docs: stabilize starter prompt credential capture#6423
Conversation
|
Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually. Contributors can view more details about this message here. |
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (3)
🚧 Files skipped from review as they are similar to previous changes (3)
📝 WalkthroughWalkthroughThis PR adds a checked-in loopback credential form, updates starter prompt text to reference it, and expands tests to pin the template and verify its submission and security behavior. ChangesLocal credential form and docs update
Estimated code review effort: 4 (Complex) | ~45 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
Code Coverage OverviewLanguages: TypeScript TypeScript / code-coverage/pluginThe overall coverage in the branch is 96%. Coverage data for the branch is not yet available. Show a code coverage summary of the most covered files.
TypeScript / code-coverage/cliThe overall coverage in the branch is 76%. Coverage data for the branch is not yet available. Show a code coverage summary of the most covered files.
Updated |
|
🌿 Preview your docs: https://nvidia-preview-pr-6423.docs.buildwithfern.com/nemoclaw |
E2E Advisor RecommendationRequired E2E: Dispatch hint: Full advisor summaryE2E Recommendation AdvisorBase: Required E2E
Optional E2E
New E2E recommendations
Dispatch hint
|
E2E Target RecommendationRequired E2E targets: None Full E2E target advisor summaryE2E Target AdvisorBase: Required E2E targets
Optional E2E targets
Relevant changed files
|
PR Review Advisor — No blocking findingsMerge posture: No blocking advisor findings This is an automated, non-binding review; it still expects maintainers and agents to respond to each required or warning item. Treat suggestions as current-PR improvements when they touch changed code; defer only with maintainer rationale or a linked follow-up. A human maintainer must make the final merge decision. |
PR Review Advisor (Nemotron Ultra) — No blocking findingsMerge posture: No blocking advisor findings Action checklist
Findings index
Review findings by urgency: 0 required fixes, 0 items to resolve/justify, 2 in-scope improvements
|
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (2)
docs/_components/StarterPrompt.tsx (1)
95-95: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick winCredential-form URL is pinned to
main, not an immutable ref.
https://raw.githubusercontent.com/NVIDIA/NemoClaw/main/docs/resources/local-credential-form.htmltracks the movingmainbranch. The PR's stated goal is to "stabilize" credential capture and the test is literally named"pins local credential capture to the checked-in form template", but a branch ref isn't actually pinned — any future push tomainchanges what agents fetch and execute, without a corresponding change to this prompt or its tests. Consider referencing a specific commit SHA (or tag) so "pin" is accurate and content can't silently drift.Example fix
-- Use the repository form template from this URL exactly: https://raw.githubusercontent.com/NVIDIA/NemoClaw/main/docs/resources/local-credential-form.html +- Use the repository form template from this URL exactly: https://raw.githubusercontent.com/NVIDIA/NemoClaw/<pinned-commit-sha>/docs/resources/local-credential-form.html🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/_components/StarterPrompt.tsx` at line 95, The credential-form reference in StarterPrompt is still pointing at the mutable main branch, so update the URL in StarterPrompt to use an immutable ref such as a specific commit SHA or tag instead of main. Keep the existing local-credential-form.html template reference, but replace the branch-based raw.githubusercontent.com path so the pinned form used by the prompt cannot silently drift over time.test/starter-prompt-docs.test.ts (1)
86-86: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick winNegative-lookahead regex can be bypassed by lookalike hostnames.
/https?:\/\/(?!127\.0\.0\.1|localhost|\[::1\])/only checks the characters immediately following://, so a URL likehttps://127.0.0.1.evil.comorhttps://localhost.attacker.netwould satisfy the lookahead (starts with the allowed literal) and slip past this assertion even though it isn't actually a loopback host. This weakens the regression guard the test is meant to provide against non-loopback URLs creeping into the template.Tighter check
- expect(formSource).not.toMatch(/https?:\/\/(?!127\.0\.0\.1|localhost|\[::1\])/); + expect(formSource).not.toMatch(/https?:\/\/(?!127\.0\.0\.1(?:[:/]|$)|localhost(?:[:/]|$)|\[::1\](?:[:/]|$))/);🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@test/starter-prompt-docs.test.ts` at line 86, The regex assertion in the starter prompt docs test is too weak because the negative lookahead only checks the prefix after the scheme, so lookalike hosts can still pass. Tighten the check in test/starter-prompt-docs.test.ts by validating the parsed hostname or matching the full host boundary in formSource, using the existing formSource assertion to ensure only true loopback URLs like localhost, 127.0.0.1, or [::1] are allowed and not domains that merely start with those strings.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@docs/resources/local-credential-form.html`:
- Around line 10-12: The Content-Security-Policy in local-credential-form.html
includes frame-ancestors inside a meta tag, but that directive is ignored there.
Update the page’s CSP by removing frame-ancestors from the meta policy, and if
the loopback helper serves this form, move the directive to the HTTP response
header in the server-side code that emits the page so the protection is actually
enforced.
---
Nitpick comments:
In `@docs/_components/StarterPrompt.tsx`:
- Line 95: The credential-form reference in StarterPrompt is still pointing at
the mutable main branch, so update the URL in StarterPrompt to use an immutable
ref such as a specific commit SHA or tag instead of main. Keep the existing
local-credential-form.html template reference, but replace the branch-based
raw.githubusercontent.com path so the pinned form used by the prompt cannot
silently drift over time.
In `@test/starter-prompt-docs.test.ts`:
- Line 86: The regex assertion in the starter prompt docs test is too weak
because the negative lookahead only checks the prefix after the scheme, so
lookalike hosts can still pass. Tighten the check in
test/starter-prompt-docs.test.ts by validating the parsed hostname or matching
the full host boundary in formSource, using the existing formSource assertion to
ensure only true loopback URLs like localhost, 127.0.0.1, or [::1] are allowed
and not domains that merely start with those strings.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 9b644332-f404-4e25-a4f4-25356ecdad55
📒 Files selected for processing (7)
docs/_components/StarterPrompt.tsxdocs/get-started/quickstart-hermes.mdxdocs/get-started/quickstart.mdxdocs/index.mdxdocs/resources/agent-skills.mdxdocs/resources/local-credential-form.htmltest/starter-prompt-docs.test.ts
There was a problem hiding this comment.
🧹 Nitpick comments (1)
test/starter-prompt-docs.test.ts (1)
331-352: 🔒 Security & Privacy | 🔵 Trivial | 💤 Low valueOptionally assert the submit payload, not just the target.
This test proves submission goes only to
/submit(ignoring the attacker-suppliedsubmit=param) and that the notice is redacted, which is the key security guarantee. To also prove the real secret is actually transmitted to the loopback helper (and not silently dropped), consider asserting the requestinitcarries a POST body containing the secret value.♻️ Optional strengthening
expect(rendered.fetchCalls).toHaveLength(1); expect(rendered.fetchCalls[0]?.url).toBe("/submit"); + const init = rendered.fetchCalls[0]?.init as { method?: string; body?: string } | undefined; + expect(init?.method).toBe("POST"); + expect(String(init?.body)).toContain("super-secret"); expect(secretInput?.value).toBe("");🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@test/starter-prompt-docs.test.ts` around lines 331 - 352, Strengthen the test in starter-prompt-docs.test.ts by asserting the actual submit request payload in runCredentialForm/submitted fetch handling, not just that fetchCalls[0]?.url equals "/submit". Keep the existing redaction and loopback-target checks, and add an assertion on the captured fetch init/body to verify the POST data contains SECRET_TOKEN=super-secret while still confirming the rendered result only shows the redacted secret.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@test/starter-prompt-docs.test.ts`:
- Around line 331-352: Strengthen the test in starter-prompt-docs.test.ts by
asserting the actual submit request payload in runCredentialForm/submitted fetch
handling, not just that fetchCalls[0]?.url equals "/submit". Keep the existing
redaction and loopback-target checks, and add an assertion on the captured fetch
init/body to verify the POST data contains SECRET_TOKEN=super-secret while still
confirming the rendered result only shows the redacted secret.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 554af738-7656-49aa-9076-730c42b8ac81
📒 Files selected for processing (3)
docs/_components/StarterPrompt.tsxdocs/resources/local-credential-form.htmltest/starter-prompt-docs.test.ts
🚧 Files skipped from review as they are similar to previous changes (2)
- docs/_components/StarterPrompt.tsx
- docs/resources/local-credential-form.html
There was a problem hiding this comment.
🧹 Nitpick comments (1)
test/starter-prompt-docs.test.ts (1)
122-136: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winFail on unexpected selectors instead of silently returning
[].
querySelectorAllrecognizes onlyinput[data-secret='true']and returns an empty array for anything else. If the checked-in script is ever changed to query secrets with a different selector, the harness would silently find no secret inputs, and the redaction behavior test could pass without ever exercising the redaction path. Failing loudly on unsupported selectors keeps the harness honest against template drift.♻️ Fail on unsupported selectors
querySelectorAll(selector: string): FakeElement[] { + if (selector !== "input[data-secret='true']") { + fail(`Unsupported selector ${selector}`); + } const result: FakeElement[] = []; const visit = (element: FakeElement) => { const matchesSecretInput = selector === "input[data-secret='true']" && element.tagName === "input" && element.dataset.secret === "true"; matchesSecretInput && result.push(element);As per path instructions: "Flag ... broad mocks that bypass the behavior under test."
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@test/starter-prompt-docs.test.ts` around lines 122 - 136, The FakeElement querySelectorAll harness is too permissive because it silently returns an empty array for unsupported selectors, which can hide template drift. Update querySelectorAll to explicitly fail when selector is anything other than input[data-secret='true'], and keep the existing secret-input matching logic for the supported case so the redaction test exercises the intended path. Use the querySelectorAll method on FakeElement to locate the change.Source: Path instructions
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@test/starter-prompt-docs.test.ts`:
- Around line 122-136: The FakeElement querySelectorAll harness is too
permissive because it silently returns an empty array for unsupported selectors,
which can hide template drift. Update querySelectorAll to explicitly fail when
selector is anything other than input[data-secret='true'], and keep the existing
secret-input matching logic for the supported case so the redaction test
exercises the intended path. Use the querySelectorAll method on FakeElement to
locate the change.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 293ae09d-a1e7-42bc-8a55-fd2533070c84
📒 Files selected for processing (1)
test/starter-prompt-docs.test.ts
|
@coderabbitai review Please review the exact final head |
🧩 Analysis chain🏁 Script executed: #!/bin/bash
gh pr view 6423 --repo NVIDIA/NemoClaw --json headRefOid,headRefName,commits --jq '.headRefOid'Length of output: 287 The PR description image shows a rendered preview of the
✅ Action performedReview finished.
|
|
Resolved the exact-head advisor items in
Nonblocking advisor suggestions:
|
|
@coderabbitai review Please review the exact final head |
🧩 Analysis chain🏁 Script executed: #!/bin/bash
gh pr view 6423 --repo NVIDIA/NemoClaw --json headRefOid --jq '.headRefOid'Length of output: 267 The image shows the "NemoClaw Local Credential Form" UI card described in the PR objectives: title, loopback-only instructional text, a green notice box, a "Compatible Api Key" input field, a "Send to Local Helper" button, and a success state with a masked
✅ Action performedReview finished.
