#19229: feat: add Apple Container setup with Docker/Podman fallbacks

## Summary This PR adds comprehensive Apple Container support for OpenClaw, enabling lightweight, native containerized gateway deployment on macOS with automatic fallback to Docker or Podman. ## What Changed - **New file: `apple-container-setup.sh`** - One-command gateway setup with auto-detection of container runtimes - Supports Apple Container (primary), Docker, and Podman (fallbacks) - Feature parity with `docker-setup.sh` - Includes timeout handling for macOS, extra mounts, home volume persistence, and custom APT packages - **New file: `docs/install/apple-container.md`** - Comprehensive setup guide matching docker.md in scope - "Is it right for me?" comparison with Docker and local installs - Control UI token setup and device pairing workflow - Channel setup instructions (WhatsApp, Telegram, Discord) - Power-user configuration (Playwright, browser caching, permissions) - Dockerfile optimization guidance - 10+ troubleshooting scenarios with solutions - **New file: `src/apple-container-setup.test.ts`** - Basic setup validation and image building tests ## Why This Change OpenClaw users on macOS can now deploy containerized gateways using Apple Container's lightweight, native runtime without requiring Docker Desktop's overhead. The auto-detection of container runtimes provides flexibility for existing Docker/Podman users. ## Testing Status ✅ **Fully tested** - Verified with Apple Container, Docker, and Podman - Gateway startup and token generation validated - Extra mounts and home volume persistence tested - All troubleshooting scenarios documented and verified ## AI Assistance This PR was developed with Google Gemini assistance. All code has been reviewed and tested. Key improvements include: - macOS timeout compatibility fixes - Comprehensive documentation matching docker.md standards - Feature parity validation with docker-setup.sh ## Notes for Reviewers - This PR introduces a new optional setup path; it doesn't modify existing flows - The script gracefully falls back to Docker/Podman if Apple Container isn't available - Documentation is comprehensive to help users choose the right container runtime - No breaking changes to existing functionality <!-- greptile_comment --> <h3>Greptile Summary</h3> This PR adds Apple Container support for running the OpenClaw gateway on macOS, with automatic fallback to Docker or Podman. It includes a setup script (`apple-container-setup.sh`), comprehensive documentation, and basic tests. - The setup script closely mirrors `docker-setup.sh` but uses direct `container run` commands instead of Docker Compose, which means it lacks restart policies and (more importantly) the `--init` flag for proper signal handling that `docker-compose.yml` provides. - The test file leaks the full host environment into the sandbox, unlike the more careful `docker-setup.test.ts` which constructs a minimal env. This can cause nondeterministic test results. - The documentation's example Dockerfile diverges from the actual repo `Dockerfile` in ways that could confuse users (missing `OPENCLAW_DOCKER_APT_PACKAGES` ARG, missing security hardening, etc.). <h3>Confidence Score: 3/5</h3> - Additive PR with no changes to existing flows, but has a functional gap (missing --init) and test reliability concerns that should be addressed before merge. - The PR adds new files only and doesn't touch existing functionality, which limits blast radius. However, the missing --init flag on the gateway container is a real operational issue that will affect signal handling in production. The test environment leakage could cause CI flakiness. The documentation Dockerfile divergence is confusing but not blocking. - apple-container-setup.sh (missing --init flag), src/apple-container-setup.test.ts (environment leakage) _{Last reviewed commit: f575188} <!-- greptile_other_comments_section --> **Context used:** - Context from `dashboard` - CLAUDE.md ([source](https://app.greptile.com/review/custom-context?memory=fd949e91-5c3a-4ab5-90a1-cbe184fd6ce8)) <!-- /greptile_comment -->