coze_lab 0.1.35 → 0.1.37

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "coze_lab",
-  "version": "0.1.35",
+  "version": "0.1.37",
   "description": "Configure local AI agents (Claude Code, Codex, OpenClaw) to report traces to CozeLoop",
   "keywords": [
     "cozeloop",

package/scripts/claude-code/cozeloop_hook.py

@@ -105,11 +105,13 @@ else:
 
 # --- Configuration ---
 DEBUG = os.environ.get("CC_COZELOOP_DEBUG", "").lower() == "true"
-_COZELOOP_CLIENT_ID = "46371084383473718052118955183420.app.coze"
+_COZELOOP_CLIENT_ID = "08972682140163281554629748278108.app.coze"
 _COZE_API = "https://api.coze.cn"
 _OTEL_SUFFIX = "/v1/loop/opentelemetry"
 _REFRESH_THRESHOLD = 10 * 60  # refresh when < 10 minutes remain
-_DEFAULT_WORKSPACE_ID = "7644910356078837760"  # hardcoded spaceID fallback
+_FORCE_REFRESH_COOLDOWN_MS = 60 * 1000
+_REFRESH_LOCK_STALE = 30
+_DEFAULT_WORKSPACE_ID = "7649231955045072915"  # hardcoded spaceID fallback
 
 
 # --- coze-context parsing -------------------------------------------------
@@ -255,6 +257,12 @@ def debug_log(message: str):
 def _get_credentials_path() -> Path:
     return Path.home() / ".cozeloop" / "credentials.json"
 
+def _get_refresh_state_path() -> Path:
+    return Path.home() / ".cozeloop" / "refresh-state.json"
+
+def _get_refresh_lock_path() -> Path:
+    return Path.home() / ".cozeloop" / "refresh-state.lock"
+
 def _load_credentials() -> Optional[Dict]:
     path = _get_credentials_path()
     if not path.exists():
@@ -270,6 +278,55 @@ def _save_credentials(creds: Dict):
     path.write_text(json.dumps(creds, indent=2))
     os.chmod(path, 0o600)
 
+def _load_refresh_state() -> Dict[str, Any]:
+    path = _get_refresh_state_path()
+    if not path.exists():
+        return {}
+    try:
+        return json.loads(path.read_text())
+    except Exception:
+        return {}
+
+def _save_refresh_state(patch: Dict[str, Any]):
+    path = _get_refresh_state_path()
+    try:
+        path.parent.mkdir(parents=True, exist_ok=True)
+        state = _load_refresh_state()
+        state.update(patch)
+        path.write_text(json.dumps(state, indent=2))
+        os.chmod(path, 0o600)
+    except Exception:
+        pass
+
+def _with_refresh_lock(fn):
+    lock_path = _get_refresh_lock_path()
+    lock_path.parent.mkdir(parents=True, exist_ok=True)
+    for _ in range(24):
+        fd = None
+        try:
+            fd = os.open(str(lock_path), os.O_CREAT | os.O_EXCL | os.O_WRONLY, 0o600)
+            try:
+                return fn()
+            finally:
+                try:
+                    os.close(fd)
+                except Exception:
+                    pass
+                try:
+                    lock_path.unlink()
+                except Exception:
+                    pass
+        except FileExistsError:
+            try:
+                if time.time() - lock_path.stat().st_mtime > _REFRESH_LOCK_STALE:
+                    lock_path.unlink()
+                    continue
+            except Exception:
+                pass
+            time.sleep(0.25)
+    hook_log("forced refresh skipped because refresh lock is busy")
+    return None
+
 def _refresh_token(refresh_token: str) -> Optional[str]:
     """Call Coze refresh token API. Returns new access_token or None on failure."""
     try:
@@ -283,8 +340,6 @@ def _refresh_token(refresh_token: str) -> Optional[str]:
             data=payload,
             headers={
                 "Content-Type": "application/json",
-                "x-tt-env": "ppe_cozelab",
-                "x-use-ppe": "1",
             },
         )
         with urllib.request.urlopen(req, timeout=10) as resp:
@@ -304,6 +359,56 @@ def _refresh_token(refresh_token: str) -> Optional[str]:
         debug_log(f"Token refresh failed: {e}")
     return None
 
+def force_refresh_token_after_upload_failure(reason: str = "upload_failure", current_token: Optional[str] = None) -> Optional[str]:
+    """Force-refresh local credentials after an upload failure, with cross-process throttling."""
+    is_cloud = os.environ.get("COZELAB_ONBOARD_CLOUD", "").lower() in ("1", "true", "yes")
+    if is_cloud:
+        hook_log("upload failure token refresh skipped in cloud mode")
+        return None
+
+    creds = _load_credentials()
+    if not creds or not creds.get("refresh_token"):
+        hook_log("upload failure token refresh skipped; no local refresh_token")
+        return None
+
+    cached = creds.get("access_token")
+    now_ms = int(time.time() * 1000)
+    last_ms = int(_load_refresh_state().get("last_forced_refresh_ms", 0) or 0)
+    if last_ms and now_ms - last_ms < _FORCE_REFRESH_COOLDOWN_MS:
+        if cached and cached != current_token:
+            hook_log("forced refresh throttled; reuse newer cached token")
+            return cached
+        hook_log(f"forced refresh throttled ageMs={now_ms - last_ms}")
+        return None
+
+    def _locked_refresh():
+        locked_creds = _load_credentials()
+        if not locked_creds or not locked_creds.get("refresh_token"):
+            hook_log("forced refresh skipped in lock; credentials missing")
+            return None
+        locked_cached = locked_creds.get("access_token")
+        locked_now_ms = int(time.time() * 1000)
+        locked_last_ms = int(_load_refresh_state().get("last_forced_refresh_ms", 0) or 0)
+        if locked_last_ms and locked_now_ms - locked_last_ms < _FORCE_REFRESH_COOLDOWN_MS:
+            if locked_cached and locked_cached != current_token:
+                hook_log("forced refresh already done by another process; reuse token")
+                return locked_cached
+            hook_log(f"forced refresh skipped in lock ageMs={locked_now_ms - locked_last_ms}")
+            return None
+        _save_refresh_state({
+            "last_forced_refresh_ms": locked_now_ms,
+            "last_reason": (reason or "upload_failure")[:120],
+        })
+        hook_log(f"forced token refresh after upload failure reason={(reason or 'upload_failure')[:120]}")
+        refreshed = _refresh_token(locked_creds["refresh_token"])
+        if refreshed:
+            hook_log("forced token refresh OK")
+        else:
+            hook_log("forced token refresh FAILED")
+        return refreshed
+
+    return _with_refresh_lock(_locked_refresh)
+
 def _normalize_api_base_url(url: str) -> str:
     base = (url or "").strip().rstrip("/")
     if not base:
@@ -962,7 +1067,7 @@ def _build_history_messages(history_turns: List[Dict[str, Any]]) -> list:
 
 # --- CozeLoop Trace Reporting ---
 
-def send_turns_to_cozeloop(turns: List[Dict[str, Any]], session_id: str, history_turns: Optional[List[Dict[str, Any]]] = None):
+def send_turns_to_cozeloop(turns: List[Dict[str, Any]], session_id: str, history_turns: Optional[List[Dict[str, Any]]] = None, retry_on_auth_failure: bool = True):
     """Send conversation turns to CozeLoop.
 
     Span hierarchy:
@@ -1462,6 +1567,12 @@ def send_turns_to_cozeloop(turns: List[Dict[str, Any]], session_id: str, history
 
     if upload_events:
         debug_log(f"Upload failed, state not advanced. Last failure: {upload_events[-1][:500]}")
+        if retry_on_auth_failure:
+            new_token = force_refresh_token_after_upload_failure(upload_events[-1], token)
+            if new_token:
+                os.environ["COZELOOP_API_TOKEN"] = new_token
+                hook_log("retry upload once after forced token refresh")
+                return send_turns_to_cozeloop(turns, session_id, history_turns, retry_on_auth_failure=False)
         return None
 
     return True

package/scripts/codex/cozeloop_hook.py

@@ -42,10 +42,12 @@ from pathlib import Path
 from typing import Optional, List, Dict, Any
 
