fix(onboard): propagate context window, max tokens, and reasoning to sandbox image

[javlund]

Summary

The NEMOCLAW_CONTEXT_WINDOW, NEMOCLAW_MAX_TOKENS and NEMOCLAW_REASONING variables were not sent all the way to the openclaw.json file (and thus the agent configuration), I've tried to fix that. As the Dockerfile is altered, this will likely require a sandbox re-creation to kick in.

There were a few tests I couldn't get green as they were timing out, but they don't seem to be related to the files changed in this PR.

Changes

• adds 3 ARGs to the Dockerfile with the same defaults as before, promotes them to ENV, and the Python script reads from os.environ instead of literals
• patchStagedDockerfile() in onboard.ts reads the 3 env vars from the host and patches the ARG lines before image build
• Unit tests to verify

Type of Change

• Code change (feature, bug fix, or refactor)
• Code change with doc updates
• Doc only (prose changes, no code sample modifications)
• Doc only (includes code sample changes)

Verification

• npx prek run --all-files passes
• npm test passes
• Tests added or updated for new or changed behavior
• No secrets, API keys, or credentials committed
• Docs updated for user-facing behavior changes
• make docs builds without warnings (doc changes only)
• Doc pages follow the style guide (doc changes only)
• New doc pages include SPDX header and frontmatter (new pages only)

AI Disclosure

• AI-assisted — tool: GitHub Copilot

---

Signed-off-by: Jacob Avlund jacob@avlund.dk

Summary by CodeRabbit

• New Features

  • Context window size, maximum token limits, and reasoning mode can now be configured via environment variables for more flexible deployments and builds.

• Tests

  • Added automated test coverage to ensure environment-based build staging correctly applies those configuration values.

[coderabbitai]

📝 Walkthrough

Walkthrough

Added three Nemoclaw build args/env vars—NEMOCLAW_CONTEXT_WINDOW, NEMOCLAW_MAX_TOKENS, NEMOCLAW_REASONING—and propagated them into the image ENV and generated OpenClaw config. The onboard patcher now validates and injects these values into staged Dockerfiles; a test verifies the behavior.

Changes

Cohort / File(s)	Summary
Docker Configuration Dockerfile	Added ARG and ENV for NEMOCLAW_CONTEXT_WINDOW, NEMOCLAW_MAX_TOKENS, NEMOCLAW_REASONING. Python config generation now reads context_window and max_tokens from env (with defaults) and converts NEMOCLAW_REASONING from string to boolean; replaced prior hard-coded values in generated openclaw config.
Dockerfile Patching Logic src/lib/onboard.ts	patchStagedDockerfile() reads host process.env for the three NEMOCLAW vars and conditionally replaces corresponding ARG default lines in staged Dockerfiles. Validates context/max as positive integers and reasoning as exact "true"/"false"; leaves ARG lines unchanged on invalid or missing env.
Tests test/onboard.test.ts	Added test that creates a temp staged Dockerfile, sets process.env values for the three vars, runs patchStagedDockerfile(...), asserts ARG lines reflect env-provided values (including converting "true" to ARG ...=true), and restores env/cleans up in finally.

Sequence Diagram(s)

sequenceDiagram
    participant Host as Host (process.env)
    participant Patcher as onboard.patchStagedDockerfile
    participant Dockerfile as Staged Dockerfile
    participant Builder as Image build / Python config generator

    Host->>Patcher: provide NEMOCLAW_* env vars
    Patcher->>Dockerfile: read & validate ARG lines
    Patcher->>Dockerfile: replace ARG defaults when valid
    Dockerfile->>Builder: build image with updated ENV
    Builder->>Builder: Python reads env, computes contextWindow/maxTokens/reasoning
    Builder->>GeneratedConfig: write models with computed values

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐇 I nibbled ARGs in a Dockerfile glade,
Tuned context and tokens, then bravely I bade,
"Reason true or false, let the builder decide,"
I hopped, I patched, and watched configs abide. 🥕✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: propagating context window, max tokens, and reasoning settings to the sandbox image configuration across all modified files.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/lib/onboard.ts`:
- Around line 1027-1040: POSITIVE_INT_RE currently permits "0", so update the
validation used for contextWindow and maxTokens to only accept positive integers
> 0 (e.g., change POSITIVE_INT_RE to a regex that requires a non-zero leading
digit like /^[1-9][0-9]*$/ or replace the regex check with numeric parsing and a
> 0 check); ensure the same updated validation is applied before calling
dockerfile.replace for NEMOCLAW_CONTEXT_WINDOW and NEMOCLAW_MAX_TOKENS so zero
values are rejected.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 3b708133-f82e-494c-9ea6-bfbead0d0142

📥 Commits

Reviewing files that changed from the base of the PR and between ec4d058 and cfe4d69.

📒 Files selected for processing (3)

• Dockerfile
• src/lib/onboard.ts
• test/onboard.test.ts

[wscurran]

✨ Thanks for submitting this PR that proposes a fix to propagate context window, max tokens, and reasoning to the sandbox image, which could help improve the functionality of NemoClaw.

[coderabbitai]

🧹 Nitpick comments (1)

src/lib/onboard.ts (1)

1231-1248: Add negative-path tests for env validation edge cases.

Current coverage demonstrates the happy path, but this block would benefit from explicit tests for invalid values ("0", negatives, non-numeric, whitespace-padded, "TRUE"), asserting the original ARG defaults remain unchanged.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/lib/onboard.ts` around lines 1231 - 1248, Add negative-path unit tests
that exercise the env validation around POSITIVE_INT_RE and the reasoning check:
set process.env.NEMOCLAW_CONTEXT_WINDOW and NEMOCLAW_MAX_TOKENS to invalid
values like "0", "-1", "abc", " 5 ", and "TRUE", then call the function that
produces/returns the dockerfile (the code block using POSITIVE_INT_RE and
NEMOCLAW_REASONING) and assert the original ARG lines for
NEMOCLAW_CONTEXT_WINDOW and NEMOCLAW_MAX_TOKENS (and the reasoning ARG) remain
unchanged; ensure tests restore env state after each case and include separate
cases for each invalid input to verify the replacements do not occur.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@src/lib/onboard.ts`:
- Around line 1231-1248: Add negative-path unit tests that exercise the env
validation around POSITIVE_INT_RE and the reasoning check: set
process.env.NEMOCLAW_CONTEXT_WINDOW and NEMOCLAW_MAX_TOKENS to invalid values
like "0", "-1", "abc", " 5 ", and "TRUE", then call the function that
produces/returns the dockerfile (the code block using POSITIVE_INT_RE and
NEMOCLAW_REASONING) and assert the original ARG lines for
NEMOCLAW_CONTEXT_WINDOW and NEMOCLAW_MAX_TOKENS (and the reasoning ARG) remain
unchanged; ensure tests restore env state after each case and include separate
cases for each invalid input to verify the replacements do not occur.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: ae6a0546-080b-493e-8ad3-c789e33a579c

📥 Commits

Reviewing files that changed from the base of the PR and between ea0d3cf and 8ef8ac2.

📒 Files selected for processing (3)

• Dockerfile
• src/lib/onboard.ts
• test/onboard.test.ts

✅ Files skipped from review due to trivial changes (1)

• test/onboard.test.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• Dockerfile

[ericksoa]

Reviewed from a security perspective — input validation is solid, no injection vectors, trust boundary is appropriate. LGTM.