fix(e2e): allow Brev GPU bridge gateway traffic by ericksoa · Pull Request #3960 · NVIDIA/NemoClaw

ericksoa · 2026-05-21T01:55:39Z

Summary

prepare Brev GPU branch-validation VMs to allow Docker bridge traffic to the OpenShell gateway port
extract the remote GPU runtime setup command list so the firewall rule is covered by a focused test
keep the product-side sandbox bridge reachability check fatal for real failures; this only adjusts the Brev GPU CI host setup

Refs #3959.

Testing

npx vitest run test/e2e/brev-e2e.test.ts -t "Brev GPU runtime setup|Brev deploy input validation"
git diff --check

Follow-up

Live Brev GPU branch validation should be run on this PR to confirm it gets past [2/8] Starting OpenShell gateway and reaches sandbox GPU proof/inference.

Summary by CodeRabbit

Tests
- Added a unit test validating the GPU runtime setup command sequence and the expected firewall allow rules.
Bug Fixes / Reliability
- Improved GPU Docker runtime provisioning to enable network access from the Docker bridge to gateway/auth-proxy ports with tolerant fallback behavior when firewall changes fail.
- Updated end-to-end GPU script to treat an additional GPU-related install log marker as requiring the direct sandbox inference path.

Signed-off-by: Aaron Erickson <aerickson@nvidia.com>

coderabbitai · 2026-05-21T01:55:51Z

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

@coderabbitai resume to resume automatic reviews.
@coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

▶️ Resume reviews
🔍 Trigger review

📝 Walkthrough

Walkthrough

Extracts GPU Docker runtime command assembly into gpuDockerRuntimeSetupCommands(), adds OPENSHELL_GATEWAY_PORT, OLLAMA_AUTH_PROXY_PORT, and DOCKER_DEFAULT_BRIDGE_POOL_CIDR, updates prepareGpuDockerRuntime() to execute the assembled command string, adds a Vitest that asserts the generated ufw allow-rule strings (with warning fallbacks) are present, and adjusts sandbox inference routing detection in the GPU e2e script.

Changes

GPU Runtime Setup for Brev

Layer / File(s)	Summary
GPU Docker runtime setup constants and command generation `test/e2e/brev-e2e.test.ts`	Adds `OPENSHELL_GATEWAY_PORT`, `OLLAMA_AUTH_PROXY_PORT`, and `DOCKER_DEFAULT_BRIDGE_POOL_CIDR`; implements `gpuDockerRuntimeSetupCommands()` to assemble remote provisioning commands (including conditional `ufw` allow rules from the Docker bridge CIDR to both OpenShell gateway and Ollama auth proxy ports with stderr-warning fallbacks); updates `prepareGpuDockerRuntime()` to execute the assembled command string.
GPU runtime setup command validation `test/e2e/brev-e2e.test.ts`	Adds a Vitest (`Brev GPU runtime setup`) that generates the GPU runtime setup commands and asserts the two expected `ufw` allow-rule strings (including the warning fallback text) are present.
Sandbox inference routing conditional `test/e2e/test-gpu-e2e.sh`	Expands the Phase 5 conditional to treat either the OpenClaw direct-sandbox log marker or the Docker-driver GPU patch marker as requiring the direct sandbox inference URL and sets `SANDBOX_INFERENCE_EXEC` to `docker` accordingly.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related issues

Brev GPU E2E fails at OpenShell Docker bridge gateway reachability #3959: Implements the explicit UFW allow rules (Docker bridge → OpenShell gateway and Ollama auth proxy) discussed in the issue.

Possibly related PRs

NVIDIA/NemoClaw#3472: Both PRs handle generating/formatting UFW remediation strings to allow Docker bridge CIDR traffic to the Ollama auth proxy port.

Suggested labels

CI/CD, fix

Suggested reviewers

cv
jyaunches

"🐰 I hopped in code at break of day,
Commands lined up in tidy array,
A ufw gate opened with polite alarm,
Tests nod and say 'the rules are warm',
GPUs hum — the rabbit dances away!"

