abm1click-openclaw 1.0.0

package/dist/cli.js

@@ -0,0 +1,1788 @@
+#!/usr/bin/env node
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+
+// src/cli.ts
+import { Command } from "commander";
+import chalk3 from "chalk";
+
+// src/constants.ts
+import { join } from "path";
+import { homedir } from "os";
+var DEFAULT_PORT = 20128;
+var DEFAULT_BASE_URL = `http://127.0.0.1:${DEFAULT_PORT}`;
+var DEFAULT_API_BASE_URL = `${DEFAULT_BASE_URL}/v1`;
+var DEFAULT_DASHBOARD_URL = DEFAULT_BASE_URL;
+var STATE_DIR = join(homedir(), ".oneclick-openclaw");
+var STATE_FILE_PATH = join(STATE_DIR, "state.json");
+var LOG_DIR = join(STATE_DIR, "logs");
+var LOG_FILE_PATH = join(LOG_DIR, "install.log");
+var ARTIFACTS_DIR = join(STATE_DIR, "artifacts");
+var TIMEOUTS = {
+  NINE_ROUTER_READY: 6e4,
+  // 60s for 9router to start
+  NINE_ROUTER_POLL_INTERVAL: 2e3,
+  // 2s between readiness polls
+  AUTH_TIMEOUT: 6e5,
+  // 10 min for OAuth
+  AUTH_POLL_INTERVAL: 3e3,
+  // 3s between auth polls
+  SMOKE_9ROUTER: 6e4,
+  // 60s for gateway smoke
+  SMOKE_OPENCLAW: 9e4,
+  // 90s for openclaw smoke
+  HEALTH_CHECK: 1e4
+  // 10s for health check
+};
+var EXIT_CODES = {
+  SUCCESS: 0,
+  FATAL_GENERIC: 1,
+  UNSUPPORTED_ENV: 2,
+  DEPENDENCY_MISSING: 3,
+  PORT_CONFLICT: 4,
+  OAUTH_FAILED: 5,
+  NINE_ROUTER_FAILURE: 6,
+  OPENCLAW_FAILURE: 7,
+  SMOKE_TEST_FAILURE: 8,
+  STATE_CORRUPTION: 9,
+  USER_ABORTED: 10
+};
+var INSTALL_STEPS = [
+  "PRECHECK",
+  "INSTALL_9ROUTER",
+  "START_9ROUTER",
+  "WAIT_9ROUTER_READY",
+  "OPEN_AUTH_PAGE",
+  "WAIT_GEMINI_AUTH",
+  "ENSURE_9ROUTER_API_KEY",
+  "INSTALL_OPENCLAW",
+  "LOCATE_OPENCLAW_CONFIG",
+  "PATCH_OPENCLAW_PROVIDER",
+  "SET_DEFAULT_MODEL",
+  "VALIDATE_OPENCLAW_CONFIG",
+  "SMOKE_TEST_9ROUTER",
+  "SMOKE_TEST_OPENCLAW"
+];
+var STATE_VERSION = 1;
+var PROVIDER_ID = "9router";
+var DEFAULT_MODEL = {
+  primary: "gc/gemini-3-flash-preview",
+  fallbacks: [
+    "if/kimi-k2-thinking",
+    "qw/qwen3-coder-plus"
+  ]
+};
+var APP = {
+  NAME: "oneclick-openclaw",
+  VERSION: "1.0.0",
+  DESCRIPTION: "OneClick OpenClaw Launcher \u2014 1 command to setup 9router + openclaw"
+};
+
+// src/state/store.ts
+import { randomUUID as randomUUID2 } from "crypto";
+
+// src/utils/fs.ts
+import {
+  writeFileSync,
+  readFileSync,
+  renameSync,
+  copyFileSync,
+  mkdirSync,
+  existsSync,
+  accessSync,
+  unlinkSync,
+  constants as fsConstants
+} from "fs";
+import { dirname, join as join2 } from "path";
+import { randomUUID } from "crypto";
+function atomicWriteFileSync(filePath, data) {
+  const dir = dirname(filePath);
+  mkdirSync(dir, { recursive: true });
+  const tempPath = join2(dir, `.tmp-${randomUUID().slice(0, 8)}`);
+  writeFileSync(tempPath, data, "utf-8");
+  try {
+    renameSync(tempPath, filePath);
+  } catch {
+    copyFileSync(tempPath, filePath);
+    try {
+      unlinkSync(tempPath);
+    } catch {
+    }
+  }
+}
+function readFileSafe(filePath) {
+  try {
+    return readFileSync(filePath, "utf-8");
+  } catch {
+    return null;
+  }
+}
+function backupFile(filePath) {
+  if (!existsSync(filePath)) {
+    throw new Error(`Cannot backup: file not found: ${filePath}`);
+  }
+  const dir = dirname(filePath);
+  const timestamp2 = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
+  const backupPath = join2(dir, `backup-${timestamp2}-${randomUUID().slice(0, 6)}.json`);
+  copyFileSync(filePath, backupPath);
+  return backupPath;
+}
+function ensureDir(dirPath) {
+  mkdirSync(dirPath, { recursive: true });
+}
+function hasWriteAccess(dirPath) {
+  try {
+    mkdirSync(dirPath, { recursive: true });
+    accessSync(dirPath, fsConstants.W_OK);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function fileExists(filePath) {
+  return existsSync(filePath);
+}
+
+// src/utils/json.ts
+function safeJsonParse(text) {
+  try {
+    return JSON.parse(text);
+  } catch {
+    return null;
+  }
+}
+function prettyJson(value) {
+  return JSON.stringify(value, null, 2);
+}
+function isPlainObject(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function deepMerge(target, source) {
+  const result = { ...target };
+  for (const key of Object.keys(source)) {
+    const targetVal = result[key];
+    const sourceVal = source[key];
+    if (isPlainObject(targetVal) && isPlainObject(sourceVal)) {
+      result[key] = deepMerge(targetVal, sourceVal);
+    } else {
+      result[key] = sourceVal;
+    }
+  }
+  return result;
+}
+
+// src/utils/env.ts
+import { platform, arch } from "os";
+function detectPlatform() {
+  const os = platform();
+  const cpuArch = arch();
+  let shell = "bash";
+  if (os === "win32") {
+    shell = process.env.SHELL ?? "powershell";
+  } else {
+    shell = process.env.SHELL ?? "/bin/bash";
+  }
+  return { os, arch: cpuArch, shell };
+}
+function isWSL() {
+  try {
+    const { readFileSync: readFileSync4 } = __require("fs");
+    const procVersion = readFileSync4("/proc/version", "utf-8");
+    return procVersion.toLowerCase().includes("microsoft");
+  } catch {
+    return false;
+  }
+}
+async function commandExists(cmd) {
+  try {
+    const { execaCommand } = await import("execa");
+    const whichCmd = platform() === "win32" ? `where ${cmd}` : `which ${cmd}`;
+    const result = await execaCommand(whichCmd, { reject: false });
+    return result.exitCode === 0;
+  } catch {
+    return false;
+  }
+}
+
+// src/utils/logger.ts
+import chalk from "chalk";
+import { mkdirSync as mkdirSync2, appendFileSync } from "fs";
+import { dirname as dirname2 } from "path";
+var SECRET_PATTERNS = [
+  /sk_[a-zA-Z0-9_-]{10,}/g,
+  /Bearer\s+[a-zA-Z0-9._-]+/gi,
+  /api[_-]?key["\s:=]+["']?[a-zA-Z0-9_-]{8,}["']?/gi,
+  /token["\s:=]+["']?[a-zA-Z0-9._-]{8,}["']?/gi
+];
+function redact(text) {
+  let result = text;
+  for (const pattern of SECRET_PATTERNS) {
+    result = result.replace(pattern, "[REDACTED]");
+  }
+  return result;
+}
+function timestamp() {
+  return (/* @__PURE__ */ new Date()).toISOString();
+}
+function ensureLogDir() {
+  try {
+    mkdirSync2(dirname2(LOG_FILE_PATH), { recursive: true });
+  } catch {
+  }
+}
+function writeToFile(level, message, installId) {
+  try {
+    ensureLogDir();
+    const idPart = installId ? `[id=${installId.slice(0, 8)}]` : "";
+    const line = `${timestamp()} ${level.toUpperCase().padEnd(5)} ${idPart} ${redact(message)}
+`;
+    appendFileSync(LOG_FILE_PATH, line, "utf-8");
+  } catch {
+  }
+}
+var ICONS = {
+  info: chalk.blue("\u2139"),
+  warn: chalk.yellow("\u26A0"),
+  error: chalk.red("\u2716"),
+  debug: chalk.gray("\u2299")
+};
+var Logger = class {
+  installId;
+  verbose;
+  constructor(opts) {
+    this.installId = opts?.installId;
+    this.verbose = opts?.verbose ?? false;
+  }
+  setInstallId(id) {
+    this.installId = id;
+  }
+  info(message, meta) {
+    const metaStr = meta ? ` ${JSON.stringify(meta)}` : "";
+    console.log(`${ICONS.info} ${message}`);
+    writeToFile("INFO", `${message}${metaStr}`, this.installId);
+  }
+  warn(message, meta) {
+    const metaStr = meta ? ` ${JSON.stringify(meta)}` : "";
+    console.log(`${ICONS.warn} ${chalk.yellow(message)}`);
+    writeToFile("WARN", `${message}${metaStr}`, this.installId);
+  }
+  error(message, meta) {
+    const metaStr = meta ? ` ${JSON.stringify(meta)}` : "";
+    console.error(`${ICONS.error} ${chalk.red(message)}`);
+    writeToFile("ERROR", `${message}${metaStr}`, this.installId);
+  }
+  debug(message, meta) {
+    const metaStr = meta ? ` ${JSON.stringify(meta)}` : "";
+    if (this.verbose) {
+      console.log(`${ICONS.debug} ${chalk.gray(message)}`);
+    }
+    writeToFile("DEBUG", `${message}${metaStr}`, this.installId);
+  }
+  /** Log a step transition */
+  step(state, message) {
+    console.log(`${chalk.cyan("\u2192")} ${chalk.bold(state)} ${message}`);
+    writeToFile("INFO", `[state=${state}] ${message}`, this.installId);
+  }
+  /** Log success with green checkmark */
+  success(message) {
+    console.log(`${chalk.green("\u2714")} ${chalk.green(message)}`);
+    writeToFile("INFO", `[SUCCESS] ${message}`, this.installId);
+  }
+};
+var logger = new Logger();
+
+// src/utils/crypto.ts
+import { createCipheriv, createDecipheriv, randomBytes, scryptSync, createHash } from "crypto";
+import { homedir as homedir2, hostname, userInfo } from "os";
+var ALGORITHM = "aes-256-gcm";
+var IV_LENGTH = 16;
+var AUTH_TAG_LENGTH = 16;
+var SALT_LENGTH = 32;
+var KEY_LENGTH = 32;
+var ENCRYPTED_PREFIX = "enc:v1:";
+function deriveMachineKey(salt) {
+  const machineId = [
+    hostname(),
+    homedir2(),
+    userInfo().username,
+    "oneclick-openclaw-v1"
+    // namespace
+  ].join("|");
+  const seedHash = createHash("sha256").update(machineId).digest();
+  return scryptSync(seedHash, salt, KEY_LENGTH);
+}
+function encryptField(plaintext) {
+  if (!plaintext || plaintext.startsWith(ENCRYPTED_PREFIX)) {
+    return plaintext;
+  }
+  try {
+    const salt = randomBytes(SALT_LENGTH);
+    const key = deriveMachineKey(salt);
+    const iv = randomBytes(IV_LENGTH);
+    const cipher = createCipheriv(ALGORITHM, key, iv, {
+      authTagLength: AUTH_TAG_LENGTH
+    });
+    let encrypted = cipher.update(plaintext, "utf-8", "hex");
+    encrypted += cipher.final("hex");
+    const authTag = cipher.getAuthTag();
+    return [
+      ENCRYPTED_PREFIX,
+      salt.toString("hex"),
+      iv.toString("hex"),
+      authTag.toString("hex"),
+      encrypted
+    ].join("");
+  } catch (err) {
+    logger.warn(`Encryption failed, storing plaintext: ${err instanceof Error ? err.message : String(err)}`);
+    return plaintext;
+  }
+}
+function decryptField(encryptedValue) {
+  if (!encryptedValue || !encryptedValue.startsWith(ENCRYPTED_PREFIX)) {
+    return encryptedValue;
+  }
+  try {
+    const payload = encryptedValue.slice(ENCRYPTED_PREFIX.length);
+    const saltHex = payload.slice(0, SALT_LENGTH * 2);
+    const rest = payload.slice(SALT_LENGTH * 2);
+    const ivHex = rest.slice(0, IV_LENGTH * 2);
+    const authTagHex = rest.slice(IV_LENGTH * 2, IV_LENGTH * 2 + AUTH_TAG_LENGTH * 2);
+    const ciphertextHex = rest.slice(IV_LENGTH * 2 + AUTH_TAG_LENGTH * 2);
+    const salt = Buffer.from(saltHex, "hex");
+    const iv = Buffer.from(ivHex, "hex");
+    const authTag = Buffer.from(authTagHex, "hex");
+    const key = deriveMachineKey(salt);
+    const decipher = createDecipheriv(ALGORITHM, key, iv, {
+      authTagLength: AUTH_TAG_LENGTH
+    });
+    decipher.setAuthTag(authTag);
+    let decrypted = decipher.update(ciphertextHex, "hex", "utf-8");
+    decrypted += decipher.final("utf-8");
+    return decrypted;
+  } catch (err) {
+    logger.warn(`Decryption failed, returning raw value: ${err instanceof Error ? err.message : String(err)}`);
+    return encryptedValue;
+  }
+}
+
+// src/state/store.ts
+import { dirname as dirname3 } from "path";
+function encryptArtifacts(artifacts) {
+  const copy = { ...artifacts };
+  if (copy.nineRouterApiKey) {
+    copy.nineRouterApiKey = encryptField(copy.nineRouterApiKey);
+  }
+  return copy;
+}
+function decryptArtifacts(artifacts) {
+  const copy = { ...artifacts };
+  if (copy.nineRouterApiKey) {
+    copy.nineRouterApiKey = decryptField(copy.nineRouterApiKey);
+  }
+  return copy;
+}
+function loadOrCreateState() {
+  const raw = readFileSafe(STATE_FILE_PATH);
+  if (raw) {
+    const parsed = safeJsonParse(raw);
+    if (parsed && parsed.version === STATE_VERSION) {
+      parsed.artifacts = decryptArtifacts(parsed.artifacts);
+      logger.debug(`State loaded: currentState=${parsed.currentState}`);
+      return parsed;
+    }
+    logger.warn("State file corrupted or wrong version, creating new state");
+  }
+  const newState = {
+    version: STATE_VERSION,
+    installationId: randomUUID2(),
+    currentState: "PRECHECK",
+    completedStates: [],
+    stepMeta: {},
+    artifacts: {},
+    platform: detectPlatform()
+  };
+  saveState(newState);
+  logger.debug(`New state created: id=${newState.installationId}`);
+  return newState;
+}
+function saveState(state) {
+  ensureDir(dirname3(STATE_FILE_PATH));
+  const secureState = {
+    ...state,
+    artifacts: encryptArtifacts(state.artifacts)
+  };
+  atomicWriteFileSync(STATE_FILE_PATH, prettyJson(secureState));
+  notifyStateChange(state);
+}
+var stateListeners = [];
+function onStateChange(listener) {
+  stateListeners.push(listener);
+  return () => {
+    const idx = stateListeners.indexOf(listener);
+    if (idx >= 0) stateListeners.splice(idx, 1);
+  };
+}
+function notifyStateChange(state) {
+  for (const listener of stateListeners) {
+    try {
+      listener(state);
+    } catch {
+    }
+  }
+}
+function isStepCompleted(state, step) {
+  return state.completedStates.includes(step);
+}
+function markStepRunning(state, step) {
+  const meta = state.stepMeta[step] ?? {
+    status: "pending",
+    attemptCount: 0,
+    startedAt: null,
+    finishedAt: null,
+    lastError: null
+  };
+  meta.status = "running";
+  meta.attemptCount += 1;
+  meta.startedAt = (/* @__PURE__ */ new Date()).toISOString();
+  meta.finishedAt = null;
+  const next = {
+    ...state,
+    currentState: step,
+    stepMeta: { ...state.stepMeta, [step]: meta }
+  };
+  saveState(next);
+  return next;
+}
+function markStepCompleted(state, step) {
+  const meta = state.stepMeta[step] ?? {
+    status: "pending",
+    attemptCount: 1,
+    startedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    finishedAt: null,
+    lastError: null
+  };
+  meta.status = "completed";
+  meta.finishedAt = (/* @__PURE__ */ new Date()).toISOString();
+  const completedStates = state.completedStates.includes(step) ? state.completedStates : [...state.completedStates, step];
+  const next = {
+    ...state,
+    completedStates,
+    stepMeta: { ...state.stepMeta, [step]: meta }
+  };
+  saveState(next);
+  return next;
+}
+function markStepFailed(state, step, error, recoverable) {
+  const meta = state.stepMeta[step] ?? {
+    status: "pending",
+    attemptCount: 1,
+    startedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    finishedAt: null,
+    lastError: null
+  };
+  meta.status = "failed";
+  meta.finishedAt = (/* @__PURE__ */ new Date()).toISOString();
+  meta.lastError = error;
+  const next = {
+    ...state,
+    currentState: recoverable ? "FAILED_RECOVERABLE" : "FAILED_FATAL",
+    stepMeta: { ...state.stepMeta, [step]: meta }
+  };
+  saveState(next);
+  return next;
+}
+function updateArtifacts(state, artifacts) {
+  const next = {
+    ...state,
+    artifacts: { ...state.artifacts, ...artifacts }
+  };
+  saveState(next);
+  return next;
+}
+function resetState() {
+  try {
+    const { unlinkSync: unlinkSync2 } = __require("fs");
+    unlinkSync2(STATE_FILE_PATH);
+    logger.info("State file deleted");
+  } catch {
+  }
+}
+
+// src/state/machine.ts
+import chalk2 from "chalk";
+function mapError(err) {
+  if (err && typeof err === "object" && "code" in err) {
+    const se = err;
+    return {
+      code: se.code ?? "UNKNOWN",
+      message: se.message ?? String(err),
+      recoverable: se.recoverable ?? false,
+      details: se.details
+    };
+  }
+  return {
+    code: "UNKNOWN",
+    message: err instanceof Error ? err.message : String(err),
+    recoverable: true
+  };
+}
+async function runStep(state, stepName, handler) {
+  if (isStepCompleted(state, stepName)) {
+    logger.debug(`Step ${stepName} already completed, skipping`);
+    return state;
+  }
+  logger.step(stepName, "Starting...");
+  let currentState = markStepRunning(state, stepName);
+  try {
+    currentState = await handler(currentState);
+    currentState = markStepCompleted(currentState, stepName);
+    logger.success(`${stepName} completed`);
+    return currentState;
+  } catch (err) {
+    const mapped = mapError(err);
+    logger.error(`${stepName} failed: ${mapped.message}`);
+    currentState = markStepFailed(currentState, stepName, mapped.message, mapped.recoverable);
+    throw mapped;
+  }
+}
+async function runInstall(handlers2) {
+  let state = loadOrCreateState();
+  logger.setInstallId(state.installationId);
+  console.log("");
+  console.log(chalk2.bold.cyan("  \u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557"));
+  console.log(chalk2.bold.cyan("  \u2551   OneClick OpenClaw Launcher v1.0.0     \u2551"));
+  console.log(chalk2.bold.cyan("  \u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D"));
+  console.log("");
+  for (const step of INSTALL_STEPS) {
+    const handler = handlers2[step];
+    if (!handler) {
+      logger.warn(`No handler registered for step: ${step}`);
+      continue;
+    }
+    state = await runStep(state, step, handler);
+  }
+  state.currentState = "DONE";
+  saveState(state);
+  console.log("");
+  console.log(chalk2.green.bold("  \u2714 Setup complete!"));
+  console.log("");
+  console.log(`  9Router:   ${chalk2.cyan(state.artifacts.nineRouterBaseUrl ?? "http://127.0.0.1:20128")}`);
+  console.log(`  OpenClaw:  ${chalk2.cyan("configured to use 9Router")}`);
+  console.log(`  Auth:      ${chalk2.green("Google connected")}`);
+  console.log(`  Smoke:     ${chalk2.green("PASS")}`);
+  console.log("");
+  console.log(chalk2.gray("  Useful commands:"));
+  console.log(chalk2.gray("    oneclick-openclaw doctor"));
+  console.log(chalk2.gray("    oneclick-openclaw logs"));
+  console.log("");
+}
+async function runResume(handlers2) {
+  let state = loadOrCreateState();
+  logger.setInstallId(state.installationId);
+  if (state.currentState === "DONE") {
+    logger.info("Installation already completed. Nothing to resume.");
+    return;
+  }
+  if (state.currentState === "FAILED_FATAL") {
+    logger.warn("Previous run ended with fatal error. Attempting recovery...");
+  } else if (state.currentState === "FAILED_RECOVERABLE") {
+    logger.info("Previous run paused with recoverable error. Resuming...");
+  }
+  let resumeFrom = INSTALL_STEPS.length;
+  for (let i = 0; i < INSTALL_STEPS.length; i++) {
+    if (!state.completedStates.includes(INSTALL_STEPS[i])) {
+      resumeFrom = i;
+      break;
+    }
+  }
+  if (resumeFrom >= INSTALL_STEPS.length) {
+    state.currentState = "DONE";
+    saveState(state);
+    logger.success("All steps already completed!");
+    return;
+  }
+  logger.info(`Resuming from step ${resumeFrom + 1}/${INSTALL_STEPS.length}: ${INSTALL_STEPS[resumeFrom]}`);
+  for (let i = resumeFrom; i < INSTALL_STEPS.length; i++) {
+    const step = INSTALL_STEPS[i];
+    const handler = handlers2[step];
+    if (!handler) continue;
+    state = await runStep(state, step, handler);
+  }
+  state.currentState = "DONE";
+  saveState(state);
+  logger.success("Resume completed!");
+}
+
+// src/process/ports.ts
+import { createServer } from "net";
+function isPortAvailable(port) {
+  return new Promise((resolve) => {
+    const server = createServer();
+    server.once("error", () => {
+      resolve(false);
+    });
+    server.once("listening", () => {
+      server.close(() => resolve(true));
+    });
+    server.listen(port, "127.0.0.1");
+  });
+}
+
+// src/steps/precheck.ts
+async function precheck(state) {
+  const platform3 = detectPlatform();
+  logger.info(`Platform: ${platform3.os} ${platform3.arch} (shell: ${platform3.shell})`);
+  const checks = [
+    {
+      name: "Node.js",
+      check: () => commandExists("node"),
+      required: true,
+      failMessage: "Node.js is required but not found. Install from https://nodejs.org"
+    },
+    {
+      name: "npm",
+      check: () => commandExists("npm"),
+      required: true,
+      failMessage: "npm is required but not found. It comes with Node.js."
+    },
+    {
+      name: "curl",
+      check: () => commandExists("curl"),
+      required: false,
+      failMessage: "curl is recommended but not found."
