mirror of
https://github.com/openclaw/openclaw.git
synced 2026-06-01 16:26:46 +00:00
8e90628cb6
Reapply the msteams SDK migration (originally on feat/msteams-sdk-migration) on top of upstream/main, resolving conflicts with parallel msteams work that landed upstream during our session. What got applied vs decisions made: CLEANLY APPLIED (3-way patch): - monitor.ts, monitor-handler.ts, polls.ts, reply-stream-controller.ts/.test.ts, reply-dispatcher.ts, attachments/download.ts, monitor.lifecycle.test.ts, monitor-handler/message-handler.ts, monitor-handler.types.ts, etc. - streaming-message.ts + .test.ts deletions WHOLESALE TAKE FROM ORIGINAL BRANCH (partial 3-way left broken cross-refs): - sdk.ts, sdk.test.ts, messenger.ts, feedback-reflection.ts, send-context.ts, send.test.ts KEPT UPSTREAM (deferred for separate cleanup): - extensions/msteams/package.json (still has jsonwebtoken/jwks-rsa per Peter'sb3bc60ae25incremental approach) - src/plugins/contracts/package-manifest.contract.test.ts (consistent with package.json) - pnpm-lock.yaml (avoids lockfile churn; pnpm install --frozen-lockfile clean) ADAPTED: - Dockerfile matrix-sdk-crypto check now wraps upstream's new retry-loop in the if-matrix-bundled gate KNOWN TEST FAILURES (need eyes — see PR comment): - attachments.test.ts: 1 fail (pre-existing — warn meta arg shape changed in our migration but test wasn't updated) - reply-dispatcher.test.ts: 6 fails (pre-existing — tests mock old TeamsHttpStream, not updated for our ctx.stream rewrite) - send.test.ts: 4 fails (NEW from merge — upstream's send.ts changed media loading; our mocks need updating or take upstream's send.test.ts wholesale) UPSTREAM COMMITS POTENTIALLY MISSED (in wholesale-take files): -08c4af0ddffix(msteams): accept conversation id allowlists -e1840b8581fix(msteams): bind global audience tokens to app id - Channels turn-kernel refactor (ffe67e9cdc/1ead1b2d18/9a9cd0c0ab) — may be partially preserved in cleanly-patched files Static checks pass: pnpm check:changed is green (typecheck, lint, contract tests, import cycles, etc.). Manual testing required before merge. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
122 lines
4.9 KiB
YAML
122 lines
4.9 KiB
YAML
services:
|
|
openclaw-gateway:
|
|
image: ${OPENCLAW_IMAGE:-openclaw:local}
|
|
build: .
|
|
env_file:
|
|
- path: .env
|
|
required: false
|
|
environment:
|
|
HOME: /home/node
|
|
TERM: xterm-256color
|
|
# Pin container-side workspace and config paths so host values written to
|
|
# `.env` (used by Compose for the bind-mount source below) cannot leak
|
|
# into runtime code that resolves these env vars inside the container.
|
|
# Without this override, a macOS host path like /Users/<you>/.openclaw/...
|
|
# imported from .env caused first-reply `mkdir '/Users'` EACCES failures
|
|
# in Linux Docker (#77436).
|
|
OPENCLAW_CONFIG_DIR: /home/node/.openclaw
|
|
OPENCLAW_WORKSPACE_DIR: /home/node/.openclaw/workspace
|
|
OPENCLAW_GATEWAY_TOKEN: ${OPENCLAW_GATEWAY_TOKEN:-}
|
|
OPENCLAW_ALLOW_INSECURE_PRIVATE_WS: ${OPENCLAW_ALLOW_INSECURE_PRIVATE_WS:-}
|
|
# Empty means auto: Bonjour disables itself in detected containers.
|
|
# Set 0 only on host/macvlan/mDNS-capable networks; set 1 to force off.
|
|
OPENCLAW_DISABLE_BONJOUR: ${OPENCLAW_DISABLE_BONJOUR:-}
|
|
# OpenTelemetry export is outbound OTLP/HTTP from the Gateway. Prometheus
|
|
# uses the existing authenticated Gateway route; it does not need a port.
|
|
OTEL_EXPORTER_OTLP_ENDPOINT: ${OTEL_EXPORTER_OTLP_ENDPOINT:-}
|
|
OTEL_EXPORTER_OTLP_TRACES_ENDPOINT: ${OTEL_EXPORTER_OTLP_TRACES_ENDPOINT:-}
|
|
OTEL_EXPORTER_OTLP_METRICS_ENDPOINT: ${OTEL_EXPORTER_OTLP_METRICS_ENDPOINT:-}
|
|
OTEL_EXPORTER_OTLP_LOGS_ENDPOINT: ${OTEL_EXPORTER_OTLP_LOGS_ENDPOINT:-}
|
|
OTEL_EXPORTER_OTLP_PROTOCOL: ${OTEL_EXPORTER_OTLP_PROTOCOL:-http/protobuf}
|
|
OTEL_SERVICE_NAME: ${OTEL_SERVICE_NAME:-}
|
|
OTEL_SEMCONV_STABILITY_OPT_IN: ${OTEL_SEMCONV_STABILITY_OPT_IN:-}
|
|
OPENCLAW_OTEL_PRELOADED: ${OPENCLAW_OTEL_PRELOADED:-}
|
|
CLAUDE_AI_SESSION_KEY: ${CLAUDE_AI_SESSION_KEY:-}
|
|
CLAUDE_WEB_SESSION_KEY: ${CLAUDE_WEB_SESSION_KEY:-}
|
|
CLAUDE_WEB_COOKIE: ${CLAUDE_WEB_COOKIE:-}
|
|
TZ: ${OPENCLAW_TZ:-UTC}
|
|
volumes:
|
|
- ${OPENCLAW_CONFIG_DIR:-${HOME:-/tmp}/.openclaw}:/home/node/.openclaw
|
|
- ${OPENCLAW_WORKSPACE_DIR:-${HOME:-/tmp}/.openclaw/workspace}:/home/node/.openclaw/workspace
|
|
## Uncomment the lines below to enable sandbox isolation
|
|
## (agents.defaults.sandbox). Requires Docker CLI in the image
|
|
## (build with --build-arg OPENCLAW_INSTALL_DOCKER_CLI=1) or use
|
|
## scripts/docker/setup.sh with OPENCLAW_SANDBOX=1 for automated setup.
|
|
## Set DOCKER_GID to the host's docker group GID (run: stat -c '%g' /var/run/docker.sock).
|
|
# - /var/run/docker.sock:/var/run/docker.sock
|
|
# group_add:
|
|
# - "${DOCKER_GID:-999}"
|
|
# Let bundled local-model providers reach host-side LM Studio/Ollama via
|
|
# http://host.docker.internal:<port>. Docker Desktop usually provides this
|
|
# alias; the host-gateway mapping makes it work on Linux Docker Engine too.
|
|
cap_drop:
|
|
- NET_RAW
|
|
- NET_ADMIN
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
extra_hosts:
|
|
- "host.docker.internal:host-gateway"
|
|
ports:
|
|
- "${OPENCLAW_GATEWAY_PORT:-18789}:18789"
|
|
- "${OPENCLAW_BRIDGE_PORT:-18790}:18790"
|
|
- "${OPENCLAW_MSTEAMS_PORT:-3000}:3000"
|
|
init: true
|
|
restart: unless-stopped
|
|
command:
|
|
[
|
|
"node",
|
|
"dist/index.js",
|
|
"gateway",
|
|
"--bind",
|
|
"${OPENCLAW_GATEWAY_BIND:-lan}",
|
|
"--port",
|
|
"18789",
|
|
]
|
|
healthcheck:
|
|
test:
|
|
[
|
|
"CMD",
|
|
"node",
|
|
"-e",
|
|
"fetch('http://127.0.0.1:18789/healthz').then((r)=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))",
|
|
]
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 5
|
|
start_period: 20s
|
|
|
|
openclaw-cli:
|
|
image: ${OPENCLAW_IMAGE:-openclaw:local}
|
|
network_mode: "service:openclaw-gateway"
|
|
env_file:
|
|
- path: .env
|
|
required: false
|
|
cap_drop:
|
|
- NET_RAW
|
|
- NET_ADMIN
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
environment:
|
|
HOME: /home/node
|
|
TERM: xterm-256color
|
|
# Pin container-side workspace and config paths so host values written to
|
|
# `.env` cannot leak into runtime code via the env_file import (#77436).
|
|
OPENCLAW_CONFIG_DIR: /home/node/.openclaw
|
|
OPENCLAW_WORKSPACE_DIR: /home/node/.openclaw/workspace
|
|
OPENCLAW_GATEWAY_TOKEN: ${OPENCLAW_GATEWAY_TOKEN:-}
|
|
OPENCLAW_ALLOW_INSECURE_PRIVATE_WS: ${OPENCLAW_ALLOW_INSECURE_PRIVATE_WS:-}
|
|
BROWSER: echo
|
|
CLAUDE_AI_SESSION_KEY: ${CLAUDE_AI_SESSION_KEY:-}
|
|
CLAUDE_WEB_SESSION_KEY: ${CLAUDE_WEB_SESSION_KEY:-}
|
|
CLAUDE_WEB_COOKIE: ${CLAUDE_WEB_COOKIE:-}
|
|
TZ: ${OPENCLAW_TZ:-UTC}
|
|
volumes:
|
|
- ${OPENCLAW_CONFIG_DIR:-${HOME:-/tmp}/.openclaw}:/home/node/.openclaw
|
|
- ${OPENCLAW_WORKSPACE_DIR:-${HOME:-/tmp}/.openclaw/workspace}:/home/node/.openclaw/workspace
|
|
stdin_open: true
|
|
tty: true
|
|
init: true
|
|
entrypoint: ["node", "dist/index.js"]
|
|
depends_on:
|
|
- openclaw-gateway
|