// Shared command preflight: config readiness plus optional plugin registry activation.

import type { ConfigFileSnapshot } from "../config/types.js";

import type { RuntimeEnv } from "../runtime.js";

import { createLazyImportLoader } from "../shared/lazy-promise.js";

import type { CliPluginRegistryPolicy } from "./command-catalog.js";

suppressDoctorStdout?: boolean;

skipConfigGuard?: boolean;

allowInvalid?: boolean;

beforeStateMigrations?: (snapshot?: ConfigFileSnapshot) => Promise<boolean>;

loadPlugins?: boolean;

pluginRegistry?: CliPluginRegistryPolicy;

}) {

runtime: params.runtime,

commandPath: params.commandPath,

...(params.allowInvalid ? { allowInvalid: true } : {}),

...(params.beforeStateMigrations

? { beforeStateMigrations: params.beforeStateMigrations }

: {}),

...(params.suppressDoctorStdout ? { suppressDoctorStdout: true } : {}),

});

}

// CLI startup context, banner/log presentation, and bootstrap orchestration.

import type { ConfigFileSnapshot } from "../config/types.js";

import { routeLogsToStderr } from "../logging/console.js";

import type { RuntimeEnv } from "../runtime.js";

import { resolveCliArgvInvocation } from "./argv-invocation.js";

commandPath: string[];

startupPolicy: CliStartupPolicy;

allowInvalid?: boolean;

beforeStateMigrations?: (snapshot?: ConfigFileSnapshot) => Promise<boolean>;

loadPlugins?: boolean;

skipConfigGuard?: boolean;

}) {

commandPath: params.commandPath,

suppressDoctorStdout: params.startupPolicy.suppressDoctorStdout,

allowInvalid: params.allowInvalid,

...(params.beforeStateMigrations

? { beforeStateMigrations: params.beforeStateMigrations }

: {}),

loadPlugins: params.loadPlugins ?? params.startupPolicy.loadPlugins,

pluginRegistry: params.startupPolicy.pluginRegistry,

skipConfigGuard: params.skipConfigGuard ?? params.startupPolicy.skipConfigGuard,

expect(resolveCliNetworkProxyPolicy(argv)).toBe("default");

});

it("resolves gateway runs after root options with values", () => {

const argv = ["node", "openclaw", "--log-level", "debug", "gateway", "run"];

expect(resolveCliCatalogCommandPath(argv)).toEqual(["gateway"]);

expect(resolveCliNetworkProxyPolicy(argv)).toBe("default");

});

it("does not let gateway run option values spoof bypass subcommands", () => {

for (const argv of [

["node", "openclaw", "gateway", "--token", "status"],

import { loadGlobalRuntimeDotEnvFiles, loadWorkspaceDotEnvFile } from "../infra/dotenv.js";

/** Load `.env` files for normal CLI commands without overriding existing process env. */

export function loadCliDotEnv(opts?: { quiet?: boolean }) {

export function loadCliDotEnv(opts?: { loadGlobalEnv?: boolean; quiet?: boolean }) {

const quiet = opts?.quiet ?? true;

const cwdEnvPath = path.join(process.cwd(), ".env");

loadWorkspaceDotEnvFile(cwdEnvPath, { quiet });

if (opts?.loadGlobalEnv === false) {

return;

}

// Then load the global fallback set without overriding any env vars that

// were already set or loaded from CWD. This includes the Ubuntu fresh-install

// gateway.env compatibility path.

import {

cloneEnvWithPlatformSemantics,

createConfigRuntimeEnv,

} from "../../config/config-env-vars.js";

import {

ALLOW_OLDER_BINARY_DESTRUCTIVE_ACTIONS_ENV,

formatFutureConfigActionBlock,

resolveFutureConfigActionBlock,

} from "../../config/future-version-guard.js";

// Gateway-specific future-config actions shared by pre-bootstrap and runtime startup.

import type { ConfigFileSnapshot, OpenClawConfig } from "../../config/types.js";

import type { RuntimeEnv } from "../../runtime.js";

import type { GatewayRunOpts } from "./run-options.js";

export type GatewayRunPreBootstrapOptions = Pick<GatewayRunOpts, "force" | "reset">;

type GatewayRunFutureConfigGuardParams = {

opts: GatewayRunPreBootstrapOptions;

snapshot?: ConfigFileSnapshot | null;

config?: Pick<OpenClawConfig, "env" | "meta"> | null;

};

function resolveGatewayRunFutureConfigBlock(params: GatewayRunFutureConfigGuardParams) {

const processServiceMode = Boolean(process.env.OPENCLAW_SERVICE_MARKER?.trim());

const candidateConfig =

params.config ??

(params.snapshot?.valid ? (params.snapshot.sourceConfig ?? params.snapshot.config) : undefined);

const candidateServiceMode =

!params.opts.reset &&

Boolean(

candidateConfig

? createConfigRuntimeEnv(candidateConfig, process.env).OPENCLAW_SERVICE_MARKER?.trim()

: undefined,

);

const serviceMode = processServiceMode || candidateServiceMode;

// Reset runs before service/force startup, while ordinary startup now runs state migrations.

const futureAction = params.opts.reset

? { action: "reset the dev gateway state", exitCode: 1 }

: serviceMode

? { action: "start the gateway service", exitCode: 78 }

: params.opts.force

? { action: "force-kill gateway port listeners", exitCode: 1 }

: { action: "run automatic gateway startup migrations", exitCode: 1 };

const guardEnv = serviceMode ? cloneEnvWithPlatformSemantics(process.env) : process.env;

if (serviceMode) {

delete guardEnv[ALLOW_OLDER_BINARY_DESTRUCTIVE_ACTIONS_ENV];

}

const block = resolveFutureConfigActionBlock({

action: futureAction.action,

snapshot: params.snapshot,

config: params.config,

env: guardEnv,

});

return block ? { block, exitCode: futureAction.exitCode, serviceMode } : null;

}

export function isGatewayRunFutureConfigAllowed(

params: GatewayRunFutureConfigGuardParams,

): boolean {

return resolveGatewayRunFutureConfigBlock(params) === null;

}

export function enforceGatewayRunFutureConfigGuard(

params: GatewayRunFutureConfigGuardParams & { runtime: RuntimeEnv },

): boolean {

const resolved = resolveGatewayRunFutureConfigBlock(params);

if (!resolved) {

return true;

}

if (resolved.serviceMode) {

delete process.env[ALLOW_OLDER_BINARY_DESTRUCTIVE_ACTIONS_ENV];

}

params.runtime.error(formatFutureConfigActionBlock(resolved.block));

params.runtime.exit(resolved.exitCode);

return false;

}