limbo-ai 1.31.0 → 2026.4.1

package/Dockerfile

@@ -0,0 +1,116 @@
+# syntax=docker/dockerfile:1
+
+# OpenClaw version — pin to avoid surprise upgrades in production
+ARG OPENCLAW_VERSION=latest
+
+# ──────────────────────────────────────────────
+# Stage 1: deps — build MCP server native addons
+# better-sqlite3 requires python3/make/g++ for node-gyp compilation.
+# This stage is discarded after extracting node_modules.
+# ──────────────────────────────────────────────
+FROM node:22-slim AS deps
+
+# Build tools for native addons (better-sqlite3 requires compilation)
+RUN apt-get update && apt-get install -y --no-install-recommends python3 make g++ && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /build
+
+# Copy MCP server manifest and lockfile (layer cached unless these change)
+COPY mcp-server/package.json mcp-server/package-lock.json* ./mcp-server/
+
+# Install deps without running lifecycle scripts, then rebuild better-sqlite3
+# native addon explicitly. Verify with an in-memory open/close smoke test.
+RUN cd mcp-server \
+  && npm ci --omit=dev --ignore-scripts \
+  && cd node_modules/better-sqlite3 \
+  && npx node-gyp rebuild --release \
+  && cd /build \
+  && node -e "const d=require('/build/mcp-server/node_modules/better-sqlite3');const db=d(':memory:');db.close();console.log('better-sqlite3 OK')"
+
+# ──────────────────────────────────────────────
+# Stage 2: runtime — OpenClaw + MCP server + workspace
+# Migrated from ZeroClaw (Rust binary) to OpenClaw (Node.js npm package).
+# OpenClaw is installed globally via npm — no custom binary build needed.
+# ──────────────────────────────────────────────
+FROM node:22-slim AS runtime
+
+ARG OPENCLAW_VERSION
+
+# Runtime system deps:
+#   gettext-base — envsubst for config template rendering
+#   tzdata       — timezone support
+#   tini         — minimal init for proper signal handling (PID 1 reaping)
+#   libssl3      — OpenSSL 3 shared lib needed by OpenClaw's ACP runtime (codex-acp)
+#   python3      — required by OpenClaw's pinned-write-helper for safe atomic file writes
+RUN apt-get update && apt-get install -y --no-install-recommends gettext-base tzdata tini libssl3 python3 ca-certificates && rm -rf /var/lib/apt/lists/* \
+  && groupadd -r limbo && useradd --create-home -r -g limbo limbo
+
+# Install OpenClaw globally — replaces the ZeroClaw Rust binary.
+# Pinned via OPENCLAW_VERSION build arg (default: latest).
+# @googleworkspace/cli (gws) — Google Calendar integration (optional feature).
+RUN npm install -g "openclaw@${OPENCLAW_VERSION}" "@googleworkspace/cli"
+
+# Apply local patch for openclaw#63851 — the guarded fetch drops FormData fields,
+# breaking Groq audio transcription. Remove this once upstream PR #64349 ships in
+# a released openclaw version; the patcher is idempotent and fails loudly if
+# the openclaw code shape has changed.
+COPY scripts/patch-openclaw-audio.mjs /tmp/patch-openclaw-audio.mjs
+RUN node /tmp/patch-openclaw-audio.mjs && rm /tmp/patch-openclaw-audio.mjs
+
+# App directories
+WORKDIR /app
+
+# MCP server: source code first, then node_modules from deps stage (overrides host binaries)
+COPY --chown=limbo:limbo mcp-server/ ./mcp-server/
+COPY --from=deps /build/mcp-server/node_modules ./mcp-server/node_modules
+
+# Setup wizard server (zero dependencies — plain Node.js HTTP server)
+COPY --chown=limbo:limbo setup-server/ /app/setup-server/
+
+# System workspace files (product-owned, root-owned for read-only enforcement via symlinks)
+COPY workspace/system/ ./workspace/system/
+
+# Skills (product-owned, synced to OpenClaw workspace on boot by entrypoint)
+COPY workspace/skills/ ./workspace/skills/
+
+# User workspace templates (limbo-owned, seeded on first run)
+COPY --chown=limbo:limbo workspace/templates/ ./workspace/templates/
+
+# Migration runner (no external deps — pure Node.js stdlib)
+COPY --chown=limbo:limbo migrations/ ./migrations/
+
+# Shared libs (telegram-notify, wakeup routine)
+COPY --chown=limbo:limbo lib/ ./lib/
+
+# Package metadata (version read by wakeup routine)
+COPY --chown=limbo:limbo package.json ./package.json
+
+# User-facing release notes (parsed by wakeup routine for update messages)
+COPY --chown=limbo:limbo RELEASES.md ./RELEASES.md
+
+# OpenClaw config template (populated by entrypoint from env vars)
+COPY --chown=limbo:limbo openclaw.json.template ./openclaw.json.template
+
+# Entrypoint script
+COPY scripts/entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+# Pre-create dirs with correct ownership for image-layer defaults
+RUN mkdir -p /data && chown limbo:limbo /data
+RUN mkdir -p /flags && chown limbo:limbo /flags
+RUN mkdir -p /home/limbo/.openclaw && chown limbo:limbo /home/limbo/.openclaw
+# Fix npm cache ownership — npm install -g runs as root but limbo user needs write access at runtime
+RUN mkdir -p /home/limbo/.npm && chown -R limbo:limbo /home/limbo/.npm
+RUN chown limbo:limbo /app
+
+# Data volume — vault, db, config, memory, backups, logs
+VOLUME ["/data"]
+
+# OpenClaw gateway port
+EXPOSE 18789
+
+# Run as non-root limbo user
+USER limbo
+
+# tini as init process for proper signal forwarding and zombie reaping
+ENTRYPOINT ["/usr/bin/tini", "--", "/entrypoint.sh"]

package/RELEASES.md

@@ -0,0 +1,32 @@
+# Limbo Releases
+
+> User-facing changelog. The section for the latest version (above the first `---`)
+> is sent to users as the update notification in Telegram. Keep it non-technical
+> and human-readable. Technical details go below the `---` separator.
+>
+> Format:
+> ```
+> ## vX.Y.Z
+>
+> - Human-readable change 1
+> - Human-readable change 2
+>
+> ---
+>
+> ### Technical changelog
+> - feat: technical description (#PR)
+> - fix: technical description (#PR)
+> ```
+
+## v1.30.0
+
+- Limbo now notifies you when a new version is available
+- You can update directly from Telegram with one tap
+- Improved startup reliability
+
+---
+
+### Technical changelog
+- feat: update notification system with wakeup routine
+- feat: update_instance MCP tool + flag-file bridge to host
+- feat: telegram-notify lib for deterministic system messages

package/cli.js

@@ -23,8 +23,10 @@ const LIMBO_DIR = (() => {
 })();
 const VAULT_DIR = path.join(LIMBO_DIR, 'vault');
 const OPENCLAW_STATE_DIR = path.join(LIMBO_DIR, 'openclaw-state');
+const FLAGS_DIR = path.join(LIMBO_DIR, 'flags');
 const SECRETS_DIR = path.join(LIMBO_DIR, 'secrets');
-const ENV_FILE = path.join(LIMBO_DIR, '.env');
+const CONFIG_DIR = path.join(LIMBO_DIR, 'config');
+const ENV_FILE = path.join(CONFIG_DIR, '.env');
 const COMPOSE_FILE = path.join(LIMBO_DIR, 'docker-compose.yml');
 const DEFAULT_REGISTRY = 'registry.gitlab.com/tomas209/limbo';
 const REGISTRY_IMAGE = process.env.LIMBO_REGISTRY || DEFAULT_REGISTRY;
@@ -184,6 +186,8 @@ function composeContent() {
       - limbo-data:/data
       - ${VAULT_DIR}:/data/vault
       - ${OPENCLAW_STATE_DIR}:/home/limbo/.openclaw
+      - ${CONFIG_DIR}:/data/config
+      - ${FLAGS_DIR}:/flags
     secrets:
       - llm_api_key
       - telegram_bot_token
@@ -191,14 +195,14 @@ function composeContent() {
       - groq_api_key
       - brave_api_key
     env_file:
-      - ${LIMBO_DIR}/.env
+      - ${ENV_FILE}
     environment:
       LIMBO_PORT: "${PORT}"
       NODE_OPTIONS: "\${LIMBO_NODE_OPTIONS:---max-old-space-size=512}"
 ${resolveExtraEnv()}    healthcheck:
       test:
         - CMD-SHELL
-        - node -e "fetch('http://localhost:'\${LIMBO_PORT:-18789}'/healthz').then(r=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))"
+        - node -e "fetch('http://localhost:${PORT}/healthz').then(r=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))"
       interval: 10s
       timeout: 5s
       retries: 3
@@ -246,6 +250,8 @@ function composeContentHardened() {
       - limbo-data:/data
       - ${VAULT_DIR}:/data/vault
       - ${OPENCLAW_STATE_DIR}:/home/limbo/.openclaw
+      - ${CONFIG_DIR}:/data/config
+      - ${FLAGS_DIR}:/flags
     secrets:
       - llm_api_key
       - telegram_bot_token
@@ -253,7 +259,7 @@ function composeContentHardened() {
       - groq_api_key
       - brave_api_key
     env_file:
-      - ${LIMBO_DIR}/.env
+      - ${ENV_FILE}
     environment:
       LIMBO_PORT: "${PORT}"
       NODE_OPTIONS: "\${LIMBO_NODE_OPTIONS:---max-old-space-size=512}"
@@ -265,7 +271,7 @@ ${resolveExtraEnv()}    networks:
     healthcheck:
       test:
         - CMD-SHELL
-        - node -e "fetch('http://localhost:'\${LIMBO_PORT:-18789}'/healthz').then(r=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))"
+        - node -e "fetch('http://localhost:${PORT}/healthz').then(r=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))"
       interval: 10s
       timeout: 5s
       retries: 3
@@ -762,6 +768,7 @@ function normalizeConfig(cfg, existingEnv = {}) {
     GATEWAY_TOKEN: gatewayToken,
     VOICE_ENABLED: cfg.voiceEnabled || existingEnv.VOICE_ENABLED || 'false',
     WEB_SEARCH_ENABLED: cfg.webSearchEnabled || existingEnv.WEB_SEARCH_ENABLED || 'false',
+    GOOGLE_CALENDAR_ENABLED: cfg.googleCalendarEnabled || existingEnv.GOOGLE_CALENDAR_ENABLED || 'false',
   };
 
   return base;
@@ -1105,8 +1112,17 @@ function ensureComposeFile(hardened = false) {
   fs.mkdirSync(path.join(VAULT_DIR, 'notes'), { recursive: true });
   fs.mkdirSync(path.join(VAULT_DIR, 'maps'), { recursive: true });
   fs.mkdirSync(OPENCLAW_STATE_DIR, { recursive: true });
+  fs.mkdirSync(FLAGS_DIR, { recursive: true });
   migrateLegacyState();
   fs.mkdirSync(SECRETS_DIR, { recursive: true, mode: 0o700 });
+  // Ensure config dir and .env exist (bind-mounted into container as /data/config/)
+  fs.mkdirSync(CONFIG_DIR, { recursive: true });
+  // Migrate legacy .env from LIMBO_DIR root to config/ subdir
+  const legacyEnv = path.join(LIMBO_DIR, '.env');
+  if (legacyEnv !== ENV_FILE && fs.existsSync(legacyEnv) && !fs.existsSync(ENV_FILE)) {
+    fs.renameSync(legacyEnv, ENV_FILE);
+  }
+  if (!fs.existsSync(ENV_FILE)) fs.writeFileSync(ENV_FILE, '', { mode: 0o600 });
   // Ensure secret files exist (Docker Compose secrets require the files to be present)
   for (const name of ['llm_api_key', 'telegram_bot_token', 'gateway_token', 'groq_api_key', 'brave_api_key']) {
     const fp = path.join(SECRETS_DIR, name);
@@ -2140,19 +2156,22 @@ function cmdUpdate() {
     return;
   }
 
-  // Patch image tag to :latest in existing compose files (handles upgrades from pinned tags)
-  let compose = fs.readFileSync(COMPOSE_FILE, 'utf8');
-  // Migrate from any old registry (ghcr.io, pinned tags) to current REGISTRY_IMAGE
-  const patched = compose.replace(
-    /image:\s*(?:ghcr\.io\/tomasward1\/limbo|registry\.gitlab\.com\/tomas209\/limbo):\S+/g,
-    `image: ${REGISTRY_IMAGE}:${DEFAULT_TAG}`
-  );
-  if (patched !== compose) {
-    compose = patched;
-    fs.writeFileSync(COMPOSE_FILE, compose);
-    log(`Patched compose image to ${REGISTRY_IMAGE}:${DEFAULT_TAG}`);
+  // Restore PORT from existing .env so the regenerated compose uses the right port.
+  const existingEnv = parseEnvFile();
+  if (existingEnv.LIMBO_PORT) {
+    const parsed = parseInt(existingEnv.LIMBO_PORT, 10);
+    if (Number.isFinite(parsed) && parsed >= 1 && parsed <= 65535) PORT = parsed;
   }
 
+  // Regenerate compose file from current template. This handles:
+  //   - ZeroClaw → OpenClaw migration (volume mounts, healthcheck)
+  //   - Image registry/tag updates
+  //   - Any new compose changes shipped with the CLI
+  // Detect hardened mode from existing compose (squid sidecar present).
+  const existingCompose = fs.readFileSync(COMPOSE_FILE, 'utf8');
+  const hardened = existingCompose.includes('squid:');
+  ensureComposeFile(hardened);
+
   log('Pulling latest image...');
   run(`docker compose -f "${COMPOSE_FILE}" pull -q`);
   log('Restarting...');
@@ -2264,6 +2283,122 @@ ${c.bold}Usage:${c.reset}
   }
 }
 
+async function cmdSwitchBrain() {
+  const existingEnv = parseEnvFile();
+  if (!existingEnv.MODEL_PROVIDER) {
+    die('No existing configuration found. Run `limbo start` first to set up.');
+  }
+
+  // Resolve port from existing config before generating compose file
+  if (existingEnv.LIMBO_PORT) {
+    const parsed = parseInt(existingEnv.LIMBO_PORT, 10);
+    if (Number.isFinite(parsed) && parsed >= 1 && parsed <= 65535) PORT = parsed;
+  }
+
+  ensureComposeFile(false);
+
+  const lang = existingEnv.CLI_LANGUAGE || 'en';
+  const currentProvider = existingEnv.MODEL_PROVIDER || 'unknown';
+  const currentModel = existingEnv.MODEL_NAME || 'unknown';
+
+  header(lang === 'es' ? 'Cambiar Proveedor' : 'Switch Provider');
+  console.log(`  ${c.dim}${lang === 'es' ? 'Proveedor actual' : 'Current provider'}: ${c.reset}${c.bold}${currentProvider}${c.reset} (${currentModel})\n`);
+
+  const envContent = fs.readFileSync(ENV_FILE, 'utf8');
+  const cleaned = envContent
+    .replace(/^SWITCH_BRAIN_MODE=.*\n?/gm, '')
+    .replace(/^AUTH_MODE=.*\n?/gm, '')
+    .replace(/^MODEL_PROVIDER=.*\n?/gm, '')
+    .replace(/^MODEL_NAME=.*\n?/gm, '');
+  fs.writeFileSync(ENV_FILE, cleaned + 'SWITCH_BRAIN_MODE=true\n', { mode: 0o600 });
+
+  pullOrBuildImage(lang);
+  ensureVolumePermissions();
+
+  log(lang === 'es' ? 'Iniciando wizard de cambio de proveedor...' : 'Starting provider switch wizard...');
+  const upResult = runDockerCompose(['up', '-d', '--remove-orphans', '--force-recreate'], { stdio: 'pipe' });
+  if (upResult.status !== 0) {
+    process.stderr.write(upResult.stderr || '');
+    die('Container failed to start. Run `limbo logs` to investigate.');
+  }
+
+  const wizardUrl = extractWizardUrl();
+
+  let tunnel = null;
+  if (isServerEnvironment() || process.argv.includes('--tunnel')) {
+    tunnel = await createSetupTunnel(PORT);
+  }
+
+  const displayUrl = wizardUrl || `http://127.0.0.1:${PORT}`;
+  if (!wizardUrl) {
+    warn('Could not extract setup token from container logs.');
+  }
+  printWizardUrl(displayUrl, tunnel);
+
+  try {
+    const envAfter = fs.readFileSync(ENV_FILE, 'utf8');
+    const final = envAfter.replace(/^SWITCH_BRAIN_MODE=.*\n?/gm, '');
+    if (final !== envAfter) fs.writeFileSync(ENV_FILE, final, { mode: 0o600 });
+  } catch {}
+}
+
+async function cmdConnectCalendar() {
+  const existingEnv = parseEnvFile();
+  if (!existingEnv.MODEL_PROVIDER) {
+    die('No existing configuration found. Run `limbo start` first to set up.');
+  }
+
+  if (existingEnv.GOOGLE_CALENDAR_ENABLED === 'true') {
+    ok('Google Calendar is already connected.');
+    return;
+  }
+
+  // Resolve port from existing config
+  if (existingEnv.LIMBO_PORT) {
+    const parsed = parseInt(existingEnv.LIMBO_PORT, 10);
+    if (Number.isFinite(parsed) && parsed >= 1 && parsed <= 65535) PORT = parsed;
+  }
+
+  ensureComposeFile(false);
+
+  const lang = existingEnv.CLI_LANGUAGE || 'en';
+  header(lang === 'es' ? 'Conectar Google Calendar' : 'Connect Google Calendar');
+
+  // Write CONNECT_CALENDAR_MODE to .env (preserve existing config)
+  const envContent = fs.readFileSync(ENV_FILE, 'utf8');
+  const cleaned = envContent.replace(/^CONNECT_CALENDAR_MODE=.*\n?/gm, '');
+  fs.writeFileSync(ENV_FILE, cleaned + 'CONNECT_CALENDAR_MODE=true\n', { mode: 0o600 });
+
+  pullOrBuildImage(lang);
+  ensureVolumePermissions();
+
+  log(lang === 'es' ? 'Iniciando wizard de Google Calendar...' : 'Starting Google Calendar setup wizard...');
+  const upResult = runDockerCompose(['up', '-d', '--remove-orphans', '--force-recreate'], { stdio: 'pipe' });
+  if (upResult.status !== 0) {
+    process.stderr.write(upResult.stderr || '');
+    die('Container failed to start. Run `limbo logs` to investigate.');
+  }
+
+  const wizardUrl = extractWizardUrl();
+
+  let tunnel = null;
+  if (isServerEnvironment() || process.argv.includes('--tunnel')) {
+    tunnel = await createSetupTunnel(PORT);
+  }
+
+  const displayUrl = wizardUrl || `http://127.0.0.1:${PORT}`;
+  if (!wizardUrl) {
+    warn('Could not extract setup token from container logs.');
+  }
+  printWizardUrl(displayUrl, tunnel);
+
+  try {
+    const envAfter = fs.readFileSync(ENV_FILE, 'utf8');
+    const final = envAfter.replace(/^CONNECT_CALENDAR_MODE=.*\n?/gm, '');
+    if (final !== envAfter) fs.writeFileSync(ENV_FILE, final, { mode: 0o600 });
+  } catch {}
+}
+
 function cmdHelp() {
   console.log(`
 ${c.bold}limbo${c.reset} - personal AI memory agent
@@ -2277,8 +2412,10 @@ ${c.bold}Commands:${c.reset}
   logs          Tail container logs
   update        Pull latest image and restart
   status        Show container status
-  config        Configure optional features (voice, web-search)
-  help          Show this help
+  config             Configure optional features (voice, web-search)
+  switch-brain       Change your AI provider (opens a quick wizard)
+  connect-calendar   Connect Google Calendar (opens a quick wizard)
+  help               Show this help
 
