Support Nginx-authenticated OpenClaw and fix workflow retry start context

2026-02-27 11:42:50 -05:00
parent 7c3836068f
commit 73d9ccafd6
4 changed files with 114 additions and 12 deletions
--- a/README.md
+++ b/README.md
@@ -88,6 +88,12 @@ BETTER_AUTH_TRUSTED_ORIGINS=https://fiscal.b11studio.xyz
 OPENCLAW_BASE_URL=http://localhost:4000
 OPENCLAW_API_KEY=your_key
 OPENCLAW_MODEL=zeroclaw
+OPENCLAW_AUTH_MODE=bearer
+# for OPENCLAW_AUTH_MODE=basic
+# OPENCLAW_BASIC_AUTH_USERNAME=your_nginx_user
+# OPENCLAW_BASIC_AUTH_PASSWORD=your_nginx_password
+# optional: forward API key in a custom header when using basic/none auth
+# OPENCLAW_API_KEY_HEADER=X-OpenClaw-API-Key
 SEC_USER_AGENT=Fiscal Clone <support@fiscal.local>

 WORKFLOW_TARGET_WORLD=local
@@ -95,7 +101,19 @@ WORKFLOW_LOCAL_DATA_DIR=.workflow-data
 WORKFLOW_LOCAL_QUEUE_CONCURRENCY=100
 ```

-If OpenClaw is unset, the app uses local fallback analysis so task workflows still run.
+If OpenClaw is unset or invalidly configured, the app uses local fallback analysis so task workflows still run.
+
+For OpenClaw behind Nginx Basic Auth, use:
+
+```env
+OPENCLAW_BASE_URL=https://your-nginx-host
+OPENCLAW_AUTH_MODE=basic
+OPENCLAW_BASIC_AUTH_USERNAME=your_nginx_user
+OPENCLAW_BASIC_AUTH_PASSWORD=your_nginx_password
+# optional if upstream still needs an API key in a non-Authorization header
+OPENCLAW_API_KEY=your_key
+OPENCLAW_API_KEY_HEADER=X-OpenClaw-API-Key
+```

 ## API surface