@chrysb/alphaclaw 0.4.6-beta.4 → 0.4.6-beta.6

package/lib/server/auth-profiles.js

@@ -1,62 +1,278 @@
 const fs = require("fs");
 const path = require("path");
-const { AUTH_PROFILES_PATH, CODEX_PROFILE_ID } = require("./constants");
+const { AUTH_PROFILES_PATH, CODEX_PROFILE_ID, OPENCLAW_DIR } = require("./constants");
 
-const createAuthProfiles = () => {
-  const ensureAuthProfilesStore = () => {
-    let store = { version: 1, profiles: {} };
-    try {
-      if (fs.existsSync(AUTH_PROFILES_PATH)) {
-        const parsed = JSON.parse(fs.readFileSync(AUTH_PROFILES_PATH, "utf8"));
-        if (
-          parsed &&
-          typeof parsed === "object" &&
-          parsed.profiles &&
-          typeof parsed.profiles === "object"
-        ) {
-          store = {
-            version: Number(parsed.version || 1),
-            profiles: parsed.profiles,
-            order: parsed.order,
-            lastGood: parsed.lastGood,
-            usageStats: parsed.usageStats,
-          };
-        }
+const kDefaultAgentId = "main";
+const kApiKeyEnvVarByProvider = {
+  anthropic: "ANTHROPIC_API_KEY",
+  openai: "OPENAI_API_KEY",
+  google: "GEMINI_API_KEY",
+  mistral: "MISTRAL_API_KEY",
+  voyage: "VOYAGE_API_KEY",
+  groq: "GROQ_API_KEY",
+  deepgram: "DEEPGRAM_API_KEY",
+};
+
+const normalizeSecret = (raw) =>
+  String(raw ?? "")
+    .replace(/[\r\n\u2028\u2029]/g, "")
+    .trim();
+
+const credentialMode = (credential) => {
+  if (credential.type === "api_key") return "api_key";
+  if (credential.type === "token") return "token";
+  return "oauth";
+};
+
+const getEnvVarForApiKeyProvider = (provider) =>
+  kApiKeyEnvVarByProvider[String(provider || "").trim()] || "";
+
+const getDefaultProfileIdForApiKeyProvider = (provider) => {
+  const normalized = String(provider || "").trim();
+  return normalized ? `${normalized}:default` : "";
+};
+
+const resolveAgentDir = (agentId = kDefaultAgentId) =>
+  path.join(OPENCLAW_DIR, "agents", agentId, "agent");
+
+const resolveAuthProfilesPath = (agentId = kDefaultAgentId) =>
+  path.join(resolveAgentDir(agentId), "auth-profiles.json");
+
+const resolveOpenclawConfigPath = () =>
+  path.join(OPENCLAW_DIR, "openclaw.json");
+
+const hasCompletedOnboardingConfig = (cfg) =>
+  String(cfg?.agents?.defaults?.model?.primary || "").trim().includes("/");
+
+const loadAuthStore = (agentId = kDefaultAgentId) => {
+  const storePath = resolveAuthProfilesPath(agentId);
+  let store = { version: 1, profiles: {} };
+  try {
+    if (fs.existsSync(storePath)) {
+      const parsed = JSON.parse(fs.readFileSync(storePath, "utf8"));
+      if (
+        parsed &&
+        typeof parsed === "object" &&
+        parsed.profiles &&
+        typeof parsed.profiles === "object"
+      ) {
+        store = {
+          version: Number(parsed.version || 1),
+          profiles: parsed.profiles,
+          order: parsed.order,
+          lastGood: parsed.lastGood,
+          usageStats: parsed.usageStats,
+        };
       }
-    } catch {}
-    return store;
-  };
-
-  const saveAuthProfilesStore = (store) => {
-    fs.mkdirSync(path.dirname(AUTH_PROFILES_PATH), { recursive: true });
-    fs.writeFileSync(
-      AUTH_PROFILES_PATH,
-      JSON.stringify(
-        {
-          version: Number(store.version || 1),
-          profiles: store.profiles || {},
-          order: store.order,
-          lastGood: store.lastGood,
-          usageStats: store.usageStats,
-        },
-        null,
-        2,
-      ),
+    }
+  } catch {}
+  return store;
+};
+
+const saveAuthStore = (agentId, store) => {
+  const storePath = resolveAuthProfilesPath(agentId);
+  fs.mkdirSync(path.dirname(storePath), { recursive: true });
+  fs.writeFileSync(
+    storePath,
+    JSON.stringify(
+      {
+        version: Number(store.version || 1),
+        profiles: store.profiles || {},
+        ...(store.order !== undefined ? { order: store.order } : {}),
+        ...(store.lastGood !== undefined ? { lastGood: store.lastGood } : {}),
+        ...(store.usageStats !== undefined
+          ? { usageStats: store.usageStats }
+          : {}),
+      },
+      null,
+      2,
+    ),
+  );
+};
+
+const loadOpenclawConfig = () => {
+  const configPath = resolveOpenclawConfigPath();
+  try {
+    return JSON.parse(fs.readFileSync(configPath, "utf8"));
+  } catch {
+    return {};
+  }
+};
+
+const canSyncOpenclawAuthReferences = () => {
+  const configPath = resolveOpenclawConfigPath();
+  if (!fs.existsSync(configPath)) return false;
+  try {
+    const cfg = JSON.parse(fs.readFileSync(configPath, "utf8"));
+    return hasCompletedOnboardingConfig(cfg);
+  } catch {
+    return false;
+  }
+};
+
+const saveOpenclawConfig = (cfg) => {
+  const configPath = resolveOpenclawConfigPath();
+  fs.writeFileSync(configPath, JSON.stringify(cfg, null, 2));
+};
+
+const syncConfigAuthReference = (cfg, profileId, credential) => {
+  const next = { ...cfg };
+  if (!next.auth) next.auth = {};
+  if (!next.auth.profiles) next.auth.profiles = {};
+  next.auth = { ...next.auth, profiles: { ...next.auth.profiles } };
+  next.auth.profiles[profileId] = {
+    provider: credential.provider,
+    mode: credentialMode(credential),
+  };
+  return next;
+};
+
+const removeConfigAuthReference = (cfg, profileId) => {
+  if (!cfg.auth?.profiles?.[profileId]) return cfg;
+  const next = { ...cfg };
+  next.auth = { ...next.auth, profiles: { ...next.auth.profiles } };
+  delete next.auth.profiles[profileId];
+  if (Object.keys(next.auth.profiles).length === 0) {
+    delete next.auth.profiles;
+  }
+  if (Object.keys(next.auth).length === 0) {
+    delete next.auth;
+  }
+  return next;
+};
+
+const createAuthProfiles = () => {
+  // ── Generic profile operations ──
+
+  const listProfiles = (agentId = kDefaultAgentId) => {
+    const store = loadAuthStore(agentId);
+    return Object.entries(store.profiles || {}).map(([id, cred]) => ({
+      id,
+      ...cred,
+    }));
+  };
+
+  const listProfilesByProvider = (provider, agentId = kDefaultAgentId) =>
+    listProfiles(agentId).filter((p) => p.provider === provider);
+
+  const getProfile = (profileId, agentId = kDefaultAgentId) => {
+    const store = loadAuthStore(agentId);
+    const cred = store.profiles?.[profileId];
+    if (!cred) return null;
+    return { id: profileId, ...cred };
+  };
+
+  const upsertProfile = (profileId, credential, agentId = kDefaultAgentId) => {
+    const store = loadAuthStore(agentId);
+    const sanitized = { ...credential };
+    if (sanitized.key) sanitized.key = normalizeSecret(sanitized.key);
+    if (sanitized.token) sanitized.token = normalizeSecret(sanitized.token);
+    if (sanitized.access) sanitized.access = normalizeSecret(sanitized.access);
+    if (sanitized.refresh)
+      sanitized.refresh = normalizeSecret(sanitized.refresh);
+    store.profiles[profileId] = sanitized;
+    saveAuthStore(agentId, store);
+
+    if (!canSyncOpenclawAuthReferences()) return;
+    const cfg = loadOpenclawConfig();
+    const updated = syncConfigAuthReference(cfg, profileId, sanitized);
+    saveOpenclawConfig(updated);
+  };
+
+  const removeProfile = (profileId, agentId = kDefaultAgentId) => {
+    const store = loadAuthStore(agentId);
+    if (!store.profiles[profileId]) return false;
+    delete store.profiles[profileId];
+    saveAuthStore(agentId, store);
+
+    if (!canSyncOpenclawAuthReferences()) return true;
+    const cfg = loadOpenclawConfig();
+    const updated = removeConfigAuthReference(cfg, profileId);
+    saveOpenclawConfig(updated);
+    return true;
+  };
+
+  const setAuthOrder = (provider, orderedProfileIds, agentId = kDefaultAgentId) => {
+    const store = loadAuthStore(agentId);
+    if (!store.order) store.order = {};
+    store.order[provider] = orderedProfileIds;
+    saveAuthStore(agentId, store);
+  };
+
+  const syncConfigAuthReferencesForAgent = (agentId = kDefaultAgentId) => {
+    if (!canSyncOpenclawAuthReferences()) return;
+    const store = loadAuthStore(agentId);
+    let cfg = loadOpenclawConfig();
+    for (const [profileId, credential] of Object.entries(store.profiles || {})) {
+      if (!credential?.type || !credential?.provider) continue;
+      cfg = syncConfigAuthReference(cfg, profileId, credential);
+    }
+    saveOpenclawConfig(cfg);
+  };
+
+  const upsertApiKeyProfileForEnvVar = (
+    provider,
+    rawValue,
+    agentId = kDefaultAgentId,
+  ) => {
+    const key = normalizeSecret(rawValue);
+    if (!provider || !key) return false;
+    upsertProfile(
+      getDefaultProfileIdForApiKeyProvider(provider),
+      {
+        type: "api_key",
+        provider,
+        key,
+      },
+      agentId,
     );
+    return true;
+  };
+
+  const removeApiKeyProfileForEnvVar = (provider, agentId = kDefaultAgentId) => {
+    const profileId = getDefaultProfileIdForApiKeyProvider(provider);
+    if (!profileId) return false;
+    const existing = getProfile(profileId, agentId);
+    if (!existing) return false;
+    if (existing.type !== "api_key" || existing.provider !== provider) return false;
+    return removeProfile(profileId, agentId);
   };
 
-  const listCodexProfiles = () => {
-    const store = ensureAuthProfilesStore();
-    return Object.entries(store.profiles || {})
-      .filter(([, cred]) => cred?.provider === "openai-codex")
-      .map(([id, cred]) => ({ id, cred }));
+  // ── Model config operations ──
+
+  const getModelConfig = () => {
+    const cfg = loadOpenclawConfig();
+    const defaults = cfg.agents?.defaults || {};
+    return {
+      primary: defaults.model?.primary || null,
+      configuredModels: defaults.models || {},
+    };
   };
 
+  const setModelConfig = ({ primary, configuredModels }) => {
+    const cfg = loadOpenclawConfig();
+    if (!cfg.agents) cfg.agents = {};
+    if (!cfg.agents.defaults) cfg.agents.defaults = {};
+    if (!cfg.agents.defaults.model) cfg.agents.defaults.model = {};
+    if (primary !== undefined) {
+      cfg.agents.defaults.model.primary = primary;
+    }
+    if (configuredModels !== undefined) {
+      cfg.agents.defaults.models = configuredModels;
+    }
+    saveOpenclawConfig(cfg);
+  };
+
+  // ── Legacy Codex-specific wrappers ──
+
+  const listCodexProfiles = () => listProfilesByProvider("openai-codex");
+
   const getCodexProfile = () => {
     const profiles = listCodexProfiles();
     if (profiles.length === 0) return null;
-    const preferred = profiles.find((p) => p.id === CODEX_PROFILE_ID) || profiles[0];
-    return { profileId: preferred.id, ...preferred.cred };
+    const preferred =
+      profiles.find((p) => p.id === CODEX_PROFILE_ID) || profiles[0];
+    return { profileId: preferred.id, ...preferred };
   };
 
   const hasCodexOauthProfile = () => {
@@ -65,20 +281,18 @@ const createAuthProfiles = () => {
   };
 
   const upsertCodexProfile = ({ access, refresh, expires, accountId }) => {
-    const store = ensureAuthProfilesStore();
-    store.profiles[CODEX_PROFILE_ID] = {
+    upsertProfile(CODEX_PROFILE_ID, {
       type: "oauth",
       provider: "openai-codex",
       access,
       refresh,
       expires,
       ...(accountId ? { accountId } : {}),
-    };
-    saveAuthProfilesStore(store);
+    });
   };
 
   const removeCodexProfiles = () => {
-    const store = ensureAuthProfilesStore();
+    const store = loadAuthStore();
     let changed = false;
     for (const [id, cred] of Object.entries(store.profiles || {})) {
       if (cred?.provider === "openai-codex") {
@@ -86,15 +300,39 @@ const createAuthProfiles = () => {
         changed = true;
       }
     }
-    if (changed) saveAuthProfilesStore(store);
+    if (changed) {
+      saveAuthStore(kDefaultAgentId, store);
+      if (!canSyncOpenclawAuthReferences()) return changed;
+      let cfg = loadOpenclawConfig();
+      for (const [id, cred] of Object.entries(cfg.auth?.profiles || {})) {
+        if (cred?.provider === "openai-codex") {
+          cfg = removeConfigAuthReference(cfg, id);
+        }
+      }
+      saveOpenclawConfig(cfg);
+    }
     return changed;
   };
 
   return {
+    listProfiles,
+    listProfilesByProvider,
+    getProfile,
+    upsertProfile,
+    removeProfile,
+    setAuthOrder,
+    syncConfigAuthReferencesForAgent,
+    upsertApiKeyProfileForEnvVar,
+    removeApiKeyProfileForEnvVar,
+    getEnvVarForApiKeyProvider,
+    getDefaultProfileIdForApiKeyProvider,
+    getModelConfig,
+    setModelConfig,
     getCodexProfile,
     hasCodexOauthProfile,
     upsertCodexProfile,
     removeCodexProfiles,
+    loadAuthStore,
   };
 };
 

package/lib/server/constants.js

@@ -153,26 +153,38 @@ const kKnownVars = [
   {
     key: "ANTHROPIC_API_KEY",
     label: "Anthropic API Key",
-    group: "models",
+    group: "ai",
     hint: "From console.anthropic.com",
+    features: ["Models"],
   },
   {
     key: "ANTHROPIC_TOKEN",
     label: "Anthropic Setup Token",
-    group: "models",
+    group: "ai",
     hint: "From claude setup-token",
+    features: ["Models"],
+    visibleInEnvars: false,
   },
   {
     key: "OPENAI_API_KEY",
     label: "OpenAI API Key",
-    group: "models",
+    group: "ai",
     hint: "From platform.openai.com",
+    features: ["Models", "Embeddings", "TTS", "STT"],
   },
   {
     key: "GEMINI_API_KEY",
     label: "Gemini API Key",
-    group: "models",
+    group: "ai",
     hint: "From aistudio.google.com",
+    features: ["Models", "Embeddings", "Image", "STT"],
+  },
+  {
+    key: "ELEVENLABS_API_KEY",
+    label: "ElevenLabs API Key",
+    group: "ai",
+    hint: "From elevenlabs.io (XI_API_KEY also works)",
+    features: ["TTS"],
   },
   {
     key: "GITHUB_TOKEN",
@@ -201,26 +213,30 @@ const kKnownVars = [
   {
     key: "MISTRAL_API_KEY",
     label: "Mistral API Key",
-    group: "models",
+    group: "ai",
     hint: "From console.mistral.ai",
+    features: ["Models", "Embeddings", "STT"],
   },
   {
     key: "VOYAGE_API_KEY",
     label: "Voyage API Key",
-    group: "models",
+    group: "ai",
     hint: "From dash.voyageai.com",
+    features: ["Embeddings"],
   },
   {
     key: "GROQ_API_KEY",
     label: "Groq API Key",
-    group: "models",
+    group: "ai",
     hint: "From console.groq.com",
+    features: ["Models", "STT"],
   },
   {
     key: "DEEPGRAM_API_KEY",
     label: "Deepgram API Key",
-    group: "models",
+    group: "ai",
     hint: "From console.deepgram.com",
+    features: ["STT"],
   },
   {
     key: "BRAVE_API_KEY",

package/lib/server/doctor/service.js

@@ -230,9 +230,6 @@ const createDoctorService = ({
       }
       const stdoutText = String(result.stdout || "");
       const stderrText = String(result.stderr || "");
-      console.log(
-        `[doctor] run ${runId} command result ok=${result.ok} code=${result.code ?? 0} stdout_chars=${stdoutText.length} stderr_chars=${stderrText.length}`,
-      );
       let normalizedResult = null;
       try {
         normalizedResult = normalizeDoctorResult(stdoutText);

package/lib/server/gateway.js

@@ -1,7 +1,13 @@
 const { spawn, execSync } = require("child_process");
 const fs = require("fs");
 const net = require("net");
-const { OPENCLAW_DIR, GATEWAY_HOST, GATEWAY_PORT, kChannelDefs, kRootDir } = require("./constants");
+const {
+  OPENCLAW_DIR,
+  GATEWAY_HOST,
+  GATEWAY_PORT,
+  kChannelDefs,
+  kRootDir,
+} = require("./constants");
 
 let gatewayChild = null;
 let gatewayExitHandler = null;
@@ -11,7 +17,9 @@ let gatewayStderrTail = [];
 const expectedExitPids = new Set();
 
 const appendStderrTail = (chunk) => {
-  const text = Buffer.isBuffer(chunk) ? chunk.toString("utf8") : String(chunk ?? "");
+  const text = Buffer.isBuffer(chunk)
+    ? chunk.toString("utf8")
+    : String(chunk ?? "");
   for (const line of text.split("\n")) {
     const trimmed = line.trimEnd();
     if (!trimmed) continue;
@@ -37,7 +45,19 @@ const gatewayEnv = () => ({
   XDG_CONFIG_HOME: OPENCLAW_DIR,
 });
 
-const isOnboarded = () => fs.existsSync(`${OPENCLAW_DIR}/openclaw.json`);
+const isOnboarded = () => {
+  const configPath = `${OPENCLAW_DIR}/openclaw.json`;
+  if (!fs.existsSync(configPath)) return false;
+  try {
+    const config = JSON.parse(fs.readFileSync(configPath, "utf8"));
+    const primaryModel = String(
+      config?.agents?.defaults?.model?.primary || "",
+    ).trim();
+    return primaryModel.includes("/");
+  } catch {
+    return false;
+  }
+};
 
 const isGatewayRunning = () =>
   new Promise((resolve) => {
@@ -76,7 +96,9 @@ const runGatewayCmd = (cmd) => {
 
 const launchGatewayProcess = () => {
   if (gatewayChild && gatewayChild.exitCode === null && !gatewayChild.killed) {
-    console.log("[alphaclaw] Managed gateway process already running — skipping launch");
+    console.log(
+      "[alphaclaw] Managed gateway process already running — skipping launch",
+    );
     return gatewayChild;
   }
   gatewayStderrTail = [];
@@ -123,6 +145,19 @@ const launchGatewayProcess = () => {
   return child;
 };
 
+const markManagedGatewayExitExpected = () => {
+  if (
+    !gatewayChild ||
+    gatewayChild.exitCode !== null ||
+    gatewayChild.killed ||
+    !gatewayChild.pid
+  ) {
+    return false;
+  }
+  expectedExitPids.add(gatewayChild.pid);
+  return true;
+};
+
 const startGateway = async () => {
   if (!isOnboarded()) {
     console.log("[alphaclaw] Not onboarded yet — skipping gateway start");
@@ -138,30 +173,8 @@ const startGateway = async () => {
 
 const restartGateway = (reloadEnv) => {
   reloadEnv();
-  if (gatewayChild && gatewayChild.exitCode === null && !gatewayChild.killed) {
-    console.log("[alphaclaw] Stopping managed gateway process...");
-    try {
-      expectedExitPids.add(gatewayChild.pid);
-      gatewayChild.kill("SIGTERM");
-      gatewayChild = null;
-    } catch (e) {
-      console.log(`[alphaclaw] Failed to stop managed gateway process: ${e.message}`);
-      runGatewayCmd("stop");
-    }
-  } else {
-    runGatewayCmd("stop");
-  }
-  runGatewayCmd("install --force");
-  const launchWhenReady = async () => {
-    const waitUntil = Date.now() + 8000;
-    while (Date.now() < waitUntil) {
-      if (!(await isGatewayRunning())) break;
-      await new Promise((resolve) => setTimeout(resolve, 250));
-    }
-    console.log("[alphaclaw] Starting openclaw gateway with refreshed environment...");
-    launchGatewayProcess();
-  };
-  void launchWhenReady();
+  markManagedGatewayExitExpected();
+  runGatewayCmd("--force");
 };
 
 const attachGatewaySignalHandlers = () => {
@@ -275,7 +288,9 @@ const syncChannelConfig = (savedVars, mode = "all") => {
 
 const getChannelStatus = () => {
   try {
-    const config = JSON.parse(fs.readFileSync(`${OPENCLAW_DIR}/openclaw.json`, "utf8"));
+    const config = JSON.parse(
+      fs.readFileSync(`${OPENCLAW_DIR}/openclaw.json`, "utf8"),
+    );
     const credDir = `${OPENCLAW_DIR}/credentials`;
     const channels = {};
 
@@ -287,9 +302,13 @@ const getChannelStatus = () => {
       try {
         const files = fs
           .readdirSync(credDir)
-          .filter((f) => f.startsWith(`${ch}-`) && f.endsWith("-allowFrom.json"));
+          .filter(
+            (f) => f.startsWith(`${ch}-`) && f.endsWith("-allowFrom.json"),
+          );
         for (const file of files) {
-          const data = JSON.parse(fs.readFileSync(`${credDir}/${file}`, "utf8"));
+          const data = JSON.parse(
+            fs.readFileSync(`${credDir}/${file}`, "utf8"),
+          );
           paired += (data.allowFrom || []).length;
         }
       } catch {}

package/lib/server/onboarding/index.js

@@ -29,6 +29,7 @@ const createOnboardingService = ({
   resolveGithubRepoUrl,
   resolveModelProvider,
   hasCodexOauthProfile,
+  authProfiles,
   ensureGatewayProxyConfig,
   getBaseUrl,
   startGateway,
@@ -148,6 +149,7 @@ const createOnboardingService = ({
     } catch {}
 
     writeSanitizedOpenclawConfig({ fs, openclawDir: OPENCLAW_DIR, varMap });
+    authProfiles?.syncConfigAuthReferencesForAgent?.();
     ensureGatewayProxyConfig(getBaseUrl(req));
 
     installControlUiSkill({

package/lib/server/onboarding/validation.js

@@ -46,7 +46,7 @@ const validateOnboardingInput = ({ vars, modelKey, resolveModelProvider, hasCode
   const hasAiByProvider = {
     anthropic: !!(varMap.ANTHROPIC_API_KEY || varMap.ANTHROPIC_TOKEN),
     openai: !!varMap.OPENAI_API_KEY,
-    "openai-codex": !!(hasCodexOauth || varMap.OPENAI_API_KEY),
+    "openai-codex": !!hasCodexOauth,
     google: !!varMap.GEMINI_API_KEY,
   };
   const hasAnyAi = !!(
@@ -68,7 +68,7 @@ const validateOnboardingInput = ({ vars, modelKey, resolveModelProvider, hasCode
       return {
         ok: false,
         status: 400,
-        error: "Connect OpenAI Codex OAuth or provide OPENAI_API_KEY before continuing",
+        error: "Connect OpenAI Codex OAuth before continuing",
       };
     }
     return {