activeclaw 2026.2.12 → 2026.2.13

package/dist/{audit-CQzrm61N.js → audit-Dmww_503.js}

@@ -1,23 +1,24 @@
 import { g as resolveStateDir, m as resolveOAuthDir, o as resolveConfigPath } from "./paths-DVBShlw6.js";
 import { l as normalizeAgentId } from "./session-key-BWxPj0z_.js";
-import { n as runExec } from "./exec-DXtR2fhb.js";
-import { c as resolveDefaultAgentId, s as resolveAgentWorkspaceDir } from "./agent-scope---6LLHj0.js";
+import { n as runExec } from "./exec-YIosokWE.js";
+import { c as resolveDefaultAgentId, s as resolveAgentWorkspaceDir } from "./agent-scope-CQCus0rI.js";
 import { t as formatCliCommand } from "./command-format-ChfKqObn.js";
-import { D as INCLUDE_KEY, O as MAX_INCLUDE_DEPTH, r as createConfigIO } from "./config-DH9TLUNc.js";
-import { a as MANIFEST_KEY } from "./manifest-registry-DFckk-L8.js";
-import { n as listChannelPlugins } from "./plugins-BL9lIXSA.js";
-import { $ as resolveSandboxToolPolicyForAgent, Z as resolveSandboxConfigForAgent, ot as resolveToolProfilePolicy } from "./sandbox-BW8Xnkw1.js";
-import { i as loadWorkspaceSkillEntries } from "./skills-aFOsriMP.js";
+import { D as INCLUDE_KEY, O as MAX_INCLUDE_DEPTH, r as createConfigIO } from "./config-aFQssWKX.js";
+import { a as MANIFEST_KEY } from "./manifest-registry-CQhdnDBZ.js";
+import { n as listChannelPlugins } from "./plugins-X7d_tfTE.js";
+import { $ as resolveSandboxToolPolicyForAgent, Z as resolveSandboxConfigForAgent, ot as resolveToolProfilePolicy } from "./sandbox-Bhjnh1Xg.js";
+import { i as loadWorkspaceSkillEntries } from "./skills-DprQj9X2.js";
 import { n as formatErrorMessage } from "./errors-Bv81hF2P.js";
-import { a as resolveProfile, i as resolveBrowserConfig } from "./server-context-Lb-eUZG_.js";
-import { h as GATEWAY_CLIENT_NAMES, m as GATEWAY_CLIENT_MODES } from "./message-channel-0717wOz-.js";
-import { t as GatewayClient } from "./client-B0_GiCjB.js";
-import { t as buildGatewayConnectionDetails } from "./call-C9az806y.js";
-import { i as readChannelAllowFromStore } from "./pairing-store-CL4rJ7m7.js";
-import { c as resolveNativeSkillsEnabled, n as isToolAllowedByPolicies, s as resolveNativeCommandsEnabled } from "./pi-tools.policy-CJFi1sny.js";
-import { t as resolveChannelDefaultAccountId } from "./helpers-BDvtkJjw.js";
-import { t as scanDirectoryWithSummary } from "./skill-scanner-CprFkZib.js";
-import { i as resolveGatewayAuth } from "./auth-jrfLXze7.js";
+import { a as resolveProfile, i as resolveBrowserConfig } from "./server-context-Cl0U0vE3.js";
+import { h as GATEWAY_CLIENT_NAMES, m as GATEWAY_CLIENT_MODES } from "./message-channel-BLi2a6Yw.js";
+import { t as GatewayClient } from "./client-BrYfyoDK.js";
+import { t as buildGatewayConnectionDetails } from "./call-SolyGS1r.js";
+import { i as readChannelAllowFromStore } from "./pairing-store-CmlRVqOz.js";
+import { c as resolveNativeSkillsEnabled, n as isToolAllowedByPolicies, s as resolveNativeCommandsEnabled } from "./pi-tools.policy-BpsROZbz.js";
+import { i as resolveGatewayAuth } from "./auth-CQNl_IaI.js";
+import { n as resolveBrowserControlAuth } from "./control-auth-DBCu3qyv.js";
+import { t as resolveChannelDefaultAccountId } from "./helpers-HyeZXsnu.js";
+import { t as scanDirectoryWithSummary } from "./skill-scanner-CucvxYhu.js";
 import os from "node:os";
 import path from "node:path";
 import JSON5 from "json5";
@@ -143,6 +144,11 @@ function looksLikeEnvRef(value) {
 	const v = value.trim();
 	return v.startsWith("${") && v.endsWith("}");
 }
+function isGatewayRemotelyExposed(cfg) {
+	if ((typeof cfg.gateway?.bind === "string" ? cfg.gateway.bind : "loopback") !== "loopback") return true;
+	const tailscaleMode = cfg.gateway?.tailscale?.mode ?? "off";
+	return tailscaleMode === "serve" || tailscaleMode === "funnel";
+}
 function addModel(models, raw, source) {
 	if (typeof raw !== "string") return;
 	const id = raw.trim();
@@ -353,6 +359,31 @@ function collectHooksHardeningFindings(cfg) {
 		detail: "hooks.path='/' would shadow other HTTP endpoints and is unsafe.",
 		remediation: "Use a dedicated path like '/hooks'."
 	});
+	const allowRequestSessionKey = cfg.hooks?.allowRequestSessionKey === true;
+	const defaultSessionKey = typeof cfg.hooks?.defaultSessionKey === "string" ? cfg.hooks.defaultSessionKey.trim() : "";
+	const allowedPrefixes = Array.isArray(cfg.hooks?.allowedSessionKeyPrefixes) ? cfg.hooks.allowedSessionKeyPrefixes.map((prefix) => prefix.trim()).filter((prefix) => prefix.length > 0) : [];
+	const remoteExposure = isGatewayRemotelyExposed(cfg);
+	if (!defaultSessionKey) findings.push({
+		checkId: "hooks.default_session_key_unset",
+		severity: "warn",
+		title: "hooks.defaultSessionKey is not configured",
+		detail: "Hook agent runs without explicit sessionKey use generated per-request keys. Set hooks.defaultSessionKey to keep hook ingress scoped to a known session.",
+		remediation: "Set hooks.defaultSessionKey (for example, \"hook:ingress\")."
+	});
+	if (allowRequestSessionKey) findings.push({
+		checkId: "hooks.request_session_key_enabled",
+		severity: remoteExposure ? "critical" : "warn",
+		title: "External hook payloads may override sessionKey",
+		detail: "hooks.allowRequestSessionKey=true allows `/hooks/agent` callers to choose the session key. Treat hook token holders as full-trust unless you also restrict prefixes.",
+		remediation: "Set hooks.allowRequestSessionKey=false (recommended) or constrain hooks.allowedSessionKeyPrefixes."
+	});
+	if (allowRequestSessionKey && allowedPrefixes.length === 0) findings.push({
+		checkId: "hooks.request_session_key_prefixes_missing",
+		severity: remoteExposure ? "critical" : "warn",
+		title: "Request sessionKey override is enabled without prefix restrictions",
+		detail: "hooks.allowRequestSessionKey=true and hooks.allowedSessionKeyPrefixes is unset/empty, so request payloads can target arbitrary session key shapes.",
+		remediation: "Set hooks.allowedSessionKeyPrefixes (for example, [\"hook:\"]) or disable request overrides."
+	});
 	return findings;
 }
 function collectModelHygieneFindings(cfg) {
@@ -1361,6 +1392,7 @@ function collectGatewayConfigFindings(cfg, env) {
 	const hasSharedSecret = auth.mode === "token" && hasToken || auth.mode === "password" && hasPassword;
 	const hasTailscaleAuth = auth.allowTailscale && tailscaleMode === "serve";
 	const hasGatewayAuth = hasSharedSecret || hasTailscaleAuth;
+	const remotelyExposed = bind !== "loopback" || tailscaleMode === "serve" || tailscaleMode === "funnel";
 	if (bind !== "loopback" && !hasSharedSecret) findings.push({
 		checkId: "gateway.bind_no_auth",
 		severity: "critical",
@@ -1416,9 +1448,21 @@ function collectGatewayConfigFindings(cfg, env) {
 		title: "Gateway token looks short",
 		detail: `gateway auth token is ${token.length} chars; prefer a long random token.`
 	});
+	const chatCompletionsEnabled = cfg.gateway?.http?.endpoints?.chatCompletions?.enabled === true;
+	const responsesEnabled = cfg.gateway?.http?.endpoints?.responses?.enabled === true;
+	if (chatCompletionsEnabled || responsesEnabled) {
+		const enabledEndpoints = [chatCompletionsEnabled ? "/v1/chat/completions" : null, responsesEnabled ? "/v1/responses" : null].filter((value) => Boolean(value));
+		findings.push({
+			checkId: "gateway.http.session_key_override_enabled",
+			severity: remotelyExposed ? "warn" : "info",
+			title: "HTTP APIs accept explicit session key override headers",
+			detail: `${enabledEndpoints.join(", ")} support x-openclaw-session-key. Any authenticated caller can route requests into arbitrary sessions.`,
+			remediation: "Treat HTTP API credentials as full-trust, disable unused endpoints, and avoid sharing tokens across tenants."
+		});
+	}
 	return findings;
 }
-function collectBrowserControlFindings(cfg) {
+function collectBrowserControlFindings(cfg, env) {
 	const findings = [];
 	let resolved;
 	try {
@@ -1434,6 +1478,14 @@ function collectBrowserControlFindings(cfg) {
 		return findings;
 	}
 	if (!resolved.enabled) return findings;
+	const browserAuth = resolveBrowserControlAuth(cfg, env);
+	if (!browserAuth.token && !browserAuth.password) findings.push({
+		checkId: "browser.control_no_auth",
+		severity: "critical",
+		title: "Browser control has no auth",
+		detail: "Browser control HTTP routes are enabled but no gateway.auth token/password is configured. Any local process (or SSRF to loopback) can call browser control endpoints.",
+		remediation: "Set gateway.auth.token (recommended) or gateway.auth.password so browser control HTTP routes require authentication. Restarting the gateway will auto-generate gateway.auth.token when browser control is enabled."
+	});
 	for (const name of Object.keys(resolved.profiles)) {
 		const profile = resolveProfile(resolved, name);
 		if (!profile || profile.cdpIsLoopback) continue;
@@ -1778,7 +1830,7 @@ async function runSecurityAudit(opts) {
 		configPath
 	}));
 	findings.push(...collectGatewayConfigFindings(cfg, env));
-	findings.push(...collectBrowserControlFindings(cfg));
+	findings.push(...collectBrowserControlFindings(cfg, env));
 	findings.push(...collectLoggingFindings(cfg));
 	findings.push(...collectElevatedFindings(cfg));
 	findings.push(...collectHooksHardeningFindings(cfg));

package/dist/{audit-DMH3CSXY.js → audit-wPu26VMb.js}

@@ -1,23 +1,24 @@
-import { B as resolveConfigPath, J as resolveOAuthDir, X as resolveStateDir } from "./entry.js";
-import { t as formatCliCommand } from "./command-format-ayFsmwwz.js";
+import { V as resolveConfigPath, Y as resolveOAuthDir, Z as resolveStateDir } from "./entry.js";
+import { t as formatCliCommand } from "./command-format-Bxe0mWee.js";
 import { l as normalizeAgentId } from "./session-key-DVvxnFKg.js";
