Implement space privacy detection and redirection

Added functionality to detect space privacy via HF API at startup and cache the result. Updated request handling to redirect users based on space privacy status.

health-server.js

@@ -1,5 +1,6 @@
 // Single public entrypoint for HF Spaces: dashboard + reverse proxy to OpenClaw + JupyterLab.
 const http = require("http");
+const https = require("https");
 const fs = require("fs");
 const net = require("net");
 
@@ -52,6 +53,50 @@ function deriveHfSpaceUrl() {
   return "";
 }
 const HF_SPACE_URL = deriveHfSpaceUrl();
+
+// Auto-detect space privacy via HF API at startup.
+// Caches result so every request doesn't hit the API.
+let SPACE_IS_PRIVATE = false;
+async function detectSpacePrivacy() {
+  if (!SPACE_ID) return;
+  try {
+    const token = (process.env.HF_TOKEN || "").trim();
+    const reqOptions = {
+      hostname: "huggingface.co",
+      path: `/api/spaces/${SPACE_ID}`,
+      method: "GET",
+      headers: Object.assign(
+        { "User-Agent": "HuggingClaw/health-server" },
+        token ? { Authorization: `Bearer ${token}` } : {}
+      ),
+    };
+    await new Promise((resolve) => {
+      const r = https.request(reqOptions, (res) => {
+        let body = "";
+        res.on("data", (chunk) => { body += chunk; });
+        res.on("end", () => {
+          try {
+            if (res.statusCode === 200) {
+              const data = JSON.parse(body);
+              SPACE_IS_PRIVATE = data.private === true;
+            } else if (res.statusCode === 404 && !token) {
+              // 404 with no token usually means private space
+              SPACE_IS_PRIVATE = true;
+            }
+          } catch {}
+          resolve();
+        });
+      });
+      r.on("error", resolve);
+      r.setTimeout(5000, () => { r.destroy(); resolve(); });
+      r.end();
+    });
+    console.log(`[health-server] Space privacy detected: ${SPACE_IS_PRIVATE ? "private" : "public"}`);
+  } catch {
+    // Network error — default to false (safe)
+  }
+}
+detectSpacePrivacy();
 const CLOUDFLARE_KEEPALIVE_STATUS_FILE =
   "/tmp/huggingclaw-cloudflare-keepalive-status.json";
 
@@ -137,9 +182,24 @@ function renderDashboard(data) {
     tile({ title: "Model", value: `<code>${escapeHtml(LLM_MODEL)}</code>`, detail: "Primary LLM configured", tone: "neutral" }),
     tile({ title: "Runtime", value: escapeHtml(data.uptimeHuman), detail: `Public port ${PORT}`, tone: "neutral" }),
     tile({ title: "Telegram", value: badge(TELEGRAM_ENABLED ? "Enabled" : "Disabled", TELEGRAM_ENABLED ? "ok" : "neutral"), detail: TELEGRAM_ENABLED ? "Bot channel active" : "Not configured", tone: TELEGRAM_ENABLED ? "ok" : "neutral" }),
+  ];
+
+  if (WHATSAPP_ENABLED) {
+    const wa = data.whatsapp || {};
+    const waTone = wa.connected ? "ok" : wa.pairing ? "warn" : "neutral";
+    const waLabel = wa.connected ? "Connected" : wa.pairing ? "Pairing…" : wa.configured ? "Waiting" : "Disabled";
+    const waDetail = wa.connected
+      ? "WhatsApp channel active"
+      : wa.pairing
+        ? "Scan QR code in Control UI → WhatsApp"
+        : "WhatsApp not yet connected";
+    tiles.push(tile({ title: "WhatsApp", value: badge(waLabel, waTone), detail: waDetail, tone: waTone }));
+  }
+
+  tiles.push(
     tile({ title: "Backup", value: badge(syncStatus.toUpperCase(), syncTone), detail: escapeHtml(data.sync?.message || "No status yet"), tone: syncTone, meta: data.sync?.timestamp ? `<span class="local-time" data-iso="${data.sync.timestamp}"></span>` : "" }),
     tile({ title: "Keep Awake", value: badge(kaConf ? "CF Cron" : kaStatus.toUpperCase(), kaTone), detail: kaConf ? `Pinging <code>${escapeHtml(data.keepalive?.targetUrl || "/health")}</code>` : process.env.CLOUDFLARE_WORKERS_TOKEN ? "Worker pending or failed" : "Not configured", tone: kaTone }),
-  ];
+  );
 
   if (JUPYTER_ENABLED) {
     tiles.push(tile({ title: "Terminal", value: badge(data.jupyterReady ? "Online" : "Starting…", data.jupyterReady ? "ok" : "warn"), detail: `JupyterLab at <a href="${JUPYTER_BASE}/" style="color:inherit">${JUPYTER_BASE}/</a>`, tone: data.jupyterReady ? "ok" : "warn" }));
@@ -198,11 +258,12 @@ function renderDashboard(data) {
   const inEmbeddedApp = (() => { try { return window.top !== window.self; } catch { return true; } })();
   const isDirectHfSpaceHost = /\.hf\.space$/i.test(window.location.hostname);
   const HF_SPACE_URL = ${JSON.stringify(HF_SPACE_URL)};
+  const SPACE_IS_PRIVATE = ${JSON.stringify(SPACE_IS_PRIVATE)};
   // ── Private Space Guard ──
   // Direct .hf.space access outside the HF App iframe has no valid session cookie
   // for private spaces — HF CDN returns 404 before the request reaches the container.
   // Redirect users to huggingface.co/spaces/... which authenticates them properly.
-  if (isDirectHfSpaceHost && !inEmbeddedApp && HF_SPACE_URL) {
+  if (SPACE_IS_PRIVATE && isDirectHfSpaceHost && !inEmbeddedApp && HF_SPACE_URL) {
     const notice = document.createElement('div');
     notice.style.cssText = 'position:fixed;inset:0;display:flex;align-items:center;justify-content:center;background:#08080f;color:#f6f4ff;font-family:sans-serif;flex-direction:column;gap:16px;z-index:9999';
     notice.innerHTML = '<span style="font-size:1.1rem">🔒 Private Space &mdash; Redirecting&hellip;</span><a href="' + HF_SPACE_URL + '" style="color:#a5b4fc;font-size:.85rem">Click here if not redirected</a>';
@@ -379,7 +440,23 @@ const server = http.createServer(async (req, res) => {
     return res.end("SPACE_ID not configured.");
   }
 
+  // ── Private Space Guard (server-side) ──
+  // Triggers automatically when SPACE_IS_PRIVATE=true (detected via HF API at startup).
+  // Only intercepts browser navigation (Accept: text/html) — API calls, assets,
+  // and WebSocket upgrades pass through untouched.
+  // /health and /status are always exempt so uptime monitors keep working.
+  const isHtmlRequest = (req.headers.accept || "").includes("text/html");
+  const isDirectHfSpaceRequest = SPACE_IS_PRIVATE &&
+    HF_SPACE_URL &&
+    isHtmlRequest &&
+    typeof req.headers.host === "string" &&
+    req.headers.host.endsWith(".hf.space");
+
   if (pathname === "/env-builder" || pathname === "/env-builder/") {
+    if (isDirectHfSpaceRequest) {
+      res.writeHead(200, { "Content-Type": "text/html" });
+      return res.end(renderPrivateRedirect(HF_SPACE_URL));
+    }
     res.writeHead(200, { "Content-Type": "text/html" });
     return res.end(renderEnvBuilder());
   }
@@ -396,6 +473,10 @@ const server = http.createServer(async (req, res) => {
   }
 
   if (pathname === "/" || pathname === "/dashboard") {
+    if (isDirectHfSpaceRequest) {
+      res.writeHead(200, { "Content-Type": "text/html" });
+      return res.end(renderPrivateRedirect(HF_SPACE_URL));
+    }
     const [gatewayReady, jupyterReady] = await Promise.all([
       probePort(GATEWAY_HOST, GATEWAY_PORT, "/health"),
       JUPYTER_ENABLED ? probePort(JUPYTER_HOST, JUPYTER_PORT, `${JUPYTER_BASE}/login`) : Promise.resolve(false),
@@ -410,6 +491,10 @@ const server = http.createServer(async (req, res) => {
       res.writeHead(404, { "Content-Type": "application/json" });
       return res.end(JSON.stringify({ status: "disabled", message: "JupyterLab terminal is disabled. Set DEV_MODE=true to enable /terminal/." }));
     }
+    if (isDirectHfSpaceRequest) {
+      res.writeHead(200, { "Content-Type": "text/html" });
+      return res.end(renderPrivateRedirect(HF_SPACE_URL));
+    }
     return proxyHTTP(req, res, JUPYTER_HOST, JUPYTER_PORT, {
       publicPrefix: JUPYTER_BASE,
       // Jupyter is started with --ServerApp.base_url=/terminal/, so keep the
@@ -422,6 +507,10 @@ const server = http.createServer(async (req, res) => {
   // OpenClaw Control UI mounted under /app. Retry without the mount prefix on
   // 404 so deployments keep working across OpenClaw basePath behavior changes.
   if (pathname === APP_BASE || pathname.startsWith(APP_BASE + "/")) {
+    if (isDirectHfSpaceRequest) {
+      res.writeHead(200, { "Content-Type": "text/html" });
+      return res.end(renderPrivateRedirect(HF_SPACE_URL));
+    }
     return proxyHTTP(req, res, GATEWAY_HOST, GATEWAY_PORT, {
       publicPrefix: APP_BASE,
       stripPrefix: APP_BASE,
@@ -429,7 +518,18 @@ const server = http.createServer(async (req, res) => {
     });
   }
 
+  // Favicon — serve a minimal inline SVG so browsers don't proxy to the gateway
+  if (pathname === "/favicon.ico" || pathname === "/favicon.svg") {
+    const svg = '<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><text y=".9em" font-size="90">🦞</text></svg>';
+    res.writeHead(200, { "Content-Type": "image/svg+xml", "Cache-Control": "public, max-age=86400" });
+    return res.end(svg);
+  }
+
   // OpenClaw gateway API/static fallback (everything else)
+  if (isDirectHfSpaceRequest) {
+    res.writeHead(200, { "Content-Type": "text/html" });
+    return res.end(renderPrivateRedirect(HF_SPACE_URL));
+  }
   proxyHTTP(req, res, GATEWAY_HOST, GATEWAY_PORT);
 });