Skip to content

docs: add deepagents doc variant#6344

Merged
miyoungc merged 21 commits into
mainfrom
deepcode-doc-variant
Jul 7, 2026
Merged

docs: add deepagents doc variant#6344
miyoungc merged 21 commits into
mainfrom
deepcode-doc-variant

Conversation

@miyoungc

@miyoungc miyoungc commented Jul 6, 2026

Copy link
Copy Markdown
Collaborator

Summary

Adds Deep Agents as a first-class documentation variant alongside OpenClaw and Hermes, including navigation, generated variant pages, ecosystem overview, quickstart routing, and shared command-reference coverage.
The PR also updates the agent-variant docs tooling and published-route checker so generated pages are validated after AgentOnly rendering and can use either route-relative or root-absolute docs links.

Deep Agents variant staged preview: https://nvidia-preview-pr-6344.docs.buildwithfern.com/nemoclaw/latest/user-guide/deepagents/home

Related Issue

None.

Changes

  • Add Deep Agents docs navigation, quickstart updates, and docs/about/ecosystem-deepagents.mdx.
  • Extend scripts/sync-agent-variant-docs.ts, scripts/check-docs-published-routes.ts, and related tests for the Deep Agents variant.
  • Consolidate Hermes command-reference content into the shared generated commands page and remove the standalone Hermes commands route.
  • Update shared docs pages across architecture, lifecycle, inference, security, network policy, troubleshooting, backup/restore, host state, and reference pages for three-variant coverage.
  • Update user-guide skill routing copy in .agents/skills/ and skills/.
  • Update the sandbox exec inline doc reference to the consolidated commands doc path.

Type of Change

  • Code change (feature, bug fix, or refactor)
  • Code change with doc updates
  • Doc only (prose changes, no code sample modifications)
  • Doc only (includes code sample changes)

Quality Gates

  • Tests added or updated for changed behavior
  • Existing tests cover changed behavior — justification:
  • Tests not applicable — justification:
  • Docs updated for user-facing behavior changes
  • Docs not applicable — justification:
  • Sensitive paths changed (security, policy, credentials, preflight, onboarding, inference, runner, sandbox, or messaging)
  • Sensitive-path review completed or maintainer-approved waiver recorded — reviewer/approval link/justification:
  • Non-success, skipped, or missing CI check accepted by maintainer — check name, approval link, and follow-up issue:

Verification

  • PR description includes the DCO sign-off declaration and every commit appears as Verified in GitHub
  • Normal pre-commit, commit-msg, and pre-push hooks passed, or npm run check:diff passed when hooks were skipped or unavailable
  • Targeted behavior tests pass for the current change set, or tests are marked not applicable above — command/result or justification: npx vitest run --project integration test/agent-variant-docs.test.ts test/sync-agent-variant-docs.test.ts test/internal-commands-docs.test.ts test/skills-frontmatter.test.ts — 39/39 passed; npm test -- test/repro-5445-docs-published-route.test.ts test/check-docs-published-routes.test.ts — 11/11 passed
  • Applicable broad gate passed — npm test for broad runtime/test-harness changes; npm run check for repo-wide validation/coverage changes — command/result:
  • Quality Gates section completed with required justifications or waivers
  • No secrets, API keys, or credentials committed
  • npm run docs builds without warnings (doc changes only)
  • Doc pages follow the style guide (doc changes only)
  • New doc pages include SPDX header and frontmatter (new pages only)

Signed-off-by: Miyoung Choi miyoungc@nvidia.com

@miyoungc miyoungc self-assigned this Jul 6, 2026
@coderabbitai

coderabbitai Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

Deep Agents is added as a supported NemoClaw variant across docs generation, navigation, onboarding, inference, sandbox lifecycle, security, command references, and validation tests. Variant-specific guidance and links are updated, and generated docs/test tooling now recognize the new variant.

Changes

Deep Agents variant rollout

Layer / File(s) Summary
Variant rendering and generation
docs/_components/AgentGuide.tsx, scripts/sync-agent-variant-docs.ts, test/agent-variant-docs.test.ts, test/internal-commands-docs.test.ts, test/sync-agent-variant-docs.test.ts, test/check-docs-links.test.ts, test/e2e/e2e-cloud-experimental/check-docs.sh
Adds Deep Agents to shared variant resolution, page generation, CLI rewriting, generated-page discovery, and doc-validation tests.
User guide entry points and onboarding
.agents/skills/nemoclaw-user-guide/SKILL.md, skills/nemoclaw-user-guide/SKILL.md, docs/AGENTS.md, docs/CONTRIBUTING.md, docs/index.mdx, docs/index.yml, docs/about/*, docs/get-started/*, docs/deployment/*, README.md, fern/docs.yml
Adds Deep Agents links, onboarding guidance, homepage entries, navigation, redirects, and release-note references across the user-facing docs.
Overview and architecture docs
docs/about/ecosystem-deepagents.mdx, docs/about/how-it-works.mdx, docs/about/overview.mdx, docs/reference/architecture.mdx
Adds Deep Agents ecosystem, overview, and architecture content, including diagram and next-step sections.
Inference guidance
docs/inference/*
Updates inference options, model capability audit, local inference, and provider switching docs with Deep Agents routing, validation, and recreate guidance.
Sandbox lifecycle and state
docs/manage-sandboxes/*, docs/reference/cli-selection-guide.mdx, docs/reference/host-files-and-state.mdx
Adds Deep Agents lifecycle, backup/restore, workspace state, CLI selection, and host-state guidance.
Commands and security reference docs
docs/reference/commands.mdx, docs/reference/network-policies.mdx, docs/reference/troubleshooting.mdx, docs/security/*, src/lib/actions/sandbox/exec.ts
Extends commands, network-policy, troubleshooting, security, and supporting comments with Deep Agents-specific behavior and scoping.

Estimated code review effort: 5 (Critical) | ~120 minutes

Possibly related PRs

  • NVIDIA/NemoClaw#4632: Introduces the shared agent-variant docs infrastructure that this PR extends for Deep Agents.
  • NVIDIA/NemoClaw#4737: Touches the same docs-build/link pipeline pieces that this PR broadens to a third variant.
  • NVIDIA/NemoClaw#331: Modifies the troubleshooting documentation that this PR further scopes for Deep Agents.

Suggested labels: chore

Suggested reviewers: cv

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly and concisely summarizes the main change: adding a Deep Agents documentation variant.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch deepcode-doc-variant

Comment @coderabbitai help to get the list of available commands.

@github-code-quality

github-code-quality Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Code Coverage Overview

Languages: TypeScript

TypeScript / code-coverage/plugin

The overall coverage in the branch is 96%. Coverage data for the branch is not yet available.

Show a code coverage summary of the most covered files.
File 5e4800d +/-
nemoclaw/src/se...cret-scanner.ts 100%
nemoclaw/src/commands/slash.ts 100%
nemoclaw/src/li...bprocess-env.ts 100%
nemoclaw/src/bl...eprint/state.ts 98%
nemoclaw/src/onboard/config.ts 98%
nemoclaw/src/bl...int/snapshot.ts 97%
nemoclaw/src/bl...print/runner.ts 95%
nemoclaw/src/co...ration-state.ts 94%
nemoclaw/src/bl...ate-networks.ts 94%
nemoclaw/src/index.ts 94%

TypeScript / code-coverage/cli

The overall coverage in the branch is 76%. Coverage data for the branch is not yet available.

Show a code coverage summary of the most covered files.
File 5e4800d +/-
src/lib/onboard/preflight.ts 82%
src/lib/actions...all/run-plan.ts 81%
src/lib/state/o...oard-session.ts 80%
src/lib/actions...licy-channel.ts 79%
src/lib/state/sandbox.ts 75%
src/lib/actions...dbox/connect.ts 72%
src/lib/onboard...er-gpu-patch.ts 69%
src/lib/policy/index.ts 66%
src/lib/shields/index.ts 61%
src/lib/onboard.ts 28%

Updated July 07, 2026 20:48 UTC
Code Coverage is in Public Preview. Learn more and provide us with your feedback.

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

@miyoungc miyoungc added area: docs Documentation, examples, guides, or docs build v0.0.75 Release target labels Jul 6, 2026
@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

PR Review Advisor (Nemotron Ultra) — Changes requested

Merge posture: Do not merge yet
Primary next action: Fix PRA-8: Missing sync-target test for troubleshooting.mdx Deep Agents variant; then add or justify PRA-T1.
Open items: 2 required · 12 warnings · 5 suggestions · 8 test follow-ups
Since last review: 1 prior item resolved · 16 still apply · 4 new items found

Action checklist

  • PRA-8 Fix: Missing sync-target test for troubleshooting.mdx Deep Agents variant in test/sync-agent-variant-docs.test.ts:1
  • PRA-9 Fix: Deep Agents credential guidance missing Fern Warning component in docs/reference/troubleshooting.mdx:1088
  • PRA-1 Resolve or justify: Source-of-truth review needed: docs/_components/AgentGuide.tsx:120
  • PRA-2 Resolve or justify: Source-of-truth review needed: docs/_components/AgentGuide.tsx:85
  • PRA-3 Resolve or justify: Source-of-truth review needed: scripts/sync-agent-variant-docs.ts:446
  • PRA-4 Resolve or justify: Source-of-truth review needed: scripts/sync-agent-variant-docs.ts:208
  • PRA-5 Resolve or justify: Source-of-truth review needed: docs/reference/troubleshooting.mdx:1051
  • PRA-6 Resolve or justify: Source-of-truth review needed: ci/platform-matrix.json:156
  • PRA-7 Resolve or justify: Source-of-truth review needed: docs/_components/AgentGuide.tsx:70
  • PRA-10 Resolve or justify: findSharedNavigationSourcePaths excludes deepagents from shared-source detection in scripts/sync-agent-variant-docs.ts:242
  • PRA-11 Resolve or justify: PROTECTED_LITERALS incomplete for Deep Agents CLI patterns and $$nemoclaw sentinels in scripts/sync-agent-variant-docs.ts:446
  • PRA-12 Resolve or justify: AgentOnly silently returns null for unknown variant values in docs/_components/AgentGuide.tsx:80
  • PRA-T1 Add or justify test follow-up: Runtime validation
  • PRA-T2 Add or justify test follow-up: Runtime validation
  • PRA-T3 Add or justify test follow-up: Runtime validation
  • PRA-T4 Add or justify test follow-up: Runtime validation
  • PRA-T5 Add or justify test follow-up: Runtime validation
  • PRA-T6 Add or justify test follow-up: Missing sync-target test for troubleshooting.mdx Deep Agents variant
  • PRA-T7 Add or justify test follow-up: GUARDED_SOURCE_PAGES missing Deep Agents entry points
  • PRA-T8 Add or justify test follow-up: No explicit test for comma-separated AgentOnly variant prop
  • PRA-14 In-scope improvement: resolveGuideVariantFromPathname uses if/else chain instead of path-to-variant map in docs/_components/AgentGuide.tsx:120
  • PRA-15 In-scope improvement: No build-time validation of AgentOnly variant props in sync script in scripts/sync-agent-variant-docs.ts:200
  • PRA-16 In-scope improvement: No explicit test for comma-separated AgentOnly variant prop in test/agent-variant-docs.test.ts:1
  • PRA-17 In-scope improvement: Hermes and Deep Agents 'tested' status lacks explicit caveats for known gaps in ci/platform-matrix.json:156
  • PRA-19 In-scope improvement: Multi-line argument guard correctly mirrors OpenShell constraint with source-of-truth documentation in src/lib/actions/sandbox/exec.ts:180

Findings index

ID Severity Category Location Required action
PRA-1 Resolve/justify architecture Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
PRA-2 Resolve/justify architecture Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
PRA-3 Resolve/justify architecture Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
PRA-4 Resolve/justify architecture Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
PRA-5 Resolve/justify architecture Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
PRA-6 Resolve/justify architecture Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
PRA-7 Resolve/justify architecture Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
PRA-8 Required tests test/sync-agent-variant-docs.test.ts:1 Add a test case in test/sync-agent-variant-docs.test.ts that calls findAgentVariantTargets() and asserts troubleshooting.mdx deepagents target exists.
PRA-9 Required docs docs/reference/troubleshooting.mdx:1088 Wrap the credential guidance paragraph at lines 1088-1100 in <Warning title="Credential Boundary"> component. Audit other Deep Agents troubleshooting sections for similar notable warnings that should use Fern components.
PRA-10 Resolve/justify architecture scripts/sync-agent-variant-docs.ts:242 Update findSharedNavigationSourcePaths() to include deepagents variant in the intersection logic, or create a separate function that finds pages shared across all three variants. The function should compute the intersection of all three variant path sets.
PRA-11 Resolve/justify architecture scripts/sync-agent-variant-docs.ts:446 Audit all shared source pages for Deep Agents CLI fallback patterns (e.g., 'nemoclaw.*--agent deepagents'). Extend PROTECTED_LITERALS or add a separate protection pass for $$nemoclaw patterns that should render as base 'nemoclaw' in all variants.
PRA-12 Resolve/justify architecture docs/_components/AgentGuide.tsx:80 Add development-mode console.warn when variant prop contains values not in the GuideVariant union: if (process.env.NODE_ENV !== 'production') { const unknown = variants.filter(v => !['openclaw','hermes','deepagents'].includes(v)); if (unknown.length) console.warn('[AgentOnly] Unknown variant(s):', unknown); }
PRA-13 Resolve/justify tests scripts/check-docs-published-routes.ts:301 Extend GUARDED_SOURCE_PAGES to include all shared source pages that appear in multiple variants, at minimum the Deep Agents variant entry points listed in index.yml (troubleshooting.mdx, commands.mdx, architecture.mdx, cli-selection-guide.mdx, host-files-and-state.mdx, network-policies.mdx, and resource pages).
PRA-14 Improvement architecture docs/_components/AgentGuide.tsx:120 Replace with: const VARIANT_PATHS = { '/user-guide/deepagents': 'deepagents', '/user-guide/hermes': 'hermes', '/user-guide/openclaw': 'openclaw' }; return Object.entries(VARIANT_PATHS).find(([path]) => pathname.includes(path))?.[1] ?? null;
PRA-15 Improvement architecture scripts/sync-agent-variant-docs.ts:200 In findSharedNavigationSourcePaths() or a new validation step, parse source pages for AgentOnly variant props and assert all values are valid GuideVariant values (including comma-separated). Fail the build with a clear error message if invalid values found.
PRA-16 Improvement tests test/agent-variant-docs.test.ts:1 Add explicit test case with variant="openclaw,hermes" asserting content renders for both openclaw and hermes but not for deepagents.
PRA-17 Improvement docs ci/platform-matrix.json:156 Validate that 'tested' status matches project's release criteria. If gaps remain, consider keeping 'caveated' with updated notes, or add explicit caveats to the 'tested' status notes explaining what 'tested' means (e.g., 'tested for documented onboarding paths; production parity not asserted').
PRA-18 Resolve/justify security docs/reference/troubleshooting.mdx:1100 Use <PASTE_YOUR_API_KEY_HERE> style placeholders consistently instead of tvly-... pattern, matching the pattern used in StarterPrompt.tsx and other docs.
PRA-19 Improvement security src/lib/actions/sandbox/exec.ts:180 No change needed - this is a well-implemented security control with proper source-of-truth documentation. The guard correctly rejects only what OpenShell rejects, avoiding false positives.

🚨 Required before merge

Address these before merging unless a maintainer explicitly overrides the advisor with rationale.

PRA-8 Required — Missing sync-target test for troubleshooting.mdx Deep Agents variant

  • Location: test/sync-agent-variant-docs.test.ts:1
  • Category: tests
  • Problem: No test calls findAgentVariantTargets() and asserts the returned array includes an entry with sourcePath containing 'reference/troubleshooting.mdx' and variant === 'deepagents'. The index.yml includes troubleshooting.mdx in the deepagents variant (line 298), but without a test, a future index.yml change could silently drop it.
  • Impact: Deep Agents users would get a generated troubleshooting page with only OpenClaw/Hermes content if index.yml navigation is accidentally changed. No automated regression protection.
  • Required action: Add a test case in test/sync-agent-variant-docs.test.ts that calls findAgentVariantTargets() and asserts troubleshooting.mdx deepagents target exists.
  • Expected follow-up: Fix before merge or get explicit maintainer override.
  • Verification: Run: npx vitest run --project integration test/sync-agent-variant-docs.test.ts -t 'troubleshooting deepagents target' after adding the test; it should pass with current index.yml.
  • Missing regression test: Add test: 'findAgentVariantTargets includes troubleshooting.mdx for deepagents variant' in test/sync-agent-variant-docs.test.ts
  • Done when: The required change is committed and verification passes: Run: npx vitest run --project integration test/sync-agent-variant-docs.test.ts -t 'troubleshooting deepagents target' after adding the test; it should pass with current index.yml.
  • Evidence: grep -n 'findAgentVariantTargets\|troubleshooting' test/sync-agent-variant-docs.test.ts returns 0 matches. Test file has 4 test blocks, none calling findAgentVariantTargets.

PRA-9 Required — Deep Agents credential guidance missing Fern Warning component

  • Location: docs/reference/troubleshooting.mdx:1088
  • Category: docs
  • Problem: Deep Agents credential guidance at lines 1088-1100 uses plain markdown for critical security content: 'Those files can contain provider credentials or OAuth state that bypasses NemoClaw's host-owned credential boundary.' This should use Fern <Warning> component for visibility, matching the pattern used for OpenClaw/Hermes credential guidance elsewhere in the file.
  • Impact: Security-critical credential boundary guidance lacks visual prominence. Users may miss the warning and place credentials in sandbox .env files, bypassing NemoClaw's host-owned credential boundary.
  • Required action: Wrap the credential guidance paragraph at lines 1088-1100 in <Warning title="Credential Boundary"> component. Audit other Deep Agents troubleshooting sections for similar notable warnings that should use Fern components.
  • Expected follow-up: Fix before merge or get explicit maintainer override.
  • Verification: grep -n -A12 'dcode refuses to start because upstream auth state exists' docs/reference/troubleshooting.mdx and verify the block is wrapped in <Warning title="Credential Boundary">.
  • Missing regression test: Add test in test/agent-variant-docs.test.ts that renders troubleshooting.mdx for deepagents variant and asserts the credential guidance section contains <Warning title="Credential Boundary">.
  • Done when: The required change is committed and verification passes: grep -n -A12 'dcode refuses to start because upstream auth state exists' docs/reference/troubleshooting.mdx and verify the block is wrapped in <Warning title="Credential Boundary">.
  • Evidence: grep -n '<Warning' docs/reference/troubleshooting.mdx shows warnings at lines 22, 92, 789, 863, 2351 but none around the Deep Agents credential guidance section (lines ~1088-1100).
Review findings by urgency: 2 required fixes, 12 items to resolve/justify, 5 in-scope improvements

⚠️ Resolve or justify before merge

Investigate these in the current review; either fix them, explain why they are not applicable, or document the accepted risk.

PRA-1 Resolve/justify — Source-of-truth review needed: docs/_components/AgentGuide.tsx:120

  • Location: not file-specific
  • Category: architecture
  • Problem: The advisor marked localized patch analysis as needs_followup.
  • Impact: A localized workaround can preserve or hide an invalid state when the source boundary is unclear.
  • Recommended action: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Missing regression test: test/agent-variant-docs.test.ts tests variant resolution for all three variants via pathname
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Evidence: resolveGuideVariantFromPathname uses sequential if statements checking pathname.includes() for each variant path constant

PRA-2 Resolve/justify — Source-of-truth review needed: docs/_components/AgentGuide.tsx:85

  • Location: not file-specific
  • Category: architecture
  • Problem: The advisor marked localized patch analysis as needs_followup.
  • Impact: A localized workaround can preserve or hide an invalid state when the source boundary is unclear.
  • Recommended action: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Missing regression test: test/agent-variant-docs.test.ts tests variant resolution
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Evidence: Function uses if/else chain instead of object map lookup

PRA-3 Resolve/justify — Source-of-truth review needed: scripts/sync-agent-variant-docs.ts:446

  • Location: not file-specific
  • Category: architecture
  • Problem: The advisor marked localized patch analysis as needs_followup.
  • Impact: A localized workaround can preserve or hide an invalid state when the source boundary is unclear.
  • Recommended action: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Missing regression test: No existing test for this; PRA-T4 describes needed test
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Evidence: PROTECTED_LITERALS array only has two entries for onboard --agent patterns, no protection for $$nemoclaw sentinel

PRA-4 Resolve/justify — Source-of-truth review needed: scripts/sync-agent-variant-docs.ts:208

  • Location: not file-specific
  • Category: architecture
  • Problem: The advisor marked localized patch analysis as needs_followup.
  • Impact: A localized workaround can preserve or hide an invalid state when the source boundary is unclear.
  • Recommended action: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Missing regression test: No existing test for three-way intersection; PRA-T3 describes needed test
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Evidence: Function only collects paths from openclaw and hermes variants, deepagents not included in intersection

PRA-5 Resolve/justify — Source-of-truth review needed: docs/reference/troubleshooting.mdx:1051

  • Location: not file-specific
  • Category: architecture
  • Problem: The advisor marked localized patch analysis as needs_followup.
  • Impact: A localized workaround can preserve or hide an invalid state when the source boundary is unclear.
  • Recommended action: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Missing regression test: PRA-T2 describes needed test
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Evidence: Credential guidance paragraph at lines 1088-1100 uses plain markdown; other warnings in file use <Warning> component (lines 22, 92, 789, 863, 2351)

PRA-6 Resolve/justify — Source-of-truth review needed: ci/platform-matrix.json:156

  • Location: not file-specific
  • Category: architecture
  • Problem: The advisor marked localized patch analysis as needs_followup.
  • Impact: A localized workaround can preserve or hide an invalid state when the source boundary is unclear.
  • Recommended action: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Missing regression test: N/A - policy decision
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Evidence: Hermes status changed from 'caveated' to 'tested', Deep Agents from 'experimental' to 'tested', but notes still describe gaps

PRA-7 Resolve/justify — Source-of-truth review needed: docs/_components/AgentGuide.tsx:70

  • Location: not file-specific
  • Category: architecture
  • Problem: The advisor marked localized patch analysis as needs_followup.
  • Impact: A localized workaround can preserve or hide an invalid state when the source boundary is unclear.
  • Recommended action: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Missing regression test: PRA-T8 describes needed test
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Evidence: AgentOnly component accepts variant: GuideVariant | string and splits on comma but has no build-time validation

PRA-10 Resolve/justify — findSharedNavigationSourcePaths excludes deepagents from shared-source detection

  • Location: scripts/sync-agent-variant-docs.ts:242
  • Category: architecture
  • Problem: findSharedNavigationSourcePaths() only computes the intersection of openclaw and hermes navigation paths. It excludes the deepagents variant from shared-source detection, meaning pages shared across all three variants (or deepagents+one other) are not recognized as shared sources for placeholder validation.
  • Impact: Pages that appear in deepagents and only one other variant may incorrectly pass assertNoUnsharedPlaceholders check, or shared pages across all three variants may not be detected, leading to $$nemoclaw sentinel rendering literally in generated output.
  • Recommended action: Update findSharedNavigationSourcePaths() to include deepagents variant in the intersection logic, or create a separate function that finds pages shared across all three variants. The function should compute the intersection of all three variant path sets.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: grep -n 'findSharedNavigationSourcePaths' scripts/sync-agent-variant-docs.ts and verify it collects paths from all three variants (openclaw, hermes, deepagents).
  • Missing regression test: Add test that creates a three-variant index.yml with a page shared across all three, runs findSharedNavigationSourcePaths, and asserts the page is in the returned set.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: grep -n 'findSharedNavigationSourcePaths' scripts/sync-agent-variant-docs.ts and verify it collects paths from all three variants (openclaw, hermes, deepagents).
  • Evidence: Function at line 242 only references openclaw and hermes variants: 'const openclaw = userGuide?.variants?.find((variant) => variant.slug === "openclaw"); const hermes = userGuide?.variants?.find((variant) => variant.slug === "hermes");' — deepagents not included.

PRA-11 Resolve/justify — PROTECTED_LITERALS incomplete for Deep Agents CLI patterns and $$nemoclaw sentinels

  • Location: scripts/sync-agent-variant-docs.ts:446
  • Category: architecture
  • Problem: PROTECTED_LITERALS only protects 'nemoclaw onboard --agent hermes' and 'nemoclaw onboard --agent langchain-deepagents-code' patterns. It does not protect $$nemoclaw sentinel patterns that should render as base 'nemoclaw' in all variants (e.g., in shared troubleshooting or architecture pages where the CLI name should not be rewritten).
  • Impact: Shared source pages containing $$nemoclaw that should resolve to 'nemoclaw' in all variants (not variant-specific CLI names) will have the sentinel incorrectly rewritten to variant-specific CLIs, breaking the intended placeholder behavior.
  • Recommended action: Audit all shared source pages for Deep Agents CLI fallback patterns (e.g., 'nemoclaw.*--agent deepagents'). Extend PROTECTED_LITERALS or add a separate protection pass for $$nemoclaw patterns that should render as base 'nemoclaw' in all variants.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: grep -n 'PROTECTED_LITERALS' scripts/sync-agent-variant-docs.ts and verify it includes protection for $$nemoclaw sentinel patterns that should not be variant-rewritten.
  • Missing regression test: Add test in test/sync-agent-variant-docs.test.ts with a shared source page containing $$nemoclaw that should remain 'nemoclaw' in all variants, render for each variant, and assert the output contains 'nemoclaw' not variant-specific CLI names.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: grep -n 'PROTECTED_LITERALS' scripts/sync-agent-variant-docs.ts and verify it includes protection for $$nemoclaw sentinel patterns that should not be variant-rewritten.
  • Evidence: PROTECTED_LITERALS array at line 446 only has two entries for onboard --agent patterns, no protection for $$nemoclaw sentinel.

PRA-12 Resolve/justify — AgentOnly silently returns null for unknown variant values

  • Location: docs/_components/AgentGuide.tsx:80
  • Category: architecture
  • Problem: AgentOnly component silently returns null when variant prop contains values not in the GuideVariant union (openclaw, hermes, deepagents). No development-mode warning is emitted for unknown variant values, making typos in variant props silent failures.
  • Impact: Typos in AgentOnly variant props (e.g., variant="deepagent" instead of "deepagents") will cause content to disappear without any warning, leading to missing documentation in generated variants.
  • Recommended action: Add development-mode console.warn when variant prop contains values not in the GuideVariant union: if (process.env.NODE_ENV !== 'production') { const unknown = variants.filter(v => !['openclaw','hermes','deepagents'].includes(v)); if (unknown.length) console.warn('[AgentOnly] Unknown variant(s):', unknown); }
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Check docs/_components/AgentGuide.tsx AgentOnly component for development-mode warning on unknown variants.
  • Missing regression test: Add test in test/agent-variant-docs.test.ts that renders AgentOnly with unknown variant and asserts console.warn is called in development mode.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Check docs/_components/AgentGuide.tsx AgentOnly component for development-mode warning on unknown variants.
  • Evidence: AgentOnly component at line 80 splits variant by comma and checks inclusion but has no validation for unknown values before returning null.

PRA-13 Resolve/justify — GUARDED_SOURCE_PAGES missing Deep Agents entry points

  • Location: scripts/check-docs-published-routes.ts:301
  • Category: tests
  • Problem: GUARDED_SOURCE_PAGES only includes 'reference/commands.mdx' and 'reference/platform-support.mdx'. It is missing Deep Agents variant entry points listed in index.yml such as troubleshooting.mdx, commands.mdx, architecture.mdx, cli-selection-guide.mdx, host-files-and-state.mdx, network-policies.mdx, and resource pages.
  • Impact: Link drift on Deep Agents shared source pages will not be caught by the published route checker, allowing broken links to reach production for the Deep Agents variant.
  • Recommended action: Extend GUARDED_SOURCE_PAGES to include all shared source pages that appear in multiple variants, at minimum the Deep Agents variant entry points listed in index.yml (troubleshooting.mdx, commands.mdx, architecture.mdx, cli-selection-guide.mdx, host-files-and-state.mdx, network-policies.mdx, and resource pages).
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: grep -n 'GUARDED_SOURCE_PAGES' scripts/check-docs-published-routes.ts and verify it includes all shared source pages from index.yml deepagents variant.
  • Missing regression test: Add test in test/check-docs-published-routes.test.ts that verifies findBrokenPublishedRoutes is called for at least one Deep Agents shared source page (e.g., troubleshooting.mdx).
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: grep -n 'GUARDED_SOURCE_PAGES' scripts/check-docs-published-routes.ts and verify it includes all shared source pages from index.yml deepagents variant.
  • Evidence: GUARDED_SOURCE_PAGES array at line 301 only has 2 entries; index.yml lines 260-330 show deepagents variant includes troubleshooting, commands, architecture, cli-selection-guide, host-files-and-state, network-policies, agent-skills, license pages.

PRA-18 Resolve/justify — Inconsistent credential placeholder style in Deep Agents Tavily section

  • Location: docs/reference/troubleshooting.mdx:1100
  • Category: security
  • Problem: The Deep Agents credential guidance section correctly advises against putting credentials in sandbox .env files, but the example command 'export TAVILY_API_KEY=tvly-...' in the Tavily section uses a placeholder that could be mistaken for a real key pattern. While tvly- is clearly a placeholder prefix, the pattern of showing export with a value could encourage users to put real keys in shell history.
  • Impact: Low - the placeholder is clearly marked, but consistent redaction style (using <PASTE_YOUR_API_KEY_HERE> as used elsewhere in the docs) would be safer.
  • Recommended action: Use <PASTE_YOUR_API_KEY_HERE> style placeholders consistently instead of tvly-... pattern, matching the pattern used in StarterPrompt.tsx and other docs.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: grep -n 'export TAVILY_API_KEY=' docs/reference/troubleshooting.mdx and verify placeholder style.
  • Missing regression test: N/A - style consistency issue.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: grep -n 'export TAVILY_API_KEY=' docs/reference/troubleshooting.mdx and verify placeholder style.
  • Evidence: Line ~1120 in troubleshooting.mdx shows 'export TAVILY_API_KEY=tvly-...' while StarterPrompt.tsx uses '<PASTE_YOUR_API_KEY_HERE>' pattern.

💡 In-scope improvements

These are lower-risk, not throwaway. Prefer fixing them in this PR when they are local to changed code; defer only with rationale or a linked follow-up.

PRA-14 Improvement — resolveGuideVariantFromPathname uses if/else chain instead of path-to-variant map

  • Location: docs/_components/AgentGuide.tsx:120
  • Category: architecture
  • Problem: resolveGuideVariantFromPathname uses an if/else chain instead of a path-to-variant map. This is less maintainable and harder to extend.
  • Impact: Adding new variants requires modifying the function body rather than updating a data structure. Error-prone for future extensions.
  • Suggested action: Replace with: const VARIANT_PATHS = { '/user-guide/deepagents': 'deepagents', '/user-guide/hermes': 'hermes', '/user-guide/openclaw': 'openclaw' }; return Object.entries(VARIANT_PATHS).find(([path]) => pathname.includes(path))?.[1] ?? null;
  • Expected follow-up: Prefer a current-PR fix when local to changed code; defer only with rationale or linked follow-up.
  • Verification: Check docs/_components/AgentGuide.tsx resolveGuideVariantFromPathname function for map-based implementation.
  • Missing regression test: Existing tests in test/agent-variant-docs.test.ts cover variant resolution; ensure they still pass after refactor.
  • Done when: The local improvement is applied, or the PR notes why it should be deferred.
  • Evidence: Function at line 120 uses sequential if statements: if (pathname.includes(DEEPAGENTS_PATH)) return "deepagents"; if (pathname.includes(HERMES_PATH)) return "hermes"; if (pathname.includes(OPENCLAW_PATH)) return "openclaw";

PRA-15 Improvement — No build-time validation of AgentOnly variant props in sync script

  • Location: scripts/sync-agent-variant-docs.ts:200
  • Category: architecture
  • Problem: No build-time validation of AgentOnly variant props in the sync script. Invalid variant values in source pages are only caught at render time (or not at all).
  • Impact: Typos in AgentOnly variant props in source MDX files will silently cause content to be dropped in generated variants without build-time failure.
  • Suggested action: In findSharedNavigationSourcePaths() or a new validation step, parse source pages for AgentOnly variant props and assert all values are valid GuideVariant values (including comma-separated). Fail the build with a clear error message if invalid values found.
  • Expected follow-up: Prefer a current-PR fix when local to changed code; defer only with rationale or linked follow-up.
  • Verification: Check scripts/sync-agent-variant-docs.ts for a validation pass that parses AgentOnly variant props from shared source pages.
  • Missing regression test: Add test in test/sync-agent-variant-docs.test.ts with a source page containing invalid AgentOnly variant, run sync, and assert build fails with clear error.
  • Done when: The local improvement is applied, or the PR notes why it should be deferred.
  • Evidence: No validation step exists in sync script; assertNoUnsharedPlaceholders only checks for $$nemoclaw sentinels, not AgentOnly variant prop validity.

PRA-16 Improvement — No explicit test for comma-separated AgentOnly variant prop

  • Location: test/agent-variant-docs.test.ts:1
  • Category: tests
  • Problem: No explicit test for comma-separated AgentOnly variant prop (e.g., variant="openclaw,hermes"). The component supports comma-separated values but test coverage only exercises single-variant and three-variant cases.
  • Impact: Comma-separated variant props could regress without detection. The parsing logic in AgentOnly splits on commas but this behavior is not explicitly tested.
  • Suggested action: Add explicit test case with variant="openclaw,hermes" asserting content renders for both openclaw and hermes but not for deepagents.
  • Expected follow-up: Prefer a current-PR fix when local to changed code; defer only with rationale or linked follow-up.
  • Verification: Check test/agent-variant-docs.test.ts for test case with comma-separated variant prop.
  • Missing regression test: Add test: 'AgentOnly with comma-separated variant prop renders for matching variants only' in test/agent-variant-docs.test.ts.
  • Done when: The local improvement is applied, or the PR notes why it should be deferred.
  • Evidence: test/agent-variant-docs.test.ts has tests for single variants and 'openclaw,hermes' content in source but no test asserting the comma-separated parsing behavior specifically.

PRA-17 Improvement — Hermes and Deep Agents 'tested' status lacks explicit caveats for known gaps

  • Location: ci/platform-matrix.json:156
  • Category: docs
  • Problem: Hermes and Deep Agents 'tested' status lacks explicit caveats for known gaps. Hermes status was changed from 'caveated' to 'tested' and Deep Agents from 'experimental' to 'tested', but the notes still describe structural gaps (empty model-provider compatibility registry, no Hermes-specific unit tests, macOS/WSL CI not differentiated).
  • Impact: Users may interpret 'tested' as production parity with OpenClaw when known gaps remain. The status should either remain 'caveated' with updated notes, or 'tested' status notes should explicitly define what 'tested' means in this context.
  • Suggested action: Validate that 'tested' status matches project's release criteria. If gaps remain, consider keeping 'caveated' with updated notes, or add explicit caveats to the 'tested' status notes explaining what 'tested' means (e.g., 'tested for documented onboarding paths; production parity not asserted').
  • Expected follow-up: Prefer a current-PR fix when local to changed code; defer only with rationale or linked follow-up.
  • Verification: Check ci/platform-matrix.json agents section for Hermes and Deep Agents status and notes fields.
  • Missing regression test: N/A - documentation policy decision; validate via maintainer review.
  • Done when: The local improvement is applied, or the PR notes why it should be deferred.
  • Evidence: Hermes notes: 'Known structural gaps: model-provider compatibility registry is empty... no Hermes-specific unit tests... macOS and WSL CI suites do not differentiate agents. Suitable for evaluation... production parity with OpenClaw is not yet asserted.' Deep Agents notes similar.

PRA-19 Improvement — Multi-line argument guard correctly mirrors OpenShell constraint with source-of-truth documentation

  • Location: src/lib/actions/sandbox/exec.ts:180
  • Category: security
  • Problem: The multi-line argument guard (findMultilineExecArg) deliberately mirrors OpenShell's exact constraint (only \r and \n) and documents the source-of-truth rationale. This is a good security practice - validating the constraint at the trust boundary rather than broadly. The cleanupOpenClawAfterExec function restores mutable config permissions after exec commands, which is a defense-in-depth measure for OpenClaw sandboxes.
  • Impact: Positive - the multi-line guard prevents argv injection issues and the permission cleanup restores security posture after one-shot exec commands. The source-of-truth comment is thorough.
  • Suggested action: No change needed - this is a well-implemented security control with proper source-of-truth documentation. The guard correctly rejects only what OpenShell rejects, avoiding false positives.
  • Expected follow-up: Prefer a current-PR fix when local to changed code; defer only with rationale or linked follow-up.
  • Verification: Review the MULTILINE_ARG_PATTERN and findMultilineExecArg function - they correctly handle CRLF, CR, LF without over-matching Unicode line separators.
  • Missing regression test: Existing tests in exec.test.ts cover the multi-line guard ([Linux][CLI&UX] nemoclaw <sb> exec rejects multi-line bash heredocs with "command argument contains newline" — single-line / semicolon workaround works #5980).
  • Done when: The local improvement is applied, or the PR notes why it should be deferred.
  • Evidence: MULTILINE_ARG_PATTERN = /[\r\n]/ at line 180 with detailed comment explaining source-of-truth boundary at OpenShell's exec argv contract, tracked upstream in sandbox exec: allow (or document) multi-line command arguments containing newline/CR OpenShell#2110.
Simplification opportunities: 1 possible cut, net -5 lines possible

These are safe simplification checks only. Do not remove validation, security controls, data-loss prevention, or required tests.

  • PRA-14 native (docs/_components/AgentGuide.tsx:120): if/else chain in resolveGuideVariantFromPathname
    • Replacement: Object.entries(VARIANT_PATHS).find(([path]) => pathname.includes(path))?.[1] ?? null
    • Net: -5 lines
    • Safety boundary: Must preserve exact variant detection behavior for all three variants; existing tests must pass
Test follow-ups to resolve or justify

If these cover changed behavior, prefer adding them in this PR; otherwise state why existing coverage is enough or link the follow-up.

  • PRA-T1 Runtime validation — Add test: 'findAgentVariantTargets includes troubleshooting.mdx for deepagents variant' in test/sync-agent-variant-docs.test.ts. Runtime/sandbox/infrastructure paths need behavioral runtime validation: .agents/skills/nemoclaw-user-guide/SKILL.md, README.md, ci/platform-matrix.json, docs/AGENTS.md, docs/CONTRIBUTING.md, docs/_components/AgentGuide.tsx, docs/_components/StarterPrompt.tsx, docs/about/ecosystem-deepagents.mdx.
  • PRA-T2 Runtime validation — Add test in test/agent-variant-docs.test.ts that renders troubleshooting.mdx for deepagents variant and asserts the credential guidance section contains <Warning title="Credential Boundary">. Runtime/sandbox/infrastructure paths need behavioral runtime validation: .agents/skills/nemoclaw-user-guide/SKILL.md, README.md, ci/platform-matrix.json, docs/AGENTS.md, docs/CONTRIBUTING.md, docs/_components/AgentGuide.tsx, docs/_components/StarterPrompt.tsx, docs/about/ecosystem-deepagents.mdx.
  • PRA-T3 Runtime validation — Add test that creates a three-variant index.yml with a page shared across all three, runs findSharedNavigationSourcePaths, and asserts the page is in the returned set. Runtime/sandbox/infrastructure paths need behavioral runtime validation: .agents/skills/nemoclaw-user-guide/SKILL.md, README.md, ci/platform-matrix.json, docs/AGENTS.md, docs/CONTRIBUTING.md, docs/_components/AgentGuide.tsx, docs/_components/StarterPrompt.tsx, docs/about/ecosystem-deepagents.mdx.
  • PRA-T4 Runtime validation — Add test in test/sync-agent-variant-docs.test.ts with a shared source page containing $$nemoclaw that should remain 'nemoclaw' in all variants, render for each variant, and assert the output contains 'nemoclaw' not variant-specific CLI names. Runtime/sandbox/infrastructure paths need behavioral runtime validation: .agents/skills/nemoclaw-user-guide/SKILL.md, README.md, ci/platform-matrix.json, docs/AGENTS.md, docs/CONTRIBUTING.md, docs/_components/AgentGuide.tsx, docs/_components/StarterPrompt.tsx, docs/about/ecosystem-deepagents.mdx.
  • PRA-T5 Runtime validation — Add test in test/agent-variant-docs.test.ts that renders AgentOnly with unknown variant and asserts console.warn is called in development mode. Runtime/sandbox/infrastructure paths need behavioral runtime validation: .agents/skills/nemoclaw-user-guide/SKILL.md, README.md, ci/platform-matrix.json, docs/AGENTS.md, docs/CONTRIBUTING.md, docs/_components/AgentGuide.tsx, docs/_components/StarterPrompt.tsx, docs/about/ecosystem-deepagents.mdx.
  • PRA-T6 Missing sync-target test for troubleshooting.mdx Deep Agents variant — Add a test case in test/sync-agent-variant-docs.test.ts that calls findAgentVariantTargets() and asserts troubleshooting.mdx deepagents target exists.
  • PRA-T7 GUARDED_SOURCE_PAGES missing Deep Agents entry points — Extend GUARDED_SOURCE_PAGES to include all shared source pages that appear in multiple variants, at minimum the Deep Agents variant entry points listed in index.yml (troubleshooting.mdx, commands.mdx, architecture.mdx, cli-selection-guide.mdx, host-files-and-state.mdx, network-policies.mdx, and resource pages).
  • PRA-T8 No explicit test for comma-separated AgentOnly variant prop — Add explicit test case with variant="openclaw,hermes" asserting content renders for both openclaw and hermes but not for deepagents.
Since last review details

Current findings, using the urgency labels above:

PRA-1 Resolve/justify — Source-of-truth review needed: docs/_components/AgentGuide.tsx:120

  • Location: not file-specific
  • Category: architecture
  • Problem: The advisor marked localized patch analysis as needs_followup.
  • Impact: A localized workaround can preserve or hide an invalid state when the source boundary is unclear.
  • Recommended action: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Missing regression test: test/agent-variant-docs.test.ts tests variant resolution for all three variants via pathname
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Evidence: resolveGuideVariantFromPathname uses sequential if statements checking pathname.includes() for each variant path constant

PRA-2 Resolve/justify — Source-of-truth review needed: docs/_components/AgentGuide.tsx:85

  • Location: not file-specific
  • Category: architecture
  • Problem: The advisor marked localized patch analysis as needs_followup.
  • Impact: A localized workaround can preserve or hide an invalid state when the source boundary is unclear.
  • Recommended action: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Missing regression test: test/agent-variant-docs.test.ts tests variant resolution
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Evidence: Function uses if/else chain instead of object map lookup

PRA-3 Resolve/justify — Source-of-truth review needed: scripts/sync-agent-variant-docs.ts:446

  • Location: not file-specific
  • Category: architecture
  • Problem: The advisor marked localized patch analysis as needs_followup.
  • Impact: A localized workaround can preserve or hide an invalid state when the source boundary is unclear.
  • Recommended action: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Missing regression test: No existing test for this; PRA-T4 describes needed test
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Evidence: PROTECTED_LITERALS array only has two entries for onboard --agent patterns, no protection for $$nemoclaw sentinel

PRA-4 Resolve/justify — Source-of-truth review needed: scripts/sync-agent-variant-docs.ts:208

  • Location: not file-specific
  • Category: architecture
  • Problem: The advisor marked localized patch analysis as needs_followup.
  • Impact: A localized workaround can preserve or hide an invalid state when the source boundary is unclear.
  • Recommended action: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Missing regression test: No existing test for three-way intersection; PRA-T3 describes needed test
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Evidence: Function only collects paths from openclaw and hermes variants, deepagents not included in intersection

PRA-5 Resolve/justify — Source-of-truth review needed: docs/reference/troubleshooting.mdx:1051

  • Location: not file-specific
  • Category: architecture
  • Problem: The advisor marked localized patch analysis as needs_followup.
  • Impact: A localized workaround can preserve or hide an invalid state when the source boundary is unclear.
  • Recommended action: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Missing regression test: PRA-T2 describes needed test
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Evidence: Credential guidance paragraph at lines 1088-1100 uses plain markdown; other warnings in file use <Warning> component (lines 22, 92, 789, 863, 2351)

PRA-6 Resolve/justify — Source-of-truth review needed: ci/platform-matrix.json:156

  • Location: not file-specific
  • Category: architecture
  • Problem: The advisor marked localized patch analysis as needs_followup.
  • Impact: A localized workaround can preserve or hide an invalid state when the source boundary is unclear.
  • Recommended action: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Missing regression test: N/A - policy decision
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Evidence: Hermes status changed from 'caveated' to 'tested', Deep Agents from 'experimental' to 'tested', but notes still describe gaps

PRA-7 Resolve/justify — Source-of-truth review needed: docs/_components/AgentGuide.tsx:70

  • Location: not file-specific
  • Category: architecture
  • Problem: The advisor marked localized patch analysis as needs_followup.
  • Impact: A localized workaround can preserve or hide an invalid state when the source boundary is unclear.
  • Recommended action: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Missing regression test: PRA-T8 describes needed test
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Evidence: AgentOnly component accepts variant: GuideVariant | string and splits on comma but has no build-time validation

PRA-8 Required — Missing sync-target test for troubleshooting.mdx Deep Agents variant

  • Location: test/sync-agent-variant-docs.test.ts:1
  • Category: tests
  • Problem: No test calls findAgentVariantTargets() and asserts the returned array includes an entry with sourcePath containing 'reference/troubleshooting.mdx' and variant === 'deepagents'. The index.yml includes troubleshooting.mdx in the deepagents variant (line 298), but without a test, a future index.yml change could silently drop it.
  • Impact: Deep Agents users would get a generated troubleshooting page with only OpenClaw/Hermes content if index.yml navigation is accidentally changed. No automated regression protection.
  • Required action: Add a test case in test/sync-agent-variant-docs.test.ts that calls findAgentVariantTargets() and asserts troubleshooting.mdx deepagents target exists.
  • Expected follow-up: Fix before merge or get explicit maintainer override.
  • Verification: Run: npx vitest run --project integration test/sync-agent-variant-docs.test.ts -t 'troubleshooting deepagents target' after adding the test; it should pass with current index.yml.
  • Missing regression test: Add test: 'findAgentVariantTargets includes troubleshooting.mdx for deepagents variant' in test/sync-agent-variant-docs.test.ts
  • Done when: The required change is committed and verification passes: Run: npx vitest run --project integration test/sync-agent-variant-docs.test.ts -t 'troubleshooting deepagents target' after adding the test; it should pass with current index.yml.
  • Evidence: grep -n 'findAgentVariantTargets\|troubleshooting' test/sync-agent-variant-docs.test.ts returns 0 matches. Test file has 4 test blocks, none calling findAgentVariantTargets.

PRA-9 Required — Deep Agents credential guidance missing Fern Warning component

  • Location: docs/reference/troubleshooting.mdx:1088
  • Category: docs
  • Problem: Deep Agents credential guidance at lines 1088-1100 uses plain markdown for critical security content: 'Those files can contain provider credentials or OAuth state that bypasses NemoClaw's host-owned credential boundary.' This should use Fern <Warning> component for visibility, matching the pattern used for OpenClaw/Hermes credential guidance elsewhere in the file.
  • Impact: Security-critical credential boundary guidance lacks visual prominence. Users may miss the warning and place credentials in sandbox .env files, bypassing NemoClaw's host-owned credential boundary.
  • Required action: Wrap the credential guidance paragraph at lines 1088-1100 in <Warning title="Credential Boundary"> component. Audit other Deep Agents troubleshooting sections for similar notable warnings that should use Fern components.
  • Expected follow-up: Fix before merge or get explicit maintainer override.
  • Verification: grep -n -A12 'dcode refuses to start because upstream auth state exists' docs/reference/troubleshooting.mdx and verify the block is wrapped in <Warning title="Credential Boundary">.
  • Missing regression test: Add test in test/agent-variant-docs.test.ts that renders troubleshooting.mdx for deepagents variant and asserts the credential guidance section contains <Warning title="Credential Boundary">.
  • Done when: The required change is committed and verification passes: grep -n -A12 'dcode refuses to start because upstream auth state exists' docs/reference/troubleshooting.mdx and verify the block is wrapped in <Warning title="Credential Boundary">.
  • Evidence: grep -n '<Warning' docs/reference/troubleshooting.mdx shows warnings at lines 22, 92, 789, 863, 2351 but none around the Deep Agents credential guidance section (lines ~1088-1100).

PRA-10 Resolve/justify — findSharedNavigationSourcePaths excludes deepagents from shared-source detection

  • Location: scripts/sync-agent-variant-docs.ts:242
  • Category: architecture
  • Problem: findSharedNavigationSourcePaths() only computes the intersection of openclaw and hermes navigation paths. It excludes the deepagents variant from shared-source detection, meaning pages shared across all three variants (or deepagents+one other) are not recognized as shared sources for placeholder validation.
  • Impact: Pages that appear in deepagents and only one other variant may incorrectly pass assertNoUnsharedPlaceholders check, or shared pages across all three variants may not be detected, leading to $$nemoclaw sentinel rendering literally in generated output.
  • Recommended action: Update findSharedNavigationSourcePaths() to include deepagents variant in the intersection logic, or create a separate function that finds pages shared across all three variants. The function should compute the intersection of all three variant path sets.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: grep -n 'findSharedNavigationSourcePaths' scripts/sync-agent-variant-docs.ts and verify it collects paths from all three variants (openclaw, hermes, deepagents).
  • Missing regression test: Add test that creates a three-variant index.yml with a page shared across all three, runs findSharedNavigationSourcePaths, and asserts the page is in the returned set.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: grep -n 'findSharedNavigationSourcePaths' scripts/sync-agent-variant-docs.ts and verify it collects paths from all three variants (openclaw, hermes, deepagents).
  • Evidence: Function at line 242 only references openclaw and hermes variants: 'const openclaw = userGuide?.variants?.find((variant) => variant.slug === "openclaw"); const hermes = userGuide?.variants?.find((variant) => variant.slug === "hermes");' — deepagents not included.

PRA-11 Resolve/justify — PROTECTED_LITERALS incomplete for Deep Agents CLI patterns and $$nemoclaw sentinels

  • Location: scripts/sync-agent-variant-docs.ts:446
  • Category: architecture
  • Problem: PROTECTED_LITERALS only protects 'nemoclaw onboard --agent hermes' and 'nemoclaw onboard --agent langchain-deepagents-code' patterns. It does not protect $$nemoclaw sentinel patterns that should render as base 'nemoclaw' in all variants (e.g., in shared troubleshooting or architecture pages where the CLI name should not be rewritten).
  • Impact: Shared source pages containing $$nemoclaw that should resolve to 'nemoclaw' in all variants (not variant-specific CLI names) will have the sentinel incorrectly rewritten to variant-specific CLIs, breaking the intended placeholder behavior.
  • Recommended action: Audit all shared source pages for Deep Agents CLI fallback patterns (e.g., 'nemoclaw.*--agent deepagents'). Extend PROTECTED_LITERALS or add a separate protection pass for $$nemoclaw patterns that should render as base 'nemoclaw' in all variants.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: grep -n 'PROTECTED_LITERALS' scripts/sync-agent-variant-docs.ts and verify it includes protection for $$nemoclaw sentinel patterns that should not be variant-rewritten.
  • Missing regression test: Add test in test/sync-agent-variant-docs.test.ts with a shared source page containing $$nemoclaw that should remain 'nemoclaw' in all variants, render for each variant, and assert the output contains 'nemoclaw' not variant-specific CLI names.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: grep -n 'PROTECTED_LITERALS' scripts/sync-agent-variant-docs.ts and verify it includes protection for $$nemoclaw sentinel patterns that should not be variant-rewritten.
  • Evidence: PROTECTED_LITERALS array at line 446 only has two entries for onboard --agent patterns, no protection for $$nemoclaw sentinel.

PRA-12 Resolve/justify — AgentOnly silently returns null for unknown variant values

  • Location: docs/_components/AgentGuide.tsx:80
  • Category: architecture
  • Problem: AgentOnly component silently returns null when variant prop contains values not in the GuideVariant union (openclaw, hermes, deepagents). No development-mode warning is emitted for unknown variant values, making typos in variant props silent failures.
  • Impact: Typos in AgentOnly variant props (e.g., variant="deepagent" instead of "deepagents") will cause content to disappear without any warning, leading to missing documentation in generated variants.
  • Recommended action: Add development-mode console.warn when variant prop contains values not in the GuideVariant union: if (process.env.NODE_ENV !== 'production') { const unknown = variants.filter(v => !['openclaw','hermes','deepagents'].includes(v)); if (unknown.length) console.warn('[AgentOnly] Unknown variant(s):', unknown); }
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Check docs/_components/AgentGuide.tsx AgentOnly component for development-mode warning on unknown variants.
  • Missing regression test: Add test in test/agent-variant-docs.test.ts that renders AgentOnly with unknown variant and asserts console.warn is called in development mode.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Check docs/_components/AgentGuide.tsx AgentOnly component for development-mode warning on unknown variants.
  • Evidence: AgentOnly component at line 80 splits variant by comma and checks inclusion but has no validation for unknown values before returning null.

PRA-13 Resolve/justify — GUARDED_SOURCE_PAGES missing Deep Agents entry points

  • Location: scripts/check-docs-published-routes.ts:301
  • Category: tests
  • Problem: GUARDED_SOURCE_PAGES only includes 'reference/commands.mdx' and 'reference/platform-support.mdx'. It is missing Deep Agents variant entry points listed in index.yml such as troubleshooting.mdx, commands.mdx, architecture.mdx, cli-selection-guide.mdx, host-files-and-state.mdx, network-policies.mdx, and resource pages.
  • Impact: Link drift on Deep Agents shared source pages will not be caught by the published route checker, allowing broken links to reach production for the Deep Agents variant.
  • Recommended action: Extend GUARDED_SOURCE_PAGES to include all shared source pages that appear in multiple variants, at minimum the Deep Agents variant entry points listed in index.yml (troubleshooting.mdx, commands.mdx, architecture.mdx, cli-selection-guide.mdx, host-files-and-state.mdx, network-policies.mdx, and resource pages).
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: grep -n 'GUARDED_SOURCE_PAGES' scripts/check-docs-published-routes.ts and verify it includes all shared source pages from index.yml deepagents variant.
  • Missing regression test: Add test in test/check-docs-published-routes.test.ts that verifies findBrokenPublishedRoutes is called for at least one Deep Agents shared source page (e.g., troubleshooting.mdx).
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: grep -n 'GUARDED_SOURCE_PAGES' scripts/check-docs-published-routes.ts and verify it includes all shared source pages from index.yml deepagents variant.
  • Evidence: GUARDED_SOURCE_PAGES array at line 301 only has 2 entries; index.yml lines 260-330 show deepagents variant includes troubleshooting, commands, architecture, cli-selection-guide, host-files-and-state, network-policies, agent-skills, license pages.

PRA-14 Improvement — resolveGuideVariantFromPathname uses if/else chain instead of path-to-variant map

  • Location: docs/_components/AgentGuide.tsx:120
  • Category: architecture
  • Problem: resolveGuideVariantFromPathname uses an if/else chain instead of a path-to-variant map. This is less maintainable and harder to extend.
  • Impact: Adding new variants requires modifying the function body rather than updating a data structure. Error-prone for future extensions.
  • Suggested action: Replace with: const VARIANT_PATHS = { '/user-guide/deepagents': 'deepagents', '/user-guide/hermes': 'hermes', '/user-guide/openclaw': 'openclaw' }; return Object.entries(VARIANT_PATHS).find(([path]) => pathname.includes(path))?.[1] ?? null;
  • Expected follow-up: Prefer a current-PR fix when local to changed code; defer only with rationale or linked follow-up.
  • Verification: Check docs/_components/AgentGuide.tsx resolveGuideVariantFromPathname function for map-based implementation.
  • Missing regression test: Existing tests in test/agent-variant-docs.test.ts cover variant resolution; ensure they still pass after refactor.
  • Done when: The local improvement is applied, or the PR notes why it should be deferred.
  • Evidence: Function at line 120 uses sequential if statements: if (pathname.includes(DEEPAGENTS_PATH)) return "deepagents"; if (pathname.includes(HERMES_PATH)) return "hermes"; if (pathname.includes(OPENCLAW_PATH)) return "openclaw";

PRA-15 Improvement — No build-time validation of AgentOnly variant props in sync script

  • Location: scripts/sync-agent-variant-docs.ts:200
  • Category: architecture
  • Problem: No build-time validation of AgentOnly variant props in the sync script. Invalid variant values in source pages are only caught at render time (or not at all).
  • Impact: Typos in AgentOnly variant props in source MDX files will silently cause content to be dropped in generated variants without build-time failure.
  • Suggested action: In findSharedNavigationSourcePaths() or a new validation step, parse source pages for AgentOnly variant props and assert all values are valid GuideVariant values (including comma-separated). Fail the build with a clear error message if invalid values found.
  • Expected follow-up: Prefer a current-PR fix when local to changed code; defer only with rationale or linked follow-up.
  • Verification: Check scripts/sync-agent-variant-docs.ts for a validation pass that parses AgentOnly variant props from shared source pages.
  • Missing regression test: Add test in test/sync-agent-variant-docs.test.ts with a source page containing invalid AgentOnly variant, run sync, and assert build fails with clear error.
  • Done when: The local improvement is applied, or the PR notes why it should be deferred.
  • Evidence: No validation step exists in sync script; assertNoUnsharedPlaceholders only checks for $$nemoclaw sentinels, not AgentOnly variant prop validity.

PRA-16 Improvement — No explicit test for comma-separated AgentOnly variant prop

  • Location: test/agent-variant-docs.test.ts:1
  • Category: tests
  • Problem: No explicit test for comma-separated AgentOnly variant prop (e.g., variant="openclaw,hermes"). The component supports comma-separated values but test coverage only exercises single-variant and three-variant cases.
  • Impact: Comma-separated variant props could regress without detection. The parsing logic in AgentOnly splits on commas but this behavior is not explicitly tested.
  • Suggested action: Add explicit test case with variant="openclaw,hermes" asserting content renders for both openclaw and hermes but not for deepagents.
  • Expected follow-up: Prefer a current-PR fix when local to changed code; defer only with rationale or linked follow-up.
  • Verification: Check test/agent-variant-docs.test.ts for test case with comma-separated variant prop.
  • Missing regression test: Add test: 'AgentOnly with comma-separated variant prop renders for matching variants only' in test/agent-variant-docs.test.ts.
  • Done when: The local improvement is applied, or the PR notes why it should be deferred.
  • Evidence: test/agent-variant-docs.test.ts has tests for single variants and 'openclaw,hermes' content in source but no test asserting the comma-separated parsing behavior specifically.

PRA-17 Improvement — Hermes and Deep Agents 'tested' status lacks explicit caveats for known gaps

  • Location: ci/platform-matrix.json:156
  • Category: docs
  • Problem: Hermes and Deep Agents 'tested' status lacks explicit caveats for known gaps. Hermes status was changed from 'caveated' to 'tested' and Deep Agents from 'experimental' to 'tested', but the notes still describe structural gaps (empty model-provider compatibility registry, no Hermes-specific unit tests, macOS/WSL CI not differentiated).
  • Impact: Users may interpret 'tested' as production parity with OpenClaw when known gaps remain. The status should either remain 'caveated' with updated notes, or 'tested' status notes should explicitly define what 'tested' means in this context.
  • Suggested action: Validate that 'tested' status matches project's release criteria. If gaps remain, consider keeping 'caveated' with updated notes, or add explicit caveats to the 'tested' status notes explaining what 'tested' means (e.g., 'tested for documented onboarding paths; production parity not asserted').
  • Expected follow-up: Prefer a current-PR fix when local to changed code; defer only with rationale or linked follow-up.
  • Verification: Check ci/platform-matrix.json agents section for Hermes and Deep Agents status and notes fields.
  • Missing regression test: N/A - documentation policy decision; validate via maintainer review.
  • Done when: The local improvement is applied, or the PR notes why it should be deferred.
  • Evidence: Hermes notes: 'Known structural gaps: model-provider compatibility registry is empty... no Hermes-specific unit tests... macOS and WSL CI suites do not differentiate agents. Suitable for evaluation... production parity with OpenClaw is not yet asserted.' Deep Agents notes similar.

PRA-18 Resolve/justify — Inconsistent credential placeholder style in Deep Agents Tavily section

  • Location: docs/reference/troubleshooting.mdx:1100
  • Category: security
  • Problem: The Deep Agents credential guidance section correctly advises against putting credentials in sandbox .env files, but the example command 'export TAVILY_API_KEY=tvly-...' in the Tavily section uses a placeholder that could be mistaken for a real key pattern. While tvly- is clearly a placeholder prefix, the pattern of showing export with a value could encourage users to put real keys in shell history.
  • Impact: Low - the placeholder is clearly marked, but consistent redaction style (using <PASTE_YOUR_API_KEY_HERE> as used elsewhere in the docs) would be safer.
  • Recommended action: Use <PASTE_YOUR_API_KEY_HERE> style placeholders consistently instead of tvly-... pattern, matching the pattern used in StarterPrompt.tsx and other docs.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: grep -n 'export TAVILY_API_KEY=' docs/reference/troubleshooting.mdx and verify placeholder style.
  • Missing regression test: N/A - style consistency issue.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: grep -n 'export TAVILY_API_KEY=' docs/reference/troubleshooting.mdx and verify placeholder style.
  • Evidence: Line ~1120 in troubleshooting.mdx shows 'export TAVILY_API_KEY=tvly-...' while StarterPrompt.tsx uses '<PASTE_YOUR_API_KEY_HERE>' pattern.

PRA-19 Improvement — Multi-line argument guard correctly mirrors OpenShell constraint with source-of-truth documentation

  • Location: src/lib/actions/sandbox/exec.ts:180
  • Category: security
  • Problem: The multi-line argument guard (findMultilineExecArg) deliberately mirrors OpenShell's exact constraint (only \r and \n) and documents the source-of-truth rationale. This is a good security practice - validating the constraint at the trust boundary rather than broadly. The cleanupOpenClawAfterExec function restores mutable config permissions after exec commands, which is a defense-in-depth measure for OpenClaw sandboxes.
  • Impact: Positive - the multi-line guard prevents argv injection issues and the permission cleanup restores security posture after one-shot exec commands. The source-of-truth comment is thorough.
  • Suggested action: No change needed - this is a well-implemented security control with proper source-of-truth documentation. The guard correctly rejects only what OpenShell rejects, avoiding false positives.
  • Expected follow-up: Prefer a current-PR fix when local to changed code; defer only with rationale or linked follow-up.
  • Verification: Review the MULTILINE_ARG_PATTERN and findMultilineExecArg function - they correctly handle CRLF, CR, LF without over-matching Unicode line separators.
  • Missing regression test: Existing tests in exec.test.ts cover the multi-line guard ([Linux][CLI&UX] nemoclaw <sb> exec rejects multi-line bash heredocs with "command argument contains newline" — single-line / semicolon workaround works #5980).
  • Done when: The local improvement is applied, or the PR notes why it should be deferred.
  • Evidence: MULTILINE_ARG_PATTERN = /[\r\n]/ at line 180 with detailed comment explaining source-of-truth boundary at OpenShell's exec argv contract, tracked upstream in sandbox exec: allow (or document) multi-line command arguments containing newline/CR OpenShell#2110.

Workflow run details

This is an automated, non-binding review; it still expects maintainers and agents to respond to each required or warning item. Treat suggestions as current-PR improvements when they touch changed code; defer only with maintainer rationale or a linked follow-up. A human maintainer must make the final merge decision.

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

PR Review Advisor — Changes requested

Merge posture: Do not merge yet
Primary next action: Resolve or justify PRA-1: Source-of-truth review needed: ci/platform-matrix.json Deep Agents launch-claim row.
Open items: 0 required · 4 warnings · 0 suggestions · 7 test follow-ups
Since last review: 0 prior items resolved · 2 still apply · 1 new item found

Action checklist

  • PRA-1 Resolve or justify: Source-of-truth review needed: ci/platform-matrix.json Deep Agents launch-claim row
  • PRA-2 Resolve or justify: Source-of-truth review needed: ci/platform-matrix.json out-of-scope LangChain row
  • PRA-3 Resolve or justify: Deep Agents launch claim still says tested while runtime acceptance is pending in ci/platform-matrix.json:163
  • PRA-4 Resolve or justify: Out-of-scope LangChain row still cites Deep Agents status as Experimental in ci/platform-matrix.json:256
  • PRA-T1 Add or justify test follow-up: Runtime validation
  • PRA-T2 Add or justify test follow-up: Runtime validation
  • PRA-T3 Add or justify test follow-up: Runtime validation
  • PRA-T4 Add or justify test follow-up: Acceptance clause
  • PRA-T5 Add or justify test follow-up: Acceptance clause
  • PRA-T6 Add or justify test follow-up: ci/platform-matrix.json Deep Agents launch-claim row
  • PRA-T7 Add or justify test follow-up: ci/platform-matrix.json out-of-scope LangChain row

Findings index

ID Severity Category Location Required action
PRA-1 Resolve/justify architecture Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
PRA-2 Resolve/justify architecture Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
PRA-3 Resolve/justify security ci/platform-matrix.json:163 Either keep this row at the appropriate caveated or experimental status until live runtime acceptance is complete, or update the notes with concrete validation evidence and remove the pending-acceptance wording if the `tested` claim is now true.
PRA-4 Resolve/justify docs ci/platform-matrix.json:256 Update the out-of-scope row to derive from or match the actual Agents table wording, or remove the explicit status from the out-of-scope note so it cannot drift.
Review findings by urgency: 0 required fixes, 4 items to resolve/justify, 0 in-scope improvements

⚠️ Resolve or justify before merge

Investigate these in the current review; either fix them, explain why they are not applicable, or document the accepted risk.

PRA-1 Resolve/justify — Source-of-truth review needed: ci/platform-matrix.json Deep Agents launch-claim row

  • Location: not file-specific
  • Category: architecture
  • Problem: The advisor marked localized patch analysis as needs_followup.
  • Impact: A localized workaround can preserve or hide an invalid state when the source boundary is unclear.
  • Recommended action: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Missing regression test: Add a matrix invariant that fails when an `agents` row is `tested` and its notes mention pending/open live runtime acceptance or terminal-agent diagnostics; alternatively cite a concrete runtime acceptance test in the row.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Evidence: `ci/platform-matrix.json` defines `tested` as safe to claim/demo; the Deep Agents row marks the integration `tested` and retains the pending live-acceptance note.

PRA-2 Resolve/justify — Source-of-truth review needed: ci/platform-matrix.json out-of-scope LangChain row

  • Location: not file-specific
  • Category: architecture
  • Problem: The advisor marked localized patch analysis as needs_followup.
  • Impact: A localized workaround can preserve or hide an invalid state when the source boundary is unclear.
  • Recommended action: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Missing regression test: Add an invariant that any out-of-scope row referencing a listed agent must not hard-code a status that differs from that agent's table entry.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Evidence: `ci/platform-matrix.json` says the Deep Agents row is `tested`, while the out-of-scope LangChain note says `status `Experimental``.

PRA-3 Resolve/justify — Deep Agents launch claim still says tested while runtime acceptance is pending

  • Location: ci/platform-matrix.json:163
  • Category: security
  • Problem: The platform matrix defines `tested` as validated by CI or QA and safe to claim/demo. The LangChain Deep Agents Code row is now `status: tested`, but the same row still says live runtime acceptance, broader launch material, and terminal-agent diagnostics are tracked at open issue epic: Support LangChain Deep Agents Code as a NemoClaw agent harness #4861. That is an internal contradiction in the source of truth for launch/support claims.
  • Impact: Generated platform-support and launch-facing docs can overstate the readiness and security posture of the managed Deep Agents harness. Users may treat the terminal harness, inference route, credential boundary, and diagnostics as fully validated while the matrix still records that live acceptance work is pending.
  • Recommended action: Either keep this row at the appropriate caveated or experimental status until live runtime acceptance is complete, or update the notes with concrete validation evidence and remove the pending-acceptance wording if the `tested` claim is now true.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Read `ci/platform-matrix.json` `statuses.tested` and the `agents` entry for `LangChain Deep Agents Code`; confirm the status and notes no longer conflict.
  • Missing regression test: Add a matrix invariant test that rejects an `agents` row with `status: tested` when its notes mention pending or open live runtime acceptance, terminal-agent diagnostics, or equivalent launch-blocking work; or cite a concrete runtime acceptance test in the row.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Read `ci/platform-matrix.json` `statuses.tested` and the `agents` entry for `LangChain Deep Agents Code`; confirm the status and notes no longer conflict.
  • Evidence: `ci/platform-matrix.json` defines `tested` as `Validated by CI or QA. Safe to claim and to demo.` The Deep Agents row uses `"status": "tested"` while its notes still include `Live runtime acceptance, broader launch material, and terminal-agent diagnostics are tracked at open issue epic: Support LangChain Deep Agents Code as a NemoClaw agent harness #4861.`

PRA-4 Resolve/justify — Out-of-scope LangChain row still cites Deep Agents status as Experimental

  • Location: ci/platform-matrix.json:256
  • Category: docs
  • Problem: The out-of-scope row for other LangChain-family harnesses says LangChain Deep Agents Code is the integrated exception with status `Experimental`, but the Agents section now marks that same runtime as `tested`.
  • Impact: Readers and generated docs can see two different support levels for the same Deep Agents integration in one canonical matrix. This weakens the matrix as a source of truth and can hide accidental launch-claim changes from review.
  • Recommended action: Update the out-of-scope row to derive from or match the actual Agents table wording, or remove the explicit status from the out-of-scope note so it cannot drift.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Compare the `LangChain Deep Agents Code` row in `ci/platform-matrix.json` with the `Other LangChain, AutoGen, CrewAI, or non-listed agent harnesses` row; confirm there is no stale `status `Experimental`` reference when the Agents row says `tested`.
  • Missing regression test: Extend `test/generate-platform-docs.test.ts` with an invariant that the out-of-scope LangChain row must not hard-code a Deep Agents status that differs from the `agents` table entry.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Compare the `LangChain Deep Agents Code` row in `ci/platform-matrix.json` with the `Other LangChain, AutoGen, CrewAI, or non-listed agent harnesses` row; confirm there is no stale `status `Experimental`` reference when the Agents row says `tested`.
  • Evidence: `ci/platform-matrix.json` marks LangChain Deep Agents Code as `tested`, while the out-of-scope LangChain note still says `status `Experimental``.

💡 In-scope improvements

These are lower-risk, not throwaway. Prefer fixing them in this PR when they are local to changed code; defer only with rationale or a linked follow-up.

  • None.
Test follow-ups to resolve or justify

If these cover changed behavior, prefer adding them in this PR; otherwise state why existing coverage is enough or link the follow-up.

  • PRA-T1 Runtime validation — Matrix invariant rejects `status: tested` agent rows whose notes mention pending live runtime acceptance or terminal-agent diagnostics.. The changed docs/tooling have good static coverage for generated variants, route resolution, command-reference rewrites, and starter-prompt trust boundaries. The remaining gap is behavioral evidence for the runtime/sandbox-facing Deep Agents launch claim and matrix consistency.
  • PRA-T2 Runtime validation — Deep Agents runtime acceptance proves `nemo-deepagents onboard` creates a sandbox with usable `status`, `whoami` or `identity`, and headless `dcode -n` inference through `inference.local`.. The changed docs/tooling have good static coverage for generated variants, route resolution, command-reference rewrites, and starter-prompt trust boundaries. The remaining gap is behavioral evidence for the runtime/sandbox-facing Deep Agents launch claim and matrix consistency.
  • PRA-T3 Runtime validation — Platform matrix invariant rejects out-of-scope rows that cite a listed agent status different from the Agents table.. The changed docs/tooling have good static coverage for generated variants, route resolution, command-reference rewrites, and starter-prompt trust boundaries. The remaining gap is behavioral evidence for the runtime/sandbox-facing Deep Agents launch claim and matrix consistency.
  • PRA-T4 Acceptance clause — Adds Deep Agents as a first-class documentation variant alongside OpenClaw and Hermes, including navigation, generated variant pages, ecosystem overview, quickstart routing, and shared command-reference coverage. — add test evidence or identify existing coverage. `docs/index.yml` adds the `deepagents` guide variant; `docs/about/ecosystem-deepagents.mdx` is new; README and skill routing point at `/user-guide/deepagents/get-started/quickstart`; `scripts/sync-agent-variant-docs.ts` and tests cover Deep Agents rendering. The platform-matrix launch claim for this first-class variant remains contradictory, covered by the findings.
  • PRA-T5 Acceptance clause — Tests added or updated for changed behavior — add test evidence or identify existing coverage. The static test inventory shows updated tests for variant generation, route checking, command docs, starter prompt, and platform quickstart routing. Runtime/launch-claim validation for the Deep Agents `tested` status remains missing, covered by the findings and test-depth follow-ups.
  • PRA-T6 ci/platform-matrix.json Deep Agents launch-claim row — Add a matrix invariant that fails when an `agents` row is `tested` and its notes mention pending/open live runtime acceptance or terminal-agent diagnostics; alternatively cite a concrete runtime acceptance test in the row.. `ci/platform-matrix.json` defines `tested` as safe to claim/demo; the Deep Agents row marks the integration `tested` and retains the pending live-acceptance note.
  • PRA-T7 ci/platform-matrix.json out-of-scope LangChain row — Add an invariant that any out-of-scope row referencing a listed agent must not hard-code a status that differs from that agent's table entry.. `ci/platform-matrix.json` says the Deep Agents row is `tested`, while the out-of-scope LangChain note says `status `Experimental``.
Since last review details

Current findings, using the urgency labels above:

PRA-1 Resolve/justify — Source-of-truth review needed: ci/platform-matrix.json Deep Agents launch-claim row

  • Location: not file-specific
  • Category: architecture
  • Problem: The advisor marked localized patch analysis as needs_followup.
  • Impact: A localized workaround can preserve or hide an invalid state when the source boundary is unclear.
  • Recommended action: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Missing regression test: Add a matrix invariant that fails when an `agents` row is `tested` and its notes mention pending/open live runtime acceptance or terminal-agent diagnostics; alternatively cite a concrete runtime acceptance test in the row.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Evidence: `ci/platform-matrix.json` defines `tested` as safe to claim/demo; the Deep Agents row marks the integration `tested` and retains the pending live-acceptance note.

PRA-2 Resolve/justify — Source-of-truth review needed: ci/platform-matrix.json out-of-scope LangChain row

  • Location: not file-specific
  • Category: architecture
  • Problem: The advisor marked localized patch analysis as needs_followup.
  • Impact: A localized workaround can preserve or hide an invalid state when the source boundary is unclear.
  • Recommended action: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Missing regression test: Add an invariant that any out-of-scope row referencing a listed agent must not hard-code a status that differs from that agent's table entry.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Inspect the localized patch and source-of-truth review fields for a concrete invalid state, source boundary, source-fix constraint, regression test, and removal condition.
  • Evidence: `ci/platform-matrix.json` says the Deep Agents row is `tested`, while the out-of-scope LangChain note says `status `Experimental``.

PRA-3 Resolve/justify — Deep Agents launch claim still says tested while runtime acceptance is pending

  • Location: ci/platform-matrix.json:163
  • Category: security
  • Problem: The platform matrix defines `tested` as validated by CI or QA and safe to claim/demo. The LangChain Deep Agents Code row is now `status: tested`, but the same row still says live runtime acceptance, broader launch material, and terminal-agent diagnostics are tracked at open issue epic: Support LangChain Deep Agents Code as a NemoClaw agent harness #4861. That is an internal contradiction in the source of truth for launch/support claims.
  • Impact: Generated platform-support and launch-facing docs can overstate the readiness and security posture of the managed Deep Agents harness. Users may treat the terminal harness, inference route, credential boundary, and diagnostics as fully validated while the matrix still records that live acceptance work is pending.
  • Recommended action: Either keep this row at the appropriate caveated or experimental status until live runtime acceptance is complete, or update the notes with concrete validation evidence and remove the pending-acceptance wording if the `tested` claim is now true.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Read `ci/platform-matrix.json` `statuses.tested` and the `agents` entry for `LangChain Deep Agents Code`; confirm the status and notes no longer conflict.
  • Missing regression test: Add a matrix invariant test that rejects an `agents` row with `status: tested` when its notes mention pending or open live runtime acceptance, terminal-agent diagnostics, or equivalent launch-blocking work; or cite a concrete runtime acceptance test in the row.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Read `ci/platform-matrix.json` `statuses.tested` and the `agents` entry for `LangChain Deep Agents Code`; confirm the status and notes no longer conflict.
  • Evidence: `ci/platform-matrix.json` defines `tested` as `Validated by CI or QA. Safe to claim and to demo.` The Deep Agents row uses `"status": "tested"` while its notes still include `Live runtime acceptance, broader launch material, and terminal-agent diagnostics are tracked at open issue epic: Support LangChain Deep Agents Code as a NemoClaw agent harness #4861.`

PRA-4 Resolve/justify — Out-of-scope LangChain row still cites Deep Agents status as Experimental

  • Location: ci/platform-matrix.json:256
  • Category: docs
  • Problem: The out-of-scope row for other LangChain-family harnesses says LangChain Deep Agents Code is the integrated exception with status `Experimental`, but the Agents section now marks that same runtime as `tested`.
  • Impact: Readers and generated docs can see two different support levels for the same Deep Agents integration in one canonical matrix. This weakens the matrix as a source of truth and can hide accidental launch-claim changes from review.
  • Recommended action: Update the out-of-scope row to derive from or match the actual Agents table wording, or remove the explicit status from the out-of-scope note so it cannot drift.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Compare the `LangChain Deep Agents Code` row in `ci/platform-matrix.json` with the `Other LangChain, AutoGen, CrewAI, or non-listed agent harnesses` row; confirm there is no stale `status `Experimental`` reference when the Agents row says `tested`.
  • Missing regression test: Extend `test/generate-platform-docs.test.ts` with an invariant that the out-of-scope LangChain row must not hard-code a Deep Agents status that differs from the `agents` table entry.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Compare the `LangChain Deep Agents Code` row in `ci/platform-matrix.json` with the `Other LangChain, AutoGen, CrewAI, or non-listed agent harnesses` row; confirm there is no stale `status `Experimental`` reference when the Agents row says `tested`.
  • Evidence: `ci/platform-matrix.json` marks LangChain Deep Agents Code as `tested`, while the out-of-scope LangChain note still says `status `Experimental``.

Workflow run details

This is an automated, non-binding review; it still expects maintainers and agents to respond to each required or warning item. Treat suggestions as current-PR improvements when they touch changed code; defer only with maintainer rationale or a linked follow-up. A human maintainer must make the final merge decision.

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

E2E Advisor Recommendation

Required E2E: sessions-agents-cli
Optional E2E: sandbox-operations, ubuntu-repo-cloud-langchain-deepagents-code

Dispatch hint: sessions-agents-cli

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

  • sessions-agents-cli (high): Exercises a real hosted OpenClaw sandbox and invokes nemoclaw <sandbox> exec -- ... through the public CLI. This is the closest existing live E2E coverage for the changed src/lib/actions/sandbox/exec.ts host-to-sandbox command boundary and OpenClaw post-exec cleanup path.

Optional E2E

  • sandbox-operations (high): Provides broader confidence for day-two sandbox lifecycle and operations around real OpenShell sandboxes, including sandbox exec/status after recovery. Useful if maintainers want extra coverage for adjacent sandbox operations, but it does not target the NemoClaw exec wrapper as directly as sessions-agents-cli.
  • ubuntu-repo-cloud-langchain-deepagents-code (high): Optional confidence for the PR's Deep Agents documentation and platform-matrix status updates. This target validates the live Deep Agents onboarding/runtime path, but the PR appears to change Deep Agents docs and support claims rather than Deep Agents runtime code.

New E2E recommendations

  • sandbox exec command boundary (medium): Existing live E2E covers successful nemoclaw <sandbox> exec use, but there does not appear to be a live E2E that verifies newline-bearing argv rejection, non-leaking error text, and the recommended --stdin -- bash workaround against a real sandbox.
    • Suggested test: Add a live sandbox exec negative-path check that invokes nemoclaw <sandbox> exec -- ... with a newline-bearing argv element, asserts secret-safe guidance and nonzero exit, then verifies the same multi-line script succeeds via nemoclaw <sandbox> exec --stdin -- bash.

Dispatch hint

  • Workflow: .github/workflows/e2e.yaml
  • jobs input: sessions-agents-cli

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

E2E Target Recommendation

Required E2E targets: issue-4462-scope-upgrade-approval
Optional E2E targets: ubuntu-repo-cloud-langchain-deepagents-code

Dispatch required E2E targets:

  • gh workflow run e2e.yaml --ref <pr-head-ref> --field jobs=issue-4462-scope-upgrade-approval

Workflow run

Full E2E target advisor summary

E2E Target Advisor

Base: origin/main
Head: HEAD
Confidence: medium

Required E2E targets

  • issue-4462-scope-upgrade-approval: The PR changes src/lib/actions/sandbox/exec.ts, which owns the host-side NemoClaw sandbox exec path. The issue-4462-scope-upgrade-approval live job explicitly exercises the public nemoclaw <name> exec -- ... transport against a real OpenClaw sandbox, making it the smallest dispatch that covers this changed runtime surface.
    • Dispatch: gh workflow run e2e.yaml --ref <pr-head-ref> --field jobs=issue-4462-scope-upgrade-approval

Optional E2E targets

  • ubuntu-repo-cloud-langchain-deepagents-code: Optional adjacent coverage for the Deep Agents Code runtime, which has several live checks that use sandbox exec boundaries and is heavily documented by this PR. The primary changed code path is covered by the required OpenClaw exec transport job.
    • Dispatch: gh workflow run e2e.yaml --ref <pr-head-ref> --field targets=ubuntu-repo-cloud-langchain-deepagents-code

Relevant changed files

  • src/lib/actions/sandbox/exec.ts
  • test/e2e/e2e-cloud-experimental/check-docs.sh

@prekshivyas prekshivyas added v0.0.76 Release target and removed v0.0.75 Release target labels Jul 6, 2026

@ericksoa ericksoa left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Requesting changes on exact head ae47a350f4bd001f49ff6105a433102ab40e0a18.

Blocking findings:

  1. Manual Deep Agents backup exports credential-bearing state (docs/manage-sandboxes/backup-restore.mdx:183). The recursive .deepagents/.state/ download includes auth.json and chatgpt-auth.json, and the restore at line 230 uploads them again. This bypasses the built-in backup sanitizer, can copy secrets to the host, and can restore state that the managed launcher refuses. Back up only safe paths or explicitly exclude both auth files.

  2. The documented provider/model switch command cannot work after completed onboarding (docs/inference/switch-inference-providers.mdx:61, recurring at lines 129, 232, 297, and 394). Successful onboarding sets resumable=false, so --resume --recreate-sandbox is rejected. During a genuinely interrupted resume, the completed provider selection is reused rather than changed. Please document a fresh named recreation path or implement a true switch path.

  3. The moved quickstart breaks the published route and generated link graph (docs/index.yml:233). The existing production OpenClaw-nested URL currently returns 200, but the exact-head preview returns 404 and fern/docs.yml has no redirect. Six release-note links remain stale. check-docs.sh --only-links --local-only reports 81 failures at this head versus zero at the base, including 54 in new Deep Agents pages.

  4. The new Deep Agents navigation publishes unadapted OpenClaw workflows (docs/index.yml:243 and :300). The generated local-inference and troubleshooting pages tell Deep Agents users about openclaw.json, Responses API, dashboard ports, OpenClaw plugin installation, recover, and channels add. Deep Agents is terminal-only, has no gateway runtime, and supports no messaging channels. Variant-scope these sections or omit the pages.

Additional correctness findings:

  1. scripts/sync-agent-variant-docs.ts:426 rewrites the canonical nemoclaw onboard --agent langchain-deepagents-code example into redundant nemo-deepagents onboard --agent ...; the test at test/sync-agent-variant-docs.test.ts:93 currently locks in the wrong output.

  2. docs/reference/commands.mdx:2023 removed variant guards from session-export examples. The generated Hermes page advertises positional keys, --include-trajectory, and --format tar immediately after stating Hermes rejects them, while OpenClaw receives the Hermes-only --agent hermes example.

  3. docs/inference/switch-inference-providers.mdx:246-297 exposes OpenClaw model metadata and claims timeout is baked into the Deep Agents image. The Deep Agents Dockerfile and config generator consume none of the timeout, heartbeat, context-window, max-token, or input settings.

  4. docs/get-started/quickstart-langchain-deepagents-code.mdx:66-68 promises an optional Tavily prompt and default sandbox name deepagents; the agent does not declare web-search support and the actual default is deepagents-code.

  5. docs/reference/architecture.mdx:241-263 claims the generic sandbox base plus Homebrew and a python symlink. Deep Agents uses its agent-specific Dockerfile.base, which provides neither helper.

Validation performed: npm run docs passed with zero errors; targeted variant/starter tests passed 17/17; git diff --check and a merge-tree audit passed; the local documentation link check failed with 81 broken links.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (5)
docs/_components/AgentGuide.tsx (1)

14-14: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Centralize the variant list to avoid triplicated literals.

The "openclaw" | "hermes" | "deepagents" set is now hardcoded in three places (the GuideVariant type, resolveGuideVariant's early return, and resolveGuidePathname's early return). scripts/sync-agent-variant-docs.ts already solves this by deriving AgentVariant from a single agentVariants array and exposing an isAgentVariant() helper — worth mirroring here so a future variant addition can't silently miss one of the three checks.

♻️ Proposed refactor
-export type GuideVariant = "openclaw" | "hermes" | "deepagents";
+export const GUIDE_VARIANTS = ["openclaw", "hermes", "deepagents"] as const;
+export type GuideVariant = (typeof GUIDE_VARIANTS)[number];
+function isGuideVariant(value: unknown): value is GuideVariant {
+  return GUIDE_VARIANTS.includes(value as GuideVariant);
+}
-  if (source === "openclaw" || source === "hermes" || source === "deepagents") return source;
+  if (isGuideVariant(source)) return source;
-  if (!source || source === "openclaw" || source === "hermes" || source === "deepagents") {
+  if (!source || isGuideVariant(source)) {
     return null;
   }

Also applies to: 107-116, 118-124, 126-132

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/_components/AgentGuide.tsx` at line 14, Centralize the guide variant
values so the same list is not duplicated across GuideVariant,
resolveGuideVariant, and resolveGuidePathname. Mirror the pattern used in
scripts/sync-agent-variant-docs.ts by defining a single source of truth for the
variants and deriving the type plus an isGuideVariant helper from it, then
update both early-return checks to use that helper instead of hardcoded string
unions. This keeps the variant set consistent and makes future additions only
require one change.
docs/about/how-it-works.mdx (1)

168-173: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Unclear whether Deep Agents inference-route change requires a rebuild.

The Hermes note explicitly states the config "updates ... at runtime without rebuilding the sandbox." The new Deep Agents note only says the runtime "reads the OpenAI-compatible route ... written into /sandbox/.deepagents/config.toml" without stating whether changing the provider hot-reloads or requires a rebuild. The quickstart doc's troubleshooting section ("rebuild each existing sandbox before troubleshooting inference.local connectivity") suggests a rebuild may be needed, so this should be stated explicitly here for parity with the Hermes note.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/about/how-it-works.mdx` around lines 168 - 173, Clarify the Deep Agents
config behavior in the docs block for AgentOnly variants so it matches the
Hermes note. In the Deep Agents paragraph, explicitly state whether changes to
the OpenAI-compatible inference route written by NemoClaw into the managed dcode
config hot-reload at runtime or require rebuilding the sandbox, and use the same
style of runtime/rebuild wording as the Hermes variant for parity.
docs/index.yml (1)

199-199: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Nav tab order differs from homepage card/table order.

The variant dropdown lists OpenClaw, then Deep Agents, then Hermes, but docs/index.mdx's quickstart table and "Select User Guide Variant" cards list OpenClaw, Hermes, Deep Agents. Consider aligning the ordering for consistency.

Also applies to: 319-319

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/index.yml` at line 199, The nav variant order in the docs config does
not match the homepage quickstart/cards ordering. Update the variant list in the
docs navigation setup so the symbols for the dropdown entries align with the
order used in docs/index.mdx (OpenClaw, Hermes, Deep Agents), and make the same
ordering adjustment wherever the variant titles are declared for the user guide
selection.
docs/reference/network-policies.mdx (1)

148-153: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

OpenClaw-scoped text mentions Hermes-only behavior, duplicated by the Hermes block below.

Line 149 ("OpenClaw can select brave or tavily, while Hermes can select tavily only.") is rendered only for OpenClaw readers but describes Hermes's constraint, which is redundant with the dedicated hermes block on lines 151-153. Trim the OpenClaw-scoped sentence to OpenClaw's own capability.

♻️ Suggested trim
 <AgentOnly variant="openclaw">
-OpenClaw can select `brave` or `tavily`, while Hermes can select `tavily` only.
+OpenClaw can select `brave` or `tavily`.
 </AgentOnly>
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/reference/network-policies.mdx` around lines 148 - 153, The
OpenClaw-specific copy in the AgentOnly variant is mixing in Hermes-only
behavior and duplicating the separate Hermes block. Update the text inside the
openclaw AgentOnly section in network-policies.mdx so it describes only
OpenClaw’s allowed search providers, and leave the hermes AgentOnly block to
cover Hermes’s tavily-only restriction; keep the wording aligned with the
existing AgentOnly variants and their intent.
scripts/sync-agent-variant-docs.ts (1)

133-185: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Consider extracting a per-variant frontmatter table to reduce duplication.

updateCommandsFrontmatter's hermes/deepagents branches duplicate the same four-field structure (title, description, description-agent, keywords) differing only in text. Since this PR is adding a third variant and the pattern will likely repeat for future variants, a small lookup table would reduce copy/paste risk (e.g., a typo in one branch not caught because the other diverges).

