fix(dcode): preserve state across policy reloads#6503
Conversation
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
|
Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually. Contributors can view more details about this message here. |
📝 WalkthroughWalkthroughThe PR centralizes credential-name length validation, hardens generated runtime environment replacement, and revises observability e2e checks to use registry state, persistent markers, policy restoration, and managed tracing. Supporting tests standardize subprocess paths and add boundary coverage. ChangesObservability registry-based verification
Shared credential-name prefix length constant
Estimated code review effort: 4 (Complex) | ~45 minutes Sequence Diagram(s)sequenceDiagram
participant Check as Observability e2e check
participant Registry as sandboxes.json
participant Sandbox
participant ManagedExec as dcode-managed-ex
participant Collector as OTLP collector
Check->>Registry: Read observabilityEnabled
Check->>Sandbox: Read managed marker
Check->>ManagedExec: Run managed tool trace
ManagedExec->>Collector: Export trace when policy allows
Check->>Sandbox: Remove policy and recreate marker
Check->>ManagedExec: Run negative-proof trace
ManagedExec-->>Check: Export blocked
Check->>Sandbox: Restore observability policy
Suggested labels: Suggested reviewers: 🚥 Pre-merge checks | ✅ 2 | ❌ 3❌ Failed checks (3 warnings)
✅ Passed checks (2 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
Code Coverage OverviewLanguages: TypeScript TypeScript / code-coverage/pluginThe overall coverage remains at 96%, unchanged from the branch. TypeScript / code-coverage/cliThe overall coverage in the branch remains at 79%, unchanged from the branch. Show a code coverage summary of the most impacted files.
Updated |
E2E Advisor RecommendationRequired E2E: Full advisor summaryE2E Recommendation AdvisorBase: Required E2E
Optional E2E
New E2E recommendations
|
E2E Target RecommendationRequired E2E targets: Dispatch required E2E targets:
Full E2E target advisor summaryE2E Target AdvisorBase: Required E2E targets
Optional E2E targets
Relevant changed files
|
PR Review Advisor (Nemotron Ultra) — No blocking findingsMerge posture: No blocking advisor findings Action checklist
Test follow-ups to resolve or justifyIf these cover changed behavior, prefer adding them in this PR; otherwise state why existing coverage is enough or link the follow-up.
This is an automated, non-binding review; it still expects maintainers and agents to respond to each required or warning item. Treat suggestions as current-PR improvements when they touch changed code; defer only with maintainer rationale or a linked follow-up. A human maintainer must make the final merge decision. |
PR Review Advisor — No blocking findingsMerge posture: No blocking advisor findings This is an automated review. Required findings need action before merge. Warnings and optional suggestions do not require a response or follow-up. A human maintainer makes the final merge decision. |
E2E Target Results — ✅ All requested jobs passedRun: 28980032711
|
E2E Target Results — ❌ Some jobs failedRun: 28980032707
|
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
Signed-off-by: cjagwani <cjagwani@nvidia.com>
E2E Target Results — ✅ All requested jobs passedRun: 28981014577
|
|
@coderabbitai review |
✅ Action performedReview finished.
|
E2E Target Results — ❌ Some jobs failedRun: 28981014655
|
Signed-off-by: cjagwani <cjagwani@nvidia.com>
E2E Target Results — ❌ Some jobs failedRun: 28981249909
|
E2E Target Results —
|
| Job | Result |
|---|---|
| live |
E2E Target Results — ✅ All requested jobs passedRun: 28981369440
|
|
@coderabbitai review |
✅ Action performedReview finished.
|
|
Maintainer follow-up on the exact-head advisor findings:
The Nemotron artifact also stopped before its tests/regressions, CI, reconciliation, and synthesis stages, so I am treating its partial-ledger warnings as rationale items rather than a complete blocking review. I will wait for fresh exact-head CI and advisors before any further gate decision. |
|
@coderabbitai review |
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
test/e2e/support/platform-parity-cloud-experimental.test.ts (1)
411-411: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winRemove the source-text assertion for the EXIT trap.
The parameterized outcomes already exercise cleanup behavior; checking literal source locks the implementation and can pass even when the trap is ineffective.
As per path instructions, “Prefer observable outcomes through the public boundary over source-text, private-shape, or mock-call assertions.”
