← Back to PRs

#15466: Vps setup merge

by tsekula open 2026-02-13 13:46 View on GitHub →
scripts docker stale size: L
<!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR updates the Docker/VPS deployment setup by expanding the main `Dockerfile` to install additional tooling (gh, 1Password CLI, Homebrew + brew-installed tools, clawhub) and adjusting the build steps, plus revising `docker-compose.yml` to add a Gluetun (WireGuard) VPN sidecar, custom network/IPs, and a dedicated `openclaw-browser` service. Key issues to resolve before merge: - `openclaw.json` is committed as invalid JSON, which will cause config loading paths (e.g. configure/onboard/doctor flows) to fail fast. - The compose/browser changes expose Chrome DevTools Protocol (CDP) on a public bind + host-published port, and also publish the bridge port on all interfaces, creating unsafe default network exposure. - The Dockerfile grants passwordless sudo to the `node` user, negating the prior “run as non-root” hardening boundary. <h3>Confidence Score: 2/5</h3> - This PR is not safe to merge until the invalid config and default network/security exposures are addressed. - The changes introduce a committed invalid `openclaw.json` that will break config reads, expand default container privileges via passwordless sudo, and expose sensitive ports (CDP/bridge) on host interfaces by default, which is a concrete security regression. - openclaw.json, docker-compose.yml, Dockerfile <sub>Last reviewed commit: bdf192a</sub> <!-- greptile_other_comments_section --> <sub>(2/5) Greptile learns from your feedback when you react with thumbs up/down!</sub> <!-- /greptile_comment -->

Most Similar PRs