Skip to content

docs(messaging): clarify Teams group allowlists (Fixes #5853)#5863

Merged
miyoungc merged 6 commits into
NVIDIA:mainfrom
deepujain:fix/5853-teams-group-allowlist-docs
Jun 29, 2026
Merged

docs(messaging): clarify Teams group allowlists (Fixes #5853)#5863
miyoungc merged 6 commits into
NVIDIA:mainfrom
deepujain:fix/5853-teams-group-allowlist-docs

Conversation

@deepujain

@deepujain deepujain commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Clarifies that TEAMS_ALLOWED_USERS / MSTEAMS_ALLOWED_USERS are direct-message allowlists, not group or channel sender restrictions.
  • Adds Teams group/channel allowlist onboarding inputs: TEAMS_GROUP_POLICY and TEAMS_GROUP_ALLOWED_USERS.
  • Renders OpenClaw channels.msteams.groupPolicy and groupAllowFrom only when a non-empty group allowlist is configured, keeping the default group behavior open.

Fixes #5853

Evidence it works

  • npx vitest run src/lib/messaging/channels/manifests.test.ts src/lib/messaging/compiler/manifest-compiler.test.ts passed, 34 tests.
  • npm run build:cli passed.
  • npm run typecheck:cli passed.
  • npm run docs:sync-agent-variants passed.
  • npm run docs passed with 0 errors; Fern reported 2 warnings without printing warning details.
  • npx @biomejs/biome format src/lib/messaging/channels/teams/template-resolver.ts src/lib/messaging/channels/teams/manifest.ts src/lib/messaging/channels/manifests.test.ts src/lib/messaging/compiler/manifest-compiler.test.ts docs/manage-sandboxes/messaging-channels.mdx passed.
  • git diff --check passed.
  • npx prek run --files ... reached and passed the relevant touched-file hooks through gitleaks, then timed out while handling invalid cached Python hook environments. No touched-file hook failure appeared before the timeout.
  • npm test was attempted and timed out at 300s with unrelated environment/tooling failures that require local gateway, docker, portable stat, net probe, and CLI log setup. The focused Teams manifest/compiler tests above passed.

Signed-off-by: Deepak Jain deepujain@gmail.com

Summary by CodeRabbit

  • Documentation
    • Clarified Microsoft Teams channel requirements and configuration details.
    • Explained how direct-message allowlisting differs from group/channel message handling.
    • Added guidance for configuring group/channel sender allowlisting and noted when group messages may be denied if no effective allowlist is set.

Fixes NVIDIA#5853

Signed-off-by: Deepak Jain <deepujain@gmail.com>
@copy-pr-bot

copy-pr-bot Bot commented Jun 26, 2026

Copy link
Copy Markdown

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

@coderabbitai

coderabbitai Bot commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: ca82b9e5-49f0-41fe-971d-4fe86fa73394

📥 Commits

Reviewing files that changed from the base of the PR and between d3dbdc1 and a3bfcd7.

📒 Files selected for processing (1)
  • docs/manage-sandboxes/messaging-channels.mdx
✅ Files skipped from review due to trivial changes (1)
  • docs/manage-sandboxes/messaging-channels.mdx

📝 Walkthrough

Walkthrough

Updates the Microsoft Teams messaging docs to clarify that TEAMS_ALLOWED_USERS only allowlists direct messages, and documents separate group/channel sender allowlisting via groupPolicy and groupAllowFrom.

Changes

Teams allowlist documentation

Layer / File(s) Summary
Docs
docs/manage-sandboxes/messaging-channels.mdx
Clarifies the Microsoft Teams channel requirements table and expands the configuration section to distinguish DM allowlisting from group/channel sender allowlisting.

Estimated review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

  • NVIDIA/NemoClaw#5820: Updates the same Teams messaging-channel documentation area and the surrounding TEAMS_ALLOWED_USERS / mention-mode semantics.

