Skip to content

fix(openclaw): confine host-gateway web_fetch carve-out#4325

Merged
cv merged 6 commits into
mainfrom
fix/4288-advisor-followups
May 27, 2026
Merged

fix(openclaw): confine host-gateway web_fetch carve-out#4325
cv merged 6 commits into
mainfrom
fix/4288-advisor-followups

Conversation

@ericksoa
Copy link
Copy Markdown
Contributor

@ericksoa ericksoa commented May 27, 2026
edited by coderabbitai Bot
Loading

Summary

  • confines the OpenClaw Patch 2b host-gateway allowance to the web_fetch trusted-env-proxy path
  • leaves the generic SSRF hostname helper and strict/direct paths blocking host.openshell.internal
  • documents the default keyless web_fetch trusted-proxy posture and removal condition
  • adds focused regression coverage for trusted-proxy allow and strict/direct deny cases

Validation

  • npm test -- --run test/fetch-guard-patch-regression.test.ts test/generate-openclaw-config.test.ts
  • python3 -m py_compile scripts/generate-openclaw-config.py
  • git diff --check

Follow-up to #4288 PR review advisor feedback.

Summary by CodeRabbit

  • Documentation

    • Clarified configuration notes for web fetch proxy behavior.

  • Tests

    • Expanded regression and sandbox networking tests covering web-fetch guard scenarios and expected allow/deny outcomes.

  • Chores

    • Updated fetch-guard patching logic to align sandbox networking behavior with the trusted-proxy path.

Review Change Stack

@ericksoa
fix(openclaw): confine host-gateway fetch carve-out
e175c5f 
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented May 27, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: c242e3a5-9436-4fb5-8fe4-6f0ad259f07d

📥 Commits

Reviewing files that changed from the base of the PR and between e175c5f and efd33bb.

📒 Files selected for processing (2)
  • Dockerfile
  • test/fetch-guard-patch-regression.test.ts
🚧 Files skipped from review as they are similar to previous changes (1)
  • Dockerfile
📝 Walkthrough

Walkthrough

The PR replaces Dockerfile Patch 2b hostname-validator rewrites with a web-fetch guard rewrite that conditionally injects host.openshell.internal into the trusted-proxy SSRF policy only when OPENSHELL_SANDBOX==='1' and useEnvProxy is true; adds config comment and expands tests/fixtures and fail-closed regression coverage to validate multi-mode behavior.

Changes

OpenShell Fetch-Guard Patch Update

Layer / File(s) Summary
Patch 2b Implementation & Documentation
Dockerfile		 Dockerfile Patch 2b now targets fetchWithWebToolsNetworkGuard(params) instead of hostname validation, conditionally appending host.openshell.internal to the policy passed into the trusted-proxy path when OPENSHELL_SANDBOX=1 and useEnvProxy is enabled; documentation/removal criteria updated.
Reviewed web_fetch SSRF policy shape
test/fetch-guard-patch-regression.test.ts		 Add constants and a helper to express the reviewed web_fetch SSRF-policy shape and evaluate hostname normalization, allowlist matching, private-network skipping, and gateway blocking for assertions.
Web Guard Test Fixture Definition
test/fetch-guard-patch-regression.test.ts		 New webGuardedFetchFixtureSource() generates a fixture implementing hostname normalization, policy checks, guarded fetch helpers, and records { normalized, policy } checks to globalThis.hostnameChecks.
Write fixture and import in compatibility tests
test/fetch-guard-patch-regression.test.ts		 Compatibility and strict-export tests write the generated web-guard fixture to disk and import it so runtime assertions can exercise the patched guard under various sandbox/proxy modes.
Runtime assertions across modes
test/fetch-guard-patch-regression.test.ts		 Invoke fetchWithWebToolsNetworkGuard across OPENSHELL_SANDBOX and useEnvProxy combinations, assert allow/deny/throw outcomes for host.openshell.internal, private/metadata targets, and update globalThis.hostnameChecks expectations to { normalized, policy } objects.
Fail-closed regression and stderr updates
test/fetch-guard-patch-regression.test.ts		 Add regression where web_fetch trusted-proxy callsite is removed while references remain to ensure patcher fails closed; update expected Patch 2b stderr to reference web_fetch/trusted-proxy and add related failure-closed case.
Configuration Documentation for Web Fetch Proxying
scripts/generate-openclaw-config.py		 Add comment documenting that web_fetch remains enabled but is routed via a trusted environment proxy, with OpenShell L7 policy as egress authority unless upstream host/port restrictions are added.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~40 minutes

Possibly related PRs

  • NVIDIA/NemoClaw#3869: Both PRs update Dockerfile fetch-guard patching and test/fetch-guard-patch-regression.test.ts to validate fail-closed behavior and sandbox/proxy gating.
  • NVIDIA/NemoClaw#4288: Overlapping changes to Patch 2b targeting host.openshell.internal handling in OpenShell sandbox/trusted-proxy scenarios.

Suggested labels

Integration: OpenClaw, fix, Docker, OpenShell, Networking, E2E, status: rfr

Suggested reviewers

  • cv
  • jyaunches

"I nibble at the patch with care and hop,
Rewriting guards where sandboxes stop,
A trusted proxy gate, tiny and bright,
Keeps private IPs safe from the night,
Hooray — the web fetchs bound, and all is right! 🐇"

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately reflects the main change: refining the OpenClaw patch to limit the host-gateway allowance to only the web_fetch trusted-proxy path, which is the primary focus of the PR.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/4288-advisor-followups

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 27, 2026
edited
Loading

E2E Advisor Recommendation

Required E2E: network-policy-e2e, test-e2e-sandbox
Optional E2E: cloud-e2e, messaging-providers-e2e

Dispatch hint: network-policy-e2e

Auto-dispatched E2E: network-policy-e2e via nightly-e2e.yaml at 304eca42f883792257c26fd0ed8fe018170c1d33nightly run

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

  • network-policy-e2e (high; live OpenShell sandbox with NVIDIA_API_KEY and restricted policy): Targeted live E2E for this change. test/e2e/test-network-policy.sh includes TC-NET-10, which onboards a restricted OpenClaw sandbox, applies a host.openshell.internal policy, verifies web_fetch reaches the approved host-gateway target, and verifies OpenShell still denies an unapproved host-gateway port. This directly validates the changed SSRF/web_fetch trusted-proxy boundary.
  • test-e2e-sandbox (medium; production Docker image build plus container smoke E2E): Dockerfile patch logic must apply against the real OpenClaw dist during image build, not only against unit-test fixtures. This self-hosted PR E2E depends on building the production sandbox image and then runs the sandbox smoke suite inside the resulting image, catching build-time failures in the OpenClaw patch block.

Optional E2E

  • cloud-e2e (high; full live cloud E2E with NVIDIA_API_KEY): Useful broad confidence that the changed OpenClaw image/config still supports the primary install → onboard → sandbox verify → live inference user journey after the fetch-guard patch changes.
  • messaging-providers-e2e (high; live sandbox with messaging provider/proxy assertions): Adjacent confidence for the same Dockerfile fetch-guard patch block, which also contains media-fetch proxy patches used by Telegram/Discord/Slack provider flows. Not merge-blocking for this PR because the functional change is scoped to web_fetch host-gateway handling.

New E2E recommendations

  • OpenClaw SSRF scoping in real dist (medium): Existing network-policy-e2e validates approved web_fetch host-gateway access and unapproved-port denial, while unit tests validate that the generic SSRF helper remains blocked. A future E2E extension could import/probe the real sandbox OpenClaw dist to assert that non-web_fetch/generic SSRF paths still reject host.openshell.internal, matching the new scoped Patch 2b design.
    • Suggested test: Extend network-policy-e2e TC-NET-10 with a real-dist negative probe for generic/non-web_fetch SSRF helper behavior outside trusted web_fetch.

Dispatch hint

  • Workflow: nightly-e2e.yaml
  • jobs input: network-policy-e2e

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 27, 2026
edited
Loading

E2E Scenario Advisor Recommendation

Required scenario E2E: None
Optional scenario E2E: None

Workflow run

Full scenario advisor summary

E2E Scenario Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required scenario E2E

  • None. No scenario workflow, scenario metadata, scenario runtime, or validation-suite files changed.

Optional scenario E2E

  • None.

Relevant changed files

  • None.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 27, 2026

Selective E2E Results — ✅ All requested jobs passed

Run: 26523238086
Target ref: e175c5f56fee1c349e04c4f61fd55aab38e13c04
Workflow ref: main
Requested jobs: all (no filter)
Summary: 4 passed, 0 failed, 2 skipped

Job Result
bedrock-runtime-compatible-anthropic-e2e ⚠️ cancelled
brave-search-e2e ✅ success
channels-add-remove-e2e ⚠️ cancelled
channels-stop-start-e2e ⚠️ cancelled
cloud-e2e ⚠️ cancelled
cloud-inference-e2e ⚠️ cancelled
cloud-onboard-e2e ⚠️ cancelled
credential-migration-e2e ⚠️ cancelled
credential-sanitization-e2e ⚠️ cancelled
device-auth-health-e2e ⚠️ cancelled
diagnostics-e2e ⚠️ cancelled
docs-validation-e2e ⚠️ cancelled
double-onboard-e2e ⚠️ cancelled
gpu-double-onboard-e2e ⏭️ skipped
gpu-e2e ⏭️ skipped
hermes-discord-e2e ⚠️ cancelled
hermes-e2e ⚠️ cancelled
hermes-inference-switch-e2e ⚠️ cancelled
hermes-onboard-security-posture-e2e ⚠️ cancelled
hermes-root-entrypoint-smoke-e2e ⚠️ cancelled
hermes-slack-e2e ⚠️ cancelled
inference-routing-e2e ⚠️ cancelled
issue-2478-crash-loop-recovery-e2e ⚠️ cancelled
issue-3600-gpu-proof-optional-e2e ✅ success
kimi-inference-compat-e2e ⚠️ cancelled
launchable-smoke-e2e ⚠️ cancelled
messaging-compatible-endpoint-e2e ⚠️ cancelled
messaging-providers-e2e ⚠️ cancelled
network-policy-e2e ⚠️ cancelled
onboard-negative-paths-e2e ⚠️ cancelled
onboard-repair-e2e ⚠️ cancelled
onboard-resume-e2e ⚠️ cancelled
openclaw-discord-pairing-e2e ⚠️ cancelled
openclaw-inference-switch-e2e ⚠️ cancelled
openclaw-onboard-security-posture-e2e ⚠️ cancelled
openclaw-slack-pairing-e2e ⚠️ cancelled
openclaw-tui-chat-correlation-e2e ⚠️ cancelled
openshell-gateway-upgrade-e2e ⚠️ cancelled
overlayfs-autofix-e2e ✅ success
rebuild-hermes-e2e ⚠️ cancelled
rebuild-hermes-stale-base-e2e ⚠️ cancelled
rebuild-openclaw-e2e ⚠️ cancelled
runtime-overrides-e2e ⚠️ cancelled
sandbox-operations-e2e ⚠️ cancelled
sandbox-survival-e2e ⚠️ cancelled
shields-config-e2e ⚠️ cancelled
skill-agent-e2e ⚠️ cancelled
snapshot-commands-e2e ⚠️ cancelled
state-backup-restore-e2e ⚠️ cancelled
telegram-injection-e2e ⚠️ cancelled
token-rotation-e2e ⚠️ cancelled
tunnel-lifecycle-e2e ⚠️ cancelled
upgrade-stale-sandbox-e2e ⚠️ cancelled
vm-driver-privileged-exec-routing-e2e ✅ success

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 27, 2026

Selective E2E Results — ✅ All requested jobs passed

Run: 26523296507
Target ref: e175c5f56fee1c349e04c4f61fd55aab38e13c04
Workflow ref: main
Requested jobs: network-policy-e2e
Summary: 0 passed, 0 failed, 0 skipped

Job Result
network-policy-e2e ⚠️ cancelled

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 27, 2026
edited
Loading

PR Review Advisor

Findings: 0 needs attention, 0 worth checking, 0 nice ideas
Since last review: 0 prior items resolved, 0 still apply, 0 new items found

Workflow run details

This is an automated advisory review. A human maintainer must make the final merge decision.

coderabbitai[bot]
coderabbitai Bot reviewed May 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
Dockerfile (1)

281-309: Run a container-backed E2E pass for this patch.

This block rewrites compiled OpenClaw JS inside the image, so the fixture tests are helpful but not sufficient for the final sandbox artifact. I’d run the recommended nightly E2E subset on the built image before merge.

As per coding guidelines, "Dockerfile: This file affects the sandbox container image. Layer ordering, permissions, and baked config changes are only testable with a real container build."

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfile` around lines 281 - 309, Patch 2b mutates compiled OpenClaw JS
inside the image (the block that patches files found by web_guard_files looking
for fetchWithWebToolsNetworkGuard(params) and injects OPENSHELL_SANDBOX
host-gateway logic around
withTrustedEnvProxyGuardedFetchMode(resolved)/fetchWithSsrFGuard), so run a
container-backed E2E pass on the built image before merging: build the
Dockerfile image, run the recommended nightly E2E subset against that container,
verify the patch was applied (look for the nemoclaw marker and the
OPENSHELL_SANDBOX host openshell.internal hostname check), confirm
web_fetch/trusted-proxy behavior and that no runtime errors occur, and only
merge if the E2E tests pass.
🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@Dockerfile`:
- Around line 301-307: The fail-closed detector populates web_fetch_proxy_refs
by grepping for the wrong proxy symbol (it looks for useTrustedEnvProxy and a
specific withTrustedEnvProxyGuardedFetchMode(resolved) call), so change the grep
in the web_fetch_proxy_refs assignment to also include the real runtime symbol
useEnvProxy (and any other variant like useTrustedEnvProxy if desired) so the
check correctly detects remaining proxy callsites; update the grep pattern in
the web_fetch_proxy_refs assignment (the line that sets web_fetch_proxy_refs
using grep -RIlE --include='*.js' ...) to match useEnvProxy and the existing
withTrustedEnvProxyGuardedFetchMode(resolved) token, and keep the existing
behavior of printing OC_VERSION, OC_DIST and invoking patch_fail if matches are
found.

---

Nitpick comments:
In `@Dockerfile`:
- Around line 281-309: Patch 2b mutates compiled OpenClaw JS inside the image
(the block that patches files found by web_guard_files looking for
fetchWithWebToolsNetworkGuard(params) and injects OPENSHELL_SANDBOX host-gateway
logic around withTrustedEnvProxyGuardedFetchMode(resolved)/fetchWithSsrFGuard),
so run a container-backed E2E pass on the built image before merging: build the
Dockerfile image, run the recommended nightly E2E subset against that container,
verify the patch was applied (look for the nemoclaw marker and the
OPENSHELL_SANDBOX host openshell.internal hostname check), confirm
web_fetch/trusted-proxy behavior and that no runtime errors occur, and only
merge if the E2E tests pass.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: a648c922-faf1-4212-84e2-cb4f8ffafe84

📥 Commits

Reviewing files that changed from the base of the PR and between c8ecee2 and e175c5f.

📒 Files selected for processing (3)
  • Dockerfile
  • scripts/generate-openclaw-config.py
  • test/fetch-guard-patch-regression.test.ts

Comment thread Dockerfile Outdated
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 27, 2026

Selective E2E Results — ❌ Some jobs failed

Run: 26523364300
Target ref: e175c5f56fee1c349e04c4f61fd55aab38e13c04
Workflow ref: main
Requested jobs: all (no filter)
Summary: 51 passed, 1 failed, 2 skipped

Job Result
bedrock-runtime-compatible-anthropic-e2e ✅ success
brave-search-e2e ✅ success
channels-add-remove-e2e ✅ success
channels-stop-start-e2e ✅ success
cloud-e2e ✅ success
cloud-inference-e2e ✅ success
cloud-onboard-e2e ✅ success
credential-migration-e2e ✅ success
credential-sanitization-e2e ✅ success
device-auth-health-e2e ✅ success
diagnostics-e2e ✅ success
docs-validation-e2e ✅ success
double-onboard-e2e ✅ success
gpu-double-onboard-e2e ⏭️ skipped
gpu-e2e ⏭️ skipped
hermes-discord-e2e ✅ success
hermes-e2e ✅ success
hermes-inference-switch-e2e ✅ success
hermes-onboard-security-posture-e2e ✅ success
hermes-root-entrypoint-smoke-e2e ✅ success
hermes-slack-e2e ✅ success
inference-routing-e2e ✅ success
issue-2478-crash-loop-recovery-e2e ✅ success
issue-3600-gpu-proof-optional-e2e ✅ success
kimi-inference-compat-e2e ✅ success
launchable-smoke-e2e ✅ success
messaging-compatible-endpoint-e2e ✅ success
messaging-providers-e2e ✅ success
network-policy-e2e ✅ success
onboard-negative-paths-e2e ✅ success
onboard-repair-e2e ✅ success
onboard-resume-e2e ✅ success
openclaw-discord-pairing-e2e ✅ success
openclaw-inference-switch-e2e ✅ success
openclaw-onboard-security-posture-e2e ✅ success
openclaw-slack-pairing-e2e ✅ success
openclaw-tui-chat-correlation-e2e ✅ success
openshell-gateway-upgrade-e2e ❌ failure
overlayfs-autofix-e2e ✅ success
rebuild-hermes-e2e ✅ success
rebuild-hermes-stale-base-e2e ✅ success
rebuild-openclaw-e2e ✅ success
runtime-overrides-e2e ✅ success
sandbox-operations-e2e ✅ success
sandbox-survival-e2e ✅ success
shields-config-e2e ✅ success
skill-agent-e2e ✅ success
snapshot-commands-e2e ✅ success
state-backup-restore-e2e ✅ success
telegram-injection-e2e ✅ success
token-rotation-e2e ✅ success
tunnel-lifecycle-e2e ✅ success
upgrade-stale-sandbox-e2e ✅ success
vm-driver-privileged-exec-routing-e2e ✅ success

Failed jobs: openshell-gateway-upgrade-e2e. Check run artifacts for logs.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 27, 2026

Selective E2E Results — ❌ Some jobs failed

Run: 26525054507
Target ref: e175c5f56fee1c349e04c4f61fd55aab38e13c04
Workflow ref: main
Requested jobs: openshell-gateway-upgrade-e2e
Summary: 0 passed, 1 failed, 0 skipped

Job Result
openshell-gateway-upgrade-e2e ❌ failure

Failed jobs: openshell-gateway-upgrade-e2e. Check run artifacts for logs.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 27, 2026

Selective E2E Results — ✅ All requested jobs passed

Run: 26526524270
Target ref: efd33bb7263eeb5900ba0d3a13039e068750d7cc
Workflow ref: main
Requested jobs: network-policy-e2e
Summary: 0 passed, 0 failed, 0 skipped

Job Result
network-policy-e2e ⚠️ cancelled

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 27, 2026

Selective E2E Results — ❌ Some jobs failed

Run: 26527083695
Target ref: 3941d4ba90750e4e06da888e81340f9a366e9557
Workflow ref: main
Requested jobs: network-policy-e2e,rebuild-openclaw-e2e
Summary: 1 passed, 1 failed, 0 skipped

Job Result
network-policy-e2e ❌ failure
rebuild-openclaw-e2e ✅ success

Failed jobs: network-policy-e2e. Check run artifacts for logs.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 27, 2026

Selective E2E Results — ❌ Some jobs failed

Run: 26527962124
Target ref: 3941d4ba90750e4e06da888e81340f9a366e9557
Workflow ref: main
Requested jobs: all (no filter)
Summary: 30 passed, 22 failed, 2 skipped

Job Result
bedrock-runtime-compatible-anthropic-e2e ❌ failure
brave-search-e2e ✅ success
channels-add-remove-e2e ❌ failure
channels-stop-start-e2e ❌ failure
cloud-e2e ❌ failure
cloud-inference-e2e ✅ success
cloud-onboard-e2e ❌ failure
credential-migration-e2e ✅ success
credential-sanitization-e2e ❌ failure
device-auth-health-e2e ✅ success
diagnostics-e2e ❌ failure
docs-validation-e2e ✅ success
double-onboard-e2e ✅ success
gpu-double-onboard-e2e ⏭️ skipped
gpu-e2e ⏭️ skipped
hermes-discord-e2e ✅ success
hermes-e2e ❌ failure
hermes-inference-switch-e2e ✅ success
hermes-onboard-security-posture-e2e ❌ failure
hermes-root-entrypoint-smoke-e2e ✅ success
hermes-slack-e2e ✅ success
inference-routing-e2e ❌ failure
issue-2478-crash-loop-recovery-e2e ✅ success
issue-3600-gpu-proof-optional-e2e ✅ success
kimi-inference-compat-e2e ❌ failure
launchable-smoke-e2e ✅ success
messaging-compatible-endpoint-e2e ✅ success
messaging-providers-e2e ✅ success
network-policy-e2e ❌ failure
onboard-negative-paths-e2e ✅ success
onboard-repair-e2e ✅ success
onboard-resume-e2e ❌ failure
openclaw-discord-pairing-e2e ✅ success
openclaw-inference-switch-e2e ❌ failure
openclaw-onboard-security-posture-e2e ❌ failure
openclaw-slack-pairing-e2e ✅ success
openclaw-tui-chat-correlation-e2e ❌ failure
openshell-gateway-upgrade-e2e ✅ success
overlayfs-autofix-e2e ✅ success
rebuild-hermes-e2e ❌ failure
rebuild-hermes-stale-base-e2e ✅ success
rebuild-openclaw-e2e ❌ failure
runtime-overrides-e2e ❌ failure
sandbox-operations-e2e ❌ failure
sandbox-survival-e2e ✅ success
shields-config-e2e ✅ success
skill-agent-e2e ❌ failure
snapshot-commands-e2e ✅ success
state-backup-restore-e2e ✅ success
telegram-injection-e2e ✅ success
token-rotation-e2e ❌ failure
tunnel-lifecycle-e2e ✅ success
upgrade-stale-sandbox-e2e ✅ success
vm-driver-privileged-exec-routing-e2e ✅ success

Failed jobs: bedrock-runtime-compatible-anthropic-e2e, channels-add-remove-e2e, channels-stop-start-e2e, cloud-e2e, cloud-onboard-e2e, credential-sanitization-e2e, diagnostics-e2e, hermes-e2e, hermes-onboard-security-posture-e2e, inference-routing-e2e, kimi-inference-compat-e2e, network-policy-e2e, onboard-resume-e2e, openclaw-inference-switch-e2e, openclaw-onboard-security-posture-e2e, openclaw-tui-chat-correlation-e2e, rebuild-hermes-e2e, rebuild-openclaw-e2e, runtime-overrides-e2e, sandbox-operations-e2e, skill-agent-e2e, token-rotation-e2e. Check run artifacts for logs.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 27, 2026

Selective E2E Results — ❌ Some jobs failed

Run: 26530299117
Target ref: 07b96b7a6b39baea84d5ab67262f59f376003f5d
Workflow ref: main
Requested jobs: all (no filter)
Summary: 4 passed, 2 failed, 2 skipped

Job Result
bedrock-runtime-compatible-anthropic-e2e ⚠️ cancelled
brave-search-e2e ✅ success
channels-add-remove-e2e ⚠️ cancelled
channels-stop-start-e2e ⚠️ cancelled
cloud-e2e ⚠️ cancelled
cloud-inference-e2e ⚠️ cancelled
cloud-onboard-e2e ⚠️ cancelled
credential-migration-e2e ⚠️ cancelled
credential-sanitization-e2e ⚠️ cancelled
device-auth-health-e2e ⚠️ cancelled
diagnostics-e2e ⚠️ cancelled
docs-validation-e2e ⚠️ cancelled
double-onboard-e2e ⚠️ cancelled
gpu-double-onboard-e2e ⏭️ skipped
gpu-e2e ⏭️ skipped
hermes-discord-e2e ⚠️ cancelled
hermes-e2e ⚠️ cancelled
hermes-inference-switch-e2e ⚠️ cancelled
hermes-onboard-security-posture-e2e ⚠️ cancelled
hermes-root-entrypoint-smoke-e2e ⚠️ cancelled
hermes-slack-e2e ⚠️ cancelled
inference-routing-e2e ⚠️ cancelled
issue-2478-crash-loop-recovery-e2e ⚠️ cancelled
issue-3600-gpu-proof-optional-e2e ✅ success
kimi-inference-compat-e2e ⚠️ cancelled
launchable-smoke-e2e ⚠️ cancelled
messaging-compatible-endpoint-e2e ⚠️ cancelled
messaging-providers-e2e ⚠️ cancelled
network-policy-e2e ⚠️ cancelled
onboard-negative-paths-e2e ⚠️ cancelled
onboard-repair-e2e ⚠️ cancelled
onboard-resume-e2e ⚠️ cancelled
openclaw-discord-pairing-e2e ⚠️ cancelled
openclaw-inference-switch-e2e ⚠️ cancelled
openclaw-onboard-security-posture-e2e ❌ failure
openclaw-slack-pairing-e2e ⚠️ cancelled
openclaw-tui-chat-correlation-e2e ⚠️ cancelled
openshell-gateway-upgrade-e2e ⚠️ cancelled
overlayfs-autofix-e2e ✅ success
rebuild-hermes-e2e ⚠️ cancelled
rebuild-hermes-stale-base-e2e ⚠️ cancelled
rebuild-openclaw-e2e ⚠️ cancelled
runtime-overrides-e2e ⚠️ cancelled
sandbox-operations-e2e ⚠️ cancelled
sandbox-survival-e2e ❌ failure
shields-config-e2e ⚠️ cancelled
skill-agent-e2e ⚠️ cancelled
snapshot-commands-e2e ⚠️ cancelled
state-backup-restore-e2e ⚠️ cancelled
telegram-injection-e2e ⚠️ cancelled
token-rotation-e2e ⚠️ cancelled
tunnel-lifecycle-e2e ⚠️ cancelled
upgrade-stale-sandbox-e2e ⚠️ cancelled
vm-driver-privileged-exec-routing-e2e ✅ success

Failed jobs: openclaw-onboard-security-posture-e2e, sandbox-survival-e2e. Check run artifacts for logs.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 27, 2026

Selective E2E Results — ✅ All requested jobs passed

Run: 26530366040
Target ref: 07b96b7a6b39baea84d5ab67262f59f376003f5d
Workflow ref: main
Requested jobs: network-policy-e2e,cloud-e2e
Summary: 0 passed, 0 failed, 0 skipped

Job Result
cloud-e2e ⚠️ cancelled
network-policy-e2e ⚠️ cancelled

@ericksoa ericksoa added the v0.0.54 Release target label May 27, 2026
@ericksoa ericksoa self-assigned this May 27, 2026
@ericksoa ericksoa added fix integration: openclaw OpenClaw integration behavior OpenShell Support for OpenShell, a safe, private runtime for autonomous AI agents Docker Support for Docker containerization Networking Sandbox Use this label to identify issues related to the NemoClaw isolated environment based on OpenShell. security Potential vulnerability, unsafe behavior, or access risk labels May 27, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 27, 2026

Selective E2E Results — ❌ Some jobs failed

Run: 26530463243
Target ref: 07b96b7a6b39baea84d5ab67262f59f376003f5d
Workflow ref: main
Requested jobs: all (no filter)
Summary: 41 passed, 11 failed, 2 skipped

Job Result
bedrock-runtime-compatible-anthropic-e2e ❌ failure
brave-search-e2e ✅ success
channels-add-remove-e2e ✅ success
channels-stop-start-e2e ✅ success
cloud-e2e ✅ success
cloud-inference-e2e ✅ success
cloud-onboard-e2e ✅ success
credential-migration-e2e ✅ success
credential-sanitization-e2e ✅ success
device-auth-health-e2e ✅ success
diagnostics-e2e ✅ success
docs-validation-e2e ✅ success
double-onboard-e2e ✅ success
gpu-double-onboard-e2e ⏭️ skipped
gpu-e2e ⏭️ skipped
hermes-discord-e2e ✅ success
hermes-e2e ✅ success
hermes-inference-switch-e2e ✅ success
hermes-onboard-security-posture-e2e ✅ success
hermes-root-entrypoint-smoke-e2e ✅ success
hermes-slack-e2e ✅ success
inference-routing-e2e ✅ success
issue-2478-crash-loop-recovery-e2e ❌ failure
issue-3600-gpu-proof-optional-e2e ✅ success
kimi-inference-compat-e2e ❌ failure
launchable-smoke-e2e ✅ success
messaging-compatible-endpoint-e2e ✅ success
messaging-providers-e2e ✅ success
network-policy-e2e ❌ failure
onboard-negative-paths-e2e ✅ success
onboard-repair-e2e ✅ success
onboard-resume-e2e ✅ success
openclaw-discord-pairing-e2e ❌ failure
openclaw-inference-switch-e2e ✅ success
openclaw-onboard-security-posture-e2e ❌ failure
openclaw-slack-pairing-e2e ✅ success
openclaw-tui-chat-correlation-e2e ✅ success
openshell-gateway-upgrade-e2e ✅ success
overlayfs-autofix-e2e ✅ success
rebuild-hermes-e2e ✅ success
rebuild-hermes-stale-base-e2e ✅ success
rebuild-openclaw-e2e ✅ success
runtime-overrides-e2e ✅ success
sandbox-operations-e2e ❌ failure
sandbox-survival-e2e ✅ success
shields-config-e2e ✅ success
skill-agent-e2e ❌ failure
snapshot-commands-e2e ❌ failure
state-backup-restore-e2e ❌ failure
telegram-injection-e2e ✅ success
token-rotation-e2e ❌ failure
tunnel-lifecycle-e2e ✅ success
upgrade-stale-sandbox-e2e ✅ success
vm-driver-privileged-exec-routing-e2e ✅ success

Failed jobs: bedrock-runtime-compatible-anthropic-e2e, issue-2478-crash-loop-recovery-e2e, kimi-inference-compat-e2e, network-policy-e2e, openclaw-discord-pairing-e2e, openclaw-onboard-security-posture-e2e, sandbox-operations-e2e, skill-agent-e2e, snapshot-commands-e2e, state-backup-restore-e2e, token-rotation-e2e. Check run artifacts for logs.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 27, 2026

Selective E2E Results — ✅ All requested jobs passed

Run: 26536918913
Target ref: 4a15f1a8bc736dceb41c31730277e8bf411404d5
Workflow ref: main
Requested jobs: network-policy-e2e
Summary: 0 passed, 0 failed, 0 skipped

Job Result
network-policy-e2e ⚠️ cancelled

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 27, 2026

Selective E2E Results — ✅ All requested jobs passed

Run: 26537485546
Target ref: 304eca42f883792257c26fd0ed8fe018170c1d33
Workflow ref: main
Requested jobs: network-policy-e2e
Summary: 0 passed, 0 failed, 0 skipped

Job Result
network-policy-e2e ⚠️ cancelled

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 27, 2026

Selective E2E Results — ❌ Some jobs failed

Run: 26537635717
Target ref: 304eca42f883792257c26fd0ed8fe018170c1d33
Workflow ref: main
Requested jobs: all (no filter)
Summary: 51 passed, 1 failed, 2 skipped

Job Result
bedrock-runtime-compatible-anthropic-e2e ✅ success
brave-search-e2e ✅ success
channels-add-remove-e2e ✅ success
channels-stop-start-e2e ✅ success
cloud-e2e ✅ success
cloud-inference-e2e ✅ success
cloud-onboard-e2e ✅ success
credential-migration-e2e ✅ success
credential-sanitization-e2e ✅ success
device-auth-health-e2e ✅ success
diagnostics-e2e ✅ success
docs-validation-e2e ✅ success
double-onboard-e2e ✅ success
gpu-double-onboard-e2e ⏭️ skipped
gpu-e2e ⏭️ skipped
hermes-discord-e2e ✅ success
hermes-e2e ✅ success
hermes-inference-switch-e2e ✅ success
hermes-onboard-security-posture-e2e ✅ success
hermes-root-entrypoint-smoke-e2e ✅ success
hermes-slack-e2e ✅ success
inference-routing-e2e ✅ success
issue-2478-crash-loop-recovery-e2e ✅ success
issue-3600-gpu-proof-optional-e2e ✅ success
kimi-inference-compat-e2e ✅ success
launchable-smoke-e2e ✅ success
messaging-compatible-endpoint-e2e ✅ success
messaging-providers-e2e ✅ success
network-policy-e2e ✅ success
onboard-negative-paths-e2e ✅ success
onboard-repair-e2e ✅ success
onboard-resume-e2e ❌ failure
openclaw-discord-pairing-e2e ✅ success
openclaw-inference-switch-e2e ✅ success
openclaw-onboard-security-posture-e2e ✅ success
openclaw-slack-pairing-e2e ✅ success
openclaw-tui-chat-correlation-e2e ✅ success
openshell-gateway-upgrade-e2e ✅ success
overlayfs-autofix-e2e ✅ success
rebuild-hermes-e2e ✅ success
rebuild-hermes-stale-base-e2e ✅ success
rebuild-openclaw-e2e ✅ success
runtime-overrides-e2e ✅ success
sandbox-operations-e2e ✅ success
sandbox-survival-e2e ✅ success
shields-config-e2e ✅ success
skill-agent-e2e ✅ success
snapshot-commands-e2e ✅ success
state-backup-restore-e2e ✅ success
telegram-injection-e2e ✅ success
token-rotation-e2e ✅ success
tunnel-lifecycle-e2e ✅ success
upgrade-stale-sandbox-e2e ✅ success
vm-driver-privileged-exec-routing-e2e ✅ success

Failed jobs: onboard-resume-e2e. Check run artifacts for logs.

@ericksoa ericksoa requested a review from cv May 27, 2026 21:59
@cv cv merged commit b14fd76 into main May 27, 2026
27 checks passed
@cv cv deleted the fix/4288-advisor-followups branch May 27, 2026 22:01
@coderabbitai coderabbitai Bot mentioned this pull request May 28, 2026
Draft
@miyoungc miyoungc mentioned this pull request May 29, 2026
Merged
12 tasks
miyoungc added a commit that referenced this pull request May 29, 2026
@miyoungc
docs: refresh 0.0.54 release docs (#4539)
6fb96bd 
## Summary
Refreshes the NemoClaw documentation for the v0.0.54 release and
regenerates user skills from the Fern MDX source. Also keeps the Fern
CLI pin current so local docs checks use the upgraded Fern version.

## Related Issue
<!-- No single related issue. This is release-prep documentation
catch-up. -->

## Changes
- #4403 -> `docs/manage-sandboxes/messaging-channels.mdx`,
`docs/reference/commands.mdx`, `docs/about/release-notes.mdx`: Document
Telegram, Discord, and Slack post-rebuild bridge verification and
summarize channel activation fixes.
- #4222 -> `docs/about/release-notes.mdx`: Include Slack generated
channel enablement in the v0.0.54 messaging summary.
- #4346 -> `docs/get-started/windows-preparation.mdx`,
`docs/about/release-notes.mdx`: Document safer Windows bootstrap
behavior for Ubuntu first-run and Docker Desktop WSL integration.
- #4416 -> `docs/inference/use-local-inference.mdx`,
`docs/about/release-notes.mdx`: Document the Docker Desktop WSL
requirement for Windows-host Ollama.
- #4442 -> `docs/about/release-notes.mdx`: Summarize the optional
NemoHermes native web dashboard and related environment variables.
- #4426 -> `docs/about/release-notes.mdx`: Summarize copy-paste recovery
hints for invalid sandbox names and missing NVIDIA API keys.
- #4459 -> `docs/about/release-notes.mdx`: Summarize the Linuxbrew
prefix fix for sandbox Homebrew usage.
- #4450 -> `docs/about/release-notes.mdx`: Summarize `/nemoclaw` slash
command startup activation.
- #4468 -> `docs/about/release-notes.mdx`: Summarize scope-upgrade
approval recovery.
- #4325 -> `docs/about/release-notes.mdx`: Summarize the narrowed
`web_fetch` host-gateway allowance.
- #4474 -> `docs/about/release-notes.mdx`: Summarize Hermes Provider
smoke-check behavior for OAuth versus Nous API key setup.
- Refresh generated `.agents/skills/nemoclaw-user-*` references from
`docs/` and update `fern/fern.config.json` to Fern `5.41.2`.

## Type of Change
- [ ] Code change (feature, bug fix, or refactor)
- [ ] Code change with doc updates
- [x] Doc only (prose changes, no code sample modifications)
- [ ] Doc only (includes code sample changes)

## Verification
<!-- Check each item you ran and confirmed. Leave unchecked items you
skipped. Doc-only changes do not require npm test unless you ran it. -->
- [ ] `npx prek run --all-files` passes
- [ ] `npm test` passes
- [ ] Tests added or updated for new or changed behavior
- [x] No secrets, API keys, or credentials committed
- [x] Docs updated for user-facing behavior changes
- [ ] `npm run docs` builds without warnings (doc changes only)
- [x] Doc pages follow the [style
guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md)
(doc changes only)
- [ ] New doc pages include SPDX header and frontmatter (new pages only)

---
<!-- DCO sign-off required by CI. Run: git config user.name && git
config user.email -->
Signed-off-by: Miyoung Choi <miyoungc@nvidia.com>

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
  * Optional NemoHermes native web dashboard (configurable port and TUI)
* GPU memory cleanup now unloads Ollama models when switching providers
or stopping services

* **Bug Fixes**
  * Improved sandbox name validation with suggested slug recovery
* Windows-host Ollama now requires Docker Desktop WSL integration and
exits with remediation guidance when unsupported

* **Documentation**
* Clarified quickstart/onboard flow, installer TTY/non‑TTY guidance,
Hermes Docker prerequisites, sandbox hardening, and channels add rebuild
checks

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/NVIDIA/NemoClaw/pull/4539?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
@wscurran wscurran added area: networking DNS, proxy, TLS, ports, host aliases, or connectivity area: packaging Packages, images, registries, installers, or distribution area: sandbox OpenShell sandbox lifecycle, runtime, config, or recovery bug-fix PR fixes a bug or regression platform: container Affects Docker, containerd, Podman, or images and removed area: packaging Packages, images, registries, installers, or distribution labels Jun 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@cv cv cv approved these changes

Assignees

@ericksoa ericksoa

Labels

area: networking DNS, proxy, TLS, ports, host aliases, or connectivity area: sandbox OpenShell sandbox lifecycle, runtime, config, or recovery bug-fix PR fixes a bug or regression Docker Support for Docker containerization fix integration: openclaw OpenClaw integration behavior Networking OpenShell Support for OpenShell, a safe, private runtime for autonomous AI agents platform: container Affects Docker, containerd, Podman, or images Sandbox Use this label to identify issues related to the NemoClaw isolated environment based on OpenShell. security Potential vulnerability, unsafe behavior, or access risk v0.0.54 Release target

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ericksoa @cv @wscurran