diff --git a/scripts/auth-monitor.sh b/scripts/auth-monitor.sh index 93c41c2b68d..eb223decb73 100755 --- a/scripts/auth-monitor.sh +++ b/scripts/auth-monitor.sh @@ -3,7 +3,7 @@ # Run via cron or systemd timer to get proactive notifications # before Claude Code auth expires. # -# Suggested cron: */30 * * * * /home/admin/openclaw/scripts/auth-monitor.sh +# Suggested cron: */30 * * * * /path/to/openclaw/scripts/auth-monitor.sh # # Environment variables: # NOTIFY_PHONE - Phone number to send OpenClaw notification (e.g., +1234567890) @@ -78,7 +78,7 @@ HOURS_LEFT=$((DIFF_MS / 3600000)) MINS_LEFT=$(((DIFF_MS % 3600000) / 60000)) if [ "$DIFF_MS" -lt 0 ]; then - send_notification "Claude Code auth EXPIRED! OpenClaw is down. Run: ssh l36 '~/openclaw/scripts/mobile-reauth.sh'" "urgent" + send_notification "Claude Code auth EXPIRED! OpenClaw is down. Run on the OpenClaw host: ${SCRIPT_DIR}/mobile-reauth.sh" "urgent" exit 1 elif [ "$HOURS_LEFT" -lt "$WARN_HOURS" ]; then send_notification "Claude Code auth expires in ${HOURS_LEFT}h ${MINS_LEFT}m. Consider re-auth soon." "high" diff --git a/scripts/systemd/openclaw-auth-monitor.service b/scripts/systemd/openclaw-auth-monitor.service index ea2263b5d74..7443bd16031 100644 --- a/scripts/systemd/openclaw-auth-monitor.service +++ b/scripts/systemd/openclaw-auth-monitor.service @@ -4,7 +4,8 @@ After=network.target [Service] Type=oneshot -ExecStart=/home/admin/openclaw/scripts/auth-monitor.sh +# setup-auth-system.sh renders this placeholder to the checked-out script path. +ExecStart=@OPENCLAW_AUTH_MONITOR_PATH@ # Configure notification channels via environment Environment=WARN_HOURS=2 # Environment=NOTIFY_PHONE=+1234567890 diff --git a/scripts/termux-auth-widget.sh b/scripts/termux-auth-widget.sh index 1ce5c81fbfe..f8ddca7d9f0 100644 --- a/scripts/termux-auth-widget.sh +++ b/scripts/termux-auth-widget.sh @@ -6,7 +6,7 @@ # It's designed for quick one-tap checking from phone home screen. # Server hostname (via Tailscale or SSH config) -SERVER="${OPENCLAW_SERVER:-l36}" +SERVER="${OPENCLAW_SERVER:-openclaw-host}" # Check auth status termux-toast "Checking OpenClaw auth..." diff --git a/scripts/termux-quick-auth.sh b/scripts/termux-quick-auth.sh index 3c74bc99011..503605dc9b0 100644 --- a/scripts/termux-quick-auth.sh +++ b/scripts/termux-quick-auth.sh @@ -5,7 +5,7 @@ # One-tap: shows status toast # If expired: directly opens auth URL -SERVER="${OPENCLAW_SERVER:-l36}" +SERVER="${OPENCLAW_SERVER:-openclaw-host}" STATUS=$(ssh -o ConnectTimeout=5 "$SERVER" '$HOME/openclaw/scripts/claude-auth-status.sh simple' 2>&1) diff --git a/scripts/termux-sync-widget.sh b/scripts/termux-sync-widget.sh index 252c43c8b77..5c038b1f5f1 100644 --- a/scripts/termux-sync-widget.sh +++ b/scripts/termux-sync-widget.sh @@ -1,13 +1,13 @@ #!/data/data/com.termux/files/usr/bin/bash # OpenClaw OAuth Sync Widget -# Syncs Claude Code tokens to OpenClaw on l36 server +# Syncs Claude Code tokens to OpenClaw over SSH # Place in ~/.shortcuts/ on phone for Termux:Widget termux-toast "Syncing OpenClaw auth..." -# Run sync on l36 server -SERVER="${OPENCLAW_SERVER:-l36}" -RESULT=$(ssh "$SERVER" '/home/admin/openclaw/scripts/sync-claude-code-auth.sh' 2>&1) +# Run sync on the configured OpenClaw host. +SERVER="${OPENCLAW_SERVER:-openclaw-host}" +RESULT=$(ssh "$SERVER" '$HOME/openclaw/scripts/sync-claude-code-auth.sh' 2>&1) EXIT_CODE=$? if [ $EXIT_CODE -eq 0 ]; then diff --git a/scripts/test-projects.test-support.mjs b/scripts/test-projects.test-support.mjs index 5527ec73196..ce476ae6f3d 100644 --- a/scripts/test-projects.test-support.mjs +++ b/scripts/test-projects.test-support.mjs @@ -1059,13 +1059,20 @@ const TOOLING_SOURCE_TEST_TARGETS = new Map([ ["scripts/run-oxlint-shards.mjs", ["test/scripts/run-oxlint.test.ts"]], ["scripts/run-with-env.mjs", ["test/scripts/run-with-env.test.ts"]], ["scripts/run-node.mjs", ["src/infra/run-node.test.ts"]], + ["scripts/auth-monitor.sh", ["test/scripts/auth-monitor.test.ts"]], + ["scripts/mobile-reauth.sh", ["test/scripts/auth-monitor.test.ts"]], ["scripts/committer", ["test/scripts/committer.test.ts"]], ["scripts/gh-read", ["test/scripts/gh-read.test.ts"]], ["scripts/pr", ["test/scripts/pr-wrappers.test.ts"]], ["scripts/pr-merge", ["test/scripts/pr-wrappers.test.ts"]], ["scripts/pr-prepare", ["test/scripts/pr-wrappers.test.ts"]], ["scripts/pr-review", ["test/scripts/pr-wrappers.test.ts"]], - ["scripts/setup-auth-system.sh", ["test/scripts/test-projects.test.ts"]], + ["scripts/setup-auth-system.sh", ["test/scripts/auth-monitor.test.ts"]], + ["scripts/systemd/openclaw-auth-monitor.service", ["test/scripts/auth-monitor.test.ts"]], + ["scripts/systemd/openclaw-auth-monitor.timer", ["test/scripts/auth-monitor.test.ts"]], + ["scripts/termux-auth-widget.sh", ["test/scripts/auth-monitor.test.ts"]], + ["scripts/termux-quick-auth.sh", ["test/scripts/auth-monitor.test.ts"]], + ["scripts/termux-sync-widget.sh", ["test/scripts/auth-monitor.test.ts"]], ["scripts/ci-run-timings.mjs", ["test/scripts/ci-run-timings.test.ts"]], ["scripts/docker-e2e.mjs", ["test/scripts/docker-e2e-helper-cli.test.ts"]], ["scripts/docker-e2e-rerun.mjs", ["test/scripts/docker-e2e-helper-cli.test.ts"]], @@ -1548,6 +1555,7 @@ const TOOLING_SOURCE_TEST_TARGETS = new Map([ ["extensions/canvas/scripts/copy-a2ui.mjs", ["extensions/canvas/scripts/copy-a2ui.test.ts"]], ]); const TOOLING_TEST_TARGETS = new Map([ + ["test/scripts/auth-monitor.test.ts", ["test/scripts/auth-monitor.test.ts"]], ["test/scripts/barnacle-auto-response.test.ts", ["test/scripts/barnacle-auto-response.test.ts"]], ["test/scripts/changed-lanes.test.ts", ["test/scripts/changed-lanes.test.ts"]], [ diff --git a/src/scripts/test-projects.test.ts b/src/scripts/test-projects.test.ts index 7d3cbd3fb24..7c79605968e 100644 --- a/src/scripts/test-projects.test.ts +++ b/src/scripts/test-projects.test.ts @@ -1020,12 +1020,12 @@ describe("test-projects args", () => { ).toStrictEqual([]); }); - it("routes auth setup script changes to the focused tooling planner test", () => { + it("routes auth setup script changes to the focused auth monitor test", () => { const changedPaths = ["scripts/setup-auth-system.sh"]; expect(resolveChangedTestTargetPlan(changedPaths)).toEqual({ mode: "targets", - targets: ["test/scripts/test-projects.test.ts"], + targets: ["test/scripts/auth-monitor.test.ts"], }); expect( buildVitestRunPlans(["--changed=origin/main"], process.cwd(), () => changedPaths), @@ -1033,7 +1033,7 @@ describe("test-projects args", () => { { config: "test/vitest/vitest.tooling.config.ts", forwardedArgs: [], - includePatterns: ["test/scripts/test-projects.test.ts"], + includePatterns: ["test/scripts/auth-monitor.test.ts"], watchMode: false, }, ]); diff --git a/test/scripts/auth-monitor.test.ts b/test/scripts/auth-monitor.test.ts new file mode 100644 index 00000000000..62c889c868b --- /dev/null +++ b/test/scripts/auth-monitor.test.ts @@ -0,0 +1,63 @@ +// Auth monitor tests cover optional systemd and Termux helper script contracts. +import { readFileSync } from "node:fs"; +import { describe, expect, it } from "vitest"; + +const AUTH_MONITOR_PATH = "scripts/auth-monitor.sh"; +const MOBILE_REAUTH_PATH = "scripts/mobile-reauth.sh"; +const SETUP_AUTH_SYSTEM_PATH = "scripts/setup-auth-system.sh"; +const AUTH_MONITOR_SERVICE_PATH = "scripts/systemd/openclaw-auth-monitor.service"; +const AUTH_MONITOR_TIMER_PATH = "scripts/systemd/openclaw-auth-monitor.timer"; +const TERMUX_WIDGET_PATHS = [ + "scripts/termux-auth-widget.sh", + "scripts/termux-quick-auth.sh", + "scripts/termux-sync-widget.sh", +]; + +function readScript(path: string): string { + return readFileSync(path, "utf8"); +} + +describe("auth monitoring scripts", () => { + it("keeps systemd install rendering free of checked-in host paths", () => { + const setup = readScript(SETUP_AUTH_SYSTEM_PATH); + const service = readScript(AUTH_MONITOR_SERVICE_PATH); + const timer = readScript(AUTH_MONITOR_TIMER_PATH); + + expect(service).toContain("ExecStart=@OPENCLAW_AUTH_MONITOR_PATH@"); + expect(setup).toContain('AUTH_MONITOR_PATH="$SCRIPT_DIR/auth-monitor.sh"'); + expect(setup).toContain( + 'RENDERED_EXEC_START="ExecStart=$(systemd_quote_arg "$AUTH_MONITOR_PATH")"', + ); + expect(timer).toContain("OnUnitActiveSec=30min"); + }); + + it("keeps public helper scripts free of private host defaults", () => { + const privateHomePath = ["", "home", "admin"].join("/"); + const privateHostAlias = ["l", "36"].join(""); + const scripts = [AUTH_MONITOR_PATH, AUTH_MONITOR_SERVICE_PATH, ...TERMUX_WIDGET_PATHS].map( + readScript, + ); + const joined = scripts.join("\n"); + + expect(joined).not.toContain(privateHomePath); + expect(joined).not.toContain(privateHostAlias); + expect(joined).toContain("Run on the OpenClaw host: ${SCRIPT_DIR}/mobile-reauth.sh"); + for (const script of TERMUX_WIDGET_PATHS.map(readScript)) { + expect(script).toContain('SERVER="${OPENCLAW_SERVER:-openclaw-host}"'); + } + expect(readScript("scripts/termux-sync-widget.sh")).toContain( + "'$HOME/openclaw/scripts/sync-claude-code-auth.sh'", + ); + }); + + it("keeps mobile reauth wired to local auth status and Claude token setup", () => { + const script = readScript(MOBILE_REAUTH_PATH); + + expect(script).toContain('SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"'); + expect(script).toContain('"$SCRIPT_DIR/claude-auth-status.sh" simple'); + expect(script).toContain('"$SCRIPT_DIR/claude-auth-status.sh" full'); + expect(script).toContain("https://console.anthropic.com/settings/api-keys"); + expect(script).toContain("claude setup-token"); + expect(script).toContain("systemctl --user restart openclaw"); + }); +}); diff --git a/test/scripts/test-projects.test.ts b/test/scripts/test-projects.test.ts index 1501db5da1d..e0fcb302656 100644 --- a/test/scripts/test-projects.test.ts +++ b/test/scripts/test-projects.test.ts @@ -886,7 +886,6 @@ describe("scripts/test-projects changed-target routing", () => { const targets = [ "scripts/check-no-raw-http2-imports.mjs", "scripts/e2e/lib/clawhub-fixture-server.cjs", - "scripts/auth-monitor.sh", ]; expect(resolveChangedTestTargetPlan(targets)).toEqual({ @@ -1375,6 +1374,27 @@ describe("scripts/test-projects changed-target routing", () => { } }); + it("keeps auth monitoring helper edits on owner tests", () => { + const expectedTargets = new Map([ + ["scripts/auth-monitor.sh", ["test/scripts/auth-monitor.test.ts"]], + ["scripts/mobile-reauth.sh", ["test/scripts/auth-monitor.test.ts"]], + ["scripts/setup-auth-system.sh", ["test/scripts/auth-monitor.test.ts"]], + ["scripts/systemd/openclaw-auth-monitor.service", ["test/scripts/auth-monitor.test.ts"]], + ["scripts/systemd/openclaw-auth-monitor.timer", ["test/scripts/auth-monitor.test.ts"]], + ["scripts/termux-auth-widget.sh", ["test/scripts/auth-monitor.test.ts"]], + ["scripts/termux-quick-auth.sh", ["test/scripts/auth-monitor.test.ts"]], + ["scripts/termux-sync-widget.sh", ["test/scripts/auth-monitor.test.ts"]], + ["test/scripts/auth-monitor.test.ts", ["test/scripts/auth-monitor.test.ts"]], + ]); + + for (const [source, targets] of expectedTargets) { + expect(resolveChangedTestTargetPlan([source]), source).toEqual({ + mode: "targets", + targets, + }); + } + }); + it("keeps shared script library edits on owner tests", () => { const expectedTargets = new Map([ [