fix(onboard): ignore policy tier env in interactive mode

[cv]

Summary

Keep the early NEMOCLAW_POLICY_TIER validation scoped to non-interactive onboarding, where the environment variable is actually consumed. Interactive onboarding now ignores an invalid policy-tier env var and continues to its normal interactive prompt/TTY flow.

Changes

• Guard policyTierEnv.validatePolicyTierEnvEarly() with isNonInteractive() in src/lib/onboard.ts.
• Update policy-tier onboarding tests to cover the interactive invalid-env path.
• Keep the existing non-interactive fail-fast behavior for invalid NEMOCLAW_POLICY_TIER.

Type of Change

• Code change (feature, bug fix, or refactor)
• Code change with doc updates
• Doc only (prose changes, no code sample modifications)
• Doc only (includes code sample changes)

Verification

• npx prek run --all-files passes
• npm test passes
• Tests added or updated for new or changed behavior
• No secrets, API keys, or credentials committed
• Docs updated for user-facing behavior changes
• npm run docs builds without warnings (doc changes only)
• Doc pages follow the style guide (doc changes only)
• New doc pages include SPDX header and frontmatter (new pages only)

Targeted checks run:

• npm run build:cli
• npm run typecheck:cli
• npx vitest run test/policy-tiers-onboard.test.ts --testTimeout 60000
• npm run checks
• commit and pre-push hooks

---

Signed-off-by: Carlos Villela cvillela@nvidia.com

Summary by CodeRabbit

• Bug Fixes
  • Modified policy tier validation to execute only in non-interactive mode, improving the interactive onboarding experience.

[coderabbitai]

Too many files changed? Review this PR in Change Stack to see how the pieces fit before you dive in.

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: a76c0455-7642-4b32-b6a8-c6f39717309a

📥 Commits

Reviewing files that changed from the base of the PR and between 9b16a9e and 5b7aa6f.

📒 Files selected for processing (2)

• src/lib/onboard.ts
• test/policy-tiers-onboard.test.ts

---

📝 Walkthrough

Walkthrough

This PR narrows the fail-fast policy tier validation in onboarding to run only in non-interactive mode. The test harness is enhanced to support per-test environment overrides, and a new integration test verifies interactive onboarding with an invalid policy tier fails on TTY requirements rather than policy validation.

Changes

Policy Tier Validation for Interactive Mode

Layer / File(s)	Summary
Policy tier validation guard in onboarding src/lib/onboard.ts	The validatePolicyTierEnvEarly() call is moved behind an if (isNonInteractive()) guard, narrowing the fail-fast contract to non-interactive mode only.
Test harness enhancement and interactive mode integration test test/policy-tiers-onboard.test.ts	The runScript helper accepts per-test environment overrides merged into the spawned process environment. An integration test verifies interactive onboarding with an invalid policy tier fails on TTY requirements and does not surface the "Unknown policy tier" error.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• NVIDIA/NemoClaw#3788: Introduces the early NEMOCLAW_POLICY_TIER fail-fast validation that is now guarded to non-interactive mode in this PR.
• NVIDIA/NemoClaw#4373: Also modifies the onboarding entrypoint flow in src/lib/onboard.ts with additional lifecycle emission logic.

Suggested labels

bug-fix, onboarding, area: cli

Suggested reviewers

• ericksoa
• prekshivyas

Poem

🐰 A policy tier guard takes its stance,
Only when scripts dance, not interactive's prance!
The TTY shall speak first in the night,
While tests now override with all their might.
Onboarding flows smooth—what a delight! 🌙

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly matches the main behavior change: conditionally ignoring policy tier environment validation in interactive mode.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/onboard-policy-tier-interactive-env

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

E2E Advisor Recommendation

Required E2E: None
Optional E2E: None

Workflow run

Full advisor summary

E2E Recommendation Advisor

Failed: Could not parse JSON from advisor output; see /home/runner/work/NemoClaw/NemoClaw/artifacts/e2e-advisor/e2e-advisor-raw-output.txt

[github-actions]

E2E Scenario Advisor Recommendation

Required scenario E2E: None
Optional scenario E2E: None

Workflow run

Full scenario advisor summary

E2E Scenario Advisor

Failed: Could not parse JSON from advisor output; see /home/runner/work/NemoClaw/NemoClaw/artifacts/e2e-advisor/e2e-scenario-advisor-raw-output.txt

[github-actions]

PR Review Advisor

Findings: 0 needs attention, 1 worth checking, 0 nice ideas
Top item: PR review advisor unavailable

Review findings

🛠️ Needs attention

• None.

🔎 Worth checking

• PR review advisor unavailable: The automated advisor could not complete: Could not parse JSON from PR review advisor output; see /home/runner/work/NemoClaw/NemoClaw/artifacts/pr-review-advisor/pr-review-advisor-raw-output.txt
  • Recommendation: Re-run the PR Review Advisor or perform a manual review.
  • Evidence: Could not parse JSON from PR review advisor output; see /home/runner/work/NemoClaw/NemoClaw/artifacts/pr-review-advisor/pr-review-advisor-raw-output.txt

🌱 Nice ideas

• None.

Consider writing more tests for

• **Runtime validation** — Add or identify targeted runtime/integration validation for the changed behavior; do not report external E2E job pass/fail here.. Runtime/sandbox/infrastructure paths need behavioral runtime validation: src/lib/onboard.ts.

Workflow run details

This is an automated advisory review. A human maintainer must make the final merge decision.

[cjagwani]

Lgtm

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 27037524148
Target ref: cb1e67fa32dda652d855ebd02975f1ca9328f526
Workflow ref: main
Requested jobs: onboard-negative-paths-e2e,network-policy-e2e
Summary: 2 passed, 0 failed, 0 skipped

Job	Result
network-policy-e2e	✅ success
onboard-negative-paths-e2e	✅ success

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 27039594385
Target ref: 5b7aa6fba4b8135f41016f677a3bc7bb2a59996f
Workflow ref: main
Requested jobs: onboard-negative-paths-e2e
Summary: 1 passed, 0 failed, 0 skipped

Job	Result
onboard-negative-paths-e2e	✅ success