Skip to content

[Linux][CLI&UX] nemoclaw <sandbox> logs --follow streams no policy denial events; only emits Node UNDICI-EHPA warning #2512

Closed
#2590
Closed
[Linux][CLI&UX] nemoclaw <sandbox> logs --follow streams no policy denial events; only emits Node UNDICI-EHPA warning#2512
#2590
Assignees
yimoj
Labels
NV QABugs found by the NVIDIA QA TeamNemoClaw CLIUse this label to identify issues with the NemoClaw command-line interface (CLI).Platform: UbuntuSupport for Linux UbuntubugSomething isn't working
@wangericnv

Description

@wangericnv
wangericnv
opened on Apr 27, 2026

Description

[Issue Summary]

nemoclaw  logs --follow exits with no log content (only a Node UNDICI-EHPA warning) when a policy denial occurs in the sandbox. Detected by automated test T5882253 in the policy-network suite (nemoclaw-test repo, v0.0.26 cycle, runner nemoclaw-automation-05).
[Environment] 
Device:        nemoclaw-automation-05 (GitLab runner)
OS:            Linux (CI runner)
Architecture:  x86_64
Node.js:       v22.22.2
npm:           10.9.7
Docker:        29.4.1, build 055a478
OpenShell CLI: 0.0.36
NemoClaw:      v0.0.26
OpenClaw:      2026.4.9
[Steps to Reproduce] 
1. Onboard a sandbox with policyMode=skip (fresh sandbox; no policy applied).
2. From the host, run two commands concurrently (mirrors T5882253):
   a) nemoclaw  logs --follow      # 15s timeout
   b) wait 2s, then inside the sandbox:
      curl -sS --max-time 20 https://example.com
3. Wait for `logs --follow` to exit and inspect its stdout+stderr.
[Expected Behavior] 
Combined stdout+stderr of `nemoclaw  logs --follow` should include:
  - the blocked URL host (example.com)
  - a denial marker matching /CONNECT.*deny|action=deny|denial analysis/i
[Actual Behavior] 
Only output captured during the 15s window is the Node startup warning:
  (node:270) [UNDICI-EHPA] Warning: Env...

No nemoclaw / openshell / gateway log lines are streamed. Test assertion fails:
  expected '(node:270) [UNDICI-EHPA] Warning: Env...' to match /example\.com/i
[Logs] 
Pipeline:      https://gitlab-master.nvidia.com/cloud-service-qa/nemoclaw/nemoclaw-test/-/jobs/305515691
Failing test:  tests/05-policy-network/T5882253-policy-denial-details-are-available-in-host-logs.test.ts
DevTest ID:    5882253
Run date:      2026-04-26
[Regression?] 
Possibly. NVBug 6034048 (Bug-Fixed, QA-Verified) covered `--follow` being rejected outright on macOS (`unexpected argument '--follow'`).
The current symptom is different — the command runs to completion but emits no actual log content on the Linux CI runner.
[Suspected Root Cause / Notes] 
Two hypotheses to confirm in fresh repro:
  (a) Test timing: logs --follow timeoutMs=15s vs curl maxtime=20s; the second curl's deny event may emit after `logs --follow` has already exited.
  (b) Product regression: post-#6034048 fix may forward to `openshell --tail` without actually streaming live events on Linux.

Repro outside CI in a clean env will confirm whether this is a script/timing bug (fix in the test) or a product regression (open subbug to engineering).

Bug Details

Field Value
Priority Unprioritized
Action Dev - Open - To fix
Disposition Open issue
Module Machine Learning - NemoClaw
Keyword NemoClaw, NemoClaw_CLI&UX, NEMOCLAW_GH_SYNC_APPROVAL, NemoClaw_Policy&Network

[NVB#6115847]

Metadata

Metadata

Assignees

Labels

NV QABugs found by the NVIDIA QA TeamNemoClaw CLIUse this label to identify issues with the NemoClaw command-line interface (CLI).Platform: UbuntuSupport for Linux UbuntubugSomething isn't working

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions