Fix: 1008 Policy Violation (Origin) and update Token variable

Dockerfile

@@ -17,6 +17,8 @@ COPY sync_memory.py /app/sync_memory.py
 # Reset entrypoint to ensure we can run our shell command
 ENTRYPOINT []
 
-# Launch sync script in background, export the gateway token from our secret, then start Moltbot
-# We export both possible variable names to ensure the gateway picks up the WEB_UI_TOKEN secret.
-CMD ["/bin/sh", "-c", "python3 -u /app/sync_memory.py & export OPENCLAW_GATEWAY_TOKEN=$WEB_UI_TOKEN; export CLAWDBOT_GATEWAY_TOKEN=$WEB_UI_TOKEN; node dist/index.js gateway --port 7860 --bind lan --allow-unconfigured"]
+# Networking and Security Fixes:
+# 1. MOLTBOT_GATEWAY_TOKEN: Uses your WEB_UI_TOKEN secret for authentication.
+# 2. MOLTBOT_ALLOW_ORIGINS: Set to '*' to allow connections from the Hugging Face domain.
+# 3. BIND: Explicitly binding to 0.0.0.0 via '--bind lan' to allow external health checks.
+CMD ["/bin/sh", "-c", "python3 -u /app/sync_memory.py & export MOLTBOT_GATEWAY_TOKEN=$WEB_UI_TOKEN; export CLAWDBOT_GATEWAY_TOKEN=$WEB_UI_TOKEN; export OPENCLAW_GATEWAY_TOKEN=$WEB_UI_TOKEN; export MOLTBOT_ALLOW_ORIGINS='*'; node dist/index.js gateway --port 7860 --bind lan --allow-unconfigured"]