npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@dion-jy/rondo

v2.3.4

Published

OpenClaw plugin — syncs cron job/run data to Supabase for external dashboard

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

dion-jydion-jy

Keywords

openclawplugincronmonitoringsupabase

Readme

@dion-jy/rondo

npm License: MIT

OpenClaw plugin that syncs cron job data to Rondo Dashboard.

Setup

  1. Install the plugin:

    openclaw plugins install @dion-jy/rondo
openclaw gateway restart

  2. Open rondo-ui.vercel.app and sign in with Google

  3. Click Link Device and copy the link

  4. Link your device (choose one):

    • Chat: Send /rondo link <URL> in Telegram/WhatsApp
    • Terminal: Run openclaw rondo link <URL>

  5. Done! Your cron jobs will appear on the dashboard.

Commands

| Command | Description | |---------|-------------| | /rondo link <URL> | Link this device to your web account | | /rondo status | Check linking status |

Features

  • Automatic cron job & run history sync
  • ACP agent session tracking
  • Orphan job cleanup
  • Multi-tenant via device linking
  • Managed Web Push via server-side trigger/Edge Function
  • Legacy plugin-triggered push remains supported for existing installs

Architecture

┌─────────────────────┐     outbound push     ┌───────────┐
│  OpenClaw Gateway   │ ──────────────────────▶│ Supabase  │
│  (rondo plugin)     │   every 5min (REST)    │  (cloud)  │
│  reads jobs.json    │                        └─────┬─────┘
│  reads runs/*.jsonl │                              │
└─────────────────────┘                              │ fetch
                                              ┌──────▼──────┐
                                              │  Rondo UI   │
                                              │  (Vercel)   │
                                              └─────────────┘

No inbound ports, no tunnels — outbound HTTPS only.

Managed Push

Default path for new installs:

  1. Install plugin
  2. /rondo link
  3. Browser notification permission + Web Push subscribe in Rondo UI
  4. Server-side trigger delivers background push on terminal cron runs

The plugin does not need push secrets for this managed path. Push secrets stay server-side in Supabase Vault / Edge secrets.

Legacy compatibility

Existing installs that already use plugin-triggered push can keep working:

  • pushTriggerMode=legacy
  • pushNotifyUrl
  • pushNotifySharedSecret

If these are omitted, the plugin defaults to managed mode and only performs sync.

Upgrading

If you are upgrading from an older version, run the following migration in your Supabase SQL Editor to add newer columns. These are idempotent and safe to re-run:

-- sql/004_plugin_version.sql
ALTER TABLE cron_jobs ADD COLUMN IF NOT EXISTS plugin_version text;

Note: Even without running this migration, the plugin will work — it automatically detects missing columns and excludes them from sync payloads. Running the migration simply enables the extra metadata.

Upgrade steps

  1. openclaw plugins update @dion-jy/rondo
  2. openclaw gateway restart
  3. (Optional) Run the SQL above in Supabase to enable plugin_version tracking

No manual file edits under ~/.openclaw/plugins/ are needed or supported.

Configuration

| Key | Default | Description | |-----|---------|-------------| | syncIntervalMs | 300000 (5 min) | Sync interval in milliseconds | | pushTriggerMode | auto | managed for server-side push only, legacy for plugin-trigger push, off to disable push handoff | | pushNotifyUrl | — | Legacy plugin-trigger push endpoint | | pushNotifySharedSecret | — | Legacy plugin-trigger shared secret |

Deprecated but still accepted for backward compatibility:

  • supabaseUrl
  • supabaseKey
  • userId
  • supabaseAuthEmail

Zero-config install guarantee (important)

Users should be able to install/update the plugin and use it immediately.

  • SUPABASE_URL and anon key are bundled in plugin source (src/config.ts)
  • ✅ No manual patching in runtime paths (e.g. ~/.openclaw/plugins/...) should be required
  • ❌ Never ship service_role key in plugin code
  • ✅ Any key rotation must be released via npm version update, then users run plugin update

Security requirement: RLS

Because anon key is public by design, Supabase Row Level Security (RLS) policies must enforce user-scoped access. Without proper RLS, anon clients may read/write unintended rows.

Maintainer release checklist

  1. Update src/config.ts (SUPABASE_URL, SUPABASE_ANON_KEY) if rotated
  2. Confirm service_role is not referenced anywhere in distributed user config
  3. Validate RLS SQL is up to date (sql/002_user_id_rls.sql, sql/003_enforce_user_scope.sql)
  4. Validate managed push SQL/Edge assets (sql/007_push_notification_events.sql, sql/008_managed_push.sql, supabase/functions/push-notify)
  5. Bump package.json version
  6. Publish via release or tag (v*)
  7. Verify fresh install works without manual file edits

Automated Publishing

The package is automatically published to npm when:

  • Option A: A GitHub Release is published
  • Option B: A tag matching v* is pushed (e.g. git tag v2.2.0 && git push --tags)

Setup

Add an NPM_TOKEN repository secret (Settings → Secrets → Actions):

  1. Create a granular access token on npmjs.com with publish permission for @dion-jy/rondo
  2. Add it as NPM_TOKEN in the repo's Actions secrets

The workflow validates the package name and checks that the tag version matches package.json before publishing. If the version is already published, the job exits gracefully.

Related

  • Rondo UI — Vercel dashboard for monitoring
  • OpenClaw — AI agent orchestration platform

License

MIT