clawmoney 0.17.45 → 0.17.47

package/dist/commands/relay.js

@@ -11,7 +11,7 @@ const LOG_FILE = join(homedir(), ".clawmoney", "relay.log");
 export async function relayRegisterCommand(options) {
     const config = requireConfig();
     // Validate CLI type
-    const validClis = ["claude", "codex", "gemini", "antigravity"];
+    const validClis = ["claude", "codex", "gemini", "antigravity", "chatgpt-web"];
     if (!validClis.includes(options.cli)) {
         console.error(chalk.red(`Invalid CLI type "${options.cli}". Must be one of: ${validClis.join(", ")}`));
         process.exit(1);
@@ -36,14 +36,16 @@ export async function relayRegisterCommand(options) {
         }
     }
     else {
-        const spinner = ora(`Checking if ${options.cli} is installed...`).start();
+        // chatgpt-web drives the browser via opencli — there's no "chatgpt-web" binary.
+        const probeBin = options.cli === "chatgpt-web" ? "opencli" : options.cli;
+        const spinner = ora(`Checking if ${probeBin} is installed...`).start();
         try {
-            execSync(`which ${options.cli}`, { stdio: "pipe" });
-            spinner.succeed(`${options.cli} is available`);
+            execSync(`which ${probeBin}`, { stdio: "pipe" });
+            spinner.succeed(`${probeBin} is available`);
         }
         catch {
-            spinner.fail(chalk.red(`${options.cli} is not installed or not in PATH`));
-            console.log(chalk.dim(`  Make sure ${options.cli} CLI is installed and accessible.`));
+            spinner.fail(chalk.red(`${probeBin} is not installed or not in PATH`));
+            console.log(chalk.dim(`  Make sure ${probeBin} CLI is installed and accessible.`));
             process.exit(1);
         }
     }

package/dist/relay/pricing.js

@@ -32,6 +32,13 @@ export const API_PRICES = {
     // 5 / 5.1 / 5.2-codex families were fully removed that day. Anything
     // below this comment that's deprecated was removed from the CLI-side
     // pricing table so `modelsForCli("codex")` no longer offers them.
+    //
+    // gpt-5.5 — current Codex CLI default (config.toml `model = "gpt-5.5"`)
+    // after the mid-2026 bump. Upgraded ChatGPT accounts now 404 the older
+    // 5.4/5.3-codex/5.2 ids with "not supported when using Codex with a
+    // ChatGPT account", so gpt-5.5 must be offered. Priced at the 5.4 tier
+    // pending an official LiteLLM entry.
+    "gpt-5.5": { input: 2.50, output: 15 },
     "gpt-5.4": { input: 2.50, output: 15 },
     "gpt-5.4-mini": { input: 0.75, output: 4.50 },
     "gpt-5.3-codex": { input: 1.75, output: 14 },

