fix(onboard): diagnose incomplete custom plugin images#6490
Conversation
Fresh verified-history replacement for #6250; preserves its reviewed net diff on current main. Signed-off-by: cjagwani <cjagwani@nvidia.com> Co-authored-by: Aaron Erickson <aerickson@nvidia.com> Co-authored-by: Apurv Kumaria <akumaria@nvidia.com>
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (3)
✅ Files skipped from review due to trivial changes (1)
🚧 Files skipped from review as they are similar to previous changes (2)
📝 WalkthroughWalkthroughThis PR introduces OpenClaw image-plugin provenance tracking across backup, restore, rebuild, and recreate flows, adding a new discovery/parsing/restore-planning module, provenance-aware config merge logic, managed-extension restore rework, safety guards blocking unsafe recreation, runtime diagnosis for custom images, documentation updates, and a new EXDEV weather-plugin E2E lifecycle test with supporting CI workflow and fixtures. ChangesOpenClaw Plugin Provenance and Lifecycle Safety
Estimated code review effort: 5 (Critical) | ~120 minutes Possibly related PRs
Suggested labels: Suggested reviewers: 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
Code Coverage OverviewLanguages: TypeScript TypeScript / code-coverage/pluginThe overall coverage remains at 96%, unchanged from the branch. TypeScript / code-coverage/cliThe overall coverage in the branch remains at 76%, unchanged from the branch. Show a code coverage summary of the most impacted files.
Updated |
|
🌿 Preview your docs: https://nvidia-preview-pr-6490.docs.buildwithfern.com/nemoclaw |
E2E Advisor RecommendationRequired E2E: Dispatch hint: Full advisor summaryE2E Recommendation AdvisorBase: Required E2E
Optional E2E
New E2E recommendations
Dispatch hint
|
E2E Target RecommendationRequired E2E targets: Dispatch required E2E targets:
Full E2E target advisor summaryE2E Target AdvisorBase: Required E2E targets
Optional E2E targets
Relevant changed files
|
PR Review Advisor (Nemotron Ultra) — BlockedMerge posture: Do not merge until addressed Action checklist
Findings index
🚨 Required before mergeAddress these before merging unless a maintainer explicitly overrides the advisor with rationale.
|
PR Review Advisor — Changes requestedMerge posture: Do not merge yet Action checklist
Findings index
Review findings by urgency: 0 required fixes, 2 items to resolve/justify, 0 in-scope improvements
|
|
Current-head maintainer disposition for advisor items at
No source change is warranted for the two top advisor findings. Independent review and the live run remain merge gates. |
There was a problem hiding this comment.
Actionable comments posted: 6
🧹 Nitpick comments (4)
src/lib/state/registry.ts (1)
511-516: 🗄️ Data Integrity & Integration | 🔵 Trivial | ⚡ Quick winDuplicate clone logic for
openclawImagePluginInstalls.This inline clone (spread +
loadPathscopy) duplicatescloneOpenClawImagePluginInstallsinsrc/lib/state/sandbox.ts(which is not exported). SincehasAuthoritativeOpenClawImagePluginProvenanceinsandbox.tsdepends on this shape being cloned consistently for provenance validation, having two independent implementations risks silent drift if one is updated without the other.Consider exporting a single clone helper (e.g. from
openclaw-plugin-restore.ts, whichregistry.tsalready imports from) and reusing it in bothregistry.tsandsandbox.ts.As per path instructions for
src/lib/{actions,domain,adapters,state}/**: "Flag cross-layer cycles, duplicate sources of truth, and forwarding wrappers that add a new layer without retiring the old owner and its callers."♻️ Proposed direction
-import type { OpenClawImagePluginInstall } from "./openclaw-plugin-restore"; +import { + cloneOpenClawImagePluginInstalls, + type OpenClawImagePluginInstall, +} from "./openclaw-plugin-restore";- openclawImagePluginInstalls: Array.isArray(entry.openclawImagePluginInstalls) - ? entry.openclawImagePluginInstalls.map((install) => ({ - ...install, - ...(install.loadPaths !== undefined ? { loadPaths: [...install.loadPaths] } : {}), - })) - : undefined, + openclawImagePluginInstalls: Array.isArray(entry.openclawImagePluginInstalls) + ? cloneOpenClawImagePluginInstalls(entry.openclawImagePluginInstalls) + : undefined,(requires exporting
cloneOpenClawImagePluginInstallsfromopenclaw-plugin-restore.tsand havingsandbox.tsimport it too, rather than keeping its own copy)🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/lib/state/registry.ts` around lines 511 - 516, The `openclawImagePluginInstalls` clone logic is duplicated between `registry.ts` and `sandbox.ts`, creating two sources of truth for the same provenance-sensitive shape. Export a single helper such as `cloneOpenClawImagePluginInstalls` from `openclaw-plugin-restore.ts` and update both `registry.ts` and `hasAuthoritativeOpenClawImagePluginProvenance` in `sandbox.ts` to reuse it, removing the inline spread/`loadPaths` copy so the cloning behavior stays consistent.Source: Path instructions
test/snapshot-openclaw-managed-extensions.test.ts (1)
216-225: 🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick winCleanup step mocks the removal decision instead of exercising the real command.
