opencami 1.8.2 → 1.8.5

package/README.md

@@ -1,7 +1,5 @@
 # OpenCami 🦎
 
-**Version 1.7.0**
-
 A beautiful web client for [OpenClaw](https://github.com/openclaw/openclaw).
 
 [![npm](https://img.shields.io/npm/v/opencami)](https://www.npmjs.com/package/opencami)
@@ -9,37 +7,164 @@ A beautiful web client for [OpenClaw](https://github.com/openclaw/openclaw).
 
 ![OpenCami Chat Interface](docs/screenshots/opencami-chat.jpg)
 
-## Quick Start
+## Install
+
+### Option 1 (recommended)
 
 ```bash
 curl -fsSL https://opencami.xyz/install.sh | bash
 ```
 
-Or via npm:
+### Option 2
 
 ```bash
 npm install -g opencami
-opencami
 ```
 
-Opens your browser to the chat interface.
+## Run
+
+### ✅ Recommended (OpenCami runs on the same machine as the OpenClaw Gateway)
+
+```bash
+opencami --gateway ws://127.0.0.1:18789 --token <GATEWAY_TOKEN>
+```
+
+Then open: `http://localhost:3000`
+
+### 🌐 Remote access over Tailscale (keep Gateway local)
+
+This is the safest setup: **Gateway stays on loopback**, you access **OpenCami** via `https://<magicdns>:<port>`.
+
+1) In OpenClaw, allowlist the exact OpenCami URL (**no trailing slash**):
+
+```json5
+{
+  "gateway": {
+    "controlUI": {
+      "allowedOrigins": ["https://<magicdns>:3001"]
+    }
+  }
+}
+```
+
+2) Restart the gateway:
+
+```bash
+openclaw gateway restart
+```
+
+3) Start OpenCami with the same origin:
+
+```bash
+opencami \
+  --gateway ws://127.0.0.1:18789 \
+  --token <GATEWAY_TOKEN> \
+  --origin https://<magicdns>:3001
+```
+
+> ⚠️ Note: `--gateway` must be `ws://` or `wss://` (not `https://`).
+
+## CLI options
+
+```text
+opencami [--port <n>] [--host <addr>] [--gateway <ws(s)://...>] [--token <token>] [--password <pw>] [--origin <url>] [--no-open]
+
+--port <n>        Port to listen on (default: 3000)
+--host <addr>     Host to bind to (default: 127.0.0.1)
+--gateway <url>   OpenClaw gateway WS URL (default: ws://127.0.0.1:18789)
+--token <token>   Gateway token (sets CLAWDBOT_GATEWAY_TOKEN)
+--password <pw>   Gateway password (sets CLAWDBOT_GATEWAY_PASSWORD)
+--origin <url>    Origin header for backend WS (sets OPENCAMI_ORIGIN)
+--no-open         Don't open browser on start
+-h, --help        Show help
+```
+
+## Configuration
+
+You can also set env vars instead of flags:
+
+```bash
+CLAWDBOT_GATEWAY_URL=ws://127.0.0.1:18789
+CLAWDBOT_GATEWAY_TOKEN=...
+OPENCAMI_ORIGIN=https://<magicdns>:3001   # only needed for remote HTTPS
+```
+
+## Troubleshooting (quick)
+
+- **"origin not allowed"** → add the exact URL to `gateway.controlUI.allowedOrigins` *and* pass the same value as `--origin` / `OPENCAMI_ORIGIN` (exact match, no trailing `/`).
+- **Pairing required** → approve the device in OpenClaw (`openclaw devices list/approve`).
+- **Fallback (only if needed):** `OPENCAMI_DEVICE_AUTH_FALLBACK=1`
+
+---
+
+## Security notes
+
+- Prefer `wss://` for remote connections.
+- Prefer token auth (`CLAWDBOT_GATEWAY_TOKEN`) over password.
+- Keep `allowedOrigins` minimal (exact origins only, no wildcards).
+- Treat `OPENCAMI_DEVICE_AUTH_FALLBACK=true` as temporary compatibility mode.
+- Do **not** expose OpenCami directly to the public internet without TLS + access controls.
+- For Tailnet deployments, limit Tailnet device/user access.
+
+---
+
+## Troubleshooting
 
-### Options
+### "origin not allowed"
 
-| Flag | Description | Default |
-|------|-------------|---------|
-| `--port` | Port to serve on | `3000` |
-| `--gateway` | OpenClaw gateway URL | `ws://127.0.0.1:18789` |
-| `--host` | Bind address | `localhost` |
-| `--no-open` | Don't open browser | — |
+Cause: gateway rejected browser origin.
 
-### Docker
+Fix:
+1. Add origin to `gateway.controlUI.allowedOrigins` (exact match, no trailing `/`)
+2. Set identical `OPENCAMI_ORIGIN` (or `--origin`) in OpenCami
+3. Restart gateway (`openclaw gateway restart`)
+
+### Missing scope `operator.admin`
+
+Cause: gateway auth succeeded but the device was paired with insufficient scopes.
+
+Fix (v1.8.5+): delete the device identity and let OpenCami re-pair automatically:
+
+```bash
+rm ~/.opencami/identity/device.json
+# then restart OpenCami — it will re-pair with full scopes
+```
+
+### Pairing required / device pending approval
+
+On first connect, OpenCami registers itself as a device on the gateway. Starting with v1.8.5, this happens automatically with full scopes (`operator.admin`, `operator.approvals`, `operator.pairing`) — no manual config required.
+
+If you see a "device pending" error:
+```bash
+openclaw devices list    # find the pending device
+openclaw devices approve <deviceId>
+```
+
+After approval, OpenCami reconnects and stores a `deviceToken` for future sessions (no shared token needed).
+
+### Can’t connect to gateway at all
+
+Checks:
+
+```bash
+openclaw gateway status
+echo "$CLAWDBOT_GATEWAY_URL"
+echo "$CLAWDBOT_GATEWAY_TOKEN"
+```
+
+Also verify URL scheme (`ws://` local, `wss://` remote).
+
+---
+
+## Docker
 
 ```bash
 docker build -t opencami .
 docker run -p 3000:3000 opencami
 ```
 
+---
+
 ## Features
 
 ### 💬 Chat & Communication

package/bin/opencami.js

@@ -18,6 +18,9 @@ function getArg(name, def) {
 const port = parseInt(getArg('port', '3000'), 10);
 const host = getArg('host', '127.0.0.1');
 const gateway = getArg('gateway', 'ws://127.0.0.1:18789');
+const token = getArg('token', '');
+const password = getArg('password', '');
+const origin = getArg('origin', '');
 const noOpen = args.includes('--no-open');
 
 if (args.includes('--help') || args.includes('-h')) {
@@ -27,17 +30,23 @@ if (args.includes('--help') || args.includes('-h')) {
   Usage: opencami [options]
 
   Options:
-    --port <n>       Port to listen on (default: 3000)
-    --host <addr>    Host to bind to (default: 127.0.0.1)
-    --gateway <url>  OpenClaw gateway URL (default: ws://127.0.0.1:18789)
-    --no-open        Don't open browser on start
-    -h, --help       Show this help
+    --port <n>        Port to listen on (default: 3000)
+    --host <addr>     Host to bind to (default: 127.0.0.1)
+    --gateway <url>   OpenClaw gateway URL (default: ws://127.0.0.1:18789)
+    --token <token>   Gateway token (sets CLAWDBOT_GATEWAY_TOKEN)
+    --password <pw>   Gateway password (sets CLAWDBOT_GATEWAY_PASSWORD)
+    --origin <url>    Origin to send in backend WS (sets OPENCAMI_ORIGIN)
+    --no-open         Don't open browser on start
+    -h, --help        Show this help
 `);
   process.exit(0);
 }
 
 // Set gateway env for the app
-process.env.OPENCLAW_GATEWAY = gateway;
+process.env.CLAWDBOT_GATEWAY_URL = gateway;
+if (token) process.env.CLAWDBOT_GATEWAY_TOKEN = token;
+if (password) process.env.CLAWDBOT_GATEWAY_PASSWORD = password;
+if (origin) process.env.OPENCAMI_ORIGIN = origin;
 
 const MIME_TYPES = {
   '.html': 'text/html',

package/dist/client/assets/{CSPContext-DeJH85nm.js → CSPContext-6t3O1emU.js}

@@ -1 +1 @@
-import{r as t}from"./main-CgwdHc9W.js";const e=t.createContext(void 0),o={disableStyleElements:!1};function s(){return t.useContext(e)??o}export{s as u};
+import{r as t}from"./main-Dq6jpr6-.js";const e=t.createContext(void 0),o={disableStyleElements:!1};function s(){return t.useContext(e)??o}export{s as u};

package/dist/client/assets/{DirectionContext-CxhRpXkm.js → DirectionContext-C6goXEY_.js}

@@ -1 +1 @@
-import{r as l}from"./main-CgwdHc9W.js";const E=["top","right","bottom","left"],p=Math.min,h=Math.max,L=Math.round,k=Math.floor,q=t=>({x:t,y:t}),x={left:"right",right:"left",bottom:"top",top:"bottom"},d={start:"end",end:"start"};function R(t,e,n){return h(t,p(e,n))}function T(t,e){return typeof t=="function"?t(e):t}function m(t){return t.split("-")[0]}function g(t){return t.split("-")[1]}function b(t){return t==="x"?"y":"x"}function A(t){return t==="y"?"height":"width"}const P=new Set(["top","bottom"]);function y(t){return P.has(m(t))?"y":"x"}function M(t){return b(y(t))}function v(t,e,n){n===void 0&&(n=!1);const s=g(t),i=M(t),o=A(i);let r=i==="x"?s===(n?"end":"start")?"right":"left":s==="start"?"bottom":"top";return e.reference[o]>e.floating[o]&&(r=a(r)),[r,a(r)]}function z(t){const e=a(t);return[c(t),e,c(e)]}function c(t){return t.replace(/start|end/g,e=>d[e])}const u=["left","right"],f=["right","left"],O=["top","bottom"],S=["bottom","top"];function C(t,e,n){switch(t){case"top":case"bottom":return n?e?f:u:e?u:f;case"left":case"right":return e?O:S;default:return[]}}function B(t,e,n,s){const i=g(t);let o=C(m(t),n==="start",s);return i&&(o=o.map(r=>r+"-"+i),e&&(o=o.concat(o.map(c)))),o}function a(t){return t.replace(/left|right|bottom|top/g,e=>x[e])}function w(t){return{top:0,right:0,bottom:0,left:0,...t}}function F(t){return typeof t!="number"?w(t):{top:t,right:t,bottom:t,left:t}}function G(t){const{x:e,y:n,width:s,height:i}=t;return{width:s,height:i,top:n,left:e,right:e+s,bottom:n+i,x:e,y:n}}const j=l.createContext(void 0);function H(){return l.useContext(j)?.direction??"ltr"}export{y as a,a as b,z as c,B as d,T as e,k as f,m as g,v as h,g as i,h as j,M as k,F as l,p as m,G as n,A as o,R as p,b as q,L as r,E as s,q as t,H as u};
+import{r as l}from"./main-Dq6jpr6-.js";const E=["top","right","bottom","left"],p=Math.min,h=Math.max,L=Math.round,k=Math.floor,q=t=>({x:t,y:t}),x={left:"right",right:"left",bottom:"top",top:"bottom"},d={start:"end",end:"start"};function R(t,e,n){return h(t,p(e,n))}function T(t,e){return typeof t=="function"?t(e):t}function m(t){return t.split("-")[0]}function g(t){return t.split("-")[1]}function b(t){return t==="x"?"y":"x"}function A(t){return t==="y"?"height":"width"}const P=new Set(["top","bottom"]);function y(t){return P.has(m(t))?"y":"x"}function M(t){return b(y(t))}function v(t,e,n){n===void 0&&(n=!1);const s=g(t),i=M(t),o=A(i);let r=i==="x"?s===(n?"end":"start")?"right":"left":s==="start"?"bottom":"top";return e.reference[o]>e.floating[o]&&(r=a(r)),[r,a(r)]}function z(t){const e=a(t);return[c(t),e,c(e)]}function c(t){return t.replace(/start|end/g,e=>d[e])}const u=["left","right"],f=["right","left"],O=["top","bottom"],S=["bottom","top"];function C(t,e,n){switch(t){case"top":case"bottom":return n?e?f:u:e?u:f;case"left":case"right":return e?O:S;default:return[]}}function B(t,e,n,s){const i=g(t);let o=C(m(t),n==="start",s);return i&&(o=o.map(r=>r+"-"+i),e&&(o=o.concat(o.map(c)))),o}function a(t){return t.replace(/left|right|bottom|top/g,e=>x[e])}function w(t){return{top:0,right:0,bottom:0,left:0,...t}}function F(t){return typeof t!="number"?w(t):{top:t,right:t,bottom:t,left:t}}function G(t){const{x:e,y:n,width:s,height:i}=t;return{width:s,height:i,top:n,left:e,right:e+s,bottom:n+i,x:e,y:n}}const j=l.createContext(void 0);function H(){return l.useContext(j)?.direction??"ltr"}export{y as a,a as b,z as c,B as d,T as e,k as f,m as g,v as h,g as i,h as j,M as k,F as l,p as m,G as n,A as o,R as p,b as q,L as r,E as s,q as t,H as u};