import { n as GatewayClientName$1, t as GatewayClientMode$1 } from "./client-info-CgGSgtDZ.js"; import { P as GatewayAuthConfig, i as OpenClawConfig, it as GatewayTailscaleMode, rt as GatewayTailscaleConfig, st as GatewayTrustedProxyConfig } from "./types.openclaw-CpnoYlBx.js"; import { a as EventFrame, n as errorShape, t as ErrorCodes } from "./schema-CKQIsrVB.js"; import { a as DeviceIdentity$1, n as GatewayClientOptions$1, t as GatewayClient } from "./client-B9hm5PoR.js"; import { t as OperatorScope } from "./operator-scopes-Phea7r7e.js"; import { c as DEFAULT_PLUGIN_NODE_CAPABILITY_TTL_MS, d as PluginNodeCapabilitySurface, f as buildPluginNodeCapabilityScopedHostUrl, i as GatewayRequestHandlers, l as NormalizedPluginNodeCapabilityUrl, m as normalizePluginNodeCapabilityScopedUrl, o as RespondFn, p as mintPluginNodeCapabilityToken, r as GatewayRequestHandlerOptions, s as NodeSession, u as PLUGIN_NODE_CAPABILITY_PATH_PREFIX } from "./types-DxShel1i.js"; import { t as isLoopbackHost } from "./net-F7HGAsK5.js"; import { t as rawDataToString } from "./ws-DPQUGEy8.js"; import { GatewayClientMode, GatewayClientName } from "@openclaw/gateway-protocol/client-info"; import { Command } from "commander"; import { EventFrame as EventFrame$1, HelloOk } from "@openclaw/gateway-protocol"; //#region src/gateway/channel-status-patches.d.ts /** Patch emitted when a channel connection is established. */ type ConnectedChannelStatusPatch = { connected: true; lastConnectedAt: number; lastEventAt: number; }; /** Patch emitted when a channel transport reports activity without reconnecting. */ type TransportActivityChannelStatusPatch = { lastTransportActivityAt: number; }; /** Creates a connected-channel status patch with matching connection/event timestamps. */ declare function createConnectedChannelStatusPatch(at?: number): ConnectedChannelStatusPatch; /** Creates a transport-activity patch for health/activity monitors. */ declare function createTransportActivityStatusPatch(at?: number): TransportActivityChannelStatusPatch; //#endregion //#region src/cli/gateway-rpc.types.d.ts /** Common gateway RPC flags accepted by direct gateway command helpers. */ type GatewayRpcOpts = { url?: string; token?: string; timeout?: string; expectFinal?: boolean; json?: boolean; }; //#endregion //#region src/cli/gateway-rpc.d.ts declare function addGatewayClientOptions(cmd: Command): Command; declare function callGatewayFromCli(method: string, opts: GatewayRpcOpts, params?: unknown, extra?: { clientName?: GatewayClientName$1; mode?: GatewayClientMode$1; deviceIdentity?: DeviceIdentity$1 | null; expectFinal?: boolean; progress?: boolean; scopes?: OperatorScope[]; }): Promise>; //#endregion //#region src/gateway/hosted-plugin-surface-url.d.ts type HostSource = string | null | undefined; /** Inputs used to infer the externally reachable plugin surface URL. */ type HostedPluginSurfaceUrlParams = { port?: number; hostOverride?: HostSource; forwardedHost?: HostSource | HostSource[]; requestHost?: HostSource; forwardedProto?: HostSource | HostSource[]; localAddress?: HostSource; scheme?: "http" | "https"; }; /** Resolve the URL that plugins should advertise for hosted node surfaces. */ declare function resolveHostedPluginSurfaceUrl(params: HostedPluginSurfaceUrlParams): string | undefined; //#endregion //#region src/gateway/node-command-policy.d.ts type NodeCommandPolicyNode = Pick & Partial> & { approvedCommands?: readonly string[]; }; declare function resolveNodeCommandAllowlist(cfg: OpenClawConfig, node?: NodeCommandPolicyNode): Set; declare function isNodeCommandAllowed(params: { command: string; declaredCommands?: string[]; allowlist: Set; }): { ok: true; } | { ok: false; reason: string; }; //#endregion //#region src/shared/node-match.d.ts /** * Shared node-selection policy for CLI, gateway-facing SDK helpers, and plugins. * * Exact ids, remote IPs, normalized display names, and long id prefixes are the * only accepted query shapes; fuzzy ordering lives here so callers agree. */ /** Node fields accepted by shared CLI/API node selection helpers. */ type NodeMatchCandidate = { /** Stable node id used for RPC/session routing. */nodeId: string; /** Human-facing node name used for fuzzy operator input. */ displayName?: string; /** Tailscale or network address accepted as an exact match. */ remoteIp?: string; /** Connected nodes win only after the strongest match type is chosen. */ connected?: boolean; /** Client id used to prefer current OpenClaw nodes over legacy migration ties. */ clientId?: string; }; //#endregion //#region src/shared/node-resolve.d.ts type ResolveNodeFromListOptions = { allowDefault?: boolean; pickDefaultNode?: (nodes: TNode[]) => TNode | null; }; /** Resolves a user query to a node id, optionally using a caller-defined blank-query default. */ declare function resolveNodeIdFromNodeList(nodes: TNode[], query?: string, options?: ResolveNodeFromListOptions): string; /** Resolves a full node entry, preserving synthetic defaults returned by the picker. */ declare function resolveNodeFromNodeList(nodes: TNode[], query?: string, options?: ResolveNodeFromListOptions): TNode; //#endregion //#region src/gateway/server-json.d.ts /** Safely parses an optional JSON string, returning a payloadJSON wrapper on parse failure. */ declare function safeParseJson(value: string | null | undefined): unknown; //#endregion //#region src/gateway/server-methods/nodes.helpers.d.ts /** Narrows successful node invoke results or responds with the node error details. */ declare function respondUnavailableOnNodeInvokeError(respond: RespondFn, res: T): res is T & { ok: true; }; //#endregion //#region src/gateway/auth-resolve.d.ts /** Authentication modes after config, override, and credential inputs are combined. */ type ResolvedGatewayAuthMode = "none" | "token" | "password" | "trusted-proxy"; /** Records which input selected the effective Gateway auth mode. */ type ResolvedGatewayAuthModeSource = "override" | "config" | "password" | "token" | "default"; /** Fully resolved Gateway auth policy before startup validates required secrets. */ type ResolvedGatewayAuth = { mode: ResolvedGatewayAuthMode; modeSource?: ResolvedGatewayAuthModeSource; token?: string; password?: string; allowTailscale: boolean; trustedProxy?: GatewayTrustedProxyConfig; }; /** Resolve Gateway auth mode, credentials, trusted-proxy policy, and Tailscale allowance. */ declare function resolveGatewayAuth(params: { authConfig?: GatewayAuthConfig | null; authOverride?: GatewayAuthConfig | null; env?: NodeJS.ProcessEnv; tailscaleMode?: GatewayTailscaleMode; }): ResolvedGatewayAuth; //#endregion //#region src/gateway/startup-auth.d.ts /** Ensure startup has effective Gateway auth, generating only an ephemeral token if needed. */ declare function ensureGatewayStartupAuth(params: { cfg: OpenClawConfig; env?: NodeJS.ProcessEnv; authOverride?: GatewayAuthConfig; tailscaleOverride?: GatewayTailscaleConfig; warn?: (message: string) => void; /** * Legacy startup option retained for external callers. Startup-generated auth * is runtime-only; durable auth changes must go through explicit config tools. */ persist?: boolean; baseHash?: string; }): Promise<{ cfg: OpenClawConfig; auth: ReturnType; generatedToken?: string; persistedGeneratedToken: boolean; }>; //#endregion //#region packages/gateway-client/src/client.d.ts type DeviceIdentity = { deviceId: string; privateKeyPem: string; publicKeyPem: string; }; type DeviceAuthTokenRecord = { token?: string; scopes?: string[]; }; type GatewayClientHostDeps = { loadOrCreateDeviceIdentity?: () => DeviceIdentity | undefined; signDevicePayload?: (privateKeyPem: string, payload: string) => string; publicKeyRawBase64UrlFromPem?: (publicKeyPem: string) => string; loadDeviceAuthToken?: (params: { deviceId: string; role: string; env?: NodeJS.ProcessEnv; }) => DeviceAuthTokenRecord | null; storeDeviceAuthToken?: (params: { deviceId: string; role: string; token: string; scopes: string[]; env?: NodeJS.ProcessEnv; }) => void; clearDeviceAuthToken?: (params: { deviceId: string; role: string; env?: NodeJS.ProcessEnv; }) => void; beforeConnect?: () => void; registerGatewayLoopbackBypass?: (url: string) => (() => void) | undefined; logDebug?: (message: string) => void; logError?: (message: string) => void; redactForLog?: (message: string) => string; normalizeTlsFingerprint?: (fingerprint: string | undefined) => string; }; type GatewayReconnectPausedInfo = { code: number; reason: string; detailCode: string | null; }; type GatewayClientOptions = { url?: string; connectChallengeTimeoutMs?: number; /** @deprecated Use connectChallengeTimeoutMs. */ connectDelayMs?: number; /** * Server-side pre-auth handshake budget. Config-derived local clients use * this to keep the connect-challenge watchdog aligned with the gateway. */ preauthHandshakeTimeoutMs?: number; tickWatchMinIntervalMs?: number; tickWatchTimeoutMs?: number; requestTimeoutMs?: number; token?: string; bootstrapToken?: string; deviceToken?: string; password?: string; approvalRuntimeToken?: string; instanceId?: string; clientName?: GatewayClientName; clientDisplayName?: string; clientVersion?: string; platform?: string; deviceFamily?: string; mode?: GatewayClientMode; role?: string; scopes?: string[]; caps?: string[]; commands?: string[]; permissions?: Record; pathEnv?: string; env?: NodeJS.ProcessEnv; deviceIdentity?: DeviceIdentity | null; hostDeps?: GatewayClientHostDeps; minProtocol?: number; maxProtocol?: number; tlsFingerprint?: string; onEvent?: (evt: EventFrame$1) => void; onHelloOk?: (hello: HelloOk) => void; onConnectError?: (err: Error) => void; onReconnectPaused?: (info: GatewayReconnectPausedInfo) => void; onClose?: (code: number, reason: string) => void; onGap?: (info: { expected: number; received: number; }) => void; }; //#endregion //#region packages/gateway-client/src/event-loop-ready.d.ts /** Readiness probe outcome with timing data for diagnosing event-loop stalls. */ type EventLoopReadyResult = { ready: boolean; elapsedMs: number; maxDriftMs: number; checks: number; aborted: boolean; }; //#endregion //#region packages/gateway-client/src/readiness.d.ts type GatewayClientStartable = { start(): void; }; /** Timeout and abort controls for delaying client start until the loop can process IO. */ type GatewayClientStartReadinessOptions = { timeoutMs?: number; clientOptions?: Pick; signal?: AbortSignal; }; //#endregion //#region src/gateway/client-start-readiness.d.ts /** Starts a gateway client once the shared event-loop readiness check passes. */ declare function startGatewayClientWhenEventLoopReady(client: GatewayClientStartable, options?: GatewayClientStartReadinessOptions): Promise; //#endregion //#region src/gateway/operator-approvals-client.d.ts /** Create a Gateway client authorized for operator approval event handling. */ declare function createOperatorApprovalsGatewayClient(params: Pick & { config: OpenClawConfig; gatewayUrl?: string; }): Promise; /** Run a callback with a started operator-approvals Gateway client and close it after. */ declare function withOperatorApprovalsGatewayClient(params: { config: OpenClawConfig; gatewayUrl?: string; clientDisplayName: string; }, run: (client: GatewayClient) => Promise): Promise; //#endregion export { ConnectedChannelStatusPatch, DEFAULT_PLUGIN_NODE_CAPABILITY_TTL_MS, ErrorCodes, type EventFrame, GatewayClient, type GatewayRequestHandlerOptions, type GatewayRequestHandlers, type GatewayRpcOpts, type HostedPluginSurfaceUrlParams, type NodeMatchCandidate, type NodeSession, type NormalizedPluginNodeCapabilityUrl, PLUGIN_NODE_CAPABILITY_PATH_PREFIX, type PluginNodeCapabilitySurface, TransportActivityChannelStatusPatch, addGatewayClientOptions, buildPluginNodeCapabilityScopedHostUrl, callGatewayFromCli, createConnectedChannelStatusPatch, createOperatorApprovalsGatewayClient, createTransportActivityStatusPatch, ensureGatewayStartupAuth, errorShape, isLoopbackHost, isNodeCommandAllowed, mintPluginNodeCapabilityToken, normalizePluginNodeCapabilityScopedUrl, rawDataToString, resolveGatewayAuth, resolveHostedPluginSurfaceUrl, resolveNodeCommandAllowlist, resolveNodeFromNodeList, resolveNodeIdFromNodeList, respondUnavailableOnNodeInvokeError, safeParseJson, startGatewayClientWhenEventLoopReady, withOperatorApprovalsGatewayClient };