test(cli): split sandbox connect inference tests

[cv]

Summary

Splits the sandbox connect inference CLI test coverage into focused files with shared helpers so the suite can parallelize more cleanly. While validating the hook path, this also hardens Git- and umask-sensitive tests that were exposed by running the full CLI coverage hook under an actual commit.

Related Issue

Relates to #4892

Changes

• Move route repair scenarios into test/sandbox-connect-inference/route-swap-repair.test.ts and auto-pair approval scenarios into test/sandbox-connect-inference/auto-pair-approval.test.ts.
• Extract reusable sandbox connect fixtures into test/sandbox-connect-inference/helpers.ts and remove the legacy size-budget exception for the old monolithic file.
• Harden permission-mode tests for umask 077, make temp-policy assertions process-local, and scrub inherited GIT_* hook state from git-backed test fixtures/version checks.

Type of Change

• Code change (feature, bug fix, or refactor)
• Code change with doc updates
• Doc only (prose changes, no code sample modifications)
• Doc only (includes code sample changes)

Verification

• npx prek run --all-files passes
• npm test passes
• Tests added or updated for new or changed behavior
• No secrets, API keys, or credentials committed
• Docs updated for user-facing behavior changes
• npm run docs builds without warnings (doc changes only)
• Doc pages follow the style guide (doc changes only)
• New doc pages include SPDX header and frontmatter (new pages only)

---

Signed-off-by: Carlos Villela cvillela@nvidia.com

Summary by CodeRabbit

• New Features

  • Sandbox connect: added device auto-pair approval checks with hardened approval-pass behavior.
  • Sandbox connect: added/clarified inference route handling and related test coverage.

• Improvements

  • Improved Git environment isolation during version/release operations.
  • Consolidated and hardened sandbox/connect test fixtures for more reliable permission and environment handling.
  • Various test cleanups and minor onboarding/wizard refinements to reduce noisy validations.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: f9d07bf5-188e-4a8a-8e7b-aeb539eea6cf

📥 Commits

Reviewing files that changed from the base of the PR and between 759fb93 and bbdfac8.

📒 Files selected for processing (17)

• ci/test-file-size-budget.json
• scripts/find-source-shape-tests.ts
• src/lib/cli/command-display-metadata.test.ts
• src/lib/core/version.test.ts
• src/lib/dashboard-url-command.test.ts
• src/lib/inference/ollama/proxy.ts
• src/lib/inference/onboard-probes.ts
• src/lib/onboard.ts
• test/cli-oclif-compatibility.test.ts
• test/e2e-scenario/framework-tests/e2e-scenario-registry.test.ts
• test/e2e/brev-e2e.test.ts
• test/gateway-state-reconcile-2276.test.ts
• test/nemoclaw-start.test.ts
• test/policies.test.ts
• test/sandbox-connect-inference/helpers.ts
• test/sandbox-provisioning.test.ts
• test/skills-frontmatter.test.ts

💤 Files with no reviewable changes (10)

• test/skills-frontmatter.test.ts
• test/cli-oclif-compatibility.test.ts
• test/e2e/brev-e2e.test.ts
• test/nemoclaw-start.test.ts
• test/gateway-state-reconcile-2276.test.ts
• src/lib/inference/ollama/proxy.ts
• test/sandbox-provisioning.test.ts
• src/lib/cli/command-display-metadata.test.ts
• src/lib/inference/onboard-probes.ts
• scripts/find-source-shape-tests.ts

✅ Files skipped from review due to trivial changes (3)

• src/lib/dashboard-url-command.test.ts
• test/e2e-scenario/framework-tests/e2e-scenario-registry.test.ts
• ci/test-file-size-budget.json

🚧 Files skipped from review as they are similar to previous changes (1)

• test/sandbox-connect-inference/helpers.ts

---

📝 Walkthrough

Walkthrough

This PR sanitizes inherited GIT_* env use in git subprocesses, hardens permission and policy regression tests, adds shared sandbox-connect approval-pass test infrastructure and suite coverage, trims unused onboard/inference wiring, and removes miscellaneous unused test/script helpers and imports.

Changes

Git environment variable sanitization

Layer / File(s)	Summary
Core version resolution git env sanitization src/lib/core/version.ts, src/lib/core/version.test.ts	getVersion() now runs git with a filtered env, and version tests add env-isolation helpers plus a test that validates root-scoped git-env behavior.
Sandbox base image test git harness hardening src/lib/sandbox-base-image.test.ts	Adds an empty hooks directory, introduces buildGitEnv(), and runs git with sanitized env and explicit core.hooksPath.
Release tag test environment sanitization test/release-latest-tag.test.ts	Adds baseEnv() and refactors test env creation to exclude inherited GIT_* values before applying test-specific git config.

Test robustness improvements

Layer / File(s)	Summary
Permission mode helper and test fixes src/lib/state/config-io.test.ts, src/lib/onboard/config-sync.test.ts	Permission-focused tests now set explicit initial modes via chmodSync and writeFileWithMode() before asserting repair/tightening behavior.
Regression test temp directory tracking refactor test/policies.test.ts	The #4224 regression assertion now uses fs.mkdtempSync spying for nemoclaw-policy- prefixes instead of $TMPDIR listing snapshots.
Test file size budget adjustment ci/test-file-size-budget.json	Updates the test/policies.test.ts legacy line budget and removes a trailing sandbox-connect legacy budget entry.

Sandbox connect approval-pass testing

Layer / File(s)	Summary
Sandbox connect test fixtures and helpers test/sandbox-connect-inference/helpers.ts	Adds shared fixture types, sandbox state/stub setup, VM rootfs creation, connect runner, approval script extraction, and approval script execution helpers.
Auto-pair approval-pass test suite test/sandbox-connect-inference/auto-pair-approval.test.ts	Adds four tests covering approval-pass ordering/hardening, request filtering outcomes, malicious PYTHONPATH resistance, and connect continuation after approval-pass execution failure.
Route swap repair test migration test/sandbox-connect-inference/route-swap-repair.test.ts	Refactors route-swap tests to consume shared helper utilities and removes duplicated local harness usage.

Onboard and inference wiring cleanup

Layer / File(s)	Summary
Proxy/probe helper pruning src/lib/inference/ollama/proxy.ts, src/lib/inference/onboard-probes.ts	Removes unused proxy imports/helper and drops shouldForceCompletionsApi from probe validation imports.
Onboard import surface and constants trim src/lib/onboard.ts	Narrowed imports/destructures across runner, inference, Hermes, provider typing, wait helpers, GPU preflight, and local constants/requires.
Onboard helper destructure and flow cleanup src/lib/onboard.ts	Further reduces helper destructuring in CLI/recovery/web-search/probe/provider-recovery paths and removes a resume-path local variable.

Small script and test cleanups

Layer / File(s)	Summary
Source-shape script helper removal scripts/find-source-shape-tests.ts	Deletes two internal scanner helper functions.
Misc test import/helper removals src/lib/cli/command-display-metadata.test.ts, src/lib/dashboard-url-command.test.ts, test/cli-oclif-compatibility.test.ts, test/e2e-scenario/framework-tests/e2e-scenario-registry.test.ts, test/e2e/brev-e2e.test.ts, test/gateway-state-reconcile-2276.test.ts, test/nemoclaw-start.test.ts, test/sandbox-provisioning.test.ts, test/skills-frontmatter.test.ts	Removes unused imports/constants/helpers and includes minor test file tidy updates.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• NVIDIA/NemoClaw#4906: Touches several of the same cleanup and test-stabilization paths, including onboard/inference files and test budget updates.
• NVIDIA/NemoClaw#4788: Related to approval-pass policy behavior that is exercised by the new sandbox-connect approval-pass tests.
• NVIDIA/NemoClaw#4628: Related permission-healing logic in config IO that these updated permission-mode tests validate.

