@elvatis_com/openclaw-cli-bridge-elvatis 1.3.3 → 1.3.5

package/.ai/handoff/STATUS.md

@@ -1,8 +1,8 @@
 # STATUS — openclaw-cli-bridge-elvatis
 
-## Current Version: 1.0.0 (npm + ClawHub + GitHub) ✅ RELEASED
+## Current Version: 1.3.3 (npm + ClawHub + GitHub) ✅ RELEASED
 
-## All 4 Providers LIVE — Tested 2026-03-11 22:24
+## All 4 Providers Available — on-demand via /xxx-login
 | Provider | Status | Models | Command |
 |---|---|---|---|
 | Grok | ✅ | web-grok/grok-3, grok-3-fast, grok-3-mini, grok-3-mini-fast | /grok-login |
@@ -10,26 +10,35 @@
 | Gemini | ✅ | web-gemini/gemini-2-5-pro, gemini-2-5-flash, gemini-3-pro, gemini-3-flash | /gemini-login |
 | ChatGPT | ✅ | web-chatgpt/gpt-4o, gpt-4o-mini, gpt-o3, gpt-o4-mini, gpt-5 | /chatgpt-login |
 
-Live test: "What is the capital of France?"
-- Grok: "Paris" ✅
-- Claude: "Paris" ✅
-- Gemini: "Paris" ✅
-- ChatGPT: "Paris" ✅
-
 ## Stats
 - 22 total models, 16 web-session models
 - 96/96 tests green (8 test files)
-- 0 zombie Chromium processes (singleton CDP, cleanupBrowsers on stop)
+- 0 zombie Chromium processes at startup (browsers on-demand only)
 - Cookie expiry tracking for all 4 providers
+- Singleton guard on ensureAllProviderContexts (no concurrent spawns)
+
+## Architecture: Browser Lifecycle
+- **On plugin start:** NO browser launched automatically
+- **On /xxx-login:** launches persistent Chromium for that provider only
+- **On request (no context):** returns null → caller sees "not logged in" error
+- **On /xxx-logout:** closes context + deletes session file
+
+## Known Issues
+- Cloudflare may block headless Chromium for Claude/Gemini without a valid CDP session
+  → Workaround: have OpenClaw browser open on the provider's page, then /xxx-login
 
-## Known Issue: Browser persistence after Gateway restart
-After SIGUSR1/full restart, OpenClaw browser is gone (CDP ECONNREFUSED).
-Workaround: manually open browser + 4 provider pages → lazy connect takes over.
-Fix needed: auto-start browser on plugin init, or keep-alive ping.
+## Release History
+- v1.3.3 (2026-03-12): Remove startup auto-connect — browsers on-demand only (OOM fix)
+- v1.3.2 (2026-03-12): Singleton guard on ensureAllProviderContexts (resource leak fix)
+- v1.3.1 (2026-03-11): Cookie baking into persistent profiles on login
+- v1.3.0 (2026-03-11): Browser auto-reconnect after gateway restart
+- v1.2.0 (2026-03-11): Fresh page per request + ChatGPT model switching
+- v1.1.0 (2026-03-11): Auto-connect on startup + /bridge-status
+- v1.0.0 (2026-03-11): All 4 providers headless (Grok/Claude/Gemini/ChatGPT) — 96/96 tests
+- v0.2.x: Grok (v0.2.26-28), Claude (v0.2.29), Gemini (v0.2.30)
+- v0.2.25: Sleep-resilient token refresh + staged /cli-* switching
 
-## Next Steps (v1.1.x)
-- Auto-reconnect OpenClaw browser on plugin start
-- /status command showing all 4 providers at once
-- Context-window management for long conversations (new page per conversation)
-- Handle model-switching within chatgpt.com (dropdown selector)
-- Handle Gemini model switching (2.5 Pro vs Flash vs 3)
+## Next Steps
+- Context-window management for long conversations
+- Gemini model switching (2.5 Pro vs Flash vs 3) via UI
+- /bridge-status: show per-provider login state + cookie expiry

package/README.md

@@ -2,7 +2,7 @@
 
 > OpenClaw plugin that bridges locally installed AI CLIs (Codex, Gemini, Claude Code) as model providers — with slash commands for instant model switching, restore, health testing, and model listing.
 
-**Current version:** `1.3.1`
+**Current version:** `1.3.5`
 
 ---
 
@@ -81,6 +81,77 @@ All commands use gateway-level `commands.allowFrom` for authorization (`requireA
 
 ---
 
+### Phase 4 — Web Browser Providers (headless, no API key needed)
+
+Routes requests through real browser sessions on the provider's web UI. Requires a valid login session (free or paid tier). Uses persistent Chromium profiles — sessions survive gateway restarts.
+
+**Grok** (grok.com — SuperGrok subscription):
+
+| Model | Notes |
+|---|---|
+| `web-grok/grok-3` | Full model |
+| `web-grok/grok-3-fast` | Faster variant |
+| `web-grok/grok-3-mini` | Lightweight |
+| `web-grok/grok-3-mini-fast` | Fastest |
+
+| Command | What it does |
+|---|---|
+| `/grok-login` | Authenticate via X.com OAuth, save session to `~/.openclaw/grok-profile/` |
+| `/grok-status` | Show session validity + cookie expiry |
+| `/grok-logout` | Clear session |
+
+**Claude** (claude.ai):
+
+| Model | Notes |
+|---|---|
+| `web-claude/claude-sonnet` | Sonnet |
+| `web-claude/claude-opus` | Opus |
+| `web-claude/claude-haiku` | Haiku |
+
+| Command | What it does |
+|---|---|
+| `/claude-login` | Authenticate, save cookies to `~/.openclaw/claude-profile/` |
+| `/claude-status` | Show session validity + cookie expiry |
+| `/claude-logout` | Clear session |
+
+**Gemini** (gemini.google.com):
+
+| Model | Notes |
+|---|---|
+| `web-gemini/gemini-2-5-pro` | Gemini 2.5 Pro |
+| `web-gemini/gemini-2-5-flash` | Gemini 2.5 Flash |
+| `web-gemini/gemini-3-pro` | Gemini 3 Pro |
+| `web-gemini/gemini-3-flash` | Gemini 3 Flash |
+
+| Command | What it does |
+|---|---|
+| `/gemini-login` | Authenticate, save cookies to `~/.openclaw/gemini-profile/` |
+| `/gemini-status` | Show session validity + cookie expiry |
+| `/gemini-logout` | Clear session |
+
+**ChatGPT** (chatgpt.com):
+
+| Model | Notes |
+|---|---|
+| `web-chatgpt/gpt-4o` | GPT-4o |
+| `web-chatgpt/gpt-4o-mini` | GPT-4o Mini |
+| `web-chatgpt/gpt-o3` | o3 |
+| `web-chatgpt/gpt-o4-mini` | o4-mini |
+| `web-chatgpt/gpt-5` | GPT-5 |
+
+| Command | What it does |
+|---|---|
+| `/chatgpt-login` | Authenticate, save cookies to `~/.openclaw/chatgpt-profile/` |
+| `/chatgpt-status` | Show session validity + cookie expiry |
+| `/chatgpt-logout` | Clear session |
+
+**Session lifecycle:**
+- First use: run `/xxx-login` once (opens Chromium, authenticate in browser)
+- After gateway restart: sessions are **automatically restored** from saved profiles on startup (sequential, ~25s after start)
+- `/bridge-status` — shows all 4 providers at a glance with login state + expiry info
+
+---
+
 ## Requirements
 
 - [OpenClaw](https://openclaw.ai) gateway (tested with `2026.3.x`)
@@ -287,6 +358,25 @@ npm test            # vitest run (45 tests)
 
 ## Changelog
 
+### v1.3.5
+- **fix:** Startup session restore now runs only once per process lifetime — `_startupRestoreDone` module-level guard prevents re-running on every hot-reload (SIGUSR1), which was triggered every ~60s by the openclaw-control-ui dashboard poll
+- **root cause:** Gateway `reload.mode=hybrid` + dashboard status polling caused plugin to reinitialize every 60s → each reload spawned a new Gemini Chromium instance → RAM/CPU OOM loop
+- **behavior:** First load after gateway start: sequential profile restore runs once. All subsequent hot-reloads: skip restore, reuse existing in-memory contexts
+
+### v1.3.4
+- **feat:** Safe sequential session restore on startup — if a saved profile exists, providers are reconnected automatically after gateway restart (one at a time, 3s delay between each, headless)
+- **fix:** No manual `/xxx-login` needed after reboot if profile is already saved
+- **safety:** Profile-gated — only restores if `~/.openclaw/<provider>-profile/` or cookie file exists; never spawns a browser for an uninitialized provider
+
+### v1.3.3
+- **fix:** Removed auto-connect of all browser providers on plugin startup — caused OOM (load 195, 30GB RAM) by spawning 4+ persistent Chromium instances on every gateway start
+- **fix:** Removed Grok session restore on startup — same root cause
+- **behavior change:** Browsers are now started **on-demand only** via `/grok-login`, `/claude-login`, `/gemini-login`, `/chatgpt-login`
+
+### v1.3.2
+- **fix:** Singleton promise guard on `ensureAllProviderContexts()` — concurrent requests no longer each spawn their own Chromium; extra callers await the existing run
+- **fix:** Removed recursive `ensureAllProviderContexts()` fallback from all `connect*Context` proxy callbacks — no more exponential browser spawn on CDP failure
+
 ### v1.3.1
 - **fix:** /claude-login, /gemini-login, /chatgpt-login now bake cookies into persistent profile dirs
 - **fix:** After gateway restart, providers auto-reconnect from saved profile (no browser tabs needed)

package/index.ts

@@ -233,6 +233,10 @@ async function scanCookieExpiry(ctx: import("playwright").BrowserContext): Promi
 let _cdpBrowser: import("playwright").Browser | null = null;
 let _cdpBrowserLaunchPromise: Promise<import("playwright").BrowserContext | null> | null = null;
 
+// Startup restore guard — module-level so it survives hot-reloads (SIGUSR1).
+// Set to true after first run; hot-reloads see true and skip the restore loop.
+let _startupRestoreDone = false;
+
 /**
  * Connect to the OpenClaw managed browser (CDP port 18800).
  * Singleton: reuses the same connection. Falls back to persistent Chromium for Grok only.
@@ -746,10 +750,102 @@ const plugin = {
     const codexAuthPath = cfg.codexAuthPath ?? DEFAULT_CODEX_AUTH_PATH;
     const grokSessionPath = cfg.grokSessionPath ?? DEFAULT_SESSION_PATH;
 
-    // Grok session restore on startup REMOVED — on-demand only via /grok-login.
+    // ── Session restore: only on first plugin load (not on hot-reloads) ──────
+    // The gateway polls every ~60s via openclaw status, which triggers a hot-reload
+    // (SIGUSR1 + hybrid mode). Module-level contexts (grokContext etc.) survive
+    // hot-reloads because Node keeps the module in memory — so we only need to
+    // restore once, on the very first load (when all contexts are null).
+    //
+    // Guard: _startupRestoreDone is module-level and persists across hot-reloads.
+    if (!_startupRestoreDone) {
+      _startupRestoreDone = true;
+      void (async () => {
+        await new Promise(r => setTimeout(r, 5000)); // wait for proxy + gateway to settle
+        const { chromium } = await import("playwright");
+        const { existsSync } = await import("node:fs");
+
+        const profileProviders: Array<{
+          name: string;
+          profileDir: string;
+          cookieFile: string;
+          verifySelector: string;
+          homeUrl: string;
+          setCtx: (c: BrowserContext) => void;
+          getCtx: () => BrowserContext | null;
+        }> = [
+          {
+            name: "grok",
+            profileDir: GROK_PROFILE_DIR,
+            cookieFile: join(homedir(), ".openclaw", "grok-session.json"),
+            verifySelector: "textarea",
+            homeUrl: "https://grok.com",
+            getCtx: () => grokContext,
+            setCtx: (c) => { grokContext = c; },
+          },
+          {
+            name: "claude",
+            profileDir: join(homedir(), ".openclaw", "claude-profile"),
+            cookieFile: join(homedir(), ".openclaw", "claude-cookie-expiry.json"),
+            verifySelector: ".ProseMirror",
+            homeUrl: "https://claude.ai/new",
+            getCtx: () => claudeContext,
+            setCtx: (c) => { claudeContext = c; },
+          },
+          {
+            name: "gemini",
+            profileDir: join(homedir(), ".openclaw", "gemini-profile"),
+            cookieFile: join(homedir(), ".openclaw", "gemini-cookie-expiry.json"),
+            verifySelector: ".ql-editor",
+            homeUrl: "https://gemini.google.com/app",
+            getCtx: () => geminiContext,
+            setCtx: (c) => { geminiContext = c; },
+          },
+          {
+            name: "chatgpt",
+            profileDir: join(homedir(), ".openclaw", "chatgpt-profile"),
+            cookieFile: join(homedir(), ".openclaw", "chatgpt-cookie-expiry.json"),
+            verifySelector: "#prompt-textarea",
+            homeUrl: "https://chatgpt.com",
+            getCtx: () => chatgptContext,
+            setCtx: (c) => { chatgptContext = c; },
+          },
+        ];
 
-    // Auto-connect on startup REMOVED — browsers are launched on-demand via /xxx-login only.
-    // Spawning 4 persistent Chromium contexts at startup caused OOM under load.
+        for (const p of profileProviders) {
+          if (!existsSync(p.profileDir) && !existsSync(p.cookieFile)) {
+            api.logger.info(`[cli-bridge:${p.name}] no saved profile — skipping startup restore`);
+            continue;
+          }
+          if (p.getCtx()) continue; // already connected
+
+          try {
+            api.logger.info(`[cli-bridge:${p.name}] restoring session from profile…`);
+            const ctx = await chromium.launchPersistentContext(p.profileDir, {
+              headless: true,
+              args: ["--no-sandbox", "--disable-setuid-sandbox"],
+            });
+            const page = await ctx.newPage();
+            await page.goto(p.homeUrl, { waitUntil: "domcontentloaded", timeout: 20_000 });
+            await new Promise(r => setTimeout(r, 3000));
+            const ok = await page.locator(p.verifySelector).isVisible().catch(() => false);
+            await page.close().catch(() => {});
+            if (ok) {
+              p.setCtx(ctx);
+              ctx.on("close", () => { p.setCtx(null as unknown as BrowserContext); });
+              api.logger.info(`[cli-bridge:${p.name}] session restored from profile ✅`);
+            } else {
+              await ctx.close().catch(() => {});
+              api.logger.info(`[cli-bridge:${p.name}] profile exists but not logged in — needs /xxx-login`);
+            }
+          } catch (err) {
+            api.logger.warn(`[cli-bridge:${p.name}] startup restore failed: ${(err as Error).message}`);
+          }
+
+          // Sequential — never spawn all 4 Chromium instances at once
+          await new Promise(r => setTimeout(r, 3000));
+        }
+      })();
+    }
 
     // ── Phase 1: openai-codex auth bridge ─────────────────────────────────────
     if (enableCodex) {

package/openclaw.plugin.json

@@ -1,7 +1,7 @@
 {
   "id": "openclaw-cli-bridge-elvatis",
   "name": "OpenClaw CLI Bridge",
-  "version": "1.3.3",
+  "version": "1.3.5",
   "description": "Phase 1: openai-codex auth bridge. Phase 2: local HTTP proxy routing model calls through gemini/claude CLIs (vllm provider).",
   "providers": [
     "openai-codex"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@elvatis_com/openclaw-cli-bridge-elvatis",
-  "version": "1.3.3",
+  "version": "1.3.5",
   "description": "Bridges gemini, claude, and codex CLI tools as OpenClaw model providers. Reads existing CLI auth without re-login.",
   "type": "module",
   "openclaw": {