Skip to content

fix(policy): allow apt node for OpenClaw registry access#4701

Closed
chengjiew wants to merge 1 commit into
mainfrom
fix/4104_clawhub_policy
Closed

fix(policy): allow apt node for OpenClaw registry access#4701
chengjiew wants to merge 1 commit into
mainfrom
fix/4104_clawhub_policy

Conversation

@chengjiew

@chengjiew chengjiew commented Jun 3, 2026

Copy link
Copy Markdown
Contributor

Summary

Allow OpenClaw's default clawhub and openclaw_api policy entries to be reached by Node when it is installed at /usr/bin/node, which is common on apt-based Linux images. This fixes the default sandbox policy gap that can block openclaw plugins install before it reaches ClawHub/OpenClaw API, without broadening the baseline npm_registry policy.

Related Issue

Fixes #4104

Changes

  • Added /usr/bin/node to the baseline clawhub and openclaw_api binary allowlists in nemoclaw-blueprint/policies/openclaw-sandbox.yaml.
  • Added regression coverage asserting both OpenClaw registry/API policies include /usr/bin/node, /usr/local/bin/node, and /usr/local/bin/openclaw.
  • Updated the network policy reference table to document the new binary allowlist.

Type of Change

  • Code change (feature, bug fix, or refactor)
  • Code change with doc updates
  • Doc only (prose changes, no code sample modifications)
  • Doc only (includes code sample changes)

Verification

  • npx prek run --all-files passes
  • npm test passes
  • Tests added or updated for new or changed behavior
  • No secrets, API keys, or credentials committed
  • Docs updated for user-facing behavior changes
  • npm run docs builds without warnings (doc changes only)
  • Doc pages follow the style guide (doc changes only)
  • New doc pages include SPDX header and frontmatter (new pages only)

Focused verification run:

npm run build:cli
NPM_CONFIG_CACHE=/tmp/nemoclaw-4104-current-npm-cache npx vitest run test/validate-blueprint.test.ts test/rebuild-policy-presets.test.ts test/policy-preset-sync.test.ts test/security-method-wildcards.test.ts
git diff --check

All focused checks passed. A broader local test/policies.test.ts run was attempted after npm run build:cli; it ran 152 tests with 134 passing, but 18 interactive policy command tests timed out in this local environment, so it is not marked as a passing full-suite check here.


Signed-off-by: Chengjie Wang chengjiew@nvidia.com

Summary by CodeRabbit

Release Notes

  • Documentation

    • Updated network policy reference documentation to reflect changes in allowed execution binaries for sandbox environments.
  • Tests

    • Added regression tests to validate network policy configurations and binary allowlists.

Signed-off-by: Chengjie Wang <chengjiew@nvidia.com>
@chengjiew chengjiew self-assigned this Jun 3, 2026
@github-actions

github-actions Bot commented Jun 3, 2026

Copy link
Copy Markdown
Contributor

This repository limits contributors to 10 open pull requests. Please close or merge existing PRs before opening new ones.

@github-actions github-actions Bot closed this Jun 3, 2026
@coderabbitai

coderabbitai Bot commented Jun 3, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: f91dcb75-1aa6-41c4-9500-1724273705d7

📥 Commits

Reviewing files that changed from the base of the PR and between ac5b144 and c7b05cc.

📒 Files selected for processing (3)
  • docs/reference/network-policies.mdx
  • nemoclaw-blueprint/policies/openclaw-sandbox.yaml
  • test/validate-blueprint.test.ts

📝 Walkthrough

Walkthrough

This PR resolves issue #4104 by adding /usr/bin/node to the allowed execution binaries for clawhub and openclaw_api network policies. The change updates the sandbox policy YAML, synchronizes the reference documentation, and adds a regression test to prevent future policy drift.

Changes

Enable Node binary for clawhub and openclaw_api policies

Layer / File(s) Summary
Policy binary allowlist
nemoclaw-blueprint/policies/openclaw-sandbox.yaml
Added /usr/bin/node to allowed binaries lists for network_policies.clawhub and network_policies.openclaw_api tiers, enabling apt-installed Node to execute within those policy boundaries.
Documentation and regression test
docs/reference/network-policies.mdx, test/validate-blueprint.test.ts
Updated the baseline policy endpoint table to document /usr/bin/node for both policies, and added regression test #4104 verifying the sorted binary allowlist (/usr/bin/node, /usr/local/bin/node, /usr/local/bin/openclaw) matches exactly.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

fix, enhancement: policy

Suggested reviewers

  • cv

Poem

🐰 A rabbit hops through policies with glee,
Node binary blooms so plugins flow free,
Clawhub now reachable, no network dismay,
Tests catch the drift in tomorrow's relay! 🦞

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/4104_clawhub_policy

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions

github-actions Bot commented Jun 3, 2026

Copy link
Copy Markdown
Contributor

@github-actions

github-actions Bot commented Jun 3, 2026

Copy link
Copy Markdown
Contributor

E2E Advisor Recommendation

Required E2E: network-policy-e2e
Optional E2E: cloud-onboard-e2e, skill-agent-e2e

Dispatch hint: network-policy-e2e

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

  • network-policy-e2e (high): Directly exercises sandbox network policy behavior, deny-by-default enforcement, hot policy application, per-binary allowances, and security policy regressions. This PR changes the baseline policy boundary, so this should be merge-blocking.

Optional E2E

  • cloud-onboard-e2e (medium): Useful confidence that a fresh cloud OpenClaw sandbox still onboards and reaches ready state with the updated baseline policy applied.
  • skill-agent-e2e (medium): Adjacent real assistant flow check: validates OpenClaw agent behavior after onboarding. It may catch plugin/skill runtime issues that unit policy validation will not, but it does not directly assert the new clawhub/openclaw_api /usr/bin/node allowance.

New E2E recommendations

  • OpenClaw registry/API per-binary baseline policy (high): Existing E2E coverage does not appear to explicitly verify that apt-installed Node at /usr/bin/node can reach clawhub.ai and openclaw.ai under the restricted baseline, nor that unrelated baseline-restricted Node egress remains blocked.
    • Suggested test: Add a network-policy E2E assertion to a fresh restricted OpenClaw sandbox that runs /usr/bin/node fetch probes against https://clawhub.ai and https://openclaw.ai, verifies allowed responses, and also verifies /usr/bin/node remains blocked for endpoints such as registry.npmjs.org unless the matching preset is applied.

Dispatch hint

  • Workflow: nightly-e2e.yaml
  • jobs input: network-policy-e2e

@github-actions

github-actions Bot commented Jun 3, 2026

Copy link
Copy Markdown
Contributor

E2E Scenario Advisor Recommendation

Required scenario E2E: ubuntu-repo-cloud-openclaw
Optional scenario E2E: wsl-repo-cloud-openclaw, macos-repo-cloud-openclaw

Dispatch required scenario E2E:

  • gh workflow run e2e-scenarios.yaml --ref <pr-head-ref> --field scenarios=ubuntu-repo-cloud-openclaw

Workflow run

Full scenario advisor summary

E2E Scenario Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required scenario E2E

  • ubuntu-repo-cloud-openclaw: The base sandbox network policy changed to allow apt-installed Node for OpenClaw ClawHub/openclaw.ai access. The Ubuntu repo cloud OpenClaw scenario is the primary repo-checkout onboarding path that exercises the changed baseline policy in a running sandbox with OpenClaw.
    • Dispatch: gh workflow run e2e-scenarios.yaml --ref <pr-head-ref> --field scenarios=ubuntu-repo-cloud-openclaw

Optional scenario E2E

  • wsl-repo-cloud-openclaw: Optional cross-platform coverage for the same OpenClaw baseline policy on WSL, where apt-installed /usr/bin/node is especially relevant, but it uses a special Windows/WSL runner.
    • Dispatch: gh workflow run e2e-scenarios.yaml --ref <pr-head-ref> --field scenarios=wsl-repo-cloud-openclaw
  • macos-repo-cloud-openclaw: Optional platform sanity for the OpenClaw onboarding path after the baseline policy change; macOS is a special-runner scenario and Docker-dependent sandbox suites are limited there.
    • Dispatch: gh workflow run e2e-scenarios.yaml --ref <pr-head-ref> --field scenarios=macos-repo-cloud-openclaw

Relevant changed files

  • nemoclaw-blueprint/policies/openclaw-sandbox.yaml

@github-actions

github-actions Bot commented Jun 3, 2026

Copy link
Copy Markdown
Contributor

PR Review Advisor

Findings: 1 needs attention, 3 worth checking, 0 nice ideas
Top item: Add runtime validation for the /usr/bin/node plugin-install path

Review findings

🛠️ Needs attention

  • Runtime plugin-install acceptance is not proven (test/validate-blueprint.test.ts:377): Issue [NemoClaw][All Platforms] Default sandbox network policy blocks clawhub, preventing openclaw plugins install from succeeding #4104's expected result is that a plugin resolves, downloads, installs successfully, and appears in `openclaw plugins list`. The new test only asserts the static YAML binary allowlist for `clawhub` and `openclaw_api`; it does not prove OpenShell observes the failing request as `/usr/bin/node` or that `openclaw plugins install` succeeds in a sandbox with the changed baseline policy.
    • Recommendation: Add or point to targeted runtime/integration validation that starts from the apt-installed Node path and verifies `openclaw plugins install <name>` can reach ClawHub/OpenClaw API while the baseline `npm_registry` policy remains restricted to `/usr/local/bin/openclaw`.
    • Evidence: The diff adds an exact config assertion for `clawhub` and `openclaw_api` binaries, but no behavioral sandbox test or runtime fixture covers plugin resolution/download/listing. Deterministic test-depth context also recommends runtime validation for `docs/reference/network-policies.mdx` and `nemoclaw-blueprint/policies/openclaw-sandbox.yaml`.

🔎 Worth checking

  • Source-of-truth review needed: Baseline OpenClaw sandbox policy compatibility for apt-installed Node: The advisor marked localized patch analysis as needs_followup.
  • Baseline egress is widened for system Node without source-boundary justification (nemoclaw-blueprint/policies/openclaw-sandbox.yaml:137): Adding `/usr/bin/node` to the default `clawhub` and `openclaw_api` policies lets any process observed as that exact binary make GET and POST requests to `clawhub.ai` and `openclaw.ai`. The hosts are fixed and this does not grant arbitrary egress, but it is still a baseline least-privilege expansion on a sensitive sandbox network-policy surface.
    • Recommendation: Document why `/usr/bin/node` is a trusted equivalent OpenClaw plugin/skill runtime path, where that path is created, and why normalizing the runtime path is not the better source fix. Keep the allowlist exact and avoid widening `npm_registry` or adding wildcards.
    • Evidence: `clawhub` and `openclaw_api` now include `/usr/bin/node` with GET/POST `/**`; `npm_registry` remains `/usr/local/bin/openclaw` only. Existing comments justify Node generally for skill flows, but the changed policy does not explain the apt-node source boundary.
  • Duplicate active work touches the same policy fix: There is direct overlap with another open PR for the same linked issue and the same three files. That raises drift/conflict risk for this sensitive policy surface.

🌱 Nice ideas

  • None.

Workflow run details

This is an automated advisory review. A human maintainer must make the final merge decision.

@wscurran wscurran added the bug-fix PR fixes a bug or regression label Jun 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug-fix PR fixes a bug or regression

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[NemoClaw][All Platforms] Default sandbox network policy blocks clawhub, preventing openclaw plugins install from succeeding

2 participants