openclaw
diff --git a/‎docs/.generated/plugin-sdk-api-baseline.sha256‎
Lines changed: 2 additions & 2 deletions b/‎docs/.generated/plugin-sdk-api-baseline.sha256‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs/plugins/sdk-provider-plugins.md‎
Lines changed: 141 additions & 0 deletions b/‎docs/plugins/sdk-provider-plugins.md‎
Lines changed: 141 additions & 0 deletions
diff --git a/‎docs/plugins/sdk-subpaths.md‎
Lines changed: 1 addition & 0 deletions b/‎docs/plugins/sdk-subpaths.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎extensions/chutes/models.test.ts‎
Lines changed: 48 additions & 41 deletions b/‎extensions/chutes/models.test.ts‎
Lines changed: 48 additions & 41 deletions
@@ -1,2 +1,2 @@
-fd2aaa281db68de9db32463e87fddecfb84b6db75080d0fe47719b2b9fff3d5c  plugin-sdk-api-baseline.json
-329a8fdad622d2ec801f99939ac6ac08685c3dd89e54aa3c2b4da4ac5580d504  plugin-sdk-api-baseline.jsonl
+16202a4c1ba8816643ad4cc81536c6ff9bfea38b01826d090c2195230dc85ab3  plugin-sdk-api-baseline.json
+a674e0fc5998b343fd1235438794c9c342fcd6e538157650109d2d30c184b7bc  plugin-sdk-api-baseline.jsonl
@@ -205,6 +205,143 @@ API key auth, and dynamic model resolution.
     `openclaw onboard --acme-ai-api-key <key>` and select
     `acme-ai/acme-large` as their model.
 
+    ### Live model discovery
+
+    If your provider exposes a `/models`-style API, keep the provider-specific
+    endpoint and row projection in your plugin and use
+    `openclaw/plugin-sdk/provider-catalog-live-runtime` for the shared fetch
+    lifecycle. The helper gives you guarded HTTP fetches, provider-auth headers,
+    structured HTTP errors, TTL caching, and static fallback behavior without
+    putting provider policy in OpenClaw core.
+
+    Use `buildLiveModelProviderConfig` when the live API only tells you which
+    provider-owned static catalog rows are currently available:
+
+    ```typescript index.ts
+    import { definePluginEntry } from "openclaw/plugin-sdk/plugin-entry";
+    import {
+      buildLiveModelProviderConfig,
+      type LiveModelCatalogFetchGuard,
+    } from "openclaw/plugin-sdk/provider-catalog-live-runtime";
+
+    const STATIC_MODELS = [
+      {
+        id: "acme-large",
+        name: "Acme Large",
+        reasoning: true,
+        input: ["text", "image"],
+        cost: { input: 3, output: 15, cacheRead: 0.3, cacheWrite: 3.75 },
+        contextWindow: 200000,
+        maxTokens: 32768,
+      },
+      {
+        id: "acme-small",
+        name: "Acme Small",
+        reasoning: false,
+        input: ["text"],
+        cost: { input: 1, output: 5, cacheRead: 0.1, cacheWrite: 1.25 },
+        contextWindow: 128000,
+        maxTokens: 8192,
+      },
+    ] as const;
+
+    async function buildAcmeLiveProvider(params: {
+      apiKey: string;
+      discoveryApiKey?: string;
+      fetchGuard?: LiveModelCatalogFetchGuard;
+    }) {
+      return await buildLiveModelProviderConfig({
+        providerId: "acme-ai",
+        endpoint: "https://api.acme-ai.com/v1/models",
+        providerConfig: {
+          baseUrl: "https://api.acme-ai.com/v1",
+          api: "openai-completions",
+        },
+        models: STATIC_MODELS,
+        apiKey: params.apiKey,
+        discoveryApiKey: params.discoveryApiKey,
+        fetchGuard: params.fetchGuard,
+        ttlMs: 60_000,
+        auditContext: "acme-ai-model-discovery",
+      });
+    }
+
+    export default definePluginEntry({
+      id: "acme-ai",
+      name: "Acme AI",
+      register(api) {
+        api.registerProvider({
+          id: "acme-ai",
+          label: "Acme AI",
+          catalog: {
+            order: "simple",
+            run: async (ctx) => {
+              const auth = ctx.resolveProviderAuth("acme-ai");
+              const apiKey =
+                auth.apiKey ?? ctx.resolveProviderApiKey("acme-ai").apiKey;
+              if (!apiKey) return null;
+              return {
+                provider: await buildAcmeLiveProvider({
+                  apiKey,
+                  discoveryApiKey: auth.discoveryApiKey,
+                }),
+              };
+            },
+          },
+          staticCatalog: {
+            order: "simple",
+            run: async () => ({
+              provider: {
+                baseUrl: "https://api.acme-ai.com/v1",
+                api: "openai-completions",
+                models: [...STATIC_MODELS],
+              },
+            }),
+          },
+        });
+      },
+    });
+    ```
+
+    Use `getCachedLiveProviderModelRows` when the provider API returns richer
+    metadata and the plugin needs to project rows into OpenClaw model
+    definitions itself:
+
+    ```typescript index.ts
+    import {
+      getCachedLiveProviderModelRows,
+      LiveModelCatalogHttpError,
+    } from "openclaw/plugin-sdk/provider-catalog-live-runtime";
+
+    async function discoverAcmeModels(apiKey: string) {
+      try {
+        const rows = await getCachedLiveProviderModelRows({
+          providerId: "acme-ai",
+          endpoint: "https://api.acme-ai.com/v1/models",
+          apiKey,
+          ttlMs: 60_000,
+          auditContext: "acme-ai-model-discovery",
+        });
+        return rows
+          .map((row) => projectAcmeModel(row))
+          .filter((model) => model !== null);
+      } catch (error) {
+        if (error instanceof LiveModelCatalogHttpError) {
+          return STATIC_MODELS;
+        }
+        throw error;
+      }
+    }
+    ```
+
+    `run` should stay auth-gated and return `null` when no usable credential is
+    available. Keep an offline `staticRun` or static fallback so setup, docs,
+    tests, and picker surfaces do not depend on live network access. Use a TTL
+    appropriate for model-list freshness, avoid request-time filesystem polling,
+    and pass a provider-specific `readRows` / `readModelId` only when the
+    upstream response is not an OpenAI-compatible `{ data: [{ id, object }] }`
+    shape.
+
     If the upstream provider uses different control tokens than OpenClaw, add a
     small bidirectional text transform instead of replacing the stream path:
 
@@ -292,6 +429,10 @@ API key auth, and dynamic model resolution.
     endpoint capability map, so native Moonshot/DashScope-style endpoints still
     opt in even when a plugin is using a custom provider id.
 
+    The live discovery examples above cover `/models`-style provider APIs. Keep
+    that discovery inside `catalog.run`, gated on usable auth, and keep
+    `staticRun` network-free for offline catalog generation.
+
   </Step>
 
   <Step title="Add dynamic model resolution">
 
@@ -151,6 +151,7 @@ and pairing-path families.
     | `plugin-sdk/provider-env-vars` | Provider auth env-var lookup helpers |
     | `plugin-sdk/provider-auth` | `createProviderApiKeyAuthMethod`, `ensureApiKeyFromOptionEnvOrPrompt`, `upsertAuthProfile`, `upsertApiKeyProfile`, `writeOAuthCredentials`, OpenAI Codex auth-import helpers, deprecated `resolveOpenClawAgentDir` compatibility export |
     | `plugin-sdk/provider-model-shared` | `ProviderReplayFamily`, `buildProviderReplayFamilyHooks`, `normalizeModelCompat`, shared replay-policy builders, provider-endpoint helpers, and shared model-id normalization helpers |
+    | `plugin-sdk/provider-catalog-live-runtime` | Live provider model catalog helpers for guarded `/models`-style discovery: `buildLiveModelProviderConfig`, `fetchLiveProviderModelRows`, `getCachedLiveProviderModelRows`, `fetchLiveProviderModelIds`, `LiveModelCatalogHttpError`, `clearLiveCatalogCacheForTests`, model-id filtering, TTL cache, and static fallback |
     | `plugin-sdk/provider-catalog-runtime` | Provider catalog augmentation runtime hook and plugin-provider registry seams for contract tests |
     | `plugin-sdk/provider-catalog-shared` | `findCatalogTemplate`, `buildSingleProviderApiKeyCatalog`, `buildManifestModelProviderConfig`, `supportsNativeStreamingUsageCompat`, `applyProviderNativeStreamingUsageCompat` |
     | `plugin-sdk/provider-http` | Generic provider HTTP/endpoint capability helpers, provider HTTP errors, and audio transcription multipart form helpers |
 
@@ -43,8 +43,8 @@ async function withLiveChutesDiscovery<T>(
 }
 
 function createAuthEchoFetchMock() {
-  return vi.fn().mockImplementation((_url, init?: { headers?: Record<string, string> }) => {
-    const auth = init?.headers?.Authorization ?? "";
+  return vi.fn().mockImplementation((_url, init?: { headers?: HeadersInit }) => {
+    const auth = readAuthorizationHeader(init);
     return Promise.resolve({
       ok: true,
       json: async () => ({
@@ -54,6 +54,17 @@ function createAuthEchoFetchMock() {
   });
 }
 
