Skip to content

fix(policy): suppress agent-required preset additions on restricted tier#5798

Merged
jyaunches merged 31 commits into
mainfrom
fix/restricted-tier-strict-presets
Jun 30, 2026
Merged

fix(policy): suppress agent-required preset additions on restricted tier#5798
jyaunches merged 31 commits into
mainfrom
fix/restricted-tier-strict-presets

Conversation

@laitingsheng

@laitingsheng laitingsheng commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

Summary

nemoclaw onboard --policy-tier=restricted (and the interactive equivalent) used to apply openclaw-pricing to OpenClaw sandboxes regardless of the chosen tier, because the suggestion pipeline added it as an OpenClaw-required preset before the tier filter ran. The Restricted tier description promises "no third-party network access beyond inference and core agent tooling", so the pricing fetch — which reaches LiteLLM and OpenRouter — directly contradicts the tier intent. This change suppresses the OpenClaw agent-required additions (openclaw-pricing, and the local OTEL preset when OTEL is enabled) on the Restricted tier at both the suggestion helper and the final application boundary, prints a one-line onboard notice listing what was suppressed and how to reapply it, and documents the stricter Restricted behaviour in the tier definition and reference page.

Related Issue

Fixes #5793

Changes

  • src/lib/onboard/policy-selection.ts: extract a shared agentRequiredPresetAdditions(agent, env) helper so computeSetupPresetSuggestions and suppressedAgentRequiredPresets cannot drift apart. Gate the OpenClaw agent-required adds (openclaw-pricing and requiredOpenclawOtelPolicyPresets) on tierName !== "restricted" inside computeSetupPresetSuggestions, and filter the same set out of chosen and interactiveChoice after mergeRequiredSetupPolicyPresets so the later merge step cannot reintroduce the OTEL preset for restricted + OpenClaw.
  • src/lib/onboard/policy-selection.ts: new exported suppressedAgentRequiredPresets(tierName, agent, env) helper and a follow-up deps.note(...) in setupPoliciesWithSelectionInner that prints Restricted tier suppresses agent-required preset(s): ... Apply later with 'nemoclaw <name> policy-add <preset>' if needed. whenever the helper returns anything.
  • nemoclaw-blueprint/policies/tiers.yaml: extend the Restricted tier description (active voice) to call out that Restricted mode suppresses agent-required preset additions and to point operators at policy-add.
  • docs/reference/network-policies.mdx: mirror the new Restricted description in the tier table (active voice).
  • test/onboard-policy-suggestions.test.ts: ten new tests under computeSetupPresetSuggestions > restricted tier suppresses agent-required preset additions and a new suppressedAgentRequiredPresets block. The OTEL env-var tests save, clear, and restore both NEMOCLAW_OPENCLAW_OTEL and NEMOCLAW_OPENCLAW_OTEL_ENDPOINT so runner-inherited values cannot affect the expectation.
  • test/policy-tiers-onboard.test.ts: three new application-path tests that exercise setupPoliciesWithSelection end-to-end — restricted + OpenClaw applies zero presets in non-interactive suggested mode, restricted + OpenClaw with NEMOCLAW_OPENCLAW_OTEL=1 does not re-add openclaw-diagnostics-otel-local after the required-preset merge, and the suppression note matches the final applied set.

Type of Change

  • Code change (feature, bug fix, or refactor)
  • Code change with doc updates
  • Doc only (prose changes, no code sample modifications)
  • Doc only (includes code sample changes)

Verification

  • PR description includes the DCO sign-off declaration and every commit appears as Verified in GitHub
  • Git hooks passed during commit and push, or npx prek run --from-ref main --to-ref HEAD passes
  • Targeted tests pass for changed behavior
  • Full npm test passes (broad runtime changes only)
  • Tests added or updated for new or changed behavior
  • No secrets, API keys, or credentials committed
  • Docs updated for user-facing behavior changes
  • npm run docs builds without warnings (doc changes only)
  • Doc pages follow the style guide (doc changes only)
  • New doc pages include SPDX header and frontmatter (new pages only)

Signed-off-by: Tinson Lai tinsonl@nvidia.com

Summary by CodeRabbit

  • Documentation

    • Updated “Restricted” network policy tier guidance to clarify that specific agent-required preset additions are suppressed and can be re-applied later with policy-add.
  • New Features

    • Restricted-tier onboarding now suppresses withheld agent-required presets for applicable agents and surfaces a note listing which presets are suppressed.
  • Bug Fixes

    • Correctly limits preset suggestions and prevents restricted presets from being (re-)applied; reconciliation removes previously applied withheld presets.
  • Tests

    • Added unit and integration coverage for Restricted-tier behavior, including OTEL-enabled scenarios and applied-vs-suppressed verification.

@coderabbitai

coderabbitai Bot commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

Restricted-tier policy descriptions were updated to state that agent-required presets are suppressed and must be re-applied later. Onboarding selection now computes, reports, and filters those suppressed presets for OpenClaw restricted mode, and tests cover the new behavior.

Changes

Restricted tier preset suppression

Layer / File(s) Summary
Restricted tier contract
docs/reference/network-policies.mdx, nemoclaw-blueprint/policies/tiers.yaml, src/lib/onboard/policy-selection.ts
The restricted tier description now states that agent-required presets are suppressed in restricted mode, and policy selection adds a restricted-tier constant used by the suppression logic.
Suppression logic
src/lib/onboard/policy-selection.ts
OpenClaw agent-required presets are computed, reported as suppressed only for the restricted tier, filtered from preset lists, and skipped when building preset suggestions.
Onboard selection wiring
src/lib/onboard/policy-selection.ts
Setup computes suppressed preset names, emits a note when any are suppressed, and removes suppressed presets from non-interactive, preservation, and interactive selection paths.
Suppression tests
test/onboard-policy-suggestions.test.ts, test/policy-tiers-onboard.test.ts
The test suite adds environment helpers and assertions for restricted-tier suppression across suggestion output, helper return values, and onboard application flow.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels

area: policy, area: docs

Poem

🐇 I hopped through restricted paths so neat,
and tucked the presets where tests couldీట్?
The docs now whisper, “pause, then add,”
while OpenClaw keeps its footing glad.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly states the main change: suppressing agent-required preset additions on the restricted tier.
Linked Issues check ✅ Passed The changes address #5793 by preventing restricted-tier onboarding from leaving openclaw-pricing or other agent-required presets active.
Out of Scope Changes check ✅ Passed The docs and test updates support the same restricted-tier suppression fix and do not introduce unrelated scope.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/restricted-tier-strict-presets

Comment @coderabbitai help to get the list of available commands.

@laitingsheng laitingsheng added area: onboarding Onboarding FSM, provider setup, sandbox launch, or first-run flow bug-fix PR fixes a bug or regression labels Jun 25, 2026
@github-code-quality

github-code-quality Bot commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

Code Coverage Overview

Languages: TypeScript

TypeScript / code-coverage/plugin

The overall coverage in the branch is 96%. Coverage data for the branch is not yet available.

Show a code coverage summary of the most covered files.
File a24b144 +/-
nemoclaw/src/se...cret-scanner.ts 100%
nemoclaw/src/commands/slash.ts 100%
nemoclaw/src/li...bprocess-env.ts 100%
nemoclaw/src/bl...eprint/state.ts 98%
nemoclaw/src/onboard/config.ts 98%
nemoclaw/src/bl...int/snapshot.ts 97%
nemoclaw/src/bl...print/runner.ts 95%
nemoclaw/src/co...ration-state.ts 94%
nemoclaw/src/bl...ate-networks.ts 94%
nemoclaw/src/index.ts 94%

TypeScript / code-coverage/cli

The overall coverage in the branch is 67%. Coverage data for the branch is not yet available.

Show a code coverage summary of the most covered files.
File a24b144 +/-
src/lib/actions...dbox/rebuild.ts 80%
src/lib/actions...all/run-plan.ts 80%
src/lib/state/o...oard-session.ts 79%
src/lib/state/sandbox.ts 72%
src/lib/onboard/preflight.ts 69%
src/lib/onboard...er-gpu-patch.ts 59%
src/lib/actions...licy-channel.ts 58%
src/lib/policy/index.ts 53%
src/lib/shields/index.ts 51%
src/lib/onboard.ts 20%

Updated June 30, 2026 18:00 UTC
Code Coverage is in Public Preview. Learn more and provide us with your feedback.

@github-actions

Copy link
Copy Markdown
Contributor

@github-actions

github-actions Bot commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

PR Review Advisor — Changes requested

Merge posture: Do not merge yet
Primary next action: Resolve or justify PRA-1: Source-of-truth review needed: Create-time policy tier env fallback in sandbox-create-plan.
Open items: 0 required · 3 warnings · 1 suggestion · 7 test follow-ups
Since last review: 0 prior items resolved · 4 still apply · 0 new items found

Action checklist

  • PRA-1 Resolve or justify: Source-of-truth review needed: Create-time policy tier env fallback in sandbox-create-plan
  • PRA-2 Resolve or justify: Create-time policy tier still reads only env non-interactive state in src/lib/onboard/sandbox-create-plan.ts:28
  • PRA-3 Resolve or justify: Restricted OTEL-local suppression still lacks live OTEL-enabled assertion in test/e2e/live/network-policy.test.ts:922
  • PRA-T1 Add or justify test follow-up: Runtime validation
  • PRA-T2 Add or justify test follow-up: Runtime validation
  • PRA-T3 Add or justify test follow-up: Runtime validation
  • PRA-T4 Add or justify test follow-up: Runtime validation
  • PRA-T5 Add or justify test follow-up: Restricted OTEL-local suppression still lacks live OTEL-enabled assertion
  • PRA-T6 Add or justify test follow-up: Acceptance clause
  • PRA-T7 Add or justify test follow-up: Create-time policy tier env fallback in sandbox-create-plan
  • PRA-4 In-scope improvement: Delete unused scenarioSlug option from restricted onboard helper in test/e2e/live/restricted-onboard-helpers.ts:49

Findings index

ID Severity Category Location Required action
PRA-1 Resolve/justify architecture Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
PRA-2 Resolve/justify correctness src/lib/onboard/sandbox-create-plan.ts:28 Thread the already-validated tier from `onboard.ts` into `prepareSandboxCreatePlan()`, for example `policyTier: isNonInteractive() ? policyTierEnv.resolvePolicyTierFromEnv() : null`, and keep the interactive path explicit `null` so create-time OTEL remains deferred until the operator-selected tier is known.
PRA-3 Resolve/justify tests test/e2e/live/network-policy.test.ts:922 Add a focused live Vitest assertion in the existing network-policy live suite for Restricted OpenClaw with `NEMOCLAW_OPENCLAW_OTEL=1` and the default/local endpoint. Reuse `runRestrictedOnboardWithRetry`, keep the direct CLI/OpenShell boundary, and assert `policy-list` has no active bullets and no `openclaw-diagnostics-otel-local` before any `policy-add`.
PRA-4 Improvement architecture test/e2e/live/restricted-onboard-helpers.ts:49 Remove `scenarioSlug` from `RestrictedOnboardOptions` and delete the `scenarioSlug: "restricted-zero-presets"` argument at the call site, unless this PR also uses it for artifact naming or skip metadata.
Review findings by urgency: 0 required fixes, 3 items to resolve/justify, 1 in-scope improvement

⚠️ Resolve or justify before merge

Investigate these in the current review; either fix them, explain why they are not applicable, or document the accepted risk.

PRA-1 Resolve/justify — Source-of-truth review needed: Create-time policy tier env fallback in sandbox-create-plan

  • Location: not file-specific
  • Category: architecture
  • Problem: The advisor marked localized patch analysis as needs_followup.
  • Impact: A localized workaround can preserve or hide an invalid state when the source boundary is unclear.
  • Recommended action: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Missing regression test: Current tests cover direct helper behavior for unknown/Restricted/non-Restricted tier values, but not flag-only `--non-interactive` without `NEMOCLAW_NON_INTERACTIVE=1`.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Evidence: Covered by the correctness finding: `createSandbox()` omits `policyTier`, and `readPolicyTierEnv()` checks only `process.env.NEMOCLAW_NON_INTERACTIVE === "1"`.

PRA-2 Resolve/justify — Create-time policy tier still reads only env non-interactive state

  • Location: src/lib/onboard/sandbox-create-plan.ts:28
  • Category: correctness
  • Problem: `prepareSandboxCreatePlan()` defaults `policyTier` from `readPolicyTierEnv()`, which trusts `NEMOCLAW_POLICY_TIER` only when `process.env.NEMOCLAW_NON_INTERACTIVE === "1"`. The normal `onboard({ nonInteractive: true })` / `nemoclaw onboard --non-interactive` path sets the module-local `NON_INTERACTIVE` flag in `src/lib/onboard.ts`, but the `createSandbox()` call to `sandboxCreatePlan.prepareSandboxCreatePlan({ ... agentName: agent?.name })` still does not pass the parsed tier or the parsed non-interactive state.
  • Impact: This is fail-closed for Restricted egress, but it changes intended behavior for known non-Restricted flag-only non-interactive runs: with OpenClaw local OTEL enabled, `openclaw-diagnostics-otel-local` is treated as tier-unknown and deferred rather than included in the initial create policy. It also keeps the create-time policy decision on a duplicated environment fallback rather than the onboarding tier source of truth.
  • Recommended action: Thread the already-validated tier from `onboard.ts` into `prepareSandboxCreatePlan()`, for example `policyTier: isNonInteractive() ? policyTierEnv.resolvePolicyTierFromEnv() : null`, and keep the interactive path explicit `null` so create-time OTEL remains deferred until the operator-selected tier is known.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Read `src/lib/onboard.ts` around `NON_INTERACTIVE = opts.nonInteractive ...`, then the `createSandbox()` call to `sandboxCreatePlan.prepareSandboxCreatePlan({ ... agentName: agent?.name })`, and finally `src/lib/onboard/sandbox-create-plan.ts:28`; the only create-time tier fallback is `process.env.NEMOCLAW_NON_INTERACTIVE`, not the parsed CLI flag.
  • Missing regression test: Add a create-plan or CLI-level test named `onboard --non-interactive with NEMOCLAW_POLICY_TIER=balanced and local OTEL passes balanced to prepareInitialSandboxCreatePolicy without NEMOCLAW_NON_INTERACTIVE env`; assert the initial create policy gets `policyTier: "balanced"` or includes `openclaw-diagnostics-otel-local`. Add the matching negative test `interactive onboard with NEMOCLAW_POLICY_TIER=balanced passes null create-time policy tier`.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Read `src/lib/onboard.ts` around `NON_INTERACTIVE = opts.nonInteractive ...`, then the `createSandbox()` call to `sandboxCreatePlan.prepareSandboxCreatePlan({ ... agentName: agent?.name })`, and finally `src/lib/onboard/sandbox-create-plan.ts:28`; the only create-time tier fallback is `process.env.NEMOCLAW_NON_INTERACTIVE`, not the parsed CLI flag.
  • Evidence: `src/lib/onboard.ts` sets `NON_INTERACTIVE` from `opts.nonInteractive`; `createSandbox()` calls `prepareSandboxCreatePlan()` without `policyTier`; `readPolicyTierEnv()` returns `null` unless `process.env.NEMOCLAW_NON_INTERACTIVE === "1"`.

PRA-3 Resolve/justify — Restricted OTEL-local suppression still lacks live OTEL-enabled assertion

  • Location: test/e2e/live/network-policy.test.ts:922
  • Category: tests
  • Problem: The PR adds strong unit/stub coverage for Restricted OpenClaw with `NEMOCLAW_OPENCLAW_OTEL=1`, a default live Restricted scenario that asserts zero active presets, and a live assertion in the broader network-policy scenario that the suppressed preset names are absent. The dedicated live scenario comments still explicitly defer the actual OTEL-enabled default/local endpoint variant.
  • Impact: A regression that only activates `openclaw-diagnostics-otel-local` when OTEL is enabled could pass the no-OTEL zero-preset live scenario and rely on mocked/stubbed policy APIs for detection. That preset grants OpenClaw/node egress to `host.openshell.internal:4318`, so the missing live assertion weakens confidence in the Restricted sandbox egress boundary.
  • Recommended action: Add a focused live Vitest assertion in the existing network-policy live suite for Restricted OpenClaw with `NEMOCLAW_OPENCLAW_OTEL=1` and the default/local endpoint. Reuse `runRestrictedOnboardWithRetry`, keep the direct CLI/OpenShell boundary, and assert `policy-list` has no active bullets and no `openclaw-diagnostics-otel-local` before any `policy-add`.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Read the `restricted-openclaw-policy-suppression` comments in `test/e2e/live/network-policy.test.ts`; they state the OTEL-enabled live variant is deferred while the live zero-active-preset scenario covers no-OTEL onboarding.
  • Missing regression test: Add `network-policy: restricted OpenClaw with NEMOCLAW_OPENCLAW_OTEL=1 leaves policy-list with zero active presets`, using `extraOnboardEnv: { NEMOCLAW_OPENCLAW_OTEL: "1", NEMOCLAW_OPENCLAW_OTEL_ENDPOINT: undefined }`, then parse `policy-list` and assert no `●` bullets and no `openclaw-diagnostics-otel-local` before any policy mutation.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Read the `restricted-openclaw-policy-suppression` comments in `test/e2e/live/network-policy.test.ts`; they state the OTEL-enabled live variant is deferred while the live zero-active-preset scenario covers no-OTEL onboarding.
  • Evidence: Changed tests cover OTEL-enabled suppression in `test/policy-tiers-onboard.test.ts` and stale OTEL cleanup in `test/policy-tiers-onboard-restricted-stale-otel.test.ts`, but the live E2E comment at `test/e2e/live/network-policy.test.ts:922` says the OTEL-enabled live variant is deferred.

