fix(scripts): remove private auth monitor defaults

This commit is contained in:
Vincent Koc 2026-06-21 05:36:31 +02:00
parent dec76bb5eb
commit af3e509ab8
No known key found for this signature in database
9 changed files with 106 additions and 14 deletions

View file

@ -3,7 +3,7 @@
# Run via cron or systemd timer to get proactive notifications
# before Claude Code auth expires.
#
# Suggested cron: */30 * * * * /home/admin/openclaw/scripts/auth-monitor.sh
# Suggested cron: */30 * * * * /path/to/openclaw/scripts/auth-monitor.sh
#
# Environment variables:
# NOTIFY_PHONE - Phone number to send OpenClaw notification (e.g., +1234567890)
@ -78,7 +78,7 @@ HOURS_LEFT=$((DIFF_MS / 3600000))
MINS_LEFT=$(((DIFF_MS % 3600000) / 60000))
if [ "$DIFF_MS" -lt 0 ]; then
send_notification "Claude Code auth EXPIRED! OpenClaw is down. Run: ssh l36 '~/openclaw/scripts/mobile-reauth.sh'" "urgent"
send_notification "Claude Code auth EXPIRED! OpenClaw is down. Run on the OpenClaw host: ${SCRIPT_DIR}/mobile-reauth.sh" "urgent"
exit 1
elif [ "$HOURS_LEFT" -lt "$WARN_HOURS" ]; then
send_notification "Claude Code auth expires in ${HOURS_LEFT}h ${MINS_LEFT}m. Consider re-auth soon." "high"

View file

@ -4,7 +4,8 @@ After=network.target
[Service]
Type=oneshot
ExecStart=/home/admin/openclaw/scripts/auth-monitor.sh
# setup-auth-system.sh renders this placeholder to the checked-out script path.
ExecStart=@OPENCLAW_AUTH_MONITOR_PATH@
# Configure notification channels via environment
Environment=WARN_HOURS=2
# Environment=NOTIFY_PHONE=+1234567890

View file

@ -6,7 +6,7 @@
# It's designed for quick one-tap checking from phone home screen.
# Server hostname (via Tailscale or SSH config)
SERVER="${OPENCLAW_SERVER:-l36}"
SERVER="${OPENCLAW_SERVER:-openclaw-host}"
# Check auth status
termux-toast "Checking OpenClaw auth..."

View file

@ -5,7 +5,7 @@
# One-tap: shows status toast
# If expired: directly opens auth URL
SERVER="${OPENCLAW_SERVER:-l36}"
SERVER="${OPENCLAW_SERVER:-openclaw-host}"
STATUS=$(ssh -o ConnectTimeout=5 "$SERVER" '$HOME/openclaw/scripts/claude-auth-status.sh simple' 2>&1)

View file

@ -1,13 +1,13 @@
#!/data/data/com.termux/files/usr/bin/bash
# OpenClaw OAuth Sync Widget
# Syncs Claude Code tokens to OpenClaw on l36 server
# Syncs Claude Code tokens to OpenClaw over SSH
# Place in ~/.shortcuts/ on phone for Termux:Widget
termux-toast "Syncing OpenClaw auth..."
# Run sync on l36 server
SERVER="${OPENCLAW_SERVER:-l36}"
RESULT=$(ssh "$SERVER" '/home/admin/openclaw/scripts/sync-claude-code-auth.sh' 2>&1)
# Run sync on the configured OpenClaw host.
SERVER="${OPENCLAW_SERVER:-openclaw-host}"
RESULT=$(ssh "$SERVER" '$HOME/openclaw/scripts/sync-claude-code-auth.sh' 2>&1)
EXIT_CODE=$?
if [ $EXIT_CODE -eq 0 ]; then

View file

@ -1059,13 +1059,20 @@ const TOOLING_SOURCE_TEST_TARGETS = new Map([
["scripts/run-oxlint-shards.mjs", ["test/scripts/run-oxlint.test.ts"]],
["scripts/run-with-env.mjs", ["test/scripts/run-with-env.test.ts"]],
["scripts/run-node.mjs", ["src/infra/run-node.test.ts"]],
["scripts/auth-monitor.sh", ["test/scripts/auth-monitor.test.ts"]],
["scripts/mobile-reauth.sh", ["test/scripts/auth-monitor.test.ts"]],
["scripts/committer", ["test/scripts/committer.test.ts"]],
["scripts/gh-read", ["test/scripts/gh-read.test.ts"]],
["scripts/pr", ["test/scripts/pr-wrappers.test.ts"]],
["scripts/pr-merge", ["test/scripts/pr-wrappers.test.ts"]],
["scripts/pr-prepare", ["test/scripts/pr-wrappers.test.ts"]],
["scripts/pr-review", ["test/scripts/pr-wrappers.test.ts"]],
["scripts/setup-auth-system.sh", ["test/scripts/test-projects.test.ts"]],
["scripts/setup-auth-system.sh", ["test/scripts/auth-monitor.test.ts"]],
["scripts/systemd/openclaw-auth-monitor.service", ["test/scripts/auth-monitor.test.ts"]],
["scripts/systemd/openclaw-auth-monitor.timer", ["test/scripts/auth-monitor.test.ts"]],
["scripts/termux-auth-widget.sh", ["test/scripts/auth-monitor.test.ts"]],
["scripts/termux-quick-auth.sh", ["test/scripts/auth-monitor.test.ts"]],
["scripts/termux-sync-widget.sh", ["test/scripts/auth-monitor.test.ts"]],
["scripts/ci-run-timings.mjs", ["test/scripts/ci-run-timings.test.ts"]],
["scripts/docker-e2e.mjs", ["test/scripts/docker-e2e-helper-cli.test.ts"]],
["scripts/docker-e2e-rerun.mjs", ["test/scripts/docker-e2e-helper-cli.test.ts"]],
@ -1548,6 +1555,7 @@ const TOOLING_SOURCE_TEST_TARGETS = new Map([
["extensions/canvas/scripts/copy-a2ui.mjs", ["extensions/canvas/scripts/copy-a2ui.test.ts"]],
]);
const TOOLING_TEST_TARGETS = new Map([
["test/scripts/auth-monitor.test.ts", ["test/scripts/auth-monitor.test.ts"]],
["test/scripts/barnacle-auto-response.test.ts", ["test/scripts/barnacle-auto-response.test.ts"]],
["test/scripts/changed-lanes.test.ts", ["test/scripts/changed-lanes.test.ts"]],
[

View file

@ -1020,12 +1020,12 @@ describe("test-projects args", () => {
).toStrictEqual([]);
});
it("routes auth setup script changes to the focused tooling planner test", () => {
it("routes auth setup script changes to the focused auth monitor test", () => {
const changedPaths = ["scripts/setup-auth-system.sh"];
expect(resolveChangedTestTargetPlan(changedPaths)).toEqual({
mode: "targets",
targets: ["test/scripts/test-projects.test.ts"],
targets: ["test/scripts/auth-monitor.test.ts"],
});
expect(
buildVitestRunPlans(["--changed=origin/main"], process.cwd(), () => changedPaths),
@ -1033,7 +1033,7 @@ describe("test-projects args", () => {
{
config: "test/vitest/vitest.tooling.config.ts",
forwardedArgs: [],
includePatterns: ["test/scripts/test-projects.test.ts"],
includePatterns: ["test/scripts/auth-monitor.test.ts"],
watchMode: false,
},
]);

View file

@ -0,0 +1,63 @@
// Auth monitor tests cover optional systemd and Termux helper script contracts.
import { readFileSync } from "node:fs";
import { describe, expect, it } from "vitest";
const AUTH_MONITOR_PATH = "scripts/auth-monitor.sh";
const MOBILE_REAUTH_PATH = "scripts/mobile-reauth.sh";
const SETUP_AUTH_SYSTEM_PATH = "scripts/setup-auth-system.sh";
const AUTH_MONITOR_SERVICE_PATH = "scripts/systemd/openclaw-auth-monitor.service";
const AUTH_MONITOR_TIMER_PATH = "scripts/systemd/openclaw-auth-monitor.timer";
const TERMUX_WIDGET_PATHS = [
"scripts/termux-auth-widget.sh",
"scripts/termux-quick-auth.sh",
"scripts/termux-sync-widget.sh",
];
function readScript(path: string): string {
return readFileSync(path, "utf8");
}
describe("auth monitoring scripts", () => {
it("keeps systemd install rendering free of checked-in host paths", () => {
const setup = readScript(SETUP_AUTH_SYSTEM_PATH);
const service = readScript(AUTH_MONITOR_SERVICE_PATH);
const timer = readScript(AUTH_MONITOR_TIMER_PATH);
expect(service).toContain("ExecStart=@OPENCLAW_AUTH_MONITOR_PATH@");
expect(setup).toContain('AUTH_MONITOR_PATH="$SCRIPT_DIR/auth-monitor.sh"');
expect(setup).toContain(
'RENDERED_EXEC_START="ExecStart=$(systemd_quote_arg "$AUTH_MONITOR_PATH")"',
);
expect(timer).toContain("OnUnitActiveSec=30min");
});
it("keeps public helper scripts free of private host defaults", () => {
const privateHomePath = ["", "home", "admin"].join("/");
const privateHostAlias = ["l", "36"].join("");
const scripts = [AUTH_MONITOR_PATH, AUTH_MONITOR_SERVICE_PATH, ...TERMUX_WIDGET_PATHS].map(
readScript,
);
const joined = scripts.join("\n");
expect(joined).not.toContain(privateHomePath);
expect(joined).not.toContain(privateHostAlias);
expect(joined).toContain("Run on the OpenClaw host: ${SCRIPT_DIR}/mobile-reauth.sh");
for (const script of TERMUX_WIDGET_PATHS.map(readScript)) {
expect(script).toContain('SERVER="${OPENCLAW_SERVER:-openclaw-host}"');
}
expect(readScript("scripts/termux-sync-widget.sh")).toContain(
"'$HOME/openclaw/scripts/sync-claude-code-auth.sh'",
);
});
it("keeps mobile reauth wired to local auth status and Claude token setup", () => {
const script = readScript(MOBILE_REAUTH_PATH);
expect(script).toContain('SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"');
expect(script).toContain('"$SCRIPT_DIR/claude-auth-status.sh" simple');
expect(script).toContain('"$SCRIPT_DIR/claude-auth-status.sh" full');
expect(script).toContain("https://console.anthropic.com/settings/api-keys");
expect(script).toContain("claude setup-token");
expect(script).toContain("systemctl --user restart openclaw");
});
});

View file

@ -886,7 +886,6 @@ describe("scripts/test-projects changed-target routing", () => {
const targets = [
"scripts/check-no-raw-http2-imports.mjs",
"scripts/e2e/lib/clawhub-fixture-server.cjs",
"scripts/auth-monitor.sh",
];
expect(resolveChangedTestTargetPlan(targets)).toEqual({
@ -1375,6 +1374,27 @@ describe("scripts/test-projects changed-target routing", () => {
}
});
it("keeps auth monitoring helper edits on owner tests", () => {
const expectedTargets = new Map([
["scripts/auth-monitor.sh", ["test/scripts/auth-monitor.test.ts"]],
["scripts/mobile-reauth.sh", ["test/scripts/auth-monitor.test.ts"]],
["scripts/setup-auth-system.sh", ["test/scripts/auth-monitor.test.ts"]],
["scripts/systemd/openclaw-auth-monitor.service", ["test/scripts/auth-monitor.test.ts"]],
["scripts/systemd/openclaw-auth-monitor.timer", ["test/scripts/auth-monitor.test.ts"]],
["scripts/termux-auth-widget.sh", ["test/scripts/auth-monitor.test.ts"]],
["scripts/termux-quick-auth.sh", ["test/scripts/auth-monitor.test.ts"]],
["scripts/termux-sync-widget.sh", ["test/scripts/auth-monitor.test.ts"]],
["test/scripts/auth-monitor.test.ts", ["test/scripts/auth-monitor.test.ts"]],
]);
for (const [source, targets] of expectedTargets) {
expect(resolveChangedTestTargetPlan([source]), source).toEqual({
mode: "targets",
targets,
});
}
});
it("keeps shared script library edits on owner tests", () => {
const expectedTargets = new Map([
[