fix(sandbox): pull pre-built image from GHCR instead of plain debian:bookworm-slim

Fixes a regression where 'openclaw-sandbox:bookworm-slim' was created by
pulling debian:bookworm-slim (which has no python3), causing file write/edit
tools to fail with 'python3: not found' inside the sandbox container.

Before: always pulled debian:bookworm-slim (no python3)
After:  tries ghcr.io/openclaw/openclaw:main-slim-amd64 first (has python3),
        falls back to building locally from Dockerfile.sandbox if needed.

Fixes openclaw/openclaw#51099

src/agents/sandbox/docker.ts

@@ -261,9 +261,19 @@ export async function ensureDockerImage(image: string) {
     return;
   }
   if (image === DEFAULT_SANDBOX_IMAGE) {
-    await execDocker(["pull", "debian:bookworm-slim"]);
-    await execDocker(["tag", "debian:bookworm-slim", DEFAULT_SANDBOX_IMAGE]);
-    return;
+    // Prefer the pre-built image from GitHub Container Registry (contains python3 + tools).
+    // Falls back to building locally from Dockerfile.sandbox if the registry pull fails.
+    const registryImage = "ghcr.io/openclaw/openclaw:main-slim-amd64";
+    try {
+      await execDocker(["pull", registryImage]);
+      await execDocker(["tag", registryImage, DEFAULT_SANDBOX_IMAGE]);
+      return;
+    } catch {
+      // Registry pull failed; build locally from the included Dockerfile.sandbox
+      const dockerfilePath = process.cwd() + "/Dockerfile.sandbox";
+      await execDocker(["build", "-t", DEFAULT_SANDBOX_IMAGE, "-f", dockerfilePath, "."]);
+      return;
+    }
   }
   throw new Error(`Sandbox image not found: ${image}. Build or pull it first.`);
 }