fix(onboard): record Docker driver for macOS docker-driver sandboxes (#3728)#4221
Merged
Merged
Conversation
…VIDIA#3728) The metadata helper mapped `process.platform === "darwin"` to `openshellDriver: "vm"` even when the Docker-driver gateway path was enabled. OpenShell's Docker-driver gateway always starts with `OPENSHELL_DRIVERS=docker`, including on macOS arm64 (NVIDIA#3454), so a fresh macOS sandbox onboarded today is a Docker sandbox, not a VM sandbox. Recording `"vm"` made the post-create flow run the VM-only DNS monkeypatch and surface its warning text for Docker-driver sandboxes, which is what NVIDIA#3728 reports. Drop the platform branch so the docker- driver path records `"docker"` on every supported host; legacy opt-in/already-registered VM sandboxes still match the `"vm"` checks they already wrote to disk. Adds a unit test for the metadata helper and an onboard wrapper regression test asserting macOS Docker-driver sandboxes emit no VM DNS monkeypatch log/warn output. Host can't run macOS directly, so the regression is covered via mocked `process.platform`. Signed-off-by: Yimo Jiang <yimoj@nvidia.com>
Contributor
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (3)
📝 WalkthroughWalkthroughThe PR fixes macOS docker-driver sandboxes being misclassified as VM sandboxes, which caused spurious VM-driver path warnings during the onboard process. It simplifies driver classification logic in ChangesDriver classification and VM warning fixes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Suggested labels
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 ESLint
ESLint skipped: no ESLint configuration detected in root package.json. To enable, add Comment |
Contributor
|
✨ Related open issues: |
cv
approved these changes
May 27, 2026
cv
pushed a commit
that referenced
this pull request
May 27, 2026
## Summary - Add the v0.0.53 release notes with the user-facing onboarding, inference, policy, runtime, Hermes, and maintainer-tooling changes from the release range. - Refresh generated `nemoclaw-user-*` skills from the current Fern docs, including already-merged policy, inference, troubleshooting, and command-reference updates. - Remove skipped experimental shield wording from generated-doc source so the release-prep skip-term gate stays clean. ## Source summary - #4197 -> `docs/about/release-notes.mdx`, `docs/reference/commands.mdx`: Document pre-recreate workspace backup, abort-on-partial-backup behavior, and `NEMOCLAW_RECREATE_WITHOUT_BACKUP`. - #4273 -> `docs/about/release-notes.mdx`, `docs/reference/troubleshooting.mdx`: Document the under-provisioned runtime prompt defaulting to abort in interactive onboarding. - #4220 -> `docs/about/release-notes.mdx`, `docs/network-policy/customize-network-policy.mdx`, `docs/network-policy/integration-policy-examples.mdx`: Include the `openclaw-pricing` preset and generated skill refresh. - #4253 -> `docs/about/release-notes.mdx`, `docs/inference/use-local-inference.mdx`, `docs/inference/switch-inference-providers.mdx`: Carry the Ollama runtime context-window docs into generated skills. - #4298 -> `docs/about/release-notes.mdx`, `docs/reference/troubleshooting.mdx`: Carry WSL Docker Desktop GPU guidance into generated skills and release notes. - #4297, #4210, #4221, #4225, #4288, #4306, #4311, #4319, #4342, #4284, #3327 -> `docs/about/release-notes.mdx`: Summarize release-range fixes and maintainer tooling changes that did not need new standalone docs pages. ## Verification - `python3 scripts/docs-to-skills.py docs/ .agents/skills/ --prefix nemoclaw-user --doc-platform fern-mdx` - `rg "permissive mode|shields down|shields up|shields status|config rotate-token|rotate-token" docs .agents/skills` returned no matches outside `docs/.docs-skip`. - `npm run docs` passes with full network access. Fern reports 0 errors and one existing light-mode accent contrast warning. - `FERN_VERSION=$(node -p "require('./fern/fern.config.json').version") && (cd fern && npx --yes "fern-api@${FERN_VERSION}" check --warnings)` reports 0 errors and the same contrast warning. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Added v0.0.53 release notes with updates to onboarding, sandbox recreation, and gateway handling * Introduced `openclaw-pricing` preset for model pricing endpoint management * Clarified Ollama context window configuration and local model validation behavior * Updated sandbox recreation workflow documentation with backup/restore details * Enhanced interactive onboarding defaults for under-provisioned runtime warnings * Revised security guidance for configuration directory permissions and immutability verification <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/NVIDIA/NemoClaw/pull/4360?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai -->
This was referenced May 29, 2026
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #3728. On macOS arm64 (and any other host where the Docker-driver
gateway path is enabled),
getSandboxRuntimeRegistryFieldsrecordedopenshellDriver: "vm"based purely onprocess.platform === "darwin".That mismatched the runtime — OpenShell's Docker-driver gateway always
starts with
OPENSHELL_DRIVERS=docker(#3454) — and downstream code keyedoff
openshellDriver === "vm"to run the VM-only DNS monkeypatch and emitthe misleading VM-driver warnings reported in the issue.
This change records
"docker"on every Docker-driver host. The VM-onlylog/warning paths are gated on
openshellDriver === "vm", so they nowstay silent for macOS Docker-driver sandboxes. Legacy/opt-in sandboxes
that were already written to disk with
openshellDriver: "vm"stilltrigger the existing VM-only compatibility shim.
Changes
src/lib/onboard/sandbox-registry-metadata.ts— drop theprocess.platform === "darwin" ? "vm" : "docker"branch; record"docker"wheneverisLinuxDockerDriverGatewayEnabled()is true.src/lib/onboard/sandbox-registry-metadata.test.ts(new) — unit testsasserting macOS Docker-driver →
"docker", Linux Docker-driver →"docker", and legacy Linux →"kubernetes".src/lib/onboard/vm-dns-monkeypatch.test.ts— regression test thatexercises the real
applyOpenShellVmDnsMonkeypatchwithopenshellDriver: "docker"on a mocked darwin platform and verifiesthe onboard wrapper emits no logs or warnings.
Test plan
npm run typecheck:clinpm run build:clinpx vitest run src/lib/onboard/sandbox-registry-metadata.test.ts src/lib/onboard/vm-dns-monkeypatch.test.ts src/lib/actions/sandbox/vm-dns-monkeypatch.test.ts— 18/18 passcd nemoclaw && npm run build && npm test— 457/457 passnpx @biomejs/biome checkclean on touched filesthe regression is covered by mocking
process.platform(allowedby the issue brief).
Signed-off-by: Yimo Jiang yimoj@nvidia.com
Summary by CodeRabbit
Bug Fixes
Tests