openclaw/src/gateway/server-methods.ts

import { ErrorCodes, errorShape } from "./protocol/index.js";
import { agentHandlers } from "./server-methods/agent.js";
import { agentsHandlers } from "./server-methods/agents.js";
import { channelsHandlers } from "./server-methods/channels.js";
import { chatHandlers } from "./server-methods/chat.js";
import { configHandlers } from "./server-methods/config.js";
import { connectHandlers } from "./server-methods/connect.js";
import { cronHandlers } from "./server-methods/cron.js";
import { deviceHandlers } from "./server-methods/devices.js";
import { execApprovalsHandlers } from "./server-methods/exec-approvals.js";
import { healthHandlers } from "./server-methods/health.js";
import { logsHandlers } from "./server-methods/logs.js";
import { modelsHandlers } from "./server-methods/models.js";
import { nodeHandlers } from "./server-methods/nodes.js";
import { sendHandlers } from "./server-methods/send.js";
import { sessionsHandlers } from "./server-methods/sessions.js";
import { skillsHandlers } from "./server-methods/skills.js";
import { systemHandlers } from "./server-methods/system.js";
import { talkHandlers } from "./server-methods/talk.js";
import type { GatewayRequestHandlers, GatewayRequestOptions } from "./server-methods/types.js";
import { updateHandlers } from "./server-methods/update.js";
import { usageHandlers } from "./server-methods/usage.js";
import { voicewakeHandlers } from "./server-methods/voicewake.js";
import { webHandlers } from "./server-methods/web.js";
import { wizardHandlers } from "./server-methods/wizard.js";

const ADMIN_SCOPE = "operator.admin";
const APPROVALS_SCOPE = "operator.approvals";
const PAIRING_SCOPE = "operator.pairing";

const APPROVAL_METHODS = new Set(["exec.approval.request", "exec.approval.resolve"]);
const NODE_ROLE_METHODS = new Set(["node.invoke.result", "node.event"]);
const PAIRING_METHODS = new Set([
  "node.pair.request",
  "node.pair.list",
  "node.pair.approve",
  "node.pair.reject",
  "node.pair.verify",
  "device.pair.list",
  "device.pair.approve",
  "device.pair.reject",
]);
const ADMIN_METHOD_PREFIXES = ["exec.approvals."];

function authorizeGatewayMethod(method: string, client: GatewayRequestOptions["client"]) {
  if (!client?.connect) return null;
  const role = client.connect.role ?? "operator";
  const scopes = client.connect.scopes ?? [];
  if (role === "node") {
    if (NODE_ROLE_METHODS.has(method)) return null;
    return errorShape(ErrorCodes.INVALID_REQUEST, `unauthorized role: ${role}`);
  }
  if (role !== "operator") {
    return errorShape(ErrorCodes.INVALID_REQUEST, `unauthorized role: ${role}`);
  }
  if (scopes.includes(ADMIN_SCOPE)) return null;
  if (APPROVAL_METHODS.has(method) && !scopes.includes(APPROVALS_SCOPE)) {
    return errorShape(ErrorCodes.INVALID_REQUEST, "missing scope: operator.approvals");
  }
  if (PAIRING_METHODS.has(method) && !scopes.includes(PAIRING_SCOPE)) {
    return errorShape(ErrorCodes.INVALID_REQUEST, "missing scope: operator.pairing");
  }
  if (ADMIN_METHOD_PREFIXES.some((prefix) => method.startsWith(prefix))) {
    return errorShape(ErrorCodes.INVALID_REQUEST, "missing scope: operator.admin");
  }
  return null;
}

export const coreGatewayHandlers: GatewayRequestHandlers = {
  ...connectHandlers,
  ...logsHandlers,
  ...voicewakeHandlers,
  ...healthHandlers,
  ...channelsHandlers,
  ...chatHandlers,
  ...cronHandlers,
  ...deviceHandlers,
  ...execApprovalsHandlers,
  ...webHandlers,
  ...modelsHandlers,
  ...configHandlers,
  ...wizardHandlers,
  ...talkHandlers,
  ...skillsHandlers,
  ...sessionsHandlers,
  ...systemHandlers,
  ...updateHandlers,
  ...nodeHandlers,
  ...sendHandlers,
  ...usageHandlers,
  ...agentHandlers,
  ...agentsHandlers,
};

export async function handleGatewayRequest(
  opts: GatewayRequestOptions & { extraHandlers?: GatewayRequestHandlers },
): Promise<void> {
  const { req, respond, client, isWebchatConnect, context } = opts;
  const authError = authorizeGatewayMethod(req.method, client);
  if (authError) {
    respond(false, undefined, authError);
    return;
  }
  const handler = opts.extraHandlers?.[req.method] ?? coreGatewayHandlers[req.method];
  if (!handler) {
    respond(
      false,
      undefined,
      errorShape(ErrorCodes.INVALID_REQUEST, `unknown method: ${req.method}`),
    );
    return;
  }
  await handler({
    req,
    params: (req.params ?? {}) as Record<string, unknown>,
    client,
    isWebchatConnect,
    respond,
    context,
  });
}
chore: align rebase with main 2026-01-04 14:34:23 +01:00			`import { ErrorCodes, errorShape } from "./protocol/index.js";`
			`import { agentHandlers } from "./server-methods/agent.js";`
feat(tui): add agent picker and agents list rpc 2026-01-09 00:53:11 +01:00			`import { agentsHandlers } from "./server-methods/agents.js";`
refactor!: rename chat providers to channels 2026-01-13 06:16:43 +00:00			`import { channelsHandlers } from "./server-methods/channels.js";`
chore: align rebase with main 2026-01-04 14:34:23 +01:00			`import { chatHandlers } from "./server-methods/chat.js";`
			`import { configHandlers } from "./server-methods/config.js";`
			`import { connectHandlers } from "./server-methods/connect.js";`
			`import { cronHandlers } from "./server-methods/cron.js";`
feat: unify device auth + pairing 2026-01-19 02:31:18 +00:00			`import { deviceHandlers } from "./server-methods/devices.js";`
feat: add exec approvals editor in control ui and mac app 2026-01-18 08:54:34 +00:00			`import { execApprovalsHandlers } from "./server-methods/exec-approvals.js";`
chore: align rebase with main 2026-01-04 14:34:23 +01:00			`import { healthHandlers } from "./server-methods/health.js";`
feat: add gateway logs tab 2026-01-08 03:43:46 +00:00			`import { logsHandlers } from "./server-methods/logs.js";`
chore: align rebase with main 2026-01-04 14:34:23 +01:00			`import { modelsHandlers } from "./server-methods/models.js";`
			`import { nodeHandlers } from "./server-methods/nodes.js";`
			`import { sendHandlers } from "./server-methods/send.js";`
			`import { sessionsHandlers } from "./server-methods/sessions.js";`
			`import { skillsHandlers } from "./server-methods/skills.js";`
			`import { systemHandlers } from "./server-methods/system.js";`
			`import { talkHandlers } from "./server-methods/talk.js";`
chore: migrate to oxlint and oxfmt Co-authored-by: Christoph Nakazawa <christoph.pojer@gmail.com> 2026-01-14 14:31:43 +00:00			`import type { GatewayRequestHandlers, GatewayRequestOptions } from "./server-methods/types.js";`
feat: add gateway config/update restart flow 2026-01-08 01:29:56 +01:00			`import { updateHandlers } from "./server-methods/update.js";`
feat: add provider usage tracking 2026-01-07 11:42:41 +01:00			`import { usageHandlers } from "./server-methods/usage.js";`
chore: align rebase with main 2026-01-04 14:34:23 +01:00			`import { voicewakeHandlers } from "./server-methods/voicewake.js";`
			`import { webHandlers } from "./server-methods/web.js";`
			`import { wizardHandlers } from "./server-methods/wizard.js";`

feat: unify device auth + pairing 2026-01-19 02:31:18 +00:00			`const ADMIN_SCOPE = "operator.admin";`
			`const APPROVALS_SCOPE = "operator.approvals";`
			`const PAIRING_SCOPE = "operator.pairing";`

			`const APPROVAL_METHODS = new Set(["exec.approval.request", "exec.approval.resolve"]);`
refactor: remove bridge protocol 2026-01-19 04:50:07 +00:00			`const NODE_ROLE_METHODS = new Set(["node.invoke.result", "node.event"]);`
feat: unify device auth + pairing 2026-01-19 02:31:18 +00:00			`const PAIRING_METHODS = new Set([`
			`"node.pair.request",`
			`"node.pair.list",`
			`"node.pair.approve",`
			`"node.pair.reject",`
			`"node.pair.verify",`
			`"device.pair.list",`
			`"device.pair.approve",`
			`"device.pair.reject",`
			`]);`
			`const ADMIN_METHOD_PREFIXES = ["exec.approvals."];`

