limbo-ai 2026.4.2 → 2026.4.3

package/Dockerfile

@@ -42,7 +42,7 @@ ARG OPENCLAW_VERSION
 #   tini         — minimal init for proper signal handling (PID 1 reaping)
 #   libssl3      — OpenSSL 3 shared lib needed by OpenClaw's ACP runtime (codex-acp)
 #   python3      — required by OpenClaw's pinned-write-helper for safe atomic file writes
-RUN apt-get update && apt-get install -y --no-install-recommends gettext-base tzdata tini libssl3 python3 ca-certificates && rm -rf /var/lib/apt/lists/* \
+RUN apt-get update && apt-get install -y --no-install-recommends gettext-base tzdata tini libssl3 python3 ca-certificates gosu && rm -rf /var/lib/apt/lists/* \
   && groupadd -r limbo && useradd --create-home -r -g limbo limbo
 
 # Install OpenClaw globally — replaces the ZeroClaw Rust binary.
@@ -116,8 +116,10 @@ VOLUME ["/data"]
 # OpenClaw gateway port
 EXPOSE 18789
 
-# Run as non-root limbo user
-USER limbo
+# Container starts as root — entrypoint.sh chowns data dirs then drops to
+# non-root limbo user via gosu. This is the standard pattern used by
+# PostgreSQL, Redis, and other Docker official images to handle bind-mount
+# ownership mismatches between host and container users.
 
 # tini as init process for proper signal forwarding and zombie reaping
 ENTRYPOINT ["/usr/bin/tini", "--", "/entrypoint.sh"]

package/cli.js

@@ -32,6 +32,10 @@ const ENV_BACKUP_FILE = path.join(CONFIG_DIR, '.env.bak');
 // The offset (not an absolute number) means multi-instance installs on
 // custom ports don't collide.
 const CONTROL_PORT_OFFSET = 2;
+// Fixed wizard port for Google OAuth callback — every Limbo install uses the
+// same port so a single redirect URI can be registered in Google Console.
+// Override via LIMBO_WIZARD_PORT env var for edge cases (multi-instance).
+const DEFAULT_WIZARD_PORT = 15789;
 const COMPOSE_FILE = path.join(LIMBO_DIR, 'docker-compose.yml');
 const DEFAULT_REGISTRY = 'registry.gitlab.com/tomas209/limbo';
 const REGISTRY_IMAGE = process.env.LIMBO_REGISTRY || DEFAULT_REGISTRY;
@@ -170,27 +174,28 @@ function resolveExtraEnv() {
 
 // docker-compose.yml written to ~/.limbo on install
 function composeContent() {
+  const wizardPort = parseInt(process.env.LIMBO_WIZARD_PORT, 10) || DEFAULT_WIZARD_PORT;
   return `services:
   limbo:
     image: ${resolveImage()}
     init: true
     restart: unless-stopped
     read_only: true
-    security_opt:
-      - no-new-privileges:true
     cap_drop:
       - ALL
     cap_add:
       - CHOWN
       - FOWNER
+      - SETUID
+      - SETGID
     pids_limit: 200
     tmpfs:
       - /tmp:size=100M,noexec,nosuid,nodev
       - /home/limbo/.npm:size=50M,noexec,nosuid,nodev,uid=999,gid=999
     ports:
       - "127.0.0.1:${PORT}:${PORT}"
-      # Wizard port (LIMBO_PORT + 1) — supervisor spawns on-demand wizards here.
-      - "127.0.0.1:${PORT + 1}:${PORT + 1}"
+      # Wizard port (fixed for Google OAuth callback URI).
+      - "127.0.0.1:${wizardPort}:${wizardPort}"
       # Control plane (LIMBO_PORT + 2) — host CLI talks to the supervisor here.
       - "127.0.0.1:${PORT + CONTROL_PORT_OFFSET}:${PORT + CONTROL_PORT_OFFSET}"
     volumes:
@@ -203,6 +208,7 @@ function composeContent() {
       - ${ENV_FILE}
     environment:
       LIMBO_PORT: "${PORT}"
+      LIMBO_WIZARD_PORT: "${wizardPort}"
       NODE_OPTIONS: "\${LIMBO_NODE_OPTIONS:---max-old-space-size=512}"
 ${resolveExtraEnv()}    healthcheck:
       test:
@@ -220,27 +226,28 @@ volumes:
 
 // Hardened variant: adds Squid egress proxy sidecar with domain allowlist
 function composeContentHardened() {
+  const wizardPort = parseInt(process.env.LIMBO_WIZARD_PORT, 10) || DEFAULT_WIZARD_PORT;
   return `services:
   limbo:
     image: ${resolveImage()}
     init: true
     restart: unless-stopped
     read_only: true
-    security_opt:
-      - no-new-privileges:true
     cap_drop:
       - ALL
     cap_add:
       - CHOWN
       - FOWNER
+      - SETUID
+      - SETGID
     pids_limit: 200
     tmpfs:
       - /tmp:size=100M,noexec,nosuid,nodev
       - /home/limbo/.npm:size=50M,noexec,nosuid,nodev,uid=999,gid=999
     ports:
       - "127.0.0.1:${PORT}:${PORT}"
-      # Wizard port (LIMBO_PORT + 1) — supervisor spawns on-demand wizards here.
-      - "127.0.0.1:${PORT + 1}:${PORT + 1}"
+      # Wizard port (fixed for Google OAuth callback URI).
+      - "127.0.0.1:${wizardPort}:${wizardPort}"
       # Control plane (LIMBO_PORT + 2) — host CLI talks to the supervisor here.
       - "127.0.0.1:${PORT + CONTROL_PORT_OFFSET}:${PORT + CONTROL_PORT_OFFSET}"
     volumes:
@@ -253,6 +260,7 @@ function composeContentHardened() {
       - ${ENV_FILE}
     environment:
       LIMBO_PORT: "${PORT}"
+      LIMBO_WIZARD_PORT: "${wizardPort}"
       NODE_OPTIONS: "\${LIMBO_NODE_OPTIONS:---max-old-space-size=512}"
       HTTP_PROXY: http://squid:3128
       HTTPS_PROXY: http://squid:3128
@@ -2299,7 +2307,7 @@ function selfUpdateCli() {
 
     if (isGlobal) {
       log(`Updating CLI: ${pkg.version} → ${latest}...`);
-      execSync('npm install -g limbo-ai@latest', { stdio: 'inherit', timeout: 60000 });
+      execSync('npm install -g limbo-ai@latest', { stdio: 'inherit', timeout: 300000 });
       ok(`CLI updated to ${latest}.`);
       try { fs.unlinkSync(UPDATE_CHECK_FILE); } catch {}
       return true;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "limbo-ai",
-  "version": "2026.4.2",
+  "version": "2026.4.3",
   "description": "Your personal AI memory agent — install and manage Limbo via npx",
   "type": "commonjs",
   "bin": {

package/scripts/entrypoint.sh

@@ -1,5 +1,7 @@
 #!/bin/sh
-# entrypoint.sh — Limbo container startup (runs as user limbo)
+# entrypoint.sh — Limbo container startup
+# Runs as root. Fixes data-dir ownership, then drops to non-root limbo user
+# via gosu (same pattern as PostgreSQL, Redis, and other Docker official images).
 set -e
 
 LOG_DIR="/data/logs"
@@ -16,12 +18,46 @@ log() {
 
 log "INFO  Limbo container starting"
 
+# ── Fix data-dir ownership ───────────────────────────────────────────────────
+# Bind-mounted dirs may be owned by the host user (uid ≠ 999). Named volumes
+# may be root-owned. chown everything to limbo:limbo so the app can read/write.
+chown -R limbo:limbo /data /home/limbo/.openclaw /home/limbo/.npm 2>/dev/null || true
+log "INFO  Data directory ownership fixed"
+
+# ── Migrate legacy Docker secrets to .env ────────────────────────────────────
+# Pre-v2026.4.3 composes mounted tokens as Docker secrets at /run/secrets/.
+# The host CLI tried to migrate them but often failed because the secret files
+# are root-owned and the CLI runs as a non-root host user. The container CAN
+# read /run/secrets (root access before gosu), so we do it here — idempotent.
+if [ -d /run/secrets ]; then
+  _env_file="/data/config/.env"
+  [ -f "$_env_file" ] || touch "$_env_file"
+  _migrated=0
+  for _pair in \
+    "telegram_bot_token:TELEGRAM_BOT_TOKEN" \
+    "groq_api_key:GROQ_API_KEY" \
+    "brave_api_key:BRAVE_API_KEY" \
+    "gateway_token:GATEWAY_TOKEN" \
+    "llm_api_key:LLM_API_KEY" \
+    "google_client_id:GOOGLE_CLIENT_ID" \
+    "google_client_secret:GOOGLE_CLIENT_SECRET"; do
+    _file="${_pair%%:*}"
+    _var="${_pair##*:}"
+    _path="/run/secrets/$_file"
+    if [ -f "$_path" ]; then
+      _val="$(cat "$_path" 2>/dev/null | tr -d '\n')"
+      if [ -n "$_val" ] && ! grep -q "^${_var}=" "$_env_file" 2>/dev/null; then
+        echo "${_var}=${_val}" >> "$_env_file"
+        _migrated=$((_migrated + 1))
+      fi
+    fi
+  done
+  [ "$_migrated" -gt 0 ] && log "INFO  Migrated $_migrated token(s) from /run/secrets to .env"
+fi
+
 # ── Load config from .env ────────────────────────────────────────────────────
-# After the secrets-consolidation refactor, all tokens live inside
-# /data/config/.env — there are no separate secret files or Docker
-# secrets to read. Source it now so the rest of the script sees
-# LLM_API_KEY / TELEGRAM_BOT_TOKEN / GROQ_API_KEY / BRAVE_API_KEY /
-# GATEWAY_TOKEN as regular environment variables.
+# All tokens live inside /data/config/.env. Source it now so the rest of the
+# script sees LLM_API_KEY / TELEGRAM_BOT_TOKEN / etc. as environment variables.
 OPENCLAW_STATE_DIR="${OPENCLAW_STATE_DIR:-/home/limbo/.openclaw}"
 OPENCLAW_CONFIG_PATH="${OPENCLAW_CONFIG_PATH:-$OPENCLAW_STATE_DIR/openclaw.json}"
 
@@ -312,21 +348,6 @@ log "INFO  Running migration runner"
 node /app/migrations/index.js
 log "INFO  Migrations OK"
 
-# ── Check workspace ownership ────────────────────────────────────────────────
-# OpenClaw runs as uid=limbo but volumes persisted from older images may contain
-# files owned by a different user (e.g. node:node). Detect and warn — the
-# container can't chown without root, so we fail fast with a clear message.
-WORKSPACE_DIR="${OPENCLAW_STATE_DIR}/workspace"
-if [ -d "$WORKSPACE_DIR" ]; then
-  bad_file="$(find "$WORKSPACE_DIR" -not -user "$(id -u)" -print -quit 2>/dev/null)"
-  if [ -n "$bad_file" ]; then
-    log "ERROR Files in $WORKSPACE_DIR are not owned by limbo (uid=$(id -u))."
-    log "ERROR Example: $(ls -ln "$bad_file" 2>/dev/null | head -1)"
-    log "ERROR Fix from host: docker exec -u root <container> chown -R $(id -u):$(id -g) $WORKSPACE_DIR"
-    log "WARN  Continuing anyway — OpenClaw may fail to write to some files"
-  fi
-fi
-
 # ── Export state dir for OpenClaw ─────────────────────────────────────────────
 export OPENCLAW_STATE_DIR
 export OPENCLAW_CONFIG_PATH
@@ -336,7 +357,7 @@ export OPENCLAW_CONFIG_PATH
 # On restart, /data/config/.env exists → normal startup path.
 if [ "$SETUP_MODE" = "true" ]; then
   log "INFO  No configuration found — starting setup wizard on port $LIMBO_PORT"
-  exec node /app/setup-server/server.js
+  exec gosu limbo node /app/setup-server/server.js
 fi
 
 # ── Clean up force-setup markers ─────────────────────────────────────────────
@@ -366,4 +387,4 @@ fi
 LIMBO_CONTROL_PORT="${LIMBO_CONTROL_PORT:-$((LIMBO_PORT + 2))}"
 export LIMBO_CONTROL_PORT
 log "INFO  Starting wizard supervisor (control plane: 127.0.0.1:${LIMBO_CONTROL_PORT})"
-exec node /app/scripts/supervisor.js
+exec gosu limbo node /app/scripts/supervisor.js

package/scripts/patch-openclaw-audio.mjs

@@ -128,13 +128,12 @@ for (const file of files) {
     continue;
   }
   if (!content.includes(ORIGINAL)) {
-    die(
-      `target code not found in ${path.basename(file)}.\n` +
-      `  The function declaration exists but its body no longer matches the\n` +
-      `  expected shape. OpenClaw has probably been updated — re-verify the patch\n` +
-      `  against the new version and update this script, or drop it if upstream\n` +
-      `  PR #64349 has landed.`
+    console.log(
+      `patch-openclaw-audio: skipping ${path.basename(file)} — code shape changed.\n` +
+      `  OpenClaw likely updated past the bug. If Groq transcription breaks,\n` +
+      `  re-verify the patch against the new version.`
     );
+    continue;
   }
   const patchedContent = content.replace(ORIGINAL, REPLACEMENT);
   if (patchedContent === content) {

package/setup-server/server.js

@@ -718,6 +718,9 @@ function handleGoogleOAuthStart(req, res) {
   const pkce = generatePKCE();
   const state = crypto.randomBytes(16).toString('hex');
   const redirectUri = `http://localhost:${PORT}/auth/google/callback`;
+  // PORT is already the fixed wizard port (default 15789) passed by the
+  // supervisor via LIMBO_PORT env var. The redirect URI is deterministic
+  // so a single URI can be registered in Google Console for all installs.
 
   googlePkceSession = { verifier: pkce.verifier, state, redirectUri, clientId, clientSecret, ts: Date.now() };
   googleOauthResult = null;