fix: scope-watchdog 10s interval, no gateway dependency, fixes persistent stripping
This commit is contained in:
James
parent
1dc9a96b86
commit
bd0465de1e
|
|
@ -1,38 +1,25 @@
|
||||||
#!/usr/bin/env python3
|
#!/usr/bin/env python3
|
||||||
"""
|
"""
|
||||||
Watches OpenClaw device-auth.json and restores operator scopes when stripped.
|
Watches OpenClaw device-auth.json and restores operator scopes when stripped.
|
||||||
Runs as a persistent systemd service alongside openclaw-gateway.
|
Runs as a persistent systemd service. Checks every 10s.
|
||||||
"""
|
"""
|
||||||
import json, glob, os, time, subprocess, sys
|
import json, glob, os, time, sys
|
||||||
|
|
||||||
BASE = os.path.expanduser('~/.openclaw')
|
BASE = os.path.expanduser('~/.openclaw')
|
||||||
DEVICE_AUTH = f'{BASE}/identity/device-auth.json'
|
DEVICE_AUTH = f'{BASE}/identity/device-auth.json'
|
||||||
SCOPES = ['operator.write', 'operator.read']
|
SCOPES = ['operator.write', 'operator.read']
|
||||||
CHECK_INTERVAL = 30 # seconds
|
CHECK_INTERVAL = 10 # seconds
|
||||||
|
|
||||||
def get_scopes():
|
def needs_fix():
|
||||||
try:
|
try:
|
||||||
with open(DEVICE_AUTH) as f:
|
with open(DEVICE_AUTH) as f:
|
||||||
return json.load(f).get('scopes') or []
|
return json.load(f).get('scopes') != SCOPES
|
||||||
except:
|
except:
|
||||||
return None
|
return False
|
||||||
|
|
||||||
def restore_scopes():
|
def restore_scopes():
|
||||||
fixed = []
|
fixed = []
|
||||||
# Fix device-auth.json
|
for p in [DEVICE_AUTH] + glob.glob(f'{BASE}/devices/*.json'):
|
||||||
try:
|
|
||||||
with open(DEVICE_AUTH) as f:
|
|
||||||
d = json.load(f)
|
|
||||||
if d.get('scopes') != SCOPES:
|
|
||||||
d['scopes'] = SCOPES
|
|
||||||
with open(DEVICE_AUTH, 'w') as f:
|
|
||||||
json.dump(d, f, indent=2)
|
|
||||||
fixed.append('device-auth.json')
|
|
||||||
except Exception as e:
|
|
||||||
print(f'[scope-watchdog] device-auth error: {e}', file=sys.stderr)
|
|
||||||
|
|
||||||
# Fix devices/*.json
|
|
||||||
for p in glob.glob(f'{BASE}/devices/*.json'):
|
|
||||||
try:
|
try:
|
||||||
with open(p) as f:
|
with open(p) as f:
|
||||||
data = json.load(f)
|
data = json.load(f)
|
||||||
|
|
@ -48,21 +35,13 @@ def restore_scopes():
|
||||||
fixed.append(os.path.basename(p))
|
fixed.append(os.path.basename(p))
|
||||||
except:
|
except:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
return fixed
|
return fixed
|
||||||
|
|
||||||
print('[scope-watchdog] Starting. Checking every 30s.', flush=True)
|
print('[scope-watchdog] Starting. Checking every 10s.', flush=True)
|
||||||
|
|
||||||
# Initial delay to let gateway fully start
|
|
||||||
time.sleep(15)
|
|
||||||
|
|
||||||
while True:
|
while True:
|
||||||
scopes = get_scopes()
|
if needs_fix():
|
||||||
if scopes is None:
|
|
||||||
print('[scope-watchdog] device-auth.json not found, waiting...', flush=True)
|
|
||||||
elif scopes != SCOPES:
|
|
||||||
print(f'[scope-watchdog] Scopes stripped ({scopes}), restoring...', flush=True)
|
|
||||||
fixed = restore_scopes()
|
fixed = restore_scopes()
|
||||||
if fixed:
|
if fixed:
|
||||||
print(f'[scope-watchdog] Restored scopes in: {fixed}', flush=True)
|
print(f'[scope-watchdog] Restored: {fixed}', flush=True)
|
||||||
time.sleep(CHECK_INTERVAL)
|
time.sleep(CHECK_INTERVAL)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue