feat(policies): add Ollama local inference preset

[rktm0604]

Summary

Related Issue

Changes

Type of Change

• Code change for a new feature, bug fix, or refactor.
• Code change with doc updates.
• Doc only. Prose changes without code sample modifications.
• Doc only. Includes code sample changes.

Testing

• npx prek run --all-files passes (or equivalently make check).
• npm test passes.
• make docs builds without warnings. (for doc-only changes)

Checklist

General

• I have read and followed the contributing guide.
• I have read and followed the style guide. (for doc-only changes)

Code Changes

• Formatters applied — npx prek run --all-files auto-fixes formatting (or make format for targeted runs).
• Tests added or updated for new or changed behavior.
• No secrets, API keys, or credentials committed.
• Doc pages updated for any user-facing behavior changes (new commands, changed defaults, new features, bug fixes that contradict existing docs).

Doc Changes

• Follows the style guide. Try running the update-docs agent skill to draft changes while complying with the style guide. For example, prompt your agent with "/update-docs catch up the docs for the new changes I made in this PR."
• New pages include SPDX license header and frontmatter, if creating a new page.
• Cross-references and links verified.

Summary by CodeRabbit

• New Features
  • Added a new Ollama policy preset enabling sandboxed agents to securely access locally running Ollama REST endpoints for model listing and inference operations via GET and POST methods.

[coderabbitai]

📝 Walkthrough

Walkthrough

A new policy preset configuration file is added to enable sandboxed agent egress permissions for accessing a locally running Ollama REST endpoint on port 11434 with GET and POST methods.

Changes

Cohort / File(s)	Summary
Ollama Policy Preset nemoclaw-blueprint/policies/presets/ollama.yaml	Added new policy preset defining egress permissions for openclaw binary to access host-gateway:11434 with GET and POST methods. Includes documentation of supported Ollama operations and optional commented rules for model registry access.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Poem

🐰 A preset for Ollama so fine,
Now agents can model align,
With GET and POST calls,
Through gateway's blessed halls,
Local inference flows—a design! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: adding a new Ollama local inference preset to the policies directory, which directly matches the changeset content.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@nemoclaw-blueprint/policies/presets/ollama.yaml`:
- Around line 31-32: Update the failing test expectations to account for the new
"ollama" preset: change the assertion that checks presets.length from 9 to 10
(the variable referenced is presets.length) and add "ollama" to the expected
names array used in the test (the array referenced around the expected names
variable or literal in the test that currently lists preset names).
- Around line 38-62: Replace the top-level "egress:" key with
"network_policies:" and indent the existing Ollama rules under that key so the
preset conforms to the required schema (update the YAML in
nemoclaw-blueprint/policies/presets/ollama.yaml: change egress ->
network_policies and move the nested host/ports/methods/binaries/description
under the new key). Then update the tests that assert preset counts and names to
include the new "ollama" preset: adjust the expectation from 9 to 10 for
policies.listPresets() and add "ollama" to the expected names array used in the
name-check assertions (tests that call policies.listPresets() and
policies.loadPreset()).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: a167c5ff-d608-4ee7-960e-cb699c0d4687

📥 Commits

Reviewing files that changed from the base of the PR and between eb4ba8c and 409235c.

📒 Files selected for processing (1)

• nemoclaw-blueprint/policies/presets/ollama.yaml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Verify the hard-coded test assertions that need updating

echo "=== Current hard-coded preset count check ==="
rg -n "expect\(presets\.length\)\.toBe\(" test/policies.test.js

echo -e "\n=== Current expected preset names ==="
rg -A 12 "const expected = \[" test/policies.test.js | head -n 15

Repository: NVIDIA/NemoClaw

Length of output: 428

---

🏁 Script executed:

#!/bin/bash
# Check if ollama.yaml exists in the presets directory
find . -name "ollama.yaml" -o -name "ollama.yml"

# List all .yaml files in policies/presets to see what will be discovered
echo -e "\n=== All preset files in policies/presets ==="
ls -1 nemoclaw-blueprint/policies/presets/ | grep -E '\.(yaml|yml)$'

# Show the listPresets function to understand auto-discovery
echo -e "\n=== ListPresets function implementation ==="
rg -A 10 "listPresets" test/policies.test.js | head -n 20

Repository: NVIDIA/NemoClaw

Length of output: 877

---

Update test assertions for new preset.

The test file test/policies.test.js has hard-coded assertions that will fail with the new ollama preset:

• Line 12: expect(presets.length).toBe(9); must be updated to 10
• Lines 27-37: Add "ollama" to the expected names array

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@nemoclaw-blueprint/policies/presets/ollama.yaml` around lines 31 - 32, Update
the failing test expectations to account for the new "ollama" preset: change the
assertion that checks presets.length from 9 to 10 (the variable referenced is
presets.length) and add "ollama" to the expected names array used in the test
(the array referenced around the expected names variable or literal in the test
that currently lists preset names).

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Check the structure of other preset files to confirm the expected schema

echo "=== Checking for network_policies in existing presets ==="
rg -n "^network_policies:" nemoclaw-blueprint/policies/presets/ --type yaml

echo -e "\n=== Sample structure from discord preset ==="
head -n 50 nemoclaw-blueprint/policies/presets/discord.yaml | rg -A 10 "^network_policies:"

echo -e "\n=== Sample structure from pypi preset ==="
head -n 50 nemoclaw-blueprint/policies/presets/pypi.yaml | rg -A 10 "^network_policies:"

Repository: NVIDIA/NemoClaw

Length of output: 1270

---

🏁 Script executed:

#!/bin/bash
# Check actual ollama.yaml content
echo "=== Actual ollama.yaml content ==="
cat nemoclaw-blueprint/policies/presets/ollama.yaml

echo -e "\n=== Full discord.yaml for structure comparison ==="
cat nemoclaw-blueprint/policies/presets/discord.yaml

echo -e "\n=== Full pypi.yaml for structure comparison ==="
cat nemoclaw-blueprint/policies/presets/pypi.yaml

Repository: NVIDIA/NemoClaw

Length of output: 4494

---

🏁 Script executed:

#!/bin/bash
# Check the test file to see what validations are performed
echo "=== Checking test validations ==="
rg -n "network_policies" nemoclaw-blueprint/test/ --type js -A 5 -B 5

echo -e "\n=== Looking for schema validation or parsing in tests ==="
rg -n "network_policies|preset|egress" nemoclaw-blueprint/test/policies.test.js -A 2 -B 2

Repository: NVIDIA/NemoClaw

Length of output: 314

---

🏁 Script executed:

#!/bin/bash
# Find test files
echo "=== Searching for test files ==="
find . -name "*.test.js" -o -name "*.test.ts" -o -name "*test*" -type f | grep -i test | head -20

echo -e "\n=== Searching for policies test ==="
find . -name "*policies*test*" -o -name "*test*policies*" | head -10

echo -e "\n=== Checking repository structure ==="
ls -la | head -20

Repository: NVIDIA/NemoClaw

Length of output: 2158

---

🏁 Script executed:

#!/bin/bash
# Read the test file to understand validations
echo "=== Content of test/policies.test.js ==="
cat test/policies.test.js

Repository: NVIDIA/NemoClaw

Length of output: 8295

---

🏁 Script executed:

#!/bin/bash
# Find and examine the policies implementation
echo "=== Finding policies implementation ==="
find . -name "policies.js" -o -name "policies.ts" | grep -v test

echo -e "\n=== Reading policies implementation ==="
cat bin/lib/policies.js 2>/dev/null || cat bin/lib/policies.ts 2>/dev/null || find . -path "*/bin/*" -name "policies*" -exec cat {} \;

Repository: NVIDIA/NemoClaw

Length of output: 7053

---

Critical: Missing network_policies: wrapper and incomplete test compatibility.

The preset structure is missing the required network_policies: top-level key. According to the test suite, every preset must have a network_policies: section. Additionally, the test expects exactly 9 presets with specific names, and "ollama" is not in that list.

Impact:

1. Test at test/policies.test.js line 113 will fail:

it("every preset has network_policies section", () => {
  for (const p of policies.listPresets()) {
    const content = policies.loadPreset(p.name);
    expect(content.includes("network_policies:")).toBeTruthy();
  }
});

2. Test at line 11 expects exactly 9 presets but ollama.yaml will make it 10
3. Test at lines 27-37 expects specific preset names excluding "ollama"

Fix the schema by replacing egress: with network_policies: and indenting all rules accordingly. Additionally, update test/policies.test.js lines 11 and 27-37 to include "ollama" in the expected presets count (10) and names list.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@nemoclaw-blueprint/policies/presets/ollama.yaml` around lines 38 - 62,
Replace the top-level "egress:" key with "network_policies:" and indent the
existing Ollama rules under that key so the preset conforms to the required
schema (update the YAML in nemoclaw-blueprint/policies/presets/ollama.yaml:
change egress -> network_policies and move the nested
host/ports/methods/binaries/description under the new key). Then update the
tests that assert preset counts and names to include the new "ollama" preset:
adjust the expectation from 9 to 10 for policies.listPresets() and add "ollama"
to the expected names array used in the name-check assertions (tests that call
policies.listPresets() and policies.loadPreset()).