clawmoney 0.15.56 → 0.15.58

package/dist/commands/relay-setup.js

@@ -222,11 +222,10 @@ export async function relaySetupCommand() {
             })));
         }
         if (selectedClis.includes("gemini") && !hasGeminiFingerprint()) {
-            // Shorter timeout on gemini — recent CLI versions are flaky
-            // under our subprocess-intercept approach. 25s is enough for
-            // a working capture; beyond that we fall through to the
-            // manual instruction path cleanly.
-            tasks.push(bootstrapGeminiFingerprint({ timeoutMs: 25_000 })
+            // Gemini's capture typically completes in 5-15s on a working
+            // network. 45s is generous headroom for token refresh
+            // round-trips through a slow HTTPS_PROXY.
+            tasks.push(bootstrapGeminiFingerprint({ timeoutMs: 45_000 })
                 .then((fp) => ({
                 cli: "gemini",
                 ok: true,
@@ -274,10 +273,9 @@ export async function relaySetupCommand() {
     // fingerprint file.
     const startLine = `${chalk.gray("◇")}  Configuring providers`;
     process.stdout.write(startLine);
-    const tickEvery = 500;
     const ticker = setInterval(() => {
         process.stdout.write(chalk.dim("."));
-    }, tickEvery);
+    }, 1200);
     const results = await runAllBootstraps();
     clearInterval(ticker);
     try {

package/dist/relay/upstream/claude-bootstrap.js

@@ -276,22 +276,17 @@ export async function bootstrapClaudeFingerprint(opts = {}) {
                 return;
             }
             const port = addr.port;
-            // Build child env: inherit parent's env but strip HTTPS_PROXY
-            // entries so claude doesn't try to tunnel its call to
-            // http://127.0.0.1:<port> through the upstream proxy. Set
-            // NO_PROXY=localhost as belt-and-braces.
+            // Inherit HTTPS_PROXY so claude can reach sso.anthropic.com
+            // for OAuth refresh if its cached token is near expiry —
+            // same reason gemini-bootstrap keeps it. NO_PROXY=127.0.0.1
+            // keeps claude's call to our local listener from tunneling
+            // through the proxy.
             const childEnv = {
                 ...process.env,
                 ANTHROPIC_BASE_URL: `http://127.0.0.1:${port}`,
                 NO_PROXY: "127.0.0.1,localhost",
                 no_proxy: "127.0.0.1,localhost",
             };
-            delete childEnv.HTTPS_PROXY;
-            delete childEnv.https_proxy;
-            delete childEnv.HTTP_PROXY;
-            delete childEnv.http_proxy;
-            delete childEnv.ALL_PROXY;
-            delete childEnv.all_proxy;
             // Launch `claude -p "hi"` — same command the manual capture
             // script documents. `-p` is non-interactive print mode; in
             // recent claude versions it skips the trust dialog for

package/dist/relay/upstream/gemini-bootstrap.d.ts

@@ -1,25 +1,15 @@
 /**
  * Programmatic Gemini fingerprint capture.
  *
- * Mirrors scripts/capture-gemini-request.mjs but runs inline so the
- * setup wizard can bootstrap ~/.clawmoney/gemini-fingerprint.json
- * without the two-terminal dance.
+ * Spawns the existing scripts/capture-gemini-request.mjs as a
+ * subprocess and runs `gemini -p hi` against it, rather than
+ * reimplementing the proxy in TypeScript. The TS port I tried
+ * first timed out at 25s even though the mjs script captures in
+ * ~4s on the same machine — the mjs path is proven and reused
+ * code, so keep the pattern consistent with codex-bootstrap.
  *
- * Flow:
- *   1. Listen on a random localhost port.
- *   2. Spawn `gemini -p "hi"` with CODE_ASSIST_ENDPOINT pointing at us.
- *   3. When the first POST hits a /v1internal:generateContent (or
- *      similar) path, extract project_id / user_agent / cli_version /
- *      x_goog_api_client from the body + headers, persist to
- *      ~/.clawmoney/gemini-fingerprint.json, and forward the request
- *      to cloudcode-pa.googleapis.com so the gemini CLI still sees a
- *      valid response.
- *   4. Clean up proxy server + gemini subprocess.
- *
- * Note: the :loadCodeAssist bootstrap request that Gemini CLI fires
- * first carries only `{metadata}` without a project — we skip it and
- * wait for a subsequent v1internal request that actually carries a
- * project field. Mirrors the mjs script's extractFingerprint guard.
