Spaces:

Tonic
/

hugging-claw

Running

App Files Files Community

Update setup-hf-config.mjs

by ubix - opened Mar 3

base: refs/heads/main

←

from: refs/pr/2

Discussion Files changed

+126

-21

Files changed (1) hide show

setup-hf-config.mjs +126 -21

setup-hf-config.mjs CHANGED Viewed

@@ -2,11 +2,30 @@
 /**
  * One-time setup for OpenClaw on Hugging Face Spaces.
  * Runs at container startup; writes or merges openclaw.json from env (Secrets/Variables):
- * - agents.defaults.model.primary from OPENCLAW_HF_DEFAULT_MODEL (default: DeepSeek-R1).
- * - gateway.auth: OPENCLAW_GATEWAY_TOKEN (token) or OPENCLAW_GATEWAY_PASSWORD (password); token wins if both set.
- * - gateway.controlUi.dangerouslyDisableDeviceAuth when auth is set (no device pairing in Spaces).
- * - gateway.trustedProxies from OPENCLAW_GATEWAY_TRUSTED_PROXIES, or default HF proxy IPs so the UI works without extra config.
- * - gateway.controlUi.allowedOrigins from OPENCLAW_CONTROL_UI_ALLOWED_ORIGINS (comma-separated origins).
  * HF_TOKEN is read by the gateway at runtime; this script only writes the above into config.
  */
 import fs from "node:fs";
@@ -16,7 +35,7 @@ const home = process.env.OPENCLAW_HOME || process.env.HOME || "/home/user";
 const stateDir = path.join(home, ".openclaw");
 const configPath = path.join(stateDir, "openclaw.json");
-// Token: env var, or read from file if OPENCLAW_GATEWAY_TOKEN_FILE is set (for platforms that mount secrets as files)
 function readGatewayToken() {
   const fromEnv = process.env.OPENCLAW_GATEWAY_TOKEN?.trim();
   if (fromEnv) return fromEnv;
@@ -31,12 +50,34 @@ function readGatewayToken() {
   return "";
 }
-const defaultModel =
-  process.env.OPENCLAW_HF_DEFAULT_MODEL?.trim() || "huggingface/deepseek-ai/DeepSeek-R1";
-const gatewayToken = readGatewayToken();
 const gatewayPassword = process.env.OPENCLAW_GATEWAY_PASSWORD?.trim();
-// Trusted proxies: from env, or default HF Space proxy IPs so the Control UI works without setting OPENCLAW_GATEWAY_TRUSTED_PROXIES
 const DEFAULT_HF_TRUSTED_PROXY_IPS = [
   "10.16.4.123",
   "10.16.34.155",
@@ -50,72 +91,136 @@ const trustedProxies =
   trustedProxiesRaw && trustedProxiesRaw.length > 0
     ? trustedProxiesRaw.split(",").map((s) => s.trim()).filter(Boolean)
     : DEFAULT_HF_TRUSTED_PROXY_IPS;
-// Comma-separated origins allowed for Control UI/WebSocket (e.g. https://your-space.hf.space)
 const allowedOriginsRaw = process.env.OPENCLAW_CONTROL_UI_ALLOWED_ORIGINS?.trim();
 const allowedOrigins = allowedOriginsRaw
