feat(sandbox-mgmt): phase 1 MVP — shields, config get, audit logging#1849
Draft
feat(sandbox-mgmt): phase 1 MVP — shields, config get, audit logging#1849
Conversation
…NEMOCLAW_PREFERRED_API override Backends like SGLang expose /v1/responses and pass the existing non-streaming validation probe, but their streaming mode only emits lifecycle events (created/in_progress/completed) without the granular content deltas OpenClaw requires (output_text.delta, etc.). This causes runtime failures after onboarding succeeds. Changes: - Add runStreamingEventProbe() in http-probe.ts that sends a stream:true request and verifies the SSE event stream includes response.output_text.delta - Integrate the streaming probe into probeOpenAiLikeEndpoint for custom endpoints (probeStreaming: true) — falls back to /chat/completions when streaming events are incomplete - Add shouldForceCompletionsApi() in validation.ts checking NEMOCLAW_PREFERRED_API env var so users can bypass /responses entirely - Wire both into validateCustomOpenAiLikeSelection - Add unit tests for the new functions (11 new test cases) - Document NEMOCLAW_PREFERRED_API, the NEMOCLAW_INFERENCE_API_OVERRIDE workaround, and a troubleshooting entry for the runtime failure scenario Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
…file ARG precedence NEMOCLAW_INFERENCE_API_OVERRIDE only patches openclaw.json at container startup — it does not update the Dockerfile ARG baked into the image. On recreate-sandbox the baked value wins. The reliable fix is a fresh nemoclaw onboard which re-probes and rebakes the image. Updated all three doc pages to recommend nemoclaw onboard instead of the override env var, and added a note explaining the limitation. Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
- Distinguish transport failures from missing-events in streaming probe fallback: only fall back to /chat/completions when missingEvents is non-empty; surface transport errors as hard validation failures - Make shouldForceCompletionsApi() pure by accepting the preferred API value as a parameter instead of reading process.env directly, keeping validation.ts free of I/O per its module contract - Fix passive voice and second-person wording in docs Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
Implements shields down/up/status, config get, and audit logging from the Sandbox Management Commands RFC. Security invariants enforced: - Host-only mutations - Credential redaction - 30-minute max timeout - Exact policy snapshot restore RFC: NemoClaw Sandbox Management Commands v0.1 Signed-off-by: Test User <test@example.com>
Signed-off-by: Test User <test@example.com>
Contributor
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Plus Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
🚀 Docs preview ready! |
Signed-off-by: Test User <test@example.com>
ericksoa
changed the title
Hermes caches skill slash-commands in a module-global dict on first scan, making skills installed after gateway startup invisible. This adds a nemoclaw_reload_skills tool that clears the cache and re-scans, plus auto-refresh on session start, so new skills are available without a gateway restart. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…eload" This reverts commit 297d175.
|
✅ Brev E2E (all): PASSED on branch
|
|
✅ Brev E2E (all): PASSED on branch
|
|
❌ Brev E2E (all): FAILED on branch
|
|
✅ Brev E2E (all): PASSED on branch
|
wscurran
added
security
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Draft implementation of Phase 1 MVP from the Sandbox Management
Commands RFC (v0.1, 2026-04-13). Ready to circulate alongside the
RFC for review — merge blocked until the RFC is finalized.
What's implemented
nemoclaw shields down/up/status— time-bounded policyrelaxation with auto-restore timer, policy snapshot capture,
and append-only JSONL audit trail
nemoclaw config get— read-only sandbox config inspectionwith credential redaction and dotpath extraction
/nemoclaw shields— read-only shields status slash command/nemoclaw config— read-only config display slash commandSecurity invariants enforced
New files
src/lib/shields.tssrc/lib/shields-timer.tssrc/lib/shields-audit.tssrc/lib/duration.tssrc/lib/sandbox-config.tssrc/lib/credential-strip.tsnemoclaw/src/commands/shields-status.tsnemoclaw/src/commands/config-show.tsOpen RFC questions (not blocking this draft)
Test plan
tsc --noEmit)tsconfig.cli.json)