Fix sync robustness, devdata activation, alias cleanup, and timing-safe auth compare

.env.example

@@ -316,6 +316,9 @@ OPENCLAW_CONFIG_WATCH_INTERVAL=1
 # Wait for openclaw.json to stay valid and unchanged before syncing. Default: 3.
 OPENCLAW_CONFIG_SETTLE_SECONDS=3
 
+# Minimum gap between sessions-triggered immediate syncs (seconds). Default: 30.
+SESSIONS_MIN_SYNC_GAP=30
+
 # Webhooks: Standard POST notifications for lifecycle events
 # WEBHOOK_URL=https://your-webhook-endpoint.com/log
 

README.md

@@ -177,6 +177,7 @@ HuggingClaw automatically syncs your workspace (chats, settings, sessions) to a
 | `SYNC_INTERVAL` | `180` | Full backup frequency in seconds |
 | `OPENCLAW_CONFIG_WATCH_INTERVAL` | `1` | How often to check `openclaw.json` for immediate settings sync |
 | `OPENCLAW_CONFIG_SETTLE_SECONDS` | `3` | How long `openclaw.json` must stay valid and unchanged before syncing |
+| `SESSIONS_MIN_SYNC_GAP` | `30` | Minimum seconds between session-triggered immediate syncs |
 
 ## 📦 Ephemeral Package Re-install *(Optional)*
 

env-builder.js

@@ -972,6 +972,15 @@ const FIELDS = [
     "ph": "3",
     "tag": "advanced"
   },
+{
+    "g": "Runtime",
+    "icon": "⚙️",
+    "k": "SESSIONS_MIN_SYNC_GAP",
+    "lbl": "Sessions min sync gap (seconds)",
+    "type": "number",
+    "ph": "30",
+    "tag": "advanced"
+  },
 {
     "g": "Runtime",
     "icon": "⚙️",
@@ -999,15 +1008,6 @@ const FIELDS = [
     "common": 0,
     "tag": "credential"
   },
-{
-    "g": "Provider Keys",
-    "icon": "🔑",
-    "k": "GOOGLE_API_KEY",
-    "lbl": "Google AI Studio",
-    "type": "password",
-    "common": 0,
-    "tag": "credential"
-  },
 {
     "g": "Provider Keys",
     "icon": "🔑",
@@ -1242,15 +1242,6 @@ const FIELDS = [
     "common": 0,
     "tag": "credential"
   },
-{
-    "g": "Provider Keys",
-    "icon": "🔑",
-    "k": "CLOUDFLARE_API_TOKEN",
-    "lbl": "Cloudflare API token",
-    "type": "password",
-    "common": 0,
-    "tag": "credential"
-  },
 {
     "g": "Rotation Pools",
     "icon": "🔄",
@@ -1275,14 +1266,6 @@ const FIELDS = [
     "type": "text",
     "tag": "advanced"
   },
-{
-    "g": "Rotation Pools",
-    "icon": "🔄",
-    "k": "GOOGLE_API_KEYS",
-    "lbl": "Google pool",
-    "type": "text",
-    "tag": "advanced"
-  },
 {
     "g": "Rotation Pools",
     "icon": "🔄",

health-server.js

@@ -3,6 +3,7 @@ const http = require("http");
 const https = require("https");
 const fs = require("fs");
 const net = require("net");
+const { timingSafeEqual } = require("crypto");
 
 function isTrue(value) {
   return /^(true|1|yes|on)$/i.test(String(value || "").trim());
@@ -258,14 +259,10 @@ function parseCookies(req) {
 // Constant-time comparison — prevent timing attacks on token check
 function safeEqual(a, b) {
   if (typeof a !== "string" || typeof b !== "string") return false;
-  // Pad both to the same length so the loop always takes constant time,
-  // preventing token length from being leaked via early-return timing.
-  const len = Math.max(a.length, b.length, 1);
-  const pa = a.padEnd(len, "\0");
-  const pb = b.padEnd(len, "\0");
-  let d = a.length === b.length ? 0 : 1; // length mismatch → always fail
-  for (let i = 0; i < len; i++) d |= pa.charCodeAt(i) ^ pb.charCodeAt(i);
-  return d === 0;
+  const ba = Buffer.from(a);
+  const bb = Buffer.from(b);
+  if (ba.length !== bb.length) return false;
+  return timingSafeEqual(ba, bb);
 }
 
 function isEnvBuilderAuthed(req) {

jupyter-devdata-sync.py

@@ -61,7 +61,11 @@ EXCLUDE = {
 
 
 def enabled():
-    dev = is_true(os.environ.get("DEV_MODE", ""))
+    jupyter_override = os.environ.get("HUGGINGCLAW_JUPYTER_ENABLED", "")
+    if jupyter_override.strip():
+        dev = is_true(jupyter_override)
+    else:
+        dev = is_true(os.environ.get("DEV_MODE", ""))
     separate_dataset = DATASET_NAME != BACKUP_DATASET_NAME
     if ENABLE and dev and HF_TOKEN and not separate_dataset:
         print("DevData sync disabled: DEVDATA_DATASET_NAME must be separate from BACKUP_DATASET_NAME.")
@@ -97,22 +101,41 @@ import fnmatch as _fnmatch
 SECRET_FILENAME_PATTERNS = {
     ".env",           # dotenv files — almost always contain API keys
     ".env.*",         # .env.local, .env.production, etc.
-    "*secret*",       # any file/dir whose name contains "secret"
-    "*secrets*",
-    "*_secret*",
-    "*-secret*",
-    "*key*",          # private keys, API key files
-    "*_key*",
-    "*-key*",
-    "*token*",        # token files
-    "*_token*",
-    "*-token*",
+    "id_rsa",
+    "id_dsa",
+    "id_ecdsa",
+    "id_ed25519",
+    "authorized_keys",
+    "known_hosts",
+    "secret",
+    "secrets",
+    "secret.*",
+    "*.secret",
+    "*_secret",
+    "*_secret.*",
+    "*-secret",
+    "*-secret.*",
+    "token",
+    "token.*",
+    "*.token",
+    "*_token",
+    "*_token.*",
+    "*-token",
+    "*-token.*",
+    "api_token",
+    "access_token",
+    "refresh_token",
+    "credentials",    # common credential file names
+    "credentials.*",
+    "auth.json",
+    "auth.yaml",
+    "auth.yml",
+    "auth.toml",
+    "auth.ini",
     "*.pem",          # TLS/SSH private keys
     "*.key",          # generic key files
     "*.p12",          # PKCS#12 bundles
     "*.pfx",
-    "credentials",    # common credential file names
-    "credentials.*",
     ".netrc",         # stores plaintext passwords
     ".htpasswd",
 }

openclaw-sync.py

@@ -50,6 +50,7 @@ CONFIG_SETTLE_SECONDS = max(
     0.0,
     float(os.environ.get("OPENCLAW_CONFIG_SETTLE_SECONDS", "3")),
 )
+SESSIONS_MIN_SYNC_GAP = int(os.environ.get("SESSIONS_MIN_SYNC_GAP", "30"))
 HF_TOKEN = os.environ.get("HF_TOKEN", "").strip()
 HF_USERNAME = os.environ.get("HF_USERNAME", "").strip()
 SPACE_AUTHOR_NAME = os.environ.get("SPACE_AUTHOR_NAME", "").strip()
@@ -82,6 +83,7 @@ RESET_MARKER = WORKSPACE / ".reset_credentials"
 HF_API = HfApi(token=HF_TOKEN) if HF_TOKEN else None
 STOP_EVENT = threading.Event()
 _REPO_ID_CACHE: str | None = None
+_SESSIONS_FILE_DIGEST_CACHE: dict[str, tuple[int, int, int, str]] = {}
 WorkspaceMarker: TypeAlias = tuple[int, int, int, str]
 
 
@@ -114,6 +116,11 @@ def copy_state_entry_with_retry(source_path: Path, backup_path: Path, attempts:
     last_exc: Exception | None = None
     for attempt in range(1, attempts + 1):
         try:
+            if backup_path.exists():
+                if backup_path.is_dir():
+                    shutil.rmtree(backup_path, ignore_errors=True)
+                else:
+                    backup_path.unlink(missing_ok=True)
             if source_path.is_dir():
                 shutil.copytree(source_path, backup_path)
                 return
@@ -142,9 +149,13 @@ def snapshot_state_into_workspace() -> None:
         staging_dir = STATE_DIR / ".openclaw-staging"
         if staging_dir.exists():
             shutil.rmtree(staging_dir, ignore_errors=True)
-        staging_dir.mkdir(parents=True, exist_ok=True)
+        if OPENCLAW_STATE_BACKUP_DIR.exists():
+            shutil.copytree(OPENCLAW_STATE_BACKUP_DIR, staging_dir)
+        else:
+            staging_dir.mkdir(parents=True, exist_ok=True)
 
         skipped_entries: list[tuple[str, Exception]] = []
+        copied_entry_names: set[str] = set()
         for source_path in OPENCLAW_HOME.iterdir():
             if source_path.name in EXCLUDED_STATE_NAMES:
                 continue
@@ -152,24 +163,37 @@ def snapshot_state_into_workspace() -> None:
             backup_path = staging_dir / source_path.name
             try:
                 copy_state_entry_with_retry(source_path, backup_path)
+                copied_entry_names.add(source_path.name)
             except Exception as entry_exc:
                 skipped_entries.append((source_path.name, entry_exc))
 
-        # If any top-level state entries could not be copied, keep the
-        # previous known-good snapshot instead of replacing it with a partial
-        # backup. We'll retry next pass.
+        # If staging was seeded from a previous backup, remove entries that no
+        # longer exist in OPENCLAW_HOME so the backup remains a true mirror of
+        # current state (except entries intentionally excluded from sync).
+        for staged_path in list(staging_dir.iterdir()):
+            if staged_path.name in EXCLUDED_STATE_NAMES:
+                continue
+            if staged_path.name in copied_entry_names:
+                continue
+            if staged_path.exists():
+                if staged_path.is_dir():
+                    shutil.rmtree(staged_path, ignore_errors=True)
+                else:
+                    staged_path.unlink(missing_ok=True)
+
+        # If any top-level state entries could not be copied, keep the last
+        # known-good version for only those entries (staging was seeded from
+        # previous backup). This preserves forward progress for the rest.
         if skipped_entries:
             for name, entry_exc in skipped_entries:
-                print(f"Warning: skipping state entry {name}: {entry_exc}")
+                print(f"Warning: keeping previous state entry {name}: {entry_exc}")
             print(
-                "Warning: OpenClaw state snapshot incomplete; keeping previous backup and retrying next sync."
+                "Warning: OpenClaw state snapshot had copy failures; updated remaining state entries."
             )
-            shutil.rmtree(staging_dir, ignore_errors=True)
-        else:
-            # Atomically swap staging → real backup dir
-            if OPENCLAW_STATE_BACKUP_DIR.exists():
-                shutil.rmtree(OPENCLAW_STATE_BACKUP_DIR, ignore_errors=True)
-            staging_dir.rename(OPENCLAW_STATE_BACKUP_DIR)
+        # Atomically swap staging → real backup dir
+        if OPENCLAW_STATE_BACKUP_DIR.exists():
+            shutil.rmtree(OPENCLAW_STATE_BACKUP_DIR, ignore_errors=True)
+        staging_dir.rename(OPENCLAW_STATE_BACKUP_DIR)
     except Exception as exc:
         # Clean up staging on failure so it doesn't interfere next time
         staging_dir = STATE_DIR / ".openclaw-staging"
@@ -577,19 +601,68 @@ def sessions_marker() -> tuple[int, int, int, str]:
     newest_mtime = 0
     metadata_hasher = hashlib.sha256()
 
+    global _SESSIONS_FILE_DIGEST_CACHE
+    next_cache: dict[str, tuple[int, int, int, str]] = {}
+
     for profile_dir in sorted(SESSIONS_ROOT.iterdir()):
         if not profile_dir.is_dir():
             continue
         sessions_dir = profile_dir / "sessions"
+        if not sessions_dir.exists():
+            continue
+        # Use content fingerprinting for sessions so we detect changes even
+        # when file size + mtime metadata appear unchanged across quick writes.
+        # (Some tooling can rewrite files in-place with preserved timestamps.)
         marker = metadata_marker(sessions_dir)
+        digest = hashlib.sha256()
+        for path in sorted(p for p in sessions_dir.rglob("*") if p.is_file()):
+            rel = path.relative_to(sessions_dir).as_posix()
+            try:
+                stat = path.stat()
+            except OSError:
+                continue
+            size = int(stat.st_size)
+            mtime_ns = int(stat.st_mtime_ns)
+            ctime_ns = int(stat.st_ctime_ns)
+            cache_key = f"{profile_dir.name}\0{rel}"
+            digest.update(rel.encode("utf-8"))
+            digest.update(b"\0")
+            digest.update(str(size).encode("ascii"))
+            digest.update(b"\0")
+            digest.update(str(mtime_ns).encode("ascii"))
+            digest.update(b"\0")
+            digest.update(str(ctime_ns).encode("ascii"))
+            digest.update(b"\0")
+            cached = _SESSIONS_FILE_DIGEST_CACHE.get(cache_key)
+            if (
+                cached is not None
+                and cached[0] == size
+                and cached[1] == mtime_ns
+                and cached[2] == ctime_ns
+            ):
+                file_digest = cached[3]
+            else:
+                file_hasher = hashlib.sha256()
+                try:
+                    with path.open("rb") as handle:
+                        for chunk in iter(lambda: handle.read(1024 * 1024), b""):
+                            file_hasher.update(chunk)
+                except (FileNotFoundError, IsADirectoryError, NotADirectoryError):
+                    continue
+                file_digest = file_hasher.hexdigest()
+            next_cache[cache_key] = (size, mtime_ns, ctime_ns, file_digest)
+            digest.update(file_digest.encode("ascii"))
+            digest.update(b"\0")
+
         file_count += marker[0]
         total_size += marker[1]
         newest_mtime = max(newest_mtime, marker[2])
         metadata_hasher.update(profile_dir.name.encode("utf-8"))
         metadata_hasher.update(b"\0")
-        metadata_hasher.update(marker[3].encode("ascii"))
+        metadata_hasher.update(digest.hexdigest().encode("ascii"))
         metadata_hasher.update(b"\0")
 
+    _SESSIONS_FILE_DIGEST_CACHE = next_cache
     return (file_count, total_size, newest_mtime, metadata_hasher.hexdigest())
 
 
@@ -615,7 +688,10 @@ def wait_for_config_settle(config_marker: tuple[int, int, int]) -> tuple[str, tu
     return ("stopped", current_marker)
 
 
-def wait_for_sync_trigger(config_marker: tuple[int, int, int]) -> tuple[str, tuple[int, int, int]]:
+def wait_for_sync_trigger(
+    config_marker: tuple[int, int, int],
+    last_sessions_sync_time: float = 0.0,
+) -> tuple[str, tuple[int, int, int]]:
     deadline = time.monotonic() + max(0, INTERVAL)
     # BUG FIX: also watch sessions directory so new/updated sessions
     # trigger an immediate sync instead of waiting the full interval.
@@ -628,11 +704,15 @@ def wait_for_sync_trigger(config_marker: tuple[int, int, int]) -> tuple[str, tup
         if current_config_marker != config_marker:
             return wait_for_config_settle(current_config_marker)
 
-        # Sessions changed -> trigger sync immediately (no settle needed;
-        # session files are written atomically by OpenClaw).
-        current_sessions_marker = sessions_marker()
-        if current_sessions_marker != last_sessions_marker:
-            return ("sessions", current_config_marker)
+        sessions_gap_elapsed = (
+            time.monotonic() - last_sessions_sync_time >= SESSIONS_MIN_SYNC_GAP
+        )
+        if sessions_gap_elapsed:
+            # Sessions changed -> trigger sync immediately (no settle needed;
+            # session files are written atomically by OpenClaw).
+            current_sessions_marker = sessions_marker()
+            if current_sessions_marker != last_sessions_marker:
+                return ("sessions", current_config_marker)
 
         remaining = deadline - time.monotonic()
         if remaining <= 0:
@@ -689,11 +769,16 @@ def loop() -> int:
         print("Initial workspace fingerprint captured.")
 
     config_marker = file_marker(OPENCLAW_CONFIG_FILE)
+    last_sessions_sync_time = 0.0
+
+    sync_trigger = "startup"
 
     while not STOP_EVENT.is_set():
         try:
             sync_started_config_marker = file_marker(OPENCLAW_CONFIG_FILE)
             last_fingerprint, last_marker = sync_once(last_fingerprint, last_marker)
+            if sync_trigger == "sessions":
+                last_sessions_sync_time = time.monotonic()
             config_marker = file_marker(OPENCLAW_CONFIG_FILE)
 
             if config_marker != sync_started_config_marker:
@@ -706,14 +791,19 @@ def loop() -> int:
             write_status("error", f"Sync failed: {exc}")
             print(f"Workspace sync failed: {exc}")
             config_marker = file_marker(OPENCLAW_CONFIG_FILE)
+            STOP_EVENT.wait(min(30, SESSIONS_MIN_SYNC_GAP))
 
-        trigger, config_marker = wait_for_sync_trigger(config_marker)
+        trigger, config_marker = wait_for_sync_trigger(
+            config_marker,
+            last_sessions_sync_time=last_sessions_sync_time,
+        )
         if trigger == "stopped":
             break
         if trigger == "settled":
             print("OpenClaw config changed and settled; syncing immediately.")
         if trigger == "sessions":
             print("Session files changed; syncing immediately.")
+        sync_trigger = trigger
 
     return 0
 

start.sh

@@ -99,6 +99,11 @@ if [ "$DEV_MODE_ENABLED" != "true" ] && [ -z "${DEV_MODE:-}" ] && [ -n "${GATEWA
   DEV_MODE_ENABLED=true
   : # auto-enable is silent; set DEV_MODE=false to opt out
 fi
+if [ "$DEV_MODE_ENABLED" = "true" ]; then
+  export DEV_MODE=true
+else
+  export DEV_MODE=false
+fi
 SYNC_INTERVAL="$(trim_var "${SYNC_INTERVAL:-180}")"
 DEVDATA_DATASET_NAME="$(trim_var "${DEVDATA_DATASET_NAME:-huggingclaw-devdata}")"
 DEVDATA_SYNC_INTERVAL="$(trim_var "${DEVDATA_SYNC_INTERVAL:-180}")"
@@ -250,7 +255,6 @@ promote_first_pool_key() {
 promote_first_pool_key "ANTHROPIC_API_KEY" "ANTHROPIC_API_KEYS"
 promote_first_pool_key "OPENAI_API_KEY" "OPENAI_API_KEYS"
 promote_first_pool_key "GEMINI_API_KEY" "GEMINI_API_KEYS"
-promote_first_pool_key "GEMINI_API_KEY" "GOOGLE_API_KEYS"
 promote_first_pool_key "DEEPSEEK_API_KEY" "DEEPSEEK_API_KEYS"
 promote_first_pool_key "OPENROUTER_API_KEY" "OPENROUTER_API_KEYS"
 promote_first_pool_key "KILOCODE_API_KEY" "KILOCODE_API_KEYS"
@@ -284,11 +288,6 @@ if [ -z "${MOONSHOT_API_KEY:-}" ] && [ -n "${KIMI_API_KEY:-}" ]; then
 fi
 promote_first_pool_key "HUGGINGFACE_HUB_TOKEN" "HUGGINGFACE_HUB_TOKENS"
 
-# Compatibility aliases for Google provider secrets some users already have.
-if [ -z "${GEMINI_API_KEY:-}" ] && [ -n "${GOOGLE_API_KEY:-}" ]; then
-  export GEMINI_API_KEY="$GOOGLE_API_KEY"
-fi
-
 # ── Setup directories ──
 mkdir -p /home/node/.openclaw/agents/main/sessions
 mkdir -p /home/node/.openclaw/credentials
@@ -323,7 +322,7 @@ else
   echo "HF_TOKEN not set — running without dataset persistence."
 fi
 
-CLOUDFLARE_WORKERS_TOKEN="${CLOUDFLARE_WORKERS_TOKEN:-${CLOUDFLARE_API_TOKEN:-}}"
+CLOUDFLARE_WORKERS_TOKEN="${CLOUDFLARE_WORKERS_TOKEN:-}"
 export CLOUDFLARE_WORKERS_TOKEN
 CF_PROXY_ENV_FILE="/tmp/huggingclaw-cloudflare-proxy.env"
 if [ -n "${CLOUDFLARE_WORKERS_TOKEN:-}" ] || [ -n "${CLOUDFLARE_PROXY_URL:-}" ]; then