nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

refactor!: drop legacy CLAWDBOT env compatibility

This commit is contained in:
Peter Steinberger 2026-03-22 22:13:01 -07:00
parent 5ff60cc39f
commit 6b9915a106
No known key found for this signature in database
85 changed files with 148 additions and 569 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
.github/workflows/install-smoke.yml vendored
View File

@ -186,12 +186,12 @@ jobs:
- name: Run installer docker tests
env:
CLAWDBOT_INSTALL_URL: https://openclaw.ai/install.sh
CLAWDBOT_INSTALL_CLI_URL: https://openclaw.ai/install-cli.sh
CLAWDBOT_NO_ONBOARD: "1"
CLAWDBOT_INSTALL_SMOKE_SKIP_CLI: "1"
CLAWDBOT_INSTALL_SMOKE_SKIP_IMAGE_BUILD: "1"
CLAWDBOT_INSTALL_NONROOT_SKIP_IMAGE_BUILD: ${{ github.event_name == 'pull_request' && '0' || '1' }}
CLAWDBOT_INSTALL_SMOKE_SKIP_NONROOT: ${{ github.event_name == 'pull_request' && '1' || '0' }}
CLAWDBOT_INSTALL_SMOKE_SKIP_PREVIOUS: "1"
OPENCLAW_INSTALL_URL: https://openclaw.ai/install.sh
OPENCLAW_INSTALL_CLI_URL: https://openclaw.ai/install-cli.sh
OPENCLAW_NO_ONBOARD: "1"
OPENCLAW_INSTALL_SMOKE_SKIP_CLI: "1"
OPENCLAW_INSTALL_SMOKE_SKIP_IMAGE_BUILD: "1"
OPENCLAW_INSTALL_NONROOT_SKIP_IMAGE_BUILD: ${{ github.event_name == 'pull_request' && '0' || '1' }}
OPENCLAW_INSTALL_SMOKE_SKIP_NONROOT: ${{ github.event_name == 'pull_request' && '1' || '0' }}
OPENCLAW_INSTALL_SMOKE_SKIP_PREVIOUS: "1"
run: bash scripts/test-install-sh-docker.sh

2
AGENTS.md
View File

@ -120,7 +120,7 @@
- Do not set test workers above 16; tried already.
- Do not reintroduce Vitest VM pools by default without fresh green evidence on current `main`; keep CI on `forks`.
- If local Vitest runs cause memory pressure (common on non-Mac-Studio hosts), use `OPENCLAW_TEST_PROFILE=low OPENCLAW_TEST_SERIAL_GATEWAY=1 pnpm test` for land/gate runs.
- Live tests (real keys): `CLAWDBOT_LIVE_TEST=1 pnpm test:live` (OpenClaw-only) or `LIVE=1 pnpm test:live` (includes provider live tests). Docker: `pnpm test:docker:live-models`, `pnpm test:docker:live-gateway`. Onboarding Docker E2E: `pnpm test:docker:onboard`.
- Live tests (real keys): `OPENCLAW_LIVE_TEST=1 pnpm test:live` (OpenClaw-only) or `LIVE=1 pnpm test:live` (includes provider live tests). Docker: `pnpm test:docker:live-models`, `pnpm test:docker:live-gateway`. Onboarding Docker E2E: `pnpm test:docker:onboard`.
- Full kit + whats covered: `docs/help/testing.md`.
- Changelog: user-facing changes only; no internal/meta notes (version alignment, appcast reminders, release process).
- Changelog placement: in the active version block, append new entries to the end of the target section (`### Changes` or `### Fixes`); do not insert new entries at the top of a section.

1
CHANGELOG.md
View File

@ -297,6 +297,7 @@ Docs: https://docs.openclaw.ai
- Agents/media replies: migrate the remaining browser, canvas, and nodes snapshot outputs onto `details.media` so generated media keeps attaching to assistant replies after the collect-then-attach refactor. (#51731) Thanks @christianklotz.
- Android/contacts search: escape literal `%` and `_` in contact-name queries so searches like `100%` or `_id` no longer match unrelated contacts through SQL `LIKE` wildcards. (#41891) Thanks @Kaneki-x.
- Gateway/usage: include reset and deleted archived session transcripts in usage totals, session discovery, and archived-only session detail fallback so the Usage view no longer undercounts rotated sessions. (#43215) Thanks @rcrick.
- Config/env: remove legacy `CLAWDBOT_*` and `MOLTBOT_*` compatibility env names across runtime, installers, and test tooling. Use the matching `OPENCLAW_*` env names instead.
## 2026.3.13

2
docs/cli/gateway.md
View File

@ -193,7 +193,7 @@ Notes:
- When token auth requires a token and `gateway.auth.token` is SecretRef-managed, `gateway install` validates that the SecretRef is resolvable but does not persist the resolved token into service environment metadata.
- If token auth requires a token and the configured token SecretRef is unresolved, install fails closed instead of persisting fallback plaintext.
- For password auth on `gateway run`, prefer `OPENCLAW_GATEWAY_PASSWORD`, `--password-file`, or a SecretRef-backed `gateway.auth.password` over inline `--password`.
- In inferred auth mode, shell-only `OPENCLAW_GATEWAY_PASSWORD`/`CLAWDBOT_GATEWAY_PASSWORD` does not relax install token requirements; use durable config (`gateway.auth.password` or config `env`) when installing a managed service.
- In inferred auth mode, shell-only `OPENCLAW_GATEWAY_PASSWORD` does not relax install token requirements; use durable config (`gateway.auth.password` or config `env`) when installing a managed service.
- If both `gateway.auth.token` and `gateway.auth.password` are configured and `gateway.auth.mode` is unset, install is blocked until mode is set explicitly.
- Lifecycle commands accept `--json` for scripting.

2
docs/cli/index.md
View File

@ -1035,7 +1035,7 @@ Subcommands:
Auth notes:
- `node` resolves gateway auth from env/config (no `--token`/`--password` flags): `OPENCLAW_GATEWAY_TOKEN` / `OPENCLAW_GATEWAY_PASSWORD`, then `gateway.auth.*`. In local mode, node host intentionally ignores `gateway.remote.*`; in `gateway.mode=remote`, `gateway.remote.*` participates per remote precedence rules.
- Legacy `CLAWDBOT_GATEWAY_*` env vars are intentionally ignored for node-host auth resolution.
- Node-host auth resolution only honors `OPENCLAW_GATEWAY_*` env vars.
## Nodes

2
docs/cli/node.md
View File

@ -67,7 +67,7 @@ Options:
- In local mode, node host intentionally does not inherit `gateway.remote.token` / `gateway.remote.password`.
- If `gateway.auth.token` / `gateway.auth.password` is explicitly configured via SecretRef and unresolved, node auth resolution fails closed (no remote fallback masking).
- In `gateway.mode=remote`, remote client fields (`gateway.remote.token` / `gateway.remote.password`) are also eligible per remote precedence rules.
- Legacy `CLAWDBOT_GATEWAY_*` env vars are ignored for node host auth resolution.
- Node host auth resolution only honors `OPENCLAW_GATEWAY_*` env vars.
## Service (background)

2
docs/gateway/remote.md
View File

@ -117,7 +117,7 @@ Gateway credential resolution follows one shared contract across call/probe/stat
- password: `OPENCLAW_GATEWAY_PASSWORD` -> `gateway.remote.password` -> `gateway.auth.password`
- Node-host local-mode exception: `gateway.remote.token` / `gateway.remote.password` are ignored.
- Remote probe/status token checks are strict by default: they use `gateway.remote.token` only (no local token fallback) when targeting remote mode.
- Legacy `CLAWDBOT_GATEWAY_*` env vars are only used by compatibility call paths; probe/status/auth resolution uses `OPENCLAW_GATEWAY_*` only.
- Gateway env overrides use `OPENCLAW_GATEWAY_*` only.
## Chat UI over SSH

2
docs/gateway/secrets.md
View File

@ -51,7 +51,7 @@ Examples of inactive surfaces:
- In local mode without those remote surfaces:
- `gateway.remote.token` is active when token auth can win and no env/auth token is configured.
- `gateway.remote.password` is active only when password auth can win and no env/auth password is configured.
- `gateway.auth.token` SecretRef is inactive for startup auth resolution when `OPENCLAW_GATEWAY_TOKEN` (or `CLAWDBOT_GATEWAY_TOKEN`) is set, because env token input wins for that runtime.
- `gateway.auth.token` SecretRef is inactive for startup auth resolution when `OPENCLAW_GATEWAY_TOKEN` is set, because env token input wins for that runtime.
## Gateway auth surface diagnostics

2
docs/nodes/index.md
View File

@ -100,7 +100,7 @@ Notes:
- In local mode, node host intentionally ignores `gateway.remote.token` / `gateway.remote.password`.
- In remote mode, `gateway.remote.token` / `gateway.remote.password` are eligible per remote precedence rules.
- If active local `gateway.auth.*` SecretRefs are configured but unresolved, node-host auth fails closed.
- Legacy `CLAWDBOT_GATEWAY_*` env vars are intentionally ignored by node-host auth resolution.
- Node-host auth resolution only honors `OPENCLAW_GATEWAY_*` env vars.
### Start a node host (service)

17
extensions/device-pair/index.ts
View File

@ -183,9 +183,7 @@ function parsePositiveInteger(raw: string | undefined): number | null {
}
function resolveGatewayPort(cfg: OpenClawPluginApi["config"]): number {
const envPort =
parsePositiveInteger(process.env.OPENCLAW_GATEWAY_PORT?.trim()) ??
parsePositiveInteger(process.env.CLAWDBOT_GATEWAY_PORT?.trim());
const envPort = parsePositiveInteger(process.env.OPENCLAW_GATEWAY_PORT?.trim());
if (envPort) {
return envPort;
}
@ -290,17 +288,10 @@ async function resolveTailnetHost(): Promise<string | null> {
function resolveAuthLabel(cfg: OpenClawPluginApi["config"]): ResolveAuthLabelResult {
const mode = cfg.gateway?.auth?.mode;
const token =
pickFirstDefined([
process.env.OPENCLAW_GATEWAY_TOKEN,
process.env.CLAWDBOT_GATEWAY_TOKEN,
cfg.gateway?.auth?.token,
]) ?? undefined;
pickFirstDefined([process.env.OPENCLAW_GATEWAY_TOKEN, cfg.gateway?.auth?.token]) ?? undefined;
const password =
pickFirstDefined([
process.env.OPENCLAW_GATEWAY_PASSWORD,
process.env.CLAWDBOT_GATEWAY_PASSWORD,
cfg.gateway?.auth?.password,
]) ?? undefined;
pickFirstDefined([process.env.OPENCLAW_GATEWAY_PASSWORD, cfg.gateway?.auth?.password]) ??
undefined;
if (mode === "token" || mode === "password") {
return resolveRequiredAuthLabel(mode, { token, password });

5
extensions/discord/src/monitor/exec-approvals.test.ts
View File

@ -41,9 +41,8 @@ beforeEach(() => {
}) => {
const configToken = params.config?.gateway?.auth?.token;
const configPassword = params.config?.gateway?.auth?.password;
const envToken = params.env.OPENCLAW_GATEWAY_TOKEN ?? params.env.CLAWDBOT_GATEWAY_TOKEN;
const envPassword =
params.env.OPENCLAW_GATEWAY_PASSWORD ?? params.env.CLAWDBOT_GATEWAY_PASSWORD;
const envToken = params.env.OPENCLAW_GATEWAY_TOKEN;
const envPassword = params.env.OPENCLAW_GATEWAY_PASSWORD;
return { token: envToken ?? configToken, password: envPassword ?? configPassword };
},
);

2
extensions/feishu/src/dedup.ts
View File

@ -21,7 +21,7 @@ const processingClaims = createDedupeCache({
});
function resolveStateDirFromEnv(env: NodeJS.ProcessEnv = process.env): string {
const stateOverride = env.OPENCLAW_STATE_DIR?.trim() || env.CLAWDBOT_STATE_DIR?.trim();
const stateOverride = env.OPENCLAW_STATE_DIR?.trim();
if (stateOverride) {
return stateOverride;
}

4
extensions/matrix/src/matrix/sdk/idb-persistence.ts
View File

@ -190,9 +190,7 @@ async function restoreIndexedDatabases(snapshot: IdbDatabaseSnapshot[]): Promise
function resolveDefaultIdbSnapshotPath(): string {
const stateDir =
process.env.OPENCLAW_STATE_DIR ||
process.env.MOLTBOT_STATE_DIR ||
path.join(process.env.HOME || "/tmp", ".openclaw");
process.env.OPENCLAW_STATE_DIR || path.join(process.env.HOME || "/tmp", ".openclaw");
return path.join(stateDir, "matrix", "crypto-idb-snapshot.json");
}

2
extensions/nostr/src/nostr-state-store.test.ts
View File

@ -18,7 +18,7 @@ async function withTempStateDir<T>(fn: (dir: string) => Promise<T>) {
state: {
resolveStateDir: (env, homedir) => {
const stateEnv = env ?? process.env;
const override = stateEnv.OPENCLAW_STATE_DIR?.trim() || stateEnv.CLAWDBOT_STATE_DIR?.trim();
const override = stateEnv.OPENCLAW_STATE_DIR?.trim();
if (override) {
return override;
}

12
package.json
View File

@ -629,8 +629,8 @@
"format:docs:check": "git ls-files 'docs/**/*.md' 'docs/**/*.mdx' 'README.md' | xargs oxfmt --check",
"format:fix": "oxfmt --write",
"format:swift": "swiftformat --lint --config .swiftformat apps/macos/Sources apps/ios/Sources apps/shared/OpenClawKit/Sources",
"gateway:dev": "OPENCLAW_SKIP_CHANNELS=1 CLAWDBOT_SKIP_CHANNELS=1 node scripts/run-node.mjs --dev gateway",
"gateway:dev:reset": "OPENCLAW_SKIP_CHANNELS=1 CLAWDBOT_SKIP_CHANNELS=1 node scripts/run-node.mjs --dev gateway --reset",
"gateway:dev": "OPENCLAW_SKIP_CHANNELS=1 node scripts/run-node.mjs --dev gateway",
"gateway:dev:reset": "OPENCLAW_SKIP_CHANNELS=1 node scripts/run-node.mjs --dev gateway --reset",
"gateway:watch": "node scripts/watch-node.mjs gateway --force",
"gen:host-env-policy:swift": "node scripts/generate-host-env-security-policy-swift.mjs --write",
"ghsa:patch": "node scripts/ghsa-patch.mjs",
@ -717,10 +717,10 @@
"test:gateway": "vitest run --config vitest.gateway.config.ts --pool=forks",
"test:gateway:watch-regression": "node scripts/check-gateway-watch-regression.mjs",
"test:install:e2e": "bash scripts/test-install-sh-e2e-docker.sh",
"test:install:e2e:anthropic": "OPENCLAW_E2E_MODELS=anthropic CLAWDBOT_E2E_MODELS=anthropic bash scripts/test-install-sh-e2e-docker.sh",
"test:install:e2e:openai": "OPENCLAW_E2E_MODELS=openai CLAWDBOT_E2E_MODELS=openai bash scripts/test-install-sh-e2e-docker.sh",
"test:install:e2e:anthropic": "OPENCLAW_E2E_MODELS=anthropic bash scripts/test-install-sh-e2e-docker.sh",
"test:install:e2e:openai": "OPENCLAW_E2E_MODELS=openai bash scripts/test-install-sh-e2e-docker.sh",
"test:install:smoke": "bash scripts/test-install-sh-docker.sh",
"test:live": "OPENCLAW_LIVE_TEST=1 CLAWDBOT_LIVE_TEST=1 vitest run --config vitest.live.config.ts",
"test:live": "OPENCLAW_LIVE_TEST=1 vitest run --config vitest.live.config.ts",
"test:macmini": "OPENCLAW_TEST_PROFILE=macmini node scripts/test-parallel.mjs",
"test:parallels:linux": "bash scripts/e2e/parallels-linux-smoke.sh",
"test:parallels:macos": "bash scripts/e2e/parallels-macos-smoke.sh",
@ -740,7 +740,7 @@
"test:voicecall:closedloop": "vitest run extensions/voice-call/src/manager.test.ts extensions/voice-call/src/media-stream.test.ts src/plugins/voice-call.plugin.test.ts --maxWorkers=1",
"test:watch": "vitest",
"tui": "node scripts/run-node.mjs tui",
"tui:dev": "OPENCLAW_PROFILE=dev CLAWDBOT_PROFILE=dev node scripts/run-node.mjs --dev tui",
"tui:dev": "OPENCLAW_PROFILE=dev node scripts/run-node.mjs --dev tui",
"ui:build": "node scripts/ui.js build",
"ui:dev": "node scripts/ui.js dev",
"ui:install": "node scripts/ui.js install"

5
scripts/debug-claude-usage.ts
View File

@ -45,10 +45,7 @@ const parseArgs = (): Args => {
};
const loadAuthProfiles = (agentId: string) => {
const stateRoot =
process.env.OPENCLAW_STATE_DIR?.trim() ||
process.env.CLAWDBOT_STATE_DIR?.trim() ||
path.join(os.homedir(), ".openclaw");
const stateRoot = process.env.OPENCLAW_STATE_DIR?.trim() || path.join(os.homedir(), ".openclaw");
const authPath = path.join(stateRoot, "agents", agentId, "agent", "auth-profiles.json");
if (!fs.existsSync(authPath)) {
throw new Error(`Missing: ${authPath}`);

35
scripts/dev/discord-acp-plain-language-smoke.ts
View File

@ -121,7 +121,7 @@ function parseNumber(value: string | undefined, fallback: number): number {
}
function resolveStateDir(): string {
const override = process.env.OPENCLAW_STATE_DIR?.trim() || process.env.CLAWDBOT_STATE_DIR?.trim();
const override = process.env.OPENCLAW_STATE_DIR?.trim();
if (override) {
return override.startsWith("~")
? path.resolve(process.env.HOME || "", override.slice(1))
@ -188,16 +188,9 @@ function usage(): string {
}
function parseArgs(): Args {
const channelId =
resolveArg("--channel") ||
process.env.OPENCLAW_DISCORD_SMOKE_CHANNEL_ID ||
process.env.CLAWDBOT_DISCORD_SMOKE_CHANNEL_ID ||
"";
const channelId = resolveArg("--channel") || process.env.OPENCLAW_DISCORD_SMOKE_CHANNEL_ID || "";
const driverModeRaw =
resolveArg("--driver") ||
process.env.OPENCLAW_DISCORD_SMOKE_DRIVER ||
process.env.CLAWDBOT_DISCORD_SMOKE_DRIVER ||
"token";
resolveArg("--driver") || process.env.OPENCLAW_DISCORD_SMOKE_DRIVER || "token";
const normalizedDriverMode = driverModeRaw.trim().toLowerCase();
const driverMode: DriverMode =
normalizedDriverMode === "webhook"
@ -208,37 +201,23 @@ function parseArgs(): Args {
? "token"
: "token";
const driverToken =
resolveArg("--token") ||
process.env.OPENCLAW_DISCORD_SMOKE_DRIVER_TOKEN ||
process.env.CLAWDBOT_DISCORD_SMOKE_DRIVER_TOKEN ||
"";
resolveArg("--token") || process.env.OPENCLAW_DISCORD_SMOKE_DRIVER_TOKEN || "";
const driverTokenPrefix =
resolveArg("--token-prefix") || process.env.OPENCLAW_DISCORD_SMOKE_DRIVER_TOKEN_PREFIX || "Bot";
const botToken =
resolveArg("--bot-token") ||
process.env.OPENCLAW_DISCORD_SMOKE_BOT_TOKEN ||
process.env.CLAWDBOT_DISCORD_SMOKE_BOT_TOKEN ||
process.env.DISCORD_BOT_TOKEN ||
"";
const botTokenPrefix =
resolveArg("--bot-token-prefix") ||
process.env.OPENCLAW_DISCORD_SMOKE_BOT_TOKEN_PREFIX ||
"Bot";
const targetAgent =
resolveArg("--agent") ||
process.env.OPENCLAW_DISCORD_SMOKE_AGENT ||
process.env.CLAWDBOT_DISCORD_SMOKE_AGENT ||
"codex";
const targetAgent = resolveArg("--agent") || process.env.OPENCLAW_DISCORD_SMOKE_AGENT || "codex";
const mentionUserId =
resolveArg("--mention") ||
process.env.OPENCLAW_DISCORD_SMOKE_MENTION_USER_ID ||
process.env.CLAWDBOT_DISCORD_SMOKE_MENTION_USER_ID ||
undefined;
resolveArg("--mention") || process.env.OPENCLAW_DISCORD_SMOKE_MENTION_USER_ID || undefined;
const instruction =
resolveArg("--instruction") ||
process.env.OPENCLAW_DISCORD_SMOKE_INSTRUCTION ||
process.env.CLAWDBOT_DISCORD_SMOKE_INSTRUCTION ||
undefined;
resolveArg("--instruction") || process.env.OPENCLAW_DISCORD_SMOKE_INSTRUCTION || undefined;
const timeoutMs = parseNumber(
resolveArg("--timeout-ms") || process.env.OPENCLAW_DISCORD_SMOKE_TIMEOUT_MS,
240_000,

14
scripts/docker/install-sh-e2e/run.sh
View File

@ -9,11 +9,11 @@ fi
# shellcheck source=../install-sh-common/version-parse.sh
source "$VERIFY_HELPER_PATH"
INSTALL_URL="${OPENCLAW_INSTALL_URL:-${CLAWDBOT_INSTALL_URL:-https://openclaw.bot/install.sh}}"
MODELS_MODE="${OPENCLAW_E2E_MODELS:-${CLAWDBOT_E2E_MODELS:-both}}" # both|openai|anthropic
INSTALL_TAG="${OPENCLAW_INSTALL_TAG:-${CLAWDBOT_INSTALL_TAG:-latest}}"
E2E_PREVIOUS_VERSION="${OPENCLAW_INSTALL_E2E_PREVIOUS:-${CLAWDBOT_INSTALL_E2E_PREVIOUS:-}}"
SKIP_PREVIOUS="${OPENCLAW_INSTALL_E2E_SKIP_PREVIOUS:-${CLAWDBOT_INSTALL_E2E_SKIP_PREVIOUS:-0}}"
INSTALL_URL="${OPENCLAW_INSTALL_URL:-https://openclaw.bot/install.sh}"
MODELS_MODE="${OPENCLAW_E2E_MODELS:-both}" # both|openai|anthropic
INSTALL_TAG="${OPENCLAW_INSTALL_TAG:-latest}"
E2E_PREVIOUS_VERSION="${OPENCLAW_INSTALL_E2E_PREVIOUS:-}"
SKIP_PREVIOUS="${OPENCLAW_INSTALL_E2E_SKIP_PREVIOUS:-0}"
OPENAI_API_KEY="${OPENAI_API_KEY:-}"
ANTHROPIC_API_KEY="${ANTHROPIC_API_KEY:-}"
ANTHROPIC_API_TOKEN="${ANTHROPIC_API_TOKEN:-}"
@ -68,9 +68,9 @@ fi
echo "==> Run official installer one-liner"
if [[ "$INSTALL_TAG" == "beta" ]]; then
OPENCLAW_BETA=1 CLAWDBOT_BETA=1 curl -fsSL "$INSTALL_URL" | bash
OPENCLAW_BETA=1 curl -fsSL "$INSTALL_URL" | bash
elif [[ "$INSTALL_TAG" != "latest" ]]; then
OPENCLAW_VERSION="$INSTALL_TAG" CLAWDBOT_VERSION="$INSTALL_TAG" curl -fsSL "$INSTALL_URL" | bash
OPENCLAW_VERSION="$INSTALL_TAG" curl -fsSL "$INSTALL_URL" | bash
else
curl -fsSL "$INSTALL_URL" | bash
fi

2
scripts/e2e/qr-import-docker.sh
View File

@ -2,7 +2,7 @@
set -euo pipefail
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
IMAGE_NAME="${OPENCLAW_QR_SMOKE_IMAGE:-${CLAWDBOT_QR_SMOKE_IMAGE:-openclaw-qr-smoke}}"
IMAGE_NAME="${OPENCLAW_QR_SMOKE_IMAGE:-openclaw-qr-smoke}"
echo "Building Docker image..."
docker build -t "$IMAGE_NAME" -f "$ROOT_DIR/scripts/e2e/Dockerfile.qr-import" "$ROOT_DIR"

22
scripts/install.sh
View File

@ -940,28 +940,6 @@ append_holiday_taglines() {
esac
}
map_legacy_env() {
local key="$1"
local legacy="$2"
if [[ -z "${!key:-}" && -n "${!legacy:-}" ]]; then
printf -v "$key" '%s' "${!legacy}"
fi
}
map_legacy_env "OPENCLAW_TAGLINE_INDEX" "CLAWDBOT_TAGLINE_INDEX"
map_legacy_env "OPENCLAW_NO_ONBOARD" "CLAWDBOT_NO_ONBOARD"
map_legacy_env "OPENCLAW_NO_PROMPT" "CLAWDBOT_NO_PROMPT"
map_legacy_env "OPENCLAW_DRY_RUN" "CLAWDBOT_DRY_RUN"
map_legacy_env "OPENCLAW_INSTALL_METHOD" "CLAWDBOT_INSTALL_METHOD"
map_legacy_env "OPENCLAW_VERSION" "CLAWDBOT_VERSION"
map_legacy_env "OPENCLAW_BETA" "CLAWDBOT_BETA"
map_legacy_env "OPENCLAW_GIT_DIR" "CLAWDBOT_GIT_DIR"
map_legacy_env "OPENCLAW_GIT_UPDATE" "CLAWDBOT_GIT_UPDATE"
map_legacy_env "OPENCLAW_NPM_LOGLEVEL" "CLAWDBOT_NPM_LOGLEVEL"
map_legacy_env "OPENCLAW_VERBOSE" "CLAWDBOT_VERBOSE"
map_legacy_env "OPENCLAW_PROFILE" "CLAWDBOT_PROFILE"
map_legacy_env "OPENCLAW_INSTALL_SH_NO_RUN" "CLAWDBOT_INSTALL_SH_NO_RUN"
pick_tagline() {
append_holiday_taglines
local count=${#TAGLINES[@]}

2
scripts/mobile-reauth.sh
View File

@ -32,7 +32,7 @@ case "$AUTH_STATUS" in
"$SCRIPT_DIR/claude-auth-status.sh" full
exit 0
;;
CLAUDE_EXPIRING|OPENCLAW_EXPIRING|CLAWDBOT_EXPIRING)
CLAUDE_EXPIRING|OPENCLAW_EXPIRING)
echo -e "${YELLOW}Auth is expiring soon.${NC}"
echo ""
;;

16
scripts/sandbox-browser-entrypoint.sh
View File

@ -21,14 +21,14 @@ export HOME=/tmp/openclaw-home
export XDG_CONFIG_HOME="${HOME}/.config"
export XDG_CACHE_HOME="${HOME}/.cache"
CDP_PORT="${OPENCLAW_BROWSER_CDP_PORT:-${CLAWDBOT_BROWSER_CDP_PORT:-9222}}"
CDP_SOURCE_RANGE="${OPENCLAW_BROWSER_CDP_SOURCE_RANGE:-${CLAWDBOT_BROWSER_CDP_SOURCE_RANGE:-}}"
VNC_PORT="${OPENCLAW_BROWSER_VNC_PORT:-${CLAWDBOT_BROWSER_VNC_PORT:-5900}}"
NOVNC_PORT="${OPENCLAW_BROWSER_NOVNC_PORT:-${CLAWDBOT_BROWSER_NOVNC_PORT:-6080}}"
ENABLE_NOVNC="${OPENCLAW_BROWSER_ENABLE_NOVNC:-${CLAWDBOT_BROWSER_ENABLE_NOVNC:-1}}"
HEADLESS="${OPENCLAW_BROWSER_HEADLESS:-${CLAWDBOT_BROWSER_HEADLESS:-0}}"
ALLOW_NO_SANDBOX="${OPENCLAW_BROWSER_NO_SANDBOX:-${CLAWDBOT_BROWSER_NO_SANDBOX:-0}}"
NOVNC_PASSWORD="${OPENCLAW_BROWSER_NOVNC_PASSWORD:-${CLAWDBOT_BROWSER_NOVNC_PASSWORD:-}}"
CDP_PORT="${OPENCLAW_BROWSER_CDP_PORT:-9222}"
CDP_SOURCE_RANGE="${OPENCLAW_BROWSER_CDP_SOURCE_RANGE:-}"
VNC_PORT="${OPENCLAW_BROWSER_VNC_PORT:-5900}"
NOVNC_PORT="${OPENCLAW_BROWSER_NOVNC_PORT:-6080}"
ENABLE_NOVNC="${OPENCLAW_BROWSER_ENABLE_NOVNC:-1}"
HEADLESS="${OPENCLAW_BROWSER_HEADLESS:-0}"
ALLOW_NO_SANDBOX="${OPENCLAW_BROWSER_NO_SANDBOX:-0}"
NOVNC_PASSWORD="${OPENCLAW_BROWSER_NOVNC_PASSWORD:-}"
DISABLE_GRAPHICS_FLAGS="${OPENCLAW_BROWSER_DISABLE_GRAPHICS_FLAGS:-1}"
DISABLE_EXTENSIONS="${OPENCLAW_BROWSER_DISABLE_EXTENSIONS:-1}"
RENDERER_PROCESS_LIMIT="${OPENCLAW_BROWSER_RENDERER_PROCESS_LIMIT:-2}"