|
<!-- markdownlint-disable MD041 --> ## Summary Adds the v0.0.77 release-note section from the shipped release announcement and release commit range. This is post-release docs recovery, so the PR is labeled for the next patch release train. ## Changes - Added `v0.0.77` to `docs/about/release-notes.mdx` with links to the deeper Deep Agents, architecture, inference, security, and agent-docs pages. - Source summary: - #6469 -> `docs/about/release-notes.mdx`: Documents Deep Agents Code base-image publication and stale-version validation. - #6471 -> `docs/about/release-notes.mdx`: Documents the managed runtime disabling LangGraph CLI analytics. - #6462 -> `docs/about/release-notes.mdx`: Documents the TUI, launch banner, and model-identity provider display behavior. - #6460 -> `docs/about/release-notes.mdx`: Documents bounded, best-effort OTLP trace credential scrubbing and the remaining collector-side redaction requirement. - #6423 -> `docs/about/release-notes.mdx`: Documents the checked-in loopback-only local credential form used by starter prompts. ## Type of Change - [ ] Code change (feature, bug fix, or refactor) - [ ] Code change with doc updates - [x] Doc only (prose changes, no code sample modifications) - [ ] Doc only (includes code sample changes) ## Quality Gates <!-- Check exactly one tests line and one docs line. Check other lines when applicable. Add every requested justification or approval reference. --> - [ ] Tests added or updated for changed behavior - [ ] Existing tests cover changed behavior — justification: - [x] Tests not applicable — justification: release-note prose only, no runtime behavior or code samples changed. - [x] Docs updated for user-facing behavior changes - [ ] Docs not applicable — justification: - [ ] Sensitive paths changed (security, policy, credentials, preflight, onboarding, inference, runner, sandbox, or messaging) - [ ] Sensitive-path review completed or maintainer-approved waiver recorded — reviewer/approval link/justification: - [ ] Non-success, skipped, or missing CI check accepted by maintainer — check name, approval link, and follow-up issue: ## Verification <!-- Check each applicable item only when supported by the requested evidence. Run targeted tests once per relevant change set and rerun after later edits or hook autofixes that can affect the tested behavior. Do not rerun hook-covered checks. --> - [x] PR description includes the DCO sign-off declaration and every commit appears as `Verified` in GitHub - [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or `npm run check:diff` passed when hooks were skipped or unavailable - [x] Targeted behavior tests pass for the current change set, or tests are marked not applicable above — command/result or justification: tests not applicable for release-note prose only. - [ ] Applicable broad gate passed — `npm test` for broad runtime/test-harness changes; `npm run check` for repo-wide validation/coverage changes — command/result: - [x] Quality Gates section completed with required justifications or waivers - [x] No secrets, API keys, or credentials committed - [ ] `npm run docs` builds without warnings (doc changes only) - [x] Doc pages follow the [style guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md) (doc changes only) - [ ] New doc pages include SPDX header and frontmatter (new pages only) Verification note: `npm run docs` passed. `fern check --warnings` reports the existing light-mode accent color contrast warning: `2.41:1`, expected at least `3:1`. --- <!-- DCO sign-off is required in this PR description, and every commit must appear as Verified in GitHub. Run: git config user.name && git config user.email --> Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Added a new release-notes entry for **v0.0.77** at the top of the changelog. * Highlighted improved package validation, tighter handling of telemetry and trace data, and safer starter prompt behavior with stronger redaction and local-only submission. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- markdownlint-disable MD041 --> ## Summary This follow-up to #6423 replaces prose-generated credential capture with a checked-in, authenticated one-shot loopback helper and a hardened local form. It binds the reviewed helper/form bytes to immutable commit URLs and SHA-256 digests so coding agents fail closed before collecting secrets. The helper now requires an explicit `isolated` or `account-home` execution profile so stateless commands use private config roots while persistent install/onboard commands use only an explicitly approved absolute working directory and the OS account home. ## Changes - Add a Node.js 22 helper that validates the approved field schema, form digest, loopback request boundary, one-shot capability, and exact child argv without invoking a shell. - Require explicit `isolated` and `account-home` profiles, with private per-session config/temp roots for isolated work and reconstructed account-home roots plus an approved absolute cwd for persistent work. - Deny ambient `NEMOCLAW_*`, `OPENSHELL_*`, config-root, loader, package-manager, container, crypto-provider, and other process-control selectors while permitting only explicitly approved collected fields. - Harden the local form with a no-network preview/edit/confirm flow, redacted summaries, strict response locking, and no retry after an ambiguous submission. - Pin both reviewed artifacts in the starter prompt and add a repository check for digest, package, executable-bit, and helper/form safety-rule parity. - Update user-facing starter-prompt summaries and add integration coverage for malformed requests, races, abandoned responses, CSP, form behavior, and immutable pins. ## Type of Change - [ ] Code change (feature, bug fix, or refactor) - [x] Code change with doc updates - [ ] Doc only (prose changes, no code sample modifications) - [ ] Doc only (includes code sample changes) ## Quality Gates - [x] Tests added or updated for changed behavior - [ ] Existing tests cover changed behavior — justification: - [ ] Tests not applicable — justification: - [x] Docs updated for user-facing behavior changes - [ ] Docs not applicable — justification: - [x] Sensitive paths changed (security, policy, credentials, preflight, onboarding, inference, runner, sandbox, or messaging) - [x] Sensitive-path review completed or maintainer-approved waiver recorded — reviewer/approval link/justification: independent nine-category repository security review completed with final PASS after the CodeQL filesystem-race, CodeRabbit memory-semantics/parity, and GPT-advisor ambient-environment findings were addressed; the helper/form boundary was reviewed for secret handling, input validation, authentication, error behavior, data protection, headers, security tests, and race safety. - [ ] Non-success, skipped, or missing CI check accepted by maintainer — check name, approval link, and follow-up issue: ## Verification - [x] PR description includes the DCO sign-off declaration and every commit appears as `Verified` in GitHub - [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or `npm run check:diff` passed when hooks were skipped or unavailable - [x] Targeted behavior tests pass for the current change set, or tests are marked not applicable above — command/result or justification: `npx vitest run --project integration test/local-credential-helper.test.ts test/local-credential-helper-pin.test.ts test/starter-prompt-docs.test.ts` passed 163/163 tests. - [x] Applicable broad gate passed — `npm test` for broad runtime/test-harness changes; `npm run check` for repo-wide validation/coverage changes — command/result: `umask 022 && npm test` passed 14,323 tests across 1,267 passing files, with 39 expected skips and 1 todo. - [x] Quality Gates section completed with required justifications or waivers - [x] No secrets, API keys, or credentials committed - [ ] `npm run docs` builds without warnings (doc changes only) — not a doc-only PR; the build completed with 0 errors and 2 pre-existing warnings. - [x] Doc pages follow the [style guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md) (doc changes only) - [ ] New doc pages include SPDX header and frontmatter (new pages only) Advisor-required live E2E: [run 28920925588](https://github.com/NVIDIA/NemoClaw/actions/runs/28920925588) passed credential-sanitization and cloud-onboard at head a413ba3. Additional checks: `npm run checks`, `npm run typecheck:cli`, `npm run source-shape:check`, `npm run test-size:check`, package dry-run contents, post-push raw artifact SHA-256 verification, and `git diff --check` all passed. --- Signed-off-by: Carlos Villela <cvillela@nvidia.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added a stricter “preview then confirm” credential-capture workflow before any credentialed commands are generated or executed. * Improved non-interactive guidance to support secure `curl | bash` execution with approved-command enforcement. * **Bug Fixes** * Hardened the local credential form UI and submission behavior with stronger input validation, loopback-only access, and safer handling of ambiguous/failed outcomes. * **Documentation** * Updated quickstarts and starter prompt text to match the new approve-then-capture flow. * **Tests** * Expanded integration and security tests for the local helper, integrity pinning, and credential/processing policy checks. * **Chores** * Packaged the hardened credential-form asset and added automated integrity verification. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Signed-off-by: Carlos Villela <cvillela@nvidia.com> Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> Signed-off-by: cjagwani <cjagwani@nvidia.com> Co-authored-by: Miyoung Choi <miyoungc@nvidia.com> Co-authored-by: cjagwani <cjagwani@nvidia.com>
<!-- markdownlint-disable MD041 --> ## Summary This PR makes NemoClaw's starter prompt use a checked-in local credential form template instead of asking coding agents to generate form HTML during onboarding. The goal is to reduce setup variability for medium-sized models while preserving local-only credential handling. ## Changes - Adds `docs/resources/local-credential-form.html`, a self-contained loopback-only credential form template with no external resources. - Updates the starter prompt to fetch or reuse that template, serve it from `127.0.0.1`, and implement only the small local submit helper around it. - Updates starter prompt CTA copy across the home, quickstart, Hermes quickstart, and AI Agent Docs pages. - Adds starter prompt contract coverage for the credential template URL, local-only CSP, and Deep Agents prompt option. Local form: <img width="647" height="665" alt="Screenshot 2026-07-07 at 6 06 42 PM" src="https://github.com/user-attachments/assets/dfa3c651-6a36-4a91-95b3-dd36e3fa1a72" /> ## Type of Change - [ ] Code change (feature, bug fix, or refactor) - [x] Code change with doc updates - [ ] Doc only (prose changes, no code sample modifications) - [ ] Doc only (includes code sample changes) ## Quality Gates <!-- Check exactly one tests line and one docs line. Check other lines when applicable. Add every requested justification or approval reference. --> - [x] Tests added or updated for changed behavior - [ ] Existing tests cover changed behavior — justification: - [ ] Tests not applicable — justification: - [x] Docs updated for user-facing behavior changes - [ ] Docs not applicable — justification: - [x] Sensitive paths changed (security, policy, credentials, preflight, onboarding, inference, runner, sandbox, or messaging) - [x] Sensitive-path review completed or maintainer-approved waiver recorded — reviewer/approval link/justification: Credential handling remains local-only docs guidance; the form is disabled outside loopback, accepts submissions only to the local helper, uses redacted summaries, avoids storage APIs, and is covered by `test/starter-prompt-docs.test.ts`. - [ ] Non-success, skipped, or missing CI check accepted by maintainer — check name, approval link, and follow-up issue: ## Verification <!-- Check each applicable item only when supported by the requested evidence. Run targeted tests once per relevant change set and rerun after later edits or hook autofixes that can affect the tested behavior. Do not rerun hook-covered checks. --> - [x] PR description includes the DCO sign-off declaration and every commit appears as `Verified` in GitHub - [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or `npm run check:diff` passed when hooks were skipped or unavailable - [x] Targeted behavior tests pass for the current change set, or tests are marked not applicable above — command/result or justification: `npx vitest run --project integration test/starter-prompt-docs.test.ts` passed with 7/7 tests. - [ ] Applicable broad gate passed — `npm test` for broad runtime/test-harness changes; `npm run check` for repo-wide validation/coverage changes — command/result: - [x] Quality Gates section completed with required justifications or waivers - [x] No secrets, API keys, or credentials committed - [ ] `npm run docs` builds without warnings (doc changes only) — result: build passed; only known baseline Fern authentication-redirect and accent-contrast warnings remain. - [x] Doc pages follow the [style guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md) (doc changes only) - [x] New doc pages include SPDX header and frontmatter (new pages only) --- <!-- DCO sign-off is required in this PR description, and every commit must appear as Verified in GitHub. Run: git config user.name && git config user.email --> Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Summary by CodeRabbit * **New Features** * Added a locked-down local credential submission helper page with a restrictive CSP, loopback-only access, and automatic redaction/clearing of secret values after submit. * **Documentation** * Updated starter prompts and quickstart docs to reuse the checked-in credential form, use `:secret` vs `:text` appropriately, and follow the safer “redacted summary then run” workflow. * **Tests** * Expanded VM-based checks to pin the credential template URL/digest and verify CSP/security constraints plus disabled and submit/redaction behaviors. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Carlos Villela <cvillela@nvidia.com>
<!-- markdownlint-disable MD041 --> ## Summary Adds the v0.0.77 release-note section from the shipped release announcement and release commit range. This is post-release docs recovery, so the PR is labeled for the next patch release train. ## Changes - Added `v0.0.77` to `docs/about/release-notes.mdx` with links to the deeper Deep Agents, architecture, inference, security, and agent-docs pages. - Source summary: - NVIDIA#6469 -> `docs/about/release-notes.mdx`: Documents Deep Agents Code base-image publication and stale-version validation. - NVIDIA#6471 -> `docs/about/release-notes.mdx`: Documents the managed runtime disabling LangGraph CLI analytics. - NVIDIA#6462 -> `docs/about/release-notes.mdx`: Documents the TUI, launch banner, and model-identity provider display behavior. - NVIDIA#6460 -> `docs/about/release-notes.mdx`: Documents bounded, best-effort OTLP trace credential scrubbing and the remaining collector-side redaction requirement. - NVIDIA#6423 -> `docs/about/release-notes.mdx`: Documents the checked-in loopback-only local credential form used by starter prompts. ## Type of Change - [ ] Code change (feature, bug fix, or refactor) - [ ] Code change with doc updates - [x] Doc only (prose changes, no code sample modifications) - [ ] Doc only (includes code sample changes) ## Quality Gates <!-- Check exactly one tests line and one docs line. Check other lines when applicable. Add every requested justification or approval reference. --> - [ ] Tests added or updated for changed behavior - [ ] Existing tests cover changed behavior — justification: - [x] Tests not applicable — justification: release-note prose only, no runtime behavior or code samples changed. - [x] Docs updated for user-facing behavior changes - [ ] Docs not applicable — justification: - [ ] Sensitive paths changed (security, policy, credentials, preflight, onboarding, inference, runner, sandbox, or messaging) - [ ] Sensitive-path review completed or maintainer-approved waiver recorded — reviewer/approval link/justification: - [ ] Non-success, skipped, or missing CI check accepted by maintainer — check name, approval link, and follow-up issue: ## Verification <!-- Check each applicable item only when supported by the requested evidence. Run targeted tests once per relevant change set and rerun after later edits or hook autofixes that can affect the tested behavior. Do not rerun hook-covered checks. --> - [x] PR description includes the DCO sign-off declaration and every commit appears as `Verified` in GitHub - [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or `npm run check:diff` passed when hooks were skipped or unavailable - [x] Targeted behavior tests pass for the current change set, or tests are marked not applicable above — command/result or justification: tests not applicable for release-note prose only. - [ ] Applicable broad gate passed — `npm test` for broad runtime/test-harness changes; `npm run check` for repo-wide validation/coverage changes — command/result: - [x] Quality Gates section completed with required justifications or waivers - [x] No secrets, API keys, or credentials committed - [ ] `npm run docs` builds without warnings (doc changes only) - [x] Doc pages follow the [style guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md) (doc changes only) - [ ] New doc pages include SPDX header and frontmatter (new pages only) Verification note: `npm run docs` passed. `fern check --warnings` reports the existing light-mode accent color contrast warning: `2.41:1`, expected at least `3:1`. --- <!-- DCO sign-off is required in this PR description, and every commit must appear as Verified in GitHub. Run: git config user.name && git config user.email --> Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Added a new release-notes entry for **v0.0.77** at the top of the changelog. * Highlighted improved package validation, tighter handling of telemetry and trace data, and safer starter prompt behavior with stronger redaction and local-only submission. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- markdownlint-disable MD041 --> ## Summary This follow-up to NVIDIA#6423 replaces prose-generated credential capture with a checked-in, authenticated one-shot loopback helper and a hardened local form. It binds the reviewed helper/form bytes to immutable commit URLs and SHA-256 digests so coding agents fail closed before collecting secrets. The helper now requires an explicit `isolated` or `account-home` execution profile so stateless commands use private config roots while persistent install/onboard commands use only an explicitly approved absolute working directory and the OS account home. ## Changes - Add a Node.js 22 helper that validates the approved field schema, form digest, loopback request boundary, one-shot capability, and exact child argv without invoking a shell. - Require explicit `isolated` and `account-home` profiles, with private per-session config/temp roots for isolated work and reconstructed account-home roots plus an approved absolute cwd for persistent work. - Deny ambient `NEMOCLAW_*`, `OPENSHELL_*`, config-root, loader, package-manager, container, crypto-provider, and other process-control selectors while permitting only explicitly approved collected fields. - Harden the local form with a no-network preview/edit/confirm flow, redacted summaries, strict response locking, and no retry after an ambiguous submission. - Pin both reviewed artifacts in the starter prompt and add a repository check for digest, package, executable-bit, and helper/form safety-rule parity. - Update user-facing starter-prompt summaries and add integration coverage for malformed requests, races, abandoned responses, CSP, form behavior, and immutable pins. ## Type of Change - [ ] Code change (feature, bug fix, or refactor) - [x] Code change with doc updates - [ ] Doc only (prose changes, no code sample modifications) - [ ] Doc only (includes code sample changes) ## Quality Gates - [x] Tests added or updated for changed behavior - [ ] Existing tests cover changed behavior — justification: - [ ] Tests not applicable — justification: - [x] Docs updated for user-facing behavior changes - [ ] Docs not applicable — justification: - [x] Sensitive paths changed (security, policy, credentials, preflight, onboarding, inference, runner, sandbox, or messaging) - [x] Sensitive-path review completed or maintainer-approved waiver recorded — reviewer/approval link/justification: independent nine-category repository security review completed with final PASS after the CodeQL filesystem-race, CodeRabbit memory-semantics/parity, and GPT-advisor ambient-environment findings were addressed; the helper/form boundary was reviewed for secret handling, input validation, authentication, error behavior, data protection, headers, security tests, and race safety. - [ ] Non-success, skipped, or missing CI check accepted by maintainer — check name, approval link, and follow-up issue: ## Verification - [x] PR description includes the DCO sign-off declaration and every commit appears as `Verified` in GitHub - [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or `npm run check:diff` passed when hooks were skipped or unavailable - [x] Targeted behavior tests pass for the current change set, or tests are marked not applicable above — command/result or justification: `npx vitest run --project integration test/local-credential-helper.test.ts test/local-credential-helper-pin.test.ts test/starter-prompt-docs.test.ts` passed 163/163 tests. - [x] Applicable broad gate passed — `npm test` for broad runtime/test-harness changes; `npm run check` for repo-wide validation/coverage changes — command/result: `umask 022 && npm test` passed 14,323 tests across 1,267 passing files, with 39 expected skips and 1 todo. - [x] Quality Gates section completed with required justifications or waivers - [x] No secrets, API keys, or credentials committed - [ ] `npm run docs` builds without warnings (doc changes only) — not a doc-only PR; the build completed with 0 errors and 2 pre-existing warnings. - [x] Doc pages follow the [style guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md) (doc changes only) - [ ] New doc pages include SPDX header and frontmatter (new pages only) Advisor-required live E2E: [run 28920925588](https://github.com/NVIDIA/NemoClaw/actions/runs/28920925588) passed credential-sanitization and cloud-onboard at head a413ba3. Additional checks: `npm run checks`, `npm run typecheck:cli`, `npm run source-shape:check`, `npm run test-size:check`, package dry-run contents, post-push raw artifact SHA-256 verification, and `git diff --check` all passed. --- Signed-off-by: Carlos Villela <cvillela@nvidia.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added a stricter “preview then confirm” credential-capture workflow before any credentialed commands are generated or executed. * Improved non-interactive guidance to support secure `curl | bash` execution with approved-command enforcement. * **Bug Fixes** * Hardened the local credential form UI and submission behavior with stronger input validation, loopback-only access, and safer handling of ambiguous/failed outcomes. * **Documentation** * Updated quickstarts and starter prompt text to match the new approve-then-capture flow. * **Tests** * Expanded integration and security tests for the local helper, integrity pinning, and credential/processing policy checks. * **Chores** * Packaged the hardened credential-form asset and added automated integrity verification. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Signed-off-by: Carlos Villela <cvillela@nvidia.com> Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> Signed-off-by: cjagwani <cjagwani@nvidia.com> Co-authored-by: Miyoung Choi <miyoungc@nvidia.com> Co-authored-by: cjagwani <cjagwani@nvidia.com>
Summary
This PR makes NemoClaw's starter prompt use a checked-in local credential form template instead of asking coding agents to generate form HTML during onboarding.
The goal is to reduce setup variability for medium-sized models while preserving local-only credential handling.
Changes
docs/resources/local-credential-form.html, a self-contained loopback-only credential form template with no external resources.127.0.0.1, and implement only the small local submit helper around it.Local form:
Type of Change
Quality Gates
test/starter-prompt-docs.test.ts.Verification
Verifiedin GitHubpre-commit,commit-msg, andpre-pushhooks passed, ornpm run check:diffpassed when hooks were skipped or unavailablenpx vitest run --project integration test/starter-prompt-docs.test.tspassed with 7/7 tests.npm testfor broad runtime/test-harness changes;npm run checkfor repo-wide validation/coverage changes — command/result:npm run docsbuilds without warnings (doc changes only) — result: build passed; only known baseline Fern authentication-redirect and accent-contrast warnings remain.Signed-off-by: Miyoung Choi miyoungc@nvidia.com
Summary by CodeRabbit
Summary by CodeRabbit
New Features
Documentation
:secretvs:textappropriately, and follow the safer “redacted summary then run” workflow.Tests