Strips runtime packages (nodejs_22, kubectl, jq, git, emacs, tsx, tea, pythonEnv, qmd) from the Docker image contents, reducing image size from ~2.7GB to ~1.5GB.
Key changes:
- Removed 9 runtime packages from contents (moved to openclaw-runtime-closure)
- Removed pythonEnv let binding and qmd parameter (no longer needed in image)
- Added OPENCLAW_RUNTIME_CLOSURE env var (bakes closure path for init container)
- Added runtime closure bin dir to PATH (resolves after PVC population)
- Added curl to contents (needed by init container for Harmonia health checks)
- CI: added openclaw-runtime-closure to build-and-cache PACKAGES array
- CI: added second sed command for CronJob image tag update
- CI: removed inherit qmd from openclaw-image callPackage (qmd now in runtime closure)
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)
Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
- packages/qmd: buildNpmPackage with Node.js 22 (not Bun) to avoid
native module ABI issues with better-sqlite3 and sqlite-vec
- Vendored package-lock.json (QMD ships bun.lock, not npm lockfile)
- packages/openclaw-image: adds qmd + tsx to image contents
- packages/default.nix: rec attrset so openclaw-image can inherit qmd
- flake.nix: expose custom-qmd package output for CI caching
The OpenClaw runtime validates that resolved symlinks stay within
/app/dist/extensions/. When /app was a Nix store symlink, realpath
resolved to /nix/store/ which 'escaped' the boundary. Now we copy
the app files into /app as a real directory in extraCommands.
johno