limbo-ai 1.32.0 → 2026.4.2

package/Dockerfile

@@ -0,0 +1,123 @@
+# syntax=docker/dockerfile:1
+
+# OpenClaw version — pin to avoid surprise upgrades in production
+ARG OPENCLAW_VERSION=latest
+
+# ──────────────────────────────────────────────
+# Stage 1: deps — build MCP server native addons
+# better-sqlite3 requires python3/make/g++ for node-gyp compilation.
+# This stage is discarded after extracting node_modules.
+# ──────────────────────────────────────────────
+FROM node:22-slim AS deps
+
+# Build tools for native addons (better-sqlite3 requires compilation)
+RUN apt-get update && apt-get install -y --no-install-recommends python3 make g++ && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /build
+
+# Copy MCP server manifest and lockfile (layer cached unless these change)
+COPY mcp-server/package.json mcp-server/package-lock.json* ./mcp-server/
+
+# Install deps without running lifecycle scripts, then rebuild better-sqlite3
+# native addon explicitly. Verify with an in-memory open/close smoke test.
+RUN cd mcp-server \
+  && npm ci --omit=dev --ignore-scripts \
+  && cd node_modules/better-sqlite3 \
+  && npx node-gyp rebuild --release \
+  && cd /build \
+  && node -e "const d=require('/build/mcp-server/node_modules/better-sqlite3');const db=d(':memory:');db.close();console.log('better-sqlite3 OK')"
+
+# ──────────────────────────────────────────────
+# Stage 2: runtime — OpenClaw + MCP server + workspace
+# Migrated from ZeroClaw (Rust binary) to OpenClaw (Node.js npm package).
+# OpenClaw is installed globally via npm — no custom binary build needed.
+# ──────────────────────────────────────────────
+FROM node:22-slim AS runtime
+
+ARG OPENCLAW_VERSION
+
+# Runtime system deps:
+#   gettext-base — envsubst for config template rendering
+#   tzdata       — timezone support
+#   tini         — minimal init for proper signal handling (PID 1 reaping)
+#   libssl3      — OpenSSL 3 shared lib needed by OpenClaw's ACP runtime (codex-acp)
+#   python3      — required by OpenClaw's pinned-write-helper for safe atomic file writes
+RUN apt-get update && apt-get install -y --no-install-recommends gettext-base tzdata tini libssl3 python3 ca-certificates && rm -rf /var/lib/apt/lists/* \
+  && groupadd -r limbo && useradd --create-home -r -g limbo limbo
+
+# Install OpenClaw globally — replaces the ZeroClaw Rust binary.
+# Pinned via OPENCLAW_VERSION build arg (default: latest).
+# @googleworkspace/cli (gws) — Google Calendar integration (optional feature).
+RUN npm install -g "openclaw@${OPENCLAW_VERSION}" "@googleworkspace/cli"
+
+# Apply local patch for openclaw#63851 — the guarded fetch drops FormData fields,
+# breaking Groq audio transcription. Remove this once upstream PR #64349 ships in
+# a released openclaw version; the patcher is idempotent and fails loudly if
+# the openclaw code shape has changed.
+COPY scripts/patch-openclaw-audio.mjs /tmp/patch-openclaw-audio.mjs
+RUN node /tmp/patch-openclaw-audio.mjs && rm /tmp/patch-openclaw-audio.mjs
+
+# App directories
+WORKDIR /app
+
+# MCP server: source code first, then node_modules from deps stage (overrides host binaries)
+COPY --chown=limbo:limbo mcp-server/ ./mcp-server/
+COPY --from=deps /build/mcp-server/node_modules ./mcp-server/node_modules
+
+# Setup wizard server (zero dependencies — plain Node.js HTTP server)
+COPY --chown=limbo:limbo setup-server/ /app/setup-server/
+
+# System workspace files (product-owned, root-owned for read-only enforcement via symlinks)
+COPY workspace/system/ ./workspace/system/
+
+# Skills (product-owned, synced to OpenClaw workspace on boot by entrypoint)
+COPY workspace/skills/ ./workspace/skills/
+
+# User workspace templates (limbo-owned, seeded on first run)
+COPY --chown=limbo:limbo workspace/templates/ ./workspace/templates/
+
+# Migration runner (no external deps — pure Node.js stdlib)
+COPY --chown=limbo:limbo migrations/ ./migrations/
+
+# Shared libs (telegram-notify, wakeup routine)
+COPY --chown=limbo:limbo lib/ ./lib/
+
+# Package metadata (version read by wakeup routine)
+COPY --chown=limbo:limbo package.json ./package.json
+
+# User-facing release notes (parsed by wakeup routine for update messages)
+COPY --chown=limbo:limbo RELEASES.md ./RELEASES.md
+
+# OpenClaw config template (populated by entrypoint from env vars)
+COPY --chown=limbo:limbo openclaw.json.template ./openclaw.json.template
+
+# Entrypoint script
+COPY scripts/entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+# Wizard supervisor (container main process after entrypoint bootstrap) +
+# standalone regen helper used by both the entrypoint and the setup-server
+# to rewrite openclaw.json on boot and after wizard completion.
+COPY --chown=limbo:limbo scripts/supervisor.js /app/scripts/supervisor.js
+COPY --chown=limbo:limbo scripts/regen-openclaw-config.sh /app/scripts/regen-openclaw-config.sh
+RUN chmod +x /app/scripts/regen-openclaw-config.sh /app/scripts/supervisor.js
+
+# Pre-create dirs with correct ownership for image-layer defaults
+RUN mkdir -p /data && chown limbo:limbo /data
+RUN mkdir -p /flags && chown limbo:limbo /flags
+RUN mkdir -p /home/limbo/.openclaw && chown limbo:limbo /home/limbo/.openclaw
+# Fix npm cache ownership — npm install -g runs as root but limbo user needs write access at runtime
+RUN mkdir -p /home/limbo/.npm && chown -R limbo:limbo /home/limbo/.npm
+RUN chown limbo:limbo /app
+
+# Data volume — vault, db, config, memory, backups, logs
+VOLUME ["/data"]
+
+# OpenClaw gateway port
+EXPOSE 18789
+
+# Run as non-root limbo user
+USER limbo
+
+# tini as init process for proper signal forwarding and zombie reaping
+ENTRYPOINT ["/usr/bin/tini", "--", "/entrypoint.sh"]

package/README.md

@@ -160,29 +160,46 @@ Limbo uses ~150 MB at rest, peaks ~300 MB during agent runs. CPU usage is neglig
 ## Architecture
 
 ```
-┌─────────────────────────────────────────┐
-│              Docker Container           │
-│                                         │
-│  ┌─────────────┐    ┌────────────────┐  │
-│  │  OpenClaw   │◄──►│  LLM (Claude   │  │
-│  │  gateway    │    │  or OpenAI)    │  │
-│  │  :18789     │    └────────┬───────┘  │
-│  └──────┬──────┘             │          │
-│         │           ┌────────▼───────┐  │
-│  Telegram Bot       │  MCP Server    │  │
-│         │           │  limbo-vault   │  │
-│         │           └────────┬───────┘  │
-│         └────────────────────┤          │
-│                              ▼          │
-│                      /data/vault/       │
-│                      (markdown notes)   │
-└─────────────────────────────────────────┘
+┌──────────────────────────────────────────────────┐
+│                Docker Container                  │
+│                                                  │
+│  ┌──────────────┐                                │
+│  │  Supervisor  │  (PID 2, under tini)           │
+│  └──┬────┬──┬───┘                                │
+│     │    │  │                                    │
+│     │    │  └── Control plane    :LIMBO_PORT+2   │ ◄── limbo CLI (host)
+│     │    │                                      │
+│     │    └───── Wizard port      :LIMBO_PORT+1   │ ◄── connect-calendar /
+│     │            (on-demand, forked by spawner)  │     switch-brain browser
+│     │                                            │
+│     ▼                                            │
+│  ┌──────────────┐     ┌────────────────────┐     │
+│  │  OpenClaw    │◄───►│  LLM provider      │     │
+│  │  gateway     │     │  (anthropic/...)   │     │
+│  │  :LIMBO_PORT │     └──────────┬─────────┘     │
+│  └───┬──────────┘                │               │
+│      │               ┌───────────▼──────────┐    │
+│      │  Telegram     │  MCP Server          │    │
+│      ├── channel     │  (limbo-vault)       │    │
+│      │               └───────────┬──────────┘    │
+│      │                           ▼               │
+│      │                    /data/vault/           │
+│      │                    (markdown notes)       │
+└──────┴───────────────────────────────────────────┘
+       │
+       ▼
+   Telegram
 ```
 
+- **Supervisor** — container main process, owns OpenClaw + the wizard control plane
 - **OpenClaw** — Node.js runtime (~150 MB) handling connections, LLM routing, Telegram, and MCP tools
+- **Control plane** — tiny HTTP API the `limbo` CLI uses to open on-demand wizards (`connect-calendar`, `switch-brain`) without restarting the container
+- **Wizard port** — a setup-server child spawned on demand, used only during an active wizard
 - **MCP server** — Node.js vault read/write tools, spawned by OpenClaw
 - **Vault** — plain markdown with YAML frontmatter, persisted in a Docker volume
 
+All three ports bind to the host loopback only (`127.0.0.1`), never LAN.
+
 ---
 
 ## Agent Installation (headless)

package/RELEASES.md

@@ -18,6 +18,39 @@
 > - fix: technical description (#PR)
 > ```
 
+## Next release
+
+- **Instant connect-calendar and switch-brain.** Both commands used to tear down the container, rebuild the image, and start a fresh setup wizard — that easily took 5–20 minutes. Now they take a few seconds: Limbo stays running the whole time, the wizard opens in a new window, and your changes apply live.
+- **One single `.env` file.** All tokens (LLM key, Telegram, voice, search, Google) now live in `~/.limbo/config/.env`. Legacy secret files from older installs are migrated automatically on first start after this update — nothing for you to do.
+- **Cloudflare tunnel self-heals.** If a previous `limbo connect-calendar` left a dangling tunnel on your Cloudflare account, `limbo update` cleans it up. Also blocks the case where the tunnel DNS landed in the wrong zone.
+
+### Heads up — **if you already had Google Calendar connected**
+
+You need to add one new URL to your Google OAuth client (one-time, ~30 seconds):
+
+1. Open <https://console.cloud.google.com/apis/credentials>
+2. Click the OAuth 2.0 Client ID you use for Limbo
+3. Under **Authorized redirect URIs**, add: `http://localhost:18790/auth/google/callback`
+   (if you use a custom `LIMBO_PORT`, use `<LIMBO_PORT + 1>` instead of 18790)
+4. Save
+
+Until you do this, `limbo connect-calendar` will fail with `redirect_uri_mismatch`. Existing connections keep working — this is only needed if you re-run connect-calendar.
+
+---
+
+### Technical changelog
+
+- feat(supervisor): wizard sidecar — on-demand wizards over a TCP control plane
+- feat(cli): migrate `switch-brain` and `connect-calendar` to the control plane (no more container rebuild)
+- feat(supervisor): control-plane HTTP API bound to 127.0.0.1:LIMBO_PORT+2 with Host-header allowlist
+- fix(supervisor): set `OPENCLAW_NO_RESPAWN=1` on the OpenClaw child so config reloads become in-process restarts (no fork+exec, no port collisions)
+- fix(supervisor): respawn OpenClaw on clean exit with a sliding-window crash-loop guard (5 restarts / 60 s)
+- feat(supervisor): enforce single active wizard session at a time (409 Conflict on concurrent POST /wizard)
+- feat(cli): install SIGINT/SIGTERM cleanup so Ctrl+C during a wizard cancels the session on the supervisor
+- fix(setup-server): honour `SETUP_TOKEN` injected by the supervisor (was generating a mismatched token)
+- fix(secrets): consolidate all tokens into `~/.limbo/config/.env`; drop `/run/secrets` and `~/.limbo/secrets/`
+- fix(cli): cloudflare tunnel self-heal via blocking DNS check + stale-tunnel sweep on start
+
 ## v1.30.0
 
 - Limbo now notifies you when a new version is available