fix(share): give a clear error when the local mount path is on a read-only filesystem

[latenighthackathon]

Summary

nemoclaw <name> share mount now fails fast with a structured, actionable error when the local mount path is on a read-only filesystem, instead of leaking the low-level fusermount3: user has no write access to mountpoint line that #3192 reported on AlmaLinux 9.7.

Related Issue

Closes #3192

Changes

• New checkLocalMountWritable(localMount) helper in src/lib/share-command.ts recursively creates the mount directory and verifies the resulting path is writable, distinguishing EROFS (parent on read-only fs), EACCES (permission denied), and other failures and returning a structured { writable, reason } result.
• runShareMount consults this helper after writing the temporary SSH config and before invoking sshfs. A non-writable target now exits with the offending path, the underlying reason, and a suggested writable-path invocation; the temporary SSH config file is cleaned up before the early exit so we don't leave an orphan in /tmp. Sample output for a read-only target: Local mount path '/ro/mounts/my-assistant' is not usable: parent filesystem is read-only. share mount projects sandbox files onto a host directory via SSHFS, so the local target must be on a writable filesystem. Pick a writable directory: nemoclaw my-assistant share mount /sandbox <writable-path>.
• docs/reference/commands.md and the agent-skill mirror in .agents/skills/nemoclaw-user-reference/references/commands.md now include the writable-mount-target requirement in the share mount prerequisites, so users hitting the default ~/.nemoclaw/mounts/<name> on a read-only filesystem know they can pass an explicit local path as the second positional argument.
• New test/share-command-writable.test.ts covers five cases for the helper: success, EROFS from mkdirSync, EACCES from mkdirSync, an unexpected mkdirSync failure (ENOSPC), and a pre-existing directory whose accessSync fails.

Type of Change

• Code change with doc updates
• Code change (feature, bug fix, or refactor)
• Doc only (prose changes, no code sample modifications)
• Doc only (includes code sample changes)

Verification

• npx prek run --all-files passes (commitlint, gitleaks, biome, TypeScript, source-shape, skills YAML, dist-sourcemaps)
• npm test (npx vitest run) passes for the new file: 5/5 in test/share-command-writable.test.ts. Full suite was 3525 passed / 4 pre-existing timing flakes (sandbox-stuck-recovery, cli timing assertion) / 13 skipped; flakes are unrelated to share-command.ts and pass 4/4 in isolation.
• Tests added or updated for new or changed behavior
• No secrets, API keys, or credentials committed
• Docs updated for user-facing behavior changes

---

Signed-off-by: latenighthackathon latenighthackathon@users.noreply.github.com

Summary by CodeRabbit

• Documentation

  • Clarified that nemoclaw <name> share mount requires the local mount path to be on a writable host filesystem and how to supply an explicit writable destination.

• Bug Fixes

  • Mount now validates the local target before attempting the mount and shows clearer, actionable errors when the path is not writable.

• Tests

  • Added automated tests covering writable-check scenarios and failure messages.

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 4e63340f-d38b-4bc1-8c57-9107b00fa7d4

📥 Commits

Reviewing files that changed from the base of the PR and between e004f5c and 0fa6708.

📒 Files selected for processing (4)

• .agents/skills/nemoclaw-user-reference/references/commands.md
• docs/reference/commands.md
• src/lib/share-command.ts
• test/share-command-writable.test.ts

✅ Files skipped from review due to trivial changes (2)

• docs/reference/commands.md
• .agents/skills/nemoclaw-user-reference/references/commands.md

🚧 Files skipped from review as they are similar to previous changes (2)

• src/lib/share-command.ts
• test/share-command-writable.test.ts

---

📝 Walkthrough

Walkthrough

Adds an exported checkLocalMountWritable() and integrates it into runShareMount to preflight local mount writability (exit + cleanup on failure); removes the prior unconditional directory creation; adds Vitest tests for errno-to-reason mappings; updates command docs to require a writable host local mount path.

Changes

Mount Directory Writability Validation

Layer / File(s)	Summary
Writable Path Check Implementation src/lib/share-command.ts	New exported checkLocalMountWritable(localMount) creates the directory recursively, checks write access with fs.accessSync(W_OK), and returns { writable: true } or { writable: false, reason } mapping common mkdirSync/accessSync errno cases to human-readable reasons.
Integration & Error Handling src/lib/share-command.ts	runShareMount() now calls checkLocalMountWritable(localMount) after writing the temporary SSH config; on failure it logs the localMount and reason, removes the temporary SSH config/tmp directory, and exits with code 1. The previous unconditional fs.mkdirSync(localMount, { recursive: true }) was removed.
Test Coverage test/share-command-writable.test.ts	New Vitest suite mocks fs.mkdirSync and fs.accessSync to assert { writable: true } on success and verify errno-to-reason mappings for EROFS, EACCES, and unexpected errors; mocks are restored after each test.
User Documentation .agents/skills/nemoclaw-user-reference/references/commands.md, docs/reference/commands.md	Command reference prerequisites updated to state the local mount path must be writable on the host filesystem (FUSE/SSHFS creates the mount on the host) and that callers may supply an explicit writable local path as the second positional argument if the default is read-only.

Sequence Diagram(s)

sequenceDiagram
  participant Run as runShareMount
  participant Check as checkLocalMountWritable
  participant Cleanup as cleanup/tempdir
  Run->>Check: validate(localMount)
  alt writable
    Check-->>Run: { writable: true }
    Run->>Run: proceed to sshfs invocation
  else not writable
    Check-->>Run: { writable: false, reason }
    Run->>Cleanup: remove SSH config / temp dir
    Run->>Run: process.exit(1)
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐇 I checked the mount where carrots hide,
If hostlands let me write inside,
If not, I tell you plain and clear,
Clean up the crumbs and hop from here,
Bunny hops — no surprises near!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: adding a structured error message when the local mount path is on a read-only filesystem.
Linked Issues check	✅ Passed	The PR fully addresses issue #3192 by implementing a pre-check that validates mount directory writability before invoking sshfs and provides clear, actionable error messages.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to addressing #3192: the new helper function, integration into runShareMount, documentation updates, and test coverage are all focused on the read-only filesystem detection requirement.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint skipped: no ESLint configuration detected in root package.json. To enable, add eslint to devDependencies.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/lib/share-command.ts`:
- Around line 84-88: The catch on fs.accessSync currently collapses all errors
into "directory is not writable"; change it to inspect the caught error (e.g.,
the thrown Error object in the catch) and preserve the root cause similar to the
mkdirSync branch: if err.code === 'EROFS' return a writable:false result with
the same EROFS/read-only reason, otherwise return writable:false with a generic
"directory is not writable" reason but include the original error message/code
so callers can see the root cause; update the catch block around
fs.accessSync(localMount, fs.constants.W_OK) to implement this conditional error
handling.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 28f1b1df-e7ba-436f-bfa5-b5118f735435

📥 Commits

Reviewing files that changed from the base of the PR and between b1320d5 and 58c035b.

📒 Files selected for processing (4)

• .agents/skills/nemoclaw-user-reference/references/commands.md
• docs/reference/commands.md
• src/lib/share-command.ts
• test/share-command-writable.test.ts

[wscurran]

✨ Thanks for submitting this PR that fixes the issue with the local mount path being on a read-only filesystem. This change involves adding a check to verify the mount directory is writable before invoking sshfs and provides a structured error message when the path is not writable.

---

Related open issues:

• #3192 nemoclaw sandbox_name share mount doesn't allow mounting directories from read-only filesystems

[SeseMueller]

While this PR is looking into improving the Error Reporting of the share mount command, I would also like to suggest an improvement to the case where a user tries to mount a sandbox path that doesn't exist (potentially if there is a typo). By default, in that case, the user only sees SSHFS mount failed and no information that the file or directory does not exist.

[latenighthackathon]

Thanks for the feedback @SeseMueller, will file a separate follow-up so this PR stays scoped to the writable-fs fix - stay tuned. Cheers!

[latenighthackathon]

Follow-up filed: #3414 (issue) and #3415 (PR) - the missing-remote-path pre-flight you flagged, scoped separately so this PR stays focused on the writable-fs case. @SeseMueller, mind taking a look at #3415 when you have a moment? Cheers!

[latenighthackathon]

Closing in favor of #3646, which carries the same fix as a single clean signed commit rebased onto current upstream/main (post-v0.0.44). Tested in container: 6/6 checkLocalMountWritable cases pass plus 9/9 existing share-command.test.ts. Cheers!