fix: resolve openclaw.json permissions conflict and scope Dockerfile …

[franknvda1]

…lockdown

• Bake both 'nvidia' and 'inference' providers into openclaw.json at image build time; remove runtime Python config-patching from buildSandboxConfigSyncScript (writes to locked root:root 444 file)
• Use openclaw models set for runtime model selection (writes to writable agent config in .openclaw-data/)
• Add identity/, devices/, canvas/, cron/ to .openclaw-data symlinks so the gateway can write device-auth.json at runtime
• Remove dead openclaw doctor --fix and openclaw plugins install calls from nemoclaw-start.sh (already ran at build time, fail with EPERM at runtime)

Caused-by: 2d3f84e (fix: lock gateway config via Landlock filesystem policy) Fixes #514

Summary

Related Issue

Changes

Type of Change

• Code change for a new feature, bug fix, or refactor.
• Code change with doc updates.
• Doc only. Prose changes without code sample modifications.
• Doc only. Includes code sample changes.

Testing

• make check passes.
• npm test passes.
• make docs builds without warnings. (for doc-only changes)

Checklist

General

• I have read and followed the contributing guide.
• I have read and followed the style guide. (for doc-only changes)

Code Changes

• make format applied (TypeScript and Python).
• Tests added or updated for new or changed behavior.
• No secrets, API keys, or credentials committed.
• Doc pages updated for any user-facing behavior changes (new commands, changed defaults, new features, bug fixes that contradict existing docs).

Doc Changes

• Follows the style guide. Try running the update-docs agent skill to draft changes while complying with the style guide. For example, prompt your agent with "/update-docs catch up the docs for the new changes I made in this PR."
• New pages include SPDX license header and frontmatter, if creating a new page.
• Cross-references and links verified.

Summary by CodeRabbit

• New Features

  • Added support for multiple model providers in configuration.

• Improvements

  • Simplified runtime initialization by moving configuration steps to build time, reducing startup overhead.
  • Model selection now handled via command-line interface for better consistency.

• Tests

  • Updated test cases to reflect new configuration workflow.

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR makes OpenClaw configuration immutable by moving runtime state to separate writable directories with symlinks, pre-baking agent configuration at Docker build time, and removing all runtime modifications to openclaw.json. This prevents agents from self-modifying security-critical configuration files.

Changes

Cohort / File(s)	Summary
Docker Build Configuration Dockerfile	Provisions writable state directories (identity, devices, canvas, cron) under /sandbox/.openclaw-data/ with symlinks into the immutable /sandbox/.openclaw/ tree. Adds update-check.json to data directory. Expands models.providers configuration to include an inference provider alongside the existing nvidia provider, with the primary agent model configured to use inference/{model} format.
Runtime Onboarding bin/lib/onboard.js	Removes embedded Python logic that modified openclaw.json at runtime (agent defaults, provider injection). Simplifies generated sandbox-config sync script to only write NemoClaw selection config and invoke openclaw models set for model activation, with provider/model configuration now pre-baked at image build time.
Container Startup scripts/nemoclaw-start.sh	Removes openclaw doctor --fix and openclaw plugins install invocations with explanatory comments indicating these operations now occur during Docker build and cannot run at runtime due to EPERM restrictions on the locked /sandbox/.openclaw directory.
Test Expectations test/onboard.test.js	Updates test assertions to verify the script writes to ~/.nemoclaw/config.json with model selection and credentials, invokes openclaw models set 'inference/<model>' CLI, and does not reference openclaw.json (treating it as immutable). Removes assertions for prior JSON manipulation implementation details.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~15 minutes

Poem

🐰 Hop, hop—no more config tweaks for thee!
Build-time bakes what agents dare not see
Symlinks shield the data, read-only stays the key
Security takes root, immutably free 🔐

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately reflects the main changes: resolving openclaw.json permissions conflicts and scoping Dockerfile lockdown, which aligns with the core objective of preventing unauthorized modifications.
Linked Issues check	✅ Passed	The PR implements the proposed fix for #514 by making openclaw.json read-only at build time, removing runtime modification attempts, and adjusting filesystem layout to isolate writable state from locked directories.
Out of Scope Changes check	✅ Passed	All changes directly support the stated objective of preventing runtime modifications to openclaw.json. The Dockerfile changes pre-bake configuration, onboard.js removes JSON modification, and nemoclaw-start.sh removes problematic runtime operations.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[DanTup]

I was testing this out because onboarding is broken for me (see #580), but the # pragma: allowlist secret comment here (and also above on line 108) seemed to break this for me. It resulted in:

SyntaxError: '{' was never closed

[kjw3]

Thanks for the work on this. The core fix direction from #570 has now landed through #588, which carried the same approach forward and closed the remaining gap.

I’m going to close this one as superseded so the history stays clean, but the contribution here was useful and directly informed the merged fix.

Let it rip 🤙

[0x1stvan]

Thanks for the work on this. The core fix direction from #570 has now landed through #588, which carried the same approach forward and closed the remaining gap.

I’m going to close this one as superseded so the history stays clean, but the contribution here was useful and directly informed the merged fix.

Let it rip 🤙

Isn't this just brake the openclaw configuration inside the sandbox? I get permission denied trying to set the configs for example: openclaw config set allowedOrigins, returns EACCES: permission denied, copyfile '/sandbox/.openclaw/openclaw.json