feat(policy): declarative host mount schema, validation, and CLI (#1045)

[AddyM]

Summary

Implements the NemoClaw-side contract for declarative host filesystem mounts, as proposed in #1045. This PR adds the policy schema, validation, CLI commands, and runner integration — everything except runtime enforcement, which is pending upstream OpenShell --volume support (NVIDIA/OpenShell#500).

What's included

Policy schema — New mounts: section in openclaw-sandbox.yaml alongside existing network: and filesystem: policies. Each entry declares host_path, container_path, and optional read_only.

Validation — validateMountPath() enforces absolute paths, rejects .. traversal and null bytes. Implemented in both runner.ts (TypeScript plugin) and bin/lib/mounts.js (CLI layer) with sync comments to prevent drift.

Runner integration — Extracted buildPlan() as a shared helper so both actionPlan and actionApply use a single source of truth. Mounts are loaded, validated, and threaded through RunPlan. No duplicate YAML reads.

CLI commands — nemoclaw <name> mount-add <host-path> <container-path> [--read-only] and nemoclaw <name> mount-list with deduplication, usage hints, and guidance on OpenShell#500 status.

Warning path — When mounts are declared, actionApply emits a clear stderr warning referencing NVIDIA/OpenShell#500 instead of passing unsupported --volume flags.

Tests — 11 passing tests covering validateMountPath and parseMountsFromYaml. addMountToPolicy tests are skipped pending a CJS/ESM mock interop fix (documented in TODO).

What's NOT included

Runtime enforcement via --volume on openshell sandbox create. OpenShell#500 was closed as not planned. I intend to open a narrowly scoped upstream proposal for a minimal bind mount flag. This PR becomes the first consumer when that lands.

Why ship the interface ahead of enforcement

The schema, validation, and CLI are independently valuable — they let the community converge on the contract now so there's no second design cycle when OpenShell adds volume support.

Closes #1045 (Phase 1)

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 2cc24289-ac78-491d-9e09-0ccdbec33012

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[wscurran]

✨ Thanks for submitting this pull request, which proposes a way to implement declarative host mount schema, validation, and CLI.

---

Possibly related open issues:

• #1214 fix(policy): statsig.anthropic.com and sentry.io missing protocol: rest — L7 rules not enforced
• #1237 refactor(cli): extract pure functions from onboard.js to typed TypeScript modules
• #1213 feat(onboard): display usage notice during first-run onboarding