fix(gateway): land #28428 from @l0cka

Landed from contributor PR #28428 by @l0cka. Co-authored-by: Daniel Alkurdi <danielalkurdi@gmail.com>
2026-03-07 22:49:50 +00:00
parent e83094e63f
commit 265367d99b
26 changed files with 289 additions and 165 deletions
--- a/src/tui/gateway-chat.test.ts
+++ b/src/tui/gateway-chat.test.ts
@@ -158,7 +158,16 @@ describe("resolveGatewayConnection", () => {
    expect(result.url).toBe("ws://127.0.0.1:18800");
  });

-  it("uses OPENCLAW_GATEWAY_TOKEN for local mode", async () => {
+  it("uses config auth token for local mode when both config and env tokens are set", async () => {
+    loadConfig.mockReturnValue({ gateway: { mode: "local", auth: { token: "config-token" } } });
+
+    await withEnvAsync({ OPENCLAW_GATEWAY_TOKEN: "env-token" }, async () => {
+      const result = await resolveGatewayConnection({});
+      expect(result.token).toBe("config-token");
+    });
+  });
+
+  it("falls back to OPENCLAW_GATEWAY_TOKEN when config token is missing", async () => {
    loadConfig.mockReturnValue({ gateway: { mode: "local" } });

    await withEnvAsync({ OPENCLAW_GATEWAY_TOKEN: "env-token" }, async () => {
@@ -167,13 +176,6 @@ describe("resolveGatewayConnection", () => {
    });
  });

-  it("falls back to config auth token when env token is missing", async () => {
-    loadConfig.mockReturnValue({ gateway: { mode: "local", auth: { token: "config-token" } } });
-
-    const result = await resolveGatewayConnection({});
-    expect(result.token).toBe("config-token");
-  });
-
  it("uses local password auth when gateway.auth.mode is unset and password-only is configured", async () => {
    loadConfig.mockReturnValue({
      gateway: {
--- a/src/tui/gateway-chat.ts
+++ b/src/tui/gateway-chat.ts
@@ -370,16 +370,15 @@ export async function resolveGatewayConnection(
  }

  const resolveToken = async () => {
-    const localToken =
-      explicitAuth.token || envToken
-        ? { value: explicitAuth.token ?? envToken }
-        : await resolveConfiguredSecretInputString({
-            value: config.gateway?.auth?.token,
-            path: "gateway.auth.token",
-            env,
-            config,
-          });
-    const token = explicitAuth.token ?? envToken ?? localToken.value;
+    const localToken = explicitAuth.token
+      ? { value: explicitAuth.token }
+      : await resolveConfiguredSecretInputString({
+          value: config.gateway?.auth?.token,
+          path: "gateway.auth.token",
+          env,
+          config,
+        });
+    const token = explicitAuth.token ?? localToken.value ?? envToken;
    if (!token) {
      throwGatewayAuthResolutionError(
        localToken.unresolvedRefReason ?? "Missing gateway auth token.",
@@ -410,7 +409,7 @@ export async function resolveGatewayConnection(
          env,
          config,
        });
-    const password = passwordCandidate ?? localPassword.value;
+    const password = explicitAuth.password ?? localPassword.value ?? envPassword;
    if (!password) {
      throwGatewayAuthResolutionError(
        localPassword.unresolvedRefReason ?? "Missing gateway auth password.",