Conversation
Contributor
📝 WalkthroughWalkthroughRemoved the Changes
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 4
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
docs/reference/architecture.md (1)
31-49:⚠️ Potential issue | 🟡 MinorUpdate file structure to reflect deleted CLI code.
The file tree shows
cli.ts,commands/launch.ts,commands/connect.ts,commands/status.ts,commands/logs.ts,blueprint/resolve.ts,blueprint/fetch.ts,blueprint/verify.ts, andblueprint/exec.ts, but according to the PR summary these files were deleted. Onlycommands/slash.ts,blueprint/state.ts, and related core files remain.🗂️ Suggested file tree
nemoclaw/ ├── src/ -│ ├── index.ts Plugin entry — registers all commands -│ ├── cli.ts Commander.js subcommand wiring -│ ├── commands/ -│ │ ├── launch.ts Fresh install into OpenShell -│ │ ├── connect.ts Interactive shell into sandbox -│ │ ├── status.ts Blueprint run state + sandbox health -│ │ ├── logs.ts Stream blueprint and sandbox logs -│ │ └── slash.ts /nemoclaw chat command handler +│ ├── index.ts Plugin entry — registers provider and slash command +│ ├── commands/ +│ │ └── slash.ts /nemoclaw chat command handler │ └── blueprint/ -│ ├── resolve.ts Version resolution, cache management -│ ├── fetch.ts Download blueprint from OCI registry -│ ├── verify.ts Digest verification, compatibility checks -│ ├── exec.ts Subprocess execution of blueprint runner │ └── state.ts Persistent state (run IDs) ├── openclaw.plugin.json Plugin manifest └── package.json Commands declared under openclaw.extensions🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/reference/architecture.md` around lines 31 - 49, Update the documented repository tree in docs/reference/architecture.md to reflect the removed CLI code: remove entries for cli.ts and the deleted files under commands (launch.ts, connect.ts, status.ts, logs.ts) and blueprint (resolve.ts, fetch.ts, verify.ts, exec.ts) and instead show only the remaining artifacts such as src/index.ts, src/commands/slash.ts, src/blueprint/state.ts (and any other core files that still exist), plus openclaw.plugin.json and package.json; ensure filenames in the tree exactly match the current repo (e.g., index.ts, slash.ts, state.ts) so the doc reflects the actual layout.
🧹 Nitpick comments (1)
docs/reference/commands.md (1)
23-23: Split sentences onto separate lines.Line 23 contains two sentences on the same line, which violates the formatting guideline requiring one sentence per line for readable diffs. As per coding guidelines, "One sentence per line in source (makes diffs readable). Flag paragraphs where multiple sentences appear on the same line."
📝 Suggested split
-The `nemoclaw` CLI is the primary interface for managing NemoClaw sandboxes. It is installed when you run `npm install -g nemoclaw`. +The `nemoclaw` CLI is the primary interface for managing NemoClaw sandboxes. +It is installed when you run `npm install -g nemoclaw`.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/reference/commands.md` at line 23, The line containing "The `nemoclaw` CLI is the primary interface for managing NemoClaw sandboxes. It is installed when you run `npm install -g nemoclaw`." has two sentences on one line; split them so each sentence is on its own line (e.g., one line with "The `nemoclaw` CLI is the primary interface for managing NemoClaw sandboxes." and the next line with "It is installed when you run `npm install -g nemoclaw`.") to satisfy the one-sentence-per-line formatting guideline.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@docs/monitoring/monitor-sandbox-activity.md`:
- Around line 63-76: Update the incomplete command examples for the `nemoclaw
<name> logs` usage: replace the generic placeholders with concrete flags or
remove the sections if unsupported; specifically add an example for "display a
specific number of log lines" such as `nemoclaw <name> logs -n 100` (or `--lines
100` if that is the real flag) and an example for "view logs for a specific
blueprint run" such as `nemoclaw <name> logs --run-id <id>` (or the actual run
identifier flag your CLI uses), ensuring the `logs` command examples in the docs
match the CLI's implemented flags (update to `-n/--lines` and `--run-id`
variants or remove the two explanatory blocks if those flags do not exist).
- Around line 38-42: The example command shown (nemoclaw <name> status) does not
include the --json flag despite the text saying "For machine-readable output,
add the `--json` flag"; update the example to demonstrate the flag by changing
the command example for the nemoclaw status invocation to include --json (i.e.,
use the nemoclaw <name> status --json form) and ensure the surrounding text
references that exact syntax.
In `@docs/reference/architecture.md`:
- Line 28: Update the sentence that currently says the plugin "handles
user-facing CLI interactions" to accurately reflect the new scope: state that
the plugin runs in-process with the OpenClaw gateway and only registers an
inference provider and the "/nemoclaw" slash command (no longer providing
`openclaw nemoclaw` CLI commands); replace or remove the "CLI interactions"
phrase and mention the inference provider registration and the `/nemoclaw` slash
command explicitly.
In `@docs/reference/troubleshooting.md`:
- Around line 187-190: The docs mention omitting the --run-id flag but the
example only shows "nemoclaw <name> logs"; update the Troubleshooting section by
adding a second example that demonstrates the flag form (e.g., "nemoclaw <name>
logs --run-id <id>") immediately after the existing "nemoclaw <name> logs"
snippet, or if the flag is unsupported remove the sentence referencing --run-id;
locate the text around the "nemoclaw <name> logs" example and the sentence "omit
`--run-id` to view logs from the most recent run" and either insert the flag
example or delete the reference accordingly.
---
Outside diff comments:
In `@docs/reference/architecture.md`:
- Around line 31-49: Update the documented repository tree in
docs/reference/architecture.md to reflect the removed CLI code: remove entries
for cli.ts and the deleted files under commands (launch.ts, connect.ts,
status.ts, logs.ts) and blueprint (resolve.ts, fetch.ts, verify.ts, exec.ts) and
instead show only the remaining artifacts such as src/index.ts,
src/commands/slash.ts, src/blueprint/state.ts (and any other core files that
still exist), plus openclaw.plugin.json and package.json; ensure filenames in
the tree exactly match the current repo (e.g., index.ts, slash.ts, state.ts) so
the doc reflects the actual layout.
---
Nitpick comments:
In `@docs/reference/commands.md`:
- Line 23: The line containing "The `nemoclaw` CLI is the primary interface for
managing NemoClaw sandboxes. It is installed when you run `npm install -g
nemoclaw`." has two sentences on one line; split them so each sentence is on its
own line (e.g., one line with "The `nemoclaw` CLI is the primary interface for
managing NemoClaw sandboxes." and the next line with "It is installed when you
run `npm install -g nemoclaw`.") to satisfy the one-sentence-per-line formatting
guideline.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: c47fb586-0e79-4b74-9099-1384a499d84a
⛔ Files ignored due to path filters (62)
nemoclaw/dist/blueprint/exec.d.tsis excluded by!**/dist/**nemoclaw/dist/blueprint/exec.d.ts.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/blueprint/exec.jsis excluded by!**/dist/**nemoclaw/dist/blueprint/exec.js.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/blueprint/fetch.d.tsis excluded by!**/dist/**nemoclaw/dist/blueprint/fetch.d.ts.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/blueprint/fetch.jsis excluded by!**/dist/**nemoclaw/dist/blueprint/fetch.js.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/blueprint/resolve.d.tsis excluded by!**/dist/**nemoclaw/dist/blueprint/resolve.d.ts.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/blueprint/resolve.jsis excluded by!**/dist/**nemoclaw/dist/blueprint/resolve.js.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/blueprint/verify.d.tsis excluded by!**/dist/**nemoclaw/dist/blueprint/verify.d.ts.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/blueprint/verify.jsis excluded by!**/dist/**nemoclaw/dist/blueprint/verify.js.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/cli.d.tsis excluded by!**/dist/**nemoclaw/dist/cli.d.ts.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/cli.jsis excluded by!**/dist/**nemoclaw/dist/cli.js.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/commands/connect.d.tsis excluded by!**/dist/**nemoclaw/dist/commands/connect.d.ts.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/commands/connect.jsis excluded by!**/dist/**nemoclaw/dist/commands/connect.js.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/commands/eject.d.tsis excluded by!**/dist/**nemoclaw/dist/commands/eject.d.ts.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/commands/eject.jsis excluded by!**/dist/**nemoclaw/dist/commands/eject.js.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/commands/launch.d.tsis excluded by!**/dist/**nemoclaw/dist/commands/launch.d.ts.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/commands/launch.jsis excluded by!**/dist/**nemoclaw/dist/commands/launch.js.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/commands/logs.d.tsis excluded by!**/dist/**nemoclaw/dist/commands/logs.d.ts.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/commands/logs.jsis excluded by!**/dist/**nemoclaw/dist/commands/logs.js.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/commands/migrate.d.tsis excluded by!**/dist/**nemoclaw/dist/commands/migrate.d.ts.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/commands/migrate.jsis excluded by!**/dist/**nemoclaw/dist/commands/migrate.js.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/commands/onboard.d.tsis excluded by!**/dist/**nemoclaw/dist/commands/onboard.d.ts.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/commands/onboard.jsis excluded by!**/dist/**nemoclaw/dist/commands/onboard.js.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/commands/slash.jsis excluded by!**/dist/**nemoclaw/dist/commands/slash.js.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/commands/status.d.tsis excluded by!**/dist/**nemoclaw/dist/commands/status.d.ts.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/commands/status.jsis excluded by!**/dist/**nemoclaw/dist/commands/status.js.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/index.d.tsis excluded by!**/dist/**nemoclaw/dist/index.d.ts.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/index.jsis excluded by!**/dist/**nemoclaw/dist/index.js.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/onboard/prompt.d.tsis excluded by!**/dist/**nemoclaw/dist/onboard/prompt.d.ts.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/onboard/prompt.jsis excluded by!**/dist/**nemoclaw/dist/onboard/prompt.js.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/onboard/validate.d.tsis excluded by!**/dist/**nemoclaw/dist/onboard/validate.d.ts.mapis excluded by!**/dist/**,!**/*.mapnemoclaw/dist/onboard/validate.jsis excluded by!**/dist/**nemoclaw/dist/onboard/validate.js.mapis excluded by!**/dist/**,!**/*.map
📒 Files selected for processing (27)
README.mddocs/about/how-it-works.mddocs/inference/switch-inference-providers.mddocs/monitoring/monitor-sandbox-activity.mddocs/network-policy/customize-network-policy.mddocs/reference/architecture.mddocs/reference/commands.mddocs/reference/troubleshooting.mdnemoclaw-blueprint/policies/openclaw-sandbox.yamlnemoclaw/src/blueprint/exec.tsnemoclaw/src/blueprint/fetch.tsnemoclaw/src/blueprint/resolve.tsnemoclaw/src/blueprint/verify.tsnemoclaw/src/cli.tsnemoclaw/src/commands/connect.tsnemoclaw/src/commands/eject.tsnemoclaw/src/commands/launch.tsnemoclaw/src/commands/logs.tsnemoclaw/src/commands/migrate.tsnemoclaw/src/commands/onboard.tsnemoclaw/src/commands/slash.tsnemoclaw/src/commands/status.test.tsnemoclaw/src/commands/status.tsnemoclaw/src/index.tsnemoclaw/src/onboard/prompt.tsnemoclaw/src/onboard/validate.tstest/e2e-test.sh
💤 Files with no reviewable changes (16)
- README.md
- nemoclaw/src/commands/eject.ts
- nemoclaw/src/cli.ts
- nemoclaw/src/commands/status.ts
- nemoclaw/src/blueprint/fetch.ts
- nemoclaw/src/onboard/prompt.ts
- nemoclaw/src/blueprint/verify.ts
- nemoclaw/src/blueprint/resolve.ts
- nemoclaw/src/blueprint/exec.ts
- nemoclaw/src/commands/onboard.ts
- nemoclaw/src/commands/connect.ts
- nemoclaw/src/commands/migrate.ts
- nemoclaw/src/commands/status.test.ts
- nemoclaw/src/onboard/validate.ts
- nemoclaw/src/commands/launch.ts
- nemoclaw/src/commands/logs.ts
Comment on lines
38
to
42
| For machine-readable output, add the `--json` flag: | ||
|
|
||
| ```console | ||
| $ openclaw nemoclaw status --json | ||
| $ nemoclaw <name> status | ||
| ``` |
Contributor
There was a problem hiding this comment.
Add the --json flag to the example or clarify the instruction.
Line 38 states "For machine-readable output, add the --json flag:" but the command on line 41 does not demonstrate this flag. Readers cannot see the complete syntax.
