gigaclaw 1.9.1 → 1.9.2

package/api/index.js

@@ -31,7 +31,7 @@ function getFireTriggers() {
 }
 
 // Routes that have their own authentication
-const PUBLIC_ROUTES = ['/telegram/webhook', '/github/webhook', '/ping'];
+const PUBLIC_ROUTES = ['/telegram/webhook', '/github/webhook', '/ping', '/health', '/debug'];
 
 /**
  * Timing-safe string comparison.
@@ -270,6 +270,36 @@ async function GET(request) {
 
   switch (routePath) {
     case '/ping':           return Response.json({ message: 'Pong!' });
+    case '/health': {
+      const { handleHealthCheck } = await import('../lib/api/health.js');
+      const result = await handleHealthCheck();
+      const status = result.status === 'unhealthy' ? 503 : 200;
+      return Response.json(result, { status });
+    }
+    case '/debug': {
+      const { handleHealthCheck } = await import('../lib/api/health.js');
+      const health = await handleHealthCheck();
+      return Response.json({
+        ...health,
+        env: {
+          NODE_ENV: process.env.NODE_ENV,
+          GIGACLAW_MODE: process.env.GIGACLAW_MODE,
+          LLM_PROVIDER: process.env.LLM_PROVIDER,
+          LLM_MODEL: process.env.LLM_MODEL,
+          LOCAL_LLM_PROVIDER: process.env.LOCAL_LLM_PROVIDER,
+          HYBRID_ROUTING: process.env.HYBRID_ROUTING,
+          ENABLE_CRON: process.env.ENABLE_CRON,
+          AUTH_TRUST_HOST: process.env.AUTH_TRUST_HOST,
+          // Never expose secrets — just show if they are set
+          AUTH_SECRET: process.env.AUTH_SECRET ? '[set]' : '[missing]',
+          NEXTAUTH_SECRET: process.env.NEXTAUTH_SECRET ? '[set]' : '[missing]',
+          JWT_SECRET: process.env.JWT_SECRET ? '[set]' : '[missing]',
+          ANTHROPIC_API_KEY: process.env.ANTHROPIC_API_KEY ? '[set]' : '[missing]',
+        },
+        uptime: process.uptime(),
+        memory: process.memoryUsage(),
+      });
+    }
     case '/jobs/status':    return handleJobStatus(request);
     default:                return Response.json({ error: 'Not found' }, { status: 404 });
   }

package/bin/bootstrap.mjs

@@ -31,13 +31,14 @@ const PACKAGE_DIR = path.join(__dirname, '..');
 // Replaces verbose npm/node output with clean phase-aware status lines.
 
 const PHASES = {
-  ENV:    '[ 1/7 ] Detecting environment',
-  DIR:    '[ 2/7 ] Creating project directory',
-  SCAF:   '[ 3/7 ] Scaffolding project files',
-  DEPS:   '[ 4/7 ] Installing dependencies',
-  SETUP:  '[ 5/7 ] Configuring GigaClaw',
-  ENV_W:  '[ 6/7 ] Writing .env',
-  START:  '[ 7/7 ] Starting dev server',
+  ENV:    '[ 1/8 ] Detecting environment',
+  DIR:    '[ 2/8 ] Creating project directory',
+  SCAF:   '[ 3/8 ] Scaffolding project files',
+  DEPS:   '[ 4/8 ] Installing dependencies',
+  SETUP:  '[ 5/8 ] Configuring GigaClaw',
+  ENV_W:  '[ 6/8 ] Writing .env',
+  START:  '[ 7/8 ] Starting dev server',
+  HEALTH: '[ 8/8 ] Validating system health',
 };
 
 function log(phase, msg) {
@@ -81,6 +82,14 @@ function printBanner() {
 const SLEEP = (ms) => new Promise((r) => setTimeout(r, ms));
 
 async function installDependencies(cwd) {
+  // Support --clean-install: delete node_modules and lockfile before install
+  if (process.env.GIGACLAW_CLEAN_INSTALL === 'true') {
+    logStep('Clean install requested — removing node_modules and lockfile...');
+    const nm = path.join(cwd, 'node_modules');
+    const lf = path.join(cwd, 'package-lock.json');
+    if (fs.existsSync(nm)) fs.rmSync(nm, { recursive: true, force: true });
+    if (fs.existsSync(lf)) fs.unlinkSync(lf);
+  }
   const MAX_ATTEMPTS = 3;
   const BACKOFF = [2000, 5000, 10000]; // exponential: 2s, 5s, 10s
 
@@ -185,36 +194,69 @@ async function runSmartSetup(cwd, envInfo, port = 3000) {
 
   const authSecret = randomBytes(32).toString('base64url');
   const nextAuthSecret = randomBytes(32).toString('base64url');
+  const jwtSecret = randomBytes(32).toString('base64url');
 
   const localModel = envInfo.ollamaModels.length > 0
     ? envInfo.ollamaModels[0]
     : recommendOllamaModel(envInfo.ramGb);
 
+  // Determine operating mode based on available infrastructure
+  // If an existing .env has ANTHROPIC_API_KEY, preserve hybrid mode
+  const existingEnv = fs.existsSync(path.join(cwd, '.env'))
+    ? fs.readFileSync(path.join(cwd, '.env'), 'utf-8')
+    : '';
+  const hasApiKey = /^ANTHROPIC_API_KEY=.+$/m.test(existingEnv)
+    || /^OPENAI_API_KEY=.+$/m.test(existingEnv)
+    || /^GOOGLE_API_KEY=.+$/m.test(existingEnv);
+  const hasOllama = envInfo.ollama;
+
+  let mode, llmProvider, llmModel;
+  if (hasApiKey) {
+    // User has a cloud API key — use hybrid mode
+    mode = 'hybrid';
+    llmProvider = 'anthropic';
+    llmModel = 'claude-sonnet-4-6';
+  } else if (hasOllama) {
+    // No cloud key but Ollama is running — local-only mode
+    mode = 'local';
+    llmProvider = 'ollama';
+    llmModel = localModel;
+  } else {
+    // No cloud key, no Ollama — local mode with placeholder (UI will still load)
+    mode = 'local';
+    llmProvider = 'ollama';
+    llmModel = localModel;
+  }
+
   const envVars = {
-    // Mode
-    GIGACLAW_MODE: 'hybrid',
+    // Mode — auto-detected based on available infrastructure
+    GIGACLAW_MODE: mode,
 
-    // Cloud: default to Claude Sonnet (user can change via npm run setup)
-    LLM_PROVIDER: 'anthropic',
-    LLM_MODEL: 'claude-sonnet-4-6',
-    // Note: ANTHROPIC_API_KEY intentionally left blank — user must provide it
-    ANTHROPIC_API_KEY: '',
+    // Primary LLM
+    LLM_PROVIDER: llmProvider,
+    LLM_MODEL: llmModel,
+    // Cloud API key — only set if not already present
+    ...(hasApiKey ? {} : { ANTHROPIC_API_KEY: '' }),
 
     // Local: Ollama if running, else blank
-    LOCAL_LLM_PROVIDER: envInfo.ollama ? 'ollama' : '',
-    LOCAL_LLM_MODEL: envInfo.ollama ? localModel : '',
+    LOCAL_LLM_PROVIDER: hasOllama ? 'ollama' : '',
+    LOCAL_LLM_MODEL: hasOllama ? localModel : '',
     OLLAMA_BASE_URL: 'http://localhost:11434',
 
     // Routing
-    HYBRID_ROUTING: 'auto',
+    HYBRID_ROUTING: mode === 'hybrid' ? 'auto' : 'local',
 
-    // Auth
+    // Auth & JWT
     NEXTAUTH_URL: `http://localhost:${port}`,
     AUTH_URL: `http://localhost:${port}`,
     NEXTAUTH_SECRET: nextAuthSecret,
     AUTH_SECRET: authSecret,
+    JWT_SECRET: jwtSecret,
     AUTH_TRUST_HOST: 'true',
 
+    // Cron control — disabled until health check passes
+    ENABLE_CRON: 'false',
+
     // Version
     GIGACLAW_VERSION: JSON.parse(
       fs.readFileSync(path.join(PACKAGE_DIR, 'package.json'), 'utf8')
@@ -288,21 +330,37 @@ async function startDevServer(cwd, port) {
     logWarn(`Port 3000 is in use — using port ${port}`);
   }
 
