Skip to content

fix(policy): update HuggingFace endpoint and restrict Discord DELETE method#1540

Merged
cv merged 4 commits intoNVIDIA:mainfrom
BenediktSchackenberg:fix/policy-preset-fixes
Apr 9, 2026
Merged

fix(policy): update HuggingFace endpoint and restrict Discord DELETE method#1540
cv merged 4 commits intoNVIDIA:mainfrom
BenediktSchackenberg:fix/policy-preset-fixes

Conversation

@BenediktSchackenberg
Copy link
Copy Markdown
Contributor

@BenediktSchackenberg BenediktSchackenberg commented Apr 6, 2026
edited by coderabbitai bot
Loading

Two policy preset fixes in one PR.

1. HuggingFace endpoint update (fixes #1453)

The api-inference.huggingface.co endpoint referenced in huggingface.yaml now returns HTTP 410 Gone — HuggingFace has migrated their Inference Providers API to router.huggingface.co.

Updated the preset to use the current endpoint.

2. Discord DELETE method restriction (fixes #1433)

The Discord preset allowed DELETE on /**, which is broader than needed for an inference agent. This permits deleting channels, roles, webhooks, guild members, and other resources an agent should never touch.

Scoped DELETE to message and reaction paths only:

  • DELETE /api/v*/channels/*/messages/* — delete own messages
  • DELETE /api/v*/channels/*/messages/*/reactions/* — remove reactions

Signed-off-by: Benedikt Schackenberg 6381261+BenediktSchackenberg@users.noreply.github.com

Summary by CodeRabbit

  • Chores
    • Restricted DELETE requests in the Discord network preset to only specific message and reaction deletion endpoints, removing a prior broad DELETE allowance.
    • Updated the HuggingFace network preset to route traffic to a different external hostname for secure REST connections on port 443 while keeping existing GET/POST allowances intact.

@BenediktSchackenberg
fix(policy): update HuggingFace endpoint and restrict Discord DELETE …
4b4d87b 
…method

Two policy preset fixes:

1. HuggingFace (fixes NVIDIA#1453):
   - Replace deprecated api-inference.huggingface.co (returns HTTP 410)
     with router.huggingface.co (current Inference Providers API endpoint)

2. Discord (fixes NVIDIA#1433):
   - Remove overly broad DELETE on '/**' which allows deleting channels,
     roles, webhooks, and other resources an inference agent shouldn't touch
   - Scope DELETE to message/reaction paths only:
     /api/v*/channels/*/messages/* and
     /api/v*/channels/*/messages/*/reactions/*

Signed-off-by: Benedikt Schackenberg <6381261+BenediktSchackenberg@users.noreply.github.com>
Copilot AI review requested due to automatic review settings April 6, 2026 19:52
This was referenced Apr 6, 2026
Closed
Closed
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai bot commented Apr 6, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 80642d32-df2f-49e3-aa59-327aa768be68

📥 Commits

Reviewing files that changed from the base of the PR and between 4b4d87b and 2297a37.

📒 Files selected for processing (1)
  • nemoclaw-blueprint/policies/presets/discord.yaml
🚧 Files skipped from review as they are similar to previous changes (1)
  • nemoclaw-blueprint/policies/presets/discord.yaml
📝 Walkthrough

Walkthrough

Discord preset now restricts DELETE to message- and reaction-specific endpoints; HuggingFace preset switches inference hostname from api-inference.huggingface.co to router.huggingface.co.

Changes

Cohort / File(s) Summary
Security Policy Restrictions
nemoclaw-blueprint/policies/presets/discord.yaml		 Replaced broad DELETE /** rule with two specific DELETE patterns: DELETE /api/v*/channels/*/messages/* and DELETE /api/v*/channels/*/messages/*/reactions/*/*, removing unconditional DELETE allowance.
Endpoint Configuration Update
nemoclaw-blueprint/policies/presets/huggingface.yaml		 Repointed HuggingFace inference endpoint hostname from api-inference.huggingface.co to router.huggingface.co (TLS terminate, port 443); allowed methods remain GET and POST.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 I nibble on rules with careful paws,
Trim DELETE to where it rightly belongs,
I hop the router to HuggingFace's cause,
A tidy patch, a chorus of tiny songs,
Hoppity-hop — secure and strong!

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The PR title accurately summarizes both main changes: updating the HuggingFace endpoint from api-inference.huggingface.co to router.huggingface.co, and restricting Discord DELETE method to specific paths.
Linked Issues check ✅ Passed The PR fully addresses both linked issues: HuggingFace endpoint updated to router.huggingface.co (#1453), and Discord DELETE method restricted to message and reaction deletion paths (#1433).
Out of Scope Changes check ✅ Passed All changes are directly scoped to the linked issues: two YAML policy preset updates in discord.yaml and huggingface.yaml with no extraneous modifications.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands and usage tips.

Copilot AI reviewed Apr 6, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates two network policy presets to reflect upstream API changes and tighten default permissions.

Changes:

  • Update Hugging Face inference endpoint from api-inference.huggingface.co to router.huggingface.co.
  • Restrict Discord preset DELETE permissions from all paths to message/reaction-specific paths.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
nemoclaw-blueprint/policies/presets/huggingface.yaml Switches Hugging Face inference host to the current router endpoint.
nemoclaw-blueprint/policies/presets/discord.yaml Narrows Discord DELETE permissions to message/reaction routes instead of /**.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

nemoclaw-blueprint/policies/presets/discord.yaml Outdated
- allow: { method: DELETE, path: "/**" }
# DELETE only on message and reaction endpoints — not all paths
- allow: { method: DELETE, path: "/api/v*/channels/*/messages/*" }
- allow: { method: DELETE, path: "/api/v*/channels/*/messages/*/reactions/*" }
Copy link

Copilot AI Apr 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The reaction DELETE path pattern looks too narrow for Discord's reaction removal endpoints, which include an additional path segment (e.g., /reactions/{emoji}/@me or /reactions/{emoji}/{user_id}). With the current /reactions/* pattern, DELETE requests to remove a reaction will likely be blocked. Consider expanding the allowed path to include that trailing segment(s) while still keeping it scoped under the message reaction subtree.

Suggested change
- allow: { method: DELETE, path: "/api/v*/channels/*/messages/*/reactions/*" }
- allow: { method: DELETE, path: "/api/v*/channels/*/messages/*/reactions/*/*" }

Copilot uses AI. Check for mistakes.
@BenediktSchackenberg
fix(policy): fix Discord reaction DELETE path — requires two trailing…
2297a37 
… segments

Discord reaction removal endpoints use the form:
  DELETE /api/v*/channels/*/messages/*/reactions/{emoji}/@me
  DELETE /api/v*/channels/*/messages/*/reactions/{emoji}/{user_id}

The previous /reactions/* only matched one segment after /reactions/,
which would block actual reaction DELETE calls. Changed to /reactions/*/*
to cover the emoji + target (self or user_id) segments.

Per Copilot review on NVIDIA#1540.

Signed-off-by: Benedikt Schackenberg <6381261+BenediktSchackenberg@users.noreply.github.com>
@BenediktSchackenberg
Copy link
Copy Markdown
Contributor Author

BenediktSchackenberg commented Apr 6, 2026

Fixed — changed /reactions/* to /reactions/*/* to cover the emoji + target segment (@me or {user_id}). Discord reaction DELETE has the form /reactions/{emoji}/@me or /reactions/{emoji}/{user_id}, so two segments are needed after /reactions/.

@wscurran wscurran added bug Something isn't working Integration: Discord Use this label to identify Discord bot integration issues with NemoClaw. Provider: HuggingFace labels Apr 8, 2026
@wscurran
Copy link
Copy Markdown
Contributor

wscurran commented Apr 8, 2026

✨ Thanks for submitting this fix, which proposes a way to update the HuggingFace endpoint and tighten Discord DELETE permissions in the network policy presets.

Possibly related open issues:

@cv cv merged commit 5da9f44 into NVIDIA:main Apr 9, 2026
7 checks passed
@miyoungc miyoungc mentioned this pull request Apr 9, 2026
Merged
3 tasks
miyoungc added a commit that referenced this pull request Apr 9, 2026
@miyoungc @claude
docs: catch up documentation for v0.0.10 changes (#1654)
160b8e0 
## Summary
- Document `nemoclaw credentials list` and `nemoclaw credentials reset`
commands in commands reference (#1597)
- Add `--dry-run` flag documentation for `policy-add` (#1276)
- Update policy presets table: remove `docker` (#1647), add `brave` and
`brew`, update HuggingFace endpoint (#1540)
- Document `NEMOCLAW_LOCAL_INFERENCE_TIMEOUT` env var for local
providers (#1620)
- Document `NEMOCLAW_PROXY_HOST`/`NEMOCLAW_PROXY_PORT` env vars (#1563)
- Add troubleshooting entries for Docker group permissions (#1614),
sandbox survival after gateway restart (#1587), and proxy configuration
- Regenerate `nemoclaw-user-*` skills from updated docs

## Test plan
- [x] `make docs` builds without warnings
- [x] All pre-commit and pre-push hooks pass
- [ ] Verify rendered pages in docs site preview

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Added `nemoclaw credentials list` command to display stored credential
names
* Added `nemoclaw credentials reset <KEY>` command with `--yes` flag to
remove credentials
  * Added `--dry-run` flag for policy-add to preview endpoint changes
  * New policy presets: `brave` and `brew`
* New configuration options: `NEMOCLAW_LOCAL_INFERENCE_TIMEOUT`,
`NEMOCLAW_PROXY_HOST`, and `NEMOCLAW_PROXY_PORT`

* **Documentation**
* Expanded troubleshooting guides for Docker permissions, sandbox
connectivity, local inference timeouts, and proxy configuration

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@cv cv cv approved these changes

Assignees

No one assigned

Labels

bug Something isn't working Integration: Discord Use this label to identify Discord bot integration issues with NemoClaw. Provider: HuggingFace

Projects

None yet

Milestone

No milestone

4 participants

@BenediktSchackenberg @wscurran @cv