test(e2e): migrate Telegram injection to Vitest

.github/workflows/e2e-vitest-scenarios.yaml

@@ -4056,6 +4056,117 @@ jobs:
           docker logout docker.io || true
           rm -rf "${DOCKER_CONFIG}"
 
+  telegram-injection-vitest:
+    needs: generate-matrix
+    if: ${{ (inputs.jobs == '' && inputs.scenarios == '') || contains(format(',{0},', inputs.jobs), ',telegram-injection-vitest,') || contains(format(',{0},', inputs.scenarios), ',telegram-injection,') }}
+    runs-on: ubuntu-latest
+    timeout-minutes: 45
+    env:
+      FREE_STANDING_VITEST_JOB: "1"
+      FREE_STANDING_SCENARIO_ID: "telegram-injection"
+      E2E_ARTIFACT_DIR: ${{ github.workspace }}/e2e-artifacts/vitest/telegram-injection
+      NEMOCLAW_CLI_BIN: ${{ github.workspace }}/bin/nemoclaw.js
+      NEMOCLAW_RUN_E2E_SCENARIOS: "1"
+      NEMOCLAW_NON_INTERACTIVE: "1"
+      NEMOCLAW_ACCEPT_THIRD_PARTY_SOFTWARE: "1"
+      NEMOCLAW_SANDBOX_NAME: "e2e-telegram-injection"
+      OPENSHELL_GATEWAY: "nemoclaw"
+    steps:
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        with:
+          persist-credentials: false
+
+      - name: Configure isolated Docker auth directory
+        run: echo "DOCKER_CONFIG=${RUNNER_TEMP}/docker-config-telegram-injection" >> "$GITHUB_ENV"
+
+      - name: Authenticate to Docker Hub
+        env:
+          DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+          DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
+        shell: bash
+        run: |
+          set -euo pipefail
+          if [[ -z "${DOCKERHUB_USERNAME}" || -z "${DOCKERHUB_TOKEN}" ]]; then
+            echo "::notice::Docker Hub credentials not configured; continuing with anonymous pulls."
+            exit 0
+          fi
+          mkdir -p "${DOCKER_CONFIG}"
+          chmod 700 "${DOCKER_CONFIG}"
+          login_succeeded=0
+          for attempt in 1 2 3; do
+            if echo "${DOCKERHUB_TOKEN}" | timeout 30s docker login docker.io --username "${DOCKERHUB_USERNAME}" --password-stdin; then
+              login_succeeded=1
+              break
+            fi
+            if [[ "$attempt" -lt 3 ]]; then
+              echo "::warning::Docker Hub login attempt ${attempt} failed; retrying."
+              sleep 5
+            fi
+          done
+          if [[ "$login_succeeded" -ne 1 ]]; then
+            echo "::warning::Docker Hub login failed after 3 attempts; continuing with anonymous pulls."
+          fi
+
+      - name: Set up Node
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.0.0
+        with:
+          node-version: 22
+          cache: npm
+
+      - name: Install root dependencies
+        run: npm ci --ignore-scripts
+
+      - name: Build CLI
+        run: npm run build:cli
+
+      - name: Install OpenShell
+        env:
+          NEMOCLAW_NON_INTERACTIVE: "1"
+        run: |
+          set -euo pipefail
+          env -u DOCKER_CONFIG -u DOCKERHUB_USERNAME -u DOCKERHUB_TOKEN -u NVIDIA_API_KEY -u NVIDIA_INFERENCE_API_KEY -u GITHUB_TOKEN bash scripts/install-openshell.sh
+
+      - name: Run Telegram injection live test
+        # Migrated from test/e2e/test-telegram-injection.sh. Preserves the
+        # real OpenShell sandbox boundary for shell metacharacter payloads,
+        # process-table leak checks, and validateName rejection probes.
+        env:
+          NVIDIA_INFERENCE_API_KEY: ${{ secrets.NVIDIA_INFERENCE_API_KEY }}
+        run: |
+          set -euo pipefail
+          export PATH="$HOME/.local/bin:$HOME/.npm-global/bin:$PATH"
+          if command -v openshell >/dev/null 2>&1; then
+            OPENSHELL_BIN="$(command -v openshell)"
+          elif [ -x "$HOME/.local/bin/openshell" ]; then
+            OPENSHELL_BIN="$HOME/.local/bin/openshell"
+          else
+            echo "::error::OpenShell CLI not found after install"
+            ls -la /usr/local/bin/openshell "$HOME/.local/bin/openshell" 2>&1 || true
+            exit 1
+          fi
+          export OPENSHELL_BIN
+          "$OPENSHELL_BIN" --version
+          npx vitest run --project e2e-scenarios-live \
+            test/e2e-scenario/live/telegram-injection.test.ts \
+            --silent=false --reporter=default
+
+      - name: Upload Telegram injection artifacts
+        if: always()
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        with:
+          name: e2e-vitest-scenarios-telegram-injection
+          path: e2e-artifacts/vitest/telegram-injection/
+          include-hidden-files: false
+          if-no-files-found: ignore
+          retention-days: 14
+
+      - name: Clean up Docker auth
+        if: always()
+        run: |
+          set -euo pipefail
+          docker logout docker.io || true
+          rm -rf "${DOCKER_CONFIG}"
+
   issue-2478-crash-loop-recovery-vitest:
     needs: generate-matrix
     if: ${{ (inputs.jobs == '' && inputs.scenarios == '') || contains(format(',{0},', inputs.jobs), ',issue-2478-crash-loop-recovery-vitest,') || contains(format(',{0},', inputs.scenarios), ',issue-2478-crash-loop-recovery,') }}
@@ -4226,6 +4337,7 @@ jobs:
         gateway-health-honest-vitest,
         device-auth-health-vitest,
         channels-add-remove-vitest,
+        telegram-injection-vitest,
       ]
     if: ${{ always() && github.event_name == 'workflow_dispatch' }}
     permissions:

test/e2e-scenario/live/phase6-messaging-helpers.ts

@@ -0,0 +1,201 @@
+// SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+import path from "node:path";
+
+import { buildAvailabilityProbeEnv } from "../fixtures/availability-env.ts";
+import type { HostCliClient } from "../fixtures/clients/host.ts";
+import {
+  type SandboxClient,
+  sandboxAccessEnv,
+  trustedSandboxShellScript,
+  validateSandboxName,
+} from "../fixtures/clients/sandbox.ts";
+import { expect } from "../fixtures/e2e-test.ts";
+import type { ShellProbeResult } from "../fixtures/shell-probe.ts";
+import { isNvidiaEndpointRateLimitFailure } from "./messaging-providers-helpers.ts";
+
+export const REPO_ROOT = path.resolve(import.meta.dirname, "../../..");
+export const CLI = process.env.NEMOCLAW_CLI_BIN ?? path.join(REPO_ROOT, "bin", "nemoclaw.js");
+
+export const INSTALL_TIMEOUT_MS = 45 * 60_000;
+export const COMMAND_TIMEOUT_MS = 120_000;
+
+export type AgentKind = "openclaw" | "hermes";
+
+export function stripAnsi(value: string): string {
+  return value.replace(/\u001b\[[0-9;]*m/g, "");
+}
+
+export function resultText(result: Pick<ShellProbeResult, "stdout" | "stderr">): string {
+  return [result.stdout, result.stderr].filter(Boolean).join("\n");
+}
+
+export function shellQuote(value: string): string {
+  return `'${value.replace(/'/g, `'\\''`)}'`;
+}
+
+export function base64(value: string): string {
+  return Buffer.from(value, "utf8").toString("base64");
+}
+
+export function phase6Env(options: {
+  sandboxName: string;
+  agent?: AgentKind;
+  apiKey?: string;
+  extra?: NodeJS.ProcessEnv;
+}): NodeJS.ProcessEnv {
+  validateSandboxName(options.sandboxName);
+  return {
+    ...buildAvailabilityProbeEnv(),
+    NEMOCLAW_ACCEPT_THIRD_PARTY_SOFTWARE: "1",
+    NEMOCLAW_NON_INTERACTIVE: "1",
+    NEMOCLAW_RECREATE_SANDBOX: "1",
+    NEMOCLAW_FRESH: "1",
+    NEMOCLAW_POLICY_TIER: process.env.NEMOCLAW_POLICY_TIER ?? "open",
+    NEMOCLAW_SANDBOX_NAME: options.sandboxName,
+    OPENSHELL_GATEWAY: process.env.OPENSHELL_GATEWAY ?? "nemoclaw",
+    ...(options.agent ? { NEMOCLAW_AGENT: options.agent } : {}),
+    ...(options.apiKey
+      ? { NVIDIA_INFERENCE_API_KEY: options.apiKey, NVIDIA_API_KEY: options.apiKey }
+      : {}),
+    ...options.extra,
+  };
+}
+
+export function redactionValues(apiKey: string | undefined): string[] {
+  return [apiKey].filter((value): value is string => typeof value === "string" && value.length > 0);
+}
+
+export async function bestEffort(run: () => Promise<unknown>): Promise<void> {
+  try {
+    await run();
+  } catch {
+    // Cleanup and diagnostics must not hide primary test failures.
+  }
+}
+
+export function expectExitZero(result: ShellProbeResult, label: string): void {
+  expect(result.exitCode, `${label}\n${resultText(result)}`).toBe(0);
+}
+
+export async function precleanSandbox(
+  host: HostCliClient,
+  sandboxName: string,
+  env: NodeJS.ProcessEnv,
+  redactions: string[],
+  prefix: string,
+): Promise<void> {
+  await bestEffort(() =>
+    host.command("node", [CLI, sandboxName, "destroy", "--yes"], {
+      artifactName: `${prefix}-nemoclaw-destroy`,
+      env,
+      redactionValues: redactions,
+      timeoutMs: 15 * 60_000,
+    }),
+  );
+  await bestEffort(() =>
+    host.command("openshell", ["sandbox", "delete", sandboxName], {
+      artifactName: `${prefix}-openshell-sandbox-delete`,
+      env,
+      redactionValues: redactions,
+      timeoutMs: 120_000,
+    }),
+  );
+}
+
+export async function cleanupSandbox(
+  host: HostCliClient,
+  sandboxName: string,
+  env: NodeJS.ProcessEnv,
+  redactions: string[],
+  prefix: string,
+): Promise<void> {
+  await precleanSandbox(host, sandboxName, env, redactions, prefix);
+}
+
+export async function installSandbox(
+  host: HostCliClient,
+  env: NodeJS.ProcessEnv,
+  redactions: string[],
+  artifactName: string,
+): Promise<ShellProbeResult> {
+  const result = await host.command("bash", ["install.sh", "--non-interactive"], {
+    artifactName,
+    cwd: REPO_ROOT,
+    env,
+    redactionValues: redactions,
+    timeoutMs: INSTALL_TIMEOUT_MS,
+  });
+  if (result.exitCode !== 0 && isNvidiaEndpointRateLimitFailure(resultText(result))) {
+    throw new Error(`NVIDIA_ENDPOINT_RATE_LIMIT:${artifactName}`);
+  }
+  return result;
+}
+
+export async function installSandboxOrSkipOnRateLimit(
+  host: HostCliClient,
+  env: NodeJS.ProcessEnv,
+  redactions: string[],
+  artifactName: string,
+  skip: (note?: string) => never,
+  skipMessage: string,
+): Promise<ShellProbeResult> {
+  try {
+    return await installSandbox(host, env, redactions, artifactName);
+  } catch (error) {
+    if (String(error).includes("NVIDIA_ENDPOINT_RATE_LIMIT")) {
+      skip(skipMessage);
+    }
+    throw error;
+  }
+}
+
+export async function expectSandboxReady(
+  host: HostCliClient,
+  sandboxName: string,
+  env: NodeJS.ProcessEnv,
+  redactions: string[],
+  artifactName: string,
+): Promise<void> {
+  const list = await host.command("openshell", ["sandbox", "list"], {
+    artifactName,
+    env,
+    redactionValues: redactions,
+    timeoutMs: 60_000,
+  });
+  expectExitZero(list, "openshell sandbox list");
+  const row = stripAnsi(list.stdout)
+    .split(/\r?\n/)
+    .find((line) => line.includes(sandboxName));
+  expect(row, resultText(list)).toMatch(/\bReady\b/i);
+}
+
+export async function sandboxSh(
+  sandbox: SandboxClient,
+  sandboxName: string,
+  script: string,
+  options: {
+    artifactName: string;
+    redactionValues?: string[];
+    timeoutMs?: number;
+  },
+): Promise<ShellProbeResult> {
+  return sandbox.execShell(sandboxName, trustedSandboxShellScript(script), {
+    artifactName: options.artifactName,
+    env: sandboxAccessEnv(),
+    redactionValues: options.redactionValues ?? [],
+    timeoutMs: options.timeoutMs ?? COMMAND_TIMEOUT_MS,
+  });
+}
+
+export async function dockerInfo(
+  host: HostCliClient,
+  env: NodeJS.ProcessEnv,
+): Promise<ShellProbeResult> {
+  return host.command("docker", ["info"], {
+    artifactName: "phase6-docker-info",
+    env,
+    timeoutMs: 30_000,
+  });
+}