✅ Suggested fix
For machine-readable output, add the `--json` flag:
```console
-$ nemoclaw <name> status
+$ nemoclaw <name> status --json
</details>
<!-- suggestion_start -->
<details>
<summary>📝 Committable suggestion</summary>
> ‼️ **IMPORTANT**
> Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
```suggestion
For machine-readable output, add the `--json` flag:
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@docs/monitoring/monitor-sandbox-activity.md` around lines 38 - 42, The
example command shown (nemoclaw <name> status) does not include the --json flag
despite the text saying "For machine-readable output, add the `--json` flag";
update the example to demonstrate the flag by changing the command example for
the nemoclaw status invocation to include --json (i.e., use the nemoclaw <name>
status --json form) and ensure the surrounding text references that exact
syntax.
Contributor
There was a problem hiding this comment.
🧹 Nitpick comments (1)
nemoclaw/src/register.test.ts (1)
46-50: Strengthen the “no CLI registration” test to assert behavior, not only shape.This currently checks only that
createMockApi()omitsregisterCli. Consider also invokingregister(api)with an injectedregisterClispy and asserting it is not called, to harden against future regressions.Suggested test adjustment
it("does NOT register CLI commands", () => { const api = createMockApi(); // registerCli should not exist on the API interface after removal expect("registerCli" in api).toBe(false); + + const apiWithCli = { + ...api, + registerCli: vi.fn(), + } as OpenClawPluginApi & { registerCli: ReturnType<typeof vi.fn> }; + + register(apiWithCli as OpenClawPluginApi); + expect(apiWithCli.registerCli).not.toHaveBeenCalled(); });🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@nemoclaw/src/register.test.ts` around lines 46 - 50, The test should not only check the shape of createMockApi() but also that the module's register function does not call a provided registerCli; update the test to create a mock API object that includes a jest spy (or sinon) under the registerCli key, call the module's register(api) function (reference the register function being tested and createMockApi()), and assert that the registerCli spy was never invoked to ensure behavior remains unchanged.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@nemoclaw/src/register.test.ts`:
- Around line 46-50: The test should not only check the shape of createMockApi()
but also that the module's register function does not call a provided
registerCli; update the test to create a mock API object that includes a jest
spy (or sinon) under the registerCli key, call the module's register(api)
function (reference the register function being tested and createMockApi()), and
assert that the registerCli spy was never invoked to ensure behavior remains
unchanged.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: c2a52342-1df1-4144-b1d4-879ff50421ae
📒 Files selected for processing (4)
docs/monitoring/monitor-sandbox-activity.mddocs/reference/architecture.mddocs/reference/troubleshooting.mdnemoclaw/src/register.test.ts
✅ Files skipped from review due to trivial changes (1)
- docs/reference/architecture.md
🚧 Files skipped from review as they are similar to previous changes (2)
- docs/reference/troubleshooting.md
- docs/monitoring/monitor-sandbox-activity.md
miyoungc
approved these changes
Mar 20, 2026
Contributor
miyoungc
left a comment
miyoungc
left a comment
There was a problem hiding this comment.
Approving the doc part. Thank you!
This was referenced Mar 20, 2026
wscurran
added
priority: high
|
Code looks good. Running a test on my dgx-spark as a sanity check before approval since there arelot of files changed.... One moment |
PR #492 Test Results — Claude OpusRan all 7 items from the PR test plan. Results:
Note on 3 pre-existing test failuresThe following tests in
These are environment-dependent installer tests unrelated to the changes in this PR. Plugin-level tests
VerdictNo regressions introduced by this PR. Clean to merge. Next step
Tested by Claude Opus 4.6 |
…ommand Fixes #487, #489. The `openclaw nemoclaw` CLI subcommands have been removed. The NemoClaw host CLI (`nemoclaw`) is the only supported CLI interface. The OpenClaw plugin still registers an inference provider and /nemoclaw slash command inside the sandbox — only the CLI commands are removed. - Delete cli.ts and 8 command files (launch, status, logs, connect, migrate, eject, onboard) - Delete dead code (blueprint/exec, fetch, resolve, verify; onboard/prompt, validate) - Keep slash.ts, migration-state.ts, blueprint/state.ts, onboard/config.ts - Remove registerCli() from index.ts - Update slash command help text to reference nemoclaw host CLI - Remove plugin commands section from README and docs - Update all openclaw nemoclaw references across 7 doc files - Update e2e test assertions for removed dist files
ericksoa
force-pushed
the
fix/issue-487-489-remove-plugin-commands
branch
from
9ee70ca to
069d8d5
Compare
Contributor
There was a problem hiding this comment.
