Simplify env-builder import flow and prevent accidental auto-apply

.env.example

@@ -248,8 +248,8 @@ LLM_API_KEY_FALLBACK_ENABLED=true
 GATEWAY_TOKEN=your_gateway_token_here
 
 # [OPTIONAL] JupyterLab terminal token for /terminal/
-# Defaults to "huggingface" if unset. Set a strong token for private deployments.
-JUPYTER_TOKEN=huggingface
+# Set a strong token for private deployments. Must NOT be "huggingface".
+JUPYTER_TOKEN=run: openssl rand -hex 32
 
 # (Optional) Password auth — simpler alternative to token for casual users
 # If set, users can log in with this password instead of the token
@@ -288,14 +288,7 @@ HF_TOKEN=hf_your_token_here
 # Default: huggingclaw-backup
 BACKUP_DATASET_NAME=huggingclaw-backup
 
-# Git commit identity for workspace syncs
-WORKSPACE_GIT_USER=openclaw@example.com
-WORKSPACE_GIT_NAME=OpenClaw Bot
-
 # ── OPTIONAL: Background Services ──
-# Keep-alive ping interval (seconds). Default: 300. Set 0 to disable.
-KEEP_ALIVE_INTERVAL=300
-
 # Workspace auto-sync interval (seconds). Default: 180.
 SYNC_INTERVAL=180
 

Dockerfile

@@ -24,6 +24,8 @@ RUN apt-get update && apt-get install -y \
     ca-certificates \
     jq \
     curl \
+    dbus \
+    dbus-x11 \
     python3 \
     python3-pip \
     chromium \

README.md

@@ -104,7 +104,7 @@ Navigate to your new Space's **Settings**, scroll down to the **Variables and se
 > [!TIP]
 > HuggingClaw is completely flexible! You only need these three secrets to get started. You can set other secrets later.
 
-Optional: set `DEV_MODE=true` (Variable) to enable JupyterLab support and install Jupyter dependencies at build time. You can also set `JUPYTER_TOKEN` as a Secret to replace the default terminal token (`huggingface`). If you want to pin a specific OpenClaw release instead of `latest`, add `OPENCLAW_VERSION` under **Variables** in your Space settings. For Docker Spaces, HF passes Variables as build args during image build, so these should be Variables, not Secrets (except tokens).
+Optional: set `DEV_MODE=true` (Variable) to enable JupyterLab support and install Jupyter dependencies at build time. You can also set `JUPYTER_TOKEN` as a Secret to set a strong terminal token (must not be `huggingface`). If you want to pin a specific OpenClaw release instead of `latest`, add `OPENCLAW_VERSION` under **Variables** in your Space settings. For Docker Spaces, HF passes Variables as build args during image build, so these should be Variables, not Secrets (except tokens).
 
 ### Step 3: Deploy & Run
 
@@ -366,12 +366,12 @@ The merged Space includes the Hugging Face JupyterLab template behavior inside t
 | :--- | :--- | :--- | :--- |
 | `/` | HuggingClaw dashboard | `7861` | Public HF Spaces entrypoint |
 | `/app/` | OpenClaw Control UI | `7860` | Mounted behind the local reverse proxy |
-| `/terminal/` | JupyterLab terminal (DEV_MODE only) | `8888` | Available only when `DEV_MODE=true`; token login uses `JUPYTER_TOKEN` (default `huggingface`) |
+| `/terminal/` | JupyterLab terminal (DEV_MODE only) | `8888` | Available only when `DEV_MODE=true`; token login uses `JUPYTER_TOKEN` (set a strong value) |
 
 When enabled, the terminal notebook root is `/home/node`, so you can inspect HuggingClaw files, logs, workspace state, and runtime scripts from the browser.
 
 > [!IMPORTANT]
-> For real deployments, set a strong `JUPYTER_TOKEN` secret. The `huggingface` default exists only to match the duplicateable Hugging Face JupyterLab template.
+> For real deployments, set a strong `JUPYTER_TOKEN` secret. Do not use `huggingface`; generate a strong token with `openssl rand -hex 32`.
 
 ## 🔍 Merge Comparison
 

env-builder.html

@@ -908,7 +908,8 @@ body {
               <span class="pblock-title">📦 Bundle Output</span>
             </div>
             <div class="pblock-body">
-              <textarea id="bundleOut" placeholder="Your encoded bundle will appear here…" readonly spellcheck="false"></textarea>
+              <button id="generateBundle" class="btn btn-amber" style="width:100%;font-size:12.5px;"># Generate Bundle</button>
+              <textarea id="bundleOut" placeholder="Click # Generate to build your bundle…" readonly spellcheck="false"></textarea>
               <input type="text" id="envLineOut" placeholder="HUGGINGCLAW_ENV_BUNDLE=…" readonly spellcheck="false">
               <div class="row-btns">
                 <button id="copyBundle" class="btn btn-amber">⎘ Bundle</button>

env-builder.js

@@ -458,10 +458,10 @@ const FIELDS = [
     "g": "Core",
     "icon": "⚡",
     "k": "OPENCLAW_VERSION",
-    "lbl": "Pin OpenClaw version",
+    "lbl": "Pin OpenClaw version (build-time; rebuild required)",
     "type": "text",
     "ph": "latest",
-    "tag": "optional"
+    "tag": "build"
   },
 {
     "g": "Plugins",
@@ -482,6 +482,15 @@ const FIELDS = [
     "common": 1,
     "tag": "build"
   },
+{
+    "g": "Startup",
+    "icon": "🩺",
+    "k": "AUTO_DOCTOR",
+    "lbl": "Auto-fix config on boot (openclaw doctor --fix)",
+    "type": "toggle",
+    "ph": "false",
+    "tag": "advanced"
+  },
 {
     "g": "Startup",
     "icon": "⚡",
@@ -842,22 +851,12 @@ const FIELDS = [
     "g": "Core",
     "icon": "⚡",
     "k": "JUPYTER_TOKEN",
-    "lbl": "Jupyter access token",
+    "lbl": "Jupyter access token (Must NOT be 'huggingface'. Run: openssl rand -hex 32)",
     "type": "password",
-    "ph": "huggingface",
+    "ph": "change_this_to_a_strong_token",
     "common": 1,
     "tag": "credential"
   },
-{
-    "g": "Core",
-    "icon": "⚡",
-    "k": "KEEP_ALIVE_INTERVAL",
-    "lbl": "Keep-alive ping interval (seconds)",
-    "type": "number",
-    "ph": "300",
-    "common": 1,
-    "tag": "advanced"
-  },
 {
     "g": "Core",
     "icon": "⚡",
@@ -966,24 +965,6 @@ const FIELDS = [
     "ph": "/home/node",
     "tag": "advanced"
   },
-{
-    "g": "Backup",
-    "icon": "💾",
-    "k": "WORKSPACE_GIT_USER",
-    "lbl": "Workspace git author email",
-    "type": "text",
-    "ph": "openclaw@example.com",
-    "tag": "optional"
-  },
-{
-    "g": "Backup",
-    "icon": "💾",
-    "k": "WORKSPACE_GIT_NAME",
-    "lbl": "Workspace git author name",
-    "type": "text",
-    "ph": "OpenClaw Bot",
-    "tag": "optional"
-  },
 {
     "g": "Provider Keys",
     "icon": "🔑",
@@ -2123,7 +2104,7 @@ function valueControlHTML(field) {
   return control;
 }
 
-function cardHTML(f) {
+function cardHTML(f, origIdx = 0) {
   const TAG_META = {
     critical:   { cls: 'badge-critical',   lbl: 'critical'   },
     credential: { cls: 'badge-credential', lbl: 'credential' },
@@ -2135,7 +2116,7 @@ function cardHTML(f) {
   const tm = TAG_META[f.tag] || TAG_META.optional;
   const badge = `<span class="badge ${tm.cls}">${tm.lbl}</span>`;
 
-  return `<div class="env-card" data-row data-group="${esc(f.g)}" data-search="${esc((f.g + ' ' + f.k + ' ' + (f.lbl || '') + ' ' + (f.tag || '')).toLowerCase())}">
+  return `<div class="env-card" data-row data-orig-idx="${origIdx}" data-group="${esc(f.g)}" data-search="${esc((f.g + ' ' + f.k + ' ' + (f.lbl || '') + ' ' + (f.tag || '')).toLowerCase())}">
     <div class="card-top">
       <input type="checkbox" class="card-check" data-check="${esc(f.k)}" ${f.common ? 'data-common="1"' : ''}>
       <div class="card-info">
@@ -2213,14 +2194,17 @@ function collect() {
   return obj;
 }
 
-function refresh() {
+function generateBundle() {
   const obj = collect();
   const keys = Object.keys(obj).sort();
   const bundle = keys.length ? encodeBundle(Object.fromEntries(keys.map(k => [k, obj[k]]))) : '';
-
   $('bundleOut').value = bundle;
   $('envLineOut').value = bundle ? `HUGGINGCLAW_ENV_BUNDLE=${bundle}` : '';
+}
 
+function refresh() {
+  const obj = collect();
+  const keys = Object.keys(obj).sort();
   const s = $('summary');
   if (keys.length) {
     s.innerHTML = `<strong>${keys.length}</strong> variable${keys.length > 1 ? 's' : ''} selected<div class="sum-keys">${keys.map(k => `<span class="sum-key">${esc(k)}</span>`).join('')}</div>`;
@@ -2309,7 +2293,7 @@ function applyObj(obj, replace = false) {
       addCustomRow(key, val, true);
     }
   }
-  markSelected(); filter(); refresh();
+  sortAllSections(); markSelected(); filter(); refresh();
 }
 
 function autoCheck(key) {
@@ -2398,13 +2382,34 @@ function toggleField(key) {
   const chk = document.querySelector(`[data-check="${CSS.escape(key)}"]`);
   if (chk) {
     chk.checked = on;
+    sortSection(inp.closest('[data-row]'));
     markSelected();
   }
   refresh();
 }
 
+function sortSection(cardEl) {
+  const cards = cardEl && cardEl.closest('.cards');
+  if (!cards) return;
+  const all     = [...cards.querySelectorAll('[data-row]')];
+  const checked = all.filter(c =>  c.querySelector('[data-check]')?.checked);
+  const rest    = all.filter(c => !c.querySelector('[data-check]')?.checked);
+  rest.sort((a, b) => Number(a.dataset.origIdx) - Number(b.dataset.origIdx));
+  [...checked, ...rest].forEach(c => cards.appendChild(c));
+}
+
+function sortAllSections() {
+  document.querySelectorAll('.cards').forEach(cards => {
+    const all     = [...cards.querySelectorAll('[data-row]')];
+    const checked = all.filter(c =>  c.querySelector('[data-check]')?.checked);
+    const rest    = all.filter(c => !c.querySelector('[data-check]')?.checked);
+    rest.sort((a, b) => Number(a.dataset.origIdx) - Number(b.dataset.origIdx));
+    [...checked, ...rest].forEach(c => cards.appendChild(c));
+  });
+}
+
 function bindFieldEvents() {
-  document.querySelectorAll('[data-check]').forEach(el => el.addEventListener('change', () => { markSelected(); refresh(); }));
+  document.querySelectorAll('[data-check]').forEach(el => el.addEventListener('change', () => { sortSection(el.closest('[data-row]')); markSelected(); refresh(); }));
   document.querySelectorAll('[data-key]').forEach(el => el.addEventListener('input', refresh));
   document.querySelectorAll('[data-toggle]').forEach(btn => btn.addEventListener('click', () => toggleField(btn.dataset.toggle)));
   document.querySelectorAll('[data-pick-for]').forEach(sel => sel.addEventListener('change', () => handlePickerChange(sel)));
@@ -2429,7 +2434,7 @@ function renderSections() {
         <span class="sec-count">${items.length}</span>
         <div class="sec-line"></div>
       </div>
-      <div class="cards">${items.map(cardHTML).join('')}</div>`;
+      <div class="cards">${items.map((f, i) => cardHTML(f, i)).join('')}</div>`;
     wrap.appendChild(sec);
   });
   bindFieldEvents();
@@ -2463,56 +2468,40 @@ refresh();
 $('search').oninput = filter;
 $('selectCommon').onclick = () => {
   document.querySelectorAll('[data-common="1"]').forEach(c => c.checked = true);
+  sortAllSections();
   markSelected();
   refresh();
 };
 $('selectVisible').onclick = () => {
   document.querySelectorAll('.sec:not(.sec-hidden) [data-row]:not(.hidden) [data-check]').forEach(c => c.checked = true);
+  sortAllSections();
   markSelected();
   refresh();
 };
 $('clearAll').onclick = () => {
   clearForm();
+  sortAllSections();
   markSelected();
   filter();
   refresh();
 };
 $('applyImport').onclick = () => {
   try {
-    applyObj(parseEnv($('importText').value), true);
-    showToast('Imported ✓');
+    const parsed = parseEnv($('importText').value);
+    const count = Object.keys(parsed).length;
+    if (!count) {
+      showToast('No valid env keys found');
+      return;
+    }
+    applyObj(parsed, true);
+    showToast(`Imported ${count} key${count > 1 ? 's' : ''} ✓`);
   } catch (e) {
     showToast('Import failed');
     alert(e.message);
   }
 };
 