♻️ Proposed refactor
+const COMMANDS_FRONTMATTER_BY_VARIANT: Record<
+  Exclude<AgentVariant, "openclaw">,
+  { title: string; description: string; descriptionAgent: string; keywords: string }
+> = {
+  hermes: {
+    title: '"NemoHermes CLI Commands Reference"',
+    description:
+      '"Full CLI reference for standalone NemoHermes commands and Hermes-specific in-sandbox commands."',
+    descriptionAgent:
+      '"Includes the full CLI reference for standalone NemoHermes commands and Hermes-specific in-sandbox commands. Use when looking up a specific `nemohermes` subcommand, flag, argument, or exit code."',
+    keywords: '["nemohermes cli commands", "hermes command reference", "nemohermes command reference"]',
+  },
+  deepagents: {
+    title: '"NemoDeepAgents CLI Commands Reference"',
+    description:
+      '"Full CLI reference for standalone NemoDeepAgents commands and Deep Agents-specific in-sandbox commands."',
+    descriptionAgent:
+      '"Includes the full CLI reference for standalone NemoDeepAgents commands and Deep Agents-specific in-sandbox commands. Use when looking up a specific `nemo-deepagents` subcommand, flag, argument, or exit code."',
+    keywords:
+      '["nemo-deepagents cli commands", "deep agents command reference", "nemo-deepagents command reference"]',
+  },
+};
+
 function updateCommandsFrontmatter(frontmatter: string, variant: AgentVariant): string {
   if (variant === "openclaw") return frontmatter;
   let next = frontmatter;
   const cli = cliForVariant(variant);
-  if (variant === "hermes") {
-    next = replaceFrontmatterLine(next, "title", '"NemoHermes CLI Commands Reference"');
-    ... (duplicated blocks removed)
-  } else {
-    ...
-  }
+  const meta = COMMANDS_FRONTMATTER_BY_VARIANT[variant];
+  next = replaceFrontmatterLine(next, "title", meta.title);
+  next = replaceFrontmatterLine(next, "description", meta.description);
+  next = replaceFrontmatterLine(next, "description-agent", meta.descriptionAgent);
+  next = replaceFrontmatterLine(next, "keywords", meta.keywords);
   next = replaceFrontmatterLine(next, "sidebar-title", '"Commands"');
   next = upsertFrontmatterLine(next, "exclude-from-skills-gen", "true");
   return next.replaceAll("`nemoclaw`", `\`${cli}\``);
 }
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/sync-agent-variant-docs.ts` around lines 133 - 185, Refactor
updateCommandsFrontmatter to remove the duplicated hermes/deepagents field
updates by introducing a per-variant lookup table for the title, description,
description-agent, and keywords values. Keep the existing control flow in
renderFrontmatter and the shared replacements for sidebar-title,
exclude-from-skills-gen, and nemoclaw-to-variant CLI substitution, but have
updateCommandsFrontmatter read the variant-specific strings from a single
mapping keyed by AgentVariant. This will make future variants easier to add and
reduce copy/paste divergence.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/reference/commands.mdx`:
- Around line 1139-1143: The Deep Agents “Expected output” example is hardcoding
a specific agent version instead of following the placeholder convention used by
the OpenClaw and Hermes examples. Update the example in the relevant markdown
block to use the generic v<version> placeholder, matching the surrounding
variant blocks and keeping the documentation consistent; locate the change by
the LangChain Deep Agents Code example in the commands reference section.

In `@docs/reference/network-policies.mdx`:
- Around line 20-43: The docs page has a duplicated AgentOnly block where
Hermes-specific network policy text is still wrapped in an openclaw variant, so
OpenClaw readers will see the wrong content. Remove the extra openclaw-scoped
<AgentOnly> <Note> block from the network-policies.mdx content and keep the
Hermes baseline policy note only inside the existing hermes variant block,
preserving the intended variant separation.

---

Nitpick comments:
In `@docs/_components/AgentGuide.tsx`:
- Line 14: Centralize the guide variant values so the same list is not
duplicated across GuideVariant, resolveGuideVariant, and resolveGuidePathname.
Mirror the pattern used in scripts/sync-agent-variant-docs.ts by defining a
single source of truth for the variants and deriving the type plus an
isGuideVariant helper from it, then update both early-return checks to use that
helper instead of hardcoded string unions. This keeps the variant set consistent
and makes future additions only require one change.

In `@docs/about/how-it-works.mdx`:
- Around line 168-173: Clarify the Deep Agents config behavior in the docs block
for AgentOnly variants so it matches the Hermes note. In the Deep Agents
paragraph, explicitly state whether changes to the OpenAI-compatible inference
route written by NemoClaw into the managed dcode config hot-reload at runtime or
require rebuilding the sandbox, and use the same style of runtime/rebuild
wording as the Hermes variant for parity.

In `@docs/index.yml`:
- Line 199: The nav variant order in the docs config does not match the homepage
quickstart/cards ordering. Update the variant list in the docs navigation setup
so the symbols for the dropdown entries align with the order used in
docs/index.mdx (OpenClaw, Hermes, Deep Agents), and make the same ordering
adjustment wherever the variant titles are declared for the user guide
selection.

In `@docs/reference/network-policies.mdx`:
- Around line 148-153: The OpenClaw-specific copy in the AgentOnly variant is
mixing in Hermes-only behavior and duplicating the separate Hermes block. Update
the text inside the openclaw AgentOnly section in network-policies.mdx so it
describes only OpenClaw’s allowed search providers, and leave the hermes
AgentOnly block to cover Hermes’s tavily-only restriction; keep the wording
aligned with the existing AgentOnly variants and their intent.

In `@scripts/sync-agent-variant-docs.ts`:
- Around line 133-185: Refactor updateCommandsFrontmatter to remove the
duplicated hermes/deepagents field updates by introducing a per-variant lookup
table for the title, description, description-agent, and keywords values. Keep
the existing control flow in renderFrontmatter and the shared replacements for
sidebar-title, exclude-from-skills-gen, and nemoclaw-to-variant CLI
substitution, but have updateCommandsFrontmatter read the variant-specific
strings from a single mapping keyed by AgentVariant. This will make future
variants easier to add and reduce copy/paste divergence.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: ddb9c071-3e70-42cb-aa81-79aa3ba88c13

📥 Commits

Reviewing files that changed from the base of the PR and between 05f8522 and ae47a35.

📒 Files selected for processing (34)
  • .agents/skills/nemoclaw-user-guide/SKILL.md
  • docs/AGENTS.md
  • docs/CONTRIBUTING.md
  • docs/_components/AgentGuide.tsx
  • docs/_components/StarterPrompt.tsx
  • docs/about/ecosystem-deepagents.mdx
  • docs/about/how-it-works.mdx
  • docs/about/overview.mdx
  • docs/deployment/set-up-mcp-bridge.mdx
  • docs/get-started/quickstart-langchain-deepagents-code.mdx
  • docs/index.mdx
  • docs/index.yml
  • docs/inference/inference-options.mdx
  • docs/inference/model-capability-audit.mdx
  • docs/inference/switch-inference-providers.mdx
  • docs/manage-sandboxes/backup-restore.mdx
  • docs/manage-sandboxes/lifecycle.mdx
  • docs/manage-sandboxes/workspace-files.mdx
  • docs/reference/architecture.mdx
  • docs/reference/cli-selection-guide.mdx
  • docs/reference/commands-nemohermes.mdx
  • docs/reference/commands.mdx
  • docs/reference/host-files-and-state.mdx
  • docs/reference/network-policies.mdx
  • docs/security/best-practices.mdx
  • docs/security/credential-storage.mdx
  • fern/fern.config.json
  • scripts/sync-agent-variant-docs.ts
  • skills/nemoclaw-user-guide/SKILL.md
  • src/lib/actions/sandbox/exec.ts
  • test/agent-variant-docs.test.ts
  • test/internal-commands-docs.test.ts
  • test/starter-prompt-docs.test.ts
  • test/sync-agent-variant-docs.test.ts

Comment thread docs/reference/commands.mdx
Comment thread docs/reference/network-policies.mdx

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/inference/switch-inference-providers.mdx`:
- Around line 142-154: The Deep Agents CLI examples in this section should use
the `$$nemoclaw` macro form instead of hardcoded `nemo-deepagents` so the shared
page renders consistently. Update the affected code blocks in the
switch-inference-providers content to reference the macro, keeping the
onboarding and use commands unchanged otherwise.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 2838fb9d-387d-43d2-8b40-183008c98e25

📥 Commits

Reviewing files that changed from the base of the PR and between ae47a35 and cf71450.

📒 Files selected for processing (13)
  • README.md
  • docs/about/release-notes.mdx
  • docs/get-started/prerequisites.mdx
  • docs/index.yml
  • docs/inference/inference-options.mdx
  • docs/inference/switch-inference-providers.mdx
  • docs/inference/use-local-inference.mdx
  • docs/manage-sandboxes/backup-restore.mdx
  • docs/manage-sandboxes/lifecycle.mdx
  • docs/reference/cli-selection-guide.mdx
  • docs/reference/commands.mdx
  • docs/reference/troubleshooting.mdx
  • fern/docs.yml
💤 Files with no reviewable changes (1)
  • docs/index.yml
✅ Files skipped from review due to trivial changes (1)
  • docs/about/release-notes.mdx
🚧 Files skipped from review as they are similar to previous changes (5)
  • docs/reference/cli-selection-guide.mdx
  • docs/inference/inference-options.mdx
  • docs/manage-sandboxes/backup-restore.mdx
  • docs/manage-sandboxes/lifecycle.mdx
  • docs/reference/commands.mdx

Comment thread docs/inference/switch-inference-providers.mdx
@miyoungc
miyoungc requested a review from ericksoa July 7, 2026 00:29

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
test/check-docs-links.test.ts (1)

124-174: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Test title missing local issue-ref suffix.

Root-level integration tests under test/ should use behavior-oriented titles with a local issue reference in a final (#1234) suffix, per guideline. This new test title doesn't include one.

As per path instructions, "Root-level integration tests under test/ should import source code, use ESM imports, and use behavior-oriented titles with local issue refs in a final (#1234) suffix."

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/check-docs-links.test.ts` around lines 124 - 174, The new integration
test title in check-docs-links.test.ts should follow the root-level test naming
guideline by using a behavior-oriented description with a local issue reference
suffix. Update the title of the test added in the route-relative Deep Agents
alias case, keeping the existing intent while appending a final (`#1234`)-style
reference so it matches the established convention for tests under test/.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@test/check-docs-links.test.ts`:
- Around line 124-174: The new integration test title in
check-docs-links.test.ts should follow the root-level test naming guideline by
using a behavior-oriented description with a local issue reference suffix.
Update the title of the test added in the route-relative Deep Agents alias case,
keeping the existing intent while appending a final (`#1234`)-style reference so
it matches the established convention for tests under test/.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: c592ce56-ede3-4833-8917-26e9ed8411a7

📥 Commits

Reviewing files that changed from the base of the PR and between cf71450 and bbfc78b.

📒 Files selected for processing (10)
  • docs/about/release-notes.mdx
  • docs/get-started/quickstart-langchain-deepagents-code.mdx
  • docs/get-started/windows-preparation.mdx
  • docs/inference/switch-inference-providers.mdx
  • docs/reference/architecture.mdx
  • docs/reference/commands.mdx
  • scripts/sync-agent-variant-docs.ts
  • test/check-docs-links.test.ts
  • test/e2e/e2e-cloud-experimental/check-docs.sh
  • test/sync-agent-variant-docs.test.ts
✅ Files skipped from review due to trivial changes (2)
  • docs/get-started/quickstart-langchain-deepagents-code.mdx
  • docs/about/release-notes.mdx
🚧 Files skipped from review as they are similar to previous changes (4)
  • test/sync-agent-variant-docs.test.ts
  • scripts/sync-agent-variant-docs.ts
  • docs/inference/switch-inference-providers.mdx
  • docs/reference/commands.mdx

@cv cv left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The follow-up resolves most earlier findings, but two exact-head documentation blockers remain. Deep Agents navigation publishes the troubleshooting page in docs/index.yml, yet docs/reference/troubleshooting.mdx has no deepagents variant guidance for DCode inference, credential rejection, Landlock, MCP v2, rebuild, or Tavily. The shared platform-support matrix also still points at the stale quickstart route. Both exact-head advisors flag the gap, and the branch is currently conflicted; please fix the routes/content and rebase before rereview.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/reference/commands.mdx`:
- Around line 1228-1241: The NemoClaw exec documentation section is missing the
newline/CR argument restriction and the matching workaround guidance that
already appears in the earlier exec docs. Update this exec section to mention
that commands passed after the `--` separator reject newline/CR characters in
arguments, and include the same three workarounds (semicolon-joining, piping via
stdin, or using a script file) so readers of `--stdin`/`--no-stdin` have the
full behavior and escape hatches in one place.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 30d4dffe-e094-40fd-b8b2-90c2e4069109

📥 Commits

Reviewing files that changed from the base of the PR and between 841ec17 and 0e54e93.

📒 Files selected for processing (7)
  • docs/about/release-notes.mdx
  • docs/inference/inference-options.mdx
  • docs/manage-sandboxes/lifecycle.mdx
  • docs/reference/commands.mdx
  • docs/reference/troubleshooting.mdx
  • docs/security/credential-storage.mdx
  • src/lib/actions/sandbox/exec.ts
✅ Files skipped from review due to trivial changes (2)
  • src/lib/actions/sandbox/exec.ts
  • docs/about/release-notes.mdx
🚧 Files skipped from review as they are similar to previous changes (3)
  • docs/security/credential-storage.mdx
  • docs/manage-sandboxes/lifecycle.mdx
  • docs/inference/inference-options.mdx

@cv cv left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Current-head rereview on 8fc71c3c34: the published-route checker improvements address the failed link-validation lane, but two current CodeRabbit findings remain valid. docs/reference/network-policies.mdx:37-43 still wraps the Hermes agents/hermes/policy-additions.yaml note in a duplicate variant="openclaw" block, so the OpenClaw page renders Hermes-specific guidance. docs/reference/commands.mdx:1166 also hardcodes LangChain Deep Agents Code v0.1.30 while the sibling examples use v<version>. Please correct the variant boundary and placeholder, resolve the threads, and rerun the docs build/route checks on the exact head.

@cv cv left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Current-head rereview on 8f05f84005: the AgentOnly boundary, version placeholder, and route-test type fix are resolved. One exact-head advisor blocker remains unchanged: ci/platform-matrix.json:165 still stores the Deep Agents quickstart link as ../get-started/quickstart-langchain-deepagents-code, and generated docs/reference/platform-support.mdx:68 repeats it, while docs/index.yml:234-235 publishes that page under the Deep Agents route slug quickstart. The new checker still guards only reference/commands.mdx (scripts/check-docs-published-routes.ts:291), so its tests cannot catch this real Platform Support regression.

Please fix the canonical matrix source, regenerate Platform Support, and add a test that renders/checks the real reference/platform-support.mdx page through the real Deep Agents navigation and resolves the link to /user-guide/deepagents/get-started/quickstart (while keeping the matrix/generated table synchronized).

@cv cv left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One additional current-head docs follow-up from CodeRabbit is valid: the second exec reference at docs/reference/commands.mdx:1237-1246 documents stdin flags but omits the newline/CR rejection contract and the three supported workarounds that the first exec section documents at :789-793. Please keep both rendered command variants behaviorally complete while addressing the blocking Platform Support route.

@cv cv left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Two Deep Agents Landlock sections are also blocking docs correctness on 8f05f84005. docs/reference/troubleshooting.mdx:1108-1110 says a Deep Agents sandbox can run with reduced enforcement, but the source policy is compatibility: strict (agents/langchain-deepagents-code/policy-additions.yaml:29-34) and this PR correctly says startup fails closed elsewhere (network-policies.mdx:63-65, best-practices.mdx:410-417). In addition, the unguarded section at troubleshooting.mdx:1691-1703 renders into the Deep Agents guide and says best-effort degradation is informational and does not block creation. Scope that best-effort guidance to OpenClaw/Hermes and give Deep Agents strict startup-failure/remediation guidance.

@cv cv left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One more variant leak on the same exact head: the unguarded managed web-search section at docs/reference/troubleshooting.mdx:436-449,476-478 renders in the Deep Agents guide and says onboarding selects/verifies Brave/Tavily and recreates the sandbox when the provider changes. The Deep Agents-specific section at :1067-1070 correctly says there is no NemoClaw-managed web-search feature. Scope the managed web-search prose to openclaw,hermes (or supply distinct Deep Agents behavior) so the new variant does not give contradictory remediation.

