequest } from "node:https";
import path from "node:path";
import { pipeline } from "node:stream/promises";
import { resolveConfigDir } from "../utils.js";
+import { resolvePinnedHostname } from "../infra/net/ssrf.js";
import { detectMime, extensionForMime } from "./mime.js";
const resolveMediaDir = () => path.join(resolveConfigDir(), "media");
@@ -88,51 +90,67 @@ async function downloadToFile(
maxRedirects = 5,
): Promise<{ headerMime?: string; sniffBuffer: Buffer; size: number }> {
return await new Promise((resolve, reject) => {
- const req = request(url, { headers }, (res) => {
- // Follow redirects
- if (res.statusCode && res.statusCode >= 300 && res.statusCode < 400) {
- const location = res.headers.location;
- if (!location || maxRedirects <= 0) {
- reject(new Error(`Redirect loop or missing Location header`));
- return;
- }
- const redirectUrl = new URL(location, url).href;
- resolve(downloadToFile(redirectUrl, dest, headers, maxRedirects - 1));
- return;
- }
- if (!res.statusCode || res.statusCode >= 400) {
- reject(new Error(`HTTP ${res.statusCode ?? "?"} downloading media`));
- return;
- }
- let total = 0;
- const sniffChunks: Buffer[] = [];
- let sniffLen = 0;
- const out = createWriteStream(dest);
- res.on("data", (chunk) => {
- total += chunk.length;
- if (sniffLen < 16384) {
- sniffChunks.push(chunk);
- sniffLen += chunk.length;
- }
- if (total > MAX_BYTES) {
- req.destroy(new Error("Media exceeds 5MB limit"));
- }
- });
- pipeline(res, out)
- .then(() => {
- const sniffBuffer = Buffer.concat(sniffChunks, Math.min(sniffLen, 16384));
- const rawHeader = res.headers["content-type"];
- const headerMime = Array.isArray(rawHeader) ? rawHeader[0] : rawHeader;
- resolve({
- headerMime,
- sniffBuffer,
- size: total,
+ let parsedUrl: URL;
+ try {
+ parsedUrl = new URL(url);
+ } catch {
+ reject(new Error("Invalid URL"));
+ return;
+ }
+ if (!["http:", "https:"].includes(parsedUrl.protocol)) {
+ reject(new Error(`Invalid URL protocol: ${parsedUrl.protocol}. Only HTTP/HTTPS allowed.`));
+ return;
+ }
+ const requestImpl = parsedUrl.protocol === "https:" ? httpsRequest : httpRequest;
+ resolvePinnedHostname(parsedUrl.hostname)
+ .then((pinned) => {
+ const req = requestImpl(parsedUrl, { headers, lookup: pinned.lookup }, (res) => {
+ // Follow redirects
+ if (res.statusCode && res.statusCode >= 300 && res.statusCode < 400) {
+ const location = res.headers.location;
+ if (!location || maxRedirects <= 0) {
+ reject(new Error(`Redirect loop or missing Location header`));
+ return;
+ }
+ const redirectUrl = new URL(location, url).href;
+ resolve(downloadToFile(redirectUrl, dest, headers, maxRedirects - 1));
+ return;
+ }
+ if (!res.statusCode || res.statusCode >= 400) {
+ reject(new Error(`HTTP ${res.statusCode ?? "?"} downloading media`));
+ return;
+ }
+ let total = 0;
+ const sniffChunks: Buffer[] = [];
+ let sniffLen = 0;
+ const out = createWriteStream(dest);
+ res.on("data", (chunk) => {
+ total += chunk.length;
+ if (sniffLen < 16384) {
+ sniffChunks.push(chunk);
+ sniffLen += chunk.length;
+ }
+ if (total > MAX_BYTES) {
+ req.destroy(new Error("Media exceeds 5MB limit"));
+ }
});
- })
- .catch(reject);
- });
- req.on("error", reject);
- req.end();
+ pipeline(res, out)
+ .then(() => {
+ const sniffBuffer = Buffer.concat(sniffChunks, Math.min(sniffLen, 16384));
+ const rawHeader = res.headers["content-type"];
+ const headerMime = Array.isArray(rawHeader) ? rawHeader[0] : rawHeader;
+ resolve({
+ headerMime,
+ sniffBuffer,
+ size: total,
+ });
+ })
+ .catch(reject);
+ });
+ req.on("error", reject);
+ req.end();
+ })
+ .catch(reject);
});
}
diff --git a/src/plugin-sdk/index.ts b/src/plugin-sdk/index.ts
index 60782ff6d..c0c201ff0 100644
--- a/src/plugin-sdk/index.ts
+++ b/src/plugin-sdk/index.ts
@@ -63,6 +63,11 @@ export type {
ClawdbotPluginService,
ClawdbotPluginServiceContext,
} from "../plugins/types.js";
+export type {
+ GatewayRequestHandler,
+ GatewayRequestHandlerOptions,
+ RespondFn,
+} from "../gateway/server-methods/types.js";
export type { PluginRuntime } from "../plugins/runtime/types.js";
export { normalizePluginHttpPath } from "../plugins/http-path.js";
export { registerPluginHttpRoute } from "../plugins/http-registry.js";
diff --git a/src/security/audit-extra.ts b/src/security/audit-extra.ts
index 6dce5c896..9aabb9721 100644
--- a/src/security/audit-extra.ts
+++ b/src/security/audit-extra.ts
@@ -22,14 +22,12 @@ import type { SandboxToolPolicy } from "../agents/sandbox/types.js";
import { INCLUDE_KEY, MAX_INCLUDE_DEPTH } from "../config/includes.js";
import { normalizeAgentId } from "../routing/session-key.js";
import {
- formatOctal,
- isGroupReadable,
- isGroupWritable,
- isWorldReadable,
- isWorldWritable,
- modeBits,
+ formatPermissionDetail,
+ formatPermissionRemediation,
+ inspectPathPermissions,
safeStat,
} from "./audit-fs.js";
+import type { ExecFn } from "./windows-acl.js";
export type SecurityAuditFinding = {
checkId: string;
@@ -707,6 +705,9 @@ async function collectIncludePathsRecursive(params: {
export async function collectIncludeFilePermFindings(params: {
configSnapshot: ConfigFileSnapshot;
+ env?: NodeJS.ProcessEnv;
+ platform?: NodeJS.Platform;
+ execIcacls?: ExecFn;
}): Promise {
const findings: SecurityAuditFinding[] = [];
if (!params.configSnapshot.exists) return findings;
@@ -720,32 +721,53 @@ export async function collectIncludeFilePermFindings(params: {
for (const p of includePaths) {
// eslint-disable-next-line no-await-in-loop
- const st = await safeStat(p);
- if (!st.ok) continue;
- const bits = modeBits(st.mode);
- if (isWorldWritable(bits) || isGroupWritable(bits)) {
+ const perms = await inspectPathPermissions(p, {
+ env: params.env,
+ platform: params.platform,
+ exec: params.execIcacls,
+ });
+ if (!perms.ok) continue;
+ if (perms.worldWritable || perms.groupWritable) {
findings.push({
checkId: "fs.config_include.perms_writable",
severity: "critical",
title: "Config include file is writable by others",
- detail: `${p} mode=${formatOctal(bits)}; another user could influence your effective config.`,
- remediation: `chmod 600 ${p}`,
+ detail: `${formatPermissionDetail(p, perms)}; another user could influence your effective config.`,
+ remediation: formatPermissionRemediation({
+ targetPath: p,
+ perms,
+ isDir: false,
+ posixMode: 0o600,
+ env: params.env,
+ }),
});
- } else if (isWorldReadable(bits)) {
+ } else if (perms.worldReadable) {
findings.push({
checkId: "fs.config_include.perms_world_readable",
severity: "critical",
title: "Config include file is world-readable",
- detail: `${p} mode=${formatOctal(bits)}; include files can contain tokens and private settings.`,
- remediation: `chmod 600 ${p}`,
+ detail: `${formatPermissionDetail(p, perms)}; include files can contain tokens and private settings.`,
+ remediation: formatPermissionRemediation({
+ targetPath: p,
+ perms,
+ isDir: false,
+ posixMode: 0o600,
+ env: params.env,
+ }),
});
- } else if (isGroupReadable(bits)) {
+ } else if (perms.groupReadable) {
findings.push({
checkId: "fs.config_include.perms_group_readable",
severity: "warn",
title: "Config include file is group-readable",
- detail: `${p} mode=${formatOctal(bits)}; include files can contain tokens and private settings.`,
- remediation: `chmod 600 ${p}`,
+ detail: `${formatPermissionDetail(p, perms)}; include files can contain tokens and private settings.`,
+ remediation: formatPermissionRemediation({
+ targetPath: p,
+ perms,
+ isDir: false,
+ posixMode: 0o600,
+ env: params.env,
+ }),
});
}
}
@@ -757,28 +779,45 @@ export async function collectStateDeepFilesystemFindings(params: {
cfg: ClawdbotConfig;
env: NodeJS.ProcessEnv;
stateDir: string;
+ platform?: NodeJS.Platform;
+ execIcacls?: ExecFn;
}): Promise {
const findings: SecurityAuditFinding[] = [];
const oauthDir = resolveOAuthDir(params.env, params.stateDir);
- const oauthStat = await safeStat(oauthDir);
- if (oauthStat.ok && oauthStat.isDir) {
- const bits = modeBits(oauthStat.mode);
- if (isWorldWritable(bits) || isGroupWritable(bits)) {
+ const oauthPerms = await inspectPathPermissions(oauthDir, {
+ env: params.env,
+ platform: params.platform,
+ exec: params.execIcacls,
+ });
+ if (oauthPerms.ok && oauthPerms.isDir) {
+ if (oauthPerms.worldWritable || oauthPerms.groupWritable) {
findings.push({
checkId: "fs.credentials_dir.perms_writable",
severity: "critical",
title: "Credentials dir is writable by others",
- detail: `${oauthDir} mode=${formatOctal(bits)}; another user could drop/modify credential files.`,
- remediation: `chmod 700 ${oauthDir}`,
+ detail: `${formatPermissionDetail(oauthDir, oauthPerms)}; another user could drop/modify credential files.`,
+ remediation: formatPermissionRemediation({
+ targetPath: oauthDir,
+ perms: oauthPerms,
+ isDir: true,
+ posixMode: 0o700,
+ env: params.env,
+ }),
});
- } else if (isGroupReadable(bits) || isWorldReadable(bits)) {
+ } else if (oauthPerms.groupReadable || oauthPerms.worldReadable) {
findings.push({
checkId: "fs.credentials_dir.perms_readable",
severity: "warn",
title: "Credentials dir is readable by others",
- detail: `${oauthDir} mode=${formatOctal(bits)}; credentials and allowlists can be sensitive.`,
- remediation: `chmod 700 ${oauthDir}`,
+ detail: `${formatPermissionDetail(oauthDir, oauthPerms)}; credentials and allowlists can be sensitive.`,
+ remediation: formatPermissionRemediation({
+ targetPath: oauthDir,
+ perms: oauthPerms,
+ isDir: true,
+ posixMode: 0o700,
+ env: params.env,
+ }),
});
}
}
@@ -795,40 +834,64 @@ export async function collectStateDeepFilesystemFindings(params: {
const agentDir = path.join(params.stateDir, "agents", agentId, "agent");
const authPath = path.join(agentDir, "auth-profiles.json");
// eslint-disable-next-line no-await-in-loop
- const authStat = await safeStat(authPath);
- if (authStat.ok) {
- const bits = modeBits(authStat.mode);
- if (isWorldWritable(bits) || isGroupWritable(bits)) {
+ const authPerms = await inspectPathPermissions(authPath, {
+ env: params.env,
+ platform: params.platform,
+ exec: params.execIcacls,
+ });
+ if (authPerms.ok) {
+ if (authPerms.worldWritable || authPerms.groupWritable) {
findings.push({
checkId: "fs.auth_profiles.perms_writable",
severity: "critical",
title: "auth-profiles.json is writable by others",
- detail: `${authPath} mode=${formatOctal(bits)}; another user could inject credentials.`,
- remediation: `chmod 600 ${authPath}`,
