fix(scripts): redirect all operational log messages to stderr

[latenighthackathon]

Summary

All echo statements in nemoclaw-start.sh wrote to stdout, causing gateway and security log messages to leak into application output. The Telegram bridge captures stdout, so setup messages were prepended to every chat response.

Related Issue

Closes #1064

Changes

• Redirected all [gateway] operational messages to stderr
• Redirected all [SECURITY] messages to stderr
• Redirected 'Setting up NemoClaw...' to stderr
• Only exec'd process output now appears on stdout

Type of Change

• Code change for a new feature, bug fix, or refactor.
• Code change with doc updates.
• Doc only. Prose changes without code sample modifications.
• Doc only. Includes code sample changes.

Testing

• npx prek run --all-files passes (or equivalently make check).
• npm test passes.
• make docs builds without warnings. (for doc-only changes)

Checklist

General

• I have read and followed the contributing guide.

Code Changes

• Formatters applied.
• No secrets, API keys, or credentials committed.

Summary by CodeRabbit

• Chores
  • Improved output handling for informational and diagnostic messages during startup and operation.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: a361b621-b500-4f1b-8ce5-b2f2735bda83

📥 Commits

Reviewing files that changed from the base of the PR and between 2be4ba9 and 4194688.

📒 Files selected for processing (1)

• scripts/nemoclaw-start.sh

🚧 Files skipped from review as they are similar to previous changes (1)

• scripts/nemoclaw-start.sh

---

📝 Walkthrough

Walkthrough

The scripts/nemoclaw-start.sh script was changed to send various startup, integrity, and gateway informational messages to standard error by appending >&2, preventing those messages from being captured on stdout by downstream consumers.

Changes

Cohort / File(s)	Summary
Output Redirection scripts/nemoclaw-start.sh	Converted multiple echo calls (13 lines changed) to write to stderr (>&2), covering integrity-check failures/hashes, dashboard URL, auto-pair watcher notice, "Setting up NemoClaw..." startup text, non-root privilege-separation warnings, gateway launch messages, and symlink tampering detection.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐇 I hop through logs at break of day,

Quietly I whisper, "Move away."
To stderr now your messages trot,
Out of Telegram — tucked in a spot.
Silence kept, the replies stay neat.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: redirecting operational log messages to stderr in the nemoclaw-start.sh script.
Linked Issues check	✅ Passed	The PR fully addresses issue #1064 by redirecting all operational and security messages to stderr, preventing them from leaking into stdout-captured outputs like Telegram responses.
Out of Scope Changes check	✅ Passed	All changes are scoped to redirecting messages to stderr in scripts/nemoclaw-start.sh, directly addressing the linked issue with no unrelated modifications.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}