fix(e2e): repair release blocker regressions#7077
Conversation
Signed-off-by: Charan Jagwani <cjagwani@nvidia.com>
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (3)
📝 WalkthroughWalkthroughChangesHermes and E2E contract updates
Estimated code review effort: 3 (Moderate) | ~25 minutes Sequence Diagram(s)sequenceDiagram
participant prepareExactMainMcpProof
participant onboardAgent
participant buildMcpBridgeOnboardEnv
participant hostNemoclaw
prepareExactMainMcpProof->>onboardAgent: envOverlay
onboardAgent->>buildMcpBridgeOnboardEnv: onboarding options and envOverlay
buildMcpBridgeOnboardEnv->>onboardAgent: merged ProcessEnv
onboardAgent->>hostNemoclaw: onboard with merged environment
Possibly related PRs
Suggested labels: Suggested reviewers: 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
Code Coverage OverviewLanguages: TypeScript TypeScript / code-coverage/pluginThe overall coverage remains at 96%, unchanged from the branch. Updated |
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
test/e2e/support/mcp-bridge-sandbox.test.ts (1)
307-310: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winTest the runtime contract instead of source text.
Reading files and asserting literal snippets does not prove that
envOverlayreacheshost.nemoclaw; it also creates failures from harmless formatting or refactoring. ExerciseonboardAgentwith a sentinel overlay and assert the observable environment passed to the host, keeping source-shape checks only in dedicated source-contract tests.As per path instructions, tests should prioritize behavioral confidence over implementation lock-in.
Also applies to: 322-323
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@test/e2e/support/mcp-bridge-sandbox.test.ts` around lines 307 - 310, Replace the source-text assertions around exactMainProofSource with a behavioral test of onboardAgent: provide a sentinel envOverlay, run the onboarding flow, and capture the environment passed to host.nemoclaw, then assert the sentinel reaches it. Remove the corresponding literal source checks while preserving any dedicated source-contract coverage.Source: Path instructions
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@test/e2e/live/mcp-bridge.test.ts`:
- Line 141: The environment merge in the MCP bridge test must preserve approved
envOverlay overrides without allowing protected COMPATIBLE_* or NEMOCLAW_*
values to replace fixed defaults. Update the options.envOverlay handling to
filter or reject collisions with those protected keys, merge permitted overlay
values after the defaults, and add a regression test covering an exact-main
protected-key collision.
---
Nitpick comments:
In `@test/e2e/support/mcp-bridge-sandbox.test.ts`:
- Around line 307-310: Replace the source-text assertions around
exactMainProofSource with a behavioral test of onboardAgent: provide a sentinel
envOverlay, run the onboarding flow, and capture the environment passed to
host.nemoclaw, then assert the sentinel reaches it. Remove the corresponding
literal source checks while preserving any dedicated source-contract coverage.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 770e475f-cc4d-42d9-b8cb-c0ed54d23159
📒 Files selected for processing (8)
agents/hermes/Dockerfileci/source-shape-test-budget.jsontest/e2e/live/issue-6194-tui-expect.tstest/e2e/live/mcp-bridge.test.tstest/e2e/live/openshell-exact-main-mcp-proof.tstest/e2e/support/issue-6194-tui-post-idle-contract.test.tstest/e2e/support/mcp-bridge-sandbox.test.tstest/hermes-final-image-layout.test.ts
PR Review Advisor — InformationalAdvisor assessment: Informational / high confidence Model lanes
Nemotron output stays in workflow artifacts and does not change the assessment above. E2E guidanceAdvisory only. E2E / PR Gate selects and runs jobs independently. Recommended E2E: This automated review informs maintainers. Warnings and suggestions do not require a response. A maintainer decides whether to merge. |
Signed-off-by: Charan Jagwani <cjagwani@nvidia.com>
Signed-off-by: Charan Jagwani <cjagwani@nvidia.com>
<!-- markdownlint-disable MD041 --> ## Summary Follow up #7077 and #7028 by completing direct historical gateway upgrades. After a strict backup, the installer now retires a running gateway whenever its installed OpenShell is outside the prepared current release's supported range, preventing the new CLI from encountering the old gateway schema during recovery. ## Changes - Replace the setup-only conditional with an equivalent boolean invariant assertion. - Preserve the requirement that the `v0.0.55` fixture records the original OpenShell directory before hiding it from `PATH`. - Pin the `v0.0.74` registry contract to both `nemoclawVersion: "0.0.74"` and `fromDockerfile: null`, as proven by selective live E2E artifacts. - Keep earlier historical fixtures pinned to absent registry metadata. - Resolve the current OpenShell min/max range from the prepared current source after backup. - Retire the selected gateway only when the installed OpenShell falls below or above that range; keep a supported gateway running. - Fail closed after backup and before gateway retirement when the supported range is missing, malformed, or inverted. - Document the expanded gateway-retirement boundary in the quickstart, command reference, and sandbox-update guide. ## Type of Change - [ ] Code change (feature, bug fix, or refactor) - [x] Code change with doc updates - [ ] Doc only (prose changes, no code sample modifications) - [ ] Doc only (includes code sample changes) ## Quality Gates - [x] Tests added or updated for changed behavior - [ ] Existing tests cover changed behavior — justification: - [ ] Tests not applicable — justification: - [x] Docs updated for user-facing behavior changes - [ ] Docs not applicable — justification: - [x] Sensitive paths changed (security, policy, credentials, preflight, onboarding, inference, runner, sandbox, or messaging) - [x] Sensitive-path review completed or maintainer-approved waiver recorded — reviewer/approval link/justification: #7028's maintainer approval established the strict-backup and managed-image recovery boundary for #6114. This follow-up retains those guards, scopes retirement to the selected gateway only after backup, preserves supported gateways, and fails closed on invalid range data. - [ ] Non-success, skipped, or missing CI check accepted by maintainer — check name, approval link, and follow-up issue: ## Verification - [x] PR description includes a `Signed-off-by:` line and every commit appears as `Verified` in GitHub - [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or `npm run check:diff` passed when hooks were skipped or unavailable - [x] Targeted behavior tests pass for the current change set, or tests are marked not applicable above — installer recovery integration tests (38 passed), gateway support tests (5 passed), and final focused installer test after hook formatting (26 passed) - [ ] Applicable broad gate passed — `npm test` for broad runtime/test-harness changes; `npm run check` for repo-wide validation/coverage changes — command/result: - [x] Quality Gates section completed with required justifications or waivers - [x] No secrets, API keys, or credentials committed - [ ] `npm run docs` builds without warnings (doc changes only) — passed with 0 errors; Fern reported the existing unauthenticated-redirect and accent-contrast warnings - [x] Doc pages follow the [style guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md) (doc changes only) - [ ] New doc pages include SPDX header and frontmatter (new pages only) --- Signed-off-by: Charan Jagwani <cjagwani@nvidia.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Tests** * Improved end-to-end coverage for OpenShell gateway upgrades by verifying structured legacy registry metadata (instead of only version values). * Expanded upgrade prompt/preinstall guard scenarios to confirm “keep vs retire” based on the blueprint-supported OpenShell version window, including invalid/unknown ranges and safer legacy gateway stop behavior. * **Documentation** * Updated the quickstart, sandbox update guide, and command reference to reflect conditional gateway retirement/retention and fail-closed behavior. * **Chores** * Refined the installer’s gateway retirement logic to rely on the blueprint-defined compatibility range, with a Linux-only PID-validated fallback to stop the legacy gateway process. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Signed-off-by: Charan Jagwani <cjagwani@nvidia.com>
Summary
Fixes three persistent failures reproduced by the v0.0.85 release E2E sweep: the Hermes validator image digest was stale, the Deep Agents MCP exact-main onboarding dropped its candidate binary overrides, and the OpenShell TUI approval proof waited for a terminal label that is rendered as non-contiguous diffs.
Changes
Filesystem Accessdetail heading in the OpenShell TUI proof while retaining the exact sandbox-name assertion.Type of Change
Quality Gates
Verification
Signed-off-by:line and every commit appears asVerifiedin GitHubpre-commit,commit-msg, andpre-pushhooks passed, ornpm run check:diffpassed when hooks were skipped or unavailablenpx vitest run --project integration test/hermes-final-image-layout.test.ts(7/7);npx vitest run --project e2e-support test/e2e/support/mcp-bridge-sandbox.test.ts(14/14);npx vitest run --project e2e-support test/e2e/support/issue-6194-tui-post-idle-contract.test.ts(11/11);npm run test:changed;npm run source-shape:checknpm testfor broad runtime/test-harness changes;npm run checkfor repo-wide validation/coverage changes — command/result:npm run docsbuilds without warnings (doc changes only)Release E2E reproduction evidence:
Signed-off-by: Charan Jagwani cjagwani@nvidia.com
Summary by CodeRabbit
Security
Reliability
Tests