From af76b2828660f1fbd07350e2242e10330d2a2a55 Mon Sep 17 00:00:00 2001
From: Haze <709547807@qq.com>
Date: Fri, 6 Feb 2026 00:50:19 +0800
Subject: [PATCH] fix(gateway): use GitHub URL for OpenClaw submodule and add
 token auth

- Change submodule URL from local path to https://github.com/openclaw/openclaw.git
- Checkout stable version v2026.2.3
- Add auto-generated gateway token (clawx-xxx) stored in electron-store
- Pass token via --token argument and OPENCLAW_GATEWAY_TOKEN env var
- Include token in WebSocket URL for authentication
- Add --dev and --allow-unconfigured flags for first-time setup
---
 .gitmodules                                   |  2 +-
 .../commit_11_openclaw_submodule_fix.md       | 95 +++++++++++++++++++
 build_process/process.md                      |  2 +
 electron/gateway/manager.ts                   | 87 +++++++++--------
 electron/utils/store.ts                       | 11 +++
 openclaw                                      |  2 +-
 6 files changed, 158 insertions(+), 41 deletions(-)
 create mode 100644 build_process/commit_11_openclaw_submodule_fix.md

diff --git a/.gitmodules b/.gitmodules
index a5cd3d5f2..b2682ede3 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,3 +1,3 @@
 [submodule "openclaw"]
 	path = openclaw
-	url = /Users/guoyuliang/Project/openclaw
+	url = https://github.com/openclaw/openclaw.git
diff --git a/build_process/commit_11_openclaw_submodule_fix.md b/build_process/commit_11_openclaw_submodule_fix.md
new file mode 100644
index 000000000..c88a76a53
--- /dev/null
+++ b/build_process/commit_11_openclaw_submodule_fix.md
@@ -0,0 +1,95 @@
+# Commit 11: Fix OpenClaw Submodule Integration
+
+## Overview
+
+Fixed the OpenClaw submodule configuration to use the official GitHub repository instead of a local path, and added automatic token generation for gateway authentication.
+
+## Changes Made
+
+### 1. Fixed Submodule URL
+
+Updated `.gitmodules` to point to the official GitHub repository:
+
+**Before:**
+```
+[submodule "openclaw"]
+    path = openclaw
+    url = /Users/guoyuliang/Project/openclaw
+```
+
+**After:**
+```
+[submodule "openclaw"]
+    path = openclaw
+    url = https://github.com/openclaw/openclaw.git
+```
+
+Checked out stable version `v2026.2.3`.
+
+### 2. Added Gateway Token Management
+
+**electron/utils/store.ts:**
+- Added `gatewayToken` to `AppSettings` interface
+- Added `generateToken()` function to create random tokens (`clawx-xxxxxxxxxxxx`)
+- Token is auto-generated on first launch and persisted
+
+### 3. Updated Gateway Manager
+
+**electron/gateway/manager.ts:**
+- Import `getSetting` from store
+- Get or generate gateway token on startup
+- Pass `--token` argument when spawning gateway process
+- Set `OPENCLAW_GATEWAY_TOKEN` environment variable
+- Include token in WebSocket URL for authentication (`?auth=token`)
+- Added `--dev` and `--allow-unconfigured` flags for first-time setup
+
+## Technical Details
+
+### Token Flow
+
+```
+┌─────────────────┐     ┌─────────────────┐     ┌─────────────────┐
+│  ClawX Start    │────▶│  Get/Generate   │────▶│  Store Token    │
+│                 │     │  Token          │     │  (electron-     │
+│                 │     │                 │     │   store)        │
+└─────────────────┘     └─────────────────┘     └─────────────────┘
+         │
+         ▼
+┌─────────────────┐     ┌─────────────────┐
+│  Start Gateway  │────▶│  Connect WS     │
+│  --token xxx    │     │  ?auth=xxx      │
+└─────────────────┘     └─────────────────┘
+```
+
+### Gateway Startup Command
+
+**Production mode:**
+```bash
+node openclaw.mjs gateway run --port 18789 --token <token> --dev --allow-unconfigured
+```
+
+**Development mode:**
+```bash
+pnpm run dev gateway run --port 18789 --token <token> --dev --allow-unconfigured
+```
+
+### Environment Variables
+
+- `OPENCLAW_GATEWAY_TOKEN`: Gateway authentication token
+- `OPENCLAW_SKIP_CHANNELS`: Skip channel auto-connect (faster startup)
+- `CLAWDBOT_SKIP_CHANNELS`: Legacy skip channels flag
+
+## Files Modified
+
+| File | Changes |
+|------|---------|
+| `.gitmodules` | Updated URL to GitHub repo |
+| `openclaw` | Submodule updated to v2026.2.3 |
+| `electron/utils/store.ts` | Added gatewayToken setting and generateToken() |
+| `electron/gateway/manager.ts` | Token auth for process and WebSocket |
+
+## Result
+
+- Gateway starts successfully with auto-generated token
+- WebSocket connection authenticated properly
+- No manual configuration required for first-time users
diff --git a/build_process/process.md b/build_process/process.md
index 4e990e431..7da31783c 100644
--- a/build_process/process.md
+++ b/build_process/process.md
@@ -16,6 +16,7 @@
 * [commit_8] Chat interface - Markdown support, typing indicator, welcome screen
 * [commit_9] Skills browser - Bundles, categories, detail dialog
 * [commit_10] Cron tasks - Create/edit dialog, schedule presets, improved UI
+* [commit_11] OpenClaw submodule fix - GitHub URL, auto-generated token, WebSocket auth
 
 ### Plan:
 1. ~~Initialize project structure~~ ✅
@@ -42,6 +43,7 @@ All core features have been implemented:
 - Chat interface with markdown support
 - Skills browser with bundles
 - Cron tasks management for scheduled automation
+- OpenClaw submodule from official GitHub (v2026.2.3) with auto-token auth
 
 ## Version Milestones
 
diff --git a/electron/gateway/manager.ts b/electron/gateway/manager.ts
index a977fdad6..aee1cacb7 100644
--- a/electron/gateway/manager.ts
+++ b/electron/gateway/manager.ts
@@ -14,6 +14,7 @@ import {
   isOpenClawSubmodulePresent,
   isOpenClawInstalled 
 } from '../utils/paths';
+import { getSetting } from '../utils/store';
 import { GatewayEventType, JsonRpcNotification, isNotification, isResponse } from './protocol';
 
 /**
@@ -319,45 +320,47 @@ export class GatewayManager extends EventEmitter {
    * Uses OpenClaw submodule - supports both production (dist) and development modes
    */
   private async startProcess(): Promise<void> {
+    const openclawDir = getOpenClawDir();
+    const entryScript = getOpenClawEntryPath();
+    
+    // Verify OpenClaw submodule exists
+    if (!isOpenClawSubmodulePresent()) {
+      throw new Error(
+        'OpenClaw submodule not found. Please run: git submodule update --init'
+      );
+    }
+    
+    // Verify dependencies are installed
+    if (!isOpenClawInstalled()) {
+      throw new Error(
+        'OpenClaw dependencies not installed. Please run: cd openclaw && pnpm install'
+      );
+    }
+    
+    // Get or generate gateway token
+    const gatewayToken = await getSetting('gatewayToken');
+    console.log('Using gateway token:', gatewayToken.substring(0, 10) + '...');
+    
+    let command: string;
+    let args: string[];
+    
+    // Check if OpenClaw is built (production mode) or use pnpm dev mode
+    if (isOpenClawBuilt() && existsSync(entryScript)) {
+      // Production mode: use openclaw.mjs directly
+      console.log('Starting Gateway in production mode (using dist)');
+      command = 'node';
+      args = [entryScript, 'gateway', 'run', '--port', String(this.status.port), '--token', gatewayToken, '--dev', '--allow-unconfigured'];
+    } else {
+      // Development mode: use pnpm gateway:dev which handles tsx compilation
+      console.log('Starting Gateway in development mode (using pnpm)');
+      command = 'pnpm';
+      args = ['run', 'dev', 'gateway', 'run', '--port', String(this.status.port), '--token', gatewayToken, '--dev', '--allow-unconfigured'];
+    }
+    
+    console.log(`Spawning Gateway: ${command} ${args.join(' ')}`);
+    console.log(`Working directory: ${openclawDir}`);
+    
     return new Promise((resolve, reject) => {
-      const openclawDir = getOpenClawDir();
-      const entryScript = getOpenClawEntryPath();
-      
-      // Verify OpenClaw submodule exists
-      if (!isOpenClawSubmodulePresent()) {
-        reject(new Error(
-          'OpenClaw submodule not found. Please run: git submodule update --init'
-        ));
-        return;
-      }
-      
-      // Verify dependencies are installed
-      if (!isOpenClawInstalled()) {
-        reject(new Error(
-          'OpenClaw dependencies not installed. Please run: cd openclaw && pnpm install'
-        ));
-        return;
-      }
-      
-      let command: string;
-      let args: string[];
-      
-      // Check if OpenClaw is built (production mode) or use pnpm dev mode
-      if (isOpenClawBuilt() && existsSync(entryScript)) {
-        // Production mode: use openclaw.mjs directly
-        console.log('Starting Gateway in production mode (using dist)');
-        command = 'node';
-        args = [entryScript, 'gateway', 'run', '--port', String(this.status.port), '--allow-unconfigured'];
-      } else {
-        // Development mode: use pnpm gateway:dev which handles tsx compilation
-        console.log('Starting Gateway in development mode (using pnpm)');
-        command = 'pnpm';
-        args = ['run', 'dev', 'gateway', 'run', '--port', String(this.status.port), '--allow-unconfigured'];
-      }
-      
-      console.log(`Spawning Gateway: ${command} ${args.join(' ')}`);
-      console.log(`Working directory: ${openclawDir}`);
-      
       this.process = spawn(command, args, {
         cwd: openclawDir,
         stdio: ['ignore', 'pipe', 'pipe'],
@@ -368,6 +371,8 @@ export class GatewayManager extends EventEmitter {
           // Skip channel auto-connect during startup for faster boot
           OPENCLAW_SKIP_CHANNELS: '1',
           CLAWDBOT_SKIP_CHANNELS: '1',
+          // Also set token via environment variable as fallback
+          OPENCLAW_GATEWAY_TOKEN: gatewayToken,
         },
       });
       
@@ -433,8 +438,12 @@ export class GatewayManager extends EventEmitter {
    * Connect WebSocket to Gateway
    */
   private async connect(port: number): Promise<void> {
+    // Get token for WebSocket authentication
+    const gatewayToken = await getSetting('gatewayToken');
+    
     return new Promise((resolve, reject) => {
-      const wsUrl = `ws://localhost:${port}/ws`;
+      // Include token in WebSocket URL for authentication
+      const wsUrl = `ws://localhost:${port}/ws?auth=${encodeURIComponent(gatewayToken)}`;
       
       this.ws = new WebSocket(wsUrl);
       
diff --git a/electron/utils/store.ts b/electron/utils/store.ts
index cc924dd34..a0d923d7c 100644
--- a/electron/utils/store.ts
+++ b/electron/utils/store.ts
@@ -3,9 +3,18 @@
  * Electron-store wrapper for application settings
  */
 
+import { randomBytes } from 'crypto';
+
 // Lazy-load electron-store (ESM module)
 let settingsStoreInstance: any = null;
 
+/**
+ * Generate a random token for gateway authentication
+ */
+function generateToken(): string {
+  return `clawx-${randomBytes(16).toString('hex')}`;
+}
+
 /**
  * Application settings schema
  */
@@ -19,6 +28,7 @@ export interface AppSettings {
   // Gateway
   gatewayAutoStart: boolean;
   gatewayPort: number;
+  gatewayToken: string;
   
   // Update
   updateChannel: 'stable' | 'beta' | 'dev';
@@ -49,6 +59,7 @@ const defaults: AppSettings = {
   // Gateway
   gatewayAutoStart: true,
   gatewayPort: 18789,
+  gatewayToken: generateToken(),
   
   // Update
   updateChannel: 'stable',
diff --git a/openclaw b/openclaw
index 852466645..54ddbc466 160000
--- a/openclaw
+++ b/openclaw
@@ -1 +1 @@
-Subproject commit 85246664548b4481f2da2b706dd58157484abe86
+Subproject commit 54ddbc466085b42526983f6c90d152fdd7bf365f