Skip to content

chore(openshell): trust v0.0.82 release manifests#6778

Merged
cv merged 1 commit into
mainfrom
chore/openshell-v0.0.82-trust
Jul 13, 2026
Merged

chore(openshell): trust v0.0.82 release manifests#6778
cv merged 1 commit into
mainfrom
chore/openshell-v0.0.82-trust

Conversation

@ericksoa

@ericksoa ericksoa commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Summary

Trust the three immutable OpenShell v0.0.82 release checksum manifests in the base-owned installer verifier. This is the base-branch prerequisite for #6726; it does not change NemoClaw's active OpenShell selector or consumed asset hashes.

Changes

  • Add the v0.0.82 CLI manifest digest 74ba77d368744f412b2dd246099b63b38937962807333ded2b6284580a2d014e.
  • Add the v0.0.82 gateway manifest digest c0a369ba2c66bcde3c18ce2753b04ff942d1fe1b5f3e4656de520f6d4b175477.
  • Add the v0.0.82 sandbox manifest digest 3300b9856cdbe8e3f9b0f8068bbad93673739c4cfd3212c80dc0675168ee2b8d.
  • Keep the production selectors on v0.0.72 until the separately reviewed upgrade PR lands.

The manifests were produced by the successful NVIDIA/OpenShell Release Tag workflow run 29260186856 at verified tag commit 94cdd697c55aedb571f177ec13cfa54a8e213919. This must land separately because the installer-hash workflow evaluates proposed selectors with verifier code from the PR base; an upgrade PR cannot authorize its own new manifest.

Type of Change

  • Code change (feature, bug fix, or refactor)
  • Code change with doc updates
  • Doc only (prose changes, no code sample modifications)
  • Doc only (includes code sample changes)

Quality Gates

  • Tests added or updated for changed behavior
  • Existing tests cover changed behavior — justification: test/installer-hash-check.test.ts covers the manifest allowlist, exact digest matching, and base-trusted verification boundary; 61/61 focused tests pass.
  • Tests not applicable — justification:
  • Docs updated for user-facing behavior changes
  • Docs not applicable — justification: this authorizes immutable release manifests without changing user-visible behavior or the active OpenShell version.
  • Sensitive paths changed (security, policy, credentials, preflight, onboarding, inference, runner, sandbox, or messaging)
  • Sensitive-path review completed or maintainer-approved waiver recorded — reviewer/approval link/justification:
  • Non-success, skipped, or missing CI check accepted by maintainer — check name, approval link, and follow-up issue:

Verification

  • PR description includes the DCO sign-off declaration and every commit appears as Verified in GitHub
  • Normal pre-commit, commit-msg, and pre-push hooks passed, or npm run check:diff passed when hooks were skipped or unavailable
  • Targeted behavior tests pass for the current change set, or tests are marked not applicable above — npx vitest run test/installer-hash-check.test.ts --project integration (61/61) and bash scripts/check-installer-hash.sh
  • Applicable broad gate passed — npm test for broad runtime/test-harness changes; npm run check for repo-wide validation/coverage changes — command/result:
  • Quality Gates section completed with required justifications or waivers
  • No secrets, API keys, or credentials committed
  • npm run docs builds without warnings (doc changes only)
  • Doc pages follow the style guide (doc changes only)
  • New doc pages include SPDX header and frontmatter (new pages only)

Signed-off-by: Aaron Erickson aerickson@nvidia.com

Summary by CodeRabbit

  • Chores
    • Updated release verification records to support OpenShell v0.0.82 manifests.
    • Added integrity checks for the standard, gateway, and sandbox release checksum files.

Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 9cb375d9-82ed-493f-abeb-4e2cde6e6854

📥 Commits

Reviewing files that changed from the base of the PR and between 7666b55 and 28b7ba5.

📒 Files selected for processing (1)
  • scripts/check-installer-hash.sh

📝 Walkthrough

Walkthrough

The installer hash-check script adds three trusted SHA-256 digests for the OpenShell v0.0.82 release manifests.

Changes

OpenShell manifest verification

Layer / File(s) Summary
Update trusted manifest hashes
scripts/check-installer-hash.sh
Adds allowlist entries for the OpenShell checksums, gateway checksums, and sandbox checksums manifests for version 0.0.82.

Estimated code review effort: 1 (Trivial) | ~2 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly summarizes the main change: trusting the OpenShell v0.0.82 release manifests.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/openshell-v0.0.82-trust

Comment @coderabbitai help to get the list of available commands.

@github-code-quality

github-code-quality Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Code Coverage Overview

Languages: TypeScript

TypeScript / code-coverage/plugin

The overall coverage remains at 96%, unchanged from the branch.

TypeScript / code-coverage/cli

The overall coverage in the branch remains at 79%, unchanged from the branch.

Show a code coverage summary of the most impacted files.
File 7666b55 28b7ba5 +/-
src/lib/actions...ge-preflight.ts 89% 74% -15%
src/lib/name-validation.ts 100% 94% -6%
src/lib/runner.ts 75% 72% -3%
src/lib/adapter...shell/client.ts 90% 88% -2%
src/lib/securit...ntial-filter.ts 99% 98% -1%
src/lib/shields/index.ts 62% 62% 0%
src/lib/messagi.../persistence.ts 89% 90% +1%
src/lib/security/redact.ts 95% 99% +4%
src/lib/inference/local.ts 71% 77% +6%
src/lib/inferen...del-registry.ts 66% 100% +34%

Updated July 13, 2026 17:47 UTC
Code Coverage is in Public Preview. Learn more and provide us with your feedback.

@github-actions

Copy link
Copy Markdown
Contributor

E2E Advisor Recommendation

Required E2E: None
Optional E2E: None

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

  • None. No existing E2E job is required: this is a prerequisite trust-anchor update to the installer-hash verifier allowlist, with no installer/onboarding runtime selector or user-flow change. The dedicated live Security / Installer Hash Check workflow and installer-hash unit coverage validate this boundary; the deterministic risk plan selects no E2E jobs.

Optional E2E

  • None.

New E2E recommendations

  • None.

@github-actions

github-actions Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

PR Review Advisor — No blocking findings

Merge posture: No blocking advisor findings
Primary next action: No advisor follow-up required beyond maintainer review.
Findings: 0 required · 0 warnings · 0 optional suggestions

Workflow run details

This is an automated review. Required findings need action before merge. Warnings and optional suggestions do not require a response or follow-up. A human maintainer makes the final merge decision.

@cv cv merged commit 73b35fc into main Jul 13, 2026
54 checks passed
@cv cv deleted the chore/openshell-v0.0.82-trust branch July 13, 2026 17:58
@github-actions github-actions Bot added the v0.0.82 Release target label Jul 13, 2026
cv pushed a commit that referenced this pull request Jul 13, 2026
## Summary

Extend the base-trusted installer parser so a separately reviewed
dependency pin PR can add standalone sandbox binary identities as
release data without authorizing operational installer changes. This is
the remaining base-branch prerequisite for #6726 after #6778 landed.

## Changes

- Parse `pinned_sandbox_build_version` as a strict literal
digest-to-version case map before normalizing it as release data.
- Require a unique SHA-256 per entry, literal `X.Y.Z` versions, a
fail-closed default branch, and at least one identity for the selected
release.
- Bind `DEV_MIN_VERSION` to the same selected release as the installer
tables and other stable selectors.
- Add positive coverage for a v0.0.82 sandbox identity addition and
negative coverage for control-flow, unknown-command, duplicate-digest,
and malformed-version edits.

The complete v0.0.82 upgrade tree passes this base-trusted checker
against all three release manifests and all ten consumed archives.

## Type of Change

- [x] Code change (feature, bug fix, or refactor)
- [ ] Code change with doc updates
- [ ] Doc only (prose changes, no code sample modifications)
- [ ] Doc only (includes code sample changes)

## Quality Gates

- [x] Tests added or updated for changed behavior
- [ ] Existing tests cover changed behavior — justification:
- [ ] Tests not applicable — justification:
- [ ] Docs updated for user-facing behavior changes
- [x] Docs not applicable — justification: this changes only the
base-owned dependency verification boundary; active selectors remain on
v0.0.72.
- [x] Sensitive paths changed (security, policy, credentials, preflight,
onboarding, inference, runner, sandbox, or messaging)
- [x] Sensitive-path review completed or maintainer-approved waiver
recorded — reviewer/approval link/justification: author review confirmed
only the fully parsed release-data function and literal selectors are
normalized; all other installer text remains locked by the trusted
template hash.
- [ ] Non-success, skipped, or missing CI check accepted by maintainer —
check name, approval link, and follow-up issue:

## Verification

- [x] PR description includes the DCO sign-off declaration and every
commit appears as `Verified` in GitHub
- [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or
`npm run check:diff` passed when hooks were skipped or unavailable
- [x] Targeted behavior tests pass for the current change set, or tests
are marked not applicable above — `npx vitest run
test/installer-hash-check.test.ts` (67/67), `npm run build:cli`, `npm
run typecheck`, and the base-trusted checker against #6726
- [ ] Applicable broad gate passed — `npm test` for broad
runtime/test-harness changes; `npm run check` for repo-wide
validation/coverage changes — command/result: not applicable to this
focused verifier grammar extension; normal hooks, typecheck, and focused
integration coverage passed.
- [x] Quality Gates section completed with required justifications or
waivers
- [x] No secrets, API keys, or credentials committed
- [ ] `npm run docs` builds without warnings (doc changes only)
- [ ] Doc pages follow the [style
guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md)
(doc changes only)
- [ ] New doc pages include SPDX header and frontmatter (new pages only)

---
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

- **Security & Reliability**
- Strengthened installer verification by adding trusted “sandbox build
version” pin checks alongside existing checksum and command pin
validation.
- Installers now fail closed if sandbox build pins or development
minimum version selectors are missing, malformed, inconsistent, or
altered.
- Updated trusted installer template expectations to improve detection
of unauthorized changes and version drift.
- **Testing**
- Expanded installer-hash tests with new sandbox build mutation
scenarios, including both allowed pin changes and multiple rejected
tampering cases, plus development-version drift coverage.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

v0.0.82 Release target

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants