[macOS][Onboard] nemoclaw onboard --recreate-sandbox silently ignores NEMOCLAW_POLICY_PRESETS env var, resumes previous presets from cached state

[hulynn]

Description

Description

When running `nemoclaw onboard --recreate-sandbox --non-interactive` against an existing sandbox, the value of NEMOCLAW_POLICY_PRESETS in the environment is silently ignored — even when paired with NEMOCLAW_POLICY_MODE=custom and NEMOCLAW_RECREATE_SANDBOX=1. Instead of applying the user-specified preset list, the wizard prints `[resume] Reapplying policy presets: ` and re-applies whatever presets were active on the sandbox before recreate.

Net effect:
- Fresh-onboard NEMOCLAW_POLICY_PRESETS path: works (presets are honored).
- Recreate path: env var is no-op, presets are read from cached sandbox state.

This is a divergence from the documented env contract per `bash install.sh --help` which lists `NEMOCLAW_POLICY_PRESETS  Comma-separated policy presets` as a generic input variable. Users (and CI / test fixtures) reasonably expect setting NEMOCLAW_POLICY_PRESETS=pypi to switch the active presets on recreate. There is no warning that the env var is being ignored.

Either:
(a) Recreate should honor NEMOCLAW_POLICY_PRESETS (consistent with fresh onboard), OR
(b) Recreate should warn / error when NEMOCLAW_POLICY_PRESETS is set but is being ignored, with a documented escape hatch (e.g. NEMOCLAW_POLICY_RESET=1 or similar).

Environment

Device:        MacBook Pro M4 (host: G7XLDV4CN9)
OS:            macOS 26.1 (Darwin 25.1.0, arm64)
Architecture:  arm64
Node.js:       v23.10.0
npm:           11.3.0
Docker:        Docker version 27.4.0, build bde2b89 (Colima 0.10.x)
OpenShell CLI: openshell 0.0.36
NemoClaw:      v0.0.29
OpenClaw:      Bundled with v0.0.29 (sandbox built per-onboard from sandbox-base latest)

Steps to Reproduce

1. Clean state for the test sandbox name:
     rm -f ~/.nemoclaw/onboard.lock ~/.nemoclaw/onboard-session.json

2. First onboard with only npm preset selected:
     env NEMOCLAW_NON_INTERACTIVE=1 \
         NEMOCLAW_PROVIDER=ollama \
         NEMOCLAW_MODEL=qwen2.5:1.5b \
         NEMOCLAW_SANDBOX_NAME=bug-a-test \
         NEMOCLAW_POLICY_MODE=custom \
         NEMOCLAW_POLICY_PRESETS=npm \
         NO_PROXY=localhost,127.0.0.1,host.openshell.internal \
         no_proxy=localhost,127.0.0.1,host.openshell.internal \
         nemoclaw onboard --non-interactive --yes-i-accept-third-party-software

3. Verify only npm is active:
     nemoclaw bug-a-test policy-list

4. Clean session file (so we don't simply resume an in-progress session):
     rm -f ~/.nemoclaw/onboard.lock ~/.nemoclaw/onboard-session.json

5. Re-onboard same sandbox name with NEMOCLAW_POLICY_PRESETS=pypi (and the recreate flag):
     env NEMOCLAW_NON_INTERACTIVE=1 \
         NEMOCLAW_PROVIDER=ollama \
         NEMOCLAW_MODEL=qwen2.5:1.5b \
         NEMOCLAW_SANDBOX_NAME=bug-a-test \
         NEMOCLAW_POLICY_MODE=custom \
         NEMOCLAW_POLICY_PRESETS=pypi \
         NEMOCLAW_RECREATE_SANDBOX=1 \
         NO_PROXY=localhost,127.0.0.1,host.openshell.internal \
         no_proxy=localhost,127.0.0.1,host.openshell.internal \
         nemoclaw onboard --non-interactive --yes-i-accept-third-party-software --recreate-sandbox

6. Watch the wizard's [8/8] Policy presets output.

7. Verify final preset state:
     nemoclaw bug-a-test policy-list

Expected Result

Step 5 output should reflect that NEMOCLAW_POLICY_PRESETS=pypi was honored — either by:
  - Applying pypi (replacing the previous npm selection) and showing
        Applied preset: pypi
        Removed preset: npm   (or equivalent transition)
  - OR by clearly warning that NEMOCLAW_POLICY_PRESETS is not honored on recreate paths
    and exiting non-zero.

Step 7 should show:
  ● pypi
  ○ npm
(or another deterministic outcome the user can rely on)

Actual Result

At step 5, the wizard's policy-presets phase prints:

  [8/8] Policy presets
  ──────────────────────────────────────────────────
  [resume] Reapplying policy presets: npm                       <-- pypi env IGNORED
  Widening sandbox egress — adding: registry.npmjs.org, registry.yarnpkg.com
  ✓ Policy version 2 submitted (hash: b0b20ec87d30)
  ✓ Policy version 2 loaded (active version: 2)
  Applied preset: npm

Step 7 confirms the env var was no-op on recreate:

  $ nemoclaw bug-a-test policy-list
    Policy presets for sandbox 'bug-a-test':
      ○ pypi — Python Package Index (PyPI) access     <-- NOT applied
      ● npm — npm and Yarn registry access            <-- still active from previous onboard
      ● discord — Discord API ... (active on gateway, missing from local state)
      [other presets ○ as before]

The hash matches Step 1's policy version 2 hash exactly (b0b20ec87d30), confirming the recreate did not generate a new policy at all — it reused the one persisted from the prior onboard.

Note: deleting only ~/.nemoclaw/onboard-session.json was insufficient — preset selection is persisted elsewhere (likely ~/.nemoclaw/sandboxes.json or per-sandbox openshell metadata). The user has no documented way to "reset" preset choice without destroying the sandbox.

Logs

Side-finding observed in the same run:
  Step 5 destroy of bug-a-test triggered the docker tag mismatch (NVBug 6126033)
  for the 4th time (now reproduced on macOS in addition to DGX Spark Linux):
    Error response from daemon: No such image: openshell/sandbox-from:1777461942803
    ⚠ Failed to remove Docker image openshell/sandbox-from:1777461942803

Suggested fix direction:
  - Option (a): in onboard recreate path, when NEMOCLAW_POLICY_PRESETS / NEMOCLAW_POLICY_MODE
    are set in the environment AND differ from the cached sandbox state, treat the env vars
    as authoritative — call applyPreset / removePreset to converge the live policy to the
    requested set, instead of [resume] reapplying old state.
  - Option (b): if recreate is intentionally meant to be a "rebuild image, keep policy"
    operation, then add an explicit warning when env vars conflict with cached state, e.g.:
        WARN: NEMOCLAW_POLICY_PRESETS=pypi is set but recreate uses cached state (npm).
              To change presets, run: nemoclaw  policy-add / policy-remove,
              or destroy and re-onboard fresh.
  - Document the persistence boundary clearly in onboard --help so users know what
    deleting onboard-session.json does and does not reset.

Cross-link:
  - NVBug 6126033 (this filer's): docker tag mismatch on destroy — same Mac run reproduces.
  - NVBug 6100154 (Eric Wang, open): discord leak; the discord ● in the policy-list above
    shows that bug also reproduces on v0.0.29 macOS / openshell 0.0.36.

Bug Details

Field	Value
Priority	Unprioritized
Action	Dev - Open - To fix
Disposition	Open issue
Module	Machine Learning - NemoClaw
Keyword	NemoClaw, NemoClaw_CLI&UX, NEMOCLAW_GH_SYNC_APPROVAL, NemoClaw_Onboard, NemoClaw_Policy&Network

---

[NVB#6127070]

[wscurran]

✨ Thanks for submitting this issue that identifies a bug in the NemoClaw onboard process where the NEMOCLAW_POLICY_PRESETS environment variable is ignored when recreating a sandbox on macOS. This proposes an investigation into the onboard process to ensure that environment variables are properly applied during sandbox recreation.