fix: harden session caching and topic transcripts

2026-01-07 22:38:41 +00:00
parent 8da4f259dd
commit 67d1f61872
13 changed files with 75 additions and 289 deletions
--- a/scripts/config-lock.sh
+++ b/scripts/config-lock.sh
@@ -1,46 +0,0 @@
-#!/bin/bash
-# =============================================================================
-# Config Lock: Makes clawdbot.json immutable to prevent any writes
-# Usage: config-lock.sh [lock|unlock|status]
-# =============================================================================
-
-# Source unified environment
-source "$(dirname "$0")/env.sh"
-
-lock_config() {
-  chflags uchg "$CONFIG"
-  log "🔒 Config LOCKED - write access disabled."
-}
-
-unlock_config() {
-  chflags nouchg "$CONFIG"
-  log "🔓 Config UNLOCKED - write access enabled."
-}
-
-check_status() {
-  if config_is_locked; then
-    echo "🔒 Config is LOCKED (immutable)"
-    return 0
-  else
-    echo "🔓 Config is UNLOCKED (writable)"
-    return 1
-  fi
-}
-
-case "${1:-status}" in
-  lock)
-    lock_config
-    ;;
-  unlock)
-    unlock_config
-    ;;
-  status)
-    check_status
-    ;;
-  *)
-    echo "Usage: $0 [lock|unlock|status]"
-    echo "  lock   - Make config immutable (no writes allowed)"
-    echo "  unlock - Allow writes (for manual edits)"
-    echo "  status - Show current lock status"
-    ;;
-esac
--- a/scripts/config-watchdog.sh
+++ b/scripts/config-watchdog.sh
@@ -1,55 +0,0 @@
-#!/bin/bash
-# =============================================================================
-# Config Watchdog: Detects unauthorized changes to model config
-# Restores if changed (backup protection if config unlocked)
-# =============================================================================
-
-# Source unified environment
-source "$(dirname "$0")/env.sh"
-
-EXPECTED_PRIMARY="antigravity/gemini-3-pro-low"
-EXPECTED_FALLBACKS='["antigravity/claude-sonnet-4-5","antigravity/gemini-3-flash","antigravity/gemini-3-pro-high","antigravity/claude-opus-4-5","antigravity/claude-sonnet-4-5-thinking","antigravity/claude-opus-4-5-thinking"]'
-
-log "Config watchdog check..."
-
-# If config is locked, just verify and exit
-if config_is_locked; then
-  log "✅ Config is LOCKED (immutable) - no changes possible."
-  exit 0
-fi
-
-# Config is unlocked - check for tampering
-log "⚠️  Config is UNLOCKED - checking for unauthorized changes..."
-
-CURRENT_PRIMARY=$(jq -r '.agent.model.primary' "$CONFIG" 2>/dev/null)
-CURRENT_FALLBACKS=$(jq -c '.agent.model.fallbacks' "$CONFIG" 2>/dev/null)
-
-CHANGED=false
-
-if [ "$CURRENT_PRIMARY" != "$EXPECTED_PRIMARY" ]; then
-  log "⚠️  PRIMARY CHANGED: $CURRENT_PRIMARY → $EXPECTED_PRIMARY"
-  CHANGED=true
-fi
-
-if [ "$CURRENT_FALLBACKS" != "$EXPECTED_FALLBACKS" ]; then
-  log "⚠️  FALLBACKS CHANGED!"
-  CHANGED=true
-fi
-
-if [ "$CHANGED" = true ]; then
-  log "🔧 RESTORING CONFIG..."
-  jq --arg primary "$EXPECTED_PRIMARY" \
-     --argjson fallbacks "$EXPECTED_FALLBACKS" \
-     '.agent.model.primary = $primary | .agent.model.fallbacks = $fallbacks' \
-     "$CONFIG" > "${CONFIG}.tmp" && mv "${CONFIG}.tmp" "$CONFIG"
-  
-  if [ $? -eq 0 ]; then
-    log "✅ Config restored. Re-locking..."
-    "$SCRIPTS_DIR/config-lock.sh" lock
-  else
-    log "❌ Failed to restore config!"
-  fi
-else
-  log "✅ Config OK - re-locking..."
-  "$SCRIPTS_DIR/config-lock.sh" lock
-fi
--- a/scripts/env.sh
+++ b/scripts/env.sh
@@ -1,30 +0,0 @@
-#!/bin/bash
-# =============================================================================
-# Unified environment for all clawdbot scripts
-# Source this at the top of every script: source "$(dirname "$0")/env.sh"
-# =============================================================================
-
-# Comprehensive PATH for cron environment
-export PATH="/usr/sbin:/usr/bin:/bin:/opt/homebrew/bin:$HOME/.bun/bin:/usr/local/bin:$PATH"
-
-# Core directories
-export CLAWDBOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." 2>/dev/null && pwd)"
-export SCRIPTS_DIR="$CLAWDBOT_DIR/scripts"
-export CONFIG="$HOME/.clawdbot/clawdbot.json"
-export LOG_DIR="$HOME/.clawdbot/logs"
-
-# Gateway settings
-export PORT=18789
-
-# Ensure log directory exists
-mkdir -p "$LOG_DIR" 2>/dev/null
-
-# Helper: Check if config is locked
-config_is_locked() {
-  ls -lO "$CONFIG" 2>/dev/null | grep -q "uchg"
-}
-
-# Helper: Log with timestamp
-log() {
-  echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*"
-}
--- a/scripts/keep-alive.sh
+++ b/scripts/keep-alive.sh
@@ -1,25 +0,0 @@
-#!/bin/bash
-# =============================================================================
-# Keep-Alive: Ensures clawdbot gateway is always running
-# Runs via cron every 2 minutes
-# =============================================================================
-
-# Source unified environment
-source "$(dirname "$0")/env.sh"
-
-log "Checking clawdbot status..."
-
-# Check if gateway is running (port check)
-if lsof -i :$PORT > /dev/null 2>&1; then
-  # Additional health check via HTTP
-  if curl -sf "http://127.0.0.1:$PORT/health" > /dev/null 2>&1; then
-    log "✅ Status: ONLINE (Port $PORT active, health OK)"
-  else
-    log "⚠️  Status: DEGRADED (Port $PORT active, but health check failed)"
-  fi
-  exit 0
-else
-  log "❌ Status: OFFLINE (Port $PORT closed). Initiating restart..."
-  "$SCRIPTS_DIR/models.sh" restart
-  log "Restart command executed."
-fi
--- a/scripts/models.sh
+++ b/scripts/models.sh
@@ -1,82 +0,0 @@
-#!/bin/bash
-# =============================================================================
-# Models: Gateway management and model config display
-# Usage: ./scripts/models.sh [edit|restart|show]
-# =============================================================================
-
-# Source unified environment
-source "$(dirname "$0")/env.sh"
-
-wait_for_port() {
-  local port=$1
-  for i in {1..10}; do
-    if ! lsof -i :$port > /dev/null 2>&1; then
-      return 0
-    fi
-    echo "Waiting for port $port to clear... ($i/10)"
-    sleep 1
-  done
-  return 1
-}
-
-restart_gateway() {
-  log "Restarting gateway..."
-  
-  # Try graceful kill first
-  pkill -f "bun.*gateway --port $PORT" 2>/dev/null
-  pkill -f "node.*gateway.*$PORT" 2>/dev/null
-  pkill -f "tsx.*gateway.*$PORT" 2>/dev/null
-  
-  if ! wait_for_port $PORT; then
-    log "Port $PORT still in use. Forcing cleanup..."
-    lsof -ti :$PORT | xargs kill -9 2>/dev/null
-    sleep 1
-  fi
-
-  # Start gateway in background
-  cd "$CLAWDBOT_DIR" && pnpm clawdbot gateway --port $PORT &
-  
-  # Verify start
-  sleep 3
-  if lsof -i :$PORT > /dev/null 2>&1; then
-    log "✅ Gateway restarted successfully on port $PORT."
-    
-    # Auto-lock config after successful restart
-    "$SCRIPTS_DIR/config-lock.sh" lock
-    return 0
-  else
-    log "❌ Gateway failed to start. Check logs."
-    return 1
-  fi
-}
-
-case "${1:-show}" in
-  edit)
-    # Unlock config for editing
-    if config_is_locked; then
-      "$SCRIPTS_DIR/config-lock.sh" unlock
-    fi
-    
-    ${EDITOR:-nano} "$CONFIG"
-    echo "Config saved."
-    restart_gateway
-    ;;
-  restart)
-    restart_gateway
-    ;;
-  show)
-    echo "=== Model Priority ==="
-    echo "Primary: $(jq -r '.agent.model.primary' "$CONFIG")"
-    echo ""
-    echo "Fallbacks:"
-    jq -r '.agent.model.fallbacks[]' "$CONFIG" | nl
-    echo ""
-    echo "Config Lock: $(config_is_locked && echo '🔒 LOCKED' || echo '🔓 UNLOCKED')"
-    ;;
-  *)
-    echo "Usage: $0 [edit|restart|show]"
-    echo "  show    - Display current model priority (default)"
-    echo "  edit    - Edit config and restart gateway"
-    echo "  restart - Just restart gateway"
-    ;;
-esac