openclaw
diff --git a/‎CHANGELOG.md‎
Lines changed: 4 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎docs/commands/run.md‎
Lines changed: 4 additions & 3 deletions b/‎docs/commands/run.md‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎docs/commands/warmup.md‎
Lines changed: 5 additions & 3 deletions b/‎docs/commands/warmup.md‎
Lines changed: 5 additions & 3 deletions
diff --git a/‎internal/cli/artifacts.go‎
Lines changed: 22 additions & 0 deletions b/‎internal/cli/artifacts.go‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎internal/cli/bootstrap.go‎
Lines changed: 158 additions & 7 deletions b/‎internal/cli/bootstrap.go‎
Lines changed: 158 additions & 7 deletions
diff --git a/‎internal/cli/bootstrap_test.go‎
Lines changed: 51 additions & 2 deletions b/‎internal/cli/bootstrap_test.go‎
Lines changed: 51 additions & 2 deletions
@@ -2,6 +2,10 @@
 
 ## 0.18.1 - Unreleased
 
+### Added
+
+- Added an experimental Linux `--desktop-env wayland` profile using Sway, WayVNC, Wayland browser launch env, and `grim` screenshots while keeping XFCE as the default desktop.
+
 ### Fixed
 
 - Fixed Linux desktop theme setup so WebVNC sessions install and prefer native Arc-Dark/other dark XFCE themes instead of custom-painting panel and window chrome.
 
@@ -86,9 +86,10 @@ profile directory or app-specific auth artifact when tests need a logged-in
 browser.
 
 `--desktop` provisions or requires a visible desktop/VNC session and injects
-`CRABBOX_DESKTOP=1`; POSIX desktop targets also use `DISPLAY=:99`. It does not
-imply a browser. Use `--desktop --browser` for headed browser automation in the
-VNC-visible session.
+`CRABBOX_DESKTOP=1`. Linux defaults to XFCE on `DISPLAY=:99`; leases created
+with `--desktop-env wayland` expose `XDG_RUNTIME_DIR` and `WAYLAND_DISPLAY`
+from `/var/lib/crabbox/desktop.env` instead. It does not imply a browser. Use
+`--desktop --browser` for headed browser automation in the VNC-visible session.
 
 `--tailscale` asks new managed Linux leases to join the configured tailnet.
 `--network` selects how Crabbox resolves SSH for reused leases and for the final
 
@@ -186,9 +186,11 @@ Warmup records a local claim tying the lease to the current repo; `--reclaim` ov
 browser automation. Managed Linux tries Google Chrome stable first, then a
 Chromium package fallback.
 
-`--desktop` provisions Xvfb, slim XFCE, and loopback-bound x11vnc for visible UI
-automation and operator takeover. It does not imply a browser. Use
-`--desktop --browser` when a headed browser should run in the visible display.
+`--desktop` provisions a visible UI and loopback-bound VNC for automation and
+operator takeover. Linux defaults to Xvfb, slim XFCE, and x11vnc; use
+`--desktop-env wayland` for the experimental Sway/WayVNC profile on Ubuntu
+24.04-compatible images. It does not imply a browser. Use `--desktop --browser`
+when a headed browser should run in the visible display.
 
 `--code` provisions `code-server` for Linux leases and enables
 `crabbox code --id <lease>` to bridge the workspace through the authenticated
 
@@ -385,6 +385,9 @@ func (a App) artifactsVideo(ctx context.Context, args []string) error {
 	if contactWidth <= 0 {
 		return exit(2, "artifacts video --contact-sheet-width must be positive")
 	}
+	if err := rejectWaylandDesktopVideoTarget(ctx, target, "artifacts video"); err != nil {
+		return err
+	}
 	if err := captureDesktopVideo(ctx, target, output, duration, fps); err != nil {
 		printRescue(a.Stdout, classifyDesktopFailure(err.Error()), err.Error(), desktopDoctorCommand(rescueContext{Cfg: cfg, Target: target, LeaseID: leaseID}))
 		return err
@@ -649,6 +652,9 @@ func captureDesktopVideo(ctx context.Context, target SSHTarget, outputPath strin
 	if target.TargetOS != targetLinux {
 		return exit(2, "artifacts video currently requires target=linux or native Windows desktop capture")
 	}
+	if err := rejectWaylandDesktopVideoTarget(ctx, target, "desktop video capture"); err != nil {
+		return err
+	}
 	if err := os.MkdirAll(filepath.Dir(outputPath), 0o755); err != nil && filepath.Dir(outputPath) != "." {
 		return exit(2, "create video directory: %v", err)
 	}
@@ -674,6 +680,11 @@ func desktopVideoRemoteCommand(duration time.Duration, fps float64) string {
 	seconds := strconv.FormatFloat(duration.Seconds(), 'f', 3, 64)
 	frameRate := strconv.FormatFloat(fps, 'f', 3, 64)
 	return fmt.Sprintf(`set -eu
+if [ -f /var/lib/crabbox/desktop.env ]; then . /var/lib/crabbox/desktop.env; fi
+if [ "${CRABBOX_DESKTOP_ENV:-xfce}" = "wayland" ]; then
+  echo "video capture does not support --desktop-env wayland yet; use an X11 desktop" >&2
+  exit 2
+fi
 export DISPLAY="${DISPLAY:-:99}"
 if ! command -v ffmpeg >/dev/null 2>&1; then
   echo "missing ffmpeg; warm a new --desktop lease or install ffmpeg" >&2
@@ -689,6 +700,17 @@ ffmpeg -hide_banner -loglevel error -y -f x11grab -video_size "$size" -framerate
 `, frameRate, seconds)
 }
 
+func rejectWaylandDesktopVideoTarget(ctx context.Context, target SSHTarget, command string) error {
+	if target.TargetOS != targetLinux {
+		return nil
+	}
+	env, err := probeDesktopEnv(ctx, target)
+	if err != nil {
+		return nil
+	}
+	return rejectWaylandDesktopVideoEnv(env, command)
+}
+
 func captureWindowsDesktopVideo(ctx context.Context, target SSHTarget, outputPath string, duration time.Duration, fps float64) error {
 	if _, err := exec.LookPath("ffmpeg"); err != nil {
 		return exit(2, "ffmpeg is required to encode Windows desktop video locally: %v", err)
 
@@ -592,10 +592,15 @@ func cloudInitOptionalReadyChecks(cfg Config) string {
 		b.WriteString("      grep -Eq '^100\\.' /var/lib/crabbox/tailscale-ipv4\n")
 	}
 	if cfg.Desktop {
-		b.WriteString("      systemctl is-active --quiet crabbox-xvfb.service\n")
-		b.WriteString("      systemctl is-active --quiet crabbox-desktop.service\n")
-		b.WriteString("      systemctl is-active --quiet crabbox-desktop-session.service\n")
-		b.WriteString("      systemctl is-active --quiet crabbox-x11vnc.service\n")
+		if normalizedDesktopEnv(cfg.DesktopEnv) == desktopEnvWayland {
+			b.WriteString("      systemctl is-active --quiet crabbox-desktop.service\n")
+			b.WriteString("      systemctl is-active --quiet crabbox-wayvnc.service\n")
+		} else {
+			b.WriteString("      systemctl is-active --quiet crabbox-xvfb.service\n")
+			b.WriteString("      systemctl is-active --quiet crabbox-desktop.service\n")
+			b.WriteString("      systemctl is-active --quiet crabbox-desktop-session.service\n")
+			b.WriteString("      systemctl is-active --quiet crabbox-x11vnc.service\n")
+		}
 		b.WriteString("      ss -ltn | grep -q '127.0.0.1:5900'\n")
 	}
 	if cfg.Browser {
@@ -616,7 +621,9 @@ func cloudInitOptionalWriteFiles(cfg Config) string {
 	if cfg.Provider == "gcp" {
 		parts = append(parts, cloudInitGCPExpiryGuardFiles())
 	}
-	if cfg.Desktop {
+	if cfg.Desktop && normalizedDesktopEnv(cfg.DesktopEnv) == desktopEnvWayland {
+		parts = append(parts, cloudInitWaylandDesktopWriteFiles())
+	} else if cfg.Desktop {
 		parts = append(parts, `  - path: /etc/systemd/system/crabbox-xvfb.service
     permissions: '0644'
     content: |
@@ -882,12 +889,149 @@ func cloudInitOptionalWriteFiles(cfg Config) string {
 	return strings.Join(parts, "\n")
 }
 
+func cloudInitWaylandDesktopWriteFiles() string {
+	return `  - path: /usr/local/bin/crabbox-start-wayland-desktop
+    permissions: '0755'
+    content: |
+      #!/bin/sh
+      set -eu
+      runtime="${XDG_RUNTIME_DIR:-/tmp/crabbox-runtime-$(id -u)}"
+      install -d -m 0700 "$runtime"
+      export XDG_RUNTIME_DIR="$runtime"
+      export WLR_BACKENDS=headless
+      export WLR_LIBINPUT_NO_DEVICES=1
+      export WLR_RENDERER="${WLR_RENDERER:-pixman}"
+      export MOZ_ENABLE_WAYLAND=1
+      exec dbus-run-session sway --unsupported-gpu
+  - path: /usr/local/bin/crabbox-sway-status
+    permissions: '0755'
+    content: |
+      #!/bin/sh
+      while :; do
+        printf 'Crabbox Wayland - Mod+Enter/D terminal - %s\n' "$(date '+%H:%M:%S')"
+        sleep 1
+      done
+  - path: /etc/systemd/system/crabbox-desktop.service
+    permissions: '0644'
+    content: |
+      [Unit]
+      Description=Crabbox Wayland desktop session
+      After=network.target
+
+      [Service]
+      User=crabbox
+      Environment=WLR_BACKENDS=headless
+      Environment=WLR_LIBINPUT_NO_DEVICES=1
+      Environment=WLR_RENDERER=pixman
+      ExecStart=/usr/local/bin/crabbox-start-wayland-desktop
+      Restart=always
+
+      [Install]
+      WantedBy=multi-user.target
+  - path: /usr/local/bin/crabbox-start-wayvnc
+    permissions: '0755'
+    content: |
+      #!/bin/sh
+      set -eu
+      runtime="${XDG_RUNTIME_DIR:-/tmp/crabbox-runtime-$(id -u)}"
+      export XDG_RUNTIME_DIR="$runtime"
+      for i in $(seq 1 60); do
+        for socket in "$XDG_RUNTIME_DIR"/wayland-*; do
+          [ -S "$socket" ] || continue
+          export WAYLAND_DISPLAY="${socket##*/}"
+          cat >/var/lib/crabbox/desktop.env <<EOF
+      CRABBOX_DESKTOP_ENV=wayland
+      XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR
+      WAYLAND_DISPLAY=$WAYLAND_DISPLAY
+      EOF
+          exec /usr/bin/wayvnc --config "$HOME/.config/wayvnc/config" --render-cursor --max-fps=30
+        done
+        sleep 1
+      done
+      echo "wayland socket not ready" >&2
+      exit 1
+  - path: /etc/systemd/system/crabbox-wayvnc.service
+    permissions: '0644'
+    content: |
+      [Unit]
+      Description=Crabbox loopback WayVNC server
+      After=crabbox-desktop.service
+      Requires=crabbox-desktop.service
+
+      [Service]
+      User=crabbox
+      ExecStart=/usr/local/bin/crabbox-start-wayvnc
+      Restart=always
+
+      [Install]
+      WantedBy=multi-user.target
+`
+}
+
 func cloudInitOptionalBootstrap(cfg Config) string {
 	var parts []string
 	if cfg.Tailscale.Enabled {
 		parts = append(parts, cloudInitTailscaleBootstrap(cfg))
 	}
-	if cfg.Desktop {
+	if cfg.Desktop && normalizedDesktopEnv(cfg.DesktopEnv) == desktopEnvWayland {
+		parts = append(parts, `    retry apt-get install -y --no-install-recommends sway wayvnc foot grim slurp wtype wl-clipboard dbus-user-session xwayland xdg-desktop-portal-wlr fonts-dejavu-core fonts-liberation iproute2 openssl procps
+    install -d -m 0750 -o crabbox -g crabbox /var/lib/crabbox
+    if [ ! -s /var/lib/crabbox/vnc.password ]; then
+      (umask 077 && openssl rand -base64 18 > /var/lib/crabbox/vnc.password)
+    fi
+    chown crabbox:crabbox /var/lib/crabbox/vnc.password
+    chmod 0600 /var/lib/crabbox/vnc.password
+    crabbox_uid="$(id -u crabbox)"
+    crabbox_runtime="/tmp/crabbox-runtime-$crabbox_uid"
+    install -d -m 0700 -o crabbox -g crabbox "$crabbox_runtime"
+    install -d -m 0700 -o crabbox -g crabbox /home/crabbox/.config/sway /home/crabbox/.config/wayvnc
+    cat >/home/crabbox/.config/sway/config <<'SWAY'
+    set $mod Mod4
+    set $term foot
+    set $menu foot --title='Crabbox Desktop'
+    output * resolution 1920x1080 position 0,0
+    default_border pixel 2
+    default_floating_border pixel 2
+    gaps inner 8
+    gaps outer 12
+    focus_follows_mouse no
+    client.focused #2dd4bf #1f2937 #f8fafc #2dd4bf #2dd4bf
+    client.unfocused #475569 #111827 #cbd5e1 #475569 #475569
+    bindsym $mod+Return exec $term
+    bindsym $mod+d exec $menu
+    bindsym $mod+Shift+c reload
+    bindsym $mod+Shift+q kill
+    for_window [app_id="foot"] floating enable, resize set width 900 px height 640 px, move position 48 px 72 px
+    for_window [app_id="google-chrome"] floating enable, resize set width 1500 px height 900 px, move position 360 px 96 px
+    for_window [app_id="chromium"] floating enable, resize set width 1500 px height 900 px, move position 360 px 96 px
+    exec foot --title='Crabbox Desktop'
+    bar {
+        position top
+        status_command /usr/local/bin/crabbox-sway-status
+        colors {
+            background #111827
+            statusline #e5e7eb
+            focused_workspace #2dd4bf #1f2937 #f8fafc
+            inactive_workspace #1f2937 #111827 #cbd5e1
+        }
+    }
+    SWAY
+    cat >/home/crabbox/.config/wayvnc/config <<'WAYVNC'
+    address=127.0.0.1
+    port=5900
+    enable_auth=false
+    xkb_layout=us
+    WAYVNC
+    cat >/var/lib/crabbox/desktop.env <<EOF
+    CRABBOX_DESKTOP_ENV=wayland
+    XDG_RUNTIME_DIR=$crabbox_runtime
+    WAYLAND_DISPLAY=wayland-1
+    EOF
+    chown -R crabbox:crabbox /home/crabbox/.config/sway /home/crabbox/.config/wayvnc /var/lib/crabbox/desktop.env
+    chmod 0644 /var/lib/crabbox/desktop.env
+    systemctl daemon-reload
+    systemctl enable --now crabbox-desktop.service crabbox-wayvnc.service`)
+	} else if cfg.Desktop {
 		parts = append(parts, `    retry apt-get install -y --no-install-recommends xvfb xfce4-session xfwm4 xfce4-panel xfdesktop4 xfce4-terminal xfconf xfce4-settings x11vnc xauth dbus-x11 x11-xserver-utils xterm scrot ffmpeg xdotool wmctrl xclip xsel fonts-dejavu-core fonts-liberation iproute2 openssl arc-theme
     install -d -m 0750 -o crabbox -g crabbox /var/lib/crabbox
     if [ ! -s /var/lib/crabbox/vnc.password ]; then
@@ -896,6 +1040,9 @@ func cloudInitOptionalBootstrap(cfg Config) string {
     x11vnc -storepasswd "$(cat /var/lib/crabbox/vnc.password)" /var/lib/crabbox/vnc.pass >/dev/null
     chown crabbox:crabbox /var/lib/crabbox/vnc.password /var/lib/crabbox/vnc.pass
     chmod 0600 /var/lib/crabbox/vnc.password /var/lib/crabbox/vnc.pass
+    printf 'CRABBOX_DESKTOP_ENV=xfce\nDISPLAY=:99\n' >/var/lib/crabbox/desktop.env
+    chown crabbox:crabbox /var/lib/crabbox/desktop.env
+    chmod 0644 /var/lib/crabbox/desktop.env
     CRABBOX_DESKTOP_USER=crabbox /usr/local/bin/crabbox-configure-desktop-theme
     systemctl daemon-reload
     systemctl enable --now crabbox-xvfb.service crabbox-desktop.service crabbox-desktop-session.service crabbox-x11vnc.service`)
@@ -930,7 +1077,11 @@ func cloudInitOptionalBootstrap(cfg Config) string {
       install -d -m 0755 /etc/opt/chrome/policies/managed /etc/chromium/policies/managed
       printf '%s\n' '{"DefaultBrowserSettingEnabled":false,"MetricsReportingEnabled":false,"PromotionalTabsEnabled":false}' > /etc/opt/chrome/policies/managed/crabbox.json
       cp /etc/opt/chrome/policies/managed/crabbox.json /etc/chromium/policies/managed/crabbox.json
-      printf '%s\n' '#!/bin/sh' "exec \"$browser_path\" --no-first-run --no-default-browser-check --disable-default-apps --window-size=1500,900 --window-position=80,80 \"\$@\"" > "$browser_wrapper"
+      if [ -f /var/lib/crabbox/desktop.env ] && grep -q '^CRABBOX_DESKTOP_ENV=wayland$' /var/lib/crabbox/desktop.env; then
+        printf '%s\n' '#!/bin/sh' 'if [ -f /var/lib/crabbox/desktop.env ]; then . /var/lib/crabbox/desktop.env; fi' 'export XDG_RUNTIME_DIR WAYLAND_DISPLAY' 'export MOZ_ENABLE_WAYLAND=1' "exec \"$browser_path\" --no-first-run --no-default-browser-check --disable-default-apps --hide-crash-restore-bubble --ozone-platform=wayland --window-size=1500,900 --window-position=80,80 \"\$@\"" > "$browser_wrapper"
+      else
+        printf '%s\n' '#!/bin/sh' "exec \"$browser_path\" --no-first-run --no-default-browser-check --disable-default-apps --hide-crash-restore-bubble --window-size=1500,900 --window-position=80,80 \"\$@\"" > "$browser_wrapper"
+      fi
       chmod 0755 "$browser_wrapper"
       printf 'CHROME_BIN=%s\nBROWSER=%s\n' "$browser_wrapper" "$browser_wrapper" > /var/lib/crabbox/browser.env
       chown crabbox:crabbox /var/lib/crabbox/browser.env
 
@@ -134,6 +134,55 @@ func TestCloudInitDesktopProfile(t *testing.T) {
 	}
 }
 
+func TestCloudInitWaylandDesktopProfile(t *testing.T) {
+	cfg := baseConfig()
+	cfg.Desktop = true
+	cfg.Browser = true
+	cfg.DesktopEnv = "wayland"
+	got := cloudInit(cfg, "ssh-ed25519 test")
+	for _, want := range []string{
+		"sway wayvnc foot grim slurp wtype wl-clipboard",
+		"xdg-desktop-portal-wlr",
+		"/usr/local/bin/crabbox-start-wayland-desktop",
+		"/etc/systemd/system/crabbox-wayvnc.service",
+		"CRABBOX_DESKTOP_ENV=wayland",
+		"WLR_BACKENDS=headless",
+		"WLR_RENDERER=pixman",
+		"exec dbus-run-session sway --unsupported-gpu",
+		"bindsym $mod+Return exec $term",
+		"bindsym $mod+d exec $menu",
+		"set $menu foot --title='Crabbox Desktop'",
+		"    for_window [app_id=\"google-chrome\"] floating enable",
+		"/usr/local/bin/crabbox-sway-status",
+		"status_command /usr/local/bin/crabbox-sway-status",
+		`for socket in "$XDG_RUNTIME_DIR"/wayland-*`,
+		`WAYLAND_DISPLAY="${socket##*/}"`,
+		"wayvnc --config \"$HOME/.config/wayvnc/config\" --render-cursor --max-fps=30",
+		"systemctl is-active --quiet crabbox-wayvnc.service",
+		"systemctl enable --now crabbox-desktop.service crabbox-wayvnc.service",
+		"--ozone-platform=wayland",
+	} {
+		if !strings.Contains(got, want) {
+			t.Fatalf("cloudInit(wayland desktop) missing %q", want)
+		}
+	}
+	for _, notWant := range []string{
+		"startxfce4",
+		"crabbox-x11vnc.service",
+		"x11vnc -storepasswd",
+		"crabbox-xvfb.service",
+		"XDG_RUNTIME_DIR=/tmp/crabbox-runtime-1000",
+		"\nset $mod",
+		"\nSWAY",
+		"\nCRABBOX_DESKTOP_ENV=wayland",
+		"\nEOF",
+	} {
+		if strings.Contains(got, notWant) {
+			t.Fatalf("cloudInit(wayland desktop) contains %q", notWant)
+		}
+	}
+}
+
 func TestCloudInitBrowserWrapper(t *testing.T) {
 	cfg := baseConfig()
 	cfg.Browser = true
@@ -148,12 +197,12 @@ func TestCloudInitBrowserWrapper(t *testing.T) {
 		"apt-cache show chromium-browser",
 		"/etc/opt/chrome/policies/managed/crabbox.json",
 		"/usr/local/bin/crabbox-browser",
-		`--no-first-run --no-default-browser-check --disable-default-apps --window-size=1500,900 --window-position=80,80`,
+		`--no-first-run --no-default-browser-check --disable-default-apps --hide-crash-restore-bubble --window-size=1500,900 --window-position=80,80`,
 		"/var/lib/crabbox/browser.env",
 		"test -x \"$BROWSER\"",
 		"\"$BROWSER\" --version >/dev/null",
 		"printf '%s\\n' '{\"DefaultBrowserSettingEnabled\":false,\"MetricsReportingEnabled\":false,\"PromotionalTabsEnabled\":false}' > /etc/opt/chrome/policies/managed/crabbox.json",
-		"printf '%s\\n' '#!/bin/sh' \"exec \\\"$browser_path\\\" --no-first-run --no-default-browser-check --disable-default-apps --window-size=1500,900 --window-position=80,80 \\\"\\$@\\\"\" > \"$browser_wrapper\"",
+		"printf '%s\\n' '#!/bin/sh' \"exec \\\"$browser_path\\\" --no-first-run --no-default-browser-check --disable-default-apps --hide-crash-restore-bubble --window-size=1500,900 --window-position=80,80 \\\"\\$@\\\"\" > \"$browser_wrapper\"",
 	} {
 		if !strings.Contains(got, want) {
 			t.Fatalf("cloudInit(browser) missing %q", want)