@elvatis_com/openclaw-cli-bridge-elvatis 1.3.4 → 1.5.0

package/.ai/handoff/DASHBOARD.md

@@ -1,39 +1,36 @@
 # DASHBOARD.md — openclaw-cli-bridge-elvatis
 
-_Last updated: 2026-03-11_
+_Last updated: 2026-03-12_
 
 <!-- SECTION: plugin_status -->
-## 🏗️ Plugin Status
+## Plugin Status
 
 | Component | Version | Build | Tests | Status |
 |-----------|---------|-------|-------|--------|
-| openclaw-cli-bridge-elvatis | 0.2.25 | ✅ | ✅ 51/51 | ✅ Stable |
+| openclaw-cli-bridge-elvatis | 1.4.0 | ✅ | ✅ 96/96 | ✅ Stable |
 <!-- /SECTION: plugin_status -->
 
 <!-- SECTION: release_state -->
-## 🚀 Release State
+## Release State
 
 | Platform | Published Version | Status |
 |----------|------------------|--------|
-| GitHub | v0.2.23 | ✅ Tagged + Release |
-| npm | 0.2.23 | ✅ Published |
-| ClawHub | 0.2.23 | ✅ Published |
-| Local | 0.2.25 | ⏳ Built + tested, pending publish |
+| GitHub | v1.3.5 | ✅ Tagged + Release |
+| Local | 1.4.0 | ⏳ Built + tested, pending push |
 <!-- /SECTION: release_state -->
 
 <!-- SECTION: open_tasks -->
-## 📋 Open Tasks
+## Open Tasks
 
-| ID | Task | Priority | Blocked by | Ready? |
-|----|------|----------|-----------|--------|
-| T-010 | Publish v0.2.25 to GitHub + npm + ClawHub | 🟡 MEDIUM | — | ✅ Ready |
+_No open tasks._
 <!-- /SECTION: open_tasks -->
 
 <!-- SECTION: completed_tasks -->
-## ✅ Completed Tasks
+## Completed Tasks
 
 | Task | Title | Version |
 |------|-------|---------|
+| T-012 | Persistent browser fallback for Claude/Gemini/ChatGPT (no CDP required) | 1.4.0 |
 | T-011 | Session-safe staged model switching (/cli-apply, /cli-pending, --now) | 0.2.25 |
 | T-009 | Stability: sleep-resilient token refresh + stopTokenRefresh cleanup | 0.2.25 |
 | T-103 | Explicit model allowlist for CLI execution | 0.2.23 |

package/.ai/handoff/HEADLESS_ROADMAP.md

@@ -4,11 +4,14 @@
 Alle Provider (Claude, Gemini, Codex/ChatGPT, Grok) über Playwright Browser-Sessions
 betreiben — keine lokalen CLI-Binaries mehr nötig. Ein headless Chromium, ein Proxy.
 
-## Aktueller Stand (v0.2.28)
+## Aktueller Stand (v1.4.0)
 - ✅ Grok: DOM-Polling via grok.com (FERTIG, produktiv)
-- ⏳ Claude: claude CLI binary → Ziel: claude.ai headless
-- ⏳ Gemini: gemini CLI binary → Ziel: gemini.google.com headless
-- ⏳ Codex: codex CLI binary → Ziel: chatgpt.com headless
+- ✅ Claude: claude.ai headless (FERTIG, persistent Chromium fallback)
+- ✅ Gemini: gemini.google.com headless (FERTIG, persistent Chromium fallback)
+- ✅ ChatGPT: chatgpt.com headless (FERTIG, persistent Chromium fallback)
+
+All 4 providers now work without CDP (OpenClaw browser). Persistent Chromium profiles
+are used as fallback when CDP on port 18800 is unavailable.
 
 ## Reihenfolge
 1. **Claude headless** (claude.ai) — höchste Priorität, meistgenutzt

package/.ai/handoff/LOG.md

@@ -4,6 +4,50 @@ _Last 10 sessions. Older entries in LOG-ARCHIVE.md._
 
 ---
 
+## 2026-03-12 — Session 7 (Claude Opus 4.6)
+
+> **Agent:** claude-opus-4-6
+> **Phase:** fix
+> **Commit before:** v1.3.5
+> **Commit after:** v1.4.0
+
+**T-012: Persistent browser fallback for Claude/Gemini/ChatGPT login commands**
+
+### Problem
+`/claude-login`, `/gemini-login`, `/chatgpt-login` all called `connectToOpenClawBrowser()` directly,
+which only tries CDP on `http://127.0.0.1:18800`. If Chrome was not running with
+`--remote-debugging-port=18800`, all three commands failed with "Could not connect to OpenClaw browser".
+Grok already had the fallback pattern (CDP -> persistent Chromium) since v0.2.27, but the other
+three providers never got it.
+
+### Fix (index.ts)
+
+**New constants:** `CLAUDE_PROFILE_DIR`, `GEMINI_PROFILE_DIR`, `CHATGPT_PROFILE_DIR`
+
+**New functions:** `getOrLaunchClaudeContext()`, `getOrLaunchGeminiContext()`, `getOrLaunchChatGPTContext()`
+- Same pattern as `getOrLaunchGrokContext()`: return existing context -> try CDP -> fall back to persistent Chromium
+- Concurrent launch requests coalesced via promise guard (no duplicate Chromium spawns)
+
+**Updated login handlers:** `/claude-login`, `/gemini-login`, `/chatgpt-login` now follow the Grok pattern:
+1. Try to import cookies from CDP (optional, catches errors gracefully)
+2. `getOrLaunchXxxContext()` (CDP or persistent Chromium fallback)
+3. Inject imported cookies if available
+4. Navigate and verify
+
+**Updated proxy callbacks:** `connectClaudeContext`, `connectGeminiContext`, `connectChatGPTContext` in
+both proxy server setup blocks now use `getOrLaunchXxxContext()` instead of `connectToOpenClawBrowser()`.
+
+**Updated `cleanupBrowsers()`:** Now properly closes Claude, Gemini, and ChatGPT persistent contexts.
+
+### Build + Tests
+- `npm run build` - only pre-existing errors (openclaw/plugin-sdk not available locally)
+- `npm test` - 96/96 green, 0 failures
+
+### Version
+1.3.5 -> 1.4.0 (feature: persistent fallback for all providers)
+
+---
+
 ## 2026-03-11 — Session 6 (Akido / claude-sonnet-4-6)
 
 > **Agent:** claude-sonnet-4-6

package/.ai/handoff/NEXT_ACTIONS.md

@@ -1,46 +1,36 @@
 # NEXT_ACTIONS.md — openclaw-cli-bridge-elvatis
 
-_Last updated: 2026-03-11_
+_Last updated: 2026-03-12_
 
 <!-- SECTION: summary -->
 ## Status Summary
 
 | Status  | Count |
 |---------|-------|
-| Done    | 11    |
-| Ready   | 1     |
+| Done    | 12    |
+| Ready   | 0     |
 | Blocked | 0     |
 <!-- /SECTION: summary -->
 
 ---
 
-## ⚡ Ready — Work These Next
+## Ready - Work These Next
 
-### T-010: [medium] — Publish v0.2.25 to all platforms
-
-- **Goal:** Publish v0.2.25 to GitHub, npm, and ClawHub.
-- **Context:** v0.2.25 built + 51/51 tests pass. Changes: staged model switching (session-safe /cli-*), sleep-resilient token refresh, stopTokenRefresh cleanup.
-- **What to do:**
-  1. `git add -u && git commit -m "feat(cli): staged switch + token refresh stability (v0.2.25)"`
-  2. `git tag v0.2.25 && git push origin main && git push origin v0.2.25`
-  3. `gh release create v0.2.25 --title "v0.2.25 — Session-safe model switching" --notes "..."`
-  4. `npm publish --access public`
-  5. ClawHub publish via rsync workaround (see CONVENTIONS.md)
-  6. Update STATUS.md platform table after publish
-- **Definition of done:** v0.2.25 live on GitHub + npm + ClawHub.
+_No pending tasks._
 
 ---
 
-## 🚫 Blocked
+## Blocked
 
 _No blocked tasks._
 
 ---
 
-## ✅ Recently Completed
+## Recently Completed
 
 | Task  | Title                                                              | Date       |
 |-------|--------------------------------------------------------------------|------------|
+| T-012 | Persistent browser fallback for Claude/Gemini/ChatGPT (no CDP)    | 2026-03-12 |
 | T-011 | Session-safe staged model switching (/cli-apply, /cli-pending)     | 2026-03-11 |
 | T-009 | Stability: sleep-resilient token refresh + stopTokenRefresh cleanup | 2026-03-11 |
 | T-008 | Validate proxy endpoints + vllm model calls end-to-end            | 2026-03-08 |

package/.ai/handoff/STATUS.md

@@ -1,8 +1,8 @@
 # STATUS — openclaw-cli-bridge-elvatis
 
-## Current Version: 1.3.3 (npm + ClawHub + GitHub) ✅ RELEASED
+## Current Version: 1.4.0
 
-## All 4 Providers Available — on-demand via /xxx-login
+## All 4 Providers Available — on-demand via /xxx-login (no CDP required)
 | Provider | Status | Models | Command |
 |---|---|---|---|
 | Grok | ✅ | web-grok/grok-3, grok-3-fast, grok-3-mini, grok-3-mini-fast | /grok-login |
@@ -16,29 +16,31 @@
 - 0 zombie Chromium processes at startup (browsers on-demand only)
 - Cookie expiry tracking for all 4 providers
 - Singleton guard on ensureAllProviderContexts (no concurrent spawns)
+- Persistent Chromium fallback for all 4 providers (no CDP dependency)
 
 ## Architecture: Browser Lifecycle
 - **On plugin start:** NO browser launched automatically
-- **On /xxx-login:** launches persistent Chromium for that provider only
-- **On request (no context):** returns null → caller sees "not logged in" error
+- **On /xxx-login:** tries CDP import (optional) then launches persistent Chromium for that provider
+- **CDP unavailable?** No problem - persistent Chromium from saved profile is used automatically
+- **On request (no context):** proxy callbacks also use persistent fallback before returning null
 - **On /xxx-logout:** closes context + deletes session file
 
 ## Known Issues
-- Cloudflare may block headless Chromium for Claude/Gemini without a valid CDP session
-  → Workaround: have OpenClaw browser open on the provider's page, then /xxx-login
+- Cloudflare may block headless Chromium for some providers without cookies
+  - Workaround: first login via OpenClaw browser (CDP), subsequent restarts use saved profile
 
 ## Release History
-- v1.3.3 (2026-03-12): Remove startup auto-connect — browsers on-demand only (OOM fix)
+- v1.4.0 (2026-03-12): Persistent browser fallback for Claude/Gemini/ChatGPT (no CDP required)
+- v1.3.5 (2026-03-12): Startup restore guard - runs only once per process (SIGUSR1 fix)
+- v1.3.4 (2026-03-12): Safe sequential session restore from saved profiles
+- v1.3.3 (2026-03-12): Remove startup auto-connect - browsers on-demand only (OOM fix)
 - v1.3.2 (2026-03-12): Singleton guard on ensureAllProviderContexts (resource leak fix)
 - v1.3.1 (2026-03-11): Cookie baking into persistent profiles on login
 - v1.3.0 (2026-03-11): Browser auto-reconnect after gateway restart
 - v1.2.0 (2026-03-11): Fresh page per request + ChatGPT model switching
 - v1.1.0 (2026-03-11): Auto-connect on startup + /bridge-status
-- v1.0.0 (2026-03-11): All 4 providers headless (Grok/Claude/Gemini/ChatGPT) — 96/96 tests
-- v0.2.x: Grok (v0.2.26-28), Claude (v0.2.29), Gemini (v0.2.30)
-- v0.2.25: Sleep-resilient token refresh + staged /cli-* switching
+- v1.0.0 (2026-03-11): All 4 providers headless (Grok/Claude/Gemini/ChatGPT) - 96/96 tests
 
 ## Next Steps
 - Context-window management for long conversations
 - Gemini model switching (2.5 Pro vs Flash vs 3) via UI
-- /bridge-status: show per-provider login state + cookie expiry

package/.claude/settings.local.json

@@ -0,0 +1,14 @@
+{
+  "permissions": {
+    "allow": [
+      "Bash(npm run:*)",
+      "Bash(npx tsc:*)",
+      "Bash(ls node_modules/.bin/tsc*)",
+      "Bash(npm install:*)",
+      "Bash(./node_modules/.bin/tsc)",
+      "Bash(node_modules/.bin/tsc)",
+      "Bash(node_modules/.bin/tsc -p tsconfig.check.json)",
+      "Bash(node_modules/.bin/vitest run:*)"
+    ]
+  }
+}

package/README.md

@@ -2,7 +2,7 @@
 
 > OpenClaw plugin that bridges locally installed AI CLIs (Codex, Gemini, Claude Code) as model providers — with slash commands for instant model switching, restore, health testing, and model listing.
 
-**Current version:** `1.3.4`
+**Current version:** `1.5.0`
 
 ---
 
@@ -81,6 +81,48 @@ All commands use gateway-level `commands.allowFrom` for authorization (`requireA
 
 ---
 
+### Phase 4 — Web Browser Providers (headless, no API key needed)
+
+Routes requests through real browser sessions on the provider's web UI. Requires a valid login session (free or paid tier). Uses persistent Chromium profiles — sessions survive gateway restarts.
+
+**Grok** (grok.com — SuperGrok subscription):
+
+| Model | Notes |
+|---|---|
+| `web-grok/grok-3` | Full model |
+| `web-grok/grok-3-fast` | Faster variant |
+| `web-grok/grok-3-mini` | Lightweight |
+| `web-grok/grok-3-mini-fast` | Fastest |
+
+| Command | What it does |
+|---|---|
+| `/grok-login` | Authenticate via X.com OAuth, save session to `~/.openclaw/grok-profile/` |
+| `/grok-status` | Show session validity + cookie expiry |
+| `/grok-logout` | Clear session |
+
+**Gemini** (gemini.google.com):
+
+| Model | Notes |
+|---|---|
+| `web-gemini/gemini-2-5-pro` | Gemini 2.5 Pro |
+| `web-gemini/gemini-2-5-flash` | Gemini 2.5 Flash |
+| `web-gemini/gemini-3-pro` | Gemini 3 Pro |
+| `web-gemini/gemini-3-flash` | Gemini 3 Flash |
+
+| Command | What it does |
+|---|---|
+| `/gemini-login` | Authenticate, save cookies to `~/.openclaw/gemini-profile/` |
+| `/gemini-status` | Show session validity + cookie expiry |
+| `/gemini-logout` | Clear session |
+
+**Session lifecycle:**
+- First use: run `/xxx-login` once - authenticates and saves cookies to persistent Chromium profile
+- **No CDP required:** `/xxx-login` no longer depends on the OpenClaw browser (CDP port 18800). If CDP is available, cookies are imported from it; otherwise a standalone persistent Chromium is launched automatically.
+- After gateway restart: sessions are **automatically restored** from saved profiles on startup (sequential, ~25s after start)
+- `/bridge-status` — shows all providers at a glance with login state + expiry info
+
+---
+
 ## Requirements
 
 - [OpenClaw](https://openclaw.ai) gateway (tested with `2026.3.x`)
@@ -280,13 +322,45 @@ Slash commands (requireAuth=false, gateway commands.allowFrom is the auth layer)
 
 ```bash
 npm run typecheck   # tsc --noEmit
-npm test            # vitest run (45 tests)
+npm test            # vitest run (83 tests)
 ```
 
 ---
 
 ## Changelog
 
+### v1.5.0
+- **refactor:** Removed `/claude-login`, `/claude-logout`, `/claude-status`, `/chatgpt-login`, `/chatgpt-logout`, `/chatgpt-status` commands and all related browser automation code. Claude is fully covered by `cli-claude/*` via CLI proxy, ChatGPT by `openai-codex` + `copilot-proxy`.
+- **refactor:** Removed `web-claude/*` and `web-chatgpt/*` proxy routes and model entries from proxy server.
+- **refactor:** Removed `getOrLaunchClaudeContext()` and `getOrLaunchChatGPTContext()` functions, claude/chatgpt session state, cookie expiry tracking, and startup restore for these providers.
+- **cleanup:** Deleted `test/claude-proxy.test.ts` and `test/chatgpt-proxy.test.ts`.
+- **result:** Cleaner codebase, no browser timeout on startup for unused providers. Only Grok and Gemini browser providers remain.
+
+### v1.4.3
+- **fix:** Full stealth mode for all browser launches - `ignoreDefaultArgs: ['--enable-automation']` removes Playwright's automation flag, `--disable-blink-features=AutomationControlled` hides `navigator.webdriver`, and `--disable-infobars` suppresses the "Chrome is being controlled by automated software" banner. Combined with `channel: "chrome"` (v1.4.2), this bypasses Cloudflare human verification completely.
+- **root cause:** Even with system Chrome (`channel: "chrome"`), Playwright injects `--enable-automation` by default, which sets `navigator.webdriver = true` and shows the automation infobar. Cloudflare checks both signals.
+
+### v1.4.2
+- **fix:** All browser launches now use `channel: "chrome"` (real system Chrome) instead of Playwright's bundled Chromium. Cloudflare human verification no longer blocks `/xxx-login` commands.
+- **root cause:** Playwright's bundled Chromium is fingerprinted by Cloudflare as an automation browser, triggering CAPTCHA challenges that cannot be completed. System Chrome is not flagged.
+
+### v1.4.1
+- **fix:** `/claude-login`, `/gemini-login`, `/chatgpt-login` now fall back to a **headed** (visible) Chromium browser when headless login fails (no saved cookies in profile). The user can log in manually in the opened browser window (5 min timeout). After login, cookies are saved to the persistent profile for future headless use.
+- **fix:** Added missing `claude-opus-4-6` and `claude-haiku-4-5` entries to the Claude browser MODEL_MAP
+- **root cause:** Headless Chromium without saved cookies sees a login page, not the editor - the user cannot interact with a headless browser to log in
+
+### v1.4.0
+- **feat:** Persistent browser fallback for all providers - `/claude-login`, `/gemini-login`, `/chatgpt-login` no longer require the OpenClaw browser (CDP port 18800). If CDP is available, cookies are imported; otherwise a standalone persistent headless Chromium is launched automatically from the saved profile directory.
+- **feat:** New helper functions `getOrLaunchClaudeContext()`, `getOrLaunchGeminiContext()`, `getOrLaunchChatGPTContext()` - same pattern as the existing `getOrLaunchGrokContext()` (try CDP, fall back to persistent Chromium, coalesce concurrent launches)
+- **fix:** Proxy server `connectXxxContext` callbacks now use the persistent fallback too - no more "not logged in" errors when CDP is unavailable but a saved profile exists
+- **fix:** `cleanupBrowsers()` now properly closes Claude, Gemini, and ChatGPT persistent contexts on plugin teardown (previously only cleaned up Grok + CDP)
+- **root cause:** All 3 login commands (Claude, Gemini, ChatGPT) called `connectToOpenClawBrowser()` directly, which only tries CDP on 127.0.0.1:18800. If Chrome was not running with `--remote-debugging-port=18800`, login always failed. Grok already had the fallback pattern since v0.2.27 - now all 4 providers are consistent.
+
+### v1.3.5
+- **fix:** Startup session restore now runs only once per process lifetime — `_startupRestoreDone` module-level guard prevents re-running on every hot-reload (SIGUSR1), which was triggered every ~60s by the openclaw-control-ui dashboard poll
+- **root cause:** Gateway `reload.mode=hybrid` + dashboard status polling caused plugin to reinitialize every 60s → each reload spawned a new Gemini Chromium instance → RAM/CPU OOM loop
+- **behavior:** First load after gateway start: sequential profile restore runs once. All subsequent hot-reloads: skip restore, reuse existing in-memory contexts
+
 ### v1.3.4
 - **feat:** Safe sequential session restore on startup — if a saved profile exists, providers are reconnected automatically after gateway restart (one at a time, 3s delay between each, headless)
 - **fix:** No manual `/xxx-login` needed after reboot if profile is already saved
@@ -340,7 +414,7 @@ No CLI binaries required — just authenticated browser sessions.
 - **feat:** `web-chatgpt/*` models: gpt-4o, gpt-4o-mini, gpt-o3, gpt-o4-mini, gpt-5
 - **feat:** `/chatgpt-login`, `/chatgpt-status`, `/chatgpt-logout` + cookie-expiry tracking
 - **feat:** All 4 providers headless: Grok ✅ Claude ✅ Gemini ✅ ChatGPT ✅
-- **test:** 96/96 tests green (8 test files)
+- **test:** 96/83 tests green (8 test files)
 - **fix:** Singleton CDP connection, cleanupBrowsers() on plugin stop
 
 ### v0.2.30