fix: skip gateway marker for docker-driver sandboxes

[glenn-agent]

Summary

• keep /tmp/nemoclaw-gateway-local absent for OpenShell Docker-driver sandboxes
• detect Docker-driver mode from OPENSHELL_DRIVERS, including mixed driver lists
• extend the existing gateway marker regression test for [Ubuntu 24.04][Sandbox] Docker-driver HEALTHCHECK always (unhealthy) — marker file always created #4710

Fixes #4710.

Validation

• npm test -- --run test/nemoclaw-start.test.ts -t "gateway healthcheck marker"
• git diff --check
• git verify-commit HEAD

Note: running the full test/nemoclaw-start.test.ts file locally currently fails in unrelated baseline fixture cases because nemoclaw/node_modules/json5 is absent in this checkout; the targeted marker regression passes.

Signed-off-by: Glenn-Agent glenn_agent@163.com

Summary by CodeRabbit

Bug Fixes

• Fixed gateway healthcheck behavior to correctly handle different driver modes, ensuring proper health status detection when running under Docker drivers versus standard configurations.

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[coderabbitai]

Warning

Review limit reached

@cv, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 7 minutes and 12 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 1be72f4d-b8b1-4906-902a-4ef7f97d1072

📥 Commits

Reviewing files that changed from the base of the PR and between 1b6b1b3 and 343ca83.

📒 Files selected for processing (2)

• scripts/nemoclaw-start.sh
• test/nemoclaw-start.test.ts

📝 Walkthrough

Walkthrough

This PR fixes a bug where the /tmp/nemoclaw-gateway-local marker file is unconditionally created in Docker-driver sandboxes, preventing the Docker HEALTHCHECK from correctly detecting that the gateway runs on the host. The fix adds driver detection to gate marker creation, and extends test coverage to validate Docker-driver and mixed-driver execution paths.

Changes

Docker-driver gateway marker fix

Layer / File(s)	Summary
Driver detection and marker gating logic scripts/nemoclaw-start.sh	Detects whether the container runs under an OpenShell docker driver via OPENSHELL_DRIVERS, sets _NEMOCLAW_DOCKER_DRIVER accordingly, and gates marker creation to only proceed when NEMOCLAW_CMD is empty AND the driver is not docker.
Test refactoring and Docker-driver scenario coverage test/nemoclaw-start.test.ts	Refactors runScenario helper to accept optional environment variables, enabling simulation of different OPENSHELL_DRIVERS values; updates test documentation to clarify Docker HEALTHCHECK behavior; adds assertions for docker and mixed docker/vm driver modes verifying marker remains absent in those paths.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• NVIDIA/NemoClaw#4600: Both PRs change scripts/nemoclaw-start.sh's /tmp/nemoclaw-gateway-local marker emission logic, directly affecting Docker HEALTHCHECK behavior tested here.

Suggested labels

fix, Docker, Sandbox, platform: container

Suggested reviewers

• jyaunches
• cv

Poem

🐰 A marker file that knew no bounds,
Now checks the driver, looks around!
When docker drives, the gate stays clear,
The health check shines, the path is clear. 🚀

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly identifies the main fix: preventing the gateway marker from being created in Docker-driver sandboxes, which directly addresses issue #4710.
Linked Issues check	✅ Passed	Changes correctly implement the fix for #4710: detecting Docker-driver mode via OPENSHELL_DRIVERS, gating marker creation accordingly, and extending tests to verify the behavior.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to fixing issue #4710: modifying the marker logic and updating related tests. No unrelated modifications detected.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

scripts/nemoclaw-start.sh (1)

218-221: ⚡ Quick win

Harden docker-driver detection against whitespace/case in OPENSHELL_DRIVERS

scripts/nemoclaw-start.sh uses a raw, case-sensitive match (case ",${OPENSHELL_DRIVERS:-}," in *,docker,*) ...) with no normalization. This repo’s own/tested values are always "docker" or "vm,docker" (no spaces), so the current behavior aligns with in-repo expectations; however, if OPENSHELL_DRIVERS ever comes in as "vm, docker" or "Docker", the match will fail and marker gating could be wrong—normalize (trim, lowercase, remove whitespace) before the case.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/nemoclaw-start.sh` around lines 218 - 221, Normalize
OPENSHELL_DRIVERS before the case match so whitespace and case won’t break
detection: create a normalized var (derived from OPENSHELL_DRIVERS) that is
lowercased and has all whitespace removed or trimmed around commas, then run the
existing case on that normalized value to set _NEMOCLAW_DOCKER_DRIVER; update
the snippet that currently uses case ",${OPENSHELL_DRIVERS:-}," in to reference
the normalized variable and keep the same pattern matching (e.g., look for
",docker,") so both "vm, docker" and "Docker" will be detected correctly.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@scripts/nemoclaw-start.sh`:
- Around line 218-221: Normalize OPENSHELL_DRIVERS before the case match so
whitespace and case won’t break detection: create a normalized var (derived from
OPENSHELL_DRIVERS) that is lowercased and has all whitespace removed or trimmed
around commas, then run the existing case on that normalized value to set
_NEMOCLAW_DOCKER_DRIVER; update the snippet that currently uses case
",${OPENSHELL_DRIVERS:-}," in to reference the normalized variable and keep the
same pattern matching (e.g., look for ",docker,") so both "vm, docker" and
"Docker" will be detected correctly.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 85063e10-623d-4e68-b646-0925e5e317c9

📥 Commits

Reviewing files that changed from the base of the PR and between 17734b1 and 1b6b1b3.

📒 Files selected for processing (2)

• scripts/nemoclaw-start.sh
• test/nemoclaw-start.test.ts

[wscurran]

✨ Thanks for submitting this detailed PR about skipping the gateway marker for Docker-driver sandboxes, which improves the healthcheck behavior in these environments. This proposes a bug fix for the sandbox that affects the gateway marker detection.

---

Related open issues:

• #4710 [Ubuntu 24.04][Sandbox] Docker-driver HEALTHCHECK always (unhealthy) — marker file always created