Rework OpenClaw native runtime

Dockerfile

@@ -1,33 +1,36 @@
 FROM node:22-slim
 
-# 1. Base dependencies + code-server deps + chromium deps + tmux
+ENV DEBIAN_FRONTEND=noninteractive \
+    HOME=/root \
+    PROXY_PORT=7860 \
+    OPENCLAW_PORT=8080 \
+    SYNC_INTERVAL=300 \
+    PLAYWRIGHT_BROWSERS_PATH=/ms-playwright
+
 RUN apt-get update && apt-get install -y --no-install-recommends \
-    git openssh-client build-essential python3 python3-pip \
-    g++ make ca-certificates curl wget procps tmux \
-    # Chromium/Playwright dependencies
-    libx11-6 libx11-xcb1 libxcb1 libxcomposite1 libxcursor1 \
-    libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 \
-    libxss1 libxtst6 libnss3 libnspr4 libatk1.0-0 libatk-bridge2.0-0 \
-    libcups2 libdrm2 libgbm1 libpango-1.0-0 libcairo2 libasound2 \
-    libxshmfence1 libglib2.0-0 fonts-liberation xdg-utils \
+    ca-certificates \
+    curl \
+    gettext-base \
+    git \
+    nginx \
+    procps \
+    python3 \
+    rsync \
+    unzip \
+    wget \
     && rm -rf /var/lib/apt/lists/*
 
-# 2. Python packages
-RUN pip3 install --no-cache-dir huggingface_hub --break-system-packages
-
-# 3. Install OpenClaw
-RUN npm install -g openclaw@latest --unsafe-perm
+RUN npm install -g openclaw@latest playwright \
+    && playwright install --with-deps chromium
 
-# 4. Install code-server
-RUN curl -fsSL https://code-server.dev/install.sh | sh
+WORKDIR /root/workspace
 
-# 5. Set workdir & copy scripts
-WORKDIR /app
-COPY start-openclaw.sh .
-RUN chmod +x start-openclaw.sh
+COPY start.sh /app/start.sh
+COPY sync-root-data.sh /app/sync-root-data.sh
+COPY nginx.conf.template /app/nginx.conf.template
 
-# 6. Environment variables
-ENV PORT=7860 HOME=/root
+RUN chmod +x /app/start.sh /app/sync-root-data.sh
 
 EXPOSE 7860
-CMD ["./start-openclaw.sh"]
+
+CMD ["/app/start.sh"]

README.md

@@ -1,11 +1,51 @@
 ---
-title: Openclaw
-emoji: 🐨
-colorFrom: pink
+title: OpenClaw
+emoji: 🦀
+colorFrom: purple
 colorTo: indigo
 sdk: docker
 pinned: false
 license: apache-2.0
+app_port: 7860
 ---
-# trigger build
-Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
+
+# OpenClaw Space
+
+Native OpenClaw runtime for Hugging Face Spaces. VS Code/code-server is intentionally not installed.
+
+## Routing
+
+```text
+/              -> OpenClaw control UI
+/{port}/       -> localhost:{port}
+/proxy/{port}/ -> localhost:{port}
+```
+
+## Persistence
+
+On startup, `/data/root` is restored into `/root` when `/data` is available.
+
+During runtime, `/root` is synced back to `/data/root` every 5 minutes by default.
+
+```text
+SYNC_INTERVAL=300
+```
+
+Large generated folders such as `node_modules`, `.next`, `dist`, `build`, and cache directories are excluded.
+
+## Environment
+
+```text
+PROXY_PORT=7860
+OPENCLAW_PORT=8080
+SYNC_INTERVAL=300
+OPENCLAW_CMD=
+```
+
+Use `OPENCLAW_CMD` only if your installed OpenClaw CLI needs a different start command.
+
+Example:
+
+```text
+OPENCLAW_CMD=openclaw --host 127.0.0.1 --port 8080
+```

nginx.conf.template

@@ -0,0 +1,59 @@
+worker_processes auto;
+pid /tmp/nginx.pid;
+
+events {
+  worker_connections 1024;
+}
+
+http {
+  access_log /dev/stdout;
+  error_log /dev/stderr info;
+  include /etc/nginx/mime.types;
+  default_type application/octet-stream;
+  sendfile on;
+  tcp_nodelay on;
+
+  map $http_upgrade $connection_upgrade {
+    default upgrade;
+    '' close;
+  }
+
+  server {
+    listen ${PROXY_PORT};
+    server_name _;
+    client_max_body_size 0;
+
+    proxy_http_version 1.1;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+    proxy_read_timeout 86400;
+    proxy_send_timeout 86400;
+    proxy_buffering off;
+
+    location ~ ^/proxy/([0-9]+)/(.*)$ {
+      proxy_set_header X-Forwarded-Prefix /proxy/$1;
+      proxy_pass http://127.0.0.1:$1/$2$is_args$args;
+    }
+
+    location ~ ^/proxy/([0-9]+)$ {
+      return 308 /proxy/$1/;
+    }
+
+    location ~ ^/([0-9]+)/(.*)$ {
+      proxy_set_header X-Forwarded-Prefix /$1;
+      proxy_pass http://127.0.0.1:$1/$2$is_args$args;
+    }
+
+    location ~ ^/([0-9]+)$ {
+      return 308 /$1/;
+    }
+
+    location / {
+      proxy_pass http://127.0.0.1:${OPENCLAW_PORT};
+    }
+  }
+}

start-openclaw.sh

@@ -1,271 +0,0 @@
-#!/bin/bash
-
-# ─────────────────────────────────────────────────────────────
-# start-openclaw.sh — VS Code Proxy & OpenClaw Bucket Setup
-# ─────────────────────────────────────────────────────────────
-
-set +e
-
-echo "===== VS Code Proxy & Storage Setup ====="
-
-# ── 1. Setup Persistent Data Bucket (/data) ──────────────────
-mkdir -p /data/.openclaw/agents/main/sessions
-mkdir -p /data/.openclaw/credentials
-mkdir -p /data/.openclaw/sessions
-mkdir -p /data/.openclaw/browsers
-mkdir -p /data/workspace
-
-# Link persistent store ke /root agar terbaca OpenClaw default
-ln -sfn /data/.openclaw /root/.openclaw
-
-# Link workspace code-server untuk kemudahan akses
-mkdir -p /home/coder
-ln -sfn /data/workspace /home/coder/workspace
-
-echo ">>> Persistent directories under /data ready."
-
-# ── 2. Fix DNS ────────────────────────────────────────────────
-echo "nameserver 1.1.1.1" >> /etc/resolv.conf
-echo "nameserver 8.8.8.8" >> /etc/resolv.conf
-echo "nameserver 8.8.4.4" >> /etc/resolv.conf
-echo ">>> DNS fixed."
-
-# ── 3. Chromium Persistent Install ──────────────────────────────
-export PLAYWRIGHT_BROWSERS_PATH=/data/.openclaw/browsers
-CHROMIUM_PATH=$(find /data/.openclaw/browsers -name "chrome" -type f 2>/dev/null | head -1)
-
-if [ -z "$CHROMIUM_PATH" ]; then
-  echo ">>> Installing Chromium to persistent storage /data..."
-  if timeout 300 npx playwright install chromium; then
-    echo ">>> Chromium OK"
-  else
-    if timeout 300 npx playwright-core install chromium; then
-      echo ">>> Chromium OK (via playwright-core)"
-    else
-      echo ">>> WARN: Chromium install failed"
-    fi
-  fi
-  # Re-check path after install
-  CHROMIUM_PATH=$(find /data/.openclaw/browsers -name "chrome" -type f 2>/dev/null | head -1)
-else
-  echo ">>> Chromium found in persistent storage: $CHROMIUM_PATH"
-fi
-
-# ── 4. OpenClaw Configuration ──────────────────────────────────
-CLEAN_BASE=$(echo "$OPENAI_API_BASE" | sed "s|/chat/completions||g" | sed "s|/v1/|/v1|g" | sed "s|/v1$|/v1|g")
-ALLOW_ID_SAFE=${TELEGRAM_ALLOW_ID:-0}
-
-generate_safe_json() {
-  cat > /data/.openclaw/openclaw.json <<JSONEOF
-{
-  "models": {
-    "providers": {
-      "kilo_gateway": {
-        "baseUrl": "https://api.kilo.ai/api/gateway",
-        "apiKey": "anonymous",
-        "api": "openai-completions",
-        "models": [
-          { "id": "kilo-auto/free", "name": "Kilo Auto Free", "contextWindow": 128000, "maxTokens": 16000 }
-        ]
-      },
-      "nvidia": {
-        "baseUrl": "$CLEAN_BASE",
-        "apiKey": "$OPENAI_API_KEY",
-        "api": "openai-completions",
-        "models": [
-          { "id": "$MODEL", "name": "$MODEL", "contextWindow": 128000 },
-          { "id": "${VISION_MODEL:-$MODEL}", "name": "Nvidia Vision", "contextWindow": 128000, "input": ["text", "image"] }
-        ]
-      }
-    }
-  },
-  "agents": {
-    "defaults": {
-      "model": {
-        "primary": "nvidia/$MODEL",
-        "fallbacks": ["kilo_gateway/kilo-auto/free"]
-      },
-      "imageModel": {
-        "primary": "nvidia/${VISION_MODEL:-$MODEL}"
-      },
-      "llm": {
-        "idleTimeoutSeconds": 0,
-        "maxTokens": 16384
-      }
-    }
-  },
-  "commands": { "restart": true },
-  "browser": {
-    "enabled": true,
-    "requirePairing": false,
-    "headless": true,
-    "noSandbox": true,
-    "executablePath": "$CHROMIUM_PATH",
-    "defaultProfile": "openclaw",
-    "ssrfPolicy": { "dangerouslyAllowPrivateNetwork": true },
-    "profiles": {
-      "openclaw": {
-        "cdpPort": 18800,
-        "color": "0088FF"
-      }
-    }
-  },
-  "channels": {
-    "telegram": {
-      "enabled": true,
-      "botToken": "$TELEGRAM_BOT_TOKEN",
-      "dmPolicy": "allowlist",
-      "allowFrom": [$ALLOW_ID_SAFE],
-      "apiRoot": "https://tg-relay.markdevil11.workers.dev",
-      "webhookUrl": "https://elysiadev11-openclaw.hf.space/tg-webhook",
-      "webhookSecret": "$OPENCLAW_GATEWAY_PASSWORD",
-      "webhookPath": "/tg-webhook",
-      "webhookHost": "0.0.0.0",
-      "webhookPort": 8787,
-      "streaming": {
-        "mode": "partial"
-      }
-    }
-  },
-  "gateway": {
-    "mode": "local",
-    "bind": "lan",
-    "port": 7862,
-    "trustedProxies": ["0.0.0.0/0"],
-    "auth": { "mode": "token", "token": "$OPENCLAW_GATEWAY_PASSWORD" },
-    "http": {
-      "endpoints": {
-        "chatCompletions": { "enabled": true }
-      }
-    },
-    "controlUi": {
-      "enabled": true,
-      "allowInsecureAuth": true,
-      "dangerouslyDisableDeviceAuth": true,
-      "dangerouslyAllowHostHeaderOriginFallback": true
-    }
-  }
-}
-JSONEOF
-}
-
-# Cek integritas JSON
-echo ">>> Checking /data/.openclaw/openclaw.json..."
-if [ ! -f /data/.openclaw/openclaw.json ] || ! python3 -c 'import json; json.load(open("/data/.openclaw/openclaw.json"))' 2>/dev/null; then
-  echo ">>> Generating /data/.openclaw/openclaw.json..."
-  generate_safe_json
-else
-  echo ">>> Valid openclaw.json found in /data. Keeping it intact."
-fi
-
-# ── 5. Start code-server ─────────────────────────────────────
-echo ">>> Starting code-server on port 8443..."
-mkdir -p /root/.config/code-server
-VSCODE_PASSWORD="${OPENCLAW_GATEWAY_PASSWORD:-openclaw}"
-
-cat > /root/.config/code-server/config.yaml <<EOF
-bind-addr: 0.0.0.0:8443
-auth: password
-password: ${VSCODE_PASSWORD}
-cert: false
-EOF
-
-# Start VS Code explicit dengan PORT=8443 agar mengabaikan global PORT=7860
-PORT=8443 code-server --bind-addr 0.0.0.0:8443 \
-  --auth password \
-  --disable-telemetry \
-  --disable-update-check \
-  /data/workspace &
-CODE_SERVER_PID=$!
-echo ">>> code-server started (PID: $CODE_SERVER_PID)"
-
-# ── 6. Node.js Reverse Proxy ─────────────────────────────────
-# Routes:
-# /code/*       → 8443 (VS Code)
-# /tg-webhook   → 8787 (OpenClaw Telegram)
-# /*            → 7862 (OpenClaw UI)
-node -e "
-const http = require('http');
-const net  = require('net');
-
-function proxyHttp(req, res, targetPort, rewritePath) {
-  const opts = {
-    hostname: '127.0.0.1',
-    port: targetPort,
-    path: rewritePath || req.url,
-    method: req.method,
-    headers: { ...req.headers, host: req.headers.host },
-  };
-  const pr = http.request(opts, (r) => {
-    const headers = { ...r.headers };
-    if (targetPort === 8443 && headers.location) {
-      if (headers.location === '/' || headers.location === '') {
-        headers.location = '/code/';
-      } else if (!headers.location.startsWith('/code') && headers.location.startsWith('/')) {
-        headers.location = '/code' + headers.location;
-      }
-    }
-    res.writeHead(r.statusCode, headers);
-    r.pipe(res, { end: true });
-  });
-  pr.on('error', (e) => {
-    res.writeHead(502);
-    if (targetPort === 7862) {
-      res.end('<h1>OpenClaw Gateway</h1><p>The UI is not reachable. You must start OpenClaw manually via the VS Code terminal (available at /code/).</p>');
-    } else {
-      res.end('502 Bad Gateway');
-    }
-  });
-  req.pipe(pr, { end: true });
-}
-
-function proxyWs(req, socket, head, targetPort, rewritePath) {
-  const conn = net.connect(targetPort, '127.0.0.1', () => {
-    const path = rewritePath || req.url;
-    conn.write(
-      'GET ' + path + ' HTTP/1.1\r\n' +
-      Object.entries(req.headers).map(([k,v]) => k+': '+v).join('\r\n') +
-      '\r\n\r\n'
-    );
-    if (head && head.length) conn.write(head);
-    socket.pipe(conn);
-    conn.pipe(socket);
-  });
-  conn.on('error', () => { socket.destroy(); });
-  socket.on('error', () => conn.destroy());
-}
-
-const server = http.createServer((req, res) => {
-  if (req.url.startsWith('/code')) {
-    let newPath = req.url.replace(/^\/code\/?/, '/');
-    if (newPath === '') newPath = '/';
-    proxyHttp(req, res, 8443, newPath);
-  } else if (req.url.startsWith('/tg-webhook')) {
-    proxyHttp(req, res, 8787);
-  } else {
-    proxyHttp(req, res, 7862);
-  }
-});
-
-server.on('upgrade', (req, socket, head) => {
-  if (req.url.startsWith('/code')) {
-    let newPath = req.url.replace(/^\/code\/?/, '/');
-    if (newPath === '') newPath = '/';
-    proxyWs(req, socket, head, 8443, newPath);
-  } else {
-    proxyWs(req, socket, head, 7862);
-  }
-});
-
-server.listen(7860, '0.0.0.0', () => {
-  console.log('Proxy routing: /code -> VSCode (8443), /tg-webhook -> Telegram (8787), /* -> OpenClaw (7862)');
-});
-" &
-
-echo "============================================="
-echo "READY! Open HF space at \`/code/\` to access VS Code,"
-echo "then start openclaw manually from the terminal."
-echo "============================================="
-
-# Keep container running
-sleep infinity

start.sh

@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+export PROXY_PORT="${PROXY_PORT:-7860}"
+export OPENCLAW_PORT="${OPENCLAW_PORT:-8080}"
+export SYNC_INTERVAL="${SYNC_INTERVAL:-300}"
+export PLAYWRIGHT_BROWSERS_PATH="${PLAYWRIGHT_BROWSERS_PATH:-/ms-playwright}"
+
+mkdir -p /root/workspace
+
+/app/sync-root-data.sh restore
+/app/sync-root-data.sh loop &
+
+run_openclaw() {
+  while true; do
+    echo "Starting OpenClaw on 127.0.0.1:${OPENCLAW_PORT}..."
+    if [ -n "${OPENCLAW_CMD:-}" ]; then
+      sh -lc "$OPENCLAW_CMD"
+    else
+      openclaw --host 127.0.0.1 --port "${OPENCLAW_PORT}"
+    fi
+    echo "OpenClaw exited; restarting in 2 seconds..."
+    sleep 2
+  done
+}
+
+run_nginx() {
+  while true; do
+    envsubst '${PROXY_PORT} ${OPENCLAW_PORT}' < /app/nginx.conf.template > /tmp/nginx.conf
+    nginx -c /tmp/nginx.conf -g 'daemon off;'
+    echo "Nginx exited; restarting in 2 seconds..."
+    sleep 2
+  done
+}
+
+run_openclaw &
+run_nginx &
+
+wait -n
+exit 1

sync-root-data.sh

@@ -0,0 +1,60 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+DATA_ROOT="${DATA_ROOT:-/data/root}"
+SYNC_INTERVAL="${SYNC_INTERVAL:-300}"
+
+EXCLUDES=(
+  "--exclude=.cache"
+  "--exclude=.npm/_cacache"
+  "--exclude=.npm/_update-notifier-last-checked*"
+  "--exclude=.pnpm-store"
+  "--exclude=node_modules"
+  "--exclude=.next"
+  "--exclude=dist"
+  "--exclude=build"
+  "--exclude=coverage"
+  "--exclude=tmp"
+)
+
+data_available() {
+  [ -d /data ] || mkdir -p /data 2>/dev/null || return 1
+  mkdir -p "$DATA_ROOT" 2>/dev/null || return 1
+}
+
+restore_root() {
+  if data_available; then
+    echo "Restoring persistent data from $DATA_ROOT to /root..."
+    rsync -rlptD --no-specials --no-devices "${EXCLUDES[@]}" "$DATA_ROOT/" /root/ || true
+  else
+    echo "Persistent /data is not available; skipping restore."
+  fi
+}
+
+persist_root() {
+  if data_available; then
+    echo "Syncing /root to $DATA_ROOT..."
+    rsync -rlptD --no-specials --no-devices --delete "${EXCLUDES[@]}" /root/ "$DATA_ROOT/" || true
+  else
+    echo "Persistent /data is not available; skipping sync."
+  fi
+}
+
+case "${1:-loop}" in
+  restore)
+    restore_root
+    ;;
+  persist)
+    persist_root
+    ;;
+  loop)
+    while true; do
+      persist_root
+      sleep "$SYNC_INTERVAL"
+    done
+    ;;
+  *)
+    echo "Usage: $0 {restore|persist|loop}"
+    exit 2
+    ;;
+esac