Skip to content

fix(config): harden TOML config handling#6567

Merged
jyaunches merged 10 commits into
mainfrom
codex/harden-toml-config
Jul 9, 2026
Merged

fix(config): harden TOML config handling#6567
jyaunches merged 10 commits into
mainfrom
codex/harden-toml-config

Conversation

@cv

@cv cv commented Jul 9, 2026

Copy link
Copy Markdown
Collaborator

Summary

Hardens the TOML configuration support introduced in #6552. The change centralizes format handling, keeps TOML reads sanitized, and refuses unsupported TOML writes instead of silently rewriting the file as JSON.

Related Issue

Follow-up to #6552.

Changes

  • Extract JSON/TOML parsing and serialization behind a small format boundary.
  • Validate parsed configuration values as JSON-like data before exposing them to callers.\n- Replace raw TOML/JSON/YAML parser exceptions with format-specific generic errors so malformed credential-bearing source text cannot reach CLI diagnostics.
  • Add TOML fixtures that prove --key extraction works and credentials plus gateway state stay sanitized in default JSON and requested YAML output.
  • Reject config set for TOML-backed sandboxes until a lossless TOML writer is supported.
  • Document sanitized TOML inspection and the re-onboarding boundary for dcode users.

Type of Change

  • Code change (feature, bug fix, or refactor)
  • Code change with doc updates
  • Doc only (prose changes, no code sample modifications)
  • Doc only (includes code sample changes)

Quality Gates

  • Tests added or updated for changed behavior
  • Existing tests cover changed behavior — justification:
  • Tests not applicable — justification:
  • Docs updated for user-facing behavior changes
  • Docs not applicable — justification:
  • Sensitive paths changed (security, policy, credentials, preflight, onboarding, inference, runner, sandbox, or messaging)
  • Sensitive-path review completed or maintainer-approved waiver recorded — reviewer/approval link/justification: pending exact-head independent review
  • Non-success, skipped, or missing CI check accepted by maintainer — check name, approval link, and follow-up issue:

Verification

  • PR description includes the DCO sign-off declaration and every commit appears as Verified in GitHub
  • Normal pre-commit, commit-msg, and pre-push hooks passed, or npm run check:diff passed when hooks were skipped or unavailable
  • Targeted behavior tests pass for the current change set, or tests are marked not applicable above — npx vitest run --project cli src/lib/sandbox/*.test.ts (151/151); npx vitest run --project integration test/config-set-nested-ssrf.test.ts (7/7); follow-up npx vitest run --project cli src/lib/sandbox/config-format.test.ts src/lib/sandbox/config-get.test.ts (17/17); npm run build:cli && npm run typecheck:cli passed
  • Applicable broad gate passed — npm run test:package (292/292)
  • Quality Gates section completed with required justifications or waivers — exact-head independent sensitive-path review is pending
  • No secrets, API keys, or credentials committed
  • npm run docs builds without warnings (doc changes only) — 0 errors; Fern reports two unrelated environment/baseline warnings (redirect authentication and existing color contrast)
  • Doc pages follow the style guide (doc changes only)
  • New doc pages include SPDX header and frontmatter (new pages only)

Signed-off-by: Carlos Villela cvillela@nvidia.com

Summary by CodeRabbit

  • Documentation

    • Added a guide for inspecting managed Deep Agents Code configuration with config get, including redaction of credential-shaped values and omission of gateway authentication details.
  • Bug Fixes

    • Improved configuration parsing/validation across YAML, TOML, and JSON with clearer, safer error handling.
    • Ensured secrets are fully redacted in both full output and --key views, and prevented gateway auth data from appearing.
    • Rejected config set for TOML-format managed configurations.
  • Tests

    • Added parsing/serialization tests and strengthened regression coverage to verify redaction and error-message safety.

Signed-off-by: Carlos Villela <cvillela@nvidia.com>
@cv cv self-assigned this Jul 9, 2026
@cv cv added v0.0.79 Release target area: cli Command line interface, flags, terminal UX, or output area: security Security controls, permissions, secrets, or hardening labels Jul 9, 2026
@coderabbitai

coderabbitai Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

Adds a shared config-format.ts module for JSON, YAML, and TOML parsing/serialization, refactors config.ts to use it, expands config-get tests for redaction and error handling, documents config get behavior, and pins the TOML parser dependency.

Changes

Config format extraction and TOML support

Layer / File(s) Summary
New config-format module and tests
src/lib/sandbox/config-format.ts, src/lib/sandbox/config-format.test.ts
Adds parseConfig and serializeConfig for YAML, TOML, and JSON with credential validation, and tests TOML parsing, JSON/YAML parsing, and TOML serialization rejection.
config.ts delegates to shared module
src/lib/sandbox/config.ts
Removes local parse/serialize implementations, imports them from config-format, and updates AgentConfigTarget.format docs to include toml.
TOML redaction and error-safety tests
src/lib/sandbox/config-get.test.ts
Updates config-read stubbing, adds error capture helpers, extends TOML fixtures, and tests redaction, gateway omission, malformed-input safety, and image-baked configSet rejection.
Config get documentation
docs/get-started/quickstart-langchain-deepagents-code.mdx
Documents the config get command, credential redaction and gateway removal behavior, and the config set limitation requiring re-onboarding.
Dependency pin
package.json
Pins smol-toml to an exact version.

Estimated code review effort: 3 (Moderate) | ~25 minutes

Sequence Diagram(s)

sequenceDiagram
  participant CLI
  participant configGet
  participant configFormat
  participant credentialFilter
  CLI->>configGet: config get
  configGet->>configFormat: parseConfig(raw, format)
  configFormat->>configFormat: choose yaml, toml, or json parser
  configFormat->>credentialFilter: isConfigObject / isConfigValue
  configFormat-->>configGet: parsed config
  configGet->>credentialFilter: redact secrets and strip gateway
  configGet-->>CLI: redacted config output
Loading

Suggested labels: bug-fix, refactor

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 25.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately reflects the main change: hardening TOML config handling in config parsing, serialization, and redaction.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/harden-toml-config

Comment @coderabbitai help to get the list of available commands.

@github-code-quality

github-code-quality Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Code Coverage Overview

Languages: TypeScript

TypeScript / code-coverage/plugin

The overall coverage remains at 96%, unchanged from the branch.

TypeScript / code-coverage/cli

The overall coverage in the branch remains at 77%, unchanged from the branch.

Show a code coverage summary of the most impacted files.
File 0d2aca4 b5c346d +/-
src/lib/actions...ge-preflight.ts 89% 74% -15%
src/lib/runner.ts 80% 72% -8%
src/lib/inference/config.ts 98% 93% -5%
src/lib/actions...ateway-state.ts 72% 72% 0%
src/lib/sandbox/config.ts 52% 53% +1%
src/lib/security/redact.ts 96% 97% +1%
src/lib/inference/health.ts 95% 96% +1%
src/lib/inferen...board-probes.ts 84% 86% +2%
src/lib/actions...ence-gateway.ts 50% 83% +33%
src/lib/sandbox...onfig-format.ts 0% 90% +90%

Updated July 09, 2026 15:12 UTC
Code Coverage is in Public Preview. Learn more and provide us with your feedback.

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

PR Review Advisor (Nemotron Ultra) — Informational

Merge posture: Informational / low confidence
Primary next action: Resolve or justify PRA-1: PR review advisor unavailable.
Open items: 0 required · 1 warning · 0 suggestions · 1 test follow-up
Top item: PR review advisor unavailable

Action checklist

  • PRA-1 Resolve or justify: PR review advisor unavailable
  • PRA-T1 Add or justify test follow-up: Runtime validation

Findings index

ID Severity Category Location Required action
PRA-1 Resolve/justify correctness Re-run the PR Review Advisor or perform a manual review.
Review findings by urgency: 0 required fixes, 1 item to resolve/justify, 0 in-scope improvements

⚠️ Resolve or justify before merge

Investigate these in the current review; either fix them, explain why they are not applicable, or document the accepted risk.

PRA-1 Resolve/justify — PR review advisor unavailable

  • Location: not file-specific
  • Category: correctness
  • Problem: The automated advisor could not complete: PR review advisor SDK execution failed: session: scope-risk-map must call pr_review_update_ledger exactly once (observed 3 starts); scope-risk-map must finish pr_review_update_ledger successfully exactly once (observed 1 successful of 3 total completions); scope-risk-map called pr_review_update_ledger before analysis; turn: scope-risk-map: scope-risk-map must call pr_review_update_ledger exactly once (observed 3 starts); scope-risk-map must finish pr_review_update_ledger successfully exactly once (observed 1 successful of 3 total completions); scope-risk-map called pr_review_update_ledger before analysis
  • Impact: Automated review evidence is incomplete, so human review must cover the changed code manually.
  • Recommended action: Re-run the PR Review Advisor or perform a manual review.
  • Expected follow-up: Resolve in this PR or explain why the risk is acceptable.
  • Verification: Inspect the workflow logs and raw advisor artifact for the execution failure.
  • Missing regression test: No regression test recommendation is available because the advisor did not complete.
  • Done when: The risk is fixed or explicitly justified in the PR. Verification: Inspect the workflow logs and raw advisor artifact for the execution failure.
  • Evidence: PR review advisor SDK execution failed: session: scope-risk-map must call pr_review_update_ledger exactly once (observed 3 starts); scope-risk-map must finish pr_review_update_ledger successfully exactly once (observed 1 successful of 3 total completions); scope-risk-map called pr_review_update_ledger before analysis; turn: scope-risk-map: scope-risk-map must call pr_review_update_ledger exactly once (observed 3 starts); scope-risk-map must finish pr_review_update_ledger successfully exactly once (observed 1 successful of 3 total completions); scope-risk-map called pr_review_update_ledger before analysis

💡 In-scope improvements

These are lower-risk, not throwaway. Prefer fixing them in this PR when they are local to changed code; defer only with rationale or a linked follow-up.

  • None.
Test follow-ups to resolve or justify

If these cover changed behavior, prefer adding them in this PR; otherwise state why existing coverage is enough or link the follow-up.

  • PRA-T1 Runtime validation — Add or identify targeted runtime/integration validation for the changed behavior; do not report external E2E job pass/fail here.. Runtime/sandbox/infrastructure paths need behavioral runtime validation: docs/get-started/quickstart-langchain-deepagents-code.mdx, package-lock.json, package.json, src/lib/sandbox/config-format.ts, src/lib/sandbox/config.ts.

Workflow run details

This is an automated, non-binding review; it still expects maintainers and agents to respond to each required or warning item. Treat suggestions as current-PR improvements when they touch changed code; defer only with maintainer rationale or a linked follow-up. A human maintainer must make the final merge decision.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (2)
docs/get-started/quickstart-langchain-deepagents-code.mdx (1)

184-186: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Consider a <Warning> callout for the config set limitation.

This caveat (no config set support, re-onboarding required) is important operational info and fits the callout pattern used elsewhere for this kind of guidance.

As per coding guidelines, "Use Fern callout components such as <Note>, <Tip>, and <Warning> for callouts in MDX pages."

📝 Proposed fix
 NemoClaw parses `config.toml`, removes gateway auth data, and redacts credential-shaped values before printing it.
-`config set` is not supported for this image-baked configuration; re-onboard the named sandbox to change its managed provider or model selection.
+
+<Warning>
+`config set` is not supported for this image-baked configuration.
+Re-onboard the named sandbox to change its managed provider or model selection.
+</Warning>
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/get-started/quickstart-langchain-deepagents-code.mdx` around lines 184 -
186, The quickstart copy currently presents the `config set` limitation as plain
text; update the MDX in the `quickstart-langchain-deepagents-code` section to
use a Fern `<Warning>` callout for this operational caveat. Keep the existing
message about `NemoClaw`/`config.toml` behavior, but wrap the `config set is not
supported` and re-onboarding guidance in the appropriate `<Warning>` component
so it matches the callout pattern used elsewhere in the docs.

Source: Coding guidelines

src/lib/sandbox/config-format.test.ts (1)

9-47: 🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick win

Good behavioral coverage; consider adding a TOML datetime case.

Tests exercise the public parseConfig/serializeConfig API directly with real inputs rather than mocking internals, which fits the repo's testing guidance. As per path instructions, "Prefer observable outcomes through the public boundary over source-text, private-shape, or mock-call assertions." None of the current cases cover a TOML value containing a date/datetime field, which is the scenario flagged in config-format.ts as likely to break parsing. Adding one would catch that regression.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/sandbox/config-format.test.ts` around lines 9 - 47, The sandbox
config format tests cover comment-prefixed TOML and JSON/YAML behavior, but they
miss the TOML datetime case called out in config-format handling. Add a new
observable test in sandbox config formats using parseConfig with a TOML
date/datetime field and assert the parsed shape matches the expected value. Keep
the coverage at the public API boundary by exercising parseConfig directly,
similar to the existing scenarios in config-format.test.ts.

Source: Path instructions

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/get-started/quickstart-langchain-deepagents-code.mdx`:
- Line 185: The MDX text in the quickstart content has two sentences joined on
one line with a semicolon; split them into separate lines so each sentence
stands alone. Update the affected prose near the config set message in the
quickstart document, keeping the wording the same but placing one sentence per
line to match the Markdown/MDX guideline.

---

Nitpick comments:
In `@docs/get-started/quickstart-langchain-deepagents-code.mdx`:
- Around line 184-186: The quickstart copy currently presents the `config set`
limitation as plain text; update the MDX in the
`quickstart-langchain-deepagents-code` section to use a Fern `<Warning>` callout
for this operational caveat. Keep the existing message about
`NemoClaw`/`config.toml` behavior, but wrap the `config set is not supported`
and re-onboarding guidance in the appropriate `<Warning>` component so it
matches the callout pattern used elsewhere in the docs.

In `@src/lib/sandbox/config-format.test.ts`:
- Around line 9-47: The sandbox config format tests cover comment-prefixed TOML
and JSON/YAML behavior, but they miss the TOML datetime case called out in
config-format handling. Add a new observable test in sandbox config formats
using parseConfig with a TOML date/datetime field and assert the parsed shape
matches the expected value. Keep the coverage at the public API boundary by
exercising parseConfig directly, similar to the existing scenarios in
config-format.test.ts.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: f59addfd-a6db-4445-ad21-c353a34aacae

📥 Commits

Reviewing files that changed from the base of the PR and between 5476b9d and 1388eea.

📒 Files selected for processing (5)
  • docs/get-started/quickstart-langchain-deepagents-code.mdx
  • src/lib/sandbox/config-format.test.ts
  • src/lib/sandbox/config-format.ts
  • src/lib/sandbox/config-get.test.ts
  • src/lib/sandbox/config.ts

Comment thread docs/get-started/quickstart-langchain-deepagents-code.mdx
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

E2E Advisor Recommendation

Required E2E: ubuntu-repo-cloud-langchain-deepagents-code, shields-config
Optional E2E: docs-validation

Dispatch hint: targets=ubuntu-repo-cloud-langchain-deepagents-code,shields-config

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

  • ubuntu-repo-cloud-langchain-deepagents-code (high): Required because the changed TOML config parsing and config-set refusal directly affect the managed Deep Agents Code sandbox. This registry target runs the Deep Agents cloud-experimental checks, including the modified 04-deepagents-code-fresh-reonboard.sh script that validates live config get, --key, --format yaml, redaction, image-baked mutation refusal, and re-onboard model state.
  • shields-config (medium): Required because host-side config get redaction and gateway omission are security boundaries touched by the parser refactor. shields-config exercises a real OpenClaw sandbox, locked config posture, config get output redaction, and gateway field omission through the live CLI path.

Optional E2E

  • docs-validation (low): Optional confidence for the quickstart documentation addition that advertises nemo-deepagents <sandbox-name> config get; the docs validation job checks published docs/CLI parity and local docs integrity but does not validate the runtime security boundary.

New E2E recommendations

  • Hermes YAML config CLI coverage (medium): The parser refactor also changes YAML config parsing for Hermes, but existing live E2E coverage does not appear to exercise nemoclaw <hermes-sandbox> config get / config set against a real Hermes YAML config with credential redaction and malformed-source error sanitization.
    • Suggested test: Add a Hermes live config-management E2E that onboards a Hermes sandbox, runs config get full/keyed/YAML-output redaction checks, performs an allowed config set or validates the current mutation boundary, and verifies no gateway/auth material is printed.

Dispatch hint

  • Workflow: .github/workflows/e2e.yaml
  • jobs input: targets=ubuntu-repo-cloud-langchain-deepagents-code,shields-config

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

E2E Target Recommendation

Required E2E targets: ubuntu-repo-cloud-langchain-deepagents-code
Optional E2E targets: None

Dispatch required E2E targets:

  • gh workflow run e2e.yaml --ref <pr-head-ref> --field targets=ubuntu-repo-cloud-langchain-deepagents-code

Workflow run

Full E2E target advisor summary

E2E Target Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E targets

  • ubuntu-repo-cloud-langchain-deepagents-code: The PR changes the Deep Agents Code fresh re-onboard live check and the sandbox config parsing/get/set path it now exercises, including TOML config inspection, redaction, YAML output, and image-baked mutation refusal. The live-supported Deep Agents Code cloud target is the smallest typed target that runs this cloud-experimental check surface.
    • Dispatch: gh workflow run e2e.yaml --ref <pr-head-ref> --field targets=ubuntu-repo-cloud-langchain-deepagents-code

Optional E2E targets

  • None.

Relevant changed files

  • package-lock.json
  • package.json
  • src/lib/sandbox/config-format.ts
  • src/lib/sandbox/config.ts
  • test/e2e/e2e-cloud-experimental/checks/04-deepagents-code-fresh-reonboard.sh
  • test/e2e/support/platform-parity-cloud-experimental.test.ts

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

PR Review Advisor — No blocking findings

Merge posture: No blocking advisor findings
Primary next action: Add or justify PRA-T1 and any related test follow-ups.
Open items: 0 required · 0 warnings · 0 suggestions · 2 test follow-ups
Since last review: 1 prior item resolved · 0 still apply · 0 new items found

Action checklist

  • PRA-T1 Add or justify test follow-up: Runtime validation
  • PRA-T2 Add or justify test follow-up: Runtime validation
Test follow-ups to resolve or justify

If these cover changed behavior, prefer adding them in this PR; otherwise state why existing coverage is enough or link the follow-up.

  • PRA-T1 Runtime validation — Add or identify targeted runtime/integration validation for the changed behavior; do not report external E2E job pass/fail here.. Runtime/sandbox/infrastructure paths need behavioral runtime validation: docs/get-started/quickstart-langchain-deepagents-code.mdx, package-lock.json, package.json, src/lib/sandbox/config-format.ts, src/lib/sandbox/config.ts. The changed code touches sandbox/OpenShell config parsing and a production TOML parser dependency, so runtime validation remains the right confidence level. The PR includes substantial unit/mocked coverage plus a committed DCode E2E shell check for real-boundary `config get`, `--key`, YAML output, redaction canary, and rejected mutation hash stability; this review does not claim that any external live E2E job ran.
  • PRA-T2 Runtime validation — Use the committed `test/e2e/e2e-cloud-experimental/checks/04-deepagents-code-fresh-reonboard.sh` coverage, or equivalent targeted runtime validation, to exercise a real DCode sandbox through `config get`, `config get --key models.default`, `config get --format yaml`, credential-canary redaction, and rejected `config set` hash stability.. Runtime/sandbox/infrastructure paths need behavioral runtime validation: docs/get-started/quickstart-langchain-deepagents-code.mdx, package-lock.json, package.json, src/lib/sandbox/config-format.ts, src/lib/sandbox/config.ts. The changed code touches sandbox/OpenShell config parsing and a production TOML parser dependency, so runtime validation remains the right confidence level. The PR includes substantial unit/mocked coverage plus a committed DCode E2E shell check for real-boundary `config get`, `--key`, YAML output, redaction canary, and rejected mutation hash stability; this review does not claim that any external live E2E job ran.

Workflow run details

This is an automated, non-binding review; it still expects maintainers and agents to respond to each required or warning item. Treat suggestions as current-PR improvements when they touch changed code; defer only with maintainer rationale or a linked follow-up. A human maintainer must make the final merge decision.

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

E2E Target Results — ❌ Some jobs failed

Run: 29011649163
Workflow ref: codex/harden-toml-config
Requested targets: (selector rejected by workflow validation)
Requested jobs: (selector rejected by workflow validation)
Summary: 0 passed, 1 failed, 0 cancelled, 0 skipped

Job Result
generate-matrix ❌ failure

Failed jobs: generate-matrix. Check run artifacts for logs.

