test(e2e): migrate platform and remote coverage to scenario suites

[jyaunches]

Parent epic: #3588

Goal

Migrate the platform-remote E2E coverage area into the layered scenario framework without porting legacy scripts line-for-line. Add the missing primitive layer first, then move assertions into scenario plans/suites with stable IDs.

This issue is also the input for /vd_spec: create an implementation spec and a validation spec for platform/remote scenario coverage. The spec should make it unambiguous which checks are expected to pass, which are intentionally deferred/skipped, and what evidence the implementation PR must show.

Scope definition: platform-remote

This domain covers E2E behaviors tied to platform-specific or remote execution paths, including:

• GPU/local Ollama host flows
• Brev CPU/GPU remote branch validation and launchable install flows
• DGX Spark / DGX Station style local-model hosts
• macOS and Windows/WSL workflow/platform execution paths
• OpenShell Docker-driver gateway/network topology where it differs by platform
• platform-specific install/onboard preflight and recovery behavior

Out of scope unless explicitly pulled in by the spec: messaging-provider behavior, general policy presets, generic negative-path onboarding, and non-platform-specific CLI parsing.

Legacy / current E2E coverage to absorb

Migrate the highest-value assertions from these existing E2E assets into scenario-suite coverage. Do not port scripts line-for-line; extract the stable behaviors and classify the rest as covered, deferred, or retired.

Existing E2E assets and expected migrated assertions

Existing asset	Coverage to consider migrating
test/e2e/test-gpu-e2e.sh	GPU host preflight; Ollama install/start; sandbox GPU enabled; GPU proof logs; auth proxy token persistence and permissions; proxy reject/accept auth behavior; proxy recovery from persisted token; direct Ollama inference; sandbox inference.local to Ollama inference; destroy/uninstall cleanup.
test/e2e/test-gpu-double-onboard.sh	Re-onboard with Ollama keeps the persisted proxy token valid and sandbox inference still works. This is the core regression from #2606 / PR #2617.
test/e2e/test-launchable-smoke.sh	Brev launchable bootstrap artifacts; sentinel file; nemoclaw/openshell availability; non-interactive cloud onboard; sandbox health; inference.local routing; openclaw agent mediated inference.
test/e2e/test-spark-install.sh	Linux/DGX Spark install path succeeds; CLI and OpenShell are on PATH; non-interactive install works.
test/e2e/brev-e2e.test.ts	Clean Brev CPU/GPU VM branch validation; source install; remote setup; selected suite dispatch; Brev GPU runtime/network preparation.
.github/workflows/macos-e2e.yaml	macOS platform workflow/runner requirements and dispatch metadata.
.github/workflows/wsl-e2e.yaml	Windows/WSL platform workflow/runner requirements and dispatch metadata.

New merged/platform-remote work to evaluate for scenario coverage

These are not necessarily already covered by existing E2E. The spec should decide whether each becomes a scenario assertion, onboarding assertion, workflow metadata item, or deferred item.

Issue / PR	Existing E2E added?	Coverage decision needed for #3816
#3975 / PR #4180	No	DGX Spark/aarch64 OpenShell-managed runtime health: delivery-chain health should be accepted when direct in-container 127.0.0.1 probe fails but gateway process/forward is healthy.
#4178 / PR #4186	No	DGX Spark old Ollama upgrade loop: old host Ollama should trigger explicit upgrade path, not silent reuse/validation loop.
#4113 / PR #4132	No	DGX Spark/Ollama model selection: local model selection should use available memory, not total memory.
#4114 / PR #4135	No	Headless/non-interactive Linux Ollama install should support user-local fallback when sudo/system install is unavailable.
#3989 / PR #4060	No	WSL/source install should bootstrap OpenShell before onboard instead of failing with circular advice.
#3974 / PR #4101	No	Fresh Windows ARM with WSL enabled but no distro should install/register Ubuntu 24.04 or emit actionable failure.
#3986 / PR #4106	No	WSL idle OpenShell gateway recovery: maintenance/list/backup path should recover named gateway and retry.
#3988 / PR #4062	No	Windows ARM fake GPU detection: WDDM placeholder/non-NVIDIA GPU names should not pass NVIDIA GPU preflight.
#4177 / PR #4183	No	Sandbox build context permissions: staged /opt/nemoclaw files should be readable by sandbox user so OpenClaw plugin install can succeed.
PR #4008	No	Jetson GPU backend: Jetson/Tegra sandbox GPU mode uses NVIDIA runtime path rather than NVML/CDI assumptions.
#3473 / #3710 / PR #3965	No	Jetson forced GPU passthrough should fail early with guidance; default/auto should stay CPU path.
PR #3963	No	Spark GPU recreate should preserve the nemoclaw-start sandbox command and avoid stale Hermes runtime lock failure.
#3959 / PR #3960	Partially	Brev GPU bridge gateway reachability: existing E2E infra was hardened in brev-e2e.test.ts and test-gpu-e2e.sh; decide whether a scenario assertion is still needed. #3959 remains open, so this may be deferred until live validation.
PR #4214	Partially	Public installer E2Es must install the target ref, not silently install main; existing workflow/script validation was added, but scenario workflow metadata may need to preserve this.
PR #4046	Workflow only	macOS/WSL/nightly workflow Node/action runtime updates; likely metadata only, not a behavior assertion.
PR #4038	Yes	Existing E2E OpenClaw JSON parsing was hardened. Migrate only the stable platform/remote behavior if needed; helper parsing itself is not the domain behavior.
PR #4039	Yes	Launchable smoke agent probe was hardened with --thinking off and better failure evidence; fold into launchable-smoke migrated assertions if retained.

