Merge pull request #11 from anurag162008/main

feat: add multi-provider API key rotation and update docs

.env.example

@@ -5,7 +5,7 @@
 # For local development: cp .env.example .env && nano .env
 
 # ── REQUIRED: Core Configuration ──
-# [REQUIRED] LLM provider API key
+# [REQUIRED] Primary LLM provider API key (for the provider in LLM_MODEL)
 # - Anthropic: sk-ant-v0-...
 # - OpenAI: sk-...
 # - Google: AIzaSy...
@@ -124,6 +124,91 @@ LLM_API_KEY=your_api_key_here
 # Or any other OpenClaw-supported provider (format: provider/model-name)
 LLM_MODEL=anthropic/claude-sonnet-4-5
 
+# ════════════════════════════════════════════════════════════════
+# 🔑 API KEY ROTATION (per-provider key pools)
+# ════════════════════════════════════════════════════════════════
+# Every provider supports a comma-separated key pool.
+# Keys are rotated round-robin on every request — useful when you
+# have multiple accounts or want to spread rate-limit quota.
+#
+# Pattern: <PROVIDER>_API_KEYS=key1,key2,key3
+# Fallback order: plural pool → singular key → LLM_API_KEY
+#
+# Uncomment and fill in only the providers you use:
+#
+# ANTHROPIC_API_KEYS=sk-ant-key1,sk-ant-key2,sk-ant-key3
+# OPENAI_API_KEYS=sk-key1,sk-key2,sk-key3
+# GEMINI_API_KEYS=AIzaSy-key1,AIzaSy-key2
+# DEEPSEEK_API_KEYS=key1,key2
+# OPENROUTER_API_KEYS=sk-or-key1,sk-or-key2
+# KILOCODE_API_KEYS=key1,key2
+# OPENCODE_API_KEYS=key1,key2
+# ZAI_API_KEYS=key1,key2
+# MOONSHOT_API_KEYS=key1,key2
+# MINIMAX_API_KEYS=key1,key2
+# XIAOMI_API_KEYS=key1,key2
+# VOLCANO_ENGINE_API_KEYS=key1,key2
+# BYTEPLUS_API_KEYS=key1,key2
+# MISTRAL_API_KEYS=key1,key2
+# XAI_API_KEYS=key1,key2
+# NVIDIA_API_KEYS=key1,key2,key3
+# GROQ_API_KEYS=gsk-key1,gsk-key2,gsk-key3
+# COHERE_API_KEYS=key1,key2
+# TOGETHER_API_KEYS=key1,key2
+# CEREBRAS_API_KEYS=key1,key2
+# HUGGINGFACE_HUB_TOKENS=hf_key1,hf_key2
+
+# ════════════════════════════════════════════════════════════════
+# 🌐 MULTI-PROVIDER SETUP (use multiple models simultaneously)
+# ════════════════════════════════════════════════════════════════
+# LLM_MODEL sets your DEFAULT model. But you can activate multiple
+# providers at once — OpenClaw auto-discovers any provider whose
+# API key is present in the environment.
+#
+# HOW IT WORKS:
+#   1. LLM_MODEL + LLM_API_KEY  → sets your default model & exports
+#      the matching provider key automatically (e.g. ANTHROPIC_API_KEY)
+#   2. Any additional provider key you set directly (e.g. OPENAI_API_KEY)
+#      is also picked up by OpenClaw → that provider's models become
+#      available in the Control UI for manual selection.
+#   3. Rotation pools (*_API_KEYS) work for every active provider
+#      independently and in parallel.
+#
+# EXAMPLE — default Anthropic, also use OpenAI and Groq:
+#
+#   LLM_MODEL=anthropic/claude-sonnet-4-6   # default
+#   LLM_API_KEY=sk-ant-xxx                  # → auto-sets ANTHROPIC_API_KEY
+#
+#   OPENAI_API_KEY=sk-oai-xxx               # activates OpenAI models
+#   OPENAI_API_KEYS=sk-oai-k1,sk-oai-k2    # optional: rotation pool
+#
+#   GROQ_API_KEY=gsk-xxx                    # activates Groq models
+#   GROQ_API_KEYS=gsk-k1,gsk-k2,gsk-k3     # optional: rotation pool
+#
+# EXAMPLE — OpenRouter only (easiest: one key, 300+ models):
+#
+#   LLM_MODEL=openrouter/anthropic/claude-sonnet-4-6
+#   LLM_API_KEY=sk-or-v1-xxx
+#   # Switch between any of 300+ models in Control UI — no extra keys needed
+#
+# Set any of these directly as HF Space Secrets (not via LLM_API_KEY):
+# ANTHROPIC_API_KEY=sk-ant-xxx
+# OPENAI_API_KEY=sk-oai-xxx
+# GEMINI_API_KEY=AIzaSy-xxx
+# DEEPSEEK_API_KEY=xxx
+# GROQ_API_KEY=gsk-xxx
+# MISTRAL_API_KEY=xxx
+# XAI_API_KEY=xxx
+# NVIDIA_API_KEY=nvapi-xxx
+# COHERE_API_KEY=xxx
+# TOGETHER_API_KEY=xxx
+# CEREBRAS_API_KEY=xxx
+# MOONSHOT_API_KEY=xxx
+# OPENROUTER_API_KEY=sk-or-v1-xxx
+# HUGGINGFACE_HUB_TOKEN=hf_xxx
+
+# ════════════════════════════════════════════════════════════════
+
 # Optional: custom OpenAI-compatible provider
 # Only use this if you want to register your own endpoint at startup.
 # Leave all of these empty unless you need a custom provider.

.gitignore

@@ -0,0 +1,44 @@
+# personal workflows
+.github/workflows/
+.git*
+# env/secrets
+.env
+.env.*
+*.pem
+*.key
+
+# node
+node_modules/
+npm-debug.log*
+yarn-debug.log*
+pnpm-debug.log*
+
+# python
+__pycache__/
+*.pyc
+.venv/
+venv/
+
+# logs
+logs/
+*.log
+
+# local configs
+.vscode/
+.idea/
+
+# build/cache
+dist/
+build/
+.cache/
+
+# temp
+tmp/
+temp/
+
+# os junk
+.DS_Store
+Thumbs.db
+
+# gitignore itself
+.gitignore

Dockerfile

@@ -72,6 +72,8 @@ COPY --chown=1000:1000 wa-guardian.js /home/node/app/wa-guardian.js
 COPY --chown=1000:1000 cloudflare-keepalive-setup.py /home/node/app/cloudflare-keepalive-setup.py
 COPY --chown=1000:1000 openclaw-sync.py /home/node/app/openclaw-sync.py
 RUN chmod +x /home/node/app/start.sh /home/node/app/cloudflare-proxy-setup.py /home/node/app/cloudflare-keepalive-setup.py /home/node/app/openclaw-sync.py
+COPY --chown=1000:1000 multi-provider-key-rotator.cjs /home/node/app/multi-provider-key-rotator.cjs
+RUN chmod +x /home/node/app/start.sh /home/node/app/cloudflare-proxy-setup.py /home/node/app/cloudflare-keepalive-setup.py /home/node/app/openclaw-sync.py /home/node/app/multi-provider-key-rotator.cjs
 
 USER node
 

iframe-fix.cjs

@@ -1,3 +1,7 @@
+process.on('uncaughtException', function(err) {
+  if (err.code === 'EPIPE') return;
+  throw err;
+});
 /**
  * iframe-fix.cjs — Node.js preload script
  *

multi-provider-key-rotator.cjs

@@ -0,0 +1,318 @@
+'use strict';
+
+/**
+ * Multi-provider API key rotator for OpenClaw/HuggingClaw
+ * --------------------------------------------------------
+ * Works exactly like nvidia-key-rotator.cjs but covers every
+ * provider that HuggingClaw supports.
+ *
+ * For each provider you can supply a comma-separated pool:
+ *   ANTHROPIC_API_KEYS=key1,key2,key3
+ * Falls back to the singular env var, then to LLM_API_KEY.
+ *
+ * Keys are rotated round-robin per provider independently.
+ *
+ * Patches globalThis.fetch + node:http + node:https so that
+ * virtually every caller is covered without code changes.
+ */
+
+const http  = require('node:http');
+const https = require('node:https');
+
+// ─── Provider definitions ────────────────────────────────────────────────────
+//
+// hostname  – regex tested against the request hostname (case-insensitive)
+// envPlural – env var that holds a comma-separated key pool  (preferred)
+// envSingular – env var that holds a single key              (fallback)
+//
+// LLM_API_KEY is the final fallback for every provider.
+//
+const PROVIDERS = [
+  {
+    name:       'anthropic',
+    hostname:   /(?:^|\.)api\.anthropic\.com$/i,
+    envPlural:  'ANTHROPIC_API_KEYS',
+    envSingular:'ANTHROPIC_API_KEY',
+  },
+  {
+    name:       'openai',
+    hostname:   /(?:^|\.)api\.openai\.com$/i,
+    envPlural:  'OPENAI_API_KEYS',
+    envSingular:'OPENAI_API_KEY',
+  },
+  {
+    name:       'gemini',
+    // Gemini uses generativelanguage API; also covers aiplatform
+    hostname:   /(?:^|\.)(?:generativelanguage\.googleapis\.com|aiplatform\.googleapis\.com)$/i,
+    envPlural:  'GEMINI_API_KEYS',
+    envSingular:'GEMINI_API_KEY',
+  },
+  {
+    name:       'deepseek',
+    hostname:   /(?:^|\.)api\.deepseek\.com$/i,
+    envPlural:  'DEEPSEEK_API_KEYS',
+    envSingular:'DEEPSEEK_API_KEY',
+  },
+  {
+    name:       'openrouter',
+    hostname:   /(?:^|\.)openrouter\.ai$/i,
+    envPlural:  'OPENROUTER_API_KEYS',
+    envSingular:'OPENROUTER_API_KEY',
+  },
+  {
+    name:       'kilocode',
+    hostname:   /(?:^|\.)kilocode\.ai$/i,
+    envPlural:  'KILOCODE_API_KEYS',
+    envSingular:'KILOCODE_API_KEY',
+  },
+  {
+    name:       'opencode',
+    hostname:   /(?:^|\.)opencode\.ai$/i,
+    envPlural:  'OPENCODE_API_KEYS',
+    envSingular:'OPENCODE_API_KEY',
+  },
+  {
+    name:       'zai',
+    // Z.ai / GLM — both domains normalised to "zai" in OpenClaw
+    hostname:   /(?:^|\.)(?:z\.ai|open\.bigmodel\.cn)$/i,
+    envPlural:  'ZAI_API_KEYS',
+    envSingular:'ZAI_API_KEY',
+  },
+  {
+    name:       'moonshot',
+    hostname:   /(?:^|\.)api\.moonshot\.cn$/i,
+    envPlural:  'MOONSHOT_API_KEYS',
+    envSingular:'MOONSHOT_API_KEY',
+  },
+  {
+    name:       'minimax',
+    hostname:   /(?:^|\.)api\.minimax\.chat$/i,
+    envPlural:  'MINIMAX_API_KEYS',
+    envSingular:'MINIMAX_API_KEY',
+  },
+  {
+    name:       'xiaomi',
+    // MiMo — update hostname if Xiaomi publishes an official domain
+    hostname:   /(?:^|\.)api\.xiaomi\.com$/i,
+    envPlural:  'XIAOMI_API_KEYS',
+    envSingular:'XIAOMI_API_KEY',
+  },
+  {
+    name:       'volcengine',
+    // Volcengine / Doubao
+    hostname:   /(?:^|\.)(?:ark\.cn-beijing\.volces\.com|volcengineapi\.com)$/i,
+    envPlural:  'VOLCANO_ENGINE_API_KEYS',
+    envSingular:'VOLCANO_ENGINE_API_KEY',
+  },
+  {
+    name:       'byteplus',
+    hostname:   /(?:^|\.)maas-api\.ml-platform-cn-beijing\.byteplus\.com$/i,
+    envPlural:  'BYTEPLUS_API_KEYS',
+    envSingular:'BYTEPLUS_API_KEY',
+  },
+  {
+    name:       'mistral',
+    hostname:   /(?:^|\.)api\.mistral\.ai$/i,
+    envPlural:  'MISTRAL_API_KEYS',
+    envSingular:'MISTRAL_API_KEY',
+  },
+  {
+    name:       'xai',
+    hostname:   /(?:^|\.)api\.x\.ai$/i,
+    envPlural:  'XAI_API_KEYS',
+    envSingular:'XAI_API_KEY',
+  },
+  {
+    name:       'nvidia',
+    hostname:   /(?:^|\.)(?:integrate\.api\.nvidia\.com|api\.nvidia\.com)$/i,
+    envPlural:  'NVIDIA_API_KEYS',
+    envSingular:'NVIDIA_API_KEY',
+  },
+  {
+    name:       'groq',
+    hostname:   /(?:^|\.)api\.groq\.com$/i,
+    envPlural:  'GROQ_API_KEYS',
+    envSingular:'GROQ_API_KEY',
+  },
+  {
+    name:       'cohere',
+    hostname:   /(?:^|\.)api\.cohere\.(?:ai|com)$/i,
+    envPlural:  'COHERE_API_KEYS',
+    envSingular:'COHERE_API_KEY',
+  },
+  {
+    name:       'together',
+    hostname:   /(?:^|\.)api\.together\.(?:xyz|ai)$/i,
+    envPlural:  'TOGETHER_API_KEYS',
+    envSingular:'TOGETHER_API_KEY',
+  },
+  {
+    name:       'cerebras',
+    hostname:   /(?:^|\.)api\.cerebras\.ai$/i,
+    envPlural:  'CEREBRAS_API_KEYS',
+    envSingular:'CEREBRAS_API_KEY',
+  },
+  {
+    name:       'huggingface',
+    hostname:   /(?:^|\.)(?:api-inference\.huggingface\.co|router\.huggingface\.co|huggingface\.co)$/i,
+    envPlural:  'HUGGINGFACE_HUB_TOKENS',       // plural variant
+    envSingular:'HUGGINGFACE_HUB_TOKEN',
+  },
+];
+
+// ─── Key loading ───────��─────────────────────────────────────────────────────
+
+function normalizeKeys(...inputs) {
+  const seen = new Set();
+  const out   = [];
+  for (const input of inputs) {
+    for (const k of String(input || '').split(',').map(s => s.trim()).filter(Boolean)) {
+      if (!seen.has(k)) { seen.add(k); out.push(k); }
+    }
+  }
+  return out;
+}
+
+// Build per-provider key pools + rotation indices
+const providerState = PROVIDERS.map(p => {
+  const keys = normalizeKeys(
+    process.env[p.envPlural]  || '',
+    process.env[p.envSingular] || '',
+    process.env.LLM_API_KEY   || '',
+  );
+  if (!keys.length) {
+    console.warn(`[key-rotator] No keys for provider "${p.name}"`);
+  } else {
+    console.log(`[key-rotator] ${p.name}: ${keys.length} key${keys.length === 1 ? '' : 's'}`);
+  }
+  return { ...p, keys, idx: 0 };
+});
+
+// ─── Runtime helpers ─────────────────────────────────────────────────────────
+
+function resolveHostname(urlLike) {
+  try {
+    const u =
+      typeof urlLike === 'string'                              ? new URL(urlLike)
+      : urlLike instanceof URL                                 ? urlLike
+      : urlLike && typeof urlLike.url === 'string'             ? new URL(urlLike.url)
+      : urlLike && typeof urlLike.href === 'string'            ? new URL(urlLike.href)
+      : urlLike && typeof urlLike.hostname === 'string'        ? urlLike
+      : null;
+    return u ? u.hostname : null;
+  } catch {
+    return null;
+  }
+}
+
+function matchProvider(hostname) {
+  if (!hostname) return null;
+  return providerState.find(p => p.hostname.test(hostname)) || null;
+}
+
+function nextKey(provider) {
+  if (!provider || !provider.keys.length) return null;
+  const key = provider.keys[provider.idx % provider.keys.length];
+  provider.idx = (provider.idx + 1) % provider.keys.length;
+  return key;
+}
+
+function setAuthHeader(headers, key) {
+  if (!key) return headers;
+  const authValue = `Bearer ${key}`;
+
+  if (typeof Headers !== 'undefined' && headers instanceof Headers) {
+    headers.set('authorization', authValue);
+    return headers;
+  }
+  if (Array.isArray(headers)) {
+    const out = headers.filter(([k]) => String(k).toLowerCase() !== 'authorization');
+    out.push(['authorization', authValue]);
+    return out;
+  }
+  if (headers && typeof headers === 'object') {
+    return { ...headers, authorization: authValue };
+  }
+  return { authorization: authValue };
+}
+
+// ─── Patch globalThis.fetch ───────────────────────────────────────────────────
+
+function patchFetch() {
+  if (typeof globalThis.fetch !== 'function') return;
+
+  const originalFetch = globalThis.fetch.bind(globalThis);
+
+  globalThis.fetch = async function patchedFetch(input, init = {}) {
+    try {
+      const urlLike =
+        typeof input === 'string' || input instanceof URL
+          ? input
+          : input && typeof input.url === 'string' ? input.url : null;
+
+      const hostname = resolveHostname(urlLike);
+      const provider = matchProvider(hostname);
+
+      if (provider) {
+        const key = nextKey(provider);
+        if (key) {
+          const headers        = init.headers || (input && input.headers) || undefined;
+          const patchedHeaders = setAuthHeader(headers, key);
+          init = { ...init, headers: patchedHeaders };
+
+          if (input && typeof input === 'object' && !(input instanceof URL) && input.headers) {
+            try { input = new Request(input, { headers: patchedHeaders }); } catch { /* noop */ }
+          }
+        }
+      }
+    } catch (err) {
+      console.warn('[key-rotator] fetch patch error:', err?.message || err);
+    }
+
+    return originalFetch(input, init);
+  };
+}
+
+// ─── Patch node:http / node:https ────────────────────────────────────────────
+
+function patchHttpModule(mod) {
+  const originalRequest = mod.request;
+
+  mod.request = function patchedRequest(...args) {
+    try {
+      const options  = args[0];
+      const hostname = resolveHostname(options);
+      const provider = matchProvider(hostname);
+
+      if (provider) {
+        const key = nextKey(provider);
+        if (key) {
+          if (typeof options === 'string' || options instanceof URL) {
+            const u = new URL(String(options));
+            args[0] = {
+              protocol: u.protocol,
+              hostname: u.hostname,
+              port:     u.port,
+              path:     `${u.pathname}${u.search}`,
+              headers:  { authorization: `Bearer ${key}` },
+            };
+          } else if (options && typeof options === 'object') {
+            args[0] = { ...options, headers: setAuthHeader(options.headers, key) };
+          }
+        }
+      }
+    } catch (err) {
+      console.warn('[key-rotator] http patch error:', err?.message || err);
+    }
+
+    return originalRequest.apply(mod, args);
+  };
+}
+
+// ─── Apply patches ────────────────────────────────────────────────────────────
+
+patchFetch();
+patchHttpModule(http);
+patchHttpModule(https);
+
+console.log('[key-rotator] loaded — all providers active');

openclaw-sync.py

@@ -51,7 +51,7 @@ EXCLUDED_SYNC_DIRS = {
 }
 MAX_FILE_SIZE_BYTES = int(os.environ.get("SYNC_MAX_FILE_BYTES", str(50 * 1024 * 1024)))
 
-STATE_DIR = WORKSPACE / ".huggingclaw-state"
+STATE_DIR = WORKSPACE / "huggingclaw-state"
 OPENCLAW_STATE_BACKUP_DIR = STATE_DIR / "openclaw"
 EXCLUDED_STATE_NAMES = {
     "workspace",
@@ -87,20 +87,33 @@ def count_files(path: Path) -> int:
 def snapshot_state_into_workspace() -> None:
     try:
         STATE_DIR.mkdir(parents=True, exist_ok=True)
-        if OPENCLAW_STATE_BACKUP_DIR.exists():
-            shutil.rmtree(OPENCLAW_STATE_BACKUP_DIR, ignore_errors=True)
-        OPENCLAW_STATE_BACKUP_DIR.mkdir(parents=True, exist_ok=True)
+        # Atomic snapshot: copy to a staging dir first, then rename.
+        # This prevents a half-written (or empty) backup if we crash mid-copy,
+        # which would otherwise be uploaded and overwrite the real HF backup.
+        staging_dir = STATE_DIR / ".openclaw-staging"
+        if staging_dir.exists():
+            shutil.rmtree(staging_dir, ignore_errors=True)
+        staging_dir.mkdir(parents=True, exist_ok=True)
 
         for source_path in OPENCLAW_HOME.iterdir():
             if source_path.name in EXCLUDED_STATE_NAMES:
                 continue
 
-            backup_path = OPENCLAW_STATE_BACKUP_DIR / source_path.name
+            backup_path = staging_dir / source_path.name
             if source_path.is_dir():
                 shutil.copytree(source_path, backup_path)
             elif source_path.is_file():
                 shutil.copy2(source_path, backup_path)
+
+        # Atomically swap staging → real backup dir
+        if OPENCLAW_STATE_BACKUP_DIR.exists():
+            shutil.rmtree(OPENCLAW_STATE_BACKUP_DIR, ignore_errors=True)
+        staging_dir.rename(OPENCLAW_STATE_BACKUP_DIR)
     except Exception as exc:
+        # Clean up staging on failure so it doesn't interfere next time
+        staging_dir = STATE_DIR / ".openclaw-staging"
+        if staging_dir.exists():
+            shutil.rmtree(staging_dir, ignore_errors=True)
         print(f"Warning: could not snapshot OpenClaw state: {exc}")
 
     try:
@@ -135,6 +148,23 @@ def snapshot_state_into_workspace() -> None:
 
 def restore_embedded_state() -> None:
     state_backup_root = STATE_DIR / "openclaw"
+
+    # Migration fix: old backups stored state in ".huggingclaw-state/openclaw"
+    # (hidden dir). If new path doesn't exist but old hidden path does, use it
+    # and migrate it to the new path so future syncs write to the right place.
+    if not state_backup_root.is_dir():
+        legacy_state = WORKSPACE / ".huggingclaw-state" / "openclaw"
+        if legacy_state.is_dir():
+            print("Found legacy state backup at .huggingclaw-state/; migrating to huggingclaw-state/...")
+            try:
+                STATE_DIR.mkdir(parents=True, exist_ok=True)
+                shutil.copytree(legacy_state, state_backup_root)
+                legacy_root = WORKSPACE / ".huggingclaw-state"
+                shutil.rmtree(legacy_root, ignore_errors=True)
+                print("Legacy state migrated and .huggingclaw-state/ removed.")
+            except Exception as exc:
+                print(f"Warning: could not migrate legacy state: {exc}")
+
     if state_backup_root.is_dir():
         for source_path in state_backup_root.iterdir():
             name = source_path.name
@@ -398,12 +428,18 @@ def loop() -> int:
         print(f"Workspace sync error: {exc}")
         return 1
 
