fix(sandbox): resolve gateway from persisted sandbox entry

[laitingsheng]

Summary

Selected sandbox-scoped lifecycle and recovery paths now resolve the OpenShell gateway from the sandbox's persisted registry entry instead of the hardcoded nemoclaw literal. A sandbox onboarded with a non-default NEMOCLAW_GATEWAY_PORT is registered against nemoclaw-<port>; the prior behaviour talked to the wrong gateway and surfaced spurious sandbox has no spec errors.

Destructive operations (destroy, snapshot, gateway cleanup) and gateway-state probes now fail closed when a sandbox's persisted gateway binding is present but invalid, rather than silently rewriting the target to the default gateway. The gateway-name lifecycle regex is anchored on a boundary so nemoclaw-8081 no longer matches Gateway: nemoclaw-80810, and the sandbox-list recovery pipeline accepts a connected_other lifecycle so a foreign-active gateway is selected back to the sandbox's recorded one before recovery gives up.

Multi-instance dashboard-port allocation and the remaining nemoclaw list / parallel-gateway polish are out of scope for this change and tracked separately in follow-up work.

Related Issue

Fixes #4985

Supersedes #4987

Refs #4865, #5359 — the multi-instance routing symptoms surfaced there benefit from the per-port resolution landed here, but their dashboard-port allocation and parallel-routing coverage will land in a follow-up PR.

Changes

• src/lib/onboard/gateway-binding.ts — resolveSandboxGatewayName now fails closed when a persisted gatewayPort or gatewayName is present but invalid (out-of-range, non-integer, out-of-namespace, malformed). The bare BASE_GATEWAY_NAME legacy fallback still applies when both fields are absent. A tampered or corrupted registry row can no longer redirect destroy/snapshot/cleanup to the default gateway.
• src/lib/actions/sandbox/gateway-target.ts — gatewayNamePattern anchors the gateway-name match with a (?=\s|$) lookahead so nemoclaw-8081 does not match Gateway: nemoclaw-80810. Prevents misclassification of a sibling per-port gateway as the sandbox's target.
• src/lib/openshell-sandbox-list.ts — captureSandboxListWithGatewayRecovery adds connected_other to its recoverable-states list so when a best-effort gateway select does not stick, recoverNamedGatewayRuntime can still re-select or start the sandbox's recorded gateway before returning the failed list.
• src/lib/actions/sandbox/{connect,destroy,doctor,snapshot,rebuild}.ts, src/lib/actions/sandbox/{sandbox-gateway-routing,gateway-state}.ts, src/lib/gateway-runtime-action.ts, src/lib/onboard/gateway-recovery.ts — sandbox-scoped command paths and gateway lifecycle/recovery APIs resolve the gateway through resolveSandboxGatewayName/getNamedGatewayLifecycleState(gatewayName)/recoverNamedGatewayRuntime({ gatewayName }) instead of the bare literal. The Docker-driver Linux recovery path now also receives the resolved per-port target so package-managed gateways get the runtime-marker, registration, and bridge-reachability handling. printWrongGatewayActiveGuidance already surfaces the recorded-vs-active gateway diff with a gateway select <recorded> retry hint when the active gateway differs from the sandbox's.
• src/lib/actions/sandbox/gateway-state.ts — after openshell gateway select moves the active gateway off, the missing-sandbox reconciler inspects the post-select lifecycle and returns gateway_missing_after_restart / gateway_unreachable_after_restart so callers emit restart guidance rather than a stale wrong_gateway_active pointing at the now-irrelevant pre-select active gateway.
• src/lib/actions/sandbox/destroy-gateway.ts — cleanupGatewayAfterLastSandbox derives a per-gateway-name Docker-driver state directory and passes it (with the matching pid file) to stopHostGatewayProcesses, so destroying a sandbox bound to nemoclaw-<port> reads its own pid file rather than defaulting to the bare instance's.
• src/lib/actions/sandbox/policy-channel.ts — checkSlackSocketModeGatewayConflict now targets getSandboxTargetGatewayName(sandboxName) (the same gateway the provider mutation runs against) so a second Slack sandbox on a non-default gateway is detected before provider upsert instead of slipping through as a false negative against the default name.
• src/lib/onboard.ts — recovery-target helper cluster extracted to src/lib/onboard/gateway-recovery.ts (startGatewayForRecovery, resolveGatewayRecoveryTarget, etc.) to keep onboard.ts under the codebase-size budget.
• src/lib/onboard/gateway-binding.test.ts — drops the silent-fallback assertions and pins the new fail-closed contract for invalid persisted port/name values. The valid-port-with-invalid-name case still falls through to the port-derived name.
• src/lib/actions/sandbox/{rebuild-gateway-drift,gateway-drift-preflight}.test.ts — fixtures aligned with the four-state recoverable set (now includes connected_other); a new case covers stale-recovery against a sandbox bound to nemoclaw-12345 so the non-default routing path is regression-locked.
• src/lib/actions/sandbox/policy-channel-conflict.test.ts — adds a regression case where two Slack sandboxes share nemoclaw-8090, blocking the second add before provider upsert (a different non-default gateway is still allowed).
• test/cli/destroy-gateway-cleanup.test.ts — adds a Linux-only regression for destroy --cleanup-gateway of nemoclaw-8081, asserting only the per-port pid file is cleared and the default instance's pid file is left untouched.
• test/cli/doctor-gateway-token.test.ts — asserts against the raw call array rather than a joined string so a trailing default-gateway probe is detected instead of false-passing.
• test/e2e/test-double-onboard.sh, test/e2e/test-onboard-repair.sh — phase diagnostics now surface the captured nemoclaw onboard stdout/stderr on failure so a CI regression no longer hides the actual onboard error.

