@swarmclawai/swarmclaw 1.2.2 → 1.2.3

package/README.md

@@ -190,6 +190,13 @@ The building blocks are the same: **agents, tools, memory, delegation, schedules
 
 ## Release Notes
 
+### v1.2.3 Highlights
+
+- **Standalone asset staging repair**: `swarmclaw server` now copies `.next/static` and `public/` into the Next.js standalone runtime after the first build, preventing blank UI loads and 503s for CSS, JS, and image assets.
+- **OpenClaw SSH port fix**: remote OpenClaw deploys now preserve well-known SSH ports like `22` instead of clamping them to `1024`.
+- **OpenClaw image source fix**: generated remote deploy bundles and default upgrade actions now use the official `ghcr.io/openclaw/openclaw:latest` image instead of the missing Docker Hub shorthand.
+- **Standalone self-healing**: server startup now repairs older incomplete standalone bundles by staging missing runtime assets before launching `server.js`.
+
 ### v1.2.2 Highlights
 
 - **Modular chat execution pipeline**: decomposed the monolithic chat-execution module into 6 focused stages (preflight, preparation, stream execution, partial persistence, finalization, types) for maintainability and testability.
@@ -226,91 +233,6 @@ The building blocks are the same: **agents, tools, memory, delegation, schedules
 - **Playwright proxy hardening**: improved stdio pipe handling for dev server restarts.
 - **Scheduler and run ledger fixes**: improved scheduler reliability and run ledger state tracking.
 
-### v1.1.8 Highlights
-
-- **Agent live status**: real-time `/agents/:id/status` endpoint exposes goal, progress, and plan steps; org chart detail panel consumes it via `useAgentLiveStatus` hook.
-- **Learned skills lifecycle**: promote, dismiss, and delete learned skills via `/learned-skills/:id`; `/skill-review-counts` provides badge counts for the skills workspace.
-- **Gemini CLI provider**: Google Gemini CLI joins the provider roster alongside claude-cli and codex-cli, with shared CLI utilities factored into `cli-utils.ts`.
-- **Peer query & team context tools**: new session tools let agents query peers and access team context during conversations.
-- **Team resolution**: dedicated `team-resolution.ts` module resolves agent teams for delegation routing.
-- **Org chart activity feed**: timeline feed component and delegation bubble visualization for the org chart view.
-- **Skills workspace improvements**: expanded skills management UI with review-ready badges.
-- **Cost trend chart**: new dashboard component for cost visualization.
-- **Streaming fix**: text no longer gets stuck on the thinking indicator.
-- **Delegation normalization**: `delegationEnabled` now derived from agent role, removed from starter kit templates.
-- **Chat execution refinements**: improved continuation limits, post-stream finalization, and stream continuation.
-- **Memory and storage improvements**: memory tier management, consolidation enhancements, and storage cache updates.
-- **WebSocket and provider health**: improved WS client handling, delegation edge state, and provider health monitoring.
-
-### v1.1.7 Highlights
-
-- **Projects page redesign**: tabbed navigation (Overview, Work, Operations, Activity) with health grid, sortable task list, and timeline feed.
-- **Delegation visualization**: live org chart edges show active delegations with status, direction, and message popover on click.
-- **Credential self-service**: agents can check whether a credential exists and request missing ones from humans with structured messages, signup URLs, and durable wait.
-- **Main loop state persistence**: autonomous operation state now survives server restarts via on-disk persistence.
-- **Internal metadata stripping**: classification JSON and loop detection messages no longer leak into streamed agent output.
-- **Response completeness evaluator**: LLM-based detection of incomplete agent responses triggers continuation nudges.
-- **Coordinator delegation nudging**: coordinators that make 3+ direct tool calls get prompted to delegate to workers.
-- **Inspector panel overhaul**: new dashboard/config/files tabs absorb model switcher and workspace controls from chat header.
-- **Streaming phase indicators**: agent chat list shows queued, tool-in-use, responding, and reconnecting states.
-- **Shell safety**: agents can no longer kill SwarmClaw's own process or port.
-- **Worker-only providers**: CLI-backed providers (claude-cli, codex-cli, etc.) properly restricted from coordinator/heartbeat roles.
-- **HTTP tool removed**: the built-in HTTP session tool was removed from the standard toolkit.
-
-### v1.1.6 Highlights
-
-- **Org chart view**: visual agent hierarchy with drag-and-drop reparenting, team grouping, and context-menu actions for managing agent relationships directly from the canvas.
-- **Dashboard API**: server-side metrics endpoint with cost tracking, usage aggregation, and budget warning thresholds for operator visibility.
-- **Subagent lifecycle overhaul**: state-machine lineage tracking, `delegationDepth` limits, auto-announce on spawn, and cleaner parent-child session management.
-- **Chat execution refactor**: composable prompt sections replace monolithic prompt building, continuation evaluator consolidation, and extracted stream-continuation logic for maintainability.
-- **Per-agent cost attribution**: token costs are tracked and attributed per agent, enabling budget controls and cost reporting at the agent level.
-- **Capability-based task routing**: tasks can match agents by declared capabilities, not just explicit assignment, enabling smarter automatic dispatch.
-- **Bulk agent operations**: new `/api/agents/bulk` endpoint for batch updates across multiple agents in a single request.
-- **Document revisions API**: version history for documents with `/api/documents/[id]/revisions` endpoint.
-- **Store loader consolidation**: async loaders now use `createLoader()` and `setIfChanged` to eliminate redundant re-renders from polling.
-
-### v1.1.4 Highlights
-
-- **Orchestrator agents return as a first-class autonomy mode**: eligible agents can now run scheduled orchestrator wake cycles with their own mission, governance policy, wake interval, cycle cap, Autonomy-desk controls, and setup/editor support.
-- **Runtime durability is much harder to knock over**: the task queue now supports parallel execution with restart-safe swarm state, orphaned running-task recovery, stuck-task idle timeout detection, and provider-health persistence across daemon restarts.
-- **Recovery and safety paths are tighter**: provider errors are classified for smarter failover, unavailable agents defer work instead of burning it, supervisor blocks can create executable notifications, and agent budget limits now gate task execution before work starts.
-- **Temporary session rooms are easier to inspect**: chatrooms now split persistent rooms from temporary session-style rooms so orchestrator or structured-session conversations can stay visible without polluting the normal room list.
-
-### v1.1.3 Highlights
-
-- **Release integrity repair**: `build:ci` no longer trips over the langgraph checkpoint duplicate-column path, which restores clean build validation for the release line.
-- **Storage writes are safer**: credential and agent saves were tightened to upsert-only behavior and bulk-delete safety guards so tests or scripts cannot accidentally wipe live state.
-- **Plugin-to-extension cleanup finished**: remaining rename residue in scripts and tests was cleaned up so packaging and release tooling stay aligned with the current extensions model.
-- **Safe body parsing utility**: shared `safeParseBody()` replaces scattered `await req.json()` try/catch blocks across API routes.
-
-### v1.1.2 Highlights
-
-- **Structured Sessions expanded into richer orchestration**: ProtocolRun-based sessions now support dependency-aware step graphs, reusable step outputs, and a broader advanced execution model on the same durable runtime instead of bringing back a separate orchestrator.
-- **Explicit Ollama local/cloud routing**: agents and sessions now persist the user-selected Ollama mode directly, so local Ollama no longer flips to cloud because of model naming or leftover credentials.
-- **Chat and runtime regression hardening**: live-streamed inline media, stale streaming cleanup, exact-output handling, and chat rendering bugs were tightened again, including the recent message-row and avatar rendering regressions.
-- **Nebius and DeepInfra as built-in providers**: both are now first-class providers with setup wizard entries, model discovery, and pre-configured defaults instead of requiring the custom provider workaround.
-- **`stream_options` resilience**: the OpenAI-compatible streaming handler now retries without `stream_options` if a provider rejects it with 400, fixing connectivity for strict endpoints.
-
-### v1.1.1 Highlights
-
-- **Structured Sessions are now contextual**: start bounded structured runs from direct chats, chatrooms, tasks, missions, or schedules, including a new chatroom `/breakout` command that spins up a focused session from the current room with auto-filled participants and kickoff context.
-- **ProtocolRun orchestration matured**: structured sessions now run on the same durable engine for step-based branching, repeat loops, parallel branches, and explicit joins instead of growing a separate orchestration subsystem.
-- **Live-agent runtime hardening**: exact-output contracts, memory preflight behavior, same-channel delivery rendering, inline media, and grounded runtime inspection were all tightened through live-agent validation before release.
-
-### v1.1.0 Highlights
-
-- **Mission controller and Missions UI**: SwarmClaw now tracks durable multi-step objectives as missions with status, phase, linked tasks, queued turns, recent runs, event history, and operator actions from the new **Missions** surface.
-- **Autonomy safety desk and run replay**: the new **Autonomy Control** page adds estop visibility, resume policy controls, incident review, and run replay backed by durable run history rather than transient in-memory state.
-- **Durable queued follow-ups**: direct chat and connector follow-up turns now use a backend queue so queued work survives reloads, drains in order, and stays attached to the right mission/session context.
-- **Chat execution and UX hardening**: streamed handoff, memory writes, inline media, queue state, and tool-policy fallback behavior were cleaned up so agents are less noisy, less brittle, and easier to follow in real chats.
-
-### v1.0.9 Highlights
-
-- **Quieter chat and inbox replies**: chat-origin and connector turns now suppress more hidden control text, stop replaying connector-tool output as normal assistant prose, and avoid extra empty follow-up chatter after successful tool work.
-- **Sender-aware direct inbox replies**: direct connector sessions can honor stored sender display names and reply-medium preferences, including voice-note-first replies when the connector supports binary media and the agent has a configured voice.
-- **Cleaner connector delivery reconciliation**: connector delivery markers now track what was actually sent, response previews prefer the delivered transcript, and task/connector followups resolve local output files more reliably.
-- **Memory-write followthrough hardening**: successful memory store/update turns terminate more cleanly, which reduces unnecessary post-tool loops while still allowing a natural acknowledgement when the user needs one.
-
 ## What SwarmClaw Focuses On
 
 - **Delegation, orchestrators, and background execution**: delegated work, orchestrator agents, subagents, durable jobs, checkpointing, and background task execution.

package/bin/server-cmd.js

@@ -47,6 +47,10 @@ function ensureDir(dir) {
   if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true })
 }
 
+function resolveStandaloneRuntimeDir(serverJs) {
+  return path.dirname(serverJs)
+}
+
 function log(msg) {
   process.stdout.write(`[swarmclaw] ${msg}\n`)
 }
@@ -206,6 +210,51 @@ function symlinkDir(targetPath, linkPath) {
   fs.symlinkSync(targetPath, linkPath, process.platform === 'win32' ? 'junction' : 'dir')
 }
 
+function syncStandaloneRuntimeAssets({
+  sourceRoot,
+  runtimeDir,
+  force = false,
+} = {}) {
+  const assets = [
+    {
+      key: 'staticCopied',
+      sourcePath: path.join(sourceRoot, '.next', 'static'),
+      targetPath: path.join(runtimeDir, '.next', 'static'),
+      optional: false,
+    },
+    {
+      key: 'publicCopied',
+      sourcePath: path.join(sourceRoot, 'public'),
+      targetPath: path.join(runtimeDir, 'public'),
+      optional: true,
+    },
+  ]
+
+  const result = {
+    staticCopied: false,
+    publicCopied: false,
+  }
+
+  for (const asset of assets) {
+    if (!fs.existsSync(asset.sourcePath)) {
+      if (!asset.optional) result[asset.key] = false
+      continue
+    }
+    if (!force && fs.existsSync(asset.targetPath)) continue
+
+    ensureDir(path.dirname(asset.targetPath))
+    fs.rmSync(asset.targetPath, { recursive: true, force: true })
+    fs.cpSync(asset.sourcePath, asset.targetPath, {
+      recursive: true,
+      force: true,
+      dereference: true,
+    })
+    result[asset.key] = true
+  }
+
+  return result
+}
+
 function prepareBuildWorkspace({ pkgRoot = PKG_ROOT, buildRoot = resolvePackageBuildRoot(pkgRoot), nodeModulesDir } = {}) {
   copyBuildWorkspaceContents(pkgRoot, buildRoot)
   symlinkDir(nodeModulesDir, path.join(buildRoot, 'node_modules'))
@@ -285,6 +334,15 @@ function runBuild({ pkgRoot = PKG_ROOT } = {}) {
     },
   })
 
+  const standalone = locateStandaloneServer({ pkgRoot: buildRoot })
+  if (standalone) {
+    syncStandaloneRuntimeAssets({
+      sourceRoot: buildRoot,
+      runtimeDir: resolveStandaloneRuntimeDir(standalone.serverJs),
+      force: true,
+    })
+  }
+
   log('Build complete.')
 }
 
@@ -306,10 +364,12 @@ async function startServer(opts, { pkgRoot = PKG_ROOT } = {}) {
     logError('Standalone server.js not found in the installed package. Try running: swarmclaw server --build')
     process.exit(1)
   }
-  const { root: runtimeRoot, serverJs } = standalone
+  const { root: buildRoot, serverJs } = standalone
+  const runtimeRoot = resolveStandaloneRuntimeDir(serverJs)
 
   ensureDir(SWARMCLAW_HOME)
   ensureDir(DATA_DIR)
+  syncStandaloneRuntimeAssets({ sourceRoot: buildRoot, runtimeDir: runtimeRoot })
 
   const port = opts.port || '3456'
   const wsPort = opts.wsPort || String(Number(port) + 1)
@@ -328,6 +388,7 @@ async function startServer(opts, { pkgRoot = PKG_ROOT } = {}) {
 
   log(`Starting server on ${host}:${port} (WebSocket: ${wsPort})...`)
   log(`Package root: ${pkgRoot}`)
+  log(`Build root: ${buildRoot}`)
   log(`Runtime root: ${runtimeRoot}`)
   log(`Home: ${SWARMCLAW_HOME}`)
   log(`Data directory: ${DATA_DIR}`)
@@ -545,6 +606,8 @@ module.exports = {
   resolveReadyCheckHost,
   resolveStandaloneCandidateRoots,
   resolveStandaloneBase,
+  resolveStandaloneRuntimeDir,
   runBuild,
+  syncStandaloneRuntimeAssets,
   waitForPortReady,
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@swarmclawai/swarmclaw",
-  "version": "1.2.2",
+  "version": "1.2.3",
   "description": "Self-hosted AI runtime for OpenClaw, delegation, autonomy, runtime skills, crypto wallets, and chat platform connectors.",
   "license": "MIT",
   "publishConfig": {

package/src/cli/server-cmd.test.js

@@ -136,6 +136,80 @@ test('prepareBuildWorkspace copies the package tree and links node_modules outsi
   fs.rmSync(externalNodeModules, { recursive: true, force: true })
 })
 
+test('syncStandaloneRuntimeAssets copies .next/static and public into a direct standalone runtime', () => {
+  const homeDir = fs.mkdtempSync(path.join(os.tmpdir(), 'swarmclaw-server-home-'))
+  const pkgRoot = fs.mkdtempSync(path.join(os.tmpdir(), 'swarmclaw-server-pkg-'))
+  const serverCmd = loadServerCmdForHome(homeDir)
+  const runtimeDir = path.join(pkgRoot, '.next', 'standalone')
+
+  fs.mkdirSync(path.join(pkgRoot, '.next', 'static', 'chunks'), { recursive: true })
+  fs.mkdirSync(path.join(pkgRoot, 'public', 'branding'), { recursive: true })
+  fs.writeFileSync(path.join(pkgRoot, '.next', 'static', 'chunks', 'app.js'), 'chunk\n', 'utf8')
+  fs.writeFileSync(path.join(pkgRoot, 'public', 'branding', 'logo.svg'), '<svg />\n', 'utf8')
+
+  const result = serverCmd.syncStandaloneRuntimeAssets({
+    sourceRoot: pkgRoot,
+    runtimeDir,
+    force: true,
+  })
+
+  assert.deepEqual(result, { staticCopied: true, publicCopied: true })
+  assert.equal(fs.readFileSync(path.join(runtimeDir, '.next', 'static', 'chunks', 'app.js'), 'utf8'), 'chunk\n')
+  assert.equal(fs.readFileSync(path.join(runtimeDir, 'public', 'branding', 'logo.svg'), 'utf8'), '<svg />\n')
+
+  fs.rmSync(homeDir, { recursive: true, force: true })
+  fs.rmSync(pkgRoot, { recursive: true, force: true })
+})
+
+test('syncStandaloneRuntimeAssets targets the resolved nested runtime directory', () => {
+  const homeDir = fs.mkdtempSync(path.join(os.tmpdir(), 'swarmclaw-server-home-'))
+  const pkgRoot = fs.mkdtempSync(path.join(os.tmpdir(), 'swarmclaw-server-pkg-'))
+  const serverCmd = loadServerCmdForHome(homeDir)
+  const serverJs = path.join(pkgRoot, '.next', 'standalone', 'Users', 'wayde', 'Dev', 'swarmclaw', 'server.js')
+  const runtimeDir = serverCmd.resolveStandaloneRuntimeDir(serverJs)
+
+  fs.mkdirSync(path.dirname(serverJs), { recursive: true })
+  fs.writeFileSync(serverJs, 'console.log("ok")\n', 'utf8')
+  fs.mkdirSync(path.join(pkgRoot, '.next', 'static', 'css'), { recursive: true })
+  fs.writeFileSync(path.join(pkgRoot, '.next', 'static', 'css', 'app.css'), 'body{}\n', 'utf8')
+
+  const result = serverCmd.syncStandaloneRuntimeAssets({
+    sourceRoot: pkgRoot,
+    runtimeDir,
+  })
+
+  assert.deepEqual(result, { staticCopied: true, publicCopied: false })
+  assert.equal(fs.readFileSync(path.join(runtimeDir, '.next', 'static', 'css', 'app.css'), 'utf8'), 'body{}\n')
+  assert.equal(fs.existsSync(path.join(runtimeDir, 'public')), false)
+
+  fs.rmSync(homeDir, { recursive: true, force: true })
+  fs.rmSync(pkgRoot, { recursive: true, force: true })
+})
+
+test('syncStandaloneRuntimeAssets repairs missing assets without overwriting an existing target by default', () => {
+  const homeDir = fs.mkdtempSync(path.join(os.tmpdir(), 'swarmclaw-server-home-'))
+  const pkgRoot = fs.mkdtempSync(path.join(os.tmpdir(), 'swarmclaw-server-pkg-'))
+  const serverCmd = loadServerCmdForHome(homeDir)
+  const runtimeDir = path.join(pkgRoot, '.next', 'standalone')
+
+  fs.mkdirSync(path.join(pkgRoot, '.next', 'static', 'chunks'), { recursive: true })
+  fs.writeFileSync(path.join(pkgRoot, '.next', 'static', 'chunks', 'main.js'), 'fresh\n', 'utf8')
+  fs.mkdirSync(path.join(runtimeDir, 'public'), { recursive: true })
+  fs.writeFileSync(path.join(runtimeDir, 'public', 'keep.txt'), 'keep\n', 'utf8')
+
+  const result = serverCmd.syncStandaloneRuntimeAssets({
+    sourceRoot: pkgRoot,
+    runtimeDir,
+  })
+
+  assert.deepEqual(result, { staticCopied: true, publicCopied: false })
+  assert.equal(fs.readFileSync(path.join(runtimeDir, '.next', 'static', 'chunks', 'main.js'), 'utf8'), 'fresh\n')
+  assert.equal(fs.readFileSync(path.join(runtimeDir, 'public', 'keep.txt'), 'utf8'), 'keep\n')
+
+  fs.rmSync(homeDir, { recursive: true, force: true })
+  fs.rmSync(pkgRoot, { recursive: true, force: true })
+})
+
 test('resolveReadyCheckHost maps wildcard bind hosts to loopback', () => {
   const homeDir = fs.mkdtempSync(path.join(os.tmpdir(), 'swarmclaw-server-home-'))
   const serverCmd = loadServerCmdForHome(homeDir)

package/src/components/openclaw/openclaw-deploy-panel.tsx

@@ -851,6 +851,8 @@ export function OpenClawDeployPanel(props: OpenClawDeployPanelProps) {
               <label className="block text-[11px] font-700 uppercase tracking-[0.08em] text-text-3/70 mb-2">Port</label>
               <input
                 type="number"
+                min={1024}
+                max={65535}
                 value={localPort}
                 onChange={(e) => setLocalPort(Number.parseInt(e.target.value, 10) || 18789)}
                 className="w-full rounded-[12px] border border-white/[0.08] bg-bg px-3 py-3 text-[13px] text-text outline-none focus:border-accent-bright/30"
@@ -1168,6 +1170,8 @@ export function OpenClawDeployPanel(props: OpenClawDeployPanelProps) {
                   />
                   <input
                     type="number"
+                    min={1}
+                    max={65535}
                     value={sshPort}
                     onChange={(e) => setSshPort(Number.parseInt(e.target.value, 10) || 22)}
                     placeholder="22"

package/src/lib/server/openclaw/deploy.test.ts

@@ -6,6 +6,8 @@ import {
   getOpenClawLocalDeployStatus,
   getOpenClawRemoteDeployCollectionStatus,
   getOpenClawRemoteDeployStatus,
+  sanitizeLocalPort,
+  sanitizeSshConfig,
 } from './deploy'
 
 const GLOBAL_KEY = '__swarmclaw_openclaw_deploy__' as const
@@ -42,13 +44,17 @@ test('docker smart deploy bundle uses official image and provider-specific metad
 
   const envFile = bundle.files.find((file) => file.name === '.env')
   assert.ok(envFile)
-  assert.match(envFile.content, /OPENCLAW_IMAGE=openclaw:latest/)
+  assert.match(envFile.content, /OPENCLAW_IMAGE=ghcr\.io\/openclaw\/openclaw:latest/)
   assert.match(envFile.content, /OPENCLAW_GATEWAY_TOKEN=test-token/)
 
+  const dockerCompose = bundle.files.find((file) => file.name === 'docker-compose.yml')
+  assert.ok(dockerCompose)
+  assert.match(dockerCompose.content, /image: \$\{OPENCLAW_IMAGE:-ghcr\.io\/openclaw\/openclaw:latest\}/)
+
   const cloudInit = bundle.files.find((file) => file.name === 'cloud-init.yaml')
   assert.ok(cloudInit)
   assert.match(cloudInit.content, /docker\.io/)
-  assert.match(cloudInit.content, /docker pull "\$\{OPENCLAW_IMAGE:-openclaw:latest\}"/)
+  assert.match(cloudInit.content, /docker pull "\$\{OPENCLAW_IMAGE:-ghcr\.io\/openclaw\/openclaw:latest\}"/)
   assert.match(cloudInit.content, /\/opt\/openclaw\/docker-compose\.yml/)
 
   const caddyfile = bundle.files.find((file) => file.name === 'Caddyfile')
@@ -74,6 +80,39 @@ test('render bundle stays aligned with the official repo flow', () => {
   assert.match(bundle.runbook[0] || '', /official OpenClaw GitHub repo/i)
 })
 
+test('remote bundle preserves low HTTP ports below 1024', () => {
+  const bundle = buildOpenClawDeployBundle({
+    template: 'docker',
+    target: 'gateway.example.com',
+    scheme: 'http',
+    port: 81,
+  })
+
+  assert.equal(bundle.endpoint, 'http://gateway.example.com:81/v1')
+  assert.equal(bundle.wsUrl, 'ws://gateway.example.com:81')
+})
+
+test('ssh config preserves port 22', () => {
+  const config = sanitizeSshConfig({
+    host: 'gateway.example.com',
+    port: 22,
+  })
+
+  assert.deepEqual(config, {
+    host: 'gateway.example.com',
+    user: 'root',
+    port: 22,
+    keyPath: null,
+    targetDir: '/opt/openclaw',
+  })
+})
+
+test('local managed deploy ports stay clamped to unprivileged values', () => {
+  assert.equal(sanitizeLocalPort(22), 1024)
+  assert.equal(sanitizeLocalPort('443'), 1024)
+  assert.equal(sanitizeLocalPort(18789), 18789)
+})
+
 test('local deploy status exposes a sensible default endpoint before startup', () => {
   const status = getOpenClawLocalDeployStatus()
   const collection = getOpenClawLocalDeployCollectionStatus()
@@ -159,7 +198,7 @@ test('remote deploy collection preserves multiple remotes and targeted lookup',
         createdAt: 30,
         updatedAt: 40,
         lastError: null,
-        lastSummary: 'Pulling openclaw:latest and recreating the OpenClaw stack on beta.example.com.',
+        lastSummary: 'Pulling ghcr.io/openclaw/openclaw:latest and recreating the OpenClaw stack on beta.example.com.',
         lastCommandPreview: 'ssh root@beta.example.com docker compose up -d',
         lastBackupPath: null,
       },

package/src/lib/server/openclaw/deploy.ts

@@ -192,6 +192,7 @@ interface ExposureMeta {
 
 const DEFAULT_LOCAL_PORT = 18789
 const DEFAULT_REMOTE_PORT = 18789
+const DEFAULT_OPENCLAW_IMAGE = 'ghcr.io/openclaw/openclaw:latest'
 const OC_DEPLOY_KEY = '__swarmclaw_openclaw_deploy__'
 
 const REMOTE_PROVIDER_META: Record<OpenClawRemoteDeployProvider, RemoteProviderMeta> = {
@@ -604,14 +605,27 @@ function buildLocalInstallCommand(port: number, token?: string | null, localId =
   return `${parts.join(' ')} && npx openclaw gateway start`
 }
 
-function sanitizePort(value: unknown, fallback = DEFAULT_LOCAL_PORT): number {
+function parsePortNumber(value: unknown): number | null {
   const parsed = typeof value === 'number'
     ? value
     : typeof value === 'string'
       ? Number.parseInt(value, 10)
       : Number.NaN
-  if (!Number.isFinite(parsed)) return fallback
-  return Math.max(1024, Math.min(65535, Math.trunc(parsed)))
+  return Number.isFinite(parsed) ? parsed : null
+}
+
+function sanitizePortInRange(value: unknown, fallback: number, minimum: number): number {
+  const parsed = parsePortNumber(value)
+  if (parsed === null) return fallback
+  return Math.max(minimum, Math.min(65535, Math.trunc(parsed)))
+}
+
+export function sanitizeLocalPort(value: unknown, fallback = DEFAULT_LOCAL_PORT): number {
+  return sanitizePortInRange(value, fallback, 1024)
+}
+
+function sanitizeRemotePort(value: unknown, fallback = DEFAULT_REMOTE_PORT): number {
+  return sanitizePortInRange(value, fallback, 1)
 }
 
 function normalizeToken(value: unknown): string | null {
@@ -666,10 +680,10 @@ function normalizeExposurePreset(value: unknown, fallback?: OpenClawUseCaseTempl
   return useCase?.defaultExposure || 'private-lan'
 }
 
-function sanitizeSshConfig(input?: Partial<OpenClawSshConfig> | null): OpenClawSshConfig | null {
+export function sanitizeSshConfig(input?: Partial<OpenClawSshConfig> | null): OpenClawSshConfig | null {
   const host = typeof input?.host === 'string' && input.host.trim() ? input.host.trim() : ''
   if (!host) return null
-  const port = sanitizePort(input?.port, 22)
+  const port = sanitizePortInRange(input?.port, 22, 1)
   return {
     host,
     user: typeof input?.user === 'string' && input.user.trim() ? input.user.trim() : 'root',
@@ -1034,7 +1048,7 @@ export async function startOpenClawLocalDeploy(input?: {
   makePrimary?: boolean
 }): Promise<{ local: OpenClawLocalDeployStatus; locals: OpenClawLocalDeployStatus[]; token: string }> {
   const state = getRuntimeState()
-  const port = sanitizePort(input?.port, DEFAULT_LOCAL_PORT)
+  const port = sanitizeLocalPort(input?.port, DEFAULT_LOCAL_PORT)
   const requestedLocalId = typeof input?.localId === 'string' && input.localId.trim()
     ? input.localId.trim()
     : null
@@ -1238,7 +1252,7 @@ function resolveHostBindAddress(useCase: OpenClawUseCaseTemplate, exposure: Open
 function buildDockerComposeFile(options: DockerBundleOptions): string {
   return `services:
   openclaw-gateway:
-    image: \${OPENCLAW_IMAGE:-openclaw:latest}
+    image: \${OPENCLAW_IMAGE:-${DEFAULT_OPENCLAW_IMAGE}}
     environment:
       HOME: /home/node
       TERM: xterm-256color
@@ -1284,7 +1298,7 @@ function buildDockerComposeFile(options: DockerBundleOptions): string {
 }
 
 function buildDockerEnvFile(options: DockerBundleOptions): string {
-  return `OPENCLAW_IMAGE=openclaw:latest
+  return `OPENCLAW_IMAGE=${DEFAULT_OPENCLAW_IMAGE}
 OPENCLAW_GATEWAY_TOKEN=${options.token}
 OPENCLAW_GATEWAY_BIND=lan
 OPENCLAW_HOST_BIND=${resolveHostBindAddress(options.useCase, options.exposure)}
@@ -1314,7 +1328,7 @@ if ! command -v docker >/dev/null 2>&1; then
   exit 1
 fi
 
-docker pull "\${OPENCLAW_IMAGE:-openclaw:latest}"
+docker pull "\${OPENCLAW_IMAGE:-${DEFAULT_OPENCLAW_IMAGE}}"
 docker compose up -d
 if [ -f docker-compose.proxy.yml ]; then
   docker compose -f docker-compose.yml -f docker-compose.proxy.yml up -d
@@ -1365,7 +1379,7 @@ ${extraFiles ? `${extraFiles}
 ` : ''}runcmd:
   - mkdir -p /opt/openclaw/.openclaw /opt/openclaw/workspace /opt/openclaw/backups
   - systemctl enable --now docker
-  - bash -lc 'cd /opt/openclaw && docker pull "\${OPENCLAW_IMAGE:-openclaw:latest}"'
+  - bash -lc 'cd /opt/openclaw && docker pull "\${OPENCLAW_IMAGE:-${DEFAULT_OPENCLAW_IMAGE}}"'
   - bash -lc 'cd /opt/openclaw && docker compose up -d'
   - bash -lc 'cd /opt/openclaw && if [ -f docker-compose.proxy.yml ]; then docker compose -f docker-compose.yml -f docker-compose.proxy.yml up -d; fi'
 final_message: "OpenClaw gateway bootstrap complete. Run: sudo docker compose -f /opt/openclaw/docker-compose.yml ps"
@@ -1597,7 +1611,7 @@ export function buildOpenClawDeployBundle(input?: {
   const template = input?.template || 'docker'
   const token = normalizeToken(input?.token) || generateOpenClawGatewayToken()
   const scheme = input?.scheme === 'http' ? 'http' : 'https'
-  const port = sanitizePort(input?.port, DEFAULT_REMOTE_PORT)
+  const port = sanitizeRemotePort(input?.port, DEFAULT_REMOTE_PORT)
   const rawTarget = typeof input?.target === 'string' ? input.target.trim() : ''
   const endpoint = normalizeOpenClawEndpoint(ensureSchemeAndPort(rawTarget || 'openclaw.example.com', scheme, port))
   const wsUrl = deriveOpenClawWsUrl(endpoint)
@@ -1802,7 +1816,7 @@ export async function runOpenClawRemoteLifecycleAction(input?: {
   const sshConfig = sanitizeSshConfig(input?.ssh)
   if (!sshConfig) throw new Error('SSH host is required for remote lifecycle actions.')
   const remoteDir = sshConfig.targetDir || '/opt/openclaw'
-  const image = normalizeText(input?.image) || 'openclaw:latest'
+  const image = normalizeText(input?.image) || DEFAULT_OPENCLAW_IMAGE
   const action = input?.action || 'restart'
   let remoteCommand = ''
   let summary = ''