@virtue-ai/gateway-connect 0.2.1 → 0.3.1

package/README.md

@@ -1,6 +1,6 @@
 # @virtue-ai/gateway-connect
 
-One-command setup to connect [OpenClaw](https://github.com/openclaw/openclaw) to the VirtueAI MCP gateway.
+One-command setup to connect [OpenClaw](https://github.com/openclaw/openclaw) to the VirtueAI MCP gateway. Works with **any model** — Anthropic, OpenAI, Google, LiteLLM, etc.
 
 ## Quick Start
 
@@ -10,51 +10,86 @@ One-command setup to connect [OpenClaw](https://github.com/openclaw/openclaw) to
 npm install -g openclaw@latest
 ```
 
-Make sure you have [Claude Code CLI](https://docs.anthropic.com/en/docs/claude-code) installed and logged in (`claude` command should work).
+### Step 2: Configure Model Auth
 
-### Step 2: Connect to VirtueAI MCP Gateway
+Set up API key for your preferred model provider:
+
+```bash
+openclaw models auth paste-token --provider anthropic
+# or
+openclaw models auth paste-token --provider openai
+```
+
+### Step 3: Connect to VirtueAI MCP Gateway
 
 ```bash
 npx @virtue-ai/gateway-connect --gateway-url https://virtueai-agent-gtw-xxxx.ngrok.io
 ```
 
+To use a specific model:
+
+```bash
+npx @virtue-ai/gateway-connect --gateway-url https://virtueai-agent-gtw-xxxx.ngrok.io --model openai/gpt-4o
+```
+
 This will:
 
-1. Open your browser for OAuth login (select "Authorize the platform")
-2. Save gateway credentials to `~/.openclaw/mcp-gateway.json`
-3. Patch `~/.openclaw/openclaw.json` to connect claude-cli to the gateway
-4. Install the trajectory recording plugin (sends full session trace to VirtueAI dashboard)
-5. Verify connection and list available tools
+1. Open your browser for OAuth login
+2. Fetch all MCP tools from the gateway
+3. Generate a native OpenClaw plugin wrapping each tool (`~/.openclaw/extensions/virtueai-mcp-tools/`)
+4. Patch `~/.openclaw/openclaw.json` to enable the plugin
+5. Install the trajectory recording plugin
 
-### Step 3: Start Using
+### Step 4: Start Using
 
 One-shot mode:
 
 ```bash
-openclaw agent --local --session-id demo --message "What tools do you have?"
+openclaw agent --local --message "What tools do you have?"
 ```
 
-Interactive TUI (two terminals):
+Interactive TUI mode:
 
 ```bash
-# Terminal 1: start the gateway
+# Terminal 1: start the OpenClaw gateway
 openclaw gateway
 
-# Terminal 2: open TUI
+# Terminal 2: open the TUI
 openclaw tui
 ```
 
-OpenClaw now has access to all MCP tools on the gateway (GitHub, Google Workspace, Gmail, Calendar, Slack, PayPal, HR, Firebase, BigQuery, Brave Search, Chrome DevTools, and more).
+To stop the gateway, press `Ctrl+C` in Terminal 1, or run:
+
+```bash
+openclaw gateway stop
+```
+
+### Switching Models
+
+In TUI mode, use slash commands to switch models on the fly:
+
+```
+/model openai/gpt-4o
+/model anthropic/claude-opus-4-6
+/models                              # opens model picker
+```
+
+All gateway tools remain available regardless of which model you use. Any model with a configured API key can be selected.
 
 ## What It Does
 
-`gateway-connect` automates the following:
+`gateway-connect` generates a **native OpenClaw plugin** that registers every MCP gateway tool via `api.registerTool()`. Each tool call is proxied to the gateway as a JSON-RPC `tools/call` request with Bearer auth.
+
+This approach works with any embedded model provider (not just Claude CLI), because the tools are part of OpenClaw's plugin system rather than being passed via `--mcp-config`.
+
+### Generated Files
 
-1. **OAuth 2.0 PKCE authentication** — Registers an OAuth client, opens browser for login, exchanges authorization code for tokens
-2. **MCP config generation** — Writes `~/.openclaw/mcp-gateway.json` with gateway URL and bearer token
-3. **OpenClaw config patching** — Adds `--mcp-config` to the claude-cli backend args in `~/.openclaw/openclaw.json`
-4. **Trajectory recording** — Installs an OpenClaw plugin (`virtueai-trajectory`) that automatically sends every agent step (user prompts, agent responses, tool calls) to the VirtueAI prompt-guard API for dashboard visibility
-5. **Connection verification** — Calls `tools/list` on the gateway and reports available tools
+| Path | Purpose |
+|------|---------|
+| `~/.openclaw/extensions/virtueai-mcp-tools/` | Native plugin with all gateway tools |
+| `~/.openclaw/extensions/virtueai-trajectory/` | Trajectory recording plugin |
+| `~/.openclaw/mcp-gateway.json` | Auth & trajectory config |
+| `~/.openclaw/openclaw.json` | Patched with plugin entries |
 
 ## Options
 
@@ -62,14 +97,15 @@ OpenClaw now has access to all MCP tools on the gateway (GitHub, Google Workspac
 npx @virtue-ai/gateway-connect [options]
 
 Options:
-  --gateway-url <url>    Gateway URL (required)
-  --guard-uuid <uuid>    Guard UUID for trajectory recording (or set VIRTUEAI_GUARD_UUID env var)
+  --gateway-url <url>    Gateway URL (default: https://virtueai-agent-gtw-l3phon63.ngrok.io)
+  --model <model>        Model to use (e.g. openai/gpt-4o, anthropic/claude-sonnet-4-5)
+  --guard-uuid <uuid>    Guard UUID for trajectory recording (or set VIRTUEAI_GUARD_UUID)
   --help                 Show help message
 ```
 
 ## Re-authentication
 
-If your token expires, just run the command again. It will update the existing config files.
+If your token expires, just run the command again. It will regenerate the plugin with a fresh token.
 
 ## License
 

package/dist/index.d.ts

@@ -5,9 +5,10 @@
  * One-command setup to connect OpenClaw to VirtueAI MCP gateway.
  *
  * 1. OAuth 2.0 PKCE login → obtain access token
- * 2. Write MCP gateway config to ~/.openclaw/mcp-gateway.json
- * 3. Patch ~/.openclaw/openclaw.json to use claude-cli with --mcp-config
- * 4. Verify connection by listing tools
+ * 2. Fetch all MCP tools from the gateway
+ * 3. Generate a native OpenClaw plugin that wraps each tool (works with any model)
+ * 4. Patch ~/.openclaw/openclaw.json to enable the plugin
+ * 5. Install trajectory recording plugin
  *
  * Usage: npx @virtue-ai/gateway-connect [--gateway-url https://...]
  */

