- Use set +e for permission testing, check exit codes explicitly
- Default to HOME/.clawdbot which is always writable
- Use heredoc for config file writing (more reliable)
- Add debug output for user/UID
- Remove duplicate echo statements
- Disable set -e for entire permission testing section
- Re-enable set -e after config is written
- Simpler logic without complex conditionals
- More reliable error handling
- Use for loop to try directories in order
- Temporarily disable set -e for permission tests
- Write config file directly to test writability
- More robust error handling that works with set -e
- Use touch/rm test instead of -w flag for better compatibility
- Clean up unused variables
- Add clearer fallback chain with logging
- Ensure script handles all edge cases gracefully
- Check if CLAWDBOT_STATE_DIR or /data/.clawdbot is writable
- Fall back to $HOME/.clawdbot if permissions fail
- Update CLAWDBOT_STATE_DIR export to match actual directory used
- Prevents Docker failures when running as node user (non-root)
The key difference from the wrapper:
- Wrapper strips proxy headers before forwarding to internal gateway
- Direct deployment needs trustedProxies config to trust Render's proxy IPs
This script:
1. Creates config with gateway.trustedProxies for Render's internal IPs
2. Sets allowInsecureAuth for Control UI access
3. Starts gateway with token auth
