@2en/clawly-plugins 1.30.0-beta.2 → 1.30.0-beta.4

package/config-setup.ts

@@ -17,10 +17,9 @@
 
 import fs from 'node:fs'
 import path from 'node:path'
-
-import type {PluginApi} from './index'
+import JSON5 from 'json5'
 import {autoSanitizeSession} from './gateway/session-sanitize'
-import {resolveGatewayCredentials} from './resolve-gateway-credentials'
+import type {PluginApi} from './index'
 import {
   ENV_KEY_API_KEY,
   ENV_KEY_BASE,
@@ -30,16 +29,14 @@ import {
   stripPathname,
   writeOpenclawConfig,
 } from './model-gateway-setup'
+import {resolveGatewayCredentials} from './resolve-gateway-credentials'
+import type {OpenClawConfig} from './types/openclaw'
 
 export interface ConfigPluginConfig {
   instanceId?: string
   agentId?: string
   agentName?: string
   workspaceDir?: string
-  defaultModel?: string
-  defaultImageModel?: string
-  defaultHeartbeatModel?: string
-  elevenlabsApiKey?: string
   modelGatewayBaseUrl?: string
   modelGatewayToken?: string
   otelToken?: string
@@ -54,7 +51,7 @@ function asObj(value: unknown): Record<string, unknown> {
     : {}
 }
 
-function readFilePluginConfig(config: Record<string, unknown>): ConfigPluginConfig {
+function readFilePluginConfig(config: OpenClawConfig): ConfigPluginConfig {
   const plugins = asObj(config.plugins)
   const entries = asObj(plugins.entries)
   const raw = asObj(entries['clawly-plugins'])
@@ -77,25 +74,12 @@ function mergeDefinedPluginConfig(
   return merged
 }
 
-function toPCMerged(api: PluginApi, config: Record<string, unknown>): ConfigPluginConfig {
+function toPCMerged(api: PluginApi, config: OpenClawConfig): ConfigPluginConfig {
   const fileConfig = readFilePluginConfig(config)
   const runtimeConfig = (api.pluginConfig ?? {}) as ConfigPluginConfig
   return mergeDefinedPluginConfig(fileConfig, runtimeConfig)
 }
 
-const LEGACY_DEFAULT_MODEL = `${PROVIDER_NAME}/anthropic/claude-sonnet-4.6`
-const DEFAULT_ELEVENLABS_VOICE_ID = 'DwwuoY7Uz8AP8zrY5TAo'
-
-function toProviderModelId(model?: string): string {
-  const normalized = model?.trim() ?? ''
-  if (!normalized) return ''
-  return normalized.startsWith(`${PROVIDER_NAME}/`) ? normalized : `${PROVIDER_NAME}/${normalized}`
-}
-
-function resolveDefaultModel(pc: ConfigPluginConfig): string {
-  return toProviderModelId(pc.defaultModel) || LEGACY_DEFAULT_MODEL
-}
-
 // ---------------------------------------------------------------------------
 // Domain helpers — each returns true when config was mutated
 //
@@ -104,7 +88,7 @@ function resolveDefaultModel(pc: ConfigPluginConfig): string {
 // diagnostic UI stays in sync.
 // ---------------------------------------------------------------------------
 
-export function patchAgent(config: Record<string, unknown>, pc: ConfigPluginConfig): boolean {
+export function patchAgent(config: OpenClawConfig, pc: ConfigPluginConfig): boolean {
   if (!pc.agentId) return false
 
   let dirty = false
@@ -138,22 +122,6 @@ export function patchAgent(config: Record<string, unknown>, pc: ConfigPluginConf
     dirty = true
   }
 
-  // model: set-if-missing
-  if (!defaults.model) {
-    defaults.model = {primary: resolveDefaultModel(pc)}
-    dirty = true
-  }
-
-  // imageModel: set-if-missing
-  const defaultImageModel = toProviderModelId(pc.defaultImageModel)
-  if (defaultImageModel && !defaults.imageModel) {
-    defaults.imageModel = {
-      primary: defaultImageModel,
-      fallbacks: [],
-    }
-    dirty = true
-  }
-
   // sandbox.mode: enforce (only set the field we care about)
   const sandbox = (defaults.sandbox ?? {}) as Record<string, unknown>
   if (sandbox.mode !== 'off') {
@@ -162,12 +130,6 @@ export function patchAgent(config: Record<string, unknown>, pc: ConfigPluginConf
     dirty = true
   }
 
-  // verboseDefault: set-if-missing
-  if (defaults.verboseDefault === undefined) {
-    defaults.verboseDefault = 'on'
-    dirty = true
-  }
-
   if (dirty) {
     agents.defaults = defaults
     config.agents = agents
@@ -176,7 +138,7 @@ export function patchAgent(config: Record<string, unknown>, pc: ConfigPluginConf
   return dirty
 }
 
-export function patchGateway(config: Record<string, unknown>): boolean {
+export function patchGateway(config: OpenClawConfig): boolean {
   let dirty = false
   const gateway = (config.gateway ?? {}) as Record<string, unknown>
 
@@ -223,7 +185,7 @@ export function patchGateway(config: Record<string, unknown>): boolean {
   return dirty
 }
 
-export function patchBrowser(config: Record<string, unknown>): boolean {
+export function patchBrowser(config: OpenClawConfig): boolean {
   let dirty = false
 
   // browser: enforce individual fields only
@@ -250,7 +212,7 @@ export function patchBrowser(config: Record<string, unknown>): boolean {
     dirty = true
   }
 
-  // owner: grant mobile/mac app owner permissions (required for cron tool etc.)
+  // ownerAllowFrom: append-if-missing (can't use $include — arrays concatenate)
   const ownerAllowFrom = Array.isArray(commands.ownerAllowFrom)
     ? (commands.ownerAllowFrom as string[])
     : []
@@ -270,264 +232,10 @@ export function patchBrowser(config: Record<string, unknown>): boolean {
   return dirty
 }
 
