test(e2e): migrate VM driver privileged exec to Vitest#5144
Closed
cv wants to merge 18 commits into
Closed
Conversation
Contributor
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
Contributor
E2E Advisor RecommendationRequired E2E: Dispatch hint: Full advisor summaryE2E Recommendation AdvisorBase: Required E2E
Optional E2E
New E2E recommendations
Dispatch hint
|
Contributor
E2E Scenario Advisor RecommendationRequired scenario E2E: Dispatch required scenario E2E:
Full scenario advisor summaryE2E Scenario AdvisorBase: Required scenario E2E
Optional scenario E2E
Relevant changed files
|
Contributor
PR Review AdvisorFindings: 0 needs attention, 0 worth checking, 0 nice ideas Consider writing more tests for
This is an automated advisory review. A human maintainer must make the final merge decision. |
This was referenced Jun 10, 2026
wscurran
added
area: ci
12 tasks
cv
pushed a commit
that referenced
this pull request
Jun 11, 2026
## Summary Migrate the `test/e2e/test-vm-driver-privileged-exec-routing.sh` contract into focused Vitest coverage while keeping the legacy shell file present for now. Seeded from Carlos's PR #5144, but rebuilt on current `main` with only the one-script migration changes and no #5126-era framework diff. ## Related Issues Refs #5098 Refs #4245 ## Contract mapping - Legacy assertion: VM-driver privileged exec routes to the direct sandbox container, not `openshell-gateway-nemoclaw`. - Replacement: `test/vm-driver-privileged-exec-routing.test.ts` asserts `alpha` selects `openshell-alpha-abc123` while ignoring `openshell-alpha-child` and gateway containers. - Boundary preserved: real built `dist/lib/sandbox/privileged-exec.js` helper plus fake registry and fake `docker ps` subprocess boundary. - Legacy assertion: exact direct container wins when present. - Replacement: `alpha-child` selects `openshell-alpha-child`. - Boundary preserved: fake Docker output exercises the same direct-container selection path. - Legacy assertion: Docker-driver and older registry entries without recorded driver still route to direct sandbox containers. - Replacement: `dockerbox` and `unknown-driver` cases assert direct container argv. - Boundary preserved: built helper reads a temp `~/.nemoclaw/sandboxes.json`. - Legacy assertion: missing direct VM container fails clearly instead of falling back to gateway routing. - Replacement: missing-container case asserts the `No running direct OpenShell sandbox container...driver: vm` error. - Boundary preserved: fake `docker ps` contains only gateway/unrelated containers. ## Simplicity check - Test shape: focused process/unit-shaped Vitest test in `test/`. - New shared helpers: none; fake registry/Docker setup is local to the test. - New framework/registry/ledger: **none**. - Workflow changes: retired/unwired the nightly shell-script lane from selective dispatch and nightly shell-script wiring. The legacy shell file remains in `test/e2e/` and in the top-level frozen shell allowlist; replacement coverage runs in normal CLI Vitest. ## Verification - `npm run build:cli` - `npx vitest run --project cli test/vm-driver-privileged-exec-routing.test.ts --silent=false --reporter=default` - `npx vitest run --project cli test/e2e-script-workflow.test.ts --silent=false --reporter=default` - includes a contract assertion that the unwired `vm-driver-privileged-exec-routing-e2e` lane is absent from nightly dispatch/wiring, the legacy shell file remains present, the replacement test is in the CLI Vitest include path, and the CLI coverage shard rebuilds `dist` before Vitest - `npm run test-size:check -- test/vm-driver-privileged-exec-routing.test.ts test/e2e-script-workflow.test.ts` - `git diff --check` ## CI follow-up The first selective E2E auto-dispatch still used the trusted `main` nightly workflow, which attempted to run the shell-script lane. This PR now removes `vm-driver-privileged-exec-routing-e2e` from the nightly dispatch input/list/job definitions so the unwired lane is not auto-dispatched. The legacy shell file has been restored per maintainer preference; this PR no longer deletes any file under `test/e2e/`. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Tests** * Added a regression test for privileged-exec routing to validate correct OpenShell sandbox selection across VM, Docker, and other drivers. * Added a contract test to ensure the retired nightly job is absent and that the CLI coverage shard runs the build step before executing CLI tests. * **Chores** * Retired a nightly E2E job and updated CI guidance to reference the new CLI test shard and narrowed nightly run targets. * Test helper updated to include CLI coverage shard metadata. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
Collaborator
Author
|
Closing as superseded by #5189. That merged PR carries the VM-driver privileged-exec routing contract forward on current main, explicitly notes it was seeded from this branch, and narrows the change to the one-script migration without the older #5126-era framework/ledger churn. #5098 now records test/e2e/test-vm-driver-privileged-exec-routing.sh as converted by #5189. Any remaining idea should come back as a fresh, focused follow-up against current main. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Migrates the VM driver privileged-exec routing regression from the legacy shell script into a Vitest live scenario. The nightly job now runs the targeted Vitest scenario directly and uploads shared E2E fixture artifacts.
Related Issue
Refs #4941
Refs #4245
Changes
test/e2e-scenario/live/vm-driver-privileged-exec-routing.test.tswith fake registry and fake Docker coverage for direct sandbox container routing.test/e2e/test-vm-driver-privileged-exec-routing.shinnightly-e2e.yamlwith directe2e-scenarios-liveexecution.test/e2e-script-workflow.test.tsandtest/helpers/e2e-workflow-contract.tsto lock the new workflow contract.Type of Change
Verification
npx prek run --all-filespassesnpm testpassesnpm run docsbuilds without warnings (doc changes only)Signed-off-by: Carlos Villela cvillela@nvidia.com