Skip to content

fix(policy): allowlist wttr.in in weather egress preset#5842

Merged
cv merged 15 commits into
mainfrom
fix/weather-skill-in-egress
Jun 30, 2026
Merged

fix(policy): allowlist wttr.in in weather egress preset#5842
cv merged 15 commits into
mainfrom
fix/weather-skill-in-egress

Conversation

@hunglp6d

@hunglp6d hunglp6d commented Jun 26, 2026

Copy link
Copy Markdown
Collaborator

Summary

The bundled OpenClaw weather skill calls wttr.in, but the NemoClaw weather egress preset only allowed Open-Meteo and weather.gov. Under deny-by-default egress, the current host was blocked. This change closes the NemoClaw-owned policy gap while keeping access read-only and least-privileged.

Related Issue

Addresses the NemoClaw-owned wttr.in egress portion of #1417.

This PR does not claim to change or fully validate OpenClaw skill readiness, browser fallback, pairing behavior, or the entire upstream weather-skill workflow.

Changes

  • Allow wttr.in:443 for GET and HEAD across its location-path namespace.
  • Do not pre-authorize wttr.is; the reviewed OpenClaw 2026.5.27 pin does not require it, and a future pin change must supply new runtime evidence before widening policy.
  • Record the source boundary next to the policy and enforce it through loadAgent("openclaw").expectedVersion: any OpenClaw pin change fails until maintainers revalidate the bundled skill's egress and update the reviewed contract.
  • Lock the exact weather host set and full wttr.in policy shape in test/weather-policy.test.ts.
  • Add live GET, HEAD, denied POST, and unrelated-host probes to the network-policy target.
  • Make the common-egress target perform one agent-executed wttr.in/:help curl, atomically retain the fetched body, and independently validate that proof from the host test.
  • Keep user documentation capability-based so it does not drift with providers.

Type of Change

  • Code change (feature, bug fix, or refactor)
  • Code change with doc updates
  • Doc only

Quality Gates

  • Focused structural coverage locks the exact policy boundary and forces review on OpenClaw pin drift.
  • Live targets cover allowed GET/HEAD, denied POST, unrelated-host denial, and an agent-executed single-fetch proof.
  • The broad /** path risk is accepted because wttr location identifiers are themselves paths and no stable narrower prefix exists; policy remains limited to one public host, GET/HEAD only, with no credentials sent.
  • wttr.is exclusion is intentional least privilege; there is no reviewed evidence that the pinned runtime needs it.
  • The C1 test is deliberately an egress/curl-path test, as its name and contract state; full upstream skill readiness is explicitly outside this PR's scope.
  • The alleged docs: fix doc-validate findings across guide pages (#5630-#5640) #5645 conflict is not current: GitHub reports this PR mergeable. Any later cross-PR overlap will be resolved by the branch that lands second.
  • The shell proof remains an array of fixed fragments plus a shell-quoted generated path, and passed exact-head live E2E; moving it to a separate script would add surface without changing the tested boundary.
  • Docs describe user-facing capability without promising an upstream skill implementation.

Verification

  • PR description includes the DCO declaration and every commit appears Verified in GitHub.
  • Commit and push hooks passed.
  • npx vitest run test/weather-policy.test.ts passed (2/2).
  • npm run typecheck:cli passed.
  • npm run source-shape:check passed with zero source-shape tests.
  • Full root CLI/integration hook suite passed during commit.
  • No secrets, API keys, or credentials committed.
  • npm run docs completed with zero errors and two pre-existing warnings.
  • Exact-head E2E passed network-policy and common-egress-agent: https://github.com/NVIDIA/NemoClaw/actions/runs/28424896912

Signed-off-by: Hung Le hple@nvidia.com

@copy-pr-bot

copy-pr-bot Bot commented Jun 26, 2026

Copy link
Copy Markdown

Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually.

Contributors can view more details about this message here.

@hunglp6d
hunglp6d marked this pull request as ready for review June 26, 2026 08:34
@hunglp6d hunglp6d self-assigned this Jun 26, 2026
@hunglp6d hunglp6d added VRDC Issues and PRs submitted by NVIDIA VRDC test team. area: policy Network policy, egress rules, presets, or sandbox policy labels Jun 26, 2026
@github-code-quality

github-code-quality Bot commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

Code Coverage Overview

Languages: TypeScript

TypeScript / code-coverage/plugin

The overall coverage in the branch is 96%. Coverage data for the branch is not yet available.

Show a code coverage summary of the most covered files.
File 99fa310 +/-
nemoclaw/src/se...cret-scanner.ts 100%
nemoclaw/src/commands/slash.ts 100%
nemoclaw/src/li...bprocess-env.ts 100%
nemoclaw/src/bl...eprint/state.ts 98%
nemoclaw/src/onboard/config.ts 98%
nemoclaw/src/bl...int/snapshot.ts 97%
nemoclaw/src/bl...print/runner.ts 95%
nemoclaw/src/co...ration-state.ts 94%
nemoclaw/src/bl...ate-networks.ts 94%
nemoclaw/src/index.ts 94%

TypeScript / code-coverage/cli

The overall coverage in the branch is 67%. Coverage data for the branch is not yet available.

Show a code coverage summary of the most covered files.
File 99fa310 +/-
src/lib/actions...all/run-plan.ts 80%
src/lib/state/o...oard-session.ts 79%
src/lib/sandbox/config.ts 75%
src/lib/actions...dbox/rebuild.ts 74%
src/lib/state/sandbox.ts 72%
src/lib/onboard/preflight.ts 69%
src/lib/actions...licy-channel.ts 60%
src/lib/onboard...er-gpu-patch.ts 59%
src/lib/policy/index.ts 52%
src/lib/onboard.ts 20%

Updated June 30, 2026 06:31 UTC
Code Coverage is in Public Preview. Learn more and provide us with your feedback.

@github-actions

github-actions Bot commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

E2E Advisor Recommendation

Required E2E: network-policy, common-egress-agent
Optional E2E: cloud-onboard

Dispatch hint: network-policy,common-egress-agent

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

  • network-policy (high): Required because the PR changes a network-policy preset and live egress security boundary. This job validates deny-by-default behavior, policy-add application, method/path enforcement, unrelated-host denial, and hot live sandbox policy behavior.
  • common-egress-agent (high): Required because the PR affects a real OpenClaw assistant weather flow under the balanced common-egress policy. This job validates the preset after onboarding and proves a live agent turn can reach the intended weather host while preserving scope boundaries.

