@virtue-ai/gateway-connect 0.1.0 → 0.2.0

package/README.md

@@ -23,7 +23,8 @@ This will:
 1. Open your browser for OAuth login (select "Authorize the platform")
 2. Save gateway credentials to `~/.openclaw/mcp-gateway.json`
 3. Patch `~/.openclaw/openclaw.json` to connect claude-cli to the gateway
-4. Verify connection and list available tools
+4. Install the trajectory recording plugin (sends full session trace to VirtueAI dashboard)
+5. Verify connection and list available tools
 
 ### Step 3: Start Using
 
@@ -40,7 +41,8 @@ That's it. OpenClaw now has access to all MCP tools on the gateway (GitHub, Goog
 1. **OAuth 2.0 PKCE authentication** — Registers an OAuth client, opens browser for login, exchanges authorization code for tokens
 2. **MCP config generation** — Writes `~/.openclaw/mcp-gateway.json` with gateway URL and bearer token
 3. **OpenClaw config patching** — Adds `--mcp-config` to the claude-cli backend args in `~/.openclaw/openclaw.json`
-4. **Connection verification** — Calls `tools/list` on the gateway and reports available tools
+4. **Trajectory recording** — Installs an OpenClaw plugin (`virtueai-trajectory`) that automatically sends every agent step (user prompts, agent responses, tool calls) to the VirtueAI prompt-guard API for dashboard visibility
+5. **Connection verification** — Calls `tools/list` on the gateway and reports available tools
 
 ## Options
 
@@ -48,8 +50,9 @@ That's it. OpenClaw now has access to all MCP tools on the gateway (GitHub, Goog
 npx @virtue-ai/gateway-connect [options]
 
 Options:
-  --gateway-url <url>  Gateway URL (required)
-  --help               Show help message
+  --gateway-url <url>    Gateway URL (required)
+  --guard-uuid <uuid>    Guard UUID for trajectory recording (or set VIRTUEAI_GUARD_UUID env var)
+  --help                 Show help message
 ```
 
 ## Re-authentication

package/dist/index.js

@@ -19,6 +19,7 @@ import https from 'https';
 import os from 'os';
 import path from 'path';
 import { URL } from 'url';
+import { generateTrajectoryPlugin, enableTrajectoryPlugin } from './trajectory-plugin.js';
 // ---------------------------------------------------------------------------
 // Constants
 // ---------------------------------------------------------------------------
@@ -222,7 +223,7 @@ async function authenticate(gatewayUrl) {
 // ---------------------------------------------------------------------------
 // Step 2: Write MCP gateway config
 // ---------------------------------------------------------------------------
-function writeMcpConfig(gatewayUrl, accessToken) {
+function writeMcpConfig(gatewayUrl, accessToken, guardUuid) {
     fs.mkdirSync(OPENCLAW_DIR, { recursive: true });
     const config = {
         mcpServers: {
@@ -234,6 +235,10 @@ function writeMcpConfig(gatewayUrl, accessToken) {
                 },
             },
         },
+        trajectory: {
+            gatewayUrl,
+            guardUuid: guardUuid || process.env.VIRTUEAI_GUARD_UUID || '',
+        },
     };
     fs.writeFileSync(MCP_CONFIG_PATH, JSON.stringify(config, null, 2) + '\n');
     console.log(`  Written: ${MCP_CONFIG_PATH}`);
@@ -341,18 +346,21 @@ Usage:
   npx @virtue-ai/gateway-connect [options]
 
 Options:
-  --gateway-url <url>  Gateway URL (default: ${DEFAULT_GATEWAY_URL})
-  --help               Show this help message
+  --gateway-url <url>    Gateway URL (default: ${DEFAULT_GATEWAY_URL})
+  --guard-uuid <uuid>    Guard UUID for trajectory recording (or set VIRTUEAI_GUARD_UUID)
+  --help                 Show this help message
 
 What it does:
   1. Opens browser for OAuth login
   2. Saves MCP config to ~/.openclaw/mcp-gateway.json
   3. Patches ~/.openclaw/openclaw.json to use the gateway
-  4. Verifies connection by listing available tools
+  4. Installs trajectory plugin for full session recording
+  5. Verifies connection by listing available tools
 `);
         process.exit(0);
     }
     let gatewayUrl = getArg('gateway-url') || DEFAULT_GATEWAY_URL;
+    const guardUuid = getArg('guard-uuid') || process.env.VIRTUEAI_GUARD_UUID;
     // Strip /mcp suffix and normalize to lowercase
     gatewayUrl = gatewayUrl.replace(/\/mcp\/?$/, '').toLowerCase();
     console.log('\n  VirtueAI Gateway Connect\n');
@@ -361,16 +369,21 @@ What it does:
     const { accessToken } = await authenticate(gatewayUrl);
     // Step 2: Write MCP config
     console.log('\n  Configuring OpenClaw...');
-    writeMcpConfig(gatewayUrl, accessToken);
+    writeMcpConfig(gatewayUrl, accessToken, guardUuid);
     // Step 3: Patch openclaw.json
     patchOpenClawConfig();
-    // Step 4: Verify
+    // Step 4: Install trajectory plugin
+    console.log('\n  Setting up trajectory recording...');
+    generateTrajectoryPlugin(guardUuid);
+    enableTrajectoryPlugin();
+    // Step 5: Verify
     console.log('');
     const toolCount = await verifyConnection(gatewayUrl, accessToken);
     // Done
     console.log(`
   Done! OpenClaw is now connected to VirtueAI MCP gateway.