Architecture contract

• Add or extend the domain primitive library: test/e2e/validation_suites/lib/platform_remote.sh.
• Helpers must consume $E2E_CONTEXT_DIR/context.env; suites must not reinstall, onboard, or rediscover setup state.
• Add/extend suite family entries in test/e2e/validation_suites/suites.yaml.
• Add onboarding profiles/test plans/onboarding assertions only when the behavior belongs before expected-state validation.
• Emit stable assertion IDs using <layer>.<domain>.<behavior>.
• Preserve compatibility with existing run-scenario.sh <id> --plan-only behavior.
• If parity-map metadata still exists in the target branch, update test/e2e/docs/parity-map.yaml with layer, gap_domain, owner, and runner/secret requirements where applicable. If the parity workflow/map has been removed, capture the same metadata in the current scenario coverage/reporting mechanism instead.

Spec requirements for /vd_spec

The generated spec should include:

1. A coverage inventory mapping every item above to one of: covered, new assertion, deferred, or retired.
2. A scenario/test-plan design for each covered or new assertion item.
3. Stable assertion IDs for each migrated/new check.
4. Runner/secret/platform requirements for each scenario, including GPU, Brev, DGX Spark, macOS, WSL, and NVIDIA API key requirements where applicable.
5. A validation spec that states which commands/workflows must pass, which scenario IDs are expected to be runnable, and which are intentionally skipped/deferred due to unavailable platform/secrets.
6. Clear pass/fail expectations for the implementation PR: what should pass on the PR branch, what should fail on main or remain unimplemented if the PR is only adding coverage, and what evidence should be attached.

Validation expectations for the implementation PR

The PR opened from this work should include evidence that:

• Scenario framework/unit validation passes locally for resolver/schema/suite/coverage-report behavior.
• run-scenario.sh <id> --plan-only works for each new or changed platform/remote scenario.
• The GitHub E2E scenario workflow runs on the PR branch and shows the relevant scenario jobs/checks passing, failing, skipped, or deferred according to the validation spec.
• Any expected failures are intentional and documented in the PR body or validation artifact, with clear follow-up items if they cannot be made green in the same PR.
• Platform-specific scenarios that cannot run on the default PR infrastructure are still represented with metadata and plan-only validation, and are marked as deferred/manual with the exact runner/secret requirement.

Acceptance criteria

• Domain primitive helpers exist and are used by migrated suite steps.
• At least the highest-value assertions from the listed legacy coverage are mapped to stable scenario assertion IDs.
• New merged platform/remote bugs/features listed above are explicitly accepted into scope, deferred, or rejected with rationale.
• Remaining legacy assertions are explicitly classified as deferred or retired with layer/domain metadata.
• Scenario framework tests pass for resolver/schema/suite/coverage-report validation.
• The coverage report makes this domain visible as covered, deferred, or retired.
• The implementation PR includes the validation evidence described above, including E2E scenario workflow results on the PR branch.

[jyaunches]

Fresh assertion inventory for #3816 platform/remote scope

I did a fresh pass over the current #3816 scope, including the legacy E2E assets already named in the issue and the newer platform/remote items added in the latest issue update.

Coverage verdict

No: #3816 does not yet have 100% explicit assertion coverage across the relevant current E2E suite.

It does have the right high-level behavioral areas, but the issue body still summarizes several scripts at category level. The implementation spec should turn the inventory below into explicit covered / new assertion / deferred / retired rows with stable scenario assertion IDs.

Main gaps to make explicit in /vd_spec:

• prerequisite and platform guard assertions: Docker, nvidia-smi, Linux, env vars, NVIDIA_API_KEY, network reachability
• cleanup assertions: registry removal, uninstall deletes ~/.nemoclaw, clone cleanup, keep-sandbox skip behavior
• Brev/Vitest assertions: invalid sandbox name prevalidation, remote registry shape, suite dispatch output, GPU bridge setup source-shape checks
• fix(e2e): install workflow target ref in public onboard tests #4214 public install target-ref assertions from test-cloud-onboard-e2e.sh
• skip/deferred semantics for runner/secret/platform-gated checks
• newer feature: custom settings for using build endpoints #2 merged bug/fix candidates mostly do not have current E2E assertions and must be added/deferred explicitly

---

1. Existing E2E assets: assertion inventory

test/e2e/test-gpu-e2e.sh → scenario: GPU/local Ollama end-to-end

Assertion / check	Scenario behavior covered	#3816 body definitely covers?
Pre-cleanup complete	stale sandbox/gateway/process state removed before run	Partial; cleanup category only
Docker is running	GPU E2E host prerequisite	No; needs explicit prerequisite metadata
nvidia-smi works and reports VRAM	NVIDIA GPU host prerequisite	Partial
NEMOCLAW_NON_INTERACTIVE=1 required	non-interactive install contract	No
NEMOCLAW_ACCEPT_THIRD_PARTY_SOFTWARE=1 required	non-interactive third-party install contract	No
Ollama already installed / Ollama installed	host Ollama binary availability	Yes
Existing Ollama service stopped / port freed	onboard owns local Ollama lifecycle	Partial
repo root exists / cd succeeds	test harness setup	No; likely harness-only
install.sh --non-interactive exits 0	install + onboard succeeds with Ollama provider	Yes
nemoclaw on PATH after install	CLI installed and discoverable	Yes
nemoclaw list contains sandbox	sandbox registry/list visibility	Yes
nemoclaw <sandbox> status exits 0	sandbox status healthy	Yes
status says Sandbox GPU: enabled	GPU sandbox mode enabled by default on NVIDIA host	Yes
install log has GPU proof passed: nvidia-smi when available	onboard GPU proof: nvidia-smi	Yes
install log has /proc/<pid>/task/<tid>/comm write proof	onboard GPU proof: proc comm write compatibility	Yes
install log has cuInit(0) proof	onboard GPU proof: CUDA init via libcuda	Yes
openshell inference get includes Ollama	OpenShell inference provider set to Ollama	Yes
Ollama reachable at 127.0.0.1:11434	onboard started local Ollama	Yes
proxy token exists at ~/.nemoclaw/ollama-proxy-token	auth proxy token persisted	Yes
proxy token permissions are 600	token file permission hardening	Yes
auth proxy answers on proxy port	Ollama auth proxy liveness	Yes
unauthenticated POST returns 401	auth proxy rejects unauthenticated protected calls	Yes
correct bearer token returns non-401	auth proxy accepts persisted token	Yes
Docker bridge proxy reachability skipped under Docker GPU patch	topology-specific skip behavior	Partial; should be explicit deferred/conditional
container reaches host.openshell.internal:<proxy>	container-to-host proxy reachability	Yes
killed proxy is actually dead	proxy recovery precondition	Partial
proxy recovers from persisted token	proxy recovery after kill/restart	Yes
recovered proxy accepts original persisted token	recovered proxy token consistency	Yes
proxy recovery skipped when PID/token unavailable	conditional skip behavior	No; should be explicit skip/deferred metadata
model exists in Ollama	model availability before inference	Partial
direct host Ollama chat returns PONG	direct local Ollama inference	Yes
sandbox inference via configured route returns PONG	sandbox → inference.local/direct URL → Ollama inference	Yes
sandbox removed from registry after destroy	destroy cleanup correctness	Partial
uninstall skipped with SKIP_UNINSTALL=1	debug skip behavior	No; probably retired/harness-only
uninstall.sh --delete-models exits 0	Ollama-aware uninstall succeeds	Yes, via cleanup/uninstall category
~/.nemoclaw removed	uninstall deletes NemoClaw state	Partial
cleanup complete	final process cleanup	Partial/harness-only

test/e2e/test-gpu-double-onboard.sh → scenario: Ollama re-onboard token consistency

Assertion / check	Scenario behavior covered	#3816 body definitely covers?
Pre-cleanup complete	stale sandbox/gateway/Ollama/proxy state removed	Partial
Docker is running	GPU double-onboard host prerequisite	No
nvidia-smi works	NVIDIA GPU host prerequisite	Partial
required non-interactive env vars present	non-interactive install contract	No
Ollama installed / existing service stopped	local Ollama setup controlled by onboard	Yes/partial
install.sh --non-interactive exits 0	first onboard succeeds	Yes
nemoclaw on PATH	CLI installed	Yes
nemoclaw list contains sandbox	sandbox listed after first onboard	Yes
nemoclaw status exits 0	sandbox status healthy after first onboard	Yes
Ollama running on 127.0.0.1:11434	first onboard starts Ollama	Yes
auth proxy running	proxy liveness after first onboard	Yes
token file exists and permissions are 600	first-onboard token persistence/permissions	Yes
proxy accepts first-onboard token with HTTP 200	first token matches running proxy	Yes
model exists in Ollama	local model available	Partial
ssh-config succeeds	sandbox access path available	Partial
first-onboard sandbox inference returns PONG	first-onboard sandbox inference works	Yes
re-onboard exits 0	second onboard succeeds	Yes
token file exists after re-onboard	token persists across re-onboard	Yes
token file permissions preserved as 600	token hardening survives re-onboard	Yes
auth proxy running after re-onboard	proxy liveness after re-onboard	Yes
proxy accepts persisted token after re-onboard	core #2553/#2606 token-divergence regression guard	Yes
unauthenticated POST still returns 401	auth remains enforced after re-onboard	Yes
wrong token returns 401	wrong-token rejection after re-onboard	Yes
ssh-config succeeds after re-onboard	sandbox access path survives re-onboard	Partial
sandbox inference after re-onboard returns PONG and not 401	inference path uses current persisted token after re-onboard	Yes
sandbox removed from registry after destroy	destroy cleanup correctness	Partial
cleanup complete	final process cleanup	Partial/harness-only

test/e2e/test-launchable-smoke.sh → scenario: Brev launchable/community install smoke

Assertion / check	Scenario behavior covered	#3816 body definitely covers?
pre-cleanup + clone pre-seeded	launchable test uses PR/current checkout, not stale clone	Partial; clone preseed not explicit
Docker is running	launchable host prerequisite	No
NVIDIA_API_KEY set and nvapi-*	live cloud inference secret requirement	Partial; secret metadata needed
can reach integrate.api.nvidia.com	network/API prerequisite	No
required non-interactive env vars present	non-interactive install/onboard contract	No
brev-launchable-ci-cpu.sh exists	launchable script present	Yes
brev-launchable-ci-cpu.sh exits 0	launchable bootstrap succeeds	Yes
nemoclaw on PATH and nemoclaw --help works	launchable CLI installed	Yes
openshell on PATH and version works	OpenShell installed in launchable path	Yes
Node.js >=22, or >=20 skip-compatible	launchable runtime dependency	Partial
Docker running after launchable install	launchable installs/keeps Docker usable	Yes
sentinel /var/run/nemoclaw-launchable-ready exists	launchable readiness sentinel	Yes
clone directory exists	launchable clone created	Yes
CLI dist/ exists	CLI built	Yes
plugin nemoclaw/dist/ exists	plugin built	Yes
cd to clone succeeds	launchable clone usable	Partial/harness-only
nemoclaw onboard --non-interactive exits 0	launchable-installed NemoClaw can onboard	Yes
nemoclaw list contains sandbox	sandbox listed after launchable onboard	Yes
nemoclaw status exits 0	sandbox status healthy	Yes
inference configured as nvidia-prod	cloud provider configured by onboard	Yes
gateway container running or skip if naming differs	gateway liveness heuristic	Partial
direct NVIDIA Endpoints returns PONG	cloud inference credential/API sanity	Yes
sandbox inference.local returns PONG	sandbox routing through OpenShell proxy to NVIDIA Endpoints	Yes
openclaw agent --thinking off answers 42	full openclaw-mediated inference path	Yes; PR #4039 refinement should be explicit
sandbox removed from registry after destroy	destroy cleanup correctness	Partial
launchable clone directory cleaned up	test artifact cleanup	Partial/harness-only

test/e2e/test-spark-install.sh → scenario: DGX Spark/Linux install smoke

Assertion / check	Scenario behavior covered	#3816 body definitely covers?
host OS is Linux; non-Linux fails/uses Vitest skip path	Spark/Linux platform guard	Partial; needs explicit runner/platform metadata
Docker is running	Spark install prerequisite	No
NEMOCLAW_NON_INTERACTIVE=1	non-interactive install contract	No
NEMOCLAW_ACCEPT_THIRD_PARTY_SOFTWARE=1	third-party install contract	No
cd to repo succeeds	harness setup	No; likely retired/harness-only
generic installer flow without Spark-specific setup	current Spark path uses generic installer	Yes
install exits 0	non-interactive install succeeds	Yes
nemoclaw on PATH	CLI installed	Yes
openshell on PATH	OpenShell installed	Yes
nemoclaw --help exits 0	installed CLI executable works	Yes

test/e2e/brev-e2e.test.ts → scenario: Brev remote branch validation

Assertion / check	Scenario behavior covered	#3816 body definitely covers?
invalid sandbox name exits before Brev provisioning	deploy input validation avoids remote side effects	No; should be explicit or retired as non-platform input validation
invalid-name output includes specific guidance	user-facing validation detail	No
invalid-name path does not invoke Brev/SSH/install	fail-fast before remote work	No
GPU setup commands allow Docker bridge traffic to host-service ports	Brev GPU bridge gateway reachability setup (#3959/#3960)	Yes/partial
GPU setup commands include NVIDIA container toolkit/runtime proof	Brev GPU runtime preparation	Yes
test-gpu-e2e.sh uses OpenShell proxy env for Docker GPU inference proof	sandbox inference proof works under Docker GPU topology	Yes
remote registry default sandbox is e2e-test	branch validation writes expected registry	Partial
remote registry has e2e-test with gpuEnabled: false for non-GPU setup	remote registry shape	Partial
full suite output contains PASS and no FAIL:	full remote E2E suite dispatch passes	Yes
GPU suite output contains GPU E2E PASSED and no FAIL:	remote GPU suite dispatch passes	Yes
credential/messaging/dashboard selected suite outputs contain PASS and no FAIL:	remote selected-suite dispatch works	Partial; many are outside platform-remote
deploy-cli sandbox list contains e2e-test and Ready	remote deploy CLI creates ready sandbox	Yes/partial
deploy-cli registry default sandbox and entry exist	remote deploy registry correctness	Partial

.github/workflows/macos-e2e.yaml and .github/workflows/wsl-e2e.yaml

These are workflow/platform coverage, not shell assertions.

Asset	Scenario behavior covered	#3816 body definitely covers?
macos-e2e.yaml	macOS workflow dispatch/PR/push triggers and macos-26 runner requirement	Yes, but metadata-only
wsl-e2e.yaml	Windows/WSL workflow dispatch/PR/push triggers and windows-latest runner requirement	Yes, but metadata-only

---

2. Added platform/remote items: current E2E assertion status

Item	Current E2E assertion coverage?	Scenario coverage decision
#3975 / PR #4180	No current E2E assertion; unit/provisioning only	Needs new/deferred scenario assertion for Spark/aarch64 delivery-chain health
#4178 / PR #4186	No current E2E assertion; unit/onboard only	Needs new/deferred scenario assertion for old Ollama upgrade path
#4113 / PR #4132	No current E2E assertion; unit/inference only	Needs new/deferred scenario assertion for available-memory model selection
#4114 / PR #4135	No current E2E assertion; unit/onboard only	Needs new/deferred scenario assertion for sudo-free user-local Ollama install
#3989 / PR #4060	No current E2E assertion; install-preflight unit only	Needs new/deferred WSL/source install OpenShell bootstrap assertion
#3974 / PR #4101	No current E2E assertion; bootstrap unit only	Needs new/deferred WSL no-distro bootstrap assertion
#3986 / PR #4106	No current E2E assertion; gateway/list unit only	Needs new/deferred WSL idle gateway recovery assertion
#3988 / PR #4062	No current E2E assertion; NIM/preflight unit only	Needs new/deferred WSL fake-GPU rejection assertion
#4177 / PR #4183	No current E2E assertion; build-context/provisioning unit only	Needs new/deferred sandbox-user readability assertion
PR #4008	No current E2E assertion; GPU mode unit only	Needs new/deferred Jetson NVIDIA-runtime path assertion
#3473 / #3710 / PR #3965	No current E2E assertion; GPU mode unit only	Needs new/deferred Jetson forced-GPU fail-fast assertion
PR #3963	No current E2E assertion; Docker GPU patch/Hermes unit only	Needs new/deferred Spark GPU recreate command-preservation assertion
#3959 / PR #3960	Partial E2E coverage in brev-e2e.test.ts and test-gpu-e2e.sh	Covered as E2E infra/source-shape + runtime setup; still likely deferred for live scenario until #3959 closes
PR #4214	Partial E2E coverage in test-cloud-onboard-e2e.sh + workflow validation	Include target-ref/public-install assertions below or decide out-of-scope
PR #4046	Workflow only	Metadata-only; no behavior assertion needed unless workflow runtime compatibility is in scope
PR #4038	Yes, existing E2E helper hardening	Do not migrate parser helper as platform behavior; keep only affected behavior assertions
PR #4039	Yes, launchable smoke assertion hardened	Fold into launchable openclaw agent mediated inference assertion

test/e2e/test-cloud-onboard-e2e.sh from PR #4214 → scenario: public cloud onboard target-ref install

This file was not in the original #3816 legacy list, but PR #4214 made it relevant to the added coverage discussion.

Assertion / check	Scenario behavior covered	Include in #3816?
pre-cleanup complete	stale cloud-onboard sandbox/gateway removed	Maybe harness-only
Docker is running	cloud onboard host prerequisite	Maybe prerequisite metadata
NVIDIA_API_KEY valid and integrate.api.nvidia.com reachable	cloud provider secret/network precondition	Maybe metadata
non-interactive env vars required	non-interactive public install contract	Maybe metadata
Linux host preferred; non-Linux skip/continue behavior	platform guard	Maybe metadata
interactive mode unsupported skip/fail	unsupported mode classification	Probably out-of-scope
public install exits 0	public installer path works	Yes if #4214 remains in scope
public install does not use local source checkout	install source isolation	Yes for #4214
public install shows GitHub clone path	public clone path evidence	Yes for #4214
public install used requested ref	core #4214 target-ref assertion	Yes for #4214
nemoclaw and openshell on PATH; nemoclaw --help exits 0	installed toolchain works	Yes/partial
optional checks scripts pass or skip if absent	post-onboard check dispatch	Maybe out-of-scope unless scenarioized
cleanup complete / keep-sandbox skip	cleanup semantics	Maybe harness-only

---

Recommendation for /vd_spec

Use this comment as the assertion inventory. The spec should require a table with one row per assertion above and a final classification:

• covered: implemented in scenario suite with stable assertion ID
• new assertion: required by test(e2e): migrate platform and remote coverage to scenario suites #3816 implementation
• deferred: platform/secret/runner not currently available; still represented in plan-only metadata
• retired: harness-only, duplicate, or not domain behavior

The issue now definitely covers the major behavior families, but it does not yet definitely cover every assertion listed here until /vd_spec classifies them and the implementation PR shows E2E scenario workflow evidence.

[jyaunches]

Closing — superseded by epic #3588's new audit-coverage spec (specs/2026-05-26_scenario-e2e-audit-coverage-implementation).

Scope is now redistributed across phase-aligned issues:

• test-launchable-smoke.sh → AQ-018 in Phase 2: Onboarding and Installer Audit Coverage (E2E audit-coverage) #4348 (Phase 2)
• test-gpu-e2e.sh → AQ-026 in Phase 4: Local GPU and Ollama Audit Coverage (E2E audit-coverage) #4350 (Phase 4)
• test-gpu-double-onboard.sh → AQ-027 in Phase 4: Local GPU and Ollama Audit Coverage (E2E audit-coverage) #4350 (Phase 4)
• Ollama suites → AQ-028, AQ-029 in Phase 4: Local GPU and Ollama Audit Coverage (E2E audit-coverage) #4350 (Phase 4)
• test-spark-install.sh → AQ-055 in Phase 9: Rebuild, Upgrade, Installer Version, and Runtime Edge Audit Coverage (E2E audit-coverage) #4355 (Phase 9)
• test/e2e/brev-e2e.test.ts → AQ-062 in Phase 10: Gateway, Dashboard, Device Auth, Crash Loop, Tunnel, and Remote Service Audit Coverage (E2E audit-coverage) #4356 (Phase 10)

The "new merged work to evaluate" table is out of scope per the spec's non-goal: "Do not add new E2E scenarios that are not directly tied to one or more audit rows."

The new spec also retires the deferred/retired parity classification and the per-domain validation_suites/lib/<domain>.sh primitive layer that this issue references. Implementation work should target test/e2e-scenario/ under the 5-part scenario contract model and the audit work queue (docs/e2e-audit-work-queue.md).