+  // Read mode from .env for the info box
+  let displayMode = 'Local';
+  try {
+    const envContent = fs.readFileSync(path.join(cwd, '.env'), 'utf-8');
+    const modeMatch = envContent.match(/^GIGACLAW_MODE=(.*)$/m);
+    if (modeMatch && modeMatch[1].trim() === 'hybrid') displayMode = 'Hybrid (Cloud + Local)';
+    else if (modeMatch && modeMatch[1].trim() === 'local') displayMode = 'Local (On-Device)';
+  } catch (_) {}
+
+  const modeStr = `Mode:     ${displayMode}`;
   console.log(`
   ┌─────────────────────────────────────────────────────────┐
   │                                                         │
   │   GigaClaw is starting...                               │
   │                                                         │
   │   App URL:  http://localhost:${port}${' '.repeat(Math.max(0, 22 - String(port).length))}│
-  │   Mode:     Hybrid (Cloud + Local)                      │
+  │   ${modeStr}${' '.repeat(Math.max(0, 52 - modeStr.length))}│
   │                                                         │
-  │   Next step: add your ANTHROPIC_API_KEY to .env         │
-  │   or run:   npm run setup  for the full wizard          │
+  │   Run: npm run setup  for the full wizard               │
   │                                                         │
   └─────────────────────────────────────────────────────────┘
 `);
 
-  logStep(`Launching Next.js dev server (turbopack) on port ${port}...`);
+  // Clean stale .next build cache to avoid chunk load errors
+  const nextDir = path.join(cwd, '.next');
+  if (fs.existsSync(nextDir)) {
+    logStep('Removing stale .next build cache...');
+    fs.rmSync(nextDir, { recursive: true, force: true });
+  }
+
+  logStep(`Launching Next.js dev server on port ${port}...`);
 
   const child = spawn('npm', ['run', 'dev', '--', '--port', String(port)], {
     cwd,
@@ -416,8 +474,24 @@ export async function bootstrap() {
     }
 
     if (!isExistingProject) {
-      const dirName = 'gigaclaw-app';
-      const newDir = path.resolve(cwd, dirName);
+      let dirName = 'gigaclaw-app';
+      let newDir = path.resolve(cwd, dirName);
+      // If gigaclaw-app already exists and is not a gigaclaw project, use a unique suffix
+      if (fs.existsSync(newDir)) {
+        const existingPkg = path.join(newDir, 'package.json');
+        let isGigaclawDir = false;
+        if (fs.existsSync(existingPkg)) {
+          try {
+            const p = JSON.parse(fs.readFileSync(existingPkg, 'utf8'));
+            if (p.dependencies?.gigaclaw || p.devDependencies?.gigaclaw) isGigaclawDir = true;
+          } catch (_) {}
+        }
+        if (!isGigaclawDir) {
+          const suffix = Date.now().toString(36).slice(-4);
+          dirName = `gigaclaw-app-${suffix}`;
+          newDir = path.resolve(cwd, dirName);
+        }
+      }
       fs.mkdirSync(newDir, { recursive: true });
       process.chdir(newDir);
       cwd = newDir;
@@ -462,19 +536,91 @@ export async function bootstrap() {
       process.exit(1);
     }
   } else {
-    log(PHASES.SETUP, 'Applying smart defaults (hybrid mode, Claude Sonnet, auto routing)...');
-    const { localModel } = await runSmartSetup(cwd, envInfo, devPort);
+    log(PHASES.SETUP, 'Applying smart defaults (auto-detecting mode)...');
+    const { localModel, envVars: setupVars } = await runSmartSetup(cwd, envInfo, devPort);
 
     log(PHASES.ENV_W, 'Writing .env configuration...');
-    logOk('GIGACLAW_MODE=hybrid');
-    logOk('LLM_PROVIDER=anthropic | LLM_MODEL=claude-sonnet-4-6');
-    logOk(`LOCAL_LLM_PROVIDER=${envInfo.ollama ? 'ollama' : '(not configured)'} | LOCAL_LLM_MODEL=${envInfo.ollama ? localModel : '(not configured)'}`);
-    logOk('HYBRID_ROUTING=auto');
-    logWarn('ANTHROPIC_API_KEY is empty — run: npm run setup  to add your API key');
+    logOk(`GIGACLAW_MODE=${setupVars.GIGACLAW_MODE}`);
+    logOk(`LLM_PROVIDER=${setupVars.LLM_PROVIDER} | LLM_MODEL=${setupVars.LLM_MODEL}`);
+    if (setupVars.LOCAL_LLM_PROVIDER) {
+      logOk(`LOCAL_LLM_PROVIDER=${setupVars.LOCAL_LLM_PROVIDER} | LOCAL_LLM_MODEL=${setupVars.LOCAL_LLM_MODEL}`);
+    }
+    logOk(`HYBRID_ROUTING=${setupVars.HYBRID_ROUTING}`);
+    if (setupVars.GIGACLAW_MODE === 'local' && !envInfo.ollama) {
+      logWarn('No API key and no Ollama detected — UI will load but AI chat requires a provider');
+      logStep('To enable AI: install Ollama (https://ollama.com) or add ANTHROPIC_API_KEY to .env');
+    } else if (setupVars.GIGACLAW_MODE === 'local') {
+      logOk('Running in local-only mode — all data stays on your machine');
+    } else if (!setupVars.ANTHROPIC_API_KEY && setupVars.GIGACLAW_MODE === 'hybrid') {
+      logWarn('ANTHROPIC_API_KEY is empty — run: npm run setup  to add your API key');
+    }
   }
 
