fix: scope-watchdog 10s interval, no gateway dependency, fixes persistent stripping

2026-02-22 10:11:44 -05:00 · 2026-02-22 10:11:44 -05:00 · bd0465de1e
parent 1dc9a96b86
commit bd0465de1e
1 changed files with 10 additions and 31 deletions
--- a/scripts/scope-watchdog.py
+++ b/scripts/scope-watchdog.py
@ -1,38 +1,25 @@
 #!/usr/bin/env python3
 """
 Watches OpenClaw device-auth.json and restores operator scopes when stripped.
-Runs as a persistent systemd service alongside openclaw-gateway.
+Runs as a persistent systemd service. Checks every 10s.
 """
-import json, glob, os, time, subprocess, sys
+import json, glob, os, time, sys

 BASE = os.path.expanduser('~/.openclaw')
 DEVICE_AUTH = f'{BASE}/identity/device-auth.json'
 SCOPES = ['operator.write', 'operator.read']
-CHECK_INTERVAL = 30  # seconds
+CHECK_INTERVAL = 10  # seconds

-def get_scopes():
+def needs_fix():
    try:
        with open(DEVICE_AUTH) as f:
-            return json.load(f).get('scopes') or []
+            return json.load(f).get('scopes') != SCOPES
    except:
-        return None
+        return False

 def restore_scopes():
    fixed = []
-    # Fix device-auth.json
-    try:
-        with open(DEVICE_AUTH) as f:
-            d = json.load(f)
-        if d.get('scopes') != SCOPES:
-            d['scopes'] = SCOPES
-            with open(DEVICE_AUTH, 'w') as f:
-                json.dump(d, f, indent=2)
-            fixed.append('device-auth.json')
-    except Exception as e:
-        print(f'[scope-watchdog] device-auth error: {e}', file=sys.stderr)
-
-    # Fix devices/*.json
-    for p in glob.glob(f'{BASE}/devices/*.json'):
+    for p in [DEVICE_AUTH] + glob.glob(f'{BASE}/devices/*.json'):
        try:
            with open(p) as f:
                data = json.load(f)
@ -48,21 +35,13 @@ def restore_scopes():
                fixed.append(os.path.basename(p))
        except:
            pass
-
    return fixed

-print('[scope-watchdog] Starting. Checking every 30s.', flush=True)
-
-# Initial delay to let gateway fully start
-time.sleep(15)
+print('[scope-watchdog] Starting. Checking every 10s.', flush=True)

 while True:
-    scopes = get_scopes()
-    if scopes is None:
-        print('[scope-watchdog] device-auth.json not found, waiting...', flush=True)
-    elif scopes != SCOPES:
-        print(f'[scope-watchdog] Scopes stripped ({scopes}), restoring...', flush=True)
+    if needs_fix():
        fixed = restore_scopes()
        if fixed:
-            print(f'[scope-watchdog] Restored scopes in: {fixed}', flush=True)
+            print(f'[scope-watchdog] Restored: {fixed}', flush=True)
    time.sleep(CHECK_INTERVAL)