   ? allowedOriginsRaw.split(",").map((s) => s.trim()).filter(Boolean)
   : [];
 let config = {};
 if (fs.existsSync(configPath)) {
   try {
     config = JSON.parse(fs.readFileSync(configPath, "utf-8"));
   } catch {
-    // keep config empty
   }
 }
 if (!config.agents) config.agents = {};
 if (!config.agents.defaults) config.agents.defaults = {};
 if (!config.agents.defaults.model) config.agents.defaults.model = {};
 config.agents.defaults.model.primary = defaultModel;
-// Auth: token wins if both set; otherwise password
-const useTokenAuth = Boolean(gatewayToken);
 const usePasswordAuth = Boolean(gatewayPassword) && !useTokenAuth;
 if (useTokenAuth || usePasswordAuth) {
   if (!config.gateway) config.gateway = {};
   if (!config.gateway.auth) config.gateway.auth = {};
   if (useTokenAuth) {
-    config.gateway.auth.mode = "token";
     config.gateway.auth.token = gatewayToken;
   } else {
-    config.gateway.auth.mode = "password";
     config.gateway.auth.password = gatewayPassword;
   }
 }
-// So Control UI can connect with token/password only (no device pairing); Spaces have no CLI for approve.
 if (useTokenAuth || usePasswordAuth) {
   if (!config.gateway) config.gateway = {};
   if (!config.gateway.controlUi) config.gateway.controlUi = {};
   config.gateway.controlUi.dangerouslyDisableDeviceAuth = true;
 }
-// Always set trustedProxies (we have a default for HF so the Control UI works behind the HF proxy)
 if (!config.gateway) config.gateway = {};
 config.gateway.trustedProxies = trustedProxies;
 if (allowedOrigins.length > 0) {
-  if (!config.gateway) config.gateway = {};
   if (!config.gateway.controlUi) config.gateway.controlUi = {};
   config.gateway.controlUi.allowedOrigins = allowedOrigins;
 }
 fs.mkdirSync(stateDir, { recursive: true });
 fs.writeFileSync(configPath, JSON.stringify(config, null, 2), "utf-8");
-// Startup log: confirm env was applied (check token_present=1 and auth=token so the UI can connect)
 const authKind = useTokenAuth ? "token" : usePasswordAuth ? "password" : "none";
 const parts = [
   `token_present=${useTokenAuth ? "1" : "0"}`,
   `password_present=${usePasswordAuth ? "1" : "0"}`,
   `auth=${authKind}`,
   `trustedProxies=${trustedProxies.length}`,
   `allowedOrigins=${allowedOrigins.length}`,
 ];
 console.log(`[openclaw-hf-setup] ${parts.join(" ")} -> ${configPath}`);
 if (authKind === "none") {
   console.warn(
-    "[openclaw-hf-setup] No auth set. Add OPENCLAW_GATEWAY_TOKEN or OPENCLAW_GATEWAY_PASSWORD in Space Secrets, then restart.",
   );
 }

