mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-18 20:24:46 +00:00
f91de52f0d
* refactor: remove stale file-backed shims * fix: harden sqlite state ci boundaries * refactor: store matrix idb snapshots in sqlite * fix: satisfy rebased CI guardrails * refactor: store current conversation bindings in sqlite table * refactor: store tui last sessions in sqlite table * refactor: reset sqlite schema history * refactor: drop unshipped sqlite table migration * refactor: remove plugin index file rollback * refactor: drop unshipped sqlite sidecar migrations * refactor: remove runtime commitments kv migration * refactor: preserve kysely sync result types * refactor: drop unshipped sqlite schema migration table * test: keep session usage coverage sqlite-backed * refactor: keep sqlite migration doctor-only * refactor: isolate device legacy imports * refactor: isolate push voicewake legacy imports * refactor: isolate remaining runtime legacy imports * refactor: tighten sqlite migration guardrails * test: cover sqlite persisted enum parsing * refactor: isolate legacy update and tui imports * refactor: tighten sqlite state ownership * refactor: move legacy imports behind doctor * refactor: remove legacy session row lookup * refactor: canonicalize memory transcript locators * refactor: drop transcript path scope fallbacks * refactor: drop runtime legacy session delivery pruning * refactor: store tts prefs only in sqlite * refactor: remove cron store path runtime * refactor: use cron sqlite store keys * refactor: rename telegram message cache scope * refactor: read memory dreaming status from sqlite * refactor: rename cron status store key * refactor: stop remembering transcript file paths * test: use sqlite locators in agent fixtures * refactor: remove file-shaped commitments and cron store surfaces * refactor: keep compaction transcript handles out of session rows * refactor: derive transcript handles from session identity * refactor: derive runtime transcript handles * refactor: remove gateway session locator reads * refactor: remove transcript locator from session rows * refactor: store raw stream diagnostics in sqlite * refactor: remove file-shaped transcript rotation * refactor: hide legacy trajectory paths from runtime * refactor: remove runtime transcript file bridges * refactor: repair database-first rebase fallout * refactor: align tests with database-first state * refactor: remove transcript file handoffs * refactor: sync post-compaction memory by transcript scope * refactor: run codex app-server sessions by id * refactor: bind codex runtime state by session id * refactor: pass memory transcripts by sqlite scope * refactor: remove transcript locator cleanup leftovers * test: remove stale transcript file fixtures * refactor: remove transcript locator test helper * test: make cron sqlite keys explicit * test: remove cron runtime store paths * test: remove stale session file fixtures * test: use sqlite cron keys in diagnostics * refactor: remove runtime delivery queue backfill * test: drop fake export session file mocks * refactor: rename acp session read failure flag * refactor: rename acp row session key * refactor: remove session store test seams * refactor: move legacy session parser tests to doctor * refactor: reindex managed memory in place * refactor: drop stale session store wording * refactor: rename session row helpers * refactor: rename sqlite session entry modules * refactor: remove transcript locator leftovers * refactor: trim file-era audit wording * refactor: clean managed media through sqlite * fix: prefer explicit agent for exports * fix: use prepared agent for session resets * fix: canonicalize legacy codex binding import * test: rename state cleanup helper * docs: align backup docs with sqlite state * refactor: drop legacy Pi usage auth fallback * refactor: move legacy auth profile imports to doctor * refactor: keep Pi model discovery auth in memory * refactor: remove MSTeams legacy learning key fallback * refactor: store model catalog config in sqlite * refactor: use sqlite model catalog at runtime * refactor: remove model json compatibility aliases * refactor: store auth profiles in sqlite * refactor: seed copied auth profiles in sqlite * refactor: make auth profile runtime sqlite-addressed * refactor: migrate hermes secrets into sqlite auth store * refactor: move plugin install config migration to doctor * refactor: rename plugin index audit checks * test: drop auth file assumptions * test: remove legacy transcript file assertions * refactor: drop legacy cli session aliases * refactor: store skill uploads in sqlite * refactor: keep subagent attachments in sqlite vfs * refactor: drop subagent attachment cleanup state * refactor: move legacy session aliases to doctor * refactor: require node 24 for sqlite state runtime * refactor: move provider caches into sqlite state * fix: harden virtual agent filesystem * refactor: enforce database-first runtime state * refactor: rename compaction transcript rotation setting * test: clean sqlite refactor test types * refactor: consolidate sqlite runtime state * refactor: model session conversations in sqlite * refactor: stop deriving cron delivery from session keys * refactor: stop classifying sessions from key shape * refactor: hydrate announce targets from typed delivery * refactor: route heartbeat delivery from typed sqlite context * refactor: tighten typed sqlite session routing * refactor: remove session origin routing shadow * refactor: drop session origin shadow fixtures * perf: query sqlite vfs paths by prefix * refactor: use typed conversation metadata for sessions * refactor: prefer typed session routing metadata * refactor: require typed session routing metadata * refactor: resolve group tool policy from typed sessions * refactor: delete dead session thread info bridge * Show Codex subscription reset times in channel errors (#80456) * feat(plugin-sdk): consolidate session workflow APIs * fix(agents): allow read-only agent mount reads * [codex] refresh plugin regression fixtures * fix(agents): restore compaction gateway logs * test: tighten gateway startup assertions * Redact persisted secret-shaped payloads [AI] (#79006) * test: tighten device pair notify assertions * test: tighten hermes secret assertions * test: assert matrix client error shapes * test: assert config compat warnings * fix(heartbeat): remap cron-run exec events to session keys (#80214) * fix(codex): route btw through native side threads * fix(auth): accept friendly OpenAI order for Codex profiles * fix(codex): rotate auth profiles inside harness * fix: keep browser status page probe within timeout * test: assert agents add outputs * test: pin cron read status * fix(agents): avoid Pi resource discovery stalls Co-authored-by: dataCenter430 <titan032000@gmail.com> * fix: retire timed-out codex app-server clients * test: tighten qa lab runtime assertions * test: check security fix outputs * test: verify extension runtime messages * feat(wake): expose typed sessionKey on wake protocol + system event CLI * fix(gateway): await session_end during shutdown drain and track channel + compaction lifecycle paths (#57790) * test: guard talk consult call helper * fix(codex): scale context engine projection (#80761) * fix(codex): scale context engine projection * fix: document Codex context projection scaling * fix: document Codex context projection scaling * fix: document Codex context projection scaling * fix: document Codex context projection scaling * chore: align Codex projection changelog * chore: realign Codex projection changelog * fix: isolate Codex projection patch --------- Co-authored-by: Eva (agent) <eva+agent-78055@100yen.org> Co-authored-by: Josh Lehman <josh@martian.engineering> * refactor: move agent runtime state toward piless * refactor: remove cron session reaper * refactor: move session management to sqlite * refactor: finish database-first state migration * chore: refresh generated sqlite db types * refactor: remove stale file-backed shims * test: harden kysely type coverage # Conflicts: # .agents/skills/kysely-database-access/SKILL.md # src/infra/kysely-sync.types.test.ts # src/proxy-capture/store.sqlite.test.ts # src/state/openclaw-agent-db.test.ts # src/state/openclaw-state-db.test.ts * refactor: remove cron store path runtime * refactor: keep compaction transcript handles out of session rows * refactor: derive embedded transcripts from sqlite identity * refactor: remove embedded transcript locator handoff * refactor: remove runtime transcript file bridges * refactor: remove transcript file handoffs * refactor: remove MSTeams legacy learning key fallback * refactor: store model catalog config in sqlite * refactor: use sqlite model catalog at runtime # Conflicts: # docs/cli/secrets.md # docs/gateway/authentication.md # docs/gateway/secrets.md * fix: keep oauth sibling sync sqlite-local # Conflicts: # src/commands/onboard-auth.test.ts * refactor: remove task session store maintenance # Conflicts: # src/commands/tasks.ts * refactor: keep diagnostics in state sqlite * refactor: enforce database-first runtime state * refactor: consolidate sqlite runtime state * Show Codex subscription reset times in channel errors (#80456) * fix(codex): refresh subscription limit resets * fix(codex): format reset times for channels * Update CHANGELOG with latest changes and fixes Updated CHANGELOG with recent fixes and improvements. * fix(codex): keep command load failures on codex surface * fix(codex): format account rate limits as rows * fix(codex): summarize account limits as usage status * fix(codex): simplify account limit status * test: tighten subagent announce queue assertion * test: tighten session delete lifecycle assertions * test: tighten cron ops assertions * fix: track cron execution milestones * test: tighten hermes secret assertions * test: assert matrix sync store payloads * test: assert config compat warnings * fix(codex): align btw side thread semantics * fix(codex): honor codex fallback blocking * fix(agents): avoid Pi resource discovery stalls * test: tighten codex event assertions * test: tighten cron assertions * Fix Codex app-server OAuth harness auth * refactor: move agent runtime state toward piless * refactor: move device and push state to sqlite * refactor: move runtime json state imports to doctor * refactor: finish database-first state migration * chore: refresh generated sqlite db types * refactor: clarify cron sqlite store keys * refactor: remove stale file-backed shims * refactor: bind codex runtime state by session id * test: expect sqlite trajectory branch export * refactor: rename session row helpers * fix: keep legacy device identity import in doctor * refactor: enforce database-first runtime state * refactor: consolidate sqlite runtime state * build: align pi contract wrappers * chore: repair database-first rebase * refactor: remove session file test contracts * test: update gateway session expectations * refactor: stop routing from session compatibility shadows * refactor: stop persisting session route shadows * refactor: use typed delivery context in clients * refactor: stop echoing session route shadows * refactor: repair embedded runner rebase imports # Conflicts: # src/agents/pi-embedded-runner/run/attempt.tool-call-argument-repair.ts * refactor: align pi contract imports * refactor: satisfy kysely sync helper guard * refactor: remove file transcript bridge remnants * refactor: remove session locator compatibility * refactor: remove session file test contracts * refactor: keep rebase database-first clean * refactor: remove session file assumptions from e2e * docs: clarify database-first goal state * test: remove legacy store markers from sqlite runtime tests * refactor: remove legacy store assumptions from runtime seams * refactor: align sqlite runtime helper seams * test: update memory recall sqlite audit mock * refactor: align database-first runtime type seams * test: clarify doctor cron legacy store names * fix: preserve sqlite session route projections * test: fix copilot token cache test syntax * docs: update database-first proof status * test: align database-first test fixtures * docs: update database-first proof status * refactor: clean extension database-first drift * test: align agent session route proof * test: clarify doctor legacy path fixtures * chore: clean database-first changed checks * chore: repair database-first rebase markers * build: allow baileys git subdependency * chore: repair exp-vfs rebase drift * chore: finish exp-vfs rebase cleanup * chore: satisfy rebase lint drift * chore: fix qqbot rebase type seam * chore: fix rebase drift leftovers * fix: keep auth profile oauth secrets out of sqlite * fix: repair rebase drift tests * test: stabilize pairing request ordering * test: use source manifests in plugin contract checks * fix: restore gateway session metadata after rebase * fix: repair database-first rebase drift * fix: clean up database-first rebase fallout * test: stabilize line quick reply receipt time * fix: repair extension rebase drift * test: keep transcript redaction tests sqlite-backed * fix: carry injected transcript redaction through sqlite * chore: clean database branch rebase residue * fix: repair database branch CI drift * fix: repair database branch CI guard drift * fix: stabilize oauth tls preflight test * test: align database branch fast guards * test: repair build artifact boundary guards * chore: clean changelog rebase markers --------- Co-authored-by: pashpashpash <nik@vault77.ai> Co-authored-by: Eva <eva@100yen.org> Co-authored-by: stainlu <stainlu@newtype-ai.org> Co-authored-by: Jason Zhou <jason.zhou.design@gmail.com> Co-authored-by: Ruben Cuevas <hi@rubencu.com> Co-authored-by: Pavan Kumar Gondhi <pavangondhi@gmail.com> Co-authored-by: Shakker <shakkerdroid@gmail.com> Co-authored-by: Kaspre <36520309+Kaspre@users.noreply.github.com> Co-authored-by: dataCenter430 <titan032000@gmail.com> Co-authored-by: Kaspre <kaspre@gmail.com> Co-authored-by: pandadev66 <nova.full.stack@outlook.com> Co-authored-by: Eva <admin@100yen.org> Co-authored-by: Eva (agent) <eva+agent-78055@100yen.org> Co-authored-by: Josh Lehman <josh@martian.engineering> Co-authored-by: jeffjhunter <support@aipersonamethod.com>
9.0 KiB
9.0 KiB
summary, read_when, title
| summary | read_when | title | |||
|---|---|---|---|---|---|
| Audit what can spend money, which keys are used, and how to view usage |
|
API usage and costs |
This doc lists features that can invoke API keys and where their costs show up. It focuses on OpenClaw features that can generate provider usage or paid API calls.
Where costs show up (chat + CLI)
Per-session cost snapshot
/statusshows the current session model, context usage, and last response tokens.- If the model uses API-key auth,
/statusalso shows estimated cost for the last reply. - If live session metadata is sparse,
/statuscan recover token/cache counters and the active runtime model label from the latest transcript usage entry. Existing nonzero live values still take precedence, and prompt-sized transcript totals can win when stored totals are missing or smaller.
Per-message cost footer
/usage fullappends a usage footer to every reply, including estimated cost (API-key only)./usage tokensshows tokens only; subscription-style OAuth/token and CLI flows hide dollar cost.- Gemini CLI note: when the CLI returns JSON output, OpenClaw reads usage from
stats, normalizesstats.cachedintocacheRead, and derives input tokens fromstats.input_tokens - stats.cachedwhen needed.
Anthropic note: Anthropic staff told us OpenClaw-style Claude CLI usage is
allowed again, so OpenClaw treats Claude CLI reuse and claude -p usage as
sanctioned for this integration unless Anthropic publishes a new policy.
Anthropic still does not expose a per-message dollar estimate that OpenClaw can
show in /usage full.
CLI usage windows (provider quotas)
openclaw status --usageandopenclaw channels listshow provider usage windows (quota snapshots, not per-message costs).- Human output is normalized to
X% leftacross providers. - Current usage-window providers: Anthropic, GitHub Copilot, Gemini CLI, OpenAI Codex, MiniMax, Xiaomi, and z.ai.
- MiniMax note: its raw
usage_percent/usagePercentfields mean remaining quota, so OpenClaw inverts them before display. Count-based fields still win when present. If the provider returnsmodel_remains, OpenClaw prefers the chat-model entry, derives the window label from timestamps when needed, and includes the model name in the plan label. - Usage auth for those quota windows comes from provider-specific hooks when available; otherwise OpenClaw falls back to matching OAuth/API-key credentials from auth profiles, env, or config.
See Token use & costs for details and examples.
How keys are discovered
OpenClaw can pick up credentials from:
- Auth profiles (per-agent, stored in SQLite auth-profile rows).
- Environment variables (e.g.
OPENAI_API_KEY,BRAVE_API_KEY,FIRECRAWL_API_KEY). - Config (
models.providers.*.apiKey,plugins.entries.*.config.webSearch.apiKey,plugins.entries.firecrawl.config.webFetch.apiKey,memorySearch.*,talk.providers.*.apiKey). - Skills (
skills.entries.<name>.apiKey) which may export keys to the skill process env.
Features that can spend keys
1) Core model responses (chat + tools)
Every reply or tool call uses the current model provider (OpenAI, Anthropic, etc). This is the primary source of usage and cost.
This also includes subscription-style hosted providers that still bill outside OpenClaw's local UI, such as OpenAI Codex, Alibaba Cloud Model Studio Coding Plan, MiniMax Coding Plan, Z.AI / GLM Coding Plan, and Anthropic's OpenClaw Claude-login path with Extra Usage enabled.
See Models for pricing config and Token use & costs for display.
2) Media understanding (audio/image/video)
Inbound media can be summarized/transcribed before the reply runs. This uses model/provider APIs.
- Audio: OpenAI / Groq / Deepgram / DeepInfra / Google / Mistral.
- Image: OpenAI / OpenRouter / Anthropic / DeepInfra / Google / MiniMax / Moonshot / Qwen / Z.AI.
- Video: Google / Qwen / Moonshot.
See Media understanding.
3) Image and video generation
Shared generation capabilities can also spend provider keys:
- Image generation: OpenAI / Google / DeepInfra / fal / MiniMax
- Video generation: DeepInfra / Qwen
Image generation can infer an auth-backed provider default when
agents.defaults.imageGenerationModel is unset. Video generation currently
requires an explicit agents.defaults.videoGenerationModel such as
qwen/wan2.6-t2v.
See Image generation, Qwen Cloud, and Models.
4) Memory embeddings + semantic search
Semantic memory search uses embedding APIs when configured for remote providers:
memorySearch.provider = "openai"→ OpenAI embeddingsmemorySearch.provider = "gemini"→ Gemini embeddingsmemorySearch.provider = "voyage"→ Voyage embeddingsmemorySearch.provider = "mistral"→ Mistral embeddingsmemorySearch.provider = "deepinfra"→ DeepInfra embeddingsmemorySearch.provider = "lmstudio"→ LM Studio embeddings (local/self-hosted)memorySearch.provider = "ollama"→ Ollama embeddings (local/self-hosted; typically no hosted API billing)- Optional fallback to a remote provider if local embeddings fail
You can keep it local with memorySearch.provider = "local" (no API usage).
See Memory.
5) Web search tool
web_search may incur usage charges depending on your provider:
- Brave Search API:
BRAVE_API_KEYorplugins.entries.brave.config.webSearch.apiKey - Exa:
EXA_API_KEYorplugins.entries.exa.config.webSearch.apiKey - Firecrawl:
FIRECRAWL_API_KEYorplugins.entries.firecrawl.config.webSearch.apiKey - Gemini (Google Search):
GEMINI_API_KEYorplugins.entries.google.config.webSearch.apiKey - Grok (xAI):
XAI_API_KEYorplugins.entries.xai.config.webSearch.apiKey - Kimi (Moonshot):
KIMI_API_KEY,MOONSHOT_API_KEY, orplugins.entries.moonshot.config.webSearch.apiKey - MiniMax Search:
MINIMAX_CODE_PLAN_KEY,MINIMAX_CODING_API_KEY,MINIMAX_API_KEY, orplugins.entries.minimax.config.webSearch.apiKey - Ollama Web Search: key-free for a reachable signed-in local Ollama host; direct
https://ollama.comsearch usesOLLAMA_API_KEY, and auth-protected hosts can reuse normal Ollama provider bearer auth - Perplexity Search API:
PERPLEXITY_API_KEY,OPENROUTER_API_KEY, orplugins.entries.perplexity.config.webSearch.apiKey - Tavily:
TAVILY_API_KEYorplugins.entries.tavily.config.webSearch.apiKey - DuckDuckGo: key-free fallback (no API billing, but unofficial and HTML-based)
- SearXNG:
SEARXNG_BASE_URLorplugins.entries.searxng.config.webSearch.baseUrl(key-free/self-hosted; no hosted API billing)
Legacy tools.web.search.* provider paths still load through the temporary compatibility shim, but they are no longer the recommended config surface.
Brave Search free credit: Each Brave plan includes $5/month in renewing free credit. The Search plan costs $5 per 1,000 requests, so the credit covers 1,000 requests/month at no charge. Set your usage limit in the Brave dashboard to avoid unexpected charges.
See Web tools.
5) Web fetch tool (Firecrawl)
web_fetch can call Firecrawl when an API key is present:
FIRECRAWL_API_KEYorplugins.entries.firecrawl.config.webFetch.apiKey
If Firecrawl isn't configured, the tool falls back to direct fetch plus the bundled web-readability plugin (no paid API). Disable plugins.entries.web-readability.enabled to skip local Readability extraction.
See Web tools.
6) Provider usage snapshots (status/health)
Some status commands call provider usage endpoints to display quota windows or auth health. These are typically low-volume calls but still hit provider APIs:
openclaw status --usageopenclaw models status --json
See Models CLI.
7) Compaction safeguard summarization
The compaction safeguard can summarize session history using the current model, which invokes provider APIs when it runs.
See Session management + compaction.
8) Model scan / probe
openclaw models scan can probe OpenRouter models and uses OPENROUTER_API_KEY when
probing is enabled.
See Models CLI.
9) Talk (speech)
Talk mode can invoke ElevenLabs when configured:
ELEVENLABS_API_KEYortalk.providers.elevenlabs.apiKey
See Talk mode.
10) Skills (third-party APIs)
Skills can store apiKey in skills.entries.<name>.apiKey. If a skill uses that key for external
APIs, it can incur costs according to the skill's provider.
See Skills.