fix(plugin): tolerate empty/malformed onboard config.json

[rluo8]

Summary

1. Dockerfile:633 has always seeded /sandbox/.nemoclaw/config.json as a 0-byte file via touch — the file exists so the next line's chown sandbox:sandbox has a target.
2. nemoclaw/src/onboard/config.ts:loadOnboardConfig calls JSON.parse(readFileSync(path, "utf-8")) with no try/catch. JSON.parse("") throws SyntaxError.

Related Issue

Fixes #3884

Changes

1. Dockerfile:633 - seed valid empty object
2. nemoclaw/src/onboard/config.ts - wrap read + parse in try/catch

Type of Change

• [√ ] Code change (feature, bug fix, or refactor)
• Code change with doc updates
• Doc only (prose changes, no code sample modifications)
• Doc only (includes code sample changes)

Verification

• [ √] npx prek run --all-files passes
• [ √] npm test passes
• [ √] Tests added or updated for new or changed behavior
• [ √] No secrets, API keys, or credentials committed
• Docs updated for user-facing behavior changes
• make docs builds without warnings (doc changes only)
• Doc pages follow the style guide (doc changes only)
• New doc pages include SPDX header and frontmatter (new pages only)

---

Signed-off-by: rluo8 ruluo@nvidia.com

Summary by CodeRabbit

• Bug Fixes

  • Configuration handling now treats missing, empty, or malformed config files as "no config" instead of crashing.
  • Startup now ensures the config file contains valid JSON before runtime.

• Tests

  • Added tests verifying graceful handling of empty, whitespace-only, and invalid configuration files.

[coderabbitai]

📝 Walkthrough

Walkthrough

loadOnboardConfig() now returns null instead of throwing on unreadable or invalid JSON; tests added for empty/whitespace/malformed files; Dockerfile initializes /sandbox/.nemoclaw/config.json with {} (valid JSON).

Changes

Config Loading Resilience

Layer / File(s)	Summary
Config load error handling nemoclaw/src/onboard/config.ts	loadOnboardConfig() catches JSON parse/read errors and returns null rather than throwing.
Test coverage for invalid configs nemoclaw/src/onboard/config.test.ts	Tests import join and add cases asserting loadOnboardConfig() returns null for empty, whitespace-only, and malformed JSON files.
Docker config initialization Dockerfile	Dockerfile writes {} to /sandbox/.nemoclaw/config.json instead of creating an empty file so the config is valid JSON at startup.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels

bug

Suggested reviewers

• ericksoa
• cjagwani

Poem

🐰 A tiny config empty and bare,
Tripped the startup with SyntaxError's glare.
I wrote a brace, added a try,
Now parsers breathe easy and sigh—
Plugins awake to wholesome air.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately describes the main fix: tolerating empty or malformed onboard config.json files, which is the core change across Dockerfile, config.ts, and config.test.ts.
Linked Issues check	✅ Passed	The PR fully addresses issue #3884: (1) Dockerfile seeds valid JSON to prevent empty files; (2) config.ts wraps JSON.parse in try/catch to handle malformed content; (3) config.test.ts validates null returns for empty/invalid JSON.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to fixing the onboard config loading issue: Dockerfile initialization, config loader error handling, and corresponding tests. No unrelated changes detected.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (2)

nemoclaw/src/onboard/config.ts (1)

633-633: Verify with E2E tests.

This Dockerfile change seeds the initial config file and affects sandbox startup behavior. As per coding guidelines, changes affecting the sandbox container should be validated with real container builds.

The coding guidelines recommend running these E2E tests to confirm the fix across startup scenarios:

gh workflow run nightly-e2e.yaml --ref <branch> -f jobs=cloud-e2e,sandbox-survival-e2e,hermes-e2e,rebuild-openclaw-e2e

As per coding guidelines: "Dockerfile affects the sandbox container image. Layer ordering, permissions, and baked config changes are only testable with a real container build."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@nemoclaw/src/onboard/config.ts` at line 633, This change modifies the
Dockerfile that seeds the initial config used by the sandbox startup (affecting
sandbox container image and baked config), so validate it by running the
recommended E2E workflows: trigger the nightly-e2e.yaml with the jobs
cloud-e2e,sandbox-survival-e2e,hermes-e2e,rebuild-openclaw-e2e (use gh workflow
run nightly-e2e.yaml --ref <branch> -f
jobs=cloud-e2e,sandbox-survival-e2e,hermes-e2e,rebuild-openclaw-e2e) to ensure
sandbox startup, layer ordering, permissions and the seeded config
(onboard/config.ts related behavior) work correctly in a real container build.

Dockerfile (1)

633-634: LGTM!

Reminder: Run E2E tests for Dockerfile changes.

As per coding guidelines, Dockerfile changes affecting the sandbox container image should be validated with E2E tests. Consider running:

gh workflow run nightly-e2e.yaml --ref fix/3884-plugin-config-empty-pr -f jobs=cloud-e2e,sandbox-survival-e2e,hermes-e2e,rebuild-openclaw-e2e

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfile` around lines 633 - 634, The Dockerfile change that creates and
chowns /sandbox/.nemoclaw/config.json (the lines with "printf '%s' '{}' >
/sandbox/.nemoclaw/config.json" and "chown sandbox:sandbox
/sandbox/.nemoclaw/config.json") must be validated by running the E2E suites for
sandbox-related images; run the GitHub Actions workflow suggested (e.g. gh
workflow run nightly-e2e.yaml --ref fix/3884-plugin-config-empty-pr -f
jobs=cloud-e2e,sandbox-survival-e2e,hermes-e2e,rebuild-openclaw-e2e) and verify
sandbox survival and cloud e2e results before merging.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@Dockerfile`:
- Around line 633-634: The Dockerfile change that creates and chowns
/sandbox/.nemoclaw/config.json (the lines with "printf '%s' '{}' >
/sandbox/.nemoclaw/config.json" and "chown sandbox:sandbox
/sandbox/.nemoclaw/config.json") must be validated by running the E2E suites for
sandbox-related images; run the GitHub Actions workflow suggested (e.g. gh
workflow run nightly-e2e.yaml --ref fix/3884-plugin-config-empty-pr -f
jobs=cloud-e2e,sandbox-survival-e2e,hermes-e2e,rebuild-openclaw-e2e) and verify
sandbox survival and cloud e2e results before merging.

In `@nemoclaw/src/onboard/config.ts`:
- Line 633: This change modifies the Dockerfile that seeds the initial config
used by the sandbox startup (affecting sandbox container image and baked
config), so validate it by running the recommended E2E workflows: trigger the
nightly-e2e.yaml with the jobs
cloud-e2e,sandbox-survival-e2e,hermes-e2e,rebuild-openclaw-e2e (use gh workflow
run nightly-e2e.yaml --ref <branch> -f
jobs=cloud-e2e,sandbox-survival-e2e,hermes-e2e,rebuild-openclaw-e2e) to ensure
sandbox startup, layer ordering, permissions and the seeded config
(onboard/config.ts related behavior) work correctly in a real container build.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: b24b7214-39ec-48c4-99e7-d82e3d01ff57

📥 Commits

Reviewing files that changed from the base of the PR and between ca045a9 and 73d30f4.

📒 Files selected for processing (3)

• Dockerfile
• nemoclaw/src/onboard/config.test.ts
• nemoclaw/src/onboard/config.ts

[wscurran]

✨ Related open issues:

• #3884 [All Platforms][Sandbox] openclaw CLI fails to start — nemoclaw plugin register throws "SyntaxError: Unexpected end of JSON input"

[wscurran]

✨ Related open issues:

• #3884 [All Platforms][Sandbox] openclaw CLI fails to start — nemoclaw plugin register throws "SyntaxError: Unexpected end of JSON input"

[coderabbitai]

🧹 Nitpick comments (1)

Dockerfile (1)

655-663: Run the Dockerfile-targeted E2E suite for this layer change.

Since this modifies container runtime behavior (HEALTHCHECK) and image build logic, please run:
cloud-e2e,sandbox-survival-e2e,hermes-e2e,rebuild-openclaw-e2e via nightly-e2e.yaml before merge.

As per coding guidelines, “Dockerfile … changes are only testable with a real container build” and the recommended selective workflow is gh workflow run nightly-e2e.yaml --ref <branch> -f jobs=cloud-e2e,sandbox-survival-e2e,hermes-e2e,rebuild-openclaw-e2e.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfile` around lines 655 - 663, This change updates the Dockerfile
HEALTHCHECK logic (see HEALTHCHECK and the env vars NEMOCLAW_DASHBOARD_PORT,
OPENCLAW_GATEWAY_PORT and CHAT_UI_URL), so before merging run the
container-level E2E suites via the nightly workflow: execute gh workflow run
nightly-e2e.yaml --ref <branch> -f
jobs=cloud-e2e,sandbox-survival-e2e,hermes-e2e,rebuild-openclaw-e2e (this will
build the image and validate the HEALTHCHECK/runtime behavior); wait for those
jobs to pass and attach results to the PR before merging.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@Dockerfile`:
- Around line 655-663: This change updates the Dockerfile HEALTHCHECK logic (see
HEALTHCHECK and the env vars NEMOCLAW_DASHBOARD_PORT, OPENCLAW_GATEWAY_PORT and
CHAT_UI_URL), so before merging run the container-level E2E suites via the
nightly workflow: execute gh workflow run nightly-e2e.yaml --ref <branch> -f
jobs=cloud-e2e,sandbox-survival-e2e,hermes-e2e,rebuild-openclaw-e2e (this will
build the image and validate the HEALTHCHECK/runtime behavior); wait for those
jobs to pass and attach results to the PR before merging.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: d7a97670-464b-4e52-9d75-efcc108221ae

📥 Commits

Reviewing files that changed from the base of the PR and between 73d30f4 and 65bebed.

📒 Files selected for processing (1)

• Dockerfile