@cv cv left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While fixing that same canonical Platform Support row, also remove the unsupported macro form `$$nemo-deepagents onboard` at ci/platform-matrix.json:165 / generated docs/reference/platform-support.mdx:68. $$nemoclaw is the variant macro; a hardcoded alias must not carry $$, especially on this shared non-variant-generated page. Regenerate the table from the corrected matrix source.

@cv cv left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Re-reviewed exact head f762f77.

Resolved: the canonical Platform Support quickstart route is corrected and guarded; the Deep Agents render no longer leaks managed web-search guidance; strict fail-closed Landlock guidance is present. Focused route and variant validation passed 31 of 31 tests.

One blocker remains: docs/reference/commands.mdx lines 1214-1246 are the second rendered exec reference. After stdin guidance it goes directly to the flag table, but still omits the newline and carriage-return argument rejection and the semicolon, stdin-pipe, and script-file workarounds documented in the first exec section at lines 789-793. Please include the same contract in every rendered exec reference or deduplicate the shared guidance.

@miyoungc
miyoungc requested a review from cv July 7, 2026 20:08
@miyoungc
miyoungc dismissed ericksoa’s stale review July 7, 2026 20:42

Addressed the change requests. And got cv's approval.

@miyoungc
miyoungc enabled auto-merge (squash) July 7, 2026 20:42
@miyoungc
miyoungc merged commit 5552a5b into main Jul 7, 2026
44 checks passed
@miyoungc
miyoungc deleted the deepcode-doc-variant branch July 7, 2026 20:48
apurvvkumaria added a commit that referenced this pull request Jul 8, 2026
<!-- markdownlint-disable MD041 -->
## Summary

Prepares the user-facing documentation for NemoClaw v0.0.76 and closes
the release-prep documentation gate. It adds the release highlights,
documents the arm64 Local NIM warning and expanded image cleanup
behavior, and fixes agent-specific command headings in generated guides.

## Changes

- Add the v0.0.76 release-notes section and move the shared-gateway
route containment entry out of the v0.0.74 history where it was
incorrectly placed.
- Document the advisory Linux arm64 Local NIM manifest warning in the
canonical platform matrix and local-inference guidance.
- Document that `gc` scans both gateway-built and locally prebuilt
sandbox image repositories.
- Keep OpenClaw and Hermes session headings out of the generated Deep
Agents command guide.
- Add a focused variant regression test for the agent-specific session
headings.

### Source summary

| Merged sources | Documentation coverage |
| --- | --- |
| [#6414](#6414),
[#6418](#6418),
[#6416](#6416),
[#6344](#6344) | v0.0.76 release
notes and the Deep Agents quickstart/inference routes |
| [#6340](#6340) | v0.0.76
release notes and existing Deep Agents observability guidance |
| [#6338](#6338),
[#6378](#6378),
[#6297](#6297) | v0.0.76 release
notes and existing inference/troubleshooting guidance |
| [#6362](#6362) | v0.0.76
release notes and existing lifecycle, command, and credential guidance |
| [#6330](#6330),
[#6307](#6307),
[#6008](#6008) | v0.0.76 release
notes and existing security, troubleshooting, and command guidance |
| [#6382](#6382) | v0.0.76
release notes and existing MCP/command guidance |
| [#6326](#6326),
[#5868](#5868),
[#5539](#5539) | v0.0.76 release
notes, platform matrix, inference options, and local-inference guidance
|
| [#6396](#6396),
[#6390](#6390),
[#6007](#6007) | v0.0.76 release
notes and existing messaging guidance |
| [#5388](#5388),
[#6249](#6249),
[#6303](#6303),
[#6306](#6306) | v0.0.76 release
notes and command/lifecycle guidance |

## Type of Change

- [ ] Code change (feature, bug fix, or refactor)
- [x] Code change with doc updates
- [ ] Doc only (prose changes, no code sample modifications)
- [ ] Doc only (includes code sample changes)

## Quality Gates

- [x] Tests added or updated for changed behavior
- [ ] Existing tests cover changed behavior — justification:
- [ ] Tests not applicable — justification:
- [x] Docs updated for user-facing behavior changes
- [ ] Docs not applicable — justification:
- [ ] Sensitive paths changed (security, policy, credentials, preflight,
onboarding, inference, runner, sandbox, or messaging)
- [ ] Sensitive-path review completed or maintainer-approved waiver
recorded — reviewer/approval link/justification:
- [ ] Non-success, skipped, or missing CI check accepted by maintainer —
check name, approval link, and follow-up issue:

## Verification

- [x] PR description includes the DCO sign-off declaration and every
commit appears as `Verified` in GitHub
- [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or
`npm run check:diff` passed when hooks were skipped or unavailable
- [x] Targeted behavior tests pass for the current change set, or tests
are marked not applicable above — `npx vitest run --project integration
test/generate-platform-docs.test.ts test/agent-variant-docs.test.ts
test/sync-agent-variant-docs.test.ts` (3 files, 29 tests passed)
- [ ] Applicable broad gate passed — `npm test` for broad
runtime/test-harness changes; `npm run check` for repo-wide
validation/coverage changes — command/result:
- [x] Quality Gates section completed with required justifications or
waivers
- [x] No secrets, API keys, or credentials committed
- [ ] `npm run docs` builds without warnings (doc changes only) —
completed with 0 errors and 2 pre-existing Fern warnings
- [x] Doc pages follow the [style
guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md)
(doc changes only)
- [ ] New doc pages include SPDX header and frontmatter (new pages only)

---
Signed-off-by: Apurv Kumaria <akumaria@nvidia.com>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Documentation**
* Added v0.0.76 release notes content, and removed an older conflicting
bullet from the surrounding release history.
* Expanded Local NVIDIA NIM guidance across inference/provider docs,
including an advisory for Linux arm64 DGX Spark/DGX Station hosts when a
matching `linux/arm64` image manifest is unavailable.
* Updated the command reference for correct session-section rendering
and clarified `gc` image cleanup sources.
* **Tests**
* Added coverage ensuring Deep Agents omits sessions headings while
Hermes includes them.
* **CI**
* Refreshed Local NVIDIA NIM provider notes used in the platform matrix.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Signed-off-by: Apurv Kumaria <akumaria@nvidia.com>
Hadar301 pushed a commit to Hadar301/NemoClaw-OpenShift that referenced this pull request Jul 12, 2026
<!-- markdownlint-disable MD041 -->
## Summary

Adds Deep Agents as a first-class documentation variant alongside
OpenClaw and Hermes, including navigation, generated variant pages,
ecosystem overview, quickstart routing, and shared command-reference
coverage.
The PR also updates the agent-variant docs tooling and published-route
checker so generated pages are validated after `AgentOnly` rendering and
can use either route-relative or root-absolute docs links.

Deep Agents variant staged preview:
https://nvidia-preview-pr-6344.docs.buildwithfern.com/nemoclaw/latest/user-guide/deepagents/home

## Related Issue

None.

## Changes

- Add Deep Agents docs navigation, quickstart updates, and
`docs/about/ecosystem-deepagents.mdx`.
- Extend `scripts/sync-agent-variant-docs.ts`,
`scripts/check-docs-published-routes.ts`, and related tests for the Deep
Agents variant.
- Consolidate Hermes command-reference content into the shared generated
commands page and remove the standalone Hermes commands route.
- Update shared docs pages across architecture, lifecycle, inference,
security, network policy, troubleshooting, backup/restore, host state,
and reference pages for three-variant coverage.
- Update user-guide skill routing copy in `.agents/skills/` and
`skills/`.
- Update the sandbox exec inline doc reference to the consolidated
commands doc path.

## Type of Change

- [ ] Code change (feature, bug fix, or refactor)
- [x] Code change with doc updates
- [ ] Doc only (prose changes, no code sample modifications)
- [ ] Doc only (includes code sample changes)

## Quality Gates
<!-- Check exactly one tests line and one docs line. Check other lines
when applicable. Add every requested justification or approval
reference. -->
- [x] Tests added or updated for changed behavior
- [ ] Existing tests cover changed behavior — justification:
- [ ] Tests not applicable — justification:
- [x] Docs updated for user-facing behavior changes
- [ ] Docs not applicable — justification:
- [ ] Sensitive paths changed (security, policy, credentials, preflight,
onboarding, inference, runner, sandbox, or messaging)
- [ ] Sensitive-path review completed or maintainer-approved waiver
recorded — reviewer/approval link/justification:
- [ ] Non-success, skipped, or missing CI check accepted by maintainer —
check name, approval link, and follow-up issue:

## Verification
<!-- Check each applicable item only when supported by the requested
evidence. Run targeted tests once per relevant change set and rerun
after later edits or hook autofixes that can affect the tested behavior.
Do not rerun hook-covered checks. -->
- [x] PR description includes the DCO sign-off declaration and every
commit appears as `Verified` in GitHub
- [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or
`npm run check:diff` passed when hooks were skipped or unavailable
- [x] Targeted behavior tests pass for the current change set, or tests
are marked not applicable above — command/result or justification: `npx
vitest run --project integration test/agent-variant-docs.test.ts
test/sync-agent-variant-docs.test.ts test/internal-commands-docs.test.ts
test/skills-frontmatter.test.ts` — 39/39 passed; `npm test --
test/repro-5445-docs-published-route.test.ts
test/check-docs-published-routes.test.ts` — 11/11 passed
- [ ] Applicable broad gate passed — `npm test` for broad
runtime/test-harness changes; `npm run check` for repo-wide
validation/coverage changes — command/result:
- [x] Quality Gates section completed with required justifications or
waivers
- [x] No secrets, API keys, or credentials committed
- [x] `npm run docs` builds without warnings (doc changes only)
- [x] Doc pages follow the [style
guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md)
(doc changes only)
- [x] New doc pages include SPDX header and frontmatter (new pages only)

---
<!-- DCO sign-off is required in this PR description, and every commit
must appear as Verified in GitHub. Run: git config user.name && git
config user.email -->
Signed-off-by: Miyoung Choi <miyoungc@nvidia.com>
Hadar301 pushed a commit to Hadar301/NemoClaw-OpenShift that referenced this pull request Jul 12, 2026
<!-- markdownlint-disable MD041 -->
## Summary

Prepares the user-facing documentation for NemoClaw v0.0.76 and closes
the release-prep documentation gate. It adds the release highlights,
documents the arm64 Local NIM warning and expanded image cleanup
behavior, and fixes agent-specific command headings in generated guides.

## Changes

- Add the v0.0.76 release-notes section and move the shared-gateway
route containment entry out of the v0.0.74 history where it was
incorrectly placed.
- Document the advisory Linux arm64 Local NIM manifest warning in the
canonical platform matrix and local-inference guidance.
- Document that `gc` scans both gateway-built and locally prebuilt
sandbox image repositories.
- Keep OpenClaw and Hermes session headings out of the generated Deep
Agents command guide.
- Add a focused variant regression test for the agent-specific session
headings.

### Source summary

| Merged sources | Documentation coverage |
| --- | --- |
| [NVIDIA#6414](NVIDIA#6414),
[NVIDIA#6418](NVIDIA#6418),
[NVIDIA#6416](NVIDIA#6416),
[NVIDIA#6344](NVIDIA#6344) | v0.0.76 release
notes and the Deep Agents quickstart/inference routes |
| [NVIDIA#6340](NVIDIA#6340) | v0.0.76
release notes and existing Deep Agents observability guidance |
| [NVIDIA#6338](NVIDIA#6338),
[NVIDIA#6378](NVIDIA#6378),
[NVIDIA#6297](NVIDIA#6297) | v0.0.76 release
notes and existing inference/troubleshooting guidance |
| [NVIDIA#6362](NVIDIA#6362) | v0.0.76
release notes and existing lifecycle, command, and credential guidance |
| [NVIDIA#6330](NVIDIA#6330),
[NVIDIA#6307](NVIDIA#6307),
[NVIDIA#6008](NVIDIA#6008) | v0.0.76 release
notes and existing security, troubleshooting, and command guidance |
| [NVIDIA#6382](NVIDIA#6382) | v0.0.76
release notes and existing MCP/command guidance |
| [NVIDIA#6326](NVIDIA#6326),
[NVIDIA#5868](NVIDIA#5868),
[NVIDIA#5539](NVIDIA#5539) | v0.0.76 release
notes, platform matrix, inference options, and local-inference guidance
|
| [NVIDIA#6396](NVIDIA#6396),
[NVIDIA#6390](NVIDIA#6390),
[NVIDIA#6007](NVIDIA#6007) | v0.0.76 release
notes and existing messaging guidance |
| [NVIDIA#5388](NVIDIA#5388),
[NVIDIA#6249](NVIDIA#6249),
[NVIDIA#6303](NVIDIA#6303),
[NVIDIA#6306](NVIDIA#6306) | v0.0.76 release
notes and command/lifecycle guidance |

## Type of Change

- [ ] Code change (feature, bug fix, or refactor)
- [x] Code change with doc updates
- [ ] Doc only (prose changes, no code sample modifications)
- [ ] Doc only (includes code sample changes)

## Quality Gates

- [x] Tests added or updated for changed behavior
- [ ] Existing tests cover changed behavior — justification:
- [ ] Tests not applicable — justification:
- [x] Docs updated for user-facing behavior changes
- [ ] Docs not applicable — justification:
- [ ] Sensitive paths changed (security, policy, credentials, preflight,
onboarding, inference, runner, sandbox, or messaging)
- [ ] Sensitive-path review completed or maintainer-approved waiver
recorded — reviewer/approval link/justification:
- [ ] Non-success, skipped, or missing CI check accepted by maintainer —
check name, approval link, and follow-up issue:

## Verification

- [x] PR description includes the DCO sign-off declaration and every
commit appears as `Verified` in GitHub
- [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or
`npm run check:diff` passed when hooks were skipped or unavailable
- [x] Targeted behavior tests pass for the current change set, or tests
are marked not applicable above — `npx vitest run --project integration
test/generate-platform-docs.test.ts test/agent-variant-docs.test.ts
test/sync-agent-variant-docs.test.ts` (3 files, 29 tests passed)
- [ ] Applicable broad gate passed — `npm test` for broad
runtime/test-harness changes; `npm run check` for repo-wide
validation/coverage changes — command/result:
- [x] Quality Gates section completed with required justifications or
waivers
- [x] No secrets, API keys, or credentials committed
- [ ] `npm run docs` builds without warnings (doc changes only) —
completed with 0 errors and 2 pre-existing Fern warnings
- [x] Doc pages follow the [style
guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md)
(doc changes only)
- [ ] New doc pages include SPDX header and frontmatter (new pages only)

---
Signed-off-by: Apurv Kumaria <akumaria@nvidia.com>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Documentation**
* Added v0.0.76 release notes content, and removed an older conflicting
bullet from the surrounding release history.
* Expanded Local NVIDIA NIM guidance across inference/provider docs,
including an advisory for Linux arm64 DGX Spark/DGX Station hosts when a
matching `linux/arm64` image manifest is unavailable.
* Updated the command reference for correct session-section rendering
and clarified `gc` image cleanup sources.
* **Tests**
* Added coverage ensuring Deep Agents omits sessions headings while
Hermes includes them.
* **CI**
* Refreshed Local NVIDIA NIM provider notes used in the platform matrix.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Signed-off-by: Apurv Kumaria <akumaria@nvidia.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area: docs Documentation, examples, guides, or docs build v0.0.76 Release target

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants