test(e2e): migrate test-concurrent-gateway-ports.sh to vitest

[jyaunches]

Summary

Migrate test/e2e/test-concurrent-gateway-ports.sh with focused live Vitest coverage.

Related Issues

Refs #5098

Contract mapping

• Legacy assertion: onboard sandbox A on the default NemoClaw gateway port (8080) and default dashboard port (18789).
  • Replacement: test/e2e-scenario/live/concurrent-gateway-ports.test.ts runs the repo CLI against a fake OpenAI-compatible endpoint and asserts sandbox A reaches Ready/Running, nemoclaw list reports dashboard port 18789, and the host gateway port is listening.
  • Boundary preserved: real repo CLI, Docker/OpenShell gateway, dashboard forward, host socket probe, and local fake OpenAI-compatible inference endpoint.
• Legacy assertion: onboard sandbox B with NEMOCLAW_GATEWAY_PORT set to a non-default port.
  • Replacement: same Vitest test onboards sandbox B with NEMOCLAW_GATEWAY_PORT=18080 and checks the per-port OpenShell gateway name nemoclaw-18080.
  • Boundary preserved: real per-port OpenShell Docker-driver gateway and NemoClaw gateway selection path.
• Legacy assertion: both sandboxes coexist with distinct gateways, distinct dashboards, and no destruction of sandbox A during sandbox B onboarding.
  • Replacement: same Vitest test verifies both sandboxes are Ready/Running on their expected gateways, both gateway ports are listening, nemoclaw list includes both sandboxes, and the dashboard ports are distinct.
  • Boundary preserved: real OpenShell sandbox discovery, nemoclaw list, and host ss socket observation.
• Legacy assertion: destroying sandbox B leaves sandbox A healthy.
  • Replacement: same Vitest test destroys sandbox B through the repo CLI and rechecks sandbox A plus the default gateway port.
  • Boundary preserved: real nemoclaw <sandbox> destroy --yes and OpenShell state.

Simplicity check

• Test shape: simple live Vitest test.
• Original runner/lane: nightly-e2e.yaml job concurrent-gateway-ports-e2e via e2e-script.yaml, default ubuntu-latest, Docker/OpenShell, fake OpenAI-compatible endpoint, 30 minute reusable timeout.
• Replacement runner: same ubuntu-latest runner class in e2e-vitest-scenarios.yaml job concurrent-gateway-ports-vitest, with Docker Hub auth, OpenShell install, CLI build, and 90 minute timeout for two live onboards.
• New shared helpers: none; one-off gateway/dashboard parsers stay local to the test.
• New framework/registry/ledger: none.
• Workflow changes: add selective free-standing Vitest job and selector coverage; legacy shell deletion/workflow retirement deferred to Epic: Migrate legacy bash E2E into the Vitest E2E system #5098 Phase 11.
• Selective dispatch: e2e-vitest-scenarios.yaml with jobs=concurrent-gateway-ports-vitest on this PR branch.

Verification

• npm run build:cli
• npx biome check --write test/e2e-scenario/live/concurrent-gateway-ports.test.ts test/e2e-scenario/support-tests/e2e-scenarios-workflow.test.ts tools/e2e-scenarios/workflow-boundary.mts
• npx vitest run --project e2e-vitest-support test/e2e-scenario/support-tests/e2e-scenarios-workflow.test.ts --silent=false --reporter=default
• git diff --check
• Same-runner selective run: https://github.com/NVIDIA/NemoClaw/actions/runs/27594971597 (workflow_dispatch, jobs=concurrent-gateway-ports-vitest) — passed

---

Signed-off-by: Carlos Villela cvillela@nvidia.com

Summary by CodeRabbit

Tests

• Added comprehensive end-to-end test scenario validating concurrent sandbox onboarding across isolated gateways with dashboard and port forwarding verification.
• Enhanced testing infrastructure with new automated test job and extended boundary validation for improved scenario dispatch reliability.

[copy-pr-bot]

Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually.

Contributors can view more details about this message here.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 30bd4d2c-80a9-44ad-8f65-9bbe9bffb27e

📥 Commits

Reviewing files that changed from the base of the PR and between 6c0fb04 and 54a934b.

📒 Files selected for processing (4)

• .github/workflows/e2e-vitest-scenarios.yaml
• test/e2e-scenario/live/concurrent-gateway-ports.test.ts
• test/e2e-scenario/support-tests/e2e-scenarios-workflow.test.ts
• tools/e2e-scenarios/workflow-boundary.mts

---

📝 Walkthrough

Walkthrough

Adds a new live Vitest E2E scenario (concurrent-gateway-ports) that onboards two sandboxes onto isolated OpenShell Docker-driver gateways concurrently and asserts dashboard port isolation and forwarding behavior. Wires a corresponding free-standing CI job in the E2E workflow, registers it in the workflow boundary validator, and extends dispatch-selector tests.

Changes

concurrent-gateway-ports E2E scenario

Layer / File(s)	Summary
Live test helpers, polling, and teardown test/e2e-scenario/live/concurrent-gateway-ports.test.ts	Defines config constants driven by env vars, command execution and onboarding helpers, nemoclaw list dashboard-port parser, sandbox-phase polling routine, ss-based port-listening verifier, prerequisite-or-skip utility, and best-effort teardown logic.
Main E2E scenario body test/e2e-scenario/live/concurrent-gateway-ports.test.ts	Implements the full liveTest body: prerequisites check, fake OpenAI server setup, initial cleanup, sequential onboarding of sandboxes A and B onto separate gateway ports, readiness and port-listening assertions, sandbox B destruction with sandbox A health verification, and structured scenario-result.json artifact writing.
CI job and report aggregation .github/workflows/e2e-vitest-scenarios.yaml	Adds the concurrent-gateway-ports-vitest free-standing job (conditional dispatch, Docker Hub auth, Vitest run, 14-day artifact upload) and appends it to report-to-pr's needs list.
Workflow boundary validation and dispatch-selector tests tools/e2e-scenarios/workflow-boundary.mts, test/e2e-scenario/support-tests/e2e-scenarios-workflow.test.ts	Registers concurrent-gateway-ports-vitest → concurrent-gateway-ports via validateFreeStandingJobSelector and adds two dispatch-selector assertions confirming the mapping resolves with valid: true and liveScenariosRuns: false.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• NVIDIA/NemoClaw#5226: Extends the same free-standing Vitest dispatch pattern in e2e-vitest-scenarios.yaml, workflow-boundary.mts, and report-to-pr for a different scenario (network-policy-vitest).
• NVIDIA/NemoClaw#5350: Extends the same validateFreeStandingJobSelector wiring and dispatch-selector boundary tests in workflow-boundary.mts and e2e-scenarios-workflow.test.ts for a different scenario.
• NVIDIA/NemoClaw#5370: Refactors the free-standing E2E workflow boundary/selector validation logic in tools/e2e-scenarios/workflow-boundary.mts that this PR extends.

Suggested labels

v0.0.65

Suggested reviewers

• cv

🐰 Two gateways spin up, side by side,
Each sandbox claims its port with pride.
Sandbox B departs, A waves goodbye —
The dashboard ports never did collide!
A bunny checks ss, hops with delight 🎉

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: migrating a shell script-based E2E test to Vitest, directly matching the PR's primary objective.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch e2e-migrate/test-concurrent-gateway-ports

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

E2E Advisor Recommendation

Required E2E: concurrent-gateway-ports
Optional E2E: double-onboard, gateway-health-honest

Dispatch hint: concurrent-gateway-ports-vitest

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

• concurrent-gateway-ports (high): This PR adds and wires the new live E2E job itself. Run it to validate the workflow selector, OpenShell install path, real multi-gateway sandbox onboarding, dashboard port allocation, and cleanup behavior.

Optional E2E

• double-onboard (high): Adjacent confidence check for repeated onboarding behavior on one host; useful because the new scenario extends that boundary to concurrent gateways and dashboard forwards.
• gateway-health-honest (medium): Optional adjacent check for gateway health reporting after lifecycle changes; useful if reviewers want extra confidence in gateway state visibility.

New E2E recommendations

• None.

Dispatch hint

• Workflow: .github/workflows/e2e-vitest-scenarios.yaml
• jobs input: concurrent-gateway-ports-vitest

[github-actions]

Vitest E2E Scenario Recommendation

Required Vitest E2E scenarios: concurrent-gateway-ports-vitest
Optional Vitest E2E scenarios: None

Dispatch required Vitest E2E scenarios:

• gh workflow run e2e-vitest-scenarios.yaml --ref <pr-head-ref> --field jobs=concurrent-gateway-ports-vitest

Workflow run

Full Vitest E2E advisor summary

Vitest E2E Scenario Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required Vitest E2E scenarios

• concurrent-gateway-ports-vitest: Focused free-standing Vitest job wired for changed live test test/e2e-scenario/live/concurrent-gateway-ports.test.ts.
  • Dispatch: gh workflow run e2e-vitest-scenarios.yaml --ref <pr-head-ref> --field jobs=concurrent-gateway-ports-vitest

Optional Vitest E2E scenarios

• None.