Proposed fix
- expect(fs.readFileSync(dcodeTavilyCheck, "utf8")).toContain("trap restore_tavily_denial EXIT");🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@test/e2e/support/platform-parity-cloud-experimental.test.ts` at line 411, Remove the source-text assertion for "trap restore_tavily_denial EXIT" from the parameterized cleanup test, while retaining the observable outcome assertions that verify cleanup through the public boundary.Source: Path instructions
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@test/e2e/e2e-cloud-experimental/checks/11-deepagents-code-observability.sh`:
- Around line 67-80: Update the observability policy test flow around
policy-remove and policy-add, including restore_observability_policy, to wait
for policy enforcement to settle before probing network behavior. Reuse the
existing Tavily cleanup settlement-delay pattern rather than adding a different
synchronization mechanism, and apply the same delay to the additional affected
flow.
---
Nitpick comments:
In `@test/e2e/support/platform-parity-cloud-experimental.test.ts`:
- Line 411: Remove the source-text assertion for "trap restore_tavily_denial
EXIT" from the parameterized cleanup test, while retaining the observable
outcome assertions that verify cleanup through the public boundary.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 1cc0a4bb-89f5-4c0b-a33b-a3d22fcb07aa
📒 Files selected for processing (11)
agents/langchain-deepagents-code/dcode-launcher.shagents/langchain-deepagents-code/dcode-wrapper.shagents/langchain-deepagents-code/start.shtest/e2e/e2e-cloud-experimental/checks/09-deepagents-code-tavily-opt-in.shtest/e2e/e2e-cloud-experimental/checks/11-deepagents-code-observability.shtest/e2e/e2e-cloud-experimental/checks/12-deepagents-code-thread-auto-approval.shtest/e2e/support/deepagents-observability-contract.test.tstest/e2e/support/platform-parity-cloud-experimental.test.tstest/langchain-deepagents-code-image-credentials.test.tstest/langchain-deepagents-code-proxy-launcher.test.tstest/langchain-deepagents-code-secret-pattern-parity.test.ts
| restore_observability_policy() { | ||
| local state | ||
| [ "$OBSERVABILITY_POLICY_DIRTY" -eq 1 ] || return 0 | ||
| state="$(observability_policy_state)" || return 1 | ||
| case "$state" in | ||
| active) ;; | ||
| inactive) | ||
| "$CLI" "$SANDBOX_NAME" policy-add observability-otlp-local --yes >/dev/null 2>&1 \ | ||
| || return 1 | ||
| [ "$(observability_policy_state)" = "active" ] || return 1 | ||
| ;; | ||
| *) return 1 ;; | ||
| esac | ||
| OBSERVABILITY_POLICY_DIRTY=0 |
There was a problem hiding this comment.
🩺 Stability & Availability | 🟡 Minor | ⚡ Quick win
Wait for policy enforcement to settle before probing.
The flow probes immediately after policy-remove and resumes positive checks immediately after policy-add. Unlike the Tavily cleanup at Line 158, no settlement delay protects these network assertions from asynchronous policy reloads.
Proposed fix
"$CLI" "$SANDBOX_NAME" policy-add observability-otlp-local --yes >/dev/null 2>&1 \
|| return 1
[ "$(observability_policy_state)" = "active" ] || return 1
+ sleep "${NEMOCLAW_E2E_POLICY_SETTLE_SECONDS:-5}"
;;
...
[ "$policy_state" = "inactive" ] \
|| fail "removed observability policy is not exactly inactive (state: $policy_state)"
+sleep "${NEMOCLAW_E2E_POLICY_SETTLE_SECONDS:-5}"Also applies to: 353-388
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@test/e2e/e2e-cloud-experimental/checks/11-deepagents-code-observability.sh`
around lines 67 - 80, Update the observability policy test flow around
policy-remove and policy-add, including restore_observability_policy, to wait
for policy enforcement to settle before probing network behavior. Reuse the
existing Tavily cleanup settlement-delay pattern rather than adding a different
synchronization mechanism, and apply the same delay to the additional affected
flow.
✅ Action performedReview finished.
|
E2E Target Results — ✅ All selected tests passedRun: 29174252384
|
<!-- markdownlint-disable MD041 --> ## Summary Follow-up to NVIDIA#6431 for exact-head validation failures that completed immediately before that PR merged. This isolates sequential DCode E2E state, preserves observability across policy-only reloads, lets generic OpenClaw cloud-onboard runs skip DCode-only TUI prerequisites, and closes the remaining valid advisor requests without changing user-facing behavior. ## Related Issue Follow-up to NVIDIA#6431, which closed NVIDIA#6424. No new issue. ## Changes - Remove the durable Tavily preset after check 09, arm cleanup on `EXIT`, and fail unless managed DCode Python returns to the default network denial. - Move check 12's `expect`, Node, and timeout prerequisites after its DCode sandbox guard. Generic `cloud-onboard` therefore skips correctly; typed DCode jobs continue to require and install `expect`. - Keep the credential-free observability enable marker in managed `/sandbox/.deepagents` state for exec/login recovery. Current `main` now owns the durable lifecycle: absent entrypoint env preserves the bit across policy-only restarts, while create/rebuild/clone pass an explicit authoritative `1` or `0`. Check 09 requires the host registry's DCode `observabilityEnabled=true` intent and the exact persistent marker to agree before and after Tavily policy mutation; it fails rather than reconstructing intent from sandbox-writable state. Host-managed network policy remains the egress boundary. - Reject a pre-existing non-regular or symlink marker target with a clear startup error, and use no-target-directory replacement so a raced directory cannot absorb the enabled marker. Fixtures cover both enabled and disabled startup. - In live check 11, remove only `observability-otlp-local`, recreate the exact marker as the sandbox user, and prove both the normally allowed raw route and marker-triggered deterministic instrumentation produce zero host captures. Restore only from an exactly inactive policy state before the existing positive trace checks. - Replace repeated credential-name limit literals with `CREDENTIAL_NAME_PREFIX_MAX_LENGTH` and prove every Bash quantifier remains equal to the canonical TypeScript context-pattern limit. - Cover exact 128/129 context-prefix behavior, oversized OpenShell placeholders, and Tavily cleanup-command failures through the real wrapper/self-test boundaries. - Preserve the merged NVIDIA#6494 Nemotron Ultra request hardening and its observability create/snapshot lifecycle while resolving the overlapping follow-up checks against current `main`. - Keep standalone DCode Tavily persistence and rebuild behavior unchanged. - Avoid the rejected alternative of adding a privileged 47-line apt/workflow boundary to the generic cloud job. ## Type of Change - [x] Code change (feature, bug fix, or refactor) - [ ] Code change with doc updates - [ ] Doc only (prose changes, no code sample modifications) - [ ] Doc only (includes code sample changes) ## Quality Gates - [x] Tests added or updated for changed behavior - [ ] Existing tests cover changed behavior — justification: - [ ] Tests not applicable — justification: - [ ] Docs updated for user-facing behavior changes - [x] Docs not applicable — justification: no CLI, configuration, model-ID, policy, or user-visible behavior changes - [x] Sensitive paths changed (security, policy, credentials, preflight, onboarding, inference, runner, sandbox, or messaging) - [ ] Sensitive-path review completed or maintainer-approved waiver recorded — fresh exact-head review pending - [ ] Non-success, skipped, or missing CI check accepted by maintainer — none currently accepted ## Verification - [x] PR description includes the DCO sign-off declaration and every commit appears as `Verified` in GitHub - [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or `npm run check:diff` passed when hooks were skipped or unavailable - [x] Targeted behavior tests pass for the current change set, or tests are marked not applicable above — after merging current `main`, focused DCode integration suites pass 210/210 and focused E2E-support suites pass 37/37. Bash syntax, ShellCheck, source-shape, test-size, build, TypeScript typecheck, commit, and pre-push hooks pass - [ ] Applicable broad gate passed — fresh exact-head CI, advisors, focused DCode E2E, cloud-onboard, and credential-sanitization pending - [ ] Quality Gates section completed with required justifications or waivers — exact-head sensitive-path review pending - [x] No secrets, API keys, or credentials committed - [ ] `npm run docs` builds without warnings (doc changes only) - [ ] Doc pages follow the [style guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md) (doc changes only) - [ ] New doc pages include SPDX header and frontmatter (new pages only) ## Advisor dispositions - Source-of-truth review: the invalid state is a managed DCode exec losing host-selected observability because raw exec/login processes do not inherit entrypoint environment and policy mutation reloads do not re-run the entrypoint. Current `main` now owns `start.sh` materialization plus `dcode-launcher.sh` recovery under `/sandbox/.deepagents`; create/rebuild/clone carry the registry's explicit `1`/`0` intent, and snapshot restore honors that authoritative registry state so an earlier enabled snapshot does not override a later opt-out. This PR adds fail-closed registry/marker agreement checks and the no-policy export proof. Remove the bridge only when OpenShell both propagates the bit to exec/login processes and preserves it through policy reloads or re-runs the entrypoint. - Sequential Tavily isolation is exercised by the required typed target on one sandbox: check 09 proves denial immediately after cleanup; checks 10 and 11 do not mutate Tavily; check 12 rebuilds and then invokes check 06, which proves both managed and project-venv Python remain denied from `api.tavily.com`. This gives immediate and post-rebuild denial evidence without redundant probes after non-mutating checks. - The marker integration test runs the transformed `start.sh` with `NEMOCLAW_OBSERVABILITY=1`, verifies the `/sandbox/.deepagents/.nemoclaw-observability-enabled` value and mode, removes volatile runtime state, proves absent-env restart and launcher recovery, and proves explicit `0` removal. Live check 11 verifies the literal sandbox path. - The `/sandbox/.deepagents` marker is intentionally untrusted convenience state, not authorization. A sandbox user can request local instrumentation by recreating the exact marker, but cannot grant OTLP egress; the fixed exporter route remains subject to host-managed `observability-otlp-local` policy. Live check 11 removes that host policy, recreates the marker as the sandbox user, proves the exact raw route is denied without capture, and runs real marker-triggered deterministic instrumentation with zero captures before restoring the policy. It also retains alternate host/path/method/port and unmanaged-binary denials with policy active. - Check 09 no longer repairs observability by re-running the stateful entrypoint. The host registry is authoritative, the persistent marker is derived convenience state, and disagreement fails closed both before and after policy mutation. Merged NVIDIA#6506 prevents status/connect route probes from clearing that marker by using the side-effect-free managed-exec boundary. - Startup rejects directory, symlink, and other non-regular marker targets before either the enabled or disabled branch. Enabled replacement treats the destination as a file, closing the directory-descent edge case raised by the exact-head advisor. - Current `main` includes NVIDIA#6506's side-effect-free managed-exec boundary and NVIDIA#6494's durable observability lifecycle. Both are retained together with this PR's host-registry agreement checks and no-policy proof; no contributor work was replaced. - The proxy env file remains intentionally volatile in `/tmp`: each stateful entrypoint reconstructs it from root-owned image proxy inputs, while the observability marker under `/sandbox/.deepagents` must survive policy-only reloads that do not carry the sandbox-create environment. Their different locations reflect different lifetime contracts, not inconsistent authority. ## Exact-head validation plan - Re-run automatic CI, CodeRabbit, GPT, and Nemotron advisors on `0570b876d6e85bcb110823d5f8b6a5553d266f34`. - Re-run `ubuntu-repo-cloud-langchain-deepagents-code` to prove Tavily is denied after check 09 cleanup and remains denied across the check 12 rebuild. - Re-run `cloud-onboard` to prove the non-DCode sandbox skips before requiring `expect`. - Re-run `credential-sanitization` for the named-limit parity change. - Hold merge until tomorrow even if all gates pass earlier. ## Failure evidence addressed - Focused DCode run [28978277604](https://github.com/NVIDIA/NemoClaw/actions/runs/28978277604): check 09 left durable Tavily state that check 12 correctly replayed before the strict egress boundary. - Cloud/credential run [28978281322](https://github.com/NVIDIA/NemoClaw/actions/runs/28978281322): generic OpenClaw cloud-onboard required `expect` before reaching its DCode-only skip; credential-sanitization passed. - Superseded follow-up run [28980032707](https://github.com/NVIDIA/NemoClaw/actions/runs/28980032707): Tavily cleanup and strict egress passed, then check 11 proved that policy reload had cleared the runtime-functional `/tmp` observability marker. The current head retains current `main`'s durable marker under `/sandbox/.deepagents`. - Superseded follow-up run [28980032711](https://github.com/NVIDIA/NemoClaw/actions/runs/28980032711): cloud-onboard and credential-sanitization both passed. - Superseded follow-up run [28981014655](https://github.com/NVIDIA/NemoClaw/actions/runs/28981014655): after the marker moved to `/sandbox`, check 11 proved that Tavily policy cleanup could still reconstruct runtime convenience state and remove it. The current head uses current `main`'s absent-env-preserves lifecycle and fails if the authoritative registry and derived marker disagree; check 09 does not repair drift. - Superseded follow-up run [28981369440](https://github.com/NVIDIA/NemoClaw/actions/runs/28981369440): cloud-onboard and credential-sanitization both passed on the collaborator head; exact-head rerun pending. - Superseded follow-up run [28981690759](https://github.com/NVIDIA/NemoClaw/actions/runs/28981690759): check 09 restored Tavily but sampled observability after policy-add had already reloaded the sandbox, so check 11 found the marker absent. This showed that sandbox marker sampling cannot be the authoritative source of host intent. - Superseded follow-up run [28982642290](https://github.com/NVIDIA/NemoClaw/actions/runs/28982642290): check 09 restored Tavily and check 10 passed, but check 11 found the marker absent because a pre-NVIDIA#6506 status/connect route probe had already invoked the stateful entrypoint without observability. Current `main` supplies NVIDIA#6506's side-effect-free managed-exec probe and NVIDIA#6494's explicit observability lifecycle, while this head compares the host registry and persistent marker before and after policy mutation instead of masking drift with a repair. - Superseded exact-head focused run [28983221993](https://github.com/NVIDIA/NemoClaw/actions/runs/28983221993) passed every typed DCode check 03–12: check 09 reported 9/9, check 11 reported 11/11, and check 12 proved post-rebuild denial. Combined run [28983222022](https://github.com/NVIDIA/NemoClaw/actions/runs/28983222022) passed cloud-onboard and credential sanitization. These runs were invalidated only to address the advisor's unsafe-target edge case and add the stricter no-host-policy leak proof now running on the current head. - Superseded advisor run [28983777162](https://github.com/NVIDIA/NemoClaw/actions/runs/28983777162) rated the safety changes `merge_as_is` from GPT with no findings; Nemotron agreed both substantive findings were resolved and requested only the `/tmp` versus `/sandbox` lifetime cross-reference now present on the current head. --- Signed-off-by: Aaron Erickson <aerickson@nvidia.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Improved validation for credential names and context placeholders, including oversized names. * Strengthened proxy environment file handling to prevent destination-path issues. * Clarified and stabilized observability policy and marker handling. * **Tests** * Expanded end-to-end coverage for observability, Tavily access, tracing, and auto-approval behavior. * Standardized test environment paths and added boundary-case validation for credential patterns. * Improved platform-specific launcher test reliability. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Signed-off-by: Aaron Erickson <aerickson@nvidia.com> Signed-off-by: cjagwani <cjagwani@nvidia.com> Co-authored-by: cjagwani <cjagwani@nvidia.com> Co-authored-by: Carlos Villela <cvillela@nvidia.com>
Summary
Follow-up to #6431 for exact-head validation failures that completed immediately before that PR merged. This isolates sequential DCode E2E state, preserves observability across policy-only reloads, lets generic OpenClaw cloud-onboard runs skip DCode-only TUI prerequisites, and closes the remaining valid advisor requests without changing user-facing behavior.
Related Issue
Follow-up to #6431, which closed #6424. No new issue.
Changes
EXIT, and fail unless managed DCode Python returns to the default network denial.expect, Node, and timeout prerequisites after its DCode sandbox guard. Genericcloud-onboardtherefore skips correctly; typed DCode jobs continue to require and installexpect./sandbox/.deepagentsstate for exec/login recovery. Currentmainnow owns the durable lifecycle: absent entrypoint env preserves the bit across policy-only restarts, while create/rebuild/clone pass an explicit authoritative1or0. Check 09 requires the host registry's DCodeobservabilityEnabled=trueintent and the exact persistent marker to agree before and after Tavily policy mutation; it fails rather than reconstructing intent from sandbox-writable state. Host-managed network policy remains the egress boundary.observability-otlp-local, recreate the exact marker as the sandbox user, and prove both the normally allowed raw route and marker-triggered deterministic instrumentation produce zero host captures. Restore only from an exactly inactive policy state before the existing positive trace checks.CREDENTIAL_NAME_PREFIX_MAX_LENGTHand prove every Bash quantifier remains equal to the canonical TypeScript context-pattern limit.main.Type of Change
Quality Gates
Verification
Verifiedin GitHubpre-commit,commit-msg, andpre-pushhooks passed, ornpm run check:diffpassed when hooks were skipped or unavailablemain, focused DCode integration suites pass 210/210 and focused E2E-support suites pass 37/37. Bash syntax, ShellCheck, source-shape, test-size, build, TypeScript typecheck, commit, and pre-push hooks passnpm run docsbuilds without warnings (doc changes only)Advisor dispositions
mainnow ownsstart.shmaterialization plusdcode-launcher.shrecovery under/sandbox/.deepagents; create/rebuild/clone carry the registry's explicit1/0intent, and snapshot restore honors that authoritative registry state so an earlier enabled snapshot does not override a later opt-out. This PR adds fail-closed registry/marker agreement checks and the no-policy export proof. Remove the bridge only when OpenShell both propagates the bit to exec/login processes and preserves it through policy reloads or re-runs the entrypoint.api.tavily.com. This gives immediate and post-rebuild denial evidence without redundant probes after non-mutating checks.start.shwithNEMOCLAW_OBSERVABILITY=1, verifies the/sandbox/.deepagents/.nemoclaw-observability-enabledvalue and mode, removes volatile runtime state, proves absent-env restart and launcher recovery, and proves explicit0removal. Live check 11 verifies the literal sandbox path./sandbox/.deepagentsmarker is intentionally untrusted convenience state, not authorization. A sandbox user can request local instrumentation by recreating the exact marker, but cannot grant OTLP egress; the fixed exporter route remains subject to host-managedobservability-otlp-localpolicy. Live check 11 removes that host policy, recreates the marker as the sandbox user, proves the exact raw route is denied without capture, and runs real marker-triggered deterministic instrumentation with zero captures before restoring the policy. It also retains alternate host/path/method/port and unmanaged-binary denials with policy active.mainincludes fix(connect): preserve DCode observability during probes #6506's side-effect-free managed-exec boundary and fix(dcode): harden Nemotron Ultra tool requests #6494's durable observability lifecycle. Both are retained together with this PR's host-registry agreement checks and no-policy proof; no contributor work was replaced./tmp: each stateful entrypoint reconstructs it from root-owned image proxy inputs, while the observability marker under/sandbox/.deepagentsmust survive policy-only reloads that do not carry the sandbox-create environment. Their different locations reflect different lifetime contracts, not inconsistent authority.Exact-head validation plan
0570b876d6e85bcb110823d5f8b6a5553d266f34.ubuntu-repo-cloud-langchain-deepagents-codeto prove Tavily is denied after check 09 cleanup and remains denied across the check 12 rebuild.cloud-onboardto prove the non-DCode sandbox skips before requiringexpect.credential-sanitizationfor the named-limit parity change.Failure evidence addressed
expectbefore reaching its DCode-only skip; credential-sanitization passed./tmpobservability marker. The current head retains currentmain's durable marker under/sandbox/.deepagents./sandbox, check 11 proved that Tavily policy cleanup could still reconstruct runtime convenience state and remove it. The current head uses currentmain's absent-env-preserves lifecycle and fails if the authoritative registry and derived marker disagree; check 09 does not repair drift.mainsupplies fix(connect): preserve DCode observability during probes #6506's side-effect-free managed-exec probe and fix(dcode): harden Nemotron Ultra tool requests #6494's explicit observability lifecycle, while this head compares the host registry and persistent marker before and after policy mutation instead of masking drift with a repair.merge_as_isfrom GPT with no findings; Nemotron agreed both substantive findings were resolved and requested only the/tmpversus/sandboxlifetime cross-reference now present on the current head.Signed-off-by: Aaron Erickson aerickson@nvidia.com
Summary by CodeRabbit
Bug Fixes
Tests