whitzard-claw 1.0.0

package/dist/webui/server.js

@@ -0,0 +1,876 @@
+#!/usr/bin/env node
+
+import express from 'express';
+import { spawn } from 'child_process';
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+import { fileURLToPath } from 'url';
+
+const HOME_DIR = os.homedir();
+
+// Get dynamic paths based on installation location
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+
+// Determine package directory (works for both development and installed scenarios)
+function getPackageDir() {
+  // Check if we're in dist/webui folder (installed package)
+  const distWebuiIndex = __dirname.lastIndexOf('dist' + path.sep + 'webui');
+  if (distWebuiIndex !== -1) {
+    return __dirname.substring(0, distWebuiIndex);
+  }
+  
+  // Check if we're in a node_modules package (npm install scenario)
+  const nodeModulesIndex = __dirname.lastIndexOf(path.sep + 'node_modules' + path.sep + 'whitzard-claw');
+  if (nodeModulesIndex !== -1) {
+    return __dirname.substring(0, nodeModulesIndex + path.sep + 'node_modules' + path.sep + 'whitzard-claw');
+  }
+  
+  // Development mode: parent is project root
+  return path.resolve(__dirname, '..');
+}
+
+const PORT = process.env.PORT || 12340;
+const PACKAGE_DIR = getPackageDir();
+const SCRIPTS_DIR = path.join(PACKAGE_DIR, 'scripts');
+const IOC_DIR = path.join(PACKAGE_DIR, 'ioc');
+const LOGS_DIR = path.join(PACKAGE_DIR, 'logs');
+const SCAN_SCRIPT = path.join(SCRIPTS_DIR, 'scan.sh');
+const SETTINGS_FILE = path.join(PACKAGE_DIR, '.openclaw_settings.json');
+
+const app = express();
+
+// In-memory storage for scan results
+const scanTasks = new Map();
+const scanResults = new Map();
+let currentScanTaskId = null;
+
+// Settings storage functions
+function loadSettings() {
+  try {
+    if (fs.existsSync(SETTINGS_FILE)) {
+      const data = fs.readFileSync(SETTINGS_FILE, 'utf8');
+      return JSON.parse(data);
+    }
+  } catch (error) {
+    console.error('Error loading settings:', error);
+  }
+  return {};
+}
+
+function saveSettings(settings) {
+  try {
+    fs.writeFileSync(SETTINGS_FILE, JSON.stringify(settings, null, 2), 'utf8');
+    return true;
+  } catch (error) {
+    console.error('Error saving settings:', error);
+    return false;
+  }
+}
+
+function getOpenclawHome() {
+  const settings = loadSettings();
+  // Default to ~/.openclaw in package root
+  return settings.openclawHome || path.join(HOME_DIR, '.openclaw');
+}
+
+// Middleware
+app.use(express.json());
+app.use(express.static(path.join(PACKAGE_DIR, 'webui')));
+
+// Security headers
+app.use((req, res, next) => {
+  res.setHeader('X-Content-Type-Options', 'nosniff');
+  res.setHeader('X-Frame-Options', 'DENY');
+  res.setHeader('X-XSS-Protection', '1; mode=block');
+  next();
+});
+
+// Generate unique task ID
+function generateTaskId() {
+  return `scan_${Date.now()}_${Math.random().toString(36).substring(2, 9)}`;
+}
+
+// Parse scan output line by line
+function parseScanLine(line, currentCategory) {
+  const result = { type: 'unknown', data: {} };
+
+  // Check header: [1/12] Auditing gateway...
+  const headerMatch = line.match(/^\[(\d+)\/(\d+)\]\s+(.+)/);
+  if (headerMatch) {
+    return {
+      type: 'check-start',
+      data: {
+        num: parseInt(headerMatch[1]),
+        total: parseInt(headerMatch[2]),
+        name: headerMatch[3].replace(/\.\.\.$/, '').trim(),
+        category: currentCategory
+      }
+    };
+  }
+
+  // Check result lines
+  if (line.startsWith('CLEAN:')) {
+    return { type: 'check-result', data: { status: 'CLEAN', details: line.substring(6).trim() } };
+  }
+  if (line.startsWith('WARNING:')) {
+    return { type: 'check-result', data: { status: 'WARNING', details: line.substring(8).trim() } };
+  }
+  if (line.startsWith('CRITICAL:')) {
+    return { type: 'check-result', data: { status: 'CRITICAL', details: line.substring(9).trim() } };
+  }
+
+  // Check category start
+  const categoryStartMatch = line.match(/^CATEGORY START:\s*(\w+)\s*\((\d+)\s+checks?\)/i);
+  if (categoryStartMatch) {
+    return {
+      type: 'category-start',
+      data: {
+        name: categoryStartMatch[1],
+        totalChecks: parseInt(categoryStartMatch[2])
+      }
+    };
+  }
+
+  // Check category end
+  const categoryEndMatch = line.match(/^CATEGORY SUMMARY:\s*(\w+)/i);
+  if (categoryEndMatch) {
+    return { type: 'category-end', data: { name: categoryEndMatch[1] } };
+  }
+
+  // Check final summary
+  const summaryMatch = line.match(/SCAN COMPLETE:\s*(\d+)\s*critical,\s*(\d+)\s*warnings?,\s*(\d+)\s*clean/i);
+  if (summaryMatch) {
+    return {
+      type: 'scan-summary',
+      data: {
+        critical: parseInt(summaryMatch[1]),
+        warnings: parseInt(summaryMatch[2]),
+        clean: parseInt(summaryMatch[3])
+      }
+    };
+  }
+
+  // Check status
+  const statusMatch = line.match(/STATUS:\s*(\w+)/i);
+  if (statusMatch) {
+    return { type: 'scan-status', data: { status: statusMatch[1] } };
+  }
+
+  return result;
+}
+
+// Run scan script
+function runScan(taskId) {
+  return new Promise((resolve) => {
+    const openclawHome = getOpenclawHome();
+    const env = {
+      ...process.env,
+      PATH: `${process.env.HOME}/.local/bin:/opt/homebrew/opt/node@22/bin:/opt/homebrew/bin:/usr/local/bin:${process.env.PATH}`,
+      HOME: process.env.HOME,
+      OPENCLAW_HOME: openclawHome
+    };
+
+    console.log(`[SCAN] Using OPENCLAW_HOME: ${openclawHome}`);
+
+    const child = spawn('/bin/bash', [SCAN_SCRIPT], {
+      env,
+      cwd: PACKAGE_DIR,
+      shell: false
+    });
+
+    let outputBuffer = '';
+    let currentCategory = null;
+    let currentCheck = null;
+    const categories = new Map();
+    const checks = [];
+
+    const task = scanTasks.get(taskId);
+    if (!task) {
+      resolve({ success: false, error: 'Task not found' });
+      return;
+    }
+
+    task.process = child;
+    task.startTime = Date.now();
+
+    child.stdout.on('data', (data) => {
+      const lines = data.toString().split('\n');
+      
+      for (const line of lines) {
+        if (!line.trim()) continue;
+        
+        outputBuffer += line + '\n';
+        const parsed = parseScanLine(line, currentCategory);
+
+        switch (parsed.type) {
+          case 'category-start':
+            currentCategory = parsed.data.name;
+            categories.set(currentCategory, {
+              name: parsed.data.name,
+              totalChecks: parsed.data.totalChecks,
+              completedChecks: 0,
+              critical: 0,
+              warnings: 0,
+              clean: 0,
+              checks: []
+            });
+            task.completedChecks = 0;
+            task.currentCategory = currentCategory;
+            broadcastSSE(taskId, 'category-start', parsed.data);
+            break;
+
+          case 'check-start':
+            currentCheck = {
+              num: parsed.data.num,
+              name: parsed.data.name,
+              category: currentCategory,
+              status: 'RUNNING',
+              details: ''
+            };
+            break;
+
+          case 'check-result':
+            if (currentCheck) {
+              // If this is the first result for this check, set status and details
+              if (!currentCheck.status || currentCheck.status === 'RUNNING') {
+                currentCheck.status = parsed.data.status;
+                currentCheck.details = parsed.data.details;
+                currentCheck.allDetails = [parsed.data.details]; // Start collecting all details
+              } else {
+                // Same check has multiple results - merge them
+                // Keep the most severe status (CRITICAL > WARNING > CLEAN)
+                const severityOrder = { 'CRITICAL': 3, 'WARNING': 2, 'CLEAN': 1 };
+                if (severityOrder[parsed.data.status] > severityOrder[currentCheck.status]) {
+                  currentCheck.status = parsed.data.status;
+                }
+                
+                // Add unique details only
+                if (!currentCheck.allDetails.includes(parsed.data.details)) {
+                  currentCheck.allDetails.push(parsed.data.details);
+                }
+                // Update details to show all (joined)
+                currentCheck.details = currentCheck.allDetails.join('\n');
+              }
+              
+              const category = categories.get(currentCategory);
+              if (category) {
+                // Only add to checks array once (on first result)
+                if (!category.checks.find(c => c.num === currentCheck.num)) {
+                  category.checks.push({ ...currentCheck });
+                } else {
+                  // Update existing check with merged details
+                  const existingCheck = category.checks.find(c => c.num === currentCheck.num);
+                  existingCheck.status = currentCheck.status;
+                  existingCheck.details = currentCheck.details;
+                  existingCheck.allDetails = currentCheck.allDetails;
+                }
+                
+                category.completedChecks++;
+                
+                // Update category counters based on final status
+                if (currentCheck.status === 'CLEAN') {
+                  category.clean++;
+                } else if (currentCheck.status === 'WARNING') {
+                  category.warnings++;
+                } else if (currentCheck.status === 'CRITICAL') {
+                  category.critical++;
+                }
+                
+                task.completedChecks++;
+              }
+              
+              // Broadcast update
+              broadcastSSE(taskId, 'check-result', {
+                ...currentCheck,
+                categoryStats: categories.get(currentCategory)
+              });
+              currentCheck = null;
+            }
+            break;
+
+          case 'category-end':
+            broadcastSSE(taskId, 'category-end', categories.get(parsed.data.name));
+            break;
+
+          case 'scan-summary':
+            task.summary = parsed.data;
+            break;
+
+          case 'scan-status':
+            task.status = parsed.data.status;
+            break;
+        }
+      }
+    });
+
+    child.stderr.on('data', (data) => {
+      console.error(`[${taskId}] stderr:`, data.toString());
+    });
+
+    child.on('close', (code) => {
+      task.endTime = Date.now();
+      task.exitCode = code;
+      
+      const result = {
+        taskId,
+        timestamp: new Date(task.startTime).toISOString(),
+        duration: task.endTime - task.startTime,
+        exitCode: code,
+        summary: task.summary || { critical: 0, warnings: 0, clean: 0 },
+        status: task.status || (code === 0 ? 'SECURE' : code === 1 ? 'WARNING' : 'COMPROMISED'),
+        categories: Array.from(categories.values()),
+        checks: checks,
+        rawOutput: outputBuffer
+      };
+
+      scanResults.set(taskId, result);
+      scanTasks.delete(taskId);
+      currentScanTaskId = null;
+
+      broadcastSSE(taskId, 'scan-complete', result);
+      resolve({ success: true, result });
+    });
+
+    child.on('error', (err) => {
+      task.endTime = Date.now();
+      task.status = 'FAILED';
+      task.error = err.message;
+      
+      scanTasks.delete(taskId);
+      currentScanTaskId = null;
+      
+      broadcastSSE(taskId, 'scan-error', { error: err.message });
+      resolve({ success: false, error: err.message });
+    });
+  });
+}
+
+// SSE clients
+const sseClients = new Map();
+
+function broadcastSSE(taskId, event, data) {
+  const clients = sseClients.get(taskId) || [];
+  const message = `event: ${event}\ndata: ${JSON.stringify(data)}\n\n`;
+  
+  clients.forEach(client => {
+    try {
+      client.res.write(message);
+    } catch (e) {
+      // Client disconnected, will be cleaned up
+    }
+  });
+}
+
+// Routes
+
+// Serve index.html
+app.get('/', (req, res) => {
+  res.sendFile(path.join(__dirname, 'index.html'));
+});
+
+// Start scan
+app.post('/api/scan/run', async (req, res) => {
+  if (currentScanTaskId) {
+    return res.status(409).json({ 
+      error: 'Scan already in progress',
+      taskId: currentScanTaskId 
+    });
+  }
+
+  const taskId = generateTaskId();
+  const task = {
+    id: taskId,
+    status: 'STARTING',
+    startTime: null,
+    endTime: null,
+    currentCategory: null,
+    completedChecks: 0,
+    totalChecks: 59, // 12+5+13+3+5+18+3
+    summary: null,
+    process: null
+  };
+
+  scanTasks.set(taskId, task);
+  currentScanTaskId = taskId;
+  sseClients.set(taskId, []);
+
+  res.json({ taskId, status: 'started' });
+
+  // Run scan asynchronously
+  runScan(taskId);
+});
+
+// SSE endpoint
+app.get('/api/scan/sse', (req, res) => {
+  const { taskId } = req.query;
+  
+  if (!taskId || !scanTasks.has(taskId)) {
+    // Allow connecting to completed scans for result retrieval
+    if (!taskId || !scanResults.has(taskId)) {
+      return res.status(404).send('Task not found');
+    }
+  }
+
+  res.setHeader('Content-Type', 'text/event-stream');
+  res.setHeader('Cache-Control', 'no-cache');
+  res.setHeader('Connection', 'keep-alive');
+  res.setHeader('X-Accel-Buffering', 'no');
+
+  // Send initial connection confirmation
+  res.write(`event: connected\ndata: {"taskId":"${taskId || 'latest'}"}\n\n`);
+
+  const client = { res, connectedAt: Date.now() };
+  
+  if (taskId) {
+    if (!sseClients.has(taskId)) {
+      sseClients.set(taskId, []);
+    }
+    sseClients.get(taskId).push(client);
+  }
+
+  // If task is completed, send the result immediately
+  if (taskId && scanResults.has(taskId)) {
+    const result = scanResults.get(taskId);
+    res.write(`event: scan-complete\ndata: ${JSON.stringify(result)}\n\n`);
+  }
+
+  // Cleanup on disconnect
+  req.on('close', () => {
+    if (taskId) {
+      const clients = sseClients.get(taskId);
+      if (clients) {
+        const index = clients.indexOf(client);
+        if (index > -1) clients.splice(index, 1);
+        if (clients.length === 0) {
+          sseClients.delete(taskId);
+        }
+      }
+    }
+  });
+});
+
+// Get scan result
+app.get('/api/scan/:taskId/result', (req, res) => {
+  const { taskId } = req.params;
+  
+  if (scanResults.has(taskId)) {
+    res.json(scanResults.get(taskId));
+  } else if (scanTasks.has(taskId)) {
+    const task = scanTasks.get(taskId);
+    res.json({
+      taskId,
+      status: task.status,
+      currentCategory: task.currentCategory,
+      completedChecks: task.completedChecks,
+      totalChecks: task.totalChecks,
+      progress: Math.round((task.completedChecks / task.totalChecks) * 100)
+    });
+  } else {
+    res.status(404).json({ error: 'Task not found' });
+  }
+});
+
+// Get latest scan result
+app.get('/api/scan/latest', (req, res) => {
+  const latestTaskId = Array.from(scanResults.keys()).pop();
+  
+  if (latestTaskId) {
+    res.json(scanResults.get(latestTaskId));
+  } else {
+    res.json({ error: 'No scans run yet' });
+  }
+});
+
+// Get scan history (last 10 results)
+app.get('/api/scan/history', (req, res) => {
+  const history = Array.from(scanResults.entries())
+    .map(([id, result]) => ({
+      taskId: id,
+      timestamp: result.timestamp,
+      status: result.status,
+      summary: result.summary,
+      duration: result.duration
+    }))
+    .slice(-10)
+    .reverse();
+  
+  res.json(history);
+});
+
+// Cancel running scan
+app.post('/api/scan/:taskId/cancel', (req, res) => {
+  const { taskId } = req.params;
+  
+  if (!scanTasks.has(taskId)) {
+    return res.status(404).json({ error: 'Task not found or already completed' });
+  }
+
+  const task = scanTasks.get(taskId);
+  if (task.process) {
+    task.process.kill('SIGTERM');
+    res.json({ taskId, status: 'cancelled' });
+  } else {
+    res.status(500).json({ error: 'Cannot cancel scan' });
+  }
+});
+
+// Health check
+app.get('/api/health', (req, res) => {
+  res.json({
+    status: 'ok',
+    uptime: process.uptime(),
+    activeScans: scanTasks.size,
+    completedScans: scanResults.size
+  });
+});
+
+// Get scan logs (real-time)
+app.get('/api/scan/logs', (req, res) => {
+  const logFilePath = path.join(LOGS_DIR, 'security-scan.log');
+  
+  if (!fs.existsSync(logFilePath)) {
+    return res.json({ logs: [], exists: false });
+  }
+  
+  try {
+    const content = fs.readFileSync(logFilePath, 'utf8');
+    const lines = content.split('\n').filter(line => line.trim() !== '');
+    res.json({ 
+      logs: lines, 
+      exists: true,
+      lineCount: lines.length
+    });
+  } catch (error) {
+    res.status(500).json({ error: error.message });
+  }
+});
+
+// SSE endpoint for real-time log streaming
+app.get('/api/scan/logs/sse', (req, res) => {
+  const { taskId } = req.query;
+  const logFilePath = path.join(LOGS_DIR, 'security-scan.log');
+  
+  res.setHeader('Content-Type', 'text/event-stream');
+  res.setHeader('Cache-Control', 'no-cache');
+  res.setHeader('Connection', 'keep-alive');
+  res.setHeader('X-Accel-Buffering', 'no');
+  
+  // Send initial connection confirmation
+  res.write(`event: connected\ndata: {"status":"connected"}\n\n`);
+  
+  // Send existing logs if file exists
+  if (fs.existsSync(logFilePath)) {
+    try {
+      const content = fs.readFileSync(logFilePath, 'utf8');
+      const lines = content.split('\n').filter(line => line.trim() !== '');
+      res.write(`event: logs\ndata: ${JSON.stringify({ logs: lines })}\n\n`);
+    } catch (e) {
+      console.error('Error reading log file:', e);
+    }
+  }
+  
+  // Watch file for changes if there's an active scan
+  let fsWatcher = null;
+  let lastSize = 0;
+  
+  if (fs.existsSync(logFilePath)) {
+    const stats = fs.statSync(logFilePath);
+    lastSize = stats.size;
+  }
+  
+  const pollInterval = setInterval(() => {
+    if (!fs.existsSync(logFilePath)) {
+      return;
+    }
+    
+    try {
+      const stats = fs.statSync(logFilePath);
+      
+      if (stats.size > lastSize) {
+        // File has grown, read new content
+        const buffer = Buffer.alloc(stats.size - lastSize);
+        const fd = fs.openSync(logFilePath, 'r');
+        fs.readSync(fd, buffer, 0, buffer.length, lastSize);
+        fs.closeSync(fd);
+        
+        const newContent = buffer.toString('utf8');
+        const newLines = newContent.split('\n').filter(line => line.trim() !== '');
+        
+        if (newLines.length > 0) {
+          res.write(`event: new-logs\ndata: ${JSON.stringify({ logs: newLines })}\n\n`);
+        }
+        
+        lastSize = stats.size;
+      }
+    } catch (e) {
+      console.error('Error polling log file:', e);
+    }
+  }, 500); // Poll every 500ms
+  
+  // Cleanup on disconnect
+  req.on('close', () => {
+    clearInterval(pollInterval);
+    if (fsWatcher) {
+      fsWatcher.close();
+    }
+  });
+});
+
+// Clear logs endpoint (called before starting a new scan)
+app.post('/api/scan/logs/clear', (req, res) => {
+  const logFilePath = path.join(LOGS_DIR, 'security-scan.log');
+  
+  try {
+    // Ensure logs directory exists
+    if (!fs.existsSync(LOGS_DIR)) {
+      fs.mkdirSync(LOGS_DIR, { recursive: true });
+    }
+    
+    // Clear or create the log file
+    fs.writeFileSync(logFilePath, '');
+    res.json({ success: true, message: 'Logs cleared' });
+  } catch (error) {
+    res.status(500).json({ error: error.message });
+  }
+});
+
+// ============ SETTINGS APIs ============
+
+// Get OPENCLAW_HOME setting
+app.get('/api/settings/openclaw_home', (req, res) => {
+  const value = getOpenclawHome();
+  res.json({ value });
+});
+
+// Save OPENCLAW_HOME setting
+app.post('/api/settings/openclaw_home', (req, res) => {
+  const { value } = req.body;
+  
+  if (typeof value !== 'string') {
+    return res.status(400).json({ error: 'Value must be a string' });
+  }
+  
+  const settings = loadSettings();
+  settings.openclawHome = value;
+  
+  if (saveSettings(settings)) {
+    res.json({ success: true, value });
+  } else {
+    res.status(500).json({ error: 'Failed to save settings' });
+  }
+});
+
+// ============ REMEDIATION APIs ============
+
+// Find repair script path
+function findRepairScript(category, checkNum) {
+  const categoryDir = path.join(SCRIPTS_DIR, 'repair', category.toLowerCase());
+  const scriptPath = path.join(categoryDir, `check_${checkNum}.sh`);
+  
+  if (fs.existsSync(scriptPath)) {
+    return scriptPath;
+  }
+  return null;
+}
+
+// Parse repair script output
+function parseRepairOutput(output) {
+  const result = {
+    guidance: '',
+    autoFixAvailable: false,
+    skills: []
+  };
+  
+  // Extract guidance (everything before auto-fix marker)
+  const autoFixIndex = output.indexOf('auto-fix\n');
+  if (autoFixIndex !== -1) {
+    result.guidance = output.substring(0, autoFixIndex).trim();
+    result.autoFixAvailable = true;
+    
+    // Extract skill names (lines after auto-fix marker)
+    const skillsSection = output.substring(autoFixIndex + 9).trim(); // 'auto-fix\n' is 9 characters
+    if (skillsSection.length > 0) {
+      result.skills = skillsSection.split('\n')
+        .map(s => s.trim())
+        .filter(s => s.length > 0 && !s.startsWith('auto-fix')); // Filter out empty lines and duplicate markers
+    }
+  } else {
+    result.guidance = output.trim();
+  }
+  
+  return result;
+}
+
+// Get remediation guidance for a specific check
+app.post('/api/remediate/guidance', async (req, res) => {
+  const { category, checkNum } = req.body;
+  
+  if (!category || !checkNum) {
+    return res.status(400).json({ error: 'Missing category or checkNum' });
+  }
+  
+  const scriptPath = findRepairScript(category, checkNum);
+  if (!scriptPath) {
+    return res.status(404).json({ error: 'Repair script not found' });
+  }
+  
+  try {
+    const openclawHome = getOpenclawHome();
+    const env = {
+      ...process.env,
+      PATH: `${process.env.HOME}/.local/bin:/opt/homebrew/opt/node@22/bin:/opt/homebrew/bin:/usr/local/bin:${process.env.PATH}`,
+      HOME: process.env.HOME,
+      OPENCLAW_HOME: openclawHome
+    };
+    
+    console.log(`[REMEDIATE] Using OPENCLAW_HOME: ${openclawHome}`);
+    
+    const scriptResult = await new Promise((resolve, reject) => {
+      let stdout = '';
+      let stderr = '';
+      
+      const child = spawn('/bin/bash', [scriptPath], {
+        env,
+        cwd: PACKAGE_DIR,
+        shell: false
+      });
+      
+      child.stdout.on('data', (data) => {
+        stdout += data.toString();
+      });
+      
+      child.stderr.on('data', (data) => {
+        stderr += data.toString();
+      });
+      
+      child.on('close', (code) => {
+        resolve({ exitCode: code, stdout, stderr });
+      });
+      
+      child.on('error', reject);
+    });
+    
+    const parsed = parseRepairOutput(scriptResult.stdout);
+    
+    // Determine fix type:
+    // - hasAutoFix: true if auto-fix available AND has skills to select (user needs to choose)
+    // - directFix: true if auto-fix available but NO skills (can fix directly)
+    res.json({
+      category,
+      checkNum,
+      ...parsed,
+      hasAutoFix: parsed.autoFixAvailable && parsed.skills.length > 0,
+      directFix: parsed.autoFixAvailable && parsed.skills.length === 0
+    });
+  } catch (error) {
+    res.status(500).json({ error: error.message });
+  }
+});
+
+// Execute auto-fix for a specific skill
+app.post('/api/remediate/execute', async (req, res) => {
+  const { category, checkNum, skillName } = req.body;
+  
+  if (!category || !checkNum) {
+    return res.status(400).json({ error: 'Missing required parameters' });
+  }
+  
+  const scriptPath = findRepairScript(category, checkNum);
+  if (!scriptPath) {
+    return res.status(404).json({ error: 'Repair script not found' });
+  }
+  
+  try {
+    const openclawHome = getOpenclawHome();
+    console.log(`[AUTO-FIX] Executing repair script: ${scriptPath}`);
+    console.log(`[AUTO-FIX] Parameters: category=${category}, checkNum=${checkNum}, skillName=${skillName}`);
+    console.log(`[AUTO-FIX] Using OPENCLAW_HOME: ${openclawHome}`);
+    
+    const env = {
+      ...process.env,
+      PATH: `${process.env.HOME}/.local/bin:/opt/homebrew/opt/node@22/bin:/opt/homebrew/bin:/usr/local/bin:${process.env.PATH}`,
+      HOME: process.env.HOME,
+      OPENCLAW_HOME: openclawHome,
+      AUTO_FIX: '1'
+    };
+    
+    // Set SKILL_NAME only if provided (not null/undefined/empty)
+    // skillName=null means direct fix without specific skill name
+    if (skillName && skillName !== 'auto' && skillName !== 'null') {
+      env.SKILL_NAME = skillName;
+      console.log(`[AUTO-FIX] Setting SKILL_NAME=${skillName}`);
+    } else {
+      console.log(`[AUTO-FIX] No SKILL_NAME set (direct fix mode)`);
+    }
+    
+    const result = await new Promise((resolve, reject) => {
+      let stdout = '';
+      let stderr = '';
+      
+      const child = spawn('/bin/bash', [scriptPath], {
+        env,
+        cwd: PACKAGE_DIR,
+        shell: false
+      });
+      
+      child.stdout.on('data', (data) => {
+        const text = data.toString();
+        stdout += text;
+        console.log(`[AUTO-FIX STDOUT] ${text.trim()}`);
+      });
+      
+      child.stderr.on('data', (data) => {
+        const text = data.toString();
+        stderr += text;
+        console.error(`[AUTO-FIX STDERR] ${text.trim()}`);
+      });
+      
+      child.on('close', (code) => {
+        console.log(`[AUTO-FIX] Script closed with exit code: ${code}`);
+        resolve({ exitCode: code, stdout, stderr });
+      });
+      
+      child.on('error', (err) => {
+        console.error(`[AUTO-FIX ERROR] Spawn error: ${err.message}`);
+        reject(err);
+      });
+    });
+    
+    // Check for errors in stderr or non-zero exit code
+    if (result.exitCode !== 0) {
+      console.error(`[AUTO-FIX] Failed with exit code ${result.exitCode}`);
+      console.error(`[AUTO-FIX] stderr: ${result.stderr}`);
+      return res.status(500).json({ 
+        success: false,
+        error: `Script exited with code ${result.exitCode}: ${result.stderr}`
+      });
+    }
+    
+    console.log(`[AUTO-FIX] Success! stdout: ${result.stdout}`);
+    
+    res.json({
+      success: true,
+      skillName: skillName || 'direct-fix',
+      output: result.stdout,
+      stderr: result.stderr,
+      exitCode: result.exitCode,
+      message: skillName 
+        ? `Skill '${skillName}' has been removed successfully`
+        : 'Fix applied successfully'
+    });
+  } catch (error) {
+    console.error(`[AUTO-FIX ERROR] ${error.message}`);
+    res.status(500).json({ 
+      success: false,
+      error: error.message 
+    });
+  }
+});
+
+// Start server
+app.listen(PORT, '0.0.0.0', () => {
+  console.log(`🛡️  Whitzard-Claw Web UI running at http://localhost:${PORT}`);
+  console.log(`   Press Ctrl+C to stop`);
+});