fix(macos): restore VM inference and Hermes Discord paths

agents/hermes/start.sh

@@ -585,7 +585,12 @@ if [ "$(id -u)" -ne 0 ]; then
   export HOME=/sandbox
   export HERMES_HOME="${HERMES_DIR}"
 
-  if ! verify_config_integrity "${HERMES_DIR}" "${HERMES_HASH_FILE}"; then
+  # macOS VM startup currently runs this entrypoint as the sandbox user and
+  # remaps rootfs ownership to the host uid. In that mode the strict /etc hash
+  # cannot remain a root-owned trust anchor, so use the same locked-aware
+  # mutable-default verifier as OpenClaw. The root path below keeps strict
+  # verification against /etc/nemoclaw/hermes.config-hash.
+  if ! verify_config_integrity_if_locked "${HERMES_DIR}"; then
     echo "[SECURITY] Config integrity check failed — refusing to start (non-root mode)" >&2
     exit 1
   fi

src/lib/onboard.ts

@@ -2033,6 +2033,30 @@ function getRecordedMessagingChannelsForResume(
   return getKnownMessagingChannels(session.messagingChannels);
 }
 
+function getMessagingProviderNamesForChannel(sandboxName: string, channel: string): string[] {
+  if (channel === "discord") return [`${sandboxName}-discord-bridge`];
+  if (channel === "telegram") return [`${sandboxName}-telegram-bridge`];
+  if (channel === "slack") return [`${sandboxName}-slack-bridge`];
+  return [];
+}
+
+function getReusableStoredMessagingChannelsForNonInteractive(
+  sandboxName: string | null,
+): string[] {
+  if (!sandboxName || !isNonInteractive()) return [];
+
+  const entry = registry.getSandbox(sandboxName);
+  const configuredChannels = getKnownMessagingChannels(entry?.messagingChannels);
+  if (configuredChannels.length === 0) return [];
+
+  const disabledChannels = new Set(registry.getDisabledChannels(sandboxName));
+  return configuredChannels.filter((channel) => {
+    if (disabledChannels.has(channel)) return false;
+    const providers = getMessagingProviderNamesForChannel(sandboxName, channel);
+    return providers.length > 0 && providers.every((provider) => providerExistsInGateway(provider));
+  });
+}
+
 /**
  * Detect whether any messaging provider credential has been rotated since
  * the sandbox was created, by comparing SHA-256 hashes of the current
@@ -4461,7 +4485,7 @@ async function startDockerDriverGateway({
     if (drift) {
       restartDockerDriverGatewayProcessForDrift(pidFileGatewayPid, drift.reason);
     } else if (registerDockerDriverGatewayEndpoint() && (await isDockerDriverGatewayHttpReady())) {
-      await verifySandboxBridgeGatewayReachableOrExit(exitOnFailure);
+      await verifySandboxBridgeGatewayReachableOrExit(exitOnFailure, { drivers: gatewayEnv.OPENSHELL_DRIVERS });
       console.log("  ✓ Reusing existing Docker-driver gateway");
       return;
     } else {
@@ -4492,7 +4516,7 @@ async function startDockerDriverGateway({
         isGatewayHealthy(adoptedStatus, adoptedGwInfo, adoptedActiveGatewayInfo) &&
         (await isDockerDriverGatewayHttpReady())
       ) {
-        await verifySandboxBridgeGatewayReachableOrExit(exitOnFailure);
+        await verifySandboxBridgeGatewayReachableOrExit(exitOnFailure, { drivers: gatewayEnv.OPENSHELL_DRIVERS });
         console.log(`  ✓ Reusing existing Docker-driver gateway process (PID ${portListenerPid})`);
         return;
       }
@@ -4561,7 +4585,7 @@ async function startDockerDriverGateway({
       isGatewayHealthy(status, namedInfo, currentInfo) &&
       (await isGatewayTcpReady())
     ) {
-      await verifySandboxBridgeGatewayReachableOrExit(exitOnFailure);
+      await verifySandboxBridgeGatewayReachableOrExit(exitOnFailure, { drivers: gatewayEnv.OPENSHELL_DRIVERS });
       console.log("  ✓ Docker-driver gateway is healthy");
       return;
     }
@@ -10741,6 +10765,16 @@ async function onboard(opts: OnboardOptions = {}): Promise<void> {
         }
       } else {
         selectedMessagingChannels = await setupMessagingChannels();
+        if (selectedMessagingChannels.length === 0) {
+          const reusableStoredMessagingChannels =
+            getReusableStoredMessagingChannelsForNonInteractive(sandboxName);
+          if (reusableStoredMessagingChannels.length > 0) {
+            selectedMessagingChannels = reusableStoredMessagingChannels;
+            note(
+              `  [non-interactive] Reusing existing messaging channel configuration: ${selectedMessagingChannels.join(", ")}`,
+            );
+          }
+        }
       }
       const messagingChannelConfig = readMessagingChannelConfigFromEnv();
       onboardSession.updateSession((current: Session) => {

src/lib/onboard/gateway-sandbox-reachability.test.ts

@@ -8,6 +8,8 @@ import { describe, expect, it } from "vitest";
 import {
   isSandboxBridgeGatewayReachable,
   formatSandboxBridgeUnreachableMessage,
+  shouldVerifySandboxBridgeGatewayReachability,
+  verifySandboxBridgeGatewayReachableOrExit,
 } from "../../../dist/lib/onboard/gateway-sandbox-reachability";
 
 describe("isSandboxBridgeGatewayReachable", () => {
@@ -67,6 +69,29 @@ describe("isSandboxBridgeGatewayReachable", () => {
   });
 });
 
+describe("verifySandboxBridgeGatewayReachableOrExit", () => {
+  it("skips the Docker bridge probe when OpenShell is using the macOS VM driver", async () => {
+    let inspectCalls = 0;
+    await verifySandboxBridgeGatewayReachableOrExit(false, {
+      drivers: "vm",
+      inspectSubnetImpl: () => {
+        inspectCalls += 1;
+        return undefined;
+      },
+      runImpl: () => {
+        throw new Error("probe should not run");
+      },
+    });
+    expect(inspectCalls).toBe(0);
+  });
+
+  it("keeps the bridge probe enabled for Docker-driver gateways", () => {
+    expect(shouldVerifySandboxBridgeGatewayReachability({ drivers: "docker" })).toBe(true);
+    expect(shouldVerifySandboxBridgeGatewayReachability({ drivers: "vm,docker" })).toBe(true);
+    expect(shouldVerifySandboxBridgeGatewayReachability({ drivers: "vm" })).toBe(false);
+  });
+});
+
 describe("formatSandboxBridgeUnreachableMessage", () => {
   it("returns empty for an ok result", () => {
     expect(

src/lib/onboard/gateway-sandbox-reachability.ts

@@ -57,6 +57,21 @@ export interface SandboxBridgeReachabilityOptions {
   inspectSubnetImpl?: (networkName: string) => string | undefined;
 }
 
+export interface SandboxBridgeReachabilityVerifyOptions
+  extends SandboxBridgeReachabilityOptions {
+  drivers?: string;
+}
+
+export function shouldVerifySandboxBridgeGatewayReachability(
+  opts: { drivers?: string } = {},
+): boolean {
+  const drivers = (opts.drivers ?? process.env.OPENSHELL_DRIVERS ?? "docker")
+    .split(/[,\s]+/)
+    .map((driver) => driver.trim().toLowerCase())
+    .filter(Boolean);
+  return drivers.includes("docker");
+}
+
 function defaultInspectSubnet(networkName: string): string | undefined {
   try {
     const out = dockerInspectFormat(
@@ -186,8 +201,11 @@ export function formatSandboxBridgeUnreachableMessage(
 
 export async function verifySandboxBridgeGatewayReachableOrExit(
   exitOnFailure: boolean,
+  opts: SandboxBridgeReachabilityVerifyOptions = {},
 ): Promise<void> {
-  const reach = await isSandboxBridgeGatewayReachable();
+  if (!shouldVerifySandboxBridgeGatewayReachability({ drivers: opts.drivers })) return;
+
+  const reach = await isSandboxBridgeGatewayReachable(opts);
   if (reach.ok) return;
 
   const message = formatSandboxBridgeUnreachableMessage(reach);

src/lib/sandbox/create-stream.test.ts

@@ -22,6 +22,9 @@ class FakeChild extends EventEmitter implements StreamableChildProcess {
   unref = vi.fn();
 }
 