   ${toolCount} tools available across the gateway.
+  Trajectory recording enabled (via virtueai-trajectory plugin).
 
   Config files:
     ${MCP_CONFIG_PATH}

package/dist/trajectory-plugin.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Trajectory Plugin Generator
+ *
+ * Generates and installs an OpenClaw plugin that hooks into the agent lifecycle
+ * to send every trajectory step to the VirtueAI gateway's prompt-guard API.
+ *
+ * Hooks used (all fire-and-forget, never block the agent):
+ *   - llm_input:       captures user prompt  → role "user"
+ *   - llm_output:      captures agent reply   → role "agent"
+ *   - after_tool_call:  captures tool results → role "agent"
+ */
+/**
+ * Generate the trajectory plugin files on disk.
+ */
+export declare function generateTrajectoryPlugin(guardUuid?: string): void;
+/**
+ * Enable the trajectory plugin in openclaw.json.
+ */
+export declare function enableTrajectoryPlugin(): void;

package/dist/trajectory-plugin.js

@@ -0,0 +1,228 @@
+/**
+ * Trajectory Plugin Generator
+ *
+ * Generates and installs an OpenClaw plugin that hooks into the agent lifecycle
+ * to send every trajectory step to the VirtueAI gateway's prompt-guard API.
+ *
+ * Hooks used (all fire-and-forget, never block the agent):
+ *   - llm_input:       captures user prompt  → role "user"
+ *   - llm_output:      captures agent reply   → role "agent"
+ *   - after_tool_call:  captures tool results → role "agent"
+ */
+import fs from 'fs';
+import os from 'os';
+import path from 'path';
+// ---------------------------------------------------------------------------
+// Constants
+// ---------------------------------------------------------------------------
+const OPENCLAW_DIR = path.join(os.homedir(), '.openclaw');
+const OPENCLAW_CONFIG_PATH = path.join(OPENCLAW_DIR, 'openclaw.json');
+const MCP_CONFIG_PATH = path.join(OPENCLAW_DIR, 'mcp-gateway.json');
+const PLUGIN_ID = 'virtueai-trajectory';
+const PLUGIN_DIR = path.join(OPENCLAW_DIR, 'extensions', PLUGIN_ID);
+const DEFAULT_GUARD_UUID = '3a2389709528a539a12ba6239e402ef159ecffa88f99af6e13236e69dd9bb2e5';
+// ---------------------------------------------------------------------------
+// Plugin source code (generated as a string, written to disk)
+// ---------------------------------------------------------------------------
+function buildPluginSource() {
+    return `\
+import { readFileSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+
+/**
+ * VirtueAI Trajectory Plugin
+ *
+ * Sends every agent interaction step to the VirtueAI gateway prompt-guard API
+ * so the full trajectory is visible in the dashboard.
+ *
+ * All hooks are fire-and-forget — errors are logged, never thrown.
+ */
+
+const MCP_CONFIG_PATH = join(homedir(), ".openclaw", "mcp-gateway.json");
+const DEFAULT_GUARD_UUID =
+  "${DEFAULT_GUARD_UUID}";
+
+function loadConfig() {
+  try {
+    const raw = readFileSync(MCP_CONFIG_PATH, "utf-8");
+    const cfg = JSON.parse(raw);
+    const virtueai = cfg.mcpServers?.virtueai;
+    if (!virtueai) return null;
+
+    const authHeader = virtueai.headers?.Authorization ?? "";
+    const token = authHeader.replace(/^Bearer\\s+/i, "");
+    const gatewayUrl = (virtueai.url ?? "").replace(/\\/mcp\\/?$/, "");
+
+    const guardUuid =
+      cfg.trajectory?.guardUuid ||
+      process.env.VIRTUEAI_GUARD_UUID ||
+      DEFAULT_GUARD_UUID;
+
+    if (!gatewayUrl || !token) return null;
+    return { gatewayUrl, token, guardUuid };
+  } catch {
+    return null;
+  }
+}
+
+function truncate(s, max = 2000) {
+  if (typeof s !== "string") {
+    try { s = JSON.stringify(s); } catch { s = String(s); }
+  }
+  return s.length > max ? s.slice(0, max) + "..." : s;
+}
+
+const plugin = {
+  id: "${PLUGIN_ID}",
+  name: "VirtueAI Trajectory",
+  description: "Sends agent trajectory steps to VirtueAI gateway for dashboard visibility",
+
+  register(api) {
+    const config = loadConfig();
+    if (!config) {
+      api.logger.warn("[virtueai-trajectory] No valid config found in " + MCP_CONFIG_PATH + ", plugin disabled");
+      return;
+    }
+
+    let gatewaySessionId = null;
+    const endpoint = config.gatewayUrl + "/api/prompt-guard/topic_guard";
+
+    async function sendStep(role, content) {
+      const body = {
+        user_prompt: truncate(content),
+        guard_uuid: config.guardUuid,
+        role,
+      };
+      if (gatewaySessionId) {
+        body.session_id = gatewaySessionId;
+      }
+
+      try {
+        const res = await fetch(endpoint, {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            Authorization: "Bearer " + config.token,
+          },
+          body: JSON.stringify(body),
+        });
+        const data = await res.json();
+
+        if (data?.session_id && !gatewaySessionId) {
+          gatewaySessionId = data.session_id;
+          api.logger.info("[virtueai-trajectory] Gateway session: " + gatewaySessionId);
+        }
+      } catch (err) {
+        api.logger.warn("[virtueai-trajectory] Failed to send step: " + (err?.message ?? err));
+      }
+    }
+
+    // Hook: user prompt sent to LLM
+    api.on("llm_input", (event) => {
+      if (event.prompt) {
+        sendStep("user", event.prompt);
+      }
+    });
+
+    // Hook: LLM response received
+    api.on("llm_output", (event) => {
+      const text = (event.assistantTexts ?? []).join("\\n").trim();
+      if (text) {
+        sendStep("agent", text);
+      }
+    });
+
+    // Hook: tool call completed
+    api.on("after_tool_call", (event) => {
+      const params = event.params
+        ? Object.entries(event.params)
+            .map(([k, v]) => k + "=" + JSON.stringify(v))
+            .join(", ")
+        : "";
+      const callStr = event.toolName + "(" + params + ")";
+      const resultStr = event.result != null ? truncate(event.result, 500) : (event.error ?? "no result");
+      sendStep("agent", callStr + " → " + resultStr);
+    });
+
+    api.logger.info("[virtueai-trajectory] Plugin registered, sending to " + config.gatewayUrl);
+  },
+};
+
+export default plugin;
+`;
+}
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+/**
+ * Generate the trajectory plugin files on disk.
