fix(onboard): preserve disabled channels through rebuild so channels start can recover

[laitingsheng]

Summary

nemoclaw <sandbox> channels start <name> reported success but left the bot offline whenever it ran after a channels stop <name> + rebuild. The stop path correctly disabled the bridge, but the subsequent rebuild silently dropped the channel from the registry's configured set, leaving a later channels start with nothing to re-enable.

Related Issue

Fixes #3381

Changes

• src/lib/onboard.ts: persist the operator's configured channel set on the new registry entry (input enabledChannels), not the post-disabled-filter activeMessagingChannels. disabledChannels remains the runtime modifier; the baked image and the gateway provider attachments still respect it.
• test/onboard.test.ts: regression test that drives createSandbox with disabledChannels: ["telegram"] already in the registry and asserts the new registerSandbox payload keeps messagingChannels: ["telegram"] while the Dockerfile build arg and --provider flags continue to exclude the disabled channel.

Type of Change

• Code change (feature, bug fix, or refactor)
• Code change with doc updates
• Doc only (prose changes, no code sample modifications)
• Doc only (includes code sample changes)

Verification

• npx prek run --all-files passes
• npm test passes
• Tests added or updated for new or changed behavior
• No secrets, API keys, or credentials committed
• Docs updated for user-facing behavior changes
• make docs builds without warnings (doc changes only)
• Doc pages follow the style guide (doc changes only)
• New doc pages include SPDX header and frontmatter (new pages only)

---

Signed-off-by: Tinson Lai tinsonl@nvidia.com

Summary by CodeRabbit

• Bug Fixes
  • Messaging channels you configure are now preserved when recreating a sandbox, allowing them to be re-enabled in subsequent rebuilds.
  • Disabled messaging channels no longer incorrectly prevent other sandboxes from using the same credential token.

[copy-pr-bot]

Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually.

Contributors can view more details about this message here.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 31530622-1d91-4cf1-a514-21c87fee0e33

📥 Commits

Reviewing files that changed from the base of the PR and between 65d8ce8 and 2408bc6.

📒 Files selected for processing (1)

• src/lib/onboard.ts

---

📝 Walkthrough

Walkthrough

The PR fixes issue #3381 by preserving the operator's configured messaging channels across sandbox recreate cycles. createSandbox now persists enabledChannels instead of activeMessagingChannels to the registry, and conflict detection is updated to exclude disabled channels from blocking other sandboxes or reporting overlaps.

Changes

Messaging channel persistence and conflict detection fix

Layer / File(s)	Summary
Registry channel persistence on recreate src/lib/onboard.ts, test/onboard.test.ts	createSandbox persists enabledChannels (deduplicated) instead of activeMessagingChannels, preserving disabled channels in the registry for later re-enablement. Integration test verifies the registry round-trips both messagingChannels and disabledChannels across a rebuild cycle.
Conflict detection respects disabled channels src/lib/messaging-conflict.ts, src/lib/messaging-conflict.test.ts	hasStoredChannel returns false when a channel is listed in disabledChannels, and findAllOverlaps skips disabled channels during indexing. Tests verify disabled channels do not trigger false conflicts or phantom overlaps, allowing other sandboxes to claim the same credentials.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 A hop, a skip, a channel's keep—
Through stop and start, the threads run deep!
Disabled yet remembered true,
Re-enable brings the bot anew! 🚀

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: preserving disabled channels through rebuild to enable recovery via channels start command.
Linked Issues check	✅ Passed	All code changes directly address issue #3381 by preserving operator-configured channels through rebuild and respecting disabled state in conflict detection.
Out of Scope Changes check	✅ Passed	All changes are scoped to fixing the disabled channels issue; no unrelated modifications outside the stated objectives.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/channels-start-after-stop

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

E2E Advisor Recommendation

Required E2E: None
Optional E2E: messaging-providers-e2e, token-rotation-e2e

Workflow run

Full advisor summary

Pi Semantic E2E Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

• None. The PR is a narrow persistence + filtering fix in lib code with substantive new unit tests covering both sides of the change (findChannelConflicts, findAllOverlaps, createSandbox registry write). It does not alter networking, credential handling, sandbox isolation, installer behavior, or inference routing — the user-visible payload is a corrected registry field and suppressed phantom warnings, which unit tests cover deterministically. Existing nightly E2Es (messaging-providers, token-rotation) provide confidence-level coverage but are not merge-blocking for this change.

Optional E2E

• messaging-providers-e2e (medium): Exercises the full Telegram/Discord/Slack provider + placeholder + L7-proxy chain after onboard, which is where the registry messagingChannels persistence lives. Useful regression confidence for the onboard.ts registry write change.
• token-rotation-e2e (medium): Re-runs onboard and rebuilds sandboxes with new messaging tokens, re-exercising the registry.registerSandbox call path (providerCredentialHashes, messagingChannels, disabledChannels) that this PR modifies.

New E2E recommendations

• sandbox-channels-lifecycle (medium): No existing E2E exercises the channels stop → sandbox rebuild → channels start recovery path that is the direct user-visible behavior fixed by [Messaging] Cannot start a channel after a stop #3381. The unit tests in this PR cover the registry-write semantics, but a live-gateway round-trip would catch regressions where rebuild silently drops the disabled channel or channels start cannot re-attach the bridge.
  • Suggested test: test/e2e/test-channels-stop-rebuild-start.sh — onboard a sandbox with telegram + discord, run nemoclaw <name> channels stop telegram, trigger a rebuild (e.g. via nemoclaw onboard with unchanged tokens), assert registry.messagingChannels still contains telegram and disabledChannels=['telegram'] and the telegram bridge provider is not attached, then run nemoclaw <name> channels start telegram and assert the bridge is reattached and receives the original token.
• messaging-channels (low): No existing E2E asserts that nemoclaw status does not report phantom overlap warnings across two sandboxes sharing a messaging token when one has stopped the channel. The unit test covers findAllOverlaps directly, but a status-command smoke would lock in the end-to-end UX fix.
  • Suggested test: Extend sandbox-operations-e2e or a new test/e2e/test-status-channel-overlap.sh: onboard two sandboxes sharing TELEGRAM_BOT_TOKEN, channels stop telegram on one, then assert nemoclaw status emits no matching-token/unknown-token overlap warning for telegram.

[sandl99]

Hi I am having this PR #3186, please make sure it won't override each others

[prekshivyas]

LGTM.

Solid two-sided fix:

1. onboard.ts now persists the operator's configured enabledChannels instead of the post-disabled-filter activeMessagingChannels, so a later channels start has something to re-enable after channels stop + rebuild.
2. messaging-conflict.ts skips disabledChannels in both hasStoredChannel and findAllOverlaps, which is necessary — without it the preservation would create phantom cross-sandbox token conflicts on paused channels.

The PR aligns one stale write site with the convention already used elsewhere (doctor.ts:374-380 filters disabledChannels; rebuild.ts:625-629 round-trips disabledChannels). Test coverage is thorough: registry preservation, dockerfile build arg, gateway provider attachment, and conflict detection all asserted.

Non-blocking follow-up worth a separate PR: verify-deployment.ts:167 (verifyMessagingBridges) and inventory/index.ts:415 don't yet subtract disabledChannels before checking provider presence — same pattern as doctor.ts would prevent a latent false-positive "missing telegram bridge" warning when verifyDeployment gets wired to a production command.

macos-e2e failure is test/cli.test.ts:1310 timeout preceded by daemon.json is malformed — unrelated to this PR's surface area (no macOS-specific or cli.test.ts changes). Worth a re-run before merge.

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 25747639368
Branch: fix/channels-start-after-stop
Requested jobs: messaging-providers-e2e,token-rotation-e2e
Summary: 2 passed, 0 failed, 0 skipped

Job	Result
messaging-providers-e2e	✅ success
token-rotation-e2e	✅ success

[jyaunches]

Targeted E2E validation requested by the E2E Advisor has passed.

Run: https://github.com/NVIDIA/NemoClaw/actions/runs/25747639368

Passed targeted jobs: messaging-providers-e2e, token-rotation-e2e

PR review can proceed with that E2E signal in mind.

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 25777076092
Branch: fix/channels-start-after-stop
Requested jobs: messaging-providers-e2e
Summary: 1 passed, 0 failed, 0 skipped

Job	Result
messaging-providers-e2e	✅ success

[ericksoa]

Reviewed current head 2408bc6. The fix is scoped to preserving disabled messaging-channel registry state through rebuilds and filtering disabled channels out of conflict reporting. Checks are green, and a fresh messaging-providers-e2e run passed on this head.