package/dist/relay/provider.js

@@ -6,6 +6,7 @@ import { RelayWsClient } from "./ws-client.js";
 import { callClaudeApi, callClaudeApiPassthrough, preflightClaudeApi, getRateGuardSnapshot as getClaudeRateGuardSnapshot, } from "./upstream/claude-api.js";
 import { callCodexApi, callCodexApiPassthrough, preflightCodexApi, getRateGuardSnapshot as getCodexRateGuardSnapshot, } from "./upstream/codex-api.js";
 import { callGeminiApi, preflightGeminiApi, getGeminiRateGuardSnapshot, } from "./upstream/gemini-api.js";
+import { callChatGPTWeb } from "./upstream/chatgpt-web.js";
 import { callAntigravityApi, preflightAntigravityApi, getAntigravityRateGuardSnapshot, } from "./upstream/antigravity-api.js";
 import { callMinimaxApi, preflightMinimaxApi, getMinimaxRateGuardSnapshot, } from "./upstream/minimax-api.js";
 import { callKimiCodingApi, preflightKimiCodingApi, getKimiCodingRateGuardSnapshot, } from "./upstream/kimi-coding-api.js";
@@ -221,6 +222,11 @@ function messagesToPrompt(messages) {
 const AUTH_ERROR_THRESHOLD = 3;
 const consecutiveAuthErrorsByCli = new Map();
 const cliAuthDisabled = new Set();
+// chatgpt-web: buyer sessions we've already opened a ChatGPT tab for. First
+// turn opens a temporary chat; later turns continue in the same tab so context
+// accumulates. Keyed by cli_session_id (falls back to request_id for stateless
+// single-shots, which just get a fresh temporary chat each time).
+const chatgptWebSessions = new Set();
 const AUTH_BROKEN_PATTERNS = [
     // Anthropic 403: OAuth authentication is currently not allowed for
     // this organization. The new prod signal from 2026-04-15 incident.
@@ -313,11 +319,15 @@ async function executeRelayRequest(request, config, sendChunk) {
         // antigravity → daily-cloudcode-pa). Each handler has its own
         // fingerprint file and rate-guard instance.
         if (cliType === "codex") {
-            // Same two-mode pattern as claude: passthrough when the Hub forwards
-            // a real Responses API body (used by /v1/responses endpoint for
-            // Codex CLI drop-in replacement), template mode otherwise (used by
-            // the OpenAI-compat /v1/chat/completions classic endpoint).
-            if (request.passthrough_body) {
+            // Passthrough ONLY when the Hub forwarded a real Responses API body —
+            // i.e. it carries an `input` array (the /v1/responses drop-in path).
+            // The OpenAI-compat /v1/chat/completions path forwards a body with
+            // `messages` (no `input`), so fall through to template mode, which
+            // builds a Responses request from the flattened `prompt`. Without this
+            // guard, chat/completions hit passthrough and 400'd with
+            // "Passthrough body missing `input` array".
+            const pb = request.passthrough_body;
+            if (pb && Array.isArray(pb.input) && pb.input.length > 0) {
                 parsed = await callCodexApiPassthrough({
                     clientBody: request.passthrough_body,
                     model,
@@ -340,6 +350,26 @@ async function executeRelayRequest(request, config, sendChunk) {
                 maxTokens: max_budget_usd ? undefined : 8192,
             });
         }
+        else if (cliType === "chatgpt-web") {
+            // Web send/read path — drive chatgpt.com via opencli (temporary chat)
+            // instead of the reverse-proxy API. Real-browser route, un-bannable.
+            // Per-buyer tab keyed by cli_session_id: first turn opens a temporary
+            // chat, later turns continue in the same tab so context accumulates.
+            const webKey = cliSessionId || request_id;
+            const seenBefore = chatgptWebSessions.has(webKey);
+            chatgptWebSessions.add(webKey);
+            // Image turn when the buyer asks for an image model (gpt-image-*) — that
+            // forces a regular chat + image grab. Text models stay on temporary chat.
+            const wantsImage = /image/i.test(model);
+            parsed = await callChatGPTWeb({
+                prompt,
+                model,
+                timeout: wantsImage ? 200 : 120,
+                sessionKey: webKey,
+                continueChat: seenBefore,
+                imageOut: wantsImage,
+            });
+        }
         else if (cliType === "antigravity") {
             parsed = await callAntigravityApi({
                 prompt,

package/dist/relay/upstream/chatgpt-web.d.ts

@@ -0,0 +1,51 @@
+/**
+ * chatgpt-web upstream — serve a relay request by driving the ChatGPT *website*
+ * (not the reverse-proxy API). Sends the prompt into a ChatGPT temporary chat
+ * via opencli's CDP browser automation, waits for the reply, reads it back.
+ *
+ * Why this exists alongside the codex reverse-proxy path:
+ *  - It's a real person typing in chatgpt.com → OpenAI can't tell it apart from
+ *    normal use → effectively un-bannable (the reverse-proxy路径 mimics the
+ *    Codex CLI fingerprint, which is safe but not bullet-proof at scale).
+ *  - Temporary chat → no history pollution, clean per-session isolation, not
+ *    used for training.
+ *  - Trade-off: slower (seconds, UI render) and not token-streamed. Fine for
+ *    conversation; the buyer still gets a standard reply.
+ *
+ * Requires the provider machine to have `@jackwener/opencli` installed (with the
+ * `chatgpt ask --temporary` support) and a logged-in ChatGPT session in the
+ * opencli-controlled Chrome. Point OPENCLI_BIN at a custom binary for local
+ * source runs.
+ */
+import type { ParsedOutput } from "../types.js";
+export interface ChatGPTWebOptions {
+    prompt: string;
+    model: string;
+    /** Max seconds to wait for the assistant reply. */
+    timeout?: number;
+    /** Continue an existing /c/<id> conversation (multi-turn, non-temporary). */
+    conversationId?: string;
+    /**
+     * Continue the CURRENT chat in place (no --new/--temporary). Used for
+     * stateful multi-turn inside a temporary chat: the first turn opens the
+     * temporary chat, later turns just send into the same tab so ChatGPT
+     * accumulates context. Temporary chats have no /c/<id> to resume by URL,
+     * so this in-place continuation is the only way to keep their context.
+     */
+    continueChat?: boolean;
+    /**
+     * Per-buyer browser session key → its own ChatGPT tab. Same key reuses the
+     * same tab (multi-turn context); different keys run concurrently in separate
+     * tabs. Maps to opencli `--session <key>`.
+     */
+    sessionKey?: string;
+    /**
+     * This turn is expected to produce an image (generate/edit). Forces a regular
+     * chat (ChatGPT temporary chat BLOCKS image generation) and waits for + grabs
+     * the image. Maps to opencli `--image-out` + `--new` (first turn).
+     */
+    imageOut?: boolean;
+    /** Local image paths to upload before the prompt (edit the buyer's own image). */
+    imagePaths?: string[];
+}
+export declare function callChatGPTWeb(opts: ChatGPTWebOptions): Promise<ParsedOutput>;

package/dist/relay/upstream/chatgpt-web.js

@@ -0,0 +1,114 @@
+/**
+ * chatgpt-web upstream — serve a relay request by driving the ChatGPT *website*
+ * (not the reverse-proxy API). Sends the prompt into a ChatGPT temporary chat
+ * via opencli's CDP browser automation, waits for the reply, reads it back.
+ *
+ * Why this exists alongside the codex reverse-proxy path:
+ *  - It's a real person typing in chatgpt.com → OpenAI can't tell it apart from
+ *    normal use → effectively un-bannable (the reverse-proxy路径 mimics the
+ *    Codex CLI fingerprint, which is safe but not bullet-proof at scale).
+ *  - Temporary chat → no history pollution, clean per-session isolation, not
+ *    used for training.
+ *  - Trade-off: slower (seconds, UI render) and not token-streamed. Fine for
+ *    conversation; the buyer still gets a standard reply.
+ *
+ * Requires the provider machine to have `@jackwener/opencli` installed (with the
+ * `chatgpt ask --temporary` support) and a logged-in ChatGPT session in the
+ * opencli-controlled Chrome. Point OPENCLI_BIN at a custom binary for local
+ * source runs.
+ */
+import { execFile } from "node:child_process";
+import { promisify } from "node:util";
+const execFileP = promisify(execFile);
+const OPENCLI_BIN = process.env.OPENCLI_BIN || "opencli";
+/** Roughly 4 chars per token — web send/read has no real token counts, so we
+ *  estimate for billing parity with the API paths. */
+function estimateTokens(text) {
+    return Math.max(1, Math.ceil(text.length / 4));
+}
+export async function callChatGPTWeb(opts) {
+    const timeout = opts.timeout ?? 120;
+    const args = ["chatgpt", "ask", opts.prompt, "--timeout", String(timeout), "-f", "json"];
+    // Turn routing:
+    //  - continueChat → no flag; opencli's ensureOnChatGPT stays on the current
+    //    page, so a temporary chat continues in place and keeps its context.
+    //  - conversationId → resume a saved /c/<id> conversation.
+    //  - otherwise → open a fresh temporary chat (first turn / single-shot).
+    if (opts.continueChat) {
+        // intentionally no flag — continue the current chat in place.
+    }
+    else if (opts.conversationId) {
+        args.push("--conversation", opts.conversationId);
+    }
+    else if (opts.imageOut) {
+        // Image generation is blocked in temporary chats → use a regular new chat.
+        args.push("--new");
+    }
+    else {
+        args.push("--temporary");
+    }
+    if (opts.imageOut) {
+        args.push("--image-out");
+    }
+    if (opts.imagePaths?.length) {
+        args.push("--image", opts.imagePaths.join(","));
+    }
+    // Per-buyer tab isolation: same key → same tab (context kept), different
+    // keys → concurrent tabs.
+    if (opts.sessionKey) {
+        args.push("--session", opts.sessionKey);
+    }
+    let stdout = "";
+    try {
+        const result = await execFileP(OPENCLI_BIN, args, {
+            timeout: (timeout + 30) * 1000,
+            maxBuffer: 96 * 1024 * 1024, // base64 images can be several MB each
+            env: { ...process.env },
+        });
+        stdout = result.stdout;
+    }
+    catch (err) {
+        const e = err;
+        const tail = `${e.stdout ?? ""}${e.stderr ?? ""}`.slice(0, 400);
+        throw new Error(`opencli chatgpt ask failed: ${e.message ?? String(err)} ${tail}`);
+    }
+    // opencli `-f json` prints a JSON array; tolerate any leading banner lines.
+    const start = stdout.indexOf("[");
+    if (start < 0) {
+        throw new Error(`opencli chatgpt ask: no JSON in output: ${stdout.slice(0, 300)}`);
+    }
+    let rows;
+    try {
+        rows = JSON.parse(stdout.slice(start));
+    }
+    catch {
+        throw new Error(`opencli chatgpt ask: bad JSON: ${stdout.slice(start, start + 300)}`);
+    }
+    const response = String(rows?.[0]?.response ?? "").trim();
+    const images = Array.isArray(rows?.[0]?.images) ? rows[0].images : [];
+    if (!response && !images.length) {
+        throw new Error(`opencli chatgpt ask empty (stdout=${stdout.length}b, keys=[${Object.keys(rows?.[0] ?? {}).join(",")}], imagesType=${typeof rows?.[0]?.images})`);
+    }
+    // Carry images back inside the chat.completion content as markdown data
+    // URLs — the buyer's front-end renders them directly. (Image turns often
+    // have little/no text, so the image IS the answer.)
+    let text = response;
+    if (images.length) {
+        const md = images.map((img, i) => `![image${i + 1}](${img})`).join("\n");
+        text = text ? `${text}\n\n${md}` : md;
+    }
+    return {
+        text,
+        sessionId: String(rows?.[0]?.conversationId ?? ""),
+        usage: {
+            input_tokens: estimateTokens(opts.prompt),
+            // Don't token-count the base64 image (it'd be ~375k "tokens"); bill each
+            // generated image as a flat token block instead.
+            output_tokens: estimateTokens(response) + images.length * 800,
+            cache_creation_tokens: 0,
+            cache_read_tokens: 0,
+        },
+        model: opts.model,
+        costUsd: 0,
+    };
+}

package/dist/task/daemon.js

@@ -24,6 +24,7 @@ import { readFileSync, writeFileSync, unlinkSync, existsSync, appendFileSync, mk
 import { join } from "node:path";
 import { homedir } from "node:os";
 import { fileURLToPath } from "node:url";
+import { execFileSync } from "node:child_process";
 import YAML from "yaml";
 const TASK_LOG_FILE = join(homedir(), ".clawmoney", "task.log");
 function tsLine(level, msg) {
@@ -47,10 +48,12 @@ function installFileLogger() {
     console.error = (...args) => logToFile("ERROR", ...args);
 }
 import { TaskWsClient } from "./ws-client.js";
-import { getSkill, listSkills } from "./skills/index.js";
+import { getSkill, listSkills, defaultAdvertiseSkills } from "./skills/index.js";
+import { runPreflight, writePreflightReport } from "./preflight.js";
 const CONFIG_DIR = join(homedir(), ".clawmoney");
 const CONFIG_FILE = join(CONFIG_DIR, "config.yaml");
 const PID_FILE = join(CONFIG_DIR, "task.pid");
+const TASK_STATE_FILE = join(CONFIG_DIR, "task-state.json");
 function loadYamlConfig() {
     if (!existsSync(CONFIG_FILE))
         return {};
@@ -75,7 +78,10 @@ function loadConfig() {
         .split(",")
         .map((s) => s.trim())
         .filter(Boolean);
-    const skills = requested.length > 0 ? requested : listSkills();
+    // Default advertise set excludes skills the SpareAPI backend now fetches
+    // directly (YC / IndieHackers / Hacker News); an explicit SKILLS= can still
+    // opt into them since `supported` below is the full registry.
+    const skills = requested.length > 0 ? requested : defaultAdvertiseSkills();
     // Sanity-check: drop anything we can't actually serve so we don't
     // advertise dead skills to the hub.
     const supported = new Set(listSkills());
@@ -128,6 +134,26 @@ function removePid() {
         // ignore
     }
 }
+// Lifecycle phase the desktop app reads to show "service running, checking
+// logins…" during the (possibly slow first-run) preflight, vs "online" once
+// the hub connection is up. Distinct from the pid file, which only says the
+// process exists.
+function writeTaskState(phase) {
+    try {
+        writeFileSync(TASK_STATE_FILE, JSON.stringify({ phase, pid: process.pid, ts: new Date().toISOString() }), "utf-8");
+    }
+    catch {
+        /* best effort */
+    }
+}
+function clearTaskState() {
+    try {
+        unlinkSync(TASK_STATE_FILE);
+    }
+    catch {
+        // ignore
+    }
+}
 async function handleTaskRequest(ws, req) {
     const startedAtMs = Date.now();
     const handler = getSkill(req.skill_id);
@@ -186,10 +212,47 @@ async function handleTaskRequest(ws, req) {
             clearTimeout(timer);
     }
 }
-function main() {
+function applySystemProxy() {
+    // bnbot's publicScrapers honor https_proxy/http_proxy/all_proxy to reach
+    // censored public APIs (wiki/google/...). The daemon's own WS uses the
+    // `ws` lib which ignores these env vars, so this only routes child bnbot
+    // fetches through the proxy. Auto-detect the macOS system proxy when the
+    // operator hasn't set one explicitly.
+    if (process.env.https_proxy || process.env.HTTPS_PROXY ||
+        process.env.all_proxy || process.env.ALL_PROXY) {
+        return;
+    }
+    if (process.platform !== "darwin")
+        return;
+    try {
+        const out = execFileSync("scutil", ["--proxy"], { encoding: "utf8", timeout: 3000 });
+        const get = (key) => out.match(new RegExp(`\\b${key}\\s*:\\s*(\\S+)`))?.[1];
+        let url;
+        if (get("HTTPSEnable") === "1" && get("HTTPSProxy")) {
+            url = `http://${get("HTTPSProxy")}:${get("HTTPSPort") ?? "0"}`;
+        }
+        else if (get("HTTPEnable") === "1" && get("HTTPProxy")) {
+            url = `http://${get("HTTPProxy")}:${get("HTTPPort") ?? "0"}`;
+        }
+        else if (get("SOCKSEnable") === "1" && get("SOCKSProxy")) {
+            url = `socks5://${get("SOCKSProxy")}:${get("SOCKSPort") ?? "0"}`;
+        }
+        if (url) {
+            process.env.https_proxy = url;
+            process.env.http_proxy = url;
+            process.env.all_proxy = url;
+            console.log(`[task] auto-detected system proxy ${url} (routing skill fetches through it)`);
+        }
+    }
+    catch (err) {
+        console.error(`[task] system proxy detection skipped: ${err instanceof Error ? err.message : String(err)}`);
+    }
+}
+async function main() {
     // Daemon was started as a script (stdio:"ignore"); from here on, all
     // log lines should land in ~/.clawmoney/task.log.
     installFileLogger();
+    applySystemProxy();
     const existing = readTaskPid();
     if (existing !== null && isPidAlive(existing)) {
         console.error(`[task] already running (PID ${existing})`);
@@ -200,12 +263,32 @@ function main() {
         console.error("[task] api_key missing — set API_KEY env or run `clawmoney setup`");
         process.exit(1);
     }
+    // Mark the service up the moment config checks out — BEFORE the (possibly
+    // slow first-run) preflight. Two reasons: the app can show "service running,
+    // checking logins…" instead of "not started", and the app's self-heal keys
+    // off the pid file, so writing it now stops it from re-spawning us mid-probe.
+    writePid();
+    writeTaskState("probing");
+    // Preflight: probe each platform's external dependency and drop the ones
+    // that would fail every task (Codex not installed, X not logged in, the
+    // Chrome extension down, …). Writes ~/.clawmoney/preflight.json so the
+    // desktop app can surface a home-screen notice. Re-runs every start, so
+    // fixing the dependency recovers the platform on the next boot.
+    console.log(`[task] preflight on ${config.skills.length} skills…`);
+    const { skills: keptSkills, report } = await runPreflight(config.skills);
+    writePreflightReport(report);
+    config.skills = keptSkills;
+    if (report.summary.droppedSkills > 0) {
+        console.warn(`[task] preflight dropped ${report.summary.droppedSkills} skill(s) across ` +
+            `${report.summary.failed} platform(s): ${report.dropped.join(", ")}`);
+    }
     console.log(`[task] starting daemon hub=${config.hub_url} skills=[${config.skills.join(",")}]`);
     if (config.skills.length === 0) {
         console.error("[task] no skills to advertise — refusing to start");
+        removePid();
+        clearTaskState();
         process.exit(1);
     }
-    writePid();
     // Belt-and-suspenders: even if every other handle (WS, heartbeat,
     // reconnect timer) somehow goes away simultaneously, this interval
     // is unref-less and ref-counted into the event loop, so the daemon
@@ -225,6 +308,7 @@ function main() {
         switch (frame.event) {
             case "connected":
                 console.log(`[task] connected agent_id=${frame.agent_id} name="${frame.agent_name}"`);
+                writeTaskState("online");
                 break;
             case "task_request":
                 void handleTaskRequest(ws, frame);
@@ -241,6 +325,7 @@ function main() {
         console.log(`[task] ${signal} — shutting down`);
         ws.stop();
         removePid();
+        clearTaskState();
         setTimeout(() => process.exit(0), 200);
     };
     process.on("SIGINT", () => shutdown("SIGINT"));
@@ -251,5 +336,8 @@ function main() {
 // the module is imported (e.g. by src/commands/task.ts which only wants
 // to use readTaskPid / isPidAlive helpers).
 if (process.argv[1] === fileURLToPath(import.meta.url)) {
-    main();
+    main().catch((err) => {
+        console.error(`[task] fatal: ${err instanceof Error ? err.stack : String(err)}`);
+        process.exit(1);
+    });
 }

package/dist/task/preflight.d.ts

@@ -0,0 +1,47 @@
+export type PreflightStatus = "ok" | "failed" | "unknown";
+export interface PlatformPreflight {
+    /** Display name surfaced in the app notice. */
+    label: string;
+    /** "local-app" | "web-login" | "social-login" — drives the app hint copy. */
+    category: string;
+    status: PreflightStatus;
+    /** How many advertised skills sit under this platform prefix. */
+    skills: number;
+    /** Human-readable failure reason (only when failed/unknown). */
+    reason?: string;
+    /** Actionable fix shown to the operator. */
+    hint?: string;
+    /** false = nothing the operator can do (e.g. upstream app dropped the
+     *  capability); the app keeps it off the notice banner. Default true. */
+    actionable?: boolean;
+    /** Login page the app can open for the operator to fix a logged-out
+     *  browser platform in one click. */
+    loginUrl?: string;
+}
+export interface PreflightReport {
+    ts: string;
+    /** false when any probed platform failed. */
+    ok: boolean;
+    summary: {
+        checked: number;
+        failed: number;
+        droppedSkills: number;
+    };
+    /** Keyed by platform prefix (the segment before the first dot in a skill_id). */
+    platforms: Record<string, PlatformPreflight>;
+    /** skill_ids removed from the advertise set. */
+    dropped: string[];
+}
+export interface PreflightOutcome {
+    /** Skills that passed (or were never probed) — the advertise set. */
+    skills: string[];
+    report: PreflightReport;
+}
+/**
+ * Probe every platform that has a registered dependency, drop the failures
+ * from the advertise set, and build the report. `unknown` verdicts are
+ * kept advertising (conservative) but recorded so the app can hint.
+ */
+export declare function runPreflight(skills: string[]): Promise<PreflightOutcome>;
+/** Persist the verdict for the desktop app to read on its next dashboard load. */
+export declare function writePreflightReport(report: PreflightReport): void;