🧹 Nitpick comments (3)
docs/monitoring/monitor-sandbox-activity.md (1)
59-60: Remove extra blank line.There's an extra blank line after the
logs -fcode block (line 60). This appears to be a minor formatting inconsistency.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/monitoring/monitor-sandbox-activity.md` around lines 59 - 60, Remove the extra blank line following the `logs -f` code block in monitor-sandbox-activity.md: locate the `logs -f` fenced code block and delete the blank line immediately after it so the following paragraph or heading follows directly; also trim any trailing whitespace after the code fence to keep Markdown formatting consistent.docs/inference/switch-inference-providers.md (1)
23-24: One sentence per line in source.Lines 23-24 contain two sentences on the same line.
📝 Suggested fix
Split into separate lines:
- Line 23:
Change the active inference model while the sandbox is running.- Line 24:
No restart is required.As per coding guidelines: "One sentence per line in source (makes diffs readable)."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/inference/switch-inference-providers.md` around lines 23 - 24, Split the two sentences currently on the same source line into separate lines so each sentence is on its own line: place "Change the active inference model while the sandbox is running." on its own line and "No restart is required." on the following line in docs/inference/switch-inference-providers.md (the sentences to edit are the ones starting with "Change the active..." and "No restart...").docs/network-policy/customize-network-policy.md (1)
23-24: One sentence per line in source.Lines 23-24 contain multiple sentences on the same line. The coding guidelines require one sentence per line to make diffs readable.
📝 Suggested fix
-Add, remove, or modify the endpoints that the sandbox is allowed to reach. -NemoClaw supports both static policy changes that persist across restarts and dynamic updates to a running sandbox. +Add, remove, or modify the endpoints that the sandbox is allowed to reach. +NemoClaw supports both static policy changes that persist across restarts and dynamic updates to a running sandbox.Note: The diff shows no visual change, but in the source file these should be on separate lines.
As per coding guidelines: "One sentence per line in source (makes diffs readable). Flag paragraphs where multiple sentences appear on the same line."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/network-policy/customize-network-policy.md` around lines 23 - 24, The two sentences "Add, remove, or modify the endpoints that the sandbox is allowed to reach." and "NemoClaw supports both static policy changes that persist across restarts and dynamic updates to a running sandbox." are on the same source line; split them so each sentence is on its own line in the docs file (i.e., place the first sentence on one line and the second sentence on the next) to comply with the one-sentence-per-line guideline.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@docs/inference/switch-inference-providers.md`:
- Around line 23-24: Split the two sentences currently on the same source line
into separate lines so each sentence is on its own line: place "Change the
active inference model while the sandbox is running." on its own line and "No
restart is required." on the following line in
docs/inference/switch-inference-providers.md (the sentences to edit are the ones
starting with "Change the active..." and "No restart...").
In `@docs/monitoring/monitor-sandbox-activity.md`:
- Around line 59-60: Remove the extra blank line following the `logs -f` code
block in monitor-sandbox-activity.md: locate the `logs -f` fenced code block and
delete the blank line immediately after it so the following paragraph or heading
follows directly; also trim any trailing whitespace after the code fence to keep
Markdown formatting consistent.
In `@docs/network-policy/customize-network-policy.md`:
- Around line 23-24: The two sentences "Add, remove, or modify the endpoints
that the sandbox is allowed to reach." and "NemoClaw supports both static policy
changes that persist across restarts and dynamic updates to a running sandbox."
are on the same source line; split them so each sentence is on its own line in
the docs file (i.e., place the first sentence on one line and the second
sentence on the next) to comply with the one-sentence-per-line guideline.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 6c0bba46-ed32-4242-a3a3-979fb16084ba
📒 Files selected for processing (28)
README.mddocs/about/how-it-works.mddocs/inference/switch-inference-providers.mddocs/monitoring/monitor-sandbox-activity.mddocs/network-policy/customize-network-policy.mddocs/reference/architecture.mddocs/reference/commands.mddocs/reference/troubleshooting.mdnemoclaw-blueprint/policies/openclaw-sandbox.yamlnemoclaw/src/blueprint/exec.tsnemoclaw/src/blueprint/fetch.tsnemoclaw/src/blueprint/resolve.tsnemoclaw/src/blueprint/verify.tsnemoclaw/src/cli.tsnemoclaw/src/commands/connect.tsnemoclaw/src/commands/eject.tsnemoclaw/src/commands/launch.tsnemoclaw/src/commands/logs.tsnemoclaw/src/commands/migrate.tsnemoclaw/src/commands/onboard.tsnemoclaw/src/commands/slash.tsnemoclaw/src/commands/status.test.tsnemoclaw/src/commands/status.tsnemoclaw/src/index.tsnemoclaw/src/onboard/prompt.tsnemoclaw/src/onboard/validate.tsnemoclaw/src/register.test.tstest/e2e-test.sh
💤 Files with no reviewable changes (15)
- nemoclaw/src/commands/logs.ts
- nemoclaw/src/commands/status.test.ts
- nemoclaw/src/commands/connect.ts
- nemoclaw/src/blueprint/fetch.ts
- nemoclaw/src/commands/eject.ts
- nemoclaw/src/cli.ts
- nemoclaw/src/blueprint/verify.ts
- nemoclaw/src/commands/launch.ts
- nemoclaw/src/onboard/prompt.ts
- nemoclaw/src/blueprint/exec.ts
- nemoclaw/src/blueprint/resolve.ts
- nemoclaw/src/commands/onboard.ts
- nemoclaw/src/commands/migrate.ts
- nemoclaw/src/commands/status.ts
- nemoclaw/src/onboard/validate.ts
✅ Files skipped from review due to trivial changes (4)
- nemoclaw-blueprint/policies/openclaw-sandbox.yaml
- docs/reference/architecture.md
- docs/reference/commands.md
- nemoclaw/src/register.test.ts
🚧 Files skipped from review as they are similar to previous changes (4)
- README.md
- docs/reference/troubleshooting.md
- test/e2e-test.sh
- docs/about/how-it-works.md
|
running quick nemoclaw onboard + webui test with rebased changes |
|
3 tasks
gn00295120
added a commit
to gn00295120/NemoClaw
that referenced
this pull request
Mar 21, 2026
Fixes a critical vulnerability where createSnapshotBundle() copies the entire ~/.openclaw directory — including auth-profiles.json with live API keys, GitHub PATs, and npm tokens — into the sandbox filesystem. A compromised agent can read these credentials and exfiltrate them. Fix: Two sanitization layers in migration-state.ts: - sanitizeCredentialsInBundle(): deletes auth-profiles.json from agents/ subtree, strips credential fields from openclaw.json - sanitizeExternalRootSnapshot(): strips auth-profiles.json from external root snapshots before archiving Note: Blueprint digest bypass fix (verify.ts/resolve.ts) was dropped from this PR — those modules were deleted upstream in PR NVIDIA#492 as dead code when the openclaw nemoclaw CLI commands were removed. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
3 tasks
gn00295120
added a commit
to gn00295120/NemoClaw
that referenced
this pull request
Mar 22, 2026
architecture.md: - Add host CLI layer (bin/nemoclaw.js + bin/lib/) — was completely missing - Replace 9 deleted TypeScript files (cli.ts, launch.ts, connect.ts, status.ts, logs.ts, resolve.ts, fetch.ts, verify.ts, exec.ts) with the actual files that exist after PR NVIDIA#492 - Update plugin description to reflect current scope (slash command + inference provider only) - Remove "verify digest" step from lifecycle (verify.ts was deleted) commands.md: - Remove openshell term section — this is an OpenShell command, not a NemoClaw command network-policies.md: - Remove telegram from baseline policy table (removed for security hardening — available as opt-in preset) - Merge github and github_rest_api into one entry matching the actual YAML (single github block with both endpoints) - Fix npm_registry rules to match YAML (access: full, not GET only)
3 tasks
gn00295120
added a commit
to gn00295120/NemoClaw
that referenced
this pull request
Mar 22, 2026
Fixes a critical vulnerability where createSnapshotBundle() copies the entire ~/.openclaw directory — including auth-profiles.json with live API keys, GitHub PATs, and npm tokens — into the sandbox filesystem. A compromised agent can read these credentials and exfiltrate them. Fix: Two sanitization layers in migration-state.ts: - sanitizeCredentialsInBundle(): deletes auth-profiles.json from agents/ subtree, strips credential fields from openclaw.json - sanitizeExternalRootSnapshot(): strips auth-profiles.json from external root snapshots before archiving Note: Blueprint digest bypass fix (verify.ts/resolve.ts) was dropped from this PR — those modules were deleted upstream in PR NVIDIA#492 as dead code when the openclaw nemoclaw CLI commands were removed.
gn00295120
added a commit
to gn00295120/NemoClaw
that referenced
this pull request
Mar 22, 2026
Fixes a critical vulnerability where createSnapshotBundle() copies the entire ~/.openclaw directory — including auth-profiles.json with live API keys, GitHub PATs, and npm tokens — into the sandbox filesystem. A compromised agent can read these credentials and exfiltrate them. Fix: Two sanitization layers in migration-state.ts: - sanitizeCredentialsInBundle(): deletes auth-profiles.json from agents/ subtree, strips credential fields from openclaw.json - sanitizeExternalRootSnapshot(): strips auth-profiles.json from external root snapshots before archiving Note: Blueprint digest bypass fix (verify.ts/resolve.ts) was dropped from this PR — those modules were deleted upstream in PR NVIDIA#492 as dead code when the openclaw nemoclaw CLI commands were removed. Signed-off-by: Lucas Wang <lucas_wang@lucas-futures.com>
This was referenced Mar 22, 2026
16 tasks
Ryuketsukami
pushed a commit
to Ryuketsukami/NemoClaw
that referenced
this pull request
Mar 24, 2026
…ommand (NVIDIA#492) * fix: remove openclaw nemoclaw CLI commands, keep provider and slash command Fixes NVIDIA#487, NVIDIA#489. The `openclaw nemoclaw` CLI subcommands have been removed. The NemoClaw host CLI (`nemoclaw`) is the only supported CLI interface. The OpenClaw plugin still registers an inference provider and /nemoclaw slash command inside the sandbox — only the CLI commands are removed. - Delete cli.ts and 8 command files (launch, status, logs, connect, migrate, eject, onboard) - Delete dead code (blueprint/exec, fetch, resolve, verify; onboard/prompt, validate) - Keep slash.ts, migration-state.ts, blueprint/state.ts, onboard/config.ts - Remove registerCli() from index.ts - Update slash command help text to reference nemoclaw host CLI - Remove plugin commands section from README and docs - Update all openclaw nemoclaw references across 7 doc files - Update e2e test assertions for removed dist files * ci: pass vitest with no test files after removing status.test.ts * test: add plugin registration test verifying no CLI commands registered * docs: fix stale flag references caught by CodeRabbit review
jessesanford
pushed a commit
to jessesanford/NemoClaw
that referenced
this pull request
Mar 24, 2026
…ommand (NVIDIA#492) * fix: remove openclaw nemoclaw CLI commands, keep provider and slash command Fixes NVIDIA#487, NVIDIA#489. The `openclaw nemoclaw` CLI subcommands have been removed. The NemoClaw host CLI (`nemoclaw`) is the only supported CLI interface. The OpenClaw plugin still registers an inference provider and /nemoclaw slash command inside the sandbox — only the CLI commands are removed. - Delete cli.ts and 8 command files (launch, status, logs, connect, migrate, eject, onboard) - Delete dead code (blueprint/exec, fetch, resolve, verify; onboard/prompt, validate) - Keep slash.ts, migration-state.ts, blueprint/state.ts, onboard/config.ts - Remove registerCli() from index.ts - Update slash command help text to reference nemoclaw host CLI - Remove plugin commands section from README and docs - Update all openclaw nemoclaw references across 7 doc files - Update e2e test assertions for removed dist files * ci: pass vitest with no test files after removing status.test.ts * test: add plugin registration test verifying no CLI commands registered * docs: fix stale flag references caught by CodeRabbit review
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
openclaw nemoclawCLI subcommands from the pluginThe NemoClaw host CLI (
nemoclaw) is now the only supported CLI interface. The OpenClaw plugin still registers an inference provider and/nemoclawslash command inside the sandbox — only the CLI subcommands are removed.Changes
Code (-4,408 lines):
cli.tsand 8 command files (launch, status, logs, connect, migrate, eject, onboard, status.test)slash.ts,migration-state.ts,blueprint/state.ts,onboard/config.tsregisterCli()call and related types fromindex.tsnemoclawhost CLIDocs:
openclaw nemoclawreferences withnemoclawequivalents across 6 doc filesTest plan
npm test— 167/167 passnemoclaw helpworksopenclaw nemoclawreferences in source, README, or docsTested 14/14 from a clean clone.
Summary by CodeRabbit
nemoclaw <name> status,nemoclaw <name> logs) and revised onboarding/migration/troubleshooting guidance; retained the /nemoclaw slash command.openclaw nemoclawCLI command registration and associated command implementations; users should use the standalone nemoclaw CLI for those actions.