@ssdavidai/zoclaw 1.2.0 → 1.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/scripts/bootstrap.sh +8 -24
package/package.json
CHANGED
package/scripts/bootstrap.sh
CHANGED
|
@@ -6,8 +6,6 @@
|
|
|
6
6
|
set -euo pipefail
|
|
7
7
|
|
|
8
8
|
CONFIG="${HOME}/.openclaw/openclaw.json"
|
|
9
|
-
PAIRED="${HOME}/.openclaw/devices/paired.json"
|
|
10
|
-
PENDING="${HOME}/.openclaw/devices/pending.json"
|
|
11
9
|
|
|
12
10
|
if [ ! -f "$CONFIG" ]; then
|
|
13
11
|
echo "Error: $CONFIG not found. Run 'openclaw configure' first."
|
|
@@ -16,8 +14,7 @@ fi
|
|
|
16
14
|
|
|
17
15
|
echo "Patching openclaw config for Tailscale Serve..."
|
|
18
16
|
|
|
19
|
-
# Patch gateway config — use OpenClaw's native tailscale integration
|
|
20
|
-
# instead of manually configuring tailscale serve.
|
|
17
|
+
# Patch gateway config — use OpenClaw's native tailscale integration.
|
|
21
18
|
# Ref: https://docs.openclaw.ai/gateway/tailscale
|
|
22
19
|
node -e "
|
|
23
20
|
const fs = require('fs');
|
|
@@ -32,6 +29,12 @@ node -e "
|
|
|
32
29
|
// and proxy HTTPS traffic from the tailnet to the local port.
|
|
33
30
|
gw.tailscale = { mode: 'serve' };
|
|
34
31
|
|
|
32
|
+
// Trust localhost as a reverse proxy. Tailscale Serve connects
|
|
33
|
+
// to the gateway on 127.0.0.1 and adds x-forwarded-for headers.
|
|
34
|
+
// Without this, the gateway ignores proxy headers and can't
|
|
35
|
+
// resolve the caller's Tailscale identity.
|
|
36
|
+
gw.trustedProxies = ['127.0.0.1/32'];
|
|
37
|
+
|
|
35
38
|
// Trust Tailscale identity headers — valid Tailscale Serve
|
|
36
39
|
// requests authenticate via x-forwarded-for + tailscale whois
|
|
37
40
|
// without needing a token or password.
|
|
@@ -56,31 +59,12 @@ node -e "
|
|
|
56
59
|
|
|
57
60
|
echo " gateway.bind = loopback"
|
|
58
61
|
echo " gateway.tailscale.mode = serve"
|
|
62
|
+
echo " gateway.trustedProxies = [127.0.0.1/32]"
|
|
59
63
|
echo " gateway.auth.allowTailscale = true"
|
|
60
64
|
echo " gateway.controlUi.enabled = true"
|
|
61
65
|
echo " nodes.denyCommands -> removed"
|
|
62
66
|
echo " credentials dir -> 700"
|
|
63
67
|
|
|
64
|
-
# Upgrade any existing paired devices to full admin scopes
|
|
65
|
-
if [ -f "$PAIRED" ]; then
|
|
66
|
-
node -e "
|
|
67
|
-
const fs = require('fs');
|
|
68
|
-
const paired = JSON.parse(fs.readFileSync(process.argv[1], 'utf8'));
|
|
69
|
-
const scopes = ['operator.read','operator.admin','operator.approvals','operator.pairing'];
|
|
70
|
-
for (const dev of Object.values(paired)) {
|
|
71
|
-
dev.clientId = 'cli';
|
|
72
|
-
dev.clientMode = 'cli';
|
|
73
|
-
dev.scopes = scopes;
|
|
74
|
-
for (const tok of Object.values(dev.tokens ?? {})) tok.scopes = scopes;
|
|
75
|
-
}
|
|
76
|
-
fs.writeFileSync(process.argv[1], JSON.stringify(paired, null, 2) + '\n');
|
|
77
|
-
" "$PAIRED"
|
|
78
|
-
echo " Upgraded paired device scopes to full admin"
|
|
79
|
-
fi
|
|
80
|
-
|
|
81
|
-
# Clear stale pairing requests
|
|
82
|
-
[ -f "$PENDING" ] && echo '{}' > "$PENDING"
|
|
83
|
-
|
|
84
68
|
# Restart gateway to pick up config changes.
|
|
85
69
|
# The gateway will auto-configure tailscale serve on startup.
|
|
86
70
|
# Do NOT use --force as it regenerates the gateway identity
|