feat(onboard): enable OpenClaw OTEL diagnostics

[amata-human]

Summary

• Adds opt-in OpenClaw OTEL diagnostics wiring for sandboxed conversation traces.
• Installs/enables the diagnostics OTEL plugin when requested and emits the corresponding OpenClaw diagnostics config.
• Adds local policy preset/docs support and a temporary OpenTelemetry JS proxy workaround linked to upstream issue @opentelemetry/otlp-exporter-base createHttpAgent() ignores HTTPS_PROXY env / EnvHttpProxyAgent — silent telemetry loss for users behind env-proxies open-telemetry/opentelemetry-js#6638.
  Closes feat(openclaw): add OTEL diagnostics setup for conversation latency traces #4368.

Test plan

• npx vitest run test/generate-openclaw-config.test.ts test/openclaw-build-messaging-plugins.test.ts src/lib/onboard/openclaw-otel-policy-presets.test.ts

Signed-off-by: Angel Mata amata@nvidia.com

Summary by CodeRabbit

• New Features

  • Opt-in OpenTelemetry (OTEL) conversation diagnostics for OpenClaw via environment flags, with configurable endpoint, service name, and sample rate (traces-only export).

• Policy

  • Added local OTEL preset for exporting traces to a local collector and auto-inclusion for OpenClaw sandboxes when OTEL is enabled.

• Documentation

  • New OTEL diagnostics guide with Jaeger example and remote-collector guidance.

• Tests

  • Expanded OTEL-related test coverage across config, presets, Docker build wiring, and onboarding flows.

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: c8b4121f-8640-4172-a6eb-a2e197eba992

📥 Commits

Reviewing files that changed from the base of the PR and between 586bd46 and 4ba4a58.

📒 Files selected for processing (3)

• .agents/skills/nemoclaw-user-reference/references/commands.md
• docs/reference/commands.mdx
• test/policies.test.ts

🚧 Files skipped from review as they are similar to previous changes (3)

• .agents/skills/nemoclaw-user-reference/references/commands.md
• test/policies.test.ts
• docs/reference/commands.mdx

---

📝 Walkthrough

Walkthrough

Adds opt-in OpenTelemetry diagnostics for OpenClaw conversation traces: new env vars and docs, local OTEL policy preset, OTEL-aware preset merging and initial policy wiring, config generation/validation, diagnostics plugin install/version enforcement, Docker build-time transport patching, staged Dockerfile ARG injection, gateway lifecycle refinements, and tests.

Changes

OpenClaw OTEL Conversation Diagnostics

Layer / File(s)	Summary
OTEL preset and helpers nemoclaw-blueprint/policies/presets/openclaw-diagnostics-otel-local.yaml, src/lib/onboard/openclaw-otel-policy-presets.ts, src/lib/onboard/openclaw-otel-policy-presets.test.ts	Defines openclaw-diagnostics-otel-local for OTLP/HTTP to host.openshell.internal:4318, and adds helpers to detect OTEL enablement, normalize agent names, validate endpoints, compute required presets, and merge/deduplicate.
Policy selection integration src/lib/onboard/policy-selection.ts, src/lib/onboard/policy-presets.ts, src/lib/onboard/machine/handlers/policies.ts	Threads agent and env through suggestion/merge/resume flows and applies OTEL-required preset merging in compute/merge/prepare flows.
Initial sandbox policy creation src/lib/onboard/initial-policy.ts, src/lib/onboard/initial-policy.test.ts	Includes required OTEL presets into the initial requestedCreateTimePresets when OTEL conditions apply and tests that behavior.
Config generation and validation scripts/generate-openclaw-config.mts, test/generate-openclaw-config.test.ts	Parses NEMOCLAW_OPENCLAW_OTEL*, sets defaults, validates endpoint/service/sample-rate (0.0–1.0), rejects embedded credentials, and conditionally enables diagnostics-otel plugin and config.diagnostics (traces-only by default).
Build script plugin installation scripts/openclaw-build-messaging-plugins.py, test/openclaw-build-messaging-plugins.test.ts	Adds DIAGNOSTICS_OTEL_PACKAGE, is_truthy_env(), requires OPENCLAW_VERSION when OTEL is enabled, appends diagnostics npm spec, and surfaces diagnosticsOtelEnabled in dry-run output with tests.
Docker build args and transport patch Dockerfile	Adds ARG NEMOCLAW_OPENCLAW_OTEL* build args and promotes them to ENV. When enabled, a conditional build step patches the bundled OTLP HTTP transport to respect NODE_USE_ENV_PROXY, with backup/verification and ownership/permission restoration.
Staged Dockerfile patching & tests src/lib/onboard/dockerfile-patch.ts, src/lib/onboard/dockerfile-patch.test.ts	Patches staged Dockerfile ARG lines from host env for OTEL keys, sanitizes values, throws if an expected ARG is missing, and adds tests validating missing-ARG failure and correct injections; tests centralize OTEL env cleanup.
Gateway lifecycle improvements src/lib/onboard/gateway-lifecycle.ts, src/lib/onboard/gateway-destroy.ts, src/lib/onboard/gateway-destroy.test.ts	Detects gateway destroy support explicitly and changes destroyGatewayWithVolumeCleanup to try gateway remove first and fall back to gateway destroy only when appropriate; includes fallback tests.
Tests and preset registration test/policies.test.ts, test/onboard-policy-suggestions.test.ts, other tests	Registers the new built-in preset and extends tests to cover preset selection/merging, config validation, build-script behavior, Dockerfile patching, and suggestion logic; updates env handling in tests.
Documentation .agents/skills/nemoclaw-user-reference/references/commands.md, docs/reference/commands.mdx	Adds onboarding env var rows for OTEL and a new “OpenClaw Conversation OTEL Diagnostics” section with a Jaeger local collector example and guidance for remote collectors/presets.

Sequence Diagram(s)

sequenceDiagram
  participant CLI
  participant PolicySelector
  participant PresetMerger
  participant ConfigGenerator

  CLI->>PolicySelector: start setup (agent, env)
  PolicySelector->>PresetMerger: compute suggestions + required OTEL presets
  PresetMerger->>PolicySelector: return merged preset list
  PolicySelector->>ConfigGenerator: generate OpenClaw config (env, presets)
  ConfigGenerator-->>CLI: emit config + diagnostics plugin if enabled

Loading

Estimated code review effort:
🎯 4 (Complex) | ⏱️ ~45 minutes

Suggested labels:
enhancement: feature, Docker, documentation

Suggested reviewers:

• ericksoa
• prekshivyas

"I hopped through code with tiny paws and cheer,
Env keys set, the traces hum near and clear,
Jaeger greets spans in ordered little rows,
A rabbit nods where the OpenClaw stream flows,
Diagnostics enabled — sniff, hop, and peer!"

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 6.90% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat(onboard): enable OpenClaw OTEL diagnostics' directly and clearly summarizes the main change: adding opt-in OpenClaw OpenTelemetry diagnostics support to the onboarding system.
Linked Issues check	✅ Passed	The PR successfully implements all acceptance criteria from issue #4368: enables diagnostics-otel plugin installation, provides OTEL endpoint configuration via environment variables, adds network policy preset, includes documentation, keeps tracing opt-in/disabled by default, and ensures collector failures are non-fatal.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to enabling OpenClaw OTEL diagnostics. The Dockerfile modifications, environment variable handling, policy presets, configuration generation, and related tests all support the core objective with no unrelated features introduced.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch 4368-conversation-otel-diagnostics

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🌿 Preview your docs: https://nvidia-preview-pr-4686.docs.buildwithfern.com/nemoclaw

[github-actions]

E2E Advisor Recommendation

Required E2E: cloud-e2e, network-policy-e2e, sandbox-operations-e2e
Optional E2E: cloud-onboard-e2e, rebuild-openclaw-e2e, diagnostics-e2e

Dispatch hint: cloud-e2e,network-policy-e2e,sandbox-operations-e2e

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

• cloud-e2e (high; live NVIDIA inference and Docker/OpenShell sandbox): Validates the complete install → onboard → sandbox image build → OpenClaw agent turn flow with real NVIDIA inference. High-signal for Dockerfile, generate-openclaw-config, plugin install, and default non-OTEL behavior regressions.
• network-policy-e2e (high; live sandbox with policy enforcement checks): Required because this PR adds a built-in network policy preset and changes initial/preset policy selection. This verifies deny-by-default, policy-add, hot reload, per-binary policy behavior, and host-gateway policy boundaries.
• sandbox-operations-e2e (high; creates multiple sandboxes and exercises destructive lifecycle paths): Required for gateway destroy/lifecycle changes. It exercises multi-sandbox operations, destroy cleanup, registry cleanup, and gateway recovery behavior that could regress with the gateway remove/legacy destroy fallback.

Optional E2E

• cloud-onboard-e2e (high; install/onboard plus live cloud inference checks): Additional confidence for installer/onboarding with explicit custom policy presets, Landlock/security checks, and inference.local after policy setup. Useful because policy selection and initial-policy files changed.
• rebuild-openclaw-e2e (high; builds old/current images and rebuilds a live sandbox): Useful adjacent coverage for rebuild image generation, OpenClaw version/config update, gateway token rotation, and policy preservation. Recommended if maintainers want extra confidence that new Dockerfile/config args do not break rebuilds.
• diagnostics-e2e (medium-high; live sandbox plus debug archive checks): Adjacent diagnostics confidence for debug/status/credential sanitization flows, but it does not specifically validate conversation OTEL export.

New E2E recommendations

• openclaw-otel-diagnostics-enabled-path (high): No existing E2E appears to enable NEMOCLAW_OPENCLAW_OTEL=1 or verify the diagnostics-otel plugin, OTLP/HTTP proxy patch, automatic openclaw-diagnostics-otel-local policy application before first trace flush, and actual trace delivery to a local collector.
  • Suggested test: Add an OpenClaw OTEL diagnostics E2E that starts a local OTLP/HTTP collector or Jaeger on host port 4318, runs NEMOCLAW_OPENCLAW_OTEL=1 nemoclaw onboard, verifies openclaw.json diagnostics config and diagnostics-otel plugin enablement, asserts openclaw-diagnostics-otel-local is applied, runs an OpenClaw agent turn, and confirms the collector received spans without prompt/tool content leakage.
• otel-policy-negative-boundaries (medium): The new preset allows host-gateway traffic to a private collector. Existing network-policy tests cover generic host-gateway access but not that this preset is narrowly limited to POST /v1/traces on port 4318 and only expected binaries.
  • Suggested test: Extend network policy E2E with a focused OTEL preset case: apply openclaw-diagnostics-otel-local, verify openclaw/node can POST /v1/traces to host.openshell.internal:4318, and verify other methods, paths, ports, and binaries remain denied.

Dispatch hint

• Workflow: E2E / Nightly
• jobs input: cloud-e2e,network-policy-e2e,sandbox-operations-e2e

[github-actions]

E2E Scenario Advisor Recommendation

Required scenario E2E: ubuntu-repo-cloud-openclaw, ubuntu-repo-cloud-openclaw-discord
Optional scenario E2E: ubuntu-repo-cloud-hermes, wsl-repo-cloud-openclaw, macos-repo-cloud-openclaw

Dispatch required scenario E2E:

• gh workflow run e2e-scenarios.yaml --ref <pr-head-ref> --field scenarios=ubuntu-repo-cloud-openclaw
• gh workflow run e2e-scenarios.yaml --ref <pr-head-ref> --field scenarios=ubuntu-repo-cloud-openclaw-discord

Workflow run

Full scenario advisor summary

E2E Scenario Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required scenario E2E

• ubuntu-repo-cloud-openclaw: Primary Ubuntu repo OpenClaw onboarding path exercises the changed Dockerfile build args, OpenClaw config generation, initial policy selection, gateway lifecycle, and baseline sandbox readiness behavior.
  • Dispatch: gh workflow run e2e-scenarios.yaml --ref <pr-head-ref> --field scenarios=ubuntu-repo-cloud-openclaw
• ubuntu-repo-cloud-openclaw-discord: Exercises the changed OpenClaw plugin build helper on an external plugin install path and validates messaging policy/preset application through scenario onboarding.
  • Dispatch: gh workflow run e2e-scenarios.yaml --ref <pr-head-ref> --field scenarios=ubuntu-repo-cloud-openclaw-discord

Optional scenario E2E

• ubuntu-repo-cloud-hermes: Optional cross-agent coverage for shared onboarding, gateway lifecycle, and policy-selection changes on the Hermes path.
  • Dispatch: gh workflow run e2e-scenarios.yaml --ref <pr-head-ref> --field scenarios=ubuntu-repo-cloud-hermes
• wsl-repo-cloud-openclaw: Optional special-runner coverage for the same OpenClaw repo onboarding/Docker surface under WSL.
  • Dispatch: gh workflow run e2e-scenarios.yaml --ref <pr-head-ref> --field scenarios=wsl-repo-cloud-openclaw
• macos-repo-cloud-openclaw: Optional special-runner coverage for adjacent OpenClaw repo onboarding CLI behavior on macOS.
  • Dispatch: gh workflow run e2e-scenarios.yaml --ref <pr-head-ref> --field scenarios=macos-repo-cloud-openclaw

Relevant changed files

• Dockerfile
• nemoclaw-blueprint/policies/presets/openclaw-diagnostics-otel-local.yaml
• scripts/generate-openclaw-config.mts
• scripts/openclaw-build-messaging-plugins.py
• src/lib/onboard/dockerfile-patch.ts
• src/lib/onboard/gateway-destroy.ts
• src/lib/onboard/gateway-lifecycle.ts
• src/lib/onboard/initial-policy.ts
• src/lib/onboard/machine/handlers/policies.ts
• src/lib/onboard/openclaw-otel-policy-presets.ts
• src/lib/onboard/policy-presets.ts
• src/lib/onboard/policy-selection.ts

[github-actions]

PR Review Advisor

Findings: 0 needs attention, 1 worth checking, 0 nice ideas
Top item: PR review advisor unavailable

Review findings

🛠️ Needs attention

• None.

🔎 Worth checking

• PR review advisor unavailable: The automated advisor could not complete: Could not parse JSON from PR review advisor output; see /home/runner/work/NemoClaw/NemoClaw/artifacts/pr-review-advisor/pr-review-advisor-raw-output.txt
  • Recommendation: Re-run the PR Review Advisor or perform a manual review.
  • Evidence: Could not parse JSON from PR review advisor output; see /home/runner/work/NemoClaw/NemoClaw/artifacts/pr-review-advisor/pr-review-advisor-raw-output.txt

🌱 Nice ideas

• None.

Workflow run details

This is an automated advisory review. A human maintainer must make the final merge decision.

[coderabbitai]

Actionable comments posted: 8

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

test/policies.test.ts (1)

148-151: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Preset count assertion is stale after adding the new OTEL preset.

You added a new preset name at Line 180, but the count assertion still expects 21 at Line 150. This makes the test suite internally inconsistent and likely failing.

✅ Suggested fix

-    it("returns all 21 presets", () => {
+    it("returns all 22 presets", () => {
       const presets = policies.listPresets();
-      expect(presets.length).toBe(21);
+      expect(presets.length).toBe(22);
     });

Also applies to: 180-180

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/policies.test.ts` around lines 148 - 151, The test's hardcoded preset
count is stale: update the assertion in the test that calls
policies.listPresets() to reflect the added OTEL preset (change expected value
from 21 to 22) or replace the fixed number check with a more robust assertion
(e.g., assert presets includes the new preset name) to keep policies.test.ts
(the it block invoking policies.listPresets()) consistent with the new preset
added.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@Dockerfile`:
- Line 508: The Dockerfile only declares ARG NEMOCLAW_OPENCLAW_OTEL while
patchStagedDockerfile() expects/rewrites NEMOCLAW_OPENCLAW_OTEL_ENDPOINT,
NEMOCLAW_OPENCLAW_OTEL_SERVICE_NAME, and NEMOCLAW_OPENCLAW_OTEL_SAMPLE_RATE; add
matching ARG declarations for NEMOCLAW_OPENCLAW_OTEL_ENDPOINT,
NEMOCLAW_OPENCLAW_OTEL_SERVICE_NAME, and NEMOCLAW_OPENCLAW_OTEL_SAMPLE_RATE
(with sensible defaults) near the existing ARG NEMOCLAW_OPENCLAW_OTEL so the
build-time rewrites in patchStagedDockerfile() take effect and OTEL
endpoint/service/sample-rate values propagate correctly.

In `@docs/reference/commands.mdx`:
- Around line 1860-1867: Replace the `console` fenced block containing the
Jaeger startup and onboard commands with a copyable bash block (no `$` prompts);
specifically change the block that includes the lines starting with "docker run
--rm --name nemoclaw-jaeger \\" and "NEMOCLAW_OPENCLAW_OTEL=1 nemoclaw onboard"
to use ```bash as the fence and remove any leading `$` prompt characters so the
two commands are directly copyable.

In `@src/lib/onboard.ts`:
- Line 3405: The added standalone line setting agentName causes a +1 net change;
remove this line and instead incorporate the defaulting without increasing file
size by either folding agentName into the existing object literal (use the same
object where the other fields are defined and place agentName: agent?.name ??
"openclaw" inline with those properties) or move the defaulting logic into the
onboarding policy initializer (update the symbol in initial-policy.ts that
constructs the agent payload to set agentName = agent?.name ?? "openclaw");
update references to the existing object or initializer (e.g., the object
literal where agentName was added and the initializer in initial-policy.ts) so
the default value is applied without adding new lines to this file.

In `@src/lib/onboard/dockerfile-patch.ts`:
- Around line 209-212: The current replacement of the Dockerfile ARG using
dockerfile = dockerfile.replace(new RegExp(`^ARG ${envKey}=.*$`, "m"), `ARG
${envKey}=${sanitizeDockerArg(rawValue)}`) can silently do nothing if no
matching ARG exists; update the code to detect whether the RegExp matched and
fail fast: run the RegExp.test() (or use String.prototype.match) against the
dockerfile for `^ARG ${envKey}=.*$` before performing the replace, and if there
is no match throw a descriptive Error (or return a failing result) that includes
envKey and rawValue so callers know the OTEL env key was not found; keep using
sanitizeDockerArg(...) for the replacement when a match exists.

In `@src/lib/onboard/gateway-destroy.ts`:
- Around line 43-52: The retry call to runOpenshell(["gateway","destroy",...])
should only run when the earlier probe indicates the CLI supports that legacy
subcommand; change the IIFE so after a failed runOpenshell(["gateway","remove",
gatewayName], ...) you check the probe (use the existing lifecycleCommands or
hasLifecycleCommands() value used earlier) and only invoke
runOpenshell(["gateway","destroy","-g", gatewayName], ...) when that probe shows
gateway destroy is available; otherwise return false immediately. Ensure you
reference the same probe variable/function used on line 40 (e.g.,
lifecycleCommands or hasLifecycleCommands()) and keep gatewayName and
runOpenshell unchanged.

In `@src/lib/onboard/initial-policy.test.ts`:
- Around line 239-254: The test for "merges openclaw-diagnostics-otel-local at
create time when OTEL is enabled" is flaky because it only toggles
NEMOCLAW_OPENCLAW_OTEL and doesn't control any OTEL endpoint env vars; ensure
hermetic behavior by saving and then clearing (or setting to a deterministic
value) NEMOCLAW_OPENCLAW_OTEL_ENDPOINT (and any other related OTEL endpoint vars
if present) before calling prepareInitialSandboxCreatePolicy, and restore the
originals in the finally block so the assertion about appliedPresets remains
deterministic.

In `@src/lib/onboard/openclaw-otel-policy-presets.ts`:
- Around line 19-24: requiredOpenclawOtelPolicyPresets currently always injects
OPENCLAW_OTEL_LOCAL_POLICY_PRESET when OTEL is enabled; change it to only add
the local preset when the configured OTLP/collector endpoint is the local
default (or not set). Update requiredOpenclawOtelPolicyPresets to read the OTLP
endpoint from the environment (the same env var your codebase uses for OTEL
endpoint), and only return [OPENCLAW_OTEL_LOCAL_POLICY_PRESET] when that value
is empty/undefined or explicitly points to the local host (e.g.,
host.openshell.internal:4318); otherwise return [] so non-local collectors
aren’t forced to use the local preset. Use or add a small helper like
isOpenclawOtelEndpointLocal(env) if one doesn’t exist to keep the check
readable.

In `@src/lib/onboard/policy-selection.ts`:
- Around line 168-170: The openclaw branch is still using process.env directly;
update the suggestion flow to use the injected env by threading deps.env into
the suggestion options and calling isOpenclawOtelEnabled(env) instead of the
global process.env. Locate the openclaw block in policy-selection.ts (the agent
=== "openclaw" branch), ensure the current SetupPresetSuggestionOptions receives
the env parameter from the caller (pass deps.env or the existing env variable)
and replace the isOpenclawOtelEnabled() call with isOpenclawOtelEnabled(env) so
OTEL suggestions reflect the merged/applied env. Ensure any types/signatures
that construct or accept SetupPresetSuggestionOptions are updated to include the
env argument.

---

Outside diff comments:
In `@test/policies.test.ts`:
- Around line 148-151: The test's hardcoded preset count is stale: update the
assertion in the test that calls policies.listPresets() to reflect the added
OTEL preset (change expected value from 21 to 22) or replace the fixed number
check with a more robust assertion (e.g., assert presets includes the new preset
name) to keep policies.test.ts (the it block invoking policies.listPresets())
consistent with the new preset added.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: be99779e-bfdd-45e1-b300-b5177629f060

📥 Commits

Reviewing files that changed from the base of the PR and between 3f8e401 and 3610a80.

📒 Files selected for processing (23)

• .agents/skills/nemoclaw-user-reference/references/commands.md
• Dockerfile
• docs/reference/commands.mdx
• nemoclaw-blueprint/policies/presets/openclaw-diagnostics-otel-local.yaml
• scripts/generate-openclaw-config.mts
• scripts/openclaw-build-messaging-plugins.py
• src/lib/onboard.ts
• src/lib/onboard/dockerfile-patch.test.ts
• src/lib/onboard/dockerfile-patch.ts
• src/lib/onboard/gateway-destroy.test.ts
• src/lib/onboard/gateway-destroy.ts
• src/lib/onboard/gateway-lifecycle.ts
• src/lib/onboard/initial-policy.test.ts
• src/lib/onboard/initial-policy.ts
• src/lib/onboard/machine/handlers/policies.ts
• src/lib/onboard/openclaw-otel-policy-presets.test.ts
• src/lib/onboard/openclaw-otel-policy-presets.ts
• src/lib/onboard/policy-presets.ts
• src/lib/onboard/policy-selection.ts
• test/generate-openclaw-config.test.ts
• test/onboard-policy-suggestions.test.ts
• test/openclaw-build-messaging-plugins.test.ts
• test/policies.test.ts

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/lib/onboard/policy-presets.ts`:
- Line 10: The branch that currently only checks for the literal "openclaw"
should use the same OpenClaw semantics as requiredOpenclawOtelPolicyPresets so
null/blank agents get the same suggestions; update the condition that adds
"openclaw-pricing" and OTEL suggestions to treat agent === null or agent.trim()
=== "" as OpenClaw (or call the existing helper/isOpenclaw check) so callers
relying on the default agent receive the OpenClaw suggestions consistent with
requiredOpenclawOtelPolicyPresets.

In `@src/lib/onboard/policy-selection.ts`:
- Around line 17-20: The suggestion branch currently checks for the literal
"openclaw" which diverges from the shared predicate; update the branch that
checks agent === "openclaw" to call the shared predicate
(requiredOpenclawOtelPolicyPresets(agent) or the common isOpenClaw/OpenClaw
predicate used elsewhere) so null/empty/whitespace agents are treated the same
and the OTEL preset and openclaw-pricing logic follow the later merge; make the
same replacement in the other occurrence (the branch around lines 172-177) so
both suggestion paths use the shared predicate.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: e95edbc0-245e-4f6b-9461-dd478f9cfd3d

📥 Commits

Reviewing files that changed from the base of the PR and between 3610a80 and 4f6c06b.

📒 Files selected for processing (14)

• Dockerfile
• docs/reference/commands.mdx
• src/lib/onboard/dockerfile-patch.test.ts
• src/lib/onboard/dockerfile-patch.ts
• src/lib/onboard/gateway-destroy.test.ts
• src/lib/onboard/gateway-destroy.ts
• src/lib/onboard/initial-policy.test.ts
• src/lib/onboard/initial-policy.ts
• src/lib/onboard/openclaw-otel-policy-presets.test.ts
• src/lib/onboard/openclaw-otel-policy-presets.ts
• src/lib/onboard/policy-presets.ts
• src/lib/onboard/policy-selection.ts
• test/onboard-policy-suggestions.test.ts
• test/policies.test.ts

🚧 Files skipped from review as they are similar to previous changes (8)

• src/lib/onboard/gateway-destroy.test.ts
• src/lib/onboard/dockerfile-patch.ts
• src/lib/onboard/initial-policy.ts
• src/lib/onboard/gateway-destroy.ts
• src/lib/onboard/initial-policy.test.ts
• src/lib/onboard/openclaw-otel-policy-presets.test.ts
• docs/reference/commands.mdx
• test/policies.test.ts

[wscurran]

✨
Related open issues:

• #4368 feat(openclaw): add OTEL diagnostics setup for conversation latency traces