solana-traderclaw 1.0.102 → 1.0.103

package/dist/{chunk-JVQNXWBW.js → chunk-KNJVODJC.js}

@@ -163,7 +163,7 @@ var AlphaStreamManager = class {
     this.log("info", `Connecting to alpha stream: ${this.config.wsUrl}`);
     return new Promise((resolve, reject) => {
       try {
-        this.ws = new WebSocket(url);
+        this.ws = new WebSocket(url, { perMessageDeflate: false, handshakeTimeout: 1e4 });
       } catch (err) {
         reject(err);
         return;

package/dist/{chunk-VVEKPKW3.js → chunk-OXQX7Y2B.js}

@@ -346,7 +346,7 @@ var SessionManager = class {
       const walletPrivateKey = (await this.walletPrivateKeyProvider?.())?.trim();
       if (!walletPrivateKey) {
         throw new Error(
-          `Wallet proof required but no walletPrivateKey configured. This account already has a wallet \u2014 set TRADERCLAW_WALLET_PRIVATE_KEY in the OpenClaw gateway process environment (e.g. systemd), not only in an SSH shell, then restart the gateway. The key is used only for local signing and is never sent to the orchestrator. Do not store private keys in openclaw.json. Troubleshooting: ${TRADERCLAW_SESSION_TROUBLESHOOTING}`
+          `Wallet proof required but the gateway cannot sign interactively \u2014 no wallet key is wired into this process. This account already has a wallet. On the host that runs OpenClaw (with a normal terminal / TTY), run: traderclaw login \u2014 complete wallet proof when prompted \u2014 then openclaw gateway restart. That persists new session tokens without putting a private key in the gateway configuration. Do not paste private keys into openclaw.json. Troubleshooting: ${TRADERCLAW_SESSION_TROUBLESHOOTING}`
         );
       }
       walletPubKey = challenge.walletPublicKey || this.walletPublicKey || void 0;
@@ -376,7 +376,7 @@ var SessionManager = class {
     await this.unifiedRefresh();
     if (!this.accessToken) {
       throw new Error(
-        `Session expired and could not be refreshed. Re-authentication required. Troubleshooting: ${TRADERCLAW_SESSION_TROUBLESHOOTING}`
+        `Session expired and could not be refreshed. Re-authentication required. On the gateway host try: traderclaw login \u2014 then openclaw gateway restart. Troubleshooting: ${TRADERCLAW_SESSION_TROUBLESHOOTING}`
       );
     }
     return this.accessToken;
@@ -387,7 +387,7 @@ var SessionManager = class {
     await this.unifiedRefresh();
     if (!this.accessToken) {
       throw new Error(
-        `Session expired and could not be refreshed. Re-authentication required. Troubleshooting: ${TRADERCLAW_SESSION_TROUBLESHOOTING}`
+        `Session expired and could not be refreshed. Re-authentication required. On the gateway host try: traderclaw login \u2014 then openclaw gateway restart. Troubleshooting: ${TRADERCLAW_SESSION_TROUBLESHOOTING}`
       );
     }
     return this.accessToken;

package/dist/index.js

@@ -3,7 +3,7 @@ import {
 } from "./chunk-SBYHSJLU.js";
 import {
   SessionManager
-} from "./chunk-VVEKPKW3.js";
+} from "./chunk-OXQX7Y2B.js";
 import {
   looksLikeTelegramChatId,
   resolveTelegramRecipientToChatId
@@ -18,7 +18,7 @@ import {
 } from "./chunk-3UQIQJPQ.js";
 import {
   AlphaStreamManager
-} from "./chunk-JVQNXWBW.js";
+} from "./chunk-KNJVODJC.js";
 import {
   BitqueryStreamManager
 } from "./chunk-S2DLZKMQ.js";
@@ -771,6 +771,18 @@ function registerWebFetchTool(api, Type2, logPrefix, options) {
 }
 
