policy-list reports custom preset as inactive while active policy enforces it

[mcragun]

policy-list reports custom preset as inactive while active policy enforces it

Summary

After applying a custom network policy preset with nemoclaw <sandbox> policy-add --from-file, the custom policy is enforced correctly in the active sandbox policy, but nemoclaw <sandbox> policy-list reports the preset as:

recorded locally, not active on gateway

This is misleading during troubleshooting because nemoclaw <sandbox> status shows the same custom policy present in the active gateway policy, and the network behavior confirms it is enforced.

Environment

NemoClaw: v0.0.41
OpenShell: 0.0.39
Node.js: v22.22.2
NemoClaw checkout: 39e9b1f
Sandbox name: drclaw

Custom Policy Used

preset:
  name: slack-files-upload
  description: "Slack file upload URL access for image/file posts"

network_policies:
  slack-files-upload:
    name: slack-files-upload
    endpoints:
      - host: files.slack.com
        port: 443
        protocol: rest
        enforcement: enforce
        tls: terminate
        rules:
          - allow: { method: POST, path: "/upload/**" }
    binaries:
      - { path: /usr/local/bin/node }
      - { path: /usr/bin/node }
      - { path: /usr/bin/curl }

Repro Steps

1. Save the custom policy above as /home/mcragun/slack-files-upload-policy.yaml.

2. Apply it:

   nemoclaw drclaw policy-add --from-file /home/mcragun/slack-files-upload-policy.yaml --yes

3. Check the policy list:

   nemoclaw drclaw policy-list

4. Check the active policy:

   nemoclaw drclaw status

Expected Behavior

nemoclaw drclaw policy-list should show the custom preset as active when the active gateway policy contains the matching custom policy.

Actual Behavior

nemoclaw drclaw policy-list reports:

Policy presets for sandbox 'drclaw':
  ● brave — Brave Search API access
  ● brew — Homebrew (Linuxbrew) package manager access
  ○ discord — Discord API, gateway, and CDN access
  ○ github — GitHub.com and GitHub API access (git)
  ● huggingface — Hugging Face Hub, LFS, and Inference API access
  ○ jira — Jira and Atlassian Cloud access
  ○ local-inference — Local inference access (Ollama, vLLM) via host gateway
  ● npm — npm and Yarn registry access
  ○ outlook — Microsoft Outlook and Graph API access
  ● pypi — Python Package Index (PyPI) access
  ● slack — Slack API, Socket Mode, and webhooks access
  ● telegram — Telegram Bot API access
  ○ slack-files-upload — custom preset (recorded locally, not active on gateway)

But nemoclaw drclaw status shows the custom policy in the active gateway policy:

slack-files-upload:
  name: slack-files-upload
  endpoints:
  - host: files.slack.com
    port: 443
    protocol: rest
    tls: terminate
    enforcement: enforce
    rules:
    - allow:
        method: POST
        path: /upload/**
  binaries:
  - path: /usr/local/bin/node
  - path: /usr/bin/node

Additional Verification

The sandbox can reach the Slack upload host after the custom policy is applied:

openshell sandbox exec -n drclaw --no-tty -- curl -sS -o /tmp/slack-files-probe.txt -w "HTTP=%{http_code}\n" -X POST https://files.slack.com/upload/v1/probe

Output:

HTTP=401

That response is expected for a fake unsigned upload URL and confirms that the request is reaching Slack rather than being blocked by the sandbox policy/proxy.

Impact

This appears to be a display/state reconciliation issue rather than an enforcement issue. It can still cause confusion because policy-list is the natural command to confirm whether a custom preset is active, especially while debugging sandbox egress.

[wscurran]

✨ Thanks for submitting this detailed issue about the policy-list command reporting a custom preset as inactive while the active policy enforces it. This report identifies a problem with the sandbox policy management, which involves the NemoClaw CLI and OpenShell integration.