@useorgx/openclaw-plugin 0.4.1 → 0.4.3

package/README.md

@@ -142,9 +142,13 @@ npm run job:dispatch -- \
 
 Key behavior:
 - Pulls tasks from OrgX for selected workstreams
+- Runs `orgx_spawn_check` preflight per task before dispatch
+- Injects required OrgX skill context (for example `orgx-engineering-agent`) into worker prompts
+- Applies the same spawn-guard + skill-policy enforcement to manual launch, restart, and Next Up fallback dispatch paths
 - Spawns parallel Codex workers per task
 - Retries failures with backoff up to `--max_attempts`
 - Emits activity and task status transitions into OrgX DB
+- Auto-creates a blocking decision when a task exhausts retries (disable with `--decision_on_block=false`)
 - Persists resumable state to `.orgx-codex-jobs/<job-id>/job-state.json`
 
 Notes:

package/dist/byok-store.js

@@ -1,14 +1,76 @@
-import { chmodSync, existsSync, mkdirSync, readFileSync, rmSync } from "node:fs";
-import { getOrgxPluginConfigDir, getOrgxPluginConfigPath } from "./paths.js";
+import { chmodSync, existsSync, mkdirSync, readFileSync, statSync } from "node:fs";
+import { join } from "node:path";
+import { getOpenClawDir } from "./paths.js";
 import { backupCorruptFileSync, writeJsonFileAtomicSync } from "./fs-utils.js";
-function configDir() {
-    return getOrgxPluginConfigDir();
+const PROVIDER_PROFILE_MAP = {
+    openaiApiKey: { profileId: "openai-codex", provider: "openai-codex" },
+    anthropicApiKey: { profileId: "anthropic", provider: "anthropic" },
+    openrouterApiKey: { profileId: "openrouter", provider: "openrouter" },
+};
+function isSafePathSegment(value) {
+    const normalized = value.trim();
+    if (!normalized || normalized === "." || normalized === "..")
+        return false;
+    if (normalized.includes("/") || normalized.includes("\\") || normalized.includes("\0")) {
+        return false;
+    }
+    if (normalized.includes(".."))
+        return false;
+    return true;
+}
+function parseJson(value) {
+    try {
+        return JSON.parse(value);
+    }
+    catch {
+        return null;
+    }
 }
-function byokFile() {
-    return getOrgxPluginConfigPath("byok.json");
+function readObject(value) {
+    return value && typeof value === "object" && !Array.isArray(value)
+        ? value
+        : {};
 }
-function ensureConfigDir() {
-    const dir = configDir();
+function resolveDefaultAgentId() {
+    try {
+        const configPath = join(getOpenClawDir(), "openclaw.json");
+        if (!existsSync(configPath))
+            return "main";
+        const raw = parseJson(readFileSync(configPath, "utf8"));
+        const agents = readObject(raw?.agents);
+        const list = Array.isArray(agents.list) ? agents.list : [];
+        for (const entry of list) {
+            if (!entry || typeof entry !== "object")
+                continue;
+            const row = entry;
+            if (row.default !== true)
+                continue;
+            const id = typeof row.id === "string" ? row.id.trim() : "";
+            if (id && isSafePathSegment(id))
+                return id;
+        }
+        for (const entry of list) {
+            if (!entry || typeof entry !== "object")
+                continue;
+            const row = entry;
+            const id = typeof row.id === "string" ? row.id.trim() : "";
+            if (id && isSafePathSegment(id))
+                return id;
+        }
+    }
+    catch {
+        // fall through
+    }
+    return "main";
+}
+function authProfilesDir() {
+    return join(getOpenClawDir(), "agents", resolveDefaultAgentId(), "agent");
+}
+function authProfilesFile() {
+    return join(authProfilesDir(), "auth-profiles.json");
+}
+function ensureAuthProfilesDir() {
+    const dir = authProfilesDir();
     mkdirSync(dir, { recursive: true, mode: 0o700 });
     try {
         chmodSync(dir, 0o700);
@@ -17,12 +79,56 @@ function ensureConfigDir() {
         // best effort
     }
 }
-function parseJson(value) {
+function normalizeAuthProfileEntry(value) {
+    if (!value || typeof value !== "object")
+        return null;
+    const row = value;
+    const type = typeof row.type === "string" ? row.type.trim() : "";
+    const provider = typeof row.provider === "string" ? row.provider.trim() : "";
+    const key = typeof row.key === "string" ? row.key.trim() : "";
+    if (!type || !provider || !key)
+        return null;
+    return { type, provider, key };
+}
+function readAuthProfiles() {
+    const file = authProfilesFile();
     try {
-        return JSON.parse(value);
+        if (!existsSync(file))
+            return { file, parsed: null };
+        const raw = readFileSync(file, "utf8");
+        const parsed = parseJson(raw);
+        if (!parsed || typeof parsed !== "object") {
+            backupCorruptFileSync(file);
+            return { file, parsed: null };
+        }
+        const profilesRaw = parsed.profiles && typeof parsed.profiles === "object"
+            ? parsed.profiles
+            : {};
+        const profiles = {};
+        for (const [profileId, entry] of Object.entries(profilesRaw)) {
+            const normalized = normalizeAuthProfileEntry(entry);
+            if (!normalized)
+                continue;
+            profiles[profileId] = normalized;
+        }
+        return {
+            file,
+            parsed: {
+                version: typeof parsed.version === "number" && Number.isFinite(parsed.version)
+                    ? Math.floor(parsed.version)
+                    : 1,
+                profiles,
+                lastGood: parsed.lastGood && typeof parsed.lastGood === "object"
+                    ? parsed.lastGood
+                    : undefined,
+                usageStats: parsed.usageStats && typeof parsed.usageStats === "object"
+                    ? parsed.usageStats
+                    : undefined,
+            },
+        };
     }
     catch {
-        return null;
+        return { file, parsed: null };
     }
 }
 function normalizeKey(value) {
@@ -33,29 +139,29 @@ function normalizeKey(value) {
         return null;
     return trimmed;
 }
+function findProfileKey(profiles, provider) {
+    const entries = Object.entries(profiles);
+    if (provider === "openai") {
+        const codex = entries.find(([, entry]) => entry.provider === "openai-codex");
+        if (codex)
+            return codex[1].key;
+        const openai = entries.find(([, entry]) => entry.provider === "openai");
+        return openai?.[1].key ?? null;
+    }
+    return entries.find(([, entry]) => entry.provider === provider)?.[1].key ?? null;
+}
 export function readByokKeys() {
-    const file = byokFile();
+    const { file, parsed } = readAuthProfiles();
     try {
-        if (!existsSync(file))
-            return null;
-        const raw = readFileSync(file, "utf8");
-        const parsed = parseJson(raw);
-        if (!parsed) {
-            backupCorruptFileSync(file);
-            return null;
-        }
-        if (!parsed || typeof parsed !== "object")
+        if (!parsed)
             return null;
-        const createdAt = typeof parsed.createdAt === "string" && parsed.createdAt.trim().length > 0
-            ? parsed.createdAt
-            : new Date().toISOString();
-        const updatedAt = typeof parsed.updatedAt === "string" && parsed.updatedAt.trim().length > 0
-            ? parsed.updatedAt
-            : createdAt;
+        const stats = statSync(file);
+        const createdAt = stats.birthtime.toISOString();
+        const updatedAt = stats.mtime.toISOString();
         return {
-            openaiApiKey: normalizeKey(parsed.openaiApiKey) ?? null,
-            anthropicApiKey: normalizeKey(parsed.anthropicApiKey) ?? null,
-            openrouterApiKey: normalizeKey(parsed.openrouterApiKey) ?? null,
+            openaiApiKey: normalizeKey(findProfileKey(parsed.profiles, "openai")) ?? null,
+            anthropicApiKey: normalizeKey(findProfileKey(parsed.profiles, "anthropic")) ?? null,
+            openrouterApiKey: normalizeKey(findProfileKey(parsed.profiles, "openrouter")) ?? null,
             createdAt,
             updatedAt,
         };
@@ -65,33 +171,54 @@ export function readByokKeys() {
     }
 }
 export function writeByokKeys(input) {
-    ensureConfigDir();
-    const now = new Date().toISOString();
-    const existing = readByokKeys();
+    ensureAuthProfilesDir();
+    const existingParsed = readAuthProfiles().parsed;
+    const next = existingParsed ?? {
+        version: 1,
+        profiles: {},
+    };
     const has = (key) => Object.prototype.hasOwnProperty.call(input, key);
-    const next = {
-        openaiApiKey: has("openaiApiKey")
-            ? normalizeKey(input.openaiApiKey)
-            : existing?.openaiApiKey ?? null,
-        anthropicApiKey: has("anthropicApiKey")
-            ? normalizeKey(input.anthropicApiKey)
-            : existing?.anthropicApiKey ?? null,
-        openrouterApiKey: has("openrouterApiKey")
-            ? normalizeKey(input.openrouterApiKey)
-            : existing?.openrouterApiKey ?? null,
-        createdAt: existing?.createdAt ?? now,
-        updatedAt: now,
+    const applyKey = (field, value) => {
+        const mapped = PROVIDER_PROFILE_MAP[field];
+        const normalized = normalizeKey(value);
+        if (normalized) {
+            next.profiles[mapped.profileId] = {
+                type: "api_key",
+                provider: mapped.provider,
+                key: normalized,
+            };
+            return;
+        }
+        delete next.profiles[mapped.profileId];
+        if (next.lastGood)
+            delete next.lastGood[mapped.profileId];
+        if (next.usageStats)
+            delete next.usageStats[mapped.profileId];
     };
-    const file = byokFile();
+    if (has("openaiApiKey"))
+        applyKey("openaiApiKey", input.openaiApiKey);
+    if (has("anthropicApiKey"))
+        applyKey("anthropicApiKey", input.anthropicApiKey);
+    if (has("openrouterApiKey"))
+        applyKey("openrouterApiKey", input.openrouterApiKey);
+    const file = authProfilesFile();
     writeJsonFileAtomicSync(file, next, 0o600);
-    return next;
+    const updated = readByokKeys();
+    if (updated)
+        return updated;
+    const now = new Date().toISOString();
+    return {
+        openaiApiKey: null,
+        anthropicApiKey: null,
+        openrouterApiKey: null,
+        createdAt: now,
+        updatedAt: now,
+    };
 }
 export function clearByokKeys() {
-    const file = byokFile();
-    try {
-        rmSync(file, { force: true });
-    }
-    catch {
-        // best effort
-    }
+    writeByokKeys({
+        openaiApiKey: null,
+        anthropicApiKey: null,
+        openrouterApiKey: null,
+    });
 }

package/dist/gateway-watchdog-runner.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/gateway-watchdog-runner.js

@@ -0,0 +1,6 @@
+import { runGatewayWatchdogDaemon } from "./gateway-watchdog.js";
+void runGatewayWatchdogDaemon().catch((err) => {
+    const message = err instanceof Error ? err.message : String(err);
+    console.error(`[orgx] gateway-watchdog crashed: ${message}`);
+    process.exit(1);
+});

package/dist/gateway-watchdog.d.ts

@@ -0,0 +1,11 @@
+type Logger = {
+    info?: (message: string, meta?: Record<string, unknown>) => void;
+    warn?: (message: string, meta?: Record<string, unknown>) => void;
+    debug?: (message: string, meta?: Record<string, unknown>) => void;
+};
+export declare function runGatewayWatchdogDaemon(logger?: Logger): Promise<void>;
+export declare function ensureGatewayWatchdog(logger: Logger): {
+    started: boolean;
+    pid: number | null;
+};
+export {};

package/dist/gateway-watchdog.js

@@ -0,0 +1,221 @@
+import { existsSync, mkdirSync, readFileSync, rmSync, writeFileSync } from "node:fs";
+import { spawn } from "node:child_process";
+import { join } from "node:path";
+import { fileURLToPath } from "node:url";
+import { getOpenClawDir } from "./paths.js";
+import { readOpenClawGatewayPort, readOpenClawSettingsSnapshot } from "./openclaw-settings.js";
+const DEFAULT_MONITOR_INTERVAL_MS = 30_000;
+const DEFAULT_FAILURES_BEFORE_RESTART = 2;
+const DEFAULT_PROBE_TIMEOUT_MS = 2_500;
+const WATCHDOG_PID_FILE = join(getOpenClawDir(), "orgx-gateway-watchdog.pid");
+function readEnvNumber(name, fallback, min) {
+    const raw = (process.env[name] ?? "").trim();
+    if (!raw)
+        return fallback;
+    const parsed = Number.parseInt(raw, 10);
+    if (!Number.isFinite(parsed) || parsed < min)
+        return fallback;
+    return parsed;
+}
+function isPidAlive(pid) {
+    if (!Number.isFinite(pid) || pid <= 0)
+        return false;
+    try {
+        process.kill(pid, 0);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+function readWatchdogPid() {
+    try {
+        if (!existsSync(WATCHDOG_PID_FILE))
+            return null;
+        const raw = readFileSync(WATCHDOG_PID_FILE, "utf8").trim();
+        const parsed = Number.parseInt(raw, 10);
+        if (!Number.isFinite(parsed) || parsed <= 0)
+            return null;
+        return parsed;
+    }
+    catch {
+        return null;
+    }
+}
+function writeWatchdogPid(pid) {
+    const dir = getOpenClawDir();
+    mkdirSync(dir, { recursive: true, mode: 0o700 });
+    writeFileSync(WATCHDOG_PID_FILE, `${pid}\n`, { mode: 0o600 });
+}
+function clearWatchdogPid() {
+    try {
+        rmSync(WATCHDOG_PID_FILE, { force: true });
+    }
+    catch {
+        // best effort
+    }
+}
+async function runCommandCollect(input) {
+    const timeoutMs = input.timeoutMs ?? 10_000;
+    return await new Promise((resolve, reject) => {
+        const child = spawn(input.command, input.args, {
+            env: process.env,
+            stdio: ["ignore", "pipe", "pipe"],
+        });
+        let stdout = "";
+        let stderr = "";
+        const timer = timeoutMs
+            ? setTimeout(() => {
+                try {
+                    child.kill("SIGKILL");
+                }
+                catch {
+                    // best effort
+                }
+                reject(new Error(`Command timed out after ${timeoutMs}ms`));
+            }, timeoutMs)
+            : null;
+        child.stdout?.on("data", (chunk) => {
+            stdout += chunk.toString("utf8");
+        });
+        child.stderr?.on("data", (chunk) => {
+            stderr += chunk.toString("utf8");
+        });
+        child.on("error", (err) => {
+            if (timer)
+                clearTimeout(timer);
+            reject(err);
+        });
+        child.on("close", (code) => {
+            if (timer)
+                clearTimeout(timer);
+            resolve({ stdout, stderr, exitCode: typeof code === "number" ? code : null });
+        });
+    });
+}
+async function probeGateway(port, timeoutMs) {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), timeoutMs);
+    try {
+        // Any HTTP response (including 404) means the gateway port is reachable.
+        await fetch(`http://127.0.0.1:${port}/`, {
+            method: "GET",
+            signal: controller.signal,
+            headers: {
+                "cache-control": "no-cache",
+            },
+        });
+        return true;
+    }
+    catch {
+        return false;
+    }
+    finally {
+        clearTimeout(timeout);
+    }
+}
+async function restartGateway(logger) {
+    const restart = await runCommandCollect({
+        command: "openclaw",
+        args: ["gateway", "restart", "--json"],
+        timeoutMs: 30_000,
+    });
+    if (restart.exitCode === 0) {
+        logger.warn?.("[orgx] Gateway watchdog restarted OpenClaw gateway service");
+        return;
+    }
+    const start = await runCommandCollect({
+        command: "openclaw",
+        args: ["gateway", "start", "--json"],
+        timeoutMs: 30_000,
+    });
+    if (start.exitCode !== 0) {
+        throw new Error(start.stderr.trim() || restart.stderr.trim() || "Failed to restart gateway");
+    }
+    logger.warn?.("[orgx] Gateway watchdog started OpenClaw gateway service");
+}
+export async function runGatewayWatchdogDaemon(logger = console) {
+    const monitorIntervalMs = readEnvNumber("ORGX_GATEWAY_WATCHDOG_INTERVAL_MS", DEFAULT_MONITOR_INTERVAL_MS, 5_000);
+    const failuresBeforeRestart = readEnvNumber("ORGX_GATEWAY_WATCHDOG_FAILURES", DEFAULT_FAILURES_BEFORE_RESTART, 1);
+    const probeTimeoutMs = readEnvNumber("ORGX_GATEWAY_WATCHDOG_TIMEOUT_MS", DEFAULT_PROBE_TIMEOUT_MS, 500);
+    let consecutiveFailures = 0;
+    let restartInFlight = false;
+    const cleanup = () => {
+        const pid = readWatchdogPid();
+        if (pid === process.pid) {
+            clearWatchdogPid();
+        }
+    };
+    process.on("SIGTERM", () => {
+        cleanup();
+        process.exit(0);
+    });
+    process.on("SIGINT", () => {
+        cleanup();
+        process.exit(0);
+    });
+    process.on("exit", cleanup);
+    writeWatchdogPid(process.pid);
+    logger.info?.("[orgx] Gateway watchdog daemon started", {
+        intervalMs: monitorIntervalMs,
+        failuresBeforeRestart,
+    });
+    const tick = async () => {
+        if (restartInFlight)
+            return;
+        const snapshot = readOpenClawSettingsSnapshot();
+        const port = readOpenClawGatewayPort(snapshot.raw);
+        const healthy = await probeGateway(port, probeTimeoutMs);
+        if (healthy) {
+            consecutiveFailures = 0;
+            return;
+        }
+        consecutiveFailures += 1;
+        logger.warn?.("[orgx] Gateway watchdog probe failed", {
+            port,
+            consecutiveFailures,
+            threshold: failuresBeforeRestart,
+        });
+        if (consecutiveFailures < failuresBeforeRestart) {
+            return;
+        }
+        restartInFlight = true;
+        try {
+            await restartGateway(logger);
+            consecutiveFailures = 0;
+        }
+        catch (err) {
+            logger.warn?.("[orgx] Gateway watchdog failed to restart gateway", {
+                error: err instanceof Error ? err.message : String(err),
+            });
+        }
+        finally {
+            restartInFlight = false;
+        }
+    };
+    await tick();
+    setInterval(() => {
+        void tick();
+    }, monitorIntervalMs);
+}
+export function ensureGatewayWatchdog(logger) {
+    if (process.env.ORGX_DISABLE_GATEWAY_WATCHDOG === "1") {
+        logger.debug?.("[orgx] Gateway watchdog disabled via ORGX_DISABLE_GATEWAY_WATCHDOG=1");
+        return { started: false, pid: null };
+    }
+    const existing = readWatchdogPid();
+    if (existing && isPidAlive(existing)) {
+        return { started: false, pid: existing };
+    }
+    if (existing && !isPidAlive(existing)) {
+        clearWatchdogPid();
+    }
+    const runnerPath = fileURLToPath(new URL("./gateway-watchdog-runner.js", import.meta.url));
+    const child = spawn(process.execPath, [runnerPath], {
+        env: process.env,
+        stdio: "ignore",
+        detached: true,
+    });
+    child.unref();
+    return { started: true, pid: child.pid ?? null };
+}