feat: switch to password auth + project README

- Auth: password mode (default: "huggingclaw", override via OPENCLAW_PASSWORD secret)
- Removed: inject-token.sh, global-token-fallback patch (no longer needed)
- CSP: reverted script-src to 'self' (no inline scripts)
- README: project intro, quick start, architecture, security docs

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Dockerfile

@@ -52,10 +52,10 @@ RUN echo "[build][layer2] Clone + install + build..." && START=$(date +%s) \
   && echo "[build] version: $(cat /app/openclaw/.version)" \
   && echo "[build][layer2] Total clone+install+build: $(($(date +%s) - START))s"
 
-# ── Layer 3 (node): Scripts + Config + Token 注入 ─────────────────────────────
+# ── Layer 3 (node): Scripts + Config ──────────────────────────────────────────
 COPY --chown=node:node scripts /home/node/scripts
 COPY --chown=node:node openclaw.json /home/node/scripts/openclaw.json.default
-RUN chmod +x /home/node/scripts/entrypoint.sh /home/node/scripts/sync_hf.py /home/node/scripts/inject-token.sh
+RUN chmod +x /home/node/scripts/entrypoint.sh /home/node/scripts/sync_hf.py
 
 ENV NODE_ENV=production
 ENV OPENCLAW_BUNDLED_PLUGINS_DIR=/app/openclaw/empty-bundled-plugins

README.md

@@ -1,58 +1,87 @@
 ---
 title: HuggingClaw
-emoji: 🔥
-colorFrom: gray
-colorTo: yellow
+emoji: 🐾
+colorFrom: purple
+colorTo: blue
 sdk: docker
 pinned: false
 license: mit
-short_description: HuggingClaw
+short_description: Deploy OpenClaw on HuggingFace Spaces
 app_port: 7860
 ---
 
-## 初始化与运行
+# HuggingClaw
 
-### 克隆仓库
+**Deploy [OpenClaw](https://github.com/openclaw/openclaw) on HuggingFace Spaces** — no hardware required.
 
-```bash
-git clone https://huggingface.co/spaces/tao-shen/HuggingClaw
-cd HuggingClaw
-```
+OpenClaw is a self-hosted AI assistant platform with Telegram, WhatsApp integration and a web-based Control UI. HuggingClaw packages it for one-click cloud deployment on HuggingFace Spaces.
 
-### 在 Hugging Face Space 上运行
+## Why HuggingFace Spaces?
 
-1. Fork 或使用本 Space，在 **Settings → Repository secrets** 中配置：
-   - `HF_TOKEN`：具有写权限的 HF Access Token
-   - `OPENCLAW_DATASET_REPO`：用于持久化的 Dataset 仓库（如 `username/openclaw-backup`）
-2. 重新启动 Space 即可。
+- **Zero hardware** — runs on HF's free CPU tier
+- **Always online** — no need to keep your computer running
+- **Persistent storage** — auto-syncs data to a HF Dataset repo
+- **HTTPS built-in** — secure WebSocket connections out of the box
+- **One-click deploy** — fork this Space, set secrets, done
 
-### 本地 Docker 运行（可选）
+## Quick Start
 
-1. 复制环境变量模板并填写必填项：
-   ```bash
-   cp .env.example .env
-   # 编辑 .env，至少填写 HF_TOKEN 和 OPENCLAW_DATASET_REPO
-   ```
-2. 构建并运行（需先安装 Docker）：
-   ```bash
-   docker build -t huggingclaw .
-   docker run --rm -p 7860:7860 --env-file .env huggingclaw
-   ```
-3. 浏览器访问 `http://localhost:7860`。
+### 1. Fork this Space
 
----
+Click **Duplicate this Space** on HuggingFace.
+
+### 2. Set Secrets
+
+Go to **Settings > Repository secrets** and add:
+
+| Secret | Required | Description |
+|--------|:--------:|-------------|
+| `OPENCLAW_PASSWORD` | Recommended | Password for the Control UI (default: `huggingclaw`) |
+| `HF_TOKEN` | Yes | HF Access Token with write permission (for data persistence) |
+| `OPENCLAW_DATASET_REPO` | Yes | Dataset repo for backup, e.g. `your-name/openclaw-data` |
+| `OPENROUTER_API_KEY` | No | [OpenRouter](https://openrouter.ai) API key for LLM access |
+| `TELEGRAM_BOT_TOKEN` | No | Telegram bot token from [@BotFather](https://t.me/BotFather) |
+| `TELEGRAM_BOT_NAME` | No | Telegram bot username |
+| `TELEGRAM_ALLOW_USER` | No | Telegram username allowed to chat |
+
+### 3. Open the Control UI
+
+Visit your Space URL. Enter the password in the settings panel to connect.
+
+## Architecture
+
+```
+HuggingFace Space (Docker)
+├── OpenClaw (Node.js)        — AI assistant engine
+│   ├── Control UI            — Web dashboard (port 7860)
+│   ├── Telegram extension    — Bot integration
+│   └── WhatsApp extension    — Messaging integration
+├── sync_hf.py                — Auto-sync ~/.openclaw ↔ HF Dataset
+├── dns-resolve.py            — DNS pre-resolution for WhatsApp
+└── entrypoint.sh             — Startup orchestration
+```
+
+## Local Development
+
+```bash
+git clone https://huggingface.co/spaces/tao-shen/HuggingClaw
+cd HuggingClaw
+docker build -t huggingclaw .
+docker run --rm -p 7860:7860 \
+  -e OPENCLAW_PASSWORD=your-password \
+  -e HF_TOKEN=hf_xxx \
+  -e OPENCLAW_DATASET_REPO=your-name/openclaw-data \
+  huggingclaw
+```
+
+Open `http://localhost:7860` in your browser.
 
-## Environment Variables
+## Security
 
-### Persistence (Required)
-- `HF_TOKEN` - Hugging Face access token with write permissions
-- `OPENCLAW_DATASET_REPO` - Dataset repository for backup (e.g., `username/dataset-name`)
+- **Password-protected** — the Control UI requires a password to connect
+- **Secrets stay server-side** — API keys are never exposed to the browser
+- **CSP headers** — Content Security Policy restricts script/resource loading
 
-### Telegram Bot (Optional)
-- `TELEGRAM_BOT_TOKEN` - Your Telegram bot token
-- `TELEGRAM_BOT_NAME` - Bot username
-- `TELEGRAM_ALLOW_USER` - Your Telegram username to allow
+## License
 
-### Optional
-- `SYNC_INTERVAL` - Seconds between syncs (default: 120)
-- `ENABLE_AUX_SERVICES` - Enable aux services (default: false)
+MIT

openclaw.json

@@ -3,7 +3,7 @@
     "mode": "local",
     "bind": "lan",
     "port": 7860,
-    "auth": { "token": "hf-space-public-token" },
+    "auth": { "password": "__OPENCLAW_PASSWORD__" },
     "trustedProxies": [
       "0.0.0.0/0"
     ],

patches/hf-spaces-allow-iframe-embedding.patch

@@ -7,9 +7,8 @@ index 8a7b56f..62b0dfd 100644
      "base-uri 'none'",
      "object-src 'none'",
 -    "frame-ancestors 'none'",
--    "script-src 'self'",
 +    "frame-ancestors 'self' https://huggingface.co https://*.hf.space",
-+    "script-src 'self' 'unsafe-inline'",
+     "script-src 'self'",
      "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com",
      "img-src 'self' data: https:",
      "font-src 'self' https://fonts.gstatic.com",

patches/hf-spaces-global-token-fallback.patch

@@ -1,37 +0,0 @@
-diff --git a/ui/src/ui/storage.ts b/ui/src/ui/storage.ts
-index b32e6c3..763a543 100644
---- a/ui/src/ui/storage.ts
-+++ b/ui/src/ui/storage.ts
-@@ -17,6 +17,14 @@ export type UiSettings = {
-   locale?: string;
- };
- 
-+// Read an injected auth token from a global variable.
-+// Used by HF Spaces where localStorage may be unavailable
-+// (e.g. third-party iframe in incognito mode).
-+function getInjectedToken(): string {
-+  const w = globalThis as Record<string, unknown>;
-+  return typeof w.__OPENCLAW_AUTH_TOKEN__ === "string" ? (w.__OPENCLAW_AUTH_TOKEN__ as string) : "";
-+}
-+
- export function loadSettings(): UiSettings {
-   const defaultUrl = (() => {
-     const proto = location.protocol === "https:" ? "wss" : "ws";
-@@ -25,7 +33,7 @@ export function loadSettings(): UiSettings {
- 
-   const defaults: UiSettings = {
-     gatewayUrl: defaultUrl,
--    token: "",
-+    token: getInjectedToken(),
-     sessionKey: "main",
-     lastActiveSessionKey: "main",
-     theme: "system",
-@@ -47,7 +55,7 @@ export function loadSettings(): UiSettings {
-         typeof parsed.gatewayUrl === "string" && parsed.gatewayUrl.trim()
-           ? parsed.gatewayUrl.trim()
-           : defaults.gatewayUrl,
--      token: typeof parsed.token === "string" ? parsed.token : defaults.token,
-+      token: typeof parsed.token === "string" && parsed.token ? parsed.token : defaults.token,
-       sessionKey:
-         typeof parsed.sessionKey === "string" && parsed.sessionKey.trim()
-           ? parsed.sessionKey.trim()

scripts/entrypoint.sh

@@ -48,13 +48,6 @@ touch /home/node/logs/app.log
 ENTRYPOINT_END=$(date +%s)
 echo "[TIMER] Entrypoint (before sync_hf.py): $((ENTRYPOINT_END - BOOT_START))s"
 
-# ── Inject auth token into Control UI HTML ─────────────────────────────────
-INJECT_START=$(date +%s)
-if [ -x /home/node/scripts/inject-token.sh ]; then
-  bash /home/node/scripts/inject-token.sh
-fi
-echo "[TIMER] Token inject: $(($(date +%s) - INJECT_START))s"
-
 # ── Set version from build artifact ────────────────────────────────────────
 if [ -f /app/openclaw/.version ]; then
   export OPENCLAW_VERSION=$(cat /app/openclaw/.version)

scripts/inject-token.sh

@@ -1,32 +0,0 @@
-#!/bin/sh
-# Inject auto-token config into Control UI so the browser auto-connects
-# The token must match gateway.auth.token in openclaw.json
-TOKEN="hf-space-public-token"
-
-INDEX_HTML="/app/openclaw/dist/control-ui/index.html"
-
-if [ ! -f "$INDEX_HTML" ]; then
-  echo "[inject-token] WARNING: $INDEX_HTML not found, skipping"
-  exit 0
-fi
-
-# Create the injection script
-# 1. Set window.__OPENCLAW_AUTH_TOKEN__ — always works (even when localStorage is blocked in iframe/incognito)
-# 2. Also try localStorage as a fallback for the original UI code path
-INJECT_SCRIPT="<script>window.__OPENCLAW_AUTH_TOKEN__='${TOKEN}';try{var K='openclaw.control.settings.v1',s=JSON.parse(localStorage.getItem(K)||'{}');s.token='${TOKEN}';localStorage.setItem(K,JSON.stringify(s))}catch(e){}</script>"
-
-# Use python3 for reliable string replacement (avoids sed delimiter issues)
-python3 -c "
-import sys
-f = '${INDEX_HTML}'
-with open(f, 'r') as fh:
-    html = fh.read()
-inject = '''${INJECT_SCRIPT}'''
-if '</head>' in html and '__OPENCLAW_AUTH_TOKEN__' not in html:
-    html = html.replace('</head>', inject + '</head>')
-    with open(f, 'w') as fh:
-        fh.write(html)
-    print('[inject-token] Token injected into ' + f)
-else:
-    print('[inject-token] Skipped (already injected or no </head> found)')
-"

scripts/sync_hf.py

@@ -64,6 +64,9 @@ TELEGRAM_ALLOW_USER = os.environ.get("TELEGRAM_ALLOW_USER", "")
 # OpenRouter API key for free models (must be set via environment variable)
 OPENROUTER_API_KEY = os.environ.get("OPENROUTER_API_KEY", "")
 
+# Gateway password (override via HF Secret OPENCLAW_PASSWORD)
+OPENCLAW_PASSWORD = os.environ.get("OPENCLAW_PASSWORD", "huggingclaw")
+
 SYNC_INTERVAL = int(os.environ.get("SYNC_INTERVAL", "120"))
 
 # Setup logging
@@ -321,13 +324,15 @@ class OpenClawFullSync:
                     data["plugins"]["locations"] = [l for l in locs if l != "/dev/null"]
 
             # Force full gateway config for HF Spaces
-            # Note: Dockerfile injects "openclaw-space-default" token into Control UI,
-            # so we MUST set it here to match what the browser sends.
+            # Password auth: user must enter password in Control UI settings
+            if not OPENCLAW_PASSWORD:
+                print("[SYNC] WARNING: OPENCLAW_PASSWORD not set! Gateway will auto-generate a random token.")
+            auth = {"password": OPENCLAW_PASSWORD} if OPENCLAW_PASSWORD else {}
             data["gateway"] = {
                 "mode": "local",
                 "bind": "lan",
                 "port": 7860,
-                "auth": {"token": "hf-space-public-token"},
+                "auth": auth,
                 "trustedProxies": ["0.0.0.0/0"],
                 "controlUi": {
                     "allowInsecureAuth": True,
@@ -339,7 +344,7 @@ class OpenClawFullSync:
                     ]
                 }
             }
-            print("[SYNC] Set gateway config (auth=default, trustedProxies=all)")
+            print(f"[SYNC] Set gateway config (auth={'password' if OPENCLAW_PASSWORD else 'auto-generated'}, trustedProxies=all)")
 
             # Ensure agents defaults
             data.setdefault("agents", {}).setdefault("defaults", {}).setdefault("model", {})