[Mac] The exported port which the sandbox built used does not been effective with TUI

[zNeill]

Description

Description:
export port does not work

Environment:- Platform: mac

• NemoClaw: v0.0.22
• openshell: v0.0.29

Steps to Reproduce:The build process:

export CHAT_UI_URL=http://127.0.0.1:18790

dyue@dyue-mlt nemoclaw % nemoclaw onboard

  NemoClaw Onboarding
  ===================

  [1/8] Preflight checks
  ──────────────────────────────────────────────────
  ✓ Docker is running
  ✓ Container runtime: colima
  ✓ openshell CLI: openshell 0.0.29
  ✓ Port 8080 already owned by healthy NemoClaw runtime (OpenShell gateway)
  ✓ Port 18789 available (NemoClaw dashboard)
  ✓ Apple GPU detected: Apple M3 Pro (18 cores), 36864 MB unified memory
  ⓘ NIM requires NVIDIA GPU — will use cloud inference

  [2/8] Starting OpenShell gateway
  ──────────────────────────────────────────────────
  [reuse] Skipping gateway (running)
  Reusing healthy NemoClaw gateway.

  [3/8] Configuring inference (NIM)
  ──────────────────────────────────────────────────

  Inference options:
    1) NVIDIA Endpoints
    2) OpenAI
    3) Other OpenAI-compatible endpoint
    4) Anthropic
    5) Other Anthropic-compatible endpoint
    6) Google Gemini
    7) Install Ollama (macOS)

  Choose [1]:

  Cloud models:
    1) Nemotron 3 Super 120B (nvidia/nemotron-3-super-120b-a12b)
    2) Kimi K2.5 (moonshotai/kimi-k2.5)
    3) GLM-5 (z-ai/glm5)
    4) MiniMax M2.5 (minimaxai/minimax-m2.5)
    5) GPT-OSS 120B (openai/gpt-oss-120b)
    6) Other...

  Choose model [1]:
  Chat Completions API available — OpenClaw will use openai-completions.
  Using NVIDIA Endpoints with model: nvidia/nemotron-3-super-120b-a12b

  [4/8] Setting up inference provider
  ──────────────────────────────────────────────────
✓ Active gateway set to 'nemoclaw'
✓ Updated provider nvidia-prod
Gateway inference configured:

  Route: inference.local
  Provider: nvidia-prod
  Model: nvidia/nemotron-3-super-120b-a12b
  Version: 3
  Timeout: 60s (default)
  ✓ Inference route set: nvidia-prod / nvidia/nemotron-3-super-120b-a12b
  Enable Brave Web Search? [y/N]:

  [5/8] Messaging channels
  ──────────────────────────────────────────────────

  Available messaging channels:
    [1] ○ telegram — Telegram bot messaging
    [2] ○ discord — Discord bot messaging
    [3] ○ slack — Slack bot messaging

  Press 1-3 to toggle, Enter when done:
  Skipping messaging channels.

  [6/8] Creating sandbox
  ──────────────────────────────────────────────────
  Sandbox name (lowercase, starts with letter, hyphens ok) [my-assistant]: devin-sandbox2
  Creating sandbox 'devin-sandbox2' (this takes a few minutes on first run)...
  Pinning base image to sha256:45b9397d5ba5...
  Building sandbox image...
  Building image openshell/sandbox-from:1776850626 from /private/var/folders/f2/lxxlhkhx55z4v5b1sd0dg98r0000gp/T/nemoclaw-build-Jp97Ny/Dockerfile
  Step 1/51 : ARG BASE_IMAGE=ghcr.io/nvidia/nemoclaw/sandbox-base@sha256:45b9397d5ba5d18e2849d66da8e7f8471799fce1b26971d92cabff1aa8858e64
  Step 2/51 : FROM node:22-slim@sha256:4f77a690f2f8946ab16fe1e791a3ac0667ae1c3575c3e4d0d4589e9ed5bfaf3d AS builder
  Step 3/51 : ENV NPM_CONFIG_AUDIT=false     NPM_CONFIG_FUND=false     NPM_CONFIG_UPDATE_NOTIFIER=false
  Step 4/51 : COPY nemoclaw/package.json nemoclaw/package-lock.json nemoclaw/tsconfig.json /opt/nemoclaw/
  Step 5/51 : COPY nemoclaw/src/ /opt/nemoclaw/src/
  Step 6/51 : WORKDIR /opt/nemoclaw
  Step 7/51 : RUN npm ci && npm run build
  Step 8/51 : FROM ${BASE_IMAGE}
  Step 9/51 : RUN (apt-get remove --purge -y gcc gcc-12 g++ g++-12 cpp cpp-12 make         netcat-openbsd netcat-traditional ncat 2>/dev/null || true)     && apt-get autoremove --purge -y     && r...
  Step 10/51 : COPY --from=builder /opt/nemoclaw/dist/ /opt/nemoclaw/dist/
  Step 11/51 : COPY nemoclaw/openclaw.plugin.json /opt/nemoclaw/
  Step 12/51 : COPY nemoclaw/package.json nemoclaw/package-lock.json /opt/nemoclaw/
  Step 13/51 : COPY nemoclaw-blueprint/ /opt/nemoclaw-blueprint/
  Step 14/51 : WORKDIR /opt/nemoclaw
  Step 15/51 : RUN npm ci --omit=dev
  Step 16/51 : RUN set -eu;     MIN_VER=$(grep -m 1 'min_openclaw_version' /opt/nemoclaw-blueprint/blueprint.yaml | awk '{print $2}' | tr -d '"');     [ -n "$MIN_VER" ] || { echo "ERROR: Could not...
  Step 17/51 : RUN set -eu;     OC_DIST=/usr/local/lib/node_modules/openclaw/dist;     fg_export="$(grep -RIlE --include='*.js' 'export \{[^}]*withStrictGuardedFetchMode as [a-z]' "$OC_DIST")";   ...
  Step 18/51 : RUN mkdir -p /sandbox/.nemoclaw/blueprints/0.1.0     && cp -r /opt/nemoclaw-blueprint/* /sandbox/.nemoclaw/blueprints/0.1.0/
  Step 19/51 : COPY scripts/nemoclaw-start.sh /usr/local/bin/nemoclaw-start
  Step 20/51 : RUN chmod 755 /usr/local/bin/nemoclaw-start
  Step 21/51 : ARG NEMOCLAW_MODEL=nvidia/nemotron-3-super-120b-a12b
  Step 22/51 : ARG NEMOCLAW_PROVIDER_KEY=inference
  Step 23/51 : ARG NEMOCLAW_PRIMARY_MODEL_REF=inference/nvidia/nemotron-3-super-120b-a12b
  Step 24/51 : ARG CHAT_UI_URL=http://127.0.0.1:18790
  Step 25/51 : ARG NEMOCLAW_INFERENCE_BASE_URL=https://inference.local/v1
  Step 26/51 : ARG NEMOCLAW_INFERENCE_API=openai-completions
  Step 27/51 : ARG NEMOCLAW_CONTEXT_WINDOW=131072
  Step 28/51 : ARG NEMOCLAW_MAX_TOKENS=4096
  Step 29/51 : ARG NEMOCLAW_REASONING=false
  Step 30/51 : ARG NEMOCLAW_INFERENCE_COMPAT_B64=e30=
  Step 31/51 : ARG NEMOCLAW_MESSAGING_CHANNELS_B64=W10=
  Step 32/51 : ARG NEMOCLAW_MESSAGING_ALLOWED_IDS_B64=e30=
  Step 33/51 : ARG NEMOCLAW_DISCORD_GUILDS_B64=e30=
  Step 34/51 : ARG NEMOCLAW_DISABLE_DEVICE_AUTH=1
  Step 35/51 : ARG NEMOCLAW_BUILD_ID=1776850626032
  Step 36/51 : ARG NEMOCLAW_PROXY_HOST=10.200.0.1
  Step 37/51 : ARG NEMOCLAW_PROXY_PORT=3128
  Step 38/51 : ARG NEMOCLAW_WEB_SEARCH_ENABLED=0
  Step 39/51 : ENV NEMOCLAW_MODEL=${NEMOCLAW_MODEL}     NEMOCLAW_PROVIDER_KEY=${NEMOCLAW_PROVIDER_KEY}     NEMOCLAW_PRIMARY_MODEL_REF=${NEMOCLAW_PRIMARY_MODEL_REF}     CHAT_UI_URL=${CHAT_UI_URL}  ...
  Step 40/51 : WORKDIR /sandbox
  Step 41/51 : USER sandbox
  Step 42/51 : RUN python3 -c "import base64, json, os, secrets; from urllib.parse import urlparse; proxy_url = f\"http://{os.environ['NEMOCLAW_PROXY_HOST']}:{os.environ['NEMOCLAW_PROXY_PORT']}\";...
  Step 43/51 : RUN openclaw doctor --fix > /dev/null 2>&1 || true     && openclaw plugins install /opt/nemoclaw > /dev/null 2>&1 || true
  Still building sandbox image... (175s elapsed)
  Still building sandbox image... (191s elapsed)
  Still building sandbox image... (196s elapsed)
  Still building sandbox image... (212s elapsed)
  Step 44/51 : USER root
  Step 45/51 : RUN mkdir -p /sandbox/.openclaw-data/logs         /sandbox/.openclaw-data/credentials         /sandbox/.openclaw-data/sandbox         /sandbox/.openclaw-data/media     && chown sand...
  Step 46/51 : RUN OPENCLAW_DIST_DIR="$(npm root -g)/openclaw/dist"     && if [ ! -d "$OPENCLAW_DIST_DIR" ]; then         echo "Error: OpenClaw dist directory not found: $OPENCLAW_DIST_DIR";      ...
  Step 47/51 : RUN chown root:root /sandbox/.openclaw     && rm -rf /root/.npm /sandbox/.npm     && find /sandbox/.openclaw -mindepth 1 -maxdepth 1 -exec chown -h root:root {} +     && chmod 755 /...
  Step 48/51 : RUN sha256sum /sandbox/.openclaw/openclaw.json > /sandbox/.openclaw/.config-hash     && chmod 444 /sandbox/.openclaw/.config-hash     && chown root:root /sandbox/.openclaw/.config-hash
  Step 49/51 : RUN chown root:root /sandbox/.nemoclaw     && chmod 1755 /sandbox/.nemoclaw     && chown -R root:root /sandbox/.nemoclaw/blueprints     && chmod -R 755 /sandbox/.nemoclaw/blueprints...
  Step 50/51 : ENTRYPOINT ["/usr/local/bin/nemoclaw-start"]
  Step 51/51 : CMD ["/bin/bash"]
  Built image openshell/sandbox-from:1776850626
  Uploading image into OpenShell gateway...
  Pushing image openshell/sandbox-from:1776850626 into gateway "nemoclaw"
  [progress] Exported 100 MiB
  [progress] Exported 200 MiB
  [progress] Exported 300 MiB
  [progress] Exported 400 MiB
  [progress] Exported 500 MiB
  [progress] Exported 600 MiB
  [progress] Exported 700 MiB
  [progress] Exported 723 MiB
  [progress] Uploaded to gateway
  Image openshell/sandbox-from:1776850626 is available in the gateway.
  Waiting for sandbox to become ready...
  Sandbox reported Ready before create stream exited; continuing.
  Waiting for sandbox to become ready...
  Waiting for NemoClaw dashboard to become ready...
  Dashboard taking longer than expected to start. Continuing...
! No active forward found for port 18790
  Setting up sandbox DNS proxy...
Setting up DNS proxy in pod 'devin-sandbox2' (10.200.0.1:53 -> 10.42.0.9)...
WARNING: DNS forwarder not responding after 10s — verification may fail
  [PASS] DNS forwarder running (pid=617): dns-proxy: 10.200.0.1:53 -> 10.42.0.9:53 pid=617
  [PASS] resolv.conf -> nameserver 10.200.0.1
  [PASS] iptables: UDP 10.200.0.1:53 ACCEPT rule present
  [PASS] getent hosts github.com -> 140.82.116.3    github.com
  DNS verification: 4 passed, 0 failed
Defaulted container "agent" out of: agent, workspace-init (init)
Defaulted container "agent" out of: agent, workspace-init (init)
Defaulted container "agent" out of: agent, workspace-init (init)
command terminated with exit code 127
Defaulted container "agent" out of: agent, workspace-init (init)
command terminated with exit code 127
Defaulted container "agent" out of: agent, workspace-init (init)
command terminated with exit code 127
Defaulted container "agent" out of: agent, workspace-init (init)
command terminated with exit code 127
Defaulted container "agent" out of: agent, workspace-init (init)
command terminated with exit code 127
Defaulted container "agent" out of: agent, workspace-init (init)
command terminated with exit code 127
Defaulted container "agent" out of: agent, workspace-init (init)
command terminated with exit code 127
Defaulted container "agent" out of: agent, workspace-init (init)
command terminated with exit code 127
Defaulted container "agent" out of: agent, workspace-init (init)
command terminated with exit code 127
Defaulted container "agent" out of: agent, workspace-init (init)
command terminated with exit code 127
Defaulted container "agent" out of: agent, workspace-init (init)
Defaulted container "agent" out of: agent, workspace-init (init)
  ✓ Sandbox 'devin-sandbox2' created

  [7/8] Setting up OpenClaw inside sandbox
  ──────────────────────────────────────────────────
  ✓ OpenClaw gateway launched inside sandbox

  [8/8] Policy presets
  ──────────────────────────────────────────────────

  Policy tier — controls which network presets are enabled:
     [ ] Restricted
   > [✓] Balanced
     [ ] Open

  ↑/↓ j/k  move    Space  select    Enter  confirm


  Presets  (Balanced defaults):
   > [✓] [rw] npm
     [✓] [rw] pypi
     [✓] [rw] huggingface
     [✓] [rw] brew
     [✓] [rw] brave
     [ ]      discord
     [ ]      github
     [ ]      jira
     [ ]      local-inference
     [ ]      outlook
     [ ]      slack
     [ ]      telegram

  ↑/↓ j/k  move    Space  include    r  toggle rw    Enter  confirm

  Widening sandbox egress — adding: registry.npmjs.org, registry.yarnpkg.com
✓ Policy version 3 submitted (hash: b733f8494727)
✓ Policy version 3 loaded (active version: 3)
  Applied preset: npm
  Widening sandbox egress — adding: pypi.org, files.pythonhosted.org
✓ Policy version 4 submitted (hash: 4fffeb840886)
✓ Policy version 4 loaded (active version: 4)
  Applied preset: pypi
  Widening sandbox egress — adding: huggingface.co, cdn-lfs.huggingface.co, router.huggingface.co
✓ Policy version 5 submitted (hash: 8c415a7a5a40)
✓ Policy version 5 loaded (active version: 5)
  Applied preset: huggingface
  Widening sandbox egress — adding: formulae.brew.sh, github.com, ghcr.io, pkg-containers.githubusercontent.com, objects.githubusercontent.com, raw.githubusercontent.com
✓ Policy version 6 submitted (hash: 638f10672851)
✓ Policy version 6 loaded (active version: 6)
  Applied preset: brew
  Widening sandbox egress — adding: api.search.brave.com
✓ Policy version 7 submitted (hash: 6bedc9f51462)
✓ Policy version 7 loaded (active version: 7)
  Applied preset: brave

  ──────────────────────────────────────────────────
  Sandbox      devin-sandbox2 (Landlock + seccomp + netns)
  Model        nvidia/nemotron-3-super-120b-a12b (NVIDIA Endpoints)
  NIM          not running
  ──────────────────────────────────────────────────
  Run:         nemoclaw devin-sandbox2 connect
  Status:      nemoclaw devin-sandbox2 status
  Logs:        nemoclaw devin-sandbox2 logs --follow

  OpenClaw UI (tokenized URL; treat it like a password)
  Port 18790 must be forwarded before opening these URLs.

Access the sandbox see:

nemoclaw devin-sandbox2 connect

  ✓ Connecting to sandbox 'devin-sandbox2'
  Inside the sandbox, run `openclaw tui` to start chatting with the agent.
  Type `/exit` to leave the chat, then `exit` to return to the host shell.

sandbox@devin-sandbox2:~$ openclaw tui
(node:8719) [UNDICI-EHPA] Warning: EnvHttpProxyAgent is experimental, expect them to change at any time.
(Use `node --trace-warnings ...` to show where the warning was created)
(node:8727) [UNDICI-EHPA] Warning: EnvHttpProxyAgent is experimental, expect them to change at any time.
(Use `node --trace-warnings ...` to show where the warning was created)

 OpenClaw 2026.4.2 (d74a122) — Give me a workspace and I'll give you fewer tabs, fewer toggles, and more oxygen.

 openclaw tui - ws://127.0.0.1:18789 - agent main - session main

Expected:
Should be used the set port.

Bug Details

Field	Value
Priority	Unprioritized
Action	Dev - Open - To fix
Disposition	Open issue
Module	Machine Learning - NemoClaw
Keyword	NemoClaw, NEMOCLAW_GH_SYNC_APPROVAL, NemoClaw_Security, NemoClaw-SWQA-RelBlckr-Recommended

---

[NVB#6103574]