nav/ContractorAgent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(bridge): resolve real bridge key past OpenClaw redaction; sane provider timeout

Browse Source 
Three install/bridge bugs that made every OpenClaw model call to the
bridge fail when driven by a non-bundled channel plugin (e.g. Fabric):

1. OpenClaw redacts secret-like keys before exposing pluginConfig to a
   plugin, so config.bridgeApiKey was the literal __OPENCLAW_REDACTED__
   sentinel. The bridge then validated Authorization against the
   sentinel while the model provider sent the real key -> permanent
   HTTP 401. Resolve the real shared secret from the raw on-disk config
   (same pattern resolveAgent already uses); if still missing/redacted,
   treat as no-auth on the loopback-only bridge instead of 401-locking.

2. install.mjs set the provider apiKey authoritatively but only
   setIfMissing the plugin bridgeApiKey, so a stale prior value desynced
   the pair. Make bridgeApiKey authoritative too (they must match).

3. The provider had no timeoutSeconds; a full bridged agent turn far
   exceeds OpenClaw's default model-fetch timeout, so OpenClaw aborted
   mid-turn and no reply was ever delivered. Default timeoutSeconds=600
   (preserves a user override).

Verified live: bridge now returns 200 for the real key and a valid
OpenAI SSE completion; the fetch-timeout abort is gone.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
h z
2026-05-16 09:57:32 +01:00
parent 0b24330787
commit 453dab3271
2 changed files with 52 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
scripts/install.mjs
View File

@@ -79,6 +79,11 @@ function install() {
baseUrl: `http://127.0.0.1:${BRIDGE_PORT}/v1`,
apiKey: BRIDGE_API_KEY,
api: "openai-completions",
// The bridge wraps a full Claude/Gemini agent turn (tool use, multi-step),
// which routinely takes far longer than OpenClaw's default model-fetch
// timeout. Without a generous timeout OpenClaw aborts the request mid-turn
// and no reply is ever delivered. Preserve a user override if set.
timeoutSeconds: existingProvider.timeoutSeconds ?? 600,
models: [
{
id: "contractor-claude-bridge",
@@ -120,11 +125,16 @@ function install() {
cfg.plugins.entries[PLUGIN_ID] = cfg.plugins.entries[PLUGIN_ID] ?? {};
cfg.plugins.entries[PLUGIN_ID].enabled = true;
// Set default config — setIfMissing so user values are preserved
// Set default config — setIfMissing so user values are preserved.
const pluginCfg = cfg.plugins.entries[PLUGIN_ID].config ?? {};
setIfMissing(pluginCfg, "bridgePort", BRIDGE_PORT);
setIfMissing(pluginCfg, "bridgeApiKey", BRIDGE_API_KEY);
setIfMissing(pluginCfg, "permissionMode", "bypassPermissions");
// bridgeApiKey is the shared secret between the bridge server (this plugin)
// and the model provider written above. The provider apiKey is set
// authoritatively (= BRIDGE_API_KEY); the bridge side MUST stay in lockstep
// or every request 401s. Set it authoritatively too — never setIfMissing
// (a stale prior value would desync the pair).
pluginCfg.bridgeApiKey = BRIDGE_API_KEY;
cfg.plugins.entries[PLUGIN_ID].config = pluginCfg;
writeConfig(cfg);