 /**
  * One-time setup for OpenClaw on Hugging Face Spaces.
  * Runs at container startup; writes or merges openclaw.json from env (Secrets/Variables):
+ *
+ * Custom Ollama provider (hf-ollama-qwen3-vl) — PRIMARY default model:
+ * - providers["hf-ollama-qwen3-vl"] registered with baseUrl + apiKey
+ * - agents.defaults.model.primary = "hf-ollama-qwen3-vl/voytas26/openclaw-qwen3vl-8b-opt"
+ * - Configure via:
+ *     OPENCLAW_OLLAMA_BASE_URL  (default: https://ubix-Clawd.hf.space/v1)
+ *     OPENCLAW_OLLAMA_API_KEY   (default: "ollama")
+ * - Falls back to OPENCLAW_HF_DEFAULT_MODEL (or HF DeepSeek-R1) when OPENCLAW_OLLAMA_BASE_URL
+ *   is explicitly set to empty string to disable.
+ *
+ * OpenRouter / Perplexity (search-augmented model):
+ * - providers.openrouter.apiKey from OPENROUTER_API_KEY
+ * - agents.defaults.model.search set to openrouter/perplexity/sonar
+ *   (only written when OPENROUTER_API_KEY is present)
+ *
+ * Gateway auth:
+ * - gateway.auth: OPENCLAW_GATEWAY_TOKEN (token) or OPENCLAW_GATEWAY_PASSWORD (password)
+ *   token wins if both are set
+ * - gateway.controlUi.dangerouslyDisableDeviceAuth when auth is set (no device pairing in Spaces)
+ *
+ * Networking:
+ * - gateway.trustedProxies from OPENCLAW_GATEWAY_TRUSTED_PROXIES, or default HF proxy IPs
+ * - gateway.controlUi.allowedOrigins from OPENCLAW_CONTROL_UI_ALLOWED_ORIGINS (comma-separated)
+ *
  * HF_TOKEN is read by the gateway at runtime; this script only writes the above into config.
  */
 import fs from "node:fs";
 const stateDir = path.join(home, ".openclaw");
 const configPath = path.join(stateDir, "openclaw.json");
+// ── Gateway token (supports file-mounted secrets for platforms that mount secrets as files) ──
 function readGatewayToken() {
   const fromEnv = process.env.OPENCLAW_GATEWAY_TOKEN?.trim();
   if (fromEnv) return fromEnv;
   return "";
 }
+// ── Env reads ──────────────────────────────────────────────────────────────────────────────────
+// Custom Ollama/OpenAI-compat provider hosted on HF Space
+// Set OPENCLAW_OLLAMA_BASE_URL="" to disable and fall back to HF Inference
+const ollamaBaseUrl = process.env.OPENCLAW_OLLAMA_BASE_URL !== undefined
+  ? process.env.OPENCLAW_OLLAMA_BASE_URL.trim()
+  : "https://ubix-Clawd.hf.space/v1";
+const ollamaApiKey  = process.env.OPENCLAW_OLLAMA_API_KEY?.trim() || "ollama";
+const ollamaEnabled = ollamaBaseUrl.length > 0;
+// Fallback HF Inference model (used only when Ollama provider is disabled)
+const hfFallbackModel =
+  process.env.OPENCLAW_HF_DEFAULT_MODEL?.trim() ||
+  "huggingface/deepseek-ai/DeepSeek-R1";
+// Resolved primary model
+const defaultModel = ollamaEnabled
+  ? "hf-ollama-qwen3-vl/voytas26/openclaw-qwen3vl-8b-opt"
+  : hfFallbackModel;
+const gatewayToken    = readGatewayToken();
 const gatewayPassword = process.env.OPENCLAW_GATEWAY_PASSWORD?.trim();
+const openrouterKey   = process.env.OPENROUTER_API_KEY?.trim();
+// ── Trusted proxies ────────────────────────────────────────────────────────────────────────────
+// Default HF Space proxy IPs so the Control UI works without extra config.
+// Override with OPENCLAW_GATEWAY_TRUSTED_PROXIES (comma-separated) if you see
+// "Proxy headers detected from untrusted address" in the logs.
 const DEFAULT_HF_TRUSTED_PROXY_IPS = [
   "10.16.4.123",
   "10.16.34.155",
   trustedProxiesRaw && trustedProxiesRaw.length > 0
     ? trustedProxiesRaw.split(",").map((s) => s.trim()).filter(Boolean)
     : DEFAULT_HF_TRUSTED_PROXY_IPS;
+// ── Allowed origins ──���─────────────────────────────────────────────────────────────────────────
 const allowedOriginsRaw = process.env.OPENCLAW_CONTROL_UI_ALLOWED_ORIGINS?.trim();
 const allowedOrigins = allowedOriginsRaw
   ? allowedOriginsRaw.split(",").map((s) => s.trim()).filter(Boolean)
   : [];
+// ── Load existing config (merge, don't overwrite) ─────────────────────────────────────────────
 let config = {};
 if (fs.existsSync(configPath)) {
   try {
     config = JSON.parse(fs.readFileSync(configPath, "utf-8"));
   } catch {
+    // keep config empty on parse error
   }
 }
+// ── 1. Register providers & set default model ─────────────────────────────────────────────────
+if (!config.providers) config.providers = {};
 if (!config.agents) config.agents = {};
 if (!config.agents.defaults) config.agents.defaults = {};
 if (!config.agents.defaults.model) config.agents.defaults.model = {};
+// 1a. Custom Ollama/OpenAI-compat provider (hf-ollama-qwen3-vl)
+if (ollamaEnabled) {
+  config.providers["hf-ollama-qwen3-vl"] = {
+    baseUrl: ollamaBaseUrl,
+    apiKey:  ollamaApiKey,
+    api:     "openai-completions",
+    models: [
+      {
+        id:            "voytas26/openclaw-qwen3vl-8b-opt",
+        name:          "qwen3vl (HF Space - CPU)",
+        reasoning:     true,
+        input:         ["text"],
+        contextWindow: 128000,
+        maxTokens:     32000,
+        cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
+      },
+    ],
+  };
+  console.log(
+    `[openclaw-hf-setup] hf-ollama-qwen3-vl provider registered -> ${ollamaBaseUrl}`
+  );
+} else {
+  console.log(
+    "[openclaw-hf-setup] OPENCLAW_OLLAMA_BASE_URL is empty — Ollama provider disabled, " +
+    `falling back to: ${hfFallbackModel}`
+  );
+}
+// 1b. Set primary default model
 config.agents.defaults.model.primary = defaultModel;
+// ── 2. OpenRouter provider + Perplexity Sonar as search model ─────────────────────────────────
+if (openrouterKey) {
+  config.providers.openrouter = {
+    apiKey: openrouterKey,
+  };
+  // Use Perplexity Sonar (web-search-augmented) for search/research tasks.
+  config.agents.defaults.model.search = "openrouter/perplexity/sonar";
+  console.log(
+    "[openclaw-hf-setup] OpenRouter configured -> search model: openrouter/perplexity/sonar"
+  );
+} else {
+  console.warn(
+    "[openclaw-hf-setup] OPENROUTER_API_KEY not set. " +
+    "Perplexity Sonar search model will not be available. " +
+    "Add OPENROUTER_API_KEY in Space Secrets to enable web search."
+  );
+}
+// ── 3. Gateway auth ────────────────────────────────────────────────────────────────────────────
+const useTokenAuth    = Boolean(gatewayToken);
 const usePasswordAuth = Boolean(gatewayPassword) && !useTokenAuth;
 if (useTokenAuth || usePasswordAuth) {
   if (!config.gateway) config.gateway = {};
   if (!config.gateway.auth) config.gateway.auth = {};
   if (useTokenAuth) {
+    config.gateway.auth.mode  = "token";
     config.gateway.auth.token = gatewayToken;
   } else {
+    config.gateway.auth.mode     = "password";
     config.gateway.auth.password = gatewayPassword;
   }
 }
+// Disable device pairing — Spaces have no CLI to approve pairing requests.
+// Control UI will accept token/password only.
 if (useTokenAuth || usePasswordAuth) {
   if (!config.gateway) config.gateway = {};
   if (!config.gateway.controlUi) config.gateway.controlUi = {};
   config.gateway.controlUi.dangerouslyDisableDeviceAuth = true;
 }
+// ── 4. Trusted proxies ─────────────────────────────────────────────────────────────────────────
 if (!config.gateway) config.gateway = {};
 config.gateway.trustedProxies = trustedProxies;
+// ── 5. Allowed origins ─────────────────────────────────────────────────────────────────────────
 if (allowedOrigins.length > 0) {
   if (!config.gateway.controlUi) config.gateway.controlUi = {};
   config.gateway.controlUi.allowedOrigins = allowedOrigins;
 }
+// ── Write config ───────────────────────────────────────────────────────────────────────────────
 fs.mkdirSync(stateDir, { recursive: true });
 fs.writeFileSync(configPath, JSON.stringify(config, null, 2), "utf-8");
+// ── Startup summary ────────────────────────────────────────────────────────────────────────────
 const authKind = useTokenAuth ? "token" : usePasswordAuth ? "password" : "none";
 const parts = [
   `token_present=${useTokenAuth ? "1" : "0"}`,
   `password_present=${usePasswordAuth ? "1" : "0"}`,
   `auth=${authKind}`,
+  `ollama_provider=${ollamaEnabled ? "1" : "0"}`,
+  `default_model=${defaultModel}`,
+  `openrouter_configured=${openrouterKey ? "1" : "0"}`,
+  `search_model=${openrouterKey ? "openrouter/perplexity/sonar" : "none"}`,
   `trustedProxies=${trustedProxies.length}`,
   `allowedOrigins=${allowedOrigins.length}`,
 ];
 console.log(`[openclaw-hf-setup] ${parts.join(" ")} -> ${configPath}`);
 if (authKind === "none") {
   console.warn(
+    "[openclaw-hf-setup] No auth set. " +
+    "Add OPENCLAW_GATEWAY_TOKEN or OPENCLAW_GATEWAY_PASSWORD in Space Secrets, then restart."
   );
 }