+    },
+    {
+      name: `Port ${DEFAULT_PORT}`,
+      check: () => isPortAvailable(DEFAULT_PORT),
+      required: false,
+      // Not required — might have 9router already running
+      failMessage: `Port ${DEFAULT_PORT} is in use. 9router may already be running, or another service is using it.`
+    },
+    {
+      name: "Write access",
+      check: async () => hasWriteAccess(STATE_DIR),
+      required: true,
+      failMessage: `Cannot write to ${STATE_DIR}. Check permissions.`
+    }
+  ];
+  const fatal = [];
+  for (const item of checks) {
+    const ok = await item.check();
+    if (ok) {
+      logger.info(`  \u2714 ${item.name}`);
+    } else if (item.required) {
+      logger.error(`  \u2716 ${item.name}: ${item.failMessage}`);
+      fatal.push(item.failMessage);
+    } else {
+      logger.warn(`  \u26A0 ${item.name}: ${item.failMessage}`);
+    }
+  }
+  if (fatal.length > 0) {
+    throw {
+      code: "PRECHECK_FAILED",
+      message: `Precheck failed:
+${fatal.join("\n")}`,
+      recoverable: false
+    };
+  }
+  return { ...state, platform: platform3 };
+}
+
+// src/process/spawn.ts
+import { spawn as nodeSpawn } from "child_process";
+async function spawnCommand(command, args = [], opts) {
+  const { execa } = await import("execa");
+  logger.debug(`Spawning: ${command} ${args.join(" ")}`);
+  try {
+    const result = await execa(command, args, {
+      cwd: opts?.cwd,
+      timeout: opts?.timeout,
+      reject: false
+    });
+    const pid = result.pid;
+    return {
+      pid: pid ?? void 0,
+      exitCode: result.exitCode ?? null,
+      stdout: typeof result.stdout === "string" ? result.stdout : "",
+      stderr: typeof result.stderr === "string" ? result.stderr : ""
+    };
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    logger.error(`Spawn failed: ${command} \u2014 ${message}`);
+    return { pid: void 0, exitCode: 1, stdout: "", stderr: message };
+  }
+}
+async function spawnBackground(command, args = [], opts) {
+  logger.debug(`Spawning background: ${command} ${args.join(" ")}`);
+  try {
+    const child = nodeSpawn(command, args, {
+      cwd: opts?.cwd,
+      detached: true,
+      stdio: "ignore",
+      shell: true
+    });
+    child.unref();
+    await new Promise((resolve) => setTimeout(resolve, 500));
+    return { pid: child.pid };
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    logger.error(`Background spawn failed: ${command} \u2014 ${message}`);
+    return { pid: void 0 };
+  }
+}
+
+// src/process/health.ts
+async function httpHealthCheck(endpoint, timeoutMs = 1e4) {
+  const start = Date.now();
+  try {
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), timeoutMs);
+    const response = await fetch(endpoint, {
+      method: "GET",
+      signal: controller.signal
+    });
+    clearTimeout(timer);
+    const latencyMs = Date.now() - start;
+    if (response.ok) {
+      return { healthy: true, endpoint, latencyMs };
+    }
+    return {
+      healthy: false,
+      endpoint,
+      latencyMs,
+      error: `HTTP ${response.status}: ${response.statusText}`
+    };
+  } catch (err) {
+    const latencyMs = Date.now() - start;
+    const message = err instanceof Error ? err.message : String(err);
+    logger.debug(`Health check failed: ${endpoint} \u2014 ${message}`);
+    return {
+      healthy: false,
+      endpoint,
+      latencyMs,
+      error: message
+    };
+  }
+}
+
+// src/utils/retry.ts
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+async function pollUntil(condition, opts) {
+  const start = Date.now();
+  while (Date.now() - start < opts.timeoutMs) {
+    if (await condition()) return;
+    await sleep(opts.intervalMs);
+  }
+  throw new Error(
+    `Timeout after ${opts.timeoutMs}ms waiting for: ${opts.label ?? "condition"}`
+  );
+}
+
+// src/adapters/nineRouterAdapter.ts
+var NineRouterAdapter = class {
+  port;
+  constructor(port = DEFAULT_PORT) {
+    this.port = port;
+  }
+  async isInstalled() {
+    const hasNpm = await commandExists("9router");
+    if (hasNpm) return true;
+    const result = await spawnCommand("npx", ["9router", "--version"]);
+    return result.exitCode === 0;
+  }
+  async install() {
+    logger.info("Installing 9router via npm...");
+    const result = await spawnCommand("npm", ["install", "-g", "9router"], {
+      timeout: 12e4
+    });
+    if (result.exitCode !== 0) {
+      throw {
+        code: "9ROUTER_INSTALL_FAILED",
+        message: `9router installation failed: ${result.stderr}`,
+        recoverable: true
+      };
+    }
+    logger.info("9router installed successfully");
+  }
+  async isRunning(baseUrl = DEFAULT_BASE_URL) {
+    const check = await httpHealthCheck(baseUrl, 5e3);
+    return check.healthy;
+  }
+  async start(opts) {
+    const port = opts?.port ?? this.port;
+    if (await this.isRunning()) {
+      logger.info("9router is already running");
+      return {};
+    }
+    logger.info(`Starting 9router on port ${port}...`);
+    const result = await spawnBackground("9router", ["--port", String(port)]);
+    if (!result.pid) {
+      throw {
+        code: "9ROUTER_START_FAILED",
+        message: "Failed to start 9router process",
+        recoverable: true
+      };
+    }
+    logger.info(`9router started with PID: ${result.pid}`);
+    return result;
+  }
+  async waitUntilReady(baseUrl = DEFAULT_BASE_URL, timeoutMs = 6e4) {
+    logger.info("Waiting for 9router to be ready...");
+    await pollUntil(
+      async () => {
+        const check = await httpHealthCheck(baseUrl, 5e3);
+        return check.healthy;
+      },
+      {
+        intervalMs: 2e3,
+        timeoutMs,
+        label: "9router readiness"
+      }
+    );
+    logger.info("9router is ready");
+  }
+  getBaseUrl() {
+    return DEFAULT_BASE_URL;
+  }
+  getDashboardUrl() {
+    return DEFAULT_DASHBOARD_URL;
+  }
+  getApiBaseUrl() {
+    return DEFAULT_API_BASE_URL;
+  }
+  async getProviderStatus(providerId) {
+    try {
+      const response = await fetch(`${DEFAULT_BASE_URL}/api/providers/${providerId}/status`, {
+        method: "GET"
+      });
+      if (response.ok) {
+        const data = await response.json();
+        if (data.connected) {
+          return {
+            connected: true,
+            providerId,
+            accountHint: data.accountHint
+          };
+        }
+      }
+      return { connected: false, providerId, reason: "Not connected" };
+    } catch {
+      return { connected: false, providerId, reason: "API unreachable" };
+    }
+  }
+  async ensureApiKey() {
+    logger.info("Ensuring 9router API key...");
+    try {
+      const response = await fetch(`${DEFAULT_BASE_URL}/api/keys`, {
+        method: "GET"
+      });
+      if (response.ok) {
+        const data = await response.json();
+        if (data.apiKey && typeof data.apiKey === "string") {
+          logger.info("Retrieved existing API key");
+          return { apiKey: data.apiKey };
+        }
+      }
+      const createResponse = await fetch(`${DEFAULT_BASE_URL}/api/keys`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ name: "oneclick-openclaw" })
+      });
+      if (createResponse.ok) {
+        const data = await createResponse.json();
+        logger.info("Created new API key");
+        return { apiKey: data.apiKey };
+      }
+      const fallbackKey = `sk_local_${Date.now()}`;
+      logger.warn("Could not get/create API key from 9router, using fallback");
+      return { apiKey: fallbackKey };
+    } catch {
+      const fallbackKey = `sk_local_${Date.now()}`;
+      logger.warn("9router API unreachable for key management, using fallback");
+      return { apiKey: fallbackKey };
+    }
+  }
+  async runHealthcheck() {
+    return httpHealthCheck(DEFAULT_BASE_URL);
+  }
+};
+
+// src/steps/install9router.ts
+var adapter = new NineRouterAdapter();
+async function install9router(state) {
+  const installed = await adapter.isInstalled();
+  if (installed) {
+    logger.info("9router is already installed");
+    return state;
+  }
+  await adapter.install();
+  return state;
+}
+
+// src/steps/start9router.ts
+var adapter2 = new NineRouterAdapter();
+async function start9router(state) {
+  if (await adapter2.isRunning()) {
+    logger.info("9router is already running");
+    return updateArtifacts(state, {
+      nineRouterBaseUrl: adapter2.getApiBaseUrl(),
+      nineRouterDashboardUrl: adapter2.getDashboardUrl()
+    });
+  }
+  const result = await adapter2.start();
+  return updateArtifacts(state, {
+    nineRouterBaseUrl: adapter2.getApiBaseUrl(),
+    nineRouterDashboardUrl: adapter2.getDashboardUrl(),
+    nineRouterPid: result.pid
+  });
+}
+
+// src/steps/wait9router.ts
+var adapter3 = new NineRouterAdapter();
+async function wait9router(state) {
+  await adapter3.waitUntilReady(
+    adapter3.getBaseUrl(),
+    TIMEOUTS.NINE_ROUTER_READY
+  );
+  return state;
+}
+
+// src/utils/browser.ts
+import { platform as platform2 } from "os";
+async function openBrowser(url) {
+  const { execaCommand } = await import("execa");
+  const os = platform2();
+  let command;
+  if (os === "darwin") {
+    command = `open "${url}"`;
+  } else if (os === "win32" || isWSL()) {
+    command = `cmd.exe /c start "" "${url}"`;
+  } else if (os === "linux") {
+    command = `xdg-open "${url}"`;
+  } else {
+    logger.warn(`Cannot auto-open browser. Please open manually:
+  ${url}`);
+    return;
+  }
+  try {
+    await execaCommand(command, { reject: false, shell: true });
+    logger.debug(`Browser opened: ${url}`);
+  } catch {
+    logger.warn(`Failed to open browser. Please open manually:
+  ${url}`);
+  }
+}
+
+// src/steps/openAuth.ts
+var adapter4 = new NineRouterAdapter();
+async function openAuth(state) {
+  const dashboardUrl = adapter4.getDashboardUrl();
+  const authUrl = `${dashboardUrl}/providers/google-gemini/connect`;
+  logger.info("Opening browser for Google authentication...");
+  logger.info(`Auth URL: ${authUrl}`);
+  await openBrowser(authUrl);
+  logger.info("Please complete Google sign-in in your browser.");
+  logger.info("The installer will automatically detect when you're done.");
+  return state;
+}
+
+// src/steps/waitAuth.ts
+import ora from "ora";
+var adapter5 = new NineRouterAdapter();
+async function waitAuth(state) {
+  const spinner = ora("Waiting for Google authentication...").start();
+  try {
+    await pollUntil(
+      async () => {
+        const status = await adapter5.getProviderStatus("google-gemini");
+        if (status.connected) {
+          spinner.succeed(`Google authenticated${status.accountHint ? ` (${status.accountHint})` : ""}`);
+          return true;
+        }
+        return false;
+      },
+      {
+        intervalMs: TIMEOUTS.AUTH_POLL_INTERVAL,
+        timeoutMs: TIMEOUTS.AUTH_TIMEOUT,
+        label: "Google authentication"
+      }
+    );
+  } catch {
+    spinner.fail("Google authentication timed out");
+    throw {
+      code: "AUTH_TIMEOUT",
+      message: "Google authentication was not completed in time (10 min timeout).",
+      recoverable: true
+    };
+  }
+  return state;
+}
+
+// src/steps/ensureApiKey.ts
+var adapter6 = new NineRouterAdapter();
+async function ensureApiKey(state) {
+  const { apiKey } = await adapter6.ensureApiKey();
+  logger.info("API key secured (redacted in logs)");
+  return updateArtifacts(state, {
+    nineRouterApiKey: apiKey
+  });
+}
+
+// src/adapters/openClawAdapter.ts
+import { join as join3 } from "path";
+import { homedir as homedir3 } from "os";
+var CONFIG_PATHS = [
+  join3(homedir3(), ".openclaw", "openclaw.json"),
+  join3(homedir3(), ".config", "openclaw", "openclaw.json"),
+  join3(homedir3(), ".openclaw", "config.json")
+];
+var OpenClawAdapter = class {
+  configPath = null;
+  async isInstalled() {
+    return commandExists("openclaw");
+  }
+  async install() {
+    logger.info("Installing OpenClaw...");
+    const result = await spawnCommand("npm", ["install", "-g", "openclaw"], {
+      timeout: 12e4
+    });
+    if (result.exitCode !== 0) {
+      throw {
+        code: "OPENCLAW_INSTALL_FAILED",
+        message: `OpenClaw installation failed: ${result.stderr}`,
+        recoverable: true
+      };
+    }
+    logger.info("OpenClaw installed successfully");
+  }
+  async getConfigPath() {
+    if (this.configPath) return this.configPath;
+    for (const path of CONFIG_PATHS) {
+      if (fileExists(path)) {
+        this.configPath = path;
+        logger.debug(`Found OpenClaw config at: ${path}`);
+        return path;
+      }
+    }
+    this.configPath = CONFIG_PATHS[0];
+    logger.debug(`Using default OpenClaw config path: ${this.configPath}`);
+    return this.configPath;
+  }
+  async readConfig() {
+    const path = await this.getConfigPath();
+    const raw = readFileSafe(path);
+    if (!raw) {
+      logger.debug("No existing OpenClaw config found, using empty config");
+      return {};
+    }
+    const parsed = safeJsonParse(raw);
+    if (!parsed) {
+      logger.warn("OpenClaw config is invalid JSON, using empty config");
+      return {};
+    }
+    return parsed;
+  }
+  async writeConfig(config) {
+    const path = await this.getConfigPath();
+    const { dirname: dirname5 } = await import("path");
+    const { mkdirSync: mkdirSync3 } = await import("fs");
+    try {
+      mkdirSync3(dirname5(path), { recursive: true });
+    } catch {
+    }
+    atomicWriteFileSync(path, prettyJson(config));
+    logger.debug(`Config written to: ${path}`);
+  }
+  async backupConfig() {
+    const path = await this.getConfigPath();
+    if (!fileExists(path)) {
+      logger.debug("No config to backup");
+      return "";
+    }
+    const backupPath = backupFile(path);
+    logger.info(`Config backed up to: ${backupPath}`);
+    return backupPath;
+  }
+  async validateConfig() {
+    const config = await this.readConfig();
+    const errors = [];
+    if (typeof config !== "object" || config === null) {
+      errors.push("Config must be a valid JSON object");
+    }
+    const models = config.models;
+    if (models?.providers) {
+      const providers = models.providers;
+      for (const [id, provider] of Object.entries(providers)) {
+        const p = provider;
+        if (!p.baseUrl) errors.push(`Provider "${id}" missing baseUrl`);
+        if (!p.apiKey) errors.push(`Provider "${id}" missing apiKey`);
+      }
+    }
+    return errors.length === 0 ? { valid: true } : { valid: false, errors };
+  }
+  async runSmokePrompt(prompt) {
+    const start = Date.now();
+    try {
+      const result = await spawnCommand("openclaw", ["--prompt", prompt], {
+        timeout: 9e4
+      });
+      const latencyMs = Date.now() - start;
+      if (result.exitCode === 0 && result.stdout.length > 0) {
+        return {
+          success: true,
+          responseText: result.stdout.slice(0, 500),
+          latencyMs
+        };
+      }
+      return {
+        success: false,
+        latencyMs,
+        error: result.stderr || "No output"
