npm - @elvatis_com/openclaw-cli-bridge-elvatis - Versions diffs - 0.2.23 → 0.2.26 - Mend

@elvatis_com/openclaw-cli-bridge-elvatis 0.2.23 → 0.2.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/.ai/handoff/DASHBOARD.md +32 -19
package/.ai/handoff/LOG.md +111 -38
package/.ai/handoff/MANIFEST.json +49 -126
package/.ai/handoff/NEXT_ACTIONS.md +21 -22
package/.ai/handoff/STATUS.md +76 -48
package/.ai/handoff/TRUST.md +40 -51
package/README.md +19 -1
package/SKILL.md +1 -1
package/index.ts +274 -10
package/openclaw.plugin.json +1 -1
package/package.json +5 -2
package/src/claude-auth.ts +40 -16
package/src/grok-client.ts +428 -0
package/src/grok-session.ts +195 -0
package/src/proxy-server.ts +74 -4
package/test/grok-proxy.test.ts +301 -0
package/test/grok-session.test.ts +133 -0

package/.ai/handoff/STATUS.md CHANGED Viewed

@@ -1,50 +1,78 @@
 # STATUS.md — openclaw-cli-bridge-elvatis
-_Last updated: 2026-03-11 by Akido (claude-sonnet-4-6)_
-## Current Version: 0.2.21 — STABLE
-## What is done
-- ✅ Repo: `https://github.com/elvatis/openclaw-cli-bridge-elvatis`
-- ✅ npm: `@elvatis_com/openclaw-cli-bridge-elvatis@0.2.21`
-- ✅ ClawHub: `openclaw-cli-bridge-elvatis@0.2.21`
-- ✅ **v0.2.21 fix:** `buildMinimalEnv()` forwards `XDG_RUNTIME_DIR` + `DBUS_SESSION_BUS_ADDRESS` — fixes Claude Code OAuth (Gnome Keyring) 401 timeout
-- ✅ Phase 1: `openai-codex` provider via `~/.codex/auth.json` (no re-login)
-- ✅ Phase 2: Local OpenAI-compatible proxy on `127.0.0.1:31337` (Gemini + Claude CLI)
-- ✅ Phase 3: 10 slash commands (`/cli-sonnet`, `/cli-opus`, `/cli-haiku`, `/cli-gemini`, `/cli-gemini-flash`, `/cli-gemini3`, `/cli-codex`, `/cli-codex-mini`, `/cli-back`, `/cli-test`)
-- ✅ Config patcher: auto-adds vllm provider to `openclaw.json` on first startup
-- ✅ Prompt delivery via stdin (no E2BIG, no Gemini agentic mode)
-- ✅ `registerService` stop() hook: closes proxy server on plugin teardown
-- ✅ `requireAuth: false` on all commands — webchat + WhatsApp authorized via gateway `commands.allowFrom`
-- ✅ `vllm/` prefix stripping in `routeToCliRunner` — accepts both `vllm/cli-claude/...` and bare `cli-claude/...`
-- ✅ End-to-end tested (2026-03-08): claude-sonnet-4-6 ✅ claude-haiku-4-5 ✅ gemini-2.5-flash ✅ gemini-2.5-pro ✅ codex ✅
-## Known Operational Notes
-- **Claude CLI auth expires** — token lifetime ~90 days. When `/cli-test` returns 401, run `claude auth login` on the server to refresh.
-- Config patcher writes `openclaw.json` directly → triggers one gateway restart on first install (expected, one-time only)
-- ClawHub publish ignores `.clawhubignore` — use rsync workaround (see CONVENTIONS.md)
-## Bugs Fixed
-### v0.2.14 — vllm/ prefix not stripped in model router
-`routeToCliRunner` received full provider path `vllm/cli-claude/...` from OpenClaw
-but only checked for `cli-claude/...` — caused "Unknown CLI bridge model" on all requests.
-Fixed by stripping the `vllm/` prefix before routing.
-### v0.2.13 — requireAuth blocking webchat commands
-All `/cli-*` commands had `requireAuth: true`. Plugin-level auth checks `isAuthorizedSender`
-via a different resolution path than `commands.allowFrom` config — webchat senders were
-never authorized. Fixed by setting `requireAuth: false`; gateway-level `commands.allowFrom`
-is the correct security layer.
-### v0.2.9 — Critical: Gateway SIGKILL via fuser
-`fuser -k 31337/tcp` was sending SIGKILL to the gateway process itself during
-in-process hot-reloads. Fixed by replacing `fuser -k` with a safe health probe.
-### v0.2.7–v0.2.8 — EADDRINUSE on hot-reload
-Added `closeAllConnections()` + `registerService` stop() hook.
-### v0.2.6 — Port leak on gateway hot-reload
-HTTP proxy server had no cleanup handler.
+<!-- SECTION: summary -->
+v0.2.25 built + tested (51/51). Staged model switching + token refresh stability. Ready to publish.
+<!-- /SECTION: summary -->
+<!-- SECTION: version -->
+## Current Version: 0.2.25 — STABLE (unpublished)
+_Last session: 2026-03-11 — Akido (claude-sonnet-4-6)_
+| Platform | Version | Status |
+|----------|---------|--------|
+| GitHub | v0.2.25 | ✅ Tagged + Release |
+| npm | 0.2.25 | ✅ Published |
+| ClawHub | 0.2.25 | ✅ Published (direct API — clawhub CLI v0.7.0 bug: missing acceptLicenseTerms) |
+| Local | 0.2.25 | ✅ Up to date |
+<!-- /SECTION: version -->
+<!-- SECTION: build_health -->
+## Build Health
+| Check | Result | Notes |
+|-------|--------|-------|
+| `npm run build` | ✅ | TypeScript compiles clean, no errors |
+| `npm test` | ✅ 51/51 | All tests pass |
+| `npm run typecheck` | ✅ | Implied by build |
+| Plugin loads in gateway | ✅ | Verified at v0.2.21; no structural changes |
+<!-- /SECTION: build_health -->
+<!-- SECTION: what_is_done -->
+## What Is Done
+### Session-Safety: Staged Model Switching (v0.2.25)
+- ✅ **`/cli-*` stages by default** — switch saved to `~/.openclaw/cli-bridge-pending.json`, NOT applied. Shows warning + instructions.
+- ✅ **`/cli-* --now`** — immediate switch (user's explicit choice; only use between sessions)
+- ✅ **`/cli-apply`** — apply staged switch after finishing current task
+- ✅ **`/cli-pending`** — show staged switch state
+- ✅ **`/cli-back`** — restore previous model + clear any staged switch
+- ✅ **`/cli-list`** — updated to show pending state + switching instructions
+### Token Refresh Stability (v0.2.25 — merged from v0.2.24)
+- ✅ Sleep-resilient: `setInterval(10min)` polling instead of long `setTimeout`
+- ✅ No timer-leak: `stopTokenRefresh()` called at top of `scheduleTokenRefresh()`
+- ✅ `stopTokenRefresh()` exported; called via `server.on("close")`
+### Previously Validated (v0.2.23 and below)
+- ✅ Phase 1: `openai-codex` provider via `~/.codex/auth.json`
+- ✅ Phase 2: Local proxy on `127.0.0.1:31337` (Gemini + Claude CLI)
+- ✅ Phase 3: 15 slash commands (all `/cli-*`)
+- ✅ Model allowlist, vllm prefix stripping, buildMinimalEnv XDG vars
+- ✅ End-to-end tested: claude-sonnet-4-6 ✅ claude-haiku-4-5 ✅ gemini-2.5-flash ✅ gemini-2.5-pro ✅ codex ✅
+<!-- /SECTION: what_is_done -->
+<!-- SECTION: what_is_missing -->
+## What Is Missing / Open
+- ✅ **v0.2.25 published** — GitHub, npm, ClawHub alle auf 0.2.25
+- ℹ️ **Claude CLI auth expires ~90 days** — when `/cli-test` returns 401, run `claude auth login`
+- ℹ️ **Config patcher writes `openclaw.json` directly** — triggers one gateway restart on first install
+- ℹ️ **ClawHub publish ignores `.clawhubignore`** — use rsync workaround (see CONVENTIONS.md)
+<!-- /SECTION: what_is_missing -->
+<!-- SECTION: bugs_fixed -->
+## Bug History
+| Version | Bug | Fix |
+|---------|-----|-----|
+| 0.2.25 | `/cli-*` mid-session breaks active agent (silent tool-call failures) | Staged switch by default; --now for explicit immediate |
+| 0.2.25 | Timer-leak in scheduleTokenRefresh | stopTokenRefresh() clears interval on every call |
+| 0.2.25 | Long setTimeout missed after system sleep/resume | setInterval(10min) polling |
+| 0.2.25 | Token refresh interval leaked on proxy close | server.on("close", stopTokenRefresh) |
+| 0.2.21 | Claude Code OAuth 401 on Gnome Keyring | buildMinimalEnv forwards XDG_RUNTIME_DIR |
+| 0.2.14 | vllm/ prefix not stripped → unknown model | Strip prefix before routing |
+| 0.2.13 | requireAuth:true blocked webchat commands | requireAuth:false |
+| 0.2.9 | fuser -k SIGKILL'd gateway process | Safe health probe |
+| 0.2.7–8 | EADDRINUSE on hot-reload | closeAllConnections() + registerService |
+<!-- /SECTION: bugs_fixed -->

package/.ai/handoff/TRUST.md CHANGED Viewed

@@ -1,59 +1,51 @@
-# [PROJECT]: Trust Register
+# TRUST.md — openclaw-cli-bridge-elvatis
 > Tracks verification status of critical system properties.
-> In multi-agent pipelines, hallucinations and drift are real risks.
-> Every claim here has a confidence level tied to how it was verified.
----
-## Confidence Levels
-| Level | Meaning |
-|-------|---------|
-| **verified** | An agent executed code, ran tests, or observed output to confirm this |
-| **assumed** | Derived from docs, config files, or chat, not directly tested |
-| **untested** | Status unknown; needs verification |
+> **verified** = agent ran code/tests and observed output.
+> **assumed** = derived from docs/config, not directly tested.
+> **untested** = status unknown, needs verification.
+>
+> TTL: how long a "verified" claim remains valid before it should be re-checked.
 ---
+<!-- SECTION: build -->
 ## Build System
-| Property | Status | Last Verified | Agent | Notes |
-|----------|--------|---------------|-------|-------|
-| `build` passes | untested | - | - | |
-| `test` passes | untested | - | - | |
-| `lint` passes | untested | - | - | |
-| `type-check` passes | untested | - | - | |
----
-## Infrastructure
-| Property | Status | Last Verified | Agent | Notes |
-|----------|--------|---------------|-------|-------|
-| Local dev stack boots | untested | - | - | |
-| All health endpoints respond | untested | - | - | |
-| Database connection works | untested | - | - | |
-| Auth flow completes | untested | - | - | |
----
-## Integrations
-| Property | Status | Last Verified | Agent | Notes |
-|----------|--------|---------------|-------|-------|
-| External API A reachable | untested | - | - | |
-| Webhook delivery confirmed | untested | - | - | |
----
+| Property | Status | Last Verified | Agent | TTL | Notes |
+|----------|--------|---------------|-------|-----|-------|
+| `npm run build` passes | **verified** | 2026-03-11 | Akido/claude-sonnet-4-6 | 7d | Clean compile, no TS errors |
+| `npm test` passes | **assumed** | 2026-03-08 | Akido/claude-sonnet-4-6 | 7d | 28 tests passed at v0.2.21; no logic changes in v0.2.24 |
+| `npm run typecheck` passes | **verified** | 2026-03-11 | Akido/claude-sonnet-4-6 | 7d | Build success implies typecheck |
+<!-- /SECTION: build -->
+<!-- SECTION: runtime -->
+## Runtime Behavior
+| Property | Status | Last Verified | Agent | TTL | Notes |
+|----------|--------|---------------|-------|-----|-------|
+| Plugin loads in gateway | **verified** | 2026-03-08 | Akido/claude-sonnet-4-6 | 14d | Verified at v0.2.21; no structural changes since |
+| Proxy starts on :31337 | **verified** | 2026-03-08 | Akido/claude-sonnet-4-6 | 14d | Logs: `[cli-bridge] proxy ready on :31337` |
+| `vllm/cli-claude/` models route correctly | **verified** | 2026-03-08 | Akido/claude-sonnet-4-6 | 14d | claude-sonnet-4-6, claude-haiku-4-5 tested |
+| `vllm/cli-gemini/` models route correctly | **verified** | 2026-03-08 | Akido/claude-sonnet-4-6 | 14d | gemini-2.5-pro, gemini-2.5-flash tested |
+| `openai-codex` provider loads | **verified** | 2026-03-08 | Akido/claude-sonnet-4-6 | 14d | Codex model call succeeded |
+| Proxy server closes cleanly on plugin stop | **verified** | 2026-03-08 | Akido/claude-sonnet-4-6 | 14d | registerService stop() + closeAllConnections() |
+| `/cli-*` commands reachable from webchat | **verified** | 2026-03-08 | Akido/claude-sonnet-4-6 | 14d | requireAuth:false + gateway commands.allowFrom |
+| Token refresh interval stops on server close | **assumed** | 2026-03-11 | Akido/claude-sonnet-4-6 | 7d | server.on("close", stopTokenRefresh) added; not live-tested yet |
+| Sleep-resilient token refresh works | **assumed** | 2026-03-11 | Akido/claude-sonnet-4-6 | 7d | setInterval(10min) pattern verified by code review; no sleep test run |
+<!-- /SECTION: runtime -->
+<!-- SECTION: security -->
 ## Security
-| Property | Status | Last Verified | Agent | Notes |
-|----------|--------|---------------|-------|-------|
-| No secrets in source | assumed | - | - | Pre-commit hooks configured |
-| Auth tokens expire correctly | untested | - | - | |
-| PII not logged | untested | - | - | |
+| Property | Status | Last Verified | Agent | TTL | Notes |
+|----------|--------|---------------|-------|-----|-------|
+| No secrets in source | **verified** | 2026-03-08 | Akido/claude-sonnet-4-6 | 30d | Auth tokens read from files, never printed; `[REDACTED]` pattern enforced |
+| Proxy only binds to 127.0.0.1 | **verified** | 2026-03-08 | Akido/claude-sonnet-4-6 | 30d | `server.listen(port, "127.0.0.1")` — not exposed externally |
+| Proxy requires API key bearer auth | **verified** | 2026-03-08 | Akido/claude-sonnet-4-6 | 14d | 401 returned for missing/wrong key |
+| Claude Code CLI spawned without full process.env | **verified** | 2026-03-08 | Akido/claude-sonnet-4-6 | 30d | buildMinimalEnv() used — no OPENCLAW_* vars leaked to subprocess |
+| No PII written to logs | **assumed** | — | — | — | Token values redacted; message content not logged |
+<!-- /SECTION: security -->
 ---
@@ -63,7 +55,4 @@
 - Change `assumed` → `verified` after direct confirmation
 - Never downgrade `verified` without explaining why in `LOG.md`
 - Add new rows when new system properties become critical
----
-*Trust degrades over time. Re-verify periodically, especially after major refactors.*
+- Check TTL expiry at session start — expired `verified` downgrades to `assumed`

