Description
[Description]
The checkMessagingBridgeHealth() function in nemoclaw.ts calls openshell sandbox exec <sandboxName> sh -c <script> with the sandbox name as a positional argument. However, openshell sandbox exec requires the --name/-n flag for the sandbox name. The positional name is interpreted as the command to execute, causing exit code 127. The catch block silently swallows this error, so the "degraded" warning for Telegram 409 conflicts is never shown in nemoclaw <sandbox> status output.
[Environment]
Device: Ubuntu 22.04.5 LTS
Node.js: v22.22.2
npm: 10.9.7
Docker: Docker version 28.2.2, build 28.2.2-0ubuntu1~22.04.1
OpenShell CLI: openshell 0.0.26
NemoClaw: nemoclaw v0.0.18
OpenClaw: OpenClaw 2026.4.2 (d74a122)
[Steps to Reproduce]
- Have a sandbox with Telegram enabled and messagingChannels: ["telegram"] in registry
- Start a competing Telegram consumer to generate 409 errors:
TOKEN=$(python3 -c "import json; print(json.load(open('$HOME/.nemoclaw/credentials.json'))['TELEGRAM_BOT_TOKEN'])")
while true; do curl -s "https://api.telegram.org/bot${TOKEN}/getUpdates?timeout=30&offset=-1" > /dev/null; sleep 2; done &
- Wait 60 seconds for 409 errors to accumulate in /tmp/gateway.log
- Verify errors exist: openshell sandbox exec -n -- sh -c 'tail -n 200 /tmp/gateway.log | grep -cE "getUpdates conflict|409[[:space:]:]+Conflict"'
→ Returns 32+ (errors present)
- Run: nemoclaw status
- Observe: no degraded warning appears despite 409 errors in log
[Expected Result]
Status output should include:
⚠ telegram bridge: degraded (32 conflict errors in /tmp/gateway.log)
Another sandbox is likely polling with the same bot token. See docs/reference/troubleshooting.md.
[Actual Result]
Status output shows normal sandbox info with no degraded warning. The health check
silently fails and returns an empty array.
Manual reproduction of the bug:
$ openshell sandbox exec tele-brev sh -c 'echo hello'
→ Exit code 127: /bin/bash: line 1: tele-brev: command not found
$ openshell sandbox exec -n tele-brev -- sh -c 'echo hello'
→ hello (works correctly with -n flag)
[Root Cause Analysis]
-
File: /home/ubuntu/.nemoclaw/source/src/nemoclaw.ts:1046-1049
-
Code:
const result = spawnSync(
getOpenshellBinary(),
["sandbox", "exec", sandboxName, "sh", "-c", script],
{ encoding: "utf-8", timeout: 3000, stdio: ["ignore", "pipe", "pipe"] },
);
-
Why: The arguments array passes sandboxName as the 3rd positional element after
"sandbox" and "exec". The openshell sandbox exec command expects:
openshell sandbox exec --name -- ...
or:
openshell sandbox exec -n -- ...
Without the --name flag, sandboxName is parsed as the first word of the command
to execute inside the sandbox. This causes /bin/bash: tele-brev: command not found.
Note: openshell sandbox connect accepts positional [NAME] (line 1161 works fine),
but openshell sandbox exec does NOT — this is an inconsistency in the openshell CLI
argument parsing between subcommands.
-
Suggested fix: Change line 1048 from:
["sandbox", "exec", sandboxName, "sh", "-c", script],
to:
["sandbox", "exec", "-n", sandboxName, "--", "sh", "-c", script],
Bug Details
| Field |
Value |
| Priority |
Unprioritized |
| Action |
Dev - Open - To fix |
| Disposition |
Open issue |
| Module |
Machine Learning - NemoClaw |
| Keyword |
NemoClaw, NemoClaw_Agent&Skills, NEMOCLAW_GH_SYNC_APPROVAL |
[NVB# 6089914]
Description
[Description]
The checkMessagingBridgeHealth() function in nemoclaw.ts calls
openshell sandbox exec <sandboxName> sh -c <script>with the sandbox name as a positional argument. However,openshell sandbox execrequires the--name/-nflag for the sandbox name. The positional name is interpreted as the command to execute, causing exit code 127. The catch block silently swallows this error, so the "degraded" warning for Telegram 409 conflicts is never shown innemoclaw <sandbox> statusoutput.[Environment]
Device: Ubuntu 22.04.5 LTS
Node.js: v22.22.2
npm: 10.9.7
Docker: Docker version 28.2.2, build 28.2.2-0ubuntu1~22.04.1
OpenShell CLI: openshell 0.0.26
NemoClaw: nemoclaw v0.0.18
OpenClaw: OpenClaw 2026.4.2 (d74a122)
[Steps to Reproduce]
TOKEN=$(python3 -c "import json; print(json.load(open('$HOME/.nemoclaw/credentials.json'))['TELEGRAM_BOT_TOKEN'])")
while true; do curl -s "https://api.telegram.org/bot${TOKEN}/getUpdates?timeout=30&offset=-1" > /dev/null; sleep 2; done &
→ Returns 32+ (errors present)
[Expected Result]
Status output should include:
⚠ telegram bridge: degraded (32 conflict errors in /tmp/gateway.log)
Another sandbox is likely polling with the same bot token. See docs/reference/troubleshooting.md.
[Actual Result]
Status output shows normal sandbox info with no degraded warning. The health check
silently fails and returns an empty array.
Manual reproduction of the bug:
$ openshell sandbox exec tele-brev sh -c 'echo hello'
→ Exit code 127: /bin/bash: line 1: tele-brev: command not found
$ openshell sandbox exec -n tele-brev -- sh -c 'echo hello'
→ hello (works correctly with -n flag)
[Root Cause Analysis]
File: /home/ubuntu/.nemoclaw/source/src/nemoclaw.ts:1046-1049
Code:
const result = spawnSync(
getOpenshellBinary(),
["sandbox", "exec", sandboxName, "sh", "-c", script],
{ encoding: "utf-8", timeout: 3000, stdio: ["ignore", "pipe", "pipe"] },
);
Why: The arguments array passes
sandboxNameas the 3rd positional element after"sandbox" and "exec". The
openshell sandbox execcommand expects:openshell sandbox exec --name -- ...
or:
openshell sandbox exec -n -- ...
Without the --name flag,
sandboxNameis parsed as the first word of the commandto execute inside the sandbox. This causes
/bin/bash: tele-brev: command not found.Note:
openshell sandbox connectaccepts positional[NAME](line 1161 works fine),but
openshell sandbox execdoes NOT — this is an inconsistency in the openshell CLIargument parsing between subcommands.
Suggested fix: Change line 1048 from:
["sandbox", "exec", sandboxName, "sh", "-c", script],
to:
["sandbox", "exec", "-n", sandboxName, "--", "sh", "-c", script],
Bug Details
[NVB# 6089914]