chore: derive Ruby and Bundler versions from repo

.openclaw/skills/sure-openclaw-build-bootstrap/SKILL.md

@@ -51,10 +51,12 @@ If the audit reports `stop-and-free-disk-space`, do that before the next bootstr
 
 Preferred path on the reference host:
 
+- read `.ruby-version` from the repo and use that exact Ruby version
+- read `Gemfile.lock` and use the exact `BUNDLED WITH` version
 - install `rbenv` and `ruby-build` from apt
-- update the `ruby-build` plugin inside `/root/.rbenv/plugins/ruby-build` because Debian Bookworm's packaged definitions are too old for Ruby `3.4.7`
-- install Ruby `3.4.7` with `rbenv`
-- install Bundler `2.6.7` with `gem`
+- update the `ruby-build` plugin inside `/root/.rbenv/plugins/ruby-build` because Debian Bookworm's packaged definitions may be too old for the repo-required Ruby
+- install the repo-required Ruby with `rbenv`
+- install the lockfile-compatible Bundler with `gem`
 
 Install missing Ruby build helpers:
 
@@ -63,9 +65,12 @@ apt-get install -y --no-install-recommends \
   rbenv ruby-build libreadline-dev libgdbm-dev libgdbm-compat-dev bison
 ```
 
-Refresh `ruby-build` definitions and install Ruby:
+Refresh `ruby-build` definitions and install Ruby from repo metadata:
 
 ```bash
+RUBY_VERSION="$(tr -d '[:space:]' < .ruby-version)"
+BUNDLER_VERSION="$(awk '/^BUNDLED WITH$/{getline; gsub(/^[[:space:]]+/, ""); print; exit}' Gemfile.lock)"
+
 mkdir -p /root/.rbenv/plugins
 rm -rf /root/.rbenv/plugins/ruby-build
 git clone --depth=1 https://github.com/rbenv/ruby-build.git /root/.rbenv/plugins/ruby-build
@@ -75,20 +80,24 @@ export PATH="$RBENV_ROOT/bin:$RBENV_ROOT/shims:$PATH"
 eval "$(rbenv init -)"
 export RUBY_BUILD_CACHE_PATH=/root/.cache/ruby-build
 
-rbenv install -s 3.4.7
-rbenv global 3.4.7
+rbenv install -s "$RUBY_VERSION"
+rbenv global "$RUBY_VERSION"
 rbenv rehash
 ```
 
 Install the lockfile-compatible Bundler:
 
 ```bash
-gem install bundler -v 2.6.7 --no-document
+gem install bundler -v "$BUNDLER_VERSION" --no-document
 rbenv rehash
 bundle -v
 ```
 
-Important note: the host may still also have Debian's system Ruby on PATH. The audit helper is expected to prefer the `rbenv` Ruby and Bundler when they match repo requirements.
+Important notes:
+
+- never hardcode the Ruby version in the bootstrap flow, always read `.ruby-version`
+- never hardcode the Bundler version in the bootstrap flow, always read `Gemfile.lock`
+- the host may still also have Debian's system Ruby on PATH, so the audit helper is expected to prefer the `rbenv` Ruby and Bundler when they match repo requirements
 
 ## Step 2, install only missing OS packages
 

.openclaw/skills/sure-openclaw-build-bootstrap/references/baseline-environment-audit.md

@@ -78,8 +78,8 @@ At baseline, the environment is incomplete for Rails work:
    - If already virtualized or containerized, prefer a lean in-place bootstrap.
    - If not virtualized, consider the repo devcontainer the default path.
 2. Install only what is missing.
-3. Pin Ruby to `3.4.7`.
-4. Use Bundler `2.6.7` to match the lockfile.
+3. Read Ruby version from `.ruby-version` and install exactly that version.
+4. Read Bundler version from `Gemfile.lock` and install exactly that version.
 5. Prefer PostgreSQL client tooling instead of local PostgreSQL server.
 6. Install Redis locally.
 7. Keep caches and dependency storage under `/root`.
@@ -130,9 +130,11 @@ Installed on the reference host:
 
 Then:
 
-- updated `/root/.rbenv/plugins/ruby-build` to a current upstream release so Ruby `3.4.7` was available
-- installed Ruby `3.4.7` via `rbenv`
-- installed Bundler `2.6.7`
+- read Ruby version from `.ruby-version`
+- read Bundler version from `Gemfile.lock`
+- updated `/root/.rbenv/plugins/ruby-build` to a current upstream release so the repo-required Ruby was available
+- installed the repo-required Ruby via `rbenv`
+- installed the lockfile-compatible Bundler
 
 Re-audit result after install:
 
@@ -140,10 +142,12 @@ Re-audit result after install:
 - Bundler: present, `2.6.7`, detected via `/root/.rbenv/shims/bundle`
 - disk-space gate: still `pass`
 
-Important finding:
+Important findings:
 
 - Debian's system Ruby may still exist on the host and can appear earlier on PATH in bare shells
 - the audit helper must therefore prefer the `rbenv` toolchain when it matches repo requirements
+- the Ruby bootstrap script should never hardcode a version, it should always read `.ruby-version`
+- the Bundler bootstrap script should never hardcode a version, it should always read `Gemfile.lock`
 
 ## Suggested follow-up audit checks after installs
 

.openclaw/skills/sure-openclaw-build-bootstrap/scripts/install_repo_ruby_and_bundler.sh

@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+REPO_DIR="${1:-$(pwd)}"
+cd "$REPO_DIR"
+
+RUBY_VERSION="$(tr -d '[:space:]' < .ruby-version)"
+BUNDLER_VERSION="$(awk '/^BUNDLED WITH$/{getline; gsub(/^[[:space:]]+/, ""); print; exit}' Gemfile.lock)"
+
+if [[ -z "$RUBY_VERSION" ]]; then
+  echo "Failed to read Ruby version from .ruby-version" >&2
+  exit 1
+fi
+
+if [[ -z "$BUNDLER_VERSION" ]]; then
+  echo "Failed to read Bundler version from Gemfile.lock" >&2
+  exit 1
+fi
+
+apt-get install -y --no-install-recommends \
+  rbenv ruby-build libreadline-dev libgdbm-dev libgdbm-compat-dev bison
+
+mkdir -p /root/.rbenv/plugins
+rm -rf /root/.rbenv/plugins/ruby-build
+git clone --depth=1 https://github.com/rbenv/ruby-build.git /root/.rbenv/plugins/ruby-build
+
+export RBENV_ROOT=/root/.rbenv
+export PATH="$RBENV_ROOT/bin:$RBENV_ROOT/shims:$PATH"
+eval "$(rbenv init -)"
+export RUBY_BUILD_CACHE_PATH=/root/.cache/ruby-build
+
+rbenv install -s "$RUBY_VERSION"
+rbenv global "$RUBY_VERSION"
+rbenv rehash
+
+gem install bundler -v "$BUNDLER_VERSION" --no-document
+rbenv rehash
+
+ruby -v
+bundle -v