ocuclaw 1.3.0 → 1.3.1

package/README.md

@@ -50,7 +50,9 @@ Advanced optional settings:
 
 ```bash
 openclaw config set plugins.entries.ocuclaw.config.wsBind "127.0.0.1"
-openclaw config set plugins.entries.ocuclaw.config.wsPort 9000 --strict-json
+# wsPort default is 9000; on Windows that port is often reserved by WinNAT, so the
+# setup assistant uses 47800. Pick any free port in 30000-49151 if you override it.
+openclaw config set plugins.entries.ocuclaw.config.wsPort 47800 --strict-json
 openclaw config set plugins.entries.ocuclaw.config.sessionLimit 10 --strict-json
 openclaw config set plugins.entries.ocuclaw.config.externalDebugToolsEnabled true --strict-json
 ```

package/dist/config/runtime-config.js

@@ -97,29 +97,36 @@ function resolveDebugNoisyPolicies(pluginValue, envValue) {
   return parseJsonOrUndefined(envValue, "debugNoisyPolicies");
 }
 
-// Supported live-refresh LLM backends. codex-cli was removed because the
-// Codex CLI's read-only sandbox still permits filesystem reads — agents
-// could exfil ~/.aws/credentials, ~/.ssh/*, etc. via stdout into the
-// glasses surface. Claude CLI is kept because --tools "" structurally
-// disables file access; operators who want Codex use openai-compat
-// pointed at the Codex API endpoint (tool-less).
+// Supported live-refresh LLM backends — both are HTTP API backends. The two
+// CLI-spawn backends were removed: codex-cli because Codex's read-only sandbox
+// still permits filesystem reads (an agent prompt could exfil ~/.aws/credentials,
+// ~/.ssh/*, etc. via stdout into the glasses surface), and claude-cli to remove
+// the plugin's last child_process spawn so the OpenClaw installer's static
+// dangerous-code scanner passes without --dangerously-force-unsafe-install. (The
+// scanner can't see that --tools "" made the CLI tool-less; it just sees a spawn.
+// This is not an exploit claim about claude-cli — it removes spawn surface and
+// clears the static block.) The proper agentic tier — delegating ticks to the
+// native OpenClaw runtime instead of spawning a CLI — is tracked separately (the
+// glasses-ui L1/L2 delegation redesign) and blocked on request-scoped
+// api.runtime.subagent.run. Operators who want Claude/Codex point an *-api
+// backend at the provider endpoint (key resolved via the host modelAuth).
 const GLASSES_UI_LIVE_BACKENDS = new Set([
-  "claude-cli",
   "anthropic-api",
   "openai-compat",
 ]);
 
 const GLASSES_UI_LIVE_DEFAULT_MODEL = {
-  "claude-cli": "claude-haiku-4-5-20251001",
   "anthropic-api": "anthropic/claude-haiku-4-5-20251001",
   "openai-compat": "gpt-4o-mini",
 };
 
 function resolveGlassesUiLive(value) {
   const raw = isObject(value) ? value : {};
+  // Unknown/removed backends (incl. a stale tickBackend: "claude-cli" or
+  // "codex-cli" from an operator's pre-removal config) coerce to this default.
   const tickBackend = GLASSES_UI_LIVE_BACKENDS.has(raw.tickBackend)
     ? raw.tickBackend
-    : "claude-cli";
+    : "anthropic-api";
   const tickModel = pickString(raw.tickModel) || GLASSES_UI_LIVE_DEFAULT_MODEL[tickBackend];
   const tickApiBaseUrl = pickString(raw.tickApiBaseUrl) || "https://api.openai.com";
   return {
@@ -129,16 +136,12 @@ function resolveGlassesUiLive(value) {
     tickApiBaseUrl,
     allowAgentModelOverride: parseBool(raw.allowAgentModelOverride, false),
     tickMaxOutputTokens: parseIntOrDefault(raw.tickMaxOutputTokens, 200),
-    // Shell recipes run agent-supplied commands on a schedule as the plugin
-    // user. Default to disabled — operators must explicitly opt in via
-    // plugins.entries.ocuclaw.config.glassesUiLive.shellEnabled = true.
-    shellEnabled: parseBool(raw.shellEnabled, false),
     // http recipes issue agent-influenced outbound network requests on a
     // schedule. The recipe executor blocks loopback/RFC1918/link-local
     // destinations and resolves hostnames through an SSRF-safe dispatcher,
     // but the capability — "the plugin's gateway host can fetch arbitrary
     // public URLs the agent chooses" — is itself worth an operator opt-in.
-    // Mirrors the shellEnabled default above; set
+    // Default to disabled; set
     // plugins.entries.ocuclaw.config.glassesUiLive.httpEnabled = true to
     // enable. The dispatcher protection still applies once enabled.
     httpEnabled: parseBool(raw.httpEnabled, false),

package/dist/domain/debug-store.js

@@ -157,6 +157,24 @@ function createDebugStore(opts) {
   /** @type {Map<string, number>} */
   const enabledUntil = new Map();
 
+  // Rehydrate the arm from a persisted snapshot. relay-core reads debug-arm.json
+  // at construction and passes it here as options.initialEnabled, whose entries are
+  // the exact shape getSnapshot().enabled emits. That snapshot is already pruned of
+  // expired categories (getEnabledCategories -> pruneExpired), so the `> seedNow`
+  // re-check below is defensive belt-and-suspenders. Expired/unknown categories are
+  // SILENTLY skipped (do not log or warn on skip). Restoring the ORIGINAL absolute
+  // expiresAtMs makes a relay restart transparent without refreshing the TTL window.
+  if (Array.isArray(options.initialEnabled)) {
+    const seedNow = nowFn();
+    for (const entry of options.initialEnabled) {
+      if (!entry || typeof entry.cat !== "string") continue;
+      if (!categories.has(entry.cat)) continue;
+      const expiresAtMs = Number(entry.expiresAtMs);
+      if (!Number.isFinite(expiresAtMs) || expiresAtMs <= seedNow) continue;
+      enabledUntil.set(entry.cat, Math.floor(expiresAtMs));
+    }
+  }
+
   /** @type {Map<string, number>} */
   const noisyCounters = new Map();
 

package/dist/runtime/plugin-version-service.js

@@ -0,0 +1,23 @@
+import { PLUGIN_VERSION, REQUIRES_CLIENT_VERSION } from "../version.js";
+
+/**
+ * Plugin version provider. Exposes the build-time version constants used by the
+ * relay handshake. No process execution.
+ */
+function createPluginVersionService() {
+  function getPluginVersion() {
+    return typeof PLUGIN_VERSION === "string" && PLUGIN_VERSION.length > 0
+      ? PLUGIN_VERSION
+      : null;
+  }
+
+  function getRequiresClientVersion() {
+    return typeof REQUIRES_CLIENT_VERSION === "string" && REQUIRES_CLIENT_VERSION.length > 0
+      ? REQUIRES_CLIENT_VERSION
+      : null;
+  }
+
+  return { getPluginVersion, getRequiresClientVersion };
+}
+
+export { createPluginVersionService };

package/dist/runtime/relay-core.js

@@ -1,8 +1,7 @@
 import * as fs from "node:fs";
 import * as path from "node:path";
-import * as childProcess from "node:child_process";
 import { EventEmitter } from "node:events";
-import { createPluginUpdateService } from "./plugin-update-service.js";
+import { createPluginVersionService } from "./plugin-version-service.js";
 import * as conversationStateModule from "../domain/conversation-state.js";
 import { createDebugStore } from "../domain/debug-store.js";
 import { summarizeGlassesUiContent } from "../domain/glasses-ui-content-summary.js";
@@ -22,7 +21,10 @@ import { createOcuClawSettingsStore } from "./ocuclaw-settings-store.js";
 import { createRelayHealthMonitor } from "./relay-health-monitor.js";
 import { createRelayOperationRegistry } from "./relay-operation-registry.js";
 import { createRelayWorkerSupervisor } from "./relay-worker-supervisor.js";
-import { createSessionService } from "./session-service.js";
+import {
+  createSessionService,
+  NEW_SESSION_GREETING_PROMPT,
+} from "./session-service.js";
 import { createUpstreamRuntime } from "./upstream-runtime.js";
 
 const SONIOX_TEMP_KEY_URL = "https://api.soniox.com/v1/auth/temporary-api-key";
@@ -373,6 +375,31 @@ function createRelay(opts) {
   // log lines share an identical ts (downstream reconcilers dedupe on it).
   const debugNow =
     typeof opts.debugNow === "function" ? opts.debugNow : () => Date.now();
+
+  // --- Durable debug-store arm (survives relay/gateway restarts) ---
+  // The capture arm (enabled categories + TTLs) lives only in the in-memory
+  // debug-store, which a restart rebuilds empty. We persist it to debug-arm.json
+  // (via persistDebugArm) and rehydrate it here at construction — read-once,
+  // mirroring liveUiTraceFlagPath below — so a restart no longer silently drops
+  // capture. This path covers process RESTART only: a pure WebUI *reload* does NOT
+  // restart the relay and already preserves + re-advertises the arm via
+  // relay-worker-transport.ts:327-328 (cache.debugConfig re-broadcast to app
+  // clients) — do not add reconnect machinery here.
+  const debugArmStatePath =
+    typeof opts.stateDir === "string" && opts.stateDir
+      ? path.join(opts.stateDir, "debug-arm.json")
+      : null;
+  let initialDebugArm = [];
+  if (debugArmStatePath) {
+    try {
+      const parsed = JSON.parse(fs.readFileSync(debugArmStatePath, "utf8"));
+      if (parsed && Array.isArray(parsed.enabled)) {
+        initialDebugArm = parsed.enabled;
+      }
+    } catch {
+      initialDebugArm = [];
+    }
+  }
   const debugStore = createDebugStore({
     categories: debugCategories,
     capacity: opts.debugCapacity,
@@ -383,6 +410,7 @@ function createRelay(opts) {
     dumpMaxLimit: opts.debugDumpMaxLimit,
     now: debugNow,
     noisyPolicies: opts.debugNoisyPolicies,
+    initialEnabled: initialDebugArm,
   });
 
   // --- Live-interface trace-log flag (durable across restarts) ---
@@ -1621,6 +1649,49 @@ function createRelay(opts) {
     return { ok: true, enabled, persisted, persistedPath: liveUiTraceFlagPath };
   }
 
+  // Persist the current debug-store arm to debug-arm.json. Mirrors the
+  // applyTraceLogSet writeFileSync above (plain, non-atomic): a partial/corrupt
+  // write degrades to an empty arm on next boot — acceptable, the nothing-armed
+  // warning catches it. getSnapshot().enabled is already pruned of expired
+  // categories, so the persisted JSON never holds an expired entry. Never throws
+  // into the caller.
+  function persistDebugArm() {
+    if (!debugArmStatePath) return false;
+    try {
+      const enabled = debugStore.getSnapshot().enabled;
+      fs.writeFileSync(debugArmStatePath, JSON.stringify({ enabled }) + "\n");
+      return true;
+    } catch (err) {
+      logger.warn(`[relay] debug arm persist failed: ${err && err.message ? err.message : err}`);
+      return false;
+    }
+  }
+
+  function applyDebugSet(clientId, request) {
+    const result = debugStore.setCategories(request);
+    if (!result.ok) {
+      throw new Error(result.error || "debug-set failed");
+    }
+    // Persist after every successful set — enable AND disable-to-empty — so the
+    // on-disk arm always tracks live state and a deliberately-cleared arm is not
+    // resurrected on the next restart.
+    persistDebugArm();
+    emitDebug(
+      "relay.protocol",
+      "debug_set",
+      "info",
+      { sessionKey: sessionService.ensureSessionKey() },
+      () => ({
+        clientId,
+        enable: result.applied.enable,
+        disable: result.applied.disable,
+        ttlMs: result.ttlMs,
+        enabledCount: result.enabled.length,
+      }),
+    );
+    return result;
+  }
+
   const handler = createDownstreamHandler({
     logger,
     externalDebugToolsEnabled,
@@ -1898,6 +1969,12 @@ function createRelay(opts) {
       const pages = conversationState.getPages();
       cachePages(pages);
       if (upstreamRuntime && upstreamRuntime.isConnected()) {
+        // NOTE: onNewChat targets the hard-coded "main" key (legacy) without
+        // changing currentSessionKey, so it must NOT elicit a welcome turn here:
+        // the turn's events would carry "main" and be dropped by isCurrentSession()
+        // whenever the active session is an ocuclaw:* key. The welcome restore for
+        // the real glasses paths lives in newSession() (New) and onSlashCommand
+        // "/reset" (Reset). Unifying onNewChat onto newSession() is Phase-2 work.
         gatewayBridge.sendMessage("/new", "main").catch((err) => {
           logger.error(`[relay] Failed to send /new: ${err.message}`);
         });
@@ -2043,7 +2120,17 @@ function createRelay(opts) {
         broadcastPages();
       }
       if (upstreamRuntime && upstreamRuntime.isConnected()) {
-        return gatewayBridge.sendMessage(command, sessionService.ensureSessionKey());
+        // Bare /reset no longer elicits an agent turn on OpenClaw 2026.6.x
+        // (fast-reset). Append the greeting prompt so Reset gets the same
+        // welcome as New. Other slash commands forward verbatim.
+        const outboundCommand =
+          command === "/reset"
+            ? `/reset ${NEW_SESSION_GREETING_PROMPT}`
+            : command;
+        return gatewayBridge.sendMessage(
+          outboundCommand,
+          sessionService.ensureSessionKey(),
+        );
       }
       return Promise.resolve();
     },
@@ -2102,26 +2189,7 @@ function createRelay(opts) {
     },
 
     onDebugSet(clientId, request) {
-      const result = debugStore.setCategories(request);
-      if (!result.ok) {
-        throw new Error(result.error || "debug-set failed");
-      }
-
-      emitDebug(
-        "relay.protocol",
-        "debug_set",
-        "info",
-        { sessionKey: sessionService.ensureSessionKey() },
-        () => ({
-          clientId,
-          enable: result.applied.enable,
-          disable: result.applied.disable,
-          ttlMs: result.ttlMs,
-          enabledCount: result.enabled.length,
-        }),
-      );
-
-      return result;
+      return applyDebugSet(clientId, request);
     },
 
     onTraceLogSet(clientId, request) {
@@ -2496,18 +2564,12 @@ function createRelay(opts) {
 
   // --- Worker supervisor ---
 
-  const pluginUpdateService = createPluginUpdateService({
-    spawn: childProcess.spawn,
-    logger,
-    nowMs: () => Date.now(),
-    setTimeout: (fn, ms) => setTimeout(fn, ms),
-    clearTimeout: (handle) => clearTimeout(handle),
-  });
+  const pluginVersionService = createPluginVersionService();
 
   server = createRelayWorkerSupervisor({
     pluginId: "ocuclaw",
-    getPluginVersion: () => pluginUpdateService.getPluginVersion(),
-    getRequiresClientVersion: () => pluginUpdateService.getRequiresClientVersion(),
+    getPluginVersion: () => pluginVersionService.getPluginVersion(),
+    getRequiresClientVersion: () => pluginVersionService.getRequiresClientVersion(),
     logger,
     handler,
     operationRegistry: relayOperationRegistry,
@@ -2515,8 +2577,6 @@ function createRelay(opts) {
     port: opts.port,
     token: opts.token,
     externalDebugToolsEnabled,
-    runPluginUpdate: () => pluginUpdateService.runPluginUpdate(),
-    runGatewayRestart: () => pluginUpdateService.runGatewayRestart(),
     evenAiRequestTimeoutMs: opts.evenAiRequestTimeoutMs,
     evenAiMaxBodyBytes: opts.evenAiMaxBodyBytes,
     evenAiMaxResponseBytes: opts.evenAiMaxResponseBytes,
@@ -3019,6 +3079,9 @@ function createRelay(opts) {
     __onTraceLogSetForTest(clientId, request) {
       return applyTraceLogSet(clientId, request);
     },
+    __onDebugSetForTest(clientId, request) {
+      return applyDebugSet(clientId, request);
+    },
 
     get operationRegistryForTest() {
       return relayOperationRegistry;

package/dist/runtime/relay-worker-protocol.js

@@ -16,10 +16,6 @@ export const APP_PROTOCOL = Object.freeze({
   readinessProbeAck: "ocuclaw.readiness.probe.ack",
   automationStateGet: "ocuclaw.automation.state.get",
   automationStateSnapshot: "ocuclaw.automation.state.snapshot",
-  restartGateway: "ocuclaw.restartGateway",
-  restartGatewayAck: "ocuclaw.restartGatewayAck",
-  updatePlugin: "ocuclaw.updatePlugin",
-  updatePluginResult: "ocuclaw.updatePluginResult",
   approvalRequest: "ocuclaw.approval.request",
   approvalResolved: "ocuclaw.approval.resolved",
   sessionContextSnapshot: "ocuclaw.session.context.snapshot",

package/dist/runtime/relay-worker-supervisor.js

@@ -92,33 +92,6 @@ function parseRequestIdFromRaw(raw) {
   return normalizeRequestId((parseFrame(raw) || {}).requestId);
 }
 
-function formatUpdatePluginResult(requestId, result) {
-  const payload = { type: APP_PROTOCOL.updatePluginResult };
-  if (requestId) payload.requestId = requestId;
-  if (result && result.ok === true) {
-    payload.ok = true;
-  } else {
-    payload.ok = false;
-    if (result && typeof result.reason === "string") payload.reason = result.reason;
-    if (result && typeof result.exitCode === "number") payload.exitCode = result.exitCode;
-    if (result && typeof result.stderrTail === "string" && result.stderrTail.length > 0) {
-      payload.stderrTail = result.stderrTail;
-    }
-  }
-  return JSON.stringify(payload);
-}
-
-function formatRestartGatewayAck(requestId, result) {
-  const payload = {
-    type: APP_PROTOCOL.restartGatewayAck,
-    ok: !!(result && result.ok),
-    started: !!(result && result.started),
-  };
-  if (requestId) payload.requestId = requestId;
-  if (result && typeof result.reason === "string") payload.reason = result.reason;
-  return JSON.stringify(payload);
-}
-
 export function createRelayWorkerSupervisor(options = {}) {
   const logger = normalizeLogger(options.logger);
   const handler = options.handler || options.downstreamHandler || null;
@@ -547,56 +520,6 @@ export function createRelayWorkerSupervisor(options = {}) {
       return;
     }
     if (message.kind === "app.message") {
-      if (message.operation === APP_PROTOCOL.updatePlugin) {
-        if (typeof options.runPluginUpdate !== "function") {
-          logger.warn("[relay-worker] updatePlugin requested but no runPluginUpdate is configured");
-          return;
-        }
-        const requestId = parseRequestIdFromRaw(message.raw);
-        (async () => {
-          try {
-            const result = await Promise.resolve(options.runPluginUpdate());
-            postMainFrame("unicast", formatUpdatePluginResult(requestId, result), message.clientId);
-          } catch (err) {
-            logger.error(
-              `[relay-worker] updatePlugin threw: ${err && err.message ? err.message : err}`,
-            );
-            postMainFrame(
-              "unicast",
-              formatUpdatePluginResult(requestId, { ok: false, reason: "spawn_failed" }),
-              message.clientId,
-            );
-          }
-        })();
-        return;
-      }
-      if (message.operation === APP_PROTOCOL.restartGateway) {
-        if (typeof options.runGatewayRestart !== "function") {
-          logger.warn("[relay-worker] restartGateway requested but no runGatewayRestart is configured");
-          return;
-        }
-        const requestId = parseRequestIdFromRaw(message.raw);
-        (async () => {
-          try {
-            const result = await Promise.resolve(options.runGatewayRestart());
-            postMainFrame("unicast", formatRestartGatewayAck(requestId, result), message.clientId);
-          } catch (err) {
-            logger.error(
-              `[relay-worker] restartGateway threw: ${err && err.message ? err.message : err}`,
-            );
-            postMainFrame(
-              "unicast",
-              formatRestartGatewayAck(requestId, {
-                ok: false,
-                started: false,
-                reason: "spawn_failed",
-              }),
-              message.clientId,
-            );
-          }
-        })();
-        return;
-      }
       if (!handler || typeof handler.handleMessage !== "function") return;
       const processOptions = {};
       if (message.operation === "message.send" && message.requestId) {

package/dist/runtime/session-service.js

@@ -7,6 +7,24 @@ const SESSION_TITLE_CACHE_FILE = "session-title-cache.json";
 const SESSION_PIN_CACHE_FILE = "ocuclaw-session-pins.json";
 const PIN_CAP_PER_KIND = 20;
 
+/**
+ * Greeting-eliciting content appended to /new and /reset so OpenClaw runs an
+ * agent turn (the new-session "welcome"). OpenClaw 2026.6.x ("make bare reset
+ * commands fast", gateway commit 2c6a3f6b04) made a BARE /new or /reset return
+ * a synchronous ack and run NO agent turn — so a bare reset no longer produces
+ * a welcome and leaves the glasses stuck on the "starting new session"
+ * placeholder. Sending "/new <prompt>" / "/reset <prompt>" routes through the
+ * gateway's normal agent path (content = the prompt) and elicits the welcome.
+ * The wording matches the prompt OpenClaw used to inject itself, so the
+ * existing synthetic-session-starter filters (conversation-state display hide +
+ * isSyntheticSessionStarter title/preview filter) keep it hidden from the
+ * transcript and session titles. NOTE: newSession() does NOT call
+ * conversationState.addMessage("user", ...), so this content never renders as a
+ * user bubble on the glasses.
+ */
+export const NEW_SESSION_GREETING_PROMPT =
+  "A new session was started via /new or /reset. Execute your Session Startup sequence now - read the required files before responding to the user. If BOOTSTRAP.md exists in the provided Project Context, read it and follow its instructions first. Then greet the user in your configured persona, if one is provided. Be yourself - use your defined voice, mannerisms, and mood. Keep it to 1-3 sentences and ask what they want to do. If the runtime model differs from default_model in the system prompt, mention the default model. Do not mention internal steps, files, tools, or reasoning.";
+
 
 function normalizeLogger(logger) {
   if (!logger || typeof logger !== "object") {
@@ -1575,9 +1593,11 @@ export function createSessionService(opts = {}) {
       onStatusChanged();
     }
     if (sendResetCommand && isUpstreamConnected()) {
-      gatewayBridge.sendMessage("/new", sessionKey).catch((err) => {
-        logger.error(`[relay] Failed to send /new for new session: ${err.message}`);
-      });
+      gatewayBridge
+        .sendMessage(`/new ${NEW_SESSION_GREETING_PROMPT}`, sessionKey)
+        .catch((err) => {
+          logger.error(`[relay] Failed to send /new for new session: ${err.message}`);
+        });
     }
     return { sessionKey, pages };
   }