fix(security): add --dry-run flag to policy-add for egress disclosure#1276
Merged
brandonpelfrey merged 3 commits intoNVIDIA:mainfrom Apr 8, 2026
Merged
fix(security): add --dry-run flag to policy-add for egress disclosure#1276brandonpelfrey merged 3 commits intoNVIDIA:mainfrom
brandonpelfrey merged 3 commits intoNVIDIA:mainfrom
Conversation
Add --dry-run flag to `nemoclaw <name> policy-add` that shows which endpoints a preset would open without applying the policy change. Also shows endpoints before the Y/n confirmation in normal mode. This provides operator visibility into sandbox egress widening before changes take effect (CWE-285, NVBUG 6002814). The core policy approval gate depends on upstream OpenShell (openshell#584). Signed-off-by: Facundo Fernandez <facu.tha@gmail.com> Made-with: Cursor
Contributor
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthrough
Changes
Sequence Diagram(s)sequenceDiagram
participant CLI as CLI (nemoclaw)
participant Policies as policies module
participant Prompt as user prompt
participant Stdout as stdout/log
CLI->>Policies: policies.loadPreset(presetName)
CLI->>Policies: policies.getPresetEndpoints(preset)
Policies-->>CLI: preset, endpoints
CLI->>Stdout: print endpoint preview
alt --dry-run present
CLI->>Stdout: print "--dry-run: no changes applied."
CLI-->>CLI: return (no prompt, no apply)
else normal flow
CLI->>Prompt: ask for confirmation
Prompt-->>CLI: user confirms
CLI->>Policies: policies.applyPreset(preset)
Policies-->>Stdout: report apply results
end
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@bin/nemoclaw.js`:
- Around line 689-700: When policies.loadPreset(answer) returns null/undefined
(presetContent falsy), the script currently returns silently; change the
behavior in the block using loadPreset/presetContent so that if presetContent is
falsy you print a clear error (e.g., "Preset '{answer}' not found" or "Invalid
preset: {answer}") to stderr or console.error and exit with a non-zero code (or
return an error status) instead of silently returning; ensure this check happens
before calling policies.getPresetEndpoints and preserves the existing dryRun
handling and messaging flow.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: b50856a3-0a48-49bc-b299-b63a3b5680a2
📒 Files selected for processing (1)
bin/nemoclaw.js
Comment on lines
+689
to
+700
| const presetContent = policies.loadPreset(answer); | ||
| if (!presetContent) return; | ||
|
|
||
| const endpoints = policies.getPresetEndpoints(presetContent); | ||
| if (endpoints.length > 0) { | ||
| console.log(` Endpoints that would be opened: ${endpoints.join(", ")}`); | ||
| } | ||
|
|
||
| if (dryRun) { | ||
| console.log(" --dry-run: no changes applied."); | ||
| return; | ||
| } |
Contributor
There was a problem hiding this comment.
Silent failure when preset name is invalid provides no user feedback.
When loadPreset returns null (nonexistent or invalid preset name), the function silently returns without informing the user. This is confusing UX—the user won't know why nothing happened.
Proposed fix to add error feedback
const presetContent = policies.loadPreset(answer);
- if (!presetContent) return;
+ if (!presetContent) {
+ console.error(` Unknown preset: ${answer}`);
+ return;
+ }📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| const presetContent = policies.loadPreset(answer); | |
| if (!presetContent) return; | |
| const endpoints = policies.getPresetEndpoints(presetContent); | |
| if (endpoints.length > 0) { | |
| console.log(` Endpoints that would be opened: ${endpoints.join(", ")}`); | |
| } | |
| if (dryRun) { | |
| console.log(" --dry-run: no changes applied."); | |
| return; | |
| } | |
| const presetContent = policies.loadPreset(answer); | |
| if (!presetContent) { | |
| console.error(` Unknown preset: ${answer}`); | |
| return; | |
| } | |
| const endpoints = policies.getPresetEndpoints(presetContent); | |
| if (endpoints.length > 0) { | |
| console.log(` Endpoints that would be opened: ${endpoints.join(", ")}`); | |
| } | |
| if (dryRun) { | |
| console.log(" --dry-run: no changes applied."); | |
| return; | |
| } |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@bin/nemoclaw.js` around lines 689 - 700, When policies.loadPreset(answer)
returns null/undefined (presetContent falsy), the script currently returns
silently; change the behavior in the block using loadPreset/presetContent so
that if presetContent is falsy you print a clear error (e.g., "Preset '{answer}'
not found" or "Invalid preset: {answer}") to stderr or console.error and exit
with a non-zero code (or return an error status) instead of silently returning;
ensure this check happens before calling policies.getPresetEndpoints and
preserves the existing dryRun handling and messaging flow.
Collaborator
There was a problem hiding this comment.
@fdzdev Let's add a warning that no preset was found by that name
Contributor
There was a problem hiding this comment.
Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!
wscurran
added
security
Contributor
|
✨ Thanks for submitting this pull request, which proposes a way to improve security transparency in the CLI's policy management flow by adding a --dry-run option and better endpoint visibility. |
brandonpelfrey
approved these changes
Apr 8, 2026
Collaborator
brandonpelfrey
left a comment
brandonpelfrey
left a comment
There was a problem hiding this comment.
