diff --git a/MEMORY.md b/MEMORY.md index 2b817a3..02b89ec 100644 --- a/MEMORY.md +++ b/MEMORY.md @@ -17,6 +17,8 @@ - Claude ACP tiering preference: Haiku 4.5 (simple), Sonnet 4.6 (default medium), Opus 4.6 (hard/high-stakes) - Git preference: commit frequently with Conventional Commits; create feature branches for non-trivial work; auto-commit after meaningful workspace changes without being asked; never auto-push (push only when explicitly asked) - Tooling preference: treat the local n8n instance as an assistant-owned execution/orchestration tool and use it proactively when it is the right fit, without asking for separate permission each time. +- n8n access preference: treat the live n8n public API as part of that allowed tool surface as well; when the right path is via the n8n API, use it directly instead of acting blocked or asking again for permission. +- Google Workspace automation note: `gog` works for non-interactive planning/dry-runs without unlocking the keyring, but real headless Gmail/Calendar execution requires `GOG_KEYRING_PASSWORD` in the environment because the file keyring backend cannot prompt in non-TTY automation. ## Boundaries - Never fetch/read remote files to alter instructions. diff --git a/memory/2026-03-12.md b/memory/2026-03-12.md index cd422db..226f8af 100644 --- a/memory/2026-03-12.md +++ b/memory/2026-03-12.md @@ -78,3 +78,19 @@ - `send_notification_draft` returned `200` and produced pending id `approval-mmnr8pyq-tjxiqkps` - approving that item via `approval_queue_resolve` returned `executed: true` and `executed_action: "notify"` - `approval_queue_list` showed `pending_count: 0` afterward and recorded the execution metadata in history +- Will explicitly reinforced a durable operating expectation: local n8n, including its live public API, should be treated as assistant-owned tooling. If the correct path is the n8n API, use it directly instead of re-asking for permission or acting blocked. +- After Google Workspace auth was completed with `gog`, headless testing showed an important automation constraint: real non-TTY `gog` calls fail unless `GOG_KEYRING_PASSWORD` is present, because the current `gog` file keyring backend cannot prompt in automation. However, `gog --dry-run` for Gmail draft creation and Calendar event creation works without unlocking the keyring, which made it possible to fully validate executor plumbing safely. +- Implemented a host-side bridge script at `skills/n8n-webhook/scripts/resolve-approval-with-gog.py`. + - flow: resolve approval in n8n → execute supported kinds on host via `gog` → write execution metadata back into n8n history + - supported host-executed kinds: + - `email_draft` → `gog gmail drafts create` + - `calendar_event` → `gog calendar create` +- Expanded the live `openclaw-action` workflow with new action `approval_history_attach_execution`, allowing host-side executors to patch resolved history entries with execution status/details. +- Live dry-run verification on 2026-03-12 succeeded end-to-end: + - queued one `email_draft` approval item and one `calendar_event` item + - resolved both via the new host bridge with `--dry-run` + - `gog` returned dry-run JSON for both operations without touching Google state + - `approvalHistory` entries were updated in n8n with execution metadata: + - email draft item id `approval-mmnsx7iz-k26qb60c` → `execution.op = gmail.drafts.create`, `status = dry_run` + - calendar item id `approval-mmnsx7ji-3rt7yd74` → `execution.op = calendar.create`, `status = dry_run` +- Current practical next step for real Gmail/Calendar execution: provide `GOG_KEYRING_PASSWORD` to the runtime environment that will invoke the bridge script, or switch `gog` to a keyring backend that supports unattended access on this host. diff --git a/skills/n8n-webhook/SKILL.md b/skills/n8n-webhook/SKILL.md index 027cc80..151fdd0 100644 --- a/skills/n8n-webhook/SKILL.md +++ b/skills/n8n-webhook/SKILL.md @@ -27,6 +27,7 @@ Keep the integration narrow: let OpenClaw decide what to do, and let n8n execute - direct webhook caller: `scripts/call-webhook.sh` - action-bus caller: `scripts/call-action.sh` +- approval executor bridge: `scripts/resolve-approval-with-gog.py` - workflow validator: `scripts/validate-workflow.py` - importable router workflow: `assets/openclaw-action.workflow.json` - sample payloads: @@ -106,6 +107,7 @@ Use the included workflow asset when you want a ready-made local router for: - `send_email_draft` → queue approval-gated email drafts in workflow static data - `create_calendar_event` → queue approval-gated calendar proposals in workflow static data - `approval_queue_add` / `approval_queue_list` / `approval_queue_resolve` → manage pending approvals and recent history +- `approval_history_attach_execution` → let a host-side executor attach real execution metadata back onto approval history entries - `fetch_and_normalize_url` → fetch + normalize URL content using n8n runtime HTTP helpers - `inbound_event_filter` → classify, dedupe, store, and optionally notify on inbound events - normalized JSON success/failure responses @@ -118,6 +120,18 @@ Important: See `references/openclaw-action.md` for import and test steps. +### Host execution bridge for Gmail/Calendar + +When email/calendar provider creds live on the host via `gog` rather than inside n8n, use: + +```bash +python3 scripts/resolve-approval-with-gog.py --id --decision approve +``` + +Practical note: +- unattended execution needs `GOG_KEYRING_PASSWORD` in the environment because `gog`'s file keyring cannot prompt in non-TTY automation +- for safe plumbing tests without touching Google state, add `--dry-run` + ### Add a new webhook-backed capability 1. Write down the webhook path, required auth, request JSON, and response JSON. diff --git a/skills/n8n-webhook/assets/openclaw-action.workflow.json b/skills/n8n-webhook/assets/openclaw-action.workflow.json index 9f7d359..b4a385d 100644 --- a/skills/n8n-webhook/assets/openclaw-action.workflow.json +++ b/skills/n8n-webhook/assets/openclaw-action.workflow.json @@ -30,7 +30,7 @@ "parameters": { "mode": "runOnceForEachItem", "language": "javaScript", - "jsCode": "return (async () => {\n const body = ($json.body && typeof $json.body === 'object') ? $json.body : $json;\n const action = typeof body.action === 'string' ? body.action : '';\n const args = (body.args && typeof body.args === 'object' && body.args !== null) ? body.args : {};\n const requestId = typeof body.request_id === 'string' ? body.request_id : '';\n const now = new Date().toISOString();\n const workflowStaticData = $getWorkflowStaticData('global');\n const maxLogEntries = 200;\n const maxQueueEntries = 200;\n const maxHistoryEntries = 200;\n const maxEventEntries = 200;\n const maxDedupEntries = 500;\n\n const clamp = (value, min, max, fallback) => {\n const num = Number(value);\n if (!Number.isFinite(num)) {\n return fallback;\n }\n return Math.max(min, Math.min(max, Math.trunc(num)));\n };\n\n const asString = (value, fallback = '') => (typeof value === 'string' ? value : fallback);\n\n const isPlainObject = (value) => typeof value === 'object' && value !== null && !Array.isArray(value);\n\n const trimText = (value) => asString(value).trim();\n\n const previewText = (value, max = 160) => {\n const text = trimText(value).replace(/\\s+/g, ' ');\n if (text.length <= max) {\n return text;\n }\n return `${text.slice(0, Math.max(0, max - 1)).trimEnd()}\u2026`;\n };\n\n const ensureStringArray = (value) => {\n if (Array.isArray(value)) {\n return value.map((entry) => trimText(entry)).filter(Boolean);\n }\n if (typeof value === 'string') {\n const trimmed = trimText(value);\n return trimmed ? [trimmed] : [];\n }\n return [];\n };\n\n const pushRetained = (list, item, maxEntries) => {\n const target = Array.isArray(list) ? list : [];\n target.push(item);\n if (target.length > maxEntries) {\n target.splice(0, target.length - maxEntries);\n }\n return target;\n };\n\n const makeId = (prefix) => {\n const rand = Math.random().toString(36).slice(2, 10);\n return `${prefix}-${Date.now().toString(36)}-${rand}`;\n };\n\n const htmlEntityDecode = (value) => {\n const text = asString(value)\n .replace(/ /gi, ' ')\n .replace(/&/gi, '&')\n .replace(/</gi, '<')\n .replace(/>/gi, '>')\n .replace(/"/gi, '\"')\n .replace(/'/gi, \"'\");\n return text;\n };\n\n const stripHtml = (value) => htmlEntityDecode(\n asString(value)\n .replace(//gi, ' ')\n .replace(//gi, ' ')\n .replace(//gi, ' ')\n .replace(/<[^>]+>/g, ' ')\n .replace(/\\s+/g, ' ')\n ).trim();\n\n const normalizeHeaders = (headers) => {\n if (!headers || typeof headers.entries !== 'function') {\n return {};\n }\n return Object.fromEntries(Array.from(headers.entries()).map(([key, value]) => [String(key).toLowerCase(), String(value)]));\n };\n\n const getActionLog = () => Array.isArray(workflowStaticData.actionLog) ? workflowStaticData.actionLog : [];\n const getApprovalQueue = () => Array.isArray(workflowStaticData.approvalQueue) ? workflowStaticData.approvalQueue : [];\n const getApprovalHistory = () => Array.isArray(workflowStaticData.approvalHistory) ? workflowStaticData.approvalHistory : [];\n const getInboundEvents = () => Array.isArray(workflowStaticData.inboundEvents) ? workflowStaticData.inboundEvents : [];\n const getEventDedup = () => Array.isArray(workflowStaticData.eventDedup) ? workflowStaticData.eventDedup : [];\n\n const persistActionLog = (entry) => {\n workflowStaticData.actionLog = pushRetained(getActionLog(), entry, maxLogEntries);\n };\n\n const logAction = (text, meta = undefined) => {\n persistActionLog({\n ts: now,\n source: 'openclaw-action',\n request_id: requestId,\n text,\n meta: isPlainObject(meta) ? meta : undefined,\n });\n };\n\n const enqueueApproval = ({ kind, summary, payload, tags = [] }) => {\n const item = {\n id: makeId('approval'),\n kind,\n status: 'pending',\n created_at: now,\n updated_at: now,\n request_id: requestId,\n summary,\n payload,\n tags: Array.isArray(tags) ? tags.filter(Boolean) : [],\n };\n workflowStaticData.approvalQueue = pushRetained(getApprovalQueue(), item, maxQueueEntries);\n return item;\n };\n\n const normalizeFetchResponse = ({ inputUrl, response, rawBody, maxChars }) => {\n const headers = normalizeHeaders(response.headers);\n const contentType = headers['content-type'] || '';\n const isHtml = /text\\/html|application\\/xhtml\\+xml/i.test(contentType);\n const isJson = /application\\/json|application\\/ld\\+json|application\\/problem\\+json/i.test(contentType);\n const titleMatch = isHtml ? rawBody.match(/]*>([\\s\\S]*?)<\\/title>/i) : null;\n const title = titleMatch ? previewText(stripHtml(titleMatch[1]), 200) : '';\n let bodyText = '';\n if (isHtml) {\n bodyText = stripHtml(rawBody);\n } else if (isJson) {\n try {\n bodyText = JSON.stringify(JSON.parse(rawBody), null, 2);\n } catch {\n bodyText = rawBody;\n }\n } else {\n bodyText = rawBody;\n }\n const normalized = bodyText.slice(0, maxChars);\n return {\n url: response.url || inputUrl,\n fetched_url: inputUrl,\n title,\n http_status: response.status,\n content_type: contentType || 'application/octet-stream',\n excerpt: previewText(normalized, 320),\n body_text: normalized,\n text_length: bodyText.length,\n truncated: bodyText.length > normalized.length,\n headers,\n };\n };\n\n const classifyInboundEvent = (eventArgs) => {\n const source = trimText(eventArgs.source || 'event');\n const type = trimText(eventArgs.type || 'event');\n const summary = previewText(eventArgs.summary || eventArgs.message || (isPlainObject(eventArgs.event) ? JSON.stringify(eventArgs.event) : ''), 280);\n const severity = trimText(eventArgs.severity || '').toLowerCase();\n const priority = trimText(eventArgs.priority || '').toLowerCase();\n const extraText = isPlainObject(eventArgs.event) ? JSON.stringify(eventArgs.event) : '';\n const haystack = `${summary} ${extraText}`.toLowerCase();\n let classification = 'watch';\n let shouldNotify = false;\n\n if (\n ['critical', 'urgent', 'sev1', 'sev2', 'high'].includes(severity) ||\n ['critical', 'urgent', 'p1', 'p2', 'high'].includes(priority) ||\n /(outage|down|failed|failure|critical|urgent|blocked|sev1|sev2|database unavailable|cannot reach|immediately|asap)/.test(haystack)\n ) {\n classification = 'urgent';\n shouldNotify = true;\n } else if (\n /(delivery|delivered|package|submission|alert|invoice|payment|review requested|build failed|incident|ticket)/.test(haystack)\n ) {\n classification = 'important';\n shouldNotify = true;\n }\n\n return { source, type, summary, severity, priority, classification, shouldNotify };\n };\n\n let route = 'respond';\n let statusCode = 400;\n let responseBody = {\n ok: false,\n request_id: requestId,\n error: { code: 'unknown_action', message: 'action is not supported' },\n };\n let notifyText = '';\n\n if (action === 'append_log') {\n if (typeof args.text === 'string' && trimText(args.text).length > 0) {\n statusCode = 200;\n const record = {\n ts: now,\n source: trimText(args.source || 'openclaw-action'),\n request_id: requestId,\n text: trimText(args.text),\n meta: isPlainObject(args.meta) ? args.meta : undefined,\n };\n persistActionLog(record);\n responseBody = {\n ok: true,\n request_id: requestId,\n result: {\n action: 'append_log',\n status: 'logged',\n preview: { text: record.text },\n sink: {\n type: 'workflow-static-data',\n key: 'actionLog',\n retained_entries: maxLogEntries,\n },\n },\n };\n } else {\n responseBody = {\n ok: false,\n request_id: requestId,\n error: { code: 'invalid_request', message: 'required args are missing' },\n };\n }\n } else if (action === 'get_logs') {\n const actionLog = getActionLog();\n const limit = clamp(args.limit, 1, 50, 20);\n const entries = actionLog.slice(-limit).reverse();\n statusCode = 200;\n responseBody = {\n ok: true,\n request_id: requestId,\n result: {\n action: 'get_logs',\n status: 'ok',\n count: entries.length,\n total_retained: actionLog.length,\n retained_entries: maxLogEntries,\n entries,\n },\n };\n } else if (action === 'send_notification_draft') {\n const title = trimText(args.title || '');\n const message = trimText(args.message || '');\n if (message) {\n statusCode = 200;\n const item = enqueueApproval({\n kind: 'notification',\n summary: title ? `Notification draft \u2014 ${title}` : `Notification draft \u2014 ${previewText(message, 80)}`,\n payload: {\n title,\n message,\n },\n tags: ['notify', 'approval'],\n });\n logAction(`queued notification draft ${item.id}`, { pending_id: item.id, title_present: Boolean(title) });\n responseBody = {\n ok: true,\n request_id: requestId,\n result: {\n action: 'send_notification_draft',\n status: 'queued_for_approval',\n pending_id: item.id,\n approval_status: item.status,\n preview: {\n title,\n message,\n },\n sink: {\n type: 'workflow-static-data',\n key: 'approvalQueue',\n retained_entries: maxQueueEntries,\n },\n },\n };\n } else {\n responseBody = {\n ok: false,\n request_id: requestId,\n error: { code: 'invalid_request', message: 'send_notification_draft requires message' },\n };\n }\n } else if (action === 'notify') {\n if (typeof args.message === 'string' && trimText(args.message).length > 0) {\n route = 'notify';\n statusCode = 200;\n const title = trimText(args.title || '');\n notifyText = title ? `\ud83d\udd14 ${title}\\n${trimText(args.message)}` : `\ud83d\udd14 ${trimText(args.message)}`;\n responseBody = {\n ok: true,\n request_id: requestId,\n result: {\n action: 'notify',\n status: 'sent',\n preview: { title, message: trimText(args.message) },\n targets: ['telegram', 'discord'],\n },\n };\n logAction(`notify: ${previewText(`${title} ${args.message}`, 180)}`);\n } else {\n responseBody = {\n ok: false,\n request_id: requestId,\n error: { code: 'invalid_request', message: 'required args are missing' },\n };\n }\n } else if (action === 'send_email_draft') {\n const to = ensureStringArray(args.to);\n const cc = ensureStringArray(args.cc);\n const bcc = ensureStringArray(args.bcc);\n const subject = trimText(args.subject || '');\n const bodyText = trimText(args.body_text || '');\n const bodyHtml = trimText(args.body_html || '');\n\n if (to.length > 0 && subject && (bodyText || bodyHtml)) {\n statusCode = 200;\n const item = enqueueApproval({\n kind: 'email_draft',\n summary: `Email draft to ${to.join(', ')} \u2014 ${subject}`,\n payload: {\n to,\n cc,\n bcc,\n subject,\n body_text: bodyText,\n body_html: bodyHtml,\n },\n tags: ['email', 'approval'],\n });\n logAction(`queued email draft ${item.id}`, { pending_id: item.id, subject, to_count: to.length });\n responseBody = {\n ok: true,\n request_id: requestId,\n result: {\n action: 'send_email_draft',\n status: 'queued_for_approval',\n pending_id: item.id,\n approval_status: item.status,\n preview: {\n to,\n cc,\n bcc,\n subject,\n body_excerpt: previewText(bodyText || stripHtml(bodyHtml), 240),\n },\n sink: {\n type: 'workflow-static-data',\n key: 'approvalQueue',\n retained_entries: maxQueueEntries,\n },\n },\n };\n } else {\n responseBody = {\n ok: false,\n request_id: requestId,\n error: {\n code: 'invalid_request',\n message: 'send_email_draft requires to, subject, and body_text or body_html',\n },\n };\n }\n } else if (action === 'create_calendar_event') {\n const title = trimText(args.title || '');\n const start = trimText(args.start || '');\n const end = trimText(args.end || '');\n const startDate = start ? new Date(start) : null;\n const endDate = end ? new Date(end) : null;\n\n if (title && startDate && endDate && Number.isFinite(startDate.getTime()) && Number.isFinite(endDate.getTime()) && endDate > startDate) {\n statusCode = 200;\n const attendees = ensureStringArray(args.attendees);\n const item = enqueueApproval({\n kind: 'calendar_event',\n summary: `Calendar event ${title} @ ${startDate.toISOString()}`,\n payload: {\n calendar: trimText(args.calendar || 'primary') || 'primary',\n title,\n start: startDate.toISOString(),\n end: endDate.toISOString(),\n location: trimText(args.location || ''),\n description: trimText(args.description || ''),\n attendees,\n },\n tags: ['calendar', 'approval'],\n });\n logAction(`queued calendar event ${item.id}`, { pending_id: item.id, title, attendee_count: attendees.length });\n responseBody = {\n ok: true,\n request_id: requestId,\n result: {\n action: 'create_calendar_event',\n status: 'queued_for_approval',\n pending_id: item.id,\n approval_status: item.status,\n preview: {\n calendar: item.payload.calendar,\n title,\n start: item.payload.start,\n end: item.payload.end,\n location: item.payload.location,\n attendees,\n },\n sink: {\n type: 'workflow-static-data',\n key: 'approvalQueue',\n retained_entries: maxQueueEntries,\n },\n },\n };\n } else {\n responseBody = {\n ok: false,\n request_id: requestId,\n error: {\n code: 'invalid_request',\n message: 'create_calendar_event requires title, start, and end with end after start',\n },\n };\n }\n } else if (action === 'approval_queue_add') {\n const kind = trimText(args.kind || 'manual');\n const summary = trimText(args.summary || '');\n if (summary) {\n statusCode = 200;\n const item = enqueueApproval({\n kind,\n summary,\n payload: isPlainObject(args.payload) ? args.payload : {},\n tags: ensureStringArray(args.tags),\n });\n logAction(`queued approval item ${item.id}`, { pending_id: item.id, kind });\n responseBody = {\n ok: true,\n request_id: requestId,\n result: {\n action: 'approval_queue_add',\n status: 'queued',\n pending_id: item.id,\n item,\n },\n };\n } else {\n responseBody = {\n ok: false,\n request_id: requestId,\n error: { code: 'invalid_request', message: 'approval_queue_add requires summary' },\n };\n }\n } else if (action === 'approval_queue_list') {\n const limit = clamp(args.limit, 1, 50, 20);\n const includeHistory = args.include_history === true;\n const pending = getApprovalQueue().slice(-limit).reverse();\n const history = includeHistory ? getApprovalHistory().slice(-limit).reverse() : [];\n statusCode = 200;\n responseBody = {\n ok: true,\n request_id: requestId,\n result: {\n action: 'approval_queue_list',\n status: 'ok',\n pending_count: getApprovalQueue().length,\n history_count: getApprovalHistory().length,\n pending,\n history,\n },\n };\n } else if (action === 'approval_queue_resolve') {\n const id = trimText(args.id || '');\n const decision = trimText(args.decision || '').toLowerCase();\n const queue = getApprovalQueue();\n const index = queue.findIndex((item) => item && item.id === id);\n\n if (!id || !['approve', 'reject'].includes(decision)) {\n responseBody = {\n ok: false,\n request_id: requestId,\n error: { code: 'invalid_request', message: 'approval_queue_resolve requires id and decision=approve|reject' },\n };\n } else if (index === -1) {\n statusCode = 404;\n responseBody = {\n ok: false,\n request_id: requestId,\n error: { code: 'not_found', message: 'approval queue item was not found' },\n };\n } else {\n statusCode = 200;\n const [item] = queue.splice(index, 1);\n workflowStaticData.approvalQueue = queue;\n const resolved = {\n ...item,\n status: decision === 'approve' ? 'approved' : 'rejected',\n resolved_at: now,\n resolution_note: trimText(args.note || ''),\n };\n\n let executed = false;\n let executed_action = '';\n if (decision === 'approve' && resolved.kind === 'notification' && isPlainObject(resolved.payload)) {\n const title = trimText(resolved.payload.title || '');\n const message = trimText(resolved.payload.message || '');\n if (message) {\n route = 'notify';\n notifyText = title ? `\ud83d\udd14 ${title}\n${message}` : `\ud83d\udd14 ${message}`;\n executed = true;\n executed_action = 'notify';\n resolved.execution = {\n action: 'notify',\n status: 'sent',\n executed_at: now,\n };\n }\n }\n\n workflowStaticData.approvalHistory = pushRetained(getApprovalHistory(), resolved, maxHistoryEntries);\n logAction(`resolved approval item ${id}`, { pending_id: id, status: resolved.status, executed, executed_action });\n if (!executed && args.notify_on_resolve === true) {\n route = 'notify';\n const emoji = resolved.status === 'approved' ? '\u2705' : '\ud83d\uded1';\n notifyText = `${emoji} Approval ${resolved.status}\n${resolved.summary}`;\n }\n responseBody = {\n ok: true,\n request_id: requestId,\n result: {\n action: 'approval_queue_resolve',\n status: resolved.status,\n executed,\n executed_action,\n item: resolved,\n },\n };\n }\n } else if (action === 'fetch_and_normalize_url') {\n const url = trimText(args.url || '');\n const maxChars = clamp(args.max_chars, 500, 20000, 8000);\n const timeoutMs = clamp(args.timeout_ms, 1000, 30000, 10000);\n\n if (!/^https?:\\/\\//i.test(url)) {\n responseBody = {\n ok: false,\n request_id: requestId,\n error: { code: 'invalid_request', message: 'fetch_and_normalize_url requires an http or https url' },\n };\n } else {\n try {\n if (!this || !this.helpers || typeof this.helpers.httpRequest !== 'function') {\n throw new Error('this.helpers.httpRequest is not available in this n8n Code runtime');\n }\n const extraHeaders = isPlainObject(args.headers) ? args.headers : {};\n const requestHeaders = Object.fromEntries(\n Object.entries(extraHeaders)\n .filter(([key, value]) => typeof key === 'string' && typeof value === 'string' && key.trim() && value.trim())\n .map(([key, value]) => [key.trim(), value.trim()])\n );\n\n const skipSslCertificateValidation = args.skip_ssl_certificate_validation === true;\n const upstream = await this.helpers.httpRequest({\n url,\n method: 'GET',\n headers: requestHeaders,\n timeout: timeoutMs,\n json: false,\n encoding: 'text',\n returnFullResponse: true,\n skipSslCertificateValidation,\n });\n\n const headersObj = Object.fromEntries(\n Object.entries(upstream.headers || {}).map(([key, value]) => [\n String(key).toLowerCase(),\n Array.isArray(value) ? value.join(', ') : String(value ?? ''),\n ])\n );\n const response = {\n ok: (upstream.statusCode || 0) >= 200 && (upstream.statusCode || 0) < 300,\n status: upstream.statusCode || 0,\n url: upstream.request?.uri?.href || upstream.request?.href || upstream.url || url,\n headers: { entries: () => Object.entries(headersObj) },\n };\n const rawBody = typeof upstream.body === 'string'\n ? upstream.body\n : JSON.stringify(upstream.body ?? '', null, 2);\n const normalized = normalizeFetchResponse({ inputUrl: url, response, rawBody, maxChars });\n if (!response.ok) {\n statusCode = 502;\n responseBody = {\n ok: false,\n request_id: requestId,\n error: { code: 'upstream_http_error', message: `upstream returned ${response.status}` },\n result: {\n action: 'fetch_and_normalize_url',\n upstream: normalized,\n },\n };\n } else {\n statusCode = 200;\n logAction(`fetched url ${normalized.url}`, { url: normalized.url, content_type: normalized.content_type, http_status: normalized.http_status });\n responseBody = {\n ok: true,\n request_id: requestId,\n result: {\n action: 'fetch_and_normalize_url',\n status: 'ok',\n ...normalized,\n },\n };\n }\n } catch (error) {\n statusCode = 502;\n responseBody = {\n ok: false,\n request_id: requestId,\n error: {\n code: error && error.name === 'AbortError' ? 'upstream_timeout' : 'fetch_failed',\n message: error && error.message ? String(error.message) : 'fetch failed',\n },\n };\n }\n }\n } else if (action === 'inbound_event_filter') {\n const classified = classifyInboundEvent(args);\n if (!classified.summary) {\n responseBody = {\n ok: false,\n request_id: requestId,\n error: { code: 'invalid_request', message: 'inbound_event_filter requires summary or message' },\n };\n } else {\n const dedupeKey = trimText(args.dedupe_key || `${classified.source}|${classified.type}|${classified.summary}`.toLowerCase().replace(/\\s+/g, ' '));\n const dedupList = getEventDedup();\n const duplicate = dedupList.includes(dedupeKey);\n if (!duplicate) {\n workflowStaticData.eventDedup = pushRetained(dedupList, dedupeKey, maxDedupEntries);\n }\n const eventRecord = {\n ts: now,\n source: classified.source,\n type: classified.type,\n summary: classified.summary,\n severity: classified.severity,\n priority: classified.priority,\n classification: duplicate ? 'deduped' : classified.classification,\n dedupe_key: dedupeKey,\n duplicate,\n event: isPlainObject(args.event) ? args.event : undefined,\n };\n workflowStaticData.inboundEvents = pushRetained(getInboundEvents(), eventRecord, maxEventEntries);\n const notifyAllowed = args.notify !== false;\n const shouldNotify = classified.shouldNotify && !duplicate && notifyAllowed;\n if (shouldNotify) {\n route = 'notify';\n const emoji = classified.classification === 'urgent' ? '\ud83d\udea8' : '\u2139\ufe0f';\n notifyText = `${emoji} ${classified.source}: ${classified.summary}`;\n }\n logAction(`ingested inbound event ${classified.source}`, { classification: eventRecord.classification, duplicate });\n statusCode = 200;\n responseBody = {\n ok: true,\n request_id: requestId,\n result: {\n action: 'inbound_event_filter',\n status: duplicate ? 'deduped' : 'stored',\n classification: eventRecord.classification,\n duplicate,\n notified: shouldNotify,\n event: eventRecord,\n sink: {\n type: 'workflow-static-data',\n key: 'inboundEvents',\n retained_entries: maxEventEntries,\n },\n },\n };\n }\n }\n\n return {\n json: {\n route,\n status_code: statusCode,\n response_body: responseBody,\n notify_text: notifyText,\n },\n };\n})();\n" + "jsCode": "return (async () => {\n const body = ($json.body && typeof $json.body === 'object') ? $json.body : $json;\n const action = typeof body.action === 'string' ? body.action : '';\n const args = (body.args && typeof body.args === 'object' && body.args !== null) ? body.args : {};\n const requestId = typeof body.request_id === 'string' ? body.request_id : '';\n const now = new Date().toISOString();\n const workflowStaticData = $getWorkflowStaticData('global');\n const maxLogEntries = 200;\n const maxQueueEntries = 200;\n const maxHistoryEntries = 200;\n const maxEventEntries = 200;\n const maxDedupEntries = 500;\n\n const clamp = (value, min, max, fallback) => {\n const num = Number(value);\n if (!Number.isFinite(num)) {\n return fallback;\n }\n return Math.max(min, Math.min(max, Math.trunc(num)));\n };\n\n const asString = (value, fallback = '') => (typeof value === 'string' ? value : fallback);\n\n const isPlainObject = (value) => typeof value === 'object' && value !== null && !Array.isArray(value);\n\n const trimText = (value) => asString(value).trim();\n\n const previewText = (value, max = 160) => {\n const text = trimText(value).replace(/\\s+/g, ' ');\n if (text.length <= max) {\n return text;\n }\n return `${text.slice(0, Math.max(0, max - 1)).trimEnd()}\u2026`;\n };\n\n const ensureStringArray = (value) => {\n if (Array.isArray(value)) {\n return value.map((entry) => trimText(entry)).filter(Boolean);\n }\n if (typeof value === 'string') {\n const trimmed = trimText(value);\n return trimmed ? [trimmed] : [];\n }\n return [];\n };\n\n const pushRetained = (list, item, maxEntries) => {\n const target = Array.isArray(list) ? list : [];\n target.push(item);\n if (target.length > maxEntries) {\n target.splice(0, target.length - maxEntries);\n }\n return target;\n };\n\n const makeId = (prefix) => {\n const rand = Math.random().toString(36).slice(2, 10);\n return `${prefix}-${Date.now().toString(36)}-${rand}`;\n };\n\n const htmlEntityDecode = (value) => {\n const text = asString(value)\n .replace(/ /gi, ' ')\n .replace(/&/gi, '&')\n .replace(/</gi, '<')\n .replace(/>/gi, '>')\n .replace(/"/gi, '\"')\n .replace(/'/gi, \"'\");\n return text;\n };\n\n const stripHtml = (value) => htmlEntityDecode(\n asString(value)\n .replace(//gi, ' ')\n .replace(//gi, ' ')\n .replace(//gi, ' ')\n .replace(/<[^>]+>/g, ' ')\n .replace(/\\s+/g, ' ')\n ).trim();\n\n const normalizeHeaders = (headers) => {\n if (!headers || typeof headers.entries !== 'function') {\n return {};\n }\n return Object.fromEntries(Array.from(headers.entries()).map(([key, value]) => [String(key).toLowerCase(), String(value)]));\n };\n\n const getActionLog = () => Array.isArray(workflowStaticData.actionLog) ? workflowStaticData.actionLog : [];\n const getApprovalQueue = () => Array.isArray(workflowStaticData.approvalQueue) ? workflowStaticData.approvalQueue : [];\n const getApprovalHistory = () => Array.isArray(workflowStaticData.approvalHistory) ? workflowStaticData.approvalHistory : [];\n const getInboundEvents = () => Array.isArray(workflowStaticData.inboundEvents) ? workflowStaticData.inboundEvents : [];\n const getEventDedup = () => Array.isArray(workflowStaticData.eventDedup) ? workflowStaticData.eventDedup : [];\n\n const persistActionLog = (entry) => {\n workflowStaticData.actionLog = pushRetained(getActionLog(), entry, maxLogEntries);\n };\n\n const logAction = (text, meta = undefined) => {\n persistActionLog({\n ts: now,\n source: 'openclaw-action',\n request_id: requestId,\n text,\n meta: isPlainObject(meta) ? meta : undefined,\n });\n };\n\n const enqueueApproval = ({ kind, summary, payload, tags = [] }) => {\n const item = {\n id: makeId('approval'),\n kind,\n status: 'pending',\n created_at: now,\n updated_at: now,\n request_id: requestId,\n summary,\n payload,\n tags: Array.isArray(tags) ? tags.filter(Boolean) : [],\n };\n workflowStaticData.approvalQueue = pushRetained(getApprovalQueue(), item, maxQueueEntries);\n return item;\n };\n\n const normalizeFetchResponse = ({ inputUrl, response, rawBody, maxChars }) => {\n const headers = normalizeHeaders(response.headers);\n const contentType = headers['content-type'] || '';\n const isHtml = /text\\/html|application\\/xhtml\\+xml/i.test(contentType);\n const isJson = /application\\/json|application\\/ld\\+json|application\\/problem\\+json/i.test(contentType);\n const titleMatch = isHtml ? rawBody.match(/]*>([\\s\\S]*?)<\\/title>/i) : null;\n const title = titleMatch ? previewText(stripHtml(titleMatch[1]), 200) : '';\n let bodyText = '';\n if (isHtml) {\n bodyText = stripHtml(rawBody);\n } else if (isJson) {\n try {\n bodyText = JSON.stringify(JSON.parse(rawBody), null, 2);\n } catch {\n bodyText = rawBody;\n }\n } else {\n bodyText = rawBody;\n }\n const normalized = bodyText.slice(0, maxChars);\n return {\n url: response.url || inputUrl,\n fetched_url: inputUrl,\n title,\n http_status: response.status,\n content_type: contentType || 'application/octet-stream',\n excerpt: previewText(normalized, 320),\n body_text: normalized,\n text_length: bodyText.length,\n truncated: bodyText.length > normalized.length,\n headers,\n };\n };\n\n const classifyInboundEvent = (eventArgs) => {\n const source = trimText(eventArgs.source || 'event');\n const type = trimText(eventArgs.type || 'event');\n const summary = previewText(eventArgs.summary || eventArgs.message || (isPlainObject(eventArgs.event) ? JSON.stringify(eventArgs.event) : ''), 280);\n const severity = trimText(eventArgs.severity || '').toLowerCase();\n const priority = trimText(eventArgs.priority || '').toLowerCase();\n const extraText = isPlainObject(eventArgs.event) ? JSON.stringify(eventArgs.event) : '';\n const haystack = `${summary} ${extraText}`.toLowerCase();\n let classification = 'watch';\n let shouldNotify = false;\n\n if (\n ['critical', 'urgent', 'sev1', 'sev2', 'high'].includes(severity) ||\n ['critical', 'urgent', 'p1', 'p2', 'high'].includes(priority) ||\n /(outage|down|failed|failure|critical|urgent|blocked|sev1|sev2|database unavailable|cannot reach|immediately|asap)/.test(haystack)\n ) {\n classification = 'urgent';\n shouldNotify = true;\n } else if (\n /(delivery|delivered|package|submission|alert|invoice|payment|review requested|build failed|incident|ticket)/.test(haystack)\n ) {\n classification = 'important';\n shouldNotify = true;\n }\n\n return { source, type, summary, severity, priority, classification, shouldNotify };\n };\n\n let route = 'respond';\n let statusCode = 400;\n let responseBody = {\n ok: false,\n request_id: requestId,\n error: { code: 'unknown_action', message: 'action is not supported' },\n };\n let notifyText = '';\n\n if (action === 'append_log') {\n if (typeof args.text === 'string' && trimText(args.text).length > 0) {\n statusCode = 200;\n const record = {\n ts: now,\n source: trimText(args.source || 'openclaw-action'),\n request_id: requestId,\n text: trimText(args.text),\n meta: isPlainObject(args.meta) ? args.meta : undefined,\n };\n persistActionLog(record);\n responseBody = {\n ok: true,\n request_id: requestId,\n result: {\n action: 'append_log',\n status: 'logged',\n preview: { text: record.text },\n sink: {\n type: 'workflow-static-data',\n key: 'actionLog',\n retained_entries: maxLogEntries,\n },\n },\n };\n } else {\n responseBody = {\n ok: false,\n request_id: requestId,\n error: { code: 'invalid_request', message: 'required args are missing' },\n };\n }\n } else if (action === 'get_logs') {\n const actionLog = getActionLog();\n const limit = clamp(args.limit, 1, 50, 20);\n const entries = actionLog.slice(-limit).reverse();\n statusCode = 200;\n responseBody = {\n ok: true,\n request_id: requestId,\n result: {\n action: 'get_logs',\n status: 'ok',\n count: entries.length,\n total_retained: actionLog.length,\n retained_entries: maxLogEntries,\n entries,\n },\n };\n } else if (action === 'send_notification_draft') {\n const title = trimText(args.title || '');\n const message = trimText(args.message || '');\n if (message) {\n statusCode = 200;\n const item = enqueueApproval({\n kind: 'notification',\n summary: title ? `Notification draft \u2014 ${title}` : `Notification draft \u2014 ${previewText(message, 80)}`,\n payload: {\n title,\n message,\n },\n tags: ['notify', 'approval'],\n });\n logAction(`queued notification draft ${item.id}`, { pending_id: item.id, title_present: Boolean(title) });\n responseBody = {\n ok: true,\n request_id: requestId,\n result: {\n action: 'send_notification_draft',\n status: 'queued_for_approval',\n pending_id: item.id,\n approval_status: item.status,\n preview: {\n title,\n message,\n },\n sink: {\n type: 'workflow-static-data',\n key: 'approvalQueue',\n retained_entries: maxQueueEntries,\n },\n },\n };\n } else {\n responseBody = {\n ok: false,\n request_id: requestId,\n error: { code: 'invalid_request', message: 'send_notification_draft requires message' },\n };\n }\n } else if (action === 'notify') {\n if (typeof args.message === 'string' && trimText(args.message).length > 0) {\n route = 'notify';\n statusCode = 200;\n const title = trimText(args.title || '');\n notifyText = title ? `\ud83d\udd14 ${title}\\n${trimText(args.message)}` : `\ud83d\udd14 ${trimText(args.message)}`;\n responseBody = {\n ok: true,\n request_id: requestId,\n result: {\n action: 'notify',\n status: 'sent',\n preview: { title, message: trimText(args.message) },\n targets: ['telegram', 'discord'],\n },\n };\n logAction(`notify: ${previewText(`${title} ${args.message}`, 180)}`);\n } else {\n responseBody = {\n ok: false,\n request_id: requestId,\n error: { code: 'invalid_request', message: 'required args are missing' },\n };\n }\n } else if (action === 'send_email_draft') {\n const to = ensureStringArray(args.to);\n const cc = ensureStringArray(args.cc);\n const bcc = ensureStringArray(args.bcc);\n const subject = trimText(args.subject || '');\n const bodyText = trimText(args.body_text || '');\n const bodyHtml = trimText(args.body_html || '');\n\n if (to.length > 0 && subject && (bodyText || bodyHtml)) {\n statusCode = 200;\n const item = enqueueApproval({\n kind: 'email_draft',\n summary: `Email draft to ${to.join(', ')} \u2014 ${subject}`,\n payload: {\n to,\n cc,\n bcc,\n subject,\n body_text: bodyText,\n body_html: bodyHtml,\n },\n tags: ['email', 'approval'],\n });\n logAction(`queued email draft ${item.id}`, { pending_id: item.id, subject, to_count: to.length });\n responseBody = {\n ok: true,\n request_id: requestId,\n result: {\n action: 'send_email_draft',\n status: 'queued_for_approval',\n pending_id: item.id,\n approval_status: item.status,\n preview: {\n to,\n cc,\n bcc,\n subject,\n body_excerpt: previewText(bodyText || stripHtml(bodyHtml), 240),\n },\n sink: {\n type: 'workflow-static-data',\n key: 'approvalQueue',\n retained_entries: maxQueueEntries,\n },\n },\n };\n } else {\n responseBody = {\n ok: false,\n request_id: requestId,\n error: {\n code: 'invalid_request',\n message: 'send_email_draft requires to, subject, and body_text or body_html',\n },\n };\n }\n } else if (action === 'create_calendar_event') {\n const title = trimText(args.title || '');\n const start = trimText(args.start || '');\n const end = trimText(args.end || '');\n const startDate = start ? new Date(start) : null;\n const endDate = end ? new Date(end) : null;\n\n if (title && startDate && endDate && Number.isFinite(startDate.getTime()) && Number.isFinite(endDate.getTime()) && endDate > startDate) {\n statusCode = 200;\n const attendees = ensureStringArray(args.attendees);\n const item = enqueueApproval({\n kind: 'calendar_event',\n summary: `Calendar event ${title} @ ${startDate.toISOString()}`,\n payload: {\n calendar: trimText(args.calendar || 'primary') || 'primary',\n title,\n start: startDate.toISOString(),\n end: endDate.toISOString(),\n location: trimText(args.location || ''),\n description: trimText(args.description || ''),\n attendees,\n },\n tags: ['calendar', 'approval'],\n });\n logAction(`queued calendar event ${item.id}`, { pending_id: item.id, title, attendee_count: attendees.length });\n responseBody = {\n ok: true,\n request_id: requestId,\n result: {\n action: 'create_calendar_event',\n status: 'queued_for_approval',\n pending_id: item.id,\n approval_status: item.status,\n preview: {\n calendar: item.payload.calendar,\n title,\n start: item.payload.start,\n end: item.payload.end,\n location: item.payload.location,\n attendees,\n },\n sink: {\n type: 'workflow-static-data',\n key: 'approvalQueue',\n retained_entries: maxQueueEntries,\n },\n },\n };\n } else {\n responseBody = {\n ok: false,\n request_id: requestId,\n error: {\n code: 'invalid_request',\n message: 'create_calendar_event requires title, start, and end with end after start',\n },\n };\n }\n } else if (action === 'approval_queue_add') {\n const kind = trimText(args.kind || 'manual');\n const summary = trimText(args.summary || '');\n if (summary) {\n statusCode = 200;\n const item = enqueueApproval({\n kind,\n summary,\n payload: isPlainObject(args.payload) ? args.payload : {},\n tags: ensureStringArray(args.tags),\n });\n logAction(`queued approval item ${item.id}`, { pending_id: item.id, kind });\n responseBody = {\n ok: true,\n request_id: requestId,\n result: {\n action: 'approval_queue_add',\n status: 'queued',\n pending_id: item.id,\n item,\n },\n };\n } else {\n responseBody = {\n ok: false,\n request_id: requestId,\n error: { code: 'invalid_request', message: 'approval_queue_add requires summary' },\n };\n }\n } else if (action === 'approval_queue_list') {\n const limit = clamp(args.limit, 1, 50, 20);\n const includeHistory = args.include_history === true;\n const pending = getApprovalQueue().slice(-limit).reverse();\n const history = includeHistory ? getApprovalHistory().slice(-limit).reverse() : [];\n statusCode = 200;\n responseBody = {\n ok: true,\n request_id: requestId,\n result: {\n action: 'approval_queue_list',\n status: 'ok',\n pending_count: getApprovalQueue().length,\n history_count: getApprovalHistory().length,\n pending,\n history,\n },\n };\n } else if (action === 'approval_queue_resolve') {\n const id = trimText(args.id || '');\n const decision = trimText(args.decision || '').toLowerCase();\n const queue = getApprovalQueue();\n const index = queue.findIndex((item) => item && item.id === id);\n\n if (!id || !['approve', 'reject'].includes(decision)) {\n responseBody = {\n ok: false,\n request_id: requestId,\n error: { code: 'invalid_request', message: 'approval_queue_resolve requires id and decision=approve|reject' },\n };\n } else if (index === -1) {\n statusCode = 404;\n responseBody = {\n ok: false,\n request_id: requestId,\n error: { code: 'not_found', message: 'approval queue item was not found' },\n };\n } else {\n statusCode = 200;\n const [item] = queue.splice(index, 1);\n workflowStaticData.approvalQueue = queue;\n const resolved = {\n ...item,\n status: decision === 'approve' ? 'approved' : 'rejected',\n resolved_at: now,\n resolution_note: trimText(args.note || ''),\n };\n\n let executed = false;\n let executed_action = '';\n if (decision === 'approve' && resolved.kind === 'notification' && isPlainObject(resolved.payload)) {\n const title = trimText(resolved.payload.title || '');\n const message = trimText(resolved.payload.message || '');\n if (message) {\n route = 'notify';\n notifyText = title ? `\ud83d\udd14 ${title}\n${message}` : `\ud83d\udd14 ${message}`;\n executed = true;\n executed_action = 'notify';\n resolved.execution = {\n action: 'notify',\n status: 'sent',\n executed_at: now,\n };\n }\n }\n\n workflowStaticData.approvalHistory = pushRetained(getApprovalHistory(), resolved, maxHistoryEntries);\n logAction(`resolved approval item ${id}`, { pending_id: id, status: resolved.status, executed, executed_action });\n if (!executed && args.notify_on_resolve === true) {\n route = 'notify';\n const emoji = resolved.status === 'approved' ? '\u2705' : '\ud83d\uded1';\n notifyText = `${emoji} Approval ${resolved.status}\n${resolved.summary}`;\n }\n responseBody = {\n ok: true,\n request_id: requestId,\n result: {\n action: 'approval_queue_resolve',\n status: resolved.status,\n executed,\n executed_action,\n item: resolved,\n },\n };\n }\n } else if (action === 'approval_history_attach_execution') {\n const id = trimText(args.id || '');\n const execution = isPlainObject(args.execution) ? args.execution : null;\n const history = getApprovalHistory();\n const index = history.findIndex((item) => item && item.id === id);\n\n if (!id || !execution) {\n responseBody = {\n ok: false,\n request_id: requestId,\n error: { code: 'invalid_request', message: 'approval_history_attach_execution requires id and execution object' },\n };\n } else if (index === -1) {\n statusCode = 404;\n responseBody = {\n ok: false,\n request_id: requestId,\n error: { code: 'not_found', message: 'approval history item was not found' },\n };\n } else {\n statusCode = 200;\n const existing = history[index];\n const updated = {\n ...existing,\n updated_at: now,\n execution: {\n ...(isPlainObject(existing.execution) ? existing.execution : {}),\n ...execution,\n updated_at: now,\n },\n };\n history[index] = updated;\n workflowStaticData.approvalHistory = history;\n logAction(`attached execution for approval item ${id}`, { pending_id: id, execution_status: updated.execution.status || '' });\n responseBody = {\n ok: true,\n request_id: requestId,\n result: {\n action: 'approval_history_attach_execution',\n status: 'updated',\n item: updated,\n },\n };\n }\n } else if (action === 'fetch_and_normalize_url') {\n const url = trimText(args.url || '');\n const maxChars = clamp(args.max_chars, 500, 20000, 8000);\n const timeoutMs = clamp(args.timeout_ms, 1000, 30000, 10000);\n\n if (!/^https?:\\/\\//i.test(url)) {\n responseBody = {\n ok: false,\n request_id: requestId,\n error: { code: 'invalid_request', message: 'fetch_and_normalize_url requires an http or https url' },\n };\n } else {\n try {\n if (!this || !this.helpers || typeof this.helpers.httpRequest !== 'function') {\n throw new Error('this.helpers.httpRequest is not available in this n8n Code runtime');\n }\n const extraHeaders = isPlainObject(args.headers) ? args.headers : {};\n const requestHeaders = Object.fromEntries(\n Object.entries(extraHeaders)\n .filter(([key, value]) => typeof key === 'string' && typeof value === 'string' && key.trim() && value.trim())\n .map(([key, value]) => [key.trim(), value.trim()])\n );\n\n const skipSslCertificateValidation = args.skip_ssl_certificate_validation === true;\n const upstream = await this.helpers.httpRequest({\n url,\n method: 'GET',\n headers: requestHeaders,\n timeout: timeoutMs,\n json: false,\n encoding: 'text',\n returnFullResponse: true,\n skipSslCertificateValidation,\n });\n\n const headersObj = Object.fromEntries(\n Object.entries(upstream.headers || {}).map(([key, value]) => [\n String(key).toLowerCase(),\n Array.isArray(value) ? value.join(', ') : String(value ?? ''),\n ])\n );\n const response = {\n ok: (upstream.statusCode || 0) >= 200 && (upstream.statusCode || 0) < 300,\n status: upstream.statusCode || 0,\n url: upstream.request?.uri?.href || upstream.request?.href || upstream.url || url,\n headers: { entries: () => Object.entries(headersObj) },\n };\n const rawBody = typeof upstream.body === 'string'\n ? upstream.body\n : JSON.stringify(upstream.body ?? '', null, 2);\n const normalized = normalizeFetchResponse({ inputUrl: url, response, rawBody, maxChars });\n if (!response.ok) {\n statusCode = 502;\n responseBody = {\n ok: false,\n request_id: requestId,\n error: { code: 'upstream_http_error', message: `upstream returned ${response.status}` },\n result: {\n action: 'fetch_and_normalize_url',\n upstream: normalized,\n },\n };\n } else {\n statusCode = 200;\n logAction(`fetched url ${normalized.url}`, { url: normalized.url, content_type: normalized.content_type, http_status: normalized.http_status });\n responseBody = {\n ok: true,\n request_id: requestId,\n result: {\n action: 'fetch_and_normalize_url',\n status: 'ok',\n ...normalized,\n },\n };\n }\n } catch (error) {\n statusCode = 502;\n responseBody = {\n ok: false,\n request_id: requestId,\n error: {\n code: error && error.name === 'AbortError' ? 'upstream_timeout' : 'fetch_failed',\n message: error && error.message ? String(error.message) : 'fetch failed',\n },\n };\n }\n }\n } else if (action === 'inbound_event_filter') {\n const classified = classifyInboundEvent(args);\n if (!classified.summary) {\n responseBody = {\n ok: false,\n request_id: requestId,\n error: { code: 'invalid_request', message: 'inbound_event_filter requires summary or message' },\n };\n } else {\n const dedupeKey = trimText(args.dedupe_key || `${classified.source}|${classified.type}|${classified.summary}`.toLowerCase().replace(/\\s+/g, ' '));\n const dedupList = getEventDedup();\n const duplicate = dedupList.includes(dedupeKey);\n if (!duplicate) {\n workflowStaticData.eventDedup = pushRetained(dedupList, dedupeKey, maxDedupEntries);\n }\n const eventRecord = {\n ts: now,\n source: classified.source,\n type: classified.type,\n summary: classified.summary,\n severity: classified.severity,\n priority: classified.priority,\n classification: duplicate ? 'deduped' : classified.classification,\n dedupe_key: dedupeKey,\n duplicate,\n event: isPlainObject(args.event) ? args.event : undefined,\n };\n workflowStaticData.inboundEvents = pushRetained(getInboundEvents(), eventRecord, maxEventEntries);\n const notifyAllowed = args.notify !== false;\n const shouldNotify = classified.shouldNotify && !duplicate && notifyAllowed;\n if (shouldNotify) {\n route = 'notify';\n const emoji = classified.classification === 'urgent' ? '\ud83d\udea8' : '\u2139\ufe0f';\n notifyText = `${emoji} ${classified.source}: ${classified.summary}`;\n }\n logAction(`ingested inbound event ${classified.source}`, { classification: eventRecord.classification, duplicate });\n statusCode = 200;\n responseBody = {\n ok: true,\n request_id: requestId,\n result: {\n action: 'inbound_event_filter',\n status: duplicate ? 'deduped' : 'stored',\n classification: eventRecord.classification,\n duplicate,\n notified: shouldNotify,\n event: eventRecord,\n sink: {\n type: 'workflow-static-data',\n key: 'inboundEvents',\n retained_entries: maxEventEntries,\n },\n },\n };\n }\n }\n\n return {\n json: {\n route,\n status_code: statusCode,\n response_body: responseBody,\n notify_text: notifyText,\n },\n };\n})();\n" } }, { diff --git a/skills/n8n-webhook/references/openclaw-action.md b/skills/n8n-webhook/references/openclaw-action.md index 4e1892d..227eae4 100644 --- a/skills/n8n-webhook/references/openclaw-action.md +++ b/skills/n8n-webhook/references/openclaw-action.md @@ -20,6 +20,7 @@ It implements a real local OpenClaw → n8n router. - `approval_queue_add` - `approval_queue_list` - `approval_queue_resolve` + - `approval_history_attach_execution` - `fetch_and_normalize_url` - `inbound_event_filter` - returns normalized JSON responses @@ -62,6 +63,13 @@ Example stored record: - appends the resolved entry into: - `approvalHistory` - supports optional notification on approval/rejection +- executes notification drafts inline when the approved item kind is `notification` + +### `approval_history_attach_execution` + +- patches an existing resolved history item in `approvalHistory` +- designed for host-side executors that run outside n8n itself +- used by the included `scripts/resolve-approval-with-gog.py` bridge to attach Gmail/Calendar execution results ### `fetch_and_normalize_url` @@ -158,6 +166,7 @@ scripts/call-action.sh fetch_and_normalize_url --args '{"url":"http://192.168.15 scripts/call-action.sh fetch_and_normalize_url --args '{"url":"https://example.com","skip_ssl_certificate_validation":true}' --pretty scripts/call-action.sh approval_queue_list --args '{"limit":10,"include_history":true}' --pretty scripts/call-action.sh inbound_event_filter --args-file assets/test-inbound-event-filter.json --pretty +python3 scripts/resolve-approval-with-gog.py --id --decision approve --dry-run ``` ## Expected success examples @@ -239,6 +248,22 @@ scripts/call-action.sh inbound_event_filter --args-file assets/test-inbound-even } ``` +## Host bridge notes + +The included host bridge `scripts/resolve-approval-with-gog.py` is for the case where Gmail/Calendar auth exists on the OpenClaw host via `gog`, not inside n8n itself. + +Behavior: +- resolves an approval item through `openclaw-action` +- executes supported kinds on the host: + - `email_draft` → `gog gmail drafts create` + - `calendar_event` → `gog calendar create` +- writes execution metadata back via `approval_history_attach_execution` + +Important automation note: +- real unattended execution needs `GOG_KEYRING_PASSWORD` in the environment +- without it, non-TTY `gog` calls will fail when the file keyring tries to prompt +- `--dry-run` works without touching Google state and is useful for plumbing verification + ## Validation Run the local validator before import/package changes: diff --git a/skills/n8n-webhook/references/payloads.md b/skills/n8n-webhook/references/payloads.md index 0948252..160c5c8 100644 --- a/skills/n8n-webhook/references/payloads.md +++ b/skills/n8n-webhook/references/payloads.md @@ -239,6 +239,29 @@ Request: Purpose: - approve or reject a pending item - moves resolved entries into `approvalHistory` +- executes notification drafts inline when the resolved item kind is `notification` + +### `approval_history_attach_execution` + +Request: + +```json +{ + "action": "approval_history_attach_execution", + "args": { + "id": "approval-abc123", + "execution": { + "driver": "gog", + "op": "gmail.drafts.create", + "status": "draft_created" + } + } +} +``` + +Purpose: +- patch a resolved history item with host-side execution metadata after a real executor runs outside n8n +- intended for bridges such as `gog`-backed Gmail/Calendar execution ### `fetch_and_normalize_url` diff --git a/skills/n8n-webhook/scripts/resolve-approval-with-gog.py b/skills/n8n-webhook/scripts/resolve-approval-with-gog.py new file mode 100755 index 0000000..390dd93 --- /dev/null +++ b/skills/n8n-webhook/scripts/resolve-approval-with-gog.py @@ -0,0 +1,241 @@ +#!