Description
Description
The "Policy Tiers" table in docs/reference/network-policies.md (rendered at
https://docs.nvidia.com/nemoclaw/latest/reference/network-policies.html under
the "Policy Tiers" heading) lists the presets bundled with each tier. The
"Open" row omits the `wechat` preset, but `nemoclaw-blueprint/policies/
tiers.yaml` — the file the doc explicitly points to as the source of truth —
includes `wechat` in the `open` tier's preset list. A real `presets/
wechat.yaml` exists in the same tree and is fully wired.
Net effect: a reader who picks the "Open" tier on the basis of the docs will
silently get a sandbox that is allowed to egress to WeChat endpoints without
the docs having warned them.
Other rows of the same Policy Tiers table (Restricted, Balanced) match
tiers.yaml exactly; drift is isolated to the Open row.
Environment
Device: ipp2-1558 (10.176.178.100), x86_64 server, 32 vCPU / 125 GB RAM, NVIDIA A100 80GB PCIe
OS: Ubuntu 24.04.4 LTS (Linux 6.17.0-23-generic)
Architecture: x86_64
Node.js: v22.x (installed via nvm by NemoClaw installer)
npm: bundled
Docker: 29.5.0
OpenShell CLI: 0.0.39
NemoClaw: v0.0.44
OpenClaw: N/A (docs-only bug)
Steps to Reproduce
1. Open https://docs.nvidia.com/nemoclaw/latest/reference/network-policies.html
and scroll to the "Policy Tiers" heading.
2. Read the "Presets included" cell on the "Open" row of the tier table:
npm, pypi, huggingface, brew, brave when supported,
slack, discord, telegram, jira, outlook
3. Compare against the file the doc points to:
cat ~/.nemoclaw/source/nemoclaw-blueprint/policies/tiers.yaml
4. Confirm the `wechat` preset file exists:
ls ~/.nemoclaw/source/nemoclaw-blueprint/policies/presets/wechat.yaml
Expected Result
The presets listed in the Open row of the doc table exactly match the
`presets` array of the `open` tier in tiers.yaml. Every preset that the
tier file actually applies is named in the doc.
Actual Result
Step 2 (doc) — 10 presets:
npm, pypi, huggingface, brew, brave, slack, discord, telegram, jira, outlook
Step 3 (tiers.yaml) — 11 presets:
npm, pypi, huggingface, brew, brave, slack, discord, telegram,
wechat, ← missing from the doc
jira, outlook
Step 4: presets/wechat.yaml exists and is fully wired.
Doc is missing `wechat` from the Open tier's "Presets included" cell.
Logs
Not captured — documentation accuracy bug, no runtime logs.
Suggested Fix
Edit docs/reference/network-policies.md, Policy Tiers table, "Open" row,
"Presets included" cell to:
npm, pypi, huggingface, brew, brave when supported,
slack, discord, telegram, wechat, jira, outlook
Optional related nit (no separate bug): the baseline-policy "Network
Policies" table on the same page lists 5 endpoint groups (nvidia, clawhub,
openclaw_api, openclaw_docs, npm_registry). The actual openclaw-sandbox.yaml
defines a 6th group, `managed_inference` (host inference.local, used by the
OpenShell gateway to proxy inference traffic). It is an internal virtual host
so its omission is debatable, but listing it for completeness would prevent
a future reader from being confused when they grep the baseline YAML and see
a group that is not mentioned in the docs.
[added through MaaS NVBugs MCP server]
Bug Details
| Field |
Value |
| Priority |
Unprioritized |
| Action |
Dev - Open - To fix |
| Disposition |
Open issue |
| Module |
Machine Learning - NemoClaw |
| Keyword |
NemoClaw, NemoClaw_Docs, NEMOCLAW_GH_SYNC_APPROVAL |
[NVB#6186497]
Description
Description
Environment Steps to Reproduce1. Open https://docs.nvidia.com/nemoclaw/latest/reference/network-policies.html and scroll to the "Policy Tiers" heading. 2. Read the "Presets included" cell on the "Open" row of the tier table: npm, pypi, huggingface, brew, brave when supported, slack, discord, telegram, jira, outlook 3. Compare against the file the doc points to: cat ~/.nemoclaw/source/nemoclaw-blueprint/policies/tiers.yaml 4. Confirm the `wechat` preset file exists: ls ~/.nemoclaw/source/nemoclaw-blueprint/policies/presets/wechat.yamlExpected Result Actual Result Logs Suggested Fix [added through MaaS NVBugs MCP server]Bug Details
[NVB#6186497]