Optional E2E

  • cloud-onboard (high): Optional additional confidence because the weather preset is included by default in hosted onboarding tiers, but the PR does not change onboarding state-machine/resume code and the required jobs already exercise live onboarding plus policy application for the changed preset.

New E2E recommendations

  • None.

Dispatch hint

  • Workflow: .github/workflows/e2e.yaml
  • jobs input: network-policy,common-egress-agent

@github-actions

github-actions Bot commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

Vitest E2E Scenario Recommendation

Required Vitest E2E scenarios: common-egress-agent-vitest
Optional Vitest E2E scenarios: None

Dispatch required Vitest E2E scenarios:

  • gh workflow run e2e-vitest-scenarios.yaml --ref <pr-head-ref> --field jobs=common-egress-agent-vitest

Workflow run

Full Vitest E2E advisor summary

Vitest E2E Scenario Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required Vitest E2E scenarios

  • common-egress-agent-vitest: The PR changes the bundled weather network policy preset. The common-egress agent live Vitest job is the direct Vitest coverage for OpenClaw balanced onboarding applying weather common-egress endpoints and performing a real weather fetch under the sandbox policy.
    • Dispatch: gh workflow run e2e-vitest-scenarios.yaml --ref <pr-head-ref> --field jobs=common-egress-agent-vitest

Optional Vitest E2E scenarios

  • None.

Relevant changed files

  • nemoclaw-blueprint/policies/presets/weather.yaml

@coderabbitai

coderabbitai Bot commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

The weather preset now allows outbound HTTPS REST access to wttr.in with GET and HEAD only. The live tests and e2e scenarios now validate the weather-skill path against wttr.in, and the network-policy docs update the preset description.

Changes

Weather network policy update

Layer / File(s) Summary
Policy allowlist and fixture test
nemoclaw-blueprint/policies/presets/weather.yaml, test/weather-policy.test.ts
Adds the wttr.in REST allowlist rule for the weather preset and verifies the YAML fixture’s hosts, HTTPS settings, and GET/HEAD-only enforcement.
Live weather scenario checks
test/e2e-scenario/live/network-policy.test.ts
Adds a live preset contract and runtime assertions for wttr.in GET/HEAD allow, POST denial, unrelated host blocking, and the new scenario assertion flag.
Weather skill e2e flow
test/e2e-scenario/live/common-egress-agent.test.ts, test/e2e/test-common-egress-agent-e2e.sh
Switches the balanced weather scenario from Open-Meteo web_fetch to the installed weather skill using curl against wttr.in, and updates the related policy expectations and comments.
Weather preset docs update
docs/network-policy/integration-policy-examples.mdx
Rewords the weather preset description to cover read-only weather and geocoding lookups while keeping the messaging and productivity exclusion.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly describes the main change: adding wttr.in to the weather egress preset.
Linked Issues check ✅ Passed The PR adds the weather preset allowlist and tests/docs needed for the weather skill to reach wttr.in and return data in sandboxed runs.
Out of Scope Changes check ✅ Passed The docs and test updates directly support the weather egress fix and do not introduce unrelated changes.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/weather-skill-in-egress

Comment @coderabbitai help to get the list of available commands.

@github-actions

github-actions Bot commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

PR Review Advisor — Informational

Merge posture: Informational / low confidence
Primary next action: Resolve or justify PRA-1: PR review advisor unavailable.
Open items: 0 required · 1 warning · 0 suggestions · 1 test follow-up
Top item: PR review advisor unavailable

Action checklist

  • PRA-1 Resolve or justify: PR review advisor unavailable
  • PRA-T1 Add or justify test follow-up: Runtime validation

Findings index

ID Severity Category Location Required action
PRA-1 Resolve/justify correctness Re-run the PR Review Advisor or perform a manual review.
Review findings by urgency: 0 required fixes, 1 item to resolve/justify, 0 in-scope improvements

⚠️ Resolve or justify before merge

Investigate these in the current review; either fix them, explain why they are not applicable, or document the accepted risk.

PRA-1 Resolve/justify — PR review advisor unavailable

  • Location: not file-specific
  • Category: correctness
  • Problem: The automated advisor could not complete: PR review advisor SDK provider error: orient-drift: 403 <html> <head><title>403 Forbidden</title></head> <body> <center><h1>403 Forbidden</h1></center> </body> </html>; security: 403 <html> <head><title>403 Forbidden</title></head> <body> <center><h1>403 Forbidden</h1></center> </body> </html>; acceptance-correctness-tests: 403 <html> <head><title>403 Forbidden</title></head> <body> <center><h1>403 Forbidden</h1></center> </body> </html>; synthesize-json: 403 <html> <head><title>403 Forbidden</title></head> <body> <center><h1>403 Forbidden</h1></center> </body> </html>
  • Impact: Automated review evidence is incomplete, so human review must cover the changed code manually.
  • Recommended action: Re-run the PR Review Advisor or perform a manual review.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Inspect the workflow logs and raw advisor artifact for the execution failure.
  • Missing regression test: No regression test recommendation is available because the advisor did not complete.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Inspect the workflow logs and raw advisor artifact for the execution failure.
  • Evidence: PR review advisor SDK provider error: orient-drift: 403 <html> <head><title>403 Forbidden</title></head> <body> <center><h1>403 Forbidden</h1></center> </body> </html>; security: 403 <html> <head><title>403 Forbidden</title></head> <body> <center><h1>403 Forbidden</h1></center> </body> </html>; acceptance-correctness-tests: 403 <html> <head><title>403 Forbidden</title></head> <body> <center><h1>403 Forbidden</h1></center> </body> </html>; synthesize-json: 403 <html> <head><title>403 Forbidden</title></head> <body> <center><h1>403 Forbidden</h1></center> </body> </html>

💡 In-scope improvements

These are lower-risk, not throwaway. Prefer fixing them in this PR when they are local to changed code; defer only with rationale or a linked follow-up.

  • None.
Test follow-ups to resolve or justify

If these cover changed behavior, prefer adding them in this PR; otherwise state why existing coverage is enough or link the follow-up.

  • PRA-T1 Runtime validation — Add or identify targeted runtime/integration validation for the changed behavior; do not report external E2E job pass/fail here.. Runtime/sandbox/infrastructure paths need behavioral runtime validation: docs/network-policy/integration-policy-examples.mdx, nemoclaw-blueprint/policies/presets/weather.yaml.

Workflow run details

This is an automated, non-binding review; it still expects maintainers and agents to respond to each required or warning item. Treat suggestions as current-PR improvements when they touch changed code; defer only with maintainer rationale or a linked follow-up. A human maintainer must make the final merge decision.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@nemoclaw-blueprint/policies/presets/weather.yaml`:
- Around line 12-28: This preset change widens the egress allowlist for the
weather policy, so validate it with the network-policy-e2e suite before release.
Re-run the relevant e2e coverage against the weather preset update, focusing on
the policy rules added for wttr.in and wttr.is in the weather.yaml preset, and
verify deny-by-default, whitelist behavior, hot-reload, and SSRF protections
still behave correctly.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: cfcbe139-ab98-4e0e-bb8b-d06cd6a22695

📥 Commits

Reviewing files that changed from the base of the PR and between 31b28d7 and ddcdedf.

📒 Files selected for processing (1)
  • nemoclaw-blueprint/policies/presets/weather.yaml

Comment thread nemoclaw-blueprint/policies/presets/weather.yaml Outdated
@github-actions

Copy link
Copy Markdown
Contributor

Selective E2E Results — ✅ All requested jobs passed

Run: 28228366566
Target ref: fix/weather-skill-in-egress
Requested jobs: network-policy-e2e
Summary: 1 passed, 0 failed, 0 cancelled, 0 skipped

Job Result
network-policy-e2e ✅ success

@github-actions

Copy link
Copy Markdown
Contributor

@hunglp6d

hunglp6d commented Jun 26, 2026

Copy link
Copy Markdown
Collaborator Author

Update — all PRA items addressed; keeping Fixes #1417. Summary:

  • PRA-2 (Required) — resolved, keeping Fixes. [All Platforms][Skill] weather skill cannot complete in sandbox #1417 splits by ownership. (A) NemoClaw egress gap → fixed here, and now validated two ways: required network-policy-e2e passed (https://github.com/NVIDIA/NemoClaw/actions/runs/28228366566) and manual runtime run (skills list ✓ ready; agent returns 57°F partly cloudy; web search off → confirms web_fetch/curl path). (B) skill-readiness status is OpenClaw behavior (src/skills/discovery/status.ts), not modifiable in this repo — filed upstream: <OPENCLAW_ISSUE_LINK>. (A) is the full NemoClaw-actionable surface, so closing [All Platforms][Skill] weather skill cannot complete in sandbox #1417. Glad to switch to Refs if a maintainer prefers to keep it open as the upstream tracker.
  • PRA-1 (wttr.is source of truth) — justified. wttr.is is declared in the OpenClaw weather SKILL.md as the documented fallback host (≥ 2026.6.2); the preset mirrors the skill's hosts. External-contract pinning is in the follow-up.
  • PRA-3 (/** scope) — documented (commit 26c06d5). Added a rationale comment in the preset: wttr's location namespace is the path (/<city>, /<lat,lon>, /~<place>, /:help), so there's no narrower prefix; scope stays bounded (GET/HEAD only, all other methods denied by deny-by-default, single read-only host family, no credentials). POST-denied / narrowed-path regression is in the follow-up.
  • PRA-4 (stale docs) — fixed (commit 26c06d5). Reworded docs/network-policy/integration-policy-examples.mdx to capability-based language so it no longer enumerates hosts and won't drift.
  • PRA-T1–T8. Manual evidence in the PR covers T1 (preset includes wttr.in/wttr.is), T2 (returns data, not policy-denied), T5/T7 (ready + returns weather), T6 (connect), T8 (agent run). Automated coverage — repeatable scenario plus T3 (POST denied) and T4 (narrowed-path denial) — is deferred to the follow-up (Vitest e2e layer mid-refactor): <FOLLOWUP_ISSUE_LINK>. Policy-enforcement coverage for this PR is the passing network-policy-e2e above.

@cv cv removed the v0.0.69 label Jun 28, 2026

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
docs/network-policy/integration-policy-examples.mdx (1)

254-254: 📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Replace the em dash to match the docs style guide.

This sentence uses an em dash, but the docs guidelines for docs/**/*.{md,mdx} say to avoid them. A comma-separated rewrite keeps the meaning and stays compliant.

♻️ Proposed fix
- The preset covers read-only public weather and geocoding lookups — current conditions, forecasts, geocoding, and weather alerts — without enabling messaging or productivity APIs.
+ The preset covers read-only public weather and geocoding lookups, including current conditions, forecasts, geocoding, and weather alerts, without enabling messaging or productivity APIs.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/network-policy/integration-policy-examples.mdx` at line 254, The
sentence in the docs copy uses an em dash, which conflicts with the docs style
guide for docs/**/*.{md,mdx}. Update the wording in the affected paragraph to
use a comma-separated phrasing instead, keeping the same meaning while removing
the em dash from the integration-policy-examples content.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@docs/network-policy/integration-policy-examples.mdx`:
- Line 254: The sentence in the docs copy uses an em dash, which conflicts with
the docs style guide for docs/**/*.{md,mdx}. Update the wording in the affected
paragraph to use a comma-separated phrasing instead, keeping the same meaning
while removing the em dash from the integration-policy-examples content.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 763d4c9f-adbe-4385-928c-4da70ff5cd02

📥 Commits

Reviewing files that changed from the base of the PR and between 26c06d5 and a468624.

