fix: parameterize sandbox name in setup.sh instead of hardcoding

[ericksoa]

Closes #197.

Summary

• setup.sh accepts sandbox name as $1 (default: nemoclaw)
• All sandbox operations (create, delete, get, list grep) use $SANDBOX_NAME
• Gateway name stays hardcoded to nemoclaw (gateway and sandbox names are independent)
• nemoclaw setup (legacy command) passes the default sandbox name from the registry
• 7 regression tests verify parameterization and that gateway name stays hardcoded

Problem

The onboard wizard lets users choose a custom sandbox name stored in ~/.nemoclaw/sandboxes.json, but setup.sh hardcoded --name nemoclaw everywhere. This created a split-brain: NemoClaw's registry had the custom name, OpenShell had "nemoclaw", and every subsequent command (connect, policy, bridge) failed with "sandbox not found."

Test plan

• 71/71 unit tests pass (64 existing + 7 new)
• Custom name: bash scripts/setup.sh test-197 creates sandbox named test-197
• Default behavior: bash scripts/setup.sh creates sandbox named nemoclaw
• Gateway name stays hardcoded nemoclaw in all gateway operations
• No remaining hardcoded sandbox "nemoclaw" in sandbox operations

Summary by CodeRabbit

• New Features

  • The setup process now supports configurable sandbox names based on registry defaults, enabling more flexible environment initialization instead of using a hardcoded naming convention.

• Tests

  • Added test suite to validate sandbox name parameterization, ensuring correct default behavior, proper argument handling, and accurate sandbox operation references.

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request parameterizes the sandbox name in the setup process. The main entry point now extracts the default sandbox name from the registry and passes it to setup.sh if it matches a valid format. The setup script then accepts this as a parameter and uses it instead of a hardcoded "nemoclaw" value throughout sandbox operations.

Changes

Cohort / File(s)	Summary
Setup Entry Point bin/nemoclaw.js	Modified setup() to compute and conditionally pass a validated sandbox name from the registry's defaultSandbox to setup.sh via regex validation.
Setup Script Parameterization scripts/setup.sh	Introduces SANDBOX_NAME parameter (defaults to "nemoclaw") and replaces hardcoded "nemoclaw" references with $SANDBOX_NAME across sandbox creation, deletion, status checks, and readiness verification.
Test Coverage test/setup-sandbox-name.test.js	New test suite validating sandbox name parameterization, covering default behavior, argument passing, dynamic sandbox operations, and gateway name consistency.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 A custom sandbox name at last!
No more hardcoded "nemoclaw" cast,
The wizard and setup now align,
With tests to keep the behavior fine. 🌿

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: parameterizing the sandbox name in setup.sh instead of hardcoding it, which directly addresses the core problem.
Linked Issues check	✅ Passed	The PR fully addresses issue #197 by parameterizing sandbox name in setup.sh with a default of 'nemoclaw' and passing it from bin/nemoclaw.js, solving the split-brain problem.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to fixing the hardcoded sandbox name issue; no unrelated modifications were introduced.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/issue-197-setup-sandbox-name

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@bin/nemoclaw.js`:
- Around line 50-52: The current validation for defaultSandbox in the
bin/nemoclaw.js block uses /^[a-z0-9][a-z0-9-]*[a-z0-9]$/ which rejects
single-character names and is inconsistent with onboarding; change the check
that assigns safeName (the expression using registry.listSandboxes() and the
regex) to use the same pattern as onboarding (/^[a-z0-9]([a-z0-9-]*[a-z0-9])?$/)
so single-character lowercase alphanumeric sandboxes are accepted, keeping the
rest of the call to run(`bash "${SCRIPTS}/setup.sh" ${safeName}`) unchanged.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: e4414f5c-c116-4598-9aab-028c3ed29e7c

📥 Commits

Reviewing files that changed from the base of the PR and between 054b921 and 55cb789.

📒 Files selected for processing (3)

• bin/nemoclaw.js
• scripts/setup.sh
• test/setup-sandbox-name.test.js

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Find sandbox naming patterns in tests and config to assess impact

# Check test fixtures for sandbox names
rg -n "sandbox.*name|defaultSandbox" --type=js -C2

# Check if single-char sandbox names are used anywhere
rg -nP '"[a-z]".*sandbox|sandbox.*"[a-z]"' --type=js

Repository: NVIDIA/NemoClaw

Length of output: 13252

---

Regex validation differs from other functions and inconsistently rejects single-char names.

The regex /^[a-z0-9][a-z0-9-]*[a-z0-9]$/ requires at least 2 characters, but users can create single-character sandbox names during onboarding (see bin/lib/onboard.js line 254, which uses /^[a-z0-9]([a-z0-9-]*[a-z0-9])?$/). Additionally, start() at line 148 uses /^[a-zA-Z0-9._-]+$/, allowing uppercase, dots, and underscores—creating inconsistent behavior across the CLI.

A single-character name like "a" would silently fall back to an empty string during setup, whereas it would have passed validation during sandbox creation.

♻️ Suggested fix: Align with onboard validation

-  const safeName = defaultSandbox && /^[a-z0-9][a-z0-9-]*[a-z0-9]$/.test(defaultSandbox) ? defaultSandbox : "";
+  const safeName = defaultSandbox && /^[a-z0-9]([a-z0-9-]*[a-z0-9])?$/.test(defaultSandbox) ? defaultSandbox : "";

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const { defaultSandbox } = registry.listSandboxes();
	const safeName = defaultSandbox && /^[a-z0-9][a-z0-9-]*[a-z0-9]$/.test(defaultSandbox) ? defaultSandbox : "";
	run(`bash "${SCRIPTS}/setup.sh" ${safeName}`);
	const { defaultSandbox } = registry.listSandboxes();
	const safeName = defaultSandbox && /^[a-z0-9]([a-z0-9-]*[a-z0-9])?$/.test(defaultSandbox) ? defaultSandbox : "";
	run(`bash "${SCRIPTS}/setup.sh" ${safeName}`);

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@bin/nemoclaw.js` around lines 50 - 52, The current validation for
defaultSandbox in the bin/nemoclaw.js block uses /^[a-z0-9][a-z0-9-]*[a-z0-9]$/
which rejects single-character names and is inconsistent with onboarding; change
the check that assigns safeName (the expression using registry.listSandboxes()
and the regex) to use the same pattern as onboarding
(/^[a-z0-9]([a-z0-9-]*[a-z0-9])?$/) so single-character lowercase alphanumeric
sandboxes are accepted, keeping the rest of the call to run(`bash
"${SCRIPTS}/setup.sh" ${safeName}`) unchanged.

[jacobtomlinson]

Verified