chore(openclaw): upgrade to 2026.6.10 and harden runtime integration#5595
Conversation
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughThis PR upgrades OpenClaw to 2026.6.10, hardens archive and plugin provenance checks, adds diagnostics and self-approval patching, tightens CI and workflow guards, and introduces revision-aware sandbox registry rollback with recovered-route onboarding. ChangesOpenClaw 2026.6.10 upgrade and supporting infrastructure
Sandbox registry reversible removal and rebuild rollback
Estimated code review effort: 5 (Critical) | ~120 minutes Sequence Diagram(s)sequenceDiagram
participant Workflow
participant CheckScript as scripts/check-production-build-args.sh
participant DockerBuild as docker build
Workflow->>CheckScript: validate build args and env
CheckScript-->>Workflow: allow or reject
Workflow->>DockerBuild: run with validated build_args
sequenceDiagram
participant RebuildPipeline
participant DestroyPhase as rebuild-destroy-phase
participant RegistryRollback as createRebuildRegistryRollback
participant RecreatePhase as rebuild-recreate-phase
RebuildPipeline->>DestroyPhase: runRebuildDestroyPhase()
DestroyPhase-->>RebuildPipeline: removalReceipt
RebuildPipeline->>RegistryRollback: recordRemoval(removalReceipt)
RebuildPipeline->>RecreatePhase: runRebuildRecreatePhase(registryRollback)
RecreatePhase->>RegistryRollback: restoreForRetry()
Possibly related PRs
Suggested labels: 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
Code Coverage OverviewLanguages: TypeScript TypeScript / code-coverage/pluginThe overall coverage in the branch is 96%. Coverage data for the branch is not yet available. Show a code coverage summary of the most covered files.
TypeScript / code-coverage/cliThe overall coverage in the branch is 70%. Coverage data for the branch is not yet available. Show a code coverage summary of the most covered files.
Updated |
E2E Advisor RecommendationRequired E2E: Dispatch hint: Full advisor summaryE2E Recommendation AdvisorBase: Required E2E
Optional E2E
New E2E recommendations
Dispatch hint
|
Vitest E2E Scenario RecommendationRequired Vitest E2E scenarios: Dispatch required Vitest E2E scenarios:
Full Vitest E2E advisor summaryVitest E2E Scenario AdvisorBase: Required Vitest E2E scenarios
Optional Vitest E2E scenarios
Relevant changed files
|
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
Dockerfile (1)
39-40: 🧹 Nitpick | 🔵 TrivialRun the Dockerfile-targeted E2E suite before merge.
These changes are in image-build and runtime patch wiring paths; please run the recommended
cloud-e2e,sandbox-survival-e2e,hermes-e2e,rebuild-openclaw-e2e,openclaw-tui-chat-correlation-e2eworkflow set to validate real container behavior.
As per coding guidelines, "Dockerfile... changes are only testable with a real container build" and the listed nightly-e2e jobs are the recommended selective run set.Also applies to: 126-126, 510-517
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@Dockerfile` around lines 39 - 40, This is not a code fix but rather a validation requirement: before merging the Dockerfile changes to OPENCLAW_VERSION and OPENCLAW_2026_6_9_INTEGRITY (and the related changes at lines 126 and 510-517), you must run the recommended E2E test workflow set including cloud-e2e, sandbox-survival-e2e, hermes-e2e, rebuild-openclaw-e2e, and openclaw-tui-chat-correlation-e2e to validate that the container builds successfully and the runtime behavior remains correct with these new version and integrity hash values. Dockerfile changes are only verifiable through actual container builds and the specified nightly-e2e job set is the recommended selective test suite for this type of change.Source: Coding guidelines
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@test/e2e/test-issue-4434-tui-unreachable-inference.sh`:
- Line 26: The EXPECTED_OPENCLAW_VERSION variable assignment on line 26 can
resolve to an empty value, which causes the version verification check using
grep on line 111 to always succeed when given an empty pattern. Add a guard
after line 26 to ensure EXPECTED_OPENCLAW_VERSION is not empty and fail
appropriately if it is. Additionally, update the grep command on line 111 to use
fixed-string matching (grep -F flag) instead of regular expression matching to
properly validate the literal semver value as a fixed string rather than a
pattern.
In `@test/e2e/test-openclaw-tui-chat-correlation.sh`:
- Line 20: The EXPECTED_OPENCLAW_VERSION variable assignment at line 20 can
resolve to an empty string if the sed extraction from Dockerfile.base fails,
which causes the grep assertion at line 50 to become ineffective since grep -Fq
will match empty strings. Add validation immediately after the
EXPECTED_OPENCLAW_VERSION assignment to check that the variable is not empty,
and use a conditional to exit with an error message if the version extraction
fails, ensuring the pinned-version assertion on lines 50-51 actually validates
something meaningful.
---
Nitpick comments:
In `@Dockerfile`:
- Around line 39-40: This is not a code fix but rather a validation requirement:
before merging the Dockerfile changes to OPENCLAW_VERSION and
OPENCLAW_2026_6_9_INTEGRITY (and the related changes at lines 126 and 510-517),
you must run the recommended E2E test workflow set including cloud-e2e,
sandbox-survival-e2e, hermes-e2e, rebuild-openclaw-e2e, and
openclaw-tui-chat-correlation-e2e to validate that the container builds
successfully and the runtime behavior remains correct with these new version and
integrity hash values. Dockerfile changes are only verifiable through actual
container builds and the specified nightly-e2e job set is the recommended
selective test suite for this type of change.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 29550b71-4be1-4bd2-9f64-bf03e6dd372e
📒 Files selected for processing (10)
DockerfileDockerfile.baseagents/openclaw/manifest.yamlnemoclaw/package.jsonscripts/patch-openclaw-chat-send.jstest/e2e-scenario/live/openclaw-tui-chat-correlation.test.tstest/e2e/test-issue-4434-tui-unreachable-inference.shtest/e2e/test-openclaw-tui-chat-correlation.shtest/fetch-guard-patch-regression.test.tstest/openclaw-chat-send-patch.test.ts
PR Review Advisor — Changes requestedMerge posture: Do not merge yet Action checklist
Findings index
Review findings by urgency: 0 required fixes, 1 item to resolve/justify, 1 in-scope improvement
|
Selective E2E Results — ❌ Some jobs failedRun: 27974744043
|
Selective E2E Results — ❌ Some jobs failedRun: 27976420827
|
Selective E2E Results — ❌ Some jobs failedRun: 27976652520
|
Selective E2E Results — ❌ Some jobs failedRun: 27976953419
|
Selective E2E Results — ❌ Some jobs failedRun: 27977193069
|
Selective E2E Results — ❌ Some jobs failedRun: 27977524161
|
Selective E2E Results — ❌ Some jobs failedRun: 27978429157
|
Selective E2E Results — ❌ Some jobs failedRun: 27978910665
|
|
🌿 Preview your docs: https://nvidia-preview-pr-5595.docs.buildwithfern.com/nemoclaw |
Selective E2E Results — ❌ Some jobs failedRun: 27980563206
|
Selective E2E Results — ❌ Some jobs failedRun: 27981428527
|
E2E Target Results — ❌ Some jobs failedRun: 28701818159
|
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
E2E Target Results — ✅ All selected jobs passedRun: 28702387037
|
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
E2E Target Results — ✅ All selected jobs passedRun: 28702496126
|
E2E Target Results — ❌ Some jobs failedRun: 28703058981
|
E2E Target Results — ❌ Some jobs failedRun: 28703052490
|
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
E2E Target Results — ✅ All requested jobs passedRun: 28703588816
|
E2E Target Results — ✅ All requested jobs passedRun: 28703575911
|
E2E Target Results — ✅ All requested jobs passedRun: 28703787702
|
E2E Target Results — ✅ All requested jobs passedRun: 28704016943
|
E2E Target Results — ❌ Some jobs failedRun: 28703774060
|
E2E Target Results — ✅ All default jobs passedRun: 28703774060
|
|
@apurvvkumaria — the requested fixes are complete on final head Final evidence:
The attempt-1 Hermes dashboard readiness timeout passed both an isolated exact-head rerun and the in-place failed-job rerun without code changes; both channel restart lanes were also green. |
The second harness in this file (runRuntimeEnvValidation) was not part of the main-merge conflict, so it kept the pre-merge shape: it ran validate_hermes_runtime_env_secret_boundary — which main's #5595 changed to invoke $_HERMES_PYTHON — without defining _HERMES_PYTHON, and still used the non-portable env -- no-op. Under set -u this aborted with '_HERMES_PYTHON: unbound variable', failing cli-test-shards (3). Align it with the start-env harness: command builtin no-op + _HERMES_PYTHON from command -v python3. Signed-off-by: Prekshi Vyas <prekshiv@nvidia.com>
<!-- markdownlint-disable MD041 --> ## Summary <!-- 1-3 sentences: what this PR does and why. --> Correct the v0.0.75 release-note entry merged in #6371 before the release tag is cut. This follow-up restores the omitted OpenClaw `2026.6.10` upgrade and narrows three claims to the runtime contracts that actually shipped. ## Changes <!-- Bullet list of key changes. --> - #5595 -> `docs/about/release-notes.mdx`: add the bundled OpenClaw `2026.6.10` upgrade and its reviewed package, pairing, and recovery boundaries. - #6370 -> `docs/about/release-notes.mdx`: state that authoritative onboarding restores the gateway provider and inference route during rebuild, before sandbox recreation. - #6335 and #6298 -> `docs/about/release-notes.mdx`: scope the OpenAI frontend to Hermes while retaining the separate OpenAI-only-agent behavior. - #6304 -> `docs/about/release-notes.mdx`: name the non-expiring local Docker-driver sandbox JWT contract precisely and link its gateway-auth review. ## Type of Change - [ ] Code change (feature, bug fix, or refactor) - [ ] Code change with doc updates - [x] Doc only (prose changes, no code sample modifications) - [ ] Doc only (includes code sample changes) ## Quality Gates <!-- Check exactly one tests line and one docs line. Check other lines when applicable. Add every requested justification or approval reference. --> - [ ] Tests added or updated for changed behavior - [ ] Existing tests cover changed behavior — justification: - [x] Tests not applicable — justification: prose-only release-note corrections with no runtime behavior or code samples. - [x] Docs updated for user-facing behavior changes - [ ] Docs not applicable — justification: - [ ] Sensitive paths changed (security, policy, credentials, preflight, onboarding, inference, runner, sandbox, or messaging) - [ ] Sensitive-path review completed or maintainer-approved waiver recorded — reviewer/approval link/justification: - [ ] Non-success, skipped, or missing CI check accepted by maintainer — check name, approval link, and follow-up issue: ## Verification <!-- Check each applicable item only when supported by the requested evidence. Run targeted tests once per relevant change set and rerun after later edits or hook autofixes that can affect the tested behavior. Do not rerun hook-covered checks. --> - [x] PR description includes the DCO sign-off declaration and every commit appears as `Verified` in GitHub - [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or `npm run check:diff` passed when hooks were skipped or unavailable - [x] Targeted behavior tests pass for the current change set, or tests are marked not applicable above — command/result or justification: tests are not applicable; `npm run docs` passed with 0 errors and 2 pre-existing warnings. - [ ] Applicable broad gate passed — `npm test` for broad runtime/test-harness changes; `npm run check` for repo-wide validation/coverage changes — command/result: - [x] Quality Gates section completed with required justifications or waivers - [x] No secrets, API keys, or credentials committed - [ ] `npm run docs` builds without warnings (doc changes only) — result: 0 errors and 2 pre-existing warnings (missing authenticated redirects check and existing light-theme accent contrast). - [x] Doc pages follow the [style guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md) (doc changes only) - [ ] New doc pages include SPDX header and frontmatter (new pages only) --- <!-- DCO sign-off is required in this PR description, and every commit must appear as Verified in GitHub. Run: git config user.name && git config user.email --> Signed-off-by: Aaron Erickson <aerickson@nvidia.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Updated the `v0.0.75` release notes with clearer wording and expanded details. * Added more specific notes about the runtime upgrade, sandbox recovery behavior, and routing safeguards. * Refined the description of inference routing behavior and local Docker-driver sandbox authentication handling. * Adjusted the linked references and final release-note wording for consistency. <!-- end of auto-generated comment: release notes by coderabbit.ai --> Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
Summary
Upgrade NemoClaw to
openclaw@2026.6.10and adapt packaging,compiled-runtime compatibility patches, messaging plugins, rebuild recovery,
and E2E coverage to the reviewed release. The change retains the existing
fail-closed package, credential-recovery, state-restore, and runtime-proof
boundaries while moving one stable patch release forward from 2026.6.9.
Related Issue
order; this PR targets
v0.0.74.Post-tag hardening: close OpenClaw 2026.6.9 trust, live-proof, and compatibility-debt gaps #5896 and are not blockers for the first tag containing this PR.
Changes
openclaw@2026.6.10, diagnostics, Brave, Discord, Slack, WhatsApp, andMicrosoft Teams packages to their reviewed npm SRIs across images,
manifests, package metadata, lifecycle policy, and version-aware tests.
package-controlled lifecycle scripts, and retain the explicit reviewed
OpenClaw postinstall boundary.
package-load hashes, weather skill, and every compiled-dist patch selector.
catalog, Teams message-hint, and [DGX Spark][CLI&UX] openclaw tui shows indefinite spinner with no error when inference endpoint is unreachable #4434 unreachable-inference compatibility
patches bound to the reviewed distribution.
gateway dispatch, and canonical locked-state authorization. Exact bounded
repairs use the existing stored device credential and fail without falling
back to shared/admin credentials or local approval; no Python process reads
or writes device credentials or pairing state.
model, credential binding, endpoint identity, API, and persisted route,
without reading, exporting, or replacing the credential.
default only when no concurrent default transition superseded it.
NEMOCLAW_PREFERRED_APIalong with all other ambient inferenceselectors during rebuild resume, preserving the recorded sandbox route.
could inject legacy fixture overrides through workflow dispatch.
classifier while continuing to permit only recognized
models.jsonenvironment/secret references.
run error:block so unrelated transcript text cannot satisfy the guard.validate the proof port as decimal
1..65535, and construct only the fixedloopback proof URL.
CI while retaining explicit local opt-in proof.
Type of Change
Quality Gates
integration, E2E-support, workflow-contract, package-contract, and real
published-distribution suites exercise every changed boundary.
onboarding, inference, runner, sandbox, or messaging)
reviewer/approval link/justification: final-head maintainer re-review pending.
name, approval link, and follow-up issue: no waiver requested.
Risk Boundaries
shared pre-delete/runtime assessment requires the exact registered route and
gateway binding; missing, oversized, ambiguous, spoofed, or incompatible
metadata fails before deletion or triggers rollback.
therefore also requires authoritative registry route identity and no
conflicting recorded endpoint; the recovery path never updates the provider.
credential, preferred API, or reasoning values from another sandbox.
pointer and persisted selection revision still match. A later explicit
default choice is preserved even when it selects that same fallback value.
legacy versions, and fixture-only integrity/tarball overrides before every
production image build.
models.json; concrete keys, bearer tokens, assignments, and arbitrarycredential values remain rejected.
committed registry
dist.integrity, committed registrydist.tarballURL,and packed-byte SRI before
npm packor plugin installation. Missing ormismatched metadata fails closed; Post-tag hardening: close OpenClaw 2026.6.9 trust, live-proof, and compatibility-debt gaps #5896 remains only the shared-installer
consolidation tracker.
Node execution contexts so each transaction fails before install. Shared
installer consolidation remains Post-tag hardening: close OpenClaw 2026.6.9 trust, live-proof, and compatibility-debt gaps #5896 rather than widening this bump.
fail closed on selector drift; they must be removed when upstream supplies
equivalent behavior.
signed CLI/operator/pairing baseline. A failure rethrows before shared/admin
or local-state fallback, and the handler plus locked writer revalidate the
current pending identity and bounded scopes before token rotation.
sandboxes. Its live guard requires the complete final error block and cannot
borrow diagnostic keywords from earlier output.
are included; Teams evidence remains package/load-boundary evidence.
Verification
Exact head:
5911445d55dfd10b03233b4133195e6d8c8d0e60Current
main:06b78aae3816ffe23eab64e9327ca99407a5a527includes
Signed-off-bynpx prek run --from-ref main --to-ref HEADpasses — all commit/push hookspassed except the deliberately skipped unsharded
test-clicoverage hook;exact-head hosted coverage shards are required below.
npm testpasses (broad runtime changes only) — the unsharded localcoverage hook was attempted on the complete tree but exceeded many existing
5-second per-test limits under coverage on this Mac. Every changed boundary
passes in isolated focused runs; authoritative hosted coverage shards are
required below and no waiver is requested.
npm run docsbuilds without warnings (doc changes only)style guide
(doc changes only)
Local exact-tree evidence:
npm run build:cli,npm run typecheck:cli,npm run typecheck, repositorychecks, Vitest project/import/title checks, and the 1,216-file test-size scan
passed on the merged tree.
destroy, DCode, and recovery suites: 167 CLI tests passed.
and scorecard suite: 83 integration tests passed.
E2E-support tests passed.
messaging build-applier provenance suite: 30 passed.
identity proof passed through the extracted live heredoc path with no pending
request left behind; the executable fixture contract observes
paired.json→device-auth.json→pending.jsonpublication.openclaw@2026.6.10published-tarball SRI, patch application, and patchaudit/config-token gateway harness: 3 passed in 117.43 seconds on Node 22.19
at the current exact head.
Markdown, secret, schema, repository, source-shape, size, and diff checks.
outside this PR; neither is changed here and no waiver is applied to PR CI.
Hosted exact-head requirements before merge:
mainafter all proof completes.Final exact-head hosted evidence:
is green, including all five CLI shards, static checks, build/typecheck,
installer integration, plugin tests, and the aggregate gate.
and sandbox images plus E2E
are green at the exact head and exercised the reviewed OpenClaw and locked
mcporter provenance-reuse paths.
attempt 2 is green: every default-enabled job passed, five explicit-only
jobs were intentionally skipped, and no failures remain.
and the Hermes dashboard rerun
are green at the exact head.
completed successfully. GPT reports zero required and zero new findings.
Its remaining floating-Docker-action warning concerns refs inherited
unchanged from current
main; repository-wide action pinning is acceptedas separate hardening rather than scope for this dependency bump. The
duplicate non-interactive-helper suggestion is likewise a non-blocking
refactor. Nemotron's repeated source-of-truth and structural findings do
not identify a new final-head defect; the applicable integrity, recovery,
trusted-main, and decomposition boundaries are documented above and in
Post-tag hardening: close OpenClaw 2026.6.9 trust, live-proof, and compatibility-debt gaps #5896.
CodeRabbit, CodeQL, and all required contexts are green; all review threads
are resolved. The branch is zero commits behind
main, carries labelv0.0.74, and is mergeable. The only outstanding branch-protection gate isa final approving review; re-review was requested from
@apurvvkumaria.
Rollback Plan
Revert this PR as a unit, restoring the prior OpenClaw pins, integrity values,
plugin-install behavior, state-restore rules, and compatible patch set. Do not
combine the older runtime pin with 2026.6.10 compiled-dist selectors. Rebuild
base and sandbox images, then rerun the affected E2E lanes.
Signed-off-by: Aaron Erickson aerickson@nvidia.com
Summary by CodeRabbit