chore: remove local mode (sql.js, MANIFEST_MODE, manifest plugin)#1539
Merged
brunobuddy merged 2 commits intomainfrom Apr 13, 2026
Merged
chore: remove local mode (sql.js, MANIFEST_MODE, manifest plugin)#1539brunobuddy merged 2 commits intomainfrom
brunobuddy merged 2 commits intomainfrom
Conversation
Remove Manifest's local mode and the `manifest` OpenClaw plugin. Manifest now runs exclusively on PostgreSQL with Better Auth, shipped either via the Docker image (manifestdotbuild/manifest) or the hosted cloud version. The self-contained `manifest` npm package — embedded Nest server, SQLite via sql.js, loopback-trust auth — is deprecated and removed from the repository. Docker hardening bundled in: - NODE_ENV=production by default (activates trust proxy, sanitizes upstream errors, hides Dev badge, enforces verification when Mailgun is configured) - New AUTO_MIGRATE=true env var replaces NODE_ENV=development as the migration-on-boot trigger - docker-compose.yml: fail-fast if BETTER_AUTH_SECRET unset, init:true for proper PID 1, restart:unless-stopped, compose-level healthcheck, overridable POSTGRES_PASSWORD - docker/.env.example template with Resend/Mailgun/SendGrid and OAuth - Dropped MANIFEST_TRUST_LAN (dead without LocalAuthGuard) Unified email provider scheme: - New EMAIL_PROVIDER / EMAIL_API_KEY / EMAIL_DOMAIN / EMAIL_FROM env vars cover BOTH Better Auth transactional emails AND threshold alert notifications via the existing Pipeline B → Pipeline A fallback - Supports resend (recommended for self-hosting, no domain needed), mailgun, sendgrid - Legacy MAILGUN_API_KEY/DOMAIN still work for backward compat Backend changes: - Delete local-mode.constants, local-auth.guard, local-bootstrap.service, limit-check-local.service, version-check.service, sql-dialect.spec, local-ip.spec - Simplify sql-dialect.ts to Postgres-only (keeps function signatures to avoid touching 17 entities and 6 services) - auth.instance.ts: no more null branch, BETTER_AUTH_SECRET always required outside test mode - app.module.ts: SessionGuard is the only APP_GUARD (no LocalAuthGuard swap) - database.module.ts: Postgres-only TypeORM config; seeder runs on SEED_DATA=true regardless of NODE_ENV - agent-key-auth.guard.ts: drop local-mode IP bypass, keep dev-mode loopback shortcut - health.controller.ts: drop mode/devMode/version fields - Drop sql.js from backend dependencies - Rewrite E2E test helpers to use Postgres instead of sql.js Frontend changes: - Delete services/local-mode.ts and VersionIndicator component - Remove isLocalMode/isDevMode branches from Login, Settings, Account, Limits, MessageLog, Header, AuthGuard, AgentGuard, ProviderSelect*, ProviderApiKeyTab, ProviderDetailView, EmailProviderModal - Update ~25 test files to match CI/docs: - Delete backend-sqljs and manifest-plugin CI jobs - Update CLAUDE.md, CONTRIBUTING.md, DOCKER_README.md, .env.example files to reflect Postgres-only, new env vars, and single publishable package (manifest-model-router) - Delete .claude/skills/* that automated the local-mode plugin (setup-manifest-plugin, uninstall-manifest-plugin, manifest-status, ensure-manifest-docs-consistency) - Delete skills/manifest/SKILL.md (referenced the deleted plugin) Breaking: - MANIFEST_MODE, MANIFEST_DB_PATH, MANIFEST_UPDATE_CHECK_OPTOUT, MANIFEST_TRUST_LAN env vars are removed (no-op if set) - NODE_ENV=development in production Docker is no longer supported; use AUTO_MIGRATE=true instead - BETTER_AUTH_SECRET now required in docker-compose (no placeholder) - manifest npm package is deprecated
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
2 issues found across 225 files
Note: This PR contains a large number of files. cubic only reviews up to 75 files per PR, so some files may not have been reviewed. cubic prioritises the most important files to review.
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="CLAUDE.md">
<violation number="1" location="CLAUDE.md:541">
P2: Changeset CI documentation is incorrect: it omits the required `manifest` changeset for backend/frontend PRs.</violation>
</file>
<file name="CONTRIBUTING.md">
<violation number="1" location="CONTRIBUTING.md:197">
P2: The updated changeset guidance is inconsistent with CI: backend/frontend changes are documented as not requiring changesets, but CI still requires a `manifest` changeset for those paths.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Resolves conflicts after main merged parallel cleanup PRs (#1528, #1533, #1534, #1536, #1537, #1538) that removed both openclaw-plugins packages. Takes main's direction on: - openclaw-plugins/manifest-model-router removal (main deleted both) - docker-compose.yml local-testing framing (main's choice) - Dockerfile healthcheck start-period=45s (main's fix) Keeps this branch's unique contributions: - Backend: delete all local-mode source files (LocalAuthGuard, local-mode.constants, local-bootstrap.service, limit-check-local, version-check.service), simplify sql-dialect.ts to Postgres-only, drop sql.js dep, remove backend-sqljs CI job - Frontend: delete services/local-mode.ts, VersionIndicator component, remove isLocalMode/isDevMode branches across ~14 components - AUTO_MIGRATE env var in database.module.ts + seeder - Unified EMAIL_* env var scheme in send-email.ts + app.config.ts + notification-email.service.ts (covers both Better Auth transactional and threshold alerts via existing fallback) - Docker compose: add AUTO_MIGRATE, EMAIL_*, OAuth env var passthroughs; drop MANIFEST_TRUST_LAN (dead after LocalAuthGuard removal) - backend/.env.example: new EMAIL_* block, deprecate legacy MAILGUN_* - Rewrite E2E test helpers to use Postgres (was sql.js)
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #1539 +/- ##
==========================================
- Coverage 98.43% 97.90% -0.54%
==========================================
Files 118 116 -2
Lines 8653 8458 -195
Branches 3278 3186 -92
==========================================
- Hits 8518 8281 -237
- Misses 134 175 +41
- Partials 1 2 +1
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
Bundle ReportChanges will decrease total bundle size by 19.32kB (-2.97%) ⬇️. This is within the configured threshold ✅ Detailed changes
Affected Assets, Files, and Routes:view changes for bundle: manifest-frontend-esmAssets Changed:
|
brunobuddy
added a commit
that referenced
this pull request
Apr 13, 2026
brunobuddy
added a commit
that referenced
this pull request
Apr 13, 2026
Replaces the obsolete work in PR 1542 — main has since landed #1539 (remove-local-mode) and #1541 (synthetic package) which already added docker/.env.example, the email + OAuth compose vars, and the broader .gitignore negation. This commit layers the remaining still-needed pieces on top of the new main. - README.md: drop the unmaintained npm version + downloads badges, add a Docker image-size badge, inline the two-command Docker quickstart under "Self-hosted (Docker)" so it's visible on the first screenful, and note that the npm package is deprecated. - docker/DOCKER_README.md: fix the OpenClaw-only framing (now lists OpenClaw, Hermes, and OpenAI-compatible agents), add a table of contents, PowerShell + CMD variants for the docker run example, an Upgrading section (docker compose pull && up -d), a Backup & persistence section covering the pgdata volume + pg_dump, and a new "Option 3: one-command install script" section with a review-before-running note. - docker/docker-compose.yml: switch BETTER_AUTH_SECRET, BETTER_AUTH_URL, and SEED_DATA to ${VAR:-default} interpolation so that overrides from .env actually take effect — currently these are hardcoded literals that silently ignore .env values, which breaks the self-host flow advertised in .env.example. POSTGRES_PASSWORD and DATABASE_URL stay hardcoded (the internal Postgres has no published port, and interpolating the password into the URL risks URI-encoding bugs). - docker/install.sh: hardened one-command installer. set -euo pipefail, confirmation prompt (or --yes), --dry-run, --dir, refuses to clobber non-empty dirs, generates a secret via openssl (falls back to /dev/urandom), waits on the healthcheck, prints login info. - .github/workflows/docker.yml: force flavor: latest=true on metadata-action so the compose file's :latest reference is reliably updated on every workflow_dispatch publish; add a peter-evans/dockerhub-description@v4 step to sync docker/DOCKER_README.md and a 65-character short description to Docker Hub on publish; add .env.example + install.sh to the PR path filter so future edits trigger the validate job.
brunobuddy
added a commit
that referenced
this pull request
Apr 13, 2026
The release workflow was failing again with:
🦋 error Found changeset remove-local-mode for package
manifest-model-router which is not in the workspace
.changeset/remove-local-mode.md was added in #1539 but targets
manifest-model-router, which was deleted in #1528. Changesets
fast-fails on any dangling package reference.
The changeset content itself is genuinely useful — it documents the
local-mode removal, the Docker hardening, the new AUTO_MIGRATE env
var, and the unified EMAIL_* scheme. Rather than deleting it (which
is what #1534 did for a similar situation), retarget it to 'manifest'
so the content lands in packages/manifest/CHANGELOG.md on the next
release.
Also drop the now-stale final sentence that described
manifest-model-router as 'the recommended way to route OpenClaw
requests through Manifest' — that package no longer exists. Replaced
with a correct note pointing users at configuring Manifest as a
generic OpenAI-compatible provider (which is what the dashboard
setup modal shows them).
2 tasks
andychu666
added a commit
to andychu666/manifest
that referenced
this pull request
Apr 15, 2026
Upstream removed both plugin packages (mnfst#1527, mnfst#1528) and local mode (mnfst#1539) in favor of Docker-only self-hosting. This fork preserves local OpenClaw support via manifest-local, which fixes the embedded NestJS architecture that motivated upstream's deprecation. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Remove Manifest's local mode and the
manifestOpenClaw plugin. Manifest now runs exclusively on PostgreSQL with Better Auth, shipped either via the Docker image (manifestdotbuild/manifest) with a bundled Postgres container or the hosted cloud version at app.manifest.build. The self-containedmanifestnpm package (embedded Nest server, SQLite via sql.js, loopback-trust auth) is deprecated and removed from the repository.Bundles three related changes into one atomic PR:
LocalAuthGuard,LocalBootstrapService,local-mode.constants,limit-check-local.service,version-check.service,sql-dialect.spec, themanifestplugin package, and allisLocalMode()branches across backend + frontend. Dropssql.jsfrom backend deps and thebackend-sqljsCI job. Simplifiessql-dialect.tsto Postgres-only (keeps function signatures to avoid touching 17 entities and 6 services).docker-compose.ymltoNODE_ENV=productionand introduces a dedicatedAUTO_MIGRATE=trueenv var instead of the previousNODE_ENV=developmentworkaround. Activatestrust proxyfor reverse-proxied deployments, upstream error sanitization, and Better Auth verification enforcement. Compose file now fails fast ifBETTER_AUTH_SECRETis unset, addsinit: truefor proper PID 1,restart: unless-stopped, and a compose-level healthcheck.EMAIL_*env vars — covers both Better Auth transactional emails (signup verification, password reset) and threshold alert notifications via the existing Pipeline B → Pipeline A fallback. Supports Resend (recommended for self-hosting — no domain setup), Mailgun, and SendGrid. LegacyMAILGUN_API_KEY/MAILGUN_DOMAINstill work for backward compat.Why one PR
The three concerns share file boundaries (auth, database, compose, DOCKER_README, env.example). Splitting them would require dead-code shims in every intermediate state. Review surface is ~225 files but strictly subtractive (+1080 / −8832).
Migration guide for existing self-hosted local-mode users
docker/docker-compose.ymlanddocker/.env.examplefrom this repo.cp .env.example .envand setBETTER_AUTH_SECRETwithopenssl rand -hex 32.docker compose up -d. First boot runs migrations (viaAUTO_MIGRATE=true) and seeds the admin user (viaSEED_DATA=true).http://localhost:3001withadmin@manifest.build/manifestand immediately change the password.EMAIL_PROVIDER=resend+EMAIL_API_KEY+EMAIL_FROMin.env(Resend is easiest — no domain setup).{GOOGLE,GITHUB,DISCORD}_CLIENT_ID+_CLIENT_SECRETin.env.~/.openclaw/manifest/manifest.db(SQLite) has no automated migration path. Export telemetry manually via the dashboard before upgrading, or stay on the lastmanifest@Xrelease.Breaking changes
MANIFEST_MODE,MANIFEST_DB_PATH,MANIFEST_UPDATE_CHECK_OPTOUT,MANIFEST_TRUST_LANenv vars are removed (no-op if set)NODE_ENV=developmentin production Docker deployments is no longer the trigger for auto-migrations — useAUTO_MIGRATE=trueBETTER_AUTH_SECRETis now required indocker-compose.yml(no placeholder); compose startup fails with a helpful error if unsetmanifestnpm package is deprecated and will receive no further releases/api/v1/healthno longer returnsmode,devMode, orversionfieldsTest plan
cd packages/backend && npx tsc --noEmit— passescd packages/frontend && npx tsc --noEmit— passescd packages/backend && npx jest— 3489/3489 pass across 179 suitescd packages/backend && npm run test:e2e(against fresh Postgres) — 99/99 pass across 14 suitescd packages/frontend && npx vitest run— 2147/2147 pass across 108 suitesnpm run build— shared, frontend, backend, manifest-model-router all build cleanMANIFEST_MODE,sql.js,LocalAuthGuard,LocalBootstrap,MANIFEST_TRUST_LAN,local-mode.constantsinpackages/{backend,frontend,shared}/src,docker/,CLAUDE.md,CONTRIBUTING.mddocker compose up -dagainst the new compose file; verify seeded admin logs in, health endpoint returns{status: healthy, uptime_seconds: N}only, reverse-proxy headers are trusted, no "Dev" badge in headermanifest-model-routerpatch bump (only publishable package left)Summary by cubic
Removed local mode and the
manifestOpenClaw plugin. Manifest now runs only on PostgreSQL with Better Auth; Docker and email config are updated for simpler, safer self‑hosting.Refactors
sql.js,MANIFEST_MODE, local guards/services, and LAN/loopback bypass. SQL helpers simplified;/api/v1/healthnow returns only status and uptime.EMAIL_PROVIDER,EMAIL_API_KEY,EMAIL_DOMAIN,EMAIL_FROM(supports Resend, Mailgun, SendGrid). LegacyMAILGUN_*still works.AUTO_MIGRATE=true, trust proxy enabled in production,docker/.env.example, compose healthcheck,init: true,restart: unless-stopped, OAuth env passthrough. SetNODE_ENV=productionfor deployments; compose remains dev‑friendly by default.manifestnpm package; onlymanifest-model-routeris published.Migration
docker/docker-compose.ymlwithmanifestdotbuild/manifest. SetBETTER_AUTH_SECRET(openssl rand -hex 32), optionalEMAIL_*/OAuth env, andAUTO_MIGRATE=truefor first boot. A default admin (admin@manifest.build/manifest) is seeded—change the password.NODE_ENV=developmentwithAUTO_MIGRATE=true. SetNODE_ENV=productionin deployments.MANIFEST_MODE,MANIFEST_DB_PATH,MANIFEST_TRUST_LAN,MANIFEST_UPDATE_CHECK_OPTOUT.~/.openclaw/manifest/manifest.db.Written for commit 9d1a78a. Summary will update on new commits.