Automation
glm-coding-agent
By Run Claude Code CLI with GLM 4.7 (via Z.AI) with automatic git
---
name: glm-coding-agent
description: Run Claude Code CLI with GLM 4.7 (via Z.AI) with automatic git safety net - checkpoint, experiment branch, review workflow. Cheap 200k context.
metadata: {"openclaw":{"emoji":"🤖","requires":{"bins":["claude"]}}}
---
# GLM Coding Agent
Use **Claude Code CLI** with **GLM 4.7** via Z.AI's Anthropic-compatible API, wrapped in **automatic git protection**:
- ✅ Git checkpoint before every run
- ✅ Experiment branch isolation
- ✅ Interactive review workflow
- ✅ One-click rollback
- 💰 Cheap, 200k context
## Quick Start
### From Command Line
#### macOS/Linux
```bash
cd ~/my-project
~/clawd/scripts/safe-glm.sh "Add error handling to the API"
```
#### Windows
```powershell
cd C:\Users\you\my-project
& "$env:USERPROFILE\clawd\scripts\safe-glm.ps1" "Add error handling to the API"
```
### From OpenClaw (all platforms)
```bash
# macOS/Linux
bash pty:true workdir:~/project command:"~/clawd/scripts/safe-glm.sh 'Add error handling'"
# Windows
pwsh pty:true workdir:C:\project command:"$env:USERPROFILE\clawd\scripts\safe-glm.ps1 'Add error handling'"
# After completion → interactive review:
# 1️⃣ ACCEPT - Merge to main
# 2️⃣ REVIEW - Selective staging
# 3️⃣ REJECT - Discard all
# 4️⃣ KEEP - Manual fixes
# Background mode
bash pty:true workdir:~/project background:true command:"~/clawd/scripts/safe-glm.sh 'Refactor auth module'"
# Monitor
process action:log sessionId:XXX
```
## Setup (one-time)
### Platform-specific setup
**macOS/Linux:** Use bash scripts (`.sh`)
**Windows:** Use PowerShell scripts (`.ps1`)
---
### 1. Create glmcode wrapper script (internal)
**Note:** This script is called internally by safe-glm. You don't need to use it directly.
#### macOS/Linux (Bash)
```bash
cat > ~/clawd/scripts/glmcode.sh << 'EOF'
#!/bin/bash
# GLM Code - Claude Code with GLM 4.7 via Z.AI
# Reads API key from OpenClaw config automatically
# Read Z.AI API key from OpenClaw config
CONFIG_FILE="${HOME}/.openclaw/openclaw.json"
if [ -f "$CONFIG_FILE" ]; then
API_KEY=$(jq -r '.models.providers.zai.apiKey // empty' "$CONFIG_FILE" 2>/dev/null)
if [ -n "$API_KEY" ]; then
export ANTHROPIC_AUTH_TOKEN="$API_KEY"
else
echo "Error: Z.AI API key not found in OpenClaw config" >&2
exit 1
fi
else
echo "Error: OpenClaw config not found at $CONFIG_FILE" >&2
exit 1
fi
export ANTHROPIC_BASE_URL="https://api.z.ai/api/anthropic"
export API_TIMEOUT_MS=3000000
# Use GLM-specific settings if they exist, otherwise default
SETTINGS_FILE="${HOME}/.claude/settings-glm.json"
if [ -f "$SETTINGS_FILE" ]; then
exec claude --settings "$SETTINGS_FILE" "$@"
else
exec claude "$@"
fi
EOF
chmod +x ~/clawd/scripts/glmcode.sh
```
#### Windows (PowerShell)
The PowerShell scripts are already created at:
- `%USERPROFILE%\clawd\scripts\glmcode.ps1`
- `%USERPROFILE%\clawd\scripts\safe-glm.ps1`
No additional setup needed! Just make sure OpenClaw config exists at:
```
%USERPROFILE%\.openclaw\openclaw.json
```
### 2. Create GLM settings file
#### macOS/Linux
```bash
