Upload 12 files

CHANGELOG.md

@@ -0,0 +1,27 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+## [1.0.0] - 2026-03-30
+
+### 🎉 Initial Release
+
+#### Features
+- **Any LLM provider** — Anthropic (Claude), OpenAI (GPT-4), Google (Gemini)
+- **Telegram integration** — connect via @BotFather, supports multiple users
+- **Built-in keep-alive** — self-pings to prevent HF Spaces 48h sleep
+- **Auto-sync workspace** — commits + pushes to HF Dataset every 10 min
+- **Auto-create backup** — creates HF Dataset automatically on first run
+- **Graceful shutdown** — saves workspace before container stops
+- **Health endpoint** — `/health` on port 7861 for monitoring
+- **DNS fix** — bypasses HF Spaces internal DNS restrictions
+- **Version pinning** — lock OpenClaw to a specific version
+- **Startup banner** — clean summary of all running services
+- **Zero-config defaults** — just 2 secrets to get started
+
+#### Architecture
+- `start.sh` — config generator + validation + orchestrator
+- `keep-alive.sh` — self-ping background service
+- `workspace-sync.sh` — periodic workspace backup
+- `health-server.js` — lightweight health endpoint
+- `dns-fix.js` — DNS override for HF network restrictions

CODE_OF_CONDUCT.md

@@ -0,0 +1,27 @@
+# Code of Conduct
+
+## Our Pledge
+
+We are committed to making participation in this project a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+**Positive behavior includes:**
+- Using welcoming and inclusive language
+- Being respectful of differing viewpoints
+- Gracefully accepting constructive criticism
+- Focusing on what is best for the community
+
+**Unacceptable behavior includes:**
+- Trolling, insulting, or derogatory comments
+- Public or private harassment
+- Publishing others' private information without permission
+- Other conduct which could reasonably be considered inappropriate
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by opening an issue or contacting the maintainer. All complaints will be reviewed and investigated.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org/), version 2.0.

CONTRIBUTING.md

@@ -0,0 +1,46 @@
+# Contributing to HuggingClaw
+
+Thanks for your interest in contributing! 🦞
+
+## How to Contribute
+
+### Bug Reports
+- Open an issue with a clear description
+- Include your HF Space logs if possible
+- Mention which LLM provider you're using
+
+### Feature Requests
+- Open an issue with the `enhancement` label
+- Describe the use case — why is this needed?
+
+### Pull Requests
+1. Fork the repo
+2. Create a feature branch: `git checkout -b feature/my-feature`
+3. Make your changes
+4. Test locally with Docker: `docker build -t huggingclaw . && docker run -p 7860:7860 --env-file .env huggingclaw`
+5. Commit with a clear message
+6. Push and open a PR
+
+### Code Style
+- Shell scripts: use `set -e`, quote variables, comment non-obvious logic
+- Keep it simple — this project should stay easy to understand
+- No unnecessary dependencies
+
+### Testing
+- Test with at least one LLM provider (Anthropic, OpenAI, or Google)
+- Test with and without Telegram enabled
+- Test with and without workspace backup enabled
+- Verify keep-alive and auto-sync work
+
+## Development Setup
+
+```bash
+cp .env.example .env
+# Fill in your values
+docker build -t huggingclaw .
+docker run -p 7860:7860 --env-file .env huggingclaw
+```
+
+## Questions?
+
+Open an issue or start a discussion. We're friendly! 🤝

Dockerfile

@@ -0,0 +1,40 @@
+FROM node:22-slim
+
+# Version pinning (default: latest)
+ARG OPENCLAW_VERSION=latest
+
+# Install git, ca-certificates, jq, and curl
+RUN apt-get update && apt-get install -y \
+    git \
+    ca-certificates \
+    jq \
+    curl \
+    --no-install-recommends && \
+    rm -rf /var/lib/apt/lists/*
+
+# Reuse existing node user (UID 1000)
+RUN mkdir -p /home/node/app /home/node/.openclaw && \
+    chown -R 1000:1000 /home/node
+
+# Install OpenClaw (version configurable via build arg)
+RUN npm install -g openclaw@${OPENCLAW_VERSION}
+
+# Copy files
+COPY --chown=1000:1000 dns-fix.js /opt/dns-fix.js
+COPY --chown=1000:1000 health-server.js /home/node/app/health-server.js
+COPY --chown=1000:1000 start.sh /home/node/app/start.sh
+COPY --chown=1000:1000 keep-alive.sh /home/node/app/keep-alive.sh
+COPY --chown=1000:1000 workspace-sync.sh /home/node/app/workspace-sync.sh
+RUN chmod +x /home/node/app/start.sh /home/node/app/keep-alive.sh /home/node/app/workspace-sync.sh
+
+USER node
+
+ENV HOME=/home/node \
+    PATH=/home/node/.local/bin:/usr/local/bin:$PATH \
+    NODE_OPTIONS="--require /opt/dns-fix.js"
+
+WORKDIR /home/node/app
+
+EXPOSE 7860
+
+CMD ["/home/node/app/start.sh"]

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Somrat Sorkar (@somratpro)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -1,12 +1,280 @@
 ---
 title: HuggingClaw
-emoji: 📊
-colorFrom: gray
-colorTo: green
+emoji: 🦞
+colorFrom: blue
+colorTo: purple
 sdk: docker
-pinned: false
-license: mit
-short_description: 🦞 Run your own always-on AI assistant on HuggingFace Spaces
+app_port: 7860
+pinned: true
 ---
 
-Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
+<!-- Badges -->
+[![GitHub Stars](https://img.shields.io/github/stars/somratpro/huggingclaw?style=flat-square)](https://github.com/somratpro/huggingclaw)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg?style=flat-square)](https://opensource.org/licenses/MIT)
+[![HF Space](https://img.shields.io/badge/🤗%20HuggingFace-Space-blue?style=flat-square)](https://huggingface.co/spaces)
+[![OpenClaw](https://img.shields.io/badge/OpenClaw-Gateway-red?style=flat-square)](https://github.com/openclaw/openclaw)
+
+# 🦞 HuggingClaw
+
+Run your own **always-on AI assistant** on HuggingFace Spaces — for free.
+
+Works with **any LLM** (Anthropic, OpenAI, Google), connects via **Telegram**, and persists your workspace to **HF Datasets** automatically.
+
+### ✨ Features
+
+- **Zero-config** — just add 2 secrets and deploy
+- **Any LLM provider** — Claude, GPT-4, Gemini, etc.
+- **Built-in keep-alive** — self-pings to prevent HF sleep (no external cron needed)
+- **Auto-sync workspace** — commits + pushes changes every 10 min
+- **Auto-create backup** — creates the HF Dataset for you if it doesn't exist
+- **Graceful shutdown** — saves workspace before container dies
+- **Multi-user Telegram** — supports comma-separated user IDs for teams
+- **Health endpoint** — `/health` for monitoring
+- **Version pinning** — lock OpenClaw to a specific version
+- **100% HF-native** — runs entirely on HuggingFace infrastructure
+
+---
+
+## 🚀 Quick Start
+
+### 1. Duplicate this Space
+Click **"Duplicate this Space"** → name it → set to **Private**
+
+### 2. Add Required Secrets
+Go to **Settings → Secrets**:
+
+| Secret | Value |
+|--------|-------|
+| `LLM_API_KEY` | Your API key ([Anthropic](https://console.anthropic.com/) / [OpenAI](https://platform.openai.com/) / [Google](https://ai.google.dev/)) |
+| `GATEWAY_TOKEN` | Run `openssl rand -hex 32` to generate |
+
+### 3. Deploy
+That's it! The Space builds and starts automatically.
+
+### 4. (Optional) Add Telegram
+| Secret | Value |
+|--------|-------|
+| `TELEGRAM_BOT_TOKEN` | From [@BotFather](https://t.me/BotFather) |
+| `TELEGRAM_USER_ID` | Your user ID ([how to find](https://t.me/userinfobot)) |
+
+### 5. (Optional) Enable Workspace Backup
+| Secret | Value |
+|--------|-------|
+| `HF_USERNAME` | Your HuggingFace username |
+| `HF_TOKEN` | [HF token](https://huggingface.co/settings/tokens) with write access |
+
+The backup dataset (`huggingclaw-backup`) is **created automatically** — no manual setup needed.
+
+---
+
+## 📋 All Configuration Options
+
+See **`.env.example`** for the complete reference with examples.
+
+#### Required
+
+| Variable | Purpose |
+|----------|---------|
+| `LLM_API_KEY` | LLM provider API key |
+| `GATEWAY_TOKEN` | Gateway auth token |
+
+#### LLM
+
+| Variable | Default | Purpose |
+|----------|---------|---------|
+| `LLM_PROVIDER` | `anthropic` | Provider: `anthropic`, `openai`, `google` |
+| `LLM_MODEL` | `anthropic/claude-haiku-4-5` | Model to use |
+
+#### Telegram
+
+| Variable | Purpose |
+|----------|---------|
+| `TELEGRAM_BOT_TOKEN` | Bot token from @BotFather |
+| `TELEGRAM_USER_ID` | Single user allowlist |
+| `TELEGRAM_USER_IDS` | Multiple users (comma-separated): `123,456,789` |
+
+#### Workspace Backup
+
+| Variable | Default | Purpose |
+|----------|---------|---------|
+| `HF_USERNAME` | — | Your HF username |
+| `HF_TOKEN` | — | HF token (write access) |
+| `BACKUP_DATASET_NAME` | `huggingclaw-backup` | Dataset name (auto-created!) |
+| `WORKSPACE_GIT_USER` | `openclaw@example.com` | Git commit email |
+| `WORKSPACE_GIT_NAME` | `OpenClaw Bot` | Git commit name |
+
+#### Background Services
+
+| Variable | Default | Purpose |
+|----------|---------|---------|
+| `KEEP_ALIVE_INTERVAL` | `300` (5 min) | Self-ping interval. `0` = disable |
+| `SYNC_INTERVAL` | `600` (10 min) | Auto-sync interval |
+
+#### Advanced
+
+| Variable | Default | Purpose |
+|----------|---------|---------|
+| `OPENCLAW_VERSION` | `latest` | Pin OpenClaw version |
+| `HEALTH_PORT` | `7861` | Health endpoint port |
+
+---
+
+## 🤖 LLM Provider Setup
+
+### Anthropic (Claude)
+```
+LLM_PROVIDER=anthropic
