fix(installer): start fresh when onboarding interrupted before sandbox creation#5641
Conversation
…x creation install.sh auto-attaches --resume to any in_progress onboarding session. When a previous run was interrupted before sandbox creation completed, the session has no sandbox name recorded, so the curl|bash flow dead-ended at the CLI's non-interactive resume guard (#2753) with exit 1 and no recovery path. Refine the install.sh session classifier: an in_progress session is only auto-resumed once a sandbox actually exists to resume into (sandboxName recorded or the sandbox step completed). A session interrupted before sandbox creation is classified 'fresh-recover' and onboarded with --fresh instead. This fixes the dead-end at its source and leaves the CLI #2753 guard intact: an explicit 'nemoclaw onboard --resume' with no name still refuses. Fixes #5626 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Signed-off-by: Jason Ma <jama@nvidia.com>
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughThe onboard session classifier in Changesfresh-recover session classification
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Possibly related issues
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
Code Coverage OverviewLanguages: TypeScript TypeScript / code-coverage/pluginThe overall coverage in the branch is 96%. Coverage data for the branch is not yet available. Show a code coverage summary of the most covered files.
TypeScript / code-coverage/cliThe overall coverage in the branch is 46%. Coverage data for the branch is not yet available. Show a code coverage summary of the most covered files.
Updated |
…elper The codebase-growth-guardrails check forbids adding if-statements in changed test files. Always write the session fixture and assert the shell exit via expect() instead of guarding with if-statements. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Signed-off-by: Jason Ma <jama@nvidia.com>
PR Review Advisor — No blocking findingsMerge posture: No blocking advisor findings Action checklist
Test follow-ups to resolve or justifyIf these cover changed behavior, prefer adding them in this PR; otherwise state why existing coverage is enough or link the follow-up.
This is an automated, non-binding review; it still expects maintainers and agents to respond to each required or warning item. Treat suggestions as current-PR improvements when they touch changed code; defer only with maintainer rationale or a linked follow-up. A human maintainer must make the final merge decision. |
E2E Advisor RecommendationRequired E2E: Dispatch hint: Full advisor summaryE2E Recommendation AdvisorBase: Required E2E
Optional E2E
New E2E recommendations
Dispatch hint
|
Vitest E2E Scenario RecommendationRequired Vitest E2E scenarios: Dispatch required Vitest E2E scenarios:
Full Vitest E2E advisor summaryVitest E2E Scenario AdvisorBase: Required Vitest E2E scenarios
Optional Vitest E2E scenarios
Relevant changed files
|
…ed session The classifier now only auto-resumes an in_progress session once a sandbox exists to resume into. Update the auto-resume integration test fixture to a genuinely resumable session (sandboxName + completed sandbox step) so it still exercises the --resume path; the pre-sandbox fresh-recover path is covered by test/install-onboard-yes.test.ts. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Signed-off-by: Jason Ma <jama@nvidia.com>
Use a single-line resumable fixture (sandboxName alone marks the sandbox as created) and drop the added comment so test/install-preflight.test.ts stays at its 4207-line legacy budget. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Signed-off-by: Jason Ma <jama@nvidia.com>
|
✨ Thanks for refining the installer's session classifier to only emit resume when a sandbox actually exists to resume into. This proposes a way to classify pre-sandbox-creation interruptions as fresh-recover so the curl|bash flow starts onboarding cleanly instead of hitting the non-interactive resume guard. Related open issues: |
Signed-off-by: Carlos Villela <cvillela@nvidia.com>
prekshivyas
left a comment
There was a problem hiding this comment.
Reproduced the bug and verified the fix on a fresh x86_64 Brev instance (n2d-standard-2). The session classifier logic is pure bash/node so it reproduces identically across architectures.
Reproduction (v0.0.67 classifier)
Created ~/.nemoclaw/onboard-session.json with in_progress status, sandboxName: null, steps.sandbox.status: "pending" — the exact state from issue #5720. The pre-fix classifier returns resume, which dead-ends at the CLI non-interactive resume guard with exit 1 and no recovery path. ✓ bug confirmed.
Fix verification
| Session state | v0.0.67 | This PR |
|---|---|---|
in_progress, no sandboxName, sandbox pending |
resume ❌ |
fresh-recover ✓ |
in_progress, sandboxName set, sandbox complete |
resume ✓ |
resume ✓ |
The sandboxCreated gate (sandboxName non-empty string and steps.sandbox.status === "complete") correctly partitions the two cases. Legitimate resume sessions keep --resume; pre-sandbox-creation sessions get --fresh instead of dead-ending.
Code review notes
- The
sandboxCreatedcheck requires both fields to be present — guards against partially-written session files where one field exists without the other (covered by theit.eachtest cases for the split conditions). install-preflight.test.tsupdate (addingsandboxName/steps.sandbox.completeto the existing fixture) is correct — that test exercises the resume path, so the fixture should satisfysandboxCreated.- All CI green including
installer-integration.
LGTM.
prekshivyas
left a comment
There was a problem hiding this comment.
Verified via live Brev reproduction — LGTM.
<!-- markdownlint-disable MD041 --> ## Summary Refreshes the v0.0.68 docs with release notes, Microsoft Teams messaging guidance, and generated support-matrix coverage. Also corrects the Hermes generated command reference so `sessions export` examples match Hermes-only behavior while keeping the shared command heading compatible with CLI parity checks. ## Changes - #5585 -> `docs/manage-sandboxes/messaging-channels.mdx`, `docs/reference/platform-support.mdx`: Documents experimental Microsoft Teams channel setup, Bot Framework credentials, webhook forwarding, local `MSTEAMS_PORT` conflicts, and the generated integration support row. - #5526 -> `docs/reference/commands.mdx`, `docs/reference/commands-nemohermes.mdx`: Keeps Hermes `sessions export` examples on the supported single-JSONL export path while preserving the canonical shared CLI heading. - #5044 -> `docs/about/release-notes.mdx`: Adds v0.0.68 release-note coverage for installer onboarding failure propagation. - #5641 -> `docs/about/release-notes.mdx`: Adds v0.0.68 release-note coverage for fresh recovery after pre-sandbox installer interruption. - #5673 -> `docs/about/release-notes.mdx`: Adds v0.0.68 release-note coverage for explicit deny-all messaging manifests. - #5743 -> `docs/about/release-notes.mdx`: Adds v0.0.68 release-note coverage for unsupported-agent channel-add rejection. - #5252 -> `docs/about/release-notes.mdx`: Adds v0.0.68 release-note coverage for Hermes `gateway-token` dashboard guidance. - #5659 -> `docs/about/release-notes.mdx`: Adds v0.0.68 release-note coverage for local OpenClaw `agent` wrapper help. - #5661 -> `docs/about/release-notes.mdx`: Adds v0.0.68 release-note coverage for default extra-agent paths. - #5669 -> `docs/about/release-notes.mdx`: Adds v0.0.68 release-note coverage for Deep Agents Code branding. - #5672 -> `docs/about/release-notes.mdx`: Adds v0.0.68 release-note coverage for hosted-compatible default model ID preservation. - #5725 -> `docs/about/release-notes.mdx`: Adds v0.0.68 release-note coverage for Deep Agents Code sandbox liveness. - #5644 -> `docs/about/release-notes.mdx`: Adds v0.0.68 release-note coverage for DGX Spark managed-vLLM express install defaults. - #5712 -> `docs/about/release-notes.mdx`, `docs/reference/platform-support.mdx`: Adds v0.0.68 release-note coverage for the canonical support matrix and updates the matrix source with Teams. ## Type of Change - [ ] Code change (feature, bug fix, or refactor) - [ ] Code change with doc updates - [ ] Doc only (prose changes, no code sample modifications) - [x] Doc only (includes code sample changes) ## Quality Gates <!-- Check all that apply. For any "covered by existing tests", "not applicable", or waiver entry, add a brief justification on the same line or in the Changes section. --> - [ ] Tests added or updated for changed behavior - [ ] Existing tests cover changed behavior — justification: - [x] Tests not applicable — justification: docs-only release refresh; no runtime code changed. - [x] Docs updated for user-facing behavior changes - [ ] Docs not applicable — justification: - [ ] Sensitive paths changed (security, policy, credentials, preflight, onboarding, inference, runner, sandbox, or messaging) - [ ] Sensitive-path review completed or maintainer-approved waiver recorded — reviewer/approval link/justification: - [ ] Non-success, skipped, or missing CI check accepted by maintainer — check name, approval link, and follow-up issue: ## Verification <!-- Check each item you ran and confirmed. Leave unchecked items you skipped. Doc-only changes do not require npm test unless you ran it. --> - [x] PR description includes the DCO sign-off declaration and every commit appears as `Verified` in GitHub - [x] Git hooks passed during commit and push, or `npx prek run --from-ref main --to-ref HEAD` passes - [ ] Targeted tests pass for changed behavior - [ ] Full `npm test` passes (broad runtime changes only) - [x] Quality Gates section completed with required justifications or waivers - [x] No secrets, API keys, or credentials committed - [ ] `npm run docs` builds without warnings (doc changes only) — `npm run docs` passed with 0 errors; Fern reported the existing light-mode accent contrast warning. - [x] Doc pages follow the [style guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md) (doc changes only) - [ ] New doc pages include SPDX header and frontmatter (new pages only) Additional verification: - `python3 scripts/generate-platform-docs.py --check` passed. - `npm run docs:sync-agent-variants` passed. - `bash test/e2e/e2e-cloud-experimental/check-docs.sh --only-cli` passed. - `npm run docs` passed with 0 errors and one Fern theme warning: light-mode accent contrast ratio is 2.41:1 and should be at least 3:1. - `npm run build:cli` refreshed local untracked `dist/` artifacts after rebase; no tracked files changed. - `npm run typecheck:cli` passed. - Normal commit and push hooks passed after the local CLI rebuild. --- <!-- DCO sign-off is required in this PR description, and every commit must appear as Verified in GitHub. Run: git config user.name && git config user.email --> Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added **Microsoft Teams** as an experimental messaging channel, including manifest-first onboarding, local port routing/conflict handling, sandbox delivery controls, and policy preset support. * **Documentation** * Expanded messaging-channel setup for Teams (prerequisites, credential/webhook setup, wizard flow, and add/remove commands). * Updated reference docs for **agent-specific** session export examples (OpenClaw vs Hermes). * Refreshed platform support guidance and added the latest release-notes entry. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
Addresses the actionable findings from the 2026-06-19 doc-validate run across 11 guide pages. Closes #5630 Refs #5631 Closes #5632 Closes #5633 Closes #5634 Closes #5635 Closes #5636 Closes #5637 Closes #5638 Closes #5639 Closes #5640 | Issue | Page | Fix | |-------|------|-----| | #5630 | manage-sandboxes/lifecycle | bump stale NEMOCLAW_INSTALL_TAG example v0.0.63 → v0.0.65 | | #5631 | get-started/quickstart | self-contained non-interactive install (provider/key/sandbox name); consistent sandbox name | | #5632 | inference/set-up-sub-agent | guidance for non-Omni sub-agent configs (auth-profiles upload already documented) | | #5633 | inference/switch-inference-providers | show `credentials list` to discover provider names before switching | | #5634 | network-policy/integration-policy-examples | note `policy-add` is non-idempotent; remove before re-applying | | #5635 | inference/inference-options | state vLLM install + running-server prerequisites | | #5636 | inference/use-local-inference | add `--yes-i-accept-third-party-software` to non-interactive Ollama; add `docker network inspect` subnet discovery | | #5637 | reference/troubleshooting | nvm/Docker prerequisites note; make CA-bundle grep non-zero-safe (`|| true`) | | #5638 | deployment/sandbox-hardening | explain `nemoclaw-sandbox` image placeholder; Landlock verify expected output/fallback | | #5639 | manage-sandboxes/messaging-channels | quote angle-bracket credential placeholders | | #5640 | monitoring/monitor-sandbox-activity | correct legacy `sandbox exec` → `<name> exec --`; placeholder names; context-overflow `/reset` remediation | #5631 is referenced rather than closed: this PR fixes the quickstart docs (the non-interactive block now lists the required provider/key/sandbox-name vars, and the `connect` example uses a consistent sandbox name). The exit-1 failure in item 1 is an installer bug, root-caused in #5626 with the fix in flight at #5641, and item 2's name consistency is also covered by #5723. #5631 should close once those land, not on this docs PR. Not changed (with rationale): - The recurring "`$$nemoclaw` breaks copy-paste" finding (#5630, #5634, #5635, #5636, #5639, #5640): `$$nemoclaw` is the intentional `CLI_SENTINEL` replaced at build time by scripts/sync-agent-variant-docs.ts (and required on shared nav pages by `assertNoUnsharedPlaceholders`). It renders as `nemoclaw`/`nemohermes` in published docs, so it is correct as-is; the validator scanned raw MDX rather than rendered output. - #5637 "v0.0.43" string: kept — it is a historical "starting with version X" statement, not a stale version. - Some findings (#5636 hermes tool-calling-reliability link, #5639 hermes deploy link and backtick) are already resolved in current source (links are `AgentOnly variant="openclaw"` gated; backticks balanced). Signed-off-by: Abhimanyu Kumar <abhimanyukumar7290@gmail.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Strengthened sandbox hardening guidance with clearer runtime capability-dropping instructions and more explicit Landlock detection/fallback behavior. * Refreshed quickstart and installer/CLI examples, including corrected sandbox naming and a more reliable non-interactive install flow. * Updated inference setup materials (vLLM sequencing, endpoint readiness, provider discovery/selection, and streamlined sub-agent JSON editing). * Improved local inference, sandbox lifecycle install tag, monitoring command examples, and added context-reset troubleshooting. * Enhanced messaging/network-policy/troubleshooting snippets with safer quoting and more resilient command behavior. <!-- end of auto-generated comment: release notes by coderabbit.ai --> Signed-off-by: Abhimanyu Kumar <abhimanyukumar7290@gmail.com>
…x creation (NVIDIA#5641) ## Summary `install.sh` auto-attaches `--resume` to any `in_progress` onboarding session. When a previous run was interrupted before sandbox creation completed, the session has no sandbox name recorded, so the `curl|bash` flow dead-ended at the CLI's non-interactive resume guard (NVIDIA#2753) with exit 1 and no recovery path. This refines the installer's session classifier so a pre-sandbox-creation session is started fresh instead of force-resumed. ## Related Issue Fixes NVIDIA#5626 ## Changes - `scripts/install.sh`: the session classifier now only emits `resume` for an `in_progress` session once a sandbox actually exists to resume into (a `sandboxName` is recorded, or the sandbox step completed). A session interrupted before sandbox creation is classified `fresh-recover` and onboarded with `--fresh`. The CLI `--resume` guard from NVIDIA#2753 is untouched, so an explicit `nemoclaw onboard --resume` with no name still refuses. - `test/install-onboard-yes.test.ts`: added classifier coverage — pre-sandbox-creation session forwards `--fresh` (not `--resume`); a session with a created sandbox still forwards `--resume`; a completed session forwards neither. ## Type of Change - [x] Code change (feature, bug fix, or refactor) - [ ] Code change with doc updates - [ ] Doc only (prose changes, no code sample modifications) - [ ] Doc only (includes code sample changes) ## Verification <!-- Check each item you ran and confirmed. Leave unchecked items you skipped. Doc-only changes do not require npm test unless you ran it. --> - [x] PR description includes the DCO sign-off declaration and every commit appears as `Verified` in GitHub - [x] Git hooks passed during commit and push, or `npx prek run --from-ref main --to-ref HEAD` passes - [x] Targeted tests pass for changed behavior - [ ] Full `npm test` passes (broad runtime changes only) - [x] Tests added or updated for new or changed behavior - [x] No secrets, API keys, or credentials committed - [ ] Docs updated for user-facing behavior changes - [ ] `npm run docs` builds without warnings (doc changes only) - [ ] Doc pages follow the [style guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md) (doc changes only) - [ ] New doc pages include SPDX header and frontmatter (new pages only) --- <!-- DCO sign-off required by CI. Run: git config user.name && git config user.email --> Signed-off-by: Jason Ma <jama@nvidia.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Improved onboarding interruption recovery by correctly detecting whether a sandbox was created, then selecting the right onboarding mode automatically. * Interrupted onboarding sessions without an existing sandbox now start with `--fresh` (instead of attempting `--resume`), while sessions with a completed sandbox continue with `--resume`. * **Tests** * Added coverage to confirm the installer forwards `--fresh` vs `--resume` according to session state and sandbox step status. * Updated the interrupted-onboarding preflight fixture to include `sandboxName` for more accurate detection. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Signed-off-by: Jason Ma <jama@nvidia.com> Signed-off-by: Carlos Villela <cvillela@nvidia.com> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Co-authored-by: Carlos Villela <cvillela@nvidia.com>
<!-- markdownlint-disable MD041 --> ## Summary Refreshes the v0.0.68 docs with release notes, Microsoft Teams messaging guidance, and generated support-matrix coverage. Also corrects the Hermes generated command reference so `sessions export` examples match Hermes-only behavior while keeping the shared command heading compatible with CLI parity checks. ## Changes - NVIDIA#5585 -> `docs/manage-sandboxes/messaging-channels.mdx`, `docs/reference/platform-support.mdx`: Documents experimental Microsoft Teams channel setup, Bot Framework credentials, webhook forwarding, local `MSTEAMS_PORT` conflicts, and the generated integration support row. - NVIDIA#5526 -> `docs/reference/commands.mdx`, `docs/reference/commands-nemohermes.mdx`: Keeps Hermes `sessions export` examples on the supported single-JSONL export path while preserving the canonical shared CLI heading. - NVIDIA#5044 -> `docs/about/release-notes.mdx`: Adds v0.0.68 release-note coverage for installer onboarding failure propagation. - NVIDIA#5641 -> `docs/about/release-notes.mdx`: Adds v0.0.68 release-note coverage for fresh recovery after pre-sandbox installer interruption. - NVIDIA#5673 -> `docs/about/release-notes.mdx`: Adds v0.0.68 release-note coverage for explicit deny-all messaging manifests. - NVIDIA#5743 -> `docs/about/release-notes.mdx`: Adds v0.0.68 release-note coverage for unsupported-agent channel-add rejection. - NVIDIA#5252 -> `docs/about/release-notes.mdx`: Adds v0.0.68 release-note coverage for Hermes `gateway-token` dashboard guidance. - NVIDIA#5659 -> `docs/about/release-notes.mdx`: Adds v0.0.68 release-note coverage for local OpenClaw `agent` wrapper help. - NVIDIA#5661 -> `docs/about/release-notes.mdx`: Adds v0.0.68 release-note coverage for default extra-agent paths. - NVIDIA#5669 -> `docs/about/release-notes.mdx`: Adds v0.0.68 release-note coverage for Deep Agents Code branding. - NVIDIA#5672 -> `docs/about/release-notes.mdx`: Adds v0.0.68 release-note coverage for hosted-compatible default model ID preservation. - NVIDIA#5725 -> `docs/about/release-notes.mdx`: Adds v0.0.68 release-note coverage for Deep Agents Code sandbox liveness. - NVIDIA#5644 -> `docs/about/release-notes.mdx`: Adds v0.0.68 release-note coverage for DGX Spark managed-vLLM express install defaults. - NVIDIA#5712 -> `docs/about/release-notes.mdx`, `docs/reference/platform-support.mdx`: Adds v0.0.68 release-note coverage for the canonical support matrix and updates the matrix source with Teams. ## Type of Change - [ ] Code change (feature, bug fix, or refactor) - [ ] Code change with doc updates - [ ] Doc only (prose changes, no code sample modifications) - [x] Doc only (includes code sample changes) ## Quality Gates <!-- Check all that apply. For any "covered by existing tests", "not applicable", or waiver entry, add a brief justification on the same line or in the Changes section. --> - [ ] Tests added or updated for changed behavior - [ ] Existing tests cover changed behavior — justification: - [x] Tests not applicable — justification: docs-only release refresh; no runtime code changed. - [x] Docs updated for user-facing behavior changes - [ ] Docs not applicable — justification: - [ ] Sensitive paths changed (security, policy, credentials, preflight, onboarding, inference, runner, sandbox, or messaging) - [ ] Sensitive-path review completed or maintainer-approved waiver recorded — reviewer/approval link/justification: - [ ] Non-success, skipped, or missing CI check accepted by maintainer — check name, approval link, and follow-up issue: ## Verification <!-- Check each item you ran and confirmed. Leave unchecked items you skipped. Doc-only changes do not require npm test unless you ran it. --> - [x] PR description includes the DCO sign-off declaration and every commit appears as `Verified` in GitHub - [x] Git hooks passed during commit and push, or `npx prek run --from-ref main --to-ref HEAD` passes - [ ] Targeted tests pass for changed behavior - [ ] Full `npm test` passes (broad runtime changes only) - [x] Quality Gates section completed with required justifications or waivers - [x] No secrets, API keys, or credentials committed - [ ] `npm run docs` builds without warnings (doc changes only) — `npm run docs` passed with 0 errors; Fern reported the existing light-mode accent contrast warning. - [x] Doc pages follow the [style guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md) (doc changes only) - [ ] New doc pages include SPDX header and frontmatter (new pages only) Additional verification: - `python3 scripts/generate-platform-docs.py --check` passed. - `npm run docs:sync-agent-variants` passed. - `bash test/e2e/e2e-cloud-experimental/check-docs.sh --only-cli` passed. - `npm run docs` passed with 0 errors and one Fern theme warning: light-mode accent contrast ratio is 2.41:1 and should be at least 3:1. - `npm run build:cli` refreshed local untracked `dist/` artifacts after rebase; no tracked files changed. - `npm run typecheck:cli` passed. - Normal commit and push hooks passed after the local CLI rebuild. --- <!-- DCO sign-off is required in this PR description, and every commit must appear as Verified in GitHub. Run: git config user.name && git config user.email --> Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added **Microsoft Teams** as an experimental messaging channel, including manifest-first onboarding, local port routing/conflict handling, sandbox delivery controls, and policy preset support. * **Documentation** * Expanded messaging-channel setup for Teams (prerequisites, credential/webhook setup, wizard flow, and add/remove commands). * Updated reference docs for **agent-specific** session export examples (OpenClaw vs Hermes). * Refreshed platform support guidance and added the latest release-notes entry. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
…A#5640) (NVIDIA#5645) Addresses the actionable findings from the 2026-06-19 doc-validate run across 11 guide pages. Closes NVIDIA#5630 Refs NVIDIA#5631 Closes NVIDIA#5632 Closes NVIDIA#5633 Closes NVIDIA#5634 Closes NVIDIA#5635 Closes NVIDIA#5636 Closes NVIDIA#5637 Closes NVIDIA#5638 Closes NVIDIA#5639 Closes NVIDIA#5640 | Issue | Page | Fix | |-------|------|-----| | NVIDIA#5630 | manage-sandboxes/lifecycle | bump stale NEMOCLAW_INSTALL_TAG example v0.0.63 → v0.0.65 | | NVIDIA#5631 | get-started/quickstart | self-contained non-interactive install (provider/key/sandbox name); consistent sandbox name | | NVIDIA#5632 | inference/set-up-sub-agent | guidance for non-Omni sub-agent configs (auth-profiles upload already documented) | | NVIDIA#5633 | inference/switch-inference-providers | show `credentials list` to discover provider names before switching | | NVIDIA#5634 | network-policy/integration-policy-examples | note `policy-add` is non-idempotent; remove before re-applying | | NVIDIA#5635 | inference/inference-options | state vLLM install + running-server prerequisites | | NVIDIA#5636 | inference/use-local-inference | add `--yes-i-accept-third-party-software` to non-interactive Ollama; add `docker network inspect` subnet discovery | | NVIDIA#5637 | reference/troubleshooting | nvm/Docker prerequisites note; make CA-bundle grep non-zero-safe (`|| true`) | | NVIDIA#5638 | deployment/sandbox-hardening | explain `nemoclaw-sandbox` image placeholder; Landlock verify expected output/fallback | | NVIDIA#5639 | manage-sandboxes/messaging-channels | quote angle-bracket credential placeholders | | NVIDIA#5640 | monitoring/monitor-sandbox-activity | correct legacy `sandbox exec` → `<name> exec --`; placeholder names; context-overflow `/reset` remediation | NVIDIA#5631 is referenced rather than closed: this PR fixes the quickstart docs (the non-interactive block now lists the required provider/key/sandbox-name vars, and the `connect` example uses a consistent sandbox name). The exit-1 failure in item 1 is an installer bug, root-caused in NVIDIA#5626 with the fix in flight at NVIDIA#5641, and item 2's name consistency is also covered by NVIDIA#5723. NVIDIA#5631 should close once those land, not on this docs PR. Not changed (with rationale): - The recurring "`$$nemoclaw` breaks copy-paste" finding (NVIDIA#5630, NVIDIA#5634, NVIDIA#5635, NVIDIA#5636, NVIDIA#5639, NVIDIA#5640): `$$nemoclaw` is the intentional `CLI_SENTINEL` replaced at build time by scripts/sync-agent-variant-docs.ts (and required on shared nav pages by `assertNoUnsharedPlaceholders`). It renders as `nemoclaw`/`nemohermes` in published docs, so it is correct as-is; the validator scanned raw MDX rather than rendered output. - NVIDIA#5637 "v0.0.43" string: kept — it is a historical "starting with version X" statement, not a stale version. - Some findings (NVIDIA#5636 hermes tool-calling-reliability link, NVIDIA#5639 hermes deploy link and backtick) are already resolved in current source (links are `AgentOnly variant="openclaw"` gated; backticks balanced). Signed-off-by: Abhimanyu Kumar <abhimanyukumar7290@gmail.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Strengthened sandbox hardening guidance with clearer runtime capability-dropping instructions and more explicit Landlock detection/fallback behavior. * Refreshed quickstart and installer/CLI examples, including corrected sandbox naming and a more reliable non-interactive install flow. * Updated inference setup materials (vLLM sequencing, endpoint readiness, provider discovery/selection, and streamlined sub-agent JSON editing). * Improved local inference, sandbox lifecycle install tag, monitoring command examples, and added context-reset troubleshooting. * Enhanced messaging/network-policy/troubleshooting snippets with safer quoting and more resilient command behavior. <!-- end of auto-generated comment: release notes by coderabbit.ai --> Signed-off-by: Abhimanyu Kumar <abhimanyukumar7290@gmail.com>
Summary
install.shauto-attaches--resumeto anyin_progressonboarding session. When a previous run was interrupted before sandbox creation completed, the session has no sandbox name recorded, so thecurl|bashflow dead-ended at the CLI's non-interactive resume guard (#2753) with exit 1 and no recovery path. This refines the installer's session classifier so a pre-sandbox-creation session is started fresh instead of force-resumed.Related Issue
Fixes #5626
Changes
scripts/install.sh: the session classifier now only emitsresumefor anin_progresssession once a sandbox actually exists to resume into (asandboxNameis recorded, or the sandbox step completed). A session interrupted before sandbox creation is classifiedfresh-recoverand onboarded with--fresh. The CLI--resumeguard from [Ubuntu 24.10][Onboard] sandbox name written to onboard-session.json before creation — nemoclaw list shows phantom entry after SIGINT #2753 is untouched, so an explicitnemoclaw onboard --resumewith no name still refuses.test/install-onboard-yes.test.ts: added classifier coverage — pre-sandbox-creation session forwards--fresh(not--resume); a session with a created sandbox still forwards--resume; a completed session forwards neither.Type of Change
Verification
Verifiedin GitHubnpx prek run --from-ref main --to-ref HEADpassesnpm testpasses (broad runtime changes only)npm run docsbuilds without warnings (doc changes only)Signed-off-by: Jason Ma jama@nvidia.com
Summary by CodeRabbit
Bug Fixes
--fresh(instead of attempting--resume), while sessions with a completed sandbox continue with--resume.Tests
--freshvs--resumeaccording to session state and sandbox step status.sandboxNamefor more accurate detection.