Type of Change

• Code change (feature, bug fix, or refactor)
• Code change with doc updates
• Doc only (prose changes, no code sample modifications)
• Doc only (includes code sample changes)

Verification

• npx prek run --all-files passes
• npm test passes
• Tests added or updated for new or changed behavior
• No secrets, API keys, or credentials committed
• Docs updated for user-facing behavior changes
• npm run docs builds without warnings (doc changes only)
• Doc pages follow the style guide (doc changes only)
• New doc pages include SPDX header and frontmatter (new pages only)

---

Signed-off-by: Tinson Lai tinsonl@nvidia.com

Summary by CodeRabbit

• New Features

  • Per-sandbox gateway assignment, routing and recovery with support for non-default ports

• Bug Fixes

  • Safer gateway teardown and per-gateway destroy behavior
  • Fixed cross-gateway snapshot-restore/delete ordering
  • Exact-match docker volume filtering to avoid prefix collisions

• Improvements

  • More reliable gateway health checks, selection, and clearer CLI/doctor guidance using sandbox-specific gateways

• Tests

  • Expanded coverage for per-sandbox naming, routing, recovery, restore and destroy flows

[copy-pr-bot]

Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually.

Contributors can view more details about this message here.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: cd0667e3-2800-4b3e-8325-641324705876

📥 Commits

Reviewing files that changed from the base of the PR and between 71230da and 36499bd.

📒 Files selected for processing (3)

• src/lib/onboard.ts
• src/lib/onboard/gateway-recovery.test.ts
• src/lib/onboard/gateway-recovery.ts

🚧 Files skipped from review as they are similar to previous changes (3)

• src/lib/onboard.ts
• src/lib/onboard/gateway-recovery.test.ts
• src/lib/onboard/gateway-recovery.ts

---

📝 Walkthrough

Walkthrough

This PR implements sandbox-scoped gateway routing and recovery: canonical gateway name/port binding and resolver, extracted gateway-recovery flow, sandbox-aware routing helpers, wired per-sandbox gateway targeting across actions (connect, doctor, rebuild, snapshot, destroy, policy-channel), tightened docker volume matching, and expanded tests/CLI/e2e diagnostics.

Changes

Sandbox gateway resolution and routing

Layer / File(s)	Summary
Gateway binding contract and target resolution src/lib/onboard/gateway-binding.ts, src/lib/onboard/gateway-binding.test.ts, src/lib/actions/sandbox/gateway-target.ts	SandboxGatewayBinding type and resolveGatewayPortFromName parse and validate NemoClaw gateway names; resolveSandboxGatewayName resolves precedence/fallback using gatewayPort then gatewayName then default; getSandboxTargetGatewayName and gatewayNamePattern provide sandbox-specific lookup and output matching.
Named recovery extraction and onboard refactoring src/lib/onboard/gateway-recovery.ts, src/lib/onboard/gateway-recovery.test.ts, src/lib/onboard.ts, src/lib/gateway-runtime-action.ts, src/lib/openshell-sandbox-list.ts	Recovery logic extracted to gateway-recovery module with typed options/deps; startGatewayForRecovery refactored; getNamedGatewayLifecycleState and recoverNamedGatewayRuntime accept optional gatewayName; captureSandboxListWithGatewayRecovery accepts optional gatewayName and forwards it into recovery options.
Sandbox gateway routing helpers src/lib/actions/sandbox/sandbox-gateway-routing.ts, src/lib/actions/sandbox/sandbox-gateway-routing.test.ts	New module provides probeGatewayMetadataHealth, usesGatewayMetadataProbe, probeGatewayRunning (with container fallback), and selectSandboxGatewayIfRegistered using registry entries to route OpenShell operations per sandbox.
Snapshot orchestration and cross-gateway restore src/lib/actions/sandbox/snapshot.ts, test/snapshot-restore-existing-dest.test.ts	Snapshot resolves sandbox gateway names for container naming and DNS scripts, delegates probing/selection to routing helpers, lists live sandboxes on the selected gateway, and verifies destination presence on its registered gateway for --force restores; tests exercise cross-gateway flows and failure modes.
Action workflows sandbox-scoped gateway targeting src/lib/actions/sandbox/connect.ts, src/lib/actions/sandbox/doctor.ts, src/lib/actions/sandbox/doctor-gateway-fallback.ts, src/lib/actions/sandbox/gateway-state.ts, src/lib/actions/sandbox/rebuild.ts, src/lib/actions/sandbox/status.ts, src/lib/actions/sandbox/policy-channel.ts, src/lib/actions/sandbox/policy-channel-conflict.test.ts, test/cli/doctor-gateway-token.test.ts	Connect, doctor, gateway-state, rebuild, status, and policy-channel actions resolve sandbox-specific gateway names for lifecycle queries, recovery calls, container inspection, remediation hints, and Slack conflict detection; tests verify gatewayName propagation and conflict detection for non-default gateways.
Rebuild targeting and gateway-drift test expansion src/lib/actions/sandbox/rebuild.ts, src/lib/actions/sandbox/rebuild-gateway-drift.test.ts, src/lib/actions/sandbox/rebuild-shields-finally.test.ts	Rebuild computes recordedGateway and uses it for sandbox-list recovery and stale-sandbox lifecycle validation; tests updated to assert gatewayName propagation and expanded recoverableStates including connected_other.
Destroy cleanup and per-gateway teardown src/lib/actions/sandbox/destroy.ts, src/lib/actions/sandbox/destroy-gateway.ts, src/lib/adapters/docker/volume.ts, src/lib/adapters/docker/index.test.ts, test/cli/destroy-gateway-cleanup.test.ts	New destroy-gateway helpers export selectGatewayForSandboxDestroy and cleanupGatewayAfterLastSandbox to implement per-gateway teardown (Linux uses per-gateway PID files, non-Linux uses gateway destroy -g); destroy captures gateway before registry removal; docker volume filtering tightened to exact ${gatewayName}- delimited matching; CLI tests verify gateway selection before sandbox delete and platform-specific teardown commands.
Docker adapters: exact-prefix volume filtering tests src/lib/adapters/docker/volume.ts, src/lib/adapters/docker/index.test.ts	dockerListVolumesByPrefix matches exact prefix or dash-delimited suffix only; tests added/updated to assert near-miss and longer-suffix non-matches are excluded.
Test harnesses & e2e diagnostics multiple test/* and src/lib/* test files	Adds/updates test suites for gateway-recovery, runtime, sandbox routing, snapshot restore cross-gateway flows, destroy cleanup CLI, doctor gateway token, Slack conflict case, and adds extra e2e onboard diagnostics and captured-output dumps.

