refactor(cli): delete setup.sh, route all setup through nemoclaw onboard

[cv]

Summary

• Delete scripts/setup.sh (324 lines) — every step it performed is already handled by nemoclaw onboard with better error recovery (exponential backoff via pRetry), interactive prompts, registry management, and WSL2-aware Ollama binding
• nemoclaw setup now delegates to onboard instead of shelling out to the deleted script
• brev-setup.sh installs the nemoclaw CLI and runs nemoclaw onboard --non-interactive instead of calling setup.sh
• Remove setup.sh-specific tests and assertions (3 test removals across 3 files); all equivalent assertions against onboard.js already exist

Test plan

• 541 CLI tests pass (vitest run --project cli)
• Verify nemoclaw setup prints deprecation notice and runs onboard
• Verify brev-setup.sh bootstraps correctly on a fresh Brev VM (E2E)

Relates to #924 (shell consolidation).

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features

  • nemoclaw onboard replaces legacy setup workflow
  • Automatic SSH known hosts cleanup before gateway startup

• Improvements

  • Enhanced SSH host key verification for better security

• Deprecated

  • Removed legacy scripts/setup.sh setup process

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

This pull request refactors the NemoClaw setup flow by removing the monolithic scripts/setup.sh and delegating its responsibilities to a modular nemoclaw onboard command. The bootstrap process now installs the nemoclaw CLI and delegates setup through the onboarding flow, while adding SSH host key cleanup logic to prevent stale known_hosts entries.

Changes

Cohort / File(s)	Summary
Onboarding & SSH Cleanup bin/lib/onboard.js, bin/nemoclaw.js	Added pruneKnownHostsEntries() helper function and integrated SSH host key cleanup (via ssh-keygen -R and known_hosts file rewriting) into startGatewayWithOptions. Updated nemoclaw setup to delegate to runOnboard() instead of executing legacy bootstrap steps.
Bootstrap & Installation scripts/brev-setup.sh, scripts/debug.sh	Updated brev bootstrap to install nemoclaw CLI and run nemoclaw onboard --non-interactive. Modified debug.sh to use separate temporary known_hosts file and changed SSH from StrictHostKeyChecking=no to StrictHostKeyChecking=accept-new.
Setup Migration scripts/setup.sh, test/setup-sandbox-name.test.js, test/gateway-cleanup.test.js, test/runner.test.js	Removed scripts/setup.sh (324 lines) which performed host-side bootstrap. Deleted test/setup-sandbox-name.test.js (78 lines) that validated setup.sh sandbox naming. Removed setup.sh-specific assertions from cleanup and credential exposure tests.
Documentation & Test Updates scripts/walkthrough.sh, test/e2e/brev-e2e.test.js, test/ssh-known-hosts.test.js	Updated walkthrough to reference nemoclaw onboard instead of setup.sh. Modified E2E bootstrap to reflect new CLI installation flow. Added comprehensive test suite (100 lines) for pruneKnownHostsEntries() covering edge cases and host entry format variations.

Sequence Diagram(s)

sequenceDiagram
    participant NodeProcess as Node Process<br/>(onboard.js)
    participant SSHKeygen as SSH Keygen<br/>(external)
    participant FileSystem as File System<br/>(~/.ssh/known_hosts)
    
    NodeProcess->>SSHKeygen: ssh-keygen -R openshell-${GATEWAY_NAME}<br/>(best-effort, ignore failures)
    SSHKeygen-->>NodeProcess: complete (may fail)
    
    NodeProcess->>FileSystem: read ~/.ssh/known_hosts
    FileSystem-->>NodeProcess: file contents
    
    NodeProcess->>NodeProcess: pruneKnownHostsEntries(contents)<br/>filter out openshell-* entries
    
    alt Changes detected
        NodeProcess->>FileSystem: write filtered contents back
        FileSystem-->>NodeProcess: write complete
    else No changes
        NodeProcess->>NodeProcess: skip write
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~50 minutes

Poem

🐰 bounces excitedly
The setup once vast now broken in parts,
SSH keys pruned with algorithmic hearts,
From monolithic scripts to onboard's clean flow,
Where nemoclaw delegates what it should know,
Bootstrap and hosts now dance in accord!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: removing scripts/setup.sh and consolidating all setup logic through nemoclaw onboard command.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch cv/delete-setup-sh

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cv]

Reopening from a clean branch based on main (the original had stale commits from another branch).