fix: harden installer and onboard resiliency

[kjw3]

Summary

Hardens NemoClaw install and onboarding resiliency across repeat runs, partial failures, and restart/runtime drift.

Supersedes #770 with a clean signed-commit branch.

Addresses:

• nemoclaw onboard` is not resumable — partial failures require full cleanup and restart #446 resumable onboarding
• Onboarding fails with timeout during sandbox image push/import into OpenShell gateway #623 onboarding timeout during sandbox image push/import
• failed to upload image tar into container --> Timeout error #427 image upload timeout during onboard
• Sandbox image push fails with 'Connection reset by peer' at 2459 MiB during onboard #245 sandbox image push connection reset during onboard
• Sandbox Not Available Anymore After Machine Restart #486 sandbox unavailable after machine restart
• WSL2: restarting openshell-cluster breaks gateway/sandbox connectivity and forces re-onboarding #716 WSL2 gateway/sandbox connectivity drift after restart
• [NeMoClaw][Ubuntu + Docker CE] Second installer/onboard run deletes previous sandbox session and leaves stale sandbox in nemoclaw list #532 second install/onboard run leaves stale state or damages prior session

What Changed

• Added persisted onboarding session state and nemoclaw onboard --resume
• Added sanitized onboarding state to nemoclaw debug
• Made repeat onboard non-destructive by default when the sandbox is healthy
• Improved recovery and messaging for gateway/runtime drift after restart
• Improved sandbox image transfer failure classification and recovery guidance
• Hardened installer/uninstall behavior and related shell/session handling
• Tightened session-state redaction and secret handling
• Aligned onboard OpenClaw UI output with current main

How To Test

Start from the PR branch:

git fetch origin
git switch fix/446-installer-resiliency-signed
git pull --ff-only origin fix/446-installer-resiliency-signed

Please focus on resiliency and recovery behavior:

1. Fresh onboard

   • ./install.sh
   • nemoclaw onboard
   • Verify nemoclaw <sandbox> status and nemoclaw <sandbox> connect

2. Interrupted onboard + resume

   • Interrupt or fail onboard mid-run
   • Fix the underlying issue
   • Run nemoclaw onboard --resume
   • Verify completed steps are skipped when safe and onboarding completes without full cleanup

3. Repeat onboard

   • Run onboard again with the same sandbox name
   • Verify a healthy sandbox is reused, not silently recreated
   • Run onboard with a different sandbox name
   • Verify the old sandbox remains intact

4. Runtime/gateway drift

   • After onboarding, restart the relevant runtime/gateway context if feasible
   • Run nemoclaw <sandbox> status and nemoclaw <sandbox> connect
   • Verify NemoClaw attempts recovery first and falls back to clear onboard --resume guidance when needed

5. Debug visibility

   • nemoclaw debug --quick
   • Verify onboarding session state is present and secrets are not exposed

Please include in any bug report:

• platform/environment
• exact command run
• full terminal output
• nemoclaw debug --quick
• openshell status
• openshell sandbox list
• openshell gateway info

Validation

npx vitest run test/runtime-recovery.test.js test/onboard.test.js test/onboard-session.test.js test/cli.test.js test/install-preflight.test.js test/uninstall.test.js
npx vitest run --coverage
npx tsc -p jsconfig.json --noEmit

Summary by CodeRabbit

• New Features

  • Resumable onboarding: use "nemoclaw onboard --resume" to continue or repair interrupted setup; resume skips already-completed steps when safe.
  • Improved recovery guidance that detects gateway/sandbox states and suggests restart or recreation actions.

• Bug Fixes

  • More reliable gateway/sandbox health detection and clearer sandbox-create recovery hints.
  • Stronger resume validation to prevent invalid/conflicting resumes.

• Chores

  • Installer switched to a compatibility wrapper with clearer PATH/profile messaging; uninstall now cleans onboard session state; debug includes an onboard session summary.

• Tests

  • Expanded unit and E2E tests covering resume, recovery, and session persistence.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds a new atomic, resumable onboard-session module with cross-process locking and redaction; integrates session-driven resume and recovery into onboarding, augments gateway/sandbox classification and repair logic, updates installer/wrapper and debug hooks, and adds many unit, integration, and E2E tests.

Changes

Cohort / File(s)	Summary
Session Persistence & Locking bin/lib/onboard-session.js, test/onboard-session.test.js	New module persisting atomic JSON at ~/.nemoclaw/onboard-session.json with exclusive lock ~/.nemoclaw/onboard.lock; provides create/load/save, step lifecycle (start/complete/fail), stale-lock detection, redaction of secrets, atomic temp-file writes, and comprehensive tests.
Onboard Flow & State Logic bin/lib/onboard.js, test/onboard.test.js	Onboard now uses session persistence and lock-driven resume; richer gateway/sandbox reuse and health classification, sandbox repair/recreate, build-context filtering/copy helpers, credential hydration for inference, resume conflict detection, adjusted step ordering, and expanded unit tests.
Runtime Recovery Helpers bin/lib/runtime-recovery.js, test/runtime-recovery.test.js, test/nemoclaw-cli-recovery.test.js	New parser/classifier utilities for OpenShell outputs (sandbox names, sandbox/gateway state), decision predicate for whether to attempt recovery, and a helper to select recovery command; unit and CLI recovery integration tests added.
CLI Flags, Entrypoints & Installer bin/nemoclaw.js, install.sh, scripts/install.sh, scripts/debug.sh	Adds --resume handling to CLI, installer replaced by repo-wrapper that execs root install.sh, installer detects interrupted sessions to auto-run onboard --resume, debug script collects onboard-session summary, and messaging for PATH/profile recovery adjusted.
Sandbox Creation & Recovery bin/lib/onboard.js (helpers)	Adds sandbox create failure classification, sandbox state inference, repairRecordedSandbox, sandbox create enhancements (optional name override, filtered build-context copy), and targeted recovery hint printing.
Credential & Policy Handling bin/lib/onboard.js	Introduces hydrateCredentialEnv, uses hydrated secrets for inference setup, changes policy preset flow to be selection/resume-aware, and adds readiness checks for inference/OpenClaw.
E2E Resume/Repair Tests test/e2e/test-onboard-resume.sh, test/e2e/test-onboard-repair.sh	New Bash E2E suites validating interrupted-run creation, resume repair and invalidation, sandbox recreation, credential persistence/hydration, and full end-to-end log/state assertions.
Tests & Debugging test/cli.test.js, test/install-preflight.test.js, test/onboard-session.test.js, test/onboard.test.js, test/runtime-recovery.test.js, test/nemoclaw-cli-recovery.test.js, test/uninstall.test.js	Wide-ranging test additions and updates: CLI parsing, installer wrapper behavior, session lifecycle and redaction, runtime recovery classifiers, resume conflict cases, credential hydration checks, and uninstall/session-cleanup tests.
Uninstall Behavior uninstall.sh, test/uninstall.test.js	Uninstall docs/behavior updated to remove onboard session state; shim removal now deletes only symlinks (leaves regular files) and emits a warning; tests adjusted accordingly.

Sequence Diagram(s)

sequenceDiagram
    actor User
    participant CLI as "nemoclaw CLI"
    participant Lock as "Lock Manager\n(~/.nemoclaw/onboard.lock)"
    participant Session as "Session Storage\n(~/.nemoclaw/onboard-session.json)"
    participant Onboard as "Onboard Flow"
    participant Gateway as "Gateway/OpenShell"
    participant Sandbox as "Sandbox/OpenShell"

    User->>CLI: run "nemoclaw onboard" / "nemoclaw onboard --resume"
    CLI->>Lock: acquireOnboardLock(command)
    Lock->>Lock: create/check lock file (pid,startTime,cmd)
    Lock-->>CLI: acquired | holder metadata | stale-handled
    CLI->>Session: loadSession() or createSession()
    CLI->>Onboard: execute steps
    Onboard->>Gateway: start/check health (getGatewayStartEnv, getGatewayReuseState)
    Onboard->>Sandbox: create/check/repair (createSandbox, repairRecordedSandbox)
    Onboard->>Session: markStepStarted/Complete/Failed
    Onboard->>Session: saveSession() (atomic write + redact)
    CLI->>Lock: releaseOnboardLock()

Loading

sequenceDiagram
    actor User
    participant CLI as "nemoclaw CLI"
    participant Session as "Session Storage"
    participant Recovery as "Runtime Recovery"
    participant Gateway as "Gateway/OpenShell"
    participant Sandbox as "Sandbox/OpenShell"

