feat(ui): expand control dashboard
This commit is contained in:
@@ -12,24 +12,48 @@ The Control UI is a small **Vite + Lit** single-page app served by the Gateway u
|
||||
|
||||
It speaks **directly to the Gateway WebSocket** on the same port.
|
||||
|
||||
Auth is supplied during the WebSocket handshake via:
|
||||
- `connect.params.auth.token`
|
||||
- `connect.params.auth.password` (optional `username` for system/PAM)
|
||||
The dashboard settings panel lets you store a token and optional username; passwords are not persisted.
|
||||
|
||||
## What it can do (today)
|
||||
- Chat with the model via Gateway WS (`chat.history`, `chat.send`, `chat.abort`)
|
||||
- List nodes via Gateway WS (`node.list`)
|
||||
- View/edit `~/.clawdis/clawdis.json` via Gateway WS (`config.get`, `config.set`)
|
||||
- Connections: WhatsApp/Telegram status + QR login + Telegram config (`providers.status`, `web.login.*`, `config.set`)
|
||||
- Instances: presence list + refresh (`system-presence`)
|
||||
- Sessions: list + per-session thinking/verbose overrides (`sessions.list`, `sessions.patch`)
|
||||
- Cron jobs: list/add/run/enable/disable + run history (`cron.*`)
|
||||
- Skills: status, enable/disable, install, API key updates (`skills.*`)
|
||||
- Nodes: list + caps (`node.list`)
|
||||
- Config: view/edit `~/.clawdis/clawdis.json` (`config.get`, `config.set`)
|
||||
- Debug: status/health/models snapshots + event log + manual RPC calls (`status`, `health`, `models.list`)
|
||||
|
||||
## Tailnet access (recommended)
|
||||
|
||||
Expose the Gateway on your Tailscale interface and require a token:
|
||||
### Integrated Tailscale Serve (preferred)
|
||||
|
||||
Keep the Gateway on loopback and let Tailscale Serve proxy it with HTTPS:
|
||||
|
||||
```bash
|
||||
clawdis gateway --tailscale serve
|
||||
```
|
||||
|
||||
Open:
|
||||
- `https://<magicdns>/ui/`
|
||||
|
||||
By default, the gateway trusts Tailscale identity headers in serve mode. You can still set
|
||||
`CLAWDIS_GATEWAY_TOKEN` or `gateway.auth` if you want a shared secret instead.
|
||||
|
||||
### Bind to tailnet + token (legacy)
|
||||
|
||||
```bash
|
||||
clawdis gateway --bind tailnet --token "$(openssl rand -hex 32)"
|
||||
```
|
||||
|
||||
Then open:
|
||||
|
||||
- `http://<tailscale-ip>:18789/ui/`
|
||||
|
||||
Paste the token into the UI settings (it’s sent as `connect.params.auth.token`).
|
||||
Paste the token into the UI settings (sent as `connect.params.auth.token`).
|
||||
|
||||
## Building the UI
|
||||
|
||||
|
||||
51
docs/web.md
51
docs/web.md
@@ -12,8 +12,14 @@ The Gateway serves a small **browser Control UI** (Vite + Lit) from the same por
|
||||
|
||||
The UI talks directly to the Gateway WS and supports:
|
||||
- Chat (`chat.history`, `chat.send`, `chat.abort`)
|
||||
- Connections (provider status, WhatsApp QR, Telegram config)
|
||||
- Instances (`system-presence`)
|
||||
- Sessions (`sessions.list`, `sessions.patch`)
|
||||
- Cron (`cron.*`)
|
||||
- Skills (`skills.status`, `skills.update`, `skills.install`)
|
||||
- Nodes (`node.list`, `node.describe`, `node.invoke`)
|
||||
- Config (`config.get`, `config.set`) for `~/.clawdis/clawdis.json`
|
||||
- Debug (status/health/models snapshots + manual calls)
|
||||
|
||||
## Config (default-on)
|
||||
|
||||
@@ -28,11 +34,31 @@ You can control it via config:
|
||||
}
|
||||
```
|
||||
|
||||
## Tailnet access
|
||||
## Tailscale access
|
||||
|
||||
To access the UI across Tailscale, bind the Gateway to the Tailnet interface and require a token.
|
||||
### Integrated Serve (recommended)
|
||||
|
||||
### Via config (recommended)
|
||||
Keep the Gateway on loopback and let Tailscale Serve proxy it:
|
||||
|
||||
```json5
|
||||
{
|
||||
gateway: {
|
||||
bind: "loopback",
|
||||
tailscale: { mode: "serve" }
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
Then start the gateway:
|
||||
|
||||
```bash
|
||||
clawdis gateway
|
||||
```
|
||||
|
||||
Open:
|
||||
- `https://<magicdns>/ui/`
|
||||
|
||||
### Tailnet bind + token (legacy)
|
||||
|
||||
```json5
|
||||
{
|
||||
@@ -53,16 +79,24 @@ clawdis gateway
|
||||
Open:
|
||||
- `http://<tailscale-ip>:18789/ui/`
|
||||
|
||||
### Via CLI (one-off)
|
||||
### Public internet (Funnel)
|
||||
|
||||
```bash
|
||||
clawdis gateway --bind tailnet --token "…your token…"
|
||||
```json5
|
||||
{
|
||||
gateway: {
|
||||
bind: "loopback",
|
||||
tailscale: { mode: "funnel" },
|
||||
auth: { mode: "system" } // or "password" with CLAWDIS_GATEWAY_PASSWORD
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## Security notes
|
||||
|
||||
- Binding the Gateway to a non-loopback address **requires** `CLAWDIS_GATEWAY_TOKEN`.
|
||||
- The token is sent as `connect.params.auth.token` by the UI and other clients.
|
||||
- Binding the Gateway to a non-loopback address **requires** auth (`CLAWDIS_GATEWAY_TOKEN` or `gateway.auth`).
|
||||
- `gateway.auth.mode: "system"` uses PAM to verify your OS password.
|
||||
- The UI sends `connect.params.auth.token` or `connect.params.auth.password`.
|
||||
- Use `gateway.auth.allowTailscale: false` to require explicit credentials even in Serve mode.
|
||||
|
||||
## Building the UI
|
||||
|
||||
@@ -72,4 +106,3 @@ The Gateway serves static files from `dist/control-ui`. Build them with:
|
||||
pnpm ui:install
|
||||
pnpm ui:build
|
||||
```
|
||||
|
||||
|
||||
Reference in New Issue
Block a user