The
tarbranch (Line 226) actually executes realtarviaspawnSyncagainst the fixture, but this cleanup branch reimplements the "keep managed, delete the rest" decision in JS using aSet, rather than running the real generatedfind ... -exec rm -rfcommand againstextensionsDir. The only real-command check is the substring assertion at Line 278 (! -name '${extensionName}'), which doesn't prove the full command is syntactically correct (quoting,-mindepth/-maxdepth,-exec ... +vs\;) when actually executed by a shell — a bug in the generated command (e.g. quoting an extension name incorrectly) could delete the wrong things in production while this test still passes.Consider running the actual
cmdthroughspawnSync("sh", ["-c", ...])(substituting the sandbox-internal path for the real fixture path, as is effectively done for the tar destination) so the test proves the generated shell command itself behaves correctly.As per path instructions for
**/*.test.{ts,js,mts,mjs,cts,cjs}: "Flag copied production algorithms, broad mocks that bypass the behavior under test, and conditionals that make a test pass without exercising its claim."🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@test/snapshot-openclaw-managed-extensions.test.ts` around lines 216 - 225, The cleanup test is bypassing the real generated shell command by reimplementing the delete/keep logic in JS, so it doesn’t validate the actual `find ... -exec rm -rf` behavior. Update the `cmd.includes("/sandbox/.openclaw/extensions") && cmd.includes("-exec rm -rf")` branch in `snapshot-openclaw-managed-extensions.test.ts` to execute the generated `cmd` with `spawnSync("sh", ["-c", ...])` against the fixture path, similar to the existing `tar` branch, so the test exercises the real command syntax and quoting instead of a mocked `Set`-based cleanup.Source: Path instructions
test/regression-e2e-workflow.test.ts (1)
75-75: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winAdd a local issue-reference suffix to this renamed test title.
The reworded title doesn't carry a
(#nnnn)suffix, per the repo's test-naming convention for**/*.test.tsfiles.As per coding guidelines,
**/*.test.ts: "Write behavior-oriented test titles, and put local issue references in a final(#1234)suffix."🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@test/regression-e2e-workflow.test.ts` at line 75, The renamed test title in the regression E2E workflow test is missing the required local issue-reference suffix. Update the title in the it(...) call to keep the behavior-oriented wording and append the appropriate final "(`#1234`)"-style suffix to match the repo convention for test-regression-e2e-workflow.test.ts and other **/*.test.ts files.Source: Coding guidelines
src/lib/onboard/sandbox-registration.ts (1)
118-125: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winDuplicate clone logic with
registry.ts.This clone transform for
OpenClawImagePluginInstall[](spread + defensively copyloadPaths) duplicates the identical logic insrc/lib/state/registry.ts(lines ~511-516). Extracting a shared helper (e.g., colocated with theOpenClawImagePluginInstalltype inopenclaw-plugin-restore.ts) would prevent the two clone paths from silently diverging if the install shape changes later.♻️ Proposed shared helper
+export function cloneOpenClawImagePluginInstalls( + installs: readonly OpenClawImagePluginInstall[], +): OpenClawImagePluginInstall[] { + return installs.map((install) => ({ + ...install, + ...(install.loadPaths !== undefined ? { loadPaths: [...install.loadPaths] } : {}), + })); +}Then in
sandbox-registration.ts:...(input.openclawImagePluginInstalls !== undefined ? { - openclawImagePluginInstalls: input.openclawImagePluginInstalls.map((install) => ({ - ...install, - ...(install.loadPaths !== undefined ? { loadPaths: [...install.loadPaths] } : {}), - })), + openclawImagePluginInstalls: cloneOpenClawImagePluginInstalls( + input.openclawImagePluginInstalls, + ), } : {}),🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/lib/onboard/sandbox-registration.ts` around lines 118 - 125, The OpenClawImagePluginInstall clone logic in sandbox registration duplicates the same spread-and-copy behavior already used in registry.ts, so move it into a shared helper near the OpenClawImagePluginInstall type in openclaw-plugin-restore.ts and use that helper from both sandbox-registration.ts and registry.ts. Keep the helper responsible for cloning each install and defensively copying loadPaths so both call sites stay in sync if the shape changes later.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@docs/security/e2e-weather-plugin-fixture-dependency-review.md`:
- Around line 1-5: The new markdown review document is missing the required SPDX
license header; add the standard HTML-comment SPDX header used by other
docs/markdown files at the top of the file, keeping the rest of the content
unchanged. Use the existing documentation pattern in this repo as the reference
so the header matches the format expected for Markdown sources.
- Line 32: The Markdown list item in the security fixture dependency review note
contains two sentences on one line; split it into separate lines so each
sentence stands alone. Update the affected bullet text in the documentation and
keep the rest of the wording unchanged, preserving the one-sentence-per-line
convention for docs content.
