From 7934790bfe9f61f63bb395b470e19fb2784807c3 Mon Sep 17 00:00:00 2001
From: Drew Newberry <anewberry@nvidia.com>
Date: Fri, 13 Mar 2026 02:20:36 -0700
Subject: [PATCH 1/2] chore: remove remaining navigator and nemoclaw references

Rename NEMOCLAW_SSH_HANDSHAKE_SECRET to OPENSHELL_SSH_HANDSHAKE_SECRET
in sandbox code, tests, and architecture docs. Fix stale navigator-core
path in .gitattributes. Remove commented-out NemoClaw row from sandbox
docs.
---
 .gitattributes                          |  2 +-
 architecture/sandbox-providers.md       |  4 ++--
 crates/openshell-sandbox/src/process.rs |  2 +-
 crates/openshell-sandbox/src/ssh.rs     |  2 +-
 docs/sandboxes/index.md                 | 15 ++++++++++++++-
 e2e/python/test_sandbox_providers.py    |  2 +-
 6 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/.gitattributes b/.gitattributes
index 79e7af9c..78b56857 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -7,4 +7,4 @@ python/openshell/_proto/*_pb2_grpc.py linguist-generated
 python/openshell/_proto/*_pb2.pyi linguist-generated
 
 # Generated Rust protobuf code (excludes hand-written mod.rs)
-crates/navigator-core/src/proto/navigator.*.rs linguist-generated
+crates/openshell-core/src/proto/openshell.*.rs linguist-generated
diff --git a/architecture/sandbox-providers.md b/architecture/sandbox-providers.md
index d5ca1985..dca36c59 100644
--- a/architecture/sandbox-providers.md
+++ b/architecture/sandbox-providers.md
@@ -274,7 +274,7 @@ for (key, value) in provider_env {
 
 This uses `tokio::process::Command`. The `.env()` call adds each variable to the child's
 inherited environment without clearing it. The spawn path also explicitly removes
-`NEMOCLAW_SSH_HANDSHAKE_SECRET` so the handshake secret does not leak into the agent
+`OPENSHELL_SSH_HANDSHAKE_SECRET` so the handshake secret does not leak into the agent
 entrypoint process.
 
 After provider env vars, proxy env vars (`HTTP_PROXY`, `HTTPS_PROXY`, `ALL_PROXY`,
@@ -370,7 +370,7 @@ Providers are stored with `object_type = "provider"` in the shared object store.
   provider store and are fetched at runtime by the sandbox supervisor.
 - Child processes never receive the raw provider secret values; they only receive
   placeholders, and the supervisor resolves those placeholders during outbound proxying.
-- `NEMOCLAW_SSH_HANDSHAKE_SECRET` is required by the supervisor/SSH server path but is
+- `OPENSHELL_SSH_HANDSHAKE_SECRET` is required by the supervisor/SSH server path but is
   explicitly kept out of spawned sandbox child-process environments.
 
 ## Test Strategy
diff --git a/crates/openshell-sandbox/src/process.rs b/crates/openshell-sandbox/src/process.rs
index 635bcbcf..cb10b8ca 100644
--- a/crates/openshell-sandbox/src/process.rs
+++ b/crates/openshell-sandbox/src/process.rs
@@ -22,7 +22,7 @@ use std::process::Stdio;
 use tokio::process::{Child, Command};
 use tracing::{debug, warn};
 
-const SSH_HANDSHAKE_SECRET_ENV: &str = "NEMOCLAW_SSH_HANDSHAKE_SECRET";
+const SSH_HANDSHAKE_SECRET_ENV: &str = "OPENSHELL_SSH_HANDSHAKE_SECRET";
 
 fn inject_provider_env(cmd: &mut Command, provider_env: &HashMap<String, String>) {
     for (key, value) in provider_env {
diff --git a/crates/openshell-sandbox/src/ssh.rs b/crates/openshell-sandbox/src/ssh.rs
index 619fa6a0..5c4ef862 100644
--- a/crates/openshell-sandbox/src/ssh.rs
+++ b/crates/openshell-sandbox/src/ssh.rs
@@ -30,7 +30,7 @@ use tracing::{info, warn};
 
 const PREFACE_MAGIC: &str = "NSSH1";
 #[cfg(test)]
-const SSH_HANDSHAKE_SECRET_ENV: &str = "NEMOCLAW_SSH_HANDSHAKE_SECRET";
+const SSH_HANDSHAKE_SECRET_ENV: &str = "OPENSHELL_SSH_HANDSHAKE_SECRET";
 
 /// A time-bounded set of nonces used to detect replayed NSSH1 handshakes.
 /// Each entry records the `Instant` it was inserted; a background reaper task
diff --git a/docs/sandboxes/index.md b/docs/sandboxes/index.md
index f78c90b9..756b02c1 100644
--- a/docs/sandboxes/index.md
+++ b/docs/sandboxes/index.md
@@ -57,7 +57,20 @@ Every sandbox moves through a defined set of phases:
 | Error | Something went wrong during provisioning or execution. Check logs with `openshell logs` for details. |
 | Deleting | The sandbox is being torn down. The system releases resources and purges credentials. |
 
