@chrysb/alphaclaw 0.9.15 → 0.9.17

package/lib/server/agents/agents.js

@@ -1,4 +1,5 @@
 const path = require("path");
+const { normalizeThinkingDefaultValue } = require("../openclaw-thinking");
 
 const {
   kDefaultAgentId,
@@ -42,11 +43,25 @@ const toReadableAgent = (agent = {}) => ({
 });
 
 const createAgentsDomain = ({ fsImpl, OPENCLAW_DIR }) => {
-  const listAgents = () => {
-    const cfg = withNormalizedAgentsConfig({
+  const readAgentsConfig = () =>
+    withNormalizedAgentsConfig({
       OPENCLAW_DIR,
       cfg: loadConfig({ fsImpl, OPENCLAW_DIR }),
     });
+
+  const getAgentDefaults = () => {
+    const cfg = readAgentsConfig();
+    const thinkingDefault = cfg.agents?.defaults?.thinkingDefault;
+    return {
+      thinkingDefault:
+        typeof thinkingDefault === "string" && thinkingDefault.trim()
+          ? thinkingDefault.trim()
+          : null,
+    };
+  };
+
+  const listAgents = () => {
+    const cfg = readAgentsConfig();
     return (cfg.agents?.list || []).map((entry) => toReadableAgent(entry));
   };
 
@@ -131,12 +146,9 @@ const createAgentsDomain = ({ fsImpl, OPENCLAW_DIR }) => {
     return toReadableAgent(nextAgent);
   };
 
-  const updateAgent = (agentId, patch = {}) => {
+  const updateAgent = async (agentId, patch = {}) => {
     const normalized = String(agentId || "").trim();
-    const cfg = withNormalizedAgentsConfig({
-      OPENCLAW_DIR,
-      cfg: loadConfig({ fsImpl, OPENCLAW_DIR }),
-    });
+    const cfg = readAgentsConfig();
     const index = cfg.agents.list.findIndex((entry) => entry.id === normalized);
     if (index < 0) throw new Error(`Agent "${normalized}" not found`);
     const current = cfg.agents.list[index];
@@ -188,6 +200,19 @@ const createAgentsDomain = ({ fsImpl, OPENCLAW_DIR }) => {
         delete next.tools;
       }
     }
+    if (patch.thinkingDefault !== undefined) {
+      if (patch.thinkingDefault === null) {
+        delete next.thinkingDefault;
+      } else {
+        const normalizedThinking = await normalizeThinkingDefaultValue(
+          patch.thinkingDefault,
+        );
+        if (!normalizedThinking) {
+          throw new Error("Invalid thinkingDefault value");
+        }
+        next.thinkingDefault = normalizedThinking;
+      }
+    }
     cfg.agents.list[index] = next;
     saveConfig({ fsImpl, OPENCLAW_DIR, config: cfg });
     return toReadableAgent(next);
@@ -253,6 +278,7 @@ const createAgentsDomain = ({ fsImpl, OPENCLAW_DIR }) => {
   return {
     listAgents,
     getAgent,
+    getAgentDefaults,
     getAgentWorkspaceSize,
     createAgent,
     updateAgent,

package/lib/server/agents/channels.js

@@ -270,7 +270,7 @@ const createChannelsDomain = ({
 
       const previousConfig = cloneJson(cfg);
       try {
-        onProgress({ phase: "restarting", label: "Rebooting..." });
+        onProgress({ phase: "configuring", label: "Configuring..." });
         writeEnvFile(nextEnvVars);
         reloadEnv();
         assertActiveChannelTokenEnvVars({
@@ -280,7 +280,6 @@ const createChannelsDomain = ({
           }),
           envVars: nextEnvVars,
         });
-        await restartGateway();
         const pluginEnabledCfg = withNormalizedAgentsConfig({
           OPENCLAW_DIR,
           cfg: loadConfig({ fsImpl, OPENCLAW_DIR }),
@@ -374,6 +373,8 @@ const createChannelsDomain = ({
               "Could not bind channel account",
           );
         }
+        onProgress({ phase: "restarting", label: "Rebooting..." });
+        await restartGateway();
       } catch (error) {
         try {
           await clawCmd(
@@ -760,6 +761,7 @@ const createChannelsDomain = ({
       }
 