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix(e2e): allow Brev GPU bridge gateway traffic' directly summarizes the main change: adding firewall rules to allow Docker bridge traffic to the OpenShell gateway port on Brev GPU VMs, which is the core purpose of the changeset.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Commit unit tests in branch fix/brev-gpu-gateway-reachability

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

github-actions · 2026-05-21T01:57:02Z

E2E Advisor Recommendation

Required E2E: gpu-e2e, e2e-branch-validation:test_suite=gpu
Optional E2E: gpu-double-onboard-e2e

Dispatch hint: gpu-e2e

Auto-dispatched E2E: gpu-e2e via nightly-e2e.yaml at 1d7e70dae58b5abf25df9ac0d3df7c89bec2fdc3 — nightly run

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

gpu-e2e (high): Directly exercises the modified test/e2e/test-gpu-e2e.sh GPU Ollama local inference flow on the existing GPU E2E runner, including sandbox inference through inference.local and Docker exec proxy handling.
e2e-branch-validation:test_suite=gpu (high): Required to cover the modified Brev-specific GPU provisioning/runtime setup in test/e2e/brev-e2e.test.ts, including NVIDIA container runtime installation and Docker bridge/UFW rules before running the GPU sandbox proof suite from source.

Optional E2E

gpu-double-onboard-e2e (high): Adjacent confidence for Ollama auth proxy token consistency across re-onboard on GPU. Useful because the changed GPU flow relies on the proxy path, but the PR does not modify the double-onboard script directly.

New E2E recommendations

None.

Dispatch hint

Workflow: nightly-e2e.yaml
jobs input: gpu-e2e

github-actions · 2026-05-21T01:57:59Z

PR Review Advisor

Recommendation: blocked
Confidence: medium
Analyzed HEAD: 1d7e70dae58b5abf25df9ac0d3df7c89bec2fdc3
Findings: 1 blocker(s), 2 warning(s), 1 suggestion(s)

This is an automated advisory review. A human maintainer must make the final merge decision.

Limitations: Review used read-only repository/diff inspection and deterministic PR context; no PR scripts, package-manager commands, or live E2E jobs were executed by this review.; Linked issue #3959 body/comments were not available in the deterministic context, so issue-specific clauses could not be extracted literally beyond the PR body reference.; CI is still pending and mergeability is blocked for the requested head SHA; final gate status may change after checks complete.; Review thread state is unknown despite empty GraphQL reviewThreads.nodes; CodeRabbit auto-review was paused in the provided issue comment.; Brev E2E failure comments were available, but logs were not inspected, so the exact failure cause is unknown.; The behavioral safety and effectiveness of the UFW rules cannot be fully proven without a successful live Brev GPU VM run.

Workflow run

Full advisor summary

PR Review Advisor

Base: origin/main
Head: HEAD
Analyzed SHA: 1d7e70dae58b5abf25df9ac0d3df7c89bec2fdc3
Recommendation: blocked
Confidence: medium

Patch is localized to Brev/GPU E2E harness files and appears directionally scoped, but it is not merge-ready because CI is pending, mergeability is blocked/review-required, and repeated Brev GPU validation failures have no passing head-SHA evidence.

Gate status

CI: pending — Trusted context reports 12 pending status contexts. GraphQL rollup for 1d7e70d shows in-progress/queued checks including E2E recommendation, wsl-e2e, macos-e2e, PR review advisor, CodeQL, unit-vitest-linux, checks, ShellCheck SARIF, sandbox image builds, and Brev E2E (gpu).
Mergeability: fail — mergeStateStatus=BLOCKED; GraphQL reviewDecision=REVIEW_REQUIRED; REST mergeable_state=blocked for head SHA 1d7e70d.
Review threads: unknown — No review thread state was available. GraphQL reviewThreads.nodes is empty, but CodeRabbit auto-review was paused in the provided issue comment.
Risky code tested: pass — No risky product-code areas detected by path heuristics; changed files are limited to test/e2e/brev-e2e.test.ts and test/e2e/test-gpu-e2e.sh. The harness does exercise sandbox/gateway networking, so optional live GPU validation remains useful.

