@elvatis_com/openclaw-cli-bridge-elvatis 1.9.1 → 2.1.1

package/.ai/handoff/NEXT_ACTIONS.md

@@ -7,7 +7,7 @@ _Last updated: 2026-03-13_
 
 | Status  | Count |
 |---------|-------|
-| Done    | 13    |
+| Done    | 16    |
 | Ready   | 0     |
 | Blocked | 0     |
 <!-- /SECTION: summary -->
@@ -30,6 +30,9 @@ _No blocked tasks._
 
 | Task  | Title                                                              | Date       |
 |-------|--------------------------------------------------------------------|------------|
+| T-016 | Issue #2: Codex auth auto-import into agent auth store            | 2026-03-19 |
+| T-015 | Issue #4: Background session mgmt with workdir isolation          | 2026-03-19 |
+| T-014 | Issue #6: Workdir isolation (createIsolatedWorkdir, cleanup, sweep) | 2026-03-19 |
 | T-013 | Fix cookie expiry tracking — longest-lived auth cookie (all 4)    | 2026-03-13 |
 | T-012 | Persistent browser fallback for Claude/Gemini/ChatGPT (no CDP)    | 2026-03-12 |
 | T-011 | Session-safe staged model switching (/cli-apply, /cli-pending)     | 2026-03-11 |

package/.ai/handoff/STATUS.md

@@ -1,55 +1,60 @@
 # STATUS — openclaw-cli-bridge-elvatis
 
-## Current Version: 1.7.3
+## Current Version: 2.1.0
 
-## All 4 Providers Available — persistent Chromium profiles
-| Provider | Status | Models | Login Cmd | Cookie Expiry |
-|---|---|---|---|---|
-| Grok | ✅ | web-grok/grok-3, grok-3-fast, grok-3-mini, grok-3-mini-fast | /grok-login | ~178d |
-| Gemini | ✅ | web-gemini/gemini-2-5-pro, gemini-2-5-flash, gemini-3-pro, gemini-3-flash | /gemini-login | ~398d |
-| Claude.ai | ✅ | web-claude/claude-sonnet, claude-opus, claude-haiku | /claude-login | ~364d |
-| ChatGPT | ✅ | web-chatgpt/gpt-4o, gpt-4o-mini, gpt-4.1, o3, o4-mini, gpt-5, gpt-5-mini | /chatgpt-login | ~6d (re-run /chatgpt-login to refresh) |
+- **npm:** @elvatis_com/openclaw-cli-bridge-elvatis (not yet published to npm)
+- **ClawHub:** openclaw-cli-bridge-elvatis@1.9.2
+- **GitHub:** https://github.com/elvatis/openclaw-cli-bridge-elvatis/releases/tag/v1.9.2
+
+## CLI Model Token Limits (corrected in v1.9.2)
+| Model | Context Window | Max Output |
+|---|---|---|
+| Claude Opus 4.6 (CLI) | 1,000,000 | 128,000 |
+| Claude Sonnet 4.6 (CLI) | 1,000,000 | 64,000 |
+| Claude Haiku 4.5 (CLI) | 200,000 | 64,000 |
+| Gemini 2.5 Pro (CLI) | 1,048,576 | 65,535 |
+| Gemini 2.5 Flash (CLI) | 1,048,576 | 65,535 |
+| Gemini 3 Pro Preview (CLI) | 1,048,576 | 65,536 |
+| Gemini 3 Flash Preview (CLI) | 1,048,576 | 65,536 |
+
+## Architecture
+- **Proxy server:** `http://127.0.0.1:31337/v1` (OpenAI-compatible)
+- **OpenClaw connects via** `vllm` provider with `api: openai-completions`
+- **CLI models** (`cli-claude/*`, `cli-gemini/*`): plain text completions only — NO tool/function call support
+- **Web-session models** (`web-grok/*`, `web-gemini/*`): browser-based, require `/xxx-login`
+- **Codex models** (`openai-codex/*`): OAuth auth bridge
+- **BitNet** (`local-bitnet/*`): local CPU inference
+
+## Tool Support Limitation
+CLI models explicitly reject tool/function call requests (HTTP 400):
+```
+Model cli-claude/claude-opus-4-6 does not support tool/function calls.
+Use a native API model (e.g. github-copilot/gpt-5-mini) for agents that need tools.
+```
+This is by design — CLI tools output plain text only.
+
+## All 4 Browser Providers
+| Provider | Models | Login Cmd | Profile Dir |
+|---|---|---|---|
+| Grok | web-grok/grok-3, grok-3-fast, grok-3-mini, grok-3-mini-fast | /grok-login | ~/.openclaw/grok-profile/ |
+| Gemini | web-gemini/gemini-2-5-pro, gemini-2-5-flash, gemini-3-pro, gemini-3-flash | /gemini-login | ~/.openclaw/gemini-profile/ |
+| Claude | web-claude/* (removed in v1.6.x) | /claude-login | ~/.openclaw/claude-profile/ |
+| ChatGPT | web-chatgpt/* (removed in v1.6.x) | /chatgpt-login | ~/.openclaw/chatgpt-profile/ |
 
 ## Stats
-- 22 total models (6 CLI + 16 web-session)
-- 96/96 tests green (8 test files)
-- All 4 providers use launchPersistentContext — sessions survive gateway restarts
-- /bridge-status shows cookie-based status (independent of in-memory context)
-
-## Architecture: Browser Lifecycle
-- **Profile dirs:** `~/.openclaw/{grok,gemini,claude,chatgpt}-profile/`
-- **On plugin start:** startup restore attempts headless reconnect from saved profiles (5s delay)
-- **On /xxx-login:** headed browser, user logs in, cookies baked to profile automatically
-- **On request (no in-memory ctx):** proxy lazy-launches persistent context on first request
-- **On /xxx-logout:** closes context + deletes profile + clears expiry file
-- **bridge-status:** uses cookie expiry files as source of truth (not in-memory state)
-  - ✅ active — browser connected and verified
-  - 🟡 logged in, browser not loaded — cookies valid, lazy-loads on first request
-  - 🔴 session expired — needs /xxx-login
-  - ⚪ never logged in
-
-## Cookie Expiry Tracking (fixed in v1.7.3)
-All 4 providers now track the **longest-lived** auth cookie instead of the shortest:
-- Claude: `sessionKey` (~1 year) — was `__cf_bm` (Cloudflare, ~30 min) causing false alerts
-- ChatGPT: longest of `__Secure-next-auth.session-token` / `_puid` / `oai-did`
-- Gemini: longest of `__Secure-1PSID` / `__Secure-3PSID` / `SID`
-- Grok: longest of `sso` / `sso-rw`
-
-## Release History
-- v1.7.3 (2026-03-13): Fix cookie expiry tracking — use longest-lived auth cookie for all 4 providers
-- v1.7.2 (2026-03-13): Cookie-first startup restore (skip fragile browser selector check)
-- v1.7.1 (2026-03-13): /status HTML dashboard at :31337
-- v1.7.0 (2026-03-13): Startup restore timeout fix, auto-relogin, keep-alive verification, vitest suite
-- v1.6.1 (2026-03-13): Fix /bridge-status — use cookie expiry as source of truth
-- v1.6.0 (2026-03-13): Persistent Chromium profiles for all 4 providers (Claude web + ChatGPT)
-- v1.5.1 (2026-03-12): Fix hardcoded plugin version
-- v1.5.0 (2026-03-12): Remove /claude-login and /chatgpt-login (pre-v1.6.0 interim)
-- v1.4.0 (2026-03-12): Persistent browser fallback for Claude/Gemini/ChatGPT (no CDP required)
-- v1.3.5 (2026-03-12): Startup restore guard (SIGUSR1 OOM fix)
-- v1.3.0 (2026-03-11): Browser auto-reconnect after gateway restart
-- v1.0.0 (2026-03-11): All 4 providers headless — 96/96 tests
-
-## Next Steps
-- /chatgpt-login should be re-run soon (~6d left on _puid cookie)
-- Gemini model switching via UI (2.5 Pro vs Flash vs 3)
-- Context-window management for long conversations
+- 22+ total models (7 CLI + 5 Codex + 4 Grok + 4 Gemini + 1 BitNet)
+- Persistent Chromium profiles survive gateway restarts
+- /bridge-status shows cookie-based status
+
+## Release History (recent)
+- v2.1.0 (2026-03-19): Issue #6 workdir isolation, Issue #4 session mgmt enhancements, Issue #2 codex auth auto-import
+- v2.0.0: Major version bump
+- v1.9.2 (2026-03-15): Fix maxTokens/contextWindow for all CLI_MODELS (were 8192, now correct per vendor specs)
+- v1.9.1: Previous stable
+- v1.7.3 (2026-03-13): Fix cookie expiry tracking
+- v1.7.0 (2026-03-13): Startup restore timeout fix, auto-relogin, vitest suite
+- v1.6.0 (2026-03-13): Persistent Chromium profiles for all 4 providers
+
+## Known Issues
+- CLI models cannot do tool calls (by design — plain text proxy)
+- Opus via CLI proxy may halluzinate XML tool-call tags when maxTokens was too low (fixed in v1.9.2)

package/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,19 @@
+---
+name: Bug Report
+about: Report a bug to help us improve
+labels: bug
+---
+
+**Describe the bug**
+A clear description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce:
+1. ...
+2. ...
+
+**Expected behavior**
+What you expected to happen.
+
+**Additional context**
+Any other context about the problem.

package/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,14 @@
+---
+name: Feature Request
+about: Suggest an idea for this project
+labels: enhancement
+---
+
+**Is your feature request related to a problem?**
+Describe the problem.
+
+**Describe the solution you'd like**
+What you want to happen.
+
+**Additional context**
+Any other context or screenshots.

package/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,11 @@
+## Summary
+
+Describe the change and why it is needed.
+
+Closes #
+
+## Checklist
+
+- [ ] Tests pass (if applicable)
+- [ ] Documentation updated if behavior changes
+- [ ] No secrets in the commit history

package/.github/dependabot.yml

@@ -0,0 +1,11 @@
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    open-pull-requests-limit: 5
+    labels:
+      - "dependencies"
+

package/.github/workflows/auto-publish.yml

@@ -0,0 +1,68 @@
+name: Auto-Publish (npm + ClawHub)
+
+on:
+  release:
+    types: [published]
+
+permissions:
+  contents: read
+
+jobs:
+  publish-npm:
+    name: Publish to npm
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          registry-url: "https://registry.npmjs.org"
+
+      - run: npm ci --ignore-scripts
+
+      - name: Build (if script exists)
+        run: npm run build --if-present || true
+
+      - name: Verify version matches tag
+        run: |
+          PKG_VERSION=$(node -p "require('./package.json').version")
+          TAG_VERSION="${GITHUB_REF_NAME#v}"
+          if [ "$PKG_VERSION" != "$TAG_VERSION" ]; then
+            echo "::error::package.json version ($PKG_VERSION) != tag ($TAG_VERSION)"
+            exit 1
+          fi
+
+      - name: Publish to npm
+        run: npm publish --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+  publish-clawhub:
+    name: Publish to ClawHub
+    runs-on: ubuntu-latest
+    needs: publish-npm
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+
+      - run: npm install -g clawhub
+
+      - name: Authenticate and publish
+        run: |
+          SLUG=$(node -p "require('./package.json').name.replace('@elvatis_com/', '')")
+          VERSION=$(node -p "require('./package.json').version")
+          TMPDIR=$(mktemp -d)/$SLUG
+          mkdir -p "$TMPDIR"
+          rsync -a --exclude=node_modules --exclude=.git --exclude=dist --exclude=package-lock.json --exclude=.github ./ "$TMPDIR/"
+          clawhub login --token "$CLAWHUB_TOKEN" --no-browser
+          clawhub publish "$TMPDIR" --slug "$SLUG" --version "$VERSION"
+          rm -rf "$(dirname $TMPDIR)"
+        env:
+          CLAWHUB_TOKEN: ${{ secrets.CLAWHUB_TOKEN }}
+

package/.github/workflows/codeql.yml

@@ -0,0 +1,40 @@
+name: "CodeQL"
+on:
+  push:
+    branches: [main, master]
+  pull_request:
+    branches: [main, master]
+  schedule:
+    - cron: "0 4 * * 1"
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ["javascript-typescript"]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v3
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{ matrix.language }}"
+

package/CODE_OF_CONDUCT.md

@@ -0,0 +1,38 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment:
+
+- Using welcoming and inclusive language
+- Being respectful of differing viewpoints and experiences
+- Gracefully accepting constructive criticism
+- Focusing on what is best for the community
+- Showing empathy towards other community members
+
+Examples of unacceptable behavior:
+
+- The use of sexualized language or imagery and unwelcome sexual attention
+- Trolling, insulting or derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information without explicit permission
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the project team at **conduct@elvatis.com**. All complaints will
+be reviewed and investigated promptly and fairly.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org),
+version 2.1, available at https://www.contributor-covenant.org/version/2/1/code_of_conduct/

package/CONTRIBUTING.md

@@ -1,116 +1,23 @@
-# Contributing & Release Checklist
+# Contributing
 
-## 🚨 Pflicht-Workflow vor jedem Release
+Thanks for your interest in contributing!
 
-**Kein Publish ohne erfolgreichen `/bridge-status` Test!**
+## Getting Started
 
-### 1. Lint + Build
+1. Fork the repository and create a feature branch from `main`.
+2. Install dependencies (if applicable): `npm ci`
+3. Run tests (if applicable): `npm test`
+4. Keep changes focused and small.
 
-```bash
-npm run lint    # ESLint — 0 errors required, warnings ok
-npm run build   # Exit 0 erwartet — TS-Fehler sind ok (--noEmitOnError false), aber Exit != 0 blockiert
-```
+## Pull Request Process
 
-### 2. Gateway neu starten
+1. Open a Pull Request against `main` with a clear description.
+2. Link any relevant issues.
+3. Ensure tests pass and documentation is updated.
 
-```bash
-openclaw gateway restart
-# oder via Chat: gateway restart
-```
+## Code Style
 
-### 3. Smoke Tests (alle müssen grün sein)
+- Follow existing patterns in the codebase.
+- No em dashes in comments or documentation.
 
-```
-/bridge-status     → Grok ✅ + Gemini ✅ (beide connected, nicht "not connected")
-/cli-test          → CLI bridge OK, Latency < 10s
-/grok-status       → valid (Cookie-Expiry prüfen)
-/gemini-status     → valid (Cookie-Expiry prüfen)
-```
-
-**Erst wenn alle Tests grün sind → publishen!**
-
-### 4. Publish (Reihenfolge einhalten)
-
-```bash
-# 1. Version bump in package.json + openclaw.plugin.json (beide!)
-# 2. Git commit + tag
-git add package.json openclaw.plugin.json
-git commit -m "chore: bump to vX.Y.Z — <kurze Beschreibung>"
-git tag vX.Y.Z
-git push origin main vX.Y.Z
-
-# 3. GitHub Release erstellen (Tag ≠ Release!)
-gh release create vX.Y.Z --title "vX.Y.Z — <Titel>" --notes "<Notes>" --latest
-
-# 4. npm publish
-npm publish --access public
-
-# 5. ClawHub publish (aus tmp-Dir, nicht direkt aus Repo)
-TMPDIR=$(mktemp -d)
-rsync -a --exclude='node_modules' --exclude='.git' --exclude='dist' \
-  --exclude='package-lock.json' --exclude='test' ./ "$TMPDIR/"
-clawhub publish "$TMPDIR" --slug openclaw-cli-bridge-elvatis --version X.Y.Z \
-  --tags "latest" --changelog "<Changelog>"
-```
-
-> ⚠️ **ClawHub Bug (CLI v0.7.0):** `acceptLicenseTerms: invalid value` — Workaround: `publish.js` vor dem Publish patchen und danach zurücksetzen. Details in AGENTS.md / MEMORY.md des Workspaces.
-
----
-
-## Versionsstellen — alle prüfen vor Release
-
-```bash
-grep -rn "X\.Y\.Z\|version" \
-  --include="*.md" --include="*.json" \
-  --exclude-dir=node_modules --exclude-dir=dist --exclude-dir=.git \
-  | grep -i "version"
-```
-
-Typische Stellen:
-- `package.json` → `"version": "..."` (Hauptquelle — `index.ts` liest automatisch daraus)
-- `openclaw.plugin.json` → `"version": "..."`
-- `README.md` → `**Current version:** ...` (falls vorhanden)
-
-> **Seit v1.9.0:** `index.ts` liest die Version automatisch aus `package.json` — kein manuelles Sync mehr nötig für die Runtime-Version.
-
----
-
-## Breaking Changes
-
-Bei Breaking Changes (Major oder entfernte Commands):
-- Version-Bump auf nächste **Minor** (z.B. 1.4.x → 1.5.0)
-- GitHub Release Notes: `## ⚠️ Breaking Change` Sektion
-- README Changelog: Was wurde entfernt + warum
-- `/bridge-status` muss die entfernten Provider NICHT mehr zeigen
-
----
-
-## TS-Build-Fehler
-
-Die folgenden TS-Fehler sind bekannt und ignorierbar (kein Runtime-Problem):
-- `TS2307: Cannot find module 'openclaw/plugin-sdk'` — Typ-Deklarationen fehlen in npm-Paket
-- `TS2339: Property 'handler' does not exist on type 'unknown'` — folgt aus TS2307
-- `TS7006: Parameter implicitly has 'any' type` — minor, kein Effekt
-
-Build läuft mit `--noEmitOnError false` durch. `npm run build` → Exit 0 ist das Kriterium, nicht null TS-Fehler.
-
----
-
-## Cookie Expiry Store (seit v1.9.0)
-
-Cookie-Expiry-Daten werden jetzt in **einer** Datei gespeichert:
-- `~/.openclaw/cookie-expiry.json` — enthält alle 4 Provider (grok, gemini, claude, chatgpt)
-
-Legacy-Dateien (`grok-cookie-expiry.json`, `gemini-cookie-expiry.json`, etc.) werden beim ersten Start automatisch migriert und gelöscht.
-
----
-
-## Model Fallback Chain (seit v1.9.0)
-
-Wenn ein CLI-Modell fehlschlägt (Timeout, Fehler), wird automatisch ein leichteres Modell versucht:
-- `gemini-2.5-pro` → `gemini-2.5-flash`
-- `gemini-3-pro-preview` → `gemini-3-flash-preview`
-- `claude-opus-4-6` → `claude-sonnet-4-6`
-- `claude-sonnet-4-6` → `claude-haiku-4-5`
-
-Die Response enthält das tatsächlich verwendete Modell im `model`-Feld.
+For major changes, open an issue first to discuss design and scope.