bereach-openclaw 1.5.7 → 1.5.8

package/node_modules/@bereach/tools/src/cache-types.ts

@@ -102,4 +102,6 @@ export interface CacheStore {
   sessionMeta: SessionMeta | null;
   onboardingState: OnboardingState | null;
   recentEvents: RecentEvent[];
+  /** LLM circuit breaker status: "auth" | "billing" | "error" when tripped, null when OK */
+  llmStatus?: string | null;
 }

package/node_modules/@bereach/tools/src/definitions.ts

@@ -1307,6 +1307,11 @@ export const definitions: ToolDefinition[] = [
             },
           },
         },
+        disabledTaskTypes: {
+          type: "array",
+          items: { type: "string" },
+          description: "Task types to stop dispatching for this campaign (e.g. ['lead-gen-discovery']). Use when strategically pausing a task type (low conversion, enough leads). Set to [] to re-enable all.",
+        },
       },
     },
   },

package/openclaw.plugin.json

@@ -1,7 +1,7 @@
 {
   "id": "bereach-openclaw",
   "name": "BeReach",
-  "version": "1.5.7",
+  "version": "1.5.8",
   "description": "LinkedIn outreach automation — 75+ tools, hook-based enforcement, dynamic context",
   "configSchema": {
     "type": "object",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "bereach-openclaw",
-  "version": "1.5.7",
+  "version": "1.5.8",
   "description": "BeReach LinkedIn automation plugin for OpenClaw",
   "license": "AGPL-3.0",
   "exports": {

package/src/commands/connector.ts

@@ -59,6 +59,15 @@ type TaskResult = {
   invitationsAccepted?: number;
   error?: string;
   reason?: string;
+  // Token usage tracking
+  tokenUsage?: {
+    inputTokens: number;
+    outputTokens: number;
+    cacheReadTokens?: number;
+    cacheWriteTokens?: number;
+  };
+  estimatedCostUsd?: number;
+  model?: string;
 };
 
 const MIN_POLL_MS = 5000;
@@ -131,6 +140,98 @@ function extractTaskResultFromWrapper(output: Record<string, unknown>): TaskResu
   return null;
 }
 
+/**
+ * Extract token usage from the OpenClaw --json wrapper's meta field.
+ * Returns null if no usage data is available.
+ */
+function extractTokenUsageFromWrapper(
+  output: Record<string, unknown>,
+): { usage: TaskResult["tokenUsage"]; model?: string } | null {
+  const result = output?.result as Record<string, unknown> | undefined;
+  const meta = (result?.meta ?? output?.meta ?? {}) as Record<string, unknown>;
+  // OpenClaw 2026.4+ puts token data in meta.agentMeta.lastCallUsage
+  const agentMeta = (meta.agentMeta ?? {}) as Record<string, unknown>;
+  const lastCall = (agentMeta.lastCallUsage ?? {}) as Record<string, number>;
+  const costData = (meta.cost ?? {}) as Record<string, number>;
+  const usageData = (meta.usage ?? {}) as Record<string, number>;
+
+  const inputTokens = lastCall.input ?? costData.inputTokens ?? costData.input ?? usageData.input ?? 0;
+  const outputTokens = lastCall.output ?? costData.outputTokens ?? costData.output ?? usageData.output ?? 0;
+
+  if (inputTokens === 0 && outputTokens === 0) return null;
+
+  const cacheRead = lastCall.cacheRead ?? usageData.cacheRead ?? costData.cacheReadTokens ?? 0;
+  const cacheWrite = lastCall.cacheWrite ?? usageData.cacheWrite ?? costData.cacheWriteTokens ?? 0;
+
+  return {
+    usage: {
+      inputTokens,
+      outputTokens,
+      ...(cacheRead > 0 ? { cacheReadTokens: cacheRead } : {}),
+      ...(cacheWrite > 0 ? { cacheWriteTokens: cacheWrite } : {}),
+    },
+    model: agentMeta.model as string | undefined,
+  };
+}
+
+/** Model pricing per 1M tokens */
+const MODEL_PRICING: Record<string, { input: number; output: number; cacheRead: number }> = {
+  "haiku": { input: 1.0, output: 5.0, cacheRead: 0.1 },
+  "sonnet": { input: 3.0, output: 15.0, cacheRead: 0.3 },
+  "flash": { input: 0.3, output: 2.5, cacheRead: 0.03 },
+  "pro": { input: 1.25, output: 10.0, cacheRead: 0.125 },
+};
+
+function estimateTaskCost(
+  usage: NonNullable<TaskResult["tokenUsage"]>,
+  modelSlug?: string | null,
+): number {
+  const key = Object.keys(MODEL_PRICING).find((k) => modelSlug?.includes(k)) ?? "haiku";
+  const p = MODEL_PRICING[key];
+  const cached = usage.cacheReadTokens ?? 0;
+  const uncached = Math.max(0, usage.inputTokens - cached);
+  return (uncached * p.input + cached * p.cacheRead + usage.outputTokens * p.output) / 1_000_000;
+}
+
+/** Enrich a TaskResult with token usage from the OpenClaw wrapper output */
+function enrichResultWithTokens(
+  result: TaskResult,
+  output: Record<string, unknown>,
+  modelSlug?: string | null,
+): void {
+  if (result.tokenUsage) return; // already enriched (e.g. by lifecycle hook)
+  const extracted = extractTokenUsageFromWrapper(output);
+  if (!extracted?.usage) return;
+  const effectiveModel = extracted.model ?? modelSlug ?? undefined;
+  result.tokenUsage = extracted.usage;
+  result.model = effectiveModel;
+  result.estimatedCostUsd = estimateTaskCost(extracted.usage, effectiveModel);
+  console.log(
+    `[connector] Token usage: input=${extracted.usage.inputTokens} output=${extracted.usage.outputTokens}` +
+    ` cacheRead=${extracted.usage.cacheReadTokens ?? 0} cost=$${result.estimatedCostUsd.toFixed(4)}` +
+    ` model=${effectiveModel ?? "unknown"}`,
+  );
+}
+
+// LLM provider error detection — mirrors apps/web/src/lib/errors/llm-errors.ts
+// but self-contained since plugin can't import from apps/web.
+const LLM_ERROR_PATTERNS = [
+  /authentication_error/i, /invalid.*api.?key/i, /permission_error/i,
+  /401.*unauthorized/i, /access_denied.*api/i, /unauthorized.*invalid/i,
+  /out of (extra )?usage/i, /insufficient.quota/i, /exceeded.*current quota/i,
+  /RESOURCE_EXHAUSTED/i, /credit balance.*too low/i, /exceeded.*spending.*limit/i,
+  /billing.*hard.*limit/i, /payment.*required/i,
+];
+
+/** Scan text for LLM provider errors (auth, billing). Returns the matched text or null. */
+function detectLlmError(text: string): string | null {
+  for (const pattern of LLM_ERROR_PATTERNS) {
+    const match = text.match(pattern);
+    if (match) return match[0];
+  }
+  return null;
+}
+
 /** Stderr patterns that are noise (module warnings, not actual errors) */
 const HARMLESS_STDERR_RE = [
   /Cannot find module '@aws-sdk\/client-bedrock'/,
@@ -348,8 +449,11 @@ async function executeViaWebhook(
 
     // Webhook completed - lifecycle hook has already posted the result.
     // Return a success indicator so the connector doesn't double-report.
+    // Also extract token usage for the safety-net submission.
+    const webhookResult = (output.result as TaskResult) ?? { success: true };
+    enrichResultWithTokens(webhookResult, output, task.model);
     return {
-      result: (output.result as TaskResult) ?? { success: true },
+      result: webhookResult,
       error: null,
     };
   } catch (err) {
@@ -430,20 +534,25 @@ async function executeViaExecFile(
       // B17 fix: extract it instead of returning the raw wrapper.
       const extracted = extractTaskResultFromWrapper(output);
       if (extracted) {
+        enrichResultWithTokens(extracted, output, task.model);
         return { result: extracted, error: null };
       }
 
       // Fallback: if output itself looks like a flat TaskResult
       if (output.success !== undefined || output.contactsProcessed !== undefined) {
-        return { result: output as TaskResult, error: null };
+        const flat = output as unknown as TaskResult;
+        enrichResultWithTokens(flat, output, task.model);
+        return { result: flat, error: null };
       }
 
-      // Last resort: lifecycle hook may have already posted the real result
-      return { result: { success: true }, error: null };
+      // Last resort: lifecycle hook may have already posted the real result.
+      // Don't blindly claim success — if we can't parse a result, something went wrong.
+      // The lifecycle hook will report the real result if it ran successfully.
+      return { result: { success: false, reason: "no_parseable_result" } as unknown as TaskResult, error: null };
     } catch {
-      // Non-JSON output - treat as success if process exited cleanly
+      // Non-JSON output - can't determine success without structured data.
       return {
-        result: { success: true },
+        result: { success: false, reason: "non_json_output" } as unknown as TaskResult,
         error: null,
       };
     }
@@ -466,11 +575,14 @@ async function executeViaExecFile(
         // B17 fix: extract TaskResult from OpenClaw wrapper (same as happy path)
         const extracted = extractTaskResultFromWrapper(output);
         if (extracted) {
+          enrichResultWithTokens(extracted, output, task.model);
           return { result: extracted, error: null };
         }
         // Accept flat { success: true } format
         if (output.success !== undefined || output.contactsProcessed !== undefined) {
-          return { result: output as TaskResult, error: null };
+          const flat = output as unknown as TaskResult;
+          enrichResultWithTokens(flat, output, task.model);
+          return { result: flat, error: null };
         }
       } catch {
         // Not JSON
@@ -479,8 +591,20 @@ async function executeViaExecFile(
 
     // Filter known-harmless stderr noise (e.g. @aws-sdk/client-bedrock module warnings)
     const filtered = filterStderr(stderr);
-    const message = filtered || execErr.message || String(err);
-    return { result: null, error: message.slice(0, 500) };
+    // When execFile fails, err.message is "Command failed: openclaw agent ..." which is useless.
+    // Prefer stderr content, then stdout snippet, then exit code - anything more useful than the command string.
+    let errorMsg: string;
+    if (filtered) {
+      errorMsg = filtered;
+    } else if (execErr.message && !execErr.message.startsWith("Command failed:")) {
+      errorMsg = execErr.message;
+    } else {
+      // No stderr, message is just the command - build a useful error from what we have
+      const exitCode = execErr.code ?? "unknown";
+      const stdoutSnippet = stdout ? ` stdout=${stdout.slice(0, 200)}` : "";
+      errorMsg = `Agent process exited with code ${exitCode}${stdoutSnippet}`;
+    }
+    return { result: null, error: errorMsg.slice(0, 500) };
   }
 }
 
@@ -569,6 +693,62 @@ export async function runConnectorLoop(
     console.log(`[connector] OpenClaw: ${config.openclawUrl}`);
   }
 
