@elvatis_com/openclaw-cli-bridge-elvatis 0.2.13 → 0.2.15

package/.ai/handoff/STATUS.md

@@ -1,42 +1,49 @@
 # STATUS.md — openclaw-cli-bridge-elvatis
 
-_Last updated: 2026-03-07 by Akido (claude-sonnet-4-6)_
+_Last updated: 2026-03-08 by Akido (claude-sonnet-4-6)_
 
-## Current Version: 0.2.13 — STABLE
+## Current Version: 0.2.15 — STABLE
 
 ## What is done
 
 - ✅ Repo: `https://github.com/elvatis/openclaw-cli-bridge-elvatis`
-- ✅ npm: `@elvatis_com/openclaw-cli-bridge-elvatis@0.2.13`
-- ✅ ClawHub: `openclaw-cli-bridge-elvatis@0.2.13`
+- ✅ npm: `@elvatis_com/openclaw-cli-bridge-elvatis@0.2.15`
+- ✅ ClawHub: `openclaw-cli-bridge-elvatis@0.2.15`
 - ✅ Phase 1: `openai-codex` provider via `~/.codex/auth.json` (no re-login)
 - ✅ Phase 2: Local OpenAI-compatible proxy on `127.0.0.1:31337` (Gemini + Claude CLI)
 - ✅ Phase 3: 10 slash commands (`/cli-sonnet`, `/cli-opus`, `/cli-haiku`, `/cli-gemini`, `/cli-gemini-flash`, `/cli-gemini3`, `/cli-codex`, `/cli-codex-mini`, `/cli-back`, `/cli-test`)
 - ✅ Config patcher: auto-adds vllm provider to `openclaw.json` on first startup
 - ✅ Prompt delivery via stdin (no E2BIG, no Gemini agentic mode)
-- ✅ `registerService` stop() hook: closes proxy server on plugin teardown (fixes EADDRINUSE on hot-reload)
-- ✅ `openclaw.extensions` added to `package.json` (required for `openclaw plugins install`)
+- ✅ `registerService` stop() hook: closes proxy server on plugin teardown
+- ✅ `requireAuth: false` on all commands — webchat + WhatsApp authorized via gateway `commands.allowFrom`
+- ✅ `vllm/` prefix stripping in `routeToCliRunner` — accepts both `vllm/cli-claude/...` and bare `cli-claude/...`
+- ✅ End-to-end tested (2026-03-08): claude-sonnet-4-6 ✅ claude-haiku-4-5 ✅ gemini-2.5-flash ✅ gemini-2.5-pro ✅ codex ✅
+
+## Known Operational Notes
+
+- **Claude CLI auth expires** — token lifetime ~90 days. When `/cli-test` returns 401, run `claude auth login` on the server to refresh.
+- Config patcher writes `openclaw.json` directly → triggers one gateway restart on first install (expected, one-time only)
+- ClawHub publish ignores `.clawhubignore` — use rsync workaround (see CONVENTIONS.md)
 
 ## Bugs Fixed
 
+### v0.2.14 — vllm/ prefix not stripped in model router
+`routeToCliRunner` received full provider path `vllm/cli-claude/...` from OpenClaw
+but only checked for `cli-claude/...` — caused "Unknown CLI bridge model" on all requests.
+Fixed by stripping the `vllm/` prefix before routing.
+
+### v0.2.13 — requireAuth blocking webchat commands
+All `/cli-*` commands had `requireAuth: true`. Plugin-level auth checks `isAuthorizedSender`
+via a different resolution path than `commands.allowFrom` config — webchat senders were
+never authorized. Fixed by setting `requireAuth: false`; gateway-level `commands.allowFrom`
+is the correct security layer.
+
 ### v0.2.9 — Critical: Gateway SIGKILL via fuser
 `fuser -k 31337/tcp` was sending SIGKILL to the gateway process itself during
-in-process hot-reloads. The gateway holds port 31337 (via the proxy it spawned),
-so `fuser` found it and killed it — explaining `status=9/KILL` in systemd journal.
-Fixed by replacing `fuser -k` with a safe health probe (`GET /v1/models`): if the
-existing proxy responds, reuse it silently. If EADDRINUSE but no response, wait 1s
-and retry once. No process killing involved.
+in-process hot-reloads. Fixed by replacing `fuser -k` with a safe health probe.
 
-### v0.2.7–v0.2.8 — EADDRINUSE on hot-reload (partially fixed, superseded by v0.2.9)
-Added `closeAllConnections()` + `registerService` stop() hook. Port still leaked
-during systemd restarts due to race condition. v0.2.9 health-probe approach is the
-definitive fix.
+### v0.2.7–v0.2.8 — EADDRINUSE on hot-reload
+Added `closeAllConnections()` + `registerService` stop() hook.
 
 ### v0.2.6 — Port leak on gateway hot-reload
-HTTP proxy server had no cleanup handler. Fixed with `registerService` stop() callback.
-
-## Open Risks
-
-- `openai-codex/gpt-5.4` returns 401 missing scope `model.request` — external (OpenAI account scope), not plugin code
-- Config patcher writes `openclaw.json` directly → triggers one gateway restart on first install (expected, one-time only)
-- ClawHub publish ignores `.clawhubignore` — use rsync workaround (see CONVENTIONS.md)
+HTTP proxy server had no cleanup handler.

package/README.md

@@ -2,7 +2,7 @@
 
 > OpenClaw plugin that bridges locally installed AI CLIs (Codex, Gemini, Claude Code) as model providers — with slash commands for instant model switching, restore, and health testing.
 
-**Current version:** `0.2.13`
+**Current version:** `0.2.15`
 
 ---
 
@@ -234,8 +234,20 @@ npm test            # vitest run (5 unit tests for formatPrompt)
 
 ## Changelog
 
+### v0.2.15
+- **docs:** Rewrite changelog (entries for v0.2.12–v0.2.14 were corrupted by repeated sed version bumps); all providers verified working (Claude, Gemini, Codex)
+- **docs:** Update STATUS.md with end-to-end test results
+
+### v0.2.14
+- **fix:** Strip `vllm/` prefix in `routeToCliRunner` — OpenClaw sends full provider path (`vllm/cli-claude/...`) but proxy router expected bare `cli-claude/...`; caused "Unknown CLI bridge model" on all requests
+- **test:** Add 4 routing tests covering both prefixed and non-prefixed model paths (9 tests total)
+
 ### v0.2.13
-- **docs:** Fix changelog (v0.2.10 entry was lost by sed, v0.2.11 description was wrong); enforce single-commit publish discipline
+- **fix:** Set `requireAuth: false` on all `/cli-*` commands — webchat senders were always blocked because plugin-level auth uses a different resolution path than `commands.allowFrom` config; gateway-level allowlist is the correct security layer
+- **fix:** Hardcoded `version: "0.2.5"` in plugin object (`index.ts`) — now tracks `package.json`
+
+### v0.2.12
+- **docs:** Fix changelog continuity — v0.2.10 entry was lost, v0.2.11 description was wrong; all entries now accurate
 
 ### v0.2.11
 - **docs:** Fix README `Current version` header (was stuck at 0.2.9 after 0.2.10 bump)

package/SKILL.md

@@ -53,4 +53,4 @@ Each command runs `openclaw models set <model>` atomically and replies with a co
 
 See `README.md` for full configuration reference and architecture diagram.
 
-**Version:** 0.2.13
+**Version:** 0.2.15

package/index.ts

@@ -277,7 +277,7 @@ function proxyTestRequest(
 const plugin = {
   id: "openclaw-cli-bridge-elvatis",
   name: "OpenClaw CLI Bridge",
-  version: "0.2.13",
+  version: "0.2.15",
   description:
     "Phase 1: openai-codex auth bridge. " +
     "Phase 2: HTTP proxy for gemini/claude CLIs. " +

package/openclaw.plugin.json

@@ -1,7 +1,7 @@
 {
   "id": "openclaw-cli-bridge-elvatis",
   "name": "OpenClaw CLI Bridge",
-  "version": "0.2.13",
+  "version": "0.2.15",
   "description": "Phase 1: openai-codex auth bridge. Phase 2: local HTTP proxy routing model calls through gemini/claude CLIs (vllm provider).",
   "providers": [
     "openai-codex"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@elvatis_com/openclaw-cli-bridge-elvatis",
-  "version": "0.2.13",
+  "version": "0.2.15",
   "description": "Bridges gemini, claude, and codex CLI tools as OpenClaw model providers. Reads existing CLI auth without re-login.",
   "type": "module",
   "openclaw": {

package/src/cli-runner.ts

@@ -254,11 +254,16 @@ export async function routeToCliRunner(
 ): Promise<string> {
   const prompt = formatPrompt(messages);
 
-  if (model.startsWith("cli-gemini/")) return runGemini(prompt, model, timeoutMs);
-  if (model.startsWith("cli-claude/")) return runClaude(prompt, model, timeoutMs);
+  // Strip "vllm/" prefix if present — OpenClaw sends the full provider path
+  // (e.g. "vllm/cli-claude/claude-sonnet-4-6") but the router only needs the
+  // "cli-<type>/<model>" portion.
+  const normalized = model.startsWith("vllm/") ? model.slice(5) : model;
+
+  if (normalized.startsWith("cli-gemini/")) return runGemini(prompt, normalized, timeoutMs);
+  if (normalized.startsWith("cli-claude/")) return runClaude(prompt, normalized, timeoutMs);
 
   throw new Error(
-    `Unknown CLI bridge model: "${model}". Use "cli-gemini/<model>" or "cli-claude/<model>".`
+    `Unknown CLI bridge model: "${model}". Use "vllm/cli-gemini/<model>" or "vllm/cli-claude/<model>".`
   );
 }
 

package/test/cli-runner.test.ts

@@ -1,5 +1,5 @@
-import { describe, it, expect } from "vitest";
-import { formatPrompt } from "../src/cli-runner.js";
+import { describe, it, expect, vi } from "vitest";
+import { formatPrompt, routeToCliRunner } from "../src/cli-runner.js";
 
 describe("formatPrompt", () => {
   it("returns empty string for empty messages", () => {
@@ -44,3 +44,31 @@ describe("formatPrompt", () => {
     expect(result).toContain("truncated");
   });
 });
+
+describe("routeToCliRunner — model normalization", () => {
+  it("rejects unknown model without vllm prefix", async () => {
+    await expect(
+      routeToCliRunner("unknown/model", [], 1000)
+    ).rejects.toThrow("Unknown CLI bridge model");
+  });
+
+  it("rejects unknown model with vllm prefix", async () => {
+    await expect(
+      routeToCliRunner("vllm/unknown/model", [], 1000)
+    ).rejects.toThrow("Unknown CLI bridge model");
+  });
+
+  it("accepts cli-claude/ without vllm prefix (calls runClaude path)", async () => {
+    // Should throw CLI spawn error (no real claude), not "Unknown CLI bridge model"
+    await expect(
+      routeToCliRunner("cli-claude/claude-sonnet-4-6", [{ role: "user", content: "hi" }], 500)
+    ).rejects.not.toThrow("Unknown CLI bridge model");
+  });
+
+  it("accepts vllm/cli-claude/ — strips vllm prefix before routing", async () => {
+    // Should throw CLI spawn error (no real claude), not "Unknown CLI bridge model"
+    await expect(
+      routeToCliRunner("vllm/cli-claude/claude-sonnet-4-6", [{ role: "user", content: "hi" }], 500)
+    ).rejects.not.toThrow("Unknown CLI bridge model");
+  });
+});