fix(gateway): use GitHub URL for OpenClaw submodule and add token auth

- Change submodule URL from local path to https://github.com/openclaw/openclaw.git - Checkout stable version v2026.2.3 - Add auto-generated gateway token (clawx-xxx) stored in electron-store - Pass token via --token argument and OPENCLAW_GATEWAY_TOKEN env var - Include token in WebSocket URL for authentication - Add --dev and --allow-unconfigured flags for first-time setup
2026-02-06 00:50:19 +08:00
parent 29ee21754a
commit af76b28286
6 changed files with 158 additions and 41 deletions
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,3 +1,3 @@
 [submodule "openclaw"]
 	path = openclaw
-	url = /Users/guoyuliang/Project/openclaw
+	url = https://github.com/openclaw/openclaw.git
--- a/build_process/commit_11_openclaw_submodule_fix.md
+++ b/build_process/commit_11_openclaw_submodule_fix.md
@@ -0,0 +1,95 @@
+# Commit 11: Fix OpenClaw Submodule Integration
+
+## Overview
+
+Fixed the OpenClaw submodule configuration to use the official GitHub repository instead of a local path, and added automatic token generation for gateway authentication.
+
+## Changes Made
+
+### 1. Fixed Submodule URL
+
+Updated `.gitmodules` to point to the official GitHub repository:
+
+**Before:**
+```
+[submodule "openclaw"]
+    path = openclaw
+    url = /Users/guoyuliang/Project/openclaw
+```
+
+**After:**
+```
+[submodule "openclaw"]
+    path = openclaw
+    url = https://github.com/openclaw/openclaw.git
+```
+
+Checked out stable version `v2026.2.3`.
+
+### 2. Added Gateway Token Management
+
+**electron/utils/store.ts:**
+- Added `gatewayToken` to `AppSettings` interface
+- Added `generateToken()` function to create random tokens (`clawx-xxxxxxxxxxxx`)
+- Token is auto-generated on first launch and persisted
+
+### 3. Updated Gateway Manager
+
+**electron/gateway/manager.ts:**
+- Import `getSetting` from store
+- Get or generate gateway token on startup
+- Pass `--token` argument when spawning gateway process
+- Set `OPENCLAW_GATEWAY_TOKEN` environment variable
+- Include token in WebSocket URL for authentication (`?auth=token`)
+- Added `--dev` and `--allow-unconfigured` flags for first-time setup
+
+## Technical Details
+
+### Token Flow
+
+```
+┌─────────────────┐     ┌─────────────────┐     ┌─────────────────┐
+│  ClawX Start    │────▶│  Get/Generate   │────▶│  Store Token    │
+│                 │     │  Token          │     │  (electron-     │
+│                 │     │                 │     │   store)        │
+└─────────────────┘     └─────────────────┘     └─────────────────┘
+         │
+         ▼
+┌─────────────────┐     ┌─────────────────┐
+│  Start Gateway  │────▶│  Connect WS     │
+│  --token xxx    │     │  ?auth=xxx      │
+└─────────────────┘     └─────────────────┘
+```
+
+### Gateway Startup Command
+
+**Production mode:**
+```bash
+node openclaw.mjs gateway run --port 18789 --token <token> --dev --allow-unconfigured
+```
+
+**Development mode:**
+```bash
+pnpm run dev gateway run --port 18789 --token <token> --dev --allow-unconfigured
+```
+
+### Environment Variables
+
+- `OPENCLAW_GATEWAY_TOKEN`: Gateway authentication token
+- `OPENCLAW_SKIP_CHANNELS`: Skip channel auto-connect (faster startup)
+- `CLAWDBOT_SKIP_CHANNELS`: Legacy skip channels flag
+
+## Files Modified
+
+| File | Changes |
+|------|---------|
+| `.gitmodules` | Updated URL to GitHub repo |
+| `openclaw` | Submodule updated to v2026.2.3 |
+| `electron/utils/store.ts` | Added gatewayToken setting and generateToken() |
+| `electron/gateway/manager.ts` | Token auth for process and WebSocket |
+
+## Result
+
+- Gateway starts successfully with auto-generated token
+- WebSocket connection authenticated properly
+- No manual configuration required for first-time users
--- a/build_process/process.md
+++ b/build_process/process.md
@@ -16,6 +16,7 @@
 * [commit_8] Chat interface - Markdown support, typing indicator, welcome screen
 * [commit_9] Skills browser - Bundles, categories, detail dialog
 * [commit_10] Cron tasks - Create/edit dialog, schedule presets, improved UI
+* [commit_11] OpenClaw submodule fix - GitHub URL, auto-generated token, WebSocket auth

 ### Plan:
 1. ~~Initialize project structure~~ ✅
@@ -42,6 +43,7 @@ All core features have been implemented:
 - Chat interface with markdown support
 - Skills browser with bundles
 - Cron tasks management for scheduled automation
+- OpenClaw submodule from official GitHub (v2026.2.3) with auto-token auth

 ## Version Milestones

--- a/electron/gateway/manager.ts
+++ b/electron/gateway/manager.ts
@@ -14,6 +14,7 @@ import {
  isOpenClawSubmodulePresent,
  isOpenClawInstalled 
 } from '../utils/paths';
+import { getSetting } from '../utils/store';
 import { GatewayEventType, JsonRpcNotification, isNotification, isResponse } from './protocol';

 /**
@@ -319,45 +320,47 @@ export class GatewayManager extends EventEmitter {
   * Uses OpenClaw submodule - supports both production (dist) and development modes
   */
  private async startProcess(): Promise<void> {
+    const openclawDir = getOpenClawDir();
+    const entryScript = getOpenClawEntryPath();
+    
+    // Verify OpenClaw submodule exists
+    if (!isOpenClawSubmodulePresent()) {
+      throw new Error(
+        'OpenClaw submodule not found. Please run: git submodule update --init'
+      );
+    }
+    
+    // Verify dependencies are installed
+    if (!isOpenClawInstalled()) {
+      throw new Error(
+        'OpenClaw dependencies not installed. Please run: cd openclaw && pnpm install'
+      );
+    }
+    
+    // Get or generate gateway token
+    const gatewayToken = await getSetting('gatewayToken');
+    console.log('Using gateway token:', gatewayToken.substring(0, 10) + '...');
+    
+    let command: string;
+    let args: string[];
+    
+    // Check if OpenClaw is built (production mode) or use pnpm dev mode
+    if (isOpenClawBuilt() && existsSync(entryScript)) {
+      // Production mode: use openclaw.mjs directly
+      console.log('Starting Gateway in production mode (using dist)');
+      command = 'node';
+      args = [entryScript, 'gateway', 'run', '--port', String(this.status.port), '--token', gatewayToken, '--dev', '--allow-unconfigured'];
+    } else {
+      // Development mode: use pnpm gateway:dev which handles tsx compilation
+      console.log('Starting Gateway in development mode (using pnpm)');
+      command = 'pnpm';
+      args = ['run', 'dev', 'gateway', 'run', '--port', String(this.status.port), '--token', gatewayToken, '--dev', '--allow-unconfigured'];
+    }
+    
+    console.log(`Spawning Gateway: ${command} ${args.join(' ')}`);
+    console.log(`Working directory: ${openclawDir}`);
+    
    return new Promise((resolve, reject) => {
-      const openclawDir = getOpenClawDir();
-      const entryScript = getOpenClawEntryPath();
-      
-      // Verify OpenClaw submodule exists
-      if (!isOpenClawSubmodulePresent()) {
-        reject(new Error(
-          'OpenClaw submodule not found. Please run: git submodule update --init'
-        ));
-        return;
-      }
-      
-      // Verify dependencies are installed
-      if (!isOpenClawInstalled()) {
-        reject(new Error(
-          'OpenClaw dependencies not installed. Please run: cd openclaw && pnpm install'
-        ));
-        return;
-      }
-      
-      let command: string;
-      let args: string[];
-      
-      // Check if OpenClaw is built (production mode) or use pnpm dev mode
-      if (isOpenClawBuilt() && existsSync(entryScript)) {
-        // Production mode: use openclaw.mjs directly
-        console.log('Starting Gateway in production mode (using dist)');
-        command = 'node';
-        args = [entryScript, 'gateway', 'run', '--port', String(this.status.port), '--allow-unconfigured'];
-      } else {
-        // Development mode: use pnpm gateway:dev which handles tsx compilation
-        console.log('Starting Gateway in development mode (using pnpm)');
-        command = 'pnpm';
-        args = ['run', 'dev', 'gateway', 'run', '--port', String(this.status.port), '--allow-unconfigured'];
-      }
-      
-      console.log(`Spawning Gateway: ${command} ${args.join(' ')}`);
-      console.log(`Working directory: ${openclawDir}`);
-      
      this.process = spawn(command, args, {
        cwd: openclawDir,
        stdio: ['ignore', 'pipe', 'pipe'],
@@ -368,6 +371,8 @@ export class GatewayManager extends EventEmitter {
          // Skip channel auto-connect during startup for faster boot
          OPENCLAW_SKIP_CHANNELS: '1',
          CLAWDBOT_SKIP_CHANNELS: '1',
+          // Also set token via environment variable as fallback
+          OPENCLAW_GATEWAY_TOKEN: gatewayToken,
        },
      });
      
@@ -433,8 +438,12 @@ export class GatewayManager extends EventEmitter {
   * Connect WebSocket to Gateway
   */
  private async connect(port: number): Promise<void> {
+    // Get token for WebSocket authentication
+    const gatewayToken = await getSetting('gatewayToken');
+    
    return new Promise((resolve, reject) => {
-      const wsUrl = `ws://localhost:${port}/ws`;
+      // Include token in WebSocket URL for authentication
+      const wsUrl = `ws://localhost:${port}/ws?auth=${encodeURIComponent(gatewayToken)}`;
      
      this.ws = new WebSocket(wsUrl);
      
--- a/electron/utils/store.ts
+++ b/electron/utils/store.ts
@@ -3,9 +3,18 @@
 * Electron-store wrapper for application settings
 */

+import { randomBytes } from 'crypto';
+
 // Lazy-load electron-store (ESM module)
 let settingsStoreInstance: any = null;

+/**
+ * Generate a random token for gateway authentication
+ */
+function generateToken(): string {
+  return `clawx-${randomBytes(16).toString('hex')}`;
+}
+
 /**
 * Application settings schema
 */
@@ -19,6 +28,7 @@ export interface AppSettings {
  // Gateway
  gatewayAutoStart: boolean;
  gatewayPort: number;
+  gatewayToken: string;
  
  // Update
  updateChannel: 'stable' | 'beta' | 'dev';
@@ -49,6 +59,7 @@ const defaults: AppSettings = {
  // Gateway
  gatewayAutoStart: true,
  gatewayPort: 18789,
+  gatewayToken: generateToken(),
  
  // Update
  updateChannel: 'stable',
--- a/2
+++ b/2