fixed bootrap agendt and aria-setup for permissions

aria-setup.sh

@@ -9,7 +9,7 @@ echo "=== ARIA Setup ==="
 echo ""
 
 # Warten bis aria-core laeuft
-echo "[1/5] Warte auf aria-core..."
+echo "[1/7] Warte auf aria-core..."
 until docker inspect -f '{{.State.Running}}' aria-core 2>/dev/null | grep -q true; do
   sleep 2
   echo "  ... warte..."
@@ -18,19 +18,23 @@ echo "  aria-core laeuft."
 
 # Permissions fixen — Docker-Volumes gehoeren root, OpenClaw laeuft als node
 echo ""
-echo "[2/5] Fixe Permissions auf /home/node/.openclaw und /home/node/.claude..."
+echo "[2/7] Fixe Permissions auf /home/node/.openclaw und /home/node/.claude..."
 docker exec -u root aria-core chown -R node:node /home/node/.openclaw
 docker exec -u root aria-core chown -R node:node /home/node/.claude 2>/dev/null || true
+docker exec -u root aria-core chmod 700 /home/node/.openclaw
 echo "  Permissions OK."
 
 # OpenClaw Config schreiben — Custom Provider fuer claude-max-api-proxy
 echo ""
-echo "[3/5] Schreibe openclaw.json (Proxy-Provider + Model)..."
+echo "[3/7] Schreibe openclaw.json (Proxy-Provider + Model + Tools)..."
 docker exec aria-core sh -c 'cat > /home/node/.openclaw/openclaw.json << '"'"'INNEREOF'"'"'
 {
   "meta": {
     "lastTouchedVersion": "2026.3.8"
   },
+  "gateway": {
+    "mode": "local"
+  },
   "agents": {
     "defaults": {
       "model": {
@@ -58,6 +62,17 @@ docker exec aria-core sh -c 'cat > /home/node/.openclaw/openclaw.json << '"'"'IN
       }
     }
   },
+  "tools": {
+    "profile": "full",
+    "web": {
+      "fetch": {
+        "enabled": true
+      }
+    },
+    "exec": {
+      "host": "gateway"
+    }
+  },
   "messages": {
     "ackReactionScope": "all"
   },
@@ -66,22 +81,22 @@ docker exec aria-core sh -c 'cat > /home/node/.openclaw/openclaw.json << '"'"'IN
     "nativeSkills": "auto",
     "restart": true,
     "ownerDisplay": "raw"
-  },
+  }
 }
 INNEREOF'
 echo "  Config geschrieben."
 
-# Tools via openclaw config set (ueberlebt Migrationen)
-echo "  Aktiviere exec-Tool..."
-docker exec aria-core openclaw config set tools.exec.host gateway
-docker exec aria-core openclaw config set tools.exec.ask off
-echo "  exec-Tool aktiviert."
+# Exec-Approvals Wildcard — erlaubt Tool-Ausfuehrung im headless-Modus
+echo ""
+echo "[4/7] Setze exec-approvals Wildcard..."
+docker exec aria-core openclaw approvals allowlist add --agent "*" "*" 2>/dev/null || true
+echo "  Approvals gesetzt."
 
 # SSH-Key generieren fuer VM-Zugriff
 SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
 SSH_DIR="$SCRIPT_DIR/aria-data/ssh"
 echo ""
-echo "[4/5] SSH-Key fuer VM-Zugriff..."
+echo "[5/7] SSH-Key fuer VM-Zugriff..."
 if [ ! -f "$SSH_DIR/id_ed25519" ]; then
   ssh-keygen -t ed25519 -f "$SSH_DIR/id_ed25519" -N "" -C "aria@aria-wohnung"
   cat > "$SSH_DIR/config" << 'SSHEOF'
@@ -105,16 +120,20 @@ else
 fi
 
 # Permissions im Container fixen
+echo ""
+echo "[6/7] Fixe SSH-Permissions..."
 docker exec -u root aria-core chown -R node:node /home/node/.ssh 2>/dev/null || true
 
 # Neustart damit Gateway die Config laedt
 echo ""
-echo "[5/5] Starte aria-core neu..."
+echo "[7/7] Starte aria-core neu..."
 docker restart aria-core
 
 echo ""
 echo "=== Setup fertig ==="
+echo ""
 echo "Teste mit: docker logs aria-core --tail 20"
 echo "Erwartete Zeile: 'agent model: proxy/claude-sonnet-4'"
 echo ""
-echo "SSH-Test: docker exec aria-core ssh aria-wohnung hostname"
+echo "SSH-Test:  docker exec aria-core ssh aria-wohnung hostname"
+echo "Tool-Test: Neue Session anlegen, dann 'Wie wird das Wetter in Bremen?' fragen"