fix: update entrypoint script to ensure cloud-ready config with allowInsecureAuth

Dockerfile

@@ -35,21 +35,24 @@ ENV NODE_ENV=production
 # Install gosu for dropping privileges safely
 RUN apt-get update && apt-get install -y --no-install-recommends gosu && rm -rf /var/lib/apt/lists/*
 
-# Entrypoint script: fix /data permissions, ensure trustedProxies config, then drop to node user
+# Entrypoint script: fix /data permissions, ensure cloud-ready config, then drop to node user
 RUN printf '#!/bin/sh\n\
 if [ -d /data ]; then\n\
   chown -R node:node /data 2>/dev/null || true\n\
 fi\n\
-# Ensure trustedProxies config exists for Railway/cloud deployments\n\
+# Ensure cloud-ready config exists for Railway/cloud deployments\n\
 if [ -n "$CLAWDBOT_STATE_DIR" ]; then\n\
   mkdir -p "$CLAWDBOT_STATE_DIR"\n\
   CONFIG_FILE="$CLAWDBOT_STATE_DIR/clawdbot.json"\n\
-  # If no config or config lacks trustedProxies, create/update it\n\
-  if [ ! -f "$CONFIG_FILE" ] || ! grep -q "trustedProxies" "$CONFIG_FILE" 2>/dev/null; then\n\
+  # If no config or config lacks trustedProxies or allowInsecureAuth, create it\n\
+  if [ ! -f "$CONFIG_FILE" ] || ! grep -q "trustedProxies" "$CONFIG_FILE" 2>/dev/null || ! grep -q "allowInsecureAuth" "$CONFIG_FILE" 2>/dev/null; then\n\
     cat > "$CONFIG_FILE" << EOF\n\
 {\n\
   "gateway": {\n\
-    "trustedProxies": ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16", "100.64.0.0/10"]\n\
+    "trustedProxies": ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16", "100.64.0.0/10"],\n\
+    "controlUi": {\n\
+      "allowInsecureAuth": true\n\
+    }\n\
   }\n\
 }\n\
 EOF\n\