💡 In-scope improvements

These are lower-risk, not throwaway. Prefer fixing them in this PR when they are local to changed code; defer only with rationale or a linked follow-up.

PRA-4 Improvement — Delete unused scenarioSlug option from restricted onboard helper

  • Location: test/e2e/live/restricted-onboard-helpers.ts:49
  • Category: architecture
  • Problem: `RestrictedOnboardOptions` includes `scenarioSlug`, and the new live scenario passes it, but `runRestrictedOnboardWithRetry()` and its helper functions never read it. This leaves a dead option in the new E2E helper API.
  • Impact: The unused option makes the helper look more general than it is and invites future callers to rely on naming behavior that does not exist. Keeping the helper small matters because this PR adds new E2E support code in a high-cost live suite.
  • Suggested action: Remove `scenarioSlug` from `RestrictedOnboardOptions` and delete the `scenarioSlug: "restricted-zero-presets"` argument at the call site, unless this PR also uses it for artifact naming or skip metadata.
  • Expected follow-up: Prefer a current-PR fix when local to changed code; defer only with rationale or linked follow-up.
  • Verification: Search `test/e2e/live/restricted-onboard-helpers.ts` and `test/e2e/live/network-policy.test.ts` for `scenarioSlug`; it appears in the type and call site but not in the helper implementation.
  • Missing regression test: No new behavioral regression test is needed; the existing TypeScript/Vitest coverage for the live helper call shape should continue to type-check once the unused option and argument are deleted.
  • Done when: The local improvement is applied, or the PR notes why it should be deferred.
  • Evidence: `test/e2e/live/restricted-onboard-helpers.ts` defines `scenarioSlug: string`, while `attemptRestrictedOnboardOnce()` and `runRestrictedOnboardWithRetry()` only use `scenarioLabel`, artifact prefixes, sandbox name, env, and timeouts.
Simplification opportunities: 1 possible cut, net -2 lines possible

These are safe simplification checks only. Do not remove validation, security controls, data-loss prevention, or required tests.

  • PRA-4 delete (test/e2e/live/restricted-onboard-helpers.ts:49): Remove the `scenarioSlug` property from `RestrictedOnboardOptions` and the matching call-site argument.
    • Replacement: Use the existing `scenarioLabel`, `preCleanupArtifactPrefix`, and `onboardArtifactPrefix` fields, which already drive all observable helper behavior.
    • Net: -2 lines
    • Safety boundary: Do not remove retry behavior, redaction of `apiKey`, Docker/transient-provider handling, or any live OpenShell policy assertions.
Test follow-ups to resolve or justify

If these cover changed behavior, prefer adding them in this PR; otherwise state why existing coverage is enough or link the follow-up.

  • PRA-T1 Runtime validation — onboard --non-interactive with NEMOCLAW_POLICY_TIER=balanced and local OTEL passes balanced to prepareInitialSandboxCreatePolicy without NEMOCLAW_NON_INTERACTIVE env. This PR changes sandbox network policy decisions across create-time, selection, preservation, resume, and live OpenShell policy-list behavior. The added unit/stub coverage is substantial and the default restricted live scenario is valuable, but the OTEL-enabled live runtime boundary and the flag-only non-interactive create-time source remain undercovered.
  • PRA-T2 Runtime validation — interactive onboard with NEMOCLAW_POLICY_TIER=balanced passes null create-time policy tier. This PR changes sandbox network policy decisions across create-time, selection, preservation, resume, and live OpenShell policy-list behavior. The added unit/stub coverage is substantial and the default restricted live scenario is valuable, but the OTEL-enabled live runtime boundary and the flag-only non-interactive create-time source remain undercovered.
  • PRA-T3 Runtime validation — network-policy: restricted OpenClaw with NEMOCLAW_OPENCLAW_OTEL=1 leaves policy-list with zero active presets. This PR changes sandbox network policy decisions across create-time, selection, preservation, resume, and live OpenShell policy-list behavior. The added unit/stub coverage is substantial and the default restricted live scenario is valuable, but the OTEL-enabled live runtime boundary and the flag-only non-interactive create-time source remain undercovered.
  • PRA-T4 Runtime validation — setupPoliciesWithSelection interactive restricted OpenClaw filters preserved openclaw-pricing and applies zero presets after selectTierPresetsAndAccess. This PR changes sandbox network policy decisions across create-time, selection, preservation, resume, and live OpenShell policy-list behavior. The added unit/stub coverage is substantial and the default restricted live scenario is valuable, but the OTEL-enabled live runtime boundary and the flag-only non-interactive create-time source remain undercovered.
  • PRA-T5 Restricted OTEL-local suppression still lacks live OTEL-enabled assertion — Add a focused live Vitest assertion in the existing network-policy live suite for Restricted OpenClaw with `NEMOCLAW_OPENCLAW_OTEL=1` and the default/local endpoint. Reuse `runRestrictedOnboardWithRetry`, keep the direct CLI/OpenShell boundary, and assert `policy-list` has no active bullets and no `openclaw-diagnostics-otel-local` before any `policy-add`.
  • PRA-T6 Acceptance clause — 1. Install NemoClaw v0.0.67 — add test evidence or identify existing coverage. This is historical reproduction context for the released bug; the PR changes current source and does not include v0.0.67 installation behavior.
  • PRA-T7 Create-time policy tier env fallback in sandbox-create-plan — Current tests cover direct helper behavior for unknown/Restricted/non-Restricted tier values, but not flag-only `--non-interactive` without `NEMOCLAW_NON_INTERACTIVE=1`.. Covered by the correctness finding: `createSandbox()` omits `policyTier`, and `readPolicyTierEnv()` checks only `process.env.NEMOCLAW_NON_INTERACTIVE === "1"`.
Since last review details

Current findings, using the urgency labels above:

PRA-1 Resolve/justify — Source-of-truth review needed: Create-time policy tier env fallback in sandbox-create-plan

  • Location: not file-specific
  • Category: architecture
  • Problem: The advisor marked localized patch analysis as needs_followup.
  • Impact: A localized workaround can preserve or hide an invalid state when the source boundary is unclear.
  • Recommended action: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Missing regression test: Current tests cover direct helper behavior for unknown/Restricted/non-Restricted tier values, but not flag-only `--non-interactive` without `NEMOCLAW_NON_INTERACTIVE=1`.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Evidence: Covered by the correctness finding: `createSandbox()` omits `policyTier`, and `readPolicyTierEnv()` checks only `process.env.NEMOCLAW_NON_INTERACTIVE === "1"`.

PRA-2 Resolve/justify — Create-time policy tier still reads only env non-interactive state

  • Location: src/lib/onboard/sandbox-create-plan.ts:28
  • Category: correctness
  • Problem: `prepareSandboxCreatePlan()` defaults `policyTier` from `readPolicyTierEnv()`, which trusts `NEMOCLAW_POLICY_TIER` only when `process.env.NEMOCLAW_NON_INTERACTIVE === "1"`. The normal `onboard({ nonInteractive: true })` / `nemoclaw onboard --non-interactive` path sets the module-local `NON_INTERACTIVE` flag in `src/lib/onboard.ts`, but the `createSandbox()` call to `sandboxCreatePlan.prepareSandboxCreatePlan({ ... agentName: agent?.name })` still does not pass the parsed tier or the parsed non-interactive state.
  • Impact: This is fail-closed for Restricted egress, but it changes intended behavior for known non-Restricted flag-only non-interactive runs: with OpenClaw local OTEL enabled, `openclaw-diagnostics-otel-local` is treated as tier-unknown and deferred rather than included in the initial create policy. It also keeps the create-time policy decision on a duplicated environment fallback rather than the onboarding tier source of truth.
  • Recommended action: Thread the already-validated tier from `onboard.ts` into `prepareSandboxCreatePlan()`, for example `policyTier: isNonInteractive() ? policyTierEnv.resolvePolicyTierFromEnv() : null`, and keep the interactive path explicit `null` so create-time OTEL remains deferred until the operator-selected tier is known.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Read `src/lib/onboard.ts` around `NON_INTERACTIVE = opts.nonInteractive ...`, then the `createSandbox()` call to `sandboxCreatePlan.prepareSandboxCreatePlan({ ... agentName: agent?.name })`, and finally `src/lib/onboard/sandbox-create-plan.ts:28`; the only create-time tier fallback is `process.env.NEMOCLAW_NON_INTERACTIVE`, not the parsed CLI flag.
  • Missing regression test: Add a create-plan or CLI-level test named `onboard --non-interactive with NEMOCLAW_POLICY_TIER=balanced and local OTEL passes balanced to prepareInitialSandboxCreatePolicy without NEMOCLAW_NON_INTERACTIVE env`; assert the initial create policy gets `policyTier: "balanced"` or includes `openclaw-diagnostics-otel-local`. Add the matching negative test `interactive onboard with NEMOCLAW_POLICY_TIER=balanced passes null create-time policy tier`.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Read `src/lib/onboard.ts` around `NON_INTERACTIVE = opts.nonInteractive ...`, then the `createSandbox()` call to `sandboxCreatePlan.prepareSandboxCreatePlan({ ... agentName: agent?.name })`, and finally `src/lib/onboard/sandbox-create-plan.ts:28`; the only create-time tier fallback is `process.env.NEMOCLAW_NON_INTERACTIVE`, not the parsed CLI flag.
  • Evidence: `src/lib/onboard.ts` sets `NON_INTERACTIVE` from `opts.nonInteractive`; `createSandbox()` calls `prepareSandboxCreatePlan()` without `policyTier`; `readPolicyTierEnv()` returns `null` unless `process.env.NEMOCLAW_NON_INTERACTIVE === "1"`.

PRA-3 Resolve/justify — Restricted OTEL-local suppression still lacks live OTEL-enabled assertion

  • Location: test/e2e/live/network-policy.test.ts:922
  • Category: tests
  • Problem: The PR adds strong unit/stub coverage for Restricted OpenClaw with `NEMOCLAW_OPENCLAW_OTEL=1`, a default live Restricted scenario that asserts zero active presets, and a live assertion in the broader network-policy scenario that the suppressed preset names are absent. The dedicated live scenario comments still explicitly defer the actual OTEL-enabled default/local endpoint variant.
  • Impact: A regression that only activates `openclaw-diagnostics-otel-local` when OTEL is enabled could pass the no-OTEL zero-preset live scenario and rely on mocked/stubbed policy APIs for detection. That preset grants OpenClaw/node egress to `host.openshell.internal:4318`, so the missing live assertion weakens confidence in the Restricted sandbox egress boundary.
  • Recommended action: Add a focused live Vitest assertion in the existing network-policy live suite for Restricted OpenClaw with `NEMOCLAW_OPENCLAW_OTEL=1` and the default/local endpoint. Reuse `runRestrictedOnboardWithRetry`, keep the direct CLI/OpenShell boundary, and assert `policy-list` has no active bullets and no `openclaw-diagnostics-otel-local` before any `policy-add`.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Read the `restricted-openclaw-policy-suppression` comments in `test/e2e/live/network-policy.test.ts`; they state the OTEL-enabled live variant is deferred while the live zero-active-preset scenario covers no-OTEL onboarding.
  • Missing regression test: Add `network-policy: restricted OpenClaw with NEMOCLAW_OPENCLAW_OTEL=1 leaves policy-list with zero active presets`, using `extraOnboardEnv: { NEMOCLAW_OPENCLAW_OTEL: "1", NEMOCLAW_OPENCLAW_OTEL_ENDPOINT: undefined }`, then parse `policy-list` and assert no `●` bullets and no `openclaw-diagnostics-otel-local` before any policy mutation.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Read the `restricted-openclaw-policy-suppression` comments in `test/e2e/live/network-policy.test.ts`; they state the OTEL-enabled live variant is deferred while the live zero-active-preset scenario covers no-OTEL onboarding.
  • Evidence: Changed tests cover OTEL-enabled suppression in `test/policy-tiers-onboard.test.ts` and stale OTEL cleanup in `test/policy-tiers-onboard-restricted-stale-otel.test.ts`, but the live E2E comment at `test/e2e/live/network-policy.test.ts:922` says the OTEL-enabled live variant is deferred.

PRA-4 Improvement — Delete unused scenarioSlug option from restricted onboard helper

  • Location: test/e2e/live/restricted-onboard-helpers.ts:49
  • Category: architecture
  • Problem: `RestrictedOnboardOptions` includes `scenarioSlug`, and the new live scenario passes it, but `runRestrictedOnboardWithRetry()` and its helper functions never read it. This leaves a dead option in the new E2E helper API.
  • Impact: The unused option makes the helper look more general than it is and invites future callers to rely on naming behavior that does not exist. Keeping the helper small matters because this PR adds new E2E support code in a high-cost live suite.
  • Suggested action: Remove `scenarioSlug` from `RestrictedOnboardOptions` and delete the `scenarioSlug: "restricted-zero-presets"` argument at the call site, unless this PR also uses it for artifact naming or skip metadata.
  • Expected follow-up: Prefer a current-PR fix when local to changed code; defer only with rationale or linked follow-up.
  • Verification: Search `test/e2e/live/restricted-onboard-helpers.ts` and `test/e2e/live/network-policy.test.ts` for `scenarioSlug`; it appears in the type and call site but not in the helper implementation.
  • Missing regression test: No new behavioral regression test is needed; the existing TypeScript/Vitest coverage for the live helper call shape should continue to type-check once the unused option and argument are deleted.
  • Done when: The local improvement is applied, or the PR notes why it should be deferred.
  • Evidence: `test/e2e/live/restricted-onboard-helpers.ts` defines `scenarioSlug: string`, while `attemptRestrictedOnboardOnce()` and `runRestrictedOnboardWithRetry()` only use `scenarioLabel`, artifact prefixes, sandbox name, env, and timeouts.

Workflow run details

This is an automated, non-binding review; it still expects maintainers and agents to respond to each required or warning item. Treat suggestions as current-PR improvements when they touch changed code; defer only with maintainer rationale or a linked follow-up. A human maintainer must make the final merge decision.

@github-actions

github-actions Bot commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

E2E Advisor Recommendation

Required E2E: onboard-resume, onboard-repair, network-policy, cloud-onboard
Optional E2E: full-e2e

Dispatch hint: onboard-resume,onboard-repair,network-policy,cloud-onboard

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

  • onboard-resume (medium): Required by the onboarding resume rule because the PR changes machine policy-state resume selection and skip/reconcile conditions. This validates interrupted onboarding resume against a real sandbox.
  • onboard-repair (medium): Required by the onboarding resume rule because repair and resume state transitions share the changed policy-state reconciliation paths. This validates repair behavior when onboarding state or live sandbox state needs correction.
  • network-policy (high): Required because the PR changes network-policy tier semantics, create-time policy preset injection, restricted-tier suppression, and the live network-policy E2E itself. This validates real OpenShell policy application and egress behavior.
  • cloud-onboard (high): Required because the changes affect full hosted OpenClaw onboarding: non-interactive policy tier selection, sandbox create-time policy construction, and post-boot policy preset application.

Optional E2E

  • full-e2e (high): Useful additional confidence for the general install → onboard → sandbox verify → live inference journey, but cloud-onboard plus the targeted resume/repair/network-policy jobs cover the specific changed risk areas.

New E2E recommendations

  • None.

Dispatch hint

  • Workflow: .github/workflows/e2e.yaml
  • jobs input: onboard-resume,onboard-repair,network-policy,cloud-onboard

@github-actions

github-actions Bot commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

Vitest E2E Scenario Recommendation

Required Vitest E2E scenarios: network-policy-vitest, onboard-resume-vitest, onboard-repair-vitest
Optional Vitest E2E scenarios: None

Dispatch required Vitest E2E scenarios:

  • gh workflow run e2e-vitest-scenarios.yaml --ref <pr-head-ref> --field jobs=network-policy-vitest
  • gh workflow run e2e-vitest-scenarios.yaml --ref <pr-head-ref> --field jobs=onboard-resume-vitest
  • gh workflow run e2e-vitest-scenarios.yaml --ref <pr-head-ref> --field jobs=onboard-repair-vitest

Workflow run

Full Vitest E2E advisor summary

Vitest E2E Scenario Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required Vitest E2E scenarios

  • network-policy-vitest: Focused free-standing Vitest job wired for changed live test test/e2e-scenario/live/network-policy.test.ts.
    • Dispatch: gh workflow run e2e-vitest-scenarios.yaml --ref <pr-head-ref> --field jobs=network-policy-vitest
  • onboard-resume-vitest: The PR changes onboard machine policy-state resume selection and reconciliation paths, including persisted policy tier handling and suppression of live agent-required presets. The onboarding resume compatibility rule requires this live Vitest job.
    • Dispatch: gh workflow run e2e-vitest-scenarios.yaml --ref <pr-head-ref> --field jobs=onboard-resume-vitest
  • onboard-repair-vitest: The same onboard state-machine resume and persisted-session policy reconciliation changes can affect repair/backstop execution from persisted sessions, so the onboarding resume compatibility rule requires the repair live Vitest job as well.
    • Dispatch: gh workflow run e2e-vitest-scenarios.yaml --ref <pr-head-ref> --field jobs=onboard-repair-vitest

Optional Vitest E2E scenarios

  • None.

Relevant changed files

  • nemoclaw-blueprint/policies/tiers.yaml
  • src/lib/onboard.ts
  • src/lib/onboard/initial-policy.ts
  • src/lib/onboard/machine/handlers/policies.ts
  • src/lib/onboard/policy-resume-selection.ts
  • src/lib/onboard/policy-selection.ts
  • src/lib/onboard/policy-tier-suppression.ts
  • src/lib/onboard/sandbox-create-plan.ts
  • test/e2e-scenario/live/network-policy.test.ts
  • test/e2e-scenario/live/restricted-onboard-helpers.ts

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (2)
docs/reference/network-policies.mdx (1)

71-71: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Passive voice in tier description.

"Agent-required preset additions ... are suppressed" is passive. Consider rephrasing actively, e.g. "Restricted mode suppresses agent-required preset additions, such as OpenClaw pricing fetches; reapply them later with policy-add ...".

As per path instructions: "Active voice required. Flag passive constructions."

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/reference/network-policies.mdx` at line 71, The Restricted tier
description uses passive voice in the sentence about agent-required preset
additions, so rewrite it in active voice. Update the wording in the
network-policies documentation so the Restricted mode is the actor that
suppresses those additions, while preserving the meaning about OpenClaw pricing
fetches and reapplying them later with policy-add if needed.

Source: Path instructions

src/lib/onboard/policy-selection.ts (1)

146-154: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Optional: reuse the helper to avoid divergence.

suppressedAgentRequiredPresets (Line 153) and the inline append in computeSetupPresetSuggestions (Lines 191-194) compute the same openclaw-pricing + required-OTEL list under the same restricted/Openclaw conditions. Consider deriving one from the other so the suppression list and the gated additions cannot drift apart.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/onboard/policy-selection.ts` around lines 146 - 154, The
restricted/Openclaw preset logic is duplicated between
suppressedAgentRequiredPresets and the inline append in
computeSetupPresetSuggestions, which risks the two lists drifting apart.
Refactor computeSetupPresetSuggestions to derive its gated additions from
suppressedAgentRequiredPresets, or extract a shared helper used by both. Keep
the existing RESTRICTED_TIER_NAME and isOpenclawAgent checks in one place, and
ensure the returned preset list remains the same in both paths.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/onboard-policy-suggestions.test.ts`:
- Around line 494-506: The test around suppressedAgentRequiredPresets is only
isolating NEMOCLAW_OPENCLAW_OTEL, so it can accidentally inherit
NEMOCLAW_OPENCLAW_OTEL_ENDPOINT from the runner and change whether
openclaw-diagnostics-otel-local is included. Update this test to save, clear,
and restore NEMOCLAW_OPENCLAW_OTEL_ENDPOINT alongside the existing env var
handling in the suppressedAgentRequiredPresets assertion block so the
expectation stays deterministic.

---

Nitpick comments:
In `@docs/reference/network-policies.mdx`:
- Line 71: The Restricted tier description uses passive voice in the sentence
about agent-required preset additions, so rewrite it in active voice. Update the
wording in the network-policies documentation so the Restricted mode is the
actor that suppresses those additions, while preserving the meaning about
OpenClaw pricing fetches and reapplying them later with policy-add if needed.

In `@src/lib/onboard/policy-selection.ts`:
- Around line 146-154: The restricted/Openclaw preset logic is duplicated
between suppressedAgentRequiredPresets and the inline append in
computeSetupPresetSuggestions, which risks the two lists drifting apart.
Refactor computeSetupPresetSuggestions to derive its gated additions from
suppressedAgentRequiredPresets, or extract a shared helper used by both. Keep
the existing RESTRICTED_TIER_NAME and isOpenclawAgent checks in one place, and
ensure the returned preset list remains the same in both paths.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: ebd267a5-4321-4b59-bde2-f9d1d2632167

📥 Commits

Reviewing files that changed from the base of the PR and between e3b8325 and 53170ea.

📒 Files selected for processing (5)
  • docs/reference/network-policies.mdx
  • nemoclaw-blueprint/policies/tiers.yaml
  • src/lib/onboard.ts
  • src/lib/onboard/policy-selection.ts
  • test/onboard-policy-suggestions.test.ts

Comment thread test/onboard-policy-suggestions.test.ts Outdated
@wscurran wscurran added the NV QA Bugs found by the NVIDIA QA Team label Jun 26, 2026

@cv cv left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM after addressing feedback

…dary

Signed-off-by: Tinson Lai <tinsonl@nvidia.com>
…wth guardrail

Signed-off-by: Tinson Lai <tinsonl@nvidia.com>
@github-actions

Copy link
Copy Markdown
Contributor

Selective E2E Results — ❌ Some jobs failed

Run: 28227482209
Target ref: 5c17ae7af5406d93535a2adb376f5a55e2d68cfd
Workflow ref: main
Requested jobs: onboard-resume-e2e
Summary: 0 passed, 1 failed, 0 cancelled, 0 skipped

Job Result
onboard-resume-e2e ❌ failure

Failed jobs: onboard-resume-e2e. Check run artifacts for logs.

Signed-off-by: Tinson Lai <tinsonl@nvidia.com>
@github-actions

Copy link
Copy Markdown
Contributor

Selective E2E Results — ❌ Some jobs failed

Run: 28228069681
Target ref: 4b2facec83531a0cc27adb492584973f93a98e13
Workflow ref: main
Requested jobs: onboard-resume-e2e
Summary: 0 passed, 1 failed, 0 cancelled, 0 skipped

Job Result
onboard-resume-e2e ❌ failure

Failed jobs: onboard-resume-e2e. Check run artifacts for logs.

Signed-off-by: Tinson Lai <tinsonl@nvidia.com>
Signed-off-by: Tinson Lai <tinsonl@nvidia.com>
Signed-off-by: Tinson Lai <tinsonl@nvidia.com>
@github-actions

Copy link
Copy Markdown
Contributor

Selective E2E Results — ❌ Some jobs failed

Run: 28230568188
Target ref: 07c489967210ec5ffdb0e7dba1f174336c1f0722
Workflow ref: main
Requested jobs: onboard-resume-e2e
Summary: 0 passed, 1 failed, 0 cancelled, 0 skipped

Job Result
onboard-resume-e2e ❌ failure

Failed jobs: onboard-resume-e2e. Check run artifacts for logs.

@github-actions

Copy link
Copy Markdown
Contributor

Vitest E2E Scenario Results — ❌ Some jobs failed

Run: 28230500053
Workflow ref: fix/restricted-tier-strict-presets
Requested scenarios: (default — all supported)
Requested jobs: network-policy-vitest,onboard-resume-vitest,onboard-repair-vitest
Summary: 2 passed, 1 failed, 0 cancelled, 0 skipped

Job Result
network-policy-vitest ❌ failure
onboard-repair-vitest ✅ success
onboard-resume-vitest ✅ success

Failed jobs: network-policy-vitest. Check run artifacts for logs.

@github-actions

Copy link
Copy Markdown
Contributor

Selective E2E Results — ❌ Some jobs failed

Run: 28231278562
Target ref: a0f9089450c0e0db02b9d252c8876d1277642f94
Workflow ref: main
Requested jobs: onboard-resume-e2e
Summary: 0 passed, 1 failed, 0 cancelled, 0 skipped

Job Result
onboard-resume-e2e ❌ failure

Failed jobs: onboard-resume-e2e. Check run artifacts for logs.

Signed-off-by: Tinson Lai <tinsonl@nvidia.com>
@github-actions

Copy link
Copy Markdown
Contributor

Selective E2E Results — ❌ Some jobs failed

Run: 28233348761
Target ref: 4c83ae385aca47a0fad3966d1a62fe6f63340df6
Workflow ref: main
Requested jobs: onboard-resume-e2e
Summary: 0 passed, 1 failed, 0 cancelled, 0 skipped

Job Result
onboard-resume-e2e ❌ failure

Failed jobs: onboard-resume-e2e. Check run artifacts for logs.

Signed-off-by: Tinson Lai <tinsonl@nvidia.com>
@github-actions

Copy link
Copy Markdown
Contributor

Selective E2E Results — ❌ Some jobs failed

Run: 28235814381
Target ref: 76be43936de6dfe3c3201fbca3d934bde46a7191
Workflow ref: main
Requested jobs: onboard-resume-e2e
Summary: 0 passed, 1 failed, 0 cancelled, 0 skipped

Job Result
onboard-resume-e2e ❌ failure

Failed jobs: onboard-resume-e2e. Check run artifacts for logs.

Signed-off-by: Tinson Lai <tinsonl@nvidia.com>
@github-actions

Copy link
Copy Markdown
Contributor

Selective E2E Results — ❌ Some jobs failed

Run: 28236237588
Target ref: f599cf7e992a446b2cb5f8f068672884c11ac39c
Workflow ref: main
Requested jobs: onboard-resume-e2e
Summary: 0 passed, 1 failed, 0 cancelled, 0 skipped

Job Result
onboard-resume-e2e ❌ failure

Failed jobs: onboard-resume-e2e. Check run artifacts for logs.

…ive on restricted resume

Signed-off-by: Tinson Lai <tinsonl@nvidia.com>
Comment thread src/lib/onboard/policy-selection.ts Fixed
Comment thread src/lib/onboard/policy-selection.ts Fixed
…d by CodeQL

Signed-off-by: Tinson Lai <tinsonl@nvidia.com>
@github-actions

Copy link
Copy Markdown
Contributor

Selective E2E Results — ❌ Some jobs failed

Run: 28291522650
Target ref: 1db243692dc8ca0fe4b4efaf2c317b626a3cb38e
Workflow ref: main
Requested jobs: onboard-resume-e2e
Summary: 0 passed, 1 failed, 0 cancelled, 0 skipped

Job Result
onboard-resume-e2e ❌ failure

Failed jobs: onboard-resume-e2e. Check run artifacts for logs.

…tier

Signed-off-by: Tinson Lai <tinsonl@nvidia.com>
…board.ts

Signed-off-by: Tinson Lai <tinsonl@nvidia.com>
@github-actions

Copy link
Copy Markdown
Contributor

Selective E2E Results — ❌ Some jobs failed

Run: 28292425428
Target ref: b985d7809adc0112675a7a03d2ca6711f59144d2
Workflow ref: main
Requested jobs: onboard-resume-e2e
Summary: 0 passed, 1 failed, 0 cancelled, 0 skipped

Job Result
onboard-resume-e2e ❌ failure

Failed jobs: onboard-resume-e2e. Check run artifacts for logs.

@github-actions

Copy link
Copy Markdown
Contributor

Selective E2E Results — ✅ All requested jobs passed

Run: 28293019672
Target ref: 1aacda718f75cab9fb8da7b4600f78161bd0a18c
Workflow ref: main
Requested jobs: onboard-resume-e2e
Summary: 1 passed, 0 failed, 0 cancelled, 0 skipped

Job Result
onboard-resume-e2e ✅ success

… keep test isolation

Signed-off-by: Tinson Lai <tinsonl@nvidia.com>
@github-actions

Copy link
Copy Markdown
Contributor

Selective E2E Results — ✅ All requested jobs passed

Run: 28293572844
Target ref: 2378c0c709cba835c4012bdaf2e1df686e40024d
Workflow ref: main
Requested jobs: onboard-resume-e2e
Summary: 1 passed, 0 failed, 0 cancelled, 0 skipped

Job Result
onboard-resume-e2e ✅ success

…restricted tier

Signed-off-by: Tinson Lai <tinsonl@nvidia.com>
@github-actions

Copy link
Copy Markdown
Contributor

Selective E2E Results — ✅ All requested jobs passed

Run: 28293835725
Target ref: bea83addab4b426d9472c2b3b467528265e310d9
Workflow ref: main
Requested jobs: onboard-resume-e2e
Summary: 1 passed, 0 failed, 0 cancelled, 0 skipped

Job Result
onboard-resume-e2e ✅ success

…reate-time path

Signed-off-by: Tinson Lai <tinsonl@nvidia.com>
@github-actions

Copy link
Copy Markdown
Contributor

Selective E2E Results — ✅ All requested jobs passed

Run: 28294148783
Target ref: 3848465e17f25d658586a77a81255eccf4a658ba
Workflow ref: main
Requested jobs: onboard-resume-e2e
Summary: 1 passed, 0 failed, 0 cancelled, 0 skipped

Job Result
onboard-resume-e2e ✅ success

@laitingsheng laitingsheng added the v0.0.69 Release target label Jun 27, 2026
@cv cv added v0.0.71 Release target and removed v0.0.69 Release target labels Jun 28, 2026
prekshivyas and others added 2 commits June 30, 2026 10:33
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Tinson Lai <tinsonl@nvidia.com>
@github-actions

github-actions Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

E2E Target Recommendation

Required E2E targets: network-policy, onboard-resume, onboard-repair
Optional E2E targets: None

Dispatch required E2E targets:

  • gh workflow run e2e.yaml --ref <pr-head-ref> --field jobs=network-policy
  • gh workflow run e2e.yaml --ref <pr-head-ref> --field jobs=onboard-resume
  • gh workflow run e2e.yaml --ref <pr-head-ref> --field jobs=onboard-repair

Workflow run

Full E2E target advisor summary

E2E Target Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E targets

  • network-policy: Focused free-standing E2E job wired for changed live test test/e2e/live/network-policy.test.ts.
    • Dispatch: gh workflow run e2e.yaml --ref <pr-head-ref> --field jobs=network-policy
  • onboard-resume: Changes touch src/lib/onboard/machine policy handling, policy resume selection, and persisted tier/preset reconciliation; the onboarding resume rule requires the onboard-resume live job for these state-machine resume paths.
    • Dispatch: gh workflow run e2e.yaml --ref <pr-head-ref> --field jobs=onboard-resume
  • onboard-repair: The same persisted-session policy reconciliation changes can affect repair/backstop execution from existing sessions, so onboard-repair is required alongside onboard-resume.
    • Dispatch: gh workflow run e2e.yaml --ref <pr-head-ref> --field jobs=onboard-repair

Optional E2E targets

  • None.

Relevant changed files

  • nemoclaw-blueprint/policies/tiers.yaml
  • src/lib/onboard.ts
  • src/lib/onboard/initial-policy.ts
  • src/lib/onboard/machine/handlers/policies.ts
  • src/lib/onboard/policy-resume-selection.ts
  • src/lib/onboard/policy-selection.ts
  • src/lib/onboard/policy-tier-suppression.ts
  • src/lib/onboard/sandbox-create-plan.ts
  • test/e2e/live/network-policy.test.ts
  • test/e2e/live/restricted-onboard-helpers.ts

Signed-off-by: Tinson Lai <tinsonl@nvidia.com>
@jyaunches jyaunches merged commit e10462f into main Jun 30, 2026
43 checks passed
@jyaunches jyaunches deleted the fix/restricted-tier-strict-presets branch June 30, 2026 18:16
@jyaunches jyaunches mentioned this pull request Jun 30, 2026
21 tasks
jyaunches added a commit that referenced this pull request Jun 30, 2026
<!-- markdownlint-disable MD041 -->
## Summary
Refreshes the public documentation for NemoClaw v0.0.71 after scanning
commits since v0.0.70. Adds release notes and fills the remaining doc
gaps for Windows bootstrap diagnostics, OpenClaw agent auto-relock
warnings, auto-pair cadence tuning, and plugin-install recovery hints.

## Changes
- `docs/about/release-notes.mdx`: adds the v0.0.71 release-note section,
grouped by gateway recovery, OpenShell auth, policy provenance, day-two
maintenance, messaging/inference, and Windows setup.
- `docs/get-started/windows-preparation.mdx`: documents sanitized WSL
install output and reboot gating in the Windows bootstrap.
- `docs/reference/commands.mdx`: documents the host `agent` wrapper's
shields auto-relock warning and OpenClaw auto-pair watcher tuning
variables.
- `docs/reference/troubleshooting.mdx`: adds plugin-install network
failure recovery guidance and updates Windows WSL troubleshooting for
sanitized install logs and reboot-required handling.

Source summary:
- #6065 -> `docs/about/release-notes.mdx`: Notes explicit model override
preservation and gateway-log guard-chain recovery diagnostics.
- #5874 -> `docs/about/release-notes.mdx`: Summarizes host-mediated
`recover` and `gateway restart`, linking to lifecycle, command,
troubleshooting, and trusted-boundary docs already added by the source
PR.
- #5596 -> `docs/about/release-notes.mdx`: Summarizes OpenShell 0.0.71
gateway auth, loopback binding, and compatibility-container docs already
added by the source PR.
- #5797 and #5798 -> `docs/about/release-notes.mdx`: Summarizes
`policy-list` provenance, Restricted tier suppression, and Balanced tier
weather behavior already reflected in policy docs.
- #5784 -> `docs/about/release-notes.mdx`: Summarizes
`--destroy-user-data` and the safe `--yes` uninstall behavior already
documented in lifecycle and command docs.
- #6034 -> `docs/about/release-notes.mdx`: Summarizes custom Dockerfile
warm-build cache behavior already documented in the command reference.
- #5951 -> `docs/reference/commands.mdx`: Documents the stderr-only host
`agent` wrapper warning after recent shields auto-relock.
- #5387 -> `docs/reference/commands.mdx`: Documents OpenClaw auto-pair
watcher cadence and fast-reentry tuning variables.
- #5835 -> `docs/reference/troubleshooting.mdx`: Adds recovery guidance
for OpenClaw plugin-install network failures.
- #5995 and #5956 -> `docs/about/release-notes.mdx`: Summarizes
Microsoft Teams final-message delivery and runtime mention hints already
covered by messaging docs.
- #5716 -> `docs/about/release-notes.mdx`: Summarizes non-interactive
Ollama loopback safety already covered by local inference docs.
- #5505, #5527, and #5528 -> `docs/about/release-notes.mdx`: Summarizes
compatible local endpoint, model task-fit, and model capability audit
docs.
- #6009 -> `docs/get-started/windows-preparation.mdx`,
`docs/reference/troubleshooting.mdx`: Documents sanitized Windows
bootstrap WSL output and reboot-required gating.
- #6055 -> no additional source doc page change needed beyond the
already-merged quickstart update; release notes did not duplicate
routine quickstart cleanup.

No matching v0.0.71 GitHub announcement discussion was found in the
latest 20 discussions, so this refresh is based on the commit scan and
existing source PR docs.

## Type of Change

- [ ] Code change (feature, bug fix, or refactor)
- [ ] Code change with doc updates
- [ ] Doc only (prose changes, no code sample modifications)
- [x] Doc only (includes code sample changes)

## Quality Gates
<!-- Check all that apply. For any "covered by existing tests", "not
applicable", or waiver entry, add a brief justification on the same line
or in the Changes section. -->
- [ ] Tests added or updated for changed behavior
- [ ] Existing tests cover changed behavior — justification:
- [x] Tests not applicable — justification: docs-only refresh with no
runtime behavior changes.
- [x] Docs updated for user-facing behavior changes
- [ ] Docs not applicable — justification:
- [ ] Sensitive paths changed (security, policy, credentials, preflight,
onboarding, inference, runner, sandbox, or messaging)
- [ ] Sensitive-path review completed or maintainer-approved waiver
recorded — reviewer/approval link/justification:
- [ ] Non-success, skipped, or missing CI check accepted by maintainer —
check name, approval link, and follow-up issue:

## Verification
<!-- Check each item you ran and confirmed. Leave unchecked items you
skipped. Doc-only changes do not require npm test unless you ran it. -->
- [x] PR description includes the DCO sign-off declaration and every
commit appears as `Verified` in GitHub
- [x] Git hooks passed during commit and push, or `npx prek run
--from-ref main --to-ref HEAD` passes
- [ ] Targeted tests pass for changed behavior
- [ ] Full `npm test` passes (broad runtime changes only)
- [x] Quality Gates section completed with required justifications or
waivers
- [x] No secrets, API keys, or credentials committed
- [ ] `npm run docs` builds without warnings (doc changes only) — ran
`npm run docs`; Fern reported 0 errors and 2 existing warnings.
- [x] Doc pages follow the [style
guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md)
(doc changes only)
- [ ] New doc pages include SPDX header and frontmatter (new pages only)

---
<!-- DCO sign-off is required in this PR description, and every commit
must appear as Verified in GitHub. Run: git config user.name && git
config user.email -->
Signed-off-by: Julie Yaunches <jyaunches@nvidia.com>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Documentation**
* Added a new release-notes entry covering gateway recovery,
authentication, network policy/provenance output, uninstall safety,
Windows bootstrap diagnostics, messaging defaults, and inference setup
guidance.
* Clarified Windows preparation steps around reboot behavior and
redacting troubleshooting transcripts.
* Expanded command reference details for OpenClaw wrapper behavior and
new auto-pair tuning options.
* Improved troubleshooting guidance for plugin installation issues, WSL
repair/reboot cases, and install timing problems.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Signed-off-by: Julie Yaunches <jyaunches@nvidia.com>
Co-authored-by: Prekshi Vyas <34834085+prekshivyas@users.noreply.github.com>
Hadar301 pushed a commit to Hadar301/NemoClaw-OpenShift that referenced this pull request Jul 12, 2026
…ier (NVIDIA#5798)

<!-- markdownlint-disable MD041 -->
## Summary

`nemoclaw onboard --policy-tier=restricted` (and the interactive
equivalent) used to apply `openclaw-pricing` to OpenClaw sandboxes
regardless of the chosen tier, because the suggestion pipeline added it
as an OpenClaw-required preset before the tier filter ran. The
Restricted tier description promises "no third-party network access
beyond inference and core agent tooling", so the pricing fetch — which
reaches LiteLLM and OpenRouter — directly contradicts the tier intent.
This change suppresses the OpenClaw agent-required additions
(`openclaw-pricing`, and the local OTEL preset when OTEL is enabled) on
the Restricted tier at both the suggestion helper and the final
application boundary, prints a one-line onboard notice listing what was
suppressed and how to reapply it, and documents the stricter Restricted
behaviour in the tier definition and reference page.

## Related Issue

Fixes NVIDIA#5793

## Changes

- `src/lib/onboard/policy-selection.ts`: extract a shared
`agentRequiredPresetAdditions(agent, env)` helper so
`computeSetupPresetSuggestions` and `suppressedAgentRequiredPresets`
cannot drift apart. Gate the OpenClaw agent-required adds
(`openclaw-pricing` and `requiredOpenclawOtelPolicyPresets`) on
`tierName !== "restricted"` inside `computeSetupPresetSuggestions`, and
filter the same set out of `chosen` and `interactiveChoice` after
`mergeRequiredSetupPolicyPresets` so the later merge step cannot
reintroduce the OTEL preset for restricted + OpenClaw.
- `src/lib/onboard/policy-selection.ts`: new exported
`suppressedAgentRequiredPresets(tierName, agent, env)` helper and a
follow-up `deps.note(...)` in `setupPoliciesWithSelectionInner` that
prints `Restricted tier suppresses agent-required preset(s): ... Apply
later with 'nemoclaw <name> policy-add <preset>' if needed.` whenever
the helper returns anything.
- `nemoclaw-blueprint/policies/tiers.yaml`: extend the Restricted tier
description (active voice) to call out that Restricted mode suppresses
agent-required preset additions and to point operators at `policy-add`.
- `docs/reference/network-policies.mdx`: mirror the new Restricted
description in the tier table (active voice).
- `test/onboard-policy-suggestions.test.ts`: ten new tests under
`computeSetupPresetSuggestions > restricted tier suppresses
agent-required preset additions` and a new
`suppressedAgentRequiredPresets` block. The OTEL env-var tests save,
clear, and restore both `NEMOCLAW_OPENCLAW_OTEL` and
`NEMOCLAW_OPENCLAW_OTEL_ENDPOINT` so runner-inherited values cannot
affect the expectation.
- `test/policy-tiers-onboard.test.ts`: three new application-path tests
that exercise `setupPoliciesWithSelection` end-to-end — restricted +
OpenClaw applies zero presets in non-interactive suggested mode,
restricted + OpenClaw with `NEMOCLAW_OPENCLAW_OTEL=1` does not re-add
`openclaw-diagnostics-otel-local` after the required-preset merge, and
the suppression note matches the final applied set.

## Type of Change

- [ ] Code change (feature, bug fix, or refactor)
- [x] Code change with doc updates
- [ ] Doc only (prose changes, no code sample modifications)
- [ ] Doc only (includes code sample changes)

## Verification

- [x] PR description includes the DCO sign-off declaration and every
commit appears as `Verified` in GitHub
- [x] Git hooks passed during commit and push, or `npx prek run
--from-ref main --to-ref HEAD` passes
- [x] Targeted tests pass for changed behavior
- [ ] Full `npm test` passes (broad runtime changes only)
- [x] Tests added or updated for new or changed behavior
- [x] No secrets, API keys, or credentials committed
- [x] Docs updated for user-facing behavior changes
- [ ] `npm run docs` builds without warnings (doc changes only)
- [x] Doc pages follow the [style
guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md)
(doc changes only)
- [ ] New doc pages include SPDX header and frontmatter (new pages only)

---
Signed-off-by: Tinson Lai <tinsonl@nvidia.com>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Documentation**
* Updated “Restricted” network policy tier guidance to clarify that
specific agent-required preset additions are suppressed and can be
re-applied later with `policy-add`.

* **New Features**
* Restricted-tier onboarding now suppresses withheld agent-required
presets for applicable agents and surfaces a note listing which presets
are suppressed.

* **Bug Fixes**
* Correctly limits preset suggestions and prevents restricted presets
from being (re-)applied; reconciliation removes previously applied
withheld presets.

* **Tests**
* Added unit and integration coverage for Restricted-tier behavior,
including OTEL-enabled scenarios and applied-vs-suppressed verification.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Signed-off-by: Tinson Lai <tinsonl@nvidia.com>
Co-authored-by: Prekshi Vyas <prekshiv@nvidia.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Hadar301 pushed a commit to Hadar301/NemoClaw-OpenShift that referenced this pull request Jul 12, 2026
<!-- markdownlint-disable MD041 -->
## Summary
Refreshes the public documentation for NemoClaw v0.0.71 after scanning
commits since v0.0.70. Adds release notes and fills the remaining doc
gaps for Windows bootstrap diagnostics, OpenClaw agent auto-relock
warnings, auto-pair cadence tuning, and plugin-install recovery hints.

## Changes
- `docs/about/release-notes.mdx`: adds the v0.0.71 release-note section,
grouped by gateway recovery, OpenShell auth, policy provenance, day-two
maintenance, messaging/inference, and Windows setup.
- `docs/get-started/windows-preparation.mdx`: documents sanitized WSL
install output and reboot gating in the Windows bootstrap.
- `docs/reference/commands.mdx`: documents the host `agent` wrapper's
shields auto-relock warning and OpenClaw auto-pair watcher tuning
variables.
- `docs/reference/troubleshooting.mdx`: adds plugin-install network
failure recovery guidance and updates Windows WSL troubleshooting for
sanitized install logs and reboot-required handling.

Source summary:
- NVIDIA#6065 -> `docs/about/release-notes.mdx`: Notes explicit model override
preservation and gateway-log guard-chain recovery diagnostics.
- NVIDIA#5874 -> `docs/about/release-notes.mdx`: Summarizes host-mediated
`recover` and `gateway restart`, linking to lifecycle, command,
troubleshooting, and trusted-boundary docs already added by the source
PR.
- NVIDIA#5596 -> `docs/about/release-notes.mdx`: Summarizes OpenShell 0.0.71
gateway auth, loopback binding, and compatibility-container docs already
added by the source PR.
- NVIDIA#5797 and NVIDIA#5798 -> `docs/about/release-notes.mdx`: Summarizes
`policy-list` provenance, Restricted tier suppression, and Balanced tier
weather behavior already reflected in policy docs.
- NVIDIA#5784 -> `docs/about/release-notes.mdx`: Summarizes
`--destroy-user-data` and the safe `--yes` uninstall behavior already
documented in lifecycle and command docs.
- NVIDIA#6034 -> `docs/about/release-notes.mdx`: Summarizes custom Dockerfile
warm-build cache behavior already documented in the command reference.
- NVIDIA#5951 -> `docs/reference/commands.mdx`: Documents the stderr-only host
`agent` wrapper warning after recent shields auto-relock.
- NVIDIA#5387 -> `docs/reference/commands.mdx`: Documents OpenClaw auto-pair
watcher cadence and fast-reentry tuning variables.
- NVIDIA#5835 -> `docs/reference/troubleshooting.mdx`: Adds recovery guidance
for OpenClaw plugin-install network failures.
- NVIDIA#5995 and NVIDIA#5956 -> `docs/about/release-notes.mdx`: Summarizes
Microsoft Teams final-message delivery and runtime mention hints already
covered by messaging docs.
- NVIDIA#5716 -> `docs/about/release-notes.mdx`: Summarizes non-interactive
Ollama loopback safety already covered by local inference docs.
- NVIDIA#5505, NVIDIA#5527, and NVIDIA#5528 -> `docs/about/release-notes.mdx`: Summarizes
compatible local endpoint, model task-fit, and model capability audit
docs.
- NVIDIA#6009 -> `docs/get-started/windows-preparation.mdx`,
`docs/reference/troubleshooting.mdx`: Documents sanitized Windows
bootstrap WSL output and reboot-required gating.
- NVIDIA#6055 -> no additional source doc page change needed beyond the
already-merged quickstart update; release notes did not duplicate
routine quickstart cleanup.

No matching v0.0.71 GitHub announcement discussion was found in the
latest 20 discussions, so this refresh is based on the commit scan and
existing source PR docs.

## Type of Change

- [ ] Code change (feature, bug fix, or refactor)
- [ ] Code change with doc updates
- [ ] Doc only (prose changes, no code sample modifications)
- [x] Doc only (includes code sample changes)

## Quality Gates
<!-- Check all that apply. For any "covered by existing tests", "not
applicable", or waiver entry, add a brief justification on the same line
or in the Changes section. -->
- [ ] Tests added or updated for changed behavior
- [ ] Existing tests cover changed behavior — justification:
- [x] Tests not applicable — justification: docs-only refresh with no
runtime behavior changes.
- [x] Docs updated for user-facing behavior changes
- [ ] Docs not applicable — justification:
- [ ] Sensitive paths changed (security, policy, credentials, preflight,
onboarding, inference, runner, sandbox, or messaging)
- [ ] Sensitive-path review completed or maintainer-approved waiver
recorded — reviewer/approval link/justification:
- [ ] Non-success, skipped, or missing CI check accepted by maintainer —
check name, approval link, and follow-up issue:

## Verification
<!-- Check each item you ran and confirmed. Leave unchecked items you
skipped. Doc-only changes do not require npm test unless you ran it. -->
- [x] PR description includes the DCO sign-off declaration and every
commit appears as `Verified` in GitHub
- [x] Git hooks passed during commit and push, or `npx prek run
--from-ref main --to-ref HEAD` passes
- [ ] Targeted tests pass for changed behavior
- [ ] Full `npm test` passes (broad runtime changes only)
- [x] Quality Gates section completed with required justifications or
waivers
- [x] No secrets, API keys, or credentials committed
- [ ] `npm run docs` builds without warnings (doc changes only) — ran
`npm run docs`; Fern reported 0 errors and 2 existing warnings.
- [x] Doc pages follow the [style
guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md)
(doc changes only)
- [ ] New doc pages include SPDX header and frontmatter (new pages only)

---
<!-- DCO sign-off is required in this PR description, and every commit
must appear as Verified in GitHub. Run: git config user.name && git
config user.email -->
Signed-off-by: Julie Yaunches <jyaunches@nvidia.com>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Documentation**
* Added a new release-notes entry covering gateway recovery,
authentication, network policy/provenance output, uninstall safety,
Windows bootstrap diagnostics, messaging defaults, and inference setup
guidance.
* Clarified Windows preparation steps around reboot behavior and
redacting troubleshooting transcripts.
* Expanded command reference details for OpenClaw wrapper behavior and
new auto-pair tuning options.
* Improved troubleshooting guidance for plugin installation issues, WSL
repair/reboot cases, and install timing problems.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Signed-off-by: Julie Yaunches <jyaunches@nvidia.com>
Co-authored-by: Prekshi Vyas <34834085+prekshivyas@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area: onboarding Onboarding FSM, provider setup, sandbox launch, or first-run flow bug-fix PR fixes a bug or regression NV QA Bugs found by the NVIDIA QA Team v0.0.71 Release target

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Ubuntu 22.04][Onboard] restricted tier onboard incorrectly applies openclaw-pricing preset

6 participants