In `@src/lib/actions/sandbox/rebuild-backup-phase.test.ts`:
- Around line 230-297: Update the four affected `it()` titles in
`rebuild-backup-phase.test.ts` to append the local issue reference suffix
`(`#6108`)` so they match the suite’s test-title convention. Keep the existing
behavior-oriented wording in each case, and only modify the titles for the tests
covering `runRebuildBackupPhase` and its backup manifest/provenance cases.
In `@src/lib/state/openclaw-config-restore-input.ts`:
- Around line 145-150: The restore path in openclaw-config-restore-input should
distinguish the previous-provenance failure from the fresh-branch message.
Update the error returned in the previousImagePluginInstalls check inside the
restore logic that calls hasCompleteOpenClawImagePluginProvenance so it clearly
says the previous OpenClaw image plugin provenance is incomplete, matching the
existing fresh-branch qualifier and removing ambiguity about which side failed.
In `@src/lib/state/sandbox.ts`:
- Around line 1451-1458: The OpenClaw plugin install parsing in
restoreSandboxStateInternal is hardcoding the provenance root instead of using
the configured directory, which can mismatch the sandbox state root. Update the
parseOpenClawImagePluginInstalls call in the openclaw branch to use the same
configured path derived from agent.configPaths.dir (and the same
manifest.dir/writableDir root used elsewhere) rather than the literal
/sandbox/.openclaw, so plugin provenance is validated consistently.
In `@test/helpers/rebuild-flow-recovery-cases.ts`:
- Around line 40-67: Add an assertion on restoreSandboxStateSpy in the recovery
test so the restore path is verified, not just the delete flow. In
rebuildSandbox/createRebuildFlowHarness, confirm the restore call preserves the
manifest provenance fields by checking targetAgentType and
freshOpenClawImagePluginInstalls are passed through from the recoveryManifest.
Keep the existing expectations around backupSandboxStateSpy and runOpenshellSpy,
and anchor the new check on restoreSandboxStateSpy to catch regressions in the
recovery path.
---
Nitpick comments:
In `@src/lib/onboard/sandbox-registration.ts`:
- Around line 118-125: The OpenClawImagePluginInstall clone logic in sandbox
registration duplicates the same spread-and-copy behavior already used in
registry.ts, so move it into a shared helper near the OpenClawImagePluginInstall
type in openclaw-plugin-restore.ts and use that helper from both
sandbox-registration.ts and registry.ts. Keep the helper responsible for cloning
each install and defensively copying loadPaths so both call sites stay in sync
if the shape changes later.
In `@src/lib/state/registry.ts`:
- Around line 511-516: The `openclawImagePluginInstalls` clone logic is
duplicated between `registry.ts` and `sandbox.ts`, creating two sources of truth
for the same provenance-sensitive shape. Export a single helper such as
`cloneOpenClawImagePluginInstalls` from `openclaw-plugin-restore.ts` and update
both `registry.ts` and `hasAuthoritativeOpenClawImagePluginProvenance` in
`sandbox.ts` to reuse it, removing the inline spread/`loadPaths` copy so the
cloning behavior stays consistent.
In `@test/regression-e2e-workflow.test.ts`:
- Line 75: The renamed test title in the regression E2E workflow test is missing
the required local issue-reference suffix. Update the title in the it(...) call
to keep the behavior-oriented wording and append the appropriate final
"(`#1234`)"-style suffix to match the repo convention for
test-regression-e2e-workflow.test.ts and other **/*.test.ts files.
In `@test/snapshot-openclaw-managed-extensions.test.ts`:
- Around line 216-225: The cleanup test is bypassing the real generated shell
command by reimplementing the delete/keep logic in JS, so it doesn’t validate
the actual `find ... -exec rm -rf` behavior. Update the
`cmd.includes("/sandbox/.openclaw/extensions") && cmd.includes("-exec rm -rf")`
branch in `snapshot-openclaw-managed-extensions.test.ts` to execute the
generated `cmd` with `spawnSync("sh", ["-c", ...])` against the fixture path,
similar to the existing `tar` branch, so the test exercises the real command
syntax and quoting instead of a mocked `Set`-based cleanup.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: f0fdb58f-f01b-46a4-b212-ea4e5b46435d
⛔ Files ignored due to path filters (1)
test/e2e/fixtures/plugins/weather/package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (78)
