feat(onboard): add review summary + Y/n gate before destructive sandbox build

[latenighthackathon]

Summary

nemoclaw onboard collected 8 inputs then immediately began a ~6-minute sandbox image build + provider/credential persistence with no final confirmation. Users who hit Enter by reflex at the sandbox-name prompt (where [my-assistant] is pre-filled) were locked into a build they did not intend to start.

This PR adds a compact summary + [Y/n] gate right after the sandbox-name prompt in createSandbox(), before any destructive action (docker build, patchStagedDockerfile, provider creation).

Before

  [6/8] Creating sandbox
  ──────────────────────────────────────────────
  Sandbox name (lowercase, starts with letter, hyphens ok) [my-assistant]:
  ← Enter pressed →
  [7/8] Building sandbox image...   ← 6 minutes locked in

After

  [6/8] Creating sandbox
  ──────────────────────────────────────────────
  Sandbox name (lowercase, starts with letter, hyphens ok) [my-assistant]:
  ← Enter pressed →

  ──────────────────────────────────────────────────
  Review configuration
  ──────────────────────────────────────────────────
  Provider:      gemini-api
  Model:         gemini-2.5-flash
  Web search:    disabled
  Messaging:     none
  Sandbox name:  my-assistant
  ──────────────────────────────────────────────────
  Apply this configuration? [Y/n]:

Default is Y so a confident user still just hits Enter once. Answering n/no prints "Aborted. Re-run nemoclaw onboard to start over." and exits 0 (clean abort, not an error).

Non-interactive runs (NEMOCLAW_NON_INTERACTIVE=1, or --dangerously-skip-permissions) still print the summary for log clarity but skip the gate — automated flows opted out of prompts.

Related Issue

Closes #2165 (priority:high, Getting Started label)

Changes

• src/lib/onboard.ts — added formatOnboardConfigSummary() (pure, exported for testing) and an inline confirm prompt in createSandbox() right after the sandbox-name validation. Non-interactive / dangerouslySkipPermissions skip the prompt but still emit the summary.

Testing

• npx vitest run test/onboard.test.ts — 134 tests pass (+1 for new summary test)
• npx vitest run test/runner.test.ts — 60/60 pass (exercises create-sandbox e2e)
• npm run build:cli + npm run typecheck:cli clean

Executed:

• New test covers: full-field render (provider/model/web/messaging/sandbox name), empty channels → "none", null webSearch → "disabled", and null-field → "(unset)" fallback (guards against stringified "undefined" leaking).

Checklist

• Follows Conventional Commits
• Commit is signed (SSH)
• DCO Signed-off-by trailer present

Signed-off-by: latenighthackathon latenighthackathon@users.noreply.github.com

Summary by CodeRabbit

• New Features

  • Added a configuration review summary showing provider, model, API credential hint (or "not required"), web search status, messaging channels (or "none"), sandbox name (prompted if missing), and optional notes.
  • Interactive confirmation prompt lets users approve or abort applying the configuration; abort prints guidance and exits onboarding (non-interactive runs skip the prompt but still display the summary).

• Tests

  • Added tests validating the configuration summary formatting and placeholder rendering.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Added and exported a formatter that prints a multi-line "Review configuration" summary during onboarding, moved sandbox-name prompt earlier, and introduced an interactive confirmation prompt (skipped in non-interactive or when skipping permissions) that can abort onboarding before any destructive build or provider setup.

Changes

Cohort / File(s)	Summary
Onboard flow & formatter src/lib/onboard.ts	Added and exported formatOnboardConfigSummary(...). Prompt for sandboxName now runs before inference setup; after provider/model selection the CLI prints the formatted "Review configuration" block. In interactive runs (and when dangerouslySkipPermissions is false) the flow prompts Apply this configuration? [Y/n] and aborts with guidance on "no". Non-interactive runs still print the summary but skip confirmation.
Tests test/onboard.test.ts	Imported formatOnboardConfigSummary in tests and added a Vitest test that verifies the formatted summary renders provider/model or (unset), credential hint or provider-specific (not required for <provider>), web search enabled/disabled, messaging list vs none, sandbox name, notes bullets, and ensures no literal undefined appears.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant CLI as Onboard CLI
    participant Inference as setupInference
    participant Build as SandboxBuilder

    User->>CLI: Start 'onboard' (interactive)
    CLI->>User: Prompt provider/model, API key, web-search, messaging
    CLI->>User: Prompt sandbox name (validated)
    CLI->>CLI: formatOnboardConfigSummary(...)
    CLI->>User: Print "Review configuration" summary
    alt User confirms
        User->>CLI: Apply this configuration? [Y/n] -> yes
        CLI->>Inference: setupInference(provider, model, creds)
        CLI->>Build: start sandbox build/registration
    else User rejects
        User->>CLI: Apply this configuration? [Y/n] -> no
        CLI->>User: Print abort guidance and exit 0
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

I’m a rabbit with a checklist, soft and spry,
I read the config before the build can fly.
“Apply?” I ask with gentle hops and cheer—
No more surprises once I’m near. 🐇✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat(onboard): add review summary + Y/n gate before destructive sandbox build' accurately and clearly describes the main changes: adding a configuration review summary and confirmation gate before sandbox build execution.
Linked Issues check	✅ Passed	The PR fully implements the requirements from issue #2165: adds formatOnboardConfigSummary() function to display provider, model, API key location, web search, messaging, sandbox name and notes; implements 'Apply this configuration? [Y/n]' confirmation gate before destructive operations; moves sandbox-name prompt earlier so summary reflects the exact sandbox; supports non-interactive mode; includes comprehensive tests.
Out of Scope Changes check	✅ Passed	All changes are within scope of issue #2165. The PR modifies src/lib/onboard.ts to add formatOnboardConfigSummary and the confirmation gate, updates test/onboard.test.ts with comprehensive unit tests, and notes improvements to createSandbox to accept sandboxNameOverride—all directly supporting the review-and-confirm workflow requirement.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

test/onboard.test.ts (1)

5385-5386: Tighten the web-search assertion to the full rendered field.

summary.includes("enabled") is broad and can pass for unrelated text. Assert the exact summary line instead.

🔧 Suggested tweak

-    assert.ok(summary.includes("enabled"), "summary includes web-search enabled");
+    assert.ok(summary.includes("Web search:    enabled"), "summary includes web-search enabled");

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/onboard.test.ts` around lines 5385 - 5386, The first assertion in the
test uses summary.includes("enabled") which is too broad; update the assertion
that references the summary variable (the assert.ok line checking web-search) to
assert the full rendered field text (e.g., the exact "web-search: enabled" line
or exact substring rendered by the app) instead of just "enabled" so the test
only passes when the web-search summary line is present; keep the channel
assertion (the assert.ok checking "telegram, slack") as is.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/lib/onboard.ts`:
- Around line 3357-3373: The confirmation gate in createSandbox runs after
credential-persisting operations called earlier in onboard(), specifically
configureWebSearch() and setupMessagingChannels(), so aborting at the gate does
not undo side effects; move the confirmation block (the prompt using
formatOnboardConfigSummary, isNonInteractive and dangerouslySkipPermissions) to
run before calling configureWebSearch() and setupMessagingChannels(), or
alternatively delay any persistence by deferring saveCredential(...) calls until
after the user confirms; update createSandbox/onboard to ensure the prompt
always precedes any call to configureWebSearch, setupMessagingChannels or
saveCredential.

In `@test/onboard.test.ts`:
- Around line 5369-5372: Replace the dynamic CommonJS loading for
formatOnboardConfigSummary with a static ESM import: add
formatOnboardConfigSummary to the existing top-of-file ESM import list (instead
of using require(onboardPath)), and remove the delete require.cache[onboardPath]
and const { formatOnboardConfigSummary } = require(onboardPath) lines; ensure
any use of onboardPath is removed and tests reference the imported
formatOnboardConfigSummary directly.

---

Nitpick comments:
In `@test/onboard.test.ts`:
- Around line 5385-5386: The first assertion in the test uses
summary.includes("enabled") which is too broad; update the assertion that
references the summary variable (the assert.ok line checking web-search) to
assert the full rendered field text (e.g., the exact "web-search: enabled" line
or exact substring rendered by the app) instead of just "enabled" so the test
only passes when the web-search summary line is present; keep the channel
assertion (the assert.ok checking "telegram, slack") as is.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 2280d770-9358-446c-92d9-9029b2bdccf9

📥 Commits

Reviewing files that changed from the base of the PR and between eda521e and 2ada1a1.

📒 Files selected for processing (2)

• src/lib/onboard.ts
• test/onboard.test.ts

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

src/lib/onboard.ts (1)

3357-3383: ⚠️ Potential issue | 🟠 Major

Confirmation gate still runs after credential persistence side effects

At Line 3357-Line 3383, aborting here still leaves previously saved credentials because configureWebSearch() and setupMessagingChannels() execute earlier in onboard() before createSandbox(...). This is the same root concern raised previously; messaging clarification helps UX, but does not change side-effect timing.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/lib/onboard.ts` around lines 3357 - 3383, The confirmation gate currently
runs after side-effecting calls configureWebSearch() and
setupMessagingChannels(), so aborting still leaves persisted credentials; move
those persistence-causing calls (configureWebSearch, setupMessagingChannels, and
any credential writes invoked before createSandbox) to occur only after the user
confirms via promptOrDefault (or after checking dangerouslySkipPermissions /
isNonInteractive), or alternatively introduce an earlier confirmation prompt
before calling configureWebSearch/setupMessagingChannels; also update the
summary/log text around formatOnboardConfigSummary and createSandbox to clearly
state when credentials will be persisted in non-interactive flows.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@src/lib/onboard.ts`:
- Around line 3357-3383: The confirmation gate currently runs after
side-effecting calls configureWebSearch() and setupMessagingChannels(), so
aborting still leaves persisted credentials; move those persistence-causing
calls (configureWebSearch, setupMessagingChannels, and any credential writes
invoked before createSandbox) to occur only after the user confirms via
promptOrDefault (or after checking dangerouslySkipPermissions /
isNonInteractive), or alternatively introduce an earlier confirmation prompt
before calling configureWebSearch/setupMessagingChannels; also update the
summary/log text around formatOnboardConfigSummary and createSandbox to clearly
state when credentials will be persisted in non-interactive flows.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: fdf523f6-d98e-46f0-a2fa-8067d9af7890

📥 Commits

Reviewing files that changed from the base of the PR and between 2ada1a1 and 98de38d.

📒 Files selected for processing (1)

• src/lib/onboard.ts

[latenighthackathon]

Applied both CodeRabbit suggestions:

• Major — moved the gate out of createSandbox into onboard(), running before configureWebSearch and setupMessagingChannels. Sandbox-name prompt moved up too (via the existing promptValidatedSandboxName helper); createSandbox receives the validated name and skips its internal prompt. Scope note in the inline comment: inference credentials collected earlier still persist; abort message directs users to nemoclaw credentials reset <KEY>.
• ESM — promoted formatOnboardConfigSummary to the top-of-file static import list and dropped the require/require.cache block.

Signed commit 55fd9452. 134 onboard tests still pass. Cheers!

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

src/lib/onboard.ts (1)

3310-3334: ⚠️ Potential issue | 🟠 Major

Summary output still omits API-key hint/location and optional notes requested by #2165.

formatOnboardConfigSummary() currently renders only provider/model/web-search/messaging/sandbox-name. It still misses the API-key hint/location row and optional note lines (e.g., long-build warning) from the issue contract.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/lib/onboard.ts` around lines 3310 - 3334, formatOnboardConfigSummary
currently only prints provider/model/web-search/messaging/sandboxName; update it
to also render an "API key" row (showing apiKeyHint or apiKeyLocation from the
passed-in config) and an optional notes section (e.g., long-build warning) when
present. Modify the function signature to accept the API key info and optional
notes (or extract them from webSearchConfig if that object contains
apiKeyHint/apiKeyLocation and notes), compute a string like apiKey = apiKeyHint
?? apiKeyLocation ?? "(not required/unspecified)" and append additional lines
after the "Sandbox name" line for `API key:` and, if notes is truthy, one or
more indented lines for the note text; keep the same bar separators and existing
formatting style used in formatOnboardConfigSummary so spacing and join("\n")
remain consistent.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/lib/onboard.ts`:
- Around line 6674-6698: The confirmation prompt runs after setupInference() has
already performed persistent changes (e.g., upsertProvider and inference set),
so move the interactive gate earlier or split setupInference into validate and
apply phases: either invoke the confirmation (the block using promptOrDefault /
isNonInteractive / dangerouslySkipPermissions) before calling setupInference(),
or refactor setupInference() into setupInferenceValidate(...) that only
checks/collects config and setupInferenceApply(...) that performs
upsertProvider/inference set and is called only after the confirmation; update
callers accordingly so no persistent mutations occur before the user affirms.

---

Duplicate comments:
In `@src/lib/onboard.ts`:
- Around line 3310-3334: formatOnboardConfigSummary currently only prints
provider/model/web-search/messaging/sandboxName; update it to also render an
"API key" row (showing apiKeyHint or apiKeyLocation from the passed-in config)
and an optional notes section (e.g., long-build warning) when present. Modify
the function signature to accept the API key info and optional notes (or extract
them from webSearchConfig if that object contains apiKeyHint/apiKeyLocation and
notes), compute a string like apiKey = apiKeyHint ?? apiKeyLocation ?? "(not
required/unspecified)" and append additional lines after the "Sandbox name" line
for `API key:` and, if notes is truthy, one or more indented lines for the note
text; keep the same bar separators and existing formatting style used in
formatOnboardConfigSummary so spacing and join("\n") remain consistent.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: a6ba01bf-fb9a-40eb-915d-4c7133245ab3

📥 Commits

Reviewing files that changed from the base of the PR and between 98de38d and 55fd945.

📒 Files selected for processing (2)

• src/lib/onboard.ts
• test/onboard.test.ts

✅ Files skipped from review due to trivial changes (1)

• test/onboard.test.ts

[latenighthackathon]

Follow-up applied:

Nit A (summary fields) — extended formatOnboardConfigSummary with credentialEnv (renders API key: <ENV> (stored in ~/.nemoclaw/credentials.json), or (not required for <provider>) for local providers) and an optional notes array (caller passes Sandbox build takes ~6 minutes on this host.). Test coverage extended.

Nit B (gate before setupInference) — I agree the gate should land before setupInference, but doing that cleanly requires splitting setupInference into validate and apply phases (the current function interleaves upsertProvider / inference set persistence with retry-on-bad-key probes across six provider branches in ~550 lines). That's a larger refactor I'll do as a separate PR against the typed src/lib/ migration, not fold into the UX-fix PR.

Signed commit 5a1e8e06 on top. 134 onboard tests still pass. Cheers!

[coderabbitai]

♻️ Duplicate comments (1)

src/lib/onboard.ts (1)

6682-6720: ⚠️ Potential issue | 🟠 Major

Confirmation still runs after inference-side persistent mutations.

At Line 6631, onboard() runs setupInference(...) before this gate, and setupInference performs persistent operations (upsertProvider, openshell inference set; see Line 4830-Line 4862). So aborting at Line 6710 exits cleanly but still leaves applied state behind.

If this gate is meant to guard all persistence, move it before inference apply or split inference into validate/apply phases.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/lib/onboard.ts` around lines 6682 - 6720, The confirmation prompt
currently runs after persistent operations performed by setupInference (which
calls upsertProvider and invokes the openshell inference set flow), so aborting
still leaves state applied; move the confirmation gate (the prompt using
promptOrDefault and the surrounding isNonInteractive/dangerouslySkipPermissions
check that currently follows formatOnboardConfigSummary and
promptValidatedSandboxName) to run before setupInference is executed in
onboard(), or refactor setupInference into two functions (e.g.,
validateInferenceConfig and applyInferenceConfig) and call only
validateInferenceConfig before the confirmation and applyInferenceConfig only
after the user confirms; update references to setupInference, upsertProvider,
and openshell inference set accordingly so no persistent mutations occur prior
to user confirmation.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@src/lib/onboard.ts`:
- Around line 6682-6720: The confirmation prompt currently runs after persistent
operations performed by setupInference (which calls upsertProvider and invokes
the openshell inference set flow), so aborting still leaves state applied; move
the confirmation gate (the prompt using promptOrDefault and the surrounding
isNonInteractive/dangerouslySkipPermissions check that currently follows
formatOnboardConfigSummary and promptValidatedSandboxName) to run before
setupInference is executed in onboard(), or refactor setupInference into two
functions (e.g., validateInferenceConfig and applyInferenceConfig) and call only
validateInferenceConfig before the confirmation and applyInferenceConfig only
after the user confirms; update references to setupInference, upsertProvider,
and openshell inference set accordingly so no persistent mutations occur prior
to user confirmation.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 3d4cf0b5-34b9-4c6a-a604-96bb14aeda16

📥 Commits

Reviewing files that changed from the base of the PR and between 55fd945 and 5a1e8e0.

📒 Files selected for processing (2)

• src/lib/onboard.ts
• test/onboard.test.ts

[latenighthackathon]

Nit B applied — moved the summary + Y/n gate up inside the inference retry loop, after setupNim collects provider/model/credentialEnv in memory but before setupInference runs upsertProvider and openshell inference set. On retry (bad key), the loop re-runs and the user sees the gate again with the refreshed config. Duplicate gate in the else-branch of resumeSandbox removed.

The only remaining pre-gate persistence is the saveCredential call inside the credential-prompt helper (setupNim path) — splitting that into collect vs persist phases would be a broader refactor touching every credential prompt site. For now the abort message still directs users to nemoclaw credentials reset <KEY>.

Signed commit e5cf44d0. 134 onboard tests pass. Cheers!

[coderabbitai]

🧹 Nitpick comments (2)

src/lib/onboard.ts (2)

6639-6650: Summary labels web/messaging as final before those prompts run

At Line 6643-Line 6645, the summary is printed before web search and messaging setup, so fresh runs usually show disabled / none even when users will enable them immediately after. Consider rendering these as “pending” at this stage (or adjust heading text) to avoid false certainty.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/lib/onboard.ts` around lines 6639 - 6650, The summary is being rendered
before web search and messaging setup so formatOnboardConfigSummary(...) shows
final "disabled/none" even though users will be prompted; update the call site
to pass provisional values instead of definitive empties — e.g., for
enabledChannels (selectedMessagingChannels) and webSearchConfig, pass a sentinel
like "pending" (or a wrapper flag) when those arrays/configs are empty/undefined
so formatOnboardConfigSummary and its consumers display "pending" rather than
"disabled/none"; locate the call to formatOnboardConfigSummary, the
selectedMessagingChannels variable, and the webSearchConfig variable and
implement the conditional sentinel logic there.

---

3333-3335: API-key location line can be inaccurate in env-only runs

At Line 3334, the summary always says the key is stored in ~/.nemoclaw/credentials.json, but non-interactive flows may use only environment variables (not persisted). This can mislead users.

Proposed adjustment

 function formatOnboardConfigSummary({
   provider,
   model,
   credentialEnv = null,
+  credentialLocation = null,
   webSearchConfig,
   enabledChannels,
   sandboxName,
   notes = [],
 }) {
@@
-  const apiKeyLine = credentialEnv
-    ? `  API key:       ${credentialEnv} (stored in ~/.nemoclaw/credentials.json)`
+  const apiKeyLine = credentialEnv
+    ? `  API key:       ${credentialEnv} (${credentialLocation || "source not specified"})`
     : `  API key:       (not required for ${provider ?? "this provider"})`;

Then pass credentialLocation at call sites (for example: "stored in ~/.nemoclaw/credentials.json" vs "from environment for this run").

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/lib/onboard.ts` around lines 3333 - 3335, The API key summary line
currently always claims the key is "stored in ~/.nemoclaw/credentials.json"
which is wrong for env-only runs; update the code that builds apiKeyLine (the
variable apiKeyLine that uses credentialEnv and provider) to accept and use a
credentialLocation parameter/variable instead of hardcoding the file path, and
change call sites that invoke this onboarding message to pass the appropriate
credentialLocation string (e.g., "stored in ~/.nemoclaw/credentials.json" vs
"from environment for this run"). Ensure you update all places that construct or
call the function that sets apiKeyLine so credentialLocation is provided and
used when credentialEnv is truthy.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@src/lib/onboard.ts`:
- Around line 6639-6650: The summary is being rendered before web search and
messaging setup so formatOnboardConfigSummary(...) shows final "disabled/none"
even though users will be prompted; update the call site to pass provisional
values instead of definitive empties — e.g., for enabledChannels
(selectedMessagingChannels) and webSearchConfig, pass a sentinel like "pending"
(or a wrapper flag) when those arrays/configs are empty/undefined so
formatOnboardConfigSummary and its consumers display "pending" rather than
"disabled/none"; locate the call to formatOnboardConfigSummary, the
selectedMessagingChannels variable, and the webSearchConfig variable and
implement the conditional sentinel logic there.
- Around line 3333-3335: The API key summary line currently always claims the
key is "stored in ~/.nemoclaw/credentials.json" which is wrong for env-only
runs; update the code that builds apiKeyLine (the variable apiKeyLine that uses
credentialEnv and provider) to accept and use a credentialLocation
parameter/variable instead of hardcoding the file path, and change call sites
that invoke this onboarding message to pass the appropriate credentialLocation
string (e.g., "stored in ~/.nemoclaw/credentials.json" vs "from environment for
this run"). Ensure you update all places that construct or call the function
that sets apiKeyLine so credentialLocation is provided and used when
credentialEnv is truthy.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 7f45f4d6-87eb-4c87-8268-8a03825e3943

📥 Commits

Reviewing files that changed from the base of the PR and between 5a1e8e0 and e5cf44d.

📒 Files selected for processing (1)

• src/lib/onboard.ts

[latenighthackathon]

Follow-up filed as #2226 — defers setupNim's credential-prompt persistence until this gate confirms, so a clean abort leaves nothing on disk. Stacked on this PR. Cheers!

[wscurran]

✨ Thanks for submitting this PR that proposes a way to add a review summary and confirmation gate — this could help provide a more user-friendly experience for sandbox creation.

---

Related open issues:

• #2165 [All Platforms][Onboard] Onboard wizard has no "Apply this configuration?" review/confirm step — default sandbox name my-assistant is silently accepted on Enter and immediately triggers ~6

[ericksoa]

Good UX improvement. The iterative refinement through 5 commits shows the gate was placed thoughtfully — final position is before setupInference() calls upsertProvider, which is the right boundary.

Looks good

• Gate placement — inside the inference retry loop, after provider/model/credentialEnv are collected in memory but before any gateway mutations. On retry, the user sees the updated summary and gate again. Correct.
• Non-interactive mode — prints summary for log clarity but skips the prompt. Automated flows are not blocked.
• Abort handling — exits 0 (clean, not error) with guidance to nemoclaw credentials reset for any credentials already persisted during the prompt phase. Honest about the scope.
• formatOnboardConfigSummary is pure and exported — directly testable, no I/O.
• Test coverage — covers full-field, empty channels, null webSearch, null credentialEnv fallback, and the "(unset)" null-field guard. Good.
• "Web search and messaging channels will be prompted next" — correctly sets expectations that the summary is a pre-build checkpoint, not a complete configuration review.

Minor (non-blocking)

1. The "~6 minutes on this host" note is hardcoded. If it ever becomes misleading (fast machines, cached builds), consider deriving it from the previous build time or dropping it.

LGTM.