test(e2e): migrate cloud onboard flow to Vitest

[cv]

Summary

Migrate test-cloud-onboard-e2e.sh into the live Vitest E2E system. Adds test/e2e-scenario/live/cloud-onboard.test.ts and cloud-onboard-vitest workflow wiring. The Vitest test drives the public curl installer from the requested Git ref, verifies the installed CLI/OpenShell path, then runs the split cloud check scripts for inference.local, security, and Landlock/read-only behavior before cleanup.

Related Issue

Refs #5098

Changes

• Adds or wires the free-standing live Vitest scenario cloud-onboard.
• Adds selective workflow dispatch via cloud-onboard-vitest in .github/workflows/e2e-vitest-scenarios.yaml.
• Preserves the legacy system boundaries from test-cloud-onboard-e2e.sh while leaving legacy shell retirement to Epic: Migrate legacy bash E2E into the Vitest E2E system #5098 Phase 11.

Type of Change

• Code change (feature, bug fix, or refactor)
• Code change with doc updates
• Doc only (prose changes, no code sample modifications)
• Doc only (includes code sample changes)

Verification

• Git hooks passed during commit and push, or npx prek run --from-ref main --to-ref HEAD passes
• Targeted tests pass for changed behavior
• Full npm test passes (broad runtime changes only)
• Tests added or updated for new or changed behavior
• No secrets, API keys, or credentials committed
• Docs updated for user-facing behavior changes
• npm run docs builds without warnings (doc changes only)
• Doc pages follow the style guide (doc changes only)
• New doc pages include SPDX header and frontmatter (new pages only)

Targeted local checks run while preparing these branches:

• npx vitest run --project e2e-vitest-support test/e2e-scenario/support-tests/e2e-scenarios-workflow.test.ts --silent=false --reporter=default
• npm run typecheck:cli for branches adding new TypeScript tests
• git diff --check

Selective same-runner dispatch: https://github.com/NVIDIA/NemoClaw/actions/runs/27638941300 — passed after merge-from-main refresh

---

Signed-off-by: Carlos Villela cvillela@nvidia.com

Summary by CodeRabbit

• Tests

  • Added a new end-to-end live scenario that provisions a cloud onboarding environment and verifies the onboarding workflow, including installer/CLI availability and configuration/validation checks.

• CI / Automation

  • Extended the CI pipeline with a dedicated job to run the cloud onboarding scenario and upload its test artifacts.
  • Updated pull request scenario reporting so the cloud onboarding results are included in the published results table.

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: c8b9a9d3-c923-43a0-ae4b-180e4219815f

📥 Commits

Reviewing files that changed from the base of the PR and between 0ffd845 and 8857095.

📒 Files selected for processing (1)

• .github/workflows/e2e-vitest-scenarios.yaml

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/e2e-vitest-scenarios.yaml

---

📝 Walkthrough

Walkthrough

Adds a new live E2E Vitest test (cloud-onboard.test.ts) that provisions a cloud onboard scenario via a public installer script, validates CLI availability and check scripts, and writes a result file. A corresponding cloud-onboard-vitest GitHub Actions job is added to the e2e workflow with selector gating, artifact upload, and inclusion in the report-to-pr aggregation.

Changes

Cloud Onboard Live E2E Scenario

Layer / File(s)	Summary
Cloud onboard live E2E test test/e2e-scenario/live/cloud-onboard.test.ts	Creates the full live test: imports and constants, env() helper, cleanup() routine, publicInstallRef() resolver, and the main E2E flow covering installer execution, CLI/list assertions, .sh check script enumeration and execution, and scenario-result.json result writing.
CI job and PR reporting wiring .github/workflows/e2e-vitest-scenarios.yaml	Adds the cloud-onboard-vitest free-standing job with selector gating, Node/CLI/OpenShell setup, openshell-resolved test execution, and artifact upload; adds the job to report-to-pr.needs so its status appears in the PR results table.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related issues

• Epic: Migrate legacy bash E2E into the Vitest E2E system #5098: Implements the epic goal by migrating the cloud-onboard E2E test from legacy bash to Vitest and wiring it into the workflow, fulfilling the "replacement Vitest path is wired into .github/workflows/e2e-vitest-scenarios.yaml" requirement.

Possibly related PRs

• NVIDIA/NemoClaw#5243: Establishes the free-standing Vitest job-selector framework and PR results aggregation that this PR's new cloud-onboard-vitest job extends.
• NVIDIA/NemoClaw#5370: Refactors the derivation of free-standing Vitest job and scenario selectors from workflow job metadata, directly relating to how the new cloud-onboard-vitest job participates in selector gating and result surfacing.
• NVIDIA/NemoClaw#5330: Extends the same e2e-vitest-scenarios workflow by adding a free-standing job and wiring it into the report-to-pr dependency/needs structure.

Suggested labels

area: e2e, area: ci, chore

🐇 A bunny hops through the cloud with glee,
Installer script runs for all to see,
Nemoclaw lists the sandbox so near,
Check scripts dance, exit clean and clear,
scenario-result.json: passed — hooray, success! 🎉

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'test(e2e): migrate cloud onboard flow to Vitest' accurately summarizes the main change—migrating the cloud onboarding E2E test from shell script to Vitest, which is clearly reflected in the changeset.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch e2e-migrate/test-cloud-onboard-e2e

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

E2E Advisor Recommendation

Required E2E: cloud-onboard-vitest
Optional E2E: None

Dispatch hint: cloud-onboard-vitest

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

• cloud-onboard-vitest (high): This PR adds the cloud-onboard live Vitest scenario and its workflow job. Run the newly added job to validate the workflow wiring, test path, required environment, artifact upload path, and the live onboarding/security/inference scenario itself.

Optional E2E

• None.

New E2E recommendations

• None.

Dispatch hint

• Workflow: .github/workflows/e2e-vitest-scenarios.yaml
• jobs input: cloud-onboard-vitest

[github-actions]

Vitest E2E Scenario Recommendation

Required Vitest E2E scenarios: cloud-onboard-vitest
Optional Vitest E2E scenarios: None

Dispatch required Vitest E2E scenarios:

• gh workflow run e2e-vitest-scenarios.yaml --ref <pr-head-ref> --field jobs=cloud-onboard-vitest

Workflow run

Full Vitest E2E advisor summary

Vitest E2E Scenario Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required Vitest E2E scenarios

• cloud-onboard-vitest: Focused free-standing Vitest job wired for changed live test test/e2e-scenario/live/cloud-onboard.test.ts.
  • Dispatch: gh workflow run e2e-vitest-scenarios.yaml --ref <pr-head-ref> --field jobs=cloud-onboard-vitest

Optional Vitest E2E scenarios

• None.

Relevant changed files

• .github/workflows/e2e-vitest-scenarios.yaml
• test/e2e-scenario/live/cloud-onboard.test.ts

[github-actions]

PR Review Advisor

Findings: 2 needs attention, 1 worth checking, 0 nice ideas
Since last review: 0 prior items resolved, 3 still apply, 0 new items found

Review findings

🛠️ Needs attention

• Restore the hosted inference reachability preflight before install (test/e2e-scenario/live/cloud-onboard.test.ts:81): The legacy cloud-onboard shell test required both a configured hosted inference key and a lightweight hosted endpoint reachability probe before cleanup/install side effects. The new Vitest test obtains hosted inference config, then proceeds through Docker probing, cleanup, and the public installer without the equivalent unauthenticated/no-quota reachability check. That weakens migration parity and can discover endpoint/network/TLS outages only after cleanup and public install have already run.
  • Recommendation: Add a lightweight pre-install hosted inference reachability probe equivalent to `nemoclaw_e2e_probe_hosted_inference` before pre-cleanup/public install. Keep the API key redacted and fail or skip at the same prerequisite boundary as the legacy test.
  • Evidence: Legacy `test/e2e/test-cloud-onboard-e2e.sh` runs `nemoclaw_e2e_probe_hosted_inference` in Phase 2 before Phase 3 install. New `cloud-onboard.test.ts` calls `requireHostedInferenceConfig(secrets)` at line 81 and reaches pre-cleanup and the public installer at lines 117-121 without a reachability probe.
• Preserve the legacy negative assertion for local checkout installs (test/e2e-scenario/live/cloud-onboard.test.ts:136): The legacy shell test explicitly failed if installer output contained the local-checkout marker, guarding the public curl installer contract against accidentally using the selected source checkout. The Vitest test asserts positive GitHub clone strings but does not assert that the local-checkout marker is absent.
  • Recommendation: Add an assertion that `resultText(install)` does not contain `NemoClaw package.json found in the selected source checkout`, or document why the installer output cannot contain both that marker and the GitHub clone strings.
  • Evidence: New test asserts `Installing NemoClaw from GitHub`, `Cloning NemoClaw source`, and optionally `Resolved install ref: ${ref}`. Legacy `test-cloud-onboard-e2e.sh` failed when its install log contained `NemoClaw package.json found in the selected source checkout`.

🔎 Worth checking

• Treat the installer URL as data before running with secret-bearing env (test/e2e-scenario/live/cloud-onboard.test.ts:121): The test builds executable shell syntax from runtime values by interpolating `installCwd` and `installUrl` into a `bash -lc` command. The default workflow URL is pinned to the PR SHA, but the test also accepts `NEMOCLAW_INSTALL_SCRIPT_URL`. If that override contains a single quote or shell metacharacters in trusted dispatch/local automation, it can alter the command before `curl` runs. The command environment includes `NVIDIA_INFERENCE_API_KEY` and `COMPATIBLE_API_KEY`, increasing credential-leakage impact.
  • Recommendation: Pass dynamic values as argv data rather than shell syntax, for example `bash -c 'cd "$1" && curl -fsSL "$2" | bash' -- "$installCwd" "$installUrl"`. Consider allowlisting the installer host/ref whenever the hosted inference secret is present.
  • Evidence: `cloud-onboard.test.ts` uses `["-lc", `cd '${installCwd}' && curl -fsSL '${installUrl}' | bash`]` and sets `NVIDIA_INFERENCE_API_KEY`, `COMPATIBLE_API_KEY`, and `NEMOCLAW_INSTALL_SCRIPT_URL` in the command env with redaction.

🌱 Nice ideas

• None.

Consider writing more tests for

• **Runtime validation** — cloud-onboard fails before pre-cleanup/public install when the hosted inference base URL is unreachable, with the API key redacted in artifacts. This PR changes a live workflow and a real sandbox/public-installer scenario. Static review found migration-parity and trusted-shell-boundary risks that are best validated with targeted runtime/integration behavior, without relying on external job status in this review.
• **Runtime validation** — cloud-onboard treats NEMOCLAW_INSTALL_SCRIPT_URL containing a single quote or shell metacharacter as URL data, not shell syntax, while NVIDIA_INFERENCE_API_KEY is present. This PR changes a live workflow and a real sandbox/public-installer scenario. Static review found migration-parity and trusted-shell-boundary risks that are best validated with targeted runtime/integration behavior, without relying on external job status in this review.
• **Runtime validation** — cloud-onboard public installer validation fails when install output contains `NemoClaw package.json found in the selected source checkout`. This PR changes a live workflow and a real sandbox/public-installer scenario. Static review found migration-parity and trusted-shell-boundary risks that are best validated with targeted runtime/integration behavior, without relying on external job status in this review.
• **Runtime validation** — workflow selector evaluation maps scenarios=cloud-onboard to cloud-onboard-vitest and leaves the registry matrix empty. This PR changes a live workflow and a real sandbox/public-installer scenario. Static review found migration-parity and trusted-shell-boundary risks that are best validated with targeted runtime/integration behavior, without relying on external job status in this review.
• **Acceptance clause:** Migrate `test-cloud-onboard-e2e.sh` into the live Vitest E2E system. — add test evidence or identify existing coverage. The PR adds `test/e2e-scenario/live/cloud-onboard.test.ts` and a `cloud-onboard-vitest` workflow job, but migration parity is incomplete because the legacy hosted inference reachability preflight and local-checkout negative assertion are not preserved.
• **Acceptance clause:** The Vitest test drives the public curl installer from the requested Git ref, verifies the installed CLI/OpenShell path, then runs the split cloud check scripts for inference.local, security, and Landlock/read-only behavior before cleanup. — add test evidence or identify existing coverage. The workflow sets `NEMOCLAW_PUBLIC_INSTALL_REF` to `${{ github.sha }}`; the test builds the raw GitHub install URL/ref env, probes `command -v nemoclaw`, `command -v openshell`, and `nemoclaw --help`, then iterates the split check scripts `02-inference-local-http.sh`, `03-security-checks.sh`, and `04-landlock-readonly.sh` before verified cleanup. The partial status is due to the missing legacy pre-install reachability check and missing local-checkout negative assertion around the public installer contract.
• **Acceptance clause:** Refs Epic: Migrate legacy bash E2E into the Vitest E2E system #5098 — add test evidence or identify existing coverage. The deterministic validation context reported `linkedIssues: []`, so issue Epic: Migrate legacy bash E2E into the Vitest E2E system #5098 body/comments were not available to map literally.
• **Acceptance clause:** Preserves the legacy system boundaries from `test-cloud-onboard-e2e.sh` while leaving legacy shell retirement to Epic: Migrate legacy bash E2E into the Vitest E2E system #5098 Phase 11. — add test evidence or identify existing coverage. The new test keeps the public installer, real CLI/OpenShell probes, split shell checks, sandbox cleanup, and secret redaction boundaries. It does not preserve the legacy hosted inference reachability prerequisite or the legacy local-checkout negative assertion.

Since last review details

Current findings:

• Restore the hosted inference reachability preflight before install (test/e2e-scenario/live/cloud-onboard.test.ts:81): The legacy cloud-onboard shell test required both a configured hosted inference key and a lightweight hosted endpoint reachability probe before cleanup/install side effects. The new Vitest test obtains hosted inference config, then proceeds through Docker probing, cleanup, and the public installer without the equivalent unauthenticated/no-quota reachability check. That weakens migration parity and can discover endpoint/network/TLS outages only after cleanup and public install have already run.
  • Recommendation: Add a lightweight pre-install hosted inference reachability probe equivalent to `nemoclaw_e2e_probe_hosted_inference` before pre-cleanup/public install. Keep the API key redacted and fail or skip at the same prerequisite boundary as the legacy test.
  • Evidence: Legacy `test/e2e/test-cloud-onboard-e2e.sh` runs `nemoclaw_e2e_probe_hosted_inference` in Phase 2 before Phase 3 install. New `cloud-onboard.test.ts` calls `requireHostedInferenceConfig(secrets)` at line 81 and reaches pre-cleanup and the public installer at lines 117-121 without a reachability probe.
• Treat the installer URL as data before running with secret-bearing env (test/e2e-scenario/live/cloud-onboard.test.ts:121): The test builds executable shell syntax from runtime values by interpolating `installCwd` and `installUrl` into a `bash -lc` command. The default workflow URL is pinned to the PR SHA, but the test also accepts `NEMOCLAW_INSTALL_SCRIPT_URL`. If that override contains a single quote or shell metacharacters in trusted dispatch/local automation, it can alter the command before `curl` runs. The command environment includes `NVIDIA_INFERENCE_API_KEY` and `COMPATIBLE_API_KEY`, increasing credential-leakage impact.
  • Recommendation: Pass dynamic values as argv data rather than shell syntax, for example `bash -c 'cd "$1" && curl -fsSL "$2" | bash' -- "$installCwd" "$installUrl"`. Consider allowlisting the installer host/ref whenever the hosted inference secret is present.
  • Evidence: `cloud-onboard.test.ts` uses `["-lc", `cd '${installCwd}' && curl -fsSL '${installUrl}' | bash`]` and sets `NVIDIA_INFERENCE_API_KEY`, `COMPATIBLE_API_KEY`, and `NEMOCLAW_INSTALL_SCRIPT_URL` in the command env with redaction.
• Preserve the legacy negative assertion for local checkout installs (test/e2e-scenario/live/cloud-onboard.test.ts:136): The legacy shell test explicitly failed if installer output contained the local-checkout marker, guarding the public curl installer contract against accidentally using the selected source checkout. The Vitest test asserts positive GitHub clone strings but does not assert that the local-checkout marker is absent.
  • Recommendation: Add an assertion that `resultText(install)` does not contain `NemoClaw package.json found in the selected source checkout`, or document why the installer output cannot contain both that marker and the GitHub clone strings.
  • Evidence: New test asserts `Installing NemoClaw from GitHub`, `Cloning NemoClaw source`, and optionally `Resolved install ref: ${ref}`. Legacy `test-cloud-onboard-e2e.sh` failed when its install log contained `NemoClaw package.json found in the selected source checkout`.

Workflow run details

This is an automated advisory review. A human maintainer must make the final merge decision.

[github-code-quality]

Code Coverage Overview

Languages: TypeScript

TypeScript / code-coverage/plugin

The overall coverage in the e2e-migrate/test-clo... branch is 96%. Coverage data for the main branch is not yet available.

Show a code coverage summary of the most covered files.

File	main	e2e-migrate/test-clo... 8857095	+/-
nemoclaw/src/se...cret-scanner.ts	—	100%	—
nemoclaw/src/commands/slash.ts	—	100%	—
nemoclaw/src/li...bprocess-env.ts	—	100%	—
nemoclaw/src/bl...eprint/state.ts	—	98%	—
nemoclaw/src/onboard/config.ts	—	98%	—
nemoclaw/src/bl...int/snapshot.ts	—	97%	—
nemoclaw/src/bl...print/runner.ts	—	95%	—
nemoclaw/src/co...ration-state.ts	—	94%	—
nemoclaw/src/bl...ate-networks.ts	—	94%	—
nemoclaw/src/index.ts	—	94%	—

TypeScript / code-coverage/cli

The overall coverage in the e2e-migrate/test-clo... branch is 46%. Coverage data for the main branch is not yet available.

Show a code coverage summary of the most covered files.

File	main	e2e-migrate/test-clo... 8857095	+/-
src/lib/state/o...oard-session.ts	—	90%	—
src/lib/inference/local.ts	—	76%	—
src/lib/sandbox/config.ts	—	72%	—
src/lib/actions...dbox/rebuild.ts	—	67%	—
src/lib/onboard/preflight.ts	—	64%	—
src/lib/actions...licy-channel.ts	—	56%	—
src/lib/state/sandbox.ts	—	55%	—
src/lib/policy/index.ts	—	49%	—
src/lib/onboard...er-gpu-patch.ts	—	44%	—
src/lib/onboard.ts	—	18%	—

---

_{Updated June 16, 2026 21:08 UTC
Code Coverage is in Public Preview. Learn more and provide us with your feedback.}

[github-actions]

Vitest E2E Scenario Results — ✅ All jobs passed

Run: 27629700449
Workflow ref: e2e-migrate/test-cloud-onboard-e2e
Requested scenarios: (default — all supported)
Requested jobs: cloud-onboard-vitest
Summary: 2 passed, 0 failed, 35 skipped

Job	Result
bedrock-runtime-compatible-anthropic-vitest	⏭️ skipped
channels-add-remove-vitest	⏭️ skipped
cloud-inference-vitest	⏭️ skipped
cloud-onboard-vitest	✅ success
common-egress-agent-vitest	⏭️ skipped
credential-migration-vitest	⏭️ skipped
credential-sanitization-vitest	⏭️ skipped
double-onboard-vitest	⏭️ skipped
gateway-drift-preflight-vitest	⏭️ skipped
gateway-guard-recovery	⏭️ skipped
gateway-health-honest-vitest	⏭️ skipped
generate-matrix	✅ success
hermes-e2e-vitest	⏭️ skipped
hermes-root-entrypoint-smoke-vitest	⏭️ skipped
inference-routing-vitest	⏭️ skipped
issue-2478-crash-loop-recovery-vitest	⏭️ skipped
issue-4434-tui-unreachable-inference-vitest	⏭️ skipped
launchable-smoke-vitest	⏭️ skipped
live-scenarios	⏭️ skipped
messaging-compatible-endpoint-vitest	⏭️ skipped
messaging-providers-vitest	⏭️ skipped
model-router-provider-routed-inference-vitest	⏭️ skipped
network-policy-vitest	⏭️ skipped
onboard-negative-paths-vitest	⏭️ skipped
openclaw-inference-switch-vitest	⏭️ skipped
openclaw-skill-cli-vitest	⏭️ skipped
openclaw-tui-chat-correlation-vitest	⏭️ skipped
openshell-version-pin-vitest	⏭️ skipped
rebuild-openclaw-vitest	⏭️ skipped
runtime-overrides-vitest	⏭️ skipped
sandbox-rebuild-vitest	⏭️ skipped
sandbox-survival-vitest	⏭️ skipped
sessions-agents-cli-vitest	⏭️ skipped
shields-config-vitest	⏭️ skipped
skill-agent-vitest	⏭️ skipped
state-backup-restore-vitest	⏭️ skipped
token-rotation-vitest	⏭️ skipped

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/e2e-scenario/live/cloud-onboard.test.ts`:
- Around line 45-64: The cleanup function is suppressing all errors from both
the host cleanup command and the sandbox gateway destroy operation by catching
and ignoring exceptions with .catch(() => undefined). This allows tests to pass
even when cleanup or verification fails, violating the scenario's contract to
verify sandbox removal. Remove the .catch(() => undefined) error suppression
handlers from both the host command (which runs cleanup.sh with --verify flag)
and the sandbox openshell gateway destroy call, so that any cleanup or
verification failures will properly propagate and cause the test to fail.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 35cc94c6-ef38-4d31-9758-e00b1d580e9c

📥 Commits

Reviewing files that changed from the base of the PR and between 6c0fb04 and f2b83f0.

📒 Files selected for processing (2)

• .github/workflows/e2e-vitest-scenarios.yaml
• test/e2e-scenario/live/cloud-onboard.test.ts

[github-actions]

Vitest E2E Scenario Results — ✅ All jobs passed

Run: 27635622848
Workflow ref: e2e-migrate/test-cloud-onboard-e2e
Requested scenarios: (default — all supported)
Requested jobs: cloud-onboard-vitest
Summary: 2 passed, 0 failed, 35 skipped

Job	Result
bedrock-runtime-compatible-anthropic-vitest	⏭️ skipped
channels-add-remove-vitest	⏭️ skipped
cloud-inference-vitest	⏭️ skipped
cloud-onboard-vitest	✅ success
common-egress-agent-vitest	⏭️ skipped
credential-migration-vitest	⏭️ skipped
credential-sanitization-vitest	⏭️ skipped
double-onboard-vitest	⏭️ skipped
gateway-drift-preflight-vitest	⏭️ skipped
gateway-guard-recovery	⏭️ skipped
gateway-health-honest-vitest	⏭️ skipped
generate-matrix	✅ success
hermes-e2e-vitest	⏭️ skipped
hermes-root-entrypoint-smoke-vitest	⏭️ skipped
inference-routing-vitest	⏭️ skipped
issue-2478-crash-loop-recovery-vitest	⏭️ skipped
issue-4434-tui-unreachable-inference-vitest	⏭️ skipped
launchable-smoke-vitest	⏭️ skipped
live-scenarios	⏭️ skipped
messaging-compatible-endpoint-vitest	⏭️ skipped
messaging-providers-vitest	⏭️ skipped
model-router-provider-routed-inference-vitest	⏭️ skipped
network-policy-vitest	⏭️ skipped
onboard-negative-paths-vitest	⏭️ skipped
openclaw-inference-switch-vitest	⏭️ skipped
openclaw-skill-cli-vitest	⏭️ skipped
openclaw-tui-chat-correlation-vitest	⏭️ skipped
openshell-version-pin-vitest	⏭️ skipped
rebuild-openclaw-vitest	⏭️ skipped
runtime-overrides-vitest	⏭️ skipped
sandbox-rebuild-vitest	⏭️ skipped
sandbox-survival-vitest	⏭️ skipped
sessions-agents-cli-vitest	⏭️ skipped
shields-config-vitest	⏭️ skipped
skill-agent-vitest	⏭️ skipped
state-backup-restore-vitest	⏭️ skipped
token-rotation-vitest	⏭️ skipped

[github-actions]

Vitest E2E Scenario Results — ✅ All jobs passed

Run: 27636903903
Workflow ref: e2e-migrate/test-cloud-onboard-e2e
Requested scenarios: (default — all supported)
Requested jobs: cloud-onboard-vitest
Summary: 2 passed, 0 failed, 35 skipped

