fix(scripts): enforce config integrity check in non-root mode

[latenighthackathon]

Summary

In non-root mode, verify_config_integrity() failure was logged as a warning but execution continued, allowing a tampered openclaw.json to be loaded. The root path already treats this as fatal. Now consistent: exit 1 on failure in both modes.

Related Issue

Closes #1013

Changes

• Changed non-root integrity failure from warning to fatal exit 1
• Message updated to match severity: '[SECURITY] ... refusing to start'
• Root path behavior unchanged (already fatal via set -euo pipefail)

Type of Change

• Code change for a new feature, bug fix, or refactor.
• Code change with doc updates.
• Doc only. Prose changes without code sample modifications.
• Doc only. Includes code sample changes.

Testing

• npx prek run --all-files passes (or equivalently make check).
• npm test passes.
• make docs builds without warnings. (for doc-only changes)

Checklist

General

• I have read and followed the contributing guide.

Code Changes

• Formatters applied.
• No secrets, API keys, or credentials committed.

Summary by CodeRabbit

• Security
  • Configuration integrity verification is now enforced during startup. The application will immediately refuse to start if verification fails, preventing operation with potentially corrupted configuration settings.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: e33b2794-837a-457f-b6f7-ff871f44d1a5

📥 Commits

Reviewing files that changed from the base of the PR and between 0285fb0 and 8921233.

📒 Files selected for processing (1)

• scripts/nemoclaw-start.sh

---

📝 Walkthrough

Walkthrough

The non-root execution path in scripts/nemoclaw-start.sh now treats config integrity verification failures as fatal: instead of logging a warning and continuing, the script logs a [SECURITY] message and exits with status 1.

Changes

Cohort / File(s)	Summary
Config Integrity Enforcement scripts/nemoclaw-start.sh	Changed non-root config integrity handling: on SHA256 verification failure the script now emits a [SECURITY] message and exit 1 instead of logging a warning and proceeding.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 From a rabbit's burrow, short and bright:
When hashes break and warnings fail,
I thump my foot and raise the rail.
No sly start with tampered art —
We close the door and guard the heart. 🥕🔒

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: enforcing the config integrity check in non-root mode by making it fatal rather than a warning.
Linked Issues check	✅ Passed	The PR fully addresses issue #1013 by making the config integrity check fatal in non-root mode, changing from a warning to a security exit, ensuring consistent behavior across all execution modes.
Out of Scope Changes check	✅ Passed	All changes are focused on the stated objective; the modification is limited to the non-root path in nemoclaw-start.sh and directly addresses the security gap identified in issue #1013.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

scripts/nemoclaw-start.sh (1)

326-329: Root path behavior remains correct and consistent.

The root path relies on set -euo pipefail to make verify_config_integrity fatal, which works correctly. Both execution paths now consistently refuse to start on integrity failures.

Operational note: Per the relevant code snippets, some callers (bin/lib/onboard.js, scripts/telegram-bridge.js, scripts/walkthrough.sh) may not properly propagate the exit code when invoking nemoclaw-start outside the ENTRYPOINT context (e.g., via SSH, tmux, or openshell sandbox create). While this script now correctly exits with status 1 on integrity failure, the callers may silently ignore it. Consider auditing those call sites to ensure security failures are surfaced to users.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@scripts/nemoclaw-start.sh` around lines 326 - 329, The script now correctly
exits with non-zero on verify_config_integrity failures, but some callers
(bin/lib/onboard.js, scripts/telegram-bridge.js, scripts/walkthrough.sh) may not
propagate that exit code; audit those call sites and ensure they detect and
forward the child process exit status (e.g., check spawn/exec return codes or
use synchronous/awaited execution and process.exit(retcode) when invoking
nemoclaw-start) so integrity failures are not silently ignored.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@scripts/nemoclaw-start.sh`:
- Around line 326-329: The script now correctly exits with non-zero on
verify_config_integrity failures, but some callers (bin/lib/onboard.js,
scripts/telegram-bridge.js, scripts/walkthrough.sh) may not propagate that exit
code; audit those call sites and ensure they detect and forward the child
process exit status (e.g., check spawn/exec return codes or use
synchronous/awaited execution and process.exit(retcode) when invoking
nemoclaw-start) so integrity failures are not silently ignored.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 8b745840-0871-4fb6-a7ee-a98c7aaed0f3

📥 Commits

Reviewing files that changed from the base of the PR and between eb4ba8c and 0285fb0.

📒 Files selected for processing (1)

• scripts/nemoclaw-start.sh

[latenighthackathon]

Caller audit (addressing CodeRabbit review suggestion)

Audited the three call sites that invoke nemoclaw-start outside the Docker ENTRYPOINT context:

1. bin/lib/onboard.js:1813 — passes nemoclaw-start as the command to openshell sandbox create. Exit status is checked at line 1825 (createResult.status !== 0) and surfaced to the user. ✅ Already propagates.

2. scripts/telegram-bridge.js:108 — invokes nemoclaw-start openclaw agent ... via SSH. The close event handler at line 121 captures the exit code, and line 144 surfaces non-zero exits with stderr output (which would include the [SECURITY] message). ✅ Already propagates.

3. scripts/walkthrough.sh:91 — runs nemoclaw-start inside an interactive tmux split via openshell sandbox connect. The exit code is visible to the operator in the terminal. ✅ Visible by design.

Conclusion: All callers already propagate or surface the exit code. No code changes needed.