fix(messaging): lock WeChat runtime graph#6739
Conversation
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughThis change adds a pinned WeChat runtime graph, lock verification, offline plugin installation, Docker and sandbox staging, and mandatory CI auditing with artifact evidence and workflow contract tests. ChangesWeChat runtime lock
Estimated code review effort: 4 (Complex) | ~60 minutes Possibly related PRs
Suggested labels: Suggested reviewers: Sequence Diagram(s)sequenceDiagram
participant DockerBuild
participant MessagingBuildApplier
participant Npm
participant LockVerifier
DockerBuild->>MessagingBuildApplier: provide staged runtime lock and trusted cache
MessagingBuildApplier->>Npm: install plugin offline using disposable cache
Npm-->>MessagingBuildApplier: create installed npm project
MessagingBuildApplier->>LockVerifier: verify installed lock and OpenClaw peer range
LockVerifier-->>MessagingBuildApplier: accept or reject installation
sequenceDiagram
participant Workflow
participant WechatRuntimeAudit
participant Npm
participant ArtifactStorage
Workflow->>WechatRuntimeAudit: run trusted audit action
WechatRuntimeAudit->>Npm: materialize and audit locked graph offline
Npm-->>WechatRuntimeAudit: audit and signature results
WechatRuntimeAudit->>ArtifactStorage: upload audit evidence
Workflow-->>Workflow: require audit success
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
E2E Advisor RecommendationRequired E2E: Dispatch hint: Full advisor summaryE2E Recommendation AdvisorBase: Required E2E
Optional E2E
New E2E recommendations
Dispatch hint
|
There was a problem hiding this comment.
Actionable comments posted: 2
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
Dockerfile (1)
159-169: 🔒 Security & Privacy | 🟡 Minor | ⚡ Quick win
verify-wechat-runtime-lock.mtsis missing from the explicitchmod 755list.Every other script copied into
/usr/local/lib/nemoclaw/in this block gets an explicitchmod 755, even though (like this one) they're only ever invoked asnode <script>. This new script is left at whatever modeCOPYhappens to preserve from the build context, breaking the file's own explicit least-privilege convention.As per path instructions for
Dockerfile*: "Preserve deny-by-default behavior, least privilege, redaction, and fail-closed handling."🔒 Proposed fix
RUN chmod 755 /usr/local/lib/nemoclaw/patch-openclaw-tool-catalog.js \ /usr/local/lib/nemoclaw/patch-openclaw-chat-send.js \ /usr/local/lib/nemoclaw/patch-openclaw-mcp-npx.mts \ /usr/local/lib/nemoclaw/patch-openclaw-issue-4434-diagnostics.ts \ - /usr/local/lib/nemoclaw/patch-openclaw-device-self-approval.ts + /usr/local/lib/nemoclaw/patch-openclaw-device-self-approval.ts \ + /usr/local/lib/nemoclaw/verify-wechat-runtime-lock.mts🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@Dockerfile` around lines 159 - 169, Update the Dockerfile chmod command to include /usr/local/lib/nemoclaw/verify-wechat-runtime-lock.mts alongside the other copied scripts, preserving the block’s explicit executable-permission convention.Source: Path instructions
🧹 Nitpick comments (1)
agents/openclaw/dependency-review.md (1)
23-31: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick winAdd an audit/advisory trail and regression-test reference, matching the mcporter section above.
The mcporter section records an explicit advisory command, review date, and result, plus a
regressionTestfield. The new WeChat section skips these, even though the PR objectives claim zero production audit vulnerabilities were verified — there's nothing here recording how/when that was checked, or which test keeps this pin, the Dockerfile npm-cache literals, andWECHAT_OPENCLAW_PLUGIN_SPECinmessaging-build-applier.mtssynchronized.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@agents/openclaw/dependency-review.md` around lines 23 - 31, Update the WeChat plugin runtime graph section to include the same advisory command, review date, and audit result fields used by the mcporter section, and add a regressionTest field. Reference the test that verifies synchronization of the pinned package, Dockerfile npm-cache literals, and WECHAT_OPENCLAW_PLUGIN_SPEC in messaging-build-applier.mts.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@scripts/verify-wechat-runtime-lock.mts`:
- Around line 66-93: Update normalizedRecord so its dependencies object is
rebuilt with deterministically sorted keys before comparison, while preserving
each dependency value and the existing empty-object fallback. Keep
verifyWechatRuntimeLock’s metadata comparison and version checks unchanged.
In `@src/lib/messaging/applier/build/messaging-build-applier.mts`:
- Around line 129-133: Move WeChat-specific package-install metadata from
WECHAT_OPENCLAW_PLUGIN_SPEC, WECHAT_NPM_CACHE, WECHAT_RUNTIME_LOCK,
WECHAT_NPM_PROJECTS_ROOT, and the install.spec branch into the channel manifest
or hook-output schema keyed by channelId. Update the applier’s package-install
dispatch to consume that manifest metadata, including offline/cache,
legacy-peer-deps, lock-path, and verification behavior, without matching a
version-embedded plugin spec. Ensure manifest metadata remains synchronized with
the runtime package configuration and preserves WeChat lock verification.
---
Outside diff comments:
In `@Dockerfile`:
- Around line 159-169: Update the Dockerfile chmod command to include
/usr/local/lib/nemoclaw/verify-wechat-runtime-lock.mts alongside the other
copied scripts, preserving the block’s explicit executable-permission
convention.
---
Nitpick comments:
In `@agents/openclaw/dependency-review.md`:
- Around line 23-31: Update the WeChat plugin runtime graph section to include
the same advisory command, review date, and audit result fields used by the
mcporter section, and add a regressionTest field. Reference the test that
verifies synchronization of the pinned package, Dockerfile npm-cache literals,
and WECHAT_OPENCLAW_PLUGIN_SPEC in messaging-build-applier.mts.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: ed6ad7e9-f4f4-4544-a44b-c009bb06f8ba
⛔ Files ignored due to path filters (1)
agents/openclaw/wechat-runtime/package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (8)
Dockerfileagents/openclaw/dependency-review.mdagents/openclaw/wechat-runtime/package.jsonscripts/verify-wechat-runtime-lock.mtssrc/lib/messaging/applier/build/messaging-build-applier.mtstest/messaging-build-applier.test.tstest/verify-wechat-runtime-lock.test.tstest/wechat-locked-install.test.ts
Signed-off-by: Ho Lim <subhoya@gmail.com>
7f5f7b0 to
033febe
Compare
There was a problem hiding this comment.
🧹 Nitpick comments (2)
src/lib/messaging/applier/build/messaging-build-applier.mts (1)
698-722: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winConsider extracting helper functions to reduce complexity of
installOpenClawMessagingPlugins.This function now builds install env, runs the install, and conditionally runs verification — three distinct responsibilities in one loop body. Extracting
buildInstallEnv(install, env)and the verifier-invocation block would keep each function focused and easier to unit-test in isolation.♻️ Proposed extraction
+function buildInstallEnv(install: OpenClawPluginInstall, env: Env): Env { + return { + ...env, + NPM_CONFIG_IGNORE_SCRIPTS: "true", + npm_config_ignore_scripts: "true", + ...(install.runtimeLock + ? { + NPM_CONFIG_CACHE: install.runtimeLock.cachePath, + NPM_CONFIG_OFFLINE: String(install.runtimeLock.offline), + NPM_CONFIG_LEGACY_PEER_DEPS: String(install.runtimeLock.legacyPeerDeps), + } + : {}), + }; +} + +function verifyRuntimeLockIfPresent(install: OpenClawPluginInstall, installEnv: Env): void { + if (!install.runtimeLock) return; + runCommand( + [ + "node", + "--experimental-strip-types", + install.runtimeLock.verifierPath, + install.runtimeLock.lockFile, + install.runtimeLock.projectsRoot, + ], + installEnv, + ); +} + export function installOpenClawMessagingPlugins(plan: MessagingBuildPlan | null, env: Env): void { for (const install of collectOpenClawMessagingPluginInstalls(plan, env)) { const packed = packVerifiedOpenClawPluginArchive(install, env); try { - const installEnv = { - ...env, - NPM_CONFIG_IGNORE_SCRIPTS: "true", - npm_config_ignore_scripts: "true", - ...(install.runtimeLock - ? { - NPM_CONFIG_CACHE: install.runtimeLock.cachePath, - NPM_CONFIG_OFFLINE: String(install.runtimeLock.offline), - NPM_CONFIG_LEGACY_PEER_DEPS: String(install.runtimeLock.legacyPeerDeps), - } - : {}), - }; + const installEnv = buildInstallEnv(install, env); runCommand(["openclaw", "plugins", "install", `npm-pack:${packed.archivePath}`], installEnv); - if (install.runtimeLock) { - runCommand( - [ - "node", - "--experimental-strip-types", - install.runtimeLock.verifierPath, - install.runtimeLock.lockFile, - install.runtimeLock.projectsRoot, - ], - installEnv, - ); - } + verifyRuntimeLockIfPresent(install, installEnv); } finally { rmSync(packed.rootDir, { recursive: true, force: true }); } } }🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/lib/messaging/applier/build/messaging-build-applier.mts` around lines 698 - 722, Refactor installOpenClawMessagingPlugins by extracting the install environment construction into buildInstallEnv(install, env) and the conditional runtime-lock verification command into a separate helper. Keep the existing environment values, install command, verifier arguments, and conditional behavior unchanged, then invoke the helpers from the loop.test/wechat-locked-install.test.ts (1)
27-27: 🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick winSelect the package by agent id
Usefind((pkg) => pkg.agent === "openclaw")here instead of[0]so the assertion stays stable if another agent package is added or the manifest order changes.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@test/wechat-locked-install.test.ts` at line 27, Update the runtimeLock selection in the test to find the package whose agent is "openclaw" using the agent field, replacing the order-dependent wechatManifest.agentPackages[0] access while preserving the existing assertion behavior.Source: Coding guidelines
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@src/lib/messaging/applier/build/messaging-build-applier.mts`:
- Around line 698-722: Refactor installOpenClawMessagingPlugins by extracting
the install environment construction into buildInstallEnv(install, env) and the
conditional runtime-lock verification command into a separate helper. Keep the
existing environment values, install command, verifier arguments, and
conditional behavior unchanged, then invoke the helpers from the loop.
In `@test/wechat-locked-install.test.ts`:
- Line 27: Update the runtimeLock selection in the test to find the package
whose agent is "openclaw" using the agent field, replacing the order-dependent
wechatManifest.agentPackages[0] access while preserving the existing assertion
behavior.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 28524fd5-af5b-4cb6-8d04-9d43c9f71977
⛔ Files ignored due to path filters (1)
agents/openclaw/wechat-runtime/package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (12)
Dockerfileagents/openclaw/dependency-review.mdagents/openclaw/wechat-runtime/package.jsonscripts/verify-wechat-runtime-lock.mtssrc/lib/messaging/applier/build/messaging-build-applier.mtssrc/lib/messaging/channels/wechat/manifest.tssrc/lib/messaging/manifest/types.tssrc/lib/sandbox/build-context.tstest/messaging-build-applier.test.tstest/sandbox-build-context.test.tstest/verify-wechat-runtime-lock.test.tstest/wechat-locked-install.test.ts
🚧 Files skipped from review as they are similar to previous changes (4)
- agents/openclaw/wechat-runtime/package.json
- agents/openclaw/dependency-review.md
- scripts/verify-wechat-runtime-lock.mts
- Dockerfile
|
✨ Thanks for the hardening work, @HOYALIM. Locking the WeChat runtime graph and verifying the offline install path closes a supply-chain gap. Ready for maintainer review. Related open issues: Related open issues: |
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@test/sandbox-build-context.test.ts`:
- Around line 36-37: Update the staging test fixtures around writeFixture and
the assertions near the staged-file checks so each runtime manifest uses
distinct, runtime-specific JSON content. Assert the staged manifest file
contents against the corresponding expected source data, not just filenames or
modes, for both package.json and package-lock.json, preserving the observable
staging-boundary verification.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: f9aa23b2-e010-4b19-b8ac-dafcb98e20c7
📒 Files selected for processing (3)
Dockerfilesrc/lib/sandbox/build-context.tstest/sandbox-build-context.test.ts
🚧 Files skipped from review as they are similar to previous changes (1)
- Dockerfile
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
cjagwani
left a comment
There was a problem hiding this comment.
Requesting changes on exact head 399a3143b4ab941edcf7b2a91ef02b1c6834bcf4.
-
[P1] The WeChat-enabled image cannot complete the real sandbox-user install.
Dockerfilebuilds/usr/local/share/nemoclaw/wechat-npm-cacheas root and only grantsa+rX, then switches toUSER sandbox; the messaging applier forces that cache foropenclaw plugins install. A production-shape reproduction with OpenClaw 2026.6.10, npm 10.9.4, and the exact reviewed 2.4.3 archive fails atnpm packwithEACCEScreating_cacache/tmp. The same archive installs and verifies when the cache is writable. Please use a sandbox-writable temporary install cache (then remove/reseal it, preserving the final trusted cache boundary) and add a real installer/image-user-boundary regression. The current locked-install test mocks npm/OpenClaw/Node, so it cannot catch this failure. -
[P2] The issue-required package-bump audit is not enforced. #5896 requires a CI audit on dependency refresh, but this head only documents a manual
npm audit; no default workflow/test materializes the committed nested graph and audits it. Please add a production-compatible CI lane that performs the lockednpm ci --ignore-scripts --omit=dev --legacy-peer-deps, runsnpm audit --omit=dev --jsonwith the agreed threshold/report artifact, and preferably verifies registry signatures.
The exact graph is currently clean (0 vulnerabilities; all three registry signatures verify), and the SRI/path/manifest logic otherwise passed review. The blockers are the production install boundary and the missing repeatable CI audit proof; green mocked tests or unrelated live targets do not cover them.
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
cjagwani
left a comment
There was a problem hiding this comment.
The prior EACCES and default-audit blockers are fixed on this head: the sandbox-owned cache copy works, the exact npm 10.9.4 audit/signature/pack exercise passes, and the new wechat-runtime-audit job is green. This head still cannot merge because the Dockerfile change breaks a production path and the required CLI suite.
-
[P1] The stock Dockerfile is no longer accepted by the remote-dashboard bind contract.
Dockerfile:1141-1156replaces the allowlisted one-line agent-install instruction with a complexRUN set -eublock.dockerfile-remote-dashboard-bind-contract.ts:23-29,35-61recognizes only the old instruction shape/canonical digests, so requestingNEMOCLAW_DASHBOARD_BIND=0.0.0.0now makes the checked-in Dockerfile fail closed at line 167. This is reproduced bytest/dashboard-remote-bind-lifecycle.test.ts:130-141. Add the new normalized instruction to the exact trusted contract (and its digest lifecycle proof) so the managed remote-dashboard path works without weakening custom-Dockerfile validation. -
Required CI also exposes stale contracts caused by this same shape change:
sandbox-provisioning-tavily.test.ts,sandbox-provisioning.test.ts, andopenclaw-integrity-pin-suite.tsstill delimit/execute the old one-line agent-install marker; update them to isolate the optional-plugin block and new WeChat cache block correctly.openclaw-dependency-review.test.tsstill expects the old manual-audit wording and counts three exact one-line applierRUNinstructions.pr-workflow-contract.test.tsdoes not provideWECHAT_RUNTIME_AUDIT_RESULTin its successful/code/docs-only/main fixtures, so the newly required gate fails even when modeled as healthy.
Exact-head run 29274554458 failed CLI shards 1, 2, 4, 5, and 8 plus aggregate checks; these are deterministic assertion failures, so rerunning the unchanged head will not help. Please update the production allowlist and the affected tests, then restart all gates on the new SHA.
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
Retain the reviewed WeChat runtime hardening while incorporating the consolidated advisor and dependency-audit workflows. Correct the advisor's Ubuntu fd-find binary verification so the trusted review jobs can execute.
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
Signed-off-by: Aaron Erickson <aerickson@nvidia.com> # Conflicts: # .github/workflows/pr-review-advisor.yaml # test/pr-review-advisor-workflow-boundary.test.ts # tools/pr-review-advisor/workflow-boundary.mts
Signed-off-by: Aaron Erickson <aerickson@nvidia.com> # Conflicts: # .github/workflows/pr-review-advisor.yaml
PR Review Advisor — InformationalAdvisor assessment: Informational / low confidence E2E guidanceAdvisory only: coverage and selector recommendations are non-authoritative. E2E / PR Gate independently computes and dispatches trusted jobs without consuming this output. Recommended coverage:
1 optional coverage item · 1 optional selector · 0 new-test recommendations
This is an automated, non-authoritative review. Findings are inputs to maintainer adjudication. Warnings and optional suggestions do not require a response or follow-up. A human maintainer makes the final merge decision. |
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
ericksoa
left a comment
There was a problem hiding this comment.
