fix(onboard): suppress 'No active forward found' from best-effort forward stop

[laitingsheng]

Summary

Onboard prints a stray ! No active forward found for port 18789 warning between the ✓ Dashboard is live and ✓ Sandbox '...' created lines on a clean first run. Route the dozen unconditional openshell forward stop cleanup calls through a single quiet-stop helper so unsolicited chatter from a stop with no active forward is hidden, while real failures still surface from the following forward start.

Related Issue

Fixes #3971

Changes

• src/lib/onboard/forward-cleanup.ts (new): exports bestEffortForwardStop(runOpenshell, port) — wraps runOpenshell(["forward", "stop", port], { ignoreError: true, suppressOutput: true }). Lives under the onboard sub-module dir so the entrypoint-budget check stays net-neutral on src/lib/onboard.ts.
• src/lib/onboard.ts: import the helper and route all 12 best-effort cleanup call sites through it (was the unconditional stop between Dashboard is live and Sandbox created lines).
• src/lib/actions/sandbox/process-recovery.ts: same noise class on the sandbox-recovery forward stop path — pass stdio: "ignore" so the ! No active forward found warning does not surface through nemoclaw <name> connect recovery either.
• test/onboard-forward-stop-quiet.test.ts: regression test — imports the helper directly with a callback runner stub and asserts the args, ignoreError: true, and suppressOutput: true are passed through. Plus port-coercion assertion for numeric and string inputs.

Type of Change

• Code change (feature, bug fix, or refactor)
• Code change with doc updates
• Doc only (prose changes, no code sample modifications)
• Doc only (includes code sample changes)

Verification

• npx prek run --all-files passes
• npm test passes
• Tests added or updated for new or changed behavior
• No secrets, API keys, or credentials committed
• Docs updated for user-facing behavior changes
• make docs builds without warnings (doc changes only)
• Doc pages follow the style guide (doc changes only)
• New doc pages include SPDX header and frontmatter (new pages only)

---

Signed-off-by: Tinson Lai tinsonl@nvidia.com

Summary by CodeRabbit

• Refactor

  • Consolidated port-forward shutdown logic into a single helper and applied it across onboarding, gateway reuse, and dashboard startup flows for more consistent behavior.

• Bug Fix

  • Suppress and ignore stop-command output during recovery to prevent noisy or confusing terminal output.

• Tests

  • Added unit tests verifying port-stop calls, argument coercion, and quiet/error-suppressed execution.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a new helper bestEffortForwardStop that calls a provided runner to stop an OpenShell forward with ignoreError and suppressOutput, replaces direct forward-stop calls across onboarding cleanup and forward-management paths to use the helper, and adds unit tests verifying invocation and port coercion.

Changes

Dashboard Forward Stop Consolidation

Layer / File(s)	Summary
Helper definition and types src/lib/onboard/forward-cleanup.ts	Adds ForwardStopRunner type and bestEffortForwardStop(runOpenshell, port) which calls the runner with ["forward","stop", "<port>"] and forces { ignoreError: true, suppressOutput: true }.
Helper adoption across onboarding flows src/lib/onboard.ts, src/lib/actions/sandbox/process-recovery.ts	Replaces direct openshell forward stop invocations with bestEffortForwardStop(runOpenshell, port) in recorded sandbox repair, legacy gateway retirement, multiple preflight cleanup branches, stopAllDashboardForwards(), ensureDashboardForward() preferred/stale-forward handling (including background retry release), main onboarding gateway reuse validation branches, and sanitizes sandbox forward-stop stdio during sandbox port-forward recovery.
Unit tests validating invocation & coercion test/onboard-forward-stop-quiet.test.ts	Adds Vitest tests that require the built dist/lib/onboard/forward-cleanup module, stub a runner to capture calls, assert a single ["forward","stop","<port>"] invocation with ignoreError and suppressOutput true, and verify numeric and string port inputs produce string argv elements.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• NVIDIA/NemoClaw#3313: Overlaps changes to src/lib/onboard.ts's dashboard-forward lifecycle and forward-start rollback behaviour.
• NVIDIA/NemoClaw#3622: Also modifies ensureDashboardForward port-conflict/rollback handling in the same onboarding codepaths.