+LLM_API_KEY=sk-ant-v0-...
+LLM_MODEL=anthropic/claude-haiku-4-5
+```
+Models: `claude-opus-4-6` · `claude-sonnet-4-5` · `claude-haiku-4-5`
+
+### OpenAI
+```
+LLM_PROVIDER=openai
+LLM_API_KEY=sk-...
+LLM_MODEL=gpt-4
+```
+Models: `gpt-4-turbo` · `gpt-4` · `gpt-3.5-turbo`
+
+### Google (Gemini)
+```
+LLM_PROVIDER=google
+LLM_API_KEY=AIzaSy...
+LLM_MODEL=gemini-pro
+```
+Models: `gemini-pro` · `gemini-pro-vision`
+
+---
+
+## 📱 Telegram Setup
+
+1. Message [@BotFather](https://t.me/BotFather) → `/newbot` → copy the token
+2. Message [@userinfobot](https://t.me/userinfobot) to get your user ID
+3. Add secrets: `TELEGRAM_BOT_TOKEN` and `TELEGRAM_USER_ID`
+4. Restart the Space → DM your bot 🎉
+
+**Multiple users?** Use `TELEGRAM_USER_IDS=123,456,789` (comma-separated)
+
+---
+
+## 💾 Workspace Backup
+
+Set `HF_USERNAME` + `HF_TOKEN` and HuggingClaw handles everything:
+
+1. **Auto-creates** the dataset if it doesn't exist
+2. **Restores** workspace on every startup
+3. **Auto-syncs** changes every 10 minutes (configurable)
+4. **Saves** on shutdown (graceful SIGTERM handling)
+
+Custom dataset name: `BACKUP_DATASET_NAME=my-custom-backup`
+
+---
+
+## 💓 How It Stays Alive
+
+HF Spaces sleeps after 48h of no HTTP requests. HuggingClaw prevents this with:
+
+- **Self-ping** — pings its own URL every 5 min (uses HF's `SPACE_HOST` env var)
+- **Health endpoint** — returns `200 OK` with uptime info
+- **Zero dependencies** — no external cron, no third-party pinger
+
+Your Space runs forever, powered entirely by HF. 🎯
+
+---
+
+## 💻 Local Development
+
+```bash
+git clone https://github.com/somratpro/huggingclaw.git
+cd huggingclaw
+cp .env.example .env
+nano .env  # fill in your values
+```
+
+**Docker:**
+```bash
+docker build -t huggingclaw .
+docker run -p 7860:7860 --env-file .env huggingclaw
+```
+
+**Without Docker:**
+```bash
+npm install -g openclaw@latest
+export $(cat .env | xargs)
+bash start.sh
+```
+
+---
+
+## 🔗 Connect via CLI
+
+```bash
+npm install -g openclaw@latest
+openclaw channels login --gateway https://YOUR-SPACE-URL.hf.space
+# Enter your GATEWAY_TOKEN when prompted
+```
+
+---
+
+## 🏗️ Architecture
+
+```
+HuggingClaw/
+├── Dockerfile          # Runtime: Node.js + OpenClaw + curl + jq
+├── start.sh            # Config generator + validation + orchestrator
+├── keep-alive.sh       # Self-ping to prevent HF sleep
+├── workspace-sync.sh   # Periodic workspace commit + push
+├── health-server.js    # Health endpoint (/health)
+├── dns-fix.js          # DNS override for HF network restrictions
+├── .env.example        # Complete configuration reference
+├── .gitignore          # Keeps secrets out of version control
+└── README.md           # You are here
+```
+
+**Startup flow:**
+1. Validate secrets → fail fast with clear errors
+2. Validate HF token → warn if expired
+3. Auto-create backup dataset if missing
+4. Restore workspace from HF Dataset
+5. Generate `openclaw.json` config from env vars
+6. Print startup summary
+7. Start background services (keep-alive, auto-sync)
+8. Launch OpenClaw gateway
+9. On SIGTERM → save workspace → exit cleanly
+
+---
+
+## 🐛 Troubleshooting
+
+**Missing secrets** → Check **Settings → Secrets** for `LLM_API_KEY` and `GATEWAY_TOKEN`
+
+**Telegram not working** → Verify bot token is valid, check logs for `📱 Enabling Telegram`
+
+**Workspace not restoring** → Check `HF_USERNAME` and `HF_TOKEN` are set, token has write access
+
+**Space sleeping** → Check logs for `💓 Keep-alive started`. If missing, `SPACE_HOST` might not be set
+
+**Control UI blocked** → The Space URL is auto-allowlisted. Check logs for origin errors
+
+**Version issues** → Pin with `OPENCLAW_VERSION=2026.3.24` in secrets
+
+---
+
+## 📚 Links
+
+- [OpenClaw Docs](https://docs.openclaw.ai) · [OpenClaw GitHub](https://github.com/openclaw/openclaw) · [HF Spaces Docs](https://huggingface.co/docs/hub/spaces)
+
+---
+
+## 🤝 Contributing
+
+Contributions welcome! See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
+
+## 📄 License
+
+MIT — see [LICENSE](LICENSE) for details.
+
+---
+
+Made with ❤️ by [@somratpro](https://github.com/somratpro) for the [OpenClaw](https://github.com/openclaw/openclaw) community

SECURITY.md

@@ -0,0 +1,28 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability, please report it responsibly:
+
+1. **Do NOT open a public issue**
+2. Email the maintainer or open a private security advisory on GitHub
+3. Include steps to reproduce if possible
+
+We'll respond within 48 hours and work on a fix.
+
+## Security Best Practices
+
+When deploying HuggingClaw:
+
+- **Set your Space to Private** — prevents unauthorized access to your gateway
+- **Use a strong `GATEWAY_TOKEN`** — generate with `openssl rand -hex 32`
+- **Keep your HF token scoped** — use fine-grained tokens with minimum permissions
+- **Don't commit `.env` files** — the `.gitignore` already excludes them
+- **Use `TELEGRAM_USER_ID`** — restricts bot access to your account only
+- **Review logs regularly** — check for unauthorized access attempts
+
+## Supported Versions
+
+| Version | Supported |
+|---------|-----------|
+| 1.0.x   | ✅        |

dns-fix.js

@@ -0,0 +1,19 @@
+// Fix HF Spaces DNS: internal resolver can't resolve discord.com / api.telegram.org
+// Override dns.lookup (used by http/https) to use Google/Cloudflare DNS
+const dns = require('dns');
+const { Resolver } = dns;
+const resolver = new Resolver();
+resolver.setServers(['8.8.8.8', '1.1.1.1']);
+
+const origLookup = dns.lookup;
+dns.lookup = function(hostname, options, callback) {
+  if (typeof options === 'function') { callback = options; options = { family: 0 }; }
+  resolver.resolve4(hostname, (err, addresses) => {
+    if (err || !addresses || !addresses.length) return origLookup.call(dns, hostname, options, callback);
+    if (options && options.all) {
+      callback(null, addresses.map(a => ({ address: a, family: 4 })));
+    } else {
+      callback(null, addresses[0], 4);
+    }
+  });
+};

health-server.js

@@ -0,0 +1,27 @@
+// Lightweight health endpoint on port 7861
+// OpenClaw runs on 7860, this runs alongside it
+// Returns 200 OK for keep-alive pings and external monitoring
+const http = require('http');
+
+const PORT = process.env.HEALTH_PORT || 7861;
+const startTime = Date.now();
+
+const server = http.createServer((req, res) => {
+  if (req.url === '/health' || req.url === '/') {
+    const uptime = Math.floor((Date.now() - startTime) / 1000);
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({
+      status: 'ok',
+      uptime: uptime,
+      uptimeHuman: `${Math.floor(uptime / 3600)}h ${Math.floor((uptime % 3600) / 60)}m`,
+      timestamp: new Date().toISOString()
+    }));
+  } else {
+    res.writeHead(404);
+    res.end();
+  }
+});
+
+server.listen(PORT, '0.0.0.0', () => {
+  console.log(`🏥 Health server listening on port ${PORT}`);
+});

keep-alive.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+# Self-ping keep-alive for HF Spaces
+# HF Spaces sleeps after 48h of inactivity (no HTTP requests)
+# This script pings the Space's own URL to prevent that
+#
+# HF provides SPACE_HOST env var automatically (e.g., "username-spacename.hf.space")
+# Runs as a background process alongside the gateway
+
+INTERVAL="${KEEP_ALIVE_INTERVAL:-300}"  # Default: every 5 minutes
+
+if [ "$INTERVAL" = "0" ]; then
+  echo "⏸️  Keep-alive: disabled (KEEP_ALIVE_INTERVAL=0)"
+  exit 0
+fi
+
+if [ -z "$SPACE_HOST" ]; then
+  echo "⏸️  Keep-alive: SPACE_HOST not set (not on HF Spaces?), skipping."
+  exit 0
+fi
+
+# Ping the Space URL — any HTTP response (even 404) counts as activity
+PING_URL="https://${SPACE_HOST}"
+
+echo "💓 Keep-alive started: pinging ${PING_URL} every ${INTERVAL}s"
+
+while true; do
+  sleep "$INTERVAL"
+  HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" --max-time 10 "$PING_URL" 2>/dev/null)
+  if [ "$HTTP_CODE" = "000" ]; then
+    echo "💓 Keep-alive: ping failed (network error), retrying next cycle..."
+  else
+    echo "💓 Keep-alive: OK"
+  fi
+done

start.sh

@@ -0,0 +1,237 @@
+#!/bin/bash
+set -e
+
+# ════════════════════════════════════════════════════════════════
+# HuggingClaw — OpenClaw Gateway for HF Spaces
+# ════════════════════════════════════════════════════════════════
+
+# ── Startup Banner ──
+OPENCLAW_VERSION="${OPENCLAW_VERSION:-latest}"
+echo ""
+echo "  ╔══════════════════════════════════════════╗"
+echo "  ║          🦞 HuggingClaw Gateway          ║"
+echo "  ╚══════════════════════════════════════════╝"
+echo ""
+
+# ── Validate required secrets ──
+ERRORS=""
+if [ -z "$LLM_API_KEY" ]; then
+  ERRORS="${ERRORS}  ❌ LLM_API_KEY is not set\n"
+fi
+if [ -z "$GATEWAY_TOKEN" ]; then
+  ERRORS="${ERRORS}  ❌ GATEWAY_TOKEN is not set (generate: openssl rand -hex 32)\n"
+fi
+if [ -n "$ERRORS" ]; then
+  echo "Missing required secrets:"
+  echo -e "$ERRORS"
+  echo "Add them in HF Spaces → Settings → Secrets"
+  exit 1
+fi
+
+# ── Set LLM env based on provider ──
+LLM_PROVIDER="${LLM_PROVIDER:-anthropic}"
+LLM_MODEL="${LLM_MODEL:-anthropic/claude-haiku-4-5}"
+
+case "$LLM_PROVIDER" in
+  anthropic) export ANTHROPIC_API_KEY="$LLM_API_KEY" ;;
+  openai)    export OPENAI_API_KEY="$LLM_API_KEY" ;;
+  google)    export GOOGLE_API_KEY="$LLM_API_KEY" ;;
+  *)         export LLM_API_KEY="$LLM_API_KEY" ;;
+esac
+
+# ── Setup directories ──
+mkdir -p /home/node/.openclaw/agents/main/sessions
+mkdir -p /home/node/.openclaw/credentials
+mkdir -p /home/node/.openclaw/workspace
+chmod 700 /home/node/.openclaw
+
+# ── Validate HF token (if provided) ──
+if [ -n "$HF_TOKEN" ]; then
+  echo "🔑 Validating HF token..."
+  HF_AUTH_STATUS=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $HF_TOKEN" https://huggingface.co/api/repos/create --max-time 10 2>/dev/null || echo "000")
+  if [ "$HF_AUTH_STATUS" = "401" ]; then
+    echo "  ⚠️  HF token is invalid or expired! Workspace backup will not work."
+    echo "  Get a new token: https://huggingface.co/settings/tokens"
+  else
+    echo "  ✅ HF token is valid"
+  fi
+fi
+
+# ── Auto-create + Restore workspace from HF Dataset ──
+if [ -n "$HF_USERNAME" ] && [ -n "$HF_TOKEN" ]; then
+  BACKUP_DATASET="${BACKUP_DATASET_NAME:-huggingclaw-backup}"
+  BACKUP_URL="https://${HF_USERNAME}:${HF_TOKEN}@huggingface.co/datasets/${HF_USERNAME}/${BACKUP_DATASET}"
+  
+  # Auto-create the dataset if it doesn't exist
+  echo "📦 Checking HF Dataset: ${HF_USERNAME}/${BACKUP_DATASET}..."
+  DATASET_CHECK=$(curl -s -o /dev/null -w "%{http_code}" \
+    -H "Authorization: Bearer $HF_TOKEN" \
+    "https://huggingface.co/api/datasets/${HF_USERNAME}/${BACKUP_DATASET}" \
+    --max-time 10 2>/dev/null || echo "000")
+  
+  if [ "$DATASET_CHECK" = "404" ]; then
+    echo "  📝 Dataset not found, creating ${HF_USERNAME}/${BACKUP_DATASET}..."
+    CREATE_RESULT=$(curl -s -w "\n%{http_code}" \
+      -X POST "https://huggingface.co/api/repos/create" \
+      -H "Authorization: Bearer $HF_TOKEN" \
+      -H "Content-Type: application/json" \
+      -d "{\"type\":\"dataset\",\"name\":\"${BACKUP_DATASET}\",\"private\":true}" \
+      --max-time 15 2>/dev/null || echo "error")
+    CREATE_STATUS=$(echo "$CREATE_RESULT" | tail -1)
+    if [ "$CREATE_STATUS" = "200" ] || [ "$CREATE_STATUS" = "201" ]; then
+      echo "  ✅ Dataset created: ${HF_USERNAME}/${BACKUP_DATASET} (private)"
+    else
+      echo "  ⚠️  Could not create dataset (HTTP $CREATE_STATUS). Create it manually:"
+      echo "     https://huggingface.co/datasets/create"
+    fi
+  elif [ "$DATASET_CHECK" = "200" ]; then
+    echo "  ✅ Dataset exists"
+  else
+    echo "  ⚠️  Could not check dataset (HTTP $DATASET_CHECK)"
+  fi
+  
+  # Restore workspace
+  echo "📦 Restoring workspace..."
+  WORKSPACE="/home/node/.openclaw/workspace"
+  GIT_USER_EMAIL="${WORKSPACE_GIT_USER:-openclaw@example.com}"
+  GIT_USER_NAME="${WORKSPACE_GIT_NAME:-OpenClaw Bot}"
+  
+  cd "$WORKSPACE"
+  if [ ! -d ".git" ]; then
+    git init -q
+    git remote add origin "$BACKUP_URL"
+  else
+    git remote set-url origin "$BACKUP_URL"
+  fi
+  
+  git config user.email "$GIT_USER_EMAIL"
+  git config user.name "$GIT_USER_NAME"
+  
+  if git fetch origin main 2>/dev/null; then
+    git reset --hard origin/main 2>/dev/null && echo "  ✅ Workspace restored!"
+  else
+    echo "  ⚠️ No remote data yet, starting fresh."
+  fi
+  cd /
+fi
+
+# ── Build config ──
+CONFIG_JSON=$(cat <<'CONFIGEOF'
+{
+  "gateway": {
+    "mode": "local",
+    "port": 7860,
+    "bind": "lan",
+    "auth": {
+      "token": ""
+    },
+    "controlUi": {
+      "allowInsecureAuth": true
+    },
+    "trustedProxies": ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
+  },
+  "channels": {},
+  "plugins": {
+    "entries": {}
+  }
+}
+CONFIGEOF
+)
+
+# Gateway token + model
+CONFIG_JSON=$(echo "$CONFIG_JSON" | jq ".gateway.auth.token = \"$GATEWAY_TOKEN\"")
+CONFIG_JSON=$(echo "$CONFIG_JSON" | jq ".agents.defaults.model = \"$LLM_MODEL\"")
+
+# Control UI origin (allow HF Space URL for web UI access)
+if [ -n "$SPACE_HOST" ]; then
+  CONFIG_JSON=$(echo "$CONFIG_JSON" | jq ".gateway.controlUi.allowedOrigins = [\"https://${SPACE_HOST}\"]")
+fi
+
+# Telegram (supports multiple user IDs, comma-separated)
+if [ -n "$TELEGRAM_BOT_TOKEN" ]; then
+  CONFIG_JSON=$(echo "$CONFIG_JSON" | jq '.plugins.entries.telegram = {"enabled": true}')
+  export TELEGRAM_BOT_TOKEN="$TELEGRAM_BOT_TOKEN"
+  
+  if [ -n "$TELEGRAM_USER_IDS" ]; then
+    # Convert comma-separated IDs to JSON array
+    IDS_JSON=$(echo "$TELEGRAM_USER_IDS" | tr ',' '\n' | sed 's/^ *//;s/ *$//' | jq -R . | jq -s .)
+    CONFIG_JSON=$(echo "$CONFIG_JSON" | jq ".channels.telegram = {\"dmPolicy\": \"allowlist\", \"allowFrom\": $IDS_JSON}")
+  elif [ -n "$TELEGRAM_USER_ID" ]; then
+    # Single user (backward compatible)
+    CONFIG_JSON=$(echo "$CONFIG_JSON" | jq ".channels.telegram = {\"dmPolicy\": \"allowlist\", \"allowFrom\": [\"$TELEGRAM_USER_ID\"]}")
+  fi
+fi
+
+# Write config
+echo "$CONFIG_JSON" > "/home/node/.openclaw/openclaw.json"
+
+# ── Startup Summary ──
+echo ""
+echo "  ┌──────────────────────────────────────────┐"
+echo "  │  📋 Configuration Summary                │"
+echo "  ├──────────────────────────────────────────┤"
+printf "  │  %-40s │\n" "LLM: $LLM_PROVIDER"
+printf "  │  %-40s │\n" "Model: $LLM_MODEL"
+if [ -n "$TELEGRAM_BOT_TOKEN" ]; then
+printf "  │  %-40s │\n" "Telegram: ✅ enabled"
+else
+printf "  │  %-40s │\n" "Telegram: ❌ not configured"
+fi
+if [ -n "$HF_USERNAME" ] && [ -n "$HF_TOKEN" ]; then
+printf "  │  %-40s │\n" "Backup: ✅ ${HF_USERNAME}/${BACKUP_DATASET:-huggingclaw-backup}"
+else
+printf "  │  %-40s │\n" "Backup: ❌ not configured"
+fi
+if [ -n "$SPACE_HOST" ]; then
+printf "  │  %-40s │\n" "Keep-alive: ✅ every ${KEEP_ALIVE_INTERVAL:-300}s"
+printf "  │  %-40s │\n" "Control UI: https://${SPACE_HOST}"
+else
+printf "  │  %-40s │\n" "Keep-alive: ⏸️  local mode"
+fi
+SYNC_STATUS="❌ disabled"
+if [ -n "$HF_USERNAME" ] && [ -n "$HF_TOKEN" ]; then
+  SYNC_STATUS="✅ every ${SYNC_INTERVAL:-600}s"
+fi
+printf "  │  %-40s │\n" "Auto-sync: $SYNC_STATUS"
+echo "  └──────────────────────────────────────────┘"
+echo ""
+
+# ── Trap SIGTERM for graceful shutdown ──
+graceful_shutdown() {
+  echo ""
+  echo "🛑 Shutting down gracefully..."
+  
+  # Commit any unsaved workspace changes
+  if [ -d "/home/node/.openclaw/workspace/.git" ]; then
+    echo "💾 Saving workspace before exit..."
+    cd /home/node/.openclaw/workspace
+    git add -A 2>/dev/null
+    if ! git diff --cached --quiet 2>/dev/null; then
+      TIMESTAMP=$(date -u +%Y-%m-%dT%H:%M:%SZ)
+      git commit -m "Shutdown sync ${TIMESTAMP}" 2>/dev/null
+      git push origin main 2>/dev/null && echo "  ✅ Workspace saved!" || echo "  ⚠️ Push failed"
+    else
+      echo "  ✅ No unsaved changes"
+    fi
+  fi
+  
+  # Kill background processes
+  kill $(jobs -p) 2>/dev/null
+  echo "👋 Goodbye!"
+  exit 0
+}
+trap graceful_shutdown SIGTERM SIGINT
+
+# ── Start background services ──
+node /home/node/app/health-server.js &
+/home/node/app/keep-alive.sh &
+/home/node/app/workspace-sync.sh &
+
+# ── Launch gateway ──
+echo "🚀 Launching OpenClaw gateway on port 7860..."
+echo ""
+openclaw gateway run --port 7860 --bind lan --verbose &
+GATEWAY_PID=$!
+
+# Wait for gateway (allows trap to fire)
+wait $GATEWAY_PID

workspace-sync.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+# Periodic workspace sync to HF Dataset
+# Commits and pushes workspace changes every SYNC_INTERVAL seconds
+# Runs as a background process alongside the gateway
+
+INTERVAL="${SYNC_INTERVAL:-600}"  # Default: every 10 minutes
+WORKSPACE="/home/node/.openclaw/workspace"
+
+# Wait for workspace to be initialized
+sleep 30
+
+if [ ! -d "$WORKSPACE/.git" ]; then
+  echo "📁 Workspace sync: no git repo found, skipping."
+  exit 0
+fi
+
+echo "🔄 Workspace sync started: syncing every ${INTERVAL}s"
+
+while true; do
+  sleep "$INTERVAL"
+  
+  cd "$WORKSPACE" || continue
+  
+  # Check if there are any changes
+  git add -A 2>/dev/null
+  if git diff --cached --quiet 2>/dev/null; then
+    # No changes
+    continue
+  fi
+  
+  # Commit and push
+  TIMESTAMP=$(date -u +%Y-%m-%dT%H:%M:%SZ)
+  if git commit -m "Auto-sync ${TIMESTAMP}" 2>/dev/null; then
+    if git push origin main 2>/dev/null; then
+      echo "🔄 Workspace sync: pushed changes (${TIMESTAMP})"
+    else
+      echo "🔄 Workspace sync: commit ok, push failed (will retry)"
+    fi
+  fi
+done