fix(onboard): honor navigation at credential prompts

[yimoj]

Summary

Provider credential prompts now classify back, exit, and quit as onboarding navigation instead of staging them as API keys. This lets users recover from OpenAI, Anthropic, Gemini, compatible endpoint, Model Router, NVIDIA/NGC, Hermes Nous, and Bedrock-compatible secret prompts without restarting onboarding.

Related Issue

Fixes #3697

Changes

• Added shared credential prompt intent parsing so secret prompts can return credential, back, or exit intents.
• Routed back/exit intents through onboarding provider selection, validation recovery, NVIDIA API key setup, NGC key setup, Model Router credentials, Hermes Nous credentials, and Bedrock-compatible endpoint setup.
• Extracted provider credential navigation helpers into src/lib/onboard/credential-navigation.ts so src/lib/onboard.ts remains net smaller for the entrypoint budget.
• Added focused credential and onboard provider-selection tests covering back navigation at the affected secret prompt families.

Type of Change

• Code change (feature, bug fix, or refactor)
• Code change with doc updates
• Doc only (prose changes, no code sample modifications)
• Doc only (includes code sample changes)

Verification

• npx prek run --all-files passes
• npm test passes
• Tests added or updated for new or changed behavior
• No secrets, API keys, or credentials committed
• Docs updated for user-facing behavior changes
• make docs builds without warnings (doc changes only)
• Doc pages follow the style guide (doc changes only)
• New doc pages include SPDX header and frontmatter (new pages only)

Additional verification run:

• npm run build:cli passes with local Node 22.
• npx vitest run --project cli test/credentials.test.ts test/onboard-selection.test.ts src/lib/onboard/bedrock-runtime.test.ts passes with local Node 22.
• npm run typecheck:cli passes with local Node 22.
• npm run lint passes; existing warning remains in src/lib/onboard/child-exit-tracker.test.ts.
• cd nemoclaw && npm install && npm run build && npm test passes with local Node 22.
• git diff --check passes.
• git diff upstream/main --numstat -- src/lib/onboard.ts reports 76 85, so the onboard entrypoint is net -9 lines.
• codex review -c sandbox_mode="danger-full-access" --uncommitted reported no blocking correctness findings before the initial commit and again after the credential-navigation extraction.

Broad run notes:

• Isolated npm test -- --project cli failed on unrelated environment/timeouts and shared-state-sensitive tests; the touched focused tests passed in that run.
• npx prek run --all-files before the extraction reached the broad CLI coverage hook and failed with unrelated oclif help/dispatch timeouts plus test/fetch-guard-patch-regression.test.ts:86; the changed credential/onboard tests passed during that run.

---

Signed-off-by: Yimo Jiang yimoj@nvidia.com

Summary by CodeRabbit

• New Features

  • Credential prompts recognize case-insensitive "back"/"exit"/"quit" and "help"; help shows guidance and re-prompts. Onboarding and model-selection flows uniformly support returning to provider selection.

• Bug Fixes

  • API/key entry now normalizes, validates, stages, and saves keys reliably; backing out or exiting leaves env unset and avoids saving partial secrets.

• Tests

  • Added unit and interactive tests covering back/exit/help navigation, secret masking, and onboarding flows.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Masked credential prompts now classify navigation inputs (back/exit/help) before staging. A BACK_TO_SELECTION sentinel and createCredentialPromptHelpers centralize prompt behavior; onboarding and model-prompt flows were updated to propagate back/exit, and tests/harnesses verify masked-prompt back/exit handling across providers.

Changes

Credential Prompt Intent Navigation

Layer / File(s)	Summary
Credential intent types and prompt helpers src/lib/credentials/store.ts, scripts/dev-tier-selector.js	CredentialPromptIntent union, getCredentialPromptIntent(), readCredentialPrompt(), and ensureApiKey() now return navigation-aware intents; dev stub returns a mocked credential.
Back sentinel and guard src/lib/navigation.ts	Adds BACK_TO_SELECTION sentinel and isBackToSelection() type guard.
Model prompt back-sentinel propagation src/lib/inference/model-prompts.ts	Re-export BackToSelection, add `ModelPromptResult = string
Credential navigation library (createCredentialPromptHelpers) src/lib/onboard/credential-navigation.ts	Centralized navigation parsing, readCredentialValue, replaceNamedCredential, ensureNamedCredential, shouldReturnToProviderSelection, and createCredentialPromptHelpers.
Onboard wiring and flow integration src/lib/onboard.ts	Import BACK_TO_SELECTION and create credentialPrompt with exitOnboardFromPrompt(); replace local navigation parsing and wire standardized back/exit handling across providers and model pickers; normalize final model return to null when backed out.
Bedrock runtime: option types and tests src/lib/onboard/bedrock-runtime.ts, src/lib/onboard/bedrock-runtime.test.ts	Retype options to accept BackToSelection, await credential replacement results, return { action: "retry-selection" } when back sentinel is returned, and add unit test for back path.
Unit and integration tests for back/exit at credential prompts test/credentials.test.ts, test/onboard-selection.test.ts, test/onboard-brave-validation.test.ts	Unit test for readCredentialPrompt classification; spawn-based ensureApiKey integration tests for back/exit; reusable CredentialBackScenario harness and multi-provider interactive coverage for secret prompts.

Sequence Diagram

sequenceDiagram
  participant User
  participant Prompt as readCredentialPrompt()
  participant CredStore as src/lib/credentials/store.ts
  participant CredNav as src/lib/onboard/credential-navigation.ts
  participant Onboard as src/lib/onboard.ts
  participant Env as process.env / credentials.saveCredential
  User->>Prompt: enter masked input
  Prompt->>CredStore: getCredentialPromptIntent(value)
  CredStore->>CredNav: intent ({credential, back, exit, help})
  CredNav->>Onboard: return BACK_TO_SELECTION / call exitOnboardFromPrompt() when exit
  CredNav->>Onboard: return credential value when kind="credential"
  Onboard->>Env: stage/save credential when credential returned

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• NVIDIA/NemoClaw#3767: Modifies Bedrock runtime onboarding and backToSelection handling; closely related to bedrock runtime option changes in this PR.

