fix(policy): add protocol/enforcement/tls to statsig and sentry endpoints

[latenighthackathon]

Summary

• Add missing protocol: rest, enforcement: enforce, and tls: terminate to statsig.anthropic.com and sentry.io endpoints in openclaw-sandbox.yaml

Related Issue

Closes #1214

Changes

Both endpoints define GET/POST method rules, but without protocol: rest the proxy treats them as L4-only connections — the rules are never evaluated and any HTTP method is allowed through.

The fix adds the same three fields that api.anthropic.com (the adjacent endpoint in the same policy group) already has:

protocol: rest
enforcement: enforce
tls: terminate

No new endpoints, no rule changes — just enabling L7 inspection on two endpoints that already have rules written for it.

Testing

• Verified the YAML structure matches the working api.anthropic.com endpoint pattern
• No schema changes — protocol, enforcement, and tls are existing fields used across the policy file

Checklist

• Conventional commit format
• Scoped to issue, no unrelated changes
• No secrets or credentials

Summary by CodeRabbit

• Chores
  • Updated network policy configurations for external service endpoints, including enhanced security enforcement and TLS termination settings.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 6c56c0ae-21fe-4af7-953a-18baf664c806

📥 Commits

Reviewing files that changed from the base of the PR and between c63d37b and ce3b4f4.

📒 Files selected for processing (1)

• nemoclaw-blueprint/policies/openclaw-sandbox.yaml

---

📝 Walkthrough

Walkthrough

Network policy configuration fields (protocol: rest, enforcement: enforce, tls: terminate) are added to statsig.anthropic.com and sentry.io endpoints in the sandbox policy to enforce Layer 7 HTTP method/path rules that were previously unevaluated at the L4 connection level.

Changes

Cohort / File(s)	Summary
Network Policy Configuration nemoclaw-blueprint/policies/openclaw-sandbox.yaml	Added protocol: rest, enforcement: enforce, and tls: terminate fields to statsig.anthropic.com:443 and sentry.io:443 endpoints within the claude_code tier to enable HTTP inspection and enforce existing GET/POST method rules.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A rabbit hops through policies with glee,
Adding protocol: rest for L7 to see—
Now statsig and sentry will play by the rules,
No sneaky requests slipping through the poolools! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title concisely describes the main change: adding protocol/enforcement/tls configuration to statsig and sentry endpoints, which matches the core changeset.
Linked Issues check	✅ Passed	The PR directly addresses issue #1214 by adding protocol: rest, enforcement: enforce, and tls: terminate to both statsig.anthropic.com and sentry.io endpoints as required.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to the linked issue; only the two specified endpoints in openclaw-sandbox.yaml were modified with the required fields.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[kjw3]

Merging, but future PRs need DCO Signoff in PR body now