fix(destroy): preserve shared gateway by default; opt-in via --cleanup-gateway

[laitingsheng]

Summary

nemoclaw <name> destroy --yes on the only remaining sandbox tore down the shared OpenShell gateway too, leaving the operator to re-run the full onboard before the next sandbox could come up. --yes was intended to confirm the sandbox destruction, not the gateway.

Default behaviour now preserves the gateway when the last sandbox is destroyed; the old teardown is opt-in via:

• --cleanup-gateway flag on nemoclaw <name> destroy (with --no-cleanup-gateway to override an env-var default)
• NEMOCLAW_CLEANUP_GATEWAY=1 environment variable
• explicit { cleanupGateway: true } in the typed options API

Related Issue

Closes #2166

Changes

• src/lib/domain/lifecycle/options.ts
  • Add cleanupGateway?: boolean to DestroySandboxOptions.
  • Resolve in normalisation: explicit option > argv flag > NEMOCLAW_CLEANUP_GATEWAY env (1/true/yes and inverse).
• src/lib/actions/sandbox/destroy.ts
  • Gate cleanupGatewayAfterLastSandbox() on the new option via resolveCleanupGatewayDecision().
  • Prompt-mode handling: explicit option honoured; NEMOCLAW_NON_INTERACTIVE=1 preserves the gateway; --yes / --force preserves with a one-line hint; interactive without --yes prompts separately.
• src/lib/commands/sandbox/destroy.ts
  • Add --cleanup-gateway (with allowNo) and update usage / examples so it is discoverable from --help.
• Tests
  • src/lib/domain/lifecycle/options.test.ts — env-var, flag precedence, and value spelling cases.
  • src/lib/commands/sandbox/oclif-command-adapters.test.ts — adapter threads the flag (both directions) through to destroySandbox.

Type of Change

• Code change (feature, bug fix, or refactor)
• Code change with doc updates
• Doc only (prose changes, no code sample modifications)
• Doc only (includes code sample changes)

Verification

• npx prek run --all-files passes
• npm test passes
• Tests added or updated for new or changed behavior
• No secrets, API keys, or credentials committed
• Docs updated for user-facing behavior changes
• make docs builds without warnings (doc changes only)
• Doc pages follow the style guide (doc changes only)
• New doc pages include SPDX header and frontmatter (new pages only)

---

Signed-off-by: Tinson Lai tinsonl@nvidia.com

Summary by CodeRabbit

• New Features

  • Added --cleanup-gateway flag to sandbox destroy command to control whether the shared gateway is torn down during sandbox destruction.

• Bug Fixes

  • Sandbox destroy now preserves the shared gateway by default instead of unconditionally destroying it. Users can opt-in to cleanup via --cleanup-gateway flag or NEMOCLAW_CLEANUP_GATEWAY environment variable.

[copy-pr-bot]

Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually.

Contributors can view more details about this message here.

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 55349034-a184-424f-ae15-04929b187240

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• ✅ Review completed - (🔄 Check again to review again)

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/issue-2166-preserve-gateway-on-destroy

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/lib/commands/sandbox/destroy.ts`:
- Line 14: The usage string in destroy.ts's static usage currently lists only
"--cleanup-gateway" even though the flag is defined with allowNo: true and thus
supports "--no-cleanup-gateway"; update the static usage declaration (static
usage) to advertise both forms (e.g., include
"--cleanup-gateway|--no-cleanup-gateway") so callers see the no- form; locate
the flag definition that sets allowNo: true for the "--cleanup-gateway" option
and ensure the usage text matches that flag name.

In `@src/lib/domain/lifecycle/options.ts`:
- Around line 51-55: The current cleanupGateway assignment uses options.includes
which gives precedence to "--cleanup-gateway" even if "--no-cleanup-gateway"
appears later; change it to last-flag-wins by examining the positions of the two
flags (or iterating options from the end) and set cleanupGateway accordingly
using options, envCleanupGateway, and the
"--cleanup-gateway"/"--no-cleanup-gateway" tokens (refer to the cleanupGateway
variable and options array); ensure that if neither flag exists you fall back to
envCleanupGateway.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 56586b5e-48bc-4c6a-b9d8-e172fd9cad02

📥 Commits

Reviewing files that changed from the base of the PR and between b1320d5 and cd6de6f.

📒 Files selected for processing (7)

• src/commands/sandbox/destroy.ts
• src/lib/actions/sandbox/destroy.ts
• src/lib/commands/sandbox/destroy.ts
• src/lib/commands/sandbox/oclif-command-adapters.test.ts
• src/lib/domain/lifecycle/options.test.ts
• src/lib/domain/lifecycle/options.ts
• test/cli.test.ts

[ericksoa]

Reviewed current head 351fd6b against current main. CodeRabbit's two actionable items are addressed in this head: static usage advertises --cleanup-gateway|--no-cleanup-gateway, and cleanup-gateway argv parsing is last-flag-wins with env fallback only when neither flag appears.\n\nBehavior review: default last-sandbox destroy now preserves the shared gateway for confirmed paths such as --yes/--force and for the non-interactive gateway decision; explicit opt-in via --cleanup-gateway, NEMOCLAW_CLEANUP_GATEWAY=1, or API cleanupGateway: true still tears down the gateway. Existing shared-gateway cleanup predicates still gate the final cleanup path.\n\nValidated locally on a merge simulation with current origin/main: npm run build:cli; npx vitest run src/lib/domain/lifecycle/options.test.ts src/lib/commands/sandbox/oclif-command-adapters.test.ts test/cli.test.ts; git diff --check.