CLI: Auth fails due to redirect from clawhub.ai to www.clawhub.ai

[udiedrichsen]

Bug Description

The clawdhub CLI fails to authenticate when using clawhub.ai as the registry URL because of a redirect to www.clawhub.ai that loses the Authorization header.

Steps to Reproduce

1. Create an API token on clawhub.ai
2. Run clawdhub login --token <token>
3. Run clawdhub whoami

Result: ✖ Unauthorized

Root Cause

# This fails (307 redirect loses auth header):
curl -H "Authorization: Bearer <token>" https://clawhub.ai/api/v1/whoami
# Returns: Redirecting... → 401 Unauthorized

# This works:
curl -H "Authorization: Bearer <token>" https://www.clawhub.ai/api/v1/whoami
# Returns: {"user":{"handle":"..."}}

The redirect from clawhub.ai to www.clawhub.ai strips the Authorization header.

Workaround

Use --registry https://www.clawhub.ai flag:

clawdhub whoami --registry "https://www.clawhub.ai"
clawdhub publish . --registry "https://www.clawhub.ai"

Or update ~/.config/clawdhub/config.json:

{
  "registry": "https://www.clawhub.ai",
  "token": "..."
}

Suggested Fix

Either:

1. Change default registry URL in CLI to https://www.clawhub.ai
2. Or remove the redirect on the server side
3. Or ensure the redirect preserves headers

Environment

• clawdhub CLI: v0.3.0
• Node.js: v24.12.0
• OS: Ubuntu (ARM64)

[xolom]

+1