Hugging Face's logo

Spaces:
GGSheng
/
ai
Running

App Files Community
ai / scripts /bootstrap-hf.sh
GGSheng's picture
GGSheng
feat: deploy Gemma 4 to hf space
17e971c verified
raw
history blame
35.6 kB
#!/usr/bin/env bash
set -euo pipefail
SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)"
REPO_ROOT="$(cd -- "$SCRIPT_DIR/.." && pwd)"
HF_TOKEN_FILE="${HF_TOKEN_FILE:-$HOME/.cache/huggingface/token}"
RESTORE_HF_LOGIN_REQUIRED=0
RESTORE_HF_LOGIN_TOKEN=""
RESTORE_HF_LOGIN_USERNAME=""
trim() {
 printf '%s' "$1" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//'
}
info() {
 printf '%s\n' "$*"
}
warn() {
 printf 'warning: %s\n' "$*" >&2
}
error() {
 printf 'error: %s\n' "$*" >&2
}
die() {
 error "$1"
 exit 1
}
prompt_line() {
 local prompt="$1"
 local default_value="${2:-}"
 local value=""
if [[ -n "$default_value" ]]; then
 read -r -p "$prompt [$default_value]: " value || true
 else
 read -r -p "$prompt: " value || true
 fi
value="$(trim "${value:-}")"
 if [[ -z "$value" ]]; then
 value="$default_value"
 fi
 printf '%s' "$value"
}
prompt_required() {
 local prompt="$1"
 local default_value="${2:-}"
 local value=""
while [[ -z "$value" ]]; do
 value="$(prompt_line "$prompt" "$default_value")"
 value="$(trim "$value")"
 if [[ -z "$value" ]]; then
 printf 'This value is required.\n' >&2
 fi
 done
 printf '%s' "$value"
}
prompt_secret_optional() {
 local prompt="$1"
 local value=""
 local char=""
if [[ -t 0 && -t 1 ]]; then
 printf '%s: ' "$prompt" >&2
 while IFS= read -r -s -n 1 char; do
 if [[ -z "$char" ]]; then
 break
 fi
 case "$char" in
 $'\177'|$'\b')
 if [[ -n "$value" ]]; then
 value="${value%?}"
 printf '\b \b' >&2
 fi
 ;;
 *)
 value+="$char"
 printf '*' >&2
 ;;
 esac
 done
 printf '\n' >&2
 else
 read -r -p "$prompt: " value || true
 fi
 printf '%s' "$(trim "${value:-}")"
}
prompt_secret_required() {
 local prompt="$1"
 local value=""
while [[ -z "$value" ]]; do
 value="$(prompt_secret_optional "$prompt")"
 value="$(trim "$value")"
 if [[ -z "$value" ]]; then
 printf 'This value is required.\n' >&2
 fi
 done
 printf '%s' "$value"
}
prompt_yes_no() {
 local prompt="$1"
 local default_value="${2:-n}"
 local answer=""
 local hint="[y/N]"
if [[ "$default_value" == "y" ]]; then
 hint="[Y/n]"
 fi
while true; do
 read -r -p "$prompt $hint: " answer || true
 answer="$(trim "${answer:-}")"
 answer="$(printf '%s' "$answer" | tr '[:upper:]' '[:lower:]')"
 if [[ -z "$answer" ]]; then
 answer="$default_value"
 fi
case "$answer" in
 y|yes)
 printf 'yes'
 return 0
 ;;
 n|no)
 printf 'no'
 return 0
 ;;
 *)
 printf 'Please enter y or n.\n' >&2
 ;;
 esac
 done
}
login_with_hf_token() {
 local token="$1"
hf auth login --token "$token" >/dev/null 2>&1 || die "hf auth login with token failed."
}
restore_previous_hf_login_if_needed() {
 if [[ "$RESTORE_HF_LOGIN_REQUIRED" -ne 1 ]]; then
 return 0
 fi
 if [[ -z "$RESTORE_HF_LOGIN_TOKEN" ]]; then
 error "Skip restoring previous HF login because backup token is empty."
 RESTORE_HF_LOGIN_REQUIRED=0
 return 0
 fi
local display_user="${RESTORE_HF_LOGIN_USERNAME:-unknown}"
 info "Restoring previous HF login for user: $display_user"
 if hf auth login --token "$RESTORE_HF_LOGIN_TOKEN" >/dev/null 2>&1; then
 info "Previous HF login restored."
 else
 error "Failed to restore previous HF login. Please run: hf auth login"
 fi
RESTORE_HF_LOGIN_REQUIRED=0
}
ensure_git() {
 command -v git >/dev/null 2>&1 || die "git is required. Please install git first."
}
ensure_hf_cli() {
 local os_name
if command -v hf >/dev/null 2>&1; then
 return 0
 fi
os_name="$(uname -s)"
 case "$os_name" in
 Darwin|Linux)
 info "hf CLI not found. Installing via https://hf.co/cli/install.sh ..."
 curl -LsSf https://hf.co/cli/install.sh | bash
 ;;
 *)
 die "hf CLI not found. For Windows use: powershell -ExecutionPolicy ByPass -c \"irm https://hf.co/cli/install.ps1 | iex\""
 ;;
 esac
if [[ -d "$HOME/.local/bin" ]]; then
 PATH="$HOME/.local/bin:$PATH"
 fi
command -v hf >/dev/null 2>&1 || die "hf CLI install failed. Please install manually and rerun."
}
# Uses uv run if available, falls back to python3
python_run() {
 if command -v uv >/dev/null 2>&1 && [[ -f "pyproject.toml" || -f "uv.lock" ]]; then
 uv run python "$@"
 else
 python3 "$@"
 fi
}
ensure_huggingface_hub_py() {
 python_run -c "import huggingface_hub" >/dev/null 2>&1 || die "python3 package 'huggingface_hub' is required. Install with: uv pip install 'huggingface_hub[cli]' or python3 -m pip install --user 'huggingface_hub[cli]'"
}
resolve_latest_openclaw_version() {
 local version
 version="$(
 python_run - <<'PY' 2>/dev/null || true
import json
import urllib.request
url = "https://registry.npmjs.org/openclaw/latest"
try:
 with urllib.request.urlopen(url, timeout=8) as response:
 payload = response.read().decode("utf-8", errors="replace")
 data = json.loads(payload)
 version = str(data.get("version", "")).strip()
 if version:
 print(version)
except Exception:
 pass
PY
 )"
 version="$(trim "$version")"
 if [[ -z "$version" ]]; then
 version="latest"
 fi
 printf '%s' "$version"
}
read_current_hf_token() {
 if [[ -n "${HUGGINGFACE_HUB_TOKEN:-}" ]]; then
 printf '%s' "${HUGGINGFACE_HUB_TOKEN}" | tr -d '\r\n'
 return 0
 fi
 if [[ -n "${HF_TOKEN:-}" ]]; then
 printf '%s' "${HF_TOKEN}" | tr -d '\r\n'
 return 0
 fi
 if [[ -f "$HF_TOKEN_FILE" ]]; then
 head -n 1 "$HF_TOKEN_FILE" | tr -d '\r\n'
 return 0
 fi
 printf ''
}
get_hf_username() {
 local whoami_output
 local username
 local token_from_cache
whoami_output="$(hf auth whoami 2>&1 || true)"
 username="$(printf '%s\n' "$whoami_output" | sed -nE 's/^[[:space:]]*user:[[:space:]]*([^[:space:]]+).*$/\1/p' | head -n 1)"
 if [[ -z "$username" ]]; then
 username="$(printf '%s\n' "$whoami_output" | sed -nE 's/.*[Ll]ogged in as[[:space:]]+([^[:space:]]+).*$/\1/p' | head -n 1)"
 fi
 if [[ -z "$username" ]]; then
 token_from_cache="$(read_current_hf_token)"
 if [[ -n "$token_from_cache" ]]; then
 username="$(
 HF_API_TOKEN="$token_from_cache" python_run - <<'PY' 2>/dev/null || true
from huggingface_hub import HfApi
import os
token = (os.environ.get("HF_API_TOKEN") or "").strip() or None
api = HfApi(token=token)
data = api.whoami(token=token)
name = data.get("name", "") if isinstance(data, dict) else ""
print((name or "").strip())
PY
 )"
 fi
 fi
 username="$(printf '%s' "$username" | tr -d '\r\n')"
 printf '%s' "$username"
}
set_space_variable() {
 local space_repo_id="$1"
 local key="$2"
 local value="$3"
 local api_token="$4"
SPACE_REPO_ID="$space_repo_id" \
 SPACE_VARIABLE_KEY="$key" \
 SPACE_VARIABLE_VALUE="$value" \
 HF_API_TOKEN="$api_token" \
 python_run - <<'PY'
from huggingface_hub import HfApi
import os
token = (os.environ.get("HF_API_TOKEN") or "").strip() or None
api = HfApi(token=token)
try:
 api.add_space_variable(
 repo_id=os.environ["SPACE_REPO_ID"],
 key=os.environ["SPACE_VARIABLE_KEY"],
 value=os.environ["SPACE_VARIABLE_VALUE"],
 )
except Exception as exc:
 key = os.environ.get("SPACE_VARIABLE_KEY", "")
 repo_id = os.environ.get("SPACE_REPO_ID", "")
 raise SystemExit(f"failed to set space variable {key} on {repo_id}: {exc}")
PY
}
set_space_secret() {
 local space_repo_id="$1"
 local key="$2"
 local value="$3"
 local api_token="$4"
SPACE_REPO_ID="$space_repo_id" \
 SPACE_SECRET_KEY="$key" \
 SPACE_SECRET_VALUE="$value" \
 HF_API_TOKEN="$api_token" \
 python_run - <<'PY'
from huggingface_hub import HfApi
import os
token = (os.environ.get("HF_API_TOKEN") or "").strip() or None
api = HfApi(token=token)
try:
 api.add_space_secret(
 repo_id=os.environ["SPACE_REPO_ID"],
 key=os.environ["SPACE_SECRET_KEY"],
 value=os.environ["SPACE_SECRET_VALUE"],
 )
except Exception as exc:
 key = os.environ.get("SPACE_SECRET_KEY", "")
 repo_id = os.environ.get("SPACE_REPO_ID", "")
 raise SystemExit(f"failed to set space secret {key} on {repo_id}: {exc}")
PY
}
restart_space() {
 local space_repo_id="$1"
 local api_token="$2"
SPACE_RESTART_REPO_ID="$space_repo_id" \
 HF_API_TOKEN="$api_token" \
 python_run - <<'PY'
from huggingface_hub import HfApi
import os
token = (os.environ.get("HF_API_TOKEN") or "").strip() or None
api = HfApi(token=token)
try:
