Merge upstream/main to sync with kernel/kernel-images

Resolved conflicts keeping both Reclaim-specific features and upstream improvements:

- config.go: Kept TEE configuration (TEEKUrl, TEETUrl, AttestorUrl)
- openapi.yaml: Kept /reclaim/prove endpoint and ReclaimProve* schemas
- go.mod: Kept all Reclaim TEE dependencies and updated to latest versions
- log.ts: Kept OpenTelemetry logging wrapper around base loggers
- proxy.go: Adopted upstream's improved CDP reconnection logic with dialUpstreamWithRetry
- Dockerfiles: Hybrid approach - auto-detect ChromeDriver version with override option

Key upstream improvements integrated:
- CDP proxy reconnection on Chromium restart (kernel#189, kernel#191)
- Improved fonts support (kernel#165)
- Better error handling in devtools proxy
- Updated dependency versions

All conflicts resolved, go.sum regenerated, oapi.go regenerated.

Author: AbdulRashidReshamwala

images/chromium-headful/Dockerfile

@@ -204,13 +204,42 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=$CACHEIDPREFIX-ap
     wget \
     xdg-utils \
     libvulkan1 \
+    fontconfig \
+    unzip && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
+
+# Install fonts to match a realistic Ubuntu 22.04 desktop fingerprint.
+# A minimal container has only 3 fonts, which is a strong fingerprinting signal
+# used by reCAPTCHA Enterprise and other bot detection vendors.
+RUN apt-get update && \
+    apt-get --no-install-recommends -y install \
     fonts-liberation \
+    fonts-liberation2 \
     fonts-noto-cjk \
     fonts-noto-color-emoji \
+    fonts-noto-core \
     fonts-nanum \
-    fontconfig \
-    unzip && \
-    fc-cache -f
+    fonts-dejavu-core \
+    fonts-dejavu-extra \
+    fonts-freefont-ttf \
+    fonts-ubuntu \
+    fonts-opensymbol \
+    fonts-roboto \
+    fonts-croscore \
+    fonts-smc-chilanka \
+    fonts-hosny-amiri \
+    fonts-indic \
+    fonts-kacst \
+    fonts-khmeros-core \
+    fonts-lao \
+    fonts-lklug-sinhala \
+    fonts-sil-abyssinica \
+    fonts-sil-padauk \
+    fonts-thai-tlwg \
+    fonts-tibetan-machine \
+    fonts-droid-fallback && \
+    fc-cache -f && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
 
 # install ffmpeg manually since the version available in apt is from the 4.x branch due to #drama.
 COPY --from=ffmpeg-downloader /usr/local/bin/ffmpeg /usr/local/bin/ffmpeg
@@ -262,9 +291,14 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=$CACHEIDPREFIX-ap
     apt --no-install-recommends -y install sqlite3;
 
 # Install ChromeDriver matching the installed Chromium version
+# Chromedriver and Chromium are not necessarily the same version, but we try to match them.
+# Override with --build-arg CHROMEDRIVER_VERSION=x.x.x.x if needed.
+ARG CHROMEDRIVER_VERSION=
 RUN set -eux; \
-    CHROMIUM_VERSION=$(chromium --version | awk '{print $2}'); \
-    curl -fsSL "https://storage.googleapis.com/chrome-for-testing-public/${CHROMIUM_VERSION}/linux64/chromedriver-linux64.zip" -o /tmp/cd.zip; \
+    if [ -z "$CHROMEDRIVER_VERSION" ]; then \
+        CHROMEDRIVER_VERSION=$(chromium --version | awk '{print $2}'); \
+    fi; \
+    curl -fsSL "https://storage.googleapis.com/chrome-for-testing-public/${CHROMEDRIVER_VERSION}/linux64/chromedriver-linux64.zip" -o /tmp/cd.zip; \
     unzip /tmp/cd.zip -d /tmp; \
     mv /tmp/chromedriver-linux64/chromedriver /usr/local/bin/chromedriver; \
     chmod +x /usr/local/bin/chromedriver; \

images/chromium-headless/image/Dockerfile

@@ -157,9 +157,14 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=$CACHEIDPREFIX-ap
     apt-get --no-install-recommends -y install sqlite3 unzip;
 
 # Install ChromeDriver matching the installed Chromium version
+# Chromedriver and Chromium are not necessarily the same version, but we try to match them.
+# Override with --build-arg CHROMEDRIVER_VERSION=x.x.x.x if needed.
+ARG CHROMEDRIVER_VERSION=
 RUN set -eux; \
-    CHROMIUM_VERSION=$(chromium --version | awk '{print $2}'); \
-    curl -fsSL "https://storage.googleapis.com/chrome-for-testing-public/${CHROMIUM_VERSION}/linux64/chromedriver-linux64.zip" -o /tmp/cd.zip; \
+    if [ -z "$CHROMEDRIVER_VERSION" ]; then \
+        CHROMEDRIVER_VERSION=$(chromium --version | awk '{print $2}'); \
+    fi; \
+    curl -fsSL "https://storage.googleapis.com/chrome-for-testing-public/${CHROMEDRIVER_VERSION}/linux64/chromedriver-linux64.zip" -o /tmp/cd.zip; \
     unzip /tmp/cd.zip -d /tmp; \
     mv /tmp/chromedriver-linux64/chromedriver /usr/local/bin/chromedriver; \
     chmod +x /usr/local/bin/chromedriver; \

server/Makefile

@@ -19,7 +19,7 @@ $(OAPI_CODEGEN): | $(BIN_DIR)
 # 2. Run oapi-codegen with our config
 # 3. go mod tidy to pull deps
 oapi-generate: $(OAPI_CODEGEN)
-	pnpm i -g @apiture/openapi-down-convert
+	npm i -g @apiture/openapi-down-convert
 	openapi-down-convert --input openapi.yaml --output openapi-3.0.yaml
 	$(OAPI_CODEGEN) -config ./oapi-codegen.yaml ./openapi-3.0.yaml
 	@echo "Fixing oapi-codegen issue https://github.com/oapi-codegen/oapi-codegen/issues/1764..."