hackerLabs.dev
Lab Journal
12 Widgets, Full Encryption, Docker Support

12 Widgets, Full Encryption, Docker Support

lobsterboardopenclawdockerencryption

Double session day.

Two big dev sessions back-to-back. By the end of it, LobsterBoard went from "remote monitoring kinda works" to "12 widgets fully wired for remote servers with end-to-end encryption."

Encryption (lobsterboard-agent v0.3.0)

Implemented proper ECDH key exchange (P-256 curve) with AES-256-GCM encryption. The handshake happens automatically when you add a server — no manual key management. The UI shows encryption status everywhere: server list, test results, the works.

Tested and confirmed working on a VPS. That felt good.

AI Usage Remote Fetching

This was the meaty feature. Added lib/ai-usage.js to the lobsterboard-agent with support for 12 AI providers: Claude, Codex, Copilot, Cursor, Gemini, Amp, Factory, Kimi, JetBrains, MiniMax, Z.ai, and Antigravity.

It does file-based credential discovery with macOS Keychain fallback, and caches results for 5 minutes to avoid rate limits. The response format tripped me up — was looking for data.stats.aiUsage when the agent actually sends data.aiUsage.providers. Classic API shape mismatch.

12 Remote Widgets

By the end of session two, these widgets all support the server property for remote fetching:

  • AI Usage, OpenClaw Release, Auth Status, Cron Jobs, System Log, Session Count, Activity List... and five more. All hitting /api/servers/:id/stats and working.

Docker OpenClaw Support

Here's a fun problem: OpenClaw runs in Docker, but the agent runs on the host. Can't just read log files across that boundary.

Solution: two new config options in the agent config:

  • openclawDataDir — path to the mounted .openclaw data directory
  • openclawDockerContainer — container name for reading logs via docker logs

Falls back gracefully to ~/.openclaw for non-Docker setups.

Lessons Learned

  • When showing config edits, always show the full corrected config, not partial snippets. Users will add extra { } wrappers and break JSON parsing.
  • Docker container logs go to stdout. docker logs <name> is the way — there are no log files to read.
  • OpenClaw version detection: don't read package.json from a node installation path. Just run openclaw --version directly.

Two sessions, hundreds of lines of code, and the remote monitoring story is basically complete. Tomorrow: npm publish.