refactor(installer): thin bootstrap and versioned payload

[kjw3]

Summary

• turn the repo-root install.sh into a thin bootstrap that selects one install ref and then executes installer logic from that same ref
• reuse scripts/install.sh as the versioned installer payload instead of adding another installer path
• preserve compatibility for older refs by only treating scripts/install.sh as the payload when it contains an explicit payload marker; otherwise fall back to the cloned root install.sh

Validation

• node_modules/.bin/vitest run test/install-preflight.test.js
• bash -n install.sh scripts/install.sh
• npx eslint test/install-preflight.test.js

Notes

• keeps curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash working
• keeps direct repo-checkout execution working for both bash install.sh and bash scripts/install.sh
• adds explicit coverage for curl -fsSL https://www.nvidia.com/nemoclaw.sh | NEMOCLAW_INSTALL_TAG=v0.0.1 bash
• pushed update at 46ad602; repo pre-push still has an unrelated failure in src/lib/preflight.test.ts

Summary by CodeRabbit

• Refactor

  • Reworked the installer into a lightweight bootstrap that selects and runs a versioned payload, simplifying controls and validation for a faster, more reliable install experience.
  • Streamlined error/output styling and download verification to reduce noise.

• New Features

  • Self-contained, versioned installer option with built-in Node.js setup, conditional GPU tooling/model handling, and improved onboarding/resume and PATH guidance.

• Tests

  • Updated end-to-end tests to cover bootstrap paths, payload execution, and non-clone install scenarios.

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

The PR replaces the full end-to-end root installer with a lightweight bootstrap install.sh that clones a repo ref and delegates to a payload; scripts/install.sh becomes a standalone, versioned installer handling Node/nvm, NemoClaw install/build/link, PATH/shims, and TTY-aware onboarding. Tests and stubs updated accordingly.

Changes

Cohort / File(s)	Summary
Bootstrap Refactor install.sh	Replaced the previous full installer with a bootstrap wrapper. Resolves a release tag, clones NVIDIA/NemoClaw at that ref into a temp dir, minimally verifies downloaded scripts (non-empty + shebang), detects a payload marker, and delegates args to either scripts/install.sh in the clone or the legacy root install.sh. Simplified CLI handling (--help/--version) and trimmed logging/validation and global cleanup logic.
Versioned Installer Implementation scripts/install.sh	Converted from a shim to a self-contained versioned installer. Adds version resolution (env/ref/git tags/.version/package.json), nvm/Node install and runtime validation, local-source or release-based NemoClaw install (pre-extract workaround), npm install/build/link, npm global prefix handling, Ollama GPU-model conditional logic, TTY-aware onboarding and usage-notice handling with resume support, and temp/PID cleanup via trap.
Tests and Stubs test/install-preflight.test.js, test/... (stubs/helpers)	Updated tests to use INSTALLER_PAYLOAD (scripts/install.sh), adjusted assertions to expect payload help output, added curl-pipe fallback case for legacy root installer writing NEMOCLAW_INSTALL_TAG, extended fake git stubs to handle git -c ... invocations, tightened git-call assertions (no clone/fetch in many cases), and expanded stub repos to include scripts/install.sh usage-notice hooks.
Misc Tests/Helpers test/... (helpers, stubs)`	Modified test helpers and stub scripts to support payload marker detection and new invocation patterns (shifting git args, adding scripts/install.sh stubs, writing legacy log paths).

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Bootstrap as install.sh<br/>(Bootstrap)
    participant Git as Git Clone
    participant Payload as scripts/install.sh<br/>(Versioned Installer)
    participant NodeMgr as Node.js<br/>(nvm)
    participant NemoClaw as NemoClaw<br/>Installer
    participant Onboard as Onboarding

    User->>Bootstrap: Run install.sh [--tag ref | --help/--version]
    Bootstrap->>Git: Clone repo at NEMOCLAW_INSTALL_TAG (temp dir)
    Git-->>Bootstrap: Repo cloned

    alt payload marker present in clone
        Bootstrap->>Payload: Execute `scripts/install.sh` with env (NEMOCLAW_INSTALL_REF/TAG/REPO_ROOT)
    else fallback to root installer
        Bootstrap->>Bootstrap: Execute legacy root `install.sh`
    end

    Payload->>NodeMgr: Fetch/install nvm and Node 22, validate runtime
    NodeMgr-->>Payload: Node/npm ready

    Payload->>NemoClaw: Install from local source or clone release, npm install, build, link CLI
    NemoClaw-->>Payload: CLI installed, PATH/shims adjusted

    Payload->>Payload: Verify `nemoclaw` in PATH
    alt CLI resolvable
        Payload->>Onboard: Run `nemoclaw onboard` (TTY-aware, may resume)
        Onboard-->>Payload: Onboarding complete
    else PATH unresolved
        Payload->>User: Print shell PATH export/source hint
    end

    Payload-->>User: Installation complete

Loading

sequenceDiagram
    participant TestRunner as Test Runner
    participant StubGit as Stubbed Git/Repo
    participant OldPayload as Old scripts/install.sh<br/>(Wrapper)
    participant RootInstaller as Root install.sh<br/>(Legacy)
    participant LogFile as LEGACY_LOG_PATH

    TestRunner->>StubGit: Create stub repo containing old `scripts/install.sh` wrapper
    StubGit-->>TestRunner: Stub ready

    TestRunner->>OldPayload: Pipe installer via `bash -s -- --help`
    OldPayload->>OldPayload: Detect absence of payload marker
    OldPayload->>RootInstaller: Exec legacy root installer (fallback)

    RootInstaller->>LogFile: Record `NEMOCLAW_INSTALL_TAG`
    RootInstaller-->>TestRunner: Exit 0

    TestRunner->>TestRunner: Assert tag logged and exit status success

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Poem

🐰 I hopped a bootstrap, light and keen,
Cloned a ref, then found the scene.
Payload sprang to fetch and build,
Node and CLI all nicely filled.
Hooray — the installer danced, carrots gleam! 🥕

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 37.50% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'refactor(installer): thin bootstrap and versioned payload' accurately captures the main change: converting the installer into a thin bootstrap and moving to a versioned payload approach.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/thin-bootstrap-installer

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (2)

scripts/install/installer.sh (2)

655-658: Consider adding SHA-256 verification for the Ollama installer.

Unlike the nvm installer (which has SHA-256 verification), the Ollama installer is only checked for shebang presence. While verify_downloaded_script helps detect download corruption, it doesn't protect against a compromised installer.

This is a lower priority than nvm since Ollama installation is conditional on GPU presence and the official installer is from ollama.com. However, consider adding hash verification for defense in depth if a known-good hash can be maintained.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@scripts/install/installer.sh` around lines 655 - 658, The Ollama installer
download is only validated for a shebang via verify_downloaded_script which
doesn't protect against a compromised binary; modify the install sequence around
the curl -> verify_downloaded_script -> sh "$tmpdir/install_ollama.sh" flow to
perform a SHA-256 check: obtain a trusted expected hash (hardcoded in the script
or fetched from a trusted URL), compute the downloaded file's SHA-256 (using
sha256sum or shasum -a 256), compare it to the expected value, and abort with a
clear error if it does not match before calling sh; update the code referencing
"$tmpdir/install_ollama.sh" and the verify_downloaded_script invocation to
include this new verification step.

---

336-340: Potential issue with local variable declaration in conditional branches.

The local declaration inside the if/else branches is unusual and may cause issues. In bash, local should be declared at the start of the function scope, and then assigned conditionally.

♻️ Suggested fix

+  local status
   if wait "$pid"; then
-    local status=0
+    status=0
   else
-    local status=$?
+    status=$?
   fi

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@scripts/install/installer.sh` around lines 336 - 340, The conditional
declares "local" inside both branches which is unsafe; move the local
declaration for the status variable to the top of the surrounding function
(e.g., add "local status" before using wait "$pid"), then inside the if/else
just assign status=0 or status=$? after wait "$pid"; update the block that uses
wait "$pid" (the wait "$pid" lines) to only set status instead of declaring it
locally in each branch.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@scripts/install/installer.sh`:
- Around line 655-658: The Ollama installer download is only validated for a
shebang via verify_downloaded_script which doesn't protect against a compromised
binary; modify the install sequence around the curl -> verify_downloaded_script
-> sh "$tmpdir/install_ollama.sh" flow to perform a SHA-256 check: obtain a
trusted expected hash (hardcoded in the script or fetched from a trusted URL),
compute the downloaded file's SHA-256 (using sha256sum or shasum -a 256),
compare it to the expected value, and abort with a clear error if it does not
match before calling sh; update the code referencing "$tmpdir/install_ollama.sh"
and the verify_downloaded_script invocation to include this new verification
step.
- Around line 336-340: The conditional declares "local" inside both branches
which is unsafe; move the local declaration for the status variable to the top
of the surrounding function (e.g., add "local status" before using wait "$pid"),
then inside the if/else just assign status=0 or status=$? after wait "$pid";
update the block that uses wait "$pid" (the wait "$pid" lines) to only set
status instead of declaring it locally in each branch.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 0cf5ecbb-1a2a-4dbd-9b91-af03c9f229d4

📥 Commits

Reviewing files that changed from the base of the PR and between e6a0e24 and da274cd.

📒 Files selected for processing (3)

• install.sh
• scripts/install/installer.sh
• test/install-preflight.test.js

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@scripts/install.sh`:
- Around line 818-826: The installer branches off the caller's current working
directory and a whitespace-sensitive grep instead of using the selected checkout
in NEMOCLAW_REPO_ROOT; update the logic so it reads and checks
"$NEMOCLAW_REPO_ROOT/package.json" (use a whitespace-tolerant match, e.g.
'"name":[[:space:]]*"nemoclaw"') and set
NEMOCLAW_SOURCE_ROOT="$NEMOCLAW_REPO_ROOT" when that file matches, then run the
subsequent npm/spin commands from that directory (either cd
"$NEMOCLAW_SOURCE_ROOT" before the spin lines or wrap each bash -c spin command
to cd into NEMOCLAW_SOURCE_ROOT first) so npm install, npm run, and npm link
operate on the chosen repo, not the caller's pwd; reference symbols:
NEMOCLAW_REPO_ROOT, NEMOCLAW_SOURCE_ROOT, and the spin "Installing NemoClaw
dependencies"/"Building NemoClaw CLI modules"/"Linking NemoClaw CLI" commands.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 18de4ab6-70b4-42a8-891a-540ff2d09d0e

📥 Commits

Reviewing files that changed from the base of the PR and between da274cd and 46ad602.

📒 Files selected for processing (3)

• install.sh
• scripts/install.sh
• test/install-preflight.test.js

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

scripts/install.sh (1)

819-827: ⚠️ Potential issue | 🔴 Critical

Use the selected checkout instead of $PWD for source installs.

This branch still probes ./package.json and runs the npm steps from the caller’s working directory. If the installer is launched from inside another checkout—or any directory with a matching package.json—it can build and link that tree instead of the ref it just selected. The exact-string grep is whitespace-sensitive too.

🛠️ Proposed fix

-  if [[ -f "./package.json" ]] && grep -q '"name": "nemoclaw"' ./package.json 2>/dev/null; then
-    info "NemoClaw package.json found in current directory — installing from source…"
-    NEMOCLAW_SOURCE_ROOT="$(pwd)"
-    spin "Preparing OpenClaw package" bash -c "$(declare -f info warn resolve_openclaw_version pre_extract_openclaw); pre_extract_openclaw \"\$1\"" _ "$(pwd)" \
+  local repo_root package_json
+  repo_root="$(resolve_repo_root)"
+  package_json="${repo_root}/package.json"
+  if [[ -f "$package_json" ]] && node -e 'process.exit(require(process.argv[1]).name === "nemoclaw" ? 0 : 1)' "$package_json" 2>/dev/null; then
+    info "NemoClaw package.json found in the selected checkout — installing from source…"
+    NEMOCLAW_SOURCE_ROOT="$repo_root"
+    spin "Preparing OpenClaw package" bash -c "$(declare -f info warn resolve_openclaw_version pre_extract_openclaw); pre_extract_openclaw \"\$1\"" _ "$repo_root" \
       || warn "Pre-extraction failed — npm install may fail if openclaw tarball is broken"
-    spin "Installing NemoClaw dependencies" npm install --ignore-scripts
-    spin "Building NemoClaw CLI modules" npm run --if-present build:cli
-    spin "Building NemoClaw plugin" bash -c 'cd nemoclaw && npm install --ignore-scripts && npm run build'
-    spin "Linking NemoClaw CLI" npm link
+    spin "Installing NemoClaw dependencies" bash -c 'cd "$1" && npm install --ignore-scripts' _ "$repo_root"
+    spin "Building NemoClaw CLI modules" bash -c 'cd "$1" && npm run --if-present build:cli' _ "$repo_root"
+    spin "Building NemoClaw plugin" bash -c 'cd "$1"/nemoclaw && npm install --ignore-scripts && npm run build' _ "$repo_root"
+    spin "Linking NemoClaw CLI" bash -c 'cd "$1" && npm link' _ "$repo_root"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@scripts/install.sh` around lines 819 - 827, The installer currently reads
./package.json and uses $(pwd), which can target the caller's CWD instead of the
selected checkout; change the logic to detect and operate on the selected
checkout path by setting NEMOCLAW_SOURCE_ROOT to the resolved/checked-out
directory (not "$(pwd)"), run the grep against
"$NEMOCLAW_SOURCE_ROOT/package.json" (use a more robust regex like
'"name":\s*"nemoclaw"'), invoke pre_extract_openclaw via spin with the source
root as the argument (spin ... pre_extract_openclaw "$1" _
"$NEMOCLAW_SOURCE_ROOT"), and ensure all subsequent npm steps (spin "Installing
NemoClaw dependencies", "Building NemoClaw CLI modules", "Building NemoClaw
plugin", "Linking NemoClaw CLI") are run with a cd into "$NEMOCLAW_SOURCE_ROOT"
(or otherwise pass that directory) so npm install, npm run, and npm link operate
on the selected checkout rather than the current working directory; reference
NEMOCLAW_SOURCE_ROOT, pre_extract_openclaw, and the spin invocations when making
the edits.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@install.sh`:
- Around line 109-119: The current logic sources LOCAL_PAYLOAD even when the
installer is read from stdin, causing local checkout payloads to be used; change
the sourcing guard around has_payload_marker/LOCAL_PAYLOAD so it only sources
when the script is being executed from a real file (i.e., BASH_SOURCE[0] refers
to an existing readable file and is not the stdin/built-in shell invocation),
and ensure the runtime dispatch that calls main vs bootstrap_main uses the same
“script is a real file” test; update the checks around has_payload_marker,
LOCAL_PAYLOAD, BASH_SOURCE, main, and bootstrap_main so stdin installs never
source the local payload.

---

Duplicate comments:
In `@scripts/install.sh`:
- Around line 819-827: The installer currently reads ./package.json and uses
$(pwd), which can target the caller's CWD instead of the selected checkout;
change the logic to detect and operate on the selected checkout path by setting
NEMOCLAW_SOURCE_ROOT to the resolved/checked-out directory (not "$(pwd)"), run
the grep against "$NEMOCLAW_SOURCE_ROOT/package.json" (use a more robust regex
like '"name":\s*"nemoclaw"'), invoke pre_extract_openclaw via spin with the
source root as the argument (spin ... pre_extract_openclaw "$1" _
"$NEMOCLAW_SOURCE_ROOT"), and ensure all subsequent npm steps (spin "Installing
NemoClaw dependencies", "Building NemoClaw CLI modules", "Building NemoClaw
plugin", "Linking NemoClaw CLI") are run with a cd into "$NEMOCLAW_SOURCE_ROOT"
(or otherwise pass that directory) so npm install, npm run, and npm link operate
on the selected checkout rather than the current working directory; reference
NEMOCLAW_SOURCE_ROOT, pre_extract_openclaw, and the spin invocations when making
the edits.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 89e1ce80-7696-4bbe-940d-5085639f4b1b

📥 Commits

Reviewing files that changed from the base of the PR and between 46ad602 and e6e603e.

📒 Files selected for processing (3)

• install.sh
• scripts/install.sh
• test/install-preflight.test.js

🚧 Files skipped from review as they are similar to previous changes (1)

• test/install-preflight.test.js

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Don’t source a checkout-local payload during stdin installs.

When this script is read from stdin, SCRIPT_DIR resolves to the caller’s current directory, so LOCAL_PAYLOAD becomes ./scripts/install.sh. If that file exists and carries the marker, the bootstrap sources local disk content instead of cloning and executing the selected ref.

🛠️ Proposed fix

-if has_payload_marker "$LOCAL_PAYLOAD"; then
+if [[ "${BASH_SOURCE[0]:-}" == "$0" && "$0" != "bash" && "$0" != "-bash" ]] && has_payload_marker "$LOCAL_PAYLOAD"; then
   # shellcheck source=/dev/null
   . "$LOCAL_PAYLOAD"
 fi
@@
-  if has_payload_marker "$LOCAL_PAYLOAD"; then
+  if [[ "${BASH_SOURCE[0]:-}" == "$0" && "$0" != "bash" && "$0" != "-bash" ]] && has_payload_marker "$LOCAL_PAYLOAD"; then
     main "$@"
   else
     bootstrap_main "$@"
   fi

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if has_payload_marker "$LOCAL_PAYLOAD"; then
	# shellcheck source=/dev/null
	. "$LOCAL_PAYLOAD"
	fi
	step 3 "Onboarding"
	if command_exists nemoclaw; then
	run_onboard
	ONBOARD_RAN=true
	if [[ "${BASH_SOURCE[0]:-}" == "$0" ]] || { [[ -z "${BASH_SOURCE[0]:-}" ]] && { [[ "$0" == "bash" ]] || [[ "$0" == "-bash" ]]; }; }; then
	if has_payload_marker "$LOCAL_PAYLOAD"; then
	main "$@"
	else
	warn "Skipping onboarding — this shell still cannot resolve 'nemoclaw'."
	bootstrap_main "$@"
	fi
	if [[ "${BASH_SOURCE[0]:-}" == "$0" && "$0" != "bash" && "$0" != "-bash" ]] && has_payload_marker "$LOCAL_PAYLOAD"; then
	# shellcheck source=/dev/null
	. "$LOCAL_PAYLOAD"
	fi
	if [[ "${BASH_SOURCE[0]:-}" == "$0" ]] || { [[ -z "${BASH_SOURCE[0]:-}" ]] && { [[ "$0" == "bash" ]] || [[ "$0" == "-bash" ]]; }; }; then
	if [[ "${BASH_SOURCE[0]:-}" == "$0" && "$0" != "bash" && "$0" != "-bash" ]] && has_payload_marker "$LOCAL_PAYLOAD"; then
	main "$@"
	else
	bootstrap_main "$@"
	fi
	fi

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@install.sh` around lines 109 - 119, The current logic sources LOCAL_PAYLOAD
even when the installer is read from stdin, causing local checkout payloads to
be used; change the sourcing guard around has_payload_marker/LOCAL_PAYLOAD so it
only sources when the script is being executed from a real file (i.e.,
BASH_SOURCE[0] refers to an existing readable file and is not the stdin/built-in
shell invocation), and ensure the runtime dispatch that calls main vs
bootstrap_main uses the same “script is a real file” test; update the checks
around has_payload_marker, LOCAL_PAYLOAD, BASH_SOURCE, main, and bootstrap_main
so stdin installs never source the local payload.