package/dist/index.js

@@ -5,9 +5,10 @@
  * One-command setup to connect OpenClaw to VirtueAI MCP gateway.
  *
  * 1. OAuth 2.0 PKCE login → obtain access token
- * 2. Write MCP gateway config to ~/.openclaw/mcp-gateway.json
- * 3. Patch ~/.openclaw/openclaw.json to use claude-cli with --mcp-config
- * 4. Verify connection by listing tools
+ * 2. Fetch all MCP tools from the gateway
+ * 3. Generate a native OpenClaw plugin that wraps each tool (works with any model)
+ * 4. Patch ~/.openclaw/openclaw.json to enable the plugin
+ * 5. Install trajectory recording plugin
  *
  * Usage: npx @virtue-ai/gateway-connect [--gateway-url https://...]
  */
@@ -30,8 +31,11 @@ const SCOPES = 'claudeai copilot mcp:read mcp:execute mcp:access';
 const OPENCLAW_DIR = path.join(os.homedir(), '.openclaw');
 const MCP_CONFIG_PATH = path.join(OPENCLAW_DIR, 'mcp-gateway.json');
 const OPENCLAW_CONFIG_PATH = path.join(OPENCLAW_DIR, 'openclaw.json');
-const MCP_PROXY_PATH = path.join(OPENCLAW_DIR, 'virtueai-mcp-proxy.mjs');
+const TOOLS_PLUGIN_ID = 'virtueai-mcp-tools';
+const TOOLS_PLUGIN_DIR = path.join(OPENCLAW_DIR, 'extensions', TOOLS_PLUGIN_ID);
 const DEFAULT_GATEWAY_URL = 'https://virtueai-agent-gtw-l3phon63.ngrok.io';
+const DEFAULT_API_URL = 'https://agentgateway1.virtueai.io';
+const DEFAULT_GATEWAY_ID = 'gtw_L3pHOn63';
 // ---------------------------------------------------------------------------
 // Helpers
 // ---------------------------------------------------------------------------
@@ -97,7 +101,6 @@ function openBrowser(url) {
 // Step 1: OAuth PKCE Authentication
 // ---------------------------------------------------------------------------
 async function authenticate(gatewayUrl) {
-    // Discover OAuth metadata
     console.log('  Discovering OAuth endpoints...');
     const { data: metadata } = await fetchJson(`${gatewayUrl}/.well-known/oauth-authorization-server`, { method: 'GET' });
     if (!metadata.authorization_endpoint || !metadata.token_endpoint) {
@@ -110,7 +113,6 @@ async function authenticate(gatewayUrl) {
     const registerEndpoint = metadata.registration_endpoint;
     console.log(`  Auth endpoint: ${authEndpoint}`);
     console.log(`  Token endpoint: ${tokenEndpoint}`);
-    // Register OAuth client
     console.log('  Registering OAuth client...');
     const { status: regStatus, data: clientInfo } = await fetchJson(registerEndpoint, {
         method: 'POST',
@@ -130,7 +132,6 @@ async function authenticate(gatewayUrl) {
     }
     const clientId = clientInfo.client_id;
     console.log(`  Client ID: ${clientId}`);
-    // Build authorization URL with PKCE
     const codeVerifier = generateCodeVerifier();
     const codeChallenge = generateCodeChallenge(codeVerifier);
     const state = crypto.randomBytes(16).toString('hex');
@@ -142,7 +143,6 @@ async function authenticate(gatewayUrl) {
     authUrl.searchParams.set('state', state);
     authUrl.searchParams.set('code_challenge', codeChallenge);
     authUrl.searchParams.set('code_challenge_method', 'S256');
-    // Start callback server & open browser
     const authCode = await new Promise((resolve, reject) => {
         const server = http.createServer((req, res) => {
             if (!req.url?.startsWith(CALLBACK_PATH)) {
@@ -190,14 +190,12 @@ async function authenticate(gatewayUrl) {
                 reject(err);
             }
         });
-        // Timeout after 5 minutes
         setTimeout(() => {
             server.close();
             reject(new Error('Authentication timed out (5 minutes). Please try again.'));
         }, 5 * 60 * 1000);
     });
     console.log('  Authorization code received. Exchanging for tokens...');
-    // Exchange code for tokens
     const tokenBody = new URLSearchParams({
         grant_type: 'authorization_code',
         client_id: clientId,
@@ -221,84 +219,136 @@ async function authenticate(gatewayUrl) {
         clientId,
     };
 }
-// ---------------------------------------------------------------------------
-// Step 2: Write MCP gateway config
-// ---------------------------------------------------------------------------
-function generateMcpProxy(gatewayUrl, accessToken) {
-    const source = `#!/usr/bin/env node
-// Stdio-to-HTTP MCP proxy for VirtueAI gateway.
-// Claude Code checks OAuth discovery on remote HTTP MCP servers, which
-// conflicts with the gateway's OAuth endpoint. This proxy runs as a local
-// stdio server so Claude Code skips OAuth and uses the pre-obtained token.
-
-import { createInterface } from "readline";
-import https from "https";
-import http from "http";
-import { URL } from "url";
+async function fetchToolsList(gatewayUrl, accessToken) {
+    console.log('  Fetching tools from gateway...');
+    const { status, data } = await fetchJson(`${gatewayUrl}/mcp`, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            Authorization: `Bearer ${accessToken}`,
+        },
+        body: JSON.stringify({
+            jsonrpc: '2.0',
+            id: 1,
+            method: 'tools/list',
+            params: {},
+        }),
+    });
+    if (status !== 200 || !data?.result?.tools) {
+        console.warn(`  Warning: tools/list returned status ${status}`);
+        console.warn(`  Response: ${JSON.stringify(data).slice(0, 200)}`);
+        return [];
+    }
+    const tools = data.result.tools;
+    const groups = {};
+    for (const t of tools) {
+        const prefix = t.name.split('_')[0];
+        groups[prefix] = (groups[prefix] || 0) + 1;
+    }
+    console.log(`  Found ${tools.length} tools:`);
+    for (const [prefix, count] of Object.entries(groups).sort()) {
+        console.log(`    ${prefix}: ${count} tools`);
+    }
+    return tools;
+}
+function escapeTs(s) {
+    return s
+        .replace(/\\/g, '\\\\')
+        .replace(/"/g, '\\"')
+        .replace(/\n/g, '\\n')
+        .replace(/\r/g, '\\r');
+}
+function generateMcpToolsPlugin(gatewayUrl, accessToken, tools) {
+    fs.mkdirSync(TOOLS_PLUGIN_DIR, { recursive: true });
+    // package.json
+    const pkg = {
+        name: TOOLS_PLUGIN_ID,
+        version: '1.0.0',
+        type: 'module',
+        openclaw: { extensions: ['./index.ts'] },
+        dependencies: {},
+    };
+    fs.writeFileSync(path.join(TOOLS_PLUGIN_DIR, 'package.json'), JSON.stringify(pkg, null, 2) + '\n');
+    // openclaw.plugin.json
+    const manifest = {
+        id: TOOLS_PLUGIN_ID,
+        name: 'VirtueAI MCP Tools',
+        description: `${tools.length} MCP tools from VirtueAI gateway`,
+        configSchema: { type: 'object', properties: {} },
+    };
+    fs.writeFileSync(path.join(TOOLS_PLUGIN_DIR, 'openclaw.plugin.json'), JSON.stringify(manifest, null, 2) + '\n');
+    // index.ts — register each tool as a native OpenClaw tool
+    const mcpUrl = JSON.stringify(gatewayUrl + '/mcp');
+    const token = JSON.stringify(accessToken);
+    const toolRegistrations = tools.map((tool) => {
+        const name = escapeTs(tool.name);
+        const description = escapeTs(tool.description || `Tool: ${tool.name}`);
+        const schema = JSON.stringify(tool.inputSchema || { type: 'object', properties: {} });
+        return `
+  api.registerTool({
+    name: "${name}",
+    description: "${description}",
+    parameters: ${schema},
+    async execute(_id: string, params: unknown) {
+      try {
+        const response = await fetch(GATEWAY_MCP_URL, {
+          method: "POST",
+          headers: { "Content-Type": "application/json", "Authorization": AUTH_HEADER },
+          body: JSON.stringify({
+            jsonrpc: "2.0",
+            id: Date.now(),
+            method: "tools/call",
+            params: { name: "${name}", arguments: params }
+          })
+        });
 
-const GATEWAY_MCP_URL = ${JSON.stringify(gatewayUrl + '/mcp')};
-const TOKEN = ${JSON.stringify(accessToken)};
+        const result = await response.json();
 
-const rl = createInterface({ input: process.stdin, terminal: false });
-let buf = "";
+        if (result.error) {
+          return {
+            content: [{ type: "text", text: \`Error: \${result.error.message}\` }],
+            isError: true
+          };
+        }
 
-rl.on("line", (line) => {
-  buf += line;
-  let msg;
-  try { msg = JSON.parse(buf); } catch { return; }
-  buf = "";
-  forward(msg);
-});
+        const text = result.result?.content
+          ?.map((c: any) => c.text ?? c.data ?? "")
+          .join("\\n") ?? JSON.stringify(result.result);
 
-function forward(msg) {
-  const parsed = new URL(GATEWAY_MCP_URL);
-  const mod = parsed.protocol === "https:" ? https : http;
-  const body = JSON.stringify(msg);
-  const req = mod.request(parsed, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-      "Authorization": "Bearer " + TOKEN,
-      "Accept": "application/json, text/event-stream",
-      "Content-Length": Buffer.byteLength(body),
-    },
-  }, (res) => {
-    let data = "";
-    res.on("data", (c) => data += c);
-    res.on("end", () => {
-      if (data.trim()) {
-        process.stdout.write(data.trim() + "\\n");
+        return {
+          content: [{ type: "text", text }],
+          isError: false
+        };
+      } catch (err) {
+        return {
+          content: [{ type: "text", text: \`Error calling ${name}: \${err}\` }],
+          isError: true
+        };
       }
-    });
-  });
-  req.on("error", (e) => {
-    if (msg.id != null) {
-      process.stdout.write(JSON.stringify({
-        jsonrpc: "2.0",
-        id: msg.id,
-        error: { code: -32000, message: "Proxy error: " + e.message },
-      }) + "\\n");
     }
-  });
-  req.end(body);
+  });`;
+    });
+    const pluginSource = `\
+const GATEWAY_MCP_URL = ${mcpUrl};
+const AUTH_HEADER = "Bearer " + ${token};
+
+export default function (api: any) {
+${toolRegistrations.join('\n')}
 }
 `;
-    fs.writeFileSync(MCP_PROXY_PATH, source, { mode: 0o755 });
-    console.log(`  Generated proxy: ${MCP_PROXY_PATH}`);
+    fs.writeFileSync(path.join(TOOLS_PLUGIN_DIR, 'index.ts'), pluginSource);
+    console.log(`  Generated MCP tools plugin: ${TOOLS_PLUGIN_DIR} (${tools.length} tools)`);
 }
-function writeMcpConfig(gatewayUrl, accessToken, guardUuid) {
+// ---------------------------------------------------------------------------
+// Step 3: Write config & patch openclaw.json
+// ---------------------------------------------------------------------------
+function writeGatewayConfig(gatewayUrl, accessToken, guardUuid, apiUrl, gatewayId) {
     fs.mkdirSync(OPENCLAW_DIR, { recursive: true });
-    generateMcpProxy(gatewayUrl, accessToken);
     const config = {
-        mcpServers: {
-            virtueai: {
-                type: 'stdio',
-                command: 'node',
-                args: [MCP_PROXY_PATH],
-            },
-        },
         trajectory: {
             gatewayUrl,
+            apiUrl: apiUrl || DEFAULT_API_URL,
+            gatewayId: gatewayId || DEFAULT_GATEWAY_ID,
             guardUuid: guardUuid || process.env.VIRTUEAI_GUARD_UUID || '',
         },
         _auth: {
@@ -309,10 +359,7 @@ function writeMcpConfig(gatewayUrl, accessToken, guardUuid) {
     fs.writeFileSync(MCP_CONFIG_PATH, JSON.stringify(config, null, 2) + '\n');
     console.log(`  Written: ${MCP_CONFIG_PATH}`);
 }
-// ---------------------------------------------------------------------------
-// Step 3: Patch openclaw.json
-// ---------------------------------------------------------------------------
-function patchOpenClawConfig() {
+function patchOpenClawConfig(model) {
     let config = {};
     if (fs.existsSync(OPENCLAW_CONFIG_PATH)) {
         try {
@@ -323,80 +370,64 @@ function patchOpenClawConfig() {
             config = {};
         }
     }
-    // Ensure nested structure exists
     if (!config.agents)
         config.agents = {};
     if (!config.agents.defaults)
         config.agents.defaults = {};
-    // Set model to claude-cli if not already set
-    if (!config.agents.defaults.model) {
-        config.agents.defaults.model = { primary: 'claude-cli/sonnet' };
+    if (model) {
+        config.agents.defaults.model = { primary: model };
     }
-    // Ensure cliBackends.claude-cli exists (don't override user's existing config)
-    if (!config.agents.defaults.cliBackends)
-        config.agents.defaults.cliBackends = {};