+const dockerEnv = { ...process.env, OPENSHELL_DRIVERS: "docker" };
+const vmEnv = { ...process.env, OPENSHELL_DRIVERS: "vm" };
+
 describe("sandbox-create-stream", () => {
   afterEach(() => {
     vi.useRealTimers();
@@ -30,7 +33,7 @@ describe("sandbox-create-stream", () => {
   it("prints the initial build banner immediately", async () => {
     const child = new FakeChild();
     const logLine = vi.fn();
-    const promise = streamSandboxCreate("echo create", process.env, {
+    const promise = streamSandboxCreate("echo create", dockerEnv, {
       logLine,
       spawnImpl: () => child,
     });
@@ -43,7 +46,7 @@ describe("sandbox-create-stream", () => {
   it("streams visible progress lines and returns the collected output", async () => {
     const child = new FakeChild();
     const logLine = vi.fn();
-    const promise = streamSandboxCreate("echo create", process.env, {
+    const promise = streamSandboxCreate("echo create", dockerEnv, {
       logLine,
       spawnImpl: () => child,
       heartbeatIntervalMs: 1_000,
@@ -99,7 +102,7 @@ describe("sandbox-create-stream", () => {
 
     const child = new FakeChild();
     let checks = 0;
-    const promise = streamSandboxCreate("echo create", process.env, {
+    const promise = streamSandboxCreate("echo create", dockerEnv, {
       spawnImpl: () => child,
       readyCheck: () => {
         checks += 1;
@@ -124,6 +127,65 @@ describe("sandbox-create-stream", () => {
     expect(child.unref).toHaveBeenCalled();
   });
 
+  it("does not detach on Ready until required startup output appears", async () => {
+    vi.useFakeTimers();
+
+    const child = new FakeChild();
+    const logLine = vi.fn();
+    let resolved = false;
+    const promise = streamSandboxCreate("echo create", vmEnv, {
+      spawnImpl: () => child,
+      readyCheck: () => true,
+      pollIntervalMs: 5,
+      heartbeatIntervalMs: 1_000,
+      silentPhaseMs: 10_000,
+      logLine,
+    }).then((result) => {
+      resolved = true;
+      return result;
+    });
+
+    child.stdout.emit("data", Buffer.from("Created sandbox: demo\n"));
+    await vi.advanceTimersByTimeAsync(12);
+
+    expect(resolved).toBe(false);
+    expect(child.kill).not.toHaveBeenCalled();
+    expect(logLine).toHaveBeenCalledWith(
+      "  Sandbox reported Ready; waiting for startup command output before detaching.",
+    );
+
+    child.stderr.emit("data", Buffer.from("Setting up NemoClaw (Hermes)...\n"));
+    await vi.advanceTimersByTimeAsync(6);
+
+    await expect(promise).resolves.toMatchObject({
+      status: 0,
+      forcedReady: true,
+      output: expect.stringContaining("Setting up NemoClaw (Hermes)..."),
+    });
+    expect(child.kill).toHaveBeenCalledWith("SIGTERM");
+  });
+
+  it("does not recover a non-zero close before required startup output appears", async () => {
+    const child = new FakeChild();
+    const promise = streamSandboxCreate("echo create", vmEnv, {
+      spawnImpl: () => child,
+      readyCheck: () => true,
+      pollIntervalMs: 60_000,
+      heartbeatIntervalMs: 1_000,
+      silentPhaseMs: 10_000,
+      logLine: vi.fn(),
+    });
+
+    child.stdout.emit("data", Buffer.from("Created sandbox: demo\n"));
+    child.emit("close", 255);
+
+    await expect(promise).resolves.toMatchObject({
+      status: 255,
+      sawProgress: true,
+    });
+    expect((await promise).forcedReady).toBeUndefined();
+  });
+
   it("flushes the final partial line before resolving", async () => {
     const child = new FakeChild();
     const promise = streamSandboxCreate("echo create", process.env, {
@@ -144,7 +206,7 @@ describe("sandbox-create-stream", () => {
   it("recovers when sandbox is ready at the moment the stream exits non-zero", async () => {
     const child = new FakeChild();
     const logLine = vi.fn();
-    const promise = streamSandboxCreate("echo create", process.env, {
+    const promise = streamSandboxCreate("echo create", dockerEnv, {
       spawnImpl: () => child,
       readyCheck: () => true, // sandbox is already Ready
       pollIntervalMs: 60_000, // large interval so the poll doesn't fire first

src/lib/sandbox/create-stream.ts

@@ -18,6 +18,10 @@ export interface StreamSandboxCreateOptions {
   heartbeatIntervalMs?: number;
   silentPhaseMs?: number;
   logLine?: (line: string) => void;
+  // Optional guard for the early-ready escape hatch. When set, readyCheck()
+  // alone cannot detach the create stream until at least one streamed output
+  // line matches a configured pattern.
+  readyCheckOutputPatterns?: readonly RegExp[];
   // Initial progress phase:
   //   build  — docker-building the sandbox image
   //   upload — pushing the built image into the gateway registry
@@ -90,10 +94,31 @@ const VISIBLE_PROGRESS_PATTERNS: readonly RegExp[] = [
   /^✓ /,
 ];
 
+const VM_READY_DETACH_OUTPUT_PATTERNS: readonly RegExp[] = [/Setting up NemoClaw/];
+
 function matchesAny(line: string, patterns: readonly RegExp[]) {
   return patterns.some((pattern) => pattern.test(line));
 }
 
+function selectedDrivers(env: NodeJS.ProcessEnv): string[] {
+  const raw =
+    env.OPENSHELL_DRIVERS ??
+    process.env.OPENSHELL_DRIVERS ??
+    (process.platform === "darwin" ? "vm" : "docker");
+  return raw
+    .split(",")
+    .map((driver) => driver.trim())
+    .filter(Boolean);
+}
+
+function getReadyCheckOutputPatterns(
+  env: NodeJS.ProcessEnv,
+  patterns: readonly RegExp[] | undefined,
+): readonly RegExp[] {
+  if (patterns) return patterns;
+  return selectedDrivers(env).includes("vm") ? VM_READY_DETACH_OUTPUT_PATTERNS : [];
+}
+
 export function streamSandboxCreate(
   command: string,
   env: NodeJS.ProcessEnv = process.env,
@@ -110,6 +135,12 @@ export function streamSandboxCreate(
   let pending = "";
   let lastPrintedLine = "";
   let sawProgress = false;
+  const readyCheckOutputPatterns = getReadyCheckOutputPatterns(
+    env,
+    options.readyCheckOutputPatterns,
+  );
+  let readyCheckOutputMatched = readyCheckOutputPatterns.length === 0;
+  let printedReadyCheckOutputWait = false;
   let settled = false;
   let polling = false;
   const pollIntervalMs = options.pollIntervalMs || 2000;
@@ -172,6 +203,9 @@ export function streamSandboxCreate(
     if (!line) return;
     lines.push(line);
     lastOutputAt = Date.now();
+    if (!readyCheckOutputMatched && matchesAny(line, readyCheckOutputPatterns)) {
+      readyCheckOutputMatched = true;
+    }
     if (matchesAny(line, BUILD_PROGRESS_PATTERNS)) {
       setPhase("build");
     } else if (matchesAny(line, PULL_PROGRESS_PATTERNS)) {
@@ -238,6 +272,16 @@ export function streamSandboxCreate(
           }
           if (!ready) return;
           setPhase("ready");
+          if (!readyCheckOutputMatched) {
+            if (!printedReadyCheckOutputWait) {
+              const detail =
+                "Sandbox reported Ready; waiting for startup command output before detaching.";
+              lines.push(detail);
+              printProgressLine(`  ${detail}`);
+              printedReadyCheckOutputWait = true;
+            }
+            return;
+          }
           const detail = "Sandbox reported Ready before create stream exited; continuing.";
           lines.push(detail);
           printProgressLine(`  ${detail}`);
@@ -300,7 +344,7 @@ export function streamSandboxCreate(
       // last poll tick and the stream exit (e.g. SSH 255 after "Created sandbox:").
       if (code && code !== 0 && options.readyCheck) {
         try {
-          if (options.readyCheck()) {
+          if (options.readyCheck() && readyCheckOutputMatched) {
             finish(0, { forcedReady: true });
             return;
           }

test/gateway-liveness-probe.test.ts

@@ -139,9 +139,7 @@ describe("gateway liveness probe (#2020)", () => {
     expect(dockerStart).toBeGreaterThanOrEqual(0);
     expect(dockerEnd).toBeGreaterThan(dockerStart);
     const dockerSection = content.slice(dockerStart, dockerEnd);
-    const calls = dockerSection.match(
-      /verifySandboxBridgeGatewayReachableOrExit\(exitOnFailure\)/g,
-    );
+    const calls = dockerSection.match(/verifySandboxBridgeGatewayReachableOrExit\(exitOnFailure/g);
     expect(calls?.length).toBeGreaterThanOrEqual(3);
 
     for (const marker of [
@@ -153,7 +151,7 @@ describe("gateway liveness probe (#2020)", () => {
       expect(markerIdx).toBeGreaterThan(0);
       const before = dockerSection.slice(0, markerIdx);
       expect(
-        before.lastIndexOf("verifySandboxBridgeGatewayReachableOrExit(exitOnFailure)"),
+        before.lastIndexOf("verifySandboxBridgeGatewayReachableOrExit(exitOnFailure"),
       ).toBeGreaterThan(0);
     }
   });