@chrysb/alphaclaw 0.4.6-beta.3 → 0.4.6-beta.5

package/lib/public/js/lib/browse-route.js

@@ -0,0 +1,57 @@
+export const normalizeBrowsePath = (value) => String(value || "").replace(/^\/+|\/+$/g, "");
+
+export const buildBrowseRoute = (relativePath, options = {}) => {
+  const view = String(options?.view || "edit");
+  const encodedPath = String(relativePath || "")
+    .split("/")
+    .filter(Boolean)
+    .map((segment) => encodeURIComponent(segment))
+    .join("/");
+  const baseRoute = encodedPath ? `/browse/${encodedPath}` : "/browse";
+  const params = new URLSearchParams();
+  if (view === "diff" && encodedPath) params.set("view", "diff");
+  if (options.line) params.set("line", String(options.line));
+  if (options.lineEnd) params.set("lineEnd", String(options.lineEnd));
+  const query = params.toString();
+  return query ? `${baseRoute}?${query}` : baseRoute;
+};
+
+export const parseBrowseRoute = ({ location = "", browsePreviewPath = "" } = {}) => {
+  const isBrowseRoute = location.startsWith("/browse");
+  const browseRoutePath = isBrowseRoute ? String(location || "").split("?")[0] : "";
+  const browseRouteQuery =
+    isBrowseRoute && String(location || "").includes("?")
+      ? String(location || "").split("?").slice(1).join("?")
+      : "";
+  const selectedBrowsePath = isBrowseRoute
+    ? browseRoutePath
+        .replace(/^\/browse\/?/, "")
+        .split("/")
+        .filter(Boolean)
+        .map((segment) => {
+          try {
+            return decodeURIComponent(segment);
+          } catch {
+            return segment;
+          }
+        })
+        .join("/")
+    : "";
+  const activeBrowsePath = browsePreviewPath || selectedBrowsePath;
+  const browseQueryParams = isBrowseRoute ? new URLSearchParams(browseRouteQuery) : null;
+  const browseViewerMode =
+    !browsePreviewPath && browseQueryParams?.get("view") === "diff"
+      ? "diff"
+      : "edit";
+  const browseLineTarget = Number.parseInt(browseQueryParams?.get("line") || "", 10) || 0;
+  const browseLineEndTarget = Number.parseInt(browseQueryParams?.get("lineEnd") || "", 10) || 0;
+
+  return {
+    activeBrowsePath,
+    browseLineEndTarget,
+    browseLineTarget,
+    browseViewerMode,
+    isBrowseRoute,
+    selectedBrowsePath,
+  };
+};

package/lib/public/js/lib/format.js

@@ -1,4 +1,9 @@
 const kIntegerFormatter = new Intl.NumberFormat("en-US");
+const kCompactNumberFormatter = new Intl.NumberFormat("en-US", {
+  notation: "compact",
+  minimumFractionDigits: 1,
+  maximumFractionDigits: 1,
+});
 const kUsdFormatter = new Intl.NumberFormat("en-US", {
   style: "currency",
   currency: "USD",
@@ -25,6 +30,13 @@ const isSameDay = (left, right) =>
 export const formatInteger = (value) =>
   kIntegerFormatter.format(Number(value || 0));
 
+export const formatCompactNumber = (value) => {
+  const numberValue = Number(value || 0);
+  if (!Number.isFinite(numberValue)) return "0";
+  if (Math.abs(numberValue) < 1000) return formatInteger(numberValue);
+  return kCompactNumberFormatter.format(numberValue);
+};
+
 export const formatUsd = (value) => kUsdFormatter.format(Number(value || 0));
 
 export const formatLocaleDateTime = (

package/lib/server/auth-profiles.js

@@ -1,62 +1,216 @@
 const fs = require("fs");
 const path = require("path");
-const { AUTH_PROFILES_PATH, CODEX_PROFILE_ID } = require("./constants");
+const { AUTH_PROFILES_PATH, CODEX_PROFILE_ID, OPENCLAW_DIR } = require("./constants");
 
-const createAuthProfiles = () => {
-  const ensureAuthProfilesStore = () => {
-    let store = { version: 1, profiles: {} };
-    try {
-      if (fs.existsSync(AUTH_PROFILES_PATH)) {
-        const parsed = JSON.parse(fs.readFileSync(AUTH_PROFILES_PATH, "utf8"));
-        if (
-          parsed &&
-          typeof parsed === "object" &&
-          parsed.profiles &&
-          typeof parsed.profiles === "object"
-        ) {
-          store = {
-            version: Number(parsed.version || 1),
-            profiles: parsed.profiles,
-            order: parsed.order,
-            lastGood: parsed.lastGood,
-            usageStats: parsed.usageStats,
-          };
-        }
+const kDefaultAgentId = "main";
+
+const normalizeSecret = (raw) =>
+  String(raw ?? "")
+    .replace(/[\r\n\u2028\u2029]/g, "")
+    .trim();
+
+const credentialMode = (credential) => {
+  if (credential.type === "api_key") return "api_key";
+  if (credential.type === "token") return "token";
+  return "oauth";
+};
+
+const resolveAgentDir = (agentId = kDefaultAgentId) =>
+  path.join(OPENCLAW_DIR, "agents", agentId, "agent");
+
+const resolveAuthProfilesPath = (agentId = kDefaultAgentId) =>
+  path.join(resolveAgentDir(agentId), "auth-profiles.json");
+
+const resolveOpenclawConfigPath = () =>
+  path.join(OPENCLAW_DIR, "openclaw.json");
+
+const loadAuthStore = (agentId = kDefaultAgentId) => {
+  const storePath = resolveAuthProfilesPath(agentId);
+  let store = { version: 1, profiles: {} };
+  try {
+    if (fs.existsSync(storePath)) {
+      const parsed = JSON.parse(fs.readFileSync(storePath, "utf8"));
+      if (
+        parsed &&
+        typeof parsed === "object" &&
+        parsed.profiles &&
+        typeof parsed.profiles === "object"
+      ) {
+        store = {
+          version: Number(parsed.version || 1),
+          profiles: parsed.profiles,
+          order: parsed.order,
+          lastGood: parsed.lastGood,
+          usageStats: parsed.usageStats,
+        };
       }
-    } catch {}
-    return store;
+    }
+  } catch {}
+  return store;
+};
+
+const saveAuthStore = (agentId, store) => {
+  const storePath = resolveAuthProfilesPath(agentId);
+  fs.mkdirSync(path.dirname(storePath), { recursive: true });
+  fs.writeFileSync(
+    storePath,
+    JSON.stringify(
+      {
+        version: Number(store.version || 1),
+        profiles: store.profiles || {},
+        ...(store.order !== undefined ? { order: store.order } : {}),
+        ...(store.lastGood !== undefined ? { lastGood: store.lastGood } : {}),
+        ...(store.usageStats !== undefined
+          ? { usageStats: store.usageStats }
+          : {}),
+      },
+      null,
+      2,
+    ),
+  );
+};
+
+const loadOpenclawConfig = () => {
+  const configPath = resolveOpenclawConfigPath();
+  try {
+    return JSON.parse(fs.readFileSync(configPath, "utf8"));
+  } catch {
+    return {};
+  }
+};
+
+const saveOpenclawConfig = (cfg) => {
+  const configPath = resolveOpenclawConfigPath();
+  fs.writeFileSync(configPath, JSON.stringify(cfg, null, 2));
+};
+
+const syncConfigAuthReference = (cfg, profileId, credential) => {
+  const next = { ...cfg };
+  if (!next.auth) next.auth = {};
+  if (!next.auth.profiles) next.auth.profiles = {};
+  next.auth = { ...next.auth, profiles: { ...next.auth.profiles } };
+  next.auth.profiles[profileId] = {
+    provider: credential.provider,
+    mode: credentialMode(credential),
   };
+  return next;
+};
 