-## Sandbox Policies
+## Supported Agents
+
+The following table summarizes the agents that run in OpenShell sandboxes. All agent sandbox images are maintained in the [OpenShell Community](https://github.com/NVIDIA/OpenShell-Community) repository. Agents in the base image are auto-configured when passed as the trailing command to `openshell sandbox create`. More community agent sandboxes are available in the {doc}`community-sandboxes` catalog.
+
+| Agent | Source | Default Policy | Notes |
+|---|---|---|---|
+| [Claude Code](https://docs.anthropic.com/en/docs/claude-code) | [`base`](https://github.com/NVIDIA/OpenShell-Community/tree/main/sandboxes/base) | Full coverage | Works out of the box. Requires `ANTHROPIC_API_KEY`. |
+| [OpenCode](https://opencode.ai/) | [`base`](https://github.com/NVIDIA/OpenShell-Community/tree/main/sandboxes/base) | Partial coverage | Pre-installed. Add `opencode.ai` endpoint and OpenCode binary paths to the policy for full functionality. |
+| [Codex](https://developers.openai.com/codex) | [`base`](https://github.com/NVIDIA/OpenShell-Community/tree/main/sandboxes/base) | No coverage | Pre-installed. Requires a custom policy with OpenAI endpoints and Codex binary paths. Requires `OPENAI_API_KEY`. |
+| [OpenClaw](https://openclaw.ai/) | [`openclaw`](https://github.com/NVIDIA/OpenShell-Community/tree/main/sandboxes/openclaw) | Bundled | Agent orchestration layer. Launch with `openshell sandbox create --from openclaw`. |
+
+
+
+## Built-in Default Policy
 
 OpenShell ships a built-in policy that covers common agent workflows out of the box.
 When you create a sandbox without `--policy`, the default policy is applied. It controls three areas.
diff --git a/e2e/python/test_sandbox_providers.py b/e2e/python/test_sandbox_providers.py
index b16df758..899b6e46 100644
--- a/e2e/python/test_sandbox_providers.py
+++ b/e2e/python/test_sandbox_providers.py
@@ -194,7 +194,7 @@ def test_ssh_handshake_secret_not_visible_in_exec_environment(
     def read_handshake_secret() -> str:
         import os
 
-        return os.environ.get("NEMOCLAW_SSH_HANDSHAKE_SECRET", "NOT_SET")
+        return os.environ.get("OPENSHELL_SSH_HANDSHAKE_SECRET", "NOT_SET")
 
     with sandbox(delete_on_exit=True) as sb:
         result = sb.exec_python(read_handshake_secret)

From ff0d62370e547169e40a7267fa36be0d653ea3ec Mon Sep 17 00:00:00 2001
From: Drew Newberry <anewberry@nvidia.com>
Date: Sun, 15 Mar 2026 11:30:08 -0700
Subject: [PATCH 2/2] chore: revert docs/sandboxes/index.md to main

---
 docs/sandboxes/index.md | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

diff --git a/docs/sandboxes/index.md b/docs/sandboxes/index.md
index 756b02c1..f78c90b9 100644
--- a/docs/sandboxes/index.md
+++ b/docs/sandboxes/index.md
@@ -57,20 +57,7 @@ Every sandbox moves through a defined set of phases:
 | Error | Something went wrong during provisioning or execution. Check logs with `openshell logs` for details. |
 | Deleting | The sandbox is being torn down. The system releases resources and purges credentials. |
 
-## Supported Agents
-
-The following table summarizes the agents that run in OpenShell sandboxes. All agent sandbox images are maintained in the [OpenShell Community](https://github.com/NVIDIA/OpenShell-Community) repository. Agents in the base image are auto-configured when passed as the trailing command to `openshell sandbox create`. More community agent sandboxes are available in the {doc}`community-sandboxes` catalog.
-
-| Agent | Source | Default Policy | Notes |
-|---|---|---|---|
-| [Claude Code](https://docs.anthropic.com/en/docs/claude-code) | [`base`](https://github.com/NVIDIA/OpenShell-Community/tree/main/sandboxes/base) | Full coverage | Works out of the box. Requires `ANTHROPIC_API_KEY`. |
-| [OpenCode](https://opencode.ai/) | [`base`](https://github.com/NVIDIA/OpenShell-Community/tree/main/sandboxes/base) | Partial coverage | Pre-installed. Add `opencode.ai` endpoint and OpenCode binary paths to the policy for full functionality. |
-| [Codex](https://developers.openai.com/codex) | [`base`](https://github.com/NVIDIA/OpenShell-Community/tree/main/sandboxes/base) | No coverage | Pre-installed. Requires a custom policy with OpenAI endpoints and Codex binary paths. Requires `OPENAI_API_KEY`. |
-| [OpenClaw](https://openclaw.ai/) | [`openclaw`](https://github.com/NVIDIA/OpenShell-Community/tree/main/sandboxes/openclaw) | Bundled | Agent orchestration layer. Launch with `openshell sandbox create --from openclaw`. |
-
-
-
-## Built-in Default Policy
+## Sandbox Policies
 
 OpenShell ships a built-in policy that covers common agent workflows out of the box.
 When you create a sandbox without `--policy`, the default policy is applied. It controls three areas.