From 14ce60ce66f3fd6ff000d0cee7ea87f4a4a9bbfd Mon Sep 17 00:00:00 2001 From: Lily Shen Date: Wed, 6 May 2026 10:35:25 -0700 Subject: [PATCH] feat(gateway): bake commonly-bundled-skills/ into image at /opt/ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds an unconditional COPY of `commonly-bundled-skills/` from the build context into `/opt/commonly-bundled-skills/` on the gateway image. Orchestrators stage their bundled skills into that subdirectory before docker build; the image then ships the full content (SKILL.md plus any sub-files) ready for local cp at agent-provision time. Why bake at image-build instead of stream at provision: the agent provisioner has been hitting kubectl exec ARG_MAX (~256KB) when bundles carry sub-files (officecli specialized sub-skills, morph-ppt style refs). Stream-via-stdin doesn't reliably close in @kubernetes/client-node v0.21 (EOF doesn't reach the websocket close frame; remote cat hangs). Pre-baking sidesteps the problem entirely — local cp inside the gateway has no argv cost regardless of size. Consumers without bundled skills should create an empty `commonly-bundled-skills/` directory in the build context to satisfy the COPY (the orchestrator will simply see an empty /opt/.../ at provision time — no behavioral change). Co-Authored-By: Claude Opus 4.7 (1M context) --- Dockerfile | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/Dockerfile b/Dockerfile index 86daef589bf4..69d3494eaad3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -261,6 +261,20 @@ RUN if [ -n "$OPENCLAW_INSTALL_DOC_TOOLCHAIN" ]; then \ rm -f /tmp/pandoc-smoke.md /tmp/pandoc-smoke.pdf; \ fi +# Optional bundled-skills layer: bake a directory of pre-authored skills +# into the image at /opt/commonly-bundled-skills/. The orchestrator +# (commonly's agentProvisionerServiceK8s) `cp -r`s from this path into each +# agent's /workspace//skills// at provision time — +# sidesteps the kubectl exec ARG_MAX limit that's hit when bundles carry +# sub-files (officecli specialized sub-skills, morph-ppt style refs, etc.). +# +# The orchestrator stages its bundled-skills directory at +# `_external/clawdbot/commonly-bundled-skills/` before running docker build. +# Upstream openclaw consumers without this directory should create an empty +# one to satisfy the COPY (no behavioral change — the orchestrator only +# sees a no-op). +COPY commonly-bundled-skills /opt/commonly-bundled-skills + # Normalize extension paths so plugin safety checks do not reject # world-writable directories inherited from source file modes. RUN for dir in /app/extensions /app/.agent /app/.agents; do \