From 9eaaa2b0d08626e270002d0e2edd7453b2072ae8 Mon Sep 17 00:00:00 2001
From: Ojus Save <ojusave@users.noreply.github.com>
Date: Mon, 26 Jan 2026 00:20:36 -0800
Subject: [PATCH] fix(render): add startup script to configure trusted proxies
 and insecure UI auth

- Create render-start.sh that writes config before starting gateway
- Configure gateway.trustedProxies for Render's internal network
- Enable gateway.controlUi.allowInsecureAuth to skip device pairing
---
 render.yaml             |  2 +-
 scripts/render-start.sh | 24 ++++++++++++++++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100755 scripts/render-start.sh

diff --git a/render.yaml b/render.yaml
index 21bcd2f1f..7fa57bec0 100644
--- a/render.yaml
+++ b/render.yaml
@@ -3,7 +3,7 @@ services:
     name: moltbot
     runtime: docker
     plan: starter
-    dockerCommand: node dist/index.js gateway --port 8080 --bind lan --auth password --allow-unconfigured --trust-proxy
+    dockerCommand: sh scripts/render-start.sh
     envVars:
       - key: PORT
         value: "8080"
diff --git a/scripts/render-start.sh b/scripts/render-start.sh
new file mode 100755
index 000000000..7a198436f
--- /dev/null
+++ b/scripts/render-start.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+# Render startup script - creates config and starts gateway
+
+# Create config directory
+mkdir -p /data/.clawdbot
+
+# Write config file with Render-specific settings
+cat > /data/.clawdbot/clawdbot.json << 'EOF'
+{
+  "gateway": {
+    "trustedProxies": ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"],
+    "controlUi": {
+      "allowInsecureAuth": true
+    }
+  }
+}
+EOF
+
+# Start the gateway
+exec node dist/index.js gateway \
+  --port 8080 \
+  --bind lan \
+  --auth password \
+  --allow-unconfigured