+ detail: `${formatPermissionDetail(authPath, authPerms)}; another user could inject credentials.`,
+ remediation: formatPermissionRemediation({
+ targetPath: authPath,
+ perms: authPerms,
+ isDir: false,
+ posixMode: 0o600,
+ env: params.env,
+ }),
});
- } else if (isWorldReadable(bits) || isGroupReadable(bits)) {
+ } else if (authPerms.worldReadable || authPerms.groupReadable) {
findings.push({
checkId: "fs.auth_profiles.perms_readable",
severity: "warn",
title: "auth-profiles.json is readable by others",
- detail: `${authPath} mode=${formatOctal(bits)}; auth-profiles.json contains API keys and OAuth tokens.`,
- remediation: `chmod 600 ${authPath}`,
+ detail: `${formatPermissionDetail(authPath, authPerms)}; auth-profiles.json contains API keys and OAuth tokens.`,
+ remediation: formatPermissionRemediation({
+ targetPath: authPath,
+ perms: authPerms,
+ isDir: false,
+ posixMode: 0o600,
+ env: params.env,
+ }),
});
}
}
const storePath = path.join(params.stateDir, "agents", agentId, "sessions", "sessions.json");
// eslint-disable-next-line no-await-in-loop
- const storeStat = await safeStat(storePath);
- if (storeStat.ok) {
- const bits = modeBits(storeStat.mode);
- if (isWorldReadable(bits) || isGroupReadable(bits)) {
+ const storePerms = await inspectPathPermissions(storePath, {
+ env: params.env,
+ platform: params.platform,
+ exec: params.execIcacls,
+ });
+ if (storePerms.ok) {
+ if (storePerms.worldReadable || storePerms.groupReadable) {
findings.push({
checkId: "fs.sessions_store.perms_readable",
severity: "warn",
title: "sessions.json is readable by others",
- detail: `${storePath} mode=${formatOctal(bits)}; routing and transcript metadata can be sensitive.`,
- remediation: `chmod 600 ${storePath}`,
+ detail: `${formatPermissionDetail(storePath, storePerms)}; routing and transcript metadata can be sensitive.`,
+ remediation: formatPermissionRemediation({
+ targetPath: storePath,
+ perms: storePerms,
+ isDir: false,
+ posixMode: 0o600,
+ env: params.env,
+ }),
});
}
}
@@ -840,16 +903,25 @@ export async function collectStateDeepFilesystemFindings(params: {
const expanded = logFile.startsWith("~") ? expandTilde(logFile, params.env) : logFile;
if (expanded) {
const logPath = path.resolve(expanded);
- const st = await safeStat(logPath);
- if (st.ok) {
- const bits = modeBits(st.mode);
- if (isWorldReadable(bits) || isGroupReadable(bits)) {
+ const logPerms = await inspectPathPermissions(logPath, {
+ env: params.env,
+ platform: params.platform,
+ exec: params.execIcacls,
+ });
+ if (logPerms.ok) {
+ if (logPerms.worldReadable || logPerms.groupReadable) {
findings.push({
checkId: "fs.log_file.perms_readable",
severity: "warn",
title: "Log file is readable by others",
- detail: `${logPath} mode=${formatOctal(bits)}; logs can contain private messages and tool output.`,
- remediation: `chmod 600 ${logPath}`,
+ detail: `${formatPermissionDetail(logPath, logPerms)}; logs can contain private messages and tool output.`,
+ remediation: formatPermissionRemediation({
+ targetPath: logPath,
+ perms: logPerms,
+ isDir: false,
+ posixMode: 0o600,
+ env: params.env,
+ }),
});
}
}
diff --git a/src/security/audit-fs.ts b/src/security/audit-fs.ts
index 5832b64f8..6bf0aec26 100644
--- a/src/security/audit-fs.ts
+++ b/src/security/audit-fs.ts
@@ -1,5 +1,33 @@
import fs from "node:fs/promises";
+import {
+ formatIcaclsResetCommand,
+ formatWindowsAclSummary,
+ inspectWindowsAcl,
+ type ExecFn,
+} from "./windows-acl.js";
+
+export type PermissionCheck = {
+ ok: boolean;
+ isSymlink: boolean;
+ isDir: boolean;
+ mode: number | null;
+ bits: number | null;
+ source: "posix" | "windows-acl" | "unknown";
+ worldWritable: boolean;
+ groupWritable: boolean;
+ worldReadable: boolean;
+ groupReadable: boolean;
+ aclSummary?: string;
+ error?: string;
+};
+
+export type PermissionCheckOptions = {
+ platform?: NodeJS.Platform;
+ env?: NodeJS.ProcessEnv;
+ exec?: ExecFn;
+};
+
export async function safeStat(targetPath: string): Promise<{
ok: boolean;
isSymlink: boolean;
@@ -32,6 +60,98 @@ export async function safeStat(targetPath: string): Promise<{
}
}
+export async function inspectPathPermissions(
+ targetPath: string,
+ opts?: PermissionCheckOptions,
+): Promise {
+ const st = await safeStat(targetPath);
+ if (!st.ok) {
+ return {
+ ok: false,
+ isSymlink: false,
+ isDir: false,
+ mode: null,
+ bits: null,
+ source: "unknown",
+ worldWritable: false,
+ groupWritable: false,
+ worldReadable: false,
+ groupReadable: false,
+ error: st.error,
+ };
+ }
+
+ const bits = modeBits(st.mode);
+ const platform = opts?.platform ?? process.platform;
+
+ if (platform === "win32") {
+ const acl = await inspectWindowsAcl(targetPath, { env: opts?.env, exec: opts?.exec });
+ if (!acl.ok) {
+ return {
+ ok: true,
+ isSymlink: st.isSymlink,
+ isDir: st.isDir,
+ mode: st.mode,
+ bits,
+ source: "unknown",
+ worldWritable: false,
+ groupWritable: false,
+ worldReadable: false,
+ groupReadable: false,
+ error: acl.error,
+ };
+ }
+ return {
+ ok: true,
+ isSymlink: st.isSymlink,
+ isDir: st.isDir,
+ mode: st.mode,
+ bits,
+ source: "windows-acl",
+ worldWritable: acl.untrustedWorld.some((entry) => entry.canWrite),
+ groupWritable: acl.untrustedGroup.some((entry) => entry.canWrite),
+ worldReadable: acl.untrustedWorld.some((entry) => entry.canRead),
+ groupReadable: acl.untrustedGroup.some((entry) => entry.canRead),
+ aclSummary: formatWindowsAclSummary(acl),
+ };
+ }
+
+ return {
+ ok: true,
+ isSymlink: st.isSymlink,
+ isDir: st.isDir,
+ mode: st.mode,
+ bits,
+ source: "posix",
+ worldWritable: isWorldWritable(bits),
+ groupWritable: isGroupWritable(bits),
+ worldReadable: isWorldReadable(bits),
+ groupReadable: isGroupReadable(bits),
+ };
+}
+
+export function formatPermissionDetail(targetPath: string, perms: PermissionCheck): string {
+ if (perms.source === "windows-acl") {
+ const summary = perms.aclSummary ?? "unknown";
+ return `${targetPath} acl=${summary}`;
+ }
+ return `${targetPath} mode=${formatOctal(perms.bits)}`;
+}
+
+export function formatPermissionRemediation(params: {
+ targetPath: string;
+ perms: PermissionCheck;
+ isDir: boolean;
+ posixMode: number;
+ env?: NodeJS.ProcessEnv;
+}): string {
+ if (params.perms.source === "windows-acl") {
+ return formatIcaclsResetCommand(params.targetPath, { isDir: params.isDir, env: params.env });
+ }
+ const mode = params.posixMode.toString(8).padStart(3, "0");
+ return `chmod ${mode} ${params.targetPath}`;
+}
+
export function modeBits(mode: number | null): number | null {
if (mode == null) return null;
return mode & 0o777;
diff --git a/src/security/audit.test.ts b/src/security/audit.test.ts
index 2ee7e27ee..3a43ff4cc 100644
--- a/src/security/audit.test.ts
+++ b/src/security/audit.test.ts
@@ -44,6 +44,7 @@ describe("security audit", () => {
const res = await runSecurityAudit({
config: cfg,
+ env: {},
includeFilesystem: false,
includeChannelSecurity: false,
});
@@ -82,12 +83,13 @@ describe("security audit", () => {
