fix(scripts): redirect all operational log messages to stderr

[latenighthackathon]

Summary

All echo statements in nemoclaw-start.sh wrote to stdout, causing gateway and security log messages to leak into application output. The Telegram bridge captures stdout, so setup messages were prepended to every chat response.

Related Issue

Closes #1064

Changes

• Redirected all [gateway] operational messages to stderr
• Redirected all [SECURITY] messages to stderr
• Redirected 'Setting up NemoClaw...' to stderr
• Only exec'd process output now appears on stdout

Type of Change

• Code change for a new feature, bug fix, or refactor.
• Code change with doc updates.
• Doc only. Prose changes without code sample modifications.
• Doc only. Includes code sample changes.

Testing

• npx prek run --all-files passes (or equivalently make check).
• npm test passes.
• make docs builds without warnings. (for doc-only changes)

Checklist

General

• I have read and followed the contributing guide.

Code Changes

• Formatters applied.
• No secrets, API keys, or credentials committed.

Summary by CodeRabbit

• Chores
  • Redirected startup, status, and diagnostic/security messages to stderr so they no longer mix with normal program output. This improves clarity for users and tooling, and prevents informational/diagnostic text from interfering with piped or machine-readable output.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 42a6c9cc-b12a-4821-b5b7-a553523e729f

📥 Commits

Reviewing files that changed from the base of the PR and between 4194688 and 485223e.

📒 Files selected for processing (1)

• scripts/nemoclaw-start.sh

✅ Files skipped from review due to trivial changes (1)

• scripts/nemoclaw-start.sh

---

📝 Walkthrough

Walkthrough

The scripts/nemoclaw-start.sh script was updated to redirect various startup, integrity, and informational echo messages from stdout to stderr by appending >&2, leaving control flow and verification logic unchanged.

Changes

Cohort / File(s)

Summary

Output Redirection scripts/nemoclaw-start.sh

Redirected multiple echo statements (13 lines changed) to stderr (>&2): integrity-check messages (missing hash, SHA256 mismatch), gateway/dashboard URL prints, auto-pair watcher launch notice, "Setting up NemoClaw..." startup text, non-root privilege-separation warning and its integrity-check failure, gateway launch notifications for non-root and root/gosu paths, and symlink tampering detection output.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐇 I hop through logs at break of day,

Softly I move the noise away.
Now status shouts go to stderr's den,
Telegram stays tidy — quiet again.
A little hop, and peace returns.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: redirecting operational log messages to stderr, which directly addresses the core issue.
Linked Issues check	✅ Passed	The pull request fully addresses issue #1064 by redirecting all operational/startup messages (including the privilege separation warning and security/gateway notifications) to stderr, preventing stdout pollution.
Out of Scope Changes check	✅ Passed	All changes are scoped to the stated objective: only stderr redirections (>&2) were added to operational messages in scripts/nemoclaw-start.sh with no functional logic changes.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[wscurran]

✨ Thanks for submitting this PR with a detailed summary, it addresses a bug with operational log messages and proposes a fix to improve the user experience of NemoClaw.