-  const saveAuthProfilesStore = (store) => {
-    fs.mkdirSync(path.dirname(AUTH_PROFILES_PATH), { recursive: true });
-    fs.writeFileSync(
-      AUTH_PROFILES_PATH,
-      JSON.stringify(
-        {
-          version: Number(store.version || 1),
-          profiles: store.profiles || {},
-          order: store.order,
-          lastGood: store.lastGood,
-          usageStats: store.usageStats,
-        },
-        null,
-        2,
-      ),
-    );
+const removeConfigAuthReference = (cfg, profileId) => {
+  if (!cfg.auth?.profiles?.[profileId]) return cfg;
+  const next = { ...cfg };
+  next.auth = { ...next.auth, profiles: { ...next.auth.profiles } };
+  delete next.auth.profiles[profileId];
+  if (Object.keys(next.auth.profiles).length === 0) {
+    delete next.auth.profiles;
+  }
+  if (Object.keys(next.auth).length === 0) {
+    delete next.auth;
+  }
+  return next;
+};
+
+const createAuthProfiles = () => {
+  // ── Generic profile operations ──
+
+  const listProfiles = (agentId = kDefaultAgentId) => {
+    const store = loadAuthStore(agentId);
+    return Object.entries(store.profiles || {}).map(([id, cred]) => ({
+      id,
+      ...cred,
+    }));
   };
 
-  const listCodexProfiles = () => {
-    const store = ensureAuthProfilesStore();
-    return Object.entries(store.profiles || {})
-      .filter(([, cred]) => cred?.provider === "openai-codex")
-      .map(([id, cred]) => ({ id, cred }));
+  const listProfilesByProvider = (provider, agentId = kDefaultAgentId) =>
+    listProfiles(agentId).filter((p) => p.provider === provider);
+
+  const getProfile = (profileId, agentId = kDefaultAgentId) => {
+    const store = loadAuthStore(agentId);
+    const cred = store.profiles?.[profileId];
+    if (!cred) return null;
+    return { id: profileId, ...cred };
   };
 
+  const upsertProfile = (profileId, credential, agentId = kDefaultAgentId) => {
+    const store = loadAuthStore(agentId);
+    const sanitized = { ...credential };
+    if (sanitized.key) sanitized.key = normalizeSecret(sanitized.key);
+    if (sanitized.token) sanitized.token = normalizeSecret(sanitized.token);
+    if (sanitized.access) sanitized.access = normalizeSecret(sanitized.access);
+    if (sanitized.refresh)
+      sanitized.refresh = normalizeSecret(sanitized.refresh);
+    store.profiles[profileId] = sanitized;
+    saveAuthStore(agentId, store);
+
+    const cfg = loadOpenclawConfig();
+    const updated = syncConfigAuthReference(cfg, profileId, sanitized);
+    saveOpenclawConfig(updated);
+  };
+
+  const removeProfile = (profileId, agentId = kDefaultAgentId) => {
+    const store = loadAuthStore(agentId);
+    if (!store.profiles[profileId]) return false;
+    delete store.profiles[profileId];
+    saveAuthStore(agentId, store);
+
+    const cfg = loadOpenclawConfig();
+    const updated = removeConfigAuthReference(cfg, profileId);
+    saveOpenclawConfig(updated);
+    return true;
+  };
+
+  const setAuthOrder = (provider, orderedProfileIds, agentId = kDefaultAgentId) => {
+    const store = loadAuthStore(agentId);
+    if (!store.order) store.order = {};
+    store.order[provider] = orderedProfileIds;
+    saveAuthStore(agentId, store);
+  };
+
+  const syncConfigAuthReferencesForAgent = (agentId = kDefaultAgentId) => {
+    const store = loadAuthStore(agentId);
+    let cfg = loadOpenclawConfig();
+    for (const [profileId, credential] of Object.entries(store.profiles || {})) {
+      if (!credential?.type || !credential?.provider) continue;
+      cfg = syncConfigAuthReference(cfg, profileId, credential);
+    }
+    saveOpenclawConfig(cfg);
+  };
+
+  // ── Model config operations ──
+
+  const getModelConfig = () => {
+    const cfg = loadOpenclawConfig();
+    const defaults = cfg.agents?.defaults || {};
+    return {
+      primary: defaults.model?.primary || null,
+      configuredModels: defaults.models || {},
+    };
+  };
+
+  const setModelConfig = ({ primary, configuredModels }) => {
+    const cfg = loadOpenclawConfig();
+    if (!cfg.agents) cfg.agents = {};
+    if (!cfg.agents.defaults) cfg.agents.defaults = {};
+    if (!cfg.agents.defaults.model) cfg.agents.defaults.model = {};
+    if (primary !== undefined) {
+      cfg.agents.defaults.model.primary = primary;
+    }
+    if (configuredModels !== undefined) {
+      cfg.agents.defaults.models = configuredModels;
+    }
+    saveOpenclawConfig(cfg);
+  };
+
+  // ── Legacy Codex-specific wrappers ──
+
+  const listCodexProfiles = () => listProfilesByProvider("openai-codex");
+
   const getCodexProfile = () => {
     const profiles = listCodexProfiles();
     if (profiles.length === 0) return null;
-    const preferred = profiles.find((p) => p.id === CODEX_PROFILE_ID) || profiles[0];
-    return { profileId: preferred.id, ...preferred.cred };
+    const preferred =
+      profiles.find((p) => p.id === CODEX_PROFILE_ID) || profiles[0];
+    return { profileId: preferred.id, ...preferred };
   };
 
