Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
509017b
feat: add OpenClaw plugin for seamless maple-proxy integration
AnthonyRonning Feb 15, 2026
02a8fd1
feat: add version pinning, TTL cache, and old version cleanup
AnthonyRonning Feb 15, 2026
8a0cc5d
feat: rename to maple-openclaw-plugin, add agent tool, port 8000, cra…
AnthonyRonning Feb 15, 2026
f2b112b
fix: address PR review - spawn error race, duplicate start guard, tests
AnthonyRonning Feb 15, 2026
07f853d
fix: SIGTERM escalation, signal crash recovery, checksum security
AnthonyRonning Feb 15, 2026
06cb450
fix: track exited flag across crash recovery restarts
AnthonyRonning Feb 16, 2026
1ef9259
fix: stale process reference after crash recovery, SIGKILL escalation
AnthonyRonning Feb 16, 2026
4abcc8a
fix: add concurrent start() guard to prevent download/extraction races
AnthonyRonning Feb 16, 2026
c84b8be
fix: regenerate package-lock.json to match renamed package
AnthonyRonning Feb 16, 2026
a0743ee
fix: kill orphaned child process on crash-recovery restart failure
AnthonyRonning Feb 16, 2026
2731a1b
docs: add embeddings endpoint and memory search config to SKILL.md
AnthonyRonning Feb 16, 2026
2516ca3
fix: correct apiKey guidance in memory search config
AnthonyRonning Feb 16, 2026
ea3a44f
fix: align plugin packaging with OpenClaw conventions
AnthonyRonning Feb 16, 2026
eaba2f7
fix: rewrite SKILL.md from real usage, change default port to 8787
AnthonyRonning Feb 16, 2026
0779314
fix: update stale vLLM log message to maple provider
AnthonyRonning Feb 16, 2026
547c70e
docs: note that plugin config changes require gateway restart
AnthonyRonning Feb 16, 2026
3ec0eaf
fix: exclude SIGKILL from crash recovery to prevent cascading restarts
AnthonyRonning Feb 16, 2026
168bd85
fix: return setup instructions from maple_proxy_status when unconfigured
AnthonyRonning Feb 16, 2026
163ff0f
chore: bump to 0.1.0-beta.2
AnthonyRonning Feb 16, 2026
131bb1a
fix: unref shutdown timers to allow clean Node.js exit
AnthonyRonning Feb 17, 2026
6ce7116
chore: bump to 0.1.0-beta.3
AnthonyRonning Feb 17, 2026
35b0bb2
docs: expand SKILL.md embeddings section with full setup walkthrough
kelaode-dev Feb 17, 2026
3e51989
chore: bump to 0.1.0-beta.4
AnthonyRonning Feb 17, 2026
60c1548
docs: add README.md for npm package with full setup and embeddings guide
AnthonyRonning Feb 17, 2026
361f3ec
docs: restructure README with recommended (agent-driven) and manual s…
AnthonyRonning Feb 17, 2026
40cbb9e
fix: capture child reference locally in crash recovery to prevent race
AnthonyRonning Feb 17, 2026
0419ed6
chore: release 0.1.0
AnthonyRonning Feb 17, 2026
0fb923c
docs: add all available models to SKILL.md and README
AnthonyRonning Feb 17, 2026
b885e56
chore: release 0.1.1
AnthonyRonning Feb 17, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions flake.nix
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,9 @@
gcc
clang
libclang

# TypeScript / OpenClaw plugin
nodejs_22

# Useful tools
jq
Expand Down
48 changes: 48 additions & 0 deletions justfile
Original file line number Diff line number Diff line change
Expand Up @@ -256,3 +256,51 @@ ghcr-pull tag="latest":
@echo "📥 Pulling from GitHub Container Registry..."
@{{container}} pull ghcr.io/opensecretcloud/maple-proxy:{{tag}}
@echo "✅ Pulled ghcr.io/opensecretcloud/maple-proxy:{{tag}}"

# === OpenClaw Plugin ===

# Install plugin dependencies
plugin-install:
@echo "📦 Installing plugin dependencies..."
@cd openclaw-plugin && npm install
@echo "✅ Plugin dependencies installed"

# Build plugin (TypeScript -> JS)
plugin-build:
@echo "🔨 Building OpenClaw plugin..."
@cd openclaw-plugin && npm run build
@echo "✅ Plugin built"

# Lint plugin
plugin-lint:
@echo "🔍 Linting plugin..."
@cd openclaw-plugin && npm run lint
@echo "✅ Plugin linted"

# Test plugin
plugin-test:
@echo "🧪 Testing plugin..."
@cd openclaw-plugin && npm test
@echo "✅ Plugin tests passed"

# Check all (Rust + plugin)
check-all: check plugin-lint plugin-test
@echo "✅ All checks passed (Rust + Plugin)"

# Link plugin locally for OpenClaw development
plugin-link:
@echo "🔗 Linking plugin to OpenClaw extensions..."
@openclaw plugins install -l ./openclaw-plugin
@echo "✅ Plugin linked"

# Pack plugin for npm publishing
plugin-pack:
@echo "📦 Packing plugin for npm..."
@cd openclaw-plugin && npm pack
@echo "✅ Plugin packed"

# Publish plugin to npm
plugin-publish:
@echo "🚀 Publishing plugin to npm..."
@cd openclaw-plugin && npm publish --access public
@echo "✅ Plugin published"
3 changes: 3 additions & 0 deletions openclaw-plugin/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
node_modules/
dist/
*.tgz
199 changes: 199 additions & 0 deletions openclaw-plugin/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,199 @@
# @opensecret/maple-openclaw-plugin

OpenClaw plugin that automatically downloads, configures, and runs [maple-proxy](https://github.com/OpenSecretCloud/maple-proxy) as a background service. All AI inference runs inside Maple's TEE (Trusted Execution Environment) secure enclaves.

## Quick Start (Recommended)

Install the plugin and let your agent handle the rest:

```bash
openclaw plugins install @opensecret/maple-openclaw-plugin
```

Then tell your agent:

> Install and configure maple-proxy with my API key: `YOUR_MAPLE_API_KEY`

The plugin bundles a skill that teaches the agent how to set up the maple provider, configure models, and enable embeddings. After a gateway restart, the agent will have all the context it needs from the skill to complete the setup. If the plugin isn't configured yet, the `maple_proxy_status` tool also returns step-by-step instructions.

## Manual Setup

If you prefer to configure everything yourself, follow these steps after installing the plugin.

### 1. Configure the plugin

Set your Maple API key in `openclaw.json`:

```json
{
"plugins": {
"entries": {
"maple-openclaw-plugin": {
"enabled": true,
"config": {
"apiKey": "YOUR_MAPLE_API_KEY"
}
}
}
}
}
```

### 2. Add the Maple provider

Add a `maple` provider so OpenClaw can route requests to the local proxy (default port **8787**):

```json
{
"models": {
"providers": {
"maple": {
"baseUrl": "http://127.0.0.1:8787/v1",
"apiKey": "YOUR_MAPLE_API_KEY",
"api": "openai-completions",
"models": [
{ "id": "kimi-k2-5", "name": "Kimi K2.5 (recommended)" },
{ "id": "deepseek-r1-0528", "name": "DeepSeek R1" },
{ "id": "gpt-oss-120b", "name": "GPT-OSS 120B" },
{ "id": "llama-3.3-70b", "name": "Llama 3.3 70B" },
{ "id": "qwen3-vl-30b", "name": "Qwen3 VL 30B" }
]
}
}
}
}
```

Use the same Maple API key in both places. To discover all available models, call `GET http://127.0.0.1:8787/v1/models` after startup.

### 3. Add models to the allowlist (if applicable)

If you have an `agents.defaults.models` section in your config, add the maple models you want. If you don't have this section, skip this step -- all models are allowed by default.

```json
{
"agents": {
"defaults": {
"models": {
"maple/kimi-k2-5": {},
"maple/deepseek-r1-0528": {},
"maple/gpt-oss-120b": {},
"maple/llama-3.3-70b": {},
"maple/qwen3-vl-30b": {}
}
}
}
}
```

### 4. Restart the gateway

```bash
systemctl restart openclaw.service
```

Plugin config changes always require a full gateway restart. Model and provider config changes hot-apply without a restart.

## Usage

Use maple models by prefixing with `maple/`:

- `maple/kimi-k2-5` (recommended)
- `maple/deepseek-r1-0528`
- `maple/gpt-oss-120b`
- `maple/llama-3.3-70b`
- `maple/qwen3-vl-30b`

The plugin also registers a `maple_proxy_status` tool that shows the proxy's health, port, version, and available endpoints. If the plugin isn't configured yet, the tool returns setup instructions.

## Embeddings & Memory Search

maple-proxy serves an OpenAI-compatible embeddings endpoint using the `nomic-embed-text` model. You can use this for OpenClaw's memory search so embeddings are generated inside the TEE -- no cloud embedding provider needed.

### Enable the memory-core plugin

The `memory_search` and `memory_get` tools come from OpenClaw's `memory-core` plugin. It ships as a stock plugin but **must be explicitly enabled**:

```json
{
"plugins": {
"allow": ["memory-core"],
"entries": {
"memory-core": {
"enabled": true
}
}
}
}
```

### Configure memorySearch

> **Important**: The model field must be `nomic-embed-text` (without a `maple/` prefix). Using `maple/nomic-embed-text` will cause 400 errors.

```json
{
"agents": {
"defaults": {
"memorySearch": {
"enabled": true,
"provider": "openai",
"model": "nomic-embed-text",
"remote": {
"baseUrl": "http://127.0.0.1:8787/v1/",
"apiKey": "YOUR_MAPLE_API_KEY"
}
}
}
}
}
```

### Restart and reindex

```bash
systemctl restart openclaw.service
openclaw memory index --verbose
openclaw memory status --deep
```

The status output should show **Embeddings: available** and **Vector: ready**.

### Troubleshooting

| Problem | Cause | Fix |
|---|---|---|
| "memory slot plugin not found" | `memory-core` not enabled | Add to `plugins.allow` and `plugins.entries`, restart |
| Embeddings 400 error | Model has provider prefix | Change `maple/nomic-embed-text` to `nomic-embed-text` |
| Embeddings 401 error | Wrong API key | Check the key is the actual value, not a placeholder |
| "Batch: disabled" in status | Too many embedding failures | Fix config, restart to reset failure counter |
| Only some files indexed | Embeddings were failing during indexing | Fix config, restart, run `openclaw memory index --verbose` |

## Plugin Config Options

| Option | Default | Description |
|---|---|---|
| `apiKey` | (required) | Your Maple API key |
| `port` | `8787` | Local port for the proxy |
| `backendUrl` | `https://enclave.trymaple.ai` | Maple TEE backend URL |
| `debug` | `false` | Enable debug logging |
| `version` | (latest) | Pin to a specific maple-proxy version |

## Updating

```bash
openclaw plugins update maple-openclaw-plugin
```

> **Note**: `openclaw plugins update` works for stable releases. To move between beta versions, reinstall with the full version: `openclaw plugins install @opensecret/maple-openclaw-plugin@0.1.0-beta.4`

## Direct API Access

- `GET http://127.0.0.1:8787/v1/models` -- List available models
- `POST http://127.0.0.1:8787/v1/chat/completions` -- Chat completions (streaming and non-streaming)
- `POST http://127.0.0.1:8787/v1/embeddings` -- Generate embeddings (model: `nomic-embed-text`)
- `GET http://127.0.0.1:8787/health` -- Health check

## License

MIT
Loading
Loading