[macOS][Onboard] nemoclaw onboard silently assigns dashboard 18789 when port already held — no auto-allocation; sandbox created in broken state

[hulynn]

Description

Description

When `nemoclaw onboard` runs and dashboard port 18789 is already bound by an external process (e.g. an active SSH session from Cursor IDE / VS Code Remote-SSH, or another sandbox already using 18789), NemoClaw does NOT detect the conflict and does NOT auto-allocate the next free port. Instead it assigns 18789 to the new sandbox anyway, emits a soft warning, and exits 0 — onboard appears to succeed but the dashboard is unreachable. This violates the expected behavior in DevTest 6002415 (P1, 5.3.2-onboard.md) which says the wizard should print "Dashboard port 18789 occupied; using 18790" and pick the next free port in the 18789-18799 range.

Environment

Device:        MacBook (Apple M4, 24576 MB unified memory)
OS:            macOS 26.1 (Darwin 25.1.0, arm64)
Architecture:  arm64
Node.js:       v23.10.0
npm:           11.3.0
Docker:        27.4.0 (build bde2b89, via colima)
OpenShell CLI: 0.0.36
NemoClaw:      v0.0.36
OpenClaw:      2026.4.24 (cbcfdf6)

Steps to Reproduce

1. Have at least one existing sandbox already on dashboard 18789, OR run: python3 -m http.server 18789 &
2. Verify port is held externally:
   lsof -i :18789
   (shows external process - e.g. ssh PID xxxxx ... TCP localhost:18789 (LISTEN))
3. Run a fresh onboard:
   NEMOCLAW_PROVIDER=build nemoclaw onboard --fresh --name cursor-coexist --non-interactive --yes --yes-i-accept-third-party-software --no-gpu
4. Watch step [6/8] sandbox-creation output for the dashboard-port allocation line.
5. After "onboard complete", run: nemoclaw list

Expected Result

- Wizard detects 18789 is in use and prints something like:
  "Dashboard port 18789 occupied by external process; using 18790"
- New sandbox is assigned the next free port in 18789-18799 range
- nemoclaw list shows distinct dashboard ports per sandbox
- Onboard completes cleanly, no "port forward not working" warning

Actual Result

Onboard exits 0 but assigns the same 18789 to the new sandbox. Output excerpt:

  [8/8] All sandbox setup complete
    Port forward on 18789 is not working. Run: openshell forward start 18789 cursor-coexist
    The sandbox was created successfully but may not be fully functional.
    Run: nemoclaw  status  - to re-check after a few seconds.
    Sandbox      cursor-coexist (Landlock + seccomp + netns)
    Dashboard:   http://127.0.0.1:18789/    <- COLLISION with sandbox-a

nemoclaw list (after onboard):
  sandbox-a       dashboard: http://127.0.0.1:18789/
  sandbox-b       dashboard: http://127.0.0.1:18790/
  abc             dashboard: http://127.0.0.1:18791/
  cursor-coexist  dashboard: http://127.0.0.1:18789/    <- DUPLICATE

lsof -i :18789 (during the test):
  COMMAND  PID  USER   FD  TYPE  DEVICE  SIZE/OFF  NODE  NAME
  ssh      7657 lynnh  3u  IPv4  ...      0t0      TCP   localhost:18789 (LISTEN)
- Port held by SSH but NemoClaw still assigned 18789 to the new sandbox.

Logs

Saved transcript: /tmp/cursor-ssh-test/onboard.log

Key warning printed at step [8/8]:
  "Port forward on 18789 is not working. Run: openshell forward start 18789 cursor-coexist"
  "The sandbox was created successfully but may not be fully functional."

Bug Details

Field	Value
Priority	Unprioritized
Action	Dev - Open - To fix
Disposition	Open issue
Module	Machine Learning - NemoClaw
Keyword	NemoClaw, NemoClaw_CLI&UX, NEMOCLAW_GH_SYNC_APPROVAL, NemoClaw_Onboard

---

[NVB#6158475]

[wscurran]

✨ Thanks for submitting this issue that identifies a problem with nemoclaw onboard not auto-allocating the next free port when the default dashboard port is already bound on macOS. This change involves modifying the onboard process to detect port conflicts and pick an available port in the specified range.