 # --- Token refresh --------------------------------------------------------
-_COZELOOP_CLIENT_ID = "46371084383473718052118955183420.app.coze"
+_COZELOOP_CLIENT_ID = "08972682140163281554629748278108.app.coze"
 _COZE_API = "https://api.coze.cn"
 _REFRESH_THRESHOLD = 10 * 60
-_DEFAULT_WORKSPACE_ID = "7644910356078837760"  # hardcoded spaceID fallback
+_FORCE_REFRESH_COOLDOWN_MS = 60 * 1000
+_REFRESH_LOCK_STALE = 30
+_DEFAULT_WORKSPACE_ID = "7649231955045072915"  # hardcoded spaceID fallback
 _OTEL_SUFFIX = "/v1/loop/opentelemetry"
 
 
@@ -168,6 +170,12 @@ def _make_finish_event_processor(upload_events: Optional[List[str]] = None):
 def _get_credentials_path() -> Path:
     return Path.home() / ".cozeloop" / "credentials.json"
 
+def _get_refresh_state_path() -> Path:
+    return Path.home() / ".cozeloop" / "refresh-state.json"
+
+def _get_refresh_lock_path() -> Path:
+    return Path.home() / ".cozeloop" / "refresh-state.lock"
+
 def _load_credentials():
     path = _get_credentials_path()
     if not path.exists():
@@ -183,6 +191,55 @@ def _save_credentials(creds):
     path.write_text(json.dumps(creds, indent=2))
     os.chmod(path, 0o600)
 
+def _load_refresh_state():
+    path = _get_refresh_state_path()
+    if not path.exists():
+        return {}
+    try:
+        return json.loads(path.read_text())
+    except Exception:
+        return {}
+
+def _save_refresh_state(patch):
+    path = _get_refresh_state_path()
+    try:
+        path.parent.mkdir(parents=True, exist_ok=True)
+        state = _load_refresh_state()
+        state.update(patch)
+        path.write_text(json.dumps(state, indent=2))
+        os.chmod(path, 0o600)
+    except Exception:
+        pass
+
+def _with_refresh_lock(fn):
+    lock_path = _get_refresh_lock_path()
+    lock_path.parent.mkdir(parents=True, exist_ok=True)
+    for _ in range(24):
+        fd = None
+        try:
+            fd = os.open(str(lock_path), os.O_CREAT | os.O_EXCL | os.O_WRONLY, 0o600)
+            try:
+                return fn()
+            finally:
+                try:
+                    os.close(fd)
+                except Exception:
+                    pass
+                try:
+                    lock_path.unlink()
+                except Exception:
+                    pass
+        except FileExistsError:
+            try:
+                if time.time() - lock_path.stat().st_mtime > _REFRESH_LOCK_STALE:
+                    lock_path.unlink()
+                    continue
+            except Exception:
+                pass
+            time.sleep(0.25)
+    hook_log("forced refresh skipped because refresh lock is busy")
+    return None
+
 def _refresh_token(refresh_tok: str):
     try:
         payload = json.dumps({
@@ -195,8 +252,6 @@ def _refresh_token(refresh_tok: str):
             data=payload,
             headers={
                 "Content-Type": "application/json",
-                "x-tt-env": "ppe_cozelab",
-                "x-use-ppe": "1",
             },
         )
         with urllib.request.urlopen(req, timeout=10) as resp:
@@ -215,6 +270,55 @@ def _refresh_token(refresh_tok: str):
         pass
     return None
 
+def force_refresh_token_after_upload_failure(reason: str = "upload_failure", current_token: Optional[str] = None):
+    is_cloud = os.environ.get("COZELAB_ONBOARD_CLOUD", "").lower() in ("1", "true", "yes")
+    if is_cloud:
+        hook_log("upload failure token refresh skipped in cloud mode")
+        return None
+
+    creds = _load_credentials()
+    if not creds or not creds.get("refresh_token"):
+        hook_log("upload failure token refresh skipped; no local refresh_token")
+        return None
+
+    cached = creds.get("access_token")
+    now_ms = int(time.time() * 1000)
+    last_ms = int(_load_refresh_state().get("last_forced_refresh_ms", 0) or 0)
+    if last_ms and now_ms - last_ms < _FORCE_REFRESH_COOLDOWN_MS:
+        if cached and cached != current_token:
+            hook_log("forced refresh throttled; reuse newer cached token")
+            return cached
+        hook_log(f"forced refresh throttled ageMs={now_ms - last_ms}")
+        return None
+
+    def _locked_refresh():
+        locked_creds = _load_credentials()
+        if not locked_creds or not locked_creds.get("refresh_token"):
+            hook_log("forced refresh skipped in lock; credentials missing")
+            return None
+        locked_cached = locked_creds.get("access_token")
+        locked_now_ms = int(time.time() * 1000)
+        locked_last_ms = int(_load_refresh_state().get("last_forced_refresh_ms", 0) or 0)
+        if locked_last_ms and locked_now_ms - locked_last_ms < _FORCE_REFRESH_COOLDOWN_MS:
+            if locked_cached and locked_cached != current_token:
+                hook_log("forced refresh already done by another process; reuse token")
+                return locked_cached
+            hook_log(f"forced refresh skipped in lock ageMs={locked_now_ms - locked_last_ms}")
+            return None
+        _save_refresh_state({
+            "last_forced_refresh_ms": locked_now_ms,
+            "last_reason": (reason or "upload_failure")[:120],
+        })
+        hook_log(f"forced token refresh after upload failure reason={(reason or 'upload_failure')[:120]}")
+        refreshed = _refresh_token(locked_creds["refresh_token"])
+        if refreshed:
+            hook_log("forced token refresh OK")
+        else:
+            hook_log("forced token refresh FAILED")
+        return refreshed
+
+    return _with_refresh_lock(_locked_refresh)
+
 
 def _normalize_api_base_url(url: str) -> str:
     base = (url or "").strip().rstrip("/")
@@ -967,7 +1071,8 @@ def _make_model_message(role: str, content: str = "", tool_calls: list = None,
 
 
 def send_turns_to_cozeloop(turns: List[Dict[str, Any]], session_id: str, model_name: str = "codex",
-                           history_context: Optional[List[Dict[str, Any]]] = None) -> Optional[List[Dict[str, Any]]]:
+                           history_context: Optional[List[Dict[str, Any]]] = None,
+                           retry_on_auth_failure: bool = True) -> Optional[List[Dict[str, Any]]]:
     """Send conversation turns to CozeLoop for tracing.
 
     Span hierarchy:
@@ -1389,6 +1494,18 @@ def send_turns_to_cozeloop(turns: List[Dict[str, Any]], session_id: str, model_n
 
     if upload_events:
         hook_log(f"upload failed state not advanced failures={len(upload_events)} detail={upload_events[-1][:500]}")
+        if retry_on_auth_failure:
+            new_token = force_refresh_token_after_upload_failure(upload_events[-1], token)
+            if new_token:
+                os.environ["COZELOOP_API_TOKEN"] = new_token
+                hook_log("retry upload once after forced token refresh")
+                return send_turns_to_cozeloop(
+                    turns,
+                    session_id,
+                    model_name,
+                    history_context,
+                    retry_on_auth_failure=False,
+                )
         return None
 
     return ctx

package/scripts/openclaw/dist/cozeloop-exporter.js

@@ -5,7 +5,7 @@ import { ATTR_SERVICE_NAME, ATTR_SERVICE_INSTANCE_ID } from "@opentelemetry/sema
 import { hostname } from "os";
 import { basename, join } from "path";
 import { createRequire } from "node:module";
-import { readFileSync, writeFileSync, mkdirSync, appendFileSync } from "fs";
+import { readFileSync, writeFileSync, mkdirSync, appendFileSync, openSync, closeSync, unlinkSync, statSync } from "fs";
 import { homedir } from "os";
 import http from "http";
 import https from "https";
@@ -22,10 +22,14 @@ const CLIENT_USER_AGENT = {
 };
 
 // ── Token refresh helpers ─────────────────────────────────────────────────
-const _CLIENT_ID = "46371084383473718052118955183420.app.coze";
+const _CLIENT_ID = "08972682140163281554629748278108.app.coze";
 const _COZE_API  = "https://api.coze.cn";
 const _REFRESH_THRESHOLD_MS = 10 * 60 * 1000;
+const _FORCE_REFRESH_COOLDOWN_MS = 60 * 1000;
+const _REFRESH_LOCK_STALE_MS = 30 * 1000;
 const _CREDS_PATH = join(homedir(), ".cozeloop", "credentials.json");
+const _REFRESH_STATE_PATH = join(homedir(), ".cozeloop", "refresh-state.json");
+const _REFRESH_LOCK_PATH = join(homedir(), ".cozeloop", "refresh-state.lock");
 
 function _loadCreds() {
     try { return JSON.parse(readFileSync(_CREDS_PATH, "utf8")); }
@@ -39,12 +43,66 @@ function _saveCreds(c) {
     } catch { /* non-fatal */ }
 }
 
+function _loadRefreshState() {
+    try { return JSON.parse(readFileSync(_REFRESH_STATE_PATH, "utf8")); }
+    catch { return {}; }
+}
+
+function _saveRefreshState(patch) {
+    try {
+        mkdirSync(join(homedir(), ".cozeloop"), { recursive: true });
+        const state = { ..._loadRefreshState(), ...patch };
+        writeFileSync(_REFRESH_STATE_PATH, JSON.stringify(state, null, 2), { mode: 0o600 });
+    } catch { /* non-fatal */ }
+}
+
+function _authorizationFromCreds(creds) {
+    return creds?.access_token ? `Bearer ${creds.access_token}` : null;
+}
+
+function _sleep(ms) {
+    return new Promise(resolve => setTimeout(resolve, ms));
+}
+
+async function _withRefreshLock(logFile, fn) {
+    mkdirSync(join(homedir(), ".cozeloop"), { recursive: true });
+    for (let i = 0; i < 24; i++) {
+        let fd = null;
+        try {
+            fd = openSync(_REFRESH_LOCK_PATH, "wx", 0o600);
+            try {
+                return await fn();
+            }
+            finally {
+                try { if (fd !== null) closeSync(fd); } catch { /* ignore */ }
+                try { unlinkSync(_REFRESH_LOCK_PATH); } catch { /* ignore */ }
+            }
+        }
+        catch (err) {
+            if (err?.code !== "EEXIST") {
+                fileLog(logFile, `[auth] refresh lock error=${err?.message || err}`);
+                return null;
+            }
+            try {
+                const ageMs = Date.now() - statSync(_REFRESH_LOCK_PATH).mtimeMs;
+                if (ageMs > _REFRESH_LOCK_STALE_MS) {
+                    unlinkSync(_REFRESH_LOCK_PATH);
+                    continue;
+                }
+            } catch { /* ignore */ }
+            await _sleep(250);
+        }
+    }
+    fileLog(logFile, "[auth] refresh lock busy; skip forced refresh");
+    return null;
+}
+
 async function _refreshToken(refreshTok) {
     return new Promise((resolve) => {
         const body = JSON.stringify({ grant_type: "refresh_token", client_id: _CLIENT_ID, refresh_token: refreshTok });
         const req = https.request(`${_COZE_API}/api/permission/oauth2/token`, {
             method: "POST",
-            headers: { "Content-Type": "application/json", "Content-Length": Buffer.byteLength(body), "x-tt-env": "ppe_cozelab", "x-use-ppe": "1" },
+            headers: { "Content-Type": "application/json", "Content-Length": Buffer.byteLength(body) },
         }, (res) => {
             let buf = "";
             res.on("data", c => buf += c);
@@ -72,8 +130,65 @@ async function _refreshToken(refreshTok) {
     });
 }
 
