fix(onboard): detect Windows-host Ollama via process probe

[laitingsheng]

Summary

On WSL2, hasWindowsOllama was determined solely by running powershell.exe Get-Command ollama.exe, which only returns a path when ollama.exe is on the calling user's PATH. Service-style installs (and any installer that does not update the user PATH) leave the binary undiscoverable by Get-Command even while the Windows-host Ollama daemon is running on 127.0.0.1:11434.

In that state, the inference menu offered "Install Ollama on Windows host (recommended)" instead of the "Restart Ollama on Windows host with 0.0.0.0 binding" variant that the bug report and the WSL2 Ollama test expect.

Fall back to a Get-Process ollama probe when Get-Command returns empty: a live ollama process is sufficient proof of installation. The existing winOllamaLoopbackOnly block already uses Get-Process for the PID and Get-NetTCPConnection for the listen address, so once hasWindowsOllama is true the loopback-only menu variant fires correctly.

Related Issue

Fixes #3949

Changes

• src/lib/onboard.ts:6090: when Get-Command ollama.exe returns empty, fall back to Get-Process ollama and treat a live PID as proof of installation. Bracketed by if (isWsl()) as before.
• test/onboard-selection.test.ts: new regression test "detects Windows-host Ollama via running process when not on the user PATH ([NemoClaw][Inference][WSL2][Ollama] Inference menu never shows "Restart Ollama on Windows host with 0.0.0.0 binding" variant under documented preconditions #3949)" — sets up the bug's exact probe state (Get-Command empty, Get-Process returns a PID, NetTCPConnection on 127.0.0.1, host.docker.internal unreachable) and asserts NEMOCLAW_PROVIDER=start-windows-ollama is satisfied and setupWindowsOllamaWith0000Binding is invoked exactly once.

Type of Change

• Code change (feature, bug fix, or refactor)
• Code change with doc updates
• Doc only (prose changes, no code sample modifications)
• Doc only (includes code sample changes)

Verification

• npx prek run --all-files passes
• npm test passes
• Tests added or updated for new or changed behavior
• No secrets, API keys, or credentials committed
• Docs updated for user-facing behavior changes
• make docs builds without warnings (doc changes only)
• Doc pages follow the style guide (doc changes only)
• New doc pages include SPDX header and frontmatter (new pages only)

---

Signed-off-by: Tinson Lai tinsonl@nvidia.com

Summary by CodeRabbit

• Bug Fixes

  • Improved Windows onboarding: the setup now reliably detects Ollama even if it’s not on PATH (falls back to a running process) and uses the discovered executable path to drive start/restart logic.
  • UI now correctly offers "Start Windows Ollama" and distinguishes loopback-only restarts vs fresh starts.

• Tests

  • Added tests covering the detection fallback and Windows start flow.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 9c521315-f7e2-4390-99bd-36496f92611b

📥 Commits

Reviewing files that changed from the base of the PR and between a0f9870 and 41752fe.

📒 Files selected for processing (3)

• src/lib/onboard.ts
• src/lib/onboard/windows-host-ollama.ts
• test/onboard-selection.test.ts

---

📝 Walkthrough

Walkthrough

Replaces inline WSL PowerShell probing with a new detectWindowsHostOllama() that checks PATH then falls back to a running ollama process and loopback binding; onboarding consumes its {installed, installedPath, loopbackOnly} result and tests cover both PATH and process-based detection.

Changes

Windows Ollama Fallback Detection

Layer / File(s)	Summary
Detection module and types src/lib/onboard/windows-host-ollama.ts	Adds WindowsHostOllamaState and detectWindowsHostOllama() which probes Get-Command, falls back to Get-Process for Path, and parses Get-NetTCPConnection on port 11434 to compute loopbackOnly.
Onboard integration and wiring src/lib/onboard.ts	Imports detectWindowsHostOllama, replaces previous inline PowerShell checks in setupNim, and passes the detected installedPath into setupWindowsOllamaWith0000Binding.
Tests: strengthen existing + new process-fallback test test/onboard-selection.test.ts	Tightens prior assertion to include recovered installedPath and adds a new test that mocks Get-Command failure and Get-Process success, verifying setupNim selects ollama-local and calls setupWindowsOllamaWith0000Binding with announceStop: true and the recovered installedPath.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• NVIDIA/NemoClaw#3824: touches related Windows-host Ollama onboarding/provider resolution changes and may overlap provider routing logic.

Suggested labels

fix, Provider: Ollama, Platform: Windows/WSL

Suggested reviewers

• jyaunches
• ericksoa

Poem

🐰 I sniff PATH paths in morning light,
If ollama hides, I peek at process sight,
From WSL burrow I listen for the bell,
Recovered exe, onboarding can tell,
Hooray — no needless install tonight! 🥕

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding process-based fallback detection for Windows-host Ollama when PATH-based detection fails.
Linked Issues check	✅ Passed	All code objectives from issue #3949 are met: process probe fallback, loopback-only detection, installedPath threading, and regression test coverage.
Out of Scope Changes check	✅ Passed	All changes are directly aligned with the PR objectives and issue #3949 requirements; no unrelated modifications detected.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/wsl2-windows-ollama-detection-3949

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint skipped: no ESLint configuration detected in root package.json. To enable, add eslint to devDependencies.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

E2E Advisor Recommendation

Required E2E: wsl-e2e, gpu-e2e
Optional E2E: gpu-double-onboard-e2e, gpu-repo-local-ollama-openclaw

Auto-dispatched E2E: gpu-e2e via nightly-e2e.yaml at 41752feb515ebe0a64562773568a22a019798c2d — nightly run

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: medium

Required E2E

• wsl-e2e (high): Closest existing real platform coverage for the touched WSL-only code path. It builds and runs NemoClaw inside Ubuntu WSL on a Windows runner and validates the onboarding flow still works in the WSL environment where powershell.exe probing and host/WSL boundary behavior matter.
• gpu-e2e (high): Exercises the real local Ollama onboard path end-to-end: install Ollama, run non-interactive onboard with NEMOCLAW_PROVIDER=ollama, create the sandbox, and verify local inference through the sandbox. This is the existing E2E most likely to catch regressions in setupNim's Ollama provider selection and model-validation flow outside the Windows-host branch.

Optional E2E

• gpu-double-onboard-e2e (high): Adjacent confidence for local Ollama lifecycle and proxy state across repeated onboarding. The PR does not directly modify token persistence, but it changes Ollama selection/start semantics in setupNim, so this can catch second-run regressions if GPU capacity is available.
• gpu-repo-local-ollama-openclaw (high): Scenario-runner equivalent coverage for the migrated local Ollama OpenClaw path, including local-ollama-inference and ollama-proxy suites. Useful as an alternative or additional check to legacy gpu-e2e when scenario-based E2E is preferred.

New E2E recommendations

• wsl-windows-host-ollama-lifecycle (high): No existing E2E appears to run the actual Windows-host Ollama path from WSL. wsl-e2e uses cloud onboarding, while gpu-e2e covers Linux-local Ollama. The specific regression fixed here requires a Windows-host ollama.exe that is not on the WSL user's Windows PATH, a running process whose executable path can be recovered, and a loopback-only listener that must be restarted with OLLAMA_HOST=0.0.0.0:11434.
  • Suggested test: Add a WSL scenario/E2E for Windows-host Ollama process-path fallback: on windows-latest install or mock a Windows-host ollama.exe service not discoverable by Get-Command, expose a loopback-only 11434 listener, run NEMOCLAW_PROVIDER=start-windows-ollama nemoclaw onboard --non-interactive --yes from WSL, assert the restart uses the recovered executable path, and verify host.docker.internal Ollama inference through the sandbox.

[github-actions]

PR Review Advisor

Recommendation: blocked
Confidence: high
Analyzed HEAD: 41752feb515ebe0a64562773568a22a019798c2d
Findings: 2 blocker(s), 3 warning(s), 0 suggestion(s)

This is an automated advisory review. A human maintainer must make the final merge decision.

Limitations: Review is based on trusted PR metadata, linked issue content, provided diff, and read-only repository inspection; no scripts, tests, package-manager commands, or network operations were executed.; Issue #3949 has no issue comments in the provided context; acceptance coverage maps the issue body clauses only.; CI and E2E results were still pending for the current head SHA at the time of review.; The E2E Advisor comment was found, but the required wsl-e2e job had not passed for 41752fe.; Interactive menu label rendering was inferred from setupNim state and existing label logic; the added test exercises non-interactive provider selection rather than asserting the literal menu output.

Workflow run

Full advisor summary

PR Review Advisor

Base: origin/main
Head: HEAD
Analyzed SHA: 41752feb515ebe0a64562773568a22a019798c2d
Recommendation: blocked
Confidence: high

The code change is narrowly scoped and improves the WSL Windows-host Ollama detection path, but merge is blocked by pending CI, BLOCKED merge state, and required WSL E2E not yet passed for the current head SHA.

Gate status

• CI: pending — GraphQL status rollup for 41752fe shows pending/in-progress/queued contexts including cli-parity, E2E recommendation, wsl-e2e, macos-e2e, PR review advisor, CodeQL, unit-vitest-linux, checks, ShellCheck SARIF, build-sandbox-images, build-sandbox-images-arm64, and CodeRabbit. Completed contexts include onboard-entrypoint-budget=SUCCESS.
• Mergeability: fail — GitHub reports mergeStateStatus=BLOCKED and REST mergeable_state=blocked for PR fix(onboard): detect Windows-host Ollama via process probe #3969 at head SHA 41752fe.
• Review threads: pass — GraphQL reports 1 review thread and it is resolved; CodeRabbit comment says addressed in commit 41752fe.
• Risky code tested: warning — Risky area detected: onboarding/host glue. A focused regression test was added, but WSL/Windows-host runtime behavior still needs E2E confirmation.

🔴 Blockers

• Required CI has not completed for the current head SHA: The latest trusted status rollup for 41752fe still has pending, queued, or in-progress checks, including the WSL E2E job required for this host-glue change.
  • Recommendation: Wait for all required CI contexts to complete successfully for 41752fe before considering merge readiness.
  • Evidence: Status rollup nodes include E2E recommendation=IN_PROGRESS, wsl-e2e=IN_PROGRESS, unit-vitest-linux=QUEUED, checks=IN_PROGRESS, CodeQL jobs=IN_PROGRESS, build-sandbox-images=QUEUED, and CodeRabbit=PENDING.
• PR merge state is blocked: GitHub currently marks the PR as blocked even though the REST payload says mergeable=true.
  • Recommendation: Resolve branch protection requirements, required reviews, and pending status checks until GitHub no longer reports mergeStateStatus=BLOCKED.
  • Evidence: GraphQL mergeStateStatus=BLOCKED; REST mergeable_state=blocked.

🟡 Warnings

• WSL host-glue change needs required E2E confirmation (src/lib/onboard.ts:6049): The change affects WSL-to-Windows host Ollama detection, provider-menu availability, and the path that can restart/rebind a Windows-host Ollama daemon. The added unit test mocks PowerShell, curl, DNS/reachability, and the Windows setup helper, so it cannot prove real WSL PowerShell invocation, Windows service visibility, TCP listener detection, host.docker.internal behavior, or successful restart/rebind behavior.
  • Recommendation: Confirm the E2E Advisor recommendation and require wsl-e2e to pass for 41752fe. Consider adding the suggested WSL Windows-host Ollama scenario in follow-up coverage.
  • Evidence: E2E Advisor required wsl-e2e; GraphQL status rollup shows wsl-e2e is IN_PROGRESS for the head SHA. The added test in test/onboard-selection.test.ts stubs runner.runCapture, platform.isWsl, and windows.setupWindowsOllamaWith0000Binding.
• Active overlapping onboard work increases semantic-drift risk (src/lib/onboard.ts:6052): The patch applies to code that still exists and the inline probe was extracted to src/lib/onboard/windows-host-ollama.ts, but there is substantial concurrent PR activity touching src/lib/onboard.ts and test/onboard-selection.test.ts. This can affect provider selection, onboarding step behavior, and host routing semantics after rebases.
  • Recommendation: Before merge, re-check this branch against active onboard PRs and re-run unit/E2E coverage after any rebase.
  • Evidence: Trusted overlap list includes PRs fix(onboard): honor navigation at credential prompts #3865, fix(onboard): make step 3 banner provider-agnostic #3966, fix: allow provider override in non-interactive installs #2083, feat(cli): add resource profiles to nemoclaw onboard and nemoclaw resources command #3348, fix(onboard): early-validate NEMOCLAW_POLICY_TIER before preflight (#3741) #3788, fix(onboard): reject host.docker.internal inference URLs #3804, refactor(cli): route onboard step boundaries through runtime #3864, refactor(cli): extract onboard preflight handler #3868, refactor(cli): extract onboard gateway handler #3870, refactor(cli): extract provider inference handlers #3871, refactor(cli): extract onboard sandbox handler #3872, refactor(cli): extract onboard agent setup handler #3873, refactor(cli): extract onboard policies handler #3874, refactor(cli): extract onboard finalization handler #3876, refactor(cli): route agent setup session writes through context #3879, refactor(cli): emit resume skip repair events #3882, refactor(cli): route final machine transitions #3883, fix(rebuild): reuse OpenShell gateway credential when host env is empty #3918, refactor(cli): reduce onboard shell implementation #3919, chore: upgrade agent runtime dependencies #3925, and fix(onboard): reject Jetson sandbox GPU passthrough #3965 touching the same onboard files.
• Reachability of Windows-host 0.0.0.0 rebinding path remains security-sensitive (src/lib/onboard.ts:6985): The PR intentionally makes the restart/rebind option reachable for service-style Windows Ollama installs by recovering the executable path and passing it to setupWindowsOllamaWith0000Binding. Binding Ollama to 0.0.0.0 is a local-network exposure change and remains sensitive even though the prompt and existing warnings are preserved.
  • Recommendation: Ensure the exposure warning remains visible in interactive flows and confirm runtime E2E behavior with WSL networking. Maintainers should consciously accept the network exposure tradeoff for this intended fix.
  • Evidence: src/lib/onboard.ts passes installedPath into setupWindowsOllamaWith0000Binding for start/restart paths; src/lib/inference/ollama/windows.ts persists OLLAMA_HOST and restarts Ollama. No new auth or network restriction is added by this PR.

🔵 Suggestions

• None.

Acceptance coverage

• met — When running nemoclaw onboard inside WSL2 with Ollama running on the Windows host at 127.0.0.1:11434 and unreachable from WSL, the inference menu never shows the expected "Restart Ollama on Windows host with 0.0.0.0 binding" variant.: src/lib/onboard/windows-host-ollama.ts adds detectWindowsHostOllama(), which falls back from Get-Command to Get-Process Path and checks Get-NetTCPConnection for 127.0.0.1-only listeners. The new test mocks Get-Command empty, Get-Process Path/Id present, Get-NetTCPConnection=127.0.0.1, and host.docker.internal unreachable, then exercises NEMOCLAW_PROVIDER=start-windows-ollama.
• met — Instead it shows Local Ollama (WSL:11434) — running plus Install Ollama on Windows host (recommended), contradicting the WSL2 Ollama test's expectations.: The new regression test makes installOllamaOnWindowsHost throw if called and asserts setupWindowsOllamaWith0000Binding is invoked once with announceStop:true and the recovered installedPath, preventing the previous erroneous install path under the mocked issue state.
• met — Component area: Install / Onboard / Inference.: The diff changes setupNim in src/lib/onboard.ts, adds src/lib/onboard/windows-host-ollama.ts, and updates test/onboard-selection.test.ts for inference provider selection.
• unknown — Host OS: Windows 11: The unit test mocks WSL and PowerShell outputs; no trusted Windows 11 runtime result is available for head SHA 41752fe.
• unknown — WSL2 distro: Ubuntu 22.04 / 24.04: platform.isWsl is mocked in the regression test. The required wsl-e2e job is in progress and has not passed for the current head SHA.
• unknown — CPU arch: x86_64: No trusted test or CI evidence confirms execution on x86_64 for the reported environment.
• unknown — GPU: NVIDIA GeForce RTX 5070: The change does not directly exercise GPU behavior, and no GPU/WSL E2E result is available for the current head SHA.
• unknown — Docker: Docker CE; WSL Ubuntu uses Docker Desktop engine: The regression test does not execute against Docker Desktop or real WSL networking; required WSL E2E is not yet passed.
• partial — nemoclaw (in WSL): v0.0.46: The source patch targets current HEAD rather than the released v0.0.46 environment. The mocked test covers the reported code path at source level.
• unknown — openshell (in WSL): 0.0.39: No OpenShell runtime is exercised by the added test.
• partial — Ollama: installed on Windows host, running as Windows service,
  bound to 127.0.0.1:11434 only (default Windows install): The regression test mocks the service-style signature: Get-Command empty, Get-Process Path/Id present, and Get-NetTCPConnection returning 127.0.0.1. It does not verify a real Windows service.
• partial — 1. Confirm Ollama is running on Windows host, bound to loopback only. In Windows PowerShell:: src/lib/onboard/windows-host-ollama.ts probes Get-Process and Get-NetTCPConnection; the test mocks PID 7652 and 127.0.0.1 listener. No real PowerShell command is executed.
• partial — 2. NemoClaw CLI installed inside WSL Ubuntu, not yet onboarded:: The test launches built dist modules in a temporary HOME and non-interactive environment, approximating clean onboarding, but does not run a real installed CLI inside WSL Ubuntu.
• partial — 3. No prior NemoClaw onboarding in this WSL instance.: The test uses a temporary HOME and resets the Ollama host cache, approximating a clean state.
• partial — 4. From WSL, host.docker.internal does not resolve by default:: The test returns empty output for api/tags before setup, representing host.docker.internal being unreachable. It does not prove real DNS-resolution failure.
• partial — This satisfies the spirit of "curl host.docker.internal must fail" — WSL cannot access Windows Ollama (failure is DNS resolution, not ECONNREFUSED).: The mocked pre-setup api/tags probe fails, but the test does not distinguish DNS failure from connection failure.
• unknown — 5. Inside WSL Ubuntu, run:: No real nemoclaw onboard WSL execution result is present for head SHA 41752fe.
• partial — 6. Observe the preflight and inference menu output at step [3/8] Configuring inference (NIM).: The test directly invokes setupNim, which implements step 3 inference configuration, but it does not run the full CLI preflight and menu flow.
• partial — Under documented WSL2 + Windows-Ollama-loopback conditions, the inference menu should:: The non-interactive test verifies provider availability and setup invocation under mocked conditions, but it does not assert the rendered interactive menu list.
• partial — - Include a rebinding variant, e.g.:: The test proves the start-windows-ollama option is satisfiable and invokes setupWindowsOllamaWith0000Binding. It does not assert the visible label text Restart Ollama on Windows host with 0.0.0.0 binding.

Security review

• pass — 1. Secrets and Credentials: No hardcoded secrets, tokens, passwords, PEM files, credential JSON, or .env files were added. The tests use temporary HOME directories and mocked credential prompts.
• pass — 2. Input Validation and Data Sanitization: The new PowerShell probes are static strings with no user-controlled interpolation. The test embeds file paths via JSON.stringify. No unsafe deserialization, eval, shell interpolation of user input, path traversal, SSRF validation bypass, or command injection path was found in the diff.
• pass — 3. Authentication and Authorization: No authentication or authorization boundary is modified. The change only affects local onboarding detection and selection for Windows-host Ollama under WSL.
• pass — 4. Dependencies and Third-Party Libraries: No new dependencies, dependency version changes, registries, installers, or package-manager configuration changes were introduced.
• pass — 5. Error Handling and Logging: The new probes use ignoreError:true and return conservative false/empty states on failure. The code does not log recovered PIDs, executable paths, credentials, or sensitive values in normal detection.
• pass — 6. Cryptography and Data Protection: Not applicable — no cryptographic operations, encryption, hashing, or data protection mechanisms are changed.
• warning — 7. Configuration and Security Headers: The change makes the existing Windows-host 0.0.0.0 rebinding flow reachable for service-style installs. That is intended by the issue, but exposing Ollama on all interfaces is security-sensitive and should remain paired with clear exposure warnings and runtime validation. No HTTP security headers or container image configuration changed.
• warning — 8. Security Testing: A focused mocked regression test covers Get-Command miss, Get-Process Path/Id hit, loopback-only listener state, and non-interactive provider satisfaction. However, the WSL/Windows host boundary, PowerShell behavior, host.docker.internal reachability, and network exposure path still need required E2E confirmation for the current head SHA.
• warning — 9. Holistic Security Posture: No direct sandbox escape, SSRF bypass, policy bypass, credential leakage, blueprint tampering, installer trust regression, or workflow trusted-code-boundary issue was found. The change is still runtime host glue that alters when a network rebinding helper is offered, so pending E2E and human review are important.

Test / E2E status

• Test depth: e2e_required — The added unit/regression test is useful and targets the reported mocked state, but runtime/sandbox/infrastructure paths in src/lib/onboard.ts and src/lib/onboard/windows-host-ollama.ts require real execution coverage. It cannot prove real WSL PowerShell invocation, Windows service process path visibility, host.docker.internal DNS/routing behavior, TCP listener detection, or actual restart/rebind outcome.
• E2E Advisor: missing
• Required E2E jobs: wsl-e2e
• Missing for analyzed SHA: wsl-e2e

✅ What looks good

• The patch targets code that still exists and is narrowly scoped to WSL Windows-host Ollama detection plus focused regression coverage.
• The CodeRabbit budget concern was addressed by extracting the probe into src/lib/onboard/windows-host-ollama.ts; onboard.ts is net-negative in the trusted monolith delta.
• The new helper uses static PowerShell commands and only reports installed=true when it can recover a usable executable path, reducing the risk of killing a daemon that cannot be relaunched.
• The regression test models the reported service-style install condition where Get-Command misses but Get-Process can observe the running daemon.
• The updated start/restart path threads the verified installedPath into setupWindowsOllamaWith0000Binding, avoiding reliance on a broken Windows PATH.

Review completeness

• Review is based on trusted PR metadata, linked issue content, provided diff, and read-only repository inspection; no scripts, tests, package-manager commands, or network operations were executed.
• Issue [NemoClaw][Inference][WSL2][Ollama] Inference menu never shows "Restart Ollama on Windows host with 0.0.0.0 binding" variant under documented preconditions #3949 has no issue comments in the provided context; acceptance coverage maps the issue body clauses only.
• CI and E2E results were still pending for the current head SHA at the time of review.
• The E2E Advisor comment was found, but the required wsl-e2e job had not passed for 41752fe.
• Interactive menu label rendering was inferred from setupNim state and existing label logic; the added test exercises non-interactive provider selection rather than asserting the literal menu output.
• Human maintainer review required: yes

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/lib/onboard.ts`:
- Around line 6100-6117: The new fallback probe that sets hasWindowsOllama using
runCapture and winOllamaPid should be extracted into a small helper function
(e.g., isWindowsOllamaRunning or probeWindowsOllama) placed under
src/lib/onboard/; replace the inline block in onboard.ts (the else branch that
calls runCapture and computes hasWindowsOllama) with a call to that helper so
onboard.ts has no net line growth. Ensure the helper exports a boolean-returning
function that performs the powershell Get-Process call (using runCapture) and is
imported/used by the existing code to assign hasWindowsOllama.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 7c204475-e79b-41fe-8af6-1af18325ca11

📥 Commits

Reviewing files that changed from the base of the PR and between cfa817b and a0f9870.

📒 Files selected for processing (2)

• src/lib/onboard.ts
• test/onboard-selection.test.ts

[github-actions]

Selective E2E Results — ⚠️ No requested jobs ran

Run: 26208178751
Target ref: 41752feb515ebe0a64562773568a22a019798c2d
Workflow ref: main
Requested jobs: gpu-e2e
Summary: 0 passed, 0 failed, 1 skipped

Job	Result
gpu-e2e	⏭️ skipped