fix(openclaw): bump runtime deps EXDEV fix

[jyaunches]

Summary

• bump bundled OpenClaw from 2026.4.24 to 2026.5.18
• update the OpenClaw agent manifest and blueprint minimum so sandbox builds install the fixed runtime
• picks up OpenClaw's cross-filesystem runtime-deps replacement fix for [Ubuntu 22.04][Agent] openclaw CLI fails to start in sandbox — plugin runtime install errors #3513

Regression guard

• Guard PR: test(e2e): add openclaw plugin EXDEV guard for #3513 #3761
• Job: openclaw-plugin-runtime-exdev-e2e in regression-e2e.yaml
• Expected RED on unfixed code: plugin runtime dependency replacement hits EXDEV: cross-device link not permitted

Validation

• npm run build:cli
• npx vitest run src/lib/sandbox/version.test.ts src/lib/sandbox-base-image.test.ts test/sandbox-build-context.test.ts --testTimeout 60000

Closes #3513

Summary by CodeRabbit

• Chores

  • Default OpenClaw version bumped to 2026.5.18 across build, agent manifest, and blueprint requirements.

• Bug Fixes / Reliability

  • Installer is more tolerant of existing package layouts to reduce setup failures.
  • Increased WebSocket pre-auth handshake timeout to improve connection reliability.
  • Patch tooling now gracefully skips built-in tool catalogs instead of failing.

• Tests

  • Added test for skipping built-in catalogs and adjusted snapshot-restore verification.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

OpenClaw defaults and manifests are bumped from 2026.4.24 → 2026.5.18; Dockerfile patching now conditionally rewrites install-package-dir checks (lstat→stat or realpath guard) and widens the WebSocket pre-auth handshake timeout replacement to handle multiple original constants.

Changes

OpenClaw Version Upgrade

Layer / File(s)	Summary
OpenClaw version update across build, manifest, and blueprint configs Dockerfile.base, agents/openclaw/manifest.yaml, nemoclaw-blueprint/blueprint.yaml	OPENCLAW_VERSION build-arg default, agents/openclaw expected_version, and blueprint min_openclaw_version are updated from 2026.4.24 to 2026.5.18.

Dockerfile patch adjustments

Layer / File(s)

Summary

Install-package-dir branching and handshake timeout patch Dockerfile

Patch logic for OpenClaw's install-package-dir now conditionally rewrites fs.lstat(params.installBaseDir) → fs.stat(...) and disables the symlink check if present; otherwise it asserts the await fs.realpath(params.installBaseDir) !== params.expectedRealPath guard. The WebSocket pre-auth handshake timeout replacement now matches 1e4 or 15e3 and replaces either with 6e4, with updated post-patch validation.

OpenClaw tool catalog patch handling

Layer / File(s)	Summary
Catalog patch skip detection and test scripts/patch-openclaw-tool-catalog.js, test/openclaw-tool-catalog-patch.test.ts	Patch logic now detects “built-in” selection catalog shapes and returns skipped-built-in instead of failing when no marked selection-*.js target exists; a new fixture test asserts the skip and that the selection file is not modified.

Test/script tweak

Layer / File(s)	Summary
E2E rollback verification tweak test/e2e-test.sh	Snapshot restore verification now reads restored.wizard.lastRunVersion instead of restored.meta.lastTouchedVersion for the rollback version check.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• NVIDIA/NemoClaw#3808: Prior changes to the same patching pipeline for OpenClaw selection catalogs.

Suggested reviewers

• cv
• ericksoa

Poem

🐰 I nibble at a Docker line,
Bumped a version, stitched a sign.
Patches hop where lstat grew thin,
Catalogs wink — the test says "skip".
Carrots crunch while CI takes a spin.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	Title clearly summarizes the main change: updating OpenClaw from 2026.4.24 to 2026.5.18 to fix EXDEV runtime dependency installation issues.
Linked Issues check	✅ Passed	PR changes align with issue #3513 objectives: bumps OpenClaw to 2026.5.18 (which contains the EXDEV fix), updates manifest/blueprint versions, and adds regression test validation.
Out of Scope Changes check	✅ Passed	All changes directly support the EXDEV fix: version bumps in Dockerfile/manifest/blueprint, patching logic for OpenClaw install, tool catalog handling, and e2e test validation.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/3513-openclaw-plugin-runtime-exdev

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

E2E Advisor Recommendation

Required E2E: rebuild-openclaw-e2e, cloud-e2e, network-policy-e2e, messaging-providers-e2e, sandbox-operations-e2e, openclaw-inference-switch-e2e
Optional E2E: cloud-onboard-e2e, skill-agent-e2e, launchable-smoke-e2e

Dispatch hint: rebuild-openclaw-e2e,cloud-e2e,network-policy-e2e,messaging-providers-e2e,sandbox-operations-e2e,openclaw-inference-switch-e2e

Auto-dispatched E2E: rebuild-openclaw-e2e, cloud-e2e, network-policy-e2e, messaging-providers-e2e, sandbox-operations-e2e, openclaw-inference-switch-e2e via nightly-e2e.yaml at f99e8bbd307e9ebfc18e5cfc6d4967b2307ac574 — nightly run

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

• rebuild-openclaw-e2e (high (~60 min)): Most direct coverage for an OpenClaw runtime/image bump: builds current Dockerfile/Dockerfile.base, rebuilds an older OpenClaw sandbox to the current image, verifies workspace state survives, checks the current OpenClaw version, and exercises the upgrade/rebuild path affected by the version and patch changes.
• cloud-e2e (high (~45 min)): Blocks on the full install → onboard → sandbox verify → live NVIDIA inference journey. This is required because Dockerfile/base image, blueprint min_openclaw_version, manifest expected_version, and OpenClaw runtime patching can all break the primary OpenClaw user flow.
• network-policy-e2e (medium-high (~45 min)): Required for the fetch-guard/assertExplicitProxyAllowed and proxy-boundary risk: validates deny-by-default, allowlists, hot reload, inference exemption, permissive mode, and SSRF validation against a real sandbox.
• messaging-providers-e2e (high (~75 min)): Required because the Dockerfile patch comments explicitly cover Telegram/media allowlist vs proxy behavior and the OpenClaw version bump may change messaging channel/runtime internals. This test validates provider creation, placeholder isolation, L7 proxy rewriting, and Telegram/Discord/Slack/WhatsApp channel paths.
• sandbox-operations-e2e (medium-high (~60 min)): Required for sandbox lifecycle risk from the OpenClaw dist patches and handshake timeout changes: validates sandbox list/connect/status/logs/destroy, gateway recovery, registry rebuild, process recovery, multi-sandbox metadata, and cross-sandbox isolation.
• openclaw-inference-switch-e2e (medium-high (~45 min)): Required to prove the upgraded OpenClaw runtime still accepts NemoClaw inference route/config changes in a running sandbox and can serve live requests after the switch. This protects inference routing and openclaw.json compatibility.

Optional E2E

• cloud-onboard-e2e (medium-high (~45 min)): Useful focused confidence for public installer/onboard behavior, Landlock read-only enforcement, API key leak detection, and inference.local HTTPS probe after the OpenClaw image/version bump. Optional because cloud-e2e already covers the core end-to-end onboarding path.
• skill-agent-e2e (medium (~30 min)): Useful adjacent coverage for real assistant behavior involving skill injection and agent verification. This may catch regressions from tool catalog visibility changes, but it is not a direct assertion of the new built-in catalog skip path.
• launchable-smoke-e2e (medium (~30 min)): Useful confidence for the community install path if maintainers want broader release assurance after the image/version bump, but not merge-blocking for source-based Dockerfile/OpenClaw patch validation.

New E2E recommendations

• Assistant tool catalog runtime compatibility (high): Existing unit coverage verifies patch fixture behavior, but there is no clearly named E2E that boots a real upgraded OpenClaw sandbox and asserts the model-visible tool catalog path, including the new skipped-built-in case for OpenClaw 2026.5.x and a real tool_search/tool_describe/tool_call assistant turn.
  • Suggested test: Add an OpenClaw tool-catalog E2E that onboards a sandbox with the pinned OpenClaw version, verifies whether NemoClaw skipped or applied the catalog patch as expected, then runs a deterministic assistant turn that searches/describes/calls a safe tool inside the sandbox.
• OpenClaw dist patch fail-close compatibility (medium): The Dockerfile contains several sed/grep patches against compiled OpenClaw internals. Existing E2Es catch runtime failures indirectly, but a targeted image-build E2E that records which patches were applied/skipped and validates OpenClaw 2026.5.18-specific shapes would reduce diagnosis time for future OpenClaw bumps.
  • Suggested test: Add an image patch compatibility E2E that builds Dockerfile/Dockerfile.base, captures patch application logs for fetch-guard, proxy bypass, symlink install, handshake timeout, and tool catalog, and fails with structured diagnostics if OpenClaw dist shapes drift.

Dispatch hint

• Workflow: nightly-e2e.yaml
• jobs input: rebuild-openclaw-e2e,cloud-e2e,network-policy-e2e,messaging-providers-e2e,sandbox-operations-e2e,openclaw-inference-switch-e2e

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

Dockerfile.base (1)

1-48: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Add SPDX license header.

This file is missing the required SPDX license header. As per coding guidelines, every source file must include an SPDX license header for copyright and Apache-2.0 license.

📝 Proposed fix to add SPDX header

+# SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
 # NemoClaw sandbox base image — expensive, rarely-changing layers.
 #
 # Contains: node:22-trixie-slim, apt packages, gosu, user/group setup,

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfile.base` around lines 1 - 48, Add the required SPDX license header to
the very top of Dockerfile.base by inserting two shell-commented SPDX lines
before the existing file comment block: a SPDX-FileCopyrightText entry with the
project/copyright owner and a SPDX-License-Identifier set to Apache-2.0, using
'#' as the comment marker so the header is recognized and remains a comment in
the Dockerfile.

🧹 Nitpick comments (1)

Dockerfile.base (1)

180-180: ⚡ Quick win

Consider E2E testing for container image changes.

This file affects the sandbox container image. As per coding guidelines, layer ordering, permissions, and baked config changes are only testable with a real container build.

Recommended E2E tests:

• cloud-e2e — full onboard + cloud inference
• sandbox-survival-e2e — gateway restart recovery
• hermes-e2e — Hermes agent onboard + inference
• rebuild-openclaw-e2e — workspace state survives rebuild

To run selectively:

gh workflow run nightly-e2e.yaml --ref <branch> -f jobs=cloud-e2e,sandbox-survival-e2e,hermes-e2e,rebuild-openclaw-e2e

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfile.base` at line 180, Change to the sandbox container image (ARG
OPENCLAW_VERSION) requires running the prescribed end-to-end tests; run the
GitHub Actions nightly-e2e workflow for the listed jobs (cloud-e2e,
sandbox-survival-e2e, hermes-e2e, rebuild-openclaw-e2e) to validate layer
ordering, permissions and baked config by executing: gh workflow run
nightly-e2e.yaml --ref <branch> -f
jobs=cloud-e2e,sandbox-survival-e2e,hermes-e2e,rebuild-openclaw-e2e, and if
needed also build the Dockerfile.base locally to verify image build/permission
semantics before merging.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@Dockerfile.base`:
- Around line 1-48: Add the required SPDX license header to the very top of
Dockerfile.base by inserting two shell-commented SPDX lines before the existing
file comment block: a SPDX-FileCopyrightText entry with the project/copyright
owner and a SPDX-License-Identifier set to Apache-2.0, using '#' as the comment
marker so the header is recognized and remains a comment in the Dockerfile.

---

Nitpick comments:
In `@Dockerfile.base`:
- Line 180: Change to the sandbox container image (ARG OPENCLAW_VERSION)
requires running the prescribed end-to-end tests; run the GitHub Actions
nightly-e2e workflow for the listed jobs (cloud-e2e, sandbox-survival-e2e,
hermes-e2e, rebuild-openclaw-e2e) to validate layer ordering, permissions and
baked config by executing: gh workflow run nightly-e2e.yaml --ref <branch> -f
jobs=cloud-e2e,sandbox-survival-e2e,hermes-e2e,rebuild-openclaw-e2e, and if
needed also build the Dockerfile.base locally to verify image build/permission
semantics before merging.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: b1b0a972-9945-46d6-a6b6-49da8a3f200c

📥 Commits

Reviewing files that changed from the base of the PR and between d147671 and 317c4bb.

📒 Files selected for processing (3)

• Dockerfile.base
• agents/openclaw/manifest.yaml
• nemoclaw-blueprint/blueprint.yaml

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 26121235580
Target ref: 317c4bbbf8478714e3d931054f94fa69993bd9a0
Workflow ref: main
Requested jobs: rebuild-openclaw-e2e,cloud-e2e,network-policy-e2e,openclaw-inference-switch-e2e
Summary: 0 passed, 4 failed, 0 skipped

Job	Result
cloud-e2e	❌ failure
network-policy-e2e	❌ failure
openclaw-inference-switch-e2e	❌ failure
rebuild-openclaw-e2e	❌ failure

Failed jobs: cloud-e2e, network-policy-e2e, openclaw-inference-switch-e2e, rebuild-openclaw-e2e. Check run artifacts for logs.

[wscurran]

✨ Related open PRs:

• #3761 test(e2e): add openclaw plugin EXDEV guard for #3513

---

Related open issues:

• #3513 [Ubuntu 22.04][Agent] openclaw CLI fails to start in sandbox — plugin runtime install errors

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@Dockerfile`:
- Around line 224-227: The sed command in the hto_files patch misuses '|' as
both the sed delimiter and the regex alternation operator, causing the
replacement to be parsed incorrectly; update the sed invocation in the hto_files
pipeline (the sed -i -E 's|DEFAULT_PREAUTH_HANDSHAKE_TIMEOUT_MS =
(1e4|15e3)|DEFAULT_PREAUTH_HANDSHAKE_TIMEOUT_MS = 6e4|g' call) to use a
delimiter that does not appear in the pattern (for example '#' or '@') so the
alternation (1e4|15e3) is preserved, e.g. change to
s#DEFAULT_PREAUTH_HANDSHAKE_TIMEOUT_MS =
(1e4|15e3)`#DEFAULT_PREAUTH_HANDSHAKE_TIMEOUT_MS` = 6e4#g and keep the subsequent
grep validation unchanged.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 3e4ae5aa-2804-4d1a-8090-8ff52d0cdb9e

📥 Commits

Reviewing files that changed from the base of the PR and between 317c4bb and dbd2d65.

📒 Files selected for processing (1)

• Dockerfile

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 26158933201
Target ref: fix/3513-openclaw-plugin-runtime-exdev
Requested jobs: rebuild-openclaw-e2e,cloud-e2e,network-policy-e2e,openclaw-inference-switch-e2e
Summary: 0 passed, 4 failed, 0 skipped

Job	Result
cloud-e2e	❌ failure
network-policy-e2e	❌ failure
openclaw-inference-switch-e2e	❌ failure
rebuild-openclaw-e2e	❌ failure

Failed jobs: cloud-e2e, network-policy-e2e, openclaw-inference-switch-e2e, rebuild-openclaw-e2e. Check run artifacts for logs.

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 26159018921
Target ref: dbd2d65e03c9c0393c6f70ad22e96c15e59dc87c
Workflow ref: main
Requested jobs: cloud-e2e,network-policy-e2e,messaging-compatible-endpoint-e2e,rebuild-openclaw-e2e
Summary: 0 passed, 4 failed, 0 skipped

Job	Result
cloud-e2e	❌ failure
messaging-compatible-endpoint-e2e	❌ failure
network-policy-e2e	❌ failure
rebuild-openclaw-e2e	❌ failure

Failed jobs: cloud-e2e, messaging-compatible-endpoint-e2e, network-policy-e2e, rebuild-openclaw-e2e. Check run artifacts for logs.

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 26159537262
Target ref: fix/3513-openclaw-plugin-runtime-exdev
Requested jobs: rebuild-openclaw-e2e,cloud-e2e,network-policy-e2e,openclaw-inference-switch-e2e
Summary: 2 passed, 2 failed, 0 skipped

Job	Result
cloud-e2e	❌ failure
network-policy-e2e	✅ success
openclaw-inference-switch-e2e	❌ failure
rebuild-openclaw-e2e	✅ success

Failed jobs: cloud-e2e, openclaw-inference-switch-e2e. Check run artifacts for logs.

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 26159746352
Target ref: 799c5972d38763464fac6e9a4b4dfb95c59f4179
Workflow ref: main
Requested jobs: cloud-e2e,messaging-compatible-endpoint-e2e,network-policy-e2e,sandbox-operations-e2e,rebuild-openclaw-e2e,cloud-onboard-e2e
Summary: 3 passed, 3 failed, 0 skipped

Job	Result
cloud-e2e	❌ failure
cloud-onboard-e2e	✅ success
messaging-compatible-endpoint-e2e	❌ failure
network-policy-e2e	✅ success
rebuild-openclaw-e2e	✅ success
sandbox-operations-e2e	❌ failure

Failed jobs: cloud-e2e, messaging-compatible-endpoint-e2e, sandbox-operations-e2e. Check run artifacts for logs.

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 26160605110
Target ref: 83e259c1d96e9f5e754f43fea2eea81e3a797ccf
Workflow ref: main
Requested jobs: cloud-e2e,network-policy-e2e,messaging-providers-e2e,sandbox-operations-e2e,rebuild-openclaw-e2e
Summary: 0 passed, 5 failed, 0 skipped

Job	Result
cloud-e2e	❌ failure
messaging-providers-e2e	❌ failure
network-policy-e2e	❌ failure
rebuild-openclaw-e2e	❌ failure
sandbox-operations-e2e	❌ failure

Failed jobs: cloud-e2e, messaging-providers-e2e, network-policy-e2e, rebuild-openclaw-e2e, sandbox-operations-e2e. Check run artifacts for logs.

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 26161014906
Target ref: 6e9ebb91b9988db029e84a8127e3cc1dfb5b198c
Workflow ref: main
Requested jobs: cloud-onboard-e2e,cloud-inference-e2e,messaging-compatible-endpoint-e2e,network-policy-e2e,rebuild-openclaw-e2e,sandbox-survival-e2e
Summary: 0 passed, 5 failed, 0 skipped

Job	Result
cloud-inference-e2e	❌ failure
cloud-onboard-e2e	⚠️ cancelled
messaging-compatible-endpoint-e2e	❌ failure
network-policy-e2e	❌ failure
rebuild-openclaw-e2e	❌ failure
sandbox-survival-e2e	❌ failure

Failed jobs: cloud-inference-e2e, messaging-compatible-endpoint-e2e, network-policy-e2e, rebuild-openclaw-e2e, sandbox-survival-e2e. Check run artifacts for logs.

[coderabbitai]

🧹 Nitpick comments (1)

Dockerfile (1)

177-229: Run the container E2Es for these baked dist rewrites.

These grep/sed/node checks prove the bundle text changed, not that the patched image still boots and behaves correctly end-to-end. I’d run cloud-e2e, sandbox-survival-e2e, hermes-e2e, and rebuild-openclaw-e2e alongside the EXDEV regression guard before merge.

As per coding guidelines, Dockerfile: This file affects the sandbox container image. Layer ordering, permissions, and baked config changes are only testable with a real container build.

Also applies to: 231-239

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfile` around lines 177 - 229, The review asks to validate the baked
dist rewrites by running full container E2Es rather than relying solely on
textual grep/sed checks; build and run the image produced by this Dockerfile and
execute cloud-e2e, sandbox-survival-e2e, hermes-e2e and rebuild-openclaw-e2e
(and the EXDEV regression guard) against that image to ensure changes around
OC_DIST patches (fg_export, fg_assert), install-safe-path/ipd_file edits, and
the DEFAULT_PREAUTH_HANDSHAKE_TIMEOUT_MS change (hto_files) actually boot and
behave correctly end-to-end before merging.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@Dockerfile`:
- Around line 177-229: The review asks to validate the baked dist rewrites by
running full container E2Es rather than relying solely on textual grep/sed
checks; build and run the image produced by this Dockerfile and execute
cloud-e2e, sandbox-survival-e2e, hermes-e2e and rebuild-openclaw-e2e (and the
EXDEV regression guard) against that image to ensure changes around OC_DIST
patches (fg_export, fg_assert), install-safe-path/ipd_file edits, and the
DEFAULT_PREAUTH_HANDSHAKE_TIMEOUT_MS change (hto_files) actually boot and behave
correctly end-to-end before merging.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: ab2435f5-5a18-4e8b-82a9-72cf3f0bda57

📥 Commits

Reviewing files that changed from the base of the PR and between 799c597 and 55be738.

📒 Files selected for processing (3)

• Dockerfile
• scripts/patch-openclaw-tool-catalog.js
• test/openclaw-tool-catalog-patch.test.ts

💤 Files with no reviewable changes (1)

• test/openclaw-tool-catalog-patch.test.ts

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26161338524
Target ref: 55be738e459c59e9e08322fb5c9a6121c76464d9
Workflow ref: main
Requested jobs: cloud-e2e,network-policy-e2e,kimi-inference-compat-e2e,rebuild-openclaw-e2e
Summary: 0 passed, 0 failed, 0 skipped

Job	Result
cloud-e2e	⚠️ cancelled
kimi-inference-compat-e2e	⚠️ cancelled
network-policy-e2e	⚠️ cancelled
rebuild-openclaw-e2e	⚠️ cancelled

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/e2e-test.sh`:
- Around line 258-259: The test expects restored.wizard.lastRunVersion ===
'2026.3.11' but the fixture /sandbox/.openclaw/openclaw.json and
onboarding/config creation code never define wizard or lastRunVersion, so the
test will fail; fix by either updating the test fixture to include "wizard":
{"lastRunVersion":"2026.3.11"} in the initial JSON or modify the config
initialization/onboarding routine that creates the openclaw.json (the code path
that writes the restored object) to populate restored.wizard.lastRunVersion =
'2026.3.11' (or derive the version constant used by tests) before the file is
saved so restored.wizard.lastRunVersion is present when the e2e test reads it.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 0965cfb1-1c2d-4fb9-80b4-bce80e412629

📥 Commits

Reviewing files that changed from the base of the PR and between 55be738 and f99e8bb.

📒 Files selected for processing (1)

• test/e2e-test.sh

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 26161625841
Target ref: f99e8bbd307e9ebfc18e5cfc6d4967b2307ac574
Workflow ref: main
Requested jobs: rebuild-openclaw-e2e,cloud-e2e,network-policy-e2e,messaging-providers-e2e,sandbox-operations-e2e,openclaw-inference-switch-e2e
Summary: 2 passed, 4 failed, 0 skipped

Job	Result
cloud-e2e	❌ failure
messaging-providers-e2e	❌ failure
network-policy-e2e	✅ success
openclaw-inference-switch-e2e	❌ failure
rebuild-openclaw-e2e	✅ success
sandbox-operations-e2e	❌ failure

Failed jobs: cloud-e2e, messaging-providers-e2e, openclaw-inference-switch-e2e, sandbox-operations-e2e. Check run artifacts for logs.