       cleanupChannelAccountPairingFiles({ provider, accountId });
+      await restartGateway();
       return { ok: true };
     }
 

package/lib/server/chat-ws.js

@@ -6,7 +6,7 @@ const kEnvRefPattern = /^\$\{([A-Z0-9_]+)\}$/i;
 const kConnectTimeoutMs = 8000;
 const kHistoryTimeoutMs = 12000;
 const kGatewayReqTimeoutMs = 15000;
-const kGatewayProtocolVersion = 3;
+const kGatewayProtocolVersion = 4;
 // Gateway method auth (see OpenClaw method-scopes): chat.history needs operator.read;
 // chat.send / chat.abort need operator.write. Align with CLI_DEFAULT_OPERATOR_SCOPES plus admin.
 const kGatewayChatBridgeScopes = [
@@ -283,6 +283,9 @@ const sanitizeError = (error) => {
   ) {
     return "Gateway authentication failed. Verify OPENCLAW_GATEWAY_TOKEN matches the gateway.";
   }
+  if (lower.includes("protocol mismatch")) {
+    return "Chat cannot connect to the gateway (protocol version mismatch). Update AlphaClaw to match your OpenClaw version.";
+  }
   if (lower.includes("method not found") || lower.includes("unknown method")) {
     return "This gateway build does not support chat APIs. Update OpenClaw.";
   }

package/lib/server/constants.js

@@ -54,6 +54,22 @@ const kLoginMaxLockMs = parsePositiveInt(
   process.env.LOGIN_RATE_MAX_LOCK_MS,
   15 * 60 * 1000,
 );
+const kLoginGlobalWindowMs = parsePositiveInt(
+  process.env.LOGIN_RATE_GLOBAL_WINDOW_MS,
+  kLoginWindowMs,
+);
+const kLoginGlobalMaxAttempts = parsePositiveInt(
+  process.env.LOGIN_RATE_GLOBAL_MAX_ATTEMPTS,
+  Math.max(kLoginMaxAttempts * 5, 25),
+);
+const kLoginGlobalBaseLockMs = parsePositiveInt(
+  process.env.LOGIN_RATE_GLOBAL_BASE_LOCK_MS,
+  kLoginBaseLockMs,
+);
+const kLoginGlobalMaxLockMs = parsePositiveInt(
+  process.env.LOGIN_RATE_GLOBAL_MAX_LOCK_MS,
+  kLoginMaxLockMs,
+);
 const kLoginCleanupIntervalMs = parsePositiveInt(
   process.env.LOGIN_RATE_CLEANUP_INTERVAL_MS,
   60 * 1000,
@@ -92,6 +108,11 @@ const kOnboardingModelProviders = new Set([
   "vllm",
 ]);
 const kMinimalFallbackOnboardingModels = [
+  {
+    key: "anthropic/claude-opus-4-8",
+    provider: "anthropic",
+    label: "Claude Opus 4.8",
+  },
   {
     key: "anthropic/claude-opus-4-7",
     provider: "anthropic",
@@ -445,6 +466,10 @@ module.exports = {
   kLoginMaxAttempts,
   kLoginBaseLockMs,
   kLoginMaxLockMs,
+  kLoginGlobalWindowMs,
+  kLoginGlobalMaxAttempts,
+  kLoginGlobalBaseLockMs,
+  kLoginGlobalMaxLockMs,
   kLoginCleanupIntervalMs,
   kLoginStateTtlMs,
   kOnboardingModelProviders,

package/lib/server/cost-utils.js

@@ -13,6 +13,8 @@ const kClaudeOpus47Pricing = {
 };
 
 const kGlobalModelPricing = {
+  "claude-opus-4-8": kClaudeOpus47Pricing,
+  "claude-opus-4.8": kClaudeOpus47Pricing,
   "claude-opus-4-7": kClaudeOpus47Pricing,
   "claude-opus-4.7": kClaudeOpus47Pricing,
   "claude-opus-4-6": {

package/lib/server/db/auth/index.js

@@ -0,0 +1,147 @@
+const fs = require("fs");
+const path = require("path");
+const { DatabaseSync } = require("node:sqlite");
+const { createSchema } = require("./schema");
+
+let db = null;
+
+const ensureDb = () => {
+  if (!db) throw new Error("Auth DB not initialized");
+  return db;
+};
+
+const closeAuthDb = () => {
+  if (!db) return;
+  const database = db;
+  db = null;
+  database.close();
+};
+
+const initAuthDb = ({ rootDir }) => {
+  closeAuthDb();
+  const dbDir = path.join(rootDir, "db");
+  fs.mkdirSync(dbDir, { recursive: true });
+  const dbPath = path.join(dbDir, "auth.db");
+  db = new DatabaseSync(dbPath);
+  db.exec("PRAGMA busy_timeout = 5000");
+  createSchema(db);
+  return { path: dbPath };
+};
+
+const toStateModel = (row) => {
+  if (!row) return null;
+  return {
+    attempts: Number(row.attempts || 0),
+    windowStart: Number(row.window_start || 0),
+    lockUntil: Number(row.lock_until || 0),
+    failStreak: Number(row.fail_streak || 0),
+    lastSeenAt: Number(row.last_seen_at || 0),
+  };
+};
+
+const createLoginThrottleStore = () => ({
+  get: (stateKey) => {
+    const row = ensureDb()
+      .prepare(
+        `
+          SELECT
+            attempts,
+            window_start,
+            lock_until,
+            fail_streak,
+            last_seen_at
+          FROM login_throttle_states
+          WHERE state_key = $state_key
+          LIMIT 1
+        `,
+      )
+      .get({ $state_key: String(stateKey || "") });
+    return toStateModel(row);
+  },
+
+  set: (stateKey, state) => {
+    ensureDb()
+      .prepare(
+        `
+          INSERT INTO login_throttle_states (
+            state_key,
+            attempts,
+            window_start,
+            lock_until,
+            fail_streak,
+            last_seen_at
+          ) VALUES (
+            $state_key,
+            $attempts,
+            $window_start,
+            $lock_until,
+            $fail_streak,
+            $last_seen_at
+          )
+          ON CONFLICT(state_key) DO UPDATE SET
+            attempts = excluded.attempts,
+            window_start = excluded.window_start,
+            lock_until = excluded.lock_until,
+            fail_streak = excluded.fail_streak,
+            last_seen_at = excluded.last_seen_at
+        `,
+      )
+      .run({
+        $state_key: String(stateKey || ""),
+        $attempts: Number(state?.attempts || 0),
+        $window_start: Number(state?.windowStart || 0),
+        $lock_until: Number(state?.lockUntil || 0),
+        $fail_streak: Number(state?.failStreak || 0),
+        $last_seen_at: Number(state?.lastSeenAt || 0),
+      });
+  },
+
+  delete: (stateKey) => {
+    ensureDb()
+      .prepare(
+        `
+          DELETE FROM login_throttle_states
+          WHERE state_key = $state_key
+        `,
+      )
+      .run({ $state_key: String(stateKey || "") });
+  },
+
+  entries: () =>
+    ensureDb()
+      .prepare(
+        `
+          SELECT
+            state_key,
+            attempts,
+            window_start,
+            lock_until,
+            fail_streak,
+            last_seen_at
+          FROM login_throttle_states
+        `,
+      )
+      .all()
+      .map((row) => [String(row.state_key || ""), toStateModel(row)]),
+
+  runExclusive: (callback) => {
+    const database = ensureDb();
+    database.exec("BEGIN IMMEDIATE");
+    try {
+      const result = callback();
+      database.exec("COMMIT");
+      return result;
+    } catch (err) {
+      try {
+        database.exec("ROLLBACK");
+      } catch {}
+      throw err;
+    }
+  },
+});
+
+module.exports = {
+  initAuthDb,
+  closeAuthDb,
+  createLoginThrottleStore,
+};

package/lib/server/db/auth/schema.js

@@ -0,0 +1,17 @@
+const createSchema = (db) => {
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS login_throttle_states (
+      state_key TEXT PRIMARY KEY,
+      attempts INTEGER NOT NULL DEFAULT 0,
+      window_start INTEGER NOT NULL,
+      lock_until INTEGER NOT NULL DEFAULT 0,
+      fail_streak INTEGER NOT NULL DEFAULT 0,
+      last_seen_at INTEGER NOT NULL
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_login_throttle_states_last_seen
+      ON login_throttle_states(last_seen_at);
+  `);
+};
+
+module.exports = { createSchema };

package/lib/server/gateway.js

@@ -18,6 +18,10 @@ let gatewayExitHandler = null;
 let gatewayLaunchHandler = null;
 const kGatewayStderrTailLines = 50;
 const kPluginRuntimeDepsPreflightTimeoutMs = 120 * 1000;
+const kGatewayShortCmdTimeoutMs = 15 * 1000;
+const kGatewayLifecycleCmdTimeoutMs = 90 * 1000;
+const kGatewayRestartReadyTimeoutMs = 120 * 1000;
+const kGatewayRestartReadyPollMs = 500;
 let gatewayStderrTail = [];
 const expectedExitPids = new Set();
 
@@ -225,27 +229,122 @@ const isGatewayRunning = () =>
     });
   });
 
-const runGatewayCmd = (cmd) => {
-  console.log(`[alphaclaw] Running: openclaw gateway ${cmd}`);
+const sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
+
+const waitForGatewayReady = async ({
+  timeoutMs = kGatewayRestartReadyTimeoutMs,
+} = {}) => {
+  const startedAt = Date.now();
+  while (Date.now() - startedAt < timeoutMs) {
+    if (await isGatewayRunning()) return true;
+    await sleep(kGatewayRestartReadyPollMs);
+  }
+  return false;
+};
+
+const logGatewayCmdOutput = (cmd, e) => {
+  if (e?.stdout?.trim()) {
+    console.log(`[alphaclaw] gateway ${cmd} stdout: ${e.stdout.trim()}`);
+  }
+  if (e?.stderr?.trim()) {
+    console.log(`[alphaclaw] gateway ${cmd} stderr: ${e.stderr.trim()}`);
+  }
+  if (!e?.stdout?.trim() && !e?.stderr?.trim()) {
+    console.log(`[alphaclaw] gateway ${cmd} error: ${e.message}`);
+  }
+  if (e?.status !== undefined && e?.status !== null) {
+    console.log(`[alphaclaw] gateway ${cmd} exit code: ${e.status}`);
+  }
+};
+
+const runGatewayShortCmd = (cmd) => {
   try {
-    if (cmd === "--force" || cmd === "restart") {
-      prepareOpenclawChannelPlugins();
-    }
     const out = execSync(`openclaw gateway ${cmd}`, {
       env: gatewayEnv(),
-      timeout: 15000,
+      timeout: kGatewayShortCmdTimeoutMs,
       encoding: "utf8",
     });
     if (out.trim()) console.log(`[alphaclaw] ${out.trim()}`);
   } catch (e) {
-    if (e.stdout?.trim())
-      console.log(`[alphaclaw] gateway ${cmd} stdout: ${e.stdout.trim()}`);
-    if (e.stderr?.trim())
-      console.log(`[alphaclaw] gateway ${cmd} stderr: ${e.stderr.trim()}`);
-    if (!e.stdout?.trim() && !e.stderr?.trim())
-      console.log(`[alphaclaw] gateway ${cmd} error: ${e.message}`);
-    console.log(`[alphaclaw] gateway ${cmd} exit code: ${e.status}`);
+    logGatewayCmdOutput(cmd, e);
+  }
+};
+
+const runGatewayLifecycleRestart = () => {
+  console.log("[alphaclaw] Running: openclaw gateway restart");
+  try {
+    const out = execSync("openclaw gateway restart", {
+      env: gatewayEnv(),
+      timeout: kGatewayLifecycleCmdTimeoutMs,
+      encoding: "utf8",
+    });
+    if (out.trim()) console.log(`[alphaclaw] ${out.trim()}`);
+    return true;
+  } catch (e) {
+    logGatewayCmdOutput("restart", e);
+    return false;
+  }
+};
+
+const hasActiveManagedGatewayChild = () =>
+  !!(
+    gatewayChild &&
+    gatewayChild.exitCode === null &&
+    !gatewayChild.killed
+  );
+
+const runGatewayRestartCmd = async (cmd) => {
+  prepareOpenclawChannelPlugins();
+  const startedAt = Date.now();
+  const child = spawn("openclaw", ["gateway", cmd], {
+    env: gatewayEnv(),
+    stdio: ["ignore", "pipe", "pipe"],
+  });
+  child.stdout.on("data", (d) => process.stdout.write(`[gateway] ${d}`));
+  child.stderr.on("data", (d) => {
+    appendStderrTail(d);
+    process.stderr.write(`[gateway] ${d}`);
+  });
+  child.on("exit", (code, signal) => {
+    console.log(
+      `[alphaclaw] gateway ${cmd} supervisor exited: code=${code ?? "null"}${signal ? ` signal=${signal}` : ""}`,
+    );
+  });
+
+  const ready = await waitForGatewayReady();
+  if (ready) {
+    console.log(
+      `[alphaclaw] Gateway ${cmd} ready (${Date.now() - startedAt}ms); leaving supervisor running`,
+    );
+    gatewayChild = null;
+    await notifyGatewayLaunch();
+    return;
+  }
+
+  console.warn(
+    `[alphaclaw] Gateway ${cmd} did not become ready within ${kGatewayRestartReadyTimeoutMs}ms; stopping`,
+  );
+  try {
+    child.kill("SIGTERM");
+  } catch {
+    // ignore
+  }
+  runGatewayShortCmd("stop");
+};
+
+const runGatewayColdStart = async () => {
+  stopManagedGatewayChild();
+  runGatewayShortCmd("stop");
+  await runGatewayRestartCmd("--force");
+};
+
+const runGatewayCmd = async (cmd) => {
+  console.log(`[alphaclaw] Running: openclaw gateway ${cmd}`);
+  if (cmd === "--force") {
+    await runGatewayRestartCmd("--force");
+    return;
   }
+  runGatewayShortCmd(cmd);
 };
 
 const launchGatewayProcess = () => {
@@ -322,6 +421,23 @@ const markManagedGatewayExitExpected = () => {
   return true;
 };
 
+const notifyGatewayLaunch = async () => {
+  if (!gatewayLaunchHandler) return;
+  if (!(await isGatewayRunning())) return;
+  const pid =
+    gatewayChild &&
+    gatewayChild.exitCode === null &&
+    !gatewayChild.killed &&
+    gatewayChild.pid
+      ? gatewayChild.pid
+      : null;
+  try {
+    gatewayLaunchHandler({ startedAt: Date.now(), pid });
+  } catch (err) {
+    console.error(`[alphaclaw] Gateway launch handler error: ${err.message}`);
+  }
+};
+
 const startGateway = async () => {
   if (!isOnboarded()) {
     console.log("[alphaclaw] Not onboarded yet — skipping gateway start");
@@ -329,22 +445,45 @@ const startGateway = async () => {
   }
   if (await isGatewayRunning()) {
     console.log("[alphaclaw] Gateway already running — skipping start");
+    await notifyGatewayLaunch();
     return;
   }
   console.log("[alphaclaw] Starting openclaw gateway...");
   launchGatewayProcess();
 };
 
-const restartGateway = (reloadEnv) => {
-  reloadEnv();
+const stopManagedGatewayChild = () => {
   markManagedGatewayExitExpected();
-  runGatewayCmd("--force");
+  if (!gatewayChild || gatewayChild.exitCode !== null || gatewayChild.killed) {
+    return;
+  }
+  try {
+    gatewayChild.kill("SIGTERM");
+  } catch {
+    // ignore
+  }
+  gatewayChild = null;
 };
 
-const restartGatewayLight = (reloadEnv) => {
+const restartGateway = async (reloadEnv) => {
   reloadEnv();
-  markManagedGatewayExitExpected();
-  runGatewayCmd("restart");
+  await runGatewayColdStart();
+};
+
+const restartGatewayLight = async (reloadEnv) => {
+  reloadEnv();
+  if (await isGatewayRunning()) {
+    if (runGatewayLifecycleRestart()) {
+      console.log("[alphaclaw] Gateway light restart complete");
+      return;
+    }
+    console.warn("[alphaclaw] Gateway light restart failed");
+    return;
+  }
+  if (!hasActiveManagedGatewayChild()) {
+    console.log("[alphaclaw] Gateway not running — starting managed process");
+    launchGatewayProcess();
+  }
 };
 
 const attachGatewaySignalHandlers = () => {

package/lib/server/helpers.js

@@ -60,9 +60,7 @@ const isDebugEnabled = () =>
   isTruthyEnvFlag(process.env.DEBUG);
 
 const getClientKey = (req) =>
-  normalizeIp(
-    req.ip || req.headers["x-forwarded-for"] || req.socket?.remoteAddress || "",
-  ) || "unknown";
+  normalizeIp(req.ip || req.socket?.remoteAddress || "") || "unknown";
 
 const resolveGithubRepoUrl = (repoInput) => {
   const cleaned = String(repoInput || "")

package/lib/server/init/register-server-routes.js

@@ -1,3 +1,4 @@
+const { runOnboardedBootSequence } = require("../startup");
 const { registerAuthRoutes } = require("../routes/auth");
 const { registerPageRoutes } = require("../routes/pages");
 const { registerModelRoutes } = require("../routes/models");
@@ -43,6 +44,9 @@ const registerServerRoutes = ({
   ensureGatewayProxyConfig,
   getBaseUrl,
   startGateway,
+  ensureManagedExecDefaults,
+  ensureUsageTrackerPluginConfig,
+  resolveSetupUrl,
   syncChannelConfig,
   getChannelStatus,
   openclawVersionService,
@@ -105,24 +109,6 @@ const registerServerRoutes = ({
     writeEnvFile,
     reloadEnv,
   });
-  registerOnboardingRoutes({
-    app,
-    fs,
-    constants,
-    shellCmd,
-    gatewayEnv,
-    readEnvFile,
-    writeEnvFile,
-    reloadEnv,
-    isOnboarded,
-    resolveGithubRepoUrl,
-    resolveModelProvider,
-    hasCodexOauthProfile: authProfiles.hasCodexOauthProfile,
-    authProfiles,
-    ensureGatewayProxyConfig,
-    getBaseUrl,
-    startGateway,
-  });
   registerSystemRoutes({
     app,
     fs,
@@ -183,6 +169,38 @@ const registerServerRoutes = ({
     reloadEnv,
     restartRequiredState,
   });
+  const runOnboardedBoot = () =>
+    runOnboardedBootSequence({
+      ensureManagedExecDefaults,
+      ensureUsageTrackerPluginConfig,
+      doSyncPromptFiles,
+      reloadEnv,
+      syncChannelConfig,
+      readEnvFile,
+      ensureGatewayProxyConfig,
+      resolveSetupUrl,
+      startGateway,
+      watchdog,
+      gmailWatchService,
+    });
+  registerOnboardingRoutes({
+    app,
+    fs,
+    constants,
+    shellCmd,
+    gatewayEnv,
+    readEnvFile,
+    writeEnvFile,
+    reloadEnv,
+    isOnboarded,
+    resolveGithubRepoUrl,
+    resolveModelProvider,
+    hasCodexOauthProfile: authProfiles.hasCodexOauthProfile,
+    authProfiles,
+    ensureGatewayProxyConfig,
+    getBaseUrl,
+    runOnboardedBootSequence: runOnboardedBoot,
+  });
   registerTelegramRoutes({
     app,
     telegramApi,
@@ -266,6 +284,7 @@ const registerServerRoutes = ({
     requireAuth,
     isAuthorizedRequest,
     gmailWatchService,
+    runOnboardedBootSequence: runOnboardedBoot,
   };
 };
 

package/lib/server/init/runtime-init.js

@@ -19,11 +19,15 @@ const initializeServerRuntime = ({
 
 const initializeServerDatabases = ({
   constants,
+  initAuthDb,
   initWebhooksDb,
   initWatchdogDb,
   initUsageDb,
   initDoctorDb,
 }) => {
+  initAuthDb({
+    rootDir: constants.kRootDir,
+  });
   initWebhooksDb({
     rootDir: constants.kRootDir,
     pruneDays: constants.kWebhookPruneDays,