 api.restart_space(repo_id=os.environ["SPACE_RESTART_REPO_ID"])
except Exception as exc:
 repo_id = os.environ.get("SPACE_RESTART_REPO_ID", "")
 raise SystemExit(f"failed to restart space {repo_id}: {exc}")
PY
}
update_readme_title() {
 local new_title="$1"
 local readme_file="$REPO_ROOT/README.md"
 local temp_file
if [[ ! -f "$readme_file" ]]; then
 return 0
 fi
temp_file="$(mktemp)"
 if sed "s/^title:.*/title: $new_title/" "$readme_file" > "$temp_file"; then
 mv "$temp_file" "$readme_file"
 else
 rm -f "$temp_file"
 fi
}
restore_readme_title() {
 local readme_file="$REPO_ROOT/README.md"
 local original_title="$1"
 local temp_file
if [[ ! -f "$readme_file" ]]; then
 return 0
 fi
temp_file="$(mktemp)"
 if sed "s/^title:.*/title: $original_title/" "$readme_file" > "$temp_file"; then
 mv "$temp_file" "$readme_file"
 else
 rm -f "$temp_file"
 fi
}
main() {
 local hf_username
 local use_current_hf_user
 local current_hf_username
 local switch_hf_token
 local space_name
 local dataset_name
 local space_repo_id
 local dataset_repo_id
 local default_openclaw_version
 local openclaw_version
 local gateway_token
 local gateway_password
 local generated_gateway_token=0
 local generated_gateway_password=0
 local hf_token_for_backup
 local configure_llm
 local llm_base_url=""
 local llm_model=""
 local llm_api_key=""
 local enable_sshx="no"
 local sshx_auto_start_value="false"
 local bt_panel_port="7860"
 local bt_panel_username="btadmin"
 local bt_panel_password=""
 local generated_bt_panel_password=0
 local bt_panel_safe_path=""
 local bt_panel_safe_path_type="default"
 local bt_panel_timezone="Asia/Shanghai"
 local proceed_with_deploy
 local api_token
 local space_page_url
 local space_host
 local app_url
 local health_url
cd "$REPO_ROOT"
info "OpenClaw Hugging Face bootstrap (interactive)"
 ensure_git
 ensure_hf_cli
 ensure_huggingface_hub_py
 git --version
 hf version
 python_run --version
if ! hf auth whoami >/dev/null 2>&1; then
 info "HF CLI is not logged in."
 hf_token_for_backup="$(prompt_secret_required "HF_TOKEN (required for hf auth login)")"
 login_with_hf_token "$hf_token_for_backup"
 else
 current_hf_username="$(trim "$(get_hf_username)")"
 if [[ -n "$current_hf_username" ]]; then
 use_current_hf_user="$(prompt_yes_no "HF CLI is already logged in as '$current_hf_username'. Use this user?" "y")"
 else
 use_current_hf_user="$(prompt_yes_no "HF CLI is already logged in. Use current user?" "y")"
 fi
if [[ "$use_current_hf_user" == "yes" ]]; then
 hf_token_for_backup="$(read_current_hf_token)"
 if [[ -z "$hf_token_for_backup" ]]; then
 hf_token_for_backup="$(prompt_secret_required "Cannot read current token. Enter HF_TOKEN")"
 login_with_hf_token "$hf_token_for_backup"
 fi
 else
 RESTORE_HF_LOGIN_TOKEN="$(read_current_hf_token)"
 [[ -n "$RESTORE_HF_LOGIN_TOKEN" ]] || die "Cannot backup current HF token. Ensure current token is readable before switching users."
 RESTORE_HF_LOGIN_REQUIRED=1
 RESTORE_HF_LOGIN_USERNAME="$current_hf_username"
switch_hf_token="$(prompt_secret_required "HF_TOKEN for switching HF user")"
 login_with_hf_token "$switch_hf_token"
 hf_token_for_backup="$switch_hf_token"
 fi
 fi
 [[ -n "$hf_token_for_backup" ]] || die "HF_TOKEN is required to configure Space secret HF_TOKEN."
hf_username="$(get_hf_username)"
 hf_username="$(trim "$hf_username")"
 if [[ -z "$hf_username" ]]; then
 hf_username="$(prompt_required "HF username (cannot parse from hf auth whoami)")"
 fi
 info "HF user: $hf_username"
space_name="$(prompt_required "Space name (without username)" "hi-ai")"
 space_private="$(prompt_yes_no "Make Space private?" "n")"
 if [[ "$space_private" == "yes" ]]; then
 space_private_flag="--private"
 else
 space_private_flag=""
 fi
 dataset_name="$(prompt_required "Dataset name (without username)" "${space_name}-backup")"
 space_repo_id="${hf_username}/${space_name}"
 dataset_repo_id="${hf_username}/${dataset_name}"
 storage_repo_id="${hf_username}/${space_name}-storage"
info ""
 info "Configuring multi-dataset restore (optional)..."
 info " This allows restoring from a different dataset than the backup target."
 restore_dataset_choice="$(prompt_yes_no "Use a different dataset for restore than '$dataset_repo_id'?" "n")"
 if [[ "$restore_dataset_choice" == "yes" ]]; then
 restore_dataset_name="$(prompt_required "Restore dataset name (without username)" "${dataset_name}-restore")"
 restore_dataset_repo_id="${hf_username}/${restore_dataset_name}"
 else
 restore_dataset_repo_id="$dataset_repo_id"
 fi
 info " Restore dataset: $restore_dataset_repo_id"
backup_enabled_choice="$(prompt_yes_no "Enable automatic backup?" "y")"
 if [[ "$backup_enabled_choice" == "yes" ]]; then
 backup_enabled_value="true"
 else
 backup_enabled_value="false"
 fi
 info " Automatic backup: $backup_enabled_value"
if [[ "$backup_enabled_choice" == "yes" ]]; then
 backup_npm_choice="$(prompt_yes_no "Backup npm cache directory (/root/.npm)?" "y")"
 if [[ "$backup_npm_choice" == "yes" ]]; then
 backup_npm_value="true"
 else
 backup_npm_value="false"
 fi
 info " Backup npm directory: $backup_npm_value"
 else
 backup_npm_value="false"
 fi
restore_npm_choice="$(prompt_yes_no "Restore npm cache directory (/root/.npm) during restore?" "y")"
 if [[ "$restore_npm_choice" == "yes" ]]; then
 restore_npm_value="true"
 else
 restore_npm_value="false"
 fi
 info " Restore npm directory: $restore_npm_value"
if [[ "$backup_enabled_choice" == "yes" ]]; then
 backup_encryption_choice="$(prompt_yes_no "Enable backup encryption (AES-256-CBC)?" "y")"
 if [[ "$backup_encryption_choice" == "yes" ]]; then
 backup_encryption_value="true"
 info "NOTE: Encrypted backups require public datasets on HuggingFace."
 backup_encryption_password="$(prompt_secret_required "Encryption password (default: 123456789)")"
 backup_encryption_password="$(printf '%s' "$backup_encryption_password" | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')"
 if [[ -z "$backup_encryption_password" ]]; then
 backup_encryption_password="123456789"
 info " Using default password: 123456789"
 fi
 while [[ -z "$backup_encryption_password" ]]; do
 info " Password cannot be empty"
 backup_encryption_password="$(prompt_secret_required "Encryption password")"
 backup_encryption_password="$(printf '%s' "$backup_encryption_password" | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')"
 if [[ -z "$backup_encryption_password" ]]; then
 backup_encryption_password="123456789"
 info " Using default password: 123456789"
 fi
 done
 else
 backup_encryption_value="false"
 backup_encryption_password=""
 fi
 else
 backup_encryption_value="false"
 backup_encryption_password=""
 fi
info "Please specify OpenClaw version to install:"
 latest_openclaw_version="$(resolve_latest_openclaw_version)"
 default_openclaw_version="$(trim "${OPENCLAW_VERSION:-}")"
 if [[ -z "$default_openclaw_version" ]]; then
 default_openclaw_version="2026.4.15"
 if [[ -n "$latest_openclaw_version" && "$latest_openclaw_version" != "$default_openclaw_version" ]]; then
 info "Latest available version: $latest_openclaw_version"
 info "Default version: $default_openclaw_version"
 fi
 fi
 openclaw_version="$(prompt_required "OPENCLAW_VERSION" "$default_openclaw_version")"
gateway_token="$(prompt_secret_optional "OPENCLAW_GATEWAY_TOKEN (optional, leave empty to auto-generate 32 chars)")"
 if [[ -z "$gateway_token" ]]; then
 gateway_token="$(openssl rand -hex 16)"
 generated_gateway_token=1
 fi
gateway_password="$(prompt_secret_optional "OPENCLAW_GATEWAY_PASSWORD (optional, leave empty to auto-generate 16 chars)")"
 if [[ -z "$gateway_password" ]]; then
 gateway_password="$(openssl rand -hex 8)"
 generated_gateway_password=1
 fi
configure_llm="$(prompt_yes_no "Configure custom LLM now?" "n")"
 if [[ "$configure_llm" == "yes" ]]; then
 llm_base_url="$(prompt_required "OPENCLAW_LLM_BASE_URL")"
 llm_model="$(prompt_required "OPENCLAW_LLM_MODEL")"
 llm_api_key="$(prompt_secret_optional "OPENCLAW_LLM_API_KEY")"
 [[ -n "$llm_api_key" ]] || die "OPENCLAW_LLM_API_KEY is required when enabling custom LLM config."
 else
 enable_sshx="$(prompt_yes_no "Set OPENCLAW_SSHX_AUTO_START=false for later sshx setup?" "n")"
 fi
 if [[ "$enable_sshx" == "yes" ]]; then
 sshx_auto_start_value="true"
 fi
info ""
 info "Configuring BT Panel (宝塔面板)..."
 bt_panel_port="$(prompt_line "BT_PANEL_PORT (宝塔面板端口)" "$bt_panel_port")"
 while true; do
 bt_panel_username="$(prompt_line "BT_PANEL_USERNAME (宝塔面板用户名, 字母开头, 小写字母和数字)" "$bt_panel_username")"
 if [[ "$bt_panel_username" =~ ^[a-z][a-z0-9]{2,31}$ ]]; then
 break
 fi
 error "用户名必须以字母开头, 只能包含小写字母和数字, 长度3-32位"
 done
 # 密码选择
 local default_bt_panel_password="openclaw@123"
 info ""
 info "选择宝塔面板密码设置方式:"
 info " 1) 使用默认密码 (openclaw@123)"
 info " 2) 自定义密码"
 info " 3) 自动生成随机密码"
 local password_choice
 password_choice="$(prompt_line "请选择 [1/2/3]" "1")"
case "$password_choice" in
 1|"default"|"")
 bt_panel_password="$default_bt_panel_password"
 generated_bt_panel_password=1
 info "使用默认密码: $default_bt_panel_password"
 ;;
 2|"custom")
 bt_panel_password=""
 while [[ -z "$bt_panel_password" ]]; do
 bt_panel_password="$(prompt_secret_required "请输入自定义密码")"
 if [[ -z "$bt_panel_password" ]]; then
 error "密码不能为空"
 fi
 done
 generated_bt_panel_password=0
 ;;
 3|"auto"|"random")
 bt_panel_password="$(openssl rand -base64 16 | tr -dc 'a-zA-Z0-9' | head -c 12)"
 generated_bt_panel_password=1
 info "已自动生成随机密码"
 ;;
 *)
 warn "无效选择,使用默认密码"
 bt_panel_password="$default_bt_panel_password"
 generated_bt_panel_password=1
 ;;
 esac
info ""
 info "选择宝塔面板安全入口设置方式:"
 info " 1) 系统默认安全入口(默认值:lauer3912)"
 info " 2) 不设置安全入口(使用随机)"
 info " 3) 自定义安全入口路径"
 local default_bt_panel_safe_path="lauer3912"
 local safe_path_choice
 safe_path_choice="$(prompt_line "请选择 [1/2/3]" "1")"
case "$safe_path_choice" in
 1|""|"default")
 bt_panel_safe_path="$default_bt_panel_safe_path"
 bt_panel_safe_path_type="default"
 info "使用系统默认安全入口: /$bt_panel_safe_path"
 ;;
 2|"random")
 bt_panel_safe_path=""
 bt_panel_safe_path_type="random"
 info "使用随机安全入口"
 ;;
 3|"custom")
 bt_panel_safe_path=""
 bt_panel_safe_path_type="custom"
 while [[ -z "$bt_panel_safe_path" ]]; do
 bt_panel_safe_path="$(prompt_line "请输入自定义安全入口路径(字母和数字,不含特殊字符)")"
 if [[ -z "$bt_panel_safe_path" ]]; then
 error "安全入口路径不能为空"
 elif [[ ! "$bt_panel_safe_path" =~ ^[a-zA-Z0-9]+$ ]]; then
 error "安全入口路径只能包含字母和数字"
 bt_panel_safe_path=""
 fi
 done
 info "使用安全入口: /$bt_panel_safe_path"
 ;;
 *)
 bt_panel_safe_path="$default_bt_panel_safe_path"
 bt_panel_safe_path_type="default"
 info "无效选择,使用系统默认安全入口: /$bt_panel_safe_path"
 ;;
 esac
info ""
 info "选择宝塔面板时区设置方式:"
 info " 1) 设置为 Asia/Shanghai(推荐)"
 info " 2) 使用系统默认时区"
 local default_bt_panel_timezone="Asia/Shanghai"
 local timezone_choice
 timezone_choice="$(prompt_line "请选择 [1/2]" "1")"
case "$timezone_choice" in
 1|""|"default")
 bt_panel_timezone="$default_bt_panel_timezone"
 info "使用 Asia/Shanghai 时区"
 ;;
 2|"system")
 bt_panel_timezone=""
 info "使用系统默认时区"
 ;;
 *)
 bt_panel_timezone="$default_bt_panel_timezone"
 info "无效选择,使用 Asia/Shanghai 时区"
 ;;
 esac
info ""
 info "Planned deployment configuration:"
 info "Space repo: $space_repo_id"
 info "Dataset repo: $dataset_repo_id"
 info "Restore dataset: $restore_dataset_repo_id"
 info "Storage repo: $storage_repo_id"
 info "OPENCLAW_VERSION: $openclaw_version"
 info "OPENCLAW_GATEWAY_CONTROLUI_ALLOW_INSECURE_AUTH=false"
 info "OPENCLAW_GATEWAY_CONTROLUI_DANGEROUSLY_DISABLE_DEVICE_AUTH=false"
 info "OPENCLAW_SSHX_AUTO_START=$sshx_auto_start_value"
 if [[ "$configure_llm" == "yes" ]]; then
 info "Custom LLM config: enabled"
 else
 info "Custom LLM config: disabled"
 fi
 info "BT Panel config:"
 info " BT_PANEL_PORT=$bt_panel_port"
 info " BT_PANEL_USERNAME=$bt_panel_username"
 if [[ "$generated_bt_panel_password" -eq 1 ]]; then
 info " BT_PANEL_PASSWORD=$bt_panel_password (generated/default)"
 else
 info " BT_PANEL_PASSWORD=**** (custom)"
 fi
 if [[ -n "$bt_panel_safe_path" ]]; then
 info " BT_PANEL_SAFE_PATH=$bt_panel_safe_path ($bt_panel_safe_path_type)"
 else
 info " BT_PANEL_SAFE_PATH=<not set> (random)"
 fi
 info " BT_PANEL_TIMEZONE=$bt_panel_timezone"
 proceed_with_deploy="$(prompt_yes_no "Proceed with these settings?" "y")"
 if [[ "$proceed_with_deploy" != "yes" ]]; then
 info "Cancelled by user before creating/updating Space or Dataset."
 return 0
 fi
info "Creating Space and Dataset..."
 hf repos create "$space_repo_id" --repo-type space --space-sdk docker $space_private_flag --exist-ok
 if [[ "$backup_encryption_value" == "true" ]]; then
 hf repos create "$dataset_repo_id" --repo-type dataset --exist-ok
 else
 hf repos create "$dataset_repo_id" --repo-type dataset --private --exist-ok
 fi
 hf repos create "$storage_repo_id" --repo-type dataset --exist-ok
if [[ "$restore_dataset_repo_id" != "$dataset_repo_id" ]]; then
 info "Creating restore dataset '$restore_dataset_repo_id'..."
 if [[ "$backup_encryption_value" == "true" ]]; then
 hf repos create "$restore_dataset_repo_id" --repo-type dataset --exist-ok
 else
 hf repos create "$restore_dataset_repo_id" --repo-type dataset --private --exist-ok
 fi
 fi
info "Uploading repository to Space..."
 local original_readme_title
 original_readme_title="$(sed -n 's/^title: *//p' "$REPO_ROOT/README.md" | head -n 1)"
 update_readme_title "$space_name"
restore_readme_on_exit() {
 restore_previous_hf_login_if_needed
 restore_readme_title "${original_readme_title:-HF Space}"
 }
 trap restore_readme_on_exit EXIT
hf upload "$space_repo_id" . --repo-type space --exclude '.git/**' --exclude '.git' \
 --commit-message "feat: deploy Gemma 4 to hf space"
api_token="$(read_current_hf_token)"
 if [[ -z "$api_token" ]]; then
 api_token="$hf_token_for_backup"
 fi
info "Configuring Space variables and secrets..."
 set_space_variable "$space_repo_id" "OPENCLAW_BACKUP_ENABLED" "$backup_enabled_value" "$api_token"
 set_space_variable "$space_repo_id" "OPENCLAW_BACKUP_NPM_ENABLED" "$backup_npm_value" "$api_token"
 set_space_variable "$space_repo_id" "OPENCLAW_RESTORE_NPM_ENABLED" "$restore_npm_value" "$api_token"
 set_space_variable "$space_repo_id" "OPENCLAW_BACKUP_DATASET_REPO" "$dataset_repo_id" "$api_token"
 set_space_variable "$space_repo_id" "OPENCLAW_RESTORE_DATASET_REPO" "$restore_dataset_repo_id" "$api_token"
 set_space_variable "$space_repo_id" "OPENCLAW_BACKUP_REPO_TYPE" "dataset" "$api_token"
 set_space_variable "$space_repo_id" "OPENCLAW_BACKUP_PATH_PREFIX" "backups" "$api_token"
 set_space_variable "$space_repo_id" "OPENCLAW_HF_SPACE_ID" "$space_repo_id" "$api_token"
 set_space_variable "$space_repo_id" "OPENCLAW_VERSION" "$openclaw_version" "$api_token"
 set_space_variable "$space_repo_id" "OPENCLAW_GATEWAY_CONTROLUI_ALLOW_INSECURE_AUTH" "false" "$api_token"
 set_space_variable "$space_repo_id" "OPENCLAW_GATEWAY_CONTROLUI_DANGEROUSLY_DISABLE_DEVICE_AUTH" "false" "$api_token"
 set_space_secret "$space_repo_id" "OPENCLAW_GATEWAY_TOKEN" "$gateway_token" "$api_token"
 set_space_secret "$space_repo_id" "OPENCLAW_GATEWAY_PASSWORD" "$gateway_password" "$api_token"
 set_space_secret "$space_repo_id" "HF_TOKEN" "$hf_token_for_backup" "$api_token"
if [[ "$backup_encryption_value" == "true" ]]; then
 set_space_secret "$space_repo_id" "OPENCLAW_BACKUP_ENCRYPTION_PASSWORD" "$backup_encryption_password" "$api_token"
 fi
set_space_variable "$space_repo_id" "HF_STORAGE_REPO" "$storage_repo_id" "$api_token"
if [[ "$configure_llm" == "yes" ]]; then
 set_space_variable "$space_repo_id" "OPENCLAW_LLM_BASE_URL" "$llm_base_url" "$api_token"
 set_space_variable "$space_repo_id" "OPENCLAW_LLM_MODEL" "$llm_model" "$api_token"
 set_space_secret "$space_repo_id" "OPENCLAW_LLM_API_KEY" "$llm_api_key" "$api_token"
 fi
info "Configuring SSHX..."
 set_space_variable "$space_repo_id" "OPENCLAW_SSHX_AUTO_START" "$sshx_auto_start_value" "$api_token"
info "Configuring BT Panel..."
 set_space_variable "$space_repo_id" "BT_PANEL_PORT" "$bt_panel_port" "$api_token"
 set_space_variable "$space_repo_id" "BT_PANEL_USERNAME" "$bt_panel_username" "$api_token"
 set_space_variable "$space_repo_id" "BT_PANEL_PASSWORD" "$bt_panel_password" "$api_token"
 if [[ -n "$bt_panel_safe_path" ]]; then
 set_space_variable "$space_repo_id" "BT_PANEL_SAFE_PATH" "$bt_panel_safe_path" "$api_token"
 fi
 set_space_variable "$space_repo_id" "BT_PANEL_TIMEZONE" "$bt_panel_timezone" "$api_token"
info "Configuring restore timeout for extra-large backups (2GB+)..."
 # 【针对2GB+超大文件的恢复超时配置】
 # 恢复2GB备份文件预计需要:
 # - 下载时间:20-40分钟(取决于网络)
 # - 解压时间:10-20分钟
 # - 总时间:约30-60分钟
 # 设置90分钟超时,确保充足时间
 set_space_variable "$space_repo_id" "OPENCLAW_RESTORE_TIMEOUT" "5400" "$api_token"
info "Configuring backup frequency..."
 # 【默认配置】每30分钟执行一次备份检查
 # 使用增量备份策略,只有变化的数据会被备份
 # Cron格式: */5 * * * * 表示每5分钟执行一次
 set_space_variable "$space_repo_id" "OPENCLAW_BACKUP_CRON" "*/5 * * * *" "$api_token"
info "Configuring incremental backup..."
 # 默认开启增量备份
 # 效果:完整备份后,只备份变化的文件,大幅减少备份时间和存储
 set_space_variable "$space_repo_id" "OPENCLAW_INCREMENTAL_BACKUP" "true" "$api_token"
# 【默认配置】增量备份间隔设置为5分钟
 # 效果:距上次备份>=5分钟时,执行增量备份(只备份变化文件)
 set_space_variable "$space_repo_id" "OPENCLAW_INCREMENTAL_INTERVAL_MINUTES" "5" "$api_token"
if [[ "$backup_encryption_value" == "true" ]]; then
 info "Configuring backup encryption..."
 set_space_variable "$space_repo_id" "OPENCLAW_BACKUP_ENCRYPTION_ENABLED" "true" "$api_token"
 fi
info "Configuring backup retention for extra-large datasets..."
 # 保留备份数量(默认24个)
 # 存储估算:单次1GB × 48个 ≈ 48GB(正常情况增量备份远小于1GB)
 set_space_variable "$space_repo_id" "OPENCLAW_BACKUP_KEEP_COUNT" "48" "$api_token"
info "Configuring compression level..."
 # 压缩级别:6(平衡压缩速度和大小,动态策略会根据文件大小调整)
 set_space_variable "$space_repo_id" "OPENCLAW_BACKUP_COMPRESSION_LEVEL" "6" "$api_token"
info "Configuring volume splitting for extra-large files..."
 # 启用分卷压缩(2GB+场景推荐)
 # 将大文件分割成多个500MB的小文件,便于上传和恢复
 # 避免单文件过大导致的网络中断问题
 set_space_variable "$space_repo_id" "OPENCLAW_BACKUP_SPLIT_SIZE" "500M" "$api_token"
info "Configuring large file warning threshold..."
 # 大文件警告阈值(MB)
 # 当备份大小超过此值时发出警告,提醒用户优化
 set_space_variable "$space_repo_id" "OPENCLAW_BACKUP_SIZE_WARNING_MB" "1500" "$api_token"
info "Configuring dynamic backup strategy..."
 # 【动态备份策略】根据数据变化率自动调整备份参数
 # 启用后,系统会根据以下因素自动优化:
 # - 文件大小:自动调整压缩级别和分卷大小
 # - 变化率:根据文件修改频率调整备份间隔
 # - 系统负载:高负载时跳过非紧急备份
 # - 网络状况:慢网络时启用更强压缩
 set_space_variable "$space_repo_id" "OPENCLAW_DYNAMIC_BACKUP" "true" "$api_token"
# 动态策略参数
 # 小文件阈值:<500MB使用快速策略
 set_space_variable "$space_repo_id" "OPENCLAW_DYNAMIC_SMALL_THRESHOLD_MB" "500" "$api_token"
 # 中文件阈值:500MB-2GB使用平衡策略
 set_space_variable "$space_repo_id" "OPENCLAW_DYNAMIC_MEDIUM_THRESHOLD_MB" "2000" "$api_token"
 # 大文件阈值:>2GB使用激进策略
# 高变化率阈值(每分钟变化的文件数)
 set_space_variable "$space_repo_id" "OPENCLAW_DYNAMIC_HIGH_CHANGE_RATE" "10" "$api_token"
 # 低变化率阈值
 set_space_variable "$space_repo_id" "OPENCLAW_DYNAMIC_LOW_CHANGE_RATE" "2" "$api_token"
 # 最小变化文件数(低于此值且变化率低时跳过增量备份)
 set_space_variable "$space_repo_id" "OPENCLAW_DYNAMIC_MIN_CHANGED_FILES" "5" "$api_token"
 # 最小变化文件总大小(低于此值且变化率低时跳过增量备份)
 set_space_variable "$space_repo_id" "OPENCLAW_DYNAMIC_MIN_CHANGED_SIZE_KB" "100" "$api_token"
# 全备份策略配置
 # 每隔2小时强制执行一次全备份
 set_space_variable "$space_repo_id" "OPENCLAW_FULL_BACKUP_INTERVAL_HOURS" "1" "$api_token"
 # 增量备份达到8次后强制执行全备份
 set_space_variable "$space_repo_id" "OPENCLAW_MAX_INCREMENTAL_BACKUPS" "10" "$api_token"
info "Configuring backup watchdog..."
 # 【备份看门狗配置】兜底保障机制
 # 看门狗作为备份系统的最后一道防线,确保备份按时执行
 # 即使 cron 失效,看门狗也会强制触发备份
# 看门狗检查间隔(秒)
 # 每5分钟检查一次备份系统状态
 set_space_variable "$space_repo_id" "WATCHDOG_INTERVAL" "300" "$api_token"
# 最大允许的无备份时间(分钟)
 # 如果超过20分钟没有备份,看门狗会强制触发备份
 set_space_variable "$space_repo_id" "MAX_BACKUP_AGE_MINUTES" "20" "$api_token"
# 强制备份间隔(秒)
 # 无论 cron 状态如何,每1小时至少执行一次强制备份
 set_space_variable "$space_repo_id" "FORCE_BACKUP_INTERVAL" "3600" "$api_token"
info "Configuring BT Panel backup..."
