HuggingClaw

Runtime error

tao-shen Claude Opus 4.6 commited on 16 days ago

Commit

ad7936d

1 Parent(s): 8f44b56

feat: default to no-auth mode — Control UI connects instantly

Use gateway auth.mode="none" by default so the Control UI auto-connects
without any token. Users who want access control can set GATEWAY_TOKEN
env var to require a token.

Also restore AUTO_CREATE_DATASET check for dataset creation.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Files changed (3) hide show

README.md +3 -3
openclaw.json +1 -1
scripts/sync_hf.py +21 -12

README.md CHANGED Viewed

@@ -112,7 +112,7 @@ Fine-tune persistence and performance. Set these as **Repository Secrets** in HF
 | Variable | Default | Description |
 |----------|---------|-------------|
-| `GATEWAY_TOKEN` | `huggingclaw` | **Gateway token for Control UI access.** Override to set a custom token. |
 | `AUTO_CREATE_DATASET` | `false` | **Auto-create the Dataset repo.** Set to `true` to auto-create a private Dataset repo on first startup. |
 | `SYNC_INTERVAL` | `60` | **Backup interval in seconds.** How often data syncs to the Dataset repo. |
@@ -120,7 +120,7 @@ Fine-tune persistence and performance. Set these as **Repository Secrets** in HF
 ### 3. Open the Control UI
-Visit your Space URL. The Control UI uses device-based authentication — only browsers paired through your HuggingFace profile can connect.
 Messaging integrations (Telegram, WhatsApp) can be configured directly inside the Control UI after connecting.
@@ -141,7 +141,7 @@ HuggingClaw adds its own variables for persistence and deployment: `HF_TOKEN`, `
 ## Security
-- **Device authentication** — only browsers paired through your HuggingFace profile can access the Control UI; incognito or third-party browsers are denied
 - **Secrets stay server-side** — API keys and tokens are never exposed to the browser
 - **Private backups** — the Dataset repo is created as private by default

 | Variable | Default | Description |
 |----------|---------|-------------|
+| `GATEWAY_TOKEN` | _(none)_ | **Gateway token.** If set, Control UI requires this token to connect. If not set, anyone with the URL can access. |
 | `AUTO_CREATE_DATASET` | `false` | **Auto-create the Dataset repo.** Set to `true` to auto-create a private Dataset repo on first startup. |
 | `SYNC_INTERVAL` | `60` | **Backup interval in seconds.** How often data syncs to the Dataset repo. |
 ### 3. Open the Control UI
+Visit your Space URL — the Control UI connects automatically, no token needed. To add access control, set the `GATEWAY_TOKEN` secret.
 Messaging integrations (Telegram, WhatsApp) can be configured directly inside the Control UI after connecting.
 ## Security
+- **Optional token auth** — set `GATEWAY_TOKEN` to restrict Control UI access; without it, the UI is open for easy setup
 - **Secrets stay server-side** — API keys and tokens are never exposed to the browser
 - **Private backups** — the Dataset repo is created as private by default

openclaw.json CHANGED Viewed

@@ -3,7 +3,7 @@
     "mode": "local",
     "bind": "lan",
     "port": 7860,
-    "auth": { "token": "huggingclaw" },
     "trustedProxies": [
       "0.0.0.0/0"
     ],

     "mode": "local",
     "bind": "lan",
     "port": 7860,
+    "auth": { "mode": "none" },
     "trustedProxies": [
       "0.0.0.0/0"
     ],

scripts/sync_hf.py CHANGED Viewed

@@ -65,8 +65,8 @@ OPENAI_BASE_URL = os.environ.get("OPENAI_BASE_URL", "https://api.openai.com/v1")
 # OpenRouter API key (optional; alternative to OPENAI_API_KEY + OPENAI_BASE_URL)
 OPENROUTER_API_KEY = os.environ.get("OPENROUTER_API_KEY", "")
-# Gateway token (default: huggingclaw; override via GATEWAY_TOKEN env var)
-GATEWAY_TOKEN = os.environ.get("GATEWAY_TOKEN", "huggingclaw")
 # Default model for new conversations (infer from provider if not set)
 OPENCLAW_DEFAULT_MODEL = os.environ.get("OPENCLAW_DEFAULT_MODEL") or (
@@ -172,8 +172,7 @@ class OpenClawFullSync:
             print("[SYNC] WARNING: HF_TOKEN not set. Persistence disabled.")
             return
         if not HF_REPO_ID:
-            print("[SYNC] INFO: OPENCLAW_DATASET_REPO not set and AUTO_CREATE_DATASET is disabled.")
-            print("[SYNC]   → Set OPENCLAW_DATASET_REPO, or set AUTO_CREATE_DATASET=true to auto-create.")
             print("[SYNC] Persistence disabled.")
             return
@@ -184,7 +183,7 @@ class OpenClawFullSync:
     # ── Repo management ────────────────────────────────────────────────
     def _ensure_repo_exists(self):
-        """Check if dataset repo exists; auto-create if AUTO_CREATE_DATASET is enabled."""
         try:
             self.api.repo_info(repo_id=HF_REPO_ID, repo_type="dataset")
             print(f"[SYNC] Dataset repo found: {HF_REPO_ID}")
@@ -192,10 +191,10 @@ class OpenClawFullSync:
         except Exception:
             if not AUTO_CREATE_DATASET:
                 print(f"[SYNC] Dataset repo NOT found: {HF_REPO_ID}")
-                print(f"[SYNC] AUTO_CREATE_DATASET is disabled. Please create the dataset repo manually.")
-                print(f"[SYNC]   → https://huggingface.co/new-dataset")
                 return False
-            print(f"[SYNC] Dataset repo NOT found: {HF_REPO_ID} - creating...")
             try:
                 self.api.create_repo(
                     repo_id=HF_REPO_ID,
@@ -348,9 +347,12 @@ class OpenClawFullSync:
             try:
                 with open(config_path, "r") as f:
                     cfg = json.load(f)
-                # Ensure default token
                 if "gateway" in cfg:
-                    cfg["gateway"]["auth"] = {"token": "huggingclaw"}
                 if OPENAI_API_KEY and "models" in cfg and "providers" in cfg["models"] and "openai" in cfg["models"]["providers"]:
                     cfg["models"]["providers"]["openai"]["apiKey"] = OPENAI_API_KEY
                     if OPENAI_BASE_URL:
@@ -429,11 +431,18 @@ class OpenClawFullSync:
             if SPACE_HOST:
                 allowed_origins.append(f"https://{SPACE_HOST}")
                 print(f"[SYNC] SPACE_HOST detected: {SPACE_HOST}")
             data["gateway"] = {
                 "mode": "local",
                 "bind": "lan",
                 "port": 7860,
-                "auth": {"token": GATEWAY_TOKEN},
                 "trustedProxies": ["0.0.0.0/0"],
                 "controlUi": {
                     "allowInsecureAuth": True,
@@ -441,7 +450,7 @@ class OpenClawFullSync:
                     "allowedOrigins": allowed_origins
                 }
             }
-            print(f"[SYNC] Set gateway config (auth=token:{GATEWAY_TOKEN}, origins={len(allowed_origins)})")
             # Ensure agents defaults
             data.setdefault("agents", {}).setdefault("defaults", {}).setdefault("model", {})

