Skip to content

fix(ollama): warm unloaded model after daemon restart#6482

Merged
cv merged 13 commits into
mainfrom
fix/issue-6039-ollama-restart-recovery
Jul 8, 2026
Merged

fix(ollama): warm unloaded model after daemon restart#6482
cv merged 13 commits into
mainfrom
fix/issue-6039-ollama-restart-recovery

Conversation

@cjagwani

@cjagwani cjagwani commented Jul 8, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • check the registered Ollama route before OpenClaw agent passthrough
  • translate persisted proxy and WSL bridge routes back to an allowlisted host daemon
  • require a successful, semantically valid Ollama warm response while preserving OpenClaw canonical errors on failure

Validation

  • npx vitest run --project cli src/lib/actions/sandbox/agent/ollama-restart-recovery.test.ts src/lib/actions/sandbox/agent/passthrough.test.ts
  • npm run build:cli
  • npm run typecheck
  • npx @biomejs/biome check ... (touched TypeScript files)
  • npm run checks
  • npm run test-size:check
  • npm run docs:check-agent-variants

Supersedes #6076.
Fixes #6039.

Summary by CodeRabbit

  • New Features
    • Added best-effort Ollama “restart recovery” during OpenClaw agent passthrough, including a bounded warm-up when models may be unloaded after a daemon restart.
  • Documentation
    • Updated local inference and troubleshooting guidance with Ollama-specific warm-up/timeout and continued-dispatch behavior.
  • Bug Fixes
    • Reduces post-restart failures by safely probing model availability, warming with routed requests, and continuing dispatch when warm-up times out or fails.
  • Tests
    • Expanded unit, integration, and GPU end-to-end coverage for warm-up skip/warm/warn outcomes and correct recovery-before-dispatch ordering.

Signed-off-by: cjagwani cjagwani@nvidia.com

Signed-off-by: Ho Lim <subhoya@gmail.com>

Signed-off-by: cjagwani <cjagwani@nvidia.com>
@cjagwani cjagwani added the v0.0.78 Release target label Jul 8, 2026
@github-code-quality

github-code-quality Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Code Coverage Overview

Languages: TypeScript

TypeScript / code-coverage/plugin

The overall coverage remains at 96%, unchanged from the branch.

TypeScript / code-coverage/cli

The overall coverage in the branch remains at 76%, unchanged from the branch.

Show a code coverage summary of the most impacted files.
File 0e0807d 4df8145 +/-
src/lib/runner.ts 83% 73% -10%
src/lib/actions...-add-restart.ts 19% 14% -5%
src/lib/security/redact.ts 98% 95% -3%
src/lib/adapters/http/probe.ts 91% 89% -2%
src/lib/state/config-io.ts 88% 93% +5%
src/lib/actions...lution-probe.ts 88% 94% +6%
src/lib/actions...e-validation.ts 81% 90% +9%
src/lib/actions...x/mcp-bridge.ts 35% 44% +9%
src/lib/actions...ama-recovery.ts 0% 93% +93%
src/lib/actions...art-recovery.ts 0% 95% +95%

Updated July 08, 2026 21:54 UTC
Code Coverage is in Public Preview. Learn more and provide us with your feedback.

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 04203eff-1e5c-47d0-8889-84746f31dcb8

📥 Commits

Reviewing files that changed from the base of the PR and between 4bf4193 and 4df8145.

📒 Files selected for processing (1)
  • test/e2e/live/gpu-e2e.test.ts
🚧 Files skipped from review as they are similar to previous changes (1)
  • test/e2e/live/gpu-e2e.test.ts

📝 Walkthrough

Walkthrough

Adds Ollama restart recovery for OpenClaw passthroughs, including host resolution, bounded warm-up, dispatch wiring, tests, an e2e restart scenario, and docs updates.

Changes

Ollama Restart Recovery

Layer / File(s) Summary
Recovery types and warm-up logic
src/lib/actions/sandbox/agent/ollama-restart-recovery.ts
Defines the recovery inputs and result union, resolves safe Ollama hosts, builds the bounded warm-up command, validates warm-up output, and implements the recovery workflow.
Recovery reporting helper
src/lib/actions/sandbox/agent/passthrough-ollama-recovery.ts
Defines the recovery process shape and failure text mapping, then logs readiness checks and reports warm-up outcomes or caught exceptions to stderr while allowing dispatch to continue.
Passthrough integration
src/lib/actions/sandbox/agent/passthrough.ts
Updates passthrough registry reads and dependencies with Ollama route fields and a recovery override, then invokes recovery for OpenClaw passthroughs backed by ollama-local before relock warnings.
Validation and docs
src/lib/actions/sandbox/agent/passthrough.test.ts, src/lib/actions/sandbox/agent/ollama-restart-recovery.test.ts, src/lib/actions/sandbox/agent/passthrough-ollama-recovery.test.ts, test/e2e/live/gpu-e2e.test.ts, docs/inference/use-local-inference.mdx, docs/reference/troubleshooting.mdx
Broadens the sandbox registry mock, adds recovery and dispatch-order tests, adds a GPU e2e restart-and-recovery scenario, and updates local inference and troubleshooting docs with the Ollama restart flow.

Estimated code review effort: 4 (Complex) | ~60 minutes

Suggested labels: bug-fix, area: e2e

Suggested reviewers: cv, jyaunches

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title is concise and accurately summarizes the main change: warming an unloaded Ollama model after daemon restart.
Linked Issues check ✅ Passed The PR implements automatic Ollama restart recovery, preserves backend-unavailable behavior, and resumes inference after the daemon restarts.
Out of Scope Changes check ✅ Passed The changes are focused on Ollama restart recovery, with supporting tests and docs only; no unrelated scope is evident.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/issue-6039-ollama-restart-recovery

Comment @coderabbitai help to get the list of available commands.

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

PR Review Advisor (Nemotron Ultra) — Changes requested

Merge posture: Do not merge yet
Primary next action: Resolve or justify PRA-1: normalizeHostname lacks RFC 1123 length validation.
Open items: 0 required · 3 warnings · 3 suggestions · 5 test follow-ups
Since last review: 1 prior item resolved · 3 still apply · 1 new item found

Action checklist

  • PRA-1 Resolve or justify: normalizeHostname lacks RFC 1123 length validation in src/lib/actions/sandbox/agent/ollama-restart-recovery.ts:79
  • PRA-2 Resolve or justify: Ollama error text discarded in validateWarmResponse in src/lib/actions/sandbox/agent/ollama-restart-recovery.ts:185
  • PRA-3 Resolve or justify: No E2E coverage for warm-up failure paths in test/e2e/live/gpu-e2e.test.ts:180
  • PRA-T1 Add or justify test follow-up: Runtime validation
  • PRA-T2 Add or justify test follow-up: Runtime validation
  • PRA-T3 Add or justify test follow-up: Runtime validation
  • PRA-T4 Add or justify test follow-up: Runtime validation
  • PRA-T5 Add or justify test follow-up: No E2E coverage for warm-up failure paths
  • PRA-4 In-scope improvement: Timeout constant not synced with documentation in src/lib/actions/sandbox/agent/ollama-restart-recovery.ts:1
  • PRA-5 In-scope improvement: Monolith growth alert is false positive — feature properly modularized in src/lib/actions/sandbox/agent/passthrough.ts:380
  • PRA-6 In-scope improvement: normalizeHostname duplicated across three files in src/lib/actions/sandbox/agent/ollama-restart-recovery.ts:79

Findings index

ID Severity Category Location Required action
PRA-1 Resolve/justify security src/lib/actions/sandbox/agent/ollama-restart-recovery.ts:79 Add hostname length validation in normalizeHostname or at the start of resolveRawOllamaHost. Reject hostnames exceeding 253 chars or labels exceeding 63 chars, falling back to getAllowedFallbackHost.
PRA-2 Resolve/justify security src/lib/actions/sandbox/agent/ollama-restart-recovery.ts:185 Thread the Ollama error text through the result type. Options: (a) extend OllamaRestartRecoveryResult to carry optional errorText for ollama-error reason, or (b) have validateWarmResponse return the error message and update reportRecovery to include it in stderr output.
PRA-3 Resolve/justify tests test/e2e/live/gpu-e2e.test.ts:180 Add an E2E test variant that triggers a warm-up failure (e.g., wrong model name in registry, or network policy blocking the warm-up curl) and verifies the error is reported to stderr but dispatch continues to OpenClaw.
PRA-4 Improvement correctness src/lib/actions/sandbox/agent/ollama-restart-recovery.ts:1 Consider exporting the timeout constant and having documentation reference it programmatically, or add a build-time check that validates the doc matches the constant.
PRA-5 Improvement architecture src/lib/actions/sandbox/agent/passthrough.ts:380 No code change needed. Consider suppressing this specific monolith alert for this PR in the drift tool configuration. The architecture is sound — feature logic lives in focused modules.
PRA-6 Improvement architecture src/lib/actions/sandbox/agent/ollama-restart-recovery.ts:79 Extract normalizeHostname to a shared utility (e.g., src/lib/adapters/http/curl-args.ts which already exports it, or a new src/lib/core/hostname.ts) and import in both production and test code.
Review findings by urgency: 0 required fixes, 3 items to resolve/justify, 3 in-scope improvements

⚠️ Resolve or justify before merge

Investigate these in the current review; either fix them, explain why they are not applicable, or document the accepted risk.

PRA-1 Resolve/justify — normalizeHostname lacks RFC 1123 length validation

  • Location: src/lib/actions/sandbox/agent/ollama-restart-recovery.ts:79
  • Category: security
  • Problem: The normalizeHostname function strips brackets, trailing dots, and lowercases but does not validate RFC 1123 hostname length (max 253 chars total, 63 per label). Input comes from persisted registry URL (NemoClaw-controlled), so exploitability is low, but defense-in-depth warrants a length check before allowlist comparison.
  • Impact: An oversized hostname in a maliciously crafted registry entry could theoretically bypass the allowlist check if it contains an allowlisted host as a suffix, though the URL parser and allowlist membership check make this unlikely.
  • Recommended action: Add hostname length validation in normalizeHostname or at the start of resolveRawOllamaHost. Reject hostnames exceeding 253 chars or labels exceeding 63 chars, falling back to getAllowedFallbackHost.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Read normalizeHostname at line 79 and resolveRawOllamaHost at line 105; confirm allowlist check precedes any network use.
  • Missing regression test: Add a test case in ollama-restart-recovery.test.ts with an oversized hostname in endpointUrl (e.g., 'a'.repeat(200) + '.127.0.0.1') to confirm it falls back to loopback via getAllowedFallbackHost.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Read normalizeHostname at line 79 and resolveRawOllamaHost at line 105; confirm allowlist check precedes any network use.
  • Evidence: normalizeHostname at line 79 only strips brackets, trailing dots, lowercases; no length validation. resolveRawOllamaHost at line 105 calls normalizeHostname then checks ALLOWED_RAW_OLLAMA_HOSTS.

PRA-2 Resolve/justify — Ollama error text discarded in validateWarmResponse

  • Location: src/lib/actions/sandbox/agent/ollama-restart-recovery.ts:185
  • Category: security
  • Problem: The validateWarmResponse function detects Ollama error responses (non-empty error field) but returns only the string "ollama-error", discarding the actual error message. The reportRecovery function in passthrough-ollama-recovery.ts then emits a generic "Ollama returned an error" message. Operators cannot see the specific Ollama error (e.g., 'model not found') when warm-up fails.
  • Impact: When warm-up fails due to an Ollama error (e.g., 'model not found'), the stderr only says 'Ollama returned an error' without the specific message, making debugging harder.
  • Recommended action: Thread the Ollama error text through the result type. Options: (a) extend OllamaRestartRecoveryResult to carry optional errorText for ollama-error reason, or (b) have validateWarmResponse return the error message and update reportRecovery to include it in stderr output.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Check validateWarmResponse at line 185 and reportRecovery in passthrough-ollama-recovery.ts line 38; trace how the stdout body flows.
  • Missing regression test: Extend the 'ollama-error' test in ollama-restart-recovery.test.ts to verify the error message appears in stderr output via runOllamaRestartRecovery.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Check validateWarmResponse at line 185 and reportRecovery in passthrough-ollama-recovery.ts line 38; trace how the stdout body flows.
  • Evidence: validateWarmResponse returns 'ollama-error' for any non-empty error string but discards the text. reportRecovery maps reason to generic message via describeWarmFailure.

PRA-3 Resolve/justify — No E2E coverage for warm-up failure paths

  • Location: test/e2e/live/gpu-e2e.test.ts:180
  • Category: tests
  • Problem: The E2E test covers the happy path (daemon restart → model unloaded → recovery warms → inference works). The timeout, command-failed, ollama-error, spawn-failed, and invalid-response paths are unit-tested but not E2E-covered in a real environment with actual Ollama daemon, proxy, and sandbox.
  • Impact: Failure paths lack end-to-end validation in a real environment with actual Ollama daemon, proxy, and sandbox.
  • Recommended action: Add an E2E test variant that triggers a warm-up failure (e.g., wrong model name in registry, or network policy blocking the warm-up curl) and verifies the error is reported to stderr but dispatch continues to OpenClaw.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Review the e2e test's restart block (lines 180-280) and the assertions after recovery; the test uses real systemctl/pkill and verifies recovery logs + PONG response. No failure-path variant exists.
  • Missing regression test: Add an E2E test variant that triggers a warm-up failure (e.g., wrong model name) and verifies the error is reported but dispatch continues.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Review the e2e test's restart block (lines 180-280) and the assertions after recovery; the test uses real systemctl/pkill and verifies recovery logs + PONG response. No failure-path variant exists.
  • Evidence: gpu-e2e.test.ts lines 180-280: restarts Ollama, verifies /api/ps empty, runs agent passthrough, asserts recovery logs and PONG. No failure-path variant.

💡 In-scope improvements

These are lower-risk, not throwaway. Prefer fixing them in this PR when they are local to changed code; defer only with rationale or a linked follow-up.

PRA-4 Improvement — Timeout constant not synced with documentation

  • Location: src/lib/actions/sandbox/agent/ollama-restart-recovery.ts:1
  • Category: correctness
  • Problem: The OLLAMA_RESTART_RECOVERY_TIMEOUT_SECONDS constant (300) is hardcoded in the recovery module but also referenced in documentation (troubleshooting.mdx line ~1300). If the timeout changes, the doc must be manually updated. No automated sync mechanism exists.
  • Impact: Documentation could drift from implementation if the timeout constant is changed without updating the doc.
  • Suggested action: Consider exporting the timeout constant and having documentation reference it programmatically, or add a build-time check that validates the doc matches the constant.
  • Expected follow-up: Prefer a current-PR fix when local to changed code; defer only with rationale or linked follow-up.
  • Verification: Compare the doc text at troubleshooting.mdx:1300 with OLLAMA_RESTART_RECOVERY_TIMEOUT_SECONDS (300) in ollama-restart-recovery.ts line 68.
  • Missing regression test: N/A — documentation accuracy check; could add a simple test that reads the constant and verifies doc content if a doc-testing framework exists.
  • Done when: The local improvement is applied, or the PR notes why it should be deferred.
  • Evidence: troubleshooting.mdx lines 1300-1305 describe bounded warm-up, failure reporting, and continued dispatch. Matches implementation but no automated sync.

PRA-5 Improvement — Monolith growth alert is false positive — feature properly modularized

  • Location: src/lib/actions/sandbox/agent/passthrough.ts:380
  • Category: architecture
  • Problem: The drift tool flagged passthrough.ts +27 lines as blocker monolith growth. However, the 27 lines are entirely delegation to two new extracted modules (ollama-restart-recovery.ts 234 lines, passthrough-ollama-recovery.ts 92 lines) which contain the actual feature logic. This is correct modularization, not monolith growth.
  • Impact: False positive alert may cause unnecessary review overhead if not recognized as delegation.
  • Suggested action: No code change needed. Consider suppressing this specific monolith alert for this PR in the drift tool configuration. The architecture is sound — feature logic lives in focused modules.
  • Expected follow-up: Prefer a current-PR fix when local to changed code; defer only with rationale or linked follow-up.
  • Verification: Compare the delta: passthrough.ts +27 lines, but two new modules at 234 + 92 lines contain the actual feature logic. The passthrough.ts changes are only imports and a 5-line call to runOllamaRestartRecovery.
  • Missing regression test: N/A — architectural observation.
  • Done when: The local improvement is applied, or the PR notes why it should be deferred.
  • Evidence: passthrough.ts diff shows +27 lines: import + 5-line recovery call + updated source-of-truth comments. New modules contain all warm-up, route translation, response validation logic.

PRA-6 Improvement — normalizeHostname duplicated across three files

  • Location: src/lib/actions/sandbox/agent/ollama-restart-recovery.ts:79
  • Category: architecture
  • Problem: There are three normalizeHostname implementations: curl-args.ts:167 (existing), ollama-restart-recovery.ts:79 (new), and test/e2e/fixtures/clients/provider.ts:90 (test fixture). Security-critical normalization logic should have a single source to prevent divergence.
  • Impact: Maintenance risk — if normalization rules change, they must be updated in multiple places. A bug fix in one copy may not propagate to others.
  • Suggested action: Extract normalizeHostname to a shared utility (e.g., src/lib/adapters/http/curl-args.ts which already exports it, or a new src/lib/core/hostname.ts) and import in both production and test code.
  • Expected follow-up: Prefer a current-PR fix when local to changed code; defer only with rationale or linked follow-up.
  • Verification: Compare the three implementations: curl-args.ts:167, ollama-restart-recovery.ts:79, provider.ts:90. All do bracket-stripping, trailing-dot removal, lowercasing.
  • Missing regression test: N/A — deduplication; existing tests cover normalization behavior.
  • Done when: The local improvement is applied, or the PR notes why it should be deferred.
  • Evidence: Three copies with identical core logic. curl-args.ts version is used by buildValidatedCurlCommandArgs which validates the recovery curl command.
Simplification opportunities: 1 possible cut, net -5 lines possible

These are safe simplification checks only. Do not remove validation, security controls, data-loss prevention, or required tests.

  • PRA-6 stdlib (src/lib/actions/sandbox/agent/ollama-restart-recovery.ts:79): normalizeHostname function at ollama-restart-recovery.ts:79-83
    • Replacement: import { normalizeHostname } from '../../../adapters/http/curl-args'
    • Net: -5 lines
    • Safety boundary: Must preserve identical normalization behavior (bracket stripping, trailing dot removal, lowercasing) used by both curl args validation and Ollama host resolution.
Test follow-ups to resolve or justify

If these cover changed behavior, prefer adding them in this PR; otherwise state why existing coverage is enough or link the follow-up.

  • PRA-T1 Runtime validation — Add E2E test variant triggering warm-up failure via wrong model name in registry, verifying error reported to stderr but dispatch continues to OpenClaw. Unit coverage is complete for all 9 recovery result kinds (4 skip + 5 failure + success) plus ordering integration tests. E2E covers only happy path; failure paths (ollama-error, timeout, command-failed, spawn-failed, invalid-response) lack runtime validation in real Ollama/proxy/sandbox environment.
  • PRA-T2 Runtime validation — Add E2E test variant triggering timeout via network policy blocking warm-up curl, verifying timeout reported and dispatch continues. Unit coverage is complete for all 9 recovery result kinds (4 skip + 5 failure + success) plus ordering integration tests. E2E covers only happy path; failure paths (ollama-error, timeout, command-failed, spawn-failed, invalid-response) lack runtime validation in real Ollama/proxy/sandbox environment.
  • PRA-T3 Runtime validation — Add unit test for oversized hostname in endpointUrl to verify fallback to loopback (covers PRA-1). Unit coverage is complete for all 9 recovery result kinds (4 skip + 5 failure + success) plus ordering integration tests. E2E covers only happy path; failure paths (ollama-error, timeout, command-failed, spawn-failed, invalid-response) lack runtime validation in real Ollama/proxy/sandbox environment.
  • PRA-T4 Runtime validation — Add unit test verifying Ollama error text appears in stderr when reason=ollama-error (covers PRA-2). Unit coverage is complete for all 9 recovery result kinds (4 skip + 5 failure + success) plus ordering integration tests. E2E covers only happy path; failure paths (ollama-error, timeout, command-failed, spawn-failed, invalid-response) lack runtime validation in real Ollama/proxy/sandbox environment.
  • PRA-T5 No E2E coverage for warm-up failure paths — Add an E2E test variant that triggers a warm-up failure (e.g., wrong model name in registry, or network policy blocking the warm-up curl) and verifies the error is reported to stderr but dispatch continues to OpenClaw.
Since last review details

Current findings, using the urgency labels above:

PRA-1 Resolve/justify — normalizeHostname lacks RFC 1123 length validation

  • Location: src/lib/actions/sandbox/agent/ollama-restart-recovery.ts:79
  • Category: security
  • Problem: The normalizeHostname function strips brackets, trailing dots, and lowercases but does not validate RFC 1123 hostname length (max 253 chars total, 63 per label). Input comes from persisted registry URL (NemoClaw-controlled), so exploitability is low, but defense-in-depth warrants a length check before allowlist comparison.
  • Impact: An oversized hostname in a maliciously crafted registry entry could theoretically bypass the allowlist check if it contains an allowlisted host as a suffix, though the URL parser and allowlist membership check make this unlikely.
  • Recommended action: Add hostname length validation in normalizeHostname or at the start of resolveRawOllamaHost. Reject hostnames exceeding 253 chars or labels exceeding 63 chars, falling back to getAllowedFallbackHost.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Read normalizeHostname at line 79 and resolveRawOllamaHost at line 105; confirm allowlist check precedes any network use.
  • Missing regression test: Add a test case in ollama-restart-recovery.test.ts with an oversized hostname in endpointUrl (e.g., 'a'.repeat(200) + '.127.0.0.1') to confirm it falls back to loopback via getAllowedFallbackHost.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Read normalizeHostname at line 79 and resolveRawOllamaHost at line 105; confirm allowlist check precedes any network use.
  • Evidence: normalizeHostname at line 79 only strips brackets, trailing dots, lowercases; no length validation. resolveRawOllamaHost at line 105 calls normalizeHostname then checks ALLOWED_RAW_OLLAMA_HOSTS.

PRA-2 Resolve/justify — Ollama error text discarded in validateWarmResponse

  • Location: src/lib/actions/sandbox/agent/ollama-restart-recovery.ts:185
  • Category: security
  • Problem: The validateWarmResponse function detects Ollama error responses (non-empty error field) but returns only the string "ollama-error", discarding the actual error message. The reportRecovery function in passthrough-ollama-recovery.ts then emits a generic "Ollama returned an error" message. Operators cannot see the specific Ollama error (e.g., 'model not found') when warm-up fails.
  • Impact: When warm-up fails due to an Ollama error (e.g., 'model not found'), the stderr only says 'Ollama returned an error' without the specific message, making debugging harder.
  • Recommended action: Thread the Ollama error text through the result type. Options: (a) extend OllamaRestartRecoveryResult to carry optional errorText for ollama-error reason, or (b) have validateWarmResponse return the error message and update reportRecovery to include it in stderr output.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Check validateWarmResponse at line 185 and reportRecovery in passthrough-ollama-recovery.ts line 38; trace how the stdout body flows.
  • Missing regression test: Extend the 'ollama-error' test in ollama-restart-recovery.test.ts to verify the error message appears in stderr output via runOllamaRestartRecovery.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Check validateWarmResponse at line 185 and reportRecovery in passthrough-ollama-recovery.ts line 38; trace how the stdout body flows.
  • Evidence: validateWarmResponse returns 'ollama-error' for any non-empty error string but discards the text. reportRecovery maps reason to generic message via describeWarmFailure.

PRA-3 Resolve/justify — No E2E coverage for warm-up failure paths

  • Location: test/e2e/live/gpu-e2e.test.ts:180
  • Category: tests
  • Problem: The E2E test covers the happy path (daemon restart → model unloaded → recovery warms → inference works). The timeout, command-failed, ollama-error, spawn-failed, and invalid-response paths are unit-tested but not E2E-covered in a real environment with actual Ollama daemon, proxy, and sandbox.
  • Impact: Failure paths lack end-to-end validation in a real environment with actual Ollama daemon, proxy, and sandbox.
  • Recommended action: Add an E2E test variant that triggers a warm-up failure (e.g., wrong model name in registry, or network policy blocking the warm-up curl) and verifies the error is reported to stderr but dispatch continues to OpenClaw.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Review the e2e test's restart block (lines 180-280) and the assertions after recovery; the test uses real systemctl/pkill and verifies recovery logs + PONG response. No failure-path variant exists.
  • Missing regression test: Add an E2E test variant that triggers a warm-up failure (e.g., wrong model name) and verifies the error is reported but dispatch continues.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Review the e2e test's restart block (lines 180-280) and the assertions after recovery; the test uses real systemctl/pkill and verifies recovery logs + PONG response. No failure-path variant exists.
  • Evidence: gpu-e2e.test.ts lines 180-280: restarts Ollama, verifies /api/ps empty, runs agent passthrough, asserts recovery logs and PONG. No failure-path variant.

PRA-4 Improvement — Timeout constant not synced with documentation

  • Location: src/lib/actions/sandbox/agent/ollama-restart-recovery.ts:1
  • Category: correctness
  • Problem: The OLLAMA_RESTART_RECOVERY_TIMEOUT_SECONDS constant (300) is hardcoded in the recovery module but also referenced in documentation (troubleshooting.mdx line ~1300). If the timeout changes, the doc must be manually updated. No automated sync mechanism exists.
  • Impact: Documentation could drift from implementation if the timeout constant is changed without updating the doc.
  • Suggested action: Consider exporting the timeout constant and having documentation reference it programmatically, or add a build-time check that validates the doc matches the constant.
  • Expected follow-up: Prefer a current-PR fix when local to changed code; defer only with rationale or linked follow-up.
  • Verification: Compare the doc text at troubleshooting.mdx:1300 with OLLAMA_RESTART_RECOVERY_TIMEOUT_SECONDS (300) in ollama-restart-recovery.ts line 68.
  • Missing regression test: N/A — documentation accuracy check; could add a simple test that reads the constant and verifies doc content if a doc-testing framework exists.
  • Done when: The local improvement is applied, or the PR notes why it should be deferred.
  • Evidence: troubleshooting.mdx lines 1300-1305 describe bounded warm-up, failure reporting, and continued dispatch. Matches implementation but no automated sync.

PRA-5 Improvement — Monolith growth alert is false positive — feature properly modularized

  • Location: src/lib/actions/sandbox/agent/passthrough.ts:380
  • Category: architecture
  • Problem: The drift tool flagged passthrough.ts +27 lines as blocker monolith growth. However, the 27 lines are entirely delegation to two new extracted modules (ollama-restart-recovery.ts 234 lines, passthrough-ollama-recovery.ts 92 lines) which contain the actual feature logic. This is correct modularization, not monolith growth.
  • Impact: False positive alert may cause unnecessary review overhead if not recognized as delegation.
  • Suggested action: No code change needed. Consider suppressing this specific monolith alert for this PR in the drift tool configuration. The architecture is sound — feature logic lives in focused modules.
  • Expected follow-up: Prefer a current-PR fix when local to changed code; defer only with rationale or linked follow-up.
  • Verification: Compare the delta: passthrough.ts +27 lines, but two new modules at 234 + 92 lines contain the actual feature logic. The passthrough.ts changes are only imports and a 5-line call to runOllamaRestartRecovery.
  • Missing regression test: N/A — architectural observation.
  • Done when: The local improvement is applied, or the PR notes why it should be deferred.
  • Evidence: passthrough.ts diff shows +27 lines: import + 5-line recovery call + updated source-of-truth comments. New modules contain all warm-up, route translation, response validation logic.

PRA-6 Improvement — normalizeHostname duplicated across three files

  • Location: src/lib/actions/sandbox/agent/ollama-restart-recovery.ts:79
  • Category: architecture
  • Problem: There are three normalizeHostname implementations: curl-args.ts:167 (existing), ollama-restart-recovery.ts:79 (new), and test/e2e/fixtures/clients/provider.ts:90 (test fixture). Security-critical normalization logic should have a single source to prevent divergence.
  • Impact: Maintenance risk — if normalization rules change, they must be updated in multiple places. A bug fix in one copy may not propagate to others.
  • Suggested action: Extract normalizeHostname to a shared utility (e.g., src/lib/adapters/http/curl-args.ts which already exports it, or a new src/lib/core/hostname.ts) and import in both production and test code.
  • Expected follow-up: Prefer a current-PR fix when local to changed code; defer only with rationale or linked follow-up.
  • Verification: Compare the three implementations: curl-args.ts:167, ollama-restart-recovery.ts:79, provider.ts:90. All do bracket-stripping, trailing-dot removal, lowercasing.
  • Missing regression test: N/A — deduplication; existing tests cover normalization behavior.
  • Done when: The local improvement is applied, or the PR notes why it should be deferred.
  • Evidence: Three copies with identical core logic. curl-args.ts version is used by buildValidatedCurlCommandArgs which validates the recovery curl command.

Workflow run details

This is an automated, non-binding review; it still expects maintainers and agents to respond to each required or warning item. Treat suggestions as current-PR improvements when they touch changed code; defer only with maintainer rationale or a linked follow-up. A human maintainer must make the final merge decision.

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

E2E Advisor Recommendation

Required E2E: gpu-e2e, sandbox-operations
Optional E2E: ollama-auth-proxy, inference-routing, docs-validation

Dispatch hint: gpu-e2e,sandbox-operations

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

  • gpu-e2e (high): Direct required coverage for the changed local Ollama path: real GPU host, Ollama install/onboard, auth proxy, sandbox inference.local, nemoclaw <name> agent --json, daemon restart, bounded warm-up, and proof that the selected model is reloaded.
  • sandbox-operations (medium): Required regression for the host-side nemoclaw <sandbox> agent --json passthrough on a real OpenClaw sandbox using hosted inference, ensuring the new registry fields and pre-dispatch hook do not break non-Ollama assistant turns or JSON dispatch.

Optional E2E

  • ollama-auth-proxy (medium): Adjacent confidence for the native local Ollama auth-proxy boundary, token enforcement, proxy restart, and container reachability that the new warm-up route translation depends on.
  • inference-routing (medium): Useful adjacent check that inference route state and sandbox-facing inference.local behavior remain healthy while passthrough begins consuming provider/model/endpoint registry metadata.
  • docs-validation (low): The PR changes MDX inference and troubleshooting docs; run if documentation checks are desired alongside runtime validation.

New E2E recommendations

  • WSL Windows-host Ollama restart recovery (high): The new recovery logic has a distinct direct-bridge mapping for host.openshell.internal:11434 to host.docker.internal, but existing live WSL coverage appears to run hosted full E2E rather than a Windows-host Ollama daemon restart with nemoclaw <name> agent.
    • Suggested test: Add a WSL live E2E slice that onboards with Windows-host Ollama, restarts the Windows Ollama daemon so /api/ps is empty, then runs nemoclaw <name> agent --json and verifies the warm-up message and loaded model.
  • CPU/local Ollama agent restart recovery (medium): The exact native auth-proxy recovery is covered by the GPU E2E, but that is expensive and scarce; a small-model CPU local Ollama passthrough restart test would provide cheaper targeted coverage for this host-side agent wrapper behavior.
    • Suggested test: Add a focused live E2E target using a small Ollama model, native auth proxy, a real OpenClaw sandbox, daemon restart, and nemoclaw <name> agent --json warm-up validation.

Dispatch hint

  • Workflow: .github/workflows/e2e.yaml
  • jobs input: gpu-e2e,sandbox-operations

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

E2E Target Recommendation

Required E2E targets: gpu-e2e
Optional E2E targets: None

Dispatch required E2E targets:

  • gh workflow run e2e.yaml --ref <pr-head-ref> --field jobs=gpu-e2e

Workflow run

Full E2E target advisor summary

E2E Target Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E targets

  • gpu-e2e: Focused free-standing E2E job wired for changed live test test/e2e/live/gpu-e2e.test.ts.
    • Dispatch: gh workflow run e2e.yaml --ref <pr-head-ref> --field jobs=gpu-e2e

Optional E2E targets

  • None.

Relevant changed files

  • src/lib/actions/sandbox/agent/ollama-restart-recovery.ts
  • src/lib/actions/sandbox/agent/passthrough-ollama-recovery.ts
  • src/lib/actions/sandbox/agent/passthrough.ts
  • test/e2e/live/gpu-e2e.test.ts

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

PR Review Advisor — No blocking findings

Merge posture: No blocking advisor findings
Primary next action: Add or justify PRA-T1 and any related test follow-ups.
Open items: 0 required · 0 warnings · 0 suggestions · 5 test follow-ups
Since last review: 0 prior items resolved · 2 still apply · 0 new items found

Action checklist

  • PRA-T1 Add or justify test follow-up: Runtime validation
  • PRA-T2 Add or justify test follow-up: Runtime validation
  • PRA-T3 Add or justify test follow-up: Acceptance clause
  • PRA-T4 Add or justify test follow-up: Acceptance clause
  • PRA-T5 Add or justify test follow-up: Acceptance clause
Test follow-ups to resolve or justify

If these cover changed behavior, prefer adding them in this PR; otherwise state why existing coverage is enough or link the follow-up.

  • PRA-T1 Runtime validation — WSL direct bridge Ollama restart recovery: with a persisted `http://host.openshell.internal:11434/v1\` Ollama route, restart the Windows-host Ollama daemon so `/api/ps` is empty, then verify the first `nemoclaw <sandbox> agent ...` warms through `host.docker.internal:11434` and returns without re-onboard.. Unit and native auth-proxy E2E coverage are strong, but the changed behavior crosses host service lifecycle, persisted inference routing, OpenShell passthrough, and sandbox inference boundaries. The two runtime topologies/error states from the prior advisor review still merit explicit validation or maintainer justification.
  • PRA-T2 Runtime validation — Stopped Ollama daemon canonical error preservation: stop the daemon, run `nemoclaw <sandbox> agent ...`, and verify the restart-check unreachable message is reported while OpenClaw still emits its canonical backend-unavailable message and exit behavior.. Unit and native auth-proxy E2E coverage are strong, but the changed behavior crosses host service lifecycle, persisted inference routing, OpenShell passthrough, and sandbox inference boundaries. The two runtime topologies/error states from the prior advisor review still merit explicit validation or maintainer justification.
  • PRA-T3 Acceptance clause — The sandbox remains reachable and the agent reports a clear "backend unavailable" error (correct), but when Ollama is restarted, the agent never resumes serving requests without a full re-onboard. — add test evidence or identify existing coverage. The restart/resume path is covered by the new recovery implementation and native auth-proxy E2E. Unit tests assert warm-up failures continue to OpenClaw dispatch, but a live stopped-daemon canonical backend-unavailable assertion remains a runtime validation follow-up.
  • PRA-T4 Acceptance clause — 3. Kill the Ollama daemon: `sudo systemctl stop ollama` (or `pkill ollama`) — add test evidence or identify existing coverage. The E2E restarts the daemon with `systemctl restart`, `systemctl --user restart`, or manual `pkill` plus `ollama serve`, and asserts `/api/ps` is empty. It does not add a separate live stopped-daemon canonical-error lane.
  • PRA-T5 Acceptance clause — 4. Confirm agent reports backend unavailable error — add test evidence or identify existing coverage. Unit tests cover the unreachable recovery skip and stderr reporting before continuing to dispatch. A live assertion of OpenClaw's canonical backend-unavailable text and exit behavior remains a suggested runtime validation follow-up.

Workflow run details

This is an automated, non-binding review; it still expects maintainers and agents to respond to each required or warning item. Treat suggestions as current-PR improvements when they touch changed code; defer only with maintainer rationale or a linked follow-up. A human maintainer must make the final merge decision.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (3)
docs/inference/use-local-inference.mdx (1)

95-96: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Wording implies only the "first" passthrough checks readiness, but the check runs on every dispatch.

Per the implementation in passthrough.ts, the readiness check runs on every OpenClaw passthrough command to an Ollama-backed sandbox, not only the first one after a restart (it just no-ops quickly once the model is already loaded). Saying "the first agent passthrough checks" could lead users to expect the check/message to disappear after one command, when it actually recurs on every invocation.

✏️ Suggested wording
-After an Ollama daemon restart, the first agent passthrough checks the registered route to see whether the selected model is still loaded.
+Every agent passthrough checks the registered route to see whether the selected model is still loaded.
 If the daemon is reachable but the model is unloaded, NemoClaw sends a bounded warm-up request before dispatching to OpenClaw.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/inference/use-local-inference.mdx` around lines 95 - 96, The wording in
the local inference docs is too specific about “the first” passthrough, while
the readiness check in passthrough.ts runs on every OpenClaw passthrough
invocation to an Ollama-backed sandbox. Update the surrounding text to describe
the check as happening on each dispatch, with the model-load warm-up only
occurring when needed after restart or unload, so readers don’t expect the
behavior to stop after one request.
src/lib/actions/sandbox/agent/passthrough.test.ts (1)

125-211: 🩺 Stability & Availability | 🔵 Trivial | ⚡ Quick win

Missing coverage for the unexpected-exception catch branch.

runAgentPassthrough wraps recoverOllama(route)/reportOllamaRestartRecovery in a try/catch that emits "Ollama restart recovery failed unexpectedly; continuing to OpenClaw dispatch." (passthrough.ts Lines 510-516). None of the three new tests exercise a maybeWarmOllamaAfterDaemonRestart that throws. Since this catch is the safeguard that preserves OpenClaw's canonical error behavior when recovery itself breaks (a core PR objective), it's worth covering directly.

✅ Suggested additional test
it("continues to OpenClaw dispatch when Ollama recovery throws unexpectedly", async () => {
  const maybeWarmOllamaAfterDaemonRestart = vi.fn(() => {
    throw new Error("boom");
  });
  getSandboxMock.mockReturnValueOnce({
    agent: "openclaw",
    provider: "ollama-local",
    model: "qwen3.6:35b",
    endpointUrl: "http://host.openshell.internal:11434/v1",
  });
  const { writes, proc } = makeProcMock();

  await runAgentPassthrough(
    "alpha",
    { extraArgs: ["--agent", "work", "-m", "ping"] },
    { maybeWarmOllamaAfterDaemonRestart, process: proc },
  );

  expect(writes.join("")).toContain("Ollama restart recovery failed unexpectedly");
  expect(execMock).toHaveBeenCalledOnce();
});
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/actions/sandbox/agent/passthrough.test.ts` around lines 125 - 211,
Add a test in passthrough.test.ts that makes maybeWarmOllamaAfterDaemonRestart
throw for an ollama-local route and verifies runAgentPassthrough still continues
to OpenClaw dispatch. Use the existing runAgentPassthrough, getSandboxMock,
makeProcMock, and execMock setup, and assert the stderr writes contain the
unexpected-recovery failure message while execMock is still called once. This
directly covers the try/catch branch around
recoverOllama/reportOllamaRestartRecovery.
src/lib/actions/sandbox/agent/passthrough.ts (1)

505-517: 🚀 Performance & Scalability | 🔵 Trivial

Every OpenClaw passthrough dispatch now performs an Ollama readiness probe, not just the first one after a restart.

The recovery check runs unconditionally on every isOpenClawPassthroughCommand dispatch to an Ollama-backed sandbox (there's no state tracking of "was there a restart"), so each command incurs an extra probe round-trip and always writes at least two stderr lines ("Checking Ollama model readiness..." plus a skip/success message), even in steady state with no restart involved. This is likely an intentional trade-off given there's no reliable restart signal, but it's worth confirming the added per-command latency and stderr noise are acceptable, and considering caching a "known loaded" flag or suppressing the routine "already-loaded" message to reduce noise on the common path.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/actions/sandbox/agent/passthrough.ts` around lines 505 - 517, The
passthrough recovery path in
getOllamaRestartRecoveryRoute/reportOllamaRestartRecovery is being run on every
isOpenClawPassthroughCommand dispatch, which adds unnecessary probe latency and
stderr noise in the common steady-state case. Update the logic in passthrough.ts
so the Ollama readiness check only runs when a restart/recovery is actually
needed, or gate the success/skip logging behind a cached “already loaded” state;
keep the fallback behavior to OpenClaw dispatch intact if the recovery probe
fails.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/lib/actions/sandbox/agent/passthrough.ts`:
- Around line 188-197: The Ollama provider check in
getOllamaRestartRecoveryRoute is duplicating the provider identifier instead of
using the shared source of truth. Export OLLAMA_PROVIDER from
ollama-restart-recovery.ts and import it into passthrough.ts, then replace the
hardcoded "ollama-local" comparison in getOllamaRestartRecoveryRoute with that
constant so the route-building logic stays aligned with
maybeWarmOllamaAfterDaemonRestart.

---

Nitpick comments:
In `@docs/inference/use-local-inference.mdx`:
- Around line 95-96: The wording in the local inference docs is too specific
about “the first” passthrough, while the readiness check in passthrough.ts runs
on every OpenClaw passthrough invocation to an Ollama-backed sandbox. Update the
surrounding text to describe the check as happening on each dispatch, with the
model-load warm-up only occurring when needed after restart or unload, so
readers don’t expect the behavior to stop after one request.

In `@src/lib/actions/sandbox/agent/passthrough.test.ts`:
- Around line 125-211: Add a test in passthrough.test.ts that makes
maybeWarmOllamaAfterDaemonRestart throw for an ollama-local route and verifies
runAgentPassthrough still continues to OpenClaw dispatch. Use the existing
runAgentPassthrough, getSandboxMock, makeProcMock, and execMock setup, and
assert the stderr writes contain the unexpected-recovery failure message while
execMock is still called once. This directly covers the try/catch branch around
recoverOllama/reportOllamaRestartRecovery.

In `@src/lib/actions/sandbox/agent/passthrough.ts`:
- Around line 505-517: The passthrough recovery path in
getOllamaRestartRecoveryRoute/reportOllamaRestartRecovery is being run on every
isOpenClawPassthroughCommand dispatch, which adds unnecessary probe latency and
stderr noise in the common steady-state case. Update the logic in passthrough.ts
so the Ollama readiness check only runs when a restart/recovery is actually
needed, or gate the success/skip logging behind a cached “already loaded” state;
keep the fallback behavior to OpenClaw dispatch intact if the recovery probe
fails.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: fe28430c-c68d-46fe-bb5b-8415a0229cdf

📥 Commits

Reviewing files that changed from the base of the PR and between 7bf427e and aabfff9.

📒 Files selected for processing (6)
  • docs/inference/use-local-inference.mdx
  • docs/reference/troubleshooting.mdx
  • src/lib/actions/sandbox/agent/ollama-restart-recovery.test.ts
  • src/lib/actions/sandbox/agent/ollama-restart-recovery.ts
  • src/lib/actions/sandbox/agent/passthrough.test.ts
  • src/lib/actions/sandbox/agent/passthrough.ts

Comment thread src/lib/actions/sandbox/agent/passthrough.ts Outdated
Keep passthrough dispatch focused while preserving route ordering, reporting, and graceful fallback in a dedicated module.

Signed-off-by: cjagwani <cjagwani@nvidia.com>
@cjagwani

cjagwani commented Jul 8, 2026

Copy link
Copy Markdown
Collaborator Author

Addressed the advisor findings in exact head 6a2b44df:

  • extracted all route/reporting/fallback glue into passthrough-ollama-recovery.ts; passthrough.ts now has one guarded pre-dispatch call and is 468 lines instead of the prior 531
  • moved the recovery cases into a focused 13-test file, including auth-proxy JSON ordering, WSL direct non-JSON ordering, and non-Ollama bypass
  • added the full invalid-state/source-boundary/source-fix/regression/removal analysis
  • removed unsupported ::1 from the allowlist because the shared /api/ps probe does not bracket IPv6 and NemoClaw never persists that route
  • closed superseded fix: warm Ollama model after daemon restart #6076, leaving this as the single candidate

Validation: 65 focused tests, build/typecheck, Biome, repository checks, and test-size guard all pass. Real daemon restart validation remains a release/runtime follow-up because it requires a host Ollama + OpenShell sandbox boundary; the exact route translation and dispatch ordering are covered here without adding a new broad E2E framework.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (1)
src/lib/actions/sandbox/agent/passthrough-ollama-recovery.test.ts (1)

16-109: 🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick win

No test coverage for "missing-model" or "not-ollama" skip reasons.

The suite covers already-loaded and unreachable skip reasons plus all warmed outcomes, but never exercises { kind: "skipped", reason: "missing-model" } or "not-ollama". The latter is also the case with no handling branch in reportRecovery (see companion comment in passthrough-ollama-recovery.ts); a test would have caught that gap.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/actions/sandbox/agent/passthrough-ollama-recovery.test.ts` around
lines 16 - 109, Add test coverage in runOllamaRestartRecovery for the skipped
recovery paths that are currently untested: exercise recoverOllama returning {
kind: "skipped", reason: "missing-model" } and { kind: "skipped", reason:
"not-ollama" }. Use the existing makeProcMock, runOllamaRestartRecovery, and
writes assertions to verify the expected log/output behavior for each case, so
the suite covers all skip reasons handled by reportRecovery.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/lib/actions/sandbox/agent/passthrough-ollama-recovery.test.ts`:
- Around line 111-134: The `makePassthroughDeps` helper’s `getSandbox` mock has
the wrong signature and return shape, causing the type assertion to fail. Update
the `getSandbox` stub to accept the sandbox-name argument (use an unused
`_sandboxName` parameter) and return a `SandboxEntry`-compatible object that
includes the required `name` field along with the existing route data. Keep the
fix localized to `makePassthroughDeps` in `passthrough-ollama-recovery.test.ts`,
and only use an `unknown` cast if you intentionally want to bypass the type
check.

In `@src/lib/actions/sandbox/agent/passthrough-ollama-recovery.ts`:
- Around line 34-62: The reportRecovery function is missing handling for the
"not-ollama" skipped result, so a valid OllamaRestartRecoveryResult can be
ignored without any stderr output. Update the OllamaRestartRecoveryResult branch
in reportRecovery to explicitly cover all skipped reasons, including
"not-ollama", and prefer an exhaustive switch over the current else-if chain so
TypeScript can catch future missing cases in this logic.

---

Nitpick comments:
In `@src/lib/actions/sandbox/agent/passthrough-ollama-recovery.test.ts`:
- Around line 16-109: Add test coverage in runOllamaRestartRecovery for the
skipped recovery paths that are currently untested: exercise recoverOllama
returning { kind: "skipped", reason: "missing-model" } and { kind: "skipped",
reason: "not-ollama" }. Use the existing makeProcMock, runOllamaRestartRecovery,
and writes assertions to verify the expected log/output behavior for each case,
so the suite covers all skip reasons handled by reportRecovery.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 65eb40b5-59ca-44ad-8cba-e8a154a4d4b8

📥 Commits

Reviewing files that changed from the base of the PR and between aabfff9 and 6a2b44d.

📒 Files selected for processing (5)
  • src/lib/actions/sandbox/agent/ollama-restart-recovery.ts
  • src/lib/actions/sandbox/agent/passthrough-ollama-recovery.test.ts
  • src/lib/actions/sandbox/agent/passthrough-ollama-recovery.ts
  • src/lib/actions/sandbox/agent/passthrough.test.ts
  • src/lib/actions/sandbox/agent/passthrough.ts
💤 Files with no reviewable changes (1)
  • src/lib/actions/sandbox/agent/passthrough.test.ts
🚧 Files skipped from review as they are similar to previous changes (1)
  • src/lib/actions/sandbox/agent/ollama-restart-recovery.ts

Comment thread src/lib/actions/sandbox/agent/passthrough-ollama-recovery.test.ts
Comment thread src/lib/actions/sandbox/agent/passthrough-ollama-recovery.ts
Signed-off-by: cjagwani <cjagwani@nvidia.com>
@cjagwani

cjagwani commented Jul 8, 2026

Copy link
Copy Markdown
Collaborator Author

CI follow-up at exact signed head 87e9ed76b: the integration fixture now returns the required sandbox name, fixing the Node 22 TS2352 failure without weakening the type cast. Verified with the CLI typecheck under both the local runtime and node@22, the 13 focused recovery/integration tests, and Biome.

The other failed CLI shard was unrelated: policy-channel-list.test.ts exceeded its existing 5-second timeout under coverage. This new head reruns that shard naturally.

@HOYALIM

HOYALIM commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Thanks for consolidating the work into this PR! I'm happy to see the improvements you've made. @cjagwani

@cjagwani
cjagwani requested a review from cv July 8, 2026 18:58
Signed-off-by: cjagwani <cjagwani@nvidia.com>
@cjagwani

cjagwani commented Jul 8, 2026

Copy link
Copy Markdown
Collaborator Author

Advisor follow-up at exact signed head b23e769b6:

  • Restricted the persisted auth-proxy mapping to the actual sandbox-facing host host.openshell.internal in addition to HTTP and port 11435. An edited registry URL on the proxy port now falls back only to the process-local allowlisted host. Added the hostile-host regression.
  • fix: warm Ollama model after daemon restart #6076 is already closed as superseded (closed at 2026-07-08T18:28:50Z); the duplicate finding used stale repository state.
  • passthrough.ts contains only the 27-line route read, bounded recovery call, and dispatch ordering. Reporting and recovery implementation are extracted into focused modules; moving the remaining glue would only add another forwarding layer.
  • HTTPS persisted URLs intentionally fall back to the allowlisted local host and are never requested, so they fail closed without expanding the accepted route surface.
  • The direct-bridge and auth-proxy tests invoke the real probeOllamaRuntimeModelStatus/validated curl-command/JSON-status path with command execution mocked, then invoke the real warm-response validator.

Verification: 66 focused tests, Biome, git diff --check, and the CLI typecheck under Node 22 all pass. A real Ollama kill/restart + OpenClaw sandbox run remains deployment evidence rather than a unit claim; this worker has Docker but no Ollama daemon/model or live sandbox, so I cannot honestly manufacture that proof here. Exact-head CI is rerunning and independent review remains requested.