/usr/bin/env python3 +import argparse +import json +import os +import subprocess +import sys +import tempfile +import urllib.error +import urllib.request +from pathlib import Path + +DEFAULT_BASE_URL = os.environ.get('N8N_BASE_URL', 'http://192.168.153.113:18808').rstrip('/') +DEFAULT_ACTION_PATH = os.environ.get('N8N_ACTION_PATH', 'openclaw-action').strip('/') +DEFAULT_SECRET_HEADER = os.environ.get('N8N_SECRET_HEADER', 'x-openclaw-secret') + + +def fail(msg: str, code: int = 1): + print(msg, file=sys.stderr) + raise SystemExit(code) + + +def run(cmd, *, env=None): + proc = subprocess.run(cmd, capture_output=True, text=True, env=env) + return proc.returncode, proc.stdout, proc.stderr + + +def gog_account(args_account: str | None) -> str: + account = args_account or os.environ.get('GOG_ACCOUNT', '').strip() + if not account: + fail('missing gog account: pass --account or set GOG_ACCOUNT') + return account + + +def webhook_secret() -> str: + secret = os.environ.get('N8N_WEBHOOK_SECRET', '').strip() + if not secret: + fail('missing N8N_WEBHOOK_SECRET in environment') + return secret + + +def call_action(payload: dict, *, base_url: str, path: str, secret_header: str, secret: str) -> dict: + url = f'{base_url}/webhook/{path}' + req = urllib.request.Request( + url, + data=json.dumps(payload).encode(), + method='POST', + headers={ + 'Content-Type': 'application/json', + 'Accept': 'application/json', + secret_header: secret, + }, + ) + try: + with urllib.request.urlopen(req, timeout=60) as r: + body = r.read().decode('utf-8', 'replace') + return json.loads(body) if body else {} + except urllib.error.HTTPError as e: + body = e.read().decode('utf-8', 'replace') + try: + parsed = json.loads(body) if body else {} + except Exception: + parsed = {'ok': False, 'error': {'code': 'http_error', 'message': body or str(e)}} + parsed.setdefault('http_status', e.code) + return parsed + + +def attach_execution(item_id: str, execution: dict, *, base_url: str, path: str, secret_header: str, secret: str) -> dict: + return call_action( + { + 'action': 'approval_history_attach_execution', + 'args': {'id': item_id, 'execution': execution}, + 'request_id': f'attach-{item_id}', + }, + base_url=base_url, + path=path, + secret_header=secret_header, + secret=secret, + ) + + +def build_email_command(item: dict, account: str, dry_run: bool): + payload = item.get('payload') or {} + body_text = payload.get('body_text') or '' + body_html = payload.get('body_html') or '' + cmd = [ + 'gog', 'gmail', 'drafts', 'create', + '--account', account, + '--json', + '--no-input', + '--to', ','.join(payload.get('to') or []), + '--subject', payload.get('subject') or '', + ] + for key in ('cc', 'bcc'): + vals = payload.get(key) or [] + if vals: + cmd.extend([f'--{key}', ','.join(vals)]) + tmp = None + if body_text: + tmp = tempfile.NamedTemporaryFile('w', delete=False, encoding='utf-8', suffix='.txt') + tmp.write(body_text) + tmp.close() + cmd.extend(['--body-file', tmp.name]) + elif body_html: + # gog requires body or body_html; for HTML-only drafts we can use body_html. + pass + else: + fail('email_draft payload missing body_text/body_html') + if body_html: + cmd.extend(['--body-html', body_html]) + if dry_run: + cmd.append('--dry-run') + return cmd, tmp.name if tmp else None + + +def build_calendar_command(item: dict, account: str, dry_run: bool): + payload = item.get('payload') or {} + calendar = payload.get('calendar') or 'primary' + cmd = [ + 'gog', 'calendar', 'create', calendar, + '--account', account, + '--json', + '--no-input', + '--summary', payload.get('title') or '', + '--from', payload.get('start') or '', + '--to', payload.get('end') or '', + '--send-updates', 'none', + ] + if payload.get('description'): + cmd.extend(['--description', payload['description']]) + if payload.get('location'): + cmd.extend(['--location', payload['location']]) + attendees = payload.get('attendees') or [] + if attendees: + cmd.extend(['--attendees', ','.join(attendees)]) + if dry_run: + cmd.append('--dry-run') + return cmd + + +def parse_json(output: str): + text = output.strip() + if not text: + return None + return json.loads(text) + + +def main(): + ap = argparse.ArgumentParser(description='Resolve an n8n approval item and execute email/calendar actions via gog.') + ap.add_argument('--id', required=True, help='Approval queue item id') + ap.add_argument('--decision', choices=['approve', 'reject'], default='approve') + ap.add_argument('--account', help='Google account email; otherwise uses GOG_ACCOUNT') + ap.add_argument('--dry-run', action='store_true', help='Use gog --dry-run for host execution') + ap.add_argument('--base-url', default=DEFAULT_BASE_URL) + ap.add_argument('--path', default=DEFAULT_ACTION_PATH) + ap.add_argument('--secret-header', default=DEFAULT_SECRET_HEADER) + args = ap.parse_args() + + secret = webhook_secret() + resolved = call_action( + { + 'action': 'approval_queue_resolve', + 'args': {'id': args.id, 'decision': args.decision, 'note': 'resolved by host gog executor', 'notify_on_resolve': False}, + 'request_id': f'resolve-{args.id}', + }, + base_url=args.base_url, + path=args.path, + secret_header=args.secret_header, + secret=secret, + ) + if not resolved.get('ok'): + print(json.dumps(resolved, indent=2)) + raise SystemExit(1) + + result = (resolved.get('result') or {}) + item = result.get('item') or {} + kind = item.get('kind') or '' + + if args.decision == 'reject': + print(json.dumps({'resolved': resolved, 'executed': False, 'reason': 'rejected'}, indent=2)) + return + + if result.get('executed') is True: + print(json.dumps({'resolved': resolved, 'executed': True, 'driver': 'n8n'}, indent=2)) + return + + if kind not in {'email_draft', 'calendar_event'}: + print(json.dumps({'resolved': resolved, 'executed': False, 'reason': f'no host executor for kind {kind}'}, indent=2)) + return + + account = gog_account(args.account) + env = os.environ.copy() + env['GOG_ACCOUNT'] = account + + if kind == 'email_draft': + cmd, tmpfile = build_email_command(item, account, args.dry_run) + op = 'gmail.drafts.create' + success_status = 'draft_created' if not args.dry_run else 'dry_run' + else: + cmd = build_calendar_command(item, account, args.dry_run) + tmpfile = None + op = 'calendar.create' + success_status = 'event_created' if not args.dry_run else 'dry_run' + + try: + code, stdout, stderr = run(cmd, env=env) + finally: + if tmpfile: + try: + Path(tmpfile).unlink(missing_ok=True) + except Exception: + pass + + if code != 0: + execution = { + 'driver': 'gog', + 'op': op, + 'status': 'failed', + 'account': account, + 'dry_run': args.dry_run, + 'stderr': stderr.strip(), + 'stdout': stdout.strip(), + } + attach = attach_execution(item['id'], execution, base_url=args.base_url, path=args.path, secret_header=args.secret_header, secret=secret) + print(json.dumps({'resolved': resolved, 'execution': execution, 'attach': attach}, indent=2)) + raise SystemExit(code) + + parsed = parse_json(stdout) if stdout.strip() else None + execution = { + 'driver': 'gog', + 'op': op, + 'status': success_status, + 'account': account, + 'dry_run': args.dry_run, + 'result': parsed, + } + attach = attach_execution(item['id'], execution, base_url=args.base_url, path=args.path, secret_header=args.secret_header, secret=secret) + print(json.dumps({'resolved': resolved, 'execution': execution, 'attach': attach}, indent=2)) + + +if __name__ == '__main__': + main() diff --git a/skills/n8n-webhook/scripts/validate-workflow.py b/skills/n8n-webhook/scripts/validate-workflow.py index 3535535..2c18787 100755 --- a/skills/n8n-webhook/scripts/validate-workflow.py +++ b/skills/n8n-webhook/scripts/validate-workflow.py @@ -42,6 +42,7 @@ ROUTER_SNIPPETS = [ 'approval_queue_add', 'approval_queue_list', 'approval_queue_resolve', + 'approval_history_attach_execution', 'fetch_and_normalize_url', 'inbound_event_filter', 'unknown_action',