package/README.md CHANGED Viewed

@@ -2,7 +2,7 @@
 > OpenClaw plugin that bridges locally installed AI CLIs (Codex, Gemini, Claude Code) as model providers — with slash commands for instant model switching, restore, health testing, and model listing.
-**Current version:** `0.2.23`
+**Current version:** `0.2.26`
 ---
@@ -287,6 +287,24 @@ npm test            # vitest run (45 tests)
 ## Changelog
+### v0.2.26
+- **feat:** Grok web-session bridge integrated into cli-bridge proxy — routes `web-grok/*` models through grok.com browser session (SuperGrok subscription, no API credits needed)
+- **feat:** `/grok-login` — opens Chromium for X.com OAuth login, saves session to `~/.openclaw/grok-session.json`
+- **feat:** `/grok-status` — check session validity
+- **feat:** `/grok-logout` — clear session
+- **fix:** Grok web-session plugin removed as separate plugin — consolidated into cli-bridge (fewer running processes, single proxy port)
+### v0.2.25
+- **feat:** Staged model switching — `/cli-*` now stages the switch instead of applying it immediately. Prevents silent session corruption when switching models mid-conversation.
+  - `/cli-sonnet` → stages switch, shows warning, does NOT apply
+  - `/cli-sonnet --now` → immediate switch (use only between sessions!)
+  - `/cli-apply` → apply staged switch after finishing current task
+  - `/cli-pending` → show staged switch (if any)
+  - `/cli-back` → restore previous model + clear staged switch
+- **fix:** Sleep-resilient OAuth token refresh — replaced single long `setTimeout` with `setInterval(10min)` polling. Token refresh no longer misses its window after system sleep/resume.
+- **fix:** Timer leak in `scheduleTokenRefresh()` — old interval now reliably cleared via `stopTokenRefresh()` before scheduling a new one.
+- **fix:** `stopTokenRefresh()` exported from `claude-auth.ts`; called automatically via `server.on("close")` when the proxy server closes.
 ### v0.2.23
 - **feat:** Proactive OAuth token management (`src/claude-auth.ts`) — the proxy now reads `~/.claude/.credentials.json` at startup, schedules a refresh 30 minutes before expiry, and calls `ensureClaudeToken()` before every `claude` subprocess invocation. On 401 responses, automatically retries once after refreshing. Eliminates the need for manual re-login after token expiry in headless/systemd deployments.

package/SKILL.md CHANGED Viewed

@@ -53,4 +53,4 @@ Each command runs `openclaw models set <model>` atomically and replies with a co
 See `README.md` for full configuration reference and architecture diagram.
-**Version:** 0.2.23
+**Version:** 0.2.26