Tools
Moltmaster
Keep AI provider subscription rate windows warm — credential scan (fingerprints only) + tiny state-gated pings. Standalone CLI + OpenClaw plugin. 💓🦞
Install
openclaw plugins install clawhub:...`)
README
# moltmaster 💓🦞
Keep AI provider **subscription rate windows warm** with tiny, state-gated pings —
so your 5-hour Claude/OpenAI windows are already counting down before real work starts.
Three parts, smallest possible blast radius:
| Part | What it does | What it never does |
|------|--------------|--------------------|
| `core/scan.sh` | Finds credentials in the usual places, reports **sha256 fingerprints only** | Print, move, or transmit a token |
| `core/pulse.sh` | One ~1–16 token ping per lane per interval (default 5h05m) | Retry-hammer, refresh credentials, run without a lanes file |
| `cli.mjs` / plugin | `scan · dry-run · run · status` | Schedule itself; send pings from chat |
## Quick start (standalone — no OpenClaw required)
```bash
node cli.mjs scan --suggest # 1. find credentials (fingerprint report + commented lane suggestions)
$EDITOR lanes.conf # 2. review, dedupe by fingerprint, uncomment lanes DELIBERATELY
node cli.mjs dry-run # 3. verify every lane resolves its token (no pings)
node cli.mjs run # 4. one live pass
crontab -e # 5. */5 * * * * flock -n /tmp/mm-pulse.lock .../core/pulse.sh
```
The per-lane state gate makes cron cadence irrelevant to ping volume — run it
every 5 minutes; each lane only fires when its last ping is ≥ `PULSE_INTERVAL_SECONDS`
(default 5h05m) old, capped at `PULSE_DAILY_CAP` (default 6) per day.
## Scan locations
`~/.claude/.credentials.json` (Claude Code native login) · `~/.codex/auth.json`
(Codex CLI) · `~/.openclaw/.env` + `gateway.systemd.env` + `PULSE_SCAN_ENV_FILES`
(ANTHROPIC_*/OPENAI_*/CLAUDE_CODE_OAUTH_* vars) · OpenClaw per-agent sqlite auth
stores. Same fingerprint = same credential — don't ping it twice.
## Lane kinds
```
claude-env <lane> <ENV_VAR> # claude -p, OAuth token from env var (source via PULSE_ENV_FILE)
claude-cmd <lane> <shell cmd> # claude -p, token from command stdout (e.g. sqlite/jq read)
claude-native <lane> # claude -p with NO override — CLI self-refreshes its own login
openai-env <lane> <ENV_VAR> # curl /v1/responses, key from env var
openai-cmd <lane> <shell cmd> # curl /v1/responses, key from command stdout
exec <lane> <shell cmd> # arbitrary ping command (rc 0 = OK)
```
Why `claude-native` matters: overriding with a token read from
`.credentials.json` 401s once the stored access token expires; running the CLI
natively lets it refresh itself.
## Safety posture
- **Discovered ≠ pinged.** Scan suggestions are always commented out; a human uncomments lanes.
- **Tokens never logged.** Logs carry lane names, rcs, and truncated model output only.
- **Kill switch:** `touch $PULSE_HOME/pulse.off`. **Dry-run** before first live pass.
- Failed/limited pings still stamp the lane — no retry hammering.
- One engine, one scheduler. Never run two engines against the same accounts
(that's a double-ping — we learned this the hard way, 2026-07-03).
## Status on this box (2026-07-04)
- **Engine-of-record: this package** — crontab `MOLTMASTER_PULSE` runs
`core/pulse.sh` every 5 min (flock-guarded), state in
`/root/.openclaw/moltmaster/pulse/`, kill switch `pulse.off`. Cutover from the
workspace prototype completed 2026-07-04; the legacy copies were removed.
- `lanes.conf` is box-specific and git-ignored — `lanes.conf.example` is the
shippable template.
- `index.ts` plugin registration is **unproven** until the next approved gateway
restart; treat `/pulse` as reference design until then.
## Ship path
extensions/ (here, live use) → publish to ClawHub (`openclaw plugins install clawhub:...`)
→ maybe upstream openclaw/openclaw `extensions/` PR once proven.
tools
Comments
Sign in to leave a comment