refactor(cli): preserve display registry and drop test bridges

[cv]

Summary

Keeps the public sandbox-first display mapping centralized in public-display-defaults.ts after the previous CLI adapter cleanup. It also removes remaining mutation/log bridge helpers, trims legacy argv parser tests, and renames the direct oclif command-id runner so it no longer reads like legacy compatibility code.

Changes

• Revert the command-local publicDisplay move so public UX mappings remain centralized in src/lib/cli/public-display-defaults.ts.
• Call policy, channel, host-alias, and sandbox-log actions directly from oclif command adapters instead of routing through runtime bridge helpers.
• Replace remaining host alias CLI-shaped arrays with typed action options.
• Remove now-unused bridge factories from policy, channel, host alias, and logs command support/test paths.
• Trim policy option parser tests to the typed options path used by the current command adapters.
• Rename the oclif command-id runner from compatibility terminology to direct command-id execution.

Type of Change

• Code change (feature, bug fix, or refactor)
• Code change with doc updates
• Doc only (prose changes, no code sample modifications)
• Doc only (includes code sample changes)

Verification

• npx prek run --all-files passes
• npm test passes
• Tests added or updated for new or changed behavior
• No secrets, API keys, or credentials committed
• Docs updated for user-facing behavior changes
• make docs builds without warnings (doc changes only)
• Doc pages follow the style guide (doc changes only)
• New doc pages include SPDX header and frontmatter (new pages only)

---

Signed-off-by: Carlos Villela cvillela@nvidia.com

Summary by CodeRabbit

Release Notes

• Refactor

  • Restructured command architecture for improved maintainability and cleaner internal organization.
  • Centralized CLI display metadata for consistent command documentation.

• Tests

  • Updated test suite to use direct module mocking, improving test reliability and clarity.

• Chores

  • Reorganized command support modules for better code organization.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 37e26f37-30a9-44e5-9166-a73d62b3a92c

📥 Commits

Reviewing files that changed from the base of the PR and between c1d9f3c and afcdfef.

📒 Files selected for processing (12)

• src/commands/sandbox/hosts/add.ts
• src/commands/sandbox/hosts/list.ts
• src/commands/sandbox/hosts/remove.ts
• src/commands/sandbox/logs.test.ts
• src/commands/sandbox/logs.ts
• src/lib/actions/sandbox/host-aliases.ts
• src/lib/cli/command-registry.ts
• src/lib/cli/oclif-runner.test.ts
• src/lib/cli/oclif-runner.ts
• src/lib/cli/public-dispatch.ts
• src/lib/sandbox/hosts-command-support.ts
• test/cli-oclif-compatibility.test.ts

💤 Files with no reviewable changes (1)

• src/lib/sandbox/hosts-command-support.ts

✅ Files skipped from review due to trivial changes (1)

• src/lib/cli/command-registry.ts

---

📝 Walkthrough

Walkthrough

Removes runtime-bridge indirection from sandbox CLI commands, centralizes public display metadata in PUBLIC_DISPLAY_LAYOUT, converts several action helpers to options-based signatures, updates commands to call action functions directly, and refactors related tests to use Vitest module mocks.

Changes

Runtime bridge removal and centralized display

Layer / File(s)	Summary
Centralized CLI display metadata src/lib/cli/public-display-defaults.ts	Added PUBLIC_DISPLAY_LAYOUT entries for messaging channels, policy presets, skills, and snapshots to centralize per-command display metadata.
Policy domain type and parser updates src/lib/domain/policy-channel.ts, src/lib/domain/policy-channel.test.ts	Renamed PolicyAddArgs → ParsedPolicyAddOptions, removed array-arg parsing helpers, and updated parsePolicyAddOptions to return the options-based ParsedPolicyAddOptions; tests updated for new validations and flags.
Support module bridge cleanup src/lib/sandbox/channels-command-support.ts, src/lib/sandbox/policy-command-support.ts, src/lib/sandbox/hosts-command-support.ts	Removed runtime bridge factories/accessors and related helpers; modules now only export CLI arg/flag wiring and option converters.
Channels command refactoring src/commands/sandbox/channels/*	Refactored add/list/remove/start/stop commands to import and call action helpers (addSandboxChannel, listSandboxChannels, removeSandboxChannel, startSandboxChannel, stopSandboxChannel) directly; removed per-command publicDisplay metadata.
Policy command refactoring src/commands/sandbox/policy/*	Refactored add/list/remove policy commands to call addSandboxPolicy/removeSandboxPolicy/listSandboxPolicies directly and removed publicDisplay.
Skill and snapshot command cleanup src/commands/sandbox/skill/install.ts, src/commands/sandbox/snapshot/*	Removed unused PublicCommandDisplayEntry imports and static publicDisplay blocks; runtime behavior unchanged.
Host-alias actions and hosts commands src/lib/actions/sandbox/host-aliases.ts, src/commands/sandbox/hosts/*	Converted host-alias actions to accept option objects and updated hosts commands to call addSandboxHostAlias, listSandboxHostAliases, and removeSandboxHostAlias with typed option objects.
Logs command and tests src/commands/sandbox/logs.ts, src/commands/sandbox/logs.test.ts	Logs command now calls showSandboxLogs directly; tests refactored to use hoisted Vitest mocks and clear mocks in beforeEach.
Command test refactoring to use mocks src/commands/sandbox/channels/mutate.test.ts, src/commands/sandbox/policy/mutate.test.ts	Replaced runtime-bridge injection tests with hoisted module mocks (vi.mock/vi.hoisted) and assertions against mocked action helpers; added beforeEach to clear mocks.
Oclif runner and public dispatch changes src/lib/cli/oclif-runner.ts, src/lib/cli/public-dispatch.ts, tests	Renamed compatibility helper to runOclifCommandById, added runDirectOclifCommand wrapper, updated public dispatch to use direct command-id execution for selected globals, and updated tests to use the native runner.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• NVIDIA/NemoClaw#3833: Similar sandbox channel/policy command refactors and tests moving toward typed action helpers and options.
• NVIDIA/NemoClaw#3611: Related changes touching sandbox command entrypoints and command base adjustments.
• NVIDIA/NemoClaw#3599: Adjacent work around oclif-runner/dispatch behavior and native runner tests.

Suggested labels

refactor, NemoClaw CLI, v0.0.46

Suggested reviewers

• jyaunches
• cjagwani
• ericksoa

Poem

🐰 I hopped through bridges, tidy and spry,
Replaced old paths with a clearer sky.
Commands now call helpers, neat and spry,
Tests learned to mock — and CI said "hi".
Small changes, big smiles — a rabbit's soft sigh.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 20.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main refactoring effort: removing runtime bridge patterns and preserving/restoring the centralized display registry across multiple CLI commands.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch refactor/cli-mutation-bridges

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint skipped: no ESLint configuration detected in root package.json. To enable, add eslint to devDependencies.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

E2E Advisor Recommendation

Required E2E: sandbox-operations-e2e, network-policy-e2e, channels-stop-start-e2e, snapshot-commands-e2e, skill-agent-e2e
Optional E2E: docs-validation-e2e, messaging-providers-e2e

Dispatch hint: sandbox-operations-e2e,network-policy-e2e,channels-stop-start-e2e,snapshot-commands-e2e,skill-agent-e2e

Auto-dispatched E2E: sandbox-operations-e2e, network-policy-e2e, channels-stop-start-e2e, snapshot-commands-e2e, skill-agent-e2e via nightly-e2e.yaml at f804f777a8ae143118d271c7c4fe16a82e816065 — nightly run

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

• sandbox-operations-e2e (high): Validates the public CLI against live sandbox list/status/logs/connect/destroy/recovery flows, covering the changed public dispatch and logs command behavior.
• network-policy-e2e (medium): Required because policy add/remove/list and policy option parsing changed; this job exercises live policy-add, dry-run behavior, hot reload, and security boundary enforcement.
• channels-stop-start-e2e (high): Required because channels add/remove/start/stop command dispatch changed; this job validates channel lifecycle, rebuilds, registry state, disabledChannels, and channel policy cleanup on live OpenClaw/Hermes sandboxes.
• snapshot-commands-e2e (medium): Required because snapshot create/list/restore command files changed; this validates live snapshot lifecycle and restored workspace state.
• skill-agent-e2e (medium): Required because the sandbox skill install command changed and this is a real assistant user flow that verifies skill deployment through the CLI and agent behavior.

Optional E2E

• docs-validation-e2e (low): Useful for confidence in the command metadata/public-display-defaults migration because it compares CLI help output against docs, but it is not a runtime sandbox/security flow.
• messaging-providers-e2e (high): Additional confidence for messaging credential provider and policy interactions adjacent to the changed channels commands; channels-stop-start-e2e is the more direct required coverage.

New E2E recommendations

• host aliases (high): The PR changes sandbox hosts add/list/remove and the underlying typed host-alias action API, but existing E2E inventory did not show a job that exercises host alias mutation in a live sandbox pod template.
  • Suggested test: Add a hosts-aliases-e2e job that onboards a sandbox, runs nemoclaw <name> hosts add <hostname> <ip> --dry-run, applies add/list/remove, verifies the Sandbox resource spec.podTemplate.spec.hostAliases, confirms hostname resolution from inside the sandbox, and verifies remove cleans up without rebuilding unrelated state.

Dispatch hint

• Workflow: E2E / Nightly
• jobs input: sandbox-operations-e2e,network-policy-e2e,channels-stop-start-e2e,snapshot-commands-e2e,skill-agent-e2e

[copy-pr-bot]

Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually.

Contributors can view more details about this message here.

[coderabbitai]

🧹 Nitpick comments (1)

src/commands/sandbox/channels/stop.ts (1)

23-26: Run the channel stop/start lifecycle E2E before merge.

This refactor touches the command path that influences disabled-channel persistence and credential reattachment across rebuild, so run channels-stop-start-e2e on this branch.

As per coding guidelines: src/commands/sandbox/channels/** changes affect stop/start persistence across rebuild and recommend channels-stop-start-e2e.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/commands/sandbox/channels/stop.ts` around lines 23 - 26, This change
touches the sandbox channel stop/start path (ChannelsStopCommand ->
stopSandboxChannel with channelMutationOptions) which can affect
disabled-channel persistence and credential reattachment across rebuilds; before
merging, run the channels-stop-start-e2e suite (locally and/or in CI) against
this branch, verify the test passes, inspect and fix any failures related to
disabled-channel persistence or credential reattachment during rebuilds, then
re-run the e2e until green and include test results with the PR.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/commands/sandbox/channels/stop.ts`:
- Around line 23-26: This change touches the sandbox channel stop/start path
(ChannelsStopCommand -> stopSandboxChannel with channelMutationOptions) which
can affect disabled-channel persistence and credential reattachment across
rebuilds; before merging, run the channels-stop-start-e2e suite (locally and/or
in CI) against this branch, verify the test passes, inspect and fix any failures
related to disabled-channel persistence or credential reattachment during
rebuilds, then re-run the e2e until green and include test results with the PR.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: f19c7c01-a410-4928-9e16-3add9d13a0b2

📥 Commits

Reviewing files that changed from the base of the PR and between 9e00c58 and c1d9f3c.

📒 Files selected for processing (19)

• src/commands/sandbox/channels/add.ts
• src/commands/sandbox/channels/list.ts
• src/commands/sandbox/channels/mutate.test.ts
• src/commands/sandbox/channels/remove.ts
• src/commands/sandbox/channels/start.ts
• src/commands/sandbox/channels/stop.ts
• src/commands/sandbox/policy/add.ts
• src/commands/sandbox/policy/list.ts
• src/commands/sandbox/policy/mutate.test.ts
• src/commands/sandbox/policy/remove.ts
• src/commands/sandbox/skill/install.ts
• src/commands/sandbox/snapshot/create.ts
• src/commands/sandbox/snapshot/list.ts
• src/commands/sandbox/snapshot/restore.ts
• src/lib/cli/public-display-defaults.ts
• src/lib/domain/policy-channel.test.ts
• src/lib/domain/policy-channel.ts
• src/lib/sandbox/channels-command-support.ts
• src/lib/sandbox/policy-command-support.ts

💤 Files with no reviewable changes (8)

• src/commands/sandbox/channels/list.ts
• src/commands/sandbox/policy/list.ts
• src/commands/sandbox/skill/install.ts
• src/commands/sandbox/snapshot/list.ts
• src/lib/sandbox/policy-command-support.ts
• src/commands/sandbox/snapshot/create.ts
• src/commands/sandbox/snapshot/restore.ts
• src/lib/sandbox/channels-command-support.ts

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26131087607
Target ref: c1d9f3c6facd3fd5a674523044dd19f0d0ef45db
Workflow ref: main
Requested jobs: channels-stop-start-e2e,network-policy-e2e
Summary: 1 passed, 0 failed, 0 skipped

Job	Result
channels-stop-start-e2e	⚠️ cancelled
network-policy-e2e	✅ success

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 26132321509
Target ref: afcdfef19943485f8a1a0c1906850227bf49075b
Workflow ref: main
Requested jobs: channels-stop-start-e2e,network-policy-e2e,sandbox-operations-e2e,snapshot-commands-e2e
Summary: 3 passed, 1 failed, 0 skipped

Job	Result
channels-stop-start-e2e	❌ failure
network-policy-e2e	✅ success
sandbox-operations-e2e	✅ success
snapshot-commands-e2e	✅ success

Failed jobs: channels-stop-start-e2e. Check run artifacts for logs.

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26133966852
Target ref: fc3ff9b6f05093b262e94ddf69798acccc7a9792
Workflow ref: main
Requested jobs: channels-stop-start-e2e,network-policy-e2e,sandbox-operations-e2e,snapshot-commands-e2e,skill-agent-e2e
Summary: 4 passed, 0 failed, 0 skipped

Job	Result
channels-stop-start-e2e	⚠️ cancelled
network-policy-e2e	✅ success
sandbox-operations-e2e	✅ success
skill-agent-e2e	✅ success
snapshot-commands-e2e	✅ success

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 26134670231
Target ref: a6721c89457eafda2f7beca1bc4a63a1f88a0eb7
Workflow ref: main
Requested jobs: sandbox-operations-e2e,network-policy-e2e,channels-stop-start-e2e,snapshot-commands-e2e,skill-agent-e2e
Summary: 1 passed, 2 failed, 0 skipped

Job	Result
channels-stop-start-e2e	❌ failure
network-policy-e2e	⚠️ cancelled
sandbox-operations-e2e	⚠️ cancelled
skill-agent-e2e	✅ success
snapshot-commands-e2e	❌ failure

Failed jobs: channels-stop-start-e2e, snapshot-commands-e2e. Check run artifacts for logs.

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 26135123825
Target ref: 3cb4c9bf3360220d93e1fc90401485d4b2332f8a
Workflow ref: main
Requested jobs: channels-stop-start-e2e,network-policy-e2e,sandbox-operations-e2e,snapshot-commands-e2e
Summary: 2 passed, 2 failed, 0 skipped

Job	Result
channels-stop-start-e2e	❌ failure
network-policy-e2e	✅ success
sandbox-operations-e2e	✅ success
snapshot-commands-e2e	❌ failure

Failed jobs: channels-stop-start-e2e, snapshot-commands-e2e. Check run artifacts for logs.

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 26147832984
Target ref: f804f777a8ae143118d271c7c4fe16a82e816065
Workflow ref: main
Requested jobs: sandbox-operations-e2e,network-policy-e2e,channels-stop-start-e2e,snapshot-commands-e2e,skill-agent-e2e
Summary: 4 passed, 1 failed, 0 skipped

Job	Result
channels-stop-start-e2e	❌ failure
network-policy-e2e	✅ success
sandbox-operations-e2e	✅ success
skill-agent-e2e	✅ success
snapshot-commands-e2e	✅ success

Failed jobs: channels-stop-start-e2e. Check run artifacts for logs.

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26147832984
Target ref: f804f777a8ae143118d271c7c4fe16a82e816065
Workflow ref: main
Requested jobs: sandbox-operations-e2e,network-policy-e2e,channels-stop-start-e2e,snapshot-commands-e2e,skill-agent-e2e
Summary: 5 passed, 0 failed, 0 skipped

Job	Result
channels-stop-start-e2e	✅ success
network-policy-e2e	✅ success
sandbox-operations-e2e	✅ success
skill-agent-e2e	✅ success
snapshot-commands-e2e	✅ success