v1.26.3

changelog.md

@@ -1,5 +1,33 @@
 # Changelog
 
+## Pending
+
+
+## 2026-05-21 - 1.26.3
+
+### Fixes
+
+- use `dees-table` for gateway domains and DNS records views (web)
+  - replace custom row grids with catalog tables, filtering, refresh, and row actions
+- use dees-table for gateway domains and DNS records views (web)
+  - replace custom row layouts with dees-table in gateway domains and DNS records views
+  - add table filtering, refresh actions, and row/context actions for dcrouter management
+
+## 2026-05-20 - 1.26.2
+
+### Fixes
+
+- reload SmartProxy routes after managed startup (proxy)
+  - reloads SmartProxy routes immediately after the admin API is ready during startup, avoiding an empty route table when Docker task state lags behind service readiness
+
+## 2026-05-09 - 1.26.1 - fix(external-gateway)
+derive gateway client identity from the dcrouter token and make the settings UI read-only
+
+- Resolves external gateway ownership and domain sync to use the gateway client context returned by dcrouter instead of a locally entered client ID.
+- Falls back to stored gateway client settings only when token context is unavailable.
+- Removes editable Gateway Client ID fields from settings and shows them as diagnostic read-only values for managed and external modes.
+- Updates external gateway tests to validate token-derived gateway client IDs and admin-token behavior.
+
 ## 2026-05-09 - 1.26.0 - feat(dcrouter)
 add managed local dcrouter mode with status controls and gateway integration
 

deno.json

@@ -1,6 +1,6 @@
 {
   "name": "@serve.zone/onebox",
-  "version": "1.26.0",
+  "version": "1.26.3",
   "exports": "./mod.ts",
   "tasks": {
     "test": "deno test --allow-all test/",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@serve.zone/onebox",
-  "version": "1.26.0",
+  "version": "1.26.3",
   "description": "Self-hosted container platform with automatic SSL and DNS - a mini Heroku for single servers",
   "main": "mod.ts",
   "type": "module",

test/external_gateway_test.ts

@@ -62,8 +62,6 @@ class FakeDatabase {
 const makeOneboxRef = () => {
   const database = new FakeDatabase();
   database.settings.set('dcrouterGatewayUrl', 'https://edge.example.com');
-  database.settings.set('dcrouterGatewayClientId', 'onebox-1');
-  database.settings.set('dcrouterWorkHosterId', 'onebox-1');
   database.secretSettings.set('dcrouterGatewayApiToken', 'dcr-token');
 
   let reloadCount = 0;
@@ -94,8 +92,11 @@ Deno.test('ExternalGatewayManager syncs dcrouter domains into Onebox domains', a
 
   const manager = new ExternalGatewayManager(oneboxRef as any);
   (manager as any).fireDcRouterRequest = async (method: string, requestData: Record<string, unknown>) => {
+    if (method === 'getGatewayClientContext') {
+      return { context: { role: 'gatewayClient', gatewayClient: { type: 'onebox', id: 'onebox-token' } } };
+    }
     assertEquals(method, 'getGatewayClientDomains');
-    assertEquals(requestData.gatewayClientId, 'onebox-1');
+    assertEquals(requestData.gatewayClientId, 'onebox-token');
     return {
       domains: [
         {
@@ -139,6 +140,9 @@ Deno.test('ExternalGatewayManager syncs service routes to dcrouter gatewayClient
   const requests: Array<{ method: string; requestData: Record<string, unknown> }> = [];
   const manager = new ExternalGatewayManager(oneboxRef as any);
   (manager as any).fireDcRouterRequest = async (method: string, requestData: Record<string, unknown>) => {
+    if (method === 'getGatewayClientContext') {
+      return { context: { role: 'gatewayClient', gatewayClient: { type: 'onebox', id: 'onebox-token' } } };
+    }
     requests.push({ method, requestData });
     if (method === 'exportCertificate') {
       return { success: false };
@@ -154,7 +158,7 @@ Deno.test('ExternalGatewayManager syncs service routes to dcrouter gatewayClient
 
   assertEquals(ownership, {
     gatewayClientType: 'onebox',
-    gatewayClientId: 'onebox-1',
+    gatewayClientId: 'onebox-token',
     appId: 'hello',
     hostname: 'hello.example.com',
   });
@@ -189,6 +193,9 @@ Deno.test('ExternalGatewayManager uses managed dcrouter local target in managed
   let syncRequest: Record<string, unknown> | null = null;
   const manager = new ExternalGatewayManager(oneboxRef as any);
   (manager as any).fireDcRouterRequest = async (method: string, requestData: Record<string, unknown>, config: any) => {
+    if (method === 'getGatewayClientContext') {
+      return { context: { role: 'admin' } };
+    }
     if (method === 'exportCertificate') {
       return { success: false };
     }
@@ -213,6 +220,9 @@ Deno.test('ExternalGatewayManager deletes service routes through dcrouter gatewa
   let deleteRequest: Record<string, unknown> | null = null;
 
   (manager as any).fireDcRouterRequest = async (method: string, requestData: Record<string, unknown>) => {
+    if (method === 'getGatewayClientContext') {
+      return { context: { role: 'gatewayClient', gatewayClient: { type: 'onebox', id: 'onebox-token' } } };
+    }
     assertEquals(method, 'syncGatewayClientRoute');
     deleteRequest = requestData;
     return { success: true, action: 'deleted', routeId: 'route-1' };
@@ -227,7 +237,7 @@ Deno.test('ExternalGatewayManager deletes service routes through dcrouter gatewa
   assert(deleteRequest);
   const capturedDeleteRequest = deleteRequest as Record<string, unknown>;
   assertEquals(capturedDeleteRequest.delete, true);
-  assertEquals((capturedDeleteRequest.ownership as any).gatewayClientId, 'onebox-1');
+  assertEquals((capturedDeleteRequest.ownership as any).gatewayClientId, 'onebox-token');
   assertEquals((capturedDeleteRequest.ownership as any).hostname, 'hello.example.com');
 });
 
@@ -235,6 +245,9 @@ Deno.test('ExternalGatewayManager imports exported dcrouter certificates into On
   const oneboxRef = makeOneboxRef();
   const manager = new ExternalGatewayManager(oneboxRef as any);
   (manager as any).fireDcRouterRequest = async (method: string, requestData: Record<string, unknown>) => {
+    if (method === 'getGatewayClientContext') {
+      return { context: { role: 'gatewayClient', gatewayClient: { type: 'onebox', id: 'onebox-token' } } };
+    }
     assertEquals(method, 'exportCertificate');
     assertEquals(requestData.domain, 'hello.example.com');
     return {

ts/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@serve.zone/onebox',
-  version: '1.26.0',
+  version: '1.26.3',
   description: 'Self-hosted container platform with automatic SSL and DNS - a mini Heroku for single servers'
 }

ts/classes/external-gateway.ts

@@ -10,13 +10,24 @@ type TWorkHosterType = 'onebox';
 interface IExternalGatewayConfig {
   url: string;
   apiToken: string;
-  gatewayClientId: string;
+  gatewayClientType?: TWorkHosterType;
+  gatewayClientId?: string;
   /** @deprecated Use gatewayClientId. */
-  workHosterId: string;
+  workHosterId?: string;
   targetHost?: string;
   targetPort?: number;
 }
 
+interface IGatewayClientContextResponse {
+  context: {
+    role: 'admin' | 'gatewayClient' | 'operator';
+    gatewayClient?: {
+      type: 'onebox' | 'cloudly' | 'custom';
+      id: string;
+    };
+  };
+}
+
 interface IWorkHosterDomain {
   id?: string;
   name: string;
@@ -62,8 +73,8 @@ interface IWorkAppRouteOwnership {
 }
 
 interface IGatewayClientOwnership {
-  gatewayClientType: TWorkHosterType;
+  gatewayClientType?: TWorkHosterType;
-  gatewayClientId: string;
+  gatewayClientId?: string;
   appId: string;
   hostname: string;
 }
@@ -128,8 +139,14 @@ export class ExternalGatewayManager {
     if (this.getMode() === 'disabled') {
       return false;
     }
-    const config = await this.getConfig({ requireTarget: false });
+    const mode = this.getMode();
-    return Boolean(config);
+    const url = mode === 'managed'
+      ? this.oneboxRef.managedDcRouter.getGatewayUrl()
+      : this.normalizeUrl(this.database.getSetting('dcrouterGatewayUrl') || '');
+    const apiToken = mode === 'managed'
+      ? await this.oneboxRef.managedDcRouter.getAdminToken()
+      : await this.database.getSecretSetting('dcrouterGatewayApiToken');
+    return Boolean(url && apiToken);
   }
 
   public async syncDomains(): Promise<IDomain[]> {
@@ -188,7 +205,7 @@ export class ExternalGatewayManager {
     try {
       const response = await this.fireDcRouterRequest<{ domains: IWorkHosterDomain[] }>(
         'getGatewayClientDomains',
-        { gatewayClientId: config.gatewayClientId },
+        config.gatewayClientId ? { gatewayClientId: config.gatewayClientId } : {},
         config,
       );
       return response.domains.map((domain) => ({
@@ -216,7 +233,7 @@ export class ExternalGatewayManager {
     try {
       const response = await this.fireDcRouterRequest<{ records: IGatewayDnsRecord[] }>(
         'getGatewayClientDnsRecords',
-        { gatewayClientId: config.gatewayClientId },
+        config.gatewayClientId ? { gatewayClientId: config.gatewayClientId } : {},
         config,
       );
       return response.records.map((record) => ({
@@ -355,16 +372,27 @@ export class ExternalGatewayManager {
       return null;
     }
 
-    const gatewayClientId = mode === 'managed'
-      ? this.oneboxRef.managedDcRouter.ensureGatewayClientId()
-      : this.ensureGatewayClientId();
     const config: IExternalGatewayConfig = {
       url,
       apiToken,
-      gatewayClientId,
-      workHosterId: gatewayClientId,
     };
 
+    const contextClient = await this.getGatewayClientFromToken(config);
+    if (contextClient) {
+      config.gatewayClientType = contextClient.type;
+      config.gatewayClientId = contextClient.id;
+      config.workHosterId = contextClient.id;
+    } else {
+      const fallbackGatewayClientId = mode === 'managed'
+        ? this.oneboxRef.managedDcRouter.ensureGatewayClientId()
+        : this.getStoredGatewayClientId();
+      if (fallbackGatewayClientId) {
+        config.gatewayClientType = 'onebox';
+        config.gatewayClientId = fallbackGatewayClientId;
+        config.workHosterId = fallbackGatewayClientId;
+      }
+    }
+
     if (options.requireTarget !== false) {
       if (mode === 'managed') {
         const target = this.oneboxRef.managedDcRouter.getRouteTarget();
@@ -417,13 +445,27 @@ export class ExternalGatewayManager {
     return port;
   }
 
-  private ensureGatewayClientId(): string {
+  private getStoredGatewayClientId(): string {
-    let gatewayClientId = this.database.getSetting('dcrouterGatewayClientId') || this.database.getSetting('dcrouterWorkHosterId');
+    return this.database.getSetting('dcrouterGatewayClientId') || this.database.getSetting('dcrouterWorkHosterId') || '';
-    if (!gatewayClientId) {
+  }
-      gatewayClientId = crypto.randomUUID();
+
-      this.database.setSetting('dcrouterGatewayClientId', gatewayClientId);
+  private async getGatewayClientFromToken(config: IExternalGatewayConfig): Promise<{ type: TWorkHosterType; id: string } | null> {
+    try {
+      const response = await this.fireDcRouterRequest<IGatewayClientContextResponse>(
+        'getGatewayClientContext',
+        {},
+        config,
+      );
+      const gatewayClient = response.context.gatewayClient;
+      if (!gatewayClient) return null;
+      if (gatewayClient.type !== 'onebox') {
+        throw new Error(`dcrouter token is bound to unsupported gateway client type: ${gatewayClient.type}`);
+      }
+      return { type: gatewayClient.type, id: gatewayClient.id };
+    } catch (error) {
+      logger.debug(`dcrouter gateway client context unavailable: ${getErrorMessage(error)}`);
+      return null;
     }
-    return gatewayClientId;
   }
 
   private buildOwnership(
@@ -433,7 +475,7 @@ export class ExternalGatewayManager {
   ): IWorkAppRouteOwnership {
     return {
       workHosterType: 'onebox',
-      workHosterId: config.gatewayClientId,
+      workHosterId: config.gatewayClientId || '',
       workAppId: service.name || `service-${service.id}`,
       hostname,
     };
@@ -444,12 +486,15 @@ export class ExternalGatewayManager {
     hostname: string,
     config: IExternalGatewayConfig,
   ): IGatewayClientOwnership {
-    return {
+    const ownership: IGatewayClientOwnership = {
-      gatewayClientType: 'onebox',
+      gatewayClientType: config.gatewayClientType || 'onebox',
-      gatewayClientId: config.gatewayClientId,
       appId: service.name || `service-${service.id}`,
       hostname,
     };
+    if (config.gatewayClientId) {
+      ownership.gatewayClientId = config.gatewayClientId;
+    }
+    return ownership;
   }
 
   private buildRoute(service: IService, config: IExternalGatewayConfig): IDcRouterRouteConfig {

ts/classes/smartproxy.ts

@@ -179,7 +179,7 @@ export class SmartProxyManager {
 
       await this.waitForReady();
       this.serviceRunning = true;
-      await this.reloadConfig();
+      await this.reloadConfig({ skipRunningCheck: true });
 
       logger.success(`SmartProxy started (HTTP: ${this.httpPort}, HTTPS: ${this.httpsPort}, Admin: ${this.adminUrl})`);
     } catch (error) {
@@ -360,11 +360,13 @@ export class SmartProxyManager {
     return routeConfigs;
   }
 
-  async reloadConfig(): Promise<void> {
+  async reloadConfig(options: { skipRunningCheck?: boolean } = {}): Promise<void> {
-    const isRunning = await this.isRunning();
+    if (!options.skipRunningCheck) {
-    if (!isRunning) {
+      const isRunning = await this.isRunning();
-      logger.warn('SmartProxy not running, cannot reload config');
+      if (!isRunning) {
-      return;
+        logger.warn('SmartProxy not running, cannot reload config');
+        return;
+      }
     }
 
     const routes = this.buildRoutes();

ts_web/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@serve.zone/onebox',
-  version: '1.26.0',
+  version: '1.26.3',
   description: 'Self-hosted container platform with automatic SSL and DNS - a mini Heroku for single servers'
 }

ts_web/elements/ob-view-dns-records.ts

@@ -1,4 +1,5 @@
 import * as shared from './shared/index.js';
+import * as plugins from '../plugins.js';
 import * as appstate from '../appstate.js';
 import { appRouter } from '../router.js';
 import {
@@ -11,6 +12,8 @@ import {
   type TemplateResult,
 } from '@design.estate/dees-element';
 
+type TGatewayDnsRecord = appstate.INetworkState['gatewayDnsRecords'][number];
+
 @customElement('ob-view-dns-records')
 export class ObViewDnsRecords extends DeesElement {
   @state()
@@ -37,16 +40,11 @@ export class ObViewDnsRecords extends DeesElement {
     cssManager.defaultStyles,
     shared.viewHostCss,
     css`
-      .table { border: 1px solid var(--ci-shade-2, #e4e4e7); border-radius: 10px; overflow: hidden; }
-      .row { display: grid; grid-template-columns: 2fr 90px 2fr 90px 140px 220px; gap: 16px; align-items: center; padding: 14px 16px; border-bottom: 1px solid var(--ci-shade-2, #e4e4e7); }
-      .row:last-child { border-bottom: none; }
-      .header { font-size: 12px; font-weight: 700; text-transform: uppercase; color: var(--ci-shade-5, #71717a); background: var(--ci-shade-1, #f4f4f5); }
       .name { font-weight: 600; }
       .value { font-family: monospace; color: var(--ci-shade-5, #71717a); overflow-wrap: anywhere; }
+      .muted { color: var(--ci-shade-5, #71717a); font-size: 13px; }
       .badge { border-radius: 999px; padding: 3px 8px; background: var(--ci-shade-1, #f4f4f5); font-size: 12px; }
       .missing { color: #dc2626; }
-      a, button.link { color: var(--ci-primary, #2563eb); background: none; border: none; padding: 0; cursor: pointer; font: inherit; text-decoration: none; }
-      .actions { display: flex; gap: 12px; }
       .empty { padding: 32px; text-align: center; color: var(--ci-shade-5, #71717a); }
     `,
   ];
@@ -60,29 +58,60 @@ export class ObViewDnsRecords extends DeesElement {
     const records = this.networkState.gatewayDnsRecords;
     return html`
       <ob-sectionheading>DNS Records</ob-sectionheading>
-      <div class="table">
+      ${records.length
-        <div class="row header">
+        ? html`
-          <span>Name</span>
+            <dees-table
-          <span>Type</span>
+              .heading1=${'Gateway DNS Records'}
-          <span>Value</span>
+              .heading2=${'DNS records published through dcrouter for Onebox services'}
-          <span>Status</span>
+              .data=${records}
-          <span>Service</span>
+              .showColumnFilters=${true}
-          <span>Actions</span>
+              .displayFunction=${(record: TGatewayDnsRecord) => ({
-        </div>
+                Name: html`
-        ${records.length ? records.map((record) => html`
+                  <div>
-          <div class="row ${record.status === 'missing' ? 'missing' : ''}">
+                    <div class="name">${record.name}</div>
-            <span class="name">${record.name}</span>
+                    ${record.domainName ? html`<div class="muted">${record.domainName}</div>` : ''}
-            <span><span class="badge">${record.type}</span></span>
+                  </div>
-            <span class="value">${record.value || '-'}</span>
+                `,
-            <span>${record.status}</span>
+                Type: html`<span class="badge">${record.type}</span>`,
-            <span>${record.serviceName || record.appId}</span>
+                Value: html`<span class="value">${record.value || '-'}</span>`,
-            <span class="actions">
+                Status: html`<span class=${record.status === 'missing' ? 'missing' : ''}>${record.status}</span>`,
-              <button class="link" @click=${() => appRouter.navigateToView('services')}>View service</button>
+                Service: record.serviceName || record.appId || '-',
-              ${record.manageUrl ? html`<a href=${record.manageUrl} target="_blank" rel="noopener">Manage in dcrouter</a>` : ''}
+              })}
-            </span>
+              .dataActions=${[
-          </div>
+                {
-        `) : html`<div class="empty">No gateway DNS records found. Configure a dcrouter gateway in Settings.</div>`}
+                  name: 'Refresh',
-      </div>
+                  iconName: 'lucide:rotateCw',
+                  type: ['header'],
+                  actionFunc: async () => {
+                    await appstate.networkStatePart.dispatchAction(
+                      appstate.fetchGatewayDnsRecordsAction,
+                      null,
+                    );
+                  },
+                },
+                {
+                  name: 'View service',
+                  iconName: 'lucide:boxes',
+                  type: ['inRow', 'contextmenu'],
+                  actionFunc: async () => {
+                    appRouter.navigateToView('services');
+                  },
+                },
+                {
+                  name: 'Manage in dcrouter',
+                  iconName: 'lucide:externalLink',
+                  type: ['inRow', 'contextmenu'],
+                  actionRelevancyCheckFunc: (record: TGatewayDnsRecord) => !!record.manageUrl,
+                  actionFunc: async (actionData: plugins.deesCatalog.ITableActionDataArg<TGatewayDnsRecord>) => {
+                    if (actionData.item.manageUrl) {
+                      globalThis.open(actionData.item.manageUrl, '_blank', 'noopener');
+                    }
+                  },
+                },
+              ] as plugins.deesCatalog.ITableAction<TGatewayDnsRecord>[]}
+            ></dees-table>
+          `
+        : html`<div class="empty">No gateway DNS records found. Configure a dcrouter gateway in Settings.</div>`}
     `;
   }
 }

ts_web/elements/ob-view-domains.ts

@@ -1,4 +1,5 @@
 import * as shared from './shared/index.js';
+import * as plugins from '../plugins.js';
 import * as appstate from '../appstate.js';
 import {
   DeesElement,
@@ -10,6 +11,8 @@ import {
   type TemplateResult,
 } from '@design.estate/dees-element';
 
+type TGatewayDomain = appstate.INetworkState['gatewayDomains'][number];
+
 @customElement('ob-view-domains')
 export class ObViewDomains extends DeesElement {
   @state()
@@ -36,25 +39,9 @@ export class ObViewDomains extends DeesElement {
     cssManager.defaultStyles,
     shared.viewHostCss,
     css`
-      .table {
-        border: 1px solid var(--ci-shade-2, #e4e4e7);
-        border-radius: 10px;
-        overflow: hidden;
-      }
-      .row {
-        display: grid;
-        grid-template-columns: 2fr 1fr 120px 120px 140px;
-        gap: 16px;
-        align-items: center;
-        padding: 14px 16px;
-        border-bottom: 1px solid var(--ci-shade-2, #e4e4e7);
-      }
-      .row:last-child { border-bottom: none; }
-      .header { font-size: 12px; font-weight: 700; text-transform: uppercase; color: var(--ci-shade-5, #71717a); background: var(--ci-shade-1, #f4f4f5); }
       .domain { font-weight: 600; }
       .muted { color: var(--ci-shade-5, #71717a); font-size: 13px; }
       .badge { border-radius: 999px; padding: 3px 8px; background: var(--ci-shade-1, #f4f4f5); font-size: 12px; }
-      a { color: var(--ci-primary, #2563eb); text-decoration: none; }
       .empty { padding: 32px; text-align: center; color: var(--ci-shade-5, #71717a); }
     `,
   ];
@@ -71,27 +58,51 @@ export class ObViewDomains extends DeesElement {
       <div class="muted" style="margin-bottom: 16px;">
         Domains are managed in dcrouter. Onebox shows gateway visibility for deployed services.
       </div>
-      <div class="table">
+      ${domains.length
-        <div class="row header">
+        ? html`
-          <span>Domain</span>
+            <dees-table
-          <span>Source</span>
+              .heading1=${'Gateway Domains'}
-          <span>Authoritative</span>
+              .heading2=${'Domains imported from dcrouter gateway visibility'}
-          <span>Services</span>
+              .data=${domains}
-          <span>Actions</span>
+              .showColumnFilters=${true}
-        </div>
+              .displayFunction=${(domain: TGatewayDomain) => ({
-        ${domains.length ? domains.map((domain) => html`
+                Domain: html`
-          <div class="row">
+                  <div>
-            <span>
+                    <div class="domain">${domain.name}</div>
-              <span class="domain">${domain.name}</span>
+                    ${domain.providerId ? html`<div class="muted">Provider: ${domain.providerId}</div>` : ''}
-              ${domain.providerId ? html`<div class="muted">Provider: ${domain.providerId}</div>` : ''}
+                  </div>
-            </span>
+                `,
-            <span><span class="badge">${domain.source || 'dcrouter'}</span></span>
+                Source: html`<span class="badge">${domain.source || 'dcrouter'}</span>`,
-            <span>${domain.authoritative ? 'Yes' : 'No'}</span>
+                Authoritative: domain.authoritative ? 'Yes' : 'No',
-            <span>${domain.serviceCount || 0}</span>
+                Services: domain.serviceCount || 0,
-            <span>${domain.manageUrl ? html`<a href=${domain.manageUrl} target="_blank" rel="noopener">Manage in dcrouter</a>` : '-'}</span>
+              })}
-          </div>
+              .dataActions=${[
-        `) : html`<div class="empty">No gateway domains found. Configure a dcrouter gateway in Settings.</div>`}
+                {
-      </div>
+                  name: 'Refresh',
+                  iconName: 'lucide:rotateCw',
+                  type: ['header'],
+                  actionFunc: async () => {
+                    await appstate.networkStatePart.dispatchAction(
+                      appstate.fetchGatewayDomainsAction,
+                      null,
+                    );
+                  },
+                },
+                {
+                  name: 'Manage in dcrouter',
+                  iconName: 'lucide:externalLink',
+                  type: ['inRow', 'contextmenu'],
+                  actionRelevancyCheckFunc: (domain: TGatewayDomain) => !!domain.manageUrl,
+                  actionFunc: async (actionData: plugins.deesCatalog.ITableActionDataArg<TGatewayDomain>) => {
+                    if (actionData.item.manageUrl) {
+                      globalThis.open(actionData.item.manageUrl, '_blank', 'noopener');
+                    }
+                  },
+                },
+              ] as plugins.deesCatalog.ITableAction<TGatewayDomain>[]}
+            ></dees-table>
+          `
+        : html`<div class="empty">No gateway domains found. Configure a dcrouter gateway in Settings.</div>`}
     `;
   }
 }

ts_web/elements/ob-view-settings.ts

@@ -144,6 +144,32 @@ export class ObViewSettings extends DeesElement {
         grid-column: 1 / -1;
       }
 
+      .gateway-readonly {
+        padding: 10px 12px;
+        border: 1px solid ${cssManager.bdTheme('#e4e4e7', '#27272a')};
+        border-radius: 8px;
+        background: ${cssManager.bdTheme('#fafafa', '#18181b')};
+      }
+
+      .gateway-readonly-label {
+        font-size: 12px;
+        font-weight: 600;
+        color: ${cssManager.bdTheme('#52525b', '#d4d4d8')};
+      }
+
+      .gateway-readonly-value {
+        margin-top: 4px;
+        font-size: 13px;
+        color: ${cssManager.bdTheme('#18181b', '#fafafa')};
+        word-break: break-all;
+      }
+
+      .gateway-readonly-hint {
+        margin-top: 4px;
+        font-size: 12px;
+        color: ${cssManager.bdTheme('#71717a', '#a1a1aa')};
+      }
+
       dees-input-text {
         width: 100%;
       }
@@ -240,11 +266,11 @@ export class ObViewSettings extends DeesElement {
             ${this.renderGatewayInput('dcrouterManagedOpsPort', 'Local Ops Port', String(settings?.dcrouterManagedOpsPort || 3300), 'Bound to 127.0.0.1 for Onebox to call dcrouter APIs.')}
             ${this.renderGatewayInput('dcrouterManagedHttpPort', 'Public HTTP Port', String(settings?.dcrouterManagedHttpPort || 80), 'Host port owned by dcrouter for HTTP ingress.')}
             ${this.renderGatewayInput('dcrouterManagedHttpsPort', 'Public HTTPS Port', String(settings?.dcrouterManagedHttpsPort || 443), 'Host port owned by dcrouter for HTTPS ingress.')}
-            ${this.renderGatewayInput('dcrouterGatewayClientId', 'Gateway Client ID', settings?.dcrouterGatewayClientId || settings?.dcrouterWorkHosterId || '', 'Leave empty to let Onebox create a stable ID.')}
+            ${this.renderGatewayReadonly('Gateway Client ID', settings?.dcrouterGatewayClientId || settings?.dcrouterWorkHosterId || 'Created when managed dcrouter starts', 'Diagnostic only. Onebox manages this local client automatically.')}
           ` : mode === 'external' ? html`
             ${this.renderGatewayInput('dcrouterGatewayUrl', 'Gateway URL', settings?.dcrouterGatewayUrl || '', 'Base URL of the dcrouter OpsServer.')}
             ${this.renderGatewayInput('dcrouterGatewayApiToken', 'API Token', settings?.dcrouterGatewayApiToken || '', 'Requires gateway-client access in dcrouter.', true)}
-            ${this.renderGatewayInput('dcrouterGatewayClientId', 'Gateway Client ID', settings?.dcrouterGatewayClientId || settings?.dcrouterWorkHosterId || '', 'Leave empty to let Onebox create a stable ID.')}
+            ${this.renderGatewayReadonly('Gateway Client ID', settings?.dcrouterGatewayClientId || settings?.dcrouterWorkHosterId || 'Derived from token', 'Configure this in dcrouter Gateway Clients, not in Onebox.')}
             ${this.renderGatewayInput('dcrouterTargetHost', 'Target Host', settings?.dcrouterTargetHost || '', 'Defaults to the configured server IP when empty.')}
             ${this.renderGatewayInput('dcrouterTargetPort', 'Target Port', String(settings?.dcrouterTargetPort || 80), 'Internal HTTP port dcrouter forwards to.')}
           ` : html`
@@ -316,6 +342,16 @@ export class ObViewSettings extends DeesElement {
     `;
   }
 
+  private renderGatewayReadonly(label: string, value: string, hint: string): TemplateResult {
+    return html`
+      <div class="gateway-readonly">
+        <div class="gateway-readonly-label">${label}</div>
+        <div class="gateway-readonly-value">${value}</div>
+        <div class="gateway-readonly-hint">${hint}</div>
+      </div>
+    `;
+  }
+
   private updateGatewayDraft(
     key: keyof NonNullable<appstate.ISettingsState['settings']>,
     value: string,
@@ -351,7 +387,6 @@ export class ObViewSettings extends DeesElement {
         dcrouterManagedDataDir: settings.dcrouterManagedDataDir || './.nogit/dcrouter-data',
         dcrouterGatewayUrl: settings.dcrouterGatewayUrl || '',
         dcrouterGatewayApiToken: settings.dcrouterGatewayApiToken || '',
-        dcrouterGatewayClientId: settings.dcrouterGatewayClientId || settings.dcrouterWorkHosterId || '',
         dcrouterTargetHost: settings.dcrouterTargetHost || '',
         dcrouterTargetPort: Number(settings.dcrouterTargetPort) || 80,
       },