Skip to content

fix(dcode): preserve state across policy reloads#6503

Merged
cv merged 28 commits into
mainfrom
fix/dcode-post-merge-e2e
Jul 12, 2026
Merged

fix(dcode): preserve state across policy reloads#6503
cv merged 28 commits into
mainfrom
fix/dcode-post-merge-e2e

Conversation

@ericksoa

@ericksoa ericksoa commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Summary

Follow-up to #6431 for exact-head validation failures that completed immediately before that PR merged. This isolates sequential DCode E2E state, preserves observability across policy-only reloads, lets generic OpenClaw cloud-onboard runs skip DCode-only TUI prerequisites, and closes the remaining valid advisor requests without changing user-facing behavior.

Related Issue

Follow-up to #6431, which closed #6424. No new issue.

Changes

  • Remove the durable Tavily preset after check 09, arm cleanup on EXIT, and fail unless managed DCode Python returns to the default network denial.
  • Move check 12's expect, Node, and timeout prerequisites after its DCode sandbox guard. Generic cloud-onboard therefore skips correctly; typed DCode jobs continue to require and install expect.
  • Keep the credential-free observability enable marker in managed /sandbox/.deepagents state for exec/login recovery. Current main now owns the durable lifecycle: absent entrypoint env preserves the bit across policy-only restarts, while create/rebuild/clone pass an explicit authoritative 1 or 0. Check 09 requires the host registry's DCode observabilityEnabled=true intent and the exact persistent marker to agree before and after Tavily policy mutation; it fails rather than reconstructing intent from sandbox-writable state. Host-managed network policy remains the egress boundary.
  • Reject a pre-existing non-regular or symlink marker target with a clear startup error, and use no-target-directory replacement so a raced directory cannot absorb the enabled marker. Fixtures cover both enabled and disabled startup.
  • In live check 11, remove only observability-otlp-local, recreate the exact marker as the sandbox user, and prove both the normally allowed raw route and marker-triggered deterministic instrumentation produce zero host captures. Restore only from an exactly inactive policy state before the existing positive trace checks.
  • Replace repeated credential-name limit literals with CREDENTIAL_NAME_PREFIX_MAX_LENGTH and prove every Bash quantifier remains equal to the canonical TypeScript context-pattern limit.
  • Cover exact 128/129 context-prefix behavior, oversized OpenShell placeholders, and Tavily cleanup-command failures through the real wrapper/self-test boundaries.
  • Preserve the merged fix(dcode): harden Nemotron Ultra tool requests #6494 Nemotron Ultra request hardening and its observability create/snapshot lifecycle while resolving the overlapping follow-up checks against current main.
  • Keep standalone DCode Tavily persistence and rebuild behavior unchanged.
  • Avoid the rejected alternative of adding a privileged 47-line apt/workflow boundary to the generic cloud job.

Type of Change

  • Code change (feature, bug fix, or refactor)
  • Code change with doc updates
  • Doc only (prose changes, no code sample modifications)
  • Doc only (includes code sample changes)

Quality Gates

  • Tests added or updated for changed behavior
  • Existing tests cover changed behavior — justification:
  • Tests not applicable — justification:
  • Docs updated for user-facing behavior changes
  • Docs not applicable — justification: no CLI, configuration, model-ID, policy, or user-visible behavior changes
  • Sensitive paths changed (security, policy, credentials, preflight, onboarding, inference, runner, sandbox, or messaging)
  • Sensitive-path review completed or maintainer-approved waiver recorded — fresh exact-head review pending
  • Non-success, skipped, or missing CI check accepted by maintainer — none currently accepted

Verification

  • PR description includes the DCO sign-off declaration and every commit appears as Verified in GitHub
  • Normal pre-commit, commit-msg, and pre-push hooks passed, or npm run check:diff passed when hooks were skipped or unavailable
  • Targeted behavior tests pass for the current change set, or tests are marked not applicable above — after merging current main, focused DCode integration suites pass 210/210 and focused E2E-support suites pass 37/37. Bash syntax, ShellCheck, source-shape, test-size, build, TypeScript typecheck, commit, and pre-push hooks pass
  • Applicable broad gate passed — fresh exact-head CI, advisors, focused DCode E2E, cloud-onboard, and credential-sanitization pending
  • Quality Gates section completed with required justifications or waivers — exact-head sensitive-path review pending
  • No secrets, API keys, or credentials committed
  • npm run docs builds without warnings (doc changes only)
  • Doc pages follow the style guide (doc changes only)
  • New doc pages include SPDX header and frontmatter (new pages only)

Advisor dispositions

  • Source-of-truth review: the invalid state is a managed DCode exec losing host-selected observability because raw exec/login processes do not inherit entrypoint environment and policy mutation reloads do not re-run the entrypoint. Current main now owns start.sh materialization plus dcode-launcher.sh recovery under /sandbox/.deepagents; create/rebuild/clone carry the registry's explicit 1/0 intent, and snapshot restore honors that authoritative registry state so an earlier enabled snapshot does not override a later opt-out. This PR adds fail-closed registry/marker agreement checks and the no-policy export proof. Remove the bridge only when OpenShell both propagates the bit to exec/login processes and preserves it through policy reloads or re-runs the entrypoint.
  • Sequential Tavily isolation is exercised by the required typed target on one sandbox: check 09 proves denial immediately after cleanup; checks 10 and 11 do not mutate Tavily; check 12 rebuilds and then invokes check 06, which proves both managed and project-venv Python remain denied from api.tavily.com. This gives immediate and post-rebuild denial evidence without redundant probes after non-mutating checks.
  • The marker integration test runs the transformed start.sh with NEMOCLAW_OBSERVABILITY=1, verifies the /sandbox/.deepagents/.nemoclaw-observability-enabled value and mode, removes volatile runtime state, proves absent-env restart and launcher recovery, and proves explicit 0 removal. Live check 11 verifies the literal sandbox path.
  • The /sandbox/.deepagents marker is intentionally untrusted convenience state, not authorization. A sandbox user can request local instrumentation by recreating the exact marker, but cannot grant OTLP egress; the fixed exporter route remains subject to host-managed observability-otlp-local policy. Live check 11 removes that host policy, recreates the marker as the sandbox user, proves the exact raw route is denied without capture, and runs real marker-triggered deterministic instrumentation with zero captures before restoring the policy. It also retains alternate host/path/method/port and unmanaged-binary denials with policy active.
  • Check 09 no longer repairs observability by re-running the stateful entrypoint. The host registry is authoritative, the persistent marker is derived convenience state, and disagreement fails closed both before and after policy mutation. Merged fix(connect): preserve DCode observability during probes #6506 prevents status/connect route probes from clearing that marker by using the side-effect-free managed-exec boundary.
  • Startup rejects directory, symlink, and other non-regular marker targets before either the enabled or disabled branch. Enabled replacement treats the destination as a file, closing the directory-descent edge case raised by the exact-head advisor.
  • Current main includes fix(connect): preserve DCode observability during probes #6506's side-effect-free managed-exec boundary and fix(dcode): harden Nemotron Ultra tool requests #6494's durable observability lifecycle. Both are retained together with this PR's host-registry agreement checks and no-policy proof; no contributor work was replaced.
  • The proxy env file remains intentionally volatile in /tmp: each stateful entrypoint reconstructs it from root-owned image proxy inputs, while the observability marker under /sandbox/.deepagents must survive policy-only reloads that do not carry the sandbox-create environment. Their different locations reflect different lifetime contracts, not inconsistent authority.

Exact-head validation plan

  • Re-run automatic CI, CodeRabbit, GPT, and Nemotron advisors on 0570b876d6e85bcb110823d5f8b6a5553d266f34.
  • Re-run ubuntu-repo-cloud-langchain-deepagents-code to prove Tavily is denied after check 09 cleanup and remains denied across the check 12 rebuild.
  • Re-run cloud-onboard to prove the non-DCode sandbox skips before requiring expect.
  • Re-run credential-sanitization for the named-limit parity change.
  • Hold merge until tomorrow even if all gates pass earlier.

Failure evidence addressed

  • Focused DCode run 28978277604: check 09 left durable Tavily state that check 12 correctly replayed before the strict egress boundary.
  • Cloud/credential run 28978281322: generic OpenClaw cloud-onboard required expect before reaching its DCode-only skip; credential-sanitization passed.
  • Superseded follow-up run 28980032707: Tavily cleanup and strict egress passed, then check 11 proved that policy reload had cleared the runtime-functional /tmp observability marker. The current head retains current main's durable marker under /sandbox/.deepagents.
  • Superseded follow-up run 28980032711: cloud-onboard and credential-sanitization both passed.
  • Superseded follow-up run 28981014655: after the marker moved to /sandbox, check 11 proved that Tavily policy cleanup could still reconstruct runtime convenience state and remove it. The current head uses current main's absent-env-preserves lifecycle and fails if the authoritative registry and derived marker disagree; check 09 does not repair drift.
  • Superseded follow-up run 28981369440: cloud-onboard and credential-sanitization both passed on the collaborator head; exact-head rerun pending.
  • Superseded follow-up run 28981690759: check 09 restored Tavily but sampled observability after policy-add had already reloaded the sandbox, so check 11 found the marker absent. This showed that sandbox marker sampling cannot be the authoritative source of host intent.
  • Superseded follow-up run 28982642290: check 09 restored Tavily and check 10 passed, but check 11 found the marker absent because a pre-fix(connect): preserve DCode observability during probes #6506 status/connect route probe had already invoked the stateful entrypoint without observability. Current main supplies fix(connect): preserve DCode observability during probes #6506's side-effect-free managed-exec probe and fix(dcode): harden Nemotron Ultra tool requests #6494's explicit observability lifecycle, while this head compares the host registry and persistent marker before and after policy mutation instead of masking drift with a repair.
  • Superseded exact-head focused run 28983221993 passed every typed DCode check 03–12: check 09 reported 9/9, check 11 reported 11/11, and check 12 proved post-rebuild denial. Combined run 28983222022 passed cloud-onboard and credential sanitization. These runs were invalidated only to address the advisor's unsafe-target edge case and add the stricter no-host-policy leak proof now running on the current head.
  • Superseded advisor run 28983777162 rated the safety changes merge_as_is from GPT with no findings; Nemotron agreed both substantive findings were resolved and requested only the /tmp versus /sandbox lifetime cross-reference now present on the current head.

Signed-off-by: Aaron Erickson aerickson@nvidia.com

Summary by CodeRabbit

  • Bug Fixes

    • Improved validation for credential names and context placeholders, including oversized names.
    • Strengthened proxy environment file handling to prevent destination-path issues.
    • Clarified and stabilized observability policy and marker handling.
  • Tests

    • Expanded end-to-end coverage for observability, Tavily access, tracing, and auto-approval behavior.
    • Standardized test environment paths and added boundary-case validation for credential patterns.
    • Improved platform-specific launcher test reliability.

ericksoa added 2 commits July 8, 2026 15:14
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
@copy-pr-bot

copy-pr-bot Bot commented Jul 8, 2026

Copy link
Copy Markdown

Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually.

Contributors can view more details about this message here.

@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Walkthrough

The PR centralizes credential-name length validation, hardens generated runtime environment replacement, and revises observability e2e checks to use registry state, persistent markers, policy restoration, and managed tracing. Supporting tests standardize subprocess paths and add boundary coverage.

Changes

Observability registry-based verification

Layer / File(s) Summary
Launcher/start runtime-state updates
agents/langchain-deepagents-code/dcode-launcher.sh, agents/langchain-deepagents-code/start.sh
Runtime-state comments are expanded, and generated environment replacement uses mv -fT --.
Tavily registry-backed verification
test/e2e/e2e-cloud-experimental/checks/09-deepagents-code-tavily-opt-in.sh
Tavily checks compare registry intent with the persistent marker before mutation and after cleanup.
Observability negative proof and cleanup
test/e2e/e2e-cloud-experimental/checks/11-deepagents-code-observability.sh
Observability policy helpers, cleanup restoration, managed tracing, and blocked-export checks are updated.
Thread auto-approval prerequisites
test/e2e/e2e-cloud-experimental/checks/12-deepagents-code-thread-auto-approval.sh
Sandbox applicability is checked before binaries and timeout prerequisites.
Supporting e2e fixtures and contracts
test/e2e/support/deepagents-observability-contract.test.ts, test/e2e/support/platform-parity-cloud-experimental.test.ts
Policy expectations, check paths, PATH handling, and Tavily restoration coverage are updated.
Proxy-launcher fixtures and subprocesses
test/langchain-deepagents-code-proxy-launcher.test.ts
Launcher probes use explicit marker fixtures, shared PATH values, and platform-specific mv fixture behavior.

Shared credential-name prefix length constant

Layer / File(s) Summary
Wrapper credential-name limit
agents/langchain-deepagents-code/dcode-wrapper.sh
Credential-shape and environment-placeholder validation use CREDENTIAL_NAME_PREFIX_MAX_LENGTH.
Credential boundary and parity tests
test/langchain-deepagents-code-image-credentials.test.ts, test/langchain-deepagents-code-secret-pattern-parity.test.ts
Tests cover oversized names, context-prefix boundaries, and parity between wrapper and canonical pattern limits.

Estimated code review effort: 4 (Complex) | ~45 minutes

Sequence Diagram(s)

sequenceDiagram
  participant Check as Observability e2e check
  participant Registry as sandboxes.json
  participant Sandbox
  participant ManagedExec as dcode-managed-ex
  participant Collector as OTLP collector

  Check->>Registry: Read observabilityEnabled
  Check->>Sandbox: Read managed marker
  Check->>ManagedExec: Run managed tool trace
  ManagedExec->>Collector: Export trace when policy allows
  Check->>Sandbox: Remove policy and recreate marker
  Check->>ManagedExec: Run negative-proof trace
  ManagedExec-->>Check: Export blocked
  Check->>Sandbox: Restore observability policy
Loading

Suggested labels: NV QA, area: policy, area: sandbox

Suggested reviewers: cv

🚥 Pre-merge checks | ✅ 2 | ❌ 3

❌ Failed checks (3 warnings)

Check name Status Explanation Resolution
Linked Issues check ⚠️ Warning The PR does not implement the #6424 plugin migration, bootstrap hash checks, or patch removal described in the linked issue. Add the managed harness-profile plugin, delete the source-patch wiring, and verify canonical profile/bootstrap integrity per #6424.
Out of Scope Changes check ⚠️ Warning Most edits are observability, Tavily, and test-harness state work that is unrelated to the linked #6424 plugin migration. Split unrelated observability and credential-length changes into separate work unless they are explicitly required for #6424.
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title matches the main change: preserving DCode state across policy reloads.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/dcode-post-merge-e2e

Comment @coderabbitai help to get the list of available commands.

@ericksoa ericksoa added bug-fix PR fixes a bug or regression area: ci CI workflows, checks, release automation, or GitHub Actions area: e2e End-to-end tests, nightly failures, or validation infrastructure area: security Security controls, permissions, secrets, or hardening integration: dcode LangChain Deep Code integration behavior v0.0.78 Release target labels Jul 8, 2026
@github-code-quality

github-code-quality Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Code Coverage Overview

Languages: TypeScript

TypeScript / code-coverage/plugin

The overall coverage remains at 96%, unchanged from the branch.

TypeScript / code-coverage/cli

The overall coverage in the branch remains at 79%, unchanged from the branch.

Show a code coverage summary of the most impacted files.
File b9b8d2a 24588d8 +/-
src/lib/sandbox...rsion-scheme.ts 100% 73% -27%
src/lib/actions...light-guards.ts 85% 71% -14%
src/lib/runner.ts 80% 74% -6%
src/lib/messagi...ate-resolver.ts 88% 82% -6%
src/lib/actions...flow-helpers.ts 82% 77% -5%
src/lib/adapter...tp/curl-args.ts 99% 98% -1%
src/lib/messagi.../persistence.ts 92% 91% -1%
src/lib/actions...ateway-state.ts 80% 81% +1%
src/lib/agent/b...availability.ts 67% 70% +3%
src/lib/onboard/config-sync.ts 46% 62% +16%

Updated July 12, 2026 00:42 UTC
Code Coverage is in Public Preview. Learn more and provide us with your feedback.

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

E2E Advisor Recommendation

Required E2E: ubuntu-repo-cloud-langchain-deepagents-code
Optional E2E: None

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

  • ubuntu-repo-cloud-langchain-deepagents-code: Required live typed target for changes to the managed DCode launcher/wrapper and durable observability state. It onboards a real Deep Agents Code sandbox and runs the registered cloud-experimental checks, including secret boundary, Python egress, Tavily policy mutation, observability OTLP enforcement, inference, TUI, and thread auto-approval flows.

Optional E2E

  • None.

New E2E recommendations

  • None.

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

E2E Target Recommendation

Required E2E targets: ubuntu-repo-cloud-langchain-deepagents-code
Optional E2E targets: None

Dispatch required E2E targets:

  • gh workflow run e2e.yaml --ref <pr-head-ref> --field targets=ubuntu-repo-cloud-langchain-deepagents-code

Workflow run

Full E2E target advisor summary

E2E Target Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E targets

  • ubuntu-repo-cloud-langchain-deepagents-code: Changes affect the LangChain Deep Agents Code runtime launchers/startup and its cloud-experimental live checks for Tavily policy, observability, and thread auto-approval; this live-supported typed target onboards the DCode sandbox and runs the relevant Deep Agents Code policy/check suite.
    • Dispatch: gh workflow run e2e.yaml --ref <pr-head-ref> --field targets=ubuntu-repo-cloud-langchain-deepagents-code

Optional E2E targets

  • None.

Relevant changed files

  • agents/langchain-deepagents-code/dcode-launcher.sh
  • agents/langchain-deepagents-code/dcode-wrapper.sh
  • agents/langchain-deepagents-code/start.sh
  • test/e2e/e2e-cloud-experimental/checks/09-deepagents-code-tavily-opt-in.sh
  • test/e2e/e2e-cloud-experimental/checks/11-deepagents-code-observability.sh
  • test/e2e/e2e-cloud-experimental/checks/12-deepagents-code-thread-auto-approval.sh
  • test/e2e/support/deepagents-observability-contract.test.ts
  • test/e2e/support/platform-parity-cloud-experimental.test.ts

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

PR Review Advisor (Nemotron Ultra) — No blocking findings

Merge posture: No blocking advisor findings
Primary next action: Add or justify PRA-T1 and any related test follow-ups.
Open items: 0 required · 0 warnings · 0 suggestions · 5 test follow-ups
Since last review: 2 prior items resolved · 0 still apply · 0 new items found

Action checklist

  • PRA-T1 Add or justify test follow-up: Runtime validation
  • PRA-T2 Add or justify test follow-up: Runtime validation
  • PRA-T3 Add or justify test follow-up: Runtime validation
  • PRA-T4 Add or justify test follow-up: Runtime validation
  • PRA-T5 Add or justify test follow-up: Runtime validation
Test follow-ups to resolve or justify

If these cover changed behavior, prefer adding them in this PR; otherwise state why existing coverage is enough or link the follow-up.

  • PRA-T1 Runtime validation — Add or identify targeted runtime/integration validation for the changed behavior; do not report external E2E job pass/fail here.. Runtime/sandbox/infrastructure paths need behavioral runtime validation: agents/langchain-deepagents-code/dcode-launcher.sh, agents/langchain-deepagents-code/dcode-wrapper.sh, agents/langchain-deepagents-code/start.sh. Runtime/sandbox/infrastructure paths need behavioral runtime validation: dcode-launcher.sh, dcode-wrapper.sh, start.sh. All 10 changed invariants have checked-in coverage (marker persistence, negative proof, registry/marker agreement, Tavily cleanup, credential limit constant, OTLP allowlist matrix, 128/129 boundary, oversized placeholder, proxy validator parity). Self-test fixtures cover wrapper boundaries.
  • PRA-T2 Runtime validation — Add unit test for has_control_char() in wrapper with each C0 control (TAB, VT, FF, ESC, CR) and DEL in dotenv OTLP value. Runtime/sandbox/infrastructure paths need behavioral runtime validation: agents/langchain-deepagents-code/dcode-launcher.sh, agents/langchain-deepagents-code/dcode-wrapper.sh, agents/langchain-deepagents-code/start.sh. Runtime/sandbox/infrastructure paths need behavioral runtime validation: dcode-launcher.sh, dcode-wrapper.sh, start.sh. All 10 changed invariants have checked-in coverage (marker persistence, negative proof, registry/marker agreement, Tavily cleanup, credential limit constant, OTLP allowlist matrix, 128/129 boundary, oversized placeholder, proxy validator parity). Self-test fixtures cover wrapper boundaries.
  • PRA-T3 Runtime validation — Add unit test for is_openshell_env_placeholder_for_name with revision prefix >20 digits rejection. Runtime/sandbox/infrastructure paths need behavioral runtime validation: agents/langchain-deepagents-code/dcode-launcher.sh, agents/langchain-deepagents-code/dcode-wrapper.sh, agents/langchain-deepagents-code/start.sh. Runtime/sandbox/infrastructure paths need behavioral runtime validation: dcode-launcher.sh, dcode-wrapper.sh, start.sh. All 10 changed invariants have checked-in coverage (marker persistence, negative proof, registry/marker agreement, Tavily cleanup, credential limit constant, OTLP allowlist matrix, 128/129 boundary, oversized placeholder, proxy validator parity). Self-test fixtures cover wrapper boundaries.
  • PRA-T4 Runtime validation — Add unit test for is_valid_proxy_host with Unicode lookalikes (e.g., hεllo with Greek epsilon) rejection. Runtime/sandbox/infrastructure paths need behavioral runtime validation: agents/langchain-deepagents-code/dcode-launcher.sh, agents/langchain-deepagents-code/dcode-wrapper.sh, agents/langchain-deepagents-code/start.sh. Runtime/sandbox/infrastructure paths need behavioral runtime validation: dcode-launcher.sh, dcode-wrapper.sh, start.sh. All 10 changed invariants have checked-in coverage (marker persistence, negative proof, registry/marker agreement, Tavily cleanup, credential limit constant, OTLP allowlist matrix, 128/129 boundary, oversized placeholder, proxy validator parity). Self-test fixtures cover wrapper boundaries.
  • PRA-T5 Runtime validation — Add integration test: symlink /sandbox/.deepagents -> elsewhere, verify start.sh rejects parent directory symlink. Runtime/sandbox/infrastructure paths need behavioral runtime validation: agents/langchain-deepagents-code/dcode-launcher.sh, agents/langchain-deepagents-code/dcode-wrapper.sh, agents/langchain-deepagents-code/start.sh. Runtime/sandbox/infrastructure paths need behavioral runtime validation: dcode-launcher.sh, dcode-wrapper.sh, start.sh. All 10 changed invariants have checked-in coverage (marker persistence, negative proof, registry/marker agreement, Tavily cleanup, credential limit constant, OTLP allowlist matrix, 128/129 boundary, oversized placeholder, proxy validator parity). Self-test fixtures cover wrapper boundaries.

Workflow run details

This is an automated, non-binding review; it still expects maintainers and agents to respond to each required or warning item. Treat suggestions as current-PR improvements when they touch changed code; defer only with maintainer rationale or a linked follow-up. A human maintainer must make the final merge decision.

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

PR Review Advisor — No blocking findings

Merge posture: No blocking advisor findings
Primary next action: No advisor follow-up required beyond maintainer review.
Findings: 0 required · 0 warnings · 0 optional suggestions
Since last review: 0 prior items resolved · 0 still apply · 0 new items found

Workflow run details

This is an automated review. Required findings need action before merge. Warnings and optional suggestions do not require a response or follow-up. A human maintainer makes the final merge decision.

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

E2E Target Results — ✅ All requested jobs passed

Run: 28980032711
Workflow ref: fix/dcode-post-merge-e2e
Requested targets: (default — all supported)
Requested jobs: cloud-onboard,credential-sanitization
Summary: 2 passed, 0 failed, 0 cancelled, 0 skipped

Job Result
cloud-onboard ✅ success
credential-sanitization ✅ success

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

E2E Target Results — ❌ Some jobs failed

Run: 28980032707
Workflow ref: fix/dcode-post-merge-e2e
Requested targets: ubuntu-repo-cloud-langchain-deepagents-code
Requested jobs: (default — all default-enabled free-standing jobs; explicit-only jobs openshell-gateway-auth-contract, mcp-bridge-dev, hermes-gpu-startup, sandbox-rlimits-connect, and jetson-nvmap-gpu are skipped unless selected)
Summary: 0 passed, 1 failed, 0 cancelled, 0 skipped

Job Result
live ❌ failure

Failed jobs: live. Check run artifacts for logs.

ericksoa added 2 commits July 8, 2026 15:41
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
@ericksoa ericksoa changed the title fix(dcode): isolate Tavily E2E state and credential bounds fix(dcode): preserve state across policy reloads Jul 8, 2026
ericksoa and others added 2 commits July 8, 2026 15:47
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
Signed-off-by: cjagwani <cjagwani@nvidia.com>
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

E2E Target Results — ✅ All requested jobs passed

Run: 28981014577
Workflow ref: fix/dcode-post-merge-e2e
Requested targets: (default — all supported)
Requested jobs: cloud-onboard,credential-sanitization
Summary: 2 passed, 0 failed, 0 cancelled, 0 skipped

Job Result
cloud-onboard ✅ success
credential-sanitization ✅ success

@cjagwani

cjagwani commented Jul 8, 2026

Copy link
Copy Markdown
Collaborator

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

E2E Target Results — ❌ Some jobs failed

Run: 28981014655
Workflow ref: fix/dcode-post-merge-e2e
Requested targets: ubuntu-repo-cloud-langchain-deepagents-code
Requested jobs: (default — all default-enabled free-standing jobs; explicit-only jobs openshell-gateway-auth-contract, mcp-bridge-dev, hermes-gpu-startup, sandbox-rlimits-connect, and jetson-nvmap-gpu are skipped unless selected)
Summary: 0 passed, 1 failed, 0 cancelled, 0 skipped

Job Result
live ❌ failure

Failed jobs: live. Check run artifacts for logs.

Signed-off-by: cjagwani <cjagwani@nvidia.com>
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

E2E Target Results — ❌ Some jobs failed

Run: 28981249909
Workflow ref: fix/dcode-post-merge-e2e
Requested targets: (default — all supported)
Requested jobs: cloud-onboard,credential-sanitization
Summary: 0 passed, 1 failed, 1 cancelled, 0 skipped

Job Result
cloud-onboard ❌ failure
credential-sanitization ⚠️ cancelled

Failed jobs: cloud-onboard. Check run artifacts for logs.

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

E2E Target Results — ⚠️ Run cancelled — no signal

Run: 28981248633
Workflow ref: fix/dcode-post-merge-e2e
Requested targets: ubuntu-repo-cloud-langchain-deepagents-code
Requested jobs: (default — all default-enabled free-standing jobs; explicit-only jobs openshell-gateway-auth-contract, mcp-bridge-dev, hermes-gpu-startup, sandbox-rlimits-connect, and jetson-nvmap-gpu are skipped unless selected)
Summary: 0 passed, 0 failed, 1 cancelled, 0 skipped

Job Result
live ⚠️ cancelled

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

E2E Target Results — ✅ All requested jobs passed

Run: 28981369440
Workflow ref: fix/dcode-post-merge-e2e
Requested targets: (default — all supported)
Requested jobs: cloud-onboard,credential-sanitization
Summary: 2 passed, 0 failed, 0 cancelled, 0 skipped

Job Result
cloud-onboard ✅ success
credential-sanitization ✅ success

@jyaunches jyaunches added v0.0.80 Release target and removed v0.0.79 Release target labels Jul 9, 2026
@cv

cv commented Jul 9, 2026

Copy link
Copy Markdown
Collaborator

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@cv

cv commented Jul 9, 2026

Copy link
Copy Markdown
Collaborator

Maintainer follow-up on the exact-head advisor findings:

  • The valid Linux coverage gap is addressed in 0e4e5ac. The fixture now retains and executes the production mv -fT -- "$tmp" "$target" command on Linux CI, while rewriting it only on macOS where BSD mv lacks -T. The focused launcher suite passes 12/12 and the source-shape guard remains at zero.
  • The suggested replacement of mv -T is not applicable: -T is the control that prevents a raced directory target from absorbing the marker file in the pinned Debian/Linux runtime.
  • The two 128 literals are pre-existing refactor(dcode): replace Nemotron source patch with profile plugin #6431 maintenance debt with no current production/test mismatch; they are better handled as follow-up cleanup than as expansion of this policy-reload PR.
  • The workaround already records the invalid state, source boundary, regression, and removal condition. A calendar date would not make the temporary boundary safer.

The Nemotron artifact also stopped before its tests/regressions, CI, reconciliation, and synthesis stages, so I am treating its partial-ledger warnings as rationale items rather than a complete blocking review. I will wait for fresh exact-head CI and advisors before any further gate decision.

@cv cv added v0.0.81 Release target and removed v0.0.80 Release target labels Jul 10, 2026
@cv
cv marked this pull request as ready for review July 12, 2026 00:31
@cv

cv commented Jul 12, 2026

Copy link
Copy Markdown
Collaborator

@coderabbitai review

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
test/e2e/support/platform-parity-cloud-experimental.test.ts (1)

411-411: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Remove the source-text assertion for the EXIT trap.

The parameterized outcomes already exercise cleanup behavior; checking literal source locks the implementation and can pass even when the trap is ineffective.

As per path instructions, “Prefer observable outcomes through the public boundary over source-text, private-shape, or mock-call assertions.”

Proposed fix
-    expect(fs.readFileSync(dcodeTavilyCheck, "utf8")).toContain("trap restore_tavily_denial EXIT");
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/e2e/support/platform-parity-cloud-experimental.test.ts` at line 411,
Remove the source-text assertion for "trap restore_tavily_denial EXIT" from the
parameterized cleanup test, while retaining the observable outcome assertions
that verify cleanup through the public boundary.

Source: Path instructions

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/e2e/e2e-cloud-experimental/checks/11-deepagents-code-observability.sh`:
- Around line 67-80: Update the observability policy test flow around
policy-remove and policy-add, including restore_observability_policy, to wait
for policy enforcement to settle before probing network behavior. Reuse the
existing Tavily cleanup settlement-delay pattern rather than adding a different
synchronization mechanism, and apply the same delay to the additional affected
flow.

---

Nitpick comments:
In `@test/e2e/support/platform-parity-cloud-experimental.test.ts`:
- Line 411: Remove the source-text assertion for "trap restore_tavily_denial
EXIT" from the parameterized cleanup test, while retaining the observable
outcome assertions that verify cleanup through the public boundary.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 1cc0a4bb-89f5-4c0b-a33b-a3d22fcb07aa

📥 Commits

Reviewing files that changed from the base of the PR and between b9b8d2a and 24588d8.

📒 Files selected for processing (11)
  • agents/langchain-deepagents-code/dcode-launcher.sh
  • agents/langchain-deepagents-code/dcode-wrapper.sh
  • agents/langchain-deepagents-code/start.sh
  • test/e2e/e2e-cloud-experimental/checks/09-deepagents-code-tavily-opt-in.sh
  • test/e2e/e2e-cloud-experimental/checks/11-deepagents-code-observability.sh
  • test/e2e/e2e-cloud-experimental/checks/12-deepagents-code-thread-auto-approval.sh
  • test/e2e/support/deepagents-observability-contract.test.ts
  • test/e2e/support/platform-parity-cloud-experimental.test.ts
  • test/langchain-deepagents-code-image-credentials.test.ts
  • test/langchain-deepagents-code-proxy-launcher.test.ts
  • test/langchain-deepagents-code-secret-pattern-parity.test.ts

Comment on lines +67 to +80
restore_observability_policy() {
local state
[ "$OBSERVABILITY_POLICY_DIRTY" -eq 1 ] || return 0
state="$(observability_policy_state)" || return 1
case "$state" in
active) ;;
inactive)
"$CLI" "$SANDBOX_NAME" policy-add observability-otlp-local --yes >/dev/null 2>&1 \
|| return 1
[ "$(observability_policy_state)" = "active" ] || return 1
;;
*) return 1 ;;
esac
OBSERVABILITY_POLICY_DIRTY=0

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🩺 Stability & Availability | 🟡 Minor | ⚡ Quick win

Wait for policy enforcement to settle before probing.

The flow probes immediately after policy-remove and resumes positive checks immediately after policy-add. Unlike the Tavily cleanup at Line 158, no settlement delay protects these network assertions from asynchronous policy reloads.

Proposed fix
       "$CLI" "$SANDBOX_NAME" policy-add observability-otlp-local --yes >/dev/null 2>&1 \
         || return 1
       [ "$(observability_policy_state)" = "active" ] || return 1
+      sleep "${NEMOCLAW_E2E_POLICY_SETTLE_SECONDS:-5}"
       ;;
...
 [ "$policy_state" = "inactive" ] \
   || fail "removed observability policy is not exactly inactive (state: $policy_state)"
+sleep "${NEMOCLAW_E2E_POLICY_SETTLE_SECONDS:-5}"

Also applies to: 353-388

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/e2e/e2e-cloud-experimental/checks/11-deepagents-code-observability.sh`
around lines 67 - 80, Update the observability policy test flow around
policy-remove and policy-add, including restore_observability_policy, to wait
for policy enforcement to settle before probing network behavior. Reuse the
existing Tavily cleanup settlement-delay pattern rather than adding a different
synchronization mechanism, and apply the same delay to the additional affected
flow.

@coderabbitai

coderabbitai Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@github-actions

Copy link
Copy Markdown
Contributor

E2E Target Results — ✅ All selected tests passed

Run: 29174252384
Workflow ref: fix/dcode-post-merge-e2e
Requested targets: ubuntu-repo-cloud-langchain-deepagents-code
Requested test IDs: (default — all default-enabled tests; explicit-only tests openshell-gateway-auth-contract, mcp-bridge-dev, hermes-gpu-startup, sandbox-rlimits-connect, and jetson-nvmap-gpu are skipped unless selected)
Summary: 1 passed, 0 failed, 0 cancelled, 0 skipped, 0 unknown

Test Result
live ✅ success

@cv
cv marked this pull request as draft July 12, 2026 00:56
@cv
cv marked this pull request as ready for review July 12, 2026 00:56

@cv cv left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved current PR commit 24588d8 after 198 focused DCode tests, 61 green checks, both fresh advisor jobs, CodeRabbit, and the required live DCode target passed.

@cv
cv merged commit 5278927 into main Jul 12, 2026
137 of 138 checks passed
@cv
cv deleted the fix/dcode-post-merge-e2e branch July 12, 2026 01:11
Hadar301 pushed a commit to Hadar301/NemoClaw-OpenShift that referenced this pull request Jul 12, 2026
<!-- markdownlint-disable MD041 -->
## Summary
Follow-up to NVIDIA#6431 for exact-head validation failures that completed
immediately before that PR merged. This isolates sequential DCode E2E
state, preserves observability across policy-only reloads, lets generic
OpenClaw cloud-onboard runs skip DCode-only TUI prerequisites, and
closes the remaining valid advisor requests without changing user-facing
behavior.

## Related Issue
Follow-up to NVIDIA#6431, which closed NVIDIA#6424. No new issue.

## Changes
- Remove the durable Tavily preset after check 09, arm cleanup on
`EXIT`, and fail unless managed DCode Python returns to the default
network denial.
- Move check 12's `expect`, Node, and timeout prerequisites after its
DCode sandbox guard. Generic `cloud-onboard` therefore skips correctly;
typed DCode jobs continue to require and install `expect`.
- Keep the credential-free observability enable marker in managed
`/sandbox/.deepagents` state for exec/login recovery. Current `main` now
owns the durable lifecycle: absent entrypoint env preserves the bit
across policy-only restarts, while create/rebuild/clone pass an explicit
authoritative `1` or `0`. Check 09 requires the host registry's DCode
`observabilityEnabled=true` intent and the exact persistent marker to
agree before and after Tavily policy mutation; it fails rather than
reconstructing intent from sandbox-writable state. Host-managed network
policy remains the egress boundary.
- Reject a pre-existing non-regular or symlink marker target with a
clear startup error, and use no-target-directory replacement so a raced
directory cannot absorb the enabled marker. Fixtures cover both enabled
and disabled startup.
- In live check 11, remove only `observability-otlp-local`, recreate the
exact marker as the sandbox user, and prove both the normally allowed
raw route and marker-triggered deterministic instrumentation produce
zero host captures. Restore only from an exactly inactive policy state
before the existing positive trace checks.
- Replace repeated credential-name limit literals with
`CREDENTIAL_NAME_PREFIX_MAX_LENGTH` and prove every Bash quantifier
remains equal to the canonical TypeScript context-pattern limit.
- Cover exact 128/129 context-prefix behavior, oversized OpenShell
placeholders, and Tavily cleanup-command failures through the real
wrapper/self-test boundaries.
- Preserve the merged NVIDIA#6494 Nemotron Ultra request hardening and its
observability create/snapshot lifecycle while resolving the overlapping
follow-up checks against current `main`.
- Keep standalone DCode Tavily persistence and rebuild behavior
unchanged.
- Avoid the rejected alternative of adding a privileged 47-line
apt/workflow boundary to the generic cloud job.

## Type of Change

- [x] Code change (feature, bug fix, or refactor)
- [ ] Code change with doc updates
- [ ] Doc only (prose changes, no code sample modifications)
- [ ] Doc only (includes code sample changes)

## Quality Gates
- [x] Tests added or updated for changed behavior
- [ ] Existing tests cover changed behavior — justification:
- [ ] Tests not applicable — justification:
- [ ] Docs updated for user-facing behavior changes
- [x] Docs not applicable — justification: no CLI, configuration,
model-ID, policy, or user-visible behavior changes
- [x] Sensitive paths changed (security, policy, credentials, preflight,
onboarding, inference, runner, sandbox, or messaging)
- [ ] Sensitive-path review completed or maintainer-approved waiver
recorded — fresh exact-head review pending
- [ ] Non-success, skipped, or missing CI check accepted by maintainer —
none currently accepted

## Verification
- [x] PR description includes the DCO sign-off declaration and every
commit appears as `Verified` in GitHub
- [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or
`npm run check:diff` passed when hooks were skipped or unavailable
- [x] Targeted behavior tests pass for the current change set, or tests
are marked not applicable above — after merging current `main`, focused
DCode integration suites pass 210/210 and focused E2E-support suites
pass 37/37. Bash syntax, ShellCheck, source-shape, test-size, build,
TypeScript typecheck, commit, and pre-push hooks pass
- [ ] Applicable broad gate passed — fresh exact-head CI, advisors,
focused DCode E2E, cloud-onboard, and credential-sanitization pending
- [ ] Quality Gates section completed with required justifications or
waivers — exact-head sensitive-path review pending
- [x] No secrets, API keys, or credentials committed
- [ ] `npm run docs` builds without warnings (doc changes only)
- [ ] Doc pages follow the [style
guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md)
(doc changes only)
- [ ] New doc pages include SPDX header and frontmatter (new pages only)

## Advisor dispositions
- Source-of-truth review: the invalid state is a managed DCode exec
losing host-selected observability because raw exec/login processes do
not inherit entrypoint environment and policy mutation reloads do not
re-run the entrypoint. Current `main` now owns `start.sh`
materialization plus `dcode-launcher.sh` recovery under
`/sandbox/.deepagents`; create/rebuild/clone carry the registry's
explicit `1`/`0` intent, and snapshot restore honors that authoritative
registry state so an earlier enabled snapshot does not override a later
opt-out. This PR adds fail-closed registry/marker agreement checks and
the no-policy export proof. Remove the bridge only when OpenShell both
propagates the bit to exec/login processes and preserves it through
policy reloads or re-runs the entrypoint.
- Sequential Tavily isolation is exercised by the required typed target
on one sandbox: check 09 proves denial immediately after cleanup; checks
10 and 11 do not mutate Tavily; check 12 rebuilds and then invokes check
06, which proves both managed and project-venv Python remain denied from
`api.tavily.com`. This gives immediate and post-rebuild denial evidence
without redundant probes after non-mutating checks.
- The marker integration test runs the transformed `start.sh` with
`NEMOCLAW_OBSERVABILITY=1`, verifies the
`/sandbox/.deepagents/.nemoclaw-observability-enabled` value and mode,
removes volatile runtime state, proves absent-env restart and launcher
recovery, and proves explicit `0` removal. Live check 11 verifies the
literal sandbox path.
- The `/sandbox/.deepagents` marker is intentionally untrusted
convenience state, not authorization. A sandbox user can request local
instrumentation by recreating the exact marker, but cannot grant OTLP
egress; the fixed exporter route remains subject to host-managed
`observability-otlp-local` policy. Live check 11 removes that host
policy, recreates the marker as the sandbox user, proves the exact raw
route is denied without capture, and runs real marker-triggered
deterministic instrumentation with zero captures before restoring the
policy. It also retains alternate host/path/method/port and
unmanaged-binary denials with policy active.
- Check 09 no longer repairs observability by re-running the stateful
entrypoint. The host registry is authoritative, the persistent marker is
derived convenience state, and disagreement fails closed both before and
after policy mutation. Merged NVIDIA#6506 prevents status/connect route probes
from clearing that marker by using the side-effect-free managed-exec
boundary.
- Startup rejects directory, symlink, and other non-regular marker
targets before either the enabled or disabled branch. Enabled
replacement treats the destination as a file, closing the
directory-descent edge case raised by the exact-head advisor.
- Current `main` includes NVIDIA#6506's side-effect-free managed-exec boundary
and NVIDIA#6494's durable observability lifecycle. Both are retained together
with this PR's host-registry agreement checks and no-policy proof; no
contributor work was replaced.
- The proxy env file remains intentionally volatile in `/tmp`: each
stateful entrypoint reconstructs it from root-owned image proxy inputs,
while the observability marker under `/sandbox/.deepagents` must survive
policy-only reloads that do not carry the sandbox-create environment.
Their different locations reflect different lifetime contracts, not
inconsistent authority.

## Exact-head validation plan
- Re-run automatic CI, CodeRabbit, GPT, and Nemotron advisors on
`0570b876d6e85bcb110823d5f8b6a5553d266f34`.
- Re-run `ubuntu-repo-cloud-langchain-deepagents-code` to prove Tavily
is denied after check 09 cleanup and remains denied across the check 12
rebuild.
- Re-run `cloud-onboard` to prove the non-DCode sandbox skips before
requiring `expect`.
- Re-run `credential-sanitization` for the named-limit parity change.
- Hold merge until tomorrow even if all gates pass earlier.

## Failure evidence addressed
- Focused DCode run
[28978277604](https://github.com/NVIDIA/NemoClaw/actions/runs/28978277604):
check 09 left durable Tavily state that check 12 correctly replayed
before the strict egress boundary.
- Cloud/credential run
[28978281322](https://github.com/NVIDIA/NemoClaw/actions/runs/28978281322):
generic OpenClaw cloud-onboard required `expect` before reaching its
DCode-only skip; credential-sanitization passed.
- Superseded follow-up run
[28980032707](https://github.com/NVIDIA/NemoClaw/actions/runs/28980032707):
Tavily cleanup and strict egress passed, then check 11 proved that
policy reload had cleared the runtime-functional `/tmp` observability
marker. The current head retains current `main`'s durable marker under
`/sandbox/.deepagents`.
- Superseded follow-up run
[28980032711](https://github.com/NVIDIA/NemoClaw/actions/runs/28980032711):
cloud-onboard and credential-sanitization both passed.
- Superseded follow-up run
[28981014655](https://github.com/NVIDIA/NemoClaw/actions/runs/28981014655):
after the marker moved to `/sandbox`, check 11 proved that Tavily policy
cleanup could still reconstruct runtime convenience state and remove it.
The current head uses current `main`'s absent-env-preserves lifecycle
and fails if the authoritative registry and derived marker disagree;
check 09 does not repair drift.
- Superseded follow-up run
[28981369440](https://github.com/NVIDIA/NemoClaw/actions/runs/28981369440):
cloud-onboard and credential-sanitization both passed on the
collaborator head; exact-head rerun pending.
- Superseded follow-up run
[28981690759](https://github.com/NVIDIA/NemoClaw/actions/runs/28981690759):
check 09 restored Tavily but sampled observability after policy-add had
already reloaded the sandbox, so check 11 found the marker absent. This
showed that sandbox marker sampling cannot be the authoritative source
of host intent.
- Superseded follow-up run
[28982642290](https://github.com/NVIDIA/NemoClaw/actions/runs/28982642290):
check 09 restored Tavily and check 10 passed, but check 11 found the
marker absent because a pre-NVIDIA#6506 status/connect route probe had already
invoked the stateful entrypoint without observability. Current `main`
supplies NVIDIA#6506's side-effect-free managed-exec probe and NVIDIA#6494's
explicit observability lifecycle, while this head compares the host
registry and persistent marker before and after policy mutation instead
of masking drift with a repair.
- Superseded exact-head focused run
[28983221993](https://github.com/NVIDIA/NemoClaw/actions/runs/28983221993)
passed every typed DCode check 03–12: check 09 reported 9/9, check 11
reported 11/11, and check 12 proved post-rebuild denial. Combined run
[28983222022](https://github.com/NVIDIA/NemoClaw/actions/runs/28983222022)
passed cloud-onboard and credential sanitization. These runs were
invalidated only to address the advisor's unsafe-target edge case and
add the stricter no-host-policy leak proof now running on the current
head.
- Superseded advisor run
[28983777162](https://github.com/NVIDIA/NemoClaw/actions/runs/28983777162)
rated the safety changes `merge_as_is` from GPT with no findings;
Nemotron agreed both substantive findings were resolved and requested
only the `/tmp` versus `/sandbox` lifetime cross-reference now present
on the current head.

---
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Improved validation for credential names and context placeholders,
including oversized names.
* Strengthened proxy environment file handling to prevent
destination-path issues.
  * Clarified and stabilized observability policy and marker handling.

* **Tests**
* Expanded end-to-end coverage for observability, Tavily access,
tracing, and auto-approval behavior.
* Standardized test environment paths and added boundary-case validation
for credential patterns.
  * Improved platform-specific launcher test reliability.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
Signed-off-by: cjagwani <cjagwani@nvidia.com>
Co-authored-by: cjagwani <cjagwani@nvidia.com>
Co-authored-by: Carlos Villela <cvillela@nvidia.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area: ci CI workflows, checks, release automation, or GitHub Actions area: e2e End-to-end tests, nightly failures, or validation infrastructure area: security Security controls, permissions, secrets, or hardening bug-fix PR fixes a bug or regression integration: dcode LangChain Deep Code integration behavior v0.0.81 Release target

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Replace the DCode Nemotron Ultra source patch with a managed profile plugin

5 participants