feat(onboard): use OpenShell Docker GPU sandboxes (#3001)

## Summary
- route Linux onboarding through the OpenShell Docker-driver gateway
instead of the legacy k3s bootstrap path
- add sandbox GPU env/CLI controls, Docker/NVIDIA CDI preflight, GPU
metadata, and direct-GPU policy/proof checks
- update the GPU e2e path to prove direct sandbox GPU access with
`nvidia-smi`, `/proc` comm write, and `cuInit(0)`

## Tests
- `bash -n scripts/install-openshell.sh && bash -n
test/e2e/test-gpu-e2e.sh`
- `npm run build:cli`
- `npm run typecheck:cli`
- `npx vitest run test/onboard.test.ts src/lib/onboard-command.test.ts
test/install-openshell-version-check.test.ts
src/lib/inventory-commands.test.ts`
- `npm run check:credential-env`
- `git diff --check`


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Sandbox GPU controls in onboarding/CLI (enable/disable + device) and
OpenShell release-channel selection (stable/dev/auto).

* **Improvements**
* Inventory/status now shows host GPU detection, sandbox GPU
enabled/mode/device, and OpenShell driver/version.
* Installer now downloads/verifies multiple OpenShell assets and reports
installed OpenShell version.
* Docker-driver support for privileged sandbox operations and gateway
lifecycle handling.
* Base-image resolution improved with GLIBC compatibility checks and
safer fallback/build behavior.

* **Tests**
* Added/updated GPU e2e checks and broad test coverage for onboarding,
CLI, provisioning, and image-resolution.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
Co-authored-by: Carlos Villela <cvillela@nvidia.com>

Author: ericksoa

.coderabbit.yaml

@@ -188,10 +188,12 @@ reviews:
         - `hermes-discord-e2e` — Hermes Discord config schema + placeholder
           isolation
         - `hermes-slack-e2e` — Hermes Slack policy + Python placeholder egress
+        - `openshell-gateway-upgrade-e2e` — stale Linux Docker-driver gateway
+          process restart after OpenShell upgrade
 
         To run selectively:
         ```
-        gh workflow run nightly-e2e.yaml --ref <branch> -f jobs=cloud-e2e,sandbox-operations-e2e,rebuild-openclaw-e2e,messaging-compatible-endpoint-e2e,hermes-discord-e2e,hermes-slack-e2e
+        gh workflow run nightly-e2e.yaml --ref <branch> -f jobs=cloud-e2e,sandbox-operations-e2e,rebuild-openclaw-e2e,messaging-compatible-endpoint-e2e,hermes-discord-e2e,hermes-slack-e2e,openshell-gateway-upgrade-e2e
         ```
 
     - path: "src/nemoclaw.ts"
@@ -425,6 +427,20 @@ reviews:
     - path: "nemoclaw-blueprint/openclaw-plugins/kimi-inference-compat/**"
       instructions: *e2e-kimi-inference-compat
 
+    - path: "test/e2e/test-openshell-gateway-upgrade.sh"
+      instructions: |
+        This script validates the old OpenShell install upgrade guard for
+        Linux Docker-driver gateway processes.
+
+        **E2E test recommendation:**
+        - `openshell-gateway-upgrade-e2e` — stale gateway process restart after
+          OpenShell upgrade
+
+        To run selectively:
+        ```
+        gh workflow run nightly-e2e.yaml --ref <branch> -f jobs=openshell-gateway-upgrade-e2e
+        ```
+
     - path: ".github/workflows/nightly-e2e.yaml"
       instructions: |
         This is the nightly E2E workflow definition. Changes here affect

.github/actions/resolve-hermes-base-image/action.yaml

@@ -10,10 +10,53 @@ runs:
     - name: Resolve Hermes sandbox base image
       shell: bash
       run: |
-        if docker pull ghcr.io/nvidia/nemoclaw/hermes-sandbox-base:latest 2>/dev/null; then
-          echo "HERMES_BASE_IMAGE=ghcr.io/nvidia/nemoclaw/hermes-sandbox-base:latest" >> "$GITHUB_ENV"
-        else
-          echo "::warning::GHCR Hermes base image not available, building locally"
-          docker build -f agents/hermes/Dockerfile.base -t nemoclaw-hermes-base-local .
-          echo "HERMES_BASE_IMAGE=nemoclaw-hermes-base-local" >> "$GITHUB_ENV"
+        set -euo pipefail
+
+        image="ghcr.io/nvidia/nemoclaw/hermes-sandbox-base"
+        min_glibc="2.39"
+
+        glibc_version() {
+          docker run --rm --entrypoint /usr/bin/ldd "$1" --version 2>/dev/null \
+            | sed -nE 's/.*GLIBC ([0-9]+\.[0-9]+).*/\1/p; s/.* ([0-9]+\.[0-9]+)$/\1/p' \
+            | head -n 1
+        }
+
+        glibc_ok() {
+          local have="$1"
+          [[ -n "$have" ]] && [[ "$(printf '%s\n%s\n' "$min_glibc" "$have" | sort -V | head -n 1)" == "$min_glibc" ]]
+        }
+
+        try_image() {
+          local ref="$1" version
+          if ! docker pull "$ref" >/dev/null 2>&1; then
+            return 1
+          fi
+          version="$(glibc_version "$ref" || true)"
+          if ! glibc_ok "$version"; then
+            echo "::warning::Hermes sandbox base image ${ref} has glibc ${version:-unknown}; need >= ${min_glibc}"
+            return 1
+          fi
+          echo "HERMES_BASE_IMAGE=${ref}" >> "$GITHUB_ENV"
+          return 0
+        }
+
+        candidates=()
+        if [[ -n "${GITHUB_SHA:-}" ]]; then
+          candidates+=("${image}:${GITHUB_SHA:0:8}" "${image}:${GITHUB_SHA:0:7}")
+        fi
+        candidates+=("${image}:latest")
+
+        for ref in "${candidates[@]}"; do
+          if try_image "$ref"; then
+            exit 0
+          fi
+        done
+
+        echo "::warning::No compatible GHCR Hermes sandbox base image found, building locally"
+        docker build -f agents/hermes/Dockerfile.base -t nemoclaw-hermes-base-local .
+        version="$(glibc_version nemoclaw-hermes-base-local || true)"
+        if ! glibc_ok "$version"; then
+          echo "::error::Local Hermes sandbox base image has glibc ${version:-unknown}; need >= ${min_glibc}"
+          exit 1
         fi
+        echo "HERMES_BASE_IMAGE=nemoclaw-hermes-base-local" >> "$GITHUB_ENV"

