test(e2e): migrate Kimi compatibility to vitest

[cv]

Summary

Migrates the Kimi compatibility E2E into a typed live Vitest scenario. The new test uses a local OpenAI-compatible endpoint with the Kimi model id, onboards a real sandbox, verifies Kimi compat/plugin wiring, checks the managed inference.local model route, and drives an OpenClaw agent smoke turn through the fake endpoint.

Related Issue

Refs #5098

Changes

• Add a typed live Vitest replacement for test/e2e/test-kimi-inference-compat.sh.
• Wire a free-standing dispatchable Vitest job into .github/workflows/e2e-vitest-scenarios.yaml.
• Preserve legacy shell deletion and any legacy shell workflow cleanup for Phase 11 per Epic: Migrate legacy bash E2E into the Vitest E2E system #5098 migration governance.

Type of Change

• Code change (feature, bug fix, or refactor)
• Code change with doc updates
• Doc only (prose changes, no code sample modifications)
• Doc only (includes code sample changes)

Verification

• PR description includes the DCO sign-off declaration and every commit appears as Verified in GitHub
• Git hooks passed during commit and push, or npx prek run --from-ref main --to-ref HEAD passes
• Targeted tests pass for changed behavior
• Full npm test passes (broad runtime changes only)
• Tests added or updated for new or changed behavior
• No secrets, API keys, or credentials committed
• Docs updated for user-facing behavior changes
• npm run docs builds without warnings (doc changes only)
• Doc pages follow the style guide (doc changes only)
• New doc pages include SPDX header and frontmatter (new pages only)

Targeted commands run:

• npx biome check --write test/e2e-scenario/live/kimi-inference-compat.test.ts
• NEMOCLAW_RUN_E2E_SCENARIOS=1 npx vitest run --project e2e-scenarios-live test/e2e-scenario/live/kimi-inference-compat.test.ts -t __compile_only_nomatch__ --silent=false --reporter=default --passWithNoTests
• npx vitest run --project e2e-vitest-support test/e2e-scenario/support-tests/e2e-scenarios-workflow.test.ts
• npx tsx scripts/check-test-file-size-budget.ts test/e2e-scenario/live/kimi-inference-compat.test.ts
• npx tsc --noEmit --strict --moduleResolution bundler --module preserve --target ES2022 --types node --allowImportingTsExtensions test/e2e-scenario/live/kimi-inference-compat.test.ts
• git diff --check

---

Signed-off-by: Carlos Villela cvillela@nvidia.com

Summary by CodeRabbit

• Tests
  • Added a live end-to-end scenario for Kimi-compatible inference, verifying sandbox onboarding, inference provider/base URL wiring, Kimi model compatibility settings, enabled plugin routing, and exposed /v1/models.
  • Validates end-to-end tool execution behavior, including correct tool-splitting/trajectory output and that chat requests return tool results.
• Chores
  • Added a dedicated CI job to run the Kimi compatibility scenario and upload Vitest artifacts.
  • Updated pull request status reporting to include the new job.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds a new live E2E Vitest scenario (kimi-inference-compat.test.ts) that validates Kimi-compatible inference endpoint wiring in an OpenClaw sandbox. The test starts a fake OpenAI-compatible server, runs nemoclaw onboard, and asserts configuration (provider, base URL, model compat flags, plugin enablement, tool-search state) and agent behavior (basic output, tool execution with trajectory validation). A corresponding CI workflow job (kimi-inference-compat-vitest) is added with Kimi-specific environment configuration, artifact upload, and inclusion in the report-to-pr aggregation. The E2E workflow boundary test is updated to support free-standing scenario enumeration.

Changes

Kimi Inference Compat E2E Scenario

Layer / File(s)	Summary
Mock server and helper utilities test/e2e-scenario/live/kimi-inference-compat.test.ts	Establishes test imports, environment construction with Kimi-specific variables, the startKimiMock() HTTP server that mocks /v1/models and /v1/chat/completions with request recording, and the parseConfig() helper to extract provider/route/plugin/tool-search state from sandbox configuration.
Test orchestration and configuration assertions test/e2e-scenario/live/kimi-inference-compat.test.ts	Implements the test execution flow: starting the mock server, provisioning/cleaning up the OpenClaw sandbox, running nemoclaw onboard with the mock endpoint, reading openclaw.json, and asserting inference provider setup, base URL, API type, model compat flags, plugin enablement, tool-search disabled, and plugin path presence.
Agent behavior and tool execution validation test/e2e-scenario/live/kimi-inference-compat.test.ts	Validates the models endpoint, runs a basic OpenClaw agent expecting OK output, then runs a second agent configured to trigger tool execution with hostname/date/uptime tools. Asserts successful completion, verifies tool-trajectory JSONL artifacts, and confirms the mock server received chat completion requests with tool enablement and tool-result messages.
CI job and PR result reporting wiring .github/workflows/e2e-vitest-scenarios.yaml	Adds the kimi-inference-compat-vitest job with conditional execution gating, Kimi-specific env vars, OpenShell installation, Vitest invocation, and artifact upload (14-day retention). Extends report-to-pr's needs list to include the new job.
E2E workflow boundary test infrastructure updates test/e2e-scenario/support-tests/e2e-scenarios-workflow.test.ts	Reorders module imports so workflow-boundary utilities precede testTimeoutOptions. Adds explicit 60-second timeout configuration to the free-standing inventory derivation test call.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• NVIDIA/NemoClaw#5401: Main PR's new kimi-inference-compat E2E Vitest scenario validates configuration wiring for the nemoclaw-kimi-inference-compat plugin, which is enhanced by the retrieved PR's improvements to managed inference model recognition.
• NVIDIA/NemoClaw#5413: Both PRs target the Kimi inference compatibility end-to-end test's tool-call and trajectory validation logic, with the main PR adding live Kimi tool execution assertions and the retrieved PR adjusting the trajectory checker for multiturn tool calls.
• NVIDIA/NemoClaw#5370: Updates the selector-inventory derivation and boundary logic in the same workflow file that gates free-standing jobs like kimi-inference-compat-vitest via inputs.jobs/inputs.scenarios.

Suggested labels

area: e2e, chore

Poem

🐇 A Kimi endpoint, shiny and new,
A fake server spun from morning dew,
The sandbox onboards, the config aligns,
The agent says "OK" — all good signs!
With artifacts saved and the PR table bright,
This bunny hops on into the night. 🌙

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately summarizes the main change: migrating a Kimi compatibility test from shell script to Vitest.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch e2e-migrate/test-kimi-inference-compat

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-code-quality]

Code Coverage Overview

Languages: TypeScript

TypeScript / code-coverage/plugin

The overall coverage in the e2e-migrate/test-kim... branch is 96%. Coverage data for the main branch is not yet available.

Show a code coverage summary of the most covered files.

File	main	e2e-migrate/test-kim... f4e6a66	+/-
nemoclaw/src/se...cret-scanner.ts	—	100%	—
nemoclaw/src/commands/slash.ts	—	100%	—
nemoclaw/src/li...bprocess-env.ts	—	100%	—
nemoclaw/src/bl...eprint/state.ts	—	98%	—
nemoclaw/src/onboard/config.ts	—	98%	—
nemoclaw/src/bl...int/snapshot.ts	—	97%	—
nemoclaw/src/bl...print/runner.ts	—	95%	—
nemoclaw/src/co...ration-state.ts	—	94%	—
nemoclaw/src/bl...ate-networks.ts	—	94%	—
nemoclaw/src/index.ts	—	94%	—

TypeScript / code-coverage/cli

The overall coverage in the e2e-migrate/test-kim... branch is 46%. Coverage data for the main branch is not yet available.

Show a code coverage summary of the most covered files.

File	main	e2e-migrate/test-kim... f4e6a66	+/-
src/lib/state/o...oard-session.ts	—	90%	—
src/lib/inference/local.ts	—	76%	—
src/lib/sandbox/config.ts	—	72%	—
src/lib/actions...dbox/rebuild.ts	—	67%	—
src/lib/onboard/preflight.ts	—	64%	—
src/lib/actions...licy-channel.ts	—	56%	—
src/lib/state/sandbox.ts	—	55%	—
src/lib/onboard...er-gpu-patch.ts	—	50%	—
src/lib/policy/index.ts	—	49%	—
src/lib/onboard.ts	—	18%	—

---

_{Updated June 19, 2026 21:47 UTC
Code Coverage is in Public Preview. Learn more and provide us with your feedback.}

[github-actions]

E2E Advisor Recommendation

Required E2E: kimi-inference-compat-vitest
Optional E2E: inference-routing-vitest

Dispatch hint: kimi-inference-compat-vitest

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

• kimi-inference-compat-vitest (high): This is the newly added live job and should be run to prove the workflow wiring, sandbox lifecycle, onboarding path, managed inference.local route, Kimi compatibility plugin behavior, and agent tool-splitting assertions all work in CI.

Optional E2E

• inference-routing-vitest (medium): Adjacent confidence check for inference.local routing and provider classification behavior. Useful because the new Kimi compatibility scenario depends on managed inference routing, but no shared runtime routing code is changed in this PR.

New E2E recommendations

• None.

Dispatch hint

• Workflow: .github/workflows/e2e-vitest-scenarios.yaml
• jobs input: kimi-inference-compat-vitest

[github-actions]

Vitest E2E Scenario Recommendation

Required Vitest E2E scenarios: kimi-inference-compat-vitest
Optional Vitest E2E scenarios: None

Dispatch required Vitest E2E scenarios:

• gh workflow run e2e-vitest-scenarios.yaml --ref <pr-head-ref> --field jobs=kimi-inference-compat-vitest

Workflow run

Full Vitest E2E advisor summary

Vitest E2E Scenario Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required Vitest E2E scenarios

• kimi-inference-compat-vitest: Focused free-standing Vitest job wired for changed live test test/e2e-scenario/live/kimi-inference-compat.test.ts.
  • Dispatch: gh workflow run e2e-vitest-scenarios.yaml --ref <pr-head-ref> --field jobs=kimi-inference-compat-vitest

Optional Vitest E2E scenarios

• None.

Relevant changed files

• .github/workflows/e2e-vitest-scenarios.yaml
• test/e2e-scenario/live/kimi-inference-compat.test.ts
• test/e2e-scenario/support-tests/e2e-scenarios-workflow.test.ts

[github-actions]

PR Review Advisor

Findings: 0 needs attention, 3 worth checking, 1 nice ideas
Since last review: 0 prior items resolved, 3 still apply, 0 new items found

Review findings

🛠️ Needs attention

• None.

🔎 Worth checking

• Source-of-truth review needed: Kimi split-exec compatibility scenario policy mode: The advisor marked localized patch analysis as needs_followup.
  • Recommendation: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Evidence: `env()` sets `NEMOCLAW_POLICY_MODE: "skip"`; the fake Kimi response emits `hostname; date; uptime`; the trajectory check requires split `exec` calls for `hostname`, `date`, and `uptime`.
• Source-of-truth review needed: OpenShell CLI path fallback in Kimi workflow job: The advisor marked localized patch analysis as needs_followup.
  • Recommendation: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Evidence: The new workflow step sets `export OPENSHELL_BIN="$(command -v openshell || true)"`.
• Document or validate the Kimi split-exec policy boundary (test/e2e-scenario/live/kimi-inference-compat.test.ts:31): The migrated Kimi compatibility scenario is regression evidence for model-produced sandbox `exec` behavior, but the shared test environment sets `NEMOCLAW_POLICY_MODE: "skip"` while also setting `NEMOCLAW_POLICY_TIER: "restricted"`. The test proves the Kimi plugin splits `hostname; date; uptime` into three benign `exec` calls only while policy enforcement is disabled, which can create a false sense of coverage for this security-adjacent sandbox/tool boundary. The source-of-truth questions from the previous review also remain unresolved: what invalid state requires policy skip, why the source cannot be fixed in this migration, what regression covers the real policy boundary, and when the skip can be removed.
  • Recommendation: Either run the benign split-exec path under the least-permissive noninteractive policy mode that should allow `hostname`, `date`, and `uptime`, or add an explicit in-test comment explaining why `skip` is required and pair this scenario with separate policy-boundary coverage.
  • Evidence: `env()` sets `NEMOCLAW_POLICY_MODE: "skip"` and `NEMOCLAW_POLICY_TIER: "restricted"`; later the fake Kimi tool call emits `hostname; date; uptime` and the trajectory check expects exactly `hostname`, `date`, and `uptime` with no remaining semicolon command.

🌱 Nice ideas

• Fail clearly when the OpenShell CLI install is not on PATH (.github/workflows/e2e-vitest-scenarios.yaml:779): The new workflow job exports `OPENSHELL_BIN="$(command -v openshell || true)"`. If the installer succeeds but PATH setup drifts, or if the installer fails to place `openshell` on PATH, this exports an empty string. `SandboxClient` treats an empty `OPENSHELL_BIN` as the explicit binary path instead of falling back to `openshell`, so later sandbox operations can fail with less actionable diagnostics than neighboring jobs.
  • Recommendation: Use the existing neighboring-job pattern: check `command -v openshell`, fall back to `$HOME/.local/bin/openshell` if executable, fail with `::error::OpenShell CLI not found after install` otherwise, and print `"$OPENSHELL_BIN" --version` before running Vitest.
  • Evidence: The new Kimi job uses `export OPENSHELL_BIN="$(command -v openshell || true)"`; adjacent free-standing jobs validate OpenShell availability and fail explicitly when it is missing.

Consider writing more tests for

• **Runtime validation** — Kimi Vitest scenario reaches the host fake endpoint through sandbox `https://inference.local/v1/models\` after onboarding with `NEMOCLAW_ENDPOINT_URL=http://127.0.0.1:<port>/v1\`.. This PR changes a workflow plus live sandbox/inference E2E coverage. The added test is appropriately direct and preserves real CLI/sandbox boundaries, but runtime validation is the meaningful confidence mechanism for host mock reachability, managed `inference.local` routing, OpenShell installation, and model-produced tool execution.
• **Runtime validation** — Kimi split-exec prompt runs under the least-permissive noninteractive policy mode expected to allow benign `hostname`, `date`, and `uptime`, or a separate policy-boundary test documents and covers why `skip` is required here.. This PR changes a workflow plus live sandbox/inference E2E coverage. The added test is appropriately direct and preserves real CLI/sandbox boundaries, but runtime validation is the meaningful confidence mechanism for host mock reachability, managed `inference.local` routing, OpenShell installation, and model-produced tool execution.
• **Runtime validation** — Workflow selector `scenarios=kimi-inference-compat` selects only `kimi-inference-compat-vitest` and leaves `registryScenarios` empty.. This PR changes a workflow plus live sandbox/inference E2E coverage. The added test is appropriately direct and preserves real CLI/sandbox boundaries, but runtime validation is the meaningful confidence mechanism for host mock reachability, managed `inference.local` routing, OpenShell installation, and model-produced tool execution.
• **Runtime validation** — The Kimi workflow job fails with a clear OpenShell CLI error when `scripts/install-openshell.sh` does not leave `openshell` on PATH or at `$HOME/.local/bin/openshell`.. This PR changes a workflow plus live sandbox/inference E2E coverage. The added test is appropriately direct and preserves real CLI/sandbox boundaries, but runtime validation is the meaningful confidence mechanism for host mock reachability, managed `inference.local` routing, OpenShell installation, and model-produced tool execution.
• **Runtime validation** — If public NVIDIA/Kimi compatibility remains required outside the hermetic mock path, identify or add separate coverage proving the public provider route still works.. This PR changes a workflow plus live sandbox/inference E2E coverage. The added test is appropriately direct and preserves real CLI/sandbox boundaries, but runtime validation is the meaningful confidence mechanism for host mock reachability, managed `inference.local` routing, OpenShell installation, and model-produced tool execution.
• **Acceptance clause:** No trusted linked issue clauses or issue comments were available in the deterministic validation context. — add test evidence or identify existing coverage. `linkedIssues` was empty. The PR body mentions `Refs Epic: Migrate legacy bash E2E into the Vitest E2E system #5098`, but PR-provided text is untrusted evidence and no issue body/comments were available to map literally. Diff evidence shows a new Kimi Vitest scenario and workflow job, while the legacy shell script still exists.
• **Kimi split-exec compatibility scenario policy mode** — The new Vitest scenario proves Kimi command splitting and trajectory success with policy enforcement disabled; it does not prove the real policy boundary.. `env()` sets `NEMOCLAW_POLICY_MODE: "skip"`; the fake Kimi response emits `hostname; date; uptime`; the trajectory check requires split `exec` calls for `hostname`, `date`, and `uptime`.
• **OpenShell CLI path fallback in Kimi workflow job** — No targeted negative validation is added for the missing-OpenShell path.. The new workflow step sets `export OPENSHELL_BIN="$(command -v openshell || true)"`.

Since last review details

Current findings:

• Source-of-truth review needed: Kimi split-exec compatibility scenario policy mode: The advisor marked localized patch analysis as needs_followup.
  • Recommendation: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Evidence: `env()` sets `NEMOCLAW_POLICY_MODE: "skip"`; the fake Kimi response emits `hostname; date; uptime`; the trajectory check requires split `exec` calls for `hostname`, `date`, and `uptime`.
• Source-of-truth review needed: OpenShell CLI path fallback in Kimi workflow job: The advisor marked localized patch analysis as needs_followup.
  • Recommendation: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Evidence: The new workflow step sets `export OPENSHELL_BIN="$(command -v openshell || true)"`.
• Document or validate the Kimi split-exec policy boundary (test/e2e-scenario/live/kimi-inference-compat.test.ts:31): The migrated Kimi compatibility scenario is regression evidence for model-produced sandbox `exec` behavior, but the shared test environment sets `NEMOCLAW_POLICY_MODE: "skip"` while also setting `NEMOCLAW_POLICY_TIER: "restricted"`. The test proves the Kimi plugin splits `hostname; date; uptime` into three benign `exec` calls only while policy enforcement is disabled, which can create a false sense of coverage for this security-adjacent sandbox/tool boundary. The source-of-truth questions from the previous review also remain unresolved: what invalid state requires policy skip, why the source cannot be fixed in this migration, what regression covers the real policy boundary, and when the skip can be removed.
  • Recommendation: Either run the benign split-exec path under the least-permissive noninteractive policy mode that should allow `hostname`, `date`, and `uptime`, or add an explicit in-test comment explaining why `skip` is required and pair this scenario with separate policy-boundary coverage.
  • Evidence: `env()` sets `NEMOCLAW_POLICY_MODE: "skip"` and `NEMOCLAW_POLICY_TIER: "restricted"`; later the fake Kimi tool call emits `hostname; date; uptime` and the trajectory check expects exactly `hostname`, `date`, and `uptime` with no remaining semicolon command.
• Fail clearly when the OpenShell CLI install is not on PATH (.github/workflows/e2e-vitest-scenarios.yaml:779): The new workflow job exports `OPENSHELL_BIN="$(command -v openshell || true)"`. If the installer succeeds but PATH setup drifts, or if the installer fails to place `openshell` on PATH, this exports an empty string. `SandboxClient` treats an empty `OPENSHELL_BIN` as the explicit binary path instead of falling back to `openshell`, so later sandbox operations can fail with less actionable diagnostics than neighboring jobs.
  • Recommendation: Use the existing neighboring-job pattern: check `command -v openshell`, fall back to `$HOME/.local/bin/openshell` if executable, fail with `::error::OpenShell CLI not found after install` otherwise, and print `"$OPENSHELL_BIN" --version` before running Vitest.
  • Evidence: The new Kimi job uses `export OPENSHELL_BIN="$(command -v openshell || true)"`; adjacent free-standing jobs validate OpenShell availability and fail explicitly when it is missing.

Workflow run details

This is an automated advisory review. A human maintainer must make the final merge decision.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/e2e-scenario/live/kimi-inference-compat.test.ts`:
- Around line 77-83: The JSON.parse call in the req.on("end", ...) callback
within startKimiMock is unguarded and will crash the Vitest worker if a
malformed payload is received. Wrap the JSON.parse(raw || "{}") call in a
try-catch block to handle parsing errors gracefully. When a parsing error
occurs, send an appropriate error response to the client (such as a 400 Bad
Request) instead of allowing the exception to propagate and crash the worker
process.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: ea0b1764-88a0-42cb-aa42-177f95d41d25

📥 Commits

Reviewing files that changed from the base of the PR and between 3d47296 and 138b4b2.

📒 Files selected for processing (1)

• test/e2e-scenario/live/kimi-inference-compat.test.ts