+ * Note: the mjs script hardcodes port 8789. A collision surfaces
+ * as a spawn error we forward to the caller.
  */
 export interface GeminiFingerprint {
     project_id: string;

package/dist/relay/upstream/gemini-bootstrap.js

@@ -1,124 +1,61 @@
 /**
  * Programmatic Gemini fingerprint capture.
  *
- * Mirrors scripts/capture-gemini-request.mjs but runs inline so the
- * setup wizard can bootstrap ~/.clawmoney/gemini-fingerprint.json
- * without the two-terminal dance.
+ * Spawns the existing scripts/capture-gemini-request.mjs as a
+ * subprocess and runs `gemini -p hi` against it, rather than
+ * reimplementing the proxy in TypeScript. The TS port I tried
+ * first timed out at 25s even though the mjs script captures in
+ * ~4s on the same machine — the mjs path is proven and reused
+ * code, so keep the pattern consistent with codex-bootstrap.
  *
- * Flow:
- *   1. Listen on a random localhost port.
- *   2. Spawn `gemini -p "hi"` with CODE_ASSIST_ENDPOINT pointing at us.
- *   3. When the first POST hits a /v1internal:generateContent (or
- *      similar) path, extract project_id / user_agent / cli_version /
- *      x_goog_api_client from the body + headers, persist to
- *      ~/.clawmoney/gemini-fingerprint.json, and forward the request
- *      to cloudcode-pa.googleapis.com so the gemini CLI still sees a
- *      valid response.
- *   4. Clean up proxy server + gemini subprocess.
- *
- * Note: the :loadCodeAssist bootstrap request that Gemini CLI fires
- * first carries only `{metadata}` without a project — we skip it and
- * wait for a subsequent v1internal request that actually carries a
- * project field. Mirrors the mjs script's extractFingerprint guard.
+ * Note: the mjs script hardcodes port 8789. A collision surfaces
+ * as a spawn error we forward to the caller.
  */
-import { createServer } from "node:http";
-import { existsSync, mkdirSync, readdirSync, unlinkSync, writeFileSync, } from "node:fs";
-import { homedir } from "node:os";
-import { join } from "node:path";
 import { spawn } from "node:child_process";
-import { fetch as undiciFetch, ProxyAgent } from "undici";
+import { existsSync } from "node:fs";
+import { homedir } from "node:os";
+import { dirname, join } from "node:path";
+import { fileURLToPath } from "node:url";
+import { readFileSync } from "node:fs";
 const CONFIG_DIR = join(homedir(), ".clawmoney");
 const FINGERPRINT_PATH = join(CONFIG_DIR, "gemini-fingerprint.json");
+const CAPTURE_PORT = 8789;
+const CAPTURE_SCRIPT = "capture-gemini-request.mjs";
 export function hasGeminiFingerprint() {
     return existsSync(FINGERPRINT_PATH);
 }
-const HOP_BY_HOP = new Set([
-    "host",
-    "connection",
-    "content-length",
-    "transfer-encoding",
-    "accept-encoding",
-]);
-function cloneHeaders(src) {
-    const out = {};
-    for (const [k, v] of Object.entries(src)) {
-        if (v == null)
-            continue;
-        if (HOP_BY_HOP.has(k.toLowerCase()))
-            continue;
-        out[k] = Array.isArray(v) ? v.join(", ") : v;
-    }
-    return out;
-}
-// /v1beta and /v1alpha go to generativelanguage (AI Studio).
-// Everything else (notably /v1internal for Code Assist) goes to
-// cloudcode-pa. Matches the manual script's routing.
-function resolveUpstreamURL(path) {
-    if (path.startsWith("/v1beta") ||
-        path.startsWith("/v1/beta") ||
-        path.startsWith("/v1alpha")) {
-        return `https://generativelanguage.googleapis.com${path}`;
-    }
-    return `https://cloudcode-pa.googleapis.com${path}`;
-}
-function extractFingerprint(body, headers) {
-    if (!body || typeof body !== "object")
-        return null;
-    const projectRaw = body.project;
-    const projectId = typeof projectRaw === "string" ? projectRaw.trim() : "";
-    // :loadCodeAssist carries {metadata} without a project — wait for
-    // the next request that does.
-    if (!projectId)
-        return null;
-    const uaRaw = headers["user-agent"];
-    const ua = (Array.isArray(uaRaw) ? uaRaw.join(", ") : (uaRaw ?? "")).trim();
-    const versionMatch = ua.match(/GeminiCLI\/(\d+\.\d+[.\d]*)/i);
-    const cliVersion = versionMatch ? versionMatch[1] : "unknown";
-    const xGoogRaw = headers["x-goog-api-client"];
-    const xGoog = (Array.isArray(xGoogRaw) ? xGoogRaw.join(", ") : (xGoogRaw ?? "")).trim();
-    return {
-        project_id: projectId,
-        cli_version: cliVersion,
-        user_agent: ua || `GeminiCLI/${cliVersion}`,
-        x_goog_api_client: xGoog || "gl-node/unknown",
-    };
-}
-function scrubCaptureFiles() {
-    try {
-        for (const f of readdirSync(CONFIG_DIR)) {
-            if (/^capture-gemini-\d+\.json$/.test(f)) {
-                unlinkSync(join(CONFIG_DIR, f));
-            }
-        }
-    }
-    catch {
-        // ignore — best-effort
+function findCaptureScript() {
+    const thisFile = fileURLToPath(import.meta.url);
+    const thisDir = dirname(thisFile);
+    const candidates = [
+        join(thisDir, "..", "..", "..", "scripts", CAPTURE_SCRIPT),
+        join(thisDir, "..", "..", "scripts", CAPTURE_SCRIPT),
+        join(thisDir, "..", "scripts", CAPTURE_SCRIPT),
+    ];
+    for (const c of candidates) {
+        if (existsSync(c))
+            return c;
     }
+    return null;
 }
 export async function bootstrapGeminiFingerprint(opts = {}) {
     const timeoutMs = opts.timeoutMs ?? 45_000;
-    mkdirSync(CONFIG_DIR, { recursive: true });
     if (hasGeminiFingerprint()) {
         throw new Error("gemini-fingerprint.json already exists — delete it to re-bootstrap");
     }
-    // Gemini talks to Google — Google is reachable only through a
-    // proxy from GFW-side networks, so we DO honor HTTPS_PROXY for the
-    // upstream forward. The child subprocess gets no proxy env because
-    // it's talking to 127.0.0.1 (us), and routing 127.0.0.1 through
-    // http_proxy tends to wedge.
-    const proxyUrl = process.env.HTTPS_PROXY ||
-        process.env.https_proxy ||
-        process.env.HTTP_PROXY ||
-        process.env.http_proxy;
-    let upstreamDispatcher;
-    if (proxyUrl && /^https?:\/\//.test(proxyUrl)) {
-        upstreamDispatcher = new ProxyAgent(proxyUrl);
+    const scriptPath = findCaptureScript();
+    if (!scriptPath) {
+        throw new Error("capture-gemini-request.mjs not found in the installed clawmoney package");
     }
-    let server = null;
+    let proxyChild = null;
     let geminiChild = null;
-    let resolved = false;
-    let capturedFp = null;
+    let pollInterval = null;
+    let done = false;
     const cleanup = () => {
+        if (pollInterval) {
+            clearInterval(pollInterval);
+            pollInterval = null;
+        }
         if (geminiChild && !geminiChild.killed) {
             try {
                 geminiChild.kill("SIGTERM");
@@ -127,190 +64,141 @@ export async function bootstrapGeminiFingerprint(opts = {}) {
                 // ignore
             }
         }
-        if (server) {
+        if (proxyChild && !proxyChild.killed) {
             try {
-                server.close();
+                // SIGINT lets the mjs script scrub its capture-gemini-*.json
+                // stragglers (they contain OAuth bearer tokens).
+                proxyChild.kill("SIGINT");
             }
             catch {
                 // ignore
             }
-            server = null;
         }
     };
     return new Promise((resolve, reject) => {
         const timer = setTimeout(() => {
-            if (resolved)
+            if (done)
                 return;
-            resolved = true;
+            done = true;
             cleanup();
             reject(new Error(`gemini fingerprint capture timed out after ${timeoutMs}ms`));
         }, timeoutMs);
-        server = createServer((req, res) => {
-            const chunks = [];
-            req.on("data", (c) => chunks.push(c));
-            req.on("end", async () => {
-                const bodyBuf = Buffer.concat(chunks);
-                const bodyText = bodyBuf.toString("utf-8");
-                let parsedBody;
-                try {
-                    parsedBody = JSON.parse(bodyText);
-                }
-                catch {
-                    parsedBody = bodyText;
-                }
-                const isGenerate = req.method === "POST" &&
-                    typeof req.url === "string" &&
-                    (req.url.includes("generateContent") || req.url.includes("v1internal"));
-                if (!capturedFp &&
-                    isGenerate &&
-                    parsedBody &&
-                    typeof parsedBody === "object") {
-                    const fp = extractFingerprint(parsedBody, req.headers);
-                    if (fp) {
-                        capturedFp = fp;
-                        try {
-                            writeFileSync(FINGERPRINT_PATH, JSON.stringify(fp, null, 2), "utf-8");
-                            scrubCaptureFiles();
-                        }
-                        catch (writeErr) {
-                            if (!resolved) {
-                                resolved = true;
-                                clearTimeout(timer);
-                                cleanup();
-                                reject(new Error(`failed to write gemini fingerprint: ${writeErr.message}`));
-                                return;
-                            }
-                        }
-                    }
-                }
-                // Forward to real Google upstream.
-                const upstreamURL = resolveUpstreamURL(req.url || "/");
-                const targetHost = new URL(upstreamURL).host;
-                try {
-                    const upstreamHeaders = cloneHeaders(req.headers);
-                    upstreamHeaders["host"] = targetHost;
-                    const upstreamResp = await undiciFetch(upstreamURL, {
-                        method: req.method,
-                        headers: upstreamHeaders,
-                        body: req.method === "GET" || req.method === "HEAD"
-                            ? undefined
-                            : bodyBuf,
-                        dispatcher: upstreamDispatcher,
-                    });
-                    const respHeaders = {};
-                    upstreamResp.headers.forEach((v, k) => {
-                        const lower = k.toLowerCase();
-                        if (lower === "content-encoding" ||
-                            lower === "content-length" ||
-                            lower === "transfer-encoding")
-                            return;
-                        respHeaders[k] = v;
-                    });
-                    res.writeHead(upstreamResp.status, respHeaders);
-                    if (upstreamResp.body) {
-                        const reader = upstreamResp.body.getReader();
-                        while (true) {
-                            const { done: rDone, value } = await reader.read();
-                            if (rDone)
-                                break;
-                            res.write(Buffer.from(value));
-                        }
-                    }
-                    res.end();
-                }
-                catch (err) {
-                    try {
-                        res.writeHead(502);
-                        res.end();
-                    }
-                    catch {
-                        // ignore
-                    }
-                    if (!resolved && !capturedFp) {
-                        resolved = true;
-                        clearTimeout(timer);
-                        cleanup();
-                        reject(new Error(`upstream google request failed: ${err.message}`));
-                        return;
-                    }
-                }
-                if (capturedFp && !resolved) {
-                    resolved = true;
-                    clearTimeout(timer);
-                    cleanup();
-                    resolve(capturedFp);
-                }
-            });
+        // 1. Spawn the capture proxy (mjs script). It needs HTTPS_PROXY
+        // to reach cloudcode-pa.googleapis.com from a GFW egress.
+        proxyChild = spawn("node", [scriptPath], {
+            env: { ...process.env },
+            stdio: ["ignore", "pipe", "pipe"],
+        });
+        let proxyStderr = "";
+        proxyChild.stderr?.on("data", (c) => {
+            proxyStderr += c.toString();
+            if (proxyStderr.length > 4_000) {
+                proxyStderr = proxyStderr.slice(-4_000);
+            }
+        });
+        proxyChild.stdout?.on("data", () => {
+            // drain — the mjs prints a banner we ignore
         });
-        server.on("error", (err) => {
-            if (resolved)
+        proxyChild.on("error", (err) => {
+            if (done)
                 return;
-            resolved = true;
+            done = true;
             clearTimeout(timer);
             cleanup();
-            reject(new Error(`gemini bootstrap proxy error: ${err.message}`));
+            reject(new Error(`failed to spawn capture proxy: ${err.message}`));
         });
-        server.listen(0, "127.0.0.1", () => {
-            const addr = server.address();
-            if (!addr || typeof addr === "string") {
-                if (resolved)
-                    return;
-                resolved = true;
+        proxyChild.on("exit", (code) => {
+            if (done)
+                return;
+            if (!hasGeminiFingerprint()) {
+                done = true;
                 clearTimeout(timer);
                 cleanup();
-                reject(new Error("failed to bind gemini capture proxy"));
-                return;
+                const tail = proxyStderr.trim().slice(-400);
+                const detail = tail ? ` stderr: ${tail}` : "";
+                reject(new Error(`capture proxy exited (code ${code ?? "unknown"}) before fingerprint.${detail}`));
             }
-            const port = addr.port;
-            // Strip upstream proxy env vars from the child so it hits our
-            // local 127.0.0.1 listener directly. NO_PROXY is belt-and-braces.
+        });
+        // Give the mjs proxy a moment to bind port 8789, then spawn
+        // gemini. 1.5s is enough on every machine I've tested.
+        setTimeout(() => {
+            if (done)
+                return;
+            // Poll the fingerprint file — the mjs script writes it as
+            // soon as the first v1internal request with a project field
+            // comes through.
+            pollInterval = setInterval(() => {
+                if (done) {
+                    if (pollInterval) {
+                        clearInterval(pollInterval);
+                        pollInterval = null;
+                    }
+                    return;
+                }
+                if (hasGeminiFingerprint()) {
+                    done = true;
+                    if (pollInterval) {
+                        clearInterval(pollInterval);
+                        pollInterval = null;
+                    }
+                    clearTimeout(timer);
+                    cleanup();
+                    try {
+                        const raw = JSON.parse(readFileSync(FINGERPRINT_PATH, "utf-8"));
+                        resolve(raw);
+                    }
+                    catch (err) {
+                        reject(new Error(`fingerprint file written but unreadable: ${err.message}`));
+                    }
+                }
+            }, 500);
+            // DO inherit HTTPS_PROXY — gemini CLI needs it to reach
+            // oauth2.googleapis.com for token refresh (see gemini-api.ts
+            // line 184). NO_PROXY=127.0.0.1 makes gemini bypass the proxy
+            // for our local capture listener, so HTTPS_PROXY + NO_PROXY
+            // together give gemini proxy access to Google AND direct
+            // access to our listener.
             const childEnv = {
                 ...process.env,
-                CODE_ASSIST_ENDPOINT: `http://127.0.0.1:${port}`,
+                CODE_ASSIST_ENDPOINT: `http://127.0.0.1:${CAPTURE_PORT}`,
                 NO_PROXY: "127.0.0.1,localhost",
                 no_proxy: "127.0.0.1,localhost",
             };
-            delete childEnv.HTTPS_PROXY;
-            delete childEnv.https_proxy;
-            delete childEnv.HTTP_PROXY;
-            delete childEnv.http_proxy;
-            delete childEnv.ALL_PROXY;
-            delete childEnv.all_proxy;
             geminiChild = spawn("gemini", ["-p", "hi"], {
                 env: childEnv,
                 stdio: ["ignore", "pipe", "pipe"],
                 shell: process.platform === "win32",
             });
-            let stderrBuf = "";
-            geminiChild.stderr?.on("data", (chunk) => {
-                stderrBuf += chunk.toString();
-                if (stderrBuf.length > 4_000) {
-                    stderrBuf = stderrBuf.slice(-4_000);
+            let geminiStderr = "";
+            geminiChild.stderr?.on("data", (c) => {
+                geminiStderr += c.toString();
+                if (geminiStderr.length > 4_000) {
+                    geminiStderr = geminiStderr.slice(-4_000);
                 }
             });
             geminiChild.stdout?.on("data", () => {
                 // drain
             });
             geminiChild.on("error", (err) => {
-                if (resolved)
+                if (done)
                     return;
-                resolved = true;
+                done = true;
                 clearTimeout(timer);
                 cleanup();
                 reject(new Error(`failed to spawn gemini: ${err.message} (is the gemini CLI installed and in PATH?)`));
             });
             geminiChild.on("exit", (code) => {
                 setTimeout(() => {
-                    if (capturedFp || resolved)
+                    if (done || hasGeminiFingerprint())
                         return;
-                    resolved = true;
+                    done = true;
                     clearTimeout(timer);
                     cleanup();
-                    const tail = stderrBuf.trim().slice(-400);
+                    const tail = geminiStderr.trim().slice(-400);
                     const detail = tail ? ` stderr: ${tail}` : "";
-                    reject(new Error(`gemini -p hi exited with code ${code ?? "unknown"} before sending a v1internal request.${detail}`));
-                }, 500);
+                    reject(new Error(`gemini -p hi exited with code ${code ?? "unknown"} before the capture proxy saw a v1internal request with a project field.${detail}`));
+                }, 800);
             });
-        });
+        }, 1500);
     });
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clawmoney",
-  "version": "0.15.56",
+  "version": "0.15.58",
   "description": "ClawMoney CLI -- Earn rewards with your AI agent",
   "type": "module",
   "bin": {