feat(policy): add Heygen OAuth endpoints and onboard hints

[DemianHeyGen]

Summary

Adds a heygen network policy preset so sandboxed agents can reach HeyGen’s REST API, OAuth token endpoints (HeyGen OAuth 2.0), uploads, generated files, and WebSocket streaming on api.heygen.com. Onboarding suggests this preset when HeyGen API or OAuth-related credentials are present, and those secret names are stripped from the sandbox create environment.

Doc and autogenerated user skill copy are updated for the new preset.

Related Issue

Changes

1. nemoclaw-blueprint/policies/presets/heygen.yaml — New preset:

   • api.heygen.com: REST (GET/POST/PATCH/PUT/DELETE on /**).
   • api.heygen.com: second endpoint with access: full for long-lived WebSocket (wss://…/v1/ws/…), consistent with Discord/Slack ([Bug] openshell-sandbox egress proxy kills WebSocket connections after ~2 minutes — Discord (and other WS-based plugins) cannot run inside sandbox #409).
   • api2.heygen.com: OAuth — POST /v1/oauth/**, GET /v1/user/** (token exchange, refresh, user info).
   • upload.heygen.com / files.heygen.com: asset upload and read-only GET for file retrieval (with comment that video_url hosts may need extra approval or custom policy).
   • binaries: /usr/local/bin/node.

2. src/lib/onboard.ts — If HEYGEN_API_KEY, HEYGEN_ACCESS_TOKEN, or HEYGEN_REFRESH_TOKEN is set (credential store or env), suggest the heygen preset during policy setup. Add HEYGEN_API_KEY, HEYGEN_ACCESS_TOKEN, and HEYGEN_REFRESH_TOKEN to the sandbox env blocklist.

3. docs/network-policy/customize-network-policy.md — Preset table row for heygen.

4. .agents/skills/nemoclaw-user-manage-policy/SKILL.md — Regenerated from docs (scripts/docs-to-skills.py).

5. Tests — test/policies.test.ts: include heygen in expected preset names, derive count from the canonical list, assert api2.heygen.com in preset hosts. test/credential-exposure.test.ts: assert HeyGen env names in the blocklist.

6. src/lib/preflight.ts (if included in this PR) — When lsofOutput is explicitly injected (including empty string), skip sudo -n lsof so unit tests and callers fully control the lsof path; fixes flaky checkPortAvailable tests when port 18789 is in use on the host.

Type of Change

• Code change for a new feature, bug fix, or refactor.
• Code change with doc updates.
• Doc only. Prose changes without code sample modifications.
• Doc only. Includes code sample changes.

Testing

• npx prek run --all-files passes (or equivalently make check).
• npm test passes.
• make docs builds without warnings. (doc/skill updates)

Checklist

General

• I have read and followed the contributing guide.
• I have read and followed the style guide. (for doc-only changes)

Code Changes

• Formatters applied — npx prek run --all-files auto-fixes formatting (or make format for targeted runs).
• Tests added or updated for new or changed behavior.
• No secrets, API keys, or credentials committed.
• Doc pages updated for any user-facing behavior changes (new commands, changed defaults, new features, bug fixes that contradict existing docs).

Doc Changes

• Follows the style guide.
• New pages include SPDX license header and frontmatter, if creating a new page.
• Cross-references and links verified.

Summary by CodeRabbit

• New Features

  • Added HeyGen service preset and automatic HeyGen credential detection for sandbox suggestions.

• Bug Fixes

  • Improved port-availability check to avoid inappropriate fallback retries.

• Documentation

  • Added HeyGen to policy presets with documented endpoints and upload/OAuth coverage.

• Tests

  • Expanded tests to assert HeyGen credential blocklisting and to verify HeyGen preset endpoints.

[coderabbitai]

📝 Walkthrough

Walkthrough

Added a HeyGen policy preset and documentation, updated onboarding to detect/block HeyGen credentials, adjusted a sudo-lsof retry condition in preflight, and expanded tests to cover HeyGen vars, preset endpoints, and more portable git init behavior.

Changes

Cohort / File(s)	Summary
Documentation & Presets \.agents/skills/nemoclaw-user-manage-policy/SKILL.md, docs/network-policy/customize-network-policy.md, nemoclaw-blueprint/policies/presets/heygen.yaml	Added heygen preset docs and YAML: defines hosts api.heygen.com, api2.heygen.com, upload.heygen.com, files.heygen.com on port 443, TLS termination, allowed methods/paths, and a binaries entry (/usr/local/bin/node).
Credential & Onboarding Logic src/lib/onboard.ts	Blocked HeyGen env vars (HEYGEN_ACCESS_TOKEN, HEYGEN_API_KEY, HEYGEN_REFRESH_TOKEN) from sandbox env; added auto-detection to suggest the heygen preset (checks credentials via getCredential(...) or process.env) and logs suggestion only in interactive TTY (not CI).
Preflight Check src/lib/preflight.ts	Changed sudo-lsof retry gating: fallback runs only when o.lsofOutput is not a string (replaces prior falsy check), altering when the sudo retry is attempted.
Tests test/credential-exposure.test.ts, test/policies.test.ts, test/legacy-path-guard.test.ts	Added assertions for HeyGen env vars to credential-exposure test; introduced EXPECTED_PRESET_NAMES and added heygen endpoint checks in policies test; made git init portable in legacy-path-guard test (git init + git symbolic-ref HEAD refs/heads/main).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 A HeyGen preset hops into view,
Tokens hidden safe, endpoints in line,
Docs and YAML set the route,
Onboard senses, tests give a cue,
Little rabbit cheers — all systems fine!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 40.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely describes the main change: adding HeyGen OAuth endpoints and onboard hints to the network policy presets with associated detection logic.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[DemianHeyGen]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[DemianHeyGen]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@nemoclaw-blueprint/policies/presets/heygen.yaml`:
- Around line 50-51: The binaries allowlist currently only includes the entry {
path: /usr/local/bin/node } under the binaries key, which causes HeyGen to be
blocked when Node is executed from /usr/bin/node; update the preset by adding an
additional allowlist entry for { path: /usr/bin/node } alongside the existing
/usr/local/bin/node entry so both locations are permitted.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 4d3e3ec0-0a92-4991-a0fa-05d79cc5a0a2

📥 Commits

Reviewing files that changed from the base of the PR and between df3e1cf and 8718e46.

📒 Files selected for processing (8)

• .agents/skills/nemoclaw-user-manage-policy/SKILL.md
• docs/network-policy/customize-network-policy.md
• nemoclaw-blueprint/policies/presets/heygen.yaml
• src/lib/onboard.ts
• src/lib/preflight.ts
• test/credential-exposure.test.ts
• test/legacy-path-guard.test.ts
• test/policies.test.ts

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Add /usr/bin/node to the binaries allowlist to avoid runtime mismatches.

Line 50 currently allows only /usr/local/bin/node. On images where Node is invoked from /usr/bin/node, this preset won’t match and HeyGen traffic will be blocked.

Proposed fix

     binaries:
       - { path: /usr/local/bin/node }
+      - { path: /usr/bin/node }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	binaries:
	- { path: /usr/local/bin/node }
	binaries:
	- { path: /usr/local/bin/node }
	- { path: /usr/bin/node }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@nemoclaw-blueprint/policies/presets/heygen.yaml` around lines 50 - 51, The
binaries allowlist currently only includes the entry { path: /usr/local/bin/node
} under the binaries key, which causes HeyGen to be blocked when Node is
executed from /usr/bin/node; update the preset by adding an additional allowlist
entry for { path: /usr/bin/node } alongside the existing /usr/local/bin/node
entry so both locations are permitted.

[wscurran]

✨ Thanks for submitting this PR, which proposes a way to improve integration with Heygen by adding OAuth endpoints and onboard hints.

---

Possibly related open issues:

• #409 [Bug] openshell-sandbox egress proxy kills WebSocket connections after ~2 minutes — Discord (and other WS-based plugins) cannot run inside sandbox

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/lib/onboard.ts`:
- Around line 3930-3942: The conditional that auto-suggests the "heygen" preset
is using raw process.env checks which can be whitespace-only and cause false
positives; update the if() to rely solely on getCredential("HEYGEN_API_KEY"),
getCredential("HEYGEN_ACCESS_TOKEN"), and getCredential("HEYGEN_REFRESH_TOKEN")
(which already normalize/validate values) instead of including
process.env.HEYGEN_API_KEY / HEYGEN_ACCESS_TOKEN / HEYGEN_REFRESH_TOKEN, leaving
the suggestions.push("heygen") and the TTY/CI logging logic
(process.stdout.isTTY, isNonInteractive(), process.env.CI) unchanged.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 79ea0229-d706-4b28-8e84-2c0ffca557df

📥 Commits

Reviewing files that changed from the base of the PR and between 8718e46 and 69190ce.

📒 Files selected for processing (5)

• .agents/skills/nemoclaw-user-manage-policy/SKILL.md
• docs/network-policy/customize-network-policy.md
• src/lib/onboard.ts
• src/lib/preflight.ts
• test/credential-exposure.test.ts

✅ Files skipped from review due to trivial changes (2)

• docs/network-policy/customize-network-policy.md
• .agents/skills/nemoclaw-user-manage-policy/SKILL.md

🚧 Files skipped from review as they are similar to previous changes (2)

• test/credential-exposure.test.ts
• src/lib/preflight.ts

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Avoid raw process.env checks to prevent false-positive HeyGen preset suggestions.

getCredential() already checks env + stored creds and normalizes whitespace. The extra process.env.* checks can incorrectly suggest heygen when a var is set to whitespace.

♻️ Proposed fix

-  if (
-    getCredential("HEYGEN_API_KEY") ||
-    process.env.HEYGEN_API_KEY ||
-    getCredential("HEYGEN_ACCESS_TOKEN") ||
-    process.env.HEYGEN_ACCESS_TOKEN ||
-    getCredential("HEYGEN_REFRESH_TOKEN") ||
-    process.env.HEYGEN_REFRESH_TOKEN
-  ) {
+  const heygenCredentialKeys = [
+    "HEYGEN_API_KEY",
+    "HEYGEN_ACCESS_TOKEN",
+    "HEYGEN_REFRESH_TOKEN",
+  ];
+  if (heygenCredentialKeys.some((key) => getCredential(key))) {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/lib/onboard.ts` around lines 3930 - 3942, The conditional that
auto-suggests the "heygen" preset is using raw process.env checks which can be
whitespace-only and cause false positives; update the if() to rely solely on
getCredential("HEYGEN_API_KEY"), getCredential("HEYGEN_ACCESS_TOKEN"), and
getCredential("HEYGEN_REFRESH_TOKEN") (which already normalize/validate values)
instead of including process.env.HEYGEN_API_KEY / HEYGEN_ACCESS_TOKEN /
HEYGEN_REFRESH_TOKEN, leaving the suggestions.push("heygen") and the TTY/CI
logging logic (process.stdout.isTTY, isNonInteractive(), process.env.CI)
unchanged.