[Fix] Keep node systemd tokens out of unit files

[clawsweeper]

Makes #84408 merge-ready for the ClawSweeper automerge loop.
The edit pass should inspect the live PR diff, review comments, and failing checks; rebase if needed; keep the contributor branch credited; and stop only when validation is green or an external blocker is proven.

ClawSweeper 🐠 replacement reef notes:

• Cluster: automerge-openclaw-openclaw-84408
• Source PRs: [Fix] Keep node systemd tokens out of unit files #84408
• Credit: Source PR: [Fix] Keep node systemd tokens out of unit files #84408
• Validation: pnpm check:changed
• Replacement reason: ClawSweeper could not update the source PR branch directly, so it opened a writable replacement PR instead.
• Automerge requested by: @Takhoffman

• Repair fallback: GitHub rejected the repair branch push because it updates workflow files and the ClawSweeper app token does not have workflows permission

Inherited issue-closing references from the source PR:
Closes #78043

Co-author credit kept:

• @samzong: Co-authored-by: samzong 13782141+samzong@users.noreply.github.com

fish notes: model gpt-5.5, reasoning high; reviewed against f626b66.

[clawsweeper]

Codex review: passed.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
This replacement PR marks the Linux node daemon gateway token as file-backed, writes it to node.systemd.env, sanitizes and migrates systemd env artifacts, adds regression tests, and updates the changelog.

Reproducibility: yes. from source inspection: current main copies OPENCLAW_GATEWAY_TOKEN into the node service environment and does not mark it as file-backed before systemd rendering. I did not run a local live systemd install during this read-only review.

PR rating
Overall: 🐚 platinum hermit
Proof: 🦞 diamond lobster
Patch quality: 🐚 platinum hermit
Summary: Strong real behavior proof and focused regression coverage make this a good, likely mergeable security fix with normal residual upgrade risk.

Rank-up moves:

• none

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

Real behavior proof
Sufficient (live_output): The source PR body includes copied live output from a Debian 12 user-systemd environment showing the after-fix token placement, file mode, migration, and uninstall cleanup behavior.

Risk before merge

• This changes Linux user-systemd node service artifact layout, migration, backup, and uninstall behavior; a missed upgrade path could affect operator-provided env-file values or leave stale credential material.
• The patch intentionally changes credential persistence for node services, so maintainers should keep merge gated to the reviewed head and the supplied user-systemd proof.

Maintainer options:

1. Land with reviewed-head proof (recommended)
   If merge gates remain green on f626b66c09d0, maintainers can accept the residual systemd-upgrade risk because the patch and live proof cover token placement, migration, backup scrubbing, and uninstall cleanup.
2. Ask for one broader Linux upgrade proof
   If maintainers want more confidence, request one additional non-container or package-upgrade Linux user-systemd smoke before merge.

Next step before merge
No repair job is needed because the review found no discrete actionable patch defect; the existing automerge path can gate on exact-head checks and mergeability.

Security
Cleared: No new supply-chain or permission broadening was found; the security-sensitive change reduces token exposure by moving node gateway credentials out of generated unit files into an owner-only env file.

Review details

Best possible solution:

Land this replacement PR after exact-head merge gates, then let the linked credential-disclosure issue close from the merged fix.

Do we have a high-confidence way to reproduce the issue?

Yes from source inspection: current main copies OPENCLAW_GATEWAY_TOKEN into the node service environment and does not mark it as file-backed before systemd rendering. I did not run a local live systemd install during this read-only review.

Is this the best way to solve the issue?

Yes; carrying value-source metadata from the node install plan into the systemd writer and using a node-specific owner-only EnvironmentFile is the narrowest maintainable fix while preserving operator entries.

Label justifications:

• P1: The PR fixes a credential exposure in the Linux node daemon install path that can affect real gateway operator auth secrets.
• merge-risk: 🚨 compatibility: The patch changes Linux node service env-file layout, migration, backup, and uninstall behavior for existing systemd installs.
• merge-risk: 🚨 security-boundary: The patch directly changes where gateway bearer credentials are persisted and how stale token material is scrubbed from service artifacts.
• rating: 🐚 platinum hermit: Current PR rating is 🐚 platinum hermit because proof is 🦞 diamond lobster, patch quality is 🐚 platinum hermit, and Strong real behavior proof and focused regression coverage make this a good, likely mergeable security fix with normal residual upgrade risk.
• status: 🚀 automerge armed: This PR is in ClawSweeper's automerge lane. Sufficient (live_output): The source PR body includes copied live output from a Debian 12 user-systemd environment showing the after-fix token placement, file mode, migration, and uninstall cleanup behavior.
• proof: sufficient: Contributor real behavior proof is sufficient. The source PR body includes copied live output from a Debian 12 user-systemd environment showing the after-fix token placement, file mode, migration, and uninstall cleanup behavior.

What I checked:

• Current-main bug path: node env carries token: Current main still builds the node service environment from OPENCLAW_GATEWAY_TOKEN, so the value enters the install environment before systemd rendering. (src/daemon/service-env.ts:443, 9ec9fbf58d86)
• Current-main bug path: node install drops value-source metadata: Current main destructures only programArguments, workingDirectory, environment, and description, then passes environment to service.install() without environmentValueSources. (src/cli/node-cli/daemon.ts:139, 9ec9fbf58d86)
• Current-main bug path: systemd renders remaining environment inline: Current main removes only env-file-backed keys from environmentSansDotEnvEntries; the node token is not marked file-backed, so it remains eligible for inline Environment= rendering. (src/daemon/systemd.ts:625, 9ec9fbf58d86)
• PR fix: node plan marks token as file-backed: The PR head adds environmentValueSources to the node install plan and returns OPENCLAW_GATEWAY_TOKEN: "file". (src/commands/node-daemon-install-helpers.ts:21, f626b66c09d0)
• PR fix: systemd writes node file-backed values to a node env file: The PR head collects file-managed keys, writes file-backed values through the systemd EnvironmentFile path, and resolves node services to node.systemd.env. (src/daemon/systemd.ts:696, f626b66c09d0)
• PR fix: uninstall scrubs only the managed node token: The PR head removes OPENCLAW_GATEWAY_TOKEN from the node env file during uninstall while preserving operator-provided entries. (src/daemon/systemd.ts:856, f626b66c09d0)

Likely related people:

• @steipete: git log -S buildNodeServiceEnvironment points to the node daemon feature commit that added the node install path, helper, service env, and systemd integration touched by this PR. (role: introduced node daemon; confidence: high; commits: ae0b4c49903d; files: src/cli/node-cli/daemon.ts, src/commands/node-daemon-install-helpers.ts, src/daemon/service-env.ts)
• Mark L: git log -S 'OPENCLAW_GATEWAY_TOKEN: gatewayToken' points to the commit that persisted the gateway token in the node service environment, which made this systemd placement issue possible. (role: introduced token persistence behavior; confidence: high; commits: f1354869bd73; files: src/daemon/service-env.ts, src/daemon/service-env.test.ts)
• @tmimmanuel: git log -S writeSystemdGatewayEnvironmentFile points to prior work that introduced systemd env-file secret handling and the environmentValueSources contract this PR extends for node services. (role: adjacent systemd secret-handling contributor; confidence: high; commits: a2ab9e6a8e4c; files: src/daemon/systemd.ts, src/daemon/systemd-unit.ts, src/daemon/systemd.test.ts)
• Neerav Makwana: Current-line blame for the implicated node service and systemd files resolves to a recent broad commit that carried the current behavior forward on main. (role: recent current-main line provenance; confidence: low; commits: 950e5c8c5037; files: src/daemon/service-env.ts, src/daemon/systemd.ts, src/cli/node-cli/daemon.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against 9ec9fbf58d86.

[clawsweeper]

🦞✅
ClawSweeper merged this PR after the passing review.

Source: clawsweeper[bot]
Feedback: structured ClawSweeper verdict: pass (sha=f626b66c09d04c3521e98b47a3005c0cdd790c9b)
Merge status: merged by ClawSweeper automerge
Merged at: 2026-05-21T06:48:16Z
Merge commit: e42726204490

What merged:

• This replacement PR marks the Linux node daemon gateway token as file-backed, writes it to node.systemd.env, sanitizes and migrates systemd env artifacts, adds regression tests, and updates the changelog.
• Reproducibility: yes. from source inspection: current main copies OPENCLAW_GATEWAY_TOKEN into the node s ... e-backed before systemd rendering. I did not run a local live systemd install during this read-only review.

Automerge notes:

• PR branch already contained follow-up commit before automerge: fix(systemd): scrub single-quoted env tokens
• PR branch already contained follow-up commit before automerge: [Fix] Keep node systemd tokens out of unit files

The automerge loop is complete.

Automerge progress:

• 2026-05-21 06:41:04 UTC review queued f626b66c09d0 (queued)

• 2026-05-21 06:47:59 UTC review passed f626b66c09d0 (structured ClawSweeper verdict: pass (sha=f626b66c09d04c3521e98b47a3005c0cdd790...)

• 2026-05-21 05:26:46 UTC repair queued f626b66c09d0 (autonomous) Run: https://github.com/openclaw/clawsweeper/actions/runs/26207289023

• 2026-05-21 05:31:19 UTC repair started (running) in 0s Run: https://github.com/openclaw/clawsweeper/actions/runs/26207289023 automerge-openclaw-openclaw-84408

• 2026-05-21 05:31:23 UTC repair completed f626b66c09d0 (no branch change) in 5s Run: https://github.com/openclaw/clawsweeper/actions/runs/26207289023 no planned fix actions

• 2026-05-21 05:31:23 UTC merge check queued f626b66c09d0 (checks and exact-head review are ready)

• 2026-05-21 06:48:20 UTC merged f626b66c09d0 (merged by ClawSweeper automerge)

[clawsweeper]

ClawSweeper PR egg

✨ Hatched: 🥚 common Neon Review Wisp

Hatch command

Comment @clawsweeper hatch when this PR is hatchable.

Hatchability rules:

• Merged PRs are hatchable.
• Open PRs are hatchable when they are status: 👀 ready for maintainer look, status: 🚀 automerge armed, or labeled clawsweeper:automerge.
• Closed unmerged PRs are hatchable only when one of those hatchable labels is still present in the durable record.

Rarity: 🥚 common.
Trait: polishes edge cases.
Image traits: location green-check meadow; accessory commit compass; palette plum, gold, and soft gray; mood celebratory; pose standing beside its cracked shell; shell translucent glimmer shell; lighting gentle morning glow; background delicate sparkle particles.
Share on X: post this hatch
Copy: My PR egg hatched a 🥚 common Neon Review Wisp in ClawSweeper.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• Hatchability usually comes from sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness. A merged PR is already final, so merge makes the egg hatchable independently.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.