Approving exact head 721a2a9 after the complete hosted matrix, CodeQL/ShellCheck, real offline WeChat cache proof, dual high-confidence advisor passes with zero findings, audited exact-head/base fork no-secret E2E exception, and zero unresolved review threads.
<!-- markdownlint-disable MD041 --> ## Summary Release-prep documentation for v0.0.82 now summarizes user-facing changes merged since v0.0.81. It also closes stale wording in the stopped-sandbox backup, snapshot-clone, Ollama selection, and custom-policy authoring guidance. ## Changes - Add the `v0.0.82` section to `docs/about/release-notes.mdx` with links to the focused user guides. - Document that snapshot clones receive a destination-owned dashboard port before destructive replacement begins. - Align `backup-all` guidance with eligible stopped Docker-driver sandboxes that NemoClaw starts temporarily. - Describe the running and stopped Ollama menu states without claiming one fixed label. - Document runtime rejection of catch-all hosts in custom policy files. ### Source summary - [#6748](#6748) -> `docs/about/release-notes.mdx`, `docs/manage-sandboxes/lifecycle.mdx`, and `docs/reference/commands.mdx`: Summarize non-destructive sandbox `stop` and `start` commands. - [#6723](#6723) -> `docs/about/release-notes.mdx`, `docs/manage-sandboxes/backup-restore.mdx`, and `docs/reference/commands.mdx`: Record temporary startup and cleanup for eligible stopped-sandbox backups. - [#6749](#6749) -> `docs/about/release-notes.mdx` and `docs/manage-sandboxes/backup-restore.mdx`: Document destination-owned dashboard ports for snapshot clones. - [#6764](#6764) -> `docs/about/release-notes.mdx`: Summarize installer handling of route-only onboarding placeholders. - [#6771](#6771) -> `docs/about/release-notes.mdx`, `docs/inference/set-up-vllm.mdx`, `docs/inference/choose-inference-provider.mdx`, `docs/reference/commands.mdx`, and `docs/reference/platform-support.mdx`: Summarize managed-vLLM storage gates, immutable image digests, and the explicit override boundary. - [#6759](#6759) -> `docs/about/release-notes.mdx`: Record early, actionable OpenShell gateway-port conflict diagnostics. - [#6753](#6753) -> `docs/about/release-notes.mdx` and `docs/inference/set-up-ollama.mdx`: Document truthful running and stopped Ollama menu states. - [#6776](#6776) -> `docs/about/release-notes.mdx`: Summarize proxy-independent loopback readiness checks. - [#6769](#6769) -> `docs/about/release-notes.mdx`: Record compatible endpoint and agent guidance when Chat Completions is unavailable. - [#6730](#6730) -> `docs/about/release-notes.mdx`: Summarize bounded reuse of an eligible successful Chat Completions check. - [#6768](#6768) -> `docs/about/release-notes.mdx`: Record route-reservation repair during resumed onboarding. - [#6742](#6742) -> `docs/about/release-notes.mdx`: Summarize pre-mutation resolution of secret-free sandbox create intent. - [#6721](#6721) -> `docs/about/release-notes.mdx` and `docs/get-started/quickstart-langchain-deepagents-code.mdx`: Record bounded cleanup of completed managed Deep Agents headless sessions. - [#6731](#6731) -> `docs/about/release-notes.mdx` and `docs/network-policy/customize-network-policy.mdx`: Document runtime rejection of catch-all custom-policy destinations. - [#6729](#6729) -> `docs/about/release-notes.mdx` and `docs/get-started/prerequisites.mdx`: Record the Node.js 22.19 minimum. - [#6735](#6735) -> `docs/about/release-notes.mdx` and `docs/reference/platform-support.mdx`: Summarize the Ubuntu 26.04 userspace contract without claiming pending host or live validation. - [#6775](#6775) -> `docs/about/release-notes.mdx` and `docs/resources/community-contributions.mdx`: Route independent solutions outside canonical supported-product documentation. - [#6740](#6740) -> `docs/about/release-notes.mdx`: Summarize the semantic dependency-upgrade contributor workflow. - [#6777](#6777) -> `docs/about/release-notes.mdx` and `docs/CONTRIBUTING.md`: Summarize the route-safe documentation-refactor workflow. - [#6741](#6741) -> `docs/about/release-notes.mdx` and `docs/security/openclaw-2026.6.10-dependency-review.md`: Summarize reviewed npm archive verification and audit enforcement. - [#6739](#6739) -> `docs/about/release-notes.mdx` and `docs/security/openclaw-2026.6.10-dependency-review.md`: Record the locked offline dependency graph for the managed OpenClaw WeChat runtime. - [#6737](#6737) -> `docs/about/release-notes.mdx`: Record removal of the messaging build plan from final OpenClaw and Hermes image environments. - [#6733](#6733) -> `docs/about/release-notes.mdx`: Summarize cached plugin dependency layers for source and blueprint rebuilds. ### Skipped from docs-skip - None. No commit or changed path in `v0.0.81..origin/main` matched `openclaw-sandbox-permissive.yaml` or `config-show`, and the drafted content contains none of the configured skip terms. ## Type of Change - [ ] Code change (feature, bug fix, or refactor) - [ ] Code change with doc updates - [x] Doc only (prose changes, no code sample modifications) - [ ] Doc only (includes code sample changes) ## Quality Gates - [ ] Tests added or updated for changed behavior - [ ] Existing tests cover changed behavior — justification: - [x] Tests not applicable — justification: This is a documentation-only release-prep update; behavior is protected by the merged source PRs, and the documentation build validates the changed routes and agent variants. - [x] Docs updated for user-facing behavior changes - [ ] Docs not applicable — justification: - [ ] Sensitive paths changed (security, policy, credentials, preflight, onboarding, inference, runner, sandbox, or messaging) - [ ] Sensitive-path review completed or maintainer-approved waiver recorded — reviewer/approval link/justification: - [ ] Non-success, skipped, or missing CI check accepted by maintainer — check name, approval link, and follow-up issue: ## Verification - [x] PR description includes the DCO sign-off declaration and every commit appears as `Verified` in GitHub - [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or `npm run check:diff` passed when hooks were skipped or unavailable - [x] Targeted behavior tests pass for the current change set, or tests are marked not applicable above — tests are not applicable for this documentation-only change. - [ ] Applicable broad gate passed — `npm test` for broad runtime/test-harness changes; `npm run check` for repo-wide validation/coverage changes — command/result: not run for this documentation-only change. - [x] Quality Gates section completed with required justifications or waivers - [x] No secrets, API keys, or credentials committed - [ ] `npm run docs` builds without warnings (doc changes only) — 0 errors; two pre-existing Fern warnings remain. - [x] Doc pages follow the [style guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md) (doc changes only) - [ ] New doc pages include SPDX header and frontmatter (new pages only) — no new pages. --- Signed-off-by: Charan Jagwani <cjagwani@nvidia.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Updated release notes with improvements to sandbox recovery, onboarding, session management, policy validation, storage checks, and system requirements. * Clarified Ollama setup instructions and status labels. * Documented safer snapshot restoration, including dedicated ports and protection against destructive failures. * Expanded `backup-all` coverage to include eligible stopped sandboxes. * Added guidance rejecting broad or catch-all network destinations in custom policies. <!-- end of auto-generated comment: release notes by coderabbit.ai --> Signed-off-by: Charan Jagwani <cjagwani@nvidia.com>
Summary
@tencent-weixin/openclaw-weixin@2.4.3and its transitive runtime dependenciesValidation
npx vitest run test/verify-wechat-runtime-lock.test.ts test/wechat-locked-install.test.ts test/messaging-build-applier.test.ts(30 passed)npm-pack:install withNPM_CONFIG_OFFLINE=true(installed 3 locked packages and linked the existing OpenClaw peer)npm audit --omit=dev --json --prefix agents/openclaw/wechat-runtime(0 vulnerabilities)npm run build:clinpm run typecheck:clinpm run check:diffRefs #5896
Signed-off-by: Ho Lim subhoya@gmail.com
Summary by CodeRabbit