feat: add Dockerfile for production deployment

[rhlsthrm]

Summary

Adds a multi-stage Dockerfile for containerized production deployments of Claw3D.

Motivation

Running Claw3D alongside other Docker services (e.g., on a server that already runs OpenClaw + supporting infrastructure via docker-compose) is much easier with a Dockerfile. Currently users must install Node.js on the host and run npm run dev or npm run build && npm start directly.

Details

Three-stage build for minimal image size:

1. deps — npm ci with lock file for reproducible installs
2. builder — Next.js production build
3. runner — only the built app, public assets, custom server, and node_modules

Supports runtime gateway configuration via CLAW3D_GATEWAY_URL env var without requiring a rebuild. Default port is 3000, configurable via PORT env var.

Example docker-compose usage

claw3d:
  build: ./claw3d
  network_mode: host
  environment:
    - PORT=3000
    - CLAW3D_GATEWAY_URL=ws://127.0.0.1:18789
    - CLAW3D_GATEWAY_TOKEN=${OPENCLAW_GATEWAY_TOKEN}
  restart: unless-stopped

Test plan

• docker build -t claw3d . succeeds
• docker run -e CLAW3D_GATEWAY_URL=ws://localhost:18789 -p 3000:3000 claw3d starts and serves UI
• WebSocket proxy to gateway works from container

---

Note

Low Risk
Low risk because it only adds container packaging/build configuration and does not change runtime application logic. Primary risk is build/startup mismatches in the container (missing files/env defaults).

Overview
Adds a new Dockerfile that enables containerized production deployments via a three-stage build (deps → builder → runner).

The image builds the Next.js app with telemetry disabled and a default NEXT_PUBLIC_GATEWAY_URL, then runs the existing custom server via node server/index.js on port 3000.

^{Written by Cursor Bugbot for commit cd660d4. This will update automatically on new commits. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

[cursor]

Missing .dockerignore lets COPY . . overwrite clean deps

High Severity

There is no .dockerignore file in the repository. The COPY . . in the builder stage runs after COPY --from=deps /app/node_modules ./node_modules, so if a node_modules/ directory exists on the build host, it overwrites the clean, reproducible install from the deps stage. This defeats the purpose of the multi-stage build and npm ci. It also sends the entire repository (including .git/, test files, .env files with potential secrets) into the build context and image layers.

 

[cursor]

Production image includes all devDependencies unnecessarily

Medium Severity

The deps stage runs npm ci --ignore-scripts without --omit=dev, so devDependencies (Playwright, jsdom, Vitest, ESLint, etc.) are installed. These flow through the builder stage into the runner stage via the node_modules copy. This contradicts the stated goal of "minimal image size" from the three-stage build and adds significant bloat plus unnecessary attack surface to the production image.

Additional Locations (1)

• Dockerfile#L26-L27