fix(logs): honor tail and since flags

[deepujain]

Summary

Fixes #2755.

This teaches nemoclaw <name> logs to parse the documented log flags instead of silently discarding them:

• --tail <lines> and -n <lines> now drive the line count sent to both log sources.
• --since <duration> is forwarded to openshell logs and skips the unfiltered gateway-log tail.
• --help prints usage and exits without fetching logs.
• Unknown or malformed logs flags now fail clearly instead of returning an unrelated full dump.

Validation

• npm run build:cli
• npm run typecheck:cli
• npm test -- test/cli.test.ts
• npm install --ignore-scripts and npm run build in nemoclaw/
• npm test -- test/ssrf-parity.test.ts nemoclaw/src/commands/migration-state.test.ts

Full npm test was also rerun after the nested build; the changed CLI coverage passes, while the existing installer/uninstall suites still fail in this local worktree.

Summary by CodeRabbit

• New Features

  • Added --tail (or -n) to limit log output (default 200 lines)
  • Added --since to filter logs from a given time
  • Allow combining --follow with --tail and --since for streamed/filtered logs

• Documentation

  • Updated logs command help/usage to include the new filtering and streaming options

• Tests

  • Expanded CLI tests to cover new flags, help text, and dispatch behavior

Signed-off-by: Aaron Erickson aerickson@nvidia.com

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds --tail/-n, --since and expanded --help support for nemoclaw <name> logs; introduces a typed SandboxLogsOptions, updates CLI flags/validation, changes runtime bridge and action code to accept options, and updates tests and help dispatch to reflect and validate the new behavior. (47 words)

Changes

Logs feature — options, plumbing, and behavior

Layer / File(s)	Summary
Options Type & Constants src/lib/sandbox-logs-options.ts	New SandboxLogsOptions type (follow, lines, since) and DEFAULT_SANDBOX_LOG_LINES = "200".
Command Registry / Usage src/lib/command-registry.ts	nemoclaw <name> logs flags/usage string expanded to include --tail/-n and --since.
CLI Command: flags & validation src/lib/sandbox-logs-cli-command.ts	Adds --tail/-n (min 1) and --since (validated via LOGS_SINCE_DURATION_RE), updates usage, normalizes --since, and calls runtime bridge with an options object.
Runtime Bridge API src/lib/nemoclaw-runtime-bridge.ts, src/lib/sandbox-runtime-actions.ts	sandboxLogs signature changed from (sandboxName, follow: boolean) to (sandboxName, options: SandboxLogsOptions) and callers updated accordingly.
Core log-stream implementation src/lib/sandbox-logs-action.ts	Introduces normalizeSandboxLogsOptions(), option-driven arg builders, streams/generation updated to use lines and since; gateway tail probe omitted when since is provided.
Help routing src/lib/legacy-oclif-dispatch.ts	resolveSandboxOclifDispatch returns expanded help usage for logs when --help/-h is present.
Tests / Validation test/cli.test.ts, src/lib/sandbox-logs-cli-command.test.ts, src/lib/legacy-oclif-dispatch.test.ts	Updated and added tests covering help output, propagation of --tail/-n and --since to OpenShell/gateway, --follow --since behavior, malformed/unknown flags causing early failure, and bridge invocation with options object.

Sequence Diagram(s)

sequenceDiagram
  participant CLI as nemoClaw CLI
  participant Bridge as Runtime Bridge
  participant OpenShell as OpenShell (sandbox logs)
  participant Gateway as OpenClaw Gateway (tail probe)

  CLI->>Bridge: sandboxLogs(name, {follow, lines, since})
  alt since not provided
    Bridge->>Gateway: sandbox exec ... tail -n <lines> /tmp/gateway.log
    Gateway-->>Bridge: gateway tail output
  end
  Bridge->>OpenShell: logs <name> -n <lines> --source all [--since <duration>] [--tail]
  OpenShell-->>Bridge: sandbox logs output (stream or one-shot)
  Bridge-->>CLI: stream/print combined outputs

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 Through tunnels of flags I hop and peep,
I tuck the tails and trim the time so deep,
Help pops a sign, the bridge takes the reins,
Gateway skips when since holds the chains,
Logs come just right — a tidy, bouncy sweep.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 4.17% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title 'fix(logs): honor tail and since flags' directly and concisely describes the main change: enabling the --tail and --since flags in the logs command, which were previously ignored.
Linked Issues check	✅ Passed	The PR implements all coding requirements from issue #2755: adds --tail/-n and --since flag parsing, forwards them to log sources, adds --help support, updates command registration with new flags, and adds validation with clear error messages for invalid flags.
Out of Scope Changes check	✅ Passed	All changes directly address the objectives in issue #2755; no out-of-scope modifications to unrelated features or files were introduced.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (2)

test/cli.test.ts (1)

724-767: ⚡ Quick win

Add a malformed -n test to close the alias-validation gap.

Line 724 adds the happy path for -n, but only --tail has an explicit malformed-input test right now. Adding one negative -n case would guard alias-specific regressions.

Proposed test addition

   it("passes -n line count to both log sources", () => {
     const setup = createLogsTestSetup("nemoclaw-cli-logs-n-");
     const r = setup.runLogs("alpha logs -n 25");
@@
     ]);
   });

+  it("rejects -n without a line count", () => {
+    const setup = createLogsTestSetup("nemoclaw-cli-logs-n-missing-");
+    const r = setup.runLogs("alpha logs -n 2>&1");
+
+    expect(r.code).toBe(1);
+    expect(r.out).toContain("positive line count");
+    expect(setup.readCalls()).toEqual([]);
+  });
+
   it("passes --since to OpenShell logs without an unfiltered gateway tail", () => {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/cli.test.ts` around lines 724 - 767, Add a negative test for the -n
alias similar to the existing --tail test: create a test named like "rejects -n
without a line count" that uses createLogsTestSetup and calls
setup.runLogs("alpha logs -n 2>&1"), then assert r.code === 1, r.out contains
the same error string used for --tail ("--tail requires a positive line count"),
and setup.readCalls() returns an empty array; refer to createLogsTestSetup,
runLogs, and the existing "--tail" test as templates to place and structure the
new spec.

src/nemoclaw.ts (1)

4565-4570: Optional: run targeted E2E workflows for lifecycle safety

Since this change lives in src/nemoclaw.ts, it’s worth running the two recommended nightly E2E jobs before merge to catch any unexpected sandbox command interactions.

As per coding guidelines: for src/nemoclaw.ts, run sandbox-survival-e2e and sandbox-operations-e2e selectively via gh workflow run nightly-e2e.yaml --ref <branch> -f jobs=sandbox-survival-e2e,sandbox-operations-e2e.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/nemoclaw.ts` around lines 4565 - 4570, This change touches
src/nemoclaw.ts (around the sandboxLogs / parseSandboxLogsArgs usage), so before
merging run the two targeted nightly E2E jobs for lifecycle safety: trigger the
GitHub Actions workflow for sandbox-survival-e2e and sandbox-operations-e2e on
your branch (use the nightly-e2e workflow with the jobs filter for those two
jobs and the current branch/ref) and confirm both pass to catch any sandbox
command regressions.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@src/nemoclaw.ts`:
- Around line 4565-4570: This change touches src/nemoclaw.ts (around the
sandboxLogs / parseSandboxLogsArgs usage), so before merging run the two
targeted nightly E2E jobs for lifecycle safety: trigger the GitHub Actions
workflow for sandbox-survival-e2e and sandbox-operations-e2e on your branch (use
the nightly-e2e workflow with the jobs filter for those two jobs and the current
branch/ref) and confirm both pass to catch any sandbox command regressions.

In `@test/cli.test.ts`:
- Around line 724-767: Add a negative test for the -n alias similar to the
existing --tail test: create a test named like "rejects -n without a line count"
that uses createLogsTestSetup and calls setup.runLogs("alpha logs -n 2>&1"),
then assert r.code === 1, r.out contains the same error string used for --tail
("--tail requires a positive line count"), and setup.readCalls() returns an
empty array; refer to createLogsTestSetup, runLogs, and the existing "--tail"
test as templates to place and structure the new spec.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 22cf294a-92db-433e-b978-940b45789a22

📥 Commits

Reviewing files that changed from the base of the PR and between f9d21af and 4a1e360.

📒 Files selected for processing (3)

• src/lib/command-registry.ts
• src/nemoclaw.ts
• test/cli.test.ts

[deepujain]

Added the missing -n validation test and reran npm test -- test/cli.test.ts locally.

[coderabbitai]

🧹 Nitpick comments (1)

test/cli.test.ts (1)

746-757: ⚡ Quick win

Add a --follow --since combo test to lock in gateway-skip behavior

Line 746 covers --since in non-follow mode, but the streaming branch is also sensitive here. A focused combo test would prevent regressions where gateway tailing is accidentally reintroduced for follow streams.

💡 Suggested test addition

+  it("skips OpenClaw source for logs --follow --since and forwards both flags to OpenShell", () => {
+    const setup = createLogsTestSetup("nemoclaw-cli-logs-follow-since-");
+    const r = setup.runLogs("alpha logs --follow --since 5m");
+
+    const calls = setup.readCalls();
+    expect(r.code).toBe(0);
+    expect(calls).toContain("settings set alpha --key ocsf_json_enabled --value true");
+    expect(calls).toContain("logs alpha -n 200 --source all --since 5m --tail");
+    expect(calls.some((call) => call.startsWith("sandbox exec -n alpha"))).toBe(false);
+  });

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/cli.test.ts` around lines 746 - 757, Add a new test that mirrors the
existing "passes --since to OpenShell logs without an unfiltered gateway tail"
but uses the follow flag to lock in gateway-skip behavior: create a test (e.g.,
"passes --follow --since to OpenShell logs without an unfiltered gateway tail")
that calls createLogsTestSetup("nemoclaw-cli-logs-since-follow-") and invokes
setup.runLogs("alpha logs --follow --since 5m"), then assert r.code === 0,
assert the expected preflight calls include "settings set alpha --key
ocsf_json_enabled --value true" and "logs alpha -n 200 --source all --since 5m",
and assert no call startsWith("sandbox exec -n alpha") (using the same
readCalls/assert pattern as the existing test) so the follow+since combo does
not reintroduce gateway tailing.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@test/cli.test.ts`:
- Around line 746-757: Add a new test that mirrors the existing "passes --since
to OpenShell logs without an unfiltered gateway tail" but uses the follow flag
to lock in gateway-skip behavior: create a test (e.g., "passes --follow --since
to OpenShell logs without an unfiltered gateway tail") that calls
createLogsTestSetup("nemoclaw-cli-logs-since-follow-") and invokes
setup.runLogs("alpha logs --follow --since 5m"), then assert r.code === 0,
assert the expected preflight calls include "settings set alpha --key
ocsf_json_enabled --value true" and "logs alpha -n 200 --source all --since 5m",
and assert no call startsWith("sandbox exec -n alpha") (using the same
readCalls/assert pattern as the existing test) so the follow+since combo does
not reintroduce gateway tailing.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 966ee038-e7f4-4def-a5a4-416b42e918c7

📥 Commits

Reviewing files that changed from the base of the PR and between 4a1e360 and 3c30736.

📒 Files selected for processing (1)

• test/cli.test.ts

[deepujain]

Added the --follow --since combo test and reran npm test -- test/cli.test.ts locally.

[coderabbitai]

🧹 Nitpick comments (1)

test/cli.test.ts (1)

737-745: ⚡ Quick win

Expand the remaining negative-path coverage.

You already cover missing -n / --tail values and unknown flags, but the new suite still misses the --since missing-value branch and malformed line-count inputs like 0 or non-numeric values. One small regression case for each would close that gap.

Also applies to: 770-787

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/cli.test.ts` around lines 737 - 745, Add tests to expand negative-path
coverage: using the existing test helpers createLogsTestSetup and its runLogs
method, add cases that call "alpha logs --since 2>&1" to assert exit code 1 and
an error message about "--since requires a timestamp" (or similar), and add
separate tests calling "alpha logs -n 0 2>&1" and "alpha logs -n foo 2>&1" to
assert exit code 1, the "-n requires a positive line count" message, and that no
read calls were made (setup.readCalls() === []). Place these alongside the
existing "rejects -n without a line count" test so the suite covers missing
--since and malformed/zero -n inputs.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@test/cli.test.ts`:
- Around line 737-745: Add tests to expand negative-path coverage: using the
existing test helpers createLogsTestSetup and its runLogs method, add cases that
call "alpha logs --since 2>&1" to assert exit code 1 and an error message about
"--since requires a timestamp" (or similar), and add separate tests calling
"alpha logs -n 0 2>&1" and "alpha logs -n foo 2>&1" to assert exit code 1, the
"-n requires a positive line count" message, and that no read calls were made
(setup.readCalls() === []). Place these alongside the existing "rejects -n
without a line count" test so the suite covers missing --since and
malformed/zero -n inputs.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 4d3afef3-02af-462a-83c3-ae79284ec334

📥 Commits

Reviewing files that changed from the base of the PR and between 3c30736 and 4bd9a1b.

📒 Files selected for processing (1)

• test/cli.test.ts

[deepujain]

Expanded the logs parser negative-path tests for missing --since, zero line count, and non-numeric -n; build:cli, typecheck:cli, and the focused CLI suite pass locally.

[ericksoa]

Approved after re-review. Required checks are green; logs flag parsing/build/typecheck/focused CLI validation passed locally, and the full nightly validation branch had no PR-required failures.