.github/workflows/e2e.yaml.github/workflows/regression-e2e.yamlci/test-file-size-budget.jsondocs/deployment/install-openclaw-plugins.mdxdocs/get-started/quickstart.mdxdocs/manage-sandboxes/lifecycle.mdxdocs/reference/commands.mdxdocs/reference/troubleshooting.mdxdocs/security/e2e-weather-plugin-fixture-dependency-review.mdsrc/lib/actions/sandbox/rebuild-backup-phase.test.tssrc/lib/actions/sandbox/rebuild-backup-phase.tssrc/lib/actions/sandbox/rebuild-dcode-pre-delete-drift.test.tssrc/lib/actions/sandbox/rebuild-dcode-recovery.test.tssrc/lib/actions/sandbox/rebuild-local-provider-recreate.test.tssrc/lib/actions/sandbox/rebuild-preflight-guards.tssrc/lib/actions/sandbox/rebuild-preflight-phase.tssrc/lib/actions/sandbox/rebuild-prepared-recovery.test.tssrc/lib/actions/sandbox/rebuild-prepared-recovery.tssrc/lib/actions/sandbox/rebuild-restore-phase.test.tssrc/lib/actions/sandbox/rebuild-restore-phase.tssrc/lib/onboard.tssrc/lib/onboard/created-sandbox-finalization.test.tssrc/lib/onboard/created-sandbox-finalization.tssrc/lib/onboard/custom-openclaw-runtime-diagnosis.test.tssrc/lib/onboard/custom-openclaw-runtime-diagnosis.tssrc/lib/onboard/not-ready-recreate.test.tssrc/lib/onboard/not-ready-recreate.tssrc/lib/onboard/sandbox-backup-on-recreate.test.tssrc/lib/onboard/sandbox-backup-on-recreate.tssrc/lib/onboard/sandbox-recreate-protection.test.tssrc/lib/onboard/sandbox-recreate-protection.tssrc/lib/onboard/sandbox-registration.test.tssrc/lib/onboard/sandbox-registration.tssrc/lib/state/openclaw-config-merge.test.tssrc/lib/state/openclaw-config-merge.tssrc/lib/state/openclaw-config-restore-input.test.tssrc/lib/state/openclaw-config-restore-input.tssrc/lib/state/openclaw-managed-extensions.test.tssrc/lib/state/openclaw-managed-extensions.tssrc/lib/state/openclaw-plugin-restore.test.tssrc/lib/state/openclaw-plugin-restore.tssrc/lib/state/registry.tssrc/lib/state/sandbox-openclaw-plugin-restore.test.tssrc/lib/state/sandbox.tssrc/lib/verify-deployment.test.tssrc/lib/verify-deployment.tstest/e2e-fixture-dependency-review.test.tstest/e2e/fixtures/plugins/weather/.gitignoretest/e2e/fixtures/plugins/weather/openclaw.plugin.jsontest/e2e/fixtures/plugins/weather/package.jsontest/e2e/fixtures/plugins/weather/src/index.tstest/e2e/fixtures/plugins/weather/src/version.tstest/e2e/fixtures/plugins/weather/tsconfig.jsontest/e2e/live/openclaw-plugin-runtime-exdev.test.tstest/e2e/support/e2e-workflow.test.tstest/e2e/support/openclaw-plugin-runtime-exdev-workflow-boundary.test.tstest/e2e/support/platform-parity-cloud-experimental.test.tstest/e2e/support/upload-e2e-artifacts-workflow-boundary.test.tstest/helpers/onboard-openshell-fixture.tstest/helpers/rebuild-flow-harness.tstest/helpers/rebuild-flow-lifecycle-cases.tstest/helpers/rebuild-flow-recovery-cases.tstest/helpers/rebuild-flow-test-harness.tstest/helpers/rebuild-flow-test-support.tstest/langchain-deepagents-code-image.test.tstest/onboard-custom-dockerfile.test.tstest/onboard-installer-restore-intent.test.tstest/onboard-messaging.test.tstest/onboard.test.tstest/registry.test.tstest/regression-e2e-workflow.test.tstest/security-sandbox-tar-traversal.test.tstest/shellquote-sandbox.test.tstest/snapshot-openclaw-managed-extensions.test.tstest/snapshot-recovery-validation.test.tstest/snapshot.test.tstools/e2e/upload-e2e-artifacts-workflow-boundary.mtstsconfig.cli.json
💤 Files with no reviewable changes (1)
- test/langchain-deepagents-code-image.test.ts
Signed-off-by: Carlos Villela <cvillela@nvidia.com>
Signed-off-by: Carlos Villela <cvillela@nvidia.com>
E2E Target Results —
|
| Job | Result |
|---|---|
| cloud-onboard | ✅ success |
| onboard-repair | ✅ success |
| onboard-resume | ✅ success |
| openclaw-plugin-runtime-exdev | |
| rebuild-openclaw | ✅ success |
| sandbox-rebuild | ✅ success |
| state-backup-restore | ✅ success |
| upgrade-stale-sandbox | ✅ success |
E2E Target Results — ✅ All requested jobs passedRun: 28972828216
|
E2E Target Results — ✅ All requested jobs passedRun: 28972654149
|
…lugin-image-verified Signed-off-by: cjagwani <cjagwani@nvidia.com> # Conflicts: # test/langchain-deepagents-code-image.test.ts
<!-- markdownlint-disable MD041 --> ## Summary Prepares the user documentation for NemoClaw v0.0.78 by replacing the unreleased section with release highlights and synchronizing the affected inference, lifecycle, messaging, and CLI reference pages with merged behavior. ## Changes - Publish the v0.0.78 release-notes section with links to the most specific user guides for each shipped behavior. - Document authoritative Deep Agents route health, Nemotron Ultra profile behavior, and Hermes compatible-endpoint context metadata. - Document forced rebuild recovery after total backup failure and the ownership-safe tunnel/full-stop behavior. - Keep command examples and shared agent variants aligned with the current OpenClaw, Hermes, and Deep Agents interfaces. Source mapping: - [#3787](#3787) -> `docs/about/release-notes.mdx`: Record reliable workspace template seeding during sandbox startup. - [#4960](#4960) -> `docs/about/release-notes.mdx`: Record safer detection of rewritten OpenClaw gateway processes. - [#5676](#5676) -> `docs/about/release-notes.mdx`: Record