dev/README.md
A fully containerized development sandbox for ZeroClaw agents. This environment allows you to develop, test, and debug the agent in isolation without modifying your host system.
agent/: (Merged into root Dockerfile)
Dockerfile using the dev stage (target: dev).debian:bookworm-slim (unlike production distroless).bash, curl, and debug tools.sandbox/: Dockerfile for the simulated user environment.
ubuntu:22.04.git, python3, nodejs, npm, gcc, make.docker-compose.yml: Defines the services and dev-net network.cli.sh: Helper script to manage the lifecycle.Run all commands from the repository root using the helper script:
./dev/cli.sh up
Builds the agent from source and starts both containers.
zeroclaw-dev)./dev/cli.sh agent
Use this to run zeroclaw CLI commands manually, debug the binary, or check logs internally.
/zeroclaw-datanobody (65534)sandbox)./dev/cli.sh shell
Use this to act as the "user" or "environment" the agent interacts with.
/home/developer/workspacedeveloper (sudo-enabled)src/../dev/cli.sh build
./dev/cli.sh agent
# inside container:
zeroclaw --version
The playground/ directory (in repo root) is mounted as the shared workspace:
/zeroclaw-data/workspace/home/developer/workspaceFiles created by the agent are visible to the sandbox user, and vice versa. The directory is git-ignored and auto-populated on first run — the agent creates brain.db, sessions.db, personality files (IDENTITY.md, SOUL.md), and hygiene state automatically.
The agent configuration lives in target/.zeroclaw (mounted to /zeroclaw-data/.zeroclaw), so settings persist across container rebuilds.
Stop containers and remove volumes and generated config:
./dev/cli.sh clean
Note: This removes target/.zeroclaw (config/DB) but leaves the playground/ directory intact. To fully wipe workspace data, manually delete playground/.
Use this when you want CI-style validation without relying on GitHub Actions and without running Rust toolchain commands on your host.
./dev/ci.sh build-image
./dev/ci.sh all
This runs inside a container:
./scripts/ci/rust_quality_gate.shcargo test --locked --verbosecargo build --release --locked --verbosecargo deny check licenses sourcescargo auditdocker build --target dev ... + --version check)To run an opt-in strict lint audit locally:
./dev/ci.sh lint-strict
To run the incremental strict gate (changed Rust lines only):
./dev/ci.sh lint-delta
./dev/ci.sh lint
./dev/ci.sh lint-delta
./dev/ci.sh test
./dev/ci.sh build
./dev/ci.sh deny
./dev/ci.sh audit
./dev/ci.sh security
./dev/ci.sh docker-smoke
# Optional host-side docs gate (changed-line markdown lint)
./scripts/ci/docs_quality_gate.sh
# Optional host-side docs links gate (changed-line added links)
./scripts/ci/docs_links_gate.sh
Note: local deny focuses on license/source policy; advisory scanning is handled by audit.
./dev/ci.sh shell
./dev/cli.sh ci
./dev/cli.sh ci lint
zeroclaw-local-ci container./workspace; no host Rust toolchain is required./ci-target (not your host target/).Dockerfile and dev/ci/Dockerfile use BuildKit cache mounts for Cargo registry/git data.Dockerfile also caches Rust target/ (id=zeroclaw-target) to speed repeat local image builds../dev/ci.sh docker-smoke and ./dev/ci.sh all now use docker buildx local cache at .cache/buildx-smoke when available.rust:1.92-slim and installs pinned toolchain 1.92.0 (no custom CARGO_HOME/RUSTUP_HOME overrides), preventing repeated toolchain bootstrapping on each run.