@elvatis_com/openclaw-cli-bridge-elvatis 3.1.2 → 3.3.0

package/README.md

@@ -2,7 +2,7 @@
 
 > OpenClaw plugin that bridges locally installed AI CLIs (Codex, Gemini, Claude Code, OpenCode, Pi) as model providers — with slash commands for instant model switching, restore, health testing, and model listing.
 
-**Current version:** `3.1.2`
+**Current version:** `3.3.0`
 
 ---
 
@@ -406,6 +406,16 @@ npm run ci          # lint + typecheck + test
 
 ## Changelog
 
+### v3.3.0
+- **feat:** session resume for ALL CLI providers — Claude, Gemini, and Codex all now use persistent sessions with `--resume`. Unified session registry at `~/.openclaw/cli-bridge/cli-sessions.json`.
+- **feat:** auto-rotation: sessions expire after 2 hours OR 50 requests (whichever first) to prevent context bloat
+- **feat:** per-provider debug logging: `[GEMINI]`, `[CODEX]` categories with session state
+
+### v3.2.0
+- **feat:** Claude session resume — persistent sessions eliminate the 20KB prompt replay that caused Sonnet to hang. First request creates a session (`--session-id`), subsequent requests resume it (`--resume`). Claude keeps the conversation context; the bridge only sends the new message.
+- **feat:** session registry persisted to `~/.openclaw/cli-bridge/claude-sessions.json` — survives gateway restarts, auto-expires after 2 hours of inactivity
+- **feat:** auto-recovery: corrupted/expired sessions are detected and recreated transparently
+
 ### v3.1.2
 - **fix:** fallback models returning text instead of tool_calls in a tool loop now trigger the next model in the chain. Previously Haiku would say "Lass mich das starten:" as text but never call a tool — conversation died.
 - **feat:** `[FALLBACK-NO-TOOLS]` debug log category for tool-format violations

package/SKILL.md

@@ -68,4 +68,4 @@ On gateway restart, if any session has expired, a **WhatsApp alert** is sent aut
 
 See `README.md` for full configuration reference and architecture diagram.
 
-**Version:** 3.1.2
+**Version:** 3.3.0

package/openclaw.plugin.json

@@ -2,7 +2,7 @@
   "id": "openclaw-cli-bridge-elvatis",
   "slug": "openclaw-cli-bridge-elvatis",
   "name": "OpenClaw CLI Bridge",
-  "version": "3.1.2",
+  "version": "3.3.0",
   "license": "MIT",
   "description": "Phase 1: openai-codex auth bridge. Phase 2: local HTTP proxy routing model calls through gemini/claude CLIs (vllm provider).",
   "providers": [

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@elvatis_com/openclaw-cli-bridge-elvatis",
-  "version": "3.1.2",
+  "version": "3.3.0",
   "description": "Bridges gemini, claude, and codex CLI tools as OpenClaw model providers. Reads existing CLI auth without re-login.",
   "type": "module",
   "openclaw": {

package/src/cli-runner.ts

@@ -18,9 +18,9 @@
 
 import { spawn, execSync } from "node:child_process";
 import { tmpdir, homedir } from "node:os";
-import { existsSync, writeFileSync, unlinkSync, mkdirSync } from "node:fs";
+import { existsSync, writeFileSync, unlinkSync, mkdirSync, readFileSync } from "node:fs";
 import { join } from "node:path";
-import { randomBytes } from "node:crypto";
+import { randomBytes, randomUUID } from "node:crypto";
 import { ensureClaudeToken, refreshClaudeToken } from "./claude-auth.js";
 import {
   type ToolDefinition,
@@ -503,18 +503,26 @@ export async function runGemini(
   opts?: { tools?: ToolDefinition[]; log?: (msg: string) => void }
 ): Promise<string> {
   const model = stripPrefix(modelId);
+  const session = getOrCreateSession("gemini", model);
+  const isResume = session.requestCount > 0;
+
   // -p "" = headless mode trigger; actual prompt arrives via stdin
   // --approval-mode yolo: auto-approve all tool executions, never ask questions
   const args = ["-m", model, "-p", "", "--approval-mode", "yolo"];
+  if (isResume) {
+    args.push("--resume", session.sessionId);
+  }
   const cwd = workdir ?? tmpdir();
 
   // When tools are present, sandwich the conversation between tool instructions.
-  // The reminder at the end ensures models (especially Haiku) remember the JSON format
-  // after processing a long conversation history.
   const effectivePrompt = opts?.tools?.length
     ? buildToolPromptBlock(opts.tools) + "\n\n" + prompt + "\n\nREMINDER: You MUST respond with ONLY valid JSON — either {\"tool_calls\":[...]} or {\"content\":\"...\"}. Nothing else."
     : prompt;
 
+  debugLog("GEMINI", `${isResume ? "resume" : "new"} ${model} session=${session.sessionId.slice(0, 8)}`, {
+    promptLen: effectivePrompt.length, requestCount: session.requestCount,
+  });
+
   const result = await runCli("gemini", args, effectivePrompt, timeoutMs, { cwd, log: opts?.log });
 
   // Filter out [WARN] lines from stderr (Gemini emits noisy permission warnings)
@@ -525,9 +533,14 @@ export async function runGemini(
     .trim();
 
   if (result.exitCode !== 0 && result.stdout.length === 0) {
+    // Session might be invalid — invalidate and let next request create a fresh one
+    if (cleanStderr.includes("session") || cleanStderr.includes("resume") || cleanStderr.includes("not found")) {
+      invalidateSession(model);
+    }
     throw new Error(`gemini exited ${result.exitCode}: ${annotateExitError(result.exitCode, cleanStderr, result.timedOut, modelId)}`);
   }
 
+  recordSessionSuccess(model);
   return result.stdout || cleanStderr;
 }
 
@@ -535,10 +548,89 @@ export async function runGemini(
 // Claude Code CLI
 // ──────────────────────────────────────────────────────────────────────────────
 
+// ── Claude session registry ─────────────────────────────────────────────────
+// Persistent sessions avoid re-sending the full 20KB prompt on every request.
+// First call creates a session; subsequent calls resume it with just the new message.
+
+// ── Generic CLI session registry ────────────────────────────────────────────
+// Shared by Claude, Gemini, and Codex — persistent sessions avoid replaying
+// the full conversation on every request.
+
+const CLI_SESSIONS_FILE = join(homedir(), ".openclaw", "cli-bridge", "cli-sessions.json");
+const SESSION_TTL = 2 * 60 * 60 * 1000; // 2 hours
+const SESSION_MAX_REQUESTS = 50;
+
+interface CliSessionEntry {
+  sessionId: string;
+  provider: string; // "claude" | "gemini" | "codex"
+  model: string;
+  createdAt: number;
+  lastUsedAt: number;
+  requestCount: number;
+}
+
+const cliSessions = new Map<string, CliSessionEntry>();
+let sessionsLoaded = false;
+
+function loadCliSessions(): void {
+  if (sessionsLoaded) return;
+  sessionsLoaded = true;
+  try {
+    const data = JSON.parse(readFileSync(CLI_SESSIONS_FILE, "utf8"));
+    if (Array.isArray(data.sessions)) {
+      for (const s of data.sessions) cliSessions.set(s.model, s);
+    }
+  } catch { /* no sessions file yet */ }
+}
+
+function saveCliSessions(): void {
+  try {
+    mkdirSync(join(homedir(), ".openclaw", "cli-bridge"), { recursive: true });
+    writeFileSync(CLI_SESSIONS_FILE, JSON.stringify({
+      version: 1,
+      sessions: [...cliSessions.values()],
+    }, null, 2));
+  } catch { /* best effort */ }
+}
+
+function getOrCreateSession(provider: string, model: string): CliSessionEntry {
+  loadCliSessions();
+  const existing = cliSessions.get(model);
+  if (existing && (Date.now() - existing.lastUsedAt) < SESSION_TTL && existing.requestCount < SESSION_MAX_REQUESTS) {
+    return existing;
+  }
+  if (existing) {
+    debugLog("SESSION", `${provider} session ${existing.sessionId.slice(0, 8)} expired`, { reason: existing.requestCount >= SESSION_MAX_REQUESTS ? "max_requests" : "ttl", requestCount: existing.requestCount });
+  }
+  const entry: CliSessionEntry = {
+    sessionId: randomUUID(),
+    provider,
+    model,
+    createdAt: Date.now(),
+    lastUsedAt: Date.now(),
+    requestCount: 0,
+  };
+  cliSessions.set(model, entry);
+  saveCliSessions();
+  return entry;
+}
+
+function recordSessionSuccess(model: string): void {
+  const s = cliSessions.get(model);
+  if (s) { s.requestCount++; s.lastUsedAt = Date.now(); saveCliSessions(); }
+}
+
+function invalidateSession(model: string): void {
+  cliSessions.delete(model);
+  saveCliSessions();
+}
+
 /**
- * Run Claude Code CLI in headless mode with prompt delivered via stdin.
- * Strips the model prefix ("cli-claude/claude-opus-4-6" → "claude-opus-4-6").
- * cwd = homedir() by default. Override with explicit workdir.
+ * Run Claude Code CLI in headless mode with session resume.
+ *
+ * First request: creates a new session with --session-id.
+ * Subsequent requests: --resume <session-id> with only the new message.
+ * This eliminates the 20KB prompt replay that causes Sonnet to hang.
  */
 export async function runClaude(
   prompt: string,
@@ -547,13 +639,12 @@ export async function runClaude(
   workdir?: string,
   opts?: { tools?: ToolDefinition[]; log?: (msg: string) => void }
 ): Promise<string> {
-  // Proactively refresh OAuth token if it's about to expire (< 5 min remaining).
-  // No-op for API-key users.
   await ensureClaudeToken();
 
   const model = stripPrefix(modelId);
-  // Always use bypassPermissions to ensure fully autonomous execution (never asks questions).
-  // Use text output for all cases — JSON schema is unreliable with Claude Code's system prompt.
+  const session = getOrCreateSession("claude", model);
+  const isResume = session.requestCount > 0;
+
   const args: string[] = [
     "-p",
     "--output-format", "text",
@@ -562,44 +653,77 @@ export async function runClaude(
     "--model", model,
   ];
 
+  if (isResume) {
+    args.push("--resume", session.sessionId);
+  } else {
+    args.push("--session-id", session.sessionId);
+  }
+
   // When tools are present, sandwich the conversation between tool instructions.
-  // The reminder at the end ensures models (especially Haiku) remember the JSON format
-  // after processing a long conversation history.
+  // On resume: only send the last user message (Claude has the full history).
+  // On first request: send the full prompt with tool block.
   const effectivePrompt = opts?.tools?.length
     ? buildToolPromptBlock(opts.tools) + "\n\n" + prompt + "\n\nREMINDER: You MUST respond with ONLY valid JSON — either {\"tool_calls\":[...]} or {\"content\":\"...\"}. Nothing else."
     : prompt;
 
   const cwd = workdir ?? homedir();
-  debugLog("CLAUDE", `spawn ${model}`, { promptLen: effectivePrompt.length, promptKB: Math.round(effectivePrompt.length / 1024), cwd, timeoutMs: Math.round(timeoutMs / 1000) });
+  debugLog("CLAUDE", `${isResume ? "resume" : "new"} ${model} session=${session.sessionId.slice(0, 8)}`, {
+    promptLen: effectivePrompt.length, promptKB: Math.round(effectivePrompt.length / 1024),
+    requestCount: session.requestCount, cwd, timeoutMs: Math.round(timeoutMs / 1000),
+  });
+
   const result = await runCli("claude", args, effectivePrompt, timeoutMs, { cwd, log: opts?.log });
 
-  // On 401: attempt one token refresh + retry before giving up.
-  if (result.exitCode !== 0 && result.stdout.length === 0) {
-    // If this was a timeout, don't bother with auth retry — it's a supervisor kill, not a 401.
-    if (result.timedOut) {
-      throw new Error(`claude exited ${result.exitCode}: ${annotateExitError(result.exitCode, result.stderr, true, modelId)}`);
+  // Session succeeded — update registry
+  if (result.exitCode === 0 || result.stdout.length > 0) {
+    recordSessionSuccess(model);
+    return result.stdout;
+  }
+
+  // Session failed — check if it's a timeout or auth issue
+  if (result.timedOut) {
+    // Don't invalidate session on timeout — it's still valid, just slow
+    recordSessionSuccess(model); // keep session alive
+    throw new Error(`claude exited ${result.exitCode}: ${annotateExitError(result.exitCode, result.stderr, true, modelId)}`);
+  }
+
+  const stderr = result.stderr || "(no output)";
+
+  // Session might be corrupted or expired — invalidate and retry with a fresh session
+  if (stderr.includes("session") || stderr.includes("resume") || stderr.includes("not found")) {
+    debugLog("CLAUDE", `session ${session.sessionId.slice(0, 8)} invalid, creating fresh`, { error: stderr.slice(0, 100) });
+    invalidateSession(model);
+    // Retry once with a fresh session
+    const freshSession = getOrCreateSession("claude", model);
+    const freshArgs = [
+      "-p", "--output-format", "text",
+      "--permission-mode", "bypassPermissions", "--dangerously-skip-permissions",
+      "--model", model, "--session-id", freshSession.sessionId,
+    ];
+    const retry = await runCli("claude", freshArgs, effectivePrompt, timeoutMs, { cwd, log: opts?.log });
+    if (retry.exitCode === 0 || retry.stdout.length > 0) {
+      recordSessionSuccess(model);
+      return retry.stdout;
     }
-    const stderr = result.stderr || "(no output)";
-    if (stderr.includes("401") || stderr.includes("Invalid authentication credentials") || stderr.includes("authentication_error")) {
-      // Refresh and retry once
-      await refreshClaudeToken();
-      const retry = await runCli("claude", args, effectivePrompt, timeoutMs, { cwd, log: opts?.log });
-      if (retry.exitCode !== 0 && retry.stdout.length === 0) {
-        const retryStderr = retry.stderr || "(no output)";
-        if (retryStderr.includes("401") || retryStderr.includes("authentication_error") || retryStderr.includes("Invalid authentication credentials")) {
-          throw new Error(
-            "Claude CLI OAuth token refresh failed. " +
-            "Re-login required: run `claude auth logout && claude auth login` in a terminal."
-          );
-        }
-        throw new Error(`claude exited ${retry.exitCode} (after token refresh): ${retryStderr}`);
-      }
+    throw new Error(`claude exited ${retry.exitCode}: ${annotateExitError(retry.exitCode, retry.stderr || "(no output)", false, modelId)}`);
+  }
+
+  // Auth failure — refresh token and retry
+  if (stderr.includes("401") || stderr.includes("Invalid authentication credentials") || stderr.includes("authentication_error")) {
+    await refreshClaudeToken();
+    const retry = await runCli("claude", args, effectivePrompt, timeoutMs, { cwd, log: opts?.log });
+    if (retry.exitCode === 0 || retry.stdout.length > 0) {
+      recordSessionSuccess(model);
       return retry.stdout;
     }
-    throw new Error(`claude exited ${result.exitCode}: ${annotateExitError(result.exitCode, stderr, false, modelId)}`);
+    const retryStderr = retry.stderr || "(no output)";
+    if (retryStderr.includes("401") || retryStderr.includes("authentication_error")) {
+      throw new Error("Claude CLI OAuth token refresh failed. Re-login required: run `claude auth logout && claude auth login`.");
+    }
+    throw new Error(`claude exited ${retry.exitCode} (after token refresh): ${retryStderr}`);
   }
 
-  return result.stdout;
+  throw new Error(`claude exited ${result.exitCode}: ${annotateExitError(result.exitCode, stderr, false, modelId)}`);
 }
 
 // ──────────────────────────────────────────────────────────────────────────────
@@ -629,7 +753,13 @@ export async function runCodex(
   opts?: { tools?: ToolDefinition[]; mediaFiles?: MediaFile[]; log?: (msg: string) => void }
 ): Promise<string> {
   const model = stripPrefix(modelId);
-  const args = ["exec", "--model", model, "--full-auto"];
+  const session = getOrCreateSession("codex", model);
+  const isResume = session.requestCount > 0;
+
+  // Codex uses "exec resume <session-id>" for resume, "exec" for new
+  const args = isResume
+    ? ["exec", "resume", session.sessionId, "--model", model, "--full-auto"]
+    : ["exec", "--model", model, "--full-auto"];
 
   // Codex supports native image input via -i flag
   if (opts?.mediaFiles?.length) {
@@ -641,23 +771,24 @@ export async function runCodex(
   }
 
   const cwd = workdir ?? homedir();
-
-  // Codex requires a git repo in the working directory
   ensureGitRepo(cwd);
 
-  // When tools are present, sandwich the conversation between tool instructions.
-  // The reminder at the end ensures models (especially Haiku) remember the JSON format
-  // after processing a long conversation history.
   const effectivePrompt = opts?.tools?.length
     ? buildToolPromptBlock(opts.tools) + "\n\n" + prompt + "\n\nREMINDER: You MUST respond with ONLY valid JSON — either {\"tool_calls\":[...]} or {\"content\":\"...\"}. Nothing else."
     : prompt;
 
+  debugLog("CODEX", `${isResume ? "resume" : "new"} ${model} session=${session.sessionId.slice(0, 8)}`, {
+    promptLen: effectivePrompt.length, requestCount: session.requestCount,
+  });
+
   const result = await runCli("codex", args, effectivePrompt, timeoutMs, { cwd, log: opts?.log });
 
   if (result.exitCode !== 0 && result.stdout.length === 0) {
+    if (isResume) invalidateSession(model); // session might be stale
     throw new Error(`codex exited ${result.exitCode}: ${annotateExitError(result.exitCode, result.stderr, result.timedOut, modelId)}`);
   }
 
+  recordSessionSuccess(model);
   return result.stdout || result.stderr;
 }