fix(cli): handle local gateway doctor and large backups

[cv]

Summary

Salvages the intended fixes from #4583 on a clean branch. nemoclaw doctor now accepts a verified local openshell-gateway process when legacy container inspection fails, and tar listing validation has enough buffer headroom for large sandbox state backups.

Changes

• Reuse the anchored host gateway pgrep pattern in doctor and report a local gateway as healthy only when both the process and gateway port are present.
• Increase the tar listing spawnSync buffer used by path validation and hard-link rejection.
• Add regression coverage for the local gateway doctor fallback and for large hard-link validation archives.

Type of Change

• Code change (feature, bug fix, or refactor)
• Code change with doc updates
• Doc only (prose changes, no code sample modifications)
• Doc only (includes code sample changes)

Verification

• npx prek run --all-files passes
• npm test passes
• Tests added or updated for new or changed behavior
• No secrets, API keys, or credentials committed
• Docs updated for user-facing behavior changes
• npm run docs builds without warnings (doc changes only)
• Doc pages follow the style guide (doc changes only)
• New doc pages include SPDX header and frontmatter (new pages only)

---

Signed-off-by: Carlos Villela cvillela@nvidia.com

Summary by CodeRabbit

• New Features

  • Diagnostics: improved gateway checks — when container inspection fails, doctor probes the local gateway process/port, adjusts results based on available evidence and probe-tool availability, and more reliably captures host command outcomes.
  • Reliability: safer handling of very large tar archives by constraining command output buffering during archive inspection.

• Tests

  • Added integration and regression tests covering gateway fallback behaviors and large-tar scenarios.

[coderabbitai]

Warning

Review limit reached

@cv, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 14 minutes and 3 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 089e232d-652e-45d9-b921-8544144175a5

📥 Commits

Reviewing files that changed from the base of the PR and between ddf7a22 and 13e1b7c.

📒 Files selected for processing (2)

• src/lib/state/sandbox.ts
• src/lib/state/tar-listing.ts

📝 Walkthrough

Walkthrough

Adds a host-level gateway inspection fallback (pgrep + ss) used when Docker inspect fails, moves host command capture into its own module, exports the gateway pgrep pattern, and increases tar-listing subprocess buffer to 256 MiB with 20k-entry regression tests.

Changes

Host Gateway Process Detection Fallback

Layer / File(s)	Summary
Gateway fallback logic with host checks src/lib/actions/sandbox/doctor-gateway-fallback.ts, src/lib/actions/sandbox/doctor-host-command.ts, src/lib/actions/sandbox/doctor.ts, src/lib/onboard/host-gateway-process.ts, test/cli/doctor-gateway-token.test.ts, src/lib/actions/sandbox/doctor-host-command.test.ts	Adds captureHostCommand module; new GatewayInspectOptions and buildGatewayInspectFailureChecks that probe pgrep/ss and emit DoctorCheck entries when docker inspect fails; dockerInspectGateway now takes options and delegates failures to the fallback; exports HOST_GATEWAY_PGREP_PATTERN; integration and unit tests cover fallback and tooling-unavailable cases.

Tar Archive Buffer Management

Layer / File(s)	Summary
Buffer overflow protection for large tar listings src/lib/state/sandbox.ts, test/security-sandbox-tar-traversal.test.ts	Adds TAR_LISTING_MAX_BUFFER_BYTES (256 MiB) and passes it as spawnSync's maxBuffer for tar -tf and tar -tvf; adds 20,000-entry tests for rejectHardLinks and validateTarEntries.

Sequence Diagram(s)

sequenceDiagram
  participant DoctorCLI as Doctor
  participant DockerInspect as DockerInspect
  participant OpenShell as OpenShell
  participant Pgrep as pgrep
  participant SS as ss
  participant DoctorReport as DoctorReport
  DoctorCLI->>DockerInspect: inspect legacy gateway container
  DockerInspect-->>DoctorCLI: fails (status !== 0)
  DoctorCLI->>OpenShell: query named gateway connected?
  OpenShell-->>DoctorCLI: namedGatewayConnected
  DoctorCLI->>Pgrep: pgrep HOST_GATEWAY_PGREP_PATTERN
  Pgrep-->>DoctorCLI: process found / not found
  DoctorCLI->>SS: ss check GATEWAY_PORT
  SS-->>DoctorCLI: port listening / not listening
  DoctorCLI->>DoctorReport: emit Local gateway process ok / info / skipped checks

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• NVIDIA/NemoClaw#4646: Overlaps gateway-health detection logic in doctor.ts and related legacy container inspection changes.

Suggested labels

NemoClaw CLI

Suggested reviewers

• prekshivyas

Poem

🐰 I sniff the gateway with a twitchy nose,
pgrep and ss tell me where it goes.
When docker hides, I still report the scene,
and wide tars fit buffers kept serene.
A hopping rabbit cheers the safer routine.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 25.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly describes the main changes: improving local gateway doctor detection and handling large backups in tar validation.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/salvage-4583-doctor-backup

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

E2E Advisor Recommendation

Required E2E: state-backup-restore-e2e, diagnostics-e2e, credential-sanitization-e2e
Optional E2E: ubuntu-repo-cloud-openclaw-custom-policies, sandbox-survival-e2e

Dispatch hint: state-backup-restore-e2e,diagnostics-e2e,credential-sanitization-e2e

Auto-dispatched E2E: state-backup-restore-e2e, diagnostics-e2e, credential-sanitization-e2e via nightly-e2e.yaml at 13e1b7c990103734b15f9a56907c2f833300c366 — nightly run

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

• state-backup-restore-e2e (high (~60 min timeout, live Docker/OpenShell sandbox, NVIDIA API key)): Exercises live sandbox state backup/destroy/recreate/restore, the closest existing E2E path through src/lib/state/sandbox.ts tar validation and extraction behavior changed in this PR.
• diagnostics-e2e (medium-high (live Docker/OpenShell sandbox, NVIDIA API key)): Closest existing diagnostics E2E for user-facing CLI health/debug flows around an onboarded sandbox. It should be run because doctor.ts and gateway diagnostics changed, even though it does not appear to fully cover the new local-gateway fallback path.
• credential-sanitization-e2e (high (~60 min timeout, live sandbox required, NVIDIA API key)): Security-oriented E2E that validates sandbox/host credential and traversal protections around migration/snapshot-style state handling; appropriate because tar validation/extraction remains a host security boundary.

Optional E2E

• ubuntu-repo-cloud-openclaw-custom-policies (high (~90 min timeout, live Docker/OpenShell sandbox, NVIDIA API key)): Typed scenario includes smoke, inference, credentials, onboarding-state, model-router, and snapshot-lifecycle suites. Useful additional confidence that normal repo onboarding plus snapshot lifecycle still works after doctor/gateway/state changes.
• sandbox-survival-e2e (high (long live sandbox operations suite)): Useful adjacent confidence for gateway restart/sandbox lifecycle behavior, but less direct because the changed doctor fallback is not the main assertion path.

New E2E recommendations

• sandbox doctor / gateway diagnostics (high): Existing E2E coverage appears to have no focused doctor --json assertion for the new behavior: legacy openshell-cluster-* inspect failure should not fail when OpenShell verifies the named gateway/local openshell-gateway process, and unverified local process evidence must remain informational.
  • Suggested test: Add a focused doctor-gateway-fallback E2E to onboard a sandbox, run nemoclaw <sandbox> doctor --json, and assert Gateway checks reflect the Docker-driver/named-gateway path without stale legacy-container failure.
• sandbox state backup/restore security (medium): Unit tests cover large tar listings, but existing live restore E2E likely uses small archives and may not exercise listing output beyond Node's default spawn buffer or malicious archive rejection in a real restore flow.
  • Suggested test: Extend state-backup-restore E2E or add a focused large-tar-restore-security E2E that restores a large safe backup and verifies malicious hard-link/traversal archives are rejected without writing outside the target.

Dispatch hint

• Workflow: nightly-e2e.yaml
• jobs input: state-backup-restore-e2e,diagnostics-e2e,credential-sanitization-e2e

[github-actions]

E2E Scenario Advisor Recommendation

Required scenario E2E: ubuntu-repo-cloud-openclaw
Optional scenario E2E: wsl-repo-cloud-openclaw

Dispatch required scenario E2E:

• gh workflow run e2e-scenarios.yaml --ref <pr-head-ref> --field scenarios=ubuntu-repo-cloud-openclaw

Workflow run

Full scenario advisor summary

E2E Scenario Advisor

Base: origin/main
Head: HEAD
Confidence: medium

Required scenario E2E

• ubuntu-repo-cloud-openclaw: Changes touch gateway/doctor host probing, the host gateway process helper used around onboarding/runtime cleanup, and sandbox state backup/restore plumbing. The smallest dispatchable repo-current Linux scenario that exercises the normal cloud OpenClaw onboarding path plus gateway health, sandbox listing, status, and baseline operations is ubuntu-repo-cloud-openclaw.
  • Dispatch: gh workflow run e2e-scenarios.yaml --ref <pr-head-ref> --field scenarios=ubuntu-repo-cloud-openclaw

Optional scenario E2E

• wsl-repo-cloud-openclaw: Optional adjacent platform coverage for host/gateway process behavior under WSL. This is a special-runner scenario, so it is optional unless the PR specifically targets WSL.
  • Dispatch: gh workflow run e2e-scenarios.yaml --ref <pr-head-ref> --field scenarios=wsl-repo-cloud-openclaw

Relevant changed files

• src/lib/actions/sandbox/doctor-gateway-fallback.ts
• src/lib/actions/sandbox/doctor-host-command.ts
• src/lib/actions/sandbox/doctor.ts
• src/lib/onboard/host-gateway-process.ts
• src/lib/state/sandbox.ts
• src/lib/state/tar-listing.ts

[github-actions]

PR Review Advisor

Findings: 0 needs attention, 1 worth checking, 0 nice ideas
Top item: PR review advisor unavailable

Review findings

🛠️ Needs attention

• None.

🔎 Worth checking

• PR review advisor unavailable: The automated advisor could not complete: Could not parse JSON from PR review advisor output; see /home/runner/work/NemoClaw/NemoClaw/artifacts/pr-review-advisor/pr-review-advisor-raw-output.txt
  • Recommendation: Re-run the PR Review Advisor or perform a manual review.
  • Evidence: Could not parse JSON from PR review advisor output; see /home/runner/work/NemoClaw/NemoClaw/artifacts/pr-review-advisor/pr-review-advisor-raw-output.txt

🌱 Nice ideas

• None.

Consider writing more tests for

• **Runtime validation** — Add or identify targeted runtime/integration validation for the changed behavior; do not report external E2E job pass/fail here.. Runtime/sandbox/infrastructure paths need behavioral runtime validation: src/lib/actions/sandbox/doctor-gateway-fallback.ts, src/lib/actions/sandbox/doctor-host-command.ts, src/lib/actions/sandbox/doctor.ts, src/lib/onboard/host-gateway-process.ts, src/lib/state/sandbox.ts, src/lib/state/tar-listing.ts.

Workflow run details

This is an automated advisory review. A human maintainer must make the final merge decision.

[coderabbitai]

🧹 Nitpick comments (1)

src/lib/actions/sandbox/doctor.ts (1)

206-210: ⚖️ Poor tradeoff

Consider checking pgrep/ss availability before relying on them.

While the current implementation gracefully falls through to the existing Docker container failure when pgrep or ss fail, the user experience could be improved by detecting when these tools are unavailable versus when the gateway is genuinely not running. However, since this is a fallback path that only runs when Docker inspect fails, and the existing behavior (reporting Docker container failure) is acceptable, this is a low-priority enhancement.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/actions/sandbox/doctor.ts` around lines 206 - 210, The current
fallback uses captureHostCommand("pgrep", ...) and captureHostCommand("ss", ...)
without verifying those binaries exist; update the logic in the diagnostic block
that computes processCheck/portCheck (references: captureHostCommand,
HOST_GATEWAY_PGREP_PATTERN, GATEWAY_PORT, processCheck, portCheck,
processRunning, portListening) to first detect missing/failed utilities and
treat that as "tool unavailable" rather than "gateway not running" — e.g., after
calling captureHostCommand inspect processCheck.status and processCheck.stderr
(and same for portCheck) for command-not-found or permission errors and set
separate flags like pgrepAvailable/ssAvailable; if a tool is unavailable,
surface a clearer message or skip that check when deciding
processRunning/portListening so the code can fall back to Docker diagnostics or
produce a specific "pgrep/ss unavailable" hint to the user.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/lib/actions/sandbox/doctor.ts`:
- Around line 206-210: The current fallback uses captureHostCommand("pgrep",
...) and captureHostCommand("ss", ...) without verifying those binaries exist;
update the logic in the diagnostic block that computes processCheck/portCheck
(references: captureHostCommand, HOST_GATEWAY_PGREP_PATTERN, GATEWAY_PORT,
processCheck, portCheck, processRunning, portListening) to first detect
missing/failed utilities and treat that as "tool unavailable" rather than
"gateway not running" — e.g., after calling captureHostCommand inspect
processCheck.status and processCheck.stderr (and same for portCheck) for
command-not-found or permission errors and set separate flags like
pgrepAvailable/ssAvailable; if a tool is unavailable, surface a clearer message
or skip that check when deciding processRunning/portListening so the code can
fall back to Docker diagnostics or produce a specific "pgrep/ss unavailable"
hint to the user.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 90f8d5ba-5f48-4ab8-baed-0b8eea486a98

📥 Commits

Reviewing files that changed from the base of the PR and between a25d5b3 and 3c34066.

📒 Files selected for processing (5)

• src/lib/actions/sandbox/doctor.ts
• src/lib/onboard/host-gateway-process.ts
• src/lib/state/sandbox.ts
• test/cli/doctor-gateway-token.test.ts
• test/security-sandbox-tar-traversal.test.ts

[coderabbitai]

🧹 Nitpick comments (1)

test/cli/doctor-gateway-token.test.ts (1)

87-90: 💤 Low value

Consider adding a brief comment explaining the purpose.

