Skip to content

kMinsAlgorithm/dockctl-control-kit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
docs
docs
 
 
scripts
scripts
 
 
skills/dockctl-ops
skills/dockctl-ops
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
install.sh
install.sh
 
 
uninstall.sh
uninstall.sh
 
 

Repository files navigation

dockctl-control-kit

Allowlisted Docker control kit for OpenClaw + Overleaf on macOS host.

This kit exposes only approved operations (status/start/stop/restart/logs, compose up/down, desktop status) through dockctl, with bridge/proxy mode for containerized OpenClaw.

It is designed to avoid direct docker.sock exposure to the OpenClaw container.

What this repo contains

  • scripts/dockctl.mjs: allowlisted Docker control plane
  • scripts/dockctl: wrapper CLI
  • scripts/dockctl-bridge-server.mjs: localhost HTTP bridge with bearer token auth
  • scripts/setup-dockctl-account2.sh: cross-account artifacts (/Users/Shared) provisioning
  • install.sh: one-shot setup
  • uninstall.sh: remove runtime artifacts
  • skills/dockctl-ops/SKILL.md: OpenClaw skill handover

Prerequisites

  • macOS
  • Docker Desktop installed
  • node, docker, jq, curl, openssl, launchctl

Quick start

git clone <your-repo-url> dockctl-control-kit
cd dockctl-control-kit
chmod +x install.sh uninstall.sh scripts/*.sh scripts/dockctl

./install.sh \
  --openclaw-compose "$HOME/Autonomous_Tool/openclaw/docker-compose.yml" \
  --overleaf-compose "$HOME/Autonomous_Tool/overleaf/docker-compose.yml"

Optional cross-account mode (account2 -> account1 Docker):

./install.sh \
  --openclaw-compose "$HOME/Autonomous_Tool/openclaw/docker-compose.yml" \
  --overleaf-compose "$HOME/Autonomous_Tool/overleaf/docker-compose.yml" \
  --enable-account2

After install

Installed paths:

  • ~/.openclaw/dockctl/bin/dockctl
  • ~/.openclaw/dockctl/bin/dockctl-bridge-server.mjs
  • ~/.openclaw/workspace/bin/dockctl-proxy
  • LaunchAgent: ~/Library/LaunchAgents/com.${USER}.dockctl.bridge.plist (default label)

Quick checks:

~/.openclaw/dockctl/bin/dockctl status | jq .
~/.openclaw/workspace/bin/dockctl-proxy service-status openclaw | jq .
~/.openclaw/workspace/bin/dockctl-proxy service-status overleaf | jq .

Cross-account checks:

/Users/Shared/openclaw-dockctl/dockctl-proxy-account2 service-status openclaw | jq .
/Users/Shared/openclaw-dockctl/dockctl-proxy-account2 service-status overleaf | jq .

OpenClaw allowlist

Containerized gateway mode:

openclaw approvals allowlist add --agent main "/home/node/.openclaw/workspace/bin/dockctl-proxy"

Cross-account shared proxy mode:

openclaw approvals allowlist add --agent main "/Users/Shared/openclaw-dockctl/dockctl-proxy-account2"

Security notes

  • No raw docker passthrough.
  • No arbitrary compose file CLI input.
  • No docker.sock mount required in OpenClaw container.
  • Bearer token + allowlisted actions only.
  • Audit log: ~/.openclaw/dockctl/audit.log.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages