Skip to content

fix(onboard): reserve skipped inference resume route#6768

Merged
cv merged 2 commits into
mainfrom
fix/onboard-resume-reserve-skipped-inference
Jul 13, 2026
Merged

fix(onboard): reserve skipped inference resume route#6768
cv merged 2 commits into
mainfrom
fix/onboard-resume-reserve-skipped-inference

Conversation

@sandl99

@sandl99 sandl99 commented Jul 13, 2026

Copy link
Copy Markdown
Collaborator

Summary

Resume onboarding can skip provider setup after the provider/model are already recorded but before sandbox setup is complete. This change reserves or repairs the sandbox inference route during that resume path so the later sandbox profile step does not fail with sandbox route reservation '<name>' disappeared while onboarding was in progress.

Related Issue

Fixes #6562

Changes

  • Reserve the sandbox inference route when nemoclaw onboard --resume skips already-ready inference while sandbox setup is still incomplete.
  • Apply the repair to both routed and direct-compatible provider branches while preserving complete-sandbox resume behavior.
  • Add regression coverage for the reported cancellation-after-sandbox-name resume path and the already-ready inference resume path.

What each PR/fix does:

Type of Change

  • Code change (feature, bug fix, or refactor)
  • Code change with doc updates
  • Doc only (prose changes, no code sample modifications)
  • Doc only (includes code sample changes)

Quality Gates

  • Tests added or updated for changed behavior
  • Existing tests cover changed behavior — justification:
  • Tests not applicable — justification:
  • Docs updated for user-facing behavior changes
  • Docs not applicable — justification: The public --resume contract is unchanged; this repairs internal route reservation state. A docs review found no documentation updates needed.
  • Sensitive paths changed (security, policy, credentials, preflight, onboarding, inference, runner, sandbox, or messaging)
  • Sensitive-path review completed or maintainer-approved waiver recorded — reviewer/approval link/justification:
  • Non-success, skipped, or missing CI check accepted by maintainer — check name, approval link, and follow-up issue:

Verification

  • PR description includes the DCO sign-off declaration and every commit appears as Verified in GitHub
  • Normal pre-commit, commit-msg, and pre-push hooks passed, or npm run check:diff passed when hooks were skipped or unavailable
    • git push -u origin HEAD ran pre-push TypeScript checks and passed.
    • npm run check:diff passed in a temporary clean worktree after npm run build:cli generated the required dist/ artifacts. The main checkout has ignored local worktrees/ directories that otherwise make the source-shape scanner inspect unrelated files.
  • Targeted behavior tests pass for the current change set, or tests are marked not applicable above — command/result or justification:
    • npx vitest run --project cli src/lib/onboard/machine/handlers/provider-inference.test.ts — passed (35 tests)
    • npx vitest run --project cli src/lib/onboard/machine/handlers/provider-inference-recovery-gating.test.ts src/lib/onboard/machine/handlers/provider-inference-route-containment.test.ts src/lib/state/registry-route-reservation.test.ts src/lib/onboard/setup-inference-route-containment.test.ts src/lib/onboard/sandbox-lifecycle.test.ts — passed (38 tests)
    • npm run typecheck:cli — passed
    • npm run build:cli — passed
  • Applicable broad gate passed — npm test for broad runtime/test-harness changes; npm run check for repo-wide validation/coverage changes — command/result:
  • Quality Gates section completed with required justifications or waivers
  • No secrets, API keys, or credentials committed
  • npm run docs builds without warnings (doc changes only)
  • Doc pages follow the style guide (doc changes only)
  • New doc pages include SPDX header and frontmatter (new pages only)

Signed-off-by: San Dang sdang@nvidia.com

Summary by CodeRabbit

  • Bug Fixes
    • Improved resume reliability during provider inference by correcting which sandbox route is reserved, even when inference is already ready or provider reselection is required.
    • Ensured no sandbox route is reserved when resuming after the sandbox step is already completed.
    • Updated routed-inference reservation behavior to match the expected host-alias endpoint details.
  • Tests
    • Added coverage to validate the resumed provider inference reservation flow and updated related router reconciliation expectations.

Signed-off-by: San Dang <sdang@nvidia.com>
@sandl99 sandl99 self-assigned this Jul 13, 2026
@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Walkthrough

Resume inference handling now derives the sandbox reservation name from resume state, conditionally reserves routes, and updates tests for skipped inference, redone provider selection, and routed-provider reservation parameters.

Changes

Resume inference reservation

Layer / File(s) Summary
Derive and apply resume reservation names
src/lib/onboard/machine/handlers/provider-inference.ts
Resume logic derives the reservation name from authoritative configuration and sandbox-step status, then uses it for routed and non-routed reservations and failure reporting.
Validate resumed route reservations
src/lib/onboard/machine/handlers/provider-inference.test.ts
Tests verify prompted sandbox route reservations for skipped inference and redone provider selection, omission after sandbox completion, and routed-provider reservation inputs.

Estimated code review effort: 3 (Moderate) | ~20 minutes

Possibly related PRs

Suggested labels: bug-fix, area: onboarding, area: inference

Suggested reviewers: cv, ericksoa, prekshivyas, cjagwani, jyaunches

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Linked Issues check ✅ Passed The implementation and tests address #6562 by preserving or restoring route reservation across --resume when inference is already complete.
Out of Scope Changes check ✅ Passed The changes stay focused on resume route-reservation logic and regression tests, with no unrelated scope visible.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title is clearly related to the main fix: reserving the inference route during resume when inference was skipped.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/onboard-resume-reserve-skipped-inference

Comment @coderabbitai help to get the list of available commands.

@github-code-quality

github-code-quality Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Code Coverage Overview

Languages: TypeScript

TypeScript / code-coverage/plugin

The overall coverage remains at 96%, unchanged from the branch.

TypeScript / code-coverage/cli

The overall coverage in the branch remains at 79%, unchanged from the branch.

Show a code coverage summary of the most impacted files.
File 3de1de6 0729488 +/-
src/lib/core/pr...mpt-activity.ts 92% 67% -25%
src/lib/security/redact.ts 99% 95% -4%
src/lib/onboard...er-inference.ts 94% 94% 0%
src/lib/securit...ntial-filter.ts 98% 99% +1%
src/lib/state/gateway.ts 88% 90% +2%
src/lib/runner.ts 72% 75% +3%
src/lib/state/m...-acquisition.ts 77% 80% +3%
src/lib/name-validation.ts 94% 100% +6%
src/lib/actions...ge-preflight.ts 74% 89% +15%

Updated July 13, 2026 12:24 UTC
Code Coverage is in Public Preview. Learn more and provide us with your feedback.

@github-actions

github-actions Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

E2E Advisor Recommendation

Required E2E: cloud-onboard, inference-routing, network-policy, onboard-repair, onboard-resume
Optional E2E: model-router-provider-routed-inference

Dispatch hint: cloud-onboard,inference-routing,network-policy,onboard-repair,onboard-resume,model-router-provider-routed-inference

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

  • cloud-onboard: Required deterministic floor: validate the modified onboarding flow on a clean hosted environment with a usable assistant.
  • inference-routing: Required deterministic floor: validate real host-to-sandbox inference routing, endpoint reachability, and inference.local behavior.
  • network-policy: Required deterministic floor: validate that the intended inference route is allowed at the sandbox network boundary without unintended egress.
  • onboard-repair: Required deterministic floor and onboarding-resume rule: validate persisted onboarding state repair and convergence after partial failure.
  • onboard-resume: Required deterministic floor and onboarding-resume rule: validate interrupted onboarding resume behavior across live sandbox and gateway state.

Optional E2E

  • model-router-provider-routed-inference: Adjacent confidence for the changed nvidia-router branch: it validates provider-routed onboarding, host router health, and sandbox inference.local completion.

New E2E recommendations

  • onboarding-resume-state (high): Current live resume and repair coverage exercises resumability, but this regression specifically requires an interrupted provider-ready onboarding run to reserve the selected sandbox route before sandbox creation, including the nvidia-router path, and then prove inference.local succeeds after completion.
    • Suggested test: Extend an existing live onboarding-resume or repair target with a provider-ready, sandbox-incomplete resume scenario that verifies the gateway reservation and a successful sandbox inference.local request for both a compatible provider and nvidia-router.

Dispatch hint

  • Workflow: .github/workflows/e2e.yaml
  • jobs input: cloud-onboard,inference-routing,network-policy,onboard-repair,onboard-resume,model-router-provider-routed-inference

@github-actions

github-actions Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

PR Review Advisor — No blocking findings

Merge posture: No blocking advisor findings
Primary next action: Review the warnings below.
Findings: 0 required · 1 warning · 0 optional suggestions
Since last review: 0 prior items resolved · 0 still apply · 1 new item found

1 warning · 0 optional suggestions

Warnings

These merit maintainer attention but do not block by themselves.

PRA-1 Warning — Cover failed reservation on the new incomplete-sandbox resume path

  • Location: src/lib/onboard/machine/handlers/provider-inference.test.ts:496
  • Category: tests
  • Problem: The new tests cover successful reservation for an incomplete sandbox and non-reservation after sandbox completion, but none makes `reserveSandboxInferenceRoute` return false in the newly broadened resume path. The handler has a distinct failure branch that must exit before recording inference as skipped or complete.
  • Impact: A future ordering regression could advance the persisted onboarding session after the route reservation fails, recreating a resume state that claims inference completed without the required route dependency.
  • Recommendation: Add a focused mocked handler test for a provider-selection-complete, sandbox-incomplete resume where `calls.reserveRoute` returns false; assert non-zero exit and that neither `recordStateSkipped("inference", ...)` nor `recordStepComplete("inference", ...)` is called.
  • Verification: In `provider-inference.test.ts`, search for `reserveRoute` configured to return `false` or assertions that skipped/complete recording is absent after a reservation failure; no such test exists in the changed suite.
  • Test coverage: A Vitest handler test with `isInferenceRouteReady` true and `reserveRoute` returning false for an incomplete sandbox session, asserting exit 1 and no inference skipped/completed session writes.
  • Evidence: `provider-inference.ts:699-723` reserves on the new incomplete-sandbox path and exits when the result is false before the skip/completion writes. `provider-inference.test.ts:496-588` asserts success for incomplete sandbox, no reservation for completed sandbox, and success after selection replay, but has no reservation-failure case. The nearby test-file search found no `reserveRoute` false or failed-reservation test.

Workflow run details

This is an automated review. Required findings need action before merge. Warnings and optional suggestions do not require a response or follow-up. A human maintainer makes the final merge decision.

Signed-off-by: San Dang <sdang@nvidia.com>
@wscurran wscurran added area: onboarding Onboarding FSM, provider setup, sandbox launch, or first-run flow area: sandbox OpenShell sandbox lifecycle, runtime, config, or recovery bug-fix PR fixes a bug or regression v0.0.82 Release target labels Jul 13, 2026
@sandl99 sandl99 added the VDR Linked to VDR finding label Jul 13, 2026
@github-actions

Copy link
Copy Markdown
Contributor

E2E Target Results — ✅ All requested tests passed

Run: 29260752181
Workflow ref: fix/onboard-resume-reserve-skipped-inference
Requested targets: (default — all supported)
Requested test IDs: model-router-provider-routed-inference
Summary: 1 passed, 0 failed, 0 cancelled, 0 skipped, 0 unknown

Test Result
model-router-provider-routed-inference ✅ success

@github-actions

Copy link
Copy Markdown
Contributor

E2E Target Results — ✅ All selected tests passed

Run: 29261685137
Workflow ref: fix/onboard-resume-reserve-skipped-inference
Requested targets: cloud-onboard,inference-routing,network-policy,onboard-repair,onboard-resume
Requested test IDs: (default — all default-enabled tests; explicit-only tests openshell-gateway-auth-contract, mcp-bridge-dev, hermes-gpu-startup, sandbox-rlimits-connect, and jetson-nvmap-gpu are skipped unless selected)
Summary: 5 passed, 0 failed, 0 cancelled, 0 skipped, 0 unknown

Test Result
cloud-onboard ✅ success
inference-routing ✅ success
network-policy ✅ success
onboard-repair ✅ success
onboard-resume ✅ success

@prekshivyas prekshivyas self-assigned this Jul 13, 2026

@prekshivyas prekshivyas left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed current head. Required CI, both PR advisors, CodeRabbit, and required/optional E2E coverage are clean. LGTM.

@cv cv merged commit 25d29e0 into main Jul 13, 2026
212 of 216 checks passed
@cv cv deleted the fix/onboard-resume-reserve-skipped-inference branch July 13, 2026 18:29
cv pushed a commit that referenced this pull request Jul 14, 2026
<!-- markdownlint-disable MD041 -->
## Summary

Release-prep documentation for v0.0.82 now summarizes user-facing
changes merged since v0.0.81.
It also closes stale wording in the stopped-sandbox backup,
snapshot-clone, Ollama selection, and custom-policy authoring guidance.

## Changes

- Add the `v0.0.82` section to `docs/about/release-notes.mdx` with links
to the focused user guides.
- Document that snapshot clones receive a destination-owned dashboard
port before destructive replacement begins.
- Align `backup-all` guidance with eligible stopped Docker-driver
sandboxes that NemoClaw starts temporarily.
- Describe the running and stopped Ollama menu states without claiming
one fixed label.
- Document runtime rejection of catch-all hosts in custom policy files.

### Source summary

- [#6748](#6748) ->
`docs/about/release-notes.mdx`, `docs/manage-sandboxes/lifecycle.mdx`,
and `docs/reference/commands.mdx`: Summarize non-destructive sandbox
`stop` and `start` commands.
- [#6723](#6723) ->
`docs/about/release-notes.mdx`,
`docs/manage-sandboxes/backup-restore.mdx`, and
`docs/reference/commands.mdx`: Record temporary startup and cleanup for
eligible stopped-sandbox backups.
- [#6749](#6749) ->
`docs/about/release-notes.mdx` and
`docs/manage-sandboxes/backup-restore.mdx`: Document destination-owned
dashboard ports for snapshot clones.
- [#6764](#6764) ->
`docs/about/release-notes.mdx`: Summarize installer handling of
route-only onboarding placeholders.
- [#6771](#6771) ->
`docs/about/release-notes.mdx`, `docs/inference/set-up-vllm.mdx`,
`docs/inference/choose-inference-provider.mdx`,
`docs/reference/commands.mdx`, and
`docs/reference/platform-support.mdx`: Summarize managed-vLLM storage
gates, immutable image digests, and the explicit override boundary.
- [#6759](#6759) ->
`docs/about/release-notes.mdx`: Record early, actionable OpenShell
gateway-port conflict diagnostics.
- [#6753](#6753) ->
`docs/about/release-notes.mdx` and `docs/inference/set-up-ollama.mdx`:
Document truthful running and stopped Ollama menu states.
- [#6776](#6776) ->
`docs/about/release-notes.mdx`: Summarize proxy-independent loopback
readiness checks.
- [#6769](#6769) ->
`docs/about/release-notes.mdx`: Record compatible endpoint and agent
guidance when Chat Completions is unavailable.
- [#6730](#6730) ->
`docs/about/release-notes.mdx`: Summarize bounded reuse of an eligible
successful Chat Completions check.
- [#6768](#6768) ->
`docs/about/release-notes.mdx`: Record route-reservation repair during
resumed onboarding.
- [#6742](#6742) ->
`docs/about/release-notes.mdx`: Summarize pre-mutation resolution of
secret-free sandbox create intent.
- [#6721](#6721) ->
`docs/about/release-notes.mdx` and
`docs/get-started/quickstart-langchain-deepagents-code.mdx`: Record
bounded cleanup of completed managed Deep Agents headless sessions.
- [#6731](#6731) ->
`docs/about/release-notes.mdx` and
`docs/network-policy/customize-network-policy.mdx`: Document runtime
rejection of catch-all custom-policy destinations.
- [#6729](#6729) ->
`docs/about/release-notes.mdx` and `docs/get-started/prerequisites.mdx`:
Record the Node.js 22.19 minimum.
- [#6735](#6735) ->
`docs/about/release-notes.mdx` and
`docs/reference/platform-support.mdx`: Summarize the Ubuntu 26.04
userspace contract without claiming pending host or live validation.
- [#6775](#6775) ->
`docs/about/release-notes.mdx` and
`docs/resources/community-contributions.mdx`: Route independent
solutions outside canonical supported-product documentation.
- [#6740](#6740) ->
`docs/about/release-notes.mdx`: Summarize the semantic
dependency-upgrade contributor workflow.
- [#6777](#6777) ->
`docs/about/release-notes.mdx` and `docs/CONTRIBUTING.md`: Summarize the
route-safe documentation-refactor workflow.
- [#6741](#6741) ->
`docs/about/release-notes.mdx` and
`docs/security/openclaw-2026.6.10-dependency-review.md`: Summarize
reviewed npm archive verification and audit enforcement.
- [#6739](#6739) ->
`docs/about/release-notes.mdx` and
`docs/security/openclaw-2026.6.10-dependency-review.md`: Record the
locked offline dependency graph for the managed OpenClaw WeChat runtime.
- [#6737](#6737) ->
`docs/about/release-notes.mdx`: Record removal of the messaging build
plan from final OpenClaw and Hermes image environments.
- [#6733](#6733) ->
`docs/about/release-notes.mdx`: Summarize cached plugin dependency
layers for source and blueprint rebuilds.

### Skipped from docs-skip

- None. No commit or changed path in `v0.0.81..origin/main` matched
`openclaw-sandbox-permissive.yaml` or `config-show`, and the drafted
content contains none of the configured skip terms.

## Type of Change

- [ ] Code change (feature, bug fix, or refactor)
- [ ] Code change with doc updates
- [x] Doc only (prose changes, no code sample modifications)
- [ ] Doc only (includes code sample changes)

## Quality Gates

- [ ] Tests added or updated for changed behavior
- [ ] Existing tests cover changed behavior — justification:
- [x] Tests not applicable — justification: This is a documentation-only
release-prep update; behavior is protected by the merged source PRs, and
the documentation build validates the changed routes and agent variants.
- [x] Docs updated for user-facing behavior changes
- [ ] Docs not applicable — justification:
- [ ] Sensitive paths changed (security, policy, credentials, preflight,
onboarding, inference, runner, sandbox, or messaging)
- [ ] Sensitive-path review completed or maintainer-approved waiver
recorded — reviewer/approval link/justification:
- [ ] Non-success, skipped, or missing CI check accepted by maintainer —
check name, approval link, and follow-up issue:

## Verification

- [x] PR description includes the DCO sign-off declaration and every
commit appears as `Verified` in GitHub
- [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or
`npm run check:diff` passed when hooks were skipped or unavailable
- [x] Targeted behavior tests pass for the current change set, or tests
are marked not applicable above — tests are not applicable for this
documentation-only change.
- [ ] Applicable broad gate passed — `npm test` for broad
runtime/test-harness changes; `npm run check` for repo-wide
validation/coverage changes — command/result: not run for this
documentation-only change.
- [x] Quality Gates section completed with required justifications or
waivers
- [x] No secrets, API keys, or credentials committed
- [ ] `npm run docs` builds without warnings (doc changes only) — 0
errors; two pre-existing Fern warnings remain.
- [x] Doc pages follow the [style
guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md)
(doc changes only)
- [ ] New doc pages include SPDX header and frontmatter (new pages only)
— no new pages.

---
Signed-off-by: Charan Jagwani <cjagwani@nvidia.com>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Documentation**
* Updated release notes with improvements to sandbox recovery,
onboarding, session management, policy validation, storage checks, and
system requirements.
  * Clarified Ollama setup instructions and status labels.
* Documented safer snapshot restoration, including dedicated ports and
protection against destructive failures.
* Expanded `backup-all` coverage to include eligible stopped sandboxes.
* Added guidance rejecting broad or catch-all network destinations in
custom policies.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Signed-off-by: Charan Jagwani <cjagwani@nvidia.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area: onboarding Onboarding FSM, provider setup, sandbox launch, or first-run flow area: sandbox OpenShell sandbox lifecycle, runtime, config, or recovery bug-fix PR fixes a bug or regression v0.0.82 Release target VDR Linked to VDR finding

Projects

None yet

Development

Successfully merging this pull request may close these issues.

nemoclaw onboard --resume fails with route reservation disappeared after interrupted onboard

4 participants