warning-tolerant agent-list JSON handling. - [#5857](#5857) -> `docs/about/release-notes.mdx`: Record synchronization of explicit OpenClaw main-agent model state. - [#5929](#5929) -> `docs/about/release-notes.mdx`: Record copyable SSH port-forward guidance for remote dashboards. - [#6068](#6068) -> `docs/about/release-notes.mdx`: Record custom-image plugin provenance reconciliation. - [#6116](#6116) -> `docs/about/release-notes.mdx`: Record live-loopback dashboard-forward recovery. - [#6122](#6122) -> `docs/about/release-notes.mdx`: Announce validated, round-trippable policy YAML output. - [#6211](#6211) -> `docs/manage-sandboxes/lifecycle.mdx`, `docs/reference/commands.mdx`, `docs/about/release-notes.mdx`: Explain the explicit no-backup `rebuild --force` recovery boundary. - [#6283](#6283) -> `docs/about/release-notes.mdx`: Record Hermes WebUI port alignment. - [#6293](#6293) -> `docs/inference/switch-inference-providers.mdx`, `docs/about/release-notes.mdx`: Document compatible-endpoint context-length probing for Hermes. - [#6320](#6320) -> `docs/about/release-notes.mdx`: Record bounded gateway-recovery waits. - [#6377](#6377) -> `docs/reference/commands.mdx`, `docs/about/release-notes.mdx`: Explain rebuild diagnostics and prepared MCP-destroy recovery. - [#6412](#6412) -> `docs/get-started/quickstart-langchain-deepagents-code.mdx`, `docs/about/release-notes.mdx`: Document authoritative agent-visible inference route health. - [#6421](#6421) -> `docs/about/release-notes.mdx`: Record the longer quiet-pull window for managed vLLM images. - [#6431](#6431) -> `docs/inference/model-capability-audit.mdx`, `docs/about/release-notes.mdx`: Document the version-pinned Nemotron Ultra profile plugin. - [#6439](#6439) -> `docs/about/release-notes.mdx`: Summarize the authenticated, pinned credential-capture helper boundary. - [#6450](#6450) -> `docs/manage-sandboxes/messaging-channels.mdx`, `docs/reference/commands.mdx`, `docs/about/release-notes.mdx`: Document host-forward cleanup and ownership-safe gateway-port release. - [#6474](#6474) -> `docs/manage-sandboxes/messaging-channels.mdx`, `docs/about/release-notes.mdx`: Record composable OpenClaw messaging runtime loaders. - [#6475](#6475) -> `docs/about/release-notes.mdx`: Record removal of the unavailable Kimi K2.6 production endpoint option. - [#6480](#6480) -> `docs/about/release-notes.mdx`: Record stderr routing for the plugin registration banner. - [#6481](#6481) -> `docs/about/release-notes.mdx`: Record post-pull Ollama model discovery checks. - [#6482](#6482) -> `docs/about/release-notes.mdx`: Record Ollama model warm-up after daemon restart. - [#6486](#6486) -> `docs/about/release-notes.mdx`: Publish the opt-in, thread-scoped Deep Agents auto-approval boundary. - [#6490](#6490) -> `docs/about/release-notes.mdx`: Record diagnostics for custom images missing the managed runtime. - [#6494](#6494) -> `docs/inference/model-capability-audit.mdx`, `docs/about/release-notes.mdx`: Document nonempty tool-call content preservation and placeholder rejection. - [#6497](#6497) -> `docs/get-started/quickstart-langchain-deepagents-code.mdx`, `docs/about/release-notes.mdx`: Document isolated Deep Agents route-probe output. - [#6506](#6506) -> `docs/get-started/quickstart-langchain-deepagents-code.mdx`, `docs/about/release-notes.mdx`: Document observability-preserving managed route probes. - [#6508](#6508) -> `docs/about/release-notes.mdx`: Link the new extension taxonomy and SDK-readiness reference from the release summary. Release-source verification: GitHub reports all 29 cited source PRs as merged with base `main`, and every merge commit is an ancestor of `origin/main` at `17bf9a6a9688b3b1d69cf4b37d3f23110acb055e`. No source-mapping mismatches were found. ## Type of Change - [ ] Code change (feature, bug fix, or refactor) - [ ] Code change with doc updates - [ ] Doc only (prose changes, no code sample modifications) - [x] Doc only (includes code sample changes) ## Quality Gates <!-- Check exactly one tests line and one docs line. Check other lines when applicable. Add every requested justification or approval reference. --> - [ ] Tests added or updated for changed behavior - [ ] Existing tests cover changed behavior — justification: - [x] Tests not applicable — justification: Documentation-only release-prep changes; `npm run docs` validates variants, routes, and Fern content. - [x] Docs updated for user-facing behavior changes - [ ] Docs not applicable — justification: - [ ] Sensitive paths changed (security, policy, credentials, preflight, onboarding, inference, runner, sandbox, or messaging) - [ ] Sensitive-path review completed or maintainer-approved waiver recorded — reviewer/approval link/justification: - [ ] Non-success, skipped, or missing CI check accepted by maintainer — check name, approval link, and follow-up issue: ## Verification <!