feat: Clawdi platform integration patches

Four minimal patches for Clawdi's multi-tenant dashboard integration:

1. web_server.py: HERMES_SESSION_TOKEN env override — reverse-proxied
   deployments set a stable token so the SPA can authenticate across
   restarts (mirrors upstream PR NousResearch#9800 pattern).

2. web_server.py: load_hermes_dotenv() at module init — uvicorn launches
   web_server.py directly, bypassing hermes_cli/main.py where the dotenv
   loader normally runs. Without this, the HERMES_SESSION_TOKEN written
   to ~/.hermes/.env is never loaded into os.environ.

3. web_server.py: expose plain `value` field for non-password env vars
   in GET /api/env — lets the dashboard round-trip comma-separated
   allow-lists (TELEGRAM_ALLOWED_USERS, FEISHU_ALLOWED_USERS, etc.)
   without forcing users to retype them.

4. config.py: register FEISHU_ALLOWED_USERS in OPTIONAL_ENV_VARS — the
   Feishu gateway adapter reads this from os.getenv() but it was missing
   from the registration list, so GET /api/env never surfaced it.

Author: kingsleydon

hermes_cli/config.py

@@ -2349,6 +2349,21 @@ def _ensure_hermes_home_managed(home: Path):
         "category": "messaging",
         "advanced": True,
     },
+    # Feishu credentials (FEISHU_APP_ID / FEISHU_APP_SECRET / etc.) live
+    # in `_EXTRA_ENV_KEYS` because the canonical Feishu config path is
+    # `config.platforms.feishu.extra` (not env vars). The allow-list is
+    # the exception: `gateway/platforms/feishu.py` reads it ONLY from
+    # `os.getenv("FEISHU_ALLOWED_USERS")` (no `extra.allowed_users`
+    # fallback), so users have no way to set it without env support.
+    # Surface it here so the dashboard can display and round-trip the
+    # current list like the other platforms' allowed-users entries.
+    "FEISHU_ALLOWED_USERS": {
+        "description": "Comma-separated Feishu open IDs allowed to use the bot",
+        "prompt": "Allowed Feishu open IDs (comma-separated)",
+        "url": "https://open.feishu.cn",
+        "password": False,
+        "category": "messaging",
+    },
     "GATEWAY_ALLOW_ALL_USERS": {
         "description": "Allow all users to interact with messaging bots (true/false). Default: false.",
         "prompt": "Allow all users (true/false)",

hermes_cli/web_server.py

@@ -47,8 +47,23 @@
     check_config_version,
     redact_key,
 )
+from hermes_cli.env_loader import load_hermes_dotenv
 from gateway.status import get_running_pid, read_runtime_status
 
+# Load `~/.hermes/.env` into ``os.environ`` before any module-level reads
+# of ``HERMES_SESSION_TOKEN`` (or any other secret used by this module).
+#
+# The `hermes` CLI entry point already does this in ``hermes_cli/main.py``,
+# but the standalone uvicorn launcher (``uvicorn hermes_cli.web_server:app``)
+# bypasses ``main.py`` and so never gets a chance to load the dotenv file.
+# Without this call, reverse-proxied deployments that store
+# ``HERMES_SESSION_TOKEN`` in ``~/.hermes/.env`` would silently fall back
+# to the random token and break cross-origin auth on every restart.
+#
+# The ``project_env`` argument mirrors the CLI's call site so development
+# checkouts see the same precedence order in both launch paths.
+load_hermes_dotenv(project_env=PROJECT_ROOT / ".env")
+
 try:
     from fastapi import FastAPI, HTTPException, Request, WebSocket, WebSocketDisconnect
     from fastapi.middleware.cors import CORSMiddleware
@@ -67,11 +82,21 @@
 app = FastAPI(title="Hermes Agent", version=__version__)
 
 # ---------------------------------------------------------------------------
-# Session token for protecting sensitive endpoints (reveal).
-# Generated fresh on every server start — dies when the process exits.
-# Injected into the SPA HTML so only the legitimate web UI can use it.
+# Session token for protecting sensitive /api/* endpoints.
+#
+# By default, generated fresh on every server start and dies with the
+# process — injected into the SPA HTML so the legitimate same-origin
+# web UI picks it up without any external coordination. This is the
+# single-user ``hermes web`` flow: one process, one SPA, same token.
+#
+# For reverse-proxied deployments where the UI lives on a different
+# origin (e.g. a platform dashboard talking to many per-pod Hermes
+# instances over the network), the downstream caller can't read the
+# HTML injection, so it sets ``HERMES_SESSION_TOKEN`` to a stable
+# value both sides share. Falls back to the random default when the
+# env var is unset, preserving stand-alone CLI behavior.
 # ---------------------------------------------------------------------------
-_SESSION_TOKEN = secrets.token_urlsafe(32)
+_SESSION_TOKEN = os.environ.get("HERMES_SESSION_TOKEN") or secrets.token_urlsafe(32)
 _SESSION_HEADER_NAME = "X-Hermes-Session-Token"
 
 # In-browser Chat tab (/chat, /api/pty, …).  Off unless ``hermes dashboard --tui``
@@ -1219,13 +1244,21 @@ async def get_env_vars():
     result = {}
     for var_name, info in OPTIONAL_ENV_VARS.items():
         value = env_on_disk.get(var_name)
+        is_password = info.get("password", False)
         result[var_name] = {
             "is_set": bool(value),
             "redacted_value": redact_key(value) if value else None,
+            # Plain on-disk value for non-secret fields (allow-lists,
+            # mode flags, account IDs). Lets reverse-proxied dashboards
+            # round-trip these in form inputs without forcing the user
+            # to retype on every edit. Password-flagged fields stay None
+            # and must still go through the rate-limited /api/env/reveal
+            # endpoint with audit logging.
+            "value": value if (value and not is_password) else None,
             "description": info.get("description", ""),
             "url": info.get("url"),
             "category": info.get("category", ""),
-            "is_password": info.get("password", False),
+            "is_password": is_password,
             "tools": info.get("tools", []),
             "advanced": info.get("advanced", False),
         }