ci(deps): audit reviewed npm archive graph#6741
Conversation
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughThe change centralizes reviewed npm archive verification, integrates it into container and plugin builds, adds production dependency graph auditing with CI enforcement and artifact uploads, and updates provenance, documentation, regression tests, and sandbox staging. ChangesReviewed npm supply chain
Estimated code review effort: 4 (Complex) | ~60 minutes Sequence Diagram(s)sequenceDiagram
participant CI
participant AuditAction
participant AuditScript
participant ReviewedArchive
participant Npm
CI->>AuditAction: start reviewed npm audit
AuditAction->>AuditScript: run configured graph audit
AuditScript->>ReviewedArchive: materialize reviewed package archives
ReviewedArchive->>Npm: verify metadata and pack pinned tarballs
AuditScript->>Npm: install graphs and run npm audit
AuditScript-->>AuditAction: write reports and threshold result
AuditAction-->>CI: upload reports and set job status
Possibly related PRs
Suggested labels: 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
E2E Advisor RecommendationRequired E2E: Dispatch hint: Full advisor summaryE2E Recommendation AdvisorBase: Required E2E
Optional E2E
New E2E recommendations
Dispatch hint
|
There was a problem hiding this comment.
Actionable comments posted: 3
🧹 Nitpick comments (3)
Dockerfile (1)
988-1010: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winMisleading function name:
verify_openclaw_plugin_integrityalso packs and returns an archive path.Despite the name, this helper doesn't just verify — it invokes
reviewed-npm-archive.mtswithout--verify-only, so it downloads/packs the tarball and its stdout (the archive path) is consumed by the caller. A future edit assuming this is side-effect-free verification (e.g., trying to call it in a loop, or swapping in--verify-only) would silently break plugin installation.✏️ Suggested rename for clarity
- verify_openclaw_plugin_integrity() { \ + pack_reviewed_openclaw_plugin() { \ plugin_spec="$1"; \ ... }; \ install_reviewed_openclaw_plugin() { \ plugin_spec="${1}@${OPENCLAW_VERSION}"; \ - plugin_archive="$(verify_openclaw_plugin_integrity "$plugin_spec")"; \ + plugin_archive="$(pack_reviewed_openclaw_plugin "$plugin_spec")"; \🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@Dockerfile` around lines 988 - 1010, Rename verify_openclaw_plugin_integrity to reflect that it validates and creates/returns the reviewed archive path, then update its invocation in install_reviewed_openclaw_plugin and any other references consistently. Preserve the existing archive-producing behavior and arguments to reviewed-npm-archive.mts.test/openclaw-optional-plugin-build.test.ts (1)
19-30: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winFragile Dockerfile block extraction by comment text.
If the anchor comment (
"# Install non-messaging OpenClaw plugins") is edited or removed,startbecomes-1, anddockerfile.indexOf("RUN ", start)treats the negative index as0, silently scanning from the top of the file for the firstRUNinstead of failing clearly. Consider assertingstart !== -1(andend !== -1) before slicing, or using a dedicated marker comment reserved for this extraction, so a future Dockerfile edit fails the test with an obvious message rather than potentially extracting the wrong block.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@test/openclaw-optional-plugin-build.test.ts` around lines 19 - 30, Make the Dockerfile extraction in the optional-plugin build test validate that both anchor lookups succeed before calling slice or deriving the command. Add clear assertions for start and end (or use a dedicated stable marker) so edits to the non-messaging plugin block fail explicitly instead of allowing indexOf with -1 to scan from the beginning.test/openclaw-integrity-pin-suite.ts (1)
184-222: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winDuplicate
reviewed-npm-fixturegenerator logic across two functions.
