chore: apply event sweep result for openclaw-openclaw#75253
Some checks are pending
CI / pnpm check (push) Waiting to run
Some checks are pending
CI / pnpm check (push) Waiting to run
This commit is contained in:
github-actions[bot]
parent
da243c55a4
commit
823afe692f
236
records/openclaw-openclaw/closed/75253.md
Normal file
236
records/openclaw-openclaw/closed/75253.md
Normal file
@ -0,0 +1,236 @@
|
||||
---
|
||||
applied_at: 2026-04-30T20:29:51.249Z
|
||||
review_comment_synced_at: 2026-04-30T20:29:49.236Z
|
||||
number: 75253
|
||||
repository: openclaw/openclaw
|
||||
type: pull_request
|
||||
title: "fix(sandbox): build image with python3 instead of tagging bare debian"
|
||||
url: https://github.com/openclaw/openclaw/pull/75253
|
||||
state_at_review: open
|
||||
item_created_at: 2026-04-30T20:25:39Z
|
||||
item_updated_at: 2026-04-30T20:25:58Z
|
||||
author: stevene
|
||||
author_association: NONE
|
||||
labels: ["agents","size: XS"]
|
||||
reviewed_at: 2026-04-30T20:29:42.795Z
|
||||
main_sha: bb3a0c954505145e1e0d00dc60f9eb222059dbb7
|
||||
pull_head_sha: 2c214900899ef239ae458f3fbff9d065260ba308
|
||||
latest_release: v2026.4.27
|
||||
latest_release_sha: cbc2ba0931468259f26a7c547131a06e03ca6c6c
|
||||
fixed_release: v2026.4.27
|
||||
fixed_sha: cbc2ba0931468259f26a7c547131a06e03ca6c6c
|
||||
fixed_at: 2026-04-29T23:11:35+01:00
|
||||
review_policy: cf820e3da9faccb7
|
||||
review_model: gpt-5.5
|
||||
review_reasoning_effort: high
|
||||
review_sandbox: danger-full-access
|
||||
review_service_tier: fast
|
||||
review_mode: propose
|
||||
review_status: complete
|
||||
local_checkout_access: verified
|
||||
item_snapshot_hash: f71564d2dfb241b0310a1374fe7ac3a1b53271c73fe227b5803e5edf13c8bb2b
|
||||
close_comment_sha256: 5f36383e7a60e385130bdbac5d778c7b4bc477d055429d0f140bd8c70f5b3b61
|
||||
review_comment_sha256: c0b5a5509dd393f622542fffd9791949904b15b5e79f8a965e2586402c2976fc
|
||||
review_comment_id: 4355935149
|
||||
review_comment_url: https://github.com/openclaw/openclaw/pull/75253#issuecomment-4355935149
|
||||
decision: close
|
||||
close_reason: implemented_on_main
|
||||
confidence: high
|
||||
action_taken: closed
|
||||
work_candidate: none
|
||||
work_confidence: low
|
||||
work_priority: low
|
||||
work_status: none
|
||||
work_reason_sha256: 78b24ad21f04b2eb9e14f9cea10ef0c719e67a6e24c419b23c78658cc233e1e1
|
||||
work_prompt_sha256: none
|
||||
work_cluster_refs: []
|
||||
work_validation: []
|
||||
work_likely_files: []
|
||||
---
|
||||
|
||||
# [#75253: fix(sandbox): build image with python3 instead of tagging bare debian](https://github.com/openclaw/openclaw/pull/75253)
|
||||
|
||||
Type: pull_request
|
||||
|
||||
URL: [https://github.com/openclaw/openclaw/pull/75253](https://github.com/openclaw/openclaw/pull/75253)
|
||||
|
||||
Author: stevene
|
||||
|
||||
Author association: NONE
|
||||
|
||||
Labels: agents, size: XS
|
||||
|
||||
Created at: Apr 30, 2026, 20:25 UTC
|
||||
|
||||
Updated at: Apr 30, 2026, 20:25 UTC
|
||||
|
||||
Reviewed against: [bb3a0c954505](https://github.com/openclaw/openclaw/commit/bb3a0c954505145e1e0d00dc60f9eb222059dbb7)
|
||||
|
||||
Codex review: model gpt-5.5, reasoning high
|
||||
|
||||
Latest release at review time: [v2026.4.27](https://github.com/openclaw/openclaw/releases/tag/v2026.4.27) ([cbc2ba093146](https://github.com/openclaw/openclaw/commit/cbc2ba0931468259f26a7c547131a06e03ca6c6c))
|
||||
|
||||
Fixed in: release [v2026.4.27](https://github.com/openclaw/openclaw/releases/tag/v2026.4.27), commit [cbc2ba093146](https://github.com/openclaw/openclaw/commit/cbc2ba0931468259f26a7c547131a06e03ca6c6c)
|
||||
|
||||
## Decision
|
||||
|
||||
Close: already implemented on main
|
||||
|
||||
Confidence: high
|
||||
|
||||
Action taken: proposed_close
|
||||
|
||||
## Summary
|
||||
|
||||
Current main already fixes the default Docker sandbox image regression and the fix is shipped: OpenClaw no longer creates `openclaw-sandbox:bookworm-slim` by tagging bare Debian, the maintained sandbox Dockerfile installs `python3`, docs direct users to the build script, and regression coverage protects the missing-image path.
|
||||
|
||||
## What This Changes
|
||||
|
||||
The PR changes the default sandbox Docker image creation path from pulling and tagging bare `debian:bookworm-slim` to building an inline Debian-based image with `python3` installed.
|
||||
|
||||
## Best Possible Solution
|
||||
|
||||
Keep the shipped explicit-build path: the repo-owned, digest-pinned `Dockerfile.sandbox` and `scripts/sandbox-setup.sh` should remain the source of the default image, with `ensureDockerImage` failing fast instead of auto-creating an image from a mutable base tag.
|
||||
|
||||
## Reproduction Assessment
|
||||
|
||||
Yes. The old failure mode is covered by the PR description and current regression test: missing `openclaw-sandbox:bookworm-slim` must not be satisfied by tagging bare Debian, and current main verifies the fixed behavior without needing a live Docker mutation in this read-only review.
|
||||
|
||||
## Solution Assessment
|
||||
|
||||
No, this PR is no longer the best way to solve the issue. Current main uses a safer shipped solution with a maintained sandbox Dockerfile, explicit setup command, docs, and regression coverage instead of building an inline image from a mutable Debian tag during runtime image checks.
|
||||
|
||||
## Review Findings
|
||||
|
||||
Overall correctness: patch is incorrect
|
||||
|
||||
Overall confidence: 0.9
|
||||
|
||||
Full review comments:
|
||||
|
||||
- **[P2] Use the checked-in sandbox Dockerfile for the default image:** `src/agents/sandbox/docker.ts:265-273`
|
||||
- body: The PR adds a second default-image build path with an inline Dockerfile and mutable `debian:bookworm-slim` base, diverging from the repo-owned `Dockerfile.sandbox` and `scripts/sandbox-setup.sh` path that current main already ships. This patch should not land as-is because it bypasses the maintained, documented image contract.
|
||||
- confidence: 0.86
|
||||
|
||||
## Security Review
|
||||
|
||||
Status: needs_attention
|
||||
|
||||
Summary: The proposed diff touches Docker image construction and would add an inline build path using a mutable base tag and runtime package install instead of the maintained sandbox Dockerfile.
|
||||
|
||||
Concerns:
|
||||
|
||||
- **[medium] Inline sandbox image build bypasses pinned image source:** `src/agents/sandbox/docker.ts:266`
|
||||
- body: Building from `FROM debian:bookworm-slim` inside `ensureDockerImage` creates a second supply-chain path for the default sandbox image and bypasses the checked-in `Dockerfile.sandbox` plus setup script that current main uses for the shipped image contract.
|
||||
- confidence: 0.84
|
||||
|
||||
## Work Candidate
|
||||
|
||||
Candidate: none
|
||||
|
||||
Confidence: low
|
||||
|
||||
Priority: low
|
||||
|
||||
Status: none
|
||||
|
||||
Reason: No repair lane is needed because current main and `v2026.4.27` already cover the reported behavior, and the PR branch is obsolete rather than a useful patch to update.
|
||||
|
||||
## Evidence
|
||||
|
||||
- **Current implementation refuses plain Debian substitution:** `ensureDockerImage` now returns only when the configured image exists; for the default image it throws with a `scripts/sandbox-setup.sh` build instruction and explicitly says OpenClaw will not substitute plain `debian:bookworm-slim`.
|
||||
- file: [src/agents/sandbox/docker.ts:314](https://github.com/openclaw/openclaw/blob/bb3a0c954505145e1e0d00dc60f9eb222059dbb7/src/agents/sandbox/docker.ts#L314)
|
||||
- command: `nl -ba src/agents/sandbox/docker.ts | sed -n '300,330p'`
|
||||
- sha: [bb3a0c954505](https://github.com/openclaw/openclaw/commit/bb3a0c954505145e1e0d00dc60f9eb222059dbb7)
|
||||
- **Default sandbox image includes python3:** The checked-in `Dockerfile.sandbox` installs `python3`, and `scripts/sandbox-setup.sh` builds `openclaw-sandbox:bookworm-slim` from that Dockerfile.
|
||||
- file: [Dockerfile.sandbox:16](https://github.com/openclaw/openclaw/blob/bb3a0c954505145e1e0d00dc60f9eb222059dbb7/Dockerfile.sandbox#L16)
|
||||
- command: `nl -ba Dockerfile.sandbox | sed -n '1,120p'; nl -ba scripts/sandbox-setup.sh | sed -n '1,160p'`
|
||||
- sha: [bb3a0c954505](https://github.com/openclaw/openclaw/commit/bb3a0c954505145e1e0d00dc60f9eb222059dbb7)
|
||||
- **Regression coverage exists:** `src/agents/sandbox/docker.test.ts` asserts that a missing default sandbox image is not satisfied by tagging plain Debian and that the error mentions both `scripts/sandbox-setup.sh` and `python3`.
|
||||
- file: [src/agents/sandbox/docker.test.ts:100](https://github.com/openclaw/openclaw/blob/bb3a0c954505145e1e0d00dc60f9eb222059dbb7/src/agents/sandbox/docker.test.ts#L100)
|
||||
- command: `nl -ba src/agents/sandbox/docker.test.ts | sed -n '1,180p'`
|
||||
- sha: [bb3a0c954505](https://github.com/openclaw/openclaw/commit/bb3a0c954505145e1e0d00dc60f9eb222059dbb7)
|
||||
- **Docs describe the current contract:** The sandboxing docs tell users to run `scripts/sandbox-setup.sh` and explain that OpenClaw does not silently substitute plain `debian:bookworm-slim` because the bundled image carries `python3` for write/edit helpers.
|
||||
- file: [docs/gateway/sandboxing.md:362](https://github.com/openclaw/openclaw/blob/bb3a0c954505145e1e0d00dc60f9eb222059dbb7/docs/gateway/sandboxing.md#L362)
|
||||
- command: `nl -ba docs/gateway/sandboxing.md | sed -n '340,390p'`
|
||||
- sha: [bb3a0c954505](https://github.com/openclaw/openclaw/commit/bb3a0c954505145e1e0d00dc60f9eb222059dbb7)
|
||||
- **Release provenance:** The `v2026.4.27` release tag contains the fix/proof state and its changelog entry says Sandbox/Docker stopped tagging plain Debian as `openclaw-sandbox:bookworm-slim`, preserving Python tooling for sandbox write/edit helpers.
|
||||
- file: [CHANGELOG.md:102](https://github.com/openclaw/openclaw/blob/cbc2ba0931468259f26a7c547131a06e03ca6c6c/CHANGELOG.md#L102)
|
||||
- command: `git show cbc2ba0931468259f26a7c547131a06e03ca6c6c:CHANGELOG.md | rg -n "Sandbox/Docker: stop satisfying|plain Debian|python3" -C 2; git tag --contains cbc2ba0931468259f26a7c547131a06e03ca6c6c`
|
||||
- sha: [cbc2ba093146](https://github.com/openclaw/openclaw/commit/cbc2ba0931468259f26a7c547131a06e03ca6c6c)
|
||||
|
||||
## Likely Related People
|
||||
|
||||
- **@openclaw/openclaw-secops:** code owner
|
||||
- reason: CODEOWNERS routes `src/agents/sandbox/**`, `src/agents/sandbox-*.ts`, `src/agents/sandbox.ts`, and sandboxing docs to this team.
|
||||
- confidence: high
|
||||
- files: .github/CODEOWNERS, src/agents/sandbox/docker.ts, docs/gateway/sandboxing.md
|
||||
- **Peter Steinberger:** release/proof committer
|
||||
- reason: The `v2026.4.27` release/proof commit contains the fixed sandbox implementation, Dockerfile, regression test, docs, and changelog entry.
|
||||
- confidence: medium
|
||||
- commits: cbc2ba0931468259f26a7c547131a06e03ca6c6c
|
||||
- files: src/agents/sandbox/docker.ts, src/agents/sandbox/docker.test.ts, Dockerfile.sandbox, docs/gateway/sandboxing.md, CHANGELOG.md
|
||||
|
||||
## Risks / Open Questions
|
||||
|
||||
- none
|
||||
|
||||
## Close Comment
|
||||
|
||||
Thanks for the context here. I did a careful shell check against current `main`, and this is already implemented.
|
||||
|
||||
Current main already fixes the default Docker sandbox image regression and the fix is shipped: OpenClaw no longer creates `openclaw-sandbox:bookworm-slim` by tagging bare Debian, the maintained sandbox Dockerfile installs `python3`, docs direct users to the build script, and regression coverage protects the missing-image path.
|
||||
|
||||
So I’m closing this as already implemented rather than keeping a duplicate issue open.
|
||||
|
||||
<details>
|
||||
<summary>Review details</summary>
|
||||
|
||||
Best possible solution:
|
||||
|
||||
Keep the shipped explicit-build path: the repo-owned, digest-pinned `Dockerfile.sandbox` and `scripts/sandbox-setup.sh` should remain the source of the default image, with `ensureDockerImage` failing fast instead of auto-creating an image from a mutable base tag.
|
||||
|
||||
Do we have a high-confidence way to reproduce the issue?
|
||||
|
||||
Yes. The old failure mode is covered by the PR description and current regression test: missing `openclaw-sandbox:bookworm-slim` must not be satisfied by tagging bare Debian, and current main verifies the fixed behavior without needing a live Docker mutation in this read-only review.
|
||||
|
||||
Is this the best way to solve the issue?
|
||||
|
||||
No, this PR is no longer the best way to solve the issue. Current main uses a safer shipped solution with a maintained sandbox Dockerfile, explicit setup command, docs, and regression coverage instead of building an inline image from a mutable Debian tag during runtime image checks.
|
||||
|
||||
Security review:
|
||||
|
||||
Security review needs attention: The proposed diff touches Docker image construction and would add an inline build path using a mutable base tag and runtime package install instead of the maintained sandbox Dockerfile.
|
||||
|
||||
- [medium] Inline sandbox image build bypasses pinned image source — `src/agents/sandbox/docker.ts:266`
|
||||
Building from `FROM debian:bookworm-slim` inside `ensureDockerImage` creates a second supply-chain path for the default sandbox image and bypasses the checked-in `Dockerfile.sandbox` plus setup script that current main uses for the shipped image contract.
|
||||
Confidence: 0.84
|
||||
|
||||
What I checked:
|
||||
|
||||
- **Current implementation refuses plain Debian substitution:** `ensureDockerImage` now returns only when the configured image exists; for the default image it throws with a [`scripts/sandbox-setup.sh`](https://github.com/openclaw/openclaw/blob/bb3a0c954505/scripts/sandbox-setup.sh) build instruction and explicitly says OpenClaw will not substitute plain `debian:bookworm-slim`. ([`src/agents/sandbox/docker.ts:314`](https://github.com/openclaw/openclaw/blob/bb3a0c954505/src/agents/sandbox/docker.ts#L314), [bb3a0c954505](https://github.com/openclaw/openclaw/commit/bb3a0c954505))
|
||||
- **Default sandbox image includes python3:** The checked-in `Dockerfile.sandbox` installs `python3`, and [`scripts/sandbox-setup.sh`](https://github.com/openclaw/openclaw/blob/bb3a0c954505/scripts/sandbox-setup.sh) builds `openclaw-sandbox:bookworm-slim` from that Dockerfile. ([`Dockerfile.sandbox:16`](https://github.com/openclaw/openclaw/blob/bb3a0c954505/Dockerfile.sandbox#L16), [bb3a0c954505](https://github.com/openclaw/openclaw/commit/bb3a0c954505))
|
||||
- **Regression coverage exists:** [`src/agents/sandbox/docker.test.ts`](https://github.com/openclaw/openclaw/blob/bb3a0c954505/src/agents/sandbox/docker.test.ts) asserts that a missing default sandbox image is not satisfied by tagging plain Debian and that the error mentions both [`scripts/sandbox-setup.sh`](https://github.com/openclaw/openclaw/blob/bb3a0c954505/scripts/sandbox-setup.sh) and `python3`. ([`src/agents/sandbox/docker.test.ts:100`](https://github.com/openclaw/openclaw/blob/bb3a0c954505/src/agents/sandbox/docker.test.ts#L100), [bb3a0c954505](https://github.com/openclaw/openclaw/commit/bb3a0c954505))
|
||||
- **Docs describe the current contract:** The sandboxing docs tell users to run [`scripts/sandbox-setup.sh`](https://github.com/openclaw/openclaw/blob/bb3a0c954505/scripts/sandbox-setup.sh) and explain that OpenClaw does not silently substitute plain `debian:bookworm-slim` because the bundled image carries `python3` for write/edit helpers. Public docs: [`docs/gateway/sandboxing.md`](https://docs.openclaw.ai/gateway/sandboxing). ([`docs/gateway/sandboxing.md:362`](https://docs.openclaw.ai/gateway/sandboxing), [bb3a0c954505](https://github.com/openclaw/openclaw/commit/bb3a0c954505))
|
||||
- **Release provenance:** The `v2026.4.27` release tag contains the fix/proof state and its changelog entry says Sandbox/Docker stopped tagging plain Debian as `openclaw-sandbox:bookworm-slim`, preserving Python tooling for sandbox write/edit helpers. ([`CHANGELOG.md:102`](https://github.com/openclaw/openclaw/blob/cbc2ba093146/CHANGELOG.md#L102), [cbc2ba093146](https://github.com/openclaw/openclaw/commit/cbc2ba093146))
|
||||
|
||||
Likely related people:
|
||||
|
||||
- **@openclaw/openclaw-secops:** CODEOWNERS routes `src/agents/sandbox/**`, `src/agents/sandbox-*.ts`, `src/agents/sandbox.ts`, and sandboxing docs to this team. (role: code owner; confidence: high; files: `.github/CODEOWNERS`, `src/agents/sandbox/docker.ts`, `docs/gateway/sandboxing.md`)
|
||||
- **Peter Steinberger:** The `v2026.4.27` release/proof commit contains the fixed sandbox implementation, Dockerfile, regression test, docs, and changelog entry. (role: release/proof committer; confidence: medium; commits: [cbc2ba093146](https://github.com/openclaw/openclaw/commit/cbc2ba0931468259f26a7c547131a06e03ca6c6c); files: `src/agents/sandbox/docker.ts`, `src/agents/sandbox/docker.test.ts`, `Dockerfile.sandbox`)
|
||||
|
||||
Codex review notes: model gpt-5.5, reasoning high; reviewed against [bb3a0c954505](https://github.com/openclaw/openclaw/commit/bb3a0c954505145e1e0d00dc60f9eb222059dbb7); fix evidence: release [v2026.4.27](https://github.com/openclaw/openclaw/releases/tag/v2026.4.27), commit [cbc2ba093146](https://github.com/openclaw/openclaw/commit/cbc2ba0931468259f26a7c547131a06e03ca6c6c).
|
||||
|
||||
</details>
|
||||
|
||||
<!-- clawsweeper-security:security-sensitive item=75253 sha=2c214900899ef239ae458f3fbff9d065260ba308 confidence=high -->
|
||||
<!-- clawsweeper-verdict:needs-human item=75253 sha=2c214900899ef239ae458f3fbff9d065260ba308 confidence=high -->
|
||||
|
||||
## GitHub Snapshot
|
||||
|
||||
- comments: 0
|
||||
- timeline events: 4
|
||||
- related items: 5
|
||||
- PR files: 1
|
||||
- PR commits: 1
|
||||
|
||||
Loading…
Reference in New Issue
Block a user