Skip to content

Update README with Docker instructions#3

Merged
tuhinkanti merged 8 commits intomainfrom
feature/code-execution-harness
Feb 21, 2026
Merged

Update README with Docker instructions#3
tuhinkanti merged 8 commits intomainfrom
feature/code-execution-harness

Conversation

@tuhinkanti
Copy link
Copy Markdown
Owner

@tuhinkanti tuhinkanti commented Feb 18, 2026
edited by devin-ai-integration bot
Loading

devin-ai-integration[bot]
devin-ai-integration bot reviewed Feb 18, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@devin-ai-integration devin-ai-integration bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 2 additional findings.

Open in Devin Review

@tuhinkanti
Add WebSocket authentication to GatewayServer
9e0a564 
- Require 'Authorization: Bearer <token>' header or '?token=<token>' query param
- Validate against configured token using constant-time comparison
- Reject unauthorized connections in onOpen
- Updated GatewayE2ETest to send auth headers
devin-ai-integration[bot]

This comment was marked as resolved.

Sign in to view

tuhinkanti and others added 3 commits February 20, 2026 18:19
devin-ai-integration[bot]

This comment was marked as resolved.

Sign in to view

@tuhinkanti @devin-ai-integration
Apply suggestion from @devin-ai-integration[bot]
3561d2d 
Co-authored-by: devin-ai-integration[bot] <158243242+devin-ai-integration[bot]@users.noreply.github.com>
devin-ai-integration[bot]

This comment was marked as resolved.

Sign in to view

devin-ai-integration[bot]

This comment was marked as resolved.

Sign in to view

@tuhinkanti
feat(gateway): implement token-based authentication and env-based config
02b473b 
- Add GATEWAY_AUTH_TOKEN and GATEWAY_PORT environment variable support.
- Bind GatewayServer to 0.0.0.0 for container compatibility.
- Optimize authenticated client lookups using a Set.
- Improve query parameter token extraction robustness.
- Add null safety for gateway configuration.
devin-ai-integration[bot]
devin-ai-integration bot reviewed Feb 21, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@devin-ai-integration devin-ai-integration bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Devin Review found 1 new potential issue.

View 10 additional findings in Devin Review.

Open in Devin Review

src/main/java/ai/openclaw/config/ConfigLoader.java
Comment on lines +44 to +45
} catch (NumberFormatException ignored) {
}
Copy link
Copy Markdown
Contributor

@devin-ai-integration devin-ai-integration bot Feb 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟡 Silent failure on invalid GATEWAY_PORT environment variable

When GATEWAY_PORT is set to a non-numeric value (e.g., GATEWAY_PORT=abc), the NumberFormatException is silently caught and ignored, leaving the port at its default value without any indication to the user.

Impact and Details

At ConfigLoader.java:44, the catch block is empty:

} catch (NumberFormatException ignored) {
}

This means if a user sets GATEWAY_PORT=abc or GATEWAY_PORT=99999, the application will silently use the default port (18789) instead. The user would have no way to know their configuration was ignored, potentially leading to port conflicts or the application listening on an unexpected port. At minimum, this should log a warning.

Suggested change
} catch (NumberFormatException ignored) {
}
} catch (NumberFormatException e) {
System.err.println("WARNING: Invalid GATEWAY_PORT value '" + envPort + "', using default port");
}
Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

@tuhinkanti tuhinkanti merged commit e9fc1ea into main Feb 21, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tuhinkanti