You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
docs: stabilize starter prompt credential capture (NVIDIA#6423)
<!-- markdownlint-disable MD041 -->
## Summary
This PR makes NemoClaw's starter prompt use a checked-in local
credential form template instead of asking coding agents to generate
form HTML during onboarding.
The goal is to reduce setup variability for medium-sized models while
preserving local-only credential handling.
## Changes
- Adds `docs/resources/local-credential-form.html`, a self-contained
loopback-only credential form template with no external resources.
- Updates the starter prompt to fetch or reuse that template, serve it
from `127.0.0.1`, and implement only the small local submit helper
around it.
- Updates starter prompt CTA copy across the home, quickstart, Hermes
quickstart, and AI Agent Docs pages.
- Adds starter prompt contract coverage for the credential template URL,
local-only CSP, and Deep Agents prompt option.
Local form:
<img width="647" height="665" alt="Screenshot 2026-07-07 at 6 06 42 PM"
src="https://github.com/user-attachments/assets/dfa3c651-6a36-4a91-95b3-dd36e3fa1a72"
/>
## Type of Change
- [ ] Code change (feature, bug fix, or refactor)
- [x] Code change with doc updates
- [ ] Doc only (prose changes, no code sample modifications)
- [ ] Doc only (includes code sample changes)
## Quality Gates
<!-- Check exactly one tests line and one docs line. Check other lines
when applicable. Add every requested justification or approval
reference. -->
- [x] Tests added or updated for changed behavior
- [ ] Existing tests cover changed behavior — justification:
- [ ] Tests not applicable — justification:
- [x] Docs updated for user-facing behavior changes
- [ ] Docs not applicable — justification:
- [x] Sensitive paths changed (security, policy, credentials, preflight,
onboarding, inference, runner, sandbox, or messaging)
- [x] Sensitive-path review completed or maintainer-approved waiver
recorded — reviewer/approval link/justification: Credential handling
remains local-only docs guidance; the form is disabled outside loopback,
accepts submissions only to the local helper, uses redacted summaries,
avoids storage APIs, and is covered by
`test/starter-prompt-docs.test.ts`.
- [ ] Non-success, skipped, or missing CI check accepted by maintainer —
check name, approval link, and follow-up issue:
## Verification
<!-- Check each applicable item only when supported by the requested
evidence. Run targeted tests once per relevant change set and rerun
after later edits or hook autofixes that can affect the tested behavior.
Do not rerun hook-covered checks. -->
- [x] PR description includes the DCO sign-off declaration and every
commit appears as `Verified` in GitHub
- [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or
`npm run check:diff` passed when hooks were skipped or unavailable
- [x] Targeted behavior tests pass for the current change set, or tests
are marked not applicable above — command/result or justification: `npx
vitest run --project integration test/starter-prompt-docs.test.ts`
passed with 7/7 tests.
- [ ] Applicable broad gate passed — `npm test` for broad
runtime/test-harness changes; `npm run check` for repo-wide
validation/coverage changes — command/result:
- [x] Quality Gates section completed with required justifications or
waivers
- [x] No secrets, API keys, or credentials committed
- [ ] `npm run docs` builds without warnings (doc changes only) —
result: build passed; only known baseline Fern authentication-redirect
and accent-contrast warnings remain.
- [x] Doc pages follow the [style
guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md)
(doc changes only)
- [x] New doc pages include SPDX header and frontmatter (new pages only)
---
<!-- DCO sign-off is required in this PR description, and every commit
must appear as Verified in GitHub. Run: git config user.name && git
config user.email -->
Signed-off-by: Miyoung Choi <miyoungc@nvidia.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Summary by CodeRabbit
* **New Features**
* Added a locked-down local credential submission helper page with a
restrictive CSP, loopback-only access, and automatic redaction/clearing
of secret values after submit.
* **Documentation**
* Updated starter prompts and quickstart docs to reuse the checked-in
credential form, use `:secret` vs `:text` appropriately, and follow the
safer “redacted summary then run” workflow.
* **Tests**
* Expanded VM-based checks to pin the credential template URL/digest and
verify CSP/security constraints plus disabled and submit/redaction
behaviors.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Carlos Villela <cvillela@nvidia.com>
Copy file name to clipboardExpand all lines: docs/_components/StarterPrompt.tsx
+10-5Lines changed: 10 additions & 5 deletions
Original file line number
Diff line number
Diff line change
@@ -89,15 +89,20 @@ Instead, collect the required choices from me first, one clickable selection at
89
89
90
90
## Handle Tokens Securely and Visually
91
91
92
-
When you need an API key, bot token, app token, or other secret, prefer a local visual credential form instead of chat.
93
-
94
-
- Ask permission before creating a local credential form.
95
-
- Create a temporary local-only HTML form and open it in your coding-agent UI's browser. Bind any helper server to \`127.0.0.1\` on a random local port. Do not use external scripts, analytics, CDNs, or network resources.
96
-
- Use password-style inputs for secret values and normal text inputs for non-secret IDs such as server IDs, allowlists, endpoint URLs, and sandbox names.
92
+
When you need an API key, bot token, app token, or other secret, prefer the checked-in NemoClaw local credential form instead of chat.
93
+
94
+
- Ask permission before opening a local credential form.
95
+
- Do not generate, rewrite, or redesign credential-form HTML. Use the repository form template from this URL exactly: https://raw.githubusercontent.com/NVIDIA/NemoClaw/c9aac7dc12bacdaa4d38af552b893021049ee836/docs/resources/local-credential-form.html
96
+
- Fetch that template or use the local repo copy when available, verify its SHA-256 digest is \`cc746703ab514cf33d7131915f16e8dc19346b26a4d953c5125be81449d6e6f6\`, write the exact bytes into a private temporary directory, then serve it from a helper bound to \`127.0.0.1\` on a random local port.
97
+
- Treat that immutable URL and digest as one reviewed trust boundary. Stop if verification fails; do not substitute a different URL, template, or digest.
98
+
- Open the served loopback URL, not the raw GitHub URL, in your coding-agent UI's browser. Configure fields with query parameters such as \`?fields=NVIDIA_INFERENCE_API_KEY:secret\` or \`?fields=NEMOCLAW_ENDPOINT_URL:text,NEMOCLAW_MODEL:text,COMPATIBLE_API_KEY:secret\`.
99
+
- Implement only the tiny loopback helper around the template: serve the HTML file, accept its \`POST /submit\` JSON payload, keep submitted values in memory, and expose no external network listener. When serving the HTML response, include the HTTP header \`Content-Security-Policy: frame-ancestors 'none'\` because browsers do not enforce that directive from a meta tag.
100
+
- Use \`:secret\` fields for secret values and \`:text\` fields for non-secret IDs such as server IDs, allowlists, endpoint URLs, and sandbox names.
97
101
- Keep submitted secrets only in memory long enough to run the approved command. Do not print them, write them to logs, commit them, or paste them into chat.
98
102
- If you must write a temporary file for the helper, use a private temporary directory, restrict permissions when possible, and delete it immediately after use.
99
103
- Show me a redacted summary before running commands, such as \`TELEGRAM_BOT_TOKEN=********\`, and ask permission to continue.
100
104
- After the command finishes, shut down the local helper and delete the temporary HTML file.
105
+
- If your environment cannot serve a loopback helper, use the local terminal, a secure secret prompt, or the local app prompt that needs the credential. Do not fall back to generated form HTML.
101
106
102
107
Use this provider mapping for non-interactive setup:
Copy file name to clipboardExpand all lines: docs/get-started/quickstart-hermes.mdx
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -28,7 +28,7 @@ The first Hermes build can take several minutes because NemoClaw builds the Herm
28
28
29
29
Copy the starter prompt into Cursor, Claude Code, Codex, Copilot, or another local coding agent when you want the assistant to install NemoClaw with you.
30
30
The prompt points your agent to [AI Agent Docs](../resources/agent-skills), this quickstart, the Markdown docs, and the optional `nemoclaw-user-guide` skill.
31
-
It also asks your agent to confirm Hermes as the selected agent before it builds the install or onboard command.
31
+
It also asks your agent to confirm Hermes as the selected agent before it builds the install or onboard command, and to reuse the checked-in local credential form for secrets.
Copy file name to clipboardExpand all lines: docs/get-started/quickstart.mdx
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -24,7 +24,7 @@ Review the [Prerequisites](prerequisites) before following this guide.
24
24
25
25
Copy the starter prompt into Cursor, Claude Code, Codex, Copilot, or another local coding agent when you want the assistant to install NemoClaw with you.
26
26
The prompt points your agent to [AI Agent Docs](../resources/agent-skills), this quickstart, the Markdown docs, and the optional `nemoclaw-user-guide` skill.
27
-
It also tells your agent to collect choices before launching interactive commands and to handle credentials outside the chat transcript.
27
+
It also tells your agent to collect choices before launching interactive commands and to reuse the checked-in local credential form for secrets.
Copy file name to clipboardExpand all lines: docs/index.mdx
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -45,7 +45,7 @@ Install NemoClaw and run the onboard wizard to get started.
45
45
### From Your Coding Agent
46
46
47
47
Copy the starter prompt and paste it into your local coding agent, such as Cursor, Claude Code, Codex, Copilot, or another assistant that can run local commands with your approval.
48
-
The prompt tells your agent to use NemoClaw skills when available, bootstrap the docs-routing skill when it is missing, fetch the Markdown docs, ask whether you want OpenClaw, Hermes, or Deep Agents, collect choices one question at a time, and avoid asking you to paste secrets into chat.
48
+
The prompt tells your agent to use NemoClaw skills when available, bootstrap the docs-routing skill when it is missing, fetch the Markdown docs, ask whether you want OpenClaw, Hermes, or Deep Agents, collect choices one question at a time, and reuse the checked-in local credential form instead of asking you to paste secrets into chat.
Copy file name to clipboardExpand all lines: docs/resources/agent-skills.mdx
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -20,7 +20,7 @@ Use this page when you want your agent to help with installation, inference conf
20
20
## Give Your Agent the Starter Prompt
21
21
22
22
The fastest path is to copy the starter prompt from the NemoClaw home page and paste it into your local coding agent.
23
-
The prompt tells the agent to use NemoClaw skills when available, bootstrap the docs-routing skill when missing, use the Markdown docs, ask one question at a time, run commands only with permission, and handle credentials safely.
23
+
The prompt tells the agent to use NemoClaw skills when available, bootstrap the docs-routing skill when missing, use the Markdown docs, ask one question at a time, run commands only with permission, and reuse the checked-in local credential form for secrets.
24
24
NemoClaw keeps the prompt text in a shared docs source so the copy button and manual fallback render the same content.
0 commit comments