@chrysb/alphaclaw 0.9.11 → 0.9.13

package/lib/server/routes/nodes.js

@@ -12,12 +12,46 @@ const kAllowedExecAsk = new Set(["off", "on-miss", "always"]);
 const kSafeNodeIdPattern = /^[\w\-:.]+$/;
 const kNodeBrowserInvokeTimeoutMs = 30000;
 const kNodeBrowserCliTimeoutMs = 35000;
-const kNodeRouteCliTimeoutMs = 12000;
-const kNodesStatusCliTimeoutMs = 5000;
-const kNodesPendingCliTimeoutMs = 5000;
+const kDefaultNodeRouteCliTimeoutMs = 12000;
+const kDefaultNodesStatusCliTimeoutMs = 12000;
+const kDefaultNodesPendingCliTimeoutMs = 12000;
 
 const quoteCliArg = (value) => quoteShellArg(value, { strategy: "single" });
 
+const resolveCliTimeoutMs = (envName, fallbackMs, env = process.env) => {
+  const parsed = Number(env[envName]);
+  if (!Number.isFinite(parsed) || parsed <= 0) return fallbackMs;
+  return Math.round(parsed);
+};
+
+const resolveNodeCliTimeouts = (env = process.env) => ({
+  route: resolveCliTimeoutMs(
+    "ALPHACLAW_NODE_ROUTE_TIMEOUT_MS",
+    kDefaultNodeRouteCliTimeoutMs,
+    env,
+  ),
+  status: resolveCliTimeoutMs(
+    "ALPHACLAW_NODES_STATUS_TIMEOUT_MS",
+    kDefaultNodesStatusCliTimeoutMs,
+    env,
+  ),
+  pending: resolveCliTimeoutMs(
+    "ALPHACLAW_NODES_PENDING_TIMEOUT_MS",
+    kDefaultNodesPendingCliTimeoutMs,
+    env,
+  ),
+});
+
+const isCliTimeoutResult = (result) =>
+  Boolean(result?.timedOut || (result?.killed && result?.signal));
+
+const formatCliFailure = ({ result, fallback, timeoutLabel, timeoutMs }) => {
+  if (isCliTimeoutResult(result)) {
+    return `${timeoutLabel} CLI timed out after ${timeoutMs}ms`;
+  }
+  return String(result?.stderr || "").trim() || fallback;
+};
+
 const normalizeExecAsk = (value) => {
   const normalized = String(value || "").trim().toLowerCase();
   if (normalized === "on") return "on-miss";
@@ -159,21 +193,28 @@ const registerNodeRoutes = ({
   gatewayToken = "",
   fsModule,
 }) => {
+  const cliTimeouts = resolveNodeCliTimeouts();
+
   app.get("/api/nodes", async (_req, res) => {
     const statusResult = await clawCmd("nodes status --json", {
       quiet: true,
-      timeoutMs: kNodesStatusCliTimeoutMs,
+      timeoutMs: cliTimeouts.status,
     });
     if (!statusResult.ok) {
       return res.status(500).json({
         ok: false,
-        error: statusResult.stderr || "Could not load nodes status",
+        error: formatCliFailure({
+          result: statusResult,
+          fallback: "Could not load nodes status",
+          timeoutLabel: "nodes status",
+          timeoutMs: cliTimeouts.status,
+        }),
       });
     }
     const status = parseNodesStatus(statusResult.stdout);
     const pendingResult = await clawCmd("nodes pending --json", {
       quiet: true,
-      timeoutMs: kNodesPendingCliTimeoutMs,
+      timeoutMs: cliTimeouts.pending,
     });
     const pending = pendingResult.ok
       ? parseNodesPending(pendingResult.stdout)
@@ -220,14 +261,17 @@ const registerNodeRoutes = ({
     for (const command of commands) {
       const result = await clawCmd(command, {
         quiet: true,
-        timeoutMs: kNodeRouteCliTimeoutMs,
+        timeoutMs: cliTimeouts.route,
       });
       if (!result.ok) {
         return res.status(500).json({
           ok: false,
-          error:
-            result.stderr ||
-            `Could not apply node routing (${command})`,
+          error: formatCliFailure({
+            result,
+            fallback: `Could not apply node routing (${command})`,
+            timeoutLabel: "node routing",
+            timeoutMs: cliTimeouts.route,
+          }),
         });
       }
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@chrysb/alphaclaw",
-  "version": "0.9.11",
+  "version": "0.9.13",
   "publishConfig": {
     "access": "public"
   },
@@ -19,14 +19,11 @@
   },
   "files": [
     "bin/",
-    "lib/",
-    "patches/",
-    "scripts/apply-openclaw-patches.js"
+    "lib/"
   ],
   "scripts": {
     "start": "node bin/alphaclaw.js start",
     "build:ui": "node scripts/build-ui.mjs",
-    "postinstall": "node ./scripts/apply-openclaw-patches.js",
     "test": "vitest run",
     "test:watch": "vitest",
     "test:watchdog": "vitest run tests/server/watchdog.test.js tests/server/watchdog-db.test.js tests/server/routes-watchdog.test.js",
@@ -36,8 +33,7 @@
   "dependencies": {
     "express": "^4.21.0",
     "http-proxy": "^1.18.1",
-    "openclaw": "2026.4.23",
-    "patch-package": "^8.0.1",
+    "openclaw": "2026.5.2",
     "ws": "^8.19.0"
   },
   "devDependencies": {

