fix(e2e): restore macOS Docker VM compat comment after onboard refactor

[hunglp6d]

Fixes #5261

✨ [AI-generated PR]

Summary

Commit 27ae4c3 ("refactor(onboard): extract dockerfile patch flow") moved patchStagedDockerfile() from onboard.ts to sandbox-dockerfile-patch-flow.ts but dropped the design-intent comment that documents why darwinVmCompat=false for Docker builds. The openshell-gateway-upgrade-e2e test greps for this comment in onboard.ts as a design guard. This PR restores the comment in the new file and updates the test to grep the correct path.

Related Issue

Changes

• src/lib/onboard/sandbox-dockerfile-patch-flow.ts: Restore the // Docker-on-Colima uses normal container ownership comment above the false (darwinVmCompat) argument on line 148.
• test/e2e/test-openshell-gateway-upgrade.sh: Update the grep target from src/lib/onboard.ts to src/lib/onboard/sandbox-dockerfile-patch-flow.ts.

Validation

Custom-e2e validation was not run — the available token lacks the workflow scope required to push .github/workflows/custom-e2e.yaml. The fix is a mechanical comment restoration + grep path update with no behavioral change. Manual validation: run openshell-gateway-upgrade-e2e on this branch.

• Original failing run: 27386272836 on a3ae21b6eed8399099fd390bd45ad43e78218258
• Targeted job: openshell-gateway-upgrade-e2e (#80933852535)

Type of Change

• Code change (feature, bug fix, or refactor)
• Code change with doc updates
• Doc only (prose changes, no code sample modifications)
• Doc only (includes code sample changes)

Verification

• npx prek run --all-files passes
• npm test passes
• Tests added or updated for new or changed behavior
• No secrets, API keys, or credentials committed
• Docs updated for user-facing behavior changes

AI Disclosure

• AI-assisted — tool: Claude Code (nemoclaw-diagnosis skill)

---

Signed-off-by: Hung Le hple@nvidia.com

[copy-pr-bot]

Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually.

Contributors can view more details about this message here.

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 54af5c38-2558-44d0-843b-d40514b7279d

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/nightly-e2e-macos-docker-comment-grep-a3ae21b

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

E2E Advisor Recommendation

Required E2E: None
Optional E2E: None

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

• None. No E2E is required: the production source change is comment-only, and the E2E script change only updates a grep target for an existing assertion. There is no executable change that can affect installer/onboarding behavior, sandbox lifecycle, credentials, security boundaries, network policy, inference routing, deployment, or real assistant user flows.

Optional E2E

• None.

New E2E recommendations

• None.

[github-actions]

Vitest E2E Scenario Recommendation

Required Vitest E2E scenarios: ubuntu-repo-cloud-openclaw
Optional Vitest E2E scenarios: ubuntu-repo-docker-post-reboot-recovery

Dispatch required Vitest E2E scenarios:

• gh workflow run e2e-vitest-scenarios.yaml --ref <pr-head-ref> --field scenarios=ubuntu-repo-cloud-openclaw

Workflow run

Full Vitest E2E advisor summary

Vitest E2E Scenario Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required Vitest E2E scenarios

• ubuntu-repo-cloud-openclaw: The change touches the sandbox Dockerfile patch flow used during repo-current Docker onboarding. The smallest live-supported typed Vitest scenario that exercises this path is Ubuntu cloud OpenClaw onboarding.
  • Dispatch: gh workflow run e2e-vitest-scenarios.yaml --ref <pr-head-ref> --field scenarios=ubuntu-repo-cloud-openclaw

Optional Vitest E2E scenarios

• ubuntu-repo-docker-post-reboot-recovery: Optional adjacent coverage for the same live-supported Ubuntu Docker OpenClaw onboarding path with the post-reboot recovery lifecycle layered on top.
  • Dispatch: gh workflow run e2e-vitest-scenarios.yaml --ref <pr-head-ref> --field scenarios=ubuntu-repo-docker-post-reboot-recovery

Relevant changed files

• src/lib/onboard/sandbox-dockerfile-patch-flow.ts

[github-actions]

PR Review Advisor

Findings: 0 needs attention, 0 worth checking, 0 nice ideas
Since last review: 0 prior items resolved, 0 still apply, 0 new items found

Consider writing more tests for

• **Runtime validation** — Validate that `exercise_macos_docker_rootfs_permission_regression` succeeds with the design guard located in `src/lib/onboard/sandbox-dockerfile-patch-flow.ts`.. The touched surface is sandbox/runtime infrastructure, so targeted runtime or integration validation improves confidence even though this patch is mechanically comment/test-path-only and existing unit coverage verifies the call contract.
• **Runtime validation** — Validate that `prepareSandboxDockerfilePatch` continues to pass `false` for `darwinVmCompat` when preparing Docker/Colima sandbox builds.. The touched surface is sandbox/runtime infrastructure, so targeted runtime or integration validation improves confidence even though this patch is mechanically comment/test-path-only and existing unit coverage verifies the call contract.

Workflow run details

This is an automated advisory review. A human maintainer must make the final merge decision.

[hunglp6d]

This is AI-generated issue, closed due to a fix of #5269 was merged