fix: make Compose mode work end-to-end on Mac

[michaelzwang13]

Surfaced while smoke-testing the Phase C autonomous PR-watcher (#9 / PR #29). The watcher correctly identified unreviewed PRs every tick and timed out on dispatch — because `start-mac.sh` runs uvicorn natively, and Docker Desktop on Mac blocks the host from reaching container bridge IPs.

The documented escape hatch is Compose mode (`backend/docker compose up`), which puts the platform on the same bridge network as the agent containers. Three things were broken along that path:

Fixes

1. `backend/docker-compose.yml` — network ownership.
The compose file declared the `openclaw-agents` network without `external: true`, so Compose tried to own a network that the orchestrator's Docker SDK is also writing to (spawning agents onto it). Marking it external means Compose attaches instead of owning — won't create or destroy, no label-mismatch warnings.

2. `backend/pyproject.toml` — missing `anthropic` dep.
`backend/app/routers/chat.py` imports `anthropic`. The native venv masked this because `start-mac.sh` explicitly `pip install`s it (lines 112, 117). The Docker image installs from `pyproject.toml` only, so it crashed on startup with `ModuleNotFoundError`. Added `anthropic>=0.40.0`.

3. `start-mac-compose.sh` — new launcher for Compose mode.
Mirrors `start-mac.sh` (preflight, agent image build, network create, frontend launch, cleanup trap) but starts the platform via `docker compose up -d --build` instead of native uvicorn. Cleanup runs `docker compose down`.

When to use which script

Script	Platform mode	Trade-off
`start-mac.sh`	Native uvicorn `--reload`	Fast inner-loop iteration. Cannot dispatch on Mac.
`start-mac-compose.sh`	Docker Compose	No `--reload`, code changes need rebuild. Dispatch actually works. Use for full end-to-end.

`start-mac.sh` stays as the default for development; reach for `start-mac-compose.sh` when exercising the hire → subscribe → dispatch → review loop.

Smoke

Verified end-to-end after this PR: `./start-mac-compose.sh` brings up the stack, hire a Code Review Engineer, subscribe to a repo, wait one tick, and the agent posts a real review on a real PR via the gateway. (Smoke confirmed: PR comment was posted to `#29` by the watcher loop.)

Test plan

• `./start-mac-compose.sh` brings up backend + frontend cleanly
• No label-mismatch warning on the network
• Platform container starts (no `anthropic` import error)
• Hire → subscribe → wait 120s → review posted on GitHub
• (Not in scope) `start-mac.sh` still works for native iteration — unchanged

Out of scope

• The offboard-leaves-watched_repos cleanup gap surfaced during testing (separate issue).
• Bringing `LOCAL_SETUP.md` fully up to date with the new script (folds into AWS deployment via CDK #11's broader docs refresh).

🤖 Generated with Claude Code

[michaelzwang13]

LGTM! This is a well-structured fix that addresses a real Mac-specific networking issue with Docker Desktop.

Highlights:

• The external: true change for the Docker network is the right call to avoid ownership conflicts between Compose and the orchestrator's Docker SDK calls.
• Adding the missing anthropic dependency to pyproject.toml fixes a legitimate gap between native and containerized installs.
• The new start-mac-compose.sh script is comprehensive with good preflight checks, health polling, and cleanup handling.

Minor suggestions (non-blocking):

• Consider adding a --wait flag to docker compose up in the future to rely on Compose's native health checking instead of the manual curl loop.
• The script could benefit from a DOCKER_DEFAULT_PLATFORM=linux/arm64 export for Apple Silicon users who might have Rosetta issues with multi-arch images.

Test plan looks solid and the smoke test verification gives confidence. Code looks ready to merge.