 # Backup directories for BT Panel configuration and data
 backup_dirs="bt-panel-data:/www/server/panel/data"
 backup_dirs+=",bt-panel-config:/www/server/panel/config"
 backup_dirs+=",bt-panel-plugin:/www/server/panel/plugin"
 backup_dirs+=",bt-panel-ssl:/www/server/panel/ssl"
 backup_dirs+=",bt-panel-host:/www/server/panel/vhost"
 backup_dirs+=",bt-panel-nginx-conf:/www/server/nginx/conf"
 backup_dirs+=",bt-panel-apache-conf:/www/server/apache/conf"
 backup_dirs+=",bt-www-wwwroot:/www/wwwroot"
 backup_dirs+=",bt-www-backup:/www/backup"
 backup_dirs+=",bt-www-server-data:/www/server/data"
 backup_dirs+=",supervisor-confd:/etc/supervisor/conf.d"
 backup_dirs+=",cron-spool:/var/spool/cron/crontabs"
 set_space_variable "$space_repo_id" "OPENCLAW_BACKUP_EXTRA_DIRS" "$backup_dirs" "$api_token"
# Backup files for BT Panel and root user configuration
 backup_files="bt-default:/www/server/panel/default.pl"
 backup_files+=",root-bashrc:/root/.bashrc"
 backup_files+=",root-bash_profile:/root/.bash_profile"
 backup_files+=",root-profile:/root/.profile"
 backup_files+=",root-gitconfig:/root/.gitconfig"
 backup_files+=",root-vimrc:/root/.vimrc"
 backup_files+=",root-tmux:/root/.tmux.conf"
 backup_files+=",ssh-agent-autostart:/usr/local/bin/ssh-agent-autostart.sh"
 backup_files+=",openclaw-backup-env:/root/.env.d/openclaw-backup.env"
 backup_files+=",openclaw-env-sh:/etc/profile.d/openclaw-env.sh"
 set_space_variable "$space_repo_id" "OPENCLAW_BACKUP_EXTRA_FILES" "$backup_files" "$api_token"
info "Configuring SSH agent auto-start..."
 # 【SSH密钥自动激活配置】
 # 在容器启动时自动启动ssh-agent并加载/root/.ssh/下的私钥
 # 用户只需将私钥放入/root/.ssh/目录,系统会自动处理
 set_space_variable "$space_repo_id" "OPENCLAW_SSH_AGENT_AUTOSTART" "true" "$api_token"
info "Configuring SSH key auto-loading..."
 # SSH自动激活脚本的bashrc钩子
 # 这会在每次登录时自动执行ssh-agent-autostart.sh
 ssh_bashrc_hook='
# Auto-start SSH agent and load keys
if [ -f /usr/local/bin/ssh-agent-autostart.sh ]; then
 source /usr/local/bin/ssh-agent-autostart.sh
fi
'
 # 将钩子内容编码为base64以便传递
 ssh_bashrc_hook_b64=$(echo "$ssh_bashrc_hook" | base64 -w0)
 set_space_variable "$space_repo_id" "OPENCLAW_SSH_BASHRC_HOOK" "$ssh_bashrc_hook_b64" "$api_token"
info "Configuing Build Version for tracking..."
 build_version_for_space="$openclaw_version-$(date -u +%Y%m%d%H%M)"
 set_space_variable "$space_repo_id" "BUILD_VERSION" "$build_version_for_space" "$api_token"
space_page_url="https://huggingface.co/spaces/${space_repo_id}"
 space_host="${space_repo_id/\//-}.hf.space"
 app_url="https://${space_host}"
 health_url="${app_url}/healthz"
info ""
 info "Deployment complete."
 info "Space repo: $space_repo_id"
 info "Hugging Face Space: $space_page_url"
 info "Dataset repo: $dataset_repo_id"
 info "Restore dataset: $restore_dataset_repo_id"
 info "Storage repo: $storage_repo_id"
 info "OPENCLAW_VERSION: $openclaw_version"
 info "Space URL: $app_url"
 info "Health URL: $health_url"
 info "SSHX auto-start: $sshx_auto_start_value"
 info "BUILD_VERSION for tracking: $build_version_for_space"
 info ""
 info "BT Panel (宝塔面板) - 面板地址在容器启动后查看日志:"
if [[ "$generated_bt_panel_password" -eq 1 ]]; then
 info " BT_PANEL_PASSWORD=$bt_panel_password (auto-generated)"
 fi
if [[ -n "$bt_panel_safe_path" ]]; then
 info " BT_PANEL_SAFE_PATH=$bt_panel_safe_path ($bt_panel_safe_path_type)"
 fi
info " BT_PANEL_TIMEZONE=$bt_panel_timezone"
if [[ "$generated_gateway_token" -eq 1 ]]; then
 info "Generated OPENCLAW_GATEWAY_TOKEN=$gateway_token"
 fi
 if [[ "$generated_gateway_password" -eq 1 ]]; then
 info "Generated OPENCLAW_GATEWAY_PASSWORD=$gateway_password"
 fi
}
main "$@"