The parseJsonPrefix function handles doctor output that may have trailing content (e.g., stderr) after the JSON. A one-line comment would clarify this intent for future maintainers.

📝 Suggested comment

+// Extracts JSON from output that may have trailing stderr after the final closing brace.
 function parseJsonPrefix<T>(output: string): T {
   const end = output.lastIndexOf("\n}");
   return JSON.parse(end >= 0 ? output.slice(0, end + 2) : output) as T;
 }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/cli/doctor-gateway-token.test.ts` around lines 87 - 90, The helper
function parseJsonPrefix silently trims trailing non-JSON content from command
output before parsing; add a one-line comment above parseJsonPrefix explaining
it extracts the JSON prefix from CLI output (handles cases where the CLI appends
extra stdout/stderr after the JSON, so we search for the last "\n}" and parse up
to that) to clarify intent for future maintainers and reference parseJsonPrefix
in the comment.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@test/cli/doctor-gateway-token.test.ts`:
- Around line 87-90: The helper function parseJsonPrefix silently trims trailing
non-JSON content from command output before parsing; add a one-line comment
above parseJsonPrefix explaining it extracts the JSON prefix from CLI output
(handles cases where the CLI appends extra stdout/stderr after the JSON, so we
search for the last "\n}" and parse up to that) to clarify intent for future
maintainers and reference parseJsonPrefix in the comment.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 17f14f53-a1f5-4085-9b38-cb875ea52191

📥 Commits

Reviewing files that changed from the base of the PR and between 3c34066 and 68a1c30.

📒 Files selected for processing (5)

• src/lib/actions/sandbox/doctor.ts
• src/lib/onboard/host-gateway-process.ts
• src/lib/state/sandbox.ts
• test/cli/doctor-gateway-token.test.ts
• test/security-sandbox-tar-traversal.test.ts

🚧 Files skipped from review as they are similar to previous changes (3)

• src/lib/onboard/host-gateway-process.ts
• src/lib/state/sandbox.ts
• src/lib/actions/sandbox/doctor.ts

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 27096769346
Target ref: 68a1c30babe7456ac4eee937b58ded9e05ca4376
Workflow ref: main
Requested jobs: diagnostics-e2e,sandbox-survival-e2e,state-backup-restore-e2e
Summary: 3 passed, 0 failed, 0 skipped

Job	Result
diagnostics-e2e	✅ success
sandbox-survival-e2e	✅ success
state-backup-restore-e2e	✅ success

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/lib/actions/sandbox/doctor-host-command.ts`:
- Line 27: The return logic for status in doctor-host-command.ts uses
result.status ?? (result.error ? 1 : 0) which treats a signal-terminated process
(result.signal set, result.status null) as success; update the expression to
consider result.signal as a failure too (e.g., set non-zero when result.signal
is present) by using result.status ?? (result.signal ? 1 : (result.error ? 1 :
0)), ensuring you reference the same result.status, result.signal and
result.error identifiers and the returned status field in the function that
builds the probe result.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 5729251b-9533-42e6-9ac2-69ef006cf912

📥 Commits

Reviewing files that changed from the base of the PR and between 68a1c30 and aaa3dc8.

📒 Files selected for processing (4)

• src/lib/actions/sandbox/doctor-gateway-fallback.ts
• src/lib/actions/sandbox/doctor-host-command.ts
• src/lib/actions/sandbox/doctor.ts
• test/cli/doctor-gateway-token.test.ts

🚧 Files skipped from review as they are similar to previous changes (2)

• test/cli/doctor-gateway-token.test.ts
• src/lib/actions/sandbox/doctor.ts

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 27097579627
Target ref: ddf7a221ab642c9932d0c56a6a7fbb130a04e02e
Workflow ref: main
Requested jobs: diagnostics-e2e,state-backup-restore-e2e,sandbox-survival-e2e
Summary: 3 passed, 0 failed, 0 skipped

Job	Result
diagnostics-e2e	✅ success
sandbox-survival-e2e	✅ success
state-backup-restore-e2e	✅ success

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 27097993741
Target ref: 0fb9c16a9f9b510d0254ffe06efb1af03a3ec32d
Workflow ref: main
Requested jobs: diagnostics-e2e,snapshot-commands-e2e
Summary: 2 passed, 0 failed, 0 skipped

Job	Result
diagnostics-e2e	✅ success
snapshot-commands-e2e	✅ success

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 27098301659
Target ref: 13e1b7c990103734b15f9a56907c2f833300c366
Workflow ref: main
Requested jobs: state-backup-restore-e2e,diagnostics-e2e,credential-sanitization-e2e
Summary: 3 passed, 0 failed, 0 skipped

Job	Result
credential-sanitization-e2e	✅ success
diagnostics-e2e	✅ success
state-backup-restore-e2e	✅ success