Sequence Diagram

sequenceDiagram
  participant SandboxRegistry as Sandbox Registry
  participant Action as Action (rebuild/snapshot/destroy)
  participant Recover as recoverNamedGatewayRuntime
  participant Recovery as startGatewayForRecovery
  participant OpenShell as openshell CLI
  
  Action->>SandboxRegistry: getSandbox(sandboxName)
  SandboxRegistry-->>Action: entry with gatewayName/gatewayPort
  Action->>Action: recordedGateway = resolveSandboxGatewayName(entry)
  Action->>OpenShell: gateway select recordedGateway
  
  alt Recovery needed
    Action->>Recover: recoverNamedGatewayRuntime({gatewayName: recordedGateway})
    Recover->>OpenShell: gateway info -g recordedGateway
    Recover->>OpenShell: gateway select recordedGateway
    Recover->>Recovery: startGatewayForRecovery({gatewayName: recordedGateway})
    Recovery->>OpenShell: gateway start --name recordedGateway
    Recovery->>OpenShell: gateway select recordedGateway
    Recovery-->>Recover: recovered
    Recover-->>Action: result
  end
  
  Action->>OpenShell: sandbox list
  OpenShell-->>Action: live sandboxes on recordedGateway

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~50 minutes

Possibly related issues

• Nemoclaw onboarding - gateway connection issue #3665 — Matches onboarding/gateway start and recovery code paths touched by this PR.

Possibly related PRs

• NVIDIA/NemoClaw#5039: Overlap with Slack Socket Mode gateway conflict logic and policy-channel changes.
• NVIDIA/NemoClaw#4106: Related captureSandboxListWithGatewayRecovery / recovery-before-retry wrapper changes.
• NVIDIA/NemoClaw#5034: Related rebuild gateway-specific reconciliation changes.

Suggested reviewers

• cv

"I hop through sandboxes with a cheerful spin,
Naming gateways tidy from outside to within.
Ports and names aligned, tests pass in sight,
Recovery boots up by morning light,
Hop-hop hooray — rabbit code delight!"

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 38.46% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and clearly summarizes the main change: resolving gateway names from persisted sandbox entries instead of using hardcoded values.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/3053-nemoclaw-instance-identity

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

E2E Advisor Recommendation

Required E2E: None
Optional E2E: None

Workflow run

Full advisor summary

E2E Recommendation Advisor

Failed: Could not parse JSON from advisor output; see /home/runner/work/NemoClaw/NemoClaw/artifacts/e2e-advisor/e2e-advisor-raw-output.txt

[github-actions]

Vitest E2E Scenario Recommendation

Required Vitest E2E scenarios: None
Optional Vitest E2E scenarios: None

Workflow run

Full Vitest E2E advisor summary

Vitest E2E Scenario Advisor

Failed: Could not parse JSON from advisor output; see /home/runner/work/NemoClaw/NemoClaw/artifacts/e2e-advisor/e2e-scenario-advisor-raw-output.txt

[github-actions]

PR Review Advisor

Findings: 0 needs attention, 1 worth checking, 0 nice ideas
Top item: PR review advisor unavailable

Review findings

🛠️ Needs attention

• None.

🔎 Worth checking

• PR review advisor unavailable: The automated advisor could not complete: Could not parse JSON from PR review advisor output; see /home/runner/work/NemoClaw/NemoClaw/artifacts/pr-review-advisor/pr-review-advisor-raw-output.txt
  • Recommendation: Re-run the PR Review Advisor or perform a manual review.
  • Evidence: Could not parse JSON from PR review advisor output; see /home/runner/work/NemoClaw/NemoClaw/artifacts/pr-review-advisor/pr-review-advisor-raw-output.txt

🌱 Nice ideas

• None.

Consider writing more tests for

• **Runtime validation** — Add or identify targeted runtime/integration validation for the changed behavior; do not report external E2E job pass/fail here.. Runtime/sandbox/infrastructure paths need behavioral runtime validation: src/lib/actions/sandbox/connect.ts, src/lib/actions/sandbox/destroy-gateway.ts, src/lib/actions/sandbox/destroy.ts, src/lib/actions/sandbox/doctor-gateway-fallback.ts, src/lib/actions/sandbox/doctor.ts, src/lib/actions/sandbox/gateway-state.ts, src/lib/actions/sandbox/gateway-target.ts, src/lib/actions/sandbox/policy-channel.ts.