-import { n as runExec } from "./exec-B8JKbXKW.js";
-import { c as resolveDefaultAgentId, s as resolveAgentWorkspaceDir } from "./agent-scope-RCSw6gHy.js";
-import { D as INCLUDE_KEY, O as MAX_INCLUDE_DEPTH, r as createConfigIO } from "./config-B7sno9eI.js";
-import { a as MANIFEST_KEY } from "./manifest-registry-BTgLN_W2.js";
-import { a as resolveBrowserConfig, o as resolveProfile } from "./server-context-fX4xiYRh.js";
-import { n as formatErrorMessage } from "./errors-x4NYs-1P.js";
-import { i as resolveGatewayAuth } from "./auth-BcNHFK-i.js";
-import { t as GatewayClient } from "./client-D7wrC1Ug.js";
-import { t as buildGatewayConnectionDetails } from "./call-Yxns4CVq.js";
-import { h as GATEWAY_CLIENT_NAMES, m as GATEWAY_CLIENT_MODES } from "./message-channel-BlgPSDAh.js";
-import { n as listChannelPlugins } from "./plugins-3GyCj5KL.js";
+import { n as runExec } from "./exec-CACT5OAW.js";
+import { c as resolveDefaultAgentId, s as resolveAgentWorkspaceDir } from "./agent-scope-CsRbLH4l.js";
+import { D as INCLUDE_KEY, O as MAX_INCLUDE_DEPTH, r as createConfigIO } from "./config-Bdhomfei.js";
+import { a as MANIFEST_KEY } from "./manifest-registry-u0okVSkU.js";
+import { a as resolveBrowserConfig, o as resolveProfile } from "./server-context-BGpGs3qd.js";
+import { i as resolveGatewayAuth } from "./auth-9x3lqfIY.js";
+import { n as resolveBrowserControlAuth } from "./control-auth-8Cf4WXpR.js";
+import { n as formatErrorMessage } from "./errors-DjZBTJJ3.js";
+import { t as GatewayClient } from "./client-CTwXnRl7.js";
+import { t as buildGatewayConnectionDetails } from "./call-DVYCIV8m.js";
+import { h as GATEWAY_CLIENT_NAMES, m as GATEWAY_CLIENT_MODES } from "./message-channel-C_MmebBt.js";
+import { n as listChannelPlugins } from "./plugins-4Hqd1WGf.js";
 import { t as resolveChannelDefaultAccountId } from "./helpers-DdwqKAAS.js";
-import { t as scanDirectoryWithSummary } from "./skill-scanner-C_fQzVDu.js";
-import { G as resolveSandboxToolPolicyForAgent, Q as resolveToolProfilePolicy, U as resolveSandboxConfigForAgent } from "./sandbox-B0K9e6Fw.js";
-import { i as loadWorkspaceSkillEntries } from "./skills-BvPUNjxo.js";
-import { a as isToolAllowedByPolicies, n as resolveNativeCommandsEnabled, r as resolveNativeSkillsEnabled } from "./commands-BG25qku5.js";
-import { i as readChannelAllowFromStore } from "./pairing-store-fIWI3pXG.js";
+import { t as scanDirectoryWithSummary } from "./skill-scanner-rHMtUHtP.js";
+import { G as resolveSandboxToolPolicyForAgent, Q as resolveToolProfilePolicy, U as resolveSandboxConfigForAgent } from "./sandbox-BKYnhYQH.js";
+import { i as loadWorkspaceSkillEntries } from "./skills-DRjfSQT3.js";
+import { a as isToolAllowedByPolicies, n as resolveNativeCommandsEnabled, r as resolveNativeSkillsEnabled } from "./commands-BX_OIIVR.js";
+import { i as readChannelAllowFromStore } from "./pairing-store-Dp5_JGnG.js";
 import path from "node:path";
 import os from "node:os";
 import JSON5 from "json5";
@@ -143,6 +144,11 @@ function looksLikeEnvRef(value) {
 	const v = value.trim();
 	return v.startsWith("${") && v.endsWith("}");
 }
+function isGatewayRemotelyExposed(cfg) {
+	if ((typeof cfg.gateway?.bind === "string" ? cfg.gateway.bind : "loopback") !== "loopback") return true;
+	const tailscaleMode = cfg.gateway?.tailscale?.mode ?? "off";
+	return tailscaleMode === "serve" || tailscaleMode === "funnel";
+}
 function addModel(models, raw, source) {
 	if (typeof raw !== "string") return;
 	const id = raw.trim();
@@ -353,6 +359,31 @@ function collectHooksHardeningFindings(cfg) {
 		detail: "hooks.path='/' would shadow other HTTP endpoints and is unsafe.",
 		remediation: "Use a dedicated path like '/hooks'."
 	});
+	const allowRequestSessionKey = cfg.hooks?.allowRequestSessionKey === true;
+	const defaultSessionKey = typeof cfg.hooks?.defaultSessionKey === "string" ? cfg.hooks.defaultSessionKey.trim() : "";
+	const allowedPrefixes = Array.isArray(cfg.hooks?.allowedSessionKeyPrefixes) ? cfg.hooks.allowedSessionKeyPrefixes.map((prefix) => prefix.trim()).filter((prefix) => prefix.length > 0) : [];
+	const remoteExposure = isGatewayRemotelyExposed(cfg);
+	if (!defaultSessionKey) findings.push({
+		checkId: "hooks.default_session_key_unset",
+		severity: "warn",
+		title: "hooks.defaultSessionKey is not configured",
+		detail: "Hook agent runs without explicit sessionKey use generated per-request keys. Set hooks.defaultSessionKey to keep hook ingress scoped to a known session.",
+		remediation: "Set hooks.defaultSessionKey (for example, \"hook:ingress\")."
+	});
+	if (allowRequestSessionKey) findings.push({
+		checkId: "hooks.request_session_key_enabled",
+		severity: remoteExposure ? "critical" : "warn",
+		title: "External hook payloads may override sessionKey",
+		detail: "hooks.allowRequestSessionKey=true allows `/hooks/agent` callers to choose the session key. Treat hook token holders as full-trust unless you also restrict prefixes.",
+		remediation: "Set hooks.allowRequestSessionKey=false (recommended) or constrain hooks.allowedSessionKeyPrefixes."
+	});
+	if (allowRequestSessionKey && allowedPrefixes.length === 0) findings.push({
+		checkId: "hooks.request_session_key_prefixes_missing",
+		severity: remoteExposure ? "critical" : "warn",
+		title: "Request sessionKey override is enabled without prefix restrictions",
+		detail: "hooks.allowRequestSessionKey=true and hooks.allowedSessionKeyPrefixes is unset/empty, so request payloads can target arbitrary session key shapes.",
+		remediation: "Set hooks.allowedSessionKeyPrefixes (for example, [\"hook:\"]) or disable request overrides."
+	});
 	return findings;
 }
 function collectModelHygieneFindings(cfg) {
@@ -1361,6 +1392,7 @@ function collectGatewayConfigFindings(cfg, env) {
 	const hasSharedSecret = auth.mode === "token" && hasToken || auth.mode === "password" && hasPassword;
 	const hasTailscaleAuth = auth.allowTailscale && tailscaleMode === "serve";
 	const hasGatewayAuth = hasSharedSecret || hasTailscaleAuth;
+	const remotelyExposed = bind !== "loopback" || tailscaleMode === "serve" || tailscaleMode === "funnel";
 	if (bind !== "loopback" && !hasSharedSecret) findings.push({
 		checkId: "gateway.bind_no_auth",
 		severity: "critical",
@@ -1416,9 +1448,21 @@ function collectGatewayConfigFindings(cfg, env) {
 		title: "Gateway token looks short",
 		detail: `gateway auth token is ${token.length} chars; prefer a long random token.`
 	});
+	const chatCompletionsEnabled = cfg.gateway?.http?.endpoints?.chatCompletions?.enabled === true;
+	const responsesEnabled = cfg.gateway?.http?.endpoints?.responses?.enabled === true;
+	if (chatCompletionsEnabled || responsesEnabled) {
+		const enabledEndpoints = [chatCompletionsEnabled ? "/v1/chat/completions" : null, responsesEnabled ? "/v1/responses" : null].filter((value) => Boolean(value));
+		findings.push({
+			checkId: "gateway.http.session_key_override_enabled",
+			severity: remotelyExposed ? "warn" : "info",
+			title: "HTTP APIs accept explicit session key override headers",
+			detail: `${enabledEndpoints.join(", ")} support x-openclaw-session-key. Any authenticated caller can route requests into arbitrary sessions.`,
+			remediation: "Treat HTTP API credentials as full-trust, disable unused endpoints, and avoid sharing tokens across tenants."
+		});
+	}
 	return findings;
 }
-function collectBrowserControlFindings(cfg) {
+function collectBrowserControlFindings(cfg, env) {
 	const findings = [];
 	let resolved;
 	try {
@@ -1434,6 +1478,14 @@ function collectBrowserControlFindings(cfg) {
 		return findings;
 	}
 	if (!resolved.enabled) return findings;
+	const browserAuth = resolveBrowserControlAuth(cfg, env);
+	if (!browserAuth.token && !browserAuth.password) findings.push({
+		checkId: "browser.control_no_auth",
+		severity: "critical",
+		title: "Browser control has no auth",
+		detail: "Browser control HTTP routes are enabled but no gateway.auth token/password is configured. Any local process (or SSRF to loopback) can call browser control endpoints.",
+		remediation: "Set gateway.auth.token (recommended) or gateway.auth.password so browser control HTTP routes require authentication. Restarting the gateway will auto-generate gateway.auth.token when browser control is enabled."
+	});
 	for (const name of Object.keys(resolved.profiles)) {
 		const profile = resolveProfile(resolved, name);
 		if (!profile || profile.cdpIsLoopback) continue;
@@ -1778,7 +1830,7 @@ async function runSecurityAudit(opts) {
 		configPath
 	}));
 	findings.push(...collectGatewayConfigFindings(cfg, env));
-	findings.push(...collectBrowserControlFindings(cfg));
+	findings.push(...collectBrowserControlFindings(cfg, env));
 	findings.push(...collectLoggingFindings(cfg));
 	findings.push(...collectElevatedFindings(cfg));
 	findings.push(...collectHooksHardeningFindings(cfg));

package/dist/{tailscale-DU6DgqVy.js → auth-9x3lqfIY.js}

@@ -1,7 +1,27 @@
-import { x as logVerbose } from "./entry.js";
-import { n as runExec } from "./exec-B8JKbXKW.js";
+import { S as logVerbose, b as isVerbose, x as isYes } from "./entry.js";
+import { n as runExec } from "./exec-CACT5OAW.js";
+import { i as isTrustedProxyAddress, l as resolveGatewayClientIp, n as isLoopbackAddress, o as parseForwardedForClientIp } from "./ws-C0k_dhCP.js";
+import { stdin, stdout } from "node:process";
 import { existsSync } from "node:fs";
+import { timingSafeEqual } from "node:crypto";
+import readline from "node:readline/promises";
 
+//#region src/cli/prompt.ts
+async function promptYesNo(question, defaultYes = false) {
+	if (isVerbose() && isYes()) return true;
+	if (isYes()) return true;
+	const rl = readline.createInterface({
+		input: stdin,
+		output: stdout
+	});
+	const suffix = defaultYes ? " [Y/n] " : " [y/N] ";
+	const answer = (await rl.question(`${question}${suffix}`)).trim().toLowerCase();
+	rl.close();
+	if (!answer) return defaultYes;
+	return answer.startsWith("y");
+}
+
+//#endregion
 //#region src/infra/tailscale.ts
 function parsePossiblyNoisyJsonObject(stdout) {
 	const trimmed = stdout.trim();
@@ -222,4 +242,189 @@ async function readTailscaleWhoisIdentity(ip, exec = runExec, opts) {
 }
 
 //#endregion
-export { findTailscaleBinary as a, readTailscaleWhoisIdentity as c, enableTailscaleServe as i, disableTailscaleServe as n, getTailnetHostname as o, enableTailscaleFunnel as r, readTailscaleStatusJson as s, disableTailscaleFunnel as t };
+//#region src/security/secret-equal.ts
+function safeEqualSecret(provided, expected) {
+	if (typeof provided !== "string" || typeof expected !== "string") return false;
+	const providedBuffer = Buffer.from(provided);
+	const expectedBuffer = Buffer.from(expected);
+	if (providedBuffer.length !== expectedBuffer.length) return false;
+	return timingSafeEqual(providedBuffer, expectedBuffer);
+}
+
+//#endregion
+//#region src/gateway/auth.ts
+function normalizeLogin(login) {
+	return login.trim().toLowerCase();
+}
+function getHostName(hostHeader) {
+	const host = (hostHeader ?? "").trim().toLowerCase();
+	if (!host) return "";
+	if (host.startsWith("[")) {
+		const end = host.indexOf("]");
+		if (end !== -1) return host.slice(1, end);
+	}
+	const [name] = host.split(":");
+	return name ?? "";
+}
+function headerValue(value) {
+	return Array.isArray(value) ? value[0] : value;
+}
+function resolveTailscaleClientIp(req) {
+	if (!req) return;
+	const forwardedFor = headerValue(req.headers?.["x-forwarded-for"]);
+	return forwardedFor ? parseForwardedForClientIp(forwardedFor) : void 0;
+}
+function resolveRequestClientIp(req, trustedProxies) {
+	if (!req) return;
+	return resolveGatewayClientIp({
+		remoteAddr: req.socket?.remoteAddress ?? "",
+		forwardedFor: headerValue(req.headers?.["x-forwarded-for"]),
+		realIp: headerValue(req.headers?.["x-real-ip"]),
+		trustedProxies
+	});
+}
+function isLocalDirectRequest(req, trustedProxies) {
+	if (!req) return false;
+	if (!isLoopbackAddress(resolveRequestClientIp(req, trustedProxies) ?? "")) return false;
+	const host = getHostName(req.headers?.host);
+	const hostIsLocal = host === "localhost" || host === "127.0.0.1" || host === "::1";
+	const hostIsTailscaleServe = host.endsWith(".ts.net");
+	const hasForwarded = Boolean(req.headers?.["x-forwarded-for"] || req.headers?.["x-real-ip"] || req.headers?.["x-forwarded-host"]);
+	const remoteIsTrustedProxy = isTrustedProxyAddress(req.socket?.remoteAddress, trustedProxies);
+	return (hostIsLocal || hostIsTailscaleServe) && (!hasForwarded || remoteIsTrustedProxy);
+}
+function getTailscaleUser(req) {
+	if (!req) return null;
+	const login = req.headers["tailscale-user-login"];
+	if (typeof login !== "string" || !login.trim()) return null;
+	const nameRaw = req.headers["tailscale-user-name"];
+	const profilePic = req.headers["tailscale-user-profile-pic"];
+	const name = typeof nameRaw === "string" && nameRaw.trim() ? nameRaw.trim() : login.trim();
+	return {
+		login: login.trim(),
+		name,
+		profilePic: typeof profilePic === "string" && profilePic.trim() ? profilePic.trim() : void 0
+	};
+}
+function hasTailscaleProxyHeaders(req) {
+	if (!req) return false;
+	return Boolean(req.headers["x-forwarded-for"] && req.headers["x-forwarded-proto"] && req.headers["x-forwarded-host"]);
+}
+function isTailscaleProxyRequest(req) {
+	if (!req) return false;
+	return isLoopbackAddress(req.socket?.remoteAddress) && hasTailscaleProxyHeaders(req);
+}
+async function resolveVerifiedTailscaleUser(params) {
+	const { req, tailscaleWhois } = params;
+	const tailscaleUser = getTailscaleUser(req);
+	if (!tailscaleUser) return {
+		ok: false,
+		reason: "tailscale_user_missing"
+	};
+	if (!isTailscaleProxyRequest(req)) return {
+		ok: false,
+		reason: "tailscale_proxy_missing"
+	};
+	const clientIp = resolveTailscaleClientIp(req);
+	if (!clientIp) return {
+		ok: false,
+		reason: "tailscale_whois_failed"
+	};
+	const whois = await tailscaleWhois(clientIp);
+	if (!whois?.login) return {
+		ok: false,
+		reason: "tailscale_whois_failed"
+	};
+	if (normalizeLogin(whois.login) !== normalizeLogin(tailscaleUser.login)) return {
+		ok: false,
+		reason: "tailscale_user_mismatch"
+	};
+	return {
+		ok: true,
+		user: {
+			login: whois.login,
+			name: whois.name ?? tailscaleUser.name,
+			profilePic: tailscaleUser.profilePic
+		}
+	};
+}
+function resolveGatewayAuth(params) {
+	const authConfig = params.authConfig ?? {};
+	const env = params.env ?? process.env;
+	const token = authConfig.token ?? env.OPENCLAW_GATEWAY_TOKEN ?? env.CLAWDBOT_GATEWAY_TOKEN ?? void 0;
+	const password = authConfig.password ?? env.OPENCLAW_GATEWAY_PASSWORD ?? env.CLAWDBOT_GATEWAY_PASSWORD ?? void 0;
+	const mode = authConfig.mode ?? (password ? "password" : "token");
+	return {
+		mode,
+		token,
+		password,
+		allowTailscale: authConfig.allowTailscale ?? (params.tailscaleMode === "serve" && mode !== "password")
+	};
+}
+function assertGatewayAuthConfigured(auth) {
+	if (auth.mode === "token" && !auth.token) {
+		if (auth.allowTailscale) return;
+		throw new Error("gateway auth mode is token, but no token was configured (set gateway.auth.token or OPENCLAW_GATEWAY_TOKEN)");
+	}
+	if (auth.mode === "password" && !auth.password) throw new Error("gateway auth mode is password, but no password was configured");
+}
+async function authorizeGatewayConnect(params) {
+	const { auth, connectAuth, req, trustedProxies } = params;
+	const tailscaleWhois = params.tailscaleWhois ?? readTailscaleWhoisIdentity;
+	const localDirect = isLocalDirectRequest(req, trustedProxies);
+	if (auth.allowTailscale && !localDirect) {
+		const tailscaleCheck = await resolveVerifiedTailscaleUser({
+			req,
+			tailscaleWhois
+		});
+		if (tailscaleCheck.ok) return {
+			ok: true,
+			method: "tailscale",
+			user: tailscaleCheck.user.login
+		};
+	}
+	if (auth.mode === "token") {
+		if (!auth.token) return {
+			ok: false,
+			reason: "token_missing_config"
+		};
+		if (!connectAuth?.token) return {
+			ok: false,
+			reason: "token_missing"
+		};
+		if (!safeEqualSecret(connectAuth.token, auth.token)) return {
+			ok: false,
+			reason: "token_mismatch"
+		};
+		return {
+			ok: true,
+			method: "token"
+		};
+	}
+	if (auth.mode === "password") {
+		const password = connectAuth?.password;
+		if (!auth.password) return {
+			ok: false,
+			reason: "password_missing_config"
+		};
+		if (!password) return {
+			ok: false,
+			reason: "password_missing"
+		};
+		if (!safeEqualSecret(password, auth.password)) return {
+			ok: false,
+			reason: "password_mismatch"
+		};
+		return {
+			ok: true,
+			method: "password"
+		};
+	}
+	return {
+		ok: false,
+		reason: "unauthorized"
+	};
+}
+
+//#endregion
+export { safeEqualSecret as a, enableTailscaleFunnel as c, getTailnetHostname as d, readTailscaleStatusJson as f, resolveGatewayAuth as i, enableTailscaleServe as l, authorizeGatewayConnect as n, disableTailscaleFunnel as o, promptYesNo as p, isLocalDirectRequest as r, disableTailscaleServe as s, assertGatewayAuthConfigured as t, findTailscaleBinary as u };