.github/actions/resolve-sandbox-base-image/action.yaml

@@ -10,10 +10,53 @@ runs:
     - name: Resolve sandbox base image
       shell: bash
       run: |
-        if docker pull ghcr.io/nvidia/nemoclaw/sandbox-base:latest 2>/dev/null; then
-          echo "BASE_IMAGE=ghcr.io/nvidia/nemoclaw/sandbox-base:latest" >> "$GITHUB_ENV"
-        else
-          echo "::warning::GHCR base image not available, building locally"
-          docker build -f Dockerfile.base -t nemoclaw-sandbox-base-local .
-          echo "BASE_IMAGE=nemoclaw-sandbox-base-local" >> "$GITHUB_ENV"
+        set -euo pipefail
+
+        image="ghcr.io/nvidia/nemoclaw/sandbox-base"
+        min_glibc="2.39"
+
+        glibc_version() {
+          docker run --rm --entrypoint /usr/bin/ldd "$1" --version 2>/dev/null \
+            | sed -nE 's/.*GLIBC ([0-9]+\.[0-9]+).*/\1/p; s/.* ([0-9]+\.[0-9]+)$/\1/p' \
+            | head -n 1
+        }
+
+        glibc_ok() {
+          local have="$1"
+          [[ -n "$have" ]] && [[ "$(printf '%s\n%s\n' "$min_glibc" "$have" | sort -V | head -n 1)" == "$min_glibc" ]]
+        }
+
+        try_image() {
+          local ref="$1" version
+          if ! docker pull "$ref" >/dev/null 2>&1; then
+            return 1
+          fi
+          version="$(glibc_version "$ref" || true)"
+          if ! glibc_ok "$version"; then
+            echo "::warning::Sandbox base image ${ref} has glibc ${version:-unknown}; need >= ${min_glibc}"
+            return 1
+          fi
+          echo "BASE_IMAGE=${ref}" >> "$GITHUB_ENV"
+          return 0
+        }
+
+        candidates=()
+        if [[ -n "${GITHUB_SHA:-}" ]]; then
+          candidates+=("${image}:${GITHUB_SHA:0:8}" "${image}:${GITHUB_SHA:0:7}")
+        fi
+        candidates+=("${image}:latest")
+
+        for ref in "${candidates[@]}"; do
+          if try_image "$ref"; then
+            exit 0
+          fi
+        done
+
+        echo "::warning::No compatible GHCR sandbox base image found, building locally"
+        docker build -f Dockerfile.base -t nemoclaw-sandbox-base-local .
+        version="$(glibc_version nemoclaw-sandbox-base-local || true)"
+        if ! glibc_ok "$version"; then
+          echo "::error::Local sandbox base image has glibc ${version:-unknown}; need >= ${min_glibc}"
+          exit 1
         fi
+        echo "BASE_IMAGE=nemoclaw-sandbox-base-local" >> "$GITHUB_ENV"

.github/workflows/base-image.yaml

@@ -65,10 +65,12 @@ jobs:
       - name: Extract metadata
         id: meta
         uses: docker/metadata-action@v6
+        env:
+          DOCKER_METADATA_SHORT_SHA_LENGTH: 8
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
-            type=raw,value=latest
+            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
             type=sha,prefix=,format=short
 
       - name: Validate OpenClaw version input
@@ -113,10 +115,12 @@ jobs:
       - name: Extract metadata
         id: meta
         uses: docker/metadata-action@v6
+        env:
+          DOCKER_METADATA_SHORT_SHA_LENGTH: 8
         with:
           images: ${{ env.REGISTRY }}/nvidia/nemoclaw/hermes-sandbox-base
           tags: |
-            type=raw,value=latest
+            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
             type=sha,prefix=,format=short
 
       - name: Build and push

.github/workflows/docker-pin-check.yaml

@@ -2,7 +2,7 @@
 # SPDX-License-Identifier: Apache-2.0
 #
 # Weekly check that the pinned Dockerfile base-image digest is still current.
-# Fails with an actionable message when a newer node:22-slim is available.
+# Fails with an actionable message when a newer node:22-trixie-slim is available.
 
 name: docker-pin-check
 
@@ -28,3 +28,4 @@ jobs:
         run: |
           bash scripts/update-docker-pin.sh --check
           DOCKERFILE=Dockerfile.base bash scripts/update-docker-pin.sh --check
+          DOCKERFILE=agents/hermes/Dockerfile.base bash scripts/update-docker-pin.sh --check

.github/workflows/nightly-e2e.yaml

@@ -19,6 +19,9 @@
 #                            Discord + Slack coverage with cross-talk assertions. See issue #1903.
 #   sandbox-survival-e2e     Sandbox survival across gateway restarts (onboard, inference,
 #                            gateway stop/start, verify sandbox + workspace + inference).
+#   openshell-gateway-upgrade-e2e
+#                            Validates stale Linux Docker-driver OpenShell gateway
+#                            processes are restarted after an OpenShell upgrade.
 #   hermes-e2e               Hermes Agent E2E — install → onboard --agent hermes → health
 #                            probe → live inference. Validates the multi-agent architecture.
 #   hermes-discord-e2e       Hermes Discord onboarding — validates the top-level Hermes
@@ -58,6 +61,7 @@ on:
           messaging-compatible-endpoint-e2e,
           kimi-inference-compat-e2e,
           token-rotation-e2e, sandbox-survival-e2e,
+          openshell-gateway-upgrade-e2e,
           issue-2478-crash-loop-recovery-e2e, hermes-e2e, hermes-discord-e2e,
           hermes-slack-e2e, sandbox-operations-e2e, inference-routing-e2e,
           network-policy-e2e, deployment-services-e2e, diagnostics-e2e,
@@ -1126,6 +1130,45 @@ jobs:
             /tmp/nemoclaw-e2e-upgrade-install.log
           if-no-files-found: ignore
 
+  # ── OpenShell gateway upgrade E2E ────────────────────────────
+  # Reproduces the old-install upgrade edge case for Linux Docker-driver
+  # gateways: a healthy gateway process with stale supervisor/runtime env must
+  # be restarted rather than reused after the current OpenShell install.
+  openshell-gateway-upgrade-e2e:
+    if: >-
+      github.repository == 'NVIDIA/NemoClaw' &&
+      (github.event_name != 'workflow_dispatch' ||
+       inputs.jobs == '' ||
+       contains(format(',{0},', inputs.jobs), ',openshell-gateway-upgrade-e2e,'))
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Setup Node
+        uses: actions/setup-node@v6
+        with:
+          node-version: "22"
+
+      - name: Run OpenShell gateway upgrade E2E test
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+          NEMOCLAW_NON_INTERACTIVE: "1"
+          NEMOCLAW_ACCEPT_THIRD_PARTY_SOFTWARE: "1"
+        run: bash test/e2e/test-openshell-gateway-upgrade.sh
+
+      - name: Upload gateway upgrade logs on failure
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: openshell-gateway-upgrade-logs
+          path: |
+            /tmp/nemoclaw-e2e-openshell-gateway-upgrade.log
+            /tmp/nemoclaw-e2e-openshell-gateway-start.log
+            /tmp/nemoclaw-e2e-openshell-gateway-process.log
+          if-no-files-found: ignore
+
   # ── Hermes rebuild upgrade E2E ──────────────────────────────
   # Same upgrade scenario as OpenClaw but for Hermes Agent.
   rebuild-hermes-e2e:
@@ -1209,12 +1252,14 @@ jobs:
           NVIDIA_API_KEY: ${{ secrets.NVIDIA_API_KEY }}
           NEMOCLAW_NON_INTERACTIVE: "1"
           NEMOCLAW_ACCEPT_THIRD_PARTY_SOFTWARE: "1"
+          NEMOCLAW_SANDBOX_NAME: "e2e-double-install"
         run: bash install.sh --non-interactive --yes-i-accept-third-party-software
       - name: Run double onboard E2E test
         env:
           NVIDIA_API_KEY: ${{ secrets.NVIDIA_API_KEY }}
           NEMOCLAW_NON_INTERACTIVE: "1"
           NEMOCLAW_ACCEPT_THIRD_PARTY_SOFTWARE: "1"
+          NEMOCLAW_E2E_INSTALL_SANDBOX_NAME: "e2e-double-install"
         run: |
           [ -f "$HOME/.bashrc" ] && source "$HOME/.bashrc" 2>/dev/null || true
           export NVM_DIR="${NVM_DIR:-$HOME/.nvm}"
@@ -1246,12 +1291,14 @@ jobs:
           NVIDIA_API_KEY: ${{ secrets.NVIDIA_API_KEY }}
           NEMOCLAW_NON_INTERACTIVE: "1"
           NEMOCLAW_ACCEPT_THIRD_PARTY_SOFTWARE: "1"
+          NEMOCLAW_SANDBOX_NAME: "e2e-repair-install"
         run: bash install.sh --non-interactive --yes-i-accept-third-party-software
       - name: Run onboard repair E2E test
         env:
           NVIDIA_API_KEY: ${{ secrets.NVIDIA_API_KEY }}
           NEMOCLAW_NON_INTERACTIVE: "1"
           NEMOCLAW_ACCEPT_THIRD_PARTY_SOFTWARE: "1"
+          NEMOCLAW_E2E_INSTALL_SANDBOX_NAME: "e2e-repair-install"
         run: |
           [ -f "$HOME/.bashrc" ] && source "$HOME/.bashrc" 2>/dev/null || true
           export NVM_DIR="${NVM_DIR:-$HOME/.nvm}"
@@ -1689,6 +1736,7 @@ jobs:
         shields-config-e2e,
         rebuild-openclaw-e2e,
         upgrade-stale-sandbox-e2e,
+        openshell-gateway-upgrade-e2e,
         rebuild-hermes-e2e,
         rebuild-hermes-stale-base-e2e,
         double-onboard-e2e,
@@ -1776,6 +1824,7 @@ jobs:
         shields-config-e2e,
         rebuild-openclaw-e2e,
         upgrade-stale-sandbox-e2e,
+        openshell-gateway-upgrade-e2e,
         rebuild-hermes-e2e,
         rebuild-hermes-stale-base-e2e,
         double-onboard-e2e,
@@ -1911,6 +1960,7 @@ jobs:
         shields-config-e2e,
         rebuild-openclaw-e2e,
         upgrade-stale-sandbox-e2e,
+        openshell-gateway-upgrade-e2e,
         rebuild-hermes-e2e,
         rebuild-hermes-stale-base-e2e,
         double-onboard-e2e,

.github/workflows/pr-self-hosted.yaml

@@ -43,15 +43,8 @@ jobs:
       - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
-      - name: Pull base image from GHCR (fall back to local build)
-        run: |
-          if docker pull ghcr.io/nvidia/nemoclaw/sandbox-base:latest 2>/dev/null; then
-            echo "BASE_IMAGE=ghcr.io/nvidia/nemoclaw/sandbox-base:latest" >> "$GITHUB_ENV"
-          else
-            echo "::warning::GHCR base image not available, building locally"
-            docker build -f Dockerfile.base -t nemoclaw-sandbox-base-local .
-            echo "BASE_IMAGE=nemoclaw-sandbox-base-local" >> "$GITHUB_ENV"
-          fi
+      - name: Resolve sandbox base image
+        uses: ./.github/actions/resolve-sandbox-base-image
 
       - name: Build production image
         run: docker build --build-arg BASE_IMAGE=${{ env.BASE_IMAGE }} -t nemoclaw-production .
@@ -85,15 +78,8 @@ jobs:
       - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
-      - name: Pull base image from GHCR (fall back to local build)
-        run: |
-          if docker pull ghcr.io/nvidia/nemoclaw/sandbox-base:latest 2>/dev/null; then
-            echo "BASE_IMAGE=ghcr.io/nvidia/nemoclaw/sandbox-base:latest" >> "$GITHUB_ENV"
-          else
-            echo "::warning::GHCR base image not available, building locally"
-            docker build -f Dockerfile.base -t nemoclaw-sandbox-base-local .
-            echo "BASE_IMAGE=nemoclaw-sandbox-base-local" >> "$GITHUB_ENV"
-          fi
+      - name: Resolve sandbox base image
+        uses: ./.github/actions/resolve-sandbox-base-image
 
       - name: Build production image on arm64
         run: docker build --build-arg BASE_IMAGE=${{ env.BASE_IMAGE }} -t nemoclaw-production-arm64 .

.github/workflows/wsl-e2e.yaml

@@ -122,6 +122,10 @@ jobs:
           $script = @'
           set -euo pipefail
           export DEBIAN_FRONTEND=noninteractive
+          printf '%s\n' \
+            'Acquire::ForceIPv4 "true";' \
+            'Acquire::Retries "5";' \
+            >/etc/apt/apt.conf.d/99github-actions-network
           apt-get update
           apt-get install -y bash ca-certificates curl git jq lsb-release make python3 python3-pip rsync tar unzip xz-utils
           '@