diff --git a/CHANGELOG.md b/CHANGELOG.md index 0e9e85a743..86dda6cdd3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,6 +28,11 @@ Docs: https://docs.openclaw.ai ### Changes +- Hygiene: remove `workspace:*` from `dependencies` in msteams, nostr, zalo extensions (breaks external `npm install`; keep in `devDependencies` only). +- Hygiene: add non-root `sandbox` user to `Dockerfile.sandbox` and `Dockerfile.sandbox-browser`. +- Hygiene: remove dead `vitest` key from `package.json` (superseded by `vitest.config.ts`). +- Hygiene: remove redundant top-level `overrides` from `package.json` (pnpm uses `pnpm.overrides`). +- Hygiene: sync `onlyBuiltDependencies` between `pnpm-workspace.yaml` and `package.json` (add missing `node-llama-cpp`, sort alphabetically). - Cron: default `wakeMode` is now `"now"` for new jobs (was `"next-heartbeat"`). (#10776) Thanks @tyler6204. - Cron: `cron run` defaults to force execution; use `--due` to restrict to due-only. (#10776) Thanks @tyler6204. - Models: support Anthropic Opus 4.6 and OpenAI Codex gpt-5.3-codex (forward-compat fallbacks). (#9853, #10720, #9995) Thanks @TinyTb, @calvin-hpnet, @tyler6204. diff --git a/Dockerfile.sandbox b/Dockerfile.sandbox index dec3f32d11..21fd321a49 100644 --- a/Dockerfile.sandbox +++ b/Dockerfile.sandbox @@ -13,4 +13,8 @@ RUN apt-get update \ ripgrep \ && rm -rf /var/lib/apt/lists/* +RUN useradd --create-home --shell /bin/bash sandbox +USER sandbox +WORKDIR /home/sandbox + CMD ["sleep", "infinity"] diff --git a/Dockerfile.sandbox-browser b/Dockerfile.sandbox-browser index 05090881e8..4eccbc9a1a 100644 --- a/Dockerfile.sandbox-browser +++ b/Dockerfile.sandbox-browser @@ -23,6 +23,10 @@ RUN apt-get update \ COPY scripts/sandbox-browser-entrypoint.sh /usr/local/bin/openclaw-sandbox-browser RUN chmod +x /usr/local/bin/openclaw-sandbox-browser +RUN useradd --create-home --shell /bin/bash sandbox +USER sandbox +WORKDIR /home/sandbox + EXPOSE 9222 5900 6080 CMD ["openclaw-sandbox-browser"] diff --git a/extensions/msteams/package.json b/extensions/msteams/package.json index 3ce38e7f1c..29dd9cbcf8 100644 --- a/extensions/msteams/package.json +++ b/extensions/msteams/package.json @@ -8,7 +8,6 @@ "@microsoft/agents-hosting-express": "^1.2.3", "@microsoft/agents-hosting-extensions-teams": "^1.2.3", "express": "^5.2.1", - "openclaw": "workspace:*", "proper-lockfile": "^4.1.2" }, "devDependencies": { diff --git a/extensions/nostr/package.json b/extensions/nostr/package.json index bd967d1953..9fcebd4a78 100644 --- a/extensions/nostr/package.json +++ b/extensions/nostr/package.json @@ -5,7 +5,6 @@ "type": "module", "dependencies": { "nostr-tools": "^2.23.0", - "openclaw": "workspace:*", "zod": "^4.3.6" }, "devDependencies": { diff --git a/extensions/zalo/package.json b/extensions/zalo/package.json index 973400c0ec..268efcbd43 100644 --- a/extensions/zalo/package.json +++ b/extensions/zalo/package.json @@ -4,7 +4,6 @@ "description": "OpenClaw Zalo channel plugin", "type": "module", "dependencies": { - "openclaw": "workspace:*", "undici": "7.21.0" }, "devDependencies": { diff --git a/extensions/zalouser/package.json b/extensions/zalouser/package.json index b593861a35..09f6d89154 100644 --- a/extensions/zalouser/package.json +++ b/extensions/zalouser/package.json @@ -4,8 +4,7 @@ "description": "OpenClaw Zalo Personal Account plugin via zca-cli", "type": "module", "dependencies": { - "@sinclair/typebox": "0.34.48", - "openclaw": "workspace:*" + "@sinclair/typebox": "0.34.48" }, "devDependencies": { "openclaw": "workspace:*" diff --git a/package.json b/package.json index b06792b619..d63032e2dd 100644 --- a/package.json +++ b/package.json @@ -185,9 +185,6 @@ "@napi-rs/canvas": "^0.1.89", "node-llama-cpp": "3.15.1" }, - "overrides": { - "tar": "7.5.7" - }, "engines": { "node": ">=22.12.0" }, @@ -215,37 +212,5 @@ "protobufjs", "sharp" ] - }, - "vitest": { - "coverage": { - "provider": "v8", - "reporter": [ - "text", - "lcov" - ], - "thresholds": { - "lines": 70, - "functions": 70, - "branches": 70, - "statements": 70 - }, - "include": [ - "src/**/*.ts" - ], - "exclude": [ - "src/**/*.test.ts" - ] - }, - "include": [ - "src/**/*.test.ts" - ], - "exclude": [ - "dist/**", - "apps/macos/**", - "apps/macos/.build/**", - "**/vendor/**", - "apps/macos/.build/**", - "dist/OpenClaw.app/**" - ] } } diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 92b7e5ab59..8b505bd55d 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -435,12 +435,13 @@ importers: express: specifier: ^5.2.1 version: 5.2.1 - openclaw: - specifier: workspace:* - version: link:../.. proper-lockfile: specifier: ^4.1.2 version: 4.1.2 + devDependencies: + openclaw: + specifier: workspace:* + version: link:../.. extensions/nextcloud-talk: devDependencies: @@ -453,12 +454,13 @@ importers: nostr-tools: specifier: ^2.23.0 version: 2.23.0(typescript@5.9.3) - openclaw: - specifier: workspace:* - version: link:../.. zod: specifier: ^4.3.6 version: 4.3.6 + devDependencies: + openclaw: + specifier: workspace:* + version: link:../.. extensions/open-prose: devDependencies: @@ -540,18 +542,20 @@ importers: extensions/zalo: dependencies: - openclaw: - specifier: workspace:* - version: link:../.. undici: specifier: 7.21.0 version: 7.21.0 + devDependencies: + openclaw: + specifier: workspace:* + version: link:../.. extensions/zalouser: dependencies: '@sinclair/typebox': specifier: 0.34.48 version: 0.34.48 + devDependencies: openclaw: specifier: workspace:* version: link:../.. diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml index f3baa1d99e..7554c6494d 100644 --- a/pnpm-workspace.yaml +++ b/pnpm-workspace.yaml @@ -5,11 +5,12 @@ packages: - extensions/* onlyBuiltDependencies: - - "@whiskeysockets/baileys" - "@lydell/node-pty" - "@matrix-org/matrix-sdk-crypto-nodejs" + - "@napi-rs/canvas" + - "@whiskeysockets/baileys" - authenticate-pam - esbuild + - node-llama-cpp - protobufjs - sharp - - "@napi-rs/canvas"