 // index.ts
+var TRADERCLAW_WALLET_PRIVATE_KEY_ENV = "TRADERCLAW_WALLET_PRIVATE_KEY";
+function walletPrivateKeyFromPluginConfigRecord(obj) {
+  const w = typeof obj.walletPrivateKey === "string" ? obj.walletPrivateKey.trim() : "";
+  return w.length > 0 ? w : void 0;
+}
+function resolveEffectiveWalletPrivateKey(walletPrivateKeyFromPluginConfig) {
+  if (walletPrivateKeyFromPluginConfig && walletPrivateKeyFromPluginConfig.trim().length > 0) {
+    return walletPrivateKeyFromPluginConfig.trim();
+  }
+  const fromEnv = process.env[TRADERCLAW_WALLET_PRIVATE_KEY_ENV]?.trim();
+  return fromEnv && fromEnv.length > 0 ? fromEnv : void 0;
+}
 function parseConfig(raw) {
   const obj = raw && typeof raw === "object" && !Array.isArray(raw) ? raw : {};
   const orchestratorUrl = typeof obj.orchestratorUrl === "string" ? obj.orchestratorUrl : "";
@@ -779,7 +791,7 @@ function parseConfig(raw) {
   const externalUserId = typeof obj.externalUserId === "string" ? obj.externalUserId : void 0;
   const refreshToken = typeof obj.refreshToken === "string" ? obj.refreshToken : void 0;
   const walletPublicKey = typeof obj.walletPublicKey === "string" ? obj.walletPublicKey : void 0;
-  const walletPrivateKey = typeof obj.walletPrivateKey === "string" ? obj.walletPrivateKey : void 0;
+  const walletPrivateKey = resolveEffectiveWalletPrivateKey(walletPrivateKeyFromPluginConfigRecord(obj));
   const apiTimeout = typeof obj.apiTimeout === "number" ? obj.apiTimeout : 12e4;
   const agentId = typeof obj.agentId === "string" ? obj.agentId : void 0;
   const gatewayBaseUrl = typeof obj.gatewayBaseUrl === "string" ? obj.gatewayBaseUrl : void 0;
@@ -903,6 +915,8 @@ var solanaTraderPlugin = {
   name: "Solana Trader",
   description: "Autonomous Solana memecoin trading agent \u2014 V1-Upgraded with intelligence lab, tool envelopes, prompt scrubbing, and split skill architecture",
   register(api) {
+    const pluginConfigRaw = api.pluginConfig && typeof api.pluginConfig === "object" && !Array.isArray(api.pluginConfig) ? api.pluginConfig : {};
+    const walletPrivateKeyFromPluginJsonOnly = walletPrivateKeyFromPluginConfigRecord(pluginConfigRaw);
     const config = parseConfig(api.pluginConfig);
     const { orchestratorUrl, walletId, apiKey, apiTimeout } = config;
     if (!orchestratorUrl) {
@@ -954,18 +968,16 @@ var solanaTraderPlugin = {
       initialAccessToken = sidecar.accessToken;
       initialAccessTokenExpiresAt = sidecar.accessTokenExpiresAt;
     }
+    const walletProofKeySource = config.walletPrivateKey && walletPrivateKeyFromPluginJsonOnly ? "plugin_json" : config.walletPrivateKey ? "env" : "absent";
     api.logger.info(
-      `[solana-trader] Session: sidecar=${sidecar ? "yes" : "no"}, refreshToken=${effectiveRefreshToken ? "present (" + effectiveRefreshToken.slice(0, 8) + "...)" : "MISSING"}, apiKey=${apiKey ? "present" : "MISSING"}, walletPublicKey=${effectiveWalletPublicKey ? "present" : "MISSING"}`
+      `[solana-trader] Session: sidecar=${sidecar ? "yes" : "no"}, refreshToken=${effectiveRefreshToken ? "present (" + effectiveRefreshToken.slice(0, 8) + "...)" : "MISSING"}, apiKey=${apiKey ? "present" : "MISSING"}, walletPublicKey=${effectiveWalletPublicKey ? "present" : "MISSING"}, walletProofSigningKey=${walletProofKeySource}`
     );
     const sessionManager = new SessionManager({
       baseUrl: orchestratorUrl,
       apiKey: apiKey || "",
       refreshToken: effectiveRefreshToken,
       walletPublicKey: effectiveWalletPublicKey,
-      walletPrivateKeyProvider: () => {
-        const k = config.walletPrivateKey;
-        return typeof k === "string" && k.trim() ? k.trim() : void 0;
-      },
+      walletPrivateKeyProvider: () => resolveEffectiveWalletPrivateKey(walletPrivateKeyFromPluginJsonOnly),
       recoverySecretProvider: async () => {
         const sidecarData = readSessionSidecar();
         const fromSidecar = sidecarData?.recoverySecret;