🔴 Blockers

Hard gates are not satisfied for the head SHA: The PR is not merge-ready because CI is still pending and GitHub reports the merge state as blocked/review-required for the requested head SHA.
- Recommendation: Wait for all required checks to complete successfully for 1d7e70d and resolve the blocked/review-required merge state before considering merge.
- Evidence: Trusted context: ci.status=pending with 12 pending contexts; mergeability.status=fail with mergeStateStatus=BLOCKED. GraphQL: reviewDecision=REVIEW_REQUIRED and mergeStateStatus=BLOCKED for headRefOid 1d7e70d.

🟡 Warnings

Brev GPU setup opens host-service ports to the full Docker default bridge pool (test/e2e/brev-e2e.test.ts:724): The new GPU setup commands allow TCP traffic from 172.16.0.0/12 to the OpenShell gateway port 8080 and Ollama auth proxy port 11435 on Brev GPU CI hosts. This is scoped to single-use E2E infrastructure and not shipped runtime code, but it affects a NemoClaw high-risk sandbox/gateway network boundary during validation.
- Recommendation: Confirm the Brev GPU VM is single-use/single-tenant and that 172.16.0.0/12 is the minimum practical range before the future bridge subnet is known. Prefer narrowing to the actual Docker bridge subnet/interface if feasible, and keep the justification documented with successful live validation evidence.
- Evidence: Diff adds OPENSHELL_GATEWAY_PORT=8080, OLLAMA_AUTH_PROXY_PORT=11435, DOCKER_DEFAULT_BRIDGE_POOL_CIDR="172.16.0.0/12", and UFW allow commands from that CIDR to both ports.
Live Brev GPU validation is not yet demonstrated for the changed path (test/e2e/test-gpu-e2e.sh:514): The PR changes the GPU E2E proof path to use docker exec when the Docker-driver GPU patch marker is active, injects OpenShell proxy environment variables for inference.local, adds retry behavior for sandbox inference, and changes Brev GPU host firewall setup. E2E Advisor marks required E2E as none because the diff is tests-only, but repeated Brev E2E gpu branch runs have failed and the current head rollup still has Brev E2E (gpu) in progress.
- Recommendation: Inspect the failed Brev E2E logs and obtain a passing optional e2e-branch-validation-gpu or gpu-e2e run if maintainers need confidence that the firewall and direct sandbox proof changes fix the intended Brev GPU failure.
- Evidence: Issue comments report failed Brev E2E (gpu) runs 26200876918, 26200972429, 26201069250, 26202661147, 26203693373, 26203899387, 26204881031, 26205822189, and 26206716294. GraphQL rollup for the head SHA shows Brev E2E (gpu) IN_PROGRESS.

🔵 Suggestions

Focused tests validate command/script text but not runtime semantics (test/e2e/brev-e2e.test.ts:1050): The new Vitest coverage asserts that generated command text contains the expected UFW allow rules and that the shell script contains proxy/docker-exec snippets. This is useful regression coverage, but it does not prove command ordering, remote execution behavior, UFW behavior, proxy reachability, or warning fallback behavior on a real Brev GPU VM.
- Recommendation: Consider adding focused assertions for command ordering and fallback warning strings if maintainers want stronger unit-level guardrails, while relying on optional live Brev GPU validation for actual bridge/gateway network behavior.
- Evidence: The new Brev GPU runtime setup tests join gpuDockerRuntimeSetupCommands() and read test/e2e/test-gpu-e2e.sh to check substring containment for UFW rules and Docker proxy exec snippets.

Acceptance coverage

met — prepare Brev GPU branch-validation VMs to allow Docker bridge traffic to the OpenShell gateway port: test/e2e/brev-e2e.test.ts adds OPENSHELL_GATEWAY_PORT=8080 and DOCKER_DEFAULT_BRIDGE_POOL_CIDR="172.16.0.0/12"; gpuDockerRuntimeSetupCommands() adds a UFW allow command from that CIDR to the gateway port.
met — extract the remote GPU runtime setup command list so the firewall rule is covered by a focused test: Remote setup commands are extracted into gpuDockerRuntimeSetupCommands(); prepareGpuDockerRuntime() calls gpuDockerRuntimeSetupCommands().join(" && "); the new Brev GPU runtime setup Vitest asserts the OpenShell and Ollama UFW allow rules are present.
partial — keep the product-side sandbox bridge reachability check fatal for real failures; this only adjusts the Brev GPU CI host setup: Only E2E harness files changed, and product-side sandbox reachability code was not modified. However, no successful live Brev GPU validation is available in the trusted context to prove the intended end-to-end failure mode remains intact.
unknown — Refs Brev GPU E2E fails at OpenShell Docker bridge gateway reachability #3959.: Trusted context has linkedIssues: [] and does not include issue Brev GPU E2E fails at OpenShell Docker bridge gateway reachability #3959 body/comments, so issue-specific clauses could not be extracted literally or mapped beyond the PR body reference.
unknown — npx vitest run test/e2e/brev-e2e.test.ts -t "Brev GPU runtime setup|Brev deploy input validation": This test command is listed in the PR body, but no trusted completed result for this exact command was provided; unit-vitest-linux is queued/pending for the head SHA.
unknown — git diff --check: This command is listed in the PR body, but no trusted completed result was provided in the deterministic context.
missing — Live Brev GPU branch validation should be run on this PR to confirm it gets past [2/8] Starting OpenShell gateway and reaches sandbox GPU proof/inference.: No successful live Brev GPU validation is available for 1d7e70d; GraphQL shows Brev E2E (gpu) in progress and issue comments report failed gpu runs on the branch.
met — Required E2E: None: The E2E Advisor comment states Required E2E: None.
partial — Optional E2E: gpu-e2e, e2e-branch-validation-gpu: The E2E Advisor lists both jobs as optional. Trusted context includes multiple failed Brev E2E gpu comments and no passing optional job for the current head SHA.
missing — ❌ Brev E2E (gpu): FAILED on branch fix/brev-gpu-gateway-reachability — See logs: This is failed validation evidence for the branch, not a passing result. Logs were not inspected in this read-only review.

Security review

pass — 1. Secrets and Credentials: No hardcoded secrets, API keys, passwords, token files, PEMs, or credential JSON are introduced. The diff modifies E2E harness command assembly and GPU test proof logic only.
pass — 2. Input Validation and Data Sanitization: The new shell command interpolation uses local constants for CIDR and ports in TypeScript. In the shell script, proxy host/port values are passed to docker exec as environment arguments rather than evaluated as shell syntax, and curl command data is quoted with printf %q. No new request handlers, unsafe deserialization, path traversal, SSRF validation logic, or command construction from untrusted user input is introduced.
pass — 3. Authentication and Authorization: No authentication, authorization, token validation, permissions, or resource ownership logic is changed. The Ollama auth proxy port is referenced for CI-host firewall setup and sandbox inference proof only.
pass — 4. Dependencies and Third-Party Libraries: No dependency manifest is changed. Existing NVIDIA container toolkit installation commands and CUDA image usage are reorganized into a helper rather than adding new product dependencies.
warning — 5. Error Handling and Logging: The UFW allow commands intentionally tolerate failure by emitting warnings instead of failing setup. This may reduce root-cause visibility for firewall setup failures, though later gateway/sandbox checks should still fail if connectivity remains broken.
pass — 6. Cryptography and Data Protection: Not applicable — no cryptographic operations, hashing, encryption, certificate validation, or data-protection behavior is changed.
warning — 7. Configuration and Security Headers: The change intentionally relaxes UFW configuration on Brev GPU CI hosts to allow 172.16.0.0/12 to reach ports 8080 and 11435. This is not shipped runtime configuration, but it affects the OpenShell gateway/Ollama proxy network boundary in CI and should remain narrowly justified.
warning — 8. Security Testing: Focused regression tests verify that UFW rule text and Docker proxy exec snippets are present, but trusted context does not include a passing live Brev GPU run for the head SHA. Multiple failed gpu E2E comments remain for the branch, so real Docker bridge/UFW/gateway behavior is not proven here.
warning — 9. Holistic Security Posture: Product code is unchanged, limiting blast radius, but sandbox/gateway networking is high-risk for NemoClaw. The broad Docker bridge allow range, pending CI, blocked mergeability, and failed optional live GPU validation signals should be resolved or consciously accepted by maintainers.

Test / E2E status

Test depth: unit_sufficient — Trusted context classifies the changes as limited to tests/E2E harness code that cannot directly affect shipped runtime behavior. The added Vitest coverage checks command generation and script proxy/docker-exec guardrails. The targeted behavior is live Brev GPU networking, so optional live validation remains useful for confidence but is not listed as required by the E2E Advisor.
E2E Advisor: ok

✅ What looks good

Codebase drift appears low: both changed files still exist, recent history shows ongoing E2E/Brev/GPU work in these files, and trusted context reports no open PR overlaps.
The helper extraction makes the Brev GPU runtime setup command list directly testable and reduces inline prepareGpuDockerRuntime complexity.
The new regression tests should catch accidental removal of Docker bridge allow rules for the OpenShell gateway/Ollama auth proxy ports and the Docker proxy exec path.
The diff does not modify shipped sandbox lifecycle, credential, policy, installer, Dockerfile, or workflow trusted-code-boundary files.
test-gpu-e2e.sh continues to require an actual OpenShell-managed Docker container before using docker exec, preserving a concrete sandbox inference proof path rather than only host-side inference.
The sandbox inference retry loop improves resilience against transient model/proxy startup timing without bypassing the final failure condition.

Review completeness

Review used read-only repository/diff inspection and deterministic PR context; no PR scripts, package-manager commands, or live E2E jobs were executed by this review.
Linked issue Brev GPU E2E fails at OpenShell Docker bridge gateway reachability #3959 body/comments were not available in the deterministic context, so issue-specific clauses could not be extracted literally beyond the PR body reference.
CI is still pending and mergeability is blocked for the requested head SHA; final gate status may change after checks complete.
Review thread state is unknown despite empty GraphQL reviewThreads.nodes; CodeRabbit auto-review was paused in the provided issue comment.
Brev E2E failure comments were available, but logs were not inspected, so the exact failure cause is unknown.
The behavioral safety and effectiveness of the UFW rules cannot be fully proven without a successful live Brev GPU VM run.
Human maintainer review required: yes

coderabbitai

🧹 Nitpick comments (1)

test/e2e/brev-e2e.test.ts (1)

1057-1061: ⚡ Quick win

Bind the || true check to the UFW rule assertion.

The standalone expect(setup).toContain("|| true") can pass if any unrelated command includes that token. Assert the full UFW rule line with its tolerant suffix to avoid false positives.

Proposed test tightening

-    expect(setup).toContain(
-      `ufw allow from ${DOCKER_BRIDGE_CIDR} to any port ${OPENSHELL_GATEWAY_PORT} proto tcp`,
-    );
-    expect(setup).toContain("|| true");
+    expect(setup).toContain(
+      `ufw allow from ${DOCKER_BRIDGE_CIDR} to any port ${OPENSHELL_GATEWAY_PORT} proto tcp >/dev/null || true`,
+    );

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/e2e/brev-e2e.test.ts` around lines 1057 - 1061, The test currently
asserts expect(setup).toContain(...) for the UFW rule and separately
expect(setup).toContain("|| true"), which can yield false positives; update the
assertion so the UFW rule expectation includes the tolerant suffix by checking
for the full combined string `ufw allow from ${DOCKER_BRIDGE_CIDR} to any port
${OPENSHELL_GATEWAY_PORT} proto tcp || true` (i.e. modify the expect that
references setup, DOCKER_BRIDGE_CIDR and OPENSHELL_GATEWAY_PORT to include the
trailing "|| true" in the same toContain call).

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@test/e2e/brev-e2e.test.ts`:
- Around line 1057-1061: The test currently asserts expect(setup).toContain(...)
for the UFW rule and separately expect(setup).toContain("|| true"), which can
yield false positives; update the assertion so the UFW rule expectation includes
the tolerant suffix by checking for the full combined string `ufw allow from
${DOCKER_BRIDGE_CIDR} to any port ${OPENSHELL_GATEWAY_PORT} proto tcp || true`
(i.e. modify the expect that references setup, DOCKER_BRIDGE_CIDR and
OPENSHELL_GATEWAY_PORT to include the trailing "|| true" in the same toContain
call).

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: faffbc97-2373-4796-8f64-727cb2271e37

📥 Commits

Reviewing files that changed from the base of the PR and between 740aaf1 and df4dc12.

📒 Files selected for processing (1)

test/e2e/brev-e2e.test.ts

github-actions · 2026-05-21T01:59:44Z