Job	Result
bedrock-runtime-compatible-anthropic-vitest	⏭️ skipped
channels-add-remove-vitest	⏭️ skipped
cloud-inference-vitest	⏭️ skipped
cloud-onboard-vitest	✅ success
common-egress-agent-vitest	⏭️ skipped
credential-migration-vitest	⏭️ skipped
credential-sanitization-vitest	⏭️ skipped
double-onboard-vitest	⏭️ skipped
gateway-drift-preflight-vitest	⏭️ skipped
gateway-guard-recovery	⏭️ skipped
gateway-health-honest-vitest	⏭️ skipped
generate-matrix	✅ success
hermes-e2e-vitest	⏭️ skipped
hermes-root-entrypoint-smoke-vitest	⏭️ skipped
inference-routing-vitest	⏭️ skipped
issue-2478-crash-loop-recovery-vitest	⏭️ skipped
issue-4434-tui-unreachable-inference-vitest	⏭️ skipped
launchable-smoke-vitest	⏭️ skipped
live-scenarios	⏭️ skipped
messaging-compatible-endpoint-vitest	⏭️ skipped
messaging-providers-vitest	⏭️ skipped
model-router-provider-routed-inference-vitest	⏭️ skipped
network-policy-vitest	⏭️ skipped
onboard-negative-paths-vitest	⏭️ skipped
openclaw-inference-switch-vitest	⏭️ skipped
openclaw-skill-cli-vitest	⏭️ skipped
openclaw-tui-chat-correlation-vitest	⏭️ skipped
openshell-version-pin-vitest	⏭️ skipped
rebuild-openclaw-vitest	⏭️ skipped
runtime-overrides-vitest	⏭️ skipped
sandbox-rebuild-vitest	⏭️ skipped
sandbox-survival-vitest	⏭️ skipped
sessions-agents-cli-vitest	⏭️ skipped
shields-config-vitest	⏭️ skipped
skill-agent-vitest	⏭️ skipped
state-backup-restore-vitest	⏭️ skipped
token-rotation-vitest	⏭️ skipped

[github-actions]

Vitest E2E Scenario Results — ✅ All jobs passed

Run: 27638941300
Workflow ref: e2e-migrate/test-cloud-onboard-e2e
Requested scenarios: (default — all supported)
Requested jobs: cloud-onboard-vitest
Summary: 2 passed, 0 failed, 36 skipped

Job	Result
bedrock-runtime-compatible-anthropic-vitest	⏭️ skipped
channels-add-remove-vitest	⏭️ skipped
cloud-inference-vitest	⏭️ skipped
cloud-onboard-vitest	✅ success
common-egress-agent-vitest	⏭️ skipped
credential-migration-vitest	⏭️ skipped
credential-sanitization-vitest	⏭️ skipped
double-onboard-vitest	⏭️ skipped
gateway-drift-preflight-vitest	⏭️ skipped
gateway-guard-recovery	⏭️ skipped
gateway-health-honest-vitest	⏭️ skipped
generate-matrix	✅ success
hermes-e2e-vitest	⏭️ skipped
hermes-root-entrypoint-smoke-vitest	⏭️ skipped
inference-routing-vitest	⏭️ skipped
issue-2478-crash-loop-recovery-vitest	⏭️ skipped
issue-4434-tui-unreachable-inference-vitest	⏭️ skipped
launchable-smoke-vitest	⏭️ skipped
live-scenarios	⏭️ skipped
messaging-compatible-endpoint-vitest	⏭️ skipped
messaging-providers-vitest	⏭️ skipped
model-router-provider-routed-inference-vitest	⏭️ skipped
network-policy-vitest	⏭️ skipped
onboard-negative-paths-vitest	⏭️ skipped
onboard-resume-vitest	⏭️ skipped
openclaw-inference-switch-vitest	⏭️ skipped
openclaw-skill-cli-vitest	⏭️ skipped
openclaw-tui-chat-correlation-vitest	⏭️ skipped
openshell-version-pin-vitest	⏭️ skipped
rebuild-openclaw-vitest	⏭️ skipped
runtime-overrides-vitest	⏭️ skipped
sandbox-rebuild-vitest	⏭️ skipped
sandbox-survival-vitest	⏭️ skipped
sessions-agents-cli-vitest	⏭️ skipped
shields-config-vitest	⏭️ skipped
skill-agent-vitest	⏭️ skipped
state-backup-restore-vitest	⏭️ skipped
token-rotation-vitest	⏭️ skipped