@chrysb/alphaclaw 0.4.6-beta.4 → 0.4.6-beta.6

package/lib/server/routes/models.js

@@ -1,6 +1,69 @@
 const { kFallbackOnboardingModels } = require("../constants");
 
-const registerModelRoutes = ({ app, shellCmd, gatewayEnv, parseJsonFromNoisyOutput, normalizeOnboardingModels }) => {
+const runModelsGitSync = async (shellCmd) => {
+  if (typeof shellCmd !== "function") return null;
+  try {
+    await shellCmd('alphaclaw git-sync -m "models: update config" -f "openclaw.json"', {
+      timeout: 30000,
+    });
+    return null;
+  } catch (err) {
+    return err?.message || "alphaclaw git-sync failed";
+  }
+};
+
+const registerModelRoutes = ({
+  app,
+  shellCmd,
+  gatewayEnv,
+  parseJsonFromNoisyOutput,
+  normalizeOnboardingModels,
+  authProfiles,
+  readEnvFile,
+  writeEnvFile,
+  reloadEnv,
+}) => {
+  const upsertEnvVar = (items, key, value) => {
+    const next = Array.isArray(items) ? [...items] : [];
+    const existing = next.find((entry) => entry.key === key);
+    if (existing) {
+      existing.value = value;
+      return next;
+    }
+    next.push({ key, value });
+    return next;
+  };
+
+  const syncEnvVarsForProfiles = (profiles) => {
+    if (
+      !Array.isArray(profiles) ||
+      typeof readEnvFile !== "function" ||
+      typeof writeEnvFile !== "function" ||
+      typeof reloadEnv !== "function"
+    ) {
+      return;
+    }
+    let nextEnvVars = readEnvFile();
+    let changed = false;
+    for (const profile of profiles) {
+      if (profile?.type !== "api_key") continue;
+      const envKey = authProfiles.getEnvVarForApiKeyProvider?.(profile.provider);
+      const envValue = String(profile?.key || "").trim();
+      if (!envKey || !envValue) continue;
+      const prevValue = String(
+        nextEnvVars.find((entry) => entry.key === envKey)?.value || "",
+      );
+      if (prevValue === envValue) continue;
+      nextEnvVars = upsertEnvVar(nextEnvVars, envKey, envValue);
+      changed = true;
+    }
+    if (!changed) return;
+    writeEnvFile(nextEnvVars);
+    reloadEnv();
+  };
+
+  // ── Existing CLI-backed catalog/status routes ──
+
   app.get("/api/models", async (req, res) => {
     try {
       const output = await shellCmd("openclaw models list --all --json", {
@@ -60,7 +123,156 @@ const registerModelRoutes = ({ app, shellCmd, gatewayEnv, parseJsonFromNoisyOutp
       });
       res.json({ ok: true });
     } catch (err) {
-      res.status(400).json({ ok: false, error: err.message || "Failed to set model" });
+      res
+        .status(400)
+        .json({ ok: false, error: err.message || "Failed to set model" });
+    }
+  });
+
+  // ── Model config (direct JSON) ──
+
+  app.get("/api/models/config", (req, res) => {
+    try {
+      const { primary, configuredModels } = authProfiles.getModelConfig();
+      const agentId = req.query.agentId || undefined;
+      const profiles = authProfiles.listProfiles(agentId);
+      const store = authProfiles.loadAuthStore(agentId);
+      res.json({
+        ok: true,
+        primary,
+        configuredModels,
+        authProfiles: profiles,
+        authOrder: store.order || {},
+      });
+    } catch (err) {
+      res
+        .status(500)
+        .json({ ok: false, error: err.message || "Failed to read config" });
+    }
+  });
+
+  app.put("/api/models/config", async (req, res) => {
+    const { primary, configuredModels, profiles, authOrder } = req.body || {};
+    const agentId = req.query.agentId || undefined;
+    if (primary !== undefined && (typeof primary !== "string" || !primary.includes("/"))) {
+      return res
+        .status(400)
+        .json({ ok: false, error: "Invalid primary model key" });
+    }
+    if (
+      configuredModels !== undefined &&
+      (typeof configuredModels !== "object" || configuredModels === null)
+    ) {
+      return res
+        .status(400)
+        .json({ ok: false, error: "Invalid configuredModels" });
+    }
+    try {
+      authProfiles.setModelConfig({ primary, configuredModels });
+
+      if (Array.isArray(profiles)) {
+        for (const { id: profileId, ...credential } of profiles) {
+          if (profileId && credential.type && credential.provider) {
+            authProfiles.upsertProfile(profileId, credential, agentId);
+          }
+        }
+        syncEnvVarsForProfiles(profiles);
+      }
+
+      if (authOrder && typeof authOrder === "object") {
+        for (const [provider, order] of Object.entries(authOrder)) {
+          if (Array.isArray(order)) {
+            authProfiles.setAuthOrder(provider, order, agentId);
+          }
+        }
+      }
+
+      // `auth-profiles.json` is the durable source of truth. Re-sync
+      // `openclaw.json.auth.profiles` on save so model re-adds restore refs.
+      authProfiles.syncConfigAuthReferencesForAgent(agentId);
+
+      const syncWarning = await runModelsGitSync(shellCmd);
+      res.json({
+        ok: true,
+        ...(syncWarning ? { syncWarning } : {}),
+      });
+    } catch (err) {
+      res
+        .status(500)
+        .json({ ok: false, error: err.message || "Failed to save config" });
+    }
+  });
+
+  // ── Auth profiles (direct JSON) ──
+
+  app.get("/api/models/auth", (req, res) => {
+    try {
+      const agentId = req.query.agentId || undefined;
+      const profiles = authProfiles.listProfiles(agentId);
+      const store = authProfiles.loadAuthStore(agentId);
+      res.json({ ok: true, profiles, order: store.order || {} });
+    } catch (err) {
+      res
+        .status(500)
+        .json({
+          ok: false,
+          error: err.message || "Failed to read auth profiles",
+        });
+    }
+  });
+
+  app.put("/api/models/auth/:profileId", (req, res) => {
+    const { profileId } = req.params;
+    const credential = req.body;
+    if (
+      !profileId ||
+      !credential?.type ||
+      !credential?.provider
+    ) {
+      return res
+        .status(400)
+        .json({ ok: false, error: "Missing profileId, type, or provider" });
+    }
+    const validTypes = new Set(["api_key", "token", "oauth"]);
+    if (!validTypes.has(credential.type)) {
+      return res.status(400).json({
+        ok: false,
+        error: `Invalid credential type: ${credential.type}`,
+      });
+    }
+    try {
+      const agentId = req.query.agentId || undefined;
+      authProfiles.upsertProfile(profileId, credential, agentId);
+      syncEnvVarsForProfiles([{ id: profileId, ...credential }]);
+      res.json({ ok: true });
+    } catch (err) {
+      res
+        .status(500)
+        .json({
+          ok: false,
+          error: err.message || "Failed to save auth profile",
+        });
+    }
+  });
+
+  app.delete("/api/models/auth/:profileId", (req, res) => {
+    const { profileId } = req.params;
+    if (!profileId) {
+      return res
+        .status(400)
+        .json({ ok: false, error: "Missing profileId" });
+    }
+    try {
+      const agentId = req.query.agentId || undefined;
+      const removed = authProfiles.removeProfile(profileId, agentId);
+      res.json({ ok: true, removed });
+    } catch (err) {
+      res
+        .status(500)
+        .json({
+          ok: false,
+          error: err.message || "Failed to remove auth profile",
+        });
     }
   });
 };

package/lib/server/routes/onboarding.js

@@ -71,6 +71,7 @@ const registerOnboardingRoutes = ({
   resolveGithubRepoUrl,
   resolveModelProvider,
   hasCodexOauthProfile,
+  authProfiles,
   ensureGatewayProxyConfig,
   getBaseUrl,
   startGateway,
@@ -85,6 +86,7 @@ const registerOnboardingRoutes = ({
     resolveGithubRepoUrl,
     resolveModelProvider,
     hasCodexOauthProfile,
+    authProfiles,
     ensureGatewayProxyConfig,
     getBaseUrl,
     startGateway,

package/lib/server/routes/system.js

@@ -21,6 +21,7 @@ const registerSystemRoutes = ({
   OPENCLAW_DIR,
   restartRequiredState,
   topicRegistry,
+  authProfiles,
 }) => {
   let envRestartPending = false;
   const kEnvVarsReservedForUserInput = new Set([
@@ -93,6 +94,34 @@ const registerSystemRoutes = ({
     }
     return key || "Session";
   };
+  const syncApiKeyAuthProfilesFromEnvVars = (nextEnvVars) => {
+    if (!authProfiles) return;
+    const envMap = new Map(
+      (nextEnvVars || []).map((entry) => [
+        String(entry?.key || "").trim(),
+        String(entry?.value || ""),
+      ]),
+    );
+    const providers = [
+      "anthropic",
+      "openai",
+      "google",
+      "mistral",
+      "voyage",
+      "groq",
+      "deepgram",
+    ];
+    for (const provider of providers) {
+      const envKey = authProfiles.getEnvVarForApiKeyProvider?.(provider);
+      if (!envKey) continue;
+      const value = envMap.get(envKey) || "";
+      if (!value.trim()) {
+        authProfiles.removeApiKeyProfileForEnvVar?.(provider);
+        continue;
+      }
+      authProfiles.upsertApiKeyProfileForEnvVar(provider, value);
+    }
+  };
   const listSendableAgentSessions = async () => {
     const result = await clawCmd("sessions --json", { quiet: true });
     if (!result.ok) {
@@ -168,6 +197,7 @@ const registerSystemRoutes = ({
     }
     return getSystemCronStatus();
   };
+  const isVisibleInEnvars = (def) => def?.visibleInEnvars !== false;
 
   app.get("/api/env", (req, res) => {
     const fileVars = readEnvFile();
@@ -175,6 +205,7 @@ const registerSystemRoutes = ({
 
     for (const def of kKnownVars) {
       if (isReservedUserEnvVar(def.key)) continue;
+      if (!isVisibleInEnvars(def)) continue;
       const fileEntry = fileVars.find((v) => v.key === def.key);
       const value = fileEntry?.value || "";
       merged.push({
@@ -183,6 +214,7 @@ const registerSystemRoutes = ({
         label: def.label,
         group: def.group,
         hint: def.hint,
+        features: def.features,
         source: fileEntry?.value ? "env_file" : "unset",
         editable: true,
       });
@@ -232,10 +264,19 @@ const registerSystemRoutes = ({
     const existingLockedVars = readEnvFile().filter((v) =>
       isReservedUserEnvVar(v.key),
     );
-    const nextEnvVars = [...filtered, ...existingLockedVars];
+    const hiddenKnownVarKeys = new Set(
+      kKnownVars
+        .filter((def) => !isReservedUserEnvVar(def.key) && !isVisibleInEnvars(def))
+        .map((def) => def.key),
+    );
+    const existingHiddenKnownVars = readEnvFile().filter((v) =>
+      hiddenKnownVarKeys.has(v.key),
+    );
+    const nextEnvVars = [...filtered, ...existingHiddenKnownVars, ...existingLockedVars];
     syncChannelConfig(nextEnvVars, "remove");
     writeEnvFile(nextEnvVars);
     const changed = reloadEnv();
+    syncApiKeyAuthProfilesFromEnvVars(nextEnvVars);
     if (changed && isOnboarded()) {
       envRestartPending = true;
     }

package/lib/server/watchdog.js

@@ -364,14 +364,27 @@ const createWatchdog = ({
     }
     if (parsed.ok) {
       const wasUnhealthy = state.health !== "healthy";
+      const recoveredFromCrashLoop = state.lifecycle === "crash_loop";
       state.startupConsecutiveHealthFailures = 0;
       clearDegradedHealthCheckTimer();
       clearExpectedRestartWindow();
       state.health = "healthy";
-      if (state.lifecycle !== "crash_loop") state.lifecycle = "running";
+      state.lifecycle = "running";
       if (!state.uptimeStartedAt || wasUnhealthy) state.uptimeStartedAt = Date.now();
       state.repairAttempts = 0;
       state.crashRecoveryActive = false;
+      if (recoveredFromCrashLoop) {
+        logEvent(
+          "recovery",
+          source,
+          "ok",
+          {
+            previousLifecycle: "crash_loop",
+            health: "healthy",
+          },
+          correlationId,
+        );
+      }
       if (state.pendingRecoveryNoticeSource) {
         const recoverySource = state.pendingRecoveryNoticeSource;
         state.pendingRecoveryNoticeSource = "";

package/lib/server.js

@@ -203,6 +203,10 @@ registerModelRoutes({
   gatewayEnv,
   parseJsonFromNoisyOutput,
   normalizeOnboardingModels,
+  authProfiles,
+  readEnvFile,
+  writeEnvFile,
+  reloadEnv,
 });
 registerOnboardingRoutes({
   app,
@@ -216,6 +220,7 @@ registerOnboardingRoutes({
   resolveGithubRepoUrl,
   resolveModelProvider,
   hasCodexOauthProfile: authProfiles.hasCodexOauthProfile,
+  authProfiles,
   ensureGatewayProxyConfig,
   getBaseUrl,
   startGateway,
@@ -241,6 +246,7 @@ registerSystemRoutes({
   OPENCLAW_DIR: constants.OPENCLAW_DIR,
   restartRequiredState,
   topicRegistry,
+  authProfiles,
 });
 registerBrowseRoutes({
   app,

package/lib/setup/env.template

@@ -6,6 +6,7 @@ ANTHROPIC_API_KEY=
 ANTHROPIC_TOKEN=
 OPENAI_API_KEY=
 GEMINI_API_KEY=
+ELEVENLABS_API_KEY=
 
 # --- GitHub (required) ---
 GITHUB_TOKEN=

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@chrysb/alphaclaw",
-  "version": "0.4.6-beta.4",
+  "version": "0.4.6-beta.6",
   "publishConfig": {
     "access": "public"
   },