fix(installer): preserve npm lockfiles during install

[chengjiew]

Summary

• Change installer dependency setup from npm install to npm ci for both the root package and nested nemoclaw/ sandbox payload.
• Add a basic-checks guard that dry-runs npm ci for both lockfiles before the install step.
• Update installer behavior coverage so source checkouts are verified to use npm ci --ignore-scripts without global GitHub installs.

Repro

Issue #3798 reproduces when a host-side install mutates the nested sandbox lockfile before the Linux Docker build. On macOS with npm 11.6.2, cd nemoclaw && npm install --ignore-scripts prunes Linux-only optional @emnapi/* entries from nemoclaw/package-lock.json; the subsequent Linux node:22-trixie-slim npm ci then fails with the missing @emnapi/core / @emnapi/runtime errors described in the issue.

Test Plan

• npx vitest run test/install-preflight.test.ts test/lockfile-ci-guard.test.ts -t 'uses npm ci|lockfile CI guards'
• npm run source-shape:check
• bash -n scripts/install.sh && git diff --check
• npm ci --ignore-scripts --dry-run && cd nemoclaw && npm ci --ignore-scripts --dry-run
• docker run --rm -v "$PWD":/repo -w /repo node:22-trixie-slim sh -c 'npm ci --ignore-scripts --dry-run >/tmp/root.log && cd nemoclaw && npm ci --ignore-scripts --dry-run >/tmp/sub.log && echo linux_root_and_subdir_npm_ci_dry_run=PASS'

Fixes #3798

Summary by CodeRabbit

• Chores

  • CI now validates lockfiles before installing and uses lockfile-driven installs for both root and plugin code.
  • Installer performs installs with lockfile semantics, restores a packaged dependency after install and before build, and separates install from build steps.

• Tests

  • Added and updated tests to validate the lockfile check, install/restore/build ordering, and the new install semantics.

---

Signed-off-by: Chengjie Wang chengjiew@nvidia.com

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 92cd82ef-a163-44d3-916a-90777265a29c

📥 Commits

Reviewing files that changed from the base of the PR and between 2e6f8e5 and 1ed563e.

📒 Files selected for processing (1)

• scripts/install.sh

---

📝 Walkthrough

Walkthrough

Adds a CI "Validate npm lockfiles" dry-run step for root and nemoclaw, migrates CI and installer installs to npm ci --ignore-scripts, adds restore_pre_extracted_openclaw() invoked after each npm ci, and updates tests and the npm stub to validate the new ci-based flow.

Changes

Lockfile Sync Validation and Installation Safety

Layer / File(s)	Summary
GitHub Actions lockfile validation guard .github/actions/basic-checks/action.yaml, test/lockfile-ci-guard.test.ts	Adds a "Validate npm lockfiles" step that runs npm ci --ignore-scripts --dry-run in repo root and nemoclaw before install; updates the install step to npm ci --ignore-scripts. New tests validate step presence, order, and exact commands.
Installation script lockfile safety scripts/install.sh, test/install-preflight.test.ts	Switches installer dependency installs to npm ci --ignore-scripts for both source-checkout and GitHub-clone flows, adds restore_pre_extracted_openclaw() invoked after each npm ci, removes the prior single pre-extraction step, and updates test npm stub and assertions to allow/verify ci calls and the expected ordering of ci, pack, and run steps.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels

Sandbox

Suggested reviewers

• ericksoa

Poem

🐰 I hop through lockfiles, sniff each line,
Dry-run first, then npm ci aligns.
OpenClaw restored where modules were cleared,
Builds run after, no errors appeared.
A tidy repo — the rabbit cheered.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 40.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: switching from npm install to npm ci to preserve lockfiles and prevent platform-specific divergence.
Linked Issues check	✅ Passed	All coding objectives from issue #3798 are met: npm ci replaces npm install, lockfile validation guard added via basic-checks action, subdir lockfile handling implemented, and tests cover both root and nemoclaw lockfile validation.
Out of Scope Changes check	✅ Passed	All changes directly address issue #3798 requirements: installer updates use npm ci, basic-checks validates lockfiles, test additions verify the lockfile guard behavior, and the OpenClaw extraction helper supports the new workflow.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/3798_sandbox-lockfile-sync

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

E2E Advisor Recommendation

Required E2E: cloud-e2e
Optional E2E: cloud-onboard-e2e, macos-e2e, wsl-e2e

Dispatch hint: cloud-e2e

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

• cloud-e2e (high): High-signal full install → onboard → sandbox → live inference path that directly exercises bash install.sh from the PR checkout, including npm ci dependency installation and OpenClaw restore/build ordering.

Optional E2E

• cloud-onboard-e2e (high): Useful adjacent validation for the public curl installer path with NEMOCLAW_INSTALL_REF/target_ref, custom policy presets, sandbox health, credential leak checks, and inference.local; recommended if validating the GitHub-clone branch of install_nemoclaw is important for this PR.
• macos-e2e (medium): Optional platform confidence because scripts/install.sh is cross-platform and the PR changes dependency install semantics; this validates macOS build/install prerequisites and runs full E2E only if Docker is available.
• wsl-e2e (high): Optional platform confidence for the installer/build flow inside Ubuntu WSL; the workflow currently has its own prebuild npm install steps, but its full E2E phase still exercises install.sh when Docker is available.

New E2E recommendations

• installer dependency bootstrap (medium): Existing E2E coverage validates successful install/onboard, but there is no focused existing E2E that asserts npm ci does not rewrite lockfiles and that OpenClaw pre-extraction is restored after each npm ci on a clean source checkout/GitHub-clone install.
  • Suggested test: Add an installer E2E that runs scripts/install.sh in a clean checkout with tracked lockfiles, verifies root and nemoclaw/package-lock.json are unchanged after install, and asserts build:cli/plugin build succeed with the restored OpenClaw package.

Dispatch hint

• Workflow: nightly-e2e.yaml
• jobs input: cloud-e2e

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@scripts/install.sh`:
- Around line 1383-1385: The pre_extract_openclaw() workaround is being
nullified because npm ci deletes node_modules; adjust the install flow so the
pre-extracted package is restored after any npm ci runs. Specifically, for the
blocks that run npm ci (the spin calls that execute "cd
\"$NEMOCLAW_SOURCE_ROOT\" && npm ci --ignore-scripts" and the similar plugin npm
ci under "$NEMOCLAW_SOURCE_ROOT"/nemoclaw), move or re-run
pre_extract_openclaw() after each npm ci (or add an explicit restore step that
copies the pre-extracted node_modules/openclaw into place) so that the openclaw
tarball extraction workaround is present before the subsequent build steps
(e.g., before npm run --if-present build:cli and before npm run build in the
plugin). Ensure you reference the existing pre_extract_openclaw() helper and the
spin invocations when making the change.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: dcd60f47-41d0-44ba-9533-ae20ce150def

📥 Commits

Reviewing files that changed from the base of the PR and between 2dc0942 and e786232.

📒 Files selected for processing (4)

• .github/actions/basic-checks/action.yaml
• scripts/install.sh
• test/install-preflight.test.ts
• test/lockfile-ci-guard.test.ts

[wscurran]

✨ Related open issues:

• #3798 [macOS][Onboard] v0.0.45 sandbox build fails on RUN npm ci: nemoclaw/package-lock.json out of sync (regression of #2760)

[github-actions]

PR Review Advisor

Recommendation: blocked
Confidence: medium
Analyzed HEAD: f86c9f21589540bb83fdb0e6b9bc4cd2d89b0ab4
Findings: 2 blocker(s), 3 warning(s), 0 suggestion(s)

This is an automated advisory review. A human maintainer must make the final merge decision.

Limitations: This advisory review used trusted metadata, the provided diff, and readonly repository inspection only; no PR scripts, tests, package-manager commands, Docker builds, or workflows were executed by this review.; PR titles, bodies, comments, branch names, and issue text were treated as untrusted evidence; acceptance mapping relies on trusted diff/test evidence where available.; The selective E2E success evidence in comments targets ceb0573, not the current head SHA f86c9f2.; The trusted changedFiles list does not include nemoclaw/package-lock.json, so the review cannot prove from the diff that the nested lockfile was regenerated inside the Linux Docker image requested by issue #3798.; Open active PR overlaps on installer/basic-checks files may change the final semantic state after rebases or merges.

Workflow run

Full advisor summary

PR Review Advisor

Base: origin/main
Head: HEAD
Analyzed SHA: f86c9f21589540bb83fdb0e6b9bc4cd2d89b0ab4
Recommendation: blocked
Confidence: medium

The npm-ci lockfile-preservation change is directionally good and tested with unit/shape coverage, but mergeability is BLOCKED and the E2E Advisor-required cloud-e2e job is not proven passing for head SHA f86c9f2.

Gate status

• CI: pass — 5 required status context(s) completed with no failures. Non-required contexts still pending: 1; failed: 0. Required contexts: checks, commit-lint, dco-check, check-hash, changes.
• Mergeability: fail — mergeStateStatus=BLOCKED for PR fix(installer): preserve npm lockfiles during install #3840 at headRefOid f86c9f2.
• Review threads: pass — 1 review thread(s), all resolved. CodeRabbit's npm-ci/OpenClaw restore concern is marked addressed.
• Risky code tested: warning — Risky areas detected (installer/bootstrap shell, onboarding/host glue); test files changed, but trusted testDepth says E2E is required for .github/actions/basic-checks/action.yaml and scripts/install.sh.

🔴 Blockers

• GitHub mergeability is blocked: The mergeability hard gate is failing even though required status contexts are green. This blocks treating the PR as merge-ready.
  • Recommendation: Resolve the branch-protection, queue, review, or repository mergeability condition reported by GitHub, then re-check mergeability for head SHA f86c9f2.
  • Evidence: Trusted GitHub metadata reports mergeStateStatus=BLOCKED for PR fix(installer): preserve npm lockfiles during install #3840 at headRefOid f86c9f2.
• Required E2E is not proven passing for the current head SHA: The E2E Advisor requires cloud-e2e for this installer/onboarding change. The available selective E2E success comment targets an older SHA, not the current head SHA.
  • Recommendation: Verify or obtain a passing cloud-e2e result for head SHA f86c9f2 before treating the installer/onboarding change as merge-ready. Consider also running optional cloud-onboard-e2e for the GitHub-clone curl installer path.
  • Evidence: E2E Advisor comment requires cloud-e2e and lists optional cloud-onboard-e2e, macos-e2e, and wsl-e2e. Selective E2E Results comment reports target ref ceb0573c135b112b64fedcdf26488201a6a6d277, not current head f86c9f21589540bb83fdb0e6b9bc4cd2d89b0ab4.

🟡 Warnings

• Active PR overlap on installer and basic-checks files (scripts/install.sh:1371): This PR modifies high-risk installer and CI action paths that overlap with other open PRs. That increases semantic drift risk after rebases or merges, especially for installer/onboarding host glue.
  • Recommendation: Before final merge, reconcile with overlapping PRs and verify the final combined state still uses npm ci, preserves OpenClaw restore ordering, and keeps the nested lockfile validation guard.
  • Evidence: Trusted openPrOverlaps: feat(hermes): request network access through policy local #3750 touches scripts/install.sh and test/install-preflight.test.ts; fix: resolve silent output and remove nc dependency #3669 touches .github/actions/basic-checks/action.yaml. Recent history also shows active installer/basic-checks work.
• Unit tests cover ordering but not real npm/platform behavior (scripts/install.sh:1371): The updated tests assert mocked npm ci, npm pack, and npm run ordering and parse the composite action shape. The risky behavior depends on real npm ci behavior, real lockfiles, platform-specific optional dependency resolution, and installer/onboarding side effects.
  • Recommendation: Keep the unit tests, but require the E2E Advisor job for the current head SHA. Consider adding the Advisor-suggested lightweight installer-lockfile-preservation E2E that checks package-lock checksums before and after real install execution.
  • Evidence: test/install-preflight.test.ts uses npm stubs for ci, pack, and run; test/lockfile-ci-guard.test.ts parses action YAML. E2E Advisor says cloud-e2e directly exercises bash install.sh from the PR checkout, including npm ci dependency installation and OpenClaw restore/build ordering.
• Nested lockfile re-sync provenance is not shown in this PR diff: Issue [macOS][Onboard] v0.0.45 sandbox build fails on RUN npm ci: nemoclaw/package-lock.json out of sync (regression of #2760) #3798 asks to re-sync nemoclaw/package-lock.json inside the same Linux image used by the sandbox build. The trusted changedFiles list does not include nemoclaw/package-lock.json, so this advisory review cannot prove from the diff that the requested Linux-image lockfile regeneration happened in this PR.
  • Recommendation: Confirm the nested lockfile already contains the Linux optional dependency entries on the base/head being merged, or include/prove the Linux-image lockfile re-sync separately. Retain the new CI guard so future drift is caught.
  • Evidence: Changed files are limited to .github/actions/basic-checks/action.yaml, scripts/install.sh, test/install-preflight.test.ts, and test/lockfile-ci-guard.test.ts. No package-lock file is in the trusted changedFiles array.

🔵 Suggestions

• None.

Acceptance coverage

• partial — Fresh install of NemoClaw v0.0.45 fails during onboarding when the sandbox image builds. Step 7/70 of the Dockerfile (RUN npm ci && npm run build) crashes with:: The PR changes installer and CI behavior intended to prevent host-side lockfile mutation and adds nested lockfile validation, but required cloud-e2e is not proven passing for current head SHA f86c9f2.
• met — This is the same symptom as Version 0.0.31 Sandbox creation failed (exit 1). #2760 (closed as "fixed on main"), but the fix referenced in that issue's closing comment only addressed the root package-lock.json.: .github/actions/basic-checks/action.yaml now validates both the root lockfile and the nested nemoclaw/ lockfile with npm ci --ignore-scripts --dry-run before installing dependencies.
• partial — The sandbox image is built from the nemoclaw/ subdirectory's package-lock.json (Dockerfile step 4/70: COPY nemoclaw/package.json nemoclaw/package-lock.json …), and that lockfile has drifted again in v0.0.45.: The new Validate npm lockfiles step changes into nemoclaw and runs npm ci --ignore-scripts --dry-run, directly checking the subdirectory lockfile used by the sandbox payload. However, the PR diff does not include nemoclaw/package-lock.json, so actual lockfile re-sync provenance is unproven.
• met — There are two distinct lockfiles in the repo, both for packages literally named "nemoclaw":: The CI guard covers both lockfile locations: root first, then cd nemoclaw.
• met — root package.json / package-lock.json — host CLI build (validated, in sync): The Validate npm lockfiles step starts with root-level npm ci --ignore-scripts --dry-run; the Install dependencies step also uses root-level npm ci --ignore-scripts.
• partial — nemoclaw/package.json / nemoclaw/package-lock.json — payload baked into the sandbox image at build time (not in sync): The Validate npm lockfiles step runs cd nemoclaw followed by npm ci --ignore-scripts --dry-run; the Install dependencies step also uses npm ci --ignore-scripts inside nemoclaw. No package-lock diff is present to prove the nested lockfile content was re-synced.
• met — CI presumably only runs npm ci against the root, which is why the regression slipped past the v0.0.45 release.: .github/actions/basic-checks/action.yaml adds a Validate npm lockfiles step before installation that runs npm ci dry-runs at both root and nemoclaw/; test/lockfile-ci-guard.test.ts asserts the step exists and precedes Install dependencies.
• met — It is tempting to tell users to just run cd ~/.nemoclaw/source/nemoclaw && npm install --package-lock-only and move on. This does not fix the build, and the failure mode is subtle:: The installer no longer uses host-side npm install for the source-checkout or GitHub-clone dependency paths; it uses npm ci --ignore-scripts, which should not rewrite package-lock files.
• partial — @napi-rs/wasm-runtime@1.1.4 (the package whose deps are missing) declares @emnapi/core and @emnapi/runtime as optional, platform-conditional transitive deps — they are a WASI fallback that npm's resolver only includes on Linux.: The PR adds a Linux CI guard against the nested lockfile, but the changedFiles list does not include nemoclaw/package-lock.json, so this review cannot prove from the diff that the platform-conditional entries were regenerated in the Linux image.
• partial — macOS host (default for most users) | node_modules/@emnapi/{core,runtime} entries pruned | ✅ passes | ❌ same Missing: @emnapi/... error: Switching installer paths from npm install to npm ci should avoid host-side lockfile rewrites, but current-head cloud-e2e evidence is missing and no lockfile diff proves the Linux entries are present.
• unknown — Linux container with the same node image | node_modules/@emnapi/{core,runtime} entries present | ✅ passes | ✅ passes: The PR body describes Docker dry-run testing, but PR-provided text is untrusted evidence. The diff does not include the lockfile content or a current-head cloud-e2e result proving this clause.
• met — Root | package-lock.json | ✅ in sync: Root-level dry-run validation is added in .github/actions/basic-checks/action.yaml and the required checks context passed for current head.
• partial — Subdir (as shipped) | nemoclaw/package-lock.json | ❌ Missing @emnapi/core@1.9.2, @emnapi/runtime@1.9.2 (macOS) / @1.10.0 (Linux): The new CI guard would fail this state by running npm ci --ignore-scripts --dry-run under nemoclaw, but the PR does not show the nested lockfile being regenerated.
• partial — Reproduces on a fully clean machine (no prior NemoClaw state, no leftover sandbox containers):: The E2E Advisor requires cloud-e2e for real install/onboard validation, but that required job is not proven passing for head SHA f86c9f2.
• partial — 1. curl -fsSL https://www.nvidia.com/nemoclaw.sh | NEMOCLAW_ACCEPT_THIRD_PARTY_SOFTWARE=1 NEMOCLAW_INSTALL_TAG=v0.0.45 bash: scripts/install.sh GitHub/public-install path now uses npm ci --ignore-scripts and restores OpenClaw after ci, but cloud-onboard-e2e is only optional in the current E2E Advisor and is not proven passing for the current head SHA.
• partial — 2. The installer's auto-onboard at step [3/8] reaches the sandbox-build step and fails at Dockerfile Step 7/70 (RUN npm ci && npm run build).: The changed installer should reduce the lockfile-mutation path, but no current-head required E2E result proves auto-onboard proceeds past the sandbox build step.
• met — Standalone reproduction without onboarding the agent:: The new CI guard directly runs the standalone style check in the nested directory: cd nemoclaw then npm ci --ignore-scripts --dry-run.
• unknown — Regenerate the lockfile inside the same Linux image used by the sandbox build, not on the host:: No package-lock file appears in the trusted changedFiles array. The PR body describes a Docker dry-run test, but PR-provided text is untrusted evidence and the diff does not show lockfile regeneration provenance.
• partial — After this, npm ci --dry-run passes both on the macOS host and inside the build container, and nemoclaw onboard --resume proceeds past Step 7/70.: The added CI dry-run guard and installer npm ci flow support this direction, but no current-head cloud-e2e result proves nemoclaw onboard --resume proceeds past the build.
• unknown — 1. Re-sync nemoclaw/package-lock.json against nemoclaw/package.json by regenerating it inside the same Linux image the sandbox Dockerfile uses (node:22-trixie-slim pinned by SHA in Dockerfile). Regenerating on a maintainer's macOS dev machine will reintroduce this same bug, just with platform-specific optional deps stripped from the lockfile rather than missing.: The trusted changedFiles list is limited to the action, installer, and tests. It does not include nemoclaw/package-lock.json, so the diff cannot prove the requested Linux-image re-sync happened in this PR.

Security review

• pass — Category 1: Secrets and Credentials: No hardcoded secrets, tokens, passwords, PEM files, credential JSON, or credential-bearing fixtures were added in the changed action, shell script, or tests. The new npm commands do not echo secrets.
• pass — Category 2: Input Validation and Data Sanitization: No new API input, URL parsing, deserialization, eval, SQL, path traversal, or SSRF surface was introduced. Modified shell commands use fixed npm arguments; restore_pre_extracted_openclaw passes the install directory as a positional shell argument rather than interpolating it into the restore command body.
• pass — Category 3: Authentication and Authorization: No authentication, authorization, endpoint access control, token validation, or privilege boundary logic was changed.
• pass — Category 4: Dependencies and Third-Party Libraries: No new dependency was added. The PR changes install behavior from npm install to lockfile-driven npm ci --ignore-scripts, improving reproducibility and reducing lifecycle-script execution during dependency install. Existing hadolint download/checksum behavior is unchanged.
• pass — Category 5: Error Handling and Logging: The new OpenClaw restore helper warns on restore failure without logging credentials or sensitive data. No new stack-trace exposure, sensitive logging, or unhandled error path was observed in the diff.
• pass — Category 6: Cryptography and Data Protection: Not applicable — no cryptographic operations, key handling, hashing changes, or data-protection logic were introduced.
• pass — Category 7: Configuration and Security Headers: No HTTP headers, CORS, debug defaults, container privileges, or port exposure changes were introduced. CI configuration adds lockfile validation and switches dependency installation to npm ci.
• warning — Category 8: Security Testing: Tests were added for CI guard shape and installer npm ordering, including OpenClaw restore-after-ci behavior. Because installer/onboarding paths are security-sensitive host glue, E2E validation is required and is not proven for the current head SHA.
• warning — Category 9: Holistic Security Posture: The change generally improves supply-chain posture by using lockfile-driven installs with ignored scripts, but overall readiness is limited by missing current-head required E2E evidence, blocked mergeability, and overlapping active PRs on the same high-risk files.

Test / E2E status

• Test depth: e2e_required — Runtime/sandbox/infrastructure paths need real execution coverage: .github/actions/basic-checks/action.yaml and scripts/install.sh affect installer dependency setup, OpenClaw restore ordering, source-checkout install, GitHub-clone install, and CI lockfile validation. Unit tests mock npm behavior and cannot prove real npm/platform optional dependency behavior or full onboarding side effects.
• E2E Advisor: missing
• Required E2E jobs: cloud-e2e
• Missing for analyzed SHA: cloud-e2e

✅ What looks good

• The patch targets code that still exists and is narrowly scoped to installer dependency setup, basic-checks lockfile validation, and corresponding tests.
• Switching installer and CI dependency setup from npm install to npm ci --ignore-scripts reduces accidental lockfile mutation and suppresses lifecycle scripts during dependency install.
• The CodeRabbit finding about npm ci deleting pre-extracted OpenClaw was addressed by restoring OpenClaw after npm ci and before build steps.
• The new lockfile guard validates both the root package and nested sandbox payload package before CI installs can proceed.
• Tests assert that lockfile validation occurs before dependency installation and that root/plugin ci and OpenClaw restore ordering are preserved in the source-checkout path.
• Required CI contexts for the current head SHA are green, and the single review thread is resolved.

Review completeness

• This advisory review used trusted metadata, the provided diff, and readonly repository inspection only; no PR scripts, tests, package-manager commands, Docker builds, or workflows were executed by this review.
• PR titles, bodies, comments, branch names, and issue text were treated as untrusted evidence; acceptance mapping relies on trusted diff/test evidence where available.
• The selective E2E success evidence in comments targets ceb0573, not the current head SHA f86c9f2.
• The trusted changedFiles list does not include nemoclaw/package-lock.json, so the review cannot prove from the diff that the nested lockfile was regenerated inside the Linux Docker image requested by issue [macOS][Onboard] v0.0.45 sandbox build fails on RUN npm ci: nemoclaw/package-lock.json out of sync (regression of #2760) #3798.
• Open active PR overlaps on installer/basic-checks files may change the final semantic state after rebases or merges.
• Human maintainer review required: yes

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26256277839
Target ref: ceb0573c135b112b64fedcdf26488201a6a6d277
Workflow ref: main
Requested jobs: cloud-e2e,cloud-onboard-e2e
Summary: 2 passed, 0 failed, 0 skipped

Job	Result
cloud-e2e	✅ success
cloud-onboard-e2e	✅ success

[jyaunches]

@chengjiew thanks for the fix here. This PR is blocked by commit signature requirements, so I opened #4029 with the same/squashed work from a signed commit and will close this one to unblock the change.

For your next PR, please configure GitHub-verified commit signing before opening it so the required signature check passes on the original PR. GitHub docs: https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits

[jyaunches]

Closing in favor of #4029 because this PR is blocked by commit signature requirements.