Suggested labels

NemoClaw CLI, fix, Sandbox

Suggested reviewers

• cv
• ericksoa
• jyaunches

Poem

🐰 I tiptoe in code, so quiet and neat,
I hush the loud forwards with one gentle beat.
Ports now sleep softly, no warnings to crop,
The dashboard can bloom — shh, don't wake the swap! 🎀

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 30.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and concisely describes the main change: suppressing the 'No active forward found' warning from best-effort forward stop operations during onboarding.
Linked Issues check	✅ Passed	The PR addresses issue #3971 by adding bestEffortForwardStop helper with suppressed output and applying it across ~12 cleanup call sites, preventing the spurious 'No active forward found' warning while preserving port-forward functionality.
Out of Scope Changes check	✅ Passed	All changes are directly related to fixing issue #3971: the new forward-cleanup module, its integration into onboard.ts, sandbox recovery, and regression tests are all scoped to suppressing noisy forward-stop warnings.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/onboard-noisy-forward-stop-3971

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

E2E Advisor Recommendation

Required E2E: double-onboard-e2e, sandbox-operations-e2e, onboard-repair-e2e
Optional E2E: onboard-resume-e2e, sandbox-survival-e2e, tunnel-lifecycle-e2e

Dispatch hint: double-onboard-e2e,sandbox-operations-e2e,onboard-repair-e2e

Auto-dispatched E2E: double-onboard-e2e, sandbox-operations-e2e, onboard-repair-e2e via nightly-e2e.yaml at 624f236ca9c2cc2719b487b32d996845cbb4d6c2 — nightly run

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

• double-onboard-e2e (high): Directly exercises repeated onboarding, healthy gateway reuse, dashboard port conflict avoidance, multi-sandbox dashboard port allocation, stopping a dashboard forward, and probe-only connect recovery of the recorded forward. This is the closest existing E2E for the changed ensureDashboardForward and best-effort forward-stop paths.
• sandbox-operations-e2e (high): Covers sandbox status/connect/logs plus process recovery after killing the in-sandbox OpenClaw gateway and gateway auto-recovery. This validates the changed process-recovery.ts forward re-establishment path in a real sandbox.
• onboard-repair-e2e (medium): Exercises resume repair and missing recorded sandbox recreation, which uses the changed repairRecordedSandbox cleanup path now routed through bestEffortForwardStop.

Optional E2E

• onboard-resume-e2e (medium): Useful adjacent coverage for interrupted onboard and resume output/flow, but the direct repair cleanup path is better covered by onboard-repair-e2e.
• sandbox-survival-e2e (medium): Validates sandbox survival across gateway restart and post-restart status/connect/inference. It is adjacent to the process-recovery change, but sandbox-operations-e2e provides more targeted process/forward recovery coverage.
• tunnel-lifecycle-e2e (medium): Checks local dashboard readiness before tunneling and can catch dashboard forward regressions, but it does not specifically exercise the changed quiet cleanup/recovery paths.

New E2E recommendations

• quiet dashboard forward cleanup (medium): Existing E2E tests validate forward recovery and re-onboard behavior, but none appears to assert that benign openshell forward stop misses such as No active forward found stay out of user-visible onboard/connect output.
  • Suggested test: Add an E2E assertion to an existing dashboard-forward lifecycle flow that forces a missing/stale forward before onboard or connect recovery and fails if the user-visible log contains benign forward-stop warnings.

Dispatch hint

• Workflow: nightly-e2e.yaml
• jobs input: double-onboard-e2e,sandbox-operations-e2e,onboard-repair-e2e

[github-actions]

PR Review Advisor

Recommendation: blocked
Confidence: high
Analyzed HEAD: 624f236ca9c2cc2719b487b32d996845cbb4d6c2
Findings: 2 blocker(s), 3 warning(s), 0 suggestion(s)

This is an automated advisory review. A human maintainer must make the final merge decision.

Limitations: This advisory review used the provided deterministic context and diff; it did not execute tests, package-manager commands, PR scripts, or E2E workflows.; The E2E pass evidence in issue comments targets 30ae093, not the requested head SHA 624f236.; Several CI contexts were still IN_PROGRESS/QUEUED/PENDING in the trusted status rollup for the current head SHA.; Issue #3971 has no comments; acceptance mapping is based on the issue body only.; PR-provided title/body/checklist claims were treated as untrusted evidence only.

Workflow run

Full advisor summary

PR Review Advisor

Base: origin/main
Head: HEAD
Analyzed SHA: 624f236ca9c2cc2719b487b32d996845cbb4d6c2
Recommendation: blocked
Confidence: high

The helper extraction is small and aligned with #3971, but merge is blocked by pending CI/blocked merge state and required E2E evidence is not available for the current head SHA.

Gate status

• CI: pending — Current GraphQL statusCheckRollup for head 624f236 shows multiple IN_PROGRESS/QUEUED/PENDING contexts including cli-parity, E2E recommendation, wsl-e2e, macos-e2e, CodeQL, checks, unit-vitest-linux, build-sandbox-images, build-sandbox-images-arm64, ShellCheck SARIF, PR review advisor, and CodeRabbit.
• Mergeability: fail — mergeStateStatus=BLOCKED for PR fix(onboard): suppress 'No active forward found' from best-effort forward stop #3997 at headRefOid 624f236; reviewDecision=REVIEW_REQUIRED.
• Review threads: pass — GraphQL reports 1 review thread and it is resolved; CodeRabbit comment says the prior onboard-entrypoint-budget issue was addressed in commit 624f236.
• Risky code tested: warning — Risky area detected: onboarding/host glue. A focused unit test was added for the new forward-stop helper, but runtime/sandbox lifecycle paths require E2E confirmation for the current head SHA.

🔴 Blockers

• Current head SHA still has pending CI and blocked merge state: The PR cannot be considered ready while required status contexts are still running/queued/pending and GitHub reports the merge state as blocked for the requested head SHA.
  • Recommendation: Wait for all required CI contexts to complete successfully for 624f236 and resolve the blocked merge state before merge consideration.
  • Evidence: GraphQL statusCheckRollup includes many non-completed contexts for headRefOid 624f236; mergeStateStatus=BLOCKED.
• Required E2E jobs passed only for an older SHA, not the current head (src/lib/onboard.ts:550): The change touches onboarding/host glue and OpenShell forward cleanup. The E2E Advisor requires onboard-repair-e2e and double-onboard-e2e, but the provided selective E2E pass report targets 30ae093, while this review is for 624f236.
  • Recommendation: Confirm the E2E Advisor-required jobs pass for the current head SHA 624f236.
  • Evidence: E2E Advisor required onboard-repair-e2e and double-onboard-e2e. Selective E2E Results show target ref 30ae093, not 624f236; current statusCheckRollup shows E2E recommendation, wsl-e2e, and macos-e2e IN_PROGRESS.

🟡 Warnings

• High overlap risk in the onboard monolith (src/lib/onboard.ts:1): The PR patches code that still exists, but src/lib/onboard.ts is a large and heavily active file with many open overlapping PRs. This increases rebase/conflict and behavior-drift risk for onboarding lifecycle logic.
  • Recommendation: Rebase close to merge time and coordinate with active onboard refactor/fix PRs; keep the extracted helper in the smaller submodule as done here rather than adding more logic to onboard.ts.
  • Evidence: openPrOverlaps lists many active PRs touching src/lib/onboard.ts, including feat(cli): add resource profiles to nemoclaw onboard and nemoclaw resources command #3348, fix(onboard): early-validate NEMOCLAW_POLICY_TIER before preflight (#3741) #3788, fix(onboard): reject host.docker.internal inference URLs #3804, refactor(cli): route onboard step boundaries through runtime #3864, refactor(cli): extract onboard preflight handler #3868-refactor(cli): extract onboard finalization handler #3876, refactor(cli): reduce onboard shell implementation #3919, fix(onboard): reject Jetson sandbox GPU passthrough #3965, fix(onboard): make step 3 banner provider-agnostic #3966, and fix(onboard): detect Windows-host Ollama via process probe #3969. monolithDeltas show onboard.ts remains at 10305 lines with net-zero delta after extraction.
• Best-effort cleanup now suppresses all forward-stop diagnostics (src/lib/onboard/forward-cleanup.ts:9): The new helper intentionally suppresses output from OpenShell forward stop calls. This fixes the reported benign warning, and callers already ignored errors, but it can also hide unexpected cleanup diagnostics in lifecycle paths until a later forward-start or health check fails.
  • Recommendation: Accept only with current-head runtime/E2E confirmation that dashboard forward cleanup and restart paths still surface actionable failures, especially around clean onboard, repair, and repeated onboard flows.
  • Evidence: bestEffortForwardStop calls runOpenshell(["forward", "stop", String(port)], { ignoreError: true, suppressOutput: true }); migrated cleanup sites in repairRecordedSandbox, retireLegacyGatewayForDockerDriverUpgrade, preflight cleanup, stopAllDashboardForwards, and ensureDashboardForward.
• Unit test verifies helper contract but not integrated onboard output (test/onboard-forward-stop-quiet.test.ts:16): The added test validates the extracted helper passes ignoreError and suppressOutput and stringifies ports, but it does not execute nemoclaw onboard, OpenShell, WSL2, dashboard reachability, or all migrated call paths.
  • Recommendation: Keep the unit test, but require the E2E Advisor-selected runtime jobs for the current SHA; consider adding a lightweight E2E log assertion that no 'No active forward found' line appears during the affected onboard/repair path.
  • Evidence: The test imports dist/lib/onboard/forward-cleanup, uses a stub runner, and asserts args/options. It does not invoke src/lib/onboard.ts end-to-end or a real openshell forward stop.

🔵 Suggestions

• None.

Acceptance coverage

• partial — During nemoclaw onboard on WSL2, after the sandbox container is created and the dashboard is confirmed live, the onboard output prints a warning: ! No active forward found for port 18789.: Diff routes many best-effort forward-stop calls through bestEffortForwardStop with suppressOutput:true, and the test asserts the helper sets suppressOutput. No current-head WSL2 onboard output is complete.
• partial — Onboarding completes successfully despite the warning, but the port forward state is unclear and may affect external dashboard access.: The helper suppresses noisy cleanup output without changing forward start logic. E2E required jobs passed only for older SHA 30ae093, so current-head dashboard access remains unproven.
• unknown — Device: Windows PC (x86_64) + WSL2 Ubuntu 24.04.4 LTS: No trusted completed WSL2 Ubuntu 24.04.4 run is available for head SHA 624f236.
• unknown — OS: Ubuntu 24.04.4 LTS (Noble Numbat), WSL2: Current statusCheckRollup shows wsl-e2e IN_PROGRESS; no completed result for this SHA is provided.
• unknown — Architecture: x86_64: The unit test is architecture-agnostic and no trusted x86_64 WSL2 runtime result is complete for this SHA.
• unknown — Node.js: v22.22.2: PR body claims verification are untrusted; current unit-vitest-linux is IN_PROGRESS in trusted status data.
• unknown — npm: 10.9.7: No completed trusted npm/test result for the current head SHA is provided.
• unknown — Docker: Docker version 29.4.3, build 055a478 (docker-ce): No Docker-backed onboard run result is complete for the current head SHA.
• partial — OpenShell CLI: openshell 0.0.39: The helper contract matches an OpenShell forward stop call, but tests stub the runner and do not execute openshell 0.0.39.
• unknown — NemoClaw: v0.0.47: The PR changes source/tests on HEAD; no trusted reproduction against released v0.0.47 is included.
• unknown — OpenClaw: 2026.4.24: No OpenClaw runtime execution is shown for current head SHA.
• unknown — 1. Install NemoClaw v0.0.47 on WSL2 Ubuntu 24.04:: No trusted install-on-WSL2 run is complete for the current head SHA.
• unknown — 2. Run onboard:: The new test calls bestEffortForwardStop directly with a stub runner; it does not run nemoclaw onboard --no-gpu.
• unknown — 3. Complete all 8 onboard steps (inference, messaging, sandbox build, policy).: No current-head end-to-end onboarding run has completed in the provided trusted status.
• partial — 4. Observe terminal output after sandbox creation in step [6/8].: The helper-level regression verifies suppressOutput option use, but does not observe real step [6/8] terminal output.
• partial — No port forward warnings printed during onboard.: The helper sets suppressOutput:true and migrated call sites use it, but no full onboard log assertion exists for the current head.
• unknown — Dashboard port 18789 is accessible after onboarding completes.: No current-head E2E/dashboard accessibility evidence is complete.
• partial — ✓ Dashboard is live
  ! No active forward found for port 18789
  ✓ Sandbox 'my-assistant' created: The code suppresses output on best-effort forward-stop calls likely responsible for this line, but the surrounding real onboard sequence is not reproduced by the unit test.
• unknown — Not captured.: Issue [WSL2][Onboard] nemoclaw onboard prints "No active forward found for port 18789" after sandbox creation #3971 has no comments and no additional logs were provided.

Security review

• pass — 1. Secrets and Credentials: No hardcoded secrets, API keys, passwords, tokens, PEM files, credential JSON, or .env files are introduced. The change only adjusts OpenShell forward-stop invocation and adds a unit test stub.
• pass — 2. Input Validation and Data Sanitization: The helper converts the port to String and passes it as an argv element, not through shell-string execution. No new URL/header/file/deserialization handling is introduced.
• pass — 3. Authentication and Authorization: No endpoints, auth checks, token validation, scopes, authorization decisions, or dashboard credential handling are modified.
• pass — 4. Dependencies and Third-Party Libraries: No new dependencies are added. The test uses existing Vitest and Node built-ins.
• warning — 5. Error Handling and Logging: The change intentionally suppresses all output from best-effort openshell forward stop calls. This removes expected benign noise but may hide unexpected stop diagnostics in cleanup paths that already ignore errors; later forward-start failures should still surface, but current-head E2E is needed.
• pass — 6. Cryptography and Data Protection: Not applicable — no cryptographic operations, hashing, key handling, encryption, or data-protection logic is changed.
• pass — 7. Configuration and Security Headers: No Dockerfile, workflow, HTTP header, CSP/CORS, port exposure, container privilege, or security configuration change is introduced.
• warning — 8. Security Testing: A focused unit test covers the helper contract, but no current-head runtime/security E2E evidence is complete for onboarding/host glue and sandbox lifecycle behavior.
• warning — 9. Holistic Security Posture: No direct sandbox escape, SSRF bypass, credential leakage, blueprint tampering, installer trust, or workflow trusted-code-boundary issue is evident. However, the diff touches sandbox/onboarding lifecycle cleanup in a highly active monolith and current-head CI/E2E gates are incomplete.

Test / E2E status

• Test depth: e2e_required — Runtime/sandbox/infrastructure paths are affected: src/lib/actions/sandbox/process-recovery.ts changes forward-stop output handling, and src/lib/onboard.ts routes multiple onboarding cleanup paths through a new helper. The unit test is useful but cannot prove WSL/OpenShell/dashboard lifecycle behavior.
• E2E Advisor: missing
• Required E2E jobs: onboard-repair-e2e, double-onboard-e2e
• Missing for analyzed SHA: onboard-repair-e2e, double-onboard-e2e

✅ What looks good

• The patch reduces onboard.ts growth by extracting the helper to src/lib/onboard/forward-cleanup.ts, satisfying the entrypoint budget according to the current completed onboard-entrypoint-budget SUCCESS context.
• The helper uses argv-based command invocation rather than shell-string execution.
• The new unit test directly verifies ignoreError:true, suppressOutput:true, and port stringification for the helper.
• No secrets, dependency additions, Dockerfile changes, workflow changes, or credential-handling changes are present in the diff.
• The previous CodeRabbit review thread is resolved and marked addressed in commit 624f236.

Review completeness

• This advisory review used the provided deterministic context and diff; it did not execute tests, package-manager commands, PR scripts, or E2E workflows.
• The E2E pass evidence in issue comments targets 30ae093, not the requested head SHA 624f236.
• Several CI contexts were still IN_PROGRESS/QUEUED/PENDING in the trusted status rollup for the current head SHA.
• Issue [WSL2][Onboard] nemoclaw onboard prints "No active forward found for port 18789" after sandbox creation #3971 has no comments; acceptance mapping is based on the issue body only.
• PR-provided title/body/checklist claims were treated as untrusted evidence only.
• Human maintainer review required: yes

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

src/lib/onboard.ts (1)

8561-8566: Run the onboarding E2E matrix for this core-flow change.

Since this touches core onboarding cleanup behavior, I recommend running the listed onboarding-focused nightly jobs (at least cloud-e2e, sandbox-operations-e2e, rebuild-openclaw-e2e, and channels-stop-start-e2e) before merge.

As per coding guidelines, "src/lib/onboard.ts: This file contains core onboarding logic. Changes here affect the full sandbox creation and configuration flow." and the provided E2E test recommendation list.

Also applies to: 8571-8573

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/onboard.ts` around lines 8561 - 8566, This change modifies core
onboarding cleanup behavior in src/lib/onboard.ts (notably the
bestEffortForwardStop function and the nearby cleanup calls around lines
~8571-8573), so before merging run the onboarding-focused E2E matrix: at minimum
execute cloud-e2e, sandbox-operations-e2e, rebuild-openclaw-e2e, and
channels-stop-start-e2e to validate sandbox creation/cleanup and port-forward
teardown; if any failures occur, capture logs from
bestEffortForwardStop/runOpenshell invocations and iterate until the cleanup
flow is stable across these jobs.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/lib/onboard.ts`:
- Around line 8561-8566: The new helper function bestEffortForwardStop increases
onboard.ts size and breaks the file-size budget; either remove or compress this
change or update the budget policy in the same PR: either delete or inline the
logic where bestEffortForwardStop is used (replace calls with
runOpenshell([...], {ignoreError:true, suppressOutput:true} ) to avoid adding
lines) or add a corresponding adjustment to the size/budget policy configuration
in this PR so CI accepts the net growth.

---

Nitpick comments:
In `@src/lib/onboard.ts`:
- Around line 8561-8566: This change modifies core onboarding cleanup behavior
in src/lib/onboard.ts (notably the bestEffortForwardStop function and the nearby
cleanup calls around lines ~8571-8573), so before merging run the
onboarding-focused E2E matrix: at minimum execute cloud-e2e,
sandbox-operations-e2e, rebuild-openclaw-e2e, and channels-stop-start-e2e to
validate sandbox creation/cleanup and port-forward teardown; if any failures
occur, capture logs from bestEffortForwardStop/runOpenshell invocations and
iterate until the cleanup flow is stable across these jobs.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 1d9e9662-d9e2-45a6-8e9e-69cb0da35de8

📥 Commits

Reviewing files that changed from the base of the PR and between 18c7265 and 30ae093.

📒 Files selected for processing (2)

• src/lib/onboard.ts
• test/onboard-forward-stop-quiet.test.ts

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26220671624
Target ref: 30ae09329011bf3444f533b612fe7a76f31d6681
Workflow ref: main
Requested jobs: onboard-repair-e2e,double-onboard-e2e
Summary: 2 passed, 0 failed, 0 skipped

Job	Result
double-onboard-e2e	✅ success
onboard-repair-e2e	✅ success

[coderabbitai]

🧹 Nitpick comments (1)

src/lib/onboard.ts (1)

3559-3622: Run the onboarding forward-lifecycle E2Es on this helper fan-out.

These replacements now sit on reuse, rollback, and retry cleanup paths inside core onboarding, so I'd validate at least cloud-e2e, sandbox-operations-e2e, and channels-stop-start-e2e before merging.

As per coding guidelines, src/lib/onboard.ts: This file contains core onboarding logic. Changes here affect the full sandbox creation and configuration flow.

Also applies to: 8562-8690, 9441-9480

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/onboard.ts` around lines 3559 - 3622, Run the onboarding
forward-lifecycle E2E suites against the helper fan-out that touches
src/lib/onboard.ts; specifically exercise the reuse/rollback/retry cleanup paths
that call waitForGatewayHttpReady, bestEffortForwardStop,
destroyGatewayForReuse, getGatewayLocalEndpoint, getGatewayClusterImageDrift and
retireLegacyGatewayForDockerDriverUpgrade. Validate at minimum cloud-e2e,
sandbox-operations-e2e, and channels-stop-start-e2e (and the regions covering
the other affected ranges noted: 8562-8690 and 9441-9480) to ensure the
replacements behave correctly during reuse, abort, recreate, and cleanup flows
before merging.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/lib/onboard.ts`:
- Around line 3559-3622: Run the onboarding forward-lifecycle E2E suites against
the helper fan-out that touches src/lib/onboard.ts; specifically exercise the
reuse/rollback/retry cleanup paths that call waitForGatewayHttpReady,
bestEffortForwardStop, destroyGatewayForReuse, getGatewayLocalEndpoint,
getGatewayClusterImageDrift and retireLegacyGatewayForDockerDriverUpgrade.
Validate at minimum cloud-e2e, sandbox-operations-e2e, and
channels-stop-start-e2e (and the regions covering the other affected ranges
noted: 8562-8690 and 9441-9480) to ensure the replacements behave correctly
during reuse, abort, recreate, and cleanup flows before merging.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 8344a758-8a5d-4c50-aed0-2327a4c6349a

📥 Commits

Reviewing files that changed from the base of the PR and between 30ae093 and 624f236.

📒 Files selected for processing (4)

• src/lib/actions/sandbox/process-recovery.ts
• src/lib/onboard.ts
• src/lib/onboard/forward-cleanup.ts
• test/onboard-forward-stop-quiet.test.ts

✅ Files skipped from review due to trivial changes (1)

• src/lib/actions/sandbox/process-recovery.ts

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26224683198
Target ref: 624f236ca9c2cc2719b487b32d996845cbb4d6c2
Workflow ref: main
Requested jobs: double-onboard-e2e,sandbox-operations-e2e,onboard-repair-e2e
Summary: 3 passed, 0 failed, 0 skipped

Job	Result
double-onboard-e2e	✅ success
onboard-repair-e2e	✅ success
sandbox-operations-e2e	✅ success

[ericksoa]

Reviewed for v0.0.49 feature freeze: scoped WSL/onboard forward cleanup bugfix, CodeRabbit finding addressed, checks and selective E2E green.