#13497: fix(docker): normalize workspace paths for container compatibility

## Summary Fixes `EACCES: permission denied, mkdir '/Users'` error when running `docker compose run --rm openclaw-cli onboard` in Docker containers. ## Problem The existing `openclaw.json` (created on macOS host, mounted into container) stores absolute host paths like `workspace: /Users/cy/.openclaw/workspace`. Inside the container (`HOME=/home/node`, user `node` uid 1000), the onboarding tries to `mkdir` this macOS path, which fails because the `node` user cannot create `/Users` in the container root. ## Solution Add `normalizeWorkspacePath()` utility that detects when a stored workspace path follows the `<HOME>/.openclaw/workspace` pattern but with a different HOME than the current environment, and remaps it to the current HOME. ## Changes - Add `normalizeWorkspacePath()` in `workspace.ts` - Apply normalization at all workspace config read sites: - `onboarding.ts` (interactive wizard) - `onboard.ts` (reset path) - `workspace.ts` (non-interactive onboarding) - `configure.wizard.ts` (configure command) - Fix `completion-cli.ts` to use `resolveRequiredHomeDir()` instead of direct `process.env.HOME || os.homedir()` access - Add comprehensive unit tests for path normalization edge cases ## Impact - ✅ No config format change - zero migration needed - ✅ No impact on non-Docker users (same HOME = path unchanged) - ✅ Custom workspace paths preserved (only default-pattern paths remapped) - ✅ Respects `OPENCLAW_HOME`, `HOME`, and `USERPROFILE` env vars ## Testing - All existing tests pass - New unit tests cover normalization edge cases (foreign HOME, profiles, custom paths, env var precedence) <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR addresses a Docker onboarding failure where a host-generated `openclaw.json` can contain an absolute workspace path (e.g. macOS `/Users/...`) that isn’t writable inside the container. It introduces `normalizeWorkspacePath()` (in `src/agents/workspace.ts`) and applies it when reading stored workspace paths in the onboarding/configure flows (`src/wizard/onboarding.ts`, `src/commands/onboard.ts`, `src/commands/onboard-non-interactive/local/workspace.ts`, `src/commands/configure.wizard.ts`). It also updates completion install logic to use the centralized home-directory resolver (`src/cli/completion-cli.ts`) and adds unit tests covering normalization behavior. Key integration point: the normalization is applied at config read sites before `resolveUserPath()` and before workspace/session initialization, aiming to keep config portable across environments while preserving truly custom workspace paths. <h3>Confidence Score: 3/5</h3> - This PR is close, but has a couple of merge-blocking issues that can break user configs or leak local tooling config into the repo. - The overall approach is reasonable and tests were added, but (1) a local Claude settings file was committed and should not ship, and (2) `normalizeWorkspacePath()` currently matches the normalization suffix anywhere in the path, which can incorrectly rewrite custom workspace paths that contain `/.openclaw/workspace` as a subpath. Fixing those should make the PR safe to merge. - src/agents/workspace.ts, .claude/settings.local.json <!-- greptile_other_comments_section --> <!-- /greptile_comment -->