Kody reveiw fixes (#341)

* Kody reveiw fixes

* Update fix

* More flexible gateway enclave stuff for older macbooks

* Further hardening

Author: OisinKyne

internal/inference/gateway.go

@@ -188,19 +188,19 @@ func (g *Gateway) buildHandler(upstreamURL string) (http.Handler, error) {
 			g.config.TEEType, seKey.Tag(), seKey.PublicKeyBytes()[:8])
 
 	case g.config.EnclaveTag != "":
-		// macOS Secure Enclave path (existing).
+		// macOS Secure Enclave path.  If the hardware isn't available (older
+		// Intel Macs without T2, or SIP is disabled), fall back to running
+		// without transit encryption rather than failing the entire gateway.
+		// The x402 payment gate still protects the endpoint.
 		if err := enclave.CheckSIP(); err != nil {
-			return nil, fmt.Errorf("enclave SIP check failed: %w", err)
+			log.Printf("  enclave:   unavailable (SIP check: %v) — continuing without transit encryption", err)
+		} else if em, err = newEnclaveMiddleware(g.config.EnclaveTag); err != nil {
+			log.Printf("  enclave:   unavailable (%v) — continuing without transit encryption", err)
+		} else {
+			g.seKey = em.key
+			log.Printf("  enclave:   tag=%q persistent=%v pubkey=%x...",
+				em.key.Tag(), em.key.Persistent(), em.key.PublicKeyBytes()[:8])
 		}
-
-		em, err = newEnclaveMiddleware(g.config.EnclaveTag)
-		if err != nil {
-			return nil, fmt.Errorf("enclave middleware: %w", err)
-		}
-
-		g.seKey = em.key
-		log.Printf("  enclave:   tag=%q persistent=%v pubkey=%x...",
-			em.key.Tag(), em.key.Persistent(), em.key.PublicKeyBytes()[:8])
 	}
 
 	// protect wraps a handler with the payment gate and (when enabled) the SE

internal/inference/store.go

@@ -7,6 +7,7 @@ import (
 	"os"
 	"path/filepath"
 	"regexp"
+	"runtime"
 	"time"
 
 	x402verifier "github.com/ObolNetwork/obol-stack/internal/x402"
@@ -162,7 +163,11 @@ func (s *Store) Create(d *Deployment, force bool) error {
 	}
 
 	// Apply defaults.
-	if d.EnclaveTag == "" {
+	// Auto-assign an enclave tag only on macOS where the Secure Enclave is
+	// available. On Linux, the gateway runs without transit encryption unless
+	// an explicit --tee flag is provided. The payment gate still protects the
+	// endpoint; encryption is an additional layer, not a requirement.
+	if d.EnclaveTag == "" && runtime.GOOS == "darwin" {
 		d.EnclaveTag = "com.obol.inference." + d.Name
 	}
 

internal/inference/store_test.go

@@ -3,6 +3,7 @@ package inference_test
 import (
 	"errors"
 	"os"
+	"runtime"
 	"testing"
 
 	"github.com/ObolNetwork/obol-stack/internal/inference"
@@ -21,9 +22,17 @@ func TestStoreCreateAndGet(t *testing.T) {
 		t.Fatalf("Create: %v", err)
 	}
 
-	// Defaults should be applied.
-	if d.EnclaveTag == "" {
-		t.Error("EnclaveTag should have been set by Create")
+	// EnclaveTag is auto-assigned only on macOS (Secure Enclave).
+	// On Linux the field stays empty so the gateway runs without the
+	// enclave middleware (payment gating still works).
+	if runtime.GOOS == "darwin" {
+		if d.EnclaveTag == "" {
+			t.Error("EnclaveTag should have been set by Create on macOS")
+		}
+	} else {
+		if d.EnclaveTag != "" {
+			t.Errorf("EnclaveTag should be empty on %s, got %q", runtime.GOOS, d.EnclaveTag)
+		}
 	}
 
 	if d.Chain == "" {
@@ -50,8 +59,14 @@ func TestStoreCreateAndGet(t *testing.T) {
 		t.Errorf("WalletAddress mismatch: %s", got.WalletAddress)
 	}
 
-	if got.EnclaveTag != "com.obol.inference.test-deploy" {
-		t.Errorf("unexpected EnclaveTag: %s", got.EnclaveTag)
+	if runtime.GOOS == "darwin" {
+		if got.EnclaveTag != "com.obol.inference.test-deploy" {
+			t.Errorf("unexpected EnclaveTag: %s", got.EnclaveTag)
+		}
+	} else {
+		if got.EnclaveTag != "" {
+			t.Errorf("EnclaveTag should be empty on %s, got %q", runtime.GOOS, got.EnclaveTag)
+		}
 	}
 	if got.Chain != "base" {
 		t.Errorf("persisted Chain = %q, want %q", got.Chain, "base")

internal/openclaw/openclaw.go

@@ -615,6 +615,7 @@ func copyWorkspaceToVolume(cfg *config.Config, id, workspaceDir string, u *ui.UI
 	u.Blank()
 	u.Infof("Importing workspace from %s...", workspaceDir)
 
+	ensureVolumeWritable(cfg, targetDir, u)
 	if err := os.MkdirAll(targetDir, 0o755); err != nil {
 		u.Warnf("could not create workspace directory: %v", err)
 		return
@@ -706,6 +707,7 @@ func injectSkillsToVolume(cfg *config.Config, id string, deploymentDir string, u
 	}
 
 	targetDir := skillsVolumePath(cfg, id)
+	ensureVolumeWritable(cfg, targetDir, u)
 	if err := os.MkdirAll(targetDir, 0o755); err != nil {
 		u.Warnf("could not create skills volume directory: %v", err)
 		return
@@ -732,54 +734,93 @@ func injectSkillsToVolume(cfg *config.Config, id string, deploymentDir string, u
 	fixVolumeOwnership(cfg, targetDir, u)
 }
 
+// k3dNodeExec runs a shell command inside the k3d node container, translating
+// the host-side path to the in-node path (/data/…).  Returns an error when
+// the command fails or the path is outside the data directory.  This is the
+// shared core for fixVolumeOwnership and ensureVolumeWritable.
+func k3dNodeExec(cfg *config.Config, hostPath, shellCmd string) error {
+	stackID := ""
+	if data, err := os.ReadFile(filepath.Join(cfg.ConfigDir, ".stack-id")); err == nil {
+		stackID = strings.TrimSpace(string(data))
+	}
+	if stackID == "" {
+		return fmt.Errorf("stack ID not found")
+	}
+
+	container := fmt.Sprintf("k3d-obol-stack-%s-server-0", stackID)
+
+	// Convert host path to the in-node path.  k3d mounts $DATA_DIR → /data.
+	relPath, err := filepath.Rel(cfg.DataDir, hostPath)
+	if err != nil {
+		return fmt.Errorf("cannot compute relative path from %s to %s: %w", cfg.DataDir, hostPath, err)
+	}
+	if strings.HasPrefix(relPath, "..") {
+		return fmt.Errorf("path %s is not under DataDir %s", hostPath, cfg.DataDir)
+	}
+	nodePath := filepath.Join("/data", relPath)
+
+	// Replace the placeholder with the shell-quoted node path.
+	quoted := "'" + strings.ReplaceAll(nodePath, "'", "'\"'\"'") + "'"
+	expanded := strings.ReplaceAll(shellCmd, "{}", quoted)
+
+	cmd := exec.Command("docker", "exec", container, "sh", "-c", expanded)
+	return cmd.Run()
+}
+
 // fixVolumeOwnership normalises file ownership on a host-side PVC path so the
-// container (UID 1000 / node) can read and write. On k3d the host path is
+// container (UID 1000 / node) can read and write.  On k3d the host path is
 // inside a Docker container (the k3d node), so we exec into it as root and
-// chown recursively. On k3s the host IS the node, so we attempt a direct
+// chown recursively.  On k3s the host IS the node, so we attempt a direct
 // chown (works when the CLI runs as root, harmless no-op otherwise).
 //
 // The optional ui parameter enables user-visible warnings when chown fails.
 // Pass nil when no UI context is available (e.g. GenerateWallet).
 func fixVolumeOwnership(cfg *config.Config, hostPath string, u *ui.UI) {
-	// Determine backend (default: k3d for backward compat).
 	backendName := "k3d"
 	if data, err := os.ReadFile(filepath.Join(cfg.ConfigDir, ".stack-backend")); err == nil {
 		backendName = strings.TrimSpace(string(data))
 	}
 
 	switch backendName {
 	case "k3d":
-		stackID := ""
-		if data, err := os.ReadFile(filepath.Join(cfg.ConfigDir, ".stack-id")); err == nil {
-			stackID = strings.TrimSpace(string(data))
-		}
-		if stackID == "" {
-			return
-		}
-		container := fmt.Sprintf("k3d-obol-stack-%s-server-0", stackID)
-
-		// Convert host path to the in-node path. k3d mounts $DATA_DIR → /data.
-		relPath, err := filepath.Rel(cfg.DataDir, hostPath)
-		if err != nil {
-			u.Warnf("fixVolumeOwnership: cannot compute relative path from %s to %s: %v", cfg.DataDir, hostPath, err)
-			return
-		}
-		if strings.HasPrefix(relPath, "..") {
-			u.Warnf("fixVolumeOwnership: path %s is not under DataDir %s, skipping", hostPath, cfg.DataDir)
-			return
-		}
-		nodePath := filepath.Join("/data", relPath)
-
-		cmd := exec.Command("docker", "exec", container,
-			"chown", "-R", "1000:1000", nodePath)
-		if err := cmd.Run(); err != nil {
-			u.Warnf("Failed to fix volume ownership for %s: %v", nodePath, err)
+		if err := k3dNodeExec(cfg, hostPath, "chown -R 1000:1000 {}"); err != nil {
+			if u != nil {
+				u.Warnf("Failed to fix volume ownership for %s: %v", hostPath, err)
+			}
 		}
 	default:
 		// k3s — direct host, try chown (succeeds if root).
 		cmd := exec.Command("chown", "-R", "1000:1000", hostPath)
 		if err := cmd.Run(); err != nil {
-			u.Warnf("Failed to fix volume ownership for %s: %v (expected if not root)", hostPath, err)
+			if u != nil {
+				u.Warnf("Failed to fix volume ownership for %s: %v (expected if not root)", hostPath, err)
+			}
+		}
+	}
+}
+
+// ensureVolumeWritable pre-creates a host-side PVC directory and chowns it to
+// the current (host) user so subsequent host-side writes succeed.  On k3d, the
+// local-path-provisioner creates directories as root inside the node container,
+// making them root-owned on the host.  Best-effort: failures are logged but do
+// not block provisioning.
+func ensureVolumeWritable(cfg *config.Config, hostPath string, u *ui.UI) {
+	backendName := "k3d"
+	if data, err := os.ReadFile(filepath.Join(cfg.ConfigDir, ".stack-backend")); err == nil {
+		backendName = strings.TrimSpace(string(data))
+	}
+
+	if backendName != "k3d" {
+		return
+	}
+
+	uid := os.Getuid()
+	gid := os.Getgid()
+	shellCmd := fmt.Sprintf("mkdir -p {} && chown -R %d:%d {}", uid, gid)
+
+	if err := k3dNodeExec(cfg, hostPath, shellCmd); err != nil {
+		if u != nil {
+			u.Warnf("Could not pre-create volume directory %s: %v", hostPath, err)
 		}
 	}
 }
@@ -1421,6 +1462,7 @@ func SkillsSync(cfg *config.Config, id, skillsDir string, u *ui.UI) error {
 
 	u.Infof("Syncing skills from %s to volume...", skillsDir)
 
+	ensureVolumeWritable(cfg, targetDir, u)
 	if err := os.MkdirAll(targetDir, 0o755); err != nil {
 		return fmt.Errorf("failed to create skills volume directory: %w", err)
 	}

internal/openclaw/wallet.go

@@ -341,6 +341,12 @@ func KeystoreVolumePath(cfg *config.Config, id string) string {
 // written keystore file.
 func provisionKeystoreToVolume(cfg *config.Config, id, keystoreID string, keystoreJSON []byte, u *ui.UI) (string, error) {
 	dir := KeystoreVolumePath(cfg, id)
+
+	// On k3d, the local-path-provisioner inside the container may have already
+	// created parent directories as root, making them root-owned on the host.
+	// Pre-create and chown inside the k3d node so the host-side CLI can write.
+	ensureVolumeWritable(cfg, dir, u)
+
 	if err := os.MkdirAll(dir, 0o700); err != nil {
 		return "", fmt.Errorf("create keystore directory: %w", err)
 	}
@@ -352,6 +358,7 @@ func provisionKeystoreToVolume(cfg *config.Config, id, keystoreID string, keysto
 		return "", fmt.Errorf("write keystore: %w", err)
 	}
 
+	// Re-chown to UID 1000 so the remote-signer pod can read the keystore.
 	fixVolumeOwnership(cfg, dir, u)
 	return path, nil
 }
@@ -368,6 +375,11 @@ keystorePassword:
 persistence:
   enabled: true
   size: 100Mi
+
+# Ensure the pod's volumes are group-owned by GID 1000 so the remote-signer
+# process (UID 1000) can read and write the keystore PVC.
+podSecurityContext:
+  fsGroup: 1000
 `, wallet.Password)
 }
 

internal/openclaw/wallet_backup.go

@@ -213,6 +213,7 @@ func RestoreWalletCmd(cfg *config.Config, id string, opts RestoreWalletOptions,
 
 	// Write keystore file.
 	keystoreDir := KeystoreVolumePath(cfg, id)
+	ensureVolumeWritable(cfg, keystoreDir, u)
 	if err := os.MkdirAll(keystoreDir, 0o700); err != nil {
 		return fmt.Errorf("failed to create keystore directory: %w", err)
 	}
@@ -381,17 +382,7 @@ func readKeystorePassword(deployDir string) (string, error) {
 
 // writeKeystorePassword writes the remote-signer values YAML with the given password.
 func writeKeystorePassword(deployDir, password string) error {
-	content := fmt.Sprintf(`# Remote-signer configuration
-# Managed by obol openclaw — do not edit manually.
-
-keystorePassword:
-  value: %q
-
-persistence:
-  enabled: true
-  size: 100Mi
-`, password)
-
+	content := generateRemoteSignerValues(&WalletInfo{Password: password})
 	return os.WriteFile(filepath.Join(deployDir, "values-remote-signer.yaml"), []byte(content), 0o600)
 }
 

internal/openclaw/wallet_test.go

@@ -300,6 +300,14 @@ func TestGenerateRemoteSignerValues(t *testing.T) {
 	if !strings.Contains(values, "persistence:") {
 		t.Error("values should contain persistence section")
 	}
+
+	if !strings.Contains(values, "podSecurityContext:") {
+		t.Error("values should contain podSecurityContext section")
+	}
+
+	if !strings.Contains(values, "fsGroup: 1000") {
+		t.Error("values should set fsGroup to 1000 for remote-signer PVC write access")
+	}
 }
 
 func TestWalletMetadataRoundTrip(t *testing.T) {