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

E2E Target Results — ❌ Some jobs failed

Run: 29011824726
Workflow ref: codex/harden-toml-config
Requested targets: (default — all supported)
Requested jobs: shields-config
Summary: 0 passed, 1 failed, 0 cancelled, 0 skipped

Job Result
shields-config ❌ failure

Failed jobs: shields-config. Check run artifacts for logs.

Signed-off-by: Carlos Villela <cvillela@nvidia.com>
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

E2E Target Results — ✅ All selected jobs passed

Run: 29011831223
Workflow ref: codex/harden-toml-config
Requested targets: ubuntu-repo-cloud-langchain-deepagents-code
Requested jobs: (default — all default-enabled free-standing jobs; explicit-only jobs openshell-gateway-auth-contract, mcp-bridge-dev, hermes-gpu-startup, sandbox-rlimits-connect, and jetson-nvmap-gpu are skipped unless selected)
Summary: 1 passed, 0 failed, 0 cancelled, 0 skipped

Job Result
live ✅ success

cv added 3 commits July 9, 2026 03:44
Signed-off-by: Carlos Villela <cvillela@nvidia.com>
Signed-off-by: Carlos Villela <cvillela@nvidia.com>
Signed-off-by: Carlos Villela <cvillela@nvidia.com>
@cv

cv commented Jul 9, 2026

Copy link
Copy Markdown
Collaborator Author

Exact-head code gate is complete at 7c25ff2c5e3e7da0bff666c29311f07339ebfb99:

  • Config parsing now replaces arbitrary JSON, TOML, and YAML parser exceptions with format-specific generic syntax errors, so malformed credential-bearing source lines cannot be echoed before redaction.
  • TOML-origin --key selection, requested YAML rendering, credential stripping, gateway omission, structural validation, and TOML config set refusal are covered; the focused suite passes 17/17.
  • Normal hooks, CLI build/typecheck, docs, all five CLI shards and aggregates, self-hosted sandbox tests, CodeRabbit, CodeQL/security, macOS, growth, DCO, and commit lint are green on the exact head.
  • Trusted GPT-5.5 review is merge_as_is with 0 required findings, 0 warnings, and 0 suggestions. Independent security and docs reviews found no remaining source or documentation gap.

I have not dispatched another live run on this head. The first attempt stopped before config behavior on the current-main gateway trust-anchor shell regression; #6560 now fixes that regression and is ready for independent approval. After #6560 lands, merge updated main here and run the exact required shields-config plus Deep Agents Code target evidence. Until then, this remains intentionally unapproved despite the green code gate.

@cjagwani cjagwani left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved on exact head 7c25ff2: all required checks are green, all commits are GitHub Verified, the trusted GPT advisor recommends merge_as_is, and the parser now fails closed without echoing credential-bearing JSON, YAML, or TOML source text. The remaining CodeRabbit note is a non-blocking MDX sentence-layout style nit.

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

E2E Target Results — ❌ Some jobs failed

Run: 29024785928
Workflow ref: codex/harden-toml-config
Requested targets: (selector rejected by workflow validation)
Requested jobs: (selector rejected by workflow validation)
Summary: 0 passed, 1 failed, 0 cancelled, 0 skipped

Job Result
generate-matrix ❌ failure

Failed jobs: generate-matrix. Check run artifacts for logs.

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

E2E Target Results — ✅ All requested jobs passed

Run: 29024848656
Workflow ref: codex/harden-toml-config
Requested targets: (default — all supported)
Requested jobs: credential-sanitization,shields-config
Summary: 2 passed, 0 failed, 0 cancelled, 0 skipped

Job Result
credential-sanitization ✅ success
shields-config ✅ success

jyaunches and others added 2 commits July 9, 2026 10:27
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

E2E Target Results — ✅ All selected jobs passed

Run: 29024848700
Workflow ref: codex/harden-toml-config
Requested targets: ubuntu-repo-cloud-langchain-deepagents-code
Requested jobs: (default — all default-enabled free-standing jobs; explicit-only jobs openshell-gateway-auth-contract, mcp-bridge-dev, hermes-gpu-startup, sandbox-rlimits-connect, and jetson-nvmap-gpu are skipped unless selected)
Summary: 1 passed, 0 failed, 0 cancelled, 0 skipped

Job Result
live ✅ success

Signed-off-by: Charan Jagwani <cjagwani@nvidia.com>
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

E2E Target Results — ⚠️ Run cancelled — no signal

Run: 29026964035
Workflow ref: codex/harden-toml-config
Requested targets: ubuntu-repo-cloud-langchain-deepagents-code
Requested jobs: (default — all default-enabled free-standing jobs; explicit-only jobs openshell-gateway-auth-contract, mcp-bridge-dev, hermes-gpu-startup, sandbox-rlimits-connect, and jetson-nvmap-gpu are skipped unless selected)
Summary: 0 passed, 0 failed, 1 cancelled, 0 skipped

Job Result
live ⚠️ cancelled

Signed-off-by: Charan Jagwani <cjagwani@nvidia.com>
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

E2E Target Results — ✅ All requested jobs passed

Run: 29027856709
Workflow ref: codex/harden-toml-config
Requested targets: (default — all supported)
Requested jobs: shields-config
Summary: 1 passed, 0 failed, 0 cancelled, 0 skipped

Job Result
shields-config ✅ success

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

E2E Target Results — ✅ All selected jobs passed

Run: 29027848653
Workflow ref: codex/harden-toml-config
Requested targets: ubuntu-repo-cloud-langchain-deepagents-code
Requested jobs: (default — all default-enabled free-standing jobs; explicit-only jobs openshell-gateway-auth-contract, mcp-bridge-dev, hermes-gpu-startup, sandbox-rlimits-connect, and jetson-nvmap-gpu are skipped unless selected)
Summary: 1 passed, 0 failed, 0 cancelled, 0 skipped

Job Result
live ✅ success

@cjagwani cjagwani left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved exact head b5c346ddf62de1c211727ad61db47845b3d1d1dd: all 44 normal checks are green; DCO and all 10 GitHub-Verified commits pass; CodeRabbit is clear; the trusted GPT advisor reports merge_as_is with zero findings; typed dcode run 29027848653 passed the real JSON/keyed/YAML config reads, credential redaction, rejected immutable set, and re-onboard path; and shields-config run 29027856709 passed. The parsed-structure security fix also passed 23/23 focused tests, CLI type-check, normal hooks, and an independent adversarial audit. GitHub reports MERGEABLE; the remaining BLOCKED state is branch protection, not a content conflict.

@jyaunches
jyaunches merged commit 0e1fc0b into main Jul 9, 2026
200 checks passed
@jyaunches
jyaunches deleted the codex/harden-toml-config branch July 9, 2026 15:19
@jyaunches jyaunches mentioned this pull request Jul 9, 2026
21 tasks
cv pushed a commit that referenced this pull request Jul 9, 2026
<!-- markdownlint-disable MD041 -->
## Summary
Adds the pre-tag v0.0.79 release notes entry to
`docs/about/release-notes.mdx` so the release plan can be generated
after docs merge.
The entry summarizes the merged v0.0.79 release train across inference,
diagnostics, runtime hardening, policies, onboarding recovery, and
release validation.

## Changes
- Added the v0.0.79 release notes section with linked follow-up
documentation for OpenRouter onboarding, managed vLLM changes,
completion and logging, Deep Agents runtime limits, policy updates,
onboarding recovery, and release validation.
- Source summary:
- #6461 -> `docs/about/release-notes.mdx`: Documents OpenRouter
onboarding support and links to inference/provider references.
- #6271 and #6272 -> `docs/about/release-notes.mdx`: Documents shell
completion and structured logging highlights.
- #6465, #6539, #6570, and #6528 -> `docs/about/release-notes.mdx`:
Documents status route-drift, orphaned sandbox, gateway cleanup, and DGX
Spark express-install diagnostics.
- #6523, #6551, #6484, #6488, #6324, and #6542 ->
`docs/about/release-notes.mdx`: Documents managed vLLM, Qwen3.6 tool
parser, compaction, and timeout/readiness improvements.
- #6559, #6538, #6560, #6568, #6552, #6567, and #6587 ->
`docs/about/release-notes.mdx`: Documents runtime, credential, proxy,
PID namespace, TOML, and provider-state hardening.
- #6541, #5415, #6246, #6496, and #6573 ->
`docs/about/release-notes.mdx`: Documents GitHub policy, Gmail policy,
MCP allowlist, WhatsApp, and messaging-variant updates.
- #6253, #6572, #6444, #6536, and #5860 ->
`docs/about/release-notes.mdx`: Documents onboarding resume and
create-step recovery improvements.
- #6508, #6527, #5506, #6588, #6446, #6447, #6582, #6296, #6367, #6397,
and #6505 -> `docs/about/release-notes.mdx`: Documents docs,
release-risk, and E2E validation updates.

## Type of Change

- [ ] Code change (feature, bug fix, or refactor)
- [ ] Code change with doc updates
- [x] Doc only (prose changes, no code sample modifications)
- [ ] Doc only (includes code sample changes)

## Quality Gates
<!-- Check exactly one tests line and one docs line. Check other lines
when applicable. Add every requested justification or approval
reference. -->
- [ ] Tests added or updated for changed behavior
- [ ] Existing tests cover changed behavior — justification:
- [x] Tests not applicable — justification: Release-note prose only.
- [x] Docs updated for user-facing behavior changes
- [ ] Docs not applicable — justification:
- [ ] Sensitive paths changed (security, policy, credentials, preflight,
onboarding, inference, runner, sandbox, or messaging)
- [ ] Sensitive-path review completed or maintainer-approved waiver
recorded — reviewer/approval link/justification:
- [ ] Non-success, skipped, or missing CI check accepted by maintainer —
check name, approval link, and follow-up issue:

## Verification
<!-- Check each applicable item only when supported by the requested
evidence. Run targeted tests once per relevant change set and rerun
after later edits or hook autofixes that can affect the tested behavior.
Do not rerun hook-covered checks. -->
- [x] PR description includes the DCO sign-off declaration and every
commit appears as `Verified` in GitHub
- [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or
`npm run check:diff` passed when hooks were skipped or unavailable
- [x] Targeted behavior tests pass for the current change set, or tests
are marked not applicable above — command/result or justification: Tests
not applicable, release-note prose only.
- [ ] Applicable broad gate passed — `npm test` for broad
runtime/test-harness changes; `npm run check` for repo-wide
validation/coverage changes — command/result:
- [x] Quality Gates section completed with required justifications or
waivers
- [x] No secrets, API keys, or credentials committed
- [ ] `npm run docs` builds without warnings (doc changes only)
- [x] Doc pages follow the [style
guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md)
(doc changes only)
- [ ] New doc pages include SPDX header and frontmatter (new pages only)

Docs validation note: `npm run docs:check-agent-variants && npm run
docs:check-routes && git diff --check` passed. Full `npm run docs` is
currently blocked before Fern validation because the pinned
`fern-api@5.65.2` package is unavailable from npm (`ETARGET No matching
version found`).

---
<!-- DCO sign-off is required in this PR description, and every commit
must appear as Verified in GitHub. Run: git config user.name && git
config user.email -->
Signed-off-by: Julie Yaunches <jyaunches@nvidia.com>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Documentation**
* Added release notes for v0.0.79 with a new summary of recent
improvements, including onboarding and inference options, operator/CLI
diagnostics, sandbox recovery hardening, runtime limits, network policy
behavior, and release validation updates.
  * Added updated references and links for the latest release.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Hadar301 pushed a commit to Hadar301/NemoClaw-OpenShift that referenced this pull request Jul 12, 2026
<!-- markdownlint-disable MD041 -->
## Summary

Hardens the TOML configuration support introduced in NVIDIA#6552. The change
centralizes format handling, keeps TOML reads sanitized, and refuses
unsupported TOML writes instead of silently rewriting the file as JSON.

## Related Issue

Follow-up to NVIDIA#6552.

## Changes

- Extract JSON/TOML parsing and serialization behind a small format
boundary.
- Validate parsed configuration values as JSON-like data before exposing
them to callers.\n- Replace raw TOML/JSON/YAML parser exceptions with
format-specific generic errors so malformed credential-bearing source
text cannot reach CLI diagnostics.
- Add TOML fixtures that prove `--key` extraction works and credentials
plus gateway state stay sanitized in default JSON and requested YAML
output.
- Reject `config set` for TOML-backed sandboxes until a lossless TOML
writer is supported.
- Document sanitized TOML inspection and the re-onboarding boundary for
dcode users.

## Type of Change

- [ ] Code change (feature, bug fix, or refactor)
- [x] Code change with doc updates
- [ ] Doc only (prose changes, no code sample modifications)
- [ ] Doc only (includes code sample changes)

## Quality Gates

- [x] Tests added or updated for changed behavior
- [ ] Existing tests cover changed behavior — justification:
- [ ] Tests not applicable — justification:
- [x] Docs updated for user-facing behavior changes
- [ ] Docs not applicable — justification:
- [x] Sensitive paths changed (security, policy, credentials, preflight,
onboarding, inference, runner, sandbox, or messaging)
- [ ] Sensitive-path review completed or maintainer-approved waiver
recorded — reviewer/approval link/justification: pending exact-head
independent review
- [ ] Non-success, skipped, or missing CI check accepted by maintainer —
check name, approval link, and follow-up issue:

## Verification

- [x] PR description includes the DCO sign-off declaration and every
commit appears as `Verified` in GitHub
- [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or
`npm run check:diff` passed when hooks were skipped or unavailable
- [x] Targeted behavior tests pass for the current change set, or tests
are marked not applicable above — `npx vitest run --project cli
src/lib/sandbox/*.test.ts` (151/151); `npx vitest run --project
integration test/config-set-nested-ssrf.test.ts` (7/7); follow-up `npx
vitest run --project cli src/lib/sandbox/config-format.test.ts
src/lib/sandbox/config-get.test.ts` (17/17); `npm run build:cli && npm
run typecheck:cli` passed
- [x] Applicable broad gate passed — `npm run test:package` (292/292)
- [ ] Quality Gates section completed with required justifications or
waivers — exact-head independent sensitive-path review is pending
- [x] No secrets, API keys, or credentials committed
- [ ] `npm run docs` builds without warnings (doc changes only) — 0
errors; Fern reports two unrelated environment/baseline warnings
(redirect authentication and existing color contrast)
- [x] Doc pages follow the [style
guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md)
(doc changes only)
- [ ] New doc pages include SPDX header and frontmatter (new pages only)

---

Signed-off-by: Carlos Villela <cvillela@nvidia.com>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Documentation**
* Added a guide for inspecting managed Deep Agents Code configuration
with `config get`, including redaction of credential-shaped values and
omission of gateway authentication details.

* **Bug Fixes**
* Improved configuration parsing/validation across YAML, TOML, and JSON
with clearer, safer error handling.
* Ensured secrets are fully redacted in both full output and `--key`
views, and prevented gateway auth data from appearing.
  * Rejected `config set` for TOML-format managed configurations.

* **Tests**
* Added parsing/serialization tests and strengthened regression coverage
to verify redaction and error-message safety.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Signed-off-by: Carlos Villela <cvillela@nvidia.com>
Signed-off-by: Charan Jagwani <cjagwani@nvidia.com>
Co-authored-by: J. Yaunches <jyaunches@nvidia.com>
Co-authored-by: Charan Jagwani <cjagwani@nvidia.com>
Hadar301 pushed a commit to Hadar301/NemoClaw-OpenShift that referenced this pull request Jul 12, 2026
<!-- markdownlint-disable MD041 -->
## Summary
Adds the pre-tag v0.0.79 release notes entry to
`docs/about/release-notes.mdx` so the release plan can be generated
after docs merge.
The entry summarizes the merged v0.0.79 release train across inference,
diagnostics, runtime hardening, policies, onboarding recovery, and
release validation.

## Changes
- Added the v0.0.79 release notes section with linked follow-up
documentation for OpenRouter onboarding, managed vLLM changes,
completion and logging, Deep Agents runtime limits, policy updates,
onboarding recovery, and release validation.
- Source summary:
- NVIDIA#6461 -> `docs/about/release-notes.mdx`: Documents OpenRouter
onboarding support and links to inference/provider references.
- NVIDIA#6271 and NVIDIA#6272 -> `docs/about/release-notes.mdx`: Documents shell
completion and structured logging highlights.
- NVIDIA#6465, NVIDIA#6539, NVIDIA#6570, and NVIDIA#6528 -> `docs/about/release-notes.mdx`:
Documents status route-drift, orphaned sandbox, gateway cleanup, and DGX
Spark express-install diagnostics.
- NVIDIA#6523, NVIDIA#6551, NVIDIA#6484, NVIDIA#6488, NVIDIA#6324, and NVIDIA#6542 ->
`docs/about/release-notes.mdx`: Documents managed vLLM, Qwen3.6 tool
parser, compaction, and timeout/readiness improvements.
- NVIDIA#6559, NVIDIA#6538, NVIDIA#6560, NVIDIA#6568, NVIDIA#6552, NVIDIA#6567, and NVIDIA#6587 ->
`docs/about/release-notes.mdx`: Documents runtime, credential, proxy,
PID namespace, TOML, and provider-state hardening.
- NVIDIA#6541, NVIDIA#5415, NVIDIA#6246, NVIDIA#6496, and NVIDIA#6573 ->
`docs/about/release-notes.mdx`: Documents GitHub policy, Gmail policy,
MCP allowlist, WhatsApp, and messaging-variant updates.
- NVIDIA#6253, NVIDIA#6572, NVIDIA#6444, NVIDIA#6536, and NVIDIA#5860 ->
`docs/about/release-notes.mdx`: Documents onboarding resume and
create-step recovery improvements.
- NVIDIA#6508, NVIDIA#6527, NVIDIA#5506, NVIDIA#6588, NVIDIA#6446, NVIDIA#6447, NVIDIA#6582, NVIDIA#6296, NVIDIA#6367, NVIDIA#6397,
and NVIDIA#6505 -> `docs/about/release-notes.mdx`: Documents docs,
release-risk, and E2E validation updates.

## Type of Change

- [ ] Code change (feature, bug fix, or refactor)
- [ ] Code change with doc updates
- [x] Doc only (prose changes, no code sample modifications)
- [ ] Doc only (includes code sample changes)

## Quality Gates
<!-- Check exactly one tests line and one docs line. Check other lines
when applicable. Add every requested justification or approval
reference. -->
- [ ] Tests added or updated for changed behavior
- [ ] Existing tests cover changed behavior — justification:
- [x] Tests not applicable — justification: Release-note prose only.
- [x] Docs updated for user-facing behavior changes
- [ ] Docs not applicable — justification:
- [ ] Sensitive paths changed (security, policy, credentials, preflight,
onboarding, inference, runner, sandbox, or messaging)
- [ ] Sensitive-path review completed or maintainer-approved waiver
recorded — reviewer/approval link/justification:
- [ ] Non-success, skipped, or missing CI check accepted by maintainer —
check name, approval link, and follow-up issue:

## Verification
<!-- Check each applicable item only when supported by the requested
evidence. Run targeted tests once per relevant change set and rerun
after later edits or hook autofixes that can affect the tested behavior.
Do not rerun hook-covered checks. -->
- [x] PR description includes the DCO sign-off declaration and every
commit appears as `Verified` in GitHub
- [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or
`npm run check:diff` passed when hooks were skipped or unavailable
- [x] Targeted behavior tests pass for the current change set, or tests
are marked not applicable above — command/result or justification: Tests
not applicable, release-note prose only.
- [ ] Applicable broad gate passed — `npm test` for broad
runtime/test-harness changes; `npm run check` for repo-wide
validation/coverage changes — command/result:
- [x] Quality Gates section completed with required justifications or
waivers
- [x] No secrets, API keys, or credentials committed
- [ ] `npm run docs` builds without warnings (doc changes only)
- [x] Doc pages follow the [style
guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md)
(doc changes only)
- [ ] New doc pages include SPDX header and frontmatter (new pages only)

Docs validation note: `npm run docs:check-agent-variants && npm run
docs:check-routes && git diff --check` passed. Full `npm run docs` is
currently blocked before Fern validation because the pinned
`fern-api@5.65.2` package is unavailable from npm (`ETARGET No matching
version found`).

---
<!-- DCO sign-off is required in this PR description, and every commit
must appear as Verified in GitHub. Run: git config user.name && git
config user.email -->
Signed-off-by: Julie Yaunches <jyaunches@nvidia.com>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Documentation**
* Added release notes for v0.0.79 with a new summary of recent
improvements, including onboarding and inference options, operator/CLI
diagnostics, sandbox recovery hardening, runtime limits, network policy
behavior, and release validation updates.
  * Added updated references and links for the latest release.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area: cli Command line interface, flags, terminal UX, or output area: security Security controls, permissions, secrets, or hardening v0.0.79 Release target

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants