fix(onboard): propagate NEMOCLAW_INFERENCE_INPUTS to baked openclaw.json

[rluo8]

Summary

The NEMOCLAW_INFERENCE_INPUTS variable is not sent all the way to the openclaw.json file (and thus the agent configuration). The input field in models[0] is hardcoded to ['text'] in the Dockerfile, so users who select a vision-capable model via NEMOCLAW_MODEL cannot tell OpenClaw that the model accepts image input. This extends #1956's plumbing pattern to cover the last remaining hardcoded inference field.

Related Issue

Fixes #2421

Changes

• adds 1 ARG to the Dockerfile with default text (matching the previously-hardcoded value), promotes it to ENV, and the Python script reads from os.environ .
• patchStagedDockerfile() in onboard.ts reads NEMOCLAW_INFERENCE_INPUTS from the host and patches the ARG line before image build, validated by regex /^(text|image)(,(text|image))*$/ matching OpenClaw's model.input schema (z.array(z.union([z.literal("text"), z.literal("image")])))
• Unit tests to verify: positive case (text,image → baked) plus a 6-case reject table (undefined / audio / text, / Text,Image / text, image / shell-injection attempt)

Type of Change

• [ √] Code change (feature, bug fix, or refactor)
• Code change with doc updates
• Doc only (prose changes, no code sample modifications)
• Doc only (includes code sample changes)

Verification

• [ √] npx prek run --all-files passes
• [ √] npm test passes
• [ √] Tests added or updated for new or changed behavior
• [√ ] No secrets, API keys, or credentials committed
• Docs updated for user-facing behavior changes
• make docs builds without warnings (doc changes only)
• Doc pages follow the style guide (doc changes only)
• New doc pages include SPDX header and frontmatter (new pages only)

AI Disclosure

• AI-assisted — tool: Cursor

---

Signed-off-by: rluo8 ruluo@nvidia.com

Summary by CodeRabbit

• New Features

  • Added build/runtime environment support to specify model input modalities (e.g., text, image) with a safe default of "text", enabling image-capable modal setups via env configuration.
  • Inputs are validated and parsed into a trimmed, comma-separated list before use.

• Tests

  • Added regression tests for parsing and validation of the input-modality setting, covering valid multi-value inputs and malformed or injection-like values.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: c7cb8b3e-fe4f-45a8-9767-a6b44db63848

📥 Commits

Reviewing files that changed from the base of the PR and between c559d13 and 866fc63.

📒 Files selected for processing (1)

• test/onboard.test.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• test/onboard.test.ts

---

📝 Walkthrough

Walkthrough

Adds a build-time/runtime env var NEMOCLAW_INFERENCE_INPUTS that onboarding validates and, when valid, injects into the staged Dockerfile; the container’s Python config generator parses it into the model input list (fallback ['text']) for the generated OpenClaw config.

Changes

Cohort / File(s)	Summary
Dockerfile Configuration Dockerfile	Adds ARG NEMOCLAW_INFERENCE_INPUTS=text and ENV NEMOCLAW_INFERENCE_INPUTS=${NEMOCLAW_INFERENCE_INPUTS} to carry the value into the image/runtime.
Onboard Input Validation src/lib/onboard.ts	patchStagedDockerfile reads process.env.NEMOCLAW_INFERENCE_INPUTS, validates it as a comma-separated allowlist of text and image, and if valid rewrites the ARG line; otherwise leaves the Dockerfile default.
Tests test/onboard.test.ts	Adds regression tests: one ensures a valid "text,image" value is baked into the staged Dockerfile; another verifies undefined, malformed, casing/whitespace, trailing-comma, or injection-like values do not alter the default ARG.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Host as Host shell
  participant Onboard as src/lib/onboard.ts
  participant Dockerfile as Staged Dockerfile
  participant PyGen as Embedded Python config generator
  participant Sandbox as Sandbox (/sandbox/.openclaw)

  Host->>Onboard: export NEMOCLAW_INFERENCE_INPUTS & run onboard
  Onboard->>Onboard: validate env (allowlist: text,image)
  alt valid
    Onboard->>Dockerfile: patch ARG NEMOCLAW_INFERENCE_INPUTS=text,image
  else invalid/absent
    Onboard-->>Dockerfile: keep ARG NEMOCLAW_INFERENCE_INPUTS=text
  end
  Dockerfile->>PyGen: build/run (ENV propagated)
  PyGen->>PyGen: parse NEMOCLAW_INFERENCE_INPUTS -> ['text','image'] (fallback ['text'])
  PyGen->>Sandbox: write openclaw.json with models[*].input = [...]

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐇 I nudged a Docker ARG today,
Split inputs clean so modes can play.
Text and image, tidy, true,
Baked in neat for sandbox view.
A little hop — new senses queue.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately and specifically identifies the main change: adding propagation of NEMOCLAW_INFERENCE_INPUTS environment variable to the baked openclaw.json configuration file.
Linked Issues check	✅ Passed	The PR fully addresses the primary coding objective from issue #2421: implementing propagation of NEMOCLAW_INFERENCE_INPUTS from host environment into the sandbox's openclaw.json via ARG overrides and patchStagedDockerfile validation.
Out of Scope Changes check	✅ Passed	All changes are tightly scoped to NEMOCLAW_INFERENCE_INPUTS propagation: Dockerfile ARG/ENV addition, patchStagedDockerfile validation logic, and comprehensive regression tests with input validation and injection prevention.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

test/onboard.test.ts (1)

747-805: Decouple malformed-input cases from unrelated buildId mutation.

Line 787 currently injects each malformed test value into buildId, which can mask failures by coupling this test to unrelated NEMOCLAW_BUILD_ID handling. Keep buildId constant (or index-based) so the test isolates NEMOCLAW_INFERENCE_INPUTS validation only.

♻️ Proposed test-isolation fix

-      for (const value of rejectCases) {
+      for (const [index, value] of rejectCases.entries()) {
         fs.writeFileSync(dockerfilePath, baseDockerfile);
         if (value === undefined) {
           delete process.env.NEMOCLAW_INFERENCE_INPUTS;
         } else {
           process.env.NEMOCLAW_INFERENCE_INPUTS = value;
         }
         patchStagedDockerfile(
           dockerfilePath,
           "gpt-5.4",
           "http://127.0.0.1:18789",
-          `build-inputs-reject-${String(value)}`,
+          `build-inputs-reject-${index}`,
           "openai-api",
         );

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/onboard.test.ts` around lines 747 - 805, The test is accidentally
injecting each malformed value into the buildId argument of
patchStagedDockerfile, coupling NEMOCLAW_INFERENCE_INPUTS validation with
buildId handling; change the call to patchStagedDockerfile so the buildId is
constant (or based on the loop index) instead of using String(value) (e.g., use
"build-inputs-reject" or `build-inputs-reject-${i}`), leaving
process.env.NEMOCLAW_INFERENCE_INPUTS set per rejectCases and keeping the rest
of the test unchanged (refer to patchStagedDockerfile,
NEMOCLAW_INFERENCE_INPUTS, NEMOCLAW_BUILD_ID, and rejectCases).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@test/onboard.test.ts`:
- Around line 747-805: The test is accidentally injecting each malformed value
into the buildId argument of patchStagedDockerfile, coupling
NEMOCLAW_INFERENCE_INPUTS validation with buildId handling; change the call to
patchStagedDockerfile so the buildId is constant (or based on the loop index)
instead of using String(value) (e.g., use "build-inputs-reject" or
`build-inputs-reject-${i}`), leaving process.env.NEMOCLAW_INFERENCE_INPUTS set
per rejectCases and keeping the rest of the test unchanged (refer to
patchStagedDockerfile, NEMOCLAW_INFERENCE_INPUTS, NEMOCLAW_BUILD_ID, and
rejectCases).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 736b58e6-a643-421c-a156-9e983ed656fa

📥 Commits

Reviewing files that changed from the base of the PR and between de97a00 and f9461b6.

📒 Files selected for processing (3)

• Dockerfile
• src/lib/onboard.ts
• test/onboard.test.ts

[coderabbitai]

🧹 Nitpick comments (2)

Dockerfile (1)

312-312: Add in-script allowlist validation for defense in depth.

Line 312 normalizes input but does not reject unknown modalities. A direct build arg like audio would still be baked into openclaw.json. Mirror the allowlist check here and fail fast.

♻️ Suggested hardening patch

-inference_inputs = [v.strip() for v in os.environ.get('NEMOCLAW_INFERENCE_INPUTS', 'text').split(',') if v.strip()] or ['text']; \
+inference_inputs = [v.strip() for v in os.environ.get('NEMOCLAW_INFERENCE_INPUTS', 'text').split(',') if v.strip()] or ['text']; \
+_allowed_inference_inputs = {'text', 'image'}; \
+if any(v not in _allowed_inference_inputs for v in inference_inputs): \
+    raise ValueError('NEMOCLAW_INFERENCE_INPUTS must contain only: text,image'); \

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Dockerfile` at line 312, The current normalization of inference_inputs from
NEMOCLAW_INFERENCE_INPUTS should include an allowlist check and fail-fast
behavior: define a set of allowed modalities (e.g., ALLOWED_INFERENCE_INPUTS),
parse and strip the env var into inference_inputs (as currently done), compute
any_unknown = set(parsed_inputs) - ALLOWED_INFERENCE_INPUTS, and if any_unknown
is non-empty log an error and exit (non-zero) so a bad build arg like "audio"
cannot be baked into openclaw.json; update the code path where inference_inputs
is set (variable name inference_inputs and use of NEMOCLAW_INFERENCE_INPUTS) to
perform this validation before writing/openclaw.json.

test/onboard.test.ts (1)

840-867: Decouple malformed-input coverage from NEMOCLAW_BUILD_ID mutation path.

On Line 860, the test injects value into buildId. That mixes two validation surfaces and can hide the real failure cause. Keep buildId constant and assert the injection payload never lands in the Dockerfile.

Suggested patch

-        patchStagedDockerfile(
+        patchStagedDockerfile(
           dockerfilePath,
           "gpt-5.4",
           "http://127.0.0.1:18789",
-          `build-inputs-reject-${String(value)}`,
+          "build-inputs-reject",
           "openai-api",
         );
-        assert.match(
-          fs.readFileSync(dockerfilePath, "utf8"),
+        const patched = fs.readFileSync(dockerfilePath, "utf8");
+        assert.match(
+          patched,
           /^ARG NEMOCLAW_INFERENCE_INPUTS=text$/m,
           `value="${String(value)}" should not change the ARG default`,
         );
+        assert.doesNotMatch(patched, /RUN rm -rf/);

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/onboard.test.ts` around lines 840 - 867, The test is mixing malformed
NEMOCLAW_INFERENCE_INPUTS payloads with the buildId parameter which can mask
failures; change the loop so only process.env.NEMOCLAW_INFERENCE_INPUTS is
varied and pass a fixed buildId to patchStagedDockerfile (e.g.
"build-inputs-reject-const" or include the loop index only) instead of using
`value`, ensure you still call patchStagedDockerfile and assert the Dockerfile
retains `ARG NEMOCLAW_INFERENCE_INPUTS=text` and that the raw injection string
(the original `value`) does not appear in the Dockerfile to confirm the payload
never landed.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@Dockerfile`:
- Line 312: The current normalization of inference_inputs from
NEMOCLAW_INFERENCE_INPUTS should include an allowlist check and fail-fast
behavior: define a set of allowed modalities (e.g., ALLOWED_INFERENCE_INPUTS),
parse and strip the env var into inference_inputs (as currently done), compute
any_unknown = set(parsed_inputs) - ALLOWED_INFERENCE_INPUTS, and if any_unknown
is non-empty log an error and exit (non-zero) so a bad build arg like "audio"
cannot be baked into openclaw.json; update the code path where inference_inputs
is set (variable name inference_inputs and use of NEMOCLAW_INFERENCE_INPUTS) to
perform this validation before writing/openclaw.json.

In `@test/onboard.test.ts`:
- Around line 840-867: The test is mixing malformed NEMOCLAW_INFERENCE_INPUTS
payloads with the buildId parameter which can mask failures; change the loop so
only process.env.NEMOCLAW_INFERENCE_INPUTS is varied and pass a fixed buildId to
patchStagedDockerfile (e.g. "build-inputs-reject-const" or include the loop
index only) instead of using `value`, ensure you still call
patchStagedDockerfile and assert the Dockerfile retains `ARG
NEMOCLAW_INFERENCE_INPUTS=text` and that the raw injection string (the original
`value`) does not appear in the Dockerfile to confirm the payload never landed.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 10c36235-7409-46d4-863d-e7b0aeb3083a

📥 Commits

Reviewing files that changed from the base of the PR and between f9461b6 and c559d13.

📒 Files selected for processing (3)

• Dockerfile
• src/lib/onboard.ts
• test/onboard.test.ts

[jyaunches]

LGTM — CI green, follows the established ARG→ENV→Python→patchStagedDockerfile pattern, good test coverage. Approving to unblock downstream work on #2087 and #2306.