fix: harden ACP secret handling and exec preflight boundaries

src/acp/server.ts

@@ -1,15 +1,16 @@
 #!/usr/bin/env node
+import { AgentSideConnection, ndJsonStream } from "@agentclientprotocol/sdk";
 import { Readable, Writable } from "node:stream";
 import { fileURLToPath } from "node:url";
-import { AgentSideConnection, ndJsonStream } from "@agentclientprotocol/sdk";
+import type { AcpServerOptions } from "./types.js";
 import { loadConfig } from "../config/config.js";
 import { resolveGatewayAuth } from "../gateway/auth.js";
 import { buildGatewayConnectionDetails } from "../gateway/call.js";
 import { GatewayClient } from "../gateway/client.js";
 import { isMainModule } from "../infra/is-main.js";
 import { GATEWAY_CLIENT_MODES, GATEWAY_CLIENT_NAMES } from "../utils/message-channel.js";
+import { readSecretFromFile } from "./secret-file.js";
 import { AcpGatewayAgent } from "./translator.js";
-import type { AcpServerOptions } from "./types.js";
 
 export function serveAcpGateway(opts: AcpServerOptions = {}): Promise<void> {
   const cfg = loadConfig();
@@ -95,6 +96,8 @@ export function serveAcpGateway(opts: AcpServerOptions = {}): Promise<void> {
 
 function parseArgs(args: string[]): AcpServerOptions {
   const opts: AcpServerOptions = {};
+  let tokenFile: string | undefined;
+  let passwordFile: string | undefined;
   for (let i = 0; i < args.length; i += 1) {
     const arg = args[i];
     if (arg === "--url" || arg === "--gateway-url") {
@@ -107,11 +110,21 @@ function parseArgs(args: string[]): AcpServerOptions {
       i += 1;
       continue;
     }
+    if (arg === "--token-file" || arg === "--gateway-token-file") {
+      tokenFile = args[i + 1];
+      i += 1;
+      continue;
+    }
     if (arg === "--password" || arg === "--gateway-password") {
       opts.gatewayPassword = args[i + 1];
       i += 1;
       continue;
     }
+    if (arg === "--password-file" || arg === "--gateway-password-file") {
+      passwordFile = args[i + 1];
+      i += 1;
+      continue;
+    }
     if (arg === "--session") {
       opts.defaultSessionKey = args[i + 1];
       i += 1;
@@ -143,6 +156,18 @@ function parseArgs(args: string[]): AcpServerOptions {
       process.exit(0);
     }
   }
+  if (opts.gatewayToken?.trim() && tokenFile?.trim()) {
+    throw new Error("Use either --token or --token-file.");
+  }
+  if (opts.gatewayPassword?.trim() && passwordFile?.trim()) {
+    throw new Error("Use either --password or --password-file.");
+  }
+  if (tokenFile?.trim()) {
+    opts.gatewayToken = readSecretFromFile(tokenFile, "Gateway token");
+  }
+  if (passwordFile?.trim()) {
+    opts.gatewayPassword = readSecretFromFile(passwordFile, "Gateway password");
+  }
   return opts;
 }
 
@@ -154,7 +179,9 @@ Gateway-backed ACP server for IDE integration.
 Options:
   --url <url>             Gateway WebSocket URL
   --token <token>         Gateway auth token
+  --token-file <path>     Read gateway auth token from file
   --password <password>   Gateway auth password
+  --password-file <path>  Read gateway auth password from file
   --session <key>         Default session key (e.g. "agent:main:main")
   --session-label <label> Default session label to resolve
   --require-existing      Fail if the session key/label does not exist
@@ -166,7 +193,18 @@ Options:
 }
 
 if (isMainModule({ currentFile: fileURLToPath(import.meta.url) })) {
-  const opts = parseArgs(process.argv.slice(2));
+  const argv = process.argv.slice(2);
+  if (argv.includes("--token") || argv.includes("--gateway-token")) {
+    console.error(
+      "Warning: --token can be exposed via process listings. Prefer --token-file or OPENCLAW_GATEWAY_TOKEN.",
+    );
+  }
+  if (argv.includes("--password") || argv.includes("--gateway-password")) {
+    console.error(
+      "Warning: --password can be exposed via process listings. Prefer --password-file or OPENCLAW_GATEWAY_PASSWORD.",
+    );
+  }
+  const opts = parseArgs(argv);
   serveAcpGateway(opts).catch((err) => {
     console.error(String(err));
     process.exit(1);