fix(security): strip credentials from migration snapshots and enforce blueprint digest

[gn00295120]

Summary

Reconciles #156 and #743 into a single comprehensive solution that closes both credential exposure and blueprint integrity gaps.

Credential Sanitization (two layers)

1. Filter at copy time (from fix(security): strip credentials from migration snapshots and enforce blueprint digest #743): cpSync filter excludes auth-profiles.json from snapshot bundles — credentials never touch the snapshot directory.
2. Recursive field stripping (from security: strip credentials from migration snapshots and enforce blueprint digest #156): stripCredentials() with pattern-based detection (CREDENTIAL_FIELDS set + CREDENTIAL_FIELD_PATTERN regex) sanitizes all credential fields in openclaw.json — catches apiKey, token, secret, password, resolvedKey, plus patterns like accessToken, privateKey, clientSecret.
3. Gateway removal: gateway config section (contains auth tokens) is deleted entirely — sandbox entrypoint regenerates it.

Blueprint Digest Verification (from #743)

• SHA-256 digest recorded in manifest at snapshot time
• Validated on restore — mismatch is a hard failure
• Empty/missing digest "" is a hard failure (fixes the silent bypass)
• Backward compatible: old v2 snapshots without blueprintDigest skip validation

Version Bump

• SNAPSHOT_VERSION 2 → 3

Why a new PR?

Gap	#156	#743	This PR
auth-profiles.json removal	walk-delete after copy	cpSync filter	cpSync filter (cleaner)
Deep config credential stripping	Yes (pattern-based)	Only gateway key	Yes (pattern-based)
Blueprint digest verification	No	Yes	Yes
SNAPSHOT_VERSION bump	No	Yes (2→3)	Yes (2→3)
Backward compat (old snapshots)	N/A	Yes	Yes

Neither #156 nor #743 is a strict superset of the other. This PR takes the best of both.

Attack chain (now broken at multiple points)

Telegram message → shell injection → read auth-profiles.json
                                     ↑ BLOCKED: filtered at copy

Telegram message → shell injection → read openclaw.json credentials
                                     ↑ BLOCKED: stripped by pattern

Blueprint tampering → digest: "" → verification passes
                                   ↑ BLOCKED: hard failure

Test plan

• 51 tests pass in migration-state.test.ts (41 existing + 10 new)
• Full suite: 317 tests across 27 files, zero regressions
• TypeScript compiles cleanly (tsc --noEmit)
• All pre-commit and pre-push hooks pass

Supersedes #156 and #743.

Summary by CodeRabbit

• New Features

  • Snapshot format upgraded to v3 and can store/verify an optional blueprint digest during restore.
  • Snapshots now sanitize exported state: remove gateway info and replace sensitive credential values; restores fail on invalid or mismatched blueprint digests.

• Tests

  • Added extensive tests validating sanitization (including pattern-matched credential fields and sandbox/snapshot locations), blueprint-digest handling, error cases, and backward compatibility.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Snapshot format bumped to v3. Added config-file credential sanitization (removes gateway and strips credential fields), snapshot blueprint SHA‑256 digest stored at creation and verified on restore, sandbox/snapshot openclaw.json sanitized with 0600 perms, and node:fs.cpSync test mock extended to support filter.

Changes

Cohort / File(s)	Summary
Snapshot Implementation nemoclaw/src/commands/migration-state.ts	Bumped snapshot manifest version to 3 and added optional `blueprintDigest?: string
Snapshot Tests & FS Mock nemoclaw/src/commands/migration-state.test.ts	Extended node:fs.cpSync mock signature to accept (src, dest, opts?) with opts.filter(sourcePath => boolean) for shallow-copy filtering. Tests updated to expect manifest version 3; added assertions that sandbox and snapshot openclaw.json have gateway removed, credential-like fields replaced with "[STRIPPED_BY_MIGRATION]", non-credential fields preserved, file perms set to 0600; blueprint digest population/null cases and multiple restore scenarios covered.

