fix(launcher): use separate profile and tokenized dashboard URL

- Use --profile ollama to fully isolate from installed clawdbot
- Run on port 19001 (installed uses 18789)
- Open dashboard via clawdbot dashboard command for proper auth token
- Check if gateway already running before starting

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Spacehunterz 2026-01-26 14:17:27 -06:00
parent fa2b77230b
commit 02226d6bea

View File

@ -1,188 +1,98 @@
#!/bin/bash
# Launch script for Clawdbot with Ollama
# Starts Ollama if not running, then launches Clawdbot
# Launch Clawdbot FORK with Ollama
# Runs the local fork on port 19001, separate from installed clawdbot (18789)
#
# SECURITY: This script enforces localhost-only Ollama connections
# SECURITY: Enforces localhost-only Ollama connections
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_DIR="$(dirname "$SCRIPT_DIR")"
# =============================================================================
# SECURITY CONFIGURATION
# SECURITY
# =============================================================================
# Force Ollama to bind to localhost only (prevents network exposure)
export OLLAMA_HOST="127.0.0.1:11434"
# Never allow these dangerous configurations
unset OLLAMA_ORIGINS # Prevents CORS bypass
# =============================================================================
# SECURITY CHECKS
# =============================================================================
unset OLLAMA_ORIGINS
check_ollama_security() {
echo "[Security] Checking Ollama configuration..."
# Check if Ollama is listening on 0.0.0.0 (dangerous!)
if ss -tlnp 2>/dev/null | grep -q "0.0.0.0:11434"; then
echo ""
echo "!!! SECURITY WARNING !!!"
echo "Ollama is exposed to ALL network interfaces (0.0.0.0:11434)"
echo "This allows anyone on your network to use your Ollama instance!"
echo ""
echo "To fix this:"
echo " 1. Stop Ollama: systemctl --user stop ollama (or pkill ollama)"
echo " 2. Edit config: Remove OLLAMA_HOST=0.0.0.0 from your environment"
echo " 3. Restart Ollama (this script will bind it to localhost)"
echo ""
read -p "Continue anyway? (y/N): " -n 1 -r
echo "!!! WARNING: Ollama exposed to network (0.0.0.0:11434) !!!"
read -p "Continue? (y/N): " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
echo "Aborted for security reasons."
exit 1
fi
fi
# Check if Ollama is listening on [::] (IPv6 all interfaces - also dangerous)
if ss -tlnp 2>/dev/null | grep -q "\[::\]:11434"; then
echo ""
echo "!!! SECURITY WARNING !!!"
echo "Ollama is exposed on IPv6 all interfaces ([::]:11434)"
echo ""
read -p "Continue anyway? (y/N): " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
echo "Aborted for security reasons."
exit 1
fi
fi
# Check for dangerous environment variables in user's environment
if [ -f "$HOME/.bashrc" ] && grep -q "OLLAMA_HOST=0.0.0.0" "$HOME/.bashrc" 2>/dev/null; then
echo ""
echo "[Warning] Found OLLAMA_HOST=0.0.0.0 in ~/.bashrc"
echo "Consider removing this to prevent network exposure."
echo ""
fi
if [ -f "$HOME/.profile" ] && grep -q "OLLAMA_HOST=0.0.0.0" "$HOME/.profile" 2>/dev/null; then
echo ""
echo "[Warning] Found OLLAMA_HOST=0.0.0.0 in ~/.profile"
echo "Consider removing this to prevent network exposure."
echo ""
fi
# Check systemd service if it exists
if [ -f "/etc/systemd/system/ollama.service" ]; then
if grep -q "OLLAMA_HOST=0.0.0.0" /etc/systemd/system/ollama.service 2>/dev/null; then
echo ""
echo "[Warning] System Ollama service is configured to bind to 0.0.0.0"
echo "Edit /etc/systemd/system/ollama.service to fix this."
echo ""
fi
fi
echo "[Security] Checks complete."
}
check_firewall() {
# Informational: Check if firewall is active
if command -v ufw &> /dev/null; then
if ufw status 2>/dev/null | grep -q "Status: active"; then
echo "[Security] UFW firewall is active (good!)"
else
echo "[Info] UFW firewall is not active. Consider enabling it:"
echo " sudo ufw enable"
fi
elif command -v firewall-cmd &> /dev/null; then
if firewall-cmd --state 2>/dev/null | grep -q "running"; then
echo "[Security] Firewalld is active (good!)"
fi
[[ ! $REPLY =~ ^[Yy]$ ]] && exit 1
fi
}
# =============================================================================
# MAIN SCRIPT
# OLLAMA
# =============================================================================
echo "=== Clawdbot + Ollama Launcher ==="
start_ollama() {
if ! pgrep -x "ollama" > /dev/null; then
echo "Starting Ollama..."
ollama serve &
for i in {1..30}; do
curl -s http://127.0.0.1:11434/api/tags > /dev/null 2>&1 && break
sleep 1
done
fi
MODEL_COUNT=$(curl -s http://127.0.0.1:11434/api/tags | grep -o '"name"' | wc -l)
echo "Ollama: $MODEL_COUNT models available"
}
# =============================================================================
# MAIN
# =============================================================================
echo "=== Clawdbot FORK + Ollama ==="
echo "Project: $PROJECT_DIR"
echo "Profile: ollama (port 19001)"
echo ""
# Run security checks
check_ollama_security
check_firewall
start_ollama
# Check if Ollama is running
if ! pgrep -x "ollama" > /dev/null; then
echo ""
echo "Starting Ollama (localhost only)..."
echo ""
cd "$PROJECT_DIR"
# Start Ollama with secure settings
ollama serve &
OLLAMA_PID=$!
# Wait for Ollama to be ready
echo "Waiting for Ollama to start..."
for i in {1..30}; do
if curl -s http://127.0.0.1:11434/api/tags > /dev/null 2>&1; then
echo "Ollama is ready (PID: $OLLAMA_PID)"
break
fi
if [ $i -eq 30 ]; then
echo "Error: Ollama failed to start within 30 seconds"
exit 1
fi
sleep 1
done
else
echo "Ollama is already running"
# Check if gateway already running
if ss -tlnp 2>/dev/null | grep -q ":19001"; then
echo "Gateway already running on port 19001"
echo "Opening dashboard..."
pnpm clawdbot --profile ollama dashboard
exit 0
fi
# Verify we're connecting to localhost only
echo ""
echo "[Security] Connecting to: http://127.0.0.1:11434 (localhost only)"
echo "Starting Clawdbot gateway..."
# Check if any models are available
MODELS_JSON=$(curl -s http://127.0.0.1:11434/api/tags 2>/dev/null)
MODEL_COUNT=$(echo "$MODELS_JSON" | grep -o '"name"' | wc -l)
# Start gateway in background
pnpm clawdbot --profile ollama gateway run --dev --port 19001 --bind loopback --force &
GATEWAY_PID=$!
if [ "$MODEL_COUNT" -eq 0 ]; then
echo ""
echo "No Ollama models found. You need to pull a model first."
echo ""
echo "Recommended models for coding:"
echo " ollama pull qwen3-coder # Fast, good for code"
echo " ollama pull deepseek-r1:8b # Reasoning model"
echo " ollama pull llama3.3 # General purpose"
echo ""
# Wait for gateway to be ready
echo "Waiting for gateway..."
for i in {1..30}; do
if ss -tlnp 2>/dev/null | grep -q ":19001"; then
echo "Gateway ready (PID: $GATEWAY_PID)"
sleep 2
# Open terminal to let user pull a model
if command -v gnome-terminal &> /dev/null; then
gnome-terminal -- bash -c "echo 'Pull a model with: ollama pull <model-name>'; echo ''; ollama list; exec bash"
elif command -v konsole &> /dev/null; then
konsole -e bash -c "echo 'Pull a model with: ollama pull <model-name>'; echo ''; ollama list; exec bash"
elif command -v xterm &> /dev/null; then
xterm -e "echo 'Pull a model with: ollama pull <model-name>'; ollama list; exec bash"
# Open dashboard with proper auth token
echo "Opening dashboard..."
pnpm clawdbot --profile ollama dashboard 2>/dev/null &
echo ""
echo "=== Running ==="
echo "Dashboard: http://127.0.0.1:19001/"
echo "Default model: ollama/qwen3-coder-32k:latest"
echo ""
echo "Press Ctrl+C to stop gateway"
wait $GATEWAY_PID
exit 0
fi
exit 1
fi
sleep 1
done
echo "Found $MODEL_COUNT Ollama model(s)"
echo ""
echo "Starting Clawdbot..."
echo ""
# Launch Clawdbot
if command -v clawdbot &> /dev/null; then
exec clawdbot
elif [ -f "$HOME/.local/bin/clawdbot" ]; then
exec "$HOME/.local/bin/clawdbot"
elif [ -f "/usr/local/bin/clawdbot" ]; then
exec /usr/local/bin/clawdbot
else
# Run from source
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_DIR="$(dirname "$SCRIPT_DIR")"
cd "$PROJECT_DIR"
exec pnpm clawdbot
fi
echo "Gateway failed to start within 30 seconds"
exit 1