+  // Proactive LLM key validation on startup: detect bad API keys before wasting tasks.
+  // Makes a lightweight check against the LLM provider. Non-fatal — just warns.
+  const llmModel = readEnv("OPENCLAW_DEFAULT_MODEL") || readEnv("BEREACH_TASK_MODEL");
+  if (llmModel) {
+    const isAnthropic = llmModel.includes("anthropic") || llmModel.includes("claude");
+    const isGemini = llmModel.includes("gemini") || llmModel.includes("google");
+    const anthropicKey = readEnv("ANTHROPIC_API_KEY");
+    const geminiKey = readEnv("GEMINI_API_KEY") || readEnv("GOOGLE_API_KEY");
+
+    if (isAnthropic && anthropicKey) {
+      try {
+        const res = await fetch("https://api.anthropic.com/v1/messages", {
+          method: "POST",
+          headers: {
+            "x-api-key": anthropicKey,
+            "anthropic-version": "2023-06-01",
+            "content-type": "application/json",
+          },
+          body: JSON.stringify({ model: "claude-haiku-4-5-20241022", max_tokens: 1, messages: [{ role: "user", content: "hi" }] }),
+          signal: AbortSignal.timeout(10000),
+        });
+        if (res.status === 401 || res.status === 403) {
+          const body = await res.text().catch(() => "");
+          console.error(`[connector] ANTHROPIC_API_KEY is INVALID (HTTP ${res.status}): ${body.slice(0, 200)}`);
+          console.error("[connector] Tasks will fail until the API key is updated. Reporting to BeReach API...");
+          // Report the error to BeReach API so the circuit breaker can trip
+          try {
+            await fetch(`${config.apiUrl}/connectors/heartbeat`, {
+              method: "POST",
+              headers: buildHeaders(config),
+              body: JSON.stringify({ llmKeyError: { provider: "anthropic", status: res.status, error: body.slice(0, 200) } }),
+              signal: AbortSignal.timeout(5000),
+            });
+          } catch { /* best effort */ }
+        } else {
+          console.log(`[connector] Anthropic API key validated (HTTP ${res.status})`);
+        }
+      } catch (err) {
+        console.warn(`[connector] Anthropic key validation failed: ${err instanceof Error ? err.message : String(err)}`);
+      }
+    } else if (isGemini && geminiKey) {
+      try {
+        const res = await fetch(`https://generativelanguage.googleapis.com/v1/models?key=${geminiKey}`, {
+          signal: AbortSignal.timeout(10000),
+        });
+        if (res.status === 401 || res.status === 403) {
+          console.error(`[connector] GEMINI_API_KEY is INVALID (HTTP ${res.status})`);
+        } else {
+          console.log(`[connector] Gemini API key validated (HTTP ${res.status})`);
+        }
+      } catch (err) {
+        console.warn(`[connector] Gemini key validation failed: ${err instanceof Error ? err.message : String(err)}`);
+      }
+    }
+  }
+
   // Heartbeat runs independently - does NOT touch pollInterval or consecutiveErrors.
   // Otherwise it would neutralize exponential backoff during error recovery.
   // Uses internalAbort so auth failures kill both heartbeat AND poll loops.
@@ -700,6 +880,17 @@ export async function runConnectorLoop(
             console.warn(`[connector] DIAGNOSTIC: Task ${task.id} failed in <10s with 0 tool calls — likely context injection failure or model error`);
           }
 
+          // Scan output for LLM provider errors (auth/billing) that the gateway
+          // may not have flagged via meta.stopReason. If found, force-fail the task
+          // so the circuit breaker can detect it on the API side.
+          const allText = [error, result?.error, (result as any)?.reason].filter(Boolean).join(" ");
+          const llmError = detectLlmError(allText);
+          if (llmError && result && result.success !== false) {
+            console.warn(`[connector] LLM provider error detected in task ${task.id}: ${llmError}`);
+            result.success = false;
+            if (!result.error) result.error = `LLM provider error: ${llmError}`;
+          }
+
           // Always submit from connector as safety net. In webhook mode the lifecycle
           // hook usually reports first, but if it fails silently (network, crash) the
           // result is lost and the task stays "running" forever. The result endpoint

package/src/hooks/cache.ts

@@ -176,6 +176,7 @@ export async function fetchSnapshot(apiKey: string): Promise<CacheStore> {
     sessionMeta: snapshot.sessionMeta ?? null,
     onboardingState: snapshot.onboardingState ?? null,
     recentEvents: snapshot.recentEvents ?? [],
+    llmStatus: snapshot.llmStatus ?? null,
   };
 
