Skip to content

fix(openclaw): contextualize managed audit findings#6593

Merged
cv merged 64 commits into
mainfrom
fix/6024_openclaw_security_audit
Jul 12, 2026
Merged

fix(openclaw): contextualize managed audit findings#6593
cv merged 64 commits into
mainfrom
fix/6024_openclaw_security_audit

Conversation

@chengjiew

@chengjiew chengjiew commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Summary

Teach generated OpenClaw configs to explain NemoClaw-managed dashboard compatibility flags through OpenClaw's native security audit suppression contract. The findings remain visible with their original severity, remediation, and an explicit risk-acceptance reason, while unrelated audit findings remain active.

Related Issue

Fixes #6024

Changes

  • Generate exact security.audit.suppressions entries only when NemoClaw enables allowInsecureAuth or dangerouslyDisableDeviceAuth.
  • Match duplicate generic dangerous-flag findings by exact flag detail so other findings are not suppressed.
  • Add focused config-generation coverage for loopback HTTP, remote HTTPS, and remote HTTP dashboards.
  • Document the device-auth defaults, accepted risk, safer loopback/HTTPS choices, and how to inspect suppressedFindings.

Type of Change

  • Code change (feature, bug fix, or refactor)
  • Code change with doc updates
  • Doc only (prose changes, no code sample modifications)
  • Doc only (includes code sample changes)

Quality Gates

  • Tests added or updated for changed behavior
  • Existing tests cover changed behavior — justification:
  • Tests not applicable — justification:
  • Docs updated for user-facing behavior changes
  • Docs not applicable — justification:
  • Sensitive paths changed (security, policy, credentials, preflight, onboarding, inference, runner, sandbox, or messaging)
  • Sensitive-path review completed or maintainer-approved waiver recorded — reviewer/approval link/justification:
  • Non-success, skipped, or missing CI check accepted by maintainer — check name, approval link, and follow-up issue:

Verification

  • PR description includes the DCO sign-off declaration and every commit appears as Verified in GitHub
  • Normal pre-commit, commit-msg, and pre-push hooks passed, or npm run check:diff passed when hooks were skipped or unavailable
  • Targeted behavior tests pass for the current change set, or tests are marked not applicable above — npx vitest run --project integration test/generate-openclaw-config.test.ts test/generate-openclaw-config-security-audit.test.ts passed 131/131 tests
  • Applicable broad gate passed — npm test for broad runtime/test-harness changes; npm run check for repo-wide validation/coverage changes — command/result:
  • Quality Gates section completed with required justifications or waivers
  • No secrets, API keys, or credentials committed
  • npm run docs builds without warnings (doc changes only) — 0 errors; two unrelated environment/theme warnings remain for missing Fern authentication and existing light-mode contrast
  • Doc pages follow the style guide (doc changes only)
  • New doc pages include SPDX header and frontmatter (new pages only)

Signed-off-by: Chengjie Wang chengjiew@nvidia.com

Summary by CodeRabbit

  • Documentation
    • Updated security guidance so device authentication and related dashboard pairing are enabled for loopback-only setups, with clearer warnings for remote/public exposure.
    • Clarified the NEMOCLAW_DASHBOARD_BIND=0.0.0.0 opt-in workflow, including required sandbox recreation and connect-time behavior.
  • Bug Fixes
    • Tightened remote dashboard bind handling: local-only sandboxes can’t be used for remote exposure without the proper opt-in preparation.
    • Refined managed security-audit suppression and reporting to align with loopback vs remote exposure.
  • Tests
    • Added/expanded unit, real-audit, and end-to-end coverage for the new suppression and remote-bind lifecycle enforcement.
  • Chores
    • CI reliability improvements (tooling availability and longer real-audit timeout).

Signed-off-by: Chengjie Wang <chengjiew@nvidia.com>
@coderabbitai

coderabbitai Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

Adds remote dashboard-bind preparation tracking, fail-closed forwarding and reuse checks, managed OpenClaw audit suppressions, lifecycle and real-audit tests, CI updates, and revised security and dashboard-binding documentation.

Changes

Dashboard exposure and lifecycle

Layer / File(s) Summary
Remote bind Dockerfile contract and build metadata
Dockerfile, src/lib/onboard/dockerfile-remote-dashboard-bind-contract.ts, src/lib/onboard/dockerfile-patch.ts, src/lib/onboard/sandbox-dockerfile-patch-flow.ts, src/lib/onboard/prepared-dcode-rebuild.ts
Dockerfile preparation validates remote-bind propagation and returns dashboardRemoteBindPrepared through sandbox build planning.
Runtime propagation, registry state, and forwarding
src/lib/onboard/..., src/lib/state/registry.ts, src/lib/actions/sandbox/forward-recovery.ts
Remote-bind settings and preparation state flow through onboarding, registry persistence, sandbox reuse, and port-forward recovery.
Lifecycle and integration validation
test/dashboard-remote-bind-lifecycle.test.ts, test/e2e/..., src/lib/onboard/*test.ts
Tests cover Dockerfile contract failures, state propagation, local-only rejection, forwarding targets, revalidation, and E2E preservation.

Managed security audit behavior

Layer / File(s) Summary
Suppression generation and gateway flags
scripts/generate-openclaw-config.mts
buildConfig() derives exposure and device-auth decisions, emits conditional audit suppressions, and configures Host-header origin fallback for remote bind with loopback UI settings.
Audit contract tests
test/generate-openclaw-config-security-audit.test.ts, test/openclaw-security-audit-suppressions-real.test.ts
Unit and gated real-OpenClaw tests verify suppression entries, active findings, reasons, flags, and exposure scenarios.
Security and dashboard-binding documentation
docs/security/best-practices.mdx, docs/manage-sandboxes/runtime-controls.mdx, docs/reference/...
Documentation describes loopback device authentication, managed findings, suppression inspection, remote-bind onboarding, reconnect, and recreation requirements.

CI and tooling

Layer / File(s) Summary
Audit workflow and supporting tooling
.github/workflows/..., .github/actions/..., test/openclaw-dependency-review.test.ts, tools/advisors/repo-read-only-tools.mts
CI runs the real audit harness with an extended timeout, installs ripgrep when needed, validates workflow and build-argument contracts, and adjusts canonical path containment handling.

Estimated code review effort: 4 (Complex) | ~60 minutes

Sequence Diagram(s)

sequenceDiagram
  participant Onboarding
  participant DockerfileContract
  participant SandboxRegistry
  participant ForwardRecovery
  participant OpenClawAudit

  Onboarding->>DockerfileContract: prepare remote dashboard bind
  DockerfileContract->>Onboarding: return dashboardRemoteBindPrepared
  Onboarding->>SandboxRegistry: persist preparation state
  ForwardRecovery->>SandboxRegistry: verify preparation before forwarding
  ForwardRecovery->>ForwardRecovery: select loopback or 0.0.0.0 target
  Onboarding->>OpenClawAudit: generate config with audit suppressions
  OpenClawAudit->>OpenClawAudit: report suppressed and active findings
Loading

Possibly related PRs

Suggested labels: security, bug-fix, area: docs, area: sandbox

Suggested reviewers: jyaunches, cv

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name Status Explanation Resolution
Out of Scope Changes check ⚠️ Warning tools/advisors/repo-read-only-tools.mts relaxes path confinement checks and appears unrelated to the audit-finding suppression objective. Remove unrelated repo-path guard changes or split them into a separate PR focused on that behavior.
Docstring Coverage ⚠️ Warning Docstring coverage is 11.76% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the main change: contextualizing managed OpenClaw audit findings for NemoClaw defaults.
Linked Issues check ✅ Passed The PR adds audit suppressions and related safeguards for the NemoClaw default auth flags, matching the issue’s goal to avoid misleading critical warnings.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/6024_openclaw_security_audit

Comment @coderabbitai help to get the list of available commands.

@github-code-quality

github-code-quality Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Code Coverage Overview

Languages: TypeScript

TypeScript / code-coverage/plugin

The overall coverage remains at 96%, unchanged from the branch.

TypeScript / code-coverage/cli

The overall coverage in the branch remains at 79%, unchanged from the branch.

Show a code coverage summary of the most impacted files.
File a31b29b 31edc93 +/-
src/lib/actions...e-classifier.ts 77% 55% -22%
src/lib/onboard...p-nim-ollama.ts 90% 76% -14%
src/lib/actions...ess-recovery.ts 81% 71% -10%
src/lib/policy/index.ts 71% 66% -5%
src/lib/onboard.ts 28% 30% +2%
src/lib/shields/index.ts 66% 70% +4%
src/lib/shields...nsition-lock.ts 85% 89% +4%
src/lib/sandbox/config.ts 58% 74% +16%
src/lib/state/m...-acquisition.ts 78% 99% +21%
src/lib/onboard...ind-contract.ts 0% 96% +96%

Updated July 12, 2026 00:18 UTC
Code Coverage is in Public Preview. Learn more and provide us with your feedback.

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

E2E Advisor Recommendation

Required E2E: cloud-onboard, onboard-repair, onboard-resume, state-backup-restore, upgrade-stale-sandbox, dashboard-remote-bind-e2e
Optional E2E: security-posture, runtime-overrides

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

  • cloud-onboard (high): Required by the deterministic risk plan for Dockerfile/platform-install changes. Also validates that generated OpenClaw config and new build args work through a fresh hosted onboarding flow.
  • onboard-repair (high): Required by the deterministic risk plan for lifecycle-state changes. The changed onboarding, forward recovery, sandbox registration/reuse, and registry paths must prove repair convergence against live OpenShell state.
  • onboard-resume (medium): Required by the deterministic risk plan for lifecycle-state changes. Resume/retry behavior must be validated live rather than relying only on unit/runtime-boundary tests.
  • state-backup-restore (medium): Required by the deterministic risk plan for upgrade/rebuild changes. Ensures rebuild/restore paths preserve user state and remain retryable after mutation failures.
  • upgrade-stale-sandbox (medium): Required by the deterministic risk plan for upgrade/rebuild changes. Validates stale managed sandbox rebuild and route/state preservation after host/runtime updates.
  • dashboard-remote-bind-e2e (high): Dashboard bind/device-auth/security-audit behavior is directly changed. This existing regression E2E validates opt-in remote dashboard forwards and should be blocking for this security-boundary change.

Optional E2E

  • security-posture (high): Useful adjacent confidence for changed device-auth, dashboard exposure, generated OpenClaw config, and audit-suppression semantics across live OpenClaw/Hermes security posture checks.
  • runtime-overrides (medium): Useful adjacent coverage for new Dockerfile/generate-openclaw-config build arguments and runtime configuration overrides, especially where config generation feeds live assistant behavior.

New E2E recommendations

  • wsl-dashboard-exposure-audit (high): This PR documents and implements WSL-specific all-interface dashboard forwarding while still printing a loopback ready URL and treating audit findings differently. Existing dashboard-remote-bind coverage validates explicit remote bind on a launchable host, not the WSL default exposure path.
    • Suggested test: Add a WSL-targeted dashboard exposure E2E that onboards on WSL, verifies the forward binds for Windows-host reachability, verifies the ready summary URL remains loopback, and verifies OpenClaw security audit findings remain active for WSL exposure.

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

E2E Target Recommendation

Required E2E targets: cloud-onboard, onboard-repair, onboard-resume, state-backup-restore, upgrade-stale-sandbox
Optional E2E targets: None

Dispatch required E2E targets:

  • gh workflow run e2e.yaml --ref <pr-head-ref> --field jobs=cloud-onboard
  • gh workflow run e2e.yaml --ref <pr-head-ref> --field jobs=onboard-repair
  • gh workflow run e2e.yaml --ref <pr-head-ref> --field jobs=onboard-resume
  • gh workflow run e2e.yaml --ref <pr-head-ref> --field jobs=state-backup-restore
  • gh workflow run e2e.yaml --ref <pr-head-ref> --field jobs=upgrade-stale-sandbox

Workflow run

Full E2E target advisor summary

E2E Target Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E targets

  • cloud-onboard: Installer and platform changes must work on a clean supported host with the pinned runtime dependencies.
    • Dispatch: gh workflow run e2e.yaml --ref <pr-head-ref> --field jobs=cloud-onboard
  • onboard-repair: Onboarding and sandbox state must converge across persisted metadata, reported status, and the live runtime.
    • Dispatch: gh workflow run e2e.yaml --ref <pr-head-ref> --field jobs=onboard-repair
  • onboard-resume: Onboarding and sandbox state must converge across persisted metadata, reported status, and the live runtime.
    • Dispatch: gh workflow run e2e.yaml --ref <pr-head-ref> --field jobs=onboard-resume
  • state-backup-restore: Upgrade, rebuild, snapshot, and restore operations must preserve user state while replacing stale runtime state.
    • Dispatch: gh workflow run e2e.yaml --ref <pr-head-ref> --field jobs=state-backup-restore
  • upgrade-stale-sandbox: Upgrade, rebuild, snapshot, and restore operations must preserve user state while replacing stale runtime state.
    • Dispatch: gh workflow run e2e.yaml --ref <pr-head-ref> --field jobs=upgrade-stale-sandbox

Optional E2E targets

  • None.

Relevant changed files

  • Dockerfile
  • scripts/generate-openclaw-config.mts
  • src/lib/actions/sandbox/forward-health.ts
  • src/lib/actions/sandbox/forward-recovery.ts
  • src/lib/actions/sandbox/rebuild-custom-image-preflight.ts
  • src/lib/actions/sandbox/rebuild-managed-image-preflight.ts
  • src/lib/onboard.ts
  • src/lib/onboard/build-context-stage.ts
  • src/lib/onboard/dockerfile-patch.ts
  • src/lib/onboard/dockerfile-remote-dashboard-bind-contract.ts
  • src/lib/onboard/prepared-dcode-rebuild.ts
  • src/lib/onboard/sandbox-create-launch.ts
  • src/lib/onboard/sandbox-dockerfile-patch-flow.ts
  • src/lib/onboard/sandbox-registration.ts
  • src/lib/onboard/sandbox-reuse.ts
  • src/lib/state/registry.ts
  • test/e2e/brev-e2e.test.ts
  • test/e2e/live/dashboard-remote-bind.test.ts
  • test/e2e/mock-parity.json

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

PR Review Advisor (Nemotron Ultra) — No blocking findings

Merge posture: No blocking advisor findings
Primary next action: Add or justify PRA-T1 and any related test follow-ups.
Open items: 0 required · 0 warnings · 0 suggestions · 5 test follow-ups
Since last review: 0 prior items resolved · 0 still apply · 0 new items found

Action checklist

  • PRA-T1 Add or justify test follow-up: Runtime validation
  • PRA-T2 Add or justify test follow-up: Runtime validation
  • PRA-T3 Add or justify test follow-up: Runtime validation
  • PRA-T4 Add or justify test follow-up: Runtime validation
  • PRA-T5 Add or justify test follow-up: Runtime validation
Test follow-ups to resolve or justify

If these cover changed behavior, prefer adding them in this PR; otherwise state why existing coverage is enough or link the follow-up.

  • PRA-T1 Runtime validation — Run the `cloud-onboard` E2E job for Installer and platform changes must work on a clean supported host with the pinned runtime dependencies. Matched files: `Dockerfile`.. Deterministic regression risks require live validation: lifecycle-state, upgrade-rebuild, platform-install. Risk plan identifies 5 required E2E jobs (cloud-onboard, onboard-repair, onboard-resume, state-backup-restore, upgrade-stale-sandbox) covering lifecycle-state, upgrade-rebuild, platform-install invariants that require live sandbox validation. Unit/mocked coverage is comprehensive: 10 audit suppression tests, 1 real OpenClaw audit integration, 21 remote bind lifecycle tests (12 rejection vectors), 5 contract resolution tests, rebuild preservation test. All new code paths have branch coverage.
  • PRA-T2 Runtime validation — Run the `onboard-repair` E2E job for Onboarding and sandbox state must converge across persisted metadata, reported status, and the live runtime. Matched files: `src/lib/actions/sandbox/forward-health.ts`, `src/lib/actions/sandbox/forward-recovery.ts`, `src/lib/actions/sandbox/rebuild-custom-image-preflight.ts`, `src/lib/actions/sandbox/rebuild-managed-image-preflight.ts`, `src/lib/onboard.ts`.. Deterministic regression risks require live validation: lifecycle-state, upgrade-rebuild, platform-install. Risk plan identifies 5 required E2E jobs (cloud-onboard, onboard-repair, onboard-resume, state-backup-restore, upgrade-stale-sandbox) covering lifecycle-state, upgrade-rebuild, platform-install invariants that require live sandbox validation. Unit/mocked coverage is comprehensive: 10 audit suppression tests, 1 real OpenClaw audit integration, 21 remote bind lifecycle tests (12 rejection vectors), 5 contract resolution tests, rebuild preservation test. All new code paths have branch coverage.
  • PRA-T3 Runtime validation — Run the `onboard-resume` E2E job for Onboarding and sandbox state must converge across persisted metadata, reported status, and the live runtime. Matched files: `src/lib/actions/sandbox/forward-health.ts`, `src/lib/actions/sandbox/forward-recovery.ts`, `src/lib/actions/sandbox/rebuild-custom-image-preflight.ts`, `src/lib/actions/sandbox/rebuild-managed-image-preflight.ts`, `src/lib/onboard.ts`.. Deterministic regression risks require live validation: lifecycle-state, upgrade-rebuild, platform-install. Risk plan identifies 5 required E2E jobs (cloud-onboard, onboard-repair, onboard-resume, state-backup-restore, upgrade-stale-sandbox) covering lifecycle-state, upgrade-rebuild, platform-install invariants that require live sandbox validation. Unit/mocked coverage is comprehensive: 10 audit suppression tests, 1 real OpenClaw audit integration, 21 remote bind lifecycle tests (12 rejection vectors), 5 contract resolution tests, rebuild preservation test. All new code paths have branch coverage.
  • PRA-T4 Runtime validation — Run the `state-backup-restore` E2E job for Upgrade, rebuild, snapshot, and restore operations must preserve user state while replacing stale runtime state. Matched files: `src/lib/actions/sandbox/rebuild-custom-image-preflight.ts`, `src/lib/actions/sandbox/rebuild-managed-image-preflight.ts`, `src/lib/onboard/prepared-dcode-rebuild.ts`.. Deterministic regression risks require live validation: lifecycle-state, upgrade-rebuild, platform-install. Risk plan identifies 5 required E2E jobs (cloud-onboard, onboard-repair, onboard-resume, state-backup-restore, upgrade-stale-sandbox) covering lifecycle-state, upgrade-rebuild, platform-install invariants that require live sandbox validation. Unit/mocked coverage is comprehensive: 10 audit suppression tests, 1 real OpenClaw audit integration, 21 remote bind lifecycle tests (12 rejection vectors), 5 contract resolution tests, rebuild preservation test. All new code paths have branch coverage.
  • PRA-T5 Runtime validation — Run the `upgrade-stale-sandbox` E2E job for Upgrade, rebuild, snapshot, and restore operations must preserve user state while replacing stale runtime state. Matched files: `src/lib/actions/sandbox/rebuild-custom-image-preflight.ts`, `src/lib/actions/sandbox/rebuild-managed-image-preflight.ts`, `src/lib/onboard/prepared-dcode-rebuild.ts`.. Deterministic regression risks require live validation: lifecycle-state, upgrade-rebuild, platform-install. Risk plan identifies 5 required E2E jobs (cloud-onboard, onboard-repair, onboard-resume, state-backup-restore, upgrade-stale-sandbox) covering lifecycle-state, upgrade-rebuild, platform-install invariants that require live sandbox validation. Unit/mocked coverage is comprehensive: 10 audit suppression tests, 1 real OpenClaw audit integration, 21 remote bind lifecycle tests (12 rejection vectors), 5 contract resolution tests, rebuild preservation test. All new code paths have branch coverage.

Workflow run details

This is an automated, non-binding review; it still expects maintainers and agents to respond to each required or warning item. Treat suggestions as current-PR improvements when they touch changed code; defer only with maintainer rationale or a linked follow-up. A human maintainer must make the final merge decision.

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

PR Review Advisor — No blocking findings

Merge posture: No blocking advisor findings
Primary next action: Review the warnings below.
Findings: 0 required · 1 warning · 0 optional suggestions
Since last review: 0 prior items resolved · 1 still applies · 0 new items found

1 warning · 0 optional suggestions

Warnings

These merit maintainer attention but do not block by themselves.

PRA-1 Warning — WSL dashboard forwarding still defaults to all-interface exposure with device auth disabled

  • Location: src/lib/actions/sandbox/forward-recovery.ts:68
  • Category: security
  • Problem: On WSL, the dashboard forward is treated as requiring an all-interface bind even when the operator did not set NEMOCLAW_DASHBOARD_BIND=0.0.0.0, while generated OpenClaw config treats WSL as remote dashboard exposure and disables device authentication.
  • Impact: On WSL hosts where a 0.0.0.0 forward is reachable beyond the Windows host, a default connect/onboard path can expose the OpenClaw dashboard to the network without device-auth protection, increasing the risk of unauthorized dashboard access.
  • Recommendation: Require an explicit WSL remote-dashboard opt-in before starting an all-interface dashboard forward with device auth disabled, or keep device auth enabled unless the implementation can prove the listener is Windows-host-only.
  • Verification: Read src/lib/actions/sandbox/forward-recovery.ts around allInterfaceBindRequired and scripts/generate-openclaw-config.mts around hasRemoteDashboardExposure/disableDeviceAuth; confirm isWsl() alone causes 0.0.0.0 forwarding and device-auth disablement.
  • Test coverage: Add a WSL-specific onboard/connect unit test with no NEMOCLAW_DASHBOARD_BIND set that asserts NemoClaw does not start openshell forward start --background 0.0.0.0:<port> with device auth disabled, or asserts an explicit WSL opt-in is required before that combination is allowed.
  • Evidence: src/lib/actions/sandbox/forward-recovery.ts:67-81 computes allInterfaceBindRequired = remoteBindRequested || isWsl() and passes forwardTarget 0.0.0.0:<port> plus expectedBind 0.0.0.0 when true. src/lib/onboard/sandbox-dockerfile-patch-flow.ts:181-207 records wslDashboardExposure for managed OpenClaw images when isWsl() is true. scripts/generate-openclaw-config.mts:1262-1271 includes wslDashboardExposure in hasRemoteDashboardExposure and sets disableDeviceAuth = deviceAuthOptOut || hasRemoteDashboardExposure. test/generate-openclaw-config-security-audit.test.ts covers WSL all-interface exposure as keeping findings active, confirming the exposure is intentional/audited but not prevented.

Workflow run details

This is an automated review. Required findings need action before merge. Warnings and optional suggestions do not require a response or follow-up. A human maintainer makes the final merge decision.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (3)
test/generate-openclaw-config-security-audit.test.ts (1)

20-65: 🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick win

Add a "fully secure" case to complete the suppression matrix.

The suite covers loopback-HTTP, non-loopback-HTTPS, and non-loopback-HTTP, but there's no test asserting the case with neither condition true (e.g. loopback HTTPS) — where config.security should be entirely absent per the securityAuditSuppressions.length > 0 guard in buildConfig. This is the scenario that directly backs the PR's "unrelated findings are not suppressed" claim and guards against a regression where suppressions leak into secure configs.

✅ Suggested additional test
+  it("emits no suppressions for a fully secure loopback dashboard (`#6024`)", () => {
+    const config = buildSecurityAuditConfig("https://127.0.0.1:18789");
+    expect(config.security).toBeUndefined();
+  });
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/generate-openclaw-config-security-audit.test.ts` around lines 20 - 65,
Add a “fully secure” test case in
generate-openclaw-config-security-audit.test.ts using buildSecurityAuditConfig
with a loopback HTTPS URL so neither managed auth suppression applies; assert
that config.security is entirely absent, since buildConfig only adds security
when securityAuditSuppressions.length > 0. Keep the new test alongside the
existing managed security audit cases and verify the suppression matrix now
covers loopback-HTTP, non-loopback-HTTPS, non-loopback-HTTP, and secure
loopback-HTTPS.
docs/security/best-practices.mdx (1)

686-699: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick win

Consider a <Warning> callout for the safety clarification.

Lines 689-690 make an important point — suppressions don't make the flags safe or change enforcement — that's easy to skim past as plain prose. The file already uses <Warning> for a comparable risk-scoping caveat later (Auto-Pair section, lines 739-742); wrapping this clarification the same way would make it consistent and harder to miss.

As per coding guidelines, docs/**/*.mdx should "Use Fern callout components such as <Note>, <Tip>, and <Warning> for callouts in MDX pages."

📝 Suggested callout wrap
-These suppressions change audit reporting only.
-They do not make either flag safe, weaken enforcement, or suppress unrelated findings.
+<Warning>
+These suppressions change audit reporting only.
+They do not make either flag safe, weaken enforcement, or suppress unrelated findings.
+</Warning>
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/security/best-practices.mdx` around lines 686 - 699, Wrap the safety
clarification in the OpenClaw audit section with a <Warning> callout so the
statement that suppressions do not make allowInsecureAuth or
dangerouslyDisableDeviceAuth safe and do not weaken enforcement stands out.
Update the prose in the best-practices MDX content where the accepted findings
and suppression behavior are described, matching the existing callout style used
elsewhere in the document. Keep the audit details, JSON example, and
risk-removal guidance inside the warning block.

Source: Coding guidelines

scripts/generate-openclaw-config.mts (1)

1195-1219: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Suppression schema and checkIds verified against OpenClaw's audit implementation.

Confirmed via OpenClaw docs/source references that security.audit.suppressions supports exact checkId + detailIncludes + reason, that config.insecure_or_dangerous_flags is emitted one-per-flag (justifying the detailIncludes disambiguation used here), and that gateway.control_ui.insecure_auth is a real checkId. No functional defect found in this segment.

Minor DRY opportunity: the two blocks are structurally identical (push a specific-check entry + a generic config.insecure_or_dangerous_flags entry sharing the same reason). Extracting a small helper would reduce duplication and make it easier to add more managed flags later.

♻️ Optional refactor to reduce duplication
+  const pushManagedFlagSuppression = (
+    checkId: string,
+    detailIncludes: string,
+    reason: string,
+  ): void => {
+    securityAuditSuppressions.push(
+      { checkId, reason },
+      { checkId: "config.insecure_or_dangerous_flags", detailIncludes, reason },
+    );
+  };
+
   if (allowInsecure) {
-    const reason =
-      "NemoClaw derives this setting from an HTTP CHAT_UI_URL; use HTTPS for non-loopback dashboards.";
-    securityAuditSuppressions.push(
-      { checkId: "gateway.control_ui.insecure_auth", reason },
-      {
-        checkId: "config.insecure_or_dangerous_flags",
-        detailIncludes: "gateway.controlUi.allowInsecureAuth=true",
-        reason,
-      },
-    );
+    pushManagedFlagSuppression(
+      "gateway.control_ui.insecure_auth",
+      "gateway.controlUi.allowInsecureAuth=true",
+      "NemoClaw derives this setting from an HTTP CHAT_UI_URL; use HTTPS for non-loopback dashboards.",
+    );
   }
   if (disableDeviceAuth) {
-    const reason =
-      "NemoClaw enables this compatibility setting for non-loopback or explicitly opted-out dashboards; use loopback access to retain device authentication.";
-    securityAuditSuppressions.push(
-      { checkId: "gateway.control_ui.device_auth_disabled", reason },
-      {
-        checkId: "config.insecure_or_dangerous_flags",
-        detailIncludes: "gateway.controlUi.dangerouslyDisableDeviceAuth=true",
-        reason,
-      },
-    );
+    pushManagedFlagSuppression(
+      "gateway.control_ui.device_auth_disabled",
+      "gateway.controlUi.dangerouslyDisableDeviceAuth=true",
+      "NemoClaw enables this compatibility setting for non-loopback or explicitly opted-out dashboards; use loopback access to retain device authentication.",
+    );
   }
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/generate-openclaw-config.mts` around lines 1195 - 1219, Refactor the
duplicated suppression-building logic in generate-openclaw-config.mts by
extracting a small helper around the securityAuditSuppressions.push pattern used
in the allowInsecure and disableDeviceAuth branches. Keep the existing checkId,
detailIncludes, and reason values unchanged, but centralize the creation of the
specific check entry plus the shared config.insecure_or_dangerous_flags entry so
adding future managed flags is simpler and less repetitive.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@docs/security/best-practices.mdx`:
- Around line 686-699: Wrap the safety clarification in the OpenClaw audit
section with a <Warning> callout so the statement that suppressions do not make
allowInsecureAuth or dangerouslyDisableDeviceAuth safe and do not weaken
enforcement stands out. Update the prose in the best-practices MDX content where
the accepted findings and suppression behavior are described, matching the
existing callout style used elsewhere in the document. Keep the audit details,
JSON example, and risk-removal guidance inside the warning block.

In `@scripts/generate-openclaw-config.mts`:
- Around line 1195-1219: Refactor the duplicated suppression-building logic in
generate-openclaw-config.mts by extracting a small helper around the
securityAuditSuppressions.push pattern used in the allowInsecure and
disableDeviceAuth branches. Keep the existing checkId, detailIncludes, and
reason values unchanged, but centralize the creation of the specific check entry
plus the shared config.insecure_or_dangerous_flags entry so adding future
managed flags is simpler and less repetitive.

In `@test/generate-openclaw-config-security-audit.test.ts`:
- Around line 20-65: Add a “fully secure” test case in
generate-openclaw-config-security-audit.test.ts using buildSecurityAuditConfig
with a loopback HTTPS URL so neither managed auth suppression applies; assert
that config.security is entirely absent, since buildConfig only adds security
when securityAuditSuppressions.length > 0. Keep the new test alongside the
existing managed security audit cases and verify the suppression matrix now
covers loopback-HTTP, non-loopback-HTTPS, non-loopback-HTTP, and secure
loopback-HTTPS.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 84912228-b75f-4674-8e4b-47fdd7b9deb9

📥 Commits

Reviewing files that changed from the base of the PR and between ac9e1bc and f69bdb7.

📒 Files selected for processing (3)
  • docs/security/best-practices.mdx
  • scripts/generate-openclaw-config.mts
  • test/generate-openclaw-config-security-audit.test.ts

Signed-off-by: Chengjie Wang <chengjiew@nvidia.com>
@apurvvkumaria apurvvkumaria added the v0.0.79 Release target label Jul 9, 2026
@apurvvkumaria apurvvkumaria self-assigned this Jul 9, 2026
Signed-off-by: Chengjie Wang <chengjiew@nvidia.com>
@cv cv added v0.0.80 Release target and removed v0.0.79 Release target labels Jul 9, 2026
@cv

cv commented Jul 9, 2026

Copy link
Copy Markdown
Collaborator

Exact-head maintainer follow-up for f48b03a666f8a3ce96ae16f73bd0727021bec48e:

I exercised the PR's generated configuration through the exact pinned OpenClaw audit consumer, rather than stopping at JSON-shape assertions:

  • fetched openclaw@2026.6.10; the tarball integrity is sha512-LcooND2tBQw8A+kc1Ujltu3lg30bJ0w7XaeRy7eYzobb8BBdcW6DOGbwJL4vpj1vl9+gjRceOtlh5nh9OARcug==, matching the production pin in Dockerfile;
  • imported this head's buildConfig and the pinned compiled runSecurityAudit consumer with filesystem, channel, and deep probes disabled;
  • added the unrelated dangerous flag tools.exec.applyPatch.workspaceOnly=false to every case to verify that a shared config.insecure_or_dangerous_flags check ID does not over-suppress.

Observed matrix:

  • loopback HTTP: only the managed gateway.control_ui.insecure_auth finding and its exact allowInsecureAuth=true generic finding moved to suppressedFindings;
  • remote HTTPS: only the managed gateway.control_ui.device_auth_disabled finding and its exact dangerouslyDisableDeviceAuth=true generic finding moved;
  • remote HTTP: device-auth findings moved, while both insecure-auth findings remained active;
  • in every case the unrelated tools.exec.applyPatch.workspaceOnly=false finding remained active, security.audit.suppressions.active remained active, and suppressed entries retained severity, detail, remediation, and the configured reason.

This directly exercises and resolves the runtime-consumer concern in PRA-1 / PRA-T1PRA-T3. I am also dispatching the advisor-required full-e2e, security-posture, and ubuntu-repo-cloud-openclaw live jobs on this exact branch; those remain independent merge gates.

Signed-off-by: Chengjie Wang <chengjiew@nvidia.com>
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

E2E Target Results — ✅ All selected jobs passed

Run: 29045058101
Workflow ref: fix/6024_openclaw_security_audit
Requested targets: ubuntu-repo-cloud-openclaw
Requested jobs: (default — all default-enabled free-standing jobs; explicit-only jobs openshell-gateway-auth-contract, mcp-bridge-dev, hermes-gpu-startup, sandbox-rlimits-connect, and jetson-nvmap-gpu are skipped unless selected)
Summary: 1 passed, 0 failed, 0 cancelled, 0 skipped

Job Result
live ✅ success

Signed-off-by: Chengjie Wang <chengjiew@nvidia.com>
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

E2E Target Results — ⚠️ Some jobs cancelled — partial pass

Run: 29045056261
Workflow ref: fix/6024_openclaw_security_audit
Requested targets: (default — all supported)
Requested jobs: full-e2e,security-posture
Summary: 1 passed, 0 failed, 1 cancelled, 0 skipped

Job Result
full-e2e ✅ success
security-posture ⚠️ cancelled

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
test/openclaw-security-audit-suppressions-real.test.ts (1)

101-140: 🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick win

Test doesn't cover the remote-HTTPS case or the "unrelated flag stays active" contract.

The PR objective and maintainer validation describe three managed scenarios (loopback HTTP, remote HTTPS, remote HTTP), and specifically call out adding an unrelated dangerous flag (tools.exec.applyPatch.workspaceOnly=false) to every case to prove shared findings aren't over-suppressed. This automated harness only exercises loopback HTTP and remote HTTP — the remote-HTTPS scenario (where only device_auth_disabled should be suppressed, with insecure_auth never triggered) isn't asserted here, and the unrelated-finding check only runs for the loopback case (gateway.loopback_no_auth), not for the remote case, and doesn't use the exact unrelated flag the maintainer validated manually.

Since this is the "real audit" contract test meant to lock in runtime-consumer behavior (per the linked comments summary), codifying the maintainer's manual validation here would prevent regressions that manual spot-checks won't catch in CI.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/openclaw-security-audit-suppressions-real.test.ts` around lines 101 -
140, Add coverage in the audit contract test around runOpenClawAudit so it
exercises the missing remote HTTPS scenario and asserts the exact suppression
behavior there: only gateway.control_ui.device_auth_disabled should be
suppressed while gateway.control_ui.insecure_auth never appears. Also extend the
existing loopback/remote cases to include the unrelated dangerous flag
tools.exec.applyPatch.workspaceOnly=false and assert it remains active (not
suppressed) in every case, using the existing helpers like findingForFlag and
the suppressedFindings/findings arrays to locate the checks.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@test/openclaw-security-audit-suppressions-real.test.ts`:
- Around line 101-140: Add coverage in the audit contract test around
runOpenClawAudit so it exercises the missing remote HTTPS scenario and asserts
the exact suppression behavior there: only
gateway.control_ui.device_auth_disabled should be suppressed while
gateway.control_ui.insecure_auth never appears. Also extend the existing
loopback/remote cases to include the unrelated dangerous flag
tools.exec.applyPatch.workspaceOnly=false and assert it remains active (not
suppressed) in every case, using the existing helpers like findingForFlag and
the suppressedFindings/findings arrays to locate the checks.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 1694325e-0e94-43f2-b896-ece5f758272d

📥 Commits

Reviewing files that changed from the base of the PR and between f48b03a and 9578a1e.

📒 Files selected for processing (1)
  • test/openclaw-security-audit-suppressions-real.test.ts

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
test/openclaw-security-audit-suppressions-real.test.ts (1)

44-56: 🩺 Stability & Availability | 🟡 Minor | ⚡ Quick win

Temp dir setup happens before the try, so cleanup is skipped on setup failure.

mkdirSync/writeFileSync (lines 49-54) run before the try block that owns the finally cleanup (line 87-89). If either call throws, tmp is never removed, leaking the temp directory.

🧹 Proposed fix: move setup inside the try/finally
 function runOpenClawAudit(chatUiUrl: string): AuditResult {
   const tmp = fs.mkdtempSync(path.join(os.tmpdir(), "nemoclaw-openclaw-audit-"));
-  const home = path.join(tmp, "home");
-  const configDir = path.join(home, ".openclaw");
-  const cache = process.env.NEMOCLAW_REAL_OPENCLAW_AUDIT_NPM_CACHE || path.join(tmp, "npm-cache");
-  fs.mkdirSync(configDir, { recursive: true, mode: 0o700 });
-  fs.writeFileSync(
-    path.join(configDir, "openclaw.json"),
-    JSON.stringify(buildConfig({ ...BASE_ENV, CHAT_UI_URL: chatUiUrl })),
-    { mode: 0o600 },
-  );
-
   try {
+    const home = path.join(tmp, "home");
+    const configDir = path.join(home, ".openclaw");
+    const cache = process.env.NEMOCLAW_REAL_OPENCLAW_AUDIT_NPM_CACHE || path.join(tmp, "npm-cache");
+    fs.mkdirSync(configDir, { recursive: true, mode: 0o700 });
+    fs.writeFileSync(
+      path.join(configDir, "openclaw.json"),
+      JSON.stringify(buildConfig({ ...BASE_ENV, CHAT_UI_URL: chatUiUrl })),
+      { mode: 0o600 },
+    );
     const version = reviewedOpenClawVersion();
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/openclaw-security-audit-suppressions-real.test.ts` around lines 44 - 56,
The temp directory setup in runOpenClawAudit happens before the try/finally, so
failures in fs.mkdirSync or fs.writeFileSync can skip cleanup and leak tmp. Move
the temp home/config/cache setup inside the try block that owns the finally,
keeping the cleanup in place so any setup error still removes the temporary
directory.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/openclaw-security-audit-suppressions-real.test.ts`:
- Around line 58-62: The `childEnv` setup in the test is too permissive because
it passes nearly all of `process.env` into `npm exec` for the
`openclaw@${version}` package. Replace the current blocklist filter in the
environment-building logic with a narrow allowlist in this test, keeping only
the variables that `npm exec` actually needs (for example `HOME`, `PATH`, and
`NPM_CONFIG_CACHE`, plus any other explicitly required values). Use the existing
`childEnv` construction near the `spawnSync` call as the place to tighten the
env before launching the package.

---

Outside diff comments:
In `@test/openclaw-security-audit-suppressions-real.test.ts`:
- Around line 44-56: The temp directory setup in runOpenClawAudit happens before
the try/finally, so failures in fs.mkdirSync or fs.writeFileSync can skip
cleanup and leak tmp. Move the temp home/config/cache setup inside the try block
that owns the finally, keeping the cleanup in place so any setup error still
removes the temporary directory.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 66c58f63-206c-461b-85f2-9d93103e2507

📥 Commits

Reviewing files that changed from the base of the PR and between 9578a1e and 0986ad0.

📒 Files selected for processing (1)
  • test/openclaw-security-audit-suppressions-real.test.ts

Comment thread test/openclaw-security-audit-suppressions-real.test.ts Outdated
cv
cv previously requested changes Jul 9, 2026

@cv cv left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security review for exact head 0986ad06b0cbe7d0089fda4a54e509bc206e8deb found four items to address before the required live runs:

  • Fail closed on credentials in the real OpenClaw audit harness. Do not spread nearly all of process.env into the npm/OpenClaw child; pass an explicit allowlist containing only the variables the harness needs. This is the major CodeRabbit finding in #6593 (comment).
  • Put temporary-directory cleanup around the whole setup path so a download/install/setup exception cannot leak the directory.
  • Wire NEMOCLAW_REAL_OPENCLAW_AUDIT_HARNESS=1 into a trusted CI lane. The new consumer contract is currently skipped in every workflow, so it is not regression protection.
  • Do not automatically move the remote dangerouslyDisableDeviceAuth=true condition into accepted findings for every non-loopback dashboard. Require a distinct, explicit risk-acceptance control, or keep that high-risk unauthenticated remote-dashboard finding active.

After those source/security items are addressed, rerun the exact-head advisors and the E2E-advisor-required cloud-onboard and security-posture targets. The older manual consumer proof and cloud run were at f48b03a, so they are useful diagnostics but not exact-head gate evidence.

Signed-off-by: Chengjie Wang <chengjiew@nvidia.com>

@cjagwani cjagwani left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security Review

Security review of exact head c0f02081cea091520784383313cb445a5d99aa28 still finds changes required.

  1. High: the normal onboard path still suppresses the critical remote device-auth findings. scripts/generate-openclaw-config.mts:1192-1219 now suppresses when NEMOCLAW_DISABLE_DEVICE_AUTH=1, regardless of isRemote. But standard onboarding unconditionally rewrites that build arg to 1 in src/lib/onboard/dockerfile-patch.ts:305-310, including for remote CHAT_UI_URL values. The new remote tests omit that production override, so they do not exercise the actual onboard state, and docs/security/best-practices.mdx:686-687 is not yet true. Gate device-auth suppressions to a loopback-only explicit opt-out (for example, explicitDeviceAuthOptOut && !isRemote) or introduce a separate audit-risk-acceptance control. Add remote HTTP and HTTPS cases with NEMOCLAW_DISABLE_DEVICE_AUTH=1, ideally through the Dockerfile patch path.

  2. High: the real-audit harness still forwards almost all ambient environment variables to registry-fetched OpenClaw code at test/openclaw-security-audit-suppressions-real.test.ts:58-77. Replace this with a minimal literal allowlist before enabling the harness in CI.

  3. The cleanup and regression gates remain open. Setup at :45-54 still occurs before the cleanup-owning try/finally, and the suite at :99-157 is still skip-gated with no workflow setting NEMOCLAW_REAL_OPENCLAW_AUDIT_HARNESS=1. Wire it into a trusted lane after making the child environment safe. Prefer the committed OpenClaw tarball/SRI boundary over unconstrained registry retrieval so the contract test executes the artifact NemoClaw actually reviewed.

I verified the pinned OpenClaw suppression contract itself: the check IDs and exact flag details are correct; suppression preserves severity and remediation; and unrelated findings remain active. The bounded accepted-risk scopes are loopback HTTP and a loopback-only explicit device-auth opt-out. Please address the source/harness items before dispatching fresh live E2Es, then run the requested exact-head cloud-onboard, security-posture, and current advisor targets and request re-review.

chengjiew and others added 3 commits July 10, 2026 04:21
Signed-off-by: Chengjie Wang <chengjiew@nvidia.com>
Signed-off-by: Chengjie Wang <chengjiew@nvidia.com>
Cover the production remote HTTPS override with the reviewed OpenClaw artifact.

Size the trusted-main timeout for package setup and all five audit scenarios.

Co-authored-by: Chengjie Wang <chengjiew@nvidia.com>
Signed-off-by: Apurv Kumaria <akumaria@nvidia.com>
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

E2E Target Results — ⚠️ Run cancelled — no signal

Run: 29048665970
Workflow ref: fix/6024_openclaw_security_audit
Requested targets: (default — all supported)
Requested jobs: cloud-onboard,device-auth-health,security-posture
Summary: 0 passed, 0 failed, 3 cancelled, 0 skipped

Job Result
cloud-onboard ⚠️ cancelled
device-auth-health ⚠️ cancelled
security-posture ⚠️ cancelled

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

E2E Target Results — ⚠️ Run cancelled — no signal

Run: 29048691049
Workflow ref: fix/6024_openclaw_security_audit
Requested targets: (selector rejected by workflow validation)
Requested jobs: (default — all default-enabled free-standing jobs; explicit-only jobs openshell-gateway-auth-contract, mcp-bridge-dev, hermes-gpu-startup, sandbox-rlimits-connect, and jetson-nvmap-gpu are skipped unless selected)
Summary: 0 passed, 0 failed, 75 cancelled, 0 skipped

Job Result
agent-turn-latency ⚠️ cancelled
bedrock-runtime-compatible-anthropic ⚠️ cancelled
brave-search ⚠️ cancelled
channels-add-remove ⚠️ cancelled
channels-stop-start ⚠️ cancelled
cloud-inference ⚠️ cancelled
cloud-onboard ⚠️ cancelled
common-egress-agent ⚠️ cancelled
concurrent-gateway-ports ⚠️ cancelled
credential-migration ⚠️ cancelled
credential-sanitization ⚠️ cancelled
cron-preflight-inference-local ⚠️ cancelled
device-auth-health ⚠️ cancelled
diagnostics ⚠️ cancelled
docs-validation ⚠️ cancelled
double-onboard ⚠️ cancelled
full-e2e ⚠️ cancelled
gateway-drift-preflight ⚠️ cancelled
gateway-guard-recovery ⚠️ cancelled
gateway-health-honest ⚠️ cancelled
gpu-double-onboard ⚠️ cancelled
gpu-e2e ⚠️ cancelled
hermes-dashboard ⚠️ cancelled
hermes-discord ⚠️ cancelled
hermes-e2e ⚠️ cancelled
hermes-gpu-startup ⚠️ cancelled
hermes-inference-switch ⚠️ cancelled
hermes-shields-config ⚠️ cancelled
hermes-slack ⚠️ cancelled
inference-routing ⚠️ cancelled
issue-2478-crash-loop-recovery ⚠️ cancelled
issue-4434-tui-unreachable-inference ⚠️ cancelled
issue-4462-scope-upgrade-approval ⚠️ cancelled
jetson-nvmap-gpu ⚠️ cancelled
kimi-inference-compat ⚠️ cancelled
launchable-smoke ⚠️ cancelled
live ⚠️ cancelled
mcp-bridge ⚠️ cancelled
mcp-bridge-dev ⚠️ cancelled
messaging-compatible-endpoint ⚠️ cancelled
messaging-providers ⚠️ cancelled
model-router-provider-routed-inference ⚠️ cancelled
network-policy ⚠️ cancelled
ollama-auth-proxy ⚠️ cancelled
onboard-negative-paths ⚠️ cancelled
onboard-repair ⚠️ cancelled
onboard-resume ⚠️ cancelled
openclaw-discord-pairing ⚠️ cancelled
openclaw-inference-switch ⚠️ cancelled
openclaw-plugin-runtime-exdev ⚠️ cancelled
openclaw-skill-cli ⚠️ cancelled
openclaw-slack-pairing ⚠️ cancelled
openclaw-tui-chat-correlation ⚠️ cancelled
openshell-gateway-auth-contract ⚠️ cancelled
openshell-gateway-upgrade ⚠️ cancelled
openshell-version-pin ⚠️ cancelled
overlayfs-autofix ⚠️ cancelled
rebuild-hermes ⚠️ cancelled
rebuild-hermes-stale-base ⚠️ cancelled
rebuild-openclaw ⚠️ cancelled
sandbox-operations ⚠️ cancelled
sandbox-rebuild ⚠️ cancelled
sandbox-rlimits-connect ⚠️ cancelled
sandbox-survival ⚠️ cancelled
security-posture ⚠️ cancelled
sessions-agents-cli ⚠️ cancelled
shields-config ⚠️ cancelled
skill-agent ⚠️ cancelled
snapshot-commands ⚠️ cancelled
spark-install ⚠️ cancelled
state-backup-restore ⚠️ cancelled
telegram-injection ⚠️ cancelled
token-rotation ⚠️ cancelled
tunnel-lifecycle ⚠️ cancelled
upgrade-stale-sandbox ⚠️ cancelled

cv added 2 commits July 11, 2026 11:32
Signed-off-by: Carlos Villela <cvillela@nvidia.com>

# Conflicts:
#	test/e2e/mock-parity.json
Signed-off-by: Carlos Villela <cvillela@nvidia.com>
@cv

cv commented Jul 11, 2026

Copy link
Copy Markdown
Collaborator

/nvskills-ci

@github-actions

Copy link
Copy Markdown
Contributor

E2E Target Results — ❌ Some tests failed

Run: 29173077708
Workflow ref: fix/6024_openclaw_security_audit
Requested targets: (default — all supported)
Requested test IDs: (selector rejected by workflow validation)
Summary: 0 passed, 1 failed, 0 cancelled, 0 skipped, 0 unknown

Test Result
generate-matrix ❌ failure

Failed tests: generate-matrix. Check run artifacts for logs.

@cv

cv commented Jul 12, 2026

Copy link
Copy Markdown
Collaborator

Maintainer adjudication for the current PR Review Advisor warning: the WSL all-interface forward and managed device-auth compatibility opt-out predate this change (src/lib/dashboard/contract.ts on main already derives both from isWsl, and standard onboarding already applies the managed opt-out). This PR does not broaden that default exposure; it aligns recovery with the existing WSL forward contract, documents the behavior, and deliberately leaves the insecure-auth/device-auth findings active instead of suppressing them. Requiring a new explicit WSL opt-in would change the established Windows-host reachability contract and is separate design work, so the warning is noted but does not block this fix.

@github-actions

Copy link
Copy Markdown
Contributor

E2E Target Results — ⚠️ Some tests cancelled — partial pass

Run: 29173108793
Workflow ref: fix/6024_openclaw_security_audit
Requested targets: (default — all supported)
Requested test IDs: cloud-onboard,onboard-repair,onboard-resume,state-backup-restore,upgrade-stale-sandbox
Summary: 4 passed, 0 failed, 1 cancelled, 0 skipped, 0 unknown

Test Result
cloud-onboard ✅ success
onboard-repair ✅ success
onboard-resume ✅ success
state-backup-restore ✅ success
upgrade-stale-sandbox ⚠️ cancelled

@github-actions

Copy link
Copy Markdown
Contributor

Brev E2E (dashboard-remote-bind): CANCELLED on branch fix/6024_openclaw_security_auditSee logs

@github-actions

Copy link
Copy Markdown
Contributor

E2E Target Results — ✅ All requested tests passed

Run: 29173330713
Workflow ref: fix/6024_openclaw_security_audit
Requested targets: (default — all supported)
Requested test IDs: cloud-onboard,onboard-repair,onboard-resume,state-backup-restore,upgrade-stale-sandbox
Summary: 5 passed, 0 failed, 0 cancelled, 0 skipped, 0 unknown

Test Result
cloud-onboard ✅ success
onboard-repair ✅ success
onboard-resume ✅ success
state-backup-restore ✅ success
upgrade-stale-sandbox ✅ success

@github-actions

Copy link
Copy Markdown
Contributor

Brev E2E (dashboard-remote-bind): PASSED on branch fix/6024_openclaw_security_auditSee logs

@cv cv dismissed cjagwani’s stale review July 12, 2026 00:27

Dismissed after current-commit security re-review: custom Dockerfile remote-bind requests now fail closed before text attestation, all eight demonstrated attestation vectors have production-path regressions, reconnect health enforces the requested bind, ordinary CI and trusted advisors are green, and both controller-correlated remote-dashboard E2E paths passed.

@cv cv left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Current-commit re-review passed. The custom-Dockerfile attestation bypasses and remote-forward mismatch are resolved with fail-closed production paths and adversarial regressions. All 53 checks, trusted advisors, five controller-correlated E2E targets, and the dedicated dashboard remote-bind regression are green. The WSL warning describes pre-existing behavior outside this PR; this change preserves that contract while keeping the risky audit findings active.

@cv cv dismissed stale reviews from cjagwani, cjagwani, cjagwani, cjagwani, and themself July 12, 2026 00:28

Resolved on current PR commit 31edc93: the real audit harness now uses a minimal child environment, owns setup cleanup, runs the pinned artifact in trusted CI, and keeps remote findings active. Current CI, advisors, and required live evidence pass.

@cv cv merged commit 1cbcbd3 into main Jul 12, 2026
137 of 138 checks passed
@cv cv deleted the fix/6024_openclaw_security_audit branch July 12, 2026 00:31
@cv cv mentioned this pull request Jul 12, 2026
21 tasks
cv added a commit that referenced this pull request Jul 12, 2026
<!-- markdownlint-disable MD041 -->
## Summary

Release-prep documentation for v0.0.81 now summarizes user-facing
changes merged since v0.0.80.
It also closes the Hermes dashboard-profile backup gap and distinguishes
direct blueprint-runner actions from public host CLI commands.

## Changes

- Add the `v0.0.81` section to `docs/about/release-notes.mdx` with links
to the detailed user guides.
- Document that Hermes rebuilds preserve `.hermes/dashboard-home/`,
including Dashboard `MEMORY.md` and `USER.md`.
- Update Hermes manual backup and restore examples to transfer those two
profile files without copying generated configuration or the
secret-bearing dashboard `.env`.
- Explain the new per-item backup failure causes.
- Clarify that migration snapshot retention fragments are direct-runner
arguments and are not exposed by the host `nemoclaw` CLI.

### Source summary

- #6445 -> `docs/about/release-notes.mdx`,
`docs/manage-sandboxes/backup-restore.mdx`, and
`docs/manage-sandboxes/workspace-files.mdx`: Summarize manifest-owned
key-level restore and current-config authority.
- #6617 -> `docs/about/release-notes.mdx` and
`docs/manage-sandboxes/backup-restore.mdx`: Record the fail-closed
`/proc` fallback used to verify an idle Deep Agents runtime before
snapshot creation.
- #6685 -> `docs/about/release-notes.mdx`,
`docs/manage-sandboxes/backup-restore.mdx`, and
`docs/manage-sandboxes/workspace-files.mdx`: Document Hermes Web
Dashboard profile persistence and safe manual transfer.
- #6649 -> `docs/about/release-notes.mdx`: Summarize host-validated
loopback compatible-endpoint routing through the sandbox gateway.
- #6643 -> `docs/about/release-notes.mdx`: Summarize automatic
`max_completion_tokens` handling for GPT-5 and o-series models.
- #6661 -> `docs/about/release-notes.mdx`: Summarize bounded connection
reuse for eligible provider-validation probes.
- #6704 -> `docs/about/release-notes.mdx`: Record that direct blueprint
apply stops instead of persisting incomplete state after provider or
inference setup fails.
- #6677 -> `docs/about/release-notes.mdx`: Summarize transactional
recovery for legacy Docker containers whose managed supervisor
disappeared after restart.
- #6625 -> `docs/about/release-notes.mdx`: Record Hermes managed-startup
persistence across direct Docker restarts.
- #6597 -> `docs/about/release-notes.mdx`: Record final-sandbox gateway
cleanup on macOS.
- #6680 -> `docs/about/release-notes.mdx`: Summarize managed Deep Agents
first-run and process-tree cleanup improvements.
- #6647 -> `docs/about/release-notes.mdx`: Record fail-closed validation
for the managed Deep Agents fetch CA bundle.
- #6645 -> `docs/about/release-notes.mdx`: Summarize WhatsApp loopback
pairing and trusted npm plugin provenance.
- #6673 -> `docs/about/release-notes.mdx` and
`docs/manage-sandboxes/backup-restore.mdx`: Document stopped-sandbox
backup remediation.
- #6631 -> `docs/about/release-notes.mdx` and
`docs/manage-sandboxes/backup-restore.mdx`: Document per-item backup
failure causes.
- #6620 -> `docs/about/release-notes.mdx`: Record the
created-but-not-ready sandbox lifecycle receipt.
- #6664 -> `docs/about/release-notes.mdx`: Record prompt-aware
onboarding progress output.
- #6598 -> `docs/about/release-notes.mdx`: Summarize stale replay-result
invalidation during resumed onboarding.
- #6593 -> `docs/about/release-notes.mdx`: Summarize contextual OpenClaw
audit findings for managed dashboard compatibility settings.
- #6650 -> `docs/about/release-notes.mdx`: Record redaction of
token-shaped URL query values.
- #6638 -> `docs/about/release-notes.mdx`: Record the exact-path MCP
`DELETE` policy recipe for session termination.
- #5453 -> `docs/reference/host-files-and-state.mdx`: Clarify that
snapshot retention actions belong to direct runner integrations and are
not standalone host CLI commands.

### Skipped from docs-skip

- #6633 matched the `openclaw-sandbox-permissive.yaml` path in
`docs/.docs-skip` and produced no documentation in this update.

## Type of Change

- [ ] Code change (feature, bug fix, or refactor)
- [ ] Code change with doc updates
- [ ] Doc only (prose changes, no code sample modifications)
- [x] Doc only (includes code sample changes)

## Quality Gates

- [ ] Tests added or updated for changed behavior
- [ ] Existing tests cover changed behavior — justification:
- [x] Tests not applicable — justification: This is a documentation-only
release-prep update; behavior is protected by the merged source PRs, and
the documentation build validates the changed examples and routes.
- [x] Docs updated for user-facing behavior changes
- [ ] Docs not applicable — justification:
- [ ] Sensitive paths changed (security, policy, credentials, preflight,
onboarding, inference, runner, sandbox, or messaging)
- [ ] Sensitive-path review completed or maintainer-approved waiver
recorded — reviewer/approval link/justification:
- [ ] Non-success, skipped, or missing CI check accepted by maintainer —
check name, approval link, and follow-up issue:

## Verification

- [x] PR description includes the DCO sign-off declaration and every
commit appears as `Verified` in GitHub
- [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or
`npm run check:diff` passed when hooks were skipped or unavailable
- [x] Targeted behavior tests pass for the current change set, or tests
are marked not applicable above — tests are not applicable for this
documentation-only change; `npm run docs` completed successfully.
- [ ] Applicable broad gate passed — `npm test` for broad
runtime/test-harness changes; `npm run check` for repo-wide
validation/coverage changes — command/result: not run for this
documentation-only change.
- [x] Quality Gates section completed with required justifications or
waivers
- [x] No secrets, API keys, or credentials committed
- [ ] `npm run docs` builds without warnings (doc changes only) — 0
errors; two existing Fern warnings remain.
- [x] Doc pages follow the [style
guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md)
(doc changes only)
- [ ] New doc pages include SPDX header and frontmatter (new pages only)
— no new pages.

---
Signed-off-by: Carlos Villela <cvillela@nvidia.com>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

- **Documentation**
- Added release notes for v0.0.81 covering state preservation, inference
setup, sandbox recovery, session setup, pairing, diagnostics, and
security policy updates.
- Expanded backup and restore guidance to include dashboard profile
files and clarify files that must not be copied.
- Added dashboard profile persistence details to workspace and rebuild
documentation.
- Clarified snapshot retention guidance and the distinction between host
CLI capabilities and direct runner actions.
  - Added more detailed backup failure reporting information.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Signed-off-by: Carlos Villela <cvillela@nvidia.com>
Hadar301 pushed a commit to Hadar301/NemoClaw-OpenShift that referenced this pull request Jul 12, 2026
<!-- markdownlint-disable MD041 -->
## Summary
<!-- 1-3 sentences: what this PR does and why. -->

Teach generated OpenClaw configs to explain NemoClaw-managed dashboard
compatibility flags through OpenClaw's native security audit suppression
contract. The findings remain visible with their original severity,
remediation, and an explicit risk-acceptance reason, while unrelated
audit findings remain active.

## Related Issue
<!-- Fixes #NNN or Closes #NNN. Remove this section if none. -->

Fixes NVIDIA#6024

## Changes
<!-- Bullet list of key changes. -->

- Generate exact `security.audit.suppressions` entries only when
NemoClaw enables `allowInsecureAuth` or `dangerouslyDisableDeviceAuth`.
- Match duplicate generic dangerous-flag findings by exact flag detail
so other findings are not suppressed.
- Add focused config-generation coverage for loopback HTTP, remote
HTTPS, and remote HTTP dashboards.
- Document the device-auth defaults, accepted risk, safer loopback/HTTPS
choices, and how to inspect `suppressedFindings`.

## Type of Change

- [ ] Code change (feature, bug fix, or refactor)
- [x] Code change with doc updates
- [ ] Doc only (prose changes, no code sample modifications)
- [ ] Doc only (includes code sample changes)

## Quality Gates
<!-- Check exactly one tests line and one docs line. Check other lines
when applicable. Add every requested justification or approval
reference. -->
- [x] Tests added or updated for changed behavior
- [ ] Existing tests cover changed behavior — justification:
- [ ] Tests not applicable — justification:
- [x] Docs updated for user-facing behavior changes
- [ ] Docs not applicable — justification:
- [x] Sensitive paths changed (security, policy, credentials, preflight,
onboarding, inference, runner, sandbox, or messaging)
- [ ] Sensitive-path review completed or maintainer-approved waiver
recorded — reviewer/approval link/justification:
- [ ] Non-success, skipped, or missing CI check accepted by maintainer —
check name, approval link, and follow-up issue:

## Verification
<!-- Check each applicable item only when supported by the requested
evidence. Run targeted tests once per relevant change set and rerun
after later edits or hook autofixes that can affect the tested behavior.
Do not rerun hook-covered checks. -->
- [x] PR description includes the DCO sign-off declaration and every
commit appears as `Verified` in GitHub
- [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or
`npm run check:diff` passed when hooks were skipped or unavailable
- [x] Targeted behavior tests pass for the current change set, or tests
are marked not applicable above — `npx vitest run --project integration
test/generate-openclaw-config.test.ts
test/generate-openclaw-config-security-audit.test.ts` passed 131/131
tests
- [ ] Applicable broad gate passed — `npm test` for broad
runtime/test-harness changes; `npm run check` for repo-wide
validation/coverage changes — command/result:
- [x] Quality Gates section completed with required justifications or
waivers
- [x] No secrets, API keys, or credentials committed
- [ ] `npm run docs` builds without warnings (doc changes only) — 0
errors; two unrelated environment/theme warnings remain for missing Fern
authentication and existing light-mode contrast
- [x] Doc pages follow the [style
guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md)
(doc changes only)
- [ ] New doc pages include SPDX header and frontmatter (new pages only)

---
<!-- DCO sign-off is required in this PR description, and every commit
must appear as Verified. Run: git config user.name && git config
user.email -->
Signed-off-by: Chengjie Wang <chengjiew@nvidia.com>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Documentation**
* Updated security guidance so device authentication and related
dashboard pairing are enabled for loopback-only setups, with clearer
warnings for remote/public exposure.
* Clarified the `NEMOCLAW_DASHBOARD_BIND=0.0.0.0` opt-in workflow,
including required sandbox recreation and connect-time behavior.
* **Bug Fixes**
* Tightened remote dashboard bind handling: local-only sandboxes can’t
be used for remote exposure without the proper opt-in preparation.
* Refined managed security-audit suppression and reporting to align with
loopback vs remote exposure.
* **Tests**
* Added/expanded unit, real-audit, and end-to-end coverage for the new
suppression and remote-bind lifecycle enforcement.
* **Chores**
* CI reliability improvements (tooling availability and longer
real-audit timeout).
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Signed-off-by: Chengjie Wang <chengjiew@nvidia.com>
Signed-off-by: Apurv Kumaria <akumaria@nvidia.com>
Signed-off-by: Prekshi Vyas <prekshiv@nvidia.com>
Signed-off-by: Carlos Villela <cvillela@nvidia.com>
Co-authored-by: Apurv Kumaria <akumaria@nvidia.com>
Co-authored-by: Prekshi Vyas <prekshiv@nvidia.com>
Co-authored-by: cjagwani <cjagwani@nvidia.com>
Co-authored-by: Carlos Villela <cvillela@nvidia.com>
Hadar301 pushed a commit to Hadar301/NemoClaw-OpenShift that referenced this pull request Jul 12, 2026
<!-- markdownlint-disable MD041 -->
## Summary

Release-prep documentation for v0.0.81 now summarizes user-facing
changes merged since v0.0.80.
It also closes the Hermes dashboard-profile backup gap and distinguishes
direct blueprint-runner actions from public host CLI commands.

## Changes

- Add the `v0.0.81` section to `docs/about/release-notes.mdx` with links
to the detailed user guides.
- Document that Hermes rebuilds preserve `.hermes/dashboard-home/`,
including Dashboard `MEMORY.md` and `USER.md`.
- Update Hermes manual backup and restore examples to transfer those two
profile files without copying generated configuration or the
secret-bearing dashboard `.env`.
- Explain the new per-item backup failure causes.
- Clarify that migration snapshot retention fragments are direct-runner
arguments and are not exposed by the host `nemoclaw` CLI.

### Source summary

- NVIDIA#6445 -> `docs/about/release-notes.mdx`,
`docs/manage-sandboxes/backup-restore.mdx`, and
`docs/manage-sandboxes/workspace-files.mdx`: Summarize manifest-owned
key-level restore and current-config authority.
- NVIDIA#6617 -> `docs/about/release-notes.mdx` and
`docs/manage-sandboxes/backup-restore.mdx`: Record the fail-closed
`/proc` fallback used to verify an idle Deep Agents runtime before
snapshot creation.
- NVIDIA#6685 -> `docs/about/release-notes.mdx`,
`docs/manage-sandboxes/backup-restore.mdx`, and
`docs/manage-sandboxes/workspace-files.mdx`: Document Hermes Web
Dashboard profile persistence and safe manual transfer.
- NVIDIA#6649 -> `docs/about/release-notes.mdx`: Summarize host-validated
loopback compatible-endpoint routing through the sandbox gateway.
- NVIDIA#6643 -> `docs/about/release-notes.mdx`: Summarize automatic
`max_completion_tokens` handling for GPT-5 and o-series models.
- NVIDIA#6661 -> `docs/about/release-notes.mdx`: Summarize bounded connection
reuse for eligible provider-validation probes.
- NVIDIA#6704 -> `docs/about/release-notes.mdx`: Record that direct blueprint
apply stops instead of persisting incomplete state after provider or
inference setup fails.
- NVIDIA#6677 -> `docs/about/release-notes.mdx`: Summarize transactional
recovery for legacy Docker containers whose managed supervisor
disappeared after restart.
- NVIDIA#6625 -> `docs/about/release-notes.mdx`: Record Hermes managed-startup
persistence across direct Docker restarts.
- NVIDIA#6597 -> `docs/about/release-notes.mdx`: Record final-sandbox gateway
cleanup on macOS.
- NVIDIA#6680 -> `docs/about/release-notes.mdx`: Summarize managed Deep Agents
first-run and process-tree cleanup improvements.
- NVIDIA#6647 -> `docs/about/release-notes.mdx`: Record fail-closed validation
for the managed Deep Agents fetch CA bundle.
- NVIDIA#6645 -> `docs/about/release-notes.mdx`: Summarize WhatsApp loopback
pairing and trusted npm plugin provenance.
- NVIDIA#6673 -> `docs/about/release-notes.mdx` and
`docs/manage-sandboxes/backup-restore.mdx`: Document stopped-sandbox
backup remediation.
- NVIDIA#6631 -> `docs/about/release-notes.mdx` and
`docs/manage-sandboxes/backup-restore.mdx`: Document per-item backup
failure causes.
- NVIDIA#6620 -> `docs/about/release-notes.mdx`: Record the
created-but-not-ready sandbox lifecycle receipt.
- NVIDIA#6664 -> `docs/about/release-notes.mdx`: Record prompt-aware
onboarding progress output.
- NVIDIA#6598 -> `docs/about/release-notes.mdx`: Summarize stale replay-result
invalidation during resumed onboarding.
- NVIDIA#6593 -> `docs/about/release-notes.mdx`: Summarize contextual OpenClaw
audit findings for managed dashboard compatibility settings.
- NVIDIA#6650 -> `docs/about/release-notes.mdx`: Record redaction of
token-shaped URL query values.
- NVIDIA#6638 -> `docs/about/release-notes.mdx`: Record the exact-path MCP
`DELETE` policy recipe for session termination.
- NVIDIA#5453 -> `docs/reference/host-files-and-state.mdx`: Clarify that
snapshot retention actions belong to direct runner integrations and are
not standalone host CLI commands.

### Skipped from docs-skip

- NVIDIA#6633 matched the `openclaw-sandbox-permissive.yaml` path in
`docs/.docs-skip` and produced no documentation in this update.

## Type of Change

- [ ] Code change (feature, bug fix, or refactor)
- [ ] Code change with doc updates
- [ ] Doc only (prose changes, no code sample modifications)
- [x] Doc only (includes code sample changes)

## Quality Gates

- [ ] Tests added or updated for changed behavior
- [ ] Existing tests cover changed behavior — justification:
- [x] Tests not applicable — justification: This is a documentation-only
release-prep update; behavior is protected by the merged source PRs, and
the documentation build validates the changed examples and routes.
- [x] Docs updated for user-facing behavior changes
- [ ] Docs not applicable — justification:
- [ ] Sensitive paths changed (security, policy, credentials, preflight,
onboarding, inference, runner, sandbox, or messaging)
- [ ] Sensitive-path review completed or maintainer-approved waiver
recorded — reviewer/approval link/justification:
- [ ] Non-success, skipped, or missing CI check accepted by maintainer —
check name, approval link, and follow-up issue:

## Verification

- [x] PR description includes the DCO sign-off declaration and every
commit appears as `Verified` in GitHub
- [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or
`npm run check:diff` passed when hooks were skipped or unavailable
- [x] Targeted behavior tests pass for the current change set, or tests
are marked not applicable above — tests are not applicable for this
documentation-only change; `npm run docs` completed successfully.
- [ ] Applicable broad gate passed — `npm test` for broad
runtime/test-harness changes; `npm run check` for repo-wide
validation/coverage changes — command/result: not run for this
documentation-only change.
- [x] Quality Gates section completed with required justifications or
waivers
- [x] No secrets, API keys, or credentials committed
- [ ] `npm run docs` builds without warnings (doc changes only) — 0
errors; two existing Fern warnings remain.
- [x] Doc pages follow the [style
guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md)
(doc changes only)
- [ ] New doc pages include SPDX header and frontmatter (new pages only)
— no new pages.

---
Signed-off-by: Carlos Villela <cvillela@nvidia.com>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

- **Documentation**
- Added release notes for v0.0.81 covering state preservation, inference
setup, sandbox recovery, session setup, pairing, diagnostics, and
security policy updates.
- Expanded backup and restore guidance to include dashboard profile
files and clarify files that must not be copied.
- Added dashboard profile persistence details to workspace and rebuild
documentation.
- Clarified snapshot retention guidance and the distinction between host
CLI capabilities and direct runner actions.
  - Added more detailed backup failure reporting information.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Signed-off-by: Carlos Villela <cvillela@nvidia.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

v0.0.81 Release target

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Ubuntu 24.04][Security] NemoClaw default config flags trigger openclaw security audit critical warnings

6 participants