@botcord/daemon 0.2.6 → 0.2.8

package/dist/provision.js

@@ -13,6 +13,7 @@ import { BOTCORD_CHANNEL_TYPE, buildManagedRoutes, prepareGatewayProfile, } from
 import { agentHomeDir, agentStateDir, agentWorkspaceDir, applyAgentIdentity, ensureAgentWorkspace, } from "./agent-workspace.js";
 import { detectRuntimes, getAdapterModule } from "./adapters/runtimes.js";
 import { log as daemonLog } from "./log.js";
+import { discoverAgentCredentials } from "./agent-discovery.js";
 /**
  * Build a dispatcher function that routes a `ControlFrame` to the right
  * handler. Returned function signature matches
@@ -179,6 +180,7 @@ export function createProvisioner(opts) {
         }
     };
 }
+const openclawProvisionLocks = new Map();
 async function provisionAgent(params, ctx) {
     // Validate both caller-supplied cwd sources up front. Previously only
     // `params.cwd` was checked, so `params.credentials.cwd` could smuggle an
@@ -186,13 +188,44 @@ async function provisionAgent(params, ctx) {
     // that hole by moving the check to the union of both.
     const explicitCwd = params.credentials?.cwd ?? params.cwd;
     assertSafeCwd(explicitCwd);
+    const openclawSel = pickOpenclawSelection(params);
+    if (openclawSel.gateway && openclawSel.agent) {
+        return withOpenclawProvisionLock(openclawSel.gateway, openclawSel.agent, async () => {
+            const existing = findCredentialsByOpenclaw(openclawSel.gateway, openclawSel.agent);
+            if (existing) {
+                daemonLog.info("provision_agent: openclaw binding already exists", {
+                    gateway: openclawSel.gateway,
+                    openclawAgent: openclawSel.agent,
+                    agentId: existing.agentId,
+                });
+                return installExistingOpenclawBinding(existing.agentId, ctx);
+            }
+            const cfg = loadConfig();
+            const credentials = await materializeCredentials(params, cfg, ctx, explicitCwd);
+            return installLocalAgent(credentials, {
+                ...ctx,
+                cfg,
+                bio: params.bio,
+                source: params.credentials ? "hub-supplied" : "registered",
+            });
+        });
+    }
     const cfg = loadConfig();
     const credentials = await materializeCredentials(params, cfg, ctx, explicitCwd);
+    return installLocalAgent(credentials, {
+        ...ctx,
+        cfg,
+        bio: params.bio,
+        source: params.credentials ? "hub-supplied" : "registered",
+    });
+}
+async function installLocalAgent(credentials, ctx) {
+    const cfg = ctx.cfg;
     daemonLog.debug("provision: credentials materialized", {
         agentId: credentials.agentId,
         hubUrl: credentials.hubUrl,
         runtime: credentials.runtime ?? null,
-        source: params.credentials ? "hub-supplied" : "registered",
+        source: ctx.source,
     });
     const credentialsFile = writeCredentialsFile(defaultCredentialsFile(credentials.agentId), credentials);
     // Seed the per-agent workspace directory. On failure, unlink the fresh
@@ -201,7 +234,7 @@ async function provisionAgent(params, ctx) {
     try {
         ensureAgentWorkspace(credentials.agentId, {
             displayName: credentials.displayName,
-            bio: params.bio,
+            bio: ctx.bio,
             runtime: credentials.runtime,
             keyId: credentials.keyId,
             savedAt: credentials.savedAt,
@@ -267,35 +300,7 @@ async function provisionAgent(params, ctx) {
     // Hot-add the synthesized per-agent managed route so the next turn picks
     // the agent's runtime + workspace cwd without waiting for reload_config.
     try {
-        const synthRoute = {
-            match: { accountId: credentials.agentId },
-            runtime: credentials.runtime ?? cfg.defaultRoute.adapter,
-            cwd: credentials.cwd ?? agentWorkspaceDir(credentials.agentId),
-        };
-        if (synthRoute.runtime === "openclaw-acp") {
-            // Resolve gateway from the freshly written credentials + the live
-            // openclawGateways registry. A missing/unknown gateway here yields a
-            // disabled route (set_route style); next turn for this agent falls
-            // back to defaultRoute. Caller already validated via reload semantics.
-            const profile = (cfg.openclawGateways ?? []).find((g) => g.name === credentials.openclawGateway);
-            if (profile) {
-                // Run the same tokenFile-aware resolver `toGatewayConfig` uses so the
-                // first turn after provisioning doesn't auth-fail when the gateway
-                // ships its bearer via `tokenFile` instead of an inline `token`.
-                const prepared = prepareGatewayProfile(profile);
-                synthRoute.gateway = {
-                    name: prepared.name,
-                    url: prepared.url,
-                    ...(prepared.resolvedToken ? { token: prepared.resolvedToken } : {}),
-                    ...(credentials.openclawAgent
-                        ? { openclawAgent: credentials.openclawAgent }
-                        : prepared.defaultAgent
-                            ? { openclawAgent: prepared.defaultAgent }
-                            : {}),
-                };
-            }
-        }
-        ctx.gateway.upsertManagedRoute(credentials.agentId, synthRoute);
+        upsertManagedRouteForCredentials(credentials, cfg, ctx.gateway);
     }
     catch (err) {
         // Rollback the channel + config + credentials on managed-route failure
@@ -336,6 +341,53 @@ async function provisionAgent(params, ctx) {
         credentialsFile,
     };
 }
+function upsertManagedRouteForCredentials(credentials, cfg, gateway) {
+    const synthRoute = {
+        match: { accountId: credentials.agentId },
+        runtime: credentials.runtime ?? cfg.defaultRoute.adapter,
+        cwd: credentials.cwd ?? agentWorkspaceDir(credentials.agentId),
+    };
+    if (synthRoute.runtime === "openclaw-acp") {
+        const profile = (cfg.openclawGateways ?? []).find((g) => g.name === credentials.openclawGateway);
+        if (profile) {
+            const prepared = prepareGatewayProfile(profile);
+            synthRoute.gateway = {
+                name: prepared.name,
+                url: prepared.url,
+                ...(prepared.resolvedToken ? { token: prepared.resolvedToken } : {}),
+                ...(credentials.openclawAgent
+                    ? { openclawAgent: credentials.openclawAgent }
+                    : prepared.defaultAgent
+                        ? { openclawAgent: prepared.defaultAgent }
+                        : {}),
+            };
+        }
+    }
+    gateway.upsertManagedRoute(credentials.agentId, synthRoute);
+}
+async function installExistingOpenclawBinding(agentId, ctx) {
+    const credentialsFile = defaultCredentialsFile(agentId);
+    const credentials = loadStoredCredentials(credentialsFile);
+    const cfg = loadConfig();
+    const updated = addAgentToConfig(cfg, credentials.agentId);
+    if (updated)
+        saveConfig(updated);
+    const snap = ctx.gateway.snapshot();
+    if (!snap.channels[credentials.agentId]) {
+        await ctx.gateway.addChannel({
+            id: credentials.agentId,
+            type: BOTCORD_CHANNEL_TYPE,
+            accountId: credentials.agentId,
+            agentId: credentials.agentId,
+        });
+    }
+    upsertManagedRouteForCredentials(credentials, cfg, ctx.gateway);
+    return {
+        agentId: credentials.agentId,
+        hubUrl: credentials.hubUrl,
+        credentialsFile,
+    };
+}
 async function materializeCredentials(params, cfg, ctx, explicitCwd) {
     // Runtime is an agent property. Hub is authoritative; top-level `runtime`
     // wins, `adapter` is a one-release alias, and `credentials.runtime` is the
@@ -442,6 +494,121 @@ function pickOpenclawSelection(params) {
     }
     return out;
 }
+async function withOpenclawProvisionLock(gateway, agent, fn) {
+    const key = `${gateway}\0${agent}`;
+    const prev = openclawProvisionLocks.get(key) ?? Promise.resolve();
+    let release;
+    const current = new Promise((resolve) => {
+        release = resolve;
+    });
+    const chain = prev.then(() => current);
+    openclawProvisionLocks.set(key, chain);
+    await prev.catch(() => undefined);
+    try {
+        return await fn();
+    }
+    finally {
+        release();
+        if (openclawProvisionLocks.get(key) === chain) {
+            openclawProvisionLocks.delete(key);
+        }
+    }
+}
+function findCredentialsByOpenclaw(gateway, openclawAgent) {
+    const discovered = discoverAgentCredentials({
+        credentialsDir: path.join(homedir(), ".botcord", "credentials"),
+    });
+    for (const a of discovered.agents) {
+        if (a.openclawGateway === gateway && a.openclawAgent === openclawAgent) {
+            return { agentId: a.agentId, credentialsFile: a.credentialsFile };
+        }
+    }
+    return null;
+}
+export async function adoptDiscoveredOpenclawAgents(ctx) {
+    const register = ctx.register ?? BotCordClient.register;
+    const cfg = ctx.cfg ?? loadConfig();
+    const result = {
+        adopted: [],
+        skipped: [],
+        failed: [],
+    };
+    for (const gw of cfg.openclawGateways ?? []) {
+        let probeResult;
+        try {
+            probeResult = await probeOpenclawAgents(gw, {
+                timeoutMs: ctx.timeoutMs,
+                probe: ctx.probe,
+            });
+        }
+        catch (err) {
+            result.failed.push({
+                gateway: gw.name,
+                error: err instanceof Error ? err.message : String(err),
+            });
+            continue;
+        }
+        if (!probeResult.ok) {
+            result.skipped.push({
+                gateway: gw.name,
+                reason: probeResult.error ?? "gateway_unreachable",
+            });
+            continue;
+        }
+        for (const oc of probeResult.agents ?? []) {
+            await withOpenclawProvisionLock(gw.name, oc.id, async () => {
+                const existing = findCredentialsByOpenclaw(gw.name, oc.id);
+                if (existing) {
+                    result.skipped.push({
+                        gateway: gw.name,
+                        openclawAgent: oc.id,
+                        reason: "already_bound",
+                    });
+                    return;
+                }
+                const freshCfg = loadConfig();
+                if (!inferHubUrl(freshCfg)) {
+                    result.skipped.push({
+                        gateway: gw.name,
+                        openclawAgent: oc.id,
+                        reason: "missing_hub_url",
+                    });
+                    daemonLog.warn("openclaw adopt skipped: no known hubUrl", {
+                        gateway: gw.name,
+                        openclawAgent: oc.id,
+                    });
+                    return;
+                }
+                try {
+                    const params = {
+                        runtime: "openclaw-acp",
+                        name: oc.name ?? `openclaw-${oc.id}`,
+                        openclaw: { gateway: gw.name, agent: oc.id },
+                    };
+                    const credentials = await materializeCredentials(params, freshCfg, {
+                        gateway: ctx.gateway,
+                        register,
+                    }, undefined);
+                    const installed = await installLocalAgent(credentials, {
+                        gateway: ctx.gateway,
+                        register,
+                        cfg: freshCfg,
+                        source: "adopted-openclaw",
+                    });
+                    result.adopted.push(installed.agentId);
+                }
+                catch (err) {
+                    result.failed.push({
+                        gateway: gw.name,
+                        openclawAgent: oc.id,
+                        error: err instanceof Error ? err.message : String(err),
+                    });
+                }
+            });
+        }
+    }
+    return result;
+}
 async function revokeAgent(params, ctx) {
     if (!params.agentId) {
         throw new Error("revoke_agent requires params.agentId");
@@ -738,6 +905,20 @@ async function defaultWsProbe(args) {
         });
     });
 }
+export async function probeOpenclawAgents(profile, opts = {}) {
+    const probe = opts.probe ?? defaultWsProbe;
+    const prepared = prepareGatewayProfile({
+        name: "probe",
+        url: profile.url,
+        ...(profile.token ? { token: profile.token } : {}),
+        ...(profile.tokenFile ? { tokenFile: profile.tokenFile } : {}),
+    });
+    return probe({
+        url: profile.url,
+        token: prepared.resolvedToken,
+        timeoutMs: opts.timeoutMs ?? 3000,
+    });
+}
 /**
  * Async variant that includes L2 (gateway reachability) and L3 (agent listing)
  * probes for runtimes that talk to external services. Used by the production
@@ -752,18 +933,17 @@ export async function collectRuntimeSnapshotAsync(opts = {}) {
     const gateways = opts.cfg?.openclawGateways ?? [];
     if (gateways.length === 0)
         return base;
-    const probe = opts.wsProbe ?? defaultWsProbe;
     // Default daemon-side budget is 3s — it must stay below the Hub's
     // `list_runtimes` ack wait (5s, see backend/hub/routers/daemon_control.py)
     // so a single slow gateway can't blow the whole snapshot to a 504.
     const timeoutMs = opts.timeoutMs ?? 3000;
     const capped = gateways.slice(0, RUNTIME_ENDPOINTS_CAP);
     const endpoints = await Promise.all(capped.map(async (g) => {
-        // Resolve `tokenFile` here so token-file-only profiles probe with auth
-        // and aren't falsely marked unreachable in the dashboard.
-        const prepared = prepareGatewayProfile(g);
         try {
-            const res = await probe({ url: g.url, token: prepared.resolvedToken, timeoutMs });
+            const res = await probeOpenclawAgents(g, {
+                probe: opts.wsProbe,
+                timeoutMs,
+            });
             const entry = { name: g.name, url: g.url, reachable: res.ok };
             if (res.version)
                 entry.version = res.version;
@@ -1106,5 +1286,14 @@ function inferHubUrl(cfg) {
             // skip
         }
     }
+    if (ids.length === 0) {
+        const discovered = discoverAgentCredentials({
+            credentialsDir: path.join(homedir(), ".botcord", "credentials"),
+        });
+        for (const a of discovered.agents) {
+            if (a.hubUrl)
+                return a.hubUrl;
+        }
+    }
     return null;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@botcord/daemon",
-  "version": "0.2.6",
+  "version": "0.2.8",
   "description": "BotCord local daemon — bridges Hub inbox push to local Claude Code / Codex / Gemini CLIs",
   "type": "module",
   "bin": {
@@ -28,7 +28,7 @@
   },
   "dependencies": {
     "@botcord/cli": "^0.1.7",
-    "@botcord/protocol-core": "^0.2.0",
+    "@botcord/protocol-core": "^0.2.2",
     "ws": "^8.18.0"
   },
   "devDependencies": {

package/src/__tests__/openclaw-discovery.test.ts

@@ -0,0 +1,150 @@
+import { mkdtempSync, mkdirSync, rmSync, writeFileSync } from "node:fs";
+import { tmpdir } from "node:os";
+import path from "node:path";
+import { afterEach, describe, expect, it, vi } from "vitest";
+import {
+  discoverLocalOpenclawGateways,
+  mergeOpenclawGateways,
+} from "../openclaw-discovery.js";
+import type { DaemonConfig } from "../config.js";
+import type { WsEndpointProbeFn } from "../provision.js";
+
+let tmp: string | null = null;
+
+afterEach(() => {
+  if (tmp) rmSync(tmp, { recursive: true, force: true });
+  tmp = null;
+});
+
+function tempDir(): string {
+  tmp = mkdtempSync(path.join(tmpdir(), "openclaw-discovery-"));
+  return tmp;
+}
+
+function baseConfig(): DaemonConfig {
+  return {
+    defaultRoute: { adapter: "claude-code", cwd: "/tmp" },
+    routes: [],
+    streamBlocks: true,
+  };
+}
+
+describe("discoverLocalOpenclawGateways", () => {
+  it("discovers JSON and TOML acp config files", async () => {
+    const dir = tempDir();
+    writeFileSync(
+      path.join(dir, "one.json"),
+      JSON.stringify({ acp: { url: "ws://127.0.0.1:18789/acp", tokenFile: "/tmp/token" } }),
+    );
+    writeFileSync(
+      path.join(dir, "two.toml"),
+      ['[acp]', 'url = "ws://127.0.0.1:18790/acp"', 'token = "secret"'].join("\n"),
+    );
+
+    const found = await discoverLocalOpenclawGateways({
+      searchPaths: [dir],
+      defaultPorts: [],
+    });
+
+    expect(found).toEqual(
+      expect.arrayContaining([
+        expect.objectContaining({
+          url: "ws://127.0.0.1:18789/acp",
+          tokenFile: "/tmp/token",
+          source: "config-file",
+        }),
+        expect.objectContaining({
+          url: "ws://127.0.0.1:18790/acp",
+          token: "secret",
+          source: "config-file",
+        }),
+      ]),
+    );
+  });
+
+  it("uses OPENCLAW_ACP_URL and token env vars", async () => {
+    const found = await discoverLocalOpenclawGateways({
+      searchPaths: [],
+      defaultPorts: [],
+      env: {
+        OPENCLAW_ACP_URL: "ws://127.0.0.1:18888/acp",
+        OPENCLAW_ACP_TOKEN: "env-token",
+      },
+    });
+
+    expect(found).toEqual([
+      expect.objectContaining({
+        url: "ws://127.0.0.1:18888/acp",
+        token: "env-token",
+        source: "env",
+      }),
+    ]);
+  });
+
+  it("adds default-port candidates only when the probe succeeds", async () => {
+    const probe = vi.fn<WsEndpointProbeFn>(async ({ url }) => ({
+      ok: url.includes("18789"),
+      agents: [],
+    }));
+
+    const found = await discoverLocalOpenclawGateways({
+      searchPaths: [],
+      defaultPorts: [18789, 18790],
+      probe,
+      timeoutMs: 10,
+    });
+
+    expect(probe).toHaveBeenCalledTimes(2);
+    expect(found.map((g) => g.url)).toEqual(["ws://127.0.0.1:18789"]);
+  });
+
+  it("prefers config-file auth details over lower-priority duplicate sources", async () => {
+    const dir = tempDir();
+    writeFileSync(
+      path.join(dir, "one.json"),
+      JSON.stringify({ acp: { url: "ws://127.0.0.1:18789", token: "file-token" } }),
+    );
+    const probe = vi.fn<WsEndpointProbeFn>(async () => ({ ok: true }));
+
+    const found = await discoverLocalOpenclawGateways({
+      searchPaths: [dir],
+      defaultPorts: [18789],
+      probe,
+      env: {
+        OPENCLAW_ACP_URL: "ws://127.0.0.1:18789",
+        OPENCLAW_ACP_TOKEN: "env-token",
+      },
+    });
+
+    expect(found).toHaveLength(1);
+    expect(found[0]).toEqual(
+      expect.objectContaining({ source: "config-file", token: "file-token" }),
+    );
+  });
+});
+
+describe("mergeOpenclawGateways", () => {
+  it("appends new URLs and keeps existing profiles untouched", () => {
+    const cfg = baseConfig();
+    cfg.openclawGateways = [{ name: "local", url: "ws://127.0.0.1:18789/acp", token: "user-token" }];
+    const merged = mergeOpenclawGateways(cfg, [
+      {
+        name: "openclaw-127-0-0-1-18789",
+        url: "ws://127.0.0.1:18789/acp",
+        token: "discovered-token",
+        source: "env",
+      },
+      {
+        name: "openclaw-127-0-0-1-18790",
+        url: "ws://127.0.0.1:18790/acp",
+        source: "default-port",
+      },
+    ]);
+
+    expect(merged.changed).toBe(true);
+    expect(merged.cfg.openclawGateways).toEqual([
+      { name: "local", url: "ws://127.0.0.1:18789/acp", token: "user-token" },
+      { name: "openclaw-127-0-0-1-18790", url: "ws://127.0.0.1:18790/acp" },
+    ]);
+  });
+});

package/src/__tests__/provision.test.ts

@@ -26,6 +26,7 @@ vi.mock("../config.js", async () => {
 
 const {
   addAgentToConfig,
+  adoptDiscoveredOpenclawAgents,
   removeAgentFromConfig,
   reloadConfig,
   setRoute,
@@ -779,6 +780,110 @@ describe("provision_agent seeds workspace + hot-adds managed route", () => {
   });
 });
 
+describe("adoptDiscoveredOpenclawAgents", () => {
+  it("registers unbound OpenClaw agents and writes the routing binding", async () => {
+    await withSandboxHome(async ({ tmp, fs, path: nodePath }) => {
+      const credDir = nodePath.join(tmp, ".botcord", "credentials");
+      fs.mkdirSync(credDir, { recursive: true });
+      fs.writeFileSync(
+        nodePath.join(credDir, "ag_seed.json"),
+        JSON.stringify({
+          version: 1,
+          hubUrl: "https://hub.example",
+          agentId: "ag_seed",
+          keyId: "k_seed",
+          privateKey: Buffer.alloc(32, 5).toString("base64"),
+          savedAt: new Date().toISOString(),
+        }),
+      );
+      mockState.cfg = {
+        defaultRoute: { adapter: "claude-code", cwd: "/tmp" },
+        routes: [],
+        streamBlocks: true,
+        agents: ["ag_seed"],
+        openclawGateways: [{ name: "local", url: "ws://127.0.0.1:18789" }],
+      };
+
+      const gw = makeFakeGateway(["ag_seed"]);
+      const register = vi.fn(async () => ({
+        agentId: "ag_adopted",
+        keyId: "k_adopted",
+        privateKey: Buffer.alloc(32, 31).toString("base64"),
+        publicKey: Buffer.alloc(32, 32).toString("base64"),
+        hubUrl: "https://hub.example",
+        token: "tok",
+        expiresAt: Date.now() + 60_000,
+      }));
+
+      const res = await adoptDiscoveredOpenclawAgents({
+        gateway: gw as unknown as Parameters<typeof adoptDiscoveredOpenclawAgents>[0]["gateway"],
+        register: register as unknown as Parameters<typeof adoptDiscoveredOpenclawAgents>[0]["register"],
+        cfg: mockState.cfg as unknown as DaemonConfig,
+        probe: async () => ({ ok: true, agents: [{ id: "main", name: "Main Agent" }] }),
+      });
+
+      expect(res.adopted).toEqual(["ag_adopted"]);
+      expect(register).toHaveBeenCalledWith("https://hub.example", "Main Agent", undefined);
+      const saved = JSON.parse(
+        fs.readFileSync(nodePath.join(credDir, "ag_adopted.json"), "utf8"),
+      ) as Record<string, unknown>;
+      expect(saved.runtime).toBe("openclaw-acp");
+      expect(saved.openclawGateway).toBe("local");
+      expect(saved.openclawAgent).toBe("main");
+      expect((mockState.cfg.agents as string[])).toContain("ag_adopted");
+      expect(gw.addChannel).toHaveBeenCalledWith(
+        expect.objectContaining({ id: "ag_adopted", type: "botcord" }),
+      );
+      const route = gw.listManagedRoutes().find((r) => r.match?.accountId === "ag_adopted");
+      expect(route?.runtime).toBe("openclaw-acp");
+      expect(route?.gateway?.name).toBe("local");
+      expect(route?.gateway?.openclawAgent).toBe("main");
+    });
+  });
+
+  it("skips an OpenClaw agent that is already bound in credentials", async () => {
+    await withSandboxHome(async ({ tmp, fs, path: nodePath }) => {
+      const credDir = nodePath.join(tmp, ".botcord", "credentials");
+      fs.mkdirSync(credDir, { recursive: true });
+      fs.writeFileSync(
+        nodePath.join(credDir, "ag_existing.json"),
+        JSON.stringify({
+          version: 1,
+          hubUrl: "https://hub.example",
+          agentId: "ag_existing",
+          keyId: "k_existing",
+          privateKey: Buffer.alloc(32, 6).toString("base64"),
+          savedAt: new Date().toISOString(),
+          runtime: "openclaw-acp",
+          openclawGateway: "local",
+          openclawAgent: "main",
+        }),
+      );
+      mockState.cfg = {
+        defaultRoute: { adapter: "claude-code", cwd: "/tmp" },
+        routes: [],
+        streamBlocks: true,
+        agents: ["ag_existing"],
+        openclawGateways: [{ name: "local", url: "ws://127.0.0.1:18789" }],
+      };
+      const register = vi.fn();
+
+      const res = await adoptDiscoveredOpenclawAgents({
+        gateway: makeFakeGateway(["ag_existing"]) as unknown as Parameters<typeof adoptDiscoveredOpenclawAgents>[0]["gateway"],
+        register: register as unknown as Parameters<typeof adoptDiscoveredOpenclawAgents>[0]["register"],
+        cfg: mockState.cfg as unknown as DaemonConfig,
+        probe: async () => ({ ok: true, agents: [{ id: "main" }] }),
+      });
+
+      expect(res.adopted).toEqual([]);
+      expect(res.skipped).toEqual([
+        { gateway: "local", openclawAgent: "main", reason: "already_bound" },
+      ]);
+      expect(register).not.toHaveBeenCalled();
+    });
+  });
+});
+
 // ---------------------------------------------------------------------------
 // revoke_agent — new flag semantics (plan §11.3)
 // ---------------------------------------------------------------------------

package/src/config.ts

@@ -88,6 +88,17 @@ export interface AgentDiscoveryConfig {
   credentialsDir?: string;
 }
 
+export interface OpenclawDiscoveryConfig {
+  /** Defaults to true. */
+  enabled?: boolean;
+  /** Overrides the local config-file search roots. */
+  searchPaths?: string[];
+  /** Overrides the local loopback ports to probe. */
+  defaultPorts?: number[];
+  /** Defaults to true. When false, discovery only persists gateways. */
+  autoProvision?: boolean;
+}
+
 export interface DaemonConfig {
   /**
    * @deprecated Kept for backward compatibility with pre-multi-agent configs.
@@ -131,6 +142,12 @@ export interface DaemonConfig {
    * so the dispatcher never re-queries this list.
    */
   openclawGateways?: OpenclawGatewayProfile[];
+
+  /**
+   * Daemon-side local OpenClaw discovery. Omitted means enabled with default
+   * search paths/ports and automatic adoption of discovered agents.
+   */
+  openclawDiscovery?: OpenclawDiscoveryConfig;
 }
 
 /**
@@ -357,6 +374,25 @@ export function loadConfig(): DaemonConfig {
     }
     out.agentDiscovery = copy;
   }
+  const openclawDiscovery = parsed.openclawDiscovery;
+  if (openclawDiscovery && typeof openclawDiscovery === "object") {
+    const copy: OpenclawDiscoveryConfig = {};
+    if (typeof openclawDiscovery.enabled === "boolean") copy.enabled = openclawDiscovery.enabled;
+    if (Array.isArray(openclawDiscovery.searchPaths)) {
+      copy.searchPaths = openclawDiscovery.searchPaths.filter(
+        (p): p is string => typeof p === "string" && p.length > 0,
+      );
+    }
+    if (Array.isArray(openclawDiscovery.defaultPorts)) {
+      copy.defaultPorts = openclawDiscovery.defaultPorts.filter(
+        (p): p is number => Number.isInteger(p) && p > 0 && p < 65536,
+      );
+    }
+    if (typeof openclawDiscovery.autoProvision === "boolean") {
+      copy.autoProvision = openclawDiscovery.autoProvision;
+    }
+    out.openclawDiscovery = copy;
+  }
   return out;
 }