6
scripts/termux-auth-widget.sh
View File

@ -6,7 +6,7 @@
# It's designed for quick one-tap checking from phone home screen.
# Server hostname (via Tailscale or SSH config)
SERVER="${OPENCLAW_SERVER:-${CLAWDBOT_SERVER:-l36}}"
SERVER="${OPENCLAW_SERVER:-l36}"
# Check auth status
termux-toast "Checking OpenClaw auth..."
@ -24,7 +24,7 @@ case "$STATUS" in
termux-toast "Auth OK (${HOURS}h left)"
;;
CLAUDE_EXPIRING|OPENCLAW_EXPIRING|CLAWDBOT_EXPIRING)
CLAUDE_EXPIRING|OPENCLAW_EXPIRING)
termux-vibrate -d 100
# Ask if user wants to re-auth now
@ -51,7 +51,7 @@ case "$STATUS" in
esac
;;
CLAUDE_EXPIRED|OPENCLAW_EXPIRED|CLAWDBOT_EXPIRED)
CLAUDE_EXPIRED|OPENCLAW_EXPIRED)
termux-vibrate -d 300
CHOICE=$(termux-dialog radio -t "Auth Expired!" -v "Re-auth now,Dismiss")

2
scripts/termux-quick-auth.sh
View File

@ -5,7 +5,7 @@
# One-tap: shows status toast
# If expired: directly opens auth URL
SERVER="${OPENCLAW_SERVER:-${CLAWDBOT_SERVER:-l36}}"
SERVER="${OPENCLAW_SERVER:-l36}"
STATUS=$(ssh -o ConnectTimeout=5 "$SERVER" '$HOME/openclaw/scripts/claude-auth-status.sh simple' 2>&1)

2
scripts/termux-sync-widget.sh
View File

@ -6,7 +6,7 @@
termux-toast "Syncing OpenClaw auth..."
# Run sync on l36 server
SERVER="${OPENCLAW_SERVER:-${CLAWDBOT_SERVER:-l36}}"
SERVER="${OPENCLAW_SERVER:-l36}"
RESULT=$(ssh "$SERVER" '/home/admin/openclaw/scripts/sync-claude-code-auth.sh' 2>&1)
EXIT_CODE=$?

2
scripts/test-cleanup-docker.sh
View File

@ -2,7 +2,7 @@
set -euo pipefail
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
IMAGE_NAME="${OPENCLAW_CLEANUP_SMOKE_IMAGE:-${CLAWDBOT_CLEANUP_SMOKE_IMAGE:-openclaw-cleanup-smoke:local}}"
IMAGE_NAME="${OPENCLAW_CLEANUP_SMOKE_IMAGE:-openclaw-cleanup-smoke:local}"
echo "==> Build image: $IMAGE_NAME"
docker build \

20
scripts/test-install-sh-docker.sh
View File

@ -2,13 +2,13 @@
set -euo pipefail
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
SMOKE_IMAGE="${OPENCLAW_INSTALL_SMOKE_IMAGE:-${CLAWDBOT_INSTALL_SMOKE_IMAGE:-openclaw-install-smoke:local}}"
NONROOT_IMAGE="${OPENCLAW_INSTALL_NONROOT_IMAGE:-${CLAWDBOT_INSTALL_NONROOT_IMAGE:-openclaw-install-nonroot:local}}"
INSTALL_URL="${OPENCLAW_INSTALL_URL:-${CLAWDBOT_INSTALL_URL:-https://openclaw.bot/install.sh}}"
CLI_INSTALL_URL="${OPENCLAW_INSTALL_CLI_URL:-${CLAWDBOT_INSTALL_CLI_URL:-https://openclaw.bot/install-cli.sh}}"
SKIP_NONROOT="${OPENCLAW_INSTALL_SMOKE_SKIP_NONROOT:-${CLAWDBOT_INSTALL_SMOKE_SKIP_NONROOT:-0}}"
SKIP_SMOKE_IMAGE_BUILD="${OPENCLAW_INSTALL_SMOKE_SKIP_IMAGE_BUILD:-${CLAWDBOT_INSTALL_SMOKE_SKIP_IMAGE_BUILD:-0}}"
SKIP_NONROOT_IMAGE_BUILD="${OPENCLAW_INSTALL_NONROOT_SKIP_IMAGE_BUILD:-${CLAWDBOT_INSTALL_NONROOT_SKIP_IMAGE_BUILD:-0}}"
SMOKE_IMAGE="${OPENCLAW_INSTALL_SMOKE_IMAGE:-openclaw-install-smoke:local}"
NONROOT_IMAGE="${OPENCLAW_INSTALL_NONROOT_IMAGE:-openclaw-install-nonroot:local}"
INSTALL_URL="${OPENCLAW_INSTALL_URL:-https://openclaw.bot/install.sh}"
CLI_INSTALL_URL="${OPENCLAW_INSTALL_CLI_URL:-https://openclaw.bot/install-cli.sh}"
SKIP_NONROOT="${OPENCLAW_INSTALL_SMOKE_SKIP_NONROOT:-0}"
SKIP_SMOKE_IMAGE_BUILD="${OPENCLAW_INSTALL_SMOKE_SKIP_IMAGE_BUILD:-0}"
SKIP_NONROOT_IMAGE_BUILD="${OPENCLAW_INSTALL_NONROOT_SKIP_IMAGE_BUILD:-0}"
LATEST_DIR="$(mktemp -d)"
LATEST_FILE="${LATEST_DIR}/latest"
@ -28,8 +28,8 @@ docker run --rm -t \
-e OPENCLAW_INSTALL_URL="$INSTALL_URL" \
-e OPENCLAW_INSTALL_METHOD=npm \
-e OPENCLAW_INSTALL_LATEST_OUT="/out/latest" \
-e OPENCLAW_INSTALL_SMOKE_PREVIOUS="${OPENCLAW_INSTALL_SMOKE_PREVIOUS:-${CLAWDBOT_INSTALL_SMOKE_PREVIOUS:-}}" \
-e OPENCLAW_INSTALL_SMOKE_SKIP_PREVIOUS="${OPENCLAW_INSTALL_SMOKE_SKIP_PREVIOUS:-${CLAWDBOT_INSTALL_SMOKE_SKIP_PREVIOUS:-0}}" \
-e OPENCLAW_INSTALL_SMOKE_PREVIOUS="${OPENCLAW_INSTALL_SMOKE_PREVIOUS:-}" \
-e OPENCLAW_INSTALL_SMOKE_SKIP_PREVIOUS="${OPENCLAW_INSTALL_SMOKE_SKIP_PREVIOUS:-0}" \
-e OPENCLAW_NO_ONBOARD=1 \
-e DEBIAN_FRONTEND=noninteractive \
"$SMOKE_IMAGE"
@ -62,7 +62,7 @@ else
"$NONROOT_IMAGE"
fi
if [[ "${OPENCLAW_INSTALL_SMOKE_SKIP_CLI:-${CLAWDBOT_INSTALL_SMOKE_SKIP_CLI:-0}}" == "1" ]]; then
if [[ "${OPENCLAW_INSTALL_SMOKE_SKIP_CLI:-0}" == "1" ]]; then
echo "==> Skip CLI installer smoke (OPENCLAW_INSTALL_SMOKE_SKIP_CLI=1)"
exit 0
fi

12
scripts/test-install-sh-e2e-docker.sh
View File

@ -2,13 +2,13 @@
set -euo pipefail
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
IMAGE_NAME="${OPENCLAW_INSTALL_E2E_IMAGE:-${CLAWDBOT_INSTALL_E2E_IMAGE:-openclaw-install-e2e:local}}"
INSTALL_URL="${OPENCLAW_INSTALL_URL:-${CLAWDBOT_INSTALL_URL:-https://openclaw.bot/install.sh}}"
IMAGE_NAME="${OPENCLAW_INSTALL_E2E_IMAGE:-openclaw-install-e2e:local}"
INSTALL_URL="${OPENCLAW_INSTALL_URL:-https://openclaw.bot/install.sh}"
OPENAI_API_KEY="${OPENAI_API_KEY:-}"
ANTHROPIC_API_KEY="${ANTHROPIC_API_KEY:-}"
ANTHROPIC_API_TOKEN="${ANTHROPIC_API_TOKEN:-}"
OPENCLAW_E2E_MODELS="${OPENCLAW_E2E_MODELS:-${CLAWDBOT_E2E_MODELS:-}}"
OPENCLAW_E2E_MODELS="${OPENCLAW_E2E_MODELS:-}"
echo "==> Build image: $IMAGE_NAME"
docker build \
@ -19,10 +19,10 @@ docker build \
echo "==> Run E2E installer test"
docker run --rm \
-e OPENCLAW_INSTALL_URL="$INSTALL_URL" \
-e OPENCLAW_INSTALL_TAG="${OPENCLAW_INSTALL_TAG:-${CLAWDBOT_INSTALL_TAG:-latest}}" \
-e OPENCLAW_INSTALL_TAG="${OPENCLAW_INSTALL_TAG:-latest}" \
-e OPENCLAW_E2E_MODELS="$OPENCLAW_E2E_MODELS" \
-e OPENCLAW_INSTALL_E2E_PREVIOUS="${OPENCLAW_INSTALL_E2E_PREVIOUS:-${CLAWDBOT_INSTALL_E2E_PREVIOUS:-}}" \
-e OPENCLAW_INSTALL_E2E_SKIP_PREVIOUS="${OPENCLAW_INSTALL_E2E_SKIP_PREVIOUS:-${CLAWDBOT_INSTALL_E2E_SKIP_PREVIOUS:-0}}" \
-e OPENCLAW_INSTALL_E2E_PREVIOUS="${OPENCLAW_INSTALL_E2E_PREVIOUS:-}" \
-e OPENCLAW_INSTALL_E2E_SKIP_PREVIOUS="${OPENCLAW_INSTALL_E2E_SKIP_PREVIOUS:-0}" \
-e OPENAI_API_KEY="$OPENAI_API_KEY" \
-e ANTHROPIC_API_KEY="$ANTHROPIC_API_KEY" \
-e ANTHROPIC_API_TOKEN="$ANTHROPIC_API_TOKEN" \

18
scripts/test-live-gateway-models-docker.sh
View File

@ -2,11 +2,11 @@
set -euo pipefail
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
IMAGE_NAME="${OPENCLAW_IMAGE:-${CLAWDBOT_IMAGE:-openclaw:local}}"
LIVE_IMAGE_NAME="${OPENCLAW_LIVE_IMAGE:-${CLAWDBOT_LIVE_IMAGE:-${IMAGE_NAME}-live}}"
CONFIG_DIR="${OPENCLAW_CONFIG_DIR:-${CLAWDBOT_CONFIG_DIR:-$HOME/.openclaw}}"
WORKSPACE_DIR="${OPENCLAW_WORKSPACE_DIR:-${CLAWDBOT_WORKSPACE_DIR:-$HOME/.openclaw/workspace}}"
PROFILE_FILE="${OPENCLAW_PROFILE_FILE:-${CLAWDBOT_PROFILE_FILE:-$HOME/.profile}}"
IMAGE_NAME="${OPENCLAW_IMAGE:-openclaw:local}"
LIVE_IMAGE_NAME="${OPENCLAW_LIVE_IMAGE:-${IMAGE_NAME}-live}"
CONFIG_DIR="${OPENCLAW_CONFIG_DIR:-$HOME/.openclaw}"
WORKSPACE_DIR="${OPENCLAW_WORKSPACE_DIR:-$HOME/.openclaw/workspace}"
PROFILE_FILE="${OPENCLAW_PROFILE_FILE:-$HOME/.profile}"
PROFILE_MOUNT=()
if [[ -f "$PROFILE_FILE" ]]; then
@ -64,10 +64,10 @@ docker run --rm -t \
-e HOME=/home/node \
-e NODE_OPTIONS=--disable-warning=ExperimentalWarning \
-e OPENCLAW_LIVE_TEST=1 \
-e OPENCLAW_LIVE_GATEWAY_MODELS="${OPENCLAW_LIVE_GATEWAY_MODELS:-${CLAWDBOT_LIVE_GATEWAY_MODELS:-modern}}" \
-e OPENCLAW_LIVE_GATEWAY_PROVIDERS="${OPENCLAW_LIVE_GATEWAY_PROVIDERS:-${CLAWDBOT_LIVE_GATEWAY_PROVIDERS:-}}" \
-e OPENCLAW_LIVE_GATEWAY_MAX_MODELS="${OPENCLAW_LIVE_GATEWAY_MAX_MODELS:-${CLAWDBOT_LIVE_GATEWAY_MAX_MODELS:-24}}" \
-e OPENCLAW_LIVE_GATEWAY_MODEL_TIMEOUT_MS="${OPENCLAW_LIVE_GATEWAY_MODEL_TIMEOUT_MS:-${CLAWDBOT_LIVE_GATEWAY_MODEL_TIMEOUT_MS:-}}" \
-e OPENCLAW_LIVE_GATEWAY_MODELS="${OPENCLAW_LIVE_GATEWAY_MODELS:-modern}" \
-e OPENCLAW_LIVE_GATEWAY_PROVIDERS="${OPENCLAW_LIVE_GATEWAY_PROVIDERS:-}" \
-e OPENCLAW_LIVE_GATEWAY_MAX_MODELS="${OPENCLAW_LIVE_GATEWAY_MAX_MODELS:-24}" \
-e OPENCLAW_LIVE_GATEWAY_MODEL_TIMEOUT_MS="${OPENCLAW_LIVE_GATEWAY_MODEL_TIMEOUT_MS:-}" \
-v "$ROOT_DIR":/src:ro \
-v "$CONFIG_DIR":/home/node/.openclaw \
-v "$WORKSPACE_DIR":/home/node/.openclaw/workspace \

26
scripts/test-live-models-docker.sh
View File

@ -2,11 +2,11 @@
set -euo pipefail
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
IMAGE_NAME="${OPENCLAW_IMAGE:-${CLAWDBOT_IMAGE:-openclaw:local}}"
LIVE_IMAGE_NAME="${OPENCLAW_LIVE_IMAGE:-${CLAWDBOT_LIVE_IMAGE:-${IMAGE_NAME}-live}}"
CONFIG_DIR="${OPENCLAW_CONFIG_DIR:-${CLAWDBOT_CONFIG_DIR:-$HOME/.openclaw}}"
WORKSPACE_DIR="${OPENCLAW_WORKSPACE_DIR:-${CLAWDBOT_WORKSPACE_DIR:-$HOME/.openclaw/workspace}}"
PROFILE_FILE="${OPENCLAW_PROFILE_FILE:-${CLAWDBOT_PROFILE_FILE:-$HOME/.profile}}"
IMAGE_NAME="${OPENCLAW_IMAGE:-openclaw:local}"
LIVE_IMAGE_NAME="${OPENCLAW_LIVE_IMAGE:-${IMAGE_NAME}-live}"
CONFIG_DIR="${OPENCLAW_CONFIG_DIR:-$HOME/.openclaw}"
WORKSPACE_DIR="${OPENCLAW_WORKSPACE_DIR:-$HOME/.openclaw/workspace}"
PROFILE_FILE="${OPENCLAW_PROFILE_FILE:-$HOME/.profile}"
PROFILE_MOUNT=()
if [[ -f "$PROFILE_FILE" ]]; then
@ -64,14 +64,14 @@ docker run --rm -t \
-e HOME=/home/node \
-e NODE_OPTIONS=--disable-warning=ExperimentalWarning \
-e OPENCLAW_LIVE_TEST=1 \
-e OPENCLAW_LIVE_MODELS="${OPENCLAW_LIVE_MODELS:-${CLAWDBOT_LIVE_MODELS:-modern}}" \
-e OPENCLAW_LIVE_PROVIDERS="${OPENCLAW_LIVE_PROVIDERS:-${CLAWDBOT_LIVE_PROVIDERS:-}}" \
-e OPENCLAW_LIVE_MAX_MODELS="${OPENCLAW_LIVE_MAX_MODELS:-${CLAWDBOT_LIVE_MAX_MODELS:-48}}" \
-e OPENCLAW_LIVE_MODEL_TIMEOUT_MS="${OPENCLAW_LIVE_MODEL_TIMEOUT_MS:-${CLAWDBOT_LIVE_MODEL_TIMEOUT_MS:-}}" \
-e OPENCLAW_LIVE_REQUIRE_PROFILE_KEYS="${OPENCLAW_LIVE_REQUIRE_PROFILE_KEYS:-${CLAWDBOT_LIVE_REQUIRE_PROFILE_KEYS:-}}" \
-e OPENCLAW_LIVE_GATEWAY_MODELS="${OPENCLAW_LIVE_GATEWAY_MODELS:-${CLAWDBOT_LIVE_GATEWAY_MODELS:-}}" \
-e OPENCLAW_LIVE_GATEWAY_PROVIDERS="${OPENCLAW_LIVE_GATEWAY_PROVIDERS:-${CLAWDBOT_LIVE_GATEWAY_PROVIDERS:-}}" \
-e OPENCLAW_LIVE_GATEWAY_MAX_MODELS="${OPENCLAW_LIVE_GATEWAY_MAX_MODELS:-${CLAWDBOT_LIVE_GATEWAY_MAX_MODELS:-}}" \
-e OPENCLAW_LIVE_MODELS="${OPENCLAW_LIVE_MODELS:-modern}" \
-e OPENCLAW_LIVE_PROVIDERS="${OPENCLAW_LIVE_PROVIDERS:-}" \
-e OPENCLAW_LIVE_MAX_MODELS="${OPENCLAW_LIVE_MAX_MODELS:-48}" \
-e OPENCLAW_LIVE_MODEL_TIMEOUT_MS="${OPENCLAW_LIVE_MODEL_TIMEOUT_MS:-}" \
-e OPENCLAW_LIVE_REQUIRE_PROFILE_KEYS="${OPENCLAW_LIVE_REQUIRE_PROFILE_KEYS:-}" \
-e OPENCLAW_LIVE_GATEWAY_MODELS="${OPENCLAW_LIVE_GATEWAY_MODELS:-}" \
-e OPENCLAW_LIVE_GATEWAY_PROVIDERS="${OPENCLAW_LIVE_GATEWAY_PROVIDERS:-}" \
-e OPENCLAW_LIVE_GATEWAY_MAX_MODELS="${OPENCLAW_LIVE_GATEWAY_MAX_MODELS:-}" \
-v "$ROOT_DIR":/src:ro \
-v "$CONFIG_DIR":/home/node/.openclaw \
-v "$WORKSPACE_DIR":/home/node/.openclaw/workspace \

9
scripts/zai-fallback-repro.ts
View File

@ -6,7 +6,7 @@ import path from "node:path";
type RunResult = {
code: number | null;
signal: NodeJS.Signals | null;
signal: string | null;
stdout: string;
stderr: string;
};
@ -98,17 +98,12 @@ async function main() {
};
await fs.writeFile(configPath, JSON.stringify(config, null, 2), "utf8");
const sessionId =
process.env.OPENCLAW_ZAI_FALLBACK_SESSION_ID ??
process.env.CLAWDBOT_ZAI_FALLBACK_SESSION_ID ??
randomUUID();
const sessionId = process.env.OPENCLAW_ZAI_FALLBACK_SESSION_ID ?? randomUUID();
const baseEnv: NodeJS.ProcessEnv = {
...process.env,
OPENCLAW_CONFIG_PATH: configPath,
OPENCLAW_STATE_DIR: stateDir,
CLAWDBOT_CONFIG_PATH: configPath,
CLAWDBOT_STATE_DIR: stateDir,
ZAI_API_KEY: zaiKey,
Z_AI_API_KEY: "",
};

2
skills/1password/SKILL.md
View File

@ -48,7 +48,7 @@ The shell tool uses a fresh TTY per command. To avoid re-prompts and failures, a
Example (see `tmux` skill for socket conventions, do not reuse old session names):
```bash
SOCKET_DIR="${OPENCLAW_TMUX_SOCKET_DIR:-${CLAWDBOT_TMUX_SOCKET_DIR:-${TMPDIR:-/tmp}/openclaw-tmux-sockets}}"
SOCKET_DIR="${OPENCLAW_TMUX_SOCKET_DIR:-${TMPDIR:-/tmp}/openclaw-tmux-sockets}"
mkdir -p "$SOCKET_DIR"
SOCKET="$SOCKET_DIR/openclaw-op.sock"
SESSION="op-auth-$(date +%Y%m%d-%H%M%S)"

2
skills/tmux/scripts/find-sessions.sh
View File

@ -20,7 +20,7 @@ socket_name=""
socket_path=""
query=""
scan_all=false
socket_dir="${OPENCLAW_TMUX_SOCKET_DIR:-${CLAWDBOT_TMUX_SOCKET_DIR:-${TMPDIR:-/tmp}/openclaw-tmux-sockets}}"
socket_dir="${OPENCLAW_TMUX_SOCKET_DIR:-${TMPDIR:-/tmp}/openclaw-tmux-sockets}"
while [[ $# -gt 0 ]]; do
case "$1" in

2
src/agents/shell-utils.ts
View File

@ -99,7 +99,7 @@ function normalizeShellName(value: string): string {
}
export function detectRuntimeShell(): string | undefined {
const overrideShell = process.env.CLAWDBOT_SHELL?.trim();
const overrideShell = process.env.OPENCLAW_SHELL?.trim();
if (overrideShell) {
const name = normalizeShellName(overrideShell);
if (name) {

8
src/agents/tools/gateway.test.ts
View File

@ -16,14 +16,12 @@ vi.mock("../../gateway/call.js", () => ({
describe("gateway tool defaults", () => {
const envSnapshot = {
openclaw: process.env.OPENCLAW_GATEWAY_TOKEN,
clawdbot: process.env.CLAWDBOT_GATEWAY_TOKEN,
};
beforeEach(() => {
callGatewayMock.mockClear();
configState.value = {};
delete process.env.OPENCLAW_GATEWAY_TOKEN;
delete process.env.CLAWDBOT_GATEWAY_TOKEN;
});
afterAll(() => {
@ -32,11 +30,6 @@ describe("gateway tool defaults", () => {
} else {
process.env.OPENCLAW_GATEWAY_TOKEN = envSnapshot.openclaw;
}
if (envSnapshot.clawdbot === undefined) {
delete process.env.CLAWDBOT_GATEWAY_TOKEN;
} else {
process.env.CLAWDBOT_GATEWAY_TOKEN = envSnapshot.clawdbot;
}
});
it("leaves url undefined so callGateway can use config", () => {
@ -94,7 +87,6 @@ describe("gateway tool defaults", () => {
it("does not leak local env/config tokens to remote overrides", () => {
process.env.OPENCLAW_GATEWAY_TOKEN = "local-env-token";
process.env.CLAWDBOT_GATEWAY_TOKEN = "legacy-env-token";
configState.value = {
gateway: {
auth: { token: "local-config-token" },

2
src/channels/plugins/plugins-core.test.ts
View File

@ -196,7 +196,6 @@ describe("channel plugin catalog", () => {
env: {
...process.env,
OPENCLAW_STATE_DIR: stateDir,
CLAWDBOT_STATE_DIR: undefined,
OPENCLAW_BUNDLED_PLUGINS_DIR: "/nonexistent/bundled/plugins",
},
}).find((item) => item.id === "demo-channel");
@ -273,7 +272,6 @@ describe("channel plugin catalog", () => {
env: {
...process.env,
OPENCLAW_STATE_DIR: stateDir,
CLAWDBOT_STATE_DIR: undefined,
},
}).map((entry) => entry.id);

4
src/cli/daemon-cli/install.integration.test.ts
View File

@ -46,9 +46,7 @@ describe("runDaemonInstall integration", () => {
"OPENCLAW_STATE_DIR",
"OPENCLAW_CONFIG_PATH",
"OPENCLAW_GATEWAY_TOKEN",
"CLAWDBOT_GATEWAY_TOKEN",
"OPENCLAW_GATEWAY_PASSWORD",
"CLAWDBOT_GATEWAY_PASSWORD",
]);
tempHome = await makeTempWorkspace("openclaw-daemon-install-int-");
configPath = path.join(tempHome, "openclaw.json");
@ -67,9 +65,7 @@ describe("runDaemonInstall integration", () => {
resetRuntimeCapture();
// Keep these defined-but-empty so dotenv won't repopulate from local .env.
process.env.OPENCLAW_GATEWAY_TOKEN = "";
process.env.CLAWDBOT_GATEWAY_TOKEN = "";
process.env.OPENCLAW_GATEWAY_PASSWORD = "";
process.env.CLAWDBOT_GATEWAY_PASSWORD = "";
serviceMock.isLoaded.mockResolvedValue(false);
await fs.writeFile(configPath, JSON.stringify({}, null, 2));
clearConfigCache();

1
src/cli/daemon-cli/install.test.ts
View File

@ -200,7 +200,6 @@ describe("runDaemonInstall", () => {
NODE_USE_SYSTEM_CA: undefined,
});
delete process.env.OPENCLAW_GATEWAY_TOKEN;
delete process.env.CLAWDBOT_GATEWAY_TOKEN;
});
afterEach(() => {

2
src/cli/daemon-cli/test-helpers/lifecycle-core-harness.ts
View File

@ -48,7 +48,5 @@ export function resetLifecycleServiceMocks() {
export function stubEmptyGatewayEnv() {
vi.unstubAllEnvs();
vi.stubEnv("OPENCLAW_GATEWAY_TOKEN", "");
vi.stubEnv("CLAWDBOT_GATEWAY_TOKEN", "");
vi.stubEnv("OPENCLAW_GATEWAY_URL", "");
vi.stubEnv("CLAWDBOT_GATEWAY_URL", "");
}

2
src/cli/qr-cli.test.ts
View File

@ -164,9 +164,7 @@ describe("registerQrCli", () => {
vi.clearAllMocks();
runtimeCapture.resetRuntimeCapture();
vi.stubEnv("OPENCLAW_GATEWAY_TOKEN", "");
vi.stubEnv("CLAWDBOT_GATEWAY_TOKEN", "");
vi.stubEnv("OPENCLAW_GATEWAY_PASSWORD", "");
vi.stubEnv("CLAWDBOT_GATEWAY_PASSWORD", "");
runtime.exit.mockImplementation(() => {
throw new Error("exit");
});

4
src/cli/qr-dashboard.integration.test.ts
View File

@ -114,9 +114,7 @@ describe("cli integration: qr + dashboard token SecretRef", () => {
envSnapshot = captureEnv([
"SHARED_GATEWAY_TOKEN",
"OPENCLAW_GATEWAY_TOKEN",
"CLAWDBOT_GATEWAY_TOKEN",
"OPENCLAW_GATEWAY_PASSWORD",
"CLAWDBOT_GATEWAY_PASSWORD",
]);
});
@ -141,9 +139,7 @@ describe("cli integration: qr + dashboard token SecretRef", () => {
runtimeErrors.length = 0;
vi.clearAllMocks();
delete process.env.OPENCLAW_GATEWAY_TOKEN;
delete process.env.CLAWDBOT_GATEWAY_TOKEN;
delete process.env.OPENCLAW_GATEWAY_PASSWORD;
delete process.env.CLAWDBOT_GATEWAY_PASSWORD;
delete process.env.SHARED_GATEWAY_TOKEN;
});

2
src/cli/update-cli/update-command.ts
View File

@ -73,9 +73,7 @@ const SERVICE_REFRESH_TIMEOUT_MS = 60_000;
const SERVICE_REFRESH_PATH_ENV_KEYS = [
"OPENCLAW_HOME",
"OPENCLAW_STATE_DIR",
"CLAWDBOT_STATE_DIR",
"OPENCLAW_CONFIG_PATH",
"CLAWDBOT_CONFIG_PATH",
] as const;
const UPDATE_QUIPS = [

23
src/commands/configure.wizard.ts
View File

@ -87,12 +87,8 @@ async function runGatewayHealthCheck(params: {
value: params.cfg.gateway?.auth?.password,
path: "gateway.auth.password",
});
const token =
process.env.OPENCLAW_GATEWAY_TOKEN ?? process.env.CLAWDBOT_GATEWAY_TOKEN ?? configuredToken;
const password =
process.env.OPENCLAW_GATEWAY_PASSWORD ??
process.env.CLAWDBOT_GATEWAY_PASSWORD ??
configuredPassword;
const token = process.env.OPENCLAW_GATEWAY_TOKEN ?? configuredToken;
const password = process.env.OPENCLAW_GATEWAY_PASSWORD ?? configuredPassword;
await waitForGatewayReachable({
url: wsUrl,
@ -388,14 +384,8 @@ export async function runConfigureWizard(
});
const localProbe = await probeGatewayReachable({
url: localUrl,
token:
process.env.OPENCLAW_GATEWAY_TOKEN ??
process.env.CLAWDBOT_GATEWAY_TOKEN ??
baseLocalProbeToken,
password:
process.env.OPENCLAW_GATEWAY_PASSWORD ??
process.env.CLAWDBOT_GATEWAY_PASSWORD ??
baseLocalProbePassword,
token: process.env.OPENCLAW_GATEWAY_TOKEN ?? baseLocalProbeToken,
password: process.env.OPENCLAW_GATEWAY_PASSWORD ?? baseLocalProbePassword,
});
const remoteUrl = baseConfig.gateway?.remote?.url?.trim() ?? "";
const baseRemoteProbeToken = await resolveGatewaySecretInputForWizard({
@ -679,10 +669,9 @@ export async function runConfigureWizard(
customBindHost: nextConfig.gateway?.customBindHost,
basePath: nextConfig.gateway?.controlUi?.basePath,
});
// Try both new and old passwords since gateway may still have old config.
// Try both newly written and preexisting passwords while the gateway restarts.
const newPassword =
process.env.OPENCLAW_GATEWAY_PASSWORD ??
process.env.CLAWDBOT_GATEWAY_PASSWORD ??
(await resolveGatewaySecretInputForWizard({
cfg: nextConfig,
value: nextConfig.gateway?.auth?.password,
@ -690,7 +679,6 @@ export async function runConfigureWizard(
}));
const oldPassword =
process.env.OPENCLAW_GATEWAY_PASSWORD ??
process.env.CLAWDBOT_GATEWAY_PASSWORD ??
(await resolveGatewaySecretInputForWizard({
cfg: baseConfig,
value: baseConfig.gateway?.auth?.password,
@ -698,7 +686,6 @@ export async function runConfigureWizard(
}));
const token =
process.env.OPENCLAW_GATEWAY_TOKEN ??
process.env.CLAWDBOT_GATEWAY_TOKEN ??
(await resolveGatewaySecretInputForWizard({
cfg: nextConfig,
value: nextConfig.gateway?.auth?.token,

1
src/commands/dashboard.links.test.ts
View File

@ -72,7 +72,6 @@ describe("dashboardCommand", () => {
formatControlUiSshHintMock.mockClear();
copyToClipboardMock.mockClear();
delete process.env.OPENCLAW_GATEWAY_TOKEN;
delete process.env.CLAWDBOT_GATEWAY_TOKEN;
});
it("opens and copies the dashboard link by default", async () => {

2
src/commands/doctor-gateway-services.test.ts
View File

@ -400,7 +400,6 @@ describe("maybeRepairGatewayServiceConfig", () => {
await withEnvAsync(
{
OPENCLAW_GATEWAY_TOKEN: undefined,
CLAWDBOT_GATEWAY_TOKEN: undefined,
},
async () => {
setupGatewayTokenRepairScenario();
@ -445,7 +444,6 @@ describe("maybeRepairGatewayServiceConfig", () => {
await withEnvAsync(
{
OPENCLAW_GATEWAY_TOKEN: undefined,
CLAWDBOT_GATEWAY_TOKEN: undefined,
},
async () => {
mocks.readCommand.mockResolvedValue({

2
src/commands/doctor-platform-notes.launchctl-env-overrides.test.ts
View File

@ -19,7 +19,7 @@ describe("noteMacLaunchctlGatewayEnvOverrides", () => {
await noteMacLaunchctlGatewayEnvOverrides(cfg, { platform: "darwin", getenv, noteFn });
expect(noteFn).toHaveBeenCalledTimes(1);
expect(getenv).toHaveBeenCalledTimes(4);
expect(getenv).toHaveBeenCalledTimes(2);
const [message, title] = noteFn.mock.calls[0] ?? [];
expect(title).toBe("Gateway (macOS)");

37
src/commands/doctor-platform-notes.ts
View File

@ -73,21 +73,6 @@ export async function noteMacLaunchctlGatewayEnvOverrides(
}
const getenv = deps?.getenv ?? launchctlGetenv;
const deprecatedLaunchctlEntries = [
["CLAWDBOT_GATEWAY_TOKEN", await getenv("CLAWDBOT_GATEWAY_TOKEN")],
["CLAWDBOT_GATEWAY_PASSWORD", await getenv("CLAWDBOT_GATEWAY_PASSWORD")],
].filter((entry): entry is [string, string] => Boolean(entry[1]?.trim()));
if (deprecatedLaunchctlEntries.length > 0) {
const lines = [
"- Deprecated launchctl environment variables detected (ignored).",
...deprecatedLaunchctlEntries.map(
([key]) =>
`- \`${key}\` is set; use \`OPENCLAW_${key.slice(key.indexOf("_") + 1)}\` instead.`,
),
];
(deps?.noteFn ?? note)(lines.join("\n"), "Gateway (macOS)");
}
const tokenEntries = [
["OPENCLAW_GATEWAY_TOKEN", await getenv("OPENCLAW_GATEWAY_TOKEN")],
] as const;
@ -120,28 +105,6 @@ export async function noteMacLaunchctlGatewayEnvOverrides(
(deps?.noteFn ?? note)(lines.join("\n"), "Gateway (macOS)");
}
export function noteDeprecatedLegacyEnvVars(
env: NodeJS.ProcessEnv = process.env,
deps?: { noteFn?: typeof note },
) {
const entries = Object.entries(env)
.filter(([key, value]) => key.startsWith("CLAWDBOT_") && value?.trim())
.map(([key]) => key);
if (entries.length === 0) {
return;
}
const lines = [
"- Deprecated legacy environment variables detected (ignored).",
"- Use OPENCLAW_* equivalents instead:",
...entries.map((key) => {
const suffix = key.slice(key.indexOf("_") + 1);
return ` ${key} -> OPENCLAW_${suffix}`;
}),
];
(deps?.noteFn ?? note)(lines.join("\n"), "Environment");
}
function isTruthyEnvValue(value: string | undefined): boolean {
return typeof value === "string" && value.trim().length > 0;
}

1
src/commands/doctor.fast-path-mocks.ts
View File

@ -26,7 +26,6 @@ vi.mock("./doctor-memory-search.js", () => ({
}));
vi.mock("./doctor-platform-notes.js", () => ({
noteDeprecatedLegacyEnvVars: vi.fn(),
noteStartupOptimizationHints: vi.fn(),
noteMacLaunchAgentOverrides: vi.fn().mockResolvedValue(undefined),
noteMacLaunchctlGatewayEnvOverrides: vi.fn().mockResolvedValue(undefined),

2
src/commands/doctor.ts
View File

@ -45,7 +45,6 @@ import { noteMemorySearchHealth } from "./doctor-memory-search.js";
import {
noteMacLaunchAgentOverrides,
noteMacLaunchctlGatewayEnvOverrides,
noteDeprecatedLegacyEnvVars,
noteStartupOptimizationHints,
} from "./doctor-platform-notes.js";
import { createDoctorPrompter, type DoctorOptions } from "./doctor-prompter.js";
@ -99,7 +98,6 @@ export async function doctorCommand(
await maybeRepairUiProtocolFreshness(runtime, prompter);
noteSourceInstallIssues(root);
noteDeprecatedLegacyEnvVars();
noteStartupOptimizationHints();
const configResult = await loadAndMaybeMigrateDoctorConfig({

1
src/commands/gateway-status.test.ts
View File

@ -420,7 +420,6 @@ describe("gateway-status command", () => {
{
CUSTOM_GATEWAY_TOKEN: "resolved-gateway-token",
OPENCLAW_GATEWAY_TOKEN: undefined,
CLAWDBOT_GATEWAY_TOKEN: undefined,
},
async () => {
readBestEffortConfig.mockResolvedValueOnce({

4
src/commands/status.scan.ts
View File

@ -367,8 +367,8 @@ export async function scanStatus(
progress.setLabel("Summarizing channels…");
const channels = await buildChannelsTable(cfg, {
// Show token previews in regular status; keep `status --all` redacted.
// Set `CLAWDBOT_SHOW_SECRETS=0` to force redaction.
showSecrets: process.env.CLAWDBOT_SHOW_SECRETS?.trim() !== "0",
// Set `OPENCLAW_SHOW_SECRETS=0` to force redaction.
showSecrets: process.env.OPENCLAW_SHOW_SECRETS?.trim() !== "0",
sourceConfig: loadedRaw,
});
progress.tick();

1
src/config/config.plugin-validation.test.ts
View File

@ -88,7 +88,6 @@ describe("config plugin validation", () => {
HOME: suiteHome,
OPENCLAW_HOME: undefined,
OPENCLAW_STATE_DIR: path.join(suiteHome, ".openclaw"),
CLAWDBOT_STATE_DIR: undefined,
OPENCLAW_PLUGIN_MANIFEST_CACHE_MS: "10000",
}) satisfies NodeJS.ProcessEnv;

9
src/config/io.compat.test.ts
View File

@ -69,15 +69,6 @@ describe("config io paths", () => {
});
});
it("honors legacy CLAWDBOT_CONFIG_PATH override", async () => {
await withTempHome(async (home) => {
const customPath = await writeConfig(home, ".openclaw", 20003, "legacy-custom.json");
const io = createIoForHome(home, { CLAWDBOT_CONFIG_PATH: customPath } as NodeJS.ProcessEnv);
expect(io.configPath).toBe(customPath);
expect(io.loadConfig().gateway?.port).toBe(20003);
});
});
it("normalizes safe-bin config entries at config load time", async () => {
await withTempHome(async (home) => {
const configDir = path.join(home, ".openclaw");

10
src/config/paths.ts
View File

@ -62,7 +62,7 @@ export function resolveStateDir(
homedir: () => string = envHomedir(env),
): string {
const effectiveHomedir = () => resolveRequiredHomeDir(env, homedir);
const override = env.OPENCLAW_STATE_DIR?.trim() || env.CLAWDBOT_STATE_DIR?.trim();
const override = env.OPENCLAW_STATE_DIR?.trim();
if (override) {
return resolveUserPath(override, env, effectiveHomedir);
}
@ -107,7 +107,7 @@ export function resolveCanonicalConfigPath(
env: NodeJS.ProcessEnv = process.env,
stateDir: string = resolveStateDir(env, envHomedir(env)),
): string {
const override = env.OPENCLAW_CONFIG_PATH?.trim() || env.CLAWDBOT_CONFIG_PATH?.trim();
const override = env.OPENCLAW_CONFIG_PATH?.trim();
if (override) {
return resolveUserPath(override, env, envHomedir(env));
}
@ -190,13 +190,13 @@ export function resolveDefaultConfigCandidates(
homedir: () => string = envHomedir(env),
): string[] {
const effectiveHomedir = () => resolveRequiredHomeDir(env, homedir);
const explicit = env.OPENCLAW_CONFIG_PATH?.trim() || env.CLAWDBOT_CONFIG_PATH?.trim();
const explicit = env.OPENCLAW_CONFIG_PATH?.trim();
if (explicit) {
return [resolveUserPath(explicit, env, effectiveHomedir)];
}
const candidates: string[] = [];
const openclawStateDir = env.OPENCLAW_STATE_DIR?.trim() || env.CLAWDBOT_STATE_DIR?.trim();
const openclawStateDir = env.OPENCLAW_STATE_DIR?.trim();
if (openclawStateDir) {
const resolved = resolveUserPath(openclawStateDir, env, effectiveHomedir);
candidates.push(path.join(resolved, CONFIG_FILENAME));
@ -255,7 +255,7 @@ export function resolveGatewayPort(
cfg?: OpenClawConfig,
env: NodeJS.ProcessEnv = process.env,
): number {
const envRaw = env.OPENCLAW_GATEWAY_PORT?.trim() || env.CLAWDBOT_GATEWAY_PORT?.trim();
const envRaw = env.OPENCLAW_GATEWAY_PORT?.trim();
if (envRaw) {
const parsed = Number.parseInt(envRaw, 10);
if (Number.isFinite(parsed) && parsed > 0) {

3
src/config/plugin-auto-enable.test.ts
View File

@ -248,7 +248,6 @@ describe("applyPluginAutoEnable", () => {
...process.env,
OPENCLAW_HOME: undefined,
OPENCLAW_STATE_DIR: stateDir,
CLAWDBOT_STATE_DIR: undefined,
OPENCLAW_BUNDLED_PLUGINS_DIR: "/nonexistent/bundled/plugins",
},
});
@ -296,7 +295,6 @@ describe("applyPluginAutoEnable", () => {
env: {
...process.env,
OPENCLAW_STATE_DIR: stateDir,
CLAWDBOT_STATE_DIR: undefined,
},
manifestRegistry: makeRegistry([]),
});
@ -493,7 +491,6 @@ describe("applyPluginAutoEnable", () => {
...process.env,
OPENCLAW_HOME: undefined,
OPENCLAW_STATE_DIR: stateDir,
CLAWDBOT_STATE_DIR: undefined,
OPENCLAW_BUNDLED_PLUGINS_DIR: "/nonexistent/bundled/plugins",
},
});

21
src/daemon/service-env.test.ts
View File

@ -388,30 +388,11 @@ describe("buildNodeServiceEnvironment", () => {
expect(env.OPENCLAW_GATEWAY_TOKEN).toBe("node-token");
});
it("maps legacy CLAWDBOT_GATEWAY_TOKEN to OPENCLAW_GATEWAY_TOKEN for node services", () => {
const env = buildNodeServiceEnvironment({
env: { HOME: "/home/user", CLAWDBOT_GATEWAY_TOKEN: " legacy-token " },
});
expect(env.OPENCLAW_GATEWAY_TOKEN).toBe("legacy-token");
});
it("prefers OPENCLAW_GATEWAY_TOKEN over legacy CLAWDBOT_GATEWAY_TOKEN", () => {
const env = buildNodeServiceEnvironment({
env: {
HOME: "/home/user",
OPENCLAW_GATEWAY_TOKEN: "openclaw-token",
CLAWDBOT_GATEWAY_TOKEN: "legacy-token",
},
});
expect(env.OPENCLAW_GATEWAY_TOKEN).toBe("openclaw-token");
});
it("omits OPENCLAW_GATEWAY_TOKEN when both token env vars are empty", () => {
it("omits OPENCLAW_GATEWAY_TOKEN when the env var is empty", () => {
const env = buildNodeServiceEnvironment({
env: {
HOME: "/home/user",
OPENCLAW_GATEWAY_TOKEN: " ",
CLAWDBOT_GATEWAY_TOKEN: " ",
},
});
expect(env.OPENCLAW_GATEWAY_TOKEN).toBeUndefined();

3
src/daemon/service-env.ts
View File

@ -296,8 +296,7 @@ export function buildNodeServiceEnvironment(params: {
extraPathDirs,
params.execPath,
);
const gatewayToken =
env.OPENCLAW_GATEWAY_TOKEN?.trim() || env.CLAWDBOT_GATEWAY_TOKEN?.trim() || undefined;
const gatewayToken = env.OPENCLAW_GATEWAY_TOKEN?.trim() || undefined;
return {
...buildCommonServiceEnvironment(env, sharedEnv),
OPENCLAW_GATEWAY_TOKEN: gatewayToken,

17
src/gateway/auth.test.ts
View File

@ -104,23 +104,6 @@ describe("gateway auth", () => {
});
});
it("does not resolve legacy CLAWDBOT gateway env vars", () => {
expect(
resolveGatewayAuth({
authConfig: {},
env: {
CLAWDBOT_GATEWAY_TOKEN: "legacy-token",
CLAWDBOT_GATEWAY_PASSWORD: "legacy-password",
} as NodeJS.ProcessEnv,
}),
).toMatchObject({
mode: "token",
modeSource: "default",
token: undefined,
password: undefined,
});
});
it("keeps gateway auth config values ahead of env overrides", () => {
expect(
resolveGatewayAuth({

1
src/gateway/auth.ts
View File

@ -241,7 +241,6 @@ export function resolveGatewayAuth(params: {
configToken: tokenRef ? undefined : authConfig.token,
configPassword: passwordRef ? undefined : authConfig.password,
env,
includeLegacyEnv: false,
tokenPrecedence: "config-first",
passwordPrecedence: "config-first", // pragma: allowlist secret
});

8
src/gateway/call.test.ts
View File

@ -114,7 +114,6 @@ describe("callGateway url resolution", () => {
"OPENCLAW_ALLOW_INSECURE_PRIVATE_WS",
"OPENCLAW_GATEWAY_URL",
"OPENCLAW_GATEWAY_TOKEN",
"CLAWDBOT_GATEWAY_TOKEN",
]);
beforeEach(() => {
@ -122,7 +121,6 @@ describe("callGateway url resolution", () => {
delete process.env.OPENCLAW_ALLOW_INSECURE_PRIVATE_WS;
delete process.env.OPENCLAW_GATEWAY_URL;
delete process.env.OPENCLAW_GATEWAY_TOKEN;
delete process.env.CLAWDBOT_GATEWAY_TOKEN;
resetGatewayCallMocks();
});
@ -638,19 +636,13 @@ describe("callGateway url override auth requirements", () => {
beforeEach(() => {
envSnapshot = captureEnv([
"OPENCLAW_GATEWAY_TOKEN",
"CLAWDBOT_GATEWAY_TOKEN",
"OPENCLAW_GATEWAY_PASSWORD",
"CLAWDBOT_GATEWAY_PASSWORD",
"OPENCLAW_GATEWAY_URL",
"CLAWDBOT_GATEWAY_URL",
]);
resetGatewayCallMocks();
delete process.env.OPENCLAW_GATEWAY_TOKEN;
delete process.env.CLAWDBOT_GATEWAY_TOKEN;
delete process.env.OPENCLAW_GATEWAY_PASSWORD;
delete process.env.CLAWDBOT_GATEWAY_PASSWORD;
delete process.env.OPENCLAW_GATEWAY_URL;
delete process.env.CLAWDBOT_GATEWAY_URL;
setGatewayNetworkDefaults(18789);
});

10
src/gateway/call.ts
View File

@ -172,8 +172,7 @@ export function buildGatewayConnectionDetails(
: undefined;
const envUrlOverride = cliUrlOverride
? undefined
: (trimToUndefined(process.env.OPENCLAW_GATEWAY_URL) ??
trimToUndefined(process.env.CLAWDBOT_GATEWAY_URL));
: trimToUndefined(process.env.OPENCLAW_GATEWAY_URL);
const urlOverride = cliUrlOverride ?? envUrlOverride;
const remoteUrl =
typeof remote?.url === "string" && remote.url.trim().length > 0 ? remote.url.trim() : undefined;
@ -255,7 +254,6 @@ type ResolvedGatewayCallContext = {
remoteUrl?: string;
explicitAuth: ExplicitGatewayAuth;
modeOverride?: GatewayCredentialMode;
includeLegacyEnv?: boolean;
localTokenPrecedence?: GatewayCredentialPrecedence;
localPasswordPrecedence?: GatewayCredentialPrecedence;
remoteTokenPrecedence?: GatewayRemoteCredentialPrecedence;
@ -285,8 +283,7 @@ function resolveGatewayCallContext(opts: CallGatewayBaseOptions): ResolvedGatewa
const cliUrlOverride = trimToUndefined(opts.url);
const envUrlOverride = cliUrlOverride
? undefined
: (trimToUndefined(process.env.OPENCLAW_GATEWAY_URL) ??
trimToUndefined(process.env.CLAWDBOT_GATEWAY_URL));
: trimToUndefined(process.env.OPENCLAW_GATEWAY_URL);
const urlOverride = cliUrlOverride ?? envUrlOverride;
const urlOverrideSource = cliUrlOverride ? "cli" : envUrlOverride ? "env" : undefined;
const remoteUrl = trimToUndefined(remote?.url);
@ -423,7 +420,6 @@ function resolveGatewayCredentialsFromConfigOptions(params: {
urlOverride: context.urlOverride,
urlOverrideSource: context.urlOverrideSource,
modeOverride: context.modeOverride,
includeLegacyEnv: context.includeLegacyEnv,
localTokenPrecedence: context.localTokenPrecedence,
localPasswordPrecedence: context.localPasswordPrecedence,
remoteTokenPrecedence: context.remoteTokenPrecedence,
@ -666,7 +662,6 @@ export async function resolveGatewayCredentialsWithSecretInputs(params: {
urlOverrideSource?: "cli" | "env";
env?: NodeJS.ProcessEnv;
modeOverride?: GatewayCredentialMode;
includeLegacyEnv?: boolean;
localTokenPrecedence?: GatewayCredentialPrecedence;
localPasswordPrecedence?: GatewayCredentialPrecedence;
remoteTokenPrecedence?: GatewayRemoteCredentialPrecedence;
@ -698,7 +693,6 @@ export async function resolveGatewayCredentialsWithSecretInputs(params: {
: undefined,
explicitAuth: resolveExplicitGatewayAuth(params.explicitAuth),
modeOverride,
includeLegacyEnv: params.includeLegacyEnv,
localTokenPrecedence: params.localTokenPrecedence,
localPasswordPrecedence: params.localPasswordPrecedence,
remoteTokenPrecedence: params.remoteTokenPrecedence,

55
src/gateway/connection-auth.test.ts
View File

@ -66,14 +66,12 @@ async function expectFailClosedOnUnresolvedLocalAuth(config: OpenClawConfig, pat
resolveGatewayConnectionAuth({
config,
env: {} as NodeJS.ProcessEnv,
includeLegacyEnv: false,
}),
).rejects.toThrow(path);
expect(() =>
resolveGatewayConnectionAuthFromConfig({
cfg: config,
env: {} as NodeJS.ProcessEnv,
includeLegacyEnv: false,
}),
).toThrow(path);
}
@ -223,26 +221,6 @@ describe("resolveGatewayConnectionAuth", () => {
password: "remote-password", // pragma: allowlist secret
},
},
{
name: "includeLegacyEnv controls CLAWDBOT fallback",
cfg: cfg({
gateway: {
mode: "local",
auth: {},
},
}),
env: {
CLAWDBOT_GATEWAY_TOKEN: "legacy-token",
CLAWDBOT_GATEWAY_PASSWORD: "legacy-password", // pragma: allowlist secret
} as NodeJS.ProcessEnv,
options: {
includeLegacyEnv: true,
},
expected: {
token: "legacy-token",
password: "legacy-password", // pragma: allowlist secret
},
},
];
it.each(cases)("$name", async ({ cfg, env, options, expected }) => {
@ -260,30 +238,7 @@ describe("resolveGatewayConnectionAuth", () => {
expect(syncResolved).toEqual(expected);
});
it("can disable legacy env fallback", async () => {
const config = cfg({
gateway: {
mode: "local",
auth: {},
},
});
const env = {
CLAWDBOT_GATEWAY_TOKEN: "legacy-token",
CLAWDBOT_GATEWAY_PASSWORD: "legacy-password", // pragma: allowlist secret
} as NodeJS.ProcessEnv;
const resolved = await resolveGatewayConnectionAuth({
config,
env,
includeLegacyEnv: false,
});
expect(resolved).toEqual({
token: undefined,
password: undefined,
});
});
it("resolves local SecretRef token when legacy env is disabled", async () => {
it("resolves local SecretRef token when OPENCLAW env is absent", async () => {
const config = cfg({
gateway: {
mode: "local",
@ -298,14 +253,12 @@ describe("resolveGatewayConnectionAuth", () => {
},
});
const env = {
CLAWDBOT_GATEWAY_TOKEN: "legacy-token",
LOCAL_SECRET_TOKEN: "resolved-from-secretref", // pragma: allowlist secret
} as NodeJS.ProcessEnv;
const resolved = await resolveGatewayConnectionAuth({
config,
env,
includeLegacyEnv: false,
});
expect(resolved).toEqual({
token: "resolved-from-secretref",
@ -335,7 +288,6 @@ describe("resolveGatewayConnectionAuth", () => {
const resolved = await resolveGatewayConnectionAuth({
config,
env,
includeLegacyEnv: false,
localTokenPrecedence: "config-first",
});
expect(resolved).toEqual({
@ -367,7 +319,6 @@ describe("resolveGatewayConnectionAuth", () => {
const resolved = await resolveGatewayConnectionAuth({
config,
env,
includeLegacyEnv: false,
localPasswordPrecedence: "config-first", // pragma: allowlist secret
});
expect(resolved).toEqual({
@ -398,7 +349,6 @@ describe("resolveGatewayConnectionAuth", () => {
resolveGatewayConnectionAuth({
config,
env,
includeLegacyEnv: false,
localTokenPrecedence: "config-first",
}),
).rejects.toThrow("gateway.auth.token");
@ -406,7 +356,6 @@ describe("resolveGatewayConnectionAuth", () => {
resolveGatewayConnectionAuthFromConfig({
cfg: config,
env,
includeLegacyEnv: false,
localTokenPrecedence: "config-first",
}),
).toThrow("gateway.auth.token");
@ -435,7 +384,6 @@ describe("resolveGatewayConnectionAuth", () => {
resolveGatewayConnectionAuth({
config,
env,
includeLegacyEnv: false,
localPasswordPrecedence: "config-first", // pragma: allowlist secret
}),
).rejects.toThrow("gateway.auth.password");
@ -443,7 +391,6 @@ describe("resolveGatewayConnectionAuth", () => {
resolveGatewayConnectionAuthFromConfig({
cfg: config,
env,
includeLegacyEnv: false,
localPasswordPrecedence: "config-first", // pragma: allowlist secret
}),
).toThrow("gateway.auth.password");

2
src/gateway/connection-auth.ts
View File

@ -16,7 +16,6 @@ export type GatewayConnectionAuthOptions = {
urlOverride?: string;
urlOverrideSource?: "cli" | "env";
modeOverride?: GatewayCredentialMode;
includeLegacyEnv?: boolean;
localTokenPrecedence?: GatewayCredentialPrecedence;
localPasswordPrecedence?: GatewayCredentialPrecedence;
remoteTokenPrecedence?: GatewayRemoteCredentialPrecedence;
@ -35,7 +34,6 @@ function toGatewayCredentialOptions(
urlOverride: params.urlOverride,
urlOverrideSource: params.urlOverrideSource,
modeOverride: params.modeOverride,
includeLegacyEnv: params.includeLegacyEnv,
localTokenPrecedence: params.localTokenPrecedence,
localPasswordPrecedence: params.localPasswordPrecedence,
remoteTokenPrecedence: params.remoteTokenPrecedence,

57
src/gateway/credential-planner.ts
View File

@ -42,21 +42,6 @@ export type GatewayCredentialPlan = {
type GatewaySecretDefaults = NonNullable<OpenClawConfig["secrets"]>["defaults"];
function readGatewayEnv(
env: NodeJS.ProcessEnv,
names: readonly string[],
includeLegacyEnv: boolean,
): string | undefined {
const keys = includeLegacyEnv ? names : names.slice(0, 1);
for (const name of keys) {
const value = trimToUndefined(env[name]);
if (value) {
return value;
}
}
return undefined;
}
export function trimToUndefined(value: unknown): string | undefined {
if (typeof value !== "string") {
return undefined;
@ -80,40 +65,20 @@ export function trimCredentialToUndefined(value: unknown): string | undefined {
return trimmed;
}
export function readGatewayTokenEnv(
env: NodeJS.ProcessEnv = process.env,
includeLegacyEnv = true,
): string | undefined {
return readGatewayEnv(
env,
["OPENCLAW_GATEWAY_TOKEN", "CLAWDBOT_GATEWAY_TOKEN"],
includeLegacyEnv,
);
export function readGatewayTokenEnv(env: NodeJS.ProcessEnv = process.env): string | undefined {
return trimToUndefined(env.OPENCLAW_GATEWAY_TOKEN);
}
export function readGatewayPasswordEnv(
env: NodeJS.ProcessEnv = process.env,
includeLegacyEnv = true,
): string | undefined {
return readGatewayEnv(
env,
["OPENCLAW_GATEWAY_PASSWORD", "CLAWDBOT_GATEWAY_PASSWORD"],
includeLegacyEnv,
);
export function readGatewayPasswordEnv(env: NodeJS.ProcessEnv = process.env): string | undefined {
return trimToUndefined(env.OPENCLAW_GATEWAY_PASSWORD);
}
export function hasGatewayTokenEnvCandidate(
env: NodeJS.ProcessEnv = process.env,
includeLegacyEnv = true,
): boolean {
return Boolean(readGatewayTokenEnv(env, includeLegacyEnv));
export function hasGatewayTokenEnvCandidate(env: NodeJS.ProcessEnv = process.env): boolean {
return Boolean(readGatewayTokenEnv(env));
}
export function hasGatewayPasswordEnvCandidate(
env: NodeJS.ProcessEnv = process.env,
includeLegacyEnv = true,
): boolean {
return Boolean(readGatewayPasswordEnv(env, includeLegacyEnv));
export function hasGatewayPasswordEnvCandidate(env: NodeJS.ProcessEnv = process.env): boolean {
return Boolean(readGatewayPasswordEnv(env));
}
function resolveConfiguredGatewayCredentialInput(params: {
@ -137,17 +102,15 @@ function resolveConfiguredGatewayCredentialInput(params: {
export function createGatewayCredentialPlan(params: {
config: OpenClawConfig;
env?: NodeJS.ProcessEnv;
includeLegacyEnv?: boolean;
defaults?: GatewaySecretDefaults;
}): GatewayCredentialPlan {
const env = params.env ?? process.env;
const includeLegacyEnv = params.includeLegacyEnv ?? true;
const gateway = params.config.gateway;
const remote = gateway?.remote;
const defaults = params.defaults ?? params.config.secrets?.defaults;
const authMode = gateway?.auth?.mode;
const envToken = readGatewayTokenEnv(env, includeLegacyEnv);
const envPassword = readGatewayPasswordEnv(env, includeLegacyEnv);
const envToken = readGatewayTokenEnv(env);
const envPassword = readGatewayPasswordEnv(env);
const localToken = resolveConfiguredGatewayCredentialInput({
value: gateway?.auth?.token,

21
src/gateway/credential-precedence.parity.test.ts
View File

@ -42,8 +42,6 @@ function withGatewayAuthEnv<T>(env: NodeJS.ProcessEnv, fn: () => T): T {
"OPENCLAW_GATEWAY_TOKEN",
"OPENCLAW_GATEWAY_PASSWORD",
"OPENCLAW_SERVICE_KIND",
"CLAWDBOT_GATEWAY_TOKEN",
"CLAWDBOT_GATEWAY_PASSWORD",
] as const;
const previous = new Map<string, string | undefined>();
for (const key of keys) {
@ -120,25 +118,6 @@ describe("gateway credential precedence coverage", () => {
auth: { token: "local-token", password: "local-password" }, // pragma: allowlist secret
},
},
{
name: "legacy env vars are ignored by probe/status/auth but still supported for call path",
cfg: {
gateway: {
mode: "local",
auth: {},
},
} as OpenClawConfig,
env: {
CLAWDBOT_GATEWAY_TOKEN: "legacy-token", // pragma: allowlist secret
CLAWDBOT_GATEWAY_PASSWORD: "legacy-password", // pragma: allowlist secret
} as NodeJS.ProcessEnv,
expected: {
call: { token: "legacy-token", password: "legacy-password" }, // pragma: allowlist secret
probe: { token: undefined, password: undefined },
status: { token: undefined, password: undefined },
auth: { token: undefined, password: undefined },
},
},
{
name: "local mode in gateway service runtime uses config-first token precedence",
cfg: {

28
src/gateway/credentials.test.ts
View File

@ -67,7 +67,6 @@ function resolveLocalModeWithUnresolvedPassword(mode: "none" | "trusted-proxy")
},
} as unknown as OpenClawConfig,
env: {} as NodeJS.ProcessEnv,
includeLegacyEnv: false,
});
}
@ -103,7 +102,6 @@ function expectUnresolvedLocalAuthSecretRefFailure(params: {
},
} as unknown as OpenClawConfig,
env: {} as NodeJS.ProcessEnv,
includeLegacyEnv: false,
}),
).toThrow(params.errorPath);
}
@ -187,7 +185,6 @@ describe("resolveGatewayCredentialsFromConfig", () => {
},
}),
env: {} as NodeJS.ProcessEnv,
includeLegacyEnv: false,
});
expect(resolved).toEqual({
token: "remote-token",
@ -235,7 +232,6 @@ describe("resolveGatewayCredentialsFromConfig", () => {
env: {
OPENCLAW_GATEWAY_TOKEN: "env-token",
} as NodeJS.ProcessEnv,
includeLegacyEnv: false,
});
expect(resolved).toEqual({
@ -257,7 +253,6 @@ describe("resolveGatewayCredentialsFromConfig", () => {
},
}),
env: {} as NodeJS.ProcessEnv,
includeLegacyEnv: false,
}),
).toThrow("gateway.auth.token");
});
@ -306,7 +301,6 @@ describe("resolveGatewayCredentialsFromConfig", () => {
},
}),
env: {} as NodeJS.ProcessEnv,
includeLegacyEnv: false,
});
expect(resolved).toEqual({
token: "local-token",
@ -405,7 +399,6 @@ describe("resolveGatewayCredentialsFromConfig", () => {
},
} as unknown as OpenClawConfig,
env: {} as NodeJS.ProcessEnv,
includeLegacyEnv: false,
remoteTokenFallback: "remote-only",
}),
).toThrow("gateway.remote.token");
@ -435,7 +428,6 @@ describe("resolveGatewayCredentialsFromConfig", () => {
const resolved = resolveGatewayCredentialsFromConfig({
cfg: createRemoteConfigWithMissingLocalTokenRef(),
env: {} as NodeJS.ProcessEnv,
includeLegacyEnv: false,
remoteTokenFallback: "remote-only",
remotePasswordFallback: "remote-only", // pragma: allowlist secret
});
@ -450,7 +442,6 @@ describe("resolveGatewayCredentialsFromConfig", () => {
resolveGatewayCredentialsFromConfig({
cfg: createRemoteConfigWithMissingLocalTokenRef(),
env: {} as NodeJS.ProcessEnv,
includeLegacyEnv: false,
remoteTokenFallback: "remote-env-local",
remotePasswordFallback: "remote-only", // pragma: allowlist secret
}),
@ -476,7 +467,6 @@ describe("resolveGatewayCredentialsFromConfig", () => {
},
} as unknown as OpenClawConfig,
env: {} as NodeJS.ProcessEnv,
includeLegacyEnv: false,
});
expect(resolved).toEqual({
token: undefined,
@ -503,27 +493,10 @@ describe("resolveGatewayCredentialsFromConfig", () => {
},
} as unknown as OpenClawConfig,
env: {} as NodeJS.ProcessEnv,
includeLegacyEnv: false,
remotePasswordFallback: "remote-only", // pragma: allowlist secret
}),
).toThrow("gateway.remote.password");
});
it("can disable legacy CLAWDBOT env fallback", () => {
const resolved = resolveGatewayCredentialsFromConfig({
cfg: cfg({
gateway: {
mode: "local",
},
}),
env: {
CLAWDBOT_GATEWAY_TOKEN: "legacy-token",
CLAWDBOT_GATEWAY_PASSWORD: "legacy-password", // pragma: allowlist secret
} as NodeJS.ProcessEnv,
includeLegacyEnv: false,
});
expect(resolved).toEqual({ token: undefined, password: undefined });
});
});
describe("resolveGatewayCredentialsFromValues", () => {
@ -535,7 +508,6 @@ describe("resolveGatewayCredentialsFromValues", () => {
OPENCLAW_GATEWAY_TOKEN: "env-token",
OPENCLAW_GATEWAY_PASSWORD: "env-password", // pragma: allowlist secret
} as NodeJS.ProcessEnv,
includeLegacyEnv: false,
tokenPrecedence: "config-first",
passwordPrecedence: "config-first", // pragma: allowlist secret
});

14
src/gateway/credentials.ts
View File

@ -80,14 +80,12 @@ export function resolveGatewayCredentialsFromValues(params: {
configToken?: unknown;
configPassword?: unknown;
env?: NodeJS.ProcessEnv;
includeLegacyEnv?: boolean;
tokenPrecedence?: GatewayCredentialPrecedence;
passwordPrecedence?: GatewayCredentialPrecedence;
}): ResolvedGatewayCredentials {
const env = params.env ?? process.env;
const includeLegacyEnv = params.includeLegacyEnv ?? true;
const envToken = readGatewayTokenEnv(env, includeLegacyEnv);
const envPassword = readGatewayPasswordEnv(env, includeLegacyEnv);
const envToken = readGatewayTokenEnv(env);
const envPassword = readGatewayPasswordEnv(env);
const configToken = trimCredentialToUndefined(params.configToken);
const configPassword = trimCredentialToUndefined(params.configPassword);
const tokenPrecedence = params.tokenPrecedence ?? "env-first";
@ -108,7 +106,6 @@ export function resolveGatewayCredentialsFromValues(params: {
function resolveLocalGatewayCredentials(params: {
plan: GatewayCredentialPlan;
env: NodeJS.ProcessEnv;
includeLegacyEnv: boolean;
localTokenPrecedence: GatewayCredentialPrecedence;
localPasswordPrecedence: GatewayCredentialPrecedence;
}): ResolvedGatewayCredentials {
@ -122,7 +119,6 @@ function resolveLocalGatewayCredentials(params: {
configToken: fallbackToken,
configPassword: fallbackPassword,
env: params.env,
includeLegacyEnv: params.includeLegacyEnv,
tokenPrecedence: params.localTokenPrecedence,
passwordPrecedence: params.localPasswordPrecedence,
});
@ -257,7 +253,6 @@ export function resolveGatewayCredentialsFromConfig(params: {
urlOverride?: string;
urlOverrideSource?: "cli" | "env";
modeOverride?: GatewayCredentialMode;
includeLegacyEnv?: boolean;
localTokenPrecedence?: GatewayCredentialPrecedence;
localPasswordPrecedence?: GatewayCredentialPrecedence;
remoteTokenPrecedence?: GatewayRemoteCredentialPrecedence;
@ -266,7 +261,6 @@ export function resolveGatewayCredentialsFromConfig(params: {
remotePasswordFallback?: GatewayRemoteCredentialFallback;
}): ResolvedGatewayCredentials {
const env = params.env ?? process.env;
const includeLegacyEnv = params.includeLegacyEnv ?? true;
const explicitToken = trimToUndefined(params.explicitAuth?.token);
const explicitPassword = trimToUndefined(params.explicitAuth?.password);
if (explicitToken || explicitPassword) {
@ -280,7 +274,6 @@ export function resolveGatewayCredentialsFromConfig(params: {
configToken: undefined,
configPassword: undefined,
env,
includeLegacyEnv,
tokenPrecedence: "env-first",
passwordPrecedence: "env-first", // pragma: allowlist secret
});
@ -289,7 +282,6 @@ export function resolveGatewayCredentialsFromConfig(params: {
const plan = createGatewayCredentialPlan({
config: params.cfg,
env,
includeLegacyEnv,
});
const mode: GatewayCredentialMode = params.modeOverride ?? plan.configuredMode;
@ -302,7 +294,6 @@ export function resolveGatewayCredentialsFromConfig(params: {
return resolveLocalGatewayCredentials({
plan,
env,
includeLegacyEnv,
localTokenPrecedence,
localPasswordPrecedence,
});
@ -333,7 +324,6 @@ export function resolveGatewayProbeCredentialsFromConfig(params: {
env: params.env,
explicitAuth: params.explicitAuth,
modeOverride: params.mode,
includeLegacyEnv: false,
remoteTokenFallback: "remote-only",
});
}

2
src/gateway/probe-auth.ts
View File

@ -19,7 +19,6 @@ function buildGatewayProbeCredentialPolicy(params: {
explicitAuth: params.explicitAuth,
modeOverride: params.mode,
mode: params.mode,
includeLegacyEnv: false,
remoteTokenFallback: "remote-only" as const,
};
}
@ -45,7 +44,6 @@ export async function resolveGatewayProbeAuthWithSecretInputs(params: {
env: policy.env,
explicitAuth: policy.explicitAuth,
modeOverride: policy.modeOverride,
includeLegacyEnv: policy.includeLegacyEnv,
remoteTokenFallback: policy.remoteTokenFallback,
});
}

5
src/infra/bonjour.ts
View File

@ -121,10 +121,7 @@ export async function startGatewayBonjourAdvertiser(
// mDNS service instance names are single DNS labels; dots in hostnames (like
// `Mac.localdomain`) can confuse some resolvers/browsers and break discovery.
// Keep only the first label and normalize away a trailing `.local`.
const hostnameRaw =
process.env.OPENCLAW_MDNS_HOSTNAME?.trim() ||
process.env.CLAWDBOT_MDNS_HOSTNAME?.trim() ||
"openclaw";
const hostnameRaw = process.env.OPENCLAW_MDNS_HOSTNAME?.trim() || "openclaw";
const hostname =
hostnameRaw
.replace(/\.local$/i, "")

1
src/node-host/runner.ts
View File

@ -119,7 +119,6 @@ export async function resolveNodeHostGatewayCredentials(params: {
return await resolveGatewayConnectionAuth({
config: configForResolution,
env: params.env,
includeLegacyEnv: false,
localTokenPrecedence: "env-first",
localPasswordPrecedence: "env-first", // pragma: allowlist secret
remoteTokenPrecedence: "env-first",

3
src/pairing/setup-code.test.ts
View File

@ -72,11 +72,8 @@ describe("pairing setup code", () => {
beforeEach(() => {
vi.resetModules();
vi.stubEnv("OPENCLAW_GATEWAY_TOKEN", "");
vi.stubEnv("CLAWDBOT_GATEWAY_TOKEN", "");
vi.stubEnv("OPENCLAW_GATEWAY_PASSWORD", "");
vi.stubEnv("CLAWDBOT_GATEWAY_PASSWORD", "");
vi.stubEnv("OPENCLAW_GATEWAY_PORT", "");
vi.stubEnv("CLAWDBOT_GATEWAY_PORT", "");
});
beforeEach(async () => {

10
src/pairing/setup-code.ts
View File

@ -143,13 +143,11 @@ function pickTailnetIPv4(
}
function resolveGatewayTokenFromEnv(env: NodeJS.ProcessEnv): string | undefined {
return env.OPENCLAW_GATEWAY_TOKEN?.trim() || env.CLAWDBOT_GATEWAY_TOKEN?.trim() || undefined;
return env.OPENCLAW_GATEWAY_TOKEN?.trim() || undefined;
}
function resolveGatewayPasswordFromEnv(env: NodeJS.ProcessEnv): string | undefined {
return (
env.OPENCLAW_GATEWAY_PASSWORD?.trim() || env.CLAWDBOT_GATEWAY_PASSWORD?.trim() || undefined
);
return env.OPENCLAW_GATEWAY_PASSWORD?.trim() || undefined;
}
function resolvePairingSetupAuthLabel(
@ -208,9 +206,7 @@ async function resolveGatewayTokenSecretRef(
return cfg;
}
if (mode !== "token") {
const hasPasswordEnvCandidate = Boolean(
env.OPENCLAW_GATEWAY_PASSWORD?.trim() || env.CLAWDBOT_GATEWAY_PASSWORD?.trim(),
);
const hasPasswordEnvCandidate = Boolean(env.OPENCLAW_GATEWAY_PASSWORD?.trim());
if (hasPasswordEnvCandidate) {
return cfg;
}

2
src/plugins/discovery.test.ts
View File

@ -36,7 +36,6 @@ function hasDiagnosticSourceSuffix(
function buildDiscoveryEnv(stateDir: string): NodeJS.ProcessEnv {
return {
OPENCLAW_STATE_DIR: stateDir,
CLAWDBOT_STATE_DIR: undefined,
OPENCLAW_HOME: undefined,
OPENCLAW_BUNDLED_PLUGINS_DIR: "/nonexistent/bundled/plugins",
};
@ -536,7 +535,6 @@ describe("discoverOpenClawPlugins", () => {
env: {
...process.env,
OPENCLAW_STATE_DIR: stateDir,
CLAWDBOT_STATE_DIR: undefined,
OPENCLAW_BUNDLED_PLUGINS_DIR: bundledDir,
},
});

9
src/plugins/loader.test.ts
View File

@ -472,7 +472,6 @@ function createEnvResolvedPluginFixture(pluginId: string) {
OPENCLAW_HOME: openclawHome,
HOME: ignoredHome,
OPENCLAW_STATE_DIR: stateDir,
CLAWDBOT_STATE_DIR: undefined,
OPENCLAW_BUNDLED_PLUGINS_DIR: "/nonexistent/bundled/plugins",
};
return { plugin, env };
@ -1298,7 +1297,6 @@ module.exports = { id: "skipped-scoped-only", register() { throw new Error("skip
OPENCLAW_HOME: openclawHome,
HOME: ignoredHome,
OPENCLAW_STATE_DIR: stateDir,
CLAWDBOT_STATE_DIR: undefined,
OPENCLAW_BUNDLED_PLUGINS_DIR: "/nonexistent/bundled/plugins",
},
}),
@ -1310,7 +1308,6 @@ module.exports = { id: "skipped-scoped-only", register() { throw new Error("skip
OPENCLAW_HOME: secondHome,
HOME: ignoredHome,
OPENCLAW_STATE_DIR: stateDir,
CLAWDBOT_STATE_DIR: undefined,
OPENCLAW_BUNDLED_PLUGINS_DIR: "/nonexistent/bundled/plugins",
},
}),
@ -2593,7 +2590,7 @@ module.exports = {
process.env.OPENCLAW_BUNDLED_PLUGINS_DIR = bundledDir;
const stateDir = makeTempDir();
return withEnv({ OPENCLAW_STATE_DIR: stateDir, CLAWDBOT_STATE_DIR: undefined }, () => {
return withEnv({ OPENCLAW_STATE_DIR: stateDir }, () => {
const globalDir = path.join(stateDir, "extensions", "feishu");
mkdirSafe(globalDir);
writePlugin({
@ -2635,7 +2632,7 @@ module.exports = {
process.env.OPENCLAW_BUNDLED_PLUGINS_DIR = bundledDir;
const stateDir = makeTempDir();
return withEnv({ OPENCLAW_STATE_DIR: stateDir, CLAWDBOT_STATE_DIR: undefined }, () => {
return withEnv({ OPENCLAW_STATE_DIR: stateDir }, () => {
const globalDir = path.join(stateDir, "extensions", "zalouser");
mkdirSafe(globalDir);
writePlugin({
@ -2934,7 +2931,7 @@ module.exports = {
label: "warns when loaded non-bundled plugin has no install/load-path provenance",
loadRegistry: () => {
const stateDir = makeTempDir();
return withEnv({ OPENCLAW_STATE_DIR: stateDir, CLAWDBOT_STATE_DIR: undefined }, () => {
return withEnv({ OPENCLAW_STATE_DIR: stateDir }, () => {
const globalDir = path.join(stateDir, "extensions", "rogue");
mkdirSafe(globalDir);
writePlugin({

1
src/plugins/provider-wizard.ts
View File

@ -87,7 +87,6 @@ function buildProviderWizardCacheKey(params: {
OPENCLAW_PLUGIN_MANIFEST_CACHE_MS: params.env.OPENCLAW_PLUGIN_MANIFEST_CACHE_MS ?? "",
OPENCLAW_HOME: params.env.OPENCLAW_HOME ?? "",
OPENCLAW_STATE_DIR: params.env.OPENCLAW_STATE_DIR ?? "",
CLAWDBOT_STATE_DIR: params.env.CLAWDBOT_STATE_DIR ?? "",
OPENCLAW_CONFIG_PATH: params.env.OPENCLAW_CONFIG_PATH ?? "",
HOME: params.env.HOME ?? "",
USERPROFILE: params.env.USERPROFILE ?? "",

1
src/plugins/web-search-providers.runtime.ts
View File

@ -89,7 +89,6 @@ function buildWebSearchSnapshotCacheKey(params: {
OPENCLAW_PLUGIN_MANIFEST_CACHE_MS: params.env.OPENCLAW_PLUGIN_MANIFEST_CACHE_MS ?? "",
OPENCLAW_HOME: params.env.OPENCLAW_HOME ?? "",
OPENCLAW_STATE_DIR: params.env.OPENCLAW_STATE_DIR ?? "",
CLAWDBOT_STATE_DIR: params.env.CLAWDBOT_STATE_DIR ?? "",
OPENCLAW_CONFIG_PATH: params.env.OPENCLAW_CONFIG_PATH ?? "",
HOME: params.env.HOME ?? "",
USERPROFILE: params.env.USERPROFILE ?? "",

1
src/secrets/runtime-gateway-auth-surfaces.ts
View File

@ -96,7 +96,6 @@ export function evaluateGatewayAuthSurfaceStates(params: {
const plan = createGatewayCredentialPlan({
config: params.config,
env: params.env,
includeLegacyEnv: true,
defaults: params.defaults,
});

2
src/secrets/runtime.ts
View File

@ -50,9 +50,7 @@ const RUNTIME_PATH_ENV_KEYS = [
"HOMEPATH",
"OPENCLAW_HOME",
"OPENCLAW_STATE_DIR",
"CLAWDBOT_STATE_DIR",
"OPENCLAW_CONFIG_PATH",
"CLAWDBOT_CONFIG_PATH",
"OPENCLAW_AGENT_DIR",
"PI_CODING_AGENT_DIR",
"OPENCLAW_TEST_FAST",

9
src/security/audit.ts
View File

@ -387,11 +387,8 @@ function collectGatewayConfigFindings(
: [];
const hasToken = typeof auth.token === "string" && auth.token.trim().length > 0;
const hasPassword = typeof auth.password === "string" && auth.password.trim().length > 0;
const envTokenConfigured =
hasNonEmptyString(env.OPENCLAW_GATEWAY_TOKEN) || hasNonEmptyString(env.CLAWDBOT_GATEWAY_TOKEN);
const envPasswordConfigured =
hasNonEmptyString(env.OPENCLAW_GATEWAY_PASSWORD) ||
hasNonEmptyString(env.CLAWDBOT_GATEWAY_PASSWORD);
const envTokenConfigured = hasNonEmptyString(env.OPENCLAW_GATEWAY_TOKEN);
const envPasswordConfigured = hasNonEmptyString(env.OPENCLAW_GATEWAY_PASSWORD);
const tokenConfiguredFromConfig = hasConfiguredSecretInput(
sourceConfig.gateway?.auth?.token,
sourceConfig.secrets?.defaults,
@ -775,7 +772,6 @@ function collectBrowserControlFindings(
const tokenConfigured =
Boolean(browserAuth.token) ||
hasNonEmptyString(env.OPENCLAW_GATEWAY_TOKEN) ||
hasNonEmptyString(env.CLAWDBOT_GATEWAY_TOKEN) ||
hasConfiguredSecretInput(cfg.gateway?.auth?.token, cfg.secrets?.defaults);
const passwordCanWin =
explicitAuthMode === "password" ||
@ -787,7 +783,6 @@ function collectBrowserControlFindings(
Boolean(browserAuth.password) ||
(passwordCanWin &&
(hasNonEmptyString(env.OPENCLAW_GATEWAY_PASSWORD) ||
hasNonEmptyString(env.CLAWDBOT_GATEWAY_PASSWORD) ||
hasConfiguredSecretInput(cfg.gateway?.auth?.password, cfg.secrets?.defaults)));
if (!tokenConfigured && !passwordConfigured) {
findings.push({

27
src/test-helpers/state-dir-env.test.ts
View File

@ -10,19 +10,16 @@ import {
type EnvSnapshot = {
openclaw?: string;
legacy?: string;
};
function snapshotCurrentStateDirVars(): EnvSnapshot {
return {
openclaw: process.env.OPENCLAW_STATE_DIR,
legacy: process.env.CLAWDBOT_STATE_DIR,
};
}
function expectStateDirVars(snapshot: EnvSnapshot) {
expect(process.env.OPENCLAW_STATE_DIR).toBe(snapshot.openclaw);
expect(process.env.CLAWDBOT_STATE_DIR).toBe(snapshot.legacy);
}
async function expectPathMissing(filePath: string) {
@ -46,7 +43,6 @@ describe("state-dir-env helpers", () => {
setStateDirEnv("/tmp/openclaw-state-dir-test");
expect(process.env.OPENCLAW_STATE_DIR).toBe("/tmp/openclaw-state-dir-test");
expect(process.env.CLAWDBOT_STATE_DIR).toBeUndefined();
restoreStateDirEnv(snapshot);
expectStateDirVars(prev);
@ -61,7 +57,6 @@ describe("state-dir-env helpers", () => {
capturedTempRoot = tempRoot;
capturedStateDir = stateDir;
expect(process.env.OPENCLAW_STATE_DIR).toBe(stateDir);
expect(process.env.CLAWDBOT_STATE_DIR).toBeUndefined();
await fs.writeFile(path.join(stateDir, "probe.txt"), "ok", "utf8");
});
@ -83,26 +78,4 @@ describe("state-dir-env helpers", () => {
await expectStateDirEnvRestored({ prev, capturedStateDir, capturedTempRoot });
});
it("withStateDirEnv restores both env vars when legacy var was previously set", async () => {
const testSnapshot = snapshotStateDirEnv();
process.env.OPENCLAW_STATE_DIR = "/tmp/original-openclaw";
process.env.CLAWDBOT_STATE_DIR = "/tmp/original-legacy";
const prev = snapshotCurrentStateDirVars();
let capturedTempRoot = "";
let capturedStateDir = "";
try {
await withStateDirEnv("openclaw-state-dir-env-", async ({ tempRoot, stateDir }) => {
capturedTempRoot = tempRoot;
capturedStateDir = stateDir;
expect(process.env.OPENCLAW_STATE_DIR).toBe(stateDir);
expect(process.env.CLAWDBOT_STATE_DIR).toBeUndefined();
});
await expectStateDirEnvRestored({ prev, capturedStateDir, capturedTempRoot });
} finally {
restoreStateDirEnv(testSnapshot);
}
});
});

3
src/test-helpers/state-dir-env.ts
View File

@ -4,7 +4,7 @@ import path from "node:path";
import { captureEnv } from "../test-utils/env.js";
export function snapshotStateDirEnv() {
return captureEnv(["OPENCLAW_STATE_DIR", "CLAWDBOT_STATE_DIR"]);
return captureEnv(["OPENCLAW_STATE_DIR"]);
}
export function restoreStateDirEnv(snapshot: ReturnType<typeof snapshotStateDirEnv>): void {
@ -13,7 +13,6 @@ export function restoreStateDirEnv(snapshot: ReturnType<typeof snapshotStateDirE
export function setStateDirEnv(stateDir: string): void {
process.env.OPENCLAW_STATE_DIR = stateDir;
delete process.env.CLAWDBOT_STATE_DIR;
}
export async function withStateDirEnv<T>(

2
src/test-utils/env.ts
View File

@ -36,7 +36,6 @@ const PATH_RESOLUTION_ENV_KEYS = [
"HOMEPATH",
"OPENCLAW_HOME",
"OPENCLAW_STATE_DIR",
"CLAWDBOT_STATE_DIR",
"OPENCLAW_BUNDLED_PLUGINS_DIR",
] as const;
@ -65,7 +64,6 @@ export function createPathResolutionEnv(
USERPROFILE: resolvedHome,
OPENCLAW_HOME: undefined,
OPENCLAW_STATE_DIR: undefined,
CLAWDBOT_STATE_DIR: undefined,
OPENCLAW_BUNDLED_PLUGINS_DIR: undefined,
};

2
src/tui/gateway-chat.test.ts
View File

@ -88,7 +88,6 @@ describe("resolveGatewayConnection", () => {
"OPENCLAW_GATEWAY_URL",
"OPENCLAW_GATEWAY_TOKEN",
"OPENCLAW_GATEWAY_PASSWORD",
"CLAWDBOT_GATEWAY_URL",
]);
loadConfig.mockClear();
resolveGatewayPort.mockClear();
@ -96,7 +95,6 @@ describe("resolveGatewayConnection", () => {
delete process.env.OPENCLAW_GATEWAY_URL;
delete process.env.OPENCLAW_GATEWAY_TOKEN;
delete process.env.OPENCLAW_GATEWAY_PASSWORD;
delete process.env.CLAWDBOT_GATEWAY_URL;
});
afterEach(() => {

2
src/utils.ts
View File

@ -286,7 +286,7 @@ export function resolveConfigDir(
env: NodeJS.ProcessEnv = process.env,
homedir: () => string = os.homedir,
): string {
const override = env.OPENCLAW_STATE_DIR?.trim() || env.CLAWDBOT_STATE_DIR?.trim();
const override = env.OPENCLAW_STATE_DIR?.trim();
if (override) {
return resolveUserPath(override, env, homedir);
}

5
src/wizard/setup.ts
View File

@ -306,7 +306,7 @@ export async function runSetupWizard(
const localPort = resolveGatewayPort(baseConfig);
const localUrl = `ws://127.0.0.1:${localPort}`;
let localGatewayToken = process.env.OPENCLAW_GATEWAY_TOKEN ?? process.env.CLAWDBOT_GATEWAY_TOKEN;
let localGatewayToken = process.env.OPENCLAW_GATEWAY_TOKEN;
try {
const resolvedGatewayToken = await resolveSetupSecretInputString({
config: baseConfig,
@ -326,8 +326,7 @@ export async function runSetupWizard(
"Gateway auth",
);
}
let localGatewayPassword =
process.env.OPENCLAW_GATEWAY_PASSWORD ?? process.env.CLAWDBOT_GATEWAY_PASSWORD;
let localGatewayPassword = process.env.OPENCLAW_GATEWAY_PASSWORD;
try {
const resolvedGatewayPassword = await resolveSetupSecretInputString({
config: baseConfig,