@castlekit/castle 0.4.1 → 0.4.3

package/src/app/api/openclaw/agents/[id]/avatar/route.ts

@@ -1,8 +1,7 @@
 import { NextRequest, NextResponse } from "next/server";
-import { readFileSync, writeFileSync, mkdirSync, existsSync } from "fs";
+import { writeFileSync, mkdirSync } from "fs";
 import { join } from "path";
 import { homedir } from "os";
-import JSON5 from "json5";
 import sharp from "sharp";
 import { ensureGateway } from "@/lib/gateway-connection";
 import { checkCsrf } from "@/lib/api-security";
@@ -20,21 +19,6 @@ const ALLOWED_TYPES = new Set([
   "image/gif",
 ]);
 
-interface AgentConfig {
-  id: string;
-  workspace?: string;
-  identity?: Record<string, unknown>;
-  [key: string]: unknown;
-}
-
-interface OpenClawConfig {
-  agents?: {
-    list?: AgentConfig[];
-    [key: string]: unknown;
-  };
-  [key: string]: unknown;
-}
-
 /**
  * Resize and compress an avatar image to 256x256, under 100KB.
  */
@@ -59,27 +43,13 @@ async function processAvatar(input: Buffer): Promise<{ data: Buffer; ext: string
   return { data, ext: ".jpg" };
 }
 
-/**
- * Find the OpenClaw config file path.
- */
-function getOpenClawConfigPath(): string | null {
-  const paths = [
-    join(homedir(), ".openclaw", "openclaw.json"),
-    join(homedir(), ".openclaw", "openclaw.json5"),
-  ];
-  for (const p of paths) {
-    if (existsSync(p)) return p;
-  }
-  return null;
-}
-
 /**
  * POST /api/openclaw/agents/[id]/avatar
  *
  * Upload a new avatar image for an agent.
  * - Resizes to 256x256 and compresses under 100KB
- * - Saves to the agent's workspace directory
- * - Writes config file directly (Gateway hot-reloads identity changes, no restart needed)
+ * - Saves to Castle's own avatars directory (~/.castle/avatars/)
+ * - Updates OpenClaw config via Gateway's config.patch RPC (never writes to OpenClaw files directly)
  */
 export async function POST(
   request: NextRequest,
@@ -128,46 +98,9 @@ export async function POST(
     );
   }
 
-  // Read the OpenClaw config file directly
-  const configPath = getOpenClawConfigPath();
-  if (!configPath) {
-    return NextResponse.json(
-      { error: "OpenClaw config file not found" },
-      { status: 500 }
-    );
-  }
-
-  let config: OpenClawConfig;
-  try {
-    config = JSON5.parse(readFileSync(configPath, "utf-8"));
-  } catch (err) {
-    return NextResponse.json(
-      { error: `Failed to read config: ${err instanceof Error ? err.message : "unknown"}` },
-      { status: 500 }
-    );
-  }
-
-  const agents = config.agents?.list || [];
-  const agent = agents.find((a) => a.id === safeId);
-
-  if (!agent) {
-    return NextResponse.json({ error: "Agent not found" }, { status: 404 });
-  }
-
-  if (!agent.workspace) {
-    return NextResponse.json(
-      { error: "Agent has no workspace configured" },
-      { status: 400 }
-    );
-  }
-
-  const workspacePath = agent.workspace.startsWith("~")
-    ? join(homedir(), agent.workspace.slice(1))
-    : agent.workspace;
-
-  // Save processed avatar to workspace
-  const avatarsDir = join(workspacePath, "avatars");
-  const fileName = `avatar${processed.ext}`;
+  // Save processed avatar to Castle's own directory — never write to OpenClaw's filesystem
+  const avatarsDir = join(homedir(), ".castle", "avatars");
+  const fileName = `${safeId}${processed.ext}`;
   const filePath = join(avatarsDir, fileName);
 
   try {
@@ -180,37 +113,64 @@ export async function POST(
     );
   }
 
-  // Update config file directly — Gateway's file watcher hot-reloads identity changes
-  // No config.patch, no restart, no WebSocket disconnect
+  // Update OpenClaw config via Gateway's config.patch RPC — the proper way to
+  // modify OpenClaw config without writing to its files directly.
+  const gw = ensureGateway();
+
+  if (!gw.isConnected) {
+    // Avatar is saved locally; config update will happen when Gateway reconnects
+    return NextResponse.json({
+      success: true,
+      avatar: filePath,
+      size: processed.data.length,
+      message: "Avatar saved locally. Gateway not connected — config will update when it reconnects.",
+      configUpdated: false,
+    });
+  }
+
   try {
-    agent.identity = agent.identity || {};
-    agent.identity.avatar = `avatars/${fileName}`;
-    writeFileSync(configPath, JSON5.stringify(config, null, 2), "utf-8");
+    // Use config.patch to set the agent's avatar path.
+    // Gateway validates and applies the patch, then hot-reloads.
+    await gw.request("config.patch", {
+      agents: {
+        list: [
+          {
+            id: safeId,
+            identity: {
+              avatar: filePath,
+            },
+          },
+        ],
+      },
+    });
+    console.log(`[Avatar API] Config patched for agent ${safeId}`);
   } catch (err) {
-    return NextResponse.json(
-      { error: `Failed to update config: ${err instanceof Error ? err.message : "unknown"}` },
-      { status: 500 }
+    console.error(
+      `[Avatar API] config.patch failed for agent ${safeId}:`,
+      err instanceof Error ? err.message : "unknown"
     );
+    // Avatar is still saved locally — not a total failure
+    return NextResponse.json({
+      success: true,
+      avatar: filePath,
+      size: processed.data.length,
+      message: "Avatar saved but config update failed. Try restarting the Gateway.",
+      configUpdated: false,
+    });
   }
 
-  // Wait briefly for Gateway's file watcher to hot-reload (~300ms debounce)
-  await new Promise((resolve) => setTimeout(resolve, 500));
-
-  // Refresh Castle's agent list from the Gateway
+  // Emit a signal so SSE clients re-fetch agents
   try {
-    const gw = ensureGateway();
-    if (gw.isConnected) {
-      // Emit a signal so SSE clients re-fetch agents
-      gw.emit("agentAvatarUpdated", { agentId: safeId });
-    }
+    gw.emit("agentAvatarUpdated", { agentId: safeId });
   } catch {
     // Non-critical
   }
 
   return NextResponse.json({
     success: true,
-    avatar: `avatars/${fileName}`,
+    avatar: filePath,
     size: processed.data.length,
     message: "Avatar updated",
+    configUpdated: true,
   });
 }

package/src/app/api/openclaw/agents/route.ts

@@ -1,8 +1,12 @@
 import { NextResponse } from "next/server";
+import { join, resolve } from "path";
+import { homedir } from "os";
 import { ensureGateway } from "@/lib/gateway-connection";
 
 export const dynamic = "force-dynamic";
 
+const CASTLE_AVATARS_DIR = join(homedir(), ".castle", "avatars");
+
 interface AgentIdentity {
   name?: string;
   theme?: string;
@@ -86,6 +90,14 @@ function resolveAvatarUrl(
     return `/api/avatars/${key}`;
   }
 
+  // Absolute path under ~/.castle/avatars/ (from avatar upload via config.patch)
+  if (avatar.startsWith("/") || avatar.startsWith("~")) {
+    const normalized = resolve(avatar.replace(/^~/, homedir()));
+    if (normalized.startsWith(CASTLE_AVATARS_DIR + "/") || normalized === CASTLE_AVATARS_DIR) {
+      return `/api/avatars/${agentId}`;
+    }
+  }
+
   return null;
 }
 

package/src/app/page.tsx

@@ -206,7 +206,7 @@ function ConnectionCard({
 }) {
   const getSubtitle = () => {
     if (isLoading) return "Connecting to Gateway...";
-    if (!isConfigured) return "Run 'castle setup' to configure";
+    if (!isConfigured) return "OpenClaw not installed — visit openclaw.ai";
     if (isConnected) {
       const parts = ["Connected"];
       if (serverVersion) parts[0] = `Connected to OpenClaw ${serverVersion}`;
@@ -247,8 +247,8 @@ function ConnectionCard({
           {isLoading ? (
             <Badge variant="outline">Connecting...</Badge>
           ) : (
-            <Badge variant={isConnected ? "success" : "error"}>
-              {isConnected ? "Connected" : "Disconnected"}
+            <Badge variant={isConnected ? "success" : isConfigured ? "error" : "outline"}>
+              {isConnected ? "Connected" : isConfigured ? "Disconnected" : "Not Installed"}
             </Badge>
           )}
         </div>

package/src/cli/onboarding.ts

@@ -329,6 +329,7 @@ export async function runOnboarding(): Promise<void> {
   }
 
   // Step 1: Check for OpenClaw
+  let openclawSkipped = false;
   const openclawSpinner = p.spinner();
   openclawSpinner.start("Checking for OpenClaw...");
 
@@ -356,34 +357,29 @@ export async function runOnboarding(): Promise<void> {
       installSpinner.start("Installing OpenClaw...");
 
       const installCmd = process.platform === "win32"
-        ? 'powershell -NoProfile -ExecutionPolicy Bypass -Command "& { iwr -useb https://openclaw.ai/install.ps1 | iex } -NoOnboard"'
+        ? 'powershell -NoProfile -ExecutionPolicy Bypass -Command "iwr -useb https://openclaw.ai/install.ps1 -OutFile $env:TEMP\\openclaw-install.ps1; & $env:TEMP\\openclaw-install.ps1 -NoOnboard"'
         : 'curl -fsSL --proto "=https" --tlsv1.2 https://openclaw.ai/install.sh | bash -s -- --no-onboard --no-prompt';
 
       try {
-        execSync(installCmd, { stdio: "pipe", timeout: 120000 });
+        execSync(installCmd, { stdio: "inherit", timeout: 300000 });
         installSpinner.stop(BLUE("✔ OpenClaw installed"));
       } catch (error) {
+        openclawSkipped = true;
         installSpinner.stop(pc.red("OpenClaw installation failed"));
         const manualCmd = process.platform === "win32"
           ? "iwr -useb https://openclaw.ai/install.ps1 | iex"
           : "curl -fsSL https://openclaw.ai/install.sh | bash";
-        p.note(
-          `Install OpenClaw manually:\n${BLUE_LIGHT(manualCmd)}\n\nThen run: ${BLUE_LIGHT("castle setup")}`,
-          BLUE_BOLD("Manual Install")
+        p.log.warn(
+          `You can install OpenClaw later:\n${BLUE_LIGHT(manualCmd)}`
         );
-        p.outro("Come back when OpenClaw is installed!");
-        process.exit(1);
       }
     } else {
-      const manualCmd = process.platform === "win32"
-        ? "iwr -useb https://openclaw.ai/install.ps1 | iex"
-        : "curl -fsSL https://openclaw.ai/install.sh | bash";
-      p.note(
-        `Install OpenClaw:\n${BLUE_LIGHT(manualCmd)}\n\nThen come back and run:\n${BLUE_LIGHT("castle setup")}`,
-        BLUE_BOLD("Install OpenClaw First")
-      );
-      p.outro("See you soon!");
-      process.exit(0);
+      openclawSkipped = true;
+    }
+
+    if (openclawSkipped && !isOpenClawInstalled()) {
+      // Skip Gateway config — use defaults and continue to build/start Castle
+      p.log.message(pc.dim("Using default settings — you can reconfigure later with castle setup"));
     }
   } else {
     // Auto-detect token and agents in one go
@@ -416,34 +412,49 @@ export async function runOnboarding(): Promise<void> {
   let token = readOpenClawToken();
   let gatewayUrl: string | undefined;
   let isRemote = false;
+  let primaryAgent = "assistant";
+  let agents: DiscoveredAgent[] = [];
+
+  if (!openclawSkipped) {
+    // If we have auto-detected config, offer a choice
+    const hasLocalConfig = !!readOpenClawPort() || isOpenClawInstalled();
+
+    if (hasLocalConfig && token) {
+      // Both auto-detect and manual are available
+      const connectionMode = await p.select({
+        message: "How would you like to connect?",
+        options: [
+          {
+            value: "auto",
+            label: `Auto-detected local Gateway ${pc.dim(`(port ${port})`)}`,
+            hint: "Recommended for local setups",
+          },
+          {
+            value: "manual",
+            label: "Enter Gateway details manually",
+            hint: "For remote, Tailscale, or custom setups",
+          },
+        ],
+      });
 
-  // If we have auto-detected config, offer a choice
-  const hasLocalConfig = !!readOpenClawPort() || isOpenClawInstalled();
-
-  if (hasLocalConfig && token) {
-    // Both auto-detect and manual are available
-    const connectionMode = await p.select({
-      message: "How would you like to connect?",
-      options: [
-        {
-          value: "auto",
-          label: `Auto-detected local Gateway ${pc.dim(`(port ${port})`)}`,
-          hint: "Recommended for local setups",
-        },
-        {
-          value: "manual",
-          label: "Enter Gateway details manually",
-          hint: "For remote, Tailscale, or custom setups",
-        },
-      ],
-    });
-
-    if (p.isCancel(connectionMode)) {
-      p.cancel("Setup cancelled.");
-      process.exit(0);
-    }
+      if (p.isCancel(connectionMode)) {
+        p.cancel("Setup cancelled.");
+        process.exit(0);
+      }
 
-    if (connectionMode === "manual") {
+      if (connectionMode === "manual") {
+        const manualResult = await promptManualGateway();
+        if (!manualResult) {
+          p.cancel("Setup cancelled.");
+          process.exit(0);
+        }
+        port = manualResult.port;
+        token = manualResult.token;
+        gatewayUrl = manualResult.gatewayUrl;
+        isRemote = manualResult.isRemote;
+      }
+    } else if (!token) {
+      // No auto-detected token — fall through to manual entry
       const manualResult = await promptManualGateway();
       if (!manualResult) {
         p.cancel("Setup cancelled.");
@@ -454,57 +465,44 @@ export async function runOnboarding(): Promise<void> {
       gatewayUrl = manualResult.gatewayUrl;
       isRemote = manualResult.isRemote;
     }
-  } else if (!token) {
-    // No auto-detected token — fall through to manual entry
-    const manualResult = await promptManualGateway();
-    if (!manualResult) {
-      p.cancel("Setup cancelled.");
-      process.exit(0);
-    }
-    port = manualResult.port;
-    token = manualResult.token;
-    gatewayUrl = manualResult.gatewayUrl;
-    isRemote = manualResult.isRemote;
-  }
 
-  // Step 3: Agent Discovery (use URL if remote, port if local)
-  const agentTarget = gatewayUrl || port;
-  const agents = await discoverAgents(agentTarget, token);
+    // Step 3: Agent Discovery (use URL if remote, port if local)
+    const agentTarget = gatewayUrl || port;
+    agents = await discoverAgents(agentTarget, token);
 
-  let primaryAgent: string;
+    if (agents.length > 0) {
 
-  if (agents.length > 0) {
+      const selectedAgent = await p.select({
+        message: "Choose your primary agent",
+        options: agents.map((a) => ({
+          value: a.id,
+          label: `${a.name} ${pc.dim(`<${a.id}>`)}`,
+          hint: a.description || undefined,
+        })),
+      });
 
-    const selectedAgent = await p.select({
-      message: "Choose your primary agent",
-      options: agents.map((a) => ({
-        value: a.id,
-        label: `${a.name} ${pc.dim(`<${a.id}>`)}`,
-        hint: a.description || undefined,
-      })),
-    });
+      if (p.isCancel(selectedAgent)) {
+        p.cancel("Setup cancelled.");
+        process.exit(0);
+      }
 
-    if (p.isCancel(selectedAgent)) {
-      p.cancel("Setup cancelled.");
-      process.exit(0);
-    }
+      primaryAgent = selectedAgent as string;
+    } else {
+      const setPrimary = await p.text({
+        message: "Enter the name of your primary agent",
+        initialValue: "assistant",
+        validate(value: string | undefined) {
+          if (!value?.trim()) return "Agent name is required";
+        },
+      });
 
-    primaryAgent = selectedAgent as string;
-  } else {
-    const setPrimary = await p.text({
-      message: "Enter the name of your primary agent",
-      initialValue: "assistant",
-      validate(value: string | undefined) {
-        if (!value?.trim()) return "Agent name is required";
-      },
-    });
+      if (p.isCancel(setPrimary)) {
+        p.cancel("Setup cancelled.");
+        process.exit(0);
+      }
 
-    if (p.isCancel(setPrimary)) {
-      p.cancel("Setup cancelled.");
-      process.exit(0);
+      primaryAgent = setPrimary as string;
     }
-
-    primaryAgent = setPrimary as string;
   }
 
   // Step 5: Create Castle config
@@ -878,6 +876,11 @@ WantedBy=default.target
   }
 
   p.outro(pc.dim(`Opening ${BLUE(`http://localhost:${castlePort}`)}...`));
-  const open = (await import("open")).default;
-  await open(`http://localhost:${castlePort}`);
+  const url = `http://localhost:${castlePort}`;
+  if (process.platform === "win32") {
+    execSync(`start "" "${url}"`, { stdio: "ignore" });
+  } else {
+    const open = (await import("open")).default;
+    await open(url);
+  }
 }