Sequence Diagram(s)

sequenceDiagram
    participant CLI
    participant Migration as MigrationService
    participant FS as FileSystem
    participant Logger

    CLI->>Migration: createSnapshotBundle(persist, blueprintPath?)
    Migration->>FS: copyDirectory(hostState -> snapshot, { stripCredentials: true })
    FS-->>Migration: copied files (filtered)
    Migration->>FS: sanitizeConfigFile(snapshot/openclaw.json)
    FS-->>Migration: sanitized file written (0600)
    alt blueprintPath provided
        Migration->>FS: read(blueprintPath)
        FS-->>Migration: blueprint bytes
        Migration->>Migration: compute sha256 -> manifest.blueprintDigest
    end
    Migration->>FS: write(snapshot bundle + manifest)
    Migration-->>CLI: return bundle path

    CLI->>Migration: restoreSnapshotToHost(snapshotDir, blueprintPath?)
    Migration->>FS: read(manifest)
    alt manifest.blueprintDigest present
        Migration->>FS: read(blueprintPath)
        FS-->>Migration: blueprint bytes
        Migration->>Migration: compute sha256
        alt digests match
            Migration->>FS: copyDirectory(snapshot -> host, { stripCredentials: false })
            Migration-->>CLI: success
        else digests mismatch / invalid
            Logger->>CLI: log error (digest mismatch/invalid/missing blueprint)
            Migration-->>CLI: failure
        end
    else no blueprintDigest
        Migration->>FS: copyDirectory(snapshot -> host)
        Migration-->>CLI: success
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

🐰 I hopped through JSON, nibbling keys at night,
I pulled out secrets, tucked them out of sight,
I stamped a digest, version three in tow,
Set perms to cozy, kept the snapshot low,
hop hop — safe and neat, migration's right! 🥕

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix(security): strip credentials from migration snapshots and enforce blueprint digest' directly and comprehensively describes the two main security changes: credential stripping and blueprint digest enforcement.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR hardens NemoClaw migration snapshots by preventing credential material from crossing into the sandbox bundle and by adding blueprint integrity verification via a recorded SHA-256 digest, alongside bumping the snapshot format version to v3.

Changes:

• Exclude auth-profiles.json during snapshot copying and add recursive credential-field stripping + gateway removal for the sandbox-bundled openclaw.json.
• Record blueprintDigest at snapshot time and validate it on restore (empty/missing digest becomes a hard failure when the field is present).
• Bump SNAPSHOT_VERSION from 2 → 3 and add/extend unit tests for the above behaviors.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
nemoclaw/src/commands/migration-state.ts	Adds credential sanitization helpers, filters credential files during snapshot copy, records/validates blueprint digest, and bumps snapshot version.
nemoclaw/src/commands/migration-state.test.ts	Updates version assertion and adds tests for file exclusion, credential stripping, and blueprint digest record/verify behavior.

Comments suppressed due to low confidence (1)

nemoclaw/src/commands/migration-state.ts:694

• The snapshot directory still receives an unsanitized copy of openclaw.json (and, when hasExternalConfig, an unsanitized external openclaw.json via copyFileSync). Only the sandbox-bundle config is sanitized later. If the goal is to “strip credentials from migration snapshots” (per PR title/description), consider sanitizing the config file(s) inside parentDir/openclaw and parentDir/config as well (or avoid copying them entirely) so secrets never land in the snapshot artifacts on disk.

    const snapshotStateDir = path.join(parentDir, "openclaw");
    copyDirectory(hostState.stateDir, snapshotStateDir, { stripCredentials: true });

    if (hostState.configPath && hostState.hasExternalConfig) {
      const configSnapshotDir = path.join(parentDir, "config");
      mkdirSync(configSnapshotDir, { recursive: true });
      const configSnapshotPath = path.join(configSnapshotDir, "openclaw.json");
      copyFileSync(hostState.configPath, configSnapshotPath);
      chmodSync(configSnapshotPath, 0o600);
    }

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@nemoclaw/src/commands/migration-state.ts`:
- Around line 656-660: The snapshot currently contains unsanitized credentials
because only the sandbox copy is scrubbed; update the flow that writes the raw
and external config copies (the code that writes to snapshotDir/openclaw and
snapshotDir/config/openclaw.json) to run sanitizeConfigFile(configPath) on the
snapshot copy as well (i.e., sanitize immediately after creating/writing the
snapshot copy or sanitize the source before writing both copies), ensuring
sanitizeConfigFile is invoked for both the snapshot and sandbox-bundle paths;
apply the same change for the other occurrence around the code handling lines
686-693.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 88a8e253-dfcb-438f-9503-1a159a44069d

📥 Commits

Reviewing files that changed from the base of the PR and between 166319d and 0f9fc11.

📒 Files selected for processing (2)

• nemoclaw/src/commands/migration-state.test.ts
• nemoclaw/src/commands/migration-state.ts

[wscurran]

Thanks for submitting this PR along with a detailed summary, it reconciles two previous issues into a comprehensive solution that closes credential exposure and blueprint integrity gaps, which could improve the security of the NemoClaw project.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

nemoclaw/src/commands/migration-state.test.ts (2)

713-715: Assert SHA-256 format, not just non-empty digest.

A non-empty check is weak; this test should lock expected digest shape to protect the integrity guarantee.

Proposed test assertion

-      expect(typeof bundle.manifest.blueprintDigest).toBe("string");
-      expect((bundle.manifest.blueprintDigest ?? "").length).toBeGreaterThan(0);
+      expect(bundle.manifest.blueprintDigest).toMatch(/^[a-f0-9]{64}$/);

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@nemoclaw/src/commands/migration-state.test.ts` around lines 713 - 715,
Replace the weak non-empty assertion for bundle.manifest.blueprintDigest with a
strict SHA-256 format check: in the test that references
bundle.manifest.blueprintDigest (in migration-state.test.ts) assert that it's a
string matching a 64-hex-character pattern (e.g. /^[a-f0-9]{64}$/i) so the
digest shape is validated rather than just non-empty.

---

1357-1386: Add restore coverage for v3 snapshots with blueprintDigest: null.

createSnapshotBundle emits null when no blueprint is provided; restore behavior for this exact v3 manifest shape is currently untested.

Suggested additional test

+    it("restore succeeds for v3 snapshot when blueprintDigest is null", () => {
+      const logger = makeLogger();
+      const origHome = process.env.HOME;
+      process.env.HOME = "/home/user";
+      try {
+        const manifest: SnapshotManifest = {
+          version: 3,
+          createdAt: "2026-03-01T00:00:00.000Z",
+          homeDir: "/home/user",
+          stateDir: "/home/user/.openclaw",
+          configPath: null,
+          hasExternalConfig: false,
+          externalRoots: [],
+          warnings: [],
+          blueprintDigest: null,
+        };
+        addFile("/snapshots/snap1/snapshot.json", JSON.stringify(manifest));
+        addDir("/snapshots/snap1/openclaw");
+        addFile("/snapshots/snap1/openclaw/openclaw.json", JSON.stringify({ restored: true }));
+
+        const result = restoreSnapshotToHost("/snapshots/snap1", logger);
+        expect(result).toBe(true);
+      } finally {
+        if (origHome === undefined) {
+          delete process.env.HOME;
+        } else {
+          process.env.HOME = origHome;
+        }
+      }
+    });

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@nemoclaw/src/commands/migration-state.test.ts` around lines 1357 - 1386, The
test needs to cover v3 manifests where blueprintDigest is explicitly null:
update the manifest in the "restore succeeds when manifest has no
blueprintDigest (backward compat)" test to include blueprintDigest: null
(matching createSnapshotBundle's emitted shape) so SnapshotManifest (v3) is
exercised, and verify restoreSnapshotToHost("/snapshots/snap1", logger) still
returns true; ensure SnapshotManifest, createSnapshotBundle, and
restoreSnapshotToHost are the referenced symbols to locate the relevant logic.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@nemoclaw/src/commands/migration-state.test.ts`:
- Around line 51-57: The cpSync mock's filter callback currently only receives
the source path, but Node's fs.cpSync filter is called with (src, dest); update
the mock in cpSync (and its type annotation) to accept and call filter with both
arguments—pass the current source key and the resolved destination path (dest +
relative) when invoking opts.filter—so the mock matches production behavior and
surface destination-dependent filter bugs; adjust the vi.fn signature to (src:
string, dest: string, opts?: { filter?: (source: string, dest: string) =>
boolean }) and call opts.filter(k, dest + relative).

---

Nitpick comments:
In `@nemoclaw/src/commands/migration-state.test.ts`:
- Around line 713-715: Replace the weak non-empty assertion for
bundle.manifest.blueprintDigest with a strict SHA-256 format check: in the test
that references bundle.manifest.blueprintDigest (in migration-state.test.ts)
assert that it's a string matching a 64-hex-character pattern (e.g.
/^[a-f0-9]{64}$/i) so the digest shape is validated rather than just non-empty.
- Around line 1357-1386: The test needs to cover v3 manifests where
blueprintDigest is explicitly null: update the manifest in the "restore succeeds
when manifest has no blueprintDigest (backward compat)" test to include
blueprintDigest: null (matching createSnapshotBundle's emitted shape) so
SnapshotManifest (v3) is exercised, and verify
restoreSnapshotToHost("/snapshots/snap1", logger) still returns true; ensure
SnapshotManifest, createSnapshotBundle, and restoreSnapshotToHost are the
referenced symbols to locate the relevant logic.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: c0c1ff81-53f4-40cf-ba39-a2a4d5bc307a

📥 Commits

Reviewing files that changed from the base of the PR and between c405b78 and 214f1c4.

📒 Files selected for processing (1)

• nemoclaw/src/commands/migration-state.test.ts

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

What is the current Node.js TypeScript signature of fs.cpSync's options.filter callback (does it receive source and destination)?

💡 Result:

The current Node.js TypeScript signature of fs.cpSync's options.filter callback is (source: string, destination: string) => boolean | Promise. Yes, it receives both source and destination paths. This is confirmed by multiple TypeScript-compatible Node.js implementations (Bun, Deno) showing the exact signature in CopySyncOptions.filter, a Node.js GitHub issue #49092 using filter: (source, _destination), and @types/node DefinitelyTyped PR #61042 updating fs.cp filter types to accept Promise with source/destination parameters matching JSDoc.

Citations:

• 1: "Experimental" fs.cp(), fs.cpSync(), fsPromises.cp() methods don't handle recursion when there is a filter nodejs/node#49092
• 2: https://bun.com/reference/node/fs/cpSync
• 3: https://docs.deno.com/api/node/fs/~/CopySyncOptions
• 4: https://bun.sh/reference/node/fs/cpSync
• 5: https://bun.com/reference/node/fs/CopySyncOptions
• 6: [@type/node] options.filter of fs.cp() can return a Promise DefinitelyTyped/DefinitelyTyped#61042

---

Align the cpSync filter mock signature with Node's API.

The mock currently passes only source to filter; the actual Node.js API passes both source and destination. This mismatch can hide bugs when production filter logic depends on the destination path.

Proposed fix

-    cpSync: vi.fn((src: string, dest: string, opts?: { filter?: (source: string) => boolean }) => {
+    cpSync: vi.fn(
+      (
+        src: string,
+        dest: string,
+        opts?: { filter?: (source: string, destination: string) => boolean },
+      ) => {
       // Shallow copy: copy all entries whose path starts with src
       for (const [k, v] of store) {
         if (k === src || k.startsWith(src + "/")) {
-          if (opts?.filter && !opts.filter(k)) continue;
           const relative = k.slice(src.length);
-          store.set(dest + relative, { ...v });
+          const target = dest + relative;
+          if (opts?.filter && !opts.filter(k, target)) continue;
+          store.set(target, { ...v });
         }
       }
-    }),
+    }),

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@nemoclaw/src/commands/migration-state.test.ts` around lines 51 - 57, The
cpSync mock's filter callback currently only receives the source path, but
Node's fs.cpSync filter is called with (src, dest); update the mock in cpSync
(and its type annotation) to accept and call filter with both arguments—pass the
current source key and the resolved destination path (dest + relative) when
invoking opts.filter—so the mock matches production behavior and surface
destination-dependent filter bugs; adjust the vi.fn signature to (src: string,
dest: string, opts?: { filter?: (source: string, dest: string) => boolean }) and
call opts.filter(k, dest + relative).

[ericksoa]

LGTM — solid credential stripping and blueprint digest verification. Pushed a trivial lint fix (prefer-optional-chain) to get CI green. Thanks @gn00295120!

[coderabbitai]

♻️ Duplicate comments (1)

nemoclaw/src/commands/migration-state.test.ts (1)

51-57: ⚠️ Potential issue | 🟡 Minor

Align the cpSync filter mock with Node’s (source, destination) callback shape.

At Line 51 and Line 55, the mock types/calls filter as unary (source only). This can hide destination-dependent filter behavior in code under test.

Proposed fix

-    cpSync: vi.fn((src: string, dest: string, opts?: { filter?: (source: string) => boolean }) => {
+    cpSync: vi.fn(
+      (
+        src: string,
+        dest: string,
+        opts?: { filter?: (source: string, destination: string) => boolean },
+      ) => {
       // Shallow copy: copy all entries whose path starts with src
       for (const [k, v] of store) {
         if (k === src || k.startsWith(src + "/")) {
-          if (opts?.filter && !opts.filter(k)) continue;
           const relative = k.slice(src.length);
-          store.set(dest + relative, { ...v });
+          const target = dest + relative;
+          if (opts?.filter && !opts.filter(k, target)) continue;
+          store.set(target, { ...v });
         }
       }
-    }),
+    }),

What is the current Node.js/@types/node signature for fs.cpSync options.filter? Does it receive both source and destination path arguments?

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@nemoclaw/src/commands/migration-state.test.ts` around lines 51 - 57, The
cpSync mock currently types and calls opts.filter as a unary (source) function;
change its type to opts?: { filter?: (src: string, dest: string) => boolean }
and when invoking the filter inside the loop call opts.filter(k, dest +
relative) (or opts.filter(k, dest) if you want the raw destination base) so the
mock matches Node's (source, destination) signature; update the vi.fn(...)
declaration for cpSync accordingly.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@nemoclaw/src/commands/migration-state.test.ts`:
- Around line 51-57: The cpSync mock currently types and calls opts.filter as a
unary (source) function; change its type to opts?: { filter?: (src: string,
dest: string) => boolean } and when invoking the filter inside the loop call
opts.filter(k, dest + relative) (or opts.filter(k, dest) if you want the raw
destination base) so the mock matches Node's (source, destination) signature;
update the vi.fn(...) declaration for cpSync accordingly.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 7b91f5f9-dd41-4586-82d7-51c2a5de068f

📥 Commits

Reviewing files that changed from the base of the PR and between 214f1c4 and 87097d9.

📒 Files selected for processing (1)

• nemoclaw/src/commands/migration-state.test.ts

[gn00295120]

Thanks for the lint fix and LGTM @ericksoa!

The commit-lint check is failing because style is not in the allowed type list — the repo only allows [feat, fix, docs, chore, refactor, test, ci, perf, merge].

Could you amend the commit message from:

style: apply prefer-optional-chain lint fix in tests

to:

chore: apply prefer-optional-chain lint fix in tests

That should unblock the merge. Thanks!

[gn00295120]

Hi, the merge is blocked by the required_signatures ruleset — my commits were made before I set up commit signing. Could you squash-merge this PR? The GitHub merge signature will satisfy the requirement. Thanks!

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

nemoclaw/src/commands/migration-state.ts (1)

715-738: ⚠️ Potential issue | 🔴 Critical

Omit blueprintDigest unless a blueprint was actually provided.

At Line 726, the manifest always includes blueprintDigest, and the default value from Line 715 is null. Because restoreSnapshotToHost() treats the presence of that key as “verification required”, every v3 snapshot created without blueprintPath becomes unrestorable. Using !== undefined here also avoids silently treating "" as “no blueprint”.

🐛 Minimal fix

-    const blueprintDigest = options.blueprintPath ? computeFileDigest(options.blueprintPath) : null;
-
     const manifest: SnapshotManifest = {
       version: SNAPSHOT_VERSION,
       createdAt: new Date().toISOString(),
       homeDir: hostState.homeDir,
       stateDir: hostState.stateDir,
       configPath: hostState.configPath,
       hasExternalConfig: hostState.hasExternalConfig,
       externalRoots,
       warnings: hostState.warnings,
-      blueprintDigest,
     };
 
-    if (options.blueprintPath) {
+    if (options.blueprintPath !== undefined) {
       const digest = computeFileDigest(options.blueprintPath);
       if (!digest) {
         throw new Error(
           `Cannot compute blueprint digest for ${options.blueprintPath}. ` +
             "The file may be missing or unreadable.",
         );
       }
       manifest.blueprintDigest = digest;
     }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@nemoclaw/src/commands/migration-state.ts` around lines 715 - 738, The
manifest currently always includes a blueprintDigest key (set to null when no
blueprintPath), which triggers restoreSnapshotToHost to require verification;
change the logic so blueprintDigest is only computed and added to the manifest
when a blueprint was explicitly provided. Specifically: remove blueprintDigest
from the initial manifest literal, compute the digest only if
options.blueprintPath !== undefined (not just truthy), throw if
computeFileDigest returns falsy, and then assign manifest.blueprintDigest =
digest; this ensures snapshots without a provided blueprint omit the key
entirely and avoids treating "" as “no blueprint.” Reference: blueprintDigest
variable, manifest object, options.blueprintPath, computeFileDigest, and
restoreSnapshotToHost.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@nemoclaw/src/commands/migration-state.ts`:
- Around line 549-559: sanitizeConfigFile currently returns silently when JSON5
parsing yields a non-object (e.g., []), leaving an invalid openclaw.json in the
snapshot; change the behavior to fail-closed by removing or erroring when parsed
is not a plain object. In sanitizeConfigFile, after JSON5.parse and the checks
on parsed, do not simply return on invalid data — either throw an error or
unlink the configPath (using functions like unlinkSync) so the invalid file is
not left in the staging snapshot; keep the rest of the logic (delete
config["gateway"], stripCredentials, writeFileSync, chmodSync) unchanged when
parsed is a valid object. Ensure the change targets the sanitizeConfigFile
function so callers will observe the failure/cleanup instead of silently
proceeding.
- Around line 504-523: The credential-detection misses separator-style names
(snake_case/kebab-case); update isCredentialField to normalize the key before
checking by lowercasing and stripping/replacing common separators (e.g., convert
"_" and "-" to "") or collapsing non-alphanumeric chars, then test that
normalizedKey against CREDENTIAL_FIELDS and CREDENTIAL_FIELD_PATTERN; update
CREDENTIAL_FIELDS and/or CREDENTIAL_FIELD_PATTERN only if needed, but the
primary fix is normalizing the input key prior to calling
CREDENTIAL_FIELDS.has(...) and CREDENTIAL_FIELD_PATTERN.test(...), referencing
the existing symbols CREDENTIAL_FIELDS, CREDENTIAL_FIELD_PATTERN, and
isCredentialField.

---

Outside diff comments:
In `@nemoclaw/src/commands/migration-state.ts`:
- Around line 715-738: The manifest currently always includes a blueprintDigest
key (set to null when no blueprintPath), which triggers restoreSnapshotToHost to
require verification; change the logic so blueprintDigest is only computed and
added to the manifest when a blueprint was explicitly provided. Specifically:
remove blueprintDigest from the initial manifest literal, compute the digest
only if options.blueprintPath !== undefined (not just truthy), throw if
computeFileDigest returns falsy, and then assign manifest.blueprintDigest =
digest; this ensures snapshots without a provided blueprint omit the key
entirely and avoids treating "" as “no blueprint.” Reference: blueprintDigest
variable, manifest object, options.blueprintPath, computeFileDigest, and
restoreSnapshotToHost.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 1acfa686-bddd-4627-9ad6-9bb27daacd66

📥 Commits

Reviewing files that changed from the base of the PR and between 87097d9 and c7d1d53.

📒 Files selected for processing (2)

• nemoclaw/src/commands/migration-state.test.ts
• nemoclaw/src/commands/migration-state.ts