Merge pull request #106 from anurag008w/edit

Enhance startup robustness, Jupyter security, and browser reliability

.env.example

@@ -248,8 +248,8 @@ LLM_API_KEY_FALLBACK_ENABLED=true
 GATEWAY_TOKEN=your_gateway_token_here
 
 # [OPTIONAL] JupyterLab terminal token for /terminal/
-# Defaults to "huggingface" if unset. Set a strong token for private deployments.
-JUPYTER_TOKEN=huggingface
+# Set a strong token for private deployments. Must NOT be "huggingface".
+JUPYTER_TOKEN=run: openssl rand -hex 32
 
 # (Optional) Password auth — simpler alternative to token for casual users
 # If set, users can log in with this password instead of the token
@@ -288,14 +288,7 @@ HF_TOKEN=hf_your_token_here
 # Default: huggingclaw-backup
 BACKUP_DATASET_NAME=huggingclaw-backup
 
-# Git commit identity for workspace syncs
-WORKSPACE_GIT_USER=openclaw@example.com
-WORKSPACE_GIT_NAME=OpenClaw Bot
-
 # ── OPTIONAL: Background Services ──
-# Keep-alive ping interval (seconds). Default: 300. Set 0 to disable.
-KEEP_ALIVE_INTERVAL=300
-
 # Workspace auto-sync interval (seconds). Default: 180.
 SYNC_INTERVAL=180
 

Dockerfile

@@ -21,9 +21,12 @@ ENV DEV_MODE=${DEV_MODE}
 RUN apt-get update && apt-get install -y \
     git \
     sudo \
+    file \
     ca-certificates \
     jq \
     curl \
+    dbus \
+    dbus-x11 \
     python3 \
     python3-pip \
     chromium \

README.md

@@ -20,7 +20,7 @@ secrets:
   - name: GATEWAY_TOKEN
     description: "Strong token to secure your OpenClaw Control UI (generate: openssl rand -hex 32)."
   - name: JUPYTER_TOKEN
-    description: "Optional strong token for the JupyterLab terminal at /terminal/ (defaults to huggingface)."
+    description: "Optional token for the JupyterLab terminal at /terminal/. Defaults to GATEWAY_TOKEN when set — no extra secret needed."
   - name: CLOUDFLARE_WORKERS_TOKEN
     description: "Cloudflare API token — auto-creates a Worker proxy and KeepAlive monitor."
   - name: TELEGRAM_ALLOWED_USERS
@@ -57,7 +57,6 @@ secrets:
 - [💻 Local Development](#-local-development)
 - [🔗 CLI Access](#-cli-access)
 - [💻 JupyterLab Terminal](#-jupyterlab-terminal)
-- [🔍 Merge Comparison](#-merge-comparison)
 - [🏗️ Architecture](#-architecture)
 - [💓 Staying Alive](#-staying-alive)
 - [🐛 Troubleshooting](#-troubleshooting)
@@ -78,7 +77,7 @@ secrets:
 - 📊 **Visual Dashboard:** Beautiful Web UI to monitor uptime, sync status, and active models.
 - 🔔 **Webhooks:** Get notified on restarts or backup failures via standard webhooks.
 - 🔐 **Flexible Auth:** Secure the Control UI with either a gateway token or password.
-- 💻 **Optional Dev Terminal:** JupyterLab is available at `/terminal/` only when `DEV_MODE=true` (disabled by default).
+- 💻 **Terminal Out of the Box:** JupyterLab is available at `/terminal/` automatically when `GATEWAY_TOKEN` is set — no extra config needed. `GATEWAY_TOKEN` is reused as the terminal auth token. Set `DEV_MODE=false` explicitly to opt out.
 - 🏠 **100% HF-Native:** Runs entirely on HuggingFace’s free infrastructure (2 vCPU, 16GB RAM).
 
 ## 🎥 Video Tutorial
@@ -104,7 +103,9 @@ Navigate to your new Space's **Settings**, scroll down to the **Variables and se
 > [!TIP]
 > HuggingClaw is completely flexible! You only need these three secrets to get started. You can set other secrets later.
 
-Optional: set `DEV_MODE=true` (Variable) to enable JupyterLab support and install Jupyter dependencies at build time. You can also set `JUPYTER_TOKEN` as a Secret to replace the default terminal token (`huggingface`). If you want to pin a specific OpenClaw release instead of `latest`, add `OPENCLAW_VERSION` under **Variables** in your Space settings. For Docker Spaces, HF passes Variables as build args during image build, so these should be Variables, not Secrets (except tokens).
+**Terminal auto-enables when `GATEWAY_TOKEN` is set** — no extra secrets needed. `GATEWAY_TOKEN` is reused as `JUPYTER_TOKEN`, so the terminal is protected by the same credential as the Control UI. To set a different token, add `JUPYTER_TOKEN` as a Secret. To disable the terminal entirely, set `DEV_MODE=false` as a Variable.
+
+If you want to pin a specific OpenClaw release instead of `latest`, add `OPENCLAW_VERSION` under **Variables** in your Space settings. For Docker Spaces, HF passes Variables as build args during image build, so these should be Variables, not Secrets (except tokens).
 
 ### Step 3: Deploy & Run
 
@@ -366,21 +367,12 @@ The merged Space includes the Hugging Face JupyterLab template behavior inside t
 | :--- | :--- | :--- | :--- |
 | `/` | HuggingClaw dashboard | `7861` | Public HF Spaces entrypoint |
 | `/app/` | OpenClaw Control UI | `7860` | Mounted behind the local reverse proxy |
-| `/terminal/` | JupyterLab terminal (DEV_MODE only) | `8888` | Available only when `DEV_MODE=true`; token login uses `JUPYTER_TOKEN` (default `huggingface`) |
+| `/terminal/` | JupyterLab terminal | `8888` | Auto-enabled when `GATEWAY_TOKEN` is set; uses `GATEWAY_TOKEN` as auth token unless `JUPYTER_TOKEN` is set separately. Set `DEV_MODE=false` to disable. |
 
 When enabled, the terminal notebook root is `/home/node`, so you can inspect HuggingClaw files, logs, workspace state, and runtime scripts from the browser.
 
 > [!IMPORTANT]
-> For real deployments, set a strong `JUPYTER_TOKEN` secret. The `huggingface` default exists only to match the duplicateable Hugging Face JupyterLab template.
-
-## 🔍 Merge Comparison
-
-This repository is a merge of two sources:
-
-- `anurag162008/HuggingClaw`: OpenClaw gateway, dashboard, Cloudflare proxy/keep-alive, Telegram/WhatsApp helpers, backup sync, key rotation, docs, and security metadata.
-- Hugging Face `SpacesExamples/jupyterlab` template: JupyterLab Docker behavior, token login UX, Hugging Face-branded login template, pinned Jupyter packages, and Git LFS defaults for large model/data artifacts.
-
-The main merge-specific change is the single-port router: HF Spaces exposes `7861`, while the router keeps OpenClaw at `/app/` and JupyterLab at `/terminal/` without leaking internal redirects such as `http://127.0.0.1:8888/...`.
+> No extra secret needed — `GATEWAY_TOKEN` is automatically reused as `JUPYTER_TOKEN`. Set a separate `JUPYTER_TOKEN` secret only if you want a different terminal credential.
 
 ## 🏗️ Architecture
 
@@ -402,7 +394,7 @@ HuggingClaw uses a multi-layered approach to ensure stability and persistence on
 2. Resolve backup namespace and restore workspace from HF Dataset.
 3. Generate `openclaw.json` configuration.
 4. Launch background tasks (auto-sync, channel helpers).
-5. Start the local dashboard/reverse proxy and OpenClaw gateway (JupyterLab starts only when `DEV_MODE=true`).
+5. Start the local dashboard/reverse proxy and OpenClaw gateway (JupyterLab starts when `GATEWAY_TOKEN` is set, `DEV_MODE=true`, or `HUGGINGCLAW_JUPYTER_ENABLED=true`).
 
 </details>
 

env-builder.html

@@ -908,7 +908,8 @@ body {
               <span class="pblock-title">📦 Bundle Output</span>
             </div>
             <div class="pblock-body">
-              <textarea id="bundleOut" placeholder="Your encoded bundle will appear here…" readonly spellcheck="false"></textarea>
+              <button id="generateBundle" class="btn btn-amber" style="width:100%;font-size:12.5px;"># Generate Bundle</button>
+              <textarea id="bundleOut" placeholder="Click # Generate to build your bundle…" readonly spellcheck="false"></textarea>
               <input type="text" id="envLineOut" placeholder="HUGGINGCLAW_ENV_BUNDLE=…" readonly spellcheck="false">
               <div class="row-btns">
                 <button id="copyBundle" class="btn btn-amber">⎘ Bundle</button>

env-builder.js

@@ -458,10 +458,10 @@ const FIELDS = [
     "g": "Core",
     "icon": "⚡",
     "k": "OPENCLAW_VERSION",
-    "lbl": "Pin OpenClaw version",
+    "lbl": "Pin OpenClaw version (build-time; rebuild required)",
     "type": "text",
     "ph": "latest",
-    "tag": "optional"
+    "tag": "build"
   },
 {
     "g": "Plugins",
@@ -482,6 +482,15 @@ const FIELDS = [
     "common": 1,
     "tag": "build"
   },
+{
+    "g": "Startup",
+    "icon": "🩺",
+    "k": "AUTO_DOCTOR",
+    "lbl": "Auto-fix config on boot (openclaw doctor --fix)",
+    "type": "toggle",
+    "ph": "false",
+    "tag": "advanced"
+  },
 {
     "g": "Startup",
     "icon": "⚡",
@@ -842,22 +851,12 @@ const FIELDS = [
     "g": "Core",
     "icon": "⚡",
     "k": "JUPYTER_TOKEN",
-    "lbl": "Jupyter access token",
+    "lbl": "Jupyter access token (Must NOT be 'huggingface'. Run: openssl rand -hex 32)",
     "type": "password",
-    "ph": "huggingface",
+    "ph": "change_this_to_a_strong_token",
     "common": 1,
     "tag": "credential"
   },
-{
-    "g": "Core",
-    "icon": "⚡",
-    "k": "KEEP_ALIVE_INTERVAL",
-    "lbl": "Keep-alive ping interval (seconds)",
-    "type": "number",
-    "ph": "300",
-    "common": 1,
-    "tag": "advanced"
-  },
 {
     "g": "Core",
     "icon": "⚡",
@@ -966,24 +965,6 @@ const FIELDS = [
     "ph": "/home/node",
     "tag": "advanced"
   },
-{
-    "g": "Backup",
-    "icon": "💾",
-    "k": "WORKSPACE_GIT_USER",
-    "lbl": "Workspace git author email",
-    "type": "text",
-    "ph": "openclaw@example.com",
-    "tag": "optional"
-  },
-{
-    "g": "Backup",
-    "icon": "💾",
-    "k": "WORKSPACE_GIT_NAME",
-    "lbl": "Workspace git author name",
-    "type": "text",
-    "ph": "OpenClaw Bot",
-    "tag": "optional"
-  },
 {
     "g": "Provider Keys",
     "icon": "🔑",
@@ -2123,7 +2104,7 @@ function valueControlHTML(field) {
   return control;
 }
 
-function cardHTML(f) {
+function cardHTML(f, origIdx = 0) {
   const TAG_META = {
     critical:   { cls: 'badge-critical',   lbl: 'critical'   },
     credential: { cls: 'badge-credential', lbl: 'credential' },
@@ -2135,7 +2116,7 @@ function cardHTML(f) {
   const tm = TAG_META[f.tag] || TAG_META.optional;
   const badge = `<span class="badge ${tm.cls}">${tm.lbl}</span>`;
 
-  return `<div class="env-card" data-row data-group="${esc(f.g)}" data-search="${esc((f.g + ' ' + f.k + ' ' + (f.lbl || '') + ' ' + (f.tag || '')).toLowerCase())}">
+  return `<div class="env-card" data-row data-orig-idx="${origIdx}" data-group="${esc(f.g)}" data-search="${esc((f.g + ' ' + f.k + ' ' + (f.lbl || '') + ' ' + (f.tag || '')).toLowerCase())}">
     <div class="card-top">
       <input type="checkbox" class="card-check" data-check="${esc(f.k)}" ${f.common ? 'data-common="1"' : ''}>
       <div class="card-info">
@@ -2213,14 +2194,17 @@ function collect() {
   return obj;
 }
 
-function refresh() {
+function generateBundle() {
   const obj = collect();
   const keys = Object.keys(obj).sort();
   const bundle = keys.length ? encodeBundle(Object.fromEntries(keys.map(k => [k, obj[k]]))) : '';
-
   $('bundleOut').value = bundle;
   $('envLineOut').value = bundle ? `HUGGINGCLAW_ENV_BUNDLE=${bundle}` : '';
+}
 
+function refresh() {
+  const obj = collect();
+  const keys = Object.keys(obj).sort();
   const s = $('summary');
   if (keys.length) {
     s.innerHTML = `<strong>${keys.length}</strong> variable${keys.length > 1 ? 's' : ''} selected<div class="sum-keys">${keys.map(k => `<span class="sum-key">${esc(k)}</span>`).join('')}</div>`;
@@ -2309,7 +2293,7 @@ function applyObj(obj, replace = false) {
       addCustomRow(key, val, true);
     }
   }
-  markSelected(); filter(); refresh();
+  sortAllSections(); markSelected(); filter(); refresh();
 }
 
 function autoCheck(key) {
@@ -2398,13 +2382,34 @@ function toggleField(key) {
   const chk = document.querySelector(`[data-check="${CSS.escape(key)}"]`);
   if (chk) {
     chk.checked = on;
+    sortSection(inp.closest('[data-row]'));
     markSelected();
   }
   refresh();
 }
 
+function sortSection(cardEl) {
+  const cards = cardEl && cardEl.closest('.cards');
+  if (!cards) return;
+  const all     = [...cards.querySelectorAll('[data-row]')];
+  const checked = all.filter(c =>  c.querySelector('[data-check]')?.checked);
+  const rest    = all.filter(c => !c.querySelector('[data-check]')?.checked);
+  rest.sort((a, b) => Number(a.dataset.origIdx) - Number(b.dataset.origIdx));
+  [...checked, ...rest].forEach(c => cards.appendChild(c));
+}
+
+function sortAllSections() {
+  document.querySelectorAll('.cards').forEach(cards => {
+    const all     = [...cards.querySelectorAll('[data-row]')];
+    const checked = all.filter(c =>  c.querySelector('[data-check]')?.checked);
+    const rest    = all.filter(c => !c.querySelector('[data-check]')?.checked);
+    rest.sort((a, b) => Number(a.dataset.origIdx) - Number(b.dataset.origIdx));
+    [...checked, ...rest].forEach(c => cards.appendChild(c));
+  });
+}
+
 function bindFieldEvents() {
-  document.querySelectorAll('[data-check]').forEach(el => el.addEventListener('change', () => { markSelected(); refresh(); }));
+  document.querySelectorAll('[data-check]').forEach(el => el.addEventListener('change', () => { sortSection(el.closest('[data-row]')); markSelected(); refresh(); }));
   document.querySelectorAll('[data-key]').forEach(el => el.addEventListener('input', refresh));
   document.querySelectorAll('[data-toggle]').forEach(btn => btn.addEventListener('click', () => toggleField(btn.dataset.toggle)));
   document.querySelectorAll('[data-pick-for]').forEach(sel => sel.addEventListener('change', () => handlePickerChange(sel)));
@@ -2429,7 +2434,7 @@ function renderSections() {
         <span class="sec-count">${items.length}</span>
         <div class="sec-line"></div>
       </div>
-      <div class="cards">${items.map(cardHTML).join('')}</div>`;
+      <div class="cards">${items.map((f, i) => cardHTML(f, i)).join('')}</div>`;
     wrap.appendChild(sec);
   });
   bindFieldEvents();
@@ -2463,56 +2468,40 @@ refresh();
 $('search').oninput = filter;
 $('selectCommon').onclick = () => {
   document.querySelectorAll('[data-common="1"]').forEach(c => c.checked = true);
+  sortAllSections();
   markSelected();
   refresh();
 };
 $('selectVisible').onclick = () => {
   document.querySelectorAll('.sec:not(.sec-hidden) [data-row]:not(.hidden) [data-check]').forEach(c => c.checked = true);
+  sortAllSections();
   markSelected();
   refresh();
 };
 $('clearAll').onclick = () => {
   clearForm();
+  sortAllSections();
   markSelected();
   filter();
   refresh();
 };
 $('applyImport').onclick = () => {
   try {
-    applyObj(parseEnv($('importText').value), true);
-    showToast('Imported ✓');
+    const parsed = parseEnv($('importText').value);
+    const count = Object.keys(parsed).length;
+    if (!count) {
+      showToast('No valid env keys found');
+      return;
+    }
+    applyObj(parsed, true);
+    showToast(`Imported ${count} key${count > 1 ? 's' : ''} ✓`);
   } catch (e) {
     showToast('Import failed');
     alert(e.message);
   }
 };
 
-// Auto-import: paste karo aur turant parse + apply ho jaata hai
-$('importText').addEventListener('paste', () => {
-  setTimeout(() => {
-    try {
-      const val = $('importText').value.trim();
-      if (!val) return;
-      applyObj(parseEnv(val), true);
-      showToast('Auto-imported ✓');
-    } catch (e) {
-      showToast('Import failed');
-    }
-  }, 0);
-});
-
-// Live typing: jaise jaise type karo env format mein, bundle banta jaata hai
-$('importText').addEventListener('input', () => {
-  const val = $('importText').value.trim();
-  if (!val) return;
-  // Sirf agar valid env/bundle format lag raha ho tabhi auto-apply
-  const looksLikeEnv = val.includes('=') || val.startsWith('{') || /^[A-Za-z0-9_\-]{20,}$/.test(val);
-  if (looksLikeEnv) {
-    try {
-      applyObj(parseEnv(val), true);
-    } catch (e) { /* silent — user abhi type kar raha hai */ }
-  }
-});
+// Import is explicit via the Import & Apply button to avoid surprising UI resets.
 $('addCustom').onclick = () => addCustomRow();
 $('applyBundle').onclick = () => {
   try {
@@ -2522,6 +2511,7 @@ $('applyBundle').onclick = () => {
     showToast('Invalid bundle');
   }
 };
+$('generateBundle').onclick = () => generateBundle();
 $('copyBundle').onclick = () => copyText($('bundleOut').value);
 $('copyEnvLine').onclick = () => copyText($('envLineOut').value);
 $('copyJson').onclick = () => copyText(JSON.stringify(collect(), null, 2));

health-server.js

@@ -20,9 +20,12 @@ const GATEWAY_HOST = "127.0.0.1";
 const JUPYTER_PORT = Number.parseInt(process.env.JUPYTER_PORT || "8888", 10);
 const JUPYTER_HOST = "127.0.0.1";
 const JUPYTER_BASE = normalizeBase(process.env.JUPYTER_BASE, "/terminal");
+const GATEWAY_TOKEN = (process.env.GATEWAY_TOKEN || "").trim();
 const DEV_MODE_ENABLED = isTrue(process.env.DEV_MODE);
+// Auto-enable Jupyter when DEV_MODE=true, HUGGINGCLAW_JUPYTER_ENABLED=true, or GATEWAY_TOKEN is set.
+// GATEWAY_TOKEN doubles as JUPYTER_TOKEN in start.sh — no extra secret needed.
 const JUPYTER_ENABLED = /^(true|1|yes|on)$/i.test(
-  process.env.HUGGINGCLAW_JUPYTER_ENABLED || (DEV_MODE_ENABLED ? "true" : "false")
+  process.env.HUGGINGCLAW_JUPYTER_ENABLED || (DEV_MODE_ENABLED ? "true" : GATEWAY_TOKEN ? "true" : "false")
 );
 const startTime = Date.now();
 const LLM_MODEL = process.env.LLM_MODEL || "Not Set";
@@ -72,7 +75,6 @@ if (_spacPrivacyEnv === "public") {
   SPACE_IS_PRIVATE = false;
   _privacyDetectionDone = true;
   console.log("[health-server] Space privacy: public (SPACE_PRIVACY env var override)");
-  privacyDetectionReady.then ? void 0 : null;
   _privacyDetectionResolve && _privacyDetectionResolve();
 } else if (_spacPrivacyEnv === "private") {
   // User explicitly set SPACE_PRIVACY=private — skip API call entirely
@@ -635,7 +637,7 @@ const server = http.createServer(async (req, res) => {
   if (pathname === JUPYTER_BASE || pathname.startsWith(JUPYTER_BASE + "/")) {
     if (!JUPYTER_ENABLED) {
       res.writeHead(404, { "Content-Type": "application/json" });
-      return res.end(JSON.stringify({ status: "disabled", message: "JupyterLab terminal is disabled. Set DEV_MODE=true to enable /terminal/." }));
+      return res.end(JSON.stringify({ status: "disabled", message: "JupyterLab terminal is disabled. Set GATEWAY_TOKEN or DEV_MODE=true to enable /terminal/ (or set HUGGINGCLAW_JUPYTER_ENABLED=true)." }));
     }
     if (isDirectHfSpaceRequest) {
       res.writeHead(200, { "Content-Type": "text/html" });

iframe-fix.cjs

@@ -19,9 +19,10 @@ http.Server.prototype.emit = function (event, ...args) {
   if (event === "request") {
     const [, res] = args;
 
-    // Only intercept on the main OpenClaw server (port 7860)
+    // Only intercept on the main OpenClaw server (respects GATEWAY_PORT env var)
+    const expectedPort = Number(process.env.GATEWAY_PORT || 7860);
     const serverPort = this.address && this.address() && this.address().port;
-    if (serverPort && serverPort !== 7860) {
+    if (serverPort && serverPort !== expectedPort) {
       return origEmit.apply(this, [event, ...args]);
     }
 

jupyter-devdata-sync.py

@@ -174,6 +174,7 @@ def is_jupyter_running(port: int = 8888) -> bool:
         return False
 
 def restore_once(api, rid: str):
+    from huggingface_hub import snapshot_download
     from huggingface_hub.errors import RepositoryNotFoundError
     tmp = Path(tempfile.mkdtemp(prefix="devdata-restore-"))
     try:

multi-provider-key-rotator.cjs

@@ -192,6 +192,12 @@ const PROVIDERS = [
     envPlural:  'MODELSTUDIO_API_KEYS',
     envSingular:'MODELSTUDIO_API_KEY',
   },
+  {
+    name:        'synthetic',
+    hostname:    /(?:^|\.)synthetic\.local$/i,
+    envPlural:   'SYNTHETIC_API_KEYS',
+    envSingular: 'SYNTHETIC_API_KEY',
+  },
 
 ];
 
@@ -320,7 +326,25 @@ function patchFetch() {
             // Gemini: key URL query param mein jaata hai, Bearer nahi
             const url = new URL(typeof input === 'string' ? input : input.url);
             url.searchParams.set('key', key);
-            input = typeof input === 'string' ? url.toString() : new Request(url.toString(), input);
+            if (typeof input === 'string') {
+              input = url.toString();
+            } else {
+              // Do NOT pass the Request object as init — that clones (consumes) the body stream.
+              // Instead patch only the URL via init object; fetch spec merges headers from Request.
+              init = {
+                method: input.method,
+                headers: input.headers,
+                body: input.body,
+                mode: input.mode,
+                credentials: input.credentials,
+                cache: input.cache,
+                redirect: input.redirect,
+                referrer: input.referrer,
+                integrity: input.integrity,
+                ...init,
+              };
+              input = url.toString();
+            }
           } else {
             const headers        = init.headers || (input && input.headers) || undefined;
             const patchedHeaders = setAuthHeader(headers, key);

start.sh

@@ -42,6 +42,9 @@ try:
             continue
         if str(key) in {"HUGGINGCLAW_ENV_BUNDLE", "ENV_BUNDLE"}:
             continue
+        if str(key) == "OPENCLAW_VERSION":
+            print("Warning: OPENCLAW_VERSION from env bundle is ignored (build-time only; set HF Variable and rebuild).", file=sys.stderr)
+            continue
         if os.environ.get(str(key), ""):
             continue
         if value is None or isinstance(value, (dict, list)):
@@ -90,6 +93,12 @@ DEV_MODE_ENABLED=false
 if hc_is_true "$DEV_MODE_NORMALIZED"; then
   DEV_MODE_ENABLED=true
 fi
+# Auto-enable DEV_MODE when GATEWAY_TOKEN is set and DEV_MODE was not explicitly configured.
+# GATEWAY_TOKEN doubles as JUPYTER_TOKEN (see start_jupyter_once) — no extra secret required.
+if [ "$DEV_MODE_ENABLED" != "true" ] && [ -z "${DEV_MODE:-}" ] && [ -n "${GATEWAY_TOKEN:-}" ]; then
+  DEV_MODE_ENABLED=true
+  echo "GATEWAY_TOKEN set and DEV_MODE not explicitly configured — auto-enabling terminal (set DEV_MODE=false to opt out)"
+fi
 SYNC_INTERVAL="$(trim_var "${SYNC_INTERVAL:-180}")"
 DEVDATA_DATASET_NAME="$(trim_var "${DEVDATA_DATASET_NAME:-huggingclaw-devdata}")"
 DEVDATA_SYNC_INTERVAL="$(trim_var "${DEVDATA_SYNC_INTERVAL:-180}")"
@@ -99,6 +108,9 @@ DEVDATA_ENABLED=true
 if ! hc_is_true "$DEVDATA_NORMALIZED"; then
   DEVDATA_ENABLED=false
 fi
+# On HF Spaces, browser is disabled by default (no display server).
+# To enable: set BROWSER_PLUGIN_MODE=enabled as an HF Space secret.
+# WARNING: requires at least CPU Upgrade tier (2 vCPU / 16GB RAM).
 if [ -n "${SPACE_HOST:-}" ]; then
   OPENCLAW_CONSOLE_LOG_LEVEL="${OPENCLAW_CONSOLE_LOG_LEVEL:-warn}"
   OPENCLAW_FILE_LOG_LEVEL="${OPENCLAW_FILE_LOG_LEVEL:-info}"
@@ -320,7 +332,7 @@ CONFIG_JSON=$(cat <<'CONFIGEOF'
 {
   "gateway": {
     "mode": "local",
-    "port": 7860,
+    "port": "${GATEWAY_PORT}",
     "bind": "lan",
     "auth": {
       "token": ""
@@ -353,8 +365,10 @@ CONFIG_JSON=$(jq \
   --arg fileLevel "$OPENCLAW_FILE_LOG_LEVEL" \
   --arg consoleLevel "$OPENCLAW_CONSOLE_LOG_LEVEL" \
   --arg consoleStyle "$OPENCLAW_CONSOLE_LOG_STYLE" \
+  --arg port "$GATEWAY_PORT" \
   '.gateway.auth.token = $token
    | .agents.defaults.model = $model
+   | .gateway.port = ($port | tonumber)
    | .logging.level = $fileLevel
    | .logging.consoleLevel = $consoleLevel
    | .logging.consoleStyle = $consoleStyle' <<<"$CONFIG_JSON")
@@ -367,7 +381,7 @@ CUSTOM_MODEL_NAME="${CUSTOM_MODEL_NAME:-$CUSTOM_MODEL_ID}"
 CUSTOM_API_KEY="${CUSTOM_API_KEY:-$LLM_API_KEY}"
 CUSTOM_API_TYPE="${CUSTOM_API_TYPE:-openai-completions}"
 CUSTOM_CONTEXT_WINDOW="${CUSTOM_CONTEXT_WINDOW:-128000}"
-CUSTOM_MAX_TOKENS="${CUSTOM_MAX_TOKENS:-500}"
+CUSTOM_MAX_TOKENS="${CUSTOM_MAX_TOKENS:-8192}"
 
 if [ -n "$CUSTOM_PROVIDER_NAME" ] || [ -n "$CUSTOM_BASE_URL" ] || [ -n "$CUSTOM_MODEL_ID" ]; then
   CUSTOM_PROVIDER_NORMALIZED=$(printf '%s' "$CUSTOM_PROVIDER_NAME" | tr '[:upper:]' '[:lower:]')
@@ -506,12 +520,75 @@ inject_provider_models_from_env "github-copilot" "GITHUB_COPILOT_MODELS" "COPILO
 
 # Browser configuration (managed local Chromium in HF/Docker)
 BROWSER_EXECUTABLE_PATH=""
-for candidate in /usr/bin/chromium /usr/bin/chromium-browser /snap/bin/chromium; do
+BROWSER_WRAPPER_PATH=""
+HAS_FILE_CMD=false
+if command -v file >/dev/null 2>&1; then
+  HAS_FILE_CMD=true
+fi
+
+ensure_chromium_for_browser_plugin() {
+  # Enforce Chromium availability when browser plugin is explicitly enabled.
+  [ "$BROWSER_PLUGIN_MODE" = "enabled" ] || return 0
+  for candidate in /usr/lib/chromium/chromium /usr/bin/chromium /usr/bin/chromium-browser; do
+    [ -x "$candidate" ] && return 0
+  done
+  if [ "$HAS_FILE_CMD" != "true" ]; then
+    echo "BROWSER_PLUGIN_MODE=enabled and 'file' command is missing; attempting runtime install..."
+    if _hc_apt_install file; then
+      HAS_FILE_CMD=true
+      echo "'file' command installed via apt-get."
+    else
+      echo "Warning: could not install 'file'; continuing with executable-path fallback checks."
+    fi
+  fi
+  echo "BROWSER_PLUGIN_MODE=enabled but Chromium is missing; attempting runtime install..."
+  if _hc_apt_install chromium; then
+    echo "Chromium installed via apt-get."
+    return 0
+  fi
+  if _hc_apt_install chromium-browser; then
+    echo "Chromium browser package installed via apt-get."
+    return 0
+  fi
+  echo "ERROR: Browser plugin is enabled, but Chromium install failed. Disable browser plugin or rebuild image with Chromium preinstalled." >&2
+  return 1
+}
+ensure_chromium_for_browser_plugin || HC_STARTUP_FAILURES=$((HC_STARTUP_FAILURES + 1))
+
+# On Debian/Ubuntu, /usr/bin/chromium is often a shell wrapper while the real
+# ELF binary lives under /usr/lib/chromium/*. Prefer a real ELF binary, then
+# fall back to wrapper launchers (Playwright/OpenClaw can execute those too).
+for candidate in \
+    /usr/lib/chromium/chromium \
+    /usr/lib/chromium-browser/chromium-browser \
+    /usr/bin/chromium \
+    /usr/bin/chromium-browser \
+    /snap/bin/chromium; do
   if [ -x "$candidate" ]; then
-    BROWSER_EXECUTABLE_PATH="$candidate"
-    break
+    if [ "$HAS_FILE_CMD" = "true" ]; then
+      if file "$candidate" 2>/dev/null | grep -q "ELF"; then
+        BROWSER_EXECUTABLE_PATH="$candidate"
+        break
+      fi
+    else
+      # Minimal images may not ship `file`; accept the first executable path.
+      BROWSER_EXECUTABLE_PATH="$candidate"
+      break
+    fi
+    if [ -z "$BROWSER_WRAPPER_PATH" ]; then
+      BROWSER_WRAPPER_PATH="$candidate"
+    fi
   fi
 done
+if [ -z "$BROWSER_EXECUTABLE_PATH" ] && [ -n "$BROWSER_WRAPPER_PATH" ]; then
+  BROWSER_EXECUTABLE_PATH="$BROWSER_WRAPPER_PATH"
+  echo "No ELF Chromium binary found; using launcher wrapper at $BROWSER_EXECUTABLE_PATH"
+elif [ -n "$BROWSER_EXECUTABLE_PATH" ] && [ "$HAS_FILE_CMD" != "true" ]; then
+  echo "Detected Chromium executable at $BROWSER_EXECUTABLE_PATH (ELF probe skipped: 'file' command not installed)"
+fi
+if [ -z "$BROWSER_EXECUTABLE_PATH" ]; then
+  echo "Warning: Chromium executable not found. Browser plugin will be disabled."
+fi
 
 BROWSER_SHOULD_ENABLE=false
 if [ "$BROWSER_PLUGIN_MODE" = "enabled" ] && [ -n "$BROWSER_EXECUTABLE_PATH" ] && [ -x "$BROWSER_EXECUTABLE_PATH" ]; then
@@ -563,13 +640,28 @@ CONFIG_JSON=$(jq \
 
 if [ "$BROWSER_SHOULD_ENABLE" = "true" ]; then
   CONFIG_JSON=$(jq \
-    --arg execPath "$BROWSER_EXECUTABLE_PATH" \
     '.browser = {
        "enabled": true,
        "defaultProfile": "openclaw",
        "headless": true,
        "noSandbox": true,
-       "executablePath": $execPath
+       "extraArgs": [
+         "--headless=new",
+         "--no-sandbox",
+         "--disable-setuid-sandbox",
+         "--no-zygote",
+         "--disable-dev-shm-usage",
+         "--disable-gpu",
+         "--remote-debugging-address=127.0.0.1",
+         "--disable-features=UseDBus,MediaRouter",
+         "--password-store=basic",
+         "--no-first-run",
+         "--disable-background-networking",
+         "--disable-sync",
+         "--disable-translate",
+         "--disable-notifications",
+         "--disable-speech-api"
+       ]
      }
      | .agents.defaults.sandbox.browser.allowHostControl = true' <<<"$CONFIG_JSON")
 fi
@@ -680,6 +772,10 @@ WHATSAPP_CONFIG_ENABLED=false
 if [ "$WHATSAPP_ENABLED_NORMALIZED" = "true" ]; then
   WHATSAPP_CONFIG_ENABLED=true
 fi
+TELEGRAM_CONFIG_ENABLED=false
+if [ -n "${TELEGRAM_BOT_TOKEN:-}" ]; then
+  TELEGRAM_CONFIG_ENABLED=true
+fi
 if [ -f "$EXISTING_CONFIG" ]; then
   echo "Restored config found — patching required fields and runtime channel/plugin toggles..."
   PATCHED=$(jq \
@@ -694,9 +790,11 @@ if [ -f "$EXISTING_CONFIG" ]; then
     --argjson consoleStyleConfigured "$OPENCLAW_CONSOLE_LOG_STYLE_CONFIGURED" \
     --argjson whatsappConfigured "$WHATSAPP_ENABLED_CONFIGURED" \
     --argjson whatsappEnabled "$WHATSAPP_CONFIG_ENABLED" \
+    --argjson telegramConfigured "$TELEGRAM_CONFIG_ENABLED" \
     '(.channels.whatsapp // {}) as $existingWhatsapp
      | .gateway.auth.token = $token
      | .agents.defaults.model = $model
+     | .gateway.port = ($desired.gateway.port // .gateway.port)
      | if $fileLogConfigured then .logging.level = $fileLevel else . end
      | if $consoleLogConfigured then .logging.consoleLevel = $consoleLevel else . end
      | if $consoleStyleConfigured then .logging.consoleStyle = $consoleStyle else . end
@@ -715,6 +813,13 @@ if [ -f "$EXISTING_CONFIG" ]; then
          | del(.channels.whatsapp)
        else
          .
+       end
+     | if $telegramConfigured then
+         .channels.telegram = (($desired.channels.telegram // {}) * (.channels.telegram // {}))
+         | .channels.telegram.botToken = $desired.channels.telegram.botToken
+       else
+         del(.channels.telegram)
+         | .plugins.entries.telegram.enabled = false
        end' \
     "$EXISTING_CONFIG" 2>/dev/null)
 
@@ -758,7 +863,13 @@ fi
 if [ -n "${CLOUDFLARE_PROXY_URL:-}" ]; then
   echo "Proxy     : ${CLOUDFLARE_PROXY_URL}"
 fi
-RUNTIME_JUPYTER_ENABLED="$DEV_MODE_ENABLED"
+# HUGGINGCLAW_JUPYTER_ENABLED env var se override allow karo
+# (env-builder "Enable Jupyter terminal" toggle yahi set karta hai)
+if hc_is_true "${HUGGINGCLAW_JUPYTER_ENABLED:-false}"; then
+  RUNTIME_JUPYTER_ENABLED=true
+else
+  RUNTIME_JUPYTER_ENABLED="$DEV_MODE_ENABLED"
+fi
 # Add user bin to PATH for jupyter-lab (installed in Dockerfile when DEV_MODE=true)
 export PATH="$HOME/.local/bin:$PATH"
 
@@ -817,20 +928,24 @@ graceful_shutdown() {
 }
 trap graceful_shutdown SIGTERM SIGINT
 
+BROWSER_WARMED_UP=false
 warmup_browser() {
   [ "$BROWSER_SHOULD_ENABLE" = "true" ] || return 0
+  # Only warm up once — gateway restarts should not re-spawn new warmup jobs.
+  [ "$BROWSER_WARMED_UP" = "false" ] || return 0
+  BROWSER_WARMED_UP=true
 
   (
-    sleep 5
+    sleep 8
 
     local attempt
-    for attempt in 1 2 3 4 5; do
+    for attempt in 1 2 3 4 5 6; do
       if openclaw browser --browser-profile openclaw start >/dev/null 2>&1; then
         openclaw browser --browser-profile openclaw open about:blank >/dev/null 2>&1 || true
         echo "Managed browser ready."
         return 0
       fi
-      sleep 2
+      sleep 5
     done
 
     echo "Warning: managed browser warm-up did not complete; first browser action may need a retry."
@@ -865,6 +980,13 @@ start_jupyter_once() {
     return 0
   fi
 
+  # GATEWAY_TOKEN fallback: if JUPYTER_TOKEN is unset or still the insecure default,
+  # reuse GATEWAY_TOKEN. Both protect the same Space, so the credential is equivalent.
+  if { [ -z "${JUPYTER_TOKEN:-}" ] || [ "${JUPYTER_TOKEN}" = "huggingface" ]; } && [ -n "${GATEWAY_TOKEN:-}" ]; then
+    JUPYTER_TOKEN="$GATEWAY_TOKEN"
+    echo "JUPYTER_TOKEN not set — using GATEWAY_TOKEN as terminal auth token"
+  fi
+
   # Security guard: refuse to start JupyterLab with the insecure default token.
   # JupyterLab exposes a full shell — a weak token is equivalent to no auth.
   if [ -z "${JUPYTER_TOKEN:-}" ] || [ "${JUPYTER_TOKEN}" = "huggingface" ]; then
@@ -1438,7 +1560,9 @@ if [ -n "${HUGGINGCLAW_OPENCLAW_PLUGINS:-}" ]; then
 fi
 
 # ── Fix config before running startup commands ──
-openclaw doctor --fix || true
+if [ "${AUTO_DOCTOR:-false}" = "true" ]; then
+  openclaw doctor --fix || true
+fi
 
 # ── Arbitrary startup commands from HF Variables/Secrets ──
 # Recommended: use one variable, HUGGINGCLAW_RUN, as a full bash script. If the
@@ -1556,6 +1680,16 @@ start_guardian_once() {
   echo "WhatsApp Guardian started (PID: $GUARDIAN_PID)"
 }
 
+# ── Start D-Bus session (once, before gateway loop) ──
+if [ -z "${DBUS_SESSION_BUS_ADDRESS:-}" ]; then
+  if command -v dbus-launch >/dev/null 2>&1; then
+    eval "$(dbus-launch --sh-syntax 2>/dev/null)" || true
+    export DBUS_SESSION_BUS_ADDRESS="${DBUS_SESSION_BUS_ADDRESS:-disabled:}"
+  else
+    export DBUS_SESSION_BUS_ADDRESS="disabled:"
+  fi
+fi
+
 while true; do
   # Check health-server process - restart if died unexpectedly
   if [ -n "${HEALTH_PID:-}" ] && ! kill -0 "$HEALTH_PID" 2>/dev/null; then
@@ -1581,10 +1715,12 @@ while true; do
     fi
   fi
 
-  openclaw doctor --fix || true
-  echo "Launching OpenClaw gateway on port 7860..."
+  if [ "${AUTO_DOCTOR:-false}" = "true" ]; then
+    openclaw doctor --fix || true
+  fi
+  echo "Launching OpenClaw gateway on port ${GATEWAY_PORT}..."
 
-  GATEWAY_ARGS=(gateway run --port 7860 --bind lan)
+  GATEWAY_ARGS=(gateway run --port "${GATEWAY_PORT}" --bind lan)
   if [ "${GATEWAY_VERBOSE:-0}" = "1" ]; then
     GATEWAY_ARGS+=(--verbose)
     echo "Gateway verbose logging enabled (GATEWAY_VERBOSE=1)"
@@ -1597,13 +1733,13 @@ while true; do
   stdbuf -oL -eL openclaw "${GATEWAY_ARGS[@]}" 2>&1 | tee -a /home/node/.openclaw/gateway.log &
   GATEWAY_PID=$!
 
-  # Poll for the gateway to start listening on 7860. OpenClaw can take 20-30s
+  # Poll for the gateway to start listening on ${GATEWAY_PORT}. OpenClaw can take 20-30s
   # on cold start (plugin install + auto-restore). Bail out early if the
   # pipeline died.
   GATEWAY_READY_TIMEOUT="${GATEWAY_READY_TIMEOUT:-90}"
   ready=false
   for ((i=0; i<GATEWAY_READY_TIMEOUT; i++)); do
-    if (echo > /dev/tcp/127.0.0.1/7860) 2>/dev/null; then
+    if (echo > /dev/tcp/127.0.0.1/${GATEWAY_PORT}) 2>/dev/null; then
       ready=true
       break
     fi
@@ -1618,14 +1754,29 @@ while true; do
     echo "Gateway failed to start. Last 30 lines of log:"
     echo "────────────────────────────────────────────"
     tail -30 /home/node/.openclaw/gateway.log
-    echo "Gateway failed — JupyterLab and env-builder still running. Retrying in 10s..."
-    sleep 10
-    continue
+    if [ "$DEV_MODE_ENABLED" = "true" ]; then
+      echo "Gateway failed — DEV_MODE active, retrying in 10s..."
+      sleep 10
+      continue
+    else
+      echo "Gateway failed — exiting."
+      exit 1
+    fi
   fi
 
   # 11. Start WhatsApp Guardian after the gateway is accepting connections
   start_guardian_once
 
+  # ── Silence D-Bus errors for headless Chromium ──
+  if [ -z "${DBUS_SESSION_BUS_ADDRESS:-}" ]; then
+    if command -v dbus-launch >/dev/null 2>&1; then
+      eval "$(dbus-launch --sh-syntax 2>/dev/null)" || true
+      export DBUS_SESSION_BUS_ADDRESS="${DBUS_SESSION_BUS_ADDRESS:-disabled:}"
+    else
+      export DBUS_SESSION_BUS_ADDRESS="disabled:"
+    fi
+  fi
+
   # 11.5 Warm up the managed browser so first browser actions have a live tab
   warmup_browser
 

wa-guardian.js

@@ -17,7 +17,8 @@ try {
 }
 const { randomUUID } = require('node:crypto');
 
-const GATEWAY_URL = "ws://127.0.0.1:7860";
+const GATEWAY_PORT = Number.parseInt(process.env.GATEWAY_PORT || "7860", 10);
+const GATEWAY_URL = `ws://127.0.0.1:${GATEWAY_PORT}`;
 const GATEWAY_TOKEN = process.env.GATEWAY_TOKEN || "huggingclaw";
 const WHATSAPP_ENABLED = /^true$/i.test(process.env.WHATSAPP_ENABLED || "");
 const CHECK_INTERVAL = 30000;
@@ -125,7 +126,8 @@ async function createConnection() {
   });
 }
 
-async function callRpc(ws, method, params) {
+async function callRpc(ws, method, params, timeoutMs) {
+  const ms = timeoutMs !== undefined ? timeoutMs : 10000; // default 10s for normal calls
   return new Promise((resolve, reject) => {
     const id = randomUUID();
     const handler = (data) => {
@@ -148,7 +150,7 @@ async function callRpc(ws, method, params) {
       reject(sendErr);
       return;
     }
-    setTimeout(() => { ws.removeListener("message", handler); reject(new Error("RPC Timeout")); }, WAIT_TIMEOUT + 5000);
+    setTimeout(() => { ws.removeListener("message", handler); reject(new Error("RPC Timeout")); }, ms);
   });
 }
 
@@ -188,7 +190,7 @@ async function checkStatus() {
     }
 
     console.log("[guardian] Waiting for pairing completion...");
-    const waitRes = await callRpc(ws, "web.login.wait", { timeoutMs: WAIT_TIMEOUT });
+    const waitRes = await callRpc(ws, "web.login.wait", { timeoutMs: WAIT_TIMEOUT }, WAIT_TIMEOUT + 5000);
     const result = waitRes.payload || waitRes.result;
     const message = result?.message || "";
     const linkedAfter515 = !result?.connected && message.includes("515");
@@ -202,19 +204,27 @@ async function checkStatus() {
       lastConnectedAt = Date.now();
       writeStatus({ configured: true, connected: true, pairing: false });
 
+      // Set shouldStop BEFORE config.apply — gateway restart during apply must not
+      // leave guardian running (it would then incorrectly wipe valid credentials).
+      shouldStop = true;
+
       if (linkedAfter515) {
         console.log("[guardian] 515 after scan: credentials saved, reloading config to start WhatsApp...");
       } else {
         console.log("[guardian] Pairing completed! Reloading config...");
       }
 
-      const getRes = await callRpc(ws, "config.get", {});
-      if (getRes.payload?.raw && getRes.payload?.hash) {
-        await callRpc(ws, "config.apply", { raw: getRes.payload.raw, baseHash: getRes.payload.hash });
-        console.log("[guardian] Configuration re-applied.");
+      try {
+        const getRes = await callRpc(ws, "config.get", {});
+        if (getRes.payload?.raw && getRes.payload?.hash) {
+          await callRpc(ws, "config.apply", { raw: getRes.payload.raw, baseHash: getRes.payload.hash });
+          console.log("[guardian] Configuration re-applied.");
+        }
+      } catch (applyErr) {
+        // Gateway restarted during config.apply — that is expected and fine.
+        // shouldStop is already true so we will not retry or attempt logout.
+        console.log(`[guardian] Config re-apply interrupted (gateway restarting): ${applyErr.message}`);
       }
-
-      shouldStop = true;
       setTimeout(() => process.exit(0), 1000);
     } else if (!message.includes("No active") && !message.includes("Still waiting")) {
       console.log(`[guardian] Wait result: ${message}`);