   // Fallback: if snapshot didn't include limits, fetch from dedicated endpoint

package/src/hooks/context.ts

@@ -584,6 +584,21 @@ function formatLiveStatus(state: SessionState, data: CacheStore, apiKey?: string
 
   // ── ACTIVE MODE: data-only context for onboarded users ──
 
+  // LLM provider error warning — show prominently so the agent can inform the user
+  if (data.llmStatus) {
+    lines.push("### AI Provider Error");
+    if (data.llmStatus === "auth") {
+      lines.push("Your AI provider credentials are INVALID. Automated campaigns are paused.");
+      lines.push("Tell the user to update their API key in their provider's dashboard.");
+    } else if (data.llmStatus === "billing") {
+      lines.push("Your AI provider credits are EXHAUSTED. Automated campaigns are paused.");
+      lines.push("Tell the user to add credits or upgrade their plan with their AI provider.");
+    } else {
+      lines.push("There is an issue with the AI provider. Automated campaigns may be paused.");
+    }
+    lines.push("");
+  }
+
   // Account
   if (data.activeAccount) {
     const a = data.activeAccount;

package/src/hooks/enforcement.ts

@@ -318,9 +318,15 @@ function createDmGuard() {
 async function guardScheduledDm(toolName: string, params: Record<string, unknown>, key: string, state: SessionState) {
   if (toolName !== "bereach_scheduled_message_create") return null;
 
-  // DM history check
+  // DM history check — skip in task mode when prefetch already loaded conversation
+  // data server-side. The agent is instructed to skip tool calls when prefetch is
+  // present, so dmHistoryChecked will be empty. This is safe because:
+  // 1. Prefetch runs the same dedup check server-side before injecting data
+  // 2. Drafts (default status) are user-reviewed before sending
+  const isDraft = !params.status || params.status === "draft";
+  const isTaskMode = !!state.currentTaskMode;
   const dmId = extractDmIdentifier(params);
-  if (dmId && !state.dmHistoryChecked.has(dmId)) {
+  if (dmId && !state.dmHistoryChecked.has(dmId) && !(isTaskMode && isDraft)) {
     log(`scheduled DM dedup BLOCKED: history not checked for ${dmId}`);
     return {
       blocked: true,

package/src/hooks/lifecycle.ts

@@ -65,6 +65,82 @@ function parseStructuredResult(text: string): Record<string, unknown> | null {
 /** Exported for tests. */
 export { parseStructuredResult as _parseStructuredResult };
 