			`function authorizeGatewayMethod(method: string, client: GatewayRequestOptions["client"]) {`
			`if (!client?.connect) return null;`
			`const role = client.connect.role ?? "operator";`
			`const scopes = client.connect.scopes ?? [];`
refactor: remove bridge protocol 2026-01-19 04:50:07 +00:00			`if (role === "node") {`
			`if (NODE_ROLE_METHODS.has(method)) return null;`
			return errorShape(ErrorCodes.INVALID_REQUEST, `unauthorized role: ${role}`);
			`}`
feat: unify device auth + pairing 2026-01-19 02:31:18 +00:00			`if (role !== "operator") {`
			return errorShape(ErrorCodes.INVALID_REQUEST, `unauthorized role: ${role}`);
			`}`
			`if (scopes.includes(ADMIN_SCOPE)) return null;`
			`if (APPROVAL_METHODS.has(method) && !scopes.includes(APPROVALS_SCOPE)) {`
			`return errorShape(ErrorCodes.INVALID_REQUEST, "missing scope: operator.approvals");`
			`}`
			`if (PAIRING_METHODS.has(method) && !scopes.includes(PAIRING_SCOPE)) {`
			`return errorShape(ErrorCodes.INVALID_REQUEST, "missing scope: operator.pairing");`
			`}`
			`if (ADMIN_METHOD_PREFIXES.some((prefix) => method.startsWith(prefix))) {`
			`return errorShape(ErrorCodes.INVALID_REQUEST, "missing scope: operator.admin");`
			`}`
			`return null;`
			`}`

feat: add plugin architecture 2026-01-11 12:11:12 +00:00			`export const coreGatewayHandlers: GatewayRequestHandlers = {`
chore: align rebase with main 2026-01-04 14:34:23 +01:00			`...connectHandlers,`
feat: add gateway logs tab 2026-01-08 03:43:46 +00:00			`...logsHandlers,`
chore: align rebase with main 2026-01-04 14:34:23 +01:00			`...voicewakeHandlers,`
			`...healthHandlers,`
refactor!: rename chat providers to channels 2026-01-13 06:16:43 +00:00			`...channelsHandlers,`
chore: align rebase with main 2026-01-04 14:34:23 +01:00			`...chatHandlers,`
			`...cronHandlers,`
feat: unify device auth + pairing 2026-01-19 02:31:18 +00:00			`...deviceHandlers,`
feat: add exec approvals editor in control ui and mac app 2026-01-18 08:54:34 +00:00			`...execApprovalsHandlers,`
chore: align rebase with main 2026-01-04 14:34:23 +01:00			`...webHandlers,`
			`...modelsHandlers,`
			`...configHandlers,`
			`...wizardHandlers,`
			`...talkHandlers,`
			`...skillsHandlers,`
			`...sessionsHandlers,`
			`...systemHandlers,`
feat: add gateway config/update restart flow 2026-01-08 01:29:56 +01:00			`...updateHandlers,`
chore: align rebase with main 2026-01-04 14:34:23 +01:00			`...nodeHandlers,`
			`...sendHandlers,`
feat: add provider usage tracking 2026-01-07 11:42:41 +01:00			`...usageHandlers,`
chore: align rebase with main 2026-01-04 14:34:23 +01:00			`...agentHandlers,`
feat(tui): add agent picker and agents list rpc 2026-01-09 00:53:11 +01:00			`...agentsHandlers,`
refactor: split gateway server methods 2026-01-03 18:14:07 +01:00			`};`

			`export async function handleGatewayRequest(`
feat: add plugin architecture 2026-01-11 12:11:12 +00:00			`opts: GatewayRequestOptions & { extraHandlers?: GatewayRequestHandlers },`
refactor: split gateway server methods 2026-01-03 18:14:07 +01:00			`): Promise<void> {`
			`const { req, respond, client, isWebchatConnect, context } = opts;`
feat: unify device auth + pairing 2026-01-19 02:31:18 +00:00			`const authError = authorizeGatewayMethod(req.method, client);`
			`if (authError) {`
			`respond(false, undefined, authError);`
			`return;`
			`}`
chore: migrate to oxlint and oxfmt Co-authored-by: Christoph Nakazawa <christoph.pojer@gmail.com> 2026-01-14 14:31:43 +00:00			`const handler = opts.extraHandlers?.[req.method] ?? coreGatewayHandlers[req.method];`
chore: align rebase with main 2026-01-04 14:34:23 +01:00			`if (!handler) {`
			`respond(`
			`false,`
			`undefined,`
			errorShape(ErrorCodes.INVALID_REQUEST, `unknown method: ${req.method}`),
			`);`
			`return;`
refactor: split gateway server methods 2026-01-03 18:14:07 +01:00			`}`
chore: align rebase with main 2026-01-04 14:34:23 +01:00			`await handler({`
			`req,`
			`params: (req.params ?? {}) as Record<string, unknown>,`
			`client,`
			`isWebchatConnect,`
			`respond,`
			`context,`
			`});`
refactor: split gateway server methods 2026-01-03 18:14:07 +01:00			`}`