the claw for comfyui has opened

Author: rookiestar28

.detect-secrets.cfg

@@ -0,0 +1,49 @@
+# detect-secrets configuration
+# https://github.com/Yelp/detect-secrets
+
+[detect-secrets]
+version = 1.4.0
+
+# Plugins to use for scanning
+plugins_used:
+  - name: AWSKeyDetector
+  - name: AzureStorageKeyDetector
+  - name: BasicAuthDetector
+  - name: CloudantDetector
+  - name: DiscordBotTokenDetector
+  - name: GitHubTokenDetector
+  - name: HighEntropyStrings
+    limit: 4.5
+  - name: IbmCloudIamDetector
+  - name: IbmCosHmacDetector
+  - name: JwtTokenDetector
+  - name: KeywordDetector
+    keyword_exclude: ""
+  - name: MailchimpDetector
+  - name: NpmDetector
+  - name: OpenAIApiKeyDetector
+  - name: PrivateKeyDetector
+  - name: SendGridDetector
+  - name: SlackDetector
+  - name: SoftlayerDetector
+  - name: SquareOAuthDetector
+  - name: StripeDetector
+  - name: TwilioKeyDetector
+
+# Exclude patterns
+exclude_lines:
+  - "^\\s*#"
+  - "example.com"
+  - "your-api-key"
+  - "<token>"
+  - "<your.*>"
+  - "sk-xxx"
+
+# Exclude files
+exclude_files:
+  - ".*\\.secrets\\.baseline$"
+  - ".*\\.lock$"
+  - ".*\\.min\\.js$"
+  - ".*\\.(png|jpg|gif|ico|svg|woff2?)$"
+  - "^REFERENCE/"
+  - "^tests/fixtures/"

.gitattributes

@@ -0,0 +1,7 @@
+# Normalize line endings for cross-platform consistency (pre-commit safe on Windows).
+* text=auto eol=lf
+
+# Windows scripts should remain CRLF.
+*.bat text eol=crlf
+*.cmd text eol=crlf
+*.ps1 text eol=crlf

.github/workflows/ci.yml

@@ -0,0 +1,102 @@
+name: CI
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+      - master
+
+jobs:
+
+  import-smoke:
+    name: Import Smoke Test (ComfyUI loader)
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+      - name: Install import deps
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install numpy pillow
+      - name: Import smoke test
+        env:
+          MOLTBOT_STATE_DIR: ${{ github.workspace }}/moltbot_state/_ci_smoke
+        run: |
+          python -m unittest tests.test_comfyui_loader_import -v
+
+
+  frontend-e2e:
+    name: Frontend E2E (Playwright)
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+      - name: Install Node deps
+        run: |
+          npm install
+      - name: Install Playwright browsers
+        run: |
+          npx playwright install chromium
+      - name: Run E2E
+        run: |
+          npm test
+
+
+
+  unit-tests:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+      - name: Install test deps
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install numpy pillow
+      - name: Run unit tests
+        env:
+          MOLTBOT_STATE_DIR: ${{ github.workspace }}/moltbot_state/_ci_unit
+        run: |
+  security-audit:
+    name: Security Audit (S23)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+      - name: Frontend Audit (npm)
+        run: |
+          # Audit only production dependencies, ignore dev
+          npm audit --production || true
+          # Note: || true because audit often fails on harmless things.
+          # In strict mode, remove || true or configure exceptions.
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+      - name: Install pip-audit
+        run: pip install pip-audit
+      - name: Backend Audit (pip)
+        run: |
+          pip install -r requirements.txt || true
+          # Scan environment
+          pip-audit || true
+          # Again, allowing failure for now to avoid blocking CI on minor findings.

.github/workflows/pre-commit.yml

@@ -0,0 +1,30 @@
+# Pre-commit CI Workflow
+# Runs all pre-commit hooks on PRs for consistent code quality
+
+name: Pre-commit
+
+on:
+  pull_request:
+    branches: [main, master]
+  push:
+    branches: [main, master]
+
+jobs:
+  pre-commit:
+    name: Run Pre-commit Hooks
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install pre-commit
+        run: pip install pre-commit
+
+      - name: Run all pre-commit hooks
+        run: pre-commit run --all-files --show-diff-on-failure

.github/workflows/publish.yml

@@ -0,0 +1,28 @@
+name: Publish to Comfy registry
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+      - master
+    paths:
+      - "pyproject.toml"
+
+permissions:
+  issues: write
+
+jobs:
+  publish-node:
+    name: Publish Custom Node to registry
+    runs-on: ubuntu-latest
+    if: ${{ github.repository_owner == 'rookiestar28' }}
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Publish Custom Node
+        uses: Comfy-Org/publish-node-action@v1
+        with:
+          ## Add your own personal access token to your Github Repository secrets and reference it here.
+          personal_access_token: ${{ secrets.REGISTRY_ACCESS_TOKEN }}

.github/workflows/secret-scan.yml

@@ -0,0 +1,35 @@
+# Secret Scanning CI Workflow (S10)
+# Runs detect-secrets on pull requests to prevent accidental secret commits
+
+name: Secret Scan
+
+on:
+  pull_request:
+    branches: [main, master]
+  push:
+    branches: [main, master]
+
+jobs:
+  secret-scan:
+    name: Detect Secrets
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install detect-secrets and pre-commit
+        run: pip install detect-secrets==1.4.0 pre-commit
+
+      - name: Run pre-commit detect-secrets hook
+        run: |
+          # Run detect-secrets via pre-commit for consistent behavior
+          pre-commit run detect-secrets --all-files || {
+            echo "::error::Secrets detected! Run 'detect-secrets audit .secrets.baseline' locally to review."
+            exit 1
+          }

.gitignore

@@ -0,0 +1,32 @@
+__pycache__/
+*.py[cod]
+*.pyd
+.planning/
+.env
+.venv/
+venv/
+env/
+.pytest_cache/
+.mypy_cache/
+.ruff_cache/
+.tox/
+htmlcov/
+.coverage
+.coverage.*
+coverage.xml
+*.cover
+node_modules/
+playwright-report/
+test-results/
+playwright/.cache/
+openclaw_state/
+.tmp/
+*.log
+test_output.txt
+test_auth_out.txt
+.DS_Store
+.vscode/
+.idea/
+*.swp
+REFERENCE/
+AGENT_CONTEXT.md

.pre-commit-config.yaml

@@ -0,0 +1,49 @@
+# Pre-commit hooks configuration
+# https://pre-commit.com/
+#
+# Install: pip install pre-commit && pre-commit install
+# Update baseline: detect-secrets scan --baseline .secrets.baseline
+
+repos:
+  # Secret detection
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: v1.4.0
+    hooks:
+      - id: detect-secrets
+        args:
+          - --baseline
+          - .secrets.baseline
+        exclude: |
+          (?x)^(
+            REFERENCE/.*|
+            .*\.lock$|
+            .*\.min\.js$
+          )$
+
+  # Python code quality
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.5.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-json
+      - id: check-added-large-files
+        args: ['--maxkb=500']
+
+  # Python formatting (optional but recommended)
+  - repo: https://github.com/psf/black
+    rev: 24.1.1
+    hooks:
+      - id: black
+        language_version: python3
+        args: ['--check', '--diff']
+        # Remove --check --diff to auto-format
+
+  # Python import sorting
+  - repo: https://github.com/pycqa/isort
+    rev: 5.13.2
+    hooks:
+      - id: isort
+        args: ['--check-only', '--diff']
+        # Remove --check-only --diff to auto-sort

.secrets.baseline

@@ -0,0 +1,42 @@
+{
+  "version": "1.4.0",
+  "plugins_used": [
+    {"name": "AWSKeyDetector"},
+    {"name": "AzureStorageKeyDetector"},
+    {"name": "BasicAuthDetector"},
+    {"name": "CloudantDetector"},
+    {"name": "DiscordBotTokenDetector"},
+    {"name": "GitHubTokenDetector"},
+    {"name": "HighEntropyStrings", "limit": 4.5},
+    {"name": "IbmCloudIamDetector"},
+    {"name": "IbmCosHmacDetector"},
+    {"name": "JwtTokenDetector"},
+    {"name": "KeywordDetector"},
+    {"name": "MailchimpDetector"},
+    {"name": "NpmDetector"},
+    {"name": "OpenAIApiKeyDetector"},
+    {"name": "PrivateKeyDetector"},
+    {"name": "SendGridDetector"},
+    {"name": "SlackDetector"},
+    {"name": "SoftlayerDetector"},
+    {"name": "SquareOAuthDetector"},
+    {"name": "StripeDetector"},
+    {"name": "TwilioKeyDetector"}
+  ],
+  "filters_used": [
+    {"path": "detect_secrets.filters.allowlist.is_line_allowlisted"},
+    {"path": "detect_secrets.filters.common.is_baseline_file", "filename": ".secrets.baseline"},
+    {"path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies", "min_level": 2},
+    {"path": "detect_secrets.filters.heuristic.is_indirect_reference"},
+    {"path": "detect_secrets.filters.heuristic.is_likely_id_string"},
+    {"path": "detect_secrets.filters.heuristic.is_lock_file"},
+    {"path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"},
+    {"path": "detect_secrets.filters.heuristic.is_potential_uuid"},
+    {"path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"},
+    {"path": "detect_secrets.filters.heuristic.is_sequential_string"},
+    {"path": "detect_secrets.filters.heuristic.is_swagger_file"},
+    {"path": "detect_secrets.filters.heuristic.is_templated_secret"}
+  ],
+  "results": {},
+  "generated_at": "2026-01-28T11:35:00Z"
+}