   const hasCodexOauthProfile = () => {
@@ -65,20 +219,18 @@ const createAuthProfiles = () => {
   };
 
   const upsertCodexProfile = ({ access, refresh, expires, accountId }) => {
-    const store = ensureAuthProfilesStore();
-    store.profiles[CODEX_PROFILE_ID] = {
+    upsertProfile(CODEX_PROFILE_ID, {
       type: "oauth",
       provider: "openai-codex",
       access,
       refresh,
       expires,
       ...(accountId ? { accountId } : {}),
-    };
-    saveAuthProfilesStore(store);
+    });
   };
 
   const removeCodexProfiles = () => {
-    const store = ensureAuthProfilesStore();
+    const store = loadAuthStore();
     let changed = false;
     for (const [id, cred] of Object.entries(store.profiles || {})) {
       if (cred?.provider === "openai-codex") {
@@ -86,15 +238,34 @@ const createAuthProfiles = () => {
         changed = true;
       }
     }
-    if (changed) saveAuthProfilesStore(store);
+    if (changed) {
+      saveAuthStore(kDefaultAgentId, store);
+      let cfg = loadOpenclawConfig();
+      for (const [id, cred] of Object.entries(cfg.auth?.profiles || {})) {
+        if (cred?.provider === "openai-codex") {
+          cfg = removeConfigAuthReference(cfg, id);
+        }
+      }
+      saveOpenclawConfig(cfg);
+    }
     return changed;
   };
 
   return {
+    listProfiles,
+    listProfilesByProvider,
+    getProfile,
+    upsertProfile,
+    removeProfile,
+    setAuthOrder,
+    syncConfigAuthReferencesForAgent,
+    getModelConfig,
+    setModelConfig,
     getCodexProfile,
     hasCodexOauthProfile,
     upsertCodexProfile,
     removeCodexProfiles,
+    loadAuthStore,
   };
 };
 

package/lib/server/doctor/prompt.js

@@ -37,7 +37,9 @@ Important:
 - Return ONLY valid JSON. No markdown fences. No extra prose.
 
 OpenClaw context injection:
-- OpenClaw automatically injects ALL root-level \`.md\` files (e.g. AGENTS.md, SOUL.md, TOOLS.md, IDENTITY.md, USER.md, HEARTBEAT.md) into the agent's context window as "project context" on every turn.
+- OpenClaw automatically injects a fixed set of named workspace files into the agent's context window ("Project Context") on every turn. The exact set is: \`AGENTS.md\`, \`SOUL.md\`, \`TOOLS.md\`, \`IDENTITY.md\`, \`USER.md\`, \`HEARTBEAT.md\`, and \`BOOTSTRAP.md\` (first-run only).
+- Only these specific files are auto-injected. Other \`.md\` files at the workspace root (e.g. INTERESTS.md, MEMORY.md, README.md) are NOT injected and must be explicitly read by the agent.
+- Do not flag auto-injected files as orphaned or unreferenced — they are loaded by the runtime, not by explicit file references in AGENTS.md.
 - Additionally, AlphaClaw injects bootstrap files from \`hooks/bootstrap/\` (e.g. AGENTS.md, TOOLS.md) as extra context on every turn.
 
 OpenClaw default context:
@@ -106,6 +108,7 @@ ${renderResolvedCards(resolvedCards)}Constraints:
 - Do not re-suggest findings that appear in the "Previously resolved" list above
 - Do not create cards for healthy default-template behavior
 - Do not create cards whose primary recommendation is to refactor AlphaClaw-managed file structure
+- fixPrompt must only reference files the agent can edit. Never suggest editing files listed in "AlphaClaw locked/managed paths" above — they are managed by AlphaClaw, so manual edits would be lost.
 - If there are no meaningful findings, return an empty cards array
 - promptVersion: ${promptVersion}
 `.trim();

package/lib/server/gateway.js

@@ -1,7 +1,13 @@
 const { spawn, execSync } = require("child_process");
 const fs = require("fs");
 const net = require("net");
-const { OPENCLAW_DIR, GATEWAY_HOST, GATEWAY_PORT, kChannelDefs, kRootDir } = require("./constants");
+const {
+  OPENCLAW_DIR,
+  GATEWAY_HOST,
+  GATEWAY_PORT,
+  kChannelDefs,
+  kRootDir,
+} = require("./constants");
 
 let gatewayChild = null;
 let gatewayExitHandler = null;
@@ -11,7 +17,9 @@ let gatewayStderrTail = [];
 const expectedExitPids = new Set();
 
 const appendStderrTail = (chunk) => {
-  const text = Buffer.isBuffer(chunk) ? chunk.toString("utf8") : String(chunk ?? "");
+  const text = Buffer.isBuffer(chunk)
+    ? chunk.toString("utf8")
+    : String(chunk ?? "");
   for (const line of text.split("\n")) {
     const trimmed = line.trimEnd();
     if (!trimmed) continue;
@@ -76,7 +84,9 @@ const runGatewayCmd = (cmd) => {
 
 const launchGatewayProcess = () => {
   if (gatewayChild && gatewayChild.exitCode === null && !gatewayChild.killed) {
-    console.log("[alphaclaw] Managed gateway process already running — skipping launch");
+    console.log(
+      "[alphaclaw] Managed gateway process already running — skipping launch",
+    );
     return gatewayChild;
   }
   gatewayStderrTail = [];
@@ -145,20 +155,24 @@ const restartGateway = (reloadEnv) => {
       gatewayChild.kill("SIGTERM");
       gatewayChild = null;
     } catch (e) {
-      console.log(`[alphaclaw] Failed to stop managed gateway process: ${e.message}`);
+      console.log(
+        `[alphaclaw] Failed to stop managed gateway process: ${e.message}`,
+      );
       runGatewayCmd("stop");
     }
   } else {
     runGatewayCmd("stop");
   }
-  runGatewayCmd("install --force");
+  runGatewayCmd("start");
   const launchWhenReady = async () => {
     const waitUntil = Date.now() + 8000;
     while (Date.now() < waitUntil) {
       if (!(await isGatewayRunning())) break;
       await new Promise((resolve) => setTimeout(resolve, 250));
     }
-    console.log("[alphaclaw] Starting openclaw gateway with refreshed environment...");
+    console.log(
+      "[alphaclaw] Starting openclaw gateway with refreshed environment...",
+    );
     launchGatewayProcess();
   };
   void launchWhenReady();
@@ -275,7 +289,9 @@ const syncChannelConfig = (savedVars, mode = "all") => {
 
 const getChannelStatus = () => {
   try {
-    const config = JSON.parse(fs.readFileSync(`${OPENCLAW_DIR}/openclaw.json`, "utf8"));
+    const config = JSON.parse(
+      fs.readFileSync(`${OPENCLAW_DIR}/openclaw.json`, "utf8"),
+    );
     const credDir = `${OPENCLAW_DIR}/credentials`;
     const channels = {};
 
@@ -287,9 +303,13 @@ const getChannelStatus = () => {
       try {
         const files = fs
           .readdirSync(credDir)
-          .filter((f) => f.startsWith(`${ch}-`) && f.endsWith("-allowFrom.json"));
+          .filter(
+            (f) => f.startsWith(`${ch}-`) && f.endsWith("-allowFrom.json"),
+          );
         for (const file of files) {
-          const data = JSON.parse(fs.readFileSync(`${credDir}/${file}`, "utf8"));
+          const data = JSON.parse(
+            fs.readFileSync(`${credDir}/${file}`, "utf8"),
+          );
           paired += (data.allowFrom || []).length;
         }
       } catch {}