fix(cli): add tunnel status command

[tiaz-hh]

Summary

Fixes the remaining reproducible parts of #4302. Current main already lists nemoclaw tunnel start and nemoclaw tunnel stop in top-level help; this PR adds the missing tunnel namespace help and tunnel status command.

Related Issue

Fixes #4302

Changes

• Add nemoclaw tunnel --help so the tunnel command namespace is discoverable.
• Add nemoclaw tunnel status to show the current cloudflared tunnel state.
• List nemoclaw tunnel status in top-level Services help.
• Add CLI regression coverage for tunnel namespace/status behavior.
• Replace command-registry fixed command-count assertions with behavior-oriented invariants.

Type of Change

• Code change (feature, bug fix, or refactor)
• Code change with doc updates
• Doc only (prose changes, no code sample modifications)
• Doc only (includes code sample changes)

Verification

• npx prek run --all-files passes
• npm test passes
• Tests added or updated for new or changed behavior
• No secrets, API keys, or credentials committed
• Docs updated for user-facing behavior changes
• npm run docs builds without warnings (doc changes only)
• Doc pages follow the style guide (doc changes only)
• New doc pages include SPDX header and frontmatter (new pages only)

Additional validation run:

npm run build:cli
npx vitest run test/cli.test.ts --reporter=dot
npx vitest run src/lib/cli/command-registry.test.ts src/lib/cli/public-argv-translation.test.ts --reporter=dot

Manual validation on DGX Spark:

node bin/nemoclaw.js tunnel --help
node bin/nemoclaw.js tunnel status
node bin/nemoclaw.js --help | grep -i -C 5 'tunnel status'

Observed:

COMMANDS
  tunnel start   Start the cloudflared public-URL tunnel
  tunnel status  Show cloudflared public-URL tunnel status
  tunnel stop    Stop the cloudflared public-URL tunnel

  ● cloudflared  (stopped)
      no cloudflared process; run `nemoclaw tunnel start` to start it

  Services:
    nemoclaw tunnel start                 Start the cloudflared public-URL tunnel
    nemoclaw tunnel stop                  Stop the cloudflared public-URL tunnel
    nemoclaw tunnel status                Show cloudflared public-URL tunnel status

Signed-off-by: Tian Zhang tiazhang@nvidia.com

Summary by CodeRabbit

• New Features

  • Added tunnel command with subcommands to manage Cloudflare public-URL tunnels.
  • Added tunnel status subcommand to show cloudflared tunnel status.
  • Added public display entry so tunnel status appears in command listings under Services.

• Documentation

  • Added reference docs describing tunnel status behavior and example usage.

• Tests

  • Added CLI tests for tunnel and tunnel status; updated command-listing tests to validate content-based behavior.

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 340c1725-bc31-4aae-88b8-74f043726cac

📥 Commits

Reviewing files that changed from the base of the PR and between 8fe7cb0 and 46492ce.

📒 Files selected for processing (1)

• docs/reference/commands-nemohermes.mdx

✅ Files skipped from review due to trivial changes (1)

• docs/reference/commands-nemohermes.mdx

---

📝 Walkthrough

Walkthrough

Adds a parent tunnel command and a tunnel status subcommand, registers tunnel:status in the public display layout, updates command-registry and CLI tests to validate discoverability and output, and documents the new tunnel status usage.

Changes

Tunnel Feature Implementation

Layer / File(s)	Summary
Tunnel command structure src/commands/tunnel.ts, src/commands/tunnel/status.ts	TunnelCommand parent class enables tunnel --help and subcommand routing. TunnelStatusCommand implements tunnel status and invokes showStatus() to print cloudflared tunnel status.
CLI discovery registration src/lib/cli/public-display-defaults.ts	Adds tunnel:status to PUBLIC_DISPLAY_LAYOUT under Services with order 33.5 and description "Show cloudflared public-URL tunnel status".
Command registry tests src/lib/cli/command-registry.test.ts	Replaces fixed-count assertions with content-aware checks: concatenation equality for partitions, inclusion of specific global command usages, and visible commands equality to non-hidden entries.
CLI test coverage test/cli.test.ts	Adds tests: tunnel --help lists `start
Documentation docs/reference/commands.mdx, docs/reference/commands-nemohermes.mdx	Adds nemoclaw tunnel status / nemohermes tunnel status documentation and example invocations.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I hopped through help and found a new way,
A status to show the tunnel's day.
Now public URLs won't hide or roam,
Help lights the path and guides them home.
Cheers — hop on, the CLI's in play!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix(cli): add tunnel status command' accurately summarizes the main change—adding the tunnel status subcommand to make the tunnel feature discoverable.
Linked Issues check	✅ Passed	All objectives from #4302 are met: tunnel group-level help is implemented, tunnel status subcommand is added, tunnel commands are discoverable in help, and group-level help displays subcommand index.
Out of Scope Changes check	✅ Passed	All changes are directly aligned with #4302 requirements. No unrelated modifications to unrelated features or systems are present in the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

src/lib/cli/command-registry.test.ts (1)

20-23: ⚡ Quick win

Use semantic identity for partition uniqueness, not object identity.

new Set(partitioned).size only checks object references. If command objects are cloned, this can pass while semantic duplicates slip through. Compare stable identifiers instead.

Suggested diff

-      expect(new Set(partitioned).size).toBe(COMMANDS.length);
+      expect(new Set(partitioned.map((cmd) => cmd.commandId)).size).toBe(COMMANDS.length);
+      expect(new Set(partitioned.map((cmd) => cmd.commandId))).toEqual(
+        new Set(COMMANDS.map((cmd) => cmd.commandId)),
+      );

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/cli/command-registry.test.ts` around lines 20 - 23, The test
"partitions commands into global and sandbox scopes" uses object identity to
check uniqueness; change it to assert uniqueness based on a stable semantic
identifier (e.g., command.id or command.name) instead of object references:
construct the partitioned list from globalCommands() and sandboxCommands(), then
build a Set from the chosen identifier for each command and compare its size to
COMMANDS.length so cloned objects with the same identifier are detected; update
references to partitioned, globalCommands(), sandboxCommands(), and COMMANDS
accordingly.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/lib/cli/command-registry.test.ts`:
- Around line 20-23: The test "partitions commands into global and sandbox
scopes" uses object identity to check uniqueness; change it to assert uniqueness
based on a stable semantic identifier (e.g., command.id or command.name) instead
of object references: construct the partitioned list from globalCommands() and
sandboxCommands(), then build a Set from the chosen identifier for each command
and compare its size to COMMANDS.length so cloned objects with the same
identifier are detected; update references to partitioned, globalCommands(),
sandboxCommands(), and COMMANDS accordingly.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: eec44c59-97c4-48ae-851d-3ae1a5f1daef

📥 Commits

Reviewing files that changed from the base of the PR and between d312144 and 2395b1c.

📒 Files selected for processing (5)

• src/commands/tunnel.ts
• src/commands/tunnel/status.ts
• src/lib/cli/command-registry.test.ts
• src/lib/cli/public-display-defaults.ts
• test/cli.test.ts

[coderabbitai]

🧹 Nitpick comments (1)

docs/reference/commands.mdx (1)

1026-1027: ⚡ Quick win

Describe the public URL output when cloudflared is running.

The documentation states that the output reports the cloudflared state (running/stopped/stale) and recovery hints, but omits that when cloudflared is running, the command also displays the public tunnel URL. According to the implementation (src/lib/tunnel/services.ts:423-428), when cloudflared is in the "running" state, the command prints the Public URL.

Consider adding a sentence mentioning that the public tunnel URL is displayed when cloudflared is running.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/reference/commands.mdx` around lines 1026 - 1027, Update the
docs/reference/commands.mdx description for the cloudflared public-URL tunnel
status to explicitly state that when cloudflared is in the "running" state the
command also displays the public tunnel URL (matching the behavior implemented
in src/lib/tunnel/services.ts around the public URL printing logic). Add a short
sentence after the existing state/recovery hint description that the command
prints the public tunnel URL when cloudflared is running.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@docs/reference/commands.mdx`:
- Around line 1026-1027: Update the docs/reference/commands.mdx description for
the cloudflared public-URL tunnel status to explicitly state that when
cloudflared is in the "running" state the command also displays the public
tunnel URL (matching the behavior implemented in src/lib/tunnel/services.ts
around the public URL printing logic). Add a short sentence after the existing
state/recovery hint description that the command prints the public tunnel URL
when cloudflared is running.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 708f8742-f85d-4050-99b7-d0c2a72cf865

📥 Commits

Reviewing files that changed from the base of the PR and between 2395b1c and a345e27.

📒 Files selected for processing (6)

• docs/reference/commands.mdx
• src/commands/tunnel.ts
• src/commands/tunnel/status.ts
• src/lib/cli/command-registry.test.ts
• src/lib/cli/public-display-defaults.ts
• test/cli.test.ts

🚧 Files skipped from review as they are similar to previous changes (5)

• src/commands/tunnel/status.ts
• src/commands/tunnel.ts
• src/lib/cli/public-display-defaults.ts
• src/lib/cli/command-registry.test.ts
• test/cli.test.ts

[wscurran]

✨
Related open issues:

• #4302 [Ubuntu 24.04][CLI&UX] nemoclaw v0.0.52 tunnel start/stop hidden from help; no tunnel status subcommand