chore: remove remaining navigator and nemoclaw references

.gitattributes

@@ -7,4 +7,4 @@ python/openshell/_proto/*_pb2_grpc.py linguist-generated
 python/openshell/_proto/*_pb2.pyi linguist-generated
 
 # Generated Rust protobuf code (excludes hand-written mod.rs)
-crates/navigator-core/src/proto/navigator.*.rs linguist-generated
+crates/openshell-core/src/proto/openshell.*.rs linguist-generated

architecture/sandbox-providers.md

@@ -274,7 +274,7 @@ for (key, value) in provider_env {
 
 This uses `tokio::process::Command`. The `.env()` call adds each variable to the child's
 inherited environment without clearing it. The spawn path also explicitly removes
-`NEMOCLAW_SSH_HANDSHAKE_SECRET` so the handshake secret does not leak into the agent
+`OPENSHELL_SSH_HANDSHAKE_SECRET` so the handshake secret does not leak into the agent
 entrypoint process.
 
 After provider env vars, proxy env vars (`HTTP_PROXY`, `HTTPS_PROXY`, `ALL_PROXY`,
@@ -370,7 +370,7 @@ Providers are stored with `object_type = "provider"` in the shared object store.
   provider store and are fetched at runtime by the sandbox supervisor.
 - Child processes never receive the raw provider secret values; they only receive
   placeholders, and the supervisor resolves those placeholders during outbound proxying.
-- `NEMOCLAW_SSH_HANDSHAKE_SECRET` is required by the supervisor/SSH server path but is
+- `OPENSHELL_SSH_HANDSHAKE_SECRET` is required by the supervisor/SSH server path but is
   explicitly kept out of spawned sandbox child-process environments.
 
 ## Test Strategy

crates/openshell-sandbox/src/process.rs

@@ -22,7 +22,7 @@ use std::process::Stdio;
 use tokio::process::{Child, Command};
 use tracing::{debug, warn};
 
-const SSH_HANDSHAKE_SECRET_ENV: &str = "NEMOCLAW_SSH_HANDSHAKE_SECRET";
+const SSH_HANDSHAKE_SECRET_ENV: &str = "OPENSHELL_SSH_HANDSHAKE_SECRET";
 
 fn inject_provider_env(cmd: &mut Command, provider_env: &HashMap<String, String>) {
     for (key, value) in provider_env {

crates/openshell-sandbox/src/ssh.rs

@@ -30,7 +30,7 @@ use tracing::{info, warn};
 
 const PREFACE_MAGIC: &str = "NSSH1";
 #[cfg(test)]
-const SSH_HANDSHAKE_SECRET_ENV: &str = "NEMOCLAW_SSH_HANDSHAKE_SECRET";
+const SSH_HANDSHAKE_SECRET_ENV: &str = "OPENSHELL_SSH_HANDSHAKE_SECRET";
 
 /// A time-bounded set of nonces used to detect replayed NSSH1 handshakes.
 /// Each entry records the `Instant` it was inserted; a background reaper task

e2e/python/test_sandbox_providers.py

@@ -194,7 +194,7 @@ def test_ssh_handshake_secret_not_visible_in_exec_environment(
     def read_handshake_secret() -> str:
         import os
 
-        return os.environ.get("NEMOCLAW_SSH_HANDSHAKE_SECRET", "NOT_SET")
+        return os.environ.get("OPENSHELL_SSH_HANDSHAKE_SECRET", "NOT_SET")
 
     with sandbox(delete_on_exit=True) as sb:
         result = sb.exec_python(read_handshake_secret)