package/dist/src/alpha-ws.js

@@ -2,7 +2,7 @@ import {
   ALPHA_INGESTION_STALE_MS,
   ALPHA_STALE_GRACE_AFTER_CONNECT_MS,
   AlphaStreamManager
-} from "../chunk-JVQNXWBW.js";
+} from "../chunk-KNJVODJC.js";
 export {
   ALPHA_INGESTION_STALE_MS,
   ALPHA_STALE_GRACE_AFTER_CONNECT_MS,

package/dist/src/session-manager.js

@@ -1,6 +1,6 @@
 import {
   SessionManager
-} from "../chunk-VVEKPKW3.js";
+} from "../chunk-OXQX7Y2B.js";
 export {
   SessionManager
 };

package/openclaw.plugin.json

@@ -40,7 +40,7 @@
       "walletPrivateKey": {
         "type": "string",
         "deprecated": true,
-        "description": "DEPRECATED — use env TRADERCLAW_WALLET_PRIVATE_KEY or --wallet-private-key arg. Never store private keys in config files."
+        "description": "Optional base58 signing key when the server requires wallet proof. Prefer TRADERCLAW_WALLET_PRIVATE_KEY in OpenClaw/gateway merged env or systemd EnvironmentFile instead of plaintext JSON (never commit)."
       },
       "apiTimeout": {
         "type": "integer",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "solana-traderclaw",
-  "version": "1.0.102",
+  "version": "1.0.103",
   "description": "TraderClaw V1-Upgraded — Solana trading for OpenClaw with intelligence lab, tool envelopes, prompt scrubbing, read-only X social intel, and split skill docs",
   "type": "module",
   "main": "./dist/index.js",

package/skills/solana-trader/SKILL.md

@@ -26,15 +26,15 @@ You interact with the orchestrator **exclusively through plugin tools** (e.g. `s
 
 ### Official TraderClaw documentation — use before improvising fixes
 
-**Whenever** the user hits auth/session/wallet-proof errors, your **first** actionable step is to direct them to:
+**Whenever** the user hits auth/session/wallet-proof errors, your **first** actionable steps on the **machine that runs OpenClaw** (interactive terminal / TTY) are: run **`traderclaw login`** (complete wallet proof when prompted), then **`openclaw gateway restart`**. Then point them to:
 
 https://docs.traderclaw.ai/docs/installation#troubleshooting-session-expired-auth-errors-or-the-agent-logged-out
 
 ### Wallet proof vs signup — do not conflate these
 
 - **Wallet proof** is NOT account signup. It is a cryptographic step proving wallet control.
-- **`traderclaw login`** reuses the saved refresh token when valid.
-- **OpenClaw gateway ≠ your SSH shell.** Exporting env vars in SSH does NOT inject them into the gateway service process.
+- **`traderclaw login`** refreshes the session when possible and runs the challenge flow when needed; the gateway process itself cannot prompt for a signing key.
+- **OpenClaw gateway ≠ your SSH shell.** The human must re-auth on the gateway host and restart the gateway so new tokens are loaded.
 - **Plugin id vs npm name:** `solana-traderclaw` is the npm package name, while `solana-trader` is the OpenClaw plugin id used in `plugins.entries` and `plugins.allow`.
 
 ---