Skip to content

feat: Add Bitwarden secrets and Anthropic distill support#349

Closed
Coke1120 wants to merge 5 commits intoCortexReach:masterfrom
Coke1120:feat/bitwarden-anthropic-distill
Closed

feat: Add Bitwarden secrets and Anthropic distill support#349
Coke1120 wants to merge 5 commits intoCortexReach:masterfrom
Coke1120:feat/bitwarden-anthropic-distill

Conversation

@Coke1120
Copy link
Copy Markdown

@Coke1120 Coke1120 commented Mar 25, 2026

Summary

  • Add Bitwarden secret resolver (src/secret-resolver.ts) for secure API key management via Bitwarden CLI or env vars
  • Add Anthropic LLM client (src/llm-client.ts) with distill/extraction support
  • Add CLI entry point (cli.ts) exposing distill functionality
  • Integrate secret resolution into lesson extract worker
  • Add tests for secret resolver, LLM API key client, and plugin manifest regression
  • Update plugin manifest and package dependencies

Test plan

  • Run test/secret-resolver.test.mjs — verify Bitwarden and env-var resolution paths
  • Run test/llm-api-key-client.test.mjs — verify Anthropic client key handling
  • Run test/plugin-manifest-regression.mjs — verify manifest schema unchanged
  • Smoke-test distill via examples/new-session-distill/ with a real session

Closes #348

🤖 Generated with Claude Code

@AliceLJY AliceLJY mentioned this pull request Mar 26, 2026
Open
AliceLJY
AliceLJY requested changes Mar 26, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@AliceLJY AliceLJY left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

整体设计清晰,测试覆盖核心路径,两个特性 scope 控制得好 👍

Must Fix

1. resolveSecretValueSync 阻塞启动
execFileSync("bws", ...) 在插件 activate() 路径上会阻塞事件循环。如果 Bitwarden CLI 慢或网络抖动,会卡住整个 OpenClaw 启动。

建议:activate() 已经返回 Promise,改用 async 版本 resolveSecretValue。或者至少加个明确的 timeout 错误提示,让用户知道卡在哪。

2. Distill worker 重复了 Bitwarden 解析逻辑
lesson-extract-worker.mjs 里的 resolveMaybeBitwardenSecret()src/secret-resolver.ts 逻辑重复。Worker 是独立脚本可以理解,但至少加个注释标明两处必须同步更新,或抽成共享 ESM 模块。

Nice to have

  1. anthropicGenerateJson(worker)和 createAnthropicApiKeyClient(llm-client)独立构建 Anthropic 请求,后续可能分叉,建议加 TODO 注释
  2. 补一个 bws:// URL 解析的边缘 case 测试(无 hostname / 缺 secret ID)

修完 1-2 就可以合,辛苦了 🙏

Coke1120 and others added 4 commits March 26, 2026 22:18
@Coke1120 @claude
fix: replace resolveSecretValueSync with async resolver in register path
bcd57d9 
- Change register() to async and replace all resolveSecretValueSync /
  resolveSecretValuesSync calls with their async counterparts so Bitwarden
  CLI invocations no longer block the event loop during plugin activation
- Add sync comment in lesson-extract-worker.mjs flagging the duplicate
  Bitwarden resolution logic that must stay in sync with src/secret-resolver.ts
- Add TODO comments in anthropicGenerateJson (worker) and
  createAnthropicApiKeyClient (llm-client) noting the two implementations
  may diverge and should eventually be unified
- Add three edge-case tests for malformed bws:// URLs (empty hostname,
  empty path after prefix strip)
- await plugin.register() in plugin-manifest-regression test to match the
  now-async register signature

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
@Coke1120 @claude
fix: await plugin.register() in all tests that call the now-async reg…
d56564c 
…ister

After making register() async, all test callsites must await it or hook
registrations won't complete before assertions run.

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
@Coke1120 @claude
fix: merge test script — add session-summary-before-reset and secret-…
be6b772 
…resolver tests

Resolves the package.json conflict between branch and master: keeps
secret-resolver.test.mjs (added in this branch) and adds
session-summary-before-reset.test.mjs (added on master).

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
@Coke1120
Merge branch 'master' into feat/bitwarden-anthropic-distill
23a4b88
@Coke1120 Coke1120 requested a review from AliceLJY March 27, 2026 13:48
@AliceLJY
Copy link
Copy Markdown
Collaborator

AliceLJY commented Mar 28, 2026

@Coke1120 Thanks for the contribution. Two things before we can review:

1. Please split into two PRs — Bitwarden secret resolver and Anthropic distill are independent features. Easier to review, test, and merge separately:

  • PR A: src/secret-resolver.ts + integration into config parsing + secret-resolver tests
  • PR B: src/llm-client.ts + distill CLI + distill worker + llm-client tests

2. Unrelated test file changes — This PR modifies recall-text-cleanup.test.mjs, reflection-bypass-hook.test.mjs, smart-extractor-branches.mjs, and resolve-env-vars-array.test.mjs. If these are rebase artifacts, please clean them out. Each PR should only touch files relevant to its feature.

This was referenced Mar 29, 2026
Open
Open
@Coke1120
Copy link
Copy Markdown
Author

Coke1120 commented Mar 29, 2026

Closing in favor of two focused PRs per reviewer feedback:

@Coke1120 Coke1120 closed this Mar 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AliceLJY AliceLJY Awaiting requested review from AliceLJY

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat: Add Bitwarden secrets and Anthropic distill support

2 participants

@Coke1120 @AliceLJY