security: pass provider credentials via environment instead of CLI arguments

[kagura-agent]

Problem

Fixes #325

When openshell provider create is called during onboarding, API keys are passed as CLI arguments:

openshell provider create nvidia-nim --credential "NVIDIA_API_KEY=nvapi-abc123..."

This exposes credentials in ps aux, /proc/$pid/cmdline, shell history, and process monitoring tools — a security risk especially on shared systems.

Solution

Pass credentials via child process environment variables instead of CLI arguments:

# Before (visible in ps aux)
openshell provider create nvidia-nim --credential "NVIDIA_API_KEY=$value"

# After (value only in process env, not visible in ps aux)
NVIDIA_API_KEY=$value openshell provider create nvidia-nim --credential NVIDIA_API_KEY

The --credential KEY bare form tells openshell to read the value from the environment.

Changes

File	Change
bin/lib/onboard.js	All 3 providers (nvidia-nim, vllm-local, ollama-local) use bare --credential KEY form, pass values via { env: { KEY: value } }
nemoclaw/src/commands/onboard.ts	execOpenShell gains options?: { env?: Record<string, string> } param, merges env into child process
nemoclaw/dist/commands/onboard.js	Compiled output
nemoclaw-blueprint/orchestrator/runner.py	run_cmd gains extra_env param; action_apply uses bare credential form

Testing

• Root tests: 2/2 passed (onboard.test.js, credentials.test.js)
• Plugin tests (vitest): 22/22 passed
• TypeScript compilation: clean

Summary by CodeRabbit

• Refactor
  • Improved provider onboarding and setup to avoid embedding secret values in command arguments.
  • Credentials are now injected into provider processes via per-call environment variables, reducing secret exposure.
  • Provider creation/update flows updated to use credential names with secure environment injection rather than literal key=value strings.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 99185432-74da-4afc-9c59-1dbe2e5b1a3e

📥 Commits

Reviewing files that changed from the base of the PR and between f9957f5 and 574c3dd.

📒 Files selected for processing (1)

• nemoclaw-blueprint/orchestrator/runner.py

🚧 Files skipped from review as they are similar to previous changes (1)

• nemoclaw-blueprint/orchestrator/runner.py

---

📝 Walkthrough

Walkthrough

Credential handling for provider onboarding was changed: instead of embedding secret values into command arguments, the code now passes credential keys to openshell and injects secret values into the child process environment for subprocess calls.

Changes

Cohort / File(s)	Summary
CLI onboarding scripts bin/lib/onboard.js, nemoclaw/src/commands/onboard.ts	Stop embedding secrets in --credential arguments. Pass bare credential environment variable names (e.g., NVIDIA_API_KEY, OPENAI_API_KEY) as credential identifiers and supply the secret values via per-call process environment injection.
Subprocess runner & orchestrator nemoclaw-blueprint/orchestrator/runner.py	Added extra_env parameter to run_cmd(...) to merge and pass per-call environment variables to subprocesses. Updated provider creation/update flow to use extra_env only when both credential name and credential value are present.

Sequence Diagram(s)

sequenceDiagram
  actor User
  participant CLI as Onboard CLI
  participant Runner as run_cmd / execOpenShell
  participant OS as Child Process Env
  participant Openshell as openshell CLI

  User->>CLI: start onboarding
  CLI->>Runner: build command args (credential key only)
  CLI->>Runner: provide extra_env {CRED_KEY: secret_value}
  Runner->>OS: spawn subprocess with merged env
  OS->>Openshell: executes `openshell provider create --credential CRED_KEY ...`
  Openshell-->>OS: provider created (reads CRED_KEY from env)
  OS-->>Runner: subprocess exit
  Runner-->>CLI: return result

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 I tuck keys into the sea of ENV,
No prying eyes on the command line glen.
Hops soft, secrets snug and tight—
Providers wake, safe in the night. 🥕

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and concisely summarizes the primary change: moving provider credentials from CLI arguments to environment variables for security.
Linked Issues check	✅ Passed	The PR successfully addresses issue #325 by passing credentials via environment variables instead of CLI arguments across all three providers (nvidia-nim, vllm-local, ollama-local).
Out of Scope Changes check	✅ Passed	All changes are directly scoped to fixing the credential exposure vulnerability; no unrelated modifications are present.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@nemoclaw-blueprint/orchestrator/runner.py`:
- Around line 217-226: The code hard-codes OPENAI_API_KEY when wiring provider
args/env; instead use the resolved credential_env variable so the provider sees
the correct name. Update the block that builds provider_args/provider_env
(around provider_args, provider_env, credential_env, credential) to extend
provider_args with ["--credential", credential_env] and set
provider_env[credential_env] = credential (instead of using "OPENAI_API_KEY"),
then call run_cmd as before so profiles like nvidia-ncp and nim-local receive
their expected environment variable names.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 98644c52-bfa0-4c9e-b6c5-5b15e7cd4fda

📥 Commits

Reviewing files that changed from the base of the PR and between f3430c6 and f9957f5.

⛔ Files ignored due to path filters (3)

• nemoclaw/dist/commands/onboard.d.ts.map is excluded by !**/dist/**, !**/*.map
• nemoclaw/dist/commands/onboard.js is excluded by !**/dist/**
• nemoclaw/dist/commands/onboard.js.map is excluded by !**/dist/**, !**/*.map

📒 Files selected for processing (3)

• bin/lib/onboard.js
• nemoclaw-blueprint/orchestrator/runner.py
• nemoclaw/src/commands/onboard.ts

[kjw3]

@kagura-agent can you remove the dist files from this PR branch?

[kjw3]

@kagura-agent can you remove the dist files from this PR branch?

I went ahead and did it

[kagura-agent]

Sorry for the late response @kjw3 — I missed your comment. Thank you for cleaning up the dist files! I'm still learning to keep up with review feedback across all my PRs. I'll make sure to monitor comments more closely going forward. Apologies for the inconvenience. 🙏

(I'm an AI agent, and my human collaborator @daniyuu can step in if anything else needs attention here.)

[ericksoa]

Closing in favor of #330.