Suggested labels

status: rfr

Suggested reviewers

• jyaunches
• ericksoa

🐇 I hopped through prompts both masked and bright,

typed "back" and found the path made right.
Now "exit" is heard, not saved as a key,
the wizard steps back and sets us free.
A tiny hop — onboarding's light.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 13.16% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix(onboard): honor navigation at credential prompts' directly and specifically summarizes the main change: enabling back/exit/help navigation keywords at credential prompts during onboarding.
Linked Issues check	✅ Passed	The PR fully addresses issue #3697 by treating back/exit/help/? as navigation intents at masked credential prompts [#3697], implementing shared parsing [CredentialPromptIntent], routing navigation through selection/recovery flows, and adding comprehensive tests.
Out of Scope Changes check	✅ Passed	All changes are scoped to credential navigation handling: new intent types, credential prompt parsing, navigation routing in onboarding flows, credential helper utilities, and focused tests—no unrelated modifications detected.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/lib/onboard.ts`:
- Around line 1396-1406: Move the two helper functions
getCredentialPromptNavigation and printReturningToProviderSelection plus any
duplicated "back"/"exit" routing branches out of src/lib/onboard.ts into a new
module under src/lib/onboard/ (e.g., src/lib/onboard/credentialNavigation.ts),
export the helpers, and update onboard.ts to import and call them so onboard.ts
remains the orchestration layer and its line count is reduced; ensure the
exported names match getCredentialPromptNavigation and
printReturningToProviderSelection and replace all in-file usages of the inline
logic with the imported functions.

In `@test/onboard-selection.test.ts`:
- Around line 190-199: The clearCredentialEnv array used to hermetically clear
credentials in the back-navigation harness is missing the NGC_API_KEY for the
Local NIM scenario; update the clearCredentialEnv constant (the array named
clearCredentialEnv in onboard-selection.test.ts) to include "NGC_API_KEY" so the
test clears that environment variable as well and prevents host env leakage.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 721d948a-80aa-44e8-bced-8c8dc200a4f1

📥 Commits

Reviewing files that changed from the base of the PR and between 11b1937 and 431325e.

📒 Files selected for processing (6)

• src/lib/credentials/store.ts
• src/lib/onboard.ts
• src/lib/onboard/bedrock-runtime.test.ts
• src/lib/onboard/bedrock-runtime.ts
• test/credentials.test.ts
• test/onboard-selection.test.ts

[coderabbitai]

🧹 Nitpick comments (3)

src/lib/onboard/bedrock-runtime.ts (1)

89-96: Run the Bedrock-compatible Anthropic E2E job before merge.

This branch touches the Bedrock Runtime compatible onboarding path; running the targeted E2E is a good final guard for sandbox-route behavior.

As per coding guidelines "src/lib/onboard/bedrock-runtime.ts: This file is part of the Bedrock Runtime compatible Anthropic endpoint path... E2E test recommendation: bedrock-runtime-compatible-anthropic-e2e."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/onboard/bedrock-runtime.ts` around lines 89 - 96, This change affects
the Bedrock Runtime onboarding path around replaceNamedCredential in
src/lib/onboard/bedrock-runtime.ts (the block that calls
options.replaceNamedCredential and returns { action: "retry-selection" }), so
before merging run the targeted end-to-end test suite named
bedrock-runtime-compatible-anthropic-e2e to validate sandbox-route and
Anthropic-compatible Bedrock behavior; if the E2E fails, iterate on the
onboarding flow (especially the replaceNamedCredential handling and
retry-selection branch) until the E2E passes.

src/lib/onboard.ts (1)

6620-6621: Spot-run the onboarding E2Es that cover remote-provider and Bedrock paths.

This change now threads credential navigation through the shared provider-selection loop and the Bedrock-compatible endpoint adapter, so I’d sanity-check cloud-e2e and bedrock-runtime-compatible-anthropic-e2e before merge.

As per coding guidelines: src/lib/onboard.ts: "This file contains core onboarding logic. Changes here affect the full sandbox creation and configuration flow."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/onboard.ts` around lines 6620 - 6621, Run the E2E suites that
exercise the remote-provider and Bedrock code paths (specifically run the
cloud-e2e and bedrock-runtime-compatible-anthropic-e2e tests) to validate the
credential navigation changes in src/lib/onboard.ts; focus your checks on the
provider-selection loop and the Bedrock endpoint adapter where
credentialPrompt.replaceNamedCredential is threaded, confirming that providers
are selectable, credentials are persisted/updated correctly, and
Bedrock-compatible endpoints are invoked without errors or regressions.

src/lib/onboard/credential-navigation.ts (1)

4-4: ⚡ Quick win

Use ES6 import instead of require() for consistency with codebase conventions.

This file uses require() with a type annotation instead of an ES6 import statement. There is no circular dependency justifying this pattern—credentials/store.ts does not reference this file. Other files in the src/lib/onboard/ directory use ES6 imports (e.g., wechat-config.ts), and the codebase predominantly follows this standard.

Convert to:

import * as credentials from "../credentials/store";

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/onboard/credential-navigation.ts` at line 4, Replace the CommonJS
require with an ES6 namespace import: remove the typed require assignment that
declares the variable credentials and instead import the credentials store using
an ES6 import into the same credentials identifier (i.e., use a namespace import
of the credentials store module so other code referencing credentials continues
to work); ensure you remove the type-on-require pattern and keep the module's
exported types available via the credentials symbol.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/lib/onboard.ts`:
- Around line 6620-6621: Run the E2E suites that exercise the remote-provider
and Bedrock code paths (specifically run the cloud-e2e and
bedrock-runtime-compatible-anthropic-e2e tests) to validate the credential
navigation changes in src/lib/onboard.ts; focus your checks on the
provider-selection loop and the Bedrock endpoint adapter where
credentialPrompt.replaceNamedCredential is threaded, confirming that providers
are selectable, credentials are persisted/updated correctly, and
Bedrock-compatible endpoints are invoked without errors or regressions.

In `@src/lib/onboard/bedrock-runtime.ts`:
- Around line 89-96: This change affects the Bedrock Runtime onboarding path
around replaceNamedCredential in src/lib/onboard/bedrock-runtime.ts (the block
that calls options.replaceNamedCredential and returns { action:
"retry-selection" }), so before merging run the targeted end-to-end test suite
named bedrock-runtime-compatible-anthropic-e2e to validate sandbox-route and
Anthropic-compatible Bedrock behavior; if the E2E fails, iterate on the
onboarding flow (especially the replaceNamedCredential handling and
retry-selection branch) until the E2E passes.

In `@src/lib/onboard/credential-navigation.ts`:
- Line 4: Replace the CommonJS require with an ES6 namespace import: remove the
typed require assignment that declares the variable credentials and instead
import the credentials store using an ES6 import into the same credentials
identifier (i.e., use a namespace import of the credentials store module so
other code referencing credentials continues to work); ensure you remove the
type-on-require pattern and keep the module's exported types available via the
credentials symbol.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: ed6492ef-f4d7-4360-a01f-2de7373459b6

📥 Commits

Reviewing files that changed from the base of the PR and between 431325e and f8f1509.

📒 Files selected for processing (7)

• src/lib/credentials/store.ts
• src/lib/onboard.ts
• src/lib/onboard/bedrock-runtime.test.ts
• src/lib/onboard/bedrock-runtime.ts
• src/lib/onboard/credential-navigation.ts
• test/credentials.test.ts
• test/onboard-selection.test.ts

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

test/onboard-selection.test.ts (1)

3767-3827: ⚡ Quick win

Cover the provider-level exit path too.

These scenarios only exercise back, but this PR also changes how { kind: "exit" } is routed through the same credential branches. A branch that accidentally maps exit to “return to provider selection” would still pass here. Extending the scenario shape with the expected terminal intent/result and adding at least one exit case would close that gap.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/onboard-selection.test.ts` around lines 3767 - 3827, The test data in
secretCredentialBackScenarios only covers the "back" intent so it misses
provider-level "exit" routing; extend the scenario shape (used by
runCredentialBackScenario) to include an expected terminal intent/result field
(e.g., expectedFinalIntent or expectedResult) and add at least one scenario with
answers that include the { kind: "exit" } flow, then update
runCredentialBackScenario to assert the scenario.expectedResult is reached (or
that the provider selection/termination behavior occurs) so the test ensures
exit is routed to the correct terminal path rather than being treated as a
back-to-provider selection.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/lib/onboard/credential-navigation.ts`:
- Around line 6-7: Replace the string sentinel BACK_TO_SELECTION with a
non-string sentinel (e.g., a Symbol or a uniquely tagged object) so real
credentials cannot collide with navigation state; update all uses of
BACK_TO_SELECTION (references in replaceNamedCredential, ensureNamedCredential
and any comparisons) to check identity (===) against the new sentinel and to
treat it as the navigation marker, and adjust any type BackToSelection
accordingly (use typeof or a specific union type) so TypeScript types and
consumers still compile and behavior remains the same.

---

Nitpick comments:
In `@test/onboard-selection.test.ts`:
- Around line 3767-3827: The test data in secretCredentialBackScenarios only
covers the "back" intent so it misses provider-level "exit" routing; extend the
scenario shape (used by runCredentialBackScenario) to include an expected
terminal intent/result field (e.g., expectedFinalIntent or expectedResult) and
add at least one scenario with answers that include the { kind: "exit" } flow,
then update runCredentialBackScenario to assert the scenario.expectedResult is
reached (or that the provider selection/termination behavior occurs) so the test
ensures exit is routed to the correct terminal path rather than being treated as
a back-to-provider selection.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 659238d8-66be-4f5e-8e3f-6395ff7b3fb0

📥 Commits

Reviewing files that changed from the base of the PR and between f8f1509 and fa60270.

📒 Files selected for processing (7)

• src/lib/credentials/store.ts
• src/lib/onboard.ts
• src/lib/onboard/bedrock-runtime.test.ts
• src/lib/onboard/bedrock-runtime.ts
• src/lib/onboard/credential-navigation.ts
• test/credentials.test.ts
• test/onboard-selection.test.ts

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/onboard-selection.test.ts`:
- Around line 190-204: The child-process env scrubber currently only deletes
credential keys (the clearCredentialEnv array); add the onboarding-control keys
"NEMOCLAW_NON_INTERACTIVE", "NEMOCLAW_PROVIDER", "NEMOCLAW_MODEL",
"NEMOCLAW_YES", and "NEMOCLAW_PREFERRED_API" to that array so spawned tests
cannot short‑circuit prompts used by setupNim(), and apply the identical
scrubber in the standalone OpenAI back-navigation child script before it
requires/loads onboard.js to ensure those env vars are cleared in all relevant
child processes.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 801365b9-6b8a-40ac-8b48-f9ed194b49b1

📥 Commits

Reviewing files that changed from the base of the PR and between fa60270 and b72d42a.

📒 Files selected for processing (8)

• scripts/dev-tier-selector.js
• src/lib/credentials/store.ts
• src/lib/onboard.ts
• src/lib/onboard/bedrock-runtime.test.ts
• src/lib/onboard/bedrock-runtime.ts
• src/lib/onboard/credential-navigation.ts
• test/credentials.test.ts
• test/onboard-selection.test.ts

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (3)

src/lib/onboard/credential-navigation.ts (1)

14-21: 💤 Low value

Minor redundancy with getCredentialPromptIntent in store.ts.

This function duplicates the navigation keyword detection logic from getCredentialPromptIntent. Consider whether this could be consolidated, or document why both are needed (one operates on raw strings for non-credential prompts, the other on credential prompt results).

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/onboard/credential-navigation.ts` around lines 14 - 21,
getNavigationChoice duplicates logic already implemented in
getCredentialPromptIntent; consolidate to avoid redundancy by extracting the
shared normalization + keyword checks into a single utility (e.g., a new
function like normalizeAndDetectNavigation or move detection into
getCredentialPromptIntent and have getNavigationChoice call it) and update both
call sites to use the shared helper, or if you intentionally need two separate
functions, add a brief comment above getNavigationChoice referencing
getCredentialPromptIntent and explaining why both exist (one for raw string
inputs, the other for credential-prompt result types). Ensure you reference the
existing symbols getNavigationChoice and getCredentialPromptIntent when making
the change so callers are updated accordingly.

src/lib/onboard.ts (1)

1398-1399: Run the onboarding E2Es before merge.

This changes the shared credential-navigation entry point for core onboarding, so I’d smoke the provider-selection, compatible-endpoint, Bedrock-compatible Anthropic, and Hermes messaging E2Es on this branch before merging.

As per coding guidelines: src/lib/onboard.ts: E2E test recommendation: cloud-e2e ... messaging-compatible-endpoint-e2e ... bedrock-runtime-compatible-anthropic-e2e ... hermes-discord-e2e ... hermes-slack-e2e.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/onboard.ts` around lines 1398 - 1399, This change alters the shared
credential-navigation entry point (createCredentialPromptHelpers in
src/lib/onboard.ts), so before merging run the full set of onboarding E2E
suites: cloud-e2e, messaging-compatible-endpoint-e2e,
bedrock-runtime-compatible-anthropic-e2e, hermes-discord-e2e and
hermes-slack-e2e; if any fail, fix the onboarding flow around
createCredentialPromptHelpers/exitOnboardFromPrompt to ensure
provider-selection, compatible-endpoint checks, Bedrock Anthropic compatibility,
and Hermes messaging flows behave correctly, then re-run the listed E2Es until
all pass.

src/lib/onboard/bedrock-runtime.ts (1)

58-114: Run the targeted Bedrock-compatible Anthropic E2E lane for this path.

This change touches Bedrock-compatible onboarding/back-navigation behavior; please run:
gh workflow run nightly-e2e.yaml --ref <branch> -f jobs=bedrock-runtime-compatible-anthropic-e2e

As per coding guidelines: src/lib/onboard/bedrock-runtime.ts changes should run the bedrock-runtime-compatible-anthropic-e2e recommendation.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/onboard/bedrock-runtime.ts` around lines 58 - 114, Changes in
selectBedrockRuntimeCustomAnthropic (src/lib/onboard/bedrock-runtime.ts) affect
Bedrock-compatible Anthropic onboarding/back-navigation behavior; trigger the
nightly E2E job for that lane by running the GitHub Actions workflow with the
bedrock-runtime-compatible-anthropic-e2e job: run `gh workflow run
nightly-e2e.yaml --ref <branch> -f
jobs=bedrock-runtime-compatible-anthropic-e2e` and verify the end-to-end tests
for this code path pass.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/onboard-selection.test.ts`:
- Around line 296-305: The spawnSync call that creates `result` when executing
`process.execPath` should include a timeout option to prevent synchronous child
processes from hanging indefinitely; update the spawnSync invocation(s) (the one
assigning `result` and the other occurrence around the later block) to pass a
sensible `timeout` (e.g., a few seconds or a CI-appropriate value) in the
options object (and optionally add `killSignal`/`cwd`/`encoding` consistency if
needed) so the child is automatically terminated on timeout; locate the calls by
searching for `spawnSync(process.execPath, [scriptPath], {` and add the timeout
key to the options.
- Around line 3764-3834: The test must assert the OpenAI "back" choice was never
staged as a credential: stub or wrap credentials.saveCredential (the same
credentials object used in the script) to record saved key/value pairs before
calling setupNim, then after parsing payload ensure no saved value equals "back"
(e.g., assert savedEntries.every(e => e.value !== "back")). This uses the
existing credentials.saveCredential stub, the setupNim call, and the test's
payload/result to locate where to add the recording and the final assertion.

---

Nitpick comments:
In `@src/lib/onboard.ts`:
- Around line 1398-1399: This change alters the shared credential-navigation
entry point (createCredentialPromptHelpers in src/lib/onboard.ts), so before
merging run the full set of onboarding E2E suites: cloud-e2e,
messaging-compatible-endpoint-e2e, bedrock-runtime-compatible-anthropic-e2e,
hermes-discord-e2e and hermes-slack-e2e; if any fail, fix the onboarding flow
around createCredentialPromptHelpers/exitOnboardFromPrompt to ensure
provider-selection, compatible-endpoint checks, Bedrock Anthropic compatibility,
and Hermes messaging flows behave correctly, then re-run the listed E2Es until
all pass.

In `@src/lib/onboard/bedrock-runtime.ts`:
- Around line 58-114: Changes in selectBedrockRuntimeCustomAnthropic
(src/lib/onboard/bedrock-runtime.ts) affect Bedrock-compatible Anthropic
onboarding/back-navigation behavior; trigger the nightly E2E job for that lane
by running the GitHub Actions workflow with the
bedrock-runtime-compatible-anthropic-e2e job: run `gh workflow run
nightly-e2e.yaml --ref <branch> -f
jobs=bedrock-runtime-compatible-anthropic-e2e` and verify the end-to-end tests
for this code path pass.

In `@src/lib/onboard/credential-navigation.ts`:
- Around line 14-21: getNavigationChoice duplicates logic already implemented in
getCredentialPromptIntent; consolidate to avoid redundancy by extracting the
shared normalization + keyword checks into a single utility (e.g., a new
function like normalizeAndDetectNavigation or move detection into
getCredentialPromptIntent and have getNavigationChoice call it) and update both
call sites to use the shared helper, or if you intentionally need two separate
functions, add a brief comment above getNavigationChoice referencing
getCredentialPromptIntent and explaining why both exist (one for raw string
inputs, the other for credential-prompt result types). Ensure you reference the
existing symbols getNavigationChoice and getCredentialPromptIntent when making
the change so callers are updated accordingly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: b457548b-6e94-471f-b35f-4f3641fb547e

📥 Commits

Reviewing files that changed from the base of the PR and between b72d42a and ab125b3.

📒 Files selected for processing (10)

• scripts/dev-tier-selector.js
• src/lib/credentials/store.ts
• src/lib/inference/model-prompts.ts
• src/lib/navigation.ts
• src/lib/onboard.ts
• src/lib/onboard/bedrock-runtime.test.ts
• src/lib/onboard/bedrock-runtime.ts
• src/lib/onboard/credential-navigation.ts
• test/credentials.test.ts
• test/onboard-selection.test.ts

[yimoj]

@coderabbitai resume

[coderabbitai]

✅ Actions performed

Reviews resumed.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/lib/onboard.ts`:
- Line 1398: promptBraveSearchApiKey currently uses a raw secret prompt and
doesn't respect navigation commands; update it to use the shared
credentialPrompt helper returned by
createCredentialPromptHelpers(exitOnboardFromPrompt) by calling
credentialPrompt.readValue (or the appropriate read method on credentialPrompt)
instead of the raw secret prompt so that 'back'/'exit' input is handled
consistently; locate promptBraveSearchApiKey and replace its direct secret-read
logic with the credentialPrompt API, preserving masking and error handling.

In `@test/onboard-selection.test.ts`:
- Around line 199-205: The environment scrubber arrays used for child-process
onboarding (notably the clearOnboardControlEnv array) are missing
NEMOCLAW_EXPERIMENTAL which can leak parent-shell state; add
"NEMOCLAW_EXPERIMENTAL" to the clearOnboardControlEnv definition and the
equivalent scrubber used later (the second occurrence around the standalone
OpenAI script) so both child-process scrubbers remove that variable before
spawning processes (update the arrays referenced by clearOnboardControlEnv and
the standalone OpenAI script's scrubber).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: c77575cb-014b-4a45-8770-09cfc6d015df

📥 Commits

Reviewing files that changed from the base of the PR and between b72d42a and a87c40b.

📒 Files selected for processing (10)

• scripts/dev-tier-selector.js
• src/lib/credentials/store.ts
• src/lib/inference/model-prompts.ts
• src/lib/navigation.ts
• src/lib/onboard.ts
• src/lib/onboard/bedrock-runtime.test.ts
• src/lib/onboard/bedrock-runtime.ts
• src/lib/onboard/credential-navigation.ts
• test/credentials.test.ts
• test/onboard-selection.test.ts

✅ Files skipped from review due to trivial changes (1)

• scripts/dev-tier-selector.js

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

src/lib/onboard/bedrock-runtime.ts (1)

58-114: Run the Bedrock-compatible Anthropic E2E for this path.

Given this file’s runtime role, run bedrock-runtime-compatible-anthropic-e2e to validate adapter/token isolation and sandbox-route behavior after these navigation-contract changes.

As per coding guidelines, src/lib/onboard/bedrock-runtime.ts changes affect the Bedrock Runtime compatible Anthropic path and should be validated with bedrock-runtime-compatible-anthropic-e2e.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/onboard/bedrock-runtime.ts` around lines 58 - 114, The PR changes
affect the Bedrock-compatible Anthropic path in
selectBedrockRuntimeCustomAnthropic; run the
bedrock-runtime-compatible-anthropic-e2e end-to-end test to validate
adapter/token isolation and sandbox-route behavior after the navigation-contract
changes—execute that test suite locally or in CI, verify
selectBedrockRuntimeCustomAnthropic flows (credential replacement, prompt
fallback, and preferredInferenceApi) behave correctly, and fix any failures
found (e.g., adjust credentialEnv handling or backToSelection returns) until the
E2E passes.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/lib/onboard.ts`:
- Line 6072: The loop re-uses outer setupNim() state causing stale provider
metadata and a null model when users hit a "back" path; before re-entering
selectionLoop you must reset the per-attempt selection state (e.g., reinitialize
the local variables like model, any provider-specific selection objects or flags
that selectionLoop expects) so setupNim() runs with a clean slate. Locate the
declarations around model (let model: string | typeof BACK_TO_SELECTION | null =
null) and any related selection state used by selectionLoop/setupNim(), and
reassign them to their initial values each time you take the “back” path so
selectionLoop/setupNim() cannot observe stale state. Ensure the same reset is
applied at the other noted sites (around the ranges referenced) where back paths
re-enter selectionLoop.

---

Nitpick comments:
In `@src/lib/onboard/bedrock-runtime.ts`:
- Around line 58-114: The PR changes affect the Bedrock-compatible Anthropic
path in selectBedrockRuntimeCustomAnthropic; run the
bedrock-runtime-compatible-anthropic-e2e end-to-end test to validate
adapter/token isolation and sandbox-route behavior after the navigation-contract
changes—execute that test suite locally or in CI, verify
selectBedrockRuntimeCustomAnthropic flows (credential replacement, prompt
fallback, and preferredInferenceApi) behave correctly, and fix any failures
found (e.g., adjust credentialEnv handling or backToSelection returns) until the
E2E passes.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: dcc43411-db4e-4ed2-9ee7-25425a94a0b5

📥 Commits

Reviewing files that changed from the base of the PR and between a87c40b and 8674a90.

📒 Files selected for processing (11)

• scripts/dev-tier-selector.js
• src/lib/credentials/store.ts
• src/lib/inference/model-prompts.ts
• src/lib/navigation.ts
• src/lib/onboard.ts
• src/lib/onboard/bedrock-runtime.test.ts
• src/lib/onboard/bedrock-runtime.ts
• src/lib/onboard/credential-navigation.ts
• test/credentials.test.ts
• test/onboard-brave-validation.test.ts
• test/onboard-selection.test.ts

[coderabbitai]

🧹 Nitpick comments (1)

src/lib/onboard/bedrock-runtime.ts (1)

94-113: Run the Bedrock-compatible Anthropic E2E job before merge.

This edit touches credential/back navigation in the Bedrock-compatible onboarding path; a targeted E2E run is a good safety check for endpoint classification and adapter flow regressions.

As per coding guidelines: src/lib/onboard/bedrock-runtime.ts changes should run bedrock-runtime-compatible-anthropic-e2e.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/onboard/bedrock-runtime.ts` around lines 94 - 113, This change
touches the Bedrock-compatible onboarding flow (see calls to
options.replaceNamedCredential, options.promptInputModel and the return path
that sets preferredInferenceApi to "openai-completions"); before merging, run
the targeted end-to-end test suite bedrock-runtime-compatible-anthropic-e2e to
validate endpoint classification and adapter flow behavior for
Bedrock-compatible Anthropic paths and ensure no regressions in
credential/back-navigation or model selection flows; if the test fails, fix the
flow (credentialResult/backToSelection handling or model type checks) until the
E2E passes.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/lib/onboard/bedrock-runtime.ts`:
- Around line 94-113: This change touches the Bedrock-compatible onboarding flow
(see calls to options.replaceNamedCredential, options.promptInputModel and the
return path that sets preferredInferenceApi to "openai-completions"); before
merging, run the targeted end-to-end test suite
bedrock-runtime-compatible-anthropic-e2e to validate endpoint classification and
adapter flow behavior for Bedrock-compatible Anthropic paths and ensure no
regressions in credential/back-navigation or model selection flows; if the test
fails, fix the flow (credentialResult/backToSelection handling or model type
checks) until the E2E passes.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 88947ce0-6080-4881-a47c-eefbc26d0ddd

📥 Commits

Reviewing files that changed from the base of the PR and between 8674a90 and e4e4132.

📒 Files selected for processing (11)

• scripts/dev-tier-selector.js
• src/lib/credentials/store.ts
• src/lib/inference/model-prompts.ts
• src/lib/navigation.ts
• src/lib/onboard.ts
• src/lib/onboard/bedrock-runtime.test.ts
• src/lib/onboard/bedrock-runtime.ts
• src/lib/onboard/credential-navigation.ts
• test/credentials.test.ts
• test/onboard-brave-validation.test.ts
• test/onboard-selection.test.ts

✅ Files skipped from review due to trivial changes (1)

• scripts/dev-tier-selector.js

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

src/lib/onboard.ts (1)

275-281: ⚡ Quick win

Remove the unused printReturningToProviderSelection import.

printReturningToProviderSelection is never referenced in this file, so it leaves a static-analysis warning on the new onboarding path for no benefit.

♻️ Proposed fix

 const {
   BACK_TO_SELECTION,
   createCredentialPromptHelpers,
   getNavigationChoice,
   isBackToSelection,
-  printReturningToProviderSelection,
 } = credentialNavigation;

As per coding guidelines: **/*.{js,ts,tsx,jsx}: "Unused variables should be prefixed with underscore (_) following Biome conventions".

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/onboard.ts` around lines 275 - 281, The destructured import
printReturningToProviderSelection from credentialNavigation is unused and
causing a lint warning; remove it from the destructuring list (leaving
BACK_TO_SELECTION, createCredentialPromptHelpers, getNavigationChoice,
isBackToSelection) or, if you prefer to signal intentional unusedness, rename it
to _printReturningToProviderSelection to follow the Biome convention; update the
destructuring in the credentialNavigation import/const accordingly.

src/lib/onboard/bedrock-runtime.ts (1)

58-114: Please run the Bedrock-compatible Anthropic E2E job before merge.

This path now handles back-sentinel propagation in credential/model selection, so validating adapter startup/isolation and inference.local routing in the targeted E2E is worth doing for release confidence.

As per coding guidelines, src/lib/onboard/bedrock-runtime.ts changes should run bedrock-runtime-compatible-anthropic-e2e.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/onboard/bedrock-runtime.ts` around lines 58 - 114, The change to
selectBedrockRuntimeCustomAnthropic (and related flows using
classifyCustomAnthropicEndpoint, replaceNamedCredential and promptInputModel)
requires running the bedrock-runtime-compatible-anthropic-e2e job before
merging; run that E2E, verify adapter startup/isolation, credential/model
back-sentinel behavior, and confirm routing for inference.local and
openai-completions is correct, then only merge once the E2E passes and any
failures are fixed.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/lib/credentials/store.ts`:
- Around line 133-138: The getCredentialPromptIntent function currently treats
"?" and "help" as credentials; update it so after computing normalized =
normalizeCredentialValue(value) and navigation = normalized.toLowerCase() you
explicitly handle help tokens (e.g. navigation === "?" or navigation === "help")
by returning a control intent (for example { kind: "help" }) instead of { kind:
"credential" }, so these inputs are recognized as help/navigation and won't be
passed to saveCredential(); adjust callers if they expect a new intent kind.

In `@test/onboard-selection.test.ts`:
- Around line 223-226: The test mutates process.env.NVIDIA_API_KEY inside
credentials.ensureApiKey (credentials.ensureApiKey = async () => {
process.env.NVIDIA_API_KEY = "nvapi-good"; ... }) and skips final cleanup
assertions, allowing a staged `"back"` value to pass without going through
saveCredential(); change the fallback path so the Model Router does not reuse
NVIDIA_API_KEY by routing staged/fallback credentials to a different env
variable or a dedicated mock provider, and/or snapshot/assert
process.env.NVIDIA_API_KEY before the fallback selection runs and
restore/validate it after; update references in this test to stop writing
directly to process.env.NVIDIA_API_KEY in credentials.ensureApiKey and ensure
saveCredential() is exercised (or that the fallback provider does not set
NVIDIA_API_KEY) and add the corresponding final assertion to verify
NVIDIA_API_KEY was not left with a staged value.

---

Nitpick comments:
In `@src/lib/onboard.ts`:
- Around line 275-281: The destructured import printReturningToProviderSelection
from credentialNavigation is unused and causing a lint warning; remove it from
the destructuring list (leaving BACK_TO_SELECTION,
createCredentialPromptHelpers, getNavigationChoice, isBackToSelection) or, if
you prefer to signal intentional unusedness, rename it to
_printReturningToProviderSelection to follow the Biome convention; update the
destructuring in the credentialNavigation import/const accordingly.

In `@src/lib/onboard/bedrock-runtime.ts`:
- Around line 58-114: The change to selectBedrockRuntimeCustomAnthropic (and
related flows using classifyCustomAnthropicEndpoint, replaceNamedCredential and
promptInputModel) requires running the bedrock-runtime-compatible-anthropic-e2e
job before merging; run that E2E, verify adapter startup/isolation,
credential/model back-sentinel behavior, and confirm routing for inference.local
and openai-completions is correct, then only merge once the E2E passes and any
failures are fixed.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 176a65ff-4620-4b2b-9ffd-1d449eee3417

📥 Commits

Reviewing files that changed from the base of the PR and between e4e4132 and 35b9ab4.

📒 Files selected for processing (11)

• scripts/dev-tier-selector.js
• src/lib/credentials/store.ts
• src/lib/inference/model-prompts.ts
• src/lib/navigation.ts
• src/lib/onboard.ts
• src/lib/onboard/bedrock-runtime.test.ts
• src/lib/onboard/bedrock-runtime.ts
• src/lib/onboard/credential-navigation.ts
• test/credentials.test.ts
• test/onboard-brave-validation.test.ts
• test/onboard-selection.test.ts

✅ Files skipped from review due to trivial changes (1)

• scripts/dev-tier-selector.js

[coderabbitai]

🧹 Nitpick comments (2)

src/lib/onboard/credential-navigation.ts (1)

119-122: 💤 Low value

Consider using exitOnboardFromPrompt consistently for all exit paths.

The function receives exitOnboardFromPrompt but calls process.exit(1) directly when envName is null. While this is a programming error rather than user-initiated exit, using the injected exit function would maintain consistency and improve testability.

♻️ Optional consistency improvement

   if (!envName) {
     console.error(`  Missing credential target for ${label}.`);
-    process.exit(1);
+    exitOnboardFromPrompt();
   }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/onboard/credential-navigation.ts` around lines 119 - 122, The
early-exit branch that currently does console.error(...) followed by
process.exit(1) should call the injected exit handler instead: replace the
process.exit(1) call inside the if (!envName) check with
exitOnboardFromPrompt(1) so the function uses the provided exitOnboardFromPrompt
for exits (keep the console.error message using label as-is); update the block
around envName and label to call exitOnboardFromPrompt(1) rather than
process.exit.

src/lib/onboard.ts (1)

6068-6085: Run the targeted onboarding E2E slices before merge.

These back-navigation changes now sit in the core provider-selection loop, so I’d still run the focused nightly jobs that cover cloud onboarding plus the Bedrock/Hermes/messaging branches touched by this flow.

As per coding guidelines: src/lib/onboard.ts: "This file contains core onboarding logic. Changes here affect the full sandbox creation and configuration flow."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/onboard.ts` around lines 6068 - 6085, The changes to the
provider-selection loop (variables model, provider, nimContainer, endpointUrl,
credentialEnv and the resetSelectionAttemptState function, plus
hermesAuthMethod, hermesToolGateways and preferredInferenceApi) affect core
onboarding flow; before merging, run the targeted onboarding E2E slices (cloud
onboarding + Bedrock/Hermes/messaging branches) that exercise the
provider-selection/back-navigation paths and the resetSelectionAttemptState
behavior to ensure sandbox creation/configuration and back-navigation work
end-to-end without regressions.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/lib/onboard.ts`:
- Around line 6068-6085: The changes to the provider-selection loop (variables
model, provider, nimContainer, endpointUrl, credentialEnv and the
resetSelectionAttemptState function, plus hermesAuthMethod, hermesToolGateways
and preferredInferenceApi) affect core onboarding flow; before merging, run the
targeted onboarding E2E slices (cloud onboarding + Bedrock/Hermes/messaging
branches) that exercise the provider-selection/back-navigation paths and the
resetSelectionAttemptState behavior to ensure sandbox creation/configuration and
back-navigation work end-to-end without regressions.

In `@src/lib/onboard/credential-navigation.ts`:
- Around line 119-122: The early-exit branch that currently does
console.error(...) followed by process.exit(1) should call the injected exit
handler instead: replace the process.exit(1) call inside the if (!envName) check
with exitOnboardFromPrompt(1) so the function uses the provided
exitOnboardFromPrompt for exits (keep the console.error message using label
as-is); update the block around envName and label to call
exitOnboardFromPrompt(1) rather than process.exit.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 4742edf7-9db9-4c4d-b151-10d69385260b

📥 Commits

Reviewing files that changed from the base of the PR and between 35b9ab4 and dbfd25c.

📒 Files selected for processing (11)

• scripts/dev-tier-selector.js
• src/lib/credentials/store.ts
• src/lib/inference/model-prompts.ts
• src/lib/navigation.ts
• src/lib/onboard.ts
• src/lib/onboard/bedrock-runtime.test.ts
• src/lib/onboard/bedrock-runtime.ts
• src/lib/onboard/credential-navigation.ts
• test/credentials.test.ts
• test/onboard-brave-validation.test.ts
• test/onboard-selection.test.ts

[wscurran]

✨ Related open issues:

• #3697 [macOS][Onboard] back/exit keywords swallowed as literal API key at provider prompts

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (4)

src/lib/onboard.ts (1)

6068-6085: Run the onboarding E2E subset on this branch.

This now threads back/exit control flow through provider selection, credential replacement, local-provider fallbacks, and Bedrock/Hermes branches, so targeted cloud-e2e, messaging-compatible-endpoint-e2e, and bedrock-runtime-compatible-anthropic-e2e coverage feels worthwhile before merge.

As per coding guidelines: src/lib/onboard.ts: "This file contains core onboarding logic. Changes here affect the full sandbox creation and configuration flow."

Also applies to: 6278-7332

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/onboard.ts` around lines 6068 - 6085, Run the onboarding E2E subset
(cloud-e2e, messaging-compatible-endpoint-e2e,
bedrock-runtime-compatible-anthropic-e2e) to exercise the full threaded control
flow through provider selection, credential replacement, local-provider
fallbacks, and Bedrock/Hermes branches; if failures occur, inspect the
onboarding flow that uses the variables model, provider, nimContainer,
endpointUrl, credentialEnv, hermesAuthMethod, hermesToolGateways,
preferredInferenceApi and the resetSelectionAttemptState function to ensure all
mutated state is correctly reset and all branches (remote vs local provider,
Bedrock vs Hermes) behave as expected, then fix logic or add guards/tests so
those branches pass the E2E subset.

test/onboard-brave-validation.test.ts (1)

355-366: ⚡ Quick win

Tighten the back-navigation assertion to reject any credential staging.

The current check only rejects a literal "back" value. Assert no save calls happened for this path.

Suggested diff

-    expect(payload.saved.every((entry) => entry.value !== "back")).toBe(true);
+    expect(payload.saved).toEqual([]);

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/onboard-brave-validation.test.ts` around lines 355 - 366, The test's
current assertion only forbids a literal "back" in payload.saved entries;
instead assert that no save operations occurred by checking payload.saved is
empty. Update the assertion in the "does not stage back as a Brave Search API
key" test (which uses runInteractiveConfigureWebSearch and inspects
payload.saved) to explicitly expect payload.saved toHaveLength(0) or
toEqual([]), ensuring no credentials were staged for the "back" path.

src/lib/onboard/bedrock-runtime.ts (1)

58-114: Run the Bedrock-compatible Anthropic E2E job before merge.

This path is security/endpoint-sensitive; a targeted E2E pass would de-risk regressions in adapter routing and back-navigation behavior.

As per coding guidelines: src/lib/onboard/bedrock-runtime.ts includes the recommendation to run bedrock-runtime-compatible-anthropic-e2e via gh workflow run nightly-e2e.yaml --ref <branch> -f jobs=bedrock-runtime-compatible-anthropic-e2e.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/onboard/bedrock-runtime.ts` around lines 58 - 114, The
selectBedrockRuntimeCustomAnthropic path is endpoint- and auth-sensitive and
must be validated by the dedicated E2E job before merging; run the nightly-e2e
workflow for the bedrock-runtime-compatible-anthropic-e2e job against your
branch (gh workflow run nightly-e2e.yaml --ref <branch> -f
jobs=bedrock-runtime-compatible-anthropic-e2e) and confirm the adapter routing,
credential replacement flow (replaceNamedCredential), backToSelection behavior,
and non-interactive branch (isNonInteractive/defaultModel) all pass before
merging.

test/onboard-selection.test.ts (1)

3847-3915: ⚡ Quick win

Cover help and ? at secret credential prompts too.

The linked credential-navigation fix also calls out help/?, but this matrix only exercises back and one exit path. A regression that still stages those help keywords as literal secrets would pass this suite.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/onboard-selection.test.ts` around lines 3847 - 3915, The test matrix
secretCredentialBackScenarios only checks "back" and one "exit" path so it
misses the help keywords; add entries to secretCredentialBackScenarios that
exercise typing "help" and "?" at a secret credential prompt (e.g., mirror the
existing "Anthropic" case with answers ["4","help"] and ["4","?"] or similar for
another provider), set an expectedOutcome (e.g., "help") for those cases, and
ensure the test harness loop that calls runCredentialBackScenario interprets
expectedOutcome "help" appropriately so the new cases are executed and asserted.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/lib/onboard.ts`:
- Around line 2018-2023: The prompt handler maps a "back" intent to null and
then treats null as "skip Brave Web Search", losing the real back/navigation
intent; update ensureValidatedBraveSearchCredential (and its use of
credentialPrompt.readValue) to preserve a distinct back sentinel (e.g., a unique
Symbol or specific BACK constant) instead of returning null, propagate that
sentinel through ensureValidatedBraveSearchCredential's return value, and change
callers that currently treat null as "disable web search" to explicitly check
for the BACK sentinel and reopen the previous selection while keeping null (or a
separate SKIP value) reserved for "disable" behavior; reference
credentialPrompt.readValue and ensureValidatedBraveSearchCredential to locate
where to change the mapping and propagation.

---

Nitpick comments:
In `@src/lib/onboard.ts`:
- Around line 6068-6085: Run the onboarding E2E subset (cloud-e2e,
messaging-compatible-endpoint-e2e, bedrock-runtime-compatible-anthropic-e2e) to
exercise the full threaded control flow through provider selection, credential
replacement, local-provider fallbacks, and Bedrock/Hermes branches; if failures
occur, inspect the onboarding flow that uses the variables model, provider,
nimContainer, endpointUrl, credentialEnv, hermesAuthMethod, hermesToolGateways,
preferredInferenceApi and the resetSelectionAttemptState function to ensure all
mutated state is correctly reset and all branches (remote vs local provider,
Bedrock vs Hermes) behave as expected, then fix logic or add guards/tests so
those branches pass the E2E subset.

In `@src/lib/onboard/bedrock-runtime.ts`:
- Around line 58-114: The selectBedrockRuntimeCustomAnthropic path is endpoint-
and auth-sensitive and must be validated by the dedicated E2E job before
merging; run the nightly-e2e workflow for the
bedrock-runtime-compatible-anthropic-e2e job against your branch (gh workflow
run nightly-e2e.yaml --ref <branch> -f
jobs=bedrock-runtime-compatible-anthropic-e2e) and confirm the adapter routing,
credential replacement flow (replaceNamedCredential), backToSelection behavior,
and non-interactive branch (isNonInteractive/defaultModel) all pass before
merging.

In `@test/onboard-brave-validation.test.ts`:
- Around line 355-366: The test's current assertion only forbids a literal
"back" in payload.saved entries; instead assert that no save operations occurred
by checking payload.saved is empty. Update the assertion in the "does not stage
back as a Brave Search API key" test (which uses
runInteractiveConfigureWebSearch and inspects payload.saved) to explicitly
expect payload.saved toHaveLength(0) or toEqual([]), ensuring no credentials
were staged for the "back" path.

In `@test/onboard-selection.test.ts`:
- Around line 3847-3915: The test matrix secretCredentialBackScenarios only
checks "back" and one "exit" path so it misses the help keywords; add entries to
secretCredentialBackScenarios that exercise typing "help" and "?" at a secret
credential prompt (e.g., mirror the existing "Anthropic" case with answers
["4","help"] and ["4","?"] or similar for another provider), set an
expectedOutcome (e.g., "help") for those cases, and ensure the test harness loop
that calls runCredentialBackScenario interprets expectedOutcome "help"
appropriately so the new cases are executed and asserted.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 11888977-fc79-4e7f-9833-97de37eb00b4

📥 Commits

Reviewing files that changed from the base of the PR and between dbfd25c and d6f128e.

📒 Files selected for processing (12)

• scripts/dev-tier-selector.js
• src/lib/credentials/store.ts
• src/lib/inference/model-prompts.ts
• src/lib/navigation.ts
• src/lib/onboard.ts
• src/lib/onboard/bedrock-runtime.test.ts
• src/lib/onboard/bedrock-runtime.ts
• src/lib/onboard/credential-navigation.test.ts
• src/lib/onboard/credential-navigation.ts
• test/credentials.test.ts
• test/onboard-brave-validation.test.ts
• test/onboard-selection.test.ts

[ericksoa]

Approved after merge-forward topper. The conflict repair preserves current-main Brave preset filtering while keeping the credential prompt back-navigation behavior. Focused validation passed build plus 117 tests across credential navigation, Bedrock runtime, credentials, Brave validation, and onboard selection, and all live checks are green at 170973c.