vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-03 22:50:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(gateway): unify credential precedence across entrypoints

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-22 18:54:58 +01:00
parent 98427453ba
commit 08431da5d5
15 changed files with 636 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
src/cli/daemon-cli/lifecycle-core.test.ts
View File

@@ -47,7 +47,14 @@ describe("runServiceRestart token drift", () => {
beforeEach(() => {
runtimeLogs.length = 0;
loadConfig.mockClear();
loadConfig.mockReset();
loadConfig.mockReturnValue({
gateway: {
auth: {
token: "config-token",
},
},
});
service.isLoaded.mockClear();
service.readCommand.mockClear();
service.restart.mockClear();
@@ -76,6 +83,32 @@ describe("runServiceRestart token drift", () => {
expect(payload.warnings?.[0]).toContain("gateway install --force");
});
it("uses env-first token precedence when checking drift", async () => {
loadConfig.mockReturnValue({
gateway: {
auth: {
token: "config-token",
},
},
});
service.readCommand.mockResolvedValue({
environment: { OPENCLAW_GATEWAY_TOKEN: "env-token" },
});
vi.stubEnv("OPENCLAW_GATEWAY_TOKEN", "env-token");
await runServiceRestart({
serviceNoun: "Gateway",
service,
renderStartHints: () => [],
opts: { json: true },
checkTokenDrift: true,
});
const jsonLine = runtimeLogs.find((line) => line.trim().startsWith("{"));
const payload = JSON.parse(jsonLine ?? "{}") as { warnings?: string[] };
expect(payload.warnings).toBeUndefined();
});
it("skips drift warning when disabled", async () => {
await runServiceRestart({
serviceNoun: "Node",

10
src/cli/daemon-cli/lifecycle-core.ts
View File

@@ -5,6 +5,7 @@ import { checkTokenDrift } from "../../daemon/service-audit.js";
import type { GatewayService } from "../../daemon/service.js";
import { renderSystemdUnavailableHints } from "../../daemon/systemd-hints.js";
import { isSystemdUserServiceAvailable } from "../../daemon/systemd.js";
import { resolveGatewayCredentialsFromConfig } from "../../gateway/credentials.js";
import { isWSL } from "../../infra/wsl.js";
import { defaultRuntime } from "../../runtime.js";
import {
@@ -280,10 +281,11 @@ export async function runServiceRestart(params: {
const command = await params.service.readCommand(process.env);
const serviceToken = command?.environment?.OPENCLAW_GATEWAY_TOKEN;
const cfg = loadConfig();
const configToken =
cfg.gateway?.auth?.token ||
process.env.OPENCLAW_GATEWAY_TOKEN ||
process.env.CLAWDBOT_GATEWAY_TOKEN;
const configToken = resolveGatewayCredentialsFromConfig({
cfg,
env: process.env,
modeOverride: "local",
}).token;
const driftIssue = checkTokenDrift({ serviceToken, configToken });
if (driftIssue) {
const warning = driftIssue.detail