openclaw/src/cli/daemon-cli/gateway-token-drift.ts

import type { OpenClawConfig } from "../../config/config.js";
import { resolveGatewayCredentialsFromConfig } from "../../gateway/credentials.js";

export function resolveGatewayTokenForDriftCheck(params: {
  cfg: OpenClawConfig;
  env?: NodeJS.ProcessEnv;
}) {
  return resolveGatewayCredentialsFromConfig({
    cfg: params.cfg,
    env: {} as NodeJS.ProcessEnv,
    modeOverride: "local",
    // Drift checks should compare the configured local token source against the
    // persisted service token, not let exported shell env hide stale service state.
    localTokenPrecedence: "config-first",
  }).token;
}
refactor(daemon): extract gateway token drift helper 2026-03-08 00:27:41 +00:00			`import type { OpenClawConfig } from "../../config/config.js";`
			`import { resolveGatewayCredentialsFromConfig } from "../../gateway/credentials.js";`

			`export function resolveGatewayTokenForDriftCheck(params: {`
			`cfg: OpenClawConfig;`
			`env?: NodeJS.ProcessEnv;`
			`}) {`
			`return resolveGatewayCredentialsFromConfig({`
			`cfg: params.cfg,`
Config: fail closed invalid config loads (#39071) * Config: fail closed invalid config loads * CLI: keep diagnostics on explicit best-effort config * Tests: cover invalid config best-effort diagnostics * Changelog: note invalid config fail-closed fix * Status: pass best-effort config through status-all gateway RPCs * CLI: pass config through gateway secret RPC * CLI: skip plugin loading from invalid config * Tests: align daemon token drift env precedence 2026-03-07 20:48:13 -05:00			`env: {} as NodeJS.ProcessEnv,`
refactor(daemon): extract gateway token drift helper 2026-03-08 00:27:41 +00:00			`modeOverride: "local",`
Config: fail closed invalid config loads (#39071) * Config: fail closed invalid config loads * CLI: keep diagnostics on explicit best-effort config * Tests: cover invalid config best-effort diagnostics * Changelog: note invalid config fail-closed fix * Status: pass best-effort config through status-all gateway RPCs * CLI: pass config through gateway secret RPC * CLI: skip plugin loading from invalid config * Tests: align daemon token drift env precedence 2026-03-07 20:48:13 -05:00			`// Drift checks should compare the configured local token source against the`
			`// persisted service token, not let exported shell env hide stale service state.`
refactor(daemon): extract gateway token drift helper 2026-03-08 00:27:41 +00:00			`localTokenPrecedence: "config-first",`
			`}).token;`
			`}`