test(e2e): add cloudflared tunnel URL probe (HTTP + content)

[hunglp6d]

Summary

Adds TC-DEPLOY-01b to test-deployment-services.sh: an HTTP + content probe of the cloudflared tunnel URL to catch the case where a tunnel publishes a public URL but the data plane never actually serves the OpenClaw dashboard. Also splits the existing TC-DEPLOY-01 into 01a/01b/01c.

Related Issue

Closes #2636

Changes

• Split test_deploy_01_start_stop() into three sub-TCs:
  • TC-DEPLOY-01a — nemoclaw tunnel start surfaces a public URL in status (existing behavior, relabeled)
  • TC-DEPLOY-01b — (new) tunnel URL serves the OpenClaw dashboard
  • TC-DEPLOY-01c — nemoclaw tunnel stop removes URL from status (existing behavior, relabeled)
• New TC-DEPLOY-01b probe:
  • Strict HTTP 200 only
  • Body fingerprint: <title>OpenClaw Control</title> (verified-stable markers from a live probe)
• Replaced 6×5 s polling of nemoclaw status with a single 5 s wait + single status read (single source of truth, more readable)
• Gated TC-DEPLOY-01c on tunnel_url being confirmed in status so post_url == "" no longer false-PASSes when the URL was never present to begin with
• Updated file-header Covers: block and function-level comments to reflect the 01a/01b/01c split

Type of Change

• Code change (feature, bug fix, or refactor)
• Code change with doc updates

Verification

• npx prek run --all-files passes
• npm test passes
• Tests added or updated for new or changed behavior
• No secrets, API keys, or credentials committed
• Docs updated for user-facing behavior changes
• make docs builds without warnings (doc changes only)
• Doc pages follow the style guide (doc changes only)
• New doc pages include SPDX header and frontmatter (new pages only)

---

Signed-off-by: Hung Le hple@nvidia.com

Summary by CodeRabbit

• Tests
  • Split deployment E2E into three staged subtests: start/URL discovery, HTTP content verification, and stop/URL removal.
  • Added upfront guard to skip tunnel tests when sandbox is absent.
  • Improved polling and retries for start/stop flows with stricter success/failure checks and cleanup attempts.
  • Active HTTP probing until HTTP 200 and expected dashboard markers are found.
  • Increased sandbox onboarding timeout from 600s to 1800s.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 0cd7be2f-0737-42a5-a61f-72a264c51246

📥 Commits

Reviewing files that changed from the base of the PR and between 60499a5 and f0d75d3.

📒 Files selected for processing (1)

• test/e2e/test-deployment-services.sh

🚧 Files skipped from review as they are similar to previous changes (1)

• test/e2e/test-deployment-services.sh

---

📝 Walkthrough

Walkthrough

Splits the deployment E2E into three subtests: 01a starts the tunnel and polls nemoclaw status for a public URL, 01b probes that URL until HTTP 200 and checks dashboard markers, and 01c stops the tunnel and verifies URL removal; adds sandbox presence guard and increases onboarding timeout to 1800s.

Changes

Cohort / File(s)

Summary

Test Enhancement test/e2e/test-deployment-services.sh

Refactors test_deploy_01_start_stop into TC-DEPLOY-01a/01b/01c. 01a: nemoclaw tunnel start then poll nemoclaw status for a trycloudflare.com URL; skip tunnel tests if sandbox absent. 01b: curl the tunnel URL with retries, require HTTP 200 and presence of <title>OpenClaw Control</title> or <openclaw-app>; log diagnostics on failures and skip if no URL. 01c: nemoclaw tunnel stop then poll nemoclaw status to confirm URL removal with retry on transient errors. Also increases sandbox onboarding timeout from 600s to 1800s.

Sequence Diagram

sequenceDiagram
    participant Test as E2E Test
    participant CLI as Nemoclaw CLI
    participant Status as Nemoclaw Status
    participant HTTP as Tunnel URL
    participant Dash as OpenClaw Dashboard

    Test->>CLI: nemoclaw tunnel start
    CLI-->>Test: start result

    loop poll status
        Test->>Status: nemoclaw status
        Status-->>Test: tunnel_url (or empty)
    end

    alt tunnel_url present
        loop curl retries
            Test->>HTTP: HTTP GET tunnel_url
            HTTP->>Dash: route to origin
            Dash-->>HTTP: HTTP 200 + HTML / non-200
            HTTP-->>Test: response
        end
        Test->>Test: verify HTTP 200 and markers
    else no tunnel_url
        Test-->>Test: skip TC-DEPLOY-01b/01c
    end

    Test->>CLI: nemoclaw tunnel stop
    CLI-->>Test: stop result

    loop poll status until absent
        Test->>Status: nemoclaw status
        Status-->>Test: no tunnel_url
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐇 I started a tunnel, waited for light,
curled my curl through day and night.
I checked the page where OpenClaw gleams,
then politely closed my shiny beams. ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: adding an HTTP + content probe to verify the cloudflared tunnel URL serves the OpenClaw dashboard.
Linked Issues check	✅ Passed	All objectives from issue #2636 are met: TC-DEPLOY-01 split into three subtests (01a/01b/01c), TC-DEPLOY-01b probes with HTTP 200 and dashboard content markers, pass/fail/skip behavior implemented as specified.
Out of Scope Changes check	✅ Passed	All changes are in scope: the tunnel URL probe implementation, test restructuring, timeout adjustment (600s to 1800s), and skip guard for absent sandbox are all aligned with issue #2636 objectives.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch test/e2e-prob-tunnel-url

---

_{Review rate limit: 9/10 reviews remaining, refill in 6 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@test/e2e/test-deployment-services.sh`:
- Around line 357-372: The post-stop check is flaky because it uses a fixed
sleep then a single `nemoclaw status` check; replace that with a retry-poll
loop: after the existing initial sleep, poll `nemoclaw status` (store in
`post_status`) and extract `post_url` up to a configurable timeout/retries
(e.g., loop with short sleeps between attempts) and only call pass
"TC-DEPLOY-01c: Tunnel URL absent after stop" if `post_url` remains empty for
the whole timeout, otherwise call fail with the found `post_url`; keep using the
existing `tunnel_url`, `post_status`, `post_url`, and the
`log`/`skip`/`pass`/`fail` helpers so the rest of the flow is unchanged.
- Around line 308-313: The current single-shot call to `nemoclaw status` stores
output in `status_output` and extracts `tunnel_url` once, which can race because
the tunnel URL appears asynchronously; change this to poll: run `nemoclaw
status` in a loop (e.g., retry every 2–5s) capturing `status_output` each
iteration, attempt to extract `tunnel_url` with the same grep pattern, log each
attempt (use the existing `log` pattern), and break once a URL is found or a
configurable timeout/maximum attempts is reached; ensure variables
`status_output` and `tunnel_url` and the `nemoclaw status` invocation are used
so behavior remains consistent and on timeout the script fails cleanly with a
helpful log message.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 80637055-01df-4557-ad5d-6849ca2d26d7

📥 Commits

Reviewing files that changed from the base of the PR and between 9113dca and 97a5e36.

📒 Files selected for processing (1)

• test/e2e/test-deployment-services.sh

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@test/e2e/test-deployment-services.sh`:
- Around line 305-306: The test currently swallows failures by appending || true
to the nemoclaw tunnel start/stop invocations; change this to capture both
stdout/stderr and the exit code (e.g., assign start_output and start_exit=$?
after running nemoclaw tunnel start) and assert the exit code is 0 before
continuing (log start_output on failure and exit the test); do the same for
nemoclaw tunnel stop (capture stop_output and stop_exit, assert stop_exit is 0),
ensuring you reference the existing start_output/stop_output variables and fail
fast if the commands fail.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: ee025965-991c-46d9-b2a7-f1f17d9c5214

📥 Commits

Reviewing files that changed from the base of the PR and between 97a5e36 and 9eefd5b.

📒 Files selected for processing (1)

• test/e2e/test-deployment-services.sh

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@test/e2e/test-deployment-services.sh`:
- Around line 302-305: The sandbox existence check uses grep -q "$SANDBOX_NAME"
which treats the name as a regex and can match substrings; change that grep
invocation to a literal fixed-string match using grep -Fq -- "$SANDBOX_NAME"
(preserve the 2>/dev/null redirection and surrounding test) so the conditional
in the test script that uses `if ! nemoclaw list 2>/dev/null | grep -q
"$SANDBOX_NAME"; then` performs a safe, exact literal match.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 8ece41f8-d8c9-46fd-9e64-3347eadc128b

📥 Commits

Reviewing files that changed from the base of the PR and between 9eefd5b and 53b1b3a.

📒 Files selected for processing (1)

• test/e2e/test-deployment-services.sh

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@test/e2e/test-deployment-services.sh`:
- Around line 366-369: Update the log message so it accurately reflects the
command being executed: change the text logged by the call to log that currently
says "Step 4: Running nemoclaw stop..." to reference "nemoclaw tunnel stop" (the
actual command run) so that the log entry for the stop step matches the executed
command (look for the log call near the stop_output=$(nemoclaw tunnel stop ...)
invocation and update its message).
- Around line 381-390: The loop currently swallows failures from the `nemoclaw
status` call (using `|| true`) and treats an empty `post_url` as success,
causing false-positive PASSes; change the logic to capture and check the exit
status of `nemoclaw status` (e.g., store its exit code in a variable like
`status_exit` or a boolean `status_ok`) instead of masking errors, only treat
the test as passed if `status_ok` is true and `post_url` is empty after the
loop, and call `fail` (via the existing `fail` helper) when `nemoclaw status`
could not be read or when `post_url` remains non-empty; update the uses of
`post_status`/`post_url` and the final if/else to reflect this distinction.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 6ec57bbb-d3a9-431b-bea3-2adc8f83f11b

📥 Commits

Reviewing files that changed from the base of the PR and between 53b1b3a and 60499a5.

📒 Files selected for processing (1)

• test/e2e/test-deployment-services.sh