fix(cli): add --json flag to per-sandbox status command

[laitingsheng]

Summary

nemoclaw <name> status now accepts --json and emits a structured per-sandbox report, mirroring what the global nemoclaw status --json (added in #2790 / #2822) already exposes. Automation can read hostGpuDetected, sandboxGpuEnabled, sandboxGpuMode, sandboxGpuDevice, openshellDriver, and openshellVersion for a specific sandbox without scraping the text renderer.

Related Issue

Fixes #4310. Enhances #2790 (resolved by #2822) by extending the JSON renderer to the per-sandbox status variant.

Changes

• src/commands/sandbox/status.ts opts into static enableJsonFlag = true, updates the usage/examples to advertise --json, and branches on this.jsonEnabled() so the existing text path is unchanged.
• New getSandboxStatusReport(sandboxName) in src/lib/actions/sandbox/status.ts returns a SandboxStatusReport: schemaVersion, name, found, model, provider, phase, gatewayState, inferenceHealth, hostGpuDetected, sandboxGpuEnabled, sandboxGpuMode, sandboxGpuDevice, openshellDriver, openshellVersion, policies. openshellDriver and openshellVersion are normalised to the string "unknown" when missing so consumers can rely on typeof checks.
• The JSON path sets process.exitCode = 1 when the sandbox is missing locally or the gateway state is not present, so scripts can distinguish "ready" from "drift/unreachable" without parsing the body.
• test/cli.test.ts covers the populated JSON shape, the "unknown" string fallback for openshellDriver / openshellVersion, the protobuf-mismatch path (asserts exit code 1, rpcIssue = { kind: "protobuf_mismatch" }, inferenceHealth = null, and model / provider = "unknown"), and the --help advertising --json.
• collectSandboxStatusSnapshot is shared by showSandboxStatus and getSandboxStatusReport; it fail-closes on detectOpenShellStateRpcResultIssue so the JSON path no longer emits inferred model / provider / inferenceHealth alongside an rpcIssue. The host-side gateway-chain subprobe is appended in the collector so both text and JSON paths surface it.
• docs/reference/commands.mdx documents the --json flag in the per-sandbox status section (fields, fallback, exit-code contract) so the CLI/docs parity check stays green.

Type of Change

• Code change (feature, bug fix, or refactor)
• Code change with doc updates
• Doc only (prose changes, no code sample modifications)
• Doc only (includes code sample changes)

Verification

• npx prek run --all-files passes
• npm test passes
• Tests added or updated for new or changed behavior
• No secrets, API keys, or credentials committed
• Docs updated for user-facing behavior changes
• npm run docs builds without warnings (doc changes only)
• Doc pages follow the style guide (doc changes only)
• New doc pages include SPDX header and frontmatter (new pages only)

---

Signed-off-by: Tinson Lai tinsonl@nvidia.com

Summary by CodeRabbit

• New Features

  • sandbox status gains a --json mode that emits a structured per-sandbox JSON report (gateway state, inference health, GPU details, policies, model/provider, OpenShell driver/version).

• Behavior

  • openshellDriver/openshellVersion default to "unknown" when unset.
  • --json returns structured data and sets non‑zero exit codes for missing sandbox, non‑present gateway, or RPC/schema issues; text output unchanged without --json.

• Tests

  • Added coverage for JSON output, defaults, RPC issue handling, exit codes, and help text.

• Documentation

  • Command docs updated with --json behavior, fields, exit conditions, and examples.

[github-actions]

E2E Advisor Recommendation

Required E2E: sandbox-operations-e2e
Optional E2E: diagnostics-e2e, inference-routing-e2e, docs-validation-e2e

Dispatch hint: sandbox-operations-e2e

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

• sandbox-operations-e2e (high): Required because this PR changes the core sandbox status command used in live sandbox operations. This existing E2E creates/manages real sandboxes and includes the sandbox operations validation path that checks nemoclaw list and nemoclaw <sandbox> status against a running sandbox, catching regressions in the refactored text status path and gateway/sandbox lookup behavior.

Optional E2E

• diagnostics-e2e (medium): Useful adjacent coverage because diagnostics validates host-side nemoclaw <sandbox> status output includes model/provider information in a live onboarded environment. This can catch regressions in status snapshot model/provider resolution, but it is not as directly targeted as sandbox-operations-e2e.
• inference-routing-e2e (medium): Optional confidence for the inference-health side of the JSON report. The changed status snapshot calls provider health probes and exposes inference health; inference-routing-e2e exercises provider routing and health/error-classification behavior, but the PR does not directly change route configuration.
• docs-validation-e2e (low): Optional validation for the updated command reference and command metadata. PR-level docs/CLI parity should already cover much of this, but this E2E can provide extra confidence that installed CLI docs validation still passes.

New E2E recommendations

• sandbox status JSON live contract (high): Existing E2E coverage appears to exercise text nemoclaw <sandbox> status, not the new --json machine-readable contract against a live sandbox. Add a focused E2E validation step that runs nemoclaw <sandbox> status --json and nemoclaw sandbox status <sandbox> --json, parses JSON, asserts schemaVersion, found:true, gatewayState:present, model/provider fields, string openshellDriver/openshellVersion, no text renderer output, and expected exit codes.
  • Suggested test: Extend sandbox-operations-e2e with a new validation step such as test/e2e/validation_suites/sandbox/operations/02-status-json.sh, or add equivalent assertions to test/e2e/test-sandbox-operations.sh.
• status JSON missing-sandbox automation contract (medium): The documented canonical form should emit JSON with found:false and exit non-zero for an unknown sandbox. Unit tests cover this with mocked OpenShell, but no live/installed CLI E2E appears to verify the automation contract after install.
  • Suggested test: Add a sandbox-operations E2E assertion for nemoclaw sandbox status definitely-missing --json that checks parseable JSON, found:false, gatewayState != "present", and exit code 1.
• status JSON redaction boundary (high): The change explicitly routes JSON through centralized redaction to prevent token-shaped values in inferenceHealth endpoint/detail/subprobes. Existing credential-sanitization E2E does not appear to target status JSON output.
  • Suggested test: Add an E2E or regression script that configures a mock/local provider health failure containing token-shaped strings and asserts nemoclaw <sandbox> status --json redacts them before output.

Dispatch hint

• Workflow: E2E / Nightly
• jobs input: sandbox-operations-e2e

[github-actions]

E2E Scenario Advisor Recommendation

Required scenario E2E: ubuntu-repo-cloud-openclaw
Optional scenario E2E: ubuntu-repo-cloud-hermes, brev-launchable-cloud-openclaw

Dispatch required scenario E2E:

• gh workflow run e2e-scenarios.yaml --ref <pr-head-ref> --field scenarios=ubuntu-repo-cloud-openclaw

Workflow run

Full scenario advisor summary

E2E Scenario Advisor

Base: origin/main
Head: HEAD
Confidence: medium

Required scenario E2E

• ubuntu-repo-cloud-openclaw: The PR changes the sandbox status command/action implementation. The ubuntu repo cloud OpenClaw scenario is the smallest standard scenario that exercises nemoclaw <sandbox> status through the baseline-onboarding suite against a real onboarded sandbox.
  • Dispatch: gh workflow run e2e-scenarios.yaml --ref <pr-head-ref> --field scenarios=ubuntu-repo-cloud-openclaw

Optional scenario E2E

• ubuntu-repo-cloud-hermes: Optional adjacent coverage for the same sandbox status path with a Hermes-agent sandbox, including the Hermes-specific status-side setup path.
  • Dispatch: gh workflow run e2e-scenarios.yaml --ref <pr-head-ref> --field scenarios=ubuntu-repo-cloud-hermes
• brev-launchable-cloud-openclaw: Optional remote/launchable coverage for the same sandbox status behavior in the Brev launchable scenario; kept optional because it uses special remote provisioning and is not the primary path.
  • Dispatch: gh workflow run e2e-scenarios.yaml --ref <pr-head-ref> --field scenarios=brev-launchable-cloud-openclaw

Relevant changed files

• src/commands/sandbox/status.ts
• src/lib/actions/sandbox/status.ts

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: c3b384f1-9dd2-4aad-8275-adcc7b6d739d

📥 Commits

Reviewing files that changed from the base of the PR and between 70b3e6c and 3bc6eb5.

📒 Files selected for processing (2)

• src/commands/sandbox/status.ts
• test/cli.test.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• src/commands/sandbox/status.ts

---

📝 Walkthrough

Walkthrough

Adds structured JSON output to per-sandbox nemoclaw <name> status: a SandboxStatusReport and getSandboxStatusReport() that collect gateway/inference/runtime metadata; CLI wiring to enable --json and return the report with exit-code semantics; tests for JSON shape and failure cases; and docs updated to document --json behavior.

Changes

Per-sandbox status JSON output support

Layer / File(s)	Summary
Status report contract & snapshot collection src/lib/actions/sandbox/status.ts	Adds SandboxStatusReport, collectSandboxStatusSnapshot, and getSandboxStatusReport() to reconcile gateway state, optionally probe OpenShell inference, compute inferenceHealth (with gateway-chain subprobe), normalize GPU/policy fields, and provide safe fallbacks when probes fail.
Refactor showSandboxStatus to use snapshot collector src/lib/actions/sandbox/status.ts	Refactors showSandboxStatus to call the snapshot collector and preserve previous text-render behavior while relying on snapshot fallbacks for gateway/rpc issues.
CLI command JSON flag and output handling src/commands/sandbox/status.ts	SandboxStatusCommand enables static enableJsonFlag = true, updates usage/examples to include --json, changes run() to return Promise<unknown>, calls getSandboxStatusReport() when JSON enabled, sets process.exitCode = 1 for missing sandbox/non-present gateway/rpcIssue, and returns the report (redacted) for JSON emission.
Tests: JSON output, fallbacks, and help test/cli.test.ts	Adds tests that assert sandbox status --json emits required fields (found, model/provider, GPU fields, openshellDriver/version, policies, rpcIssue, phase/inferenceHealth/gatewayState), that openshell fields default to "unknown", that protobuf rpcIssue causes exit code 1 and inferenceHealth null, and that --help advertises --json and updated usage.
Docs: command reference update docs/reference/commands.mdx	Updates the nemoclaw <name> status docs to describe --json structured output, list included fields, guarantee string fallbacks for openshellDriver/openshellVersion, enumerate non-zero exit scenarios, and add JSON examples.

Sequence Diagram

sequenceDiagram
  participant CLI
  participant SandboxStatusCommand
  participant StatusLib
  participant Gateway
  participant OpenShell
  participant Registry

  CLI->>SandboxStatusCommand: nemoclaw <name> status --json
  SandboxStatusCommand->>StatusLib: getSandboxStatusReport(name)
  StatusLib->>Gateway: reconcile gateway state
  Gateway-->>StatusLib: gatewayState / gateway metadata
  alt gateway present
    StatusLib->>OpenShell: inference.get() probe
    OpenShell-->>StatusLib: inference output or rpcIssue
    StatusLib->>Registry: lookup model/provider fallback
    Registry-->>StatusLib: registry metadata
  end
  StatusLib-->>SandboxStatusCommand: SandboxStatusReport
  SandboxStatusCommand->>CLI: emit JSON (redacted) and set exitCode if found=false or gatewayState != "present" or rpcIssue present

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• NVIDIA/NemoClaw#4180: Touches src/lib/actions/sandbox/status.ts and adds Docker health probing/output that overlaps status code paths.

Suggested labels

documentation, Sandbox

Suggested reviewers

• ericksoa
• cv
• jyaunches
• prekshivyas

🐰
I hop with code and carrot cheer,
Sandbox status now speaks clear.
GPUs, drivers, health in view,
JSON ready — tidy and true.
Parse away and automate here!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 25.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: adding a --json flag to the per-sandbox status command, which is the primary objective of this PR.
Linked Issues check	✅ Passed	All coding requirements from issue #4310 are met: --json flag added to per-sandbox status command, JSON output includes all required fields (hostGpuDetected, sandboxGpuEnabled, sandboxGpuMode, sandboxGpuDevice, openshellDriver, openshellVersion, plus model/provider/phase/inferenceHealth), openshellDriver/openshellVersion always strings with 'unknown' fallback, --help advertises --json, exit-code contract implemented, and JSON output matches global status behavior.
Out of Scope Changes check	✅ Passed	All changes are directly aligned with the linked issue #4310 objectives: CLI flag addition, JSON schema implementation, helper function refactoring to share logic between text and JSON paths, comprehensive test coverage, and documentation updates are all in scope.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/4310-sandbox-status-json

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint skipped: no ESLint configuration detected in root package.json. To enable, add eslint to devDependencies.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

PR Review Advisor

Findings: 1 needs attention, 5 worth checking, 0 nice ideas
Since last review: 2 prior items resolved, 4 still apply, 0 new items found

Review findings

🛠️ Needs attention

• Status monolith still grows past the hotspot threshold (src/lib/actions/sandbox/status.ts:64): The PR adds the shared snapshot type, collector, JSON report shaping, and local-provider gateway-chain subprobe wiring inside the already large and high-churn sandbox status action module. The deterministic drift check reports this file grew from 439 to 514 lines (+75), above the repository hotspot threshold for sandbox/gateway lifecycle code.
  • Recommendation: Extract the shared status snapshot/report collection into a focused module, or offset the growth by moving rendering/report-shaping helpers out of src/lib/actions/sandbox/status.ts. Keep text and JSON renderers as thin consumers of the same validated snapshot.
  • Evidence: The diff adds SandboxStatusReport, SandboxStatusSnapshot, collectSandboxStatusSnapshot(), getSandboxStatusReport(), and JSON-specific shaping in src/lib/actions/sandbox/status.ts; deterministic monolithDeltas reports baseLines=439, headLines=514, delta=75.

🔎 Worth checking

• Source-of-truth review needed: collectSandboxStatusSnapshot() gateway reconciler fallback: The advisor marked localized patch analysis as needs_followup.
  • Recommendation: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Evidence: src/lib/actions/sandbox/status.ts catches err around getReconciledSandboxGatewayState() and synthesizes { state: 'gateway_error', output: ` Could not probe live gateway state: ${message}` }.
• Source-of-truth review needed: collectSandboxStatusSnapshot() inference capture fallback: The advisor marked localized patch analysis as needs_followup.
  • Recommendation: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Evidence: src/lib/actions/sandbox/status.ts catches inference capture errors with catch { liveResult = null; }, then falls back to registry model/provider and may compute inferenceHealth.
• Gateway reconciliation throw fallback is now a JSON contract without a pinned source-of-truth test (src/lib/actions/sandbox/status.ts:103): collectSandboxStatusSnapshot() catches any exception from getReconciledSandboxGatewayState() and synthesizes gatewayState='gateway_error'. That preserved the legacy text-output behavior, but this PR exposes the synthesized state through machine-readable JSON without documenting why the reconciler cannot return a typed state itself, what exact invalid state is expected, or when the localized fallback can be removed.
  • Recommendation: Prefer normalizing expected probe failures inside the gateway-state layer. If this localized fallback remains, add a per-sandbox --json regression test that forces the reconciler/probe boundary to throw and asserts gatewayState='gateway_error', found/model/provider behavior, and the exit code.
  • Evidence: src/lib/actions/sandbox/status.ts catches err around getReconciledSandboxGatewayState() and builds { state: 'gateway_error', output: ` Could not probe live gateway state: ${message}` }; added tests cover missing and non-present gateway states but do not force this catch path.
• Inference capture failure can emit registry-backed JSON without an explicit unverified marker (src/lib/actions/sandbox/status.ts:114): When the gateway is present but captureOpenshellForStatus(["inference", "get"]) throws, the collector silently sets liveResult=null, falls back to registry model/provider, and can still compute provider health. JSON consumers may treat those fields as live gateway-verified status even though live inference configuration could not be read.
  • Recommendation: Define the JSON contract for inference capture failure. Prefer an explicit live-inference-unavailable marker or set inferenceHealth=null when live inference capture fails, then add a regression test proving the body and exit code for this path.
  • Evidence: The collector has catch { liveResult = null; }, then computes currentModel/currentProvider from live || registry || 'unknown' and calls getSandboxStatusInferenceHealth(lookup.state === 'present', currentProvider, currentModel). No added test forces captureOpenshellForStatus(["inference", "get"]) to throw.
• Per-sandbox diagnostic redaction is implemented but not pinned for nested health fields (src/commands/sandbox/status.ts:27): The JSON path now routes the report through redactForLog(), which addresses the main credential-leakage risk. However, this new machine-readable output can include inferenceHealth.endpoint, detail, and nested subprobes that automation may persist, and the added tests do not inject token-shaped values into those per-sandbox health fields to prove the redaction contract stays intact.
  • Recommendation: Add a focused per-sandbox status --json test that injects token-like values into inferenceHealth.endpoint, inferenceHealth.detail, and nested subprobes, then asserts the output is parseable JSON and contains only redacted values.
  • Evidence: SandboxStatusCommand.run() returns redactForLog(report), and SandboxStatusReport includes inferenceHealth: ProviderHealthStatus | null. Existing credential-redaction coverage is for the global status --json path, not the new per-sandbox report with health subprobes.

🌱 Nice ideas

• None.

Since last review details

Current findings:

• Source-of-truth review needed: collectSandboxStatusSnapshot() gateway reconciler fallback: The advisor marked localized patch analysis as needs_followup.
  • Recommendation: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Evidence: src/lib/actions/sandbox/status.ts catches err around getReconciledSandboxGatewayState() and synthesizes { state: 'gateway_error', output: ` Could not probe live gateway state: ${message}` }.
• Source-of-truth review needed: collectSandboxStatusSnapshot() inference capture fallback: The advisor marked localized patch analysis as needs_followup.
  • Recommendation: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Evidence: src/lib/actions/sandbox/status.ts catches inference capture errors with catch { liveResult = null; }, then falls back to registry model/provider and may compute inferenceHealth.
• Status monolith still grows past the hotspot threshold (src/lib/actions/sandbox/status.ts:64): The PR adds the shared snapshot type, collector, JSON report shaping, and local-provider gateway-chain subprobe wiring inside the already large and high-churn sandbox status action module. The deterministic drift check reports this file grew from 439 to 514 lines (+75), above the repository hotspot threshold for sandbox/gateway lifecycle code.
  • Recommendation: Extract the shared status snapshot/report collection into a focused module, or offset the growth by moving rendering/report-shaping helpers out of src/lib/actions/sandbox/status.ts. Keep text and JSON renderers as thin consumers of the same validated snapshot.
  • Evidence: The diff adds SandboxStatusReport, SandboxStatusSnapshot, collectSandboxStatusSnapshot(), getSandboxStatusReport(), and JSON-specific shaping in src/lib/actions/sandbox/status.ts; deterministic monolithDeltas reports baseLines=439, headLines=514, delta=75.
• Gateway reconciliation throw fallback is now a JSON contract without a pinned source-of-truth test (src/lib/actions/sandbox/status.ts:103): collectSandboxStatusSnapshot() catches any exception from getReconciledSandboxGatewayState() and synthesizes gatewayState='gateway_error'. That preserved the legacy text-output behavior, but this PR exposes the synthesized state through machine-readable JSON without documenting why the reconciler cannot return a typed state itself, what exact invalid state is expected, or when the localized fallback can be removed.
  • Recommendation: Prefer normalizing expected probe failures inside the gateway-state layer. If this localized fallback remains, add a per-sandbox --json regression test that forces the reconciler/probe boundary to throw and asserts gatewayState='gateway_error', found/model/provider behavior, and the exit code.
  • Evidence: src/lib/actions/sandbox/status.ts catches err around getReconciledSandboxGatewayState() and builds { state: 'gateway_error', output: ` Could not probe live gateway state: ${message}` }; added tests cover missing and non-present gateway states but do not force this catch path.
• Inference capture failure can emit registry-backed JSON without an explicit unverified marker (src/lib/actions/sandbox/status.ts:114): When the gateway is present but captureOpenshellForStatus(["inference", "get"]) throws, the collector silently sets liveResult=null, falls back to registry model/provider, and can still compute provider health. JSON consumers may treat those fields as live gateway-verified status even though live inference configuration could not be read.
  • Recommendation: Define the JSON contract for inference capture failure. Prefer an explicit live-inference-unavailable marker or set inferenceHealth=null when live inference capture fails, then add a regression test proving the body and exit code for this path.
  • Evidence: The collector has catch { liveResult = null; }, then computes currentModel/currentProvider from live || registry || 'unknown' and calls getSandboxStatusInferenceHealth(lookup.state === 'present', currentProvider, currentModel). No added test forces captureOpenshellForStatus(["inference", "get"]) to throw.
• Per-sandbox diagnostic redaction is implemented but not pinned for nested health fields (src/commands/sandbox/status.ts:27): The JSON path now routes the report through redactForLog(), which addresses the main credential-leakage risk. However, this new machine-readable output can include inferenceHealth.endpoint, detail, and nested subprobes that automation may persist, and the added tests do not inject token-shaped values into those per-sandbox health fields to prove the redaction contract stays intact.
  • Recommendation: Add a focused per-sandbox status --json test that injects token-like values into inferenceHealth.endpoint, inferenceHealth.detail, and nested subprobes, then asserts the output is parseable JSON and contains only redacted values.
  • Evidence: SandboxStatusCommand.run() returns redactForLog(report), and SandboxStatusReport includes inferenceHealth: ProviderHealthStatus | null. Existing credential-redaction coverage is for the global status --json path, not the new per-sandbox report with health subprobes.

Workflow run details

This is an automated advisory review. A human maintainer must make the final merge decision.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/cli.test.ts`:
- Around line 946-1045: Add assertions to check the process exit code for both
JSON sandbox-status tests: after the runWithEnv call in the "sandbox status
--json emits structured per-sandbox report" test (the const r = runWithEnv(...)
line) add expect(r.code).toBe(0), and do the same in the "sandbox status --json
defaults openshell driver/version to 'unknown' strings" test right after its
runWithEnv invocation; this ensures the command both prints valid JSON and exits
successfully.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: e9cd54a5-ef41-46f1-b540-4675572797e3

📥 Commits

Reviewing files that changed from the base of the PR and between 3855c08 and cb9723e.

📒 Files selected for processing (3)

• src/commands/sandbox/status.ts
• src/lib/actions/sandbox/status.ts
• test/cli.test.ts

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26521718076
Target ref: cb9723ec4be21c8d278821000d1a9454c943a585
Workflow ref: main
Requested jobs: sandbox-operations-e2e
Summary: 1 passed, 0 failed, 0 skipped

Job	Result
sandbox-operations-e2e	✅ success

[github-actions]

🌿 Preview your docs: https://nvidia-preview-pr-4323.docs.buildwithfern.com/nemoclaw

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26523240116
Target ref: b72ee5353f5e3e02fe147f493bea9228d9378177
Workflow ref: main
Requested jobs: sandbox-operations-e2e
Summary: 1 passed, 0 failed, 0 skipped

Job	Result
sandbox-operations-e2e	✅ success

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26525838187
Target ref: 70b3e6c684b782a4ae433c0f9046c69d43e63584
Workflow ref: main
Requested jobs: sandbox-operations-e2e
Summary: 1 passed, 0 failed, 0 skipped

Job	Result
sandbox-operations-e2e	✅ success