feat(cli): add sandbox agents list passthrough

[laitingsheng]

Summary

Adds nemoclaw <name> agents list as a thin pass-through to openclaw agents list via openshell sandbox exec. This finishes the host-side agent lifecycle surface — add and delete shipped in #4615; declarative seeding is already covered by the bake-time NEMOCLAW_EXTRA_AGENTS_JSON path from #4560.

Related Issue

Closes #2854.

Changes

• src/commands/sandbox/agents/list.ts: new oclif command, mirrors the sessions list and agents add/delete shape.
• src/lib/actions/sandbox/agents/passthrough.ts: AgentsPassthroughVerb extended to "add" | "delete" | "list"; parent help now lists the third subcommand.
• src/commands/sandbox/agents.ts: parent examples include agents list alpha --json.
• src/lib/cli/public-display-agents.ts: registers sandbox:agents:list under Sandbox Management at order 16.4 (ahead of add/delete to match lifecycle order).
• src/lib/cli/command-registry.test.ts: bumps sandbox-command count 43 -> 44 and updates the comment from "agents pair" to "agents trio".
• docs/reference/commands.mdx: new ### nemoclaw <name> agents list section before the existing add entry.
• test/e2e/test-sessions-agents-cli.sh: new TC-AGENT-03 between add and delete; calls agents list --json and asserts the seeded agent appears in the listing.

Out of Scope

agents apply -f from the original design is dropped — per-entry agents add (shipped via #4615) already covers operator workflows, and NEMOCLAW_EXTRA_AGENTS_JSON (shipped via #4560) already handles declarative bake-time seeding. No upstream openclaw agents apply verb or agents.apply gateway RPC exists, so a host-side reconcile would also need a new agents update CLI verb upstream first.

Type of Change

• Code change (feature, bug fix, or refactor)
• Code change with doc updates
• Doc only (prose changes, no code sample modifications)
• Doc only (includes code sample changes)

Verification

• npx prek run --all-files passes
• npm test passes
• Tests added or updated for new or changed behavior
• No secrets, API keys, or credentials committed
• Docs updated for user-facing behavior changes
• npm run docs builds without warnings (doc changes only)
• Doc pages follow the style guide (doc changes only)
• New doc pages include SPDX header and frontmatter (new pages only)

---

Signed-off-by: Tinson Lai tinsonl@nvidia.com

Summary by CodeRabbit

• New Features

  • Added a sandbox agents list command to list OpenClaw agents configured in a sandbox, supporting passthrough flags (including --json and --bindings).

• Documentation

  • Updated command reference and help text; added docs for the agents list passthrough in both nemoclaw and nemohermes command sections.

• Tests

  • Added end-to-end test coverage validating the agents list output (JSON and presence of added agent).

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 3336ff7b-ead1-487a-8b07-868335769fdc

📥 Commits

Reviewing files that changed from the base of the PR and between 3707865 and e1f14d2.

📒 Files selected for processing (2)

• docs/reference/commands-nemohermes.mdx
• test/e2e/test-sessions-agents-cli.sh

✅ Files skipped from review due to trivial changes (1)

• docs/reference/commands-nemohermes.mdx

🚧 Files skipped from review as they are similar to previous changes (1)

• test/e2e/test-sessions-agents-cli.sh

---

📝 Walkthrough

Walkthrough

This PR adds a new sandbox:agents:list CLI command that forwards to in-sandbox openclaw agents list. It extends the agents passthrough verb, implements the host-side command with help detection, registers the command for display and tests, and adds documentation and e2e coverage verifying JSON output.

Changes

Sandbox agents list command

Layer / File(s)	Summary
Type extension and help for list verb src/lib/actions/sandbox/agents/passthrough.ts	AgentsPassthroughVerb now includes "list" and printAgentsParentHelp documents the new subcommand.
List command implementation src/commands/sandbox/agents/list.ts	Adds SandboxAgentsListCommand with metadata and run() that detects missing sandbox/help tokens (--help/-h/passthrough help) and delegates to runAgentsPassthrough with verb: "list" and extra args.
Command registration and display src/commands/sandbox/agents.ts, src/lib/cli/command-registry.test.ts, src/lib/cli/public-display-agents.ts	Parent command examples updated, test expectation incremented to 44 commands, and new "sandbox:agents:list" entry added to SANDBOX_AGENTS_DISPLAY_LAYOUT with group/order/flags/description.
Documentation and e2e test coverage docs/reference/commands.mdx, docs/reference/commands-nemohermes.mdx, test/e2e/test-sessions-agents-cli.sh	Reference docs for agents list added for NemoClaw and NemoHermes describing passthrough and examples; e2e test test_agents_list_passthrough added to run nemoclaw <sandbox> agents list --json, parse JSON, and assert the test agent ID is present.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels

NemoClaw CLI, enhancement: feature, needs: review

Suggested reviewers

• prekshivyas
• cv

Poem

🐰 A tiny rabbit taps the shell,
Lists the agents, counts them well,
Passthrough echoes from sandbox deep,
JSON hops out, tidy and neat,
NemoClaw smiles — another feat!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat(cli): add sandbox agents list passthrough' accurately describes the primary change: adding a new CLI passthrough command for listing sandbox agents.
Linked Issues check	✅ Passed	The PR implements the 'agents list' command from linked issue #2854, enabling host-side inspection of OpenClaw agent config without sandbox entry or config mutation.
Out of Scope Changes check	✅ Passed	All changes are scoped to implementing the agents list feature; agents apply was intentionally excluded per PR objectives, and no unrelated modifications are present.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/2854-host-side-agents-list

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

E2E Advisor Recommendation

Required E2E: sessions-agents-cli-e2e
Optional E2E: docs-validation-e2e

Dispatch hint: sessions-agents-cli-e2e

Auto-dispatched E2E: sessions-agents-cli-e2e via nightly-e2e.yaml at e1f14d268e8374b8e1e82ea13e3082b3ac1d3715 — nightly run

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

• sessions-agents-cli-e2e (medium-high; real install/onboard and live sandbox, timeout 60 minutes): Directly covers the changed runtime path: install/onboard a real sandbox, add an OpenClaw agent, invoke the new nemoclaw <name> agents list --json passthrough via openshell sandbox exec, verify JSON output and that the added agent is visible, then continue delete/session checks.

Optional E2E

• docs-validation-e2e (low; installs CLI and runs docs/help parity with local link checks, timeout 15 minutes): Validates CLI/docs parity after adding public command documentation and display metadata for agents list. Useful confidence, but not the primary runtime risk because the PR's behavior is covered by sessions-agents-cli-e2e.

New E2E recommendations

• sandbox agents CLI passthrough (low): The updated E2E covers agents list --json, but not forwarding of --bindings, which is documented as supported. If binding summaries become important to NemoClaw-owned argv forwarding, add a follow-up assertion that nemoclaw <name> agents list --bindings reaches the in-sandbox CLI without host-side parsing or command-id misrouting.
  • Suggested test: Extend test/e2e/test-sessions-agents-cli.sh with a focused agents list --bindings passthrough check after the secondary agent is added.

Dispatch hint

• Workflow: E2E / Nightly
• jobs input: sessions-agents-cli-e2e

[github-actions]

E2E Scenario Advisor Recommendation

Required scenario E2E: ubuntu-repo-cloud-openclaw
Optional scenario E2E: wsl-repo-cloud-openclaw

Dispatch required scenario E2E:

• gh workflow run e2e-scenarios.yaml --ref <pr-head-ref> --field scenarios=ubuntu-repo-cloud-openclaw

Workflow run

Full scenario advisor summary

E2E Scenario Advisor

Base: origin/main
Head: HEAD
Confidence: medium

Required scenario E2E

• ubuntu-repo-cloud-openclaw: The PR adds an OpenClaw sandbox agents-list pass-through and updates public CLI display/help metadata. The smallest scenario route that installs the current branch, onboards an OpenClaw sandbox, and validates the live CLI/sandbox path is the Ubuntu repo-current cloud OpenClaw scenario.
  • Dispatch: gh workflow run e2e-scenarios.yaml --ref <pr-head-ref> --field scenarios=ubuntu-repo-cloud-openclaw

Optional scenario E2E

• wsl-repo-cloud-openclaw: Optional cross-platform coverage for the same OpenClaw repo-current CLI surface on WSL; useful for argv/pass-through and sandbox exec regressions but not the primary Linux target.
  • Dispatch: gh workflow run e2e-scenarios.yaml --ref <pr-head-ref> --field scenarios=wsl-repo-cloud-openclaw

Relevant changed files

• src/commands/sandbox/agents.ts
• src/commands/sandbox/agents/list.ts
• src/lib/actions/sandbox/agents/passthrough.ts
• src/lib/cli/public-display-agents.ts

[github-actions]

PR Review Advisor

Findings: 1 needs attention, 0 worth checking, 2 nice ideas
Since last review: 0 prior items resolved, 3 still apply, 0 new items found

Review findings

🛠️ Needs attention

• Closing Host-side OpenClaw agent lifecycle commands in NemoClaw #2854 leaves remove/apply acceptance clauses unmet: The linked issue asks for a broader host-side agent lifecycle surface, including list, add, remove, and apply behavior. This PR adds `agents list` and relies on existing `agents add`/`agents delete`, but it does not add the literal `agents remove <id>` spelling or `agents apply -f agents.yaml` path. If this PR closes Host-side OpenClaw agent lifecycle commands in NemoClaw #2854 as written, users and maintainers may treat the broader lifecycle proposal as completed even though two named commands remain absent.
  • Recommendation: Either keep Host-side OpenClaw agent lifecycle commands in NemoClaw #2854 open or update the issue/PR closure scope to explicitly track `agents remove` and `agents apply -f agents.yaml` elsewhere, or implement those commands if they are intended to be part of this closure.
  • Evidence: Issue Host-side OpenClaw agent lifecycle commands in NemoClaw #2854 lists possible commands `nemoclaw <sandbox> agents list`, `agents add`, `agents remove`, and `agents apply -f agents.yaml`. The changed source adds `src/commands/sandbox/agents/list.ts`; `src/commands/sandbox/agents/` contains `add.ts`, `delete.ts`, and `list.ts`, but no `remove.ts` or `apply.ts`.

🔎 Worth checking

• None.

🌱 Nice ideas

• Add fast public-routing coverage for agents list (src/lib/cli/public-argv-translation.test.ts:302): The new command should route through the public sandbox-first grammar as `nemoclaw <name> agents list ...`. The route is likely derived correctly from the registered oclif leaf command, but existing public argv tests cover agents parent/help behavior and sessions leaf subcommands rather than the new `agents list` leaf.
  • Recommendation: Add targeted assertions that `translatePublicSandboxArgv("alpha", "agents", ["list", "--json"])` returns command id `sandbox:agents:list` with args `["alpha", "--json"]`, and that `--bindings` is forwarded the same way.
  • Evidence: The diff adds `src/commands/sandbox/agents/list.ts` and E2E coverage for `nemoclaw "$SANDBOX_NAME" agents list --json`; inspected `src/lib/cli/public-argv-translation.test.ts` still has agents parent/help tests but no `agents list` route assertion.
• Regenerate mirrored skill reference docs for agents list (skills/nemoclaw-user-reference/references/commands.md:1030): The canonical reference pages now document `agents list`, but checked-in user-reference skill copies still jump from `agents add` to `agents delete`. If those skill references are committed artifacts, they will drift from the public command reference.
  • Recommendation: Regenerate or update `skills/nemoclaw-user-reference/references/commands.md` and `.agents/skills/nemoclaw-user-reference/references/commands.md` to include the new `nemoclaw <name> agents list` section, or document that these files are intentionally not updated by this PR.
  • Evidence: `docs/reference/commands.mdx` and `docs/reference/commands-nemohermes.mdx` add `agents list`; the inspected skill reference copies still show `agents add` followed directly by `agents delete`.

Consider writing more tests for

• **Runtime validation** — Route `translatePublicSandboxArgv("alpha", "agents", ["list", "--json"])` to command id `sandbox:agents:list` with args `["alpha", "--json"]`.. The changed behavior crosses the public host CLI grammar, oclif command discovery, OpenShell sandbox exec, and the in-sandbox OpenClaw CLI. The PR adds useful E2E runtime validation for `agents list --json`; fast routing tests would still improve confidence and catch regressions before the slower E2E layer.
• **Runtime validation** — Route `translatePublicSandboxArgv("alpha", "agents", ["list", "--bindings"])` to command id `sandbox:agents:list` with args `["alpha", "--bindings"]`.. The changed behavior crosses the public host CLI grammar, oclif command discovery, OpenShell sandbox exec, and the in-sandbox OpenClaw CLI. The PR adds useful E2E runtime validation for `agents list --json`; fast routing tests would still improve confidence and catch regressions before the slower E2E layer.
• **Runtime validation** — `SandboxAgentsListCommand` forwards extra args after the sandbox name to `runAgentsPassthrough` with verb `list`.. The changed behavior crosses the public host CLI grammar, oclif command discovery, OpenShell sandbox exec, and the in-sandbox OpenClaw CLI. The PR adds useful E2E runtime validation for `agents list --json`; fast routing tests would still improve confidence and catch regressions before the slower E2E layer.
• **Runtime validation** — `SandboxAgentsListCommand` prints passthrough help when the sandbox name is missing or when the first token is `--help`/`-h`.. The changed behavior crosses the public host CLI grammar, oclif command discovery, OpenShell sandbox exec, and the in-sandbox OpenClaw CLI. The PR adds useful E2E runtime validation for `agents list --json`; fast routing tests would still improve confidence and catch regressions before the slower E2E layer.
• **Add fast public-routing coverage for agents list** — Add targeted assertions that `translatePublicSandboxArgv("alpha", "agents", ["list", "--json"])` returns command id `sandbox:agents:list` with args `["alpha", "--json"]`, and that `--bindings` is forwarded the same way.
• **Acceptance clause:** NemoClaw does not currently expose host-side commands to add, list, remove, or apply OpenClaw agent configuration inside a NemoClaw-managed sandbox. — add test evidence or identify existing coverage. This PR adds host-side `agents list`; existing nearby code provides `agents add` and `agents delete`. There is still no literal `agents remove` or `agents apply` command.
• **Acceptance clause:** DataRobot feedback: host-side agent lifecycle commands would avoid manual in-sandbox OpenClaw config mutation when setting up multi-agent workflows. — add test evidence or identify existing coverage. `agents list` now runs from the host via `openshell sandbox exec`, and existing add/delete passthroughs also avoid manual shell entry. The broader lifecycle is incomplete without remove/apply or an explicit deferral.
• **Acceptance clause:** This makes dynamic multi-agent setup difficult because NemoClaw hardens OpenClaw config at runtime, and users should not need to enter the sandbox or manually mutate read-only config. — add test evidence or identify existing coverage. The new list command reduces the need to enter the sandbox for inspection, but it does not add host-side desired-state mutation or apply behavior.

Since last review details

Current findings:

• Closing Host-side OpenClaw agent lifecycle commands in NemoClaw #2854 leaves remove/apply acceptance clauses unmet: The linked issue asks for a broader host-side agent lifecycle surface, including list, add, remove, and apply behavior. This PR adds `agents list` and relies on existing `agents add`/`agents delete`, but it does not add the literal `agents remove <id>` spelling or `agents apply -f agents.yaml` path. If this PR closes Host-side OpenClaw agent lifecycle commands in NemoClaw #2854 as written, users and maintainers may treat the broader lifecycle proposal as completed even though two named commands remain absent.
  • Recommendation: Either keep Host-side OpenClaw agent lifecycle commands in NemoClaw #2854 open or update the issue/PR closure scope to explicitly track `agents remove` and `agents apply -f agents.yaml` elsewhere, or implement those commands if they are intended to be part of this closure.
  • Evidence: Issue Host-side OpenClaw agent lifecycle commands in NemoClaw #2854 lists possible commands `nemoclaw <sandbox> agents list`, `agents add`, `agents remove`, and `agents apply -f agents.yaml`. The changed source adds `src/commands/sandbox/agents/list.ts`; `src/commands/sandbox/agents/` contains `add.ts`, `delete.ts`, and `list.ts`, but no `remove.ts` or `apply.ts`.
• Add fast public-routing coverage for agents list (src/lib/cli/public-argv-translation.test.ts:302): The new command should route through the public sandbox-first grammar as `nemoclaw <name> agents list ...`. The route is likely derived correctly from the registered oclif leaf command, but existing public argv tests cover agents parent/help behavior and sessions leaf subcommands rather than the new `agents list` leaf.
  • Recommendation: Add targeted assertions that `translatePublicSandboxArgv("alpha", "agents", ["list", "--json"])` returns command id `sandbox:agents:list` with args `["alpha", "--json"]`, and that `--bindings` is forwarded the same way.
  • Evidence: The diff adds `src/commands/sandbox/agents/list.ts` and E2E coverage for `nemoclaw "$SANDBOX_NAME" agents list --json`; inspected `src/lib/cli/public-argv-translation.test.ts` still has agents parent/help tests but no `agents list` route assertion.
• Regenerate mirrored skill reference docs for agents list (skills/nemoclaw-user-reference/references/commands.md:1030): The canonical reference pages now document `agents list`, but checked-in user-reference skill copies still jump from `agents add` to `agents delete`. If those skill references are committed artifacts, they will drift from the public command reference.
  • Recommendation: Regenerate or update `skills/nemoclaw-user-reference/references/commands.md` and `.agents/skills/nemoclaw-user-reference/references/commands.md` to include the new `nemoclaw <name> agents list` section, or document that these files are intentionally not updated by this PR.
  • Evidence: `docs/reference/commands.mdx` and `docs/reference/commands-nemohermes.mdx` add `agents list`; the inspected skill reference copies still show `agents add` followed directly by `agents delete`.

Workflow run details

This is an automated advisory review. A human maintainer must make the final merge decision.

[coderabbitai]

🧹 Nitpick comments (1)

docs/reference/commands.mdx (1)

1141-1141: ⚡ Quick win

Rewrite in active voice.

The sentence uses passive voice ("are forwarded"). Rewrite as active voice, for example: "The command forwards --json and --bindings flags accepted by the in-sandbox OpenClaw CLI verbatim."

As per coding guidelines, active voice is required in documentation. The relevant rule: "Active voice required. Flag passive constructions."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/reference/commands.mdx` at line 1141, Rewrite the passive sentence to
active voice: replace "Flags accepted by the in-sandbox CLI (`--json`,
`--bindings`) are forwarded verbatim." with an active construction such as "The
command forwards the in-sandbox OpenClaw CLI flags `--json` and `--bindings`
verbatim." Update the line containing that sentence (search for the exact phrase
"Flags accepted by the in-sandbox CLI (`--json`, `--bindings`) are forwarded
verbatim.") and ensure it mentions "the command" and "in-sandbox OpenClaw CLI"
as shown.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@docs/reference/commands.mdx`:
- Line 1141: Rewrite the passive sentence to active voice: replace "Flags
accepted by the in-sandbox CLI (`--json`, `--bindings`) are forwarded verbatim."
with an active construction such as "The command forwards the in-sandbox
OpenClaw CLI flags `--json` and `--bindings` verbatim." Update the line
containing that sentence (search for the exact phrase "Flags accepted by the
in-sandbox CLI (`--json`, `--bindings`) are forwarded verbatim.") and ensure it
mentions "the command" and "in-sandbox OpenClaw CLI" as shown.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: a5895cf5-79d0-406d-b3bd-ba6d59aa5ea0

📥 Commits

Reviewing files that changed from the base of the PR and between 44bc078 and 3707865.

📒 Files selected for processing (7)

• docs/reference/commands.mdx
• src/commands/sandbox/agents.ts
• src/commands/sandbox/agents/list.ts
• src/lib/actions/sandbox/agents/passthrough.ts
• src/lib/cli/command-registry.test.ts
• src/lib/cli/public-display-agents.ts
• test/e2e/test-sessions-agents-cli.sh

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 27212582454
Target ref: 3707865eb2b1c7e9c11f5739bfad6712b73a89f2
Workflow ref: main
Requested jobs: sessions-agents-cli-e2e
Summary: 0 passed, 1 failed, 0 skipped

Job	Result
sessions-agents-cli-e2e	❌ failure

Failed jobs: sessions-agents-cli-e2e. Check run artifacts for logs.

[github-actions]

🌿 Preview your docs: https://nvidia-preview-pr-5043.docs.buildwithfern.com/nemoclaw

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 27214282544
Target ref: e1f14d268e8374b8e1e82ea13e3082b3ac1d3715
Workflow ref: main
Requested jobs: sessions-agents-cli-e2e
Summary: 1 passed, 0 failed, 0 skipped

Job	Result
sessions-agents-cli-e2e	✅ success