fix(onboard): restore pre-patch sandbox when GPU recreate fails early (#5512)

[abhi-0906]

Summary

Follow-up to #5537 addressing the orphan-backup symptom in #5512. When the Docker GPU patch's recreate docker run fails after the original sandbox was already renamed to *-nemoclaw-gpu-backup-<timestamp>, the early-failure path removed only the failed new container and left the backup orphaned — stranding the sandbox with no live original, and colliding with *-nemoclaw-gpu-backup-* on the next retry (as reported in #5512).

The supervisor-reconnect failure path already rolls back to the backup; this path didn't.

Fix

Reuse the existing rollback primitive (rollbackToBackupContainer) on the early-failure path: remove the failed new container, rename the backup back to the original name, and start it — restoring the pre-patch sandbox instead of leaking a backup container.

• Adds rollbackDockerGpuPatchOnRecreateFailure(refs, deps) to docker-gpu-patch-finalize.ts, which resolves the real docker start / docker rename defaults (the recreate call path only carries a deps subset, so dockerStart would otherwise be unset).
• Records context.rolledBack for failure diagnostics, matching the reconnect-failure path.
• No onboard.ts change; all edits are under src/lib/onboard/.

Testing

• New composed test in docker-gpu-patch-rollback.test.ts: when dockerRunDetached fails, the backup is renamed back to the original and started, and is never left as an orphaned container.
• tsc -p tsconfig.src.json clean; rollback / finalize / sandbox-create suites pass (18/18).

Relationship to the WSL Docker Desktop chain

• fix(onboard): bind gateway to 0.0.0.0 on Docker Desktop WSL (#5513) #5534 — gateway bind at [2/8]
• fix(onboard): stop the gateway when its sandbox-bridge probe fails (#5513) #5536 — gateway cleanup on probe failure
• fix(onboard): skip CDI GPU mode on Docker Desktop WSL (#5512) #5537 — skip CDI GPU mode at [6/8] (makes the patch succeed on Docker Desktop WSL, so this early-failure path is no longer hit there)
• this PR — restore the pre-patch sandbox for any other early GPU-recreate failure

Refs #5512.

Summary by CodeRabbit

• Bug Fixes

  • Enhanced error recovery for Docker GPU patch operations. When the patch recreation step fails after the original container is renamed, the system now automatically rolls back to restore the pre-patch sandbox state instead of leaving it in a corrupted state.

• Tests

  • Added test coverage for rollback scenarios during GPU patch recreation failures.

Signed-off-by: Abhimanyu Kumar abhimanyukumar7290@gmail.com

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds rollbackDockerGpuPatchOnRecreateFailure to docker-gpu-patch-finalize.ts, wires it into the recreate-failure path of recreateOpenShellDockerSandboxWithGpu in docker-gpu-patch.ts (replacing a plain container cleanup), and adds a Vitest test asserting the full pre-patch sandbox restoration sequence.

GPU-patch recreate rollback

Layer / File(s)	Summary
rollbackDockerGpuPatchOnRecreateFailure helper src/lib/onboard/docker-gpu-patch-finalize.ts	Exports a new function that accepts raw DockerGpuPatchDeps, resolves full rollback deps via resolveRollbackDeps, and delegates stop/remove/rename/start to the existing rollbackToBackupContainer.
Callsite integration and test src/lib/onboard/docker-gpu-patch.ts, src/lib/onboard/docker-gpu-patch-rollback.test.ts	Imports and calls rollbackDockerGpuPatchOnRecreateFailure in the recreate failure branch of recreateOpenShellDockerSandboxWithGpu, storing the boolean result in context.rolledBack; test asserts backup-to-original rename, ignoreError: true start, and that dockerRm is not called on the backup container.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

area: sandbox, bug-fix

Suggested reviewers

• cv

Poem

🐇 When docker run goes awry mid-flight,
And the container rename leaves things a fright,
I hop back to the backup with care,
Rename, start, and leave no orphan there!
The sandbox restored, my warren secure — 🎉

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically summarizes the main change: restoring the pre-patch sandbox when GPU recreation fails early, which is the core issue addressed by this PR.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}