runInstallBlock(lines 184-222) andrunOptionalOpenClawPluginBlock(lines 373-403) each hand-roll a near-identical bash fixture that interceptsnpm view/npm pack, differing mainly in which package specs/pack-dispatch cases they support. Extracting a shared fixture-builder (taking a map of package-spec → {integrity, tarball} and an optional pack-dispatch table) would reduce duplication and keep future pin additions (e.g. the newmcporter-tarball) from needing to be wired into two separate string-template builders.Also applies to: 373-403
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@test/openclaw-integrity-pin-suite.ts` around lines 184 - 222, Extract the duplicated reviewed-npm-fixture generation from runInstallBlock and runOptionalOpenClawPluginBlock into a shared fixture-builder. Have it accept the package-spec-to-integrity/tarball mappings and optional pack-dispatch entries needed by each caller, while preserving the existing npm view, npm pack, logging, and pack-filename behavior; update both functions to use the shared builder.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@Dockerfile.base`:
- Around line 267-271: Add an explicit validation immediately after assigning
OPENCLAW_PACK_PATH and before the OPENCLAW_PACK_DIR dirname call, exiting with
failure when the archive path is empty or invalid. Keep the existing npm install
flow unchanged for valid paths so a failed reviewed-npm-archive.mts substitution
cannot continue.
In `@test/openclaw-dependency-review.test.ts`:
- Around line 330-334: Strengthen the contract checks in
test/openclaw-dependency-review.test.ts for the codex-acp, and corresponding
blocks at the other reviewed ranges, by asserting the superseded inline npm
view/npm pack and unsafe-filename-guard patterns are absent. Keep the existing
positive assertions for reviewed-npm-archive.mts and add negative checks against
each block so the migration proves the old path was removed.
In `@test/reviewed-npm-archive.test.ts`:
- Around line 38-91: Replace the inline if-based command dispatch in the
reviewed archive tests with a lookup table or dedicated helper dispatcher.
Preserve the existing responses for dist.integrity, dist.tarball, pack
destination file creation, and drift scenarios while removing test-body
conditional branches that trigger the guardrail.
---
Nitpick comments:
In `@Dockerfile`:
- Around line 988-1010: Rename verify_openclaw_plugin_integrity to reflect that
it validates and creates/returns the reviewed archive path, then update its
invocation in install_reviewed_openclaw_plugin and any other references
consistently. Preserve the existing archive-producing behavior and arguments to
reviewed-npm-archive.mts.
In `@test/openclaw-integrity-pin-suite.ts`:
- Around line 184-222: Extract the duplicated reviewed-npm-fixture generation
from runInstallBlock and runOptionalOpenClawPluginBlock into a shared
fixture-builder. Have it accept the package-spec-to-integrity/tarball mappings
and optional pack-dispatch entries needed by each caller, while preserving the
existing npm view, npm pack, logging, and pack-filename behavior; update both
functions to use the shared builder.
In `@test/openclaw-optional-plugin-build.test.ts`:
- Around line 19-30: Make the Dockerfile extraction in the optional-plugin build
test validate that both anchor lookups succeed before calling slice or deriving
the command. Add clear assertions for start and end (or use a dedicated stable
marker) so edits to the non-messaging plugin block fail explicitly instead of
allowing indexOf with -1 to scan from the beginning.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 61638e7b-bc84-4823-b3c2-b22f252cdcb6
📒 Files selected for processing (19)
.github/actions/ci-reviewed-npm-audit/action.yaml.github/workflows/main.yaml.github/workflows/pr.yamlDockerfileDockerfile.baseci/reviewed-npm-audit.jsondocs/security/openclaw-2026.6.10-dependency-review.mdscripts/audit-reviewed-npm-graph.mtsscripts/lib/reviewed-npm-archive.mtssrc/lib/messaging/applier/build/messaging-build-applier.mtstest/helpers/reviewed-npm-fixture.tstest/mcporter-supply-chain.test.tstest/messaging-build-applier-integrity.test.tstest/openclaw-dependency-review.test.tstest/openclaw-integrity-pin-suite.tstest/openclaw-optional-plugin-build.test.tstest/reviewed-npm-archive.test.tstest/reviewed-npm-audit.test.tstest/sandbox-provisioning.test.ts
💤 Files with no reviewable changes (1)
- test/sandbox-provisioning.test.ts
6b3fd34 to
900443f
Compare
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@test/fetch-guard-patch-regression.test.ts`:
- Around line 189-192: The reviewed-helper stub must enforce its expected argv
contract instead of accepting arbitrary calls. Update the shell logic in the
fetch-guard test double to validate the required OpenClaw/mcporter integrity and
tarball arguments for both the normal archive-return invocation and the
--verify-only invocation, and log the tarball value supplied in argv rather than
OPENCLAW_2026_6_10_TARBALL. Reject missing or mismatched arguments before
returning.