@cjagwani
cjagwani requested a review from miyoungc July 8, 2026 19:27

@cv cv left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Contributor-compliance blocker at exact head b23e769b: the PR body does not contain the contributor's valid Signed-off-by: declaration. Please add the declaration matching the contributor identity. The current head also retains an unresolved major CodeRabbit finding in src/lib/actions/sandbox/agent/passthrough.ts (use the shared Ollama route constant rather than a duplicated "ollama-local" literal), and the canonical advisor remains merge_after_fixes; resolve that thread and provide the requested exact-head Ollama runtime evidence before re-review.

cjagwani added 2 commits July 8, 2026 20:01
Signed-off-by: cjagwani <cjagwani@nvidia.com>
Signed-off-by: cjagwani <cjagwani@nvidia.com>
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

E2E Target Results — ⚠️ Some jobs cancelled — partial pass

Run: 28972334707
Workflow ref: fix/issue-6039-ollama-restart-recovery
Requested targets: (default — all supported)
Requested jobs: sandbox-operations,ollama-auth-proxy,gpu-e2e
Summary: 1 passed, 0 failed, 2 cancelled, 0 skipped

Job Result
gpu-e2e ⚠️ cancelled
ollama-auth-proxy ✅ success
sandbox-operations ⚠️ cancelled

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

E2E Target Results — ❌ Some jobs failed

Run: 28972554824
Workflow ref: fix/issue-6039-ollama-restart-recovery
Requested targets: (default — all supported)
Requested jobs: sandbox-operations,ollama-auth-proxy,gpu-e2e
Summary: 2 passed, 1 failed, 0 cancelled, 0 skipped

Job Result
gpu-e2e ❌ failure
ollama-auth-proxy ✅ success
sandbox-operations ✅ success

Failed jobs: gpu-e2e. Check run artifacts for logs.

Signed-off-by: cjagwani <cjagwani@nvidia.com>
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

E2E Target Results — ❌ Some jobs failed

Run: 28974072349
Workflow ref: fix/issue-6039-ollama-restart-recovery
Requested targets: (default — all supported)
Requested jobs: gpu-e2e
Summary: 0 passed, 1 failed, 0 cancelled, 0 skipped

Job Result
gpu-e2e ❌ failure

Failed jobs: gpu-e2e. Check run artifacts for logs.

@cv cv self-assigned this Jul 8, 2026
Signed-off-by: cjagwani <cjagwani@nvidia.com>
Signed-off-by: cjagwani <cjagwani@nvidia.com>
@cjagwani

cjagwani commented Jul 8, 2026

Copy link
Copy Markdown
Collaborator Author

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/e2e/live/gpu-e2e.test.ts`:
- Around line 287-290: The recovered Ollama readiness assertion is matching
against combined output text, so an echoed prompt can falsely satisfy the pong
check. Update the GPU E2E test around the recovered result assertions to parse
the JSON assistant reply first, using the same assistant-content path as the
earlier chatContent(chat.stdout) check, and then assert on the parsed response
instead of resultText(recovered).
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: de09b447-d7f3-45bc-979b-20cdfdfcbe1a

📥 Commits

Reviewing files that changed from the base of the PR and between b23e769 and eba6b8e.

📒 Files selected for processing (6)
  • src/lib/actions/sandbox/agent/ollama-restart-recovery.test.ts
  • src/lib/actions/sandbox/agent/ollama-restart-recovery.ts
  • src/lib/actions/sandbox/agent/passthrough-ollama-recovery.test.ts
  • src/lib/actions/sandbox/agent/passthrough-ollama-recovery.ts
  • src/lib/actions/sandbox/agent/passthrough.ts
  • test/e2e/live/gpu-e2e.test.ts
🚧 Files skipped from review as they are similar to previous changes (5)
  • src/lib/actions/sandbox/agent/passthrough-ollama-recovery.ts
  • src/lib/actions/sandbox/agent/ollama-restart-recovery.test.ts
  • src/lib/actions/sandbox/agent/passthrough-ollama-recovery.test.ts
  • src/lib/actions/sandbox/agent/passthrough.ts
  • src/lib/actions/sandbox/agent/ollama-restart-recovery.ts

Comment thread test/e2e/live/gpu-e2e.test.ts Outdated
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

E2E Target Results — ✅ All requested jobs passed

Run: 28975828212
Workflow ref: fix/issue-6039-ollama-restart-recovery
Requested targets: (default — all supported)
Requested jobs: gpu-e2e
Summary: 1 passed, 0 failed, 0 cancelled, 0 skipped

Job Result
gpu-e2e ✅ success

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

E2E Target Results — ✅ All requested jobs passed

Run: 28975973693
Workflow ref: fix/issue-6039-ollama-restart-recovery
Requested targets: (default — all supported)
Requested jobs: sessions-agents-cli
Summary: 1 passed, 0 failed, 0 cancelled, 0 skipped

Job Result
sessions-agents-cli ✅ success

…-restart-recovery

Signed-off-by: cjagwani <cjagwani@nvidia.com>

# Conflicts:
#	docs/reference/troubleshooting.mdx
@cv

cv commented Jul 8, 2026

Copy link
Copy Markdown
Collaborator

Maintainer follow-up at exact head a34f2141044d9a85e4222c82d8c2abbd7be2ea45:

The requested implementation and compliance changes are addressed:

  • The contributor DCO declaration is present, and all current commits are GitHub Verified.
  • The duplicated Ollama provider literal now uses the shared provider identity.
  • The incomplete fixture, unexpected-recovery fallback, and all recovery skip reasons have focused coverage.
  • eba6b8e92 fixes thinking-only warm responses. The GPU recovery E2E passed on that immediately preceding functional head; the current head is a merge from main.
  • All inline CodeRabbit threads are resolved, with no unresolved major/critical finding.

This PR is not fully cleared yet:

  • The existing human CHANGES_REQUESTED review remains active.
  • Current-head CI and both PR advisors are rerunning after the merge from main; wait for exact-head results before re-review.
  • The non-inline docs wording about the “first agent passthrough” and the steady-state per-dispatch probe/logging overhead still need a visible disposition.

Please treat this as blocked until the exact-head gates settle and the human change request is cleared.

Parse assistant JSON so an echoed prompt cannot satisfy the recovery assertion.

Align the docs with the per-dispatch readiness probe.

Signed-off-by: Apurv Kumaria <akumaria@nvidia.com>
Co-authored-by: cjagwani <cjagwani@nvidia.com>
Co-authored-by: Ho Lim <subhoya@gmail.com>
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

E2E Target Results — ✅ All requested jobs passed

Run: 28976373729
Workflow ref: fix/issue-6039-ollama-restart-recovery
Requested targets: (default — all supported)
Requested jobs: gpu-e2e,sessions-agents-cli
Summary: 2 passed, 0 failed, 0 cancelled, 0 skipped

Job Result
gpu-e2e ✅ success
sessions-agents-cli ✅ success

@apurvvkumaria

Copy link
Copy Markdown
Collaborator

Maintainer salvage pushed in 4bf4193.

  • The GPU recovery E2E now parses assistant JSON before asserting PONG, so an echoed prompt or stderr cannot satisfy the acceptance check.
  • The local-inference guide now accurately says the readiness probe runs on each Ollama-backed OpenClaw dispatch.

The per-dispatch probe is intentional: NemoClaw has no reliable host-side Ollama restart signal, and caching an already-loaded result would miss a later daemon restart. The /api/ps probe is bounded, and the warm request runs only when the registered model is unloaded.

Contributor credit is retained for cjagwani and Ho Lim through Co-authored-by trailers; the maintainer commit is signed and signed off, and GitHub marks it Verified.

Validation completed: 71 focused restart-recovery/passthrough tests; plugin and CLI builds; CLI type-check; pinned Fern docs build with 0 errors; Biome; test-title and test-size checks; staged diff checks; commit and pre-push hooks. The exact-head standard checks and required live GPU E2E are being monitored now.

@apurvvkumaria

Copy link
Copy Markdown
Collaborator

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@apurvvkumaria

Copy link
Copy Markdown
Collaborator

Exact-head advisor disposition for 4bf4193:

  • WSL direct-bridge recovery is covered by focused host-translation and pre-dispatch ordering tests. The required GPU lane exercises the native auth-proxy topology; adding a Windows-host Ollama lifecycle dependency is outside this narrow release salvage.
  • Stopped-daemon behavior already has QA evidence in [All Platforms][Inference] NemoClaw agent fails to recover inference after Ollama daemon restart #6039 (T5882241-02 passed). Focused tests prove an unreachable probe skips warm-up and still continues to OpenClaw, preserving its canonical backend-unavailable result.
  • Hostname-length hardening is not needed for this boundary: network use follows exact Set membership against fixed local hosts, not suffix matching, and invalid/unrecognized registry URLs fall back to an allowlisted local host.
  • Surfacing arbitrary Ollama error bodies and adding a destructive wrong-model live variant are deferred. Generic failure reporting plus canonical OpenClaw dispatch is intentional, and all warm-up failure reasons are unit-covered. The current live lane is the acceptance happy path for restart recovery.
  • The passthrough growth warning is a false positive because the implementation delegates into focused recovery modules. The docs/timeout observation requires no change.

Both exact-head advisors report merge_as_is with zero required fixes or warnings. The strengthened gpu-e2e run remains in progress.

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

E2E Target Results — ❌ Some jobs failed

Run: 28977269843
Workflow ref: fix/issue-6039-ollama-restart-recovery
Requested targets: (default — all supported)
Requested jobs: gpu-e2e
Summary: 0 passed, 1 failed, 0 cancelled, 0 skipped

Job Result
gpu-e2e ❌ failure

Failed jobs: gpu-e2e. Check run artifacts for logs.

Use the shared OpenClaw envelope parser proven against the failed-run artifact.

Signed-off-by: Apurv Kumaria <akumaria@nvidia.com>
Co-authored-by: cjagwani <cjagwani@nvidia.com>
Co-authored-by: Ho Lim <subhoya@gmail.com>
@apurvvkumaria

Copy link
Copy Markdown
Collaborator

Live GPU follow-up: run 28977269843 proved runtime recovery succeeded (exit 0, model loaded, assistant payload PONG), but the strengthened assertion used the OpenAI chat-completions parser against NemoClaw's agent envelope and correctly failed with an empty extraction.

Commit 4df8145 now uses the existing unit-tested OpenClaw agent-envelope parser for result.payloads text. The downloaded exact-run artifact parses to PONG with this helper. Local validation: 4 parser support tests, CLI type-check, Biome, test-size/title checks, diff checks, commit hooks, and pre-push hooks. Both contributor credit trailers are retained. I am rerunning the exact-head live gpu-e2e now.

@apurvvkumaria

Copy link
Copy Markdown
Collaborator

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@apurvvkumaria apurvvkumaria self-assigned this Jul 8, 2026
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

E2E Target Results — ✅ All requested jobs passed

Run: 28978030598
Workflow ref: fix/issue-6039-ollama-restart-recovery
Requested targets: (default — all supported)
Requested jobs: gpu-e2e
Summary: 1 passed, 0 failed, 0 cancelled, 0 skipped

Job Result
gpu-e2e ✅ success

@apurvvkumaria

Copy link
Copy Markdown
Collaborator

Exact-head final validation for 4df81458b4dc9c6b1a38f8b3600124686258368a is complete:

  • GPU Ollama live E2E passed after exercising daemon restart, empty /api/ps, recovery warm-up, and the parsed PONG agent response.
  • The maintainer gate checker reports all gates passing: all 47 checks green, clean merge state, CodeRabbit clear, advisor merge_as_is, DCO present, and all 13 commits GitHub Verified.
  • There are zero unresolved review threads; the PR is approved, clean, and mergeable.

No merge was performed.

@cjagwani
cjagwani requested a review from cv July 8, 2026 22:13
@cv
cv merged commit 10091a3 into main Jul 8, 2026
125 checks passed
@cv
cv deleted the fix/issue-6039-ollama-restart-recovery branch July 8, 2026 22:42
@cjagwani cjagwani mentioned this pull request Jul 9, 2026
21 tasks
cv pushed a commit that referenced this pull request Jul 9, 2026
<!-- markdownlint-disable MD041 -->
## Summary

Prepares the user documentation for NemoClaw v0.0.78 by replacing the
unreleased section with release highlights and synchronizing the
affected inference, lifecycle, messaging, and CLI reference pages with
merged behavior.

## Changes

- Publish the v0.0.78 release-notes section with links to the most
specific user guides for each shipped behavior.
- Document authoritative Deep Agents route health, Nemotron Ultra
profile behavior, and Hermes compatible-endpoint context metadata.
- Document forced rebuild recovery after total backup failure and the
ownership-safe tunnel/full-stop behavior.
- Keep command examples and shared agent variants aligned with the
current OpenClaw, Hermes, and Deep Agents interfaces.

Source mapping:

- [#3787](#3787) ->
`docs/about/release-notes.mdx`: Record reliable workspace template
seeding during sandbox startup.
- [#4960](#4960) ->
`docs/about/release-notes.mdx`: Record safer detection of rewritten
OpenClaw gateway processes.
- [#5676](#5676) ->
`docs/about/release-notes.mdx`: Record warning-tolerant agent-list JSON
handling.
- [#5857](#5857) ->
`docs/about/release-notes.mdx`: Record synchronization of explicit
OpenClaw main-agent model state.
- [#5929](#5929) ->
`docs/about/release-notes.mdx`: Record copyable SSH port-forward
guidance for remote dashboards.
- [#6068](#6068) ->
`docs/about/release-notes.mdx`: Record custom-image plugin provenance
reconciliation.
- [#6116](#6116) ->
`docs/about/release-notes.mdx`: Record live-loopback dashboard-forward
recovery.
- [#6122](#6122) ->
`docs/about/release-notes.mdx`: Announce validated, round-trippable
policy YAML output.
- [#6211](#6211) ->
`docs/manage-sandboxes/lifecycle.mdx`, `docs/reference/commands.mdx`,
`docs/about/release-notes.mdx`: Explain the explicit no-backup `rebuild
--force` recovery boundary.
- [#6283](#6283) ->
`docs/about/release-notes.mdx`: Record Hermes WebUI port alignment.
- [#6293](#6293) ->
`docs/inference/switch-inference-providers.mdx`,
`docs/about/release-notes.mdx`: Document compatible-endpoint
context-length probing for Hermes.
- [#6320](#6320) ->
`docs/about/release-notes.mdx`: Record bounded gateway-recovery waits.
- [#6377](#6377) ->
`docs/reference/commands.mdx`, `docs/about/release-notes.mdx`: Explain
rebuild diagnostics and prepared MCP-destroy recovery.
- [#6412](#6412) ->
`docs/get-started/quickstart-langchain-deepagents-code.mdx`,
`docs/about/release-notes.mdx`: Document authoritative agent-visible
inference route health.
- [#6421](#6421) ->
`docs/about/release-notes.mdx`: Record the longer quiet-pull window for
managed vLLM images.
- [#6431](#6431) ->
`docs/inference/model-capability-audit.mdx`,
`docs/about/release-notes.mdx`: Document the version-pinned Nemotron
Ultra profile plugin.
- [#6439](#6439) ->
`docs/about/release-notes.mdx`: Summarize the authenticated, pinned
credential-capture helper boundary.
- [#6450](#6450) ->
`docs/manage-sandboxes/messaging-channels.mdx`,
`docs/reference/commands.mdx`, `docs/about/release-notes.mdx`: Document
host-forward cleanup and ownership-safe gateway-port release.
- [#6474](#6474) ->
`docs/manage-sandboxes/messaging-channels.mdx`,
`docs/about/release-notes.mdx`: Record composable OpenClaw messaging
runtime loaders.
- [#6475](#6475) ->
`docs/about/release-notes.mdx`: Record removal of the unavailable Kimi
K2.6 production endpoint option.
- [#6480](#6480) ->
`docs/about/release-notes.mdx`: Record stderr routing for the plugin
registration banner.
- [#6481](#6481) ->
`docs/about/release-notes.mdx`: Record post-pull Ollama model discovery
checks.
- [#6482](#6482) ->
`docs/about/release-notes.mdx`: Record Ollama model warm-up after daemon
restart.
- [#6486](#6486) ->
`docs/about/release-notes.mdx`: Publish the opt-in, thread-scoped Deep
Agents auto-approval boundary.
- [#6490](#6490) ->
`docs/about/release-notes.mdx`: Record diagnostics for custom images
missing the managed runtime.
- [#6494](#6494) ->
`docs/inference/model-capability-audit.mdx`,
`docs/about/release-notes.mdx`: Document nonempty tool-call content
preservation and placeholder rejection.
- [#6497](#6497) ->
`docs/get-started/quickstart-langchain-deepagents-code.mdx`,
`docs/about/release-notes.mdx`: Document isolated Deep Agents
route-probe output.
- [#6506](#6506) ->
`docs/get-started/quickstart-langchain-deepagents-code.mdx`,
`docs/about/release-notes.mdx`: Document observability-preserving
managed route probes.
- [#6508](#6508) ->
`docs/about/release-notes.mdx`: Link the new extension taxonomy and
SDK-readiness reference from the release summary.

Release-source verification: GitHub reports all 29 cited source PRs as
merged with base `main`, and every merge commit is an ancestor of
`origin/main` at `17bf9a6a9688b3b1d69cf4b37d3f23110acb055e`. No
source-mapping mismatches were found.

## Type of Change

- [ ] Code change (feature, bug fix, or refactor)
- [ ] Code change with doc updates
- [ ] Doc only (prose changes, no code sample modifications)
- [x] Doc only (includes code sample changes)

## Quality Gates

<!-- Check exactly one tests line and one docs line. Check other lines
when applicable. Add every requested justification or approval
reference. -->
- [ ] Tests added or updated for changed behavior
- [ ] Existing tests cover changed behavior — justification:
- [x] Tests not applicable — justification: Documentation-only
release-prep changes; `npm run docs` validates variants, routes, and
Fern content.
- [x] Docs updated for user-facing behavior changes
- [ ] Docs not applicable — justification:
- [ ] Sensitive paths changed (security, policy, credentials, preflight,
onboarding, inference, runner, sandbox, or messaging)
- [ ] Sensitive-path review completed or maintainer-approved waiver
recorded — reviewer/approval link/justification:
- [ ] Non-success, skipped, or missing CI check accepted by maintainer —
check name, approval link, and follow-up issue:

## Verification

<!-- Check each applicable item only when supported by the requested
evidence. Run targeted tests once per relevant change set and rerun
after later edits or hook autofixes that can affect the tested behavior.
Do not rerun hook-covered checks. -->
- [x] PR description includes the DCO sign-off declaration and every
commit appears as `Verified` in GitHub
- [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or
`npm run check:diff` passed when hooks were skipped or unavailable
- [x] Targeted behavior tests pass for the current change set, or tests
are marked not applicable above — command/result or justification: Tests
are not applicable to this documentation-only change set.
- [ ] Applicable broad gate passed — `npm test` for broad
runtime/test-harness changes; `npm run check` for repo-wide
validation/coverage changes — command/result:
- [x] Quality Gates section completed with required justifications or
waivers
- [x] No secrets, API keys, or credentials committed
- [ ] `npm run docs` builds without warnings (doc changes only) — exited
0 with zero errors; Fern reported the existing unauthenticated
redirect-check and light-mode contrast warnings.
- [x] Doc pages follow the [style
guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md)
(doc changes only)
- [ ] New doc pages include SPDX header and frontmatter (new pages only)

---
<!-- DCO sign-off is required in this PR description, and every commit
must appear as Verified in GitHub. Run: git config user.name && git
config user.email -->
Signed-off-by: Charan Jagwani <cjagwani@nvidia.com>

---------

Signed-off-by: cjagwani <cjagwani@nvidia.com>
Hadar301 pushed a commit to Hadar301/NemoClaw-OpenShift that referenced this pull request Jul 12, 2026
## Summary
- check the registered Ollama route before OpenClaw agent passthrough
- translate persisted proxy and WSL bridge routes back to an allowlisted
host daemon
- require a successful, semantically valid Ollama warm response while
preserving OpenClaw canonical errors on failure

## Validation
- `npx vitest run --project cli
src/lib/actions/sandbox/agent/ollama-restart-recovery.test.ts
src/lib/actions/sandbox/agent/passthrough.test.ts`
- `npm run build:cli`
- `npm run typecheck`
- `npx @biomejs/biome check ...` (touched TypeScript files)
- `npm run checks`
- `npm run test-size:check`
- `npm run docs:check-agent-variants`

Supersedes NVIDIA#6076.
Fixes NVIDIA#6039.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added best-effort Ollama “restart recovery” during OpenClaw agent
passthrough, including a bounded warm-up when models may be unloaded
after a daemon restart.
* **Documentation**
* Updated local inference and troubleshooting guidance with
Ollama-specific warm-up/timeout and continued-dispatch behavior.
* **Bug Fixes**
* Reduces post-restart failures by safely probing model availability,
warming with routed requests, and continuing dispatch when warm-up times
out or fails.
* **Tests**
* Expanded unit, integration, and GPU end-to-end coverage for warm-up
skip/warm/warn outcomes and correct recovery-before-dispatch ordering.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---
Signed-off-by: cjagwani <cjagwani@nvidia.com>

---------

Signed-off-by: cjagwani <cjagwani@nvidia.com>
Signed-off-by: Apurv Kumaria <akumaria@nvidia.com>
Co-authored-by: Ho Lim <subhoya@gmail.com>
Co-authored-by: Apurv Kumaria <akumaria@nvidia.com>
Hadar301 pushed a commit to Hadar301/NemoClaw-OpenShift that referenced this pull request Jul 12, 2026
<!-- markdownlint-disable MD041 -->
## Summary

Prepares the user documentation for NemoClaw v0.0.78 by replacing the
unreleased section with release highlights and synchronizing the
affected inference, lifecycle, messaging, and CLI reference pages with
merged behavior.

## Changes

- Publish the v0.0.78 release-notes section with links to the most
specific user guides for each shipped behavior.
- Document authoritative Deep Agents route health, Nemotron Ultra
profile behavior, and Hermes compatible-endpoint context metadata.
- Document forced rebuild recovery after total backup failure and the
ownership-safe tunnel/full-stop behavior.
- Keep command examples and shared agent variants aligned with the
current OpenClaw, Hermes, and Deep Agents interfaces.

Source mapping:

- [NVIDIA#3787](NVIDIA#3787) ->
`docs/about/release-notes.mdx`: Record reliable workspace template
seeding during sandbox startup.
- [NVIDIA#4960](NVIDIA#4960) ->
`docs/about/release-notes.mdx`: Record safer detection of rewritten
OpenClaw gateway processes.
- [NVIDIA#5676](NVIDIA#5676) ->
`docs/about/release-notes.mdx`: Record warning-tolerant agent-list JSON
handling.
- [NVIDIA#5857](NVIDIA#5857) ->
`docs/about/release-notes.mdx`: Record synchronization of explicit
OpenClaw main-agent model state.
- [NVIDIA#5929](NVIDIA#5929) ->
`docs/about/release-notes.mdx`: Record copyable SSH port-forward
guidance for remote dashboards.
- [NVIDIA#6068](NVIDIA#6068) ->
`docs/about/release-notes.mdx`: Record custom-image plugin provenance
reconciliation.
- [NVIDIA#6116](NVIDIA#6116) ->
`docs/about/release-notes.mdx`: Record live-loopback dashboard-forward
recovery.
- [NVIDIA#6122](NVIDIA#6122) ->
`docs/about/release-notes.mdx`: Announce validated, round-trippable
policy YAML output.
- [NVIDIA#6211](NVIDIA#6211) ->
`docs/manage-sandboxes/lifecycle.mdx`, `docs/reference/commands.mdx`,
`docs/about/release-notes.mdx`: Explain the explicit no-backup `rebuild
--force` recovery boundary.
- [NVIDIA#6283](NVIDIA#6283) ->
`docs/about/release-notes.mdx`: Record Hermes WebUI port alignment.
- [NVIDIA#6293](NVIDIA#6293) ->
`docs/inference/switch-inference-providers.mdx`,
`docs/about/release-notes.mdx`: Document compatible-endpoint
context-length probing for Hermes.
- [NVIDIA#6320](NVIDIA#6320) ->
`docs/about/release-notes.mdx`: Record bounded gateway-recovery waits.
- [NVIDIA#6377](NVIDIA#6377) ->
`docs/reference/commands.mdx`, `docs/about/release-notes.mdx`: Explain
rebuild diagnostics and prepared MCP-destroy recovery.
- [NVIDIA#6412](NVIDIA#6412) ->
`docs/get-started/quickstart-langchain-deepagents-code.mdx`,
`docs/about/release-notes.mdx`: Document authoritative agent-visible
inference route health.
- [NVIDIA#6421](NVIDIA#6421) ->
`docs/about/release-notes.mdx`: Record the longer quiet-pull window for
managed vLLM images.
- [NVIDIA#6431](NVIDIA#6431) ->
`docs/inference/model-capability-audit.mdx`,
`docs/about/release-notes.mdx`: Document the version-pinned Nemotron
Ultra profile plugin.
- [NVIDIA#6439](NVIDIA#6439) ->
`docs/about/release-notes.mdx`: Summarize the authenticated, pinned
credential-capture helper boundary.
- [NVIDIA#6450](NVIDIA#6450) ->
`docs/manage-sandboxes/messaging-channels.mdx`,
`docs/reference/commands.mdx`, `docs/about/release-notes.mdx`: Document
host-forward cleanup and ownership-safe gateway-port release.
- [NVIDIA#6474](NVIDIA#6474) ->
`docs/manage-sandboxes/messaging-channels.mdx`,
`docs/about/release-notes.mdx`: Record composable OpenClaw messaging
runtime loaders.
- [NVIDIA#6475](NVIDIA#6475) ->
`docs/about/release-notes.mdx`: Record removal of the unavailable Kimi
K2.6 production endpoint option.
- [NVIDIA#6480](NVIDIA#6480) ->
`docs/about/release-notes.mdx`: Record stderr routing for the plugin
registration banner.
- [NVIDIA#6481](NVIDIA#6481) ->
`docs/about/release-notes.mdx`: Record post-pull Ollama model discovery
checks.
- [NVIDIA#6482](NVIDIA#6482) ->
`docs/about/release-notes.mdx`: Record Ollama model warm-up after daemon
restart.
- [NVIDIA#6486](NVIDIA#6486) ->
`docs/about/release-notes.mdx`: Publish the opt-in, thread-scoped Deep
Agents auto-approval boundary.
- [NVIDIA#6490](NVIDIA#6490) ->
`docs/about/release-notes.mdx`: Record diagnostics for custom images
missing the managed runtime.
- [NVIDIA#6494](NVIDIA#6494) ->
`docs/inference/model-capability-audit.mdx`,
`docs/about/release-notes.mdx`: Document nonempty tool-call content
preservation and placeholder rejection.
- [NVIDIA#6497](NVIDIA#6497) ->
`docs/get-started/quickstart-langchain-deepagents-code.mdx`,
`docs/about/release-notes.mdx`: Document isolated Deep Agents
route-probe output.
- [NVIDIA#6506](NVIDIA#6506) ->
`docs/get-started/quickstart-langchain-deepagents-code.mdx`,
`docs/about/release-notes.mdx`: Document observability-preserving
managed route probes.
- [NVIDIA#6508](NVIDIA#6508) ->
`docs/about/release-notes.mdx`: Link the new extension taxonomy and
SDK-readiness reference from the release summary.

Release-source verification: GitHub reports all 29 cited source PRs as
merged with base `main`, and every merge commit is an ancestor of
`origin/main` at `17bf9a6a9688b3b1d69cf4b37d3f23110acb055e`. No
source-mapping mismatches were found.

## Type of Change

- [ ] Code change (feature, bug fix, or refactor)
- [ ] Code change with doc updates
- [ ] Doc only (prose changes, no code sample modifications)
- [x] Doc only (includes code sample changes)

## Quality Gates

<!-- Check exactly one tests line and one docs line. Check other lines
when applicable. Add every requested justification or approval
reference. -->
- [ ] Tests added or updated for changed behavior
- [ ] Existing tests cover changed behavior — justification:
- [x] Tests not applicable — justification: Documentation-only
release-prep changes; `npm run docs` validates variants, routes, and
Fern content.
- [x] Docs updated for user-facing behavior changes
- [ ] Docs not applicable — justification:
- [ ] Sensitive paths changed (security, policy, credentials, preflight,
onboarding, inference, runner, sandbox, or messaging)
- [ ] Sensitive-path review completed or maintainer-approved waiver
recorded — reviewer/approval link/justification:
- [ ] Non-success, skipped, or missing CI check accepted by maintainer —
check name, approval link, and follow-up issue:

## Verification

<!-- Check each applicable item only when supported by the requested
evidence. Run targeted tests once per relevant change set and rerun
after later edits or hook autofixes that can affect the tested behavior.
Do not rerun hook-covered checks. -->
- [x] PR description includes the DCO sign-off declaration and every
commit appears as `Verified` in GitHub
- [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or
`npm run check:diff` passed when hooks were skipped or unavailable
- [x] Targeted behavior tests pass for the current change set, or tests
are marked not applicable above — command/result or justification: Tests
are not applicable to this documentation-only change set.
- [ ] Applicable broad gate passed — `npm test` for broad
runtime/test-harness changes; `npm run check` for repo-wide
validation/coverage changes — command/result:
- [x] Quality Gates section completed with required justifications or
waivers
- [x] No secrets, API keys, or credentials committed
- [ ] `npm run docs` builds without warnings (doc changes only) — exited
0 with zero errors; Fern reported the existing unauthenticated
redirect-check and light-mode contrast warnings.
- [x] Doc pages follow the [style
guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md)
(doc changes only)
- [ ] New doc pages include SPDX header and frontmatter (new pages only)

---
<!-- DCO sign-off is required in this PR description, and every commit
must appear as Verified in GitHub. Run: git config user.name && git
config user.email -->
Signed-off-by: Charan Jagwani <cjagwani@nvidia.com>

---------

Signed-off-by: cjagwani <cjagwani@nvidia.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

v0.0.78 Release target

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[All Platforms][Inference] NemoClaw agent fails to recover inference after Ollama daemon restart

5 participants