traderclaw-cli 1.0.77 → 1.0.79

package/bin/installer-step-engine.mjs

@@ -1604,14 +1604,14 @@ export function spawnOpenClawCodexAuthLoginChild() {
   if (process.platform === "win32") {
     return spawn("openclaw", argv, { stdio: ["pipe", "pipe", "pipe"], shell: false });
   }
-  // `unbuffer` (expect package) runs the CLI under a PTY and forwards stdin for the paste step reliably.
-  // Plain `script` often does not forward Node's stdin to the inner openclaw process, which causes hangs until timeout.
   if (commandExists("unbuffer")) {
     return spawn("unbuffer", ["openclaw", ...argv], { stdio: ["pipe", "pipe", "pipe"], shell: false });
   }
   if (commandExists("script")) {
     const cmdline = "openclaw models auth login --provider openai-codex";
-    return spawn("script", ["-q", "-c", cmdline, "/dev/null"], {
+    // --return propagates the inner command's exit code (util-linux 2.38+).
+    // Without it, script may exit 0 even if openclaw fails.
+    return spawn("script", ["--return", "-q", "-c", cmdline, "/dev/null"], {
       stdio: ["pipe", "pipe", "pipe"],
       shell: false,
     });
@@ -2093,6 +2093,20 @@ export class InstallerStepEngine {
         }
       }
 
+      const authFile = join(homedir(), ".openclaw", "agents", "main", "agent", "auth-profiles.json");
+      let hasAuth = false;
+      try {
+        hasAuth = readFileSync(authFile, "utf-8").length > 20;
+      } catch { /* file missing */ }
+      if (!hasAuth) {
+        throw new Error(
+          "No OAuth credentials found at " + authFile + ". " +
+          "The wizard OAuth flow did not save tokens (the callback may not have reached the OpenClaw CLI). " +
+          "Run 'openclaw models auth login --provider openai-codex' in a terminal, " +
+          "then re-run the wizard with the 'already logged in' option.",
+        );
+      }
+
       const selection = resolveLlmModelSelection(provider, requestedModel);
       for (const msg of selection.warnings) {
         this.emitLog("configure_llm", "warn", msg);

package/bin/openclaw-trader.mjs

@@ -2158,6 +2158,16 @@ function wizardHtml(defaults) {
               <button type="button" id="oauthRetryBtn" class="secondary hidden">Try sign-in again</button>
             </div>
             <p id="oauthFlowStatus" class="muted" style="margin-top:8px;" aria-live="polite">Choose OAuth and wait a moment. We will prepare your sign-in automatically.</p>
+            <div id="oauthFallbackPaste" class="hidden" style="margin-top:12px;padding:12px;background:#111827;border:1px solid #334a87;border-radius:8px;">
+              <p class="muted" style="margin:0 0 8px;font-size:13px;color:#ffcc70;">
+                <strong>Redirect didn't reach us?</strong> Copy the full URL from the error page in your browser (it starts with <code>http://localhost:1455/auth/callback?code=…</code>) and paste it below.
+              </p>
+              <div style="display:flex;gap:8px;">
+                <input id="oauthFallbackUrlInput" type="text" placeholder="Paste the full localhost:1455/auth/callback?code=… URL here" style="flex:1;font-size:12px;padding:8px 10px;border-radius:6px;border:1px solid #334a87;background:#0a1224;color:#e0e8ff;">
+                <button type="button" id="oauthFallbackSubmitBtn" class="secondary" style="padding:8px 14px;white-space:nowrap;">Submit URL</button>
+              </div>
+              <p id="oauthFallbackError" class="muted hidden" style="margin:6px 0 0;font-size:12px;color:#ff6b6b;"></p>
+            </div>
           </div>
         </div>
         <p class="muted" id="llmLoadState" aria-live="polite">Loading LLM provider catalog...</p>
@@ -2344,6 +2354,11 @@ function wizardHtml(defaults) {
       const oauthStepOpen = document.getElementById("oauthStepOpen");
       const oauthStepComplete = document.getElementById("oauthStepComplete");
       const oauthStepVerify = document.getElementById("oauthStepVerify");
+      const oauthFallbackPaste = document.getElementById("oauthFallbackPaste");
+      const oauthFallbackUrlInput = document.getElementById("oauthFallbackUrlInput");
+      const oauthFallbackSubmitBtn = document.getElementById("oauthFallbackSubmitBtn");
+      const oauthFallbackError = document.getElementById("oauthFallbackError");
+      let oauthFallbackTimer = null;
 
       function setOauthStep(stepEl, mode) {
         if (!stepEl) return;
@@ -2402,8 +2417,25 @@ function wizardHtml(defaults) {
         oauthSessionId = null;
       }
 
+      function hideFallbackPaste() {
+        if (oauthFallbackPaste) oauthFallbackPaste.classList.add("hidden");
+        if (oauthFallbackUrlInput) oauthFallbackUrlInput.value = "";
+        if (oauthFallbackError) { oauthFallbackError.textContent = ""; oauthFallbackError.classList.add("hidden"); }
+        if (oauthFallbackTimer) { clearTimeout(oauthFallbackTimer); oauthFallbackTimer = null; }
+      }
+
+      function showFallbackPasteAfterDelay(ms) {
+        hideFallbackPaste();
+        oauthFallbackTimer = setTimeout(() => {
+          if (oauthFallbackPaste && oauthSessionId && oauthOpenedInBrowser && !oauthWizardLoginDone) {
+            oauthFallbackPaste.classList.remove("hidden");
+          }
+        }, ms);
+      }
+
       function resetOauthWizardState() {
         stopOauthPolling();
+        hideFallbackPaste();
         oauthSessionId = null;
         oauthWizardLoginDone = false;
         oauthStartInFlight = false;
@@ -2526,6 +2558,7 @@ function wizardHtml(defaults) {
           if (state === "succeeded") {
             oauthWizardLoginDone = true;
             oauthSessionId = null;
+            hideFallbackPaste();
             setOauthStep(oauthStepPrepare, "done");
             setOauthStep(oauthStepOpen, "done");
             setOauthStep(oauthStepComplete, "done");
@@ -3068,7 +3101,49 @@ function wizardHtml(defaults) {
           setOauthStep(oauthStepOpen, "done");
           setOauthStep(oauthStepComplete, "active");
           setOauthStep(oauthStepVerify, "active");
-          setOauthStatus("Complete ChatGPT approval in this same browser, then return here. We detect completion automatically.");
+          setOauthStatus("Complete ChatGPT approval in this browser, then return here. We detect completion automatically.");
+          showFallbackPasteAfterDelay(15_000);
+        });
+      }
+
+      if (oauthFallbackSubmitBtn) {
+        oauthFallbackSubmitBtn.addEventListener("click", async () => {
+          const raw = (oauthFallbackUrlInput && oauthFallbackUrlInput.value || "").trim();
+          if (!raw || !raw.includes("code=")) {
+            if (oauthFallbackError) {
+              oauthFallbackError.textContent = "Paste the full URL from the browser address bar. It must contain code=…";
+              oauthFallbackError.classList.remove("hidden");
+            }
+            return;
+          }
+          if (oauthFallbackError) oauthFallbackError.classList.add("hidden");
+          oauthFallbackSubmitBtn.disabled = true;
+          oauthFallbackSubmitBtn.textContent = "Submitting…";
+          try {
+            const res = await fetch("/api/llm/oauth/submit-callback-url", {
+              method: "POST",
+              headers: { "content-type": "application/json" },
+              body: JSON.stringify({ sessionId: oauthSessionId, callbackUrl: raw }),
+            });
+            const data = await res.json().catch(() => ({}));
+            if (res.ok && data.ok) {
+              hideFallbackPaste();
+              setOauthStatus("Callback received! Waiting for OpenClaw to finish…", false);
+            } else {
+              if (oauthFallbackError) {
+                oauthFallbackError.textContent = data.message || data.error || "Could not submit the URL. Try again.";
+                oauthFallbackError.classList.remove("hidden");
+              }
+            }
+          } catch (err) {
+            if (oauthFallbackError) {
+              oauthFallbackError.textContent = err.message || "Request failed.";
+              oauthFallbackError.classList.remove("hidden");
+            }
+          } finally {
+            oauthFallbackSubmitBtn.disabled = false;
+            oauthFallbackSubmitBtn.textContent = "Submit URL";
+          }
         });
       }
 
@@ -3182,6 +3257,32 @@ async function cmdInstall(args) {
     }
   }
 
+  /**
+   * Release port 1455 so the OpenClaw CLI can bind its own callback server
+   * during `openclaw models auth login`. Returns a promise that resolves
+   * once the proxy is fully closed (or after a safety timeout).
+   */
+  function stopCallbackProxy() {
+    return new Promise((resolve) => {
+      if (!oauthCallbackProxy) { resolve(); return; }
+      const proxy = oauthCallbackProxy;
+      oauthCallbackProxy = null;
+      const safety = setTimeout(resolve, 2000);
+      proxy.close(() => { clearTimeout(safety); setTimeout(resolve, 150); });
+    });
+  }
+
+  function hasOpenaiCodexAuthTokens() {
+    try {
+      const authFile = join(homedir(), ".openclaw", "agents", "main", "agent", "auth-profiles.json");
+      const raw = readFileSync(authFile, "utf-8");
+      const data = JSON.parse(raw);
+      return data && typeof data === "object" && JSON.stringify(data).length > 20;
+    } catch {
+      return false;
+    }
+  }
+
   function killOauthSession(sessionId, signal = "SIGTERM") {
     const s = oauthSessions.get(sessionId);
     if (!s) return;
@@ -3313,6 +3414,13 @@ async function cmdInstall(args) {
         killOauthSession(id);
       }
 
+      // Release port 1455 so the OpenClaw CLI can bind its own callback
+      // server directly. The previous approach relied on the wizard proxy
+      // catching the callback and forwarding the code via stdin, but
+      // `script` (PTY wrapper) does not reliably forward stdin to the
+      // inner process, causing tokens to never be saved.
+      await stopCallbackProxy();
+
       const sessionId = randomUUID();
       const child = spawnOpenClawCodexAuthLoginChild();
 
@@ -3327,6 +3435,7 @@ async function cmdInstall(args) {
           /* ignore */
         }
         oauthSessions.delete(sessionId);
+        startCallbackProxy();
         respondJson(504, {
           ok: false,
           error: "oauth_url_timeout",
@@ -3365,6 +3474,7 @@ async function cmdInstall(args) {
       });
       child.on("error", (err) => {
         clearTimeout(urlTimeout);
+        startCallbackProxy();
         if (responded) return;
         responded = true;
         oauthSessions.delete(sessionId);
@@ -3372,6 +3482,7 @@ async function cmdInstall(args) {
       });
       child.on("close", (code) => {
         clearTimeout(urlTimeout);
+        startCallbackProxy();
         if (!responded) {
           responded = true;
           oauthSessions.delete(sessionId);
@@ -3391,9 +3502,15 @@ async function cmdInstall(args) {
           pending.updatedAt = Date.now();
           pending.exitCode = typeof code === "number" ? code : null;
           pending.detail = stripAnsi(combined).slice(-4000);
-          if (code === 0) {
+          if (code === 0 && hasOpenaiCodexAuthTokens()) {
             pending.status = "succeeded";
             pending.message = "ChatGPT OAuth completed successfully.";
+          } else if (code === 0) {
+            pending.status = "failed";
+            pending.message =
+              "OpenClaw exited OK but no auth tokens were saved. " +
+              "Run 'openclaw models auth login --provider openai-codex' in a terminal, " +
+              "then re-run the wizard with the already-logged-in option.";
           } else {
             pending.status = "failed";
             pending.message =
@@ -3486,6 +3603,41 @@ async function cmdInstall(args) {
       return;
     }
 
+    if (req.method === "POST" && req.url === "/api/llm/oauth/submit-callback-url") {
+      const body = await parseJsonBody(req).catch(() => ({}));
+      const sessionId = typeof body.sessionId === "string" ? body.sessionId : "";
+      const callbackUrl = typeof body.callbackUrl === "string" ? body.callbackUrl.trim() : "";
+      if (!callbackUrl || !callbackUrl.includes("code=")) {
+        respondJson(400, { ok: false, error: "invalid_url", message: "URL must contain a code= parameter." });
+        return;
+      }
+      const s = sessionId ? oauthSessions.get(sessionId) : findActiveOauthSession();
+      if (!s || !s.child) {
+        respondJson(404, { ok: false, error: "no_active_session", message: "No active OAuth session. Click Try sign-in again." });
+        return;
+      }
+      try {
+        if (s.child.stdin && !s.child.stdin.writableEnded && !s.child.stdin.destroyed) {
+          s.child.stdin.write(`${callbackUrl}\n`, () => {
+            setTimeout(() => {
+              try {
+                if (s.child && s.child.stdin && !s.child.stdin.destroyed && !s.child.stdin.writableEnded) {
+                  s.child.stdin.end();
+                }
+              } catch { /* ignore */ }
+            }, 100);
+          });
+          s.updatedAt = Date.now();
+          respondJson(200, { ok: true, message: "Callback URL submitted. Waiting for OpenClaw to complete…" });
+        } else {
+          respondJson(500, { ok: false, error: "stdin_closed", message: "OpenClaw process stdin is closed. Click Try sign-in again." });
+        }
+      } catch (err) {
+        respondJson(500, { ok: false, error: "write_error", message: err.message || "Failed to write to OpenClaw." });
+      }
+      return;
+    }
+
     if (req.method === "POST" && req.url === "/api/llm/oauth/cancel") {
       const body = await parseJsonBody(req).catch(() => ({}));
       const sessionId = typeof body.sessionId === "string" ? body.sessionId : "";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "traderclaw-cli",
-  "version": "1.0.77",
+  "version": "1.0.79",
   "description": "Global TraderClaw CLI (install --wizard, setup, precheck). Installs solana-traderclaw as a dependency for OpenClaw plugin files.",
   "type": "module",
   "bin": {
@@ -17,7 +17,7 @@
     "node": ">=22"
   },
   "dependencies": {
-    "solana-traderclaw": "^1.0.77"
+    "solana-traderclaw": "^1.0.79"
   },
   "keywords": [
     "traderclaw",