fix(cli): bind dashboard forward to all interfaces under WSL2

[Tempuskg]

Summary

The dashboard port-forward command binds to 127.0.0.1, making it unreachable from Windows browsers when NemoClaw runs inside WSL2. This PR detects WSL and binds to 0.0.0.0 instead, and adds a VS Code/WSL-friendly URL using the WSL host IP from hostname -I.

Related Issue

None.

Changes

• Add getDashboardForwardStartCommand() helper that detects WSL via isWsl() and binds to 0.0.0.0:18789 instead of the default loopback address.
• Add getDashboardAccessInfo() helper that appends a VS Code/WSL dashboard URL entry when running under WSL.
• Add buildAuthenticatedDashboardUrl(), getWslHostAddress(), getDashboardForwardPort(), and getDashboardGuidanceLines() helpers.
• Add two unit tests covering WSL bind address and WSL dashboard URL generation.

Type of Change

• Code change for a new feature, bug fix, or refactor.
• Code change with doc updates.
• Doc only. Prose changes without code sample modifications.
• Doc only. Includes code sample changes.

Testing

• npx prek run --all-files passes (or equivalently make check).
• npm test passes.
• make docs builds without warnings. (for doc-only changes)

52/52 onboard tests pass. Full suite: 960 passed with 6 pre-existing failures that also occur on upstream main (cli.test.js, install-preflight.test.js, nemoclaw-cli-recovery.test.js).

Checklist

General

• I have read and followed the contributing guide.

Code Changes

• Formatters applied — npx prek run --all-files auto-fixes formatting (or make format for targeted runs).
• Tests added or updated for new or changed behavior.
• No secrets, API keys, or credentials committed.
• Doc pages updated for any user-facing behavior changes (new commands, changed defaults, new features, bug fixes that contradict existing docs).

---

Signed-off-by: Darren Kattan darren@kattan.dev

Summary by CodeRabbit

• New Features

  • Dashboard now provides tokenized URLs for authenticated access and shows multiple access entries when available.
  • WSL-aware connectivity: dashboard forwarding binds for WSL and presents a VS Code/WSL access URL and guidance.
  • Forward-start command and forwarding port are surfaced for easier start/diagnostics.

• Tests

  • Added tests covering WSL-specific dashboard access and forward-start behavior.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: d0a84043-d1b5-44ed-a449-7916a7bafc5d

📥 Commits

Reviewing files that changed from the base of the PR and between cf963b5 and 5b56a42.

📒 Files selected for processing (2)

• bin/lib/onboard.js
• test/onboard.test.js

🚧 Files skipped from review as they are similar to previous changes (2)

• test/onboard.test.js
• bin/lib/onboard.js

---

📝 Walkthrough

Walkthrough

Added WSL-aware dashboard forwarding and access helpers that produce tokenized URLs, probe WSL host IPs, generate forwarding commands and guidance lines; printDashboard now prefers multi-entry access info. Tests updated with WSL-specific coverage for URLs and forwarding command.

Changes

Cohort / File(s)	Summary
Dashboard Access & Forwarding Helpers bin/lib/onboard.js	Added five exported helpers: buildAuthenticatedDashboardUrl(), getDashboardAccessInfo(), getDashboardForwardPort(), getDashboardForwardStartCommand(), getDashboardGuidanceLines(). Implements tokenized URL generation, WSL host probing (hostname -I), WSL-aware forward target (0.0.0.0:<port>), and guidance text.
WSL Dashboard Behavior Tests test/onboard.test.js	Added tests importing new helpers and covering WSL Linux behavior: asserts dual access entries (loopback + VS Code/WSL IP) include token fragments, verifies forward-start command binds to 0.0.0.0:<port>, and relaxed integration assertion to accept either loopback or WSL bind format.

Sequence Diagram

sequenceDiagram
    participant Client as Client/Caller
    participant Access as getDashboardAccessInfo()
    participant Env as Environment (WSL check)
    participant HostProbe as Host IP Probe (`hostname -I`)
    participant TokenSrc as Token Source (gateway/options)
    participant URLBuild as URL Builder
    participant Output as Dashboard Access Info

    Client->>Access: request access info (sandbox, options)
    Access->>Env: check WSL_DISTRO_NAME
    alt WSL environment
        Access->>HostProbe: probe WSL host IP
        HostProbe-->>Access: return host IP
    end
    alt token in options
        Access->>TokenSrc: use provided token
    else no token
        Access->>TokenSrc: fetch token from gateway
        TokenSrc-->>Access: return token
    end
    Access->>URLBuild: buildAuthenticatedDashboardUrl(baseUrl, token)
    URLBuild-->>Access: return tokenized URL(s)
    Access->>Output: assemble access entries and guidance (loopback [+ WSL IP])
    Output-->>Client: return dashboardAccess list and guidance

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 I sniffed the nets and found a way to peep,

Tokens tucked in URLs, connections snug and deep,
Loopback hops and WSL trails side-by-side,
Forwarded ports now bound for every tide,
A happy rabbit hops — the dashboard’s open wide! 🥕

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 12.50% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: binding the dashboard forward to all interfaces under WSL2, which is the primary purpose of the PR.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

⚔️ Resolve merge conflicts

• Resolve merge conflict in branch fix/wsl-dashboard-bind

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Adds WSL-specific handling for the CLI dashboard port-forward and access URL generation so the dashboard remains reachable from the Windows host when NemoClaw runs inside WSL2.

Changes:

• Introduces helpers to (a) choose a WSL-friendly forward bind target and (b) generate dashboard access URLs, including a WSL host-IP URL derived from hostname -I.
• Adds guidance-string helper(s) intended to improve user-facing instructions for dashboard access under WSL.
• Adds unit tests covering WSL bind target selection and WSL URL generation.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File	Description
bin/lib/onboard.js	Adds new dashboard/WSL helper functions and exports them for use by the CLI.
test/onboard.test.js	Adds tests validating the new helper behavior for WSL binding and URL generation.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

This test assertion depends on the exact quoting format produced by openshellShellCommand (single quotes and argument ordering). That makes it brittle to unrelated changes in shell quoting. Consider asserting on the presence of the key argument(s) (e.g., 0.0.0.0:18789 and the sandbox name) rather than an exact quoted substring.

Suggested change

	expect(command).toContain("'forward' 'start' '--background' '0.0.0.0:18789' 'the-crucible'");
	expect(command).toContain("forward");
	expect(command).toContain("start");
	expect(command).toContain("--background");
	expect(command).toContain("0.0.0.0:18789");
	expect(command).toContain("the-crucible");

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@bin/lib/onboard.js`:
- Around line 3759-3821: Ensure the runtime onboarding flow uses the new
helpers: update ensureDashboardForward() so it no longer computes the bind
target directly with resolveDashboardForwardTarget(chatUiUrl) or hardcode
127.0.0.1; instead call getDashboardForwardStartCommand(sandboxName, {
...options, /* preserve chatUiUrl when remote-host */ }) or otherwise use
getWslHostAddress/options to pick the correct forwardTarget so WSL binds to the
WSL host IP when appropriate; update getDashboardForwardStartCommand to
accept/preserve a chatUiUrl/remote-host flag if needed rather than always using
127.0.0.1. Also change printDashboard() to render the URLs from
getDashboardAccessInfo(sandboxName, options) and the lines from
getDashboardGuidanceLines(dashboardAccess) instead of directly calling
buildControlUiUrls(), so the VS Code/WSL URL generated by
buildAuthenticatedDashboardUrl shows up to users.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: eef2eaaa-811a-467c-b806-4b874a755f12

📥 Commits

Reviewing files that changed from the base of the PR and between c99e3e8 and cf963b5.

📒 Files selected for processing (2)

• bin/lib/onboard.js
• test/onboard.test.js