-export function patchTts(config: Record<string, unknown>, pc: ConfigPluginConfig): boolean {
-  let dirty = false
-  const messages = (config.messages ?? {}) as Record<string, unknown>
-  const tts = (messages.tts ?? {}) as Record<string, unknown>
-  const elevenlabs = (tts.elevenlabs ?? {}) as Record<string, unknown>
-
-  // Credentials: enforce (only when credentials are available)
-  const useProxy = !!(pc.modelGatewayBaseUrl && pc.modelGatewayToken)
-  const hasDirectKey = !!pc.elevenlabsApiKey
-  if (useProxy || hasDirectKey) {
-    const targetApiKey = useProxy ? pc.modelGatewayToken! : pc.elevenlabsApiKey!
-    const targetBaseUrl = useProxy
-      ? `${pc.modelGatewayBaseUrl}/elevenlabs`
-      : 'https://api.elevenlabs.io'
-
-    if (elevenlabs.apiKey !== targetApiKey) {
-      elevenlabs.apiKey = targetApiKey
-      dirty = true
-    }
-    if (elevenlabs.baseUrl !== targetBaseUrl) {
-      elevenlabs.baseUrl = targetBaseUrl
-      dirty = true
-    }
-  }
-
-  // voiceId: set-if-missing (never overwrite user selection)
-  // Use falsy check — old plugin versions (< beta.3) enforced voiceId = ''
-  // which is not undefined but is still an empty/invalid value.
-  // null is also treated as missing here.
-  if (!elevenlabs.voiceId) {
-    elevenlabs.voiceId = DEFAULT_ELEVENLABS_VOICE_ID
-    dirty = true
-  }
-
-  // Tuning: set-if-missing
-  if (tts.auto === undefined) {
-    tts.auto = 'tagged'
-    dirty = true
-  }
-  if (tts.mode === undefined) {
-    tts.mode = 'final'
-    dirty = true
-  }
-  if (tts.provider === undefined) {
-    tts.provider = 'elevenlabs'
-    dirty = true
-  }
-  if (tts.summaryModel === undefined) {
-    tts.summaryModel = resolveDefaultModel(pc)
-    dirty = true
-  }
-  if (tts.modelOverrides === undefined) {
-    tts.modelOverrides = {enabled: true}
-    dirty = true
-  }
-  if (tts.maxTextLength === undefined) {
-    tts.maxTextLength = 4000
-    dirty = true
-  }
-  if (tts.timeoutMs === undefined) {
-    tts.timeoutMs = 30000
-    dirty = true
-  }
-  if (tts.prefsPath === undefined) {
-    tts.prefsPath = '~/.openclaw/settings/tts.json'
-    dirty = true
-  }
-
-  // elevenlabs tuning: set-if-missing
-  if (elevenlabs.modelId === undefined) {
-    elevenlabs.modelId = 'eleven_multilingual_v2'
-    dirty = true
-  }
-  if (elevenlabs.seed === undefined) {
-    elevenlabs.seed = 42
-    dirty = true
-  }
-  if (elevenlabs.applyTextNormalization === undefined) {
-    elevenlabs.applyTextNormalization = 'auto'
-    dirty = true
-  }
-  if (elevenlabs.languageCode === undefined) {
-    elevenlabs.languageCode = 'en'
-    dirty = true
-  }
-  if (elevenlabs.voiceSettings === undefined) {
-    elevenlabs.voiceSettings = {
-      stability: 0.5,
-      similarityBoost: 0.75,
-      style: 0.0,
-      useSpeakerBoost: true,
-      speed: 1.0,
-    }
-    dirty = true
-  }
-
-  if (dirty) {
-    tts.elevenlabs = elevenlabs
-    messages.tts = tts
-    config.messages = messages
-  }
-
-  return dirty
-}
-
-export function patchWebSearch(config: Record<string, unknown>, pc: ConfigPluginConfig): boolean {
-  if (!pc.modelGatewayBaseUrl || !pc.modelGatewayToken) return false
-
-  let dirty = false
-  const tools = (config.tools ?? {}) as Record<string, unknown>
-  const web = (tools.web ?? {}) as Record<string, unknown>
-  const search = (web.search ?? {}) as Record<string, unknown>
-  const perplexity = (search.perplexity ?? {}) as Record<string, unknown>
-
-  // Provider: enforce
-  if (search.provider !== 'perplexity') {
-    search.provider = 'perplexity'
-    dirty = true
-  }
-
-  // Perplexity credentials: enforce (nested under search.perplexity)
-  if (perplexity.apiKey !== pc.modelGatewayToken) {
-    perplexity.apiKey = pc.modelGatewayToken
-    dirty = true
-  }
-  if (perplexity.baseUrl !== pc.modelGatewayBaseUrl) {
-    perplexity.baseUrl = pc.modelGatewayBaseUrl
-    dirty = true
-  }
-
-  // Perplexity model: set-if-missing
-  if (perplexity.model === undefined) {
-    perplexity.model = 'perplexity/sonar-pro'
-    dirty = true
-  }
-
-  // Tuning: set-if-missing
-  if (search.maxResults === undefined) {
-    search.maxResults = 5
-    dirty = true
-  }
-  if (search.timeoutSeconds === undefined) {
-    search.timeoutSeconds = 30
-    dirty = true
-  }
-
-  if (dirty) {
-    search.perplexity = perplexity
-    web.search = search
-    tools.web = web
-    config.tools = tools
-  }
-
-  return dirty
-}
-
-export function patchMemorySearch(
-  config: Record<string, unknown>,
-  pc: ConfigPluginConfig,
-): boolean {
-  if (!pc.modelGatewayBaseUrl || !pc.modelGatewayToken) return false
-
-  let dirty = false
-  const agents = (config.agents ?? {}) as Record<string, unknown>
-  const defaults = (agents.defaults ?? {}) as Record<string, unknown>
-  const ms = (defaults.memorySearch ?? {}) as Record<string, unknown>
-  const remote = (ms.remote ?? {}) as Record<string, unknown>
-  const batch = (remote.batch ?? {}) as Record<string, unknown>
-
-  // Provider: enforce (proxy mimics OpenAI API)
-  if (ms.provider !== 'openai') {
-    ms.provider = 'openai'
-    dirty = true
-  }
-
-  // Model: set-if-missing
-  if (ms.model === undefined) {
-    ms.model = 'text-embedding-3-small'
-    dirty = true
-  }
-
-  // Remote credentials: enforce
-  if (remote.baseUrl !== pc.modelGatewayBaseUrl) {
-    remote.baseUrl = pc.modelGatewayBaseUrl
-    dirty = true
-  }
-  if (remote.apiKey !== pc.modelGatewayToken) {
-    remote.apiKey = pc.modelGatewayToken
-    dirty = true
-  }
-
-  // Batch API not supported through proxy: enforce disabled
-  if (batch.enabled !== false) {
-    batch.enabled = false
-    dirty = true
-  }
-
-  if (dirty) {
-    remote.batch = batch
-    ms.remote = remote
-    defaults.memorySearch = ms
-    agents.defaults = defaults
-    config.agents = agents
-  }
-
-  return dirty
-}
-
-export function patchContextPruning(config: Record<string, unknown>): boolean {
-  const agents = (config.agents ?? {}) as Record<string, unknown>
-  const defaults = (agents.defaults ?? {}) as Record<string, unknown>
-  const cp = (defaults.contextPruning ?? {}) as Record<string, unknown>
-
-  // mode: set-if-missing — enable cache-ttl by default for cost savings,
-  // but don't override if an operator has explicitly configured it.
-  if (cp.mode === undefined) {
-    cp.mode = 'cache-ttl'
-    defaults.contextPruning = cp
-    agents.defaults = defaults
-    config.agents = agents
-    return true
-  }
-
-  return false
-}
-
-const DEFAULT_HEARTBEAT_MODEL = `${PROVIDER_NAME}/moonshotai/kimi-k2.5`
-
-function resolveDefaultHeartbeatModel(pc: ConfigPluginConfig): string {
-  return toProviderModelId(pc.defaultHeartbeatModel) || DEFAULT_HEARTBEAT_MODEL
-}
-
-export function patchHeartbeat(config: Record<string, unknown>, pc: ConfigPluginConfig): boolean {
-  let dirty = false
-  const agents = (config.agents ?? {}) as Record<string, unknown>
-  const defaults = (agents.defaults ?? {}) as Record<string, unknown>
-  const heartbeat = (defaults.heartbeat ?? {}) as Record<string, unknown>
-
-  // model: set-if-missing
-  if (!heartbeat.model) {
-    heartbeat.model = resolveDefaultHeartbeatModel(pc)
-    dirty = true
-  }
-
-  // lightContext: set-if-missing
-  if (heartbeat.lightContext === undefined) {
-    heartbeat.lightContext = true
-    dirty = true
-  }
-
-  if (dirty) {
-    defaults.heartbeat = heartbeat
-    agents.defaults = defaults
-    config.agents = agents
-  }
-
-  return dirty
-}
+// patchTts — migrated to clawly-config-defaults.json5
+// patchWebSearch — migrated to clawly-config-defaults.json5
+// patchMemorySearch — migrated to clawly-config-defaults.json5
+// patchHeartbeat — migrated to clawly-config-defaults.json5
 