+      };
+    } catch (err) {
+      return {
+        success: false,
+        latencyMs: Date.now() - start,
+        error: err instanceof Error ? err.message : String(err)
+      };
+    }
+  }
+};
+
+// src/steps/installOpenClaw.ts
+var adapter7 = new OpenClawAdapter();
+async function installOpenClaw(state) {
+  const installed = await adapter7.isInstalled();
+  if (installed) {
+    logger.info("OpenClaw is already installed");
+    return state;
+  }
+  await adapter7.install();
+  return state;
+}
+
+// src/steps/locateOpenClawConfig.ts
+var adapter8 = new OpenClawAdapter();
+async function locateOpenClawConfig(state) {
+  const configPath = await adapter8.getConfigPath();
+  logger.info(`OpenClaw config: ${configPath}`);
+  return updateArtifacts(state, {
+    openClawConfigPath: configPath
+  });
+}
+
+// src/adapters/configAdapter.ts
+function patchConfig(input) {
+  const { existingConfig, nineRouterBaseUrl, nineRouterApiKey, providerId, defaultModel } = input;
+  const changedPaths = [];
+  const config = JSON.parse(JSON.stringify(existingConfig));
+  if (!config.models) {
+    config.models = {};
+    changedPaths.push("models");
+  }
+  const models = config.models;
+  if (!models.providers) {
+    models.providers = {};
+    changedPaths.push("models.providers");
+  }
+  const providers = models.providers;
+  const providerBlock = {
+    baseUrl: nineRouterBaseUrl,
+    apiKey: nineRouterApiKey,
+    api: "openai-completions",
+    models: [
+      {
+        id: defaultModel.primary,
+        name: "Gemini Flash Free"
+      },
+      ...(defaultModel.fallbacks ?? []).map((fb) => ({
+        id: fb,
+        name: fb.split("/").pop()
+      }))
+    ]
+  };
+  if (providers[providerId]) {
+    const existing = providers[providerId];
+    providers[providerId] = deepMerge(existing, providerBlock);
+    changedPaths.push(`models.providers.${providerId} (updated)`);
+    logger.debug(`Updated existing provider: ${providerId}`);
+  } else {
+    providers[providerId] = providerBlock;
+    changedPaths.push(`models.providers.${providerId} (added)`);
+    logger.debug(`Added new provider: ${providerId}`);
+  }
+  if (!models.default) {
+    models.default = `${providerId}/${defaultModel.primary}`;
+    changedPaths.push("models.default");
+    logger.debug(`Set default model: ${models.default}`);
+  } else {
+    logger.debug(`User has custom default model, not overriding: ${models.default}`);
+  }
+  const oneclick = config._oneclick ?? {};
+  oneclick.version = 1;
+  oneclick.managedProviderIds = [providerId];
+  oneclick.lastPatchedAt = (/* @__PURE__ */ new Date()).toISOString();
+  config._oneclick = oneclick;
+  changedPaths.push("_oneclick");
+  return { nextConfig: config, changedPaths };
+}
+
+// src/steps/patchOpenClaw.ts
+var adapter9 = new OpenClawAdapter();
+async function patchOpenClaw(state) {
+  const backupPath = await adapter9.backupConfig();
+  const existingConfig = await adapter9.readConfig();
+  const apiKey = state.artifacts.nineRouterApiKey ?? "sk_local_default";
+  const baseUrl = state.artifacts.nineRouterBaseUrl ?? DEFAULT_API_BASE_URL;
+  const { nextConfig, changedPaths } = patchConfig({
+    existingConfig,
+    nineRouterBaseUrl: baseUrl,
+    nineRouterApiKey: apiKey,
+    providerId: PROVIDER_ID,
+    defaultModel: {
+      primary: DEFAULT_MODEL.primary,
+      fallbacks: [...DEFAULT_MODEL.fallbacks]
+    }
+  });
+  await adapter9.writeConfig(nextConfig);
+  logger.info(`Config patched. Changed: ${changedPaths.join(", ")}`);
+  return updateArtifacts(state, {
+    configBackupPath: backupPath || void 0
+  });
+}
+
+// src/steps/validate.ts
+import { copyFileSync as copyFileSync2 } from "fs";
+var adapter10 = new OpenClawAdapter();
+async function validate(state) {
+  const result = await adapter10.validateConfig();
+  if (result.valid) {
+    logger.info("OpenClaw config validation: PASS");
+    return state;
+  }
+  logger.error("OpenClaw config validation: FAIL");
+  for (const err of result.errors) {
+    logger.error(`  - ${err}`);
+  }
+  if (state.artifacts.configBackupPath && state.artifacts.openClawConfigPath) {
+    logger.warn("Rolling back to previous config...");
+    try {
+      copyFileSync2(state.artifacts.configBackupPath, state.artifacts.openClawConfigPath);
+      logger.info("Config rolled back successfully");
+    } catch (rollbackErr) {
+      logger.error(`Rollback failed: ${rollbackErr}`);
+    }
+  }
+  throw {
+    code: "CONFIG_VALIDATION_FAILED",
+    message: `Config validation failed: ${result.errors.join("; ")}`,
+    recoverable: true
+  };
+}
+
+// src/steps/smoke.ts
+import ora2 from "ora";
+var openClawAdapter = new OpenClawAdapter();
+async function smokeTest9Router(state) {
+  const spinner = ora2("Running 9Router smoke test...").start();
+  const apiUrl = state.artifacts.nineRouterBaseUrl ?? DEFAULT_API_BASE_URL;
+  const apiKey = state.artifacts.nineRouterApiKey ?? "";
+  try {
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), TIMEOUTS.SMOKE_9ROUTER);
+    const response = await fetch(`${apiUrl}/chat/completions`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        ...apiKey ? { Authorization: `Bearer ${apiKey}` } : {}
+      },
+      body: JSON.stringify({
+        model: "gc/gemini-3-flash-preview",
+        messages: [
+          { role: "user", content: "Reply with the word OK only." }
+        ]
+      }),
+      signal: controller.signal
+    });
+    clearTimeout(timer);
+    if (response.ok) {
+      const data = await response.json();
+      spinner.succeed("9Router smoke test: PASS");
+      logger.debug(`Smoke response: ${JSON.stringify(data).slice(0, 200)}`);
+      return state;
+    }
+    spinner.fail(`9Router smoke test: HTTP ${response.status}`);
+    throw {
+      code: "SMOKE_9ROUTER_FAILED",
+      message: `9Router smoke test returned HTTP ${response.status}`,
+      recoverable: true
+    };
+  } catch (err) {
+    if (err?.code === "SMOKE_9ROUTER_FAILED") throw err;
+    spinner.fail("9Router smoke test: FAIL");
+    throw {
+      code: "SMOKE_9ROUTER_FAILED",
+      message: `9Router smoke test failed: ${err instanceof Error ? err.message : String(err)}`,
+      recoverable: true
+    };
+  }
+}
+async function smokeTestOpenClaw(state) {
+  const spinner = ora2("Running OpenClaw smoke test...").start();
+  const result = await openClawAdapter.runSmokePrompt("Reply with the word OK only.");
+  if (result.success) {
+    spinner.succeed(`OpenClaw smoke test: PASS (${result.latencyMs}ms)`);
+    return state;
+  }
+  spinner.fail("OpenClaw smoke test: FAIL");
+  throw {
+    code: "SMOKE_OPENCLAW_FAILED",
+    message: `OpenClaw smoke test failed: ${result.error}`,
+    recoverable: true
+  };
+}
+
+// src/cli.ts
+import { existsSync as existsSync3, readFileSync as readFileSync3, rmSync } from "fs";
+
+// src/web/server.ts
+import { createServer as createServer2 } from "http";
+import { readFileSync as readFileSync2, existsSync as existsSync2 } from "fs";
+import { join as join4, dirname as dirname4 } from "path";
+import { fileURLToPath } from "url";
+import { createHash as createHash2 } from "crypto";
+var wsClients = [];
+var heartbeatInterval = null;
+function wsAcceptKey(key) {
+  return createHash2("sha1").update(key + "258EAFA5-E914-47DA-95CA-5AB5DC085B11").digest("base64");
+}
+function encodeWsFrame(message) {
+  const data = Buffer.from(message, "utf-8");
+  const len = data.length;
+  let header;
+  if (len < 126) {
+    header = Buffer.alloc(2);
+    header[0] = 129;
+    header[1] = len;
+  } else if (len < 65536) {
+    header = Buffer.alloc(4);
+    header[0] = 129;
+    header[1] = 126;
+    header.writeUInt16BE(len, 2);
+  } else {
+    header = Buffer.alloc(10);
+    header[0] = 129;
+    header[1] = 127;
+    header.writeBigUInt64BE(BigInt(len), 2);
+  }
+  return Buffer.concat([header, data]);
+}
+function decodeWsFrame(buffer) {
+  if (buffer.length < 2) return null;
+  const opcode = buffer[0] & 15;
+  const masked = (buffer[1] & 128) !== 0;
+  let payloadLength = buffer[1] & 127;
+  let offset = 2;
+  if (payloadLength === 126) {
+    payloadLength = buffer.readUInt16BE(2);
+    offset = 4;
+  } else if (payloadLength === 127) {
+    payloadLength = Number(buffer.readBigUInt64BE(2));
+    offset = 10;
+  }
+  let maskKey = null;
+  if (masked) {
+    maskKey = buffer.subarray(offset, offset + 4);
+    offset += 4;
+  }
+  const payload = buffer.subarray(offset, offset + payloadLength);
+  if (maskKey) {
+    for (let i = 0; i < payload.length; i++) {
+      payload[i] ^= maskKey[i % 4];
+    }
+  }
+  return { opcode, payload: payload.toString("utf-8") };
+}
+function wsBroadcast(message) {
+  const frame = encodeWsFrame(message);
+  for (const client of wsClients) {
+    try {
+      client.socket.write(frame);
+    } catch {
+    }
+  }
+}
+function wsCleanup() {
+  for (let i = wsClients.length - 1; i >= 0; i--) {
+    if (!wsClients[i].alive) {
+      try {
+        wsClients[i].socket.end();
+      } catch {
+      }
+      wsClients.splice(i, 1);
+    } else {
+      wsClients[i].alive = false;
+      try {
+        const ping = Buffer.alloc(2);
+        ping[0] = 137;
+        ping[1] = 0;
+        wsClients[i].socket.write(ping);
+      } catch {
+      }
+    }
+  }
+}
+function resolvePagesDir() {
+  const currentDir = dirname4(fileURLToPath(import.meta.url));
+  const candidates = [
+    join4(currentDir, "pages"),
+    join4(currentDir, "web", "pages"),
+    join4(currentDir, "..", "pages"),
+    join4(process.cwd(), "dist", "pages"),
+    join4(process.cwd(), "src", "web", "pages")
+  ];
+  for (const dir of candidates) {
+    if (existsSync2(dir)) return dir;
+  }
+  return join4(process.cwd(), "src", "web", "pages");
+}
+var PAGES_DIR = resolvePagesDir();
+function loadPage(name) {
+  const filePath = join4(PAGES_DIR, `${name}.html`);
+  try {
+    if (existsSync2(filePath)) {
+      return readFileSync2(filePath, "utf-8");
+    }
+    return `<!DOCTYPE html><html><body><h1>${name}</h1><p>Not found: ${filePath}</p></body></html>`;
+  } catch {
+    return `<!DOCTYPE html><html><body><h1>Error: ${name}</h1></body></html>`;
+  }
+}
+function loadStateJson() {
+  try {
+    if (existsSync2(STATE_FILE_PATH)) {
+      return readFileSync2(STATE_FILE_PATH, "utf-8");
+    }
+  } catch {
+  }
+  return JSON.stringify({ currentState: "IDLE", completedStates: [], steps: {} });
+}
+function startCallbackServer(port = 20199) {
+  logger.debug(`Pages directory resolved to: ${PAGES_DIR}`);
+  const server = createServer2((req, res) => {
+    const url = req.url ?? "/";
+    if (url.startsWith("/api/state")) {
+      res.writeHead(200, {
+        "Content-Type": "application/json",
+        "Access-Control-Allow-Origin": "*"
+      });
+      res.end(loadStateJson());
+      return;
+    }
+    if (url.startsWith("/api/ws-info")) {
+      res.writeHead(200, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ clients: wsClients.length, wsPath: "/ws" }));
+      return;
+    }
+    if (url === "/" || url.includes("/dashboard")) {
+      res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+      res.end(loadPage("dashboard"));
+    } else if (url.includes("/success")) {
+      res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+      res.end(loadPage("success"));
+    } else if (url.includes("/error")) {
+      res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+      res.end(loadPage("error"));
+    } else if (url.includes("/waiting") || url.includes("/auth")) {
+      res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+      res.end(loadPage("waiting"));
+    } else {
+      res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+      res.end(loadPage("dashboard"));
+    }
+  });
+  server.on("upgrade", (req, socket) => {
+    if (req.url !== "/ws") {
+      socket.end("HTTP/1.1 400 Bad Request\r\n\r\n");
+      return;
+    }
+    const key = req.headers["sec-websocket-key"];
+    if (!key) {
+      socket.end("HTTP/1.1 400 Bad Request\r\n\r\n");
+      return;
+    }
+    const acceptKey = wsAcceptKey(key);
+    socket.write(
+      `HTTP/1.1 101 Switching Protocols\r
+Upgrade: websocket\r
+Connection: Upgrade\r
+Sec-WebSocket-Accept: ${acceptKey}\r
+\r
+`
+    );
+    const clientId = `ws_${Date.now()}_${Math.random().toString(36).slice(2, 6)}`;
+    const client = { id: clientId, socket, alive: true };
+    wsClients.push(client);
+    logger.debug(`WebSocket client connected: ${clientId} (total: ${wsClients.length})`);
+    const initialState = loadStateJson();
+    socket.write(encodeWsFrame(JSON.stringify({ type: "state", data: JSON.parse(initialState) })));
+    socket.on("data", (data) => {
+      const frame = decodeWsFrame(data);
+      if (!frame) return;
+      if (frame.opcode === 8) {
+        try {
+          socket.end();
+        } catch {
+        }
+        return;
+      }
+      if (frame.opcode === 10) {
+        client.alive = true;
+        return;
+      }
+      if (frame.opcode === 1) {
+        client.alive = true;
+        if (frame.payload === "ping") {
+          socket.write(encodeWsFrame(JSON.stringify({ type: "pong", ts: Date.now() })));
+        }
+      }
+    });
+    socket.on("close", () => {
+      const idx = wsClients.indexOf(client);
+      if (idx >= 0) wsClients.splice(idx, 1);
+      logger.debug(`WebSocket client disconnected: ${clientId} (total: ${wsClients.length})`);
+    });
+    socket.on("error", () => {
+      const idx = wsClients.indexOf(client);
+      if (idx >= 0) wsClients.splice(idx, 1);
+    });
+  });
+  onStateChange((state) => {
+    wsBroadcast(JSON.stringify({ type: "state", data: state }));
+  });
+  heartbeatInterval = setInterval(wsCleanup, 3e4);
+  server.listen(port, "127.0.0.1", () => {
+    logger.debug(`Web server listening on http://127.0.0.1:${port}`);
+    logger.debug(`WebSocket available at ws://127.0.0.1:${port}/ws`);
+  });
+  return {
+    close: () => {
+      if (heartbeatInterval) clearInterval(heartbeatInterval);
+      wsClients.forEach((c) => {
+        try {
+          c.socket.end();
+        } catch {
+        }
+      });
+      wsClients.length = 0;
+      server.close();
+    },
+    port
+  };
+}
+
+// src/cli.ts
+var handlers = {
+  PRECHECK: precheck,
+  INSTALL_9ROUTER: install9router,
+  START_9ROUTER: start9router,
+  WAIT_9ROUTER_READY: wait9router,
+  OPEN_AUTH_PAGE: openAuth,
+  WAIT_GEMINI_AUTH: waitAuth,
+  ENSURE_9ROUTER_API_KEY: ensureApiKey,
+  INSTALL_OPENCLAW: installOpenClaw,
+  LOCATE_OPENCLAW_CONFIG: locateOpenClawConfig,
+  PATCH_OPENCLAW_PROVIDER: patchOpenClaw,
+  SET_DEFAULT_MODEL: async (state) => {
+    logger.info("Default model configuration verified");
+    return state;
+  },
+  VALIDATE_OPENCLAW_CONFIG: validate,
+  SMOKE_TEST_9ROUTER: smokeTest9Router,
+  SMOKE_TEST_OPENCLAW: smokeTestOpenClaw
+};
+var program = new Command();
+program.name(APP.NAME).version(APP.VERSION).description(APP.DESCRIPTION);
+program.command("install").description("Run full setup: install 9router, authenticate, install & configure OpenClaw").action(async () => {
+  try {
+    await runInstall(handlers);
+    process.exit(EXIT_CODES.SUCCESS);
+  } catch (err) {
+    const e = err;
+    if (e.recoverable) {
+      console.log("");
+      console.log(chalk3.yellow(`  Setup paused at: ${e.code ?? "unknown"}`));
+      console.log(chalk3.yellow(`  Reason: ${e.message}`));
+      console.log("");
+      console.log(chalk3.gray("  Next steps:"));
+      console.log(chalk3.gray("    oneclick-openclaw resume"));
+      console.log(chalk3.gray("    oneclick-openclaw doctor"));
+      console.log("");
+      process.exit(EXIT_CODES.OAUTH_FAILED);
+    } else {
+      console.log("");
+      console.log(chalk3.red(`  Setup failed: ${e.message}`));
+      console.log("");
+      console.log(chalk3.gray("  See logs:"));
+      console.log(chalk3.gray("    oneclick-openclaw logs"));
+      console.log("");
+      process.exit(EXIT_CODES.FATAL_GENERIC);
+    }
+  }
+});
+program.command("resume").description("Resume setup from the last checkpoint").action(async () => {
+  try {
+    await runResume(handlers);
+    process.exit(EXIT_CODES.SUCCESS);
+  } catch (err) {
+    const e = err;
+    logger.error(`Resume failed: ${e.message}`);
+    process.exit(EXIT_CODES.FATAL_GENERIC);
+  }
+});
+program.command("doctor").description("Check environment, services, and configuration health").action(async () => {
+  console.log("");
+  console.log(chalk3.bold("  OneClick OpenClaw \u2014 System Doctor"));
+  console.log(chalk3.gray("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"));
+  console.log("");
+  const checks = [];
+  const nrAdapter = new NineRouterAdapter();
+  const ocAdapter = new OpenClawAdapter();
+  const nodeOk = await commandExists("node");
+  checks.push({ category: "Environment", name: "Node.js", status: nodeOk ? "OK" : "FAIL" });
+  const npmOk = await commandExists("npm");
+  checks.push({ category: "Environment", name: "npm", status: npmOk ? "OK" : "FAIL" });
+  const curlOk = await commandExists("curl");
+  checks.push({ category: "Environment", name: "curl", status: curlOk ? "OK" : "WARN", detail: curlOk ? void 0 : "Optional" });
+  const nrInstalled = await nrAdapter.isInstalled();
+  checks.push({ category: "9Router", name: "Installed", status: nrInstalled ? "OK" : "FAIL" });
+  const nrRunning = await nrAdapter.isRunning();
+  checks.push({ category: "9Router", name: "Running", status: nrRunning ? "OK" : "FAIL" });
+  if (nrRunning) {
+    checks.push({ category: "9Router", name: "Dashboard", status: "OK", detail: nrAdapter.getDashboardUrl() });
+    checks.push({ category: "9Router", name: "API", status: "OK", detail: nrAdapter.getApiBaseUrl() });
+    const provStatus = await nrAdapter.getProviderStatus("google-gemini");
+    checks.push({
+      category: "9Router",
+      name: "Auth (Google)",
+      status: provStatus.connected ? "OK" : "WARN",
+      detail: provStatus.connected ? "Connected" : "Not connected"
+    });
+  }
+  const ocInstalled = await ocAdapter.isInstalled();
+  checks.push({ category: "OpenClaw", name: "Installed", status: ocInstalled ? "OK" : "FAIL" });
+  const configPath = await ocAdapter.getConfigPath();
+  const configExists = fileExists(configPath);
+  checks.push({
+    category: "OpenClaw",
+    name: "Config path",
+    status: configExists ? "OK" : "WARN",
+    detail: configPath
+  });
+  if (configExists) {
+    const valResult = await ocAdapter.validateConfig();
+    checks.push({
+      category: "OpenClaw",
+      name: "Config valid",
+      status: valResult.valid ? "OK" : "FAIL",
+      detail: valResult.valid ? void 0 : valResult.errors.join(", ")
+    });
+  }
+  const stateExists = existsSync3(STATE_FILE_PATH);
+  if (stateExists) {
+    const stateRaw = readFileSync3(STATE_FILE_PATH, "utf-8");
+    try {
+      const stateData = JSON.parse(stateRaw);
+      checks.push({
+        category: "Orchestrator",
+        name: "State",
+        status: "OK",
+        detail: `Current: ${stateData.currentState}`
+      });
+    } catch {
+      checks.push({ category: "Orchestrator", name: "State", status: "FAIL", detail: "Corrupted" });
+    }
+  }
+  let currentCat = "";
+  for (const check of checks) {
+    if (check.category !== currentCat) {
+      currentCat = check.category;
+      console.log(chalk3.bold(`  ${currentCat}`));
+    }
+    const icon = check.status === "OK" ? chalk3.green("\u2714") : check.status === "WARN" ? chalk3.yellow("\u26A0") : check.status === "SKIP" ? chalk3.gray("\u25CB") : chalk3.red("\u2716");
+    const detail = check.detail ? chalk3.gray(` (${check.detail})`) : "";
+    console.log(`    ${icon} ${check.name}${detail}`);
+  }
+  console.log("");
+  process.exit(EXIT_CODES.SUCCESS);
+});
+var authCmd = program.command("auth").description("Authentication commands");
+authCmd.command("google").description("Re-open Google OAuth flow").action(async () => {
+  try {
+    const state = loadOrCreateState();
+    await openAuth(state);
+    await waitAuth(state);
+    logger.success("Google authentication completed");
+    process.exit(EXIT_CODES.SUCCESS);
+  } catch (err) {
+    const e = err;
+    logger.error(`Auth failed: ${e.message}`);
+    process.exit(EXIT_CODES.OAUTH_FAILED);
+  }
+});
+program.command("logs").description("Show log file location and recent entries").action(() => {
+  console.log("");
+  console.log(chalk3.bold("  Log files:"));
+  console.log(`    ${chalk3.cyan(LOG_FILE_PATH)}`);
+  console.log("");
+  if (existsSync3(LOG_FILE_PATH)) {
+    const content = readFileSync3(LOG_FILE_PATH, "utf-8");
+    const lines = content.split("\n");
+    const tail = lines.slice(-20).join("\n");
+    console.log(chalk3.gray("  Last 20 lines:"));
+    console.log(chalk3.gray(tail));
+  } else {
+    console.log(chalk3.gray("  No log file found yet."));
+  }
+  console.log("");
+});
+program.command("dashboard").description("Open the web dashboard to monitor system status").option("-p, --port <port>", "Server port", "20199").action(async (opts) => {
+  const port = parseInt(opts.port, 10);
+  const handle = startCallbackServer(port);
+  const url = `http://127.0.0.1:${handle.port}/dashboard`;
+  console.log("");
+  console.log(chalk3.bold("  OneClick OpenClaw \u2014 Dashboard"));
+  console.log(chalk3.gray("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"));
+  console.log(`  ${chalk3.cyan(url)}`);
+  console.log("");
+  console.log(chalk3.gray("  Press Ctrl+C to stop"));
+  console.log("");
+  openBrowser(url);
+});
+program.command("reset").description("Reset orchestrator state (does not uninstall 9router or OpenClaw)").action(() => {
+  resetState();
+  logger.success("State reset. You can now run 'install' again.");
+  process.exit(EXIT_CODES.SUCCESS);
+});
+program.command("uninstall").description("Remove orchestrator artifacts").option("--keep-openclaw", "Keep OpenClaw installation").option("--keep-9router", "Keep 9router installation").option("--full", "Remove everything").action((opts) => {
+  resetState();
+  try {
+    rmSync(LOG_DIR, { recursive: true, force: true });
+  } catch {
+  }
+  logger.success("Orchestrator artifacts removed.");
+  if (!opts.keep9router && opts.full) {
+    logger.info("To uninstall 9router: npm uninstall -g 9router");
+  }
+  if (!opts.keepOpenclaw && opts.full) {
+    logger.info("To uninstall OpenClaw: npm uninstall -g openclaw");
+  }
+  process.exit(EXIT_CODES.SUCCESS);
+});
+program.parse();