+async function _forceRefreshToken(currentAuthorization, opts = {}) {
+    const logFile = opts.logFile;
+    const creds = _loadCreds();
+    if (!creds?.refresh_token) {
+        fileLog(logFile, "[auth] upload failed but no local refresh_token is available");
+        return null;
+    }
+
+    const cachedAuth = _authorizationFromCreds(creds);
+    const now = Date.now();
+    const state = _loadRefreshState();
+    const lastForced = Number(state.last_forced_refresh_ms || 0);
+    if (lastForced && now - lastForced < _FORCE_REFRESH_COOLDOWN_MS) {
+        if (cachedAuth && cachedAuth !== currentAuthorization) {
+            fileLog(logFile, `[auth] forced refresh throttled; reuse newer cached token tokenLength=${cachedAuth.length}`);
+            return cachedAuth;
+        }
+        fileLog(logFile, `[auth] forced refresh throttled ageMs=${now - lastForced}`);
+        return null;
+    }
+
+    return _withRefreshLock(logFile, async () => {
+        const lockedCreds = _loadCreds();
+        if (!lockedCreds?.refresh_token) {
+            fileLog(logFile, "[auth] forced refresh skipped; credentials disappeared");
+            return null;
+        }
+        const lockedCachedAuth = _authorizationFromCreds(lockedCreds);
+        const lockedState = _loadRefreshState();
+        const lockedLastForced = Number(lockedState.last_forced_refresh_ms || 0);
+        const lockedNow = Date.now();
+        if (lockedLastForced && lockedNow - lockedLastForced < _FORCE_REFRESH_COOLDOWN_MS) {
+            if (lockedCachedAuth && lockedCachedAuth !== currentAuthorization) {
+                fileLog(logFile, `[auth] forced refresh already done by another process; reuse tokenLength=${lockedCachedAuth.length}`);
+                return lockedCachedAuth;
+            }
+            fileLog(logFile, `[auth] forced refresh skipped in lock ageMs=${lockedNow - lockedLastForced}`);
+            return null;
+        }
+
+        _saveRefreshState({
+            last_forced_refresh_ms: lockedNow,
+            last_reason: String(opts.reason || "upload_failure").slice(0, 120),
+        });
+        fileLog(logFile, `[auth] forced token refresh after local upload failure reason=${String(opts.reason || "upload_failure").slice(0, 120)}`);
+        const newToken = await _refreshToken(lockedCreds.refresh_token);
+        if (!newToken) {
+            fileLog(logFile, "[auth] forced token refresh FAILED");
+            return null;
+        }
+        const freshAuth = `Bearer ${newToken}`;
+        fileLog(logFile, `[auth] forced token refresh OK tokenLength=${freshAuth.length}`);
+        return freshAuth;
+    });
+}
+
 async function getRefreshedToken(currentAuthorization, opts = {}) {
     if (opts.disableLocalCredentials) return currentAuthorization;
+    if (opts.force) return _forceRefreshToken(currentAuthorization, opts);
     const creds = _loadCreds();
     if (!creds) return currentAuthorization; // no creds file, keep as-is
     const remaining = (creds.expires_at ?? 0) - Date.now();
@@ -287,6 +402,7 @@ class CozeloopIngestExporter {
         this.logFile = config.logFile;
         this.workspaceId = config.workspaceId;
         this.serviceName = config.serviceName;
+        this.onAuthFailure = config.onAuthFailure;
         this.shutdownRequested = false;
         fileLog(this.logFile, `[ingest] exporter ready url=${this.url} workspaceId=${this.workspaceId}`);
     }
@@ -310,7 +426,43 @@ class CozeloopIngestExporter {
                 serviceName: this.serviceName,
             })),
         };
-        fileLog(this.logFile, `[ingest] POST url=${this.url} spans=${body.spans.length}`);
+        try {
+            await this.postBody(body, false);
+        }
+        catch (err) {
+            const freshAuth = await this.refreshAuthorizationAfterFailure(err);
+            if (!freshAuth) {
+                throw err;
+            }
+            this.headers = { ...this.headers, Authorization: freshAuth };
+            fileLog(this.logFile, `[ingest] retry after token refresh url=${this.url} spans=${body.spans.length}`);
+            try {
+                await this.postBody(body, true);
+            }
+            catch (retryErr) {
+                throw new Error(`retry after token refresh failed: ${retryErr?.message || retryErr}`);
+            }
+        }
+    }
+    async refreshAuthorizationAfterFailure(err) {
+        if (typeof this.onAuthFailure !== "function")
+            return null;
+        fileLog(this.logFile, `[auth] local upload failure triggers refresh attempt err=${String(err?.message || err).slice(0, 300)}`);
+        try {
+            const current = this.headers?.Authorization || "";
+            const fresh = await this.onAuthFailure(current, err);
+            if (fresh && fresh !== current) {
+                return fresh;
+            }
+            fileLog(this.logFile, "[auth] no newer authorization available for retry");
+        }
+        catch (refreshErr) {
+            fileLog(this.logFile, `[auth] refresh attempt threw error=${refreshErr?.message || refreshErr}`);
+        }
+        return null;
+    }
+    async postBody(body, retry) {
+        fileLog(this.logFile, `[ingest] ${retry ? "RETRY " : ""}POST url=${this.url} spans=${body.spans.length}`);
         const res = await postJson(this.url, body, this.headers);
         if (res.status < 200 || res.status >= 300) {
             const snippet = String(res.body || "").slice(0, 300);
@@ -331,7 +483,7 @@ class CozeloopIngestExporter {
                 }
             }
         }
-        fileLog(this.logFile, `[ingest] OK HTTP ${res.status} spans=${body.spans.length}`);
+        fileLog(this.logFile, `[ingest] OK HTTP ${res.status} spans=${body.spans.length}${retry ? " retry=1" : ""}`);
     }
     async forceFlush() {
         return;
@@ -416,6 +568,20 @@ export class CozeloopExporter {
             this.config.authorization = "";
         }
     }
+    async refreshAuthAfterUploadFailure(currentAuthorization, err) {
+        const fresh = await getRefreshedToken(currentAuthorization || this.config.authorization, {
+            disableLocalCredentials: this.config.disableLocalCredentials,
+            force: true,
+            reason: err?.message || "upload_failure",
+            logFile: this.config.logFile,
+        });
+        if (fresh && fresh !== currentAuthorization) {
+            this.api.logger.info("[CozeloopTrace] Token refreshed after upload failure; retrying export...");
+            this.config.authorization = fresh;
+            return fresh;
+        }
+        return null;
+    }
     async ensureInitialized() {
         if (this.initialized)
             return;
@@ -443,12 +609,11 @@ export class CozeloopExporter {
             logFile: this.config.logFile,
             workspaceId,
             serviceName: this.config.serviceName,
+            onAuthFailure: (currentAuthorization, err) => this.refreshAuthAfterUploadFailure(currentAuthorization, err),
             headers: {
                 "Authorization": authorization,
                 "User-Agent": `openclaw-cozeloop-trace/${PLUGIN_VERSION} node/${process.versions.node}`,
                 "X-Coze-Client-User-Agent": JSON.stringify(CLIENT_USER_AGENT),
-                "x-tt-env": "ppe_cozelab",
-                "x-use-ppe": "1",
             },
         });
         this.provider = new BasicTracerProvider({ resource });

package/scripts/openclaw/openclaw.plugin.json

@@ -1,7 +1,7 @@
 {
   "id": "openclaw-cozeloop-trace",
   "name": "OpenClaw CozeLoop Trace",
-  "version": "0.1.18",
+  "version": "0.1.19",
   "description": "Report OpenClaw execution traces to CozeLoop via OpenTelemetry",
   "type": "plugin",
   "entry": "./dist/index.js",

package/scripts/openclaw/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cozeloop/openclaw-cozeloop-trace",
-  "version": "0.1.18",
+  "version": "0.1.19",
   "description": "OpenClaw Plugin for reporting traces to CozeLoop via OpenTelemetry",
   "type": "module",
   "main": "dist/index.js",

package/scripts/shared/cozeloop_refresh.py

@@ -7,7 +7,7 @@ Writes the fresh token back so subsequent Stop hooks pick it up.
 import json, os, sys, time, urllib.request
 from pathlib import Path
 
-CLIENT_ID = "46371084383473718052118955183420.app.coze"
+CLIENT_ID = "08972682140163281554629748278108.app.coze"
 COZE_API  = "https://api.coze.cn"
 THRESHOLD = 10 * 60  # 10 minutes
 CREDS     = Path.home() / ".cozeloop" / "credentials.json"
@@ -27,8 +27,6 @@ def refresh(rt):
         req = urllib.request.Request(f"{COZE_API}/api/permission/oauth2/token",
             data=body, headers={
                 "Content-Type":"application/json",
-                "x-tt-env":"ppe_cozelab",
-                "x-use-ppe":"1",
             })
         with urllib.request.urlopen(req, timeout=10) as r:
             d = json.loads(r.read())