In `@test/mcporter-supply-chain.test.ts`:
- Around line 22-30: Update extractIntegrityGate to include the complete
reviewed-npm-archive helper invocation, including --verify-only, in the
extracted gate. Modify the fake node used by runIntegrityGate to reject
incorrect package, integrity, or tarball arguments, so the test executes and
validates the reviewed helper command through observable behavior rather than
relying on source-text assertions.
In `@test/openclaw-integrity-pin-suite.ts`:
- Line 109: Update the fallback matrix in the integrity-pin test to mutate
`mcporter-tarball` using `PINNED_MCPORTER_TARBALL`, ensuring the test detects
implementations that ignore this provenance field while preserving the existing
tampering coverage.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 5b563fc3-fb64-4492-a417-10b12a029d83
📒 Files selected for processing (26)
.github/actions/ci-reviewed-npm-audit/action.yaml.github/workflows/main.yaml.github/workflows/pr.yamlDockerfileDockerfile.baseci/reviewed-npm-audit.jsondocs/security/openclaw-2026.6.10-dependency-review.mdscripts/audit-reviewed-npm-graph.mtsscripts/lib/reviewed-npm-archive.mtssrc/lib/messaging/applier/build/messaging-build-applier.mtssrc/lib/onboard/dockerfile-remote-dashboard-bind-contract.tssrc/lib/sandbox/build-context.tstest/fetch-guard-patch-regression.test.tstest/helpers/fetch-guard-patch-harness.tstest/helpers/reviewed-npm-fixture.tstest/mcporter-supply-chain.test.tstest/messaging-build-applier-integrity.test.tstest/messaging-build-applier.test.tstest/openclaw-dependency-review.test.tstest/openclaw-integrity-pin-suite.tstest/openclaw-optional-plugin-build.test.tstest/pr-workflow-contract.test.tstest/reviewed-npm-archive.test.tstest/reviewed-npm-audit.test.tstest/sandbox-build-context.test.tstest/sandbox-provisioning.test.ts
💤 Files with no reviewable changes (1)
- test/sandbox-provisioning.test.ts
🚧 Files skipped from review as they are similar to previous changes (10)
- ci/reviewed-npm-audit.json
- scripts/audit-reviewed-npm-graph.mts
- scripts/lib/reviewed-npm-archive.mts
- .github/workflows/main.yaml
- .github/actions/ci-reviewed-npm-audit/action.yaml
- src/lib/messaging/applier/build/messaging-build-applier.mts
- .github/workflows/pr.yaml
- Dockerfile
- docs/security/openclaw-2026.6.10-dependency-review.md
- test/openclaw-dependency-review.test.ts
900443f to
6cf08ff
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (3)
test/fetch-guard-patch-regression.test.ts (1)
144-203: 📐 Maintainability & Code Quality | 🔵 Trivial
runOpenClawUpgradeBlockkeeps growing into a large embedded-bash generator.This PR adds ~45 more lines of inline bash (reviewed-archive fixture + full argv-contract validation) to an already large function.
test/helpers/reviewed-npm-fixture.tsshows this repo already has a pattern for extracting this kind of fake-CLI script generation into a standalone, reusable, unit-testable helper. Consider factoring thenode()/argv-validation block (and similarly thenpm()stub) out of this test file into a shared helper, the same way the npm fixture was extracted.As per coding guidelines,
**/*.{ts,tsx}should "Keep TypeScript function complexity low."🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@test/fetch-guard-patch-regression.test.ts` around lines 144 - 203, Reduce the complexity of runOpenClawUpgradeBlock by extracting its embedded node() and npm() fake-CLI/argv-validation script generation into a reusable helper, following the pattern established by test/helpers/reviewed-npm-fixture.ts. Keep the reviewed archive setup and argument-contract behavior unchanged, and have the test compose the helper output instead of maintaining the inline bash block.Source: Coding guidelines
test/openclaw-optional-plugin-build.test.ts (1)
18-30: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winReuse the shared Dockerfile RUN-block helper here.
test/helpers/fetch-guard-patch-harness.tsalready exportsdockerRunCommandBetween(...), which handles the marker lookup and fails clearly when the block is missing. Inlining the same extraction logic here adds drift risk and leaves theindexOf(...)lookups unguarded.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@test/openclaw-optional-plugin-build.test.ts` around lines 18 - 30, Replace the inline Dockerfile RUN-block extraction in the optional plugin build test with the shared dockerRunCommandBetween(...) helper from test/helpers/fetch-guard-patch-harness.ts, passing the existing start and end markers. Remove the local indexOf, slicing, comment filtering, and line-continuation normalization logic while preserving the resulting command behavior.test/reviewed-npm-audit.test.ts (1)
20-29: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueRename
exceedsAuditThresholdto match its numeric return valueThis function returns the count of vulnerabilities at or above the threshold, so the current name reads like a boolean predicate. Consider a name like
countAtOrAboveThresholdfor clarity.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@test/reviewed-npm-audit.test.ts` around lines 20 - 29, Rename exceedsAuditThreshold to a count-oriented name such as countAtOrAboveThreshold throughout the implementation and all call sites, including this test, while preserving its numeric return behavior and threshold semantics.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@test/helpers/fetch-guard-patch-harness.ts`:
- Around line 12-64: The static fixture in
loadReviewedOpenClaw20260610SsrfPolicyShape is tested without verifying it
matches the real OpenClaw implementation. Add a source-text or hash comparison
between REVIEWED_OPENCLAW_2026_6_10_SSRF_POLICY_SHAPE and the extracted
dependency source before exercising the fixture, or replace the string-evaluated
copied algorithm with regular TypeScript helpers if source-shape validation is
not required.
---
Nitpick comments:
In `@test/fetch-guard-patch-regression.test.ts`:
- Around line 144-203: Reduce the complexity of runOpenClawUpgradeBlock by
extracting its embedded node() and npm() fake-CLI/argv-validation script
generation into a reusable helper, following the pattern established by
test/helpers/reviewed-npm-fixture.ts. Keep the reviewed archive setup and
argument-contract behavior unchanged, and have the test compose the helper
output instead of maintaining the inline bash block.
In `@test/openclaw-optional-plugin-build.test.ts`:
- Around line 18-30: Replace the inline Dockerfile RUN-block extraction in the
optional plugin build test with the shared dockerRunCommandBetween(...) helper
from test/helpers/fetch-guard-patch-harness.ts, passing the existing start and
end markers. Remove the local indexOf, slicing, comment filtering, and
line-continuation normalization logic while preserving the resulting command
behavior.
In `@test/reviewed-npm-audit.test.ts`:
- Around line 20-29: Rename exceedsAuditThreshold to a count-oriented name such
as countAtOrAboveThreshold throughout the implementation and all call sites,
including this test, while preserving its numeric return behavior and threshold
semantics.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 9d91ae6c-b37a-43f8-96dd-64faf95fe9e1
📒 Files selected for processing (26)
.github/actions/ci-reviewed-npm-audit/action.yaml.github/workflows/main.yaml.github/workflows/pr.yamlDockerfileDockerfile.baseci/reviewed-npm-audit.jsondocs/security/openclaw-2026.6.10-dependency-review.mdscripts/audit-reviewed-npm-graph.mtsscripts/lib/reviewed-npm-archive.mtssrc/lib/messaging/applier/build/messaging-build-applier.mtssrc/lib/onboard/dockerfile-remote-dashboard-bind-contract.tssrc/lib/sandbox/build-context.tstest/fetch-guard-patch-regression.test.tstest/helpers/fetch-guard-patch-harness.tstest/helpers/reviewed-npm-fixture.tstest/mcporter-supply-chain.test.tstest/messaging-build-applier-integrity.test.tstest/messaging-build-applier.test.tstest/openclaw-dependency-review.test.tstest/openclaw-integrity-pin-suite.tstest/openclaw-optional-plugin-build.test.tstest/pr-workflow-contract.test.tstest/reviewed-npm-archive.test.tstest/reviewed-npm-audit.test.tstest/sandbox-build-context.test.tstest/sandbox-provisioning.test.ts
💤 Files with no reviewable changes (1)
- test/sandbox-provisioning.test.ts
🚧 Files skipped from review as they are similar to previous changes (14)
- src/lib/onboard/dockerfile-remote-dashboard-bind-contract.ts
- ci/reviewed-npm-audit.json
- .github/actions/ci-reviewed-npm-audit/action.yaml
- .github/workflows/main.yaml
- test/pr-workflow-contract.test.ts
- src/lib/sandbox/build-context.ts
- Dockerfile.base
- test/mcporter-supply-chain.test.ts
- src/lib/messaging/applier/build/messaging-build-applier.mts
- scripts/audit-reviewed-npm-graph.mts
- scripts/lib/reviewed-npm-archive.mts
- test/openclaw-dependency-review.test.ts
- Dockerfile
- docs/security/openclaw-2026.6.10-dependency-review.md
6cf08ff to
747baeb
Compare
Signed-off-by: Ho Lim <subhoya@gmail.com>
747baeb to
bec46e5
Compare
|
✨ Thanks for the CI and supply-chain work, @HOYALIM. Consolidating the reviewed npm archive audit into a shared implementation and failing at the high-severity threshold strengthens our dependency posture. Ready for maintainer review. Related open issues: Related open issues: |
cjagwani
left a comment
There was a problem hiding this comment.
Reviewed exact head 555fdf0. Current CI is green, but two fail-closed supply-chain blockers remain:
-
The Hermes image cannot execute the reviewed-archive helper. src/lib/messaging/applier/build/messaging-build-applier.mts:10 statically imports ../../../../../scripts/lib/reviewed-npm-archive.mts, while agents/hermes/Dockerfile invokes the applier around lines 313/322 after copying /src/lib/messaging but never copies /scripts/lib/reviewed-npm-archive.mts. The build reaches ERR_MODULE_NOT_FOUND. Copy the reviewed helper/transitive runtime into the trusted build context (or package the applier so that dependency is present), and add a real Hermes build-boundary regression that runs this path.
-
scripts/audit-reviewed-npm-graph.mts:64-82 treats any nonzero npm audit exit as usable whenever stdout parses as JSON, then missing metadata defaults every severity to zero. An unreachable audit endpoint reproduces as npm's ECONNREFUSED JSON, counts={all:0}, blocked=0 — a fail-open clean result. Distinguish a valid vulnerability report from operational/auth/network/schema failures, reject missing/invalid metadata, and add a regression proving npm audit transport failure exits nonzero and cannot report zero vulnerabilities.
These are correctness and security gate failures, not advisory hardening items; please fix both and rerun the exact-head image/build and audit paths.
Signed-off-by: Ho Lim <subhoya@gmail.com>
|
Addressed both exact-head blockers in
Validation:
A wider local Hermes runtime suite had one unrelated macOS Bash 3.2 fixture failure ( @coderabbitai review |
|
✅ Action performedReview finished.
|
There was a problem hiding this comment.
🧹 Nitpick comments (1)
test/reviewed-npm-audit.test.ts (1)
55-65: 🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick winCover all invalid severity-count shapes explicitly.
The PR contract requires complete, non-negative integer counts, but these cases only cover missing metadata and a string value. Add negative, fractional, and missing-severity-key cases so regressions in those validations cannot pass unnoticed. The PR objective explicitly requires complete non-negative integer severity counts.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@test/reviewed-npm-audit.test.ts` around lines 55 - 65, Expand the invalid-input cases in the parseAuditReport test’s it.each block to explicitly cover negative counts, fractional counts, and missing severity keys, while retaining the existing missing-metadata and string-count cases. Ensure each case uses otherwise structured vulnerability metadata and continues asserting that parseAuditReport rejects it.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@test/reviewed-npm-audit.test.ts`:
- Around line 55-65: Expand the invalid-input cases in the parseAuditReport
test’s it.each block to explicitly cover negative counts, fractional counts, and
missing severity keys, while retaining the existing missing-metadata and
string-count cases. Ensure each case uses otherwise structured vulnerability
metadata and continues asserting that parseAuditReport rejects it.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: b3b59a73-2390-4a4e-8f7e-6bbcfcc1114c
📒 Files selected for processing (4)
agents/hermes/Dockerfilescripts/audit-reviewed-npm-graph.mtstest/messaging-build-applier-integrity.test.tstest/reviewed-npm-audit.test.ts
🚧 Files skipped from review as they are similar to previous changes (1)
- scripts/audit-reviewed-npm-graph.mts
Signed-off-by: Charan Jagwani <cjagwani@nvidia.com>
<!-- markdownlint-disable MD041 --> ## Summary Release-prep documentation for v0.0.82 now summarizes user-facing changes merged since v0.0.81. It also closes stale wording in the stopped-sandbox backup, snapshot-clone, Ollama selection, and custom-policy authoring guidance. ## Changes - Add the `v0.0.82` section to `docs/about/release-notes.mdx` with links to the focused user guides. - Document that snapshot clones receive a destination-owned dashboard port before destructive replacement begins. - Align `backup-all` guidance with eligible stopped Docker-driver sandboxes that NemoClaw starts temporarily. - Describe the running and stopped Ollama menu states without claiming one fixed label. - Document runtime rejection of catch-all hosts in custom policy files. ### Source summary - [#6748](#6748) -> `docs/about/release-notes.mdx`, `docs/manage-sandboxes/lifecycle.mdx`, and `docs/reference/commands.mdx`: Summarize non-destructive sandbox `stop` and `start` commands. - [#6723](#6723) -> `docs/about/release-notes.mdx`, `docs/manage-sandboxes/backup-restore.mdx`, and `docs/reference/commands.mdx`: Record temporary startup and cleanup for eligible stopped-sandbox backups. - [#6749](#6749) -> `docs/about/release-notes.mdx` and `docs/manage-sandboxes/backup-restore.mdx`: Document destination-owned dashboard ports for snapshot clones. - [#6764](#6764) -> `docs/about/release-notes.mdx`: Summarize installer handling of route-only onboarding placeholders. - [#6771](#6771) -> `docs/about/release-notes.mdx`, `docs/inference/set-up-vllm.mdx`, `docs/inference/choose-inference-provider.mdx`, `docs/reference/commands.mdx`, and `docs/reference/platform-support.mdx`: Summarize managed-vLLM storage gates, immutable image digests, and the explicit override boundary. - [#6759](#6759) -> `docs/about/release-notes.mdx`: Record early, actionable OpenShell gateway-port conflict diagnostics. - [#6753](#6753) -> `docs/about/release-notes.mdx` and `docs/inference/set-up-ollama.mdx`: Document truthful running and stopped Ollama menu states. - [#6776](#6776) -> `docs/about/release-notes.mdx`: Summarize proxy-independent loopback readiness checks. - [#6769](#6769) -> `docs/about/release-notes.mdx`: Record compatible endpoint and agent guidance when Chat Completions is unavailable. - [#6730](#6730) -> `docs/about/release-notes.mdx`: Summarize bounded reuse of an eligible successful Chat Completions check. - [#6768](#6768) -> `docs/about/release-notes.mdx`: Record route-reservation repair during resumed onboarding. - [#6742](#6742) -> `docs/about/release-notes.mdx`: Summarize pre-mutation resolution of secret-free sandbox create intent. - [#6721](#6721) -> `docs/about/release-notes.mdx` and `docs/get-started/quickstart-langchain-deepagents-code.mdx`: Record bounded cleanup of completed managed Deep Agents headless sessions. - [#6731](#6731) -> `docs/about/release-notes.mdx` and `docs/network-policy/customize-network-policy.mdx`: Document