clawshell 0.2.1

A security privileged process for the OpenClaw ecosystem.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148

use std::path::PathBuf;

#[derive(Debug, Default, Clone, Copy, PartialEq, Eq)]
pub struct OpenclawCredentialCleanupSummary {
    pub dot_env_entries_removed: usize,
    pub auth_profile_files_updated: usize,
    pub auth_profile_entries_removed: usize,
    pub oauth_entries_removed: usize,
    pub backup_files_created: usize,
}

impl OpenclawCredentialCleanupSummary {
    pub fn has_changes(&self) -> bool {
        self.dot_env_entries_removed > 0
            || self.auth_profile_files_updated > 0
            || self.auth_profile_entries_removed > 0
            || self.oauth_entries_removed > 0
            || self.backup_files_created > 0
    }
}

#[derive(Debug, Default, Clone, PartialEq, Eq)]
pub struct OpenclawCredentialCleanupPreview {
    pub state_dir: PathBuf,
    pub state_dir_exists: bool,
    pub dot_env: Option<OpenclawFileRemovalPreview>,
    pub auth_profiles: Vec<OpenclawFileRemovalPreview>,
    pub oauth: Option<OpenclawFileRemovalPreview>,
}

impl OpenclawCredentialCleanupPreview {
    pub fn has_changes(&self) -> bool {
        self.dot_env.is_some() || !self.auth_profiles.is_empty() || self.oauth.is_some()
    }
}

#[derive(Debug, Clone, PartialEq, Eq)]
pub struct OpenclawFileRemovalPreview {
    pub path: PathBuf,
    pub backup_path: PathBuf,
    pub removals: Vec<String>,
}

/// Authentication method chosen during onboarding.
#[derive(Debug, Default, Clone, PartialEq, Eq)]
pub enum OnboardAuthMethod {
    /// Static API key (the traditional approach).
    #[default]
    StaticKey,
    /// OAuth provider supplies access tokens at runtime.
    OAuth {
        /// Provider identifier, e.g. "codex".
        provider_id: String,
    },
}

/// Which downstream LLM client ClawShell's onboarding wizard should wire
/// through the proxy. Exactly one target per onboard run — the previous
/// "configure Hermes on top of OpenClaw" additive mode has been removed.
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum OnboardTarget {
    /// Route OpenClaw through ClawShell by patching `~/.openclaw/openclaw.json`.
    Openclaw {
        /// Path to the OpenClaw configuration file (usually `~/.openclaw/openclaw.json`).
        config_path: PathBuf,
    },
    /// Route Hermes Agent through ClawShell by running `hermes config set`.
    Hermes,
}

impl OnboardTarget {
    /// Stable short identifier used as a discriminator in `config.json`.
    pub fn as_str(&self) -> &'static str {
        match self {
            OnboardTarget::Openclaw { .. } => "openclaw",
            OnboardTarget::Hermes => "hermes",
        }
    }
}

/// Collected onboarding configuration from user prompts.
#[derive(Debug, Clone)]
pub struct OnboardConfig {
    pub provider: String,
    pub model: String,
    pub auth_method: OnboardAuthMethod,
    /// Set for `StaticKey`; empty for `OAuth`.
    pub real_api_key: String,
    pub virtual_api_key: String,
    /// Which downstream LLM client to wire through ClawShell.
    pub target: OnboardTarget,
    pub server_host: String,
    pub server_port: u16,
    pub email: Option<OnboardEmailConfig>,
}

/// Optional Email endpoint settings collected during onboarding.
#[derive(Debug, Clone)]
pub struct OnboardEmailConfig {
    pub mode: OnboardEmailMode,
    pub sender_rules: Vec<String>,
    pub account_virtual_key: String,
    pub email: String,
    pub app_password: String,
    pub imap_host: String,
    pub imap_port: u16,
}

#[derive(Debug, Clone)]
pub struct OnboardSkillFile {
    pub relative_path: &'static str,
    pub content: String,
}

#[derive(Debug, Clone)]
pub struct OnboardSkillBundle {
    pub name: &'static str,
    pub files: Vec<OnboardSkillFile>,
}

pub const EMAIL_MESSAGES_SKILL_NAME: &str = "get-email-messages";
pub const ADMIN_STATS_SKILL_NAME: &str = "get-clawshell-stats";

pub const STATS_CRON_JOB_NAME: &str = "clawshell-weekly-stats";

pub const STATS_CRON_PROMPT: &str = "\
Use the get-clawshell-stats skill to fetch ClawShell runtime statistics \
from the /admin/stats endpoint, then present a short summary: total \
requests served, token usage (prompt, completion, total), and \
email-filter activity (total filtered count plus the top filtered \
senders). If the endpoint returns an error or is unreachable, report \
that instead.";

/// Sender filtering mode for the Email endpoint.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum OnboardEmailMode {
    Allowlist,
    Denylist,
}

impl OnboardEmailMode {
    pub(crate) fn as_toml_value(self) -> &'static str {
        match self {
            OnboardEmailMode::Allowlist => "allowlist",
            OnboardEmailMode::Denylist => "denylist",
        }
    }
}