Poem

Hoppity hop, I read the guide,
DMs and group chats now stay well-spied.
One list for whispers, one for the crowd,
A bunny can bounce through docs aloud.
🐰📘

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the doc update about clarifying Teams group allowlists and DM-only scope.
Linked Issues check ✅ Passed The docs now state TEAMS_ALLOWED_USERS only gates DMs and document the separate group allowlist settings and default-open behavior.
Out of Scope Changes check ✅ Passed The PR stays within scope by changing only the Teams messaging documentation.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
src/lib/messaging/compiler/manifest-compiler.test.ts (1)

556-582: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Add a test for the empty-allowlist normalization branch.

This case covers TEAMS_GROUP_POLICY=allowlist with a populated list, but the template resolver's key normalization path — allowlist with an empty TEAMS_GROUP_ALLOWED_USERS collapsing to groupPolicy:"open" and omitting groupAllowFrom — is not exercised here. That branch directly encodes the PR objective that groups stay open unless the allowlist is explicitly populated, so a regression there would be silent.

🧪 Suggested additional test
it("normalizes empty Microsoft Teams group allowlist to open policy", async () => {
  const plan = await withEnv(
    {
      ...TEST_TEAMS_ENV,
      TEAMS_GROUP_POLICY: "allowlist",
      TEAMS_GROUP_ALLOWED_USERS: undefined,
    },
    () =>
      compiler().compile({
        sandboxName: "demo",
        agent: "openclaw",
        workflow: "rebuild",
        isInteractive: false,
        configuredChannels: ["teams"],
        credentialAvailability: { MSTEAMS_APP_PASSWORD: true },
      }),
  );

  const rendered = JSON.stringify(plan.agentRender);
  expect(rendered).toContain('"groupPolicy":"open"');
  expect(rendered).not.toContain('"groupAllowFrom"');
});
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/messaging/compiler/manifest-compiler.test.ts` around lines 556 - 582,
Add a test in manifest-compiler.test.ts to cover the empty Microsoft Teams
allowlist normalization path. Extend the existing OpenClaw Teams group policy
coverage by adding a case that uses compiler().compile with TEAMS_GROUP_POLICY
set to allowlist and TEAMS_GROUP_ALLOWED_USERS unset/empty, then assert the
rendered plan normalizes to groupPolicy:"open" and does not include
groupAllowFrom. Reuse withEnv, TEST_TEAMS_ENV, and the same compile inputs so
the new test targets the template resolver behavior directly.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/lib/messaging/compiler/manifest-compiler.test.ts`:
- Around line 556-582: Add a test in manifest-compiler.test.ts to cover the
empty Microsoft Teams allowlist normalization path. Extend the existing OpenClaw
Teams group policy coverage by adding a case that uses compiler().compile with
TEAMS_GROUP_POLICY set to allowlist and TEAMS_GROUP_ALLOWED_USERS unset/empty,
then assert the rendered plan normalizes to groupPolicy:"open" and does not
include groupAllowFrom. Reuse withEnv, TEST_TEAMS_ENV, and the same compile
inputs so the new test targets the template resolver behavior directly.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: a311aca4-ec0e-4206-b909-6b095455a808

📥 Commits

Reviewing files that changed from the base of the PR and between c1c7c1d and 36f85d5.

📒 Files selected for processing (5)
  • docs/manage-sandboxes/messaging-channels.mdx
  • src/lib/messaging/channels/manifests.test.ts
  • src/lib/messaging/channels/teams/manifest.ts
  • src/lib/messaging/channels/teams/template-resolver.ts
  • src/lib/messaging/compiler/manifest-compiler.test.ts

@wscurran wscurran added area: docs Documentation, examples, guides, or docs build area: messaging Messaging channels, bridges, manifests, or channel lifecycle bug-fix PR fixes a bug or regression labels Jun 26, 2026
@wscurran

Copy link
Copy Markdown
Contributor

✨ Thanks for the proposed fix clarifying that TEAMS_ALLOWED_USERS and MSTEAMS_ALLOWED_USERS only gate direct messages and for adding the TEAMS_GROUP_POLICY and TEAMS_GROUP_ALLOWED_USERS onboarding inputs. This proposes a way to render the OpenClaw channels.msteams.groupPolicy and groupAllowFrom fields only when a non-empty group allowlist is configured, keeping the default group behavior open.


Related open issues:

@miyoungc miyoungc self-assigned this Jun 26, 2026
Comment thread docs/manage-sandboxes/messaging-channels.mdx Outdated
miyoungc
miyoungc previously approved these changes Jun 26, 2026
@miyoungc miyoungc dismissed their stale review June 26, 2026 23:00

CI failing

@miyoungc

Copy link
Copy Markdown
Collaborator

Thanks for working on this and for digging into the Teams group/channel allowlist behavior. The distinction you found is real and important: TEAMS_ALLOWED_USERS / MSTEAMS_ALLOWED_USERS only describe direct-message access, while OpenClaw group/channel sender restrictions use channels.msteams.groupPolicy and channels.msteams.groupAllowFrom.

That said, I’d like to narrow this PR back to the issue scope before we continue review. The original issue explicitly calls this out as not a code defect and frames the fix as a documentation plus onboarding-UX gap. The source changes here go beyond documenting the existing behavior: they add new NemoClaw env vars, add manifest inputs, change persisted/rebuild-hydrated state, modify onboarding prompts, and render new OpenClaw config fields. That is a product/UX behavior change, even if the underlying OpenClaw knobs are valid.

Could you please revise this PR to be docs-only for now? The docs should clearly state that:

  • TEAMS_ALLOWED_USERS / MSTEAMS_ALLOWED_USERS apply to direct messages only.
  • Teams group and channel replies remain open by default, subject to mention mode.
  • Operators who need group/channel sender allowlisting can configure OpenClaw with channels.msteams.groupPolicy="allowlist" and channels.msteams.groupAllowFrom.

I’m not rejecting the idea of first-class TEAMS_GROUP_POLICY / TEAMS_GROUP_ALLOWED_USERS onboarding inputs outright. I just think that should be handled as a separate, intentional UX enhancement with its own scope and tests, rather than bundled into a docs clarification for an issue that says the runtime code is behaving as designed.

Signed-off-by: Deepak Jain <deepujain@gmail.com>
@deepujain deepujain changed the title fix(messaging): document Teams group allowlists (Fixes #5853) docs(messaging): clarify Teams group allowlists (Fixes #5853) Jun 27, 2026
@deepujain

Copy link
Copy Markdown
Contributor Author

Narrowed this back to docs-only. I removed the Teams runtime/test changes from the branch, kept the DM vs group/channel allowlist guidance, and corrected the empty group allowlist wording to match OpenClaw behavior.\n\nValidated with

nemoclaw@0.1.0 docs:check-agent-variants
tsx scripts/sync-agent-variant-docs.ts --check

docs/_build/agent-variants/about/how-it-works.hermes.generated.mdx is already up to date
docs/_build/agent-variants/about/how-it-works.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/about/overview.hermes.generated.mdx is already up to date
docs/_build/agent-variants/about/overview.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/about/release-notes.hermes.generated.mdx is already up to date
docs/_build/agent-variants/about/release-notes.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/get-started/prerequisites.hermes.generated.mdx is already up to date
docs/_build/agent-variants/get-started/prerequisites.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/get-started/windows-preparation.hermes.generated.mdx is already up to date
docs/_build/agent-variants/get-started/windows-preparation.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/inference/inference-options.hermes.generated.mdx is already up to date
docs/_build/agent-variants/inference/inference-options.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/inference/switch-inference-providers.hermes.generated.mdx is already up to date
docs/_build/agent-variants/inference/switch-inference-providers.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/inference/use-local-inference.hermes.generated.mdx is already up to date
docs/_build/agent-variants/inference/use-local-inference.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/manage-sandboxes/backup-restore.hermes.generated.mdx is already up to date
docs/_build/agent-variants/manage-sandboxes/backup-restore.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/manage-sandboxes/lifecycle.hermes.generated.mdx is already up to date
docs/_build/agent-variants/manage-sandboxes/lifecycle.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/manage-sandboxes/messaging-channels.hermes.generated.mdx is already up to date
docs/_build/agent-variants/manage-sandboxes/messaging-channels.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/manage-sandboxes/runtime-controls.hermes.generated.mdx is already up to date
docs/_build/agent-variants/manage-sandboxes/runtime-controls.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/manage-sandboxes/workspace-files.hermes.generated.mdx is already up to date
docs/_build/agent-variants/manage-sandboxes/workspace-files.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/monitoring/monitor-sandbox-activity.hermes.generated.mdx is already up to date
docs/_build/agent-variants/monitoring/monitor-sandbox-activity.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/network-policy/approve-network-requests.hermes.generated.mdx is already up to date
docs/_build/agent-variants/network-policy/approve-network-requests.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/network-policy/customize-network-policy.hermes.generated.mdx is already up to date
docs/_build/agent-variants/network-policy/customize-network-policy.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/network-policy/integration-policy-examples.hermes.generated.mdx is already up to date
docs/_build/agent-variants/network-policy/integration-policy-examples.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/reference/architecture.hermes.generated.mdx is already up to date
docs/_build/agent-variants/reference/architecture.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/reference/cli-selection-guide.hermes.generated.mdx is already up to date
docs/_build/agent-variants/reference/cli-selection-guide.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/reference/commands.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/reference/enterprise-readiness.hermes.generated.mdx is already up to date
docs/_build/agent-variants/reference/enterprise-readiness.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/reference/network-policies.hermes.generated.mdx is already up to date
docs/_build/agent-variants/reference/network-policies.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/reference/troubleshooting.hermes.generated.mdx is already up to date
docs/_build/agent-variants/reference/troubleshooting.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/resources/agent-skills.hermes.generated.mdx is already up to date
docs/_build/agent-variants/resources/agent-skills.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/resources/license.hermes.generated.mdx is already up to date
docs/_build/agent-variants/resources/license.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/security/best-practices.hermes.generated.mdx is already up to date
docs/_build/agent-variants/security/best-practices.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/security/credential-storage.hermes.generated.mdx is already up to date
docs/_build/agent-variants/security/credential-storage.openclaw.generated.mdx is already up to date,

nemoclaw@0.1.0 docs
npm run docs:strict

nemoclaw@0.1.0 docs:strict
npm run docs:check-agent-variants && FERN_VERSION=$(node -p "require('./fern/fern.config.json').version") && cd fern && npx --yes "fern-api@${FERN_VERSION}" check

nemoclaw@0.1.0 docs:check-agent-variants
tsx scripts/sync-agent-variant-docs.ts --check

docs/_build/agent-variants/about/how-it-works.hermes.generated.mdx is already up to date
docs/_build/agent-variants/about/how-it-works.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/about/overview.hermes.generated.mdx is already up to date
docs/_build/agent-variants/about/overview.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/about/release-notes.hermes.generated.mdx is already up to date
docs/_build/agent-variants/about/release-notes.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/get-started/prerequisites.hermes.generated.mdx is already up to date
docs/_build/agent-variants/get-started/prerequisites.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/get-started/windows-preparation.hermes.generated.mdx is already up to date
docs/_build/agent-variants/get-started/windows-preparation.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/inference/inference-options.hermes.generated.mdx is already up to date
docs/_build/agent-variants/inference/inference-options.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/inference/switch-inference-providers.hermes.generated.mdx is already up to date
docs/_build/agent-variants/inference/switch-inference-providers.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/inference/use-local-inference.hermes.generated.mdx is already up to date
docs/_build/agent-variants/inference/use-local-inference.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/manage-sandboxes/backup-restore.hermes.generated.mdx is already up to date
docs/_build/agent-variants/manage-sandboxes/backup-restore.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/manage-sandboxes/lifecycle.hermes.generated.mdx is already up to date
docs/_build/agent-variants/manage-sandboxes/lifecycle.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/manage-sandboxes/messaging-channels.hermes.generated.mdx is already up to date
docs/_build/agent-variants/manage-sandboxes/messaging-channels.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/manage-sandboxes/runtime-controls.hermes.generated.mdx is already up to date
docs/_build/agent-variants/manage-sandboxes/runtime-controls.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/manage-sandboxes/workspace-files.hermes.generated.mdx is already up to date
docs/_build/agent-variants/manage-sandboxes/workspace-files.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/monitoring/monitor-sandbox-activity.hermes.generated.mdx is already up to date
docs/_build/agent-variants/monitoring/monitor-sandbox-activity.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/network-policy/approve-network-requests.hermes.generated.mdx is already up to date
docs/_build/agent-variants/network-policy/approve-network-requests.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/network-policy/customize-network-policy.hermes.generated.mdx is already up to date
docs/_build/agent-variants/network-policy/customize-network-policy.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/network-policy/integration-policy-examples.hermes.generated.mdx is already up to date
docs/_build/agent-variants/network-policy/integration-policy-examples.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/reference/architecture.hermes.generated.mdx is already up to date
docs/_build/agent-variants/reference/architecture.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/reference/cli-selection-guide.hermes.generated.mdx is already up to date
docs/_build/agent-variants/reference/cli-selection-guide.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/reference/commands.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/reference/enterprise-readiness.hermes.generated.mdx is already up to date
docs/_build/agent-variants/reference/enterprise-readiness.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/reference/network-policies.hermes.generated.mdx is already up to date
docs/_build/agent-variants/reference/network-policies.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/reference/troubleshooting.hermes.generated.mdx is already up to date
docs/_build/agent-variants/reference/troubleshooting.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/resources/agent-skills.hermes.generated.mdx is already up to date
docs/_build/agent-variants/resources/agent-skills.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/resources/license.hermes.generated.mdx is already up to date
docs/_build/agent-variants/resources/license.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/security/best-practices.hermes.generated.mdx is already up to date
docs/_build/agent-variants/security/best-practices.openclaw.generated.mdx is already up to date
docs/_build/agent-variants/security/credential-storage.hermes.generated.mdx is already up to date
docs/_build/agent-variants/security/credential-storage.openclaw.generated.mdx is already up to date
Found 0 errors and 2 warnings in 0.000 seconds. Run fern check --warnings to print out the warnings not shown., and .

@sandl99 sandl99 added the v0.0.70 Release target label Jun 29, 2026
@miyoungc

miyoungc commented Jun 29, 2026

Copy link
Copy Markdown
Collaborator

@deepujain would you please make sure to every commit has verified signature?

@miyoungc

Copy link
Copy Markdown
Collaborator

Merging for now, but please make sure to keep all commits have verified signature from now on.

@miyoungc miyoungc merged commit c87ff23 into NVIDIA:main Jun 29, 2026
24 checks passed
@miyoungc miyoungc mentioned this pull request Jun 30, 2026
21 tasks
jyaunches pushed a commit that referenced this pull request Jun 30, 2026
## Summary
Refreshes the v0.0.70 release docs from the release announcement and the
`v0.0.69..v0.0.70` commit range.
It also documents the `channels start` policy restoration behavior that
was missing from the shared OpenClaw and Hermes command references, and
bumps the Fern CLI version used for docs validation.

## Changes
- Replaced the stale `v0.0.70` release-notes entry with the actual
release themes, including CLI, onboarding, inference, messaging,
Windows, documentation, and release-validation changes.
- Documented that `channels start` reapplies the matching built-in
network policy preset before rebuild and rolls back to disabled if
policy restoration fails.
- Bumped `fern/fern.config.json` from `5.55.0` to `5.59.0` for the docs
refresh.
- Source summary:
- #5754 -> `docs/about/release-notes.mdx`: Notes Docker Desktop gateway
bridge retry behavior during onboarding.
- #5930 -> `docs/about/release-notes.mdx`: Links `nemoclaw use` default
sandbox selection to the command reference.
- #5948 -> `docs/about/release-notes.mdx`: Links reasoning-compatible
endpoint validation to inference documentation.
- #5950 -> `docs/about/release-notes.mdx`: Links Windows bootstrap WSL
recovery behavior to Windows preparation and troubleshooting docs.
- #5856 -> `docs/about/release-notes.mdx`: Notes rebuilt policy preset
registry repair.
- #5882 and #5949 -> `docs/about/release-notes.mdx`: Notes Hermes stale
base-image state repair.
- #6016 -> `docs/reference/commands.mdx`,
`docs/reference/commands-nemohermes.mdx`, and
`docs/manage-sandboxes/messaging-channels.mdx`: Documents channel policy
restoration and rollback on `channels start`.
- #5859 -> `docs/about/release-notes.mdx`: Links quickstart network
approval guidance.
- #5863 -> `docs/about/release-notes.mdx`: Links Teams allowlist
guidance in the messaging page.
- #5756, #5926, #6010, and #6011 -> `docs/about/release-notes.mdx`:
Summarizes the Vitest E2E validation cutover.

## Type of Change

- [ ] Code change (feature, bug fix, or refactor)
- [ ] Code change with doc updates
- [x] Doc only (prose changes, no code sample modifications)
- [ ] Doc only (includes code sample changes)

## Quality Gates
- [ ] Tests added or updated for changed behavior
- [ ] Existing tests cover changed behavior — justification:
- [x] Tests not applicable — justification: doc-only prose refresh with
no runtime behavior change.
- [x] Docs updated for user-facing behavior changes
- [ ] Docs not applicable — justification:
- [ ] Sensitive paths changed (security, policy, credentials, preflight,
onboarding, inference, runner, sandbox, or messaging)
- [ ] Sensitive-path review completed or maintainer-approved waiver
recorded — reviewer/approval link/justification:
- [ ] Non-success, skipped, or missing CI check accepted by maintainer —
check name, approval link, and follow-up issue:

## Verification
- [x] PR description includes the DCO sign-off declaration and every
commit appears as `Verified` in GitHub
- [x] Git hooks passed during commit and push, or `npx prek run
--from-ref main --to-ref HEAD` passes
- [ ] Targeted tests pass for changed behavior
- [ ] Full `npm test` passes (broad runtime changes only)
- [x] Quality Gates section completed with required justifications or
waivers
- [x] No secrets, API keys, or credentials committed
- [ ] `npm run docs` builds without warnings (doc changes only)
- [x] Doc pages follow the [style
guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md)
(doc changes only)
- [ ] New doc pages include SPDX header and frontmatter (new pages only)

`npm run docs` exited 0 and Fern reported one existing light-mode accent
contrast warning.
`fern check --warnings` confirmed the warning is the site theme contrast
ratio, not content introduced by this PR.

---
Signed-off-by: Miyoung Choi <miyoungc@nvidia.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area: docs Documentation, examples, guides, or docs build area: messaging Messaging channels, bridges, manifests, or channel lifecycle bug-fix PR fixes a bug or regression v0.0.70 Release target

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[macOS][Docs] MS Teams TEAMS_ALLOWED_USERS allowlist only gates DMs not group chats; group allowlist (groupAllowFrom/groupPolicy) undocumented

4 participants