nemoclaw onboard fails

[auraz]

Agent Diagnostic

This is gold. Someone (Ajeet Raina) did a full Apple Silicon teardown today — same openshell 0.0.7, same onboard flow. Key difference: on his M5 Max, the gateway reported "Gateway is healthy" Ajeet Singh Raina after the same onboard steps. Your M4 Pro gets "Gateway failed to start."
His documented Apple Silicon bugs are different from yours:

inference.local not added to sandbox /etc/hosts on macOS — breaks Ollama local inference Ajeet Singh Raina
Docker Model Runner can't reach through the sandbox's network namespace isolation Ajeet Singh Raina
openclaw gateway --force fails without fuser/lsof in sandbox Ajeet Singh Raina

He didn't hit your TLS issue at all. His gateway came up healthy and he could connect. This suggests your issue might be environment-specific — possibly a macOS version or Docker Desktop version difference, or a timing issue in the onboard sequence where the CLI checks gateway health before TLS is ready.
Your bug is distinct and worth filing separately. For the Discord/GitHub report, I'd reference his working M5 Max setup as contrast and note that your M4 Pro gets the mTLS connection failure despite certs being correctly extracted to ~/.config/openshell/gateways/nemoclaw/mtls/. Include your macOS version and Docker Desktop version — those are likely the differentiating factors.

Description

NemoClaw onboard on macOS (Apple M4 Pro, openshell 0.0.7) — gateway starts successfully but CLI reports "Gateway failed to start" (exit code 2). Root cause: k3s NodePort doesn't passthrough TLS from the pod, so host port 8080 serves plain HTTP while CLI expects HTTPS/mTLS. Also, helm chart health probes use HTTP against the TLS-serving pod, causing constant "TLS handshake EOF" errors. Gateway health endpoint works fine over http://127.0.0.1:8080/health.

Reproduction Steps

nemoclaw onboard

Environment

Apple M4 Pro, openshell 0.0.7

Logs

Agent-First Checklist

• I pointed my agent at the repo and had it investigate this issue
• I loaded relevant skills (e.g., debug-openshell-cluster, debug-inference, openshell-cli)
• My agent could not resolve this — the diagnostic above explains why

[johntmyers]

We will only look at direct openshell issues. Please re-create the issue only with openshell and re-submit if you are able to reproduce. Otherwise this should be opened directly with the nemoclaw team.