    User->>CLI: "nemoclaw onboard --resume"
    CLI->>Session: loadSession()
    Session-->>CLI: session (resumable? recorded steps)
    CLI->>Recovery: classifyGatewayStatus(), classifySandboxLookup()
    alt Recoverable (no conflicts)
        CLI->>Gateway: skip/start/select based on state
        CLI->>Sandbox: skip/recreate based on state
        CLI->>Onboard: continue remaining steps and save progress
    else ConflictsDetected
        CLI-->>User: abort resume with conflict errors
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~50 minutes

Poem

🐰 I hopped through lines and left a careful trace,

Locked the burrow tight, saved progress in its place,
Secrets gently masked, timestamps snug and warm,
Resume and repair — I nudge the flow back to form,
A tiny rabbit cheering every saved restart.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 17.12% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: harden installer and onboard resiliency' clearly and specifically summarizes the main changes across the PR, which involve improving installer robustness, onboarding session persistence, resume capabilities, and runtime recovery.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/446-installer-resiliency-signed

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

test/uninstall.test.js (1)

75-116: ⚠️ Potential issue | 🟠 Major

Stub npm in these shim tests.

Both tests source uninstall.sh and call remove_nemoclaw_cli(), which still runs npm unlink -g nemoclaw / npm uninstall -g nemoclaw before it inspects the shim. With the current env, that hits whatever npm is on the host PATH, so the suite can mutate the developer/CI global install. Put a fake npm earlier in PATH here, the same way the --yes test already does.

🧪 Minimal hardening

     const tmp = fs.mkdtempSync(path.join(os.tmpdir(), "nemoclaw-uninstall-preserve-"));
+    const fakeBin = path.join(tmp, "bin");
     const shimDir = path.join(tmp, ".local", "bin");
     const shimPath = path.join(shimDir, "nemoclaw");
+    fs.mkdirSync(fakeBin, { recursive: true });
     fs.mkdirSync(shimDir, { recursive: true });
     fs.writeFileSync(shimPath, "#!/usr/bin/env bash\n", { mode: 0o755 });
+    fs.writeFileSync(path.join(fakeBin, "npm"), "#!/usr/bin/env bash\nexit 0\n", { mode: 0o755 });

     const result = spawnSync(
       "bash",
       ["-lc", `HOME="${tmp}" source "${UNINSTALL_SCRIPT}"; remove_nemoclaw_cli`],
       {
         cwd: path.join(import.meta.dirname, ".."),
         encoding: "utf-8",
+        env: { ...process.env, PATH: `${fakeBin}:/usr/bin:/bin` },
       },
     );

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/uninstall.test.js` around lines 75 - 116, The tests invoking
remove_nemoclaw_cli (via sourcing UNINSTALL_SCRIPT in the spawnSync bash
command) must stub npm on PATH so the script's npm unlink/uninstall calls don't
invoke the host npm; create a temp "bin" directory, write a small fake "npm"
executable (exit 0 or mimic expected output) and make it executable, prepend
that bin dir to PATH in the env passed to spawnSync (as done in the --yes test),
and use that env for both spawnSync calls that source UNINSTALL_SCRIPT so the
installer-managed shim logic is exercised without touching the real global npm.

🧹 Nitpick comments (4)

scripts/install.sh (1)

15-23: Write the deprecation banner to stderr.

This wrapper currently prepends warning text to stdout before execing the real installer. That changes the stdout contract of delegated commands like --help / --version; sending the banner to stderr keeps the warning without polluting the underlying installer output.

🪄 Small cleanup

 warn_legacy_path() {
-  cat <<EOF
+  cat <<EOF >&2
 [install] deprecated compatibility wrapper: scripts/install.sh
 [install] supported installer: ${ROOT_INSTALLER_URL}
 EOF
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@scripts/install.sh` around lines 15 - 23, The deprecation banner currently
writes to stdout via warn_legacy_path (the heredoc using cat <<EOF) and then
calls warn_legacy_path; change the function so its heredoc writes to stderr
(e.g., redirect the heredoc/cat output to >&2 or use printf to >&2) and keep the
existing warn_legacy_path invocation so the banner is emitted to stderr before
execing the real installer; ensure the message text and variable
${ROOT_INSTALLER_URL} remain unchanged.

install.sh (1)

273-281: Minor: detect_shell_profile could miss fish/other shells.

The function defaults to .bashrc for non-zsh shells. Users running fish, tcsh, or other shells won't get accurate profile suggestions. This is a reasonable simplification for the common case, but consider adding a note in the output or documentation.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@install.sh` around lines 273 - 281, The detect_shell_profile function
currently defaults non-zsh shells to ~/.bashrc which can misidentify users of
fish, tcsh, etc.; update detect_shell_profile to check $SHELL basename for
common shells like fish (use ~/.config/fish/config.fish), tcsh/csh (use
~/.tcshrc or ~/.cshrc), and fallback to ~/.profile or print a visible note when
the shell is unrecognized; reference the detect_shell_profile function and
adjust its branching logic to add these checks and/or emit a comment suggesting
manual profile selection when an unknown shell is detected.

test/onboard-session.test.js (1)

10-14: Consider potential test isolation concern with global HOME modification.

Setting process.env.HOME at module load time (Line 11) affects the entire Node process for the duration of the test run. While this works correctly when this test file runs in isolation, it could cause issues if:

1. Other test files in the same Vitest worker expect the original HOME
2. The module under test is cached with the modified HOME path

This is likely fine given Vitest's default worker isolation, but worth noting if flaky behavior appears.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/onboard-session.test.js` around lines 10 - 14, The test mutates the
global process.env.HOME at module load (tmpDir and process.env.HOME) and then
requires the module via createRequire(import.meta.url) +
require("../bin/lib/onboard-session"), which can leak into other tests or cache
the module with the wrong HOME; fix by saving the original HOME before changing
it, set process.env.HOME to tmpDir only immediately before requiring the module
(or inside a beforeEach), require the module (session) while HOME is modified,
then restore the original HOME immediately after (or in an afterEach) so other
tests see the original environment and the module cache doesn’t persist an
unexpected HOME.

test/onboard.test.js (1)

372-411: Consider adding a clarifying comment for the provider mapping chain.

The test validates that "cloud" provider → "nvidia-prod" effective provider, but the two-stage mapping (via getRequestedProviderHint → getEffectiveProviderName) isn't immediately clear. A brief comment explaining this alias chain would improve maintainability.

📝 Suggested clarifying comment

   it("detects resume conflicts for explicit provider and model changes", () => {
     const previousProvider = process.env.NEMOCLAW_PROVIDER;
     const previousModel = process.env.NEMOCLAW_MODEL;
+    // "cloud" is an alias that maps through getRequestedProviderHint ("build")
+    // to getEffectiveProviderName ("nvidia-prod")
     process.env.NEMOCLAW_PROVIDER = "cloud";
     process.env.NEMOCLAW_MODEL = "nvidia/other-model";

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/onboard.test.js` around lines 372 - 411, Add a brief clarifying comment
in the test near the setup of process.env.NEMOCLAW_PROVIDER explaining the
two-stage provider alias resolution used by the code under test: that
getRequestedProviderHint maps the external alias ("cloud") to an internal
requested hint and then getEffectiveProviderName resolves that hint to the
effective provider name ("nvidia-prod"), so the test expects provider conflict
between requested "nvidia-prod" and recorded "nvidia-nim"; place this comment
adjacent to the getResumeConfigConflicts invocation (or the environment setup)
to make the alias chain explicit for future readers.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@scripts/debug.sh`:
- Around line 110-112: The current derivation of SCRIPT_DIR, REPO_ROOT and
ONBOARD_SESSION_HELPER can resolve relative to the caller when the script is run
via "bash -s", so update the logic that sets SCRIPT_DIR and REPO_ROOT to first
verify that BASH_SOURCE[0] is non-empty and points to an existing file; if not,
leave ONBOARD_SESSION_HELPER empty (or unset) so it cannot point at a caller's
../bin/lib/onboard-session.js. Then gate the helper usage (the conditional that
uses ONBOARD_SESSION_HELPER / require('./../bin/lib/onboard-session.js')) on
ONBOARD_SESSION_HELPER being non-empty/real. Refer to the variables SCRIPT_DIR,
REPO_ROOT, and ONBOARD_SESSION_HELPER and the helper-require conditional to
implement these checks.

---

Outside diff comments:
In `@test/uninstall.test.js`:
- Around line 75-116: The tests invoking remove_nemoclaw_cli (via sourcing
UNINSTALL_SCRIPT in the spawnSync bash command) must stub npm on PATH so the
script's npm unlink/uninstall calls don't invoke the host npm; create a temp
"bin" directory, write a small fake "npm" executable (exit 0 or mimic expected
output) and make it executable, prepend that bin dir to PATH in the env passed
to spawnSync (as done in the --yes test), and use that env for both spawnSync
calls that source UNINSTALL_SCRIPT so the installer-managed shim logic is
exercised without touching the real global npm.

---

Nitpick comments:
In `@install.sh`:
- Around line 273-281: The detect_shell_profile function currently defaults
non-zsh shells to ~/.bashrc which can misidentify users of fish, tcsh, etc.;
update detect_shell_profile to check $SHELL basename for common shells like fish
(use ~/.config/fish/config.fish), tcsh/csh (use ~/.tcshrc or ~/.cshrc), and
fallback to ~/.profile or print a visible note when the shell is unrecognized;
reference the detect_shell_profile function and adjust its branching logic to
add these checks and/or emit a comment suggesting manual profile selection when
an unknown shell is detected.

In `@scripts/install.sh`:
- Around line 15-23: The deprecation banner currently writes to stdout via
warn_legacy_path (the heredoc using cat <<EOF) and then calls warn_legacy_path;
change the function so its heredoc writes to stderr (e.g., redirect the
heredoc/cat output to >&2 or use printf to >&2) and keep the existing
warn_legacy_path invocation so the banner is emitted to stderr before execing
the real installer; ensure the message text and variable ${ROOT_INSTALLER_URL}
remain unchanged.

In `@test/onboard-session.test.js`:
- Around line 10-14: The test mutates the global process.env.HOME at module load
(tmpDir and process.env.HOME) and then requires the module via
createRequire(import.meta.url) + require("../bin/lib/onboard-session"), which
can leak into other tests or cache the module with the wrong HOME; fix by saving
the original HOME before changing it, set process.env.HOME to tmpDir only
immediately before requiring the module (or inside a beforeEach), require the
module (session) while HOME is modified, then restore the original HOME
immediately after (or in an afterEach) so other tests see the original
environment and the module cache doesn’t persist an unexpected HOME.

In `@test/onboard.test.js`:
- Around line 372-411: Add a brief clarifying comment in the test near the setup
of process.env.NEMOCLAW_PROVIDER explaining the two-stage provider alias
resolution used by the code under test: that getRequestedProviderHint maps the
external alias ("cloud") to an internal requested hint and then
getEffectiveProviderName resolves that hint to the effective provider name
("nvidia-prod"), so the test expects provider conflict between requested
"nvidia-prod" and recorded "nvidia-nim"; place this comment adjacent to the
getResumeConfigConflicts invocation (or the environment setup) to make the alias
chain explicit for future readers.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: db04f9b7-e31f-4bdb-822a-e593c19f4f0e

📥 Commits

Reviewing files that changed from the base of the PR and between f0f53e4 and 7b70543.

📒 Files selected for processing (17)

• bin/lib/onboard-session.js
• bin/lib/onboard.js
• bin/lib/runtime-recovery.js
• bin/nemoclaw.js
• install.sh
• scripts/debug.sh
• scripts/install.sh
• test/cli.test.js
• test/e2e/test-onboard-repair.sh
• test/e2e/test-onboard-resume.sh
• test/install-preflight.test.js
• test/nemoclaw-cli-recovery.test.js
• test/onboard-session.test.js
• test/onboard.test.js
• test/runtime-recovery.test.js
• test/uninstall.test.js
• uninstall.sh

[coderabbitai]

🧹 Nitpick comments (1)

test/onboard.test.js (1)

927-932: Consider using findLast() for cleaner code.

The .slice().reverse().find() pattern works correctly, but can be simplified with Array.prototype.findLast() (available in Node.js 18+). The same pattern appears at lines 1013-1018.

✨ Suggested simplification

     const payloadLine = result.stdout
       .trim()
       .split("\n")
-      .slice()
-      .reverse()
-      .find((line) => line.startsWith("{") && line.endsWith("}"));
+      .findLast((line) => line.startsWith("{") && line.endsWith("}"));

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/onboard.test.js` around lines 927 - 932, Replace the
".slice().reverse().find()" arrays used to locate the JSON payload with the
simpler Array.prototype.findLast() to improve readability: change the assignment
to payloadLine (the expression starting from
result.stdout.trim().split("\n").slice().reverse().find(...)) to use
.findLast(line => line.startsWith("{") && line.endsWith("}")) instead, and make
the same replacement for the other identical pattern later in the file (the
second result.stdout processing around the other payload extraction). Ensure
Node.js 18+ runtime compatibility is acceptable before applying.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@test/onboard.test.js`:
- Around line 927-932: Replace the ".slice().reverse().find()" arrays used to
locate the JSON payload with the simpler Array.prototype.findLast() to improve
readability: change the assignment to payloadLine (the expression starting from
result.stdout.trim().split("\n").slice().reverse().find(...)) to use
.findLast(line => line.startsWith("{") && line.endsWith("}")) instead, and make
the same replacement for the other identical pattern later in the file (the
second result.stdout processing around the other payload extraction). Ensure
Node.js 18+ runtime compatibility is acceptable before applying.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 2bb959e9-9326-4a12-ad90-0daaaca7e29a

📥 Commits

Reviewing files that changed from the base of the PR and between 7b70543 and 345f8c6.

📒 Files selected for processing (9)

• bin/lib/onboard-session.js
• bin/lib/onboard.js
• install.sh
• scripts/debug.sh
• scripts/install.sh
• test/install-preflight.test.js
• test/onboard-session.test.js
• test/onboard.test.js
• test/uninstall.test.js

✅ Files skipped from review due to trivial changes (3)

• scripts/debug.sh
• test/uninstall.test.js
• bin/lib/onboard.js

🚧 Files skipped from review as they are similar to previous changes (3)

• test/onboard-session.test.js
• test/install-preflight.test.js
• bin/lib/onboard-session.js

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@bin/lib/onboard-session.js`:
- Line 320: The code currently assigns updates.endpointUrl directly to
safe.endpointUrl (and later returns it from summarizeForDebug()), which can
expose credentials; update the assignment path that sets safe.endpointUrl (and
any similar assignment around the other occurrences) to first run the URL
through a redaction helper (create a small helper used by summarizeForDebug()
like redactUrl(url)): parse the URL, remove or mask userinfo
(username:password@), and also strip or mask common sensitive query parameters
(e.g., signature, sig, token, auth, access_token) and then set safe.endpointUrl
to the redacted string so summarizeForDebug() never returns credential-bearing
URLs.
- Around line 305-310: completeSession currently applies filterSafeUpdates and
sets status/failure but never flips the session's resumable flag, so sessions
created with createSession (which defaults resumable to true) remain resumable
after completion; modify completeSession (the function that calls updateSession
and uses filterSafeUpdates) to explicitly set session.resumable = false after
applying safe updates so completed sessions are not considered resumable by
downstream recovery code.
- Around line 208-249: When a concurrent writer leaves the lock file unreadable
or briefly missing, the current loop treats parseLockFile(null) or readFileSync
ENOENT as stale and unlinks a still-live lock; change the logic in the
lock-acquisition loop (the block that does fs.openSync(LOCK_FILE, "wx", ...),
parseLockFile(...), and isProcessAlive(...)) so that if readFileSync throws
ENOENT or parseLockFile(...) returns null you DO NOT unlink the file but instead
treat it as a transient race and retry (i.e., continue to the next attempt after
a short backoff), and only unlink the LOCK_FILE when parseLockFile returned a
valid payload and isProcessAlive(...) is false; also update releaseOnboardLock
so it ignores ENOENT from readFileSync and does not unlink when parseLockFile
returns null (only unlink when parsed payload has matching pid).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 5a038dc4-fa76-4a43-866e-10b03c3aa9c4

📥 Commits

Reviewing files that changed from the base of the PR and between d9b0634 and d8174d7.

📒 Files selected for processing (1)

• bin/lib/onboard-session.js

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (2)

bin/lib/onboard-session.js (2)

97-113: ⚠️ Potential issue | 🟠 Major

Redact fragments and provider-signed query params too.

Line 105 only masks exact key matches, so URLs like ...?X-Amz-Signature=... / ...?X-Goog-Signature=... and fragment tokens such as #access_token=... still survive into the saved session and nemoclaw debug. Strip url.hash and broaden the sensitive-key match here.

🧼 Suggested hardening

+function isSensitiveUrlParam(key) {
+  return (
+    /^(x-amz-|x-goog-)/i.test(key) ||
+    /(^|[-_])(sig|signature|token|auth|credential|key)([-_]|$)/i.test(key)
+  );
+}
+
 function redactUrl(value) {
   if (typeof value !== "string" || value.length === 0) return null;
   try {
     const url = new URL(value);
@@
-    for (const key of [...url.searchParams.keys()]) {
-      if (/^(signature|sig|token|auth|access_token)$/i.test(key)) {
+    url.hash = "";
+    for (const key of [...url.searchParams.keys()]) {
+      if (isSensitiveUrlParam(key)) {
         url.searchParams.set(key, "<REDACTED>");
       }
     }
     return url.toString();

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@bin/lib/onboard-session.js` around lines 97 - 113, The redactUrl function
currently only masks exact query key matches and leaves URL fragments and
provider-prefixed signature keys intact; update redactUrl to also clear url.hash
(to remove fragment tokens) and broaden the search-key matching to include
common prefixed variations like
/(^|[-_])(?:signature|sig|token|auth|access_token)$/i or similar so keys such as
X-Amz-Signature and X-Goog-Signature are caught, iterating url.searchParams to
set matched keys to "<REDACTED>" (as it already does) and falling back to
redactSensitiveText(value) on parse errors; reference redactUrl, url.hash,
url.searchParams, and redactSensitiveText when making the change.

---

227-271: ⚠️ Potential issue | 🟠 Major

Keep the lock path fail-closed under partial writes.

Line 230 creates the lock path before its JSON payload is complete. If that write throws, Line 231 never runs, so the fd stays open and the half-written lock is left behind; and if a competing reader hits that window twice, this path still falls through to { stale: true } even though the owner may still be alive. Please close and clean up the creator path in a finally, and only report stale: true after successfully parsing a dead-owner record.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@bin/lib/onboard-session.js`:
- Around line 298-309: markStepStarted and markStepFailed currently leave an old
completedAt timestamp on the step which makes non-complete states appear
completed; update both functions (markStepStarted and markStepFailed) inside the
updateSession callback where you mutate session.steps[stepName] (the step
object) to explicitly clear step.completedAt (e.g., set to null or undefined)
whenever you transition the step.status away from "complete", keeping the
existing changes to status, startedAt, error, failure, and session.status as is.
- Around line 365-369: The helper currently sets safe.metadata = {} whenever
isObject(updates.metadata) is true, which causes existing metadata.gatewayName
to be dropped if updates.metadata lacks gatewayName; change the logic in the
metadata handling (the isObject(updates.metadata) block) to only set
safe.metadata when a whitelisted field is present—check for typeof
updates.metadata.gatewayName === "string" and only then initialize safe.metadata
and assign safe.metadata.gatewayName, avoiding creating an empty safe.metadata
that would be merged away by Object.assign.

---

Duplicate comments:
In `@bin/lib/onboard-session.js`:
- Around line 97-113: The redactUrl function currently only masks exact query
key matches and leaves URL fragments and provider-prefixed signature keys
intact; update redactUrl to also clear url.hash (to remove fragment tokens) and
broaden the search-key matching to include common prefixed variations like
/(^|[-_])(?:signature|sig|token|auth|access_token)$/i or similar so keys such as
X-Amz-Signature and X-Goog-Signature are caught, iterating url.searchParams to
set matched keys to "<REDACTED>" (as it already does) and falling back to
redactSensitiveText(value) on parse errors; reference redactUrl, url.hash,
url.searchParams, and redactSensitiveText when making the change.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 786f3657-8be4-4a4c-a389-7f372633331e

📥 Commits

Reviewing files that changed from the base of the PR and between d8174d7 and 49a02f2.

📒 Files selected for processing (2)

• bin/lib/onboard-session.js
• test/onboard-session.test.js

🚧 Files skipped from review as they are similar to previous changes (1)

• test/onboard-session.test.js

[cv]

Nit: _setupPolicies (lines 2373–2511 in bin/lib/onboard.js) is dead code — nothing calls it now that setupPoliciesWithSelection has fully replaced it. Worth removing to avoid confusion, but fine as a follow-up.