Update setup-hf-config.mjs

setup-hf-config.mjs

@@ -5,10 +5,14 @@ import https from "node:https";
 // ============================================================
 // OpenClaw HF Spaces - Production Config Writer
 //
+// Storage: HF Storage Bucket mounted at /data (100 GB persistent).
+// All data lives in /data/.openclaw/ and survives restarts natively.
+// No Dataset sync needed.
+//
 // Priority order for base config:
-//   1. ~/.openclaw/openclaw.json exists (restored from Dataset) -> PATCH only
-//   2. /app/openclaw-template.json exists (from Space repo)    -> use as base
-//   3. neither                                                  -> write minimal fresh
+//   1. /data/.openclaw/openclaw.json exists (bucket, persistent) -> PATCH only
+//   2. /app/openclaw-template.json exists (from Space repo)      -> use as base
+//   3. neither                                                    -> write minimal fresh
 //
 // What ALWAYS gets patched (from env vars):
 //   gateway.auth          <- OPENCLAW_GATEWAY_TOKEN
@@ -26,244 +30,267 @@ var WORKSPACE   = path.join(STATE_DIR, "workspace");
 var SPACE_HOST  = (process.env.SPACE_HOST || "").trim();
 var TEMPLATE    = "/app/openclaw-template.json";
 
-console.log("[setup] Starting… HOME=" + HOME);
+console.log("[setup] Starting... HOME=" + HOME);
 
 function parseList(val) {
-if (!val || !val.trim()) return [];
-return val.split(",").map(function(s) { return s.trim(); }).filter(Boolean);
+  if (!val || !val.trim()) return [];
+  return val.split(",").map(function(s) { return s.trim(); }).filter(Boolean);
 }
 function envStr(key) { return (process.env[key] || "").trim(); }
 
-// –– auth –––––––––––––––––––––––––
+// -- auth ---------------------------------------------------------
 var gatewayToken    = envStr("OPENCLAW_GATEWAY_TOKEN");
 var gatewayPassword = envStr("OPENCLAW_GATEWAY_PASSWORD");
 if (!gatewayToken && !gatewayPassword) {
-console.error("[setup] FATAL: set OPENCLAW_GATEWAY_TOKEN in Secrets");
-process.exit(0);
+  console.error("[setup] FATAL: set OPENCLAW_GATEWAY_TOKEN in Secrets");
+  process.exit(0);
 }
 
-// –– model ———————————————––
+// -- model --------------------------------------------------------
 var defaultModel = envStr("OPENCLAW_HF_DEFAULT_MODEL") || "google/gemini-2.0-flash";
 
-// –– provider keys —————————————–
+// -- provider keys ------------------------------------------------
 var EXCLUDE_PREFIXES = [
-"OPENCLAW_", "SPACE_", "SYSTEM_", "HF_",
-"NODE_", "PATH", "HOME", "USER", "PWD", "LANG", "LC_",
-"npm_", "HOSTNAME", "SHELL", "TERM", "SHLVL"
+  "OPENCLAW_", "SPACE_", "SYSTEM_", "HF_",
+  "NODE_", "PATH", "HOME", "USER", "PWD", "LANG", "LC_",
+  "npm_", "HOSTNAME", "SHELL", "TERM", "SHLVL"
 ];
 var INCLUDE_SUFFIXES = [
-"_API_KEY", "_SECRET_KEY", "_ACCESS_TOKEN",
-"_BOT_TOKEN", "_AUTH_TOKEN", "_APP_KEY"
+  "_API_KEY", "_SECRET_KEY", "_ACCESS_TOKEN",
+  "_BOT_TOKEN", "_AUTH_TOKEN", "_APP_KEY"
 ];
 function isProviderKey(k) {
-var i;
-for (i = 0; i < EXCLUDE_PREFIXES.length; i++) {
-if (k.indexOf(EXCLUDE_PREFIXES[i]) === 0) return false;
-}
-for (i = 0; i < INCLUDE_SUFFIXES.length; i++) {
-var s = INCLUDE_SUFFIXES[i];
-if (k.length > s.length && k.indexOf(s) === k.length - s.length) return true;
-}
-return false;
+  var i;
+  for (i = 0; i < EXCLUDE_PREFIXES.length; i++) {
+    if (k.indexOf(EXCLUDE_PREFIXES[i]) === 0) return false;
+  }
+  for (i = 0; i < INCLUDE_SUFFIXES.length; i++) {
+    var s = INCLUDE_SUFFIXES[i];
+    if (k.length > s.length && k.indexOf(s) === k.length - s.length) return true;
+  }
+  return false;
 }
 var providerKeys = Object.keys(process.env).filter(function(k) {
-return isProviderKey(k) && (process.env[k] || "").trim();
+  return isProviderKey(k) && (process.env[k] || "").trim();
 }).sort();
 
 console.log("[setup] Provider keys (" + providerKeys.length + "): " + providerKeys.join(", "));
 
-// –– trusted proxies —————————————
+// -- trusted proxies ----------------------------------------------
 var envProxies     = parseList(envStr("OPENCLAW_GATEWAY_TRUSTED_PROXIES"));
 var trustedProxies = envProxies.length > 0 ? envProxies : [
-"10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16",
-"10.16.0.0/12",   "10.20.0.0/12",
-"10.16.4.123",    "10.16.7.92",   "10.16.18.232",
-"10.16.34.155",   "10.16.43.133", "10.16.1.206",
-"10.16.37.110",   "10.16.43.246",
-"10.20.1.9",      "10.20.1.222",
-"10.20.26.157",   "10.20.31.87",
-"10.20.0.1",      "172.17.0.1",   "127.0.0.1"
+  "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16",
+  "10.16.0.0/12",   "10.20.0.0/12",
+  "10.16.4.123",    "10.16.7.92",   "10.16.18.232",
+  "10.16.34.155",   "10.16.43.133", "10.16.1.206",
+  "10.16.37.110",   "10.16.43.246",
+  "10.20.1.9",      "10.20.1.222",
+  "10.20.26.157",   "10.20.31.87",
+  "10.20.0.1",      "172.17.0.1",   "127.0.0.1"
 ];
 
-// –– helpers ———————————————–
+// -- helpers ------------------------------------------------------
 function buildAuth() {
-return gatewayToken
-? { mode: "token",    token:    gatewayToken    }
-: { mode: "password", password: gatewayPassword };
+  return gatewayToken
+    ? { mode: "token",    token:    gatewayToken    }
+    : { mode: "password", password: gatewayPassword };
 }
 function buildEnvVars() {
-var vars = {};
-providerKeys.forEach(function(pk) { vars[pk] = (process.env[pk] || "").trim(); });
-return vars;
+  var vars = {};
+  providerKeys.forEach(function(pk) { vars[pk] = (process.env[pk] || "").trim(); });
+  return vars;
 }
 
 // Patch model provider API keys from env vars
-// Maps provider name patterns to env var names
 var PROVIDER_KEY_MAP = {
-"openrouter":   "OPENROUTER_API_KEY",
-"siliconflow":  "SILICONFLOW_API_KEY",
-"deepseek":     "DEEPSEEK_API_KEY",
-"groq":         "GROQ_API_KEY",
-"google":       "GOOGLE_API_KEY",
-"gemini":       "GEMINI_API_KEY",
-"minimax":      "MINIMAX_API_KEY",
-"zai":          "ZAI_API_KEY",
-"github":       "GITHUB_MODELS_API_KEY",
-"openai":       "OPENAI_API_KEY",
-"anthropic":    "ANTHROPIC_API_KEY"
+  "openrouter":   "OPENROUTER_API_KEY",
+  "siliconflow":  "SILICONFLOW_API_KEY",
+  "deepseek":     "DEEPSEEK_API_KEY",
+  "groq":         "GROQ_API_KEY",
+  "google":       "GOOGLE_API_KEY",
+  "gemini":       "GEMINI_API_KEY",
+  "minimax":      "MINIMAX_API_KEY",
+  "zai":          "ZAI_API_KEY",
+  "github":       "GITHUB_MODELS_API_KEY",
+  "openai":       "OPENAI_API_KEY",
+  "anthropic":    "ANTHROPIC_API_KEY"
 };
 
 function patchProviderKeys(config) {
-if (!config.models || !config.models.providers) return;
-var providers = config.models.providers;
-Object.keys(providers).forEach(function(providerName) {
-var lower = providerName.toLowerCase();
-var envKey = PROVIDER_KEY_MAP[lower];
-if (envKey && process.env[envKey]) {
-providers[providerName].apiKey = process.env[envKey].trim();
-console.log("[setup] Provider key set: " + providerName + " <- " + envKey);
-} else {
-// Try to find a matching env var by provider name
-var found = providerKeys.find(function(k) {
-return k.toLowerCase().indexOf(lower) >= 0;
-});
-if (found) {
-providers[providerName].apiKey = process.env[found].trim();
-console.log("[setup] Provider key set: " + providerName + " <- " + found);
-} else if (providers[providerName].apiKey === "WILL_BE_SET_BY_ENV") {
-delete providers[providerName].apiKey;
-}
-}
-});
+  if (!config.models || !config.models.providers) return;
+  var providers = config.models.providers;
+  Object.keys(providers).forEach(function(providerName) {
+    var lower = providerName.toLowerCase();
+    var envKey = PROVIDER_KEY_MAP[lower];
+    if (envKey && process.env[envKey]) {
+      providers[providerName].apiKey = process.env[envKey].trim();
+      console.log("[setup] Provider key set: " + providerName + " <- " + envKey);
+    } else {
+      var found = providerKeys.find(function(k) {
+        return k.toLowerCase().indexOf(lower) >= 0;
+      });
+      if (found) {
+        providers[providerName].apiKey = process.env[found].trim();
+        console.log("[setup] Provider key set: " + providerName + " <- " + found);
+      } else if (providers[providerName].apiKey === "WILL_BE_SET_BY_ENV") {
+        delete providers[providerName].apiKey;
+      }
+    }
+  });
 }
 
-// –– Telegram –––––––––––––––––––––––
+// -- Telegram -----------------------------------------------------
 function tgRequest(token, method, body) {
-return new Promise(function(resolve) {
-var data = JSON.stringify(body || {});
-var req  = https.request({
-hostname: "api.telegram.org",
-path:     "/bot" + token + "/" + method,
-method:   "POST",
-headers:  { "Content-Type": "application/json", "Content-Length": Buffer.byteLength(data) }
-}, function(res) {
-var buf = "";
-res.on("data", function(c) { buf += c; });
-res.on("end",  function() { try { resolve(JSON.parse(buf)); } catch (e) { resolve(null); } });
-});
-req.on("error", function() { resolve(null); });
-req.setTimeout(8000, function() { req.destroy(); resolve(null); });
-req.write(data);
-req.end();
-});
+  return new Promise(function(resolve) {
+    var data = JSON.stringify(body || {});
+    var req  = https.request({
+      hostname: "api.telegram.org",
+      path:     "/bot" + token + "/" + method,
+      method:   "POST",
+      headers:  { "Content-Type": "application/json", "Content-Length": Buffer.byteLength(data) }
+    }, function(res) {
+      var buf = "";
+      res.on("data", function(c) { buf += c; });
+      res.on("end",  function() { try { resolve(JSON.parse(buf)); } catch (e) { resolve(null); } });
+    });
+    req.on("error", function() { resolve(null); });
+    req.setTimeout(8000, function() { req.destroy(); resolve(null); });
+    req.write(data);
+    req.end();
+  });
 }
 
 async function setupWebhook(token) {
-if (!SPACE_HOST) { console.log("[setup] Telegram: no SPACE_HOST for webhook"); return; }
-var url = "https://" + SPACE_HOST + "/tg-webhook";
-var r = await tgRequest(token, "setWebhook", {
-url: url, drop_pending_updates: true, max_connections: 10
-});
-if (r && r.ok) {
-console.log("[setup] Telegram: webhook -> " + url);
-} else {
-console.log("[setup] Telegram: webhook failed. Open in browser:");
-console.log("  https://api.telegram.org/bot" + token + "/setWebhook?url=" + url + "&drop_pending_updates=true");
+  if (!SPACE_HOST) { console.log("[setup] Telegram: no SPACE_HOST for webhook"); return; }
+  var url = "https://" + SPACE_HOST + "/tg-webhook";
+  var r = await tgRequest(token, "setWebhook", {
+    url: url, drop_pending_updates: true, max_connections: 10
+  });
+  if (r && r.ok) {
+    console.log("[setup] Telegram: webhook -> " + url);
+  } else {
+    console.log("[setup] Telegram: webhook failed. Open in browser:");
+    console.log("  https://api.telegram.org/bot" + token + "/setWebhook?url=" + url + "&drop_pending_updates=true");
+  }
 }
+
+// -- seed workspace files (first boot only) -----------------------
+function seedWorkspace() {
+  var soul = path.join(WORKSPACE, "SOUL.md");
+  if (!fs.existsSync(soul)) {
+    fs.writeFileSync(soul, [
+      "# Soul", "",
+      "You are a helpful, warm, concise AI assistant.", "",
+      "## Language", "",
+      "Default language: Simplified Chinese.",
+      "Always reply in Chinese unless the user writes in another language first.", "",
+      "## Tone", "",
+      "- Natural and friendly, not overly formal",
+      "- Concise and to the point"
+    ].join("\n") + "\n", "utf-8");
+    console.log("[setup] Seeded SOUL.md");
+  }
+  var mem = path.join(WORKSPACE, "MEMORY.md");
+  if (!fs.existsSync(mem)) {
+    fs.writeFileSync(mem, [
+      "# Long-term Memory", "",
+      "<!-- OpenClaw writes important facts here. -->"
+    ].join("\n") + "\n", "utf-8");
+    console.log("[setup] Seeded MEMORY.md");
+  }
 }
 
-// –– apply all env patches to a config object –––––––
+// -- apply all env patches to a config object ---------------------
 function applyEnvPatches(config, token) {
-// auth
-config.gateway             = config.gateway         || {};
-config.gateway.auth        = buildAuth();
-config.gateway.controlUi   = config.gateway.controlUi || {};
-config.gateway.controlUi.allowInsecureAuth                        = true;
-config.gateway.controlUi.allowedOrigins                           = ["*"];
-config.gateway.controlUi.dangerouslyDisableDeviceAuth             = true;
-config.gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback = true;
-if (!config.gateway.trustedProxies || config.gateway.trustedProxies.length < 5) {
-config.gateway.trustedProxies = trustedProxies;
-}
-// agents
-config.agents              = config.agents          || {};
-config.agents.defaults     = config.agents.defaults || {};
-config.agents.defaults.workspace = WORKSPACE;
-if (config.agents.defaults.model === "WILL_BE_SET_BY_ENV") {
-config.agents.defaults.model = defaultModel;
-}
-// env.vars
-config.env                 = config.env             || {};
-config.env.vars            = buildEnvVars();
-// model provider keys
-patchProviderKeys(config);
-// telegram
-if (token) {
-config.channels = config.channels || {};
-config.channels.telegram = config.channels.telegram || {};
-config.channels.telegram.enabled  = true;
-config.channels.telegram.accounts = config.channels.telegram.accounts || {};
-config.channels.telegram.accounts.main = {
-botToken: token,
-apiRoot:  "https://api.telegram.org"
-};
-}
-return config;
+  config.gateway             = config.gateway         || {};
+  config.gateway.auth        = buildAuth();
+  config.gateway.controlUi   = config.gateway.controlUi || {};
+  config.gateway.controlUi.allowInsecureAuth                        = true;
+  config.gateway.controlUi.allowedOrigins                           = ["*"];
+  config.gateway.controlUi.dangerouslyDisableDeviceAuth             = true;
+  config.gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback = true;
+  if (!config.gateway.trustedProxies || config.gateway.trustedProxies.length < 5) {
+    config.gateway.trustedProxies = trustedProxies;
+  }
+  config.agents              = config.agents          || {};
+  config.agents.defaults     = config.agents.defaults || {};
+  config.agents.defaults.workspace = WORKSPACE;
+  if (config.agents.defaults.model === "WILL_BE_SET_BY_ENV") {
+    config.agents.defaults.model = defaultModel;
+  }
+  config.env                 = config.env             || {};
+  config.env.vars            = buildEnvVars();
+  patchProviderKeys(config);
+  if (token) {
+    config.channels = config.channels || {};
+    config.channels.telegram = config.channels.telegram || {};
+    config.channels.telegram.enabled  = true;
+    config.channels.telegram.accounts = config.channels.telegram.accounts || {};
+    config.channels.telegram.accounts.main = {
+      botToken: token,
+      apiRoot:  "https://api.telegram.org"
+    };
+  }
+  return config;
 }
 
-// –– main –––––––––––––––––––––––––
+// -- main ---------------------------------------------------------
 (async function() {
-fs.mkdirSync(STATE_DIR, { recursive: true });
-fs.mkdirSync(WORKSPACE,  { recursive: true });
-fs.mkdirSync(path.join(WORKSPACE, "memory"), { recursive: true });
+  fs.mkdirSync(STATE_DIR, { recursive: true });
+  fs.mkdirSync(WORKSPACE,  { recursive: true });
+  fs.mkdirSync(path.join(WORKSPACE, "memory"), { recursive: true });
 
-var token = envStr("TELEGRAM_BOT_TOKEN");
-if (token) await setupWebhook(token);
-else console.log("[setup] Telegram: disabled (no TELEGRAM_BOT_TOKEN)");
+  // Seed workspace files on first boot (bucket persists them after that)
+  seedWorkspace();
 
-var config = null;
-var mode   = "";
+  var token = envStr("TELEGRAM_BOT_TOKEN");
+  if (token) await setupWebhook(token);
+  else console.log("[setup] Telegram: disabled (no TELEGRAM_BOT_TOKEN)");
 
-// Priority 1: existing config from Dataset restore
-if (fs.existsSync(CONFIG_PATH)) {
-try {
-config = JSON.parse(fs.readFileSync(CONFIG_PATH, "utf-8").trim());
-mode = "patch (restored from Dataset)";
-} catch (e) { config = null; }
-}
+  var config = null;
+  var mode   = "";
 
-// Priority 2: Space repo template
-if (!config && fs.existsSync(TEMPLATE)) {
-try {
-config = JSON.parse(fs.readFileSync(TEMPLATE, "utf-8").trim());
-mode = "template (from Space repo openclaw.json)";
-} catch (e) { config = null; }
-}
+  // Priority 1: existing config from bucket (persisted across restarts)
+  if (fs.existsSync(CONFIG_PATH)) {
+    try {
+      config = JSON.parse(fs.readFileSync(CONFIG_PATH, "utf-8").trim());
+      mode = "patch (restored from bucket)";
+    } catch (e) { config = null; }
+  }
 
-// Priority 3: minimal fresh config
-if (!config) {
-config = {
-gateway: {}, agents: { defaults: {} }, env: { vars: {} }
-};
-mode = "fresh (no template found)";
-}
+  // Priority 2: Space repo template
+  if (!config && fs.existsSync(TEMPLATE)) {
+    try {
+      config = JSON.parse(fs.readFileSync(TEMPLATE, "utf-8").trim());
+      mode = "template (from Space repo openclaw.json)";
+    } catch (e) { config = null; }
+  }
 
-config = applyEnvPatches(config, token);
+  // Priority 3: minimal fresh config
+  if (!config) {
+    config = {
+      gateway: {}, agents: { defaults: {} }, env: { vars: {} }
+    };
+    mode = "fresh (no template found)";
+  }
 
-if (fs.existsSync(CONFIG_PATH)) {
-fs.copyFileSync(CONFIG_PATH, CONFIG_PATH + ".bak");
-}
-fs.writeFileSync(CONFIG_PATH, JSON.stringify(config, null, 2), "utf-8");
+  config = applyEnvPatches(config, token);
+
+  if (fs.existsSync(CONFIG_PATH)) {
+    fs.copyFileSync(CONFIG_PATH, CONFIG_PATH + ".bak");
+  }
+  fs.writeFileSync(CONFIG_PATH, JSON.stringify(config, null, 2), "utf-8");
 
-console.log("[setup] Done. Mode: " + mode);
-console.log("[setup]   auth      = " + (gatewayToken ? "token" : "password"));
-console.log("[setup]   model     = " + (config.agents.defaults.model || defaultModel));
-console.log("[setup]   workspace = " + WORKSPACE);
-console.log("[setup]   proxies   = " + trustedProxies.length);
-console.log("[setup]   env.vars  = " + providerKeys.length);
-var provCount = config.models && config.models.providers ? Object.keys(config.models.providers).length : 0;
-console.log("[setup]   providers = " + provCount);
+  console.log("[setup] Done. Mode: " + mode);
+  console.log("[setup]   auth      = " + (gatewayToken ? "token" : "password"));
+  console.log("[setup]   model     = " + (config.agents.defaults.model || defaultModel));
+  console.log("[setup]   workspace = " + WORKSPACE);
+  console.log("[setup]   proxies   = " + trustedProxies.length);
+  console.log("[setup]   env.vars  = " + providerKeys.length);
+  var provCount = config.models && config.models.providers ? Object.keys(config.models.providers).length : 0;
+  console.log("[setup]   providers = " + provCount);
+  console.log("[setup]   storage   = bucket at /data (100 GB persistent)");
 })().catch(function(e) {
-console.error("[setup] Fatal: " + e.message);
-process.exit(0);
+  console.error("[setup] Fatal: " + e.message);
+  process.exit(0);
 });