Persist OPENCLAW_HMAC_SECRET to data/openclaw.env so empty Docker env vars no longer block auth after UI bootstrap. Add verify_hmac.py, silence Rust warnings (#423), and document Docker signing (#424).
Co-authored-by: Cursor <cursoragent@cursor.com>
The MLS gate encryption system requires libprivacy_core.so — a Rust
shared library that was only compiled locally on the dev machine.
Docker users got "active gate identity is not mapped into the MLS
group" because the library was never built or included in the image.
Add a multi-stage Docker build:
- Stage 1: rust:1.87-slim-bookworm compiles privacy-core to .so
- Stage 2: copies libprivacy_core.so into the Python backend image
- Set PRIVACY_CORE_LIB env var so Python finds the library
Also track the privacy-core Rust source (Cargo.toml, Cargo.lock,
src/lib.rs) in git — they were previously untracked, which is why
the Docker build never had access to them.
Add root .dockerignore to exclude build caches and large directories
from the Docker build context.