+// ---------------------------------------------------------------------------
+// Token usage extraction & cost estimation
+// ---------------------------------------------------------------------------
+
+/** Model pricing per 1M tokens (hardcoded — plugin can't import from apps/web) */
+const MODEL_PRICING: Record<string, { input: number; output: number; cacheRead: number }> = {
+  "haiku": { input: 1.0, output: 5.0, cacheRead: 0.1 },
+  "sonnet": { input: 3.0, output: 15.0, cacheRead: 0.3 },
+  "flash": { input: 0.3, output: 2.5, cacheRead: 0.03 },
+  "pro": { input: 1.25, output: 10.0, cacheRead: 0.125 },
+};
+
+function estimateTaskCost(
+  inputTokens: number,
+  outputTokens: number,
+  cacheReadTokens: number,
+  modelSlug?: string,
+): number {
+  const key = Object.keys(MODEL_PRICING).find((k) => modelSlug?.includes(k)) ?? "haiku";
+  const p = MODEL_PRICING[key];
+  const uncached = Math.max(0, inputTokens - cacheReadTokens);
+  return (uncached * p.input + cacheReadTokens * p.cacheRead + outputTokens * p.output) / 1_000_000;
+}
+
+/**
+ * Enrich a task result with token usage and cost estimation from OpenClaw's
+ * endCtx.meta. The meta object may contain:
+ *   - meta.cost: { inputTokens, outputTokens } (preferred)
+ *   - meta.usage: { input, output, cacheRead, cacheWrite } (alternative)
+ */
+function enrichWithTokenUsage(
+  taskResult: Record<string, unknown>,
+  endCtx: unknown,
+  taskMode: TaskModeInfo,
+): void {
+  try {
+    const meta = (endCtx as any)?.meta ?? (endCtx as any)?.result?.meta ?? {};
+    // OpenClaw provides token data in multiple possible locations:
+    // - meta.agentMeta.lastCallUsage (OpenClaw 2026.4+)
+    // - meta.cost (older versions / test runner)
+    // - meta.usage (alternative format)
+    const agentMeta = meta.agentMeta ?? {};
+    const lastCall = agentMeta.lastCallUsage ?? {};
+    const costData = meta.cost ?? {};
+    const usageData = meta.usage ?? {};
+
+    const inputTokens = lastCall.input ?? costData.inputTokens ?? costData.input ?? usageData.input ?? 0;
+    const outputTokens = lastCall.output ?? costData.outputTokens ?? costData.output ?? usageData.output ?? 0;
+
+    // No token data available — skip enrichment
+    if (inputTokens === 0 && outputTokens === 0) {
+      log(`token usage: no data in endCtx.meta for ${taskMode.taskId} (keys: ${Object.keys(meta).join(",")})`);
+      return;
+    }
+
+    const cacheRead = lastCall.cacheRead ?? usageData.cacheRead ?? costData.cacheReadTokens ?? 0;
+    const cacheWrite = lastCall.cacheWrite ?? usageData.cacheWrite ?? costData.cacheWriteTokens ?? 0;
+
+    taskResult.tokenUsage = {
+      inputTokens,
+      outputTokens,
+      ...(cacheRead > 0 ? { cacheReadTokens: cacheRead } : {}),
+      ...(cacheWrite > 0 ? { cacheWriteTokens: cacheWrite } : {}),
+    };
+
+    // Model slug from agentMeta (most reliable), env, or task mode
+    const modelSlug = agentMeta.model ?? readEnv("BEREACH_TASK_MODEL") ?? readEnv("OPENCLAW_MODEL") ?? undefined;
+    taskResult.model = modelSlug;
+    taskResult.estimatedCostUsd = estimateTaskCost(inputTokens, outputTokens, cacheRead, modelSlug);
+
+    log(`token usage for ${taskMode.taskId}: input=${inputTokens} output=${outputTokens} cacheRead=${cacheRead} cacheWrite=${cacheWrite} cost=$${(taskResult.estimatedCostUsd as number).toFixed(4)} model=${modelSlug ?? "unknown"}`);
+  } catch (err) {
+    log(`token usage extraction failed: ${err instanceof Error ? err.message : String(err)}`);
+  }
+}
+
 // ---------------------------------------------------------------------------
 // Hook registration
 // ---------------------------------------------------------------------------
@@ -156,6 +232,9 @@ export function registerLifecycleHook(
         const shouldSubmit = result || !isExecFileMode;
         const taskResult = result ?? fallbackResult;
 
+        // Enrich with token usage from OpenClaw meta (if available)
+        enrichWithTokenUsage(taskResult, endCtx, taskMode);
+
         // Retry with backoff — task results are critical, losing them means
         // the task stays "running" forever and the workflow chain stalls.
         let posted = false;

package/src/index.ts

@@ -87,10 +87,10 @@ async function autoDetectModels(apiKey: string): Promise<void> {
     const currentCreative = data.aiModels?.creative;
 
     // Only auto-switch if still on Anthropic defaults (respect manual choices)
-    if (
+    const isAnthropicDefault =
       currentFast === "anthropic/claude-haiku-4-5" &&
-      currentCreative === "anthropic/claude-sonnet-4-6"
-    ) {
+      (currentCreative === "anthropic/claude-haiku-4-5" || currentCreative === "anthropic/claude-sonnet-4-6");
+    if (isAnthropicDefault) {
       const patchRes = await fetch(`${API_BASE}/me/settings`, {
         method: "PATCH",
         headers: {