 // TODO: Re-enable patchToolPolicy once rollback-safe (deny is sticky — rolling back
 // the plugin leaves web_search permanently denied). Tracked in ENG-1493.
@@ -552,7 +260,7 @@ export function patchHeartbeat(config: Record<string, unknown>, pc: ConfigPlugin
 // }
 
 export function patchEnvVars(
-  config: import('./types/openclaw').OpenClawConfig,
+  config: OpenClawConfig,
   pc: ConfigPluginConfig,
   api: PluginApi,
 ): boolean {
@@ -589,7 +297,7 @@ export function patchEnvVars(
   return dirty
 }
 
-export function patchSession(config: Record<string, unknown>): boolean {
+export function patchSession(config: OpenClawConfig): boolean {
   let dirty = false
 
   // Remove deprecated session.mainKey (OpenClaw v2026.1.5 hardcoded it to "main")
@@ -638,7 +346,7 @@ const INCLUDE_PATH = './extensions/clawly-plugins/clawly-config-defaults.json5'
  * Ensures our defaults file is listed in the config's `$include` array.
  * Returns true if `$include` was modified.
  */
-export function ensureInclude(config: Record<string, unknown>): boolean {
+export function ensureInclude(config: OpenClawConfig & Record<string, unknown>): boolean {
   const existing = config.$include
   let includes: string[]
 
@@ -685,7 +393,7 @@ const NPM_PKG_NAME = '@2en/clawly-plugins'
  * in the provision write-plugins-config step.  Without this record,
  * `openclaw plugins update` cannot function.
  */
-export function patchInstallRecord(config: Record<string, unknown>, stateDir: string): boolean {
+export function patchInstallRecord(config: OpenClawConfig, stateDir: string): boolean {
   const plugins = asObj(config.plugins)
   const installs = asObj(plugins.installs)
 
@@ -734,11 +442,7 @@ export function patchInstallRecord(config: Record<string, unknown>, stateDir: st
   return true
 }
 
-function repairLegacyProvisionState(
-  api: PluginApi,
-  config: Record<string, unknown>,
-  stateDir: string,
-) {
+function repairLegacyProvisionState(api: PluginApi, config: OpenClawConfig, stateDir: string) {
   const installRecordPatched = patchInstallRecord(config, stateDir)
   if (installRecordPatched) {
     api.logger.warn('plugins.installs.clawly-plugins was missing — self-healed from disk.')
@@ -746,10 +450,102 @@ function repairLegacyProvisionState(
   return installRecordPatched
 }
 
+/**
+ * Remove fields from config that are identical to the included defaults.
+ * Since `$include` deep-merges with main config winning, residual values
+ * from old JS set-if-missing code "shadow" the json5 defaults and prevent
+ * future default updates from taking effect.
+ *
+ * Only prunes leaf values that exactly match.
+ * Returns true if any field was deleted.
+ */
+function stableStringify(v: unknown): string {
+  if (v !== null && typeof v === 'object' && !Array.isArray(v)) {
+    const obj = v as Record<string, unknown>
+    return `{${Object.keys(obj)
+      .sort()
+      .map((k) => `${JSON.stringify(k)}:${stableStringify(obj[k])}`)
+      .join(',')}}`
+  }
+  return JSON.stringify(v)
+}
+
+export function pruneIncludedDefaults(
+  config: Record<string, unknown>,
+  defaults: Record<string, unknown>,
+): boolean {
+  let pruned = false
+
+  function walk(defaultsNode: Record<string, unknown>, configNode: Record<string, unknown>): void {
+    for (const key of Object.keys(defaultsNode)) {
+      const defaultVal = defaultsNode[key]
+      const configVal = configNode[key]
+      if (configVal === undefined) continue
+
+      // Both are plain objects → recurse
+      if (
+        defaultVal !== null &&
+        typeof defaultVal === 'object' &&
+        !Array.isArray(defaultVal) &&
+        configVal !== null &&
+        typeof configVal === 'object' &&
+        !Array.isArray(configVal)
+      ) {
+        walk(defaultVal as Record<string, unknown>, configVal as Record<string, unknown>)
+        // Clean up empty parent objects left behind after pruning
+        if (Object.keys(configVal as Record<string, unknown>).length === 0) {
+          delete configNode[key]
+          pruned = true
+        }
+        continue
+      }
+
+      // Both are non-empty arrays → remove config elements that exist in defaults
+      if (Array.isArray(defaultVal) && defaultVal.length > 0 && Array.isArray(configVal)) {
+        const defaultSet = new Set(defaultVal.map((v) => stableStringify(v)))
+        const filtered = configVal.filter((v) => !defaultSet.has(stableStringify(v)))
+        if (filtered.length !== configVal.length) {
+          if (filtered.length === 0) {
+            delete configNode[key]
+          } else {
+            configNode[key] = filtered
+          }
+          pruned = true
+        }
+        continue
+      }
+
+      // Leaf comparison: use stableStringify for key-order-insensitive deep equality
+      if (stableStringify(configVal) === stableStringify(defaultVal)) {
+        delete configNode[key]
+        pruned = true
+      }
+    }
+  }
+
+  walk(defaults, config)
+  return pruned
+}
+
+/**
+ * Load and parse clawly-config-defaults.json5 from the plugin install directory.
+ * Uses the bundled `json5` package (declared in package.json).
+ */
+function loadIncludedDefaults(stateDir: string): Record<string, unknown> | null {
+  const defaultsPath = path.join(stateDir, INCLUDE_PATH)
+  try {
+    const raw = fs.readFileSync(defaultsPath, 'utf-8')
+    return JSON5.parse(raw) as Record<string, unknown>
+  } catch {
+    return null
+  }
+}
+
 function reconcileRuntimeConfig(
   api: PluginApi,
-  config: Record<string, unknown>,
+  config: OpenClawConfig,
   pc: ConfigPluginConfig,
+  stateDir: string,
 ): boolean {
   // Ensure gateway credentials are available to all patchers.
   // After a force-update, runtime pluginConfig may be empty and on-disk
@@ -764,17 +560,20 @@ function reconcileRuntimeConfig(
   }
 
   let dirty = false
-  dirty = patchEnvVars(config as import('./types/openclaw').OpenClawConfig, pc, api) || dirty
+  dirty = patchEnvVars(config, pc, api) || dirty
   dirty = patchAgent(config, pc) || dirty
-  dirty = patchContextPruning(config) || dirty
-  dirty = patchHeartbeat(config, pc) || dirty
   dirty = patchGateway(config) || dirty
   dirty = patchBrowser(config) || dirty
   dirty = patchSession(config) || dirty
-  dirty = patchTts(config, pc) || dirty
-  dirty = patchWebSearch(config, pc) || dirty
-  dirty = patchMemorySearch(config, pc) || dirty
-  dirty = patchModelGateway(config as import('./types/openclaw').OpenClawConfig, api) || dirty
+  dirty = patchModelGateway(config, api) || dirty
+
+  const defaults = loadIncludedDefaults(stateDir)
+  if (defaults) {
+    dirty = pruneIncludedDefaults(config, defaults) || dirty
+  } else {
+    api.logger.warn('Config setup: failed to load included defaults, skipping dedup.')
+  }
+
   return dirty
 }
 
@@ -789,6 +588,15 @@ export function setupConfig(api: PluginApi): void {
     return
   }
 
+  // OpenClaw exposes three config layers:
+  //   parsed   — raw JSON from openclaw.json (no $include, no env expansion)
+  //   resolved — parsed + $include deep-merge + ${ENV} interpolation
+  //   runtime  — resolved + SecretRef resolution, cached in-memory snapshot
+  //
+  // We need parsed: patchers mutate raw fields and write back via
+  // writeConfigFile, which diffs against the runtime snapshot and projects
+  // changes onto the source file. Using resolved/runtime would inline
+  // $include defaults into openclaw.json, defeating the json5 migration.
   const configPath = path.join(stateDir, 'openclaw.json')
   const config = readOpenclawConfig(configPath)
   const pc = toPCMerged(api, config)
@@ -797,12 +605,20 @@ export function setupConfig(api: PluginApi): void {
   dirty = ensureInclude(config) || dirty
   hardenIncludePermissions(stateDir, api)
   dirty = repairLegacyProvisionState(api, config, stateDir) || dirty
-  dirty = reconcileRuntimeConfig(api, config, pc) || dirty
+  dirty = reconcileRuntimeConfig(api, config, pc, stateDir) || dirty
 
   if (dirty) {
     try {
       writeOpenclawConfig(configPath, config)
       api.logger.info('Config setup: patched openclaw.json.')
+      // Refresh the gateway's in-memory runtime config snapshot.
+      // The sync write above updates the file on disk, but the gateway
+      // caches config via runtimeConfigSnapshot (set during startup by
+      // the secrets system). Without this refresh, loadConfig() keeps
+      // returning the stale pre-patch config until the next restart.
+      void api.runtime.config.writeConfigFile(config).catch((err) => {
+        api.logger.warn(`Config setup: runtime snapshot refresh failed: ${(err as Error).message}`)
+      })
     } catch (err) {
       api.logger.error(`Config setup failed: ${(err as Error).message}`)
     }

package/gateway/index.ts

@@ -3,7 +3,6 @@ import {registerAgentSend} from './agent'
 import {registerCalendarNative} from './calendar-native'
 import {registerAnalytics} from './analytics'
 import {registerAudit} from './audit'
-import {registerNodeDangerousAllowlist} from './node-dangerous-allowlist'
 import {registerClawhub2gateway} from './clawhub2gateway'
 import {registerConfigRepair} from './config-repair'
 import {registerConfigTimezone} from './config-timezone'
@@ -64,6 +63,5 @@ export function registerGateway(api: PluginApi) {
   registerPairing(api)
   registerVersion(api)
   registerAudit(api)
-  registerNodeDangerousAllowlist(api)
   registerCalendarNative(api)
 }