Automated testing in VM
3 tasks
miyoungc
added a commit
that referenced
this pull request
Apr 9, 2026
## Summary - Document `nemoclaw credentials list` and `nemoclaw credentials reset` commands in commands reference (#1597) - Add `--dry-run` flag documentation for `policy-add` (#1276) - Update policy presets table: remove `docker` (#1647), add `brave` and `brew`, update HuggingFace endpoint (#1540) - Document `NEMOCLAW_LOCAL_INFERENCE_TIMEOUT` env var for local providers (#1620) - Document `NEMOCLAW_PROXY_HOST`/`NEMOCLAW_PROXY_PORT` env vars (#1563) - Add troubleshooting entries for Docker group permissions (#1614), sandbox survival after gateway restart (#1587), and proxy configuration - Regenerate `nemoclaw-user-*` skills from updated docs ## Test plan - [x] `make docs` builds without warnings - [x] All pre-commit and pre-push hooks pass - [ ] Verify rendered pages in docs site preview 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added `nemoclaw credentials list` command to display stored credential names * Added `nemoclaw credentials reset <KEY>` command with `--yes` flag to remove credentials * Added `--dry-run` flag for policy-add to preview endpoint changes * New policy presets: `brave` and `brew` * New configuration options: `NEMOCLAW_LOCAL_INFERENCE_TIMEOUT`, `NEMOCLAW_PROXY_HOST`, and `NEMOCLAW_PROXY_PORT` * **Documentation** * Expanded troubleshooting guides for Docker permissions, sandbox connectivity, local inference timeouts, and proxy configuration <!-- end of auto-generated comment: release notes by coderabbit.ai --> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
gemini2026
pushed a commit
to gemini2026/NemoClaw
that referenced
this pull request
Apr 14, 2026
…NVIDIA#1276) ## Summary - Add `--dry-run` flag to `nemoclaw <name> policy-add` that previews which endpoints a preset would open without applying (CWE-285, NVBUG 6002814) - In normal (non-dry-run) mode, endpoints are now shown before the Y/n confirmation prompt - No changes to non-interactive or onboard flows - Core policy approval gate depends on upstream OpenShell (openshell#584) ## Test plan - [ ] `nemoclaw <name> policy-add --dry-run` — shows preset list, shows endpoints, prints "no changes applied" - [ ] `nemoclaw <name> policy-add` (normal) — shows endpoints before Y/n prompt, applies on Y - [ ] `nemoclaw <name> policy-add` → answer `n` — no changes applied - [ ] CLI help text shows `--dry-run` option - [ ] Existing CLI tests pass (25 total) Signed-off-by: Facundo Fernandez <facu.tha@gmail.com> Made with [Cursor](https://cursor.com) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added `--dry-run` flag to preview preset policy changes and list endpoints that would be opened; previews results without applying changes or prompting for confirmation. * CLI command now accepts and forwards flags to enable preview behavior. * **Documentation** * Updated CLI help to document the new `--dry-run` option. * **Tests** * Added/updated tests to verify dry-run output, endpoint preview, and that no changes are applied when `--dry-run` is used. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Signed-off-by: Facundo Fernandez <facu.tha@gmail.com> Co-authored-by: Brandon Pelfrey <bpelfrey@nvidia.com>
gemini2026
pushed a commit
to gemini2026/NemoClaw
that referenced
this pull request
Apr 14, 2026
## Summary - Document `nemoclaw credentials list` and `nemoclaw credentials reset` commands in commands reference (NVIDIA#1597) - Add `--dry-run` flag documentation for `policy-add` (NVIDIA#1276) - Update policy presets table: remove `docker` (NVIDIA#1647), add `brave` and `brew`, update HuggingFace endpoint (NVIDIA#1540) - Document `NEMOCLAW_LOCAL_INFERENCE_TIMEOUT` env var for local providers (NVIDIA#1620) - Document `NEMOCLAW_PROXY_HOST`/`NEMOCLAW_PROXY_PORT` env vars (NVIDIA#1563) - Add troubleshooting entries for Docker group permissions (NVIDIA#1614), sandbox survival after gateway restart (NVIDIA#1587), and proxy configuration - Regenerate `nemoclaw-user-*` skills from updated docs ## Test plan - [x] `make docs` builds without warnings - [x] All pre-commit and pre-push hooks pass - [ ] Verify rendered pages in docs site preview 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added `nemoclaw credentials list` command to display stored credential names * Added `nemoclaw credentials reset <KEY>` command with `--yes` flag to remove credentials * Added `--dry-run` flag for policy-add to preview endpoint changes * New policy presets: `brave` and `brew` * New configuration options: `NEMOCLAW_LOCAL_INFERENCE_TIMEOUT`, `NEMOCLAW_PROXY_HOST`, and `NEMOCLAW_PROXY_PORT` * **Documentation** * Expanded troubleshooting guides for Docker permissions, sandbox connectivity, local inference timeouts, and proxy configuration <!-- end of auto-generated comment: release notes by coderabbit.ai --> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
--dry-runflag tonemoclaw <name> policy-addthat previews which endpoints a preset would open without applying (CWE-285, NVBUG 6002814)Test plan
nemoclaw <name> policy-add --dry-run— shows preset list, shows endpoints, prints "no changes applied"nemoclaw <name> policy-add(normal) — shows endpoints before Y/n prompt, applies on Ynemoclaw <name> policy-add→ answern— no changes applied--dry-runoptionSigned-off-by: Facundo Fernandez facu.tha@gmail.com
Made with Cursor
Summary by CodeRabbit
New Features
--dry-runflag to preview preset policy changes and list endpoints that would be opened; previews results without applying changes or prompting for confirmation.Documentation
--dry-runoption.Tests
--dry-runis used.