package/patches/openclaw+2026.4.23.patch

@@ -1,63 +0,0 @@
-diff --git a/node_modules/openclaw/dist/plugin-sdk/src/config/zod-schema.d.ts b/node_modules/openclaw/dist/plugin-sdk/src/config/zod-schema.d.ts
-index 8964b19..2285c33 100644
---- a/node_modules/openclaw/dist/plugin-sdk/src/config/zod-schema.d.ts
-+++ b/node_modules/openclaw/dist/plugin-sdk/src/config/zod-schema.d.ts
-@@ -4171,6 +4171,7 @@ export declare const OpenClawSchema: z.ZodObject<{
-             enabled: z.ZodOptional<z.ZodBoolean>;
-             hooks: z.ZodOptional<z.ZodObject<{
-                 allowPromptInjection: z.ZodOptional<z.ZodBoolean>;
-+                allowConversationAccess: z.ZodOptional<z.ZodBoolean>;
-             }, z.core.$strict>>;
-             subagent: z.ZodOptional<z.ZodObject<{
-                 allowModelOverride: z.ZodOptional<z.ZodBoolean>;
-diff --git a/node_modules/openclaw/dist/runtime-schema-Dgzy-2rz.js b/node_modules/openclaw/dist/runtime-schema-Dgzy-2rz.js
-index eaaaab6..9847a80 100644
---- a/node_modules/openclaw/dist/runtime-schema-Dgzy-2rz.js
-+++ b/node_modules/openclaw/dist/runtime-schema-Dgzy-2rz.js
-@@ -19939,5 +19939,12 @@ const GENERATED_BASE_CONFIG_SCHEMA = {
--									properties: { allowPromptInjection: {
--										type: "boolean",
--										title: "Allow Prompt Injection Hooks",
--										description: "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior."
--									} },
-+									properties: {
-+										allowPromptInjection: {
-+											type: "boolean",
-+											title: "Allow Prompt Injection Hooks",
-+											description: "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior."
-+										},
-+										allowConversationAccess: {
-+											type: "boolean",
-+											title: "Allow Conversation Access Hooks",
-+											description: "Explicitly allows a non-bundled plugin to receive conversation content in typed hooks. Keep false unless the plugin is trusted to inspect conversation data."
-+										}
-+									},
-@@ -24760,0 +24761,5 @@ const GENERATED_BASE_CONFIG_SCHEMA = {
-+		"plugins.entries.*.hooks.allowConversationAccess": {
-+			label: "Allow Conversation Access Hooks",
-+			help: "Explicitly allows a non-bundled plugin to receive conversation content in typed hooks. Keep false unless the plugin is trusted to inspect conversation data.",
-+			tags: ["access"]
-+		},
-diff --git a/node_modules/openclaw/dist/server.impl-DhtU4okW.js b/node_modules/openclaw/dist/server.impl-DhtU4okW.js
-index 93890d3..7b3c701 100644
---- a/node_modules/openclaw/dist/server.impl-DhtU4okW.js
-+++ b/node_modules/openclaw/dist/server.impl-DhtU4okW.js
-@@ -11165,7 +11165,7 @@ function attachGatewayWsMessageHandler(params) {
- 					close(1008, truncateCloseReason(authMessage));
- 				};
- 				const clearUnboundScopes = () => {
--					if (scopes.length > 0) {
-+					if (scopes.length > 0 && !sharedAuthOk) {
- 						scopes = [];
- 						connectParams.scopes = scopes;
- 					}
-diff --git a/node_modules/openclaw/dist/zod-schema-BhKK4qYw.js b/node_modules/openclaw/dist/zod-schema-BhKK4qYw.js
-index 1dc871e..6803778 100644
---- a/node_modules/openclaw/dist/zod-schema-BhKK4qYw.js
-+++ b/node_modules/openclaw/dist/zod-schema-BhKK4qYw.js
-@@ -775 +775,4 @@ const PluginEntrySchema = z.object({
--	hooks: z.object({ allowPromptInjection: z.boolean().optional() }).strict().optional(),
-+	hooks: z.object({
-+		allowPromptInjection: z.boolean().optional(),
-+		allowConversationAccess: z.boolean().optional()
-+	}).strict().optional(),

package/scripts/apply-openclaw-patches.js

@@ -1,99 +0,0 @@
-/**
- * patch-package resolves paths relative to the npm/yarn project root (where the
- * lockfile lives). When this package's postinstall runs, process.cwd() is often
- * this package directory, so a plain `patch-package` call treats that as the
- * app root and looks for ./node_modules/openclaw under it — but openclaw is
- * usually hoisted to the consumer's top-level node_modules.
- *
- * This script finds the real install root (directory containing a lockfile) and
- * runs patch-package there with --patch-dir pointing at our bundled patches/.
- */
-const { spawnSync } = require("child_process");
-const fs = require("fs");
-const path = require("path");
-
-const kAlphaclawRoot = path.join(__dirname, "..");
-
-const findProjectRootFromOpenclawDir = (openclawDir) => {
-  let dir = path.resolve(openclawDir);
-  for (let i = 0; i < 30; i += 1) {
-    if (
-      fs.existsSync(path.join(dir, "package-lock.json")) ||
-      fs.existsSync(path.join(dir, "yarn.lock")) ||
-      fs.existsSync(path.join(dir, "pnpm-lock.yaml"))
-    ) {
-      return dir;
-    }
-    const parent = path.dirname(dir);
-    if (parent === dir) break;
-    dir = parent;
-  }
-  return path.dirname(path.dirname(openclawDir));
-};
-
-const main = () => {
-  const patchesDir = path.join(kAlphaclawRoot, "patches");
-  if (!fs.existsSync(patchesDir)) {
-    return;
-  }
-  const hasPatch = fs
-    .readdirSync(patchesDir)
-    .some((name) => name.endsWith(".patch"));
-  if (!hasPatch) {
-    return;
-  }
-
-  let openclawMainPath;
-  try {
-    openclawMainPath = require.resolve("openclaw", { paths: [kAlphaclawRoot] });
-  } catch {
-    return;
-  }
-
-  const openclawDir = (() => {
-    let dir = path.dirname(openclawMainPath);
-    for (let i = 0; i < 8; i += 1) {
-      const pkgPath = path.join(dir, "package.json");
-      if (fs.existsSync(pkgPath)) {
-        try {
-          const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf8"));
-          if (pkg.name === "openclaw") return dir;
-        } catch {
-          /* continue */
-        }
-      }
-      const parent = path.dirname(dir);
-      if (parent === dir) break;
-      dir = parent;
-    }
-    return path.dirname(path.dirname(openclawMainPath));
-  })();
-  const projectRoot = findProjectRootFromOpenclawDir(openclawDir);
-
-  let relPatchDir = path.relative(projectRoot, patchesDir);
-  if (relPatchDir.startsWith("..") || path.isAbsolute(relPatchDir)) {
-    console.error(
-      "[@chrysb/alphaclaw] patch-package: could not resolve patch dir relative to project root",
-    );
-    process.exit(1);
-  }
-  relPatchDir = relPatchDir.split(path.sep).join("/");
-
-  const patchPackageMain = require.resolve("patch-package/dist/index.js", {
-    paths: [kAlphaclawRoot],
-  });
-
-  const result = spawnSync(
-    process.execPath,
-    [patchPackageMain, "--patch-dir", relPatchDir],
-    { cwd: projectRoot, stdio: "inherit", env: process.env },
-  );
-  if (result.error) {
-    throw result.error;
-  }
-  if (result.status !== 0 && result.status !== null) {
-    process.exit(result.status);
-  }
-};
-
-main();