fix(e2e): run full repo scenario cli build

[jyaunches]

Summary

• Use npm run build:cli for repo-current scenario installs instead of raw tsc.
• Fail fast if the generated oclif metadata manifest is missing after the build.
• Add scenario-framework guard tests so repo-current installs keep using the full CLI build path.

Context

The E2E / Scenario Runner / All run on main failed repo-based scenarios because repo-current.sh compiled TypeScript directly and skipped generate-oclif-metadata-manifest.js, leaving dist/lib/cli/oclif-command-metadata.generated.json absent at first CLI invocation.

Verification

• bash -n test/e2e/nemoclaw_scenarios/install/repo-current.sh
• npm run build:cli
• npm test -- --run test/e2e/scenario-framework-tests/e2e-lib-helpers.test.ts -t repo_current_install
• npm test -- --run test/e2e/scenario-framework-tests/e2e-scenario-first-migration.test.ts test/e2e/scenario-framework-tests/e2e-scenario-resolver.test.ts test/e2e/scenario-framework-tests/e2e-scenarios-workflow.test.ts

Note: full e2e-lib-helpers.test.ts still has two pre-existing unrelated failures in this worktree (security_policy_credentials_helper_should_fail_on_missing_policy_preset, scenario_dry_run_should_trace_helper_sequence_in_order).

Summary by CodeRabbit

• Tests

  • Added test coverage for CLI build process to validate correct build command usage and metadata generation.

• Chores

  • Enhanced CLI build validation with improved error reporting for build failures and output verification.

[github-actions]

E2E Advisor Recommendation

Required E2E: ubuntu-repo-cloud-openclaw
Optional E2E: ubuntu-repo-cloud-hermes, wsl-repo-cloud-openclaw, macos-repo-cloud-openclaw

Dispatch hint: scenario=ubuntu-repo-cloud-openclaw

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

• ubuntu-repo-cloud-openclaw (medium): Highest-signal existing scenario for the changed repo-current install path on Ubuntu. It exercises the modified install helper, verifies the CLI is built and linked from the current checkout, then proceeds through OpenClaw cloud onboarding and baseline validation.

Optional E2E

• ubuntu-repo-cloud-hermes (medium): Optional cross-agent confidence for the same repo-current install/build path with Hermes onboarding. Useful if reviewers want to confirm the build:cli metadata change does not regress the alternate agent flow.
• wsl-repo-cloud-openclaw (high): Optional platform confidence because the changed Bash install helper and npm build path also run under WSL repo-current scenarios; not merge-blocking for an Ubuntu-focused install helper change.
• macos-repo-cloud-openclaw (high): Optional platform confidence for repo-current install/build behavior on macOS. This is lower priority because the changed helper is shell/npm based and the primary runtime validation is covered by the Ubuntu scenario.

New E2E recommendations

• repo-current-install-smoke (medium): There is no lightweight existing E2E that runs only the repo-current install build/link/metadata verification without full sandbox onboarding. Such a test would catch failures in build:cli metadata generation faster than a full scenario.
  • Suggested test: Add an install-only repo-current scenario or suite that runs e2e_install_repo, verifies nemoclaw is on PATH, and checks oclif metadata generation without creating a sandbox.

Dispatch hint

• Workflow: e2e-scenarios.yaml
• jobs input: scenario=ubuntu-repo-cloud-openclaw

[github-actions]

PR Review Advisor

Recommendation: blocked
Confidence: medium
Analyzed HEAD: 08788365eb22bae502be01d4824617bc7c90523c
Findings: 2 blocker(s), 2 warning(s), 0 suggestion(s)

This is an automated advisory review. A human maintainer must make the final merge decision.

Limitations: Review used trusted gathered GitHub metadata and read-only repository inspection; no scripts, tests, package-manager commands, or E2E jobs were executed by this advisor.; No linked issue text or comments were available, so acceptance mapping is limited to untrusted PR body clauses and diff/test evidence.; CI and E2E results were still in progress at review time, so final merge readiness cannot be determined from completed checks.; Open PR overlap information was available only from trusted metadata; the overlapping PR diffs were not reviewed in detail.

Workflow run

Full advisor summary

PR Review Advisor

Base: origin/main
Head: HEAD
Analyzed SHA: 08788365eb22bae502be01d4824617bc7c90523c
Recommendation: blocked
Confidence: medium

The patch targets existing E2E install/test files and appears directionally correct, but merge is blocked by pending CI/mergeState and pending E2E-adjacent checks for an install-path change.

Gate status

• CI: pending — Trusted GitHub context reports 10 pending/in-progress/queued status contexts for head SHA 0878836, including E2E recommendation, wsl-e2e, CodeQL, unit-vitest-linux, checks, ShellCheck SARIF, and sandbox image builds.
• Mergeability: fail — GraphQL mergeStateStatus=BLOCKED for PR fix(e2e): run full repo scenario cli build #4002 at head SHA 0878836.
• Review threads: pass — Trusted GraphQL reviewThreads.nodes is empty; no unresolved review threads were reported, though the higher-level gathered context noted no thread state availability.
• Risky code tested: pass — Path heuristics report no risky runtime/security code areas; the changed files are E2E scenario install/test files. Security-sensitive production areas such as sandbox policy, SSRF validation, credentials, and workflows were not directly modified.

🔴 Blockers

• Required status checks are still pending for this head SHA: The latest trusted rollup shows multiple pending, queued, or in-progress checks for 0878836. This includes checks relevant to this change, such as E2E recommendation, wsl-e2e, unit-vitest-linux, ShellCheck SARIF, and general checks.
  • Recommendation: Do not merge until the latest SHA has completed required CI successfully, especially the shell/test/E2E-adjacent jobs touched by this PR.
  • Evidence: GraphQL statusCheckRollup includes E2E recommendation=IN_PROGRESS, wsl-e2e=IN_PROGRESS, unit-vitest-linux=QUEUED, checks=IN_PROGRESS, ShellCheck SARIF=IN_PROGRESS, CodeQL jobs in progress, and sandbox image builds queued/in progress.
• PR merge state is blocked: GitHub reports the PR merge state as BLOCKED even though the patch itself is small. This is a hard gate independent of code review.
  • Recommendation: Resolve the repository merge gates and wait for mergeStateStatus to become mergeable before considering merge.
  • Evidence: Trusted GitHub context: mergeStateStatus=BLOCKED; REST mergeable_state=blocked.

🟡 Warnings

• Install-path behavior should be validated by completed E2E checks (test/e2e/nemoclaw_scenarios/install/repo-current.sh:31): The PR changes the repo-current scenario install path from direct tsc invocations to npm run build:cli and adds a generated metadata manifest check. The added tests assert file contents, but they do not execute the repo-current install path or verify a real scenario invocation after build/link.
  • Recommendation: Ensure the relevant E2E jobs for this head SHA complete successfully. If failures occur, add or adjust a scenario-level test that exercises repo-current install through build, manifest generation, shim/link, and first CLI invocation.
  • Evidence: Diff changes repo-current.sh line 31 to npm run build:cli >.e2e/build-cli.log 2>&1; added tests in e2e-lib-helpers.test.ts check for strings such as npm run build:cli and dist/lib/cli/oclif-command-metadata.generated.json. macos-e2e passed, but E2E recommendation and wsl-e2e are still in progress.
• Active PR overlap on the helper test file (test/e2e/scenario-framework-tests/e2e-lib-helpers.test.ts:815): The changed helper test file overlaps with other open PRs, creating possible drift or conflict risk in the E2E migration/test area.
  • Recommendation: Before merge, re-check the final diff against overlapping PRs test(e2e): migrate inference routing provider coverage #3903 and fix(e2e): use sandbox subcommands in scenario suites #3927 and confirm the added repo-current guard tests do not duplicate or contradict their pending changes.
  • Evidence: Trusted overlap data reports open PR test(e2e): migrate inference routing provider coverage #3903 and fix(e2e): use sandbox subcommands in scenario suites #3927 both touch test/e2e/scenario-framework-tests/e2e-lib-helpers.test.ts. Recent history for this file also shows active E2E migration work.

🔵 Suggestions

• None.

Acceptance coverage

• unknown — No linked issue clauses were provided for PR fix(e2e): run full repo scenario cli build #4002.: Trusted context reports linkedIssues=[] and issueComments=[]; therefore there are no linked issue acceptance clauses or comments to map literally.
• met — Use npm run build:cli for repo-current scenario installs instead of raw tsc.: PR body clause mapped as untrusted PR-provided acceptance text. Diff changes repo-current.sh to run npm run build:cli and removes direct ./node_modules/.bin/tsc -p tsconfig.src.json plus the explicit blueprint tsc block. Added test repo_current_install_should_use_full_cli_build_script asserts this.
• met — Fail fast if the generated oclif metadata manifest is missing after the build.: PR body clause mapped as untrusted PR-provided acceptance text. repo-current.sh now checks [ ! -s dist/lib/cli/oclif-command-metadata.generated.json ], emits CLI build did not generate oclif command metadata, and returns 1. Added test repo_current_install_should_verify_generated_oclif_metadata asserts the manifest path and build script linkage.
• met — Add scenario-framework guard tests so repo-current installs keep using the full CLI build path.: PR body clause mapped as untrusted PR-provided acceptance text. e2e-lib-helpers.test.ts adds repo_current_install_should_use_full_cli_build_script and repo_current_install_should_verify_generated_oclif_metadata.

Security review

• pass — 1. Secrets and Credentials: No hardcoded secrets, tokens, credentials, key files, or credential fixtures are introduced. The modified install script logs build output only; no new secret-bearing variables are added.
• pass — 2. Input Validation and Data Sanitization: No new externally supplied URL, header, query, deserialization, or filesystem input is introduced. The shell script computes paths relative to BASH_SOURCE and uses quoted expansions. The changed command is a fixed npm run build:cli invocation.
• pass — 3. Authentication and Authorization: Not applicable — no endpoints, authentication checks, authorization policy, token validation, or privilege decisions are modified.
• pass — 4. Dependencies and Third-Party Libraries: No new dependencies or registry sources are added. The script already ran npm ci --ignore-scripts; this PR changes the build step to use the existing pinned project script from package.json.
• pass — 5. Error Handling and Logging: The modified script preserves fail-fast behavior, captures build output to .e2e/build-cli.log, prints it on failure, and returns the build status. It adds an explicit failure when the generated oclif metadata manifest is absent. No new sensitive logging was observed.
• pass — 6. Cryptography and Data Protection: Not applicable — no cryptographic operations, encryption settings, hashing, or data protection code are changed.
• pass — 7. Configuration and Security Headers: Not applicable for HTTP security headers and container settings. The changed E2E install script does not alter CORS/CSP, container users, exposed ports, sandbox policy, or network policy.
• warning — 8. Security Testing: The added tests are useful guard tests for the install script content and manifest expectation, but they are structural string checks rather than an execution of the repo-current install path. Because the touched area is an install path, completed E2E checks are still important evidence.
• pass — 9. Holistic Security Posture: The change does not modify sandbox escape boundaries, SSRF validation, credential handling, network policy, workflow trusted-code boundaries, Dockerfiles, or blueprint content. Using the existing full CLI build path reduces behavior drift by ensuring oclif metadata generation is included.

Test / E2E status

• Test depth: e2e_required — Although the code changes are under test/e2e, repo-current.sh is an install-path script used by scenario runs. The added unit tests verify static strings and package.json script content, but they do not prove the full install/build/link/first-invocation path works on this SHA. Completed E2E checks are needed before merge.
• E2E Advisor: missing
• Required E2E jobs: E2E recommendation, wsl-e2e, macos-e2e
• Missing for analyzed SHA: E2E recommendation, wsl-e2e

✅ What looks good

• Codebase drift check: both changed files still exist in the checkout, and the patch applies to active E2E scenario infrastructure rather than dead paths.
• The repo-current install script now uses the existing full build:cli script, which includes oclif metadata manifest generation and the conditional blueprint build path from package.json.
• The manifest existence check fails fast with a clear error before linking and invoking the CLI, which should make scenario failures easier to diagnose.
• Added guard tests directly encode the intended regression condition: no raw tsc shortcut for repo-current install and explicit expectation of generated oclif metadata.

Review completeness

• Review used trusted gathered GitHub metadata and read-only repository inspection; no scripts, tests, package-manager commands, or E2E jobs were executed by this advisor.
• No linked issue text or comments were available, so acceptance mapping is limited to untrusted PR body clauses and diff/test evidence.
• CI and E2E results were still in progress at review time, so final merge readiness cannot be determined from completed checks.
• Open PR overlap information was available only from trusted metadata; the overlapping PR diffs were not reviewed in detail.
• Human maintainer review required: yes

[coderabbitai]

📝 Walkthrough

Walkthrough

The install script for repo-current is updated to build the CLI via npm run build:cli instead of direct TypeScript compilation, adds post-build validation to ensure oclif metadata is generated, and includes corresponding test cases that verify the new build flow and metadata contract are in place.

Changes

CLI Build Migration to npm run build:cli

Layer / File(s)	Summary
Install script CLI build and metadata validation test/e2e/nemoclaw_scenarios/install/repo-current.sh	repo-current.sh replaces TypeScript build with npm run build:cli, logs output to .e2e/build-cli.log, and adds validation that dist/lib/cli/oclif-command-metadata.generated.json exists and is non-empty; on failure, prints the build log and exits.
Tests for CLI build command and metadata contract test/e2e/scenario-framework-tests/e2e-lib-helpers.test.ts	Two test cases verify that repo-current.sh uses npm run build:cli (excluding direct tsc invocations) and confirm the oclif metadata contract by validating the build:cli script includes generate-oclif-metadata-manifest.js and the installer expects the generated metadata file.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

v0.0.47

Poem

🐰 A build script hops into place,
With npm's elegant grace,
Metadata checked, validation tight,
Tests confirm it's just right! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix(e2e): run full repo scenario cli build' directly addresses the main objective: changing the repo-current scenario to use the full npm run build:cli instead of direct TypeScript compilation.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/e2e-repo-build-cli

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint skipped: no ESLint configuration detected in root package.json. To enable, add eslint to devDependencies.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

test/e2e/scenario-framework-tests/e2e-lib-helpers.test.ts (1)

824-825: ⚡ Quick win

Consider adding explicit assertion for build:cli script existence.

The current code uses optional chaining with a fallback to empty string. If package.json is missing the build:cli script, line 825's assertion will fail with a generic message. Adding an explicit check would improve test diagnostics.

🧪 Suggested improvement for clearer test failure messages

 const buildScript = JSON.parse(fs.readFileSync(path.join(REPO_ROOT, "package.json"), "utf8")).scripts?.["build:cli"] ?? "";
+expect(buildScript, "package.json should define scripts.build:cli").not.toBe("");
 expect(buildScript).toContain("generate-oclif-metadata-manifest.js");

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/e2e/scenario-framework-tests/e2e-lib-helpers.test.ts` around lines 824 -
825, Test currently falls back to empty string so failure message is generic;
add an explicit assertion that package.json contains a scripts object with a
"build:cli" key before asserting its contents. Locate the code that reads
package.json (the buildScript variable and JSON.parse call) and add a prior
assertion like checking packageJson.scripts exists and
Object.prototype.hasOwnProperty.call(packageJson.scripts, "build:cli") (or
expect(packageJson.scripts).toHaveProperty("build:cli")) so the test fails with
a clear message, then keep the existing expect(buildScript).toContain(...)
content check.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@test/e2e/scenario-framework-tests/e2e-lib-helpers.test.ts`:
- Around line 824-825: Test currently falls back to empty string so failure
message is generic; add an explicit assertion that package.json contains a
scripts object with a "build:cli" key before asserting its contents. Locate the
code that reads package.json (the buildScript variable and JSON.parse call) and
add a prior assertion like checking packageJson.scripts exists and
Object.prototype.hasOwnProperty.call(packageJson.scripts, "build:cli") (or
expect(packageJson.scripts).toHaveProperty("build:cli")) so the test fails with
a clear message, then keep the existing expect(buildScript).toContain(...)
content check.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: c250d466-1fc6-462c-b326-7bfb8da9f530

📥 Commits

Reviewing files that changed from the base of the PR and between 322d339 and 0878836.

📒 Files selected for processing (2)

• test/e2e/nemoclaw_scenarios/install/repo-current.sh
• test/e2e/scenario-framework-tests/e2e-lib-helpers.test.ts