fix(openclaw): handle 2026.5.27 approval compatibility#4786
Merged
Conversation
Contributor
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (4)
🚧 Files skipped from review as they are similar to previous changes (2)
📝 WalkthroughWalkthroughAdds a scope allowlist and validation to auto-approval paths, sanitizes approve subprocess environment, extends the sandbox approve wrapper with before/after reconciliation, disables Jiti filesystem caching in runtime/proxy layers, and updates tests/E2E to assert and validate these changes. ChangesOpenClaw scope allowlist hardening and Jiti cache disabling
🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
Suggested labels
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
Contributor
PR Review AdvisorFindings: 0 needs attention, 4 worth checking, 1 nice ideas Review findings🛠️ Needs attention
🔎 Worth checking
🌱 Nice ideas
Consider writing more tests for
Since last review detailsCurrent findings:
This is an automated advisory review. A human maintainer must make the final merge decision. |
Contributor
E2E Advisor RecommendationRequired E2E: Dispatch hint: Auto-dispatched E2E: Full advisor summaryE2E Recommendation AdvisorBase: Required E2E
Optional E2E
New E2E recommendations
Dispatch hint
|
Contributor
E2E Scenario Advisor RecommendationRequired scenario E2E: Dispatch required scenario E2E:
Full scenario advisor summaryE2E Scenario AdvisorBase: Required scenario E2E
Optional scenario E2E
Relevant changed files
|
Contributor
Selective E2E Results — ✅ All requested jobs passedRun: 26983678782
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@scripts/nemoclaw-start.sh`:
- Around line 1768-1773: The current requested_scopes function returns an empty
set for malformed (non-list) scopes which allows bypassing allowlist checks;
change requested_scopes to treat non-list payloads as rejected by returning None
(or another explicit error sentinel) instead of set() and ensure callers treat
None as a fatal/malformed result and deny approval; apply the same fail-closed
change to the duplicated connect-time scope parsing/allowlist logic in the
connect.ts connect-time pass so that any non-list scopes/requestedScopes are
treated as malformed (returning None/error) and cause rejection rather than
silently allowing an empty set.
In `@src/lib/actions/sandbox/connect.ts`:
- Around line 704-709: requested_scopes currently returns an empty set for
non-list inputs which lets malformed payloads bypass allowlist checks; change
requested_scopes to fail closed by returning None (or raising a small custom
exception) when scopes is not a list instead of returning set(), and remove the
fallback to empty set in the comprehension; then update every caller of
requested_scopes (the connect-time allowlist checks and other occurrences of the
same pattern) to treat a None/exception result as a malformed payload and reject
the request rather than treating it as “no scopes.”
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: d5f5a33e-ea92-4722-87ae-eabd1d43308b
📒 Files selected for processing (8)
DockerfileDockerfile.basescripts/nemoclaw-start.shsrc/lib/actions/sandbox/connect.tstest/e2e/test-issue-4462-scope-upgrade-approval.shtest/nemoclaw-start.test.tstest/runner.test.tstest/sandbox-connect-inference.test.ts
Collaborator
Author
|
Addressed CodeRabbit's malformed-scope feedback in 159cec9: both the startup auto-pair watcher and connect-time approval pass now fail closed when scopes/requestedScopes is present but not a list, and unit coverage was added for malformed CLI scope payload rejection. Validation:
|
Contributor
Selective E2E Results — ✅ All requested jobs passedRun: 26983801881
|
12 tasks
Contributor
Selective E2E Results — ✅ All requested jobs passedRun: 26984503731
|
cv
added a commit
that referenced
this pull request
Jun 5, 2026
<!-- markdownlint-disable MD041 --> ## Summary Share the OpenClaw device approval allowlist/scope policy between the startup auto-pair watcher and the connect-time approval pass. This keeps the #4786 compatibility shim fail-closed in one place while still injecting the helper into existing sandboxes during `connect`. ## Related Issue Refs #4462, #4263. Stacked on #4786. ## Changes - Add `scripts/lib/openclaw_device_approval_policy.py` as the shared policy helper for allowed clients, modes, scopes, malformed scope rejection, and gateway-env stripping. - Load the helper from `nemoclaw-start.sh` and inject the same helper into `/tmp` for the connect-time approval pass. - Copy the helper into sandbox images and optimized build contexts. - Update startup/connect/build-context tests around the shared policy source. ## Type of Change - [x] Code change (feature, bug fix, or refactor) - [ ] Code change with doc updates - [ ] Doc only (prose changes, no code sample modifications) - [ ] Doc only (includes code sample changes) ## Verification - [ ] `npx prek run --all-files` passes - [ ] `npm test` passes - [x] Tests added or updated for new or changed behavior - [x] No secrets, API keys, or credentials committed - [ ] Docs updated for user-facing behavior changes - [ ] `npm run docs` builds without warnings (doc changes only) - [ ] Doc pages follow the [style guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md) (doc changes only) - [ ] New doc pages include SPDX header and frontmatter (new pages only) Additional focused checks run: - `npm run build:cli` - `npm run typecheck:cli` - `npm test -- --run test/nemoclaw-start.test.ts test/sandbox-connect-inference.test.ts test/sandbox-build-context.test.ts` - `python3 -m py_compile scripts/lib/openclaw_device_approval_policy.py` - `bash -n scripts/nemoclaw-start.sh` Skipped/blocked: - `npx prek run --files ...` and `node_modules/.bin/prek --version` both failed before hooks ran with `Error fetching release: self-signed certificate in certificate chain`. - `shellcheck scripts/nemoclaw-start.sh` was not available in this environment (`shellcheck: command not found`). --- Signed-off-by: Carlos Villela <cvillela@nvidia.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Externalized device approval policy for OpenClaw pairing, driving approval decisions from a pluggable policy module instead of embedded allowlists. * **Chores** * Included the approval policy module in builds and runtime images, with tightened file permissions and staging so it’s available where the watcher runs. * **Tests** * Updated and expanded auto-pair and sandbox tests to exercise the new policy-driven approval flow and related hardening. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
cv
pushed a commit
that referenced
this pull request
Jun 5, 2026
## Summary
- Add the v0.0.59 release notes from the GitHub announcement discussion.
- Refresh local inference and credential-storage guidance for the
current release behavior.
- Regenerate the user skills from the updated Fern docs.
- Tighten release-prep and docs review guidance for generated skills, PR
labels, and shared `$$nemoclaw` command placeholders.
## Verification
- `python3 scripts/docs-to-skills.py docs/ .agents/skills/ --prefix
nemoclaw-user --doc-platform fern-mdx`
- `rg "permissive mode|shields down|shields up|shields status|config
rotate-token|rotate-token" --glob '*.{md,mdx}'`
- `git diff --check`
- `npm run docs` (rerun outside sandbox after sandbox-only `tsx` IPC
permission failure)
- `npm run typecheck:cli`
- Pre-commit hooks during commit passed, including markdownlint,
docs-to-skills verification, gitleaks, commitlint, and skills YAML
tests.
## Source Summary
- #3679, #4437, #4681, #4766, #4772, #4775, #4786 ->
`docs/about/release-notes.mdx`, `docs/reference/commands.mdx`,
`docs/reference/troubleshooting.mdx`: Summarize OpenClaw 2026.5.27
compatibility, runtime path pinning, plugin registry recovery, live
gateway reconciliation, and clearer host-alias/startup diagnostics.
- #4332, #4402, #4769, #4776, #4779 -> `docs/about/release-notes.mdx`,
`docs/inference/inference-options.mdx`,
`docs/inference/use-local-inference.mdx`,
`docs/inference/switch-inference-providers.mdx`: Document the release
inference changes covering Local NIM waits, Hermes Anthropic routing,
Nemotron 3 Ultra, the current Ollama starter fallback, and Spark
managed-vLLM context length.
- #4628, #4652, #4733, #4745 -> `docs/about/release-notes.mdx`,
`docs/security/credential-storage.mdx`,
`docs/manage-sandboxes/messaging-channels.mdx`,
`docs/reference/troubleshooting.mdx`: Capture permission healing,
gateway-stored credential reuse, cross-sandbox messaging credential
conflict checks, and CDI preflight diagnostics.
- #4728, #4737, #4743, #4744, #4782 -> `.agents/skills/nemoclaw-user-*`:
Regenerate the user skill references from the updated source docs.
- Follow-up maintenance ->
`.agents/skills/nemoclaw-contributor-update-docs/SKILL.md`,
`.coderabbit.yaml`: Add release-prep area labels for docs and skills
PRs, and teach docs review guidance that `$$nemoclaw` is the correct
shared command placeholder for examples that work across agent aliases.
Note: the `documentation` label was not present in the repository, so
this PR is labeled with `v0.0.59` only.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated default model for local Ollama inference setup to qwen3.5:9b
* Added Nemotron 3 Ultra 550B as an NVIDIA Endpoints model option
* Clarified credential storage and reuse behavior for post-deployment
(day-two) operations
* Added v0.0.59 release notes covering OpenClaw compatibility, inference
options, Hermes messaging sync, and troubleshooting
* Clarified CLI selection guidance and updated OpenClaw version example
in status output
* Revised release-prep instructions and docs review guidance for CLI
alias usage
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR keeps the OpenClaw 2026.5.27 upgrade path unblocked by handling its changed device-approval behavior and preventing generated Jiti source cache from tripping Bedrock leak scans. It also narrows NemoClaw auto-pair approvals so follow-on
operator.adminrequests are not approved automatically.Related Issue
Refs #4462, #4434
Changes
/tmp/jitigenerated-source residue in sandbox leak scans.openclaw devices approvecompatibility shim to treat a non-zero OpenClaw approve as success when the requested scopes were actually applied.operator.write/operator.readupgrades and fail ifoperator.adminis auto-approved.Type of Change
Verification
npx prek run --all-filespassesnpm testpassesnpm run docsbuilds without warnings (doc changes only)Additional verification run:
npm run typecheck:clinpx prek run --files Dockerfile Dockerfile.base scripts/nemoclaw-start.sh src/lib/actions/sandbox/connect.ts test/e2e/test-issue-4462-scope-upgrade-approval.sh test/nemoclaw-start.test.ts test/runner.test.ts test/sandbox-connect-inference.test.tsnpm test -- --run test/nemoclaw-start.test.ts test/sandbox-connect-inference.test.ts test/fetch-guard-patch-regression.test.ts test/runner.test.tsnpm testwas attempted locally but did not fully pass becausetest/install-preflight.test.tshit an environment-specific Podman/CDI preflight expectation (Host preflight found issues...) on this host.Signed-off-by: Carlos Villela cvillela@nvidia.com
Summary by CodeRabbit
Security Improvements
Tests