[CLI][env] `NEMOCLAW_CONTEXT_WINDOW` / `NEMOCLAW_MAX_TOKENS` / `NEMOCLAW_REASONING` / `NEMOCLAW_INFERENCE_INPUTS` env overrides not propagated to sandbox; `/sandbox/.openclaw/openclaw.json` is read-only at runtime (v0.0.10)

[kk-ben]

Description

Summary:
When NEMOCLAW_CONTEXT_WINDOW, NEMOCLAW_MAX_TOKENS, NEMOCLAW_REASONING, or NEMOCLAW_INFERENCE_INPUTS are exported in the host shell before nemoclaw onboard, the resulting sandbox's /sandbox/.openclaw/openclaw.json still contains the default baked values. Operators cannot override inference parameters (context window, max tokens, reasoning effort, input modalities such as text,image) without a full destroy + re-onboard.

Compounding this: /sandbox/.openclaw/openclaw.json is a read-only mount at runtime, so openclaw config set <key> <value> inside the sandbox fails with EACCES, making it impossible to reconcile drift in place.

Root cause pattern is the same class as already-reported #1409 (NEMOCLAW_PROXY_HOST/PORT ignored) and the recently-fixed #1925/#1939 (NEMOCLAW_DASHBOARD_PORT ignored): the env var is never added to envArgs in src/lib/onboard.ts, so it never reaches nemoclaw-start.sh / patchStagedDockerfile and never influences the baked openclaw.json.

Environment:

• Platform: macOS 15 / Apple M-series (Mac Studio production workload, 10 sandboxes)
• Runtime: Docker Desktop 29.x
• NemoClaw: v0.0.10
• Install path: curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash
• Shell: zsh

Affected env vars:

env var	Expected effect in sandbox openclaw.json
NEMOCLAW_CONTEXT_WINDOW	Override agents.list[0].model.contextWindow (e.g. 1048576 for 1M-context models)
NEMOCLAW_MAX_TOKENS	Override agents.list[0].model.maxTokens
NEMOCLAW_REASONING	Override agents.list[0].reasoning.mode or reasoning.enabled
NEMOCLAW_INFERENCE_INPUTS	Override the input-modality list (e.g. text,image for vision-capable models)

Repro steps:

$ export NEMOCLAW_CONTEXT_WINDOW=1048576
$ export NEMOCLAW_MAX_TOKENS=32768
$ export NEMOCLAW_REASONING=medium
$ export NEMOCLAW_INFERENCE_INPUTS=text,image
$ NEMOCLAW_NON_INTERACTIVE=1 NEMOCLAW_ACCEPT_THIRD_PARTY_SOFTWARE=1 \
    nemoclaw onboard --agent my-agent
$ nemoclaw my-agent connect
# inside sandbox
$ cat /sandbox/.openclaw/openclaw.json | jq '.agents.list[0].model, .agents.list[0].reasoning'

Actual result:

openclaw.json inside the sandbox still contains the stock contextWindow, maxTokens, reasoning, and input values from the baked image — none of the four env vars had any effect.

Expected result:

The four env vars should flow through to the generated sandbox config the same way NEMOCLAW_MODEL / NEMOCLAW_PROVIDER_KEY / NEMOCLAW_INFERENCE_BASE_URL already do (documented in docs/reference/commands.md under --from <Dockerfile>). In particular they should be injected as ARG overrides at image build time and patched into the staged openclaw.json by patchStagedDockerfile.

Workaround attempts (all failed):

1. Inside the running sandbox:

   $ openclaw config set agents.list[0].model.contextWindow 1048576
   Error: EACCES: permission denied, open '/sandbox/.openclaw/openclaw.json'

   The config file is mounted read-only (by design, per docs/reference/commands.md channels remove section).

2. nemoclaw <name> rebuild --env NEMOCLAW_CONTEXT_WINDOW=... — no such flag exists.

3. nemoclaw destroy + re-onboard with the env vars set: works, but loses persistent workspace state (SOUL.md / USER.md / IDENTITY.md / AGENTS.md / MEMORY.md / memory/) and requires re-confirming the third-party software notice. Not acceptable for fleets of production sandboxes where operators need to tune inference parameters without data loss.

Additional context — the /sandbox/.openclaw/openclaw.json read-only mount

The read-only mount is documented in docs/reference/commands.md (nemoclaw <name> channels remove section: "/sandbox/.openclaw/openclaw.json is read-only at runtime; openclaw channels remove cannot modify the baked config from inside the sandbox"). This is a reasonable security posture, but combined with missing env propagation it means inference parameters cannot be changed at all once a sandbox is created, short of destroy + re-onboard.

Two independent but reinforcing problems:

• (A) Missing env propagation — same class as [All Platforms][Proxy] NEMOCLAW_PROXY_HOST / NEMOCLAW_PROXY_PORT are ignored; sandbox still uses default proxy 10.200.0.1:3128 #1409 / [All Platform] NEMOCLAW_DASHBOARD_PORT override: SSH tunnel from custom port does not forward traffic to sandbox dashboard #1925; likely fix pattern is the same (extend envArgs in src/lib/onboard.ts, consume in nemoclaw-start.sh / patchStagedDockerfile).
• (B) No in-place reconciliation path — if (A) is fixed, operators still need a way to apply the change to an existing sandbox. Options to consider:
  • nemoclaw <name> config set <key> <value> host-side command that re-patches openclaw.json and reloads (similar to channels add / channels remove).
  • nemoclaw <name> rebuild --from-env that re-reads host env and rebuilds with state preservation.

Real-world impact

Production setup of 10 NemoClaw sandboxes for different inference profiles (1M-context long-form model vs. 256K vision-baked model vs. etc.). Without these env overrides, each sandbox requires a custom Dockerfile + nemoclaw onboard --from path/to/Dockerfile, which is heavier than necessary and defeats the purpose of the guided onboard wizard.

Bug Details

Field	Value
Priority	Medium
Module	NemoClaw CLI / onboard / inference
Keyword	NemoClaw, env override, sandbox config, immutable mount
Related issues	#1409 (proxy env ignored, open), #1925 / #1939 (dashboard port env ignored, fixed)