Suggested labels

enhancement: testing, NemoClaw CLI, area: cli, refactor

Suggested reviewers

• prekshivyas
• cjagwani
• ericksoa

🐇 I thumped through tests in moonlit rows,
cleaned stray imports from whiskers to toes.
Git winds were filtered, neat and mild,
approval checks marched tidy and styled,
and carrots of green CI quietly rose.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 6.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title clearly summarizes the main change: splitting sandbox connect inference tests into separate, focused test files for better parallelization and maintainability.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/sandbox-connect-inference-split

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

E2E Advisor Recommendation

Required E2E: None
Optional E2E: issue-4462-scope-upgrade-approval-e2e, openclaw-inference-switch-e2e

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: medium

Required E2E

• None. No required E2E is recommended: the only runtime source change is narrowly limited to version resolution Git environment sanitization and is covered by unit tests; all other touched files are tests or CI budget metadata. Optional live checks are listed for adjacent approval and inference-routing confidence only.

Optional E2E

• issue-4462-scope-upgrade-approval-e2e (high): Optional live confidence for OpenClaw device/scope approval behavior because the PR adds focused sandbox connect auto-pair approval coverage, but no approval runtime source changed in the shown diff.
• openclaw-inference-switch-e2e (high): Optional live sandbox check for OpenClaw inference route switching/repair adjacent to the renamed sandbox-connect-inference route-swap tests; not merge-blocking because the diff is test-only for inference routing.

New E2E recommendations

• version-resolution (low): Existing E2E coverage does not appear to assert that an installed or source-checkout NemoClaw CLI reports the correct version when inherited GIT_DIR/GIT_WORK_TREE/GIT_CONFIG_* variables are polluted by a parent Git hook or release script environment.
  • Suggested test: Add a lightweight script E2E that invokes nemoclaw --version from a temp checkout/install with hostile inherited GIT_* variables and verifies .version/package fallback behavior.
• sandbox-connect-auto-pair-approval (medium): The new Vitest coverage validates generated approval-pass scripts hermetically, but a real sandbox E2E that confirms connect-time auto-pair approval behavior against OpenShell/OpenClaw devices would close the remaining live integration gap.
  • Suggested test: Add a real-sandbox E2E for connect-time OpenClaw device auto-pair approval, including malformed scope rejection and best-effort failure tolerance before SSH handoff.

[github-actions]

E2E Scenario Advisor Recommendation

Required scenario E2E: None
Optional scenario E2E: None

Workflow run

Full scenario advisor summary

E2E Scenario Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required scenario E2E

• None. No changes under test/e2e-scenario/, scenario workflow files, scenario metadata, expected-state contracts, suite definitions/scripts, scenario runtime, or scenario onboarding/install helper surfaces. The PR primarily changes unit tests/test organization plus a core version helper that is not directly exercised by the scenario E2E catalog.

Optional scenario E2E

• None.

Relevant changed files

• None.

[github-actions]

PR Review Advisor

Findings: 0 needs attention, 2 worth checking, 0 nice ideas
Since last review: 1 prior item resolved, 0 still apply, 1 new item found

Review findings

🛠️ Needs attention

• None.

🔎 Worth checking

• Source-of-truth review needed: getVersion Git environment scrubbing: The advisor marked localized patch analysis as needs_followup.
  • Recommendation: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Evidence: gitEnvForRoot() strips keys starting with GIT_ in src/lib/core/version.ts; the current test uses repoRoot's real .git as the hostile GIT_DIR rather than a guaranteed tagged hostile fixture.
• Hostile Git environment regression can pass vacuously (src/lib/core/version.test.ts:75): The prior review asked for a direct regression around inherited GIT_* variables redirecting getVersion(). This PR adds such a test, but it uses the real checkout's .git directory as the hostile GIT_DIR. If that checkout does not have a matching v* tag, an unsanitized implementation would fail git describe and fall through to the requested root's .version, so the test would still pass without proving that GIT_DIR/GIT_WORK_TREE/GIT_CONFIG_* were ignored.
  • Recommendation: Create an isolated hostile repository fixture inside the test, commit and tag it with a known v* tag such as v9.9.9, set GIT_DIR/GIT_WORK_TREE/GIT_CONFIG_* to that fixture, and assert getVersion({ rootDir: testDir }) returns the requested root's .version or package.json value rather than 9.9.9.
  • Evidence: src/lib/core/version.ts passes env: gitEnvForRoot() to git describe. src/lib/core/version.test.ts obtains gitDir from repoRoot with git rev-parse --absolute-git-dir and then expects .version 2.3.4; the hostile source is not guaranteed to make git describe succeed if env scrubbing is removed.

🌱 Nice ideas

• None.

Consider writing more tests for

• **Runtime validation** — getVersion ignores inherited GIT_DIR/GIT_WORK_TREE/GIT_CONFIG_* pointing at an isolated unrelated repository tagged v9.9.9 and returns the requested root .version instead.. Most split/refactor coverage is adequate and the sandbox approval fallback has focused negative tests. The remaining runtime-sensitive boundary is getVersion's real Git subprocess behavior under hostile inherited Git environment variables.
• **Runtime validation** — getVersion falls back to the requested root package.json when hostile inherited GIT_* variables would otherwise make git describe succeed in an unrelated tagged repository.. Most split/refactor coverage is adequate and the sandbox approval fallback has focused negative tests. The remaining runtime-sensitive boundary is getVersion's real Git subprocess behavior under hostile inherited Git environment variables.
• **Runtime validation** — test-file-size budget evaluation reports no stale legacy entry for the deleted test/sandbox-connect-inference.test.ts and keeps the split sandbox-connect-inference *.test.ts files under the default budget.. Most split/refactor coverage is adequate and the sandbox approval fallback has focused negative tests. The remaining runtime-sensitive boundary is getVersion's real Git subprocess behavior under hostile inherited Git environment variables.
• **Hostile Git environment regression can pass vacuously** — Create an isolated hostile repository fixture inside the test, commit and tag it with a known v* tag such as v9.9.9, set GIT_DIR/GIT_WORK_TREE/GIT_CONFIG_* to that fixture, and assert getVersion({ rootDir: testDir }) returns the requested root's .version or package.json value rather than 9.9.9.
• **Acceptance clause:** Relates to ci: safely split slow CLI coverage suites #4892 — add test evidence or identify existing coverage. The deterministic context did not include issue ci: safely split slow CLI coverage suites #4892 text or comments, so no literal linked-issue acceptance clauses could be mapped.
• **Acceptance clause:** Harden permission-mode tests for `umask 077`, make temp-policy assertions process-local, and scrub inherited `GIT_*` hook state from git-backed test fixtures/version checks. — add test evidence or identify existing coverage. Permission tests now force modes with chmod/writeFileWithMode, policy temp-dir assertions remain process-local, and git fixture env helpers strip inherited GIT_* variables. The production getVersion scrub has a new hostile-env test, but that test should use an isolated tagged hostile repo to conclusively prove the behavior.
• **Acceptance clause:** Tests added or updated for new or changed behavior — add test evidence or identify existing coverage. Tests are added/updated across version, sandbox-base-image, release-tag, config permissions, and sandbox-connect inference split files. The only remaining gap is the robustness of the hostile GIT_* regression.
• **getVersion Git environment scrubbing** — src/lib/core/version.test.ts adds a hostile inherited Git environment case, but it should be strengthened with an isolated hostile tagged repo so an unsanitized implementation would deterministically return the wrong tag.. gitEnvForRoot() strips keys starting with GIT_ in src/lib/core/version.ts; the current test uses repoRoot's real .git as the hostile GIT_DIR rather than a guaranteed tagged hostile fixture.

Since last review details

Current findings:

• Source-of-truth review needed: getVersion Git environment scrubbing: The advisor marked localized patch analysis as needs_followup.
  • Recommendation: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Evidence: gitEnvForRoot() strips keys starting with GIT_ in src/lib/core/version.ts; the current test uses repoRoot's real .git as the hostile GIT_DIR rather than a guaranteed tagged hostile fixture.
• Hostile Git environment regression can pass vacuously (src/lib/core/version.test.ts:75): The prior review asked for a direct regression around inherited GIT_* variables redirecting getVersion(). This PR adds such a test, but it uses the real checkout's .git directory as the hostile GIT_DIR. If that checkout does not have a matching v* tag, an unsanitized implementation would fail git describe and fall through to the requested root's .version, so the test would still pass without proving that GIT_DIR/GIT_WORK_TREE/GIT_CONFIG_* were ignored.
  • Recommendation: Create an isolated hostile repository fixture inside the test, commit and tag it with a known v* tag such as v9.9.9, set GIT_DIR/GIT_WORK_TREE/GIT_CONFIG_* to that fixture, and assert getVersion({ rootDir: testDir }) returns the requested root's .version or package.json value rather than 9.9.9.
  • Evidence: src/lib/core/version.ts passes env: gitEnvForRoot() to git describe. src/lib/core/version.test.ts obtains gitDir from repoRoot with git rev-parse --absolute-git-dir and then expects .version 2.3.4; the hostile source is not guaranteed to make git describe succeed if env scrubbing is removed.

Workflow run details

This is an automated advisory review. A human maintainer must make the final merge decision.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

test/sandbox-connect-inference/helpers.ts (1)

47-329: 🏗️ Heavy lift

Split setupFixture into smaller helpers to satisfy complexity guidance.

This function now combines filesystem setup + four executable stubs + state initialization in one block, which makes changes hard to audit and extends blast radius for test-only bugs. Extracting focused builders (state init, openshell stub, docker stub, curl stub, ps stub) would materially improve maintainability.

As per coding guidelines, “Keep function complexity low in JavaScript and TypeScript code.”

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/sandbox-connect-inference/helpers.ts` around lines 47 - 329, The
setupFixture function is too large; split it into focused helpers to reduce
complexity by extracting the state initialization and each executable stub into
their own functions—e.g. initStateFile(stateFile, options),
writeOpenshellStub(openshellPath, stateFile, sandboxName, options,
liveInferenceProvider, liveInferenceModel), writeDockerStub(dockerPath,
stateFile, sandboxName), writeCurlStub(curlPath, stateFile, options),
writePsStub(psPath) — move the corresponding fs.writeFileSync blocks and related
logic into those helpers, keep setupFixture to orchestrate directory creation
and call these helpers, and ensure any behavior needed by tests (environment
flags, state shape, and returned { tmpDir, stateFile, sandboxName }) remains
unchanged.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/sandbox-connect-inference/helpers.ts`:
- Around line 382-390: The env block in runConnect currently spreads process.env
which leaks host-level test hooks and causes flakiness; replace the spread with
a minimal, deterministic environment by constructing env = { HOME: tmpDir, PATH:
`${path.join(tmpDir, ".local", "bin")}:/usr/bin:/bin`, NEMOCLAW_NO_CONNECT_HINT:
"1", NEMOCLAW_OLLAMA_PORT: "11434", NEMOCLAW_OLLAMA_PROXY_PORT: "11435",
...extraEnv } so only required variables plus extraEnv are present (remove
...process.env), updating the env object used by runConnect in helpers.ts to
ensure hermetic tests while preserving tmpDir, PATH and the NEMOCLAW_* vars.

---

Nitpick comments:
In `@test/sandbox-connect-inference/helpers.ts`:
- Around line 47-329: The setupFixture function is too large; split it into
focused helpers to reduce complexity by extracting the state initialization and
each executable stub into their own functions—e.g. initStateFile(stateFile,
options), writeOpenshellStub(openshellPath, stateFile, sandboxName, options,
liveInferenceProvider, liveInferenceModel), writeDockerStub(dockerPath,
stateFile, sandboxName), writeCurlStub(curlPath, stateFile, options),
writePsStub(psPath) — move the corresponding fs.writeFileSync blocks and related
logic into those helpers, keep setupFixture to orchestrate directory creation
and call these helpers, and ensure any behavior needed by tests (environment
flags, state shape, and returned { tmpDir, stateFile, sandboxName }) remains
unchanged.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: d01030c9-09eb-4895-a4de-837b98d5cb5c

📥 Commits

Reviewing files that changed from the base of the PR and between 9dd7218 and 759fb93.

📒 Files selected for processing (10)

• ci/test-file-size-budget.json
• src/lib/core/version.ts
• src/lib/onboard/config-sync.test.ts
• src/lib/sandbox-base-image.test.ts
• src/lib/state/config-io.test.ts
• test/policies.test.ts
• test/release-latest-tag.test.ts
• test/sandbox-connect-inference/auto-pair-approval.test.ts
• test/sandbox-connect-inference/helpers.ts
• test/sandbox-connect-inference/route-swap-repair.test.ts