+ */
+export function generateTrajectoryPlugin(guardUuid) {
+    fs.mkdirSync(PLUGIN_DIR, { recursive: true });
+    // package.json
+    const pkg = {
+        name: '@virtue-ai/trajectory',
+        version: '1.0.0',
+        type: 'module',
+        openclaw: {
+            extensions: ['./index.ts'],
+        },
+    };
+    fs.writeFileSync(path.join(PLUGIN_DIR, 'package.json'), JSON.stringify(pkg, null, 2) + '\n');
+    // index.ts (the actual plugin)
+    fs.writeFileSync(path.join(PLUGIN_DIR, 'index.ts'), buildPluginSource());
+    // Persist guard UUID in mcp-gateway.json trajectory section
+    if (guardUuid) {
+        try {
+            const raw = fs.readFileSync(MCP_CONFIG_PATH, 'utf-8');
+            const cfg = JSON.parse(raw);
+            if (!cfg.trajectory)
+                cfg.trajectory = {};
+            cfg.trajectory.guardUuid = guardUuid;
+            fs.writeFileSync(MCP_CONFIG_PATH, JSON.stringify(cfg, null, 2) + '\n');
+        }
+        catch {
+            // Config may not exist yet — will be written by writeMcpConfig
+        }
+    }
+    console.log(`  Generated trajectory plugin: ${PLUGIN_DIR}`);
+}
+/**
+ * Enable the trajectory plugin in openclaw.json.
+ */
+export function enableTrajectoryPlugin() {
+    let config = {};
+    if (fs.existsSync(OPENCLAW_CONFIG_PATH)) {
+        try {
+            config = JSON.parse(fs.readFileSync(OPENCLAW_CONFIG_PATH, 'utf-8'));
+        }
+        catch {
+            config = {};
+        }
+    }
+    // plugins.entries
+    if (!config.plugins)
+        config.plugins = {};
+    if (!config.plugins.entries)
+        config.plugins.entries = {};
+    config.plugins.entries[PLUGIN_ID] = { enabled: true };
+    // plugins.allow
+    if (!config.plugins.allow)
+        config.plugins.allow = [];
+    if (!config.plugins.allow.includes(PLUGIN_ID)) {
+        config.plugins.allow.push(PLUGIN_ID);
+    }
+    // plugins.installs (so OpenClaw knows where the plugin lives)
+    if (!config.plugins.installs)
+        config.plugins.installs = {};
+    config.plugins.installs[PLUGIN_ID] = {
+        source: 'path',
+        sourcePath: PLUGIN_DIR,
+        installPath: PLUGIN_DIR,
+        version: '1.0.0',
+        installedAt: new Date().toISOString(),
+    };
+    fs.writeFileSync(OPENCLAW_CONFIG_PATH, JSON.stringify(config, null, 2) + '\n');
+    console.log(`  Enabled trajectory plugin in: ${OPENCLAW_CONFIG_PATH}`);
+}

package/package.json

@@ -1,17 +1,26 @@
 {
   "name": "@virtue-ai/gateway-connect",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "One-command setup to connect OpenClaw to VirtueAI MCP gateway",
   "type": "module",
+  "files": [
+    "dist"
+  ],
+  "main": "dist/index.js",
   "bin": {
-    "gateway-connect": "./dist/index.js"
+    "gateway-connect": "dist/index.js"
   },
   "scripts": {
     "build": "tsc",
     "start": "node dist/index.js",
     "dev": "tsx src/index.ts"
   },
-  "keywords": ["openclaw", "mcp", "gateway", "virtueai"],
+  "keywords": [
+    "openclaw",
+    "mcp",
+    "gateway",
+    "virtueai"
+  ],
   "license": "MIT",
   "devDependencies": {
     "@types/node": "^22.10.0",

package/Dockerfile

@@ -1,29 +0,0 @@
-FROM node:22-bookworm
-
-RUN apt-get update && apt-get install -y jq curl && rm -rf /var/lib/apt/lists/*
-
-# Create non-root user (claude --dangerously-skip-permissions blocks root)
-RUN useradd -m -s /bin/bash claw
-
-# Install OpenClaw + Claude Code CLI
-RUN npm install -g openclaw@latest @anthropic-ai/claude-code
-
-# Copy gateway-connect tool
-WORKDIR /app
-COPY package.json package-lock.json* ./
-RUN npm install
-COPY tsconfig.json ./
-COPY src ./src
-RUN npm run build
-
-# Make the CLI executable
-RUN chmod +x dist/index.js
-
-# Switch to non-root user
-RUN chown -R claw:claw /app /home/claw
-USER claw
-
-# Expose callback port for OAuth flow
-EXPOSE 19876
-
-CMD ["/bin/bash"]

package/src/index.ts

@@ -1,457 +0,0 @@
-#!/usr/bin/env node
-/**
- * VirtueAI Gateway Connect
- *
- * One-command setup to connect OpenClaw to VirtueAI MCP gateway.
- *
- * 1. OAuth 2.0 PKCE login → obtain access token
- * 2. Write MCP gateway config to ~/.openclaw/mcp-gateway.json
- * 3. Patch ~/.openclaw/openclaw.json to use claude-cli with --mcp-config
- * 4. Verify connection by listing tools
- *
- * Usage: npx @virtue-ai/gateway-connect [--gateway-url https://...]
- */
-
-import crypto from 'crypto';
-import { execSync } from 'child_process';
-import fs from 'fs';
-import http from 'http';
-import https from 'https';
-import os from 'os';
-import path from 'path';
-import { URL } from 'url';
-
-// ---------------------------------------------------------------------------
-// Constants
-// ---------------------------------------------------------------------------
-
-const CALLBACK_PORT = 19876;
-const CALLBACK_PATH = '/callback';
-const REDIRECT_URI = `http://localhost:${CALLBACK_PORT}${CALLBACK_PATH}`;
-const SCOPES = 'claudeai copilot mcp:read mcp:execute mcp:access';
-
-const OPENCLAW_DIR = path.join(os.homedir(), '.openclaw');
-const MCP_CONFIG_PATH = path.join(OPENCLAW_DIR, 'mcp-gateway.json');
-const OPENCLAW_CONFIG_PATH = path.join(OPENCLAW_DIR, 'openclaw.json');
-
-const DEFAULT_GATEWAY_URL = 'https://virtueai-agent-gtw-l3phon63.ngrok.io';
-
-// ---------------------------------------------------------------------------
-// Helpers
-// ---------------------------------------------------------------------------
-
-function getArg(name: string): string | undefined {
-  const idx = process.argv.indexOf(`--${name}`);
-  return idx !== -1 ? process.argv[idx + 1] : undefined;
-}
-
-function hasFlag(name: string): boolean {
-  return process.argv.includes(`--${name}`);
-}
-
-function fetchJson(
-  url: string,
-  options: { method?: string; headers?: Record<string, string>; body?: string },
-): Promise<{ status: number; data: any }> {
-  return new Promise((resolve, reject) => {
-    const parsed = new URL(url);
-    const mod = parsed.protocol === 'https:' ? https : http;
-    const req = mod.request(
-      parsed,
-      {
-        method: options.method ?? 'GET',
-        headers: {
-          ...(options.body ? { 'Content-Type': 'application/x-www-form-urlencoded' } : {}),
-          ...(options.headers ?? {}),
-        },
-      },
-      (res) => {
-        let body = '';
-        res.on('data', (chunk: Buffer) => (body += chunk.toString()));
-        res.on('end', () => {
-          try {
-            resolve({ status: res.statusCode ?? 0, data: JSON.parse(body) });
-          } catch {
-            resolve({ status: res.statusCode ?? 0, data: body });
-          }
-        });
-      },
-    );
-    req.on('error', reject);
-    if (options.body) req.write(options.body);
-    req.end();
-  });
-}
-
-function generateCodeVerifier(): string {
-  return crypto.randomBytes(32).toString('base64url');
-}
-
-function generateCodeChallenge(verifier: string): string {
-  return crypto.createHash('sha256').update(verifier).digest('base64url');
-}
-
-function openBrowser(url: string): void {
-  const platform = process.platform;
-  try {
-    if (platform === 'darwin') {
-      execSync(`open "${url}"`);
-    } else if (platform === 'linux') {
-      execSync(`xdg-open "${url}" 2>/dev/null || sensible-browser "${url}" 2>/dev/null || echo ""`);
-    } else {
-      execSync(`start "" "${url}"`);
-    }
-  } catch {
-    // Silently fail — we always print the URL below
-  }
-}
-
-// ---------------------------------------------------------------------------
-// Step 1: OAuth PKCE Authentication
-// ---------------------------------------------------------------------------
-
-async function authenticate(gatewayUrl: string): Promise<{
-  accessToken: string;
-  refreshToken?: string;
-  clientId: string;
-}> {
-  // Discover OAuth metadata
-  console.log('  Discovering OAuth endpoints...');
-  const { data: metadata } = await fetchJson(
-    `${gatewayUrl}/.well-known/oauth-authorization-server`,
-    { method: 'GET' },
-  );
-
-  if (!metadata.authorization_endpoint || !metadata.token_endpoint) {
-    console.error('Error: Could not discover OAuth endpoints from gateway.');
-    console.error('Response:', JSON.stringify(metadata, null, 2));
-    process.exit(1);
-  }
-
-  const authEndpoint: string = metadata.authorization_endpoint;
-  const tokenEndpoint: string = metadata.token_endpoint;
-  const registerEndpoint: string = metadata.registration_endpoint;
-
-  console.log(`  Auth endpoint: ${authEndpoint}`);
-  console.log(`  Token endpoint: ${tokenEndpoint}`);
-
-  // Register OAuth client
-  console.log('  Registering OAuth client...');
-  const { status: regStatus, data: clientInfo } = await fetchJson(registerEndpoint, {
-    method: 'POST',
-    headers: { 'Content-Type': 'application/json' },
-    body: JSON.stringify({
-      client_name: 'openclaw-gateway-connect',
-      grant_types: ['authorization_code', 'refresh_token'],
-      redirect_uris: [REDIRECT_URI],
-      scope: SCOPES,
-      token_endpoint_auth_method: 'none',
-    }),
-  });
-
-  if (!clientInfo.client_id) {
-    console.error(`Error: Client registration failed (${regStatus}).`);
-    console.error(JSON.stringify(clientInfo, null, 2));
-    process.exit(1);
-  }
-
-  const clientId: string = clientInfo.client_id;
-  console.log(`  Client ID: ${clientId}`);
-
-  // Build authorization URL with PKCE
-  const codeVerifier = generateCodeVerifier();
-  const codeChallenge = generateCodeChallenge(codeVerifier);
-  const state = crypto.randomBytes(16).toString('hex');
-
-  const authUrl = new URL(authEndpoint);
-  authUrl.searchParams.set('client_id', clientId);
-  authUrl.searchParams.set('redirect_uri', REDIRECT_URI);
-  authUrl.searchParams.set('response_type', 'code');
-  authUrl.searchParams.set('scope', SCOPES);
-  authUrl.searchParams.set('state', state);
-  authUrl.searchParams.set('code_challenge', codeChallenge);
-  authUrl.searchParams.set('code_challenge_method', 'S256');
-
-  // Start callback server & open browser
-  const authCode = await new Promise<string>((resolve, reject) => {
-    const server = http.createServer((req, res) => {
-      if (!req.url?.startsWith(CALLBACK_PATH)) {
-        res.writeHead(404);
-        res.end('Not found');
-        return;
-      }
-
-      const url = new URL(req.url, `http://localhost:${CALLBACK_PORT}`);
-      const code = url.searchParams.get('code');
-      const returnedState = url.searchParams.get('state');
-      const error = url.searchParams.get('error');
-
-      if (error) {
-        res.writeHead(400, { 'Content-Type': 'text/html' });
-        res.end(`<h2>Authentication failed</h2><p>${error}</p><p>You can close this window.</p>`);
-        server.close();
-        reject(new Error(`OAuth error: ${error}`));
-        return;
-      }
-
-      if (!code || returnedState !== state) {
-        res.writeHead(400, { 'Content-Type': 'text/html' });
-        res.end('<h2>Invalid callback</h2><p>Missing code or state mismatch.</p>');
-        server.close();
-        reject(new Error('Invalid callback: missing code or state mismatch'));
-        return;
-      }
-
-      res.writeHead(200, { 'Content-Type': 'text/html' });
-      res.end(
-        '<h2>Authentication successful!</h2>' +
-        '<p>You can close this window and return to the terminal.</p>' +
-        '<script>window.close()</script>',
-      );
-      server.close();
-      resolve(code);
-    });
-
-    server.listen(CALLBACK_PORT, '0.0.0.0', () => {
-      console.log(`\n  Opening browser for login...`);
-      console.log(`  (callback server listening on port ${CALLBACK_PORT})\n`);
-      console.log(`  If browser doesn't open, visit this URL:\n`);
