fix(cli): clarify live gateway drift in list

[chengjiew]

Summary

Clarifies the nemoclaw list drift annotation so users can tell the row is using live OpenShell gateway inference state, not only the onboarded snapshot. This addresses the confusion in #3822 where killing a sandbox container leaves the gateway reachable and the drift line still valid.

Related Issue

Fixes #3822

Changes

• Rename the default-sandbox list drift annotation from (onboarded: ...) to (live OpenShell gateway differs from onboarded: ...).
• Keep offline gateway fallback behavior unchanged: no drift annotation is shown when live gateway inference cannot be fetched.
• Update source-level and executable CLI regression expectations.

Type of Change

• Code change (feature, bug fix, or refactor)
• Code change with doc updates
• Doc only (prose changes, no code sample modifications)
• Doc only (includes code sample changes)

Verification

• npx prek run --all-files passes
• npm test passes
• Tests added or updated for new or changed behavior
• No secrets, API keys, or credentials committed
• Docs updated for user-facing behavior changes
• make docs builds without warnings (doc changes only)
• Doc pages follow the style guide (doc changes only)
• New doc pages include SPDX header and frontmatter (new pages only)

Focused commands run:

• git diff --check
• npx vitest run --project cli src/lib/inventory/index.test.ts
• npx vitest run --project cli test/cli.test.ts -t "list shows live gateway inference"
• npm run typecheck:cli

Note: I did not mark npx prek run --all-files because the repo pre-commit hook recursively invoked itself when the full CLI coverage suite ran a nested git-commit test with the parent hook Git environment. The focused tests and typecheck above passed.

---

Signed-off-by: Chengjie Wang chengjiew@nvidia.com

Summary by CodeRabbit

• Bug Fixes
  • Improved diagnostic messaging to explicitly indicate when live OpenShell gateway settings differ from onboarded configuration, providing clearer visibility into which values are stored versus actively running.

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 78f47e2a-0f63-47e7-aeea-766ed30eb3c1

📥 Commits

Reviewing files that changed from the base of the PR and between 25aa446 and b2ab594.

📒 Files selected for processing (3)

• src/lib/inventory/index.test.ts
• src/lib/inventory/index.ts
• test/cli.test.ts

---

📝 Walkthrough

Walkthrough

The PR updates inventory drift messaging to clarify when live OpenShell gateway values differ from onboarded configuration. Documentation, implementation, and test assertions are updated consistently to reflect the new explicit message format across the CLI output, unit tests, and integration tests.

Changes

Drift message clarification for live gateway vs onboarded state

Layer / File(s)	Summary
Drift message implementation and test validation src/lib/inventory/index.ts, src/lib/inventory/index.test.ts, test/cli.test.ts	The renderSandboxInventoryText documentation and drift detection message are updated to explicitly state "live OpenShell gateway differs from onboarded" instead of implicit "(onboarded: …)" wording. Unit tests for default-sandbox, model-drift, and provider-drift cases, plus the integration test for live gateway inference, all assert the new explicit message format.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

NemoClaw CLI, OpenShell, fix

Poem

🐰 A gateway speaks with clarity clear,
No more ambiguity need we fear—
"Live differs from onboarded," the message now sings,
Each assertion updated, aligned with all things.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely describes the main change: clarifying the live gateway drift annotation in the list command output.
Linked Issues check	✅ Passed	The PR successfully addresses issue #3822 by changing the drift annotation from '(onboarded: ...)' to '(live OpenShell gateway differs from onboarded: ...)' to explicitly clarify data source.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to clarifying the live gateway drift annotation in list/status output as required by issue #3822.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/3822_gateway-drift-list-status-v2

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint skipped: no ESLint configuration detected in root package.json. To enable, add eslint to devDependencies.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

PR Review Advisor

Recommendation: info only
Confidence: low
Analyzed HEAD: b2ab594e6b49498bc1c38ad5def46df212d930c2
Findings: 0 blocker(s), 1 warning(s), 0 suggestion(s)

This is an automated advisory review. A human maintainer must make the final merge decision.

Limitations: Advisor execution failed: Could not configure advisor model openai/openai/gpt-5.5

Workflow run

Full advisor summary

PR Review Advisor

Base: origin/main
Head: HEAD
Analyzed SHA: b2ab594e6b49498bc1c38ad5def46df212d930c2
Recommendation: info only
Confidence: low

PR review advisor failed: Could not configure advisor model openai/openai/gpt-5.5

Gate status

• CI: pending — 9 status context(s) appear pending.
• Mergeability: fail — mergeStateStatus=BLOCKED
• Review threads: unknown — No review thread state was available.
• Risky code tested: pass — No risky code areas detected by path heuristics.

🔴 Blockers

• None.

🟡 Warnings

• PR review advisor unavailable: The automated advisor could not complete: Could not configure advisor model openai/openai/gpt-5.5
  • Recommendation: Re-run the PR Review Advisor or perform a manual review.
  • Evidence: Could not configure advisor model openai/openai/gpt-5.5

🔵 Suggestions

• None.

Acceptance coverage

• No linked acceptance clauses were analyzed.

Security review

• warning — Secrets and Credentials: Advisor unavailable; human review required.
• warning — Input Validation and Data Sanitization: Advisor unavailable; human review required.
• warning — Authentication and Authorization: Advisor unavailable; human review required.
• warning — Dependencies and Third-Party Libraries: Advisor unavailable; human review required.
• warning — Error Handling and Logging: Advisor unavailable; human review required.
• warning — Cryptography and Data Protection: Advisor unavailable; human review required.
• warning — Configuration and Security Headers: Advisor unavailable; human review required.
• warning — Security Testing: Advisor unavailable; human review required.
• warning — Holistic Security Posture: Advisor unavailable; human review required.

Test / E2E status

• Test depth: e2e_required — Runtime/sandbox/infrastructure paths need real execution coverage: src/lib/inventory/index.ts.
• E2E Advisor: not_found (not found)

✅ What looks good

• No positives were identified by the advisor.

Review completeness

• Advisor execution failed: Could not configure advisor model openai/openai/gpt-5.5
• Human maintainer review required: yes

[github-actions]

E2E Advisor Recommendation

Required E2E: None
Optional E2E: sandbox-operations-e2e, openclaw-inference-switch-e2e

Dispatch hint: sandbox-operations-e2e,openclaw-inference-switch-e2e

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

• None. No merge-blocking E2E is recommended because the PR only changes user-facing annotation text in sandbox inventory output and updates unit/CLI tests for that exact behavior; it does not alter installer/onboarding, credentials, sandbox lifecycle mechanics, security boundaries, network policy enforcement, or actual inference routing.

Optional E2E

• sandbox-operations-e2e (medium-high (~60 min timeout)): Closest existing E2E coverage for real nemoclaw list behavior across registered sandboxes and sandbox lifecycle operations. Useful confidence that the inventory/list command still works end-to-end, although it is broader than the changed annotation text.
• openclaw-inference-switch-e2e (medium (~45 min timeout)): Adjacent coverage for live OpenShell inference route changes in an OpenClaw sandbox. Optional only: it validates route/config/live requests, but does not specifically assert nemoclaw list drift annotation output.

New E2E recommendations

• CLI inventory drift presentation (medium): No existing E2E appears to directly assert that nemoclaw list renders live gateway provider/model for the default sandbox and prints the explicit live OpenShell gateway differs from onboarded drift annotation while preserving stored config for non-default sandboxes.
  • Suggested test: Add a lightweight regression E2E/preflight that seeds ~/.nemoclaw/sandboxes.json, stubs or drives openshell inference get with differing live provider/model values, runs nemoclaw list, and asserts the live row plus the explicit drift annotation and gateway-failure fallback.

Dispatch hint

• Workflow: nightly-e2e.yaml
• jobs input: sandbox-operations-e2e,openclaw-inference-switch-e2e

[wscurran]

✨ Related open issues:

• #3822 [Nemoclaw][All Platforms] Gateway-unreachable drift behavior unclear: nemoclaw list continues to show onboarded drift after killing sandbox container