[Ubuntu 24.04][Sandbox] Gateway token not rotated on sandbox rebuild — ensure_gateway_token is idempotent in v0.0.50+ mutable-default config

[hulynn]

Description

nemoclaw <name> sandbox rebuild no longer rotates the OpenClaw gateway token in v0.0.53. Before v0.0.50, openclaw.json was immutable (444 root:root, empty token placeholder), so every container restart re-generated a fresh token. Since v0.0.50 introduced mutable-default config (openclaw.json is 660 sandbox:sandbox with the live token persisted), the ensure_gateway_token function in nemoclaw-start.sh short-circuits on the existing token and never generates a new one. The security property "token rotates on rebuild" — relied on by T5987261 and documented behavior — is silently broken.

Environment

Device:        KVM VM (libvirt/QEMU x86_64, A100 SXM4 40GB GPU)
OS:            Ubuntu 24.04.4 LTS
Architecture:  x86_64
Node.js:       v22.22.3
npm:           10.9.8
Docker:        29.5.2
OpenShell CLI: openshell 0.0.44
NemoClaw:      v0.0.53
OpenClaw:      2026.5.22 (a374c3a)

Steps to Reproduce

1. Onboard a sandbox:

nemoclaw onboard --name token-test

2. Record token T_A from inside the sandbox:

CNAME=$(docker ps --format "{{.Names}}" | grep openshell-token-test | head -1)
T_A=$(docker exec -u sandbox $CNAME bash -c '. /tmp/nemoclaw-proxy-env.sh; echo $OPENCLAW_GATEWAY_TOKEN')
echo "T_A=${T_A}"

3. Rebuild the sandbox:

nemoclaw token-test sandbox rebuild --yes

4. Wait for sandbox to reach Ready state
5. Record token T_B from the rebuilt sandbox (same method as step 2)
6. Compare:

[ "$T_A" = "$T_B" ] && echo SAME || echo ROTATED

Expected Result

T_A != T_B — the gateway token should be rotated (freshly generated) on every rebuild. ROTATED should be printed.

Actual Result

T_A == T_B — the token is identical before and after rebuild. SAME is printed.

Root cause (source-traced) — scripts/nemoclaw-start.sh, function ensure_gateway_token (line ~1179):

ensure_gateway_token() {
  ...
  if [ -n "$(_read_gateway_token)" ]; then
    return 0    # SHORT-CIRCUIT: reuse existing token, never regenerate
  fi
  ... (generate new token only if empty)
}

In v0.0.50+ with mutable-default config, openclaw.json is user-writable (660 sandbox:sandbox) and persists the live token across container restarts. When the sandbox is rebuilt, the new container finds the existing non-empty token and returns without generating a new one.

Pre-v0.0.50 behavior: openclaw.json was 444 root:root with an empty token placeholder. Every entrypoint start generated a fresh token. This security property was lost in v0.0.50.

Logs

$ nemoclaw my-assistant2 sandbox rebuild --yes
(rebuild completes, exit 0)

$ docker exec -u sandbox openshell-my-assistant2-<uuid> \
    bash -c '. /tmp/nemoclaw-proxy-env.sh; echo $OPENCLAW_GATEWAY_TOKEN'
VUWwebNuwlloM6PnTWwk...   (same as before rebuild)

$ docker exec -u root openshell-my-assistant2-<uuid> \
    grep -E "inject|rotate|new.*token" /tmp/nemoclaw-start.log
(no output — token injection step silently short-circuited)

$ docker exec -u root openshell-my-assistant2-<uuid> \
    grep "Dashboard auth token" /tmp/nemoclaw-start.log
[gateway] Dashboard auth token redacted from startup logs.

---

NVB#6240208