Relevant changed files

• .github/workflows/e2e-vitest-scenarios.yaml
• test/e2e-scenario/live/concurrent-gateway-ports.test.ts
• test/e2e-scenario/support-tests/e2e-scenarios-workflow.test.ts
• tools/e2e-scenarios/workflow-boundary.mts

[github-actions]

PR Review Advisor

Findings: 0 needs attention, 5 worth checking, 0 nice ideas
Since last review: 0 prior items resolved, 3 still apply, 1 new item found

Review findings

🛠️ Needs attention

• None.

🔎 Worth checking

• Source-of-truth review needed: bestEffortCleanup() for NemoClaw/OpenShell sandboxes, forwards, and gateways: The advisor marked localized patch analysis as needs_followup.
  • Recommendation: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Evidence: `bestEffortCleanup()` contains broad `catch { // best effort }` blocks for NemoClaw destroy, OpenShell sandbox delete, forward stop, and gateway destroy.
• Validate env-derived ports before shell probing (test/e2e-scenario/live/concurrent-gateway-ports.test.ts:177): The live test reads gateway/dashboard/fake-server ports from environment variables, then interpolates the gateway port into a `bash -lc` command for `ss | grep`. The workflow does not expose these env vars as dispatch inputs, so this is not a confirmed workflow-boundary exploit, but it remains avoidable command-injection and test-integrity risk when the test is run with externally supplied environment.
  • Recommendation: Parse every port-like env var with a strict integer/range check before use, and avoid shell interpolation for the listening probe. Prefer spawning `ss` directly and inspecting stdout in TypeScript, or pass a validated port as a positional argument to a fixed shell script.
  • Evidence: `GATEWAY_PORT_A/B` and `DASHBOARD_PORT_A` are read from `process.env`; `expectPortListening()` runs `host.command("bash", ["-lc", `ss -ltn | grep -Eq '[:.]${port}\\b'`], ...)`.
• Isolate and clean up Docker Hub auth in the new live job (.github/workflows/e2e-vitest-scenarios.yaml:1805): The new free-standing job logs into Docker Hub using repository secrets, then runs checkout code to build, install OpenShell, and execute the live scenario without configuring an isolated `DOCKER_CONFIG` or adding a cleanup/logout step. The diff does not directly leak credentials, but it extends a secrets-adjacent trusted-code boundary and leaves Docker auth in the default runner config for subsequent PR-code steps.
  • Recommendation: Use an isolated `DOCKER_CONFIG` under `RUNNER_TEMP` with `chmod 700`, pass only the required env to installer/test steps, and add an `if: always()` cleanup step that logs out and removes the Docker config directory.
  • Evidence: The added `concurrent-gateway-ports-vitest` job has `Authenticate to Docker Hub` with `DOCKERHUB_USERNAME`/`DOCKERHUB_TOKEN`, followed by `npm run build:cli`, `bash scripts/install-openshell.sh`, and `npx vitest`, but the added job does not set `DOCKER_CONFIG` or include a Docker auth cleanup step.
• Source-of-truth review needed for best-effort cleanup (test/e2e-scenario/live/concurrent-gateway-ports.test.ts:222): The cleanup helper broadly suppresses failures while destroying NemoClaw sandboxes, deleting OpenShell sandboxes, stopping forwards, and destroying gateways. That can be appropriate for cleanup-after-failure, but the current code does not document which partial lifecycle states are expected, why they cannot be prevented at the source, or how unexpected cleanup failures are surfaced for diagnosis.
  • Recommendation: Narrow the ignored cases to known benign not-found/already-stopped outcomes, or record unexpected cleanup failures in artifacts while preserving the primary assertion failure. Document the invalid states this cleanup tolerates, the source boundary, and the condition for removing the workaround.
  • Evidence: `bestEffortCleanup()` has multiple broad `catch { // best effort }` blocks around `nemoclaw destroy`, `openshell sandbox delete`, `openshell forward stop`, and `openshell gateway destroy`.
• Preserve or intentionally drop legacy pre-existing default sandbox cleanup (test/e2e-scenario/live/concurrent-gateway-ports.test.ts:277): The legacy shell scenario destroyed an unrelated pre-existing default install sandbox before onboarding sandbox A. The new Vitest test only pre-cleans the two named sandboxes, hard-coded dashboard forwards, and the two gateways. On a reused developer or runner host, an unrelated default sandbox/forward may cause sandbox A not to receive the expected default dashboard port or may change `nemoclaw list` behavior.
  • Recommendation: Either carry over the legacy default-sandbox cleanup behavior in a narrowly scoped way, or document why the Vitest lane cannot encounter that state and add coverage for the pre-existing-default-sandbox case.
  • Evidence: The new test calls `await bestEffortCleanup(host, sandbox, gatewayA, gatewayB);` before onboarding A, but the legacy `test/e2e/test-concurrent-gateway-ports.sh` had `destroy_default_install_sandbox` before Stage 1.

