Skip to content

[Ubuntu 24.04][CLI&UX] nemoclaw channels add accepts same Telegram bot token on a second sandbox without warning — cross-sandbox messaging overlap silently allowed #4305

Closed
Bug
#4652
Closed
[Ubuntu 24.04][CLI&UX] nemoclaw channels add accepts same Telegram bot token on a second sandbox without warning — cross-sandbox messaging overlap silently allowed#4305
Bug
#4652
Assignees
TonyLuo-NV
Labels
NV QABugs found by the NVIDIA QA Teamarea: cliCommand line interface, flags, terminal UX, or outputintegration: telegramTelegram integration or channel behaviorintegration: whatsappWhatsApp integration or channel behaviorplatform: dgx-sparkAffects DGX Spark hardware or workflowsplatform: ubuntuAffects Ubuntu Linux environmentsv0.0.60Release target
@wangericnv

Description

@wangericnv
wangericnv
opened on May 27, 2026

Description

On Ubuntu 24.04 (DGX Spark, aarch64) with nemoclaw v0.0.52, nemoclaw <name> channels add telegram accepts the SAME TELEGRAM_BOT_TOKEN / TELEGRAM_CHAT_ID on a second sandbox without any warning, conflict check, or confirmation prompt — even though the first sandbox is already registered against that bot. The result is two sandboxes silently fighting for getUpdates polling on the same Telegram bot, which Telegram only allows for one consumer at a time (this is what NVB-class 409-conflict bugs typically reference). The user has no UX signal that the second registration overlaps with the first. DevTest case 639405 (folder 1179566 \DevTest\NemoClaw\NemoClaw Test\v0.0.52\manual\cli) is what surfaced this. The same shape likely affects any messaging channel that uses a single shared bot identity (Slack xoxb, Discord bot token, WhatsApp bot, etc.) but only Telegram was exercised here.

Environment

Device:        DGX Spark 10.173.104.110
OS:            Ubuntu 24.04 LTS
Architecture:  aarch64
Node.js:       v22.22.3
npm:           10.9.8
Docker:        present
OpenShell CLI: 0.0.44 (docker)
NemoClaw:      v0.0.52
OpenClaw:      2026.5.22 (a374c3a)
Sandboxes used: my-assistant (first, nvidia-prod) + sandbox-c (second, nvidia-prod)
Telegram bot:  one real bot token (user-provided), one real chat_id

Steps to Reproduce

  1. Onboard at least two sandboxes — e.g. my-assistant and sandbox-c.
  2. Add Telegram channel to the first sandbox: 
    TELEGRAM_BOT_TOKEN=<token> TELEGRAM_CHAT_ID=<id> TELEGRAM_AUTHORIZED_CHAT_IDS=<id> \
nemoclaw my-assistant channels add telegram
    → succeeds. sandboxes.json shows "messagingChannels": ["telegram"] for my-assistant.
  3. Without removing telegram from my-assistant, add the SAME Telegram bot token + chat_id to the second sandbox: 
    TELEGRAM_BOT_TOKEN=<same-token> TELEGRAM_CHAT_ID=<same-id> TELEGRAM_AUTHORIZED_CHAT_IDS=<same-id> \
nemoclaw sandbox-c channels add telegram
  4. Observe the CLI output — no warning, no conflict check, no "this bot is already registered to my-assistant" prompt.
  5. Inspect ~/.nemoclaw/sandboxes.json — both my-assistant and sandbox-c now show "messagingChannels": ["telegram"] with the same bot identity behind them.

Expected Result

On the second channels add telegram, nemoclaw should detect that the SAME bot token / chat_id is already wired up to another sandbox in the local registry and at minimum:

  • print a warning along the lines of "bot token already registered to sandbox 'my-assistant'; both sandboxes will compete for getUpdates polling and one will fail with HTTP 409", OR
  • prompt the user [y/N] Continue anyway? before proceeding, OR
  • reject the duplicate by default and require an explicit --force-overlap flag.

This matters because Telegram's getUpdates is exclusive — two sandboxes polling the same bot guarantees at least one of them ends up in a 409 loop. Without UX feedback the user has no way to know what's about to break.

Actual Result

Second channels add telegram succeeded silently:

✓ Registered telegram bridge with the OpenShell gateway.
Widening sandbox egress — adding: api.telegram.org, core.telegram.org
✓ Policy version N submitted (hash: ...)
✓ Policy version N loaded (active version: N)

No "already registered" / "duplicate bot token" / "potential conflict" message anywhere. ~/.nemoclaw/sandboxes.json post-add:

my-assistant.messagingChannels = ["telegram"]
sandbox-c.messagingChannels    = ["telegram"]   ← silently overlapped

Two competing Telegram pollers are now wired up to the same bot, and the user has no UX signal that this happened.

Logs

$ TELEGRAM_BOT_TOKEN='<token>' TELEGRAM_CHAT_ID='<id>' TELEGRAM_AUTHORIZED_CHAT_IDS='<id>' \
  nemoclaw sandbox-c channels add telegram

  ✓ Registered telegram bridge with the OpenShell gateway.
  Widening sandbox egress — adding: api.telegram.org, core.telegram.org
  ✓ Policy version 5 submitted (hash: ...)
  ✓ Policy version 5 loaded (active version: 5)
  ✓ Channel telegram added to sandbox 'sandbox-c'

$ cat ~/.nemoclaw/sandboxes.json | python3 -m json.tool | grep -B1 -A2 messagingChannels
  "my-assistant": ...
    "messagingChannels": ["telegram"]
  "sandbox-c": ...
    "messagingChannels": ["telegram"]   ← same bot token behind both, no warning surfaced

NVB#6228838

Metadata

Metadata

Assignees

Labels

NV QABugs found by the NVIDIA QA Teamarea: cliCommand line interface, flags, terminal UX, or outputintegration: telegramTelegram integration or channel behaviorintegration: whatsappWhatsApp integration or channel behaviorplatform: dgx-sparkAffects DGX Spark hardware or workflowsplatform: ubuntuAffects Ubuntu Linux environmentsv0.0.60Release target

Type

Bug

Fields

No fields configured for Bug.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions