Skip to content

docs: stabilize starter prompt credential capture#6423

Merged
cv merged 15 commits into
mainfrom
improve-starter-prompt
Jul 8, 2026
Merged

docs: stabilize starter prompt credential capture#6423
cv merged 15 commits into
mainfrom
improve-starter-prompt

Conversation

@miyoungc

@miyoungc miyoungc commented Jul 7, 2026

Copy link
Copy Markdown
Collaborator

Summary

This PR makes NemoClaw's starter prompt use a checked-in local credential form template instead of asking coding agents to generate form HTML during onboarding.
The goal is to reduce setup variability for medium-sized models while preserving local-only credential handling.

Changes

  • Adds docs/resources/local-credential-form.html, a self-contained loopback-only credential form template with no external resources.
  • Updates the starter prompt to fetch or reuse that template, serve it from 127.0.0.1, and implement only the small local submit helper around it.
  • Updates starter prompt CTA copy across the home, quickstart, Hermes quickstart, and AI Agent Docs pages.
  • Adds starter prompt contract coverage for the credential template URL, local-only CSP, and Deep Agents prompt option.

Local form:

Screenshot 2026-07-07 at 6 06 42 PM

Type of Change

  • Code change (feature, bug fix, or refactor)
  • Code change with doc updates
  • Doc only (prose changes, no code sample modifications)
  • Doc only (includes code sample changes)

Quality Gates

  • Tests added or updated for changed behavior
  • Existing tests cover changed behavior — justification:
  • Tests not applicable — justification:
  • Docs updated for user-facing behavior changes
  • Docs not applicable — justification:
  • Sensitive paths changed (security, policy, credentials, preflight, onboarding, inference, runner, sandbox, or messaging)
  • Sensitive-path review completed or maintainer-approved waiver recorded — reviewer/approval link/justification: Credential handling remains local-only docs guidance; the form is disabled outside loopback, accepts submissions only to the local helper, uses redacted summaries, avoids storage APIs, and is covered by test/starter-prompt-docs.test.ts.
  • Non-success, skipped, or missing CI check accepted by maintainer — check name, approval link, and follow-up issue:

Verification

  • PR description includes the DCO sign-off declaration and every commit appears as Verified in GitHub
  • Normal pre-commit, commit-msg, and pre-push hooks passed, or npm run check:diff passed when hooks were skipped or unavailable
  • Targeted behavior tests pass for the current change set, or tests are marked not applicable above — command/result or justification: npx vitest run --project integration test/starter-prompt-docs.test.ts passed with 7/7 tests.
  • Applicable broad gate passed — npm test for broad runtime/test-harness changes; npm run check for repo-wide validation/coverage changes — command/result:
  • Quality Gates section completed with required justifications or waivers
  • No secrets, API keys, or credentials committed
  • npm run docs builds without warnings (doc changes only) — result: build passed; only known baseline Fern authentication-redirect and accent-contrast warnings remain.
  • Doc pages follow the style guide (doc changes only)
  • New doc pages include SPDX header and frontmatter (new pages only)

Signed-off-by: Miyoung Choi miyoungc@nvidia.com

Summary by CodeRabbit

Summary by CodeRabbit

  • New Features

    • Added a locked-down local credential submission helper page with a restrictive CSP, loopback-only access, and automatic redaction/clearing of secret values after submit.
  • Documentation

    • Updated starter prompts and quickstart docs to reuse the checked-in credential form, use :secret vs :text appropriately, and follow the safer “redacted summary then run” workflow.
  • Tests

    • Expanded VM-based checks to pin the credential template URL/digest and verify CSP/security constraints plus disabled and submit/redaction behaviors.

@copy-pr-bot

copy-pr-bot Bot commented Jul 7, 2026

Copy link
Copy Markdown

Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually.

Contributors can view more details about this message here.

@coderabbitai

coderabbitai Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 69516bb3-268c-469a-bb13-9a90e9b5b535

📥 Commits

Reviewing files that changed from the base of the PR and between 98a14c9 and 3b79a0f.

📒 Files selected for processing (3)
  • docs/_components/StarterPrompt.tsx
  • docs/resources/local-credential-form.html
  • test/starter-prompt-docs.test.ts
🚧 Files skipped from review as they are similar to previous changes (3)
  • docs/_components/StarterPrompt.tsx
  • test/starter-prompt-docs.test.ts
  • docs/resources/local-credential-form.html

📝 Walkthrough

Walkthrough

This PR adds a checked-in loopback credential form, updates starter prompt text to reference it, and expands tests to pin the template and verify its submission and security behavior.

Changes

Local credential form and docs update

Layer / File(s) Summary
Local credential form HTML implementation
docs/resources/local-credential-form.html
Adds a loopback-only credential form page that parses field specs, renders secret and text inputs, posts JSON to /submit, and shows redacted notices.
Starter prompt guidance updates
docs/_components/StarterPrompt.tsx, docs/get-started/quickstart.mdx, docs/get-started/quickstart-hermes.mdx, docs/index.mdx, docs/resources/agent-skills.mdx
Updates starter-prompt text across docs to instruct agents to reuse the checked-in local credential form and adjust nearby onboarding wording.
Test coverage for pinned credential template
test/starter-prompt-docs.test.ts
Adds hashing helpers, a fake DOM/VM harness, and tests that pin the prompt to the checked-in form and verify submit behavior.

Estimated code review effort: 4 (Complex) | ~45 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main docs change: stabilizing starter-prompt credential handling with a reusable local form.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch improve-starter-prompt

Comment @coderabbitai help to get the list of available commands.

@github-code-quality

github-code-quality Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Code Coverage Overview

Languages: TypeScript

TypeScript / code-coverage/plugin

The overall coverage in the branch is 96%. Coverage data for the branch is not yet available.

Show a code coverage summary of the most covered files.
File 3b79a0f +/-
nemoclaw/src/se...cret-scanner.ts 100%
nemoclaw/src/commands/slash.ts 100%
nemoclaw/src/li...bprocess-env.ts 100%
nemoclaw/src/bl...eprint/state.ts 98%
nemoclaw/src/onboard/config.ts 98%
nemoclaw/src/bl...int/snapshot.ts 97%
nemoclaw/src/bl...print/runner.ts 95%
nemoclaw/src/co...ration-state.ts 94%
nemoclaw/src/bl...ate-networks.ts 94%
nemoclaw/src/index.ts 94%

TypeScript / code-coverage/cli

The overall coverage in the branch is 76%. Coverage data for the branch is not yet available.

Show a code coverage summary of the most covered files.
File 3b79a0f +/-
src/lib/onboard/preflight.ts 82%
src/lib/state/o...oard-session.ts 82%
src/lib/actions...all/run-plan.ts 81%
src/lib/actions...licy-channel.ts 79%
src/lib/actions...box/snapshot.ts 79%
src/lib/state/sandbox.ts 75%
src/lib/onboard...er-gpu-patch.ts 69%
src/lib/policy/index.ts 65%
src/lib/shields/index.ts 61%
src/lib/onboard.ts 28%

Updated July 08, 2026 02:33 UTC
Code Coverage is in Public Preview. Learn more and provide us with your feedback.

@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

@miyoungc miyoungc self-assigned this Jul 7, 2026
@miyoungc miyoungc changed the title Improve starter prompt docs: stabilize starter prompt credential capture Jul 7, 2026
@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

E2E Advisor Recommendation

Required E2E: docs-validation
Optional E2E: None

Dispatch hint: docs-validation

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

  • docs-validation (low): Run the existing docs E2E because the PR changes multiple Markdown/MDX docs pages and adds a linked docs resource used by the starter prompt. This validates the checkout-local documentation boundary, CLI/docs parity, and local Markdown link health for the changed docs surface.

Optional E2E

  • None.

New E2E recommendations

  • local-credential-form-user-flow (medium): There is strong unit coverage for the checked-in credential form, but no existing E2E appears to exercise the real browser/loopback-helper flow described in the starter prompt: serve the exact template from 127.0.0.1, send CSP frame-ancestors as an HTTP header, submit configured secret/text fields to POST /submit, and verify redaction/no external submission. If this form becomes a supported user path, add focused E2E coverage for that browser-to-loopback trust boundary.
    • Suggested test: local-credential-form-loopback-e2e

Dispatch hint

  • Workflow: .github/workflows/e2e.yaml
  • jobs input: docs-validation

@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

E2E Target Recommendation

Required E2E targets: None
Optional E2E targets: None

Workflow run

Full E2E target advisor summary

E2E Target Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E targets

  • None. Changes are limited to documentation, a documentation resource, and a non-E2E unit test outside test/e2e; they do not affect the E2E target workflow, registry, runtime support, fixtures, or live target behavior.

Optional E2E targets

  • None.

Relevant changed files

  • None.

@miyoungc miyoungc marked this pull request as ready for review July 7, 2026 23:28
Comment thread docs/resources/local-credential-form.html Fixed
@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

PR Review Advisor — No blocking findings

Merge posture: No blocking advisor findings
Primary next action: No advisor follow-up required beyond maintainer review.
Open items: 0 required · 0 warnings · 0 suggestions · 0 test follow-ups
Since last review: 2 prior items resolved · 0 still apply · 0 new items found

Workflow run details

This is an automated, non-binding review; it still expects maintainers and agents to respond to each required or warning item. Treat suggestions as current-PR improvements when they touch changed code; defer only with maintainer rationale or a linked follow-up. A human maintainer must make the final merge decision.

@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

PR Review Advisor (Nemotron Ultra) — No blocking findings

Merge posture: No blocking advisor findings
Primary next action: Add or justify PRA-T1 and any related test follow-ups.
Open items: 0 required · 0 warnings · 2 suggestions · 1 test follow-up
Since last review: 0 prior items resolved · 2 still apply · 0 new items found

Action checklist

Findings index

ID Severity Category Location Required action
PRA-1 Improvement tests test/starter-prompt-docs.test.ts:150 Evaluate replacing the custom vm-based DOM simulation with jsdom in a follow-up PR. This is a maintainability improvement only — not a correctness or security issue. Defer with rationale: current approach is correct, isolated, and zero-dep.
PRA-2 Improvement architecture docs/get-started/quickstart.mdx:1 Coordinate with authors of PRs #5929, #6250, #6273 to resolve merge conflicts during integration. No code action needed in this PR.
Review findings by urgency: 0 required fixes, 0 items to resolve/justify, 2 in-scope improvements

⚠️ Resolve or justify before merge

Investigate these in the current review; either fix them, explain why they are not applicable, or document the accepted risk.

  • None.

💡 In-scope improvements

These are lower-risk, not throwaway. Prefer fixing them in this PR when they are local to changed code; defer only with rationale or a linked follow-up.

PRA-1 Improvement — Custom DOM simulation could be replaced with jsdom for maintainability

  • Location: test/starter-prompt-docs.test.ts:150
  • Category: tests
  • Problem: The test suite implements a custom DOM simulation using vm.runInNewContext with FakeDocument, FakeElement, FakeFormData classes (~150 lines). This provides strong isolation but adds maintenance burden. jsdom or happy-dom would provide equivalent isolation with standard browser APIs.
  • Impact: Maintenance burden: custom DOM simulation must be kept in sync with actual browser behavior. Standard libraries are battle-tested and handle edge cases. However, current implementation works correctly, has zero runtime dependencies, and all 8 test blocks pass.
  • Suggested action: Evaluate replacing the custom vm-based DOM simulation with jsdom in a follow-up PR. This is a maintainability improvement only — not a correctness or security issue. Defer with rationale: current approach is correct, isolated, and zero-dep.
  • Expected follow-up: Prefer a current-PR fix when local to changed code; defer only with rationale or linked follow-up.
  • Verification: Run `npm test -- test/starter-prompt-docs.test.ts` — all 8 tests pass. The custom simulation correctly exercises all template JS branches.
  • Missing regression test: No additional test needed; existing 8 test blocks cover all behavior. Migration to jsdom would be a refactor with same test expectations.
  • Done when: The local improvement is applied, or the PR notes why it should be deferred.
  • Evidence: test/starter-prompt-docs.test.ts lines 150-270 define FakeClassList, FakeElement, FakeDocument, FakeFormData, and runCredentialForm using vm.runInNewContext.

PRA-2 Improvement — Potential merge conflicts with overlapping PRs #5929, #6250, #6273

Simplification opportunities: 1 possible cut, net -100 lines possible

These are safe simplification checks only. Do not remove validation, security controls, data-loss prevention, or required tests.

  • PRA-1 stdlib (test/starter-prompt-docs.test.ts:150): FakeClassList, FakeElement, FakeDocument, FakeFormData classes and runCredentialForm vm.runInNewContext wrapper (~150 lines)
    • Replacement: jsdom or happy-dom with JSDOM.fromFile() or similar
    • Net: -100 lines
    • Safety boundary: Must preserve loopback-only enforcement, CSP hash verification, secret redaction, and field validation test coverage
Test follow-ups to resolve or justify

If these cover changed behavior, prefer adding them in this PR; otherwise state why existing coverage is enough or link the follow-up.

  • PRA-T1 Custom DOM simulation could be replaced with jsdom for maintainability — Evaluate replacing the custom vm-based DOM simulation with jsdom in a follow-up PR. This is a maintainability improvement only — not a correctness or security issue. Defer with rationale: current approach is correct, isolated, and zero-dep.
Since last review details

Current findings, using the urgency labels above:

PRA-1 Improvement — Custom DOM simulation could be replaced with jsdom for maintainability

  • Location: test/starter-prompt-docs.test.ts:150
  • Category: tests
  • Problem: The test suite implements a custom DOM simulation using vm.runInNewContext with FakeDocument, FakeElement, FakeFormData classes (~150 lines). This provides strong isolation but adds maintenance burden. jsdom or happy-dom would provide equivalent isolation with standard browser APIs.
  • Impact: Maintenance burden: custom DOM simulation must be kept in sync with actual browser behavior. Standard libraries are battle-tested and handle edge cases. However, current implementation works correctly, has zero runtime dependencies, and all 8 test blocks pass.
  • Suggested action: Evaluate replacing the custom vm-based DOM simulation with jsdom in a follow-up PR. This is a maintainability improvement only — not a correctness or security issue. Defer with rationale: current approach is correct, isolated, and zero-dep.
  • Expected follow-up: Prefer a current-PR fix when local to changed code; defer only with rationale or linked follow-up.
  • Verification: Run `npm test -- test/starter-prompt-docs.test.ts` — all 8 tests pass. The custom simulation correctly exercises all template JS branches.
  • Missing regression test: No additional test needed; existing 8 test blocks cover all behavior. Migration to jsdom would be a refactor with same test expectations.
  • Done when: The local improvement is applied, or the PR notes why it should be deferred.
  • Evidence: test/starter-prompt-docs.test.ts lines 150-270 define FakeClassList, FakeElement, FakeDocument, FakeFormData, and runCredentialForm using vm.runInNewContext.

PRA-2 Improvement — Potential merge conflicts with overlapping PRs #5929, #6250, #6273

Workflow run details

This is an automated, non-binding review; it still expects maintainers and agents to respond to each required or warning item. Treat suggestions as current-PR improvements when they touch changed code; defer only with maintainer rationale or a linked follow-up. A human maintainer must make the final merge decision.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (2)
docs/_components/StarterPrompt.tsx (1)

95-95: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick win

Credential-form URL is pinned to main, not an immutable ref.

https://raw.githubusercontent.com/NVIDIA/NemoClaw/main/docs/resources/local-credential-form.html tracks the moving main branch. The PR's stated goal is to "stabilize" credential capture and the test is literally named "pins local credential capture to the checked-in form template", but a branch ref isn't actually pinned — any future push to main changes what agents fetch and execute, without a corresponding change to this prompt or its tests. Consider referencing a specific commit SHA (or tag) so "pin" is accurate and content can't silently drift.

Example fix
-- Use the repository form template from this URL exactly: https://raw.githubusercontent.com/NVIDIA/NemoClaw/main/docs/resources/local-credential-form.html
+- Use the repository form template from this URL exactly: https://raw.githubusercontent.com/NVIDIA/NemoClaw/<pinned-commit-sha>/docs/resources/local-credential-form.html
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/_components/StarterPrompt.tsx` at line 95, The credential-form reference
in StarterPrompt is still pointing at the mutable main branch, so update the URL
in StarterPrompt to use an immutable ref such as a specific commit SHA or tag
instead of main. Keep the existing local-credential-form.html template
reference, but replace the branch-based raw.githubusercontent.com path so the
pinned form used by the prompt cannot silently drift over time.
test/starter-prompt-docs.test.ts (1)

86-86: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick win

Negative-lookahead regex can be bypassed by lookalike hostnames.

/https?:\/\/(?!127\.0\.0\.1|localhost|\[::1\])/ only checks the characters immediately following ://, so a URL like https://127.0.0.1.evil.com or https://localhost.attacker.net would satisfy the lookahead (starts with the allowed literal) and slip past this assertion even though it isn't actually a loopback host. This weakens the regression guard the test is meant to provide against non-loopback URLs creeping into the template.

Tighter check
-    expect(formSource).not.toMatch(/https?:\/\/(?!127\.0\.0\.1|localhost|\[::1\])/);
+    expect(formSource).not.toMatch(/https?:\/\/(?!127\.0\.0\.1(?:[:/]|$)|localhost(?:[:/]|$)|\[::1\](?:[:/]|$))/);
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/starter-prompt-docs.test.ts` at line 86, The regex assertion in the
starter prompt docs test is too weak because the negative lookahead only checks
the prefix after the scheme, so lookalike hosts can still pass. Tighten the
check in test/starter-prompt-docs.test.ts by validating the parsed hostname or
matching the full host boundary in formSource, using the existing formSource
assertion to ensure only true loopback URLs like localhost, 127.0.0.1, or [::1]
are allowed and not domains that merely start with those strings.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/resources/local-credential-form.html`:
- Around line 10-12: The Content-Security-Policy in local-credential-form.html
includes frame-ancestors inside a meta tag, but that directive is ignored there.
Update the page’s CSP by removing frame-ancestors from the meta policy, and if
the loopback helper serves this form, move the directive to the HTTP response
header in the server-side code that emits the page so the protection is actually
enforced.

---

Nitpick comments:
In `@docs/_components/StarterPrompt.tsx`:
- Line 95: The credential-form reference in StarterPrompt is still pointing at
the mutable main branch, so update the URL in StarterPrompt to use an immutable
ref such as a specific commit SHA or tag instead of main. Keep the existing
local-credential-form.html template reference, but replace the branch-based
raw.githubusercontent.com path so the pinned form used by the prompt cannot
silently drift over time.

In `@test/starter-prompt-docs.test.ts`:
- Line 86: The regex assertion in the starter prompt docs test is too weak
because the negative lookahead only checks the prefix after the scheme, so
lookalike hosts can still pass. Tighten the check in
test/starter-prompt-docs.test.ts by validating the parsed hostname or matching
the full host boundary in formSource, using the existing formSource assertion to
ensure only true loopback URLs like localhost, 127.0.0.1, or [::1] are allowed
and not domains that merely start with those strings.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 9b644332-f404-4e25-a4f4-25356ecdad55

📥 Commits

Reviewing files that changed from the base of the PR and between c5a504e and 5371279.

📒 Files selected for processing (7)
  • docs/_components/StarterPrompt.tsx
  • docs/get-started/quickstart-hermes.mdx
  • docs/get-started/quickstart.mdx
  • docs/index.mdx
  • docs/resources/agent-skills.mdx
  • docs/resources/local-credential-form.html
  • test/starter-prompt-docs.test.ts

Comment thread docs/resources/local-credential-form.html

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
test/starter-prompt-docs.test.ts (1)

331-352: 🔒 Security & Privacy | 🔵 Trivial | 💤 Low value

Optionally assert the submit payload, not just the target.

This test proves submission goes only to /submit (ignoring the attacker-supplied submit= param) and that the notice is redacted, which is the key security guarantee. To also prove the real secret is actually transmitted to the loopback helper (and not silently dropped), consider asserting the request init carries a POST body containing the secret value.

♻️ Optional strengthening
     expect(rendered.fetchCalls).toHaveLength(1);
     expect(rendered.fetchCalls[0]?.url).toBe("/submit");
+    const init = rendered.fetchCalls[0]?.init as { method?: string; body?: string } | undefined;
+    expect(init?.method).toBe("POST");
+    expect(String(init?.body)).toContain("super-secret");
     expect(secretInput?.value).toBe("");
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/starter-prompt-docs.test.ts` around lines 331 - 352, Strengthen the test
in starter-prompt-docs.test.ts by asserting the actual submit request payload in
runCredentialForm/submitted fetch handling, not just that fetchCalls[0]?.url
equals "/submit". Keep the existing redaction and loopback-target checks, and
add an assertion on the captured fetch init/body to verify the POST data
contains SECRET_TOKEN=super-secret while still confirming the rendered result
only shows the redacted secret.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@test/starter-prompt-docs.test.ts`:
- Around line 331-352: Strengthen the test in starter-prompt-docs.test.ts by
asserting the actual submit request payload in runCredentialForm/submitted fetch
handling, not just that fetchCalls[0]?.url equals "/submit". Keep the existing
redaction and loopback-target checks, and add an assertion on the captured fetch
init/body to verify the POST data contains SECRET_TOKEN=super-secret while still
confirming the rendered result only shows the redacted secret.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 554af738-7656-49aa-9076-730c42b8ac81

📥 Commits

Reviewing files that changed from the base of the PR and between 1e0ab51 and 7aaa8d8.

📒 Files selected for processing (3)
  • docs/_components/StarterPrompt.tsx
  • docs/resources/local-credential-form.html
  • test/starter-prompt-docs.test.ts
🚧 Files skipped from review as they are similar to previous changes (2)
  • docs/_components/StarterPrompt.tsx
  • docs/resources/local-credential-form.html

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
test/starter-prompt-docs.test.ts (1)

122-136: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Fail on unexpected selectors instead of silently returning [].

querySelectorAll recognizes only input[data-secret='true'] and returns an empty array for anything else. If the checked-in script is ever changed to query secrets with a different selector, the harness would silently find no secret inputs, and the redaction behavior test could pass without ever exercising the redaction path. Failing loudly on unsupported selectors keeps the harness honest against template drift.

♻️ Fail on unsupported selectors
   querySelectorAll(selector: string): FakeElement[] {
+    if (selector !== "input[data-secret='true']") {
+      fail(`Unsupported selector ${selector}`);
+    }
     const result: FakeElement[] = [];
     const visit = (element: FakeElement) => {
       const matchesSecretInput =
         selector === "input[data-secret='true']" &&
         element.tagName === "input" &&
         element.dataset.secret === "true";
       matchesSecretInput && result.push(element);

As per path instructions: "Flag ... broad mocks that bypass the behavior under test."

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/starter-prompt-docs.test.ts` around lines 122 - 136, The FakeElement
querySelectorAll harness is too permissive because it silently returns an empty
array for unsupported selectors, which can hide template drift. Update
querySelectorAll to explicitly fail when selector is anything other than
input[data-secret='true'], and keep the existing secret-input matching logic for
the supported case so the redaction test exercises the intended path. Use the
querySelectorAll method on FakeElement to locate the change.

Source: Path instructions

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@test/starter-prompt-docs.test.ts`:
- Around line 122-136: The FakeElement querySelectorAll harness is too
permissive because it silently returns an empty array for unsupported selectors,
which can hide template drift. Update querySelectorAll to explicitly fail when
selector is anything other than input[data-secret='true'], and keep the existing
secret-input matching logic for the supported case so the redaction test
exercises the intended path. Use the querySelectorAll method on FakeElement to
locate the change.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 293ae09d-a1e7-42bc-8a55-fd2533070c84

📥 Commits

Reviewing files that changed from the base of the PR and between 7aaa8d8 and da90844.

📒 Files selected for processing (1)
  • test/starter-prompt-docs.test.ts

@miyoungc miyoungc marked this pull request as draft July 8, 2026 00:24
@miyoungc miyoungc added area: docs Documentation, examples, guides, or docs build area: install Install, setup, prerequisites, or uninstall flow v0.0.77 Release target labels Jul 8, 2026
@miyoungc miyoungc marked this pull request as ready for review July 8, 2026 00:28
@cv

cv commented Jul 8, 2026

Copy link
Copy Markdown
Collaborator

@coderabbitai review

Please review the exact final head 98a14c9bcbde4df3b6067f7fbc2dc11885c3a0fb after the maintainer cleanup commits.

@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor
🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
gh pr view 6423 --repo NVIDIA/NemoClaw --json headRefOid,headRefName,commits --jq '.headRefOid'

Length of output: 287


The PR description image shows a rendered preview of the docs/resources/local-credential-form.html template: a card titled "NemoClaw Local Credential Form" with subtitle text instructing users to enter credentials only when their coding agent opened the page from a local 127.0.0.1 helper server. Below that is a notice box stating "This page sends values only to the loopback helper that served it." Then a field labeled "Compatible Api Key" with an empty password-style input, followed by a green "Send to Local Helper" button. A success state is also shown below with the message "Credentials sent to the local helper." and "Return to your coding agent and approve the next command.", along with a masked confirmation line reading COMPATIBLE_API_KEY=********.

@cv, confirmed — 98a14c9bcbde4df3b6067f7fbc2dc11885c3a0fb is the current head commit of #6423. Kicking off a full review of that exact commit now, covering docs/_components/StarterPrompt.tsx, docs/resources/local-credential-form.html, the updated quickstart/index/agent-skills docs, and test/starter-prompt-docs.test.ts.

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@cv

cv commented Jul 8, 2026

Copy link
Copy Markdown
Collaborator

Resolved the exact-head advisor items in c9aac7dc12bacdaa4d38af552b893021049ee836, pinned by 3b79a0f8dd1ee1efbfdbe6f481fd6c310d63b2ce:

  • Invalid state: missing or unknown types, extra : tokens, duplicate normalized names, empty comma entries, repeated fields=, and mixed field= plus fields= are rejected; any rejection disables submit and prevents /submit.
  • Source boundary: the URL query is untrusted helper or agent input. The embedded parser in docs/resources/local-credential-form.html is the authoritative protocol boundary; the loopback helper remains transport only.
  • Source-fix constraint: callers must correct the query schema. The form does not infer, downgrade, or repair ambiguous field declarations.
  • Regression contract: runtime coverage exercises every malformed or ambiguous class plus both supported positive forms; npx vitest run --project integration test/starter-prompt-docs.test.ts passes 7/7.
  • Removal condition: this invariant remains until the query-driven form is retired or replaced by an equivalently validated typed boundary.
  • Integrity: CSP was rehashed; the immutable raw template at c9aac7dc hashes to the pinned SHA-256 cc746703ab514cf33d7131915f16e8dc19346b26a4d953c5125be81449d6e6f6.

Nonblocking advisor suggestions:

@cv

cv commented Jul 8, 2026

Copy link
Copy Markdown
Collaborator

@coderabbitai review

Please review the exact final head 3b79a0f8dd1ee1efbfdbe6f481fd6c310d63b2ce after the fail-closed parser and immutable-pin commits.

@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor
🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
gh pr view 6423 --repo NVIDIA/NemoClaw --json headRefOid --jq '.headRefOid'

Length of output: 267


The image shows the "NemoClaw Local Credential Form" UI card described in the PR objectives: title, loopback-only instructional text, a green notice box, a "Compatible Api Key" input field, a "Send to Local Helper" button, and a success state with a masked COMPATIBLE_API_KEY=******** confirmation line.

@cv, confirmed — 3b79a0f8dd1ee1efbfdbe6f481fd6c310d63b2ce is the current head commit of #6423. Kicking off a full review of that exact commit now, covering the fail-closed parser validation and immutable-pin changes in docs/resources/local-credential-form.html, docs/_components/StarterPrompt.tsx, and the corresponding regression coverage in test/starter-prompt-docs.test.ts.

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@cv cv merged commit be3e7cc into main Jul 8, 2026
46 checks passed
@cv cv deleted the improve-starter-prompt branch July 8, 2026 02:37
@miyoungc miyoungc mentioned this pull request Jul 8, 2026
21 tasks
miyoungc added a commit that referenced this pull request Jul 8, 2026
<!-- markdownlint-disable MD041 -->
## Summary
Adds the v0.0.77 release-note section from the shipped release
announcement and release commit range.
This is post-release docs recovery, so the PR is labeled for the next
patch release train.

## Changes
- Added `v0.0.77` to `docs/about/release-notes.mdx` with links to the
deeper Deep Agents, architecture, inference, security, and agent-docs
pages.
- Source summary:
- #6469 -> `docs/about/release-notes.mdx`: Documents Deep Agents Code
base-image publication and stale-version validation.
- #6471 -> `docs/about/release-notes.mdx`: Documents the managed runtime
disabling LangGraph CLI analytics.
- #6462 -> `docs/about/release-notes.mdx`: Documents the TUI, launch
banner, and model-identity provider display behavior.
- #6460 -> `docs/about/release-notes.mdx`: Documents bounded,
best-effort OTLP trace credential scrubbing and the remaining
collector-side redaction requirement.
- #6423 -> `docs/about/release-notes.mdx`: Documents the checked-in
loopback-only local credential form used by starter prompts.

## Type of Change

- [ ] Code change (feature, bug fix, or refactor)
- [ ] Code change with doc updates
- [x] Doc only (prose changes, no code sample modifications)
- [ ] Doc only (includes code sample changes)

## Quality Gates
<!-- Check exactly one tests line and one docs line. Check other lines
when applicable. Add every requested justification or approval
reference. -->
- [ ] Tests added or updated for changed behavior
- [ ] Existing tests cover changed behavior — justification:
- [x] Tests not applicable — justification: release-note prose only, no
runtime behavior or code samples changed.
- [x] Docs updated for user-facing behavior changes
- [ ] Docs not applicable — justification:
- [ ] Sensitive paths changed (security, policy, credentials, preflight,
onboarding, inference, runner, sandbox, or messaging)
- [ ] Sensitive-path review completed or maintainer-approved waiver
recorded — reviewer/approval link/justification:
- [ ] Non-success, skipped, or missing CI check accepted by maintainer —
check name, approval link, and follow-up issue:

## Verification
<!-- Check each applicable item only when supported by the requested
evidence. Run targeted tests once per relevant change set and rerun
after later edits or hook autofixes that can affect the tested behavior.
Do not rerun hook-covered checks. -->
- [x] PR description includes the DCO sign-off declaration and every
commit appears as `Verified` in GitHub
- [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or
`npm run check:diff` passed when hooks were skipped or unavailable
- [x] Targeted behavior tests pass for the current change set, or tests
are marked not applicable above — command/result or justification: tests
not applicable for release-note prose only.
- [ ] Applicable broad gate passed — `npm test` for broad
runtime/test-harness changes; `npm run check` for repo-wide
validation/coverage changes — command/result:
- [x] Quality Gates section completed with required justifications or
waivers
- [x] No secrets, API keys, or credentials committed
- [ ] `npm run docs` builds without warnings (doc changes only)
- [x] Doc pages follow the [style
guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md)
(doc changes only)
- [ ] New doc pages include SPDX header and frontmatter (new pages only)

Verification note: `npm run docs` passed. `fern check --warnings`
reports the existing light-mode accent color contrast warning: `2.41:1`,
expected at least `3:1`.

---
<!-- DCO sign-off is required in this PR description, and every commit
must appear as Verified in GitHub. Run: git config user.name && git
config user.email -->
Signed-off-by: Miyoung Choi <miyoungc@nvidia.com>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Documentation**
* Added a new release-notes entry for **v0.0.77** at the top of the
changelog.
* Highlighted improved package validation, tighter handling of telemetry
and trace data, and safer starter prompt behavior with stronger
redaction and local-only submission.


<!-- end of auto-generated comment: release notes by coderabbit.ai -->
cv added a commit that referenced this pull request Jul 8, 2026
<!-- markdownlint-disable MD041 -->
## Summary

This follow-up to #6423 replaces prose-generated credential capture with
a checked-in, authenticated one-shot loopback helper and a hardened
local form. It binds the reviewed helper/form bytes to immutable commit
URLs and SHA-256 digests so coding agents fail closed before collecting
secrets. The helper now requires an explicit `isolated` or
`account-home` execution profile so stateless commands use private
config roots while persistent install/onboard commands use only an
explicitly approved absolute working directory and the OS account home.

## Changes

- Add a Node.js 22 helper that validates the approved field schema, form
digest, loopback request boundary, one-shot capability, and exact child
argv without invoking a shell.
- Require explicit `isolated` and `account-home` profiles, with private
per-session config/temp roots for isolated work and reconstructed
account-home roots plus an approved absolute cwd for persistent work.
- Deny ambient `NEMOCLAW_*`, `OPENSHELL_*`, config-root, loader,
package-manager, container, crypto-provider, and other process-control
selectors while permitting only explicitly approved collected fields.
- Harden the local form with a no-network preview/edit/confirm flow,
redacted summaries, strict response locking, and no retry after an
ambiguous submission.
- Pin both reviewed artifacts in the starter prompt and add a repository
check for digest, package, executable-bit, and helper/form safety-rule
parity.
- Update user-facing starter-prompt summaries and add integration
coverage for malformed requests, races, abandoned responses, CSP, form
behavior, and immutable pins.

## Type of Change

- [ ] Code change (feature, bug fix, or refactor)
- [x] Code change with doc updates
- [ ] Doc only (prose changes, no code sample modifications)
- [ ] Doc only (includes code sample changes)

## Quality Gates

- [x] Tests added or updated for changed behavior
- [ ] Existing tests cover changed behavior — justification:
- [ ] Tests not applicable — justification:
- [x] Docs updated for user-facing behavior changes
- [ ] Docs not applicable — justification:
- [x] Sensitive paths changed (security, policy, credentials, preflight,
onboarding, inference, runner, sandbox, or messaging)
- [x] Sensitive-path review completed or maintainer-approved waiver
recorded — reviewer/approval link/justification: independent
nine-category repository security review completed with final PASS after
the CodeQL filesystem-race, CodeRabbit memory-semantics/parity, and
GPT-advisor ambient-environment findings were addressed; the helper/form
boundary was reviewed for secret handling, input validation,
authentication, error behavior, data protection, headers, security
tests, and race safety.
- [ ] Non-success, skipped, or missing CI check accepted by maintainer —
check name, approval link, and follow-up issue:

## Verification

- [x] PR description includes the DCO sign-off declaration and every
commit appears as `Verified` in GitHub
- [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or
`npm run check:diff` passed when hooks were skipped or unavailable
- [x] Targeted behavior tests pass for the current change set, or tests
are marked not applicable above — command/result or justification: `npx
vitest run --project integration test/local-credential-helper.test.ts
test/local-credential-helper-pin.test.ts
test/starter-prompt-docs.test.ts` passed 163/163 tests.
- [x] Applicable broad gate passed — `npm test` for broad
runtime/test-harness changes; `npm run check` for repo-wide
validation/coverage changes — command/result: `umask 022 && npm test`
passed 14,323 tests across 1,267 passing files, with 39 expected skips
and 1 todo.
- [x] Quality Gates section completed with required justifications or
waivers
- [x] No secrets, API keys, or credentials committed
- [ ] `npm run docs` builds without warnings (doc changes only) — not a
doc-only PR; the build completed with 0 errors and 2 pre-existing
warnings.
- [x] Doc pages follow the [style
guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md)
(doc changes only)
- [ ] New doc pages include SPDX header and frontmatter (new pages only)

Advisor-required live E2E: [run
28920925588](https://github.com/NVIDIA/NemoClaw/actions/runs/28920925588)
passed credential-sanitization and cloud-onboard at head
a413ba3.

Additional checks: `npm run checks`, `npm run typecheck:cli`, `npm run
source-shape:check`, `npm run test-size:check`, package dry-run
contents, post-push raw artifact SHA-256 verification, and `git diff
--check` all passed.

---
Signed-off-by: Carlos Villela <cvillela@nvidia.com>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added a stricter “preview then confirm” credential-capture workflow
before any credentialed commands are generated or executed.
* Improved non-interactive guidance to support secure `curl | bash`
execution with approved-command enforcement.
* **Bug Fixes**
* Hardened the local credential form UI and submission behavior with
stronger input validation, loopback-only access, and safer handling of
ambiguous/failed outcomes.
* **Documentation**
* Updated quickstarts and starter prompt text to match the new
approve-then-capture flow.
* **Tests**
* Expanded integration and security tests for the local helper,
integrity pinning, and credential/processing policy checks.
* **Chores**
* Packaged the hardened credential-form asset and added automated
integrity verification.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Signed-off-by: Carlos Villela <cvillela@nvidia.com>
Signed-off-by: Miyoung Choi <miyoungc@nvidia.com>
Signed-off-by: cjagwani <cjagwani@nvidia.com>
Co-authored-by: Miyoung Choi <miyoungc@nvidia.com>
Co-authored-by: cjagwani <cjagwani@nvidia.com>
Hadar301 pushed a commit to Hadar301/NemoClaw-OpenShift that referenced this pull request Jul 12, 2026
<!-- markdownlint-disable MD041 -->
## Summary
This PR makes NemoClaw's starter prompt use a checked-in local
credential form template instead of asking coding agents to generate
form HTML during onboarding.
The goal is to reduce setup variability for medium-sized models while
preserving local-only credential handling.

## Changes
- Adds `docs/resources/local-credential-form.html`, a self-contained
loopback-only credential form template with no external resources.
- Updates the starter prompt to fetch or reuse that template, serve it
from `127.0.0.1`, and implement only the small local submit helper
around it.
- Updates starter prompt CTA copy across the home, quickstart, Hermes
quickstart, and AI Agent Docs pages.
- Adds starter prompt contract coverage for the credential template URL,
local-only CSP, and Deep Agents prompt option.

Local form: 

<img width="647" height="665" alt="Screenshot 2026-07-07 at 6 06 42 PM"
src="https://github.com/user-attachments/assets/dfa3c651-6a36-4a91-95b3-dd36e3fa1a72"
/>

## Type of Change

- [ ] Code change (feature, bug fix, or refactor)
- [x] Code change with doc updates
- [ ] Doc only (prose changes, no code sample modifications)
- [ ] Doc only (includes code sample changes)

## Quality Gates
<!-- Check exactly one tests line and one docs line. Check other lines
when applicable. Add every requested justification or approval
reference. -->
- [x] Tests added or updated for changed behavior
- [ ] Existing tests cover changed behavior — justification:
- [ ] Tests not applicable — justification:
- [x] Docs updated for user-facing behavior changes
- [ ] Docs not applicable — justification:
- [x] Sensitive paths changed (security, policy, credentials, preflight,
onboarding, inference, runner, sandbox, or messaging)
- [x] Sensitive-path review completed or maintainer-approved waiver
recorded — reviewer/approval link/justification: Credential handling
remains local-only docs guidance; the form is disabled outside loopback,
accepts submissions only to the local helper, uses redacted summaries,
avoids storage APIs, and is covered by
`test/starter-prompt-docs.test.ts`.
- [ ] Non-success, skipped, or missing CI check accepted by maintainer —
check name, approval link, and follow-up issue:

## Verification
<!-- Check each applicable item only when supported by the requested
evidence. Run targeted tests once per relevant change set and rerun
after later edits or hook autofixes that can affect the tested behavior.
Do not rerun hook-covered checks. -->
- [x] PR description includes the DCO sign-off declaration and every
commit appears as `Verified` in GitHub
- [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or
`npm run check:diff` passed when hooks were skipped or unavailable
- [x] Targeted behavior tests pass for the current change set, or tests
are marked not applicable above — command/result or justification: `npx
vitest run --project integration test/starter-prompt-docs.test.ts`
passed with 7/7 tests.
- [ ] Applicable broad gate passed — `npm test` for broad
runtime/test-harness changes; `npm run check` for repo-wide
validation/coverage changes — command/result:
- [x] Quality Gates section completed with required justifications or
waivers
- [x] No secrets, API keys, or credentials committed
- [ ] `npm run docs` builds without warnings (doc changes only) —
result: build passed; only known baseline Fern authentication-redirect
and accent-contrast warnings remain.
- [x] Doc pages follow the [style
guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md)
(doc changes only)
- [x] New doc pages include SPDX header and frontmatter (new pages only)

---
<!-- DCO sign-off is required in this PR description, and every commit
must appear as Verified in GitHub. Run: git config user.name && git
config user.email -->
Signed-off-by: Miyoung Choi <miyoungc@nvidia.com>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

## Summary by CodeRabbit

* **New Features**
* Added a locked-down local credential submission helper page with a
restrictive CSP, loopback-only access, and automatic redaction/clearing
of secret values after submit.

* **Documentation**
* Updated starter prompts and quickstart docs to reuse the checked-in
credential form, use `:secret` vs `:text` appropriately, and follow the
safer “redacted summary then run” workflow.

* **Tests**
* Expanded VM-based checks to pin the credential template URL/digest and
verify CSP/security constraints plus disabled and submit/redaction
behaviors.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Carlos Villela <cvillela@nvidia.com>
Hadar301 pushed a commit to Hadar301/NemoClaw-OpenShift that referenced this pull request Jul 12, 2026
<!-- markdownlint-disable MD041 -->
## Summary
Adds the v0.0.77 release-note section from the shipped release
announcement and release commit range.
This is post-release docs recovery, so the PR is labeled for the next
patch release train.

## Changes
- Added `v0.0.77` to `docs/about/release-notes.mdx` with links to the
deeper Deep Agents, architecture, inference, security, and agent-docs
pages.
- Source summary:
- NVIDIA#6469 -> `docs/about/release-notes.mdx`: Documents Deep Agents Code
base-image publication and stale-version validation.
- NVIDIA#6471 -> `docs/about/release-notes.mdx`: Documents the managed runtime
disabling LangGraph CLI analytics.
- NVIDIA#6462 -> `docs/about/release-notes.mdx`: Documents the TUI, launch
banner, and model-identity provider display behavior.
- NVIDIA#6460 -> `docs/about/release-notes.mdx`: Documents bounded,
best-effort OTLP trace credential scrubbing and the remaining
collector-side redaction requirement.
- NVIDIA#6423 -> `docs/about/release-notes.mdx`: Documents the checked-in
loopback-only local credential form used by starter prompts.

## Type of Change

- [ ] Code change (feature, bug fix, or refactor)
- [ ] Code change with doc updates
- [x] Doc only (prose changes, no code sample modifications)
- [ ] Doc only (includes code sample changes)

## Quality Gates
<!-- Check exactly one tests line and one docs line. Check other lines
when applicable. Add every requested justification or approval
reference. -->
- [ ] Tests added or updated for changed behavior
- [ ] Existing tests cover changed behavior — justification:
- [x] Tests not applicable — justification: release-note prose only, no
runtime behavior or code samples changed.
- [x] Docs updated for user-facing behavior changes
- [ ] Docs not applicable — justification:
- [ ] Sensitive paths changed (security, policy, credentials, preflight,
onboarding, inference, runner, sandbox, or messaging)
- [ ] Sensitive-path review completed or maintainer-approved waiver
recorded — reviewer/approval link/justification:
- [ ] Non-success, skipped, or missing CI check accepted by maintainer —
check name, approval link, and follow-up issue:

## Verification
<!-- Check each applicable item only when supported by the requested
evidence. Run targeted tests once per relevant change set and rerun
after later edits or hook autofixes that can affect the tested behavior.
Do not rerun hook-covered checks. -->
- [x] PR description includes the DCO sign-off declaration and every
commit appears as `Verified` in GitHub
- [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or
`npm run check:diff` passed when hooks were skipped or unavailable
- [x] Targeted behavior tests pass for the current change set, or tests
are marked not applicable above — command/result or justification: tests
not applicable for release-note prose only.
- [ ] Applicable broad gate passed — `npm test` for broad
runtime/test-harness changes; `npm run check` for repo-wide
validation/coverage changes — command/result:
- [x] Quality Gates section completed with required justifications or
waivers
- [x] No secrets, API keys, or credentials committed
- [ ] `npm run docs` builds without warnings (doc changes only)
- [x] Doc pages follow the [style
guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md)
(doc changes only)
- [ ] New doc pages include SPDX header and frontmatter (new pages only)

Verification note: `npm run docs` passed. `fern check --warnings`
reports the existing light-mode accent color contrast warning: `2.41:1`,
expected at least `3:1`.

---
<!-- DCO sign-off is required in this PR description, and every commit
must appear as Verified in GitHub. Run: git config user.name && git
config user.email -->
Signed-off-by: Miyoung Choi <miyoungc@nvidia.com>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Documentation**
* Added a new release-notes entry for **v0.0.77** at the top of the
changelog.
* Highlighted improved package validation, tighter handling of telemetry
and trace data, and safer starter prompt behavior with stronger
redaction and local-only submission.


<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Hadar301 pushed a commit to Hadar301/NemoClaw-OpenShift that referenced this pull request Jul 12, 2026
<!-- markdownlint-disable MD041 -->
## Summary

This follow-up to NVIDIA#6423 replaces prose-generated credential capture with
a checked-in, authenticated one-shot loopback helper and a hardened
local form. It binds the reviewed helper/form bytes to immutable commit
URLs and SHA-256 digests so coding agents fail closed before collecting
secrets. The helper now requires an explicit `isolated` or
`account-home` execution profile so stateless commands use private
config roots while persistent install/onboard commands use only an
explicitly approved absolute working directory and the OS account home.

## Changes

- Add a Node.js 22 helper that validates the approved field schema, form
digest, loopback request boundary, one-shot capability, and exact child
argv without invoking a shell.
- Require explicit `isolated` and `account-home` profiles, with private
per-session config/temp roots for isolated work and reconstructed
account-home roots plus an approved absolute cwd for persistent work.
- Deny ambient `NEMOCLAW_*`, `OPENSHELL_*`, config-root, loader,
package-manager, container, crypto-provider, and other process-control
selectors while permitting only explicitly approved collected fields.
- Harden the local form with a no-network preview/edit/confirm flow,
redacted summaries, strict response locking, and no retry after an
ambiguous submission.
- Pin both reviewed artifacts in the starter prompt and add a repository
check for digest, package, executable-bit, and helper/form safety-rule
parity.
- Update user-facing starter-prompt summaries and add integration
coverage for malformed requests, races, abandoned responses, CSP, form
behavior, and immutable pins.

## Type of Change

- [ ] Code change (feature, bug fix, or refactor)
- [x] Code change with doc updates
- [ ] Doc only (prose changes, no code sample modifications)
- [ ] Doc only (includes code sample changes)

## Quality Gates

- [x] Tests added or updated for changed behavior
- [ ] Existing tests cover changed behavior — justification:
- [ ] Tests not applicable — justification:
- [x] Docs updated for user-facing behavior changes
- [ ] Docs not applicable — justification:
- [x] Sensitive paths changed (security, policy, credentials, preflight,
onboarding, inference, runner, sandbox, or messaging)
- [x] Sensitive-path review completed or maintainer-approved waiver
recorded — reviewer/approval link/justification: independent
nine-category repository security review completed with final PASS after
the CodeQL filesystem-race, CodeRabbit memory-semantics/parity, and
GPT-advisor ambient-environment findings were addressed; the helper/form
boundary was reviewed for secret handling, input validation,
authentication, error behavior, data protection, headers, security
tests, and race safety.
- [ ] Non-success, skipped, or missing CI check accepted by maintainer —
check name, approval link, and follow-up issue:

## Verification

- [x] PR description includes the DCO sign-off declaration and every
commit appears as `Verified` in GitHub
- [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or
`npm run check:diff` passed when hooks were skipped or unavailable
- [x] Targeted behavior tests pass for the current change set, or tests
are marked not applicable above — command/result or justification: `npx
vitest run --project integration test/local-credential-helper.test.ts
test/local-credential-helper-pin.test.ts
test/starter-prompt-docs.test.ts` passed 163/163 tests.
- [x] Applicable broad gate passed — `npm test` for broad
runtime/test-harness changes; `npm run check` for repo-wide
validation/coverage changes — command/result: `umask 022 && npm test`
passed 14,323 tests across 1,267 passing files, with 39 expected skips
and 1 todo.
- [x] Quality Gates section completed with required justifications or
waivers
- [x] No secrets, API keys, or credentials committed
- [ ] `npm run docs` builds without warnings (doc changes only) — not a
doc-only PR; the build completed with 0 errors and 2 pre-existing
warnings.
- [x] Doc pages follow the [style
guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md)
(doc changes only)
- [ ] New doc pages include SPDX header and frontmatter (new pages only)

Advisor-required live E2E: [run
28920925588](https://github.com/NVIDIA/NemoClaw/actions/runs/28920925588)
passed credential-sanitization and cloud-onboard at head
a413ba3.

Additional checks: `npm run checks`, `npm run typecheck:cli`, `npm run
source-shape:check`, `npm run test-size:check`, package dry-run
contents, post-push raw artifact SHA-256 verification, and `git diff
--check` all passed.

---
Signed-off-by: Carlos Villela <cvillela@nvidia.com>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added a stricter “preview then confirm” credential-capture workflow
before any credentialed commands are generated or executed.
* Improved non-interactive guidance to support secure `curl | bash`
execution with approved-command enforcement.
* **Bug Fixes**
* Hardened the local credential form UI and submission behavior with
stronger input validation, loopback-only access, and safer handling of
ambiguous/failed outcomes.
* **Documentation**
* Updated quickstarts and starter prompt text to match the new
approve-then-capture flow.
* **Tests**
* Expanded integration and security tests for the local helper,
integrity pinning, and credential/processing policy checks.
* **Chores**
* Packaged the hardened credential-form asset and added automated
integrity verification.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Signed-off-by: Carlos Villela <cvillela@nvidia.com>
Signed-off-by: Miyoung Choi <miyoungc@nvidia.com>
Signed-off-by: cjagwani <cjagwani@nvidia.com>
Co-authored-by: Miyoung Choi <miyoungc@nvidia.com>
Co-authored-by: cjagwani <cjagwani@nvidia.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area: docs Documentation, examples, guides, or docs build area: install Install, setup, prerequisites, or uninstall flow v0.0.77 Release target

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants