@chrysb/alphaclaw 0.9.16 → 0.9.17

package/lib/server/db/auth/index.js

@@ -0,0 +1,147 @@
+const fs = require("fs");
+const path = require("path");
+const { DatabaseSync } = require("node:sqlite");
+const { createSchema } = require("./schema");
+
+let db = null;
+
+const ensureDb = () => {
+  if (!db) throw new Error("Auth DB not initialized");
+  return db;
+};
+
+const closeAuthDb = () => {
+  if (!db) return;
+  const database = db;
+  db = null;
+  database.close();
+};
+
+const initAuthDb = ({ rootDir }) => {
+  closeAuthDb();
+  const dbDir = path.join(rootDir, "db");
+  fs.mkdirSync(dbDir, { recursive: true });
+  const dbPath = path.join(dbDir, "auth.db");
+  db = new DatabaseSync(dbPath);
+  db.exec("PRAGMA busy_timeout = 5000");
+  createSchema(db);
+  return { path: dbPath };
+};
+
+const toStateModel = (row) => {
+  if (!row) return null;
+  return {
+    attempts: Number(row.attempts || 0),
+    windowStart: Number(row.window_start || 0),
+    lockUntil: Number(row.lock_until || 0),
+    failStreak: Number(row.fail_streak || 0),
+    lastSeenAt: Number(row.last_seen_at || 0),
+  };
+};
+
+const createLoginThrottleStore = () => ({
+  get: (stateKey) => {
+    const row = ensureDb()
+      .prepare(
+        `
+          SELECT
+            attempts,
+            window_start,
+            lock_until,
+            fail_streak,
+            last_seen_at
+          FROM login_throttle_states
+          WHERE state_key = $state_key
+          LIMIT 1
+        `,
+      )
+      .get({ $state_key: String(stateKey || "") });
+    return toStateModel(row);
+  },
+
+  set: (stateKey, state) => {
+    ensureDb()
+      .prepare(
+        `
+          INSERT INTO login_throttle_states (
+            state_key,
+            attempts,
+            window_start,
+            lock_until,
+            fail_streak,
+            last_seen_at
+          ) VALUES (
+            $state_key,
+            $attempts,
+            $window_start,
+            $lock_until,
+            $fail_streak,
+            $last_seen_at
+          )
+          ON CONFLICT(state_key) DO UPDATE SET
+            attempts = excluded.attempts,
+            window_start = excluded.window_start,
+            lock_until = excluded.lock_until,
+            fail_streak = excluded.fail_streak,
+            last_seen_at = excluded.last_seen_at
+        `,
+      )
+      .run({
+        $state_key: String(stateKey || ""),
+        $attempts: Number(state?.attempts || 0),
+        $window_start: Number(state?.windowStart || 0),
+        $lock_until: Number(state?.lockUntil || 0),
+        $fail_streak: Number(state?.failStreak || 0),
+        $last_seen_at: Number(state?.lastSeenAt || 0),
+      });
+  },
+
+  delete: (stateKey) => {
+    ensureDb()
+      .prepare(
+        `
+          DELETE FROM login_throttle_states
+          WHERE state_key = $state_key
+        `,
+      )
+      .run({ $state_key: String(stateKey || "") });
+  },
+
+  entries: () =>
+    ensureDb()
+      .prepare(
+        `
+          SELECT
+            state_key,
+            attempts,
+            window_start,
+            lock_until,
+            fail_streak,
+            last_seen_at
+          FROM login_throttle_states
+        `,
+      )
+      .all()
+      .map((row) => [String(row.state_key || ""), toStateModel(row)]),
+
+  runExclusive: (callback) => {
+    const database = ensureDb();
+    database.exec("BEGIN IMMEDIATE");
+    try {
+      const result = callback();
+      database.exec("COMMIT");
+      return result;
+    } catch (err) {
+      try {
+        database.exec("ROLLBACK");
+      } catch {}
+      throw err;
+    }
+  },
+});
+
+module.exports = {
+  initAuthDb,
+  closeAuthDb,
+  createLoginThrottleStore,
+};

package/lib/server/db/auth/schema.js

@@ -0,0 +1,17 @@
+const createSchema = (db) => {
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS login_throttle_states (
+      state_key TEXT PRIMARY KEY,
+      attempts INTEGER NOT NULL DEFAULT 0,
+      window_start INTEGER NOT NULL,
+      lock_until INTEGER NOT NULL DEFAULT 0,
+      fail_streak INTEGER NOT NULL DEFAULT 0,
+      last_seen_at INTEGER NOT NULL
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_login_throttle_states_last_seen
+      ON login_throttle_states(last_seen_at);
+  `);
+};
+
+module.exports = { createSchema };

package/lib/server/gateway.js

@@ -18,6 +18,10 @@ let gatewayExitHandler = null;
 let gatewayLaunchHandler = null;
 const kGatewayStderrTailLines = 50;
 const kPluginRuntimeDepsPreflightTimeoutMs = 120 * 1000;
+const kGatewayShortCmdTimeoutMs = 15 * 1000;
+const kGatewayLifecycleCmdTimeoutMs = 90 * 1000;
+const kGatewayRestartReadyTimeoutMs = 120 * 1000;
+const kGatewayRestartReadyPollMs = 500;
 let gatewayStderrTail = [];
 const expectedExitPids = new Set();
 
@@ -225,27 +229,122 @@ const isGatewayRunning = () =>
     });
   });
 
-const runGatewayCmd = (cmd) => {
-  console.log(`[alphaclaw] Running: openclaw gateway ${cmd}`);
+const sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
+
+const waitForGatewayReady = async ({
+  timeoutMs = kGatewayRestartReadyTimeoutMs,
+} = {}) => {
+  const startedAt = Date.now();
+  while (Date.now() - startedAt < timeoutMs) {
+    if (await isGatewayRunning()) return true;
+    await sleep(kGatewayRestartReadyPollMs);
+  }
+  return false;
+};
+
+const logGatewayCmdOutput = (cmd, e) => {
+  if (e?.stdout?.trim()) {
+    console.log(`[alphaclaw] gateway ${cmd} stdout: ${e.stdout.trim()}`);
+  }
+  if (e?.stderr?.trim()) {
+    console.log(`[alphaclaw] gateway ${cmd} stderr: ${e.stderr.trim()}`);
+  }
+  if (!e?.stdout?.trim() && !e?.stderr?.trim()) {
+    console.log(`[alphaclaw] gateway ${cmd} error: ${e.message}`);
+  }
+  if (e?.status !== undefined && e?.status !== null) {
+    console.log(`[alphaclaw] gateway ${cmd} exit code: ${e.status}`);
+  }
+};
+
+const runGatewayShortCmd = (cmd) => {
   try {
-    if (cmd === "--force" || cmd === "restart") {
-      prepareOpenclawChannelPlugins();
-    }
     const out = execSync(`openclaw gateway ${cmd}`, {
       env: gatewayEnv(),
-      timeout: 15000,
+      timeout: kGatewayShortCmdTimeoutMs,
       encoding: "utf8",
     });
     if (out.trim()) console.log(`[alphaclaw] ${out.trim()}`);
   } catch (e) {
-    if (e.stdout?.trim())
-      console.log(`[alphaclaw] gateway ${cmd} stdout: ${e.stdout.trim()}`);
-    if (e.stderr?.trim())
-      console.log(`[alphaclaw] gateway ${cmd} stderr: ${e.stderr.trim()}`);
-    if (!e.stdout?.trim() && !e.stderr?.trim())
-      console.log(`[alphaclaw] gateway ${cmd} error: ${e.message}`);
-    console.log(`[alphaclaw] gateway ${cmd} exit code: ${e.status}`);
+    logGatewayCmdOutput(cmd, e);
+  }
+};
+
+const runGatewayLifecycleRestart = () => {
+  console.log("[alphaclaw] Running: openclaw gateway restart");
+  try {
+    const out = execSync("openclaw gateway restart", {
+      env: gatewayEnv(),
+      timeout: kGatewayLifecycleCmdTimeoutMs,
+      encoding: "utf8",
+    });
+    if (out.trim()) console.log(`[alphaclaw] ${out.trim()}`);
+    return true;
+  } catch (e) {
+    logGatewayCmdOutput("restart", e);
+    return false;
+  }
+};
+
+const hasActiveManagedGatewayChild = () =>
+  !!(
+    gatewayChild &&
+    gatewayChild.exitCode === null &&
+    !gatewayChild.killed
+  );
+
+const runGatewayRestartCmd = async (cmd) => {
+  prepareOpenclawChannelPlugins();
+  const startedAt = Date.now();
+  const child = spawn("openclaw", ["gateway", cmd], {
+    env: gatewayEnv(),
+    stdio: ["ignore", "pipe", "pipe"],
+  });
+  child.stdout.on("data", (d) => process.stdout.write(`[gateway] ${d}`));
+  child.stderr.on("data", (d) => {
+    appendStderrTail(d);
+    process.stderr.write(`[gateway] ${d}`);
+  });
+  child.on("exit", (code, signal) => {
+    console.log(
+      `[alphaclaw] gateway ${cmd} supervisor exited: code=${code ?? "null"}${signal ? ` signal=${signal}` : ""}`,
+    );
+  });
+
+  const ready = await waitForGatewayReady();
+  if (ready) {
+    console.log(
+      `[alphaclaw] Gateway ${cmd} ready (${Date.now() - startedAt}ms); leaving supervisor running`,
+    );
+    gatewayChild = null;
+    await notifyGatewayLaunch();
+    return;
+  }
+
+  console.warn(
+    `[alphaclaw] Gateway ${cmd} did not become ready within ${kGatewayRestartReadyTimeoutMs}ms; stopping`,
+  );
+  try {
+    child.kill("SIGTERM");
+  } catch {
+    // ignore
+  }
+  runGatewayShortCmd("stop");
+};
+
+const runGatewayColdStart = async () => {
+  stopManagedGatewayChild();
+  runGatewayShortCmd("stop");
+  await runGatewayRestartCmd("--force");
+};
+
+const runGatewayCmd = async (cmd) => {
+  console.log(`[alphaclaw] Running: openclaw gateway ${cmd}`);
+  if (cmd === "--force") {
+    await runGatewayRestartCmd("--force");
+    return;
   }
+  runGatewayShortCmd(cmd);
 };
 
 const launchGatewayProcess = () => {
@@ -322,6 +421,23 @@ const markManagedGatewayExitExpected = () => {
   return true;
 };
 
+const notifyGatewayLaunch = async () => {
+  if (!gatewayLaunchHandler) return;
+  if (!(await isGatewayRunning())) return;
+  const pid =
+    gatewayChild &&
+    gatewayChild.exitCode === null &&
+    !gatewayChild.killed &&
+    gatewayChild.pid
+      ? gatewayChild.pid
+      : null;
+  try {
+    gatewayLaunchHandler({ startedAt: Date.now(), pid });
+  } catch (err) {
+    console.error(`[alphaclaw] Gateway launch handler error: ${err.message}`);
+  }
+};
+
 const startGateway = async () => {
   if (!isOnboarded()) {
     console.log("[alphaclaw] Not onboarded yet — skipping gateway start");
@@ -329,22 +445,45 @@ const startGateway = async () => {
   }
   if (await isGatewayRunning()) {
     console.log("[alphaclaw] Gateway already running — skipping start");
+    await notifyGatewayLaunch();
     return;
   }
   console.log("[alphaclaw] Starting openclaw gateway...");
   launchGatewayProcess();
 };
 
-const restartGateway = (reloadEnv) => {
-  reloadEnv();
+const stopManagedGatewayChild = () => {
   markManagedGatewayExitExpected();
-  runGatewayCmd("--force");
+  if (!gatewayChild || gatewayChild.exitCode !== null || gatewayChild.killed) {
+    return;
+  }
+  try {
+    gatewayChild.kill("SIGTERM");
+  } catch {
+    // ignore
+  }
+  gatewayChild = null;
 };
 
-const restartGatewayLight = (reloadEnv) => {
+const restartGateway = async (reloadEnv) => {
   reloadEnv();
-  markManagedGatewayExitExpected();
-  runGatewayCmd("restart");
+  await runGatewayColdStart();
+};
+
+const restartGatewayLight = async (reloadEnv) => {
+  reloadEnv();
+  if (await isGatewayRunning()) {
+    if (runGatewayLifecycleRestart()) {
+      console.log("[alphaclaw] Gateway light restart complete");
+      return;
+    }
+    console.warn("[alphaclaw] Gateway light restart failed");
+    return;
+  }
+  if (!hasActiveManagedGatewayChild()) {
+    console.log("[alphaclaw] Gateway not running — starting managed process");
+    launchGatewayProcess();
+  }
 };
 
 const attachGatewaySignalHandlers = () => {

package/lib/server/helpers.js

@@ -60,9 +60,7 @@ const isDebugEnabled = () =>
   isTruthyEnvFlag(process.env.DEBUG);
 
 const getClientKey = (req) =>
-  normalizeIp(
-    req.ip || req.headers["x-forwarded-for"] || req.socket?.remoteAddress || "",
-  ) || "unknown";
+  normalizeIp(req.ip || req.socket?.remoteAddress || "") || "unknown";
 
 const resolveGithubRepoUrl = (repoInput) => {
   const cleaned = String(repoInput || "")

package/lib/server/init/register-server-routes.js

@@ -1,3 +1,4 @@
+const { runOnboardedBootSequence } = require("../startup");
 const { registerAuthRoutes } = require("../routes/auth");
 const { registerPageRoutes } = require("../routes/pages");
 const { registerModelRoutes } = require("../routes/models");
@@ -43,6 +44,9 @@ const registerServerRoutes = ({
   ensureGatewayProxyConfig,
   getBaseUrl,
   startGateway,
+  ensureManagedExecDefaults,
+  ensureUsageTrackerPluginConfig,
+  resolveSetupUrl,
   syncChannelConfig,
   getChannelStatus,
   openclawVersionService,
@@ -105,24 +109,6 @@ const registerServerRoutes = ({
     writeEnvFile,
     reloadEnv,
   });
-  registerOnboardingRoutes({
-    app,
-    fs,
-    constants,
-    shellCmd,
-    gatewayEnv,
-    readEnvFile,
-    writeEnvFile,
-    reloadEnv,
-    isOnboarded,
-    resolveGithubRepoUrl,
-    resolveModelProvider,
-    hasCodexOauthProfile: authProfiles.hasCodexOauthProfile,
-    authProfiles,
-    ensureGatewayProxyConfig,
-    getBaseUrl,
-    startGateway,
-  });
   registerSystemRoutes({
     app,
     fs,
@@ -183,6 +169,38 @@ const registerServerRoutes = ({
     reloadEnv,
     restartRequiredState,
   });
+  const runOnboardedBoot = () =>
+    runOnboardedBootSequence({
+      ensureManagedExecDefaults,
+      ensureUsageTrackerPluginConfig,
+      doSyncPromptFiles,
+      reloadEnv,
+      syncChannelConfig,
+      readEnvFile,
+      ensureGatewayProxyConfig,
+      resolveSetupUrl,
+      startGateway,
+      watchdog,
+      gmailWatchService,
+    });
+  registerOnboardingRoutes({
+    app,
+    fs,
+    constants,
+    shellCmd,
+    gatewayEnv,
+    readEnvFile,
+    writeEnvFile,
+    reloadEnv,
+    isOnboarded,
+    resolveGithubRepoUrl,
+    resolveModelProvider,
+    hasCodexOauthProfile: authProfiles.hasCodexOauthProfile,
+    authProfiles,
+    ensureGatewayProxyConfig,
+    getBaseUrl,
+    runOnboardedBootSequence: runOnboardedBoot,
+  });
   registerTelegramRoutes({
     app,
     telegramApi,
@@ -266,6 +284,7 @@ const registerServerRoutes = ({
     requireAuth,
     isAuthorizedRequest,
     gmailWatchService,
+    runOnboardedBootSequence: runOnboardedBoot,
   };
 };
 

package/lib/server/init/runtime-init.js

@@ -19,11 +19,15 @@ const initializeServerRuntime = ({
 
 const initializeServerDatabases = ({
   constants,
+  initAuthDb,
   initWebhooksDb,
   initWatchdogDb,
   initUsageDb,
   initDoctorDb,
 }) => {
+  initAuthDb({
+    rootDir: constants.kRootDir,
+  });
   initWebhooksDb({
     rootDir: constants.kRootDir,
     pruneDays: constants.kWebhookPruneDays,

package/lib/server/init/server-lifecycle.js

@@ -3,34 +3,11 @@ const startServerLifecycle = ({
   PORT,
   isOnboarded,
   runOnboardedBootSequence,
-  ensureManagedExecDefaults,
-  ensureUsageTrackerPluginConfig,
-  doSyncPromptFiles,
-  reloadEnv,
-  syncChannelConfig,
-  readEnvFile,
-  ensureGatewayProxyConfig,
-  resolveSetupUrl,
-  startGateway,
-  watchdog,
-  gmailWatchService,
 }) => {
   server.listen(PORT, "0.0.0.0", () => {
     console.log(`[alphaclaw] Express listening on :${PORT}`);
     if (isOnboarded()) {
-      runOnboardedBootSequence({
-        ensureManagedExecDefaults,
-        ensureUsageTrackerPluginConfig,
-        doSyncPromptFiles,
-        reloadEnv,
-        syncChannelConfig,
-        readEnvFile,
-        ensureGatewayProxyConfig,
-        resolveSetupUrl,
-        startGateway,
-        watchdog,
-        gmailWatchService,
-      });
+      runOnboardedBootSequence();
     } else {
       console.log("[alphaclaw] Awaiting onboarding via Setup UI");
     }