fix(policy): ignore dotfile presets from directories

[WuKongAI-CMU]

Summary

• Ignore hidden dotfile YAML entries when applying custom presets from a directory.
• Keep explicit --from-file behavior unchanged for users who pass a hidden file directly.

Addresses one hardening item from #2521.

Test plan

• npm run build:cli
• npm run typecheck:cli
• npm test -- test/policies.test.ts -t="--from-dir skips hidden dotfile yaml presets"
• git diff --check

Summary by CodeRabbit

• Bug Fixes

  • The policy-add --from-dir command now ignores hidden dotfiles (those beginning with a dot) when loading YAML policies, ensuring only visible configuration files are applied.

• Tests

  • Added an integration test verifying hidden YAML presets are skipped and only visible presets are loaded.

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 489bc394-394d-4790-9677-77fc02f1a45e

📥 Commits

Reviewing files that changed from the base of the PR and between d98a483 and 0ba31e8.

📒 Files selected for processing (2)

• src/nemoclaw.ts
• test/policies.test.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• src/nemoclaw.ts

---

📝 Walkthrough

Walkthrough

The policy-add --from-dir behavior was changed to ignore hidden dot-prefixed files when loading YAML/YML presets; help text and the directory-reading filter were updated, and a new integration test verifies hidden files are skipped.

Changes

Cohort / File(s)	Summary
CLI Command Implementation src/nemoclaw.ts	Filter directory entries to exclude names starting with . before matching .yaml/.yml; update help text to state only non-hidden YAML/YML files are applied.
Integration Test test/policies.test.ts	Add test that creates real.yaml and .bad.yaml in a temp dir, runs policy-add --from-dir --yes, and asserts only real.yaml is loaded (dotfile ignored).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 In burrows of code I quietly peep,
I skip the dot-files hiding deep.
One real preset hops into the light,
The shadowed .bad stays out of sight.
Hooray for tidy configs—soft and neat! 🥕

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix(policy): ignore dotfile presets from directories' directly and accurately describes the main change: modifying the policy-add --from-dir behavior to ignore hidden dot-prefixed files.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[wscurran]

✨ Thanks for submitting this pull request that proposes a way to ignore hidden dotfile YAML entries when applying custom presets from a directory.

---

Related open issues:

• #2521 chore(policy): hardening follow-ups from custom preset file support (#2039 / #2077)

[brandonpelfrey]

@WuKongAI-CMU please add DCO sign-off for this change

[ericksoa]

Thanks @WuKongAI-CMU for the contribution here. The functional change from this PR has now been replayed and merged via #2679 because #2525 was blocked by branch/process state.

The merged change preserves the behavior proposed here: policy-add --from-dir skips hidden dotfile YAML entries while explicit --from-file behavior remains unchanged.

Closing this PR as superseded by #2679.