   // ── Phase 7: Start dev server + open browser ─────────────────────────────────────────
   log(PHASES.START, 'Starting Next.js dev server...');
 
-  await startDevServer(cwd, devPort);
+  const serverChild = await startDevServer(cwd, devPort);
+
+  // ── Phase 8: Health validation ─────────────────────────────────────────────
+  log(PHASES.HEALTH, 'Validating system health...');
+  const healthUrl = `http://localhost:${devPort}/api/health`;
+  let healthPassed = false;
+  for (let attempt = 1; attempt <= 5; attempt++) {
+    try {
+      await SLEEP(3000); // Give Next.js time to compile the route
+      const res = await fetch(healthUrl, { signal: AbortSignal.timeout(10000) });
+      if (res.ok) {
+        const data = await res.json();
+        healthPassed = data.status !== 'unhealthy';
+        if (healthPassed) {
+          logOk(`Health check passed — status: ${data.status}`);
+          // Print subsystem summary
+          for (const [name, check] of Object.entries(data.checks || {})) {
+            const icon = check.status === 'ok' ? '✓' : check.status === 'warn' ? '⚠' : '✗';
+            logStep(`${icon} ${name}: ${check.message}`);
+          }
+          // Enable cron now that system is healthy
+          try {
+            const envPath = path.join(cwd, '.env');
+            let envContent = fs.readFileSync(envPath, 'utf-8');
+            envContent = envContent.replace(/^ENABLE_CRON=false$/m, 'ENABLE_CRON=true');
+            fs.writeFileSync(envPath, envContent);
+            logOk('Cron scheduler enabled (ENABLE_CRON=true)');
+          } catch (_) {}
+          break;
+        } else {
+          logWarn(`Health check returned: ${data.status} (attempt ${attempt}/5)`);
+        }
+      } else {
+        logWarn(`Health check returned HTTP ${res.status} (attempt ${attempt}/5)`);
+      }
+    } catch (err) {
+      if (attempt < 5) {
+        logStep(`Health check attempt ${attempt}/5 — server still compiling...`);
+      } else {
+        logWarn(`Health check failed after 5 attempts: ${err.message}`);
+      }
+    }
+  }
+
+  if (!healthPassed) {
+    logWarn('Health check did not pass — system may be degraded.');
+    logStep('Run: curl http://localhost:' + devPort + '/api/health  to diagnose');
+    logStep('Run: curl http://localhost:' + devPort + '/api/debug   for full diagnostics');
+  }
+
+  // Final summary
+  console.log(`
+  ┌─────────────────────────────────────────────────────────┐
+  │                                                         │
+  │   ✓ GigaClaw is ready!                                  │
+  │                                                         │
+  │   App:     http://localhost:${devPort}${' '.repeat(Math.max(0, 22 - String(devPort).length))}│
+  │   Health:  http://localhost:${devPort}/api/health${' '.repeat(Math.max(0, 11 - String(devPort).length))}│
+  │   Debug:   http://localhost:${devPort}/api/debug${' '.repeat(Math.max(0, 12 - String(devPort).length))}│
+  │                                                         │
+  │   Press Ctrl+C to stop the server                       │
+  │                                                         │
+  └─────────────────────────────────────────────────────────┘
+`);
 }

package/bin/cli.js

@@ -99,7 +99,10 @@ Manual commands:
   set-agent-secret <KEY> [VALUE]    Set a GitHub secret with AGENT_ prefix (also updates .env)
   set-agent-llm-secret <KEY> [VALUE]  Set a GitHub secret with AGENT_LLM_ prefix
   set-var <KEY> [VALUE]             Set a GitHub repository variable
-   --version, -v                     Show gigaclaw version
+  doctor                            Validate environment (Node, Docker, Ollama, ports, .env)
+  reset-build                       Clean .next cache, node_modules, and rebuild
+  --clean-install                   Bootstrap with fresh npm install (delete node_modules first)
+  --version, -v                     Show gigaclaw version
 
 Powered by Gignaati — https://www.gignaati.com
 `);
@@ -887,6 +890,38 @@ switch (command) {
   case 'set-var':
     await setVar(args[0], args[1]);
     break;
+  case 'doctor': {
+    const { doctor } = await import('./doctor.mjs');
+    await doctor();
+    break;
+  }
+  case 'reset-build': {
+    console.log('Cleaning build artifacts...');
+    const cwd = process.cwd();
+    const nextDir = path.join(cwd, '.next');
+    if (fs.existsSync(nextDir)) {
+      fs.rmSync(nextDir, { recursive: true, force: true });
+      console.log('  Removed .next/');
+    }
+    const nmDir = path.join(cwd, 'node_modules');
+    if (fs.existsSync(nmDir)) {
+      fs.rmSync(nmDir, { recursive: true, force: true });
+      console.log('  Removed node_modules/');
+    }
+    const lockFile = path.join(cwd, 'package-lock.json');
+    if (fs.existsSync(lockFile)) {
+      fs.unlinkSync(lockFile);
+      console.log('  Removed package-lock.json');
+    }
+    console.log('Clean complete. Run: npm install && npm run dev');
+    break;
+  }
+  case '--clean-install': {
+    process.env.GIGACLAW_CLEAN_INSTALL = 'true';
+    const { bootstrap } = await import('./bootstrap.mjs');
+    await bootstrap();
+    break;
+  }
   default:
     printUsage();
     process.exit(1);

package/bin/doctor.mjs

@@ -0,0 +1,162 @@
+#!/usr/bin/env node
+
+/**
+ * gigaclaw doctor — Environment validation command.
+ *
+ * Checks:
+ *   - Node.js version (>= 18 required, >= 20 recommended)
+ *   - Docker availability
+ *   - Ollama availability and models
+ *   - Port 3000 availability
+ *   - .env file completeness
+ *   - npm cache health
+ */
+
+import { execSync } from 'child_process';
+import fs from 'fs';
+import path from 'path';
+import net from 'net';
+
+const OK = '\x1b[32m✓\x1b[0m';
+const WARN = '\x1b[33m⚠\x1b[0m';
+const FAIL = '\x1b[31m✗\x1b[0m';
+
+function check(icon, label, detail) {
+  console.log(`  ${icon}  ${label}${detail ? ` — ${detail}` : ''}`);
+}
+
+function tryExec(cmd) {
+  try {
+    return execSync(cmd, { encoding: 'utf-8', timeout: 10000 }).trim();
+  } catch {
+    return null;
+  }
+}
+
+function checkPort(port) {
+  return new Promise((resolve) => {
+    const server = net.createServer();
+    server.once('error', () => resolve(false));
+    server.once('listening', () => { server.close(); resolve(true); });
+    server.listen(port);
+  });
+}
+
+export async function doctor() {
+  console.log('\n  GigaClaw Doctor — Environment Validation\n');
+  console.log('  ─────────────────────────────────────────\n');
+
+  let issues = 0;
+
+  // 1. Node.js
+  const nodeVersion = process.version;
+  const major = parseInt(nodeVersion.slice(1));
+  if (major >= 20) {
+    check(OK, 'Node.js', `${nodeVersion} (recommended)`);
+  } else if (major >= 18) {
+    check(WARN, 'Node.js', `${nodeVersion} (works, but v20+ recommended)`);
+  } else {
+    check(FAIL, 'Node.js', `${nodeVersion} (v18+ required)`);
+    issues++;
+  }
+
+  // 2. npm
+  const npmVersion = tryExec('npm --version');
+  if (npmVersion) {
+    check(OK, 'npm', `v${npmVersion}`);
+  } else {
+    check(FAIL, 'npm', 'not found');
+    issues++;
+  }
+
+  // 3. Docker
+  const dockerVersion = tryExec('docker --version');
+  if (dockerVersion) {
+    const dockerRunning = tryExec('docker info');
+    if (dockerRunning) {
+      check(OK, 'Docker', dockerVersion.replace('Docker version ', 'v'));
+    } else {
+      check(WARN, 'Docker', 'installed but daemon not running');
+    }
+  } else {
+    check(WARN, 'Docker', 'not installed (optional — needed for code execution sandbox)');
+  }
+
+  // 4. Ollama
+  const ollamaVersion = tryExec('ollama --version');
+  if (ollamaVersion) {
+    const ollamaModels = tryExec('ollama list');
+    const modelCount = ollamaModels
+      ? ollamaModels.split('\n').filter(l => l.trim() && !l.startsWith('NAME')).length
+      : 0;
+    check(OK, 'Ollama', `${ollamaVersion} — ${modelCount} model(s) installed`);
+    if (modelCount === 0) {
+      check(WARN, '  Models', 'No models installed. Run: ollama pull llama3.2:3b');
+    }
+  } else {
+    // Check if Ollama API is reachable even without CLI
+    const ollamaApi = tryExec('curl -s http://localhost:11434/api/tags');
+    if (ollamaApi) {
+      try {
+        const data = JSON.parse(ollamaApi);
+        check(OK, 'Ollama', `API reachable — ${data.models?.length || 0} model(s)`);
+      } catch {
+        check(WARN, 'Ollama', 'API reachable but response unexpected');
+      }
+    } else {
+      check(WARN, 'Ollama', 'not installed (optional — needed for local AI mode)');
+      check(WARN, '  Install', 'https://ollama.com/download');
+    }
+  }
+
+  // 5. Port 3000
+  const port3000Free = await checkPort(3000);
+  if (port3000Free) {
+    check(OK, 'Port 3000', 'available');
+  } else {
+    check(WARN, 'Port 3000', 'in use — GigaClaw will auto-select another port');
+  }
+
+  // 6. .env file
+  const envPath = path.join(process.cwd(), '.env');
+  if (fs.existsSync(envPath)) {
+    const envContent = fs.readFileSync(envPath, 'utf-8');
+    const requiredVars = ['AUTH_SECRET', 'NEXTAUTH_SECRET', 'NEXTAUTH_URL', 'GIGACLAW_MODE'];
+    const missing = requiredVars.filter(v => !new RegExp(`^${v}=.+`, 'm').test(envContent));
+    if (missing.length === 0) {
+      check(OK, '.env file', `found — all required vars set`);
+    } else {
+      check(WARN, '.env file', `found — missing: ${missing.join(', ')}`);
+    }
+
+    // Check API key
+    const hasApiKey = /^ANTHROPIC_API_KEY=.+$/m.test(envContent)
+      || /^OPENAI_API_KEY=.+$/m.test(envContent);
+    const mode = envContent.match(/^GIGACLAW_MODE=(.*)$/m)?.[1]?.trim() || 'hybrid';
+    if (mode === 'hybrid' && !hasApiKey) {
+      check(WARN, '  API Key', 'hybrid mode but no cloud API key set');
+    } else if (hasApiKey) {
+      check(OK, '  API Key', 'cloud API key configured');
+    } else {
+      check(OK, '  API Key', `not needed (${mode} mode)`);
+    }
+  } else {
+    check(WARN, '.env file', 'not found — run npx gigaclaw@latest to create one');
+  }
+
+  // 7. npm cache
+  const cacheVerify = tryExec('npm cache verify 2>&1 | tail -1');
+  if (cacheVerify && !cacheVerify.includes('error')) {
+    check(OK, 'npm cache', 'healthy');
+  } else {
+    check(WARN, 'npm cache', 'may have issues — run: npm cache clean --force');
+  }
+
+  // Summary
+  console.log('\n  ─────────────────────────────────────────\n');
+  if (issues === 0) {
+    console.log(`  ${OK}  Environment looks good!\n`);
+  } else {
+    console.log(`  ${FAIL}  ${issues} critical issue(s) found. Fix them before running gigaclaw.\n`);
+  }
+}

package/bin/scaffold.mjs

@@ -129,7 +129,7 @@ export async function scaffoldProject(cwd, packageDir, { noManaged = false, sile
       name: dirName,
       private: true,
       scripts: {
-        dev: 'next dev --turbopack',
+        dev: 'next dev',
         build: 'next build',
         start: 'next start',
         setup: 'gigaclaw setup',

package/config/instrumentation.js

@@ -30,7 +30,7 @@ export async function register() {
     process.env.AUTH_URL = process.env.APP_URL;
   }
 
-  // Validate AUTH_SECRET is set (required by Auth.js for session encryption)
+  // Validate auth secrets (required by Auth.js for session encryption and JWT signing)
   if (!process.env.AUTH_SECRET) {
     console.error('\n  ERROR: AUTH_SECRET is not set in your .env file.');
     console.error('  This is required for session encryption.');
@@ -38,25 +38,39 @@ export async function register() {
     console.error('  openssl rand -base64 32\n');
     throw new Error('AUTH_SECRET environment variable is required');
   }
+  if (!process.env.NEXTAUTH_SECRET) {
+    // Fall back to AUTH_SECRET if NEXTAUTH_SECRET is not set
+    process.env.NEXTAUTH_SECRET = process.env.AUTH_SECRET;
+    console.warn('  WARN: NEXTAUTH_SECRET not set — using AUTH_SECRET as fallback.');
+  }
 
   // Initialize auth database
   const { initDatabase } = await import('../lib/db/index.js');
   initDatabase();
 
-  // Start cron scheduler
-  const { loadCrons } = await import('../lib/cron.js');
-  loadCrons();
-
-  // Start built-in crons (version check)
-  const { startBuiltinCrons, setUpdateAvailable } = await import('../lib/cron.js');
-  startBuiltinCrons();
+  // Start cron scheduler — gated on ENABLE_CRON env var (default: false)
+  // Bootstrap sets ENABLE_CRON=false initially, then enables after health check passes.
+  if (process.env.ENABLE_CRON === 'true') {
+    const { loadCrons } = await import('../lib/cron.js');
+    loadCrons();
+    const { startBuiltinCrons, setUpdateAvailable } = await import('../lib/cron.js');
+    startBuiltinCrons();
+    // Warm in-memory flag from DB
+    try {
+      const { getAvailableVersion } = await import('../lib/db/update-check.js');
+      const stored = getAvailableVersion();
+      if (stored) setUpdateAvailable(stored);
+    } catch {}
+    console.log('  Cron scheduler started (ENABLE_CRON=true)');
+  } else {
+    console.log('  Cron scheduler disabled (ENABLE_CRON != true)');
+  }
 
-  // Warm in-memory flag from DB (covers the window before the async cron fetch completes)
-  try {
-    const { getAvailableVersion } = await import('../lib/db/update-check.js');
-    const stored = getAvailableVersion();
-    if (stored) setUpdateAvailable(stored);
-  } catch {}
+  // Auto-detect mode and log it
+  const mode = process.env.GIGACLAW_MODE || 'hybrid';
+  const provider = process.env.LLM_PROVIDER || 'anthropic';
+  const model = process.env.LLM_MODEL || 'unknown';
+  console.log(`  Mode: ${mode} | Provider: ${provider} | Model: ${model}`);
 
   console.log('gigaclaw initialized');
 }

package/lib/ai/model.js

@@ -46,6 +46,19 @@ export async function createModel(options = {}) {
     case 'anthropic': {
       const apiKey = process.env.ANTHROPIC_API_KEY;
       if (!apiKey) {
+        // In local mode, missing cloud key is expected — fall back to Ollama
+        if (process.env.GIGACLAW_MODE === 'local') {
+          console.warn('[model] ANTHROPIC_API_KEY missing in local mode — falling back to Ollama');
+          const ollamaModel = process.env.LOCAL_LLM_MODEL || 'llama3.2';
+          const ollamaUrl = (process.env.OLLAMA_BASE_URL || 'http://localhost:11434') + '/v1';
+          const { ChatOpenAI } = await import('@langchain/openai');
+          return new ChatOpenAI({
+            modelName: ollamaModel,
+            maxTokens,
+            apiKey: 'ollama',
+            configuration: { baseURL: ollamaUrl },
+          });
+        }
         throw new Error(
           'ANTHROPIC_API_KEY is required.\n' +
           'Get your key at: https://platform.claude.com/settings/keys\n' +

package/lib/api/health.js

@@ -0,0 +1,120 @@
+/**
+ * Health check endpoint — /api/health
+ *
+ * Validates:
+ *   1. Auth configuration (AUTH_SECRET, NEXTAUTH_SECRET present)
+ *   2. LLM availability (cloud key or Ollama reachable)
+ *   3. Database initialized
+ *   4. Server readiness
+ *
+ * Returns JSON with status: 'healthy' | 'degraded' | 'unhealthy'
+ * and details for each subsystem.
+ */
+
+import { checkOllamaHealth, checkCloudProviderConfig } from '../ai/provider-health.js';
+
+export async function handleHealthCheck() {
+  const checks = {};
+  let overallStatus = 'healthy';
+
+  // 1. Auth configuration
+  const authSecret = process.env.AUTH_SECRET;
+  const nextAuthSecret = process.env.NEXTAUTH_SECRET;
+  const jwtSecret = process.env.JWT_SECRET;
+  if (authSecret && nextAuthSecret) {
+    checks.auth = { status: 'ok', message: 'Auth secrets configured' };
+  } else {
+    checks.auth = {
+      status: 'fail',
+      message: `Missing: ${[
+        !authSecret && 'AUTH_SECRET',
+        !nextAuthSecret && 'NEXTAUTH_SECRET',
+      ].filter(Boolean).join(', ')}`,
+    };
+    overallStatus = 'unhealthy';
+  }
+
+  // JWT secret (used by ws-proxy)
+  if (jwtSecret) {
+    checks.jwt = { status: 'ok', message: 'JWT secret configured' };
+  } else {
+    checks.jwt = { status: 'warn', message: 'JWT_SECRET not set — code workspace proxy disabled' };
+    if (overallStatus === 'healthy') overallStatus = 'degraded';
+  }
+
+  // 2. LLM availability
+  const mode = process.env.GIGACLAW_MODE || 'hybrid';
+  const provider = process.env.LLM_PROVIDER || 'anthropic';
+
+  if (mode === 'hybrid' || mode === 'cloud') {
+    const cloudCheck = checkCloudProviderConfig(provider);
+    if (cloudCheck.available) {
+      checks.cloud_llm = { status: 'ok', message: `${provider} API key configured` };
+    } else {
+      checks.cloud_llm = { status: 'fail', message: cloudCheck.error || `${provider} API key missing` };
+      if (overallStatus === 'healthy') overallStatus = 'degraded';
+    }
+  }
+
+  if (mode === 'hybrid' || mode === 'local') {
+    try {
+      const ollamaCheck = await checkOllamaHealth();
+      if (ollamaCheck.available) {
+        checks.local_llm = {
+          status: 'ok',
+          message: `Ollama running — ${ollamaCheck.models?.length || 0} model(s)`,
+        };
+      } else {
+        checks.local_llm = {
+          status: mode === 'local' ? 'fail' : 'warn',
+          message: ollamaCheck.error || 'Ollama not reachable',
+        };
+        if (mode === 'local' && overallStatus === 'healthy') overallStatus = 'degraded';
+      }
+    } catch (err) {
+      checks.local_llm = { status: 'warn', message: err.message };
+    }
+  }
+
+  // 3. Database
+  try {
+    const { getDb } = await import('../db/index.js');
+    const db = getDb();
+    if (db) {
+      checks.database = { status: 'ok', message: 'SQLite database initialized' };
+    } else {
+      checks.database = { status: 'fail', message: 'Database not initialized' };
+      overallStatus = 'unhealthy';
+    }
+  } catch (err) {
+    checks.database = { status: 'fail', message: err.message };
+    overallStatus = 'unhealthy';
+  }
+
+  // 4. Server readiness
+  checks.server = { status: 'ok', message: 'Server running' };
+
+  // 5. Cron status
+  const cronEnabled = process.env.ENABLE_CRON === 'true';
+  checks.cron = {
+    status: cronEnabled ? 'ok' : 'warn',
+    message: cronEnabled ? 'Cron scheduler active' : 'Cron disabled (ENABLE_CRON=false)',
+  };
+
+  // 6. Mode summary
+  checks.mode = { status: 'ok', message: `GIGACLAW_MODE=${mode}` };
+
+  // Version
+  let version = 'unknown';
+  try {
+    version = process.env.GIGACLAW_VERSION || 'unknown';
+  } catch (_) {}
+
+  return {
+    status: overallStatus,
+    version,
+    mode,
+    timestamp: new Date().toISOString(),
+    checks,
+  };
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gigaclaw",
-  "version": "1.9.1",
+  "version": "1.9.2",
   "type": "module",
   "description": "GigaClaw — Gignaati's autonomous AI agent platform. Build, deploy, and run AI agents 24/7 with a two-layer architecture: Next.js Event Handler + Docker Agent. India-first, edge-native AI.",
   "bin": {
@@ -158,7 +158,7 @@
   },
   "dependencies": {
     "@ai-sdk/react": "^2.0.0",
-    "@clack/prompts": "^0.10.0",
+    "@clack/prompts": "^0.10.1",
     "@grammyjs/parse-mode": "^2.2.0",
     "@langchain/anthropic": "^1.3.17",
     "@langchain/core": "^1.1.24",