fix(sandbox): resolve workspace templates from package

[jyaunches]

Summary

Carries forward PR #3449 as a maintainer-signed squash commit so the sandbox workspace template fix can pass the repository verified-signature merge rule. The change resolves OpenClaw workspace templates from the installed package instead of relying on mutable source checkout paths.

Related Issue

Fixes #3240

Changes

• Update scripts/nemoclaw-start.sh to resolve workspace templates from the installed package location.
• Add regression coverage in test/nemoclaw-start.test.ts for sandbox template seeding and step-down wrapper behavior.
• Preserve original author attribution via Co-authored-by on the signed squash commit.

Type of Change

• Code change (feature, bug fix, or refactor)
• Code change with doc updates
• Doc only (prose changes, no code sample modifications)
• Doc only (includes code sample changes)

Verification

• npx prek run --all-files passes
• npm test passes
• Tests added or updated for new or changed behavior
• No secrets, API keys, or credentials committed
• Docs updated for user-facing behavior changes
• make docs builds without warnings (doc changes only)
• Doc pages follow the style guide (doc changes only)
• New doc pages include SPDX header and frontmatter (new pages only)

---

Signed-off-by: Julie Yaunches jyaunches@nvidia.com

Summary by CodeRabbit

• Improvements

  • More reliable default workspace template discovery and seeding across installation layouts, including sandboxed start flows; emits clearer diagnostics when no templates are found.

• Tests

  • Added comprehensive tests covering template seeding behavior, edge cases (skip bootstrap, existing content, symlinked workspaces), multiple template layouts, and sandboxed invocation.

[github-actions]

This repository limits contributors to 10 open pull requests. Please close or merge existing PRs before opening new ones.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: d892fd8c-5607-48f4-a24c-d73bedeb7d9d

📥 Commits

Reviewing files that changed from the base of the PR and between fbc2e62 and 2cf8787.

📒 Files selected for processing (2)

• scripts/nemoclaw-start.sh
• test/nemoclaw-start.test.ts

---

📝 Walkthrough

Walkthrough

Expands template discovery to probe multiple OpenClaw package roots and subpaths, adds a sandbox step-down wrapper to run seeding under the sandbox context, replaces the inline sandbox invocation with the wrapper, and adds tests covering discovery, gating, non-clobbering, symlink refusal, and sandbox execution.

Changes

Template Seeding Robustness

Layer / File(s)	Summary
Template directory search expansion scripts/nemoclaw-start.sh	seed_default_workspace_templates now discovers candidate OpenClaw roots (global npm root, hardcoded global install path, and the openclaw binary package directory) and checks both docs/reference/templates and dist/docs/reference/templates subdirectories, tracking attempted paths and improving diagnostics when templates are missing.
Sandbox wrapper helper and invocation scripts/nemoclaw-start.sh	Adds seed_default_workspace_templates_as_sandbox which exports the seeding function into a bash -c subshell and invokes it under STEP_DOWN_PREFIX_SANDBOX; the previous inline sandbox invocation in root-mode is replaced with a call to this helper.
Template seeding test coverage test/nemoclaw-start.test.ts	New Vitest suite exercises template discovery from multiple root/subpath candidates (including binary-resolved package root), verifies bootstrap skipping, non-clobbering, symlink refusal, error on missing templates, and validates execution via the sandbox wrapper; also stubs the wrapper in the Telegram diagnostics harness.

Sequence Diagram(s)

No sequence diagram necessary.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Suggested labels

NemoClaw CLI, fix

Suggested reviewers

• ericksoa

Poem

🐰 In sandbox soil the tiny seeds are sown,

We search through roots where hidden templates grown,
From docs or dist the guarded files we find,
Skip the BOOTSTRAP.md and leave old files kind,
Tests hop in place — the workspace springs to life.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: resolving workspace templates from the installed package instead of relying on mutable source checkout paths.
Linked Issues check	✅ Passed	The PR implements the required fix for issue #3240 by updating template resolution logic and adding comprehensive test coverage for sandbox template seeding behavior.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to resolving issue #3240: script updates for template discovery/seeding and corresponding test coverage with no unrelated modifications.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch maintainer/pr-3449-signed-squash

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint skipped: no ESLint configuration detected in root package.json. To enable, add eslint to devDependencies.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

PR Review Advisor

Recommendation: info only
Confidence: low
Analyzed HEAD: 2cf8787b3a76103ebf4fda5a03813d6ebb6db896
Findings: 0 blocker(s), 1 warning(s), 0 suggestion(s)

This is an automated advisory review. A human maintainer must make the final merge decision.

Limitations: Advisor execution failed: Could not configure advisor model openai/openai/gpt-5.5

Workflow run

Full advisor summary

PR Review Advisor

Base: origin/main
Head: HEAD
Analyzed SHA: 2cf8787b3a76103ebf4fda5a03813d6ebb6db896
Recommendation: info only
Confidence: low

PR review advisor failed: Could not configure advisor model openai/openai/gpt-5.5

Gate status

• CI: pending — 9 status context(s) appear pending.
• Mergeability: fail — mergeStateStatus=BLOCKED
• Review threads: fail — 1 unresolved review thread(s).
• Risky code tested: warning — Risky areas detected (installer/bootstrap shell, onboarding/host glue); test files changed, but coverage still needs semantic review.

🔴 Blockers

• None.

🟡 Warnings

• PR review advisor unavailable: The automated advisor could not complete: Could not configure advisor model openai/openai/gpt-5.5
  • Recommendation: Re-run the PR Review Advisor or perform a manual review.
  • Evidence: Could not configure advisor model openai/openai/gpt-5.5

🔵 Suggestions

• None.

Acceptance coverage

• No linked acceptance clauses were analyzed.

Security review

• warning — Secrets and Credentials: Advisor unavailable; human review required.
• warning — Input Validation and Data Sanitization: Advisor unavailable; human review required.
• warning — Authentication and Authorization: Advisor unavailable; human review required.
• warning — Dependencies and Third-Party Libraries: Advisor unavailable; human review required.
• warning — Error Handling and Logging: Advisor unavailable; human review required.
• warning — Cryptography and Data Protection: Advisor unavailable; human review required.
• warning — Configuration and Security Headers: Advisor unavailable; human review required.
• warning — Security Testing: Advisor unavailable; human review required.
• warning — Holistic Security Posture: Advisor unavailable; human review required.

Test / E2E status

• Test depth: e2e_required — Runtime/sandbox/infrastructure paths need real execution coverage: scripts/nemoclaw-start.sh.
• E2E Advisor: not_found (not found)

✅ What looks good

• No positives were identified by the advisor.

Review completeness

• Advisor execution failed: Could not configure advisor model openai/openai/gpt-5.5
• Human maintainer review required: yes

[github-actions]

E2E Advisor Recommendation

Required E2E: cloud-onboard-e2e, sandbox-survival-e2e
Optional E2E: skill-agent-e2e, shields-config-e2e

Dispatch hint: cloud-onboard-e2e,sandbox-survival-e2e

Auto-dispatched E2E: cloud-onboard-e2e, sandbox-survival-e2e via nightly-e2e.yaml at 2cf8787b3a76103ebf4fda5a03813d6ebb6db896 — nightly run

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

• cloud-onboard-e2e (medium): Validates install/onboard into a live OpenClaw sandbox and exercises scripts/nemoclaw-start.sh during first boot, including sandbox health, security checks, and inference.local after the workspace seeding path runs.
• sandbox-survival-e2e (medium): Covers sandbox startup and restart lifecycle with workspace/OpenClaw state persistence. This is important because the PR changes the sandbox entrypoint before gateway launch and workspace initialization ownership/step-down behavior.

Optional E2E

• skill-agent-e2e (medium): Useful confidence for a real OpenClaw assistant user flow after workspace template seeding, because it verifies the agent can read sandbox skills and complete an agent turn.
• shields-config-e2e (medium): Optional security-adjacent check because the modified entrypoint area is near config/workspace ownership and locked-file behavior; this job validates shields/config mutability and token rotation controls.

New E2E recommendations

• OpenClaw workspace template seeding (high): Existing E2E coverage appears to exercise live onboarding/startup but does not explicitly assert that AGENTS.md, SOUL.md, IDENTITY.md, USER.md, TOOLS.md, and HEARTBEAT.md are seeded from the installed OpenClaw templates, that BOOTSTRAP.md is omitted, and that files are sandbox-owned in a live sandbox.
  • Suggested test: Add a workspace-template-seeding E2E, or extend cloud-onboard-e2e, to inspect /sandbox/.openclaw/workspace after first boot with skipBootstrap=true and assert expected template files/content, BOOTSTRAP.md absence, ownership, and non-clobber behavior.

Dispatch hint

• Workflow: nightly-e2e.yaml
• jobs input: cloud-onboard-e2e,sandbox-survival-e2e

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26182279881
Target ref: 190636c2784941623bcee163ef1cd49c2051c5d5
Workflow ref: main
Requested jobs: cloud-onboard-e2e
Summary: 0 passed, 0 failed, 0 skipped

Job	Result
cloud-onboard-e2e	⚠️ cancelled

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26182589337
Target ref: 190636c2784941623bcee163ef1cd49c2051c5d5
Workflow ref: main
Requested jobs: cloud-onboard-e2e,sandbox-survival-e2e
Summary: 0 passed, 0 failed, 0 skipped

Job	Result
cloud-onboard-e2e	⚠️ cancelled
sandbox-survival-e2e	⚠️ cancelled

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26182964890
Target ref: 2cf8787b3a76103ebf4fda5a03813d6ebb6db896
Workflow ref: main
Requested jobs: cloud-onboard-e2e,sandbox-survival-e2e
Summary: 2 passed, 0 failed, 0 skipped

Job	Result
cloud-onboard-e2e	✅ success
sandbox-survival-e2e	✅ success

[ericksoa]

Approved after adversarial review at head 2cf8787. The workspace-template seeding path is gated on skipBootstrap, avoids symlink/non-empty workspace clobbering, uses the installed OpenClaw package templates, and runs through the sandbox step-down path for ownership. Focused local validation passed, PR checks are green, and the required selective E2E run passed cloud-onboard-e2e and sandbox-survival-e2e. The remaining GHAS ShellCheck note is informational and not a behavioral blocker in this context.