fix(onboard): print dashboard URL with auth token on completion

[roselijack]

Problem

After nemoclaw onboard completes, the summary prints the sandbox name and next steps but never shows the dashboard URL or its auth token. Users who navigate to http://127.0.0.1:18789/ hit a login prompt with no token in sight, creating a circular experience.

Reported in #53.

Solution

Add getDashboardUrl() which SSHes into the sandbox via openshell ssh-proxy (the same channel used by nemoclaw <name> connect) and runs openclaw dashboard --no-open to retrieve the token. The complete http://127.0.0.1:18789/#token=<hex> URL is then printed in the onboarding summary.

Falls back silently to the bare URL if token retrieval fails, so the onboarding flow is never blocked.

Test plan

• Run nemoclaw onboard end-to-end — confirm the summary prints a Dashboard line with a #token= fragment
• Copy the URL into a browser — confirm it opens the dashboard without an extra login step
• Kill the openshell gateway mid-retrieval — confirm onboarding still completes (fallback URL printed)

Closes #53

Summary by CodeRabbit

• New Features
  • Dashboard URL is now displayed during the onboarding process, providing easier access to the dashboard.
  • Added fallback mechanism to ensure the dashboard link remains accessible when certain services are unavailable or restricted.

[coderabbitai]

📝 Walkthrough

Walkthrough

Added functionality to retrieve the OpenClaw dashboard URL with authentication token by executing openclaw dashboard --no-open within the sandbox via SSH and parsing the output. Includes fallback behavior returning a default URL if the retrieval fails.

Changes

Cohort / File(s)	Summary
Dashboard URL Retrieval bin/lib/onboard.js	Added getDashboardUrl(sandboxName) helper function to execute openclaw dashboard --no-open inside the sandbox via SSH, parse the dashboard URL from stdout, and return it with fallback to http://127.0.0.1:18789/. Updated printDashboard(...) to call this helper and display the retrieved dashboard URL instead of leaving it commented out.

Sequence Diagram

sequenceDiagram
    participant User
    participant OnboardScript as Onboard Script
    participant SSHProxy as OpenShell SSH
    participant Sandbox as Sandbox/OpenClaw
    participant Parser as URL Parser

    User->>OnboardScript: Complete onboarding
    OnboardScript->>OnboardScript: Call getDashboardUrl()
    OnboardScript->>SSHProxy: Execute openclaw dashboard<br/>--no-open
    SSHProxy->>Sandbox: Run command
    Sandbox->>SSHProxy: Return Dashboard URL:<br/>http://127.0.0.1:18789/#token=...
    SSHProxy->>OnboardScript: Stdout with URL
    OnboardScript->>Parser: Parse Dashboard URL
    Parser->>OnboardScript: Extracted URL
    alt Success
        OnboardScript->>User: Display Dashboard URL
    else Failure
        OnboardScript->>User: Display Fallback URL
    end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰✨ A dashboard token hops into view,
No more secrets hidden from you!
The onboard script, with SSH's might,
Retrieves the key—authentication's bright!
click goes the link, and in you go,
All because this little change said "Hello!"

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding logic to print the dashboard URL with authentication token upon onboarding completion.
Linked Issues check	✅ Passed	The PR implements the core requirement from issue #53: retrieving the dashboard token via SSH and appending it to the dashboard URL shown to users.
Out of Scope Changes check	✅ Passed	All changes directly address issue #53's objective of printing the dashboard URL with authentication token; no out-of-scope modifications detected.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

bin/lib/onboard.js (1)

1064-1069: Consider adding SSH connection timeout to prevent indefinite hangs.

If the sandbox becomes unresponsive or there's a network issue, this SSH command could hang indefinitely—frustrating for users who've completed all 7 onboarding steps. Adding a connection timeout ensures the fallback URL is returned promptly.

⏱️ Proposed fix to add timeout

     const out = runCapture(
-      `ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR` +
+      `ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -o ConnectTimeout=5` +
       ` -o "ProxyCommand=${proxyCmd}"` +
       ` sandbox@${shellQuote(sandboxName)} 'openclaw dashboard --no-open 2>/dev/null'`,
       { ignoreError: true }
     );

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@bin/lib/onboard.js` around lines 1064 - 1069, The SSH invocation built for
runCapture can hang indefinitely; modify the command constructed where
runCapture is called (look for the variables proxyCmd, sandboxName, shellQuote
and the const out assignment) to include an SSH connection timeout option (e.g.,
-o ConnectTimeout=<seconds>) and/or a client-side timeout wrapper so the call
returns promptly on network issues; ensure you add the timeout option to the SSH
flags string passed to runCapture and keep ignoreError: true unchanged so the
existing fallback logic still runs.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@bin/lib/onboard.js`:
- Around line 1064-1069: The SSH invocation built for runCapture can hang
indefinitely; modify the command constructed where runCapture is called (look
for the variables proxyCmd, sandboxName, shellQuote and the const out
assignment) to include an SSH connection timeout option (e.g., -o
ConnectTimeout=<seconds>) and/or a client-side timeout wrapper so the call
returns promptly on network issues; ensure you add the timeout option to the SSH
flags string passed to runCapture and keep ignoreError: true unchanged so the
existing fallback logic still runs.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 9057b9a4-8369-444b-8a29-67906d953307

📥 Commits

Reviewing files that changed from the base of the PR and between 6e1208c and 39a790d.

📒 Files selected for processing (1)

• bin/lib/onboard.js

[roselijack]

Closing in favor of #87, which covers the same fix and arrived first with unit tests included. Happy to help review or test over there if useful.