docs: catch up documentation for v0.0.10 changes#1654
Conversation
Cover user-facing changes that landed since v0.0.9: credentials command, policy-add --dry-run flag, preset table updates (remove docker, add brave and brew), local inference timeout configuration, proxy env vars, Docker group permissions, and sandbox survival after gateway restart. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
📝 WalkthroughWalkthroughDocumentation updates across configuration, deployment, and reference guides introduce three new configuration features: timeout overrides for local inference via Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
.agents/skills/nemoclaw-user-reference/references/commands.md (1)
1-1:⚠️ Potential issue | 🟠 MajorMissing SPDX license header.
The file lacks the required SPDX license header. All Markdown files must include:
<!-- SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved. SPDX-License-Identifier: Apache-2.0 -->Since this file is autogenerated by
scripts/docs-to-skills.py, update the generation script to include the SPDX header in all output files.As per coding guidelines, every source file matching
**/*.{js,ts,tsx,sh,md}must include an SPDX license header.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.agents/skills/nemoclaw-user-reference/references/commands.md at line 1, The generated Markdown file is missing the required SPDX header; update the generator scripts/docs-to-skills.py so it prepends the SPDX header block (the three-line HTML comment with SPDX-FileCopyrightText and SPDX-License-Identifier: Apache-2.0) to every output it writes for files matching **/*.{js,ts,tsx,sh,md}; modify the code path that writes files (look for the function or method that renders/writes files in docs-to-skills.py) to insert this header at the top of each generated file before writing to disk, ensuring existing autogenerated files receive the exact header text.
🧹 Nitpick comments (6)
docs/reference/commands.md (2)
289-289: Passive voice detected."Values are not printed" uses passive voice.
Revise to active voice, for example: "The command does not display credential values."
As per coding guidelines, active voice is required; flag passive constructions.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/reference/commands.md` at line 289, Replace the passive sentence "Values are not printed" in docs/reference/commands.md with an active-voice alternative—e.g., "The command does not display credential values." Update any nearby passive constructions in the same section to active voice to match the coding guidelines and ensure the subject and actor are explicit.
298-298: Awkward phrasing with passive construction."After removal, re-running
nemoclaw onboardre-prompts for that key" is awkward due to the repetitive "re-" prefix and passive-ish construction.Consider rephrasing in active voice, for example: "After you remove a credential,
nemoclaw onboardprompts for it again."As per coding guidelines, active voice is required; flag passive constructions.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/reference/commands.md` at line 298, Rewrite the passive, awkward sentence to active voice: replace "After removal, re-running `nemoclaw onboard` re-prompts for that key." with an active phrasing such as "After you remove a credential, `nemoclaw onboard` prompts for it again." Ensure the change is made in the docs text referencing the `nemoclaw onboard` command and follow the active-voice guideline.docs/deployment/deploy-to-remote-gpu.md (1)
134-136: Passive voice detected.Lines 134 and 136 use passive voice:
- "These values are baked into the sandbox image at build time."
- "The port must be numeric (0-65535)."
Revise to active voice, for example:
- "NemoClaw bakes these values into the sandbox image at build time."
- "The port value must be a number from 0 to 65535."
As per coding guidelines, active voice is required; flag passive constructions.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/deployment/deploy-to-remote-gpu.md` around lines 134 - 136, Revise the two passive sentences to active voice by naming the actor and rephrasing the port sentence; replace "These values are baked into the sandbox image at build time." with something like "NemoClaw bakes these values into the sandbox image at build time." and change "The port must be numeric (0-65535)." to "The port value must be a number from 0 to 65535." — update the occurrences of those exact phrases in the doc so they use the active-voice forms.docs/inference/use-local-inference.md (1)
221-221: Passive voice detected."This setting is baked into the sandbox at build time" uses passive voice.
Revise to active voice, for example: "NemoClaw bakes this setting into the sandbox at build time."
As per coding guidelines, active voice is required; flag passive constructions.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/inference/use-local-inference.md` at line 221, Replace the passive sentence "This setting is baked into the sandbox at build time." with an active-voice phrasing that names the actor—e.g., "NemoClaw bakes this setting into the sandbox at build time." Update the line in docs/inference/use-local-inference.md so the document uses active voice consistently.docs/reference/troubleshooting.md (2)
297-297: Use active voice."SSH secrets were not persisted" is passive. Rewrite in active voice, for example: "OpenShell did not persist SSH secrets" or restructure to focus on the outcome: "SSH secrets do not survive restarts."
As per coding guidelines, active voice is required in documentation.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/reference/troubleshooting.md` at line 297, The sentence uses passive voice ("SSH secrets were not persisted"); change it to active voice by rewriting it to something like "OpenShell did not persist SSH secrets, so sandboxes created with OpenShell versions older than 0.0.24 can become unreachable after a gateway restart" or "SSH secrets do not survive restarts, so sandboxes created with OpenShell versions older than 0.0.24 can become unreachable after a gateway restart"; update the line containing "Sandboxes created with OpenShell versions older than 0.0.24 can become unreachable after a gateway restart because SSH secrets were not persisted" to one of these active-voice phrasings.
312-312: Use active voice."These are build-time settings baked into the sandbox image" is passive. Rewrite in active voice, for example: "NemoClaw bakes these build-time settings into the sandbox image."
As per coding guidelines, active voice is required in documentation.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/reference/troubleshooting.md` at line 312, Replace the passive sentence "These are build-time settings baked into the sandbox image." with an active-voice sentence that names the actor—e.g., "NemoClaw bakes these build-time settings into the sandbox image." Update the line in docs/reference/troubleshooting.md so the documentation uses active voice and explicitly states the actor (NemoClaw) performing the action.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@docs/deployment/deploy-to-remote-gpu.md`:
- Line 136: The port validation regex in bin/lib/onboard.js currently allows any
1–5 digit number; update the validation used in the onboarding logic (the
regex/validation applied to the "port" variable in the onboarding/input handling
function) to only accept 0–65535 — for example replace the permissive
/^[0-9]{1,5}$/ check with a stricter check that enforces the numeric range
(either a single regex enforcing 0-65535 or parseInt the value and assert 0 <=
port && port <= 65535) and ensure the validation error message remains clear.
---
Outside diff comments:
In @.agents/skills/nemoclaw-user-reference/references/commands.md:
- Line 1: The generated Markdown file is missing the required SPDX header;
update the generator scripts/docs-to-skills.py so it prepends the SPDX header
block (the three-line HTML comment with SPDX-FileCopyrightText and
SPDX-License-Identifier: Apache-2.0) to every output it writes for files
matching **/*.{js,ts,tsx,sh,md}; modify the code path that writes files (look
for the function or method that renders/writes files in docs-to-skills.py) to
insert this header at the top of each generated file before writing to disk,
ensuring existing autogenerated files receive the exact header text.
---
Nitpick comments:
In `@docs/deployment/deploy-to-remote-gpu.md`:
- Around line 134-136: Revise the two passive sentences to active voice by
naming the actor and rephrasing the port sentence; replace "These values are
baked into the sandbox image at build time." with something like "NemoClaw bakes
these values into the sandbox image at build time." and change "The port must be
numeric (0-65535)." to "The port value must be a number from 0 to 65535." —
update the occurrences of those exact phrases in the doc so they use the
active-voice forms.
In `@docs/inference/use-local-inference.md`:
- Line 221: Replace the passive sentence "This setting is baked into the sandbox
at build time." with an active-voice phrasing that names the actor—e.g.,
"NemoClaw bakes this setting into the sandbox at build time." Update the line in
docs/inference/use-local-inference.md so the document uses active voice
consistently.
In `@docs/reference/commands.md`:
- Line 289: Replace the passive sentence "Values are not printed" in
docs/reference/commands.md with an active-voice alternative—e.g., "The command
does not display credential values." Update any nearby passive constructions in
the same section to active voice to match the coding guidelines and ensure the
subject and actor are explicit.
- Line 298: Rewrite the passive, awkward sentence to active voice: replace
"After removal, re-running `nemoclaw onboard` re-prompts for that key." with an
active phrasing such as "After you remove a credential, `nemoclaw onboard`
prompts for it again." Ensure the change is made in the docs text referencing
the `nemoclaw onboard` command and follow the active-voice guideline.
In `@docs/reference/troubleshooting.md`:
- Line 297: The sentence uses passive voice ("SSH secrets were not persisted");
change it to active voice by rewriting it to something like "OpenShell did not
persist SSH secrets, so sandboxes created with OpenShell versions older than
0.0.24 can become unreachable after a gateway restart" or "SSH secrets do not
survive restarts, so sandboxes created with OpenShell versions older than 0.0.24
can become unreachable after a gateway restart"; update the line containing
"Sandboxes created with OpenShell versions older than 0.0.24 can become
unreachable after a gateway restart because SSH secrets were not persisted" to
one of these active-voice phrasings.
- Line 312: Replace the passive sentence "These are build-time settings baked
into the sandbox image." with an active-voice sentence that names the
actor—e.g., "NemoClaw bakes these build-time settings into the sandbox image."
Update the line in docs/reference/troubleshooting.md so the documentation uses
active voice and explicitly states the actor (NemoClaw) performing the action.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: a59fafe9-8b2a-4087-a5db-f9a4f499820e
📒 Files selected for processing (10)
.agents/skills/nemoclaw-user-configure-inference/SKILL.md.agents/skills/nemoclaw-user-deploy-remote/SKILL.md.agents/skills/nemoclaw-user-manage-policy/SKILL.md.agents/skills/nemoclaw-user-reference/references/commands.md.agents/skills/nemoclaw-user-reference/references/troubleshooting.mddocs/deployment/deploy-to-remote-gpu.mddocs/inference/use-local-inference.mddocs/network-policy/customize-network-policy.mddocs/reference/commands.mddocs/reference/troubleshooting.md
|
|
||
| These values are baked into the sandbox image at build time. | ||
| Only alphanumeric characters, dots, hyphens, and colons are accepted for the host. | ||
| The port must be numeric (0-65535). |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Description: Check the proxy port validation regex and constraints
rg -nP 'PROXY_PORT_RE\s*=' bin/lib/onboard.jsRepository: NVIDIA/NemoClaw
Length of output: 102
🏁 Script executed:
#!/bin/bash
# Search for how PROXY_PORT_RE is used and if there's range validation
rg -nA 5 -B 5 'PROXY_PORT_RE' bin/lib/onboard.jsRepository: NVIDIA/NemoClaw
Length of output: 1047
🏁 Script executed:
#!/bin/bash
# Search for NEMOCLAW_PROXY_PORT validation in other files
rg -n 'NEMOCLAW_PROXY_PORT' --type shRepository: NVIDIA/NemoClaw
Length of output: 233
🏁 Script executed:
#!/bin/bash
# Check nemoclaw-start.sh for port validation
sed -n '470,490p' scripts/nemoclaw-start.shRepository: NVIDIA/NemoClaw
Length of output: 1058
Tighten port range validation to match documented range.
The validation regex /^[0-9]{1,5}$/ accepts any 1–5 digit number (0–99999), which includes invalid ports like 70000 or 99999.
Valid ports are 0–65535.
Update the regex in bin/lib/onboard.js to enforce the documented range, or update the documentation if a different range is intentional.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@docs/deployment/deploy-to-remote-gpu.md` at line 136, The port validation
regex in bin/lib/onboard.js currently allows any 1–5 digit number; update the
validation used in the onboarding logic (the regex/validation applied to the
"port" variable in the onboarding/input handling function) to only accept
0–65535 — for example replace the permissive /^[0-9]{1,5}$/ check with a
stricter check that enforces the numeric range (either a single regex enforcing
0-65535 or parseInt the value and assert 0 <= port && port <= 65535) and ensure
the validation error message remains clear.
2 participants
Summary
nemoclaw credentials listandnemoclaw credentials resetcommands in commands reference (feat(cli): add 'nemoclaw credentials' command for resetting stored keys #1597)--dry-runflag documentation forpolicy-add(fix(security): add --dry-run flag to policy-add for egress disclosure #1276)docker(fix: remove docker policy preset (#1406) #1647), addbraveandbrew, update HuggingFace endpoint (fix(policy): update HuggingFace endpoint and restrict Discord DELETE method #1540)NEMOCLAW_LOCAL_INFERENCE_TIMEOUTenv var for local providers (fix(inference): increase timeout for local providers to 180s #1620)NEMOCLAW_PROXY_HOST/NEMOCLAW_PROXY_PORTenv vars (fix(onboard): honor NEMOCLAW_PROXY_HOST/PORT env at sandbox build time (#1409) #1563)nemoclaw-user-*skills from updated docsTest plan
make docsbuilds without warnings🤖 Generated with Claude Code
Summary by CodeRabbit
New Features
nemoclaw credentials listcommand to display stored credential namesnemoclaw credentials reset <KEY>command with--yesflag to remove credentials--dry-runflag for policy-add to preview endpoint changesbraveandbrewNEMOCLAW_LOCAL_INFERENCE_TIMEOUT,NEMOCLAW_PROXY_HOST, andNEMOCLAW_PROXY_PORTDocumentation