 # OpenRouter API key (optional; alternative to OPENAI_API_KEY + OPENAI_BASE_URL)
 OPENROUTER_API_KEY = os.environ.get("OPENROUTER_API_KEY", "")
+# Gateway token (optional; if not set, Control UI connects without auth)
+GATEWAY_TOKEN = os.environ.get("GATEWAY_TOKEN", "")
 # Default model for new conversations (infer from provider if not set)
 OPENCLAW_DEFAULT_MODEL = os.environ.get("OPENCLAW_DEFAULT_MODEL") or (
             print("[SYNC] WARNING: HF_TOKEN not set. Persistence disabled.")
             return
         if not HF_REPO_ID:
+            print("[SYNC] WARNING: Could not determine dataset repo (no SPACE_ID or OPENCLAW_DATASET_REPO).")
             print("[SYNC] Persistence disabled.")
             return
     # ── Repo management ────────────────────────────────────────────────
     def _ensure_repo_exists(self):
+        """Check if dataset repo exists; auto-create only when AUTO_CREATE_DATASET=true AND HF_TOKEN is set."""
         try:
             self.api.repo_info(repo_id=HF_REPO_ID, repo_type="dataset")
             print(f"[SYNC] Dataset repo found: {HF_REPO_ID}")
         except Exception:
             if not AUTO_CREATE_DATASET:
                 print(f"[SYNC] Dataset repo NOT found: {HF_REPO_ID}")
+                print(f"[SYNC]   Set AUTO_CREATE_DATASET=true to auto-create.")
+                print(f"[SYNC] Persistence disabled (app will still run normally).")
                 return False
+            print(f"[SYNC] Dataset repo NOT found: {HF_REPO_ID} — creating...")
             try:
                 self.api.create_repo(
                     repo_id=HF_REPO_ID,
             try:
                 with open(config_path, "r") as f:
                     cfg = json.load(f)
+                # Set auth based on GATEWAY_TOKEN env var
                 if "gateway" in cfg:
+                    if GATEWAY_TOKEN:
+                        cfg["gateway"]["auth"] = {"token": GATEWAY_TOKEN}
+                    else:
+                        cfg["gateway"]["auth"] = {"mode": "none"}
                 if OPENAI_API_KEY and "models" in cfg and "providers" in cfg["models"] and "openai" in cfg["models"]["providers"]:
                     cfg["models"]["providers"]["openai"]["apiKey"] = OPENAI_API_KEY
                     if OPENAI_BASE_URL:
             if SPACE_HOST:
                 allowed_origins.append(f"https://{SPACE_HOST}")
                 print(f"[SYNC] SPACE_HOST detected: {SPACE_HOST}")
+            # Auth: token mode if GATEWAY_TOKEN is set, otherwise no-auth mode
+            if GATEWAY_TOKEN:
+                auth_cfg = {"token": GATEWAY_TOKEN}
+                auth_label = f"token"
+            else:
+                auth_cfg = {"mode": "none"}
+                auth_label = "none (open access)"
             data["gateway"] = {
                 "mode": "local",
                 "bind": "lan",
                 "port": 7860,
+                "auth": auth_cfg,
                 "trustedProxies": ["0.0.0.0/0"],
                 "controlUi": {
                     "allowInsecureAuth": True,
                     "allowedOrigins": allowed_origins
                 }
             }
+            print(f"[SYNC] Set gateway config (auth={auth_label}, origins={len(allowed_origins)})")
             # Ensure agents defaults
             data.setdefault("agents", {}).setdefault("defaults", {}).setdefault("model", {})