+function readAuthorizationHeader(init?: { headers?: HeadersInit }): string {
+  const headers = init?.headers;
+  if (headers instanceof Headers) {
+    return headers.get("Authorization") ?? "";
+  }
+  if (Array.isArray(headers)) {
+    return headers.find(([key]) => key.toLowerCase() === "authorization")?.[1] ?? "";
+  }
+  return headers?.Authorization ?? headers?.authorization ?? "";
+}
+
 function requireChutesModel(
   models: Awaited<ReturnType<typeof discoverChutesModels>>,
   index: number,
@@ -182,8 +193,8 @@ describe("chutes-models", () => {
   });
 
   it("discoverChutesModels retries without auth on 401", async () => {
-    const mockFetch = vi.fn().mockImplementation((url, init) => {
-      if (init?.headers?.Authorization === "Bearer test-token-error") {
+    const mockFetch = vi.fn().mockImplementation((_url, init?: { headers?: HeadersInit }) => {
+      if (readAuthorizationHeader(init) === "Bearer test-token-error") {
         return Promise.resolve({
           ok: false,
           status: 401,
@@ -230,7 +241,7 @@ describe("chutes-models", () => {
     });
   });
 
-  it("caches fallback static catalog for non-OK responses", async () => {
+  it("does not cache fallback static catalog for non-OK responses", async () => {
     const mockFetch = vi.fn().mockResolvedValue({
       ok: false,
       status: 503,
@@ -241,38 +252,36 @@ describe("chutes-models", () => {
       const second = await discoverChutesModels("chutes-fallback-token");
       expect(first.map((m) => m.id)).toEqual(CHUTES_MODEL_CATALOG.map((m) => m.id));
       expect(second.map((m) => m.id)).toEqual(CHUTES_MODEL_CATALOG.map((m) => m.id));
-      expect(mockFetch).toHaveBeenCalledTimes(1);
+      expect(mockFetch).toHaveBeenCalledTimes(2);
     });
   });
 
   it("scopes discovery cache by access token", async () => {
-    const mockFetch = vi
-      .fn()
-      .mockImplementation((_url, init?: { headers?: Record<string, string> }) => {
-        const auth = init?.headers?.Authorization;
-        if (auth === "Bearer chutes-token-a") {
-          return Promise.resolve({
-            ok: true,
-            json: async () => ({
-              data: [{ id: "private/model-a" }],
-            }),
-          });
-        }
-        if (auth === "Bearer chutes-token-b") {
-          return Promise.resolve({
-            ok: true,
-            json: async () => ({
-              data: [{ id: "private/model-b" }],
-            }),
-          });
-        }
+    const mockFetch = vi.fn().mockImplementation((_url, init?: { headers?: HeadersInit }) => {
+      const auth = readAuthorizationHeader(init);
+      if (auth === "Bearer chutes-token-a") {
+        return Promise.resolve({
+          ok: true,
+          json: async () => ({
+            data: [{ id: "private/model-a" }],
+          }),
+        });
+      }
+      if (auth === "Bearer chutes-token-b") {
         return Promise.resolve({
           ok: true,
           json: async () => ({
-            data: [{ id: "public/model" }],
+            data: [{ id: "private/model-b" }],
           }),
         });
+      }
+      return Promise.resolve({
+        ok: true,
+        json: async () => ({
+          data: [{ id: "public/model" }],
+        }),
       });
+    });
     await withLiveChutesDiscovery(mockFetch, async () => {
       const modelsA = await discoverChutesModels("chutes-token-a");
       const modelsB = await discoverChutesModels("chutes-token-b");
@@ -314,26 +323,24 @@ describe("chutes-models", () => {
   });
 
   it("does not cache 401 fallback under the failed token key", async () => {
-    const mockFetch = vi
-      .fn()
-      .mockImplementation((_url, init?: { headers?: Record<string, string> }) => {
-        if (init?.headers?.Authorization === "Bearer failed-token") {
-          return Promise.resolve({
-            ok: false,
-            status: 401,
-          });
-        }
+    const mockFetch = vi.fn().mockImplementation((_url, init?: { headers?: HeadersInit }) => {
+      if (readAuthorizationHeader(init) === "Bearer failed-token") {
         return Promise.resolve({
-          ok: true,
-          json: async () => ({
-            data: [{ id: "public/model" }],
-          }),
+          ok: false,
+          status: 401,
         });
+      }
+      return Promise.resolve({
+        ok: true,
+        json: async () => ({
+          data: [{ id: "public/model" }],
+        }),
       });
+    });
     await withLiveChutesDiscovery(mockFetch, async () => {
       await discoverChutesModels("failed-token");
       await discoverChutesModels("failed-token");
-      expect(mockFetch).toHaveBeenCalledTimes(4);
+      expect(mockFetch).toHaveBeenCalledTimes(3);
     });
   });
 });