 ${c.bold}Flags:${c.reset}
   --cli                Use interactive CLI prompts instead of the web setup wizard
@@ -2402,6 +2539,8 @@ if (require.main === module) {
       case 'update':  cmdUpdate(); break;
       case 'status':  cmdStatus(); break;
       case 'config':  cmdConfig(); break;
+      case 'switch-brain': await cmdSwitchBrain(); break;
+      case 'connect-calendar': await cmdConnectCalendar(); break;
       case 'version':
       case '--version':
       case '-v':      console.log(require('./package.json').version); break;

package/lib/telegram-notify.js

@@ -0,0 +1,97 @@
+/**
+ * telegram-notify.js — Deterministic Telegram messaging via Bot API.
+ *
+ * Sends messages directly through the Telegram HTTP API without depending on
+ * OpenClaw or any agent runtime.  Used by the wakeup routine (entrypoint) and
+ * the update_instance MCP tool for system-level notifications that MUST fire.
+ *
+ * Requires two secrets:
+ *   - telegram_bot_token
+ *   - telegram_chat_id
+ *
+ * Both are written by the setup wizard (setup-server/server.js) during initial
+ * Telegram pairing and persisted in the OpenClaw secrets directory.
+ */
+
+const https = require("node:https");
+const fs = require("node:fs");
+const path = require("node:path");
+
+const STATE_DIR =
+  process.env.OPENCLAW_STATE_DIR || "/home/limbo/.openclaw";
+const SECRETS_DIR = path.join(STATE_DIR, "secrets");
+
+function readSecret(name) {
+  // Docker secrets take priority, then OpenClaw secrets dir
+  for (const dir of ["/run/secrets", SECRETS_DIR]) {
+    const p = path.join(dir, name);
+    try {
+      const v = fs.readFileSync(p, "utf8").trim();
+      if (v) return v;
+    } catch {
+      // not found — try next
+    }
+  }
+  return "";
+}
+
+/**
+ * Send a Telegram message via the Bot API.
+ *
+ * @param {string} text        — Message text (supports MarkdownV2 if parse_mode set)
+ * @param {object} [options]   — Extra sendMessage params (parse_mode, reply_markup, etc.)
+ * @returns {Promise<object>}  — Telegram API response body
+ */
+function sendMessage(text, options = {}) {
+  const token = readSecret("telegram_bot_token");
+  const chatId = readSecret("telegram_chat_id");
+
+  if (!token || !chatId) {
+    return Promise.reject(
+      new Error("telegram-notify: missing bot_token or chat_id in secrets")
+    );
+  }
+
+  const body = JSON.stringify({
+    chat_id: chatId,
+    text,
+    ...options,
+  });
+
+  return new Promise((resolve, reject) => {
+    const req = https.request(
+      {
+        hostname: "api.telegram.org",
+        path: `/bot${token}/sendMessage`,
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          "Content-Length": Buffer.byteLength(body),
+        },
+        timeout: 10000,
+      },
+      (res) => {
+        let data = "";
+        res.on("data", (chunk) => (data += chunk));
+        res.on("end", () => {
+          try {
+            const parsed = JSON.parse(data);
+            if (parsed.ok) resolve(parsed);
+            else reject(new Error(`Telegram API error: ${data}`));
+          } catch {
+            reject(new Error(`Telegram API parse error: ${data}`));
+          }
+        });
+      }
+    );
+    req.on("error", reject);
+    req.on("timeout", () => {
+      req.destroy();
+      reject(new Error("telegram-notify: request timed out"));
+    });
+    req.write(body);
+    req.end();
+  });
+}
+
+module.exports = { sendMessage, readSecret };