-// Auto-import: paste karo aur turant parse + apply ho jaata hai
-$('importText').addEventListener('paste', () => {
-  setTimeout(() => {
-    try {
-      const val = $('importText').value.trim();
-      if (!val) return;
-      applyObj(parseEnv(val), true);
-      showToast('Auto-imported ✓');
-    } catch (e) {
-      showToast('Import failed');
-    }
-  }, 0);
-});
-
-// Live typing: jaise jaise type karo env format mein, bundle banta jaata hai
-$('importText').addEventListener('input', () => {
-  const val = $('importText').value.trim();
-  if (!val) return;
-  // Sirf agar valid env/bundle format lag raha ho tabhi auto-apply
-  const looksLikeEnv = val.includes('=') || val.startsWith('{') || /^[A-Za-z0-9_\-]{20,}$/.test(val);
-  if (looksLikeEnv) {
-    try {
-      applyObj(parseEnv(val), true);
-    } catch (e) { /* silent — user abhi type kar raha hai */ }
-  }
-});
+// Import is explicit via the Import & Apply button to avoid surprising UI resets.
 $('addCustom').onclick = () => addCustomRow();
 $('applyBundle').onclick = () => {
   try {
@@ -2522,6 +2511,7 @@ $('applyBundle').onclick = () => {
     showToast('Invalid bundle');
   }
 };
+$('generateBundle').onclick = () => generateBundle();
 $('copyBundle').onclick = () => copyText($('bundleOut').value);
 $('copyEnvLine').onclick = () => copyText($('envLineOut').value);
 $('copyJson').onclick = () => copyText(JSON.stringify(collect(), null, 2));

iframe-fix.cjs

@@ -19,9 +19,10 @@ http.Server.prototype.emit = function (event, ...args) {
   if (event === "request") {
     const [, res] = args;
 
-    // Only intercept on the main OpenClaw server (port 7860)
+    // Only intercept on the main OpenClaw server (respects GATEWAY_PORT env var)
+    const expectedPort = Number(process.env.GATEWAY_PORT || 7860);
     const serverPort = this.address && this.address() && this.address().port;
-    if (serverPort && serverPort !== 7860) {
+    if (serverPort && serverPort !== expectedPort) {
       return origEmit.apply(this, [event, ...args]);
     }
 

start.sh

@@ -42,6 +42,9 @@ try:
             continue
         if str(key) in {"HUGGINGCLAW_ENV_BUNDLE", "ENV_BUNDLE"}:
             continue
+        if str(key) == "OPENCLAW_VERSION":
+            print("Warning: OPENCLAW_VERSION from env bundle is ignored (build-time only; set HF Variable and rebuild).", file=sys.stderr)
+            continue
         if os.environ.get(str(key), ""):
             continue
         if value is None or isinstance(value, (dict, list)):
@@ -99,6 +102,9 @@ DEVDATA_ENABLED=true
 if ! hc_is_true "$DEVDATA_NORMALIZED"; then
   DEVDATA_ENABLED=false
 fi
+# On HF Spaces, browser is disabled by default (no display server).
+# To enable: set BROWSER_PLUGIN_MODE=enabled as an HF Space secret.
+# WARNING: requires at least CPU Upgrade tier (2 vCPU / 16GB RAM).
 if [ -n "${SPACE_HOST:-}" ]; then
   OPENCLAW_CONSOLE_LOG_LEVEL="${OPENCLAW_CONSOLE_LOG_LEVEL:-warn}"
   OPENCLAW_FILE_LOG_LEVEL="${OPENCLAW_FILE_LOG_LEVEL:-info}"
@@ -506,12 +512,24 @@ inject_provider_models_from_env "github-copilot" "GITHUB_COPILOT_MODELS" "COPILO
 
 # Browser configuration (managed local Chromium in HF/Docker)
 BROWSER_EXECUTABLE_PATH=""
-for candidate in /usr/bin/chromium /usr/bin/chromium-browser /snap/bin/chromium; do
+# On Debian/Ubuntu, /usr/bin/chromium is a shell wrapper; the real ELF binary
+# lives at /usr/lib/chromium/chromium. Check the real binary first, then fall
+# back to wrapper scripts (which are also valid executablePath values for
+# Playwright/OpenClaw — they re-exec the real binary internally).
+for candidate in \
+    /usr/lib/chromium/chromium \
+    /usr/lib/chromium-browser/chromium-browser \
+    /usr/bin/chromium \
+    /usr/bin/chromium-browser \
+    /snap/bin/chromium; do
   if [ -x "$candidate" ]; then
     BROWSER_EXECUTABLE_PATH="$candidate"
     break
   fi
 done
+if [ -z "$BROWSER_EXECUTABLE_PATH" ]; then
+  echo "Warning: No real Chromium binary found. Browser plugin will be disabled."
+fi
 
 BROWSER_SHOULD_ENABLE=false
 if [ "$BROWSER_PLUGIN_MODE" = "enabled" ] && [ -n "$BROWSER_EXECUTABLE_PATH" ] && [ -x "$BROWSER_EXECUTABLE_PATH" ]; then
@@ -569,7 +587,22 @@ if [ "$BROWSER_SHOULD_ENABLE" = "true" ]; then
        "defaultProfile": "openclaw",
        "headless": true,
        "noSandbox": true,
-       "executablePath": $execPath
+       "executablePath": $execPath,
+       "localLaunchTimeoutMs": 45000,
+       "localCdpReadyTimeoutMs": 30000,
+       "extraArgs": [
+         "--no-sandbox",
+         "--disable-setuid-sandbox",
+         "--no-zygote",
+         "--disable-dev-shm-usage",
+         "--disable-gpu",
+         "--no-first-run",
+         "--disable-background-networking",
+         "--disable-sync",
+         "--disable-translate",
+         "--disable-notifications",
+         "--disable-speech-api"
+       ]
      }
      | .agents.defaults.sandbox.browser.allowHostControl = true' <<<"$CONFIG_JSON")
 fi
@@ -758,7 +791,13 @@ fi
 if [ -n "${CLOUDFLARE_PROXY_URL:-}" ]; then
   echo "Proxy     : ${CLOUDFLARE_PROXY_URL}"
 fi
-RUNTIME_JUPYTER_ENABLED="$DEV_MODE_ENABLED"
+# HUGGINGCLAW_JUPYTER_ENABLED env var se override allow karo
+# (env-builder "Enable Jupyter terminal" toggle yahi set karta hai)
+if hc_is_true "${HUGGINGCLAW_JUPYTER_ENABLED:-false}"; then
+  RUNTIME_JUPYTER_ENABLED=true
+else
+  RUNTIME_JUPYTER_ENABLED="$DEV_MODE_ENABLED"
+fi
 # Add user bin to PATH for jupyter-lab (installed in Dockerfile when DEV_MODE=true)
 export PATH="$HOME/.local/bin:$PATH"
 
@@ -817,20 +856,24 @@ graceful_shutdown() {
 }
 trap graceful_shutdown SIGTERM SIGINT
 
+BROWSER_WARMED_UP=false
 warmup_browser() {
   [ "$BROWSER_SHOULD_ENABLE" = "true" ] || return 0
+  # Only warm up once — gateway restarts should not re-spawn new warmup jobs.
+  [ "$BROWSER_WARMED_UP" = "false" ] || return 0
+  BROWSER_WARMED_UP=true
 
   (
-    sleep 5
+    sleep 8
 
     local attempt
-    for attempt in 1 2 3 4 5; do
+    for attempt in 1 2 3 4 5 6; do
       if openclaw browser --browser-profile openclaw start >/dev/null 2>&1; then
         openclaw browser --browser-profile openclaw open about:blank >/dev/null 2>&1 || true
         echo "Managed browser ready."
         return 0
       fi
-      sleep 2
+      sleep 5
     done
 
     echo "Warning: managed browser warm-up did not complete; first browser action may need a retry."
@@ -1438,7 +1481,9 @@ if [ -n "${HUGGINGCLAW_OPENCLAW_PLUGINS:-}" ]; then
 fi
 
 # ── Fix config before running startup commands ──
-openclaw doctor --fix || true
+if [ "${AUTO_DOCTOR:-false}" = "true" ]; then
+  openclaw doctor --fix || true
+fi
 
 # ── Arbitrary startup commands from HF Variables/Secrets ──
 # Recommended: use one variable, HUGGINGCLAW_RUN, as a full bash script. If the
@@ -1556,6 +1601,16 @@ start_guardian_once() {
   echo "WhatsApp Guardian started (PID: $GUARDIAN_PID)"
 }
 
+# ── Start D-Bus session (once, before gateway loop) ──
+if [ -z "${DBUS_SESSION_BUS_ADDRESS:-}" ]; then
+  if command -v dbus-launch >/dev/null 2>&1; then
+    eval "$(dbus-launch --sh-syntax 2>/dev/null)" || true
+    export DBUS_SESSION_BUS_ADDRESS="${DBUS_SESSION_BUS_ADDRESS:-disabled:}"
+  else
+    export DBUS_SESSION_BUS_ADDRESS="disabled:"
+  fi
+fi
+
 while true; do
   # Check health-server process - restart if died unexpectedly
   if [ -n "${HEALTH_PID:-}" ] && ! kill -0 "$HEALTH_PID" 2>/dev/null; then
@@ -1581,10 +1636,12 @@ while true; do
     fi
   fi
 
-  openclaw doctor --fix || true
-  echo "Launching OpenClaw gateway on port 7860..."
+  if [ "${AUTO_DOCTOR:-false}" = "true" ]; then
+    openclaw doctor --fix || true
+  fi
+  echo "Launching OpenClaw gateway on port ${GATEWAY_PORT}..."
 
-  GATEWAY_ARGS=(gateway run --port 7860 --bind lan)
+  GATEWAY_ARGS=(gateway run --port "${GATEWAY_PORT}" --bind lan)
   if [ "${GATEWAY_VERBOSE:-0}" = "1" ]; then
     GATEWAY_ARGS+=(--verbose)
     echo "Gateway verbose logging enabled (GATEWAY_VERBOSE=1)"
@@ -1597,13 +1654,13 @@ while true; do
   stdbuf -oL -eL openclaw "${GATEWAY_ARGS[@]}" 2>&1 | tee -a /home/node/.openclaw/gateway.log &
   GATEWAY_PID=$!
 
-  # Poll for the gateway to start listening on 7860. OpenClaw can take 20-30s
+  # Poll for the gateway to start listening on ${GATEWAY_PORT}. OpenClaw can take 20-30s
   # on cold start (plugin install + auto-restore). Bail out early if the
   # pipeline died.
   GATEWAY_READY_TIMEOUT="${GATEWAY_READY_TIMEOUT:-90}"
   ready=false
   for ((i=0; i<GATEWAY_READY_TIMEOUT; i++)); do
-    if (echo > /dev/tcp/127.0.0.1/7860) 2>/dev/null; then
+    if (echo > /dev/tcp/127.0.0.1/${GATEWAY_PORT}) 2>/dev/null; then
       ready=true
       break
     fi
@@ -1618,9 +1675,14 @@ while true; do
     echo "Gateway failed to start. Last 30 lines of log:"
     echo "────────────────────────────────────────────"
     tail -30 /home/node/.openclaw/gateway.log
-    echo "Gateway failed — JupyterLab and env-builder still running. Retrying in 10s..."
-    sleep 10
-    continue
+    if [ "$DEV_MODE_ENABLED" = "true" ]; then
+      echo "Gateway failed — DEV_MODE active, retrying in 10s..."
+      sleep 10
+      continue
+    else
+      echo "Gateway failed — exiting."
+      exit 1
+    fi
   fi
 
   # 11. Start WhatsApp Guardian after the gateway is accepting connections