-      console.log(`  ${authUrl.toString()}\n`);
-      openBrowser(authUrl.toString());
-    });
-
-    server.on('error', (err) => {
-      if ((err as NodeJS.ErrnoException).code === 'EADDRINUSE') {
-        reject(new Error(`Port ${CALLBACK_PORT} is in use. Close the other process and try again.`));
-      } else {
-        reject(err);
-      }
-    });
-
-    // Timeout after 5 minutes
-    setTimeout(() => {
-      server.close();
-      reject(new Error('Authentication timed out (5 minutes). Please try again.'));
-    }, 5 * 60 * 1000);
-  });
-
-  console.log('  Authorization code received. Exchanging for tokens...');
-
-  // Exchange code for tokens
-  const tokenBody = new URLSearchParams({
-    grant_type: 'authorization_code',
-    client_id: clientId,
-    code: authCode,
-    redirect_uri: REDIRECT_URI,
-    code_verifier: codeVerifier,
-  }).toString();
-
-  const { status: tokenStatus, data: tokenData } = await fetchJson(tokenEndpoint, {
-    method: 'POST',
-    body: tokenBody,
-  });
-
-  if (!tokenData.access_token) {
-    console.error(`Error: Token exchange failed (${tokenStatus}).`);
-    console.error(JSON.stringify(tokenData, null, 2));
-    process.exit(1);
-  }
-
-  console.log(`  Access token received (expires in ${tokenData.expires_in}s)`);
-
-  return {
-    accessToken: tokenData.access_token,
-    refreshToken: tokenData.refresh_token,
-    clientId,
-  };
-}
-
-// ---------------------------------------------------------------------------
-// Step 2: Write MCP gateway config
-// ---------------------------------------------------------------------------
-
-function writeMcpConfig(gatewayUrl: string, accessToken: string): void {
-  fs.mkdirSync(OPENCLAW_DIR, { recursive: true });
-
-  const config = {
-    mcpServers: {
-      virtueai: {
-        type: 'http',
-        url: `${gatewayUrl}/mcp`,
-        headers: {
-          Authorization: `Bearer ${accessToken}`,
-        },
-      },
-    },
-  };
-
-  fs.writeFileSync(MCP_CONFIG_PATH, JSON.stringify(config, null, 2) + '\n');
-  console.log(`  Written: ${MCP_CONFIG_PATH}`);
-}
-
-// ---------------------------------------------------------------------------
-// Step 3: Patch openclaw.json
-// ---------------------------------------------------------------------------
-
-function patchOpenClawConfig(): void {
-  let config: any = {};
-
-  if (fs.existsSync(OPENCLAW_CONFIG_PATH)) {
-    try {
-      config = JSON.parse(fs.readFileSync(OPENCLAW_CONFIG_PATH, 'utf-8'));
-    } catch {
-      console.warn('  Warning: existing openclaw.json is invalid JSON, creating fresh config');
-      config = {};
-    }
-  }
-
-  // Ensure nested structure exists
-  if (!config.agents) config.agents = {};
-  if (!config.agents.defaults) config.agents.defaults = {};
-
-  // Set model to claude-cli if not already set
-  if (!config.agents.defaults.model) {
-    config.agents.defaults.model = { primary: 'claude-cli/sonnet' };
-  }
-
-  // Ensure cliBackends.claude-cli exists
-  if (!config.agents.defaults.cliBackends) config.agents.defaults.cliBackends = {};
-  if (!config.agents.defaults.cliBackends['claude-cli']) {
-    config.agents.defaults.cliBackends['claude-cli'] = {
-      command: 'claude',
-      args: ['-p', '--output-format', 'json'],
-    };
-  }
-
-  const cliBackend = config.agents.defaults.cliBackends['claude-cli'];
-
-  // Ensure args is an array
-  if (!Array.isArray(cliBackend.args)) {
-    cliBackend.args = ['-p', '--output-format', 'json'];
-  }
-
-  // Add or update --mcp-config
-  const mcpIdx = cliBackend.args.indexOf('--mcp-config');
-  if (mcpIdx !== -1) {
-    // Update existing path
-    cliBackend.args[mcpIdx + 1] = MCP_CONFIG_PATH;
-  } else {
-    // Append
-    cliBackend.args.push('--mcp-config', MCP_CONFIG_PATH);
-  }
-
-  // Write back
-  fs.writeFileSync(OPENCLAW_CONFIG_PATH, JSON.stringify(config, null, 2) + '\n');
-  console.log(`  Patched: ${OPENCLAW_CONFIG_PATH}`);
-}
-
-// ---------------------------------------------------------------------------
-// Step 4: Verify connection
-// ---------------------------------------------------------------------------
-
-async function verifyConnection(gatewayUrl: string, accessToken: string): Promise<number> {
-  console.log('  Verifying token with gateway...');
-  const { status, data } = await fetchJson(`${gatewayUrl}/mcp`, {
-    method: 'POST',
-    headers: {
-      'Content-Type': 'application/json',
-      Authorization: `Bearer ${accessToken}`,
-    },
-    body: JSON.stringify({
-      jsonrpc: '2.0',
-      id: 1,
-      method: 'tools/list',
-      params: {},
-    }),
-  });
-
-  if (status === 200 && data?.result?.tools) {
-    const tools = data.result.tools;
-    const toolCount = tools.length;
-
-    // Group by prefix
-    const groups: Record<string, number> = {};
-    for (const t of tools) {
-      const prefix = t.name.split('_')[0];
-      groups[prefix] = (groups[prefix] || 0) + 1;
-    }
-
-    console.log(`  Verified! ${toolCount} tools available:`);
-    for (const [prefix, count] of Object.entries(groups).sort()) {
-      console.log(`    ${prefix}: ${count} tools`);
-    }
-
-    return toolCount;
-  } else {
-    console.warn(`  Warning: verification returned status ${status}`);
-    console.warn(`  Response: ${JSON.stringify(data).slice(0, 200)}`);
-    console.warn('  Token was saved but may not work yet.');
-    return 0;
-  }
-}
-
-// ---------------------------------------------------------------------------
-// Main
-// ---------------------------------------------------------------------------
-
-async function main(): Promise<void> {
-  if (hasFlag('help') || hasFlag('h')) {
-    console.log(`
-VirtueAI Gateway Connect — connect OpenClaw to VirtueAI MCP gateway
-
-Usage:
-  npx @virtue-ai/gateway-connect [options]
-
-Options:
-  --gateway-url <url>  Gateway URL (default: ${DEFAULT_GATEWAY_URL})
-  --help               Show this help message
-
-What it does:
-  1. Opens browser for OAuth login
-  2. Saves MCP config to ~/.openclaw/mcp-gateway.json
-  3. Patches ~/.openclaw/openclaw.json to use the gateway
-  4. Verifies connection by listing available tools
-`);
-    process.exit(0);
-  }
-
-  let gatewayUrl = getArg('gateway-url') || DEFAULT_GATEWAY_URL;
-  // Strip /mcp suffix and normalize to lowercase
-  gatewayUrl = gatewayUrl.replace(/\/mcp\/?$/, '').toLowerCase();
-
-  console.log('\n  VirtueAI Gateway Connect\n');
-  console.log(`  Gateway: ${gatewayUrl}`);
-
-  // Step 1: Authenticate
-  const { accessToken } = await authenticate(gatewayUrl);
-
-  // Step 2: Write MCP config
-  console.log('\n  Configuring OpenClaw...');
-  writeMcpConfig(gatewayUrl, accessToken);
-
-  // Step 3: Patch openclaw.json
-  patchOpenClawConfig();
-
-  // Step 4: Verify
-  console.log('');
-  const toolCount = await verifyConnection(gatewayUrl, accessToken);
-
-  // Done
-  console.log(`
-  Done! OpenClaw is now connected to VirtueAI MCP gateway.
-  ${toolCount} tools available across the gateway.
-
-  Config files:
-    ${MCP_CONFIG_PATH}
-    ${OPENCLAW_CONFIG_PATH}
-
-  Start using it:
-    openclaw agent --local --message "What tools do you have?"
-`);
-  process.exit(0);
-}
-
-main().catch((err) => {
-  console.error(`\nError: ${err.message}`);
-  process.exit(1);
-});

package/tsconfig.json

@@ -1,15 +0,0 @@
-{
-  "compilerOptions": {
-    "target": "ES2022",
-    "module": "Node16",
-    "moduleResolution": "Node16",
-    "outDir": "dist",
-    "rootDir": "src",
-    "strict": true,
-    "esModuleInterop": true,
-    "skipLibCheck": true,
-    "declaration": true
-  },
-  "include": ["src"],
-  "exclude": ["node_modules", "dist"]
-}