#9190: feat(docker): Add autonomous container self-restart and runtime package installation

## Summary This PR significantly enhances the Docker deployment experience by enabling **autonomous container management** - allowing the OpenClaw gateway to self-restart and install packages at runtime without manual intervention. **Key Features:** - 🔄 **Container Self-Restart** - Gateway can restart itself via secure Docker socket proxy - 📦 **Runtime Package Installation** - Install npm/apt packages on-the-fly without rebuilding - ⚡ **Pre-baked Development Tools** - Common tools (gh, python3, ripgrep, jq) included in image - 💾 **Persistent Caches** - Volume mounts for npm/apt caches speed up subsequent installs ## Motivation When running OpenClaw in Docker, users often need to: 1. Install additional tools for agent workflows (e.g., `gh` for GitHub operations) 2. Restart the gateway after configuration changes 3. Add npm packages for extended functionality Previously, this required manual intervention: exec'ing into the container, rebuilding the image, or restarting via `docker compose`. This PR enables the gateway to handle these operations autonomously, which is especially valuable for: - **Headless/remote deployments** (NAS, cloud VMs, Raspberry Pi) - **Agent-driven workflows** that need to install tools on demand - **Rapid iteration** without constant image rebuilds ## Docker Architecture The setup introduces a **socket proxy sidecar** for secure Docker API access: **Services:** - `docker-socket-proxy` — Exposes limited Docker API (restart only) on internal network - `openclaw-gateway` — Main gateway with elevated permissions, connects to proxy - `openclaw-cli` — Interactive CLI container **Network flow:** > Gateway → Socket Proxy (:2375, internal only) → Docker Daemon The gateway never has direct access to the Docker socket. ## Security Model Uses [tecnativa/docker-socket-proxy](https://github.com/Tecnativa/docker-socket-proxy) for **least-privilege access**: **Allowed:** - `CONTAINERS=1` — Container inspection - `POST=1` — Restart requests **Denied (by default):** - Container creation/deletion - Image operations - Network/volume manipulation - All other Docker API endpoints This is significantly safer than mounting `/var/run/docker.sock` directly into the gateway container. ## Files Changed **Modified:** - `Dockerfile` — Pre-install common tools (gh, python3, ripgrep, jq, codex, clawhub) - `docker-compose.yml` — Add socket proxy service, volume caches, elevated permissions - `docker-setup.sh` — Add docker-home directory for persistent storage - `.gitignore` — Exclude Claude Code local settings **Added:** - `scripts/docker-restart.sh` — Self-restart via socket proxy - `scripts/docker-startup.sh` — Runtime package installation entrypoint - `scripts/open-dashboard.sh` — Quick dashboard access with token ## New Helper Scripts ```bash # Open the dashboard with authentication token ./scripts/open-dashboard.sh # Start the Docker environment ./scripts/docker-startup.sh # Restart the gateway container (called from within container) ./scripts/docker-restart.sh ``` ## Trade-offs **Container user: `node` → `root`** Running as root is required for `apt-get` and global `npm install`. The security trade-off is acceptable because: - Container remains isolated from the host - Socket access is proxied with minimal permissions - Matches the common pattern for development/agent containers **Attack surface** Slightly larger than before, but mitigated by the socket proxy's allowlist approach. ## Test Plan - [ ] Fresh `docker compose up` starts successfully - [ ] Gateway can install packages at runtime (`npm install -g <package>`) - [ ] Gateway can trigger self-restart via agent command - [ ] Socket proxy blocks unauthorized Docker API calls - [ ] `./scripts/open-dashboard.sh` opens browser with valid token - [ ] Persistent volumes survive container restart <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR updates the Docker image and compose setup to support running the gateway/CLI as `root`, adds a docker-socket-proxy sidecar intended to allow the gateway to self-restart via the Docker API, and adds helper scripts for restarting the container and opening the dashboard. Key integration points are `Dockerfile` (baked-in apt/npm tooling + restart helper), `docker-compose.yml` (socket proxy, new volumes, root home layout), and `docker-setup.sh` (persisted docker-home + token/config syncing). <h3>Confidence Score: 2/5</h3> - This PR is not safe to merge as-is due to build-breaking Dockerfile references and inconsistent Docker home mounts. - Score is reduced because `docker build` will fail (missing copied script), and the docker setup script can generate an extra compose file that mounts persistence paths under `/home/node` while the compose file uses `/root`, breaking the advertised persistence behavior. Additional issues reduce usability (non-portable dashboard opener, suppressed install logs). - Dockerfile, docker-compose.yml, docker-setup.sh, scripts/open-dashboard.sh <!-- greptile_other_comments_section --> _{(3/5) Reply to the agent's comments like "Can you suggest a fix for this @greptileai?" or ask follow-up questions!} <!-- /greptile_comment -->