-- Check each applicable item only when supported by the requested evidence. Run targeted tests once per relevant change set and rerun after later edits or hook autofixes that can affect the tested behavior. Do not rerun hook-covered checks. --> - [x] PR description includes the DCO sign-off declaration and every commit appears as `Verified` in GitHub - [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or `npm run check:diff` passed when hooks were skipped or unavailable - [x] Targeted behavior tests pass for the current change set, or tests are marked not applicable above — command/result or justification: Tests are not applicable to this documentation-only change set. - [ ] Applicable broad gate passed — `npm test` for broad runtime/test-harness changes; `npm run check` for repo-wide validation/coverage changes — command/result: - [x] Quality Gates section completed with required justifications or waivers - [x] No secrets, API keys, or credentials committed - [ ] `npm run docs` builds without warnings (doc changes only) — exited 0 with zero errors; Fern reported the existing unauthenticated redirect-check and light-mode contrast warnings. - [x] Doc pages follow the [style guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md) (doc changes only) - [ ] New doc pages include SPDX header and frontmatter (new pages only) --- <!-- DCO sign-off is required in this PR description, and every commit must appear as Verified in GitHub. Run: git config user.name && git config user.email --> Signed-off-by: Charan Jagwani <cjagwani@nvidia.com> --------- Signed-off-by: cjagwani <cjagwani@nvidia.com>
<!-- markdownlint-disable MD041 --> ## Summary Fresh verified-history replacement for NVIDIA#6250. This PR preserves the reviewed net diff on current `main` while replacing the non-compliant historical commit chain with three newly signed, GitHub-Verified commits. Aaron Erickson remains the original contributor and author of superseded PR NVIDIA#6250; cjagwani authored this replacement PR. Apurv Kumaria contributed the review-driven follow-up fixes. Both Aaron and Apurv are credited as co-authors on the replacement commit. ## Related - Supersedes NVIDIA#6250 - [Discussion NVIDIA#6108](NVIDIA#6108) - Regression coverage for NVIDIA#3513 and NVIDIA#3127 - The no-source-checkout managed plugin lifecycle remains tracked by NVIDIA#5998 ## Changes - Diagnose custom OpenClaw images that contain only the intermediate `sandbox-base` instead of the complete managed runtime. - Record authoritative image-plugin provenance and reconcile removed, renamed, and same-ID upgraded plugins during recreation and rebuild. - Preserve user-owned plugin, channel, and tool state while removing stale image-owned configuration; fail closed on incomplete provenance. - Add deterministic release lifecycle coverage for onboarding, restart, recreation, rebuild, workspace preservation, and EXDEV-safe runtime dependency replacement. - Authenticate only for the exact digest-pinned builder pre-pull, then remove Docker credentials before release-pinned fixture code runs. - Document the full-image plugin recipe, troubleshooting guidance, dependency risk controls, and the explicit `REMOVE-WHEN` condition. ## Verification - 126 focused rebuild, restore, diagnosis, and custom-Dockerfile tests passed. - `npm run build:cli` passed. - Node 22 CLI typecheck passed. - Test-file size budget passed across 1,372 files. - Biome passed all 64 changed supported files. - `git diff --cached --check` passed before commit. - Replacement history contains three commits, all GitHub Verified with good ED25519 Git signatures. - Full standard CI and applicable live E2E are intentionally running again on this new exact head. ## Provenance The implementation and tests are the reviewed work from NVIDIA#6250, replayed onto current `main` because six historical commits in that PR could not satisfy the repository's GitHub-Verified requirement. This replacement does not claim those historical objects are verified; it provides a new, attributable, signed history containing their reviewed net result. Signed-off-by: cjagwani <cjagwani@nvidia.com> Co-authored-by: Aaron Erickson <aerickson@nvidia.com> Co-authored-by: Apurv Kumaria <akumaria@nvidia.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added OpenClaw weather plugin E2E fixtures and expanded end-to-end plugin lifecycle coverage, including a new runtime-deps EXDEV lane. * **Bug Fixes** * Strengthened onboarding/recovery to fail closed when OpenClaw image-plugin provenance is incomplete, and tightened rebuild/restore gating and hints. * Improved handling of OpenClaw managed extensions and restore planning with stricter symlink and identity checks. * **Documentation** * Updated installation, lifecycle, quickstart, commands, and troubleshooting docs with safer recovery and pinned sandbox workflows. * **Tests/CI** * Updated E2E/regression workflows and added provenance-related rebuild/restore test coverage. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Signed-off-by: cjagwani <cjagwani@nvidia.com> Signed-off-by: Carlos Villela <cvillela@nvidia.com> Co-authored-by: Aaron Erickson <aerickson@nvidia.com> Co-authored-by: Apurv Kumaria <akumaria@nvidia.com> Co-authored-by: Carlos Villela <cvillela@nvidia.com>
<!-- markdownlint-disable MD041 --> ## Summary Prepares the user documentation for NemoClaw v0.0.78 by replacing the unreleased section with release highlights and synchronizing the affected inference, lifecycle, messaging, and CLI reference pages with merged behavior. ## Changes - Publish the v0.0.78 release-notes section with links to the most specific user guides for each shipped behavior. - Document authoritative Deep Agents route health, Nemotron Ultra profile behavior, and Hermes compatible-endpoint context metadata. - Document forced rebuild recovery after total backup failure and the ownership-safe tunnel/full-stop behavior. - Keep command examples and shared agent variants aligned with the current OpenClaw, Hermes, and Deep Agents interfaces. Source mapping: - [NVIDIA#3787](NVIDIA#3787) -> `docs/about/release-notes.mdx`: Record reliable workspace template seeding during sandbox startup. - [NVIDIA#4960](NVIDIA#4960) -> `docs/about/release-notes.mdx`: Record safer detection of rewritten OpenClaw gateway processes. - [NVIDIA#5676](NVIDIA#5676) -> `docs/about/release-notes.mdx`: Record warning-tolerant agent-list JSON handling. - [NVIDIA#5857](NVIDIA#5857) -> `docs/about/release-notes.mdx`: Record synchronization of explicit OpenClaw main-agent model state. - [NVIDIA#5929](NVIDIA#5929) -> `docs/about/release-notes.mdx`: Record copyable SSH port-forward guidance for remote dashboards. - [NVIDIA#6068](NVIDIA#6068) -> `docs/about/release-notes.mdx`: Record custom-image plugin provenance reconciliation. - [NVIDIA#6116](NVIDIA#6116) -> `docs/about/release-notes.mdx`: Record live-loopback dashboard-forward recovery. - [NVIDIA#6122](NVIDIA#6122) -> `docs/about/release-notes.mdx`: Announce validated, round-trippable policy YAML output. - [NVIDIA#6211](NVIDIA#6211) -> `docs/manage-sandboxes/lifecycle.mdx`, `docs/reference/commands.mdx`, `docs/about/release-notes.mdx`: Explain the explicit no-backup `rebuild --force` recovery boundary. - [NVIDIA#6283](NVIDIA#6283) -> `docs/about/release-notes.mdx`: Record Hermes WebUI port alignment. - [NVIDIA#6293](NVIDIA#6293) -> `docs/inference/switch-inference-providers.mdx`, `docs/about/release-notes.mdx`: Document compatible-endpoint context-length probing for Hermes. - [NVIDIA#6320](NVIDIA#6320) -> `docs/about/release-notes.mdx`: Record bounded gateway-recovery waits. - [NVIDIA#6377](NVIDIA#6377) -> `docs/reference/commands.mdx`, `docs/about/release-notes.mdx`: Explain rebuild diagnostics and prepared MCP-destroy recovery. - [NVIDIA#6412](NVIDIA#6412) -> `docs/get-started/quickstart-langchain-deepagents-code.mdx`, `docs/about/release-notes.mdx`: Document authoritative agent-visible inference route health. - [NVIDIA#6421](NVIDIA#6421) -> `docs/about/release-notes.mdx`: Record the longer quiet-pull window for managed vLLM images. - [NVIDIA#6431](NVIDIA#6431) -> `docs/inference/model-capability-audit.mdx`, `docs/about/release-notes.mdx`: Document the version-pinned Nemotron Ultra profile plugin. - [NVIDIA#6439](NVIDIA#6439) -> `docs/about/release-notes.mdx`: Summarize the authenticated, pinned credential-capture helper boundary. - [NVIDIA#6450](NVIDIA#6450) -> `docs/manage-sandboxes/messaging-channels.mdx`, `docs/reference/commands.mdx`, `docs/about/release-notes.mdx`: Document host-forward cleanup and ownership-safe gateway-port release. - [NVIDIA#6474](NVIDIA#6474) -> `docs/manage-sandboxes/messaging-channels.mdx`, `docs/about/release-notes.mdx`: Record composable OpenClaw messaging runtime loaders. - [NVIDIA#6475](NVIDIA#6475) -> `docs/about/release-notes.mdx`: Record removal of the unavailable Kimi K2.6 production endpoint option. - [NVIDIA#6480](NVIDIA#6480) -> `docs/about/release-notes.mdx`: Record stderr routing for the plugin registration banner. - [NVIDIA#6481](NVIDIA#6481) -> `docs/about/release-notes.mdx`: Record post-pull Ollama model discovery checks. - [NVIDIA#6482](NVIDIA#6482) -> `docs/about/release-notes.mdx`: Record Ollama model warm-up after daemon restart. - [NVIDIA#6486](NVIDIA#6486) -> `docs/about/release-notes.mdx`: Publish the opt-in, thread-scoped Deep Agents auto-approval boundary. - [NVIDIA#6490](NVIDIA#6490) -> `docs/about/release-notes.mdx`: Record diagnostics for custom images missing the managed runtime. - [NVIDIA#6494](NVIDIA#6494) -> `docs/inference/model-capability-audit.mdx`, `docs/about/release-notes.mdx`: Document nonempty tool-call content preservation and placeholder rejection. - [NVIDIA#6497](NVIDIA#6497) -> `docs/get-started/quickstart-langchain-deepagents-code.mdx`, `docs/about/release-notes.mdx`: Document isolated Deep Agents route-probe output. - [NVIDIA#6506](NVIDIA#6506) -> `docs/get-started/quickstart-langchain-deepagents-code.mdx`, `docs/about/release-notes.mdx`: Document observability-preserving managed route probes. - [NVIDIA#6508](NVIDIA#6508) -> `docs/about/release-notes.mdx`: Link the new extension taxonomy and SDK-readiness reference from the release summary. Release-source verification: GitHub reports all 29 cited source PRs as merged with base `main`, and every merge commit is an ancestor of `origin/main` at `17bf9a6a9688b3b1d69cf4b37d3f23110acb055e`. No source-mapping mismatches were found. ## Type of Change - [ ] Code change (feature, bug fix, or refactor) - [ ] Code change with doc updates - [ ] Doc only (prose changes, no code sample modifications) - [x] Doc only (includes code sample changes) ## Quality Gates <!-- Check exactly one tests line and one docs line. Check other lines when applicable. Add every requested justification or approval reference. --> - [ ] Tests added or updated for changed behavior - [ ] Existing tests cover changed behavior — justification: - [x] Tests not applicable — justification: Documentation-only release-prep changes; `npm run docs` validates variants, routes, and Fern content. - [x] Docs updated for user-facing behavior changes - [ ] Docs not applicable — justification: - [ ] Sensitive paths changed (security, policy, credentials, preflight, onboarding, inference, runner, sandbox, or messaging) - [ ] Sensitive-path review completed or maintainer-approved waiver recorded — reviewer/approval link/justification: - [ ] Non-success, skipped, or missing CI check accepted by maintainer — check name, approval link, and follow-up issue: ## Verification <!-- Check each applicable item only when supported by the requested evidence. Run targeted tests once per relevant change set and rerun after later edits or hook autofixes that can affect the tested behavior. Do not rerun hook-covered checks. --> - [x] PR description includes the DCO sign-off declaration and every commit appears as `Verified` in GitHub - [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or `npm run check:diff` passed when hooks were skipped or unavailable - [x] Targeted behavior tests pass for the current change set, or tests are marked not applicable above — command/result or justification: Tests are not applicable to this documentation-only change set. - [ ] Applicable broad gate passed — `npm test` for broad runtime/test-harness changes; `npm run check` for repo-wide validation/coverage changes — command/result: - [x] Quality Gates section completed with required justifications or waivers - [x] No secrets, API keys, or credentials committed - [ ] `npm run docs` builds without warnings (doc changes only) — exited 0 with zero errors; Fern reported the existing unauthenticated redirect-check and light-mode contrast warnings. - [x] Doc pages follow the [style guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md) (doc changes only) - [ ] New doc pages include SPDX header and frontmatter (new pages only) --- <!-- DCO sign-off is required in this PR description, and every commit must appear as Verified in GitHub. Run: git config user.name && git config user.email --> Signed-off-by: Charan Jagwani <cjagwani@nvidia.com> --------- Signed-off-by: cjagwani <cjagwani@nvidia.com>
Summary
Fresh verified-history replacement for #6250. This PR preserves the reviewed net diff on current
mainwhile replacing the non-compliant historical commit chain with three newly signed, GitHub-Verified commits.Aaron Erickson remains the original contributor and author of superseded PR #6250; cjagwani authored this replacement PR. Apurv Kumaria contributed the review-driven follow-up fixes. Both Aaron and Apurv are credited as co-authors on the replacement commit.
Related
Changes
sandbox-baseinstead of the complete managed runtime.REMOVE-WHENcondition.Verification
npm run build:clipassed.git diff --cached --checkpassed before commit.Provenance
The implementation and tests are the reviewed work from #6250, replayed onto current
mainbecause six historical commits in that PR could not satisfy the repository's GitHub-Verified requirement. This replacement does not claim those historical objects are verified; it provides a new, attributable, signed history containing their reviewed net result.Signed-off-by: cjagwani cjagwani@nvidia.com
Co-authored-by: Aaron Erickson aerickson@nvidia.com
Co-authored-by: Apurv Kumaria akumaria@nvidia.com
Summary by CodeRabbit
New Features
Bug Fixes
Documentation