Workflow run details

This is an automated advisory review. A human maintainer must make the final merge decision.

[coderabbitai]

🧹 Nitpick comments (1)

docs/reference/commands.mdx (1)

1826-1826: ⚡ Quick win

Use active voice for the follow-up scope sentence.

The final clause uses passive voice (“is tracked separately as follow-up”). Rewrite it in active voice to match the docs style guide.

As per coding guidelines, “Active voice required. Flag passive constructions.”

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/reference/commands.mdx` at line 1826, Rewrite the final clause of the
paragraph about NEMOCLAW_INSTANCE to use active voice: replace the passive
phrase "is tracked separately as follow-up" with an active construction that
names the actor and action (for example, "we track full per-instance segregation
of registry, snapshots, and messaging separately as a follow-up" or "The team
will track full per-instance segregation of registry, snapshots, and messaging
in a separate follow-up"). Update the sentence that mentions NEMOCLAW_INSTANCE
and NEMOCLAW_GATEWAY_PORT so the new clause clearly and actively states who will
track the follow-up work.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@docs/reference/commands.mdx`:
- Line 1826: Rewrite the final clause of the paragraph about NEMOCLAW_INSTANCE
to use active voice: replace the passive phrase "is tracked separately as
follow-up" with an active construction that names the actor and action (for
example, "we track full per-instance segregation of registry, snapshots, and
messaging separately as a follow-up" or "The team will track full per-instance
segregation of registry, snapshots, and messaging in a separate follow-up").
Update the sentence that mentions NEMOCLAW_INSTANCE and NEMOCLAW_GATEWAY_PORT so
the new clause clearly and actively states who will track the follow-up work.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: a45332e8-9d50-4c2a-a755-5251538ff5ae

📥 Commits

Reviewing files that changed from the base of the PR and between 6622476 and 8c2a1bb.

📒 Files selected for processing (9)

• docs/reference/commands.mdx
• src/lib/core/instance.test.ts
• src/lib/core/instance.ts
• src/lib/credentials/store.ts
• src/lib/onboard/gateway-binding.test.ts
• src/lib/onboard/gateway-binding.ts
• src/lib/state/paths.test.ts
• src/lib/state/paths.ts
• src/lib/state/sandbox.ts

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 27349948619
Target ref: 8c2a1bb681a81073f946779db4456d9ec0999042
Workflow ref: main
Requested jobs: cloud-onboard-e2e,concurrent-gateway-ports-e2e,credential-migration-e2e,snapshot-commands-e2e
Summary: 2 passed, 2 failed, 0 skipped

Job	Result
cloud-onboard-e2e	✅ success
concurrent-gateway-ports-e2e	✅ success
credential-migration-e2e	❌ failure
snapshot-commands-e2e	❌ failure

Failed jobs: credential-migration-e2e, snapshot-commands-e2e. Check run artifacts for logs.

[github-actions]

🌿 Preview your docs: https://nvidia-preview-pr-5225.docs.buildwithfern.com/nemoclaw

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/lib/onboard/gateway-binding.test.ts`:
- Around line 150-152: The test hardcodes POSIX paths causing Windows failures;
update the assertions that call resolveNemoclawHomeDir to build the expected
path with Node's path.join instead of string interpolation. Replace the two
occurrences (the expect around resolveNemoclawHomeDir("/tmp/fixture", resolved)
and the similar expect at lines ~160–162) to use path.join("/tmp/fixture",
BASE_NEMOCLAW_HOME_DIR_NAME) (or the appropriate fixture base) so the test uses
the OS-specific separator; import path at the top of the test file if not
already present.
- Around line 132-138: beforeEach/afterEach currently unconditionally delete
process.env[ENV_KEY]; instead save the prior value and restore it after the
test: introduce a scoped variable (e.g. let previousEnvValue) in the test file,
set previousEnvValue = process.env[ENV_KEY] in beforeEach then delete
process.env[ENV_KEY], and in afterEach restore by doing if (previousEnvValue ===
undefined) delete process.env[ENV_KEY]; else process.env[ENV_KEY] =
previousEnvValue; clear previousEnvValue afterwards. This uses the existing
ENV_KEY, beforeEach and afterEach identifiers to locate where to implement the
change.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 30ec6adb-3507-473c-abf3-462db20798c5

📥 Commits

Reviewing files that changed from the base of the PR and between 0092c8e and 29e29c8.

📒 Files selected for processing (4)

• docs/reference/commands-nemohermes.mdx
• docs/reference/commands.mdx
• src/lib/core/instance.ts
• src/lib/onboard/gateway-binding.test.ts

✅ Files skipped from review due to trivial changes (2)

• docs/reference/commands-nemohermes.mdx
• docs/reference/commands.mdx

🚧 Files skipped from review as they are similar to previous changes (1)

• src/lib/core/instance.ts

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 27351861469
Target ref: 0092c8e029b780776e05480c045c0216ec5c6b91
Workflow ref: main
Requested jobs: concurrent-gateway-ports-e2e,credential-migration-e2e,state-backup-restore-e2e
Summary: 0 passed, 2 failed, 0 skipped

Job	Result
concurrent-gateway-ports-e2e	⚠️ cancelled
credential-migration-e2e	❌ failure
state-backup-restore-e2e	❌ failure

Failed jobs: credential-migration-e2e, state-backup-restore-e2e. Check run artifacts for logs.

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 27352263020
Target ref: 29e29c85016de69cbdc4f44b7039699262e4d6a4
Workflow ref: main
Requested jobs: concurrent-gateway-ports-e2e,credential-migration-e2e,state-backup-restore-e2e
Summary: 1 passed, 2 failed, 0 skipped

Job	Result
concurrent-gateway-ports-e2e	❌ failure
credential-migration-e2e	✅ success
state-backup-restore-e2e	❌ failure

Failed jobs: concurrent-gateway-ports-e2e, state-backup-restore-e2e. Check run artifacts for logs.

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 27353038603
Target ref: d9944e87aa7fe3ffc0886e1dc86d846443ab2dab
Workflow ref: main
Requested jobs: concurrent-gateway-ports-e2e,cloud-onboard-e2e,credential-migration-e2e,rebuild-openclaw-e2e,cron-preflight-inference-local-e2e
Summary: 1 passed, 4 failed, 0 skipped

Job	Result
cloud-onboard-e2e	❌ failure
concurrent-gateway-ports-e2e	❌ failure
credential-migration-e2e	❌ failure
cron-preflight-inference-local-e2e	❌ failure
rebuild-openclaw-e2e	✅ success

Failed jobs: cloud-onboard-e2e, concurrent-gateway-ports-e2e, credential-migration-e2e, cron-preflight-inference-local-e2e. Check run artifacts for logs.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (4)

docs/reference/commands-nemohermes.mdx (2)

1584-1584: ⚡ Quick win

Split sentences per line and reduce em-dash density in this paragraph.

Line 1584 contains multiple sentences on one source line, and Line 1586 uses multiple em dashes in one paragraph. LLM pattern detected.

As per coding guidelines, docs require one sentence per line and flag excessive em dashes per paragraph.

Also applies to: 1586-1586

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/reference/commands-nemohermes.mdx` at line 1584, Split the long
paragraph into one sentence per source line and reduce em-dash usage: break the
combined sentence about the default instance identity into separate lines
(mentioning NEMOCLAW_INSTANCE, NemoClaw, the state root path ~/.nemoclaw, and
the OpenShell gateway name separately), and rephrase the sentence that uses
multiple em dashes to use commas or parentheses instead (the part describing
nemo‑claw gateway naming with NEMOCLAW_GATEWAY_PORT and the implicit port-suffix
identity). Ensure each logical sentence (default behavior, behavior when
NEMOCLAW_INSTANCE is unset/empty/default, gateway naming, and port-suffix
fallback) is on its own line and em-dashes are replaced with simpler
punctuation.

Source: Coding guidelines

---

1117-1117: ⚡ Quick win

Use active voice for the snapshot storage sentence.

Line 1117 uses passive voice (“Snapshots are stored ...”). Please rewrite it in active voice.

As per coding guidelines, documentation must use active voice.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/reference/commands-nemohermes.mdx` at line 1117, Rewrite the passive
sentence starting with "Snapshots are stored in
`~/.nemoclaw/rebuild-backups/<name>/` ..." into active voice; for example,
change it to something like "Nemoclaw stores snapshots in
`~/.nemoclaw/rebuild-backups/<name>/` for the default instance, or in
`~/.nemoclaw-<instance>/rebuild-backups/<name>/` when the NEMOCLAW_INSTANCE
environment variable is set to a non-default value." Ensure the sentence
replaces the passive phrasing and keeps the same paths and condition.

Source: Coding guidelines

docs/reference/commands.mdx (2)

1820-1820: ⚡ Quick win

Split sentences in table cell and clarify default value.

The description cell contains two sentences on one line, which violates the style guide requirement for one sentence per line.
Additionally, "historical default" is unclear; consider using a concrete value or "nemoclaw" (as indicated by the implementation).

Suggested revision

-| `NEMOCLAW_INSTANCE` | _historical default_ | NemoClaw instance identity for multi-instance hosts. Scopes the state root (`~/.nemoclaw` for the default instance, `~/.nemoclaw-<instance>` otherwise) and the OpenShell gateway name so two instances on the same host stay segregated. |
+| `NEMOCLAW_INSTANCE` | nemoclaw | NemoClaw instance identity for multi-instance hosts. |

Then add the detailed scoping behavior in a paragraph below the table where multi-sentence explanations fit naturally.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/reference/commands.mdx` at line 1820, Split the table cell into two
lines: first state the default value plainly (e.g., "Default: nemoclaw") and
second give a short one-line purpose like "NemoClaw instance identity for
multi-instance hosts." Then remove the multi-sentence scoping details from the
cell and add a brief paragraph below the table that explains the scoping
behavior (how the state root is ~/.nemoclaw for the default instance and
~/.nemoclaw-<instance> otherwise, and how it affects the OpenShell gateway name)
so the table follows the one-sentence-per-line style; update the
`NEMOCLAW_INSTANCE` cell accordingly.

Source: Coding guidelines

---

1343-1343: ⚡ Quick win

Use active voice instead of passive.

"Snapshots are stored" is passive voice.
Per coding guidelines, documentation should use active voice.

Suggested revision

-Snapshots are stored in `~/.nemoclaw/rebuild-backups/<name>/` for the default instance, or `~/.nemoclaw-<instance>/rebuild-backups/<name>/` when `NEMOCLAW_INSTANCE` is set to a non-default value.
+NemoClaw stores snapshots in `~/.nemoclaw/rebuild-backups/<name>/` for the default instance, or `~/.nemoclaw-<instance>/rebuild-backups/<name>/` when you set `NEMOCLAW_INSTANCE` to a non-default value.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/reference/commands.mdx` at line 1343, Edit the sentence "Snapshots are
stored in `~/.nemoclaw/rebuild-backups/<name>/` for the default instance, or
`~/.nemoclaw-<instance>/rebuild-backups/<name>/` when `NEMOCLAW_INSTANCE` is set
to a non-default value." to use active voice; for example change it to "Nemoclaw
stores snapshots in ~/.nemoclaw/rebuild-backups/<name>/ for the default
instance, or ~/.nemoclaw-<instance>/rebuild-backups/<name>/ when
NEMOCLAW_INSTANCE is set to a non-default value." ensuring punctuation and
backtick formatting remain consistent with surrounding docs.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/reference/commands.mdx`:
- Around line 1826-1831: Reflow the paragraph so each sentence is on its own
line, remove colons used to join clauses and replace them with full stops or
rephrased clauses, and eliminate excessive em dashes by using parentheses or
commas; specifically update the sentences that reference NEMOCLAW_INSTANCE, the
hyphen-segment rule (mentioning NEMOCLAW_GATEWAY_PORT collision), the paragraph
about the default instance identity and state root (~/.nemoclaw) and gateway
naming, and the paragraph describing how setting NEMOCLAW_INSTANCE before
`$$nemoclaw onboard` routes home/credentials/rebuild backups/local inference
adapter state (including Ollama auth-proxy token) and gateway binding—also move
the list of modules that still read `~/.nemoclaw` into parentheses or a separate
sentence and end with a sentence noting follow-up PRs will migrate those
surfaces.

---

Nitpick comments:
In `@docs/reference/commands-nemohermes.mdx`:
- Line 1584: Split the long paragraph into one sentence per source line and
reduce em-dash usage: break the combined sentence about the default instance
identity into separate lines (mentioning NEMOCLAW_INSTANCE, NemoClaw, the state
root path ~/.nemoclaw, and the OpenShell gateway name separately), and rephrase
the sentence that uses multiple em dashes to use commas or parentheses instead
(the part describing nemo‑claw gateway naming with NEMOCLAW_GATEWAY_PORT and the
implicit port-suffix identity). Ensure each logical sentence (default behavior,
behavior when NEMOCLAW_INSTANCE is unset/empty/default, gateway naming, and
port-suffix fallback) is on its own line and em-dashes are replaced with simpler
punctuation.
- Line 1117: Rewrite the passive sentence starting with "Snapshots are stored in
`~/.nemoclaw/rebuild-backups/<name>/` ..." into active voice; for example,
change it to something like "Nemoclaw stores snapshots in
`~/.nemoclaw/rebuild-backups/<name>/` for the default instance, or in
`~/.nemoclaw-<instance>/rebuild-backups/<name>/` when the NEMOCLAW_INSTANCE
environment variable is set to a non-default value." Ensure the sentence
replaces the passive phrasing and keeps the same paths and condition.

In `@docs/reference/commands.mdx`:
- Line 1820: Split the table cell into two lines: first state the default value
plainly (e.g., "Default: nemoclaw") and second give a short one-line purpose
like "NemoClaw instance identity for multi-instance hosts." Then remove the
multi-sentence scoping details from the cell and add a brief paragraph below the
table that explains the scoping behavior (how the state root is ~/.nemoclaw for
the default instance and ~/.nemoclaw-<instance> otherwise, and how it affects
the OpenShell gateway name) so the table follows the one-sentence-per-line
style; update the `NEMOCLAW_INSTANCE` cell accordingly.
- Line 1343: Edit the sentence "Snapshots are stored in
`~/.nemoclaw/rebuild-backups/<name>/` for the default instance, or
`~/.nemoclaw-<instance>/rebuild-backups/<name>/` when `NEMOCLAW_INSTANCE` is set
to a non-default value." to use active voice; for example change it to "Nemoclaw
stores snapshots in ~/.nemoclaw/rebuild-backups/<name>/ for the default
instance, or ~/.nemoclaw-<instance>/rebuild-backups/<name>/ when
NEMOCLAW_INSTANCE is set to a non-default value." ensuring punctuation and
backtick formatting remain consistent with surrounding docs.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 6971dc46-e1ee-4f96-a226-c822ab2bb9ce

📥 Commits

Reviewing files that changed from the base of the PR and between d9944e8 and cc75f2b.

📒 Files selected for processing (10)

• docs/reference/commands-nemohermes.mdx
• docs/reference/commands.mdx
• src/lib/core/instance.test.ts
• src/lib/inference/local-adapter-lifecycle.ts
• src/lib/inference/local.ts
• src/lib/onboard/gateway-binding.test.ts
• src/lib/onboard/gateway-binding.ts
• src/lib/state/paths.test.ts
• src/lib/state/paths.ts
• src/lib/state/sandbox.ts

🚧 Files skipped from review as they are similar to previous changes (6)

• src/lib/state/paths.test.ts
• src/lib/state/paths.ts
• src/lib/state/sandbox.ts
• src/lib/onboard/gateway-binding.ts
• src/lib/core/instance.test.ts
• src/lib/onboard/gateway-binding.test.ts

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 27355266706
Target ref: cc75f2b01cd61040df32a3f56d8302c782cd99f7
Workflow ref: main
Requested jobs: concurrent-gateway-ports-e2e,credential-migration-e2e,snapshot-commands-e2e,gpu-double-onboard-e2e
Summary: 0 passed, 3 failed, 1 skipped

Job	Result
concurrent-gateway-ports-e2e	❌ failure
credential-migration-e2e	❌ failure
gpu-double-onboard-e2e	⏭️ skipped
snapshot-commands-e2e	❌ failure

Failed jobs: concurrent-gateway-ports-e2e, credential-migration-e2e, snapshot-commands-e2e. Check run artifacts for logs.

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 27356811342
Target ref: 7de390b1ed13f0573598a3222067aa215bb544c8
Workflow ref: main
Requested jobs: concurrent-gateway-ports-e2e,credential-migration-e2e,state-backup-restore-e2e,snapshot-commands-e2e,inference-routing-e2e
Summary: 2 passed, 3 failed, 0 skipped

Job	Result
concurrent-gateway-ports-e2e	❌ failure
credential-migration-e2e	❌ failure
inference-routing-e2e	✅ success
snapshot-commands-e2e	✅ success
state-backup-restore-e2e	❌ failure

Failed jobs: concurrent-gateway-ports-e2e, credential-migration-e2e, state-backup-restore-e2e. Check run artifacts for logs.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/lib/core/instance-runtime.test.ts`:
- Around line 97-114: The tests currently assert only helper composition
(resolveNemoclawHomeDir / resolveNemoclawStateDir) but must import the
downstream modules that capture those values at module load to validate
call-site capture; after setting process.env.HOME and
process.env.NEMOCLAW_INSTANCE in each test, import the actual modules that close
over the paths (e.g., import the module that exports REBUILD_BACKUPS_DIR from
state/sandbox.ts and import shields/index / shields/audit / shields/timer or
whichever shield modules export STATE_DIR/AUDIT_DIR) and assert those exported
constants equal the expected path (path.join(home, ".nemoclaw-agent-a",
"rebuild-backups") and path.join(home, ".nemoclaw-agent-a", "state")
respectively) so the tests verify runtime capture rather than only helper
composition.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: a50e015d-a779-4372-92f2-1b11b50ff68b

📥 Commits

Reviewing files that changed from the base of the PR and between d9944e8 and 36a351a.

📒 Files selected for processing (12)

• docs/reference/commands-nemohermes.mdx
• docs/reference/commands.mdx
• src/lib/core/instance-runtime.test.ts
• src/lib/core/instance.test.ts
• src/lib/core/instance.ts
• src/lib/inference/local-adapter-lifecycle.ts
• src/lib/inference/local.ts
• src/lib/onboard/gateway-binding.test.ts
• src/lib/onboard/gateway-binding.ts
• src/lib/state/paths.test.ts
• src/lib/state/paths.ts
• src/lib/state/sandbox.ts

✅ Files skipped from review due to trivial changes (2)

• docs/reference/commands.mdx
• docs/reference/commands-nemohermes.mdx

🚧 Files skipped from review as they are similar to previous changes (9)

• src/lib/state/paths.test.ts
• src/lib/inference/local.ts
• src/lib/state/sandbox.ts
• src/lib/inference/local-adapter-lifecycle.ts
• src/lib/core/instance.test.ts
• src/lib/core/instance.ts
• src/lib/onboard/gateway-binding.ts
• src/lib/state/paths.ts
• src/lib/onboard/gateway-binding.test.ts

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 27358369617
Target ref: 36a351a77a7896bfa558499bc95f51538461abea
Workflow ref: main
Requested jobs: concurrent-gateway-ports-e2e,credential-migration-e2e,state-backup-restore-e2e,snapshot-commands-e2e,gpu-double-onboard-e2e
Summary: 2 passed, 2 failed, 1 skipped

Job	Result
concurrent-gateway-ports-e2e	❌ failure
credential-migration-e2e	✅ success
gpu-double-onboard-e2e	⏭️ skipped
snapshot-commands-e2e	❌ failure
state-backup-restore-e2e	✅ success

Failed jobs: concurrent-gateway-ports-e2e, snapshot-commands-e2e. Check run artifacts for logs.

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 27396170990
Target ref: 05b097cd772480a9d9e41915db26c7714e547b18
Workflow ref: main
Requested jobs: sandbox-operations-e2e,snapshot-commands-e2e,diagnostics-e2e,rebuild-openclaw-e2e,double-onboard-e2e,inference-routing-e2e
Summary: 3 passed, 0 failed, 3 cancelled, 0 skipped

Job	Result
diagnostics-e2e	✅ success
double-onboard-e2e	⚠️ cancelled
inference-routing-e2e	✅ success
rebuild-openclaw-e2e	⚠️ cancelled
sandbox-operations-e2e	⚠️ cancelled
snapshot-commands-e2e	✅ success

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 27396548980
Target ref: 506e45ecf1af966130a1267567decdd0411db2ad
Workflow ref: main
Requested jobs: concurrent-gateway-ports-e2e,sandbox-operations-e2e,snapshot-commands-e2e,rebuild-openclaw-e2e,diagnostics-e2e,inference-routing-e2e
Summary: 6 passed, 0 failed, 0 cancelled, 0 skipped

Job	Result
concurrent-gateway-ports-e2e	✅ success
diagnostics-e2e	✅ success
inference-routing-e2e	✅ success
rebuild-openclaw-e2e	✅ success
sandbox-operations-e2e	✅ success
snapshot-commands-e2e	✅ success

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 27403018750
Target ref: 3a4350487c45c0decd8cb32a64ce79fecc2136f6
Workflow ref: main
Requested jobs: concurrent-gateway-ports-e2e,sandbox-operations-e2e,rebuild-openclaw-e2e,snapshot-commands-e2e,diagnostics-e2e,inference-routing-e2e
Summary: 4 passed, 0 failed, 2 cancelled, 0 skipped

Job	Result
concurrent-gateway-ports-e2e	⚠️ cancelled
diagnostics-e2e	✅ success
inference-routing-e2e	✅ success
rebuild-openclaw-e2e	✅ success
sandbox-operations-e2e	⚠️ cancelled
snapshot-commands-e2e	✅ success

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 27403627726
Target ref: a1ce42c2169e9eba420a188cce9356aeebd7a15b
Workflow ref: main
Requested jobs: concurrent-gateway-ports-e2e,sandbox-operations-e2e,rebuild-openclaw-e2e,snapshot-commands-e2e,diagnostics-e2e,inference-routing-e2e,double-onboard-e2e,onboard-repair-e2e
Summary: 6 passed, 2 failed, 0 cancelled, 0 skipped

Job	Result
concurrent-gateway-ports-e2e	✅ success
diagnostics-e2e	✅ success
double-onboard-e2e	❌ failure
inference-routing-e2e	✅ success
onboard-repair-e2e	❌ failure
rebuild-openclaw-e2e	✅ success
sandbox-operations-e2e	✅ success
snapshot-commands-e2e	✅ success

Failed jobs: double-onboard-e2e, onboard-repair-e2e. Check run artifacts for logs.

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 27407973323
Target ref: 507a3a54c35716cb6235af2caa9634e963b3136a
Workflow ref: main
Requested jobs: concurrent-gateway-ports-e2e,sandbox-operations-e2e,double-onboard-e2e,onboard-repair-e2e,diagnostics-e2e,snapshot-commands-e2e,rebuild-openclaw-e2e,channels-add-remove-e2e
Summary: 6 passed, 2 failed, 0 cancelled, 0 skipped

Job	Result
channels-add-remove-e2e	✅ success
concurrent-gateway-ports-e2e	✅ success
diagnostics-e2e	✅ success
double-onboard-e2e	❌ failure
onboard-repair-e2e	❌ failure
rebuild-openclaw-e2e	✅ success
sandbox-operations-e2e	✅ success
snapshot-commands-e2e	✅ success

Failed jobs: double-onboard-e2e, onboard-repair-e2e. Check run artifacts for logs.

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 27440031931
Target ref: bd9e8b8b8d8a13030013675482dc3950a16b3168
Workflow ref: main
Requested jobs: concurrent-gateway-ports-e2e,double-onboard-e2e,onboard-repair-e2e,sandbox-operations-e2e,diagnostics-e2e,inference-routing-e2e,snapshot-commands-e2e
Summary: 1 passed, 6 failed, 0 cancelled, 0 skipped

Job	Result
concurrent-gateway-ports-e2e	❌ failure
diagnostics-e2e	❌ failure
double-onboard-e2e	❌ failure
inference-routing-e2e	❌ failure
onboard-repair-e2e	❌ failure
sandbox-operations-e2e	✅ success
snapshot-commands-e2e	❌ failure

Failed jobs: concurrent-gateway-ports-e2e, diagnostics-e2e, double-onboard-e2e, inference-routing-e2e, onboard-repair-e2e, snapshot-commands-e2e. Check run artifacts for logs.

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 27442417753
Target ref: 4b38352649ee29e9c0ee34e9dd2fe70e34cff167
Workflow ref: main
Requested jobs: concurrent-gateway-ports-e2e,double-onboard-e2e,onboard-repair-e2e,sandbox-operations-e2e,diagnostics-e2e,snapshot-commands-e2e,rebuild-openclaw-e2e,inference-routing-e2e
Summary: 3 passed, 5 failed, 0 cancelled, 0 skipped

Job	Result
concurrent-gateway-ports-e2e	❌ failure
diagnostics-e2e	❌ failure
double-onboard-e2e	❌ failure
inference-routing-e2e	✅ success
onboard-repair-e2e	❌ failure
rebuild-openclaw-e2e	✅ success
sandbox-operations-e2e	✅ success
snapshot-commands-e2e	❌ failure

Failed jobs: concurrent-gateway-ports-e2e, diagnostics-e2e, double-onboard-e2e, onboard-repair-e2e, snapshot-commands-e2e. Check run artifacts for logs.

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 27457295814
Target ref: feat/3053-nemoclaw-instance-identity
Requested jobs: double-onboard-e2e,onboard-repair-e2e,concurrent-gateway-ports-e2e,sandbox-operations-e2e,diagnostics-e2e,snapshot-commands-e2e,rebuild-openclaw-e2e,inference-routing-e2e
Summary: 2 passed, 6 failed, 0 cancelled, 0 skipped

Job	Result
concurrent-gateway-ports-e2e	✅ success
diagnostics-e2e	❌ failure
double-onboard-e2e	✅ success
inference-routing-e2e	❌ failure
onboard-repair-e2e	❌ failure
rebuild-openclaw-e2e	❌ failure
sandbox-operations-e2e	❌ failure
snapshot-commands-e2e	❌ failure

Failed jobs: diagnostics-e2e, inference-routing-e2e, onboard-repair-e2e, rebuild-openclaw-e2e, sandbox-operations-e2e, snapshot-commands-e2e. Check run artifacts for logs.