runtime rejection of catch-all custom-policy destinations. - [#6729](#6729) -> `docs/about/release-notes.mdx` and `docs/get-started/prerequisites.mdx`: Record the Node.js 22.19 minimum. - [#6735](#6735) -> `docs/about/release-notes.mdx` and `docs/reference/platform-support.mdx`: Summarize the Ubuntu 26.04 userspace contract without claiming pending host or live validation. - [#6775](#6775) -> `docs/about/release-notes.mdx` and `docs/resources/community-contributions.mdx`: Route independent solutions outside canonical supported-product documentation. - [#6740](#6740) -> `docs/about/release-notes.mdx`: Summarize the semantic dependency-upgrade contributor workflow. - [#6777](#6777) -> `docs/about/release-notes.mdx` and `docs/CONTRIBUTING.md`: Summarize the route-safe documentation-refactor workflow. - [#6741](#6741) -> `docs/about/release-notes.mdx` and `docs/security/openclaw-2026.6.10-dependency-review.md`: Summarize reviewed npm archive verification and audit enforcement. - [#6739](#6739) -> `docs/about/release-notes.mdx` and `docs/security/openclaw-2026.6.10-dependency-review.md`: Record the locked offline dependency graph for the managed OpenClaw WeChat runtime. - [#6737](#6737) -> `docs/about/release-notes.mdx`: Record removal of the messaging build plan from final OpenClaw and Hermes image environments. - [#6733](#6733) -> `docs/about/release-notes.mdx`: Summarize cached plugin dependency layers for source and blueprint rebuilds. ### Skipped from docs-skip - None. No commit or changed path in `v0.0.81..origin/main` matched `openclaw-sandbox-permissive.yaml` or `config-show`, and the drafted content contains none of the configured skip terms. ## Type of Change - [ ] Code change (feature, bug fix, or refactor) - [ ] Code change with doc updates - [x] Doc only (prose changes, no code sample modifications) - [ ] Doc only (includes code sample changes) ## Quality Gates - [ ] Tests added or updated for changed behavior - [ ] Existing tests cover changed behavior — justification: - [x] Tests not applicable — justification: This is a documentation-only release-prep update; behavior is protected by the merged source PRs, and the documentation build validates the changed routes and agent variants. - [x] Docs updated for user-facing behavior changes - [ ] Docs not applicable — justification: - [ ] Sensitive paths changed (security, policy, credentials, preflight, onboarding, inference, runner, sandbox, or messaging) - [ ] Sensitive-path review completed or maintainer-approved waiver recorded — reviewer/approval link/justification: - [ ] Non-success, skipped, or missing CI check accepted by maintainer — check name, approval link, and follow-up issue: ## Verification - [x] PR description includes the DCO sign-off declaration and every commit appears as `Verified` in GitHub - [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or `npm run check:diff` passed when hooks were skipped or unavailable - [x] Targeted behavior tests pass for the current change set, or tests are marked not applicable above — tests are not applicable for this documentation-only change. - [ ] Applicable broad gate passed — `npm test` for broad runtime/test-harness changes; `npm run check` for repo-wide validation/coverage changes — command/result: not run for this documentation-only change. - [x] Quality Gates section completed with required justifications or waivers - [x] No secrets, API keys, or credentials committed - [ ] `npm run docs` builds without warnings (doc changes only) — 0 errors; two pre-existing Fern warnings remain. - [x] Doc pages follow the [style guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md) (doc changes only) - [ ] New doc pages include SPDX header and frontmatter (new pages only) — no new pages. --- Signed-off-by: Charan Jagwani <cjagwani@nvidia.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Updated release notes with improvements to sandbox recovery, onboarding, session management, policy validation, storage checks, and system requirements. * Clarified Ollama setup instructions and status labels. * Documented safer snapshot restoration, including dedicated ports and protection against destructive failures. * Expanded `backup-all` coverage to include eligible stopped sandboxes. * Added guidance rejecting broad or catch-all network destinations in custom policies. <!-- end of auto-generated comment: release notes by coderabbit.ai --> Signed-off-by: Charan Jagwani <cjagwani@nvidia.com>
Summary
Validation
9 moderate / 0 high / 0 critical; mcporter lock0 findingsnpm run check:diffRefs #5896
Signed-off-by: Ho Lim subhoya@gmail.com
Summary by CodeRabbit