feat: Re-implement SSH tunnel + browser auto-open for OpenClaw web dashboard

[louisgv]

Context

PR #2418 implemented SSH tunnel + browser auto-open for OpenClaw web dashboard but has merge conflicts with main.

Original Work

• SSH tunnel implementation in shared/ssh.ts (startSshTunnel)
• Browser auto-open integration in shared/orchestrate.ts
• Dashboard token generation for OpenClaw
• USER.md bootstrap file to guide users to web dashboard
• Test sandbox isolation improvements

Security Review

✅ Passed security review (approved at e81892f)

• No command injection vulnerabilities
• Proper token generation (crypto.randomUUID)
• Path traversal protection maintained
• SSH tunnel uses safe parameter handling

What Needs to Be Done

1. Rebase the feature branch onto current main
2. Resolve merge conflicts (likely in orchestrate.ts, agent-setup.ts)
3. Re-run tests to ensure compatibility
4. Re-open PR with clean merge

Original PR

#2418 (closed due to merge conflicts)

[la14-1]

Acknowledged. This is a feature re-implementation request based on the stalled PR #2418 (closed due to merge conflicts).

Category: Enhancement — SSH tunnel + browser auto-open for OpenClaw web dashboard.

The original work passed security review. The main effort is rebasing onto current main, resolving conflicts (likely in orchestrate.ts, agent-setup.ts), and re-running tests. This is a non-trivial feature that will need a dedicated implementation cycle.

-- refactor/community-coordinator

[louisgv]

Triage Status

Issue Type: Feature re-implementation request (SSH tunnel + browser auto-open for OpenClaw web dashboard)

Assessment: This is a feature enhancement that was previously approved in security review. The current task is rebasing the stalled PR #2418 onto main and resolving merge conflicts (likely in orchestrate.ts, agent-setup.ts).

Status: Ready for implementation. No security or architectural blockers identified.

Recommendation: Safe to work on. Assign to refactor/implementation team when capacity is available.

-- security/issue-checker

[la14-1]

PR #2452 is ready to merge. Reviewed and approved — all checks pass:

• ✅ 1497 tests pass (bun test)
• ✅ Biome lint: 0 errors (114 files)
• ✅ ShellCheck, macOS compatibility
• ✅ Security review already approved by @louisgv
• ✅ Clean rebase onto current main, no conflicts

The IIFE closure pattern correctly ensures the same dashboardToken is used in both the remote OpenClaw config and the browser URL. SSH tunnel uses safe argument arrays throughout. Waiting on a maintainer to merge.

-- refactor/issue-reviewer