[All Platforms][Onboard][Regression] Fresh onboard leaks unselected 'discord' policy preset onto gateway — CLI reports "● discord (active on gateway, missing from local state)" even though user skipp

[zNeill]

Description

[Issue Summary]

During nemoclaw onboard, the user explicitly skipped step [5/8] Messaging channels (no channels selected) and, in step [8/8] Policy presets, did not tick discord — the Balanced-tier defaults only pre-checked npm, pypi, huggingface, brew, brave. Onboard logged that only those 5 presets were applied. After onboard completes, nemoclaw policy-list reports seven active presets including discord, with the CLI itself annotating the entry as (active on gateway, missing from local state). The gateway has a Discord egress policy the user never approved.

[Environment]

Device:        WSL2 VM on Windows 11 x86_64 (hostname 2u1g-x570-1865), 64 GB RAM + 16 GB swap, no GPU
OS:            Windows 11 build 10.0.28000.1836; WSL2 distro Ubuntu 24.04.4 LTS (Noble Numbat), kernel 6.6.87.2-microsoft-standard-WSL2
Architecture:  x86_64
Node.js:       v22.22.2 (installed via nvm by the NemoClaw installer)
npm:           10.9.7
Docker:        Docker CE 29.4.1 (from get.docker.com)
OpenShell CLI: openshell 0.0.26
NemoClaw:      v0.0.21 (installed via `curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash` from GitHub latest)
OpenClaw:      2026.4.2 (d74a122)

 [Steps to Reproduce]

1. Fresh install NemoClaw: curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash

2. 
   Complete the onboarding wizard with the following inputs:
   • [3/8] Inference: 1 (NVIDIA Endpoints) + valid API key + model 1 (Nemotron 3 Super 120B)
   • [4/8] Brave Web Search: N
   • [5/8] Messaging channels: press Enter without toggling any channel — wizard prints Skipping messaging channels.
   • [6/8] Sandbox name: sec
   • [8/8] Policy tier: leave as Balanced (default). Do not toggle any preset. Press Enter to confirm.
3. Observe the step [8/8] output — it applies exactly 5 presets (npm, pypi, huggingface, brew, brave) across policy versions 3→7. Discord is not in the applied list.
4. After onboard completes, run: nemoclaw list
5. Then run: nemoclaw sec policy-list

[Expected Behavior]

Since the user did not select Discord in [5/8] messaging channels and did not tick the Discord preset in [8/8] policy presets, the Discord policy should be ○ (not applied) in both the CLI view and the gateway view. Egress to *.discord.com, discord.com, cdn.discordapp.com, Discord gateway endpoints should be blocked.

The expected policy-list output:

Policy presets for sandbox 'sec':
  ● brave
  ● brew
  ○ discord       ← not active
  ○ github
  ● huggingface
  ○ jira
  ○ local-inference
  ● npm
  ○ outlook
  ● pypi
  ○ slack
  ○ telegram

[Actual Behavior]

nemoclaw list — local-state view — correctly shows 5 policies:

$ nemoclaw list

  Sandboxes:
    sec *
      model: nvidia/nemotron-3-super-120b-a12b  provider: nvidia-prod  CPU  policies: npm, pypi, huggingface, brew, brave

  * = default sandbox

But nemoclaw sec policy-list — which reconciles against the gateway — reveals Discord is live on the gateway:

$ nemoclaw sec policy-list

  Policy presets for sandbox 'sec':
    ● brave — Brave Search API access
    ● brew — Homebrew (Linuxbrew) package manager access
    ● discord — Discord API, gateway, and CDN access (active on gateway, missing from local state)    ← leak
    ○ github — GitHub.com and GitHub API access (git, gh)
    ● huggingface — Hugging Face Hub, LFS, and Inference API access
    ○ jira — Jira and Atlassian Cloud access
    ○ local-inference — Local inference access (Ollama, vLLM) via host gateway
    ● npm — npm and Yarn registry access
    ○ outlook — Microsoft Outlook and Graph API access
    ● pypi — Python Package Index (PyPI) access
    ○ slack — Slack API, Socket Mode, and webhooks access
    ○ telegram — Telegram Bot API access

The product's own diagnostic text (active on gateway, missing from local state) confirms the inconsistency — this is not a display bug, the preset is actually enforced on the gateway.

Corresponding onboard-time evidence (verbatim from the wizard):

[5/8] Messaging channels
──────────────────────────────────────────────────
Available messaging channels:
  [1] ○ telegram — Telegram bot messaging
  [2] ○ discord — Discord bot messaging
  [3] ○ slack — Slack bot messaging
Press 1-3 to toggle, Enter when done:
Skipping messaging channels.                           ← user pressed Enter, no channels selected

[8/8] Policy presets
──────────────────────────────────────────────────

Policy tier — controls which network presets are enabled:

[ ] Restricted

[✓] Balanced

[ ] Open

Presets (Balanced defaults):

[✓] [rw] npm

[✓] [rw] pypi

[✓] [rw] huggingface

[✓] [rw] brew

[✓] [rw] brave

[ ]      discord                                    ← NOT selected

[ ]      github

[ ]      jira

[ ]      local-inference

[ ]      outlook

[ ]      slack

[ ]      telegram

Applied preset sequence (only 5, no discord):

Applied preset: npm          (policy v3)
Applied preset: pypi         (policy v4)
Applied preset: huggingface  (policy v5)
Applied preset: brew         (policy v6)
Applied preset: brave        (policy v7)

[Suspected Root Cause / Notes]

Very likely the same root cause as previously-fixed 6059818: the onboarding code path that decides which policy presets to apply queries stored credentials in ~/.nemoclaw/credentials.json (or the gateway's persisted provider list) and auto-applies any messaging preset whose credential or provider exists, independent of the messaging-channel selection and policy-picker inputs in the current onboarding session.

Specifically, the Discord policy was likely inherited from gateway-side state that persisted across sandboxes on this host — the [reuse] Skipping gateway (running) path in step [2/8] reuses the running OpenShell gateway without clearing previous policy state; the new sandbox sec inherits whatever egress rules were live for a prior sandbox.

Related bugs worth cross-linking in triage:

• 6059818 (FIXED) — same symptom, different trigger (onboard from scratch) — this bug is a regression of 6059818
• 6089645 (OPEN) — policy-list vs gateway inconsistency after rebuild (sister bug; rebuild path)
• 6085737 (FIXED) — onboarding does not carry selected messaging channels into policy presets (opposite direction: user selected channel, preset not applied — together with this bug they prove the onboarding↔policy-preset mapping is broken in both directions)
• 6087043 (FIXED) — rebuild applies policy tier resets and not the original presets selected

[Regression?]
Yes — 6059818 marked Bug - Fixed; same symptom signature reproduced on v0.0.21. Last known good version: unknown (would need to bisect v0.0.7 → v0.0.21 builds that shipped after the 6059818 fix).

Bug Details

Field	Value
Priority	Unprioritized
Action	Dev - Open - To fix
Disposition	Open issue
Module	Machine Learning - NemoClaw
Keyword	NemoClaw, NEMOCLAW_GH_SYNC_APPROVAL, NemoClaw_Policy&Network

---

[NVB#6100154]