mkdir -p ~/.claude
cat > ~/.claude/settings-glm.json << 'EOF'
{
"model": "glm-4.7",
"max_tokens": 8192
}
EOF
```
#### Windows
```powershell
# Create settings directory
New-Item -ItemType Directory -Force -Path "$env:USERPROFILE\.claude"
# Create settings file
@"
{
"model": "glm-4.7",
"max_tokens": 8192
}
"@ | Out-File -FilePath "$env:USERPROFILE\.claude\settings-glm.json" -Encoding utf8
```
### 3. Load convenience aliases (recommended)
#### macOS/Linux
```bash
# Add to ~/.zshrc or ~/.bashrc
source ~/clawd/scripts/glm-alias.sh
# Provides: glm, glm-review, glm-diff, glm-log, glm-undo, glm-branches, glm-clean
```
#### Windows
```powershell
# Add to PowerShell profile
notepad $PROFILE
# Add this function:
function glm { & "$env:USERPROFILE\clawd\scripts\safe-glm.ps1" @args }
# Reload profile
. $PROFILE
```
**Note:** Windows doesn't have all the bash aliases (glm-review, glm-diff, etc.). Use git commands directly:
```powershell
git status # = glm-review
git diff HEAD~1 # = glm-diff
git log --oneline -10 # = glm-log
git reset --hard HEAD~1 # = glm-undo
```
---
## 🛡️ Safe GLM Wrapper (Recommended!)
The **safe-glm wrapper** (`~/clawd/scripts/safe-glm.sh`) provides automatic git-based safety:
### What It Does
1. ✅ **Git checkpoint** - Creates backup commit before GLM runs
2. ✅ **Experiment branch** - Isolates changes from main
3. ✅ **Stash uncommitted** - Preserves your WIP
4. ✅ **Change review** - Shows diff + file stats after completion
5. ✅ **Interactive menu** - Choose: Accept / Review / Reject / Keep
### How It Works
```bash
# Run in any git repo
cd ~/projects/myapp
~/clawd/scripts/safe-glm.sh "Fix auth bug"
# After GLM finishes:
━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📝 Changed files (3):
auth.js | 12 ++++++++++--
utils.js | 5 +++++
tests/auth.js| 24 ++++++++++++++++++++++++
Choose [1/2/3/4]:
1️⃣ ACCEPT - Merge to main
2️⃣ REVIEW - Selective staging (git add -p)
3️⃣ REJECT - Discard all changes
4️⃣ KEEP - Stay on branch for manual fixes
```
### From OpenClaw
```bash
# Safe mode (recommended!)
bash pty:true workdir:~/project command:"~/clawd/scripts/safe-glm.sh 'Add error handling'"
# With background (interactive menu after completion)
bash pty:true workdir:~/project background:true command:"~/clawd/scripts/safe-glm.sh 'Refactor auth module'"
```
### Convenience Aliases
Add to `~/.zshrc`:
```bash
source ~/clawd/scripts/glm-alias.sh
```
Now you have:
```bash
glm "task" # Run safe session
glm-review # Show repo status
glm-diff # Diff since last checkpoint
glm-log # GLM commit history
glm-undo # Rollback last commit
glm-branches # List experiment branches
glm-clean # Delete old branches
```
### Safety Features
| Feature | Protection |
|---------|-----------|
| Git checkpoint | Rollback possible with `glm-undo` |
| Experiment branch | Main branch stays intact until merge |
| Stash uncommitted | No data loss |
| Review enforcement | Must explicitly accept/reject |
| Diff preview | See all changes before merging |
| Selective staging | Cherry-pick good parts only |
**When to use:**
- ✅ Any coding task (default choice!)
- ✅ Refactors that touch many files
- ✅ Uncertain about GLM's output
- ✅ Learning/testing GLM capabilities
**Documentation:** `/Users/sander/clawd/docs/SAFE-GLM-GUIDE.md`
**Requirements:**
- ✅ Git repository (run `git init` if needed)
- ✅ No uncommitted changes (will auto-stash with confirmation)
---
## Safety & Sandboxing
Claude Code has **built-in OS-level sandboxing** to protect against destructive commands!
### Native Sandbox Protection
**What it blocks:**
- ✅ Cannot modify files outside project directory
- ✅ Cannot access ~/.ssh/, sensitive configs
- ✅ Cannot delete system files
- ✅ Network access restricted to allowed domains
- ✅ Protects against prompt injection attacks
**How it works:**
- **macOS:** Uses Seatbelt (built-in)
- **Linux/WSL2:** Uses bubblewrap + socat
**Enable sandbox:**
```bash
# One-time setup (inside Claude Code session)
/sandbox
# Choose "Auto-allow mode" for automation
```
**Configure in ~/.claude/settings.json:**
```json
{
"sandbox": {
"mode": "auto-allow",
"filesystem": {
"allow": ["/Users/sander/Projects"],
"deny": ["~/.ssh", "~/.aws"]
},
"network": {
"allowedDomains": ["github.com", "npmjs.org"]
}
}
}
```
### How safe-glm Uses These Features
**safe-glm.sh uses `--dangerously-skip-permissions` internally**, but the git safety net provides protection:
1. **Git checkpoint** - Every change can be rolled back
2. **Experiment branch** - Main stays untouched until you approve
3. **Interactive review** - See all changes before merging
4. **Sandbox (optional)** - Extra OS-level protection
**Combined safety:**
- Git protects your code history
- Sandbox protects your filesystem
- Review menu protects your judgment
## Usage from OpenClaw
```bash
# One-shot task
bash pty:true workdir:~/project command:"~/clawd/scripts/safe-glm.sh 'Fix the typo in README.md'"
# Background mode (interactive menu after completion)
bash pty:true workdir:~/project background:true command:"~/clawd/scripts/safe-glm.sh 'Refactor auth module'"
# Monitor background tasks
process action:log sessionId:XXX
process action:poll sessionId:XXX
```
### Auto-Notify on Completion
For long background tasks, add a wake trigger:
```bash
bash pty:true workdir:~/project background:true command:"~/clawd/scripts/safe-glm.sh 'Build a REST API for todos.
When completely finished, run:
openclaw gateway wake --text \"Done: Built todos REST API\" --mode now'"
```
## Why GLM 4.7?
| Feature | Value |
|---------|-------|
| **Cost** | Cheap! (via Z.AI) |
| **Context** | 200k tokens |
| **Speed** | Fast responses |
| **Quality** | Decent for coding tasks |
| **API** | Anthropic-compatible via Z.AI |
**Trade-off:** Not as smart as Claude Opus, but good enough for:
- Refactoring
- Bug fixes
- Documentation
- Simple feature additions
- Code reviews
For complex architecture decisions, use Claude Opus instead.
## Examples
### Fix a Bug
```bash
bash pty:true workdir:~/myapp command:"~/clawd/scripts/safe-glm.sh 'Fix the 500 error in /api/users endpoint'"
```
### Add Tests
```bash
bash pty:true workdir:~/myapp command:"~/clawd/scripts/safe-glm.sh 'Add unit tests for the User model'"
```
### Refactor (Background)
```bash
bash pty:true workdir:~/myapp background:true command:"~/clawd/scripts/safe-glm.sh 'Refactor auth.js to use async/await instead of callbacks'"
# Monitor progress
process action:log sessionId:XXX
```
### Review Code
```bash
bash pty:true workdir:~/myapp command:"~/clawd/scripts/safe-glm.sh 'Review the auth module and suggest improvements'"
# If GLM doesn't change files → no git checkpoint needed
# If GLM suggests code changes → safe review workflow
```
## Tips
1. **Git first** - Always work in a git repo (`git ini
... (truncated)
automation
Comments
Sign in to leave a comment