@elvatis_com/openclaw-cli-bridge-elvatis 0.2.23 → 0.2.26

package/index.ts

@@ -48,6 +48,16 @@ import {
 } from "./src/codex-auth.js";
 import { startProxyServer } from "./src/proxy-server.js";
 import { patchOpencllawConfig } from "./src/config-patcher.js";
+import {
+  loadSession,
+  deleteSession,
+  isSessionExpiredByAge,
+  verifySession,
+  runInteractiveLogin,
+  createContextFromSession,
+  DEFAULT_SESSION_PATH,
+} from "./src/grok-session.js";
+import type { BrowserContext, Browser } from "playwright";
 
 // ──────────────────────────────────────────────────────────────────────────────
 // Types derived from SDK (not re-exported by the package)
@@ -66,6 +76,46 @@ interface CliPluginConfig {
   proxyPort?: number;
   proxyApiKey?: string;
   proxyTimeoutMs?: number;
+  grokSessionPath?: string;
+}
+
+// ──────────────────────────────────────────────────────────────────────────────
+// Grok web-session state (module-level, persists across commands)
+// ──────────────────────────────────────────────────────────────────────────────
+
+let grokBrowser: Browser | null = null;
+let grokContext: BrowserContext | null = null;
+
+async function launchGrokBrowser(): Promise<Browser> {
+  const { chromium } = await import("playwright");
+  return chromium.launch({ headless: false });
+}
+
+async function tryRestoreGrokSession(
+  sessionPath: string,
+  log: (msg: string) => void
+): Promise<boolean> {
+  const saved = loadSession(sessionPath);
+  if (!saved || isSessionExpiredByAge(saved)) {
+    log("[cli-bridge:grok] no valid saved session");
+    return false;
+  }
+  try {
+    if (!grokBrowser) grokBrowser = await launchGrokBrowser();
+    const ctx = await createContextFromSession(grokBrowser, saved);
+    const check = await verifySession(ctx, log);
+    if (!check.valid) {
+      log(`[cli-bridge:grok] saved session invalid: ${check.reason}`);
+      await ctx.close().catch(() => {});
+      return false;
+    }
+    grokContext = ctx;
+    log("[cli-bridge:grok] session restored ✅");
+    return true;
+  } catch (err) {
+    log(`[cli-bridge:grok] session restore error: ${(err as Error).message}`);
+    return false;
+  }
 }
 
 const DEFAULT_PROXY_PORT = 31337;
@@ -201,14 +251,53 @@ const CLI_MODEL_COMMANDS = [
 const CLI_TEST_DEFAULT_MODEL = "cli-claude/claude-sonnet-4-6";
 
 // ──────────────────────────────────────────────────────────────────────────────
-// Helper: switch global model, saving previous for /cli-back
+// Staged-switch state file
+// Stores a pending model switch that has not yet been applied.
+// Written by /cli-* (default), applied by /cli-apply or /cli-* --now.
+// Located at ~/.openclaw/cli-bridge-pending.json
 // ──────────────────────────────────────────────────────────────────────────────
-async function switchModel(
+const PENDING_FILE = join(homedir(), ".openclaw", "cli-bridge-pending.json");
+
+interface CliBridgePending {
+  model: string;
+  label: string;
+  requestedAt: string;
+}
+
+function readPending(): CliBridgePending | null {
+  try {
+    return JSON.parse(readFileSync(PENDING_FILE, "utf8")) as CliBridgePending;
+  } catch {
+    return null;
+  }
+}
+
+function writePending(pending: CliBridgePending): void {
+  try {
+    mkdirSync(join(homedir(), ".openclaw"), { recursive: true });
+    writeFileSync(PENDING_FILE, JSON.stringify(pending, null, 2) + "\n", "utf8");
+  } catch {
+    // non-fatal
+  }
+}
+
+function clearPending(): void {
+  try {
+    const { unlinkSync } = require("node:fs");
+    unlinkSync(PENDING_FILE);
+  } catch {
+    // non-fatal — file may not exist
+  }
+}
+
+// ──────────────────────────────────────────────────────────────────────────────
+// Helper: immediately apply the model switch (no safety checks)
+// ──────────────────────────────────────────────────────────────────────────────
+async function applyModelSwitch(
   api: OpenClawPluginApi,
   model: string,
   label: string,
 ): Promise<PluginCommandResult> {
-  // Save current model BEFORE switching so /cli-back can restore it
   const current = readCurrentModel();
   if (current && current !== model) {
     writeState({ previousModel: current });
@@ -227,9 +316,13 @@ async function switchModel(
       return { text: `❌ Failed to switch to ${label}: ${err}` };
     }
 
+    clearPending();
     api.logger.info(`[cli-bridge] switched model → ${model}`);
     return {
-      text: `✅ Switched to **${label}**\n\`${model}\`\n\nUse \`/cli-back\` to restore previous model.`,
+      text:
+        `✅ Switched to **${label}**\n` +
+        `\`${model}\`\n\n` +
+        `Use \`/cli-back\` to restore previous model.`,
     };
   } catch (err) {
     const msg = (err as Error).message;
@@ -238,6 +331,53 @@ async function switchModel(
   }
 }
 
+// ──────────────────────────────────────────────────────────────────────────────
+// Helper: staged switch (default behavior)
+//
+// ⚠️  SAFETY: /cli-* mid-session bricht den aktiven Agenten.
+//
+// `openclaw models set` ist ein **sofortiger, globaler Switch**.
+// Der laufende Agent verliert seinen Kontext — Tool-Calls werden nicht
+// ausgeführt, Planfiles werden nicht geschrieben, keine Rückmeldung.
+//
+// Default: Switch wird nur gespeichert (nicht angewendet).
+// Mit --now: sofortiger Switch (nur zwischen Sessions verwenden!).
+// Mit /cli-apply: gespeicherten Switch anwenden (nach Session-Ende).
+// ──────────────────────────────────────────────────────────────────────────────
+async function switchModel(
+  api: OpenClawPluginApi,
+  model: string,
+  label: string,
+  forceNow: boolean,
+): Promise<PluginCommandResult> {
+  // --now: sofortiger Switch, volle Verantwortung beim User
+  if (forceNow) {
+    api.logger.warn(`[cli-bridge] --now switch to ${model} (immediate, session may break)`);
+    return applyModelSwitch(api, model, label);
+  }
+
+  // Default: staged switch — speichern, warnen, nicht anwenden
+  const current = readCurrentModel();
+
+  if (current === model) {
+    return { text: `ℹ️ Already on **${label}**\n\`${model}\`` };
+  }
+
+  writePending({ model, label, requestedAt: new Date().toISOString() });
+  api.logger.info(`[cli-bridge] staged switch → ${model} (pending, not applied yet)`);
+
+  return {
+    text:
+      `📋 **Model switch staged: ${label}**\n` +
+      `\`${model}\`\n\n` +
+      `⚠️ **NOT applied yet** — switching mid-session breaks the active agent:\n` +
+      `tool calls fail silently, plan files don't get written, no feedback.\n\n` +
+      `**To apply:**\n` +
+      `• \`/cli-apply\` — apply after finishing your current task\n` +
+      `• \`/cli-* --now\` — force immediate switch (only between sessions!)`,
+  };
+}
+
 // ──────────────────────────────────────────────────────────────────────────────
 // Helper: fire a one-shot test request directly at the proxy (no global switch)
 // ──────────────────────────────────────────────────────────────────────────────
@@ -303,7 +443,7 @@ function proxyTestRequest(
 const plugin = {
   id: "openclaw-cli-bridge-elvatis",
   name: "OpenClaw CLI Bridge",
-  version: "0.2.15",
+  version: "0.2.26",
   description:
     "Phase 1: openai-codex auth bridge. " +
     "Phase 2: HTTP proxy for gemini/claude CLIs. " +
@@ -317,6 +457,10 @@ const plugin = {
     const apiKey = cfg.proxyApiKey ?? DEFAULT_PROXY_API_KEY;
     const timeoutMs = cfg.proxyTimeoutMs ?? 120_000;
     const codexAuthPath = cfg.codexAuthPath ?? DEFAULT_CODEX_AUTH_PATH;
+    const grokSessionPath = cfg.grokSessionPath ?? DEFAULT_SESSION_PATH;
+
+    // ── Grok session restore (non-blocking) ───────────────────────────────────
+    void tryRestoreGrokSession(grokSessionPath, (msg) => api.logger.info(msg));
 
     // ── Phase 1: openai-codex auth bridge ─────────────────────────────────────
     if (enableCodex) {
@@ -413,6 +557,7 @@ const plugin = {
             timeoutMs,
             log: (msg) => api.logger.info(msg),
             warn: (msg) => api.logger.warn(msg),
+            getGrokContext: () => grokContext,
           });
           proxyServer = server;
           api.logger.info(
@@ -436,6 +581,7 @@ const plugin = {
                 port, apiKey, timeoutMs,
                 log: (msg) => api.logger.info(msg),
                 warn: (msg) => api.logger.warn(msg),
+                getGrokContext: () => grokContext,
               });
               proxyServer = server;
               api.logger.info(`[cli-bridge] proxy ready on :${port} (retry)`);
@@ -483,11 +629,13 @@ const plugin = {
       const { name, model, description, label } = entry;
       api.registerCommand({
         name,
-        description,
+        description: `${description}. Pass --now to apply immediately (only between sessions!).`,
+        acceptsArgs: true,
         requireAuth: false,
         handler: async (ctx: PluginCommandContext): Promise<PluginCommandResult> => {
-          api.logger.info(`[cli-bridge] /${name} by ${ctx.senderId ?? "?"}`);
-          return switchModel(api, model, label);
+          const forceNow = (ctx.args ?? "").trim().toLowerCase() === "--now";
+          api.logger.info(`[cli-bridge] /${name} by ${ctx.senderId ?? "?"} forceNow=${forceNow}`);
+          return switchModel(api, model, label, forceNow);
         },
       } satisfies OpenClawPluginCommandDefinition);
     }
@@ -495,11 +643,14 @@ const plugin = {
     // ── Phase 3b: /cli-back — restore previous model ──────────────────────────
     api.registerCommand({
       name: "cli-back",
-      description: "Restore the model that was active before the last /cli-* switch",
+      description: "Restore the model active before the last /cli-* switch. Clears any pending staged switch.",
       requireAuth: false,
       handler: async (ctx: PluginCommandContext): Promise<PluginCommandResult> => {
         api.logger.info(`[cli-bridge] /cli-back by ${ctx.senderId ?? "?"}`);
 
+        // Clear any pending staged switch
+        clearPending();
+
         const state = readState();
         if (!state?.previousModel) {
           return { text: "ℹ️ No previous model saved. Use `/cli-sonnet` etc. to switch first." };
@@ -529,6 +680,57 @@ const plugin = {
       },
     } satisfies OpenClawPluginCommandDefinition);
 
+    // ── Phase 3b2: /cli-apply — apply staged model switch ─────────────────────
+    api.registerCommand({
+      name: "cli-apply",
+      description: "Apply a staged /cli-* model switch. Use this AFTER finishing your current task.",
+      requireAuth: false,
+      handler: async (ctx: PluginCommandContext): Promise<PluginCommandResult> => {
+        api.logger.info(`[cli-bridge] /cli-apply by ${ctx.senderId ?? "?"}`);
+
+        const pending = readPending();
+        if (!pending) {
+          const current = readCurrentModel();
+          return {
+            text:
+              `ℹ️ No staged switch pending.\n` +
+              `Current model: \`${current ?? "unknown"}\`\n\n` +
+              `Use \`/cli-sonnet\`, \`/cli-opus\` etc. to stage a switch.`,
+          };
+        }
+
+        api.logger.info(`[cli-bridge] applying staged switch → ${pending.model}`);
+        return applyModelSwitch(api, pending.model, pending.label);
+      },
+    } satisfies OpenClawPluginCommandDefinition);
+
+    // ── Phase 3b3: /cli-pending — show staged switch ───────────────────────────
+    api.registerCommand({
+      name: "cli-pending",
+      description: "Show the currently staged model switch (if any).",
+      requireAuth: false,
+      handler: async (): Promise<PluginCommandResult> => {
+        const pending = readPending();
+        const current = readCurrentModel();
+        if (!pending) {
+          return {
+            text:
+              `✅ No pending switch.\n` +
+              `Current model: \`${current ?? "unknown"}\``,
+          };
+        }
+        return {
+          text:
+            `📋 **Staged switch pending:**\n` +
+            `→ \`${pending.model}\` (${pending.label})\n` +
+            `Requested: ${pending.requestedAt}\n\n` +
+            `Current: \`${current ?? "unknown"}\`\n\n` +
+            `Run \`/cli-apply\` to apply after finishing your current task.\n` +
+            `Run \`/cli-sonnet --now\` etc. to discard and switch immediately.`,
+        };
+      },
+    } satisfies OpenClawPluginCommandDefinition);
+
     // ── Phase 3c: /cli-test — one-shot proxy ping, no global model switch ──────
     api.registerCommand({
       name: "cli-test",
@@ -605,22 +807,84 @@ const plugin = {
           }
           lines.push("");
         }
+        const pending = readPending();
+        const pendingNote = pending ? ` ← pending: ${pending.label}` : "";
+
         lines.push("*Utility*");
-        lines.push("  /cli-back            Restore previous model");
+        lines.push(`  /cli-apply           Apply staged switch${pendingNote}`);
+        lines.push("  /cli-pending         Show staged switch (if any)");
+        lines.push("  /cli-back            Restore previous model + clear staged");
         lines.push("  /cli-test [model]    Health check (no model switch)");
         lines.push("  /cli-list            This overview");
         lines.push("");
+        lines.push("*Switching safely:*");
+        lines.push("  /cli-sonnet          → stages switch (safe, apply later)");
+        lines.push("  /cli-sonnet --now    → immediate switch (only between sessions!)");
+        lines.push("");
         lines.push(`Proxy: \`127.0.0.1:${port}\``);
 
         return { text: lines.join("\n") };
       },
     } satisfies OpenClawPluginCommandDefinition);
 
+    // ── Phase 4: Grok web-session commands ────────────────────────────────────
+
+    api.registerCommand({
+      name: "grok-login",
+      description: "Open browser to log in to grok.com (X/Twitter account)",
+      handler: async (): Promise<PluginCommandResult> => {
+        if (grokContext) {
+          return { text: "✅ Already logged in to grok.com. Use /grok-logout first to re-authenticate." };
+        }
+        api.logger.info("[cli-bridge:grok] starting interactive login...");
+        try {
+          if (!grokBrowser) grokBrowser = await launchGrokBrowser();
+          const session = await runInteractiveLogin(grokBrowser, grokSessionPath, (msg) => api.logger.info(msg));
+          grokContext = await createContextFromSession(grokBrowser, session);
+          return { text: "✅ Logged in to grok.com!\n\nGrok models available:\n• `vllm/web-grok/grok-3`\n• `vllm/web-grok/grok-3-fast`\n• `vllm/web-grok/grok-3-mini`\n\nUse `/cli-grok` to switch." };
+        } catch (err) {
+          return { text: `❌ Login failed: ${(err as Error).message}` };
+        }
+      },
+    } satisfies OpenClawPluginCommandDefinition);
+
+    api.registerCommand({
+      name: "grok-status",
+      description: "Check grok.com session status",
+      handler: async (): Promise<PluginCommandResult> => {
+        if (!grokContext) {
+          return { text: "❌ No active grok.com session\nRun `/grok-login` to authenticate." };
+        }
+        const check = await verifySession(grokContext, (msg) => api.logger.info(msg));
+        if (check.valid) {
+          return { text: `✅ grok.com session active\nProxy: \`127.0.0.1:${port}\`\nModels: web-grok/grok-3, web-grok/grok-3-fast, web-grok/grok-3-mini, web-grok/grok-3-mini-fast` };
+        }
+        grokContext = null;
+        return { text: `❌ Session expired: ${check.reason}\nRun \`/grok-login\` to re-authenticate.` };
+      },
+    } satisfies OpenClawPluginCommandDefinition);
+
+    api.registerCommand({
+      name: "grok-logout",
+      description: "Clear saved grok.com session",
+      handler: async (): Promise<PluginCommandResult> => {
+        if (grokContext) {
+          await grokContext.close().catch(() => {});
+          grokContext = null;
+        }
+        deleteSession(grokSessionPath);
+        return { text: "✅ Logged out from grok.com. Session file deleted." };
+      },
+    } satisfies OpenClawPluginCommandDefinition);
+
     const allCommands = [
       ...CLI_MODEL_COMMANDS.map((c) => `/${c.name}`),
       "/cli-back",
       "/cli-test",
       "/cli-list",
+      "/grok-login",
+      "/grok-status",
+      "/grok-logout",
     ];
     api.logger.info(`[cli-bridge] registered ${allCommands.length} commands: ${allCommands.join(", ")}`);
   },

package/openclaw.plugin.json

@@ -1,7 +1,7 @@
 {
   "id": "openclaw-cli-bridge-elvatis",
   "name": "OpenClaw CLI Bridge",
-  "version": "0.2.23",
+  "version": "0.2.26",
   "description": "Phase 1: openai-codex auth bridge. Phase 2: local HTTP proxy routing model calls through gemini/claude CLIs (vllm provider).",
   "providers": [
     "openai-codex"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@elvatis_com/openclaw-cli-bridge-elvatis",
-  "version": "0.2.23",
+  "version": "0.2.26",
   "description": "Bridges gemini, claude, and codex CLI tools as OpenClaw model providers. Reads existing CLI auth without re-login.",
   "type": "module",
   "openclaw": {
@@ -18,5 +18,8 @@
     "@types/node": "^25.3.2",
     "typescript": "^5.9.3",
     "vitest": "^4.0.18"
+  },
+  "dependencies": {
+    "playwright": "^1.58.2"
   }
-}
+}

package/src/claude-auth.ts

@@ -47,7 +47,8 @@ const CREDENTIALS_PATH = join(homedir(), ".claude", ".credentials.json");
 // State
 // ──────────────────────────────────────────────────────────────────────────────
 
-let refreshTimer: ReturnType<typeof setTimeout> | null = null;
+let refreshTimer: ReturnType<typeof setInterval> | null = null;
+let nextRefreshAt = 0; // epoch ms when the next refresh is due
 let refreshInProgress: Promise<void> | null = null;
 let log: (msg: string) => void = () => {};
 
@@ -60,6 +61,19 @@ export function setAuthLogger(logger: (msg: string) => void): void {
   log = logger;
 }
 
+/**
+ * Stop the background token refresh interval.
+ * Call in plugin deactivate / proxy server close to avoid timer leaks.
+ */
+export function stopTokenRefresh(): void {
+  if (refreshTimer) {
+    clearInterval(refreshTimer);
+    refreshTimer = null;
+    nextRefreshAt = 0;
+    log("[cli-bridge:auth] Token refresh scheduler stopped");
+  }
+}
+
 /**
  * Read the current token expiry from ~/.claude/.credentials.json.
  * Returns null if the file doesn't exist or has no OAuth credentials
@@ -80,13 +94,14 @@ export async function readTokenExpiry(): Promise<number | null> {
 
 /**
  * Schedule a proactive token refresh 30 minutes before expiry.
- * Call once at proxy startup. Safe to call multiple times (clears old timer).
+ * Call once at proxy startup. Safe to call multiple times (restarts the interval).
+ *
+ * Uses a 10-minute polling interval instead of a single long setTimeout so that
+ * the scheduler survives system sleep/resume without missing its window.
  */
 export async function scheduleTokenRefresh(): Promise<void> {
-  if (refreshTimer) {
-    clearTimeout(refreshTimer);
-    refreshTimer = null;
-  }
+  // Clear any existing interval before (re-)starting
+  stopTokenRefresh();
 
   const expiresAt = await readTokenExpiry();
   if (expiresAt === null) {
@@ -96,7 +111,6 @@ export async function scheduleTokenRefresh(): Promise<void> {
 
   const now = Date.now();
   const msUntilExpiry = expiresAt - now;
-  const msUntilRefresh = msUntilExpiry - REFRESH_BEFORE_EXPIRY_MS;
 
   if (msUntilExpiry <= 0) {
     log("[cli-bridge:auth] Token already expired — refreshing now");
@@ -104,22 +118,33 @@ export async function scheduleTokenRefresh(): Promise<void> {
     return;
   }
 
-  if (msUntilRefresh <= 0) {
+  if (msUntilExpiry <= REFRESH_BEFORE_EXPIRY_MS) {
     // Expires within the next 30 min — refresh immediately
     log(`[cli-bridge:auth] Token expires in ${Math.round(msUntilExpiry / 60000)}min — refreshing now`);
     await refreshClaudeToken();
     return;
   }
 
-  const refreshInMin = Math.round(msUntilRefresh / 60000);
+  // Set the target time for the first scheduled refresh (30 min before expiry)
+  nextRefreshAt = expiresAt - REFRESH_BEFORE_EXPIRY_MS;
+  const refreshInMin = Math.round((nextRefreshAt - now) / 60000);
   log(`[cli-bridge:auth] Token valid for ${Math.round(msUntilExpiry / 60000)}min — refresh scheduled in ${refreshInMin}min`);
 
-  refreshTimer = setTimeout(async () => {
+  // Poll every 10 minutes instead of a single long setTimeout.
+  // This survives laptop sleep/resume without missing the refresh window.
+  const POLL_INTERVAL_MS = 10 * 60 * 1000;
+  refreshTimer = setInterval(async () => {
+    if (Date.now() < nextRefreshAt) return; // not yet due
     log("[cli-bridge:auth] Scheduled token refresh triggered");
     await refreshClaudeToken();
-    // Re-schedule for the next cycle after refresh
-    await scheduleTokenRefresh();
-  }, msUntilRefresh);
+    // Recompute next refresh target from the freshly written credentials
+    const newExpiry = await readTokenExpiry();
+    if (newExpiry) {
+      nextRefreshAt = newExpiry - REFRESH_BEFORE_EXPIRY_MS;
+      const nextInMin = Math.round((nextRefreshAt - Date.now()) / 60000);
+      log(`[cli-bridge:auth] Next refresh in ${nextInMin}min`);
+    }
+  }, POLL_INTERVAL_MS);
 
   // Don't block process exit
   if (refreshTimer.unref) refreshTimer.unref();
@@ -189,13 +214,12 @@ async function doRefresh(): Promise<void> {
     return;
   }
 
-  // Re-read expiry and reschedule timer
+  // Re-read expiry and update the next refresh target for the running interval
   const newExpiry = await readTokenExpiry();
   if (newExpiry) {
     const validForMin = Math.round((newExpiry - Date.now()) / 60000);
     log(`[cli-bridge:auth] Token refreshed — valid for ${validForMin}min`);
-    // Reschedule the proactive timer for the new expiry
-    void scheduleTokenRefresh();
+    nextRefreshAt = newExpiry - REFRESH_BEFORE_EXPIRY_MS;
   }
 }