npm - @agenthifive/openclaw - Versions diffs - 0.3.4 → 0.3.5 - Mend

@agenthifive/openclaw 0.3.4 → 0.3.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/register.js +1 -1
package/package.json +1 -1
package/patches/README.md +24 -40
package/patches/model-auth.patch +11 -31

package/dist/register.js CHANGED Viewed

@@ -23,7 +23,7 @@ import { verifyPatches } from "./patch-verify.js";
 // ---------------------------------------------------------------------------
 const DEFAULT_BASE_URL = "https://app.agenthifive.com";
 const PLUGIN_ID = "agenthifive";
-const PLUGIN_VERSION = "0.3.3";
+const PLUGIN_VERSION = "0.3.5";
 // ---------------------------------------------------------------------------
 // Module-scoped singletons (lifecycle managed by register/stop)
 // ---------------------------------------------------------------------------

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@agenthifive/openclaw",
-  "version": "0.3.4",
+  "version": "0.3.5",
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/patches/README.md CHANGED Viewed

@@ -1,58 +1,53 @@
 # AgentHiFive OpenClaw Patches
-Optional patches that enable credential proxying features in OpenClaw core.
+Optional patches that enable LLM credential proxying in OpenClaw core.
 **These patches are NOT required for basic functionality.** The AgentHiFive plugin
 works fully without patches — tools, prompt injection, approval flow, and the
 brokered API proxy (Model B) all work out of the box. Patches only enable
 **LLM credential proxying** (routing LLM API calls through the vault).
+## How It Works
+The patch injects a small code block into `resolveApiKeyForProvider()` that checks
+`globalThis.__ah5_runtime` (set by the plugin at startup). When the requested
+provider is in the `proxiedProviders` list, it returns the vault bearer token
+instead of looking up a local API key. Combined with the provider `baseUrl`
+redirect (set in `openclaw.json` by the setup wizard), this routes all LLM
+traffic through the vault's Model B proxy.
 ## Available Patches
 ### `model-auth.patch`
-Adds vault credential resolution to OpenClaw's `resolveApiKeyForProvider()` function
-in `src/agents/model-auth.ts`. This inserts two new resolution tiers before the
-existing local profile lookup:
+Adds vault credential resolution to `src/agents/model-auth.ts`:
 | Tier | What it does | When it activates |
 |------|-------------|-------------------|
-| **Tier 0** | Returns the vault bearer token directly | Provider is in `proxiedProviders` list |
-| **Tier 0.5** | Queries the vault credential provider chain | Always (falls through if no credentials found) |
+| **Tier 0** | Returns the vault bearer token | Provider is in `proxiedProviders` list |
-The patch uses `await import("@agenthifive/openclaw/runtime")` wrapped in try/catch,
-so it's a **complete no-op** when the plugin is not installed — safe for vanilla OpenClaw.
+The patch uses `globalThis.__ah5_runtime` (no dynamic imports), so it's a
+**complete no-op** when the plugin is not installed.
 ## How to Apply
-### Using pnpm patch (recommended)
+### Automatic (recommended)
 ```bash
-# 1. Start the patch session
-pnpm patch openclaw
-# 2. Apply the patch to the extracted directory
-#    (pnpm will print the temporary directory path)
-cd <temp-directory>
-patch -p1 < /path/to/@agenthifive/openclaw/patches/model-auth.patch
-# 3. Commit the patch
-pnpm patch-commit <temp-directory>
+npx @agenthifive/openclaw-setup --base-url https://app.agenthifive.com --bootstrap-secret ah5b_...
 ```
-This adds a `patchedDependencies` entry to your `package.json` that pnpm applies
-automatically on `pnpm install`.
+The setup wizard applies the patch automatically as step 7/7.
-### Manual application
+### Manual with pnpm patch
 ```bash
-cd /path/to/openclaw
-patch -p1 < node_modules/@agenthifive/openclaw/patches/model-auth.patch
+pnpm patch openclaw
+cd <temp-directory>
+patch -p1 < /path/to/@agenthifive/openclaw/patches/model-auth.patch
+pnpm patch-commit <temp-directory>
 ```
-Note: Manual patches are lost on `npm install` / `pnpm install`. Use `pnpm patch`
-for persistence.
 ## Verification
 After applying, the AgentHiFive plugin will log at startup:
@@ -61,25 +56,14 @@ After applying, the AgentHiFive plugin will log at startup:
 AgentHiFive: model-auth patch detected — credential proxying enabled
 ```
-Without the patch, you'll see:
+Without the patch:
 ```
 AgentHiFive: model-auth patch not detected. LLM credential proxying is unavailable.
 ```
-## Compatibility
-| OpenClaw Version | Patch Status |
-|-----------------|-------------|
-| Latest (Mar 2026) | Compatible |
-The patch targets `resolveApiKeyForProvider()` in `src/agents/model-auth.ts`.
-If OpenClaw restructures this function significantly, the patch may need
-regeneration. Check the [AgentHiFive releases](https://github.com/supersantux/AgentH5/releases)
-for updated patches.
 ## When Patches Become Unnecessary
 When OpenClaw merges support for `apiKeyOverride` in the `before_model_resolve`
 hook result type, the plugin can use the hook API directly and patches will be
-deprecated. Track progress in the upstream PR.
+deprecated.

package/patches/model-auth.patch CHANGED Viewed

@@ -1,42 +1,22 @@
 --- a/src/agents/model-auth.ts
 +++ b/src/agents/model-auth.ts
-@@ -289,7 +289,41 @@
+@@ -289,7 +289,22 @@
  }): Promise<ResolvedProviderAuth> {
    const { provider, cfg, profileId, preferredProfile } = params;
    const store = params.store ?? ensureAuthProfileStore(params.agentDir);
-+  // -- Tier 0: AgentHiFive proxied providers (vault bearer token) --
-+  // When the provider is in proxiedProviders, the vault acts as an LLM proxy.
-+  // Return the managed vault bearer token directly -- no local API key needed.
-+  // @agenthifive/openclaw/runtime -- dynamic import is a no-op when plugin is not installed.
++  // -- AgentHiFive: vault LLM proxy (Model B brokered) --
++  // @agenthifive/openclaw/runtime @ah5-patch-v4
 +  try {
-+    const runtime = await import("@agenthifive/openclaw/runtime");
-+    if (runtime.isInitialized()) {
-+      const proxiedProviders = runtime.getProxiedProviders();
-+      if (proxiedProviders.includes(provider)) {
-+        const vaultToken = runtime.getVaultBearerToken();
-+        if (vaultToken) {
-+          return { apiKey: vaultToken, source: "vault:agent-token", mode: "api-key" };
-+        }
-+      }
-+
-+      // -- Tier 0.5: Credential provider chain --
-+      // Try the vault credential provider before local profiles.
-+      const vaultResult = await runtime.resolveCredential({
-+        kind: "model_provider",
-+        provider,
-+        profileId: preferredProfile,
-+      });
-+      if (vaultResult?.apiKey) {
-+        return {
-+          apiKey: vaultResult.apiKey,
-+          source: "credential-provider:vault",
-+          mode: vaultResult.mode ?? "api-key",
-+        };
-+      }
++    const ah5rt = (globalThis as Record<string, unknown>).__ah5_runtime as
++      | { proxiedProviders?: string[]; vaultBearerToken?: string }
++      | undefined;
++    if (ah5rt?.proxiedProviders?.includes(provider) && ah5rt?.vaultBearerToken) {
++      return { apiKey: ah5rt.vaultBearerToken, source: "vault:agent-token", mode: "api-key" };
 +    }
-+  } catch {
-+    // Plugin not installed -- skip vault credential resolution
++  } catch (ah5Err: unknown) {
++    const msg = ah5Err instanceof Error ? ah5Err.message : String(ah5Err);
++    console.error("[AH5 patch] error:", msg);
 +  }
 +
    if (profileId) {