-    last_fingerprint = fingerprint_dir(WORKSPACE)
-    last_marker = metadata_marker(WORKSPACE)
-
     time.sleep(INITIAL_DELAY)
     print(f"Workspace sync started: every {INTERVAL}s -> {repo_id}")
 
+    # Take a fingerprint of the workspace AS RESTORED (after snapshotting state)
+    # so the first loop iteration only uploads if something genuinely changed.
+    # Previously this was None, which forced an unconditional upload every restart
+    # — even when restore had failed silently and the workspace was empty.
+    snapshot_state_into_workspace()
+    last_fingerprint = fingerprint_dir(WORKSPACE)
+    last_marker = metadata_marker(WORKSPACE)
+    print("Initial workspace fingerprint captured.")
+
     while not STOP_EVENT.is_set():
         try:
             last_fingerprint, last_marker = sync_once(last_fingerprint, last_marker)
@@ -416,7 +452,6 @@ def loop() -> int:
 
     return 0
 
-
 def main() -> int:
     WORKSPACE.mkdir(parents=True, exist_ok=True)
 

start.sh

@@ -107,7 +107,7 @@ case "$LLM_PROVIDER" in
   qianfan)                      export QIANFAN_API_KEY="$LLM_API_KEY" ;;
   # ── Western Providers ──
   mistral|mistralai)            export MISTRAL_API_KEY="$LLM_API_KEY" ;;
-  xai|x-ai)                    export XAI_API_KEY="$LLM_API_KEY" ;;
+  xai|x-ai)                     export XAI_API_KEY="$LLM_API_KEY" ;;
   nvidia)                       export NVIDIA_API_KEY="$LLM_API_KEY" ;;
   cohere)                       export COHERE_API_KEY="$LLM_API_KEY" ;;
   groq)                         export GROQ_API_KEY="$LLM_API_KEY" ;;
@@ -420,12 +420,39 @@ if [ "$WHATSAPP_ENABLED_NORMALIZED" = "true" ]; then
 fi
 
 # Write config
-echo "$CONFIG_JSON" > "/home/node/.openclaw/openclaw.json"
-chmod 600 /home/node/.openclaw/openclaw.json
+EXISTING_CONFIG="/home/node/.openclaw/openclaw.json"
+if [ -f "$EXISTING_CONFIG" ]; then
+  echo "Restored config found — patching required fields only..."
+  PATCHED=$(jq \
+    --arg token "$GATEWAY_TOKEN" \
+    --arg model "$LLM_MODEL" \
+    --arg fileLevel "$OPENCLAW_FILE_LOG_LEVEL" \
+    --arg consoleLevel "$OPENCLAW_CONSOLE_LOG_LEVEL" \
+    --arg consoleStyle "$OPENCLAW_CONSOLE_LOG_STYLE" \
+    '.gateway.auth.token = $token
+     | .agents.defaults.model = $model
+     | .logging.level = $fileLevel
+     | .logging.consoleLevel = $consoleLevel
+     | .logging.consoleStyle = $consoleStyle' \
+    "$EXISTING_CONFIG" 2>/dev/null)
+
+  if [ -n "$PATCHED" ]; then
+    echo "$PATCHED" > "$EXISTING_CONFIG.tmp" \
+      && mv "$EXISTING_CONFIG.tmp" "$EXISTING_CONFIG"
+    echo "Config patched successfully."
+  else
+    echo "Patch failed — writing fresh config."
+    echo "$CONFIG_JSON" > "$EXISTING_CONFIG"
+  fi
+else
+  echo "No restored config — writing fresh config..."
+  echo "$CONFIG_JSON" > "$EXISTING_CONFIG"
+fi
+chmod 600 "$EXISTING_CONFIG"
 
 # ── Enable Gateway Preload Fixes ──
 # This preload script keeps iframe embedding working on HF Spaces.
-export NODE_OPTIONS="${NODE_OPTIONS:+$NODE_OPTIONS }--require /home/node/app/iframe-fix.cjs"
+export NODE_OPTIONS="${NODE_OPTIONS:+$NODE_OPTIONS }--require /home/node/app/iframe-fix.cjs --require /home/node/app/multi-provider-key-rotator.cjs"
 
 # ── Startup Summary ──
 echo ""
@@ -497,6 +524,7 @@ warmup_browser() {
   ) &
 }
 
+
 # ── Start background services ──
 export LLM_MODEL="$LLM_MODEL"
 # 10. Start Health Server & Dashboard
@@ -508,6 +536,63 @@ if [ -n "${CLOUDFLARE_WORKERS_TOKEN:-}" ]; then
   python3 /home/node/app/cloudflare-keepalive-setup.py || true
 fi
 
+# ── Write shell capture wrappers to .bashrc ──
+STARTUP_FILE="/home/node/.openclaw/workspace/startup.sh"
+cat > /home/node/.bashrc << 'BASHRC'
+STARTUP_FILE="/home/node/.openclaw/workspace/startup.sh"
+_hc_append() {
+  local line="$*"
+  grep -qxF "$line" "$STARTUP_FILE" 2>/dev/null || echo "$line" >> "$STARTUP_FILE"
+}
+apt-get() {
+  command apt-get "$@"
+  [[ "$1" == "install" ]] && _hc_append "apt-get install -y ${@:2}"
+}
+apt() {
+  command apt "$@"
+  [[ "$1" == "install" ]] && _hc_append "apt-get install -y ${@:2}"
+}
+pip() { command pip "$@"; [[ "$1" == "install" ]] && _hc_append "pip install ${@:2}"; }
+pip3() { command pip3 "$@"; [[ "$1" == "install" ]] && _hc_append "pip3 install ${@:2}"; }
+npm() { command npm "$@"; [[ "$1" == "install" && "$2" == "-g" ]] && _hc_append "npm install -g ${@:3}"; }
+openclaw() { command openclaw "$@"; [[ "$1" == "plugins" && "$2" == "install" ]] && _hc_append "openclaw plugins install ${@:3}"; }
+BASHRC
+echo "Shell capture wrappers ready."
+
+# ── Re-install previously installed plugins ──
+EXISTING_CONFIG="/home/node/.openclaw/openclaw.json"
+if [ -f "$EXISTING_CONFIG" ]; then
+  INSTALLS=$(jq -r '.plugins.installs // {} | keys[]' "$EXISTING_CONFIG" 2>/dev/null || echo "")
+  if [ -n "$INSTALLS" ]; then
+    echo "Re-installing plugins from config..."
+    while IFS= read -r pkg; do
+      [ -z "$pkg" ] && continue
+      # Try short name first, then @openclaw/ prefix
+      if openclaw plugins install "$pkg" 2>/dev/null; then
+        echo "  Installed: $pkg"
+      elif openclaw plugins install "@openclaw/$pkg" 2>/dev/null; then
+        echo "  Installed: @openclaw/$pkg"
+      else
+        echo "  Warning: could not install $pkg"
+      fi
+    done <<< "$INSTALLS"
+    echo "Plugins done."
+  fi
+fi
+
+# ── Run workspace startup script ──
+STARTUP_FILE="/home/node/.openclaw/workspace/startup.sh"
+if [ ! -f "$STARTUP_FILE" ]; then
+  touch "$STARTUP_FILE"
+  chmod +x "$STARTUP_FILE"
+  echo "Created workspace/startup.sh"
+fi
+if [ -s "$STARTUP_FILE" ]; then
+  echo "Running workspace/startup.sh..."
+  bash "$STARTUP_FILE" || echo "Warning: startup.sh had errors, continuing..."
+  echo "Startup script complete."
+fi
+
 # ── Launch gateway ──
 echo "Launching OpenClaw gateway on port 7860..."