🌱 Nice ideas

• None.

Consider writing more tests for

• **Runtime validation** — Run the selective `jobs=concurrent-gateway-ports-vitest` path and verify sandbox A keeps dashboard port `18789` while sandbox B receives a different dashboard port.. The main behavior depends on live Docker/OpenShell gateway orchestration, host ports, dashboard forwards, and cleanup on an ubuntu-latest runner. Static selector tests cover workflow dispatch wiring, but they cannot validate the runtime coexistence and cleanup guarantees.
• **Runtime validation** — Run the scenario with a pre-existing unrelated default sandbox or dashboard forward and verify setup either removes it intentionally or still deterministically gives sandbox A dashboard `18789`.. The main behavior depends on live Docker/OpenShell gateway orchestration, host ports, dashboard forwards, and cleanup on an ubuntu-latest runner. Static selector tests cover workflow dispatch wiring, but they cannot validate the runtime coexistence and cleanup guarantees.
• **Runtime validation** — Add a focused helper/unit test that rejects malformed `NEMOCLAW_E2E_GATEWAY_PORT_A`, `NEMOCLAW_E2E_GATEWAY_PORT_B`, `NEMOCLAW_E2E_DASHBOARD_PORT_A`, and `NEMOCLAW_E2E_FAKE_PORT` values before any shell command or gateway name is built.. The main behavior depends on live Docker/OpenShell gateway orchestration, host ports, dashboard forwards, and cleanup on an ubuntu-latest runner. Static selector tests cover workflow dispatch wiring, but they cannot validate the runtime coexistence and cleanup guarantees.
• **Runtime validation** — Exercise an OpenShell delete, forward stop, or gateway destroy cleanup failure and confirm unexpected cleanup failures are captured in artifacts without masking the primary test assertion.. The main behavior depends on live Docker/OpenShell gateway orchestration, host ports, dashboard forwards, and cleanup on an ubuntu-latest runner. Static selector tests cover workflow dispatch wiring, but they cannot validate the runtime coexistence and cleanup guarantees.
• **Runtime validation** — If `NEMOCLAW_E2E_PHASE_TIMEOUT_MS` remains configurable, test its unit semantics or rename/use it consistently so callers do not accidentally convert milliseconds as seconds.. The main behavior depends on live Docker/OpenShell gateway orchestration, host ports, dashboard forwards, and cleanup on an ubuntu-latest runner. Static selector tests cover workflow dispatch wiring, but they cannot validate the runtime coexistence and cleanup guarantees.
• **Acceptance clause:** Workflow changes: add selective free-standing Vitest job and selector coverage; legacy shell deletion/workflow retirement deferred to Epic: Migrate legacy bash E2E into the Vitest E2E system #5098 Phase 11. — add test evidence or identify existing coverage. The diff adds `concurrent-gateway-ports-vitest`, selector tests for `jobs` and `scenarios`, and workflow-boundary validation. The legacy shell script remains present, consistent with the PR text, but no deterministic linked issue clauses/comments were available to verify the Epic: Migrate legacy bash E2E into the Vitest E2E system #5098 Phase 11 plan.
• **bestEffortCleanup() for NemoClaw/OpenShell sandboxes, forwards, and gateways** — No focused test or artifact assertion proves that benign not-found cleanup is non-fatal while unexpected cleanup failures are captured for maintainers.. `bestEffortCleanup()` contains broad `catch { // best effort }` blocks for NemoClaw destroy, OpenShell sandbox delete, forward stop, and gateway destroy.

Since last review details

Current findings:

• Source-of-truth review needed: bestEffortCleanup() for NemoClaw/OpenShell sandboxes, forwards, and gateways: The advisor marked localized patch analysis as needs_followup.
  • Recommendation: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Evidence: `bestEffortCleanup()` contains broad `catch { // best effort }` blocks for NemoClaw destroy, OpenShell sandbox delete, forward stop, and gateway destroy.
• Validate env-derived ports before shell probing (test/e2e-scenario/live/concurrent-gateway-ports.test.ts:177): The live test reads gateway/dashboard/fake-server ports from environment variables, then interpolates the gateway port into a `bash -lc` command for `ss | grep`. The workflow does not expose these env vars as dispatch inputs, so this is not a confirmed workflow-boundary exploit, but it remains avoidable command-injection and test-integrity risk when the test is run with externally supplied environment.
  • Recommendation: Parse every port-like env var with a strict integer/range check before use, and avoid shell interpolation for the listening probe. Prefer spawning `ss` directly and inspecting stdout in TypeScript, or pass a validated port as a positional argument to a fixed shell script.
  • Evidence: `GATEWAY_PORT_A/B` and `DASHBOARD_PORT_A` are read from `process.env`; `expectPortListening()` runs `host.command("bash", ["-lc", `ss -ltn | grep -Eq '[:.]${port}\\b'`], ...)`.
• Isolate and clean up Docker Hub auth in the new live job (.github/workflows/e2e-vitest-scenarios.yaml:1805): The new free-standing job logs into Docker Hub using repository secrets, then runs checkout code to build, install OpenShell, and execute the live scenario without configuring an isolated `DOCKER_CONFIG` or adding a cleanup/logout step. The diff does not directly leak credentials, but it extends a secrets-adjacent trusted-code boundary and leaves Docker auth in the default runner config for subsequent PR-code steps.
  • Recommendation: Use an isolated `DOCKER_CONFIG` under `RUNNER_TEMP` with `chmod 700`, pass only the required env to installer/test steps, and add an `if: always()` cleanup step that logs out and removes the Docker config directory.
  • Evidence: The added `concurrent-gateway-ports-vitest` job has `Authenticate to Docker Hub` with `DOCKERHUB_USERNAME`/`DOCKERHUB_TOKEN`, followed by `npm run build:cli`, `bash scripts/install-openshell.sh`, and `npx vitest`, but the added job does not set `DOCKER_CONFIG` or include a Docker auth cleanup step.
• Source-of-truth review needed for best-effort cleanup (test/e2e-scenario/live/concurrent-gateway-ports.test.ts:222): The cleanup helper broadly suppresses failures while destroying NemoClaw sandboxes, deleting OpenShell sandboxes, stopping forwards, and destroying gateways. That can be appropriate for cleanup-after-failure, but the current code does not document which partial lifecycle states are expected, why they cannot be prevented at the source, or how unexpected cleanup failures are surfaced for diagnosis.
  • Recommendation: Narrow the ignored cases to known benign not-found/already-stopped outcomes, or record unexpected cleanup failures in artifacts while preserving the primary assertion failure. Document the invalid states this cleanup tolerates, the source boundary, and the condition for removing the workaround.
  • Evidence: `bestEffortCleanup()` has multiple broad `catch { // best effort }` blocks around `nemoclaw destroy`, `openshell sandbox delete`, `openshell forward stop`, and `openshell gateway destroy`.
• Preserve or intentionally drop legacy pre-existing default sandbox cleanup (test/e2e-scenario/live/concurrent-gateway-ports.test.ts:277): The legacy shell scenario destroyed an unrelated pre-existing default install sandbox before onboarding sandbox A. The new Vitest test only pre-cleans the two named sandboxes, hard-coded dashboard forwards, and the two gateways. On a reused developer or runner host, an unrelated default sandbox/forward may cause sandbox A not to receive the expected default dashboard port or may change `nemoclaw list` behavior.
  • Recommendation: Either carry over the legacy default-sandbox cleanup behavior in a narrowly scoped way, or document why the Vitest lane cannot encounter that state and add coverage for the pre-existing-default-sandbox case.
  • Evidence: The new test calls `await bestEffortCleanup(host, sandbox, gatewayA, gatewayB);` before onboarding A, but the legacy `test/e2e/test-concurrent-gateway-ports.sh` had `destroy_default_install_sandbox` before Stage 1.

Workflow run details

This is an automated advisory review. A human maintainer must make the final merge decision.

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[github-code-quality]

Code Coverage Overview

Languages: TypeScript

TypeScript / code-coverage/plugin

The overall coverage in the e2e-migrate/test-con... branch is 96%. Coverage data for the main branch is not yet available.

Show a code coverage summary of the most covered files.

File	main	e2e-migrate/test-con... 54a934b	+/-
nemoclaw/src/se...cret-scanner.ts	—	100%	—
nemoclaw/src/commands/slash.ts	—	100%	—
nemoclaw/src/li...bprocess-env.ts	—	100%	—
nemoclaw/src/bl...eprint/state.ts	—	98%	—
nemoclaw/src/onboard/config.ts	—	98%	—
nemoclaw/src/bl...int/snapshot.ts	—	97%	—
nemoclaw/src/bl...print/runner.ts	—	95%	—
nemoclaw/src/co...ration-state.ts	—	94%	—
nemoclaw/src/bl...ate-networks.ts	—	94%	—
nemoclaw/src/index.ts	—	94%	—

TypeScript / code-coverage/cli

The overall coverage in the e2e-migrate/test-con... branch is 46%. Coverage data for the main branch is not yet available.

Show a code coverage summary of the most covered files.

File	main	e2e-migrate/test-con... 54a934b	+/-
src/lib/state/o...oard-session.ts	—	90%	—
src/lib/inference/local.ts	—	76%	—
src/lib/sandbox/config.ts	—	72%	—
src/lib/actions...dbox/rebuild.ts	—	67%	—
src/lib/onboard/preflight.ts	—	64%	—
src/lib/actions...licy-channel.ts	—	56%	—
src/lib/state/sandbox.ts	—	55%	—
src/lib/policy/index.ts	—	49%	—
src/lib/onboard...er-gpu-patch.ts	—	44%	—
src/lib/onboard.ts	—	18%	—

---

_{Updated June 16, 2026 04:54 UTC
Code Coverage is in Public Preview. Learn more and provide us with your feedback.}

[github-actions]

Vitest E2E Scenario Results — ✅ All jobs passed

Run: 27594971597
Workflow ref: e2e-migrate/test-concurrent-gateway-ports
Requested scenarios: (default — all supported)
Requested jobs: concurrent-gateway-ports-vitest
Summary: 2 passed, 0 failed, 35 skipped

Job	Result
bedrock-runtime-compatible-anthropic-vitest	⏭️ skipped
channels-add-remove-vitest	⏭️ skipped
cloud-inference-vitest	⏭️ skipped
common-egress-agent-vitest	⏭️ skipped
concurrent-gateway-ports-vitest	✅ success
credential-migration-vitest	⏭️ skipped
credential-sanitization-vitest	⏭️ skipped
double-onboard-vitest	⏭️ skipped
gateway-drift-preflight-vitest	⏭️ skipped
gateway-guard-recovery	⏭️ skipped
gateway-health-honest-vitest	⏭️ skipped
generate-matrix	✅ success
hermes-e2e-vitest	⏭️ skipped
hermes-root-entrypoint-smoke-vitest	⏭️ skipped
inference-routing-vitest	⏭️ skipped
issue-2478-crash-loop-recovery-vitest	⏭️ skipped
issue-4434-tui-unreachable-inference-vitest	⏭️ skipped
launchable-smoke-vitest	⏭️ skipped
live-scenarios	⏭️ skipped
messaging-compatible-endpoint-vitest	⏭️ skipped
messaging-providers-vitest	⏭️ skipped
model-router-provider-routed-inference-vitest	⏭️ skipped
network-policy-vitest	⏭️ skipped
onboard-negative-paths-vitest	⏭️ skipped
openclaw-inference-switch-vitest	⏭️ skipped
openclaw-skill-cli-vitest	⏭️ skipped
openclaw-tui-chat-correlation-vitest	⏭️ skipped
openshell-version-pin-vitest	⏭️ skipped
rebuild-openclaw-vitest	⏭️ skipped
runtime-overrides-vitest	⏭️ skipped
sandbox-rebuild-vitest	⏭️ skipped
sandbox-survival-vitest	⏭️ skipped
sessions-agents-cli-vitest	⏭️ skipped
shields-config-vitest	⏭️ skipped
skill-agent-vitest	⏭️ skipped
state-backup-restore-vitest	⏭️ skipped
token-rotation-vitest	⏭️ skipped