gateway: {
bind: "loopback",
controlUi: { enabled: true },
- auth: { mode: "none" as any },
+ auth: {},
},
};
const res = await runSecurityAudit({
config: cfg,
+ env: {},
includeFilesystem: false,
includeChannelSecurity: false,
});
@@ -120,6 +122,83 @@ describe("security audit", () => {
);
});
+ it("treats Windows ACL-only perms as secure", async () => {
+ const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-security-audit-win-"));
+ const stateDir = path.join(tmp, "state");
+ await fs.mkdir(stateDir, { recursive: true });
+ const configPath = path.join(stateDir, "clawdbot.json");
+ await fs.writeFile(configPath, "{}\n", "utf-8");
+
+ const user = "DESKTOP-TEST\\Tester";
+ const execIcacls = async (_cmd: string, args: string[]) => ({
+ stdout: `${args[0]} NT AUTHORITY\\SYSTEM:(F)\n ${user}:(F)\n`,
+ stderr: "",
+ });
+
+ const res = await runSecurityAudit({
+ config: {},
+ includeFilesystem: true,
+ includeChannelSecurity: false,
+ stateDir,
+ configPath,
+ platform: "win32",
+ env: { ...process.env, USERNAME: "Tester", USERDOMAIN: "DESKTOP-TEST" },
+ execIcacls,
+ });
+
+ const forbidden = new Set([
+ "fs.state_dir.perms_world_writable",
+ "fs.state_dir.perms_group_writable",
+ "fs.state_dir.perms_readable",
+ "fs.config.perms_writable",
+ "fs.config.perms_world_readable",
+ "fs.config.perms_group_readable",
+ ]);
+ for (const id of forbidden) {
+ expect(res.findings.some((f) => f.checkId === id)).toBe(false);
+ }
+ });
+
+ it("flags Windows ACLs when Users can read the state dir", async () => {
+ const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-security-audit-win-open-"));
+ const stateDir = path.join(tmp, "state");
+ await fs.mkdir(stateDir, { recursive: true });
+ const configPath = path.join(stateDir, "clawdbot.json");
+ await fs.writeFile(configPath, "{}\n", "utf-8");
+
+ const user = "DESKTOP-TEST\\Tester";
+ const execIcacls = async (_cmd: string, args: string[]) => {
+ const target = args[0];
+ if (target === stateDir) {
+ return {
+ stdout: `${target} NT AUTHORITY\\SYSTEM:(F)\n BUILTIN\\Users:(RX)\n ${user}:(F)\n`,
+ stderr: "",
+ };
+ }
+ return {
+ stdout: `${target} NT AUTHORITY\\SYSTEM:(F)\n ${user}:(F)\n`,
+ stderr: "",
+ };
+ };
+
+ const res = await runSecurityAudit({
+ config: {},
+ includeFilesystem: true,
+ includeChannelSecurity: false,
+ stateDir,
+ configPath,
+ platform: "win32",
+ env: { ...process.env, USERNAME: "Tester", USERDOMAIN: "DESKTOP-TEST" },
+ execIcacls,
+ });
+
+ expect(
+ res.findings.some(
+ (f) => f.checkId === "fs.state_dir.perms_readable" && f.severity === "warn",
+ ),
+ ).toBe(true);
+ });
+
it("warns when small models are paired with web/browser tools", async () => {
const cfg: ClawdbotConfig = {
agents: { defaults: { model: { primary: "ollama/mistral-8b" } } },
@@ -293,7 +372,30 @@ describe("security audit", () => {
expect.arrayContaining([
expect.objectContaining({
checkId: "gateway.control_ui.insecure_auth",
- severity: "warn",
+ severity: "critical",
+ }),
+ ]),
+ );
+ });
+
+ it("warns when control UI device auth is disabled", async () => {
+ const cfg: ClawdbotConfig = {
+ gateway: {
+ controlUi: { dangerouslyDisableDeviceAuth: true },
+ },
+ };
+
+ const res = await runSecurityAudit({
+ config: cfg,
+ includeFilesystem: false,
+ includeChannelSecurity: false,
+ });
+
+ expect(res.findings).toEqual(
+ expect.arrayContaining([
+ expect.objectContaining({
+ checkId: "gateway.control_ui.device_auth_disabled",
+ severity: "critical",
}),
]),
);
@@ -755,30 +857,62 @@ describe("security audit", () => {
const includePath = path.join(stateDir, "extra.json5");
await fs.writeFile(includePath, "{ logging: { redactSensitive: 'off' } }\n", "utf-8");
- await fs.chmod(includePath, 0o644);
+ if (isWindows) {
+ // Grant "Everyone" write access to trigger the perms_writable check on Windows
+ const { execSync } = await import("node:child_process");
+ execSync(`icacls "${includePath}" /grant Everyone:W`, { stdio: "ignore" });
+ } else {
+ await fs.chmod(includePath, 0o644);
+ }
const configPath = path.join(stateDir, "clawdbot.json");
await fs.writeFile(configPath, `{ "$include": "./extra.json5" }\n`, "utf-8");
await fs.chmod(configPath, 0o600);
- const cfg: ClawdbotConfig = { logging: { redactSensitive: "off" } };
- const res = await runSecurityAudit({
- config: cfg,
- includeFilesystem: true,
- includeChannelSecurity: false,
- stateDir,
- configPath,
- });
+ try {
+ const cfg: ClawdbotConfig = { logging: { redactSensitive: "off" } };
+ const user = "DESKTOP-TEST\\Tester";
+ const execIcacls = isWindows
+ ? async (_cmd: string, args: string[]) => {
+ const target = args[0];
+ if (target === includePath) {
+ return {
+ stdout: `${target} NT AUTHORITY\\SYSTEM:(F)\n BUILTIN\\Users:(W)\n ${user}:(F)\n`,
+ stderr: "",
+ };
+ }
+ return {
+ stdout: `${target} NT AUTHORITY\\SYSTEM:(F)\n ${user}:(F)\n`,
+ stderr: "",
+ };
+ }
+ : undefined;
+ const res = await runSecurityAudit({
+ config: cfg,
+ includeFilesystem: true,
+ includeChannelSecurity: false,
+ stateDir,
+ configPath,
+ platform: isWindows ? "win32" : undefined,
+ env: isWindows
+ ? { ...process.env, USERNAME: "Tester", USERDOMAIN: "DESKTOP-TEST" }
+ : undefined,
+ execIcacls,
+ });
- const expectedCheckId = isWindows
- ? "fs.config_include.perms_writable"
- : "fs.config_include.perms_world_readable";
+ const expectedCheckId = isWindows
+ ? "fs.config_include.perms_writable"
+ : "fs.config_include.perms_world_readable";
- expect(res.findings).toEqual(
- expect.arrayContaining([
- expect.objectContaining({ checkId: expectedCheckId, severity: "critical" }),
- ]),
- );
+ expect(res.findings).toEqual(
+ expect.arrayContaining([
+ expect.objectContaining({ checkId: expectedCheckId, severity: "critical" }),
+ ]),
+ );
+ } finally {
+ // Clean up temp directory with world-writable file
+ await fs.rm(tmp, { recursive: true, force: true });
+ }
});
it("flags extensions without plugins.allow", async () => {
diff --git a/src/security/audit.ts b/src/security/audit.ts
index 3695cf049..6cac2c37c 100644
--- a/src/security/audit.ts
+++ b/src/security/audit.ts
@@ -24,14 +24,11 @@ import {
import { readChannelAllowFromStore } from "../pairing/pairing-store.js";
import { resolveNativeCommandsEnabled, resolveNativeSkillsEnabled } from "../config/commands.js";
import {
- formatOctal,
- isGroupReadable,
- isGroupWritable,
- isWorldReadable,
- isWorldWritable,
- modeBits,
- safeStat,
+ formatPermissionDetail,
+ formatPermissionRemediation,
+ inspectPathPermissions,
} from "./audit-fs.js";
+import type { ExecFn } from "./windows-acl.js";
export type SecurityAuditSeverity = "info" | "warn" | "critical";
@@ -66,6 +63,8 @@ export type SecurityAuditReport = {
export type SecurityAuditOptions = {
config: ClawdbotConfig;
+ env?: NodeJS.ProcessEnv;
+ platform?: NodeJS.Platform;
deep?: boolean;
includeFilesystem?: boolean;
includeChannelSecurity?: boolean;
@@ -79,6 +78,8 @@ export type SecurityAuditOptions = {
plugins?: ReturnType