📒 Files selected for processing (1)
  • docs/network-policy/integration-policy-examples.mdx

@github-actions

github-actions Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

PR Review Advisor (Nemotron Ultra) — No blocking findings

Merge posture: No blocking advisor findings
Primary next action: Fix PRA-4: Version-pinned re-review gate enforces OpenClaw pin sync; then add or justify PRA-T1.
Open items: 1 required · 1 warning · 3 suggestions · 3 test follow-ups
Since last review: 0 prior items resolved · 0 still apply · 6 new items found

Action checklist

  • PRA-4 Fix: Version-pinned re-review gate enforces OpenClaw pin sync in test/weather-policy.test.ts:58
  • PRA-1 Resolve or justify: wttr.in /** path wildcard is broad but justified and bounded in nemoclaw-blueprint/policies/presets/weather.yaml:27
  • PRA-T1 Add or justify test follow-up: Runtime validation
  • PRA-T2 Add or justify test follow-up: Runtime validation
  • PRA-T3 Add or justify test follow-up: Add negative test for agent deviation from prompted curl command
  • PRA-2 In-scope improvement: Add negative test for agent deviation from prompted curl command in test/e2e/live/common-egress-agent.test.ts:753
  • PRA-3 In-scope improvement: C1 test now validates actual skill egress path (curl → wttr.in) instead of web_fetch → Open-Meteo in test/e2e/live/common-egress-agent.test.ts:699
  • PRA-5 In-scope improvement: Consider linking wttr.in API docs in justification comment in nemoclaw-blueprint/policies/presets/weather.yaml:18

Findings index

ID Severity Category Location Required action
PRA-1 Resolve/justify security nemoclaw-blueprint/policies/presets/weather.yaml:27 Keep as-is with current justification comment and re-review gate. Consider adding a comment linking to wttr.in API docs for future maintainers.
PRA-2 Improvement tests test/e2e/live/common-egress-agent.test.ts:753 Add a negative test case in common-egress-agent.test.ts where prompt asks for a different weather URL, then verify host-side proof validation rejects it (exitCode != 0 or content mismatch).
PRA-3 Improvement correctness test/e2e/live/common-egress-agent.test.ts:699 No action needed — this is a positive improvement. Document the rationale in test comments if not already clear.
PRA-4 Required acceptance test/weather-policy.test.ts:58 PASS — acceptance clause met. When OpenClaw version is updated in manifest.yaml, this test will fail and block merge until weather.yaml is re-reviewed.
PRA-5 Improvement architecture nemoclaw-blueprint/policies/presets/weather.yaml:18 Add a one-line comment with URL to wttr.in help endpoint documentation.

🚨 Required before merge

Address these before merging unless a maintainer explicitly overrides the advisor with rationale.

PRA-4 Required — Version-pinned re-review gate enforces OpenClaw pin sync

  • Location: test/weather-policy.test.ts:58
  • Category: acceptance
  • Problem: Test asserts loadAgent('openclaw').expectedVersion === '2026.5.27' with explicit message to revalidate bundled weather skill egress before changing the reviewed version. This directly addresses issue [All Platforms][Skill] weather skill cannot complete in sandbox #1417 requirement for re-review on version bumps.
  • Impact: If OpenClaw version is updated in manifest.yaml without updating weather.yaml, this test fails and blocks merge. Prevents policy drift from upstream skill changes.
  • Required action: PASS — acceptance clause met. When OpenClaw version is updated in manifest.yaml, this test will fail and block merge until weather.yaml is re-reviewed.
  • Expected follow-up: Fix before merge or get explicit maintainer override.
  • Verification: Change agents/openclaw/manifest.yaml expected_version and run test/weather-policy.test.ts — it should fail with the re-review message.
  • Missing regression test: Already implemented in test/weather-policy.test.ts line 58.
  • Done when: The required change is committed and verification passes: Change agents/openclaw/manifest.yaml expected_version and run test/weather-policy.test.ts — it should fail with the re-review message.
  • Evidence: weather-policy.test.ts lines 58-62 (version assertion with re-review message); agents/openclaw/manifest.yaml line 14 (expected_version: 2026.5.27)
Review findings by urgency: 1 required fix, 1 item to resolve/justify, 3 in-scope improvements

⚠️ Resolve or justify before merge

Investigate these in the current review; either fix them, explain why they are not applicable, or document the accepted risk.

PRA-1 Resolve/justify — wttr.in /** path wildcard is broad but justified and bounded

  • Location: nemoclaw-blueprint/policies/presets/weather.yaml:27
  • Category: security
  • Problem: The wttr.in endpoint allows GET/HEAD on /** path — an extremely broad path wildcard. This is justified because wttr.in's location namespace IS the path (/city, /airport, /lat,lon, /:help) with no narrower stable prefix. Scope is bounded by: deny-by-default (POST/PUT/DELETE blocked), single read-only public host, no credentials transmitted, and version-pinned re-review test.
  • Impact: If wttr.in were compromised, an attacker could serve arbitrary content at any path, but sandbox gains no additional privilege (no credentials, read-only, single host). Risk is low and accepted with compensating controls.
  • Recommended action: Keep as-is with current justification comment and re-review gate. Consider adding a comment linking to wttr.in API docs for future maintainers.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Check weather.yaml lines 12-28 for justification comment and GET/HEAD-only rules. Run test/weather-policy.test.ts to verify re-review gate triggers on version change.
  • Missing regression test: Already covered: test/weather-policy.test.ts validates endpoint list and forces re-review when OpenClaw expected_version changes.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Check weather.yaml lines 12-28 for justification comment and GET/HEAD-only rules. Run test/weather-policy.test.ts to verify re-review gate triggers on version change.
  • Evidence: weather.yaml lines 12-28 (justification comment + rules); weather-policy.test.ts lines 30-55 (exact rule assertion); network-policy.test.ts lines 510-511 (POST=403)

💡 In-scope improvements

These are lower-risk, not throwaway. Prefer fixing them in this PR when they are local to changed code; defer only with rationale or a linked follow-up.

PRA-2 Improvement — Add negative test for agent deviation from prompted curl command

  • Location: test/e2e/live/common-egress-agent.test.ts:753
  • Category: tests
  • Problem: The C1 test prompts the agent to execute a specific curl command and leave a proof file. Host validates proof content and SHA256. A negative test where the agent is prompted to fetch a different URL (or use web_fetch) and host verification fails would strengthen confidence that proof validation detects deviation.
  • Impact: Current test validates happy path only. A malicious or buggy agent that echoes WEATHER_AGENT_OK without valid proof would be caught by host validation, but this isn't explicitly tested.
  • Suggested action: Add a negative test case in common-egress-agent.test.ts where prompt asks for a different weather URL, then verify host-side proof validation rejects it (exitCode != 0 or content mismatch).
  • Expected follow-up: Prefer a current-PR fix when local to changed code; defer only with rationale or linked follow-up.
  • Verification: Review test/e2e/live/common-egress-agent.test.ts lines 740-780 for proof validation logic. Add new test block after C1.
  • Missing regression test: New test: 'C1-negative agent deviation fails proof validation' — prompt agent to fetch api.open-meteo.com instead, verify weatherProof exitCode != 0 or sha256 mismatch.
  • Done when: The local improvement is applied, or the PR notes why it should be deferred.
  • Evidence: common-egress-agent.test.ts lines 753-780 (proof command + host validation)

PRA-3 Improvement — C1 test now validates actual skill egress path (curl → wttr.in) instead of web_fetch → Open-Meteo

  • Location: test/e2e/live/common-egress-agent.test.ts:699
  • Category: correctness
  • Problem: The test was renamed from 'OpenClaw balanced includes weather and agent fetches Open-Meteo' to 'OpenClaw balanced permits a verified wttr.in curl'. The new test uses the curl binary (which the bundled OpenClaw weather skill actually uses) and validates the exact host the skill calls. This is a correctness improvement — the test now matches real skill behavior.
  • Impact: Eliminates false confidence from testing a different provider/path than the actual skill uses. The proof file + SHA256 validation ensures the agent actually executed the curl.
  • Suggested action: No action needed — this is a positive improvement. Document the rationale in test comments if not already clear.
  • Expected follow-up: Prefer a current-PR fix when local to changed code; defer only with rationale or linked follow-up.
  • Verification: Compare old vs new test contract: old used web_fetch to api.open-meteo.com, new uses curl to wttr.in/:help with proof file. Run vitest on this test to confirm it passes.
  • Missing regression test: Already covered by proof validation and SHA256 check.
  • Done when: The local improvement is applied, or the PR notes why it should be deferred.
  • Evidence: common-egress-agent.test.ts lines 699-780 (new test name, contract, proof command, validation)

PRA-5 Improvement — Consider linking wttr.in API docs in justification comment

  • Location: nemoclaw-blueprint/policies/presets/weather.yaml:18
  • Category: architecture
  • Problem: The justification comment explains why /** is needed (location namespace = path). A direct link to wttr.in documentation (e.g., https://wttr.in/:help\) would help future maintainers verify the design claim without external search.
  • Impact: Low — comment is already clear. Link would reduce maintenance friction.
  • Suggested action: Add a one-line comment with URL to wttr.in help endpoint documentation.
  • Expected follow-up: Prefer a current-PR fix when local to changed code; defer only with rationale or linked follow-up.
  • Verification: Check weather.yaml lines 14-19 for justification comment. Add URL reference if desired.
  • Missing regression test: Not needed — documentation improvement only.
  • Done when: The local improvement is applied, or the PR notes why it should be deferred.
  • Evidence: weather.yaml lines 14-19 (existing justification)
Simplification opportunities: 1 possible cut

These are safe simplification checks only. Do not remove validation, security controls, data-loss prevention, or required tests.

  • PRA-5 shrink (nemoclaw-blueprint/policies/presets/weather.yaml:18): Manual verification of wttr.in path design by future maintainers
    • Replacement: Link to https://wttr.in/:help in comment for self-documenting verification
    • Net: 1 lines
    • Safety boundary: Comment only — no policy behavior change
Test follow-ups to resolve or justify

If these cover changed behavior, prefer adding them in this PR; otherwise state why existing coverage is enough or link the follow-up.

  • PRA-T1 Runtime validation — Add negative test: agent prompted to fetch different URL → host proof validation rejects it. Runtime/sandbox/infrastructure paths need behavioral runtime validation: policy YAML applied to live sandbox, real curl execution, real network egress. E2E tests provide this validation.
  • PRA-T2 Runtime validation — Consider adding test for wttr.is exclusion enforcement (if/when OpenClaw skill adds it). Runtime/sandbox/infrastructure paths need behavioral runtime validation: policy YAML applied to live sandbox, real curl execution, real network egress. E2E tests provide this validation.
  • PRA-T3 Add negative test for agent deviation from prompted curl command — Add a negative test case in common-egress-agent.test.ts where prompt asks for a different weather URL, then verify host-side proof validation rejects it (exitCode != 0 or content mismatch).
Since last review details

Current findings, using the urgency labels above:

PRA-1 Resolve/justify — wttr.in /** path wildcard is broad but justified and bounded

  • Location: nemoclaw-blueprint/policies/presets/weather.yaml:27
  • Category: security
  • Problem: The wttr.in endpoint allows GET/HEAD on /** path — an extremely broad path wildcard. This is justified because wttr.in's location namespace IS the path (/city, /airport, /lat,lon, /:help) with no narrower stable prefix. Scope is bounded by: deny-by-default (POST/PUT/DELETE blocked), single read-only public host, no credentials transmitted, and version-pinned re-review test.
  • Impact: If wttr.in were compromised, an attacker could serve arbitrary content at any path, but sandbox gains no additional privilege (no credentials, read-only, single host). Risk is low and accepted with compensating controls.
  • Recommended action: Keep as-is with current justification comment and re-review gate. Consider adding a comment linking to wttr.in API docs for future maintainers.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Check weather.yaml lines 12-28 for justification comment and GET/HEAD-only rules. Run test/weather-policy.test.ts to verify re-review gate triggers on version change.
  • Missing regression test: Already covered: test/weather-policy.test.ts validates endpoint list and forces re-review when OpenClaw expected_version changes.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Check weather.yaml lines 12-28 for justification comment and GET/HEAD-only rules. Run test/weather-policy.test.ts to verify re-review gate triggers on version change.
  • Evidence: weather.yaml lines 12-28 (justification comment + rules); weather-policy.test.ts lines 30-55 (exact rule assertion); network-policy.test.ts lines 510-511 (POST=403)

PRA-2 Improvement — Add negative test for agent deviation from prompted curl command

  • Location: test/e2e/live/common-egress-agent.test.ts:753
  • Category: tests
  • Problem: The C1 test prompts the agent to execute a specific curl command and leave a proof file. Host validates proof content and SHA256. A negative test where the agent is prompted to fetch a different URL (or use web_fetch) and host verification fails would strengthen confidence that proof validation detects deviation.
  • Impact: Current test validates happy path only. A malicious or buggy agent that echoes WEATHER_AGENT_OK without valid proof would be caught by host validation, but this isn't explicitly tested.
  • Suggested action: Add a negative test case in common-egress-agent.test.ts where prompt asks for a different weather URL, then verify host-side proof validation rejects it (exitCode != 0 or content mismatch).
  • Expected follow-up: Prefer a current-PR fix when local to changed code; defer only with rationale or linked follow-up.
  • Verification: Review test/e2e/live/common-egress-agent.test.ts lines 740-780 for proof validation logic. Add new test block after C1.
  • Missing regression test: New test: 'C1-negative agent deviation fails proof validation' — prompt agent to fetch api.open-meteo.com instead, verify weatherProof exitCode != 0 or sha256 mismatch.
  • Done when: The local improvement is applied, or the PR notes why it should be deferred.
  • Evidence: common-egress-agent.test.ts lines 753-780 (proof command + host validation)

PRA-3 Improvement — C1 test now validates actual skill egress path (curl → wttr.in) instead of web_fetch → Open-Meteo

  • Location: test/e2e/live/common-egress-agent.test.ts:699
  • Category: correctness
  • Problem: The test was renamed from 'OpenClaw balanced includes weather and agent fetches Open-Meteo' to 'OpenClaw balanced permits a verified wttr.in curl'. The new test uses the curl binary (which the bundled OpenClaw weather skill actually uses) and validates the exact host the skill calls. This is a correctness improvement — the test now matches real skill behavior.
  • Impact: Eliminates false confidence from testing a different provider/path than the actual skill uses. The proof file + SHA256 validation ensures the agent actually executed the curl.
  • Suggested action: No action needed — this is a positive improvement. Document the rationale in test comments if not already clear.
  • Expected follow-up: Prefer a current-PR fix when local to changed code; defer only with rationale or linked follow-up.
  • Verification: Compare old vs new test contract: old used web_fetch to api.open-meteo.com, new uses curl to wttr.in/:help with proof file. Run vitest on this test to confirm it passes.
  • Missing regression test: Already covered by proof validation and SHA256 check.
  • Done when: The local improvement is applied, or the PR notes why it should be deferred.
  • Evidence: common-egress-agent.test.ts lines 699-780 (new test name, contract, proof command, validation)

PRA-4 Required — Version-pinned re-review gate enforces OpenClaw pin sync

  • Location: test/weather-policy.test.ts:58
  • Category: acceptance
  • Problem: Test asserts loadAgent('openclaw').expectedVersion === '2026.5.27' with explicit message to revalidate bundled weather skill egress before changing the reviewed version. This directly addresses issue [All Platforms][Skill] weather skill cannot complete in sandbox #1417 requirement for re-review on version bumps.
  • Impact: If OpenClaw version is updated in manifest.yaml without updating weather.yaml, this test fails and blocks merge. Prevents policy drift from upstream skill changes.
  • Required action: PASS — acceptance clause met. When OpenClaw version is updated in manifest.yaml, this test will fail and block merge until weather.yaml is re-reviewed.
  • Expected follow-up: Fix before merge or get explicit maintainer override.
  • Verification: Change agents/openclaw/manifest.yaml expected_version and run test/weather-policy.test.ts — it should fail with the re-review message.
  • Missing regression test: Already implemented in test/weather-policy.test.ts line 58.
  • Done when: The required change is committed and verification passes: Change agents/openclaw/manifest.yaml expected_version and run test/weather-policy.test.ts — it should fail with the re-review message.
  • Evidence: weather-policy.test.ts lines 58-62 (version assertion with re-review message); agents/openclaw/manifest.yaml line 14 (expected_version: 2026.5.27)

PRA-5 Improvement — Consider linking wttr.in API docs in justification comment

  • Location: nemoclaw-blueprint/policies/presets/weather.yaml:18
  • Category: architecture
  • Problem: The justification comment explains why /** is needed (location namespace = path). A direct link to wttr.in documentation (e.g., https://wttr.in/:help\) would help future maintainers verify the design claim without external search.
  • Impact: Low — comment is already clear. Link would reduce maintenance friction.
  • Suggested action: Add a one-line comment with URL to wttr.in help endpoint documentation.
  • Expected follow-up: Prefer a current-PR fix when local to changed code; defer only with rationale or linked follow-up.
  • Verification: Check weather.yaml lines 14-19 for justification comment. Add URL reference if desired.
  • Missing regression test: Not needed — documentation improvement only.
  • Done when: The local improvement is applied, or the PR notes why it should be deferred.
  • Evidence: weather.yaml lines 14-19 (existing justification)

Workflow run details

This is an automated, non-binding review; it still expects maintainers and agents to respond to each required or warning item. Treat suggestions as current-PR improvements when they touch changed code; defer only with maintainer rationale or a linked follow-up. A human maintainer must make the final merge decision.

@hunglp6d

Copy link
Copy Markdown
Collaborator Author

Addressed all six (0 required); keeping Fixes #1417 (per PRA-T5 the egress gap is the NemoClaw-actionable part; readiness status is upstream OpenClaw).

  • PRA-5 — fixed: reworded the comment so wttr.is is forward-compat (wttr.in on the pinned 2026.5.27; wttr.is pre-allowed for ≥2026.6.2).
  • PRA-2 — accepted/documented (as advised): wttr's location namespace is the path, so no narrower prefix; GET/HEAD-only, no credentials.
  • PRA-1 / PRA-6 — justified: the preset is a thin mirror of the OpenClaw weather skill's declared hosts (SKILL.md); removal condition = OpenClaw drops the host.
  • PRA-3 / PRA-4 — deferred to follow-up: test/policies.test.ts is at its monotonic size cap and the e2e layer is mid-refactor; host/e2e asserts land in a focused test there.

Coverage: required network-policy-e2e passed (https://github.com/NVIDIA/NemoClaw/actions/runs/28228366566) + manual run (skills list ready; agent returned 57°F, web search off).

@cv cv removed the v0.0.70 label Jun 30, 2026
@cv cv added the v0.0.71 label Jun 30, 2026
Signed-off-by: Carlos Villela <cvillela@nvidia.com>
@github-actions

Copy link
Copy Markdown
Contributor

Selective E2E Results — ⚠️ Run cancelled — no signal

Run: 28420942520
Target ref: fix/weather-skill-in-egress
Requested jobs: network-policy-e2e,common-egress-agent-e2e
Summary: 0 passed, 0 failed, 2 cancelled, 0 skipped

Job Result
common-egress-agent-e2e ⚠️ cancelled
network-policy-e2e ⚠️ cancelled

@github-actions

Copy link
Copy Markdown
Contributor

Vitest E2E Scenario Results — ⚠️ Run cancelled — no signal

Run: 28420941585
Workflow ref: fix/weather-skill-in-egress
Requested scenarios: (default — all supported)
Requested jobs: network-policy-vitest,common-egress-agent-vitest
Summary: 0 passed, 0 failed, 2 cancelled, 0 skipped

Job Result
common-egress-agent-vitest ⚠️ cancelled
network-policy-vitest ⚠️ cancelled

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/e2e-scenario/live/common-egress-agent.test.ts`:
- Around line 741-744: The e2e check around runOpenClawAgentAssertion is
currently satisfied by the model emitting WEATHER_AGENT_OK without proving the
curl-based weather fetch actually ran. Update the prompt and assertion flow so
the agent must return the exact curl output from the installed weather skill,
then compare that output against a direct sandbox curl result or another
unguessable fetch-derived value, and apply the same tightening to the mirrored
shell scenario. Ensure the success condition depends on the live fetch path
rather than instruction-following alone.

In `@test/weather-policy.test.ts`:
- Around line 34-49: The weather policy contract test only verifies wttr.in, but
the preset is expected to document wttr.is as a fallback too. Update the
assertions in weather-policy.test to include wttr.is in the expected host list
and add a matching endpoint check for wttr.is with the same REST policy and
GET/HEAD-only rules, alongside the existing wttr.in expectation.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 0af42823-74cf-416b-a948-0bf45a7ad07d

📥 Commits

Reviewing files that changed from the base of the PR and between 37f2f98 and 5f0962e.

📒 Files selected for processing (6)
  • docs/network-policy/integration-policy-examples.mdx
  • nemoclaw-blueprint/policies/presets/weather.yaml
  • test/e2e-scenario/live/common-egress-agent.test.ts
  • test/e2e-scenario/live/network-policy.test.ts
  • test/e2e/test-common-egress-agent-e2e.sh
  • test/weather-policy.test.ts
✅ Files skipped from review due to trivial changes (1)
  • docs/network-policy/integration-policy-examples.mdx
🚧 Files skipped from review as they are similar to previous changes (1)
  • nemoclaw-blueprint/policies/presets/weather.yaml

Comment thread test/e2e-scenario/live/common-egress-agent.test.ts Outdated
Comment thread test/weather-policy.test.ts
…egress

# Conflicts:
#	test/e2e/live/common-egress-agent.test.ts
#	test/e2e/test-common-egress-agent-e2e.sh
@github-actions

github-actions Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

E2E Target Recommendation

Required E2E targets: common-egress-agent, network-policy
Optional E2E targets: None

Dispatch required E2E targets:

  • gh workflow run e2e.yaml --ref <pr-head-ref> --field jobs=common-egress-agent
  • gh workflow run e2e.yaml --ref <pr-head-ref> --field jobs=network-policy

Workflow run

Full E2E target advisor summary

E2E Target Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E targets

  • common-egress-agent: Focused free-standing E2E job wired for changed live test test/e2e/live/common-egress-agent.test.ts.
    • Dispatch: gh workflow run e2e.yaml --ref <pr-head-ref> --field jobs=common-egress-agent
  • network-policy: Focused free-standing E2E job wired for changed live test test/e2e/live/network-policy.test.ts.
    • Dispatch: gh workflow run e2e.yaml --ref <pr-head-ref> --field jobs=network-policy

Optional E2E targets

  • None.

Relevant changed files

  • nemoclaw-blueprint/policies/presets/weather.yaml
  • test/e2e/live/common-egress-agent.test.ts
  • test/e2e/live/network-policy.test.ts

@github-actions

Copy link
Copy Markdown
Contributor

Vitest E2E Target Results — ⚠️ Some jobs cancelled — partial pass

Run: 28421677790
Workflow ref: fix/weather-skill-in-egress
Requested targets: network-policy,common-egress-agent
Requested jobs: (default — all default-enabled free-standing jobs; explicit-only jobs such as jetson-nvmap-gpu and sandbox-rlimits-connect are skipped unless selected)
Summary: 1 passed, 0 failed, 1 cancelled, 0 skipped

Job Result
common-egress-agent ⚠️ cancelled
network-policy ✅ success

Signed-off-by: Carlos Villela <cvillela@nvidia.com>
@github-actions

Copy link
Copy Markdown
Contributor

Vitest E2E Target Results — ⚠️ Run cancelled — no signal

Run: 28424076887
Workflow ref: fix/weather-skill-in-egress
Requested targets: network-policy,common-egress-agent
Requested jobs: (default — all default-enabled free-standing jobs; explicit-only jobs such as jetson-nvmap-gpu and sandbox-rlimits-connect are skipped unless selected)
Summary: 0 passed, 0 failed, 2 cancelled, 0 skipped

Job Result
common-egress-agent ⚠️ cancelled
network-policy ⚠️ cancelled

Signed-off-by: Carlos Villela <cvillela@nvidia.com>
@github-actions

Copy link
Copy Markdown
Contributor

Vitest E2E Target Results — ⚠️ Run cancelled — no signal

Run: 28424443187
Workflow ref: fix/weather-skill-in-egress
Requested targets: network-policy,common-egress-agent
Requested jobs: (default — all default-enabled free-standing jobs; explicit-only jobs such as jetson-nvmap-gpu and sandbox-rlimits-connect are skipped unless selected)
Summary: 0 passed, 0 failed, 2 cancelled, 0 skipped

Job Result
common-egress-agent ⚠️ cancelled
network-policy ⚠️ cancelled

Signed-off-by: Carlos Villela <cvillela@nvidia.com>
@github-actions

Copy link
Copy Markdown
Contributor

Vitest E2E Target Results — ⚠️ Run cancelled — no signal

Run: 28424566219
Workflow ref: fix/weather-skill-in-egress
Requested targets: network-policy,common-egress-agent
Requested jobs: (default — all default-enabled free-standing jobs; explicit-only jobs such as jetson-nvmap-gpu and sandbox-rlimits-connect are skipped unless selected)
Summary: 0 passed, 0 failed, 2 cancelled, 0 skipped

Job Result
common-egress-agent ⚠️ cancelled
network-policy ⚠️ cancelled

Signed-off-by: Carlos Villela <cvillela@nvidia.com>
@github-actions

Copy link
Copy Markdown
Contributor

Vitest E2E Target Results — ✅ All selected jobs passed

Run: 28424896912
Workflow ref: fix/weather-skill-in-egress
Requested targets: network-policy,common-egress-agent
Requested jobs: (default — all default-enabled free-standing jobs; explicit-only jobs such as jetson-nvmap-gpu and sandbox-rlimits-connect are skipped unless selected)
Summary: 2 passed, 0 failed, 0 cancelled, 0 skipped

Job Result
common-egress-agent ✅ success
network-policy ✅ success

@cv

cv commented Jun 30, 2026

Copy link
Copy Markdown
Collaborator

Maintainer disposition for the remaining exact-head advisor warnings: the PR body now records the accepted /** GET/HEAD-only risk, the intentionally narrow curl-egress scope, the enforced OpenClaw pin-review boundary, why wttr.is is not pre-authorized without evidence, the current mergeable state relative to #5645, and the exact-head E2E result. No warning identifies an unaddressed correctness or security defect on the current pin. Please rerun PR Review / Advisor against the unchanged head.

@cv cv left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maintainer review: exact-head unit/integration checks and required network-policy/common-egress-agent E2E passed; both PR Review Advisor models now report merge_as_is, DCO/verification is clean, and the bounded GET/HEAD-only wttr.in risk is documented.

@cv
cv merged commit 09bef70 into main Jun 30, 2026
124 of 126 checks passed
@cv
cv deleted the fix/weather-skill-in-egress branch June 30, 2026 06:59
Hadar301 pushed a commit to Hadar301/NemoClaw-OpenShift that referenced this pull request Jul 12, 2026
<!-- markdownlint-disable MD041 -->
## Summary

The bundled OpenClaw weather skill calls `wttr.in`, but the NemoClaw
`weather` egress preset only allowed Open-Meteo and weather.gov. Under
deny-by-default egress, the current host was blocked. This change closes
the NemoClaw-owned policy gap while keeping access read-only and
least-privileged.

## Related Issue

Addresses the NemoClaw-owned `wttr.in` egress portion of NVIDIA#1417.

This PR does not claim to change or fully validate OpenClaw skill
readiness, browser fallback, pairing behavior, or the entire upstream
weather-skill workflow.

## Changes

- Allow `wttr.in:443` for GET and HEAD across its location-path
namespace.
- Do not pre-authorize `wttr.is`; the reviewed OpenClaw 2026.5.27 pin
does not require it, and a future pin change must supply new runtime
evidence before widening policy.
- Record the source boundary next to the policy and enforce it through
`loadAgent("openclaw").expectedVersion`: any OpenClaw pin change fails
until maintainers revalidate the bundled skill's egress and update the
reviewed contract.
- Lock the exact weather host set and full `wttr.in` policy shape in
`test/weather-policy.test.ts`.
- Add live GET, HEAD, denied POST, and unrelated-host probes to the
network-policy target.
- Make the common-egress target perform one agent-executed
`wttr.in/:help` curl, atomically retain the fetched body, and
independently validate that proof from the host test.
- Keep user documentation capability-based so it does not drift with
providers.

## Type of Change

- [ ] Code change (feature, bug fix, or refactor)
- [x] Code change with doc updates
- [ ] Doc only

## Quality Gates

- [x] Focused structural coverage locks the exact policy boundary and
forces review on OpenClaw pin drift.
- [x] Live targets cover allowed GET/HEAD, denied POST, unrelated-host
denial, and an agent-executed single-fetch proof.
- [x] The broad `/**` path risk is accepted because wttr location
identifiers are themselves paths and no stable narrower prefix exists;
policy remains limited to one public host, GET/HEAD only, with no
credentials sent.
- [x] `wttr.is` exclusion is intentional least privilege; there is no
reviewed evidence that the pinned runtime needs it.
- [x] The C1 test is deliberately an egress/curl-path test, as its name
and contract state; full upstream skill readiness is explicitly outside
this PR's scope.
- [x] The alleged NVIDIA#5645 conflict is not current: GitHub reports this PR
mergeable. Any later cross-PR overlap will be resolved by the branch
that lands second.
- [x] The shell proof remains an array of fixed fragments plus a
shell-quoted generated path, and passed exact-head live E2E; moving it
to a separate script would add surface without changing the tested
boundary.
- [x] Docs describe user-facing capability without promising an upstream
skill implementation.

## Verification

- [x] PR description includes the DCO declaration and every commit
appears Verified in GitHub.
- [x] Commit and push hooks passed.
- [x] `npx vitest run test/weather-policy.test.ts` passed (2/2).
- [x] `npm run typecheck:cli` passed.
- [x] `npm run source-shape:check` passed with zero source-shape tests.
- [x] Full root CLI/integration hook suite passed during commit.
- [x] No secrets, API keys, or credentials committed.
- [x] `npm run docs` completed with zero errors and two pre-existing
warnings.
- [x] Exact-head E2E passed `network-policy` and `common-egress-agent`:
https://github.com/NVIDIA/NemoClaw/actions/runs/28424896912

---
Signed-off-by: Hung Le <hple@nvidia.com>

---------

Signed-off-by: Carlos Villela <cvillela@nvidia.com>
Co-authored-by: Carlos Villela <cvillela@nvidia.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area: policy Network policy, egress rules, presets, or sandbox policy VRDC Issues and PRs submitted by NVIDIA VRDC test team.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants