chore: add cost-safe GitHub Codespaces devcontainer

[eulicesl]

Summary

Add a baseline GitHub Codespaces devcontainer with cost-safe defaults for contributor onboarding.

Defaults

• 2 CPU, 8 GB RAM, 32 GB storage
• GitHub CLI + Python where needed
• Light post-create bootstrap

Why

Makes cloud dev reproducible and quick while controlling spend.

Summary by CodeRabbit

• Chores
  • Standardized developer environment for contributors with defined resource allocation and common runtimes (Node, Python).
  • Auto-installs package manager when missing and runs project dependency install.
  • Enables popular editor extensions (ESLint, Prettier) for consistent coding style.
  • Codespaces now opens key documentation files on start for quicker onboarding.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
v0-moltbot	Error		Apr 17, 2026 1:54pm

[greptile-apps]

Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.

[coderabbitai]

📝 Walkthrough

Walkthrough

A new development container configuration was added: .devcontainer/devcontainer.json defines the openclaw-dev environment based on the javascript-node:22-bookworm image, sets host resource constraints, enables GitHub CLI and Python 3.12 features, installs ESLint and Prettier extensions, and runs initialization commands to ensure and install pnpm then run pnpm install.

Changes

Cohort / File(s)	Summary
Development Container Configuration \.devcontainer/devcontainer.json	Added a devcontainer that uses javascript-node:22-bookworm, sets host requirements (2 CPU, 8GB RAM, 32GB storage), enables github-cli and python (3.12) features, installs VS Code extensions (dbaeumer.vscode-eslint, esbenp.prettier-vscode), configures Codespaces to open README.md and AGENTS.md, and runs corepack enable plus pnpm verification/install and pnpm install in postCreateCommand.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

"At your service: a container set to spawn,
Node twenty-two awaits the developer's dawn,
Tools and extensions summoned, pnpm primed,
Two cores hum softly while work is aligned,
All prepared—deploy the code, carry on."

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description covers the essential summary but lacks required sections such as Change Type, Scope, Security Impact, and Human Verification specified in the template.	Complete the template sections including Change Type (Chore/infra), Scope, Security Impact assessment, and Human Verification to provide comprehensive review context.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the primary change: adding a devcontainer configuration for GitHub Codespaces with cost-conscious defaults.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/codespaces-bootstrap-openclaw

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request introduces a .devcontainer/devcontainer.json file to standardize the development environment using Node.js 22 and Python 3.12. Feedback suggests updating the Node.js version to 24 to align with the project's README, adding Bun to the features list as per the repository's preference for TypeScript execution, and simplifying the postCreateCommand by removing redundant pnpm installation logic since corepack is enabled.

[gemini-code-assist]

The project's README.md recommends Node 24 for the runtime. Updating the base image to 24-bookworm ensures the development environment aligns with the recommended configuration for contributors.

Suggested change

	"image": "mcr.microsoft.com/devcontainers/javascript-node:22-bookworm",
	"image": "mcr.microsoft.com/devcontainers/javascript-node:24-bookworm",

References

1. README.md recommends Node 24 or Node 22.16+ for the runtime.

[gemini-code-assist]

The repository guidelines in AGENTS.md specify a preference for Bun for TypeScript execution (scripts, dev, tests). Adding the Bun feature ensures contributors have the preferred toolchain available in the Codespace environment.

    "ghcr.io/devcontainers/features/python:1": {
      "version": "3.12"
    },
    "ghcr.io/devcontainers/features/bun:1": {}

References

1. AGENTS.md states: Prefer Bun for TypeScript execution (scripts, dev, tests).

[gemini-code-assist]

Since corepack is enabled and the packageManager is explicitly defined in package.json, pnpm will be automatically managed. The manual version check and global installation fallback are redundant in this environment.

Suggested change

	"postCreateCommand": "corepack enable && pnpm --version || npm i -g pnpm && pnpm install"
	"postCreateCommand": "corepack enable && pnpm install"

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.devcontainer/devcontainer.json:
- Line 23: The postCreateCommand string has an operator-precedence bug causing
pnpm install to be skipped when corepack enable && pnpm --version succeeds;
update the postCreateCommand value so the pnpm version check and fallback
install are grouped before running pnpm install (for example, group the "pnpm
--version || npm i -g pnpm" portion with parentheses or split into separate
sequential commands) so that after ensuring pnpm is available the command always
runs pnpm install.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 310da51f-7f06-4c5a-b3fd-68c3cc37770e

📥 Commits

Reviewing files that changed from the base of the PR and between 3017a71 and e29a92b.

📒 Files selected for processing (1)

• .devcontainer/devcontainer.json

[Copilot]

Pull request overview

Adds a baseline GitHub Codespaces devcontainer configuration to make contributor onboarding more reproducible with cost-conscious resource defaults.

Changes:

• Introduces .devcontainer/devcontainer.json using a Node devcontainer image with Codespaces host requirements.
• Adds devcontainer features for GitHub CLI and Python.
• Adds VS Code/Codespaces customizations and a dependency install postCreateCommand.

[Copilot]

The devcontainer pins the base image to Node 22, but the repo’s primary Docker build uses Node 24 (and CI’s setup-node defaults to 24.x). To reduce “works in Codespaces but fails in CI/Docker” drift, consider switching this image tag to the same Node major (or documenting why Codespaces should stay on 22).

Suggested change

	"image": "mcr.microsoft.com/devcontainers/javascript-node:22-bookworm",
	"image": "mcr.microsoft.com/devcontainers/javascript-node:24-bookworm",

[Copilot]

The VS Code extension recommendations here don’t match the repo’s existing .vscode/extensions.json / formatter setup (which recommends oxc.oxc-vscode and uses it as the default formatter). Using ESLint/Prettier extensions in the devcontainer may lead to inconsistent formatting/linting vs the rest of the repo.

Suggested change

	"extensions": ["dbaeumer.vscode-eslint", "esbenp.prettier-vscode"]
	"extensions": ["oxc.oxc-vscode"]

[Copilot]

postCreateCommand installs dependencies without --frozen-lockfile, which can rewrite pnpm-lock.yaml during onboarding and make the Codespace non-reproducible. Also, the fallback npm i -g pnpm ignores the repo’s pinned packageManager (pnpm@10.32.1); prefer bootstrapping pnpm via corepack (or at least install the pinned pnpm version) and then run pnpm install --frozen-lockfile.

Suggested change

	"postCreateCommand": "corepack enable && pnpm --version || npm i -g pnpm && pnpm install"
	"postCreateCommand": "corepack enable && corepack prepare pnpm@10.32.1 --activate && pnpm install --frozen-lockfile"

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

.devcontainer/devcontainer.json (1)

23-23: ⚠️ Potential issue | 🔴 Critical

Critical: postCreateCommand operator chaining still skips install on success path, Sir.

At Line 23, pnpm install is not guaranteed to run when corepack enable && pnpm --version succeeds.

🔧 Proposed fix

-  "postCreateCommand": "corepack enable && pnpm --version || npm i -g pnpm && pnpm install"
+  "postCreateCommand": "corepack enable && (pnpm --version || npm i -g pnpm) && pnpm install"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.devcontainer/devcontainer.json at line 23, The postCreateCommand currently
uses operator chaining that causes pnpm install to be skipped when the initial
corepack enable && pnpm --version succeeds; update the command in
postCreateCommand so installation always runs: ensure corepack enable runs
first, then try pnpm --version and fall back to npm i -g pnpm if needed, and
finally always run pnpm install (e.g., by grouping the version check with || and
chaining the final pnpm install with && or using semicolons); locate the
postCreateCommand string and change its operator ordering to guarantee pnpm
install executes on the success path.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.devcontainer/devcontainer.json:
- Line 23: Replace the non-deterministic postCreateCommand value so Corepack is
used to activate a pinned pnpm release; specifically update the
"postCreateCommand" entry to run corepack enable && corepack prepare
pnpm@<PINNED_VERSION> --activate && pnpm install (choose and pin a specific
semver like 8.6.0), rather than falling back to npm i -g pnpm, ensuring
deterministic, reproducible provisioning when the container boots.

---

Duplicate comments:
In @.devcontainer/devcontainer.json:
- Line 23: The postCreateCommand currently uses operator chaining that causes
pnpm install to be skipped when the initial corepack enable && pnpm --version
succeeds; update the command in postCreateCommand so installation always runs:
ensure corepack enable runs first, then try pnpm --version and fall back to npm
i -g pnpm if needed, and finally always run pnpm install (e.g., by grouping the
version check with || and chaining the final pnpm install with && or using
semicolons); locate the postCreateCommand string and change its operator
ordering to guarantee pnpm install executes on the success path.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: cd74a223-5237-42b3-89b1-e11aa439ac8e

📥 Commits

Reviewing files that changed from the base of the PR and between e29a92b and db144fd.

📒 Files selected for processing (1)

• .devcontainer/devcontainer.json

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify current pnpm pin and bootstrap patterns used by the repo (read-only).
set -euo pipefail

echo "== packageManager / engines in package.json =="
rg -n -C2 '"packageManager"|"engines"|pnpm@' package.json

echo
echo "== standard pnpm bootstrap in scripts/install.sh =="
rg -n -C3 'corepack enable|corepack prepare|ensure_pnpm|pnpm@' scripts/install.sh

echo
echo "== CI setup pattern references =="
rg -n -C3 'setup-pnpm-store-cache|pnpm-version|pnpm -v' .github/actions/setup-node-env/action.yml

echo
echo "== current devcontainer command =="
rg -n -C1 '"postCreateCommand"' .devcontainer/devcontainer.json

Repository: eulicesl/openclaw

Length of output: 1782

---

🌐 Web query:

corepack prepare pnpm activate best practices Node.js

💡 Result:

To prepare and activate pnpm using Corepack in Node.js projects, follow these best practices grounded in official documentation: 1. Update Corepack to the latest version due to signature issues: npm install --global corepack@latest 2. Enable Corepack for pnpm: corepack enable pnpm This creates shims for pnpm/pnpx next to the Node.js binary. 3. For project-specific version pinning (recommended for reproducibility), add to package.json: "packageManager": "pnpm@latest-10" Then run: corepack use pnpm@latest-10 Corepack will automatically download and use this version when pnpm is invoked in the project. 4. For CI/CD and Docker (offline-safe preparation): npm install --global corepack@latest corepack enable corepack prepare pnpm@latest-10 --activate This installs and activates the specific version globally in the environment. Key benefits: - Ensures all team members and CI use the exact same pnpm version. - No global pnpm installs needed; avoids conflicts. - In CI, pnpm auto-uses frozen-lockfile mode. Avoid: Global npm install -g pnpm (overrides Corepack shims). Use corepack pnpm ... if shims conflict. Note: Node.js >=16.13 includes Corepack (experimental; enable required). For Node 26+, may need userland Corepack.

Citations:

• 1: https://pnpm.io/continuous-integration
• 2: https://pnpm.io/next/installation
• 3: https://pnpm.io/installation
• 4: https://nodejs.org/download/release/v22.11.0/docs/api/corepack.html
• 5: https://corepack.org/
• 6: https://pnpm.io/en/installation
• 7: https://pnpm.io/9.x/continuous-integration
• 8: https://pnpm.io/next/continuous-integration

---

🌐 Web query:

devcontainer postCreateCommand pnpm corepack bootstrap

💡 Result:

To set up pnpm with Corepack in a VS Code Dev Container using postCreateCommand, use the following configuration in your .devcontainer/devcontainer.json file. This enables Corepack (which ships with Node.js) to manage pnpm, ensuring the correct version is used based on your package.json's "packageManager" field. Example devcontainer.json snippet: { "image": "mcr.microsoft.com/devcontainers/javascript-node:20", "features": { "ghcr.io/devcontainers/features/node:1": { "version": "20" } }, "postCreateCommand": "corepack enable && corepack prepare pnpm@latest --activate && pnpm install", "customizations": { "vscode": { "extensions": ["esbenp.prettier-vscode"] } } } Key steps in postCreateCommand: 1. corepack enable - Activates Corepack shims for package managers like pnpm. 2. corepack prepare pnpm@latest --activate - Downloads and activates the specified pnpm version (use the version from your package.json, e.g., "pnpm@10.5.0"). 3. pnpm install - Installs dependencies using the activated pnpm. For Dockerfiles in .devcontainer/Dockerfile, do this during build: FROM mcr.microsoft.com/devcontainers/javascript-node:20 RUN corepack enable pnpm ENV PNPM_HOME=/pnpm ENV PATH="$PNPM_HOME:$PATH" Then in devcontainer.json: "postCreateCommand": "pnpm install --frozen-lockfile" To persist pnpm store across rebuilds (faster installs), add mounts: "mounts": [ "source=pnpm-store,target=${containerWorkspaceFolder}/.pnpm-store,type=volume" ], "postCreateCommand": "corepack enable pnpm && sudo chown -R $(whoami) .pnpm-store && pnpm install" This setup works with Node.js 20+ images where Corepack is included. For Node 25+, Corepack may need npm install -g corepack@latest first, but devcontainer Node images use versions with Corepack. pnpm official repo has .devcontainer config at github.com/pnpm/pnpm/tree/main/.devcontainer confirming this approach.

Citations:

• 1: https://stackoverflow.com/questions/77099690/how-do-i-make-pnpm-work-as-intended-in-a-vscode-dev-container
• 2: https://opensource.unicc.org/openwallet-foundation/credo-ts/-/blob/v0.6.0-alpha-20250311103137/.devcontainer/devcontainer.json
• 3: https://pnpm.io/9.x/docker
• 4: https://pnpm.io/next/installation
• 5: https://pnpm.io/installation
• 6: https://github.com/pnpm/pnpm/tree/main/.devcontainer
• 7: https://gist.github.com/PatrickChoDev/81d36159aca4dc687b8c89983e64da2e?permalink_comment_id=5782142
• 8: https://github.com/coveo/ui-kit/blob/main/.devcontainer/README.md

---

Major: pnpm provisioning at Line 23 presents a determinism vulnerability, Sir.

The current command—corepack enable && pnpm --version || npm i -g pnpm && pnpm install—lacks explicit version pinning and will fail on initial container setup. The fallback npm i -g pnpm bypasses Corepack entirely, pulling an arbitrary version from the registry. Official Corepack and pnpm documentation for containerised environments prescribe the pattern: corepack enable && corepack prepare pnpm@VERSION --activate.

Recommend aligning with deterministic bootstrap practices:

🔧 Proposed deterministic bootstrap

-  "postCreateCommand": "corepack enable && pnpm --version || npm i -g pnpm && pnpm install"
+  "postCreateCommand": "corepack enable && corepack prepare pnpm@10.32.1 --activate && pnpm install"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"postCreateCommand": "corepack enable && pnpm --version || npm i -g pnpm && pnpm install"
	"postCreateCommand": "corepack enable && corepack prepare pnpm@10.32.1 --activate && pnpm install"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.devcontainer/devcontainer.json at line 23, Replace the non-deterministic
postCreateCommand value so Corepack is used to activate a pinned pnpm release;
specifically update the "postCreateCommand" entry to run corepack enable &&
corepack prepare pnpm@<PINNED_VERSION> --activate && pnpm install (choose and
pin a specific semver like 8.6.0), rather than falling back to npm i -g pnpm,
ensuring deterministic, reproducible provisioning when the container boots.

[eulicesl]

Closing this as redundant after moving the personal Codespaces setup to fork-only branch personal/codespaces-base. main remains a clean upstream mirror; this branch is the personal cloud-dev base.