-    if (!config.agents.defaults.cliBackends['claude-cli']) {
-        config.agents.defaults.cliBackends['claude-cli'] = {
-            command: 'claude',
-        };
+    else if (!config.agents.defaults.model ||
+        config.agents.defaults.model?.primary?.startsWith('claude-cli/')) {
+        config.agents.defaults.model = { primary: 'anthropic/claude-opus-4-6' };
+    }
+    // Clear models allowlist so users can switch to any model in OpenClaw
+    config.agents.defaults.models = {};
+    // Enable virtueai-mcp-tools plugin
+    if (!config.plugins)
+        config.plugins = {};
+    if (!config.plugins.entries)
+        config.plugins.entries = {};
+    config.plugins.entries[TOOLS_PLUGIN_ID] = { enabled: true };
+    if (!config.plugins.allow)
+        config.plugins.allow = [];
+    if (!config.plugins.allow.includes(TOOLS_PLUGIN_ID)) {
+        config.plugins.allow.push(TOOLS_PLUGIN_ID);
     }
-    const cliBackend = config.agents.defaults.cliBackends['claude-cli'];
-    // OpenClaw mergeBackendConfig: override.args ?? base.args (full replacement, not merge)
-    if (!Array.isArray(cliBackend.args)) {
-        cliBackend.args = ['-p', '--output-format', 'json', '--permission-mode', 'bypassPermissions'];
+    if (!config.plugins.installs)
+        config.plugins.installs = {};
+    config.plugins.installs[TOOLS_PLUGIN_ID] = {
+        source: 'path',
+        sourcePath: TOOLS_PLUGIN_DIR,
+        installPath: TOOLS_PLUGIN_DIR,
+        version: '1.0.0',
+        installedAt: new Date().toISOString(),
+    };
+    // Add plugin tools to agent allowlist (required for OpenClaw to expose them)
+    // Follows the pattern from DecodingTrust-Agent:
+    //   agents.list[{id: "main", tools: {allow: ["group:plugins", pluginId]}}]
+    if (!config.agents.list)
+        config.agents.list = [];
+    let mainAgent = config.agents.list.find((a) => a.id === 'main');
+    if (!mainAgent) {
+        mainAgent = { id: 'main' };
+        config.agents.list.push(mainAgent);
     }
-    const mcpIdx = cliBackend.args.indexOf('--mcp-config');
-    if (mcpIdx !== -1) {
-        cliBackend.args[mcpIdx + 1] = MCP_CONFIG_PATH;
+    if (!mainAgent.tools)
+        mainAgent.tools = {};
+    if (!mainAgent.tools.allow)
+        mainAgent.tools.allow = [];
+    const allowlist = mainAgent.tools.allow;
+    if (!allowlist.includes('group:plugins')) {
+        allowlist.push('group:plugins');
     }
-    else {
-        cliBackend.args.push('--mcp-config', MCP_CONFIG_PATH);
+    if (!allowlist.includes(TOOLS_PLUGIN_ID)) {
+        allowlist.push(TOOLS_PLUGIN_ID);
     }
-    // Write back
     fs.writeFileSync(OPENCLAW_CONFIG_PATH, JSON.stringify(config, null, 2) + '\n');
     console.log(`  Patched: ${OPENCLAW_CONFIG_PATH}`);
 }
 // ---------------------------------------------------------------------------
-// Step 4: Verify connection
-// ---------------------------------------------------------------------------
-async function verifyConnection(gatewayUrl, accessToken) {
-    console.log('  Verifying token with gateway...');
-    const { status, data } = await fetchJson(`${gatewayUrl}/mcp`, {
-        method: 'POST',
-        headers: {
-            'Content-Type': 'application/json',
-            Authorization: `Bearer ${accessToken}`,
-        },
-        body: JSON.stringify({
-            jsonrpc: '2.0',
-            id: 1,
-            method: 'tools/list',
-            params: {},
-        }),
-    });
-    if (status === 200 && data?.result?.tools) {
-        const tools = data.result.tools;
-        const toolCount = tools.length;
-        // Group by prefix
-        const groups = {};
-        for (const t of tools) {
-            const prefix = t.name.split('_')[0];
-            groups[prefix] = (groups[prefix] || 0) + 1;
-        }
-        console.log(`  Verified! ${toolCount} tools available:`);
-        for (const [prefix, count] of Object.entries(groups).sort()) {
-            console.log(`    ${prefix}: ${count} tools`);
-        }
-        return toolCount;
-    }
-    else {
-        console.warn(`  Warning: verification returned status ${status}`);
-        console.warn(`  Response: ${JSON.stringify(data).slice(0, 200)}`);
-        console.warn('  Token was saved but may not work yet.');
-        return 0;
-    }
-}
-// ---------------------------------------------------------------------------
 // Main
 // ---------------------------------------------------------------------------
 async function main() {
@@ -408,51 +439,72 @@ Usage:
   npx @virtue-ai/gateway-connect [options]
 
 Options:
-  --gateway-url <url>    Gateway URL (default: ${DEFAULT_GATEWAY_URL})
+  --gateway-url <url>    MCP gateway URL (default: ${DEFAULT_GATEWAY_URL})
+  --api-url <url>        Prompt-guard API URL (default: ${DEFAULT_API_URL})
+  --gateway-id <id>      Gateway ID for trajectory (default: ${DEFAULT_GATEWAY_ID})
+  --model <model>        Model to use (e.g. openai/gpt-4o, anthropic/claude-sonnet-4-5)
   --guard-uuid <uuid>    Guard UUID for trajectory recording (or set VIRTUEAI_GUARD_UUID)
   --help                 Show this help message
 
 What it does:
   1. Opens browser for OAuth login
-  2. Saves MCP config to ~/.openclaw/mcp-gateway.json
-  3. Patches ~/.openclaw/openclaw.json to use the gateway
-  4. Installs trajectory plugin for full session recording
-  5. Verifies connection by listing available tools
+  2. Fetches all MCP tools from the gateway
+  3. Generates a native OpenClaw plugin wrapping each tool
+  4. Patches ~/.openclaw/openclaw.json to enable the plugin
+  5. Installs trajectory plugin for full session recording
+
+Supported models:
+  Any embedded model supported by OpenClaw (NOT claude-cli).
+  Examples: openai/gpt-4o, anthropic/claude-sonnet-4-5
 `);
         process.exit(0);
     }
     let gatewayUrl = getArg('gateway-url') || DEFAULT_GATEWAY_URL;
+    const model = getArg('model');
     const guardUuid = getArg('guard-uuid') || process.env.VIRTUEAI_GUARD_UUID;
-    // Strip /mcp suffix and normalize to lowercase
+    const apiUrl = getArg('api-url') || DEFAULT_API_URL;
+    const gatewayId = getArg('gateway-id') || DEFAULT_GATEWAY_ID;
     gatewayUrl = gatewayUrl.replace(/\/mcp\/?$/, '').toLowerCase();
     console.log('\n  VirtueAI Gateway Connect\n');
     console.log(`  Gateway: ${gatewayUrl}`);
+    if (model)
+        console.log(`  Model: ${model}`);
     // Step 1: Authenticate
     const { accessToken } = await authenticate(gatewayUrl);
-    // Step 2: Write MCP config
+    // Step 2: Fetch tools & generate native plugin
     console.log('\n  Configuring OpenClaw...');
-    writeMcpConfig(gatewayUrl, accessToken, guardUuid);
-    // Step 3: Patch openclaw.json
-    patchOpenClawConfig();
-    // Step 4: Install trajectory plugin
+    const tools = await fetchToolsList(gatewayUrl, accessToken);
+    if (tools.length === 0) {
+        console.error('\n  Error: No tools found on gateway. Token may be invalid.');
+        process.exit(1);
+    }
+    generateMcpToolsPlugin(gatewayUrl, accessToken, tools);
+    // Step 3: Write gateway config (for trajectory plugin)
+    writeGatewayConfig(gatewayUrl, accessToken, guardUuid, apiUrl, gatewayId);
+    // Step 4: Patch openclaw.json (enable tools plugin + set model)
+    patchOpenClawConfig(model);
+    // Step 5: Install trajectory plugin
     console.log('\n  Setting up trajectory recording...');
     generateTrajectoryPlugin(guardUuid);
     enableTrajectoryPlugin();
-    // Step 5: Verify
-    console.log('');
-    const toolCount = await verifyConnection(gatewayUrl, accessToken);
     // Done
+    const modelDisplay = model || 'existing (unchanged)';
     console.log(`
   Done! OpenClaw is now connected to VirtueAI MCP gateway.
-  ${toolCount} tools available across the gateway.
+  ${tools.length} tools registered as native OpenClaw tools.
+  Model: ${modelDisplay}
   Trajectory recording enabled (via virtueai-trajectory plugin).
 
   Config files:
     ${MCP_CONFIG_PATH}
     ${OPENCLAW_CONFIG_PATH}
+    ${TOOLS_PLUGIN_DIR}
 
   Start using it:
     openclaw agent --local --message "What tools do you have?"
+
+  To use a different model:
+    npx @virtue-ai/gateway-connect --gateway-url ${gatewayUrl} --model openai/gpt-4o
 `);
     process.exit(0);
 }

package/dist/trajectory-plugin.js

@@ -49,6 +49,8 @@ function loadConfig() {
     const cfg = JSON.parse(raw);
 
     const gatewayUrl = cfg._auth?.gatewayUrl ?? cfg.trajectory?.gatewayUrl ?? "";
+    const apiUrl = cfg.trajectory?.apiUrl ?? gatewayUrl;
+    const gatewayId = cfg.trajectory?.gatewayId ?? "";
     const token = cfg._auth?.accessToken ?? "";
 
     const guardUuid =
@@ -56,8 +58,8 @@ function loadConfig() {
       process.env.VIRTUEAI_GUARD_UUID ||
       DEFAULT_GUARD_UUID;
 
-    if (!gatewayUrl || !token) return null;
-    return { gatewayUrl, token, guardUuid };
+    if (!apiUrl || !token) return null;
+    return { gatewayUrl, apiUrl, gatewayId, token, guardUuid };
   } catch {
     return null;
   }
@@ -84,7 +86,7 @@ const plugin = {
 
     let gatewaySessionId = null;
     let endpointDisabled = false;
-    const endpoint = config.gatewayUrl + "/api/prompt-guard/topic_guard";
+    const endpoint = config.apiUrl + "/api/prompt-guard/topic_guard";
 
     api.logger.info("[virtueai-trajectory] Plugin registered, sending to " + config.gatewayUrl);
 
@@ -94,6 +96,7 @@ const plugin = {
       const body = {
         user_prompt: truncate(content),
         guard_uuid: config.guardUuid,
+        gateway_id: config.gatewayId,
         role,
       };
       if (gatewaySessionId) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@virtue-ai/gateway-connect",
-  "version": "0.2.1",
+  "version": "0.3.1",
   "description": "One-command setup to connect OpenClaw to VirtueAI MCP gateway",
   "type": "module",
   "files": [