Conversation
Contributor
📝 WalkthroughWalkthroughThis PR updates NemoClaw policy management documentation to highlight custom preset security considerations and workflow details, while extending the sandbox build context to stage a Python script ( Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
🧹 Nitpick comments (1)
.agents/skills/nemoclaw-user-manage-policy/SKILL.md (1)
132-133: Inconsistent warning format styles.Line 314 uses a bold "Warning:" blockquote format, while Line 132 uses the
> [!WARNING]GitHub callout format. Consider standardizing on one format throughout the document for consistency.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.agents/skills/nemoclaw-user-manage-policy/SKILL.md around lines 132 - 133, The document mixes two warning styles: the GitHub callout `> [!WARNING]` used for the `openshell policy set` note and a bold "Warning:" block used elsewhere (e.g., the other warning around "Warning:" text); standardize them by picking one style and converting the other to match—either replace the `> [!WARNING]` callout that precedes the line "`openshell policy set` **replaces** the sandbox's live policy..." to the bold block format used at Line 314, or convert the bold "Warning:" block to the `> [!WARNING]` callout so all warnings use the same format throughout SKILL.md.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In @.agents/skills/nemoclaw-user-manage-policy/SKILL.md:
- Around line 132-133: The document mixes two warning styles: the GitHub callout
`> [!WARNING]` used for the `openshell policy set` note and a bold "Warning:"
block used elsewhere (e.g., the other warning around "Warning:" text);
standardize them by picking one style and converting the other to match—either
replace the `> [!WARNING]` callout that precedes the line "`openshell policy
set` **replaces** the sandbox's live policy..." to the bold block format used at
Line 314, or convert the bold "Warning:" block to the `> [!WARNING]` callout so
all warnings use the same format throughout SKILL.md.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 45889ab1-2f2e-43aa-8658-4c5da26421ea
📒 Files selected for processing (3)
.agents/skills/nemoclaw-user-manage-policy/SKILL.mdsrc/lib/sandbox-build-context.tstest/sandbox-build-context.test.ts
cv
approved these changes
Apr 27, 2026
13 tasks
ericksoa
added a commit
that referenced
this pull request
Apr 28, 2026
Pulls in: - a323104 fix(sandbox): include generate-openclaw-config.py in optimized build context (#2565) — same fix as the cherry-pick on this branch (ddb9e15), collapses cleanly. - d392ec0 fix(onboard): clarify preflight messages reference local NIM (#2575) # Conflicts: # test/sandbox-build-context.test.ts
13 tasks
miyoungc
added a commit
that referenced
this pull request
Apr 28, 2026
## Summary Refreshes user-facing docs for the last 24 hours of merged NemoClaw history and bumps the docs metadata to 0.0.29, the next version after v0.0.28. The updates are limited to behavior supported by merged PR descriptions and diffs. ## Changes - `docs/reference/commands.md`: documented `nemoclaw <name> policy-add --from-file` and `--from-dir`, including custom preset review guidance, from #2077 / commit `7720b175`. - `docs/deployment/deploy-to-remote-gpu.md`: clarified that non-loopback `CHAT_UI_URL` disables OpenClaw device pairing for remote browser-only deployments, from #2449 / commit `f5ee8a4d`. - `docs/inference/inference-options.md`: documented provider-aware credential retry validation and the NVIDIA-only `nvapi-` prefix check, from #2389 / commit `6f7f0c6d`. - `docs/inference/switch-inference-providers.md`: documented `NEMOCLAW_INFERENCE_INPUTS` for text/image-capable model metadata baked into `openclaw.json`, from #2441 / commit `f4391892`. - `docs/reference/troubleshooting.md`: added the Git certificate verification entry for proxy CA propagation through `GIT_SSL_CAINFO`, `GIT_SSL_CAPATH`, `CURL_CA_BUNDLE`, and `REQUESTS_CA_BUNDLE`, from #2345 / commit `fa0dc1ab`. - `docs/versions1.json` and `docs/project.json`: promoted docs version `0.0.29`; `docs/versions1.json` omits unpublished `0.0.26`, `0.0.27`, and `0.0.28` entries. - `.agents/skills/nemoclaw-user-*`: regenerated derived user skill references from the updated docs. - Reviewed with no extra doc changes: #2575 / `d392ec07`, #2565 / `a3231049`, #1965 / `db1ef3ca`, #1990 / `db665834`, #2495 / `7da86fa3`, #2496 / `3192f4f4`, #2490 / `8c209058`, #2487 / `1f615e2f`, #2483 / `5653d33a`, #2482 / `31c782c0`, #2464 / `23bb5703`, #2472 / `a54f9a34`, and #2437 / `6bc860d7`. - Skipped per docs policy: #2420 / `7b76df6b` touched the experimental sandbox config path listed in `docs/.docs-skip`; #2466 / `cc15689c` touched a skipped term and CI-only sandbox image files. ## Type of Change - [ ] Code change (feature, bug fix, or refactor) - [ ] Code change with doc updates - [ ] Doc only (prose changes, no code sample modifications) - [x] Doc only (includes code sample changes) ## Verification <!-- Check each item you ran and confirmed. Leave unchecked items you skipped. --> - [x] `npx prek run --all-files` passes - [ ] `npm test` passes — failed locally in installer-integration tests and one onboard helper timeout; the doc-scoped hook test projects passed under `prek`. - [ ] Tests added or updated for new or changed behavior - [x] No secrets, API keys, or credentials committed - [x] Docs updated for user-facing behavior changes - [ ] `make docs` builds without warnings (doc changes only) — build succeeded, but local Sphinx emitted the existing version-switcher file read message. - [x] Doc pages follow the [style guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md) (doc changes only) - [ ] New doc pages include SPDX header and frontmatter (new pages only) ## AI Disclosure <!-- If an AI agent authored or co-authored this PR, check the box and name the tool. Remove this section for fully human-authored PRs. --> - [x] AI-assisted — tool: Codex --- <!-- DCO sign-off required by CI. Run: git config user.name && git config user.email --> Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Support for custom YAML presets in policy configuration via --from-file and --from-dir. * New build-time inference input option to declare accepted modalities (text or text,image). * **Improvements** * Credential validation now offers interactive recovery: re-enter key, retry, choose another provider, or exit. * Clarified provider-specific API key prefix handling (nvapi- only applies to NVIDIA keys). * **Documentation** * TLS certificate troubleshooting for inspected networks. * Clarified remote dashboard security/device-pairing behavior; command docs updated; docs version bumped. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Signed-off-by: Miyoung Choi <miyoungc@nvidia.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
PR #2449 extracted inline Python config generation from the Dockerfile into
scripts/generate-openclaw-config.pyand added aCOPYinstruction (Dockerfile line 195), but did not updatestageOptimizedSandboxBuildContext()to include the new file. This causes everynemoclaw onboardto fail with a DockerCOPY failed: file not found in build contexterror. This PR adds the missingcopyFileSyncand a regression test assertion.Related Issue
Fixes #2503
Closes #2509
Changes
src/lib/sandbox-build-context.ts— Addedfs.copyFileSyncforscripts/generate-openclaw-config.pyinstageOptimizedSandboxBuildContext(), alongside the existingnemoclaw-start.shandlib/sandbox-init.shcopies.test/sandbox-build-context.test.ts— Added assertion thatscripts/generate-openclaw-config.pyis present in the staged optimized build context, preventing future regressions.Type of Change
Verification
npx prek run --all-filespassesnpm testpassesmake docsbuilds without warnings (doc changes only)AI Disclosure
Signed-off-by: Brandon Pelfrey bpelfrey@nvidia.com